scientia potentia est

Writing my earlier post about the textarea issue I initially ended up with a funny looking post. It was due to the examples of HTML code included in the post not being parsed properly. Apparently I had been writing my post in HMTL mode instead of Visual mode and all the HTML code was parsed as “real” code.

The code was wrapped in <code> tags, instead of the usual <pre> tags which keeps the code looking as expected.

If you are neither certain of the exact uses of each of these two tags I suggest you read this documentation page for a quick overview of the differences along with other usage hints.

This one I struggled to find the right formula to get it working. The solution was so simple and basic that I wonder why I did not just try it before all the complicated approaches.

I basically needed to have line breaks occurring in the default value of a textarea field inside a HTML form. That is between the <textarea>…</textarea> tags.

My first approach was to simply add \n where I wanted a line break. I also tried all possible combinations of \r, \n, CR, LF, separate, together, quoted, escaped… you name it. Nothing worked.

Googling around proved no good. Most people kept referring to the nl2br function in PHP, but this is not what I was trying to achieve. Besides this is all client code, pure HTML, no server side processing involved.

I ended up at the W3 HTML specification and saw the light! A simple example copied from their site included the solution to all my struggles:

<FORM action="http://somesite.com/prog/text-read" method="post">
   <P>
   <TEXTAREA name="thetext" rows="20" cols="80">
   First line of initial text.
   Second line of initial text.
   </TEXTAREA>
   <INPUT type="submit" value="Send"><INPUT type="reset">
   </P>
</FORM>

Notice how they simply added a line break in the actual HTML source. This is so simple that you may even not notice the subtle difference. Let me show you how I had my initial code:

<form>
<p>Some random paragraph</p>
<textarea>First line \n Second line</textarea>
<p>Some more randomness</p>
</form>

As normally white space in HTML is simply ignored I did not give a thought about the fact that a line break can be created in the default textarea value by simply…, yes, adding a line break when writing the source code.

For some reason I can not recall I went into my Trash bin on Fedora. There was unsurprisingly a lot of trash!

I decided to empty the Trash bin but it only succeeded partially. I had a DVD directory that did not want to be deleted. Looking closer at the message it was a permissions error. Not sure how though, since if I did not have permissions to delete the directory from the Trash bin, how on Earth could I have moved it into the Trash bin to start with…!

Looking around my home directory in the terminal I could not locate the exact spot to manually remove the directory. As always Google came to assistance and brought up a nice forum topic about how to empty the Trash bin in Fedora from the terminal.

The simplest way would be to run the following command as root:

rm -rf  ~/.local/share/Trash/files/*

I was just browsing for a new domain name to my latest SMS project at ProntoNames.com when I saw the old 2CheckOut banner. Several years ago I actually registered with them when online payment providers were a scarce sight and Paypal was the only other real alternative for the poor. I registered with 2CheckOut and paid their $49 fee, as then customers were reluctant to be forced to sign up for a Paypal account just to do a single purchase at my website. This would no longer be a requirement though as Paypal now offers payments with no previous account registration. Today you actually do not even need a Paypal account at all to pay with as you simply type in your card details and that is it.

When I tried to sign in at 2CheckOut today my account was obviously closed as I had not used it for years. It did not matter much, as browsing a bit through their site reminded me of how terrible their offerings really were and still are. I recall my first sales via 2CheckOut were from one of my good customers and all his payments were simply returned on every single attempt… but only after the payment had previously been marked as successful. This meant that he actually got the purchased products but I never received the funds from 2CheckOut since they were later returned to my customer’s card…!

I am glad that I knew the customer and the payment was later sorted out via a different source as else I would have incurred a loss thanks to 2CheckOut. What a useless way of handling sales security.

What I also remember was the huge amount of prohibited and restricted products and services that 2CheckOut had then. Today that list has just got even longer. One can hardly sell anything with them anymore…

I am glad that Paypal is well alive and improving their offerings over time. Bye for good 2CheckOut!

Since I am analysing different SMS related questions because of a new project I am involved in, I thought the following page at Nokia was useful. It is a very simplistic overview on how to read and send SMS with your mobile phone hooked up to your machine.

As said it only covers the most basic AT commands (Hayes) but should be enough to get you started if you desire.

While looking for a free and decent weather service API to display localised weather forecasts on tudomo’s property details pages, I came across another blog describing how to get the current weather by using the iGoogle weather gadget API.

The examples provided were mainly to locate the weather in a certain known city. My situation was a bit different as I never know beforehand where the properties for sale on tudomo are located in the world. So what I needed was a weather service based on latitude and longitude solely. Then it would not matter where in the world a property was located as I would get the closest possible matching weather measurement.

To accomplish this you need to change the original query to the following. Please note all the commas are needed to make it work.:

http://www.google.com/ig/api?weather=,,,36575560,-04670219

Which will output some XML as the following:

<xml_api_reply version="1">
−
<weather module_id="0" tab_id="0" mobile_row="0" mobile_zipped="1" row="0" section="0">
−
<forecast_information>
<city data=""/>
<postal_code data=""/>
<latitude_e6 data="36575560"/>
<longitude_e6 data="-4670219"/>
<forecast_date data="2009-05-11"/>
<current_date_time data="2009-05-11 17:09:51 +0000"/>
<unit_system data="US"/>
</forecast_information>
−
<current_conditions>
<condition data="Partly Cloudy"/>
<temp_f data="71"/>
<temp_c data="21"/>
<humidity data="Humidity: 62%"/>
<icon data="/ig/images/weather/partly_cloudy.png"/>
<wind_condition data="Wind: SW at 13 mph"/>
</current_conditions>
−
<forecast_conditions>
<day_of_week data="Mon"/>
<low data="53"/>
<high data="75"/>
<icon data="/ig/images/weather/sunny.png"/>
<condition data="Clear"/>
</forecast_conditions>
−
<forecast_conditions>
<day_of_week data="Tue"/>
<low data="53"/>
<high data="75"/>
<icon data="/ig/images/weather/sunny.png"/>
<condition data="Clear"/>
</forecast_conditions>
−
<forecast_conditions>
<day_of_week data="Wed"/>
<low data="53"/>
<high data="75"/>
<icon data="/ig/images/weather/sunny.png"/>
<condition data="Clear"/>
</forecast_conditions>
−
<forecast_conditions>
<day_of_week data="Thu"/>
<low data="46"/>
<high data="71"/>
<icon data="/ig/images/weather/mostly_sunny.png"/>
<condition data="Mostly Sunny"/>
</forecast_conditions>
</weather>
</xml_api_reply>

Now it is up to you to simply parse the XML and process it as you wish. Please note that this is untested as I did not end up using the iGoogle API but instead Wunderground’s as I felt it was more dedicated for the purpose. The same example call with Wunderground’s weather API would be:

http://api.wunderground.com/auto/wui/geo/WXCurrentObXML/index.xml?query=36.575560,-4.670219

Note there is a slight difference on how the latitude and longitude values are included in the GET request between the two APIs.

I have used the API of hostip.info for long time to resolve IP addresses to country codes or country names. The web service has been hit by some severe downtime lately returning “500 - Internal Server Error” for any calls including both API and website page requests. As of now hostip.info has been down and unreachable for several days in a row, with no signs of coming up in the near future. Perhaps the maintainer is on holiday or something…

I manage several applications depending on this web service so I started searching for an alternative solution to lookup IP addresses. I did not find anything suitable so I decided to launch my own free IP to country lookup API instead.

This new web service can be found at ip2.cc (IP to Country Code) for everyone to use.

Sometimes data needs moving from server to server without FXP support. For this task there is nothing simpler than good old FTP.

What about if you have a large number of subdirectories? As the plain FTP client can not fetch the files recursively shell scripting is usually the solution. But in cases where you do not really know neither the depth of the recursion or the naming convention of the file system structure, an alternative method is needed.

This method is named NcFTP Client. I got to know about it today as I quickly needed to copy several gigabytes of data spread over several subdirectories and NcFTP did its job flawlessly. I did not even have to install it as Fedora 10 already came with it by default.

Today using the version of Pidgin that came with Fedora 10 I received the following certificate prompt:

Accept certificate for ows.messenger.msn.com?
The root certificate this one claims to be issued by is unknown to Pidgin.

The majority of cases of unknown certificate issuers are due to the chain of trust breaking down. This break down in the certificate chain is mainly caused by the software in question not including the intermediate certificate authorities certificates. Without these intermediate certificates the software can not verify through the certificate hierarchy up till the root certificate and therefore prompts the user about what to do.

The options I received in the Pidgin prompt were:

View certificate
Accept
Reject

Upon selecting “View certificate” I am presented with the following details:

Common name: ows.messenger.msn.com
Fingerprint (SHA1): a9:9c:2d:ee:4a:d1:c8:7d:a7:c5:c3:05:32:98:5f:ee:57:87:73:8a
Activation date: Tue Jan 29 14:37:21 2008
Expiration date: Wed Jan 28 14:37:21 2009

So far everything looks as it is a bona fide certificate but to verify the identity completely I load the page https://ows.messenger.msn.com/ in Firefox. As expected no certificate warnings were received and I opened the certificate viewer to see its details and confirmed the data matches up with the data received in Pidgin:

Certificate Viewer

I can safely trust this certificate as Firefox has verified through the certificate chain that all intermediate certificates are valid too:

Certificate Chain

This certificate is simply used by Microsoft for the Live Messenger offline messaging service. Although you normally would trust verified certificates it did happen in the past that certificates were incorrectly issued to the wrong people. So always be cautious!

If by chance you have installed the Webmin module Virtualmin at some point you may have come across the following error message when setting up the module:

Failed to save enabled features: The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin base directory is /home. CGI and PHP scripts run as domain owners will not be executed.

This error message is caused by using a version of suEXEC compiled by default to use /var/www as the document root of Apache. The suEXEC feature allows to execute scripts as the user owning the virtual host instead of the global apache user increasing security. The solution has either been to recompile suEXEC with the new desired path (/home in this case) or simply disable (Server Templates > Apache Website > Automatically add appropriate SuExec directive?) suEXEC completely inside the Virtualmin module configuration.

A much simpler approach I used was to create a link between the two directories. I used mount to bind the two directories together and act as one. Voila, Virtualmin now continued the module setup without a remark!

To achieve this I ran the following command as root:

mount --bind /var/www /home

That is it really. Now the directories act as one for the suEXEC wrapper too.

Please note this will usually only last till next reboot. To mount permanently include the following line into your /etc/fstab:

/var/www /home none bind

The following is the extract from the mount man page:

Since Linux 2.4.0 it is possible to remount part of the file hierarchy somewhere else. The call is
mount --bind olddir newdir
or fstab entry is:
/olddir  /newdir  none  bind
After this call the same contents is accessible in two places.  One can also remount a single file (on a single file).

One note is that if you already had local users set up inside the /home directory you will mount on top of it, making the existing users data unavailable (not deleted). Simply unmount again and the users data will be back again. To get around this change the default path Virtualmin uses to create new virtual hosts home directories to something else e.g. /virtualmin. This can be done in the Users & Groups module.

Sometimes I had the climate system blower in my BMW X5 slow down so it could barely be heard, even when increasing the fan manually to a higher setting. After some minutes it usually started behaving normally again. Yesterday though it simply stayed on minimum no matter which buttons were activated.

After a bit of reading I determined that the final stage resistor (aka final stage unit or blower motor resistor) was probably the culprit. This morning I went to the BMW dealer and bought the original unit for €90 and replaced it myself in about 15 minutes without any issues. The most time consuming part was actually to get to the dealer and back in rush hour traffic.

The BMW part number is 64116923204 (PN 64 11 6 923 204) and is a newer, slightly different formed, and hopefully improved version of the existing unit. You can also buy the same unit cheaper at Ebay but from a different manufacturer. Simply search for the part number in the auction description.

There are some excellent guides full of pictures to follow which you should have a look at:

• http://www.bimmerfest.com/forums/showpost.php?p=1683478&postcount=1
• http://www.x5world.com/articles/x5/electronics-x5/9471-final-stage-resistor-replacement-bmw-x5.html
• http://www.540i6.com/finalstagereplacement.html

This unit is unfortunately very often the source of other issues, the most annoying one would be draining the battery so you can not start the car. Definitely a recommended DIY job before proceeding to more expensive repairs.

I am always very cautious running executables, especially under Windows. Sometimes the antivirus software installed may report supposedly false positives leaving one in a limbo as what to do next, keep installing at risk or avoid the software supposedly reputable and safe.

The best thing is really to get a second opinion but installing a second antivirus software is time consuming and not feasible. The solution is to use an online malware scanner which uses different engines from several software providers that can shed some light on whether the file in question is really malware or simply a false positive from your installed antivirus software.

Two online scanners I use regularly are Virustotal and Jotti’s malware scan, both using several engines to compare against each other. I must admit Virustotal is more sleek and has multi language support, plus it provides extra information about the scanned files.

In the past I used DNSstuff heavily, but since it went commercial I have tried to find useful free alternatives.

I gathered this brief set of links and saved is a draft long ago, which I now have remembered to publish:

• http://network-tools.com/
• http://dnsutils.com/
• http://www.robtex.com/
• http://clez.net/
• http://serversniff.net/
• http://w3dt.net/
• http://www.intodns.com/

During a recent process of restoring a site from a Virtualmin backup archive I encountered this discouraging error message during the upload:

Restore failed : The specified source does not contain any domains, or is not a Virtualmin backup

No need to say that the archive indeed contained several domains plus it was created by Virtualmin itself in the past…

A quick search provided me with a hint that the upload and restore process may not work as desired, but instead first upload and thereafter restore the backup archive from the local server may give much better results.

So simple that I should have tried it the first.

If you ever need to know what the option codes on your BMW represent you could use this German page (English translation) containing an extensive list of them.

There is also another list already in English which unfortunately is a bit old but probably still valid for many of the existing BMW Option Codes in use today.

On one of my boxes I came across this weird behaviour when pasting code into Vim at the terminal. All indentation was broken in a stepped way. Every line indented more and more creating a real mess to work with. This only happened when actually pasting content into the terminal. Typing worked as normal.

I initially thought that it had something to do with Putty’s way of interacting with this specific box e.g. some configuration that was missing. Issues exist with carriage return (CR) and line feed (LF) handling across platforms. Nevertheless this was a dead end.

Digging around Vim’s extensive wiki provided some clues as to what was going on. Having ‘autoindent‘ or ‘smartindent‘ on creates havoc when pasting into Vim and therefore should be disabled. The problem is that these are nice features to have on when simply typing.

Vim has an alternative mode called ‘paste‘ that does not modify the pasted input in any way and therefore code looks just as in the original source. To enable ‘paste‘ mode during insert simply type ‘:set paste‘ and you are ready to paste. When finished pasting you probably want to leave ‘paste‘ mode by typing ‘:set nopaste‘.

As I am too lazy to type this every time I need to paste something I have now added the ‘pastetoggle‘ key into my profile’s .vimrc file as follows: ‘set pastetoggle=<F12>‘

From now on simply hit F12 on the keyboard and you will be in ‘paste‘ mode. Press F12 again to leave it.

Wget has many usages as you probably are aware of. One of them being an easy method of mirroring parts of or even entire sites.

Lately I am working on a project which required an exact copy including all dependent media files to be mirrored from another site. Working server side it is much easier to simply retrieve the files via Wget directly to the server instead of downloading them to the local machine and from there upload them to the server in question. Wget simply saves me from doing all this extra work.

The Man page of Wget is extensive and includes all kind of options to quickly get around the most quirky tasks.

Specifically with this task I experienced trouble. I did not get all files requested and different combinations of options and parameters did not accomplish what I was after. Several failed attempts made me even consider copying the files over one by one manually…!

As the pages in question were served as HTTPS I started suspecting Wget having issues with secure connections. After enabling the debug switch (’-d‘) as suggested I realised that Wget was actually encountering a robots.txt file that excluded all the directories and files I was trying to retrieve. Wget follows the Robot Exclusion Standard but it can easily be circumvented by using the ‘-e‘ switch:

wget -e robots=off url

If you wish to turn off the robot exclusion permanently, set the robots variable to ‘off‘ in your profile’s ‘.wgetrc‘ file.

Once more SELinux has been playing up with the normal operations of a box. During the installation and set up of an Apache instance and a few virtual hosts I simply could not get around the dreaded error message:

Starting httpd: Warning: DocumentRoot [/home/www/myhost] does not exist

No matter which permissions and owners were given to the directories or files related the error still came up hindering the Apache httpd service to start. Obviously the path was correct, copied and pasted, to exclude any spelling issues.

After experiencing similar conundrums in the past I had a slight suspicion regarding SELinux, which comes enabled by default on Fedora, may have been blocking access to the directory somehow.

A bit of searching did confirm that SELinux indeed also intervened at this level blocking Apache’s normal operations. I fully understand and agree with the goal of SELinux, but it is simply too big a compromise between security and usability. As Theodore Tso pretty much summarises it:

SELINUX is so horrible to use, that after wasting a large amount of time enabling it and then watching all of my applications die a horrible death since they didn’t have the appropriate hand-crafted security policy, caused me to swear off of it. For me, given my threat model and how much my time is worth, life is too short for SELinux.

SELinux stays disabled again…

I have been using Gmail accounts inside Thunderbird for some time and every now and then I received those annonying error messages stating that the username or password was invalid. This was somehow a conundrum as the passwords were saved within the Thunderbird profile and had not changed.

Looking up the issue today I came across both the problem, the trigger, and the solution. I realised that Gmail does not let you check for mailbox changes more often than every 10 minutes. Thunderbird was set to check for new mail every 6 minutes which seems to have triggered the account to be locked out. First when the Captcha had been passed the email account was again available via IMAP.

Trying to move some automatic backups from one location to another became a bit of a struggle recently. The backups are created automatically and uploaded to a file server at a scheduled pattern. From this file server I had to use some of the backups and tried to download them to my local machine. This is where the problem started.

I am long time user of the excellent FTP client named FileZilla and very seldom experience any issues with it. But this time during the download process I kept receiving this weird error message:

Error:    Could not open the local file path/filename

Error:    Download failed

I initially thought about some permission problems like no read access until I swiftly realised it was actually on the local side the issue was and not on the server. This just made no sense as obviously why would it want to open the file when it actually had to create the file instead. I tried to download the backups to different locations on the hard disks, even external ones as well, to see if oddly enough they had magically become write protected. This was not successful and I started to think of the directory structure as downloading the individual file worked just fine.

So to summarise:

1. Downloading the directory containing the backups did not work.
2. Downloading each individual file inside the directory worked as expected.

Very strange indeed…

I actually did not break it until the following morning when I woke up with the solution. I am not sure what happened as I would not dream about such a pity issue but I just woke up and Eureka!

In hindsight it was really obvious what the problem was but at the point it just did not come to my mind.

Linux and Windows have some dramatic differences and one of them is the fact that file and directory names under Windows are limited to certain characters while Linux pretty much takes it all. I was trying to download directories to a Windows XP PC with a colon (:) in the name, such as /backup_2009_07_04_05:07. This is incompatible with Windows and therefore FileZilla was not permitted to create such directories anywhere on the hard disks.

Never use the following characters in file or directory names if you expect Windows compatibility:

/ \ : * ? " < > |

I received a question today on how to sort a list of strings which was actually rather simple to accomplish.

The following list is the original sorting:

• caca
• cocacola
• ca
• cacacacacola
• c
• cacacacacacacaac
• cacaa

The requested list after sorting should look like this:

• c
• ca
• caca
• cacaa
• cocacola
• cacacacacola
• cacacacacacacaac

What I first did was to create a separate column to contain the length of each cell. There is a function in Excel which easily calculates the length of a string: LEN(). Now I had two columns, the first unsorted string column and the second length (of the first column string) column. As you probably have realised by now it was a simple matter of sorting the second column instead of the first for the strings to sort by length.

If interested in seeing it I have attached the test sheet for you to play around with:

Length String Sorting

After booting up Windows XP I encountered an automatic update notification. During the progress I noticed an update named something like “…kill-bit ActiveX…” which I could not identify what was for and therefore looked it up.

The Kill-Bit appears to be something as simple as a registry entry to disable vulnerable ActiveX controls or COM objects so they can no longer be loaded in Internet Explorer or other applications based on the MSHTML rendering engine.

I have been using Virtualmin for several years which is one of the greatest modules for Webmin allowing simple set-up and management of virtual hosts. Inside the “Scheduled Backup” feature I came across the “Do strftime-style time substitutions on file or directory name” check box but never actually properly made use of it:

I came across a project which required very frequent backups and to distinguish each backup from another I decided to give it a shot. The strftime function uses standard POSIX conversion specifications which very easily lets you build powerful combinations of date and time.

As an example you can use the following string:

/backup_%Y_%m_%d_%H.%M

which would leave a directory with the following name:

/backup_2009_07_04_05.07

Now each backup will be created with a different name instead of simply overwriting the previous one.

After upgrading to the latest version of the free anti virus application from AVG I encountered constant crashes of Firefox. It seems that AVG 8 includes a utility called LinkScanner which marks whether a website is supposedly a threat or safe upon using a search engine:

I am not the biggest fan of these utilities as many false positives arise plus the user ends up losing his own
criteria and relies solely on the utility’s advice instead of thinking and evaluating each site by himself. Nevertheless it may be suitable for complete beginners as a helping hand.

Firefox did start to behave erratically after the AVG upgrade from version 7.5 to 8 so there was no real doubt about why it was happening, so I immediately disabled the LinkScanner component within the AVG user interface. This seemed to be the only part that could affect the browsers somehow:

Firefox stopped crashing and all was fine again. There was just a little thing that kept nagging me. The little red exclamation mark by the clock in the traybar kept displaying now. It was not possible to know whether there was an update waiting or any other issue as the exclamation sign was on constantly. I ended up turning LinkScanner on again just to remove the exclamation.

Back to Firefox crashing…!

Until today when I again got so tired of the continuous crashes that I finally searched for the problem and located a very simple solution to it.

Simply leave the LinkScanner component running so you do not get the annoying exclamation mark. Now launch Firefox and go to Tools > Add-ons and disable the AVG add-on. This would disable the AVG 8 LinkScanner component without interfering with anything else on your PC.

I wondered why sometimes the Home and End keys work as expected during a SSH session via PuTTY and some other times it just writes tildes (~) instead. When writing long commands it is a real annoyance having to press down the left arrow to get back to the beginning of the command.

A simple solution which worked for me was to change the Terminal-type String under the Connection > Data tab from the default “xterm” to simply “linux”:

Now you should be able to use your Home and End keys to easily move the cursor back and forth during a SSH session using PuTTY.

When writing something I usually have a hard time categorising the content as very seldom it will fit into one single category. The solution to this may simply be adding it to more categories instead but then the category hierarchy actually breaks. Instead I definitely prefer to assign tags to content which is much more specific and does not limit you in any way, as there is really no predefined containers but instead any word in the vocabulary can be used to tag your content. During my research determining if Wordpress actually had improved the categorisation system I came across an interesting piece of writing about ontology on the web which I recommend you to read through in its full length.

The latest version of Wordpress does seem to handle tags fine although there is some misconception between the tag and category idea. It is somehow mingled together to actually overlap each other although still not the same. I guess the Wordpress developers are worried about legacy installations and possible issues during an upgrade path, so they keep things backwards compatible somehow.

As you can see on this site I make no use of the categories whatsoever. I am forced by Wordpress to assign any content to at least one category which I left as the default “Uncategorized”. The name is really irrelevant as I make no use of categories in the display. You may notice the tags assigned to each post just below the title where before the category was displayed.

To make this little change depending on your theme you may have to edit a couple of files. In my own case I edited three files:

1. page.php
2. index.php
3. single.php

The change required is the same in all three files, namely replace the following snippet:

<?php the_category(',') ?>

with this one:

<?php /*the_category(',')*/ the_tags( ' ', ', ', ''); ?>

That is all. Now you will have a nice list of tags instead of the irrational categories list which does not really suit written content.

I had to add the Google Analytics code snippet to this site and had some issues with it validating as XHTML 1.1 and MIME type application/xhtml+xml which were solved at the end.

The snippet is divided into two pieces of <script> tags and the first part is simply a feature to avoid getting warning messages from your browser if your page was server over SSL (https://). If your site serves pages in both HTTP and HTTPS then you can achieve the same through e.g. a server side scripting language such as PHP.

The snippet needs to be changed to the following on HTTP pages:

<script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>

and of course on HTTPS pages use this piece:

<script src="https://www.google-analytics.com/ga.js" type="text/javascript"></script>

Now the second part of the code needs to be put between CDATA tags to properly isolate it. The code will now look like this except you need to introduce your own Google Analytics ID:

<script type="text/javascript">
//<![CDATA[
var pageTracker = _gat._getTracker("UA-1234567-8");
pageTracker._initData();
pageTracker._trackPageview();
//]]>
</script>

Now you can safely run the W3 Validator without any errors caused by Google Analytics.

I have wanted to set up password less access to my SSH servers for several years, but due to laziness mainly have never got around to actually completing the process. Just now I accessed one of my hosting accounts without any password and it actually felt quite good. It is one of these things that you think to yourself “Why didn’t I just do it before!”.

I encountered some issues even though the process is a piece of cake and takes less than five minutes to do. When searching for solutions I tend to encounter issues with out-of-date information that no longer applies to the latest versions of software normally used. It can become annoying sometimes as you may be wasting time down the wrong path.

I will try to write it up as simple as possible for anyone who might like to give this a go. The easiest way to get started would be to simply install the entire Putty Windows installer. Currently at version 0.60 but ensure you grab the latest version available when starting.

Once installed go to Start > Putty > PuttyGen and the key generator will open:

Click on “Generate” and you will see a progress bar appear:

Now you need to create some randomness by hovering your mouse pointer on top of the progress bar so it slowly moves towards the end. When done you will see your public key:

Now simply enter a key passphrase you can remember which is longer than a normal password. This needs to be used to decrypt the key when used. I will later explain how you avoid having to input this long passphrase on every login, elsewise it would defeat the purpose of not wanting to repeatedly input the password. Please note the passphrase can NOT be recovered, although you may always generate a new set of private/public keys if you happen to forget it.

Once you have entered the passphrase twice hit “Save private key” and save the file with any name in a safe location and leave PuttyGen running as we will use it again in a bit. This leads to the next step which is to launch Putty as you normally do from Start > PuTTY > PuTTY. Go to the Connection > Data tab and input the username of the SSH account:

Now move down to Connection > SSH > Auth tab and only check “Attempt authentication using Pageant”. Click on the “Browse” button and locate the private key that you created before with PuttyGen:

Now you are ready to save this to your profile. Return to the first tab Session and enter your hostname and a session name to save these profile changes. Click “Save” and the “Open”:

On connecting you may receive an error about invalid keys or similar, just login as usual with your password only. Your username should have been automatically passed to the server by Putty as per your change in Putty’s configuration earlier on.

Run the following commands:

mkdir ~/.ssh

vi ~/.ssh/authorized_keys

Now Vi will open which is a text editor and we should see an empty file where we can paste in the public key you generated before. Return to your open PuttyGen and click the public key section, select ALL text and copy. This step is where I personally went wrong and only copied the bit that is highlighted initially upon the first click within the section. You have to make sure you select ALL the text:

Now you need to return to your open session in Putty and paste the public key into Vi. First hit the letter “i” to insert and then right-click on the screen to paste the content. If it pasted correctly hit the “Esc” button on your keyboard followed by:

:wq

This should save your public key at the server and close Vi. Now check for the correct permissions by running:

chmod 700 ~/.ssh

chmod 600 ~/.ssh/authorized_keys

exit

Putty should now close and Pageant should be launched by going to Start > PuTTY > Pageant. This is a very simple utility that will store your key’s passphrase in memory until you close it again. This is needed to avoid having to type your long passphrase upon every login, the alternative being creating a key without any passphrase which is highly insecure as anyone can login to your server if they get hold of your private key.

Simply click “Add Key” and locate your private key stored earlier. Enter your passphrase when asked and close it so it stays minimised in the traybar:

Now you should be able to launch PuTTy again and simply double click on your saved session profile to access your SSH server without any further user input.