When using SSH with public-key authentication, ‘
ssh-agent‘ is a useful compromise between storing the SSH private key un-encrypted to disk and having to type the key`s passphrase every time you need to make an SSH connection.
When using SSH from scripts, things are further complicated, because no one is around to type in the passphrase. From this reason, SSH keys that are used by servers are, more often then not, stored with no encryption, thereby becoming a lucrative target for hackers.
With some clever manipulation, a script can be written in such a way where it can make use of the ‘
ssh-agent‘ to load and use an encrypted private key.
One of the reasons I am a fan of the Humble Bundle and a repeat buyer, is the fact that it always offers Linux ports of the games sold.
With that in mind, Imagine my surprise, when I found out that games that were already sold in the past via the bundle, do not offer the Linux ports when they are sold via the Humble Store.
Case to the point: Limbo. I have the Linux port. I bought it via the Bundle. But I can’t recommend it to my Linux using friends because they have no way to get it now that the bundle is done with.
The terminal emulator is an ancient but essential tool in the arsenal of any advanced computer user. The terminal emulator allows one to access the command line shell interface of the operating system while working in a graphical environment. The existence of the terminal emulator allows one to simultaneously enjoy both the visual appeal and discoverability of graphical desktop applications and the accurate efficiency and expressiveness of a command-line interface.
While the graphical computing environments have been undergoing a user-experience driven revolution in recent years, the terminals emulators have seen little change. There have been some superficial additions such as tabs and split windows, but in essence today’s terminal emulators still closely resemble their hardware counterparts of old.
Recently there have been attempts to bring modern UI concepts to the terminal emulator and give it a modern overhaul.
So-called cloud storage services such as DropBox, SpiderOak, SkyDrive and Google Drive provide a convenient means of moving files between different computers and have largely eliminated the need to use USB thumb drives or other physical means to move data. Most online services however, suffer from one or more of the following shortcomings:
- The amount of storage one can use tends to be very small. Especially when considered against the size of an average computer hard drive.
- The user’s data is completely exposed to the cloud provider.
- The end-user software provided by the cloud provider may not support all platforms the user has, and may provide limited features.
From the above reasons, I was very excited to hear about BitTorrent Sync. BitTorrent Sync eliminates the first problem by having the amount of storage a user can use limited only by the size of the hard drive that he has. It solves the second problem by being completely peer-to-peer, which means that data is synced only between computes that the user chooses and controls. The 3rd problem is so far been approached in a satisfactory manner as clients are available for all major platforms.
Docker seems to be all the rage this days, everyone seems to be running around integrating it, building things on top of it and generally giving it great press. It is no surprise then that I decided I should look into what this is all about.
The one bit of information I found somewhat less frequently discussed is where everything gets stored.
Storage is important. Disk partitioning is the first task any OS installer puts you through, even before that, an experienced sysadmin pays great attention to what kind of storage devices and channels go into a server. Data storage decisions have great effect on how your system end up performing, how robust is it as well how easy is it to backup and repair when it breaks. Bad storage decisions tend to be hard to fix, necessitating large data transfers and long downtimes. Indeed, allowing a sysadmin to fix bad storage decisions is where LVM, Veritas Volume Manager and other storage visualization tools come from.
There is a not so well documented way to link together separate Ethernet segments by using GRE tunnels over IP networks while using only Linux Kernel capabilities and not requiring any userland daemons.
This can be useful to make physically separate networks appear as one, although linking over the internet in this way may not be very wise as the tunnel isn’t encrypted.
This can also be used to simulate multiple separate networks for virtual machines running on different physical hosts, without requiring VLAN tagging support from the physical network or using Open vSwitch.
The basic idea is to add a tunnel link of type “gretap” and attach it to a bridge, here is how to see what little documentation is available about it:
ip link add foo type gretap help
Here is a blog post providing some further explanation.
This capability has existed in the kernel since 2.6.29, so it is included in most moderately-recent distributions including RHEL/CentOS 6, Ubuntu (since 9.10 – Kermic) and Debian (since 6.0 – Squeeze).
Like many unfortunate office/productivity areas, project management, and especially Gantt-Chart production, seems to lean heavily on a single Microsoft product to the point where abstract-seeming work practices are actually derived from technical features and properties of that product.
A couple of years ago I tried to create a Gnatt-Chart on Ubuntu. I initially thought that would be a no-brainer, but it proved to be harder then anticipated.
Lynis is a security vulnerability scanner similar to the Debian harden package or Bastille Linux.
The main advantages it provides over those tools is its support for multiple operating systems and a very clear and friendly reporting format.
With its tiny dimensions, high-powered hardware spec, low power consumption and Linux Mint installed out of the factory, the Intense PC or its branded sibling, the Mint Box, might very well be the next computer I buy. The manufacturer operating out of Israel makes this practically a no-brainer.
About the only gripe I have about this device is that it contains no battery. Next to modern phones, laptops and tablets, the PC’s “habit” of shutting down at the slightest power interruption makes it seem as anachronistic as an 80s double cassette boom-box.
I’ve recently decided to take the time and look into the various open-source systems for server deployment and life cycle management. As the amount of servers in the data-center grows, as well the the demands for quicker response to rapidly changing IT needs in the organization, performing manual server installation, or even using a manually configured Kickstart server simply doesn’t cut it.
The following is a list of server deployment and life cycle management systems I could find on the Internet, and what I could learn from reading the documentation available on their websites. Continue reading