ssh_login_blocker

Anyone who has a run a GNU/Linux server on the Internet for more than a few weeks has probably noticed that they will occasionally get “hammered” by a robot attempting to make an ssh connection using common usernames and passwords. Usually these are not truly “brute force” attacks—they try 20-30 times, rather than thousands—but either way they are annoying.

These attacks are rarely successful with a properly configured system, but they can use up bandwidth and system resources, and perhaps more troublesome is that they clog your log files so it is more difficult to detect a bona fide system attack. I suspect that at least some of these random ssh login attempts are accompanied by attacks on other known vulnerabilities, with the hope that the sysadmin won’t notice the more devious attack because the stupid attack is going on at the same time.

Strangely, there is no “canonical” solution to guarding against these attacks. A few people have written up their own hack solutions, and here is mine.

It’s called ssh_login_blocker. It’s very simple—just drop it in /etc/init.d and make symlinks to the proper /etc/rc?.d directories (or just start it running from the command line). It must be run as root. You can configure it to allow a certain number of bad passwords or bad usernames before it blocks an IP address. You can also configure it to “reset” the bad username/password count after a certain amount of time has passed. Just look at the first few lines of code and adjust the settings accordingly.

If you are running it on a system to which you don’t have physical access, you should whitelist at least one IP address where you will be able to get in from in case something goes awry.

There are many improvements I’d like to make. For example, it should use libfile-tail-perl rather than running a shell for tail. It should have a “temporary blacklist” feature in addition to the current “permanent blacklist” feature. It should have an auto-whitelist function such that “known good” IP addresses get marked up. It should use something other than /etc/hosts.deny to block ip addresses—for example, iptables. It doesn’t do any of these things, but it works pretty well, and it makes me happy that my log files are not currently clogged with spurious login attempts.

salonify 0.81 released

Oops.

Apparently, the salonify package I released a few days ago worked fine for upgrades, but not new installations.

The new version should work better. Sorry for anyone who tried it once and gave up. :)

salonify

Get the latest version of salonify as a tarball (v0.82, released 9/15/05). Or read the changelog.


salonify is a free software web-based image gallery system written by Adam Rosi-Kessel in perl 5.8. Here is a sample installation with a few images. The Electronic Privacy Information Center serves photos with a stripped down version for their Observing Surveillance website. I hope other people will find it useful.

salonify generates thumbnails and a slideshow based on an entire directory hierarchy of images. The slideshow takes advantage of JavaScript features, but it works perfectly well with JavaScript turned off. The viewer can also choose from three image sizes and rotate images if they are not properly oriented. The presentation is reasonably consistent across all browsers; it even renders well in w3mimg. It also permits anybody looking at the images to add or modify the captions, turning the act of viewing the photos into more of a participatory activity. In future versions, the administrator will be able to selectively allow certain people to change captions or turn off the feature entirely (right now, the administrator can turn captioning on or off for everyone as desired).

Please email me with a link if you use salonify, and let me know whether I can list your site here.

salonify is listed on freshmeat.net.

There is an old Debian package for salonify, but it needs to be redone and updated for the latest version. For now, I would suggest using the tarball.

A more complete feature list and some more information will appear here some day. For now, get the tarball above, which includes some documentation. Also check out the sample installation.

Contents (full package):

salonify 0.80 released

I’ve released salonify 0.80, my photo gallery script. Check out the sample installation and the changelog. Most of the improvements are on the index page: nested folders are now collapsible, and you can edit the descriptions of the folders through the web. Unfortunately, the Debian package is not quite up-to-snuff, so I would just recommend the tarball for the time being.

Stuck

It seems to me there is a “free support gap” (that is, a gap in free support, not a support gap which is free), for users who are not beginners but are also not master developers—for example, myself. Just about any GNU/Linux question that arises that can be answered by a manpage or googling, I can figure out myself. But for trickier problems (for example, see my null oddity issue from yesterday), there doesn’t seem to be anywhere to go. Most of the helpful subscribers on debian-user are not much more knowledgeable than I am. I run my own linux-disciples list where I can answer most questions but seldom is there anyone to help out with my own questions. Similarly, there is a perl-beginners list, but no “perl-intermediate” or “perl-advanced” list. I’ve also not had much luck writing directly to developers with questions, outside of Debian.

Just a couple cases in point:

  • Using File::Find to follow symlinks — posted to perl beginners, but no response:

    I’d like to use File::Find, or some alternative, to follow symlinks; regardless of whether the file/directory has already been traversed in some other location. In other words, if there I have directories x and y, and the file a is in x and symlinked into y, I want the find &wanted function to be called on file a in both x and y.

    Possible? Do I have to write my own find function from scratch? None of the follow-find=> options seem to accomplish what I want.

    I’ve also noticed that the &wanted function is not called even *once* in some cases where there are duplicate symlink files (i.e., it is not even called on the “real” file). Switching from find to finddepth seems to fix this, but I really don’t understand what’s going on. Any pointers?

    Update: after discussing off-line with a helpful blog reader, I’ve isolated the problem to the following directory structure:

     .: y/ ./y: 1/ 3/ a.jpg ./y/1: a.jpg -> (...full path...)/y/a.jpg ./y/3: 1 -> ../1 

    In other words, a.jpg is in y/. There are two symlinks to that file, one directly — y/1/a.jpg ; the other indirectly, since y/3 contains a symlink to y/1. Perl’s find function only traverses the second instance, not the first. I would like it to do both.

  • growisofs problems — write fails frequently — there doesn’t seem to be any canonical mailing list or support for growisofs, so users are directed to Debian’s cdwrite list:

    I’m using growisofs from dvd+rw-tools 5.21.4.10.8-1 from Debian Sarge on an IBM Thinkpad X40 with a DVD writer that reports itself as: “MATSHITADVD-RAM UJ-812.”

    Sometimes I will try 10 or 15 times in a row to burn a DVD and it fails each time with something like:

    :-[ WRITE@LBA=1c970h failed with SK=4h/ASC=03h/ACQ=00h]: Input/output error
    builtin_dd: 117104*2KB out @ average 1.0x1385KBps
    :-( write failed: Input/output error
    /dev/dvd: flushing cache
    /dev/dvd: updating RMA
    /dev/dvd: closing disc
    :-[ CLOSE DISC failed with SK=5h/ASC=72h/ACQ=04h]: Input/output error
    /dev/dvd: reloading tray

    In this example, I had forced the write speed to 1 (it defaults to 2) to see if it makes any difference—it didn’t.

    I would suspect bad media, except that it seems to consistently fail in exactly the same place for a given DVD image to burn. For example, this one keeps failing at 6.13% done. Another failed repeatedly at 47.47%.

    Any ideas what’s going on? Troubleshooting tips? I hate to throw away so many DVDs.

Thus, I throw myself on the mercy of my readers, in particular the Planet Debian crowd. I’ve actually had more luck in the past posting questions to my blog and letting people come to me, rather than seeking out an appropriate forum to ask the question. There seems to something backwards about that.

Thinkpad X40 Discoveries

A couple of extremely useful recent discoveries on my IBM Thinkpad X40:

  • /proc/acpi/ibm, provided by the ibm-acpi package. You can control all sorts of Thinkpad-specific behaviors in here—including my favorite, which is the automatic display switching when you open and close the lid or dock/undock. You can turn off automatic display switching with:

     echo auto_disable > /proc/acpi/ibm/video 

    You can also turn the light keyboard light on and off with:

     echo on > /proc/acpi/ibm/light echo off > /proc/acpi/ibm/light 

    Etc. Go IBM!

  • Display corruption: this brings me to my biggest problem running GNU/Linux on the Thinkpad X40—display corruption. When you switch from internal LCD to external CRT, or sleep and resume, or close/open the lid (with the automatic switch behavior described above), the display moves down 15-20 pixels and the top lines are corrupted garbage. I’d post a screenshot, but of course the screen doesn’t realize it’s corrupted, so it would have to be a digital photo. In any case, I just discovered this experimental driver to replace i810_drv.o· which makes the problem go away entirely. Just drop it in over the i810_drv.o in /usr/X11R6/lib/modules/drivers/ (bad behavior for Debian—will be overwritten by an upgrade of course). Hopefully this driver will make its way into the mainline X drivers and eventually back into Debian. This makes using my Thinkpad at least 20% less annoying.

Now if only someone would write a driver for the internal SD card reader (apparently no one has gotten it to work·), I think I would have 100% usage of my laptop’s features.

Randomsort

I often need to randomly sort a file. I’m not aware of any standard bash or GNU command that does this, so I just wrote this very short script. There may be an even shorter/faster/more efficient way to do this, but I thought I’d post this as it might be helpful to a Linux newbie trying to accomplish the same task. Just put this in a file—e.g., “randomsort”; make it executable; and then pipe whatever you want to randomize into it (cat file_to_be_randomized | randomsort or randomsort file_to_be_randomized), and voila, you’re done.

 #!/usr/bin/perl my @array = <>; while (@array) { my $element = int(rand(@array)); print $array[$element]; delete $array[$element]; } 

Feel free to comment if you’ve got an easier solution.

Linux Information

I use Debian GNU/Linux unstable (sid) distribution.

This is information I wish I could have found on Google. Perhaps it will be of use to you.

  • CUPS Client-Error-Forbidden
    I kept getting the “client-error-forbidden” error when attempting to cancel print jobs through the CUPS web interface when the job had been submitted by someone else; in /var/log/cups/error_log I would see error messages like ‘cancel_job: “” not authorized to delete job id 659 owned by “anonymous”!’. The solution was simple; I had to add AuthClass System and AuthType Basic to /etc/cupsd.conf under . That is, you should have at least the following in your cupsd.conf:


    AuthClass System
    AuthType Basic
    Allow from 127.0.0.1

    Previously I had no AuthClass line and thus could only cancel print jobs originating from the system running the server. I consider this to be a bug, and filed a report on it, although the cups maintainer insists it is necessary for security (check out my bug report for more detail).
    I wrote a tiny little patch (download for cupsys 1.1.14, or download for cupsys 1.1.20) that allows you to specify AuthType None for jobs. You cannot set AuthType None without this patch. Note that this will make your system insecure inasmuch as anyone can see anyone else’s jobs if you provide this option. You can also download Debian packages (for woody, sarge, and sid) and RPM (Red Hat) Packages (untested) of cupsys recompiled with the option to turn off job authentication. If you prefer, add the following line to your /etc/apt/sources.list to use apt-get to upgrade to my cups packages (unstable, testing, or stable):

     deb http://adam.rosi-kessel.org/debian unstable main 

    Note that you will need to modify your cupsd.conf if you also want unauthenticated users to be able to cancel, hold, and release jobs. Here is an example.
    (I am currently getting about 25-35 unique visits a day from people searching on this problem; let me know if my fix worked for you or if I should be giving additional information!)
    Update 8/10/04: This patch has finally been applied to the Debian package and the default cupsd.conf file fixed to not give the “client-error-forbidden” error by default. I’m not sure if this update will make it into the next version of Debian stable (Sarge), but it is currently in unstable.
    Update 12/31/04: A SuSE 9.0 user suggests the following solution under SuSE. First, set up a CUPS admin account and password using:

    sudo lppasswd -g sys -a root

    Then, modify /etc/cups/cupsd.conf to read:

     AuthType BasicDigest AuthClass Group AuthGroupName sys Order Deny,Allow Deny From All Allow From 127.0.0.1 
  • SMC 2632W V3 under Linux
    There are details scattered all over the web about how to get this card to work. Part of the confusion is that each version of the card uses a different chipset (SMC 2632 V1, V2, and V3). If you have the V2 or the V3 you need to use the atmelwlan driver. The proper module is pcmf502rd (pcmf502r is for the V2 card). Also, the key factor for me was building a kernel with i82365 compatible bridge support enabled (CONFIG_I82365=y) as well as, obviously, PCMCIA and CardBus support (both in kernel—not the separate PCMCIA kernel modules). First, you build the kernel, install and boot into it, then run the configuration and install scripts for the atmel drivers (make config; make all; make install). Finally, you need to create the file /etc/pcmcia/smc.conf with the following contents:
     device "pcmf502r" class "network" module "pcmf502rd" card "SMC 2632W V2 11 Mbps Wireless PCMCIA Card" manfid 0x01bf, 0xb301 bind "pcmf502rd" 

    Hopefully this will work for you. It did for me kernel 2.4.22 and Debian Unstable. Once I had this setup, it “just works.”

  • Gaim with Encryption
    Would you like to have encrypted instant messenger conversations? Gaim-Encryption use OpenSSL to provide transparent RSA encryption as a Gaim plugin. You have to recompile the program, though. For your convenience, here is a Debian package of the latest Gaim with the encryption plugin built in. Alternatively, add this line to your /etc/apt/sources.list file and you can upgrade to Gaim with encryption:

    deb http://adam.rosi-kessel.org/adam/debian unstable main

  • glabels and Avery 5376 labels
    Having trouble printing with glabels 0.4.6 and Avery 5376 labels? After dozens of attempts, I’ve decided that the definitions file is wrong. You need to edit /usr/share/glabels/predefined-labels.template (as root) and change the layout line to:

    I’ve reported this suggestion to glabels, we’ll see if it gets incorporated.

  • Gdk-WARNING: Missing charsets in FontSet
    Do you ever get the Gdk-WARNING **: Missing charsets in FontSet creation ISO8859-1 error? Several postings to e-mail lists got me no help on this. It turns out, for me, it was simple: a theme had installed itself in ~/.gtkrc that was looking for a font that wasn’t there. Rename your ~/.gtkrc and see if you still get the error.
    Incidentally, I get an awful lot of hits from people searching for this error. If this fixed your problem, let me know, and if it didn’t, let me know what did and I will post it here!
  • GNU/Linux on an OmniBook
    • If you run GNU/Linux on an HP OmniBook 500, you can probably find all the information you’re looking for on the GNU/Linux on HP Omnibook Laptops site. Although the site isn’t terribly up to date, the mailing list and archive are invaluable resources.
    • I also recently installed Debian Woody GNU/Linux on an HP Omnibook XE4100. As far as I know, there are no webpages devoted exclusively to GNU/Linux on the XE4100, but there are some about the XE4500, a similar model (one for Red Hat and one for Debian). The proper driver for XF86Config-4 is “savage”, and sound requires the “via86cxxx_audio” module (under kernel 4.2). CD-ROM and network worked right out of the box. I haven’t gotten a chance to try the modem.
    • XF86Config-4 file for HP OmniBook 500 with External Gateway 2000 1572 DG Monitor.
      I use this file when my laptop is docked. I’m not sure that the timings are perfect, but it works, and there seems to be a great dearth of information about there about this monitor.
  • MaxBlast/BIOS Issues
    Having trouble with a MaxBlast hard drive on an old system with an obsolete BIOS that needs its own bootloader? I found switching to grub from LILO did the trick for me. I’ll post more details about this, which also involved the Windows NT (Windows 2000) boot loader as well.
  • Destroyed Partition Table
    Did you just destroy your partition table, perhaps because you ran dd over /dev/hda rather than /dev/fd0? And your system is still up and running, in fact you’re reading this web-page, but know when you reboot, you’ll be toast? Well, good! I have a cautionary tale for you about how to avoid this situation, but also an easy way to recover if you follow the enclosed directions.
  • Emusic, Zinf, and Segfaults
    Are you an emusic subscriber unable to use the recommended player, zinf (“Zinf Is Not FreeA*p”) for batch downloading? Emusic recommends zinf for Linux users, but unfortunately zinf segfaults when loaded with an “emp” file. I wrote a shell script hack to fix this (the segfault can be avoided by renaming the .emp to .rmp, but then discovered fetchrmp by Doran Barton. So I’ve modified that script to give some additional options: place downloaded files in a hierarchy by genre, album, and artist, and also play music when downloaded. The modified script is called fetchemusic and you can download it here. Note that you’ll need the the Perl XML-EasyOBJ module for this to work, which is not included in Debian (you’ll also need modules LWP::Simple, Getopt::Long, File::Path, and File::Copy, which are all in Debian. The emp segmentation fault has been around for a while, it was reported to Debian in October 2002. Let me know if you’ve had this problem, if you have any other solutions, or if my script is useful to you!
    (Update 6/3/03: Unfortunately, Emusic has switched to an encrypted file format, so this script will no longer work! I’m leaving it here in case it ever becomes useful again.)
    (Update 10/1/03: Someone has written a very nice perl script that works with the new encrypted EMP file format, called decrypt-emp. Get it now!)
  • French vs. North American Wireless Channels (or, why can’t I connect to my Access Point with my Xircom CWE-1120-FR?)
    I’ve written a few times about my wireless woes. I couldn’t for the life of me figure out why my Xircom CWE-1120 card couldn’t connect to my Access Point. As it turns out, the card was set to the French Channel Set, which is different from the North American Channel Set, except on Channels 10 and 11. So I set my Access Point to Channel 10, and now I can finally access my network. There is, allegedly, a DOS command line tool that allows you to reprogram the EEPROM on Cisco cards to switch the channel set to North American, but I was unable to locate it. In fact, Intel (who purchased Xircom, which produced the card) was very wary of the whole topic. I suspect it might be illegal to have/use this tool, since it might permit you to set your card to a mode that violates FCC regulations. Intel was actually pretty spooked that I even had the cards (which I purchased legitimately in the United States, thinking they were North American cards). Thanks to Dan Lanciani on the airo-linux-gen80211 list for finally pointing this out to me.
  • Volume Problems on a Toshiba P25-S477 Laptop
    I’ve been trying to set up GNU/Linux (remotely) on my brother’s Toshiba p25-s477 (one of a seemingly endless number of obscurely named Toshiba laptops). Almost everything worked fine, except the sound was almost inaudible, and substantially distorted with external amplified speakers. It turns out I needed to go into the alsamixer (ncurses GUI) program and set “External Amp Power Down” to “Mute.” This is far from intuitive: first, that “external amp power down” would be “on” by default, and second, that you need to “mute” this setting to have “power down” turned “off.” But that’s how it works. (solution posted by someone in the aesthetically weird tlinux-users mailing list.)
  • Functional Java Packages for Debian Sid Mozilla
    I’ve been looking for functional Debian Java packages that work with latest Mozilla in sid. I tried downloading several Java binaries from sun and elsewhere and either it didn’t register in Mozilla or crashed immediately. I finally discovered José Fonseca’s excellent Java packages that actually work. Add the following to your /etc/apt/sources.list to get these packages:

    deb http://jrfonseca.dyndns.org/debian ./

  • Procmail Detritus Filters
    Here’s a good procmail recipe that should catch a lot of viral email—both actual viruses, and bogus “we caught a virus coming from your account” messages. Note that you need to increase from the default line buffer length to have this all packed into one expression:

    LINEBUF=3000
    :0
    * ((^Subject: (Virus infection notice|New Network Security Upgrade|Newest Net Update|Newest Internet Upgrade|Newest Internet Security Patch|Internet Security Pack|New Internet Security Patch|Latest Critical Pack|Latest Net Upgrade|Latest Network Critical Update|(Latest|Current|Newest|New) (Microsoft|Net(work)?|Internet) (Security|Critical) (Update|Patch|Pack)|Current Microsoft Critical Pack|Newest Critical Pack|Latest Net Security Pack|Current Net Critical (Pack|Patch)|Latest Network Critical Pack|Abort Report|A virus has been detected in a document you authored.|RAV Antivirus:|BitDefender found an infected object|Virus Detected by Network Associates, Inc. Webshield|—— Virus Detected ——|Virus detected|Virus Alert|InterScan NT Alert|Virus found in the message|Message quarantined|VIRUS ALERT!|MDaemon Warning – Virus Found|Warning: E-mail viruses detected|ScanMail Message: To Sender virus found|VIRUS IN YOUR MAIL|Norton AntiVirus detected|VIRUS .* IN YOUR MAIL|Antigen found VIRUS|Filter incident|V.rus figyelmeztetés! Virus warning!|Symantec AVF detected|Returned due to virus;|Anti-Virus Notification|BANNED FILENAME|File blocked – ScanMail for Lotus|NAV detected a virus|RAV AntiVirus scan|VIRUS .+ IN MAIL FROM YOU|Virus Notification:|Virus found in a message you sent|Virus found in sent message|VIRUS EN SU CORREO|Warning: antivirus system report|M..Daemon Notification — Attachment Removed|Information – Antivirus|Symantec AntiVirus detected a violation|WARNING: YOU WERE SENT A VIRUS|SAV detected a violation in a document|MailMarshal has detected a suspect attachment|A virus was detected in your mail|Recipient Virus-alert|Virus Found in message|E-?mail viruses detected|Undelivered mail: VIRUS FOUND|Quarantined Mail: virus from|Failed to clean virus|Virusveszely! Virus warning!|Virus in mail from you.|Possible virus found in mess..age you sent|AntiVir ALERT|Centrale Anti-Virus melding|Vexira ALERT|You sent potentially unsafe content|ID.*thanks ScanMail has detected a virus!|\{Virus\?\}))|(^X-BLTSYMAVREINSERT|^X-Virus-Scan-Result: Repaired|^X-AtHome-MailScanner: Found to be infected|^X-Scanned: Symantec Antivirus Scan – Virus found|^X-Sender: NetMail AntiVirus Agent|^X-yoursite-MailScanner: Found to be infected|^X-ELTE-VirusStatus: was_infected)|(^To:.*MS Network Security))
    virus

    And here’s a simple way to filter spamassassin mail into two folders, one which is “very certainly” spam and one which is “probably” spam:

    :0
    * ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*
    verycertainspam

    :0
    * ^Subject:.*\*\*\*\*SPAM\*\*\*\*
    probablyspam

  • Firefox 0.9 remote newtab syntax
    When I open a link from another application (gnome-terminal or evolution, for example), I would like it to open in a new tab in Firefox, so I had a script which I called newmoz:

    firefox -remote “openURL($1,new-tab)”

    This is my default web browser. With Firefox 0.9, the syntax has changed. You now need:

    firefox -a firefox -remote “openurl($1,new-tab)”

    I believe this has something to do with the confusion of the possibility of several related Mozilla applications running all at once, although I’m not entirely convinced. To make it really snazzy, try:

    firefox -a firefox -remote “openurl($1,new-tab)” || firefox $1

    This way, if firefox isn’t already running, it will still work.

  • Email yourself after a long task
    This is a really obvious one, but I only recently thought of it. Due to several recent failed hard drives, I’ve been moving a lot of data around from one drive to another, some through NFS, and some over my cable modem. Moving 200 gigabytes, even within a LAN, takes a long time—even longer if you throttle it so as not to congest the network too much. I would find myself checking back on the process every few hours, even though I knew it probably wasn’t done. So why not append a mail command after a long process? E.g.:

    rsync -Pa / storage.system.somewhere:backup ; echo done | mail adam

    Since I’m always checking email, I’ll find out as soon as it’s done, and waste less time continually checking back on the process, especially when the transfer might take three or four days.

  • ssh timeout error/connection reset by peer with rdiff-backup and D-Link DI-604 router
    Backing up bostoncoop.net over a cable modem takes a long time. If something goes wrong, rdiff-backup has to roll back the previous backup and start over. As best I can tell, rdiff-backup first makes the connection, then starts the roll back, but doesn’t send or receive any data during the roll back. On my system, the roll back can take longer than the timeout period for my DI-604 router—the consequence being that the connection is reset before the backup can start and rdiff-backup fails out.

    There’s an easy fix, which should come in useful to anyone with a router that is too vigilant about timing out ssh connections (for example, if you ssh to get your email and often leave the window alone for an hour at a time). Add the following to your .ssh/config:

    serveraliveinterval 300
    serveralivecountmax 10

    This will insure that ssh will occasional send an ACK type request every 300 seconds so that the connection doesn’t die.

  • Fixed font in gnome-terminal
    I’ve wanted to use gnome-terminal for a long time, primarily because of the tabbed terminal feature (many terminals in one window) and because of the URL recognition (open a URL by right clicking on it). I also like being able to paste into the window with the keyboard.

    There was always one problem, though. The font. I know some people like the new fixed-width GNOME fonts, but I don’t. I just wanted plain old fixed, which I use with xterm (10×20). But that font never showed up in the list of available fonts.

    I finally found the solution in /etc/fonts/local.conf—namely, the following lines:

       

    Just uncomment the path, run fc-cache as root, and you should see fixed in the output of fc-list.
    I’m not sure how a naive user would ever figure this out, but then again, maybe a naive user wouldn’t care that much about having fixed font in gnome-terminal. I also don’t understand why we wouldn’t users to have access to bitmapped fonts by default—why not just set the default font to something the GNOME people like, but have the other choice in there to start?

  • Reading Annoying HTML Mail in Mutt
    I’ve tried several solutions for reading broken HTML mail in mutt, including my own custom Python hack, addMIMETextToHTMLEmail (this was actually the first Python program I ever wrote). Reasonably nice mail clients will send a plaintext part in addition to the HTML mail for us textophilic email users, but the dominant Microsoft Hotmail and Microsoft Exchange send HTML-only mail with no plaintext part. I wonder if they do this because they expect anybody worth writing to these days is using Microsoft Outlook or Microsoft Hotmail.

    I think I’ve recently discovered the best solution, since my addMIMETextToHTMLEmail script doesn’t always work properly and is probably unnecessarily complex:

    • Download and install demoroniser. You may need to tweak it slightly, since it expects perl to be in /bin/perl.
    • Install html2text (Debian package, separate source available from Martin Bayer).
    • Add to ~/.mailcap:
       text/html; /home/adam/bin/demoroniser.pl -q -w0 '%s' | /usr/bin/html2text -width 90 -style pretty; copiousoutput; description=HTML Text 

      You may prefer a wider output; the person who suggested this to me uses 158.

    • Edit ~/.muttrc and add:
       set implicit_autoview=yes 
    • You should now be able to view HTML-only emails in mutt without having any extra steps.

Announcing Freevite

Steve and I have decided to write and package freevite. Freevite will be a web-based event invitation/RSVP system licensed under the GPL. Before we start, though, I’m soliciting suggestions on the program. As far as I know, there is no free-as-in-speech web-based invitation package, and the world sorely needs one as commercial proprietary competitors brainstorm new ways to build a revenue stream from their product. It shouldn’t be that hard or time consuming to code, and it seems to me that we need a free-software standard product for this.

The program will probably be coded in perl, and give the administrator the choice of a simple file-system based data storage system or MySQL/PostgreSQL for better performance and data integrity. It should be possible for the administrator to plop the perl script down in a cgi-bin directory and set the proper permissions on the data storage directory and have a totally functional system, but also provide options for more secure (e.g., against cross-site scripting vulnerabilites) and sophisticated installations. The program will also be available as a Debian package, and support various ways of doing site-wide and user-specific installations (this will be tricky—Debian doesn’t seem to have a good solution for having packaged perl scripts like blosxom run on a per-user basis).

Administrators can configure the system so that anyone can create an event or only authorized users can create an event. There will be configurable privacy settings—if the user doesn’t want the inviter to know they’ve opened the invitation, they can indicate that, and the inviter will also have the choice of deciding whether to track opened invitations at all. You will be able to respond to an invitation without any registration or authentication process (having received the token for your invitation by email), but eventually there will probably also be a way to create a persistent identity linked with an arbitrary number of email addresses if you desire.

All presentation will be done with mailman-like templates, and the package will ship with some standard, clean, templates. Content will be properly separated into stylesheets and HTML.

Everything will be HTML standards compliant, and should render properly in text-based web browsers like w3m. There will be no required Javascript or any plugins, although there might be some optional Javascript content (my web-based photo gallery software, salonify, works this way).

Please leave suggestions, ideas, or recommendations as comments to this entry or email me. If there already exists a free-as-in-speech product that does all this, please let me know and I’ll stop right now.

Reading Annoying HTML Mail in Mutt

I’ve tried several solutions for reading broken HTML mail in mutt, including my own custom Python hack, addMIMETextToHTMLEmail (this was actually the first Python program I ever wrote). Reasonably nice mail clients will send a plaintext part in addition to the HTML mail for us textophilic email users, but the dominant Microsoft Hotmail and Microsoft Exchange send HTML-only mail with no plaintext part. I wonder if they do this because they expect anybody worth writing to these days is using Microsoft Outlook or Microsoft Hotmail.

I think I’ve recently discovered the best solution, since my addMIMETextToHTMLEmail script doesn’t always work properly and is probably unnecessarily complex:

  • Download and install demoroniser. You may need to tweak it slightly, since it expects perl to be in /bin/perl.
  • Install html2text (Debian package, separate source available from Martin Bayer).
  • Add to ~/.mailcap (this all needs to go on one line):
     text/html; /home/adam/bin/demoroniser.pl -q -w0 '%s' | /usr/bin/html2text -width 90 -style pretty; copiousoutput; description=HTML Text 

    You may prefer a wider output; the person who suggested this to me uses 158.

  • Edit ~/.muttrc and add:
     set implicit_autoview=yes 
  • You should now be able to view HTML-only emails in mutt without having any extra steps.

I’m considering packaging demoroniser for Debian, although it may fall below people’s ‘this script is too small to be its own package’ threshold.

Thanks to Alec Thomas, author of xchg2mail (which I’m also planning on packaging for Debian), for the tip.