What we do here is enabling 32-bit chroot’ed userland on 64-bit server. 32-bit userland and 32-bit Python environment reduces the memory usage of heavy website applications we are running (read: Plone/Zope), since 32-bit has only half of the pointer size and object-oriented programming is all about pointers. Zope is especially memory hungry, because it uses ZODB object database. The developer does not need to worry about when doing queries, updates or caches that much  as the persistent site state is transparent to Python (objects are automatically loaded from database or cache when they are referred). Easy persistency means that almost everything is in the database and you need to have big object cache. Plone has huge client-side, in-process, cache for persistent objects. The default setting is for the cache size 5000 objects. (sidenote: since ZODB cache is in-process and Python does not do threading too well, running big Plone sites means that you need run several processes to handle parallel requests – having multiple processes with big in-process caches means loads of memory consumption)

32-bit userland is especially useful if you need to run Plone on 64-bit VPS (virtual private server) with low amount of available memory (512 MB or 1 GB).

There are some brief measurements about 32-bit vs. 6-bit Python memory usage at the end of this article.

Unless otherwise specified, all command here should be run as the root user of the host system. Commands here are for example only and you need to know what you are doing. If you lack advanced UNIX administration skills we gladly arrange you some commercial training or hosting support.

Installing

Basic schroot installation instructions for Ubuntu can be found here https://help.ubuntu.com/community/DebootstrapChroot . We also install ZopeSkel in the chroo’ed environment for starting creating Plone sites. Note that we are using Ubuntu 8.04 which still ships with Python 2.4 – for later Ubuntus you need to compile Python 2.4 from the scratch.

apt-get install debootstrap
apt-get install schroot

# Old schroot uses global schroot.conf, new versions have
# chroot.d directory

# This is a heredoc, but use what ever editor you like
# to create the configuration
cat <<EOF > /etc/schroot/chroot.d/hardy_i386.conf
[hardy_i386]
description=Ubuntu 8.04 Hardy for i386
location=/srv/chroot/hardy_i386
personality=linux32
root-users=bob
run-setup-scripts=true
run-exec-scripts=true
type=directory
users=bob,john,alice,ploneuser
EOF

mkdir -p /srv/chroot/hardy_i386
debootstrap --variant=buildd --arch i386 hardy /srv/chroot/hardy_i386 \

http://archive.ubuntu.com/ubuntu/

# Check that the chroot is created and working
schroot -l

# Enter the chroot (logged in as bob)
schroot -c hardy_i386 -u root

# Once inside, install python2.4-dev and other needed tools
# Installing PIL with easy_install didn't work for some
# reason, so we use python-imaging package.
apt-get install python2.4-dev python-setuptools python-imaging
easy_install-2.4 ZopeSkel

And that’s about it.

Chroot’ed environment will have

• It’s own application binaries (and userland bitness)

Chroot’ed environment will share with the host system

• Ports
• Processes
• User accounts

Chroot’ed users

• Can’t list filesystem outside chroot

…giving additional safety for shared hosting in the case of chroot’ed environment is compromised.

Entering chroot’ed environment as a specific user

Try

schroot -c hardy_i386 -u root

…or…

schroot -c hardy_i386 -u plone_user # After you have set-uped normal user for chroot'ed environment

All background processes you leave running in chroot’ed environment are terminated when you exit this environment, unless you create sessions as described below.

Creating chroot sessions

Sessions enable running commands in chroot without the need to have it constantly open.

# Create a new schroot session
schroot --chroot=hardy_i386 --user=ploneuser \
--session-name=plonesession \
--begin-session

# Run commands in the created session
schroot --chroot=plonesession --user=ploneuser --run-session \
/srv/plone/yourplonesite/bin/instance start

# Ending session
schroot --chroot=plonesession --user=ploneuser --end-session

Note that --chroot parameter takes in both actual chroot installations and session ids.

Doing resets for chrooted environment

The session processes exist as long as the session exist. Unless you explicitly start a new session with –begin-session the processes are terminated as soon as you log out from the chroot’ed environent.
chroot’ed environment is temporary unless you explicitly specify it not be
Thus if you want to run daemonized services in chrooted environment you need to take care of session handling manually.
Here is an example how do you construct a session (as a real root user) and then launch a shell script which will take care of launching applications inside the chroot.

# Terminate previous session if any
schroot --chroot=hardy_i386 --user=plone_user --session-name=plone_session --end-session

#Start the session (again)
schroot --chroot=hardy_i386 --user=plone_user --session-name=plone_session --begin-session

# Run a start script inside the chroot'ed environment which will start Plone
# NGINX and other necessary 32-bit services
schroot --chroot=plone_session --user=plone_user --run-session /srv/plone/myplonesite/restart-all.sh

Running sessions at startup

You can add schroot bootstrap in real /etc/rc.local:

schroot --chroot=hardy_i386 --user=ploneuser \
--session-name=plonesession --begin-session \
&& schroot --chroot=plonesession --run-session \
/srv/plone/inst/bin/instance start

Remember that the users have to be created outside the chrooted environment. If you set the home directory to something that exists only in the chrooted environment, use something like this

adduser --no-create-home --home HOMEDIR_IN_CHROOT ploneuser

Then to create the directory inside the chroot and set its ownership to the newly created user and group.

32-bit vs 64-bit memory consumption

Reason why we even tried this is that some python applications, like Zope, use references heavily and moving from 32bit to 64bit references increases memory usage. (J Stahl 2010)

Memory figures from a development Zope/Plone 3.3.5 server

This is far from a complete study, but it would seem that the chroot does pay off even though it has to load 32bit versions of basic libraries along. If running more than one instance on same server memory savings should increase.

More information

• http://manpages.ubuntu.com/manpages/hardy/man1/schroot.1.html
• http://en.wikipedia.org/wiki/Chroot

Read our blog  Subscribe mFabrik blog in a reader Follow us on Twitter Mikko Ohtamaa on LinkedIn

Skype is not really helpful regarding how to get meaningful log information from the client, but it is possible.

Create a log directory

mkdir ~/.Skype/Logs

Run Skype from the command line and open a chat window so that it crashes

moo@murskaamo:~$ skype
Aborted

Now there should be log data available

moo@murskaamo:~$ ls -lh ~/.Skype/Logs/
total 724K
-rw-r--r-- 1 moo moo 607K 2010-07-16 11:10 skype_20100716-1110.log
-rw-r--r-- 1 moo moo 116K 2010-07-16 11:10 skype_20100716-1110.trace.txt

However, those log files are little useful for anybody except Skype developers as they are encrypted. Your only hope is to submit them to  a Skype bug tracker and hope that someone answers you something meaningful. The guidelines how to create a bug report and how they are processed is little unclear – there doesn’t seem to be clear announcement from Skype whether they process  these reports or not.

The crashes probably are due to incompatible system library versions / bugs in them. Try downloading static Skype versions which does not use system libraries.

Read our blog  Subscribe mFabrik blog in a reader Follow us on Twitter Mikko Ohtamaa on LinkedIn

This buildout is especially useful to get Python 2.4 properly running under the latest Ubuntu 10.04 Lucid Lynx. This is because Ubuntu repositories won’t ship with Python 2.4 packages anymore.

The installation will also include static compilation of some very popular libraries. These are dependencies for other Python packages including, but not limited, to

• libjpeg
• Python imaging library
• readline

Prerequisites

• Some Python version is installed (OS default)
• GCC compiler is installed (sudo apt-get install build-essential)
• Subversion tool is installed (sudo apt-get install subversion)

Running it

svn co http://svn.plone.org/svn/collective/buildout/python/
cd python
python bootstrap.py
bin/buildout

Using it

All Pythons are under virtualenv installations. This means that you can activate one Python configuration for your shell once easily (python command will run under different Python versions).

Activating Python 2.4

source python/python-2.4/bin/activate
(python-2.4)moo@murskaamo:~/code$ python -V
Python 2.4.6

Check that Python Imaging Library works

python
Python 2.4.6 (#1, Jul 16 2010, 10:31:46)
[GCC 4.4.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import PIL

(No exceptions raised, Python Imaging Library works well).

Read our blog  Subscribe mFabrik blog in a reader Follow us on Twitter Mikko Ohtamaa on LinkedIn

Here are instructions how get a custom notification-osd which can read a config file where you can specify settings for the notifications. Though it requires you to install a custom notify-osd version, the instructions are plain and simple. For less hardcode users, there also exists a version with graphical user interface to configure notify-osd.

Read our blog  Subscribe mFabrik blog in a reader Follow us on Twitter Mikko Ohtamaa on LinkedIn

The instructions may apply for other versions too.

Prerequisitements

What you need to have in order to use this how to

• Basic UNIX file permissions knowledge
• Basic UNIX shell knowledge
• You have a Linux server (Ubuntu / Debian) for which you have root user access and you plan to use this server to host one or several Joomla! sites
• Apache and MySQL instaleld on your server

User setup

Set-up an UNIX user on a dedicated server for Joomla! hosting. The user can SSH in the box and write to his home folder, /tmp and /var/www site folder.

We create a user called “user” in this instructions. Replace it with the username you desire. We also use the example site name (www).yoursite.com.

sudo adduser user # Asks for the password and created /home/user

sudo mkdir /var/www/user
sudo chmod -R user:user /var/www/user # Only user has writing access to this folder

Setup MySQL user account

Install MySQL as per Debian/Ubuntu instructions.

Login as MySQL admin user (may vary depending how your MySQL is configured). Note that first you will be asked for sudo password, then for MySQL administrative user password.

sudo mysql -u admin -p

CREATE DATABASE user DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;

GRANT ALL ON user.* TO 'user'@'localhost' identified by 'zxc123zxc'; 

Extract Joomla! installation files

Enter the folder which will contain web site PHP files.

sudo -i -u user # pose yourself as UNIX user who runs the site

cd /var/www/user

wget http://joomlacode.org/gf/download/frsrelease/12350/51111/Joomla_1.5.18-Stable-Full_Package.zip

unzip Joomla_1.5.18-Stable-Full_Package.zip

exit

Set file permission

Note that during Joomla’s browser based installation Apache’s www-data must have write access to folder in order to create configuration.php file. We will later remove this access right.

We will set Joomla! files under UNIX group group www-data so that Apache can read them. Certain files are set to be writable. This must be done as root user.

sudo chown -R user:www-data /var/www/user # Make user group to www-data

sudo chmod g+wrx /var/www/user # Read only access to www-data user. Write access for installation, will be later removed.

Now ls -l command in /var/www/user should give you something like this for fil masks:

drwxr-xr-x 11 user www-data    4096 2010-05-28 10:22 plugins
-rwxr--r--  1 user www-data     304 2010-05-28 10:21 robots.txt
drwxr-xr-x  6 user www-data    4096 2010-05-28 10:22 templates

Creating Apache configuration

sudo nano /etc/apache2/sites-enabled/yoursite.conf

   ServerName yoursite.com
   ServerAlias www.yoursite.com
   ServerAdmin info@yourcompany.com

   LogFormat       combined
   TransferLog     /var/log/apache2/yoursite.log

   # Make sure this virtual host if capable of executing PHP5
   Options +ExecCGI
   AddType application/x-httpd-php .php .php5

   # Point to www folder where Joomla! is extracted
   DocumentRoot /var/www/yoursite

   # Do not give illusion of safety
   # as PHP safe_mode really is a crap
   # and only causes problems
   php_admin_flag safe_mode off

   #
   # This entry will redirect traffic www.yoursite.com -> yoursite.com
   # Assume mod_rewrite is installed and enabled on Apache
   # 301 is HTTP Permanent Redirect code
   RewriteEngine On
   RewriteCond %{HTTP_HOST} ^www\.yoursite\.com [NC]
   RewriteRule (.*) http://yoursite.com$1 [L,R=301]

</VirtualHost>

Faking the DNS entry

sudo gedit /etc/hosts

# Force this hostname to go to your server public IP address from your local computer

123.123.123 yoursite.com www.yoursite.com

Start Joomla! browser based installation

http://yoursite.com

Secure the configuration

sudo chmod -R g-w /var/www/user # Remote write permission
sudo rm -rf /var/www/user/installation # Remove installation directory
# Add write permission to folders which contain writable files
sudo chmod -R g+x /var/www/user/logs
sudo chmod -R g+x /var/www/user/images
sudo chmod -R g+x /var/www/user/tmp
sudo chmod -R g+x /var/www/user/images

Setting up htaccess files

Joomla! comes with a sample htaccess file which has some security measurements by having RewriteRules to prevent malformed URL access.

To install this file do the following

sudo -i
cd /var/www/user
cp htaccess.txt .htaccess
chmod user:www-data .htaccess # Set file permission to be readable by Apache and writable by the UNIX user

Then we create a .htaccess file which we will place in all folders with Joomla! write access to prevent execution of PHP files in these folders. First we create htaccess.limited file which we use as a template.

sudo -i
cd /var/www/user
nano htaccess.limited # Open text editor

Use the following htaccess.limited content

# secure directory by disabling script execution
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI -Indexes

And put the master template htaccess.limited  to proper places

cp htaccess.limited media/.htaccess
chown -R user:www-data media/.htaccess 

cp htaccess.limited tmp/.htaccess
chown -R user:www-data tmp/.htaccess 

cp htaccess.limited logs/.htaccess
chown -R user:www-data logs/.htaccess

cp htaccess.limited images/.htaccess
chown -R user:www-data images/.htaccess

Start using the site

Setting outgoing email

Test outgoing email

Maintaining file permission

sudo usermod -a -G www-data user # Add user to www-data group so that it can set group permissions

sudo -i -u user # Login as your UNIX user
chgrp -R www-data templates libraries # Fix group ownership
chmod -R g+rx libraries templates # Set read access for the group

Read our blog  Subscribe mFabrik blog in a reader Follow us on Twitter Mikko Ohtamaa on LinkedIn

The usage is simple. Just run:

ssh-copy-id remotebox.com

to copy your public SSH key to remotebox.com. After that

ssh remotebox.com

shoud ask no password.

Working installation instructions for ssh-copy-id on OSX are in Chris Pitzer’s blog.

Read our blog  Subscribe mFabrik blog in a reader Follow us on Twitter Mikko Ohtamaa on LinkedIn

The workaround is to run command

`eval ssh-agent`

Which sets series on environment variables making ssh-add to work.

I don’t know why this doesn’t work anymore – I am quite sure it worked on earlier Ubuntu versions out of the box.

Related bug report.

pgtop

pgtop provides UNIX top command like user interface for PostgreSQL. pgtop command is available as Perl CPAN module.

How to install Perl CPAN modules as non-root user on Ubuntu (note: when it prompts to run sudo, answer no).

To install pgtop install following CPAN modules first: Term::ANSIColor, Term::ReadKey, DBD::Pg

perl -MCPAN -Mlocal::lib -e 'CPAN::install(DBD::Pg)'
perl -MCPAN -Mlocal::lib -e 'CPAN::install(Term::ReadKey)'
perl -MCPAN -Mlocal::lib -e 'CPAN::install(Term::ANSIColor)'

pgtop install instructions

pgtop manul

Running pgtop:

perl pgtop -d databasename -u yourdbuser -p yourdbuserpassword

pgfouine

pgfouine is a log analyzer for PostgreSQL.

Multi-touch gestures allow you to perform user interface actions by doing two finger gestures on touchpad. Apple introduced this feature on Macbooks and after you get used to it, it greatly enhances your web browsing on mouseless netbook. The most important gesture is scroll text by swiping the touchpad with two fingers.

Apple has also many patents related to the gestures so they are not enabled by default.

The real multi-finger touch support needs multi-finger aware (capacitive) touchpad. Most PC laptops are not equipped with one. Luckily some of the simple gestures, like two finger scrolling, can be emulated on normal pressure point sensitive touchpad via clever calculations and other tricks.

Note: Ubuntu HAL support for Synaptics seem to be broken. Only shell script at the end of the post will work. HAL options in FDI file are being ignored.

Setting up Synaptics driver

Type in terminal

gksudo gedit /etc/hal/fdi/policy/11-x11-synaptics.fdi

Create and save file with this content:

<?xml version="1.0" encoding="ISO-8859-1"?>
<deviceinfo version="0.2">
 <device>
   <match key="info.capabilities" contains="input.touchpad">
       <merge key="input.x11_driver" type="string">synaptics</merge>
       <merge key="input.x11_options.SHMConfig" type="string">On</merge>

       <merge key="input.x11_options.EmulateTwoFingerMinZ" type="string">40</merge>
       <merge key="input.x11_options.VertTwoFingerScroll" type="string">1</merge>
       <merge key="input.x11_options.HorizTwoFingerScroll" type="string">1</merge>
       <merge key="input.x11_options.TapButton1" type="string">1</merge>
       <merge key="input.x11_options.TapButton2" type="string">3</merge>  <!--two finger tap -> middle clieck(3) -->
       <merge key="input.x11_options.TapButton3" type="string">2</merge>  <!--three finger tap -> right click(2). almost impossible to click -->
   </match>
 </device>
</deviceinfo>

This allows us to use synclient utility to watch touchpad real-time data in console window.

Now restart X

sudo /etc/init.d/gdm restart

And open terminal again.

Type in command

synclient -m 100

And you should see data like this scrolling in the terminal:

129.355  2912 3469  59 1  4  0 0 0 0 0  00000000   0  0  0   0   0
 129.455  2952 3529  59 1  4  1 0 0 0 0  00000000   0  0  0   0   0
 time     x    y   z f  w  l r u d m     multi  gl gm gr gdx gdy
 129.555  3283 3516  60 1  4  1 0 0 0 0  00000000   0  0  0   0   0
 129.656  3928 3517  60 1  4  1 0 0 0 0  00000000   0  0  0   0   0
 129.756  4364 3637  60 1  4  1 0 0 0 0  00000000   0  0  0   0   0
 129.856  4020 3329  49 1  4  0 0 0 0 0  00000000   0  0  0   0   0
 129.956  3634 3122  58 1  4  0 0 0 0 0  00000000   0  0  0   0   0
 130.057  3320 2957  60 1  4  0 0 0 0 0  00000000   0  0  0   0   0
 130.157  2779 3312  61 1  4  0 0 0 0 0  00000000   0  0  0   0   0
 130.257  2557 3739  61 1  4  0 0 0 0 0  00000000   0  0  0   0   0
 130.358  2636 3485  39 1  4  0 0 0 0 0  00000000   0  0  0   0   0
 130.458  2659 3104  60 1  4  0 0 0 0 0  00000000   0  0  0   0   0
 130.558  2671 2988  60 1  4  0 0 0 0 0  00000000   0  0  0   0   0

f column tells the number of fingers. w is the touched area width. z is the pressure.

If you put two fingers on touchpad and you see value f=2 then your hardware has multi-touch aware touchpad. Unfortunately Asus Eee 1005HA doesn’t seem to have one

Emulation approach

Synaptics driver can emulate two-finger touch with the following conditions

• Touched area width exceeds certain threshold (min width)
• Touch pressure exceeds certain thresholds

When the conditions are met the driver thinks “Wow looks this guy is pressing us really hard. maybe he is using two fingers?” Note that touchpad values are touchpad specific and values applying for one model don’t work on another computer.

Synaptics driver settings are described here. Synaptic driver settings can be modified run-time using xinput command. Run synclient -m 100 in one terminal window and change threshold values in other until you find correct emulation parameters for your laptop. Below is my xinput tests. Test scrolling on Firefox and any long web page.

moo@huiskuttaja:~$ xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Width" 32 7
moo@huiskuttaja:~$ xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Pressure" 32 280
moo@huiskuttaja:~$ xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Width" 32 11
moo@huiskuttaja:~$ xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Pressure" 32 50
moo@huiskuttaja:~$

Looks like the following parameters are good for two finger emulation for Asus Eee 1005HA:

• Width: 8
• Pressure (Z): 10

You can also use command synclient -l to dump the current settings.

Below is the final script you need to run during log-in (see note about broken HAL at the beginning of the post):

#!/bin/sh

#!/bin/sh
#
# Use xinput --list-props "SynPS/2 Synaptics TouchPad" to extract data
#

# Set multi-touch emulation parameters
xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Pressure" 32 10
xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Width" 32 8
xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Two-Finger Scrolling" 8 1
xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Two-Finger Scrolling" 8 1 1

# Disable edge scrolling
xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Edge Scrolling" 8 0 0 0 

# This will make cursor not to jump if you have two fingers on the touchpad and you list one
# (which you usually do after two-finger scrolling)
xinput set-int-prop "SynPS/2 Synaptics TouchPad" "Synaptics Jumpy Cursor Threshold" 32 110

Jumpy cursor after two finger scroll

When you do a two-finger scroll and lift your one finger before the other the mouse cursor/scrolling may jump. Synaptics driver does not seem to have an option to filter out this bad event. If anyone knows solution for this please comment.

Other resources

• Linux Multi-Touch is a project to collect set of Perl scripts related to multi-touch events. If you want to customize your multi-touch experience and you have some development insight, this is the place to begin.
• Notes about multi-touch emulation (see the last comment).
• Diagnosing multitouch support and editing HAL files.
• Related idea on Ubuntu Brainstorm.
• Synaptics X11 driver source. Synaptics driver project page. Looks like there is no one central figure behind it, except for maintaining, and big bunch of patches from distributors.

• detect the numbers of monitors you have attached
• Activate the second (external) monitor if there are two monitors
• Use the external monitory as the primary display, otherwise use internal display as a primary display
• Move your taskbars to the primary display

It is based on disper tool by Willem van Engen. For now (2009), it’s nVidia only. ATI support could be possible.

#!/bin/sh
#
# Detect displays and move panels to the primary display
#
# Copyright 2009 Twinapex Research
#
# Author <mikko.ohtamaa@twinapex.com>
#

# disper command will detect and configure monitors
disper --displays=auto -e

# parse output from disper tool how many displays we have attached
# disper prints 2 lines per displer
lines=`disper -l|wc -l`

display_count=$((lines / 2))

echo $display_count

echo "Detected display count:" $display_count

# Make sure that we move panels to the correct display based
# on the display count
if [ $display_count = 1 ] ; then
   echo "Moving panels to the internal LCD display"
   gconftool-2 \
        --set "/apps/panel/toplevels/bottom_panel_screen0/monitor" \
        --type integer "0"
   gconftool-2 \
        --set "/apps/panel/toplevels/top_panel_screen0/monitor" \
        --type integer "0"
else
   echo "Moving panels to the external display"
   gconftool-2 \
        --set "/apps/panel/toplevels/bottom_panel_screen0/monitor" \
        --type integer "1"
   gconftool-2 \
        --set "/apps/panel/toplevels/top_panel_screen0/monitor" \
        --type integer "1"
fi