Shell script for Flickr/Blogger Goodness

Embed your Flickr images into blogger while linking to their page (as opposed to just the image itself). Like this (not my image, just an interesting one I found):



Just edit the flickrbase url in the script, and enjoy. Run the script with the image URL in the command-line, and it gives you the HTML to paste into blogger.

Note, this won't link to other peoples' flickr pages as-is, nor can it tell you the username for any given flickr image. If you want to embed someone else's flickr images, you'll need to edit the flickrbase url to match that of the person whose images you wish to use. Although I don't advise shameless ripping of other peoples' stuff.

Script is available here:
http://stuff.h-i-r.net/blogstuff/fr.sh

"Hacking" MediaWiki PasswordProtected extension

I say "Hacking" because this is so retarded that I can't even believe it.

A group I'm working with (not directly related to HiR Information Report) is thinking of setting up a Wiki on the network for internal collaboration as well as communication of policies and contact information to other groups within the organization. They want some stuff (for instance, step-by-step audit documentation) to be shielded from view. This isn't Internet-facing, but it's stuff that no one else really needs to know. With that, they had the sysadmins install MediaWiki installed with the PasswordProtected extension.

Usage is simple. You use a "password" tag object around the text of the password you want to use.

Bypassing it is even simpler. Just look at the page history of the password protected page. There, in plain text, lies the password for all to see. See, I told you I couldn't justify saying "hacking" without putting quotes around it. I've been unable to get in touch with the maintainer of this extension.

Consider me disgusted. If you use this extension, quit fooling yourself. I guess it's back to the drawing board for my friends, though.

Sysadmin Sunday: Linux and BSD Filesystem attributes

Most sysadmins are familiar with the concept of file ownership and permissions. Read, Write, and Execute are ingrained in our memories from the start. Sometimes, though, that's not enough. Here are some extended attributes for files in Linux and *BSD:

BSD:
To set file flags in BSD, use chflags. To view them, use ls -lO. Flags are as follows (from the chflags(1) man page):

  arch, archived
          set the archived flag (super-user only)

  opaque  set the opaque flag (owner or super-user only).  [Directory
          is opaque when viewed through a union mount]

  nodump  set the nodump flag (owner or super-user only)

  sappnd, sappend
          set the system append-only flag (super-user only)

  schg, schange, simmutable
          set the system immutable flag (super-user only)

  uappnd, uappend
          set the user append-only flag (owner or super-user only)

  uchg, uchange, uimmutable
          set the user immutable flag (owner or super-user only)

  hidden  set the hidden flag [Hide item from GUI]

    As discussed in chflags(2), the sappnd and schg flags may only be unset
    when the system is in single-user mode.

    Putting the letters ``no'' before or removing the letters ``no'' from a
    keyword causes the flag to be cleared.  For example:

  nouchg  clear the user immutable flag (owner or super-user only)
  dump    clear the nodump flag (owner or super-user only)

schg and sappnd are particularly useful. As described, they place files in an append-only or immutable state, where nothing, not even root can break the rules without first going into single-user mode and disabling the flag. uchg will keep you from accidentally clobbering an important file as well, but can still be un-set by you.

Example viewing, setting, and demonstrating the uchg flag:

Chimera:Documents axon$ ls -lO
total 32
-rw-r--r-- 1 axon staff - 8258 Apr 6 19:16 description.html
-rw-r--r-- 1 axon staff - 21 Apr 2 12:25 file.doc

Chimera:Documents axon$ chflags uchg description.html

Chimera:Documents axon$ ls -lO
total 32
-rw-r--r-- 1 axon staff uchg 8258 Apr 6 19:16 description.html
-rw-r--r-- 1 axon staff - 21 Apr 2 12:25 file.doc

Chimera:Documents axon$ rm description.html
override rw-r--r-- axon/staff uchg for description.html? y
rm: description.html: Operation not permitted

Chimera:Documents axon$ chflags nouchg description.html

Chimera:Documents axon$ rm description.html

Chimera:Documents axon$ ls -lO
total 8
-rw-r--r-- 1 axon staff - 21 Apr 2 12:25 file.doc


Linux:
Use chattr to set attributes and lsattr to view them.

From the chattr(1) man page:

The format of a symbolic mode is +-=[ASacDdIijsTtu].

The operator ‘+’ causes the selected attributes  to  be  added  to  the
existing  attributes  of  the files; ‘-’ causes them to be removed; and
‘=’ causes them to be the only attributes that the files have.

The letters ‘acdijsuADST’ select the  new  attributes  for  the  files:
append only (a), compressed (c), no dump (d), immutable (i), data jour‐
nalling (j), secure deletion (s), no tail-merging (t), undeletable (u),
no  atime  updates  (A), synchronous directory updates (D), synchronous
updates (S), and top of directory hierarchy (T).

As you can see, most of these attributes are similar to the BSD flags. We'll do the same thing on Linux with the immutable attribute.

axon@hosting:~/hir-test$ lsattr
------------------ ./internet-resume.doc
------------------ ./mail.sql

axon@hosting:~/hir-test$ chattr +i mail.sql

axon@hosting:~/hir-test$ lsattr
------------------ ./internet-resume.doc
----i------------- ./mail.sql

axon@hosting:~/hir-test$ rm mail.sql
rm: remove write-protected regular file `mail.sql'? y
rm: cannot remove `mail.sql': Operation not permitted

Trying this... Posting from jlime

Thanks to a tip from a jlime forum denizen, I found out that an older kernel would work better on my Jornada 720. Suspend works, WiFi works, even the Torsmo status app works better. Minimo didn't like Blogger, but the Dillo browser seems to be working albeit in a really minimalistic way like you'd expect in a phone's browser.

In short, this is actually a completely functional networked Linux PDA right now. I'll keep this around and do some periodic reviews as I further use this platform.

UNIX variants on HP Jornada Palmtops

We covered this a bit at the 2600 meeting last night. I don't have a lot of time to go into detail, but here's a quick breakdown.

Asmodian X got me hooked on Windows CE Palmtops back in late 1997. I picked up a floor model HP 300LX for cheap, and actually used it as my main computer (including Dialup BBS, Telnet, Mail, and web browsing) for quite a while. It was more than sufficient for typing my papers for class and interfacing with the UNIX servers. Asmo also had a Casio Cassiopeia running CE, so we tinkered with this stuff a LOT back in the day.

Later, at DefCon 6, we'd run into a guy with an HP 620LX. That thing had a full color screen and a significant boost in memory, not to mention sound recording ability. This all sounds cheesy now, but it blew away the devices we had with their four or 16-color greyscale screens.

As time has progressed, I've also acquired an HP 320LX (same as 300LX but with a backlit screen and more RAM), a Jornada 680e (Refurbished Dutch Railways model) and a Jornada 720.

The HP300's are currently packed away somewhere, but the Jornadas are alive and well.

I was considering NetBSD and Linux for this project, but I found out that the NetBSD project for these pretty much died once they could say "it boots!" You have to use a serial cable for the console. In other words, it's useless until someone ports wscons and some device drivers. So, I chose JLime Linux, which is still in active development -- the kernel build on my 720 (Mongo branch) is less than two weeks old!

To install JLime, you need a CF card that's at least 128MB. You create 3 partitions:

1. FAT partition usable from within Windows CE
2. ext2 partition for Linux to run from
3. Swap partition for virtual memory

You copy the bootloader, boot configuration file and zImage (kernel, etc) to the FAT partition, and then uncompress the jLime userland onto the ext2 partition. Since the files were compressed with bzip2 and BSD's tar utility doesn't know what to do with that, I had to uncompress it before using tar. Make sure you run tar as root (or with sudo) and with "xpf" or "xvpf" to retain the file permissions and ownership of the userland image.

Once you insert the card into the PDA and run the boot loader, all of the PDA's memory will be completely wiped, so all files and data on it will be lost. Windows CE stays in ROM so when you reboot, Windows CE will be back in initial setup mode.

I actually put the boot loaders and zimages for both the J680e and the J720 on the FAT partition, created two different ext2 partitions, and left one shared swap partition on my 2GB CF card. Had I been thinking, I would have made a third ext2 for a shared home directory between the two PDAs.

Right now, here's the status of them:
Jornada 680 running jLime (Donkey):

• Boots Linux, loads fine.
• The keymap is completely trashed (dutch keyboard layout) so I can't login.
  
• Apparently, the J680 can "suspend" while running jLime.
  

Jornada 720 running jLime (Mongo)

• Boots Linux
• Runs X with IceWM
• Various X Apps work fine (MiniMO Browser, aterm, etc)
• Recognizes PCMCIA Ethernet and 802.11b/g wireless cards
• Can't seem to use the network, even when configured properly (dhcp doesn't get an address, wireless cards can't associate to open, unencrypted networks, etc)
• Cannot go into suspend mode properly. The backlight stays on, limiting battery life.
• After halting, the PDA can't reboot without a hard reset (removal of main and backup battery at the same time)

So, it looks like jLime has a little ways to go yet, but it's a functional UNIX environment, at least on my Jornada 720. I just wish I could get the networking piece to work properly. I could almost live without a suspend mode, since many of my other laptops don't particularly like to suspend, either.

April Kansas City 2600 Meeting Sneak Preview

jlime Linux on the HP Jornada 720 Handheld/PC

This and a bunch of other stuff at the KC 2600 meeting.

Tonight (Friday, April 4 2008)
Oak Park Mall Food Court (Northeast entrance)
SE Corner of 95th and Quivira in Overland Park, KS
Starts at 5:00PM. Look for geeks with laptops.

UNIX Tip: Double Dashes

Files that start with a dash can cause problems if you don't know how to deal with them. Let's take a look:

Chimera:Documents axon$ ls -1
-file.doc
2008-03-30.mp3
BitPIM.dmg
H-i-R.xcf
Parts.odt
vCards

The file "-file.doc" will cause problems with most command-line tools because they think -file.doc is an argument, not a file name.

Chimera:Documents axon$ cat -file.doc
cat: illegal option -- f
usage: cat [-benstuv] [file ...]
Chimera:Documents axon$ rm -file.doc
rm: illegal option -- l
usage: rm [-f | -i] [-dPRrvW] file ...
       unlink file
Chimera:Documents axon$ mv -file.doc file.doc
mv: illegal option -- l
usage: mv [-f | -i | -n] [-v] source target
       mv [-f | -i | -n] [-v] source ... directory

See what I mean?

Placing two dashes anywhere in the argument list of almost every shell utility will tell that utility that all of the optional arguments have been passed and that anything following the double dash is to be taken literally -- usually this means it's a filename*. This lets you manipulate files that would otherwise cause you problems.

Chimera:Documents axon$ cat -- -file.doc 
this is a test file.
Chimera:Documents axon$ mv -- -file.doc file.doc
Chimera:Documents axon$ ls -1
2008-03-30.mp3
BitPIM.dmg
H-i-R.xcf
Parts.odt
file.doc
vCards

For clarity, I used ls -1 (the number one not the lowercase letter "L" ) to force output to one filename per line.

* For certain things, the literal arguments are passed on to a separate utility or script. A good example of this: Most startx scripts process command-line arguments, but you can use -- to pass additional arguments directly to the X Server, untouched by the startx script.