Finding local extrema in Matlab and Octave via fminbnd()

octave_logo-small.pngI recently had to work on a Matlab assignment that required the use of fminbnd() to find local extrema. As I typically work in Octave rather than Matlab I ran into some problems getting my code to work within both programmes. As it turned out, Matlab and Octave handle the function slightly differently, so I thought I’d share my findings to save others some headache.

First of all, some background information: fminbnd() is a Matlab/Octave function to find a local minimum of a continuous function within a specified interval (check out this excellent page for a simple example). By default, the function is used like this: [xval, yval, flag] = fminbnd(myfunction, startx, endx, options); This will search for local minima of the function myfunction within the interval of x = [startx, endx] and return the x-value of the minimum xval, the corresponding y-value at the minimum yval as well as an exit flag, which should be “1″ if there is a solution. Although fminbnd() is designed to search for minima, it can search for maxima by reversing the function parameter, i.e. -myfunction. It’s quite a handy function since it can greatly reduce the time required to determine the position of extrema when the rough location and type are already known.

The difficulty in getting fminbnd() to work on Octave stemmed from the fact that the function in question required a large number of parameters and the way both programmes handle this syntactically. To illustrate the problem, have a look at the following piece of code:

function y = poly2(x,a,b)
  y = a*x.^2+b*x;

opts = optimset('Display','off');
[xval, yval, flag] = fminbnd('poly2',-2,2,opts,1,-2);

This apparently worked in Matlab, but didn’t in Octave. The basic idea was to have Matlab iterate over the first parameter x to find the local minimum, so in order to do that, the second and the third required parameters of poly2() are appended in the call to fminbnd(). Looking at the definition of fminbnd() given above, it seems natural enough that this would fail, and Octave does indeed give an error: error: Invalid call to fminbnd. Correct usage is: -- Function File: [X, FVAL, INFO, OUTPUT] = fminbnd (FUN, A, B, OPTIONS). The way to make this work in Octave is by using an anonymous function to define a wrapper which pre-defines the second and third parameter, so we get a new function that only requires one input parameter x.

poly2W = @(x) poly2(x,1,-2);
[xval, yval, flag] = fminbnd(poly2W,-2,2,opts);

This gives xval = 1.000000 yval = -1.000000 flag = 1. Defining poly2W() in this way allows Octave to complete the search and determine the point (1,-1) as the minimum of the original function poly2() for a = 1 and b = -2 within the interval [-2,2]. The nice thing about anonymous functions is that they inherit arguments from the enclosing scope, so in case your parameter values are determined dynamically within the computation, you can simply call these variables when defining your anonymous function. The only downside that remains is that fminbnd() appears to be considerably slower in Octave than in Matlab, but how much that matters depends on your project :-)


Block unauthorized OpenVPN logins using fail2ban

fail2ban.pngMonitoring a server can be a lot of work, but thankfully handy tools like fail2ban or logwatch make the task a lot easier. Fail2ban, for example, monitors the log files of services running on your system and blocks incoming connections when it detects a break-in attempt (using iptables or hosts.deny). These need to be defined using a regex filter, and while a great number of templates are already available for the most-used services (Apache, SSH, etc.), OpenVPN thus far has not been included. Setting this up isn’t too difficult, though.

Create a file openvpn.conf in /etc/fail2ban/filter.d/with the following content:

failregex = [a-b]*ovpn-server.*:.<HOST>:[0-9]{4,5} TLS Auth Error:.*
     [a-b]*ovpn-server.*:.<HOST>:[0-9]{4,5} VERIFY ERROR:.*
     [a-b]*ovpn-server.*:.<HOST>:[0-9]{4,5} TLS Error: TLS handshake failed.*

Set up a local configuration file for fail2ban by running cp -ivra /etc/fail2ban/jail.conf /etc/fail2ban/jail.local and open /etc/fail2ban/jail.local and add the following at the end of the file:

enabled = true
port = 1194
protocol = udp
filter = openvpn
logpath = /var/log/syslog
maxretry = 3

Finally, run /etc/init.d/fail2ban restart to restart fail2ban and make the changes take effect. Note that this set-up assumes that your OpenVPN server logs go to syslog. Also note that, in case you want to modify the filter rules, each failregex line must contain the <HOST> tag, otherwise even valid regex rules will not work, since fail2ban won’t know which address to block (use the fail2ban-regex tool to check if your detection rules are working: fail2ban-regex logfile.log /etc/fail2ban/filter.d/openvpn.conf).

You can set up fail2ban to email you each time there has been a break-in attempt by further editing the parameters in jail.local. Personally, however, I prefer a less intrusive solution based on logwatch. Logwatch is another programme that monitors log files on your system, but its job is to email you daily (or weekly, monthly, etc.) summaries of them. A simple way to make this set-up both convenient and secure is by setting up logwatch to monitor fail2ban logs, deliver summaries to a local inbox and run a little batch script via a cron-job to fetch these messages, encrypt them and send them to your actual email address.


You may also want to check out refiddle to help you with those regular expressions.

LyX CJK set-up based on XeTeX and xeCJK

lyx.pngI have recently been playing around with LyX and XeTeX, a Unicode extension for TeX, to find a set-up that allows me to switch easily between various East Asian languages without entering LaTeX code. With the help of a few friends, the xeCJK manual and Richard Heck over at the LyX Mailing List, I was able to define LyX Text Styles for Chinese (Simplified and Traditional text), Japanese and Korean that can be selected via the context menu right from within LyX itself, allowing me to focus on the content of my writing and leaving the worrying about Unihan issues to someone else :-)

I decided to leave the file as it is and not go through the settings step-by-step, since this would make a rather lengthy post. Interested users can study the file depending on their familiarity with LyX and LaTeX, e.g. novice users may use it as a template for their own documents, whereas more experienced users may find if useful to study CJK set-ups for LaTeX or LyX Local Layouts. In any case, here are the files:

Note that this document uses the Microsoft default serif CJK fonts (SimSun and PMingLiU, MS Mincho and Batang), so make sure you have them installed before compiling. Depending on your needs, you may prefer a free alternative (e.g. AR PL UMing CN and AR PL UMing TW, Kochi Mincho, Unbatang), or the more modern-looking sans-serif Windows 7/Vista default fonts: Microsoft YaHei, Microsoft JhengHei, Meiryo, Malgun Gothic. Fonts are defined in the Document Preamble (Document -> Settings -> Preamble).

Open XMPP Alternatives to Google Talk

xmpp.pngAfter Google’s much-publicised decision to replace Google Talk with Hangouts and drop XMPP support in the process, many people have been looking for alternative XMPP servers that allow connecting through standards-based clients and support federation with other servers. Here are a few servers I recommend:

  • – is the first XMPP server and has been in continuous operation since 1999. It originally hosted much of the community and development of the XMPP protocol. I’ve used this server on and off over the last couple of years, but have found it somewhat prone to errors. But in the ever-changing world of XMPP services, has remained a constant, which deserves credit.
  • – Released only a few days ago by the folks at DuckDuckGo, this public XMPP server is relatively new, so there is not much that can be said about their quality of service yet. Given DuckDuckGo’s active community of developers and commitment to the principles of free software, they have the potential to become one of the most popular servers out there.
  • — Hosted by the German hackers association Chaos Computer Club, this is one of the most popular XMPP servers in Germany. The server is well-maintend and uptime is excellent, so there are generally very few issues. Although their website is available in German only, account registration works the same as on any other XMPP server, so there shouldn’t be any problems for international users. Highly recommended.
  • — Of course, I’d be negligent not to point out our own XMPP server, which is available to all Fellows of the FSFE. Next to an email alias, an OpenPGP smart card and access to the FSFE blogging platform, this is one of the goodies you get as a fellow of the FSFE.

Now, just to be clear, this is only a small subset of XMPP servers. There is a large number of public XMPP servers with different features (see this list for example), some even allow you to connect to your ICQ or Yahoo Messenger accounts, or to send SMS or email. Which server is best for you pretty much depends on what you want and what you need — as usual :-)

GnuPG-encrypted mail forwarding for remote systems

Ever since I started using Fail2ban and Logwatch to monitor unauthorized login attempts and system logs on my server, I have been looking for an easy way to regularly receive encrypted status reports from both programmes by email. After playing around with gpg-mailgate for some time (useful tutorial here), I decided to opt for a simpler solution and told both programmes to send their reports to a specific user on my system. These messages are then retrieved by a simple cron script and emailed to me at regular intervals. Here is how I did it:

Import your gpg public key on the remote system via gpg --import <your key file>, and create a directory /var/mailbackup for backups. Then create a script /etc/cron.hourly/00mailencrypt with the following content (don’t forget to replace the placeholders with the correct values for your set-up) and mark it executable.

if [ -s /var/mail/<user name> ]
then #file has data
cp /var/mail/<user name> /var/mailbackup/mailbackup`date +%y%m%d-%H%M`
gpg -ea -r <email address> -o - /var/mail/<user name> | mail -s "mail report" <email address>
echo -n "" > /var/mail/<user name>

Cron will now regularly check /var/mail/<user name> for new messages, encrypt and send them to you.