Font rendering is a matter of taste. However, I personally think Ubuntu's default font rendering is the most eye-pleasing one of the whole Linux eco-system. And if a website's CSS font stack is looking good on Ubuntu, you can be relatively sure that it also works for Mac or MS Windows as long as the used fonts are available on these platforms. It is not hard to get the same font rendering on Fedora. This text is just a bit longer than a few commands because I try to provide additional background information and useful web-search-keywords which you may need if you have other targets than a 100% Ubuntu-like rendering.

To achieve the desired result, you have to know which parameters exist and how to change them. The most important things are:

• Resolution (DPI).
• Font hinting and the used font hinting method.
• Font rasterization. Especially the used anti-aliasing method and its strength.
• The used font rendering engine. The one shipped with Fedora comes without subpixel rendering (more on this later).

So let's look at the defaults applied on Ubuntu 10.10. You can do this on the terminal with xrdb -query:

Xft.dpi:	96
Xft.antialias:	1
Xft.hinting:	1
Xft.hintstyle:	hintslight
Xft.rgba:	rgb
Xft.lcdfilter:	lcddefault

As you can see, Ubuntu is using RGB anti-aliasing with subpixel rendering (lcd-default means “subpixel (LCD)” method) and slight font hinting. Now compare this with the default values on Fedora 15 Lovelock:

Xft.antialias:	1
Xft.dpi:	96
Xft.hinting:	1
Xft.hintstyle:	hintmedium
Xft.rgba:	none

This shows that Fedora does use grayscale anti-aliasing, a stronger font hinting style and no subpixel rendering by default. This is the reason why the same fonts look different on Fedora and Ubuntu.

1. Install the freetype-freeworld package. You need subpixel rendering the achieve the same results as on Ubuntu. The FreeType rendering engine shipped by default comes without it but you can install the freetype-freeworld package out of the RMPfusion-free repository to get a version with subpixel rendering. If not already happend, enable RPM Fusion on your system. Open a terminal and install the freetype-freeworld package:

   su -c "yum install freetype-freeworld"

   You should know that subpixel rendering is patented and therefore not completely free (as in speech). Using this package might not be legal in your country. The choice is yours and it is your legal responsibility to make sure that the software you are installing can be legally used.

2. Adjust the hinting style and enable RGB anti-aliasing. Ubuntu it using hintslight hinting by default, Fedora comes with hintmedium. Additionally, we need RGB instead of grayscale anti-aliasing. Open a terminal and execute the following commands to set the anti-aliasing and hinting style:

   gsettings "set" "org.gnome.settings-daemon.plugins.xsettings" "hinting" "slight"
   gsettings "set" "org.gnome.settings-daemon.plugins.xsettings" "antialiasing" "rgba"

3. Activate the lcddefault lcdfilter. Unfortunately, there is no GSettings key for it (at least as I'm writing this), therefore you have to create a hidden .Xresource file with the Xft.lcdfilter: lcddefault setting in your home directory. Open a terminal and execute the following command to do so:

   echo "Xft.lcdfilter: lcddefault" > ~/.Xresources

4. Some settings need a restart to take effect, so reboot your system. If everything worked you should get the following xrdb -query output (the output order does not matter if the values are the same):

   Xft.antialias:	1
   Xft.dpi:	96
   Xft.hinting:	1
   Xft.hintstyle:	hintslight
   Xft.lcdfilter:	lcddefault
   Xft.rgba:	rgb

• You may find the gnome-tweak-tool interesting. E.g. it provides an option to switch the window-title-bar font. Use the following command to install it:

  su -c "yum install gnome-tweak-tool"

• I used the command line tool gsettings to adjust the GSettings key values above. If you want to influence and explore available keys by using a GUI, have a look at the dconf-editor. Use the following command to install it:

  su -c "yum install dconf-editor"

• You may want to use the Ubuntu fonts, too. They are not included in the main repositories right now,¹⁾ therefore I wrote the install-ubuntufonts-fedora.sh bash script to make the font installation faster and easier. There is a high probability that this script will never be useful to someone else than myself. But you never know. If you want to use it, open a terminal and run the following commands to download and execute it (copy and paste recommended):

  wget "http://blog.andreas-haerter.com/_export/code/2011/07/18/install-ubuntufonts-fedora.sh?codeblock=1" -O "/tmp/install-ubuntufonts-fedora.sh"
  chmod a+rx "/tmp/install-ubuntufonts-fedora.sh"
  su -c "/tmp/install-ubuntufonts-fedora.sh"

  Please read the Ubuntu Font Licence for all the rules that govern the use of the fonts.

• If you want to go any further, you should know some things about the fontconfig system. First of all, it is controlled by *.conf files. Fedora is looking for them at the /etc/fonts/conf.d/ directory and they get imported in alphabetical order.²⁾ Please note that every file in this directory should be a symlink pointing to a real config file located in /etc/fonts/conf.avail/. This makes it possible to deactivate settings by deleting the symlink in /etc/fonts/conf.d/ without loosing the corresponding config file in /etc/fonts/conf.avail/. It is also recommended to follow the rule “one setting, one file”. This makes sure you always know which files configures what.
  All settings at /etc/fonts/conf.d/ are affecting all user accounts and therefore you need root privileges to create or edit the files. If you want to influence only a specific user account, it is also possible to place files in the user's ~/.fontconfig/ directory (simply create it if it is not already existing).
• I assume that your display is using RGB pixels (the subpixel layout test page can help you to verify this). If your monitor is using BGR, V-RGB, or V-BGR pixels, you might want to use another anti-aliasing setting than rgba.

• ScreenFontSettings
• Improve Fonts in Fedora
• The Lagom LCD monitor test pages

Edit 2011-07-21: Here are the demanded screenshots. You can use your keyboard to navigate trough them (← and → key). The last one shows a terminal with Ubuntu fonts.

When Fedora 15 Lovelock was just a few days old, the generally known commands to build an appropriate package did not work.³⁾ Therefore (and because I think it is a bit extreme to create a package just to get some fonts), I wrote install-msttcorefonts-fedora.sh to make the font installation faster and easier. There is a high probability that this script will never be useful to someone else than myself. But you never know. If you want to use it:

1. Open a terminal.
2. Run the following commands to download and start the script (copy and paste recommended):

   wget "http://blog.andreas-haerter.com/_export/code/2011/07/01/install-msttcorefonts-fedora.sh?codeblock=1" -O "/tmp/install-msttcorefonts-fedora.sh"
   chmod a+rx "/tmp/install-msttcorefonts-fedora.sh"
   su -c "/tmp/install-msttcorefonts-fedora.sh"

• Core fonts for the Web
• The Unofficial Fedora FAQ - Can I install the standard Windows fonts on Fedora?
• An easy way to install Microsoft's TrueType core fonts on Linux
• TrueType core fonts for the Web EULA

SSH provides the possibility to use Public Keys to log in to a target system (which is very likely more secure than a password). To make this possible:

1. The user has to create a Public/Private Key pair
2. The user's Public Key(s) has/have to be stored on the target system running the SSH Server (normally within ~/.ssh/authorized_keys)
3. The server's Public Key has to be stored on the local system running the SSH Client (normally within ~/.ssh/known_hosts)

Some popular services like GitHub do not even provide a password based authentication for data exchange, forcing you to use a SSH Public Key. Same for the Fedora Account System (FAS) where I created an account recently.

On a common Linux system, all needed SSH client tools should be installed by default. If not (e.g. because they were removed), simply install the openssh-clients package on Fedora or the openssh-client package on Debian/Ubuntu. After installation, the SSH tool for authentication, key generation, management and conversion is available via terminal: ssh-keygen

As already said, ssh-keygen is the tool for creating a key pair. It brings a lot of options, I'm going into detail on the most important ones:⁴⁾

• -b <bits>:
  From the manpage: “Specifies the number of bits in the key to create. For RSA keys, the minimum size is 768 bits and the default is 2048 bits. Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits[…]”.
• -t <type>:
  Specifies the type of key to create. The cryptographic algorithm to use will selected through specifying this parameter. For SSH2, you can choose between “rsa” and “dsa”.⁵⁾
• -C "<comment>":
  Provides a comment for the key. The comment is used as “name” for the key in most applications. If not given, username@host will be set by default. You can change the comment later without any problems.

Using a 2048bit long RSA key is a good choice for most use-cases. 1024bit RSA is no longer regarded as indisputably secure, 4096bit RSA is for paranoid person like me. Please make sure you set a passphrase to protect your key. Otherwise everyone who may gets access to it (e.g. because someone steals your laptop and copies the keyfile) is able to get instant access to all systems you used the key for logging in. In contrast, you should have enough time to change the keys on all affected system without any danger if you used a good passphrase for a leaked private key. Additionally, it is no problem to use multiple SSH keys. So if you need a SSH key without password (e.g. for a quickly hacked backup script), create a separate key for this special task but do not use it for logging in to important systems.

Now open a terminal and let's go:

user@local:~$ ssh-keygen -t rsa -b 2048 -C "user@local"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):

As you can see, the key will be stored into ~/.ssh/id_rsa by default. To choose another file, you have to provide the complete path (→ ~/ normally does not work to point to your home dir). I use the non-default path /home/user/.ssh/mykey in this example.

Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/user/.ssh/mykey
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/mykey.
Your public key has been saved in /home/user/.ssh/mykey.pub.
The key fingerprint is:
10:af:1e:58:a3:a2:2a:7e:11:23:52:bf:c2:32:61:fa user@local
The key's randomart image is:
+--[ RSA 2048]----+
| ...     o       |
|     + o         |
|  . o = .        |
| ... o +         |
|.. .  . S        |
| o  .            |
|Bo.  .       .+  |
|E oo.            |
| +o+o            |
+-----------------+

Done. Now you got the needed key pair:

• /home/user/.ssh/mykey is the private key. Never share this one with someone else. Simply keep the Private Key… well, private.
• /home/user/.ssh/mykey.pub is the public key (also called “ID file” or “identity file”). This is the one you have to upload to the remote systems.

• If you never heard about the “randomart image”, you may have a look at “What is randomart produced by ssh-keygen?”.
• If you need a GUI, have a look at GNOME Seahorse or PuTTY.
• Have a look at IBM: Shhh ... secrets about SSH and GitHub: Multiple SSH keys if you have trouble when using more than one SSH key.
• Close ssh if the session is not responding anymore: The command ~. closes the ssh client program if the server hangs (e.g. because it was unexpectedly shut down or your internet connection is not stable).
• Copy the Public Key(s) to a remote system: ssh-copy-id helps you to copy your SSH Public Key into the ~/.ssh/authorized_keys file of the remote system and/or copy the remote system's public key into your local ~/.ssh/known_hosts file. Usage:

  ssh-copy-id -i "~/.ssh/mykey.pub" remote-user@remote.example.com

• Change the passphrase of a SSH key: ssh-keygen is also the tool of choice to change a key's password. The -f parameter specifies the private key file you want to change. The -p parameter tells the program that you want to change the password of an existing key, preventing the generation of a new one:

  ssh-keygen -f /path/to/your_key -p

• Change the comment of a SSH key: ssh-keygen is also the tool of choice to change a key's comment. The -f parameter specifies the private key file you want to change. The -c parameter tells the program that you want to change the comment of an existing key, preventing the generation of a new one:

  ssh-keygen -f /path/to/your_key -c

• SSH
• LinuxWiki.org: OpenSSH
• Public-key Cryptography
• RSA Crypto System
• Digital Signature Algorithm (DSA)
• What is randomart produced by ssh-keygen?
• IBM: Shhh ... secrets about SSH
• GitHub: Multiple SSH keys

This article provides a step-by-step guide on how to install an Ubuntu Linux system with full disk encryption (new installation). However, you should take a relaxed day as topical newbie for further reading. You don't have to keep everything in mind but it is never an error to acquaint oneself with something new.

Read more…

Dieser Artikel beschreibt, wie ein vollverschlüsseltes System mit Hilfe von Ubuntu-Linux eingerichtet wird (Neuinstallation). Der gesamte Artikel kann dabei Schritt für Schritt nachvollzogen werden um ans Ziel zu kommen. Dennoch sollte man sich als Neuling einen ruhigen Tag Zeit nehmen, um die Thematik zu erfassen. Man muss sich bei weitem nicht alles merken, sich aber einmal eingelesen zu haben schadet nie.

Read more…

The Network Time Protocol (NTP) is a protocol for synchronising the clocks of computers over TCP/IP networks. I don't go into detail here,⁶⁾ but NTP is helpful if you need a really⁷⁾ exact system time (e.g. on special Database servers) or just to get a correct clock setting on your common desktop. There are two ways to use NTP to set your system's clock:

• ntpdate – Simple NTP client, syncs your system's clock instantly by polling specified NTP server(s) every time it is called.
• ntpd – NTP server daemon, calculates the drift of your system's hardware clock and continuously adjusts it. Can act as NTP server for other NTP servers and clients.

Read more…

Using DokuWiki is fun. It gives you all you need to manage different types of content like common text, quotes, files, data tables and source code. It displays your content in a proper way, including typography replacements and many other features (see Syntax for some examples). It is especially perfect to write about IT where console output or code snippets matter. You can even include RSS feeds and create galleries with a single line of text. Additionally, DokuWiki is very easy to administrate and maintain (this is my personal killer feature). Installing updates is damn simple (in principle, you just have to copy the new files over the old ones). And you can do backups by downloading everything from your webserver. No database dumps and stuff needed. Because plain text files are used as storage, you can even access the raw data offline with a simple text editor.⁸⁾ So why not using DokuWiki as easy maintainable blog? Exactly!

There are two common ways to create a DokuWiki based weblog. The traditional one, using the Blog plugin in combination with a bunch of others.⁹⁾ And the new BlogTNG plugin which is meant as successor of the Blog plugin and already contains components like comments and tags. The following text is about creating a cool WikiBlog with BlogTNG.

Read more…

Creating templates for most web applications is not really a hard task. But if you plan to share your work with the public you face a little problem every now and then, namely when there's a new version of the application available: you have to track down what has changed since the last release to be able to update your template accordingly. Sure, not everyone has the time to follow the development of an application close enough to notice every small change which affects his work. IMHO that could be the cause why some of the available DokuWiki templates are a little outdated and likely not 100% compatible with the latest release. However, I would like to show a way to take advantage of DokuWiki's stylesheet handling and to keep the effort needed to keep such a template up-to-date at a minimum (we're all lazy people, right ).

The easiest way to create a new template is the Starter template by Anika Henke.¹⁰⁾ Just download and extract it. Rename the folder, place it below <dokuwiki>/lib/tpl/templates and select it in the DokuWiki configuration manager.

DokuWiki provides an advanced CSS handling system which uses a PHP .ini file named style.ini, which is part of the template. It is used to determine which files are getting loaded for a certain display mode. So lets have a look at the style.ini provided by the Starter template. Right now we're interested in the first section of the file:

style.ini

[stylesheets]
 
css/basic.css             = screen
css/structure.css         = screen
css/design.css            = screen
css/content.css           = screen
css/_imgdetail.css        = screen
css/_media_popup.css      = screen
css/_media_fullscreen.css = screen
css/_fileuploader.css     = screen
css/_tabs.css             = screen
css/_links.css            = screen
css/_toc.css              = screen
css/_footnotes.css        = screen
css/_search.css           = screen
css/_recent.css           = screen
css/_diff.css             = screen
css/_edit.css             = screen
css/_modal.css            = screen
css/_forms.css            = screen
css/_admin.css            = screen
css/includes.css          = screen
 
css/rtl.css               = rtl
css/print.css             = print

The above describes which .css file gets loaded for a certain display mode. “screen” is the normal display mode when you watch the page in a browser, “rtl” is loaded for right-to-left languages, and “print” obviously when you like to print a wiki page.¹¹⁾ For more information regarding the loading order of stylesheets refer to the docs.

So here is the key part:

We just add our own .css files for each mode at <dokuwiki>/lib/tpl/template/<mytemplate>/css instead and modify the style.ini so they get loaded after the original ones:

style.ini

[stylesheets]
 
css/_imgdetail.css        = screen
css/_media_popup.css      = screen
css/_media_fullscreen.css = screen
css/_fileuploader.css     = screen
css/_tabs.css             = screen
css/_links.css            = screen
css/_toc.css              = screen
css/_footnotes.css        = screen
css/_search.css           = screen
css/_recent.css           = screen
css/_diff.css             = screen
css/_edit.css             = screen
css/_modal.css            = screen
css/_forms.css            = screen
css/_admin.css            = screen
css/mytemplate_screen.css = screen
 
css/rtl.css                = rtl
css/mytemplate_rtl.css     = rtl
css/print.css              = print
css/mytemplate_print.css   = print

Instead of editing any of the .css files we copied over from the Starter template we add our CSS rules to the files we just created and make use of a key CSS feature: the so-called cascade.¹²⁾ Expressed in simplified terms, CSS rules simply override previous rules affecting the same element.¹³⁾ And in some cases where the specificity of your rule is not enough, you may use !important¹⁴⁾ or an own class to solve such problems.

So we just override any Starter template CSS rule we like to change in our own mytemplate_screen.css, mytemplate_rtl.css and mytemplate_print.css. Developing a stylesheet this way is a little bit more advanced than if you just edit the existing .css files. But it has an advantage as you'll see later. Additionally, you may noticed that I removed some original Starter template files which are not starting with an underscore (basic.css, structure.css, design.css, content.css and includes.css). The reason for this is simple: only the files starting with an underscore plus rtl.css and print.css are the important core styles, the rest is supposed to be adjusted. Therefore use them as starting point for your own mytemplate_screen.css.

Another thing you may like to consider while modifying DokuWiki's CSS is that it is best to access the elements the same way as done in the Starter template CSS files and prepend most ids or classes with .dokuwiki. And have a look at the color placeholders. If you happen to edit the main.php of your template to add or edit something you shouldn't remove the <div class="dokuwiki"> as it will break the whole stylesheet!

As you may have noticed, this approach has one drawback. The size of the final stylesheet delivered to the browser will be bigger than if you just edit the existing .css files. This should be around ~2kB till 15kB (uncompressed), depending on the things you are changing. Since the whole CSS gets compressed and is usually delivered only once and then cached I don't think it's that much of a problem.¹⁵⁾ And it is not “unclean” or something like that because the Wiki's data is not affected and a template is not triggering any dependencies for your data in general.

If you follow the approach given above, keeping your template up-to-date after a new DokuWiki release is a task that can be done very quickly! The only thing you have to do is to run a diff against all .css files you copied from the Starter template against the original ones (or have a look at the Commits, e.g. if you are not familiar with tools like diff). Checking the Starter template changelog is also a good idea. If there have been changes, just copy the changed .css files of the Starter template to your template folder overriding the old ones, and, only if needed, add some extra rules to your custom .css files to adjust everything to your needs. The best place to check if everything is OK is the syntax page included in every DokuWiki release.¹⁶⁾ It is also recommendable to have a look at the .php files provided by the Starter template to determine if there are any changes needed for new features. The official Developers Changelog may help you to support new features, too.

That's it! At least this approach works pretty well for me . Of course this only covers CSS issues but it assures that things don't get totally messed up. If you've added new functionality to a template you surely have to put more time into testing/debuging things. But if you create a different look for DokuWiki and like to share it, this is one way to keep things easy over time. Keeping things maintained is normally much harder than creating something new, therefore the additional work when starting a new template should pay off quickly. The approach is even powerful enough to make things like vector¹⁷⁾ or this blog's template mnml-blog possible without getting to much trouble when a new DokuWiki version was released.

In the past, the best way to start an own template was to copy DokuWiki's default template. The reason is simple: there was no such useful thing as the Starter template. Therefore all of my existing templates were based on the default template CSS. But things changed a bit. First of all, DokuWiki will get a new default template called “dokuwiki” in the near future. Therefore I asked on the mailing list if it is better to use the “Starter” template CSS or wait for the new “dokuwiki” template CSS as technical base for the development approach described in this text. And the answer is clear: use the Starter template as the new default template is based on Starter, too. Therefore I switched all of my templates over from the old default template CSS to the Starter template CSS as technical base.¹⁸⁾ I'm sure a comparable situation won't happen again. Relying on the default template simply was less future-proof than relying on the now existing Starter template which is just existing to make template developing easier.

• Starter template
• Starter template changelog
• DokuWiki developers changelog
• Cascading Style Sheets
• Assigning property values, Cascading, and Inheritance: 6.4 The cascade
• Kaskade - Anwendung von Stylesheets auf Dokumente
• prsnl10_screen.css
• mnml-blog_screen.css

Update 2011-12-03: I updated parts of the article to fit the newest changes and Anika's recommendations.

I'm using a separate¹⁹⁾ email address for my Android 2.2 based mobile phone. This makes it possible for close friends and my family to write me when I'm on the road. For free and without the need for crappy SMS phone GUIs. Additionally, it is very handy to mail yourself a grocery list or a quick note before leaving the house. However: All unencrypted²⁰⁾ mails for your phone are clear for the telco provider and others to see. But there are comfortable applications to change this.

Quick and superficial guide about the needed actions:

1. Install the needed applications on your phone (click on the app names for QR Codes containing an Android Market search query):
   • Android Privacy Guard (APG)
   • K-9 Mail
   • Astro File Manager (optional but recommended)
2. Generate a new key pair for your phone. IMHO, it is a bad idea to place your main private key on an unencrypted mobile device. The risk of theft/loosing it is too high. I created the new key pair on my PC (even it would be possible on Android) because I prefer some kind of key hierarchy and a keyboard makes the creation more comfortable. Additionally, it is not a bad idea to have a backup copy of the new key on your PC.
3. Export you new key pair into .asc files:

   gpg -ao ~/privkey.asc --export-secret-key KEY-ID
   gpg -ao ~/pubkey.asc --export KEY-ID

   If you don't like the terminal, use Enigmail or another GPG GUI for the export. It is also a good idea to export the public keys of the persons you want to write encrypted mails from your phone. Even APG provides the possibility to use keyservers, it makes no fun to search and import dozens of keys using that way.

4. Copy the .asc files on your phone (e.g. via USB), the location does not matter (you can delete these files after the import was done).
5. On your phone:
   1. Open APG→click Menu button→“Manage Public Keys”. The screen changes→click Menu button→“Import Key”. The program is asking where the .asc file containing your public key to import is located. Click on the file browser icon and run the action with “ASTRO”. Browse to the file and click on it. Check “Delete After Import” and click OK.
   2. Open APG→click Menu button→“Manage Private Keys”. The screen changes→click Menu button→“Import Key”. The program is asking where the .asc file to containing your private key to import is located. Click on the file browser icon and run the action with “ASTRO”. Browse to the file and click on it. Check “Delete After Import” and click OK.
   3. Open K-9-Mail→click Menu button→“More”→“Accounts”. The sceen changes→Click and hold on your account→“Advanced”→Cryptography→Select “APG” as the OpenPGP Provider. And check “Auto-sign” if it makes sense for you.

That's all. But you should know that K-9 Mail brings no support for PGP/MIME right now. This means you have to tell your friends to write Inline-PGP encoded mails, not PGP/MIME mails. But this should be default in most environments. If not: Enigmail provides a non-global select box for this setting at the “Per-Recipient Rules” menu.

Aufgrund der globalen Verbreitung und der bereits Jahrzehnte langen Existenz von (La)TeX finden sich extrem viele Informationen zum Thema. Als Anfänger ertrinkt man in der Informationsflut, eine thematische oder qualitative Selektion ist ohne Vorwissen sehr schwer: So manche Quelle ist von schlechter Qualität, andere sind hochwertig aber erschöpfend. Anderes ist… abgespact.

Ich liste daher im Folgenden (hoffentlich) nützliche Informationen, die ich als LaTeX-Einsteiger zusammengetragen habe. Vielleicht wird es für dem Ein oder Anderen hiermit leichter gemacht, zu wissen was man wofür braucht, welche Werkzeuge empfehlenswert sind und wo man gute Informationen dazu findet.

Read more…

You know the problem: tons of add-ons are bloating your Firefox. Including slower rendering speed and start-up. This is especially true if you are a web developer because there are many useful but heavy extensions you never need if you are not working on a project. Different profiles and starters/shortcuts may help you out. It works for me²¹⁾ and I'm sharing my approach here (maybe it is useful for someone else).

Read more…

Writing Bash scripts is fundamental to automate and understand many tasks on common Unix-like environments. If you are new to Bash (or even Unix-like systems) you'll have it a lot easier if you take a weekend to learn some fundamental principles before starting to script your stuff. No matter how experienced you are in programming, everything you'll find regarding Bash is much easier to follow and understand if you know some things before.

IMHO, the following resources are good starting points:

1. Linux Shell Scripting Tutorial (LSST) – Extremely good resource, especially for beginners.
2. Bash FAQ – Many answers to frequently asked questions.
3. The official GNU bash manual – Reference work. If you are generally familiar with Bash/*ix or simply search for a specific thing: look at the manual. Nearly everything should be documented there.

To make it much easier for yourself, make sure you understand²²⁾ the following (the resources mentioned above will help you):

1. Streams and redirection
   Standard Input (stdin, 0), Standard Output (stdout, 1) and Standard Error (stderr, 2). It is really fundamental to understand the stream concept. How streams are working. And how to manipulate, redirect and merge them. This is particularly important before writing much code or libraries. Otherwise you may have to change many things over and over again to make your scripts are interacting smoothly with the system (→ error logging etc.).
   Example of things you should be able to do blindfolded:
   • merge foobar's stderr (2) into foobar's stdout (1):

     foobar 2>&1

   • If you redirect foobar's stdout (1) into a file now, all error messages will also be written into the file because stderr (2) is merged into stdout (1):

     foobar > ~./logfile.log 2>&1

   • If you understand the two steps above, it is clear what the following does:

     echo "message" 1>&2

     Explanation: echo prints something to stdout (1). 1>&2 merges stdout into stderr. Therefore “message” will be printed as error to stderr(2) instead of creating simple standard output – this is the way to go if you want to print a simple error message. You also need redirections if you want to use sudo.

2. Exit codes
   This is particularly important before writing much code to make sure your scripts are interacting smoothly with other applications.
3. Pipes and Filters
4. Subshells and the so called Subshell Problematic
5. Background processes
   E.g. how to start them (→ &).
6. Globbing and the Internal Field Separator (IFS)
   Make sure you be able to change and restore the IFS. And know how to use find and why you need it.
7. Regular Expressions and useful tools
   The sed, cut, grep and find commands are available on nearly every system and are very helpful when you need to edit, find, manipulate or create files and data.
8. Learn how to detect if you are root
   

   if [ "$(id -u)" != "0" ]
   then
       echo "This script needs root privileges!" 1>&2
       exit 1
   fi

9. Learn how to define functions
10. Here Documents
    See the Here Documents at the LSST for details.

You'll learn the most if your scripts are doing real jobs. Create a backup script. Or try to configure your whole desktop by script to make things comfortable on freshly installed systems.

Connecting to university VPNs is always… fun. This is also true for the KIT VPN, especially because there is so much outdated information out there. E.g. there is no more Cisco compatible endpoint²³⁾ but tons of vpnc tutorials! You have to use the Juniper Networks software jnc now.

However… it worked after all. The IT guys were friendly enough to put helpful information at the online help. But to make it even easier, here are a my hints to get the KIT University Karlsruhe VPN connection running:

1. Make sure you got a working Java RE. I used sun-java6-jre, therefore I don't know if it runs with OpenJDK.
2. If you are running a 64bit Ubuntu,²⁴⁾ you need some 32bit wrapper libraries for jnc:

   sudo apt-get install libc6-i386 lib32z1 lib32nss-mdns

3. Open a terminal, download and untar the jnc archive the KIT VPN help provides for Linux:

   cd ~
   wget https://www.scc.kit.edu/scc/sw/juniper/7.0/linux_vpn_7.0.tar.gz

4. Extract the archive and remove it afterwards:

   tar -xzf linux_vpn_7.0.tar.gz
   rm linux_vpn_7.0.tar.gz

5. There should be a juniper_linux directory within your home dir now. Change into it and run the included vpn-install.sh script:

   cd ~/juniper_linux
   ./vpn-install.sh

   Simply follow the instructions (e.g. you have to enter your RZ username).

6. Make sure jnc is executable:

   sudo chmod a+xr /usr/local/bin/jnc

7. You can remove the temporary juniper_linux directory now:

   rm -rf ~/juniper_linux

   That's it.

To establish the connection, open a terminal and type jnc -n kit. The program should start and prompt you for your account's password. Example output:

user@computer:~$ jnc -n kit
Server certificate verified and CN is vpn.kit.edu. Saving in /home/user/.juniper_networks/network_connect/config/vpn.kit.edu.der.
Password: 
Connecting to vpn.kit.edu : 443.
Waiting for ncsvc for 3 seconds... done
ncsvc is running, but tunnel is not established yet. Waiting for 3 seconds... done.
ncsvc is running in background (PID: 2448):
tunnel interface tun0, addr: 141.3.193.37

You can use jnc stop to close the VPN connection. Example output:

user@computer:~$ jnc stop
ncsvc is running, sending signal... terminated.
user@computer:~$

2011-10-25: Updated the installation instructions, there is a new VPN software version (7.0).