Skip to main content

Firefox Pdf printing woes

When printing to a PDF file in Firefox gives horrible and broken spacing between characters, disable autohinting in your ~/.fonts.conf and restart it :

 <match target="font" >
   <edit mode="assign" name="hintstyle" >

The problem is known in the Firefox community but it's not solved. This is especially useful if you use mozilla2ps in Xvfb on your server and the problem is noticeable.

Toying with IPv6

During my summer holidays I started reading up a bit in IPv6. Partly out of sheer curiosity and partly because in 2011 the real fun will start. I started reading the excellent "Running IPv6" book by Apress. I can heartily recommend this book: practical, detailed and with a lot of background information on the choices that have been made during the IETF IPv6 standardization processes.

After having read a few chapters, I needed to get my feet wet with IPv6 and so I went for the hunt for an IPv6 tunnel broker... First I checked if my current ISP (Telecom Italia..[sic]) had something available. Apparently, they had a project called going on for their ipv6 testbed, but their site seems to be down so I presume that it has been discontinued. The choice came down to SixXS and Hurricane Electric. I chose Hurricane Electric because they seemed less intrusive with the registration process. The setup was trivial and everything was up and running quite smoothly.

The only hiccup was to remember to clamp the mss to the mtu also with ip6tables and not only with iptables. Once I figured that out the whole IPv6 experience was pretty smooth:

ip6tables -t mangle -A FORWARD -o hurricane -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1250:1536 -j TCPMSS --clamp-mss-to-mtu

Setting up IPv6 connectivity on my server was trivial since no IPv6-in-IPv4 tunnels were needed. A couple of AAAA records and Imap, Dns, Ssh and Http were working without any problems at all.

Just for the fun of it I took their quiz ;)

IPv6 Certification Badge for mbaldessari

New domain

So after about 10 years of using the, I decided it was time for a change. I did not like the domain name any longer. That's why I switched to the new name. With this change I completely changed the mail server setup and moved to dovecot and postfix with virtual users mapped to system users. I still need to fix a couple of things here and there, but most of the services should be in place.

I will still be reading my mail to the old domain for some time, but please use the new one if you read this.

As an added bonus smtp, www and imap are now reachable via IPv6 :)

Routing Squid Traffic through OpenVPN

For a number of reasons I want to route the squid traffic on my home firewall to an external server through a vpn. This is my current network diagram at home. I have the firewall at home (Soekris 5501) which builds a VPN to an external server (let's say with ip

The goal of the setup is to install a Squid proxy server on the internal interface of the firewall and route this traffic to the internet via the VPN tunnel to the external server. After installing squid 3 on Debian squeeze, we'll configure it to listen only on the internal interface on port 8080 by using the http_port directive.

Here is the script that I added to the --up and --down directives in OpenVPN.

What is also needed is to SNAT the traffic coming from tun0 on the server to the server's public ip.

ESC 2010

Just got back from a geeky week-end at the ESC (End of Summer Camp) 2010. I attended most of the talks and some where good and some where hilarious. No talks were dull but one, so I am really glad I went. I didn't get as much done as I hoped, but the 389 Directory Server packages received a pretty good boost on saturday. The LDAP Server is now fully functional and updated to version 1.2.6 (released on the 3rd of September). I also worked on the packages of some underlying libraries to get the console running, but that work is by far not finished yet.

OCS 2007 R2 on Windows 2008R2 and NTLM problems

It took me a while to figure it out, so I thought I post it, so people in the future might be able to avoid the waste of time. I had a machine which is not joined in our domain that just couldn't log on to the OCS system. The client was a Windows XP machine and the authentication on the front-end OCS server was correctly set to "NTLM + Kerberos".

After a lot of googling and trying different things, I found a post mentioning that the minimum key requirements on NTLM on Windows 2008R2 are 128-bits and this key length is not supported in Windows XP (only on Windows 7).

With this link: I was able to remove the 128-bit requirement and things were all dandy again.

vSphere export VM list in excel

I wanted to have a list of all the VMs in our vSphere farm exported to excel. CPU, RAM, Disks, Resource Allocation and so on. I needed one line per vm. I read up a little bit on powershell (which does seem to be pretty neat) and cooked up the following script:

# Export VM lists in a nice Excel List

$rows = @()
Foreach ($VM in get-vm) {
 $View = $VM | get-view
 $Config = $View.config
 if ($Config.Template) { continue } # Skip templates

 $row = New-Object -TypeName PSObject
 $res = Get-ResourcePool -VM $View.Name

 $row | Add-Member -MemberType NoteProperty -Name ResourcePool -Value $res.Name
 $row | Add-Member -MemberType NoteProperty -Name VM -Value  $Config.Name
 $row | Add-Member -MemberType NoteProperty -Name Hostname -Value $View.Guest.HostName
 $row | Add-Member -MemberType NoteProperty -Name PoweredOn -Value $VM.PowerState
 $row | Add-Member -MemberType NoteProperty -Name Cpu -Value  $Config.Hardware.NumCPU
 $row | Add-Member -MemberType NoteProperty -Name Ram -Value  $Config.Hardware.MemoryMB
 $row | Add-Member -MemberType NoteProperty -Name FullOS -Value $Config.GuestFullName
 $row | Add-Member -MemberType NoteProperty -Name IP -Value $View.Guest.IPAddress
 $row | Add-Member -MemberType NoteProperty -Name Tools -Value $View.Guest.ToolsStatus
 $row | Add-Member -MemberType NoteProperty -Name HWVersion -Value $Config.Version

 Write-Host "VM: $VM" -ForegroundColor blue
 $i = 1
 foreach ($Disk in Get-HardDisk -VM $View.Name)
   $row | Add-Member -MemberType NoteProperty -Name "DiskPath$i" -Value $Disk.Filename
     $CapacityGB =  [math]::Round(([int]$Disk.CapacityKB) / 1024 / 1024)
   $row | Add-Member -MemberType NoteProperty -Name "DiskCapacityGB$i" -Value $CapacityGB
   $row | Add-Member -MemberType NoteProperty -Name "Persistent$i" -Value $Disk.Persistence
   Write-Host "$i"
   $i += 1
 foreach ($j in $i..7)
   $row | Add-Member -MemberType NoteProperty -Name "DiskPath$j" -Value ""
   $row | Add-Member -MemberType NoteProperty -Name "DiskCapacityGB$j" -Value ""
   $row | Add-Member -MemberType NoteProperty -Name "Persistent$j" -Value ""
 $rows += $row

$rows | Export-Csv "vms.csv" -NoTypeInformation

I definitely need to dig powershell more. I'll be able to ditch vbscript once and for all for repetitive Windows admin tasks ;)

Hostapd with an ath5k card on Debian Squeeze

Last night our Linksys WAP54G suddenly died on us, and no matter how many times I tried resetting it, I was not able to get it back to life. I couldn't reach its default IP even though I clearly saw that it made ARP requests to check if someone else had this IP on the network. I gave up trying to fix it and forced myself to configure the Atheros Wireless Card I have in my Soekris firewall:

00:11.0 Ethernet controller: Atheros Communications Inc. AR5413 802.11abg NIC (rev 01)

Most of the guides out there are outdated and mention the old non-free madwifi drivers. Nowadays, with recent kernels, things are so much easier: no downloading and no recompiling. Simply edit your /etc/hostapd/hostapd.conf


One day, when I'm bored enough, I'll set everything up without any encryption and tunnel everything through openvpn. Guests will still be able to surf the net but with a very limited speed and without outgoing smtp ;)

Update: you need kernel otherwise errors about tx phy will come up