Monday, December 28, 2009

HOWTO : Google Public DNS

Google Public DNS is a free, global Domain Name System (DNS) resolution service, that you can use as an alternative to your current DNS provider. It is faster and more secure than OpenDNS.

Configure your network settings to use the IP addresses 8.8.8.8 and 8.8.4.4 as your primary and secondary DNS servers respectively.


Reference
Google Public DNS

Speed up your browsing experience

Improve your security

Frequently Asked Questions

HOWTO : Screen resolution on Ubuntu 9.10

When your display cannot report the correct EDID (Extended Display Identification Data), your X will not work properly. Usually, it will display 800x600 resolution or lower although your display is 1024x768 or higher.

Step 0 :
sudo service gdm stop
sudo Xorg -configure
sudo service gdm start


Step 1 :
If your monitor is 1024x768 at 60Hz, you can go to the following site and calculate the modeline.

Calculator for video timings

Select standard "1024x768@60Hz" mode and press the Calculate button.

The modeline will be as the followings :

Modeline "1024x768" 65 1024 1048 1184 1344 768 771 777 806 -hsync -vsync

Copy and paste the captioned "modeline" to "Monitor Section" of ~/xorg.conf.new.

Step 2 :
sudo cp xorg.conf.new /etc/X11/xorg.conf

Step 3 :
Go to "System" - "preference" - "Display"

Choose "Yes" and select the desired resolution then save.

Step 4 :
Reboot your system or restart X.

If you are using nVidia display card, you need to do the following.

Step a :
Install the nVidia driver from "System" - "Administration" - "Hardware driver".

Reboot your system.

Step b :
sudo nvidia-xconfig

Step c :
gksudo nvidia-settings

Select the desired resolution and save to the configuration file.

Step d :
Go to "System" - "preference" - "Display"

Choose "No" and select the desired resolution then save.

Step e :
Reboot your system or logout and login again.

That's all. See you!

Saturday, December 19, 2009

HOWTO : HSDPA/HSPA modem on Ubuntu 9.10

When you are the first time using HSDPA/HSPA modem on Ubuntu 9.10, you will not encounter any problem. However, when you use the modem the second time, it hardly to get the DNS. As a result, you cannot surf the internet.

Therefore, you should write the DNS down when you insert the HSDPA/HSPA modem to the Ubuntu 9.10 the first time. Add the DNS to the Network Manager by editing "IPV4 Setting" - "PPP address only".

The following are some service providers in Hong Kong :

3HK -
Primary DNS 202.45.84.67
Secondary DNS 202.45.84.68

CSL, One2Free, 1010 -
Primary DNS 192.168.63.101
Secondary DNS 192.168.63.102

Smartone Vodefone - unknown to me

That's all. See you!

Monday, December 14, 2009

HOWTO : Ubuntu 9.10 on HP Mini 110 Netbook

HP Mini 110 Netbook is using Broadcom 4312 Wifi card (bcm4312). However, Ubuntu 9.10 cannot recognize the hardware. You should do something on it.

The tutorial also suits for bcm4311, 4321 and 4322 hardware.

Install the driver
sudo apt-get remove b43xx-fwcutter
sudo apt-get install bcmwl-kernel-source


Append "wl" to the following file.
sudo nano /etc/modules

wl

Configure the module
sudo nano /etc/modprobe.d/wl

Add the following line.
install wl modprobe -r b43 b44 b43legacy ssb; modprobe --ignore-install wl $CMDLINE_OPTS; modprobe ssb; modprobe b44;

Reboot your system.

That's all. See you!

Sunday, December 13, 2009

HOWTO : Traditional Chinese handwriting on Ubuntu 9.10

Traditional Chinese handwriting is available in Linux now. Tegaki Project provides Traditional and Simpified Chinese as well as Japanese handwriting input for Linux, Mac OS X and Windows. It is developed by Python; thus, it is a cross-platform application.

However, Tegaki supports SCIM only. Therefore, you should install SCIM and change to use SCIM instead of iBus at "System" - "Administration" - "Language support".

Install SCIM
sudo apt-get install scim scim-modules-table scim-chewing scim-pinyin scim-chinese

Install Tegaki
Download and install the following files from the Tegaki official site. The packages in Ubuntu repository cannot be installed.

(a) tegaki-python (install this first)
cd ~
wget http://www.tegaki.org/releases/0.3/tegaki-python-0.3.tar.gz
tar -xzvf tegaki-python-0.3.tar.gz
cd tegaki-python-0.3
sudo python setup.py install


(b) tegaki-pygtk (install this secondly)
cd ~
wget http://www.tegaki.org/releases/0.3/tegaki-pygtk-0.3.tar.gz
tar -xzvf tegaki-pygtk-0.3.tar.gz
cd tegaki-pygtk-0.3
sudo python setup.py install


(c) tegaki-recognize
cd ~
wget http://www.tegaki.org/releases/0.3/tegaki-recognize-0.3.tar.gz
tar -xzvf tegaki-recognize-0.3.tar.gz
cd tegaki-recognize-0.3
sudo python setup.py install


(d) scim-tegaki
cd ~
wget http://www.tegaki.org/releases/0.1/scim-tegaki-0.1.tar.gz
tar -xzvf scim-tegaki-0.1.tar.gz
cd scim-tegaki-0.1
sudo python setup.py install


(e) tegaki-train
cd ~
wget http://www.tegaki.org/releases/0.3/tegaki-train-0.3.tar.gz
tar -xzvf tegaki-train-0.3.tar.gz
cd tegaki-train-0.3
sudo python setup.py install


(f) tegaki-tools
cd ~
wget http://www.tegaki.org/releases/0.3/tegaki-tools-0.3.tar.gz
tar -xzvf tegaki-tools-0.3.tar.gz
cd tegaki-tools-0.3
sudo python setup.py install


(g) Models of Zinnia - Traditional Chinese.
cd ~
wget http://www.tegaki.org/releases/0.3/models/tegaki-zinnia-traditional-chinese-0.3.zip
unzip tegaki-zinnia-traditional-chinese-0.3
cd tegaki-zinnia-traditional-chinese-0.3
make
sudo make install
cd ~


(h) Install Zinnia Recognition Engine.
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install python-zinnia zinnia-utils libzinnia0


Gnome menu entry
Add the Tegaki to the Gnome menu.
sudo nano /usr/share/applications/tegaki.desktop

[Desktop Entry]
Version=1.0
Encoding=UTF-8
Name=Tegaki Handwriting
Exec=tegaki-recognize
Icon=/usr/local/share/tegaki/icons/handwriting.png
Terminal=false
Type=Application
Categories=Application;System;
Comment=Tegaki Handwriting


How to use Tegaki

Step 1 :
Click on "Tools/Configure" icon on the right hand side panel. Set "Search after (msecs)" to 200 or larger. Then click on "Search on stroke" and "Confirm".

Step 2 :
Write the Chinese characters in the boxes provided. To clear the characters click "Sweep". If you want to make correction to the character that you just wrote, click on the character on the top bar.

Step 3 :
After wrote some characters, you can click on "Green tick". Then, go to the word processor or editor. Press "Ctrl+V" or click "Paste".

Reference
Tegaki Project
HOWTO : Ubuntu 9.10 on Gigabyte TouchNote T1028X

Saturday, December 12, 2009

HOWTO : Ubuntu 9.10 on Gigabyte TouchNote T1028X

Hardware configuration

Intel Atom N280 1.6GHz CPU
2GB DDR2 677HMz RAM
250GB 2.5" Hard Drive (Changed to Intel X25-M 80GB SSD)
10.1" Touch screen
PC Express card slot
3 x USB 2.0
All-in-one card reader
Carrying bag

This tablet netbook is in good desgin and quality. It is purchased on 2009-DEC-11 at $4,700-HK with USB mouse and screen protector as gifts. However, the screen protector is a little bit larger than the screen. I also added a Hauwei EM770 3.75G HSDPA modem and changed the hard drive to Intel X25-M 80GB SSD. The total cost is increased to $7,260-HK. Although the price is more or less reached the mid-range notebook level, it is worth to buy. By the way, it is a little bit heavy when holding it with one hand using touch screen feature.

Make sure to update your BIOS to "FC" version as it will activate the Wifi by default. The machine comes with "FB" version of BIOS.

The machine almost works perfectly on Ubuntu 9.10 including HSDPA modem but except touch screen feature. We need to do something to make it work.

Installation of Ubuntu 9.10

Make sure to press F6 on the startup menu and choose "expert mode" and followed by "Esc". Otherwise, your mouse will not work after the boot up.

Append the following line at the end of the command displayed on the screen.

elevator=noop i8042.noloop=1

Install Ubuntu 9.10 as usual. After the first boot up your mouse cannot work. Just follow the steps below to make it work again.

Press Ctrl+Alt+F2. At the command prompt, enter your username and password.

sudo nano /boot/grub/grub.cfg

Locate "linux" tag and append the following at the end of the line.

elevator=noop i8042.noloop=1

Save and reboot your system.

** Note : you need to add the line on every kernel updated.

Configure touch screen

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade


sudo apt-get install xserver-xorg-input-evtouch gnome-randr-applet

sudo nano /etc/hal/fdi/policy/evtouch.fdi

Append the following lines.


<?xml version="1.0" encoding="UTF-8" ?>
<deviceinfo version="0.2">
<device>
<match key="info.product" contains="eGalax Inc. USB TouchController">
<merge key="input.x11_driver" type="string">evtouch</merge>
<merge key="input.x11_options.ReportingMode" type="string">Raw</merge>
<merge key="input.x11_options.Emulate3Buttons" type="string">false</merge>
<merge key="input.x11_options.Emulate3Timeout" type="string">1</merge>
<merge key="input.x11_options.SendCoreEvents" type="string">On</merge>
<merge key="input.x11_options.MinX" type="string">0</merge>
<merge key="input.x11_options.MinY" type="string">2</merge>
<merge key="input.x11_options.MaxX" type="string">4096</merge>
<merge key="input.x11_options.MaxY" type="string">4096</merge>
</match>
</device>
</deviceinfo>


Reboot your system.

After booting up, go to "System" - "Administration" - "Calibrate Screen" and follow the instruction on screen to calibrate the screen.

Screen Rotation

You can rotate your screen on demand by Gnome Randr Applet. However, it cannot rotate your screen automatically.

Make Firefox work better

Install "Grab and Drag" add-on.

"Grab and Drag" add-on demo on Youtube.

That's all. See you!

Sunday, December 06, 2009

HOWTO : Why partitioning does matter on Ubuntu?

Ubuntu is one of the most user-friendly Linux distributions in the world. However, Linux distributions change a lot on every new release. Although we can upgrade to the newer release easily on Ubuntu, I suggest to have a fresh install on every new release.

In my opinion, it is a good practice to format your hard drive at least in four partitions. Such as

/boot (about 1GB)
/ (not less than 8GB)
/home (depends on your hard drive space reminded)
/swap (twice as your amount of RAM)

In this way, you can install and format /boot and / partitions and leave /home untouch on every new or re-install. All your settings at /home are reminded unchange as well as the data in that partition. Be keep in mind that you are NOT required to format /home partition.

You are also required to backup /etc/passwd and /etc/shadow when necessary if you have more than one user.

That's all. See you!

Tuesday, December 01, 2009

HOWTO : MyGica D689 USB HDTV Dongle on Ubuntu 9.10

We can watch digital TV including HDTV on Ubuntu 9.10 with MyGica D689 USB HDTV dongle. You may also require to buy a new nVidia series 9000 or up display card. Since series 9000, nVidia display card supports hardware acceleration for playing HD video.

In order to keep my Ubuntu box easy for update and secure, I prefer to install software packages from official and PPA repositories. However, I need to compile the MyGica driver in order to make it works. Only gXine works out of box without compilation.

Hardware and software used in this tutorial :

CPU - AMD Athlon 64 x 2 4200+
RAM - 8GB DDR2 800
Hard Drive - 320GB x 2 on Hardware RAID 0
HDTV - MyGica D689 HDTV USB dougle (v3.0)
Display card - XFX nVidia GT240 with 1GB DDR3 RAM and HDMI
Operating system - Ubuntu 9.10 Desktop AMD64 with Kernel 2.6.31-16-generic

The following procedures are for installing PPA nVidia display driver.

Step 1 - Add essential repositories :

(A) Add medibuntu repository (for general multimedia codecs and plugins)

sudo wget http://www.medibuntu.org/sources.list.d/karmic.list --output-document=/etc/apt/sources.list.d/medibuntu.list &&
sudo apt-get -q update &&
sudo apt-get --yes -q --allow-unauthenticated install medibuntu-keyring &&
sudo apt-get -q update


** Note : If you are using Ubuntu Samiux Remix, you are not required to add this repository as it is already added.

(B) Add nvidia-vdpau repository (for related VDPAU libraries)

echo "deb http://ppa.launchpad.net/nvidia-vdpau/ppa/ubuntu karmic main" | sudo tee -a /etc/apt/sources.list.d/nvidia-vdpau.list
echo "deb-src http://ppa.launchpad.net/nvidia-vdpau/ppa/ubuntu karmic main" | sudo tee -a /etc/apt/sources.list.d/nvidia-vdpau.list


Add key of nvidia-vdpau repository to the keyrings.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CEC06767

sudo apt-get update
sudo apt-get upgrade


** Remarks : Or, you can use this command
sudo sh -c 'echo "Test I want to write" > /path/to/file'

Step 2 - Install all related softwares, codecs and plugins :

sudo apt-get install x264 gxine gxineplugin mencoder mplayer-nogui

** Note : If you are using Ubuntu Samiux Remix, you are not required to install the following codecs and plugins.

sudo apt-get install ubuntu-restricted-extras quicktime-utils quicktime-x11utils libdvdnav4 libdvdread4 libdvdcss2 non-free-codecs faad

** Note : If you are using Ubuntu Samiux Remix, you may need to uninstall mplayer as it cannot work properly.

Then, reboot your system.

Step 3 - Install nVidia display driver

Select "System" - "Administration" - "Hardware driver" from the menu on the desktop.
Choose nVidia display driver 190 version as prompted. After the install, you are required to reboot your system.

After the reboot, you should install the following package.

sudo apt-get remove nvidia-settings
sudo apt-get install nvidia-settings-190


Step 3a - Alternative way to install nVidia display driver (Optional)

** Note : Choose Step 3 or 3a only but not both of them.

Uninstall the following package.

sudo apt-get remove nvidia-settings-190

Download the latest beta nVidia display driver 195.22 (as on 2009-11-28).

x86 version :
wget ftp://download.nvidia.com/XFree86/Linux-x86/195.22/NVIDIA-Linux-x86-195.22-pkg1.run

x86_64 version :
wget ftp://download.nvidia.com/XFree86/Linux-x86_64/195.22/NVIDIA-Linux-x86_64-195.22-pkg2.run

Install nVidia latest beta driver (195.22)

sudo apt-get remove nvidia-settings-190

sudo service gdm stop

It will go to command mode.

sudo sh NVIDIA-Linux-x86-195.22-pkg1.run

or

sudo sh NVIDIA-Linux-x86_64-195.22-pkg2.run

Follow the instructions on the screen to complete the installation.

sudo service gdm start

Reboot your system to make the driver activate.

For uninstall nVidia display driver :

sudo sh NVIDIA-Linux-x86_64-195.22-pkg2.run --uninstall
sudo sh NVIDIA-Linux-x86-195.22-pkg1.run --uninstall


** Note : If your kernel is updated, you should install the nVidia again.
** Note : Manual install of nVidia driver will overwrite some of the PPA's files. When you uninstall the driver, you need to reinstall the PPA's driver and libraries.

***The following procedure is for reinstall the PPA's driver after uninstalled manual installed official driver.

sudo service gdm stop
sudo apt-get --reinstall install nvidia-settings-190 nvidia-190-libvdpau nvidia-glx-190 nvidia-common nvidia-190-kernel-source xserver-xorg-video-nv nvidia-190-modaliases

sudo reboot


Download links for latest nVidia driver :

Download latest or beta x86 version
Download latest or beta x86_64 version

Then reboot your system.

Step 4 - Confirmation of VDPAU drivers are installed

Make sure "vdpau" is installed and activated.

ffmpeg -formats | grep vdpau

If you can see some vdpau displayed, vdpau works.

Step 5 - Install MyGica D689 driver :

sudo apt-get install mercurial

At you desired directory, such as /home/samiux.

mkdir mygica
cd mygica
hg clone http://bitbucket.org/davidtlwong/mygica_x8558pro
cd mygica_x8558pro


make
sudo make install


** Note : If you see an error of compiling FireDTV, you should do the following.

nano v4l/.config

Locate "CONFIG_DVB_FIREDTV=m" and change to "CONFIG_DVB_FIREDTV=n"

Save it and run "make" again.

make
sudo make install


Step 5a - Alternative way to install MyGica driver (Optional) :

** Note : Choose Step 5 or 5a only but not both of them.

Or, you can install this version. I prefer this version.

MyGica driver version used (Tip's version) :
Download Tip's version

wget http://bitbucket.org/davidtlwong/mygica_x8558pro/get/tip.tar.gz

tar -xvzf tip.tar.gz
cd mygica_x8558pro

make
sudo make install


** Note : If you see an error of compiling FireDTV, you should do the following.

nano v4l/.config

Locate "CONFIG_DVB_FIREDTV=m" and change to "CONFIG_DVB_FIREDTV=n"

Save it and run "make" again.

make
sudo make install


Tip's version changelog

Step 6 - Configure gXine :

Run gxine once and quit.

cd ~
nano .config/gxine/config

nano .config/gxine/channels.conf


Copy and paste the following :


inews:586000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_2_3:FEC_2_3:QAM_16:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_32:HIERARCHY_NONE:0:0:83
j2:586000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_2_3:FEC_2_3:QAM_16:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_32:HIERARCHY_NONE:0:0:82
jadehd:586000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_2_3:FEC_2_3:QAM_16:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_32:HIERARCHY_NONE:0:0:85
hdtv:602000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_1_2:FEC_1_2:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:0:0:12
atv13:602000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_1_2:FEC_1_2:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:0:0:13
ctiatv:602000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_1_2:FEC_1_2:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:0:0:14
cctv:602000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_1_2:FEC_1_2:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_8:HIERARCHY_NONE:0:0:15
jade:482000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_AUTO:FEC_AUTO:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_32:HIERARCHY_NONE:811:0:1
pearl:482000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_AUTO:FEC_AUTO:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_32:HIERARCHY_NONE:841:0:2
home:482000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_AUTO:FEC_AUTO:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_32:HIERARCHY_NONE:111:0:11
world:482000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_AUTO:FEC_AUTO:QAM_64:TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_32:HIERARCHY_NONE:161:0:16


* This "channels.conf" is for HONG KONG only.
** The first entry of the "channels.conf" will be played once it is activated.

Then, copy the channels.conf to ".xine" directory.

cp .config/gxine/channels.conf .xine/channels.conf

Or, you can scan your own.

sudo apt-get install dvb-apps

scan /usr/share/dvb/dvb-t/hk-HongKong > channels.conf


Step 7 - Further configure gXine :

(A) Select "File" - "Configure" - "Perference" on the gXine control panel. Make changes as is.


gui : experience_level (Expert)

audio : a52 : dynamic_range (enabled)
audio : a52 : surround_downmix (enabled)
audio : a52 : level (200)
audio : volume : mixer_volume (100)
audio : volume : remember_volume (enabled)

media : dvb : tuning_timeout (3500)
media : dvb : remember_channel (disabled) *Enabled if you want
media : dvb : channels_conf (select .config/gxine/channels.conf)

engine : performance : memcpy_method (libc)
engine : buffers : video_num_buffers (519999)
engine : buffers : video_num_frames (50)


** Other settings be keep them untouched.

(B) Select "Audio" - "Configure Plugins" - "Audio Post-processing" on gXine control panel.

Add/Change "volnorm" - "properties" - "method" (1) and apply the change.

(C) Select "Video" - "Configure Plugins" - "Deinterlace" on gXine control panel.

Add/Change "tvtime" - "properties" - "method" (use_vo_driver) and apply the change.

(Ca) Select "Video" - "Configure Plugins" - "Deinterlace" on gXine control panel.

Add/Change "pp" - "properties" - "quality" (39) - "mode" (vb) and apply the change.

(Cb) Select "Video" - "Configure Plugins" - "Deinterlace" on gXine control panel.

Add/Change "pp" - "properties" - "quality" (39) - "mode" (ha) and apply the change.

(Cc) Select "Video" - "Configure Plugins" - "Deinterlace" on gXine control panel.

Add/Change "pp" - "properties" - "quality" (39) - "mode" (va) and apply the change.

*If you find video playback chopping, you should applied this setting. Step 7 (Ca) to (Cc) are useful for an old CPU.

(D) Select "Video" - "Configure Plugins" - "Video Post-processing" on gXine control panel.

Add/Change "tvtime" - "properties" - "method" (LinearBlend) and apply the change.

Step 8 - Watch HDTV :

Run gxine from the "Application" - "Mutimedia" - "gXine".

Click on "File" - "DVB" or "Playlist" to watch TV on gxine. If you just start the gXine, you should click "DVB".

(A) Watch HDTV :
On the control panel, select "Video" and uncheck "Post-processing" and check "DeInterlace". Otherwise, the video and sound cannot be synchronized.

e.g. Jade HD and aTV HD

(B) Watch Digital TV and Standard TV (analog) :
On the control panel, select "Video" and check "DeInterlace" and "Post-processing". Otherwise, the playback will be chopping.

Step 9 - Test your MyGica D689 (Optional) :

Insert your MyGica D689.

lsusb

The output should be :
Bus 001 Device 002: ID 0572:d811 Conexant Systems (Rockwell), Inc.

The following is for testing purpose.

sudo apt-get install dvbsnoop dvbtune

dvbsnoop -s signal

If there is some output but not error, your MyGica D689 works.

Step 10 - Streaming TV on LAN and recording TV programmes (Optional and not tested by me) :

This is work of "ksng".

Download ksng's scripts (dated 2009-NOV-26)
Download ksng's scripts (dated 2009-DEC-05)
Download ksng's scripts (dated 2010-FEB-04)

Known Issue :

(1) Make sure your signal strenght of digial TV is strong enough and your MyGica D689's antenna should be placed near or at the window. It is because signal strength detection does matter. Otherwise, your playback will be chopping and lagging as well as stuttering and distorting or even channels shifting. An amplifier is required at my area of testing.

(2) Xine decoder is coded by Xine team and the CPU power consumption is very high. Thus, more powerful CPU is required. The playback of HDTV (such as Jade HD and aTV HD) (1920x1080) is chopping under the testing hardware (Athlon 64x2 4200+ CPU). This CPU is launched around 2006. Another test with version 195.22 driver also has the same problem on my testing hardware.

**The chopping playback is solved by applied Step 7 (Ca)-(Cc). My Athlon 64x2 4200+ is too old to run the modern technology! The playback is just acceptable only.

(3) nVidia display driver version 190.42 does not support video post-processing and multi-threading. However, the beta driver (195.22 or later) may solved the multi-threading problems.

(4) Compiz runs flawless while watching HDTV, superise?!

(5) Mplayer (from official Ubuntu repository and nvidia-vdpau repository) does not work properly.

(6) Standard channels does not work properly at my side. May be the signal is not strong enough. However, when an amplifier is applied, the problem is solved.

(7) Me TV cannot record the TV programmes and HDTV may not play properly.

(8) When the kernel is updated, you need to delete the driver directory and build as well as re-install again.

Reference :

Please check HKEPC Forum (Linux) for updates (if any).

HKEPC Forum (Traditional Chinese, Hong Kong Forum)

Streaming HDTV scripts

Discussion on MyGica D689 (Traditional Chinese)

** Note : The links will be deleted when the time goes by.

Honor :

Many thanks to David T.L. WONG for the MyGica driver while "ksng" for the streaming scripts. They are active members of HKEPC Linux forum.

That's all. See you!

Sunday, November 15, 2009

HOWTO : Use more than 3GB RAM on Ubuntu 9.10 Desktop

If you have more than 3GB RAM on your 32-bit system, you can install PAE kernel of Ubuntu 9.10.

Step 1 :

You need to install Ubuntu 9.10 i386 as usual. Then,

sudo apt-get update
sudo apt-get upgrade


*If kernel is updated, please reboot and then go for further steps.

Step 2 :

sudo apt-get install linux-generic-pae
sudo apt-get install linux-image-generic-pae linux-headers-generic-pae


Step 3 :

Reboot to the new kernel - with "pae" extension.

After boot up, issue the following command to make sure you are in the PAE kernel.

uname -r

The output may look like this :

2.6.31-14-generic-pae

Step 4 :

sudo apt-get remove linux-generic
sudo apt-get remove linux-image-generic linux-headers-generic
sudo apt-get remove linux-image-`uname -r | grep "pae" | cut -d- -f1,2,3 | cut -c 1-`
sudo apt-get remove linux-headers-`uname -r | grep "pae" | cut -d- -f1,2,3 | cut -c 1-`


You may also need to do the following step.

sudo update-initramfs -u
sudo update-grub2


Step 5 :

Reboot your system.

That's all! See you.

Friday, October 30, 2009

HOWTO : Ubuntu 9.10 Desktop for Traditional Chinese users

Step 1 : Install Ubuntu

Select Traditional Chinese from the menu when you install and follows the instruction on screen. Choose Taiwan as time zone no matter you are living in Hong Kong or not. You may change to the correct time zone after the installation.

After that, you should update your Ubuntu.

sudo apt-get update
sudo apt-get upgrade


Step 2 : Install Traditional Chinese language support

Go to System >> Administration and select Language Support. Install the missing language pack. Make sure the panel displays "Chinese (Taiwan)" after the installation.

Step 3 : Install SCIM - Chinese Input Method (Optional)

Since the default Input Method - iBus is not mature and complete, I choose SCIM instead.

sudo apt-get install scim scim-modules-table scim-chewing scim-pinyin scim-chinese

After the install, you should logout and re-login or reboot instead.

After the re-login or reboot, go to System > Administration and select Language Support. Changes "iBus" to "SCIM" on the panel.

Step 4 : Bug fix the Flash on YouTube (Optional)

After played the Youtube with browser, you may find the Chinese characters not displayed well and correctly. You can fix it by the following steps.

sudo nano /etc/fonts/conf.d/49-sansserif.conf

Replaces the last fourth line where "sans-serif" to "sans".

Logout and re-login or reboot instead to make the change works.

That's all. See you.

Thursday, October 01, 2009

HOWTO : Highest secured Hiawatha Web Server (6.17.1) on Ubuntu 9.04 Server

What is Hiawatha?

Hiawatha is a web server that developed by Hugo Leisink since 2002.  Hiawatha is not as well known as Apache; however, it has some unique features that Apache lacks of.  Apache requires some modules to do the security purpose, such as modsecurity and mod_rewrite.  Hiawatha is already built-in.  She can ban some bad traffic and bad activities on your web server.  Her footprint is also small, that is 130kb, surprise?!  She is the default web server for Austrumi and Puppy Linux. 

Although the user manual at her official site is not detail enough (at the time of this writing), it is quite easy to configure and runs on a production server.  There may be a bug at cgi-wrapper in Hiawatha 6.17.1 and it requires to modify the source code to solve the problem.

Hiawatha runs MySQL and PHP great in cgi mode.  It can run in Windows environment too (but not yet tried).  This tutorial is going to show you how to configure Hiawatha to work with MySQL and PHP.

Installation of Linux, Hiawatha, MySQL and PHP - LHMP

Step 0 - Install Ubuntu 9.04

Install Ubuntu 9.04 Server and OpenSSH.  If your web application requires email function, you should also install Mail Server also.

Make sure you have perform the following commands at the terminal (or console).

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade


If the kernel or kernel modules have been updated, you should reboot your computer/server.

Step 1 - Install PHP5 and MySQL

sudo apt-get install mysql-server mysql-client php5-cgi php5 php5-cli php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

*Note : some modules will not be required, such as php5-sqlite and php5-snmp.  If your web application requires them, make sure to install them.

Step 2 - Install Hiawatha

Download the current Hiawatha, 6.17.1 at this time of writing.

sudo wget http://www.hiawatha-webserver.org/files/hiawatha-6.17.1.tar.gz
tar -xzvf hiawatha-6.17.1.tar.gz
cd hiawatha-6.17.1


Install requires dependenices.

sudo apt-get install libc6-dev libssl-dev dpkg-dev debhelper fakeroot libxml2-dev libxslt1-dev

Fix bug on Hiawatha.
sudo nano cgi-wrapper.c

At line 103, just below rest = uncomment(line); add the following lines :

if (*rest == '\0') {
   continue;
}


At the hiawatha-6.17.1 directory, build the Hiawatha deb package.

./configure
make deb


The deb package will be created at your home directory, such as /home/samiux.  You can install it now.

cd ..

For 64-bit system :
sudo dpkg -i hiawatha_6.17.1_amd64.deb

For 32-bit system :
sudo dpkg -i hiawatha_6.17.1_i386.deb

Step 3 - Configure PHP5

Edit the php.ini.

sudo nano /etc/php5/cgi/php.ini

Make change as is.

display_errors = Off
log_errors = On
allow_url_fopen = Off
safe_mode = On
expose_php = Off
enable_dl = Off
disable_functions = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd


*Note : some PHP application may requires safe_mode = Off.

Edit Hiawatha's php-fcgi.conf.

sudo nano /etc/hiawatha/php-fcgi.conf

Uncomment the following line.
Server = /usr/bin/php5-cgi ; 127.0.0.1:2005 ; www-data

Activate php-fcgi.

sudo php-fcgi -c /etc/hiawatha/php-fcgi.conf

If you make any change on php-fcgi.conf, make sure to restart it by following commands.

sudo php-fcgi -k -c /etc/hiawatha/php-fcgi.conf
sudo php-fcgi -c /etc/hiawatha/php-fcgi.conf


Step 4 - Configure Hiawatha

Edit the file hiawatha.conf.

sudo nano /etc/hiawatha/hiawatha.conf

Uncomment ServerId at GENERAL SETTINGS.
ServerId = www-data

Add the following line at the GENERAL SETTINGS. Apache compatible log file format.
LogFormat = extended
CGIwrapper = /usr/sbin/cgi-wrapper


Uncomment the following entries at BINDING SETTINGS.
Binding {
   Port = 80
   MaxKeepAlive = 30
   TimeForRequest = 3,20
}


Uncomment all the entries at BANNING SETTINGS.
BanOnGarbage = 300
BanOnMaxPerIP = 60
BanOnMaxReqSize = 300
KickOnBan = yes
RebanDuringBan = yes
BanOnSQLi = 60
BanOnFlooding = 10/1:15
BanlistMask = allow 192.168.0.0/24


*Note : Make change to the Banlistmask in order to meet your network requirement.

Uncomment php5-cgi and CGIextension lines.
CGIhandler = /usr/bin/perl:pl
CGIhandler = /usr/bin/php5-cgi:php
#CGIhandler = /usr/bin/python:py
#CGIhandler = /usr/bin/ruby:rb
#CGIhandler = /usr/bin/ssi-cgi:shtml
CGIextension = cgi


Uncomment all the entries of FastCGIserver and rename ConnectTo to 127.0.0.1:2005.

FastCGIserver {
   FastCGIid = PHP5
   ConnectTo = 127.0.0.1:2005
   Extension = php, php5
   SessionTimeout = 30
}


Optional - Create the following lines under URL TOOLKIT.

UrlToolkit {
   ToolkitID = CMS_common
   RequestURI isfile Return
   RequestURI exists Return
   Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
   Match .*\?(.*) Rewrite /index.php?$1
   Match .* Rewrite /index.php
}


*Note : UrlToolkit is similar to Apache's mod_rewrite.

Create a VirtualHost for your site.

VirtualHost {
   Hostname = samiux.blogspot.com
   #Alias = /php_my_admin:/usr/share/phpmyadmin
   WebsiteRoot = /var/www/blog
   StartFile = index.php
   AccessLogfile = /var/log/hiawatha/blog/access.log
   ErrorLogfile = /var/log/hiawatha/blog/error.log
   TimeForCGI = 5
   #UseFastCGI = PHP5
   UseToolkit = CMS_common
   ExecuteCGI = yes
   PreventCMDi = yes
   PreventCSRF = yes
   PreventSQLi = yes
   PreventXSS = yes
   DenyBot = Googlebot:/
   DenyBot = twiceler:/
   DenyBot = MSNBot:/
   DenyBot = yahoo:/
   DenyBot = BaiDuSpider:/
   DenyBot = Ask:/
   DenyBot = Yahoo! Slurp:/
   DenyBot = Sogou web spider:/
   DenyBot = Sogou-Test-Spider:/
   DenyBot = Baiduspider+:/
   DenyBot = Yandex:/
   DenyBot = UniversalFeedParser:/
   DenyBot = Mediapartners-Google:/
   DenyBot = Sosospider+:/
   DenyBot = YoudaoBot:/
   DenyBot = ParchBot:/
   DenyBot = Curl:/
   DenyBot = msnbot:/
   DenyBot = NaverBot:/
   WrapCGI = jail
}


Configure cgi-wrapper.conf.
sudo nano /etc/hiawatha/cgi-wrapper.conf

Make changes to the file.
CGIhandler = /usr/bin/perl
CGIhandler = /usr/bin/php5-cgi
#CGIhandler = /usr/bin/python
#CGIhandler = /usr/bin/ruby
#CGIhandler = /usr/bin/ssi-cgi


Wrap = jail ; /var/www ; www-data:www-data

*Note : Some CMS will not well when PreventCMDi = yesDenyBot entries are optional.  If you do not want spiders and bots to crawl your site, you should enable it.  Those entries are examples only.  UseToolKit is also optional.

Make sure /var/log/hiawatha/blog exists (example) and its ownership is www-data.

If not, make it as is.
sudo chown -R www-data:www-data /var/log/hiawatha/blog

Restart Hiawatha.
sudo /etc/init.d/hiawatha restart

Now, make sure the ownership of access.log and error.log are www-data.  If not, make them as is.

sudo chown www-data:www-data /var/log/hiawatha/blog/*

Step 5 - Configure Apparmor (to make Hiawatha more safety)

Create Apparmor profile for Hiawatha.
sudo aa-genprof hiawatha

Edit the profile usr.sbin.hiawatha.
sudo nano /etc/apparmor.d/usr.sbin.hiawatha

Make the entries look like this.
# Last Modified: Thu Oct 1 10:00:57 2009
#include <tunables/global>


/usr/sbin/hiawatha {
#include <abstractions/base>


   capability chown,
   capability dac_override,
   capability net_bind_service,
   capability setgid,
   capability setuid,
   capability sys_chroot,


   network inet tcp,


   /bin/dash rix,
   /etc/group r,
   /etc/hiawatha/** r,
   /etc/host.conf r,
   /etc/hosts r,
   /etc/mailname r,
   /etc/nsswitch.conf r,
   /etc/passwd r,
   /etc/php5/cgi/php.ini r,
   /etc/php5/conf.d/ r,
   /etc/php5/conf.d/**.ini r,
   /etc/phpmyadmin/** r,
   /etc/postfix/**.cf r,
   /etc/protocols r,
   /etc/resolv.conf r,
   /etc/services r,
   /usr/bin/php5-cgi rix,
   /usr/lib{,32,64}/** mr,
   /usr/sbin/cgi-wrapper rix,
   /usr/sbin/hiawatha mr,
   /usr/sbin/postdrop rix,
   /usr/sbin/sendmail rix,
   /usr/share/dbconfig-common/** r,
   /usr/share/file/magic.mime r,
   /usr/share/mysql/charsets/Index.xml r,
   /usr/share/phpmyadmin/ r,
   /usr/share/phpmyadmin/** r,
   /usr/share/zoneinfo/ r,
   owner /var/lib/** rwk,
   /var/lib/hiawatha/* rw,
   /var/log/hiawatha/* r,
   /var/log/hiawatha/** rw,
   /var/run/hiawatha.pid rw,
   owner /var/spool/postfix/maildrop/** rw,
   /var/spool/postfix/public/pickup w,
   /var/www/ r,
   /var/www/** rw,
}


* suppose you are using postfix.

Make the profile in enforce mode (active).
sudo aa-enforce hiawatha

If you have change some settings, you should reload the profile.
sudo apparmor_parser -r < /etc/apparmor.d/usr.sbin.hiawatha

If you want to disable this profile.
sudo ln -s /etc/apparmor.d/usr.sbin.hiawatha /etc/apparmor.d/disable/
sudo apparmor_parser -R < /etc/apparmor.d/usr.sbin.hiawatha


If you want to re-enable this profile after it has been disabled.
sudo rm /etc/apparmor.d/disable/usr.sbin.hiawatha
sudo apparmor_parser -r < /etc/apparmor.d/usr.sbin.hiawatha


Step 6 - Improve the security of CGI-Wrapper

Now, your hiawatha is very secure but I would like to make it more secure.

sudo apt-get install libcap2-bin

Apply Capabilities on cgi-wrapper.
sudo chmod u-s /usr/sbin/cgi-wrapper
sudo setcap cap_setgid,cap_setuid+ep /usr/sbin/cgi-wrapper


The result of getcap :

sudo getcap /usr/sbin/cgi-wrapper

It will display :
/usr/sbin/cgi-wrapper = cap_setgid,cap_setuid+ep

Reference :
Hiawatha Manual
Hiawatha Features
AppArmor

Known Issue
Alias cannot be functioned with this configuration so far.

That's all.  See you!

Sunday, September 20, 2009

HOWTO : Logwatch for Hiawatha on Ubuntu 9.04 Server

Logwatch reads your log files and alert you about the unusual log entries. It is working perfect for Apache. However, the log directory of Hiawatha is different from Apache. You should do something else on logwatch in order to make it to read Hiawatha log files.

Step 0 :

Install logwatch.

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install logwatch


Step 1 :

Make changes to the logwatch configure file in order to tell her to send you a email report.

sudo nano /usr/share/logwatch/default.conf/logwatch.conf

Change the settings of the following lines.

Output = mail
Format = html
MailTo = samiux@gmail.com


Step 2 :

You should also change the setting at the daily cron job.

sudo nano /etc/cron.daily/00logwatch

Make the entry like this.

/usr/sbin/logwatch --mailto samiux@gmail.com

Step 3 :

Make logwatch to read Hiawatha log files.

sudo nano /usr/share/logwatch/default.conf/logfiles/http.conf

Add the following lines on the appropriate sections.

LogFile = hiawatha/*access.log
LogFile = hiawatha/*access.log.1
LogFile = hiawatha/*error.log
LogFile = hiawatha/*error.log.1
LogFile = hiawatha/*system.log
LogFile = hiawatha/*system.log.1
LogFile = hiawatha/*garbage.log
LogFile = hiawatha/*garbage.log.1
LogFile = hiawatha/*php-fcgi.log
LogFile = hiawatha/*php-fcgi.log.1

Archive = hiawatha/*access.log.*.gz
Archive = hiawatha/*error.log.*.gz
Archive = hiawatha/*system.log.*.gz
Archive = hiawatha/*garbage.log.*.gz
Archive = hiawatha/*php-fcgi.log.*.gz


See also (Hiawatha 6.17.1 installation) :
Samiux's Blog
or
Almost Secure and Perfect Ubuntu Server

That's all. See you!

Saturday, September 19, 2009

HOWTO : The Onion Router (Tor) on Ubuntu 9.04

The Onion Router (Tor) allows you to surf the internet anonymously. The connection between relays and bridges are encrypted. However, you and the bridges or relays are not. The disadvantage of using Tor is the connection speed will drop a lot. You will feeling that you are using a 56K modem in the modern days.

Step 0 :

Add Tor repositories.
sudo nano /etc/apt/sources.list.d/tor.list

Copy and paste the following lines to the file.

deb http://mirror.noreply.org/pub/tor jaunty main
deb-src http://mirror.noreply.org/pub/tor jaunty main


Step 1 :

Get and install the Tor GPG key.

gpg --keyserver subkeys.pgp.net --recv 94C09C7F
gpg --fingerprint 94C09C7F
gpg --export 94C09C7F | sudo apt-key add -
sudo apt-get update
sudo apt-get upgrade


Install tor.
sudo apt-get install tor

Step 2 :

Install Privoxy.
sudo apt-get install privoxy

Edit the configure file of privoxy.
sudo nano /etc/privoxy/config

Uncomment the following line.

forward-socks4a / localhost:9050 .

Step 2a (Optional) :

If you are behind firewall or NAT as well as router, you should uncomment the following line at the configure file.

forward 192.168.*.*/ .

Step 3 :

Made sure Tor is working.

sudo /etc/init.d/privoxy start
sudo /etc/init.d/tor start


netstat -a | grep 9050

If the output is similar to the following line, your Tor is working.

tcp 0 0 localhost:9050 *:* LISTEN

You can confirm the Tor is working on the remote side by visiting the following site.

check.torproject.org

Step 4 :

Install Vidalia which is a Graphical User Interface for Tor.
sudo apt-get install vidalia

Step 5 :

Get TorButton for Firefox.

TorButton

Reference :
Tor Official site
Tor on Ubuntu

That's all. See you!

Wednesday, September 16, 2009

Great tools for security testing on your web applications

SQL injection and XSS attacks are very commons today.  All web applications are facing to these kind of attacks.

If you are a web site developer, you may concern if your web application is safe for attacks or not.  If you are a web application user, you may concern if your web application is also safe for attacks.

If you web application works with SQL, you may interest in these Firefox addons.  They are developed by Security Compass.  These are a suite of Firefox web application security testing tools designed to be lightweight and easy to use.

These addons including SQL Injection Me and XSS Me as well as Access Me.

Download :

Security Compass - Exploit-Me official site

Firefox addons site

That's all.  See you!

Tuesday, September 15, 2009

HOWTO : Most secure web server (Hiawatha 6.17.1) on Ubuntu 9.04 Server

What is Hiawatha?

Hiawatha is a web server that developed by Hugo Leisink since 2002.  Hiawatha is not as well known as Apache; however, it has some unique features that Apache lacks of.  Apache requires some modules to do the security purpose, such as modsecurity and mod_rewrite.  Hiawatha is already built-in.  She can ban some bad traffic and bad activities on your web server.  Her footprint is also small, that is 130kb, surprise?!  She is the default web server for Austrumi and Puppy Linux. 

Although the user manual at her official site is not detail enough (at the time of this writing), it is quite easy to configure and runs on a production server.  There may be a bug at cgi-wrapper in Hiawatha 6.17.1 and it cannot be configured to run PHP5 in cgi-wrapper mode at the moment.  However, perl is no problem.

Hiawatha runs MySQL and PHP great in cgi mode.  It can run in Windows environment too (but not yet tried).  This tutorial is going to show you how to configure Hiawatha to work with MySQL and PHP.

Installation of Linux, Hiawatha, MySQL and PHP - LHMP

Step 0 - Install Ubuntu 9.04

Install Ubuntu 9.04 Server and OpenSSH.  If your web application requires email function, you should also install Mail Server also.

Make sure you have perform the following commands at the terminal (or console).

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade


If the kernel or kernel modules have been updated, you should reboot your computer/server.

Step 1 - Install PHP5 and MySQL

sudo apt-get install mysql-server mysql-client php5-cgi php5 php5-cli php5-mysql php5-curl php5-gd php5-idn php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-mhash php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

*Note : some modules will not be required, such as php5-sqlite and php5-snmp.  If your web application requires them, make sure to install them.

Step 2 - Install Hiawatha

Download the current Hiawatha, 6.17.1 at this time of writing.

sudo wget http://www.hiawatha-webserver.org/files/hiawatha-6.17.1.tar.gz
tar -xzvf hiawatha-6.17.1.tar.gz
cd hiawatha-6.17.1


Install requires dependenices.

sudo apt-get install libc6-dev libssl-dev dpkg-dev debhelper fakeroot libxml2-dev libxslt1-dev

At the hiawatha-6.17.1 directory, build the Hiawatha deb package.

./configure
make deb


The deb package will be created at your home directory, such as /home/samiux.  You can install it now.

cd ..

For 64-bit system :
sudo dpkg -i hiawatha_6.17.1_amd64.deb

For 32-bit system :
sudo dpkg -i hiawatha_6.17.1_i386.deb

Step 3 - Configure PHP5

Edit the php.ini.

sudo nano /etc/php5/cgi/php.ini

Make change as is.

display_errors = Off
log_errors = On
allow_url_fopen = Off
safe_mode = On
expose_php = Off
enable_dl = Off
disable_functions = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd


*Note : some PHP application may requires safe_mode = Off.

Edit Hiawatha's php-fcgi.conf.

sudo nano /etc/hiawatha/php-fcgi.conf

Uncomment the following line.
Server = /usr/bin/php5-cgi ; 127.0.0.1:2005 ; www-data

Activate php-fcgi.

sudo php-fcgi -c /etc/hiawatha/php-fcgi.conf

If you make any change on php-fcgi.conf, make sure to restart it by following commands.

sudo php-fcgi -k -c /etc/hiawatha/php-fcgi.conf
sudo php-fcgi -c /etc/hiawatha/php-fcgi.conf


Step 4 - Configure Hiawatha

Edit the file hiawatha.conf.

sudo nano /etc/hiawatha/hiawatha.conf

Uncomment ServerId at GENERAL SETTINGS.
ServerId = www-data

Add the following line at the GENERAL SETTINGS. Apache compatible log file format.
LogFormat = extended

Uncomment the following entries at BINDING SETTINGS.
Binding {
   Port = 80
   MaxKeepAlive = 30
   TimeForRequest = 3,20
}


Uncomment all the entries at BANNING SETTINGS.
BanOnGarbage = 300
BanOnMaxPerIP = 60
BanOnMaxReqSize = 300
KickOnBan = yes
RebanDuringBan = yes
BanOnSQLi = 0
BanOnFlooding = 10/1:15
BanlistMask = allow 192.168.0.0/24


*Note : Make change to the Banlistmask in order to meet your network requirement.

Uncomment php5-cgi and CGIextension lines.
#CGIhandler = /usr/bin/perl:pl
CGIhandler = /usr/bin/php5-cgi:php
#CGIhandler = /usr/bin/python:py
#CGIhandler = /usr/bin/ruby:rb
#CGIhandler = /usr/bin/ssi-cgi:shtml
CGIextension = cgi


Uncomment all the entries of FastCGIserver and rename ConnectTo to 127.0.0.1:2005.

FastCGIserver {
   FastCGIid = PHP5
   ConnectTo = 127.0.0.1:2005
   Extension = php, php5
   SessionTimeout = 30
}


Optional - Create the following lines under URL TOOLKIT.

UrlToolkit {
   ToolkitID = CMS_common
   RequestURI isfile Return
   RequestURI exists Return
   Match ^/(favicon.ico|robots.txt|sitemap.xml)$ Return
   Match .*\?(.*) Rewrite /index.php?$1
   Match .* Rewrite /index.php
}


*Note : UrlToolkit is similar to Apache's mod_rewrite.

Create a VirtualHost for your site.

VirtualHost {
   Hostname = samiux.blogspot.com
   Alias = /php_my_admin:/usr/share/phpmyadmin
   WebsiteRoot = /var/www/blog
   StartFile = index.php
   AccessLogfile = /var/log/hiawatha/blog/access.log
   ErrorLogfile = /var/log/hiawatha/blog/error.log
   TimeForCGI = 5
   UseFastCGI = PHP5
   UseToolkit = CMS_common
   ExecuteCGI = yes
   PreventCMDi = yes
   PreventCSRF = yes
   PreventSQLi = yes
   PreventXSS = yes
   DenyBot = Googlebot:/
   DenyBot = twiceler:/
   DenyBot = MSNBot:/
   DenyBot = yahoo:/
   DenyBot = BaiDuSpider:/
   DenyBot = Ask:/
   DenyBot = Yahoo! Slurp:/
   DenyBot = Sogou web spider:/
   DenyBot = Sogou-Test-Spider:/
   DenyBot = Baiduspider+:/
   DenyBot = Yandex:/
   DenyBot = UniversalFeedParser:/
   DenyBot = Mediapartners-Google:/
   DenyBot = Sosospider+:/
}


*Note : Some CMS will not well when PreventCMDi = yesDenyBot entries are optional.  If you do not want spiders and bots to crawl your site, you should enable it.  Those entries are examples only.  UseToolKit is also optional.

Make sure /var/log/hiawatha/blog exists (example) and its ownership is www-data.

If not, make it as is.
sudo chown -R www-data:www-data /var/log/hiawatha/blog

Restart Hiawatha.
sudo /etc/init.d/hiawatha restart

Now, make sure the ownership of access.log and error.log are www-data.  If not, make them as is.

sudo chown www-data:www-data /var/log/hiawatha/blog/*

Step 5 - Configure Apparmor (to make Hiawatha more safety)

Create Apparmor profile for Hiawatha.
sudo aa-genprof hiawatha

Edit the profile usr.sbin.hiawatha.
sudo nano /etc/apparmor.d/usr.sbin.hiawatha

Make the entries look like this.

# Last Modified: Tue Sep  1 10:28:15 2009
#include <tunables/global>


/usr/sbin/hiawatha {
   #include <abstractions/base>


   capability chown,
   capability dac_override,
   capability net_bind_service,
   capability setgid,
   capability setuid,
   capability sys_chroot,


   network inet tcp,

   /etc/group r,
   /etc/hiawatha/** r,
   /etc/nsswitch.conf r,
   /etc/passwd r,
   /usr/bin/php5-cgi rix,
   /usr/sbin/cgi-wrapper mr,
   /usr/sbin/hiawatha mr,
   /usr/share/dbconfig-common/** r,
   /usr/share/phpmyadmin/ r,
   /usr/share/phpmyadmin/** r,
   /var/lib/** r,
   /var/lib/hiawatha/* rw,
   /var/log/hiawatha/* r,
   /var/log/hiawatha/** rw,
   /var/log/hiawatha/blog/* r,
   /var/log/hiawatha/blog/** a,
   /var/run/hiawatha.pid w,
   /var/www/ r,
   /var/www/** rw,
}


Make the profile in enforce mode (active).
sudo aa-enforce hiawatha

If you have change some settings, you should reload the profile.
sudo apparmor_parser -r < /etc/apparmor.d/usr.sbin.hiawatha

If you want to disable this profile.
sudo ln -s /etc/apparmor.d/usr.sbin.hiawatha /etc/apparmor.d/disable/
sudo apparmor_parser -R < /etc/apparmor.d/usr.sbin.hiawatha


If you want to re-enable this profile after it has been disabled.
sudo rm /etc/apparmor.d/disable/usr.sbin.hiawatha
sudo apparmor_parser -r < /etc/apparmor.d/usr.sbin.hiawatha


Step 6 - Configure CGI-Wrapper

To be continue ....

Reference :
Hiawatha Manual
Hiawatha Features
AppArmor

That's all.  See you!