LUG Meeting Notes - 4/22/16

Posted on Fri 22 April 2016 in Meeting Minutes • Tagged with linux, programming, python, networkingLeave a comment

I had a great time at the Fox Valley Linux User Group meeting this month. This month's topic was "talk about whatever" and I picked up a lot of great knowledge. Also, two new people attended the meeting and a couple of newbies came back.

I took some fractured notes and collected some URL's. Please note that this list below is not intended to be very verbose or complete - if you really want to be part of the conversation you'll just have to attend next month :-)

Installation

Programming / Scripting

Text Editors

There seems to be a ton of free Chrome and Javascript-based text editors out there now. Here's the ones that I heard about during the meeting:


Stupid Unix Tricks - Bash Math Captcha

Posted on Mon 29 February 2016 in Tutorial • Tagged with bash, scriptingLeave a comment

Let's say that you have a shell script that you run very frequently on pre-prod servers but very infrequently in your prod environment because it can cause outages or performance issues. Wouldn't it be nice if you had some sort of pre-execution hook that notified you that you were a "dangerous" script in prod?

Sure, you could just add a "yes/no" prompt to the script if it's being executed on a prod server, but that's so boring. Wouldn't it be even cooler if you had to answer a random math problem first? I was inspired by the Google Mail Goggles plugin to write something just like that in Bash.

function math_captcha() {

   ### First let's generate two random numbers < 10
   RANGE=10
   num1=$RANDOM
   let "num1 %= $RANGE"
   num2=$RANDOM
   let "num2 %= $RANGE"

   ### Next let's calculate the sum of those numbers
   real_sum=$(echo "$num1 + $num2" | bc)

   ### Now let's see if I can do simple addition
   echo "What's $num1 plus $num2?"
   read -r entered_sum

   [ "$entered_sum" -eq "$real_sum" ]

}

Here's what I'm doing. First, I'm using the special $RANDOM function to return a random value. Next, I'm dividing the number by $RANGE and returning the remainder using the mod-equal operator %=.

So now I have two numbers under 10. I the use bc to add them together. Yes, I know I can perform arithmetic using Bash, but I'm old-fashioned. And yes, I know this isn't posix-compliant :-)

Next I ask the user to answer the simple math problem and save the value in the $entered_sum variable. Finally, I compare that user-entered value with the result of the bc command in the last line.

That last line may be a little confusing. All it's doing is seeing if the left operand is equal to the right operand using a numeric operator -eq. This command will return 0 (which is good) if the values are equal and a non-zero value otherwise (which is bad).

So how do you invoke this function? It's very simple:

if ! math_captcha ; then
     echo "Sorry, something went wrong."
     return 1
fi

some_dangerous_code

Line one of this code snippet is actually one of my favorite patterns in Bash. It's a very elegant way of testing whether function or script's return code is non-zero (which is not what you want). The alternative way to execute the captcha function would look like this:

math_captcha
ret_code=$?

if [ "$ret_code" -ne 0 ]; then
    echo "Sorry, something went wrong."
    return 1
fi

some_dangerous_code

Both of these code snippets work the same way, but I think you'll agree that the first example is easier to type without errors and much more intuitive, even for beginning shell scripters.


Using The Eisenhower Matrix In Emacs Org-Mode

Posted on Tue 29 December 2015 in Tutorial • Tagged with emacs, org-mode, productivityLeave a comment

I just finished reading the The Procrastination Matrix article on the Wait But Why blog and it really spoke to me. I'm a big fan of using Org-Mode in Emacs to organize all of my tasks, and I wondered if I could make both of these systems work together. Naturally, Org-Mode makes it really easy, and here's how I did it.

Easy Tagging

First, I need to be able to categorize my TODO's as being urgent, important, or both. The easiest way to do this in Org-Mode is to use tags that looks something like this:

** TODO Pay bills                                                    :urgent:

You can easily add tags using the C-c C-c command, but I like to make things even easier by using the org-tag-alist variable:

(setq org-tag-alist '(("important" . ?i)
                      ("urgent"    . ?u)))

Now when I tag a TODO item, I simply need to type i or u to tag it as important and/or urgent.

Canned Searches

Now that my TODO's are tagged I would like to be able to look at all 4 quadrants quickly and easily. I can do this in Org-Mode by setting the value of the org-agenda-custom-commands variable. Here's what I have:

(setq org-agenda-custom-commands
   '(("1" "Q1" tags-todo "+important+urgent")
     ("2" "Q2" tags-todo "+important-urgent")
     ("3" "Q3" tags-todo "-important+urgent")
     ("4" "Q4" tags-todo "-important-urgent")))

Q1 stands for "quadrant 1" and contains all TODO's that are tagged as both important and urgent. Q2 contains all of the TODO's that are tagged as important but not urgent. And the rest should be pretty self explanatory.

Now when I press C-c a I see my usual agenda search dialog with the following lines at the bottom:

1    Q1        : +important+urgent
2    Q2        : +important-urgent
3    Q3        : -important+urgent
4    Q4        : -important-urgent

I can then see all of the tasks for a given quadrant by pressing the corresponding number.

That's It!

Once again Org-Mode has proven itself to be very easy to customize. It literally does everything for me but complete my tasks and show the Instant Gratification Monkey who's boss.


Do Coinbase Payments Require An Active Browser Session?

Posted on Tue 22 December 2015 in Tutorial • Tagged with bitcoin, coinbaseLeave a comment

Recently I was experimenting with an offline bitcoin wallet and I wanted to use it to make a donation to mozilla.org. Mozilla uses Coinbase to process their bitcoin transactions, which means that the process goes something like this:

  1. You initiate the transaction on the target site (e.g. mozilla.org).
  2. You are redirected to the Coinbase page for that organization where you are presented with a unique payment hash and a 15-minute countdown timer.
  3. Using whatever wallet application you want (which for me is usually Electrum) you send the necessary funds to that payment hash.
  4. The Coinbase page typically updates with a confirmation message within 5 seconds of you broadcasting your transaction to the bitcoin network.
  5. The confirmation page also typically includes a link back to the originating site.
  6. Also, you may receive an email confirmation message from the originating site.

I've used this process from Coinbase about half a dozen times and it has worked very well. However, due to my offline wallet's screwy, experimental setup [1] I realized that I would need to reboot my computer between steps 2 and 3 above.

This realization caused a few questions to cross my mind:

  • Does Coinbase require a valid browser session to mark a transaction as being legitimate? That is, what happens if my browser crashes after I initiate a new bitcoin transaction using a Coinbase-supplied hash but before the transaction is broadcast to the network? Can't Coinbase just use the payment hash as the unique identifier for the transaction instead of some session cookie?
  • My understanding is that a bitcoin payment hash is valid forever. Therefore, even if the 15-minute timer runs out I can still transfer bitcoins to it. So if I did, where does that money "go" (i.e. who owns that hash)? Does Coinbase sit on it? And how would I even know [2]?

I wish I could say that I can answer both of these questions, but today I decided to focus on the former. I looked in a bunch of places, including the Coinbase Merchant Checkout API docs (which seem to be fairly decent). However, I couldn't find any notes on whether a session was required.

So I decided to test it out myself and blog about it, which means that it's disclaimer time!

Warning Time

Warning

I am not a professional security analyst and I do not guarantee that what I did below will work the same way for you. These are simply my notes on what worked for me in a very limited test. If you want to try something similar then please ensure that you are only "playing" with very small amounts of money. The Bitcoin ecosystem can change quite a bit in a very short amount of time and a lot of aspects are still very, very complicated. So, even if you follow my notes below exactly you may get very different results!!!

Not The Warning

Phew, glad that's over :-) The good news is that my transaction was processed properly even though I rebooted my computer between steps 2 and 3 above. Naturally, since my browser was also restarted during that time steps 4 and 5 also did not happen. However, step 6 did happen when I received a confirmation email message from Mozilla.

So of course, this leads to a lot of other questions:

  • How much of this is due to how Coinbase Merchant Checkout system is designed and how much of it is due to how Mozilla is using that API? If I was to try the same test with another Coinbase customer such as Overstock.com would I get the same results?
  • How do other bitcoin payment processors (such as Bitpay) handle the same situation?

These are questions that I'll have to look into on another day. However, I hope that this information is helpful for at least a few other people.

Footnotes

[1]Please note that you don't have to do anything this screwy to use offline wallets. I had to do this because of the weird way that I set everything up.
[2]Of course, right after publishing this article I found this link that explains how late payments are handled.

"From Vim To Emacs" Presentation

Posted on Tue 15 December 2015 in Presentation • Tagged with lisp, emacs, clojure, vimLeave a comment

Here's a presentation that I'm going to give at the December 2015 meeting of the Fox Valley LUG. It's a quick overview some things that Emacs does really well that's targeted at Vim users.