GPG subkeys marked with the "authenticate" capability can be used for public
key authentication with SSH. This is done using gpg-agent which, using the
--enable-ssh-support option, can implement the agent protocol used by SSH.
A working gpg2 setup is required. It may be possible to use gpg 1.4 but with gpg-agent compiled from gpg2. If you are using OS X 10.9 (Mavericks) then you may find the instructions [here][1] useful.
| # Depends: libgpg-error | |
| curl -O ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.12.tar.bz2 | |
| tar xjf libgpg-error-1.12.tar.bz2 | |
| cd libgpg-error-1.12 | |
| ./configure --prefix=/usr/local | |
| make | |
| sudo make install | |
| { | |
| // Mutt-like keybindings with my own preferences | |
| "j" = "nextMessage:"; | |
| "k" = "previousMessage:"; | |
| "^a" = "selectFirstMessageRow:"; | |
| "^e" = "selectLastMessageRow:"; | |
| "m" = "newMessage:"; | |
| "r" = "replySender:"; |
I've been playing around with a Raspberry Pi hosted with Mythic Beasts and wanted a way to keep a large number of infrequently-accessed files on the server. A cost-effective place to store such data is on Amazon S3. After looking around at ways to mount an S3 bucket on the Raspberry Pi and have it appear as a regular filesystem, I came across s3backer. This provides a single file, divided into blocks, each of which is stored as an S3 object. A filesystem is mounted onto this file using a loopback mount. This setup has many benefits which are explained well in the README. Here's how to set it up on the Raspberry Pi.
I'm going to assume that you have an S3 bucket mybucket created and a user with credentials to access it. Although not explicitly specified, some of the commands below need to be run as root.
First, install prerequisites (the first line is
With heightening concern regarding the state of internet privacy (fuelled in part by the passing of the Investigatory Powers Act in the UK), I have set up a VPN server on the virtual server I have hosted with Mythic Beasts. This uses strongSwan and certificate-based IKEv2 authentication.
Assumptions:
debian.example.com, a public IPv4 of 203.0.113.1 and a public IPv6 of 2001:db8::1meFor automated deployment of a similar setup, albeit Ubuntu-based and using ansible for deployment, I recommend you take a look at Algo VPN. I used that project as a basis for my configuration.
First, install the necesssary packages:
% apt-get install libpam-oath oathtool
Generate a key and write it to /etc/users.oath (NB the key will be in hexadecimal; if you are using Authy you will want to convert it to BASE32):
% KEY=$( head -c 1024 /dev/urandom | openssl sha1 | awk '{ print $2 }' )
% echo "HOTP/T30/6 andrewlkho - ${KEY}" >> /etc/security/users.oath
% chmod 600 /etc/users.oath
These instructions are for implementing HTTPS on a NFSN-hosted static site using a certificate from Let's Encrypt. The certificate is generated manually on a separate computer.
Start off by installing the letsencrypt client. This requires sudo privileges and will install a bunch of packages:
% curl -O https://dl.eff.org/certbot-auto
% chmod +x ./certbot-auto
% ./certbot-auto
Generate the certificate. This will require you to publish some challenge responses on NFSN. I find it easiest to use tmux with letsencrypt running in one window and an SSH session to NFSN in another:
This was originally posted on 2009-08-04 to http://andrewho.co.uk/weblog/debian-powerbook-g4-network-install
I'm currently in the process of seatting up Debian GNU/Linux (Lenny, the latest stable) on my PowerBook G4 (12-inch; bought circa August 2004 in the UK). I'm going to post a few bits and bobs here both to serve as a reference to myself but also to help anyone else who follows in this endeavour.
The SuperDrive on my PowerBook no longer works, so I had to do a completely network-based install (it also feels a bit cleaner this way). I couldn't place the files on the hard drive for booting as the installer can't boot from HFS+
| # The following example imports subkey DF6C5C29 into a secret keyring that | |
| # already contains 55C794A2 | |
| % gpg --list-secret-keys | |
| sec 4096R/AF72A573 2012-06-17 | |
| uid Andrew Ho <andrewho@andrewho.co.uk> | |
| ssb 4096R/55C794A2 2012-06-17 | |
| % mkdir 55C794A2 | |
| % cd 55C794A2 |
This was originally posted on 2007-03-17 to http://andrewho.co.uk/weblog/lossless-jpeg-rotation
I've been going through photos from Halfway Hall, and a lot of them have been taken vertically. The Canon camera I use (a compact) has a gravity sensor that can autorotate photos for you as it writes them; the way it does this is by using an EXIF tag which tells you how the image should be oriented. For example, if I take a picture with the camera rotated by 90 degrees:
% identify -format '%[EXIF:Orientation]' ./IMG_1120.JPG