Page 15 of 28
Automated Encrypted Backups via SSH
This is a hack of the script rsnaptar
included with the rsnapshot distribution. In short, it takes a few rsnapshot directories, runs them through tar
, gzip
and gpg
finally depositing the results on another machine. I wrote this so that I could grab the backups from a server at work and routinely toss them onto a DVD that I take home with me. It’s a bad idea to be walking around with all of the company’s source code, hence the GPG. The magic all happens on one line which runs tar
, piping the output to ssh
which runs gzip
reading from stdin on the remote machine then on to gpg
dumping its output wherever you want.
#!/bin/sh SNAPSHOT_DIR="/data/backups/tarback" DEST_LOCATION="/home/stephensdg/Desktop/backups" USER=stephensdg HOST=10.32.193.100 ID_FILE=/home/stephensdg/.ssh/id_dsa GPG_HOME=/home/stephensdg/.gnupg LS="/bin/ls" TAR="/bin/tar" CAT="/bin/cat" CHMOD="/bin/chmod" CHOWN="/bin/chown" MKDIR="/bin/mkdir" SSH="/usr/bin/ssh" cd ${SNAPSHOT_DIR} for BACKUP_POINT in `${LS} ${SNAPSHOT_DIR}`; do ${TAR} -chf - ${BACKUP_POINT}/ | ${SSH} -i ${ID_FILE} ${USER}@${HOST} \ "gzip - | gpg --homedir ${GPG_HOME} -e -r Drew > \ ${DEST_LOCATION}/${BACKUP_POINT}.tar.gz.gpg" done
NetBank Failure
It’s not every day that you hear about a bank failure. Prior to NetBank’s failure on Friday, the last was in February and that was the first in two and a half years. Thanks to the Federal Deposit Insurance Corporation (not to be confused with The Fed), the impact of a bank’s dissolution doesn’t have much effect on its customers. As detailed in the above-linked FDIC page on the NetBank failure, ING Direct will take over the accounts of NetBank and anyone with deposits less than the FDIC insurance limit won’t suffer any loss at all. Those with uninsured deposits (the amount exceeding $100,000) can only expect to see half of that amount:
Due to the projected sale of assets of the former bank, the FDIC is in the position to provide each uninsured depositor with an dividend equal to 50% of your uninsured amount. These funds will be deposited directly into your account net of your uninsured portion.
The lesson? This isn’t the depression, but bank failures still happen. If you keep your deposits under the FDIC limit then it’s very much a non-issue; if you exceed those limits, you could sustain significant losses. When Metrobank failed last February those with more than $100k at the bank got lucky because the FDIC was able to cover the relatively small amount of exceeding assets fully. In the case of NetBank, the amount of uninsured assets are great enough that the FDIC isn’t doing that again.
You're tuned into Perfecto Radio, New York City, Miami, Los Angeles
One of the rotating taglines in the subtitle of this website is the line that is the title of this post: “You’re tuned into Perfecto Radio, New York City, Miami, Los Angeles” A few weeks ago, I receive and email from someone wondering which Paul Oakenfold record it comes from, because my link simply pointed to the Wikipedia page for Perfecto Records; apparently my site is the only hit on Google when you search for that phrase. For the life of me, I couldn’t remember, nor was I able to find it in a cursory search of my Oakenfold albums, which I informed the questioner. I recently got a response and it turns out the line is at the beginning of the Chilled Eskimo’s Take Me Away on Oakenfold’s Perfecto Presents Another World. Now this answer is forever recorded on the internet for all to know.
Just listening to this album again and at the end of Tatoine’s Music a similar phrase is said, “You’re tuned into Perfecto Radio, Chicago, Detroit, Seattle.”
Bad Input Handling on The Web
I came across this on the Verizon billing page today when entering my account number:
I don’t know why they print all that extra jazz on either side of the account number, there’s probably a good reason, but why tell me that I should exclude some of it, particularly when the entire thing is labeled “Account Number”? Is it really beyond their abilities to cut 6 characters off the beginning and 2 off the end of my input? Beyond that, if they want to use the inner subset of numbers as the account number, could it at least be labeled properly on the bill?
This reminded me of nonsense from the Arlington County Library page:
Their web application ought to prepend “2020” to what I enter; the user simply shouldn’t be bothered with this.
Great Chefs
If you watch a lot of Iron Chef, like I do, then this is quite funny:
[youtube]QdroyuTXYRU[/youtube]
VPN Disconnects due to Altered Routing Table
I was having trouble with my Nortel Contivity VPN client disconnecting giving an error message, “The routing table cannot be altered after the Contivity VPN Connection has been established. The Contivity VPN Connection has been Closed.” This would happen after 10-20 minutes of being connected and would cause all of my SSH sessions to drop, which made it hard to get work done. After some searching, I found the solution to my problem, a simple registry addition. I added the DWORD named “PerformRouterDiscovery” with the value 0 to the key "HKEY_LOCAL_MACHINE_SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"
. After rebooting, the VPN works without the random disconnects. Download this .reg file and run it to add the aforementioned key.
Changing the Physical Interface for a VMware Bridged Interface
I use VMware to run a virtual Windows machine for my company’s VPN and the occasional game of Starcraft. When I moved and switch from a wired network to wireless, the device with which I connect to the internet changed from good old eth0
to the new-fangled ath0
. VMware was setup to tie its virtual interface for bridged networking to eth0
. Since eth0
no longer has a network connection, the virtual machine lost the internet as well. To fix this, I had to open /etc/vmware/locations
and change the reference to eth0
to ath0
. The virtual interface that I use is vmnet0
so the line in the file referenced VNET_0_INTERFACE
. Simply changing that line and restarting the VMware backend (/etc/init.d/vmware restart
) fixed everything.
EXMAP on Ubuntu
EXMAP is a shared memory analysis utility that makes it easy to determine exactly how much memory a process is using. Unlike top
, which counts all memory shared amongst programs toward each of those programs, EXMAP gives three numbers most notable of which is “Effective Resident” memory usage. This number is the amount of memory mapped directly by a process, plus a portion of any shared memory pools it is part of, that is, the program is only counted as using an equal portion of shared memory as all other processes that are sharing the same.
On my system, both Gaim (Pidgin my foot) and Evolution are using aspell. In top, they are both responsible for libaspell.so in its entirety, contributing 672K to each of their displayed memory usage. EXMAP puts 338K towards Gaim and 334K to Evolution, a much more accurate tally, since only a single instance of libaspell is actually in memory, shared by the two other processes. From my quick testing, it seems that subsequent users of shared memory take the larger share, 4K more in Gaim’s case, since I started it after Evolution. If I close Gaim, Evolution is then credited with the entire 632K of memory that libaspell occupies.
So, on to installing EXMAP which certainly isn’t hard, but requires a kernel module which makes it non-trivial. First, use apt-get
(or really, it’s better replacement aptitude
) to install EXMAP, the required kernel module source and the stuff you’ll need to build said module:
sudo -i aptitude install linux-headers-$(uname -r) aptitude install module-assistant build-essential aptitude install exmap exmap-modules-source
Then, build the EXMAP module:
module-assistant prepare module-assistant update module-assistant build exmap module-assistant install exmap depmod modprobe exmap echo exmap >> /etc/modules
module-assistant
automatically compiles and installs the module against the kernel headers that aptitude
installed in the previous block and depmod
calculates the dependencies amongst all modules, including the new EXMAP one. modprobe
installs the new module into the kernel and adding its name to /etc/modules
ensures that it will be ready next time your system restarts as well. Once all that is done, you can run gexmap
.
SSH Tunnels for Quick, Secure Net Access
An SSH tunnel is a great way to quickly setup a secure method for browsing the web from an unsecure location, such as a public wireless network. All you need is a machine running an SSH server. I setup a tunnel from my Mac OS X laptop using the following command:
ssh -C -D 7070 dinomite.net
This sets up a tunnel, locally accessible on the laptop on port 7070 (-D 7070
), that sends any traffic through the encrypted and compressed (-C
) SSH stream to the server, where it is spit out onto the net as normal. To use this tunnel, I simply instruct Firefox to connect via a SOCKS proxy on port 7070:
Many other applications, such as Adium, support SOCKS proxies and can be set up in a similar way to send their traffic to port 7070 and take advantage of an SSH tunnel.
Linksys WUSB54G in Ubuntu
Since we’re going all-wireless in my new house, I had to setup my Ubuntu machine with a wireless card. All of the slots on the computer are filled, so I grabbed a Linksys WUSB54G USB (hence the model number) adapter. Installing it required some terminal work, unusual for Ubuntu. This thread gives a somewhat cryptic outline of the steps required to get the card working and following them requires a bit of Linux experience. For the unexperienced, read on.
After plugging the card in on my Feisty machine, it came up in the network manager (System > Administration > Network) but wouldn’t connect to any networks, be they open or encrypted, G or B, nothing. So I retreated to the interwebs and found that ndiswrapper was the solution to my problems. To begin, install ndiswrapper-utils-1.9
:
~$ sudo aptitude install ndiswrapper-utils-1.9
Then, download the latest driver from the Linksys site, unzip it and find the WUSB54Gv4 directory under the Drivers directory. Run ndiswrapper -v
and check to make sure there aren’t any errors. Then, install the new Linksys driver.
~$ sudo ndiswrapper -i rt2500usb.inf utils version: 1.9 driver version: 1.38 vermagic: 2.6.20-16-generic SMP mod_unload 586 ~$ sudo depmod -a ~$ sudo modprobe ndiswrapper ~$ sudo ndiswrapper -m
You have to blacklist the standard kernel driver so that it won’t override the ndiswrapper
driver. To do so, add the following to the end of /etc/modprobe.d/blacklist
:
# WUSB54G driver blacklist rt2570
Then, restart your machine and you should be able to configure wireless using the Gnome GUI tools.