I have moved! Check out my new home at:
While this page will remain up indefinitely, please update your bookmarks as I will no longer be posting here.
Saving Keystrokes With Brace Expansion
Published December 3, 2009 Linux 2 CommentsTags: Bash, Linux, Productivity, Programming
Bash is a wonderful fully featured shell that provides a multitude of ways to cut back on your keystrokes. One of my favorite features, which I don’t see used often enough, is brace expansion. Simply put, brace expansion lets you specify multiple similar arguments without retyping the commonalities.
With this handy feature, you can do a multitude of things. You can make a backup copy of a file:
cp /etc/mpd.conf{,~} #Same as cp /etc/mpd.conf /etc/mpd.conf~
Then you can restore that file:
cp /etc/mpd.conf{~,} #Same as cp /etc/mpd.conf~ /etc/mpd.conf
Obviously, it doesn’t stop here. You can make a whole directory structure:
mkdir -p /squashed/{usr,opt}/{rw,ro} #Same as mkdir -p /squashed/usr/rw /squashed/usr/ro /squashed/opt/rw /squashed/opt/ro
Bash will expand ranges as well. You can create a zero padded range like so:
echo {000..100} #Will print 000 001 002 003 ... 097 098 099 100
Ranges aren’t limited to being numerical. Better yet, expressions can be the preamble and postscript to each other.
echo {0..9}{A..Z} #Prints 260 strings!
If you really use your noodle you can nest expressions, though I’ve personally not come across a situation where this has been needed (yet).
Gno More Gnome: Enter the Tiling WM
Published November 27, 2009 Linux 7 CommentsTags: AwesomeWM, desktop environment, DWM, Gnome, tiling window manager, Xmonad
Gnome has always treated me well. It provides many of the features a user needs on a daily basis, and then some. Converts from Windows will appreciate the similar look and feel of a task bar, mouse behavior, and floating window layout thanks to Compiz or Metacity. Gnome has been my DE for quite some time now. I tinkered with KDE and XFCE, but they never seemed to behave as cleanly as Gnome. As my Linux skills have developed, I’ve found myself increasingly using the terminal. I’m proud to say that I’m 100% sold on Vim as a fully functional text editor with just about every feature I could ever want. My music player of choice is ncmpcpp — an ncurses based front end to MPD, and I use irssi for IRC. Gnome-Do, a fantastic application launcher, essentially was relegated as a launcher to urxvt. Then it hit me. Why am I bothering with this now seemingly archaic mouse-centric interface when I’m constantly using the keyboard? My GUI should complement this! I browsed around looking at various tiling window managers which were purported to be more keyboard friendly. Here’s a few I checked out:
Xmonad: Fairly lightweight, but being based entirely in Haskell, ends up being a fairly large investment if you’re not already using other Haskell programs. The config is, of course, also based in Haskell. Any changes require a recompile of the source code, as the config is essentially a header file, but this can be done on the fly and isn’t that unfriendly of a process. Addons such as Xmobar exist to give you a launcher and panel interface, making the environment more immediately informative. Given the Haskell overhead requirement and my lack of interest in learning the language, I quickly moved on. This isn’t to say that I’m discounting Xmonad as a window manager. A Haskell programmer would be more than at home here.
AwesomeWM: This tiler is, as you might expect, completely awesome. I found it to be somewhat full featured for the lightweight world of tilers. The source and config is written in Lua — a language I’m very familiar with after writing addons for World of Warcraft for a year. However, because its interpreted, it can be a little less responsive than a window manager based on a compiled language. Awesome comes with several helper libraries to improve your experience, colorfully named such as: awful, beautiful, wicked, and naughty. They bind with outside programs to give you features such as keybindings, popup notifications, and widgets. The downside is that the author of Awesome doesn’t live up to his own WM. Many users have left Awesome frustrated because of the tendency of the author to change the entire configuration format on a new release. Writing a proper config for a tiling WM can be tedious the first time. I’m not sure I want to be forced into rewriting just to get access to new features and bug fixes. It was here that I had my first introduction to a tiler called DWM, which Awesome is a fork of.
DWM: Dynamic Window Manager by suckless.org. Or as I would like to call it, Damn! Win Much? In addition to uncovering this via Awesome, I had also read briefly about DWM by way of the Arch Linux forums. I had seen oh-so pretty snapshots of users’ desktops in the monthly screenshot thread. This WM is about as basic as it gets, but it quickly grows on you. The codebase and config are both C, and who doesn’t have gcc installed on a Linux box? After gleefully compiling and building a package for DWM (which took less than 10 seconds), I was wondering if it would even work. Was I missing a file? An entire directory? There were no errors. Hrmm.. a quick check with `du -sh` in the build directory revealed something beautiful: The source code, dump files, compiled code, and the ready to install package comprised less than 400kb. It runs. A recompile is required when changing the config, but it can be done seamlessly. By executing dwm in an infinite loop via .xinitrc, you can recompile and reinstall DWM, use the default shift+mod1+q to kill the WM, and it immediately pops back with all your programs still running. Fabulous. The WM makes gratuitous usage of what it calls tags. Programs are defined in the config as associated with these tags so that they’re always opening where you expect them. Dmenu is another piece of software made by suckless meant to complement DWM. It’s an application launcher that will make Gnome-do users feel right at home. One last bit of praise — DWM has a man page in which no user of this WM will want to go without reading, as it provides extraordinarily useful shortcuts which you will use on a regular basis. You’ll also find that they’re somewhat reminiscent of Vim — mod1+h, j, k, l invocation is present.
Scrotwm: Honorable mention for name.
I’ll definitely be sticking with DWM for a while. While I’m not rushing off to uninstall Gnome just yet, I’m thinking it’s only a matter of time. One other thing to mention about almost any of these low level tiling managers is that the config doesn’t end with the WM specific config file. You’ll find yourself writing all sorts of helper scripts as well as fleshing out your .xinitrc, .Xresources, .xsession, .profile, etc. in order to complete your GUI experience. I won’t lie. It’s going to be a lot of work to get it just right, but similarly to a program like Vim, you have to look ahead and know that with the steep learning curve comes great power and fantastic results. You’re not alone though. The great Google provides unlimited resources for configuring just about everything, and many users of DWM and other tilers have made available their dot files and configurations via GitHub.
Security is a big buzz word these days. As CPUs gets faster, the power of those with malicious intent increases, so on some level, it warrants some concern. The latest release of Ubuntu boasts the ability to encrypt not only your data partitions, but your swap as well. While this does have its place, I believe that whole hard drive encryption is often used unnecessarily, while other more appropriate security measures are ignored. Let’s examine something that I do feel is worthwhile, and can sometimes be overlooked.
SSH, for example, is a protocol that I use almost every day to access my home LAN. It’s easy, convenient, and far too often not secured properly. Here’s some easy steps you can take to make sure you don’t have any unwanted intruders:
- Port: Change the access port for your SSH server. As the saying goes, “security through obscurity is no security at all”, but we’re not going to give an armchair cracker an excuse to think that your public IP is intriguing. The set of ports that most malefactors are interested in are in the 3 digit range, because that’s where the majority of the service ports are defined by the IANA. With that in mind, pick a port well into the 4 digit range, and try to make it something you’ll remember. Of course, you’ll need to make sure that you’re forwarding the correct port on your firewall as well.
- Protocol: Ensure that SSH-1 access is disasbled by specifying “2”. SSH-2 clients are readily available for Linux and Mac via openSSH and Windows via PuTTY, so there’s no excuse for using an outdated protocol with proven security flaws. This also means using an rsa/dsa key pair for your host key. If you find that your default configuration was set to allow SSH-1 connections, you may have to regenerate the host keys with ssh-keygen.
- ClientAliveInterval: Set a timeout for your sessions. This option is specified in seconds and will automatically disconnect you if you’re idle for longer than this duration. This is useful in case you’re pulled away from the computer you’re working at and forget to close your session.
- Use your /etc/hosts.deny and /etc/hosts.allow to your advantage. If you’re only going to be connecting from specific locations, find out the public IPs of those locations and add them to your hosts.allow, while ensuring that hosts.deny denies everything else.
- RSAAuthentication and PubkeyAuthentication: Use assymetric encryption to authenticate yourself by specifying “yes” to these. Making a public and private key pair is easy, and far more secure than any password you could ever dream up (and hope to remember). Controlling physical access to the keyfile is trivial, as well. Limit the number of places it exists. For example, my key only exists in two places: buried in my home directory with restricted permissions, and on my USB drive which stays attached to my keychain. It also uses a strong password which wouldn’t be easily cracked by a dictionary or brute force attack.
- PasswordAuthentication: Disable password based authentication by specifying “no” to this. This goes along with the above. If you’re going to be carrying around your private key, there’s no need to leave the door open for someone to try and brute force their way into your system with a password. You can, however, allow password access from within your own network by using the “match address” parameter in your sshd_config file. There is a caveat with this: if you have a wireless network, please make sure its secure. Use WPA2 encryption with a strong passphrase, filter MAC addresses, set a narrow DHCP scheme, and if you’re truly paranoid, you can use a network mask of more than 24 bits to reduce the number of available addresses across the entire network. In other words, if you set a subnet mask of 28 bits or 255.255.255.240, you effectively have a network of 14 addresses, including your router (xxx.xxx.xxx.1 through xxx.xxx.xxx.14). This handy Subnet Calculator can help you find the fine tune your network to your needs.
Last but not least, check the logs! Make sure that your security measures are effective. If you see an IP that looks malicious and you haven’t set a deny all rule in hosts.deny with explicit allows, add the offending IP’s entire network to the deny list.
Happy SSH’ing!
Random website for those of you out there who are PC builders and think you have mad skillz. Check out these and see how how much you have to learn about true artistry.
