Dirgahayu RI yang ke-64. Merdeka! Merdeka! Merdeka!
Blog staff Universitas Indonesia telah mengalami perubahan yang berarti.Daftar perubahan:
- Pindah server ke server hamster, lebih bertenaga. (Thx to: Adin & Koben)
- Menutup beberapa celah keamanan
- RSS feed untuk Entries dan Comments benar-benar untuk agregasi seluruh blog staff UI. Jadi, setiap entri terbaru bisa diikuti seperti Planet. Perubahan ini didokumentasikan di “Cara Menggunakan Blog UI“
- Membuang widget-widget yang tidak perlu sehingga terlihat lebih lapang dan sederhana.
- Mengganti sementara agregasi entri blog dengan menggunakan AHP Sitewide Recent Posts karena WPMU Aggregator memotong isi entri begitu saja. Hal ini menyebabkan ada elemen HTML tidak tertutup dan menyebabkan halaman web Aggregator tidak konsisten/kacau.
- Mengubah beberapa halaman agar konsisten.
Rencana mendatang: (TODO list)
- Menyempurnakan agregasi entri blog.
- Konsistensi bahasa (menggunakan seluruhnya Bahasa Indonesia atau bahasa Inggris?).
- Dukungan Gravatar/Avatar.
- Integrasi dengan situs lainnya
Khayalan mendatang: (Wishlist)
- Memasang BuddyPress membuat UIBook (siapa tahu bisa menyaingi Facebook).
- Memasang BBPress membuat forum UI.
- Tema lebih UI.
- World domination! 😀
Saya pribadi tidak jago PHP dan dunia per-wordpress-an. Saya biasa pakai blogspot yang cuma bisa menulis. Silahkan tinggalkan komentar kalau ada ide, saran, kritik, dan kue untuk dibagi. Selamat berblog ria.
UPDATED: Sign-in sudah bisa, ada error di skrip LDAP. Sekarang sudah bisa tersambung.
Migrating a system should always consider as harmful as making decision to marry a woman/man. The transition in between must be a continued process that planned carefully. Making the wrong decision makes the system and the organization rendered useless. Making general assumption about the system migration also the culprit of series of unfortunate events after.
To take a smooth system migration, there are things that need to be considered:
- The user of the system.
- Other system that depends on it
- Business process handled by this system
- Business process affected by this system
User of the system considered as one of the thing that we should ever consider. The trust between the system and user is built as a requirement to make the user use the system. Breaking any functionality in system can break user’s trust. Uninformed user can be a big threat that can take the system down. One viral marketing of badmouthing can take not only the system alone, but also the organization down — take a look at Omni Hospital case. That’s why, even free service providers such as Google, Facebook and Yahoo! take very long path to ensure that majority of users informed and adapted.
A better study how people would resists change is KDE system. When the version 4.0 released (the first KDE4 series), many of the users were pissed. Many functions were not there. The system was half baked and it was a bad decision from the beginning to release it immediately. Fortunately, KDE developers do an amazing thing: fast pace evolution of KDE4. Introduction of new functions, clear state of direction of the new system, and the release often philosophy attract new users while buy back the heart of discontents. They works at full speed with innovation and notify people really often while trying to step away from trolls. Communication and fast pace development truly marks them as a good innovator.
Another factor that would lead you to disaster if a system is a part of chain of systems. In software worlds there existed many terms for dependencies. The famous one is called API (Application Programming Interface). According to [WIKI], an API
is a set of routines, data structures, object classes and/or protocols provided by libraries and/or operating system services in order to support the building of applications.
This means each of shared library provide standard ways for other to access their functionality. With the encapsulation, complexity and obfuscation, people certainly cannot follow of each library they use and that’s the reason from the beginning why we love to reuse. Imagine if your system is a part of a bigger system, which is a normal thing in enterprise. Any change in your interface for other system to use (API) will make all of the systems that depends on that particular functionality fail. If the system you are changing is a core system, then it would cause halt on most of the systems, i.e. you’re screwed!
To tackle such devastation, any change to a function should be accompanied with fallback and backward compability. The most commonly used trick to do this is to deprecating such function. Deprecation is a form of noticing the user (in this case is the other system that consume your function) that the function is being shut down so they would expect no more of this function in future.
The real question of this is, when should you put off permanently of a deprecated function?
Software developers use major and minor number to differentiate versions of their product. Each major number indicating very big gap which make significant gap and even incompatible for each other. Minor number is indicating that the internal coding is change but still maintain compability. That’s why, version 1.0 can be compatible with version 1.1 but version 1.1 obviously expects things to break with version 2.0.
Of course, real life is not that perfect. Sometimes, you would have to shut a function immediately because of the security issue it implies. But, you can be like Microsoft maintaining the whole API more than 10 years or like Linux kernel which breaks ABI in every several minor version.
This blog content is getting like a book. So, I should stop here (you get the idea).
REFERENCE: [WIKI] Wikipedia. Application Programming Interface. http://en.wikipedia.org/wiki/Api (Accessed at Thursday 13 August 2009)
I have Radeon X550 running KDE4 and have a minor issue of flickering on all of my fullscreen applications. So, this morning I googled and found the problem. It was caused by the behaviour of KDE4 (and other compositing manager such as Compiz) to cancel redirection of fullscreen applications to improve performance. This is by the fact that all fullscreen application does not need any effect because it would fill all the screen.
So, this is what [LPAD] suggest:
How to resolve the problem: – open with your favourite editor this configuration file: .kde/share/config/kwinrc -under [Compositing] section add: UnredirectFullscreen=false – If you have no [Compositing] section create it, on the top of the config file, and then add the option under it. – save and exit – Press ALT+F2 to open krunner, then write into it: kwin –replace – No flickering/crashes anymore! 😉
REFERENCE: [LPAD] Masucci, Geovanni. (KDE) Fullscreen applications flickering with effects ON. https://bugs.launchpad.net/ubuntu/+source/kubuntu-default-settings/+bug/327199 (snapshot taken 10 June 2009)
Getting this while building project for NetBeans 6.7 Beta:
Created dir: $HOME_DIR/Project/uibooth-eaccess/e-access/dist /usr/lib is a directory or can't be read. Not copying the libraries. Building jar: $HOME_DIR/Project/uibooth-eaccess/e-access/dist/e-access.jar Not copying the libraries.
The problem is because I have made a custom library, java’s RXTX that have native library put in the
. I have put the path in one of the RXTX library in Netbeans configuration. It would runs in Netbeans but not with the manual way. The
will be generated without
and its content (all the necessary jars). Deleting the path would fix the job.
Hopefully Netbeans would includes better support for native library.
There is a problem in making a part of layer in GIMP becoming transparent; that is GIMP refuses to make selection color to alpha channel. This is because GIMP 2.6 not adding alpha channel by default into a duplicate/new(?) layer. There are two solutions:
- You could add an alpha channel to the layer then do things like previous version.
- You can add a layer mask and do it from that masking layer. This will complexing things up but will gives you unlimited undos/redos plus your original picture is unharmed, which is a good practice.
If you ever been wondered why your GNU/Linux Debian missing the DRI capability, you should know that now Debian ships the Firmware into new package called:
This is due to legal and political policy of Debian which is not wanting to be tainted by non-free softwares. The package is containing BLOB [non-techie reader reads: no source, binary only) firmwares that needed to activated some of the capability. I guess that is the price of freedom and good quality means.
KDE4 now resides in Debian Unstable with the version number 4.2.2 for stable release. If you are a convert like me (using GNOME), it poses no problem. But, the upgrade will stuck if you have KDE3 installed. To tackle the problem, you could upgrade the opposing KDE3 applications to KDE4, or remove it. Then, install <code>kde-minimal</code>.
DKIM is a technique based on Yahoo!’s DomainKey. Some may say that it look alike SPF (Sender Policy Framework), but the two is different. DKIM is authenticating the email sent by checking the signature againts the domain’s public key. On the contrary, SPF check the MTA (mail server) that sends the email againsts the domain’s list of MTA. For the simplicity, let’s say that the sending domain is UI and the receiving domain is GMail, so DKIM works like this:
- User foo send an email
- The UI mailserver signed the email and send it to GMail mailserver
- GMail then querying the DNS and search for the public key for the sending domain.
- After that, GMail checks signature and the data.
- If it is alright, then GMail deliver the message to the recipient’s mailbox.
DKIM uses two encyption algorithms: RSA-1 (or just RSA) or RSA256. Those are public and private key pair authentication. The magic is what get encrypted by the private key can only be decrypted by public key and vice versa. But, you can’t decrypt using the same key that used to encrypt the data.
This mechanism is differ from SPF. For mailserver that implements SPF, it would just ask the DNS about a list of legal mailserver that have the right to send email originating from that particular domain.
Let’s us set Postfix to use DKIM. I assume that the mailserver is already functional and running.
There are two applications in Debian repository that serve the same purpose. The first is DKIM-Proxy which is a stand alone service that get injected and then inject back. It would run two processes which one would handle incoming traffic (verifying the email) and the later would do the signing. Both have their own socket to communicate with the mailserver.
The second is DKIM-Milter (or dkim-filter as Debian named it). It uses Sendmail‘s Milter protocol. So, it would run just like a plugin in Postfix. From my experimentation, I choose this because of the convinience for me. But, who knows you would choose the other.
Now, let’s install DKIM-Milter:
# apt-get install dkim-filter
The installation includes dkim-genkey tool to generate configurations including the DNS setting. Use the tool to generate DNS entry and private key:
# dkim-genkey -d ui.ac.id -s mail
- -d ui.ac.id means we would like to sign mails from ui.ac.id
- -s mail sets the selector’s name is “mail“. Selector is an entry in DNS that holds public key that will be used by other mail servers to verify the signature signed by origin mail server. Well, I decide not to define this further to simplify things. You could google it.
The command will generate two files: mail.txt which contains DNS entry and mail.private which is the private key that would be used to sign the letter. Here’s the example of mail.txt:
mail._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCS...AB" ; ----- DKIM mail for ui.ac.id
The public key entry is being cut to save space pertaining aesthetic aspect in this blog post. I would put the private key into /etc/dkim directory. The directory is non-existence, so we have to create it first.
# mkdir /etc/dkim # mv mail.private /etc/dkim
Now, the DNS part. I would refined the entry to add “t=y” and remove the comments. I’m also appending our domain after _domainkey (watch for the dot after “id”). So, it would be just like this:
mail._domainkey.ui.ac.id. IN TXT "v=DKIM1; g=*; t=y; k=rsa; p=MIGfMA0GCS...AB"
And put that in your DNS database and reload it.
Default installation do not run the DKIM-Milter. We need to set the DKIM-Milter in order to run. First, edit /etc/dkim-filter.conf file. Here’s the relevant things that I’ve change to suite my need: (just find the line)
Domain ui.ac.id KeyFile /etc/dkim/mail.private Selector mail Mode sv
Amazing thing about Debian is it has a great documentation style, so you can read the comments on the configuration file for further information. To have a functional DKIM-Milter, edit /etc/default/dkim-filter file to set where it should listen/respond to. To simplify things, I choose to have network socket than the UNIX socket. Unix socket slightly better in performance, but it must be set so that the chrooted Postfix and the DKIM-Milter service can both read and write it. I uncomment this:
SOCKET="inet:12345@localhost" # listen on loopback on port 12345
Last piece that should be configured is the Postfix configuration to use the DKIM-Milter. Edit /etc/postfix/main.cf file and add these lines:
smtpd_milters = inet:localhost:12345 non_smtpd_milters = inet:localhost:12345
Lastly, restart Postfix and DKIM-Milter service:
# invoke-rc.d dkim-filter restart # invoke-rc.d postfix restart
Now GMail knows our test subdomain. To check if our verification also works, we send the a mail from GMail to our test domain and would have these on the header:
Authentication-Results: groups.ui.ac.id; dkim=pass (1024-bit key) firstname.lastname@example.org; dkim-asp=none
There are things that I’m not covering, like the multiple selector and using 3rd party like Verisign to accomplish that, handling subdomains, using both DKIM and DomainKey, setup UNIX socket, etc. Don’t worry, for a single domain, the tutorial may run well.
Reference: Coker, Russel. 2008. Installing DKIM and Postfix in Debian. http://etbe.coker.com.au/2008/09/18/installing-dkim-postfix-debian/ Postfix. 2009. Postfix before-queue Milter support. http://www.postfix.org/MILTER_README.html Sendmail Consortium, The. 2009. http://www.sendmail.org/dkim
One of the missing feature in KDE 4 is the absent of audio extractor. I’m using sound-juicer just to rip my CD. But, I want to have 100% KDE convert! Must let go of all the GNOME stuff. 😛
Oh, actually, it’s only a simple matter. After you enter your audio CD into the CD/DVD drive, open Dolphin or Konqueror and type this in URL box (to have URL box, press CTRL+L):
There you could see all. They even have CDDB integration. Superb!
- Never set username = password! Never share your password!
- Don’t forget to logout!
- Avoid using HTTP, use HTTPS instead if you have to input password.
- Admin never ask for password! We have your home and can access it directly! Nevertheless, our code of conduct forbid us to do so.
- Don’t use acai pills, viagra, or anything else! Embrace your own manhood!
- There is no such thing as free lunch! No prince/embassy/high people that would asks you for help in transferring their money. Heck! Even mobs have backup account in Swiss. Furthermore, would you delegate your treasury to someone barely alien?
- Use Thunderbird, not Outlook. Use Firefox not IE.
- Watch the domain name.
Your recklessness is a torturing way for admin! Would you care for admins that have to go to the server site just to reset the server and protect against one hole, you, in a Sunday late night while you clubbing?
We admins have souls too, you know. Please spare our poor restless soul.
Creating Self-signed SSL Certificate for your webserver (e.g. Apache2, Lighttpd, and NGINX) :
openssl req -new -x509 -keyout /etc/lighttpd/selfcert.pem -out /etc/lighttpd/selfcert.pem -days 365 -nodes
Whoa.. quite long title. Anyway, this trick is given by Rolly Maulana Awangga on <a href=”http://groups.google.com/group/id-ubuntu/browse_thread/thread/659b7d331fdc22ce”>ubuntu-id</a>, so the credit goes to him. I’m just archiving it for usage in the future.
The point is: 1. Insert your WiFi driver installation CD. 2. Browse into the driver folder. 3. Find driver file (the one with .INF extension) and install it with ndiswrapper. E.g. in gnome-terminal:
<code> # sudo ndiswrapper -i namadriver.inf </code>
Caveat, there are some driver that already exist in kernel but with broken implementation. One of them is Broadcom’s bcm43xx. It should be blacklisted. How to blacklist a driver is to add it into /etc/modprobe.d/blacklist
This trick is applicable for any distro out there. But, you might adjust the blacklist file because each distro has different flavour. But, hey, that’s another story.
Stop the mysql service and start it without grant table so that we can go in without password.
invoke-rc.d mysql stop
/usr/bin/mysqld_safe –skip-grant-tables &
mysql –user=root mysql
mysql> update user set Password=PASSWORD(‘new-password-here‘) WHERE User=’root’; mysql> flush privileges; mysql> quit;
Then press Ctrl+C to stop MySQL and start again as normal service:
invoke-rc.d mysql start
This is how we do it, we disable extended insert.
mysqldump -nt --compatible=ansi,postgresql --complete-insert=TRUE --extended-insert=FALSE --compact --default-character-set=UTF8 -u $DB_USER -p$DB_PASS $DB_NAME $TABLE
Tips berikut ini diberikan oleh Sir Bats (Pak Sabri) di forum ubuntu-id. All credits for him.
Yang pengen open-office nya start lebih cepat dari microsoft office : http://www.zolved.com/synapse/view_content/28209/How_to_make_OpenOffi…
buka openoffice (writer/calc) klik Tools>options> Pilih OpenOffice.org > memory
ganti angka undo step dari default 100 ke 20 / 25 / 30 saya pikir angka 10 masih masuk akal, kita tidak akan meng-undo sampai sepuluh kali dalam penggunaan sehari-hari.
tambahkan volume graphic cache dari default : 6 MB ke 128 MB (kalo anda punya 2 GB memory boleh dicoba angka 200-250 MB).
ganti point Number of object ke angka 20 (boleh dicoba 5/ 10/ 15).
kalo anda tidak membutuhkan fitur Java : klik item java dan jangan dicentang. (terutama pengguna x86_64/amd64 … java bikin suck) :=))
punya saya dibikin begini : http://picasaweb.google.co.id/SIRBATS/OpenOffice/photo#51488252539450…
open office start dalam waktu 1 detik !! :=))