PlanetJoel.com

Subversion Pre-Commit hook to check sudoers file syntax

Joel joelh-website@planetjoelDOTcom — Tue, 06 Jan 2009 21:32:23 +0000

In my short running series extremely obscure pieces of code that hopefully someone else in the universe will find useful I bring you a pre-commit hook for subversion that checks to make sure your sudoers file has correct syntax. This is useful for us because we have a very large sudoers file and once commited into subversion it will get deployed to all of our boxes. If it contains a syntax error this would be quite nasty.

While coding it I ran into a fun little bug that means if you try and print too much to stderr it hangs which made things a bit more interesting.

Enjoy

lshw

Joel joelh-website@planetjoelDOTcom — Sun, 28 Dec 2008 19:56:34 +0000

Every now and then you come across a genuine new command that you haven't heard of before that does something useful. lshw lists basically everything hardware related you would want to know about a new box you have just jumped on to. It is extremely detailed and easy to read and should be available with a simple "apt-get install lshw" on either ubuntu or debian.

Flickr-CAPTCHA v0.2 using PHP and the FlickrAPI for human recognition

Joel joelh-website@planetjoelDOTcom — Tue, 16 Dec 2008 04:16:29 +0000

Flickr-CAPTCHA is a captcha program that uses flickr images and tags to decide whether someone is human. A random thing is selected (from a list of things) and a random number of flickr images are chosen a long with a set of decoys. Each decoy contains at least one other thing in order to prevent images that are ambigious and to try and keep it obvious they are decoys. The user must then select all images and if they get 50% right (with minus marks for wrong answers) we consider them definitely human. It should be quite difficult for a computer to guess which images to select but fun and enjoyable for a human. It requires only very basic english skills.

SECURITY

Image ID's are hashed then proxied through a PHP page so that a bot cannot simply lookup the image themselves through the flickr API. They could potentially use the author and the title so an option exists to hide the title as well if you are paranoid. You will also want to adjust the acceptedRatio if you are really paranoid.

IMAGE LICENSING

We are only selecting images that have attribution licenses, not those that are all rights reserved. Every image being displayed is attributed to the author with a link to their flickr page. I am not a lawyer, see the LICENSE file for warranty (hint: there is none).

Pros

Fun and easy to use
Easy for human / hard for computer
Customizable

Cons

Slow to load all the images
Not secure

To get started check out the README file

Download Flickr-CAPTCHA v0.2

Flickr-CAPTCHA online tester

Older Releases: 0.1.

Python NSS netgroups interface

Joel joelh-website@planetjoelDOTcom — Tue, 02 Dec 2008 21:16:09 +0000

While working on my python test-sudoers script I realised I would need to query NSS netgroups. I went looking for a python module that would do that, and I found the nis module but this wasn't really what I was after. The NIS module allows you to query NIS netgroups if you have a NIS domain set up - we have an LDAP server that serves out netgroups. This sounded like a good opportunity to attempt to write my first C python extension!

The python C extension framework is actually fantastically easy to use even for someone who is not a natural C programmer like myself. This gotcha's are around reference counters since you have to keep the garbage collector aware of what you are doing. But that is not too bad. What did throw me off was a simple valgrind run of a very simple test case produced 4KB's or so of memory leak. I spent a while trying to fiddle and fix the reference count stuff to see if I was doing something wrong and leaving something with two many references. By causing it to crash I was able to determine that yes I had the minimal number of reference counters so I had a different problem. I ran "valgrind getent netgroup LinuxAdmins" and there it was - the NSS libraries themselves were leaking memory. Interesting.

Here is my python NSS netgroups module. To compile it download and run "python setup.py build" then "python setup.py install". You should already have NSS setup to query netgroup information ("getent netgroup somegroup" should work). For further help simply run pythons help() routinue on the module.

Python NSS netgroups module v0.11

UPDATE: Fixed some INCREF bugs thanks to bioinformed

An open letter to Stephen Conroy regarding Net Filtering Proposal

Joel joelh-website@planetjoelDOTcom — Tue, 11 Nov 2008 21:10:45 +0000

Dear Stephen Conroy,

I work in the IT Industry in Sydney and so I have been closely following the proposal to filter the internet at an ISP levels. I won't re-iterate what I'm sure other more experienced experts than myself have already told you: that the plan is unworkable both from a technical level and from a government level or that it is going to cost millions of dollars and be unlikely to deliver any real outcomes.

I'm writing to you about the international press about the plan which is hampering Australia's ability to be taken seriously in the IT space. Articles such as this one, which came out today, have long lasting detrimental affect in terms of the reputation of Australia's tech-saviness:

ars technica net filtering article

Americans and Europeans read articles like this and quite rightly think Australians do not understand the internet at a government level and are still trying to treat it like books, TV and Film. In a globalized economy this ignorance damages our ability to be participate in the tech economy. Listen to the ISPs, your technical experts, consumers and voters and stop this plan which is designed only to make those who do not understand it feel a sense of protection that they do not have.

Thanks

Joel Heenan

Stuff I have been doing - Oxley run

Joel joelh-website@planetjoelDOTcom — Sun, 09 Nov 2008 15:37:11 +0000

Here are some photos of a recent trip I went on up to Oxley: Oxley run photos 26/10/2008.

test-sudoers.py - Test a sudoers file through python

Joel joelh-website@planetjoelDOTcom — Wed, 05 Nov 2008 22:35:59 +0000

I wrote a quick script called test-sudoers.py which reads a sudoers file and can answer questions like "what commands can a particular user run on a particular host?" and "can a particular user run a command?". The latter is particularly useful because using return codes that can be scripted and allow certain actions based on whether they can run a specific command.

Its also very useful if you are writing a massive sudoers file (as I manage at my current job) and need tools to probe and prod it before rolling it out.

UPDATE 9/1/2009: v0.2 online which features support for netgroups. If you have installed my libnss netgroup bindings then you can perform netgroup based lookups using test-sudoers

Senator On-Line

Joel joelh-website@planetjoelDOTcom — Mon, 15 Oct 2007 18:37:05 +0000

An Australian party running for the senate which allows you to Vote Online on each issue they vote on.

I had a similar idea recently thinking about how referendums and so forth are only extreme because of the human cost of organising and counting them. With computers that cost can be very low.

Literally digg up this bill I love it.

I got defrauded for $5

Joel joelh-website@planetjoelDOTcom — Fri, 28 Sep 2007 02:04:19 +0000

I went to the train station because I was running late and foolishly thought it might be slightly faster than walking (in my case its not I've since found out). At the train station I saw I had two $10 notes and not wanting to get a fistful of change out of the machine headed over to one of the windows. I handed him the note and said where I was going, he took it and then gave me change for a $5. I told him I had given him a $10 and became slightly irate. He gave some bullshit story about how they always put the money on the side of the cash register, took a $5 note out and placed it on the side claiming it was mine.

I told the supervisor, he took down my details and gave me a call a few hours later. He informed me that they had balanced up the till and that it had balanced perfectly.

I'm 100% certain that I gave a $10 note so I'm left with this burning question as to why they would steal it. I can only think that with the prices of trains these days the average person would be unlikely to notice that they are short changed and they use this to supplement their wages. Is there supervisor in on this scam as well? How much would they skim in a typical day, $100 at most surely otherwise people would notice. Why not just give up the game when I caught him out? Maybe it really was a mistake and the guy got lucky and just overpaid someone else.

Shoe tossing

Joel joelh-website@planetjoelDOTcom — Fri, 28 Sep 2007 00:45:09 +0000

Wikipedia mentions that shoe tossing may indicate gang warfare, where to buy crack or heroin, or sites where people have been murdered.