Posts Tagged ‘SSH’

2012w29

Sunday, July 22nd, 2012
Copyright

So apparently just looking at an (web)article of a newspaper (or any web page containing copyrighted content) could mean you are infringing on that publishers copyright… do newspapers actually want to commit that kind of suicide?

I couldn’t decide whether to put this post under “Copyright” or “Censorship” since it involves the MAFIAA using the DMCA to silence things… in this particular case, it would seem, their members own marketing campaigns… With friends like the MAFIAA, who need enemies? :)

Patents

Portable electronic device, method, and graphical user interface for displaying electronic lists and documents now, how could this not apply to every type smartphone, pad, dumb-phone or, for that matter, laptop, in existence? How can such a patent even be granted?

Censorship

Censored by copyright for protesting being censored by copyright, somehow I don’t think that this was how laws were intended to be used when humanity first came up with the concept of rule of law…

Who would have thought that filtering the net may affect more than the specific group targeted by the filter? That’s impossible right?

Surveillance

Facebook is being creepy as hell as usual.

Apparently, Microsoft’s SkyDrive comes with some strings attached

Society

The European Commission intends to make open access all research findings funded by Horizon 2020. This is nice :)
Dunno if EC or UK was first, but UK is thinking along the same lines.

On the other side of the spectrum, i.e. not so nice, if things really are as dire as President Obama would have people believe, wouldn’t the responsible thing to do then, be to secure the infrastructure the hell up, instead of passing laws which any would-be imaginary-or-real terrorist would ignore?

I mean, one of the most idiotic plots in “24” was that nuclear power plants could be remote controlled over the internet. Or in Die Hard 4, that with a couple of taps on a keyboard, the bad guy could redirect a whole bunch of gas to go to the same place at the same time, building pressure, making big badaboom…

Now, if the infrastructure in fact support doing this, remotely, then those who put that in the specification, and those who produced it, and those who installed it, should all be found and tried for dangerously criminal negligence.

Of course, if the end game is to hollow out personal privacy and spy on your own citizens, then it would be better to nibble away on their rights through more new and ineffective laws, which can always be extended later when proven (through a real enemy, someone just being curious, or a false flag operation) not to work.

Justice Department sues telco for daring to challenge its secret demands for private information.

Activism

Targeting Shell with a fake PR campaign. I wonder how long it will be until lobbyists have bought an amendment to some law labeling this sort of activism as terrorism…

Join the Internet Defense League and make sure the internet never loses. Ever. Or, put another way, Rescue the lolcats from the evil clutches of the internet hate league!

Services

Blooie lets you chat online with people who like what you like I am just a tad bit sceptical about this one…

On the one hand, getting in touch with people who like what I like, Free Software, Programming, vim, etc. etc. Great! Buuuuut, how is this not willfully and intentionally putting yourself inside a filter bubble, and only exposing yourself for the types of opinions you yourself already hold? If two people say the same thing, isn’t one of them redundant? I remain a little unconvinced.

Command line

At work this week I needed to get a file from server1 to server3, and the only connection between the two was through an intermediary server, server2. Oh yeah, the only way to communicate between the servers where ssh. Sure, a three step approach was possible (scp file server2: ; ssh server2; scp file server3: ) but the file on server1 could get updated at times, which would mean yet another upload, so a simpler process was needed, a shell script with something along the lines of this:

cat $file | ssh user@server2 "ssh user@server3 \"cat > $file\""

Thanks go to pesa for coming up with the solution.

Programs

TMSU is a program which allows you to tag your files, and then perform queries on the tags, filtering out all files not tagged according to the queried constraints. Neat!

ownCloud is getting more interesting with every passing day.

I never really thought about the fact that you could do lots of things with locate such as adding flags, or configuring directories or files to disregard.

I found an expect-like utility named empty. Funnily enough I found it by checking out the examples of the Zenity fork: Yad.

Cuttlefish: Execute actions when specific events are triggered.

I am also currently trying out this vim statusline.

Throught this question I learnt about fold.

Development

Really nice ELI5 article about how flood fill works, using Zombies and Cats, and Python.

Reading this post and seeing the example resume I agree that what catmoon ponders about would be pretty cool.

Of course, the program should know what skills I have, and only select the relevant out of that set, based on the skills extracted from the job listings. At least that’s how I’d design it, as there is no good reason to lie about what you know and don’t know.

And now I finally grasp how two create quines!

When you screw up, and commit sensitive data to a git repository, this seems like a rather good way to handle it.
Oh and of course, if that sensitive data was a password, CONSIDER THE PASSWORD COMPROMISED AND CHANGE IT!

I had heard about the “Rosetta Code” before, but never got around to checking it out until this weekend, which is when I found this rather intriguing piece of Perl code.

I have to admit to being rather impressed about what one can do with html/css/javascript and some javascript libraries these days.

And although very cool, I still have yet to find a personal use for PhantomJS :/

Text books used in education should be written like this.

Other news

RasPies can now be ordered in bulk.

Here’s to the misfits.

Dunno what it’s good for, but it is pretty.

Stochastic, nerdtastic restaurant bill splitting.

Astronomy Picture of the Day har a pretty sweet image this week.

:wq

2012w06

Sunday, February 12th, 2012

Update: Ooops, I guess we gone incremented the year again… and no one thought to tell me :(

ACTA

It’s comforting to know that the people we elect to rule us at least know what they’re doing… Oh… wait…

git and branches

Last week, for the first time, I think I groked branches. The headline mentions git branches, and if they are different from other VCS’ branches, then last week I think I groked git branches :P

I’ve known about branching for quite a while, but never gotten past anything other than a rudimentary understanding.

I think I understood how mercurial does it (simply clone the repository, name the root directory of that clone to whatever you want to call that branch, and presto. (And yes, I am aware that mercurial has a branch command as well, so my understanding on that point is probably incorrect).

Either way, what finally gave me an “aha”-moment was this blogpost.

And while one the subject: Other uses of git. I am going to take a closer look at especially Prophet.

Links

AUTOMATE ALL THE THINGS

No but seriously, frakking do it. Automation ftw.

2011w43

Sunday, October 30th, 2011

Misc tools and other goodies

Another work week, another set of “discoveries”, like less -S, crontab -r and that when you issue a command which in turn uses $EDITOR to launch an appropriate text editor, and you instead of an editor window is greated with vim: no such command, well then perhaps in one of your profile- or config-files for the shell you have a line looking something like this:

EDITOR=`which vim`

Yes, this happened to me at work on a box which only had vi installed.

Pontus also showed me some SSH escape sequences which could come in handy. The first thing to know about them is how to “activate” them, which is done with the tilde-sign (~).

So on my setup, this would mean “AltGr+¨AltGr+¨” followed by a some sequence (? for help, . to close the connection (very good for when the remote server has rebooted, i.e. the ssh session has died, but the terminal never got wind of it, so it just sits there), or C^z to suspend it.)

cp importantFile{,.bak} is a pretty nice pattern as well.

Finally, I found a new (and totally inappropriate but functional) way of using mscgen: to generate staffing schedules.

In this case, being the “tech responsible” at FSCONS, this means scheduling my eight slave^H^H^H^H^Hcamera persons across the four tracks and two days.

Experiences from last year made me divide each day up into two pieces (AM and PM) which makes for sixteen blocks, divided evenly across the eight volunteers (who I am ever greatful to) for a total of two blocks per person.

For that small amount of data, mscgen worked wonders and gave me a wonderful overview :)

As a sidenote, I really should try to post a “my picks” from the FSCONS schedule soon. Yet another TODO to push onto the stack… ;D

Java

A couple of nights ago Pontus told me about an “array shuffling algorithm” (e.g. good for when you have an array representing a deck of cards and want it shuffled) which basically revolves around iterating through the array once, starting at the back of the array, counting down and for each iteration use the loop-counter as the max value for the random number generator so that it always delivers a number (index) which is within the array itself, and then swap places if the index:th place and the loop-counter:th place of the array. That was a fun excercise :)

Scripting NetworkManager

Sunday, May 2nd, 2010

At home I have a laptop acting as a central mercurial server (from here on referenced as myserver). This is great, being able to synchronize my desktop and netbook through an intermediary gives me three hard drives on which my data is stored. The setup was, however, not especially useful since my netbook goes with me almost everywhere (read: outside the home network).

This presents a problem as when I clone a repository and my .hg/hgrc file now contain a link to the server using at best a name defined in my /etc/hosts file, and at worst a local IP address (192.168.0.xyz).

I had long since done away with the IP address links, replacing them with hostname links (i.e. ssh://hg@myserver/repo instead of ssh://hg@192.168.0.xyz/repo) which was the first step. Now all I needed to do was make myserver accessible through the firewall (forwarding the appropriate port (since we are talking ssh here that would be 22, unless you are paranoid and have switched the port which sshd listen on) in the router, make the server listen on that port, and finally come up with a way to dynamically switch what IP address myserver should point to.

There probably is a better solution for this, configuring the router to make all this would be one way, but I’m not sure that my router has that capability, and even if it did, I’m not sure I would have the skills to configure it. Software and shell scripting on the other hand, those are things I know how to work.

My solution, was simply to create two new hosts-files in /etc :

# touch /etc/hosts-{home,not-home}

and then insert appropriate information into them such as

# echo "myserver    192.168.0.xyz" > hosts-home
# echo "myserver    aaa.bbb.ccc.ddd" > hosts-not-home

(where aaa.bbb.ccc.ddd is my external IP as seen on http://whatismyip.org/).

I also made a backup of my current hosts file just to be on the safe side

# cp /etc/hosts /etc/hosts.bak

So, the overall plan is that once I’ve identified if I am at home, or somewhere else (i.e. not home) I will overwrite (copy) /etc/hosts with the “correct” hosts-file (-home or -not-home).

And this is where NetworkManager comes into play. Every time there is a change in the connection status of any identified network interface, NetworkManager reacts by executing every script found in /etc/NetworkManager/dispatcher.d/.

Every script is called with two parameters, the first being which interface changed (e.g. “eth0″, “wlan0″, etc.) and the second being how it changed (e.g. “up”, “down”). What I wanted to do was, every time a new interface went up, check if it had connected to a device in my home network (wlan or ethernet).

So, how do you distinguish different devices in a simple manner? For me, distinguishing different MAC addresses (two known addresses at home (wlan and ethernet), and every other address was essentially not home) would do nicely.

Enter the “arp” command. From it, using flag “-i” (for interface) I can discover the IP and MAC address  of the device I’m connected to. When I first discovered the example usage used flag “-a” as well which, according to the man-page, outputs results in an alternate BSD style format, using no fixed columns. This had some benefits, but as I read it again now, the “no fixed columns” remark begin to worry me. The fact that it has worked so far isn’t good enough proof that it will always work. Needless to say, ymmv.

Putting it all together:

#!/bin/sh
# filename: /etc/NetworkManager/dispatcher.d/99switchHosts.sh

# Unless the status is "up" I'm not interested
if [ "$2" != "up" ];
then
    exit 0;
fi

# I am interested in two interfaces, eth0 and wlan0
# each connect through different IP addresses and
# these devices have separate MAC addresses
if [ "$1" == "eth0" ];
then
    TARGETIP="192.168.0.1"
    TARGETMAC="aa:bb:cc:dd:ee:ff"
else
    TARGETIP="192.168.1.1"
    TARGETMAC="12:34:56:78:90:ab"
fi

# Sometimes arp hasn't gotten hold of any IP/MAC addresses
# pinging and waiting does wonders for this
ping -c 1 "$TARGETIP" 1>/dev/null 2>&1
sleep 5
CURMAC=$(arp -ai "$1" | grep "$TARGETIP" | awk '{ print $4 }')

while [ -z "$CURMAC" ];
do
    # Again, arp might not have gotten hold of IP/MAC
    sleep 3
    CURMAC=$(arp -ai "$1" | grep "$TARGETIP" | awk '{ print $4 }')
done

# If MACs match, it is a known address, i.e. home
if [ "$TARGETMAC" == "$CURMAC" ];
then
    cp /etc/hosts-home /etc/hosts
else
    cp /etc/hosts-not-home /etc/hosts
fi

exit 0

This should be put in /etc/NetworkManager/dispatcher.d/99switchHosts.sh (and the script should be made execute:able)

# chmod +x /etc/NetworkManager/dispatcher.d/99switchHosts.sh

All done, not too shabby eh?

mercurial-server

Saturday, July 18th, 2009

I have just found a pretty cool way to set up a centralized mercurial server called “mercurial-server”, but unfortunately I haven’t got it all quite working yet. Installation was dead simple:

$ cd src/tarballs
$ wget http://hg.opensource.lshift.net/mercurial-server/archive/release_0.6.tar.gz
$ cd ..
$ tar -zxvf tarballs release_0.6.tar.gz
$ cd mercurial-server-release_0.6
$ sudo ./install

With that done you need to upload your ssh public key (i.e. ~/.ssh/id_rsa.pub on your local machine, not the server on which you are installing mercurial-server) and place it in /etc/mercurial-server/keys/root/[username]/[hostname_of_local_machine], although I am assuming that the extra directory ([username]) and naming your pubkey after your local hostname is for ease of administration only.

I had set up some rather restrictive rules about what groups could enter the server by ssh, in my /etc/ssh/sshd_config file, which  effectively thwarted my first attempts at doing anything (say cloning the hgadmin repo) by ignoring my pubkeys and asking for the password to the hg user. I was rather stumped at that for a while until I remembered my sshd_config being… paranoid. ;)

With that out of the way I could attempt a hg clone ssh://hg@jupiter/hgadmin, which failed miserably with a stack trace indicating that I didn’t have the python-dispatch package installed. I tried Googling for a list of dependencies, but the name “mercurial-server” doesn’t seem to be well established with Google yet, so most results end up with questions about “mercurial” and “server” (placing mercurial-server inside quotes, it does nothing!). Anyhow, one sudo apt-get install python-dispatch later and I got a new stack trace:

$ hg clone ssh://hg@jupiter/hgadmin
remote: Traceback (most recent call last):
remote:   File "/usr/local/share/mercurial-server/hg-ssh", line 89, in <module>
remote:     try_cmd(os.environ.get('SSH_ORIGINAL_COMMAND', '?'))
remote:   File "/usr/local/share/mercurial-server/hg-ssh", line 56, in try_cmd
remote:     dispatch.dispatch(['-R', repo, 'serve', '--stdio'])
remote:   File "/var/lib/python-support/python2.5/mercurial/demandimport.py", line 75, in __getattribute__
remote:     return getattr(self._module, attr)
remote: AttributeError: 'module' object has no attribute 'dispatch'
abort: no suitable response from remote hg!

This was, as I realized when installing the mercurial-server temporarily on another much more up to date system, due to an outdated version of mercurial installed on the system. I really ought to do a dist upgrade or a complete reinstall of the entire box now while I don’t have much of value on it, but I opted for the less time consuming way of just uninstalling the old (repository version) mercurial and installing from source. And now all is well :D

All there is to it now is experiment by managing the server from its hgadmin repository and see if it is as awesome as it seems.

The one really nifty thing about this is that this way I could expose my repository to people I know and trust simply by adding their ssh pubkey, without having to worry about giving them a shell on the server. Very cool.

Pidgin buddy pounces

Tuesday, March 17th, 2009

I’m in an ambivalent state about Pidgin, I really have no love for the “expanding input field” “feature” the developers introduced a couple of versions back. Frankly, I think it sucks and I am not alone (search for “input” on that page), which is why, when I update to a newer version, download the source, modify it to always show, and ONLY show, four lines of text. No expanding, manual or automatic. Hard coded. I find that to be better than the alternative. My opinion is simply that the developers could have handled that issue much better.

But, Pidgin is not all suck. Far from it actually. Take the buddy pounce system for instance. That is a work of pure genius. There are so many options available! Your imagination is the limiting factor here.

Pidgin buddy pounce window

Pidgin buddy pounce window (click for full size)

Other than the devilishly annoying game you can play with other people by having  Pidgin send them a message as they start typing to you (preempting them), or return a message when you status is away and they have just sent a message.  But all this fades in comparison once you look at what options I have checked in the screenshot. When a user comes online, execute a command. I tested this, my Python script ran perfectly.

So what then could you do with this? You could turn Pidgin into a computer remote control (although I would probably advise against it) by doing something along these lines:

  1. Register a new account, and set it up to always be online on the computer to be remotely controlled
  2. Add your normal user to the contact list of the new user (disallow anyone else, for security reasons)
  3. Set up a buddy pounce for this new account, so that anytime a message is sent to it a script is executed, which reads the last line in the latest log-file for that account
  4. Do a little parsing perhaps, and then execute whatever command was sent in the message

I don’t think that I would ever use it for that, I have SSH for such things. But another thing one might do, is to create a second account, add it to the contact-list of the primary account, and have the primary account pounce when the new account sign on. And the executed command could be something as simple as opening a port in the firewall on the home computer. There would of course need to be a pounce for when the user sign off as well, to close the hole.

One could probably do something more advanced as well since, through the application, you can access databases, and thus can synchronize data over several users (what I’m thinking is that executing the same pounce for several users will mean that a command (inside the script being run for each of the users) can be executed when all of the users are online, offline or whatever, but otherwise do nothing. As I said, my/your imagination is the limiting factor here.

I’m not sure how “robust” (or fragile) the command execution is, if you have to return a value to Pidgin at end of execution, but I had my Python script terminate with a sys.exit(0) just to be on the safe side.