Git and signing

I’m now using git heavily for configuration management and wanted to sign my objects. There were no complete guides out there that I found so here is the list of instructions that I finally arrived at:

  1. If you have a key that you are already using to sign things (email, code, whatever) then you can skip to item 4. If not, then decide on an name, email and pass phrase that you will use to sign your code.
  2. Create a key pair based on the name, email and pass phrase that you chose,. You can do this using gpg2 --gen-key. The program is interactive and very easy to use. The program comes with the gnupg2 package on Ubuntu or Debian. The keys are generated in ~/.gnupg. If you want to see that everything went well the you can list all keys using gpg2 --list-public-keys.
  3. Configure git to use your email. This usually involves editing your git configuration file at ~/.gitconfig and setting the email config option under the user section to your email.
  4. Sign your change when you commit or tag it. If you commit then use “git -s commit”. If you tag then use “git tag -s -m ‘commit message’ [tagname]“.

Grep is broken – use perl instead

In the course of running various grep(1) combination to find various defects in source files I ran into inherent grep(1) difficulties. It seems that the regular expression syntax in grep(1) is very limited and so it’s better to use perl to solve these issues as it’s regular expression support is fantastic. A small script can solve all your grepping needs. So here it is. Please comment with fixes and I’ll incorporate them if you want to add features.

#!/usr/bin/perl -w
 
# This is a general script to grep using perl to overcome some of the deficiencies
# of grep(1) grepping...
 
use strict;
use diagnostics;
 
my($pattern)=$ARGV[0];
my($debug)=0;
my($print_filename)=1;
 
for(my($i)=1;$i<@ARGV;$i++) {
        my($filename)=$ARGV[$i];
        if($debug) {
                print "filename is [$filename]\n";
        }
        open(FILE,$filename) || die "Can't open file [$filename]: $!";
        my($line);
        while($line=<FILE>) {
                if($line=~$pattern) {
                        if($print_filename) {
                                print $filename.": ";
                        }
                        print $line;
                }
        }
        close(FILE) || die("unable to close file [$filename]: $!");
}

WordPress and UNIX security

Here is what I found the hard way. Sometime you want WordPress to install plugins, themes and all and do not want to pass through an ssh or ftp connection in order to achieve this. Maybe you have your own machine and do not want to run or configure an ssh or ftp server (which is my situation). In that case you can choose to either install plugins and themes by hand (just unzip them to $WORDPRESS/wp-content/[plugins|themes]) or you can give wordpress permissions so it can do it for you. The disadvantage of giving WordPress permissions is ofcourse security since any one hacking into your server could have write access to the wordpress files themselves. In order to avoid this you can keep all your wordpress files owned as root.root (maximum security) and only change permissions for the duration of the installation of the plugin or theme.

Here is how to do this for a completely safe install:


    Turn off your world access to your web server. This can be done by bringing down your external network link by ifdown eth0. This step is only necessary if you are a security freak.
    chown -R [webuser].[webgroup] [wordpress]/wp-content/{plugins,themes}. Substitute webuser and webgroup for your web servers user and group. These are usually www-data on Debian based systems or could be gotten from ps -ef.
    Now perform your installation of plugins or themes from the local machine or from a remote machine if you have not followed the security step above.
    chown -R root.root [wordpress]/wp-content/{plugins,themes}. This will clamp down on security once again.

Please note that some weird WordPress plugins write to the web folder due to their regular operation. If you have such plugins and are worried about security then I urge you to dump them and find substitute plugins. If you cannot dump them then you probably cannot use any sane security practice for your blog.

Firefox favicon cache is over caching

I’ve recently tried setting some sites icon to appear as the small icon you see at the tab you are browsing it. This icon is called favicon.ico and is located in your servers root directory which resides in /var/www on standard systems. When changing this icon and reloading the page in Chrome the icon got updated promptly. No such luck with Firefox. The only way I found to do it is to go to the Firefox cache which is at ~/.mozilla/firefox/[some instance of firefox]/Cache and remove the icon. The problem is that the cache folder shows files whose names are hash keys of the cache which means that you need to find the file. Usually something like file * | grep icon can help. If you know the exact size of the icon you are looking for this could help also or if you have the actual icon file you are trying to erase from the cache you can just explicitly run a search for it using cmp(1).

Addendum: A much easier way is just to point your browser at the favicon URL which should update it’s cache just for this URL. In Firefox this worked even without browser restart.
In addition to all of the above in Firefox the bookmarks tool bar could show a different favicon than the tab. For this you can install “Bookmark Favicon Changer” as an extension and set the icon yourself.

Purging unneeded packages on a debian system

If you want to remove all packages which are in the “rc” state (means that the package was already removed but only it’s configuration remained) you can use the following command as administrator:

dpkg --purge `dpkg --list | grep "^rc" | tr -s " " | cut -d " " -f 2`

Take care to save configuration files that you need before issuing it.

Dropbox is better than Ubuntu one even in Ubuntu

I’m using both DropBox and Ubuntu one services in my desktop and laptop machines and I find dropbox much superior. Here are the reasons why:

  1. You can get ridd of dropbox (just dpkg --remove it).
  2. Installation is very easy (apt-get install).
  3. It is very clear that dropbox is running (via the tray icon).
  4. The tray icon has all the functionality you want via the UI.
  5. The command line tool dropbox(1) is even better than the UI since you can check if the upload has finished or not, turn dropbox on and off and even configure if dropbox is started automatically at login time.
  6. Unlike ubuntu one dropbox does not seem to want to sync my bookmarks, contacts and more and certainly does not urge me to do that by DEFAULT which could lead to security issues.
  7. File syncing is just an application and as such should not be a part of the system administration menu as the guys in ubuntu seem to have been forced to implement by pressure from their management. Why not put backgammon score keeping in the sys admin menu too ?

These are also the reasons why I keep my most important files in dropbox and not ubuntu one. Ubuntu really need to do a lot more integration work to make me prefer them to Dropbox. Go Dropbox.

Blog upgrade to wordpress 3.0

I just upgraded the blog to the new 3.0 release. The upgrade is quite easy so there is no reason to fear it. The real reason for my upgrade is the multi site feature (I want to open another blog in Hebrew). The multi site feature is quite cool and allows you to have as many blogs as you wish or give blogs out to your friends and serve as their administrator. Check it out in wp3.0.

Converting videos to xvid on Linux

I wanted to convert some video files on my Linux system to the xvid codec so that I could see them on my PS3. The solution I found was using the mencoder package.

#!/bin/bash
 
# this script converts videos given to it to the xvid codec, IN PLACE,
# this means it replaces the original files...
 
for x in "$@"; do
    echo "$x"
    y="$x.tmp"
    mencoder "$x" -ovc xvid -oac copy -xvidencopts fixed_quant=4 -o "$y"
    ret=$?
    if [[ $ret -eq 0 ]]; then
        mv "$y" "$x"
        ret=$?
        if [[ $ret -ne 0 ]]; then
            echo "problem moving file $x"
            break
        fi
    else
        echo "problem converting file $x"
        break
    fi
done

Finding thread info on Solaris

As part of a crusade to find bugs in a C++ program running on a Solaris system I needed to find out information about all the threads belonging to a certain process.

The program is written the way it is because you rarely need thread info about all threads running in a system but rather threads limited to a certain process. A different way to get this info is through the /proc file system but unfortunately (or fortunately ?!?) files in this Solaris file system usually have binary content as opposed to the textual content that one usually finds on a Linux system.

#!/usr/bin/perl -w
 
# Give this script the name of a process and it will show you thread
# infomation about your process...
 
 
use strict;
use diagnostics;
 
 
if(@ARGV<1) {
    die("usage myps.pl [process names...]");
}
 
 
for(my($p)=0;$p<@ARGV;$p++) {
    my($pname)=$ARGV[$p];
    print "showing diagnostics information for process $pname\n";
 
 
    # first lets find out the pid of the process
    my($pid)=`pgrep $pname`;
    chop($pid);
    print "The process id of the process is $pid\n";
 
 
    # now lets print all the thread info for that process...
    my(@lines)=`ps -eL`;
    for(my($i)=0;$i<@lines;$i++) {
        my($line)=$lines[$i];
        my(@fields)=split(" ",$line);
        if($fields[0] eq $pid) {
            print $line;
            #print(join('-',@fields));
        }
    }
}

New blog set up

I have moved my blog from Google to my own machine. This is the new blog. I need to transfer all my old posts from my old machine. Hope you will like this one better than the old but this will assuredly give me more control over my data and the blogs look feel and features.