T3CH.com

Offering SFTP-only jailed user accounts is useful in many scenarios such as shared web hosts, storage space for friends, etc.

This tutorial is specific to CentOS 5.4 x86 64-bit. Other flavors will vary.

** Make sure you are root or using Sudo

1. Upgrade to OpenSSH 5.x

## fetch the packages
wget http://fs12.vsb.cz/hrb33/el5/hrb-ssh/stable/x86_64/openssh-5.1p1-3.el5.hrb.x86_64.rpm
wget http://fs12.vsb.cz/hrb33/el5/hrb-ssh/stable/x86_64/openssh-clients-5.1p1-3.el5.hrb.x86_64.rpm
wget http://fs12.vsb.cz/hrb33/el5/hrb-ssh/stable/x86_64/openssh-server-5.1p1-3.el5.hrb.x86_64.rpm

## upgrade OpenSSH
rpm -Uvh openssh-*

2. Comment out the following line in ‘/etc/ssh/sshd_config’

Subsystem     sftp     /usr/libexec/openssh/sftp-server

3. Append these lines to the end of ‘/etc/ssh/sshd_config’

Subsystem     sftp     internal-sftp
Match Group sftponly
    ChrootDirectory /home/%u
    ForceCommand internal-sftp
    AllowTcpForwarding no

4. Add the ’sftponly’ user group

groupadd sftponly

5. Modify the user’s group and shell

(I’ll use the completely random username: bree_olson)

usermod -g sftponly bree_olson
usermod -s /bin/false bree_olson

6. Set the proper filesystem permissions

(Bree’s home directory is /home/bree_olson and her website is in /home/bree_olson/public_html)

chmod 755 /home/bree_olson/
chmod 755 /home/bree_olson
chown root:root /home/bree_olson
chown bree_olson:sftponly /home/bree_olson/public_html

7. Restart the SSHD daemon

/etc/init.d/sshd restart

And that is it! Just be sure to repeat steps 5 and 6 for all the pornstars users that you wish to lockdown.

1. PdaNet

Tether your phone’s data connection to your computer. Now I always have an emergency internet connection.

2. StatusNotes

Create custom notifications in your status bar. I love being able to set a quick reminder on the fly. For short-term tasks and reminders that would otherwise get lost in RTM, I turn to Status Notes as an extension of my human memory.

3. Pandora Radio

I am addicted to Pandora and couldn’t write code without it.

4. Image Transfer

Wirelessly transfer your photos to your computer’s shared folder with 1 magical button. This saves me so much hassle of dealing with USB cables. Oh and I developed this app

5. Google Voice

Use your Google Voice # for outbound calls and SMS. I don’t even know my Verizon assigned phone number!

6. ConnectBot

SSH. Perfect for emergencies, just be careful when your root

7. SplashID

Store all your passwords and important info in SplashID. It syncs wirelessly to your computer. This app has saved me countless times.

8. IP Cam Viewer

Keep an eye on your IP cams. Works great with my Panasonic cams and even supports pan/tilt/zoom controls.

9. Remember The Milk

I would not be able to function without lists. With a RTM pro account, you can sync your tasks to rememberthemilk.com.

10. Listen

Podcasts! Turns your commute into productivity. I spend much less time reading my news feeds and now listen to the podcast versions.

11. Twidroid

A very slick Twitter client that is not bloated and gets the job done well.

12. Evernote

I use Evernote for my personal knowledge base. Having this data with me on my phone definitely comes in handy.

Keeping track of code snippets, network diagrams, IP allocations, complex syntax and everything else that a typical coder/sysadmin deals with requires a solid knowledge base.

I am using Github for code snippets and Evernote for everything else.

Gists at Github are excellent for storing code snippets. They can even be made public so others could use them also. I was using Snipplr up until now, and it worked out great especially with the TextMate integration. Since I moved my code repositories to Github, I wanted to everything in 1 central place.

Evernote allows you to make separate notebooks and tags which makes organizing your knowledge base pretty simple. The best part though, is the syncing. I am using the Mac and Android apps which sync to evernote.com, so I always have access to my stuff. Adding any type of files within a note is super handy. For instance, I put my network diagram OmniGraffle file in a note and now when I edit the file in OmniGraffle, it automatically saves in the Evernote! Evernote seems to offer a ton of features such as OCR and sharing, but I haven’t explored them much yet.

I am very excited about how both of these services will be increasing my efficiency as I move more of my data into Evernote and Github. Should save tons of time by having access to this info anywhere I go and eliminating having to search a variety of sources.

Introducing “Image Transfer” for Android. Officially available now in the Android Market!

I was looking for a way to wirelessly transfer the images from my Droid to my computer. There are several file manager apps that will do this, but I wanted a super simple magic button. So I developed Image Transfer for Android using JCIFS (Java CIFS Client Library).

The app is quite simple. The only requirements are that you have a shared folder on your computer and your Android device is on the same wireless network. After setting up your shared folder, just add your destination computer IP address and the folder to transfer images to along with your username and password in the settings menu. Then just press ‘Start Transfer’ whenever you want to transfer your pictures. Here are some screenshots…

Along with the device’s default time zone, output is now also displayed in GMT for conversions by utilizing the java.util.TimeZone class.

If your not using the Android Market by Google, download the package at Github

Attended the Android Developer Lab at Google in NYC yesterday and had a blast playing with the Nexus One and several other devices. The presentation and Q/A was filled with topics such as developing for multiple hardware configurations, inter-application communications, marketplace strategies and the do’s and dont’s of Android development. We all know that Google is super developer friendly… and they showed their love yesterday by giving every developer a free Motorola Droid device!

Checkout the world’s largest Nexus One:

Just published my first Android application in the Android Marketplace

Developing for Android isn’t too complicated at all. You need to have a firm grasp on Java and then learn how to work with the Android SDK and build layouts (which are XML btw). I am now working on a desktop widget that could live actively on any of the Android virtual desktops.

To install on your Android device, search for ‘Unix Epoch Converter’ in the Android market or scan this QR code:

Here are some screenshots:

Home Screen

Convert to unix timestamp

I had to build a simple Android video player while reading “Hello, Android” Second Edition by Ed Burnette. I am about half way through this book, and it is excellent! The author gets right to the point and the lessons are completely hands on.

After completing the short video player tutorial, you notice how the video restarts after device configuration changes, such as a screen rotation. The book suggests using the ‘onRetainNonConfigurationInstance()’ and ‘getLastNonConfigurationInstance()’ methods to save data which would otherwise be lost during the ‘onCreate()’ and ‘onDestroy()’ methods. I decided to figure this out on my own and… it works

The code is basic and probably has some inefficient stuff, but I think it is a sufficient example of saving the video state. Keep in mind that the ‘getLastNonConfigurationInstance()’ method is great for any instance that needs to be able to transition smoothly during changes such as a screen rotation.

package org.example.video;

import android.app.Activity;
import android.os.Bundle;
import android.widget.VideoView;
import android.util.Log;

public class Video extends Activity {

	public static final String TAG = "Video";
	private VideoView videoObject;
	private String videoLocation;
	private int videoPosition;

	@Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

        // create view
        setContentView(R.layout.main);

    	// initialize video object
        videoObject = (VideoView) findViewById(R.id.video);

        // attempt to get data from before device configuration change
        Bundle returnData = (Bundle) getLastNonConfigurationInstance();

        if (returnData == null) {

        	// first startup
        	Log.d(TAG, "Player started for 1st time");

	        // set video path
	        videoLocation = "/sdcard/DCIM/Camera/video-2010-01-10-15-21-17.3gp";
	        videoObject.setVideoPath(videoLocation);

	        // play video
	        videoObject.start();

        } else {
        	// restart after device config change
        	Log.d(TAG, "Player re-started after device configuration change");

        	// fetch data from bundle
        	videoLocation = returnData.getString("LOCATION");
        	videoPosition = returnData.getInt("POSITION");
    		Log.d(TAG, "Video location: " + videoLocation);
    		Log.d(TAG, "Video position: " + videoPosition);

    		// apply properties to new object
	        videoObject.setVideoPath(videoLocation);
	        videoObject.seekTo(videoPosition);

	        // play video
        	videoObject.start();
        }
    }

	@Override
	public Object onRetainNonConfigurationInstance() {
		// Device configuration changed
		// Save current video playback state
		Log.d(TAG, "Saving video playback state");
		videoPosition = videoObject.getCurrentPosition();
		Log.d(TAG, "Video location: " + videoLocation);
		Log.d(TAG, "Video position: " + videoPosition);

		// Build bundle to save data for return
		Bundle data = new Bundle();
		data.putString("LOCATION", videoLocation);
		data.putInt("POSITION", videoPosition);
		return data;
	}

}

Nothing revolutionary here, but this is a super quick and simple way to monitor the availability of your network nodes via ICMP.

Prerequisites:
- Ability to send mail from the server running the script
- ICMP connectivity to each target node
- DNS provider that does NOT rewrite domain errors (NXDOMAIN redirect)

1. Create a file with a list of nodes (I used ‘nodes.list’) and make it relative to your script. Use IP addresses or FQDNs if you always trust DNS….

nodes.list:

monitor02.t3ch.com
monitor03.t3ch.com
10.10.0.72
www.t3ch.com
mail.t3ch.com

2. Create the following BASH script, tweak $SOURCE and $TO.

#!/bin/bash

SOURCE="monitor01.t3ch.com"
SUBJECT="Network Alert: Node unreachable"
TO="youremail@t3ch.com"
MESSAGE="/tmp/network_monitor-message.txt"

for ipaddr in `cat nodes.list`;
    do
        if ! ping -c 1 $ipaddr
            then
                echo "Node: $ipaddr" > $MESSAGE
                echo "When: `date`" >> $MESSAGE
                echo "Source: $SOURCE" >> $MESSAGE
                /usr/bin/mail -s "$SUBJECT" "$TO" < $MESSAGE
                rm $MESSAGE
        fi
done

3. Create a cron job. Here is an example that performs the checks every 5 minutes:

*/5 * * * * /opt/apps/network_monitor/network_monitor.sh >> /dev/null 2>&1

4. Test out the script by adding a few bogus IP addresses to the nodes.list source file. Then remove them.

5. Sit back and relax, then begin troubleshooting when you get your first alert

When integrating with a web service that requires ssl, I find it helpful to write code to use a non-ssl web service. This will ensure that you can debug your code without worrying about ssl certificate issues and such. I use Socat to establish the ssl connection and then point my code at the local port serving normal http.

Install Socat (a network relay utility) available at http://freshmeat.net/projects/socat/

Establish the SSL connection:

socat tcp4-listen:9090,fork openssl:10.2.0.43:443,verify=0,cafile=/opt/apps/config/cacert.pem,key=/opt/apps/config/local.key,cert=/opt/apps/config/local.crt

Use localhost:9090 as the web service URL during development / testing.

Be sure to get your code working with the real ssl enabled web service prior to deploying the app in production.