Three more tips - use keybindings, scripts and SSH without passwords

29 April 2008

In this post I look at how to use readline keybindings that are useful in many contexts. I then look at how to SSH without passwords. Lastly, I talk about making a script directory in your home directory so you can quickly add new scripts to your system path.

22 March 2008

Happy Easter everyone, I don't have enough chocolate eggs for you all, so instead, here are five tips.

20 March 2008

Imagine we want to have some files, where one group of users can read and write to them them, while another group of users can only read them. How do we achieve this using basic Unix permissions?

07 September 2007

*A key signing party can be an event of its own, or it might be at a user group meeting, or at a conference, or at a workplace. The idea is to increase the 'web of trust' and thus strengthen the system as a whole, as well as making your own key more trusted. Alex Willmer explains what you need to do to participate in a key signing party, using GNU Privacy Guard. *

System Message: WARNING/2 (<string>, line 1); backlink

Inline emphasis start-string without end-string.

05 September 2007

I have an office-style chair next to my desk, it has five little wheels at the bottom. I was sitting in it today and heard a gentle crunch noise coming from somewhere. It turned out that I had accidentally ran over a DVD and cracked it.

I had recently bought a small pile of new DVDs, and they were sitting on my desk in their shrink-wrap. The cracked DVD made me decide to keep backups, so I started with them. I am using the dvdbackup utility. The idea is not to rip the DVD to a MPEG or whatever but to backup the whole DVD to disk, the resulting files can be burned back to a new DVD with mkisofs if I get another broken DVD.

31 August 2007

In this post I talk about how to use your digital camera at the command line,

07 August 2007

I just read a long and heart-wrenching story about Mark Felder, a Gentoo Linux user whose long-time live-in girlfriend successively cheated on him with someone she caught with from a school reunion. The proof was in ~/.bash_history.

25 July 2007

Command-line browsing is not always the best approach; e.g. for flickr or a webcomic, it is the wrong approach of course.

However, for most things command line browsing works well. The system requirements are very low indeed. It is fast and secure; web pages have a consistent look and there are no flashing adverts, pop up windows or other web annoyances.

22 July 2007

A lot of free software type people and events are starting to use the Ogg Theora format when putting their videos online. However, I personally often like to listen to podcasts when my eyes are busy but my ears are free. Ditching the video, i.e. the ability to see the person standing there itching themselves, is often not a great loss.

So if you download a video in Ogg Theora format, you should be able to stick it on your rockbox or other portable ogg player and listen to it on the go. However, that is a significant waste of space on your limited flash drive. A more sensible approach is to strip out the sound only and get a smaller file.

16 July 2007

This weekend I tried to go the whole time without any caffeine drinks, a feat that I would not recommend. Needless to say, I am very much looking forward to my cup of tea tomorrow morning. I am too sleepy to write a diatribe today, so here are three commands I have used recently.

01 July 2007

In the last post, I was responding to a question from a commenter called Gregory, however before his question he gave an interesting disclaimer:

> The trouble is that beyond knowing what a path is and a dozen or so DOS commands I have little actual knowledge of command code symbology and syntax for any OS, let alone something like Linux.

17 April 2007

As mentioned in yesterday's post, I am putting some of my more structured notes online as cheatsheets. The first obvious candidates for cheatsheets are the computer programs that I use and their keybindings. So here is my cheatsheet page.

The first two cheatsheets are for Mutt and Emacs. I have been using these cheatsheets myself for a few weeks, so hopefully I have ironed out most major mistakes, so feel free to use them and feed back any problems or missing commands. I will update them over time as I use them, and publish new ones on different topics. I have released them under the General Public Licence, so feel to print them, share them, modify them and so on.

25 March 2007

Guide to Emacs Key-bindings

The normal Emacs convention is that Control is represented by the large C. The small c is the 'c key', i.e. the third letter of the alphabet. So C-y means to press Control and the 'y key' at the same time.

25 March 2007

Last time we looked how to get Emacs. Before you get bogged down in information, open Emacs and type into the box. See how far you can get without reading anything.

Emacs and Emacsen

24 March 2007

Although I have mentioned it in passing, I cannot believe I have got this far without covering Emacs, I covered Nano and Vim two years ago!

Emacs is the one of the two main text editors that I use daily, (gedit being the other one). I do everything in plain text when possible, only going to a Word Processor if I need footnotes or something.

23 March 2007

This series is about Emacs, one of the major text editors in use today, and for the last 30 years!

06 March 2007

I am a big fan of abstracting everything, and having computers do as much as possible for me. Steve Long has been working with bash and emerge and has come up with a little program called igli-update.

This script is a bash wrapper for emerge that aims to make it more convenient to keep your Gentoo Linux system up to date, and is especially useful at helping you survive long emerges as it will keep retrying failed packages until there are none left that will compile. It will then create a list of failed packages at the end. It also attempts to consider GCC upgrades as well as filtering emerge output to only show the more useful information.

06 March 2007

html2text is a little command-line program that is available in many Linux distros including Gentoo and Ubuntu. As you might expect, it converts HTML to txt format.

To convert an html file to text, you can use:

04 March 2007

Last time we looked at what IRC is and why you might like to use it. Now we get a bit more practical.

How does IRC work?

03 March 2007

For some of you, IRC will be a given as you will have been using it for decades. For some others of you, it will seem completely alien, especially if you are only used to MSN Messenger.

IRC stands for Internet Relay Chat. It is a useful form of communication, and very mature, being around far longer than the newer one-to-one 'messenger' type programs. Unlike these, IRC has a chat-room concept, where a group can talk together. There are also no animated smileys or fancy graphics of flying monkeys.

Older

About

Hello, my name is Zeth, I'll be your host here.

Command Line Warriors is about taking control of your own technology, it looks at our experiences of computing; especially using GNU/Linux, the Python programming language, the command-line and issues such as techno-ethics, best practices and whatever is cool now. If you take control of your technology then you are a Warrior too!

This site is your site too which means that you can contribute and get involved. You can leave comments using the facility provided. For me, the comments and discussions are by far the best part of the site. So please do have your say!

Latest Discussions

Zeth

May 16, 2008
To Anonymous, I tried your script with some old SSH keys and it did not manage to break into an apparently vulnerable system. 1. The script requires a known username. My system did not allow root logins. 2. After failed three logins, the script's IP address got added to deny hosts.
→ Swap out your ssh keys

Zeth

May 16, 2008
To Anonymous, I said to do three things: 1. Accept the update. 2. Replace your keys. 3. Don't *have a panic attack about it.* And I still stand by that. Most non-technical users won't even be using openssh-server. While the update, blacklists and instructions on how to regenerate comes down automatically for those that do. Indeed, I think this episode shows how fast the free/open source community can move. Everytime the open source software has a panic attack over an in-theory, technically possible, but not actually being used, 'exploit', then proprietary software people say "Look their software is no better, it is just as insecure as ours". However, that is not true. There is a range of exploits, from theoretically possible with some serious preparation and knowledge about the target system, through to automated attacks that will work against any machine without the need for knowledge about it.
→ Swap out your ssh keys

Anonymous

May 15, 2008
Like stefano says, you are being VERY irresponsible by downplaying this as only "theoretically possible with a supercomputer". Linked on the page stefano mentioned is this: http://milw0rm.com/exploits/5622 That will break into your computer in a couple hours is you're using public-key logins, which are considered the safest kind, and are used on many, many machines that are supposed to be extra secure. This is a horrible, horrible problem, and dismissing it does nobody any favours. I'd really suggest you re-write this article to accurately portray how serious the problem is.
→ Swap out your ssh keys

Ryan

May 15, 2008
Yeah, good layout too. Very clear. :) Better than the last, in fact! I'm another python/django nerd, so I'll be listening even more now. I guess one of the things that's inspiring about Django is they're concerned pretty hardcore with security fixes. Just this week, an email came out and they released new sub-versions for each major Django release to include the fix. Very awesome. For your blog post model, what did you do for entering posts? Do you still use the default admin interface, or did you make your own views for posting and whatnot? I haven't looked into it much, but does django automatically include much in the way of wysiwyg text editors for text fields?
→ How not to program WSGI

stefano

May 15, 2008
Apparently the bug makes a brute-force attack much easier than "theoretically possible with a supercomputer". http://metasploit.com/users/hdm/tools/debian-openssl/ It looks that the buggy code used the process ID as seed for generating the key, and there might only be 32,768 process IDs. Furthermore not all process ID are equally possible and one could use a range of 1000-3000 seeds and having a very high chance of producing a valid key.
→ Swap out your ssh keys

Bug

May 15, 2008
@txwikinger: Thing is, I don't use Ubuntu and I can't remember where did I generate my key [I'm using Archlinux]. @Zeth: You should add the number of comments to the front page.
→ Swap out your ssh keys

Kennon

May 15, 2008
The openssh-blacklist debian package (now available, and required for the latest version of openssh-client and openssh-server) is now available. You should: apt-get update apt-get install openssh-blacklist apt-get upgrade After that you'll have the ssh-vulnkey utility and can check.
→ Swap out your ssh keys

Krispy

May 15, 2008
mkc: debian only provided blacklists for 2048 bit RSA keys and 1024 bit DSA keys. If your key isn't one of those two types, then the blacklist isn't provided in the package. You can download one here: http://metasploit.com/users/hdm/tools/debian-openssl/ but it is nearly 100MB
→ Swap out your ssh keys

Ed

May 15, 2008
@Cristian: it applies to keys. If you generated a key on Ubuntu and then put it in authorized_keys on Fedora, it's possible that someone could brute force their way in to the Fedora server.
→ Swap out your ssh keys

Cristian

May 14, 2008
This vulnerability only applies to ssh servers, right? Aren't they the ones that generate the keys? So if my client is Ubuntu and the server is Fedora everything's okay?
→ Swap out your ssh keys

Taking Control of your Own Technology

29 April 2008

22 March 2008

20 March 2008

07 September 2007

05 September 2007

31 August 2007

07 August 2007

25 July 2007

22 July 2007

16 July 2007

01 July 2007

17 April 2007

25 March 2007

25 March 2007

24 March 2007

23 March 2007

06 March 2007

06 March 2007

04 March 2007

03 March 2007

About

Hello, my name is Zeth, I'll be your host here.

Latest Discussions

Zeth

Zeth

Anonymous

Ryan

stefano

Bug

Kennon

Krispy

Ed

Cristian