Subversion and my course notes/hanouts

Posted on 2011/01/26 by pauljohn

I've started an SVN archive where I'm going to be putting my source code for handouts and lectures, so if you want the
LyX or R files for that stuff, you can have it. But you need to sign up for a CRMDA computing account (free) and then
read my writeup on how to use an SVN version control system.

All the information on signing up and accessing these systems is on the CRMDA computing focal point:

https://pj.freefaculty.org/cgi-bin/mw

and the SVN manual I wrote is here:

https://pj.freefaculty.org/cgi-bin/mw/index.php?title=Software:VersionControlWithSVN

Read down to point 8, "I'm Shooting with Real Bullets Now", and you see I've created my repository under

/crmda/users/pauljohn/SVN-repo

If you create an account, you should have read access to those files. I'm just starting now, but the beauty of SVN is
you can easily get the updated copy or scan for changes.

I try to remember to print out pdf versions and drop them back into the stat website. For example, my handouts on
logistic regression were pretty good, but not totally awesome. Last week I turned up the dial to 9 for a couple of days
and made a couple of things that I expect will really help. In particular, if you are considering using ordinal logistic
regression, you will benefit from a review of the documents. The meaning of the elusive terms "intercept" and
"threshold" is laid bare; the puzzle that different programs report different numbers is solved. In the web page, they
are now under stat at

https://pj.freefaculty.org/stat/LogisticRegression/Logit1-1_2011.pdf

https://pj.freefaculty.org/stat/LogisticRegression/Ordinal-1.pdf

But in the SVN-repo, you find those as LyX (?LaTeX?) documents and fig files, which you could open, edit, print, etc.
Assuming your computer is adequate, that is. These particular documents are Sweaved and will require the xfig program,
so they won't compile on just any old PC. But many of the ones I will upload soon will be plain vanilla LyX files that
you can open, edit, compile, and print however you want.

Posted in Uncategorized | Tagged , , | Comments Off on Subversion and my course notes/hanouts

svnsync to mirror a subversion repository

Posted on 2010/12/22 by pauljohn

I learned today that http access to my svn server was restricted to the campus. I want to share to the world, as described

https://pj.freefaculty.org/cgi-bin/mw/index.php?title=Cluster:Main#A_Collection_of_Simple_Working_Examples_Using_Qsub_and_Multi-core.2Fthreading.

svnsync is supposed to make this possible. I've not done it before, seems more complicated than it is because of arcane terminology.

Good guides help:

About Dreamhost in particular
http://wiki.dreamhost.com/Subversion#Quick_Start

http://blog.codefront.net/2007/03/31/setting-up-svnsync-ed-mirrored-svn-repositories-on-ubuntu-part-2-of-2/

http://journal.paul.querna.org/articles/2006/09/14/using-svnsync/

In the destination repo, I had to insert the hook file. From within the svn repo directory

$ cat hooks/pre-revprop-change
#!/bin/sh

REPOS="$1"
REV="$2"
USER="$3"
PROPNAME="$4"
ACTION="$5"

if [ "$USER" = "pauljohn32" ]; then exit 0; fi

echo "Changing revision properties other than svn:log is prohibited" >&2
exit 1
Because my source repo is behind the firewall and the outside system can't get to it, it is necessary to customize a bit.

On hpc.quant.ku.edu:
$ FROMREPO=svn+ssh://pauljohn@hpc.quant.ku.edu/projects/svn/repos/hpcexample
$ export TOREPO=svn+ssh://pauljohn32@freefaculty.org/home/pauljohn32/svn/209657
$ svnsync init ${TOREPO} ${FROMREPO}
pauljohn32@freefaculty.org's password:
Copied properties for revision 0.

$ svnsync --non-interactive sync ${TOREPO}
pauljohn32@freefaculty.org's password:
Transmitting file data ..............
Committed revision 1.
Copied properties for revision 1.
Transmitting file data .....
Committed revision 2.
Copied properties for revision 2.
Transmitting file data ......................
Committed revision 3.
Copied properties for revision 3.
Transmitting file data ......
Committed revision 4.
Copied properties for revision 4.
Transmitting file data ....
Committed revision 5.
Copied properties for revision 5.
Transmitting file data .
Committed revision 6.
Copied properties for revision 6.
Transmitting file data ...............
Committed revision 7.
Copied properties for revision 7.

That copied the files into the svn folder in my account.

Dreamhost "goodies" (super easy) configurator has this set so I can check out copies through the http protocol. Mostly I intend that interface to be used for checkouts by read-only users, not developers.

http://svn.freefaculty.org/hpcexample

For example, this allows a check out without the user giving any credentials.

$ svn co http://svn.freefaculty.org/hpcexample

The only part of this I have not figured out yet is how to easily/automatically get updates from hpc.quant.ku.edu to svn.freefaculty.org. I'm not too worried, though, because I didn't think I'd get this far, and i did.

Posted in Linux | Tagged , , , , , , | Comments Off on svnsync to mirror a subversion repository

Subversion Writeup for CRMDA

Posted on 2010/11/15 by pauljohn
Version Control Systems and Subversion (SVN)
Paul Johnson
Nov. 11, 2010

1 Analogy For Microsoft Word Users

I often forget that the people I’m trying to help have a completely different experience than I do. I often plunge into a massive explanation that is completely useless. This section is my effort to avoid that.
Have you ever used “change tracking” in an MS Word document? That’s handy because you can see what changes have been made, you can “reject” a suggested change and go back.
Version control is somewhat like that, except it is more thorough. A version control system keeps track of all of your changes and allows you to “grab” any past version of a file. A version control system facilitates team work by tracking who makes changes and asking them to explain the changes they make.
Version control is harder to set up the first time. It is not automatic.
There are many different programs for version control. The time-honored standard was CVS (Concurrent Version System). Of all of the free software programs I have used, that one had 1) the longest run as the dominant, widely used program and 2) the best user manual. I suspect 1 was in large part driven by 2.
In the early 2000s, the software experts started to want more features, and a proliferation of version control systems emerged. Linus Torvalds, the author of the original Linux kernel, proposed a program “git”. There are many others, “bazaar”, “mercurial”, and so forth. I have not used them.
At the current time, the version control system that is most like CVS is called SVN (short for Subversion). The commands that are used to interact with Subversion are almost the same as CVS, so as a simple user with simple needs, I don’t notice much difference.
But, I have to admit, it is a hassle to get started with version control, but after you do it for a while, you will never want to go back. The alternative is to make a full copy of your project and set it aside frequently. If you have ever done that, then you know it has strengths and weaknesses.
You do need a “Subversion Server” running somewhere. I have Subversion installed in my personal computer, so I can just create a “repository” on my hard disk. If your system does not have Subversion, then you need to use a remote server. That sounds frightening, but it is not too hard. At the University of Kansas, we have Subversion installed on the cluster system known as hpc.quant.ku.edu. Users can create their own personal SVN archives, or they can participate in the communal programming effort via SVN.

2 Conceptual Time Flow of Version Control

This document is not a substitute for a comprehensive SVN manual, but it should help us to get off the ground.
First: log into HPC and create a directory that will act as your SVN repository. That’s the vault, where all the code and changes are recorded.
Second: Change to a different directory and create some text that you want to put into the version control system. You can do this on HPC, or you can go to another machine where do the coding. The aim here is to create the “initial” framework. (You can add files and directories later.)
Third: Add those new files to the repository. That is called “committing” or “checking in” your files.
Fourth: Go to another computer, or start a new directory, and “check out” a snapshot of your repository. Fiddle around with those files. When you are ready, you “commit” those changes into the repository. The repository keeps a “current” version and it also keeps the previous versions, which you can recover if you want to.
Fifth: Go back to the initial working directory, the one where you first created your files. Run the update command to scan the repository for changes and integrate them into the current folder. You can fiddle around with those files, commit the changes, and walk away.
The SVN repository, of course, should not be deleted. But you can feel free to delete the initial working directory and any checked out copies of the files. This means that, if you take some project and make a bunch of mistakes, you don’t have to worry. You can always check out the repository again, and if you want to, you can check out the repository as it was on some date in the past. (I’ve been trying to develop a strategy to check out a copy of files as they will exist in the future in order to speed up my development work, but have not yet succeeded. That kind of thing passes for humor among computer programmers.)

3 SVN: Why bother

From Chad Perrin, “Use open source Subversion for personal document management,” March 14, 2007 http://articles.techrepublic.com.com/5100-10878_11-6167205.html

“A mechanism for automatic revision history management is probably most likely to be familiar to non-programmers because the most famous examples of wiki software employ such a technique for tracking changes to content and allowing undesirable changes to be reversed.

As part of the revision history mechanism, a version control system such as Subversion not only maintains a central data repository copy of the current version of files that have been entrusted to version control, but also maintains a log of changes that have been made from the present all the way back to the moment the files entered version control. Anyone who has been doing software development work for very long should be able to tell you how important the ability to roll back a file to a known-good state can be. This is in fact the central feature of any version control software: the primary reason it exists.

Subversion does this and much more. For instance, it also provides the ability to resolve version conflicts when two people have been editing the same file at the same time. In the real world, users who employ good practices such as making regular commits when working on files in version control, and updating local copies before committing changes, rarely run afoul of others’ work. That rarity is nonetheless accounted for by Subversion, with conflict resolution features built in. It also supports easy branching of modified versions of the main development trunk, merging of divergent development branches, varying levels of checkout and update permissions for various classes of user, and a number of other useful features that project managers often find invaluable.

Personal document management

Another benefit of version control systems is that they allow you to work on a single project from a number of different locations, using a number of different computers, without having to keep any USB storage devices or CD-RW media on you at all times. As long as you have a version control client installed on the computer where you’re going to work and have access to the server where the version control magic happens, you can check out the current version of the project and get to work.

Because of the fact that multiple copies of the same data are automatically synchronized to the same state when the checked out copy is updated on multiple client machines, a version control system like Subversion can also serve as an excellent backup system for a collection of files. This covers your everyday personal documents as well as source code; that is, if you interpret "project" to mean any relatively small collection of data--small enough so that you don’t require a bandwidth optimized weekly backup to minimize the time spent copying your data. A personal documents directory usually fits this description perfectly, especially when you don’t keep many files that tend toward multiple-megabyte file sizes (such as music, video, and high resolution image files).

If you are the type of computer user who understands that regular backups are extremely important as a precaution against hardware or file system failures, but just find yourself putting off regular backups because of the effort involved in configuring a traditional backup system or copying data to huge stacks of CD-R media, Subversion could be just what the doctor ordered. The simplicity of a tool like Subversion for personal document backups can save you from yourself, or at least from your own tendency to procrastinate, and all you need is a second computer running the Subversion server software.

Because Subversion is not tied to a single, purpose-specific graphical user interface the way many proprietary systems like Visual SourceSafe and ClearCase are, it is easily adapted to nonstandard uses such as standard document control as well. You can still have your GUI environment, however, because there are a number of stand-alone GUI clients for Subversion, and Subversion has been integrated with a number of other GUI tools, such as Eclipse and even Microsoft’s Windows Explorer file browser, via the TortoiseSVN client.”

4 Create Your Repository “over there” on HPC.

Let’s experiment in a safe way, where it is easy to erase mistakes and erase them and start over. We will create a repository within your personal user account.
SVN is already installed and configured on hpc.quant.ku.edu. If you happen to google and find a bunch of instructions about setting up “Apache” or Unix user groups or svn, just ignore that part. We did it already. You just need to use it.
From what I can tell, it will be necessary for you to actually log into hpc and manually create the repository in your personal account. That is a very easy process, as I will demonstrate in the next section.
After that, you can use any SVN “client” program to “get” the files when you want them and “send” them back when you are finished. (More on that later.)
First, I will walk through the process of logging on to hpc.quant.ku.edu and creating the archive. Later, I will learn how to use the free Windows program TortoiseSVN and see what it can do.

5 Start on HPC, Assuming that You Want To Be Great Like Me!

This is a nice way to “get your feet wet” in Linux. It is not a completely stupid task, it is useful, and it is not too difficult either.
On a workstation, use “some terminal program.” (Putty in Windows is OK, xterm or gnome-terminal in Linux is OK).
On a Linux workstation, I’d just open the terminal and type this to “go” over to HPC: 
> ssh username@hpc.quant.ku.edu
For username, I put “pauljohn”. It is not necessary to include “username@”, but I try to remember to do that in case I’m logged in with a different user name. If you only have one login name on all systems, it will be OK to just let the system assume you always have the same name. Run 
> ssh hpc.quant.ku.edu
If you are in Windows, there is a free program called Putty, and if you double-click the icon for that, and make sure the “ssh” button is selected, then it will give you the right menu you need to log in.
After giving a password, you see this: 
Last login: Thu Sep 30 15:50:44 2010 from 129.237.46.125
Access to electronic resources at the University of Kansas is restricted to employees, students, or individuals authorized by the University or its affiliates. Use of this system is subject to all policies and procedures set forth by the University located at www.policy.ku.edu. Unauthorized use is prohibited and may result in administrative or legal action. The University may monitor the use of this system for purposes related to security management, system operations, and intellectual property compliance. 
[username@hpc ~] $
The dollar sign is the prompt. Type there!
One silly preliminary. Run this: 
$ export SVN_EDITOR=nano
The SVN system will want to know what editor you will use when you need to interact with it. I suggest the simple editor “nano” for now. “nano” is based on the editor that was used in the email system pine, which virtually everybody at KU was using in the late 1980s and 1990s. If you don’t do this, SVN will get mad and it won’t work right.
If you don’t already have a temporary directory “tmp”, make one: 
$ mkdir tmp
Then change to the tmp folder as the working directory. 
$ cd tmp
Create an SVN repository for testing. Mine is named PJtestsvn 
$ svnadmin create PJtestsvn
PJtestsvn appears as a directory inside my tmp folder, which is in my $HOME, so the full path to it is “/home/pauljohn/tmp/PJtestsvn”.
The command “cd” by itself bumps you back to your home folder. See what I mean? Run the command “pwd” to see where you are. 
$ cd
$ pwd
Now create some empty files somewhere so we have something to test with. 
$ mkdir TmpWorkDir
$ cd TmpWorkDir
$ touch rawdata.txt
$ touch coolcode.R
$ touch something.txt
The “touch” command has the effect of creating an empty file if none exists, or, if one does exist, it gives it a current time stamp.
We tell the svn repository that we want to add these files in the repository’s top folder. 
$ svn import -m "initial" \ 
svn+ssh://hpc.quant.ku.edu/home/pauljohn/tmp/PJtestsvn
When that works, you see this output 
Adding rawdata.txt 
Adding coolcode.R 
Adding something.txt 
​

About my svn command. The backslash (“\”) is only needed because my command ran onto a second line. It is not needed if yours fits on one line. The option -m “initial” is optional. If I don’t do that, then the svn system wants to make me open an editor and type out an explanation of what these files are. The -m “initial” option just lets me give the message “initial” so I will be able to tell in the future this is the initial check in.

Now test that the repository works. Back out of “TmpWorkDir” 
$ cd ..

$ mkdir TmpWorkDir2

$ cd TmpWorkDir2

$ svn checkout svn+ssh://hpc.quant.ku.edu/home/pauljohn/tmp/PJtestsvn 
A PJtestsvn/rawdata.txt 
A PJtestsvn/coolcode.R 
A PJtestsvn/something.txt
Checked out revision 1.
$ ls
you should see that a new directory called PJtestsvn was created. That’s your “working copy” of the repository. Change into that directory 
$ cd PJtestsvn

$ nano rawdata.txt
Put some stuff in there (anything you want), save it, close nano. I just put in gibberish like “iasdf ajsdkfl; ...” to see that the svn system works. Then commit it to the repository. 
$ svn commit -m "Some random characters I chose"
The -m option gives a check in message. If I don’t do that, svn will want me to use an editor to type a file. I don’t mind that, but you might find it confusing at this point. The result is: 
Sending rawdata.txt 
Transmitting file data . 
Committed revision 2.
​
Back out of there 
$ cd ..
Create yet one more working directory. We will test the newly uploaded file. 
$ mkdir TmpWorkDir3
$ cd TmpWorkDir3
This downloads a current snapshot of the repository. 
$ svn co svn+ssh://hpc.quant.ku.edu/home/pauljohn/tmp/PJtestsvn

A PJtestsvn/rawdata.txt
A PJtestsvn/coolcode.R
A PJtestsvn/something.txt
Checked out revision 2.
Use “cat” to display the contents of the file “rawdata.txt”. See, it is still the same bunch of crap I started with: 
$ cat PJtestsvn/rawdata.txt
iasdf ajsdkfl;ajdsf ;
asfdl;jaskf;aj
asdfk;asjdf;
Good. The file is there.
Then I edit rawdata.txt with nano 
$ cd PJtestsvn
$ nano rawdata.txt
and put in some different crapola. Then I send it to the repository. 
$ svn commit -m "some random crapola" 
Sending rawdata.txt 
Transmitting file data . 
Committed revision 3.
Now, If I go to the other working directory, and run 
$ svn update
It should find the new information in the repository and integrate it with your current working version.
Now try to add a directory. Hopefully, I am currently still in /home/pauljohn/tmp/TmpWorkDir3. (Run “pwd” to make sure). Check what I’ve got so far: 
$ ls
PJtestsvn
Good, that’s the copy of the repository. Change in there: 
$ cd PJtestsvn/
It appears I have the right stuff: 
$ ls
coolcode.R 
rawdata.txt 
something.txt

$ mkdir SomethingElse

$ svn add SomethingElse
A SomethingElse

$ cd SomethingElse
$ touch anotherFile.txt
$ cd ..

$ svn commit -m "here’s something" SomethingElse
Adding SomethingElse
Committed revision 4

$ cd SomethingElse

$ svn status
? anotherFile.txt
That means the svn system does not recognise “anotherFile.txt”. So apparently I have to manually add it. 
$ svn add anotherFile.txt
A anotherFile.txt
​
And then commit this version 
$ svn commit -m "here’s some file" anotherFile.txt
Adding anotherFile.txt
Transmitting file data .
Committed revision 5.

6 Accessing Your Personal Repository from MS Windows with TortoiseSVN

A free program called TortoiseSVN is available. It is easy to install, and it runs as a Windows File Explorer “addon.”
After installing TortoiseSVN, I wondered if I could recover the files from my repository.
I made a Windows folder, navigated into it, and then right clicked on the background. There should be two TortoiseSVN related options.
Click the one with the little arrow by it, and choose “Repo-Browser”. We can use that to go see what we left on HPC.
“svn+ssh://pauljohn@hpc.quant.ku.edu/home/pauljohn/tmp/PJtestsvn”
The only really annoying part of this is that it asks me for my password three times in a row.
You can navigate the repository in the usual way, and when you get to the directory that you want to work with, right click and choose “check out”. TortoiseSVN will then ask you where you want to keep your working copy. I chose “C:\Users\pauljohn\Desktop\whatever”.
The current versions of the SVN files are downloaded and I could edit them.
When I created a folder, or files in a folder, I noticed I could right click, choose the TortoiseSVN commit, and then a menu appeared asking me if I wanted to add some files or directories to the SVN repository. I did so, it uploaded them.
Then I went to another system, grabbed the same repository, and the new stuff was in it.
Problem solved.
Because TortoiseSVN is point-and-click inside the Explorer, it is not so easy to tell you exactly what to do. But, I suppose the point of that is that you should be able to figure it out on your own if you can point-and-click at it.

7 Sharing a Repository with Other Users

This is the way “big time” software development works. People expect cooperative work effort on a common set of files.
On HPC, we have set aside a folder in the common storage system for this purpose. The system-wide SVN repository is stored in /projects/svn. As of November, 2010, the following SVN registered projects exist: 
hpcexample
md
HPC example is a collection of programs that use cluster computing.
md is the “missing data” simulation project.
Ordinary users in the HPC system are not allowed to create new project folders, but they can make requests for new projects to “clusterhelp@ittc.ku.edu”.
The permissions on those folders are set as follows: 
drwxr-xr-x 6 pauljohn pauljohn 8 Jun 2 11:53 hpcexample 
drwxrwxr-x 6 pauljohn mdgroup 8 May 7 2010 md
​
The “hpcexample” folder is owned by pauljohn and the group is pauljohn, that means, as it currently stands, only pauljohn can write in there, but other system users are able to read that material. That means any user in HPC can check out “hpcexample,” but cannot commit changes to it. Rather than repeat myself about access to “hpcexample”, I would refer the reader to the web page where the details have already been committed.
https://pj.freefaculty.org/cgi-bin/mw/index.php?title=Cluster:Main#A_Collection_of_Simple_Working_Examples_Using_Qsub_and_Multi-core.2Fthreading.
Perhaps, at some point in the future, there will be other qualified users and a group can be created to make changes in hpcexample.
The “md” folder is owned by pauljohn, but its group is mdgroup. Note the group permissions are “rwx”, so that anybody in the mdgroup can check in changes.
To grab a snapshot of the md directory, this should do it: 
svn co svn+ssh://pauljohn@hpc.quant.ku.edu/projects/svn/repos/md

8 There’s a Lot More to Do & Learn

Subversion is an industrial-sized, team ready production tool. It can do all kinds of stuff most ordinary humans like you and me never really need. When a program is finished and ready for packaging, it can be tagged with a version number, and then exported. Revisions can be created on “branches,” and changes can be merged back onto the main “trunk” of the project.
We do that kind of stuff in software development, but you probably won’t need to if you are just using Subversion to keep track of your personal software and document development. If you decide to convert your R code into an R package, well, the additional power of SVN will help you out.
Finally, yes, I realize there are abbreviations and shortcuts that will work to make some of the commands here shorter. Inside one system, it is not generally necessary to access files through “svn+ssh” because a more simple access protocol is available, for example. But, if svn+ssh does work, why bother learning another style? For abbreviations, it is true that one replace “commit” with “ci” and “checkout” with “co”. Run “svn help” to see a list of abbreviations.
2010-11-10 Revision 1.2
PJ
Posted in Linux | Comments Off on Subversion Writeup for CRMDA

Windows updates to enable PGP signature email/file encryption

Posted on 2010/11/02 by pauljohn

I don't want to forget this, so here goes.

To enable use of PGP encryption on windows for Free, the following route will work.

1. Install the OpenPGP for windows. The One I used is

gpg4win-2.0.4.exe

Right click that, "run as administrator".

After the install starts, choose only the options for "Kleopatra" and the GPG-Ex linkage for the file manager. Don't choose the other graphical interfaces to PGP/GPG, and do not use the Outlook linkages if you are on a 64 bit system. They don't work in 64 bit systems.

Make sure to choose "create desktop item", kleopatra will show in desktop.

2. For new enigmail, it will be needed to update Thunderbird.

That's easy install, just download

Thunderbird Setup 3.1.6.exe

and right click, "run as administrator".

I've tested that on several systems, it will "upgrade" an old Thunderbird or install new. All Good.

3. Get the Enigmail PGP encryption extension for Thunderbird.

Currently, that is

enigmail-1.1.2-tb-win.xpi

Here's the magic recipe to install this for ALL USERS on the system. Don't let the install start just for your one user, that's a waste of effort.

Copy the enigmail.xpi file into the extensions folder of the Thunderbird installation. You have to be administrator to write in there, for me it is

C:\Program Files (x86)\Mozilla Thunderbird\extensions

After you paste that xpi file there, then run Thunderbird AS ADMINISTRATOR. We are trying to install the extension so it applies to all logins, and only the administrator has that power. If you don't do it as administrator, then you are killing the whole process.

Thunderbird will start and say "can we install stuff", you say OK

Then it notices the new xpi enigmail file, and it asks if we install it. Click "install".

Problem solved!

Close thunderbird so you won't be running as administator anymore.

Now, how do individual users interact with this hassle.

First, each user has to have a "private/public" key pair. The GPG system tries to remind you to do that the first time you log in. After you have a key pair, you can install the exact same key pair on all your systems, so that you never regenerate a key pair, unless you really need one.

There are many ways to start that, here's one that works.

Start Thunderbird

There should be a new menu, "Open PGP". In there, I see an option "Manage keys". On a "clean" system, I choose that, and a menu pops up and asks if I want to get started with PGP encryption. I say OK!

I choose not to encrypt all email, allowing myself to decide later. You can do what you want.

I allowed Enigmail to set PGP settings to work best with Thunderbird. I honestly have no idea what that does, We'll see.

Then we come to "Create Key". There is a passphrase where you have to type in some long thing YOU CAN REMEMBER AND TYPE AGAIN, exactly. do that.

It asks if I want a "revocation key" created. I say OK, it suggests a file name, I added "revocationkey" on the front. That is a text file. Then it asks for my passphrase again. That gives the revocation generator access to my private key, so it can put my thumbprint in there. (Every time you use your key, you'll have to give the magic words).

I think that is all.

There is one confusing thing I have not solved. After you create the key pair in thunderbird, then a PGP key manager pops up, it appears to come from Enigmail or Thunderbird.

I do not know how that competes or conflicts or works in cooperation with kleopatra, the recommended key manager that comes with Gnu GPG. For what it is worth, to inspect keys and encrypt/decrypt files, I've been running kleopatra, it seems to work OK. But the key manager from Enigma might be good too.

I'm guessing that a half-assed key manager program must be pretty easy to write, that is why there are so many competing things floating around. Getting one that actually works right, all/most of the time, appears to be more difficult. I don't seem much difference between Kleopatra (from Gnu OpenGPG) and the "Key Manager" think in Enigmail, both seem to interact with same key database.

Let me know what happens!

Now, here's part I'm still trying to figure out. Where does Win7 (by default) store the key pairs and how can I copy the private part from one system to another. If somebody steals my private key, disaster awaits, so I certainly should not email it. So I'll transfer on USB stick.

But where is it? In my Linux system, the keys can get dumped in either of two places. I usually use PGP encryption with ssh logins, so it appears most of my keys are in my HOME dir, under ~/.ssh. However, it appears I also have a folder where gnu keys might go, ~/.gnupg/private-keys-v1.d.

Anyway, the public part is easy to spot, in my .ssh dir, for example, the one I use to sign software is called "Paul Johnson- Binary Package Signing Key". If I go into the key manager and find that one, then "export key", it outputs a file that has the public part of the key. This is the part I put on websites or give to other people so they can grant me permission to open a file. If somebody encrypts an email with my public key, then only I can open the email. That is a text file, nothing too mysterious:

PaulJohnson-BinaryPackageSigningKey.asc

That looks like this:
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)

lQHhBEhNkwERBACE2SLAKLs/8IpysCSIlXuibEeOhg0nXXJbyPD/mgTSwvQan1rA
NBcaWc4j0QfTY7q4iWoCVouzUTcZuNFGrNUk18+0YFqpKa5L2XeFVBiQFPp57cKY
DTAynfbmNU2IMdJEzcZ/pu3q2ufaKyFz7zsDX7Rj/G0SFpZJziGkbcHpTwCgwYno
U/tvN8gJ1IqLb95GXi6Ti9kD/0wJHo0n6XexwzXXXqNDEv2BuR2qnZV/pjqmJc/5
6Ub4/A3bjbSaxC0zeJlzqc9gkXHKwi1nkivf9l9jG5m5nWZ11LXlJBiHyf4wCfYu
7Qavoui7yH3EhFOvOK87XmXxcebzgJMeAVxyLkkc183gwHdsstaTDvZxiGkHIoWc
GRG+A/435tw/wMpCga6aEPuulD/wEKXkgWCQoJTaR/mNe8+RvwtoRtbiZ8ipQ+KB
D1HFikzPRURZhaA6Yn25Eavcn5yI2tCET3/anlXoryiZEfDHojTMCZJlNrM7VtDs
+LoyG2WD4X19ZqYh9Y4SlF0B3ZYmFv/quBYNblZ5E/5pPQ3Tov4DAwJnfPg8L38L
6GATkZBtPFDVplC1om08tiIDrOoND33ZEOshoM+1FeG0pnTOtZWFzjcYpQ+LZhIQ
oSZ5DLRGUGF1bCBKb2huc29uIChCaW5hcnkgUGFja2FnZSBTaWduaW5nIEtleSkg
PHBhdWxqb2huMzJAZnJlZWZhY3VsdHkub3JnPohgBBMRAgAgBQJITZMBAhsDBgsJ
CAcDAgQVAggDBBYCAwECHgECF4AACgkQsvPbE97pDMuHngCfZX5PT0eEmNT7CyBs
NZxb5tX7qQMAniTitNkREAHGp+nzfiuzMwjADTPqnQJjBEhNkwUQCACp7pE6pFWS
X7nLInGVGPZ5acMT1BKGPnG/HHUueDr8Q4FfvqSwH0ST4FqEo+vkvK0AHgD4d/rs
Wqr2vII+K9f7jxyMzqw9Nr6ivYBFlmH8c9krmFlRLDMq+pWzrnSgBswKUz7o3tl3
Q0rX3x1FKlUZnhOdiNy7hX20kc5A398fLGAYng5Do54ARc7UeWqZV1gva0heEpsH
eKh5S0JPCNMZ/nXbVbZI+3p9wt8dRrHvpamiWh1JZOkoJESLs02hUYDFKLl5L2eF
T/GOseo1jeUEaDkhVVH22wXLUi0mlkauretpFk5l+KFB+ebnkGpIWDxH9ZBQUEVA
Q0BPXJpkWzenAAMFB/9neImJThJjer7wq+bdck7RZfkhxQccJzG1n9ZxsbVSApgg
2bNOj6fTfNK4witU4YdVubzW3pVa2JgnMRmz6whqrMhfp++MW/Q7OktREkDUw/pK
vTgK6B9gTpbsWjF5HmcViAqSiV4FdwzAZzBd/SUiu68oIRJ2rY+na8XlC5ao5/qE
yUweZA/bqWUFQaAoungNpTzLKSAf1viD5yq3W9KKZnEumK2gwxY0iszcgLCGB56U
9ok5OWKDjte5exVCC3Vaz/wDtahclZDOzhmhMn6eAQNzhXAOB9y+fj3e9fFf+TZh
/BjFOGq1HylB2fdFBwf8jBccOsV0nKJsxnVJDGNH/gMDAmd8+DwvfwvoYMLjStvh
9TooSmEcV4/dWMFd0zDgLC+F2qhMd/h8cbcAGFjfLv0rmnCmyREUPZ5TCWUjtUwr
Y+XhkxCTiBZ2MF+vNRH1f6glTKCISQQYEQIACQUCSE2TBQIbDAAKCRCy89sT3ukM
yxCeAKCDN8IWHkdJPgbZ59nj05mkmGMNHACgrYvi4Oj7sghlw6wIYMe9kKVJ2Do=
=QDOg
-----END PGP PRIVATE KEY BLOCK-----

To export the private key, I had a bit more trouble. No two systems use the same terminology. In Seahorse on Linux, the option to hunt for is "export complete key". One can also type a command,

$ gpg --export-secret-keys > secret.keys

That exports secret keys to a file. This can be backed up and re-imported later.

The private keys will look like this.

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

lQHhBEhNkwERBACE2SLAKLs/8IpysCSIlXuibEeOhg0nXXJbyPD/mgTSwvQan1rA

[Snip! You thought I'd give you my private key? Ha.]
yxCeAKCDN8IWHkdJPgbZ59nj05mkmGMNHACgrYvi4Oj7sghlw6wIYMe9kKVJ2Do=
=QDOg
-----END PGP PRIVATE KEY BLOCK-----

It appears to me some extra research will be necessary. The Enigmail Key manager has options to email the public part, that seems to be a good way to send it to people. It also has a way to copy the public key to Clipboard and export keys to a file, and it asks if you mean to include the private part. I think if you transfer that file via usb and import with key manager, all will be well.

But, then again, there's only so much I can do to guess what problems Windows users will find.

pj
Kleopatra has "Export Secret Certificate"

Posted in Windoze | Comments Off on Windows updates to enable PGP signature email/file encryption

Winbind Logins on Centos 55

Posted on 2010/09/07 by pauljohn

How to set up Winbind logins

Remove the samba- packages, get sambax, including sambax-winbind, from Centos Updates. Then Hit it!

1. Put /etc/samba/smb.conf like so:

===========

[global]
workgroup = HOME
password server = ad-home-1 ad-home-2
realm = HOME.KU.EDU
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = yes
winbind offline logon = true
winbind enum users = yes
winbind enum groups = yes

template homedir = /home/%U

passdb backend = tdbsam

2. Reconfigure /etc/pam.d/system-auth-ac
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_winbind.so cached_login use_first_pass
auth required pam_deny.so

account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_winbind.so cached_login use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomedir.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.s 3. VITAL: The machine's FQDN has to end with the domain's name, so "fred" has to be fred.home.ku.edu That has to be set in /etc/hosts and in Centos it also has to be in /etc/sysconfig/network. (I set that with system-config-network on the last few machines I set up. worked fine). /etc/hosts needs to have the domain controllers in it. In my case "ad-home-1" and "ad-home-2" After that, you can join the domain. After doing this the manual way with "/usr/bin/net join -w HOME -S ad-home-1 -U paulj" I learned that system-config-authentication can do it as well. Output is like this: Using short domain name -- HOME Joined 'POLS11' to realm 'home.ku.edu' DNS update failed! I'm told the last line is harmless. My systems are joined to the domain, but the domain does not know about my machines, so it does not update its DNS records to take into account my systems.

Posted in Linux | Comments Off on Winbind Logins on Centos 55

Drivel client -> Movable Type -> Word Press? With LaTeX

Posted on 2010/07/14 by pauljohn

Here:

http://en.support.wordpress.com/latex/

It says you can put in latex code like

\(\sum_{i=0}^{i=N}(\frac{1}{N}(x_i - \hat{mu})^2\)

I wonder if that works?

Posted in Uncategorized | Comments Off on Drivel client -> Movable Type -> Word Press? With LaTeX

Coercion of items in vector: peril and promise

Posted on 2010/07/08 by pauljohn

### Filename: plotMathProblem.R
### Paul Johnson July 7, 2010
### email me

### This is a tail of "coercion" of items in vectors.

### Run this code through and see if you can explain the
### puzzle at the end.

sigma <- 10.0 mu <- 4.0 myx <- seq( mu - 3.5*sigma, mu+ 3.5*sigma, length.out=500) myDensity <- dnorm(myx,mean=mu,sd=sigma) ### xpd needed to allow writing outside strict box of graph ### Need big bottom margin to add several x axes par(xpd=TRUE, ps=10, mar=c(18,2,2,2)) plot(myx, myDensity, type="l", xlab="", ylab="Probability Density ", main="Normal", axes=FALSE) axis(2, pos= mu - 3.6*sigma) axis(1, pos=0) lines(c(myx[1],myx[length(myx)]),c(0,0)) ### closes off axes addInteriorLine <- function(x, m, sd){ for (i in 1:(length(x))){ lines( c(x[i],x[i]), c(0, dnorm(x[i],m=m,sd=sd)), lty= 14, lwd=.2) } } dividers <- c(qnorm(0.025), -1, 0, 1, qnorm(0.975)) addInteriorLine(mu+sigma*dividers, mu,sigma) # bquote gets the value of mu from the environment with .(mu). t1 <- bquote( mu == .(mu)) mtext(t1, 1, at=mu, line=-1) addInteriorLabel <- function(pos1, pos2, m, s){ area <- abs(100*( pnorm(m+pos1*s,m,s)-pnorm(m+pos2*s, m,s))) mid <- m+0.5*(pos1+pos2)*s text(mid, 0.5*dnorm(mid,m,s),label=paste(round(area,2),"%")) } addInteriorLabel(dividers[1],dividers[2], mu, sigma) addInteriorLabel(dividers[2],dividers[3], mu, sigma) addInteriorLabel(dividers[3],dividers[4], mu, sigma) addInteriorLabel(dividers[4],dividers[5], mu, sigma) b1 <- substitute( mu ~ d*sigma, list(d=round(dividers[1],2))) b2 <- substitute( mu ~ d*sigma, list(d=round(dividers[2],2))) b3 <- substitute( mu ) b4 <- substitute( mu + d*sigma, list(d=round(dividers[4],2))) b5 <- substitute( mu + d*sigma, list(d=round(dividers[5],2)) ) ## 1. Fails, labels not ready yet. R needs expressions to do plotmath axis(1, line=4, at=mu+dividers*sigma, labels=c(b1,b2,b3,b4,b5), padj=-1) ## 2. Also fails, but in an interesting way. Puzzle. Why do all ## but b1 display properly. axis(1, line=7, at=mu+dividers*sigma, labels=c(expression(b1),b2,b3,b4,b5), padj=-1) ## 3. Works, probably the recommended way axis(1, line=10, at=mu+dividers*sigma, labels=as.expression(c(b1,b2,b3,b4,b5)), padj=-1) ### Duncan Murdoch explained that as.expression is needed in r-help. ### The reason that "as." is required is difficult, I think. ## 4. Also Works, but hard to understand why. axis(1, line=13, at=mu+dividers*sigma, labels=c(as.expression(b1),b2,b3,b4,b5), padj=-1) ## Why does it work with the as.expression applied only to first ## element? ### Puzzle: Why does 2 fail, and why does 4 work? ### Several r-help members helped me understand this. ### It comes back to this: ### a vector in R has to be a homogeneous collection of items. ### All elements have to be numbers, or characters, or expressions. ### Putting things into a vector with c() signals R ### you want to "coerce" all of the things into the same type. ### What happens if you do ### x <- c("a", 1, 2, 3, 4) ##? ### You don't end up with one character and 4 numbers. You get 5 ### characters. ### > x
### [1] "a" "1" "2" "3" "4"
### Behind the scenes, R applies "as.character".

### Try #2 sets the first thing as expression(b1), and
### then in the effort to build the vector, R runs "as.expression"
### on b2, b3, b4, b5 automatically. Because "as.expression" is the
### required fix, then we get the correct output for those items.

### Why does Try #4 succeed? Same answer. After the first item
### is seen as an expression, then R coerces the rest with as.expression.

### So the approach in #4 works, but only luckily, and when #2 failed,
### it creates a very hard to debug problem (for me, at least).

### Anyway, now that this "works" I can concentrate on putting this to
### use in another project.

Posted in R | Comments Off on Coercion of items in vector: peril and promise

gconftool to fix title bar buttons (Ubuntu 10.04 lucid)

Posted on 2010/05/02 by pauljohn

Wow. Ubuntu 10.04 puts the buttons on the left. How peculiar. Why?

It is easy to customize them, put them where you like. I prefer WindowMaker style, with minimize on left, close on right. This does it:

Caution: straight quotes are needed here, not the angled ones. The blog automatically changes straight to angle, which is a PITA.

gconftool-2 --set "/apps/metacity/general/button_layout" --type string "minimize:close"

Posted in Linux | Comments Off on gconftool to fix title bar buttons (Ubuntu 10.04 lucid)

gconftool-2 tips

Posted on 2010/02/19 by pauljohn

In the lab, I don't ever want to see the "spatial" nautilus again. On any system, for any user. This works: ****WATCH OUT**** these are "double dashes" but browser shows as single long dash!

sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set /apps/nautilus/preferences/always_use_browser true

Why? Here:

http://wiki.novell.com/index.php/Locking_Down_the_GNOME_Desktop

http://superuser.com/questions/65267/how-do-i-change-the-default-behavior-of-nautilus-so-that-it-doesnt-open-multiple

I'd also like to make them always see the tree on the left side. Aways. But I don't want that mandatory. Only default

sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --type string --set /apps/nautilus/preferences/side_pane_view NautilusTreeSidebar

Stop systems from asking users to setup that awful piece of shit evolution

sudo gconftool-2 --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --set /desktop/gnome/url-handlers/mailto/command -t string 'thunderbird %s

sudo gconftool-2 --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --set /desktop/gnome/url-handlers/mailto/command -t string 'thunderbird %

Posted in Linux | Comments Off on gconftool-2 tips

Tips on insalling Latex Packages in TexLive

Posted on 2010/01/26 by pauljohn

I usually just stop at texhash. I've run into trouble with fonts before and the fix wa udpmap-sys, but I did not realize that is part of a general recipe for Latex packages. In Lyx help list, Gunter recommended:

This looks like a manual install. Some REAME files are not up-to date.
My receipe is

1. copy to /usr/local/share/texmf/....
2. `mktexlsr` or `texhash`
3. create /etc/texmf/updmap.d/42*.conf with
Map *.map Datei
(see existing dvips/config/config.* or *.conf files)
4. `update-updmap`
5. `updmap-sys`

https://mail.google.com/mail/?shva=1#label/IN.Lyx/12661a2bf39beb81

Posted in LaTeX/Lyx | Comments Off on Tips on insalling Latex Packages in TexLive