Javascript is disabled. Enable it if you want to see this page Η Javascript είναι απενεργοποιημένη. Ενεργοποίησε την για να δεις τη σελίδα
Page is loading...
Ίχνος - μια απόπειρα καταγραφής του τι κάνω - recording what I do - vassilis (bill) vatikiotis
<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>
Background: #fff
Foreground: #000
PrimaryPale: #8cf
PrimaryLight: #18f
PrimaryMid: #04b
PrimaryDark: #014
SecondaryPale: #ffc
SecondaryLight: #fe8
SecondaryMid: #db4
SecondaryDark: #841
TertiaryPale: #eee
TertiaryLight: #ccc
TertiaryMid: #999
TertiaryDark: #666
Error: #f88
body {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}

a {color:[[ColorPalette::PrimaryMid]];}
a:hover {background-color:[[ColorPalette::PrimaryMid]]; color:[[ColorPalette::Background]];}
a img {border:0;}

h1,h2,h3,h4,h5,h6 {color:[[ColorPalette::SecondaryDark]]; background:transparent;}
h1 {border-bottom:2px solid [[ColorPalette::TertiaryLight]];}
h2,h3 {border-bottom:1px solid [[ColorPalette::TertiaryLight]];}

.button {color:[[ColorPalette::PrimaryDark]]; border:1px solid [[ColorPalette::Background]];}
.button:hover {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::SecondaryLight]]; border-color:[[ColorPalette::SecondaryMid]];}
.button:active {color:[[ColorPalette::Background]]; background:[[ColorPalette::SecondaryMid]]; border:1px solid [[ColorPalette::SecondaryDark]];}

.header {background:[[ColorPalette::PrimaryMid]];}
.headerShadow {color:[[ColorPalette::Foreground]];}
.headerShadow a {font-weight:normal; color:[[ColorPalette::Foreground]];}
.headerForeground {color:[[ColorPalette::Background]];}
.headerForeground a {font-weight:normal; color:[[ColorPalette::PrimaryPale]];}

	border-left:1px solid [[ColorPalette::TertiaryLight]];
	border-top:1px solid [[ColorPalette::TertiaryLight]];
	border-right:1px solid [[ColorPalette::TertiaryLight]];
.tabUnselected {color:[[ColorPalette::Background]]; background:[[ColorPalette::TertiaryMid]];}
.tabContents {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::TertiaryPale]]; border:1px solid [[ColorPalette::TertiaryLight]];}
.tabContents .button {border:0;}

#sidebar {}
#sidebarOptions input {border:1px solid [[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel {background:[[ColorPalette::PrimaryPale]];}
#sidebarOptions .sliderPanel a {border:none;color:[[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel a:hover {color:[[ColorPalette::Background]]; background:[[ColorPalette::PrimaryMid]];}
#sidebarOptions .sliderPanel a:active {color:[[ColorPalette::PrimaryMid]]; background:[[ColorPalette::Background]];}

.wizard {background:[[ColorPalette::PrimaryPale]]; border:1px solid [[ColorPalette::PrimaryMid]];}
.wizard h1 {color:[[ColorPalette::PrimaryDark]]; border:none;}
.wizard h2 {color:[[ColorPalette::Foreground]]; border:none;}
.wizardStep {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];
	border:1px solid [[ColorPalette::PrimaryMid]];}
.wizardStep.wizardStepDone {background:[[ColorPalette::TertiaryLight]];}
.wizardFooter {background:[[ColorPalette::PrimaryPale]];}
.wizardFooter .status {background:[[ColorPalette::PrimaryDark]]; color:[[ColorPalette::Background]];}
.wizard .button {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::SecondaryLight]]; border: 1px solid;
	border-color:[[ColorPalette::SecondaryPale]] [[ColorPalette::SecondaryDark]] [[ColorPalette::SecondaryDark]] [[ColorPalette::SecondaryPale]];}
.wizard .button:hover {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::Background]];}
.wizard .button:active {color:[[ColorPalette::Background]]; background:[[ColorPalette::Foreground]]; border: 1px solid;
	border-color:[[ColorPalette::PrimaryDark]] [[ColorPalette::PrimaryPale]] [[ColorPalette::PrimaryPale]] [[ColorPalette::PrimaryDark]];}

#messageArea {border:1px solid [[ColorPalette::SecondaryMid]]; background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]];}
#messageArea .button {color:[[ColorPalette::PrimaryMid]]; background:[[ColorPalette::SecondaryPale]]; border:none;}

.popupTiddler {background:[[ColorPalette::TertiaryPale]]; border:2px solid [[ColorPalette::TertiaryMid]];}

.popup {background:[[ColorPalette::TertiaryPale]]; color:[[ColorPalette::TertiaryDark]]; border-left:1px solid [[ColorPalette::TertiaryMid]]; border-top:1px solid [[ColorPalette::TertiaryMid]]; border-right:2px solid [[ColorPalette::TertiaryDark]]; border-bottom:2px solid [[ColorPalette::TertiaryDark]];}
.popup hr {color:[[ColorPalette::PrimaryDark]]; background:[[ColorPalette::PrimaryDark]]; border-bottom:1px;}
.popup li.disabled {color:[[ColorPalette::TertiaryMid]];}
.popup li a, .popup li a:visited {color:[[ColorPalette::Foreground]]; border: none;}
.popup li a:hover {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; border: none;}
.popup li a:active {background:[[ColorPalette::SecondaryPale]]; color:[[ColorPalette::Foreground]]; border: none;}
.popupHighlight {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}
.listBreak div {border-bottom:1px solid [[ColorPalette::TertiaryDark]];}

.tiddler .defaultCommand {font-weight:bold;}

.shadow .title {color:[[ColorPalette::TertiaryDark]];}

.title {color:[[ColorPalette::SecondaryDark]];}
.subtitle {color:[[ColorPalette::TertiaryDark]];}

.toolbar {color:[[ColorPalette::PrimaryMid]];}
.toolbar a {color:[[ColorPalette::TertiaryLight]];}
.selected .toolbar a {color:[[ColorPalette::TertiaryMid]];}
.selected .toolbar a:hover {color:[[ColorPalette::Foreground]];}

.tagging, .tagged {border:1px solid [[ColorPalette::TertiaryPale]]; background-color:[[ColorPalette::TertiaryPale]];}
.selected .tagging, .selected .tagged {background-color:[[ColorPalette::TertiaryLight]]; border:1px solid [[ColorPalette::TertiaryMid]];}
.tagging .listTitle, .tagged .listTitle {color:[[ColorPalette::PrimaryDark]];}
.tagging .button, .tagged .button {border:none;}

.footer {color:[[ColorPalette::TertiaryLight]];}
.selected .footer {color:[[ColorPalette::TertiaryMid]];}

.sparkline {background:[[ColorPalette::PrimaryPale]]; border:0;}
.sparktick {background:[[ColorPalette::PrimaryDark]];}

.error, .errorButton {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::Error]];}
.warning {color:[[ColorPalette::Foreground]]; background:[[ColorPalette::SecondaryPale]];}
.lowlight {background:[[ColorPalette::TertiaryLight]];}

.zoomer {background:none; color:[[ColorPalette::TertiaryMid]]; border:3px solid [[ColorPalette::TertiaryMid]];}

.imageLink, #displayArea .imageLink {background:transparent;}

.annotation {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; border:2px solid [[ColorPalette::SecondaryMid]];}

.viewer .listTitle {list-style-type:none; margin-left:-2em;}
.viewer .button {border:1px solid [[ColorPalette::SecondaryMid]];}
.viewer blockquote {border-left:3px solid [[ColorPalette::TertiaryDark]];}

.viewer table, table.twtable {border:2px solid [[ColorPalette::TertiaryDark]];}
.viewer th, .viewer thead td, .twtable th, .twtable thead td {background:[[ColorPalette::SecondaryMid]]; border:1px solid [[ColorPalette::TertiaryDark]]; color:[[ColorPalette::Background]];}
.viewer td, .viewer tr, .twtable td, .twtable tr {border:1px solid [[ColorPalette::TertiaryDark]];}

.viewer pre {border:1px solid [[ColorPalette::SecondaryLight]]; background:[[ColorPalette::SecondaryPale]];}
.viewer code {color:[[ColorPalette::SecondaryDark]];}
.viewer hr {border:0; border-top:dashed 1px [[ColorPalette::TertiaryDark]]; color:[[ColorPalette::TertiaryDark]];}

.highlight, .marked {background:[[ColorPalette::SecondaryLight]];}

.editor input {border:1px solid [[ColorPalette::PrimaryMid]];}
.editor textarea {border:1px solid [[ColorPalette::PrimaryMid]]; width:100%;}
.editorFooter {color:[[ColorPalette::TertiaryMid]];}

#backstageArea {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::TertiaryMid]];}
#backstageArea a {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::Background]]; border:none;}
#backstageArea a:hover {background:[[ColorPalette::SecondaryLight]]; color:[[ColorPalette::Foreground]]; }
#backstageArea a.backstageSelTab {background:[[ColorPalette::Background]]; color:[[ColorPalette::Foreground]];}
#backstageButton a {background:none; color:[[ColorPalette::Background]]; border:none;}
#backstageButton a:hover {background:[[ColorPalette::Foreground]]; color:[[ColorPalette::Background]]; border:none;}
#backstagePanel {background:[[ColorPalette::Background]]; border-color: [[ColorPalette::Background]] [[ColorPalette::TertiaryDark]] [[ColorPalette::TertiaryDark]] [[ColorPalette::TertiaryDark]];}
.backstagePanelFooter .button {border:none; color:[[ColorPalette::Background]];}
.backstagePanelFooter .button:hover {color:[[ColorPalette::Foreground]];}
#backstageCloak {background:[[ColorPalette::Foreground]]; opacity:0.6; filter:'alpha(opacity:60)';}
* html .tiddler {height:1%;}

body {font-size:.75em; font-family:arial,helvetica; margin:0; padding:0;}

h1,h2,h3,h4,h5,h6 {font-weight:bold; text-decoration:none;}
h1,h2,h3 {padding-bottom:1px; margin-top:1.2em;margin-bottom:0.3em;}
h4,h5,h6 {margin-top:1em;}
h1 {font-size:1.35em;}
h2 {font-size:1.25em;}
h3 {font-size:1.1em;}
h4 {font-size:1em;}
h5 {font-size:.9em;}

hr {height:1px;}

a {text-decoration:none;}

dt {font-weight:bold;}

ol {list-style-type:decimal;}
ol ol {list-style-type:lower-alpha;}
ol ol ol {list-style-type:lower-roman;}
ol ol ol ol {list-style-type:decimal;}
ol ol ol ol ol {list-style-type:lower-alpha;}
ol ol ol ol ol ol {list-style-type:lower-roman;}
ol ol ol ol ol ol ol {list-style-type:decimal;}

.txtOptionInput {width:11em;}

#contentWrapper .chkOptionInput {border:0;}

.externalLink {text-decoration:underline;}

.indent {margin-left:3em;}
.outdent {margin-left:3em; text-indent:-3em;}
code.escaped {white-space:nowrap;}

.tiddlyLinkExisting {font-weight:bold;}
.tiddlyLinkNonExisting {font-style:italic;}

/* the 'a' is required for IE, otherwise it renders the whole tiddler in bold */
a.tiddlyLinkNonExisting.shadow {font-weight:bold;}

#mainMenu .tiddlyLinkExisting,
	#mainMenu .tiddlyLinkNonExisting,
	#sidebarTabs .tiddlyLinkNonExisting {font-weight:normal; font-style:normal;}
#sidebarTabs .tiddlyLinkExisting {font-weight:bold; font-style:normal;}

.header {position:relative;}
.header a:hover {background:transparent;}
.headerShadow {position:relative; padding:4.5em 0em 1em 1em; left:-1px; top:-1px;}
.headerForeground {position:absolute; padding:4.5em 0em 1em 1em; left:0px; top:0px;}

.siteTitle {font-size:3em;}
.siteSubtitle {font-size:1.2em;}

#mainMenu {position:absolute; left:0; width:10em; text-align:right; line-height:1.6em; padding:1.5em 0.5em 0.5em 0.5em; font-size:1.1em;}

#sidebar {position:absolute; right:3px; width:16em; font-size:.9em;}
#sidebarOptions {padding-top:0.3em;}
#sidebarOptions a {margin:0em 0.2em; padding:0.2em 0.3em; display:block;}
#sidebarOptions input {margin:0.4em 0.5em;}
#sidebarOptions .sliderPanel {margin-left:1em; padding:0.5em; font-size:.85em;}
#sidebarOptions .sliderPanel a {font-weight:bold; display:inline; padding:0;}
#sidebarOptions .sliderPanel input {margin:0 0 .3em 0;}
#sidebarTabs .tabContents {width:15em; overflow:hidden;}

.wizard {padding:0.1em 1em 0em 2em;}
.wizard h1 {font-size:2em; font-weight:bold; background:none; padding:0em 0em 0em 0em; margin:0.4em 0em 0.2em 0em;}
.wizard h2 {font-size:1.2em; font-weight:bold; background:none; padding:0em 0em 0em 0em; margin:0.4em 0em 0.2em 0em;}
.wizardStep {padding:1em 1em 1em 1em;}
.wizard .button {margin:0.5em 0em 0em 0em; font-size:1.2em;}
.wizardFooter {padding:0.8em 0.4em 0.8em 0em;}
.wizardFooter .status {padding:0em 0.4em 0em 0.4em; margin-left:1em;}
.wizard .button {padding:0.1em 0.2em 0.1em 0.2em;}

#messageArea {position:fixed; top:2em; right:0em; margin:0.5em; padding:0.5em; z-index:2000; _position:absolute;}
.messageToolbar {display:block; text-align:right; padding:0.2em 0.2em 0.2em 0.2em;}
#messageArea a {text-decoration:underline;}

.tiddlerPopupButton {padding:0.2em 0.2em 0.2em 0.2em;}
.popupTiddler {position: absolute; z-index:300; padding:1em 1em 1em 1em; margin:0;}

.popup {position:absolute; z-index:300; font-size:.9em; padding:0; list-style:none; margin:0;}
.popup .popupMessage {padding:0.4em;}
.popup hr {display:block; height:1px; width:auto; padding:0; margin:0.2em 0em;}
.popup li.disabled {padding:0.4em;}
.popup li a {display:block; padding:0.4em; font-weight:normal; cursor:pointer;}
.listBreak {font-size:1px; line-height:1px;}
.listBreak div {margin:2px 0;}

.tabset {padding:1em 0em 0em 0.5em;}
.tab {margin:0em 0em 0em 0.25em; padding:2px;}
.tabContents {padding:0.5em;}
.tabContents ul, .tabContents ol {margin:0; padding:0;}
.txtMainTab .tabContents li {list-style:none;}
.tabContents li.listLink { margin-left:.75em;}

#contentWrapper {display:block;}
#splashScreen {display:none;}

#displayArea {margin:1em 17em 0em 14em;}

.toolbar {text-align:right; font-size:.9em;}

.tiddler {padding:1em 1em 0em 1em;}

.missing .viewer,.missing .title {font-style:italic;}

.title {font-size:1.6em; font-weight:bold;}

.missing .subtitle {display:none;}
.subtitle {font-size:1.1em;}

.tiddler .button {padding:0.2em 0.4em;}

.tagging {margin:0.5em 0.5em 0.5em 0; float:left; display:none;}
.isTag .tagging {display:block;}
.tagged {margin:0.5em; float:right;}
.tagging, .tagged {font-size:0.9em; padding:0.25em;}
.tagging ul, .tagged ul {list-style:none; margin:0.25em; padding:0;}
.tagClear {clear:both;}

.footer {font-size:.9em;}
.footer li {display:inline;}

.annotation {padding:0.5em; margin:0.5em;}

* html .viewer pre {width:99%; padding:0 0 1em 0;}
.viewer {line-height:1.4em; padding-top:0.5em;}
.viewer .button {margin:0em 0.25em; padding:0em 0.25em;}
.viewer blockquote {line-height:1.5em; padding-left:0.8em;margin-left:2.5em;}
.viewer ul, .viewer ol {margin-left:0.5em; padding-left:1.5em;}

.viewer table, table.twtable {border-collapse:collapse; margin:0.8em 1.0em;}
.viewer th, .viewer td, .viewer tr,.viewer caption,.twtable th, .twtable td, .twtable tr,.twtable caption {padding:3px;}
table.listView {font-size:0.85em; margin:0.8em 1.0em;}
table.listView th, table.listView td, table.listView tr {padding:0px 3px 0px 3px;}

.viewer pre {padding:0.5em; margin-left:0.5em; font-size:1.2em; line-height:1.4em; overflow:auto;}
.viewer code {font-size:1.2em; line-height:1.4em;}

.editor {font-size:1.1em;}
.editor input, .editor textarea {display:block; width:100%; font:inherit;}
.editorFooter {padding:0.25em 0em; font-size:.9em;}
.editorFooter .button {padding-top:0px; padding-bottom:0px;}

.fieldsetFix {border:0; padding:0; margin:1px 0px 1px 0px;}

.sparkline {line-height:1em;}
.sparktick {outline:0;}

.zoomer {font-size:1.1em; position:absolute; overflow:hidden;}
.zoomer div {padding:1em;}

* html #backstage {width:99%;}
* html #backstageArea {width:99%;}
#backstageArea {display:none; position:relative; overflow: hidden; z-index:150; padding:0.3em 0.5em 0.3em 0.5em;}
#backstageToolbar {position:relative;}
#backstageArea a {font-weight:bold; margin-left:0.5em; padding:0.3em 0.5em 0.3em 0.5em;}
#backstageButton {display:none; position:absolute; z-index:175; top:0em; right:0em;}
#backstageButton a {padding:0.1em 0.4em 0.1em 0.4em; margin:0.1em 0.1em 0.1em 0.1em;}
#backstage {position:relative; width:100%; z-index:50;}
#backstagePanel {display:none; z-index:100; position:absolute; margin:0em 3em 0em 3em; padding:1em 1em 1em 1em;}
.backstagePanelFooter {padding-top:0.2em; float:right;}
.backstagePanelFooter a {padding:0.2em 0.4em 0.2em 0.4em;}
#backstageCloak {display:none; z-index:20; position:absolute; width:100%; height:100px;}

.whenBackstage {display:none;}
.backstageVisible .whenBackstage {display:block;}
StyleSheet for use when a translation requires any css style changes.
This StyleSheet can be used directly by languages such as Chinese, Japanese and Korean which need larger font sizes.
body {font-size:0.8em;}
#sidebarOptions {font-size:1.05em;}
#sidebarOptions a {font-style:normal;}
#sidebarOptions .sliderPanel {font-size:0.95em;}
.subtitle {font-size:0.8em;}
.viewer table.listView {font-size:0.95em;}
@media print {
#mainMenu, #sidebar, #messageArea, .toolbar, #backstageButton, #backstageArea {display: none ! important;}
#displayArea {margin: 1em 1em 0em 1em;}
/* Fixes a feature in Firefox where print preview displays the noscript content */
noscript {display:none;}
<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>
<div class='headerShadow'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>
<div class='headerForeground'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>
<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>
<div id='sidebar'>
<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>
<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>
<div id='displayArea'>
<div id='messageArea'></div>
<div id='tiddlerDisplay'></div>
<div class='toolbar' macro='toolbar [[ToolbarCommands::ViewToolbar]]'></div>
<div class='title' macro='view title'></div>
<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date'></span>)</div>
<div class='tagging' macro='tagging'></div>
<div class='tagged' macro='tags'></div>
<div class='viewer' macro='view text wikified'></div>
<div class='tagClear'></div>
<div class='toolbar' macro='toolbar [[ToolbarCommands::EditToolbar]]'></div>
<div class='title' macro='view title'></div>
<div class='editor' macro='edit title'></div>
<div macro='annotations'></div>
<div class='editor' macro='edit text'></div>
<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>
To get started with this blank TiddlyWiki, you'll need to modify the following tiddlers:
* SiteTitle & SiteSubtitle: The title and subtitle of the site, as shown above (after saving, they will also appear in the browser title bar)
* MainMenu: The menu (usually on the left)
* DefaultTiddlers: Contains the names of the tiddlers that you want to appear when the TiddlyWiki is opened
You'll also need to enter your username for signing your edits: <<option txtUserName>>
These InterfaceOptions for customising TiddlyWiki are saved in your browser

Your username for signing your edits. Write it as a WikiWord (eg JoeBloggs)

<<option txtUserName>>
<<option chkSaveBackups>> SaveBackups
<<option chkAutoSave>> AutoSave
<<option chkRegExpSearch>> RegExpSearch
<<option chkCaseSensitiveSearch>> CaseSensitiveSearch
<<option chkAnimate>> EnableAnimations

Also see AdvancedOptions

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server

This tiddler was automatically created to record the details of this server
Here are the basic elements in a typical ~TiddlyWiki layout (this tutorial uses a modification that places the ~MainMenu at the top in a horizontal fashion). Below the graphic are links to other screen captures with more information.


[[The header]]
[[The main menu]]
[[The right hand menu]]
[[Anatomy of a Tiddler]]

#  $wget
# $ mkdir k10temp && mv attachment.bin k10temp/k10temp.c
# Now create a Makefile containing:
    obj-m := k10temp.o
    KDIR := /lib/modules/$(shell uname -r)/build
    PWD := $(shell pwd)
    $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules

# $ make -C /lib/modules/$(uname -r)/build M=$(pwd) modules
# $ cp k10temp.ko /lib/modules/$(uname -r)/kernel/drivers/hwmon
# $ depmod && modprobe k10temp
There are 2 implicit rules
# Traffic flows from higher to lower security level interfaces
# At the end of each access list there is a //deny any any//

The 1st rule exists //only when there are no ACL's on an interface//. One, even inactive, access rule is enough to cancel that 1st rule.

* Always add a //permit any any// at the end of the highest security level interface i.e. the inside
* 2 rules in DMZ interfaces (order is important)
## Deny traffic to inside
## permit any to any
Before mayhem, all access from inside to outside (higher to lower security interface) was permitted, //even though//
# there was no specific rule for it
# there was one implicit rule (the last) that forbade it

After mayhem, all access from inside to outside was blocked, even though the mayhem (power outage) didn't affect the firewall. Why??????? Beats me...... A specific rule that enabled inside to outside access restored the order.

At the end of the end, WHAT IS THE DEFAULT BEHAVIOR of Cisco firewalls, regarding access from a higher security level interface to a lower security level interface???? Has this behavior changed? Is this behavior the same in PIX and ASA devices?? Plz help dammit....
Έλα ΤΩΡΑ μπας και φτιάξουμε τίποτα στο μπουρδέλο μας.
* Check which locales are supported : {{{less /usr/share/i18n/SUPPORTED}}}
* Add the locales you want ( for example el ) : {{{locale-gen el_GR.utf8}}}
* In /etc/environment, set the {{{LANG}}} variable to your desired character set ( for example //el_GR.~UTF-8// )
This is, absolutely, a work log. You've been warned. 
!!!!!Solaris server
* /etc/vfstab is the fstab equivalent for solaris 9.{{{/dev/dsk/c2t0d0s0       /dev/rdsk/c2t0d0s0      /export/raid    ufs     2       yes     logging}}} is the eonstor entry in it.
* Default filesystem is ufs.

In order to grow a ufs filesystem we do the following we can use the growfs(1m) utility. The growfs(1m) utility takes two arguments. The first argument,  the value passed to “-M”,  is the mount point of the file system to grow. The second argument is the raw device that backs this mount point. 

The following example will grow the filesystem on mount point {{{/export/raid}}}} to the maximum size available to the raw device c2t0d0s0.

{{{$ growfs -M /export/raid /dev/rdsk/c2t0d0s0}}}

The argument -M is not mandatory if the filesystem  isn’t mounted.

To see how many sectors will be available on c2t0d0s0 after the grow operation completes, you can run newfs with the “-N” option, and compare that with the current value of df (1m):

$ newfs -N /dev/rdsk/c2t0d0s0
/dev/rdsk/c2t0d0s0: 232331520 sectors in 56944 cylinders of 16 tracks, 255 sectors
113443.1MB in 2191 cyl groups (26 c/g, 51.80MB/g, 6400 i/g)

This will report the number of sectors, cylinders and ~MBs that would be allocated if a new file system was created on the device c2t0d0s0.

!!!!!Linux server
{{{mkfs}}} as usual. The new disks so just make a new ext3 filesystem on the new logical drive comprising the 2 new disks..

# (solaris) Create {{{/etc/nologin}}} to disable user logins.
# (solaris) Backup.
# (eonstor) Install the new hard disks.
# (eonstor) Make a new, raid 1, logical drive out of the 2 new disks.Run this step paraller to step 2.
# (linux,solaris) Unmount the eonstor mounted filesystems on both servers, after you've stopped all related services.
# (eonstor) Shutdown the controllers to flush any cache contents.
# (eonstor) Delete the 2nd logical partition and it will merge with the 1st. Non-destructively? Will see. If not, we have the backup.
# (eonstor) Assign ~LUNs to the 2 logical drive.
# (solaris) {{{gorwfs}}} on solaris on the 1st logical drive.
## (solaris) If it's done destructively then mount and restore backup, or
## (solaris) If it's done non-destructively just mount it.
# (linux) {{{mkfs}}} the desired number of ext3 filesystems on the 2nd logical drive (500GB).
## (linux) Restore backup and mount it.
!!!!!After op thoughts
{{{growfs}}} didn't work. I guess it has to do with the partition size. If the partition was larger than its filesystem then growing it would have been possible. 
Alas, I had to repartition.
# {{{format}}} and partition the new (eonstor logical) drive.
# {{{newfs}}} with 4096 fragment size (-f option).
# Restore backup.
!!!!!Refs a very good resource for solaris disk management.
R.I.P GBS. Enter [[Weave|]]
@@Debian etch we have Amavisd-new 2.4.2-6 and ~SpamAssassin 3.2.3@@

The following messages appear regularly in the mail log.

Feb  1 20:30:17 zeus amavis[19150]: (19150-04) (!) SA TIMED OUT, backtrace: at /usr/share/perl5/Mail/~SpamAssassin/ line 165\n\teva
l {...} called at /usr/share/perl5/Mail/~SpamAssassin/ line 165\n\tMail::~SpamAssassin::~DBBasedAddrList::remove_entry('Mail::~SpamAss
assin::~DBBasedAddrList=HASH(0xa9d0af4)', 'HASH(0xa4e4f4c)') called at /usr/share/perl5/Mail/~SpamAssassin/ line 135\n\tMail::~SpamAssa
ssin::~AutoWhitelist::check_address('Mail::~SpamAssassin::~AutoWhitelist=HASH(0xa923140)', '', called at /usr/s
hare/perl5/Mail/~SpamAssassin/Plugin/ line 356\n\teval {...} called at /usr/share/perl5/Mail/~SpamAssassin/Plugin/ line 352\n\tMail::~SpamA
ssassin::Plugin::AWL::check_from_in_auto_whitelist('Mail::~SpamAssassin::Plugin::AWL=HASH(0x9f75fb0)', 'Mail::~SpamAssassin::~PerMsgStatus=HASH(0x91a64
bc)') called at (eval 795) line 7\n\tMail::~SpamAssassin::~PerMsgStatus::c...

@@According to google@@:

The error is from amavis, basically it decided to kill SA when it was dealing with the AWL (auto whitelist perl module), which probably isn't a great idea, but...


This could be simply what spamassassin was doing at the point you ran out of time. One possible reason for timeouts is sa-learn is running an expiry, and possibly learning a message at the same time. The Debian package of amavisd-new has a cron entry that runs -force-expire once a day (/etc/cron.daily/amavisd-new). 

(note) Debian crons sync every 3 hours and expire/sync every day.

You can disable opportunistic expiry by setting: bayes_auto_expire 0 in, but MAKE SURE the script works or Bayes will grow forever. Simply run it. If it takes a minute to run, it's very likely working. The script may be outdated also. The important part should read something like: su - amavis -c '/usr/bin/sa-learn -sync -force-expire >/dev/null' 

Moving to ~MySQL helps considerably: It is not too bad to start from scratch with an empty AWL database, it is probably not worth salvaging your existing AWL. 

@@My note@@

CPU utilisation. Check the SA TIMED OUT messages and notice the id of the amavis process, in (), and the email address involved. search the logs for that id and email address. Determine the nature of that particular message, mainly size and whether it's SPAM or not. 

!!!!Links and info
* man sa-learn and search for EXPIRATION
* man Mail::~SpamAssassin::Plugin::AWL
* google for: amavis "TIMED OUT" awl
* check amavisd.conf-default which contains all amavisd and many SA configuration variables. 
* Check the main amavisd-new site and read how SA variables interact with amavisd configuration. @@Not all SA variables are set in amavisd configuration files. CHECK IT!!@@
! The main elements of a Tiddler

! The Tiddler's hidden buttons

! A tiddler in 'edit' mode
When you double-click on a Tiddler or click the edit button, the Tiddler opens up into edit mode. Here is what it looks like:


When you are done editing the Tiddler, here are the options.
The Red Book covers everything! This is an implementation flavor suitable for my needs (so far).

In /etc/apache2/sites/available/a-site virtual host:

<Location /svn/>
  DAV svn
  SVNParentPath /srv/www/eleon/svn
  SVNListParentPath on
  # access control policy
  AuthzSVNAccessFile /srv/www/eleon/.svndiraccess
  # try anonymous access first, resort to real
  # authentication if necessary.
  Satisfy Any
    Require valid-user

  # how to authenticate a user
  AuthType Digest
  AuthName "eleon"
  AuthDigestDomain /svn/
  AuthDigestProvider file
  AuthUserFile /srv/www/eleon/.svnpasswds

RewriteEngine on
RewriteRule ^(/svn)$ $1/ [R]

The Location directive is with a trailing slash, because, somehow, getting a list of repositories (with the SVN Parent* directives) doesn't work without one. The Rewrite directives capture the location without a trailing slash. So both /svn and /svn/ produce a repository listing.

We use digest authentication. We declare the realm with ~AuthName. Password file is produced using the htdigest utility. Remember to specify a realm when generating user passwords.

We allow anonymous read access and we limit write operations to valid users, using the ~LimitExcept directive. See about GET, PROPFIND and other webdav verbs and how they are used in various svn operations. For now, GET and PROPFIND are used for checkouts and MKACTIVITY for commits.

The generic svn command is: 
{{{svn commad ./localdir --username mynameisme}}}

Depending on the access permissions, it may not be necesary to specify a username.

Repository Admin: the apache user has to have full rights to the repositories location.

@@NB@@: No system accounts are required for the users. One system account must create the repository (e.g. svnadmin create repos_name)
|''Version:''|2.2.2 (23 Oct 2007)|
|''Source''| ([[|]])|
The archive plugin allows you to store tiddler text outside of the tiddlywiki file.
Typically you would tag bulky tiddlers or those with infrequently needed content as "Archive" and these would
then be archived as separate html files in the sub folder called "archive".
#Create a folder "archive" in the same folder as your tiddlywiki file.
#Install the Archive Plugin and reload your tiddlywiki
#Tag your bulky tiddlers with "Archive"
#Save your tiddlywiki file
!To Do
* Synchronize tiddler renames/deletions with file system
* Lazy loading of archived files via HTTP
version.extensions.ArchivePlugin = {major: 2, minor: 2, revision: 2, date: new Date("Oct 23, 2007")};

// Hijacking the built-in functions
TW21Saver.prototype.externalizeTiddler = function(store,tiddler)
	try {
		var extendedAttributes = "";
		var usePre = config.options.chkUsePreForStorage;
			function(tiddler,fieldName,value) {
				// don't store stuff from the temp namespace
				if(typeof value != "string")
					value = "";
				if (!fieldName.match(/^temp\./))
					extendedAttributes += ' %0="%1"'.format([fieldName,value.escapeLineBreaks().htmlEncode()]);
		var created = tiddler.created.convertToYYYYMMDDHHMM();
		var modified = tiddler.modified.convertToYYYYMMDDHHMM();
		var vdate =;
		var attributes = tiddler.modifier ? ' modifier="' + tiddler.modifier.htmlEncode() + '"' : "";
		attributes += (usePre && modified == created) ? "" : ' modified="' + modified +'"';
		attributes += (usePre && created == vdate) ? "" :' created="' + created + '"';
		var tags = tiddler.getTags();
		if(!usePre || tags)
			attributes += ' tags="' + tags.htmlEncode() + '"';
		return ('<div %0="%1"%2%3>%4</'+'div>').format([
				usePre ? "title" : "tiddler",
				usePre ? "\n<pre>" + tiddler.saveMe() + "</pre>\n" : tiddler.escapeLineBreaks().htmlEncode()
	} catch (ex) {
		throw exceptionText(ex,config.messages.tiddlerSaveError.format([tiddler.title]));

Tiddler.prototype.saveMe = function() {
 if (this.tags.indexOf('Archive') != -1) {
 // Save tiddler body to a file in the archive folder
if  (this.text) saveFile(getWikiPath('archive') + this.title.filenameEncode() + '.html', this.text)
 return '';

 return this.text.htmlEncode();

// This hijack ensures plugins can also be archived
var archivePlugin_getPluginInfo = getPluginInfo;
getPluginInfo = function(tiddler) {
 tiddler.text = store.getValue(tiddler, 'text');
 return archivePlugin_getPluginInfo(tiddler);

TiddlyWiki.prototype.getValue = function(tiddler, fieldName) {
 var t = this.resolveTiddler(tiddler);
 if (!t)
 return undefined;

 fieldName = fieldName.toLowerCase();

 if (t.tags.indexOf('Archive')!=-1 && fieldName=='text' && t['text']=='') {
 try {
//   var tmp;

//   var originalPath = document.location.toString();
//   if(originalPath.substr(0,5) != 'file:') {
//      hrefLoc = getWikiPath('archive') + t.title.filenameEncode() + '.html';
//      tmp = hrefLoc
//   }
//   else
  var tmp = loadFile(getWikiPath('archive') + t.title.filenameEncode() + '.html');
   tmp = (tmp.charCodeAt(0) == 239 ? manualConvertUTF8ToUnicode(tmp) : tmp);
 } catch (e) {
   return ''; //alert("{{{Error: Unable to load file '" + getWikiPath('archive') + t.title.filenameEncode() + '.html' + "'}}}");
return tmp;
 } else {
 var accessor = TiddlyWiki.standardFieldAccess[fieldName];
 if (accessor) {
 return accessor.get(t);
 return t.fields ? t.fields[fieldName] : undefined;

String.prototype.filenameEncode = function() {
 return(this.toLowerCase().replace(/[^a-z0-9_-]/g ,"_"));

function getWikiPath(folderName) {
 var originalPath = document.location.toString();
 if(originalPath.substr(0,5) != 'file:') {

 return ; //"" + folderName + "/";
 var localPath = getLocalPath(originalPath);
 var backSlash = localPath.lastIndexOf('\\') == -1 ? '/' : '\\';
 var dirPathPos = localPath.lastIndexOf(backSlash);
 var subPath = localPath.substr(0,dirPathPos) + backSlash + (folderName ? folderName + backSlash : '');
 return subPath;
Όλα σε javascript είναι στο TiddlyWiki, και απ' ότι φαίνεται δεν πρέπει να είναι δύσκολο να φτιάξεις plugins. Aπλώς κάνεις hijack τα functions που θες και προγραμματίζεις οτι θες. Δυστυχώς δεν υπάρχει τεκμηρίωση του API ακόμα οπότε πρέπει να κοιτάξει κανείς τον κώδικα σε ένα άδειο TiddlyWiki (empty.html).

Υπάρχει ένα πολύ ενδιαφέρον plugin pου λέγεται ΑrchivePlugin και επιτρέπει στον συγγραφέα να σώζει tiddlers σε αρχεία εκτός του tiddlywiki aρχείου. Το μόνο που πρέπει να κάνει ο συγγραφέας είναι να δημιουργήσει έναν φάκελο με το όνομα archive και να μαρκάρει (taggαρει?!?) τo tιddler (και) ως Archive.

Δυστυχώς η θέαση αυτών των tiddlers δεν είναι δυνατή μέσω του http πρωτοκόλου ακριβώς επειδή το όλο σύστημα λειτουργεί μέσω του file system - το tiddlywiki είναι client side. Μία λύση στο πρόβλημα θα ήταν να μπορούσαμε μέσω javascript να καλέσουμε και να πάρουμε το source των σωσμένων αρχείων, η javascript όμως δεν το επιτρέπει αυτό ( content/traffic stealing). Η λύση είναι ένα server side tiddlywiki.

PS. Μια λύση που θυμάμαι ως developer είναι να χρησιμοποιήσουμε frames εκ των οποίων το ένα να είναι κρυμμένο και να φορτώνεται το αρχείο σε αυτό. Ισως είναι κάπως σύνθετο για το επίπεδο μου ως plugin developer. Είδωμεν...

Goto to backup location and edit a file named catalog. 
version= esx-3.0                                                          
state= poweredOn                                                          
display_name= "dns"
uuid= "564d43ae-2e60-1efd-73c4-56c6395f0f65"
disk.scsi0:0.filename= "scsi0-0-0-dns.vmdk"
disk.scsi0:0.diskname= "[esx1:storage2] dns/dns.vmdk"
config.vmx= "[esx1:storage2] dns/dns.vmx"
timestamp= "Fri Feb 27 13:35:58 2009"
config.suspenddir= "[esx1:storage2] dns"
config.snapshotdir= "[esx1:storage2] dns"
config.file0= "dns.vmsd"
config.file1= "dns-122c311e.vmss"
config.file2= "dns.vmxf"
config.file3= "dns.nvram"
config.logdir= "[esx1:storage2] dns"
config.log0= "vmware-1.log"
config.log1= "vmware-2.log"
config.log2= "vmware-3.log"
config.log3= "vmware-4.log"
config.log4= "vmware.log"
folderpath= "/ha-folder-root/ha-datacenter/vm"
resourcepool= "/ha-folder-root/ha-datacenter/host/"
Information included in this file:
# display name
# name of datastore
# folder path
# resource pool
Make a copy of the catalog file and set up your prefs there. 
and then cd to   where you want to restore the backup.
{{{vcbRestore -h hostname -u root -s /path/to/backed-up-vm -a /path/to/edited/copy/of/catalog}}}

# Among many, many others,
# Search
For login, interactive shells, the easiest things is to source ~/.bashrc  from within ~/.bash_profile. Ubuntu (8.10) seems that doesn't provide a ~/.bash_profile. I could very well be wrong...
@@Header/body checks and content filtering isn't covered here, only restrictions@@

To start with:
* ( big one! )

~Anti-UCE/~Anti-Virus processing is applied in the following order:
# SMTPD Restrictions
# Header/body Checks
# Content Filters
So here is a restrictions excerpt:

smtpd_helo_required = yes

smtpd_recipient_restrictions =
        check_client_access hash:/etc/postfix/client_checks
        check_helo_access pcre:/etc/postfix/helo_checks
        check_sender_access hash:/etc/postfix/sender_checks
        check_sender_access hash:/etc/postfix/access
        check_sender_mx_access cidr:/etc/postfix/bogus_mx
        check_recipient_access pcre:/etc/postfix/recipient_checks
#       reject_rbl_client

* Order is important: e.g if we put reject_unknown_reverse_client_hostname //before// permit_mynetworks then our outbound email will fail, if our end user workstations are behind and //and// have no reverse PTR RR. It's tempting to put reject_unknown_reverse_client_hostname at the beginning, thus stopping outright all //invalid// connections. but then our poor users will complain.
* I don't like ~RBLs (yet). I may never do. Hence the comment in reject_rbl_client.
* All checks are done in smtpd_recipient_restrictions, sort of late evaluation. Thus, all the previous checks, see [[Postfix access restriction lists]], have to be empty.
* HELO is required. Without a HELO, it's not possible to perform HELO checks (1st line).
// //''Name:'' Blog
// //''Version:'' 0.1.1
// //''Author:'' [[Anshul Nigham|]] (adapted from an earlier plugin by [[ClintChecketts|]]) 
// //Tag support given by [[Emmanuel Frécon|]]
// //''Type:'' Plugin
// //''Description:'' Posts the most recently edited tiddlers when the TiddlyWiki is opened, similar to a blog.
// //''Syntax:'' Change the daysOrPosts and numOfDaysOrPosts variables below
// // If daysOrPosts variable is "days", tiddlers from the past numOfDaysOrPosts dates will be displayed
// // If daysOrPosts variable is "posts", the past numOfDaysOrPosts tiddlers will be displayed 
// // The restrictTag variable contains the tag that all entries should contain
// // for appearing as blog entries. Other entries will not appear, except for
// // those coming from the the defaultTiddlers. If the variable is an empty
// // string, then the behaviour is the same version 0.1 (below).

// // ''Tested against:'' Tiddlywiki 2.1.3

// // ''HOWTO:'' Simply copy this entire tiddler and paste it into a new tiddler in your own tiddlywiki.
// // Tag it with systemConfig, and also with systemTiddlers if you don't want it to appear within the blog views. Name it anything you like

var daysOrPosts = "days";
var numOfDaysOrPosts = "7";
var restrictTag = "journal";

function displayTopTiddlers()
	if(window.location.hash) daysOrPosts = "";
	if(daysOrPosts == "posts")
		var tiddlerNames = store.reverseLookup("tags","systemTiddlers",false,"modified");
		if (tiddlerNames.length < numOfDaysOrPosts)
			numOfDaysOrPosts = tiddlerNames.length;
		for(var t = tiddlerNames.length-numOfDaysOrPosts;t<=tiddlerNames.length-1;t++)
      if (restrictTag == "" || tiddlerNames[t].isTagged(restrictTag))
	if (daysOrPosts == "days"){
		var lastDay = "";
		var tiddlerNames = store.reverseLookup("tags","systemTiddlers",false,"modified");
		var t = tiddlerNames.length -1;
		var tFollower = 0;
		for(t;t>=0;t--) if(numOfDaysOrPosts >= 0){
			var theDay = tiddlerNames[t].modified.convertToYYYYMMDDHHMM().substr(0,8);
			if(theDay != lastDay){
				numOfDaysOrPosts = numOfDaysOrPosts -1;
				lastDay = theDay;
				tFollower = t;

		for(tFollower = tFollower+1; tFollower < tiddlerNames.length;tFollower++){
      if (restrictTag == "" || tiddlerNames[tFollower].isTagged(restrictTag))
// VV story. is put by me


window.original_restart = window.restart;
window.restart = function()
This refers to upgrading ~OpenLDAP from Jaunty to Lucid. It's not exhaustive. It only deals with the symptoms, not with causes.

Apparently there is something wrong with olcAccess entries inside olcDatabase={0}config.

Steps to rectify it. References and useful threads at the end of the post.
* Install slapd package in a clean installation. Observe the olcAccess line in/etc/ldap/slapd.d/cn=config/olcDatabase{0}config.ldif . It represents one ACL. It seems that there can be only one ACL in this database.
* Remove all but one olcAccess line in your olcDatabase{0}config.ldif. Replace it with {{{ {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth,cn=config manage}}}
* olcAccess lines containing localroot has to be removed
** Note that dn, dn.base and dn.exact are the same. dn.base is implied when dn is supplied. dn.exact is an alias to dn.base

If you have setup phpLDAPadmin ver. 1, then there might be a problem if you have specified something like this {{{$servers->SetValue('server','base',array('cn=config', 'dc=iit,dc=demokritos,dc=gr')); }}}, which means that these 2 base ~DNs are displayed. Normally, we don't want the config DN to be visible by the the DIT manager (cn=ldapadmin), but only to the system admin (cn=config). Conversely, we don't want the system admin to be able to see/modify any ~DITs. I don't know if there is such a capability in ~phpLDAPadmin (v2). So, we have to make both ~DNs visible to both the DIT manager and the system admin and modify our ~ACLs accordingly.

The new ~ACLs:
* for olcDatabase={0}config (this is one line): {{{ {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth,cn=config manage by dn.exact="cn=ldapadmin,ou=...,dc=..." read }}}
* as is for the ~DITs
[[Special note for users of Internet Explorer]]
[[Tips for making Mozilla Firefox run faster]]
For Cap >= 2.0:
{{{rake command not found}}}
you can set in your deploy.rv the following:
{{{set :rake, "path-to-your-rake"}}}

While deploying via capistrano the following error:
{{{/script/process/reaper - command not found}}}
You might want to check your deploy.rb and override the restart task. Default deploy.rb has a commented section about Passenger mod_rails. I overrided the task to read {{{run "#{try_sudo} touch #{File.join(current_path,'tmp','restart.txt')}"}}}

capistrano is not using the rvm ruby version you setup in .rvmrc:
{{{set :default_environment, {
  'PATH' => "/path/to/.rvm/gems/ree/1.8.7/bin:/path/to/.rvm/bin:/path/to/.rvm/ree-1.8.7-2009.10/bin:$PATH",
  'RUBY_VERSION' => 'ruby 1.8.7',
  'GEM_HOME'     => '/path/to/.rvm/gems/ree-1.8.7-2010.01',
  'GEM_PATH'     => '/path/to/.rvm/gems/ree-1.8.7-2010.01',
  'BUNDLE_PATH'  => '/path/to/.rvm/gems/ree-1.8.7-2010.01'  # If you are using bundler.
The environment variables are set to their {{{echo}}} output. ruby version {{{ruby -v}}}

This took me one day!!!!!!!!!!!!!!!

The following on cisco (apparently)
* Shutdown Vlan 1
* THIS IS THE ONE. Disable spanning tree on vlan 1. Otherwise the link port is blocked, with the following message: "Received 802.1Q BPDU on non trunk ~FastEthernet 0/(link-port-number>. Block ~FastEthernet 0/<link-port-number> on ~VLAN0001. Inconsistent port type".
* Do this as well, if vlans are configured. Disable spanning-tree on each unmanaged vlans.

This is rule of thumb. It crashes down horribly if topology contains loops. I use this in the following fashion:

Uplink----->Unmanaged switch----->cisco 2950------->--->Hosts

The cisco switch and Hosts is part of my test setup. Since I don't want to move away from my two monitors, I need a way to partition the cisco switch to an unmanaged vlan and whatever else, and be able to access Hosts from my workstation
git can be intimidating to newbies like me.....

I want to be able to checkpoint changes in the index, but I don't want to commit/save history/branch-and-experiment. Just a cheap way of quickly trying out things.

# {{{git add}}}
# make changes in code
# {{{git add, git add}}}
No commits so far, so the local repository hasn't changed.

* {{{git diff}}} schanges since last checkpoint.
* {{{git diff HEAD}}} changes since last commit.
* {{{git chekcout .}}} reverts to the last checkpoint.
* {{{git checkout HEAD .}}} reverts to the last commit.

Say, I'm fiddling with my fast and small changes and suddenly I want to work on HEAD. I want to save temporarily my little tests, work on HEAD, and pop my tests up to continue fiddling.

* {{{git stash}}} to stash my tests.
* {{{git stash apply}}} to pop them up.
* {{{git stash clear}}} to clear stash.
@@NOTE@@ {{{git stash}}} saves current state of index and working area.

Now, maybe I made a few changes but I want to select which ones I stage. {{{git add -patch}}} to interactively select what to do with each change.

* this is where I got these from.
* thank you for the {{{-patch}}} beauty.
To see what DNS software and version a DNS server runs:

{{{dig CHAOS TXT version.bind @dns-you-want-to-check}}}
* a tftp server must be on. Usually it's configured and run through inetd
* the safest bet for the tftpd directory permissions is 777. In Ubuntu, the //exact// right ownership is nobody:nogroup
* in a cisco console:
** copy flash tfp - Uploads in tftpd the IOS image. 
** copy running-config tftp - Uploads in tftpd the running configuration
** Similarly for downloading and uploading.

~Ctrl-A Z, O, Serial Setup:
* Serial device /dev/ttyS0 (the S stands for serial)
* Bps/Par/Bits - 9600 8N1
* Hardware Flow Control - No
* Software Flow Control - No

and the right cable. Find the blue one that comes with the cisco package.
@@UPDATE 1@@: Split tunneling is disabled. It's a security hole. I setup SSL Web VPN instead. Marvelous. 
It's still possible to connect via the cisco vpn client but for accessing web resource available only from the IIT Lan is an overkill. An ssh with the -D option ( application level proxy ) is more than enough.
* 3 predefined privilege levels: 3 (Monitor), 5 (Read) and 15 (Admin)
* To change the enable password, change the password of the, default, user //enable_15//.
Enable split tunneling. In order to be able to access LAN @@and@@ internet resources we have to @@explicitely@@:
* Create an ACL (we do it with a standard ACL, it's possible with an extended).
* Specify all the internal networs that you want traffic to be encrypted.
access-list vpnusers_splitTunnelAcl standard permit DEEP-NET
access-list vpnusers_splitTunnelAcl standard permit Net-A
access-list vpnusers_splitTunnelAcl standard permit NET-B
and then,
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpnusers_splitTunnelAcl

In vpnc, we keep the default route table. After connecting to out our site via the VPN,  we see that we have 3 additional routes,  1 for //~DEEP-NET//, 1 for //~Net-A// and 1 for //~NET-B//.

If we hadn't specified any ACE's for the vpnusers_splitTunnelAcl then we'd see the following at our client side:
---- something has gone wrong here ----
$> route -n
.       U     tun0
which means that //all// traffic would be directed to the vpn, via the //tun0// device. Clearly,, for instance, can't handle encrypted IPSEC traffic.

The correct route table of a client connected to a VPN site supporting split tunneling looks like the following:
---- correct ----
$> route -n
DEEP-NET-IP     DEEP-NET-netmask    U        tun0 (tunnel device)
NET-B-IP     NET-B-netmask    U        tun0 (tunnel device)
Net-A-IP     Net-A-netmask    U        tun0 (tunnel device)
DNS-IP     UH    tun0 (tunnel device)       GATEWAY_IP             UG   eth0
meaning that //all// Local ~LANs are directed to the vpn tunnel device. All other go via eth0 to our client's default gateway.
Notice the DNS entry. If we specify a DNS IP for our vpn clients in our VPN configuration, then this DNS entry will be pushed to the client's routing table.
We don't have a ~VMware ~VirtualCenter Server so we do cloning manually.

To clone:
# ssh to the ESX server. su to root.
# Shutdown the source VM.
# {{{vmkfstools -i /path/to/source.vmdk /path/to/dest.vmdk}}}. It'll take a while.
# Create a new custom VM in ~VMware Infrastructure Client and point it to the cloned disk.

Ubuntu and all distros using udev have a connectivity problem after cloning. Restarting networking gives:
>{{{sudo /etc/init.d/networking restart}}}
> * Reconfiguring network interfaces...
>eth0: ERROR while getting interface flags: No such device
>SIOCSIFADDR: No such device
>eth0: ERROR while getting interface flags: No such device
>SIOCSIFNETMASK: No such device
>SIOCSIFBRDADDR: No such device
>eth0: ERROR while getting interface flags: No such device
>eth0: ERROR while getting interface flags: No such device
>Failed to bring up eth0.

The problem is that udev caches the ethernet MAC address. Remove the cache file:
{{{sudo rm /etc/udev/rules.d/70-persistent-net.rules}}}

Next we need to change the hostname and IP
* /etc/hosts - change hostname and fwdn
* /etc/hostname - change hostname
* /etc/network/intrerfaces - change IP settings.

If you use ssh then we need to regenerate the host keys:
# {{{rm /etc/ssh/ssh_host_*sa_key}}}
# {{{ssh-keygen}}} - repeat for a dsa key ( -t dsa ) if needed. Passphrase //must// be empty for host keys.
# Delete your entries in ~/.ssh/known_hosts. 

Optional: Synchronize clock with host, [[Guest VM time in ESX 3.5]]

@@Check to see if ~VMware Tools are running.@@ If not, probably due to kernel updates, get the desired headers and kernel source, and {{{sudo}}}.
Finally reboot guest.
Background: #fff
Foreground: #000
PrimaryPale: #8cf
PrimaryLight: #18f
PrimaryMid: #04b
PrimaryDark: #014
SecondaryPale: #ffc
SecondaryLight: #fe8
SecondaryMid: #db4
SecondaryDark: #841
TertiaryPale: #eee
TertiaryLight: #ccc
TertiaryMid: #999
TertiaryDark: #666
Error: #f88
Background: #fff
Foreground: #000
PrimaryPale: #8cf
PrimaryLight: #18f
PrimaryMid: #04b
PrimaryDark: #014
SecondaryPale: #ffc
SecondaryLight: #fe8
SecondaryMid: #db4
SecondaryDark: #841
TertiaryPale: #eee
TertiaryLight: #ccc
TertiaryMid: #999
TertiaryDark: #666
Error: #f88
!!!!!Brightness (Black & Shadow) 
Adjust the brightness, making sure you can distinguish the shirt from the suit. The suit should be black, not gray. If you see a moving X, turn the brightness down until the X just disappears. If your LCD has a gamma adjustment, that will be more effective at bringing out the nearly-black details on the shirt than increasing the backlight intensity will. The goal is to see the deepest possible blacks without losing details in the darkness.


!!!!!Contrast (White)
Set the contrast as high as possible without losing the wrinkles and buttons on the shirt. Lower the contrast if the white cue stick does not appear straight and smooth. This is a complementary operation to the brightness adjustment we just made - we want to see the brightest white details without blowing them out.


!!!!!RGB Color Balance
If your monitor has a color temperature setting, set it to 6500k. Make sure none of the gray bars have a tinge of red, green, or blue. You may need to fine tune brightness and contrast again after adjusting the color balance. 

|>|>|SiteTitle - SiteSubtitle|
|~|~|<<tiddler Configuration.SideBarTabs>>|

''StyleSheet:'' StyleSheetColors - StyleSheetLayout - StyleSheetPrint

|[[Timeline|TabTimeline]]|[[All|TabAll]]|[[Tags|TabTags]]|>|>|[[More|TabMore]] |
# Goto configuration->Networking->Add Networking and select ~VMkernel. 
# Give an IP/netmask. Take care //not// to place vmkernel and Service Console in the production network. That is, place all vmkernel and Service console on an isolated network.
# Open needed firewall ports.
# Goto configuration->Storage Adapters and enable iSCSI.
<<newDocument "label:Print this tiddler" "prompt:print an HTML snapshot of this tiddler" nofilename print here>>

If your particular distribution does not include minicom, you can download it from the following URL:

Once you have Minicom installed, start it up with the command "minicom". Press "~Ctrl-A Z" to get to the main menu. Press "o" to configure minicom. Go to "Serial port setup" and make sure that you are set to the correct "Serial Device" and that the speed on line E matches the speed of the serial console you are connecting to. (In most cases with Sun, this is 9600.) Here are the settings I made when using my Serial A / ~COM1 port on my Linux box:

    | A -    Serial Device      : /dev/ttyS0                                |
    | B - Lockfile Location     : /var/lock                                 |
    | C -   Callin Program      :                                           |
    | D -  Callout Program      :                                           |
    | E -    Bps/Par/Bits       : 9600 8N1                                  |
    | F - Hardware Flow Control : Yes                                       |
    | G - Software Flow Control : No                                        |
    |                                                                       |
    |    Change which setting?                                              |

After making all necessary changes, hit the ESC key to go back to the "configurations" menu. Now go to "Modem and dialing". Change the "Init string" to "~^M~". Save the settings (as dflt), and then restart Minicom. You should now see a login prompt.


var sc_project=3483299; 
var sc_invisible=0; 
var sc_partition=38; 
var sc_security="20fcd0f4"; 
var sc_text=4; 
document.write('<script src= type="text/JavaScript"><\/script>');

document.write('<div class="statcounter">  από 01-03-2008:<a class="statcounter" href="" target="_blank"><img class="statcounter" src="" alt="invisible hit counter" /></a></div>');

|''Description:''|Support for cryptographic functions|
if(!version.extensions.CryptoFunctionsPlugin) {
version.extensions.CryptoFunctionsPlugin = {installed:true};

//-- Crypto functions and associated conversion routines

// Crypto "namespace"
function Crypto() {}

// Convert a string to an array of big-endian 32-bit words
Crypto.strToBe32s = function(str)
	var be = Array();
	var len = Math.floor(str.length/4);
	var i, j;
	for(i=0, j=0; i<len; i++, j+=4) {
		be[i] = ((str.charCodeAt(j)&0xff) << 24)|((str.charCodeAt(j+1)&0xff) << 16)|((str.charCodeAt(j+2)&0xff) << 8)|(str.charCodeAt(j+3)&0xff);
	while (j<str.length) {
		be[j>>2] |= (str.charCodeAt(j)&0xff)<<(24-(j*8)%32);
	return be;

// Convert an array of big-endian 32-bit words to a string
Crypto.be32sToStr = function(be)
	var str = "";
	for(var i=0;i<be.length*32;i+=8)
		str += String.fromCharCode((be[i>>5]>>>(24-i%32)) & 0xff);
	return str;

// Convert an array of big-endian 32-bit words to a hex string
Crypto.be32sToHex = function(be)
	var hex = "0123456789ABCDEF";
	var str = "";
	for(var i=0;i<be.length*4;i++)
		str += hex.charAt((be[i>>2]>>((3-i%4)*8+4))&0xF) + hex.charAt((be[i>>2]>>((3-i%4)*8))&0xF);
	return str;

// Return, in hex, the SHA-1 hash of a string
Crypto.hexSha1Str = function(str)
	return Crypto.be32sToHex(Crypto.sha1Str(str));

// Return the SHA-1 hash of a string
Crypto.sha1Str = function(str)
	return Crypto.sha1(Crypto.strToBe32s(str),str.length);

// Calculate the SHA-1 hash of an array of blen bytes of big-endian 32-bit words
Crypto.sha1 = function(x,blen)
	// Add 32-bit integers, wrapping at 32 bits
	add32 = function(a,b)
		var lsw = (a&0xFFFF)+(b&0xFFFF);
		var msw = (a>>16)+(b>>16)+(lsw>>16);
		return (msw<<16)|(lsw&0xFFFF);
	// Add five 32-bit integers, wrapping at 32 bits
	add32x5 = function(a,b,c,d,e)
		var lsw = (a&0xFFFF)+(b&0xFFFF)+(c&0xFFFF)+(d&0xFFFF)+(e&0xFFFF);
		var msw = (a>>16)+(b>>16)+(c>>16)+(d>>16)+(e>>16)+(lsw>>16);
		return (msw<<16)|(lsw&0xFFFF);
	// Bitwise rotate left a 32-bit integer by 1 bit
	rol32 = function(n)
		return (n>>>31)|(n<<1);

	var len = blen*8;
	// Append padding so length in bits is 448 mod 512
	x[len>>5] |= 0x80 << (24-len%32);
	// Append length
	x[((len+64>>9)<<4)+15] = len;
	var w = Array(80);

	var k1 = 0x5A827999;
	var k2 = 0x6ED9EBA1;
	var k3 = 0x8F1BBCDC;
	var k4 = 0xCA62C1D6;

	var h0 = 0x67452301;
	var h1 = 0xEFCDAB89;
	var h2 = 0x98BADCFE;
	var h3 = 0x10325476;
	var h4 = 0xC3D2E1F0;

	for(var i=0;i<x.length;i+=16) {
		var j,t;
		var a = h0;
		var b = h1;
		var c = h2;
		var d = h3;
		var e = h4;
		for(j = 0;j<16;j++) {
			w[j] = x[i+j];
			t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
		for(j=16;j<20;j++) {
			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
			t = add32x5(e,(a>>>27)|(a<<5),d^(b&(c^d)),w[j],k1);
			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
		for(j=20;j<40;j++) {
			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
			t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k2);
			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
		for(j=40;j<60;j++) {
			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
			t = add32x5(e,(a>>>27)|(a<<5),(b&c)|(d&(b|c)),w[j],k3);
			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;
		for(j=60;j<80;j++) {
			w[j] = rol32(w[j-3]^w[j-8]^w[j-14]^w[j-16]);
			t = add32x5(e,(a>>>27)|(a<<5),b^c^d,w[j],k4);
			e=d; d=c; c=(b>>>2)|(b<<30); b=a; a = t;

		h0 = add32(h0,a);
		h1 = add32(h1,b);
		h2 = add32(h2,c);
		h3 = add32(h3,d);
		h4 = add32(h4,e);
	return Array(h0,h1,h2,h3,h4);

Sometimes it's necessary to include custom HTML markup in the {{{<head>}}} of a TiddlyWiki file - typically for compatibility with ad serving software, external libraries, or for custom meta tags. The CustomMarkup operation defines four shadow tiddlers whose contents are spliced into the saved HTML file. (If you do a view/source you'll see the markers referred to below).
|!Title |!Location |!Marker |
|MarkupPreHead |Start of the {{{<head>}}} section |{{{<!--PRE-HEAD-START-->}}} |
|MarkupPostHead |End of the {{{<head>}}} section |{{{<!--POST-HEAD-START-->}}} |
|MarkupPreBody |Start of the {{{<body>}}} section |{{{<!--PRE-BODY-START-->}}} |
|MarkupPostBody |End of the {{{<body>}}} section |{{{<!--POST-BODY-START-->}}} |
MarkupPreHead is the only one with shadow content: a link to the default location of the RSS feed.
You can customise the appearance and behaviour of TiddlyWiki to almost any degree you want:
* Use the ColorPalette to change the basic colour scheme
* Create a CustomStyleSheet for finer grained control over the appearance
* Customise the PageTemplate, ViewTemplate or EditTemplate to change the composition of the page and the layout of individual tiddlers
* Use off-the-shelf themes from [[TiddlyThemes|]]
* Visit the [[Configuration]] summary to see all the special configuration tiddlers
* Install [[Plugins]] to extend the core functionality (find them at [[TiddlyVault|]] or you can try [[writing or adapting your own|]])
* Use TiddlyBookmarklets for low level hacking of TiddlyWiki documents
There are also a bunch of TiddlyWikiTools that you can use to enhance TiddlyWiki.
It seems that my Microsoft wireless keyboard announces its presence every 5 or 10secs, thus littering my syslog with setkeycodes messages. One way to prevent this is to add in /etc/rc.local:
{{{setkeycodes e059 122}}}
In my syslog I have key e059 and key e001, thus I put 2 lines assigning both keys to 122.

Now, the best solution would be to make the keyboard stop sending these messages. Good luck...
Bind 9.4.2 on Ubuntu Hardy 8.04 LTS and 9.3.4 on Debian Etch

I set up a master and a slave DNS servers using views. Unfortunately views complicate things.
Issues I've encountered:

!!!!! Permissions
Permissions during zone transfers from master to slave. In a slave's zone declaration //do not// use an absolute path. For instance:
file "";
type slave;
This is a correct declaration. Notice the //absence// of a path in the file declaration. That way, bind will store the incoming zone information in the appropriate directory, e.g. in /var/cache/bind for Ubuntu 8.04.

Alternatively you may specify a path in the file declaration but make sure that the user which bind runs under, has permissions to write in that directory.

!!!!!Views ( in greeklish )
localview: ola XFER'd ston slave DNS.
allothersview: ola XFER'd ston master DNS tou kentrou. @@UPDATE@@ Logw politikhs, den mporoume na stelnoume notifications ston master tou kentrou. Workaround 10m refresh time in SOA.

* In my Debian version of bind, notify has to be set to yes! Notifications will not be sent if we set it to no, even if we //explicitelly// set an also-notify directive in a zone.
* Be Careful on multihome setups: use notify-source to specify the IP address for the //outgoing// notify messages.
* Nikos @ Ariadne said that the order of the //forward// and //forwarders// declarations matter.
* The DNS used, among more than 1 ~DNSs, which is the default case since more than 1 NS RR records have to be present in a zone file, is the one with the smallest RTT ( Round Trip Time ).
* It seems that //recursion yes;// doesn't work in views. //allow-recursion// does though.
Bind 9.4.2 on Ubuntu Hardy 8.04 LTS and 9.3.4 on Debian Etch

DNS/Bind has so many intricacies...

We have to take care not to leak queries to the root nameservers, regarding addresses in the private address ranges, as described by RFC 1918. Our nameservers have to answer those kind of queries.

For example: {{{dig -x}}} has to be answered by our nameserver. Any leaked queries to the root nameservers is inconsiderate, bad policy and bad form.

So we need to specify zones in order to   resolve any reverse queries regarding our private addresses. For example:

; BIND reverse data file for rfc1918 zone
$TTL 1d
@ IN  SOA (
        2009022604    ; Serial
        1d            ; Refresh
        2h            ; Retry
        1w            ; Expire
        3h )          ; Negative Cache TTL

2.6     IN PTR
26.5    IN PTR
26.5    IN PTR

As for the private address ranges we do not use, just inlcude an empty zone file, i.e. only a SOA record.

Commands {{{mailq}}} or {{{postqueue -p}}} produce a queue listing. Take the queue file ID and do:
{{{postsuper -d ID}}}

For multiple emails I need to put on my ruby hat and script something. Will do...

{{{mailq | grep "All messages from will be permanently deferred; Retrying will NOT succeed." -B1 |grep -v \(host | grep -v \delivery |grep -v "\-\-" | awk '{ print $1; }'  | postsuper -d - }}}
to remove from queue all messages matching "All messages from ..."
An excellent post in software engineering
; <<>> DiG 9.5.0-P2 <<>>
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28644
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

What do those flags in DNS terms mean?

* AA: Authorative Answer: the nameserver that answered the query is the authorative (responsible) nameserver for that domain. Record shown in this query are those that will be known throughout the world.
* RD: Recursion Desired.
* RA: Recursion Available.
* QR: Query Response: the answer we received seems pretty reasonable, and could be real.
Ζητούμενο: Χρειαζόμαστε να περνάνε κάποια broadcast πακέτα από ένα δίκτυο σε κάποιο άλλο. Το [[wakeonlan|Enable and use wake-on-lan on Debian]] στέλνει UDP broadcasts στο port 9 (discard).

* Στο global configuration mode δίνουμε: {{{router(config)# ip forward-protocol udp 9}}}
* Στο interface configuration mode του targeted network (το υποδίκτυο που θελουμε να φτάσουμε) δίνουμε:  {{{router(config-if)# ip directed-broadcast}}}

* Login στην estia
* {{{vatikiot@estia::~> wakeonlan -i <subnet Broadcast IP> <MAC Address του μηχανήματος που θέλω να ανοίξω, π.χ. vael>}}}

Η broadcast IP για ένα subnet είναι η τελευταία IP address αυτού του subnet. Για ένα class C subnet είναι η (π.χ. σε classless mode) for more info.

What fixup does that it looks for SMTP protocol anomalies and drops connection when something is going wrong.

The particular problem presented by Cisco's SMTP FIXUP is normally due to the way it handles EHLO - in that it more often than not strips out server signatures and on occasions the initial 220/200 codes. So as opposed to the Cisco dropping the connection it is the sending SMTP server that drops the connection as it is not able to verify the receivers signature.

On the receiving end, postfix supports a PIX workaround mechanism which triggers whenever postfix detects a cisco firewall running the fixup protocol. That doesn't mean that we are clear. If postfix is the one initiating the connection and the firewall (on the sending, our, end) has the fixup protocol enabled, EHLO reply inspection happens and "any unsupported extension that is found in the server's reply will be replaced with the "XXXX" pattern, which labels that extension as private".

See [[ESMTP Support for Cisco IOS Firewal|]]

To remove "fixup" on SMTP...

Using ASDM then:
Configuration -> Service Policy Rules ->  General/Global Policy -> Edit > Rule Actions -> Untick ESMTP
Click OK -> Apply -> Save

From CLI:

{{{> en}}}(password)
{{{> conf t}}}
{{{> no fixup protocol smtp 25}}}
{{{> (ctrl+z) }}}
{{{> wr me}}}
{{{> exit}}}
<<formTiddler NewPluginTemplate>><data>{"format":"Plugin","author":"Daniel Baird","twversion":"2.1x","category":"Tagging","description":"Make the tag chooser ignore tags that are themselves tagged with 'excludeLists'.","link":""}</data>
// //''Name:'' EmailLink
// //''Version:'' <<getversion email>> (<<getversiondate email "DD MMM YYYY">>)
// //''Author:'' AlanHecht
// //''Type:'' [[Macro|Macros]]

// //''Description:'' email lets you list a "email" address without displaying it as readable text.  This helps prevent your email address from being harvested by search engines and other web crawlers that read your page's contents. Using email, you type in the words "at" and "dot" instead of the punctuation symbols and add spaces inbetween words to disguise your address. However, email will display your email address in a web browser so that humans can read it. And email turns the address into a hyperlink that can be clicked to send you an instant email.

// //''Syntax:'' << {{{email yourname at yourdomain dot com "?optional parameters"}}} >>
// //Example 1: <<email sample at nowhere dot com>> (standard)
// //Example 2: <<email multiple dot sample at somewhere dot nowhere dot com>> (multiple dots)
// //Example 3: <<email sample at nowhere dot com "?subject=Submission&body=Type your message here.">> (with optional parameters)

// //''Directions:'' <<tiddler MacroDirections>>

// //''Notes:'' You can use the optional email parameters to stipulate a subject or message body for the message.  Most (not all) email clients will use this information to construct the email message.

// //''Related Links:'' none

// //''Revision History:''
// // v0.1.0 (20 July 2005): initial release
// // v0.1.1 (22 July 2005): renamed the macro from "mailto" to "email" to further thwart email harvesters.
// // v0.1.2 (15 October 2005): added global replacement of "dots" thanks to a suggestion from Ralph Winter

// //''Code section:'' = {major: 0, minor: 1, revision: 2, date: new Date("Oct 15, 2005")}; = {} = function(place,macroName,params)
var temp = params.join(" ");
data = temp.split("?");
var recipient = data[0];
recipient = recipient.replace(" at ","@").replace(" dot ",".","g");
recipient = recipient.replace(/\s/g,"");
var optional = data[1] ? "?" + data[1] : "";
var theLink = createExternalLink(place,"ma"+"il"+"to:"+recipient+optional);
<<newDocument "label:Print this tiddler" "prompt:print an HTML snapshot of this tiddler" nofilename print here>>

@@Σημείωση για χρήστες Windows (μπλιαξ)@@: Κάπου στα Properties της κάρτας δικτύου υπάρχει η παράμετρος. Βρείτε το και click. 

!!!!Enable and use wake-on-lan on Debian
1. Enable wake on lan feature on BIOS. Usually it's under Power Management and it might be called 'PME Event Wake Up' or 'Wake on Ring Event' or 'Wake on Lan'. These options may have slightly different meanings depending on how your ~NIC is connected to the motherboard.

2. ACPI is enabled for 2.6 kernels so no need to worry about it.

3. Your network card must support the wake on lan feature. If it does, install ethtool: 

{{{apt-get install ethtool}}}, although I prefer aptitude ;)

4. From now on we assume that the wake-on-lan NIC will be eth0. As root: 

{{{ethtool eth0}}}

to see if the network cards does support wake on lan. If it does then you should see something like

      Supports Wake-on: g
      Wake-on: d
      Link detected: yes

      Here we can see that wakeonlan support is available because of the g, but it's currently disabled, cause of Wake-on: d. To enable it:

{{{ethtool -s eth0 wol g}}}

      NB: for some ~NICs you need to pass kernel module options instead of using ethtool.

5. To make the above change permanent add to /etc/network/interfaces

{{{post-up /usr/sbin/ethtool -s eth0 wol g}}}
{{{pre-down /usr/sbin/ethtool -s eth0 wol g}}}

in the iface section of the NIC, whose IP you want to use as the wake-on-lan IP.

6. Find the NIC's MAC address:

{{{/sbin/ifconfig -a}}}

7. Once you know the MAC address tou are set. Shutdown the machine using the command halt.

      NB: the commands halt and poweroff are slightly different. In layman's words, poweroff cuts off the power supply, effectively powering off your NIC, while halt turns off all the hardware components except the ones we have setup to stay on. We need the NIC to stay on otherwise it's not possible to perform wake-on-lan since there'll be no active NIC to receive the wakeup call.

8. On the remote machine: install a package able to send the wakeonlan packets. wakeonlan or etherwake would do the trick. The wakeonlan package can be used by non-root users.

{{{wakeonlan -i 08:00:20:C2:1E:F6 }}}
{{{            Sending magic packet to with 08:00:20:C2:1E:F6}}}

The -i switch is used to broadcast the wakeonlan magic packet on the network your machine is located in. See the wakeonlan man page. Remember, broadcast packets do not pass through routers, so the remote machine and the machine you want to turn on should be on the same network, if you decide to use the -i switch. Otherwise you may need to use static ARP tables.
Excellent article @

Wish it was a tiddler so I could import it. I hope Jeff backs-up his blog, we can't afford to lose such nice postings.
// //''Name:'' Favicon
// //''Version:'' <<getversion favicon>> (<<getversiondate favicon "DD MMM YYYY">>)
// //''Author:'' AlanHecht
// //''Type:'' SystemConfig

// //''Description:'' favicon allows you to stipulate the location of a webpage icon (also known as a favorite icon or favicon) for your TiddlyWiki.  The location of the icon is absolute (meaning that you need to give the full URL path, including the "http:").  This allows you to use any favicon icon that exists on the Web -- even if it is on a totally different server.

// //''Directions:'' <<tiddler StartupBehaviorDirections>> 
// //Then, in the code section below, change the line beginning with {{{n.href}}} so that the value inside the quotation marks is the absolute URL for the icon file (usually named favicon.ico).

// //''Notes:'' Many web browsers -- with the exception of Microsoft Internet Explorer (IE) -- load favicons in the browser address bar automatically.  However, IE users will not see your favicon unless they 1) have IE set as the computer's default browser, and 2) create a favorite (aka bookmark) for your site (and even then, IE sometimes still doesn't play nice).

// //''Related Links:'' for more information on creating favicons, visit ''[[this page|]]'' which also has a tool to convert an image of your choice into a favicon file.

// //''Revision History:''
// // v0.1.0 (18 July 2005) - initial release

// //''Code section:''
version.extensions.favicon = {major: 0, minor: 1, revision: 0, date: new Date("Jul 18, 2005")};
var n = document.createElement("link");	
n.rel = "shortcut icon"; 
n.href = ""; 
|''Description:''|//create//, //edit//, //view// and //delete// commands in toolbar <<toolbar fields>>.|
|''Date:''|Dec 21,2007|
|''Author:''|Pascal Collin|
|''License:''|[[BSD open source license|License]]|
|''Browser:''|Firefox 2.0; InternetExplorer 6.0, others|
On [[homepage|]], see [[FieldEditor example]]
*import this tiddler from [[homepage|]] (tagged as systemConfig)
*save and reload
*optionnaly : add the following css text in your StyleSheet : {{{#popup tr.fieldTableRow td {padding:1px 3px 1px 3px;}}}}


config.commands.fields.handlePopup = function(popup,title) {
	var tiddler = store.fetchTiddler(title);
	var fields = {};
	store.forEachField(tiddler,function(tiddler,fieldName,value) {fields[fieldName] = value;},true);
	var items = [];
	for(var t in fields) {
		var editCommand = "<<untiddledCall editFieldDialog "+escape(title)+" "+escape(t)+">>";
		var deleteCommand = "<<untiddledCall deleteField "+escape(title)+" "+escape(t)+">>";
		var renameCommand = "<<untiddledCall renameField "+escape(title)+" "+escape(t)+">>";
		items.push({field: t,value: fields[t], actions: editCommand+renameCommand+deleteCommand});
	items.sort(function(a,b) {return a.field < b.field ? -1 : (a.field == b.field ? 0 : +1);});
	var createNewCommand = "<<untiddledCall createField "+escape(title)+">>";
	items.push({field : "", value : "", actions:createNewCommand });
	if(items.length > 0)

config.commands.fields.listViewTemplate = {
	columns: [
		{name: 'Field', field: 'field', title: "Field", type: 'String'},
		{name: 'Actions', field: 'actions', title: "Actions", type: 'WikiText'},
		{name: 'Value', field: 'value', title: "Value", type: 'WikiText'}
	rowClasses: [
			{className: 'fieldTableRow', field: 'actions'}
	buttons: [	//can't use button for selected then delete, because click on checkbox will hide the popup

config.macros.untiddledCall = {  // when called from listview, tiddler is unset, so we need to pass tiddler as parameter
	handler : function(place,macroName,params,wikifier,paramString) {
		var macroName = params.shift();
		if (macroName) var macro = config.macros[macroName];
		var title = params.shift();
		if (title) var tiddler = store.getTiddler(unescape(title));
		if (macro) macro.handler(place,macroName,params,wikifier,paramString,tiddler);		

config.macros.deleteField = {
	handler : function(place,macroName,params,wikifier,paramString,tiddler) {
		if(!readOnly && params[0]) {
			fieldName = unescape(params[0]);
			var btn = createTiddlyButton(place,"delete", "delete "+fieldName,this.onClickDeleteField);
			btn.setAttribute("fieldName", fieldName);
	onClickDeleteField : function() {
		var title=this.getAttribute("title");
		var fieldName=this.getAttribute("fieldName");
		var tiddler = store.getTiddler(title);
		if (tiddler && fieldName && confirm("delete field " + fieldName+" from " + title +" tiddler ?")) {
			delete tiddler.fields[fieldName];
		return false;

config.macros.createField = {
	handler : function(place,macroName,params,wikifier,paramString,tiddler) {
		if(!readOnly) {
			var btn = createTiddlyButton(place,"create new", "create a new field",this.onClickCreateField);
	onClickCreateField : function() {
		var title=this.getAttribute("title");
		var tiddler = store.getTiddler(title);
		if (tiddler) {
			var fieldName = prompt("Field name","");
			if (store.getValue(tiddler,fieldName)) {
				window.alert("This field already exists.");
			else if (fieldName) {
				var v = prompt("Field value","");
		return false;

config.macros.editFieldDialog = {
	handler : function(place,macroName,params,wikifier,paramString,tiddler) {
		if(!readOnly && params[0]) {
			fieldName = unescape(params[0]);
			var btn = createTiddlyButton(place,"edit", "edit this field",this.onClickEditFieldDialog);
			btn.setAttribute("fieldName", fieldName);
	onClickEditFieldDialog : function() {
		var title=this.getAttribute("title");
		var tiddler = store.getTiddler(title);
		var fieldName=this.getAttribute("fieldName");
		if (tiddler && fieldName) {
			var value = tiddler.fields[fieldName];
			value = value ? value : "";
			var lines = value.match(/\n/mg);
			lines = lines ? true : false;
			if (!lines || confirm("This field contains more than one line. Only the first line will be kept if you edit it here. Proceed ?")) {
				var v = prompt("Field value",value);
		return false;

config.macros.renameField = {
	handler : function(place,macroName,params,wikifier,paramString,tiddler) {
		if(!readOnly && params[0]) {
			fieldName = unescape(params[0]);
			var btn = createTiddlyButton(place,"rename", "rename "+fieldName,this.onClickRenameField);
			btn.setAttribute("fieldName", fieldName);
	onClickRenameField : function() {
		var title=this.getAttribute("title");
		var fieldName=this.getAttribute("fieldName");
		var tiddler = store.getTiddler(title);
		if (tiddler && fieldName) {
			var newName = prompt("Rename " + fieldName + " as ?", fieldName);
			if (newName) {
				delete tiddler.fields[fieldName];
		return false;

config.shadowTiddlers.StyleSheetFieldsEditor = "/*{{{*/\n";
config.shadowTiddlers.StyleSheetFieldsEditor += ".fieldTableRow td {padding : 1px 3px}\n";
config.shadowTiddlers.StyleSheetFieldsEditor += ".fieldTableRow .button {border:0; padding : 0 0.2em}\n";
config.shadowTiddlers.StyleSheetFieldsEditor +="/*}}}*/";
store.addNotification("StyleSheetFieldsEditor", refreshStyles);

[[The BIG Picture Transcript|]]

ενδιαφέρουσα μακροοικονομική ανάλυση της αμερικανικής οικονομίας και του τί συμβαίνει τώρα, Νοέμβριος 2007
!!!<<gradient horiz #fc3 #fff>>&nbsp;[[FireFox Tips]]^^ <<toolbar editTiddler>>» ^^>>
*[[FireFox - Editing configuration|]]
*[[Lifehacker Firefox 2 config tweaks|]]
*~FireFox memory leak
* reduce memory consumption (using browser.sessionhistory.max_entries)
* fixing access keys
* Firefox Quick Find as it should (and used to) be
@@color(#C06):Tweaks Implemented at ~TWHelp@@
@@color(#C06):''Fetch only what you click''@@

Fx .6 and up: Firefox has this wacky little feature that downloads pages from links it thinks you may click on pages you view, like the top result on a page of Google results. This means you use up bandwidth and CPU cycles and store history for web pages you may not have ever viewed. Creepy, eh? To stop that madness, set the network.prefetch-next key to false.

   1. Type "about:config" the address bar.
   2. Scroll down to the setting "network.prefetch-next" and set the value to "False".

    * Key: network.prefetch-next
    * Modified Value: false
@@color(#C06):''Limit RAM usage''@@

All versions: Goodness knows I've done a good amount of belly-aching about Firefox's voracious appetite for RAM. (It's consistently the most memory-intensive process on both my PC and Mac.) Happily a simple config tweak got Mem Use right back down to a more comfortable number. Along with the previous prefetch mod, set your browser.cache.disk.capacity browser.cache.memory.capacity to a value that fits your total RAM.

    * Key: browser.cache.memory.capacity
    * Modified Value: Depends on your system's total memory. According to Computerworld:

          For RAM sizes between 512BM and 1GB, start with 15000. For RAM sizes between 128MB and 512M, try 5000.

1. Type "about:config" the address bar.
2. Scroll down to the setting
layout.spellcheckDefault = 2 turns on Firefox 2's spell-checking in input fields as well as text areas. 
@@color(#C06):Other tweaks Implemented  at ~TWHelp@@
@@color(#C06):''Save RAM''@@
Someone sent me a link to an interesting ~FireFox tweak that could save
~FireFox users a LOT of working memory overhead.

# Type 'about:config' in Firefox address bar and press Enter.
# Right click in the page and select 'New > Boolean'.
# Type 'config.trim_on_minimize' in the box that pops up. Press Enter.
# Select 'True' and then press Enter.
# Restart Firefox.

What this does is cause FireFox to automatically its reduce working
memory whenever the  browser window is minimized.  I tested this under
FF2002 on WinXPSP2 using a local copy of TiddlyTools, and the
browser's memory usage (as shown by the Task Manager "Processes" tab)
went from around 38Mb down to around 5Mb, just by minimizing the

In addition, not only does this setting dramatically reduce the memory
used by FireFox while it is minimized, but after you restore the
browser window, it appears that FireFox continues to use significantly
less memory than before (though more than when minimized).  I've also
noticed that FireFox seems to run a bit quicker after a minimize/
restore, especially if it has been running all day with an actively
edited TW document.

These side-effects are most likely the result of some *global* garbage
collection process that is apparently being performed to reclaim
wasted memory space each time the window is minimized. 

Eric Shulman 
@@color(#C06):''Reduce Firefox Memory Consumption''@@

Firefox seems to need more memory when I have it open for a long time and surf to many different websites. I was never able to find out why it behaved this way and assumed that it was either a memory leak or an extension which would be responsible for this behavior.

It seems that my assumption was wrong. Firefox saves the last 50 visited websites of a single session in memory which means that it could add up quickly if you visit lots of content filled websites. The reason behind this is that it is faster to access a already visited website if it still resides in memory instead of loading it from disk cache or from the server.

50 sites on the other hand seems a lot to me. I usually do not visit sites again that I visited a while ago - I tend to visit many different sites and only a few ones more than once daily. The fix is relatively simple. Type about:config in the Firefox address bar and search for the term:


Right-click the entry, select modify from the list and change it to a lower value. I set it to 5 which works well for my surfing habits. Other values might be better for yours.
''FireFox Tweek'' Is there any way to configure FF so that I don't get the "unresponsive script" messages on complex tiddlers?
1) enter "about:config" into the address field in FF
2) search for dom.max_script_run_time in the resulting list of
configuration parameters
3) double-click that entry to change the value

The default is 5 seconds...
I recommend increasing it in 5 second increments until the
'unresponsive' messages disappear.

Eric Shulman
TiddlyTools / ELS Design Studios

&darr;+++[Windows UNSAFE Message]
> When I try to save [from FireFox], I get this message:
> A script from "file://" is requesting enhanced abilities
> that are UNSAFE and could be used to compromise
> your machine or data
> Allow or Deny
> But what exactly is it doing? Am I opening up any kind of security
> hole by allowing this? Is there a way I can view the setting in
> Firefox that is being changed?

It is asking for permission to READ the existing TW document file from
your local hard drive, so it can then insert the changed tiddlers from
the currently loaded document into that file content, and then WRITE
that file content back to your hard drive... In other words: it's
saving the changes in your document!!!

So... why does this create a warning?  Because, underneath the hood,
TiddlyWiki is still just a web page, and ALL web pages running in your
browser MUST ask for permission before accessing your local hard
drive.  That's just basic, common-sense security.  You don't want
random web sites that you visit to start reading/writing your locally-
stored files!

However, while TiddlyWiki is a web page, and CAN be opened from a
*remotely-hosted* document (i.e., an "http" URL), it is mostly
designed to opened and used as a *locally-stored file* (i.e., a "file"
URL), and NEEDS to be granted permission to access the local hard
drive in order for some key TW core functions (such as saving changes)
to work properly.

Unfortunately, even though one could presume that "file://" is, by
definition, a "trusted source" -- after all, it is YOUR drive, and YOU
opened the TW document in the first place -- the browser still asks
for permission to access the local hard drive from that locally-loaded

I suggest that, once you are comfortable with the idea, you simply
"Allow" the file:// access and also [x] "remember this decision", so
you aren't nagged to death with security warnings.

Fortunately, the browser treats "file://" as a separate domain from
all other remote domains, so granting permissions to locally-stored
documents won't create any security holes when accessing remote web

To find the internal FireFox setting:
1) look for "prefs.js", a file that is automatically written by
FireFox to store your current browser settings.  Under Windows, this
is generally located at:
C:\Documents and Settings\Your Name\Application Data\Mozilla\Firefox
2) Open that file with a plain text editor (make sure FireFox is NOT
running at the time!), and find these two lines (or similar):
"UniversalXPConnect  UniversalBrowserRead");
user_pref("", "file://");
3) Delete those lines to restore FireFox's default "ask for
permission" state for the "file://" domain

Eric Shulman
TiddlyTools / ELS Design Studios 

^^[[Top|FireFox Tips]]^^
To enable pipelining (more requests than 1 at a time, to a certain page):
* Set "network.http.pipelining" to "true"
* Set "network.http.proxy.pipelining" to "true"
* Set "network.http.pipelining.maxrequests" to 15.
* Right-click anywhereinside the firefox winodw and select New-> Integer. Name it "nglayout.initialpaint.delay" and set its value to "0″.

To disable downloading web pages from links, within the page that you are already downloading (because Firefox "thinks" that you might be interested in those pages).
* Set "network.prefetch-next" to false

To disable button tooltips
* Set "" to false
Firefox 3
Set in about:config
browser.helperApps.deleteTempFileOnExit = false (boolean)

TiddlyWiki uses Wiki style markup, a way of lightly "tagging" plain text so it can be transformed into HTML. Edit this Tiddler to see samples.

! Header Samples
!Header 1
!!Header 2
!!!Header 3
!!!!Header 4
!!!!!Header 5

! Unordered Lists:
* Lists are where it's at
* Just use an asterisk and you're set
** To nest lists just add more asterisks...
*** this
* The circle makes a great bullet because once you've printed a list you can mark off completed items
* You can also nest mixed list types
## Like this

! Ordered Lists
# Ordered lists are pretty neat too
# If you're handy with HTML and CSS you could customize the [[numbering scheme|]]
## To nest, just add more octothorpes (pound signs)...
### Like this
* You can also
** Mix list types
*** like this
# Pretty neat don't you think?

! Tiddler links
To create a Tiddler link, just use mixed-case WikiWord, or use [[brackets]] for NonWikiWordLinks. This is how the GTD style [[@Action]] lists are created. 

Note that existing Tiddlers are in bold and empty Tiddlers are in italics. See CreatingTiddlers for details.

! External Links
You can link to [[external sites|]] with brackets. You can also LinkToFolders on your machine or network shares.

! Images
Edit this tiddler to see how it's done.

|>| colspan |
| rowspan |left|
|~| right|
|colored| center |

For a complex table example, see PeriodicTable.

! Horizontal Rules
You can divide a tiddler into
sections by typing four dashes on a line by themselves.

! Blockquotes
This is how you do an extended, wrapped blockquote so you don't have to put angle quotes on every line.
>level 1
>level 1
>>level 2
>>level 2
>>>level 3
>>>level 3
>>level 2
>level 1

! Other Formatting
Superscript: 2^^3^^=8
Subscript: a~~ij~~ = -a~~ji~~
@@color(green):green colored@@
@@bgcolor(#ff0000):color(#ffffff):red colored@@
We want to setup ~FreeRADIUS to use ~OpenLDAP as its account storage backend. When this is done we will configure VPN access via a Cisco firewall using ~FreeRADIUS as authentication mechanism. Loo at [[Configuring remote VPN access on a PIX firewall]].

@@Important:@@ We use ~OpenLDAP for authentication //only//. For now at least....

See [[Ubuntu LDAP (Gutsy and later)]] for instructions on how to setup ~OpenLDAP. ~FreeRADIUS version is 1.1.7.

We use the standard configuration files provided by ~FreeRADIUS and work our way from there, as recommended by almost every tutorial on the net.
!!!!Configuring /etc/freeradius/radius.conf
* Our server is multihomed so we set the bind_address to the IP we want our ~FreeRADIUS server to listen to.
* We change several directives in the {{{ldap}}} subsection of the {{{module}}} section:
** Define our LDAP server.
** Define the {{{identity}}} and the {{{password}}} directives to the ldap user and its password able to retrieve passwords of ldap entries. This means that we have to define an 
** We define our {{{basedn}}} to the DN of the subtree our ldap users are located in. In our case, this is under {{{ou=people,dc=<ourdomain>,dc=<tld>}}}.
** Leave the {{{filter}}} directive to its default setting.
** Comment out the {{{access_attr}}} because we don't use any LDAP attribute to determine whether a user is allowed to login or not. Everyone under our {{{basedn}}} is allowed to login.
** Set {{{password_attribute}}} to {{{userPassword}}} ( our LDAP attribute ).
** Set {{{set_auth_type}}} to {{{no}}}.
** Set {{{start_tls = yes}}} to setup TLS conversation between ~FreeRADIUS and ~OpenLDAP. Set the other tls directives accordingly ( [[SSL certificates]] ). We need the {{{tls_cacertfile}}} directive at least.
* Comment out the {{{hints}}} directive in the preprocess subsection. It's not necessary for the ~FreeRADIUS functionality as an ldap-based authorisation service.
* Uncomment {{{ldap}}} directive in the authorize section.
* Comment all other entries in the authorize section except {{{pap}}} and {{{preprocess}}}. @@We may need to use the {{{eap}}} mechanism later on@@, but for now we comment it out as well. Particulary we comment out {{{chap}}} and {{{mschap}}} because they support only cleartext passwords. Look at (1) for password and protocol compatibility.
!!!!Configuring /etc/freeradius/clients.conf
We add an entry with our test machine's real IP, even if our rad client is located on the same machine our ~FreeRADIUS server runs on. That's because the source IP of the rad client is the real IP and not localhost ( ).
!!!!Configuring /etc/freeradius/ldap.attrs
We comment out all but one entries in this file. Comment out because we don't use the radius ldap schema at all, and leave one uncommented cause otherwise ~FreeRADIUS exits with an error.
There is a TLS error worth mentioning
{{{could not start TLS Connect error}}}
This error message can be a bit deceptive. It means it can't start TLS due to bad certificates at the ~FreeRADIUS side.
{{{$> freeradius -X(XX)}}} for standalone run and debugging ( more debugging output ).
We may update this article depending on how the cisco vpn integration progresses. Also, in a more distant future, we may update it depending on how wireless integration progresses. This article doesn't exhaust the ~FreeRADIUS subject in the slightest...well, maybe only in the slightest.
!!!! References
# Or in /usr/share/doc/freeradius/rlm-ldap.gz.
# Alan ~DeKok's ~FreeRADIUS site.
* To mhxanhma einai multihomed opote 8eloume h bind_addr na einai 1 apo tis 3 pou exei to mhxanhma,
* ldap subsection sto module section
** comment out identity and password giati to bind ginetai anonymously. @@ASXETO@@. Den einai ldap bind settings auta, alla pws kaneis search, kai gia na er8ei to userPAsswd prepei na psakseis me credentials pou exoun dikaiwma na doun to password sto LDAP
** 8etoume to basedn kai to filter na deixnoun sto ou=people kai na psaxnoun uid
** comment out to access_attr giati 8eloume na dwsoume access se olous katw apo to ou=people (vpn access)
**  comment out ola ta attributes sto arxeio ldap.attrs, pou fortwnetai apo thn directiva directory_mappings giati den xrhsimopoioume ka8olou to radius schema sto ldap.@@pros to paron@@. To paron mapping xrhsimopoieitai apo to rlm_ldap module
** 8etoume to password_attribute = userPassword ( LDAP attr )
** set_auth_type = no. De 8eloume to ldap module na kanei bind gia auth
* sto authorise section uncomment to ldap
* sto authentication section comment olo to ldap section
* Password compatibility sto (1). Tests me md5 kai sha douleuoun.
* Comment out chap kai mschap giati uposthrizoun mono cleartext (to ms uposthrizei kai NT hash), apo ( 1)
* Comment out kai to eap @@ Einai to mono prwtokolo pou mporei na xreiastei na koitaksoume@@
* Comment out to hints arxeio sto preprocess module. Den einai aparaithto gia thn leitourgikothta tou radius gia ldap based auth
* freeradius -X(XX) gia standalone kai debug(moredebug)
* starttls error, @@could not start TLS Connect error@@
>That error message can be a little deceptive.  When it says it can't
>connect, it can just mean it can't start TLS due to bad certificates
>at the freeradius end.

* Pros8etoume ena entry me to IP sto opoio trexei o ldap server giati to radtest feugei panta me srcIP to mhxanhma kai oxi srcIP localhost, akoma kai an to trexoume locally sto idio mhxanhma.

To tls den douleuei :( Pros to paron to afhnw. Exei la8os leei ta certs ston freeradius. DEn katalabainw.......... Epishs sto /usr/share/doc/freeradius/rlm-ldap.gz Exei kapoies 
I got this from the apt HOWTO at Cut 'n' paste it for quick ref.

To accomplish this, the deb-src entry in your /etc/apt/sources.list should be pointed at unstable. It should also be enabled (uncommented).

To download a source package, you would use the following command:

{{{$ apt-get source packagename}}}

This will download three files: a .orig.tar.gz, a .dsc and a .diff.gz. In the case of packages made specifically for Debian, the last of these is not downloaded and the first usually won't have "orig" in the name.

The .dsc file is used by dpkg-source for unpacking the source package into the directory packagename-version. Within each downloaded source package there is a debian/ directory that contains the files needed for creating the .deb package.

To auto-build the package when it's been downloaded, just add -b to the command line, like this:

{{{$ apt-get -b source packagename}}}
sensors-detect report 
* a ITE family, unknown chip with ID 0x8720
* an AMD K10 thermal sensor (driver `to-be-written')

Just include in /etc/modules the following 2 lines:
Ripped shamelessly from

This is here more as a future note to myself, but hopefully someone out there will find this useful.

Essentially, imagine this:  You have a remote repository (say, on ~GitHub), and that repo has many branches.  You clone the repo and end up with the master branch in your local dev environment.  Now what happens if you want to use one of the other branches in the repo?

Well, initially, you’d think you would create the branch locally, and pull the differences down:

{{{git branch production}}}
{{{git checkout production}}}
{{{git pull origin production}}}

but what if master is ahead of production (a likely scenario)?  In this case this won’t work as your local production branch will now contain the changes in the master branch – as that’s where you originated production from on your machine.

What you need to do is:

git checkout -b <local_name_for_branch> <remote_source>/<remote_branch>
{{{git checkout -b production origin/production}}}

What this does is create a tracking branch.  Tracking branches are local branches that have a direct relationship to a remote branch. If you’re on a tracking branch and type git push, Git automatically knows which server and branch to push to. Also, running git pull while on one of these branches fetches all the remote references and then automatically merges in the corresponding remote branch.
<<gradient horiz #bbbbbb #eeeeee #ffffff>>The new GradientMacro allows simple horizontal and vertical coloured gradients. They are constructed from coloured HTML elements, and don't require any images to work.>>
The GradientMacro is an ExtendedMacro that processes the text after it up until the next '>>' sequence. It looks like this:
<<gradient vert #ffffff #ffdddd #ff8888>>gradient fill>>
The first parameter can be ''vert'' or ''horiz'' to indicate the direction of the gradient. The following parameters are two or more colours (CSS RGB(r,g,b) format is also acceptable). The GradientMacro constructs a smooth linear gradient between each of the colours in turn.

| <<gradient vert #ffffff #ffdddd #ff8888>>No images were harmed in the making of this gradient fill>> | <<gradient vert #ffffff #ddffdd #88ff88>>No images were harmed in the making of this gradient fill>> | <<gradient vert #ffffff #ddddff #8888ff>>No images were harmed in the making of this gradient fill>> |

Inline CSS definitions can be added to gradient fills like this:

<<gradient vert #000000 #660000 #aa2222>>color:#ffffff;font-size:12pt;Darkness>>
<<gradient vert #000000 #660000 #aa2222>>color:#ffffff;font-size:12pt;Darkness>>

You can make an abrupt transition in the gradient by using the "snap" prefix, like this:

<<gradient vert #000000 #999999 snap:#aa2222 #ff444>>color:#ffffff;font-size:24pt;padding:4pt;More darkness>>
<<gradient vert #000000 #999999 snap:#aa2222 #ff444>>color:#ffffff;font-size:24pt;padding:4pt;More darkness>>
Ubuntu 8.10 intrepid ibex

To enable greek language support, edit the following files:
* /etc/default/locale 
* /etc/environment
and set

Install language-support-el package. {{{sudo apt-get install language-support-el}}}

To have greek subtitles in xine:
# download greek xine fonts ( google for a package ).
# Place the downloaded fonts at /usr/share/xine/libxine1
# Set appropriate font in xine settings.

To be able to install more languages in KDE 4, the package language-selector-qt has to be installed. It's used in KDE's System Settings application.
@@NB@@ Similar process for Ubuntu.
Check Or check the short list:
# if /etc/localtime and /user/share/zoneinfo/your-timezone are different, copy the zoneinfo file to localtime
# Set date: {{{date MMDDhhmm}}}
# {{{/sbin/hwclock --systohc --utc}}} (I always go UTC).
# Set the guest to synchronize with the host time in Settings->Options->~VMware Tools (in VI client). Vmware tools has to be running.

Alternatively, we can use an NTP service.
There is a bug with the ppd, related to paper manual/auto feed. We need a correct ppd ( google ) //and// the connection to the printer via the hp: protocol. The socket: protocol didn't work even with the fixed ppd. from Wall Street Journal
Add the following code to the StyleSheet tiddler, being sure to place your image url inside the paretheses:

body {background-image: url();
background-repeat: repeat; background-position: left; backgound-color: transparent; font-family: Helvetica;} 

Obviously if it is an image on the Internet, you will only have access to the image while online.

Sweet link!
Plugins are tiddlers embedded with codes that add special functions to ~TiddlyWiki files. Plugins are easier to install than I thought they would be. Here's how:
*Find the plugin you want and grab the url of the page it's on. (Copy the url from your browser's search window).
*In your own ~TiddlyWiki file, click on ImportTiddlers, found in the backstage area for versions 2.2 and beyond, and on the InterfaceOptions panel in the righthand sidebar of earlier versions.
*Paste the url you've copied into the top window of the import tiddlers tiddler that appears. Then click Fetch.
*A list of all the tiddlers found in the other file will appear. Find the tiddler of the plugin you want, then check the box next to it.
*Below the list is a menu that says "More actions..." Choose "Import these tiddlers."
*Your screen will blink and change several times while your file is being updated. If you have your ~TiddlyWiki configured to automatically save every change (which is default), the box will appear in the top right corner saying it has saved the change. If you have it configured another way, then click on "save changes".
*Hit the 'refresh' or 'reload' button on your browser.
*The plugin should now be installed and usable on your file. That's it!

{{{gem list | cut -d" " -f1 | xargs gem uninstall -aIx}}}
"But!" you interrupt, "what if I want to use mixed case and //not// create a tiddler, like if I'm talking about ~JavaScript?" Easy: Just precede the word with a single tilde (~). 

An embedded image looks like this:

[img[Dog shakes hand with soldier|][]]

Here's how the code works:
[img[alternate text|filename or URL][link]]

The Alternate Text and Link parameters are optional. You can use just {{{img[filename]}}} if you want, although it is better to include alternate text in case the image does not load for some reason.

[>img[Same dog, floating right|][]You can also set images to float to the left or the right of the text in your tiddler by using {{{[<img[...]}}} to float left or {{{[>img[...]}}} to float right. 

Two notes about using images:
#First, if you add images to the wiki, the wiki becomes less portable--you have to make sure that the wiki can get to the images you link to. 
#Second, it's considered rude to "hotlink" images on other people's servers. Don't just directly link to someone else's image; download it onto your computer and upload it back to your own server or to a free image host like [[Image Shack|]].
TiddlyWiki supports all kinds of formatting options:
*You can create ''Bold'' text by enclosing it in pairs of single quotes:
''bold text''

*You can create ==Strikethrough== text by enclosing it in pairs of equal signs:
==strikethrough text==

*You can __Underline__ text by enclosing it in pairs of underscores:
__underlined text__

*You can create //Italic// text by enclosing it in pairs of forward slashes:
//italic text//

*You can create ^^superscript^^ text by enclosing it in pairs of carets:
^^superscript text^^

*You can create ~~subscript~~ text by enclosing it in pairs of tildes:
~~subscript text~~

*You can @@highlight text@@ by enclosing it in pairs of at-signs.
@@highlighted text@@

*You can also change many other CSS attributes by adding arguments to the highlight command. For example, you can change the text color to @@color:red;red@@ or give it a background-color of @@background-color:#0000FF;color:white;blue@@.
@@CSS attributes separated by semicolons;text@@

You can find out more about CSS from the excellent [[w3schools tutorial|]].

*Finally, you can add new CSS classes to the Tiddlywiki so that you can style a number of items with the same CSS formatting. Simply add the new class to the StyleSheet [[ShadowTiddler|ShadowTiddlers]], such as:
Then, when you want to use that CSS class, use the following formatting:
{{classname{text to be formatted}}}
{{moveover{So, for example, this paragraph has been formatted using the moveover CSS class.}}}
You are by no means confined to this standard blue and white TiddlyWiki style. It's fairly easy to restructure and reformat this page to meet your needs if you know a little CSS and HTML. (If you don't know CSS and HTML, now's a great time to learn. Check out for more information on those topics.)

All you have to do to alter the style and structure of this page is to change a few ShadowTiddlers. The primary ones you're going to be interested in are the following:
*PageTemplate -- Contains the overall structure of the page, including the gradient macro for the masthead.
*EditTemplate -- Contains the structure and order of the tiddler editor screen
*ViewTemplate -- Contains the structure and order of the tiddler view screen
*StyleSheetColors -- Contains the CSS for the colors used by the TiddlyWiki
*StyleSheetLayout -- Contains the CSS for the layout of the TiddlyWiki
*StyleSheetPrint -- Contains the CSS used when printing from the TiddlyWiki

So, let's say for example that you want the tag list to appear below your tiddlers instead of floating to the right of them. This is the process that you'd follow:

1. Open the "StyleSheetLayout" tiddler
2. Edit this tiddler and scroll down to the line marked "{{{.tagged {}}}"
3. Delete the "{{{float:right;}}}" from this CSS class.
4. Add the following code to the tiddler:
.tagged li, .tagged ul {
5. Click "Done" and close the StyleSheetLayout tiddler.
6. Open and edit the "ViewTemplate" tiddler
7. Move the line marked "{{{<div class='tagged' macro='tags'></div>}}}" to the end of the list.
8. Click "Done" and close the ViewTemplate tiddler
9. [[Save you changes|HowToSaveYourChanges]] and refresh the page. Your tags should now be after each post and on a single line.
You aren't restricted to only linking to your own tiddlers: Here's how you link to something offsite, like the [[TiddlyWiki Home Page|]].

You can create a table by enclosing text in sets of vertical bars (||, or shift-backslash on your keyboard). 
|!Headings: add an exclamation point (!) right after the vertical bar.|!Heading2|!Heading3|
|Row 1, Column 1|Row 1, Column 2|Row 1, Column 3|
|>|>|Have one row span multiple columns by using a >|
|Have one column span multiple rows by using a ~|>| Use a space to right-align text in a cell|
|~|>| Enclose text in a cell with spaces to center it |
|>|>|bgcolor(lightgreen):Add color to a cell using bgcolor(yourcolorhere):|
|Add a caption by ending the table with a vertical bar followed by a c|c

Here's the code for the above table:
|!Headings: add an exclamation point (!) right after the vertical bar.|!Heading2|!Heading3|
|Row 1, Column 1|Row 1, Column 2|Row 1, Column 3|
|>|>|Have one row span multiple columns by using a >|
|Have one column span multiple rows by using a ~|>| Use a space to right-align text in a cell|
|~|>| Enclose text in a cell with spaces to center it |
|>|>|bgcolor(lightgreen):Add color to a cell using bgcolor(yourcolorhere):|
|Add a caption by ending the table with a vertical bar followed by a c|c
The core TiddlyWiki code is regularly updated with bug fixes and new features. If you're using an earlier revision of TiddlyWiki, here's the simple way to upgrade to the latest version:
* Download a fresh, empty version of TiddlyWiki by right-clicking on [[this link|]], selecting 'Save target' or 'Save link' and saving it in a convenient location as (say) "mynewtiddlywiki.html"
* Open the new TiddlyWiki file in your browser
* Choose ''import'' from the BackstageArea at the top of the window (you may need to click the 'backstage' button at the upper right to show the BackstageArea)
* Click the ''browse'' button and select your original TiddlyWiki file (say, "mytiddlywiki.html") from the file browser
* Click the ''open'' button on the import wizard; a list of all of your tiddlers is displayed
* Click on the top-left checkbox to select all the tiddlers in the list
* Scroll down to the bottom of the wizard and ensure that the checkbox labelled //Keep these tiddlers linked to this server...// is ''clear''
* Click the ''import'' button
The most likely cause of the upgrade process not working properly is that one of the [[Plugins]] you're using is not compatible with a change in the new release. If so, you can repeat the process omitting the troublesome plugins.
I hate shell scripting in sh bash ash whatever. Ruby is (my) future...

//for loop// and a //conditional//:
for i in *; do
  if [ $i != "lost+found" ] ; then mv $i $i-old ; fi
// //''Name:'' ImageLink
// //''Version:'' <<getversion imglink>> (<<getversiondate imglink "DD MMM YYYY">>)
// //''Author:'' AlanHecht
// //''Type:'' [[Macro|Macros]]

// //''Description:'' Inserts an external image file as a hyperlink to a URL, a tiddler, or a javascript function.

// //''Syntax:'' << {{{imglink imageSrc linkTo "altText" borderSize width height}}} >>
// //Examples: 
// //<<imglink fractalveg.jpg "Nice broccoli!" 1 auto 41>> (webpage link, includes height) //IE will not display properly//*

// //<<imglink fractalveg.jpg test.htm "Nice broccoli!" 1 85 41>> (link to local file, includes both width & height parameters)

// //<<imglink fractalveg.jpg self null 1 84 41>> (image with null alt text that links to itself using 'self')

// //<<imglink fractalveg.jpg null "Cool!" 4 79 38>> (image with "null" link but takes advantage of other parameters)

// //<<imglink brixhamharbour.jpg HelloThere "Click to learn more!" 1>> (local image that links to a tiddler)

// //<<imglink "sampleFunction('You called a function!')" "Click to call a function!" 1>> (image from the web that calls a function)

// //''Directions:'' <<tiddler MacroDirections>> Also, you do not need to copy the sampleFunction() function that appears at the bottom of the code section.  It is used simply to demo this macro calling a function.

// //''Notes:'' Optional border value is set at zero unless you specify another value.  If you choose to set a border, you may also want to change the color for the border in the code section below or using the CustomStyleSheet.  If you specify width and height, you ''must'' provide a border value (use 0 for no border) .
// //If any of your macro parameters contain spaces, then surround the phrase in quote marks, otherwise quotes are not needed.
// //If you use imglink to call a function (useful for adding interface buttons, etc.), the macro will first try to test whether the function exists.  If you typed the name of the function incorrectly, you will receive an error when the macro runs.  If the function does exist, then it is called with all the parameters you specified.
// //*If you set an image width, some browsers (like IE) will require that you set the height value as well.  For browsers that will autosize, you can replace the actual width/height value with the word {{{auto}}}.

// //''Known Issues:'' This macro will not work if called from within a table.

// //''Revision History:''
// // v0.1.0 (22 July 2005): initial release
// // v0.1.1 (22 July 2005): added support for linking to local files as well as no link at all
// // v0.1.2 (15 August 2005): fixed an issue with self-linking images (note: the syntax for these image links changed to 'self')

// //''Code section:''
version.extensions.imglink = {major: 0, minor: 1, revision: 2, date: new Date("Aug 15, 2005")};
config.macros.imglink = {}
config.macros.imglink.handler = function(place,macroName,params)
var theLink = null;
var theAction = null;
var data = params;
var linkTo = data[1];
var box = createTiddlyElement(place,"span",null,"imgLinkBox",String.fromCharCode(160)); = "relative";
if(data[2] && data[2]!="null")
	box.title = data[2];
var theImage = document.createElement("img");
theImage.src = data[0];
theImage.className = "linkedImg"; = "relative"; = "top";
theImage.border = data[3] ? data[3] : 0; = "black";
if(data[4] && data[4]!="auto")
	theImage.width = data[4];
if(data[5] && data[5]!="auto")
	theImage.height = data[5];

var tiddlerText = store.getTiddlerText(linkTo);
var func = linkTo.substring(0,data[1].indexOf("("));
// test for tiddler link
	theLink = document.createElement("a");
	theAction = function() {displayTiddler(this,linkTo,1,null,null,null,false,false);};
	theLink.onclick = theAction;
	theLink.href = "javascript:;";
// test for function call
else if(window[func] || typeof eval(func)=="function")
	theLink = document.createElement("a");
	theAction = function() {eval(linkTo);};
	theLink.onclick = theAction;
	theLink.href = "javascript:;";
// test for link to image view
else if(linkTo == "self")
		theLink = document.createElement("a");
		theLink.href = theImage.src;
		if(config.options.chkOpenInNewWindow) = "_blank";
// test for no link
else if(linkTo == null || linkTo == "null")
	theLink = document.createElement("span");
		theLink = document.createElement("a");
		theLink.href = data[1];
		if(config.options.chkOpenInNewWindow) = "_blank";


// //''The following function is not needed and is for demo purposes only''
function sampleFunction(message)
|Author|Eric Shulman - ELS Design Studios|
|License| <br>and [[Creative Commons Attribution-ShareAlike 2.5 License|]]|
|Overrides|'image' formatter|
|Description|extends image syntax to add optional CSS width/height values|
Extends standard TiddlyWiki image syntax, ''{{{[img[...]]}}}'', so you can specify CSS width/height values.

The extended syntax is:
>where x and y are the desired width and height of the image, specified using CSS units of measurement (e.g., px, em, cm, in, or %).  Use ''auto'' (or omit the value) for width or height to scale image proportionally (i.e., maintain aspect ratio).  You may also calculate a CSS value on-the-fly by using //evaluated javascript//, enclosed between """{{""" and """}}""", e.g, {{{({{widthFunction()}},{{heightFunction()}})}}}.

Note: this plugin also includes enhancements to support:
*[[AttachFilePluginFormatters]] (embed image files as text-encoded tiddlers)
* [[ImagePathPlugin]] (fallback locations for missing images)
Please refer to those plugins for details...
{{clear block{}}}
!!!!!Revision History
2008.01.19 [1.1.0] added support for evaluated width/height values!!
2008.01.18 [1.0.1] code cleanup plus improved regexp for matching "(width,height)" by eliminating hard-coded recognition of [px,em,cm,in,%] CSS units.  Syntax now accepts ANY values for width/height, and leaves it to the browser's CSS processing to handle any invalid values.
2008.01.17 [1.0.0] initial release
version.extensions.imageSize = {major: 1, minor: 1, revision: 0, date: new Date(2008,1,19)};

// replace standard handler for image formatter
// note: includes modifications for [[AttachFilePluginFormatters]] AND [[ImagePathPlugin]]
var f=config.formatters.findByField("name","image");
config.formatters[f].handler=function(w) {
	this.lookaheadRegExp.lastIndex = w.matchStart;
	var lookaheadMatch = this.lookaheadRegExp.exec(w.source)
	if(lookaheadMatch && lookaheadMatch.index == w.matchStart) {
		var floatLeft=lookaheadMatch[1];
		var floatRight=lookaheadMatch[2];
		var XY=lookaheadMatch[3];
		var tooltip=lookaheadMatch[4];
		var src=lookaheadMatch[5];
		var link=lookaheadMatch[6];
		// Simple bracketted link
		var e = w.output;
		if(link) { // LINKED IMAGE
			if (config.formatterHelpers.isExternalLink(link)) {
				if (config.macros.attach && config.macros.attach.isAttachment(link)) {
					// see [[AttachFilePluginFormatters]]
					e = createExternalLink(w.output,link);
					e.title = config.macros.attach.linkTooltip + link;
				} else
					e = createExternalLink(w.output,link);
			} else 
				e = createTiddlyLink(w.output,link,false,null,w.isStatic);
		var img = createTiddlyElement(e,"img");
		if(floatLeft) img.align="left"; else if(floatRight) img.align="right"; // FLOAT LEFT/RIGHT
		if(XY) { // CUSTOM SIZE with optional EVAL'ED width/height ({{...}},{{...}})
			var parts=XY.replace(/[\(\)]/g,'').split(","); var x=parts[0]; var y=parts[1];
			if (x.substr(0,2)=="{{") {
			} else;

			if (y.substr(0,2)=="{{") {
			} else;
		if(tooltip) img.title = tooltip; // TOOLTIP
		// GET IMAGE SOURCE (get attachment or resolve fallback path as needed)
		if (config.macros.attach && config.macros.attach.isAttachment(src))
			src=config.macros.attach.getAttachment(src); // see [[AttachFilePluginFormatters]]
		else if (config.formatterHelpers.resolvePath) { // see [[ImagePathPlugin]]
			// Note: IE and Safari use onError to call resolvePath() only if initial lookup fails
			// (avoids security messages for initial filesystem access)... otherwise, attempt to
			// resolve the original path/file before initial rendering
			if (config.browser.isIE || config.browser.isSafari) {
					return false;
			} else
		img.src=src; // RENDER IMAGE
		w.nextMatch = this.lookaheadRegExp.lastIndex;
TiddlyWiki lets you write ordinary HTML by enclosing it in {{{<html>}}} and {{{</html>}}}:

<a href="javascript:;" onclick="onClickTiddlerLink(event);" tiddlyLink="TiddlyWiki" style="background-color: yellow;">Link to wikiwords from HTML</a>

The source for the above is:

<div style="background-color: yellow;">
<a href="javascript:;" onclick="onClickTiddlerLink(event);" tiddlyLink="Macros">Link to wikiwords from HTML</a>

HTML can enable some exotic new features (like [[embedding GMail and Outlook|]] in a TiddlyWiki). However it doesn't work for some JavaScript code libraries; see CustomMarkup for another way to include custom HTML in your TiddlyWiki.
|Author|Eric Shulman - ELS Design Studios|
|License| <br>and [[Creative Commons Attribution-ShareAlike 2.5 License|]]|
|Description|Insert Javascript executable code directly into your tiddler content.|
''Call directly into TW core utility routines, define new functions, calculate values, add dynamically-generated TiddlyWiki-formatted output'' into tiddler content, or perform any other programmatic actions each time the tiddler is rendered.
>see [[InlineJavascriptPluginInfo]]
!!!!!Revision History
2008.02.14 [1.8.1] added backward-compatibility for use of wikifyPlainText() in TW2.1.3 and earlier
2008.01.08 [*.*.*] plugin size reduction: documentation moved to ...Info and ...History tiddlers
2007.12.28 [1.8.0] added support for key="X" syntax to specify custom access key definitions
|please see [[InlineJavascriptPluginHistory]] for additional revision details|
2005.11.08 [1.0.0] initial release
version.extensions.inlineJavascript= {major: 1, minor: 8, revision: 1, date: new Date(2008,2,14)};

config.formatters.push( {
	name: "inlineJavascript",
	match: "\\<script",
	lookahead: "\\<script(?: src=\\\"((?:.|\\n)*?)\\\")?(?: label=\\\"((?:.|\\n)*?)\\\")?(?: title=\\\"((?:.|\\n)*?)\\\")?(?: key=\\\"((?:.|\\n)*?)\\\")?( show)?\\>((?:.|\\n)*?)\\</script\\>",

	handler: function(w) {
		var lookaheadRegExp = new RegExp(this.lookahead,"mg");
		lookaheadRegExp.lastIndex = w.matchStart;
		var lookaheadMatch = lookaheadRegExp.exec(w.source)
		if(lookaheadMatch && lookaheadMatch.index == w.matchStart) {
			var src=lookaheadMatch[1];
			var label=lookaheadMatch[2];
			var tip=lookaheadMatch[3];
			var key=lookaheadMatch[4];
			var show=lookaheadMatch[5];
			var code=lookaheadMatch[6];
			if (src) { // load a script library
				// make script tag, set src, add to body to execute, then remove for cleanup
				var script = document.createElement("script"); script.src = src;
				document.body.appendChild(script); document.body.removeChild(script);
			if (code) { // there is script code
				if (show) // show inline script code in tiddler output
				if (label) { // create a link to an 'onclick' script
					// add a link, define click handler, save code in link (pass 'place'), set link attributes
					var link=createTiddlyElement(w.output,"a",null,"tiddlyLinkExisting",wikifyPlainText(label));
					var fixup=code.replace(/document.write\s*\(/gi,'place.innerHTML+=(');
					link.code="function _out(place){"+fixup+"\n};_out(this);"
					var URIcode='javascript:void(eval(decodeURIComponent(%22(function(){try{';
					URIcode+=encodeURIComponent(encodeURIComponent(code.replace(/\n/g,' ')));
					if (key) link.accessKey=key.substr(0,1); // single character only
				else { // run inline script code
					var fixup=code.replace(/document.write\s*\(/gi,'place.innerHTML+=(');
					var code="function _out(place){"+fixup+"\n};_out(w.output);"
					try { var out=eval(code); } catch(e) { out=e.description?e.description:e.toString(); }
					if (out && out.length) wikify(out,w.output,w.highlightRegExp,w.tiddler);
			w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
} )

// // Backward-compatibility for TW2.1.x and earlier
if (typeof(wikifyPlainText)=="undefined") function wikifyPlainText(text,limit,tiddler) {
	if(limit > 0) text = text.substr(0,limit);
	var wikifier = new Wikifier(text,formatter,null,tiddler);
	return wikifier.wikifyPlain();
|Author|Eric Shulman - ELS Design Studios|
|License| <br>and [[Creative Commons Attribution-ShareAlike 2.5 License|]]|
|Description|Documentation for InlineJavascriptPlugin|
''Call directly into TW core utility routines, define new functions, calculate values, add dynamically-generated TiddlyWiki-formatted output'' into tiddler content, or perform any other programmatic actions each time the tiddler is rendered.
This plugin adds wiki syntax for surrounding tiddler content with {{{<script>}}} and {{{</script>}}} markers, so that it can be recognized as embedded javascript code.
<script show>
	/* javascript code goes here... */
</script>Every time the tiddler content is rendered, the javascript code is automatically evaluated, allowing you to invoke 'side-effect' processing and/or produce dynamically-generated content that is then inserted into the tiddler content, immediately following the script (see below).  By including the optional ''show'' keyword as the final parameter in a {{{<script>}}} marker, the plugin will also include the script source code in the output that it displays in the tiddler.  This is helpful when creating examples for documentation purposes (such as used in this tiddler!)

__''Deferred execution from an 'onClick' link''__
<script label="click here" title="mouseover tooltip text" key="X" show>
	/* javascript code goes here... */
	alert('you clicked on the link!');
By including a {{{label="..."}}} parameter in the initial {{{<script>}}} marker, the plugin will create a link to an 'onclick' script that will only be executed when that specific link is clicked, rather than running the script each time the tiddler is rendered.  You may also include a {{{title="..."}}} parameter to specify the 'tooltip' text that will appear whenever the mouse is moved over the onClick link text, and a {{{key="X"}}} parameter to specify an //access key// (which must be a //single// letter or numeric digit only).

__''Loading scripts from external source files''__
<script src="URL" show>
	/* optional javascript code goes here... */
</script>You can also load javascript directly from an external source URL, by including a src="..." parameter in the initial {{{<script>}}} marker (e.g., {{{<script src="demo.js"></script>}}}).  This is particularly useful when incorporating third-party javascript libraries for use in custom extensions and plugins.  The 'foreign' javascript code remains isolated in a separate file that can be easily replaced whenever an updated library file becomes available.

In addition to loading the javascript from the external file, you can also use this feature to invoke javascript code contained within the {{{<script>...</script>}}} markers.  This code is invoked //after// the external script file has been processed, and can make immediate use of the functions and/or global variables defined by the external script file.
>Note: To ensure that your javascript functions are always available when needed, you should load the libraries from a tiddler that will be rendered as soon as your TiddlyWiki document is opened.  For example, you could put your {{{<script src="..."></script>}}} syntax into a tiddler called LoadScripts, and then add {{{<<tiddler LoadScripts>>}}} in your MainMenu tiddler.  Since the MainMenu is always rendered immediately upon opening your document, the library will always be loaded before any other tiddlers that rely upon the functions it defines.  Loading an external javascript library does not produce any direct output in the tiddler, so these definitions should have no impact on the appearance of your MainMenu.
!!!!!Creating dynamic tiddler content and accessing the ~TiddlyWiki DOM
An important difference between TiddlyWiki inline scripting and conventional embedded javascript techniques for web pages is the method used to produce output that is dynamically inserted into the document: in a typical web document, you use the {{{document.write()}}} (or {{{document.writeln()}}}) function to output text sequences (often containing HTML tags) that are then rendered when the entire document is first loaded into the browser window.

However, in a ~TiddlyWiki document, tiddlers (and other DOM elements) are created, deleted, and rendered "on-the-fly", so writing directly to the global 'document' object does not produce the results you want (i.e., replacing the embedded script within the tiddler content), and instead will //completely replace the entire ~TiddlyWiki document in your browser window (which is clearly not a good thing!)//.  In order to allow scripts to use {{{document.write()}}}, the plugin automatically converts and buffers all HTML output so it can be safely inserted into your tiddler content, immediately following the script.

''Note that {{{document.write()}}} can only be used to output "pure HTML" syntax.  To produce //wiki-formatted// output, your script should instead return a text value containing the desired wiki-syntax content'', which will then be automatically rendered immediately following the script.  If returning a text value is not sufficient for your needs, the plugin also provides an automatically-defined variable, 'place', that gives the script code ''direct access to the //containing DOM element//'' into which the tiddler output is being rendered.  You can use this variable to ''perform direct DOM manipulations'' that can, for example:
* generate wiki-formatted output using {{{wikify("...content...",place)}}}
* vary the script's actions based upon the DOM element in which it is embedded
* access 'tiddler-relative' DOM information using {{{story.findContainingTiddler(place)}}}
>Note: ''When using an 'onclick' script, the 'place' element actually refers to the onclick //link text// itself, instead of the containing DOM element.''  This permits you to directly reference or modify the link text to reflect any 'stateful' conditions that might set by the script.  To refer to the containing DOM element from within an 'onclick' script, you can use "place.parentNode" instead.
!!!!!Instant "bookmarklets"
You can also use an 'onclick' link to define a "bookmarklet": a small piece of javascript that can be ''invoked directly from the browser without having to be defined within the current document.''  This allows you to create 'stand-alone' commands that can be applied to virtually ANY TiddlyWiki document... even remotely-hosted documents that have been written by others!!  To create a bookmarklet, simply define an 'onclick' script and then grab the resulting link text and drag-and-drop it onto your browser's toolbar (or right-click and use the 'bookmark this link' command to add it to the browser's menu).
>Note: When writing scripts intended for use as bookmarklets, due to the ~URI-encoding required by the browser, ''you cannot not use ANY double-quotes (") within the bookmarklet script code.''  In addition, all comments embedded in the bookmarklet script must ''use the fully-delimited {{{/* ... */}}} comment syntax,'' rather than the shorter {{{//}}} comment syntax.  Most importantly, because bookmarklets are invoked directly from the browser interface and are not embedded within the TiddlyWiki document, there is NO containing DOM element surrounding the script.  As a result, ''you cannot use a bookmarklet to generate dynamic output in your document,''  and using {{{document.write()}}} or returning wiki-syntax text or making reference to the 'place' DOM element is likely to produce a fatal error when the bookmarklet is invoked.
Please see [[InstantBookmarklets]] for many examples of 'onclick' scripts that can also be used as bookmarklets.
!!!!!Special reserved function name
The plugin 'wraps' all inline javascript code inside a function, {{{_out()}}}, so that any return value you provide can be correctly handled by the plugin and inserted into the tiddler.  To avoid unpredictable results (and possibly fatal execution errors), this function should never be redefined or called from ''within'' your script code.
simple dynamic output:
><script show>
	document.write("The current date/time is: "+(new Date())+"<br>");
	return "link to current user: [["+config.options.txtUserName+"]]\n";
dynamic output using 'place' to get size information for current tiddler:
><script show>
	if (!window.story) window.story=window;
	var title=story.findContainingTiddler(place).getAttribute("tiddler");
	var size=store.getTiddlerText(title).length;
	return title+" is using "+size+" bytes";
dynamic output from an 'onclick' script, using {{{document.write()}}} and/or {{{return "..."}}}
><script label="click here" show>
	document.write("<br>The current date/time is: "+(new Date())+"<br>");
	return "link to current user: [["+config.options.txtUserName+"]]\n";
creating an 'onclick' button/link that accesses the link text AND the containing tiddler:
><script label="click here" title="clicking this link will show an 'alert' box" key="H" show>
	if (!window.story) window.story=window;
	var tid=story.findContainingTiddler(place).getAttribute('tiddler');
	alert('Hello World!\nlinktext='+txt+'\ntiddler='+tid);
dynamically setting onclick link text based on stateful information:
<script label="click here">
	/* toggle "txtSomething" value */
	var on=(config.txtSomething=="ON");
	return "\nThe current value is: "+config.txtSomething;
	/* initialize onclick link text based on current "txtSomething" value */
	var on=(config.txtSomething=="ON");
<script label="click here">
	/* toggle "txtSomething" value */
	var on=(config.txtSomething=="ON");
	return "\nThe current value is: "+config.txtSomething;
	/* initialize onclick link text based on current "txtSomething" value */
	var on=(config.txtSomething=="ON");
loading a script from a source url:
> contains:
>>{{{function inlineJavascriptDemo() { alert('Hello from demo.js!!') } }}}
>>{{{displayMessage('InlineJavascriptPlugin: demo.js has been loaded');}}}
>note: When using this example on your local system, you will need to download the external script file from the above URL and install it into the same directory as your document.
><script src="demo.js" show>
	return "inlineJavascriptDemo() function has been defined"
><script label="click to invoke inlineJavascriptDemo()" key="D" show>
2008.02.23 [1.9.1] in onclick function, use string instead of array for 'bufferedHTML' attribute on link element (fixes IE errors)
2008.02.21 [1.9.0] 'onclick' scripts now allow returned text (or document.write() calls) to be wikified into a span that immediately follows the onclick link.  Also, added default 'return false' handling if no return value provided (prevents HREF from being triggered -- return TRUE to allow HREF to be processed).  Thanks to Xavier Verges for suggestion and preliminary code.
2008.02.14 [1.8.1] added backward-compatibility for use of wikifyPlainText() in TW2.1.3 and earlier
2008.01.08 [*.*.*] plugin size reduction: documentation moved to ...Info tiddler
2007.12.28 [1.8.0] added support for key="X" syntax to specify custom access key definitions
2007.12.15 [1.7.0] autogenerate URI encoded HREF on links for onclick scripts.  Drag links to browser toolbar to create bookmarklets.  IMPORTANT NOTE: place is NOT defined when scripts are used as bookmarklets.  In addition, double-quotes will cause syntax errors.  Thanks to PaulReiber for debugging and brainstorming.
2007.11.26 [1.6.2] when converting "document.write()" function calls in inline code, allow whitespace between "write" and "(" so that "document.write ( foobar )" is properly converted.
2007.11.16 [1.6.1] when rendering "onclick scripts", pass label text through wikifyPlainText() to parse any embedded wiki-syntax to enable use of HTML entities or even TW macros to generate dynamic label text.
2007.02.19 [1.6.0] added support for title="..." to specify mouseover tooltip when using an onclick (label="...") script
2006.10.16 [1.5.2] add newline before closing '}' in 'function out_' wrapper.  Fixes error caused when last line of script is a comment.
2006.06.01 [1.5.1] when calling wikify() on script return value, pass hightlightRegExp and tiddler params so macros that rely on these values can render properly
2006.04.19 [1.5.0] added 'show' parameter to force display of javascript source code in tiddler output
2006.01.05 [1.4.0] added support 'onclick' scripts.  When label="..." param is present, a button/link is created using the indicated label text, and the script is only executed when the button/link is clicked.  'place' value is set to match the clicked button/link element.
2005.12.13 [1.3.1] when catching eval error in IE, e.description contains the error text, instead of e.toString().  Fixed error reporting so IE shows the correct response text.  Based on a suggestion by UdoBorkowski
2005.11.09 [1.3.0] for 'inline' scripts (i.e., not scripts loaded with src="..."), automatically replace calls to 'document.write()' with 'place.innerHTML+=' so script output is directed into tiddler content.  Based on a suggestion by BradleyMeck
2005.11.08 [1.2.0] handle loading of javascript from an external URL via src="..." syntax
2005.11.08 [1.1.0] pass 'place' param into scripts to provide direct DOM access 
2005.11.08 [1.0.0] initial release
// //''Name:'' InsertSmiley
// //''Version:'' <<getversion smiley>> (<<getversiondate  smiley "DD MMM YYYY">>)
// //''Author:'' AlanHecht
// //''Type:'' [[Macro|Macros]]

// //''Description:'' Inserts a small smiley graphic at the location of the macro and does not require any external graphics.  The method used should work on most current browser platforms.

// //''Syntax:'' << {{{smiley ;-)}}}>>
// //Examples: <<smiley>> <<smiley :-(>> <<smiley ;-)>> <<smiley :-|>> <<smiley :-D>>

// //''Directions:'' <<tiddler MacroDirections>>

// //''Notes:'' A regular smiley <<smiley>> will be displayed if no smiley string is provided.  Most smileys will work with or without the "nose" -- e.g. {{{;-)}}} is the same as {{{;)}}}

// //''Revision History:''
// // v0.1.0 (20 July 2005): initial release
// // v0.1.1 (20 July 2005): << {{{smiley}}}>> with no parameter displays a standard smiley

// //''Code section:''
version.extensions.smiley = {major: 0, minor: 1, revision: 1, date: new Date("Jul 20, 2005")};
config.macros.smiley = {}
config.macros.smiley.handler = function(place,macroName,params)
	var palette = ["transparent","#000000","#1a1507","#352e18","#464646","#666666","#a3141e","#b06b63","#cc9900","#dd9030","#dddddd","#e89d00","#edc32a","#f3cb3c","#fdf201","#fdf526","#ff3149","#ffac00","#ffbf06","#ffc846","#ffcc66","#ffd758","#ffdd01","#ffea7b","#ffed55","#ffffff"];
	var data = params;
	var imageMap = null;
	if(!data[0] || data[0] == ":-)" || data[0] == ":)")
		imageMap = "aaaaabbbbbaaaaaaaabdtyyvtdbaaaaabnyxxxxxujbaaabmyyffyffuujbaadyyyeeyeetttdabppppddyddpmmlbbwoooooooowsrlbbwwpooooowwmrlbbwwboooowwwbllbbwwwboooowbrllbacwwwbbbbbrllcaablswwwwsrrlibaaablsssrrllibaaaaabcrrlllcbaaaaaaaabbbbbaaaaa";
	else if(data[0] == ":-(" || data[0] == ":(")
		imageMap = "aaaaabbbbbaaaaaaaabdtyyvtdbaaaaabnyxxxxxujbaaabmyyyyyyyuujbaadyyyeeyeetttdabppppddyddpmmlbbwoooooooowsrlbbwwpooooowwmrlbbwwoooooowwrllbbwwwwbbbbbsrllbacwwbwwwwsbllcaablswwwwsrrlibaaablsssrrllibaaaaabcrrlllcbaaaaaaaabbbbbaaaaa";
	else if(data[0] == ";-)" || data[0] == ";)")
		imageMap = "aaaaabbbbbaaaaaaaabdtyyvtdbaaaaabnyxxxxxujbaaabmyyxxxxxuujbaadyyyxxxeetttdabppphddyddpmmlbbwoooooooowsrlbbwwpooooowwmrlbbwwboooowwwbllbbwwwboooowbrllbacwwwbbbbbrllcaablswwwwsrrlibaaablsssrrllibaaaaabcrrlllcbaaaaaaaabbbbbaaaaa";
	else if(data[0] == ":-|" || data[0] == ":|")
		imageMap = "aaaaabbbbbaaaaaaaabdtyyvtdbaaaaabnyxxxxxujbaaabmyyffyffuujbaadyyyeeyeetttdabppppddyddpmmlbbwoooooooowsrlbbwwpooooowwmrlbbwwoooooowwrllbbwwwwbbbbbsrllbacwwwwwwwsrllcaablswwwwsrrlibaaablsssrrllibaaaaabcrrlllcbaaaaaaaabbbbbaaaaa";
	else if(data[0] == ":-D" || data[0] == ":D")
		imageMap = "aaaaabbbbbaaaaaaaabdtyyvtdbaaaaabnyxxxxxujbaaabmyyeeyeeuujbaadyyyeeyeetttdabppppyyyyypmmlbbwbbbbbbbbbbblbbwbkzzzzzzzkbwbbwbfzzzzzzzfbwbbwbkzzzzzzzkbwbacwbkzzzzzkblcaablsbkzzzkblibaaablsbbbbblibaaaaabcrrlllcbaaaaaaaabbbbbaaaaa";
		createTiddlyElement(place,"span",null,"errorNoSuchMacro","unknown smiley");
		var box = createTiddlyElement(place,"span",null,"smiley",String.fromCharCode(160)); = "relative"; = "15px"; = "15px"; = "1px"; = "1px"; = "12px"; = "top";

		//now divide into 15x15 grid and create each pixel
		// rows
		for(r=0; r<15; r++)
			// columns
			for(c=0; c<15; c++)
				//create each pixel with the correct background
				var pix = document.createElement("img");
				pix.className = "smileyPixel"; = "absolute";
				pix.border = 0; = r + "px"; = c + "px"; = "1px"; = "1px"; = palette[imageMap.charCodeAt((r*15)+c)-97];
				pix.src = "data:image/gif,GIF89a%01%00%01%00%91%FF%00%FF%FF%FF%00%00%00%C0%C0%C0%00%00%00!%F9%04%01%00%00%02%00%2C%00%00%00%00%01%00%01%00%40%02%02T%01%00%3B";
This is when gem needs to build native extensions. I use this in order to package and install grosser-algorithms in jruby. grosser-algorithms is cloned from Kanwei Li's algorithms. 

After cloning I do:
# Open the .gemspec file and change the following specs to: spec.extensions = nil and spec.platform = 'java'
# jruby -S gem build algorithms.gemspec to package the gem. (rake gem doesn't work, why?)
# gem install algorithms-0.2.0-java.gem
* This is kanwei's repo. Check the issues!
Get rsync from ~RedHat 7.3 at and transfer it to the esx host.

{{{rpm2cpio rsync-2.6.9-1.rh7.rf.i386.rpm | cpio -idmv}}} to unpack the rpm package and get the executable.

InterfaceOptions are displayed when you click the 'options' button on the right. They are saved in a cookie on your browser, making them sticky between visits:
<<tiddler OptionsPanel>>
* The user name for edits should be set //before// starting to edit things (ouch. another bug)
* SaveBackups gives the option of whether to generate backup files 
* AutoSave gives the option of automatically saving every time a change is made
* RegExpSearch allows more complex search expressions
* CaseSensitiveSearch does as its name implies
# ~OpenLDAP εγκατασταθηκε και τρεχει
#phpldapadmin to idio
#ftiaxnoume ena neo template. PROSOXH: to neo template mpainei sto dir templates/creation kai OXI sto template, opws leei to manual tou phpldapadmin
# migrate ta accounts, kati prepei na paizei me to passwd encryption apo solaris se linux
# Edit to /usr/share/perl5/ kai bazoume to diko mas BASE, 8etoume to EXTEND_SCGEMA se 1 kai kanoume comment out oti exei me Kerberos. Epishs allazoume ta NAMINGCONTEXTS gia na sumfwnoun me to schema mas
# Allages sto migration_passwd gia na ferei ta idia pou 8a ferei kai to template pou 8a ftiaksoume gia to phpldapadmin. *****Ayto to shmeio ksanadesto, xreiazetai? *****
## Ta migration tools ftiaxnoun DNs ths morfhs uid, ou
## to User Account template tou phpldapadmin ftiaxnei DN ths morfhs cn, ou
## To template pou eftiaksa lunei to prob. Allazw to DN kata boulhsh
## Sto migrate_passwd, otan EXTEND_SCHEMA=1 bazei 3 structural classes, Ta 2 (person kai organisationPerson) ta ekana comment out. Ola ta attributes apo ta parent classes uparxoun sto class pou afhsa (inetOrgPerson). Reccomendation apo 2o link (oxi polla structural classes sta entries)
## Sto migrate_passwd, tupwnw kai mia timh displayName (=cn), sumfwna me to link 2
## Anadiataksh ektupwshs twn objectClass me to top sthn arxh, to inteOrg Person (structural) meta kai akolou8oun ta auxilliary
#xrhsimopoioume ta migrate_passwd/group/shadow
# Toi installation exei hdh dhmiourghsei to entry tou domain mas dc=iit,dc=demok....
#Ta 2nd lvl entries, People, Group, app kai adm ta ftiaxnoume me to xeri san ou entries

@@ APOLUTWS APARAITHTO: ta users directories sto ldap, kai ta uid gid, einai apoluta!!!!!! Dhladh  o xrhsths test me uid 1001 kai gid 1001 kai homedir /path/ti/homedir efarmozetai se OLA ta mhxanhmata pou o xrhshths autos exei access@@
# {{{$config->custom->cache['template'] = false;}}}
#{{{$config->custom->appearance['tree_display_format'] = '%displayName';}}} To displayName einai suggestion apo to 2o link
auth-client-config -a -p lac_ldap ( to profile auto brisketai sto /etc/auth-client-config/profile.d/ldap-auth-config )
To -r kanei revert 
auth-client-config, ldap-auth-client (metapackage), ldap-auth-config,libpam-ldap,libnss-ldap
ldap-auth-config : Can be managed by debconf (to debconf se rwtaei kapoia pramata gia to configuration)

!!!!conf arxeia
(Just as quick aside, you should be aware by now that modifying /etc/ldap.conf really only affects the pam_ldap and nss_ldap modules, not ~OpenLDAP itself.  ~OpenLDAP is typically configured elsewhere.)

to /etc/ldap.conf to diabazoun oi ldap client ka8e fora pou kalounte (opws ta commands ldapadd, ldapmodify, ldapsearch - apo to paketo ldap-utils)
All of the OpenLDAP client programs share one common configuration file, /etc/ldap/ldap.conf
''Bazoume HOST sto /etc/ldap/lda.conf''
Sta ldap-utils, o diakopths -d{1,2) kanei debugginf. Opws to debug {0,1,2_ sto /etc/ldap.conf

To documentation gia to /etc/ldap.conf gia oti afora to pam einai sto man pam_ldap. Gia to nss einai sto man nss_ldap
Whilst pam_ldap is generally configured in the system LDAP naming configuration  file  (ldap.conf),  some options  can  be  configured  in  the PAM configuration file, to allow for per-service granularity. These options include the path to the LDAP naming configuration file to use, so in effect all  options  can  be configured on a per-service basis. Options are listed below under PAM Configuration.

8eloume ta local accounts KAI ta ldap accounts KAI apo ta LDAP accounts na isxuoun mono osa einai sto devices group tou LDAP gia sugkekrimeno mhxanhma. To kolpo einai na dhlwsoume sto account type tou pam kai to pam_unix kai to pam_ldap ws required kai na dhlwsoume sto pam_ldap ta orismata ignore_authinfo_unavail kai ignore_unknown_user.

The 'groupdn' parameter should be the dn of a *groupOfUniqueNames*,
not of a posixGroup.  Where is that documented?

Pws allazoume password?
# Se opoio mhxanhma einai ldap client kanoume apla passwd. To nss_ldap analambanei ta upoloipa.

BTW nss and pam should make use of the /etc/ldap/ldap.conf file but it seems they expect it in /etc/openldap/... as the /etc/ldap.conf file states. Its important fact if you want to use ldaps(SSL/TLS encyption).
Mporei na xreiastei auth h plhroforia

Palioteres ekdoseis apo 7.10 gutsy
Ubuntu uses /etc/ldap.conf as libnss-ldap's configuration file

@@ SHMANTIKO - /usr/share/doc/libnss-ldap/README.gz
> I think its extremly important that you have a
> /etc/shadow file so that an ~ObjectClass shadowAccount
> will be created in the ldap database. My experience is
> that without shadowAccount nss_ldap does not work on
> solaris!!

@@Notes about Debian's libldap2 package
>It has been reported that using libnss-ldap can cause a failure to
>unmount /usr on system shutdown.

@@nss-updatedb 'h nscd
> Provides a script which maintanins local caches of user/group dris. Used by DB NSS module (libnss-db) to provide name service when system is offline
>'H nscd
ena apo ta 2

The bind_policy soft option forbids nss_ldap from retrying failed LDAP queries. If the default bind policy is used, LDAP will retry a query several times when the LDAP server is not present. This can cause a pause of several seconds during routine operations.
bind_policy hard retry with exponential backoff
Default bind_timelimit :30 seconds. To ;allaksa se 10sec kai aghnw to bind_policy se hard. Mporei na xreiazetai na allax8ei

''libldap2'': /etc/ldap/ldap.conf. man ldap.conf anaferetai se auto to ldap.conf

''ldap-auth-config VERSION 0.4'': /etc/ldap.conf, /etc/auth-client-config/profile.d/ldap-auth-config (DEBCONF confiures this)

''auth-client-config - Script for modifying nsswitch.conf and pam'': /etc/auth-client-config/profile.d/acc-default

---- Einai kapws outdated bebaia. einai ena overview pou ekshgei pws einai organwmena ta paketa gia ldap client auth sto ubuntu Ekshgei ti kanei to paketo auth-client-config To post ekshgei giati den douleuei to pam_groupdn. H seira, pam_unix so einai la8os. @@ANA8EWRHSH@@ Swsth einai alla to post ~FreeBSD specific. Tsekare to epomeno link kai to NAIIIIIIII header pio panw

[[DIT Design from LDAPCon07|]]
[[LDAP Schema Design|]]


On the fly group assignment
auth    optional
kai bazoume sto /etc/security/group.conf entries opws ta parakatw
@@Warnings when we run slapd with default ACL configuration:@@

"cannot assess the validity of the ACL scope within backend naming context"

Works as intended.  That's a reminder that ACLs (may) scope outside the 
backend they're defined in.  For instance,

access to *
    by * read

can appear anywhere, but it's not quite good inside a backend because it 
also scopes outside.  A more appropriate statement would be

access to dn.subtree=<suffix>
    by * readslapd -g openldap -u openldap -f /etc/ldap/slapd.conf

In some cases (e.g. when using fancy submatches in regex clauses) slapd 
can't quite get the actual scope of a rule; different warnings may 
appear in that case.

@@TLS conf@@
# Ta certificated prepei na einai readable apo ton xrhsth pou trexei o slapd
# Epishs gia ton client prepei na einai readable to certificate 
# To key DEN prepei na einai password protected
# sto slapd.conf bazoume security tls=1 gia na ginei enforce to tls
# Sto /etc/ldap.conf twn clients bazoume start_tls, pou douleuei sto standard ldap port 389
# Sto /etc/ldap.conf exei ena tls_cacerfile alla mallon den douleuei. To arxeio pou prepei na mpei to tls_cacert einai to .etc/ldap/ldap.conf
# sto /etc/ldap/ldap.conf bazoume to baze. Asxeto me tls einai auto
# sto /etc/ldap/ldap.conf bazoume to host. @@SHMANTIKO@@ Gia na ginei swsta to tls certificate checking prepei to CN tou server certificate tou LDAP server na einai idio me to spec tou HOST sto /etc/ldap/ldap.conf. @@DIKLEIDA ASFALEIAS@@ bazoume to fqdn tou LDAP server sto /etc/hosts KA8E client, giati an uparxei mono ston DNS kai o DNS server pesei tote to certificate verification apotugxanei kai ton pinei to conne.
# @@TO EPANALAMBANOUME@@. To /etc/ldap/ldap.conf to xrhsimopoioun ta ldap tools. To /etc/ldap.conf to xrhsimopoipoun to LDAP NSS library kai to LDAP PAM module
# Anoigoume to TLS gia to phpldapadmin

cn,sn,givenName,email ta kanoume index gia equality kai substring matching

Sto /etc/ldap.con
8etoume kai ta nns_base_(passwd,shadow,group) gia xrhsh sta sugkekrimena maps

Set readonlu
Backup the berkleyDB file in /var/lib/ldap
slapcat gia ldif output. Auto mporei na ginei ena polu wraio cron job
To slapcat den xreiazetai authenticate ktl ktl. Einai root only ergaleiaki,afou to slapd.conf einai readable mono apo ton root

ldapsearch options
-x simple bind
-W prompt for passwd
-D binddn
-Z(Z) initiate tls/ssl connection
To monitor backend exei energopoih8ei. 
Xrhsimopoioume to ldapsearch me base cn=Monitor, scope (-s) base/sub/one kai filter '*' (all user app attrs) kai '+' (all operational attrs)
Link to openldap doc

This is only informative, not prescriptive, and it's been in HEAD for at
  Storage proposal

  Storage proposal

  Setup eetn VM on esx1
  Storage research

  SSL Hell, gnutls vs openssl on Ubuntu releases
  Intrepid on noc
  Resolve ~LDAP-FreeRADIUS-VPN

  LDAP SSL integration problems  
  SSL hell

  Parousiash Hitachi
  Setup icybox
  TLS certificates MAYHEM

  TLS slapd <=> freeradius

  Upgrade freeradius
  Recover/Tweak slapd. slapindex

  Recover esx1. Disk's busted.
The format for PrettyLinks allows for links that open local or network folders. Depending on your browser and operating system, the folders are opened in Windows Explorer, the OS X Finder, or the browser itself.

Edit this tiddler to see [[this link to a Windows network share|file://server/share/folder/path/name]], [[this link to a Windows drive-mapped folder|file:///c:/folder/path/name]] and [[this link to a Unix-style folder|file:///folder/path/name]].
Postfix 2.5.5 and kernel 2.6.26-2.

I get several "timed out while receiving the initial server greeting" messages in the mail logs. Some of these messages might be due to tcp window scaling issues, described in [1].

"The details are still being figured out, but it would appear that some routers on the net are rewriting the window scale TCP option on SYN packets as they pass through. In particular, they seem to be setting the scale factor to zero, but leaving the option in place. The receiving side sees the option, and responds with a window scale factor of its own. At this point, the initiating system believes that its scale factor has been accepted, and scales its windows accordingly. The other end, however, believes that the scale factor is zero. The result is a misunderstanding over the real size of the receive window, with the system behind the firewall believing it to be much smaller than it really is. If the expected scale factor (and thus the discrepancy) is large, the result is, at best, very slow communication. In many cases, the small window can cause no packets to be transmitted at all, breaking TCP between the two affected systems entirely. " [1]

If your harddrive spins down and spins up again your ~Load_Cycle_Count increases by one. If your harddrive head parks and unparks again your ~Load_Cycle_Count increases by one. This is done to save power. Laptop harddrives can handle a limited number of ~Load_Cycles. Most of harddrives can handle at least 600.000 ~Load_Cycles but you should look it up for your specific model.
 From the 2.3.13 Release Notes:

[Feature 20051103] This release makes a beginning with a series of new attributes in Postfix logfile records.
{{indent{Better insight into the nature of performance bottle necks, with detailed logging of delays in various stages of message delivery. Postfix logs additional delay information as "delays=a/b/c/d" where a=time before queue manager, including message transmission; b=time in queue manager; c=connection setup time including DNS, HELO and TLS; d=message transmission time. }}}
!!!!!On my desktop
* Still can't enable special effects.
@@UPDATE@@ install compiz and compiz config packages. Enable Desktop Wall and Viewport Switcher. Disable Static Application Switcher, Put
!!!!!On my ~MacBook, 5.1
* Very slow DNS resolving. Ended up in using the Forthnet DNS server on both wired and wireless connections
* The wireless STA Broadcom bcm43xx driver seems to be doing fine. But I cannot get an ~IPv4 address from my DHCP. So I ended up setting an IP address manually.
** bcmwl-kernel-source is the STA driver package. Install it and can set and unset it via Administration->Hardware Drivers.
** There is an b43 open source driver kernel module. I had to remove it from being blacklisted. Tried it, doesn't work.
Open ~CompizConfig Settings Manager and go to the Scale plugin. In its Key Bindings set the key or mouse position for Initiate Window Picker to enable an effect similar to the Apple Mac OS X //Exposé// effect.
[[Macros]] let you write tiddlers containing more exotic objects than just text. Built-in macros include:
* NewJournalMacro and NewTiddlerMacro
* GradientMacro
* [[Sparklines]]
* TabMacro
* TaggingMacro
* TodayMacro
* ToolbarMacro

Google: mailman "virtual domain"'

In /etc/mailman/ insert a line like the following:

Virtual domain support has to be configured in Postfix. Usually, this involves 2 things:
* Add the domain name in virtual_alias_domains.
* When a new list is created with a mailhost different than the one specified in, a /var/lib/mailman/data/virtual-mailman file is created. This has to be added in virtual_alias_maps.

The way to create a new list in a virtual domain is to use the option in the newlist script in /usr/share/mailman/bin.

The only downside, and an important one, is that mailman resolves lists only by their list name. This means that the lists and are essentially the same list ( or are handled as being the same ). Messages sent in the first list end up in the second list as well.
[[Βοήθεια χρήσης]]
[[Τα bookmarks μου|]]
[[ Google Starred|]]
[[Google Shared|]]
Go to
AFP port is 548, keep that in mind in case of firewall issues.
Also scan the replies to that post, if an -5002 error occurs
{{{cat /dev/<cdrom-device>  > image.iso}}}
* User must be member of the cdrom group to read it
* CD/DVD must NOT be mounted. Strange, I'd expect it to be the opposite.
<META name="description" content="this is my webpad I try to use it as an activity log, mostly at work. I am a sysadmin working with ubuntu, cisco, some solaris. In my spare free time at the office I'm playing with Ruby.">
<META name="keywords" content="vassilis vatikiotis, bill vatikiotis, sysadmin, ubuntu, cisco, solaris, Ruby on Rails, my books, greece, disability, TiddlyWiki, aikido, sailing, greece">

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "' type='text/javascript'%3E%3C/script%3E"));
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-10524718-2");
} catch(err) {}</script>

<link rel='alternate' type='application/rss+xml' title='RSS' href='index.xml'/>

Javascript is disabled. Enable it if you want to see this page
Η Javascript είναι απενεργοποιημένη. Ενεργοποίησε την για να δεις τη σελίδα

<style type="text/css">#contentWrapper {display:none;}</style>

<div id="SplashScreen" style="font-size: 22px;  text-align:center;
border:0px solid #000 ;-moz-border-radius:1em; display:block; 
margin: 100px auto; padding: 20px;
Page is loading<blink>...</blink>

/etc/ldap/slapd.conf doesn't seem to work anymore. So I need to migrate the configuration to runtime configuration (RTC).

Migration didn't go smoothly, as aptitude failed with several errors. So a basic step-by-step migration would be:
# Delete slapd.d directory. Ubuntu uses slapd.conf directory instead.
# Rename slapd.conf file and mkdir a slapd.conf directory
# Edit the renamed slapd.conf file and add, after the backend declaration and before the first data declaration the following:{{{
database config
rootdn "cn=config"
rootpw {SSHA}Z1DoFXMEQ0BAk+958YIZGkTjkWkN7P6s
# The hashed password in rootpw declaration can be obtained from slappasswd.
# Issue the following to convert the configuration file to the RTC: {{{
slaptest -f <the-renamed-slapd.conf> -F slapd.conf
# Mind the slapd.conf directory and its contents' ownership and permissions.
# To have ~phpMyLDAP show cn=config branch properly, modify config.php as follows: {{{$ldapservers->SetValue($i,'server','base',array('cn=config', 'dc=example,dc=com'));}}}
# Make sure that only cn=config has rights to read/write the RTC. Noone else should. This could be accomplished prior to the migration by a standard "access to * bydn=... write by * none" rule but it's safer to do it after the migration, at the olcAccess attribute at the olcDatabase={0}config,cn=config branch.
** Set olcAccess to {0}to *  by dn.exact="cn=config" write  by * none.
Check out [[Coding Horror|]] and see how more than one monitors can increase productivity.

I've been a convert for 4 months now.


I can't recommended it highly enough. 

[[Computer Display Calibration]]
In monospaced text, also known as non-proportional text, all the characters are of an equal width. So while in a normal font, i is thinner than W is, in {{{monospaced text, i and W are the same width}}}. It is primarily used in programming manuals and sites to identify blocks of code. 

Also, <<tag Formatting>> and [[macros|Macros]] that are in a monospaced block are not executed. For example:


To add a monotype text block, enclose the text in triple squiggly-brackets: 
{{{This is monotype}}}
|Author|Eric Shulman - ELS Design Studios|
|License| <br>and [[Creative Commons Attribution-ShareAlike 2.5 License|]]|
|Description|drag/stretch 'floating sliders' and other page elements|
Adds move and size mouse event handling and fold/unfold, and close/dock toolbar command items to any floating slider panel or tiddler element
>see [[MoveablePanelPluginInfo]]
!!!!!Revision History
2008.01.08 [*.*.*] plugin size reduction: documentation moved to ...Info and ...History tiddlers
2007.12.30 [2.1.0] added 'noedges' option for alternative 'grab handles' (top=move, bottom-right=resize)
|please see [[MoveablePanelPluginHistory]] for additional revision details|
''2006.03.04 [1.0.0]'' Initial public release
version.extensions.moveablePanel= {major: 2, minor: 1, revision: 0, date: new Date(2007,12,30)};
config.macros.moveablePanel= { 
	handler: function(place,macroName,params) {
		var p=this.getPanel(place); if (!p) return;
		var showfold=true; var showclose=true; var showhover=true;
		var noedges=false; var param=null;
		while (param=params.shift()) { param=param.toLowerCase();
			if (param=="noclose") showclose=false;
			if (param=="nofold") showfold=false;
			if (param=="nohover") showhover=false;
			if (param=="noedges") noedges=true;
		if (!p.saved) p.saved= { // remember original panel event handlers, size, location, border
			mouseover: p.onmouseover, mouseout: p.onmouseout, dblclick: p.ondblclick,
			top:, left:, width:, height:,
			position:, border:, title: p.title,
			transient: p.getAttribute("transient")
		// create control menu items
		var html='<div class="toolbar" style="display:none;position:absolute;';
		var s='border:1px solid #666;background:#ccc;color:#666 !important;padding:0px .25em;-moz-border-radius:0px';
		if (showfold)
			html+='<a href="javascript:;" title="FOLD: reduce panel size" style="'+s+'"'
				+' onclick="return config.macros.moveablePanel.foldPanel(this,event)">&minus;</a>';
		if (showhover)
			html+='<a href="javascript:;" title="SCROLLING: panel moves with page" style="'+s+'"'
				+' onclick="return config.macros.moveablePanel.hoverPanel(this,event)">=</a>';
		if (showclose) {
			if (hasClass(p,"floatingPanel"))
				html+='<a href="javascript:;" title="CLOSE: hide panel and reset size/position" style="'+s+'"'
					+' onclick="return config.macros.moveablePanel.closePanel(this,event)">X</a>';
				html+='<a href="javascript:;" title="DOCK: reset panel size/position" style="'+s+'"'
					+' onclick="return config.macros.moveablePanel.dockPanel(this,event)">&radic;</a>';

		// init mouse handling and tooltip
		p.setAttribute("noedges",noedges?"true":"false"); // for alternative mouseover/drag handling
		p.onmousemove=function(event) { return config.macros.moveablePanel.setCursorPanel(this,event); };
		p.onmousedown=function(event) { return config.macros.moveablePanel.moveOrSizePanel(this,event); };
		p.ondblclick=function(event) { // DOUBLE-CLICK = DOCK
			if (p.getAttribute("noedges")=="true" && !((isTop&&!isLeft&&!isRight)||(isBottom&&isRight))) // not over grab handles
				return p.saved.dblclick?p.saved.dblclick.apply(this,arguments):true;
			if (!config.macros.moveablePanel.isEdge(this,event)) // not over edge
				return p.saved.dblclick?p.saved.dblclick.apply(this,arguments):true;
			if (config.macros.moveablePanel.dockPanel(this,event)) // not docking
				return p.saved.dblclick?p.saved.dblclick.apply(this,arguments):true;
			else return false; // docked... done.
		p.onmouseover=function(event) { // MOUSEOVER = SHOW MENU ITEMS
			if(addClass instanceof Function)
				addClass(this,"selected"); // so toolbar-classed items will display
			if (this.getAttribute("undocked")=="true"||hasClass(this,"floatingPanel"))"inline";
			if (this.saved.mouseover) return this.saved.mouseover.apply(this,arguments);
		p.onmouseout=function(event) { // MOUSEOUT = HIDE MENU ITEMS
			if(removeClass instanceof Function)
				removeClass(this,"selected"); // so toolbar-classed items are hidden again
			if (this.menudiv)"none";
			if (this.saved.mouseout) return this.saved.mouseout.apply(this,arguments);

		// FIXUP for "floating sliders" (see NestedSlidersPlugin)
		// prevent automatic trigger of adjustSliderPos() for mouse events on floating slider panel/button
		// and make sure that slider button causes moveable panel to be close AND docked (if needed)
		if (hasClass(p,"floatingPanel") && p.button) {
			p.saved.mouseover=null; // discard previous mouse event handlers to prevent
			p.saved.mouseout=null; // automatic triggering of adjustSliderPos() for mouseovers
			p.button.onmouseover=null; // on slider panel and slider button
			if(!p.button.saved_onclick) p.button.saved_onclick=p.button.onclick; // HIJACK SLIDER BUTTON
				config.macros.moveablePanel.dockPanel(this.sliderPanel,ev); // DOCK PANEL FIRST...
				return this.saved_onclick.apply(this,arguments); // ...THEN CLOSE IT
	processed: function(event) {
		event.cancelBubble=true; if (event.stopPropagation) event.stopPropagation(); return false;
	getPanel: function(place) {
		// find a floating panel or use containing element
		var p=place; while (p && !(hasClass(p,"floatingPanel")||p.saved)) p=p.parentNode;
		return p||place;
	isEdge: function(place,event) {
		if (!event) var event=window.event;
		var p=this.getPanel(place); if (!p) return false;
		var left=findPosX(p); var top=findPosY(p);
		var width=p.offsetWidth; var height=p.offsetHeight;
		var x=!config.browser.isIE?event.pageX:event.clientX;
		var y=!config.browser.isIE?event.pageY:event.clientY;
		if (x<left||x>=left+width||y<top||y>=top+height) return false;
		var edgeWidth=10; var edgeHeight=10;
		var isTop=(y-top<edgeHeight); var isLeft=(x-left<edgeWidth);
		var isBottom=(top+height-y<edgeHeight); var isRight=(left+width-x<edgeWidth);
		return isTop||isLeft||isBottom||isRight;
	dockPanel: function(place,event) {
		if (!event) var event=window.event;
		var p=this.getPanel(place); if (!p) return true;
		if (p.folded) this.foldPanel(p.foldButton,event); 
		if (p.hover) this.hoverPanel(p.hoverButton,event); 
		if (p.saved) {;;;;;
			if (p.saved.transient) p.setAttribute("transient","true");
		if (hasClass(p,"floatingPanel") && window.adjustSliderPos) // see NestedSlidersPlugin
		return this.processed(event);
	closePanel: function(place,event) {
		var p=this.getPanel(place); if (!p) return true;
		// if a slider button exists close the panel by calling slider button handler
		if (p.button) { p.button.focus(); onClickNestedSlider({target:p.button}); }
		return this.dockPanel(place,event); // and then reset panel state
	foldPanel: function(place,event) {
		if (!event) var event=window.event;
		var p=this.getPanel(place); if (!p) return true;
		if (!p.foldButton) p.foldButton=place;
		if (p.folded) {;;
			if (!hasClass(p,"floatingPanel"))"-1em";
		} else {;"1em";;"hidden";
			if (!hasClass(p,"floatingPanel"))"1em";
		place.title=p.folded?"UNFOLD: restore panel size":"FOLD: reduce panel size";
		return this.processed(event);
	hoverPanel: function(place,event) {
		if (!event) var event=window.event;
		var p=this.getPanel(place); if (!p) return true;
		if (!p.hoverButton) p.hoverButton=place;
		if (p.hover) {;
			if (p.getAttribute("undocked")!="true" && p.saved && p.saved.transient)
				p.setAttribute("transient","true"); // see NestedSlidersPlugin
		} else {;"fixed";
			if (p.saved.transient) p.setAttribute("transient","false");
		place.title=p.hover?"HOVERING: panel stays in view when scrolling page":"SCROLLING: panel moves with page";
		return this.processed(event);
	setCursorPanel: function(place,event) {
		if (!event) var event=window.event;
		var p=this.getPanel(place); if (!p) return true;
		var left=findPosX(p); var top=findPosY(p);
		var width=p.offsetWidth; var height=p.offsetHeight;
		var x=!config.browser.isIE?event.pageX:event.clientX;
		var y=!config.browser.isIE?event.pageY:event.clientY;
		if (x<left||x>=left+width||y<top||y>=top+height) return true; // not inside panel, let mousedown bubble through
		var edgeWidth=10; var edgeHeight=10;
		var isTop=(y-top<edgeHeight); var isLeft=(x-left<edgeWidth);
		var isBottom=(top+height-y<edgeHeight); var isRight=(left+width-x<edgeWidth);"auto";
		if (!(isTop||isLeft||isBottom||isRight)) return true;
		if (p.getAttribute("noedges")=="true") {
			if (isTop&&!isLeft&&!isRight) {"move";
				p.title="MOVE: drag top panel edge"
					+(p.getAttribute("undocked")=="true"?", DOCK: double-click":"");
			} else if (isBottom && isRight) {"se-resize";
				p.title="RESIZE: drag lower right corner"
					+(p.getAttribute("undocked")=="true"?", DOCK: double-click":"");
		} else {!event.shiftKey?"move":((isTop?'n':(isBottom?'s':''))+(isLeft?'w':(isRight?'e':''))+'-resize');
			p.title="MOVE: drag panel edge, RESIZE: hold shift key"
				+(p.getAttribute("undocked")=="true"?", DOCK: double-click":"");
		return true; // let mouseover event bubble through
	moveOrSizePanel: function(place,event) {
		if (!event) var event=window.event;
		var p=this.getPanel(place); if (!p) return true;
		if (!this.isEdge(place,event)) return true;
		if (!p.saved) p.saved= { // remember original panel event handlers, size, location, border
			mouseover: p.onmouseover, mouseout: p.onmouseout, dblclick: p.ondblclick,
			top:, left:, width:, height:,
			position:, border:, transient: p.getAttribute("transient")
		var left=findPosX(p); var top=findPosY(p);
		var width=p.offsetWidth; var height=p.offsetHeight;
		var x=!config.browser.isIE?event.pageX:event.clientX;
		var y=!config.browser.isIE?event.pageY:event.clientY;
		var edgeWidth=10; var edgeHeight=10;
		var isTop=(y-top<edgeHeight); var isLeft=(x-left<edgeWidth);
		var isBottom=(top+height-y<edgeHeight); var isRight=(left+width-x<edgeWidth);
		var sizing=event.shiftKey; // remember this for use during mousemove tracking
		if (p.getAttribute("noedges")=="true") {
			if (!((isTop&&!isLeft&&!isRight)||(isBottom&&isRight))) return true; // not over grab handle
			var sizing=isBottom&&isRight;
		var adjustLeft=0; var adjustTop=0;
		// adjustment for relative container
		var pp=p.parentNode; while (pp && !('relative')) pp=pp.parentNode;
		if (pp) { adjustLeft+=findPosX(pp); adjustTop+=findPosY(pp); }
		// adjustment for floating slider container
		var pp=p.parentNode; while (pp && !hasClass(pp,"floatingPanel")) pp=pp.parentNode;
		if (pp) { adjustLeft+=findPosX(pp); adjustTop+=findPosY(pp); }
		// start tracking mousemove events
		var target=p; // if 'capture' handling not supported, track within panel only
		if (document.body.setCapture) { document.body.setCapture(); var target=document.body; } // IE
		if (window.captureEvents) { window.captureEvents(Event.MouseMove|Event.MouseUp,true); var target=window; } // moz
		if (target.onmousemove!=undefined) target.saved_mousemove=target.onmousemove;
			if (!e) var e=window.event;
			var p=config.macros.moveablePanel.activepanel;
			if (!p) { this.onmousemove=this.saved_mousemove?this.saved_mousemove:null; return; }
			// PROBLEM: p.offsetWidth and p.offsetHeight do not seem to account for padding or borders
			// WORKAROUND: subtract padding and border (in px) when calculating new panel width and height
			// TBD: get these values from convert to px as needed.
			var paddingWidth=10.6667; var paddingHeight=10.6667;
			var borderWidth=1; var borderHeight=1;
			var adjustWidth=-(paddingWidth*2+borderWidth*2);
			var adjustHeight=-(paddingHeight*2+borderHeight*2);
			if (!="absolute"&&!="fixed") {
				// convert static/relative panel to movable absolute panel"absolute";"px";"px";"px";"px";
			var newX=!config.browser.isIE?e.pageX:e.clientX;
			var newY=!config.browser.isIE?e.pageY:e.clientY;
			if (sizing) { // resize panel
				// don't let panel get smaller than edge "grab" zones
				var minWidth=edgeWidth*2-adjustWidth;
				var minHeight=edgeHeight*2-adjustHeight;
				if (p.folded) this.foldPanel(p.foldButton,e); // make sure panel is unfolded
				if (isBottom) var newHeight=height+newY-y+1;
				if (isTop) var newHeight=height-newY+y+1;
				if (isLeft) var newWidth=width-newX+x+1;
				if (isRight) var newWidth=width+newX-x+1;
				if (isLeft||isRight)>minWidth?newWidth:minWidth)+adjustWidth+"px";
				if (isLeft)"px";
				if (isTop||isBottom)>minHeight?newHeight:minHeight)+adjustHeight+"px";
				if (isTop)"px";
			} else { // move panel"px";"px";
				if (p.saved && p.saved.transient) p.setAttribute("transient","false");
			var status=sizing?("size: "",""pos: "",";
			window.status=status.replace(/(\.[0-9]+)|px/g,""); // remove decimals and "px"
			return config.macros.moveablePanel.processed(e);
		// stop tracking mousemove events
		if (target.onmouseup!=undefined) target.saved_mouseup=target.onmouseup;
			if (!e) var e=window.event;
			if (this.releaseCapture) this.releaseCapture(); // IE
			if (this.releaseEvents) this.releaseEvents(Event.MouseMove|Event.MouseUp); // moz
			return config.macros.moveablePanel.processed(e);
		return this.processed(event); // mousedown handled
Found on Experts Exchange

When you're using NFS, the underlying filesystem does not matter, as long as the NFS server understands that filesystem. NFS abstracts the underlying filesystem and changes the locking mechanism to simultaneous access to the filesystem. ext3, just like NTFS does not allow simultaneous access from multiple hosts, unless the host connects over SMB/CIFS for Windows, or NFS for *nix. That's why VMFS is considered a cluster filesystem, because it provides a mechanism for multiple host simultaneous access.

Remember, when you vmotion, the hosts still don't simultaneously write to the vmdk file, scsi and/or nfs locks are changed between hosts so only one host tries write operations at any one time.

Performance will depend on your network, and not so much on the locks, I would imagine, as file servers using NFS and/or CIFS/SMB are accessed by hundreds of clients in the rest of the world.
* Mount nfs share with noac, cause dovecot 1.0 doesn't support flushing nfs caches
* Specify all IP addresses in dfstab and shareall in nfs server (solaris specific, I think)
* All indexes in local storage, under mbox directory, mmap_disable is set accordingly in dovecot.conf
|Author|Eric Shulman - ELS Design Studios|
|License| <br>and [[Creative Commons Attribution-ShareAlike 2.5 License|]]|
|Description|show content in nest-able sliding/floating panels, without creating separate tiddlers for each panel's content|
This plugin adds new wiki syntax for embedding 'slider' panels directly into tiddler content.  
>see [[NestedSlidersPluginInfo]]
Enable animation for slider panels
<<option chkFloatingSlidersAnimate>> allow sliders to animate when opening/closing
>(note: This setting is in //addition// to the general option for enabling/disabling animation effects:
><<option chkAnimate>> enable animations (entire document)
>For slider animation to occur, you must also allow animation in general.

Debugging messages for 'lazy sliders' deferred rendering:
<<option chkDebugLazySliderDefer>> show debugging alert when deferring slider rendering
<<option chkDebugLazySliderRender>> show debugging alert when deferred slider is actually rendered
!!!!!Revision History
''2008.01.08 [*.*.*]'' plugin size reduction: documentation moved to ...Info and ...History tiddlers
''2007.12.28 - 2.3.4'' added hijack for Animator.prototype.startAnimating().  Previously, the plugin code simply set the overflow to "visible" after animation.  This code tweak corrects handling of elements that were styled with overflow=hidden/auto/scroll before animation by saving the overflow style and then restoring it after animation has completed.
|please see [[NestedSlidersPluginHistory]] for additional revision details|
''2005.11.03 - 1.0.0'' initial public release.  Thanks to RodneyGomes, GeoffSlocock, and PaulPetterson for suggestions and experiments.
version.extensions.nestedSliders = {major: 2, minor: 3, revision: 4, date: new Date(2007,12,28)};

// options for deferred rendering of sliders that are not initially displayed
if (config.options.chkDebugLazySliderDefer==undefined) config.options.chkDebugLazySliderDefer=false;
if (config.options.chkDebugLazySliderRender==undefined) config.options.chkDebugLazySliderRender=false;
if (config.options.chkFloatingSlidersAnimate==undefined) config.options.chkFloatingSlidersAnimate=false;

// default styles for 'floating' class
setStylesheet(".floatingPanel { position:absolute; z-index:10; padding:0.5em; margin:0em; \
	background-color:#eee; color:#000; border:1px solid #000; text-align:left; }","floatingPanelStylesheet");

config.formatters.push( {
	name: "nestedSliders",
	match: "\\n?\\+{3}",
	terminator: "\\s*\\={3}\\n?",
	lookahead: "\\n?\\+{3}(\\+)?(\\([^\\)]*\\))?(\\!*)?(\\^(?:[^\\^\\*\\[\\>]*\\^)?)?(\\*)?(?:\\{\\{([\\w]+[\\s\\w]*)\\{)?(\\[[^\\]]*\\])?(\\[[^\\]]*\\])?(?:\\}{3})?(\\#[^:]*\\:)?(\\>)?(\\.\\.\\.)?\\s*",
	handler: function(w)
			lookaheadRegExp = new RegExp(this.lookahead,"mg");
			lookaheadRegExp.lastIndex = w.matchStart;
			var lookaheadMatch = lookaheadRegExp.exec(w.source)
			if(lookaheadMatch && lookaheadMatch.index == w.matchStart)
				// var defopen=lookaheadMatch[1]
				// var cookiename=lookaheadMatch[2]
				// var header=lookaheadMatch[3]
				// var panelwidth=lookaheadMatch[4]
				// var transient=lookaheadMatch[5]
				// var class=lookaheadMatch[6]
				// var label=lookaheadMatch[7]
				// var openlabel=lookaheadMatch[8]
				// var panelID=lookaheadMatch[9]
				// var blockquote=lookaheadMatch[10]
				// var deferred=lookaheadMatch[11]

				// location for rendering button and panel
				var place=w.output;

				// default to closed, no cookie, no accesskey, no alternate text/tip
				var show="none"; var cookie=""; var key="";
				var closedtext=">"; var closedtip="";
				var openedtext="<"; var openedtip="";

				// extra "+", default to open
				if (lookaheadMatch[1]) show="block";

				// cookie, use saved open/closed state
				if (lookaheadMatch[2]) {
					if (config.options[cookie]==undefined)
						{ config.options[cookie] = (show=="block") }

				// parse label/tooltip/accesskey: [label=X|tooltip]
				if (lookaheadMatch[7]) {
					var parts=lookaheadMatch[7].trim().slice(1,-1).split("|");
					if (closedtext.substr(closedtext.length-2,1)=="=")	
						{ key=closedtext.substr(closedtext.length-1,1); closedtext=closedtext.slice(0,-2); }
					if (parts.length) closedtip=openedtip=parts.join("|");
					else { closedtip="show "+closedtext; openedtip="hide "+closedtext; }

				// parse alternate label/tooltip: [label|tooltip]
				if (lookaheadMatch[8]) {
					var parts=lookaheadMatch[8].trim().slice(1,-1).split("|");
					if (parts.length) openedtip=parts.join("|");
					else openedtip="hide "+openedtext;

				var title=show=='block'?openedtext:closedtext;
				var tooltip=show=='block'?openedtip:closedtip;

				// create the button
				if (lookaheadMatch[3]) { // use "Hn" header format instead of button/link
					var lvl=(lookaheadMatch[3].length>6)?6:lookaheadMatch[3].length;
					var btn = createTiddlyElement(createTiddlyElement(place,"h"+lvl,null,null,null),"a",null,lookaheadMatch[6],title);
					var btn = createTiddlyButton(place,title,tooltip,onClickNestedSlider,lookaheadMatch[6]);
				btn.innerHTML=title; // enables use of HTML entities in label

				// set extra button attributes
				btn.sliderCookie = cookie; // save the cookiename (if any) in the button object
				btn.defOpen=lookaheadMatch[1]!=null; // save default open/closed state (boolean)
				btn.keyparam=key; // save the access key letter ("" if none)
				if (key.length) {
					btn.setAttribute("accessKey",key); // init access key
					btn.onfocus=function(){this.setAttribute("accessKey",this.keyparam);}; // **reclaim** access key on focus
				btn.onmouseover=function(event) // mouseover on button aligns floater position with button
					{ if (window.adjustSliderPos) window.adjustSliderPos(this.parentNode,this,this.sliderPanel); }

				// create slider panel
				var panelClass=lookaheadMatch[4]?"floatingPanel":"sliderPanel";
				var panelID=lookaheadMatch[9]; if (panelID) panelID=panelID.slice(1,-1); // trim off delimiters
				var panel=createTiddlyElement(place,"div",panelID,panelClass,null);
				panel.button = btn; // so the slider panel know which button it belongs to
				btn.sliderPanel=panel; // so the button knows which slider panel it belongs to
				panel.defaultPanelWidth=(lookaheadMatch[4] && lookaheadMatch[4].length>2)?lookaheadMatch[4].slice(1,-1):"";
				panel.setAttribute("transient",lookaheadMatch[5]=="*"?"true":"false"); = show;;
				panel.onmouseover=function(event) // mouseover on panel aligns floater position with button
					{ if (window.adjustSliderPos) window.adjustSliderPos(this.parentNode,this.button,this); }

				// render slider (or defer until shown) 
				w.nextMatch = lookaheadMatch.index + lookaheadMatch[0].length;
				if ((show=="block")||!lookaheadMatch[11]) {
					// render now if panel is supposed to be shown or NOT deferred rendering
					// align floater position with button
					if (window.adjustSliderPos) window.adjustSliderPos(place,btn,panel);
				else {
					var src = w.source.substr(w.nextMatch);
					var endpos=findMatchingDelimiter(src,"+++","===");
					w.nextMatch += endpos+3;
					if (w.source.substr(w.nextMatch,1)=="\n") w.nextMatch++;
					if (config.options.chkDebugLazySliderDefer) alert("deferred '"+title+"':\n\n"+panel.getAttribute("raw"));

// TBD: ignore 'quoted' delimiters (e.g., "{{{+++foo===}}}" isn't really a slider)
function findMatchingDelimiter(src,starttext,endtext) {
	var startpos = 0;
	var endpos = src.indexOf(endtext);
	// check for nested delimiters
	while (src.substring(startpos,endpos-1).indexOf(starttext)!=-1) {
		// count number of nested 'starts'
		var startcount=0;
		var temp = src.substring(startpos,endpos-1);
		var pos=temp.indexOf(starttext);
		while (pos!=-1)  { startcount++; pos=temp.indexOf(starttext,pos+starttext.length); }
		// set up to check for additional 'starts' after adjusting endpos
		// find endpos for corresponding number of matching 'ends'
		while (startcount && endpos!=-1) {
			endpos = src.indexOf(endtext,endpos+endtext.length);
	return (endpos==-1)?src.length:endpos;

	if (!e) var e = window.event;
	var theTarget = resolveTarget(e);
	var theLabel =;
	var theSlider = theTarget.sliderPanel
	var isOpen =!="none";

	// toggle label
	// toggle tooltip

	// deferred rendering (if needed)
	if (theSlider.getAttribute("rendered")=="false") {
		if (config.options.chkDebugLazySliderRender)
			alert("rendering '"+theLabel+"':\n\n"+theSlider.getAttribute("raw"));
		var place=theSlider;
		if (theSlider.getAttribute("blockquote")=="true")
	// show/hide the slider
	if(config.options.chkAnimate && (!hasClass(theSlider,'floatingPanel') || config.options.chkFloatingSlidersAnimate))
		anim.startAnimating(new Slider(theSlider,!isOpen,e.shiftKey || e.altKey,"none"));
	else = isOpen ? "none" : "block";
	// reset to default width (might have been changed via plugin code);
	// align floater panel position with target button
	if (!isOpen && window.adjustSliderPos) window.adjustSliderPos(theSlider.parentNode,theTarget,theSlider);
	// if showing panel, set focus to first 'focus-able' element in panel
	if (!="none") {
		var ctrls=theSlider.getElementsByTagName("*");
		for (var c=0; c<ctrls.length; c++) {
			var t=ctrls[c].tagName.toLowerCase();
			if ((t=="input" && ctrls[c].type!="hidden") || t=="textarea" || t=="select")
				{ ctrls[c].focus(); break; }
	var cookie=theTarget.sliderCookie;
	if (cookie && cookie.length) {
		if (config.options[cookie]!=theTarget.defOpen)
		else { // remove cookie if slider is in default display state
			var ex=new Date(); ex.setTime(ex.getTime()-1000);
			document.cookie = cookie+"=novalue; path=/; expires="+ex.toGMTString();
	// prevent SHIFT-CLICK from being processed by browser (opens blank window... yuck!)
	// but allow plain click to bubble up to page background (to dismiss open popup, if any)
	if (e.shiftKey) { e.cancelBubble=true; if (e.stopPropagation) e.stopPropagation(); }
	return false;

// click in document background closes transient panels 
document.onclick=function(ev) { if (!ev) var ev=window.event; var target=resolveTarget(ev);
	// call original click handler
	if (document.nestedSliders_savedOnClick)
		var retval=document.nestedSliders_savedOnClick.apply(this,arguments);
	// if click was inside transient panel (or something contained by a transient panel)... leave it alone
	var p=target;
	while (p)
		if ((hasClass(p,"floatingPanel")||hasClass(p,"sliderPanel"))&&p.getAttribute("transient")=="true") break;
		else p=p.parentNode;
	if (p) return retval;
	// otherwise, find and close all transient panels...
	var all=document.all?document.all:document.getElementsByTagName("DIV");
	for (var i=0; i<all.length; i++) {
		 // if it is not a transient panel, or the click was on the button that opened this panel, don't close it.
		if (all[i].getAttribute("transient")!="true" || all[i].button==target) continue;
		// otherwise, if the panel is currently visible, close it by clicking it's button
		if (all[i].style.display!="none") window.onClickNestedSlider({target:all[i].button}) 
	return retval;

// adjust floating panel position based on button position
if (window.adjustSliderPos==undefined) window.adjustSliderPos=function(place,btn,panel) {
	if (hasClass(panel,"floatingPanel")) {
		var left=0;
		var top=btn.offsetHeight; 
		if (!="relative") {
			var left=findPosX(btn);
			var top=findPosY(btn)+btn.offsetHeight;
			var p=place; while (p && !hasClass(p,'floatingPanel')) p=p.parentNode;
			if (p) { left-=findPosX(p); top-=findPosY(p); }
		if (findPosX(btn)+panel.offsetWidth > getWindowWidth())  // adjust position to stay inside right window edge
			left-=findPosX(btn)+panel.offsetWidth-getWindowWidth()+15; // add extra 15px 'fudge factor'"px";"px";

function getWindowWidth() {
		return document.width; // moz (FF)
	if(document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) )
		return document.documentElement.clientWidth; // IE6
	if(document.body && ( document.body.clientWidth || document.body.clientHeight ) )
		return document.body.clientWidth; // IE4
		return window.innerWidth; // IE - general
	return 0; // unknown

// TW2.1 and earlier:
// hijack Slider animation handler 'stop' handler so overflow is visible after animation has completed
Slider.prototype.coreStop = Slider.prototype.stop;
Slider.prototype.stop = function()
	{ this.coreStop.apply(this,arguments); = "visible"; }

// TW2.2+
// hijack start/stop handlers so overflow style is saved and restored after animation has completed
if (version.major+.1*version.minor+.01*version.revision>=2.2) {
	Animator.prototype.core_startAnimating = Animator.prototype.startAnimating;
	Animator.prototype.startAnimating = function() {
		for(var t=0; t<arguments.length; t++)
		return this.core_startAnimating.apply(this,arguments);
	Morpher.prototype.coreStop = Morpher.prototype.stop;
	Morpher.prototype.stop = function() {
		this.coreStop.apply(this,arguments); = this.element.save_overflow||"visible";
|Author|Eric Shulman - ELS Design Studios|
|License| <br>and [[Creative Commons Attribution-ShareAlike 2.5 License|]]|
|Description|Quickly create new TiddlyWiki documents from your existing document, with just one click|

Use the {{{<<newDocument>>}}} macro to place a "new document" link into your sidebar/mainmenu/any tiddler (wherever you like).  Select this command to automatically create a "new.html" document containing a specific set of tagged tiddlers.  Optional parameters let you specify an alternate path/filename for the new file, or different tags to match.  You can also indicate "ask" for either parameter, which will  trigger a prompt for input when the command is selected.

{{{<<newDocument label:text prompt:text filename tag tag tag...>>}}}
{{{<<newDocument label:text prompt:text filename all>>}}}
{{{<<newDocument label:text prompt:text filename snap ID>>}}}
{{{<<newDocument label:text prompt:text filename snap here>>}}}
{{{<<newDocument label:text prompt:text nofile print ID>>}}}
{{{<<newDocument label:text prompt:text nofile print here>>}}}
* ''label:text'' defines //optional// alternative link text (replaces default "new document" display)
* ''prompt:text'' defines //optional// alternative tooltip text for 'mouseover' prompting (replaces default hard-coded tooltip text)
* ''filename'' is any local path-and-filename.  If no parameters are provided, the default is to create the file "new.html" in the current directory.  If a filename is provided without a path (i.e., there is no "/" in the input), then the current directory is also assumed.  Otherwise, this parameter is expected to contain the complete path and filename needed to write the file to your local hard disk.  If ''ask'' is used in place of the filename parameter then, when the command link is selected, a message box will be automatically displayed so you can select/enter the path and filename.
* ''tag tag tag...'' is a list of one or more space-separated tags (use quotes or {{{[[]]}}} around tags that contain spaces).  The new document will include all tiddlers that match at least one of the tags in the list.  The default is to include tiddlers tagged with <<tag includeNew>>.    The special value ''all'' may be used to match every tiddler (even those without tags).   If ''ask'' is used in place of the tags then, when the command link is selected, a message box will be automatically displayed so you can enter the desired tags at that time.
* When you use the keyword ''snap'' in place of the tags, you can generate a file containing the //rendered//  CSS-and-HTML that is currently being displayed in browser.  By default, the snapshop uses the 'contentWrapper' DOM element ID to automatically include all the TiddlyWiki elements, such as the sidebars and header, in addition to the center 'story' column containing the tiddler content.
* When you use the keyword ''print'' in place of the tags, a snapshot is generated, but the contents are not written to a file.  Instead, they are displayed in a separate browser tab/window, and the print dialog for that tab/window is automatically invoked.
* You can limit the snapshot to capture only a portion of the rendered TiddlyWiki elements by specifiying an optional alternate DOM element ID, such as "displayArea" (the entire center 'story' column) or even just a single tiddler (e.g., "tidderMyTiddlerTitle", assuming that "MyTiddlerTitle" is currently displayed).  Only the portions of the document that are contained //within// the specified DOM element will be transcribed to the resulting snapshot file.  If ''ask'' is used in place of a DOM element ID, you will be prompted to enter the ID (default is "contentWrapper") when the snapshot is being taken.  This allows you to easily enter the ID of any currently displayed tiddler to make quick snapshots of specific tiddlers.  If ''here'' is used in place of a DOM element ID, the current tiddler id is used.

Note: as of version 1.4.0 of this plugin, support for selecting tiddlers by using tag *expressions* has been replaced with simpler, more efficient "containsAny()" logic.  To create new ~TiddlyWiki documents that contain only those tiddlers selected with advanced AND/OR/NOT Boolean expressions, you can use the filtering features provided by the ExportTiddlersPlugin (see
equivalent to {{{<<newDocument new.htm includeNew systemTiddlers>>}}}
creates default "new.html" containing tiddlers tagged with either<<tag includeNew>>or<<tag systemTiddlers>>
try it: <<newDocument>>

{{{<<newDocument empty.html systemTiddlers>>}}}
creates "empty.html" containing only tiddlers tagged with<<tag systemTiddlers>>
//(reproduces old-style (pre 2.0.2) empty file)//
try it: <<newDocument empty.html systemTiddlers>>

{{{<<newDocument "label:create Import/Export starter" ask importexport>>}}}
save importexport tiddlers to a new file, prompts for path/file
try it: <<newDocument "label:create Import/Export starter" ask importexport>>

{{{<<newDocument ask ask>>}}}
prompts for path/file, prompts for tags to match
try it: <<newDocument ask ask>>

{{{<<newDocument ask all>>}}}
save all current TiddlyWiki contents to a new file, prompts for path/file
try it: <<newDocument ask all>>

{{{<<newDocument ask snap>>}}}
generates snapshot of currently displayed document, prompts for path/file
try it: <<newDocument ask snap>>

{{{<<newDocument ask snap here>>}}}
generates snapshot of this tiddler ONLY, prompts for path/file
try it: <<newDocument ask snap here>>

{{{<<newDocument ask print here>>}}}
prints a snapshot of this tiddler ONLY
try it: <<newDocument nofile print here>>

Import (or copy/paste) the following tiddlers into your document:
''NewDocumentPlugin'' (tagged with <<tag systemConfig>>)
!!!!!Revision History
''2007.12.04 [*.*.*]'' update for TW2.3.0: replaced deprecated core functions, regexps, and macros
''2007.03.30 [1.7.0]'' added support for "print" param as alternative for "snap".  When "print" is used, the filename is ignored and ouput is directed to another browser tab/window, where the print dialog is then automatically triggered.
''2007.03.30 [1.6.1]'' added support for "here" keyword for current tiddler elementID and "prompt:text" param for specifying tooltip text
''2007.02.12 [1.6.0]'' in onClickNewDocument(), reset HTML source 'markup'
''2006.10.23 [1.5.1]'' in onClickNewDocument(), get saved parameter value for snapID instead of using default "contentWrapper" (oops!)
''2006.10.18 [1.5.0]'' new optional param for 'snap'... specify alternative DOM element ID (default is still "contentWrapper").  Based on a suggestion from Xavier Verges.
''2006.08.03 [1.4.3]'' in promptForFilename(), for IE (WinXP only), added handling for UserAccounts.CommonDialog
''2006.07.29 [1.4.2]'' in onClickNewDocument(), okmsg display is now linked to newly created file
''2006.07.24 [1.4.1]'' in promptForFilename(), check for nsIFilePicker.returnCancel to allow nsIFilePicker.returnOK **OR** nsIFilePicker.returnReplace to be processed.
''2006.05.23 [1.4.0]'' due to very poor performance, support for tag *expressions* has been removed, in favor of a simpler "containsAny()" scan for tags.
''2006.04.09 [1.3.6]'' in onClickNewDocument, added call to convertUnicodeToUTF8() to better handle international characters.
''2006.03.15 [1.3.5]'' added nsIFilePicker() handler for selecting filename in moz-based browsers.  IE and other non-moz browsers still use simple prompt() dialog
''2006.03.15 [1.3.0]'' added "label:text" param for custom link text.  added special "all" filter parameter for "save as..." handling (writes all tiddlers to output file)
''2006.03.09 [1.2.0]'' added special "snap" filter parameter to generate and write "snapshot" files containing static HTML+CSS for currently rendered document.
''2006.02.24 [1.1.2]'' Fix incompatiblity with TW 2.0.5 by removing custom definition of getLocalPath() (which is now part of TW core)
''2006.02.03 [1.1.1]'' concatentate 'extra' params so that tag expressions don't have to be quoted.   moved all text to 'formatted' string definitions for easier translation.
''2006.02.03 [1.1.0]'' added support for tag EXPRESSIONS.  plus improved documentation and code cleanup
''2006.02.03 [1.0.0]'' Created.
This feature was developed by EricShulman from [[ELS Design Studios|http:/]]
version.extensions.newDocument = {major: 1, minor: 7, revision: 0, date: new Date(2007,3,30)};

config.macros.newDocument = {
	newlabel: "new document",
	newprompt: "Create a new TiddlyWiki 'starter' document",
	newdefault: "new.html",
	allparam: "all",
	saveaslabel: "save as...",
	saveasprompt: "Save current TiddlyWiki to a different file",
	printparam: "print",
	snapparam: "snap",
	snaplabel: "create a snapshot",
	snapprompt: "Create a 'snapshot' of the current TiddlyWiki display",
	snapdefault: "snapshot.html",
	snapID: "contentWrapper",
	snapIDprompt: "Please enter a DOM element ID for the desired content",
	snapIDerrmsg: "Unrecognized document element ID: '%0'",
	askparam: "ask",
	hereparam: "here",
	labelparam: "label:",
	promptparam: "prompt:",
	fileprompt: "Please enter a filename",
	filter: "includeNew",
	filterprompt: "Match one or more tags:\n(space-separated, use [[...]] around tags containing spaces)",
	filtererrmsg: "Error in tag filter '%0'",
	snapmsg: "Document snapshot written to %1",
	okmsg: "%0 tiddlers written to %1",
	failmsg: "An error occurred while creating %0"

config.macros.newDocument.handler = function(place,macroName,params) {

	var path=getLocalPath(document.location.href);
	var slashpos=path.lastIndexOf("/"); if (slashpos==-1) slashpos=path.lastIndexOf("\\"); 
	if (slashpos!=-1) path = path.substr(0,slashpos+1); // remove filename from path, leave the trailing slash

	if (params[0] && params[0].substr(0,config.macros.newDocument.labelparam.length)==config.macros.newDocument.labelparam)
		var label=params.shift().substr(config.macros.newDocument.labelparam.length)
	if (params[0] && params[0].substr(0,config.macros.newDocument.promptparam.length)==config.macros.newDocument.promptparam)
		var prompt=params.shift().substr(config.macros.newDocument.promptparam.length)
	var filename=params.shift(); if (!filename) filename=config.macros.newDocument.newdefault;
	if (params[0]==config.macros.newDocument.snapparam || params[0]==config.macros.newDocument.printparam) {
		var printmode=(params[0]==config.macros.newDocument.printparam);
		if (!label) var label=config.macros.newDocument.snaplabel;
		if (!prompt) var prompt=config.macros.newDocument.snapprompt;
		var defaultfile=config.macros.newDocument.snapdefault;
		var snapID=config.macros.newDocument.snapID;// default to "contentWrapper"
		if (params[0]) var snapID=params.shift(); // alternate DOM element for snapshot
	if (params[0]==config.macros.newDocument.allparam) {
		if (!label) var label=config.macros.newDocument.saveaslabel;
		if (!prompt) var prompt=config.macros.newDocument.saveasprompt;
		var defaultfile=getLocalPath(document.location.href);
		var slashpos=defaultfile.lastIndexOf("/"); if (slashpos==-1) slashpos=defaultfile.lastIndexOf("\\");
		if (slashpos!=-1) defaultfile=defaultfile.substr(slashpos+1); // get filename only
	if (!prompt) var prompt=config.macros.newDocument.newprompt;
	if (!label) var label=config.macros.newDocument.newlabel;
	if (!defaultfile) var defaultfile=config.macros.newDocument.newdefault;

	var btn=createTiddlyButton(place,label,prompt,onClickNewDocument);
	btn.snapID=snapID; // NULL unless snapshot is being taken

// IE needs explicit global scoping for functions called by browser events
	if (!e) var e = window.event; var btn=resolveTarget(e);

	// assemble document content, write file, report result
	var okmsg=config.macros.newDocument.okmsg;
	var failmsg=config.macros.newDocument.failmsg;
	var count=0;
	var out="";
	if (btn.snapID) { // HTML+CSS snapshot
		var snapID=btn.snapID;
		if (btn.snapID==config.macros.newDocument.askparam)
		if (btn.snapID==config.macros.newDocument.hereparam)
			{ var here=story.findContainingTiddler(btn); if (here); }
		if (!document.getElementById(snapID)) { // if specified element does not exist
			if (snapID) // ID=null if prompt was cancelled by user
			e.cancelBubble = true; if (e.stopPropagation) e.stopPropagation(); return(false);
		var styles=document.getElementsByTagName("style");
		for(var i=0; i < styles.length; i++)
			out +="/* stylesheet from tiddler:"+styles[i].getAttribute("id")+" */\n"+styles[i].innerHTML+"\n\n";
	} else { // TW starter document
		// get the TiddlyWiki core code source
		var sourcefile=getLocalPath(document.location.href);
		var source=loadFile(sourcefile);
		if(source==null) { alert(config.messages.cantSaveError); return null; }
		// reset existing HTML source markup
		// find store area
		var posOpeningDiv=source.indexOf(startSaveArea);
		var posClosingDiv=source.lastIndexOf(endSaveArea);
		if((posOpeningDiv==-1)||(posClosingDiv==-1)) { alert(config.messages.invalidFileError.format([sourcefile])); return; }
		// get the matching tiddler divs
		var match=btn.filter;
		if (match[0]==config.macros.newDocument.askparam) { // ask user for tags
			var newfilt=prompt(config.macros.newDocument.filterprompt,config.macros.newDocument.filter);
			if (!newfilt) return;  // cancelled by user
		var storeAreaDivs=[];
		var tiddlers=store.getTiddlers('title');
		for (var i=0; i<tiddlers.length; i++)
			if (match[0]==config.macros.newDocument.allparam || (tiddlers[i].tags && tiddlers[i].tags.containsAny(match)) )
	if (btn.printmode) {
		win.focus(); // bring to front
		win.print(); // trigger print dialog
	} else {
		// get output path/filename
		var filename=btn.file;
		if (filename==config.macros.newDocument.askparam)
		if (!filename) return; // cancelled by user
		// if specified file does not include a path, assemble fully qualified path and filename
		var slashpos=filename.lastIndexOf("/"); if (slashpos==-1) slashpos=filename.lastIndexOf("\\");
		if (slashpos==-1) filename=btn.path+filename;
		var ok=saveFile(filename,out);
		var msg=ok?okmsg.format([count,filename]):failmsg.format([filename]);
		var link=ok?"file:///"+filename.replace(/\\/g,'/'):""; // change local path to link text
		clearMessage(); displayMessage(msg,link);
	e.cancelBubble = true; if (e.stopPropagation) e.stopPropagation(); return(false);

function promptForFilename(msg,path,file)
	if(window.Components) { // moz
		try {'UniversalXPConnect');
			var nsIFilePicker = window.Components.interfaces.nsIFilePicker;
			var picker = Components.classes[';1'].createInstance(nsIFilePicker);
			picker.init(window, msg, nsIFilePicker.modeSave);
			var thispath = Components.classes[';1'].createInstance(Components.interfaces.nsILocalFile);
			if (!=nsIFilePicker.returnCancel) var result=picker.file.persistentDescriptor;
		catch(e) { alert('error during local file access: '+e.toString()) }
	else { // IE
		try { // XP only
			var s = new ActiveXObject('UserAccounts.CommonDialog');
			s.Filter='All files|*.*|Text files|*.txt|HTML files|*.htm;*.html|';
			s.FilterIndex=3; // default to HTML files;
			if (s.showOpen()) var result=s.FileName;
		catch(e) { var result=prompt(msg,path+file); } // fallback for non-XP IE
	return result;
The {{{<<newJournal>>}}} macro creates a new tiddler with it's title set to the current date, and the cursor in the body text area ready to type.

This macro is identical to the NewTiddlerMacro except that the "title" parameter is treated as a DateFormatString so that you can specify your own date format.
<html><hide linebreaks>
<style> .rolodex table {border: 0px solid; background-color:#eeeff;}
.rolodex tr, .rolodex td {border: 0px solid;}
</style><span class="rolodex">
<td align="right"><b>Author:</b></td>
 <td colspan="3"><input name=author style="width:100%" />
<td align="right"><b>Link:</b></td>
 <td colspan="3"><input name=link style="width:100%" />
<td align="right"><b>Format:</b></td>
<td colspan="3"><input name=format style="width:100%" />
<td align="right"><b>For TW version:</b>
</td><td colspan="3"><input name=twversion type=text  width:100%;" /></td></tr>
<tr><td align="right"><b>Category:</b></td>
 <td colspan="3"><input name=category style="width:100%" />
 <td align="right" valign="top"><b>Description:</b></td>
 <td colspan="3"><textarea name=description rows="7" cols="40" style="width:100%" ></textarea></td></tr>
</table></span> </html>
The {{{<<newTiddler>>}}} macro displays a button that can be clicked to create a new tiddler. By default, the new tiddler is opened in edit mode or you can specify a custom template.

The available parameters are:

|!Parameter |!Description |
|label |The text of the button |
|prompt |The tooltip for the button |
|accessKey |The access key to trigger the button (specify a single letter; different browsers require a different modifier key like Alt- or Control-) |
|focus |Which of the edittable fields to default the focus to (eg, "title", "text", "tags") |
|template |The template to use to display the new tiddler (defaults to EditTemplate) |
|text |The default text for the new tiddler |
|title |The default title for the new tiddler |
|tag |A single tag to be applied to the new tiddler (repeat this parameter to specify multiple tags) |

For example: <<newTiddler label:"try this" accessKey:1 focus:tags text:"hello there!" tag:greeting tag:"an example">> (can also be triggered with Alt-1)
<<newTiddler label:"try this" accessKey:1 focus:tags text:"hello there!" tag:greeting tag:"an example">>

You can only prime the initial values of fields that map to a text input box in the specified template (for instance, if you specify the standard ViewTemplate as the template you won't be able to prime any fields). For example, this doesn't work as you might expect:
<<newTiddler template:ViewTemplate text:"To be or not to be">>
<<newTiddler template:ViewTemplate text:"To be or not to be">>
To make a tiddler that doesn't have a WikiWord as its name, you can enclose the name in [[double square brackets]] - edit this tiddler to see an example. After saving the tiddler you can then click on the link to create the new tiddler. NonWikiWordLinks permits tiddlers to be created with names that are made from character sets that don't have upper and lower case.
@@UPDATE@@: Read on Tips and FAQ -- spam scanners (Mail::~SpamAssassin) @ about how to configure ~SpamAssassin perl module.
The amavisd.conf-default contains all the configuration variables. ( or amavisd-new-docs in Debian ) explain policy banks and examples. A policy bank is just a set of configuration settings; once there are more than one, they can be swapped/used on IP, port number and any characteristic pertaining to a message or a connection. VERY useful!!

Virus and spam notifications in Amavis are disabled by default, read Policy on Notifications at 

What about BANNED messages? These too, by default, generate no notifications. In amavisd.conf-default, there's a $warnbannedsender variable. Set it to 1 to enable notifications.
ldapsearch doesn't return all entries even though all entries are there???? Indexes could be corrupted. Shutdown slapd and run slapindex....

AAAAAAAAAAAARRRRRRRRRRRRRRRRRRGGGGGHHHHHHHH. It took me months to figure this out!!!!!!!!!!!!!
To better debug TLS operation on LDAP we can do the following:
* Specify {{{-d 9}}} for TLs debug output on ldap client utils
* Specify an appropriate debug level on slapd.conf

A few pointers to SSL operations:
* /usr/lib/ssl/misc/ is a handy script for openssl operations. openssl.cnf //partly// controls this script
* openssl s_client -connect for testing

@@Gutsy openldap is compiled with openssl, while Hardy's and subsequent releases' ldap is compiled with gnutls.@@ 

To have an operating TLS on LDAP do the following
* Create (or use) the CA to create a certificate. @@NB@@: CN of the certificate must match the hostname
* If you don't want to use a CA to sign the certificate ( i.e. you want a self-signed certificate ) you //must// specify "~TLS_REQCERT allow" (default is demand) on ldap.conf on the client side.  If you don't then expect the following error "TLS: peer cert untrusted or revoked".
* Specify the same CA ( or //maybe// a CA  that has the same parent in the CA hierarchy? ) on the client (ldap.conf) //and// the server (slpad.conf).
* Specify an insecure key on the server.
* Check file access permissions!!!!
* Check certificate serial numbers.
* Reload phpLDAPAdmin!?!?
* It's a bitch!!!!!!!!!!!!!

Take a look at the ca-certificates package for a list of CA certificates.
* getdev and devattr to get device info
* iostat -En to get device info and vendor
* fcinfo for FC devices and luxadm for Sun Fire 880
* cfgadm -al Listing All Configurable Hardware Information
<<newDocument "label:Print this tiddler" "prompt:print an HTML snapshot of this tiddler" nofilename print here>>

Author/Owner: , 2005 12 05
Usage: This article is here strictly for my own private usage because I don't like the internet's transient nature. Some bits of info has to stay. Please contact me if you wish this page to be removed from public sight.
No content tampering whatsoever

Several years ago now, Darren Moffat, Casper Dik and I started swapping e-mail about how pathetic it was to still be using the traditional 8-character-password unix crypt() routine in Solaris, and how we could architect something to be much better

The result was the Solaris Pluggable Crypt Framework, as was announced:

1. A project exists within Solaris engineering, to integrate a pluggable crypt() routine into Solaris, which will allow use of arbitrary password-hashing algorithms, of arbitrary lengths, etc, in Solaris.

2. Interoperability with Linux/*BSD ~MD5- and Blowfish-based hash algorithms is a goal of the project

   3. If I remember right - and I may well be incorrect, as I am not responsible for this aspect of the project - the release is scheduled for Solaris9.

      I am consulting with the team/doing development work with them, on 
account of my (erm) extensive experience with crypt() implementations&

   4. PAM was considered as a solution for this, and it was decided to not be the appropriate vehicle for delivery of an alternative crypt() routine, because (in summary) PAM is essentially an API for user-interfaces (/bin/login, ftpd, etc) - as opposed to an API for interfacing to the directory-services within which the password entries reside; consider getpwent() and family.

Pluggable Crypt was rolled-out in Solaris 9 (Update 2, if my memory is correct?) and we were quietly pleased that our users suddenly reported being able to transparently use a mixture of Traditional, ~Linux-MD5 and Blowfish hash algorithms. GNU Autoconfig (aka: ./configure) spotted it immediately, next time Darren built Apache. All was cool.

Incidentally, we didnt get any awards or anything, but thats management for you. It was a nice example of co-operation inside the company because I was at that point actually working for Sun Professional Services, and not really an engineer.

The hook which permitted us to implement Pluggable Crypt was the presence of a dollar-sign ($') as a field separator in the latter two kinds of hashes. We took that as a style cue, and designed the new crypt() shim so that lack of a $ prefix causes a fall-through to the traditional algorithm.

After several weeks of considerable argument (three extremely opinionated and notoriously frank security programmers designing a API, it must have been funny to watch from a distance behind smoked glass) we decided that for a given ciphertext:

&that foo - the token being terminated by a dollar or comma - would be used to look up and load a shared library in crypt.conf(4), and that the latter would be at liberty to re-interpret the ciphertext as it willed.

We argued over the design using the following two ciphertexts as examples of desirable syntax:

&which are essentially the same algorithm and might possibly be implemented by the same shared library, but which would have different output syntaxes. The mechanism we created could permit this.

Provided with this wonderful power I mused what I could do in order to highlight the new features it provided, and so we came up with the ~SunMD5 Hash Algorithm that would be written exclusively with the purpose of annoying people who write brute-force or dictionary-based password guessing engines.

In short: for annoying people like me.

After some beer consideration of the problem, I concluded that password-cracker writers:

    * really hate hash-algorithms which allow large, near-infinite, clash-free numbers of salts.

    * really hate hash-algorithms with large, variable, possibly near-infinite round-counts.

    * really hate hash-algorithms which make precomputation/table-lookup impractical.

      &and I further reasoned that:

    * writing a wholly new hash algorithm would be a really really unutterably silly thing to do, but&

    * aha! pumping vast and variable quantities of information through an existing hash algorithm would be reasonably computationally expensive, and the process may be tweakable to make it demonstrate the above desired qualities.

So, after some more beer coffee considerable thought, I hit upon the following process:

   1. choose a PLAINTEXT, and a SALTSTRING

   2. push PLAINTEXTSALTSTRING through ~MD5, generating ~HASH0; let n=0

   3. condense ~HASHn into a single BIT, using ~MuffettCoinTossAlgorithm

   4. where NNN is a decimal ASCII representation of n; and where "HAMLET is the complete 1517 bytes of To Be Or Not To Be soliloquy (Hamlet act 3 scene 2, copyright-free source) &

   5. if BIT=0, push ~HASHnNNN through ~MD5 generating HASH(n+1)

   6. if BIT=1, push ~HASHnHAMLETNNN through ~MD5 generating HASH(n+1)

   7. let n=n+1

   8. repeat steps 3 thru 7 for (4096+X) iterations, where X is an arbitrary positive integer 32-bit number specified in the input 

   9. result:


      - using base64 encoding where needed to encode binary data.

Thats a quick rundown and I think its approximately correct. Ive not been drinking coffee this week so I may be a little off in the fine details, so check the source if you want verification. In terms of the blame we all argued the overall design, I did the ~SunMD5 algorithm, Darren the glue and Casper and Darren both the larger shared library interfaces, docs, integration and so forth.

The only blackbox in the above is ~MuffettCoinTossAlgorithm which I truly cannot be arsed to explain (or, more pointedly, why should I grep my mailbox archives for the design docs when you can read the source and figure it out for yourself?) - but the essence was to create something which was somewhat a function of the roundcount (strictly, there are 128 different ways it can go, since its f(roundcount modulo hashbits)) and which self-referentially recombines bits of the previous rounds hash both as dynamic-lookup-table and as data-looked-up, eventually extracting two bits from the hash, which then get XORed to create a truth value. It was designed with painful memories of trying to speed-optimise DES S-boxes, plus a few hints of lets try to align a few fetches unevenly bridging word boundaries, in case someone tries to inline it with longword fetches..

You could try speculative computation, but then youre a masochist.


Aside: Reviewing the code nowadays, Im sure it read a lot more clearly before Darren put it through cstyle.

The benefits of the ~SunMD5 design:

   1. The saltstrings are of near-arbitrary length and can contain all sorts of stuff, including (for instance) the username as a substring, which could thereby guarantee the uniqueness of a salt within a given environment.

   2. The roundcount can be enormous; 1 round = (1517 * 50%) + 8 + 4 = 770 bytes pushed through ~MD5, so setting rounds=9043 (making 904 + 4096 builtin = 5000 rounds total) pushes 3.8Mb of data through ~MD5. If you want it to take longer, set rounds=680003 and pump 50Mb through it instead.

As ever, much of the power of an algorithm is not merely how it works, but also in how you use it. The above should supply you with some idea of how its meant to be used. In terms of the actual implementation, theres a feature which I dont like and for which there is a RFE somewhere; its demonstrated by the following code.

\#!/bin/perl # - test the sunmd5 implementation on solaris9u2 or above # roundcount: 904 (user specified) + 4096 (builtin) = 5000 rounds total # syntax examples $exsalt1 = $md5$rounds=904$saltstring$dummy; # this one is strictly correct $exsalt2 = $md5$rounds=904$saltstring$; # this one ought to be the same $exsalt3 = $md5$rounds=904$saltstring; # as should this one # test plaintexts @words = qw( sesame abcdefgh abcdefghijklmnop ); foreach $word (@words) { $ct1 = crypt($word, $exsalt1); $ct2 = crypt($word, $ct1); printf with exsalt1: %-20s => %s\n, $word, $ct1; printf sanity check: %-20s => %s\n, $word, $ct2; printf with exsalt2: %-20s => %s\n, , crypt($word, $exsalt2); printf with exsalt3: %-20s => %s\n, , crypt($word, $exsalt3); print \n; } exit 0;

Basically: in order to produce correct outputs, the current parser for ~SunMD5 algorithm requires a dummy (or real!) ciphertext at the end of the salt-input; this is not a problem in operational usage since /bin/passwd and the other user-admin tools are meant to do the right thing, however its not really a nice user experience for Joe Shmoe whos hacking around in perl as above.

So: when the examples with exsalt2/exsalt3 show the same output as the preceding, then it means that my RFEs gone through and the patch has been installed. Until then, be aware.

All this has been written in response to a bunch of questions from David Magda, who (over over the course of several e-mails) posed the following questions, the answers to which I shall use to wrap-up this posting:

    *  What advantages does the ~SunMD5-based algorithm have over the BSD one?

      See the above; the algorithm is meant to demonstrate interesting features, innovative ideas in password hashing / what constitutes a ciphertext, and to highlight the ~Pluggable-Crypt framework which is now (of course) published as part of ~OpenSolaris.

      Also: it exposes more programmers to Shakespeare, which has got to be a good thing.

    * ith the recent attacks on ~MD5 (and ~SHA-1), is there any thought to moving to the Blowfish-based hash as a default, or is ~MD5 still good enough for this purpose?

      I reckon that given our modus operandi its more than good enough, but for interests sake Darren and I have long been planning an uprated version and were considering ~SHA-512 as the underlying hash algorithm.

    * Why another hash?

      Because People Always Want The Latest iPod 8-)

      Plus, well, why not? Why cant we live in a world with a dozen different hash algorithms and support the lot of them? Pluggable Crypt is a really good idea:

      War Story: I gather that there is at least one site where old Ultrix / ~OpenVMS / ~OSF-1 ciphertexts have been imported into a Solaris environment by installing a suitable ~Pluggable-Crypt module, then prefixing the ciphertexts with $bc$ (bigcrypt) or $c16$ (crypt16) and performing migration from these old, weak algorithms by immediately deprecating $bc/$c16 by using the controls in policy.conf(4). Insanely neat, huh?

      Further: it allows the spooks to use their own password hashes. They really like that sort of thing. Makes them feel safe.

    * Given that the Blowfish-based one is extendable by increasing the rounds, why not use it?

      Because I thought it insufficiently evil, and evidently the progeny of a cryppie, rather than a cracker-programmer, mindset. 8-)

Solaris manpages you need to read: passwd(1), crypt(3C), crypt.conf(4), crypt_genhash_impl(3C), crypt_gensalt(3C), crypt_gensalt_impl(3C), getpassphrase(3C), passwd(4), crypt_unix(5)

Disclamer: No responsibility whatsoever. USE AT YOUR OWN RISK. Vassilis Vatikiots 21/09/2007

Configuration > Firewall > Service Policy Rules enable PPTP. Useful to enable outbound pptp vpn connections
<div class='header' macro='gradient vert [[ColorPalette::PrimaryLight]] [[ColorPalette::PrimaryMid]]'>
<div class='headerShadow'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>
<div class='headerForeground'>
<span class='siteTitle' refresh='content' tiddler='SiteTitle'></span>&nbsp;
<span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'></span>
<div id='leftsidebar'>
<div id='mainMenu' refresh='content' tiddler='MainMenu'></div>
<!-- <div id='sidebar'>-->
<div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'></div>
<div id='sidebar'>
<div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'></div>
<div id='displayArea'>
<div id='messageArea'></div>
<div id='tiddlersBar' refresh='none' ondblclick='config.macros.tiddlersBar.onTiddlersBarAction(event)'></div>
<div id='tiddlerDisplay'></div>
Just put {{{Defaults !tty_tickets, timestamp_timeout=3600}}}. Very handy, I don't need to provide my password every time I open a new shell and do a sudo. sudo will ask for a password again after timestamp_timeout seconds.

man sudoers
|Created by|[[Frank Dellaert|]]|
A TiddlyWikiMacro to create aliases (similar to AliasPlugin) that refer to people. The macro takes the following (mandatory) arguments:
* macro name, e.g. "FDE"
* person name, e.g. "Frank Dellaert"
* url: a url to a web-page
A second macro, "personLookup" supports reverse lookup, which is used in the BibTexPlugin.
{{{<<person FDE "Frank Dellaert">>}}}<<person FDE "Frank Dellaert">>

An example of lookup by name:
{{{<<personLookup "Frank Dellaert">>}}}
<<personLookup "Frank Dellaert">>

If the person is not defined, we just render the name:
{{{<<personLookup "Foo Bar">>}}}
<<personLookup "Foo Bar">>
Import (or copy/paste) this tiddler into your document: and tag it with "systemConfig"
config.macros.person= { };

// create alias as in AliasPlugin
config.macros.person.helper = function(alias,name,url) {
  // create new macro (as needed) 
  if (config.macros[alias]==undefined) {
    config.macros[alias] = { };
    config.macros[alias].handler = function (place,macroName,params) {
      record = config.macros[macroName];
      if (record.url) {
        wikify("[[""|"+record.url+"]]", place)
      } else {
        wikify(, place)
  // fill record
  config.macros[alias].name = name;
  config.macros[alias].url = url;
  // reverse name lookup
  config.macros.person[name.replace(/ /g,"_")]=alias;

// parse arguments to macro and call helper
config.macros.person.handler = function(place,macroName,params) {
  var alias=params.shift(); if (!alias) return;
  // don't allow spaces in alias
  alias=alias.replace(/ /g,"_");

// reverse lookup
config.macros.personLookup.handler = function(place,macroName,params) {
  var name = params.shift();
  if (!name) return;
  var alias = config.macros.person[name.replace(/ /g,"_")];
  var macro = config.macros[alias]
  if (macro) {macro.handler(place,alias,params)} else {wikify(name,place)}

1st read
Optional but sweet
postmap -q
searches the specified maps for keys. Extremely useful if we want to test local/network database lookups.
!!!!!Separate domains, non-UNIX accounts
To receive email for a user on a virtual domain on a non-UNIX account, we set //virtual_mailbox_// directives in, we setup the aliases on a lookup table and we are. Check the previous link to see how it's done. My config follows:
  virtual_mailbox_domains =
  virtual_mailbox_base = /srv/mail
  virtual_mailbox_maps = hash:/etc/postfix/vmailbox
  virtual_minimum_uid = 1100
  virtual_uid_maps = static:5000
  virtual_gid_maps = static:5000

/etc/postfix/vmailbox a_user@a_domain

!!!!!Accessing out email using Dovecot
* In /etc/dovecot/dovecot.conf we insert in the //auth// section the following
passdb passwd-file {
    args = /etc/dovecot/dovecot-passwd
userdb passwd-file {
    args = /etc/dovecot/users

* We choose the format of these files to be like this:

uid and gid ( 5000 in this case ) are the same as the ones we declared in /etc/postfix/ We put ///bin/false// on the last field just to be on the safe side since I don't know what it does. We can place virtual user home directories anywhere we like ( I choose to group them all under //virtual-users// ).
* We use mkpassswd ( in package //whois// ) to generate the password entry in //passwd// file.
mkpasswd --hash=md5
md5 cause that's the default encryption mechanism linux uses.

I've used a simple bash script for everything: 
* add an entry in /etc/dovecot/users, /etc/dovecot/passwd and /etc/postfix/vmailbox.
* to generate the password.
* to create the virtual user's directory in /users/virtual-users/a_domain/a_user.
* postmap the vmailbox lookup file.
* and finally to reload postfix.

if [ -z "$1" ] || [ -z $2 ]; then
        echo "Usage: ./add_virtualuser user@domain password";
        exit 1;

echo "Username ***MUST*** be in the form username@domainname"
read -p  "Press any key to continue..."

echo "$1" > /tmp/user
user=`cat /tmp/user | cut -f1 -d "@"`
domain=`cat /tmp/user | cut -f2 -d "@"`

echo "Changes will be at:"
echo "   User $1 will be added at /etc/dovecot/users"
echo "   Password will be added at /etc/dovecot/dovecot-passwd"
echo "   User $1will be added at /etc/postfix/vmailbox"

# make virtual user directory @ /users
mkdir -p /users/virtual-users/$domain/$user
chown -R vmail:vmail /users/virtual-users/$domain/$user

# insert entry in users file
echo "$user@$domain::5000:5000::/users/virtual-users/$domain/$user:/bin/false::" >> /etc/dovecot/users

# then make password
mkpasswd --hash=md5 $2  > /tmp/hash
echo "$1:`cat /tmp/hash`" >> /etc/dovecot/dovecot-passwd
rm /tmp/hash

# add user to Postfix virtual map file
echo $1 $1  >> /etc/postfix/vmailbox
postmap /etc/postfix/vmailbox

# finally reload Postfix
echo "Reloading postfix..."
postfix reload

What if we want to send an email to a virtual email account ( which doesn't have a system account), //but// need this email redirected to a system email account? We simply insert an entry in the virtual map file. Messages are then delivered in the system account and //not// in the virtual mailbox.

In essence we switch to a local delivery method. 

Huh? How? Why?

the trick is that we accept mail for a //virtual_mail_domains// domain and then handle it via the virtual(5) lookup table.

//virtual_alias_{domains,maps}// is implemented by the Postfix cleanup(8) daemon before mail is queued. //virtual_mailbox_{domains,base,maps,...}// is implemented by the Postfix virtual(8) delivery agent. Looking at the Postfix architecture overview ( ), we can see that the cleanup daemon "expand envelope recipients according to information  found in the virtual(5) lookup tables" and subsequently enqueues messages. 

So, if there is an entry in virtual(5) lookup table, this information is expanded by cleanup(8) and after the message is placed in the incoming queue, local(8) delivers the message to the appropriate mailbox and //not virtual(8)//. 
There are 7 access restriction lists and they all use the same syntax. Their difference is their evaluation time and the effect of a REJECT or DEFER result

Each restriction list is evaluated from left to right until some restriction produces a result of PERMIT, REJECT or DEFER (try again later). The end of the list is equivalent to a PERMIT result.

The following table shows all the access restriction lists in order of evaluation.
|''Restriction list name''|''Status''  	| ''Effect of REJECT or DEFER result''|
|smtpd_client_restrictions |	Optional |	Reject all client commands|
|smtpd_helo_restrictions |	Optional |	Reject HELO/EHLO information|
|smtpd_sender_restrictions |	Optional |	Reject MAIL FROM information|
|smtpd_recipient_restrictions |	Required |	Reject RCPT TO information|
|smtpd_data_restrictions |	Optional |	Reject DATA command|
|smtpd_end_of_data_restrictions |	Optional |	Reject ~END-OF-DATA command|
|smtpd_etrn_restrictions |	Optional |	Reject ETRN command|

All about SMTP access lists in
You can now link to [[external sites|]] with ordinary words, without the messiness of the full URL appearing. Edit this tiddler to see how.

You can also LinkToFolders.
<<newDocument "label:Print this tiddler" "prompt:print an HTML snapshot of this tiddler" nofilename print here>>
Updated and cleaned up for Hardy
Read the following, in this order:
# Read
# Then read
# Optional but quite informative
After reading we do the following
# Install from ubuntu repositories all ruby stuff except all gem/libgem/ruby stuff 
# Download latest rubygems from ~RubyForge.
# Install it: {{{ruby setup.rb}}}
# Link gem executable to gem1.* {{{ln -s /usr/bin/gem1.8 /usr/bin/gem}}}. @@UPDATE@@ No need.
~MySQL, ~SQLite and ~PostgreSQL adapters are shipped with ~RoR 2.0. All other commercial DB adapters come in gems.

Aptana uses Java based stuff (which I don't want to know about). So, in order to have an installation that can be replicated on a production machine I //always// use the gem executable to manage my //system// gems collection, and //not// apt-get. I use that installation environment in Aptana, instead of the default Java-based one.
* ~RadRails works with ~RoR version 2.
* Aptana uses gem, and //not// gem1.* to manage the installed system gems (not to be confused with the Java based ones). So link accordingly.
Producing UML diagram from your schema.rb
This involves installing a plugin and the ~starUML windows application (running on wine)
# script/plugin install to install the plugin
# rake uml:schema. This will generate schema.xml (uses a open standard fromat called XMI).
# Download the latest version of starUML at
# Open schema.xml from starUML’s Import -> XMI (I chose “Design Model” when importing, but it doesn’t really matter)

Installing starUML is easy following the wine standard installation procedure, but some additional runtimes are needed
#{{{wget}}}, to install more MS runtimes.
# {{{sh winetricks vcrun6 msxml4}}}
# {{{wine staruml-5.0-with-cm.exe }}}, standard installation procedure.
Producing a .dot file, viewable by kgraphviewer
# {{{gem search -r -d railroad}}}
# {{{gem install railroad}}}
# {{{railroad -M}}} to generate a .dot representation of your schema.rb
More on the railroad gem @
If 1st disk is Win and 2nd is Ubuntu, we need to 
# setup (hd0), NOT setup (hd0,0). We need the grub loader installed in MBR. (hd0,0) says "install loader in 1st partition" and we do not want that cause, Win won't boot afterwards since its boot sector will be overwritten
# In menu.lst, we boot Win with root(hd0,0)

{{{sudo grub}}}

This will put you in superuser mode and launch the GRUB application.

To find the partition with the GRUB boot files, type in:

{{{find /boot/grub/stage1}}}

The response should be “(hd0,0)” or something similar – this is where you need to reinstall GRUB.

Set this location as root for the current session:

{{{root (hd0,0)}}}

Then type in:

{{{setup (hd0,0)}}}

This will reinstall the GRUB bootloader to disk 0, partition 0. If you type in “setup (hd0)” then GRUB will be reinstalled to the MBR and will overwrite Vista’s bootloader. 
I got to learn xargs!!!!

{{{find . -name ‘.svn’ | xargs rm -rf}}}
''Problem:'' I want to redirect incoming, system-wide spam to another email address. 

''First thoughts:'' header_checks could be used. header_checks is part of the Postfix builtin content inspection mechanism and it's implemented in the cleanup(8) server. 

''Caveat:'' We shouldn't set header_checks in because that would force header content inspection before and after amavis inspection. No harm done but resource-wise this is not optimal. stores the //global// configuration.

The following snippet specifies the amavis to postfix reinjection service from
localhost:10025 inet    n       -       n       -       -       smtpd
        -o content_filter=
        -o smtpd_delay_reject=no
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_milters,no_unknown_recipient_checks
# smtpd doesn't support the following header_checks option
#      -o header_checks=pcre:/etc/postfix/check_for_spam_subject
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
# all email comes from amavis which runs on localhost
        -o mynetworks=
I thought of specifying header_checks in the reinjection path. The idea was to have header inspection only in master cf for the after inspection part of the pipeline. But this isn't possible since smtpd doesn't understand the option header_checks. 

On the other hand, if header inspection is turned on in, it'll applied before and after amavis. Not optimal.

The solution would be to have 2 cleanup service specified in, one before content inspection by amavis and one after it. header_checks could be turned on for the 2nd one. Go to for a detailed analysis of using 2 cleanup services.

/^X-Spam-Flag: YES/ WARN tospamaddr
This is the header check. The last step would be to REDIRECT instead of WARN.
!!!!!Alternative, shorter solution
We could use procmail(1). The system-wide /etc/procmailrc is processed before $HOME/.procmailrc users' files. In the system-wide procmailrc we have the following:
* ^X-Spam-FLAG:.YES
! <address-to-forward>
Flag //c// in //:0c// creates a carbon copy of the message, matched from the regexp in 2nd line, and redirects it.

search for device-map
For education purposes read It's the perfect way for 2 or more people to remotely share a terminal. One scenario would be an instructor and one or more students.

Fifos: {{{mkfifo}}} and then cat that named fifo doesn't  work well. Too much delay. I suspect that the pipe has to be full in order to start showing its contents. Not good for interactive purposes.
{{{UPDATE example_users SET password=MD5('new password') WHERE usertype = "Super Administrator";}}}

Joomla....... nough said
Nice tiddbit about a Ruby alias alternative
* 21 Ruby tricks
* Ruby idioms
andy kessler
NB: bind version 9.4 and later honor SPF records definitions. For version prior to 9.4 TXT records are used. Best practice dictates to define both TXT and SPF for each entry, for bind 9.4 and newer versions.

Note that if the receiving MTA doesn't support/hasn't enabled SPF queries, then SPF records are moot. They are used only if the receiving MTA issues SPF queries.
SPF could fail with forwarding. Check An SRS (Sender Rewriting Scheme) plugin could be the trick. For postfix <quote>doesn't support a plugin interface that can do SRS, but there is a source patch for libsrs2, which also supports Sendmail and Exim.</quote>
<<newDocument "label:Print this tiddler" "prompt:print an HTML snapshot of this tiddler" nofilename print here>>

An attempt:

We are going to start with NIS. Years ago there was libc5 which came in 2 flavors, with and without NIS support. The version with NIS support was designed after a method used by Sun Microsystems in the C library of Solaris 2 and involved the usage of /etc/nsswitch.conf which specified the sources for "databases" (i.e files, nis, nisplus etc) and their lookup order. One could use libc5 with NIS support or libc5 without NIS support which employed a different policy control, since nsswitch.conf (which was part of a greater Name Service Switching mechanism) was not supported. Under this scheme, it was possible to have entries of the form +user/-user or +@netgroup/-@netgroup or just +/- in the /etc/passwd and /etc/group files. This notation allowed lookups from the NIS map files and some form of access control.

Eventually everyone migrated to the world of glibc. The Name Service Switch mechanism was implemented and enchanced, in some ways and more datastore support, with LDAP being the most notable one, was added. Interaction with the +/- notation was ensured with the usage of the 'compat' service, and its derivatives 'passwd_compat', 'group_compat' and 'shadow_compat', in the nsswitch.conf.

A number of administrators stil use the 'compat' option with the +/- notation in the password and group file to implement NIS authentication and/or access control. 'compat' implies nis (see nsswitch.conf man page) so this obviously works. glibc offers an alternative to the standard authentication mechanism, 'files' 'dns', and if this is not sufficient, a finer control on the lookup process based on the status of the lookup function and action upon receiving a status code. So an alternative to the 'compat' option would be

files nis

or even

files [!SUCCESS=continue] nis

Eventually everyone migrated to the world of glibc. The Name Service Switch mechanism was implemented and enchanced, in some ways and more datastore support, with LDAP being the most notable one, was added. Interaction with the +/- notation was ensured with the usage of the 'compat' service, and its derivatives 'passwd_compat', 'group_compat' and 'shadow_compat', in the nsswitch.conf.

In this way we don't have to "pollute" our password and group files with +/- signs and the behavior of the mechanism is clearer (it took me quite a while to notice that 'compat' implies nis).

Note that if there is still no alternative to the +/- notation if one wants to implement some form of access control policy on the traditional datastores. Newer datastores, like LDAP, support natively access control.

Enter PAM. PAM is an authentication/authorisation mechanism based on stacking authorisation, authentication and housekeeping modules. Nowdays, the most prominent module is which is responsible for authentication. checks with the Name Service Switch mechanism, hence nsswitch.conf, in order to determine which datastores to use for password/group/etc lookups. So whatever changes you make in nsswitch.conf will have an impact on how your users authenticate, if you use in your authentication stack. Now days most Linux distros use it.

using the status and action notation.

In this way we don't have to "pollute" our password and group files with +/- signs and the behavior of the mechanism is clearer (it took me quite a while to notice that 'compat' implies nis).

Note that if there is still no alternative to the +/- notation if one wants to implement some form of access control policy on the traditional datastores. Newer datastores, like LDAP, support natively access control.

Enter PAM. PAM is an authentication/authorisation mechanism based on stacking authorisation, authentication and housekeeping modules. Nowdays, the most prominent module is which is responsible for authentication. checks with the Name Service Switch mechanism, hence nsswitch.conf, in order to determine which datastores to use for password/group/etc lookups. So whatever changes you make in nsswitch.conf will have an impact on how your users authenticate, if you use in your authentication stack. Now days most Linux distros use it.

The problem. I want to implement a software firewall on a linux server. iptables is today's de facto standard so I choose the Shoreline Firewall, shorelinet to specify the services to the public. Shoreline is a front end for iptables and, for my usage, a quick and easy way to implement the server's firewall. Note: you still need to read iptables and Netfilter documentation, shoreline is a front end, not a magic case tool from the USS Enterprise era.

So here I am, happily setting up the firewall and the 1st service to test is, what else, SSH. I specify the appropriate rule, one liner, and set the default behaviour to DROP (man netfilter, if that doesn't look familiar). Btw, shoreline has already a number of service macros corresponding to the most common services on a server. I fire up the firewall and the SSH access is blocked.And it shouldn't. It's just an one liner rule.

After some reading, tweaking and fixing up some points in the configuration, I try again to no avail. Read, tweak, fix and try. Nothing. Rinse again, Nop. Time for tcpdump.

After several hours it becomes apparent that whenever I ssh to the server (as root), the server which is a NIS client starts a conversation with our LAN NIS server. NIS client? Check nsswitch.conf and there I find the 'compat' option on the passwd, group and shadow databases. Everything is fine (silly me). One of the points of good NIS management is never, ever, have the root information of a machine in your NIS database, since NIS is inherently insecure, i.e. all data travels on unencrypted channels. So ssh'ing at root@myserver shouldn't spawn any NIS conversation since the root account is local to that machine.

There are 2 solutions to enforcing SSH to lookup only server local 'files' (/etc/passwd, /etc/groups, /etc/shadow). One is to use a different PAM stack for ssh, hence abolishing the use of for the SSH service. Risky. Modifying the PAM stack is no trivial task, not because it's so arcane or difficult to understand (not at all), but because in the event of a misconfiguration there is the risk to lock your self out of the machine. So thanks, I'm, not touching PAM... since I have another alternative which is to disable PAM in /etc/ssh/sshd_config

~UsePAM no

and the SSH daemon stops interacting with the PAM subsystem and happily uses the default linux password/group/shadow mechanism. ( which denies access to all netowrk users gets out of the authentication mechanism, but this is another issue)

What bit me was that I didn't fully understand what 'compat' implies and how PAM interacted with the Name Service Switch mechanism. As I said before, 'compat' implies NIS, so a nis lookup was taking place whenever I tried to ssh to my server.

Update: There is a way to use the 'compat' service and specify an explicit order of lookup, different than the default 'compat' implies, using the 'compat_passwd' or the equivalents for group and shadow. Here's an example I found while browsing the net:

passwd: compat
passwd_compat: [ldap] [nis] [nisplus] (of course, not necesarily in this order)

The meaning of this is as follows: Search the local /etc/passwd file and if you encounter any entries with the "+" or "-" syntax, process them and look them up in the specified datastore(s). The same can be done for group and shadow.

This conversation about NIS could be moot cause I'm tired of it. It's inherently insecure and quite cumbersome in its administration. LDAP is probably on its way...

Disclamer: No responsibility whatsoever. USE AT YOUR OWN RISK. Vassilis Vatikiots 04/09/2007
If you need to renew an X.509 certificate use the following openssl command. The command will read the private key (private.key) and existing certificate (oldcert.pem) and generate a new certificate request (newcsr.csr) with the same information as the old certificate contained.

{{{$ openssl x509 -x509toreq -signkey private.key -out newcsr.csr -in oldcert.pem}}}

thx simon

Convert a DER format certificate to PEM.

{{{openssl x509 -out exported-pem.crt -outform pem -text -in derfile.crt -inform der}}}

Resign a key with another serial. Can't have 2 certs, from the same CA and to the same CN, with the same serial number

{{{openssl x509 -req -days 365 -in server.csr -CA root-CA.crt -CAkey root-CA.key -set_serial XX -out server.crt}}}

Serial must be different for each signed key.

The process of creating self signed ~CAs and certificates is adapted from

Work as root.

''1.'' First we create a CA certificate and then we sign our service certificate using our CA certificate

"The Common Name (CN) of the CA and the Server certificates should not match or else a naming collision will occur and you'll get errors later on. ... just added "CA" to the CA's CN field, to distinguish it from the Server's CN field. Use whatever schema you want, just make sure the CA and Server entries are not identical. "

Use a fully qualified domain name as CN of the certificates (both CA's and subsequent certificates)

{{{openssl genrsa -des3 -out ca.key 4096}}}
{{{openssl req -new -x509 -days 365 -key ca.key -out ca.crt}}}

''2.'' Generate a server key and request for signing (csr)

The csr's CN should match the DNS name or the IP address. Otherwise there's a mismatch.

{{{openssl genrsa -des3 -out server.key 4096}}}
{{{openssl req -new -key server.key -out server.csr}}}

The resulting server.key in {{{openssl genrsa -des3 ...}}} is secure i.e. is password protected. Some services require a non password protected key. To produce one from a secure key we do the following

{{{openssl rsa -in server.key -out server.key.insecure}}}

''3.'' Sign the csr with our self-created CA

{{{openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt}}}

Every time we produce a key for a particular service we need to increment the serial number. Otherwise, we'd have a new key/request with the old serial number. One way to rectify this is certificate revocation lists.

//NB//: To avoid using any CA at all i.e. to have a truly self-signed certificate:
{{{openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt}}}

''4.'' Examine the keys
{{{openssl rsa -noout -text -in server.key}}}
{{{openssl req -noout -text -in server.csr}}}
{{{openssl rsa -noout -text -in ca.key}}}
{{{openssl x509 -noout -text -in ca.crt}}}
TiddlyTools PHP ShowArgs Test (POST) - one tiddler
<form target="_blank" method="post" action="" enctype="multipart/form-data">
<input type="hidden" name="source" value="%source%">
<input type="hidden" name="title" value="%title%">
<input type="hidden" name="created" value="%created%">
<input type="hidden" name="modified" value="%modified%">
<input type="hidden" name="author" value="%author%">
<textarea style="width:100%;height:85%;font-size:8pt" rows="20" name="content">source link: %source%#%title% 
created on: %created%
last edit: %modified%
by: %author%
tags: %tags%

<div style="text-align:center">
<input type="submit" value="send">
<input type="reset" value="reset">
<input type="button" value="cancel" onclick="window.close();return false;">
<br><font size=-2>This form is for demonstration purposes only</font><!-- remove after release -->
<br><font size=-2>ALPHA TEST - DO NOT USE IN YOUR OWN DOCUMENT - DO NOT DISTRIBUTE</font><!-- remove after release -->
TiddlyTools PHP ShowArgs Test (POST) - all tiddlers
<form target="_blank" method="post" action="" enctype="multipart/form-data">
<input type="hidden" name="source" value="%source%">
Complete TiddlyWiki 'StoreArea' (includes ALL tiddlers):
<textarea style="width:100%;height:75%;font-size:8pt" rows="10" name="content">%alltiddlers%</textarea>
<div style="text-align:center">
<input type="submit" value="send">
<input type="reset" value="reset">
<input type="button" value="cancel" onclick="window.close();return false;">
<br><font size=-2>This form is for demonstration purposes only</font><!-- remove after release -->
<br><font size=-2>ALPHA TEST - DO NOT USE IN YOUR OWN DOCUMENT - DO NOT DISTRIBUTE</font><!-- remove after release -->
TiddlyTools PHP ShowArgs Test (GET) - one tiddler
<form target="_blank" method="get" action="">
<input type="hidden" name="source" value="%source%">
<input type="hidden" name="title" value="%title%">
<input type="hidden" name="created" value="%created%">
<input type="hidden" name="modified" value="%modified%">
<input type="hidden" name="author" value="%author%">
<textarea style="width:100%;height:85%;font-size:8pt" rows="20" name="content">source link: %source%#%title% 
created on: %created%
last edit: %modified%
by: %author%
tags: %tags%
- - - - - - - - - - -
<div style="text-align:center">
<input type="submit" value="send">
<input type="reset" value="reset">
<input type="button" value="cancel" onclick="window.close();return false;">
<br><font size=-2>This form is for demonstration purposes only</font><!-- remove after release -->
<br><font size=-2>ALPHA TEST - DO NOT USE IN YOUR OWN DOCUMENT - DO NOT DISTRIBUTE</font><!-- remove after release -->
SharedRecords Test (POST) - one tiddler
<form target="_blank" method="post" enctype="multipart/form-data"
Submit '%title%' to<br>
<!-- SharedRecords ID based on content -->
<input type="hidden" name="key" value="%SHA1%">
<!-- maps CRLF back to LF on server -->
<input type="hidden" name="CRLF" value="false">
<!-- MIME type for retrieving record from server -->
<input type="hidden" name="content-type" value="text/plain">
<!-- tiddler content -->
<textarea style="width:100%;height:85%;font-size:8pt" rows="20" name="file">%content%</textarea>
<div style="text-align:center">
<input type="submit" value="send">
<input type="reset" value="reset">
<input type="button" value="cancel" onclick="window.close();return false;">
<br><font size=-2>This form is for demonstration purposes only</font><!-- remove after release -->
<br><font size=-2>ALPHA TEST - DO NOT USE IN YOUR OWN DOCUMENT - DO NOT DISTRIBUTE</font><!-- remove after release -->
|Author|Eric Shulman - ELS Design Studios|
|License| <br>and [[Creative Commons Attribution-ShareAlike 2.5 License|]]|
|Description|send tiddler source content or raw storeArea DIVs to remote URLs for server-side storage/processing|
Adds ''sendTiddler'' toolbar command to submit individual tiddler source content to remote URLs for server-side processing.  Useful for posting tiddler content to on-line blog services or custom-built server-side storage mechanisms.
Select ''send'' tiddler toolbar command to view a popup list of destinations servers.

When you select a server, a separate browser window (or popup) will be opened containing a server-specific HTML form for submitting the tiddler content to that destination (see ''Configuration'' section below).  This form may include fields that allow you to enter additional information to be sent to the remote destination (e.g., account, username, keywords, options, etc.).  After you have entered/modified the desired information, press the ''send'' button to submit the form data to the server.  A separate window will be opened to display the response from the remote server.

You can also press ''reset'' to restore the default values in the form, or ''cancel'' to close the form window without submitting any information to the server.
Destination servers are defined in the [[SendTiddlerConfig]] tiddler.  Each definition is separated by a {{{----}}} (horizontal rule).  The first line of each defintion is the text that will appear in the ''send'' toolbar popup menu.  The remaining lines of each contain an HTML form, beginning with <form method="..." action="..."> appropriate for that destination server, followed by form input fields (and possibly hidden fields) to contain the specific values needed for processing the form on the server.

Some tiddler values can be automatically inserted into the form, based on the tiddler being sent.  To insert these values, you can embed any of the following ''field markers'' into your custom-defined form definition (using a {{{%marker%}}} format). When the form is displayed, these markers will be automatically replaced by the corresponding tiddler field value.
* content - the current contents of the current tiddler
* source - the URL of the current TiddlyWiki document
* title - the title of the current tiddler
* created - the date the tiddler was initially created
* modified - the date the tiddler was last modified
* author - the TiddlyWiki username of the last person to edit the tiddler
* tags - a (space-separated) list of tags for the tiddler
* alltiddlers - all tiddlers, encoded as TW "storeArea" DIVs
* SHA1 - cryto-encoded value corresponding to current tiddler  or alltiddlers content
!!!!!Installation Notes
If you are using the default (shadow) ViewTemplate, the plugin automatically updates the template to include the ''sendTiddler'' toolbar command.  If you have created a custom ViewTemplate tiddler, you will need to manually add the ''sendTiddler'' toolbar command to your existing template:
<!-- add 'sendTiddler' command to existing editor toolbar definition -->
<div class='toolbar' macro='toolbar ... sendTiddler ... '>
!!!!!Revision History
2008.01.05 [0.8.0] added support for 'SHA1' replacement marker (uses Crypto functions to generate hashcode based on content (single tiddler or all tiddlers).  Used by
2007.06.05 [0.7.2] 'edit server list' onclick handler now returns false to prevent IE page transition
2007.02.15 [0.7.0] use split/join for replacing marker text in content (avoids regexp problem with handling of $ in target string)
2007.02.09 [0.6.0] added support for 'alltiddlers' replacement marker
2006.11.05 [0.5.0] alpha test - user-defined forms
2006.11.04 [0.1.0] alpha test - static form definition
2006.11.03 [0.0.0] started
version.extensions.sendTiddler = {major: 0, minor: 8, revision: 0, date: new Date(2008,1,5)};

config.commands.sendTiddler = {
	text: 'send',
	tooltip: 'send this tiddler\'s source content to a server',
	hideReadOnly: false,
	dateFormat: 'DDD, MMM DDth YYYY hh:0mm:0ss',
	serverList: 'SendTiddlerConfig', // tiddler containing server form definitions
	html: '<html><head><title>Send tiddler to: %description%</title></head>\
		<body style="background:#eee;font-family:arial,helvetica">%form%</body></html>',
	handler: function(event,src,title) {
		event.cancelBubble = true;
		if (event.stopPropagation) event.stopPropagation();
		return false;
	showpopup: function(place) {
		var here=story.findContainingTiddler(place);
		var popup=Popup.create(place); if (!popup) return;
		createTiddlyText(popup,"select a destination:");
		var t=store.getTiddlerText(config.commands.sendTiddler.serverList);
		if (t && t.trim().length) {
			var parts=t.split("\n----\n");
			for (var p=0; p<parts.length; p++) {
				var lines=parts[p].split("\n");
				var label=lines.shift(); // 1st line=popup display text
				var form=lines.join("\n") // remaining lines=form to use
				var a=createTiddlyButton(createTiddlyElement(popup,'li'),
					label, "", config.commands.sendTiddler.invokeForm);
				a.setAttribute("description",label); // server description
				a.setAttribute("tiddler",here?here.getAttribute('tiddler'):null); // send this tiddler
				a.setAttribute("form",form); // form to use
		createTiddlyButton(createTiddlyElement(popup,'li'), 'edit server list...', '',
			function(){story.displayTiddler(null,config.commands.sendTiddler.serverList,2);return false;});,false);
	invokeForm: function() {
		var id=this.getAttribute('tiddler'); if (!id) return;
		var tid=store.getTiddler(id);
		var html=config.commands.sendTiddler.html;
		html=html.split("%"+"tags%").join(tid.tags.join(" "));
		var txt=tid.text;
		if (html.indexOf("%"+"alltiddlers%")!=-1) { // only if needed (for efficiency)
			var txt=store.allTiddlersAsHtml();
		if (Crypto && (html.indexOf("%"+"SHA1%")!=-1)) { // only if needed (for efficiency)
			var sha1=Crypto.hexSha1Str(txt).toLowerCase();
		// create and submit hidden form
		var f=document.getElementById("sendTiddlerFrame");
		if (f) document.body.removeChild(f);
		var f=createTiddlyElement(document.body,"iframe","sendTiddlerFrame");"0px";"0px";"0px";
		var d=f.document;
		if (f.contentDocument) d=f.contentDocument; // For NS6
		else if (f.contentWindow) d=f.contentWindow.document; // For IE5.5 and IE6; d.writeln(html); d.close();
		return false;

// automatically tweak shadow ViewTemplate to add "sendTiddler" toolbar command (following "editTiddler")
config.shadowTiddlers.ViewTemplate=config.shadowTiddlers.ViewTemplate.replace(/editTiddler/,"editTiddler sendTiddler");
!!!!Show git branch in shell

* install ~ZenTest gem
* install autotest-inotify (Linux only). You DO NOT want continuous polling on your hard drive. Require it in your .autotest file.

!!!!Desktop notifications

<<option chkDisableTabsBar>>See page in tabs
<<search>><<closeAll>><<permaview>><<newTiddler>><<newJournal "DD mmm YYYY" "journal">><<saveChanges>><<toggleSideBar "toggle SideBar" "Ανοιγμα/κλείσιμο του δεξιού κάθετου μενού">><<slider chkSliderOptionsPanel OptionsPanel "options »" "Change TiddlyWiki advanced options">>

<<tiddler CounterScript>>
μια απόπειρα καταγραφής του τι κάνω - recording what I do - vassilis (bill) vatikiotis
~IOS12.1(19)~EA1d - ~WS-C3750G-24T

* {{{show ip dhcp binding}}} to show all leases and their bindings.
* {{{clear ip dhcp binding A.B.C.D}}} to clear a certain binding.
* {{{show mac-address-table}}}

Remember to {{{ntp server A.B.C.D}}} in conf mode to set the clock. Not necessary but nice to have
* configuring cisco ntp,
If you are using Internet Explorer (IE) to open this document, please keep in mind the following items:
# For reading ~TiddlyWikis, any browser will do. But for editing a TW file or creating your own, Mozilla's free Firefox browser is optimal, whereas Internet Explorer will require you to take the steps below. You can download Firefox for free from [[here|]]. It really is a great browser. Think about it!
# However, ''if you prefer to continue using Internet Explorer'', you will need version 6.x or higher, preferably version 7. If you want to upgrade to the latest version of IE, you can do so [[here|]]. 
# If you are using anything less than version 7, you will just need to ''enable active content''. Go to Tools >> Internet Options >> Advanced >> and check the boxes that say "Allow active content to run on files in My Computer", "Java logging enabled" and "Java Console enabled." Also you will want to click on the options link on the right-hand side of ~TiddlyWiki and check the "Auto Save" option.
# The ''only known issues with Internet Explorer'' itself have to do with gradients and series of consecutive spaces in Tiddler titles, neither of which should be on this version.
# ''If you have Micrososft XP Service Pack 2'', there is one hiccup. Internet Explorer Windows XP SP2 keeps track of html files saved from the internet, and stores saved changes in an 'Internet' zone regardless of attempts to rename or modify the file. But, in order to be able to save changes, ~TiddlyWiki needs to run in the 'My Computer' zone. The solution is to right-click on the ~TiddlyWiki html file and choose Properties. If the file is blocked, you'll see an 'Unblock' button on the resulting property sheet that removes the protection and allows the file to open in the 'My Computer' zone. Then open the file in Internet Explorer - it might put up its information bar asking you whether you want to run it. You need to 'Allow blocked content' to let ~TiddlyWiki do its stuff.
* For a single user machine, hange vm.swappiness=0 in /etc/sysctl.conf to make the change permanent, and {{{sudo sysctl -w vm.swappiness=0}}} to take effect immediately.
* In /etc/ininttab, find 1:2345:respawn:/sbin/getty 38400 tty1 and comment out any ttys you don't need.
* {{{sudo vim /etc/init.d/rc}}} and change CONCURRENCY from none to shell. For multicores and hyper-threading processors.

''Inspired by [[TiddlyPom|]]''

|Created by|SaqImtiaz|
|Version|0.21 |
Provides a simple splash screen that is visible while the TW is loading.

Copy the source text of this tiddler to your TW in a new tiddler, tag it with systemConfig and save and reload. The SplashScreen will now be installed and will be visible the next time you reload your TW.

Once the SplashScreen has been installed and you have reloaded your TW, the splash screen html will be present in the MarkupPreHead tiddler. You can edit it and customize to your needs.

* 20-07-06 : version 0.21, modified to hide contentWrapper while SplashScreen is displayed.
* 26-06-06 : version 0.2, first release

var old_lewcid_splash_restart=restart;

restart = function()
{   if (document.getElementById("SplashScreen"))
        document.getElementById("SplashScreen").style.display = "none";
      if (document.getElementById("contentWrapper"))
        document.getElementById("contentWrapper").style.display = "block";
    if (splashScreenInstall)
        displayMessage("TW SplashScreen has been installed, please save and refresh your TW.");

var oldText = store.getTiddlerText("MarkupPreHead");
if (oldText.indexOf("SplashScreen")==-1)
   {var siteTitle = store.getTiddlerText("SiteTitle");
   var splasher='\n\n<style type="text/css">#contentWrapper {display:none;}</style><div id="SplashScreen" style="border: 3px solid #ccc; display: block; text-align: center; width: 320px; margin: 100px auto; padding: 50px; color:#000; font-size: 28px; font-family:Tahoma; background-color:#eee;"><b>'+siteTitle +'</b> is loading<blink> ...</blink><br><br><span style="font-size: 14px; color:red;">Requires Javascript.</span></div>';
   if (! store.tiddlerExists("MarkupPreHead"))
       {var myTiddler = store.createTiddler("MarkupPreHead");}
      {var myTiddler = store.getTiddler("MarkupPreHead");}
      var splashScreenInstall = true;
Αμάν πια με αυτά τα γαμημένα αμάξια που παρκάρουν φαρδιά πλατιά όπου γουστάρουν και στα παλιά τους τα παπούτσια οι υπόλοιποι. Ειδικά αυτά τα οικολογικά τζιπ των εφτά χιλιάδων κυβικών που καίνε 1.2 ευρώ τα 100 χιλιόμετρα και λόγω μικρού όγκου, 8 μέτρα το κομμάτι, είναι πολύ βολικά στο parking και μπορούν να καταλάβουν όοολο το πεζοδρόμιο. Πολύ τους συμπαθώ αυτούς τους τύπους, ευάροι, ευήλιοι, άνετοι και cool. Έκτακτοι. Και τζιπάτοι.

Για το λόγο αυτό έχουμε την παρακάτω απάντηση - ελπίζω να μην είναι η τελευταία.

<<imglink images/street_panthers_gaidarakos_small.gif null "Street Panthers">>

[[Street Panthers|]]. Τα δίνουν σε stickers. Μέχρι στιγμής έχω κολλήσει μερικά σε κάποιους ευαίσθητους, αν και θα προτιμούσα να είχα μπολντόζα αντί για sticker. Είναι παράνομο όμως βλέπεις (η μπολντόζα) και δεν μπορώ....

Ρητορική ερώτηση προς παντώς υπευθύνους: είστε ηλίθιοι ή ανεύθυνοι?
body {
font: 13px/125% Verdana, Arial, sans-serif;

#leftsidebar {position:absolute;}

#mainMenu {position:static; left:1;  text-align:right; line-height:1.6em; padding:1.5em 0.5em 2.5em 0.5em; font-size:1.1em; width:11em;}

#sidebarOptions {position:static; left:1; padding-top:1em; width:12em; text-align: right;}

#sidebarOptions a {margin:0em 0.2em; padding:0.2em 0.3em; display:block;}
#sidebarOptions input {margin:0.4em 0.5em;}
#sidebarOptions .sliderPanel {margin-left:1em; padding:0.5em; font-size:.85em;}
#sidebarOptions .sliderPanel a {font-weight:bold; display:inline; padding:0;}
#sidebarOptions .sliderPanel input {margin:0 0 .3em 0;}
#sidebarTabs .tabContents {width:15em; overflow:hidden;}

.txtOptionInput { font-size:9pt; } 

#tiddlersBar .button {border:1}
#tiddlersBar .tab {white-space:nowrap}
#tiddlersBar {padding : 1em 0.5em 2px 0.5em}
.tabUnselected .tabButton, .tabSelected .tabButton {padding : 0 2px 0 2px; margin: 0 0 0 4px;}
.tiddler, .tabContents {border:0px [[ColorPalette::TertiaryPale]] solid;}
Say I want to track a git repository in my git-tracked project. Also, I want to keep this external repository in a directory inside my project and I'm not going to be making any changes at all (read access only for the external repository). Finally, I want to follow a specific branch.

* {{{git submodule add -b <branchname> <git-url> <path>}}}
* {{{git submodule init}}}
* {{{ git submodule update}}}

excerpt from git-submodule man page:
"However, when pulling a tree containing submodules, these will not be checked out by default; the init and update subcommands will maintain submodules checked out and at appropriate revision in your working tree. You can briefly inspect the up-to-date status of your submodules using the status subcommand and get a detailed overview of the difference between the index and checkouts using the summary subcommand."
|Source|[[FND's DevPad|]]|
|Contributors|[[Saq Imtiaz|]], [[Eric Shulman|]]|
|License|[[Creative Commons Attribution-ShareAlike 2.5 License|]]|
|Description|suppress tagged box when tiddler is untagged|
!!v0.5 (2007-06-11)
* initial release
!!v1.0 (2007-06-11)
* proper overriding of core function (thanks Saq)
* changed ~CoreVersion to 2.1 (from 2.2)
!!v1.1 (2007-06-11)
* further improved hijacking method (thanks Eric)
config.macros.tags.oldHandler = config.macros.tags.handler;
config.macros.tags.handler = function(place, macroName, params, wikifier, paramString, tiddler) {
	if(tiddler.tags && tiddler.tags.length > 0)
		this.oldHandler.apply(this, arguments);
	else = 'none';
To recreate all symbolic links from the /dev to the actual block and character device nodes under /devices, run devlinks as root.

But if you have messed up the original device in /devices proceed as follows:
    mknod /devices/pseudo/mm@0:null c 13 2
    chown root:sys /devices/pseudo/mm@0:null
    chmod 666 /devices/pseudo/mm@0:null
    cd /dev
    ln -s ../devices/pseudo/mm@0:null null

# man devlinks
This is an example of a tab:

<<tabs txtFavourite
One "First tab" HelloThere
Two "Second tab" ThankYou
The TaggingMacro produces a list of links to tiddlers that carry the specified tag. If no tag is specified, it looks for tiddlers tagged with the name of the current tiddler. It looks like this:
<<tagging TiddlerTitle>>
<<tagging sep:[[, ]]>>
In HTML, the list is formatted like so:
<li class="listTitle">List title label</li>
<li><a class="tiddlyLink ..." href="javascript:;" onclick="..."
	   refresh="link" tiddlyLink="ExampleOne">ExampleOne</a></li>
The optional {{{sep}}} parameter specifies a string of characters to be inserted as a separator between each {{{<li>}}} element. In conjunction with the CSS {{{ul li {display: none;} }}} this allows the tagging list to be formatted as a nicely formatted inline list.
* Using rtags. Install as a gem.
* Using rtags and gtags. Install gtags. Package name in ubuntu is global.
* Integrate rtags, gtags and emacs. emacs and fine support for emacs. We just use rtags as an indexer and leave gtags responsible for emacs integration.
** Configure gtags to use rtags
** export GTAGSLABEL=rtags

Update tags with inotify, using the incron package and taking advantage of the inotify API.
UPDATE 27/10/2008: Monaco is TM's font. Download it from
Most of the info compiled from

They can be found at
* Snippets
* File Browser
* Class Browser
* Word Completion with tabulator
* Edit shortcuts (if you need it)

!!!!!Color theme
Darkmate for Gedit 2.2x and other themes are avalaible on Darkmate is inspired from Textmate colors with specific syntax highlight for Ruby.

!!!!!Rails support and erb syntax highlighting)
# Download gedit-rails @ It contains a few extra plugins and language support. Install it.
# contains HTML Tidy configuration options plugin. It looks good for checking HTML file validity. Using it for correcting html files is up to you.

!!!!!Syntax highlighting for rhtml (if you must have it)
Copy erb.lang to rhtml.lang and replace the id's definitions from erb to rhtml. It's very simple, 4 replaces are needed. contains documentation for gtksourceview's language definition specs.

!!!!!Where all these go?
Place plugins at $HOME/.gnome2/gedit/plugins and syntax highlight xml files at gedit/styles (or from Preferences->Fonts and Colors, Add color scheme).

UPDATE: It looks so absolutely neat. No bloat. Less is more...
Από Oxford University Press άρα υπάρχει μια σοβαρότητα και ένας βαθμός αντικειμενικότητας. Το παρόν βιβλίο δεν συνίσταται για όποιον δεν ενδιαφέρεται πολύ για το θέμα ή δεν είναι ιστορικός. Κατά τ' άλλα το βιβλίο είναι πλούσια πηγή πληροφοριών για όποιον ενδιαφέρεται να αποκτήσει ιδία γνώμη για τον Kissinger και τα τεκταινόμενα μιας περασμένης εποχής. Το κύριο μέρος του βιβλίου εξετάζει τα γεγονότα από το 1969 μέχρι το 1977 που ο Kissinger είχε επίσημο πόστο σε 2 κυβερνητικούς σχηματισμούς των ΗΠΑ και τελειώνοντας το βιβλίο ο συγγραφέας κάνει μια γρήγορη αναδρομή της πορείας του K. και κάνει γενική αξιολόγηση και κατά τη γνώμη μου τίμια κριτική στον Κ. ''και'' στους κριτικούς του.

Μόνο για fans.
The header contains the Title and Subtitle of your document. After downloading a ~TiddlyWiki file to your computer, you can alter these by opening and editing the Tiddlers SiteTitle and SiteSubtitle.

The ~MainMenu is basically a table of contents by which you can quickly access the main contents of your file. You can edit any and all aspects of the ~MainMenu by opening and editing the MainMenu Tiddler. Below is a main menu of another of my ~TiddlyWiki documents ([[link here|]]). In the present tutorial file, the ~MainMenu has been placed in the header to allow more room for the text.

What I call the right hand menu or sidebar menu is filled with tools. 

!The top of the menu
At the top of the right hand menu there are several features:

!Interface options
Clicking the ''options >>'' link opens up the Interface Options menu:

(Note: in version 2.2, Plugin Manager and Import Tiddlers have been moved to the backstage area.)
!Lists of Tiddlers and tags
At the bottom of the right hand menu are lists of all the Tiddlers and tags in your ~TiddlyWiki file:

|''Description:''|A bar to switch between tiddlers through tabs (like browser tabs bar).|
|''Date:''|Jan 18,2008|
|''Author:''|Pascal Collin|
|''License:''|[[BSD open source license|License]]|
|''Browser:''|Firefox 2.0; InternetExplorer 6.0, others|
On [[homepage|]], open several tiddlers to use the tabs bar.
#import this tiddler from [[homepage|]] (tagged as systemConfig)
#save and reload
#''if you're using a custom [[PageTemplate]]'', add {{{<div id='tiddlersBar' refresh='none' ondblclick='config.macros.tiddlersBar.onTiddlersBarAction(event)'></div>}}} before {{{<div id='tiddlerDisplay'></div>}}}
#optionally, adjust StyleSheetTiddlersBar
*Doubleclick on the tiddlers bar (where there is no tab) create a new tiddler.
*Tabs include a button to close {{{x}}} or save {{{!}}} their tiddler.
*By default, click on the current tab close all others tiddlers.
!Configuration options 
<<option chkDisableTabsBar>> Disable the tabs bar (to print, by example).
<<option chkHideTabsBarWhenSingleTab >> Automatically hide the tabs bar when only one tiddler is displayed. 
<<option txtSelectedTiddlerTabButton>> ''selected'' tab command button.
<<option txtPreviousTabKey>> previous tab access key.
<<option txtNextTabKey>> next tab access key.
config.options.chkDisableTabsBar = config.options.chkDisableTabsBar ? config.options.chkDisableTabsBar :false;
config.options.chkHideTabsBarWhenSingleTab  = config.options.chkHideTabsBarWhenSingleTab  ? config.options.chkHideTabsBarWhenSingleTab  : false;
config.options.txtSelectedTiddlerTabButton = config.options.txtSelectedTiddlerTabButton ? config.options.txtSelectedTiddlerTabButton : "closeOthers";
config.options.txtPreviousTabKey = config.options.txtPreviousTabKey ? config.options.txtPreviousTabKey : "";
config.options.txtNextTabKey = config.options.txtNextTabKey ? config.options.txtNextTabKey : "";
config.macros.tiddlersBar = {
	tooltip : "see ",
	tooltipClose : "click here to close this tab",
	tooltipSave : "click here to save this tab",
	promptRename : "Enter tiddler new name",
	currentTiddler : "",
	previousState : false,
	previousKey : config.options.txtPreviousTabKey,
	nextKey : config.options.txtNextTabKey,	
	tabsAnimationSource : null, //use document.getElementById("tiddlerDisplay") if you need animation on tab switching.
	handler: function(place,macroName,params) {
		var previous = null;
		if (config.macros.tiddlersBar.isShown())
				if (title==config.macros.tiddlersBar.currentTiddler){
					var d = createTiddlyElement(null,"span",null,"tab tabSelected");
					if (previous && config.macros.tiddlersBar.previousKey) previous.setAttribute("accessKey",config.macros.tiddlersBar.nextKey);
					previous = "active";
				else {
					var d = createTiddlyElement(place,"span",null,"tab tabUnselected");
					var btn = createTiddlyButton(d,title,config.macros.tiddlersBar.tooltip + title,config.macros.tiddlersBar.onSelectTab);
					btn.setAttribute("tiddler", title);
					if (previous=="active" && config.macros.tiddlersBar.nextKey) btn.setAttribute("accessKey",config.macros.tiddlersBar.previousKey);
				var isDirty =story.isDirty(title);
				var c = createTiddlyButton(d,isDirty ?"!":"x",isDirty?config.macros.tiddlersBar.tooltipSave:config.macros.tiddlersBar.tooltipClose, isDirty ? config.macros.tiddlersBar.onTabSave : config.macros.tiddlersBar.onTabClose,"tabButton");
				c.setAttribute("tiddler", title);
				if (place.childNodes) {
					place.insertBefore(document.createTextNode(" "),place.firstChild); // to allow break line here when many tiddlers are open
				else place.appendChild(d);
	refresh: function(place,params){
		if (config.macros.tiddlersBar.previousState!=config.macros.tiddlersBar.isShown()) {
			if (config.macros.tiddlersBar.previousState) story.forEachTiddler(function(t,e){"";});
			config.macros.tiddlersBar.previousState = !config.macros.tiddlersBar.previousState;
	isShown : function(){
//VV was without the ! operator
		if (!config.options.chkDisableTabsBar) return false;
		if (!config.options.chkHideTabsBarWhenSingleTab) return true;
		var cpt=0;
		return (cpt>1);
	selectNextTab : function(){  //used when the current tab is closed (to select another tab)
		var previous="";
			if (!config.macros.tiddlersBar.currentTiddler) {
			if (title==config.macros.tiddlersBar.currentTiddler) {
				if (previous) {
				else config.macros.tiddlersBar.currentTiddler=""; 	// so next tab will be selected
			else previous=title;
	onSelectTab : function(e){
		var t = this.getAttribute("tiddler");
		if (t) story.displayTiddler(null,t);
		return false;
	onTabClose : function(e){
		var t = this.getAttribute("tiddler");
		if (t) {
			if(story.hasChanges(t) && !readOnly) {
				return false;
		return false;
	onTabSave : function(e) {
		var t = this.getAttribute("tiddler");
		if (!e) e=window.event;
		if (t) config.commands.saveTiddler.handler(e,null,t);
		return false;
	onSelectedTabButtonClick : function(event,src,title) {
		var t = this.getAttribute("tiddler");
		if (!event) event=window.event;
		if (t && config.options.txtSelectedTiddlerTabButton && config.commands[config.options.txtSelectedTiddlerTabButton])
			config.commands[config.options.txtSelectedTiddlerTabButton].handler(event, src, t);
		return false;
	onTiddlersBarAction: function(event) {
		var source = ? :; // FF uses target and IE uses srcElement;
		if (source=="tiddlersBar") story.displayTiddler(null,'New Tiddler',DEFAULT_EDIT_TEMPLATE,false,null,null);
	createActiveTabButton : function(place,title) {
		if (config.options.txtSelectedTiddlerTabButton && config.commands[config.options.txtSelectedTiddlerTabButton]) {
			var btn = createTiddlyButton(place, title, config.commands[config.options.txtSelectedTiddlerTabButton].tooltip ,config.macros.tiddlersBar.onSelectedTabButtonClick);
			btn.setAttribute("tiddler", title);

story.coreCloseTiddler = story.coreCloseTiddler? story.coreCloseTiddler : story.closeTiddler;
story.coreDisplayTiddler = story.coreDisplayTiddler ? story.coreDisplayTiddler : story.displayTiddler;

story.closeTiddler = function(title,animate,unused) {
	if (title==config.macros.tiddlersBar.currentTiddler)
	story.coreCloseTiddler(title,false,unused); //disable animation to get it closed before calling tiddlersBar.refresh
	var e=document.getElementById("tiddlersBar");
	if (e) config.macros.tiddlersBar.refresh(e,null);

story.displayTiddler = function(srcElement,tiddler,template,animate,unused,customFields,toggle){
	var title = (tiddler instanceof Tiddler)? tiddler.title : tiddler;  
	if (config.macros.tiddlersBar.isShown()) {
			if (t!=title)"none";
	var e=document.getElementById("tiddlersBar");
	if (e) config.macros.tiddlersBar.refresh(e,null);

var coreRefreshPageTemplate = coreRefreshPageTemplate ? coreRefreshPageTemplate : refreshPageTemplate;
refreshPageTemplate = function(title) {
	if (config.macros.tiddlersBar) config.macros.tiddlersBar.refresh(document.getElementById("tiddlersBar"));

ensureVisible=function (e) {return 0} //disable bottom scrolling (not useful now)

config.shadowTiddlers.StyleSheetTiddlersBar = "/*{{{*/\n";
config.shadowTiddlers.StyleSheetTiddlersBar += "#tiddlersBar .button {border:0}\n";
config.shadowTiddlers.StyleSheetTiddlersBar += "#tiddlersBar .tab {white-space:nowrap}\n";
config.shadowTiddlers.StyleSheetTiddlersBar += "#tiddlersBar {padding : 1em 0.5em 2px 0.5em}\n";
config.shadowTiddlers.StyleSheetTiddlersBar += ".tabUnselected .tabButton, .tabSelected .tabButton {padding : 0 2px 0 2px; margin: 0 0 0 4px;}\n";
config.shadowTiddlers.StyleSheetTiddlersBar += ".tiddler, .tabContents {border:1px [[ColorPalette::TertiaryPale]] solid;}\n";
config.shadowTiddlers.StyleSheetTiddlersBar +="/*}}}*/";
store.addNotification("StyleSheetTiddlersBar", refreshStyles);

config.refreshers.none = function(){return true;}
config.shadowTiddlers.PageTemplate=config.shadowTiddlers.PageTemplate.replace(/<div id='tiddlerDisplay'><\/div>/m,"<div id='tiddlersBar' refresh='none' ondblclick='config.macros.tiddlersBar.onTiddlersBarAction(event)'></div>\n<div id='tiddlerDisplay'></div>");

TiddlyWiki is a complete [[wiki|]] in a single HTML file. It contains the entire text of the wiki, and all the ~JavaScript, CSS and HTML goodness to be able to display it, and let you edit it or search it. Without needing a server.

TiddlyWiki is published under an ~OpenSourceLicense and maintained by a busy community of independent developers.
Today, had to tweak some plugins:
# The [[Blog plugin|Blog plugin (with tag support)]]. Had to tweak the code a bit ( 7 additional characters ). Edit it and take a look.
# The SendTiddlerPlugin doesn't work. I deactivated it.
# Added html META tag information in MarkupPostHead.
# Removed plugins I didn't use.
# Added some TiddlyWiki documentation tiddlers.
TiddlyWiki revision history @

All in all, quite easy
Why reinvent the wheel? Morris Gray has a number of tips [[here|]] at his excellent tutorial.
The {{{<<today>>}}} macro inserts the current date and time into a tiddler. It's updated each time the tiddler is redisplayed.

It can optionally take a DateFormatString to determine the way that the date is displayed:


Results in:

|Created by|SaqImtiaz|
Provides a button for toggling visibility of the SideBar. You can choose whether the SideBar should initially be hidden or displayed.

<<toggleSideBar "Toggle Sidebar">>

{{{<<toggleSideBar>>}}} <<toggleSideBar>>
additional options:
{{{<<toggleSideBar label tooltip show/hide>>}}} where:
label = custom label for the button,
tooltip = custom tooltip for the button,
show/hide = use one or the other, determines whether the sidebar is shown at first or not.
(default is to show the sidebar)

You can add it to your tiddler toolbar, your MainMenu, or where you like really.
If you are using a horizontal MainMenu and want the button to be right aligned, put the following in your StyleSheet:
{{{ .HideSideBarButton {float:right;} }}}

*23-07-06: version 1.0: completely rewritten, now works with custom stylesheets too, and easier to customize start behaviour. 
*20-07-06: version 0.11
*27-04-06: version 0.1: working.


         styleHide :  "#sidebar { display: none;}\n"+"#contentWrapper #displayArea { margin-right: 1em;}\n"+"",
         styleShow : " ",
         arrow1: "«",
         arrow2: "»"

config.macros.toggleSideBar.handler=function (place,macroName,params,wikifier,paramString,tiddler)
          var tooltip= params[1]||'toggle sidebar';
          var mode = (params[2] && params[2]=="hide")? "hide":"show";
          var arrow = (mode == "hide")? this.settings.arrow1:this.settings.arrow2;
          var label= (params[0]&&params[0]!='.')?params[0]+" "+arrow:arrow;
          var theBtn = createTiddlyButton(place,label,tooltip,this.onToggleSideBar,"button HideSideBarButton");
          if (mode == "hide")

config.macros.toggleSideBar.onToggleSideBar = function(){
          var sidebar = document.getElementById("sidebar");
          var settings = config.macros.toggleSideBar.settings;
          if (sidebar.getAttribute("toggle")=='hide')

     return false;

setStylesheet(".HideSideBarButton .button {font-weight:bold; padding: 0 5px;}\n","ToggleSideBarButtonStyles");

The ToolbarMacro is used in the TiddlerTemplateMechanism to define the toolbar that appears when the mouse is hovered over a tiddler. It looks like this:
<<toolbar closeTiddler -editTiddler +jump>>
The arguments to the ToolbarMacro is a list of command names, as discussed in the CommandMechanism. The available commands are tagged <<tag commands>>.

You can precede a command name with a "+" to specify a default command that is automatically chosen when a tiddler is double-clicked, or the ctrl-Enter key combination pressed. Similarly, precede it with "-" to specify a command to be chosen when the Escape key is pressed.
My mast ain't so sturdy, my head is at half,
I'm searching the clouds for a storm.
My lady reveals herself of marked-down freedom,
Forever cashed out to no more.
She put the plan in the blame. Who is bearing the name
For each digress who's left you up to
Save the skins for a better and the rest for a better.
We can't open, no nothing. Can't open, no nothing.

Young liars
Thank you for taking my hands
Young liars
Thank you for taking my hands

Well, it's cold and it's quiet, and cobblestone cold in here
Fucking for fear of not wanting to fear again
Lonely is all we are
Lovely so far, but my heart's still a marble in an empty jelly jar
Someday suppose that my curious nervousness stills into prescience, clairvoyant consciousness
I will be calmer than cream,
Making maps out of your dreams
But will psychic ability kill the nativity or simply diminish the flinch?
Ooo Young liars,
Ooo Young liars,
Thank you for taking my hands

And burying them deep in the world's wet womb
Where no one can heed their commands
Where no one can heed their commands
Except you liars
Young liars

Voice strings on vocal before it on words to receive
Take my be just and all I will be is my disease
Voice strings on vocal before it on words to receive
Take my be just and all I will be is my disease
Voice strings on vocal before it on words to receive
Take my be just and all I will be is my disease 
Είναι εδώ
<<newDocument "label:Print this tiddler" "prompt:print an HTML snapshot of this tiddler" nofilename print here>>

@@Gutsy openldap is compiled with openssl, while Hardy's and subsequent releases' ldap is compiled with gnutls. @@

Finally LDAP is up and running. What follows is a short manual on how to implement ~OpenLDAP in Ubuntu. Check the section titles first to get an idea of how this manual is organised. @@This is not a linear manual@@. It'll not take you by the hand and guide you to the promised land.
!!!!phpLDAPAdmin Configuration
We aim to configure phpLDAPAdmin in such a way that a) user migration from NIS to LDAP is done in a consistent way, and b) the New User template agrees with the ''already'' migrated ( from NIS ) user account entries in LDAP server. For DIT design look at the relevant section, (6) and (7).
# Install phpldapadmin and its dependencies from the repository.
# Create a custom template based on inetOrgPerson, posixAccount, shadowAccount and inetLocalMailRecipient object classes ( top is included too ). Why these classes? Look at User Migration section below. 
## This custom template resides under the directory templates/creation ( and not under templates/ according to phpLDAPAdmin manual ).
## The RDN of the ldap entry created by the custom template is uid=<username> and not cn=<...>, which is used by the the default phpLDAPAdmin user template.
# We wanted to follow a suggestion from (2)  in order to have a friendlier user list. So a displayName attribute was added in each ldif entry produced by the migration scripts, and {{{$config->custom->appearance['tree_display_format'] = '%displayName';}}} was set in the config file of phpLDAPAdmin. Turns out, it's not very handy.
# This custom template is available for use under the ou=people arc ( subtree )only ( take a look at already existing templates to see how it's done, using <regexp> )
# We set in the configuration filethe base DN and the default login DN ( cn=ldapadmin,ou=adm,dc=<my-domain>,dc=<tld> ). I choose to have the ldap admin account under the group adm, and ''not'' immediately under the directory base.
# We set the minimum uid to 1500. The 1st user created using the template(s) is 1500. The next available uid is calculated automatically within the template using php.~GetNextNumber(). Take a look at the existing templates and the phpLDAPAdmin documentation. Check also Client Configuration further down to see a necessary modification in /etc/ldap.conf ( {{{pam_min_uid}}} ).
# We setup the predefined views.
# ''TLS'' {{{$ldapservers->SetValue($i,'server','tls',true);}}} to turn the start_tls on.
# ''TLS'' We need to define the CA certificate file in /etc/ldap/ldap.conf.
# ''TLS + Apache'' In Ubuntu, the apache configuration of phpLDAPAdmin is linked from /etc/apache2/conf/.d to /etc/phpldapadmin/apache2.conf. We remove that link because we want phpLDAPAdmin to be accessible via https ''only'' and instead we include it in the vhost declaration of https.
!!!!User Migration
We need to ensure that the migrated accounts from NIS are consistent with the new LDAP user accounts created by our custom template ( see previous section ). For DIT design look at the relevant section, (6) and (7).
# Install migrationtools and its dependencies from the repository.
# Edit /usr/share/perl5/ This file is heavily commented by the authors ( at )
## Change the $NAMINGCONTEXT of //passwd// and //group// to match your LDAP DIT schema. //passwd// corresponds to the 'people' branch ( arc ) of the DIT and //group// corresponds to the 'group' branch of the DIT. These 2 branches store user account and group information, used primarily for logging in.
## Change all the relevant entries, e.g. ~DEFAULT_MAIL_DOMAIN, ~DEFAULT_BASE, etc
## Turn on the ~EXTENDED_SCHEMA support.
## We comment out anything related to KERBEROS.
# Edit /usr/share/migrationtools/
## The migrated entries should have an RDN of uid=<username> and not cn=<..>, which is the default for the migrationtools package.
## Even though it's not used, we add the displayName attribute.
## Since we turned on extended schema support, we change, to some extend, the included objectClasses. According to (2), there shouldn't be many structural classes in an entry specification. So we comment out the objectClass person and organisationPerson and leave inetOrgPerson, which inherits from the former two.
## Rearrange the objectClass order. First goes top, then inetOrgPerson ( structural ) and the auxilliary objectClasses follow.
## The shadowAccount objectClass is added since without it nss_ldap does not work on solaris ( from /usr/share/doc/libnss-ldap/README.gz ).
## It may be necessary to change the specified path location of shadow file.
!!!!Directory Information Tree ( DIT ) design
Our DIT is based on recommendations and practices from (6) and (7). We tried to keep our DIT simple and small. As per (6) and (7) we designed and implemented the following:
* All LDAP administration-related accounts are under an arc ( subtree ) named {{{adm}}}.
* An arc named {{{apps}}} is created for future application use.
* An arc named {{{devices}}} is created used for //per machine// authentication purposes. In short, each LDAP entry under {{{devices}}} is a groupOfNames with members the ~RDNs of the users which are allowed access to the machine the LDAP entry is created for. For example, under {{{devices}}} there is a groupOfNames named {{{estia}}} and its member attribute ( which is multivalued ) contains the names of all users who have access to the server estia.
* There is a general purpose arc called {{{groups}}}. Under it there are 3 arcs, each containing the system ( posixGroup ) groups, the lab groups which are of groupOfNames objectClass and a group representing the organogram of the institute containing organizationalRole entries.
* Lastly, there's the {{{people}}} arc containing all user account entries. What the user account entries comprises is up to you. Take a look at the User Migration section to get an idea of what we have used.

Before we dive in configuring the ldap server and client(s), I think we should clarify a few points which, imho, will make our life easier and jumpstart the following procedure. I had to discover them the hard way, no need for others to go through the same ordeal.
* /etc/ldap.conf affects pam_ldap and nss_ldap, not ~OpenLDAP itself. ~OpenLDAP is typically configured elsewhere (/etc/ldap/slapd.conf).
* All of the ~OpenLDAP client programs share one common configuration file, /etc/ldap/ldap.conf.
* When we refer to ~OpenLDAP client programs we mean the commands {{{ldapadd}}}, {{{ldapsearch}}}, {{{ldapmodify}}}, etc. In Ubuntu ( and most probably Debian ) they are part of the ldap-utils package.
* The manual page for ldap.conf refers to /etc/ldap/ldap.conf. This configuration file has a lot of similar configuration directives with /etc/ldap.conf.
* /etc/ldap.conf contains ( in general ) 3 types of configuration directives. The 1st is common to both /etc/ldap.conf and /etc/ldap/ldap.conf. Some of these directives are spelled differently in those 2 files but their semantics and function is the same. Look them up in the man pages of ldap.conf and read the comments in /etc/ldap.conf. The 2nd is PAM related and can be looked up in the man pages of pam_ldap. The 3rd is NSS related and can be looked up in the man pages of nss_ldap.
* @@Important@@. Understand that when you configure /etc/ldap.conf and /etc/ldap/ldap.conf you don't do anything redundant or superfluous or double work. The 1st file is concerned with PAM and NSS, the 2nd contains global configuration directives for the ldap client utilities ( these may be refered to as ldap utilities ). Sometimes, both are used internally.
* @@Important@@. Get your bearings on what //server// and //client// mean in ~OpenLDAP context. ~OpenLDAP is a //server// app running on a server machine ( or a cheap pc, it doesn't matter, although I wouldn't recommend it ). An LDAP //client// can run either on the same machine as the LDAP server or on another //client// machine.
@@ We denote L the machine LDAP server runs on and C a client machine. LDAP Server and LDAP client ( or just plain client ) is the software@@.
!!!!LDAP Server Configuration
Configuration of the ~OpenLDAP server. Done in /etc/ldap/slapd.conf of L.
# For our purposes, 5 schemata have to be included, //core//, //cosine//, //nis//, //inetorgperson// and //misc//.
# We use the default database backend ( hdb ).
# Define the suffix ( base ) of the directory. Can be done per database backend.
# Modify the ~ACLs if needed. By default, when the openldap package is installed, the //admin// entry is placed beneath the base of the directory, i.e. cn=admin,dc=<mydomain>,dc=<tld>. We have moved the admin entry to an 'administators' LDAP group ( look at DIT Design section ). Consequently, the ~ACLs have to be modified to reflect this change.
# We define indexes for the most looked up entries. In our case we index the following attributes: cn, sn, givenName, mail for equality and substring matching.
# We activate a 2nd database backend called //monitor//, for monitoring purposes. Only the LDAP admin has read access to the monitor LDAP objects.
# ''TLS'' We specify the CA, Certificate and Certificate Key files. These have to be readble by the user slapd runs under, in Ubuntu's case it's the user openldap. The Certificate Key file has to be unprotected by password.
# ''TLS'' If we want to ''enforce'' tls over ldap we define {{{security tls=1}}}. The ~START_TLS mode of operation binds in the default LDAP port ( 389 ) and imho is preferable to LDAP over SSL. Be careful //where// you place this statement.
Design your DIT, create the top level entries ( take a look at DIT design ) and migrate your users. Fire up phpLDAPAdmin for a more user friendly view of your directory.
!!!!Client Configuration
This in my opinion is the most sensitive part of the configuration. We work with /etc/ldap.conf and /etc/ldap/ldap.conf. Check manual pages nss_ldap, pam_ldap and ldap.conf. Pay attention to the comments in /etc/ldap.conf. Combined information from these sources is a lifesavier.

/etc/ldap.conf and /etc/ldap/ldap.conf settings on C.
* Set the 'host' i.e. the ip or hostname your LDAP server in both ldap.conf files
** ''TLS on L'' There will be a security warning in phpLDAPAdmin if the certificate file is signed for e.g. and you fire up phpldapadmin in the browser using its IP address.
** It's not necessary to specify the 'host' if L doesn't need account info from the LDAP server. If you install the ldap client utils, specify 'host' in /etc/ldap/ldap.conf. If you want to be able to login in L, //using an ~LDAP-stored account//, then you ''do'' have to specify 'host' ( among other things ) in /etc/ldap.conf.
* Specify your directory base. Again, for logging in purposes ( where PAM and NSS is used ) the place to do this is /etc/ldap.conf. If you want to use the ldap utils, the configuration file to do this is /etc/ldap/ldap.conf
We focus on /etc/ldap.conf, i.e. permit LDAP based logins on C.
# We bind to the ldap server anonymously (default ). So comment out all related {{{binddn}}} directives. This is ~OpenLDAP specific, in Solaris it's mandatory ( I think ) to bind to the server as a user.
# We use simple authentication. No SASL configuration at all.
# /etc/ldap.conf is configured by debconf. We do it by hand ( we have to remove the 1st line, saying DEBCONF if we don't want to loose our settings upon reconfiguration ).
# We comment out {{{rootbinddn}}} related entries. Activate this and you effectively have given LDAP admin rights to the root of C.
# We change {{{bind_timelimit}}} ( optional ).
# We leave {{{bind_policy}}} to the default value 'hard'. The {{{bind_policy}}} soft option forbids nss_ldap from retrying failed LDAP queries. If the default bind policy is used, LDAP will retry a query several times when the LDAP server is not present. This can cause a pause of several seconds during routine operations. The default bind policy retries  with exponential backoff.
# Group membership settings. It'll be explained with an example. Assume we have 3 client machines C1, C2, and C3 and a number of user accounts in our LDAP. We have 3 sets of users accounts ~UA1, ~UA2 and ~UA3. We want users in ~UA1 to be able to login in C1 ''only'', ~UA2 users to C2 ''only'' and ~UA3 to C3 ''only''. This is a bit tricky and requires modification in several places. 
## We set {{{pam_groupdn cn=C1,dc=<mydomain>dc=<tld>}}} in C1's /etc/ldap.conf and {{{pam_member_attribute member}}}. This means that members of the LDAP entry C1, are allowed to login to C1. The LDAP entry C1 contains an structural objectClass groupOfNames and users belonging to ~UA1 are members of that C1 entry.  {{{pam_groupdn}}} specifies which group ( representing a physical machine ) to look into and {{{pam_member_attribute}}} which atrribute. If attribute 'member' ( which is multivalued, look at DIT section ) contains a username, then this user has access right to C1.
## We do the same for machines C2 and C3.
## Obviously, for this to work, we have to have the relevant group information stored in LDAP. Look at the DIT section, (5) and (6).
## PAM is involved in this process so we have to modify our pam configuration. We 'll explain this part later on, in this section.
# We set {{{pam_min_uid 1500}}} ( optional ). Why we might want to set that? Since user accounts are stored in a central place ( LDAP ), uids have to be consistent across diferent machines. So user Jack has to have the same uid to every machine he has access to. Same goes for gids, home directory and shell. So in order to be on safe side, we leave uids 1000-1499 for local use ( in each machine ) and uids >= 1500 imply network logins.
# We set {{{nss_base_*}}} naming context to our DIT respective ~DNs. for instance, {{{nss_base_passwd}}} base is {{{ou=people, dc=...}}} and {{{nss_base_group}}} base is {{{ou=system,ou=groups,dc=...}}}
# ''TLS'' We set {{{ssl start_tls}}}. We don't touch any ssl/tls settings here since we don't set client verification.
End focus on /etc/ldap.conf

''TLS'' To finish off we need one final touch in /etc/ldap/ldap.conf. We set {{{TLS_CACERT}}} to the CA certificate of the LDAP server. The certificate has to be readable by all the users handling the ldap utilities.

We have finished modifying the ldap.conf files. All that remains is to configure PAM and NSS. This is done using the package auth-client-config. The package contains a script and some templates which modify nsswitch.conf and any relevant pam configuration files. man auth-client-config for further info.

Unfortunately none of the supplied templates works for the group membership thing. Remember, we need one set of users to be able to login in a client machine and another set on another client machine. This is the @@crown jewel@@ of this manual. Our custom template follows:

{{{$> cat /etc/auth-client-config/profile.d/iit_auth_config}}}
{{{nss_passwd=passwd: files ldap}}}
{{{nss_group=group: files ldap}}}
{{{nss_shadow=shadow: files ldap}}}
{{{pam_auth=auth       sufficient}}}
\tab{{{        auth       required nullok_secure use_first_pass}}}
{{{pam_account=account    required ignore_authinfo_unavail ignore_unknown_user}}}
\tab{{{        account    required}}}
{{{pam_password=password   sufficient}}}
\tab{{{        password   required retry=3 minlen=8 difok=3}}}
\tab{{{        password   required use_authtok nullok obscure md5}}}
{{{pam_session=session    required}}}
\tab{{{        session    required skel=/etc/skel/}}}
\tab{{{        session    optional}}}
\tab{{{        session    optional}}}

\tab is important. It means 'tab delimited'. Check the man page of auth-client-config to see template syntax.

The ''most'' interesting part in this template is the {{{pam_account}}} definition and more specifically the {{{ignore_authinfo_unavail}}} and the {{{ignore_unknown_user}}} options. Also notice that both lines in the {{{pam_account}}} definition are {{{required}}}. Check man pam_ldap in the PAM configuration section for further info. Check also (4) and (5). These 2 lines make group membership work. 

To apply the template: {{{$> auth-client-config -a -p iit_ldap}}}
To revert to previous configuration: {{{$> auth-client-config -a -p iit_ldap -r}}}
!!!!Name Service Caching Daemon ( nscd )
Very simple. I'll add this later
!!!!TLS Configuration
In this section we are going to address possible TLS configuration issues.
* Certificates must be readable by the user slapd runs under. In Ubuntu this user is //openldap//.
* The LDAP server certificate must not be password protected.
* We don't setup client certification.
* LDAP clients i.e. utilities, need access to the CA certificate the ~OpenLDAP server certificate is issued from. To achieve this, we set the {{{TLS_CACERT}}} to the CA certificate location.
* In slapd.conf we set {{{security tls=1}}} to enforce tls operation. Be careful where you place this statement cause depending on where you place it you can enforce TLS on a per backend basis or globally. In our configuration, it's placed before any backend declarations, thus it's globally applied.
* in /etc/ldap.conf we set {{{ssl start_tls}}}. This work on the standard ldap port ( 389 ).
* In phpLDAPAdmin's config we set {{{$ldapservers->SetValue($i,'server','tls',true);}}} to turn the start_tls on.
* For TLS and Apache2 look at last point of phpLDAPAdmin section.
* Take a look at (8).
!!!!Troubleshooting, Monitoring, Maintenance and LDAP utils
One of the biggest problems is debugging on the client side of things. It's not possible to turn on debugging for PAM and NSS, which leaves us with the {{{-d}}} option of the LDAP client utilities. Possible values are 1 and 2. 0 means no debugging output.

{{{strace}}} is a lifesavier. Combine it ( or not ) with the LDAP client utilities to debug your way to working status.

On the server-side things are much easier. man slapd.conf and set {{{loglevel}}} to what you need.

On the monitoring side of things, the {{{monitor}}} database backend has been activated. It provides a wealth of information for the running status of the ~OpenLDAP service. Use {{{ldapsearch}}}, specifying {{{"cn=Monitor"}}} for the search base. {{{'*'}}} means //all user attributes//. {{{'+'}}} means //all operational attributes//. Take a look at the Monitoring  chapter of the ~OpenLDAP manual.

Maintainance //usually// means backing up. We can either backup the entire ~BerkeleyDB in /var/lib/ldap or use the {{{slapcat}}} client utility ti take an ldif snapshot of our DIT. Smells like a cronjob. {{{slapcat}}} is root-only, no authentication is needed. To be on the safe side, set your backend to readonly when you are backing up ( {{{readonly}}} setting in slapd.conf ).

And some examples of some LDAP utilities:
* {{{ldapsearch -x -W -D "RDN-of-user" -ZZ}}} : -x simple auth, -W prompt for password, -ZZ initiate TLS and stop on error.
* {{{ldapsearch -x -W -D "RDN-of-ldapadmin" -b "cn=Monitor" '*' '+'}}} : -b is the base of the search, '*' is the search filter and '+' is the returned attributes. More on ldapsearch(1).
* In our configuration, using ldap utilities without the option -Z(Z) fails cause we enforce TLS.
* {{{slapcat -a "(entryDN=*)" -s "ou=people,dc=<mydomain>,dc=<tlp>"}}}. Print the DN of entries under the search base specified by the -s option. No need for authentication or TLS in that command.
# For Ubuntu versions prior to 7.10 ( Gutsy ).
# . An overview of how the ldap authentication packages are organised in Ubuntu.
# auth-client-config package.
# ~FreeBSD specific. Explains why pam_groupdn doesn't work. Check (5) for Ubuntu and look in man pam_ldap at PAM CONFIGURATION section.
# pam_ldap for groupdn access control.
# [[DIT Design from LDAPCon07|]]
# [[LDAP Schema Design|]]
# [[Building a modern LDAP based security framework|]]
No more. Check [[upstart|]]. Developed for Ubuntu "as a replacement for the venerable ~System-V init".

Note that [[upstart|]] respects /etc/innitab so it's still usable.
is [[here|]]
Ubuntu 9.10
I switched to ext4 from ext3. All went smooth except grub. Grub 0.97 was installed in my machine which doesn;t cope with ext4. 

Following the instructions I did a {{{ sudo grub-install /dev/HD-device}}}. But there's is a catch here. The previous command supposes that the grub-pc 1.97 (that's grub version 2) is installed, and *not* grub 0.97 ( that's grub version 1). I ended up with a screwed up grub in MBR, and I couldn't boot at all. I was locked out of my machine, with the wrong grub version installed. So I need to boot using a live cd and from there install the newest grub version in the hard drive.

# Boot from live CD. Do not install. Just quit the installation and drop to a command shell
# {{{sudo mount /dev/my-boot-partition /mnt}}}
# {{{sudo mount --bind /dev/ /mnt/dev}}}
# sudo chroot /mnt
# {{{apt-get install grub-pc}}}
# and after the above steps {{{grub-install /dev/my-boot-partition}}}
# exit the chroot jail, umount dirs in LIFO order, reboot
# Result!!!!!
From later version to be more exact
* In {{{/etc/apt/sources.list.d}}} touch a versionname.list file which will contain the packages sources. Similar to the default sources.list
* Touch {{{/etc/apt/preferences}}}, more on {{{man apt_preferences}}}

A snippet of my {{{/etc/apt/preferences}}} file:
Package: *
Pin: release v=8.10
Pin-Priority: -1

Package: ruby
Pin: release v=8.10
Pin-Priority: 500

Package: ruby1.8
Pin: release v=8.10
Pin-Priority: 500

The crucial thing is the //~Pin-Priority//. In the 1st package spec it's set to -1, so the packages from the later release won't interfere and I set the priority to 500 for the packages I'm interested in upgrading.

Alternatively (that's what I'm using), a release can be pinned by name:
Package: *
Pin: release a=intrepid
Pin-Priority: -1

Package: ruby
Pin: release a=jaunty
Pin-Priority: 500
This is for ext3.
* {{{tune2fs -l /dev/sda}}}. Search for UUID string
* Alternatively, {{{blkid /dev/sda}}}
* For a swap partition which doesn't report any UUID or label:
** {{{swapof}}}
** {{{mkswap -L label /dev/sda*}}}
** {{{blkid /dev/sda*}}}
** {{{swapon}}}
~UUIDs and ~LABELs can be used in fstab and grub as well, e.g. we pass a kernel option in grub like {{{root=UUID=xxxx-xxxx-xxxx-xxxx}}}}
find -exec sh -c 'some_command $1 | other_command' {} {} \;
Powerfull, yet totally shameful.
# ssh to remote
# {{{export DISPLAY=:0.0}}}
# {{{vlc -I ncurses -f path-to-file}}}, with a convenient ncurses interface and fullscreen
Σήμερα έκανα update ένα ubuntu (σε alpha έκδοση) και το μηχάνημα κόλλησε χωρίς επιστροφή. Η έκδοση της libc6 έχει πρόβλημα. Η λύση είναι:
# Boot από bootable CD
# Download ενός libc6 deb πακέτου που δουλεύει.
# Extract το πακέτο.
# Mount το δίσκο του μηχανήματος που δεν δουλεύει
# Overwrite τα περιεχόμενα του πακέτου στο δίσκο.

Φυσικά alpha έκδοση σε production μηχάνημα δεν μπαίνει και η πιθανότητα να έχει πρόβλημα ένα τόσο βασικό component όπως η libc, σε stable έκδοση, είναι σχεδόν 0. Αλλά, χάρη συζητήσεως και υποθέτοντας οτι το κολλημένο μηχάνημα είναι ένα Virtual Machine, πως ακριβώς κάνουμε mount τους "δίσκους" ενός VM?


In short:
# Get vmware-tools image from @host:/vmimages/tools-isoimages 
# {{{mount <iso-image> <mount-point> -t iso9660 -o loop}}}
# Get the tar file and unpack it (default: /vmware-tools-distrib).
# Along with kernel source and headers, install packages: build-essential, libgtk2.0-dev, libproc-dev, libdumbnet-dev, xorg-dev, libicu-dev
# Goto to sourceforge 
# Search for "Open Virtual Machine Tools" and download the latest, e.g. {{{ wget -c}}}
# {{{configure --without-x}}} and {{{make}}}
# Goto modules/linux/
# Tar: {{{for i in *; do mv ${i} ${i}-only; tar -cf ${i}.tar ${i}-only; done}}}
# Move tar files to vmware-tools-distrib/lib/modules/source/
# Reboot
# {{{sudo ./}}} if you are upgrading, or {{{sudo ./}}} when it's the first time. @@Note@@ that sometimes it's better to //uninstall// and install again instead of just upgrading.
# Reboot

thx Pete Cooper
* F2 in the startup sequence to enter the VM Bios.
* ~Ctrl-Alt-Insert inside a VM to reboot it.
<div class='toolbar' macro='toolbar [[ToolbarCommands::ViewToolbar]]'></div>
<div class='title' macro='view title'></div>
<div class='subtitle'><span macro='view modifier link'></span>, <span macro='view modified date'></span> (<span macro='message views.wikified.createdPrompt'></span> <span macro='view created date'></span>)</div>
<div class='tagging' macro='tagging'></div>
<div class='tagged' macro='tags'></div>
<div class='viewer' macro='view text wikified'></div>
<div class='tagClear'></div>

A WikiWord is a word composed of a bunch of other words slammed together with each of their first letters capitalised. WikiWord notation in a conventional WikiWikiWeb is used to name individual pages while TiddlyWiki uses WikiWord titles for smaller chunks of MicroContent. Referring to a page with a WikiWord automatically creates a link to it. Clicking on a link jumps to that page or, if it doesn't exist, to an editor to create it. It's also easy to have NonWikiWordLinks, and there's a WikiWordEscape for situations where you don't want a WikiWord to be interpreted as a link.
Sometimes it's handy to be able to write WikiWords without them being recognised as links (for people's names, for instance). You can do this by preceding the WikiWord with a tilde ({{{~}}}). For example, ~JamesBond, ~JavaScript and ~TiddlyWiki
Εγκατέστησα το ~TWiki και ερευνώ τα εξής:
*Integration imap, επιτέλους αυτά τα email πρέπει να ενσωματωθούν με το content.
*Integration του Twiki με TiddlyWiki, //μπορεί// να γίνεται μέσω REST. Κοίτα
*LDAP διασύνδεση.
*Calendar και άλλα εργαλεία παραγωγικότητας παίζουν stadar, σύμφωνα με την σελίδα του ~TWiki
# Install vnc4server.
# Edit xorg.conf and insert a {{{Load "vnc"}}} to load vnc module.
## libvnc breaks with a message in Intrepid, see
## Download from a compiled module for i386.
# Run it over ssh !!!!!!!!!!!!!
# Ports 5900+ need to be open
# Edit /etc/X11/xorg.conf. Put in Screen section any Xvnc option you want.
I can't disable desktop sharing in this scenario. Additionally, any configuration changes require an X restart.

~TightVNC seems more flexible atm.

krfb/KDE and vino/GNOME are ideal for desktop sharing, presentation and remote assistance.

!!!!Links and info
It seems that the Module section is no longer necessary
Bασίλης Βατικιώτης, δουλεύω σαν διαχειριστής στο Ινστιτούτο Πληροφορικής & Τηλεπικοινωνιών, στο ΕΚΕΦΕ Δημόκριτος στην Αθήνα.

<<imglink images/bill-medium.jpg null null>>

[[Το προφίλ μου στο LinkedIn|]]

Στη δουλειά <<email         vatikiot  at      iit dot   demokritos dot       gr      >>
Το προσωπικό <<email  vvatikiotis at         gmail dot   com   >>
Το email για ΚΣύσιμο <<email  o_parallos at         ymail dot   com   >>
Το 1ο μου email <<email  vvatikiotis at         yahoo dot   com   >>
MSN <<email       o_trixlidios               at      hotmail  dot       com      >> (μόνο MSN, τα email εδώ πάνε στο /dev/null με μεγάλη ευχαρίστηση)
Skype billy_v
[[εγώ@Facebook|]], ο bill πηρε την τζουγκράνα του

@@UPDATE@@ R.I.P. Google Browser Sync. Τώρα χρησιμοποιώ το για τα bookmarks μου. Πολλά passwords ρε γαμώτο...

@@OUTDATED@@ Τα [[bookmarks|]] μου. Θα ήταν super να μπορούσα να τα έχω στο Google Browser Sync και να είναι published στο δίκτυο χωρίς να πρέπει κάθε τόσο να τα κάνω export to file.

Κάποτε στην Ολλανδία ήμουν (επαγγελματικά) ο [[Develware|]]@Amsterdam, NL, 1999 - 2003
On Ubuntu:
$ sudo apt-get install libmysqlclient15-dev 
$ which mysql_config

$ sudo gem install mysql -- --with-mysql-config=/usr/bin/mysql_config
Building native extensions.  This could take a while...
Successfully installed mysql-2.7
1 gem installed
To track down an IP address to a switch port, and from there, to a patch-panel port, to a specific wall plug:
# Need a routing or a L3 switch that does either rooting or enables interVLAN communication. 
## {{{3750# ping}}}
## {{{3750# show arp | inc}}} and I get the its mac address
# I know that this IP address is on vlan 30, so I go to the switch that services that vlan
## {{{2950# {{{show mac-address-table | inc <mac-address-I-got-in-previous-step>}}}
## Get the port number on the switch this IP address is coming from.

Check network documents. Find port number->patch panel->wall plug. Get my dagger out :D

Check also Configuring Dynamic Arp Inspection for a relevant discusion.
Ethernet bonding
Ti eidous jobs (input) 8a lunei to hpc kai me poia/poies distribbuted texnikes antimetwpizonte?
Pws 8a kanoume clustering otan to 1 hotachi ftasei (an pote) sta oria tou?

NFS load, mount points, bonding

Google Analytics
Capitalism: The Unknown Ideal, Ayn Rand
εκδοσεις Ροες Το μυστηριο του κεφαλαιου Χερναντο ντε Σοτο
εκδ. Καστανιωτη Χαγιεκ, Το Συνταγμα της ελευθεριας
Black Swan, Nassim Nicolas Taleb
Radicals for capitalism
Virtual data center from a web interface. Keep it in mind.
Mostly works but when it doesn't it's a ball buster.

I'm using HPLIP to print to a networked HP printer (P2015), which worked in gutsy but not 100% in hardy. In particular, pdfs refuse to print.

Some useful command line tools
* {{{hp-makeuri <printer-ip-address>}}} returns the proper printer URI. For use in CUPS.
* {{{hp-check -r}}} to check the HPLIP runtime installation.
* check the {{{hp-*}}} tools.

...and stil I cannnot print pdfs :(

@@Suggestion@@: Install all ppds packages. You never know where the printer drivers you're looking for is.

@@UPDATE@@: P2015 drivers (for KDE) are in package openprinting-ppds (@@NB@@ linuxprinting packages are transition packages to openprinting ones). And still, not able to print pdfs.

@@UPDATE 2@@: It seems there's a problem with a particular pdf I was trying to print. ~VMware pdfs print just fine.
Shamelessly ripped and adapted from Anton Ertl

I've just upgraded from etch to lenny on an Intel Xeon machine with two SCSI disks. Disks are on raid 1. On the first boot from the newly installed kernel (2.6.26-2-686), it waited for a long time, eventually failed to mount the root file system, and dropped into the initramfs shell. The output of the boot process indicated that the scripts in /scripts/local-top (among them /scripts/local-top/mdadm) were started before the SCSI disks became visible to the kernel (apparently because udev was started after mdadm), leading to the message:

mdadm: No devices listed in conf file were found

The solution was to add "append=rootdelay=10" in the kernel line of my grub/menu.lst
What's this likeauth argument and what does it do for PAM module? Google search "pam_unix likeauth" returns the following:

When pam_unix is required for auth, pam calls 2 functions into it: pam_sm_authenticate and pam_sm_setcred.

In my opinion, pam calls pam_sm_authenticate and pam_sm_setcred one after another.

If you provide the 'likeauth' parameter, pam_sm_setcred returns the same value as pam_sm_authenticate (this last one stores it), I think that is the reason why the parameter is called 'likeauth': return the same value as pam_sm_authenticate.

I'm not sure about what is the real value returned to the pam library. Does that mean that if pam_sm_authenticate fails and no 'likeauth' has been specified, the returned value is 'success' because pam_sm_setcred returns success?

The likeauth argument makes the module return the same value when called as a credential setting module and an authentication module. This will help libpam take a sane path through the auth component of your configuration file.

The first argument is likeauth, which makes the module return the same value for credential (password) changes as for authentication, ensuring equivalent security in both cases. The next argument, nullok, should be removed for a hardened system, as it allows null passwords to be set for accounts. This module is marked as sufficient so that the next module can be tested.
[[Radio Paradise|]], δικτυακός ράδιοφωνικός σταθμός, υποστηρίξτε τον - free internet radio, support it!

pasatempo επίσης ήταν ένα κοριτσάκι (χαιδευτικά) που πέρναγε το χρόνο της, τον ελεύθερο υποθέτω, μπροστά σε μία κάμερα, ντυμένη ελαφρά, τίποτα το επιλήψιμο ή παράνομο βέβαια. Στον υποδουλομένο χρόνο της σπούδαζε νομική στο Πανεπιστήμιο της Κολούμπια (ή Βανκούβερ, δεν θυμάμαι ακριβώς). Ελληνίδα φοιτήτρια. [Κάποτε στην Ολλανδία]
Seems LDAP related issue persist. Something MUST be done because  ldap (and phpldapadmin) is a core service nowdays .....

Changed my custom template to be compatible with phpldapadmin 1.2. Pay attention to the password related stuff, it could break users login procedure. php.~PasswordEncryptionTypes() is used.

config.php has to be modified also. 

All in all, not especially difficult but a bit time consuming...
Ξεκινάω το porting του παλιού μου "site", σε μια προσπάθεια να consolidate - γαμώ τα ελληνικά μου, αυτό παθαίνει κανείς όταν διαβάζει όλη μέρα αγγλικά - ότι με αφορά σε ένα "site".

btw, ο όρος site μου φαίνεται αδόκιμος πλέον

Υπενθυμιση: να βρω την αντίστοιχη ελληνική λέξη για το consolidate

Ανανέωση: consolidate = συγκεντρώνω. Κολλάει το ρημάδι.

Το porting έγινε. Μου πήρε μία μέρα για να μεταφέρω το content καθώς και να εγκλιματιστώ με το TiddlyWiki
{{{git checkout -b < new_branch > origin/< new_branch >}}}

A {{{git pull}}} might be needed first.
{{{git push origin}}} will push ALL changes in the local branches to remote 'origin', PROVIDED that there are matching remote branches. As for {{{git push}}}.

This behavior is configurable: push.default in .git/config

* Rancid scripts there and instructions 
* lcli ( Lightweight CLI )

@@UPDATE@@: I couldn't make it work for our ~SRW2048. Something in the expect login script, which seems (to me) correct. 
Keep a close watch Info on this plugin most probably change.

25 Aug:
* {{{lib/authenticated_system.rb}}} and {{{lib/authenticated_test_helper.rb}}} do not get there upon plugin installation but when the authenticated generator is used to generate a user model.
* To resolve the {{{~NameError ("Plugins::Restful-authentication::Lib" is not a valid constant name!)}}} change the directory name of the plugin to //restful_authentication// (from - to _)
See [[restful-authentication]]

# although restful_authentication plugin suggests the aasm gem

To update ~RubyGems ( @ )
# sudo gem install rubygems-update  
# sudo update_rubygems  
See [[ssh port forwarding|]]

Από το σπίτι δίνω:

{{{vatikiot@ariel::~> ssh -L 9999:noc:80 vatikiot@vael}}}

και μπορώ να βλέπω τη web σελίδα του noc στην οποία έχω τα monitoring eργαλεία του δικτύου. Προφανώς, στον vael τρέχει ένας ssh server

Να το κάνουμε λιανά για όσους (δικαιωματικά) βαριούνται να διαβάσουν το παραπάνω link:
# -L σημαίνει local forwarding, δηλαδή το remote port 80 του noc κολλάει στο pc που κάθεται ο χρήστης στο port 9999. 
# 9999 είναι το port στο local μηχάνημα. Εάν ο χρήστης δεν είναι έχει root δικαιώματα στην τοπική μηχανή, μπορεί να επιλέξει οποιδήποτε port > 1023.
# 80 είναι το port στο remote μηχάνημα.
# vatikiot@vael. vael είναι η //ενδιάμεσή// μηχανή που χρησιμοποιούμε για να συνδεθούμε στην remote μηχανή. Προφανώς ο χρήστης πρέπει να έχει λογαριασμό στην ενδιάμεση μηχανή.

Παράδειγμα ssh forwarding μέσω estia:
{{{ssh -p 222 7900:your-machine-ip:80 your-account@estia}}}

και αμέσως ο web server που τρέχει κάποιος χρήστης στο pc του στο δημόκριτο είναι προσβάσιμο στο port 7900 στο pc του στο σπίτι. Δηλαδή: firefox και στο address bar βάζουμε localhost:7900 και voila, πρόσβαση στις σελίδες του web server του προσωπικού μηχανήματος του στο ΙΙΤ.
It's based on public-key authentication. There has to be 1 system account, say a generic account named //repos//. All svn users will be able to access that account's repositories

# The user who wants svn access needs to generate a public key using the command {{{ssh-keygen}}}
# We add one line per svn user in ~repos/.ssh/authorized_keys. 
{{{ command="/usr/bin/svnserve -t -r /absolute/parent/path/of/repository
--tunnel-user=[subversion user name]",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty [public key text from]
This //has// to be in one line. No ~LFs, no ~CRs.

@@Note@@: If you get an error message like svn: URL 'svn+ssh:/ /[url]' non-existent in that revision you should tweak the /absolute/parent/path/to/repository from the configuration outlined above.

(Before you do that though, note that svnserve's '-r' option changes the root of the filesystem as seen by the client, and therefore the URL that they use to log in should also change. E.g. in the example above, their path will begin after [projectx]. If they're trying to log in using the full path to the repository, they will see the error above.)

For a quick-n-dirty way to tweak ssh settings you should change the ~SVN_SSH env variable, e.g. {{{export SVN_SSH=ssh -p 222 -vvvv}}}

The [subversion user name] can be changed to anything you like.

Note: This will allow the user to SSH to the subversion account with their private key, but will give them no access to your server and will only allow SVN activity on that specific repository. Also make sure that you have deleted id_rsa and from your server.
I'm less than dirt, I know, but I just started using svn. Better late than never. Kudos to [[serg|]].

Visit for the authoritative source of info for subversion.
I want a repository on estia so all my programming projects are accessible from everywhere and of course keep a history.
{{{estia$ svnadmin create ReposName}}} 
in a directory of my choosing. That's the only time I have to do anything on estia.

Now, on my machine. There's an import procedure ({{{svn import...}}}) but I'm not going to follow it. Instead:
# Create a directory which will hold my local copy of the repository. cd to it. 
# {{{svn co svn+ssh://username@estia/absolute/path/to/repository/ }}} to checkout the repository (which is empty atm) from estia. Best to put absolute path there, no symlinks.
# Under that directory (step 1), create subdirectories //trunk//, //tags// and //branches//.
# Copy my work directory and files under //trunk//.
# {{{svn add *}}} to add my work files/directories in my local copy of the repository. 
# {{{svn ci  -m "My 1st Comment"}}} to commit my local changes (steps 3, 4) to the repository @ estia.
I'm good to go.

Commands I use:
* {{{svn update}}} to get locally the latest revision from the repository @ estia. You //should// do it after each commit.
* {{{svn ci -m "Commit reason"}}} to commit any local changes to the repository.
* {{{svn log}}} shows revision history.
* {{{svn status}}} to see the status of local copy.
* {{{svn add | delete <files-or-directory>}}} to put under svn control new local files or directories. They will be added to the repository at the next commit (ci).
* {{{svn list svn+ssh://estia/absolute/path/to/repository}}} to list contents of repository @ estia.
* {{{svn diff -r RevNumber}}} to diff local and ~RevNumber revisions.
* {{{svn revert}}} to revert to the last committed revision (from the repository @ estia).
* {{{svn move source dest}}} to move a file/directory to a new location, locally. Commit history is preserved.
svn commands such as add, move, delete, status are local, meaning there is no communication between the local copy and the repository.

More commands:
* {{{{svn pe svn:ignore <file-or-directory>}}} to set the ignore pattern of the file or directory. Files or directories that match the pattern are ignored in repository commits, status etc. Ignore pattern is //not// applied recursively.
* Alternatively, global-ignores variable in ~/.subversion/config file can be set to a pattern(s). It's global.
* {{{svn export svn+ssh://....}}} to export a repository or part of it.
* {{{svn cp trunk/file branches/test}}} to copy a file from //trunk// to branching. Branching.
* {{{svn merge source dest}}} to merge a braching. @@CAREFUL HERE, READ MANUAL@@
@@RTFM@@ @ of course. This is for my use, not yours.
,cc - Comment in visual/normal mode. ~NERDcommenter plugin
""":bd""" - close buffer
,t - textmate like search
C-w s - split window
C-w c - close window
\( \) :  remember text for later use

C+] : follows link
C+t : back

To indent multiple lines
1. type == at the 1st line
2. type v, select all lines
3. type =

* ~NERD_tree
* rails.vim
* taglist, needs ctags package too.
* ~FuzzyFinder and ~FuzzyFinder-textmate @
Also see [[ssh port forwarding]] (greek)
!!!!!Required Software
* tightvncserver and vncviewer, Linux vnc client to Linux vnc server,, or
* rdesktop, Linux Remote Desktop client to Windows Remote Terminal Services server
VNC service runs on ports 5900, 5901 and so on, for every new vnc connection. So to use ssh port forwarding and vnc:

{{{ssh -p 222 -L 5900:your-ip-in-IIT:5900 vatikiot@estia}}}

(The above will not work if you run a vnc server on your local machine, cause the local vnc service masks port 5900. So you have to choose another port to forwarding the //remote// 5900 vnc server port)

From a linux client to a Windows Remote Terminal service the remote port is 3389. It's best to use a different port than 3389 locally, cause most probably, Remote Terminal Service runs already in your XP/Vista local machine. 3390 or 3391 could do. So:

{{{ssh -p 222 -L 3390:your-ip-in-IIT:3390 vatikiot@estia}}}

and localhost:3390 at the remote desktop connection client on the Windows local machine.
!!!ston pix-vpn
* ''~IPsec rule'' Pros8etoume kai ena ena ipsec rule. Protect = encypt. Inside - > Outside vpn pool. Kai epilegoume kai tunnel policy pou 8a xrhsimopoieitai se auto to rule
* ''Tunnel Policy'' A tunnel policy is static when it applies to one or more remote peers that can be accurately identified by IP address or DNS host name. A tunnel policy is dynamic when it applies to an unknown remote peer that seeks to initiate an ~IPSec connection with the firewall. A static policy is more secure than a dynamic policy. However, a dynamic policy is necessary when a remote ~IPSec peer has a dynamically assigned IP address or when the firewall is configured to allow connections from unknown remote hosts. Select a trnsform set also
* ''Transform Set'' Make a transform set (specifies the ~IPSec protocol, encryption algorithm, and hash algorithm to use on traffic matching the ~IPSec policy. ). Tunnel mode is the normal way in which ~IPSec is implemented between two firewalls . This method of implementing ~IPSec is typically done with ~L2TP to allow authentication of remote Windows 2000 VPN clients.
* ''IKE Policies'' select the symmetric encryption algorithm used to establish the Phase 1 SA for protecting Phase 2 negotiations. select the hash algorithm used for authentication and ensuring data integrity. Selet method of authentication( pre-share kai rsasig). We use pre-shared key. rsa-sigs requires certificates. Enable the outside interface for IKE
* ''IKE XAUTH/Mode Config''. Choose outside interface Choose RADIUS. Mode config :   Initiate—This indicates that the firewall initiates the config mode with the client and then waits for the client to respond before it sends information to the client. Respond—This indicates that the client initiates the configuration mode with the firewall. The firewall then responds to the remote access client with the IP address it allocates for that client.
* 2 pools, mia gia admin mia gia tous users
* pros8etoume 2 vpn client groups. Enable to PFS (Perfect Forward Secrecy (PFS) provides additional security by means of a ~Diffie-Hellman shared secret value. With PFS, if one key is compromised, previous and subsequent keys are secure because they are not derived from previous keys. This statement is optional.). Bazoume kai ta DNS. @@Split Tunneling gia argotera, einai gia performance afou den kruptografei ta panta@@

!!!ston pix-~SystemProperties
* Sto AAA servers bazoume to IP tou radius server + kleidi pou moirazontai o pix kai o radius. Prepei na mpei kai sot clients.conf tou radius

>vpnc umsl.conf
>route del default gw
>route add default gw
>route add -net netmask dev tun0
>resolvconf -d tun0
>resolvconf -u
To anw den xreaiazetai dioti douleuoume me to kvpnc kai to routing table ginetai push apo ton server ston client.

@@PROSOXH@@ Ta route prepei opwsdhpote na allaksoun. opws eipe to tupaki "ti ginetai an 1o) den allaksoun to route kai 2o) anoiksoun meta kana emule??? kolash"
TO anw statement exei nea proseggish. DEs pio katw

@@Check MTU setting@@

I am trying to configure a cisco pix as a vpn endpoint for the cisco vpn client and would like to force the client  to use the corporate network for internet access.  I don't want to allow split-tunnel.  I cant find any info on how to do this. Is split tunnel the only way to give a vpn client internet access once they are connected?
The short answer is yes.  PIX-fu rule #1: the PIX is not a router.  It can't take traffic that arrives on one interface and pass it back out that same interface, even when the traffic arrives via VPN tunnel.

@@Prepei na xrhsimopoihsoume split DNS kai split tunneling!!!!!!!!@@

@@trexontas to kvpnc kanei su-to-root gia na 8esei ta swsta routing entries@@

@@DNS setup@@. Rule ston pix gia na epitrepetai sto vpn diktuo na kanei dns lookup. Pros8esh tou vpn diktuou etsi wste o dns server na eksuphretei kai auto to diktuo (kai oxi na to blepei san outside diktuo).

@@NAT traversal@@ NAT traversal enables ESP packets to pass through one or more NAT devices. Pou shmainei oti to xreiazomaste on otan to vpn endpoint einai pisw apo enan NAT device. Sthn prokeimnenh periptwsh oxi. @@telika xreiazetai to NAT-T ston client@@

@@Secondary DNS@@ pou einai eksw apo to pedio eu8unhs den mpainei mesa sto split dns dioti meta den kseroume pws na to kanoume route. px vpnclient->domain DNS kseroume. omws vpnclient->SEC DNS den kseroume


To let traffic flow from a high security level to a lower level, use the nat and global commands. For the opposite direction, from lower to higher, use the static and access-list  commands. We suggest using nat and global when going from any non-outside interface to the outside interface (Internet usually unless the PIX is used as a border between business units) which is a little different than the first sentence above.  We also suggest using statics from any non-outside interface to any other non-outside interface
!!!!refs PIX 6.1 PIX 6.1 Kalo basic IPSEC kai terminology explained
* cron backup esx1
* www, dmz, ser on esx1 
* vpn me to neo firewall


* Need ldap pages on joomla

Capitalism: The Unknown Ideal, Ayn Rand
εκδοσεις Ροες Το μυστηριο του κεφαλαιου Χερναντο ντε Σοτο
εκδ. Καστανιωτη Χαγιεκ, Το Συνταγμα της ελευθεριας
Black Swan, Nassim Nicolas Taleb
Radicals for capitalism
Όλο το @@ζουμί@@ για πλοήγηση στη σελίδα είναι στα tabs @@Timeline@@ και @@Tags@@ στην δεξιά πλευρά της σελίδας. Όποιο σας βολεύει. No excuse <<smiley :-)>>

Βασικό tip για @@επιτάχυνση του@@ TiddlyWiki. Στο options, στη δεξιά πλευρά της σελίδας, @@απενεργοποιούμε το Enable Animations@@

MainMenu (shadow tiddler)
GettingStarted (shadow tiddler)
[[How to add background images]]
[[How to install a plugin]]
[[A visual guide to the TiddlyWiki layout]]
[[Browser-specific issues]]




Η σελίδα του ~TiddlyWiki @
Τα πάντα σχετικά με το ~TiddlyWiki βρίσκονται @
[[TiddlyVault|]] repository για plugins

~TiddlyWiki version <<version>>
[[Δε μασάμε|]]
[[Greek University Reform Forum|]]
[[Αξιολόγηση βουλευτών|]]
Υπάρχει ελληνική μετάφραση (Μάιος 2007) αλλά δεν είναι updated στην τελευταία έκδοση.... Δυστυχώς η συντήρηση τέτοιων προσπαθειών κοστίζει σε χρόνο, ειδικά αν είσαι ένας. Στην παλιά έκδοση συνάντησα ένα πρόβλημα με το installation των plugins, επειδή ακριβώς είναι 6 μήνες πίσω.

Οπότε πήρα το αγγλικό για να έχω το κεφάλι ήσυχο. Το περιεχόμενο όμως θα ειναι στα ελληνικά.

Τελικά η ισχύς υπάρχει στους αριθμούς...
Ο [[Γιάννης Κοροβέσης|]] (σε ένα από τα blogs/sites που γράφει), μου έδειξε αυτο το υπέροχο client side wiki. Όπερ μεθερμηνευόμενο, πρέπει να καταχωρήσω αναδρομικά τις τελευταίες μέρες, αφού η όλη ιστορία άρχισε από ένα βιβλίο που δανείστηκα από αυτόν πριν απο μερικές μέρες. Χωρίς το βιβλίο αυτό, μάλλον δεν θα είχα ασχοληθεί,

Κοινώς, αυτοχώθηκα.

Edit (later): πολύ εύχρηστο τελικά, το μόνο που απομένει είναι να φτιάξω ένα theme που να μ' αρέσει.
Χρήστης αναπηρικού αμαξιδίου. Γενικά είναι πολύ ευχάριστο να προσπαθείς να πάρεις τσιγάρα από το περίπτερο, δίπλα στο σπίτι μου, αλλά στο απέναντι πεζοδρόμιο.

ζητω το έθνος!!!
[[Άρθρο εδώ|;jsessionid=ZSG4CS0ZCZFVSQSNDLSCKHA?articleID=207001226]]

Σύμφωνα με το άρθρο, οι ικανότητες  των μηχανικών χρειάζονται στην σφαίρα της πολιτικής διακυβέρνησης και σχεδιασμού μιας χώρας. Ικανότητες που αποκτούνται από την εκπαίδευση και τη φύση της εργασίας τους. 

Δεν μπορώ να συμφωνήσω περισσότερο με το πνεύμα του άρθρου. Μεθοδικότητα και όραμα στον σχεδιασμό, προσοχή στην λεπτομέρεια και "excellent field operational skills". 

Άντε γιατί με δικηγορίες και δικανισμούς δεν γίνεται δουλειά...

[[Νόμος 3043/2003|]]
[[Financial Sense|]]

[[Safe Haven|]]
[[Daily FX|]]

European Stock Indeces - [[2 months|$FTSE,$SMI,$DAX,$ATG,$MIBTEL,$CAC|B|B13]]  | [[6 months|$FTSE,$SMI,$DAX,$ATG,$MIBTEL,$CAC|C|B13]]  | [[1 year|$FTSE,$SMI,$DAX,$ATG,$MIBTEL,$CAC|D|B13]]
European Currencies - [[2 months|$GOLD,$XEU,$XEU:$USD,$XEU:$XJY,$XBP,$XEU:$XBP,$XEU:$CDW,$XSF,$XEU:$XSF]] | [[6 months|$GOLD,$XEU,$XEU:$USD,$XEU:$XJY,$XBP,$XEU:$XBP,$XEU:$CDW,$XSF,$XEU:$XSF|C]] | [[1 year|$GOLD,$XEU,$XEU:$USD,$XEU:$XJY,$XBP,$XEU:$XBP,$XEU:$CDW,$XSF,$XEU:$XSF|D]]

American Stock Indices - [[2 months|$NYA,$DJIA,$SPX,$COMPQ|B|B13]] | [[6 months|$NYA,$DJIA,$SPX,$COMPQ|C|B13]] | [[1 year|$NYA,$DJIA,$SPX,$COMPQ|D|B13]]
American Currencies - [[2 months|$USD,$GOLD,$USD:$XEU,$CDW,$XEU:$CDW]] | [[6 months|$USD,$GOLD,$USD:$XEU,$CDW,$XEU:$CDW|C]] | [[1 year|$USD,$GOLD,$USD:$XEU,$CDW,$XEU:$CDW|D]]

Asian Stock Indices - [[2 months|$NIKK,$HSI|B|B13]] |
Asian Currencies - [[2 months|$GOLD,$XJY,$XJY:$XEU,$XAD]] |  [[6 months|$GOLD,$XJY,$XJY:$XEU,$XAD|C]] | [[1 year|$GOLD,$XJY,$XJY:$XEU,$XAD|D]]

Americas [[Market Watch|,iday[Y]&disp=SXA]] @

[[Gold & Silver Bullion, and Interactions with Stocks, Bonds, Commodities Dollar Index|[s99045842]&disp=O]]
[[Seven Currencies vs Gold ETF|[s80239138]&disp=O]]

[[Historical Charts Gallery|]] @
Federal Reserve Board - [[Statistics: Releases and Historical Data|]]

From public charts lists @
[[market view|]] @ Ημερησία
[[World Stock Exchanges|]] @ Ημερησία
[]... η υπόθεση της Σμύρνης, που ξεπερνάει κατά πολύ τη φρίκη του Πρώτου Παγκοσμίου πολέμού ή ακόμα και του σημερινού, έχει κάπως απαλυνθεί και σχεδόν εξοριστεί από την μνήμη του καθημερινού ανθρώπου. Η ιδιαίτερη φρίκη που καλύπτει αυτή την καταστροφή δεν οφείλεται μόνο στην αγριότητα και την βαρβαρότητα των Τούρκων αλλά και στην αισχρή, πλατιά συναίνεση των μεγάλων δυνάμεων. Ήταν ένα από τα μεγάλα ταρακουνήματα που υπέστη ο σύγχρονος κόσμος - η συνειδητοποίηση ότι οι κυβερνήσεις, στην επιδίωξη των δικών τους ιδιωτικών συμφερόντων, μπορούν να επιδείξουν αδιαφορία, μπορούν να εκμηδενίσουν τη φυσική αυθόρμητη αντίδραση των ανθρώπων μπροστά σε μια κτηνώδη, αχαλίνωτη σφαγή. Η Σμύρνη, σαν την εξέγερση των Μπόξερ και άλλα αναρίθμητα περιστατικά που δεν είναι δυνατόν να αναφερθούν εδώ, ήταν ένα προειδοποιητικό παράδειγμα για την τύχη που περιμένει τα ευρωπαικά έθνη, για την μοίρα την οποία αυτά σιγά σιγά επιβαρύνουν με τις διπλωματικές τους δολοπλοκίες, το μικροεμπόριό τους, την καλλιεργημένη τους ουδετερότητα και αδιαφορία μπροστά στα οφθαλμοφανή λάθη και αδικίες. Κάθε φορά που ακούω για την καταστροφή της Σμύρνης, για τη γελιοποίηση του ανδρισμού που επιβλήθηκε στα μέλη της στρατιωτικής δύναμης των μεγάλων δυνάμεων, οι οποίοι παρέμειναν αδρανείς κάτω από τις αυστηρές διαταγές των ηγετών τους ενώ χιλιάδες αθώοι άνδρες, γυναίκες και παιδιά πετιούνταν στη θάλασσα σαν κοπάδια, πυροβολούνταν, ακρωτηριάζονταν, καίγονταν ζωντανοί, κόβονταν τα χέρια τους όταν προσπαθούσαν να πιαστούν από κάποιο ξένο πλοίο, σκέφτομαι εκείνη την προειδοποιητική ανακοίνωση που έβλεπα πάντα στους γαλλικούς κινηματογράφους και που αναμφίβολα επαναλαμβάνονταν σε κάθε γλώσσα κάτω από αυτό τον ήλιο, εκτός της γερμανικής, της ιταλικής και της ιαπωνικής, οποτεδήποτε προβάλλονταν επίκαιρα με το βομβαρδισμό κάποιας κινεζικής πόλης.* Το θυμάμαι για τον απλούστατο λόγο ότι κατά τρην πρώτη προβολή της καταστροφής της Σανγκάης, με τους δρόμους γεμάτους κατακρεουργημένα κορμιά που φτυαρίζονταν βιαστικά σε κάρα σαν σκουπίδια, ξεσηκώθηκε σ' αυτόν τον γαλλικό κινηματογράφο τέτοιο πανδαιμόνιο, που δεν είχα ξαναδεί ποτέ πριν. Το γαλλικό κοινό είχε εξοργιστεί. Και όμως παθητικά, αρκετά ανθρώπινα, στην αγανάκτηση τους είχαν μοιραστεί. Την οργή των δικαίων είχε ξεπεράσει η οργή των ενάρετων. Οι τελευταίοι, αρκετά περιέργως, είχαν εξοργιστεί που τέτοιες βαρβαρότητες και απάνθρωπες σκηνές προβάλλονταν μπροστά σε τόσο αξιοπρεπείς, νομοταγείς, ειρηνόφιλους ανθρώπους όπως θεωρούσαν τους εαυτούς τους. Ήθελαν να προστατευθούν από το άγχος να αντέξουν τέτοιες σκηνές έστω και από την άνετη απόσταση πέντε ή έξι χιλιάδων χιλιομέτρων. Είχαν πληρώσει για να δουν ένα αισθηματικό δράμα στα αναπαυτικά τους καθίσματακαι από κάποιον τερατώδη και εντελώς ανεπίτρεπτο, λαθεμένοχειρισμό αυτό το φριχτό κομμάτι πραγματικότητας είχε ριχτεί μπροστά στα μάτια τους και το ειρηνικό τους, χαλαρό βράδυ είχε κυριολεκτικά καταστραφεί. Τέτοια ήταν η Ευρώπη πριν από την παρούσα καταστροφή. Έτσι είναι η Αμερική σήμερα. Κι έτσι θα είναι αύριο όταν θα έχει καθαρίσει η ατμόσφαιρα από τους καπνούς. Και όσο οι άνθρωποι θα μπορούν να κάθονται και να βλέπουν με δεμένα τα χέρια τους συνανθρώπους τους να βασανίζονται και να σφαγιάζονται, τόσο ο πολιτισμός θα είναι μια ρηχή κοροιδία, ένα λεκτικό φάντασμα που αιωρείται σαν αντικατοπρισμός πάνω από μια φουσκωμένη θάλασσα δολοφονημένων κουφαριών.

Προειδοποίηση: παρακαλείται το κοινό να μην εκδηλώσει κανένα απρεπές αίσθημα κατά την προβολή αυτών των φρικιαστικών σκηνών. Θα μπορούσαν με την ίδια ευκολία να είχαν προσθέσει: να θυμάστε, πρόκειται απλώς για Κινέζους, όχι για γάλλους πολίτες.

σελ. 218-220, Ο κολοσσός του Αμαρουσίου, Henry Miller
Οι θάνατοι σήμερα είναι μόνο στατιστική. Μάρτυρας τα μνημεία του Άγνωστου Στρατιώτη παντού. Οι ήρωές μας είναι ανώνυμοι. Δεν υπάρχει κανένας του οπίου τη μνήμη μπορούμε να σεβόμαστε, κανένα πνεύμα για να το χαιρετίσουμε. Στεκόμαστε με σκυμμένο κεφάλι μπροστά στα σκορπισμένα λείψανα ενός σώματος, το σώμα ενός ανθρώπου που η ταυτότητα του έχει χαθεί. "Εμείς που χάνουμε γρήγορα την ταυτότητα μας σε χαιρετούμε, ω ανώνυμε!" Αεροναυμαχούμε σαν μεγάλα πουλία που πέφτουν στα ψοφίμια. Καταστρέφουμε ολόκληρους πληθυσμούς πατώντας ένα κουμπί. Ο εχθρός είναι παντού, έμψυχος και άψυχος. Όλα εμπνέουν φόβο, τρόμο, πανικό. Πολεμάμε τις δικές μας σκιές - ένας ανταρτοπόλεμος με φαντάσματα. Τέτοιος είναι ο πολιτισμός. Τέτοια είναι η Εποχή του Χάλυβα, εξωτερικά τόσο συμπαγής, εσωτερικά απολύτως ρευστή. Οι ισχυρότερες κατασκευές σπάζουν σαν πομφόλυγες. Μια ανάσα μπορεί να γκρεμίσει ένα φρούριο. Το χέρι ενός παιδιού μπορεί να σβήσει αιώνες προσπαθειών. Ηλιθιότητα. Καθαρή ηλιθιότητα.

σελ. 348-349, Πρώτες εντυπώσεις από την Ελλάδα, Ο κολοσσός του Αμαρουσίου, Henry Miller
Σε ένα post από την λίστα του UOPCEID δίνουν το link

για όποιον θέλει να ακυρώσει την σύνδρομή του στο ενημερωτικό (για πολιτικούς μηχανικούς) σκουπιδοενημερωτικό περιοδικό του ΤΕΕ. Για όποιον δεν του αρέσει να κόβονται δέντρα για να "ενημερώνεται" για κάτι που δεν τον αφορά. Εκτός φυσικά και αν είναι πολιτικός μηχανικός ή αρχιτέκτονας.

Ανανέωση: ο [[Στας|]] μου 'πε οτι το όλο θέμα ειναι hoax, το site δεν δούλεψε ποτέ.
Ανανέωση 2: υπάρχει επίσης μια εξήγηση στο γιατί αυτό δεν παίζει στο περιοδικό του ΤΕΕ ( και ο Στας μου είπε κάτι παρόμοιο ). Τα δέντρα που κόβονται για να γίνει χαρτί, έχουν φυτευθεί γι' αυτό ακριβώς το λόγο. Επιπλέον, το ΤΕΕ ( μάλλον ) παίρνει φράγκα από διαφημίσεις στο περιοδικό, οπότε όσα περισσότερα τεύχη ανά μήνα τόσα περισσότερα γκαφ.
...αλλά πολύ εύπεπτες

Σύνδεσμοι ΑΜΕΑ - Greek disability links - non serviam

Οδηγός του πολίτη με αναπηρία (pdf)

[[ΕΣΑΑ|]], Εθνική Συνομοσπονδία Ατόμων με Αναπηρία
[[ΕΟΚΑ|]], Εθνική Ομοσπονδία Κινητικά Αναπήρων
[[ΠΑΣΙΠΚΑ|]], Πανελλαδικός Σύνδεσμος Παραπληγικών Και Κινητικά Αναπήρων
[[IKPA|]], Ινστιτούτο κοινωνικής προστασίας και αλληλεγγύης
[[ΚΕΑ-ΑΜΕΑ|]], Κέντρο Επαγγελματικής Αποκατάστασης ΑΜΕΑ
[[EIAA|]], Εθνικό Ίδρυμα Αποκαταστάσεως Αναπήρων
[[equal|]], Ευρωπαϊκό Πρόγραμμα Στήριξης ειδικών και απειλούμενων κατηγοριών ατόμων που αφορούν και τα ΑΜΕΑ
[[ΚΕΑΤ|]], Κέντρο Εκπαιδεύσεως και Αποκαταστάσεως Τυφλών
[[ΑΜΕΑ@ΤΕΙ Θεσ/κης|]], Γραφείο Ηλεκτρονικής Προσβασιμότητας ΑΜΕΑ

Αθλητισμός - Αναψυχή
[[Ελληνική Παραολυμπιακή Επιτροπή|]]
[[ΕΑΟΜ ΑΜΕΑ|]], Εθνική Αθλητική Ομοσπονδία ΑΜΕΑ
[[ΟΣΕΚΚ|]], Ομοσπονδία Σωματείων Ελλήνων Καλαθοσφαιριστών με Καρότσι
[[Η παραλία του ΠΙΚΠΑ στην Βούλα Αττικής]], σε εικόνες και οδηγίες για το πως πάμε (προσεχώς)
[[|]], ιστιοπλοία για όλους και με σκάφη διαμορφωμένα για ΑΜΕΑ

Σύλλογοι - Κινήσεις - Forum
[[παρέμβαση αναπήρων πολιτών|]]
[[Πάνθηρες των Δρόμων|]] Επιτέλους με αυτά τα ΓΑΜΗΜΕΝΑ τα αμάξια που παρκάρουν φαρδιά πλατιόπου γουστάρουν!!!!!!!!!!
[[Άλλη Όψη|]], Training Camp 10 ημερών στην Καβάλα
[[|]], Ειδική Αγωγή :: Ψυχική Υγεία :: Αναπηρία

Τύπος - Δημοσιότητα
[[|]], το γνωστότερο περιοδικό στο χώρο των ΑΜΕΑ
[[Αυτονομία EXPO|]], Must στην ενημέρωση αγοράς
[[Athens News Agency|]], το ANA και θέματα για ΑΜΕΑ
[[|]], άτομα με Αναπηρία και ΜΜΕ

[[Πύλη Πληροφόρησης για AMEA@Δημόκριτος|]]
[[Οδηγίες Σχεδιασμού για την Αυτόνομη Διακίνηση και Διαβίωση ΑΜΕΑ|]] στο Υ.ΠΕ.ΧΩ.Δ.Ε. Όλες οι τεχνικές πληροφορίες για κατασκευή ραμπών, χώρων υγιεινής, πεζοδρόμια κτλ. 
(Δεν) μπορείτε να το διαβάσετε στο παρακάτω link:


Στη αρχική σελίδα του της ιστοσελίδας του πρωθυπουργού.
Οι νέες τεχνολογίες βοηθούν την Ελλάδα να πάει μπροστά.

[[ΕΕ - ΤΣΜΕΔΕ και θέματα μηχανικών|]]
Το πολύ χρήσιμο εργαλείο ssfs μου επιτρέπει, ανάμεσα στα άλλα, να γράφω στο wiki μου από το σπίτι απευθείας, χωρίς upload και άλλα διάφορα άκομψα. Το μόνο που χρειάζεται είναι ένας ssh server στο μηχάνημα που συνδέομαι.

Η σειρά έχει ως εξής:
* Συνδέομαι στην estia και ανοίγω το προσωπικό μου μηχάνημα (vaelastrasz ή vael) χρησιμοποιώντας το [[wakeonlan|Enable and use wake-on-lan on Debian]].
* στο μηχάνημα μου στο σπίτι (αriel): {{{sshfs <~IP-of-vael>:<remote-dir> <local-dir>}}}
* και στον firefox ανοίγω το wiki μου σαν αρχείο (file://...)

Τεχνική σημείωση: Πως το πετυχαίνουμε αυτό, αφού οι routers κόβουν τα broadcast πακέτα by default? [[Directed Broadcast για χρήση με το wakeonlan]]
Του Στεφανου Μανου

Η κυβέρνηση ανακοίνωσε την περασμένη Πέμπτη τη δημιουργία Μητροπολιτικού Πάρκου έκτασης τουλάχιστον 5.000 στρεμμάτων στον χώρο του παλαιού αεροδρομίου. Την ίδια ανακοίνωση είχε κάνει τον Φεβρουάριο 2001 ο κ. Σημίτης και την επανέλαβε τον Απρίλιο 2003. Το εντυπωσιακό στοιχείο στις δηλώσεις Σημίτη ήταν ότι έτσι η Αθήνα θα αποκτήσει το μεγαλύτερο πάρκο της Ευρώπης.

Με δηλώσεις μου τον Φεβρουάριο 2001 και το 2003 προέβαλα έντονες αντιρρήσεις στην επιχειρούμενη παρέμβαση.

Νεόπλουτη ματαιοδοξία

Ελεγα τότε ότι η απόφαση της κυβέρνησης να μετατρέψει 5.000 στρέμματα του αεροδρομίου του Ελληνικού σε μητροπολιτικό πάρκο ήταν μια απίστευτη επίδειξη ματαιοδοξίας νεόπλουτων και τρανή απόδειξη βαθιάς πνευματικής κούρασης.

Αν κάτι χρειάζεται η πρωτεύουσα είναι να δημιουργηθούν 20-25 κήποι των 100 στρεμμάτων (ή και περισσότεροι μικρότεροι) στις διάφορες πυκνοκατοικημένες περιοχές. Τέτοιους κήπους, κοντά στο σπίτι τους, χρειάζονται οι μητέρες με τα παιδιά τους και όχι ένα απροσπέλαστο και άρα άχρηστο γι' αυτές μεγαλεπήβολο πάρκο στα προάστια.

Τα χρήματα για την απόκτηση των εκτάσεων αυτών μπορούν να προέλθουν από ένα μέρος του Ελληνικού.

Αν η κυβέρνηση θέλει οπωσδήποτε να έχει το μεγαλύτερο πάρκο της Ευρώπης δεν έχει παρά να φροντίσει να γίνουν πάρκο οι καμένες υπώρειες του Υμηττού (πριν ανεχθεί την αυθαίρετη δόμησή τους) και η κορυφή του Υμηττού (αφού δημιουργηθούν 2-3 τελεφερίκ) όπου σήμερα υπάρχει ένα πάρκο αυθαίρετων κεραιών (πάρκο του υπουργού Επικρατείας και ΜΜΕ). Δήλωσε ο κ. Σουφλιάς ότι στο πάρκο του αεροδρομίου θα φυτευτούν 36.800 δέντρα και 17.500 θάμνοι (sic). Αν οι αριθμοί είναι σωστοί (αναλογούν 7 δέντρα και 3 θάμνοι σε κάθε στρέμμα πάρκου), το νέο πάρκο θα μοιάζει περισσότερο με τοπίο της Αριζόνα και όχι με σκιερό κήπο. Η καθολική αναδάσωση του Υμηττού που θα απαιτήσει τη φύτευση ενός και πλέον εκατομμυρίου δέντρων θα ήταν ένα απείρως χρησιμότερο για την υγεία και την αναψυχή των Αθηναίων έργο από το κακής έμπνευσης μεγαλεπήβολο και εν πολλοίς άχρηστο πάρκο στο αεροδρόμιο.

Είκοσι Κήποι

Επειδή από τότε που έκανα τις δηλώσεις αυτές, πέρασαν χρόνια χωρίς να γίνει τίποτε, ήλπιζα ότι πρυτάνευσαν ωριμότερες σκέψεις. Προφανώς έκανα λάθος.

Σήμερα, παραθέτω πάλι τα στοιχεία:

B Η έκταση του παλαιού αεροδρομίου είναι 5.200 στρέμματα. Αν το 50% της έκτασης δοθεί σε κοινή χρήση (1.600 στρέμματα για δρόμους και πλατείες και 1.000 στρέμματα για πάρκα και κήπους), τα υπόλοιπα 2.600 στρέμματα ως οικοδομήσιμα οικόπεδα έχουν αξία που με βεβαιότητα υπερβαίνει τα 4,0 δισεκατομμύρια ευρώ.

Για να έχει κανείς ένα μέτρο σύγκρισης, σημειώνω ότι το οικοδομήσιμο τμήμα του Παλαιού Ψυχικού δεν υπερβαίνει τα 2.100 στρέμματα (το σύνολο της έκτασης του Π. Ψυχικού μαζί με τους κοινόχρηστους χώρους είναι 2.776 στρέμματα).

B Το ποσό των 4 δισεκατομμυρίων ευρώ αρκεί για την απαλλοτρίωση 20 εκτάσεων των 100 στρεμμάτων στις πυκνοκατοικημένες περιοχές της πρωτεύουσας και τη διαμόρφωσή τους σε ισάριθμους κήπους. Η Κυψέλη μπορεί να αποκτήσει Κήπο. Το ίδιο και ο Κολωνός, το Περιστέρι, το Αιγάλεω κ.ο.κ.

Οι οικονομικές συνέπειες της παρέμβασης στην αξία της γης είναι τεράστιες. Ας αναλογιστεί κανείς τις αξίες των ακινήτων επί της οδού Ηρώδου Αττικού και ας σκεφτεί ότι θα υπάρχουν 4 τέτοιοι δρόμοι γύρω από κάθε νέο κήπο που θα δημιουργηθεί. Ογδόντα δρόμοι με πρόσωπο σε Εθνικό Κήπο.

Η αξία της γης στο Ελληνικό θα είναι η υψηλότερη σε όλο το Λεκανοπέδιο. Διότι πουθενά στο Λεκανοπέδιο δεν θα προσφέρεται γη για οικοδόμηση με καλύτερες συνθήκες. Παραθαλάσσια, με σύγχρονη πολεοδόμηση, με συντελεστή δόμησης 0,2 το μισό του Σ.Δ. της Εκάλης, με υπόγειες όλες τις κοινωφελείς υπηρεσίες (ηλεκτρικό, τηλέφωνο, γκάζι, κεραίες τηλεόρασης, κ.λπ.), με πρόβλεψη για οργανωμένη στάθμευση, με πάρκα έξω από τις κατοικίες στην πρωτοφανή αναλογία 1 στρέμμα πάρκο για κάθε 2,6 στρέμματα οικόπεδο, που και αυτό θα είναι πράσινο λόγω του εξαιρετικά χαμηλού συντελεστή δόμησης, κ.λπ.

Γενική αναβάθμιση

Η δημιουργία ενός νέου «προνομιούχου» προαστίου και η κατακόρυφη αναβάθμιση είκοσι περιοχών του Λεκανοπεδίου (εκεί όπου θα δημιουργηθούν οι νέοι Κήποι) θα δώσει διέξοδο υψηλής ποιότητας κατοικίας στις ομάδες του πληθυσμού που την αναζητούν.

Οι κοινωνικές αυτές ομάδες σήμερα είναι υποχρεωμένες είτε να πιέζουν προς τα πάνω τις τιμές στις υπάρχουσες «καλές» περιοχές, είτε να πιέζουν τους πολιτικούς τους φίλους για να επιτραπεί η καταστρεπτική τσιμεντοποίηση της περιοχής των Μεσογείων, καθώς και των δασών του Λεκανοπεδίου.

Αυτά είναι τα στοιχεία. Ομολογώ ότι δεν κατανοώ τη στάση των Δημοτικών Αρχών της πρωτεύουσας. Ενώ έχουν την ευκαιρία να αλλάξουν κυριολεκτικώς τη ζωή των κατοίκων προς το πολύ καλύτερο, αδιαφορούν και ανέχονται τον πρωτοφανή αβδηριτισμό της κυβέρνησης.

Τέτοιες ευκαιρίες για την αναμόρφωση μιας ολόκληρης πόλης δεν ξαναπαρουσιάζονται και όλοι έχουμε καθήκον να βλέπουμε και λίγο πιο πέρα από τη μύτη μας.

Στον κ. Καραμανλή θα ήθελα να πω ότι η δημιουργία στην πρωτεύουσα 20 Κήπων, αδάπανα για τους πολίτες της, θα του εξασφάλιζε πολύ ασφαλέστερη θέση στην Ιστορία απ' ό,τι τα αμφιβόλου σημασίας άλλα «επιτεύγματά» του.
Του Στέφανου Μανου

Το άρθρο μου στην κυριακάτικη «Καθημερινή» στις 5 Αυγούστου 2007 για τη δημιουργία πάρκου στο παλαιό αεροδρόμιο του Ελληνικού -«το μεγαλύτερο πάρκο του κόσμου»- προκάλεσε πολύ μεγαλύτερο ενδιαφέρον απ' ό,τι είχε προκληθεί πριν από χρόνια όταν σχολίασα με τον ίδιο τρόπο την πρόθεση του κ. Σημίτη να κατασκευάσει αυτός «το μεγαλύτερο πάρκο του κόσμου» στο Ελληνικό.

Η «Καθημερινή» φιλοξένησε την Τρίτη 14 Αυγούστου 2007 δύο επιστολές αναγνωστών της, της κ. Ρήγα και του κ. Μαυρίκη, με αντίθετες μεταξύ τους αντιδράσεις.

Η κ. Ρήγα θεωρεί την πρότασή μου ανεδαφική και εξηγεί γιατί, και ο κ. Μαυρίκης την επικροτεί. Επιστολές για το ίδιο θέμα δημοσιεύτηκαν και σε άλλες εφημερίδες. Οι περισσότερες ήταν θετικές. Αρκετοί επικοινώνησαν απευθείας μαζί μου.

Η κριτική της κ. Ρήγα είναι ευλογοφανής. Λέει -έχοντας υπόψη της τη συνήθη συμπεριφορά του κράτους- ότι αν γινόταν δεκτή η πρότασή μου, η εξέλιξη της υπόθεσης θα ήταν η εξής: Θα πουλιόταν το Ελληνικό και θα άρχιζαν οι διαδικασίες απαλλοτρίωσης. Θα γκρεμίζονταν μερικά σπίτια εδώ και εκεί, σε μερικά χρόνια το θέμα θα είχε ξεχαστεί και τα χρήματα θα καταβροχθίζονταν στον κρατικό κορβανά. Οι εμπειρίες μας, δικές της και δικές μου, δικαιολογούν απολύτως τον φόβο της. Αλλωστε, όπως σωστά γράφει, δεν είναι καθόλου εύκολο να απαλλοτριώσεις 2.000 στρέμματα κτισμένης αστικής γης διότι θα ξεσηκωθούν οι ιδιοκτήτες εναντίον εκείνου που θα το αποτολμήσει. Αρα, αυτά που λέει ο Μάνος, δεν γίνονται. Πράγματι δεν θα γίνουν, όχι όμως επειδή «δεν γίνονται», αλλά επειδή δεν υπάρχει εκείνος που θα τολμήσει να τα κάνει.

Η κ. Ρήγα δεν πιστεύει ότι μπορούν να κατεδαφιστούν, αφού απαλλοτριωθούν, πολυκατοικίες. Πριν από 29 χρόνια ως υφυπουργός Δημοσίων Εργων κατεδάφισα την εννεαώροφη πολυκατοικία στη γωνία Ριζάρη - Βασ. Κωνσταντίνου. Αργότερα κατεδαφίστηκε η πολυκατοικία στη Βασ. Σοφίας που εμπόδιζε την κατασκευή του υπόγειου γκαράζ του Μεγάρου Μουσικής.

Πάλι, ως υφυπουργός Δημοσίων Εργων το 1978 μείωσα δραστικά τους συντελεστές δόμησης σε όλη την Αττική. Θίγηκαν τότε όλες οι ιδιοκτησίες στον νομό. Εκατοντάδες χιλιάδες ιδιοκτήτες έχασαν το δικαίωμα να κτίσουν 2 έως 3 ορόφους και μάλιστα χωρίς αποζημίωση. Κατηγορήθηκα τότε ότι ανατρέπω το αστικό καθεστώς. Πολλοί με χαρακτήρισαν κομμουνιστή και στις επόμενες εκλογές οι Αθηναίοι με περιποιήθηκαν καταψηφίζοντάς με. Μαύρο δαγκωτό στον Μάνο, αλλά η μείωση των συντελεστών κράτησε και άντεξε στον χρόνο. Επειδή ήταν σωστή και συνέβαλλε σε καλύτερες συνθήκες ζωής στην Αθήνα. Ποιος τολμά να ζητήσει σήμερα αύξηση των συντελεστών δόμησης; Βεβαιώνω την κ. Ρήγα ότι όλοι μου έλεγαν τότε ότι αυτά «δεν γίνονται», επειδή μέχρι τότε κανείς δεν τα είχε κάνει. Οχι μόνο δεν μειώνονταν οι συντελεστές δόμησης, αλλά αυξάνονταν για να ικανοποιηθούν τα αλόγιστα αιτήματα του εκλογικού σώματος.

Για μένα η πολιτική ήταν πάντοτε εργαλείο ελπίδας για καλύτερο μέλλον. Θα πετούσα τη σκούφια μου αν, αντί άλλων αξιωμάτων, είχα τη δυνατότητα να πραγματοποιήσω την πρότασή μου. Διότι η δημιουργία 20 νέων Μεγάλων Κήπων στη τσιμεντοκρατούμενη Αθήνα θα άλλαζε συγκλονιστικά προς το καλύτερο τη ζωή 4.000.000 Αθηναίων. Κανένα άλλο μέτρο ή επέμβαση δεν θα είχε τόσο θετικές επιπτώσεις.

Για μένα το ζητούμενο είναι ένα και μόνο. Πώς μπορεί να διαμορφωθεί και να δομηθεί η επέμβαση ώστε να μην μπορεί να ξεχαστεί σε λίγα χρόνια και να «φαγωθούν τα λεφτά» και ώστε να περιοριστεί η εύλογος αντίδραση του μικρού αριθμού (ως ποσοστό του συνολικού πληθυσμού) των θιγομένων. Για την πραγματοποίηση της επέμβασης και τη δημιουργία των 20 Μεγάλων Κήπων υπάρχουν τα 4 δισ. ευρώ που είναι η οικοπεδική αξία του μισού Ελληνικού.

Το ποσό είναι νομίζω επαρκές για την αναζήτηση μεθόδων και λύσεων που θα ικανοποιήσουν τους θιγόμενους. Οφείλω να πω ότι θεωρώ αδιανόητο να πετάξουμε περιουσία 4 δισ. ευρώ για την πραγματοποίηση του προκλητικά άχρηστου «μεγαλύτερου πάρκου του κόσμου» μόνο και μόνο επειδή κανείς δεν τολμά να σκεφτεί καν πώς θα κάνει μια δύσκολη αλλά σωτήρια για την Αθήνα επέμβαση.

Εχω βαρεθεί να ακούω το επιχείρημα «αυτά δεν γίνονται» ή «εδώ είναι Ελλάδα» ή «αυτά έπρεπε να έχουν γίνει πριν από 50 χρόνια» και άλλα παρόμοια. Πιστεύω ότι όλα γίνονται αρκεί να θέλουμε. Το φθηνό επιχείρημα «εδώ είναι Ελλάδα» αναδεικνύει τη βαθιά ανασφάλεια που διευκολύνει την επικράτηση της μετριότητας και της στασιμότητας. Πολιτική τόλμη και θάρρος απαιτείται για να αναθαρρήσουν οι πολίτες, ν' ανακτήσουν τη χαμένη αυτοπεποίθησή τους και να διεκδικήσουν με την ελπίδα στην καρδιά τους ένα καλύτερο μέλλον.
[[|]] Ubi Dubium, Ibi Libertas

σε ελληνικό στυλ.
Της προάλλες ξεφύλλιζα  το [[Terra Nova blog|]] και έπεσα σε ένα άρθρο με τον εντυπωσιακό τίτλο [[Sleep is cancelled|]].
Πώς?? Τι???

Το EVE Online είναι ένα Massive Multiplayer Online (MMO) Game που εξελίσσεται στο διάστημα. Σε αντίθεση με κάποια theme park ~MMOs, όπως το World of Warcraft, το EVE Online αποτελεί τρανό παράδειγμα της sandbox κατηγορίας, στην  οποία μπορείς να κάνεις ότι θες μέσα σε συγκεκριμένα πλαίσια. Στο άρθρο υπάρχουν links σε κάποια άρθρα που περιγράφουν το παιχνίδι, πιο πολύ προς το κάψιμο φέρνει (πρωην ~WoW addict) και σε ένα από αυτά έχει μια πολύ ενδιαφέρουσα [[ανακοίνωση|]], στην οποία το [[HIIT|]] ανακοίνωσε την συνεργασία του με την [[CCP Games|]], δημιουργό του EVE Online, με σκοπό την μελέτη της εικονικής οικονομίας του παιχνιδιού. Που είναι κυριολεκτικά κολοσσιαία.

Μερικές μέρες αργότερα κατέβηκα στο γραφείο του Γιάννη Κοροβέση και πήρε το μάτι μου ένα βιβλίο με τίτλο @@The Information Society and the Welfare State, The Finnish Model@@, των Manuel Castells και Pekka Himanen, Oxford University Press. Έχοντας πρόσφατη την  ιντερνετική επίσκεψη στο HIIT, τσίμπησα το βιβλίο.


Δι' ολίγης, στο βιβλίο περιγράγεται πως μέσα σε 25 χρόνια η Φινλανδία κατάφερε να πρωτοπορήσει στον χώρο των ψηφιακών τηλεπικοινωνιών και της πληροφορικής και //ταυτόχρονα// να δημιουργήσει και ένα αποδοτικότατο και πλουσιοπάροχο κράτος πρόνοιας για τους Φινλανδους. Οι συγγραφείς περιγράφουν ένα κύκλο στον οποίο το κράτος δρώντας σαν διαιτητής, μεταξύ της βιομηχανίας και της κοινωνίας, σαν καπιταλίστής, τονώνοντας την επιχειρηματικότητα, σαν φιλελεύθερος, αποκεντρώνοντας και αποκρατικοποιώντας κάποια βασικά επιχειρηματικά στοιχεία, και σαν ευρωπαίος σοσιαλδημοκράτης, παρέχοντας //δωρεάν// και υψηλού επιπέδου εκπαίδευση και υγεία, καταφέρνει (το κράτος) με την αρώγη του κοινωνικού συνόλου (υψηλή φορολογία) και όλων των άλλων φορέων να δημιουργήσει μια Φινλανδία που αυτη τη στιγμή είναι "εκει ψηλά, πολυυύ ψηλά".

Μα, και στην Ελλάδα αυτό δεν κάνουμε??

Κατά την γνώμη μου, το ουσιαστικό σημείο του βιβλίου, που αναφέρθηκε πάμπολλες φορές από τους συγγραφείς ήταν το εξής: network, networking. Όχι με την έννοια μιας φυσικής υλοποίησης ενός δικτύου υπολογιστών/μηχανών, αλλά με την έννοια της δικτύωσης και διάχυσης της πληροφορίας και κατά συνέπεια της συνεργασίας των μονάδων/ανθρώπων. Στην τελική, μεγάλο μέρος της πληροφόρησης, ως εκπαίδευση, έρχεται από και μέσω άλλων ατόμων. Όλοι είμαστε δάσκαλοι, εν δράσει και εν δυνάμει και ταυτόχρονα μαθητές. Η στείρα χρήση της τεχνολογίας, computers/νησιά στον ωκεανό της πληροφορικής δεν συνεπάγεται και //networking//, ακόμη και αν τα συνδέσουμε με εκαντοταπλάσια ταχύτητα από την σημερινή. Ένας δρόμος δεν είναι σημαίνει τίποτα χωρίς αυτοκίνητα.
Με αφορμή όλα τα παραπάνω και μια συζήτηση για wikis που είχα με τον Γιάννη άρχισα να χρησιμοποιώ το TiddlyWiki, [[Εν αρχή]]. Γιατί αυτό και όχι κάποιο απά τα δεκάδες wikis? Επειδή αυτό που γράφω τώρα, το tiddler (όπως ονομάζεται) διευκολύνει την διάχυση της πληροφορίας. Σου αρέσει το συγκεκριμένο tiddler? Πάρτο στο δικό σου tiddlywiki. Όχι cut 'n' paste, αλλά ιmport.

Ελπίζω κάποτε να αλλάξω το tag του [[Wikis]] από 2DO σε DONE.
αλλά δικοί μας

<<person avi "avi">>Ο <<avi>>, radio station,
<<person stas "Στας">>O <<stas>> kαι το περίεργο email του, ανοίξτε ένα manual του sed η απλά ρωτήστε τον.
<<person nadik "Ναντίκ">>Η <<nadik>> = 1/2
<<person manolo "Μανώλο">>O <<manolo>> στην παιδική χαρά του
<<person  pantelos "Παντέλος">>Ο <<pantelos>>  ο uber dεveloper
<<person ycor "Γιάννης Κοροβέσης">>Ο <<ycor>> στο δίκτυο του
<<person  bebis "Uberμπέμπης">>Ο Aρκουδίνος, Ο Καβουρέτος, Ο Σκυλάκης, Ο <<bebis>> μας, [[15 μηνών|images/uberbebis-15months.jpg]]
<<person bmoustak "SportBillis">>Ο <<bmoustak>>
Ο [[xil|]]
Ο [[uberksi|]], ο δάσκαλος του ΚΣΥ, κάνει αναβάθμιση σε δάσκαλος του chi.
O [[serg|]]
Ο θεικός [[vlix|]] και οι φωτογραφίες του.

Οι υπόλοιποι ή δεν ξέρουν να κάνουν έναν ιστότοπο ή βαριούνται (οι κόπροι, ξέρετε ποιοί είστε <<smiley :-D>>). Μπορεί να τους δείτε στο [[Facebook|]]
και πολύ μάλιστα (Πεύκη)