Since man’s first forays into the written word, his dreams and aspirations have centered around improving the weakest link in the compositional process: the interface between nebulous mind and printed matter.

Certainly, the advent of the printing press and the widespread acceptance of the word processor revolutionized writing as we know it, but the actual implements of drafting have changed comparatively little. We still scribble with pens and pencils and type on keyboards that would be familiar to many typists alive during the civil war.

Perhaps this is because great writers, like great carpenters or engineers, never blame their tools for their own inadequacies. Investing in the right tool for the right job is one of the most important investments you can make, but is a mechanical pencil the best we can do?

Most of my writing output is digital nowadays, so my “analog” writing needs center around tactical writing situations. I still prefer a mechanical pencil and paper for mathematics work, note-taking, and jotting down reminders. Even though I carry a netbook most days, pencil and paper affords me maximum freedom to arrange and annotate notes just so, with drawings and diagrams requiring no additional effort.

This works out pretty well, but I have a few issues with mechanical pencils: broken leads, incessant clicking to dispense more lead, and a tendency to make noise due to the leads rolling around inside the chamber. Also, my favorite mechanical pencil, a Pentel 0.5 mm, has a relatively slender profile and causes a little more fatigue than I’d like, especially compared to the Pilot G-2 fine point I enjoy. Even though I have no reason to ditch my beloved Pentels, I owe it to myself to see what’s out there.

Enter the Sharpie Liquid Pencil. This curious device writes like a pen, but its output is equivalent to #2 pencil lead and is erasable as such. While Pentech’s Liquaphite has been on the market for some time now, the Sharpie’s major advantage is price: about $2 each, versus about $50 each for the Pentech.

The Physics

I ordered a two-pack of Sharpie Liquid Pencils from Amazon.com, for about $6 with tax. After a brief backorder, the devices arrived. The two-pack comes with a set of six bonus erasers, which are loosely floating around inside the blister pack (I had to do a brief search and rescue operation after opening the package).

It is a bog-standard retail package of the sort you’ve all seen before, so I immediately popped it open and weighed it using the hoopycat.com scales of science. The liquid pencil weighed in at 12 grams, compared to 11 grams for my recently-reloaded Pentel and 10 grams for my Pilot G-2. I would consider this reasonable, within the expected error range of the scale.

As far as handfeel and geometry go, the Sharpie is almost indistinguishable from the Pilot G-2. It feels solid, has good balance, and has the padded grip right where I like it. The grip lacks the texture of the Pilot, but this is not a dealbreaker for me.

Curiously, the Sharpie rattles when shaken. This is due to the clicker retraction mechanism, which involves the entire top quarter of the barrel. Unfortunately, there’s too much mass there and too many places for plastic-on-plastic contact, so its operation is not completely silent. A smaller “button,” such as on the G-2, would have likely improved the situation.

The Output

Alas, my tests revealed that the Sharpie Liquid Pencil’s writing quality is more like that of a cheap ballpoint pen than a quality mechanical pencil. I tested on a variety of surfaces, including a sticky note, some copy paper, the backs of the packing slip and shipping envelope, a sheet of newsprint, and the writing pads I use for note-taking. Overall, I found the marks to be spotty and irregular, as if the flow rate through the ball were inconsistent depending on angle and velocity.

This is a curse that befalls a number of pens, but is certainly an unwelcome introduction to the pencil. I think this, above all, will be the dealbreaker for notes and homework. While the liquid pencil’s quality improved with greater downforce and velocity, this is not acceptable for lectures due to the resulting fatigue.

A high-resolution scan of the writing pad test is available in the photo gallery, along with a number of other images.

Hiding the Evidence

The ability to erase is one of the key features of a pencil, and in this category, the Sharpie is no slouch. The built-in eraser erased the text from a post-it note perfectly, but my standard Staedtler Mars plastic eraser left a little bit behind. In the image on the right, the third row was erased with the Staedtler, and the fourth was with the built-in eraser.

One downside to the built-in eraser: it goes fast. I had a noticeable bevel on it from just erasing two words, and I’m not entirely sure it would survive my typical sentence.

After 24 hours at room temperature, marks were essentially un-erasable by either eraser. They just get a bit lighter without fully disappearing.

Unsuccessful Smear Campaign

My more sinister colleagues often worry about their clumsy left hands smearing ink from particularly juicy specimens. While it is harder than you’d think to write left-handed (I hear only 10% of people can do it), I did try writing backwards to no avail. I eventually gave up, wrote a chunk of text, and then dragged the edge of my hand across it.

I sure wasn’t expecting that to happen.

Rather than smearing, the writing disappeared with about as much effectiveness as my Mars eraser! It appeared as a black grit on the edge of my hand, which wouldn’t wipe off (or erase off), but did come off nicely with soap and water. Mind you, I was dragging my hand pretty hard and pretty much trying to get a reaction out of it. If you’re left-handed and writing normally, it probably won’t be a problem.

Overall

Well, they gave it a good shot. I like the idea in theory, but the execution could use some work. The cheap-sounding rattle when shaken, the inconsistent liquid graphite flow, and the poor erasability with the Mars plastic eraser limit it to occasional use at this time. I look forward to future development in this field, but I’m not putting away my Pentel just yet.

I’ve been having some weird kernel lockup problems when using the authenticated WPA2 network at RIT.  Since I can’t effectively bring my kernel bug troubleshooting tools to campus, I decided I needed to bring the wireless network home.  This meant converting the home wireless network from the usual shared-secret configuration to a Protected Extensible Authentication Protocol (PEAP)-based system.

Access Point Configuration

My access point is a Belkin F5D7230-4, a humble piece of crap that I wouldn’t recommend unless you enjoy rebooting or power-cycling network infrastructure.  What did I do wrong to get cursed with such terrible wireless networking problems?

I digress.

The access point is set up with Channel and SSID configured in a working fashion, along with Use as Access Point and System Settings adjusted to disable NAT and give the access point a usable LAN IP (192.168.1.2).  The real magic is under the Security tab.

• Allowed Client Type: WPA2 Only
• Authentication: 802.1X
• Session Idle Timeout: 0
• Re-Authentication Period: 0
• Quiet Period: 10
• Server-IP: 192.168.1.10
• Server-Port: 1812
• Secret Key: a long, random string used as a shared secret with the RADIUS server
• NAS-ID: wifi-sodtech1  (I’m an optimist)

In this case, 192.168.1.10 is the IP address of a local server that I’m going to use for RADIUS.  The RADIUS server doesn’t have to be local, but it should be reliably reachable.

FreeRADIUS

Next thing you will need is a RADIUS server.  I chose FreeRADIUS as the current best-of-breed RADIUS server for this application, since it supports EAP “out of the box” and has a configuration format much less treacherous than my last RADIUS server.  If you are looking to use your distribution’s packages, note that FreeRADIUS 2.1.8 or above is required, which means Ubuntu 10.04 LTS (Lucid) is the way to go.

To install it: apt-get install freeradius freeradius-mysql.  Ding, fries are done.

After you install it, the first thing you want to do is add a test user and try it out.  FreeRADIUS has an excellent introduction to this process on their wiki.  Note that you can certainly use the users file to maintain your user’s credentials: it’s quick, it’s easy, and it works just fine.  I chose to use a MySQL database, however, since I eventually want to make a pretty web front end for managing users.  But we’ll get there.

An important thing to note: FreeRADIUS must have access to the cleartext version of the password in this scenario.  It cannot do what it needs to do with a crypted or hashed password.  This may be a problem in some circumstances.  MSCHAPv2 does include mechanisms for challenge-response authentication without cleartext being stored on the server or transported over the network, most commonly implemented by using Active Directory as an authentication oracle.

The next thing you will need to do is add an entry to clients.conf for your access point.  Based upon the well-documented entry for the localhost test client, I created a client stanza for my access point:

I also chose to change the logging from destination = files to destination = syslog, to reduce log file creep.  And, just for paranoia’s sake, I changed the secret for the localhost test client.  At this point, restart your FreeRADIUS server, reboot your access point, and create a new connection from your laptop.

Easy as pie.  Note that the CA Certificate option on your client should be left blank at this point, because you’re using the standard auto-generated SSL certificate.

A “real” SSL Certificate

To generate a new one, I use DigiCert’s nifty OpenSSL CSR Wizard to create an openssl command line.  For the Common Name, I chose wifi.sodtech.net, although it doesn’t really matter as long as you can get a certificate signed to that CN.  I then sent the resultant CSR to CAcert.org, which sent a signed certificate back.  You could, of course, use a local CA or a commercial CA depending on your situation.  It’s pretty much the same as setting up an SSL’d web server.

I stuck the .crt in /etc/ssl/certs/ and the .key in /etc/ssl/private/, adjusting permissions as appropriate.  I then adjusted the symlinks in /etc/freeradius/certs/ to point at these files instead of the default snake oil certificate.  Upon restart of FreeRADIUS, I could point my laptop’s configuration at /etc/ssl/certs/cacert.org.pem and verify that I wasn’t attaching to some rogue network.  Hooray!

Storing Credentials in a Database

There’s nothing wrong with using the users file to store your users, especially if you only have a few.  But, if you have a lot of users or want to automate various things, some sort of database backend is crucial.  FreeRADIUS supports a wide variety of SQL servers, along with LDAP and Active Directory.  All it needs is to know how to get a cleartext password for a particular username (or some other way to get a yes/no answer for a session with the information it has, which is possible with AD).

The FreeRADIUS wiki covers SQL configuration nicely, including importing the schema found in /etc/freeradius/sql/mysql/schema.sql, but here’s the summary of my configuration changes:

• radiusd.conf
  • modules {
    • Uncomment $INCLUDE sql.conf
• sites-available/default
  • authorize {
    • comment out unix (optional)
    • uncomment sql
    • comment out expiration, logintime (optional)
  • accounting {
    • comment out unix (optional)
    • comment out radutmp (optional)
    • uncomment sql
  • post-auth {
    • uncomment sql
• sites-available/inner-tunnel
  • authorize {
    • comment out unix (optional)
    • uncomment sql
  • post-auth {
    • uncomment sql
• sql.conf
  • In sql{}, change the server credentials as required.
• users
  • Comment out the original test user!

And there you go.

Is PEAP for you?

Probably not.  However, when I set out to configure it, I was expecting it to be a lot more complicated than it was.  If you have an access point that speaks 802.1X and RADIUS, you might want to give this a try to add it to your box of enterprise tools.  For a security-minded organization, this can be one part of reducing the risk of a wireless network.  On a home network, however, it is probably overkill.

Oh… and the kernel lockup bug?  Doesn’t happen here.  Dang.

Edit 2010/08/15: Clarified cleartext password requirement; added mention of (and links to) Active Directory-related configuration.

RIT hosted their 19th annual Undergraduate Research and Innovation Symposium on Friday, August 13, showcasing over 100 undergraduate research projects across (and between) all of RIT’s disciplines.  I figured it was well worth waking up early on a Friday for the promise of a free lunch and an opportunity to test my arrive-by-8am bus routing to RIT, but the quality of the research and presentations certainly surpassed my expectations.

With so many presentations, the sessions were split across five tracks, with a ten-minute time limit per presentation.  Fortunately, they were grouped logically: I could avoid the ones that would go over my head, saving me from falling asleep.

My morning tracks were focused on the humanistic applications of technology, with presentations focusing on urban gardening, data visualization, improved power wheelchairs and cookstoves, and a plot to turn shipping containers into disaster housing.

Over lunch, RIT alum Jennifer Indovina, CEO and co-founder of Tenrehte Technologies, Inc., presented a buoyant keynote address recounting her startup’s experience creating the PICOwatt smart plug device.  Tenrehte’s journey (that’s “ethernet,” backwards) from nascent idea to underdog winner of 2010 CES Best of Show ("green” category) was sudden and unexpected: when your CES contingent consists of two people and you’re going up against Google and Microsoft, you don’t expect to bring home the hardware.  But they did.  Jennifer attributes it to the PICOwatt being a real product designed to directly improve people’s lives, rather than just being a vigorous marketing plan.

The afternoon sessions included an awesome video by Qian Yi Lau Li, documenting the power wheelchair project presented previously, along with a dirigible-based wind turbine system.  A pair of projects highlighted the challenges of developing applications for the OLPC XO laptop platform.  The final session of the afternoon featured instructional interactivity through the digital immersive cube, bringing better techniques to interactive physics experiments, and a MEMS thermally-actuated switch.

After the break, a list of the presentations.

Read more »

We use Asterisk 1.4 for our home telephone system, with FreePBX 2.7 as the front end.  This allows great flexibility to do strange things, although a home PBX is certainly a little overkill for a two-person, three-bedroom urban house.

Recently, I decided to give Google Voice a spin for voicemail processing.  I’m using a single Google Voice account for my cellphone and home phone extension.  I’m not going to elaborate on how the actual call forwarding to Google Voice is accomplished, but the key parts of the FreePBX and Google Voice configuration are:

To make the voicemail integration more seamless from my end, I decided that I needed to have two features:

1. Voicemail notifications on SIP phones
2. Normal feature code to retrieve voicemail

I couldn’t completely gut the existing voicemail system, as my wife still uses it.  So, I had to improvise.  First, the “easier” of the two features:

Per-extension feature code handling

FreePBX’s structure is such that an administrator can override parts of the dialplan if required.  This is one of those situations.  Into extensions_override_freepbx.conf, I copied the existing context from extensions_additional.conf and made a few modifications:

On line 6, I added GotoIf($["${AMPUSER}” = “103″]?googryan), which goes to the googryan label if the caller is user 103 (me).  Then, I added lines 18 through 20 to the end, as the destination for googryan.  The first plays a nice little message telling me to wait.  The second line is a little bit of Asterisk magic.

I didn’t want to have to hit * to get to Google Voice’s PIN prompt, so I wanted Asterisk to hit * for me.  Dial(Local/15855550000@from-internal,15,D(w*)) does this by opening a channel to 15855550000@from-internal (thereby using the normal call routing rules), then it waits for a couple moments and hits * (that’s the D(w*) part).

This works out really well.  Allison Smith politely introduces me to Kiki Baessell, who asks me for my PIN, and I’m there.  Bam.

Voicemail notifications on SIP phones

This is the more interesting of the two features.

I’m using pygooglevoice, a library of Python bindings for the Google Voice API.  Installing pygooglevoice was pretty easy: sudo easy_install pygooglevoice

Once installed, check out the documentation for some example code.  I take that back, actually.  Check out the command line script first.  By typing gvoice and entering your e-mail address and password, you get a delicious command line interface to Google Voice.  Try “help” if you’re stumped.

It turns out that getting the voicemail status from Google Voice was the easy part.  Telling Asterisk about it, however, was more difficult.  I could not find a mechanism where Asterisk could ask my program directly, so I decided to create fake msg0000.txt, msg0001.txt, etc files in the actual voicemail folders to match the current number of voicemails.

Being fancy, I also tried to make sure it would work “seamlessly” with Asterisk’s own voicemail, just in case I need to use that for whatever reason.  I do this by considering any other files on that msg#### (such as a msg####.wav) an indicator that it is an Asterisk-based voicemail and not one of our doppelgangers.  I hope Asterisk has the same courtesy.

So, here’s the code.  It sucks, of course, but it was an afternoon project.  So far, it’s working good.  I’m firing it from cron every three minutes, which seems wasteful: I might change it to only check during times I’m awake, since I won’t hear the voicemail indicator when I’m asleep.  But that’s another project…

Recently, I was tasked with installing a Drupal environment on an existing Ubuntu 10.04 LTS (lucid) server.  This release is the first Ubuntu release to ship with PHP 5.3.  Unfortunately, while the Drupal core is reasonably happy with PHP 5.3 as of late, there are likely still some modules out there that might break.

The installation for the environment in question required PHP 5.2, and I was not about to argue with it.  Fortunately, some research found a blog post with a PHP-downgrading shellscript that looked quite promising.  So, I decided to base my approach off of that.

There are alternative methods available.  A common, but misguided, approach is to uninstall the existing PHP components and compile your own PHP from source.  I am a strong believer that compiling software on a modern production server is a bad idea, for security and reliability reasons.  Another approach is to use a Personal Package Archive on Launchpad.  This is better, but I would much rather rely on the Ubuntu security team for updates than someone else (myself included!)

Since PHP 5.2 ships with karmic, lucid isn’t that much different than karmic, and karmic is still supported, why not just use the tried-and-true package management techniques?

Build a Testbed

Being a dull boy, I wanted to try this out “in the lab” before I went and blew up a client’s server.  To do this, I used a freshly-deployed VPS instance (testbox).  First, I used dpkg to clear the package selections from testbox.  Then, I cloned the selections from the production server (prodbox).  Finally, I logged into testbox and ran apt-get dselect-upgrade to apply the selections:

home$ ssh root@testbox dpkg --clear-selections

home$ ssh prodbox dpkg --get-selections | ssh root@testbox dpkg --set-selections

home$ ssh root@testbox

testbox# apt-get dselect-upgrade

Note: it goes without saying that logging in as root on a routine basis is Bad, and allowing remote ssh logins to root is also bad.  This is, however, a testbox.  I had previously used ssh-copy-id to install my public key on both testbox and prodbox.

I created the most basic of basic PHP pages, /var/www/testing.php, containing nothing more than:

<? phpinfo(); ?>

This gave me a URL to go to (http://testbox/testing.php) to make sure PHP was “there” and happy.  Once this was done, I shut down the instance and duplicated the image so I had a “known good” image.

Develop the Script

After booting, my next order of business was to look through the original script, figure out what it does, and make sure it “does the right thing."  Here, in short, is what it does:

1. Gets the list of all installed packages with “php” in their name using dpkg -l and grep.
2. Removes all of them – configs and all – with apt-get purge.
3. Using apt-cache search, get a list of all php-related packages and create pins for them in /etc/apt/preferences.d/php.
4. Add the karmic repositories to /etc/apt/sources.list.d/karmic.list, then apt-get update.
5. Install all of the packages that were installed before using apt-get -t karmic install.
6. Restart Apache, just because you’re probably running Apache.

I went through line-by-line, copying the “good stuff” to a shell script as I went along.  Once I was done, hoorah!  I had PHP 5.2 and all seemed well.

Test and Deploy the Script

I replaced this working image with a copy of the “known good” image, uploaded the script, and fired it.  Hoorah!  All was well.  Once that was set, I made sure a backup of prodbox was at the ready, just in case.  :-)  I then fired the script off on the real server, and… hoorah!  I checked out anything that might have broken, and indeed, all was well.

The script is available at http://gist.github.com/489868 with, of course, no guarantees of anything.  Hopefully this will be useless sooner rather than later, but we can hope!

This morning, in my quest to get caught up on my RSS feeds, a discussion about the best lifehacks mentioned in the daily best-of tldr reddit caught my eye. I consider myself a bit of a lifehacker, but it's mostly that engineering mindset coming through: there must be a more efficient way to live life, too.

A few of the hacks from reddit appealed to me, and I thought it prudent to pass them along:

• "Putting my clothes in my closet with the hangers reversed once a year. As I pull clothes out, I reverse the hanger. Every year I give away any clothes that I never took out." -- elblanco (Note: I do something like this, but since my closet has weird physics, I mostly just do it with a stack-like structure. If it hits the far end of the rod, it goes.)
• "When you need to remember to bring something with you, put your car keys on it the night before..." -- drewlb
• "For anyone just starting university, or grad school, in a program where you will write many papers: put EVERYTHING you ever read or remotely think will be useful into a bibliography database like Endnote (for Word users) or BibTeX. You can pdf almost everything to a massive folder and link to it. Then, not only is the info at your finger tips for however long you're in school, but the software writes the bibliography for you. NO idea why schools aren't teaching this alongside general advice on writing all sorts of term papers..." -- dolichoblond (Note: if you use Firefox and OpenOffice, check out Zotero.)
• "Not original or clever by any means but I'll share anyway: I put my keys, cell phone, and wallet in the same, separate pockets every day. When I walk out the door I just need to tap each pocket to make sure they're in there and I can leave knowing I have my three essential items. It's never failed me." -- DT7 (Note: as kitsuneudon points out, this is the "spectacles, testicles, wallet and watch" self-check)

And last, but definitely not least:

• "Babywipes for the bathroom. Seriously, your life will be +1." -- giveitago

There are plenty more like this out there, of course, and I highly recommend always thinking about ways to make life more efficient. Think about why you're doing something and how else you could accomplish the end goal. Even if you don't actually save time, it's a great mindset to be in.

While I don't personally follow it (yeah, I'm backlogged enough already), they tell me lifehacker.com is a popular site for these sorts of things.

Speaking of life, this post from mathematician Tanya Khovanova includes some tips for success from John H. Conway. In short, work more than one problem at a time:

If you only work on one problem and get stuck, you might get depressed. It is nice to have an easier back-up problem. The back-up problem will work as an anti-depressant and will allow you to go back to your difficult problem in a better mood. John told me that for him the best approach is to juggle six problems at a time.

Oh, and if you like to keep an eye on how far behind I am with my RSS reading, just take a look at my Google Reader shared items page. They let me share stuff with the global interweb by hitting just one button, which sure beats this whole writing-a-blog-post thing, so I tend to fire quick stuff from there once or twice a day. It's kind of a lifehack as well.

Very often, I need to quickly host a file for use in a forum post or on IRC. My usual approach has been to mount a "temporary" directory from my web server on my desktop, over ssh. However, I recently started using Dropbox to keep my important files synced: with this, I can access my school work from school without having to resort to ssh heroics or remembering to carry a flash drive with me (let's not get started on keeping it synchronized). Dropbox offers 2GB of storage for free, and they include a handy Public folder you can use to share files. Nice.

My little temporary directory, in practice, isn't very temporary. I rarely delete anything from it; indeed, the oldest image is nearing two years old. I also keep throughput test files there, and I kinda need those to be on my server. However, I hate remembering multiple long URLs, especially ones like http://www.hoopycat.com/~rtucker/tmp/moooar.PNG and http://dl.dropbox.com/u/3597105/system-fullpower.png. I also want to be able to transparently move files around as my needs change. And, most importantly, I want my stuff under the hoopycat.com domain for maximum flexibility.

So, I set up a dedicated hostname: http://drop.hoopycat.com/.

Here's the flow:

• A request is received for http://drop.hoopycat.com/filename. (Note: requests for / get redirected to http://hoopycat.com/).
• If filename exists in ~rtucker/public_html/tmp, serve it up.
• If it doesn't, issue a HTTP redirect to http://dl.dropbox.com/u/3597105/filename.

Easy enough, and it works darn well. I do no checks for the file's existence on Dropbox, so their 404 page gets served up for totally bogus URLs. This is not a big deal in practice.

The configuration of lighttpd is simple, using mod_magnet and a small Lua script. To lighttpd.conf or a conf-available/ file of your choice, add:

Code:

Then, create /etc/lighttpd/conditional-redirect.lua with the following script, borrowed from an example at http://redmine.lighttpd.net/projects/lighttpd/wiki/AbsoLUAtion:

Code:

Remember to replace the dl.dropbox.com URL with yours (and change everything else, too).

Assuming DNS is set up correctly and mod_magnet is installed (it's lighttpd-mod-magnet in Ubuntu 8.04), a restart of lighttpd should yield good results!

I still run Ubuntu Hardy (8.04 LTS) on servers, since I'm willing to trade some newer features for package stability. Alas, once in awhile, this stability becomes a problem: the standard whois client uses a set of compiled-in mappings to determine how to route whois queries, and this falls out of date surprisingly fast:

Code:

I've opened a Launchpad bug with the hopes that this gets SRU'd at some point, but I'm not confident enough in my packaging abilities to go forward with this myself (yet). So, at least in the interim, I've created a Personal Package Archive with whois 4.7.36, backported from the Lucid Lynx (10.04) repo. If you're interested in this, you can configure your system to use it in place of the normal whois:

• Add the repository to your /etc/apt/sources.list:

Code:

• Add the public key to your apt keyring:

Code:

• Run sudo apt-get update and sudo apt-get upgrade!

You can find more information and instructions at the Launchpad page for this PPA: https://launchpad.net/~rtucker/+archive/whois-delegation-backport. Also, be aware that, in the (unlikely) event of a security problem in the whois package, it may not get fixed in a timely manner if you're using this PPA. You have been warned.

Enjoy!

I can tell you're delighted to hear of the state of dehumidification in the basement. Winter is here, which is known for being bone dry. Thus, the dehumidifier's going to be taking it easy much of the winter, but it will still be ready to act when snow thaws and the basement gets damp!

The dehumidifier has every right to take it easy, now that it has taken the blogosphere by storm! Yes, the About Dehumidifiers blog wrote about our humble dehumidifier today, specifically with regards its Twitter support. Very cool.

In software news, the blog widget (on the right edge of this page) and the !d command on the Linode IRC channel now include a rough estimate of how much time is left on the tank. This is not an exact science, but the estimates will probably improve in the spring. I've also been playing with the capacitance-to-percentage conversion code. Anything to liven it up, I suppose.

Oh, and those random characters after the Twitter updates? Twitter started filtering duplicate status texts a little while back, resulting in no updates going through for awhile. Adding random text was a quick, 15-second fix, but it has worked well so far. Maybe I'll do something else in the future...

This document has been superseded by an official article in the Linode Library, written by the most excellent and brave Amanda Folson, for Ubuntu 9.10 and Apache. If you're deploying Asterisk and FreePBX on a dedicated Linode, I highly recommend following that procedure. However, if you're a crazy person and want to use lighttpd on a multi-purpose system, feel free to give my procedure a try.

I originally wrote this howto for Ubuntu 9.04 (Jaunty) a few months before Ubuntu 9.10 (Karmic) was released. I happen to have a spare system lying around right now, so I figure I might as well update this for 9.10!

Summary of major changes since the 9.04 document

• Kernel package: It appears linux-image-server no longer installs a Xen-aware kernel, so I now use linux-image-ec2.
• Zaptel replaced with DAHDI: Digium replaced Zaptel with DAHDI for Asterisk 1.6, which now ships with Ubuntu. This requires a change in package names, in addition to the usual changes one would expect between 1.4 and 1.6.
• More links to the Linode Library: Since I wrote the original post in August, Linode has really fleshed out their documentation. I've harmonized some of the "opening moves" with their getting-started documentation to reduce confusion.
• Now using upstart for spawning the FastCGI handlers: I figured there was a less cheesy way to do that.

Some concerns

I'm occasionally seeing the boot process locking up for awhile with nasty-looking kernel bug errors:

Code:

It eventually seems to pull out of it, but you might not want to do this on your production box until you're sure everything is happy and keen. If anyone knows anything about these errors, let me know. That said, I've been on a conference bridge with myself for the past ten minutes and everything's fine.

Without further adieu, here's the howto!

Rationale

FreePBX is a popular PHP front end for the Asterisk PBX system. It morphs the complex yet very flexible Asterisk configuration into something easier to use (yet still very extensible). When I worked for a business-class VoIP provider back in the day, we used FreePBX (and its predecessor, AMP) for most of our customer-premise PBX servers.

I prefer configuring and managing my Asterisk system using FreePBX. However, I can't justify an entire server for Asterisk, so I need it to coexist with a number of other applications. What I can justify is a VPS with relatively little memory, so some tuning is required.

The usual installation instructions assume the use of CentOS, Apache and mod_php for the stack. There are a few downsides to this configuration.

Read more »