Flatpaks, Snaps, AppImage - Oh My!
I haven’t been a fan of snaps since the beginning. Why? Because they include all the dependencies in the install packages, AND those package versions are only used by the single snap/flatpak/appimage, the amount of waste is huge.
Snaps also have restrictions for which storage can be accessed. Snaps usually allow access to HOME and stuff under /media/, but nowhere else.
No, you can’t access NFS storage or CIFS storage that is mounted elsewhere.
No, you can’t access /tmp/.
I’ve found no way to override the compiled-in limitations.
How much disk and RAM waste is involved? An example, is the vidcutter tool. Normally, I’d use mkvmerge —split parts: to accomplish simple cutting, but sometimes a GUI is handy. The cuts will be on GOP boundaries anyway, so it isn’t like this is frame-accurate.
New Video Codecs Like VP9
I’d love higher quality videos at lower file sizes. Who wouldn’t?
But the answer isn’t really that easy. We have hardware that needs to play the newer codecs and that is the issue for many people.
Traveling Computer Security 5
7 things all travelers with smartphones and computers should do to be secure while traveling.
Recording TV from HDHR-Connect 1
Got a new toy recently, an HDHR4-US (also known as an HDHR-Connect) from SiliconDust. These are the guy who have been making the HD-Homerun network TV tuners for years.
Don't Trust Consumer Routers 3
Another example of why you shouldn’t trust consumer routers. d-link
It isn’t just this specific d-link router. We’ve seen the same issues over and over and over with pretty much every non-enterprise vendor.
Plus we don’t want our devices used by crackers to DDoS Brian Krebs anymore, right?
We are Linux people. We CAN do this ourselves.
HDMI Splitters and Switches Fried Hauppauge 1512 5
I love the smell of burning electronics in the morning. NOT!
I’ve had an HDMI splitter and Hauppauge 1512 recorder for about 2 yrs. These devices have worked well together and allowed me to push HDMI content to the 1512, a monitor, and a projector all concurrently. Worked nice, but only supported 1 input and only the 1512 only has drivers for Windows (booo).
So I picked up a J-Tech Matrix 4×2 HDMI switch/splitter to better control which inputs were sent to the different outputs without needing to swap cables anymore.
HDMI is a stateless connection, right? Perhaps not. Got everything connected and started having the matrix switch through the different inputs trying to see the output on either/both of the output devices. Didn’t appear that the handshake had worked, so I decided to disconnect the splitter and instead of it being just before the monitor, it would be in front of the matrix switch. As soon as the HDMI cable was connected to the Hauppauge device, I heard a little “Hiss” …. didn’t recognize it immediately, but then saw a little white smoke coming from the 1512 device. It sits along on the rack here – plenty of airflow around it. First unplugged the HDMI cable, but that didn’t immediately stop the growing smoke, so I pulled the power input. That stopped the smoke and hissing, but the 5 seconds probably fried the innards completely. Hopefully, no damage to other connected devices has happened. Don’t know yet.
So … I’m in the market for a
- linux compatible,
- USB-connected (can’t use card-solutions),
- HDMI video,
- HDMI 5.1+ audio
recording device that doesn’t cost $2K.
Any ideas?
Fast and Easy LXC Deployment 2
LXC is getting easier and easier to use.
Flockport seems to be the easiest way to stay mostly standard, yet still be LXC-based.
It doesn’t seem to be as flexible or complex as Canonical’s Juju’s or Docker’s highly advertised stuff. Docker is great at advertising, just sayin’.
Flockport seems to be exactly what I needed – mostly standard, easy to use, LXC deployments for development and testing. Not planning to use any for internet-facing needs. Just too new with LXC to be comfortable trusting the security and my skill to know about the unpublished issues (security and others) with containers. For spinning up a quick internal web-app instance … perfect.
You Don't Know SSH About ssh 1
Every time I read the ssh manpage, I learn something new. This is after over 15+ yrs of using ssh. It is an amazing tool. It is the sonic screwdriver for UNIX systems connectivity.
But ssh does more than just normal connectivity stuff. Much more.
Everyone could learn a little more about ssh and stop doing things the hard way – PLUS using ssh is likely more secure than whatever we are doing today. Win-Win. Both more efficient AND more secure. How often does that happen in the real world?
For example, did you know that vim supports remote editing of files through ssh and rsync?
$ vim rsync://dev/projects/gallery/src/templates/search.html.tt
This works with gvim too. Kewl!
Smylers’s article SSH Can Do That? Productivity Tips for Working with Remote Servers is a great resource for all these magical techniques. I won’t repeat it here – let’s just say that in 15+ yrs using ssh, I learned 4 new, useful, things from that article. Time to get modifying my ~/.ssh/config files now.
If you are completely new to ssh features, here’s a nice, short, article from diogemelo to get you started. These are fairly standard uses.
ssh is enough for
- secure remote access to files via sftp
- secure remote filesystem access via sshfs
- secure remote CLI/shell access to systems with plain ssh
- secure remote desktops via x2go/freenx
- secure remote file replication with rsync (ssh is the default rsync protocol)
- secure port forwarding of selected ports
- secure remote editing with vim/gvim and other editors
- pseudo-VPN with sshuttle <— this may be helpful.
ssh really is the toolbox for remote connectivity.
A good resource about all things ssh is the wikibooks OpenSSH Client Conf entry.
Of course, ssh security doesn’t start and stop with using keys. We need to do more.
Are there great ssh things that you know NOT in his article?
Traveling with Computers Safely 5
I’ve been traveling overseas more and have discussed security issues with others in the IT security industry. Here is what I’ve decided.
With the recent HeartBleed issue in the openSSL libraries that impacted 80% of websites and the GnuTLS issue from last month, what should we do when security is needed most?
BTW, the NSA admitted to using the HeartBleed bug for years. My 20 yrs of professional experience with software tells me that there are probably 50 other issues like this in the openssl and gnutls software libraries. They are the best options for HTTPS traffic, but really shouldn’t be trusted when real security is needed.
What do I do?
Linux Troubleshooting 101-Scripting
Scripting 101
- always fully specify paths to all programs and files (input/output) inside any script. NEVER trust the PATH.
- always set any environment variables necessary to the script. Don’t trust the userid environment to be available during cron. JAVA_HOME is an example, but there are thousands of others – most scripts need fewer than 5 environment variables.
- use the -x to see what a script does. bash -x
- use built-in “verbosity” settings for any specific command; often -v or -vvvv for more output.
- Unix uses file permissions to control if a script is "executable or not. Extensions mean ZERO. Is your script permissions set to allow the userid trying to run it to see “execute” permissions?
- check the log files – client-side AND server-side.
- break down the problem inside the script to the simplest command.
- do NOT use GUI programs inside any scripts that need to run automatically. Look for the CLI version of the tool and use that instead.
- For scripting used by the public – websites – always review the code against the OWASP checklist for that language. They have a nice Top 10 list too. Guides for C, C++, Perl, Bash, Php, Python, Ruby …. try to learn from
- For bash scripting, the ABSG covers almost everything possible. For other languages, there are many, many books, websites, webpages to help.