SynergyKM
Most readers here will probably know Synergy already, it's a tool that lets you share one keyboard and mouse between two machines. The machines can run Windows, Linux, FreeBSD, OS X etc. in any combination. I don't always realize it but this little tool is as integrated into my work environment as the computers themselves, I simply could not live with out it.
Till now getting it going on the Mac was a major pain, it involved all sorts of silly files being copied by hand etc, was hard to make auto start etc. Enter SynergyKM, it's a GUI to Synergy, has a System Preferences plugin and sits nicely in the menu bar (optionally) showing your current status. It supports auto discovery of your current location via Bonjour otherwise you can just select your location like the normal network location tool on the Mac. It supports configuring both client and server mode.
Google Calculator Command Line
I have been contemplating coding up a little script that scrapes Google to write a command line to the Google calculator, seems I was beaten to it by John Bokma who wrote a nice Perl based Google calculator interface
% gc 50 usd in gbp
50 U.S. dollars = 29.105303 British pounds
Gmaps PHP Documentation
I've realized for a while now that simply announcing new versions of code that I put out listing what's changed does not really work, as a new user it would be nearly impossible to find all the posts I've made related to a specific bit of code.
I've therefore installed a copy of MoinMoin Wiki that I will use to write documentation for projects with.
The first project to get the Wiki treatment is my PHP Library for Google Maps EZ, you can find the full documentation here.
GMaps PHP version 1.2
The author of GMapEZ broke backwards compatibility with a recent change, this release will work around that. If you're maps just wouldn't display give this one a try.
There is also a new feature that lets you provide multiple extends, if you are upgrading from a previous version your config file needs to change, a new section [extends] has been added, you should also look at the sample index.php to see how to pass multiple extends to the backend.
Using this new ceature you can create one set of map data and one config file but provide different views, see my visited map showing default view and the same map with a view of just South England.
Some changes made to GMapEZ has some positive effects on my library, for one load time on maps with many points are much much faster now and there are also lots more colours to pick from.
I will be helping the GMapEZ author to produce a downloadable package containing all that is needed to self host the GMapEZ library rather than rely on his hosted version, that way I can also certify my code to work with a given version of GMapEZ.
The new version can be found here: http://www.devco.net/code/gmapsphp-current.tgz full documentation for this application can be found here
More on FreeBSD 6.0
With FreeBSD 6.0 now officially released I thought I'll go through the Release Notes and post a few of the things I found useful from it.
The release notes list a LOT of changes and I've already noted a few that isn't mentioned. This might be a easy upgrade but it's a significant mile stone.
- 80386 processors are not supported anymore.
- A new sysctl called security.jail.enforce_statfs that controls what mounts are visible in a jail, I recommend setting this to 1 if you are using nullfs to share directories that way jail users can see for themselves that certain directories are mounted read only for example.
- The IPDIVERT kernel option now causes a module to be built that is loadable at run time! Also libalias now supports being built as a kernel module.
- ipfw have a option to only match packets for a given jailid, this is now support with mpsafenet=1
- ipfw can now tag altq packets
- bsdiff(1) and bsdpatch(1) has been added for binary diffs and patching
- libarchive and therefore bsd tar now supports ISO files and ZIP files, try tar -tvzf blah.zip and tar -tvf blah.iso to see this in action, fantastic!
- Two utilities - pgrep(1) and pkill(1) has some new options, these utilities makes it easy to find and kill processes by name
- The fantastic portsnap(8) utility is now installed by default. This replaces the old cvsup method of keeping your ports tree in sync and is well worth investigating. It's been the first thing I installed on any new box for a long time, great to see it included by default.
- tcpdrop(8) has been added that enables you to reset any TCP session, very handy indeed.
- rc.d scripts can now rename network interfaces at boot time using ifconfig_fxp0_name="net0" syntax.
So that's just some of the highlights, there are loads more, and lots of work has gone in under the hood to improve threading and SMP from the 5.x branch, this should help with some concerns that were raised on the performance of 5.x series of FreeBSD.
FreeBSD 6.0 RELEASE and STABLE
A day or so ago RELENG_6_0_0_RELEASE got tagged, I also noticed that if you retrieve RELENG_6 you'll get FreeBSD 6.0 STABLE. I upgraded a few machines to STABLE and have been quite happy so far. Right now the ISO images for 6.0-RELEASE is on the Main FreeBSD FTP Server ready for the taking.
As have been announced all over FreeBSD has decided to move the friendly daemon logo to the side to get something a bit more corporate. A few days ago they announced the new logo and said they'd update the site soon.
So far the first real knock on of this change in Logo and direction is obvious the moment the install CD boots, you're greeted with this:
Any long term BSD users will immediately spot the absence of the old ASCII Art BSD Daemon. I like the new logo, but it's a sad day either way.
Friends don’t let friends use Feedster
Anyone who has been reading my blog for a while know that I've got no time for Feedster and don't mind saying so. My previous posts on this sad sad service:
- Feeds I Unsubscribed From - 19 June 2004
- Feedster - 16 October 2004
- More Feedster Sillyness - 11 November 2004
- Feedster still Sux - 3 April 2005
- Feedster Sux in Safari as well - 3 April 2005
So why do I rehash all this again now? Because if you look at those entries you'll always see someone from Feedster post about how they're improving, how I shouldn't give up on them etc, but really it's all just talk.
Tonight while trying to figure out why BSDUpdates is down I tried a Google blogs search but found little recent info, so I figured I'll give Feedster another try, big mistake.
It also had very little useful content so I'm inclined to think people just don't blog about BSDUpdates - fair enough. The problem is though Feedster is still broken!
First I do a search for 'bsdupdates' using the main feedster page, that went well and I found some stuff, then I tried the blog search button which will restrict the search to just blog posts. First there is the fact that the user experience is crap, if you do a Google search for whatever and click on one of the other search modes - like Images - it will know you searched for whatever and show you results immediately. Not feedster, no way, you have to just type your query in again.
So I type it in again, and get a page full of result, it looks like the screenshot below, all good so far.
See, next page, more results, all good there is hope for finding something useful, so I press on the next button.
Wtf? Maintenance? Seems more like their default internal server error page is claiming every problem is Maintenance related because this is not the first time I've seen it, and I don't use this service often. It's a bit like when the Underground in London says something is 'Signal Failure' it's just something they say. The real problem seems to be database related.
So back a page, reload, do the search again which gives me (immediately, right in the middle of their 'maintenance' no less) a page similar to the first one. Try the next button again to get the promised more results:
And there it is, nothing, empty page, no results. Complete. Waste. Of. Time.
If you are still using Feedster you really should be doing yourself a favor and jump ship. There are a number of competitors, I can't even list them all but here are some: Clusty, Blogdigger, Blogpulse, Daypop, Technorati, Google Blog Search, Yahoo! and many more. Natural selection on the internet is a great thing, Feedster had a chance to do it right but they didn't. The big boys will run over them, rejoice.
Portaudit Central 1.0
Portaudit is intended to run daily against your ports directory identifying known vulnerabilities against a central database. Each night it produce an email that gets sent out and requires inspection.
The problem with this is with many FreeBSD hosts the emails can just be too many and I tend not to look at them.
Portaudit Central provides a means for delivering portaudit output to a central email box which will then produce a simple HTML based report of all machines. You can view a Sample Report produced using these scripts.
The server side script will call logger(1) with some useful diagnostic messages but the lines being logged will include some variables from the environment. I developed this under exim and the environment variables it logs are set by Exim. This will still work under another MTA, the worst that will happen is you'd have some logging entries thats missing details like the sender and message id.
I've taken some steps to prevent man-in-the-middle attacks. An attacker can in theory produce a report that says you have no vulnerabilities on a host when in fact you do have some. In order to combat this a few things are done:
- Only 1 report per host per day, any reports after the first one will result in errors being logged, this should be a clear indication that you've either configured multiple clients with the same $hostname or someone is up to no good.
- Each email being sent has a very simple crypto signature, the signature is basically a MD5 hash of the body of the message and a passphrase md5(body, passphrase) this means as long as your passphrases are secure - they aren't being sent along in the email so no-one can sniff them - someone else should not be able to produce a report that will pass this check regardless of report content. Even if your passphrase gets compromised you should be alerted about tampering by the log entries produced by the duplicate checking mechanism above. As long as you monitor your log files.
I've used this system myself now for around a month and have been quite happy, but no-one else has had a look at it yet so I'd appreciate feedback if anyone use it. In the future I hope to make the output from the report generator themed, right now it's very ugly but it does what it should. I will also move to a actual configuration file rather than editing some perl variables. I'm open to other suggestions.
Version 1.0 can be downloaded here: portauditcentral-current.tgz the full documentation including installation instructions can be found at the Wiki
Truecrypt Version 4
I've previously posted about Truecrypt and mentioned how much I like it and how I'm using for my OTFE needs.
Today they released version 4 which comes with a very long list of enhancements the most significant new feature is support for Linux and binaries for a number of distributions. There are so many enhancements in this version that I won't attempt to go into much detail here the history file does a great job. If you use Truecrypt then check out the new version today.
Sharing Directories between Jails using nullfs
I run a number of jail on my servers and each of these have the same files over and over, the biggest problems are of course /usr/ports and /usr/src, they're a total waste of space and a lot of work running multiple portsnap's etc to keep them all synced.
BJE mentioned he is using nullfs to mount his main /usr/ports into the jails. I did some hunting of information on this and found its a bit thin on the ground, the main reason is that up till 6.0 it's considered broken, though testing shows it works ok, at least for normal use.
FreeBSD 6.0 will have extensions to its rc.conf to make all of this easy.
You can create per-jail fstab files, by default they are stored in /etc/fstab.jailname but you can override the filename using jail_example_fstab. Below is a sample fstab file for one of my jails:
/usr/ports /jails/example/usr/ports nullfs rw 1 1
/usr/src /jails/example/usr/src nullfs ro 1 1
To enable the mounting of these file systems at boot time if you use the rc.conf method of booting your jails simply add a jail_example_mount_enable="YES" to your jail section. A full rc.conf extract to start one example jail below:
jail_enable="YES"
jail_list="example"
jail_socket_unixiproute_only="YES"
jail_sysvipc_allow="NO"jail_example_rootdir="/jails/example"
jail_example_hostname="example.com"
jail_example_ip="192.168.1.100"
jail_example_exec="/bin/sh /etc/rc"
jail_example_devfs_enable="YES"
jail_example_fdescfs_enable="NO"
jail_example_procfs_enable="YES"
jail_example_devfs_ruleset="devfsrules_jail"
jail_example_mount_enable="YES"
I'll investigate also sharing /bin, /sbin, /lib, /libexec, /usr/sbin, /usr/sbin and a few others between jails but it gets a bit tricky if you want to install other versions of perl from ports since they maintain symlinks in /usr/bin etc. This could however simplify world upgrades a lot.
While researching this I came across ezjail which is a script compatible with FreeBSD 6.0 and later to maintain jails that uses nullfs extensively to share a lot of directories from a base jail install. This gives a big potential security improvement because you can mount the system directories read only to give further protection in the event of a compromise. Will definitely investigate this before I start building my new hosted server once FreeBSD 6.0 is out.
Links
- @ripienaar
- Flashpolicyd
- Flickr
- London DevOps Group
- MCollective Plugins
- R.I.Pienaar
- Ruby PDNS
- The Marionette Collective
- Wiki
Tweets
- It's ironic how you cannot send email with google charts api images to gmail users and expect it to work. way to go.
- Google charting API really is very sexy
- High Scalability: Saying Yes to NoSQL; Going Steady with Cassandra at Digg http://bit.ly/9Kli5f
- Caffiene infused. 2am to bed day before delivering the last talk of the day is not recommended
- Once again discovering that something as simple as correct MX and NS records is a very effective CAPTCHA to weed out idiot hosting companies
- I love the E4 ipad ripoff ad http://srt.ly/epad
- RT @garnaat: The only accurate model of the system is the system itself. All other representations are a compromise. <- what he said
- Parallels announces support for Google Chrome Operating System http://bit.ly/aCXXCJ
- RT @brunns: RT @jaywgraves: This is pretty awesome. http://bit.ly/aJ12Gb
- Kelway are totally wicked hardware suppliers. Threw away a £100 cable by accident, they gave me a freebie replacement
Reading
Planned books:
- The Science of Fear: How the Culture of Fear Manipulates Your Brain by Daniel Gardner
- Relentless by Dean Koontz
- Mind Over Ship by David Marusek
- The New Space Opera by Gardner Dozois
- The New Space Opera 2 by Gardner Dozois, Jonathan Strahan
Current books:
-
Ariel: A Book of the Change by Steven R. Boyett
Recent books:
- Hacking Vim: A Cookbook to Get the Most Out of the Latest Vim Editor by Kim Schulz
- Beautiful Architecture: Leading Thinkers Reveal the Hidden Beauty in Software Design by Diomidis Spinellis , Georgios Gousios
Categories
Archives
Licence
