the UNIXgod

Web Adminning

So, I'm setting up email accounts for some new employees, and there's alot of new employees this time of year (1st quarter, yada yada you know). I *might* have accidently fatfingered a name in /etc/aliases (it might be one of the four people that routinely edit that file tho) for one of the new employees. OMG NOO!!! Not a new employee that's still in training!!! Whatever shall we do??? You didn't catch the mistake till 3 days after it was entered??? Heh, yeah...

The problem stems from an over controlling boss. The guy's never been laid, is at work at least 13 hours a day, and tries to do everyone's job himself. I hate it. He's the COO of my company, and he still does trouble tickets, makes changes to the java code, and insists that he be around for every tiny maintenance and jumps on every little site alert. You know the type. He's never around, because he's so busy at the other office, trying to run another company on top of all this. So, the end result is that when a little typo gets past me, he freaks out because I'm "wasting his time" or whatever. It's really sad. He's been my boss for a few months now, and already the tech department is all looking for new jobs. The lead software developer updates his resume daily, the head of the help desk is out on an interview now, and I'm updating my web page with how much I can't stand it.

So, I get this IM from him (because best practice says that yahoo instant messenger is the best way to conduct site design...):

Boss: So, there was a typo in the aliases file that caused some trouble in the sales department. I'm not sure if you or andrew that did it, but please be careful. I always try to triple check everything I type and read it out loud as I enter in the keys one at a time.

me: heh, ok, I'm pretty sure Andrew did the last changes, but I'll tell him to just let me do it from now on. It's no big deal.

Boss: So, I think a nice web interface to the aliases file could prevent those types of mistakes in the future. Maybe we should ask the swat guys when we have that meeting with them.

me: ok sounds great.


So....yeah. Where to begin..... Well, I'll start at the swat guys. They're a group of microsoft groupies that specialize in vmware testing for implementations. My boss has it in his head that somehow they're going to be able to suggest something for a new crazy email solution since ours is, well, dieing. The problem is that they're suggesting Exchange.

Now, I don't mind running an exchange server. I've done it before. It sucks, is terribly inflexible, expensive, and doesn't scale well (come and flame me M$ bitches!), but I don't mind it. The problem is three fold: 1) Because they run exchange, what makes you think they'd be able to suggest a web interface for a UNIX mailer? 2) What type of consulting would that be? It's a flat text file with 2 fields, alias: address,address,address,etc!!! Any monkey can write a perl script to parse it and write changes to it. 3) Because they're experts in Exchange, that doesn't mean they're an expert in unix mailers. I somehow can't get my boss to realize this, that microsoft exchange and sendmail/cyrus-imap are fundamentally different in many areas. I just don't get it. 4) This is the big killer, but relates to reason number 2. As far as I know (and if there's a GUI expert out there who would like to correct me, please do), but web interfaces do NOT take into account mistyping.

Now, what do I mean by that? It's simple, and it's the heart of this matter. If you put a web interface on this file, all you're doing is changing the interface that you alter the file. Right now, I use vi. If I mistype something, it doesn't matter what interface I'm using, I'm still going to mistype it. OK, so we can do some microsoft word crap, and have it switch letters around, capitalize some, and do some pretty formatting things. That's about the extent of it tho, and none of those are actually beneficial when it comes to the target project. So the end result is that he's gonna send a memo to the tech department, update our technology procedure database (which is in itself a marvelous idea since it holds things like "vi tips," George's contact info, etc), and make me use that damned interface for everything. No longer can I sed and grep the file, I have to do everything by hand. I can't trust my unix tool box, I have to use my infallible eyes and fingers, which incedently is what caused this whole fiasco to begin with.

Useless GUIs are what keep people in a computing tomb. They create people like my boss, force him to use crappy tools to do the simplest tasks, and make him think that his eyes and mind are a better choice of judgement than an md5sum Oh man, I gotta tell you about that one some day. Maybe I'll write a section called "md5sum vs ls: The useless debate". But simply put, why in Thompson's name would I want to write a web script to let me edit a file when I can edit the file easily as it is?

Reason 1) Well, maybe there could be one of those cool drop down menus, that lets you select one of the aliases, then shows you who's on it?
My reply: grep aliasname: /etc/aliases

Reason 2) It's easier to edit the file in a web page than it is in vi. There will be no more paul@juno.com:wq names.
My reply: bullshit, if you're a pansy, use nano. I installed it just for him. And grep :wq /etc/aliases returns nothing.

Reason 3) It will be easier to organize in a web page.
My reply: I can customize how I want to see it with awk, sed, echo, and grep.

Reason 4) Well not everyone knows how to use awk, sed, echo, and grep.
My reply: I do. If you don't know them, you shouldn't be on the box in the first place. You can hurt yourself.

Reason 5) Web pages make it easy to do searching. Just hit control F, and a little box will pop up and you type and hit enter and it selects it for you.
My reply: /

Reason 6) What's /?
My reply: See reply to question 2.

Reason 7) If vi was letting you edit the file just fine, why did you make the typo?
My reply: A web script would have done the same. I'm only human.

Reason 8) But it would be more organized and easily readable!!!!
My reply: It's /etc/aliases, it doesn't need even 1 inch margins or a single collumn of users belonging to an alias.

Reason 9) Well, it would be a nice feature that wouldn't take too long to code.
My reply: It's a useless program (see 1-8), not a feature. And this is going to have its own set of problems.

Reason 10) Well, we could certainly do this on the new mail server platform that we're talking to these Exchange experts about. I guess we could just integrate it into the new web based administration portal thing.
My reply: If you use exchange, web interfaces don't exist, and you won't have an aliases file like this one. If we stick with nix, we'd have to develop that web based administration portal thing, and it's going to suck, never be finished or supported, and never used because it's a pain in the ass to use a web interface.

Reason 11) I'm the COO and I want it.
My reply: I'll have it done as soon as I can.

How inconvenient will this be? Instead of a simple grep -e ^alias: -e name /etc/aliases, i'd have to do something silly with sed to grab line numbers starting at ^alias: and ending at the ^nextalias:, of course it would all henge on the colon(:) to tell sed what lines I'm referring to. Then I'd have to write sensless scripts just to search the file as well. On top of that, you need root privilges to edit that file, so we're looking at a sticky bit web script, a terribly TERRIBLY insecure apache setup, and no real way to authenticate well without adding in even more complexity to the code.

So, I guess that this turned out to be more of a rant on my boss than a rant on stupid GUIs. I can honestly say, that's not what I intended. But, you all have seen pointless, complex GUIs. You probably run it every day. It's called KDE, and there's still a cure out there for you. So, if you can manage to click your way to a web browser, open up google and search for "what is a text stream," or better yet, if you've even figured out how to use that terrible button at the lower left of your screen with all those arbitrary hierarchical pop-up windows with funny meaningless icons (I think it's called ktart menu or something equally as stupid), find your console and type man perl.

I Hate Kernel Debugging

It's true, I really do..... Mostly because nobody's doing it. Rarely do I run into a problem that general ad hoc problem solving can't solve. However, there's a box at work that is just not cooperating with me. So, I mentioned to my boss that you can do some kernel trapping with kprobes and systemtap. They should really rename it to spinaltap. Holy crap, I've never been so afraid of my machine.

So, this box was doing this crazy thing where it would go fine for a few days, then it would just lock up hard. No icmp, no anything. Then about 6 hours later it would "wake up." On the terminal would be all the "out of memory" messages and the stack page dump. So, I wanted to find out why on earth this box was dieing so hard. The problem is that I can't take the machine down for testing, as it is (of course) one of those irreplacable mission critical machines. Ugh++

So, I do some quick reading about kprobes and systemtap and get to it. My first script is a little something like this:

probe module("*").function("*")
{
if (target() == pid())
i++;
}

probe timer.jiffies(5000).randomize(100) { exit(); }

This is a pretty sickening little script if you think about it (hence the 5k jiffies time). Every loaded module and every function (on a default redhat kernel with many many useless modules loaded). Sooo, I give it the old stap -vk and let it run...... and run...... and run......... Eventually, it tells me that there's something like 60k probes, and wc -l tells me it's going to compile this 9 million line long automagically generated c file. This completely locks that box down. "Well," I think to myself, "It's Christmas weekend, we can take the performance hit." And everything's OK. So, while the damned thing is compiling, the box locks up. Oh, and btw, it's a machine check exception. So it turned out to be as simple as bad proc or ram all along. But I guess a few sleepless nights and a panic now and then aren't too bad.

I guess in the end, I'm still a fan of good old fashioned ad hoc troubleshooting. I like the relationship I have with my UNIXes. I give them something, they give me something back. They tell me where it hurts, and I can figure it out pretty quickly most of the time. I don't need 60,000 probes to tell me something's broken, I could have compiled a kernel and gotten the same answer. However, systemtap would be great for preventative code monitoring. Imagine that you could watch your app's system calls and see where it's going nuts. People who are trying this out keep referring to the top bug. You come to a box that's under tremendous load, and you run top. Top is the top process. So, instead of just saying, "stupid linux" and moving on, they now know exatcly why older versions of top have that quirk. This (in my opinion) could completely do away with long software testing problems, and maybe make things that we already have squeeky clean and super fast. I know I'd like that.

The biggest problem is that systemtap is so new and somewhat undocumented in the user community. I'm thinking that if systemtap ever gets to the sexiness that is dtrace, things will pick up a bit quicker. I understand why your average guy like myself is somewhat fearful of muddling thru the inner workings of his kernel, but eventually things will get easier. Systemtap is already full of features and should be stable enough to run, and I do like how easy it is to embed plain old C into the script. But if you read up on open solaris's D, you'll agree that it's better and be pissed that you were staying up all night watching the box slowly grind to its death while compiling and inserting the probes. Supposedly you can use xen or maybe userspace linux to set up native testing in open solaris, but by the time I had read up on this, the box had crashed already with the machine check exception.

Oh well, at least tonight I can finally enjoy my vacation :-P

My Sidekick Alvin

So, I love my sidekick from TMobile. I'm actually submitting this right now. This is where I change my mind about java, and think that it does have its uses. I love the fact that I can be working on my crappy servers while chatting on aim and reading my email. And the data package is cheap! They're the perfect geeky phone, even if the target audience isn't big into that sort of stuff.

I don't have too much to say today. Its Christmas eve and I'm stuck moving files around so we have enough disk space. 90 gig backup trying to fit on an 80 gig drive.... Yeah, that's not gona happen. Luckily I had the sidekick receiving all my work email so I got the alerts about the backups failing. Hopefully the boss won't find out....

So in other news, I thought of a great idea. Filesystem tagging for krusader. I'm not sure how the interfacing will work, but I think it would revolutionize the way we store our files on the hard disk. If you could have a fast, stable filesystem browser like krusader and choose to view your files by their meta tags instead of file system location, you could have amazing flexibility. Well ill work more on the concept and keep you posted. Lol... "You." Nobody reads this crap. Ill keep myself posted then.

The End of an Age

I know nobody who's read these posts so far would have any clue into this, but I am a world of warcraft fiend. I've played a good chunk of my life away on that thing, but I'll be happy to tell you all that I think it's over. I think I might finally be done with that game. Let me tell you why (in case you had a choice...):

1) The game is too boring to play another character alone. The guys in the guild were originally going to wait till the 19th of December to roll their characters, but started many days early leaving the few of us who were occupied until then out in the cold. Practically every character i've created has ran into this problem. It's a lonely grind to 60, and I'll be damned if I'm going to grind myself away alone again in a guild full of people having fun because they started early and can play together. It isn't fair that you're going to enjoy this roll because you couldn't keep it in your proverbial pants.

2) I'm sick of everyone wanting me to run their site, then tell me things aren't good enough. This is something I do in my spare time, so back off. For your interest, www.bluefrex.com is the forums, http://www.bluefrex.com/~liquidfire/eqdkp-1.3.0 is the dkp system, and there's a little wrapper page out there some where. Then they use their little web admin interfaces and screw everything up, and now I'm awake at 3am fixing the problems they can't make work. Hence this post stemming from a terrible frustration with digging thru someone else's php trying to make sense of the sparse documentation and tracking down the includes.

3) The main enjoyment out of the game is getting to brag to everyone else about how great of a player you are, why you're so much better than everyone else, and how much great gear you got that others didn't. Sure the game is pretty fun the first couple times around, but the real enjoyment comes out of getting the rare drops from months of farming. How miniscule. Or you could try killing the same 10 people over and over again in Arathi Basin. That sounds like a swell idea.

4) I need to brush up on my c++

5) Organized guilds tend to be a bit too socialistic in my opinion, and this one is very organized.

6) It is virtually impossible to play multiple characters that aren't nearing their completion unless you're a chinese farmer under the age of 16. Did I mention that I don't like playing my druid?

7) If any of them ever read reason number 1, I'm going to get lots of nasty "you n00b, quit whinin' and play" emails and IMs. So, to that I have to say:

iptables -A INPUT -d 70.87.124.188 -j DROP

And boom, you get nothing.

I know I'm being pretty mean, and honestly it's just a temporary thing. I originally got into WoW because it was an escape from an old job that was driving me crazy. Well, I'm in a new job (I should make a post about that...) and don't need the defense mechanism that I did earlier. So in this way, my desire to play warcraft has dropped dramatically. It just doesn't interest me any more.

I'm sure this will be another editorial that I just delete and never save to be posted. After all, if any of them happened to come to this site (in all my signatures on the forums) they would see it and start to wonder so I dunno.

OK, well screw this. It's 3:20am, I have to get up in the morning and get some gift shopping done. For those bluefrexers out there, don't listen to me, I'm just spouting off steam.

Encrypting your Filesystems

Ahh the fun things you can do with Linux. This is a quick tutorial (actually 2 mini-tutorials). The first will be a password generator shell script and the second will be encrypting your filesystems with the clever use of crypto-loops. I know it sounds like a decepticon, but it's pretty cool none the less.

Simple Random Password Generator

#!/bin/sh
RANDOMDEV=/dev/urandom
function generar {
dd if=$RANDOMDEV count=1 2>/dev/null | uuencode -m -| head -n -2 | tail -n 1 | cut -c-$LENGTH
}
function help_menu {
cat << EOF

Usage: (-n Number of passwords | -l Length of passwords)

Example: $0 -n 5 -l 8

That will generate 5 passwords with 8 characters each.
EOF
exit 0
}
while getopts n:l:h X
do case "$X" in
n) NUMBER=$OPTARG ;;
l) LENGTH=$OPTARG ;;
h) help_menu ;;
esac
done
if [ -z $NUMBER ]
then echo "You must tell me how many passwords to generate. Use -h for more info."
exit 1
fi
if [ -z $LENGTH ]
then echo "You must tell me how many digits are in the passwords to generate. Use -h for more info."
exit 1
fi
for ((n=0;n<$NUMBER;n++)); do generar ; done


Easy huh?

You can download it here.

Encrypted Filesystems

This is a pretty simple thing. First of all, make sure the following modules are loaded: loop, dm-crypt, cipher-aes. For ya'll who don't know, modprobe to add them, lsmod to check if it's there. Now, here's the cool part.

losetup -e aes -k 256 /dev/loop0 /dev/sda3 (where /dev/sda3 is your partition)

You will be asked for a password. You can generate one ahead of time using the password generation script above. ;-)

mount /dev/loop0 /path/to/mount

That will mount your crazy encrypted partition at /path/to/mount. You can even do it with swap. Oh baby, I know you love it.

if [ `date +%m%d` = 1225 ] ; then cd $HOME ; fi

So, I'm at home in Arizona for the holidays. That's where I was raised. Phoenix is a pretty cool town, full of friendly folk and desert stuff. Not too bad when you think about it.

So, I'm driving home from the airport with my dad. I havn't seen him in a year, so the conversation's a little strained. It's not too bad though. My dad's a teacher in Arizona, and his specific school is testing out some software for use in the district. It's a Mac product, somethiing like QuickGrades. Basically, the software is little more than a front end to some imbedded database. He said that QG was intented to be used by elementary teachers, so things like weighted grades, mid-terms/final exams, bell curving, etc are increasingly difficult. In the end, he inserts these bizarre string searches similar to Access fields (probably the backend being used) and gets a final grade out of it. The software is so complex that the school hired a full time employee just to admin that program and write recipes for it so that teachers can use it.

Now, if you ask me, this entire problem could be cast aside. For startes, a little bit of mysql and any scripting language is all you need for this. I could probably write them an entire replacement in a weekend. But more importantly, this example shows the breakdown of most software development cycles that take place in a cathedral situation. If you havn't read Raymond's articles, I suggest you hop on over and read them. There are two main approaches to programming, symbolized by a cathedral and a bizarre. The cathedral is the style of programming that is most typically used. A few developers coding in the cover of night, releasing a product every year, taking no input from beta testers (because they are the beta testers), racking their brains to solve one problem at a time. Most software projects are coded this way. The bizarre style is much different. The source code is published and may be downloaded by the beta testers. Anyone who downloads the code becomes a beta tester. Here's the best part. They not only tell you what they like and dislike, they also find and fix bugs. If you treat your beta users like your greatest asset, they will become your greatest asset. Soon, your tiny project has an army of coders looking over your code, development time and effort is cut down by a vast magnitude, and new features are being written every day. With as many people out there, the problem will be obvious to at least one of them.

That is the strength of the bizarre style of programming. Because of the way it's set up, programmers prove their worth to you by writing the greatest code possible on your project. Beta testers actually give helpful criticism of your product, and work with you instead of expecting you to figure out what they mean in their cryptic "this thing don't work" bugzilla entry. Thus the project is directly driven by the need of its users, not what a specific designer or market analyzer thinks they want.

So, maybe I'll whip something up for my dad to show the guys at his school, or maybe I'll just write up my own oss project for it, call it opengrade or something. But knowing the way schools are, my dad will probably be stuck using this program for many many years. But there's always a chance right?

My ~/.vimrc

My buddy told me I should put my ~/.vimrc here like everyone else does. I think he liked my color scheme. Don't tell anybody, but I ripped it off from Shawn Axsom from vim.org. It reminds me of a day at the beach. I have a couple of :abbrs in there to help me spell and the everyday things like bs=2 are handled in /etc/vimrc. I did add two mappings. One of them runs my document thru aspell for spell checking, the other deletes trailing whitespace on every line. Remember that when you're entering in the ^T in insert mode, it's actually ^V^T (control+v control+t). Same goes for ^H. So you can hit ctrl t to start spell checking your document, or ctrl h to clean up the whitespace. Hmm, maybe next week I'll set up a vi tutorial for visual mode, ex mode, recording, and folding. In my experience, people rarely utilize those options. Well, we'll see. Anyway, here's the vimrc:

map ^T :w!:!aspell check %:e! %
map ^H :%s/[ ]*$//
:set incsearch
:abbr teh the
:abbr hte the
:abbr accross across
:abbr gonig going
:abbr i I

if version >= 600
set foldenable
endif

set background=dark
if version > 580
hi clear
if exists("syntax_on")
syntax reset
endif
endif

let g:colors_name="carvedwood"

hi Normal guifg=#8a808d guibg=#11100C
hi NonText guifg=#382920 guibg=#1d1c1f

" syntax highlighting
hi Comment guifg=#362b32
hi Title guifg=#60a0da
hi Underlined guifg=#60a5cd
hi Statement guifg=#fac5ba
hi Type guifg=#a57570
hi Constant guifg=#5d4446
hi PreProc guifg=#c07a6a
hi Identifier guifg=#b06d69
hi Special guifg=#454D5A
hi Ignore guifg=grey40
hi Todo guifg=orangered guibg=yellow2
hi Error guibg=#e04462
"end syntax highlighting

hi Directory guifg=#bbd0df

hi Cursor guibg=#2d394b guifg=#65899d

hi FoldColumn guibg=#262224 guifg=#00CCFF
hi LineNr guibg=#1d1b1d guifg=#D0C0BA
hi StatusLine guibg=#cda995 guifg=#102015 gui=none
hi StatusLineNC guibg=#a0897d guifg=#373334 gui=none

hi Search guibg=#5a6d7d guifg=#bac5d0
hi IncSearch guifg=#50606d guibg=#cddaf0

hi VertSplit guibg=#c2bfa5 guifg=grey50 gui=none
hi Folded guibg=#0a4f4d guifg=#BBDDCC
hi ModeMsg guifg=#00AACC
hi MoreMsg guifg=SeaGreen
hi Question guifg=#AABBCC
hi SpecialKey guifg=#90703B
hi Visual guifg=#008FBF guibg=#33DFEF
hi WarningMsg guifg=salmon
hi Scrollbar guibg=grey30 guifg=tan


" color terminal definitions
hi SpecialKey ctermfg=darkgreen
hi NonText cterm=bold ctermfg=darkblue
hi Directory ctermfg=darkcyan
hi ErrorMsg cterm=bold ctermfg=7 ctermbg=1
hi IncSearch cterm=NONE ctermfg=yellow ctermbg=green
hi Search cterm=NONE ctermfg=grey ctermbg=blue
hi MoreMsg ctermfg=darkgreen
hi ModeMsg cterm=NONE ctermfg=brown
hi LineNr ctermfg=3
hi Question ctermfg=green
hi StatusLine cterm=bold,reverse
hi StatusLineNC cterm=reverse
hi VertSplit cterm=reverse
hi Title ctermfg=5
hi Visual cterm=reverse
hi VisualNOS cterm=bold,underline
hi WarningMsg ctermfg=1
hi WildMenu ctermfg=0 ctermbg=3
hi Folded ctermfg=darkgrey ctermbg=NONE
hi FoldColumn ctermfg=darkgrey ctermbg=NONE
hi DiffAdd ctermbg=4
hi DiffChange ctermbg=5
hi DiffDelete cterm=bold ctermfg=4 ctermbg=6
hi DiffText cterm=bold ctermbg=1
hi Comment ctermfg=darkcyan
hi Constant ctermfg=brown
hi Special ctermfg=5
hi Identifier ctermfg=6
hi Statement ctermfg=3
hi PreProc ctermfg=5
hi Type ctermfg=2
hi Underlined cterm=underline ctermfg=5
hi Ignore cterm=bold ctermfg=7
hi Ignore ctermfg=darkgrey
hi Error cterm=bold ctermfg=7 ctermbg=1


Ya'll can download the file here.

Play • 2 Comments/Trackbacks

GPG and YOU

So, I figured that wednesdays will be tutorial day. In all actuality, I'm running out of things to talk about after the first post. So I figure it's time for a tutorial so I don't have to think for another day.

Many people have asked me about gpg, especially since I have those clearsigs on the bottom of my emails. Also, I grow weary on telling people where to grab my public key, so this can kill two birds with one stone.

What is GPG and Why do I Need it?

GPG, short for the GNU Privacy Guard, is a certificate based application that can verify the integrity of data, encrypt and decrypt data, and ensure the authenticity of the data. It's lightweight, incredibly dependable, and can work with any file.

So why would you need it? Well, most people wouldn't. I mean, who ever has this happen to them?

* "I'm so glad I backed up my latest financial audit excel file on the public fileserver. Who would have thought my hard drive would crash only hours after I saved it there? Now, Let's see....Oh yes I was trying to figure out why money was missing from these accounts. Hmm, the math adds up? I must have just fat fingered the calculator...."

* "Well, Jennifer needs to take her car to the body shop after she gets off work and i need to give her my credit card number so she can bill it to my account. I wish I hadn't dinged her bumber last week. I feel aweful about that. Hmm, I can always just send her my credit card number over instant messenger or email...."

* "Ooh, we'd better leave for the airport soon. Oh great! An email from Jim. He's going to house sit for us while we're on vacation. Hmm... He usually emails me from his work email address, not this hotmail address. Well, I'll tell him where I put the house key...."

It's little things like this that make GPG a valuable tool. Data in an email or word document can be altered so easily, it certainly would be useful if we could protect our data when we send it to others. That's the benefit of GPG! And better yet, it can even be used to garantee data sent from people you've never met! But more on that, let's get started.

Generating your Keys

The heart and soul of GPG is the shared key strategy. Basically you will be generating 2 seperate keys, a public key which you can give to everyone and a private key which you keep super secret. Simple enough right?

Getting GPG installed is easy. You can do that yourself. On Solaris and a number of other UNIXes, you'll need to run this setuid root to lock the memory. It's like this on my Visualizer c3000.

To generate your keys you type gpg --gen-key

This will make the directory .gnupg in your ~ directory. If you are a bit more paranoid, you would go buy a floppy disk (new is good for such a thing), format it, throw it in your drive and mount /dev/rfloppy/c0t1d0 on ~/.gnupg That way the private key never touches your hard disk. I like that idea, but that's for the extra paranoid. Me, I just keep it on my laptop. Who wants to get that floppy out of the safe every time you want to send an email? I know some who do, but you're wacko Dennis.

So, You can safely answer the defaults. They're the best choices. When it comes for name, give your full name, your email address and a comment. This comment is optional, i have mine set to (http://www.theunixgod.com/~paul) where you can download my public key directly.

So, you'll get a password prompt (make a crazy good password here), see some bizarre output sign of the entropy being generated, and you'll have your keys.

So, the first step is to check out your keys:

gpg --list-keys

This output will be your public key. If you look at the line that starts with 'pub,' you'll see a funny number in the next column. Mine says 1024D/1B5A7F71 That is the encryption strength (1024) and the last 8 digits of your fingerprint. You can refer to that key by those last 8 digits.

OK, the next step is to trust your key. To do this, you would do gpg --edit 8_DIGIT_ID That 8 digit number was the one you saw above. This brings you to a Command> prompt. If you type 'trust,' and follow the instructions to ultimately trust your key, you'll be ready to share it with everyone. Type 'save' to save and exit the edit key menu. Oh, by the way, if you have an older version of GPG, the public key will automatically be trusted so don't worry if you see the "Key not changed so no update needed" message.

OK, let's export that public key. There's 2 ways to do this, binary and ascii armored. Type gpg --export 8_DIGIT_ID (optionally add the --armor flag for ascii output) > gpg-public-key.asc (or gpg-public-key.txt if you did the ascii armor). OK, that file you created is what you need to give to people. If you want to send it to a keyserver, you would do gpg --keyserver DNS_OR_IP_OF_KEYSERVER --send-keys 8_DIGIT_ID It doesn't matter what keyserver you send it to, they all eventually replicate. I use www.keyserver.net. It's easy enough.

You can download my key from keyserver.net (gpg --keyserver www.keyserver.net --recv-keys 1b5a7f71

I sign all my emails with the --clearsign --armor options. You can verify that this message is A) genuinely from me, and B) it is untampered. It's easy, just copy the text of the email into a text file and gpg --verify < file_you_put_the_text_in. Easy enough?

You can create your own signed files with this: gpg --clearsign file.txt. That will prompt you for your password because it must verify that you are who you say you are. Here's an email trick: gpg --clearsign << EOF | mail -s "yo this is the subject" user@domain.com Just type EOF on a new line when you're done.

Let's see, what else... Oh yes encryption! The way this works, is that you give me your public key, or I download it from a keyserver. Then, I encrypt a file to send to you using your public key. Then when it comes to decrypting, you use your private key. It's easy!

gpg -er you@yourdomain.com file

That produces file.asc (e=encrypt r=recipient) as long as I have the public key for that email address. To decrypt the file you would pg -d file.asc

So that's the basic stuff. You can read more about it www.gnupg.org if you like, but you probably won't. You can download my public keyfile directly at my personal page or just import it from www.keyserver.net. And there's always the man pages

Why I love UNIX

So, I wrote a 245 line long shell script, that's excluding whitespace and comments. It's a rather complex script, which does a simple task: scouring directories and doing things with the files it fins in them. Using a variety of tools like getopts, sed, and awk, you can take a simple thing like this:

[paul@bosshog ~]$

and turn it into this:

[paul@bosshog ~]$ ./script.sh -h

./script.sh - This script attempts to clean up the directory of your choice, removing and reducing the amount of bru backups that take place there.

Usage: ./script.sh (-h|-c |-r |-n |-a|-m |-q>

-h This help menu
-c Specify config file, default is /etc/bruclean.conf
-r Specify ruleset to sort to, as designated in the config file
-n This is the end result number of backups you want to have in this directory. All but the latest number of backups will be deleted. For instance, if you have 9 total backups and give the option -n 4, then the oldest 5 will be deleted.
-b List number of backups and their dates and exit.
-d Directory to clean.
-a Archive, don't delete.
-m Move the files to a different directory
-q Quite (no output).


I can get all those options fully supported and bulletproffed in under 300 lines. I can even whip up a man page for it:

SKULKER(1)

NAME
skulker - a program to scour directories and do things with the files it finds

SYNOPSIS
skulker [options]
............


I think that's utterly amazing. Imagine how many thousands of lines of C I'd have to write to get those features. Granted, it would run a bit faster, but the ls comand alone has over 4000 lines of code.


The UNIX Philosophy

While the world points and clicks around their little icon filled universe, we UNIX dudes get to use an old fashioned, primitave command line. No, I'm joking of course. The Unix shells are toolboxes. The tools allow you to build new tools to do bigger things. This, by any other name, is programming. And programming is teh essential activity of computing. Without it, a computer is just a lump of transistors; and with it, a computer becomes a powerful utility.

Consider this quote from David Korn:

"There are many people who use UNIX or Linux who in my opinion do not understand UNIX. UNIX is not just an operating system, it is a way of doing things, and the shell plays a key roll by providing the glue that makes it work. The UNIX methodology relies heavily on reuse of a set of tools rather than on building monolithic applications. Even perl programmers often miss the point, writing the heart and soul of the application as perl script without making use of the UNIX toolkit."

"This is the UNIX philosophy. Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface." --Doug McIlroy

Most Windows applications can be thought of as software tools. If the only tool you have is a hammer, everything looks like a nail. The guy who writes letters in his spreadsheet program is a good example of this. UNIX programs are software tools. The UNIX shell is a toolbox stuffed full of these tools. The more tools you have, the more you can do.

There are two tools that stand out as kings of the toolbox:

The Filter

the concept of a filter is a key UNIX idea. At its most basic level, a filter is a program that takes input, changes it, and outputs the new data.

Standard input and output(stdin/stdout) are the default places from which a program will recieve and send information. stdin is from the keydoard, stdout is to the terminal. So, you type to the program, it analyses the data, and gives you the output on the screen. Now, you can direct the output or input to/from other things, but the pricipals remain the same

The Pipe

The second idea is the pipe The pipe |, is a junction that allows me to connect the output of one program, and send it into the input of the next program. Thus allowing little strings like:

lynx -dump $FILENAME | tr ' ' '\n' | sort -u | grep -vE "(^[^a-z]|')" | ispell -a | awk '/^\&/ {print $2}' | sort -u > $TEMPOUT

Now, most of that is jibberish, but basically this was a script I had that would check the spelling in my .html files (before I switched to php's aspell_check() function).

That is the power of the shell. I can chain all these tiny programs together to make a unique program. Then I throw that command chain into a text file. I give that text file +x permissions and all of the sudden I have a script. Now I can just ./ that script and my program runs. No compiling, no library dependencies, just a program that runs exactly like I wrote it. And as long as I'm not writing something that needs sickening speed, I can do almost anything in my shell.

There is perhaps no better nor more succinct way of summing up the Unix Philosophy than two lists from Ken Thompson's book. First, here are the nine main tenets of the Unix philosophy:

* Small is beautiful
* Make each program do one thing well
* Build a prototype as soon as possible
* Choose portability over efficiency
* Store numerical data in flat ASCII files
* Use software leverage to your advantage
* Use shell scripts to increase leverage and portability
* Avoid captive user interfaces
* Make every program a filter

And here are ten "lesser tenets":

* Allow the User to tailor the environment.
* Make operating system kernels small and lightweight.
* Use lower case and keep it short.
* Save Trees.
* Silence is golden.
* Think parallel.
* The sum of the parts is greater than the whole.
* Look for the 90 percent solution.
* Worse is better. (I won't try to explain this one...)
* Think hierarchically.

One last quote from Garantz before we go:

"Unix owes much of its success to the fact that its developers saw no particular need to retain strong control of its source code."

Work • 0 Comments/Trackbacks

And So It Begins....

So welcome to the UNIXgod.com!

I've never been one to blog. Most of my creativity is sucked up at work, leaving me a cold lifeless shell. No, I'm just jokin'. But seriously, if you're looking for something whitty or inventive, you've come to the wrong place. This is mostly a site dedicated to the UNIX way of doing things, its rich history, and maybe a trick or two I've learned along the way. And if you have suggestions or tricks of your own, you should share them as well!