Internal Gravatar type service

Since arriving at my new job (excellent ta, thanks for asking) I've once again come across some internal pages that it'd be nice to associate mugshots with (thumbnail is fine) in a service just like gravatar offer. In fact, exactly like gravatar offer... then it could be used with some minimal URL re-writing and minor code changes in applications

IMHO when you have a corporate photo-id upon your person, then this should be available on the intranet - it shouldn't be *that* hard to use the same algorithm on a small webserver vhost to select a suitably sized photo (since its corporate, these can be mapped automatically to LDAP or some other identity management service) entries.

Perhaps I'll have a code, but not next week as we have new toys arriving from our vendor (rhymes with  'play') finally :-)

qlock something clone

Much as I like the design of the qlock two, I really can't ever justify the price of buying one. Although there are designs for clones on instructables.com, I'm going to rework the design using addressable RGB strips rather than individual white LEDs - it means there's more work in the woodwork of the casing (to prevent bleeding to adjacent cells) but should provide for nicer coloring - being able to fade in the current time from the background colour (which will be hooked to the house MQTT feed for things like power / temperature etc) Oh, and it'll be NTP synced.

Not sure what I'll use as the main controller yet - possibly a R-Pi as its a bit more flexible than the standard arduino. Anyway, once I've worked out the pitch, it's time to learn vcarve down at the local hackerspace.

Virtual hostnames with Debian and dhcp

At $dayjob we have a large number of Linux Virtual Machines runnining on Hyper-V.

Most of these run Scientific Linux / Scientific Linux CERN, but we have a requirement to run debian hosts too.

Some observations that may help others:

Linux Integration Components
Even the latest MS ones (3.4 at last count) don't support debian / ubuntu. Hoever if you're running squeeze (6.0.x) then there's a 3.2 backport kernel available in debian backports that seems to work fine

Templates / DHCP hostnames
I noticed that our debian template host wasn't setting the hostname (assigned via dhcp) so using the example at http://nullcore.wordpress.com/2011/12/09/setting-the-system-hostname-from-dhcp-in-ubuntu-11-10/ I worked on a similar script that doesn't end up with a trailing period in the FQDN and appends to /etc/hosts if needed

lo:<pre>

#!/bin/sh
# Filename:     /etc/dhcp/dhclient-exit-hooks.d/hostname
# Purpose:      Used by dhclient-script to set the hostname of the system
#               to match the DNS information for the host as provided by
#               DHCP.

# Based on http://nullcore.wordpress.com/2011/12/09/setting-the-system-hostname-from-dhcp-in-ubuntu-11-10/

# Do not update hostname for virtual machine IP assignments
if [ "$interface" != "eth0" ]
then
    return
fi

if [ "$reason" != BOUND ] && [ "$reason" != RENEW ] \
   && [ "$reason" != REBIND ] && [ "$reason" != REBOOT ]
then
        return
fi
hostname=${new_host_name}.${new_domain_name}

#echo dhclient-exit-hooks.d/hostname: Dynamic Hostname = $hostname
#echo dhclient-exit-hooks.d/hostname: Dynamic IP address = $new_ip_address

echo $hostname > /etc/hostname
/etc/init.d/hostname.sh

# and append to hosts
grep -q $hostname /etc/hosts
if [ $? -eq 1 ] ; then
     echo "$new_ip_address $hostname $new_host_name" >> /etc/hosts
fi

</pre>

Rant

[aelwell@pcitgtelwell ~]$ man dvbnet
No manual entry for dvbnet
[aelwell@pcitgtelwell ~]$ dvbnet --help

DVB Network Interface Manager
Copyright (C) 2003, TV Files S.p.A

dvbnet: invalid option -- '-'
Segmentation fault (core dumped)
[aelwell@pcitgtelwell ~]$ dvbnet -h

DVB Network Interface Manager
Copyright (C) 2003, TV Files S.p.A

Segmentation fault (core dumped)

that is all.

k-net / ipv6 / toastman / tomato USB

I have a reflashed router using the toastman mod - which works really well *but* the ipv6 configuration pages miss out one crucial setting when configuring the native ipv6 stack from k-net here, notably the WAN ipv6 address...

ssh root@router and
# ip addr add 2A03:4980::XXXX/96 dev vlan2 (IP D'interco)
# ip -6 route add default via  2A03:4980::11:0:1 (Gateway)

and lo, it should now work from clients on lan.

Blogging so I know where to find the info next time...

Alice and Bob go hashing

Alice wants to share some files with Bob over a public medium. Alice's computer is presumed 'secure'

she can easily generate a nice long 'passprase' by generating a cryptographic hash of the plaintext (say sha256sum) and use this as a key for a symmetrical crypt

ie

alice$> echo "hello world" > plaintext # generate sample input file
alice$> sha256sum plaintext # a948904f2f0f479b8f8197694b30184b0d2ed1c1cd2a1ec0fb85d299a192a447

and then crypt the file


alice$> openssl aes-256-cbc -in plaintext -out ciphertext
enter aes-256-cbc encryption password: [SHA256SUM GENERATED ABOVE]
Verifying - enter aes-256-cbc encryption password: [ditto]
alice$> ls -l plaintext ciphertext
-rw-rw-r--. 1 alice alice 32 Nov  7 16:01 ciphertext
-rw-rw-r--. 1 alice alice 12 Nov  7 16:00 plaintext

Alice can then send the symmetric key to Bob via their normal secure channel (assumed to be working)

and bob can decrypt with

bob$> openssl aes-256-cbc -d -in ciphertext 

enter aes-256-cbc decryption password: [SHA SUM]

hello world

So - is using a hash function a Bad Idea? 

The method is predictable -- yes but Mallory would need to know the plaintext (in which case, game over) to generate quickly, or would need to bruteforce ($time++)

Discussions / comments welcome

Metering Musings

I've been intermittently trying to get our smart metering datafeed out to to a server for better logging, but I don't want to run a 300W PC to tell me my baseload in the house is 300+N W. There are several clamp meter / arduino designs thanks to the folks like OpenEnergyMonitor and Nanode, but things should be easier as there's a nice serial out already documented by ERDF (there's also the upcoming 'linky' interface but we're still on old-school)

How much does all this malarkey cost -- off the shelf there are USB opto interfaces, but they're about €50 each (erk) I originally purchased an arduino datalogger shield (€40 + an arduino) hoping to use it with a nanode, but I  didn't get ethernet sending working (even after the slight hardware mod) - possibly due to known issues with stash depletion

So - where do we go (cheaply) from here? a R-Pi gives me cheap hardware with more stable ethernet but I'd have to interface in the opto tty interface (gpio? usb?) as there's no onboard serial. Plan B is to use my bifferboard and use the console interface: small, yep. Low power, yep. Decent ethernet and OS (openwrt) - yes.

So, time to order some parts and get down to prototyping...