diff options
author | Aaron Ball <nullspoon@iohq.net> | 2015-05-31 14:42:19 -0600 |
---|---|---|
committer | Aaron Ball <nullspoon@iohq.net> | 2015-05-31 14:42:19 -0600 |
commit | 1cae83d63794091ed5cc1248a39073a37979e571 (patch) | |
tree | 3d5c81fbbb65e9c7b66e021972c131a1ca41b507 /src | |
parent | bec251a94189864d08edbc162e3c046aa9d18d9c (diff) | |
download | oper.io-1cae83d63794091ed5cc1248a39073a37979e571.tar.gz oper.io-1cae83d63794091ed5cc1248a39073a37979e571.tar.xz |
More posts converted
Diffstat (limited to 'src')
-rw-r--r-- | src/AdBlock_Only_kind_of_Blocks_Ads.ascii | 30 | ||||
-rw-r--r-- | src/Backing_up_a_Server_Remotely_Using_Minimal_Bandwidth.ascii | 66 | ||||
-rw-r--r-- | src/Btrfs:Balancing.ascii | 87 | ||||
-rw-r--r-- | src/Case_Insensitive_Matching_in_C++.ascii | 192 | ||||
-rw-r--r-- | src/Digraphs.ascii | 114 | ||||
-rw-r--r-- | src/Don't_Censor_Me_Bro!.ascii | 124 | ||||
-rw-r--r-- | src/Remote_Mounting_File_Systems_Through_SSH.ascii | 69 | ||||
-rw-r--r-- | src/SSH_Tunnel_Forwarding.ascii | 66 | ||||
-rw-r--r-- | src/SSH_VPN.ascii | 89 | ||||
-rw-r--r-- | src/Screenshots_from_Command_Line.ascii | 40 | ||||
-rw-r--r-- | src/Writing_an_Array_to_Sql_Conversion_Function.ascii | 35 |
11 files changed, 912 insertions, 0 deletions
diff --git a/src/AdBlock_Only_kind_of_Blocks_Ads.ascii b/src/AdBlock_Only_kind_of_Blocks_Ads.ascii new file mode 100644 index 0000000..ddaf4e1 --- /dev/null +++ b/src/AdBlock_Only_kind_of_Blocks_Ads.ascii @@ -0,0 +1,30 @@ +AdBlock Only kind of Blocks Ads +=============================== +:author: Aaron Ball +:email: nullspoon@iohq.net + +== {doctitle} + +Today I was toying around with netstat to see what incoming connections I had +to my Linux box and noticed that for the pages you're on, your browser makes a +connection to each of the ad's providers linked to on the given page. What's +best (or worst) about this is the connection isn't broken until you close your +browser (at least that I noticed). + +I mentioned this to my girlfriend who is a big fan of adblock and she asked (of +course) if that happened when adblock was running. So, off I went to install +adblock to test and sure enough, it still made the connections to the ad +providers' servers. Obviously the ads are hidden, it just still grabs the +resources for the ads but obscures their html. That means you're still being +tracked by the ad providers, you just don't see it. + +This isn't necessarily a bad thing. I mean, before adblock they were still +getting your information. Now it's the same, you're just not seeing animated +gifs and full screen flash ads all over. I'm not knocking adblock at all (in +fact, please support them in their worthy cause). I just thought I'd mention +this for anyone wondering. + +Category:Adblock + + +// vim: set syntax=asciidoc: diff --git a/src/Backing_up_a_Server_Remotely_Using_Minimal_Bandwidth.ascii b/src/Backing_up_a_Server_Remotely_Using_Minimal_Bandwidth.ascii new file mode 100644 index 0000000..1b1e944 --- /dev/null +++ b/src/Backing_up_a_Server_Remotely_Using_Minimal_Bandwidth.ascii @@ -0,0 +1,66 @@ +Backing up a Server Remotely Using Minimal Bandwidth +==================================================== +:author: Aaron Ball +:email: nullspoon@iohq.net + +The server that runs this website (and a lot of others) also runs a lot of +other services such as an IRC server, a Jabber server, NGINX (of course), and +various other things. I like to take a lot of backups, especially since I'm not +the best person in the area of security. With that, my old way of backing my my +server was relatively painful. I had a script that tarred and compressed each +service directory individually and move it to a secure location on my web +server for download. After download, the script would remove the backup, and +continue to the next. + +The problem with this method is that it consumes a lot of bandwidth and time. +By the time I have downloaded everything, I have used up several gigabytes of +bandwidth. I don't mind so much about the bandwidth though. What's important +is the time and interraction it takes. + + +[[enter-the-light-bulb...]] +== Enter the Light Bulb... + +I've been using rsync for some time now to mirror my laptop to my server +at home. For some reason, it never occurred to me to use rsync with a +private key to log in to my server and download the deltas to my local +machine. If I want a single compressed tar file for a backup, all I have +to do is backup my local server's copy of everything rather than doing +it on my web server and downloading that. Ending this already too long +blog post on this simple topic, here's the rsync command I'm using... + +---- +sync -avP --delete --chmod=g+rx --rsh="ssh -p1234 -i ~/.ssh/id_rsa.pdeb.user" user@server.net:/dir1 /home/server/dir1 +---- + + +[[a-quick-explanation]] +== A Quick Explanation + +* *rsync -avP* uses default rsync settings (-a), specifies verbose mode +(-v) and sets rsync to display its progress on each individual file as it goes +(-P). + +* *--delete* option, rsync will delete files on the destination if they +deleted on the source (this isn't default). + +* *--chmod=g+rx* sets the group settings on the destination to group +with read and write. This is handy if you want to access the backups from +another account that doesn't have access on the server too. This switch is not +necessary. + +* *--rsh="ssh -p1234 -i ~/.ssh/id_rsa.user"* specifies a custom port to +connect on (port 1234 in this case) and specifies a private key to use when +attempting to log in. + +* *user@server.net:dir1 /home/server/dir1* is the host (server) to +connect to along with the user to try (user), the source directory (:/dir) and +the destination directory (/home/server/dir1). + + +Category:Linux +Category:Backups +Category:SSH + + +// vim: set syntax=asciidoc: diff --git a/src/Btrfs:Balancing.ascii b/src/Btrfs:Balancing.ascii new file mode 100644 index 0000000..c5a60b6 --- /dev/null +++ b/src/Btrfs:Balancing.ascii @@ -0,0 +1,87 @@ +Btrfs:Balancing +=============== +:author: Aaron Ball +:email: nullspoon@iohq.net + +== {doctitle} + +I've been using https://btrfs.wiki.kernel.org[Btrfs] on all of my systems for a +couple of years now. Thus far, it's be surprisingly stable. In those two years +I only had link:Btrfs:RAID_5_Rsync_Freeze[one real issue]. However, today I ran into +a new problem. Now that I know what the issue is, it's hardly a problem, but +hey, semantics. + +For my setup at home, I have a Linux server running all the time which hosts my +backups. My backups are copied via rsync. For security, my home directories on +all systems are encrypted block devices using +https://code.google.com/p/cryptsetup/wiki/DMCrypt[dm-crypt] with a +https://code.google.com/p/cryptsetup/[LUKS header]. To force myself to clean up +my files occasionally, I only give myself some 5 gigs of leeway. If I manage to +remove for example 10 gigs of files, I reduce the size of the filesystem and +block device container so I still only have about 2-5 gigs free (depends on +what I'm doing hobby-wise at the time). This is where my problem with Btrfs +comes in. + + +[[the-really-excitingboring-details]] +== The Really (Exciting|Boring) Details + +This section might be super boring for some or most folks because it talks +about the innards of Btrfs. If you aren't interested, make like a Tatooine +speeder and move along... move along. + +As more storage is needed for the filesystem, chunks of raw storage are +consumed by default 1 gigabyte at a time. As the +https://btrfs.wiki.kernel.org/index.php/SysadminGuide#Data_usage_and_allocation[kernel.org +page] describes, these chunks are used for file data and/or metadata storage. +As more files are written to the filesystem, more metadata chunks are required +to describe the additional files (data to metadata ratios can be specified at +filesystem creation). By default, a metadata chunk cannot be used for data and +a data chunk cannot be used for metadata (kind of - there is a mixed mode which +is tremendously slow on filesystems larger than 1G). On a large storage device +this is fine, but if you are constantly deleting files like me, you may run +into the issue I ran into where the available space value is incorrect because +the various space checking commands check for available _data_ space, not +taking into account metadata. Because I delete so many files so often, there is +a lot of metadata storage that is allocated but is no longer used because the +files that the metadata were describing no longer exist, and thus the metadata +for those files do not either. Consequently, the metadata chunks are no longer +fully used (remember, they are allocated 1 G at a time). Due to the fact that +metadata and data chunks cannot be mixed by default, the underused metadata +chunks just consume storage from the overall available, reducing the amount of +available storage for data. + +_*takes a deep breath*_ + + +[[the-solution]] +== The Solution + +The solution to this issue is called a rebalance (or balance as the btrfs +subcommand is called). What it will do is rewrite all of the data on the given +block device, sending it through the allocator algorithm before being rewritten +to the storage. This will cause the datas' metadata to be reallocated and +rewritten. What results is your metadata being "restacked", potentially causing +you to end up with completely empty 1G metadata chunks, thus freeing that +storage space for data. This isn't a complete analogy, but you can think of +this a [very] little like a defragment and cleanup process for metadata. Here's +the command. + +---- +btrfs balance start /path/to/mount +---- + +If you're interested in metrics, run + +---- +btrfs filesystem df /path/to/mount +---- + +before and after you run the balance and compare your metadata values. + +Category:Btrfs +Category:Linux +Category:Filesystems + + +// vim: set syntax=asciidoc: diff --git a/src/Case_Insensitive_Matching_in_C++.ascii b/src/Case_Insensitive_Matching_in_C++.ascii new file mode 100644 index 0000000..35cc1a7 --- /dev/null +++ b/src/Case_Insensitive_Matching_in_C++.ascii @@ -0,0 +1,192 @@ +Case Insensitive Matching in C++ +================================ +:author: Aaron Ball +:email: nullspoon@iohq.net + +== {doctitle} + +I had this epiphany yesterday while working on my new command line +https://github.com/nullspoon/noteless[note-taking project] and I wanted to +write a blog post about it since I haven't seen anyone on the internet yet take +this approach (though there aren't exactly a lot blogs posts on programming +theory of this of this kind in general). + +My program is written in c+\+. It provides a search functionality very similar +to the case insensitive matching of _grep -i_ (you 'nix users should know what +I'm talking about). If you've done much in c+\+, you likely know that string +parsing is not so easy (or is it just different). Thus the question...__how to +perform case insensitive text searching in c++__. + +A few notes though before we proceed. I'm fairly new to c\+\+ (about 9 months +as a hobby) so everything I say here might not be entirely right (it'll work, +it just might not be the _best_ way). If you catch something that's wrong or +could use improvement, please send me User:Nullspoon[ an email] or leave a +comment on the link:{{TALKPAGENAME}}[ talk page]. Secondly, since this is +probably something the c++ gods have already mastered, I will be writing this +post aimed at the newer folk (since I myself am one), so bear with me if you +already know how to do this. One final note. I am still ceaselessly amazed at +how computers work, so I get fairly giddy when it comes to actual memory +management and whatnot. Brace yourselves... + +[[chars-ints-kind-of]] +== Chars == Ints (kind of) + +To continue, we need to understand a few things about base data types in +memory. + +* **Ints**: An int is just 8 bits of memory (well, it's 16 including +signing, but we don't need to cover that here). + +* **Chars**: Chars are just ints, but marked as chars. Effectively, a +number has been assigned to each letter and symbol (including uppercase and +lowercase), which is where integers meet chars. The integer determines which +char is selected. + +To demonstrate those two data types, let's take a look at some sample +code. + +---- +using namespace std; +#include <iostream> + +int main( int argc, char** argv ) { + int i = 72; + char c = i; + cout << "The integer " << i; + cout << " is the same as char " << c << "!" << endl; + return 0; +} +---- + +What we do here is create <code>int i</code> with the value of 72. We +then create <code>char c</code> and assign it the value of _i_ (still +72). Finally, we print both int i and char c and get... + +---- +The integer 72 is the same as char H! +---- + +If you're wondering, we could have also just assigned char c the value +of 72 explicitly and it would have still printed the letter H. + +Now that that's out of the way... + + +[[a-short-char---integer-list]] +== A Short Char - Integer List + +* **! " # $ % & ' ( ) * + , - . /**: 35 - 47 + +* **0-9**: 48 - 57 + +* **: ; < = > ? @**: 58 - 64 + +* *A - Z* (uppercase): 65 - 90 + +* **[ \ ] ^ _ `**: 91 - 96 + +* *a - z* (lowercase): 97 - 122 + + +[[lowercase-uppercase-32]] +== Lowercase == Uppercase + 32 + +You may have noticed an interesting fact about the numbers assigned to +characters in [English] computing: uppercase and lowercase letters don't have +the same integers. + +These character integer range seperations are key to performing a +case-insensitive string search in c\+\+. What they mean is, if you happen upon +the letter **a**, which is integer 97, then you know that its capital +equivalent is going to be 32 lower (int 65). Suddenly parsing text just got a +lot easier. + + +[[piecing-it-all-together]] +== Piecing it all together + +Since characters are simply just integers, we can perform text matching via +number ranges and math operators. For instance... + +Suppose you want to build a password validator that allows numbers, upper case, +lower case, and __: ; < = > ? @ [ \ ] ^ _ `__. That is the integer range 48 - +57 (the char equivelants of integers), 58 - 64 (the first symbols), 65 - 90 +(the uppercase), 91 - 96 (the second set of symbols), and 97-122 (the +lowercase). Combining those ranges, the allowable characters make up the +integer range of 48 - 122. Thus, our program might look something like... + +---- +using namespace std; +#include <iostream> + +int validate_pass( const char* pass ) { + long i = 0; + while( pass[i] ) { + if( pass[i] < 48 || pass[i] > 122 ) { + return 0; + } + i++; + } + return 1; +} + +int main( int argc, char** argv ) { + // The first password that meets the requirements + const char* pass = "good_password123"; + cout << pass; + if( validate_pass( pass ) ) { + cout << " is valid." << endl; + } else { + cout << " is not valid." << endl; + } + + // The second password fails because ! is int 35, which is out of range + const char* pass2 = "bad_password!"; + cout << pass2; + if( validate_pass( pass2 ) ) { + cout << " is valid." << endl; + } else { + cout << " is not valid." << endl; + } + return 0; +} +---- + +Will output... + +---- +good_password123 is valid. +bad_password! is not valid. +---- + +The first password succeeds because all of its characters are within the range +of 48 - 122. The second password fails because its final character, the "!", is +int 35, which is outside of the allowable character range of 48 - 122. That +brings a whole new meaning to the out_of_range exception, doesn't it? + +That's just one simple example of how this could work. One personal note, +please don't put that restraint of > 48 on your users if you write a validator +script. Not having access to the more common symbols is a nightmare for users. + +If you would like to see another example, the one I wrote for case insensitive +matchings in my note program can be found at +https://github.com/nullspoon/noteless/blob/master/src/lib/note.cpp in the +*note::line_matches* method. + +Hopefully this is useful for someone besides myself. Either way though, I'm +still super excited about the ease of making real-life data programatically +usable through conversion to integers. It makes me want to see what other +real-life data I can convert to numbers for easier parsing. Images? Chemistry +notation? + +I do say my good man, http://www.bartleby.com/70/1322.html[Why, then the +world’s mine oyster, Which I with numbers will open.] (okay, I may have +modified the quote a tad) + + +Category:Programming + +Category:C\+\+ + + +// vim: set syntax=asciidoc: diff --git a/src/Digraphs.ascii b/src/Digraphs.ascii new file mode 100644 index 0000000..0a3d116 --- /dev/null +++ b/src/Digraphs.ascii @@ -0,0 +1,114 @@ +Digraphs +======== +:author: Aaron Ball +:email: nullspoon@iohq.net + +Wikipedia defines digraphs (and trigraphs) as + +[quote, Wikipedia, 'http://en.wikipedia.org/wiki/Digraph_%28computing%29[Digraphs and trigraphs]'] +____ +sequences of two and three characters +respectively, appearing in source code, which a programming language +specification requires an implementation of that language to treat as if they +were one other character. +____ + + +If you've spent much time in Unix, you have likely seen their character +representations on a rare occasion. Usually they begin with a ^ followed by +some key code. Note though that I said "spent much time in _Unix_ though. This +is because Linux doesn't _usually_ (with some exceptions) have problems with +digraphs. When I say Unix though, I am referring to the really old ones that +claim to be up-to-date like AIX, Solaris, and HPUX. + + +[[what-do-digraphs-have-to-do-with-old-unix]] +== What do digraphs have to do with old Unix? + +Digraphs are actually used every time you use a Unix/Linux box from the +command line. There's this realy nifty thing called *stty* that flies +under the radar most if not all of the time on newer systems. I don't +know of a single Linux distro that doesn't set stty for you. The reason +it flies under the radar so often is because it's something that's been +standardized for so long that it is all but set in stone (as far as I +know). It's also super handy to have set, and super infuriating to not +have set. + + +[[what-is-stty]] +=== What is stty? + +Well, technically STTY is an acronym for "**S**et **TTY**". That's tons of help +though. What's TTY? It turns out that +http://en.wikipedia.org/wiki/Tty_%28Unix%29[TTY] is an acronym for +**T**ele**TY**pewriter. Combining all that goodness, we have **S**et +**T**ele**TY**pewriter. + +Now, all this is great, but really, what does this have to do with anything? It +turns out that while we nearly never need to directly deal with it, we actually +use it all the time. Here's a short list of a few things we use it for in +*nix... + +* Backspace +* Scrolling with a mouse in a terminal +* Ctrl+C (sigterm) +* Ctrl+D (logout/eof) +* All arrow keys, both horizontal and vertical + +I mentioned earlier that stty is set by default on nearly all modern Linux and +Unix distributions with the exception of old Unix distributions such as AIX, +Solaris, and HPUX. I posed this question to a few AIX admins I know and all of +them told me that IBM doesn't set stty for you by default because it's more +customizable than Linux, therefore better. I have my own very charged opinion +as to why they don't set a default, but I will leave that out of this post. + + +[[what-does-stty-look-like]] +== What does stty look like? + +Where I work, management is endeavoring to make their Linux environment as much +like AIX as possible. One step in that process is to merge the .profile +configurations. Since Linux doesn't have stty set in .profile because the +system has a default, AIX using a Linux .profile doesn't support the +afforementioned list of modern keyboard keys (backspace? really? no). Imagine +how infuriating command line can get without arrow keys for cursor movement, a +backspace to correct your mistakes, and Ctrl+C to clear your line or stop your +process. The only option we have here is to re-set the Linux stty so when the +profile is sent over to an AIX system, it also has stty set on login. Here's my +attempt at porting my Arch Linux stty to aix. + +---- +stty erase ^? kill ^U intr ^C eof ^D quit ^\ start ^Q stop ^S susp ^Z rprnt ^R werase ^W lnext ^V flush ^O time 0 -parenb -parodd cs8 -hupcl -cstopb cread -clocal -ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon -ixoff -iuclc -ixany -imaxbel -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0 +---- + + +[[what-does-all-that-do]] +== What does all that do? + +I really only want to cover a few things in that list because they are the most +frequently used and caused me trouble when I was trying to set this up. + +Each of those items up there starting with a +https://en.wikipedia.org/wiki/Caret#Circumflex_accent[\^ (Circumflex Accent)] +represents a control key combination. For instance, +eof \^D+ will send the +logout signal upon pressing Ctrl+D. The problem here is that those "circumflex +accents" aren't caret characters. A circumflex accent is its own character. How +do we do these in vi/vim? You need another control key combination to tell +vi/vim that you are going to be pressing a control key combination of course! + +To do, for instance, the Ctrl+D sequence in vim, go into insert mode and type ++Ctrl+v Ctrl+d+ (the d is not capitalized) and you should see +\^d+ show up. + +I did have two problems with this method though: \^S and \^Q. It turns out that +those aren't Ctrl+S and Ctrl+Q. Since I didn't know those, I elected to use the +actual digraph instead of the character version to set them. To do this, go +into insert mode again and hit +Ctrl\+k+ and type the digraph. In the +case of \^Q and \^S, these are D1 and D3, respectively. + + +Category:Linux +Category:Vim +Category:Unix + + +// vim: set syntax=asciidoc: diff --git a/src/Don't_Censor_Me_Bro!.ascii b/src/Don't_Censor_Me_Bro!.ascii new file mode 100644 index 0000000..158abf8 --- /dev/null +++ b/src/Don't_Censor_Me_Bro!.ascii @@ -0,0 +1,124 @@ +Don't Censor Me Bro! +==================== +:author: Aaron Ball +:email: nullspoon@iohq.net + +Most of the people who spend any time on this site are likely techies +and already know that the road post-SOPA (and PIPA) is a long and dark +one. For those of you who may not know exactly what it's all about +though, here's a short summary from Wikipedia... + +[quote, Wikipedia, 'https://en.wikipedia.org/wiki/Stop_Online_Piracy_Act[Stop Online Piracy Act]'] +____ +The bill would authorize the U.S. Department of Justice to seek court orders +against websites outside U.S. jurisdiction accused of infringing on copyrights, +or of enabling or facilitating copyright infringement. After delivering a court +order, the U.S. Attorney General could require US-directed Internet service +providers, ad networks, and +payment processors to suspend doing business with sites found to +infringe on federal criminal intellectual property laws. The Attorney +General could also bar search engines from displaying links to the +sites. +____ + +That sounds pretty harmless, doesn't it? + +While the bill seems to have good intentions (who likes a pirate, right?...), +the overall consequences of it are heavily dependent on how the bill defines of +"copyright infringement". The (very) unfortunate issue here is that the +definition of a person infringing a copyright is very broad and could cover a +very large portion of the internet. To quote +http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.3261.IH:/[section 201], +subsection A of subsection A of the SOPA... + +[quote] +____ +. IN GENERAL- Any person who willfully infringes a copyright shall be punished + as provided under section 2319 of title 18, if the infringement was committed-- +.. for purposes of commercial advantage or private financial gain; +.. by the reproduction or distribution, including by electronic means, during + any 180-day period, of 1 or more copies or phonorecords of 1 or more + copyrighted works, or by the public performance by means of digital + transmission, during any 180-day period, of 1 or more copyrighted works, + when the total retail value of the copies or phonorecords, or of the public + performances, is more than $1,000; or +.. by the distribution or public performance of a work being prepared for + commercial dissemination, by making it available on a computer network + accessible to members of the public, if such person knew or should have + known that the work was intended for commercial dissemination. +____ + +That's pretty broad. So far, that would most likely shut down Youtube, Facebook +(people link to Youtube videos, right?), possibly WIkipedia, and most if not +all of the video hosting sites out there (metacafe, vimeo, possibly netflix if +their licensing isn't right, etc). A big problem here is that there is that a +person uploads to Youtube, yet the website will be taken down for one person, +punishing the rest. But that's aside the point (or is it?). Back to the legal +talk. In section 201 of the SOPA legislation subsection C under subsection A +the bill describes examples of copyrighted material that can be infringed upon +(definition of "work being prepared for commercial dissemination") ... + +[quote] +____ +. a computer program, a musical work, a motion picture or other audiovisual +work, or a sound recording, if, at the time of unauthorized distribution or +public performance-- +.. the copyright owner has a reasonable expectation of commercial distribution; +and +.. the copies or phonorecords of the work have not been commercially +distributed in the United States by or with the authorization of the copyright +owner; or, +.. the copyright owner does not intend to offer copies of the work for +commercial distribution but has a reasonable expectation of other forms of +commercial dissemination of the work; and</li> +.. the work has not been commercially disseminated to the public in the United +States by or with the authorization of the copyright owner; +. a motion picture, if, at the time of unauthorized distribution or public +performance, the motion picture-- +.. has been made available for viewing in a motion picture exhibition facility; +and +.. has not been made available in copies for sale to the general public in the +United States by or with the authorization of the copyright owner in a format +intended to permit viewing outside a motion picture exhibition facility; or +.. had not been commercially disseminated to the public in the United States by +or with the authorization of the copyright owner more than 24 hours before the +unauthorized distribution or public performance.'. +____ + +So what we have here is a very broad definition that covers every single +copyrighted work of music, software, and sound recording (you can copyright +those?) in the United States. That definitely would shut down every single +video hosting site and any other site that re-posted videos/recordings from +those sites. The consequences of this could be so far reaching. + +This bill is a reaction that reminds me of +https://www.eff.org/cases/lenz-v-universal[Stephanie Lenz vs UMPG], a mother +who lost the suit and was put in prison for posting a 29 second video of her +child dancing to a Prince song. This kind of response is juvenile at best. SOPA +is very similar. I mean, who would shut down an entire website just because +someone posted a short clip of your song on their website? This bill can only +end poorly. If all it takes to have your website taken down, removed from +search engines, and banks required to not do business with you is a single +short clip of a copyrighted song or movie, what kind of punishment will we have +in 10 years for doing 5 over on the interstate? Moreover, the issue just isn't +about an unjust punishment for something that can barely be construed as a +misdemeanor in almost every case, it's about censorship. How is it a good thing +that one government (let alone more than one) have the power to censor the +entire world? We've seen what this can do from China. Why is it that this is +even an issue when we've already seen what this does? + +Please check out the +http://en.wikipedia.org/wiki/Wikipedia:SOPA_initiative/Learn_more[Wikipedia +page] (the only page that is currently not blacked out), read up on the +subject, and contact your local government representative. Wikipedia will get +you contact information for who that is if you go to their homepage. Also, if +you would like to read the actual bill (as of October 26, 2011), please check +out the Library of Congress site +http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.3261.IH:/[here]. + + +Category:Politics +Category:EFF + + +// vim: set syntax=asciidoc: diff --git a/src/Remote_Mounting_File_Systems_Through_SSH.ascii b/src/Remote_Mounting_File_Systems_Through_SSH.ascii new file mode 100644 index 0000000..958a377 --- /dev/null +++ b/src/Remote_Mounting_File_Systems_Through_SSH.ascii @@ -0,0 +1,69 @@ +Remote Mounting Filesystems Through SSH +======================================= +:author: Aaron Ball +:email: nullspoon@iohq.net + +Today I was wanting to edit a few image files on a remote machine. Now, when I +typically need to transfer files across the internet, I will transfer them +through sftp. I prefer this method simply because I already have an ssh server +running on my target machine, so I don't need to install anything extra (such +as ftp or samba). + +In light of this, I figured that since you can transfer files through an ssh +tunnel, you must be able to remotely mount a file system through ssh. + +Enter sshfs + +I searched around a bit and the first thing I found was sshfs (ssh file +system). It allows you to remotely mount files systems through ssh/fuse (yay). +<pre> apt-get install sshfs </pre> Before we get around to actually mounting +the remote filesystem, we need to change permissions on one thing so we can use +this as a non-root user since we don't run GUIs as root (at least I hope you +all don't). Let's add execute permissions for all to the fusermount command. + +---- +chmod +x /usr/bin/fusermount +---- + +Now that we have done that, we can proceed with mounting. I create a +mount location in my home directory for ease of access. + +---- +mkdir ~/mount +---- + +Now that we have a place to mount our remote location, +let's actually perform the dastardly deed. + +---- +sshfs <username>@<RemoteServer>:<RemotePath> <LocalMountPoint> +---- + +A good example of this is + +---- +sshfs jimneycricket@nowhereissomewhere:/home/jimneycricket ~/mount +---- + +It will ask you for a password. Supply the password and all should be well. +Open up your file manager and navigate to \~/mount and you should see the files +on your remote server (in this case, the home directory for jimneycricket). + +To unmount, you need to log in as root/sudo and run umount \~/mount. + +Finally, if you change the ports that ssh listens to on all of your ssh +servers, you need to add one extra bit to the sshfs string. To connect to a +port other than the default 22, put + +---- +-p <port> +---- + +just after sshfs and you'll be set. + +Yay for seamless mounting! + +Category:Linux + + +// vim: set syntax=asciidoc: diff --git a/src/SSH_Tunnel_Forwarding.ascii b/src/SSH_Tunnel_Forwarding.ascii new file mode 100644 index 0000000..267a621 --- /dev/null +++ b/src/SSH_Tunnel_Forwarding.ascii @@ -0,0 +1,66 @@ +Yesterday, I had an idea that remarkably enough, actually worked (go figure, +huh). I have a few friends who use Linux on their desktops but aren't quite +Linux gurus (but who am I kidding, neither am I as evidenced by this post). +Don't get me wrong of course, I'm super proud to have friends that aren't IT +people but use Linux on their desktops. That speaks a lot to the quality of +the work the Linux community has produced. + +Despite the whole Linux thing, they still occasionally have issues and call me +for help. Most of the time, I just need GUI access to troubleshoot router +issues on their side or something like that. Now, telling someone how to port +forward and open up firewall ports on a router you don't know just so you can +directly connect to their laptop/desktop through ssh can be really painful over +the phone most of the time. + + +[[enter-the-brick-that-hit-me-in-the-head-yesterday...]] +== Enter the brick that hit me in the head yesterday... + +I was driving to lunch yesterday and began wondering if it would be possible to +have two computers tunnel to a central server on the same port and in essence, +forward traffic between the ports. As it turns out, this actually works (!!!), +and it's really easy too. + +So, for our example we'll have three computers Me, Nexus, and Douglas (you know +who you are). Nexus is our central server that's accepting ssh connections and +Douglas is my friend that needs help. It doesn't matter which order these +connections need to be made in. Additionally, we're going to assume that our +friend's vnc server is set up and listening on 5901. + +First (not really), you need to connect to the central server +(nexus.example.com for our example). To do this, open a terminal and type + +---- +ssh -L 5901:localhost:5901 me@nexus.example.com +---- + +Second (again, not really), our good friend Douglas needs to connect to the +nexus as well. To do that, he needs to open a *reverse* tunnel to the nexus +using the following command: + +---- +ssh -R 5901:localhost:5901 douglas@nexus.example.com +---- + +Open your VNC client and connect to localhost:5901 and you should be golden! + +Please take note of the differences in the two commands we just used. The only +difference (aside from the usernames) is the switch used for the tunnel. The +*-L* establishes a standard tunnel and the *-R* establishes a reverse tunnel, +which allows the traffic to be forwarded to another tunnel connected on the +same port. + +There is one security issue with this that could potentially cause you grief if +you don't own the central server. If you don't own the box exclusively, other +users on the box could also connect to the reverse tunnel. If you do own the +box though, this shouldn't be an issue for you. + +_Insert clever post ending here_ + + +Category:SSH +Category:VNC +Category:Linux + + +// vim: set syntax=asciidoc: diff --git a/src/SSH_VPN.ascii b/src/SSH_VPN.ascii new file mode 100644 index 0000000..f5eef2b --- /dev/null +++ b/src/SSH_VPN.ascii @@ -0,0 +1,89 @@ +SSH VPN +======= +:author: Aaron Ball +:email: nullspoon@iohq.net + +== {doctitle} + +Nope, I didn't just yell at you using all caps in the subject. Just for the fun +of it, let's expand that one out. + +"Secure Shell Virtual Private Network" + +That sure sounds like a phrase you'd hear in some bad hacker movie. + +All sarcasm aside, this is probably one of the coolest things you can do with +SSH in my opinion. I wrote link:SSH_Tunnel_Forwarding[ a post] about this a +ways back, but it was limited only to forwarding and reverse forwarding SSH +tunnels. I recently discovered though that SSH can open this cool thing called +a http://en.wikipedia.org/wiki/SOCKS[SOCKS proxy] (short for Socket Secure +Proxy) when using the *-D* switch. SOCKS proxies, unlike SSH tunnels, allow you +to funnel all protocols/traffic through this one port, just like a VPN. The one +downside is to use this for everything, you either have to be masterful with +iptables, have http://sourceforge.net/projects/tsocks/[tsocks] installed, or +have the BSD version of netcat installed to work some magic. + + +[[real-application]] +== Real Application + +At work this comes in handy because of the way the networks are set up. +Avoiding all bias about how right or wrong our networks are configured, I often +need to connect to a particular remote system that sits in a subnet accessible +only through two jump systems ( jump0 -> jump1 -> destination ). The only way +for me to get into that subnet is through two jump boxes. Jump box 1 is only +accessible from jump box 0 and the remote system I need access to is only +accessible from jump box 1. That means to get to my remote system, I need to +ssh to jump box 0, from there ssh to jump box 1, and from there ssh to my +destination system. This is really cumbersome when I need to work on multiple +systems within this far off subnet. + +Using an SSH SOCKS proxy though, I can have everything set up so I don't have +to keep opening three nested SSH sessions just to access a single box. Here's +how it's done. + + +[[how-its-done]] +== How it's Done + +* SSH to jump box 0 using the following command +** +ssh -L 1080:localhost:1080 jiminy@jump0+ +* Using the previously established session, ssh to jump box 1 using the + following command +** +ssh -D 1080 jiminy@jump1+ + +We now have two nested ssh sessions. The first forwards remote port 1080 to +localhost:1080. The second ssh command opens a SOCKS proxy on jump box 0 +through to jump box 1. Remember how port 1080 is forwarded to our local box +with the first ssh session? + +Now, just open an ssh session to any system that is only accessible from jump +box 1 and your traffic will be forwarded straight on through. + +---- +tsocks ssh jiminy@WayFarOut +---- + +Yay! + + +[[one-last-thing...]] +== One Last Thing... + +There was one thing I discovered that was problematic for me on jump box +0. It turns out that the default configuration for SSH won't allow +forwarding of SSH traffic. If you're seeing an error like this + +---- +channel 0: open failed: administratively prohibited: open failed +---- + +...you need to set *PermitTunnel* in /etc/sshd_config to _yes_ on any boxes +forwarding the SOCKS proxies. + + +Category:SSH +Category:Linux + + +// vim: set syntax=asciidoc: diff --git a/src/Screenshots_from_Command_Line.ascii b/src/Screenshots_from_Command_Line.ascii new file mode 100644 index 0000000..fdb8512 --- /dev/null +++ b/src/Screenshots_from_Command_Line.ascii @@ -0,0 +1,40 @@ +Screenshots from Command Line +============================= +:author: Aaron Ball +:email: nullspoon@iohq.net + +== {doctitle} + +Today I was wanting to screenshot some work I had done on a vector image inside +of the window. Now, I have a pretty minimalistic install on my box. Due to this +I didn't have a screenshot application aside from http://gimp.org[The Gimp]... +or so I though. + +Like almost everything else in Linux, it turns out you can take screenshots +from the command line. To do this you use the import command. + +---- +import image.jpg +---- + +This will change your cursor to a plus symbol. Click the window you want to +screenshot and it'll save it to the current directory. + +You may notice however that if your window isn't in the foreground, it may +require two or more clicks to get the window you want up so you can screenshot +it. To do this, we simply need a delay. + +---- +import -pause 4 image.jpg +---- + +The -pause switch will delay the screenshot by the duration specified. In the +example, we delay it for four seconds. Once the delay is up, again you will see +the mouse cursor change to a plus symbol. Select the window you want to +screenshot and it will save it to the current directory, unless you have +specified a different one to save to. + +Category:Linux + + +// vim: set syntax=asciidoc: diff --git a/src/Writing_an_Array_to_Sql_Conversion_Function.ascii b/src/Writing_an_Array_to_Sql_Conversion_Function.ascii new file mode 100644 index 0000000..1471584 --- /dev/null +++ b/src/Writing_an_Array_to_Sql_Conversion_Function.ascii @@ -0,0 +1,35 @@ +Writing an Array to Sql Conversion Function +=========================================== +:author: Aaron Ball +:email: nullspoon@iohq.net + +Lately I've been doing a lot of converting arrays from key-value pairs to SQL +insert statements. I've been doing it so much in fact that it became pretty +apparent I would need a toSql function to keep from duplicating this code. With +that, here's my function. Hopefully it comes in handy for some of you. + +---- +private function toSql($KeysValues) { + // Parse from array to quoted csv + $keys=implode(',',array_keys($KeysValues)); + $values='\''.implode('\',\'',array_values($KeysValues)).'\''; + return array($keys, $values); +} +---- + +This spits out an array with a key string and a value string encased in single +quotes. To use this all you need is + +---- +<?php +$data = toSql($KeysValuesArray); +$sql = 'INSERT INTO test_table ('.$data[0].') VALUES ('.$data[1].')'; +?> +---- + + +Category:MySQL +Category:PHP + + +// vim: set syntax=asciidoc: |