I recently came across some cool pants (created by Distilled Clothing, a San Francisco-based men’s fashion line) which block potentially harmful Electro-Magnetic Fields (EMF blocker) like those caused by radiation used by mobile phones.

According to Distilled, “The jury may still be out on whether Electro Magnetic Fields from mobile phones hurt us but phones are legally allowed to emit 1.6 watts per kilogram of radio frequency and one might prefer some insurance. Hence this pant with copper and nickel plated pocket bags that block potentially harmful radiation.”

The EMF Blocker pant design pattern has been open sourced by Distilled and is available under a Creative Commons Attribution-Share Alike 3.0 License

Some photos of the EMF Blocker pant (courtesy mattymerrill’s photostream) are shown below:

Like the tagline “Protect yourself and your future progeny”

Recently, I came across a whacky website which attempts to address an issue which probably many people have experienced while watching movies at the cinema, especially those long movies – the urge to empty the bladder (pee)! Well, a Flash developer, Dan Florio had just that experience while watching King Kong and developed a website Runpee.com to assist cinema goers in identifying when to run to pee so as not to miss the best parts of a movie!

Here’s a screenshot of the Flash application that powers Runpee.com.

The screenshot above provides the pee times for the movie “The Time Traveler’s Wife” indicating that you may pee for around 4 mins at around 46 mins into the movie and obviously, at the end of the movie (for as long as you like). You will also have the option of getting to know what happens in the movie during those precious 4 minutes (you can unscramble the encrypted spoiler).

Well, Runpee.com was launched in August 2008 and is apparently gaining popularity very quickly. It seems that a collaborative effort is underway to analyze pee times for various movies, not just Hollywood, but even regional movies across the world.

I’m sure that Indians could benefit enormously from Runpee.com stats given the very long duration of Indian movies. Also, identifying pee times for Indian movies will be easy (most often during songs) and some entire movies may be just pee time.

Perhaps movie producers and directors will have to take note of a new metric for their movies – the RunPeeCount. i.e. the number of times you can pee during a movie without missing anything interesting. Obviously, movies with the lowest RunPeeCount rule! And imagine what this website will do for cinema owners. They’ll need to upgrade their WC facilities  to accommodate huge queues at specific times of a movie’s running time. Imagine watching “The Time Traveler’s Wife” and @ 46 mins, almost everybody says “It’s pee time” and rushes towards the nearest exit!

Whoa! I’ve never typed/uttered the word “pee” so many times in such a short period. Visit the website and have fun!

Sometimes, you may want to use multiple locations for documents on the same website using Apache. It’s very straightforward to configure multiple document locations in Apache using the Alias directive in either the server config or VirtualHost config. Given below are the steps I used to configure a document root (/webserver/apache-2.2.12/phpMyAdmin) for the phpMyAdmin application to store it outside my default web application’s document root (/webserver/apache-2.2.12/htdocs).

STEP 1: Modify the Apache httpd.conf to add the Alias directive and ensure the new document root is accessible. Example below:

#
# DocumentRoot and Alias to point to pma's location outside DocumentRoot
#
DocumentRoot "/webserver/apache-2.2.12/htdocs"
Alias /pma /webserver/apache-2.2.12/phpMyAdmin
#
# Config options for pma document root
#
<Directory "/webserver/apache-2.2.12/phpmyadmin">
    Options -Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

Note: I explicitly configured Directory options for /webserver/apache-2.2.12/phpMyAdmin as my default Directory options (for /) were very restrictive.

STEP 2: Restart Apache. Example below:

/webserver/apache-2.2.12/bin/apachectl -k restart

Using my browser, I could access the new document root at http://xx.xx.xx.xx/pma

Points to remember:

(1) Apache permits only one DocumentRoot (understandably) for a website and so you cannot have "multiple document roots". However, you access documents stored in locations outside the DocumentRoot, thereby permitting "multiple document locations". If you have more than one domain name for your website, then you may use the VirtualHost directive to configure a DocumentRoot for each website domain.

(2) Ensure you do not add a trailing / to the url (/pma) in the Alias directive. If you do so, you will see “Not Found” errors.

(3) You should not have a directory in the document root having the same name as a URL in any of the Alias directives as you will never be able to access it. Based on the example above, if I create a directory called pma in the document root /webserver/apache-2.2.12/htdocs, then I will never be able to access any files in this directory as the Alias /pma tells Apache that it must look elsewhere (/webserver/apache-2.2.12/phpMyAdmin). However, you may create the directory pma as a subdirectory withing directories in the document root (e.g. /webserver/apache-2.2.12/htdocs/test/pma)

A couple of days ago, after Sri Lanka thrashed New Zealand in a test match played in Sri Lanka (primarily due to Muralitharan’s exceptional bowling), Mark Richardson (former Kiwi batsman) resurrected the issue of “Murali chucking the ball by going beyond the 15-degree”.

Typically, with yet another “chucking claim” from a non-Asian affiliated with the game, Asians will be quick to react that such claims provide more evidence for the negative bias against Asian cricket teams. Yes, history has provided some reason for such reactions. For example, when Simon Jones bowled beautifully in the 2005 Ashes, England called it reverse swing, but when Wasim Akram and Waqar Younis (the Sultans of swing) bamboozled the English batsmen, England called it “ball tampering”. It is such hypocrisy of teams like England and Australia that has alienated some of the Asian cricket players and fans.

However, with regards to Mark Richardson’s recent comments on chucking, I believe he makes a very valid point. He did not attack or blame Murali, but rather criticized the ICC for its inept policing of chucking.

I also believe that the ICC’s current policing of chucking is woefully inadequate. As per the current process, an umpire refers a suspect bowling action to the ICC, the ICC conducts several laboratory tests on the bowler with the suspect action and based on the test results, concludes whether the bowler chucks or not.

The ICC makes a bowler completely aware that it’s testing his bowling action in the comfort of a laboratory and expects him not to be consciously or sub-consciously aware of this fact and consistently replicate the same bowling action he uses in all situations in highly competitive international cricket matches.

If a suspect bowling action can only be confirmed in a laboratory, then the only excuse I can find for the ICC following the current nonsensical process is the lack of adequate technology. On the other hand,  if a technology which allows a bowler’s action in cricket matches to be analyzed exists, then the ICC should perhaps police chucking as follows:

• Ensure the law(s) related to legal bowling is/are unambiguous.
• Create a team of experts who are very proficient in all technologies required to measure and confirm whether a bowler bowls or chucks.
• Create a schedule for every Calendar year to randomly select International matches and analyze all bowlers’ actions in those matches. The selection of bowlers whose actions are analyzed must be uniform across all teams. Based on the results of the analysis, bowlers should be informed whether they have a legal or an illegal bowling action and action can be taken accordingly to ensure all players play within the laws of the game.
• If a bowler’s action is so suspect that an umpire refers the action to the ICC, then the bowlers’ action in that match must be analyzed to confirm or reject the umpire’s suspicion.

If there isn’t a technology which can capture and analyze a bowler’s action in any cricket match, then bowlers (with suspect actions) who are subjected to laboratory tests could play “Catch me if you can!” with the ICC.

A favicon is a 16 X 16 pixel square icon that serves as an identifier for your website (browser window, browser tab, bookmarks). So, it is important to create and install a suitable favicon for your website.

While searching for free software that helps you create favicons, I found that there were quite a few to choose from, but finally, I decided to use the free, online favicon generator at favicon.cc. This online tool is more than enough to create good basic favicons.

The features of favicon.cc which impress me are:

• Free and web-based. No client to download and install.
• Very simple and intuitive to use.
• You can preview the created favicon before downloading it.
• You can create animated favicons.
• If registered, you can save your favicon online and even publish it under an open Creative Commons license.
• You get useful tips on how to use the favicon within your HTML.

I used favicon.cc to create the favicon for this blog as well as an animated TrafficLight favicon published under the Creative Commons license.

Note: Different browsers handle favicons differently and website developers will be all too familiar with the frustration caused by browser compatability. For example, as of today, Microsoft IE does not support animated favicons.

Although using Public Key Infrastructure (PKI) with SSH is strongly recommended over password authentication, basic UNIX password authentication (using username and password for authentication) is still widely prevalent. If you are one of those users still using password authentication, then this tutorial could provide you with essential information to enable you manage your passwords and prepare to switch to PKI or other more secure methods of authentication. The examples in this tutorial are based on Fedora 11 Linux, Ubuntu 9.04 Linux and Solaris 10 (x86) and will apply to all these UNIX distributions unless otherwise mentioned. The examples for Fedora 11 will most probably apply to Red Hat Enterprise Linux (RHEL) as Fedora is a spin-off of the terminated Red Hat Linux Desktop and shares code with RHEL.

When and where are passwords created?

Passwords for users are created when a user is created. Users are typically created with the useradd command. An example user creation is given below:

useradd -d /home/asg -m -s /bin/bash asg

The above command creates a user called asg with home directory /home/asg and the bash shell and will work on

Upon creation of a user, a blank password is created, locked and assigned to that user and all password details for that user are stored in the /etc/shadow file as shown below.

# Fedora 11
asg:!!:14479:0:99999:7:::
 
# Ubuntu 9.04
asg:!:14479:0:99999:7:::
 
# Solaris 10
asg:*LK*:::::::

Note the differences in default password creation among the three UNIX distributions:

(1) Notation used to denote password locking. In Fedora 11, it’s "!!", in Ubuntu 9.04, it’s "!" and in Solaris 10, it’s "*LK*".

(2) In both Fedora 11 and Ubuntu 9.04, days that denote when the password was last changed (14479 days since 01/01/1970), before which a password may be changed (0 days), after which a password must be changed (99999 days) and the warning before a password expires (7 days) are assigned (defaults assigned in /etc/login.defs and /etc/default/useradd) whereas in Solaris 10, these values are not defined.

Refer to the shadow manual (man /etc/shadow) to understand the fields associated with a password definition (a colon separated line) for a user in the /etc/shadow file.

 How do you set passwords?

Passwords are set using the “passwd” command as shown below:

# For non-root users (e.g. asg)
passwd
 
# For root user (e.g. set the password for the asg user)
passwd asg

Note: Non-root users can set only their own passwords (unless given elevated privileges) whereas the root user can set any user’s password.

When a password is set, it will be encrypted and stored in the /etc/shadow file as in the example shown below (single line):

 asg:$6$TcNyv6EyQchM.:14479:0:99999:7:::

How do you lock passwords?

By default, as seen above, passwords are locked during user creation. If you need to lock a password any time after it has been unlocked, then the following command must be run as the "root" user:

# As root user, lock the password for the asg user
passwd -l asg

When a password is locked, the corresponding user’s account cannot be used and you cannot login directly as the user or even switch user using su.

Note: In Fedora 11 and Ubuntu 9.04, a user whose password has been locked will still have its cron jobs running normally, but in Solaris 10, such a user’s cron jobs will no longer execute.

How do you unlock passwords?

You can unlock a user’s password (as root user) in one of two ways as shown in the example below:

# Option 1: Simply set the asg user's password
passwd asg
 
# Option 2: Unlock the asg user's password
passwd -u asg

How do you delete passwords?

You can delete a user’s password (as root user) by using the passwd command as shown in the example below:

# Delete the asg user's password
passwd -d asg

How do you manage password expiry?

Just like perishables, passwords too can have lifetimes and expire. By default, when users are created, password expiry is not set, thereby allowing a password to be used forever without ever being changed. Well, password authentication is not a very secure authentication mechanism and so apart from setting difficult-to-guess passwords, it is important to change passwords often to reduce the risk of security being compromised. Password expiry may be set (as root user) as shown in the examples below:

# Option 1 : Using the passwd utility, set expiry of the asg user's password to 30 days from now
passwd -x 30 asg
 
# Option 2 (Fedora 11 and Ubuntu 9.04): Using the chage utility, set expiry of the asg user's password to 30 days from now
chage -M 30 asg

Password expiry may be unset (as root user) as shown in the examples below:

# Option 1(a) : Using the passwd utility, turn off expiry for the asg user.
passwd -x -1 asg
# Option 1(b) : Using the passwd utility, turn off expiry for the asg user.
passwd -x 99999 asg
 
# Option 2(a) (Fedora 11 and Ubuntu 9.04): Using the chage utility, turn off expiry for the asg user.
chage -M -1 asg
# Option 2(b) (Fedora 11 and Ubuntu 9.04): Using the chage utility, turn off expiry for the asg user.
chage -M 99999 asg

Note:If using password authentication, I recommend that password expiry is always turned off or disabled for system/shared user accounts to prevent inefficiencies caused by dependencies on password tracking.

What is the difference between deleted, locked and expired passwords?

Some people refer to deleted passwords as disabled passwords, but I will refrain from using the term "disabled" as it only adds ambiguity. Refer to the table below to understand the differences and similarities between deleted and locked passwords.

 How do you disable password authentication for only certain users?

Password authentication is still widely used on UNIX Production systems. And some systems even still use the telnet daemon to accept connections. The telnet protocol is insecure as the password is transmitted in plain text and if you’re using telnet on UNIX Production systems, discontinue its use and switch to the SSH daemon at the earliest. If you wish to disable password authentication for all users, then setting the directive "PasswordAuthentication no" in the sshd_config file and restarting the sshd daemon will ensure no user can use password authentication. If on the other hand, like me, you are not a System Administrator and wish to disable password authentication only for specific users (your team perhaps), then you may do so as follows (Fedora 11, Ubuntu 9.04 & most Linux distributions):

(1) Ensure each user creates a public-private key pair and configures his/her public key in the appropriate home directory, in order to use PKI/SSH to login.

(2) Turn off expiry for user passwords in order to prevent any impact on cron jobs.

(3) Lock the users’ passwords in order to prevent password authentication.

(4) For shared or system users, ensure elevated privileges are provided to normal users using softwares like sudo or Power Broker. If using sudo, the users may have to remember their passwords even though they’re using PKI, in order to use the sudo command (not mandatory, depends on sudo setup).

I know the above steps seem a weird way of configuration (use passwords and then prevent password authentication), but I haven’t found any other direct way of disabling password authentication for certain users. Using Pluggable Authentication Modules (PAM), this may be possible, but this tutorial is aimed at users currently using basic password authentication without services like PAM, kerberos, etc.

Note: I do not recommend the above 4-step procedure for Solaris 10 (& probably earlier versions) as step 3 effectively ensures that the users’ cron jobs stop working.

 References:

(1) UNIX manuals (man passwd, man chage, man shadow, man sshd): As always, read the manual!

(2) Steve Friedl’s  Secure Linux/UNIX access with PuTTY and OpenSSH: An excellent, lucid tutorial to help you get started with using PKI and SSH.

(3) Werner Puschitz’s Securing and Hardening Red Hat Linux Production Systems: An excellent guide on securing Production RHEL systems (also covers PAM).

My Oh My !! Usain Bolt is Superman. I have been keenly following the world’s best sprinters since I was a kid, followed the Olympics and World Athletic championships closely, always knew who the fastest man in the world was and the world record time for the 100m. However, none of the sprinters I have watched have amazed me anywhere close to as much as Usain Bolt has. I bet Usain Bolt’s name is on every athlete’s lips right now as this guy has given us some breathtaking stuff in two major championships over the past two years.

First, he broke the world records in the 100m and 200m in the Beijing Olympics (2008) by clocking 9.69 secs and 19.30 secs respectively. And now, over the past week, he has smashed those very two records by the same margin of 0.11 secs by clocking 9.58 secs and 19.19 secs in the 100m and 200m respectively in the World Athletic Championships at Berlin. Note that 19.19 secs for the 200m is a rate of 9.595 secs per 100m. Now, that’s FAST !!

Unlike most of the races I’ve witnessed in which the likes of Carl Lewis, Donovan Bailey, Maurice Greene, etc. broke world records, Usain Bolt had taken significant leads over the other athletes in the races, showing that he was clearly far ahead of his competition. And the athletes competing with Usain Bolt are also benefitting by putting in their best performances in trying to keep up with Bolt. The 100m race in which Usain Bolt clocked 9.58 secs, is the first 100m race in history in which 5 athletes clocked below 9.93 secs. Never before have so many athletes in a 100m race run so fast!

And what’s all the more remarkable is the manner in which Usain gives us these great performances. He’s super-cool and relaxed before a race (I’m sure that da Jamaican genes have something to do with it) and doesn’t seem perturbed by pressure or expectations. He makes his victories look so easy.

With the exception of the 200m race in which he clocked 19.19 secs, he didn’t seem to give 100% in all the other races and yet he smashed world records in those races. So, Usain’s certainly got more to offer and the world is going to stand up and take notice every time he runs because when Usain runs, you’d never know what is humanly possible!

This is what I did to install Apache 2.2.12 and PHP 5.3.0 on Solaris 9 (SPARC/Sun-Fire-V490). I chose an application user (applusr) to install Apache as I did not require to launch it on a reserved port (1-1024). Installation instructions could differ for you depending on how Solaris 9 was installed on your host (available packages).

(1) Download the following Solaris packages (not source code) from http://www.sunfreeware.com :

• libiconv (libiconv-1.11-sol10-sparc-local.gz)
• gcc (gcc-3.4.6-sol10-sparc-local.gz)
• libxml2 (libxml2-2.6.31-sol9-sparc-local.gz)

(2) Using root user privilege, install the Solaris packages downloaded in step (1) as given below (adhere to the order of installation commands). Comments (prefixed by #) provided for clarity.

# First, change directory to location of the downloaded packages.
 
cd <location of packages>
 
# Install the libiconv package
 
pkgadd -d libiconv-1.11-sol10-sparc-local.gz
 
# Install the gcc package
 
pkgadd -d gcc-3.4.6-sol10-sparc-local.gz
 
# Install the libxml2 package
 
pkgadd -d libxml2-2.6.31-sol9-sparc-local.gz

NOTE: You may try implementing steps (1) and (2) above with the latest versions of the packages.

(3) Download Apache HTTP Server 2.2.12 (httpd-2.2.12.tar.gz) at http://httpd.apache.org/download.cgi and PHP 5.3.0 (php-5.3.0.tar.gz) at http://us2.php.net/downloads.php . Verify the integrity of the downloads using PGP or MD5 (if downloading to a Windows machine, you may use winmd5sum to verify the md5 signature).

(4) Set the PATH variable correctly, so that binaries like gcc (typically in /usr/local/bin) and make (typically in /usr/ccs/bin) can be accessed. For example, my PATH is /bin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/ccs/bin

(5) Compile and Build Apache (I used a non-root user and specified where I want to install Apache with the –prefix option):

# Unpack and extract the apache source
 
gunzip httpd-2.2.12.tar.gz
tar xvf httpd-2.2.12.tar
cd httpd-2.2.12
 
# Compile and build the apache source
# The –enable-so option is used to load the mod_so module at compile time in order
# to enable DSO Support for shared modules like PHP, mod_proxy, etc.).
# For illustration, apache will be installed in /webserver/apache-2.2.12
 
./configure --prefix=/webserver/apache-2.2.12 --enable-so
make
make install

(6) Install PHP (I used a non-root user and specified where I want to install PHP with the –prefix option)

# Unpack and extract the PHP source
 
gunzip php-5.3.0.tar.gz
tar xvf php-5.3.0.tar
cd php-5.3.0
 
# Compile and build the PHP source. For illustration, PHP will be installed in /webserver/PHP-5.3.0.
 
./configure --prefix=/webserver/PHP-5.3.0 --with-apxs2=/webserver/apache-2.2.12/bin/apxs --with-config-file-path=/webserver/PHP-5.3.0
make
make install

NOTE: If you are installing PHP on a computer that has access to the internet, you may run “make test” after make and before “make install” to assist the PHP community in further development of PHP.

(7) Configure PHP

• If you’ve installed Apache with non-root privileges, then modify ListenPort to a port > 1024 (For example, I configured Listen xx.xx.xx.xx:7777 to enable my apache to listen at port 7777)
• Add the following snippet to the apache 2.2.12 httpd.conf file

#
# The following lines enable Apache to handle PHP requests
#
<Filesmatch  \.php$>
	SetHandler application/x-httpd-php
</Filesmatch>

(8) Test Apache 2.2.12 and PHP 5.3.0

• Create and save file (e.g. index.php) in the document root (/webserver/apache-2.2.12/htdocs) with the following line:

<?php phpinfo() ?>

• Start Apache 2.2.12 as follows:

/webserver/apache-2.2.12/bin/apachectl -k start

• Access the file using your browser (e.g. http://localhost:7777/index.php).

References:

(1) Apache 2.2 Installation documentation

(2) PHP Installation documentation