I like building tests for my code. That is not an old habit, it s just something I ve been developing in the recent months or some few years. No, I am not doing TDD (although that doesn t sound like a bad idea): I just build tests after I code as a safeguard to be sure I haven t broken anything. I suspect there are more programmers like myself than those using tests as part of a TDD (BDD, SDD, etc) approach, but that is just an opinion. Well I just recently became found of code coverage estimates and tools, and rcov is such a nice tool that sometimes I just find myself building tests just to please it. I also suspect there are at least a bunch of people that do the same. Here are the results of the test coverage of one of my projects:

spectra@rohan:~/work/xmpp4r-observable$ rake rcov
(in /home/spectra/work/xmpp4r-observable)
rm -r coverage
Loaded suite /usr/bin/rcov
Started
........................
Finished in 70.995814 seconds.
24 tests, 97 assertions, 0 failures, 0 errors
+----------------------------------------------------+-------+-------+--------+
                   File                                Lines    LOC     COV    
+----------------------------------------------------+-------+-------+--------+
 lib/xmpp4r-observable.rb                                648     414    61.4%  
 lib/thread_store.rb                                      58      39    87.2%  
 lib/observable_thing.rb                                 187     118    91.5%  
+----------------------------------------------------+-------+-------+--------+
 Total                                                   893     571    69.4%  
+----------------------------------------------------+-------+-------+--------+
69.4%   3 file(s)   893 Lines   571 LOC
spectra@rohan:~/work/xmpp4r-observable$

Sure it s tempting to get more of lib/xmpp4r-observable.rb covered, isn t it?

About four months ago I described how my EeePC survived the spilling of orange juice over its keyboard. No! I never spilled anything on it again, if that s what you re thinking But I noticed that some keys (those that got more juice on) began to malfunction. At the beginning I paid no attention to it, hoping that it would just go away, but, eventually, they just stop working And those are not just unimportant keys I am talking about arrows and the forward-slash (/) keys in the lower right corner of the keyboard!!! How could I survive without those keys, without a quick access to my bash history and vim search? Well, I began googling around and found some good advice. Everything that made sense regarding how to cleanup my keyboard I compiled and, when I was enough confident it would work, I just follow the procedure I ve devised. This is what I did:

1. After turning it off and removing the battery, I removed the keyboard. Check the instructions I linked in my previous article for some pictures on how to do it.
2. I poured 500 mL of distilled water in a clean plastic box (I bought 1L for BRL 20 at a local pharmacy), added enough dish detergent to make some foam (I was careful to select a non-biodegradable one) and drowned the whole keyboard in the solution.
3. For the next 30 minutes I pressed and released the affected keys over and over again. My intention was to dissolve anything that might have remained from the orange juice.
4. I left it soaking in the solution for the next 12 hours.
5. The next day I got the keyboard out of the solution and used current tap water to remove any detergent still left in it. This might have took about 10 minutes.
6. Our tap water is really clean, but its hard, and I would not like to remove any juice from the keyboard just to add some minerals that might have the same effect, so after I was certain all the detergent was removed, I left the keyboard in the remaining of the distilled water for another 12 hour soak.
7. After that I just removed the keyboard from the soak, dried it a little bit using a paper towel and left it to air-dry (away from the sun). I don t remember how long it took, but I believe not more than 4 hours Those were hot days Anyway, I was really sure it was dry.

When I plugged it back, surprise! All keys are working again! Of course, that was just what worked for me Best advice still is: Keep liquids away your EeePC!

We ll be holding a Keysigning Party at FISL10. This will be a good opportunity to renew my key, given I ve been using it since 2001 and it s an old 1024 DSA key. I have to thank An bal Monsalve Salazar and Alexander Wirt for sharing their expertise in organizing this kind of event. More information on the KSP can be obtained from the announcement.

• Marco d Itri about adding support for yet-unknown-to-kernel-drivers devices. More specifically: how to make udev tell ftdi-sio that it should accept a certain VendorID/ProductID combination in addition to previously supported ones.
• Thomer M. Gil about ICMPTX, a combination made from proxy and server that tunnels IP through ICMP. Nice thing if you need a connection from some NATed and heavily firewalled location I guess. (Thanks go to Runa Sandvik for finding this.)
• Non-technical in a way, but still a nice link: Image of the Shuttle transiting the sun, thanks to Pablo Lorenzzoni for this link.
• Another post by Marco d Itri that explains how to install Debian on a SheevaPlug. Not that I need this info now, but it might come in handy some day.

That s it for now, will update the post if I find more interesting links in the next few days.

Just this week I went to the movies to check the latest incarnation of Cap. Kirk, Mr. Spock et al. It really was a great movie I was expecting less, I have to admit. But the movie was not bad at all With all that space and beyond thing in my mind, yesterday I was surprised with a greatly inspiring picture taken from Hubble Florida, before STS-125 reach Hubble (thanks Florian Weimer for the heads-up): How inspiring can that be? You can find the original here, along with the explanation of how and when it was taken.

Months (even years) of activism, over 140 thousand signatures, and finally another small victory: Brazilian Minister of Justice Mr. Tarso Genro sent a letter [pt-BR] stating that Sen. Azeredo s bill is dangerous, and that the Ministry is working in an alternative (among other things). We had already incited a public hearing that were very fruitful [pt-BR] and might have brought the Ministry to the issue. But don t relax just yet, folks! Right now, working in this alternative , are people with every kind of agenda It s safe to assume that some of them are from the same lobby that pushed Sen. Azeredo first version of the thing. So, yes, this was another victory, but nothing really changed The bill is still approved by the Senate and still has to be reviewed by the Chamber-of-Deputies, and the alternative that will be presented by the Ministry is still under construction. What we accomplished is nothing more than making the Minister aware of the issue So, keep the pressure over your representatives, send messages to the Ministry, stating how you feel about the issue! Let s show them what we want them to do After all, that s why we elected them, in the first place, isn t it? [Published also at Trezentos, in portuguese]

Last few months since I got my EeePC have been a lot of fun. Playing and tweaking the little bastard is a joy in the end of a busy day. Besides, since I loaded it with the most useful SysAdmin tools, it became a powerful device in my tool belt . Unfortunately, I ve been stupid enough to drink a glass of orange juice while messing with it. I know, I know! Silly thing to do. I should know better! But life is like that I spilled a few drops over it. Of course, the web is pouring off information on what to do in cases like this, so I ll just summarize what I did:

1. Imediatelly, without thinking or questioning, I turned it upside down and removed the battery. It was a clumsy thing to do I ended up spilling the rest of my orange juice on the floor while worrying about the EeePC. Concearns about filesystem corruption (or whatever) crossed my mind, but I can always deal with that later First things first!
2. I went online in another computer and found out how to disassemble it. For me it was easy, since I got other two computers at home but if I needed to leave it there while looking for information, I would! If it s upside down and has no power whatsoever (the battery was removed), it s safe, I think. The information was easily found. I decided I didn t need to disassemble all of it, but having those information at hand was pretty useful.
3. I began by removing the keyboard. It s tricky but not difficult. The secret relies on the spring-mounted tabs near the screen. I checked for spills under it and cleaned with a cotton swab.
4. I was not very confortable to open the case, but I decided that turning it back on without checking the electronic parts first was too risky. So I said goodbye to my warranty and unscrewed the 6 screws from the bottom and the 9 from the silver casing under the keyboard.
5. There I found some little drops! Good decision to open it up! I dried it using cotton swabs again.
6. Before putting it all together, I decided to leave it open until the next day. I was pretty sure everything was dry again, but better safe than sorry . The next day I successfully assembled it and turned it on. Great! Everything worked fine.

Now that was just what worked for me. My EeePC is back, fully restored but, of course, the warranty is void :-( So I cannot recommend you to do the same. Best advice I can tell you: Keep liquids away your EeePC!

SSH is really the Swiss Army pocket knife of sysadmin tools. When I needed to periodically synchronize log files from an old server (old as in customer-would-never-update-it-or-install-anything-new), I built a simple and secure solution using rsync and ssh. This is what I did: (I will call remote the system where the logs I want to retrieve are, and local system where I want them to be copied to) First I created an account with a restricted shell (ideally this should be a system account, but we ll get there!):

remote# adduser --ingroup nogroup --shell /bin/rbash rlogs

Then locally, I created a new, password-less ssh key pair, copying it to my remote system:

local$ ssh-keygen
>>> When asked where to save it, I chose a different name, like .ssh/rlogs
local$ ssh-copy-id -i .ssh/rlogs.pub rlogs@remote
...
>>> You can delete the password of user rlogs, so it, effectively,
>>> cannot log-in with it (almost like a system user).
remote# passwd -d rlogs

Now you should be able to run password-less rsync already (note that I use -e option to point to a different key):

local$ mkdir logs
local$ rsync -av -e "ssh -i $HOME/.ssh/rlogs" rlogs@remote:"logs/" logs/
receiving file list ... done
./
file1
file2
...
fileN

But even with a restricted shell, I wanted even less possible things to happen. That s what command= directive is for It will only allow that command to be run in a session started by that key. Since rsync translates a lot of its command-line options, I run it again with a dirty ps-in-a-loop in the remote host, just to see what running rsync locally causes remotely:

remote$ while 1; do ps wp $(pgrep rsync); sleep 1; done
...
local$ rsync -av -e "ssh -i $HOME/.ssh/rlogs" rlogs@remote:"logs/" logs/
>>> in the remote loop you should be able to get the command:
  PID TTY      STAT   TIME COMMAND
 6183 ?        Ss     0:00 /usr/bin/rsync --server --sender -vlogDtpre.i . logs/

Here comes the authorized_keys magic. At the remote host I edited .ssh/authorized_keys to add a command= line with what I found out in my dirty loop. Also, I added a couple of directives to restrict it even further (they are pretty self-explanatory):

rlogs@remote$ cat .ssh/authorized_keys
command="rsync --server --sender -vlogDtpre.i . logs/",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty ssh-rsa (...) myuser@local

Now everything is set. I just added the rsync command to the local crontab and it s done.

One of the largest FLOSS events in the world, FISL (International Free Software Forum in english) subscriptions are already being accepted. They also already called for papers! They re calling this year s a special edition since they expect to reach 10-thousand attendees (last year exceeded 7-thousand)... this is pretty big if you ask me. As usual, it will take place at Porto Alegre, and is scheduled from June 24th to 27th. I think we can expect the usual activities (Programming Arena, Interesting Workshops, FLOSS shows, Great Speakers, Brazilian Government), but I think the special edition is not just due to the number of attendees. What surprises are being cooked by the Organization Committee is just something we ll have to wait and see :-) See you there!

As I already told you, I am using XMPP4R-Simple in an internal project. For this, I d have to add PubSub capabilities to it, and I did when I decided to get serious with git. Today I committed a version with integration of various patches by other forks I found on GitHub plus a lot of improvements on PubSub functions. With this version it s simple to use PubSub like this:

require 'xmpp4r-simple'
# Simple function just to parse an event
require 'time'
def parse_event(event)
  item = event.children[0]
  node = item.node
  time = nil; item.each_element("//published")    e  time = Time.parse(e.text)  
  text = nil; item.each_element("//body")    e  text = e.text  
  return   :item => item, :node => node, :time => time, :text => text  
end
# Create the clients
im1 = Jabber::Simple.new "im1@example.com", "password" 
im2 = Jabber::Simple.new "im2@example.com", "password" 
# im1 creates a node
im1.create_node("/some/node")
# im2 subscribe to that node
im2.pubsubscribe_to("/some/node")
# We'll start a simple thread to get the events coming from that node to im2
Thread.new   loop  
  sleep 1 while ! im2.received_events?
  im2.received_events    event 
    h = parse_event(event)
    puts ">>> Got an event from node # h[:node]  published at # h[:time]  with text # h[:text] " 
   
 
# Now im1 just publishes anything to that node.
im1.publish_atom_item("/some/node", "This is my node", "This is the content of my node")
# The thread should capture the event and run puts on the hash from parsing.

PubSub is great, isn t it?

I finally took some days off. Those are most needed, since I spent carnival on call at the hospital (argh!)... So Brenda and I decided to spend those days at Maceio, capital of Alagoas state, and a very anticipated vacation. They have a lot of sun and beautiful beaches, enough to fill our week (and get some tan also). This picture was taken at Praia do Gunga (Gunga s Beach), a charming place with a calm shore, almost like a pool, protected by natural reefs. As you can see, I am having a bad time right now :-) Food is excellent, so are the people. But there are some inconveniences (as always). Beaches around downtown are not proper for bathing They re fighting a long fight against pollution (and loosing, if you ask me)... Also, Alagoas is a poor state Our guide said alphabetization covers less than 70% of the people Also, network connection is expensive in hotels. Ours charges BRL 1,00 every 5 minutes! And the speed is not the best. They have one of those systems requiring a web authentication before you go. I ve seem people complaining about this kind of system in Planet Debian before (reference please!) and suggesting Tunneling over DNS as a fix . I ve noticed it would work in our hotel, but I decided to try another approach I ve already written about: just a quick tunnel over an ssh connection. I know I told you I needed an authentication before, but that is for the first connection! Yes, once the connection is established, I could just log out (thus stop the charging). No new connections could be made, but the tunnel was already up, so just put everything through the tunnel and I should be fine right? Wrong. I got bitten by a drawback of the technique already pointed in a comment when I first wrote about it: in an error-prone network, TCP-in-TCP slowly dies of attempting to correct itself over and over and I was using a poorly connected wi-fi (loosing almost 30% of the packets!). So, I was left with the set-up of a not foreseen tunnel using DNS as the only option This would take time (and money)... So I decided for a simpler approach: SOCKS proxy. Yes, everything I would do could be done through a SOCKS! So a simple:

bash$ ssh -D 8888 my.remote.location

was all that I needed. That and setting my Firefox to use a SOCKS proxy on localhost:8888 and all went fine. I paid to set-up the tunnel then, once established, I logged out and kept using my tunnel all this time. Simple and effective, and I got some time left to blog about it. :-)

I ve been using git this last few days and I am still working on a workflow for my projects. Unfortunately, as others have noticed, git violates POLS is so many ways, it ends up being hard to get. Creating a remote repository seems to be the first thing to bite a developer switching to git (mainly if coming from a centralized SCM). I have not decided which is the best way of doing it, but I ve been using git-daemon via inetd and a path in my remote hosting holding all my repositories for public pulling, and ssh for pushing. Here is how to create it:

local$ ssh spectra@remotehost
remotehost$ mkdir /var/git/myproject.git
remotehost$ cd /var/git/myproject.git
remotehost$ git --bare init 
remotehost$ logout
local$ cd myproject
local$ git remote add remotehost spectra@remotehost:/var/git/myproject.git
local$ git push remotehost master
...
otherlocal$ git clone git://remotelocal/myproject.git
otherlocal$ cd myproject
otherlocal$ git remote add remotehost spectra@remotehost:/var/git/myproject.git
(hack hack hack)
otherlocal$ git push remotehost master

Now everybody can pull your repository at git://remotehost/myproject.git and you can push and pull to it via ssh. Note that you have to setup git-daemon, which is pretty straight forward. I am using it as an inetd daemon, but you can use it as a standalone one. Debian has a package which does just that. Now, some people think logging in a remote server just to create an empty repository is too much. Well repositories are just .git directories. It happens that you can push for the first time by rsyncing your .git with a remote host:

local$ cd myproject
local$ rsync -a .git/ spectra@remotehost:/var/git/myproject.git
local$ git remote add remotehost spectra@remotehost:/var/git/myproject.git
(hack hack hack)
local$ git push remotehost master

(Apparently you can push using rsync every time, but it s regarded as wiser to keep your probably crappy local repository commits separated from the public repository otherwise commit messages like Please, don t use this code are likely to pop up everywhere :) ). Now, I don t know if this have side effects, but it works :-) Another thing to notice is that git is more directed at pulling than pushing. This may be because of its designer: the way Linus works is by pulling changes from others repositories and not by letting others push em into his one. And this is another violation of POLS for most of the people, who is used to commit their changes into some remote repository. Rather than that, people using git would expose their own repositories in order to have it pulled by others. I also agree with most of the git critics wrt git commands There s a lot of examples and I am not going deeper in this but I think it was a bad choice calling checkout what git does when told to checkout , for instance. Yes, I know different tools, different ways of seeing it but everyone was already used to what centralized SCMs call their operations, and I think it would only help git adopting same names for the same operations, and inventing new ones for those proper of decentralized operations. Anyway, once you get it (and I have not completely got it yet), it seems all flow as expected. If this adaptation fails, there s still Easy Git to the rescue! One last thing that I think contribute to the git sucks effect: git-svn. This is a great tool, but it was built from git s point of view Given it s intended as a glue for Subversion newcomers, it would benefit more from being built from svn s point of view. This was mentioned by a colleague developer in my company, when he just couldn t understand why one have to git svn rebase instead of a simple update. So git-svn also suffers of the bad command naming habit git do. Of course, that given that you came from this environment (I am sure git and git-svn makes perfect sense for Linus & cia :-) ). I have not tried yet, but yap seems to be targeted on providing an alternative to git-svn.

I was browsing GitHub, getting to know the system and feeling pretty amazed by it (seriously I felt I discovered Orkut for developers)... when some thought just stroke me: how do they save space? Yes, I know git is pretty efficient when it comes to saving space. Yes, I also know that space are becoming cheaper with time, but still, they claim to have +50k developers hooked up their servers if they re not doing something about space, things will go inefficient quite quickly. Rails alone seems to have 464 forks! If all of them represent one bare clone of the canonical repository on GitHub s side, that is a lot of space wasted in duplicated things Git has one amazing feature: hashing the objects it keeps track of. It surely doesn t seem too complicated to design a schema that avoids having two copies of objects with the same hash. So all those forks of Rails, on GitHub s side, would be just hardlinks to the canonical repository Surely people working in GitHub are smart enough to have though about it on their own Who knows? Maybe that s exactly what they re doing already! If so, can I ask them to share their schema, since it can become very useful to the rest of us? If not, can we beat them ;-D?

Everybody seems to be using git these days I am not very found of hypes , as I told you before, but there s been some time I ve been evaluating git. I was happy with svk for quite a long time Lately, though, I ve been developing and extending a lot of ruby libraries, and all of them seem to be hosted at GitHub and using git So, why not give it a serious try? I chose a simple task on my TODO-list: to extend xmpp4r-simple to support XMPP PubSub, so I could use it in an internal project at my company. So I cloned its git repo and started developing. Not a really hard task, since all I had to do was use the underlying library (xmpp4r not surprisingly also in GitHub) and mimic what Blaine s done for the callbacks and it was ready (and working although I still need to put more time on the test suite). I am still exploring It will take some time to migrate my stuff (and maybe a lot will remain in my company s Subversion), but that s what git-svn is for, isn t it? Right now I am looking for ways to work with git-buildpackage and Debian git tools Do you have some advice on that?

I don t know maybe it s because my birthday is coming (Feb 10th)... or maybe because my wife s birthday is around the corner (Jan 26th), but I am feeling too old these days. I know, though, that at least part of it is due to Web 2.0! I feel like being the last geek still using my own mail server (everybody else is using Google Apps) and a console-based MUA (I am using Mutt for as long as I remember everybody else seems to be on Google s Gmail). I still don t have a Twitter or an Identi.ca account. I still use my ICQ account! I never got an OpenID. Just yesterday I was lost in a conversation about Google Reader! I am a lost case Is this how it is to become an old days geek? Now I know what those bearded geeks from the 70s felt

This is just to keep a reference (so I don t have to google it again :-) ): One can create a quick and dirty VPN using pppd and ssh:

bash$ /usr/sbin/pppd noauth 10.0.0.1:10.0.0.2 pty 'ssh -x -t -e none remote_user@remote_server /usr/sbin/pppd passive noauth'

This assumes both users (local and remote) have permissions to run pppd (some sudo trickery may become very handy) and that no password is asked by ssh (password-less key authentication). Quite handy, ain t it?

While googling for something completely different (which I cannot remember right now), I passed by what is probably the best Bash tip I ever read:

bash$ head -10 /etc/apache2/sites-available/default
(...)
bash$ ^10^20^
(...)

What happens in the second command is that the previous one is repeated, replacing 10 by 20 ! How great is that?!

This is the follow-up on my Asus EEE PC configuration. Next on my TODO list was to make the webcam work, and as Ben Armstrong had pointed it worked fairly well, proving to be a non-issue. After that, I decided it would be a good thing if the presence of my bluetooth-enabled cellphone were tested, so that if I walk away from the PC, it called xscreensaver -lock. After some googling, I found a tool that did just that: BlueProximity. It really seemed a good idea, except that my cellphone (a Palm Treo 650) kept warning me about a connection going on, which was quite unpleasant. This happens because BlueProximity tests the RSSI of a bluetooth connection Beautiful, but a little overkill for what I wanted: I just wanted to know if it is there or not. First I tested the bluetooth discovery with hcitool scan, but for that I would have to keep my cellphone Discovery On, which is not a smart thing to do So I tested other things, and found out that hcitool name XX:XX:XX:XX:XX:XX only returned the name of my cellphone if it were around. So that was what I used. This is treo-presence.sh script:

#!/bin/bash
TREO='XX:XX:XX:XX:XX:XX'
NAME='name_of_my_cellphone'
CMD="/usr/bin/hcitool name $TREO" 
if [ " $CMD " = "$NAME" ]; then
  exit 1
fi
exit 0

It returns 0 or 1 if the TREO device is absent or present, respectively. I use it from the following cron script:

#!/bin/bash
/usr/bin/w   /bin/grep $LOGNAME > /dev/null 2>&1
if [ $? -ne 0 ]; then
  # Running user is not logged in
  exit 1
fi
CMD="/usr/local/bin/treo-presence.sh" 
LOCK_CMD="/usr/bin/xscreensaver-command -lock" 
FILE="/tmp/no-treo-lock.txt" 
TMPFILE= /bin/tempfile 
/bin/touch $FILE
/usr/bin/tail -2 $FILE > $TMPFILE
$CMD; echo $? >> $TMPFILE
/bin/mv $TMPFILE $FILE
/bin/rm -f $TMPFILE
for line in  cat $FILE ; do
  if [ "$line" = "1" ]; then
    exit 1
  fi
done
# Got here: all 3 lines are not 1
$LOCK_CMD > /dev/null 2>&1
exit 0

This is run from the user crontab file every minute, recording the last 3 runs in a file in /tmp. If all 3 runs indicates the absence of my cellphone, xscreensaver -lock is called. Simple enough and doesn t give me connection warnings in my Treo. Other approaches are surely possible. Also, I am not sure treo-presence.sh would work for other devices This is just what works for me

Wow! I woke up this morning and, while browsing my usual feeds I got a nice (although odd) surprise: Rails and Merb will merge !!! Should we all wait for the end of days? ;-) Seriously That is really something I d never have expected. Rails 3 will be such an interesting framework! What a nice Christmas gift! Merry Christmas.

Really, now is the day 3 I am just considering this day 2 for I had to do a lot of things again due to my dumbness. Let me explain: I had a desktop environment in place (with fluxbox), wired network, and most of my daily softwares (Iceweasel, X-Chat, Pidgin, GkRellM), then I decided to test the Suspend-to-Disk At first, it seemed to work well: I made a swap file for uswsusp, just as documented what is not documented is that this file must be outside the encrypted partition! So, when I turned it on again, an error telling me about some corruption in the opened luks partition. I though OK, something gone mad, just a matter of running an e2fsck . So I booted with the netinst pendrive, opened the luks partition and ran it with -y. Everything seemed to be corrupted!!! It spend almost 5 minutes fixing bogus inodes and stuff before I decided to interrupt the process this fixed filesystem would never work anyway. So I began from scratch All over again. When I got into a working base-system, some other thought stroke me: what if Brenda were to use rohan (have I mentioned the name is rohan? I name all my machines after places in Middle-earth)? So, a minimal user-friendly desktop is needed After some research, I decided to go for LXDE. This is a minimalist desktop with OpenBox as the window-manager. I ve been using FluxBox for a long time now, so running another BlackBox-based would not be such a problem. LXDE is quite good. So far, everything I expected is working fine . Then I decided it s time to move on to configure the Wi-Fi stuff. I installed the RT2860 modules from Debian/EEEPC Repository and added rt2860sta to /etc/modules. At first I was worried that some reports of it not working with WEP showed up in a Google Search But nothing could be smoother! I installed wicd and it detected our WEP AP like a charm (and a bunch of other APs nearby)... after entering our key it just connected fine and I ve been using it since no glitches so far. I would like to play a little more, but I called the day since I got a lot of work going on Next item planned is the webcam