Tarsnap Nagios checks

While I have been using Tarsnap for a while now it is first recently I have gotten around to make Nagios monitor those backups. Given that I really don’t want to give the nagios user any actual access to my backups, I instead take the approach of having my backup script create a status file containing a Unix timestamp of the most recent backup.

My check_tarsnap Nagios plugin can then use that status file to check that the most recent backup isn’t older than a specified number of hours. For my nightly backups I have the Warning threshold set to 26 hours and the Critical threshold set to 42 hours.

(See the top comment in the plugin source for an example on how to create the status file.)

Managing passwords using GnuPG, Git and Emacs

Like any other security conscious and/or slightly paranoid computer geek I have lots and lots of unique and nontrivial passwords to keep track of.  My solution to this problem involves having one GnuPG encrypted text file per username/password pair.

andreas@stilgar:~/safe$ gpg < example.gpg

You need a passphrase to unlock the secret key for
user: "Andreas Olsson <andreas@arrakis.se>"
4096-bit RSA key, ID 9A943D4A, created 2010-07-11 (main key ID 13CD4F59)
  Here gnupg-agent calls pinentry-gtk2 to prompt me for the passphrase
gpg: encrypted with 4096-bit RSA key, ID 9A943D4A, created 2010-07-11
      "Andreas Olsson <andreas@arrakis.se>"

https://127.0.0.1/

username: sigge
password: sigge

andreas@stilgar:~/safe$

As I need to have access to those passwords on more than one computer I use Git, and a remote repository, to keep my encrypted files in sync. Other options might be to mount a SFTP folder using SSHFS, or to simply put the files in your Dropbox. Yet, if you too decide to go with Git, here is a .gitignore you might want to use.

andreas@stilgar:~/safe$ cat .gitignore
*
!*.gpg
!.gitignore
andreas@stilgar:~/safe$

Thanks to Emacs and EasyPG it is a breeze to  create new GnuPG encrypted text files, as well as to modify existing ones. Just use the file extension .gpg, and EasyPG will do its thing. The first time, when you actually create the file, you will be prompted for which public keys you want to encrypt against.

andreas@stilgar:~/safe$ emacs yet_another_example.gpg

(EasyPG is included in Emacs 23, and don’t need to be installed separately.)

Do note that this method also works when there are multiple people involved. Just make sure that the intended users have access to the share/repository in question, and that their public keys are included when you create the GnuPG files.

Server configuration and version control

One of the (few?) good habits I managed to pick up during 2010 was that I became serious about keeping server configuration under version control. While it might primarily have been something I was taught at work it is definitely a practice I have adopted privately as well.

The most obvious benefit, and potentially the most valuable one, is the historic record version control provides. Yet, the part I appreciate most is how easy it becomes to compare new configuration against current one; to verify that you only made  just those changes which you  intended to make. There is a certain comfort in being able to run a git diff before restarting a local service or before pushing new cluster configuration.

(Not that I do not appreciate having access to the configuration history. When being asked about something which happend a few months ago, those commit messages and those diffs becomes awful handy.)

For your local /etc this is as a good time as any to take a peak at etckeeper.

Hosting myself

About half a year ago this blog moved to wordpress.com. As of this post my blog is moving back home to my (virtual) server.

While I have been generally happy with the service provided by wordpress.com I guess I still prefer having the ability to do things my way. I especially enjoy yet again having the blog properly integrated with my Yubikey.

(Bonus being that the blog is yet again reachable using IPv6.)

Returning from FSCONS 2010

Back in Linköping, after enjoying yet another FSCONS conference. In case you want to know if there is something you might want to ask me about, these are the talks I attended:

Kaizendo: Customizable schoolbooksA Labour Process Perspective on the Development of Free SoftwareAre you weak in the middle?The Inanna ProjectScalable application layer transfersThe Future of RepRap and Free and Open HardwareWomen in FLOSSFuture TransportsGNU ParallelEthics of Intellectual MonopoliesWho are the Free Users? and Bits and bytes: the importance of free software in the industry.

That diversity in topics is by the way one of the things I really appreciate about going to FSCONS. Another nice thing is the people you get to meet. This year I had, among others, the pleasure of meeting up with a few members of the Danish Ubuntu LoCo.

Reassembling Das Keyboard

Ok, first some background.

  1. Earlier this year, I bought myself a Das Keyboard Ultimate.
  2. Time passes, and I am still very happy with the keyboard.
  3. Accident happen, forcing me into some serious keyboard cleaning.

According to daskeyboard.com/support it is perfectly safe to remove the small/regular keys (letters, numbers, etc). The larger keys (enter, shift, etc) on the other hand should be left alone, as they apparently are quite hard to get properly back in place.

The mistake I made was to assume that all those blank keys are the same. Trying to reassemble the keyboard I discovered that they actually come in four different heights and angles.

Luckily the friendly people at Das Keyboard Support managed to give me a few pointers. Apparently the keys are “horizontality” arranged. The picture below will hopefully illustrate which key types belong at which lines.

Placement of keys on a Das Keyboard

(The picture is used, and modified, by permission from Das Keyboard Support.)

If you look underneath the keys you will notice that some of them are marked as R1, R2 or R3. Yes, that marking correspond with the key types one, two and three, respectively. The exception being the keys belonging as F, J and numeric 5.

This blog post probably makes a lot more sense if you know that the Das Keyboard Ultimate is completely black, without any inscription on its keys what so ever. Knowing a tiny bit of German probably does not hurt either.

Now on Skype

Against all previous principles, I have now began using Skype. If you know me, feel free to me to your contact list. Just do not expect me to be Online all the time.

Skype Name: andreasolsson.se

…and no, that principle I mentioned has nothing to do with free vs proprietary software. It is more about me not necessarily being a big fan of telephones.

Vacation summary, by flickr and twitter

Now back in Sweden, after my vacation to New York, Philadelphia and Washington DC. For starters I have put a few photos online, in my flickr collection USA Vacation ’10.

Then there are the tweets I wrote (@andol). While incredible incomplete, they do provide some kind of summary.

  1. Now in New York City.
  2. “My exit music, please.”
  3. Highlight of the day: Eating lobster roll in the shadow of the Brooklyn bridge, while admiring the Manhattan skyline.
  4. Definitely think someone ought to open a Korean restaurant in Linköping.
  5. Best positive surprise so far: The Bitter End, in Greenwich Village - http://bitterend.com/
  6. Feels a bit odd that I only have to pay about ten dollars to have someone else to my laundry. No, not complaining.
  7. Breathtaking beauty: New York City, by night, from Top of the Rock.
  8. Seven bagels later; leaving New York for Philadelphia.
  9. Walking the streets of Philadelphia, appreciating the directional maps in every other street corner.
  10. Also, pretty sure that the Free Library of Philadelphia, at Logan Square, is the nicest library I have had the pleasure to visit so far.
  11. Philadelphia South Street, by night, almost feels kind of mediterranean.
  12. Leaving historic Philadelphia for present Washington DC.
  13. First night in DC: Evening walk in the National Mall, followed by an interesting Ethiopian meal in the Shaw neighborhood.
  14. Enjoyed the DC Ducks just as much as I enjoyed the Boston Ducks.
  15. Today turned into Smithsonian day. Visited the Museum of the American Indian as well as the Air and Space Museum.
  16. Today’s excursion to Theodore Roosevelt Island was a nice break from the city. The shadow provided by all trees wasn’t half bad either.
  17. Chafed feet –> silly walks –> loads of fun.
  18. DC beauty: The Lincoln Memorial, and its reflecting pool, during sunrise.
  19. Goodbye Washington DC. Hello eight hour flight.
  20. Back home in Linköping. Would like to thank my traveling companions @parwieslander and http://wikitravel.org/en/.

(Anyone who wants the full story will have to buy me and/or Pär a suitable cold beverage.)

birthday reminders, vCard to e-mail

A couple of months ago I wrote a Python script which parses my vCard address book and reminds me about upcoming birthdays. Given that it has worked well for me I figured I would share it with the rest of you.

I have not added any e-mail capabilities to the script, as I find it cleaner to simply let cron pass along the output. For more information, see the README file.

(The actual vCard parsing is handled by  the Python vobject library.)

OpenPGP key transition

I’ve recently set up a stronger (4096R) OpenPGP key, and will be transitioning away from my old (1024D) one. To a large extent this is about being able to use the SHA-2 family for signatures.

The old key will continue to be valid for some time, but I prefer all future correspondence to come to the new one. I would also like this new key to be re-integrated into the web of trust. Please see this statement signed with both keys, certifying the transition.

The old key was:

pub   1024D/FAF2463A 2006-11-20
      Key fingerprint = 4947 BB72 9192 8645 CC8B  F142 8AF2 8D1C FAF2 463A

The new key is:

pub   4096R/13CD4F59 2010-07-11
      Key fingerprint = AFEB 2D24 4715 3F0D 9250  8A8B 5882 A0DC 13CD 4F59
uid                  Andreas Olsson
uid                  Andreas Olsson
uid                  Andreas Olsson
uid                  Andreas Olsson
sub   4096R/9A943D4A 2010-07-11

To fetch my new key from a public key server, you can simply do:

  $ gpg --keyserver pool.sks-keyservers.net --recv-key 0x13CD4F59

If you already know my old key, you can now verify that the new key is signed by the old one:

  $ gpg --check-sigs 0x13CD4F59

If you are satisfied that you’ve got the right key, and the UIDs match what you expect, I’d appreciate it if you would sign my key:

  $ gpg --sign-key 0x13CD4F59

Lastly, if you could upload these signatures, I would appreciate it:

  $ gpg --keyserver pool.sks-keyservers.net --send-key 0x13CD4F59

Please let me know if there is any trouble, and sorry for the inconvenience.