Blog migration project: success!

Well, I finally did it! The conversion from blogger to wordpress is complete. I will soon be updating the seneca planet to point to this blog instead of my old one. Also, I have merged my two blogger blogs, seneca blog and “The Linux Rant” in two one blog, and separated posts with categories and tags.

So why did I switch? I was unhappy with serveral things:
- First, blogger mangles my line spacing and whitespace. This is so annoying that it makes me want to bash my laptop against the wall.
- Second, wordpress has more flexibility with categories/tags. You can give a RSS feed for just posts in a certain tag/category, for instance.
- Third, WordPress has a wider selection of themes to choose from. If I don’t like one of the ones provided, then there are hundreds of other themes I can download and add in.

Sudo: Why Ubuntu does it right

One of the most famous Linux debates on the internet is over Ubuntu’s security model of using sudo to administrate a machine and disabling the traditional root login via su. For many experienced Linux and unix sysadmins, such behavior is strange and foreign, and many people change sudo on Ubuntu to behave like “normal.” I, on the other hand, have gradually come to believe that not only is the Ubuntu way good, it is actually better! In this post I’ll attemp to explain why.

You can read the long-winded official explanation of why Ubuntu uses sudo, but I’ll attempt to summarize. Basically, there are two main benefits to the Ubuntu sudo model that I see:

1. Disabling the root account entirely provides an extra layer of security from remote hackers. If someone is attempting to hack into your system remotely then one common form of attack they might us would be to try logging in as root with all sorts of passwords, (i.e.: a dictionary attack) since every Linux machine has a root user. If they can guess the password, then they can get in! This is the same reason why it is recommended that logging in via ssh as root be disabled in the ssh config. Instead of doing “ssh root@myhost.com” you would normally use “ssh username@myhost.com” and then “su -” to become root. Disabling root login entirely protects against any other possible method of remote login in the same way.
2. Using sudo adds an extra layer of abstraction in the security model. This can either be a good thing or a bad thing depending on how you look at it. I think it’s a good thing. Let me give a short little story to illustrate why.

When I was a working for the summer in my university’s IT department on year, our network got infected by a nasty worm that the antivirus wasn’t picking up. What it would do is simply create tons and tons of hidden files, replicating itself in every directory on a system. Network shares were mounted on each desktop, so it soon spread out to every computer. Now, on systems that had limited user access (most computers in on the network), the worm did limited damage. It couldn’t write to system directories like “C:\program files”. It also couldn’t write to other user’s directories. What happened was the IT manager at that time logged on to a windows computer in the workroom as administrator. On windows, the administrator is similar to root; it has access to everything and can do anything. So, as soon as he logged on, and the network shares were mounted, because he had access to everything on the network, the worm suddenly had permission to write everywhere. Every. Single. Computer. It took us a full week to get rid of the stupid thing. Luckily an infected computer could be cleaned without reimaging, so it wasn’t as bad as it could have been, but if IT manager had not logged on as administrator, the damage would have been MUCH more limited.

So how does this help us? Well if only specific commands are run as root instead of the entire environment, then processes are limited in the damage they can do. Using “su” after logging in as a regular user uses this idea, but Ubuntu takes it one step further by disabling root login altogether.

It’s the difference between saying “run this command as root” and “run everything as root.” I just think the latter is a better mindset for security.

So. If you’re new to Ubuntu, here’s a few helpful hints for people who are used to the “old” way of doing it:

• By default, sudo remembers your password for 15 minutes, so if you’re doing a series of administrative commands, you’ll only have to type your password once, then the system will “forget” it 15 minutes after your last sudo command.
• You can run “sudo -K” to force sudo to forget your password and ask you again next time you sudo.
• You can actually get an interactive shell for those rare times it is absolutely needed. by running “sudo -i” (ie.: using sudo in a command breaks it.) This is the equivalent to running su by itself. These cases are very rare, however.
• Typing sudo infront of every command can get annoying if you are not used to it, but after a while it becomes second nature. If you DO forget, you can simply do “sudo !!” which runs the last command, but with sudo in front of it. !! is bash shorthand for the last command in the bash history.

Seneca twitterers?

I recently succumbed to the latest social networking fad, and signed up for twitter. I resisted getting sucked in to facebook, but this looks interesting. Anywho, if there’s any other Seneca people on twitter, you can follow me here: http://twitter.com/evets25 .

Have no idea what twitter is? Want to sign up too? http://www.twitter.com for more info.

0.5 release: 2nd package!

For my 0.5 release, I have packaged up a 2nd font and submitted it for review! The bugzilla package review request can be found here. The font I’ve chosen this time is called Breip, and it’s a handwriting style font. I’m not normally a big fan of handwriting fonts (they’re usually too messy), but this one looks kinda cool. You can see what it looks like over on it’s website. As for the actual packages and spec file, they can be found on on my seneca matrix account web space.

A few things I noticed this time around:
- The spec file template for font packages has been updated, and it has been greatly simplified as a result. Basically, they removed all the parts where I didn’t understand what was going on ^.^ . I LOVE the new template!
- The main reason I picked this font out of all the fonts on the huge wishlist was because this one had a) source files in the .sfd format, meaning I could use the same tool to compile them again, b) the Open Font Lisence and no legal issues AT ALL. (It’s a brand new font, not forked off of anything) and c) it looked cool. Mostly though, it was a) and b). A lot of fonts on the wishlist have some legal issues, or they don’t have sources in the right format, or the creator speaks a different language so we can’t contact them to fix something, or some little detail like that holding up the process. This font however was easy and straightforward, because upstream provided everything I needed to do my job. Most of the time I spent on this was spent adjusting to the new template, and figuring out the fontconfig stuff. Which leads me to my next point…
- Fontconfig. Since it was explicitly requested on the wishlist page for this font that there be accompanying fontconfig rules, I had to learn what the heck fontconfig is, and how to use it. It turned out to be not nearly as complicated as it sounds. Basically, the way it works is that each font gets its own XML-structured file, which fontconfig uses to decided how and where the font is to be used on the system. Some fonts are good substitutions for others, and some fit a particular stlye. doing it this way means that programs can simply say, I need a font that can do X and then fontconfig can choose the best font. It is simple to write fontconfig rules, and simple to integrate into the packaging, thanks to the new template.

I was hoping to also revise my last package, the epigrafica font, as well for this release, but it looks like that will have to wait for a day or two until I can use my laptop again. Sadly, I lost the power cord on my laptop yesterday. I left it in the lab I was working in on thursday evening, room T2107 in the TEL building at Seneca. I went in today to see if it was still there, but it was long gone. I check lost and found, I checked the CDOT area, I checked ACS, I checked everywhere, but no luck. If you see it or know where it is, please let me know very soon so I can get it back, otherwise I’ll be buying a new one. It’s black with “Lenovo” written on it in glowy blue letters that light up when you plug it in. Anywho, all my font packaging files and environment is on the laptop, so I can’t finish up the changes I was making to the epigrafica package until I get it back. The frusterating part is that I was almost done fixing the other package, I just needed to make a few minor changes and then send it off. :/ Anywho, I’m glad I got this package finished up yesterday so that I have something to release.

Stephen Carter

0.4 release: font package up for review

I finally decided to get up off my butt and do my .4 release, so here it is.

A quick refresher: My project that I started last semester is packaging free fonts for Fedora. I finally got a font packaged up and today I submitted it for review into the redhat bugzilla, which you can find here. I uploaded the files to my seneca matrix webspace, so if you want to try out my font, you can head over to http://matrix.senecac.on.ca/~scarter4/ and download the rpm and install it. You can also find the .srpm and .spec file there, if you wanted to take a look at them and possibly even review my package (pretty please? ) .

The font that I’ve packaged is called epigrafica, (not “epigraphica,” as I kept on misspelling it while doing the packaging >.<), and it is based on the Mgopen font “Cosmetica.” This font in turn is based on the heavily proprietary optima font. Now at this point, you may be thinking “hold on, it was based on proprietary font? Is that legal?” At least, I certainly was thinking that. However, If you read http://www.ellak.gr/fonts/mgopen/index.en.html#history , it seems that the people who created the mgopen font family got specific permission from the creators of the fonts to release them under a new licence, and hence the mgopen font licence was created for this purpose. It is mainly a variation of the bitstream vera licence (another popular licence used for fonts), but different enough to warrant it’s own name.

After discussing this on IRC with a person on freenode##fonts, I think I understand the licencing enough to say that I think I’m in the clear, legally. Epigrafica is based on a font that uses the mgopen font licence, which has also already been packaged and accepted into fedora. So at the very least, if they accepted the mgopen font collection, a work based on one of those fonts should be acceptable.

Licensing questions aside, it has been an interesting over the past week or two as I’ve slowly gotten more involved in the community, reading (and writing to) the mailing list, talking on IRC, and submitting my package review request. It was intimidating at first to jump into the community like this, but once I did, I was amazed at how quickly people responded and how things started to just “happen” at the smallest nudge.

Anywho, that’s it for my .4 release.

Stephen

EDIT: *!@$ blogger removing blank lines! >:( Stop that! /me adds explicit html line breaks…

Networking in FreeBSD with virtualbox

This morning I was experimenting with FreeBSD 7 in virtualbox, trying to get more things working, but I was having trouble getting networking to work. It seemed like everything was set up correctly, and it *should* have been working, but for some reason it just wasn’t. Using the default setting for the network interface (connect to NAT), I wasn’t able to get an IP address using DHCP, meaning the guest could not connect to the host. I search for a little while, and I came across this forum post that indicated a specific problem with FreeBSD and virtualbox. It turns out that FreeBSD has issues with the default type of network card emulation used. Specifically, you need to use the Am79C970A driver instead of the default Am79C973. Fortunately, this is a lot less complicated to fix than it sounds:

In the above screenshot (Open the image in a new tab to see a bigger version) , notice the field in the network configuration called “adapter type”. This is the thing that you need to set. The one you want should be the first in the list. For me, the 2nd option was set by default, but some of my classmates say that this option was set correctly for them. Perhaps this is fixed in the newer version of virtualbox?

At any rate, if you set up your network device like mine is in the screenshot, then the guest should be able to connect to the outside world via virtualbox’s internal NAT, simplifying things a bit. Of course, if you choose to connect to a host interface or something else, you still need to make sure this is set correctly or else IT WILL NOT WORK.

HOWTO: passwordless ssh login

Recently I has to do some work by sshing into Seneca’s matrix server, and I thought to myself: there has got to be a quicker way to do this. Every time I wanted to ssh, I had to type out

ssh scarter4@matrix.senecac.on.ca 

…and then wait, and then enter your password… and then wait…. and finally I log in.

Now, it gets a little tiresome to keep on typing all that out all the time. So like a good Linux sysadmin (read: lazy), I wanted to automate this as much as possible. My end result was this:

C:\home\evets>matrix
Last login: Tue Jan 27 09:23:29 2009 from net1.senecac.on.ca
Have a lot of fun...
scarter4@matrix:~>

(Yes, my command prompt is like dos. No, I’m not actually running dos; It really is Linux.)

So how did I accomplish this magic? read on…

Part 1: Passwordless ssh login
The first part of this trick is to get rid of that annoying password prompt. I did some digging on this, and I found that ssh can in fact be set up to use a private/public key pair instead of a password to authenticate. That way, the machines can automatically authenticate without the need for user input

So first, we need to go to the client machine, the one we are trying to run ssh from. On this computer, we generate a key pair to use with ssh with the command

ssh-keygen -t rsa 

This command will ask you a bunch of questions, and then set up a key pair for you. The important thing here is that when it asks for a passphrase to use the key, leave it blank. That way, you won’t have to type in a passphrase instead of your password (which kind of defeats the purpose). Note that this IS inherently less secure, but not completly. Remember that you need to have you private key in order to authenticate, so only someone who is using your computer and is logged in as you will be able to use the private key to authenticate. Putting a passphrase on the key means that whenever you use your private key, it will ask you to authenticate and make sure that you’re really you.

so, anywho, once you’ve done that, you should have a nice new shiny key pair stored in “~/.ssh/” yaaaay. Now what? Well, in order to use your key to authenticate, the server you’re trying to connect to needs to have your public key. Use the following command to give the key to your server:

ssh-copy-id -i ~/.ssh/id_rsa.pub username@mystery 

The server you’re connecting to will ask you for your password one last time, and then the “ssh-copy-id” command will magically take care of the rest, copying the files to the right spot on the server, setting permissions, and whatnot.

Done! Now try sshing to the server. It should work without asking you for a password.

(If you’re still confused about this, here’s the article that I found that explained it for me:
http://www.debian-administration.org/articles/152)

Part 2: Bash Aliases
So that automates the password, but at this point, I still have to type out “ssh scarter4@matrix.senecac.on.ca” every single time I want to ssh to matrix. How do we shorten that up? Very easily.

In your home directory, there is a file called .bashrc (or if it doesn’t exist yet you can create it), and whatever you put in this file will be run every time you log in. This configuration file can be used for lots of things, but one common use is to use it to set up aliases. Here’s what’s in my .bashrc file:

PS1='C:${PWD//\//\\\}>'
alias ls='ls -hF --color'
alias ll='ls -l'
alias cds='cd ~/storage'
alias nano='nano -i -k -m -c'
alias matrix='ssh scarter4@matrix.senecac.on.ca'

(That first line is what makes my bash prompt look like dos)

Here I’ve defined a bunch of aliases, which are short little commands that you can run instead of a big long command. Essentially, it is a way to create custom commands. So for instance, every time I want to run ls, it actually runs “ls -hF –color” which adds color formatting to ls. I find it easier to read, but I don’t want to type out “ls -hF –color every time! That last line however, means that I can just type “matrix”, and bash will expand that to the full ssh command, which will then log in without the password because that was set up beforehand. You can actually use whatever you want for the alias name. Pick something that is easy to remember for you, and is easy to type! If you wanted, you could even set the alias to MICROSOFTISAWESOME, and then everytime you type in MICROSOFTISAWESOME it would run whatever you put in quotes after the = .

So, the end result: I type “matrix”, and I log in to matrix. Easy as that. I hope this helps some people.

Python guess game

So today in class we were doing python, and the assignment was to create a simple python game where you have to guess a number between 1 and 100. Once we started talking about it, my mind was hooked, and I couldn’t stop until I wrote my own version, so here it is…

#!/usr/bin/python
# By Stephen Carter

import random

class number:
 def __init__(self):
  self.rand=random.randrange(1,100)

 def testInt(self, num):
  try:
   int(num)
   return False
  except:
   return True

 def testRange(self, num):
  if 1 <= int(num) = self.rand:
   return False
  else:
   return True

 def tooHigh(self, num):
  if int(num) ")
 else:
  guess = raw_input("~->") 

 if guess == "cheat":
  print x.rand
  cheater = True
  continue
 if x.testInt(guess):
  print "That's not even an integer!"
  continue
 elif x.testRange(guess):
  print "Value out of range!"
  continue
 elif x.tooLow(guess):
  print "Too low."
  guessNum += 1
  continue
 elif x.tooHigh(guess):
  print "Too high."
  guessNum += 1
  continue
 else:
  print "Correct!"
  guessNum += 1
  break
 print "You should never be seeing this message! Something has gone horribly, horribly wrong!" 

print "It took you",guessNum,"tries to get it right."
if guessNum <= 10:
 if cheater == True:
  print "You won but you cheated. Shame on you!"
 else:
  print "Good Job! You win!  "
else :
 print "ERROR: Too many tries. (a)bort, (r)etry, (f)ail?f"
 print "ERROR: Epic Fail."

As you may have noticed, this example is object-oriented. It makes a number object, assignes it a random number, and then the number object has a bunch of functions to test various things, like whether the input number is less than itself. This is slightly different than the way other people in the class did it.

0.2 release

I have a working font RPM! hooray! For a while I was really stuck on this, since I was confused about a couple of basic things with the process of building an RPM. So a few days ago I went to visit Chris Tyler and ask for help. With his help, we soon managed to create a spec file, and build an rpm, answering my questions along the way. For instance, I didn’t realize that fonts could have source code, let alone be compiled. I thought I would be making binary RPMs, but I was mistaken about that. Once I got the process cleared up things made a lot more sense. Using the source code and a program called fontforge, a font can be compiled from source and turned into a source RPM. Using the template .spec file for fonts, there wasn’t much to add, although a couple of issues took a little bit of time to figure out:

• I wasn’t sure what the license for the fonts was called exactly, so I made up a title – “MGopen font license. I expected rpmlint to complain about the license, but it didn’t so I must’ve gotten a lucky guess. However, this will certainly be a potential roadblock when I go to get this package submitted to Fedora.
• fontforge had to be listed as a buildrequires, since it is used to compile the font from source.
• The prep section was fairly complicated, since it needed a couple wierd parameters for the two files to be properly unzipped and handled correctly.
• Chris suggested a neat little for loop in the build section. Technically, it’s more lines of code than simply running the command twice, but I like it better with the loop. It’s cooler.

…and those were the main things to figure out. The rest was easy. The next step is going to be getting plugged in to the fonts mailing list, as well as get the process going for submitting the package for review.

Release 0.1 (delayed post)

EDIT: The follow post was written several weeks ago, but never posted. I hit “save post” instead of publish post. >.<

So for my LUX project, I originally started out to do a port of Ubuntu’s apport bug reporting tool to Fedora. This was all fine and well, until a few days ago, when I discovered that according to a mailing list discussion, the fedora people decided to go with a different solution for bug reporting, rather than use apprort. So, the weekend before my .1 release, here I am stuck with an obsolete project. I went and talked to my prof, and thankfully, was able to get it changed, since I had no idea what to do next with that. Instead, I picked a project that I hope will be a little more manageable: font packaging. Why is this project important? Well, there are free fonts out there that are innaccessable to most fedora users, because they have no way to install them easily. By packaging them up, it will allow people to simply type “yum install ” and it will be installed for them! It also will give me a chance to dig into RPM packaging, as well as go through the process for submitting a package for review. I know, it’s not the most glamorous project ever, but it’s manageable, it will get me involved in the fedora community, and I’m looking forward to it.

For my.1 release, I managed to hack away a bit on the .spec file for my first font package, starting with a template provided on the fedora wiki. Although it’s far from complete, it’s a start.