All Acoustid components are now migrated to GitHub:
Even though I still prefer the idea of Bazaar, the tools built around Git and especially GitHub make it worth switching for me. I started using Bazaar a long time ago because it was the only VCS that was able to work on Windows back then. I built several tools to make it more comfortable for me, but I get the feeling the situation is not improving. Maybe Git really is the VCS we should all use…
The internet is a nasty place, everybody is trying to hack into your servers if they are publicly accessible. Even though I always disable password authentication, so there is very little chance somebody could “guess” my private RSA key, I don’t like /var/log/auth.log being spammed. Fail2ban is a nice solution to that I use on Linux with iptables, but it was not working for me on FreeBSD with IPFW.
My firewall is configured to drop everything by default, so it needs to have rules with connections that it should be allowed. However, the default IPFW ban action looks like this:
actionban = ipfw add deny tcp from <ip> to <localhost> dst-port <port>
This inserts the rule at the end of the rule list, just before the default rule. This doesn’t work for me, because it’s after my own rule rule that allows traffic on that port from any address, so the newly added rule has no effect. I ended up modifying the IPFW action configuration file ($PREFIX/etc/fail2ban/action.d/ipfw.conf) to dynamically generate rule numbers that are before my own rules:
actionban = USEDNUMS=`ipfw list | perl -pe 's/(\d{5}) .*\n/$1|/' | perl -pe 's/\|$//'`
NUM=`jot -w '%%05d' - <minnum> <maxnum> | grep -vE "($USEDNUMS)" | head -n1`
ipfw add $NUM deny tcp from <ip> to <localhost> dst-port <port>
This only uses rule numbers between <minnum> and <maxnum>, selecting the first one that is available. I can set the variables in my jails.conf configuration like this:
[ssh-ipfw] enabled = true filter = sshd action = ipfw[localhost=any,minnum=01110,maxnum=01199] logpath = /var/log/auth.log ignoreip = 168.192.0.1
The default unban action is also problematic. I was testing the above from a server that has some traffic on another port explicitly allowed. However, when canceling the SSH ban, Fail2ban deleted also my own rule because it was using only the IP for firewall rule matching. Changing it like this works for me, but it’s still not ideal:
actionunban = ipfw delete `ipfw list | grep -i 'deny tcp fromto ' | awk '{print $1;}'`
Ideally I would like to check also the port numbers, but I can’t find an easy way to resolve the service name to a port number.
The final version of the IPFW Fail2ban action configuration file that I’m using is here.
… or why there are none.
TagLib is a C++ library and as such, it’s very dependant on the compiler. GCC (MinGW) and MSVC generate completely different symbol names, so you can’t even think about using libraries built the other one. But even if you use different versions of MSVC, you will most likely get into troubles. Different versions of the standard C++ library, different compiler switches and many other things can cause the library to be incompatible with your application.
So, the best solution is to compile TagLib yourself, with the same compiler that you use to build your application. People usually have problems building TagLib with MSVC, so here is a simple guide how to do that.
First, install CMake. Then download zlib 1.2.5 and TagLib 1.7, unpack both packages somewhere (let’s assume you unpacked it to `X:\code`). You can then build TagLib with everything included using the following commands:
cd X:\code\zlib-1.2.5 cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF . nmake cd ..\taglib-1.7 cmake -DZLIB_INCLUDE_DIR=X:\code\zlib-1.2.5\ -DZLIB_LIBRARY=X:\code\zlib-1.2.5\zlib.lib -DCMAKE_BUILD_TYPE=Release -DWITH_ASF=ON -DWITH_MP4=ON -DBUILD_EXAMPLES=ON . nmake
Now you can verify that it worked by trying to read a MP3 file (or any format that TagLib supports):
copy taglib\tag.dll examples\ examples\tagreader.exe X:\path\to\music\file.mp3
If any of this doesn’t work for you, please let me know. You shouldn’t need any hacks, the commands described above should work. If they don’t, it’s a bug and will be fixed.
Another post intended mainly for future me, I tend to lose and re-invent this kind of stuff if it’s not public… :)
For projects like Picard or Chromaprint, when I’m doing a Windows build, I need a minimal version of FFmpeg that can decode audio files, but not much else. FFmpeg is a huge project, I definitely don’t want to distribute all the video codecs that it supports (e.g. avcodec-52.dll from HawkEye’s FFmpeg Windows Builds has 11MB, mine has 1MB). Here is a simple guide how to get a working version using MinGW32 on a Ubuntu machine:
sudo apt-get install mingw32 yasm mkdir -p ~/code/mingw32/install/ cd ~/code/mingw32/ git clone git://git.videolan.org/ffmpeg.git cd ffmpeg wget -O- http://dl.dropbox.com/u/5215054/win32/ffmpeg/ffmpeg-configure-mingw32.diff | patch -p1 wget http://dl.dropbox.com/u/5215054/win32/ffmpeg/ffmpeg-configure-mingw32.sh chmod +x ffmpeg-configure-mingw32.sh PREFIX=~/code/mingw32/install/ ./ffmpeg-configure-mingw32.sh make make install
Ta-da, in ~/code/mingw32/install/ you now have everything you need to compile applications that use FFmpeg with MinGW32. If you need import libraries for MSVC, go to the bin directory on Windows and run the following commands:
lib /machine:x86 /def:avcodec-52.def /out:..\lib\avcodec.lib lib /machine:x86 /def:avformat-52.def /out:..\lib\avformat.lib lib /machine:x86 /def:avutil-50.def /out:..\lib\avutil.lib
Next up, how to compile Chromaprint on Windows with MSVC 2010 using these libraries.
Some time ago I wrote a couple of tools that help me set up and update a mirror of the MusicBrainz database on the Acoustid server. It turned out to be work really well. Recently I’ve seen a few people struggling with setting up the NGS database using the original server codebase. The official route assumes you are going to run a MB server instance, which makes things a little bit more complicated than it has to be. You have to install a number Perl modules, you have to compile the MusicBrainz-specific PostgreSQL extensions, even though you most likely don’t need them, you are forced to setup a musicbrainz_db_raw database that you are definitely not going to use, because there is no data in it, etc.
If you just want to have a local copy of the MB NGS database, don’t want to mess with CPAN or compiling PostgreSQL extensions, you can try the NGS version of mbslave. You only need Python, psycopg2 and PostgreSQL. The number of steps you have to do manually is probably larger than with the official way, but on any Unix-based OS it should be just copy&paste from the README file and it should really just work, with the benefit of being able to customize everything.