Authenticate sudo with SSH agent

There’s a wonderful package called pam-ssh-agent-auth which allows sudo authentication via the SSH agent. This means no more typing passwords for sudo. Instead, just connect with ssh -A to forward your agent, and then use sudo without a password.

Installation is fairly simple, there are lots of walkthroughs around. First, grab this ppa, then add your SSH pub key to /etc/security/authorized_keys, sudo visudo and add Defaults    env_keep += "SSH_AUTH_SOCK", then edit /etc/pam.d/sudo and add auth sufficient file=/etc/security/authorized_keys after the other auth lines.

I deployed it all with puppet, but I think that’s everything.

Impress Remote on OSX

I was looking for ways to control a presentation from an android phone. Turns out LibreOffice has this baked right in, it’s called Impress Remote, it’s free, it’s open source, and (in theory anyway) it’s awesome!

Turns out, LibreOffice would not auto update to 4.2, I had to download version 4.2 manually and install it as normal. Version on OSX wouldn’t work over bluetooth or WiFi. Since upgrading to 4.2 I’m delighted to report that WiFi works. Bluetooth still doesn’t work, but apparently WiFi is faster anyway.

It’s really a smart system. I can see the slides on my phone, there’s an inbuilt timer (although only small letters), and swiping the screen advances the slide (about a second later). Here’s hoping it works for tonight’s presentation on Reputation Coin! :-)

Small, stacked join / part messages in Colloquy

Colloquy is my IRC client of choice since switching to OSX. In busy channels, my screen can be overrun with messages telling me who joined and left the channel. I wanted, not to hide these, but to make them much smaller, and put them all on one line.

It turns out that it’s possible to modify Colloquy’s appearance with CSS. Awesome, CSS and I are old pals. Took me a while to figure it out, but here’s the code.

.event {
font-size: 0.5em;
float: left;
/*opacity: 0.7;*/
.envelope {
clear: both;

Open Preferences, then Appearance, then option click Customize Style… and the CSS file will be opened in your editor of choice. Then type /reload style in a channel to see the new style in action. Here’s the obligatory before and after screenshots.


Super simple git deployments

First time using git to push to a web server. Thanks to this, it works.

Mostly as a record for myself, here’s how I set it up.

Starting on the web server:

mkdir foo
cd foo
chmod g+s .
git init
git config receive.denyCurrentBranch ignore

Then add the following to .git/hooks/post-receive

cd ..
env -i git reset --hard

Now chmod +x .git/hooks/post-receive.

Finally, on my local machine:

git remote add web user@host:/path/to/foo/.git/
git push web master

This works on Ubuntu because the default umask is 0002. Umasks are set per user / process, not on the filesystem, so if you have a umask problem, you’ll have to solve it!

Styling PaperTrail log output

We use papertrail to aggregate log data from our servers. Awesome tool. I wrote a simple GreaseMonkey script which highlights the names of our servers. Very easy to do. Could equally have built it in Stylish, but I already use GM, so that’s how it went. Here’s the code as per a request from Henry.

// ==UserScript==
// @name Papertrail styles
// @namespace
// @description Add some custom colours to our papertrail output
// @include*events*
// @author Callum Macdonald
// @copyright 2012 by Callum Macdonald
// @license GPL v3+
// @version 0.1
// @lastupdated 2012-08-29
// @grant GM_addStyle
// ==/UserScript==

// Simply inject an extra style element
#event_list li[data-system='foo'] .system a { background-color: red; }\
#event_list li[data-system='bar'] .system a { background-color: blue; }\
#event_list li[data-system='ba1'] .system a { background-color: yellow; }\
#event_list li[data-system='ba2'] .system a { background-color: green; }\
#event_list li[data-system='ba3'] .system a { background-color: purple; }\

FindMyCar works

My first mobile app now actually works! At first I had issues because getCurrentPosition doesn’t actually fire up the GPS in PhoneGap, but I switched to using watchPosition instead and that seems to work well enough. It’s crude, but hopefully it’s good enough for my personal use and will save me a little time. Updated info here including a QR code.

cordova add platform android unexpected error

I ran into a strange problem with cordova. When running cordova platform add android I got this error:

[Error: An error occured during creation of android sub-project. An unexpected error occurred: “$ANDROID_BIN” create project –target $TARGET –path “$PROJECT_PATH” –package $PACKAGE –activity $ACTIVITY >&/dev/null exited with 1
Deleting project…]

Turned out, the problem was a space in the name of my app. So I restarted the app and instead of calling it Find My Car I called it FindMyCar and then it worked. Strange but true.

Security Update Notifier

A while back I installed apticron to get an email when updates were outstanding on our servers. However, it emails for all updates, and there are updates released every day, which means I get one email per server per day, useless noise that I end up ignoring.

Today I built a solution, security-update-notifier. It’s a very simple (crude!) shell script that can be scheduled with cron to generate an email each day when there are security updates pending. It relies on apt-check, part of the update-notifier package.

We manage our machines with puppet, so I built my first ever public puppet module, a simple wrapper around the script. Tomorrow morning at 4:44am I’ll hopefully get an email for one server. I’ve left one with updates outstanding, one with only non-security updates outstanding, and one up to date, to test each case. Fingers crossed.

MySQL and SSL on Ubuntu Precise 12.04

I’ve had a nightmare the last couple of days getting mysql replication setup over SSL. Turns out some things have changed since upgrading to Ubuntu 12.04 Precise. In the end, the solutions were simple.

First, the server-key.pem file needs to have RSA in the header. I manually edited the keys and added the RSA part, it worked, like so:


Second, I learned that certificates generated by openssl on Precise do not work with mysql on precise. To get around that issue, I generated my certs on an old 10.04 box and it worked fine. Prior to that, when trying to connect, I got the error:

ERROR 2026 (HY000): SSL connection error: SSL certificate validation failure

Finally, after two days of messing about, replication is once again running, and SSL enabled.

Building a plivo AMI

I’ve been experimenting with Amazon’s web services recently. I’ve also been playing with voice apps on both Twilio and Tropo. Then I found plivo. Happy days.

Plivo is an open source service that offers functionality comparable to the hosted services. The authors have also made it outrageously easy to install by packaging the whole thing into two easy to run scripts. There was no EC2 AMI so I set out to create one. It turns out to be fairly straightforward, and all possible through the web console.

Choose a base AMI

The first step is to choose a base AMI. I used the Ubuntu 10.04 amd64 standard AMI in the eu-west-1 region (ami-4290a636). Then I logged in, ran the plivo install commands, waited, waited some more, waited a little longer, and all was done.

Now, to secure the AMI before publishing it, I removed the ssh keys, authorized_keys, and the bash history. This is not as simple as it sounds. I also logged in from a host that I knew would show up in the “last logged in from” section.

I logged in and ran the following commands:

sudo shred -u /etc/ssh/ssh_host_*
shred -u ~/.ssh/authorized_keys
shred -u ~/.bash_history

Now I went into the web console, selected the instance, chose the Instance Actions menu and selected Create Image (EBS AMI). Then under AMIs, I selected my new image, and changed the permissions to public.

Note that in order to take a snapshot, the instance pauses for a second. During that pause, I lose my SSH connection, and having just destroyed SSH on the machine, I cannot get back in. So I have to terminate (kill) the instance and boot it a fresh from the new AMI. This creates new SSH host keys and puts my SSH key back into authorized_keys.


I’m sure there’s a more elegant (and potentially elaborate) way of doing this. But it worked for me. It was quick and painless. Now there’s a public plivo AMI in the eu-west-1 region. I’ll look into how I get it into other regions, and if I need to pay for the storage to have it publicly available.


The result is the new public ami-acd0e1d8 in the eu-west-1 region. If you choose to test the AMI, please let me know how you get on in the comments here.

Ripping MP3s from YouTube on Ubuntu

This is the first post in a new category called notes. Things I want to remember and don’t have anywhere else to write down.

Install Medibuntu, WinFF, Firefox + Greasemonkey + Youtube without Flash Auto, and probably libavcodec-extra-52 from Medibuntu and easytag. Download the video within Firefox, save it to disk. Open WinFF, open the video, choose output format as Audio, set your options, and click convert. Then open EasyTAG if appropriate. Easy peasy. :-)

My very own OpenID server

I just installed SimpleID. Now I have my very own OpenID server. I no longer need to subject myself to the pain of After they consistently ignored all my requests to fix a major bug in their system, I’ve gone elsewhere. Happy to be running my own server and away from JanRain and their abysmal non-support.

Install was painless. It took me maybe 30 minutes because my internet connection was running so slowly. On a fast line, it would have been a 5 minute install. Very cool. I did make one change to SimpleID, as per this ticket, to make it a little more secure.

My next project is to install Prosody so I have my own jabber/XMPP server as well. :-)

Links in twitter feeds in Liferea

I use Liferea to consume feeds. In turn, I consume twitter by RSS. However, twitter’s RSS feeds suck. Urls are not clickable, user names are not links, nothing. It’s flat text.

Using Liferea’s ability to locally parse feeds and a little inspiration, I hacked up a sed script to make my twitter feed all pretty. It works great for me, YMMV.

I published the script here, under the GPL. To use it, save the source into a file somewhere, make that file executable, then choose “Use conversion filter” in Liferea and select the file you just created. If you have problems, you could try leaving a comment here, I might be able to help.

Regenerating nautilus thumbnails

Sometimes nautilus will try to generate a thumbnail for a video file while it’s downloading. Then  nautilus remembers that it tried, and failed, to generate a thumbnail for that file. Once the file has finished downloading, the thumbnail remains broken. I’ve had this issue for a while, today I chose to find a solution.

I found this post by Barak Korren. Barak wrote a short nautilus script in python to allow the easy deletion of a thumbnail in Nautilus. Here’s a step by step guide to getting it working.

Download this file and put it into your ~/.gnome2/nautilus-scripts directory. The script is by Barak, I uploaded a plain text version here to make it easier to download. Make the script executable, you can run chmod +x ~/.gnome2/nautilus-scripts/ in a terminal to do this. Now go to that directory in Nautilus, and you’re in business.

To test, right click on a file with a thumbnail. You should see a new menu, Scripts, under which you’ll see “”. Click that option and the thumbnail will be deleted. Press F5 to reload the folder in nautilus, and you should see a new thumbnail generated.

Thanks for a such a handy script Barak.

CS Greasy on Launchpad

I created a project on Launchpad for the first time today. It’s called CS Greasy, a collection (or soon to be a collection) of Greasemonkey scripts related to CouchSurfing. It took a little time to figure it out, but thanks to Kasper’s help, I think we’ve got it working now.

I created a new team called ~csgreasy. The tilda (~) distinguishes teams and users from projects. So the project name is csgreasy, the team name that owns the project is ~csgreasy. The team is open, so anyone can join. Upon joining, new members can commit code immediately. Once you’ve joined the team, the commands to check out and commit code are:

bzr branch lp:csgreasy/trunk
# make some changes
bzr push lp:csgreasy/trunk

After the first push, subsequent changes can be pushed with just `bzr push`, the location will be remembered from last time. Now anyone with bazaar and some javascript skills can contribute. To get started, install bazaar, register on launchpad, join the team, branch, start hacking, push back changes. Happy hacking… :-)

Creating Launchpad projects

Creating the project was relatively simple. There were a couple of steps I didn’t fully understand at first, it was simple once I got it.

Firstly, I registered a project. Second, I created a team. Then, instead of pushing branches to lp:~user-name/project-name/branch-name, I can push to ~team-name/project-name/branch-name. Using the team name instead of my own username means that the code is owned by the team and can be edited by anyone else in the team. A team on launchpad is essentially a regular user that consists of multiple other users. Very handy. That’s the whole process. :-)

Proposing WP Flavours

Instigated in part by this discussion, I think the time has come to start forking WordPress. I think there is space for a few different forks, or flavours, of WordPress. I can imagine flavours focused on security, privacy and probably others. For example, a flavour that disables all the post versionining. A flavour that strips out other parts of the code to suit a specific need.

To serve these aims, I propose to create wpflavours (or wpflavors). I imagine a site where flavours can be downloaded, an svn repo where patch sets can be maintained (maybe using quilt), and potentially a mailing list for group communication. Maybe we could host the whole thing on google code or some other public code / svn service. I suspect we’ll need server space to automate the patching and packaging process though.

If there’s sufficient interest (say anyone else interested in writing patches), I’ll register the domains, setup a simple WordPress site, figure out svn, setup a mailing list, and we’ll see what happens. If you’re interested comment publicly below or get in touch privately.

My first greasemonkey script

On several ocassions I’ve looked for an animated weather map where I can see the predicted weather for a region. After some struggling, I found maps on weather underground that were close to what I wanted.

However, when I changed the date of the map, it loaded a whole new page with the new map for the new date. It was cumbersome to cycle through the dates. I figured I could write a little Greasemonkey script to make life easier. Some 6 or so hours of hacking later, it’s done. It was much more finicky than I anticipated, but it’s done, and it works. I present Wunderground AJAXifier.

What is Greasemonkey?

Greasemonkey is a plugin for Firefox that allows you to use custom scripts on various web sites. For example, I use the YouTube without flash auto script. When I load a YouTube video, the script removes the flash player and replaces it with an embed code that fires up my default browser plugin (VLC, xine, mplayer, etc). The script also creates a few links to download videos directly to my computer. Easy peasy.

There are thousands of scripts on Mine is here. Be warned, the first few scripts I installed were malicious, they redirected me to the author’s web site. I recommend you check the reviews and read the source code before installing any scripts.


I think greasemonkey is a really big development for browsers. It provides an easy way for users to customise and control their web experience. For example, it’s now relatively easy to reorganise your favourite web site to improve the layout, add a WSIWYG editor, and more. It’s a significant step for users to regain control of their web experience from site publishers. Power to the people! :-)

Removing onclick or onchange with Greasemonkey

It took me quite a while to figure out how to remove the page’s default onchange event. I found the solution thanks to joeytwiddle on #greasemonkey. The trick is to use the wrappedJSObject method. Here’s a quick example:

var myel = document.getElementById('callum');
console.log(myel.onchange); // null, see XPCNativeWrapper
console.log(myel.wrappedJSObject.onchange); // works
myel.wrappedJSObject.onchange = null; // unsets the onchange handler

It took me a while to figure this out, hopefully this post helps somebody else.

Here’s a completely unrelated image from a flickr search for greasemonkey to brighten the post.

VirtualBox host to guest networking

Update 2013: This article is out of date. VirtualBox now includes a host-only network type. On my laptop I create 2 networks, one NAT to provide the VM with internet, and one host-only to provide the laptop access to the VM, even if the laptop is not on the internet.

Update: I just repeated this process with Ubuntu 11.04 host, 10.04 guest. It worked as described here. I also automated the setup on the host, and added a note at the bottom of the post explaining how I did that.

I’m creating a new development server on VirtualBox. I was using VMWare until recently, but since upgrading to Ubuntu 9.04 64bit, I’ve decided to try VirtualBox instead. I also recommended VirtualBox to my brother, so by using it myself I’ll be better able to support him if he has any issues.

Installing a new virtual machine was a breeze. After I activated hardware virtualisation in my bios, I installed a 64bit version of Ubuntu server 8.04 LTS. The install failed a couple of times, not sure why, but third time lucky.

My first major stumbling  block was connecting to the virtual machine from the host machine. By default VirtualBox gives the guest (virtual machine) a NAT ethernet connection. So the guest can connect to the network, including the internet, but the host can’t connect to the guest. I’m creating a development server, so that’s precisely what I want to do, connect from the host to the guest. With a little research, it turns out there’s an easy solution (on Linux hosts).

The VirtualBox article on Advanced Networking in Linux was my guide. I’ll document all the steps I took here.

Install bridge-utils, vtun and uml-utilities:

sudo apt-get install bridge-utils vtun uml-utilities

Create the bridge:

sudo brctl addbr br0
sudo ip link set up dev br0
sudo ip addr add dev br0

Create a tap device for the guest to use, put your username in place of USER:

sudo tunctl -t tap0 -u USER
sudo ip link set up dev tap0
sudo brctl addif br0 tap0

If you need multiple guests connected, repeat this step replacing tap0 with tap1, tap2 and so on. Always use br0.

Now modify the virtual machine settings and map one of the network adapters (probably the second one) to the device tap0. Choose Attached To Host Interface and select the device tap0. I left the first network adapter as a NAT adapter so the virtual machine has internet access. In this configuration, I can disconnect the guest from the internet and / or the host separately.

When the virtual machine has started, setup the network. Assuming the guest is an Ubuntu machine, run these commands on the guest. If you linked the first network adapter to tap0 then use eth0 on the guest, if you chose the second network adapter use eth1, 3 to eth2, 4 to eth3 and  so on.

sudo ip link set up dev eth1
sudo ip addr add dev eth1

Now test it all works. On the host machine try ping -c4 and on the guest try ping -c4 Assuming both machines are set to respond to pings (default in Ubuntu), you should see 4 successful pings.

If this works, you can set the address permanently by editing /etc/network/interfaces and adding this text.

# Host only network
auto eth1
iface eth1 inet static

I’ve used the 10.9.*.* addresses as an example. You can use any private network address (10.*.*.*, 192.168.*.* or 172.16.*.*-172.31.*.*). The most commonly used addresses are 192.168.*.* and 10.0.*.* or 10.1.*.* so I recommend staying away from them. You want to choose addresses that won’t clash with anything else on your network.

Edit: Finally, I added a script to automate the setup on the host machine. I created a script called /etc/init.d/virtualbox-bridgenetwork with the following contents:

# Create the br0 interface
brctl addbr br0
ip link set up dev br0
ip addr add dev br0
# Create tap0 for the vm to connect to
tunctl -t tap0 -u USER
ip link set up dev tap0
brctl addif br0 tap0

You need to change USER to your own username and modify the IP to whatever you were using. Then to make this script run automatically at boot time, run:

sudo update-rc.d virtualbox-bridgenetwork defaults

Now the br0 and tap0 interfaces should be automatically created at boot time.

Ubuntu Jaunty and pidgin-facebookchat 1.61

I was able to install pidgin-facebookchat 1.61 on Ubuntu Juanty Jackalope (9.04) by first installing the relevant libjson-glib-1.0-0 from Karmic. To find the correct deb look at the different builds on the right hand side of the page. In my case on 64-bit Ubuntu the relevant deb was this one, the 32-bit version is here.

I had to install the glib-json deb first. Otherwise the pidgin-facebookchat deb warned of an unsatisfiable dependency.

It looks like pidgin-facebookchat 1.6x is being included in Ubuntu Karmic but I’d guess it won’t be backported to Jaunty.

Google Wave

This might be the most exciting technological development since email. I’m truly impressed at Google’s approach to this project. It gives me newfound faith in Google.

The guys behind Google Maps set out to answer the question “What would email look like if it were invented today?”

Their answer is truly outstanding. Wave is a collaborative communication tool. Something like email crossed with a wiki, instant messaging client, and much, much more. As I watched the video I was thinking, all well and good, but when I got to around 1 hour 8 minutes, I got really excited. In a truly genius move, Google has made the whole protocol behind this new platform open source. That allows independent organisations to build their own Wave servers, and privacy is tightly coded within the system. No Google snooping. Wow.

If you’re technically minded, watch the video here. I’m not embedding the video because it’s 1 hour 20 minutes long and you probably want to watch it in high def on YouTube directly. See more info and sign up for a demo account on Google Wave here.

I was clapping with the audience as the video ends. Truly amazing. Thanks to Pete Mall for the tip. :-)

Considering a Kindle

I’m considering the purchase of an Amazon Kindle 2. I like reading books but books a’re big and bulky which doesn’t fit very well with my current nomadic lifestyle. I’ve spoken to a few people who recommend the Kindle.

However, I just read this. Amazon has allowed publishers to restrict whether a book can be read aloud on the Kindle or not. There is no basis for this in law, but Amazon has conceded all the same.

I’m typically a hardliner on issues like this. I boycott all Apple products because of the company’s proprietary lock-in practices. I use Ubuntu GNU/Linux because it includes software freedoms not available on proprietary operating systems.

Is there a Kindle competitor out there? Is the same range of books available?

Before I make a purchase I want to find out if I can load books onto the Kindle via Ubuntu. The Kindle includes a cell phone wireless component that allows internet access, but only in the US. So outside of the US I need another way to load books. If that requires Windows or Mac then I won’t buy the Kindle.

Then I’d also like to research the selection of books that is available. I’m hoping that the type of non-fiction books I typically read are readily available on the Kindle, otherwise, again, no point getting one.

Do you have a Kindle? Do you use Ubuntu? Any feedback?

Full encryption is go!

This post comes to you from Ubuntu 8.10 Intrepid Ibex, upon a fully encrpted 500GB disk. So if my laptop should fall into the wrong hands, my customers, family and friends can rest assured their data, passwords, photographs or emails are (for all practical purposes) secure.

Thus far I haven’t noticed a performance cost. The system “feels” as fast as before. I’m running a Centrino Core2 Duo 1.66GHz, 1.5GiB RAM. When moving large quantities of data (10GiB plus) I see the kcryptd process using around 25% – 50% CPU (of one core).

It really was painless to setup. Thanks to this walkthrough I was pretty confident it would be easy. No dramas. The hardest step was probably choosing a suitably random password (thanks grc).

Magic pidgins

Pidgin is my instant messaging client of choice. It means my MSN, Gtalk, Yahoo, ICQ and other contacts are all in one place. Today I have taken that to the next level with three new plugins.

Skype Pidgin Plugin

I need to have skype installed and running, but now I can send / receive messages from within pidgin. On linux, this is a big deal. The skype interface sucks. It lacks spell check, among other things. Now I can even send encrypted, deniable messages through Skype with the Off The Record plugin. All my other pidgin plugins work with Skype. Fantastic. Get the plugin here. (It works for poor people on Windows also).

Facebook Chat on Pidgin

More and more people have started talking to me on Facebook chat. The interface was a little ropey, I much prefer talking to people in Pidgin. For example, when somebody sends me a message, a web site has no way of letting me know. So if Facebook is open but not on the screen (say on another tab) I miss the messages. Pidgin on the other hand is great for that. Now pidgin supports facebook chat.

Twitter via Pidgin

I haven’t actually activated this plugin yet, but I have installed it. I believe it allows you to set / get Twitter messages via Pidgin. I like that idea a lot. I really liked Twitter’s IM service (before it died). But now I’m using (invite code vivalaping) to update all my statuses in one go. So Twitter only via IM might be a bit weird. I can post to through IM no problems, they have a Jabber interface.

Plugin Pack

Before I forget, I recently installed the available plugins from the Ubuntu repository. I grabbed all the pidgin related plugin packs that looked good. That made a big difference. Added Extra Prefs and Off The Record Messaging which were the biggest changes I think.

Pidgin is on a new level today. :) Here’s a pretty picture for all you visual / non techy types out there.

Ubuntu is go

I have installed Ubuntu. It all seems to be running quite smoothly. VMWare is working, which is nice. I had some initial sound issues with Skype but it looks like it was a volume issue, sorted now. Waiting for Zend studio to download, hopefully that will be an easy install.

Overall, the process was rather painless. I’m loving synaptic package management. It really is much better than RPM. The desktop effects are taking a bit of getting used to. I can’t drag / drop windows onto the workspaces, but that’s not too big a deal.

So far, I’m pleased with the switch. For all you visual people, here’s a wee screenshot of the workspace switcher.

The desktop switcher on Ubuntu 8.04 Hardy

Some things that impressed me:

  • Media buttons “just work”, I can play / pause / forward / etc music, beautiful.
  • Installing copyright “questionable” plugins (MP3s, divx, etc) was painless and granny easy.
  • The windows key does stuff, out of the box, not very useful stuff, but still stuff!
  • I could import my pidgin, Evolution and something else data from Fedora. Nice.
  • Desktop effects are enabled out of the box (compiz for the techies).
  • Stuff prompts for configuration during install, for example ddclient. Handy.

I’m pleased I’ve switched over to Ubuntu. I’m a little wary that the #ubuntu channel is quite busy. Ubuntu seems to be popular with new linux users so there seem to be a lot of “newby” questions on there. Good they’re being answered, but it can be a pain for more experienced users.