Split a file across multiple CDs or DVDs on Linux

Posted: 13 January 2011 | Author: fourstar | Filed under: productivity, ubuntu | Tags: command line | Leave a comment »

Okay, so you very likely have the ‘split’ utility installed (it’s in the GNU coreutils package, so… very likely). If you want to burn a file to multiple media, but you don’t have kdar installed on your desktop… don’t worry about it. Just open a terminal and do:
$ split --bytes=600MB --numeric-suffixes filename.zip filename_part_
In my case, I have a 2.8GB file, but I only have 700MB CDs on hand for my burner. So this command will ensure that I get several 600 “megabyte” (1000 bytes * 1000) pieces, named “filename_part_00,” “filename_part_01,” and “filename_part_02,” et cetera.

User-friendly PKI: not yet

Posted: 12 November 2010 | Author: fourstar | Filed under: security | Tags: gpg, pgp, pki, privacy, security | Leave a comment »

Public-key infrastructure is great. When it works, you can be quite sure that you are communicating with whom you want to communicate, and you can even communicate securely if you wish. Alice and Clare can send each other mail, and Bob won’t be able to sneak in there and read it.

It’s supremely easy for Alice to create a private key, and publish her public key to a keyserver. “That’s it?” she thinks, with a leap of her heart. “Wow! It’s so easy!”

Let’s fast-forward a bit.

For a while, Alice and Clare have fun sending encrypted messages back and forth. They find a plug-in to send encrypted mail through their GMail accounts (FireGPG), and that’s useful for a while, although oops, the developer discontinues GMail support. But they can still use other clients, and they do so.

Things are hunky-dory for a while.

Then one day Alice upgrades her computer, and she forgets to migrate her private key over to the new box. She doesn’t have her passphrase at hand, of course, because she had her e-mail client save it for her; she had it on a sticky note so she only had to look it up once in a while.

“Oh, well,” thinks Alice. “I’ll just create a new public key.”

Oops. Is this user-friendly?

Now Alice has a PGP key sitting out there on a keyserver. She can’t use it because she doesn’t have the equivalent private key. She can’t revoke it because she didn’t think it was that important to create a revocation certificate at the time and save it. Someone told her to do that once. “Don’t save it in the cloud, but on a disk that would never lose its data and could never be compromised. Then lock it away in a safe in your basement. You did make sure your basement was a Faraday cage, didn’t you?”

PKI is such a useful, powerful tool. But… it’s still very easy to screw up and cause lasting damage, though. I guess it’s like a “Hole Hawg,” an apt comparison to other powerful technologies, as noted by Neal Stephenson.

There IS an option for Alice. She can create a new key, with a user ID like: “only use this key. That other one is bad,” and then get all her friends to sign the new key. There are other techniques, but that’s pretty much as close as she’s going to get.

Questions like this in security-related topics interest me: If it’s easier to use, will more people use it? And if it’s more widely used, will that increase its relevance?

Are distractible people more creative?

Posted: 12 October 2010 | Author: fourstar | Filed under: productivity | Tags: creativity, focus, self-discipline | Leave a comment »

Are Distractible People More Creative? Jonah Lehrer, Wired Science

He says it right: “We need to be ruthless about throwing out the useless stuff.”

How do great authors write? And great painters paint? They focus. Distraction might flit an idea in your face, but it doesn’t have the power to lead anyone to great production. Just more distraction and dissipation.

Discipline, however, plays a much greater role:

“I write when I am inspired. Fortunately inspiration strikes every morning at 9 a.m. sharp.”
- Somerset Maugham

Bash pipe fun

Posted: 16 September 2010 | Author: fourstar | Filed under: productivity | Tags: bash, command line, linux | 1 Comment »

How about “recursively look at a log of hostnames used to request my site content. Sort them and ensure that only unique ip address and hostname combinations are counted. Find how many use my ‘.biz’ hostname to land on my site”:

I wasn’t sure which commands would be most processor-intensive, so I used “nice” liberally.

Apache custom logging

Posted: 31 August 2010 | Author: fourstar | Filed under: system administration | Tags: apache, bash, command line, linux, system administration, web analytics | Leave a comment »

Aren’t you interested in seeing what requests users, bots, or script kiddies make of your site, especially those things that client-side JavaScript-based analytics packages don’t tell you?

Under Apache, custom logging can give you lots of information you might not have seen otherwise. I’ll let the documentation for Apache’s mod_log_config say most of this, but as a quick preview, you could try defining a custom log format up near the top of your httpd.conf with

LogFormat "%a %t %{Host}i \"%r\"" hostlog

for example, then in all of your Directory containers, you could do

CustomLog logs/forest-monsen-site-host-log hostlog

Then, in my case, /var/log/httpd/forest-monsen-site-host-log would contain lines like
192.168.0.3 [31/Aug/2010:08:53:24 -0500] www.forestmonsen.com "GET /aggregator/sources/2 HTTP/1.0" 192.168.0.5 [31/Aug/2010:08:53:24 -0500] www.forestmonsen.org "GET /images/house.gif HTTP/1.1"

And I’d be able to tell which hostname was originally requested by the user — before any of my mod_rewrite rules got to it. Good stuff.

The opposite of love is being in a rush

Posted: 27 July 2010 | Author: fourstar | Filed under: productivity | Tags: love, multitasking, peace, slowing down | Leave a comment »

After reading all of this article, I understand this to mean “Multitasking plus squeezing more in equals a gradual failure in our ability to love & empathize with others.”

###
“Your Brain on Computers: Hooked on Gadgets, and Paying a Mental Price“
Matt Richtel, New York Times, published 6 Jun 2010

“[Scientists] say our ability to focus is being undermined by bursts of information… While many people say multitasking makes them more productive, research shows otherwise. Heavy multitaskers actually have more trouble focusing and shutting out irrelevant information… and they experience more stress.”

I’ve been reading The Shallows by Nicholas Carr — that’s fascinating, as well.

Remove user list from Ubuntu 9.10 Karmic Koala login screen

Posted: 28 February 2010 | Author: fourstar | Filed under: ubuntu | Tags: command line | Leave a comment »

Problem: You want to login to your Ubuntu laptop without letting others shoulder surf your full name. You’d like to introduce yourself to them personally instead.

Solution: In a terminal (Applications -> Accessories -> Terminal), enter

sudo -u gdm gconftool-2 --set --type boolean /apps/gdm/simple-greeter/disable_user_list true

Type in your password when requested. You’re done.

sftp chroot jail in Ubuntu

Posted: 11 January 2010 | Author: fourstar | Filed under: system administration, ubuntu | Tags: command line, sftp, ssh, system administration, ubuntu | 9 Comments »

(Update 16 Mar 2011: Since writing this post, I’ve learned of an easier way to create this chroot jail. Newer versions of OpenSSH enable the “ChrootDirectory” configuration directive. I recommend that you take a look at George Ornbo’s tutorial on chrooting sftp users in Intrepid for the details.)

(Updated 08 Feb 2011 to reflect xplicit’s experience on Ubuntu 10.04.)

I wanted to give a buddy access to a website hosted on my box. So I tried scponly, since I only wanted to provide SFTP access to that particular directory, using a chroot jail. The steps are as follows.

Install the scponly package using Ubuntu’s APT package management system.
Use the script provided to set up your first jail and your user’s home directory. For the location of the user’s jail, give the path of the directory you want to share.
Provide a password for the new user.
Ensure that the new user has permissions to read and write all the necessary directories in your Web site.

$ sudo apt-get install scponly $ gzip -dc /usr/share/doc/scponly/setup_chroot/setup_chroot.sh.gz > /tmp/setup_chroot.sh $ cp /usr/share/doc/scponly/setup_chroot/config.h /tmp
The previous step copies the “config.h” file to help things go more smoothly, as Luke found.
$ chmod +x /tmp/setup_chroot.sh $ cd /tmp $ sudo ./setup_chroot.sh
Next we need to set the home directory for this scponly user. please note that the user's home directory MUST NOT be writeable by the scponly user. this is important so that the scponly user cannot subvert the .ssh configuration parameters. For this reason, a writeable subdirectory will be created that the scponly user can write into.

Note that I removed the /incoming subdirectory created by this script. There was no need for a separate directory for my buddy to upload files. He could have permissions over the whole site tree.

-en Username to install [scponly] bob -en home directory you wish to set for this user [/home/bob] /var/www/sites/bobsite/htdocs -en name of the writeable subdirectory [incoming]
-e creating /var/www/sites/bobsite/htdocs/incoming directory for uploading files
Your platform (Linux) does not have a platform specific setup script. This install script will attempt a best guess. If you perform customizations, please consider sending me your changes. Look to the templates in build_extras/arch. - joe at sublimation dot org
please set the password for bob: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully if you experience a warning with winscp regarding groups, please install the provided hacked out fake groups program into your chroot, like so: cp groups /var/www/sites/bobsite/htdocs/bin/groups

This script added certain directories to the site root (/var/www/sites/bobsite/htdocs). Every other directory needed to be writable by Bob. So let’s add Bob to a special group, and allow that group write access on all the website’s files.

$ sudo adduser bob www-data

We can ignore /bin, /etc, /lib and other directories added to the chroot jail (the website filesystem):

$ sudo find . \! -user root -exec chgrp www-data \{\} \; $ sudo find . \! -user root -exec chmod g+w \{\} \;

Good to go!

Server move complete

Posted: 1 January 2010 | Author: fourstar | Filed under: system administration | Tags: linux, system administration, ubuntu | Leave a comment »

I migrated a bunch of stuff from a CentOS 4 server to Ubuntu 8.04 LTS over the last couple of days.

Five websites: One Moodle and one Drupal site backed by MySQL databases, and three static sites. SSL setup.
Added some software. How can I work without vim and slocate?
Security hardening, including a service review, permissions, firewall setup, administrative access through SSH, sudo config, and Postfix with spam filtering.
Nagios server monitoring config.

I checked my work logs and decided that I did pretty well, considering I got it all done in 10 hours 35 minutes.

Set Debian or Ubuntu server timezone

Posted: 30 December 2009 | Author: fourstar | Filed under: system administration, ubuntu | Tags: command line, debian, linux, system administration, ubuntu | Leave a comment »

This one’s an easy one, from the tzselect (1) manpage:
sudo dpkg-reconfigure tzdata

Emphatic Nonsense

Forest Monsen is your host on a journey into technobabble and other emphatic nonsense.