OpenSSH 5.7, SFTP and hard links

OpenSSH 5.7 just got released. You can read the full announcement at Personally I especially appreciate the following improvement to their SFTP stack.

sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. It is available through the “ln” command in the client. The old “ln” behaviour of creating a symlink is available using its “-s” option or through the preexisting “symlink” command

Being able to handle hard links definitely makes SFTP even more useful as a remote filesystem.

Tarsnap Nagios checks

While I have been using Tarsnap for a while now it is first recently I have gotten around to make Nagios monitor those backups. Given that I really don’t want to give the nagios user any actual access to my backups, I instead take the approach of having my backup script create a status file containing a Unix timestamp of the most recent backup.

My check_tarsnap Nagios plugin can then use that status file to check that the most recent backup isn’t older than a specified number of hours. For my nightly backups I have the Warning threshold set to 26 hours and the Critical threshold set to 42 hours.

(See the top comment in the plugin source for an example on how to create the status file.)

Managing passwords using GnuPG, Git and Emacs

Like any other security conscious and/or slightly paranoid computer geek I have lots and lots of unique and nontrivial passwords to keep track of.  My solution to this problem involves having one GnuPG encrypted text file per username/password pair.

andreas@stilgar:~/safe$ gpg < example.gpg

You need a passphrase to unlock the secret key for
user: "Andreas Olsson <>"
4096-bit RSA key, ID 9A943D4A, created 2010-07-11 (main key ID 13CD4F59)
  Here gnupg-agent calls pinentry-gtk2 to prompt me for the passphrase
gpg: encrypted with 4096-bit RSA key, ID 9A943D4A, created 2010-07-11
      "Andreas Olsson <>"

username: sigge
password: sigge


As I need to have access to those passwords on more than one computer I use Git, and a remote repository, to keep my encrypted files in sync. Other options might be to mount a SFTP folder using SSHFS, or to simply put the files in your Dropbox. Yet, if you too decide to go with Git, here is a .gitignore you might want to use.

andreas@stilgar:~/safe$ cat .gitignore

Thanks to Emacs and EasyPG it is a breeze to  create new GnuPG encrypted text files, as well as to modify existing ones. Just use the file extension .gpg, and EasyPG will do its thing. The first time, when you actually create the file, you will be prompted for which public keys you want to encrypt against.

andreas@stilgar:~/safe$ emacs yet_another_example.gpg

(EasyPG is included in Emacs 23, and don’t need to be installed separately.)

Do note that this method also works when there are multiple people involved. Just make sure that the intended users have access to the share/repository in question, and that their public keys are included when you create the GnuPG files.

Server configuration and version control

One of the (few?) good habits I managed to pick up during 2010 was that I became serious about keeping server configuration under version control. While it might primarily have been something I was taught at work it is definitely a practice I have adopted privately as well.

The most obvious benefit, and potentially the most valuable one, is the historic record version control provides. Yet, the part I appreciate most is how easy it becomes to compare new configuration against current one; to verify that you only made  just those changes which you  intended to make. There is a certain comfort in being able to run a git diff before restarting a local service or before pushing new cluster configuration.

(Not that I do not appreciate having access to the configuration history. When being asked about something which happend a few months ago, those commit messages and those diffs becomes awful handy.)

For your local /etc this is as a good time as any to take a peak at etckeeper.

Hosting myself

About half a year ago this blog moved to As of this post my blog is moving back home to my (virtual) server.

While I have been generally happy with the service provided by I guess I still prefer having the ability to do things my way. I especially enjoy yet again having the blog properly integrated with my Yubikey.

(Bonus being that the blog is yet again reachable using IPv6.)

Returning from FSCONS 2010

Back in Linköping, after enjoying yet another FSCONS conference. In case you want to know if there is something you might want to ask me about, these are the talks I attended:

Kaizendo: Customizable schoolbooksA Labour Process Perspective on the Development of Free SoftwareAre you weak in the middle?The Inanna ProjectScalable application layer transfersThe Future of RepRap and Free and Open HardwareWomen in FLOSSFuture TransportsGNU ParallelEthics of Intellectual MonopoliesWho are the Free Users? and Bits and bytes: the importance of free software in the industry.

That diversity in topics is by the way one of the things I really appreciate about going to FSCONS. Another nice thing is the people you get to meet. This year I had, among others, the pleasure of meeting up with a few members of the Danish Ubuntu LoCo.

Reassembling Das Keyboard

Ok, first some background.

  1. Earlier this year, I bought myself a Das Keyboard Ultimate.
  2. Time passes, and I am still very happy with the keyboard.
  3. Accident happen, forcing me into some serious keyboard cleaning.

According to it is perfectly safe to remove the small/regular keys (letters, numbers, etc). The larger keys (enter, shift, etc) on the other hand should be left alone, as they apparently are quite hard to get properly back in place.

The mistake I made was to assume that all those blank keys are the same. Trying to reassemble the keyboard I discovered that they actually come in four different heights and angles.

Luckily the friendly people at Das Keyboard Support managed to give me a few pointers. Apparently the keys are “horizontality” arranged. The picture below will hopefully illustrate which key types belong at which lines.

Placement of keys on a Das Keyboard

(The picture is used, and modified, by permission from Das Keyboard Support.)

If you look underneath the keys you will notice that some of them are marked as R1, R2 or R3. Yes, that marking correspond with the key types one, two and three, respectively. The exception being the keys belonging as F, J and numeric 5.

This blog post probably makes a lot more sense if you know that the Das Keyboard Ultimate is completely black, without any inscription on its keys what so ever. Knowing a tiny bit of German probably does not hurt either.

Now on Skype

Against all previous principles, I have now began using Skype. If you know me, feel free to me to your contact list. Just do not expect me to be Online all the time.

Skype Name:

…and no, that principle I mentioned has nothing to do with free vs proprietary software. It is more about me not necessarily being a big fan of telephones.

Vacation summary, by flickr and twitter

Now back in Sweden, after my vacation to New York, Philadelphia and Washington DC. For starters I have put a few photos online, in my flickr collection USA Vacation ’10.

Then there are the tweets I wrote (@andol). While incredible incomplete, they do provide some kind of summary.

  1. Now in New York City.
  2. “My exit music, please.”
  3. Highlight of the day: Eating lobster roll in the shadow of the Brooklyn bridge, while admiring the Manhattan skyline.
  4. Definitely think someone ought to open a Korean restaurant in Linköping.
  5. Best positive surprise so far: The Bitter End, in Greenwich Village -
  6. Feels a bit odd that I only have to pay about ten dollars to have someone else to my laundry. No, not complaining.
  7. Breathtaking beauty: New York City, by night, from Top of the Rock.
  8. Seven bagels later; leaving New York for Philadelphia.
  9. Walking the streets of Philadelphia, appreciating the directional maps in every other street corner.
  10. Also, pretty sure that the Free Library of Philadelphia, at Logan Square, is the nicest library I have had the pleasure to visit so far.
  11. Philadelphia South Street, by night, almost feels kind of mediterranean.
  12. Leaving historic Philadelphia for present Washington DC.
  13. First night in DC: Evening walk in the National Mall, followed by an interesting Ethiopian meal in the Shaw neighborhood.
  14. Enjoyed the DC Ducks just as much as I enjoyed the Boston Ducks.
  15. Today turned into Smithsonian day. Visited the Museum of the American Indian as well as the Air and Space Museum.
  16. Today’s excursion to Theodore Roosevelt Island was a nice break from the city. The shadow provided by all trees wasn’t half bad either.
  17. Chafed feet –> silly walks –> loads of fun.
  18. DC beauty: The Lincoln Memorial, and its reflecting pool, during sunrise.
  19. Goodbye Washington DC. Hello eight hour flight.
  20. Back home in Linköping. Would like to thank my traveling companions @parwieslander and

(Anyone who wants the full story will have to buy me and/or Pär a suitable cold beverage.)

birthday reminders, vCard to e-mail

A couple of months ago I wrote a Python script which parses my vCard address book and reminds me about upcoming birthdays. Given that it has worked well for me I figured I would share it with the rest of you.

I have not added any e-mail capabilities to the script, as I find it cleaner to simply let cron pass along the output. For more information, see the README file.

(The actual vCard parsing is handled by  the Python vobject library.)