Authenticate sudo with SSH agent

There’s a wonderful package called pam-ssh-agent-auth which allows sudo authentication via the SSH agent. This means no more typing passwords for sudo. Instead, just connect with ssh -A to forward your agent, and then use sudo without a password.

Installation is fairly simple, there are lots of walkthroughs around. First, grab this ppa, then add your SSH pub key to /etc/security/authorized_keys, sudo visudo and add Defaults    env_keep += "SSH_AUTH_SOCK", then edit /etc/pam.d/sudo and add auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys after the other auth lines.

I deployed it all with puppet, but I think that’s everything.

MOT pass, no advisories, and an oil change all in less than two hours. Trip successful, now I can get on with some London networking… :-)

Posted via Composer

5 of us left Brussels, 5 stopped at the border check, 5 missed the 14h boat, 4 now on the 16h boat. London two hours later than planned…

Posted via Composer

OlinData are awesome

I received an unsolicited email from Walter Heck and his team at OlinData. Before I’d even read it, I had another email apologising for the mistake. Then I actually got a second mistaken email, but at this point, I’m so grateful for the apology and the responsible attitude, I don’t much care. To make matters even better, Walter posted on their blog explaining the mistake.

I decided in contrast to previous rants, it was time for a praising post. Thanks Walter for your responsible email behaviour, I salute you sir.

Bought a retina iMac last night. This morning the MacBook Pro crashed when I plugged in the external screen. Good timing! :-)

Posted via Composer

My first ever cold pressed coffee. Not bad, not bad at all. Feedback round the office was also positive.

Posted via Composer

Better 2FA on PayPal

I recently setup Two Factor Authentication on PayPal. It’s super annoying. Whenever I want to login I need to receive an SMS (which takes a few seconds at least to arrive) and type the code into the site. I need to get that SMS on my UK sim, which means I need to always have that SIM live and on me to login.

Well, not true. It’s not actually very safe as you can bypass 2FA with two security questions. Oh well…

Turns out, it’s possible to use an app instead. It’s not obvious that it’s possible for free, but it is. Install the Symantec VIP app (free) and then set it up. Simple. Just enabled, tested, and it works nicely. Definitely easier than waiting for an SMS.

28934664_b80f8f3b5b_o

Been in Edinburgh since Thursday. Now at the airport and ready to fly. Back in Berlin in time for a late lunch… :-)

Posted via Composer

Easy GitHub backup with curl

We just deleted an old private GitHub repository. Before we did, I wanted a copy of the issues. Turns out, it’s super simple with curl. Of course, you can backup the repository itself very easily like:

git clone git@github.com:user/repo.git
git clone git@github.com:user/repo.wiki.git

Then to get the issues, first I created a new personal API token on GitHub. Then, took a minute to figure out, but you use that as the username with a blank password or a password of x-oauth-basic. Then the curl command looks like:

curl -u 'access_token:x-oauth-basic' https://api.github.com/repos/user/repo/issues

If you got everything right (which I didn’t the first 5 or 10 times…) you should get a JSON document containing the issues of that repo. There will probably be multiple pages. Personally, I used curl -sSi and piped to less, then I saw the links for page 2 and 3 in the headers. I repeated the process by hand and dumped all three pages into .json files.

There are tools available to automate this, but the whole thing took me less than 15 minutes by hand.

Octocat Pumpkin

After buying two pairs of sunglasses on Thursday (redundancy FTW!) the forecast shows sunshine for the next 7 days straight. Woohoo! :-)

Posted via Composer

I just bought my first *ever* app. I just paid for software. I sense this hails the beginning of a new era…

Posted via Composer

After a few days R&R in the French countryside, heading back to civilisation for a night in Paris tonight, then back to Brussels tomorrow.

Posted via Composer

After a weekend at FOSDEM with @guaka it's off to Paris, then onwards to the French countryside. Here's hoping for clear roads…

Posted via Composer

Just arrived in Prague. Short drive with a full car of ride sharers and they're potentially all coming back with us on Sunday! Happy days…

Posted via Composer

Recalibrate the Hubsan X4

If, like me, you’re too lazy to watch the video, here’s the steps:

  1. Turn on as normal, put the Hubsan in expert mode (press right control stick down)
  2. Push left control stick to fully bottom right
  3. Move right stick fully from left to right back and forth
  4. When lights blink, the drone has calibrated

When the X4 is not staying still while hovering, this can help a lot.

Living under the cyber oppression of ze Germans? Fight back. Get a quicktorrent.io account today, $24/year for 3 more days!

Posted via Composer

Advanced CrashPlan backup strategy

Some lessons I’ve learned in my year and a half with CrashPlan. Please note, this is an advanced guide to CrashPlan. You have been warned. I assume you’re already familiar with CrashPlan and understand their backup sets, etc.

This post covers several topics (and I might update it later if I remember or discover more).

  • cron vs anacron
  • backup speed
  • file selection verification

Cron vs Anacron

Personally, I consider this a bug, and one that CrashPlan ought to have fixed a long time ago. When configuring “Verify selection every”, if you choose a number of days and a time of the day (which is the default), your backup verification will only happen if your computer is on at the scheduled time. Ala cron.

However, if you choose a number of hours < 24, and your computer is off at the scheduled time, the backup verification will run as soon as the computer is on again after the scheduled time. Ala anacron.

Bottom line, for your most important data, set the verification to run every 23 hours and accept that it’ll happen at inconvenient times of the day.

Backup speed

For a long time I felt like CrashPlan took forever to run backups. Eventually, more than a year after using the service, I decided to investigate. I found some excellent articles.

tl;dr Change the advanced settings. If you’re backing up compressed media, turn off compression. For backup sets that rarely change, change “Data de-duplication” to minimal.

I discovered this after I decided add ~500GB of media on a USB disk to my backup sets. After making these changes, the backup took about 6 weeks instead of 3 months! I regularly saw upload speeds of >6Mbps on connections that would support it, I was moving a lot during the 6 week upload period!

File selection verification

This is an optimisation I’m only now figuring out nearly 2 years into my CrashPlan adventure. If you’re backing up a large folder of very infrequently changing data, put it into its own backup set. For example, I backup ~500GB of audio and ebooks. I almost never add to the collection.

By putting this into a separate backup set from my photos I can run a manual file verification of the photos without also waiting for the verification of 1’000s of book files which I know have not changed. My advice is the more backup sets the better.

Note that if you split one backup set into multiple smaller sets, you will lose the history, including any deleted files, previous versions, etc. Best to set this up from the beginning. But remember CrashPlan is a backup system, and it should not be confused with external storage.

Conclusion

CrashPlan’s java app is horrible. It’s slow, ugly, and a PITA to use. If I could find a better alternative, I’d switch in a heartbeat, I have zero loyalty to CrashPlan. However, having said that, as of my last research, CrashPlan is simply the only contender in the market. The defining characteristics for me are:

  • Client side encryption with key that is unknown to my backup provider.
  • Sensible pricing (unlimited space, 10 computer family plan for $150/yr).
  • Indefinite retention of external drive backups (BackBlaze for example deletes these after 30 days, or after 6 months if your computer is off, even while you continue paying, completely outrageous).
  • Cross platform, even if I only actually use OSX, the idea that I can also backup a Linux based server is a necessity with a 10 machine plan.

Find me another service that has these features and I’m there. In the meantime, I continue to use CrashPlan and endure its peculiarities and shortcomings.

Samsung Note 10.1 2014

I recently got a Samsung Note 10.1 2014 edition tablet. I wanted to replace paper note taking. I’ve been in a lot of meetings recently, and I write notes, mostly to aid in remembering the points, I rarely actually refer to them. Aside from the need to always have paper and pen, this was generating a substantial amount of paper. So I did a little research, and settled on the Note 10.1. The NotePro, essentially the same device in a 12.1 inch size, was interesting, but felt less portable, and too heavy to easily hold in one hand.

For its intended purpose, I’m extremely satisfied. The S Note application is excellent. It has a few quirks, like only having on default page which must be either portrait or landscape, but aside from that, it’s very good. The pen feels good writing on the screen, not quite as good as a ballpoint on paper, but certainly good enough for extended writing sessions.

I got a case with a hand strap. Turns out this is an excellent feature. When I’m holding the tablet portrait (subject to this bug), the handle makes it possible to hold the tablet with one hand and write on it with the other. It’s too big to hold in one hand without this strap, so I had to always put it down on something in order to write on it. The case was a big improvement, and I’m happy with the quality of the case so far.

The tablet includes a one year subscription to Evernote premium. I’ve installed Evernote on my mac (was going to do that anyway), and now my handwritten notes are synced automatically from tablet to laptop (and phone). If one ignores the concerns over privacy in having all my data unencrypted on an American corporation’s servers, it’s absolutely fabulous! :-)

I haven’t used the tablet much for browsing the web. Firefox is my browser of choice, and it’s pretty poor on a tablet. The interface doesn’t change much from the phone, despite the extra screen space. Chrome is slightly better, but doesn’t sync my tabs, etc with Firefox on my laptop.

Bottom line, for its intended use of note taking, the tablet has worked out great. I’m very happy with it, and the other stuff it can do is an added bonus. It is an expensive note taking device, but automatic syncing was a huge win over solutions like the Boogie Board or Livescribe where notes have to be manually downloaded onto the computer.