News aggregator

Steve Kemp: The perils of the cloud..

Planet HantsLUG - Fri, 20/06/2014 - 13:18

Recently two companies have suffed problems due to compromised AWS credentials:

  • Code Spaces
    • The company has effectively folded. Thier AWS account was compromised, and all their data and backups were deleted.
  • Bonsai
    • Within two minutes all their instances were terminated.
    • This is still live - watch updates of the recovery process.

I'm just about to commit to using Amazon for hosting DNS for paying customers, so this is the kind of thing that makes me paranoid.

I'll be storing DNS-data in Git, and if the zones were nuked on the Amazon-side I could re-upload them, but users would be dead regardless - because they'd need to update the nameservers in whois before the re-uploaded data would be useful.

I suspect I need to upload to two DNS providers, to get more redundency.

Currently I have a working system which allows me to push DNS records to a Git repository, and that seamlessly triggers a DNS update (i.e. A webhook trigged by github/bitbucket/whatever).

Before I publish anything I need to write more code, more documentation, and agree on pricing details. Then I'll setup a landing-page at http://dns-api.com/.

I've been challenged to find paying customers before launching, and thus far have two, which is positive.

The DHCP.io site has now been freed. I'm no longer going to try to commercialize it, instead I will only offer the Git-based product as a commercial service. On that basis I upped the service so users could manage up to five names per account, more if you mail me privately and beg ;)

(ObRandom: Google does hosted DNS with an API. They're expensive. I'm surprised I'd not heard of them doing this.)

Categories: LUG Community Blogs

Martin Wimpress: MATE Desktop on Debian Wheezy

Planet HantsLUG - Thu, 19/06/2014 - 22:00

I'm a member of the MATE Desktop team and until recently the majority of my involvement has been focused around Arch Linux.

However, I'm working on a MATE project that is based on a Debian derivative. MATE has recently been accepted into the Debian Backports repository for Wheezy, so I decided to do a "MATE from scratch" on Debian using an old netbook to get familiar with the MATE package naming differences between Arch Linux and Debian.

Install Debian

I installed Debian Wheezy from the netinst ISO to ensure the target install was as minimal as possible. I went with the defaults until the 'Software selection' dialogue, at this point unselect everything except "SSH server". Like this:

[ ] Debian desktop environment [ ] Web server [ ] Print server [ ] SQL database [ ] DNS Server [ ] File server [ ] Mail server [X] SSH server [ ] Laptop [ ] Standard system utilities Debian ISO with Firmware

If you're installing on hardware that requires additional firmware in order for it to work with Linux then use the netinst ISO that includes firmware.

Configure Debian

When the install is finished, reboot and configure Debian a little.

Repositories

You'll need to install lsb-release for the following to work.

apt-get install lsb-release

This is what I put in /etc/apt/sources.list.

cat >/etc/apt/sources.list<<EOF deb http://ftp.uk.debian.org/debian/ $(lsb_release -cs) main contrib non-free deb-src http://ftp.uk.debian.org/debian/ $(lsb_release -cs) main contrib non-free deb http://security.debian.org/ $(lsb_release -cs)/updates main contrib non-free deb-src http://security.debian.org/ $(lsb_release -cs)/updates main contrib non-free # $(lsb_release -cs)-updates, previously known as 'volatile' deb http://ftp.uk.debian.org/debian/ $(lsb_release -cs)-updates main contrib non-free deb-src http://ftp.uk.debian.org/debian/ $(lsb_release -cs)-updates main contrib non-free EOF Backports

MATE is only available in the wheezy-backports repository.

cat >/etc/apt/sources.list.d/backports.list <<EOF deb http://ftp.uk.debian.org/debian $(lsb_release -cs)-backports main contrib non-free deb-src http://ftp.uk.debian.org/debian $(lsb_release -cs)-backports main contrib non-free EOF

Update.

sudo apt-get update

All backports are deactivated by default (i.e. the packages are pinned to 100 by using ButAutomaticUpgrades: yes in the Release files. If you want to install something from backports run:

apt-get -t wheezy-backports install "package" Install MATE Desktop

First install the LightDM display manager.

apt-get install accountsservice lightdm lightdm-gtk-greeter

Now for the MATE Desktop itself.

apt-get -t wheezy-backports install mate-desktop-environment-extras NetworkManager

I typically use NetworkManager, so lets install that too.

apt-get install network-manager-gnome Supplementary

Depending on your hardware you may require CPU frequency utilities or additional firmware.

apt-get install cpufreqd cpufrequtil firmware-linux firmware-linux-nonfree

And, that's it! Reboot and you'll see the LightDM greeter waiting for your login credentials.

References
Categories: LUG Community Blogs

Steve Engledow (stilvoid): tmux

Planet ALUG - Tue, 17/06/2014 - 11:19

tmux is the best thing ever. That is all.

No, that is not all. Here is how I make use of tmux to make my life measurably more awesome:

First, my .tmux.conf. This changes tmux's ctrl-b magic key binding to ctrl-a as I've grown far too used to hitting that from when I used screen. I set up a few other screen-like bindings too. Finally, I set a few options that make tmux work better with urxvt.

# Set the prefix to ^A. unbind C-b set -g prefix ^A bind a send-prefix # Bind c to new-window unbind c bind c new-window -c $PWD # Bind space, n to next-window unbind " " bind " " next-window unbind n bind n next-window # Bind p to previous-window unbind p bind p previous-window # A few other settings to make things funky set -g status off set -g aggressive-resize on set -g mode-keys vi set -g default-terminal screen-256color set -g terminal-overrides 'rxvt-unicode*:sitm@'

And then here's what I have near the top of my .bashrc:

# If tmux isn't already running, run it [ -z "$TMUX" ] && exec ~/bin/tmux

...which goes with this, the contents of ~/bin/tmux:

#!/bin/bash # If there are any sessions that aren't attached, attach to the first one # Otherwise, start a new session for line in $(tmux ls -F "#{session_name},#{session_attached}"); do name=$(echo $line | cut -d ',' -f 1) attached=$(echo $line | cut -d ',' -f 2) if [ $attached -eq 0 ]; then tmux attach -t $name exit fi done tmux -u

Basically, what happens is that whenever I start a terminal session, if I'm not already attached to a tmux session, I find a session that's not already attached to and attach to it. If there aren't any, I create a new one.

This really tidies up my workflow and means that I never forget about any old sessions I'd detached.

Oh and one last thing, ctrl-a s is the best thing in tmux ever. It shows a list of tmux sessions which can be expanded to show what's running in them and you can then interactively re-attach your terminal to one of them. In short, I can start a terminal from any desktop or vt and quickly attach to something that's happening on any other. I use this feature a lot.

Categories: LUG Community Blogs

Steve Kemp: DNS is now resolved

Planet HantsLUG - Tue, 17/06/2014 - 10:13

I used to work for Bytemark, being a sysadmin and sometimes handling support requests from end-users, along with their clients.

One thing that never got old was marking DNS-related tickets as "resolved", or managing to slip that word into replies.

Similarly being married to a Finnish woman you'd be amazed how often Finnish and Finished become interchangable.

Anyway that's enough pun-discussion.

Over the past few days I've, obviously, been playing with DNS. There are two public results:

DHCP.io

This is my simple Dynamic-DNS host, which has now picked up a few users.

I posted a token on previous entry, and I've had fun seeing how people keep changing the IP address of the host skx.dhcp.io.. I should revoke the token and actually claim the name - but to be honest it is more fun seeing it update.

What is most interesting is that I can see it being used for real - I see from the access logs some people have actually scheduled curl to run on an hourly basis. Neat.

DNS-API.org

This is a simple lookup utility, allowing queries to be made, such as:

Of the two sites this is perhaps the most useful, but again I expect it isn't unique.

That about wraps things up for the moment. It may well be the case that in the future there is some Git + DNS + Amazon integration for DNS-hosting, but I'm going to leave it alone for the moment.

Despite writing about DNS several times in the past the only reason this flurry of activity arose is that I'm hacking some Amazon & CPanel integration at the moment - and I wanted to experiment with Amazon's API some more.

So, we'll mark this activity as resolved, and I shall go make some coffee now this entry is Finnish.

ObRandomUpdate: At least there was a productive side-effect here - I created/uploaded to CPAN CGI::Application::Plugin::Throttle.

Categories: LUG Community Blogs

David Goodwin: Automated twitter compilation up to 16 June 2014

Planet WolvesLUG - Mon, 16/06/2014 - 16:22

Arbitrary tweets made by TheGingerDog up to 16 June 2014

2014/06/15

  • RT Proud my 8yo girl failed this worksheet. Wish she had failed it even “worse.” #GenderBias
  • 2012/11/03

  • RT #PHP devs. Please satisfy my curiosity and let me know about the frameworks you’ve used recently. Ta. https://twtpoll.com/gw7zecvn991qaxj (plz RT) 2014/06/15
  • RT Best banner at the World Cup so far
  • 2014/06/14

  • RT RT if you believe in freedom & democracy. #Falklands #LiberationDay
  • 2014/06/14

  • RT WordFriday: crosspathy
  • Attempt to pass homeopathy off as credible by combining it with empirically valid medicine.

    https://www.facebook.com/WordFriday/posts/637531733001454

    2014/06/13
  • And back home. Zzzz. Bromsgrove 2014/06/12
  • And now. Time to catch a plane. #snackTime Cyprus 2014/06/11
  • Thankfully I don’t use tweetdeck. Cyprus 2014/06/11
  • RT “US invasion and occupation cost Washington close to a trillion dollars ” – www.theguardian.com/world/2014/jun/11/mosul-isis-gunmen-middle-east-states enough to address climate change… #iraq 2014/06/11
  • RT #Iraq army capitulates to Isis militants in four cities – www.theguardian.com/world/2014/jun/11/mosul-isis-gunmen-middle-east-states what a disaster…well done, Bush and Blair… 2014/06/11
  • RT Twitter worms are so 2011. 2014/06/11
  • RT Tweetdeck XSS flaw leaves users vulnerable to account hijacking bit.ly/1lcEUK8 2014/06/11
  • RT HOW MUCH PIZZA AND COKE DO I HAVE TO FEED YOU NERDS BEFORE YOU SHUT UP ABOUT 80 HOUR WEEKS 2014/03/26
  • RT If one searches for CityLink on Google right now, you get this rather marvellously off message cartoon.
  • 2014/06/10

  • This morning we saw some Roman ruins and a Byzantine castle (mosaics etc)
  • Cyprus 2014/06/10

  • Oh Jesus. It’s raining men ! Cyprus 2014/06/08
  • It’s fun to stay at the YMCA …. You can get yourself clean. You can have a good meal …. Cyprus 2014/06/08
  • Wedding time.
  • Cyprus 2014/06/08

  • RT
  • 2014/06/07

  • The sun lounger things have already been stolen.
  • Cyprus 2014/06/08

  • It is dark early here. #landed Cyprus 2014/06/07
  • Our trusty steed for the next few hours.
  • Solihull 2014/06/07

  • RT Did… Did MongoDB just kill itself because it couldn’t rotate its log file? It did! It fucking did! 2014/06/07
  • Trying to scan this qr code causes my phone to reboot. #nexus4 #android #bug
  • Solihull 2014/06/07

  • Great weather this morning.
  • We woke to continual thunder.

    I think it is time to leave the country.

    Solihull 2014/06/07

  • Airport grammar fall. #bhx
  • Solihull 2014/06/07

  • RT HTTP/1.1 just got a major update. – Evert Pot feedproxy.google.com/~r/bijsterespoor/~3/padm6aekKhA/http-11-updated 2014/06/07
  • RT I love cycling, but it does really piss me off when cyclists cruise through red lights with an arrogance & nonchalance that boils the blood! 2014/06/06
  • RT Burnout.io – Help build a resource for the IT community to combat burnout: buff.ly/S1nWmk 2014/06/06
  • It has arrived ! (@TheMikeBennett‘s awesome book).
  • Bromsgrove 2014/06/06

  • RT But for the sacrifice of many, we may not have been born free. Think of that today if nothing else. #DDay70 #DDay #LestWeForget East, United Kingdom 2014/06/06
  • RT At turned midnight 6/6/2014 my biggest worry is getting home tomorrow. 70 yrs ago many didn’t, I doubt my day will be as life changing #DDay East, United Kingdom 2014/06/06
  • Categories: LUG Community Blogs

    Surrey LUG Summer BBQ 12 July 2014

    Surrey LUG - Sun, 15/06/2014 - 15:20
    Start: 2014-07-12 11:00 End: 2014-07-12 11:00 BBQ

    Yes, it's summer time, get ready for almost raw i/o, or slightly cooked!

    Categories: LUG Community Blogs

    Steve Kemp: So here's a proof of concept

    Planet HantsLUG - Sat, 14/06/2014 - 17:35

    The simplest possible DNS-based service which I could write to explore Amazon's DNS offering has to be dynamic DNS, so I set one up..

    The record skx.dhcp.io can be updated to point to your current IP by running:

    curl http://dhcp.io/set/efa6961c-f3dd-11e3-955b-00163e0816a2

    Or to a fixed IP:

    curl http://dhcp.io/set/efa6961c-f3dd-11e3-955b-00163e0816a2/1.2.3.4

    The code is modular and pretty nice, and the Amazon integration is simple.

    (Although I need to write code to allow users to sign-up. I'll do that if it seems useful, I suspect there are already enough free ddns providers out there - though I might be the first to support IPv6 when I commit my next chunk of work!)

    Categories: LUG Community Blogs

    Steve Engledow (stilvoid): Simple mail transfer pondering

    Planet ALUG - Sat, 14/06/2014 - 01:54

    tl;dr I like the MIT license, mutt, tagging things, and synchronising my data between my devices.

    Simplicity

    As I meander through my life and career, one thing stands out as becoming more and more important as time goes by; I've noticed a definite trend in myself towards desiring simplicity above all else.

    When I say that, I don't mean that I have a hankering to live in a cave and subsist on fruit. I like the complicated things that my life involves but I increasingly like to deal with them in simple ways. I find that I don't have the appetite or inclination to see an argument through nor the patience for dealing with irrationality; I'll just state my case clearly and succinctly and step away until everyone has calmed down and can accept my point.

    When it comes to code, the difference is clear. If starting something new, I'll write down a set of features I want then refine them until I have a clear idea of how the system works before writing a single line of code. If I'm brave, I'll embrace TDD. In the old days, I'd get a vague idea in my head and design the rest in my head while I'm churning out code.

    Recently, as an example, I refactored someone else's code from a general-purpose, multi-featured single class into several small functions that are individually very short and meaningful and all hang together to perform just the required behaviour and nothing else.

    This all leads me deeper and deeper into the Unix philosophy (of which I've always been a fan) of having lots of tools that each do one thing well that can be combined in any way necessary. Which leads me into deeper and deeper suspicion of the GNU environment (see my rant about netcat). I'm not saying GNU is bad, it's just that I'm less immediately bought into the GNU way being always the right way.

    Related to my bent for simplicity, I choose to license the things I write under the MIT license these days where I'd previously chosen the GPL. Socialism is a nice ideal but in practice it's just too complex to work as intended. Both benevolent dictatorship and co-operative anarchy are much simpler and seem far more likely to result in a better society (though not both at once ;)). I guess that sums up how I feel about the GPL these days. #cueflamewar

    Discoveries

    With apologies to the Linux Voice crew, here are a few discoveries I've made recently:

    offlineimap

    I don't know why I hadn't investigated this before but offlineimap has recently made dealing with my email much more bearable. For years I've been switching between various GUI clients and in recent months I'd decided to switch to mutt and make a real go of it. I've been enjoying mutt but not it's in-built IMAP support. Offlineimap means I don't have to care about mutt's weaknesses and I can just focus on its strengths as the best client for reading, replying to, sorting, and above all deleting email :)

    notmuch

    On a very related note, I also discovered notmuch which is a tool for indexing and tagging a collection of email. I'm now using mutt-kz (because it integrates with notmuch) to sort my email into (virtual) folders based on tags that I apply both through hooks in offlineimap and in the course of dealing manually with my email. Notmuch also makes it very easy to find old emails when I need to refer back to something.

    syncthing

    I've never been very good at backups. I've never had the patience to set up something robust and to ensure that the right things will be plugged in to the right machines and that they'll be at the right network locations at the right times based on a carefully designed backup schedule. Because of my crappy attitude I've lost some precious data in the past.

    Through the Bad Voltage podcast, I discoverd Syncthing which is sort of like a replacement for dropbox except that it synchronises folders between your own machines rather than between your machine(s) and a (possibly evil) server.

    To summarise how it works, once you've got the service running on two machines, you copy the ID from each to the other and then specify repositories which are just directories that you give a shared name so that machine A can store files from the "Photos" repository in one place while machine B stores them in another place. Adding extra machines to the network is easy and each repository can be configured to share with any number of the machines in your network.

    My current set up is:

    Machines:

    • Home desktop machine (media server)

    • Work laptop

    • Linode VPS (where this blog is hosted)

    • My Nexus 4 phone

    Repositories:

    • One with an eCryptfs folder where I store private keys and the like - shared between my desktop, laptop, and VPS

    • podcasts - my VPS downloads podcasts into this folder directly from RSS feeds and synchronises to my laptop and phone

    • photos - synced between my desktop, VPS and laptop because I want to make sure I never lose them

    It's incredibly simple to use and configure and thus far, it works very well and gives me just what I needed.

    Categories: LUG Community Blogs
    Syndicate content