Category Archives: programming

Openssh authorized key commands

Leave a reply

I didn’t know about this and it’s quite useful. In Openssh you can specify the command to run when a given key connects. In effect this allows you to treat ssh keys as capability tokens. You can gin up a key pair, and then configure things so that key is useful for one and only one operation; say retrieving a log file or polling a remote system.  If you leave don’t bother with giving the key a pass phrase (you could also configure your ssh-agents just right) the client machine can use the capability in scripts as it pleases. The details for how to set up the authorized_key file to do this are in the ssh manual.

For example here is how you might create way to ask a machine what it’s uptime is.  First we create a ssh key pair to use.

ssh-keygen -t dsa -f /tmp/uptime_id -C ‘for uptime queries’ -N ”

The -N ” results in an empty pass phrase.  I like to add a comment stating what this key’s purpose is.  No doubt you’d probably want to save it someplace more useful than /tmp.

That results in two file, for the private/public parts.  We want to add the /tmp/uptime_id.pub into the ~/.ssh/authorized_keys of our target machine (call it target.example.com) as so:

command=”/usr/bin/uptime” ssh-dss AA … ucP0NNHm+w== for uptime queries

except of course the ” … ” in that example should be the entire public key.  Take careful not to remove your other entries in your user’s target.example.com’s .ssh/authorized_keys.

Now your all set.  Just do:

$ ssh -q -o ‘ControlMaster no’ -i /tmp/uptime_id target.example.com
11:00  up 6 days, 18:37, 3 users, load averages: 0.66 0.41 0.39
$

The “-q” quiets ssh’s verbosity; and the “-i /tmp/uptime_id”.  The -o to disable ControlMaster avoids the risk that you may already have a connection and ssh will try to share it.

Meanwhile on the client side you might create a pseudo-host in your .ssh/config file.  Wire up just right you can say ssh fetch-log-from-foo.  In the ssh-config manual there is additional useful doc for. IdentitiesOnly helps keep a stray ssh-agent from blessing things with a more capable  identity.  You should disable the ControlMaster.

VMWare, SBCL, Mac

Leave a reply

There are a few ways to get a good Lisp environment under Mac OS X (including OpenMCL, SBCL, Lispworks, etc.). This is a note about yet another approach. We use VMWare to create a virtual machine, a guest. VMWare is currently free, since it’s in beta. In that guest machine we run Linux. We do that to get access to the network effect around the Linux Lisp community.

I tried doing this using FreeBSD. I like FreeBSD. But I took the immaturity of the threading on FreeBSD as a signal that the Lisp network on FreeBSD appears is weak.

I somewhat randomly picked the Gentoo variant of Linux because the Gentoo Lisp “portage” appears to be well populated. You can snarf a VMWare “virtual appliance” for Gentoo (400 megabytes). Which is good because the Gentoo folks seem to think that installing Gentoo should be a hazing ritual where in you prove you love the hardware more than your family.

All I wanted here was a Lisp process; i.e. a server. So I didn’t X, et. al. So I enabled ssh and set host only networking.

Once you have your guest Gentoo you need to bring it up to date. There are some rough instructions here. Portage is the gentoo community’s name for the infrastructure used to manage all the fun software you can install on your machine. Emerge is gentoo’s cute word for installing software and world is their word for the software on your machine. Getting your machine to be current is a two step process; which you do with the emerge command. First you need to get your portage system current, i.e. synchronize with the main line (emerge sync), and then you need to let emerge bring the world up to date (emerge world). That should be enough of a model to be able to understand what they are talking about in the gentoo wiki and doc.

It might be you could skip bringing it up to date, but you can’t skip installing the VMWare tools into the guest OS. There is doc in the VMWare manual (which you can skim), and doc on the gentoo wiki (which you must follow). You have to do this, otherwise the guest clock won’t be in sync with the host’s; and that will cause ASDF to recurse to death.

One clever feature of portage is that you can set some flags to modify the personality of the software that it installs. For example to indicate that you want doc, or gui support, etc. These flags are set in /etc/make.conf. Before installing any lisp software I set some of these to get the kind of lisp I needed. I added “threads unicode doc source” to the setting for USE in that file.

At this point you can install sbcl by doing ’emerge sbcl’. You can install slime/swank by doing ’emerge slime-cvs’.  emerge -p slime-cvs will not notice that the cvs repository has changed, so you may need to do ’emerge slime-cvs’ from time to time; to avoid having slime complain about protocol mismatching.  If you put doc in your make.conf USE, then the line ‘app-emacs/slime-cvs -doc’ in your /etc/portage/package.use; otherwise it will start huge tool chains to generate the doc.  I also have ‘dev-lisp/sbcl threads unicode -ldb’ in /etc/portage/package.use.
Presuming you want it to default to UTF-8 for sbcl external format on streams; do have ‘export LC_CTYPE=en_US.UTF-8′ in the environment before you run sbcl.
You’ll need a .sbclrc file; and it will likely want to include the usual gentoo initialization: ’emerge dev-lisp/gentoo-init’. My .sbclrc fires up swank; so I can connect to it from Aquamacs, running on the host mac. This is approximately what’s in my .sbclrc file. Note that by slamming the *loopback-interface* in swank it becomes possible for the host machine’s slime to connect into the guest machine’s swank listener; that’s safe because the vmware networking keeps the guest machine inaccessible from outside the host machine.

;;;; -*- mode: lisp -*-
(in-package "CL-USER")

;;; This is ~/.sbcl loaded by SBCL upon startup

;;; These make things nicer when debugging.
(declaim (optimize (safety 1)))
(declaim (optimize (debug 3)))

;;; Let gentoo's dev-lisp do it's thing.
(load "/etc/gentoo-init.lisp")

;;; Load swank and enable remote access.
(asdf:operate 'asdf:load-op 'swank)
(setf swank::*loopback-interface* "192.168.89.128")
(setf swank:*use-dedicated-output-stream* nil)
(setf swank:*communication-style* :fd-handler)
(swank:create-server :dont-close t :coding-system "utf-8-unix")

Once that's working you can proceed to install all the lisp packages you like; either via asdf-install or via emerge.

Note that the server is creted with a utf-8 coding system, that presumes that your emacs has utf support, fonts, and both (setf slime-net-coding-system 'utf-8-unix) (set-language-environment "UTF-8") are set before you connect.
I just use tramp, and sshfs via fuse.
All this was a lot more tedious than I'd imagined; but it works nicely now. And I have sbcl, threads, and unicode - which is a combination you can't get natively on the Mac right now. If I was a better person, if VMWare on the mac wasn't beta, and if I thought this set up had stabilized I would make a virtual appliance, a virtual lisp machine :), and post it.

Speed Reader, TxUtils, AIM2Growl

1 Reply

Some misc…

I cobbled together a  speed reading mode for xemacs based on my earlier post about dyslexia. There are certainly a lot of directions this thing could go in.

Since I released that publically I also released this little per script AIM2Growl that I run in the background. It signs onto AIM given the screen name and password given on the command line and any messages sent to that screen name are then passed onto Growl (a Mac OS X utility that posts transient alerts to the user). I have many IM persona, one of them has some bots (e.g. Cornell Corona as buddies and these bots post notices of interesting things. Some of the scripts that monitor the health of my machines also IM that persona.

Since the speed reading mode only works in emacs I wanted and i wanted to be able to read postscript files I went looking for the tools to do that. txutils.el enhances emac’s view-file command to automatically convert file formats into text or html. Then you’ll need pdftotext which is bundled with xpdf.

The easy way to install xpdf on the mac is sudo port install xpdf, presuming you have port installed.

Image cacheing, chapter 2

Leave a reply

Well actually more like chapter 11.  This problem has evolved into one of the problems that requires hours of focused attention and I don’t have those available.  I’ve turned it off.  Presumably this will some of the sites I host unusable slow for some people; for others it will make them usable again.

Caching troubles

Leave a reply

I’m stumped; so this is a shout out to the lazy web.

For the some of the sites that I publish I load shift the bandwidth for serving images to another machine. I do this by having those site do a temporary redirect to images.redzephyr.net which serves the image from a cache. If it is not in it’s cache it pulls the image from the original server.

This scheme was working fine until image server was upgraded and moved it to a new IP address.

Since that change my the cache directory on the image server seems to slowly fill with images from which the first N bytes have been dropped. If I clear the cache the problem goes away for a while; but reemerges slowly but surely.

Meanwhile this is polluting the browser side caches of my users and I need a scheme to clear their caches. I have a lame scheme to do that (changing all the redirected URLs).

If anybody recognize what stupid thing I’ve overlooked?

ps. How to “Bypass your browser’s cache“.

Productivity

Leave a reply

screenhome-net.gifI predict the national economic statistics will show a substantial increase in worker productivity in the next quarter.

Why? The new beta version of Firebug shows clearly how long it takes for various web pages to load. I know of three web sites who’s load time has been improved by significant margins already and I expect we will see a speed up to from 5-10 across the board.

I predict data: URLs (see also) will suddenly become quite popular. Finally, we need an Apache module ASAP that automatically splices in data urls for small GIFs and css files.

Top of the Heap

Leave a reply

Today’s Dilbert amused me.

One of the standard problems in all system design is what to call the root of your class hierarchy. I worked for a company once that started with the name “object,” and then in a later version they wanted something yet more general so the inserted “entity” above object. Later yet they inserted “item” above entity.

Personal Note from Richard Stallman

Leave a reply

June 1984:

The Lisp Machine is a product of the efforts of many people too numerous to list here and of the former unique unbureaucratic, free-wheeling and cooperative environment of the M.I.T. Artificial Intelligence Laboratory. I believe that the commercialization of computer software has harmed the spirit which enabled such systems to be developed. Now I am attempting to build a software-sharing movement to revive that spirit from near oblivion.

Since January 1984 I have been working primarily on the development of GNU, a complete Unix-compatible software system for standard hardware architectures, to be shared freely with everyone just like EMACS. This will enable people to use computers and be good neighbors legally (a good neighbor allows his neighbors to copy any generally useful software he has a copy of). This project has inspired a growing movement of enthusiastic supporters. Just recently the first free portable C compiler compiled itself. If you would like to contribute to GNU, write to me at the address above. Restrain social decay–help get programmers sharing again

From the preface of the Lisp Machine Manual.

Crazy

Leave a reply

I installed ubuntu on an G3 blueberry iMac, and it works ok.


bhyde@ubuntu:~$ set | wc -l
4251

Golly.

FYI – installing via the Live CD doesn’t work, while the alternative CD did – but that requires time and expertise.