I haven't write any paper since about last 6 months. That covers the period when I changed my PC. That's a good time to update my MikTeX installation. Now, with MikTeX 2.7 in hand, I can review again the process of installing Thai language support.

-- side note -- You can look at my detailed previous entry here. There contains the information to install Thai language in MikTeX 2.6 and 2.5. The process is very similar to that of 2.7 -- end side note --

The process to install thai language in 2.6 and 2.7 are practically the same. The step are listed there

1. Modify babel to recognize thai language
2. Installing the font.

Font installing is complex. I have laid out the detail in the previous entry. However, this image should provide a rough idea of what to be done.

Finally, MikTeX 2.7 comes with XeTeX which allow you to use truetype font immediately. This solution is very promising. I will have more update on this very soon.(only partially) what to have Thai language available on miktex.

[img_assist|nid=2044|title=MikTeX Thai Font Installation Guide|desc=|link=node|align=left|width=640|height=415]

I feel very shameful to admit that, for past several months, I left my server being wide open. She didn't receive any protection from any local firewall. Of course, the IT depts. of my university and my faculty have done great jobs in implementing the firewall. These protect me from outside threat but my server still sit idly feeling clueless of any person who has a chance to plug into university network. That's why I was trying to enable firewall on my server.

In my previous server, I used iptables exclusively, i.e., no front-end is being used. However, Ubuntu comes with ufw, a firewall-made-easy for Linux. With ufw, I could issue a command like "ufw allow 22" to let ssh (port 22) client to connect to my server. Ufw also saves and restore this rule automatically.

The only problem is that, as soon as I turned on ufw, my OpenVPN stop functioning. This is quite understandable because it override any previous rule I applied. However, the best things of ufw is that it is a non-degenerative front-end, meaning that it still retains all functionality of iptables. Users can add custom rules directly using the syntax of iptables. What the user has to do is to modify the /etc/ufw/before.rules and/or /etc/ufw/after.rules for any custom modification.

Here are the list of things I added to my /etc/ufw/before.rules, assuming that my OpenVPN clients are under the pool of 10.8.0.0/24

First, since we trust OpenVPN completely, I would accept all traffic to/from my OpenVPN. I added this lines at the beginning of the filter section .

-A ufw-before-input -i tun+ -j ACCEPT
-A ufw-before-output -i tun+ -j ACCEPT

Additionally, I must forward traffic to/from my OpenVPN. These lines was also added after the above lines.

-A ufw-before-forward -s 10.8.0.0/24 -j ACCEPT
-A ufw-before-forward -d 10.8.0.0/24 -j ACCEPT

Finally, I have to masquerade traffic from my OpenVPN. This can be done by adding a section of NAT table to the ufw. These lines were added to the top of the /etc/ufw/before.rules

# rules for NAT Table of iptables
# required line for ufw
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic from OpenVPN through eth0.
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

# tell ufw to process the lines
COMMIT

That's all.

Just tried the new Fedora 10 on my PC. The problem is that I want to export all my NTFS drives on F10 via Samba, so that any machine can still access my file even though I am not on Windows. NTFS-3G works quite well and setting up Samba is no longer a problem. Of course, firewall must be adjusted to allow samba protocol. Firestarter is a nice application for the simple thing such as allowing a specific port, a feat that actually requires several rules in iptables config to efficiently permit the protocol.

At that point, I was able to export my home directory via Samba and all NTFS drive can be read/written locally. However, whenever someone over the network tried to write something on the Samba NTFS share, an AVC happened, i.e., SELinux was preventing the write.

Checking the audit log yields something like this

node=raman type=AVC msg=audit(1229096296.441:676): avc: denied { write } for pid=8484 comm=\"smbd\" name=\"dae\" dev=sda5 ino=29 scontext=unconfined_u:system_r:smbd_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir node=raman type=SYSCALL 

msg=audit(1229096296.441:676): arch=c000003e syscall=83 success=no exit=-13 a0=7f4aa5524b50 a1=1ed a2=7f4aa54dbd70 a3=2f31a70 items=0 ppid=8210 pid=8484 auid=500 uid=0 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm=\"smbd\" exe=\"/usr/sbin/smbd\" subj=unconfined_u:system_r:smbd_t:s0 key=(null) 

The SETroubleShooter said that to allow such access, I have to chcon -R -t samba_share_t but, of course, that is not of much help because the directory is actually the NTFS directory. After googling around, we just need to tell SELinux that we really trust samba to share the FUSE file system, which is used by NTFS-3G, the ntfs driver for Linux. Using the following command simply solves all the problems.

setsebool -P samba_share_fusefs 1 

Recently, I have got several spams at approx. 1,000 per day. I am clueless how do they appear on my site. I've used reCAPTCHA, I've used mollom, I've used blockanonymouslink, but the spam still coming through.

The strangest thing is that when I ask my friend to try to post spam on my site, the spam countermeasure works just fine but the real spam keep appearing. I felt a little bit hopeless so I contact my dear friend sugree and ask for help. He came up with the solution really fast. From the log, the spam is coming from the staging site that I forgot to turn it of. It is the staging when I convert my drupal 5 to drupal 6. I also think that it is the reason why my post keeps getting "unformat" for the last few days as well.

Anyway, I have destroy that staging site and hope that that would solve the problem.

I posted my slides on my web as a pptx file a few weeks ago. Suddenly after that, students gave some comment that when they downloaded the file, the file came as .zip. Even though the file on the server is not zipped and is name exactly as .pptx. Of course, I have tested my upload, but only on Firefox, which definitely has no problem. From the student comment, I tried it on IE and managed to duplicate the error. My first thought is that it must be something about the MIME type. The problem is I don't know the correct mime type of the pptx file.

Googling around leads me to this post on Drupal website. In short, I have to add these lines to /etc/mime.types so that Apache sends the appropriate MIME type to IE7. I wonder why IE bothers to change the file extension after all.

application/vnd.ms-word.document.macroEnabled.12				docm
application/vnd.openxmlformats-officedocument.wordprocessingml.document		docx
application/vnd.openxmlformats-officedocument.wordprocessingml.template		dotx
application/vnd.ms-powerpoint.template.macroEnabled.12				potm
application/vnd.openxmlformats-officedocument.presentationml.template		potx
application/vnd.ms-powerpoint.addin.macroEnabled.12				ppam
application/vnd.ms-powerpoint.slideshow.macroEnabled.12				ppsm
application/vnd.openxmlformats-officedocument.presentationml.slideshow		ppsx
application/vnd.ms-powerpoint.presentation.macroEnabled.12			pptm
application/vnd.openxmlformats-officedocument.presentationml.presentation	pptx
application/vnd.ms-excel.addin.macroEnabled.12					xlam
application/vnd.ms-excel.sheet.binary.macroEnabled.12				xlsb
application/vnd.ms-excel.sheet.macroEnabled.12					xlsm
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet		xlsx
application/vnd.ms-excel.template.macroEnabled.12				xltm
application/vnd.openxmlformats-officedocument.spreadsheetml.template		xltx

Anybody could notice that there are at least two urls that direct to this page. Originally, I registered for http://www.nattee.net/ and http://our.obor.us/. Both works well thanks to Drupal site configuration method. Drupal use name based resolution. All I have to do is to edit the setting.php to point to the same database for both of the name. Users can access my site using any of these urls and drupal simply direct it to the same place (because all information is stored in the database).

The problem is that the module from drupal that access these API does not allow me to authenticate with the API using different certificate for different host name. This is definitely not the bug of drupal because what I did in the first place is a workaround, not a recommended way. I personally says that the two urls use the same database which is originally intended to be used for single url.

The problem started when I was trying to use off-site module, e.g., Google Analytic, reCAPTCHA or mollom. These APIs require some security measurement. The APIs are available for the registered site only and they all adopt the name based identification. The method they adopt is that the RSA key is provided to the site owner and the site must supply the key when communicating with the APIs providers. Different keys are issued for different host name. In short, each call of this APIs must come from the correct URL.

RewriteCond %{HTTP_HOST} ^our\\.obor\\.us$ [NC]
RewriteRule ^(.*)$ http://www.nattee.net/$1 [L,R=301]

The first line simply matches the content of HTTP_POST variable with our.obor.us (using regular expression) as a first token. Then [NC] flag indicates that case is irrelevant. The second line simply match everything after the host name and prefixes it with http://www.nattee.net/. The $1 is back reference to the first line and [L,R=301] means that this line is the last rule to apply and apache should send the redirect command to the client.

That's all.

Now, it came across my mind that mod_rewrite would solve the problem. mod_rewrite is an apache module rewrite the name of the url, perfectly what I want. After reading some document, all I need to do is to put these two lines on the .htaccess

Originally, I wish to solve the problem by redirecting anything from http://our.obor.us/ to http://www.nattee.net/. The problem is that GoDaddy won't allow so, (they actually have this option but when I turned it on, nothing happens). For about a year after I adopt reCAPTCHA, nobody can post comment on http://our.obor.us/.

Currently, there are 8 teams with the total of 27 students. around 11 more students haven't submit their team member yet.

Team ID Member 1 Mr.Ekabutr Sirisuphang 4930628021 Pom Miss Nantinee Tulyanon 4931216321 Paw Mr.Sichares Suppapanya 4931252921 Pop‏ Mr.Aphichit Hanbanchong 4931255821 Note -- 2 Mr.Charn Pruksapa 4830115321 (kratao) Ms.Chalermkuan Siriphan 4831203021 (Wang) Ms.Arcchaporn Choukuljaratsiri 4831244821 (Yok) -- 3 Miss Chitchanok Chuengsatiansup 493 12048 21 (eo) Mr. Pawawat Duongsodsri 493 12266 21 (pai) Miss Salita Sombatsiri 493 12461 21 (tak) -- 4 กัญจน์ กุนทีกาญจน์ 4930015321 กันต์รร ไวยสาธา 4930017621 กิตติภพ โกศล 4930033621 ทวีศักดิ์ ชื่นสายชล 4930165821 -- 5 นายธิติ ธัญญะประเสริฐ 4830226321 นายฐิติกร เศรษฐลิขิต 4930113121 นายประสิทธิ์ อุษาฟ้าพนัส 4930271621 นายธีรพล พงษ์กิตติพันธ์ 4931211121 -- 6 บริรักษ์ หัตถา 4930245321 พรเลิศ กุลประสูติดิลก 4930318521 ภูริ นิโครวนจำรัส 4930383221 -- 7 ปกรณ์ อรรจน์สาธิต 4930253321 วราวิทย์ อารีวิจิตร 4930453521 ศุภณัฐ เวทสรณสุธี 4931249021 -- 8 ภาณุพงศ์ อนันตวัชกร 4931229521 พงษ์ศิลป์ วชิระจงกล 4930309921 ศิขพล สายจิตต์ 4930517021 -- 9 นายวรายุ จริยาวัฒนรัตน์ 4931234621 (วิน) นางสาว ชุติมา ธนารักษ์พงศ์ 4930106821 (ชุ) นางสาว หทัยรัชต์ เจริญกุลวณิชย์ 4931254121 (มิลค์) -- 10 พิริยาพร ช่างไม้ 4930334521 (พีช) สรรประภา วุฒิวร 4930541021 (มีมี่) สุขุม สัตตรัตนามัย 4931253521 (ขุม)

My old phone is broken, she freezes up every now and then for weeks. So, yesterday, I bought a new cell phone. After a series of reviews and lots of constraints optimization, I ended up with Nokia 3120 classic. Let's start from the requirements, listed by higher impact.

• Bluetooth (for my headset, this is top priority)
• GPRS, EDGE (3G is bonus)
• Nice alarm clock (yeah, I said I no longer need that, but having it would be a plus)
• External memory slot (music player is always a plus)
• Camera

Of course, my old one (Samsung E250) meets minimal requirement. Her camera is just for show and it is damn slow to transfer music file from her to PC. Don't take me wrong. She serves me right for almost two years and if she did not (untimely?) die, I would still be very happy with her.

Formerly, there were other six contenders: SE T303, SE W380i, Samsung L700, Nokia 3110, SE K660, Samsung E590. Each fails short for the following reason.

• SE T303: Very good! It's bang for the buck. However, it lacks external memory.
• SE W380: I always want to try a clam shell phone but this one is very hard to open by a single hand. Not a good thing.
• Samsung L700: A little bit too tall and the price tag of 5,400 baht is a little bit too high.
• SE K660: Has everything I need but is bulky and pricey.
• Samsung E590: Very very good! Somewhat chubby. The feature is better than T303. slot and if there were no Nokia around, I would definitely go for it.
• Nokia 3110 classic: I almost goes for this one. The only problem that it is quite too big. I really like its mini USB connector and its separated small talk connector. Unlike Samsung universal port, i can charge the unit while connect the small talk at the same time.

I almost goes for Samsung E590 if I haven't met Nokia 3120. The plus of 3120 overs E590 is that it has LED flash, minimalist 3G (both 850 and 2100) and higher resolution camera. Also comes with 512 microSD. The price of 3120 is 800 baht higher than E590 and the fact that it has separated connector is the final nail that concludes my decision.

News

Discussion on this course should be done in the forum. The department account (g51xxx) can be used to login for this website.

• you can download course syllabus here

Homework

• 1st Assignment Reminder

Students are required to submit their paper to be presented to me within Tue. 11 Nov, before midnight.

• 2nd Assignment Reminder

Please submit your mini proposal (the first chapter of your current topic or the topic presented in Week 2 -- Week 4). Due 21-Dec-2008 before noon.

Advisor Consulting

Student should visit the advisor as much as possible.

Here is the report for advisor meeting. You are required to submit this form signed by advisor.

In our faculty, there is an informal discussion regarding faculty on every last Friday of the month. The dean put much priority on this talk such that he will join every time his schedule allows him so. For this particular month, he officially call every relatively new faculty to join a seminar trip. (FYI, relatively new is anyone who joins the faculty less than 10 years ago.) The trip was good, in both official aspect and recreational aspect. Several interesting topics were discussed in the seminar also many topics of useful information are shared. Amongst them, I would like to list some trivial.

• In the last year, there are 157 of our freshmen got "F" from Physics and another 88 had withdrawn.
• We have 185 freshmen on probation (less than 2.00 GPAX).
• The faculty has default templates for both MS Office and OpenOffice.org. We are encourage to use them for every conference. You can download it here.
• The web of the faculty is now Drupal based.
• 1/3 of our budget for this fiscal year comes from the government, the rest is from our direct income (tuition fee, mostly). The total budget is about 750 mb.