I'm currently setting up a new PXE-boot environment which uses docker for serving DHCP and TFTPD, which is my first "real" usage of any note. It is fun, although I now discover I'm not alone in using docker for this purpose.
Otherwise life is good, and my blog-spam detection service recently broke through the 11 million-rejected-comment barrier. The Wordpress Plugin is seeing a fair amount of use, which is encouraging - but more reviews would be nice ;)
I could write about work, I've not done that since changing job, but I'm waiting for something disruptive to happen first..
ObQuote: Dune. (film)
My desktop boxen are getting on. Over a year ago I started to think about replacing at least one of them: Twin Dilema. The boxen are even older now, really feeling the strain and I've still not done anything about it...
This autumn I ripped the hard-disk out of an old Sky+ box I had, and put that into my desktop PC. It is faster and larger than the original drive and as a result has bought some life back into my PC. However the writing is on the wall and it will need replacing this year.
Since I last thought about this, I have managed to get the gas boiler replaced and have the ancient windows done. That did cost a fortune, a lot more than the £1k of a decent desktop, but I will get some of that back in reduced energy bills. It looks like a ~ 10% reduction at the moment. If you assume a 10% annual energy inflation that adds up to a total saving over 30 years of around £16.5k which covers the cost of the boiler but not the windows and doors.
Here we are again, another year, another dissatisfying look at what options I have for local photo management.
Here’s what I do now:
The question is how to improve that experience?
I can’t run F-Spot on multiple computers because it stores its SQLite database locally and even if the database file were synced between hosts or kept on the fileserver it would still need the exact same version of F-Spot on every machine, which is not feasible — my laptop and desktop already run different releases of Ubuntu and I want to continue being able to do that.
It would be nice to be able to import photos from any machine but I can cope with it having to be done from the desktop alone. What isn’t acceptable is only being able to view them from the desktop as well. And when I say view I mean be able to search by tags and metadata, not just navigate a directory tree.
It sounds like a web application is needed, to enforce the single point of truth for tags and metadata. Are there actually any good ones that you can install yourself though? I’ve used Gallery before and was never really satisfied with ease of use or presentation.
Your-Photos-As-A-Service providers like Flickr and even to some extent Google+ and Facebook have quite nice interfaces, but I worry about spending many hours adding tags and metadata, not bothering to back it all up, and then one day the service shuts down or changes in ways I don’t like.
I’m normally quite good about backing things up but the key to backups is to make them easy and automatic. From what I can see these service providers either don’t provide a backup facility or else it’s quite inconvenient, e.g. click a bunch of times, get a zip file of everything. Ain’t nobody got time for that, as a great philosopher once wrote.
So.. yeah.. What do you do about it?
That’s right, it’s my end of year round up! I am running the risk that nothing significant or amazing will happen to me in the next 24 hours, I know. I’ve trawled through tweets and blogs and reminded myself of the fantastic, crazy things that have happened this year. Here are just some of them, in no particular order.
There are some things I’ve done this year that have been really, really special. But I just can’t tell you about them. Sorry! They really were among the highlights of my year though.
I’ve got a feeling that 2014 will be very special too. Have a great new year….Pin It
Every Summer, I wish for a pair of sandals that are comfortable but have some style so that they can feel a bit smart as well as casual. And I’m rubbish at finding them – I don’t really like shoe-shopping at all, which doesn’t help. Enter MOHOP sandals.
I was browsing Kickstarter projects over Christmas and came across the MOHOP sandals project. Basically, you get a pair of sandal bases, some ribbon, and some design cards. You then thread the ribbons on the bases according to the design cards (or your imagination). The bases are flexible with wooden heels and are suitable for vegans and people with a range of other ethical shopping goals (inc, if you’re from the US, made in the US).
(Although the bases shown have high heels, they’re also available as flats or different heights of heel.)
They’ve apparently been going for some time (at mohop.com and on Etsy) but were struggling to meet demand. They’re taking the Kickstarter route to fund expanding their production capabilities (inc creating local jobs).
I think the sandals are a great idea. They’re fun to look at, comfy to wear (according to the reviews), and infinitely re-designable, which appeals to my crafty side. You can thread decorations on to the ribbon or replace the ribbons completely with strips of sari, shoelaces, or anything else that occurs to you.
At the moment, the cheapest pair is $45 for a pair of flats (though there are lower-cost ‘perks’ available if you just want to contribute without buying any shoes). I’ve gone for the $100 ones that have low heels. They’re looking for $50,000 of funding by the 25th January so that they can open their new production place. They’ve got some way to go yet so if you like the look of them, consider supporting this cool idea!
Here’s their video about manufacturing their shoes:
This week my small collection of sysadmin tools received a lot of attention; I've no idea what triggered it, but it ended up on the front-page of github as a "trending repository".
Otherwise I've recently spent some time "playing about" with some security stuff. My first recent report wasn't deemed worthy of a security update, but it was still a fun one. From the package description rush is described as:
GNU Rush is a restricted shell designed for sites providing only limited access to resources for remote users. The main binary executable is configurable as a user login shell, intended for users that only are allowed remote login to the system at hand.
As the description says this is primarily intended for use by remote users, but if it is installed locally you can read "any file" on the local system.
How? Well the program is setuid(root) and allows you to specify an arbitrary configuration file as input. The very very first thing I tried to do with this program was feed it an invalid and unreadable-to-me configuration file.
Helpfully there is a debugging option you can add --lint to help you setup the software. Using it is as simple as:shelob ~ $ rush --lint /etc/shadow rush: Info: /etc/shadow:1: unknown statement: root:$6$zwJQWKVo$ofoV2xwfsff...Mxo/:15884:0:99999:7::: rush: Info: /etc/shadow:2: unknown statement: daemon:*:15884:0:99999:7::: rush: Info: /etc/shadow:3: unknown statement: bin:*:15884:0:99999:7::: rush: Info: /etc/shadow:4: unknown statement: sys:*:15884:0:99999:7::: ..
The only mitigating factor here is that only the first token on the line is reported - In this case we've exposed /etc/shadow which doesn't contain whitespace for the interesting users, so it's enough to start cracking those password hashes.
If you maintain a setuid binary you must be trying things like this.
If you maintain a setuid binary you must be confident in the codebase.
People will be happy to stress-test, audit, examine, and help you - just ask.
Simple security issues like this are frankly embarassing.