Present Perfect


Picture Gallery
Present Perfect

using xargs on a list of paths with spaces in a file

Filed under: Hacking,sysadmin — Thomas @ 19:18


Every few weeks I have to spend an hour figuring out exactly the same non-googleable thing I've already needed to figure out. So this time it's going on my blog.

The problem is simple: given an input file listing paths, one per line, which probably contain spaces - how do I run a shell command that converts each line to a single shell argument ?

Today, my particular case was a file /tmp/dirs on my NAS which lists all directories in one of my dirvish vaults that contains files bigger than a GB. For some reason not everything is properly hardlinked, but running hardlink on the vault blows up because there are so many files in there.

Let's see if wordpress manages to not mangle the following shell line.

perl -p -e 's@\n@\000@g' /tmp/dirs | xargs -0 /root/hardlink.py -f -p -t -c --dry-run

N900 life support

Filed under: Hacking — Thomas @ 10:35


I don't want to simply be complaining about Nokia's sad Linux story ending.

It's obvious that things aren't going to get better though for Maemo device owners.

Here are two things that caused me trouble over the last few months, and the fix that did it for me, in case you were suffering from the same problems.

      The Facebook photo sharing functionality just stopped working for me. It would upload the file, then give me an error without specifying any reason. I had simply assumed the Facebook API had changed, and since afaik this plugin is sadly closed-source (what on earth possessed Nokia to make a social media sharing component closed to begin with is beyond me - what kind of IP secrets could you possibly have in there?) I thought I would have to do without for now. And it really is a hassle to manually copy photos off then share them from the desktop.

      Turns out that I simply had to re-authenticate the Sharing Account in Settings. No idea why - maybe Facebook changed some authentication system in the last few months ? Now it works again.

      (As a side note, this plugin's behaviour is really annoying when it comes to uploading photos. It will always try to upload as soon as you connect to a network, although usually all you get is access to some web page on which you have to authenticate, usually by paying, to get on to the net. The sharing plugin already blasts photos at facebook, then fails, gives you a non-useful error message, and then sits there forever without any option to retry. All you can do is cancel the transfer, in which case you will have to re-upload the photos from your library. After some time I figured out that a reboot caused it to retry all pending uploads on the next network connect, and then after that I figured out a kill of a sharing manager process did the same thing. But really, Nokia engineers - a simple 'retry' button was too hard ?)

      For the last two weeks my GPS stopped getting a lock completely. This wreaked havoc on my barriosquare/foursquare checkins as well, which simply don't register without a GPS lock (yes I still have a half-done port of bsq to the new foursquare API, but last time I tried I was still stuck on the simply terrible browser coming with the device that seems to be unable to properly complete SSL requests in emulator mode).

      I stumbled across this page and simply changed the AGPS server to google's. Worked like a charm on the next connect. Nokia, I don't know what you did to your AGPS server - surely other phones you have are using it too, not just the Maemo ones ?

      I swore I wasn't going to buy an N9 because there's no point in buying an EOL'd phone if I plan to develop for it. The reviews when it actually came out almost persuaded me to get it, and the five minutes I got to play with Luis de Bethencourt's phone got me really close. I've even seen plans in Belgium offering this phone! But really, there isn't much point if Nokia isn't going to support this phone any more and services are just going to get worse, and important parts of the stack remain closed and thus unfixable down the road.

      This month's Android course at work at least got me familiar developing for the phone and I was actually impressed by Eclipse this time around, and while Java still seems like a bitch to program in, the whole emulator setup is easy to use... Who knows, my next phone may in fact be an Android.

      In the meantime, it's nice to see that some of my fixes go noticed. That motivates me to possibly fix that other annoyance in erminig-ng - all-day events triggering an alarm at midnight and waking me up :)

ssh friction

Filed under: Hacking,sysadmin — Thomas @ 12:57


I haven't been too good this year at removing friction from my workflow. Today I wanted to change that. And the random friction thrown my way today has to do with ssh.

You see, somewhere along the line I read that it is a good idea to create separate keys for separate identities. So I have an identity for all work-related stuff (which I consider 'ring 1': it's unlikely to change but everyone can get fired or change jobs), one for personal stuff on machines I actually control ('ring 0': they'd have to pry it out of my dead hands), another for my 'public online default' identity ('ring 2': I can always pull a whytheluckystiff and pull myself of the net and reinvent myself), and then per-project identities ('ring 3': I may lose interest in being a fedora or gstreamer contributor without massive changes in my personality).

I started splitting ring 3 per project when it made sense - for example, Fedora recently enforced a key change even if your account wasn't compromised and even if you already have a strong passphrase on your key (like I had), and of course a massive flamefest ensued. I shrugged and decided to split off a new key and set that on all my machines.

But the problem is, this whole tower of ssh doesn't really work well in practice. I chose a long passphrase for the new fedora keys, but obviously I do not want to type that every time I clone a package or commit changes. So I use ssh-agent. In theory, ssh-agent adds your keys and asks you for the passphrase once, and is then able to offer those identities to the other side.

The problem is a lot of ssh servers out there only give you a few tries. So your ssh agent will offer identity by identity until it gets refused. If my fedora identity was added as the fourth identity I lose - I can't clone a package.

Specifying IdentityFile in the ssh config is useless. It is poorly documented, but IdentityFile files actually come after your ssh-agent identities. So your agent blasts all the wrong keys at the host first, and you get denied.

So you can specify IdentityOnly to make sure that only the identity file you want is being used. Sadly in that case it will not use the ssh-agent at all, so it will ask you for the password to your key file - the whole reason you want agents to be used in the first place.

Now obviously ssh has all the pieces it needs to Do The Right Thing. If my config says to use this identity and this identity only, ssh should be able to request ssh-agent to present that identity, and that identity only, and make the login happen without any password.

Surely I must be missing something obvious. Surely one of you uberhackers out there has set up the same thing as me. Why don't you comment about it here and help the rest of us?