October 15, 2007
An article at torrentfreak.com hit the front pages of reddit and Digg recently, showing how to tunnel Bittorrent over an SSH connection. As a sys admin, loud bells began going off in my head. If I’m providing a free shell account to you, do you think I was counting on all your Bittorrent traffic adding to my bandwidth bills?
Unless you own both sides of the tunnel created or have permission to do this, don’t use this technique for Bittorrent!
I’m all for freedom of speech and net neutrality. I’m also against filtering out or throttling different kinds of traffic to consumers. But please, think of the admins and server owners. When they get their huge bandwidth bills because of this, don’t be surprised to see them discontinue free accounts or limit traffic with a firewall.
Also keep in mind that any traffic proxied this way is essentially doubling the traffic to the server. A 1GB file sent in this manner = more than 2GB of traffic in and out of the server’s interface.
Posted in blog entries 
34 Comments »
October 13, 2007
I support Windows users at my office, so I also have an instance of Windows in Parallels. I fire it up pretty infrequently, so I’m used to seeing update notifications as there’s usually one waiting each time I log in. The one I saw today caught me off guard, though:
How bout that! Sun is not only advertising OpenOffice to all Java users, but they’re promoting OpenOffice over their own StarOffice! This could do wonders for adoption across Windows users.
Posted in blog entries 2 Comments »
October 11, 2007
wget is one of my favorite tools in *nix land. Sometimes you want to convert a dynamic site to html. Sometimes, you want to download all the rpm, deb, iso, or tgz files in a directory. Other times, you just want to create an archive. wget does it all!
Here are some of my favorite wget command options, and what they do:
$ wget -r -np -nd http://example.com/packages/
This little gem is probably my most used variation. It will download all files in the /packages/ directory on example.com — without traversing up to parent directories (-np), and without recreating the directory structure on your machine (-nd).
$ wget -r -np -nd --accept=iso http://example.com/centos-5/i386/
Adding the –accept argument with a list of file extensions (comma separated) will grab only those files ending in the specified extension.
Another way to grab just the files you want:
$ wget -i filename.txt
Put all the desired urls in filename.txt and run wget against it to download a list of files automatically.
On a bad connection?
$ wget -c http://example.com/really-big-file.iso
The “-c” option tells wget to continue and retry until it has completed downloading.
wget -m -k (-H) http://www.example.com/
Mirror a site, converting its links to work locally, so that you can move the site to another server. Use the ‘-H’ option if images are loaded from another site.
Another useful tool for mirroring websites is httrack. I blogged about it a couple of weeks ago here.
Posted in blog entries 15 Comments »
October 4, 2007
I think we can all admit that Google is known for being smart. They’re also known for great web apps, search, and pioneering context sensitive ads online. Their Gmail service is no exception; any geek worth their salt has a gmail.com address, and most of us love it.
There are few drawbacks to Google’s mail service, but among those few problems is a giant elephant in the corner — no IMAP access. It’s such a seemingly glaring oversight, yet most people don’t stop to think about it, saying “they offer POP; isn’t that good enough?” Anyone who has tried to sync multiple machines with email knows how bad POP can be in this situation. They also know how slow it is and how IMAP utterly destroys it in terms of features. So why would Google, king of simplicity and revered by web users the world over restrict us to POP or their web client?
Simple: Google wants you on the web. Period. POP is provided merely as a backup mechanism to satisfy those who cry insecurity at the thought of trusting their email to a totally third party service. We’ll never see IMAP though, for these reasons:
- Google wants you viewing their ads. Context sensitivity with email is a great asset for them. Letting you view your mail in an external IMAP client eliminates this revenue stream.
- Moving you away from a ‘thick client’ helps move you towards all of Google’s other services. This is one way to pry Outlook and Thunderbird-like apps from your hands and ease you into using the web for everything.
- IMAP would be expensive. Think of all the people who would drop using the Gmail interface in favor of their favorite IMAP client. Now imagine the bandwidth crush this would put on their servers, lacking the shield of the web front end and ajax support. Using their web client allows them to control the amount of bandwidth, connections, and behavior of their users.
Sorry to say, but we’ll probably never see a Gmail IMAP option. For those of us truly wanting for it, however, there are options like this.
[edit]
UPDATE: Google has released IMAP for Gmail! I’m eating my hat 
Posted in blog entries 7 Comments »
October 1, 2007
This sign is a little understated. I can’t think of a single thing it doesn’t pertain to. It’s an old mantra, but I found it especially relevant in sign form at a local motorcycle shop. Enjoy!
Posted in images 24 Comments »
September 28, 2007
Someone asked me again today what would happen if you ran a virtual machine inside another virtual machine. I pointed them here, and decided it might be time to revisit this again. So here we go – Why? Because we can!
Anyone familiar with virtualization technologies has wondered about it. There’s XEN, Qemu, VMWare, VirtualPC and VirtualServer, to name a few — but what happens when you run one inside the other? A Virtual Machine inside a Virtual Machine! I have Vista Business installed in a VMware virtual machine. Ubuntu Feisty 7.04 is the host OS — I decided to try to install VMware Server inside the Vista virtual machine… Well, the results aren’t exactly exciting. VMware’s error message:
Clearly, VMware in VMware isn’t going to work (at least not with a Windows guest). So, I’ll try a different approach. How about Slackware 11 under VMware, and then
Damn Small Linux under
QEMU within Slackware? This should be a treat… Or just unbearably slow.
Eureka! It works! It’s alive! And it’s
almost usable. The only real problem is the mouse sensitivity — it’s very blocky and hard to control, but everything is there. Check out the screenshot of this machine within a machine within a machine, fully booted and at the desktop.
Posted in backtrack 2 Comments »
September 24, 2007
When working with many machines or many secure shell terminals, it can become tedious and error prone to have to type a password each time. This gets worse if you’re like many admins and have a different password for each box. Luckily, OpenSSH includes shared key authentication for passwordless ssh.
- Step One: Create a Private/Public Key pair
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mshade/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mshade/.ssh/id_rsa.
Your public key has been saved in /home/mshade/.ssh/id_rsa.pub.
The key fingerprint is:
8b:f0:81:b5:3b:61:4e:2b:39:dc:4b:02:69:03:9d:88
For truly passwordless (and passphraseless) access, just hit enter when prompted for a passphrase. You can accept the default for the locations of the keys, but note them for the next step as they can differ betwen distro and OpenSSH configuration.
- Step Two: Copy the public key to the remote servers you desire passwordless access to
$ scp .ssh/id_rsa.pub server.example.com:/home/mshade/.ssh/
mshade@server.example.com's password:
id_rsa.pub 100% 394 0.4KB/s 00:00
Replace
.ssh/id_rsa.pub with the location of your
public key, and the remote server for our example server. Also personalize your username, of course.
Unless you’re my evil twin. If the
.ssh directory doesn’t yet exist on the remote server, you’ll get an error. Never fear, simply remove that portion of the path to copy it to your home. We’ll deal with that in our next step.
- Step Three: Add our public key to the authorized_keys file on the remote machine
For this step, open a session on the remote machine.
$ ssh server.example.com
And then, we add the key to
authorized_keys and secure our .ssh subdirectory. Create
.ssh if it does not yet exist.
$ cd .ssh
$ cat id_rsa.pub >> authorized_keys
$ rm id_rsa.pub
$ chmod 700 .
$ chmod 600 authorized_keys
Note: Some versions of OpenSSH will not allow passwordless authentication if permissions are too relaxed on the .ssh
directory or authorized_keys
file. If this isn’t working for you, check permissions first.
That’s it! You should now be able to simply execute
ssh server.example.com and have an open session with no password. If you’re still prompted for a password, here are some things to troubleshoot.
I’m still prompted for a password!
Things to check:
- Did you enter a blank passphrase (hit enter) when you created your key?
- Does the server allow passwordless authentication? To check, look for these directives in /etc/ssh/sshd_config. This file may lay elsewhere on your filesystem, and you will probably need root access to view it.
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
– Are your permissions correct on
.ssh and
.ssh/authorized_keys? They should be 700 (
-rwx——) for
.ssh and 600 (
-rw——-) for
authorized_keys.
- Are you connecting as the same user on the remote machine? If not, simply substitute the remote user at the time you copy
id_rsa.pub to the remote machine. Like so:
$ scp .ssh/id_rsa.pub otheruser@server.example.com:/home/otheruser/.ssh/
Questions? Comments?
A more in depth look at public key authentication can be found at
this IBM resource.
Posted in blog entries 4 Comments »
September 23, 2007
I like my digicam quite a lot; its a Canon Powershot A630. It doesn’t have all the bells and whistles possible, but it’s a nice little piece that takes decent photos. I’m also a distro hopper, and as such reinstall my operating system every once in a while to try something new. I find I keep going back to Slackware. It’s what I cut my teeth on, and it’s what I know best. Alas, Slackware doesn’t interface with my digicam without additional software.
The Powershot is one of many cameras that don’t appear as a USB Mass Storage device to the computer. This complicates things because you need a separate piece of software to communicate and download the photos. Luckily, it does use a rather standard protocol called PTP which is easily accessible using gphoto2.
If your distro doesn’t support PTP cameras out of the box, you’ll want to install this package. Necessary items (on Slackware, anyway) are libgphoto2 and gphoto2 itself. Both are available on gphoto2′s Sourceforge download page, linked from the main site.
Once compiled and installed (standard method of ./configure && make && su -c ‘make install’), you can detect the camera by issuing the following command.
mshade@gobot:~$ sudo gphoto2 --auto-detect
Model Port
----------------------------------------------------------
Canon PowerShot A630 (PTP mode) usb:
There you have it! The device is detected automagically by gphoto2. To download all pictures from the camera to the current directory, issue this command:
mshade@gobot:~/pics$ gphoto2 -P
Voila. Digicams on Slackware made easy.
Posted in blog entries Comments Off
September 18, 2007
Hardy Heron? C’mon… Let’s get ridiculous! I put together this quick form to keep track of other ridiculous Ubuntu code names. Add your own here!
Posted in blog entries 1 Comment »
September 17, 2007
I wanted to set up a separate VirtualHost just to access my AWstats pages, rather than using the standard method of hostname.com/awstats/awstats.pl.
Two advantages:
- Can lock down a single vhost with htaccess
- Less typing, leaving you with a kind of ‘stats dashboard’ to see all your virtual host statistics.
I also pulled the awstats apache directives from the general httpd.conf, and added them to the stats VirtualHost in order to consolidate access and prevent “stats fishing” of my other sites.
Enjoy!
Awstats Listing Dashboard
Posted in Snippets 1 Comment »
content rss
Recent Comments