Category: Hacking

  • Shell Nuggets: Musing on Dates

    Nigh ever day I happen across some gem tucked away in the opaque vista of the *nix command-line shell.   While attempting to contrive the proper arguments for a date command interpolation, the following editorial injection from its GNU info entry caught my fancy.

    28 Date input formats
    *********************
    First, a quote:
    Our units of temporal measurement, from seconds on up to months,
    are so complicated, asymmetrical and disjunctive so as to make
    coherent mental reckoning in time all but impossible. Indeed, had
    some tyrannical god contrived to enslave our minds to time, to
    make it all but impossible for us to escape subjection to sodden
    routines and unpleasant surprises, he could hardly have done
    better than handing down our present system. It is like a set of
    trapezoidal building blocks, with no vertical or horizontal
    surfaces, like a language in which the simplest thought demands
    ornate constructions, useless particles and lengthy
    circumlocutions. Unlike the more successful patterns of language
    and science, which enable us to face experience boldly or at least
    level-headedly, our system of temporal calculation silently and
    persistently encourages our terror of time.
    ... It is as though architects had to measure length in feet,
    width in meters and height in ells; as though basic instruction
    manuals demanded a knowledge of five different languages. It is
    no wonder then that we often look into our own immediate past or
    future, last Tuesday or a week from Sunday, with feelings of
    helpless confusion. ...
    -- Robert Grudin, `Time and the Art of Living'.
    This section describes the textual date representations that GNU
    programs accept. These are the strings you, as a user, can supply as
    arguments to the various programs. The C interface (via the `get_date'
    function) is not described here.
    
    

    Now back to work.

     

  • ssh: no matching cipher found

    After a recent Ubuntu upgrade on my home machine, ssh attempts to it from the VirtualBox instance at work stopped working.   Here’s what ssh spewed back at me:

      no matching cipher found: client blowfish-cbc,arcfour server aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com

     

    Impatient, I just logged in from another machine.  The VM runs CentOS 5.10 so that its environment is comparable with what [used to be] present on the majority of our production servers.   I’m an anti-RedHat bigot in the first place, and didn’t want to hunt down repos and upgrade my ssh.

    That was not necessary.  The problem was a “Ciphers” line I’d added to my ~/.ssh/config, intended to prefer  (“Googallegedly”) faster encryption methods.   Adding all but those that resemble email addresses seems to have fixed the issue.   My “Ciphers” line now looks like this:

      Host *
      Ciphers blowfish-cbc,arcfour,aes128-ctr,aes192-ctr,aes256-ctr

     

    The ciphers may be defined in your system /etc/ssh/ssh_config.  Check around.  If you can’t find it anywhere, try this:

      sudo find  ~/.[a-z]* /etc -path '*ssh*' -type f | sudo xargs fgrep Cipher

     

    Anyway, that was my fix.   Right on in, easy-peasy lemon-squeezy.

     

  • Thunderturd! or: How I Learned To Stop Griping and Allow Remote Content

    I’m working from home, and our company’s outsourced webmail leaves much to be desired.  My desktop is Windows 7, since it offers the compatibility necessary in the corporate world, while most of my work is done through an xterm launched from my Linux box over CAT6.

    Rather than keeping up multiple webmail windows or collecting them all through one service (which usually leaves me with duplicate synchronizations across devices), I decided to choose an email client.  First, it was Windows Live Mail, and I liked it– for the most part.  Then, we were asked to standardize on a signature with images, and Live Mail didn’t seem to allow that.  It also didn’t have much flexibility in quoting replied messages.

    I tried Outlook 2007 for a while, but it began hanging on IMAP more frequently than my blood pressure would comfortably allow.  I’d given Mozilla’s Thunderbird a whirl, but something about it really pissed me off at the time.  I tried it again.

    Decent.  Open Source, so there are updates, and I could hack the goddamned code if I wanted to fix something real hard.  The most annoying quirk was the “Allow remote content?” pop-in panel.  It seemed to have an all-or-one idea of what should be allowed, where one could show all remote content, or approve single email addresses.  This was a nuisance with, for example, notifications from Google+, which are “From” a generated email address.  Thus, adding that address to your contents did nothing but bloat your contact list.

    A bit more digging found that Thunderbird had the same “about:config” back-door to its internal configuration properties as its brother-father-cousin Firefox and Mozilla and Netscape, and within there was a mail.trusteddomains setting.  One opens this menu through the “Tools” option in the menu-bar, under “Options…”, and then:

    thunderturdOptionsWindow

    According to the arcane documentation available, opening this dialog and setting this property to a comma-delimited list of domain names would instruct Thunderbird to automatically load content (n.b.) from those domains.  Each entry should be a single base domain name– not a subdomain.  That is, “google.com” rather than “plus.google.com”.

    Adding “google.com” didn’t work.  I searched some more, then this morning came across a question on a Thunderbird support site — posted almost a year ago and without a resolution.  So, I went to semi-angrily post my response, then realized– “Hey, me.  It surely isn’t just white-listing domains based on an email address.  If it were, anyone using a gmail account could just plop in an externally-hosted image in an HTML message and have it trusted.”  So, I viewed the source of this particular Google+ notification.

    Two images: one from googleusercontent.com and another from gstatic.com.

    Short answer?

    Set mail.trusteddomains to google.com,googleusercontent.com,gstatic.com 

    thunderturdAboutConfigWindow

    And now, they will load.  This won’t help much if images are loaded from a CDN, and it’s a bit of a nuisance to “View Source” on a message, search and record each “img” tag’s domain, then add them all to the property, but– it works.

    One final commentary which would be a sidebar if I knew how to do it in WordPress: Why not just allow all remote content?  At first, even though I’m a hacker and a cracker and I think I always will, I almost just said “fuck it, it’s just cookies!”  A second later, I realized that any image being loaded involves a hit to where that image is hosted, and while that URL might indicate it’s just plucking a .jpg, it could be doing anything.  It probably isn’t running a script on your mail client (I doubt Thunderbird would allow that), but it could certainly be recording that the message was read, and where it was read from, and all manner of other invasive maneuvers.  At its most innocuous, it could serve as a reasonably accurate “Read Receipt” for mail sent to anyone who trusts you– although they probably won’t trust you as much if/when they realize you’re doing that.

    Enjoy.