Techfest ’09




Oscar Kightly was the MC

Originally uploaded by Al404

I’m not Microsoft’s biggest fan, but I’m not going to turn down food, drink and entertainment at their expense! And to their credit, this was a good event.

I snapped a few pics on my camera phone, and they showed I’m well and truly past its limits in this sort of environment. A few people had SLRs, and I wish I’d taken mine as most concerts you can’t take that sort of equipment to. Maybe if I score a ticket next year as well…!

Katchafire, The Septembers, ElemenoP all put on solid performances, and the comedy act Ben Hurley was hilarious. Two thumbs up.

Full set is here.

Update: Some of my pics were added to the official Teched gallery.

Automatically update DansGuardian Filter Groups List from LDAP

Update 20th March 2011: Heath has made some modifications to the original script and made it more efficient, see the comments below.

Here’s a script I wrote today, which updates the filtergroupslist file of Dansguardian. If you’re using LDAP authentication and want to give different levels of protection to certain groups of users, you need to update the list somehow, as Dansguardian doesn’t support LDAP groups. See this page for more info on filter groups.

The school I wrote this for is a Novell eDirectory site, and it will require a bit of modification to work on other sites. In particular you will need to alter the parameters of the ldapsearch command (filter string, server name, user credentials). Other LDAP servers may not support the ufn attribute, which this is based on. If your directory is well maintained and up to date you would probably be better of using the uid attribute, but this particular school hasn’t populated it for all users yet (only users created with ConsoleOne and iManager populate the uid attribute by default). If you do use uid, be sure to remove the cut command.

ldapsearch outputs data in ldif format, which is difficult to use in scripts. The tool to use to convert this is awk, which unfortunately is a language I haven’t learnt yet. So I found a premade awk script which converts ldif2csv (from here), removed out all the attributes and replaced them with just ufn (you may want to use uid instead).

If you use this script and modify or improve it, I’d appreciate you contributing the modifications back, as they may be useful to others (myself included)!

updateFilter.sh

#!/bin/bash 
#
# Dansguardian filter group update script
# Alex Forbes, Edtech Ltd
# Updated 9th September 2009
#

## Variables
# Dansguardian filtergroupslist file
DESTFILE=/root/filtergroupslist-test
LOGFILE=/var/log/dansfgupdate.log

# LDAP settings
LDAPFILTER="(&(objectClass=Person)(|(groupMembership=cn=ALL-TEACHERS,ou=TCHR,o=HWK)(groupMembership=cn=ALL-ADMIN,ou=ADM,o=HWK)(groupMembership=cn=OESAdmins,o=HWK)))"

# Which filtergroup do you want the users to be a member of
FILTERGROUP=filter2

# Path to the awk script (converts the ldif file to parseable text). I modified one from
# http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-ScriptsAndTools.html
AWKSCRIPT=/opt/ldif2csv.awk
TMP=/tmp

# Dansguardian filter group list file
# Temp path, creates folder for the temp files. There are probably better ways of doing it.

# Make temp directories
WIP=$TMP/dgFilterUpdate
mkdir -p $WIP

# Header message
echo "## This file is automatically updated, any changes will be overwritten" > $WIP/4final
echo "## See /opt/edir2dansg.sh" >> $WIP/4final
echo "" >>$WIP/4final

# Perform LDAP search. Outputs ldif file.
ldapsearch -uxvA -H ldaps://fs2.howick.school.nz -b "o=HWK" -S '' -s "sub" -D cn=ldapauth,o=hwk -w password "$LDAPFILTER" ufn > $WIP/1ldif

# Picks out the ufn attribute using a modified awk script I found:
awk -F ': ' -f $AWKSCRIPT  $WIP/2txt

# Picks the first field of the ufn attribute to generate a clean list of users
cut -d, -f1 $WIP/2txt > $WIP/3userlist

# Add the values required to meet the dansguardian filter format
for u in `cat $WIP/3userlist`; do
	echo "$u=$FILTERGROUP" >> $WIP/4final
done

# Finally, copy the file to overwrite the dansguardian list.
# I've done a simple check to make sure the file isn't too small in case of error, but it could be handled better.
SIZE=`stat -c %s $WIP/4final`
if [ $SIZE -gt 2500 ]; then
	cp $WIP/4final $DESTFILE
	echo $(date +"%Y/%m/%d %H:%M"): Updated filter groups list "("size $SIZE bytes")" >> $LOGFILE
else echo $(date +"%Y/%m/%d %H:%M"): Output file is too small, list not updated >> $LOGFILE
fi

# Gentle reload of dansguardian
dansguardian -g

And the modified awk script, ldif2csv.awk:

BEGIN {
        ufn = ""
      }
/^ufn: /              {ufn=$2}
/^dn/ {
        if(ufn != "") printf("%sn",ufn)
        ufn     = ""
      }
# Capture last dn
END {
        if(ufn != "") printf("%sn",ufn)
}

Update 9-9-09: Fixed a few dumb mistakes.

Simple File Backup to Email Script

Here’s a file backup script I installed for a client. The original outline came from a post on the ubuntu forums (I forget where exactly), but it’s simple enough. It creates an archive in /tmp, zips it up, emails it then deletes the archive. If your target is a linux computer then it makes more sense to gzip it by adding a “z” to the tar options (i.e. tar -czf) and removing the zip line.

#!/bin/bash
#
# Simple file backup script, creates archive in /tmp and emails it.
#
# Software required:
#  zip
#  tar
#  mutt

# Variables
[email protected]
SOURCE="/home/user1 /home/user2"
SERVERNAME=server.example.com
MAIL=`which mutt`
ZIP=`which zip`
DATE=`date +%Y_%m_%d`
FILE=myfiles-$DATE.tar
DESTINATION=/tmp/$FILE
ZIPFILE=$DESTINATION.zip

# Actions
tar -cf $DESTINATION $SOURCE 2> /dev/null
$ZIP $ZIPFILE $DESTINATION
$MAIL -a $ZIPFILE -s "Backup for $DATE" -s "$SERVERNAME backup $DATE" $MAILADDR < /dev/null
rm $ZIPFILE $DESTINATION

For mutt to work you need an MTA (mail transport agent) such as postfix. If it’s not installed and you don’t need it for anything else, configure it as a satellite system (the Ubuntu/Debian packages prompt you on install and satellite system is an option). This prevents spammers from using it as a relay, and ensures the mail goes to your real mail server.

Don’t visit al4.com …

Noticed today that my .com namesake is an adult search/spam site, and since it was registered in 2002 it probably has been for a while. The main reason is of course because it’s a 3 letter domain (visit any 3 letter .com domain and it’s guaranteed to be registered).

Messing with the N900

Apparently Nokia believes the mobile network carriers won’t be interested in selling the N900 because it won’t let them mess with the operating system.

Strangely enough, this is one of the reasons why I will be buying one.

Also interesting to see that Nokia doesn’t consider the N900 to be the “next generation” of computers. That honour is reserved for their fifth generation tablet – the model after the N900.

Camera News

I doubt you’re reading this blog for the news, but there have been some recent announcements that will be of interest if you have more than a passing interest in photography.

  • The Canon EOS 7D looks like a nice step up from the 50D. It packs 18MP, so it will be interesting to see what the high-iso shots are like. Since Canon is apparently expanding its range of cameras with APS-C sized sensors, we should see more EF-S lenses, indeed two new ones were announced at the same time.
  • Also the Panasonic GF1, that equivalent to the Olympus E-P1 I was waiting for, has hit the announcements board. This really looks like a camera worth buying, and instantly rules out the E-P1 for me, assuming the price isn’t any higher. I still can’t decide whether to go for a micro four thirds (MFT) camera over an advanced fixed-lens camera (LX3 / S90 / G11) though.

N900 w/ Maemo 5 – this will be my next phone

At the risk of turning into Engadget, I just have to say that I want one of these. And I mean really really want. But calling it a phone is a bit like calling a desktop PC a word processor.

Aside from being a true mobile computer which leaves the iphone for dead, it is powered by a completely uncrippled, unrestricted Linux distribution – Maemo 5 (which was released just 4 days ago, announcement here, more at gsmarena.com). This means there is no need to “jailbreak” your phone to run the applications you want – you are encouraged to do with the hardware whatever you like. There is no one whose permission you have to ask to write or install software on Maemo, you can just do it. Unlike Android, Maemo runs native code which should theoretically allow higher performance.

Currently my phone is a Nokia N78, a nice and simple Symbian S60 device. I call it a phone too, as while it can do other things, it’s primarily a cell phone and the interface is geared that way. Symbian has served us well, but was conceived in a time where phones and PDAs had a pretty narrow range of use cases, and it shows. Now days the traditional cell phone has evolved into a general purpose computing device, and this requires a much more powerful operating system.

In my opinion the N900 is a huge step towards the future of computing. Maemo devices won’t be replacing desktop PCs any time soon, but this is a huge step towards it happening, and many people have no need for anything beyond the capabilities of this device. The release is set for October, and assuming the price is in line with previous Nokia tablets I’ll probably get one fairly quickly. The N800 was already a solid if somewhat “nichey” product, and its main limitation was the lack of 3G / cell wireless. So given these ingredients, how could Nokia stuff this up?

Skype was supported on the N800, but its last update was December 2007. It could be the killer app for these devices, which will finally relegate network operators to the dumb pipes they should be. But if we see it blocked again as it was for Symbian, or crippled to only work over wifi as on the iphone, there’s always Google talk.

Personally I think Linux usage overtaking Windows on personal computing devices is inevitable, and this is how it’s going to happen (although the capabilities of the N900 will have to move down to a much lower price point first). We’ll see if I’m right in 5-10 years time.

gsmarena_003

E-P1, and new Canons with less pixels!

I posted a while back about the then yet-to-be-released Olympus E-P1. Since then it’s been reviewed by practically every major site, and generally the reviews have been very favourable. But it takes good pictures and has no competition, so of course they would be. This is a new class of camera which clearly takes much better pictures than a point ‘n shoot but lags way behind DSLRs in many respects, particularly in speed and focusing (and to a much lesser degree image quality). Maybe my expectations were a bit high, but I did expect startup times, focusing speed and general performance to be better than bargain basement plastic fantastic cameras.

I think this class of camera will improve a lot once competition starts, and I’m particularly interested to see what Panasonic, who also make micro four thirds cameras, will release. It would also be good to see Canon and Nikon come up with similar compact non-SLR large-sensor camera systems. So for now I’ll stick with my trusty 40D.

Review links:

Canon also recently refreshed their compact lineup, and two of the new models are of particular interest.

The S90 looks like a decent competitor to the LX3, as it also has an f/2.0 lens and a similar pixel density but a larger zoom – a more conventional 28-105mm as opposed to the LX3’s 24-60mm. The reviews will be very interesting once the embargo on this one is lifted.

The G11 also looks like a big step forward. This one actually has a third less megapixels than the model it replaces, the G10. It seems marketing has finally listened to engineering, and they’ve decided to reduce the resolution in order to provide better light sensitivity instead of cramming in more noisy pixels than we need. Bravo!

So after drooling after the LX3 and then the E-P1, I now don’t have a clue what my next camera will be. But I like where things are heading.

Penny Auctions, take 2

I was fairly diplomatic in my earlier blog post about penny auction site grabaid. While it looked a bit sus, I’m wary of jumping to conclusions and calling something a scam when it could be legitimate.

I’ll not make this mistake twice.

Penny auction sites, which seem to be popping up all over the place these days, are little more than a scam. If you bid, you will lose. This includes, but is not limited to:

  • grababid.co.nz (and .co.uk .com etc)
  • swoopo.com
  • ipennybid.com
  • bidrivals.com
  • planetbid.co.nz

If you’re considering bidding on one of these sites, I highly recommend you read the following posts:

Don’t be sucked in.

Jury Duty – A Majority Verdict

I was summoned for jury duty recently, and ended up getting on a trial. The accused was an older man who was answering several charges of indecent assault.

What made this situation somewhat unique is that the crown case was based on little more than the allegations of the complainant (actually this may not be all that unique). The defense lawyer was rather successful in showing the good character of the accused, while discrediting the testimony of the complainant. It would be fair to say there were some significant inconsistencies, and much of the story just didn’t stack up.

In the end I felt that most of the charges the crown laid against him were improbable, which is a long way from guilty beyond all reasonable doubt, and thus I voted firmly for not guilty in the jury room. A couple of the others initially voted not sure for some of the charges, but none of their arguments proved the charges beyond reasonable doubt, so they were happy voting not guilty in the end.

One jury member however voted guilty, and would not be swayed. He saw it in black & white – i.e. you either believe the testimony of the complainant or the accused. Having heard all the evidence last week (only the closing addresses were made today) he decided over the weekend that he believed the story, and that would be his position.

The problem with his position, was that he himself admitted there was doubt (which seemed reasonable to the rest of us), and that he couldn’t be sure. How then can you find the accused guilty? He obviously held firm beliefs, but I think those beliefs did not allow him to be impartial, and that he was acting contrary to the law. In fact he appeared to have issues with the judicial process and the whole concept of reasonable doubt.

In the end, what should have been a 1 hour deliberation turned into 4, which is the minimum amount of time required before a majority verdict can be considered. It is frustrating when you have a jury member that can not be swayed be rational argument (to say the least), and really it should have been unanimous as he clearly had reasonable doubt! He certainly could not make a good argument himself, and in the very least he should have been able to say what aspect of the crown’s case convinced him.

So it would be an understatement for me to say that I am grateful for the recent law change that allows majority verdicts. It still requires a majority of 11 to 1, but it mitigates situations like ours where one juror stubbornly refuses to listen to reason.

If you ever get summoned for jury duty I recommend doing it if you haven’t before (apparently the response rate is something like 1 in 10). I was probably quite lucky with my trial in that the charges, while serious, were not of the kind that makes you reel in horror, and the complainant did not appear to be traumatised much at all (if I had to listen to days of disgusting evidence about someone that was clearly guilty this would be a very different blog post). This case will certainly stick in my mind for a long time, but I’m comfortable we made the right decision.