Compiling Mono 2.0.1 on Ubuntu Gutsy Server 8.04

I didn't want to use the aging Mono version present in Ubuntu Server 8.04, so I set out to compile Mono 2.0 (and subsequently 2.0.1, via the same process). This turned out not to be too bad.

First, install the requisite packages:

aptitude install build-essential swig autoconf gawk mono-common binfmt-support bison pkg-config libglib2.0-dev

Yes, that's not a typo--you do want one of Ubuntu's Mono packages, mono-common. This will enable shell execution of Mono executables via ./ notation rather than having to execute "mono /path/to/executable."

Once you are done, download and unpack the source for Mono. This will get you 2.0.1:

wget http://ftp.novell.com/pub/mono/sources/mono/mono-2.0.1.tar.bz2
tar xf mono-2.0.1.tar.bz2

Now you are ready to build and install Mono (the make step will take a while):

cd mono-2.0.1
./configure --with-libgdiplus=no
make
make install

Lastly, you need one symlink so the binfmt-support package can execute Mono executables directly via the shell:

ln -s /usr/local/bin/mono /usr/bin/cli

That's it. Typing the command "mono -V" should yield the about information for Mono 2.0.1. Follow the instructions under "Testing the Mono installation" and confirm you can not only build and execute the example.exe application, but that you can execute it with ./ notation (e.g. ./example.exe).

Cheers!

FreeMind manual installation in Ubuntu Hardy 8.04

So you like the mind mapping software FreeMind, but the distribution package for Ubuntu 8.04 is hideously out of date. Your solution awaits... simply by installing FreeMind from source. While this is fairly easy to follow, there is some complexity with getting full desktop integration. I am including the steps I followed, but if you scroll all the way to the bottom, you can find a compiled archive with 0.9.0 beta 17 included with a script to do all the work referenced in the article.

First, you need a few packages (if you are going to use the version of FreeMind I compiled below, you do not need sun-java6-jdk):

sudo aptitude install sun-java6-jre sun-java6-fonts sun-java6-jdk

Now download FreeMind. I recommend the latest beta version, found here. You will also need to download Apache Ant. There is an Ant package in the Hardy repositories, but it is broken, so you will need the binaries directly from Apache. I used 1.7.0, the latest version available at the time of this article.

Unpack Ant and copy it to its destination (execute the following in a terminal wherever you placed the downloaded Ant archive):

tar xf apache-ant-1.7.0-bin.tar.bz2
sudo mkdir /usr/local/ant
sudo mv apache-ant-1.7.0/* /usr/local/ant

Set up Ant's environment variables:

gksu gedit /etc/rc.local

# In gedit, append the following to this file before "exit 0":

export ANT_HOME=/usr/local/ant
export PATH=${PATH}:${ANT_HOME}/bin

Reboot for the above to take effect, or just execute the two export commands within your current terminal. Now you are ready to compile FreeMind. Unpack it and build it with Ant:

tar xf freemind-src-0.9.0_Beta_17.tar.gz
cd freemind
ant

Now copy the built contents of the dist folder into /opt/freemind, and set up the executable:

sudo mkdir /opt/freemind
sudo cp -R ../bin/dist/* /opt/freemind
sudo chmod +x /opt/freemind/freemind.sh
sudo ln -s /opt/freemind/freemind.sh /usr/local/bin/freemind

Congratulations, you can now run FreeMind by simply typing the command: freemind

The harder part was registering the x-freemind MIME type and getting Gnome to open .mm files with a double-click (and having an icon assigned to those files!). For the MIME type, there are two existing conflicting MIME types you will have to get rid of: x-troff-mm and x-matlab. As I have no use for these applications, this is not a problem for me. These are defined in /usr/share/mime/packages/freedesktop.org.xml, and you have to comment out the nodes as follows:

<!--
<mime-type type="text/x-matlab">
 <sub-class-of type="text/plain"/>
 <comment>MATLAB script/function</comment>
 <comment xml:lang="bg">Скрипт/функци� — MATLAB</comment>
 <comment xml:lang="ca">script/funció MATLAB</comment>
 <comment xml:lang="cs">Skript/funkce MATLAB</comment>
 <comment xml:lang="de">MATLAB-Skript/-Funktion</comment>
 <comment xml:lang="en_GB">MATLAB script/function</comment>
 <comment xml:lang="es">script/función de MATLAB</comment>
 <comment xml:lang="eu">MATLAB script/funtzioa</comment>
 <comment xml:lang="fi">MATLAB-skripti/funktio</comment>
 <comment xml:lang="fr">script/fonction MATLAB</comment>
 <comment xml:lang="hu">MATLAB parancsfájl/funkció</comment>
 <comment xml:lang="it">Script/Funzione MATLAB</comment>
 <comment xml:lang="ja">MATLAB スクリプト/関数</comment>
 <comment xml:lang="ko">MATLAB 스�립트/함수</comment>
 <comment xml:lang="nb">Skript/funksjon for MATLAB</comment>
 <comment xml:lang="nl">MATLAB-script/functie</comment>
 <comment xml:lang="nn">MATLAB-skript/funksjon</comment>
 <comment xml:lang="pl">Skrypt/funkcja MATLABa</comment>
 <comment xml:lang="pt_BR">Script/função do MATLAB</comment>
 <comment xml:lang="sv">MATLAB-skript/funktion</comment>
 <comment xml:lang="uk">Сценарій/функці� MATLAB</comment>
 <comment xml:lang="vi">Văn lệnh/chức năng MATLAB</comment>
 <magic priority="10">
   <match value="%" type="string" offset="0"/>
 </magic>
 <magic priority="50">
   <match value="function" type="string" offset="0"/>
 </magic>
 <glob pattern="*.m"/>
 <alias type="text/x-octave"/>
</mime-type>
-->


...and....

<!--
<mime-type type="text/x-troff-mm">
 <sub-class-of type="text/plain"/>
 <comment>Troff MM input document</comment>
 <comment xml:lang="bg">Изходен документ — Troff MM</comment>
 <comment xml:lang="ca">document d'entrada Troff MM</comment>
 <comment xml:lang="cs">Vstupní dokument Troff MM</comment>
 <comment xml:lang="da">Troff MM inddata-dokument</comment>
 <comment xml:lang="de">Troff-MM-Eingabedokument</comment>
 <comment xml:lang="el">έγγ�αφο/π�όγ�αμμα εντολών troff MM</comment>
 <comment xml:lang="en_GB">Troff MM input document</comment>
 <comment xml:lang="eo">eniga dokumento de Troff MM</comment>
 <comment xml:lang="es">documento de entrada Troff MM</comment>
 <comment xml:lang="eu">Troff MM sarrerako dokumentua</comment>
 <comment xml:lang="fi">Troff MM -syöteasiakirja</comment>
 <comment xml:lang="fr">document d'entrée Troff MM</comment>
 <comment xml:lang="hu">Troff MM bemeneti dokumentum</comment>
 <comment xml:lang="it">Documento di input Troff MM</comment>
 <comment xml:lang="ja">Troff MM 入力ドキュメント</comment>
 <comment xml:lang="ko">Troff MM input 문서</comment>
 <comment xml:lang="lt">Troff MM įvesties dokumentas</comment>
 <comment xml:lang="ms">Dokumen input Troff MM</comment>
 <comment xml:lang="nb">Troff MM-inndatadokument</comment>
 <comment xml:lang="nl">Troff MM-invoerdocument</comment>
 <comment xml:lang="nn">Troff MM inndata-dokument</comment>
 <comment xml:lang="pl">Dokument wejściowy Troff MM</comment>
 <comment xml:lang="pt">documento origem Troff MM</comment>
 <comment xml:lang="pt_BR">Documento de entrada Troff MM</comment>
 <comment xml:lang="sq">Dokument input-i Troff MM</comment>
 <comment xml:lang="sr">Troff MM улазни документ</comment>
 <comment xml:lang="sv">Troff MM-indatadokument</comment>
 <comment xml:lang="uk">Вхідний документ Troff MM</comment>
 <comment xml:lang="vi">Tà i liệu nhập MM Troff</comment>
 <comment xml:lang="zh_CN">Troff MM 输入文档</comment>
 <glob pattern="*.mm"/>
</mime-type>
-->

You then need to add a file at /usr/share/mime/packages/freemind.xml with the following contents:

<?xml version="1.0" encoding="UTF-8"?>
<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
<mime-type type="application/x-freemind">
 <comment>FreeMind Mind Map</comment>
 <glob pattern="*.mm"/>
</mime-type>
</mime-info>

Once you have edited/created these files, you need to update the MIME database:

sudo update-mime-database /usr/share/mime

To assign icons to the FreeMind .mm files, It turns out you have to create 48x48, 32x32, and 24x24 icons (PNG files) for FreeMind, copy these to /usr/share/icons/gnome under the appropriate size-named folders, and then update the icon cache. I used GIMP to create the icons based on an svg icon that came with the FreeMind source package. Each icon PNG must be named gnome-mime-application-x-freemind.png. To update the icon cache once these are in place:

sudo gtk-update-icon-cache --force gnome

Once you are done, log out and back in, and enjoy your FreeMind goodness.

NOW, if that all seems a bit much... I have created an archive containing a script that does everything except set up the main menu item pointing to FreeMind. It contains a version of FreeMind 0.9.0 beta 17 I compiled (on 64-bit Ubuntu, so this may or may not work on 32-bit versions) along with the modifications to the MIME types and the icons I created.

Download it here: freemind-0.9.0_Beta_17.tar.bz2

Integrating Ubuntu Hardy Heron 8.04 with Active Directory

I have three primary goals with integrating Ubuntu Server with Active Directory:

• Join the server to the domain
• Allow domain admins to be Ubuntu Server administrators
• Allow Windows clients in domain groups access to Samba shares

Goal #1: Join the Server to the Domain

Thanks to this post for helping with this portion. The steps are:

1. sudo apt-get update
2. sudo apt-get install likewise-open
3. sudo domainjoin-cli join fqdn.of.your.domain Administrator
4. sudo update-rc.d likewise-open defaults
5. sudo /etc/init.d/likewise-open start

Goal #2: Allow Active Directory Domain Administrators to Administer Ubuntu

Ubuntu Forums to the rescue... thanks, gotee12. This will allow members of the Domain Admins AD group to issue sudo commands. From a command prompt:

1. visudo
2. Add this line to the resulting file:

%YOURDOMAINNAME\\domain^admins ALL=(ALL) ALL

Note the carat symbol to substitute for spaces.

Goal #3: Allow Windows Clients in Domain Groups to Access Samba Shares

*** UPDATE *** My friend Chris got the plumbing to wire up Likewise Open with Samba figured out. Good grief, this was opaque:
http://chrplunk.blogspot.com/2008/06/allow-windows-clients-in-active.html

Now you have to set up your shares. The shares are defined as individual text files under /var/lib/samba/usershares. Create a file in this folder named with the name of the share (e.g. "test") and contents like the following, but be careful--match the spaces and casing with nothing extra, and **make sure the file name is in all lowercase regardless of the casing of the share name**:

#VERSION 2
path=/path/to/shared/folder
comment=
usershare_acl=<Group SID>:<access modifier>
guest_ok=y

For example:

#VERSION 2
path=/testShare
comment=
usershare_acl=S-1-1-0:F
guest_ok=y

To get the SID of the group that will have access to enter in the usershare_acl row, execute:

wbinfo -n "DOMAIN\group"

(S-1-1-0 is Everyone.)

The access modifiers after the group SID are as follows:

• R - read-only
• F - full access
• D - deny access
  

The last thing you need do is to set the permissions on the shared folder itself. I found it easiest to give world-writable permissions to the folder, as it seemed not to dereference my group memberships at the folder permission level (unlike Samba at the share level). So:

chmod -R 0777 /path/to/shared/folder

If anyone knows how to get the group security to work at the folder level so it need not be world-writable, I'd appreciate a comment. I tried:

chgrp -R 'DOMAIN\group' /path/to/shared/folder
chmod -R 2770 /path/to/shared/folder

...but I kept getting access denied.

*** UPDATE 2 *** I had to grant read access to everyone for the usershares folder to avoid 'cannot stat' errors by ordinary users:

chmod o+r /var/lib/samba/usershares

Original post for this section follows:

Oooh, I haven't managed to get this one to work. I can issue successful commands like the following while logged on to the Ubuntu machine with my domain credentials:

smbclient -k -L //dmsc01
OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2]

   Sharename       Type      Comment
   ---------       ----      -------
   C$              Disk      Default share
   IPC$            IPC       Remote IPC
   ADMIN$          Disk      Remote Admin
OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2]

   Server               Comment
   ---------            -------

   Workgroup            Master
   ---------            -------

So SOMETHING's working, but I can't manage to get remote machines to connect to hosted shares. I've tried the following smb.conf (key lines included):

workgroup = mydomain
security = ads
realm = MYDOMAIN.LOCAL
encrypt passwords = yes
idmap uid = 10000-40000
idmap gid = 10000-40000
template homedir = /dev/null
template shell = /bin/false
winbind separator = \
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 300
winbind nested groups = yes

#=====================Shares====================
[tmp]
path = /tmp
browseable = yes
writeable = yes
guest ok = no

All I get when attempting to connect, however, is errors like the following in the client logs:

[2008/05/05 10:27:14, 1] libads/kerberos_verify.c:ads_secrets_verify_ticket(237)
ads_secrets_verify_ticket: failed to fetch machine password
[2008/05/05 10:27:14, 1] smbd/sesssetup.c:reply_spnego_kerberos(316)
Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!

And from the log.winbindd-idmap:

[2008/05/05 10:25:11, 1] nsswitch/idmap_tdb.c:idmap_tdb_alloc_init(397)
idmap uid range missing or invalid
idmap will be unable to map foreign SIDs
[2008/05/05 10:25:11, 0] nsswitch/idmap.c:idmap_alloc_init(750)
ERROR: Initialization failed for alloc backend, deferred!

Any ideas?

Infrequent IP address changes and No-IP

I use No-IP to provide dynamic DNS services so I can have remote access to my machine at home. However, the No-IP client doesn't send updates when my IP address doesn't change, and with my provider it tends to not change for quite some time. This causes No-IP to send me warning messages that my host is going to be deactivated from inactivity. In these notices, there is a link you can click to keep your host alive with its current IP. That got me thinking how I could force a periodic update.

I wrote the following script, pagecheck, to allow fetching an arbitrary web page and checking for some simple content in the page output:

#!/bin/bash
#Gets a web page and searches it for the specified text; if not found, or if a wget error results, returns
#an error code and prints error text.
#Arthur Penn - 16 Apr 2008

if [ $# -ne 2 ]; then
echo "pagecheck \"URL to page\" \"Success text to expect\""
exit 1
fi

PAGE=$(wget --no-verbose -O - "$1" 2>&1)
RC=$?
if [ 0 -eq $RC ]; then
SUCCESS=$(echo "$PAGE" | grep "$2")
if [ -n "$SUCCESS" ]; then
exit 0
else
echo "Did not find success message of \"$2\" in $1:"
echo "$PAGE"
exit 1
fi
else
echo "$PAGE"
exit 1
fi


This uses wget to fetch the web page and look for the content, and only prints output when it encounters problems. This makes it suitable for cron jobs. I added this script to /usr/local/bin (save it to a text file, and then: sudo cp pagecheck /usr/local/bin && sudo chmod +x /usr/local/bin/pagecheck). I then added the following script into the /etc/cron.monthly folder so it gets run once per month (don't do this more often to avoid excessive No-IP updates):

#!/bin/bash
# Touches the no-ip.com host dialog to confirm that the URL is still in use
/usr/local/bin/pagecheck "http://www.no-ip.com/hostactive.php?host=myhost&domain=noipdomain.net" "Update Successful"


T0 use this, you need to update the portions in red to match your No-IP domain (e.g. if your No-IP domain is fred.atx.net, the host would be "fred," and the domain would be "atx.net."

Since doing this, I haven't gotten any of the host deactivation messages from No-IP.

Ubuntu rkhunter configuration

I recently added rkhunter, a rootkit detection utility, to my Ubuntu installation. After doing so, I started picking up warnings from cron during its daily scan:

Warning: Found enabled inetd service: /usr/sbin/vmware-authd
Warning: Hidden directory found: /etc/.java
Warning: Hidden directory found: /dev/.static
Warning: Hidden directory found: /dev/.udev
Warning: Hidden directory found: /dev/.initramfs
Warning: Hidden file found: /dev/.tmp-2-0: block special (2/0)

Research indicates that these particular warnings are spurious--I know I have VMware running, and the others seem to be facets of the way Ubuntu is constructed. To suppress them, I added the following lines to /etc/rkhunter.conf:

ALLOWHIDDENDIR=/etc/.java
ALLOWHIDDENDIR=/dev/.static
ALLOWHIDDENDIR=/dev/.udev
ALLOWHIDDENDIR=/dev/.initramfs
ALLOWHIDDENFILE=/dev/.tmp-2-0
INETD_ALLOWED_SVC=/usr/sbin/vmware-authd

GnuCash 2.2 on Ubuntu Gutsy - with OFX Direct Connect!

When I started running Ubuntu Gutsy (7.10) about a month and a half ahead of its release this week, its GnuCash package was still in the 2.0 series, and I wanted to run 2.2. While 2.2 is now in the official repositories, I understand that a licensing issue prevents the Ubuntu GnuCash package from shipping with OFX Direct Connect enabled (it will import qfx/ofx files but not connect directly to financial institutions to retrieve transactions, as one of mine requires). So, with both of these goals in mind, I set out to build my own GnuCash 2.2 with OFX Direct Connect. Unfortunately, this process is not for the average user...

Building GnuCash

First, get a terminal open and install all the dependencies for this process:

sudo aptitude install libktoblzcheck1-dev libqt3-mt-dev libofx-dev libxml2-dev libgconf2-dev guile-1.6-slib guile-1.6-dev libglib2.0-dev libgtk2.0-dev libgnomeui-dev libgoffice-0-dev libgtkhtml3.8-dev libgwenhywfar38-dev slib gettext devscripts build-essential

Whew! Now we need to build libchipcard3-3.0.3, a dependency of the aqbanking library we will build later. This has no dependencies. For the uninitiated, this process consists of unpacking the archive and then executing the following in a terminal:

cd [folder in which you unpacked libchipcard]
./configure
make
sudo make install

That done, we build aqbanking 2.3.2. This is similar to building libchipcard above, but you have to pass some arguments when running the configure step:

./configure --with-frontends="cbanking g2banking qbanking"

Now download and unpack the latest GnuCash 2.2 source. You are looking for the latest archive starting with just "gnucash." Go through the same process again, except do the following for the configure step:

./configure --enable-ofx --enable-hbci

Configuring OFX Direct Connect

That's it--once you are done, you should have a shiny installed GnuCash 2.2 with OFX Direct Connect support (you will have an Actions > Online Actions menu). Next comes the frustrating process of figuring out how to connect to your bank! This is where applications like Quicken and Microsoft Money have done the hard work for you and baked in all these details. Unfortunately, it is somewhat difficult to find out the parameters you need to pass from the Direct Connect interface to get a successful download. The GnuCash wiki has a nice article that details some of the settings and contains instructions for downloading a script that will pull down the raw information about thousands of financial institutions. Follow these instructions to get the configuration information about your bank.

Add a User

Once you have this done and have located the details for your financial institution, in GnuCash, go to Tools > Online Banking Setup. The Online Banking Setup Wizard will launch. Click the Forward button until you see the button labeled Start Aqbanking Wizard, and click it. In the AqBanking Wizard, go to the Users tab and click New.

Here's where the guesswork begins. Many fields exist in the wizard that may or may not be used by your particular institution. For example, for Charles Schwab, I put my online login (user) name in all three of the User name, User Id, and Customer Id fields. If you are downloading transactions from a bank account, put your bank's ABA routing number (the number at the bottom left of your checks) in the Bank Id field, and specify the country of your bank. For my credit card, I did specify the country, but put arbitrary text in the Bank Id field (I probably could have left it blank).

Now let's move on to the OFX tab. Using the information downloaded about your financial institution, enter any of the FID, ORG, and Broker Id values that the institution is using (there will be values for those nodes in the downloaded XML file). Put the OFX server URL in the Server URL field in its complete https:// format. It doesn't seem to matter if you specify HTTP 1.0 or 1.1, and in fact with the version of the code I compiled, it always saves it as 1.0 regardless of what I do.

For the checkboxes at the bottom, typically just check the following and then click the Get Accounts button:

• Supports Account List Download
• Supports Statement Download
• (and, if a credit card) Send Empty Bank Id
  

You will be prompted for your password, and then it should pull down all the settings for the account(s) you have at that institution under the Accounts tab. You may wish to review what it downloaded and poke around in these settings, but I can't give any specific advice.

Downloading Transactions

Once you have set up your institutions and accounts, you are ready to download. NOTE: some institutions (like Chase) have a setting in your online (not GnuCash) account configuration to enable OFX download before any of this will work. To get your transactions, open the account in GnuCash and click Actions > Online Actions > Get Transactions. When downloading for the first time, you may be prompted to accept the SSL certificate of the site, and you WILL be prompted to associate the GnuCash account with the OFX account you set up. Once you have done this, for subsequent downloads, just open the GnuCash account, go to the Get Transactions as above, and key in your password (the application does not store passwords).

I hope this helps someone. While not for the faint of heart, it IS possible to have GnuCash downloading transactions directly from your bank/credit card company without any intervening file downloads.

Ubuntu 7.10 Keyboard Shortcuts in compiz (Appearance > Visual Effects)

I love the eye candy compiz provides in Ubuntu 7.10. (To enable this, go to System > Preferences > Appearance, and on the Visual Effects tab, turn on Normal or Extra effects.) However, as a keyboard shortcut nut, I lamented the fact that enabling these horked all my non-standard application launch shortcuts I had entered into gconf-editor. I dug around and figured out how to fix them. (Gripe: KDE handles this configuration waaaay better.)

1. Run gconf-editor (Alt+F2, and type gconf-editor in the dialog box).
2. Drill down to apps | compiz | general | allscreens | options.
3. There are a series of commandx keys (command0 through command11). Pick any empty one(s) and type the command to start the application(s) you desire, e.g. for command0: speedcrunch
4. For any commandx you entered, find the corresponding run_commandx_key node further down the screen. Type the keystroke you desire to trigger running the command. Special keys are:
   
1. Control: <Control>
2. Alt: <Alt>
3. Windows key: <Super>
4. Shift: <Shift>
   

So, to set the key sequence Windows+Alt+s to launch SpeedCrunch in the example above, I would type (not press) the following in run_command0_key: <Super><Alt>s

Does anyone know how to represent the escape key? It used to be "Escape", but that doesn't seem to work with any of the combinations I tried.

** UPDATE 15 Oct: I learned that you can more naturally set the shortcut commands and keystrokes by installing the compizconfig-settings-manager package. Once installed, this is accessed via the System > Preferences > Advanced Desktop Effects Settings menu entry.

Under its Command options, you can enter the commands that get stored in the commandx keys above. Then on the Actions tab under the Commands section, you can click in the Key column and type in the keystroke you wish to set for each command. I still had problems getting the Ctrl+Shift+Escape keystroke mapped, but for many keystrokes this is much easier.