zzz Chatter | bitpost.com/news

ssh tunnel to freedom

Sometimes I feel like I know what I’m doing, other times I realize what a noob I still am. Case in point: ssh tunnelling. Why haven’t I fallen in love with this before?

Tunnelling out of a heavily-firewalled network across the interwebs to a box on an internal lan through a public ssh-accessible box is absolutely trivial. OK, that sounded complicated, but it’s just what I need! An example is in order:

# Make sure this works from a machine inside the heavily-firewalled network
# Ask your IT department to open port 22 if needed, or you can go through a proxy on an open port
ssh me@mypublicmachine.com

# Now let's redo it, but add a tunnel from a local port to a port on a machine on the LAN side of the public box
ssh -L 8000:box_on_lan_side:80 me@mypublicmachine.com

# Now you can browse to the apache server on box_on_lan_side from within the firewalled network
firefox http://localhost:8000

Whee!

Comments | Thursday, February 21, 2008

sudo is useless…

sudo does all this crap “to remain secure”:

Variables that control how dynamic loading and binding is done can be used to subvert the program that sudo runs.  To combat this the LD_*, _RLD_*, SHLIB_PATH (HP-UX only), and LIBPATH (AIX only) environment variables are removed from the environment passed on to all commands executed.  sudo will also remove the IFS, CDPATH, ENV, BASH_ENV, KRB_CONF, KRBCONFDIR, KRBTKFILE, KRB5_CONFIG, LOCALDOMAIN, RES_OPTIONS, HOSTALIASES, NLSPATH, PATH_LOCALE, TERMINFO, TERMINFO_DIRS and TERMPATH variables as they too can pose a threat.

What a useless waste of time. As the man page says:

There is no easy way to prevent a user from gaining a root shell if that user is allowed to run arbitrary commands via sudo.

So what’s the *(%#@&#$ use of crippling the environment? I’ve been trying to get a successful root-initiated [make install] going from a user-initiated script file, and sudo has wasted my time. [su] to the rescue. This will use your proper root environment:

su -c "make install" -

The down sides are that you’ll be prompted for your password every time you call su, and you have to use the root password. But sudo is worthless.

/rant

UPDATE: [su] is no better. I lied, you still won’t get your full environment. The only solution is to actually RUN your shell environment scripts yourself from a batch file that you execute with -c. Live and learn.

Comments | Monday, February 18, 2008

Dropped an 8GB SDHC card in my Treo 700p

OK, the first time I tried all the various available hacks to get this to work, I somehow managed to hard-reset my Treo AND trash the PC backup (something must have run wildly through the Treo memory and really trashed the place).

The next time, I tried this and so far it’s working like a charm. Here’s a dupe of the information in case the link goes bad… (continued…)

Comments (1) | Friday, February 15, 2008

Finally, I git it.

I usually yawn when the latest development “paradigm shift” rolls by. But there is a paradigm shift in source control software (software change management, software configuration management, source code management, version control system, revision control or whatever more “correct” term you want to use, geesh) with which I have fallen in love. In a word: distributed.

I am poking my toe in the ocean of mythtv development, and all I wanted to do was track my own changes along with the latest changes submitted by the main developers. Sounds totally basic, right? I traveled down a bit of a road though before I came to the best solution: git. Check out the git-for-open-source wiki article for the why and how. git fits like a glove.

Just as a teaser, here’s what you’ll end up with:

                   repo1
            mybranch<->master
           /                 \
public repo                   svn repo
           \                 /
            mybranch<->master
                   repo2

Comments | Monday, January 28, 2008

Eclipse CDT getting the job done

I’m not a fan of java, but I am a firm believer in using the right tool for the job. Eclipse CDT is turning out to be the IDE of choice these days. I’ll update this as I get deeper…