"off-left" convention is bad news for RTL

[This post presents a web designers technical problem, in which a hack for improved accessibility damages RTLability]

This weekend I tried to debug an annoying problem in Drupal's Acquia Marina theme on RTL mode, in which a horizontal scroll bar appears with no good reason (layout doesn't scale horizontally).

I turned to monkey HTML debugging, a term I just invented for removing element-by-element until getting to a super simple HTML file which reproduces the bug.

Eventually the one to blame was an element placed at "left: -999em" absolute position,  a far place horizontally, and triggered the scroll bar to appear (on FF and IE, not on Chrome). When on LTR mode, it didn't, and things work perfectly. This setting aims to simply hide the drop-down menu when mouse is not hovering above it.

Q: Why don't they use CSS display:none, which seems to make more sense than hiding things off the screen?

A: looks like it has to do with screen readers (as this article suggests), which are apparently not aware of display:none text but are aware of off-screen text. A little puzzling. I suspect that it's too old info, for it seems to be written on 2003. I wonder if new screen readers have this problems as well, and whether the reason for using off-left is not just an ancient myth.

The problem with RTL

When placing things off-left (e.g. left: -999px) on LTR mode, all browsers do NOT widen the page horizontally. It makes sense - the page goes from left to right, not from left to even-more left.

However, when on RTL mode, left: -999px does widen the page horizontally to the right (and the off-left element is actually visible when scrolling there), which is a very unwanted effects.

Here's a related drupal discussion about the problem and possible solutions.  The problem seems broader than just acquia marina .

Continue reading

KDE: a call for a change (or: why I moved to GNOME)

[Disclaimer: I'm merely a KDE user, hardly involved with the KDE development processes; my criticism is based on what I see as a user, I'll be glad to be corrected in the comments]

Back when I started my way with Linux with the brand new RedHat 6.0 (which as always, preferred GNOME). KDE always went forward: KDE1 was pretty.. basic, KDE2 was a big step, and same goes from KDE3. I've been using KDE 3.5.x for quite a long while (RHEL/CentOS5 and Debian sid until recently). 3.5.x symbolizes, in my opinion, the last "winning' era of KDE:  It had the right features, but more important: it was mature and stable.

KDE 4 introduced important improvements:

  • User interface continued the tradition of being much nicer than its predecessors. Compare for yourselves: KDE 1 2 3 4
  • Very nice OpenGL effects were added with two important advantages over GNOME+ Compiz: the OpenGL features are fully integrated inside KDE, configuration is way easier (Compiz configuration tool is scary), and the attitude is more towards productivity and less toward eye-candiness. For example, instead of the useless wobbling windows and water effects of Compiz, KDE provides the useful feature that displays all open windows and allows search-as-you-type for choosing the right application by its name, by simply putting the mouse pointer  on the top-left corner.
  • Simplified user interface: the developers had the courage to do some rewrites and strip complicated GUIs, even lose some features, and make the new KDE 4 apps more simple. This is mostly notable in konsole and amarok.

But, it also got worse than its predecessors on some areas:

Continue reading

Debian: nfs-kernel-server is broken (Or: portmap to rpcbind transition)

UPDATE: rpcbind-0.2.0-3 was just released, and it solves all the rpcbind issues.

UPDATE2: THE BUG WAS SOLVED! Alexander Wirt patched nfs-kernel-server: by removing the linkage of libtirpc, it now uses the previously method of IPv4 binding, thus not triggering the problem. When/if would rpcbind replace portmap - I don't know.

[ This article describes my analysis to a problem found in Debian Unstable(sid) ]

1. The bug (link)

Since the end of December, a change in nfs-kernel-server package caused a change of behavior in some NFSv3 crucial services: rpc.statd, rpc.mountd. NFS is RPC-based, and as thus, it uses an RPC-to-UDP/TCP address translation service, aka port mapper. These services try to connect to port mapper when they need address translation, and since the recent change they first try to do it over IPv6.

portmap, the current widely-used rpc port mapper service, does not support IPv6. This causes these crucial services to die, and NFSv3 fails to start (actually, with default configuration it even prevents starting an NFSv4 server).

2. So... rpcbind?

Continue reading

y2k10 bug: spamassassin might tag mail as spam

[ This is bug affects only to people using the spamassassin spam filtering software ]

Fabian Arrotin reports about this spamassassin bug, which tags mails dated 2010 and later - as potential spam (increases its spam-score). This is not silly - many spammers use fictional (far past/future) dates, wishing their spam would stay in the top/bottom of the long list of mails.

This bug alone didn't cause false positives in my spam folder (only increased the score from 0.0 to 0.6), but in some configurations or situations it could happen.

The Fix

Continue reading

udev debugging toolbox

Ever wondered why a certain rule doesn't get run? Ever got confused (or disgusted) by udev rules format?

Well, despite all the udev clutter, there are many useful tools in the udev package, which help to understand udev's behavior and decision making. I'm still far from knowing all the tricks, but here are some things that I've learned recently:

Note: the udev tools got changed several times during the last 5 years. I'll cover here the latest version (149), and the older, RHEL/CENTOS5 version.

1. udevadm info: get all info available to udev about a certain device (or all devices):

# udevadm info -e (RHEL5: udevinfo -e)

Try it.. amazing, eh? You can use each detail to write udev rules to match these devices.

Continue reading

Sudo make me a sandwich


Q: How come "which ifconfig" (runing as a user) finds nothing, yet "sudo ifconfig" does work?

A: sudo has a compile-time parameter called with-secure-path, which sets a different PATH for the sudo environment. Debuntu secure path contains /sbin:/usr/sbin, and that's how it works. This feature gets two goals: convenience (no full path required for common root cmds) and security (ignoring potentially bad user PATH).

NOTE that RHEL doesn't use this option, and running "sudo ifconfig" there simply fails.

Q: How come sudo requests a password only on the first run?

A: Sudo has a nice mechanism for creating these "sudo session" things. After authentication, sudo creates a 'timestamp dir' (in /var/run/sudo on my Debian), then uses its date to check when the last successful authentication took place.

  • Session timeout is configurable, defaults to 15mins.
  • sudo -k kills this session by simply removing the timestamp dir.

All info is found in the sudo(8) and sudoers(5) manpages


Just a quick insight from my workplace: to my surprise, a setuid binary deliberately ignores many environment variables such as LD_LIBRARY_PATH and LD_PRELOAD.

Security Shmecurity..

Browser Wars: we win!

Due to Windows 7 release, many people indirectly upgrade from IE6 -> IE8 these days. You can see this here and here.

With IE7, IE8, FF, Chrome, Safari & Opera - the web would look much better. PPK's forecast -  that adding IE6 support would cost more money to the business - is becoming real.

This basically means that web is getting more standard than it used to, and "sites the work only in IE" should become rare even in the short term. Amen.

(Also, these days IE8 is starting to overcome IE7)

hostupd v0.92 is out: [DNS-updating helper tool]

Hostupd is a very simple perl script, which makes use of the Net::DNS module, to assist in updating DNS records dynamically.

Here's a sample hostupd command which adds both A and PTR records:

hostupd add myhost myip

on complex environments, it might not autodetect the zone and server ip:

hostupd add -s mynameserver -z myzone myhost myip

The the last commit took place on 2002 (when I was a perl newbie, it shows..). Today, 7 years later (wahhh!), I've found and fixed an annoying bug by a adding a single line.

RIP sysvinit, welcome upstart

After Ubuntu and Fedora, Debian also migrates to upstart.

To summarize the article in the previous link, the main reason for the change is that the kernel is now no more blocking on some hardware scans, and this might make some init scripts (e.g. fsck, network) start before the device is initialized. We now need an event-based init system, so the kernel could "tell" it when the device is ready. This is something that upstart is capable of.

Now I wonder if RHEL6 would inherit upstart from Fedora, this will mean a complete victory for upstart.

Avahi and other (relatively) new desktop technologies

Every time when I try to sit and study, I find something better to do. This time it was playing with Avahi and some avahi clients such as pidgin, amarok, pulseaudio.

What is Avahi?

A free zeroconf implementation which is very common on Linux distros, just as Bonjour is Apple's zeroconf implementation. AKA multicast DNS (mDNS), and is probably similar to the Microsoft-backed UPnP.
Long story short: it allows discovering and resolving the available services on the LAN (if they're zeroconf-aware, of course)

How do I use Avahi?

  • Discovering: If the avahi daemon is installed and running, the magical command avahi-browse -a (might require the avahi-utils package) would query and display all the available services.
  • Resolving: the following weird hosts line in /etc/nsswitch.conf enables resolving through avahi (usually with the .local suffix, i.e. ping mymachine.local):

    hosts:          files dns mdns4_minimal [NOTFOUND=return]

Software using Avahi out of the box:

  • Pidgin: simply add a new Bonjour account, and you'll be able to instantly talk to your LAN-neighbors.
  • CUPS or other printer config frontends: find zeroconf-supporting printers on the LAN.
  • Amarok v2: automagically finds all DAAP-shares on the LAN (iTunes, for example). The bad news is: iTunes v7 and newer weren't yet reverse-engineered, so amarok cannot login to the most popular DAAP servers. Apple, why won't you give us a hand?
  • Pulseaudio: using the paprefs program, you can choose to share your sound devices and become zeroconf-discoverable. This means that people running the padevchooser program can find your sound card and redirect audio to/from yours.
    • It seems to require a wide bandwidth (couldn't find an option to lower the sound quality)
    • I've experienced some bugs which required restarting pulseaudio and other voodoo, in order to make things work.