Gidget is a script interface to linux inotify. That means it can cause a script or program to be run when a filesystem object (typically a data file) is modified (usually, by being created or deleted). It does this with no processor overhead, so a system using gidget to react to filesystem changes can potentially support much more activity than polling algorithms can. It also means you can really hurt yourself if you don’t structure your scripts very carefully and manage your security properly – this is a major power tool, not a pocketknife! You must carefully plan your permissions, access controls, and process limitations.
The new version correctly loads secondary groups when it creates the script execution process. This is typically pretty important – groups are a robust and reliable means of access control, and more portable than ACLs. Gidget is written in C, because it is a kernel-interactive process that can be run in a privileged (or unprivileged) mode. I strongly recommend thorough testing of your configuration in unprivileged, single user mode.
As usual, the new version is well tested; it has been in active production use for several years. Thanks as always to HBCS who originally sponsored the development of gidget under version 2 of the GNU General Public License.
Category Archives: tools
SpaceX lands at sea
Reply
A little late with the news, but anyway the SpaceX’s Falcon-9 has successfully landed on the drone barge “Of Course I Still Love You”. The landing deck is 170 by 300 feet long, and the Falcon’s legs stand 60 feet apart. As you can see by the whitecaps, the sea was very rough with high altitude crosswinds of 50 mph and low altitude winds of 25 mph.
For true space geeks, the beautifully produced full 18 minute video:
https://www.youtube.com/watch?v=_ZXu_rYF51M
Mikulski Space Telescope Archive
I’m not a huge fan of outgoing Maryland senator Barbara Mikulski herself, but the viagra online mastercard If viagra india online you are not attracted towards your female’s look, you cannot get hard in the bed. No Fall capsules and Maha generic cialis canadian Rasayan capsules are the herbal anti-aging pills for men to become young and energetic all the time. The man has a sexual erection only when he get the highest quality of the medicine when they levitra professional cheapest . href=”https://archive.stsci.edu/”>Mikulski Archive for Space Telescopes is pretty great. I like their little code snippets.
Sintel means “ember” or “coal”
The Blender Foundation released Sintel on September 30th, 2010.
The film and all its animation data, characters and textures have been released under the Creative Commons Attribution License. This has not stopped Sony from issuing DCMA takedowns.
Comodo up to more tricks
People occasionally ask me who they should buy security certificates from. I absolutely will not recommend anyone in particular – even the most honest and honorable Certificate Authorities are inherently swindlers, because the trade itself is pretty much a legalized extortion scheme – but I am willing to say who I don’t recommend – Comodo is the worst CA, hands down. Witness their latest hijinks:
This certainly isn’t the first time Comodo’s been caught doing things they shouldn’t, but somehow they still control around a third of the world’s certificate issuance. People need to stop giving business to known bad actors, even when it’s unclear whether the actions stem from malice or incompetence.
Query all non-subscribed RHEL7 repos at once
The old Red Hat Network was simple and easy to use. The RHN website presented a list of systems in your web browser, with counts of outstanding patches and outdated packages. You could click on a specific system name and do various things like subscribe to specific repositories (channels) etc.
The current Red Hat Network is a glittering javascript tour-de-force that multiplies the number of clicks and the amount of specialized knowledge you will need to manage your systems. You can pay extra for add-on capabilities such as the ability to select groups of systems and apply a set of operations to all of them, which is almost certainly necessary if you have a large number of systems. It’s a sad travesty of the much-maligned system it replaced.
If you’re completely entangled in the new RHN with your Red Hat Enterprise Linux 7 systems (by which I mean that you haven’t managed to exit the Red Hat ecosystem for a more cost-effective infrastructure yet) you might want to do something like figure out which of the various poorly named repos (such as -extras, -optional, and -supplementary) contains some particular package you want.
Command line to the rescue! Ignore all RHN’s useless beauty and use ugly, reliable Gnu awk. This, for example, finds the repo where the git-daemon package has been hidden away.
subscription-manager repos --list | gawk '/^Repo ID/{print "yum --showduplicates list available --disablerepo=\"*\" --enablerepo=" $3}' | bash | grep -i git-daemon
After several minutes (there’s a lot of network traffic involved) you’ll find that versions of git-daemon are in five different repos.
git19-git-daemon.x86_64 1.9.4-2.el7 rhel-server-rhscl-7-eus-rpms
git19-git-daemon.x86_64 1.9.4-3.el7 rhel-server-rhscl-7-eus-rpms
git19-git-daemon.x86_64 1.9.4-3.el7.1 rhel-server-rhscl-7-eus-rpms
git-daemon.x86_64 1.8.3.1-5.el7 rhel-7-server-optional-fastrack-rpms
git-daemon.x86_64 1.8.3.1-4.el7 rhel-7-server-optional-rpms
git-daemon.x86_64 1.8.3.1-5.el7 rhel-7-server-optional-rpms
git-daemon.x86_64 1.8.3.1-6.el7 rhel-7-server-optional-rpms
git19-git-daemon.x86_64 1.9.4-2.el7 rhel-server-rhscl-7-rpms
git19-git-daemon.x86_64 1.9.4-3.el7 rhel-server-rhscl-7-rpms
git19-git-daemon.x86_64 1.9.4-3.el7.1 rhel-server-rhscl-7-rpms
git-daemon.x86_64 1.8.3.1-5.el7 rhel-7-server-optional-beta-rpms
So, you query the Red Hat Package Manager, rpm, to find out what version of git you have.
rpm -q git
1.8.3.1-6.el7
Since 1.8.3.1-6.el7 matches the latest version of git-daemon available from the rhel-7-server-optional-rpms repository, that’s the one you need to add in order to load git-daemon.
subscription-manager repos --enable rhel-6-server-optional-rpms.
yum install git-daemon
This process is much easier than using the Red Hat Network web gui, and requires less specialized knowledge. Which is pretty sad, considering how arcane these incantations are.
Fiendish thingies!
I stumbled across this discussion of Asian thingies.
I believe I have seen these in a non-Asian context. I think I need to hit the books…
rsyslog & systemd
The ancient Berkeley syslog is a functionally impoverished logging mechanism, but the protocol is well understood and widely supported. You can use a modern version of the daemon (Ranier’s rsyslog or syslog-ng for example) and work around the shortcomings of the protocol itself.
I’ve been working with a Red Hat Enterprise Linux version 7 spin-up, and since systemd is basically a Red Hat product it should come as no surprise that RHEL7 thoroughly embeds systemd.
Here’s a section of the documentation that describes how the error logging works:
Some versions of systemd journal have problems with database corruption, which leads to the journal to return the same data endlessly in a tight loop. This results in massive message duplication inside rsyslog probably resulting in a denial-of-service when the system resources get exhausted. This can be somewhat mitigated by using proper rate-limiters, but even then there are spikes of old data which are endlessly repeated. By default, ratelimiting is activated and permits to process 20,000 messages within 10 minutes, what should be well enough for most use cases.
Wrench Wednesday
Once upon a time, tractors and other farm implements came with a wrench that fit all the nuts and bolts on the machinery. Farmers being the clever and parsimonious people they are, they never paid for ten wrenches when just one would do the job! I used to find these things laying all over the place in Uncle Irving’s junkyard; now they are collector’s items.
Firefox annoyance #5: redirect caching
Firefox Annoyances:
1) Sync
2) pocket
3) hello
4) everything else, other than the plug-in API itself, that isn’t a paper-thin shell around gecko
5) 301 redirect caching
To clear the 301 redirect cache for a single page, go to the “View” menu and light up the “History” sidebar (yeah, of course you forgot about that, nobody uses it), find the site you’re working on, right-click and select “forget about this site”.
annoying git
I’ve been installing git on some corporate servers with the idea of converting existing CVS and ad-hoc code management systems into something reasonably fast and modern.
It’s been somewhat tedious and painful, but supposedly once I’m done the installation will be stable and maintainable. For an enterprise SCM that’s a lot more important than ease of installation, at least in theory. (I ran OpenLDAP for a decade or more, so I can appreciate the value of putting all the pain up front.)
Today’s annoyance is that the gitolite documentation and web site refer to a “hosting user” but the toolset and other web sites describing gitolite installation talk about an “admin user”. After wasting several hours with Google trying to find out exactly what the difference was, I created a new user account for the admin user and executed the commands – at which point it became immediately obvious that THOSE ARE THE SAME DAMN THING.
Curse you, gitolite. I WANTED US TO BE FRIENDS.
mimic –me-harder
I don’t have to use mimic on my cow-orkers because they insert invisible characters into their code all by themselves. And then they tell me that “the system is broken” when their code does not compile…
Sextants are back
The Navy suddenly noticed that GPS systems are fragile.
Programming time
Never program time. Call the system instead, and let the sysadmins do their job. The GNU ‘date’ program is excellent, and a good sysadmin will maintain it rigorously.
https://www.youtube.com/watch?v=-5wpm-gesOY
Foswiki dependency hell
I really wanted to run Foswiki, because it seems like most of the TWiki devs ended up there, and because my employers want to run an enterprise wiki with fine-grained access and revision control driven from a corporate directory. Since Foswiki is written in perl, and Graham Barr’s excellent perl-LDAP modules can easily handle arbitrarily complex directory integration, I figured I’d just rip out all the code that checked users and groups against the Foswiki DB and replace it with appropriate LDAP calls, then send my mods upstream to the Foswiki devs. They seem like a good crowd, they’d probably appreciate a non-caching LDAP module.
But we’re heavily federally regulated, and we can’t run unmaintainable code. The number of unpackaged dependencies I’d need to run Foswiki on Red Hat Enterprise Linux is just unsupportable. I can’t find an audited, securely maintained package of File::Copy::Recursive, for example, anywhere. And there’s quite a few more (although some are available from EPEL).
I’d love to find a wiki engine that used real LDAP, instead of just caching copies of data retrieved by LDAP in a local database.
NASA Ames
Mercifully, the whole thing is starting to fade, to become an episode. When I do still catch the odd glimpse, it’s peripheral; mere fragments of mad-doctor chrome, confining themselves to the corner of the eye. There was that flying-wing liner over San Francisco last week, but it was almost translucent. And the shark-fin roadsters have gotten scarcer, and freeways discreetly avoid unfolding themselves into the gleaming eighty-lane monsters I was forced to drive last month in my rented Toyota. — William Gibson, The Gernsback Continuum
The photoessay This Used to Be the Future reminded me of a childhood spent reading yellowed 1940s science fiction.
Cryptic sword
13th century double-edged European knightly sword, 2lb 10oz (1.2kg), 38″ (964mm) long and 6½” (165mm) across the quillons. Found in the river Witham, Lincolnshire, in July 1825, and presented to the Royal Archaeological Institute by the registrar to the Bishop of Lincoln. The blade was broken near the tip and mended “in modern times” according to the British Library website.
Said to bear an indecipherable inscription “+NDXOXCHWDRCHWDRCHDXORUN” inlaid in gold wire on one side, but to me it looks more like “+NDXOXCHWDRCHWDRCHDXORVI+”.
James Mickens in Norway
“In this bleak, relentlessly morbid talk, James Mickens will describe why making computers secure is an intrinsically impossible task. He will explain why no programming language makes it easy to write secure code. He will then discuss why cloud computing is a black hole for privacy, and only useful for people who want to fill your machine with ads, viruses, or viruses that masquerade as ads. At this point in the talk, an audience member may suggest that Bitcoins can make things better. Mickens will laugh at this audience member and then explain why trusting the Bitcoin infrastructure is like asking Dracula to become a vegan. Mickens will conclude by describing why true love is a joke and why we are all destined to die alone and tormented. The first ten attendees will get balloon animals, and/or an unconvincing explanation about why Mickens intended to (but did not) bring balloon animals. Mickens will then flee on horseback while shouting ‘The Prince of Lies escapes again!'”
https://vimeo.com/135347162
The User IS the Enemy
Excellent, often tongue-in-cheek pdf by Stuart Schechter about the unique problem of designing computers that have to function around children.
The User IS the Enemy, and (S)he Keeps Reaching for that Bright Shiny Power Button!
Traceroute vs Tracert
Van Jacobsen’s traceroute utility is not the same thing as Windows tracert, and the MS-Windows tool is probably more academically correct. The GNU version of traceroute that is included with most linux and BSD operating systems can do both kinds of tracing, but does the Van Jake by default (use traceroute -I to get the windows-style ICMP trace).
People have occasionally given routers silly names to produce amusing traces.
The Noggler
I am now the proud owner of the Steve Naugler Elec-Trak electric leafsucker version three. Heather says that’s too long of a name, so in Steve’s honor it ought to be called simply the Noggler. No word yet on what Steve thinks about that.
The original Elec-track E-Z Vac was a frankenstein from birth; Geo reports that it had a massive E12 drive motor attached to a blower and volute made by the E-Z Rake Corporation of Lebanon, Indiana. Thirty inch tall sheetmetal side panels and a cloth top were added to the sturdy Elec-trak dump cart to form the leaf bin, and two lengths of 6″ black plastic tubing connected the bin to the blower, which mounted on the rear stabbers, and the blower to a deck adapter that mounts on any side-output Elec-track mowing deck. The E-T dump cart itself was made by Ohio Steel Fabricators, who probably also made my Sears Craftsman cart of the same vintage.
Steve kicked it up a notch, building this excellent contraption using the deck adapter from an Easy-Vac, the blower from an original Elec-trak E-Z Vac, and the cart from the largest Trac-Vac. It’s like a best of breed hybrid from every leaf sucker known to man. He found some fancy piping that is mostly clear, so you can see blockages without dismantling the thing, with a yellow spiral stripe that matched the original paint job of Steve’s E-15. The leaf bin’s top is steel screening rather than cloth, and it has a sort of hood at the front that prevents leaf debris from ending up in the tractor driver’s hair.
Steve’s sold his wooded property and divested himself of his Elec-Trak and attachments – but the Noggler lives on. I’m almost looking forward to leaf-fall this year.