Saturday, June 28, 2014

Saigon


Once again we've been travelling, this time to busy Saigon in south Vietnam. If you think we've been going to Vietnam a fair amount you're right; we visited Hanoi last year and Saigon some years ago. We enjoy the country and we like the food.

Vietnam Airlines
Ahh, Kansai Airport, the gateway to everything travel! We come here, check in and get through security. I see a view like this out the panorama windows, and I feel we're finally, actually, really on our way. This moment is, to me, when the journey starts.

Dusk
Ho Chi Minh City at dusk.

Saigon, or Ho Chi Minh City, or HCMC, is one of the two major cities in Vietnam, along with the capital city of Hanoi in the north. When we visited Hanoi last year, the city felt exotic, almost alien at times. Saigon is more international, with many foreign companies and many more foreign visitors.

On one hand more people speak English, plenty of restaurants have English menus and more people are used to foreigners. On the other hand, we were scammed or nearly so several times in Saigon, but not a single time in Hanoi. You have to check the change you receive every time, and you really want to avoid taxis if you can. On our way to the airport at the end, the driver — hailed by the hotel and from one of the "safe" companies — tried to scam us with a furiously running meter. He probably figured that we have a flight to catch and not have time to do anything about it. Only when we repeatedly and loudly demanded that he go right back to the hotel and annul the trip did he give up and turn off the meter.


Friendlies
Traffic is a lot easier to navigate in Saigon than it was in Hanoi. There seems to be less of it, and most people at least regard a stop light as something relevant, not a nice, festive decoration to admire as you rush by.

Shaded Streets
A lot of Saigon is fairly old. The trees lining many of the streets are mature and fully grown. They give you excellent shade and a serene, almost sacral sense of space and air as their crowns loom high overhead. This is what a city street should feel like.

Post Office
The main post office. Well worth a visit even if you have nothing to post.

Temple manager
The manager of a hindu temple, relaxing in the shade.

Turtle Lake
View from Turtle lake monument at dusk. Many young couples seem to come here to hang out.


Hotel Continental Saigon

Continental Hotel Saigon
Hotel Continental Saigon. The blue, glowing building in the background is a shopping mall.

The Hotel Continental is famous. This is where Graham Greene lived when he wrote his novel "The quiet American". News agencies had their offices there during the Vietnam war. Surprisingly, it's quite affordable to stay there. It's very well kept, with rooms that retain the ambience of an old-style hotel. But the traffic can be noisy and the colonial style is not to everybody’s taste. Also, I suspect that they actually make much of their business from conferences, wedding parties and things like that; the hotel bit is perhaps as much to keep the atmosphere as much as anything else.

Wedding Shots
There were wedding photographers and wedding shoots almost every day in and around the hotel. It's fun; people are happy if nervous and it makes for a festive atmosphere.

Model
The hotel is a very scenic backdrop, and wedding photographers aren't the only ones taking advantage of it.


Cooking Class!

Of course we went to a cooking class. It's a fun, simple holiday activity, and it meshes perfectly with our interest in food. And really, who's not interested in food? We took a small class — only me and Ritsuko — and we covered some classic Vietnamese street food dishes.


Pho ga
Pho is perhaps the quintessential Vietnamese noodle dish, although it's a fairly recent invention. We made Pho Ga (chicken-based Pho) pretty much from scratch, beginning by searing/roasting vegetables for the stock. It turned out very well. We've tried it once at home, but it didn't come out right. Need more practice.

Banh Cuon
Banh Cuon are steamed dumplings. You first steam a thin sheet of rice flour dough, then wrap a minced filling into it. Not something you really do at home since you need a good-sized steamer, but if you had it you could make regular rice paper too by simply drying the sheets instead of using them for these dumplings.

Making Banh Xeo
You make Banh Xeo — a pancake wrap — in a wok like this. Spread out some egg and flour mixture in a thin layer, add your filling, then fry on every side until the egg starts to crisp and turn brown. Wrap the egg over the fillings.

Banh Xeo
The finished Banh Xeo. Grab bits of it, dip in a dipping sauce and eat. Delicious, and not nearly as difficult as I thought it would be.

Beef Salad
This beef salad was also delicious, though frankly the beef would make this a pricey meal home in Japan. I'm particularly proud of the tomato rose. This was a fun dish.

Vietnamese Coffee
Vietnamese coffee is very distinctive. In part it's because of the way you make and drink it, with a steel filter brewing it right into your cup, and with a generous dollop of condensed milk. But Vietnamese coffee is mostly varietals of Robusta, not Arabica, and those beans have a very different flavour profile than you're used to. The flavour is stronger, a little harsher, with a long, lingering aftertaste that I find very pleasant. Some say it's an inferior coffee but I really don't think so. Different, not worse.

Banh Mi
Banh Mi is a sandwich, often with beef or chicken, pickles and lots of other stuff. You get them from small street-side stands like this one, and they're generally delicious. The bread is crispy and soft at the same time, and the ingredients is a taste explosion of savoury, sour and sweet all at once.


Street Life

A lot of life is lived right on the street. Restaurants and businesses spill out on to the sidewalks. Many small tradesmen set up shop on the street itself. People sit outside in the air and the light rather than in dark, hot indoor rooms.


Cobbler
A cobbler is repairing shoes by a busy intersection.

Bikes (not running)
Bike repair business.

Street Barber
A street barber is plying his trade in the shadow of an old building. The guy in the blue shirt seemed to be a friend hanging out with him as he worked.

Slow Day
A barbershop is having a post-lunch lie-down while waiting for customers.

Cigarrette Stand
Cigarette stand on a street corner.

Coffee Break
Many cafes and lunch restaurants use the sidewalks for their customers, and seem to reserve their limited indoor space for kitchen and storage.

Neighbourhood Sidewalk
Some kids hanging around outside in a quiet residential neighbourhood.

Non La
Stalls along a river-side street.

Ho Chi Minh City seems to be in the middle of a building boom. Lots of new, sleek high-rises are coming up, and they're even planning a whole new financial center on the other side of Saigon river. Fortunately there seems to be at least a nod toward preserving the old city atmosphere; the building across the street to the Continental hotel, for instance, is a shopping mall, but looks for all the world like a colonial-era building. And to keep the building height down, the mall is actually several floors underground. The street atmosphere is perhaps Saigons greatest asset and I'm happy to see they do try to preserve it.


Dark
The "Bitexco financial tower" is yet another futuristic glass-facade office building. But the sky deck gives you a very good view of the city in all directions.

Construct
Another high-rise coming up in the city.

Old And New
New apartment buildings and old river boats.

Drawing Water
A night guard at a construction site is getting drinking water.

Rooftops
Rooftops.

Thursday, June 12, 2014

To Okinawa

It's 06:20, and I'm scrambling madly to pack my stuff before I leave for Okinawa and OIST. I'll stay there for a month of project work and tutoring at the OCNC summer course. I've yet to finish my post on Saigon, but here's one picture just to fill out this rushed post:

Neighbourhood Sidewalk
Kids lounging on a sidewalk outside a row of homes. The scene felt lazy, slow and relaxed. Exactly how I don't feel right at this moment.

Tuesday, June 3, 2014

Setting Up My New Home Server


This post contains a substantial amount of geekery; you have been warned.

As I've written previously, I'm using my own server for reading feeds using Tiny Tiny RSS. I also set up file sharing and synchronization between my computers using Owncloud(1). I started last year by installing Ubuntu in a virtual machine on my seven years-old desktop. Canvas, our internet provider, offers a fixed public IP address for a moderate fee, and that lets me access the server from anywhere.

At first I just used the server for tt-rss and copying files between computers. But now I use it for all kinds of stuff. For instance, the Owncloud Android app automatically copies pictures I take with my phone directly to my server. I use the server to synchronize all the research papers I have in Zotero. I'm moving my Git repositories to it. And I can run octave, R, Python and so on on my tablet from anywhere using SSH.

I plan to move my calendar to it and to make a small website as well. I now depend on this server every day, and it's clear that I can't keep using my old desktop for this any longer. It's old and unreliable. It's also big, noisy and uses a lot of power. I need a dedicated machine.


Last month I got a Intel NUC DN2820FYK, a very small form-factor, low power machine. It's small, around 12cm square and about 5cm high, and draws only around 10W. You need to add memory and a hard drive yourself, but that was commendably easy; if you can use a screwdriver you can certainly add the parts you need. I added 8GB memory(2) but chose a slow 5400rpm notebook hard disk. It's cheaper and quieter than faster disks, and the machine will mostly be limited by network speed anyway.

After a quick BIOS update(3) I installed Ubuntu Server 14.04. It installs without any trouble. Full-disk encryption is now available by default, but I skipped that; encryption makes sense on a laptop that you might lose or have stolen, but this server will sit quietly at home. Nobody is going to have direct access to the machine so encryption doesn't feel very necessary.


The Intel NUC sitting atop my old desktop. The NUC is faster, has more memory and larger storage. It also has bluetooth and wifi; it's tiny in comparison to the old machine and almost completely silent. I'm still using the old machine for my film scanner, though.  

It's pretty straightforward to install tt-rss and Owncloud on Ubuntu, but there are a few wrinkles to the process so I thought I'd post it here. Any line that starts with "$" below is a command to run on the command line(4).

Both Owncloud and tt-rss need a database and a web server. I choose to install Postgres and Lighttp. Postgres is mature, stable and efficient. Lighttpd is, as its name implies, a lot more lightweight than Apache, and is commendably straightforward to configure and maintain.

First install the database and web server, along with php and a couple of useful tools:

    $ sudo apt-get install lighttpd php5-cgi php5-curl php5-gd php5-pgsql postgresql openssl bzip2 wget


Owncloud is available in the Ubuntu repository but it's an older version. Better to use the Owncloud official packages. We add the repository and get the key:

    $ sudo sh -c "echo 'deb http://download.opensuse.org/repositories/isv:/Owncloud:/community/xUbuntu_14.04/ /' >> /etc/apt/sources.list.d/owncloud.list"
    $ wget http://download.opensuse.org/repositories/isv:Owncloud:community/xUbuntu_14.04/Release.key
    $ sudo apt-key add - < Release.key


The newest version of Tiny Tiny RSS is also available in a separate repository:

    $ sudo add-apt-repository ppa:webupd8team/tt-rss
    $ sudo apt-get update


Owncloud

Install the package:

    $ sudo apt-get install owncloud

You may want to increase the maximum upload sizes for scripts in /etc/php5/cgi/php.ini. Set something like

    upload_max_filesize = 20M
    max_file_uploads = 50 
    post_max_size = 20M

Set up Postgres. First, run the postgres client psql as user postgres:

    $ sudo -u postgres psql postgres

Use the \password postgres command to set a new password for the user. Create an "owncloud" database user (write down the password!) and create the database:

    $ sudo -u postgres createuser --no-createdb --pwprompt --no-superuser --no-createrole owncloud_user
    $ sudo -u postgres createdb --owner=owncloud_user --template=template0 --encoding='UNICODE' owncloud_db
    $ sudo -u postgres psql --command='GRANT ALL PRIVILEGES ON DATABASE owncloud_db TO owncloud_user;'


Set up lighttpd to serve the Owncloud app. Owncloud is already installed under /var/www/owncloud. We want to make sure people can't access the underlying data directly. Edit /etc/lighttpd/lighttpd.conf, and add:

    $HTTP["url"] =~ "^/owncloud/data/" { url.access-deny = ("") }
    $HTTP["url"] =~ "^/owncloud($|/)" { dir-listing.activate = "disable" }


Enable a couple of web server modules:

    $ sudo lighty-enable-mod fastcgi fastcgi-php
    $ sudo service lighttpd restart

Set up cron (that's a scheduling service) to periodically run various Owncloud housekeeping tasks:

    $ crontab -u www-data -e 

and add this line (it tells cron to run the "cron.php" script every 15 minutes):

    */15  *  *  *  * /usr/bin/php -f /var/www/owncloud/cron.php


This should give you a basic installation already. But we want to make things a little more secure. We'll access tt-rss and serve our files with an encrypted connection using https rather than http. We'll need an SSL certificate and prevent access to Owncloud from ordinary http connections. We're not setting up a public service so we can sign the certificate ourselves. We'll do this as root.

    $ sudo bash
    $ mkdir -p /etc/lighttpd/certs
    $ cd /etc/lighttpd/certs
    $ openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 1095 -nodes


Fill in nonsense info or leave blank; it doesn't much matter since we're not going to have a public certificate. Change permissions:

    $ chmod 400 lighttpd.pem

Edit /var/www/owncloud/config/config.php and add to trusted_domains:

    'trusted_domains' => 
 array ('[your public URL, if any]', '[your ip address]'),


and set

    'forcessl' => true,

Edit /etc/lighttpd/lighttpd.conf again, and add:

    $SERVER["socket"] == ":443" {
 ssl.engine = "enable"
 ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"

 ssl.use-sslv2 = "disable"
 ssl.cipher-list = "TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH"
    }


That should do it. Now you should be able to access Owncloud using https://yourserver/owncloud but not using http://yoursever/owncloud. When you first create your user, be sure to mark the "advanced" check box and choose Postgres as your database.


Tiny Tiny RSS

tt-rss is really easy to set up, but we need to fix one problem with database access. First, install tt-rss:

    $ sudo apt-get install tt-rss

The installation will ask you a few questions about things like your database and webserver. The setup will partially fail, and the reason is that Postgres by default won't give access to tt-rss. Edit /etc/postgresql/9.3/main/pg_hba.conf and look for a line that looks like this:

    # "local" is for Unix domain socket connections only
    local   all             all                 peer


Change "peer" to "md5" and you're done. Restart the database with sudo service postgresql restart

We want tt-rss to refresh the feed list automatically. Edit /etc/default/tt-rss and change the "disabled" parameter:

    set "DISABLED=0"

Then start the update service:

    $ sudo service tt-rss start


Finally, we want to force tt-rss to use SSL encryption. Add the following to /etc/lighttpd/lighttpd.conf:

    $HTTP["scheme"] == "http" {
 $HTTP["host"] =~ ".*" {
     url.redirect = ("^/tt-rss/.*" => "https://%0$0")
 }
    }


It basically says that if someone tries to access the server with http, for any host name, and if the URL contains "tt-rss", then redirect the request to an encrypted https connection instead.


This setup works admirably so far. The machine itself takes up no space, and it's so quiet I can't hear it even when sitting right next to it. Tiny Tiny RSS has worked just fine ever since I started using it almost a year ago, and Owncloud seems to be reliable and fast.

The Owncloud client is still basic and lacks some needed features — you can't easily exclude a particular folder on the server from synchronization for instance — but it uses the standard WebDAV protocol so you can use any client, your browser or even the file manager to access files on your server. Owncloud is a smooth, mostly painless way to have my stuff accessible from anywhere, and the Intel NUC is a good little machine to run it.


#1 It's similar to, say, Dropbox or Google Drive. But my data is not moved across continents and to different legal jurisdictions whenever I copy something, and I have control over the server where the data sits. I am responsible for keeping the server up and running; on the other hand, I won't get caught flat-footed when an online service is suddenly shut down.

#2 You can never be too rich, too beautiful or have too much memory.

#3 Put the recovery BIOS FY0032.BIO from here onto a USB stick then reboot into the BIOS setup. In the BIOS update function, select the file on the stick. Easy.

#4 This is a server without a screen or keyboard so I log in remotely and use the command line. But if you want, you can of course start a desktop and use the graphical tools to set things up.