Adding a VPN “KillSwitch” to NetworkManager

5 September 2014

I use a VPN connection most days, and leave it unattended. Sometimes, however, it is not as stable as I would like it to be, and it disconnects, for instance because of wireless network problems. The wireless connection is brought up again, but the VPN connection stays down, causing potentially sensible data to be exchanged through an insecure channel. Bad.

How can we solve this?

In jargon, a mechanism that disconnects you from the Internet when your VPN connection disconnects, is called a “VPN Kill Switch”. There is a simple way to add one to NetworkManager, thankfully, via a dispatcher script. These scripts will be automatically called when a connection goes up or down.

You can save the following in /etc/NetworkManager/dispatcher.d/99vpnkillswitch, and give it 0755 permissions (it must be owned by root):



interface=$1 status=$2
case $status in
        # Get the physical device associated with the VPN connection
        nmcli -f type,device c | awk '$1~/^vpn$/ && $2~/[^\-][^\-]/ { print $2; }' > "${IFFILE}"
        xargs -n 1 -a "${IFFILE}" nmcli device disconnect

You’re good to go! Try stopping your VPN interface, and your associated physical interface should be brought down too.

Having Pulseaudio downmix Surround 5.1 to Stereo

26 August 2013

After a good deal of gnashing of teeth, I finally managed to get Pulseaudio to Do The Right Thing™ (which is what the thing I want, not what it wants): downmixing Surround 5.1 to Stereo.

The problem was simple: I had a lot of lossless FLAC files containing Surround 5.1 audio (that is, 6 channels). However, at the moment I only own a couple of speakers which are good enough for casual listening (ergo, 2 channels stereo).

I thus wanted Rhythmbox, Totem, and other apps to simply make me listen to the rear channels; else, I would lose half of the guitar solos in Jethro Tull’s “Aqualung”, because when it was recorded it was spatially at the rear of the room.

Read the rest of this entry »

Downloading videos from

22 October 2011

I have a netbook, and I really enjoy watching (also because Rai has an idiotic policy for people like me living abroad: only RaiNews24 is available for us emigrants).

However, things being what they are, I am not always connected to the Internet. Therefore, I’d like to download some replicas of TV shows they air (like news, or the incomparable Crozza’s Italialand!) on my hard disk, and watch them while waiting (say) at the airport or in the train.

So, I wrote a script to download videos from directly. Just go there, open the episode you’d like to download, and run this Ruby script passing it the URL:

#!/usr/bin/env ruby

require 'uri'
require 'net/http'
require 'rexml/document'

# Constants
LA7TV_URL = ''
ARCHIVE_URL = 'rtmp://'

if ARGV.empty? or not ARGV[0].include? LA7TV_URL
  $stderr.puts <<-EOD
This script downloads videos from, for your personal use only.
The idea is that you can watch what you see online for free, but offline too.
Please be sensible and don't use this method for breaking the law.

Please make sure rtmpdump is installed.

Usage: #{$0} <>
  exit -1

asset_number = ARGV[0].split('assetid=')[1]
xmldoc = Net::HTTP.get URI.parse(sprintf DESCRIPTOR_URL, asset_number)
xml = xmldoc
videos = REXML::XPath.match(xml, '*/videos/video')
video = videos.max_by { |video| video.elements['quality'].text.to_i }

local_filename = video.elements['originalName'].text
remote_filename = video.elements['fms'].text.gsub(/^mp4:\//, '')
remote_url = sprintf ARCHIVE_URL, remote_filename

puts "Downloading #{local_filename}\n\tfrom #{remote_url}"
Kernel.exec "rtmpdump -e -o '#{local_filename}' -r '#{remote_url}'"

It’s maaagiiiic! 🙂 Remember to install rtmpdump (available in most distros), and of course Ruby.

PLEASE USE THIS RESPONSIBLY. You are consuming a lot of bandwidth in a short timeframe on their server by downloading things instead of streaming them, so: a) do it only for personal use, and b) don’t do it for things you will not watch.


As an addendum to “Nokia spreading FUD?” of Matthias Kirschner

14 March 2011

Original article available here: Nokia Spreading FUD?

Nokia says:

“Many organizations which want to use Qt for their business applications choose commercial licenses, for a variety of reasons. These include restrictions in using open source licensed software in industries such as defense & aerospace, or the need to provide product warranties & indemnities such as in the medical device industry. Others choose a commercial relationship for access to Qt professional support and services to ensure successful development of their projects.”

and Matthias points out:

First, warranties, indemnities, support and services can be done with any GNU license. Qt is licensed under the GNU LGPL, so in this sense it is a commercial license. There is commercial Free Software, as well as non-commercial non-free software, or to put it in David Wheeler words:

“It’s time to end the nonsense. OSS is practically always commercial, which means that there are two major types of commercial software: proprietary software and OSS. Terms like ‘proprietary software’ or ‘closed source’ are plausible antonyms of OSS, but ‘commercial’ is absurd as an antonym, and phrases like ‘commercial or OSS’ make no sense.”

I agree with Matthias (and David) here; speaking as a software engineer, the biggest requirements in the aerospace and defense sectors are about testing and software reliability.

For example, NASA requires complete MC/DC for critical code. But that has absolutely nothing to do with licensing.

Most proprietary software does not qualify either. And its closed-source development model makes it only harder to assess its quality, because it is hard to ask for multiple third-party code reviews.

In fact, many times tenders for aerospace or the military ask for delivering *also the source code*. I wonder how any type of free software licensing scheme can hinder that.

As far as other points go: the GPL states that “this program is distributed without any warrant of any kind”. But indemnities can be offered as an additional service on top of the original license (like the GPL). This is not unalike to what happens with most EULAs.

For a notable example, check the Microsoft SQL Server Enterprise 2008 edition EULA, which is a critical component of many systems. Item 23, and the “Limited Warranty” section (points G and H, specifically) are quite clear.

What to do if the gherkin gem does not compile

7 February 2011

On my GNU/Linux box, the gherkin gem doesn’t want to compile – and it is a dependency of cucumber, so that’s pretty annoying.

The errors returned when trying to build it are:

matteo@orchid:~$ gem install gherkin
Building native extensions.  This could take a while...
ERROR:  Error installing gherkin:
ERROR: Failed to build gem native extension.

/home/matteo/.rvm/rubies/ruby-head/bin/ruby extconf.rb
checking for main() in -lc... yes
creating Makefile

compiling gherkin_lexer_ar.c
cc1: warnings being treated as errors
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl: In function ‘unindent’:
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl:252:3: error: ISO C90 forbids mixed declarations and code
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl: In function ‘store_multiline_kw_con’:
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl:285:3: error: ISO C90 forbids mixed declarations and code
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl: In function ‘store_pystring_content’:
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl:322:3: error: ISO C90 forbids mixed declarations and code
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl: In function ‘CLexer_init’:
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl:364:3: error: ISO C90 forbids mixed declarations and code
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl: In function ‘CLexer_scan’:
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl:378:3: error: ISO C90 forbids mixed declarations and code
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl:381:3: error: ISO C90 forbids mixed declarations and code
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl:180:5: error: ISO C90 forbids mixed declarations and code
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl:230:9: error: ISO C90 forbids mixed declarations and code
/Users/ahellesoy/scm/gherkin/tasks/../ragel/i18n/ar.c.rl:230:9: error: ISO C90 forbids mixed declarations and code
make: *** [gherkin_lexer_ar.o] Errore 1

Fortunately, the error is pretty self-explanatory. You can have it install by just doing:

gem install gherkin -- --with-cflags="-std=c99"

That will fix it. Cheers,

Living in Sweden, part I

16 September 2010

In spite of all appearances, I didn’t disappear at all. I’ve just moved in that northern and lonely country known as Sweden. A forest-riddled lake-filled land which projects itself into the Baltic sea like a 1,574-kilometers-long impotent phallus, complete with its emptied scrotum, Finland. Since many friends back home did request for a summary of my activities in Northrend ­ — er, I mean, Sweden —, I thought it would be advisable to answer once for all to you with a single post.

First of all, why I came here. As many of you may be aware of, the European Commission was kind enough to provide me with a scolarship to take on my studies again. Thus, I enrolled in the EMSE, which stands for “European Master in Software Engineering“, since it’s the field that interests me the most. It’s an Erasmus Mundus programme, and we’re eight people which received the funding this year. Some others have been enrolled thanks to their companies’ sponsorship — a practice mostly unknown in Italy, even if I can’t figure exactly why, since I find it a good investment. If I’m not mistaken, there should be about 5 of us attending the first year here in Karlskrona. Of course, many other students attend our courses which are shared across different curricula, and are held in English.

That said, let’s go down to the gory part. I arrived in Sweden on August 23rd, by taking the train above the bridge which crosses the Baltic sea: the Øresundståg from Copenaghen. I had another 8 hours of travel by bus since I was coming from Berlin — I stayed with my girlfriend Josefine for the previous two weeks or so. Thus, you can put some bricks one above the other:

  • I arrived in a country I never visited, alone;
  • I did not sleep more than two hours;
  • my apartment was unfurnished. Yup, a completely empty room devoid even of a bed, or a chair;
  • my heart was heavy from having left my family and especially my Josefine;
  • I managed to get the flu, with a temperature of about 38 °C;
  • the first day I had to go by feet back and forth for about 20 km total, in order to buy some furniture, go to the supermarket (did not buy any food, just dishes, a frying pan, something to clean the room…), take the train, meet with my course responsible, etc; this repeated for a couple of days. Try taking steep slopes with two or three shopping bags for about 20-30 kg, when it’s raining;
  • no means to cook, plus the flu, plus depression, made me pass some three days without eating;
  • I got my bed just after two days, so I had to sleep on a couch in the corridor, clothed (not very comfortable), or on the floor (worse);
  • no Internet connection, since I didn’t have even a computer — that means, no easy way to get in touch with other human beings. My floor was almost empty, bar a couple of Sweden guys which aren’t very inclined to talk (more to play World of Warcraft 10 hours a day). Thus, no friends.

You get the picture. If you think I’m to blame to having gotten a tad bit pessimistic and depressed, sorry about that. I think it was human and understandable. Fortunately, my mother and Josefine came to the rescue a couple of days after. By then, I managed to sort the most essential things out, however fortunately they were there and helped me to make this apartment my home, comfortable and nice.

Now I’m okay. Here the university is very beautiful, and with an outlook on the sea, even. We have reading rooms with modern art and baggy sofas, completely new buildings, and so on. If finding an apartment in Karlskrona or Ronneby (where I live, it’s 35 km away from Karlskrona but the train for us students is free) wasn’t so damn difficult, I would have immediately liked Sweden. I’ve got a huge and wonderful park nearby, with lakes, trees gently storming, a Japanese zen garden, a lot of ducks, squirrels and woodpeckers. Well, the ducks are leaving. But they’ll be back. 🙂 I do prefer Ronneby to Karlskrona, by the way.

The thing is, they have this compartmented way to build cities: in the city centre they have all the shops and supermarkets, and then the residential areas are quite far away. Fortunately, a friend of a friend of Josefine lent me a bike! That was very nice of him. Thanks, Mats. Without that, each time I had to go to the supermarket it would have been pretty much a suicide. I hope nobody steals my old Betsie.

Here they teach you in a very much different way than in Italy. You barely have lectures (like, one-two times a week, for two-three hours each), but you’re required to spend about 40 hours weekly working on assignments and studying. I think it works, after all. Things aren’t hard to understand in this way, and they stick to my mind better. At the moment, I’m taking two courses: Software Architecture and Quality, and Advanced Project Management (even if I don’t see where the “Advanced” part comes in, yet). The first deadlines will be at the end of the month.

The Blekinge Institute of Technology is considered to be within the first 15 educational institutions in the software engineering field, worldwide. So I guess I’m quite lucky to be here. Let’s see if I manage to blow this up as I always do… anyway, I’m making friends, expecially from the Eastern Europe and from Pakistan. People from Pakistan are very friendly, mostly like us Italians, so I feel at home with them. They’re always kind and caring.

By the way, I’m getting much much better at English than before my arrival — and it’s only three weeks! I’m very happy about this. If I manage to come out of this alive, I will have a Swedish degree, a German one (since next year I should move to Kaiserslautern), and a solid understanding of the English language. I’m starting to learn German, too. No much sense in learning Swedish bar for essential matters: almost all Swedish people speak an excellent English, and there are just 9 millions of Swedish speakers anyway.

And after all this, what will I do? Well, it’s too early to say. For now, I’ll just have to return to my assignments… but first, let’s cook dinner!

Thanks for reading, I miss you all. I think of you fondly.


PS. I don’t know about all those myths about Swedish girls. They’re quite ugly, at least here in the South. They just have revealing clothes, but that’s all. Once in a while you see a pretty one, yes, but that’s just statistics, right? Now, Italy or Germany are quite different… maybe in Stockholm?

PPS. The only thing I’m really, really, really missing from Italy, is the food. Sweden is not much more expensive than Italy, but the quality is nowhere near. To be honest, I had the same problem in all the countries I visited up until now. I guess Italy has just the best food in the world, full-stop.

Having Cherokee playing well with RVM and Ruby on Rails

5 May 2010

Update: now it works with Rails 3.0.

Today I went down to try and have Cherokee working well with RVM. I wanted being able to switch the Ruby version with ease, in order to allow for a painless upgrading when patches are released upstream. More, I wanted to be able to create gemsets and such. Cherokee is fast as hell, and much easier to maintain than Apache.

After a little bit of fiddling, I came up with a nice and easy solution, which roughly goes like this:

  1. Create a rails user on your system. My advice is to lock it down with “passwd -l rails” after creation.
  2. If you installed any gems as root, it’s best to remove them. Then, follow the normal instructions to install rvm su-ing as the rails user. Compile and set as default a ruby instance of your choice (“rvm use –default ruby-1.8.7“, for example).
  3. Always logged in as the rails user, install any gem you may need. You can do this later, if you prefer. Test if your website starts manually, by calling script/server, or if it complains about missing gems.
  4. chmod -R your rails project to rails:rails. I keep my production sites under /var/www, but you can put ’em in /home/rails, for example.
  5. Use the standard wizard that comes with Cherokee to prepare the sources for your website.
  6. Under the “Interpreter command” text field of each of the three newly created sources, prepend the command that’s already there with (“/home/rails/“). For example: “/home/rails/ example-website script/rails server -b -e production -p 38161“. I omitted “/var/www/“, but you can put it there if you want.
  7. For each of the sources, set the user and the group the site will be served with to “rails“.
  8. Create a new file /home/rails/, which will do the simplest magic we need:

if [ "$(whoami)" != "rails" ]; then
echo "Cannot run this script as root. You must sudo to the 'rails' user."
exit -1;

export HOME="/home/rails"

if [[ -s "$HOME/.rvm/scripts/rvm" ]]; then
source "$HOME/.rvm/scripts/rvm";

cd "/var/www/$1"
exec ${@:2}

Now, if someone of the Cherokee project would be so kind to fix that ugly “Bad gateway” error the first time you try to access a Rails site and the interpreter hasn’t been spawned yet, I’d be immensely grateful. 🙂