ManiacMartin

Packt Publishing's Book on lighttpd

The kind people at Packt Publishing have requested that I review their new book about lighttpd. Unfortunately, I cannot comment on how good the book is until it arrives and I have a chance to read it, but they do have a sample chapter_(pdf) online to look at. Watch this space

Also, Happy New Year to all my readers

Stripping Headers in Postfix

How to hide Received headers when relaying emails - handy when you trust an authenticated user who shares an IP with a known spammer.

I've been given a Nokia 6120, and have a three PAYG SIM card in it, with which I plan to use the £5 for 2GB within a month addon every month. However, SpamAssassin gave all emails from my phone a high spam rating. A closer look revealed that three's internet access NAT gateway IPs are on spam blacklists, therefore I needed to strip the Received: header containing three's gateway IP.

In Debian, first apt-get install postfix-pcre
Then add to the end of /etc/postfix/main.cf the line:
header_checks = pcre:/etc/postfix/header_checks

The file /etc/postfix/header_checks should contain Perl regular expressions and what they should be rewritten to. The following rule will satisfy SpamAssassin by changing the Received header to an X-Received:
/^(Received: .*mia\.three\.co\.uk.*)/ REPLACE X-$1

However, there may be badly implemented spam filtering software that just greps all headers for bad IPs, so to be on the safe side I stripped the recieved line totally:
/^(Received: .*mia\.three\.co\.uk.*)/ REPLACE X-Recieved: Authenticated phone or internet dongle on three network

This is a white lie though, as any email from three's mobile internet access gets this header, not just 'authenticated' ones, but since I'm not an open relay, the only people who can recieve these messages are users on my local box. A small price to pay to enable emails that I send on mobile to not me put in Junk. It might well be a good idea to implement this whatever your mobile internet provider is, a single bad customer could put your shared IP there on a blacklist

Royal Mail and User Agents

So I've finally tracked down why Royal Mail's website looks horrible in Firefox on Linux. They sniff user agents and if it isn't one of their 'supported' browsers then they send different HTML that doesn't render properly.

Not only are they incapable of writing web pages that work across multiple browsers, they actually check for Firefox on Windows. If you have Firefox on Linux, which has the exact same Gecko engine, then you get sent the HTML which doesn't render properly. If you spoof your user agent, then all is fine.

Not only is this a big oversight, but it seems silly to go to all the trouble to sniff the user agents, if the HTML they send to unsupported browsers doesn't render correctly in any web browser anyway?

I have sent an email, but don't expect a reply, nor that they'll heed my suggestions.

Asterisk iCal Reminders

If you're anything like me, you've probably missed appointments due to your bad memory. Well now there's now excuse, you can use your trusty basic phone to recieve reminders with reminder calls from Asterisk.

My new script, AsteriCal, will poll your Google Calendar's iCal URL and call you to remind you of upcoming events. Find out more here

It's written in Python, and communicates with Asterisk by placisng call files in Asterisk's outgoing calls spool directory.

Dial No to 0870

You may have heard of the site Say No To 0870. It's a UK database of mappings of Company Names and their 0870/0844/0845 numbers to their geographic equivalents. Using the geographic equivlalents is a good idea - they're cheaper and included in a lot of plans' free minutes. Some companies can detect people calling their geographical numbers. Prefixing the number with 141 to withhold your number sometimes beats the system; sometimes it doesn't.

I thought it'd be a good idea to integrate the Say No To 0870 database with my Asterisk PBX, so that when I dial a number beginning with 08, Asterisk will actually call the geographical number with my Trunk provider. I achieved this using Asterisk AGI and Python. I screenscraped the Say No To 0870 website (theres no API, nor did they reply to my email) and untangled the HTML with Beautiful Soup.

If an 08 number has no entry, it just gets dialled. If there is an entry, it presents the user with a looping menu asking them to press 1 for the geographical number or 2 to dial the 08 number (in case the destination is smart, or the Say No To 0870 database is wrong). The script only considers the Main (Verified) numbers in the site's blue search results box.

You can view the script or, in Debian, you can install like so:
(Other distros store agi-bin in different places):


cd /usr/share/asterisk/
mkdir agi-bin
cd agi-bin
wget http://www.crummy.com/software/BeautifulSoup/download/BeautifulSoup.py
wget http://www.maniacmartin.com/files/noto0870.agi
chmod +x noto0870.agi
cd ../sounds
wget http://www.maniacmartin.com/files/mm-foundacheapernumber.gsm

Now, you need to add the following to the contexts in your /etc/asterisk/extensions.conf where you wish to allow users to dial 08-prefixed numbers:

exten => _08[4578].,1,AGI(noto0870.agi|${EXTEN})          ; Lookup in saynoto0870
exten => _08[4578].,2,Macro(dial-uk,0044${EXTEN:1})       ; If no match or user rejects, use normal UK trunk

The line for other UK numbers shouldn't accept 08 now. Something like this will do:

exten => _0[1237]XXXXXXXXX,1,Macro(dial-uk,0044${EXTEN:1})  ; Normal UK numbers

If a user chooses to use a cheaper number, the script will change the extension and jump to it on exiting.

Festival and Asterisk

How to setup Festival with Asterisk for arbitrary text-to-speech in your PBX.

Whilst playing with asterisk, I wanted the feature of text-to-speech, so the PBX can read things such as caller IDs.

The information at voip-info.org would have been helpful, except they couldn't reproduce the conf file verbatim as their in-house wiki parses ((double-bracketed text)) as links, so to help you, I've got a verbatim config file here:

(define (tts_textasterisk string mode) 
"(tts_textasterisk STRING MODE) 
Apply tts to STRING. This function is specifically designed for 
use in server mode so a single function call may synthesize the string. 
This function name may be added to the server safe functions." 
(let ((wholeutt (utt.synth (eval (list 'Utterance 'Text string))))) 
(utt.wave.resample wholeutt 8000) 
(utt.wave.rescale wholeutt 5) 
(utt.send.wave.client wholeutt)))

In Debian, the Festival conf file lives in /etc/festival.scm. Paste this into it, then restart Festival using its init script. Now in Asterisk's extensions.conf, you can call it like so:

exten =>2,1,Festival(Hi\, you are being called by)
exten =>2,n,Festival($CALLERID)

Don't forget to escape commas and such. (OK, this was a bad example, as you'd just use SayDigits() in this case)

Steam Tray Icon's rampant CPU usage

Its very rare that I boot into Windows XP, but when I do the computer is extremely unresponsive for a good minute or so after login. There is no hard disk activity and no response from clicking anything, even the Start menu. Since I don't use Windows much at all, the XP install is very clean, and usually has most updates installed except SP3. In the past I put this startup lag down to Windows, but in actual fact it was Steam, as the screenshot below shows. I have since disabled the Steam Tray icon.

Disclosing a key to a GPG-encrypted file without exposing your private key

I was recently reading Regulation of Investigatory Powers Bill -- Some Scenarios and scenario 2 about session keys perked my interest. I wondered if it could be done with GnuPG, and after researching for a while I discovered it can, and here's how: As you probably know, in semi-new UK law, RIPA means that the police can demand that you hand over the plaintext of an encrypted file, or in certain circumstances demand that you hand over a key of your choice that decrypts the file. Since public/private key encryption is several orders of magnitude slower than symmetric encryption, GnuPG generates a random symmetric key and encrypts the plaintext with this. The symmetric key is then encrypted with the public key of the recipient and tacked on the front of the output. So, if the police want a key to a file, using your private key you can retrieve the symmetric key used for this particular file, and by handing this one-time key over you have satisfied the requirements under RIPA without compromising your main private key and allowing law enforcement to decrypt further messages without your knowledge or sign messages as you. To get the one-time key, do this on an uncompromised machine:

$ gpg --show-session-key accomplises.asc

You need a passphrase to unlock the secret key for
user: "Martin Smith "
1024-bit ELG-E key, ID 941AAA41, created 2006-10-23 (main key ID 50CB07BC)

gpg: encrypted with 1024-bit ELG-E key, ID 941AAA41, created 2006-10-23
      "Martin Smith "
gpg: session key: `9:12D785497247CA3C929EC62EAB63BD8A8F0BB29E9B60CF11FC43788B197F6A11'

Now law enforcement can use this key to decrypt accomplises.asc without needing any public or private keys:

$gpg --override-session-key 9:12D785497247CA3C929EC62EAB63BD8A8F0BB29E9B60CF11FC43788B197F6A11 accomplises.asc
gpg: encrypted with 1024-bit ELG-E key, ID 941AAA41, created 2006-10-23
      "Martin Smith "

lejog.maniacmartin.com retired

The cycle ride is over, and I'm in the process of collecting those pledged sponsorships. People have an amazing ability to not have any money on them when its time to pay up, which is pretty convenient for them. Anyway, I figured that I will not be updating the website any more, since all of the days are already blogged. Due to the heavy GPX caching and the fact it was my first Django (and web framework for that matter) usage, which I chopped and changed many times, keeping this dead site online was costing me 71MB of RAM, which is quite a sizable proportion of my 256MB VPS. I decided that the best way was to make a static snapshot of the site, and serve it with my regular httpd directly. It was basically a matter of getting the snapshot: wget -nH -m http://lejog.maniacmartin.com And renaming the GPX files and their references by running these commands from the appropriate directories: for i in $(ls|grep -v index); do sed -i s@/posts/gpx/$i/@/posts/gpx/$i.gpx@g $i/index.html; done for i in $(ls|grep -v index); do mv $i/index.html $i.gpx; rm -r $i/; done I then copied the static/ and media/ folders over. I also added a mime type for GPX files for cleanliness to /etc/mime.types: application/gpx+xml gpx (You could also use the more generic text/xml type) I know for a Django site, this leaves a mess of folders all containing a single index.html page, but since the site will never be updated again, it frees up RAM and CPU cycles (caching of parsed GPX is intensive), and means that the site will load faster. Given the heavy usage of Google Maps, any speed up is a bonus.

Appalling service at PC World

I think the email I sent to customer services explains it perfectly

To whom it may concern, After a recent visit to PC World in Grimsby today, helping a family friend to purchase a laptop, I thought you might like to know about the appalling service I was provided with. I am also publishing this letter to my website, and am willing to publish any of your replies if you wish. My experience with PC World today was horrifically appalling. It took a whole hour after telling the staff exactly which model I wanted to walking out with it. The staff were very inattentive and would rather stroll around the store chatting. They wouldn't accept the fact that we didn't want upselling, more RAM, Norton, Office or 3g and just wanted the standalone price as advertised on the shelf. Numerous times did your staff members go to get the laptop only to return to try and upsell us again, despite clear indications that we were not interested. Your staff were also unknowledgable and unable to answer simple questions about your machines. A staff member was adamant an RJ11 port on a laptop was an ethernet port, despite the fact it had an ethernet port also and the modem had a phone symbol. You also have a stupid timewasting policy whereby all sales must be approved my a manager - a bit stupid for a retail shop. After your staff finally realised that we didn't want upselling, and sold the laptop, we had been offered insurance 3 times, another laptop twice, office twice and Norton 3 times. We were also told that laptops with nvidia graphics cards are not suitable for office work. We had previously seen the same laptop for £20 more in Comet, and now wish we'd have bought there instead where the staff were attentive and helpful. It would certainly have been quicker to walk to Comet and buy it. Indeed we went back to Comet to buy a printer because we were so appalled by the service at PCWorld. I appreciate that many customers may be unsure as to what products they may need, but we clearly stated numerous times which model we wanted, and had to wait a whole hour while your stupid policies and time-wasting hard-selling staff wasted our time. As it happens we then went on to part exchange a car, and a specify all the accessories on a new car, and it took less time than it took to walk away with a preboxed laptop from your store. The family friend who we were buying for wanted to buy from a bricks and mortar for the higher level of service, but you have proved her wrong. I shall be advising all of my friends not to shop at your stores in future.

Update: PC World eventually replied with a canned email stating that they couldn't find the specifications for the laptop as I didnt specify the make and model in the email. I have replied telling them it might help if they actually read emails and not send canned replies, and am awaiting a response