meine erde

Cross-browser CSS gradient

Recently, I released a new version of the Redmine Checkout plugin. This release sports a nifty protocol selector with buttons styled entirely in CSS (as good as it gets). To be able to support as many browsers as possibly while not having to fall back to pixel graphics I had to apply some tricks which I want to describe here.

The buttons take most of their appearance from a background gradient with a light color at the top and a darker color at the bottom. This gives them some kind of three-dimensional effect compared to the plain-colored background. We are going to style the unselected button on the right. The left selected button is styled equivalent with just some different colors.

An unselected standard button is styled as follows:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

ul#checkout_protocols li a {
  background-color: #eee;
  background:  url(button.svg) 0 0 no-repeat; /* Opera  needs an "image" :( - using svg for this so it will scale properly without looking too ugly */
  background: -khtml-gradient(linear, left top, left bottom, from(#f8f8f8), to(#ddd)); /* Konqueror */
  background: -webkit-gradient(linear, left top, left bottom, from(#f8f8f8), to(#ddd));   /* Webkit (Chrome, Safari, ...) */
  background: -moz-linear-gradient(top,  #f8f8f8,  #ddd); /* Gecko (Firefox, ...) */
  filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#f8f8f8', endColorstr='#dddddd'); /* IE 5.5 - 7 */
  -ms-filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#f8f8f8', endColorstr='#dddddd'); /* IE 8 */
  position: relative;
}

As you can see, there are a multitude of rules which each target a specific browser. This is required as there is no standard defined on gradients yet. However every major browser supports a technique for this – just in its own syntax.

The first rule on line 2 (and also line 3 as seen later) works as a default here. It is used in browsers which do not support one of the following rules. It forces a background color which does not look too bad and at least keeps the GUI element usable. Lines 3–8 each target a specific browser family to use a gradient instead of the simple background.

KHTML (Konqueror) and Webkit (Chrome, Safari, …)

Let’s start with line 4 and 5. These rules target KHTML browsers (like Konqueror) and the similar Webkit browsers (Chrome, Safari, …) respectively. The rules are structured as follows (more information can be found in the Safari documentation)

• linear — The gradient type. Can be one of linear or radial
• left top — The starting point of the gradient. This is a X-Y coordinate.
• left bottom — The end point of the gradient. This is a X-Y coordinate.
• from(#f8f8f8) — The start color.
• to(#ddd) — The end color.

Gecko (Firefox, Mozilla, …)

Line 6 targets Gecko-based browsers like Firefox, Thunderbird or Mozilla. These define the gradient type inside the actual rule name. So -moz-linear-gradient defines, well, a linear gradient while -moz-radiant-gradient defines a radiant gradient. We obviously use -moz-linear-gradient here.

• top — Starting point of the gradient.
• #f8f8f8 — Start color.
• #ddd — End color.

Internet Explorer

Line 7-9 focus on Internet Explorer. Here we use filters which are very old IE-only features, originally invented to allow DHTML animations. They are rather slow and show strange behavior sometimes, but it the only way to get gradients to IE.- On the other hand, these even work on IE 5.5. The HTML element must have layout. So we use position: relative in line 9. If you omit this, it is showing some really strange renderings. The parameters of the filters should be rather self-explaining. As the filter syntax has slightly changed from IE7 to IE8 we include both variants here. Additional documentation is available from Microsoft.

Opera

And finally there is Opera. This browser is targeted in line 3. Unfortunately Opera does not support the concept of a gradient out of the box, so we have to develop a fallback here. Fortunately though, it supports SVG out of the box which allows us to define the gradient in an XML format to still benefit from the vector definition and not having to fallback to a pixel representation. As this is a fallback, it must be defined atop of the other rules which then overwrite this rule if one them is supported. If the SVG rule was put at the bottom, it would have a higher priority and all browsers would attempt to use it.

This technique, however, allows us to even target browsers which do not match one of the explicitly supported browsers but do support SVG.

The referenced SVG is rather simple:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg width="100%" height="100%" version="1.1" xmlns="http://www.w3.org/2000/svg">
  <defs>
    <linearGradient id="gradient" x1="100%" y1="100%">
      <stop offset="0%" style="stop-color:#ddd; stop-opacity:1" />
      <stop offset="100%" style="stop-color:#f8f8f8; stop-opacity:1" />
    </linearGradient>
  </defs>
  <rect width="100%" height="100%" style="fill:url(#gradient)"/>
</svg>

Note that the start color is defined on offset="100%" and the end color on offset="0%".

How to compile Postfix+SASL+LDAP on Opensolaris

Currently, Opensolaris does not provide a Postfix package. Although there exist packages on blastwave and on OpenCSW they are either outdated or do not play well together.

Fortunately, Ihsan Dogan did create a script to create Postfix packages from scratch as well as some precompiled packages. Unfortunately, these packages miss SASL support. So I was in need to compile these myself.

You will obviously need the Postfix sources and the package script:

1
2
3
4
5
6
7

wget http://de.postfix.org/ftpmirror/official/postfix-2.7.1.tar.gz
gunzip -c postfix-2.7.1.tar.gz | tar -xf -

wget http://ihsan.dogan.ch/postfix/downloads/makePostfixPkg.sh
chmod +x makePostfixPkg.sh

cd postfix-2.7.1

Since Opensolaris b130, NIS+ was removed from the system. As Postfix does not know that, it not compile as it defines a dependency to it. However, it can be disabled by simply applying the following patch:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

--- src/util/sys_defs.h 2010-06-02 01:56:57.000000000 +0200
+++ src/util/sys_defs.h 2010-06-14 22:08:35.596113543 +0200
@@ -400,7 +400,6 @@
 #define DEF_DB_TYPE    "dbm"
 #define ALIAS_DB_MAP   "dbm:/etc/mail/aliases"
 #define HAS_NIS
-#define HAS_NISPLUS
 #define USE_SYS_SOCKIO_H       /* Solaris 2.5, changed sys/ioctl.h */
 #define GETTIMEOFDAY(t)    gettimeofday(t)
 #define ROOT_PATH  "/bin:/usr/bin:/sbin:/usr/sbin:/usr/ucb"

Just put that patch into a file called nisplus.patch and patch the code:

1

patch -p0 < nisplus.patch

(found on estibi’s Solaris blog)

Before actually compiling Postfix, we need some packages:

1
2
3
4
5
6

# First install the sunstudio compilers and some additional
# development tools
pkg install sunstudio12u1 object-file

# ...and some additional libraries and tools
pkg install libsasl pcre

Now we can generate the makefile, compile and generate the SRV4 package. We will tell the compilers to include the default Cyrus SASL library for client authentication as well as the Dovecot library which I will use later to connect both servers and authenticate SMTP users.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

# Clean up first and after failed attempts
make tidy

# Generate the makefile
make makefiles CCARGS='-DUSE_TLS -DHAS_LDAP \
-DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\"dovecot\" \
-DUSE_CYRUS_SASL -I/usr/include/sasl'
AUXLIBS="-L/usr/lib -lsasl -lssl -lcrypto -lldap"
CC=/opt/sunstudio12.1/bin/cc

# Build
make

# Create the package if the build succeeded
../makePostfixPkg.sh

The makePostfixPkg will create a Solaris package named something like CNDpostfix-2.7.1,REV=100614-SunOS5.11-i386.pkg inside the Postfix directory. This package can then be installed like this:

1
2
3
4
5
6
7
8

# make sure you removed the default Sendmail package first if it installed
#pkg uninstall sendmail

# install the package
pkgadd -d CNDpostfix-2.7.1,REV=100614-SunOS5.11-i386.pkg CNDpostfix

# Configure the package to your needs. Then enable the service
svcadm enable svc:/network/postfix:default

Sane Opensolaris Settings

Opensolaris has done some huge steps towards being usable by a normal person. Sadly there are still some things lacking sane defaults which I try to provide here. I will try to update this post if I stumble over more of these hiccups.

Correct colors on exit of an ncurses program

If an ncurses program (like nano) exits, the default xterm-color does not properly restore the colors of the terminal. The background color is shown in a dark gray. For a quick relieve you can issue a short

1

tput rs1

As this is rather cumbersome, I think it is better to adjust out terminfo definitions.

1
2
3
4

TERM=xterm-color infocmp > /tmp/xterm-color.src
sed -i -e 's/op=\\E\[100m,/op=\\E\[m,/' /tmp/xterm-color.src
pfexec tic -v /tmp/xterm-color.src
rm /tmp/xterm-color.src

The solution is from the Opensolaris Bug, the rough steps from Peter Harvey.

Fixing some key bindings

By default some essential key bindings do not work properly. This can be fixed by just reassigning them. The following statement has to be run as root.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

cat >> /etc/profile <<EOF
# home key
bind '"\e[1~":beginning-of-line'
# del key
bind '"\e[3~":delete-char'
# end key
bind '"\e[4~":end-of-line'
# pgup key
bind '"\e[5~":history-search-forward'
# pgdn key
bind '"\e[6~":history-search-backward'
EOF

You have to logout and login again for these settings to take effect. Alternatively you could just enter the individual bind statements into your current terminal.

The bindings are from Epiphanic Networks’ Wikka.

en_us.utf-8 locale on OpenSolaris

This is mainly a pointer for me to remember things. .

If you have an OpenSolaris 200x.xx installed as a minimal image (like that one) you will notice that there is a rather unfriendly assortment of locales installed:

1
2
3
4

locale -a
C
POSIX
iso_8859_1

What we (or at least I) want instead is the “default” locale en_us.UTF-8 Google has pointed me to the localeadm tool to solve this. However this tool seems not to be available anymore on Opensolaris. Instead, one is expected to do the following:

1

pkg install lang-support-english

This installs ca. 135 MB of packages. Unfortunately one of them is a complete X.org server which I specifically did not want to install in the first place as the system is intended to be a server where I deem an X server to be just unnecessary cruft. Fortunately, it is not started by default, so it seems, I have to live with that.

another call of locale -a shows us a much friendlier view on the system:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

locale -a
C
POSIX
en_AU
en_AU.ISO8859-1
en_AU.UTF-8
en_CA
en_CA.ISO8859-1
en_CA.UTF-8
en_GB
en_GB.ISO8859-1
en_GB.ISO8859-15
en_GB.ISO8859-15@euro
en_GB.UTF-8
en_IE
en_IE.ISO8859-1
en_IE.ISO8859-15
en_IE.ISO8859-15@euro
en_IE.UTF-8
en_MT.UTF-8
en_NZ
en_NZ.ISO8859-1
en_NZ.UTF-8
en_US
en_US.ISO8859-1
en_US.ISO8859-15
en_US.ISO8859-15@euro
en_US.UTF-8
iso_8859_1

To setup our newly installed locale, just put this line

1

LANG="en_US.UTF-8"

into the file /etc/default/init and reboot the system.

Sigh, sometimes are things so much easier on the Linux side of life.

The hint to the solution came from the OpenSolaris Forum btw.

Update 2010-02-23

You can also just install the locale files without the overhead that comes from lang-support-english. Just install on Opensolaris < Build 133

1

pkg install SUNWlang-enUS

or on Opensolaris >= Build 133

1

pkg install system/locale/en_us

Chili con Carne

Schee war g’wesen auf’m Oktoberfest. Jetzt bin ich wieder da und muss daher auch wieder selbst für mich sorgen. Angesichts des sehr pünktlich angebrochenen Oktobers und der damit verbundenen Kälte wird es damit wieder Zeit für Wärme von innen. Und was ist dafür besser geeignet als ein ordentliches Chili?

Richtig: nix. Und genau deswegen habe ich mir grade eins gekocht. Und im Sinne von Open Sourcing soll natürlich auch das Rezept dazu den Weg in die Welt finden. Guten Hunger!

Zutaten für 2 ordentliche Portionen

• 500g gemischtes Hackfleisch
• 500ml Rinderbrühe
• 2 EL Tomatenmark
• 1-2 weiße oder rote Zwiebeln
• 2-3 Knoblauchzehen
• 1 Dose Tomaten (400g)
• 1 Dose rote Kidneybohnen (420g)
• 2-5 Chilischoten (je nach Geschmack, aber unbedingt frisch)
• etwas Chilipulver (je nach Geschmack)
• etwas Paprikapulver
• 1/2 TL gemahlener Kreuzkümmel (oder Kumin)
• 1 TL gemhischte Kräuter (Oregano, Thymian, Rossmarin)
• 2 TL Honig

Zum Anrichten

• Crème fraîche oder Schmand
• etwas Gartenkresse, Schnittlauch o.ä.
• ein frisches Baguettebrot oder Bauernbrot

Zubereitung

Das Hackfleisch in einer Pfanne mit etwas Olivenöl (oder anderem Pflanzenöl) gut anbraten bis es anfängt krümelich zu werden. Währenddessen in einem großen Topf die Rinderbrühe erhitzen. Sobald das Fleisch vollständig durch gegarrt ist und anfängt braun zu werden alles in den Topf mit der heißen Rinderbrühe geben und aufkochen.

Die Zwiebeln und den Knoblauch fein hacken. Der Knoblauch schmeckt besser und riecht nicht so stark, wenn er gehackt und nicht gepresst wird und wenn das grüne Herz entfernt wird, das riecht am meisten.

Beides in die Pfanne geben in der gerade das Fleisch war und anbraten bis es glasig wird und das Tomatenmark sowie einen Esslöfel Wasser oder Brühe dazu geben. Kurz weiterbraten und dann in den Topf mit der Fleischbrühe geben. Jetzt die Dosentomaten und die kleingehackten Chilischoten dazu geben.

Jetzt mit Kreuzkümmel, Chillipulver, dem Parikapulver sowie Pfeffer und Salz würzen. und jetzt das ganze ca. 30 Minuten bei mittlerer Hitze zugedeckt köcheln lassen. Hier noch nicht zu stark würzen, da sich der Geschmack durch das Kochen noch verändert und wesentlich runder wird.

Währenddessen die Kidneybohnen abtropfen und ggf. den Saft anwaschen. Erst ca. 10 Minuten vor Ende der Kochzeit die Bohnen dazugeben. So fallen sie nicht auseinander. Die Kräuter dazugeben, das ganze mit dem Honig abrunden. Noch etwas abschmecken und das Chili noch etwas köcheln lassen, aber die Bohnen nicht auseinander fallen lassen.

Zum Schluss die scharfe Angelegenheit in Schüsseln mit etwas Crème fraîche und Kresse obendrauf servieren. Dazu das Brot und ein kühles Bier.

Auf einen guten…

The pain of SPF records

Mainly based on curiosity (and the discussion about #zensursula) I decided to run my own name server and only use the server of my provider as the secondary one (which is mandated by the denic for .de domains)

Since all my domains are registered via Schlundtech, one of the largest DNS providers in Germany, I trivially used their server as secondary. They are able to fetch changes via AXFR, albeit not automatically.

Trying to be a nice fellow, I inserted SPF records to all my domains. This allows other servers to query the DNS for mail servers which are allowed to send mail for a domain — in contrast to the MX record which point to serves which receive mail.

For this domain, the SPF record is

1

meine-er.de.        86400   IN  TXT "v=spf1 mx -all"

Which states, that this is a SPF version 1 information which grants all MX hosts of this domain the right to send mail (mx) and disallows any other hosts (-all). Of course these records have to be evaluated by the receiving mail server. Today these checks are mostly incorporated into spam filters.

As can be seen above the SPF records are traditionally stored in simple TXT records, which were invented to be optional free-text fields. As the SPF “standard” demands a fixed syntax it seems rather inappropriate to misuse such a free-text field.

So they (they are watching us, you have to look out) found an own record type for SPF with the number 99 as specified in RFC 4408 which is currently in experimental state (which I apparently failed to notice). So it seemed as all went well as I included both record types into my zone (using tinydns). However, I failed to check the DNS results of Schludtech properly and so missed that its DNS updates which I triggered manually on their website failed silently on the new SPF record (the non-TXT one). It just didn’t update its zone and reported stale data. It seems like bind and many other DNS tools out there do not like record types the do not know. Time to update everyone. Just throw out that bloated piece of crap that BIND is.

So fsck it. It just took me 2 hours to figure that out. Maybe I should have tried an AXFR zone transfer using dig earlier — this attempt beautifully failed on first try. But the simplest things are always the hardest to track, even if you think of them. Fortunately, everything went well in the end and the DNS glitches which some of you have seen should be EOLd once the changes have properly propagated (which should be in ca. 23 hours from now)

Trailer out for Tron 2... errrr... TRZ.... errm... Tron Legacy

So, after about a thousand renamings, we seem to have finally come to a rest. We are about to see Tron Legacy in cinemas in 2010. And judging from the trailer, the movie is going to be awesome (however maybe not so awesome as the original Tron but still awesome).

Kreditkartenbestellung nur mit Ausweis? WTF?!

Sehr geehrte Kundin, sehr geehrter Kunde,

vielen Dank für Ihre Bestellung. Im Anhang finden Sie die Bestellung vom 21.07.2009 im PDF-Format. Diese Datei können Sie mit dem kostenlosen Adobe Acrobat Reader problemlos öffnen.

Leider muss ich mitteilen, dass aufgrund häufiger Betrugsversuche eine Lieferung bei Zahlung per Kreditkarte erst möglich ist, sofern Sie uns eine Kopie Ihres Ausweises zukommen lassen. Bitte teilen Sie mir mit, ob das für Sie in Ordnung ist.

Für eventuelle Rückfragen stehe ich Ihnen gerne zur Verfügung.

Mit freundlichen Grüßen

XXX YYYYYY
zzzzz@jacob-elektronik.de

(Name gelöscht um die Unschuldigen zu schützen)

Ich weiß nicht so recht, was ich davon halten soll. Ich mein, ja toll, dass ihr mich vor Betrug schützen wollt, aber deswegen will ich eigentlich nicht meinen Perso jedem vor die Nase halten. Mal schauen, ob sie mich trotzdem beliefern, wenn ich mich weigere…

Nachtrag

Sie sind vernünftigen Argumenten tatächlich zuträglich. Auf Nachfrage wurde mir bestätigt, dass die Überprüfung wegen Abweichungen von Adresse der Kreditkarte und Liefer-/Rechungsadresse sowie merkwürdigem Bestellverhalten meinerseits durchgeführt wurde.

So bin ich dann doch ohne Ausweisablieferung davon gekommen. Das ist dann damit wohl wieder ein #win!

My try on Opensolaris

Two years ago I bought a ReadyNAS NV+ with 4 500 GB drives based on the recommendation of Volker Weber. It served its purpose well and runs 24/7 without any problem at all. However recently I started to have issues. The most important one was simply that the device is now filled to the rim. While that could be solved by just using larger disks (or not ripping all of my DVDs onto disk), the other major issue would still stand.

The device is just too slow. Using AFP or CIFS I barely get more than 10 MByte/sec top (measured using dd from /dev/zero with a blocksize of 32k). This doesn’t look like a device capable of Gigabit speed. Besides, during these tests the CPU of the ReadyNAS ran at about 90% load so there is obviously not much more to expect from that device.

So being too cheap to buy one of the new ReadyNAS Pros while craving for that extra speed and wanting to learn something new, I opted into building a new system from ground up. As I have heard very nice stories about (Open)solaris (I’m looking a you, Jörg) I decided that Opensolaris would be the new OS of choice. I just wanted to see and use all that ZFS goodness by myself.

Unfortunately as I bought only Macs recently I was fairly outdated regarding a diverse knowledge of PC hardware. So I started browsing (Heise FTW!) and finally found some decent hardware (at least on paper) which I ordered today. The main problem here was Solaris compatibility, so amost everything was checked against the HCL.

For me, the most important piece was the enclosure as I intended to put a lot of disks in it. Or at least could be able to add more of them later without having to add additional enclosures. There are some modestly prices server enclosures on the market. However, as I don’t own a rack (yet) these where of reach. So I opted into a tower case from Lian Li - more specifically the PC-A17B. Which allows to add 9 external 5.25″ devices. As I obviously not want to insert 5.25″ disk drives, I searched for an enclosure to convert that bays into 3.5″ bays for normal hard disks. Initially I fell in love with the Lian Li EX-H34B which allows 4 disk drives to be used in 3 5.25″ bays while providing hot-plug capabilities. Unfortunately these babes were nowhere to find for delivery in the german internets in a reasonably timeframe.

So I opted into 3 Silverstone CFP52B together with 12 Silverstone CP05 which also provide hot-plug capabilities while looking pretty decent together with the Lian Li enclosure.

For the other hardware, I had a hard time deciding between Intel and AMD. Finally I settled with Intel as it promised a wee bit more compatibility with Opensolaris (at least on consumer boards and CPUs). I ordered an Asus P5QL-CM together with an Intel E7400 (45nm, 2.8 GHz, 65W TDP) and 4 GB of Kingston RAM. The board combination allows me to use 6 SATA disk drives now and add an additional controller and more drives later if needed. I’m a bit concerned regarding the Realtek network chip on board. Furtunatlty I have two spare Intel Pro/1000 GT adapter lying around. So this hopefully will not be a huge problem

Regading the drives, I ordered 6 Western Digital WD10EADS which are going to be connected to the onboard SATA ports and a DeLOCK IDE Flash Modul 40Pin 8GB Vertical as a boot device connected to the “old” PATA port. Let’s see how that works…

I further entries, I will go into details about my journey into Solaris. But first I’m going to wait for my hardware to arrive.

Yay! Am I important now?

New System, Same Content, Better Everything

So this is it. My next try of a content management system. Yes, again written from scratch. Yes, I know but Wordpress looks not very sexy to me. And somehow I started to hate PHP while falling in love with Python, thanks to Martin von Löwis. So well, here we are…

This time I tested the magical powers of the Django ponies. It might be still rough around the edges and lacking some obvious features like a comment facility. But I’m certain that we will see some updates here soon. Once the codebase has matured a bit and the security-by-obscurity-factor is not so important any more I will open source the system. Stay tuned.

But until then you can expect some more posts here. At least more than in the recent 18 month.

Where the hell is Matt 2008

During the course of updating this site onto its new technical basis (more on this later) I found a lot of old articles I wrote some time ago. One of them was On Tour, featuring a video of Matt Harding traveling around the globe and dancing where he stops by.

In 2008 he made a new trip, danced again at various places, and made a new video. It’s as good as the last one — even with all that people around :)

und jetzt weiter mit Musik

Damals noch bei Rock im Park gesehen und heute wiedergefunden, allerdings diesmal als Aufnahme von Rock am Ring. Placebo mit Running up that Hill. Die Jungs haben es einfach drauf.

Mac Pro bald mit Radeon HD 3870?

Ich bin ja zur Zeit daran, mir endlich einen neuen Rechner zu beschaffen. Und da ich ja ein visueller Mensch bin, aber den UNIX-Ansatz auch ganz toll finde, dachte ich an einen Switch zu Apple. Ein Mac Pro soll es werden. Eigentlich mit einer GeForce 8800 GT.

Allerdings hat es mich dann schon verwundert, was mich heute bei den technischen Daten im Apple Store angelächelt hat:

Da taucht nämlich auf einmal eine ATI Radeon HD 3870 als Build-to-Order-Option auf. Komischerweise aber auch nur da. Ich kann die Karte weder tatsächlich konfigurieren noch habe ich irgendwo sonst Informationen darüber gefunden (nicht einmal im US-Store).

Ist das nun ein Bug oder ein neues Feature? Vielleicht ist es ja auch ein Vorbote auf morgen. Schließlich ist dann ja wieder Dienstag ;) Auf jeden Fall würde es die Entscheidung wieder etwas schwerer machen.

Macworld

die einzigen firmen die sich erlauben können wichtige features wegzulassen und das teuer zu verkaufen sind unterwäschehersteller und apple.

Großartig!