Tony's ramblings on Open Source Software, Life and Photography

Black and White 2

I finally finished Black and White 2. I know - it's an older game now but I don't tend to play a game entirely through.

It was awesome - just after finishing the last "land" but before leaving to check my score I decided to make use of the enemy's volcano miracle that I'd just captured. I cast it and about halfway through the volcano animation the game crashed - leaving me with no save games after the beginning of the last level. Yeah, life sux.


My Gripe With Chrome

I love the Google Chrome browser. I'm currently typing this using the beta version for Linux which was easy to download and install once I figured out where to get it.

For my javascript-heavy pages that I use on a daily basis, it's blindingly fast compared to Firefox. I've only found one rendering "bug" but it's with something I'm doing a bit of non-standard CSS work with.

My only gripe is that it doesn't use the middle mouse button to open links in a new tab. It works great if you middle-click on a bookmark item, but middle click on a link doesn't open in a new tab, and I can find no setting to make that happen.

Surprisingly enough, that's a deal-killer for me. I've grown too lazy to have to right-click a link and choose "Open in new tab." Yeah, that's sad.

**** UPDATE ****
Weird... later in the day the middle-click started working mysteriously. Why?


HHS Final Guidance for PHI Security

I've been pouring over the HHS finalized guidance on acceptable conditions for data encryption of PHI. One interesting section reads:

Valid encryption processes for data at rest are consistent with NIST Special Publication 800-111, Guide to Storage Encryption Technologies for End User Devices.

Data at rest, meaning the data being stored in a hospital server / datacenter. With one interpretation, given the wide range of technologies and systems out there, this will eliminate in my opinion about 95% of the products out there as valid players. With another interpretation, it provides no additional security at all.

For instance:

Based on the wording I've seen so far, I could use whole-disk encryption to state that health information on my server at rest is stored in an encrypted form and is compliant. However, this only protects the information if the machine is physically stolen - as long as the server is running, an external hacker could get access to everything, because the operating system will be decrypting data on the fly.

But, placing that server in a physically secured location already provides 100% better security that the storage of patient record with relation to physical theft. Hard drive encryption really provides no additional security.


Running IE7 in Linux

As a web developer, you need to be able to test multiple browsers. As a Linux web developer, it can be hard to do that without having a Windows machine around.

With the latest edition of Wine (Windows emulator for Linux) it's not that hard to do. There are a couple of downsides, like transparent images sometimes don't render properly, and there's a bit of a problem with the background around the control buttons, but it works and it renders pages using IE7, which is the entire point, anyway. The biggest downside is the lack of HTTPS or SSL support.

I'm going to make the assumption you are using Ubuntu Jaunty, so you might need to adapt a few things if you aren't.

First, I'd recommend using the latest edition of Wine, instead of the one packaged with your system. This is especially important if you plan on running any recent games in Wine. You can compile your own copy from the sources, or just use the provided repositories from winehq. The package provided with Ubuntu is very old in Internet days, so I don't recommend using it.


A New Convert

My brother was wanting to do some video editing work on files from his HD camcorder. He knew I did some video work in Linux and called to see what I used.

Unfortunately like so many people his brand new computer was an over-the-counter machine with some unsupported hardware, rather than a custom build that would work out of the box. The first problem was his lack of nVidia drivers for the new GTX 220. A Google found that nVidia actually has a beta driver in their FTP site that would work, despite it not being returned by their web interface in searches.

The next problem was his sound not working - A simple fix in the modules.d to set a probe parameter (it was detecting as the wrong card) and it suddenly worked.

Then, this morning he called to brag about playing Tuxracer on his dual screens and how the penguin rode in the middle, bridging both screens.

It went from "reboot to do video editing" to actually having used Linux for a decent number of hours for other things already.


IPTables Trickery

I've had a bit of a strange situation on my network - Googling never did come up with anything for me.

I have a private network. All my servers sit behind the firewall on the private LAN. A few of those servers provide services to the Internet on specific ports.

Sharing those ports to the outside using iptables is trivial. The problem arises when you are trying to access the internal server using the external DNS / IP from inside the network. What would happen is that iptables would redirect your packets to the correct server, but the return address would be your local internal IP, so the packets return to you as if coming from the private address instead of the public address, and your local computer won't know what to do with them.

There's actually a very simple solution, assuming you have static IP's on the Internet and on the internal server. Using a combination of source and destination masquerading, you can rewrite those IP addresses to match. The downside is you double the traffic on your internal network, but it enables you to provide services that are harder to NAT such as SIP traffic.

Read more for an example fix:

Why Bother With Second Life?

I've been playing with an open source software called "OpenSim." It's compatible with the Second Life client software and implements about 80% of the Second Life features and scripting language.

It's just over 2 years old as a project, and it's amazing how usable it is for how big it is. There's even multiple open "grids" that link various servers together and handle a central login and authentication system for avatars. Other than the lack of in game currency, it's very near to a Second Life experience.

Oh, and did I mention it's open source and free? I'm currently running a test server in "standalone" mode - meaning I'm handling all my own authentication, asset and user databases and all the world zones. I can't decide if I want to apply for region coordinates in the largest open grid "OSGrid" and integrate my zones into the overall metaverse, or if I want to keep it separate for now. I've figured out how to manage users from a PHP website, so I could even integrate the authentication system with GamerzCrib.

The downside is that the physics engine is still under heavy development. Actually they offer four separate physics engines depending on what you want your world to be, but none of them are quite ready for primetime when it comes to vehicles. The other problem I'm having is that as soon as I figure out something cool I want to script I learn that one or more functions I'd need to use to accomplish it are not yet implemented.

But, it's free, and it's cool. The picture is of my avatar and the custom sword I designed. I added my own animation to the sword that when I wield it, my avatar steps into a combat pose, snarls and grabs the hilt with both hands. Cool stuff. And, you can even get graphics clients for Linux. With Linden Labs best skill being the ability to anger their customers, having an option like OpenSim is a lifesaver.


How to Fold a Botero Portable Background

The hardest part of editing my video for use on Flickr was getting Flickr to recognize it with a 16:9 aspect ratio. I was reducing the resolution to make a smaller file, and every time I did, Flickr would squish it into a 4:3 aspect ration.

Finally I found that using a resolution of 640x360 would result in a nice widescreen video on Flickr.

This was captured from a Canon HV20 HD camcorder with a wireless mic and loaded into Linux using dvgrab. Editing was done in Cinelerra and the final resize and conversion for upload to Flickr was done with ffmpeg.

Ubuntu Jaunty 64 bit Flash Video Performance

Ever since upgrading to Jaunty I've been hating the fact that I made the switch. Early on I had overall video performance problems but shortly after the initial release of Jaunty an update fixed those.

Yet still I had horrible full-screen video performance from Macromedia Flash - especially on sites like Hulu.

Well today I found the solution. It seems that the power-saving "ondemand" features in Jaunty was never coming out of power save mode to handle the increased CPU usage of full screen Flash video. Simply adding the "CPU Frequency Scaling Monitor" to the taskbar and setting the CPU to "Performance" - or manually setting it at a higher speed - solved the issue.

Getting CallerID Working With Asterisk

As you may have guessed from yesterday's post, I've just finished a complete reinstall of our PBX system. The old system was running on Mandrake (yeah, Mandrake NOT Mandriva) and had done a great job. Unfortunately we were having a phone port lock up periodically that would require rebooting the server.

Since another "event" left me with a spare motherboard and rack mounted case I went ahead and ordered a Digium PCI-Express analog card to handle our four phone lines.

I've configured four Asterisk servers before and expected things to go smoothly. My first problem was that my last server was a version 1.2 and the newer version of Asterisk made several config file changes, causing very strange problems in my dialplan.

The next problem was that no matter what, caller-id service almost never reported the incoming number. After banging my head against the wall over and over trying to get the Ubuntu Hardy Asterisk packages to work with various configs, I finally took a stab in the dark and downloaded the latest zaptel sources from Digium and compiled them. A quick reboot and all the incoming caller-id worked beautifully.