Ssh-agent is a great program that lets you add the password to your SSH private key to memory, and then you don’t need to type in the ssh key passphrase every time. The basic usage is that you start BASH as a child of ssh-agent, and then use a program called ssh-add to prompt you for the password and store it in memory.

On OS X, there’s a GREAT program called SSHKeychain that handles this, storing the password in your OS X keychain, so it’s really seemless.

On Linux, you need to type in “ssh-add” manually every time you want to store the key, and after that your SSH sessions will be seamless.

However, I’m always forgetting to do that, and thus getting prompted for the password. Too many seams. I added the following code snippet to the end of my .bashrc file, and thus, every time I open a bash shell, it checks whether ssh-agent has any keys in memory. If it does, the shell starts as normal. If ssh-agent doesn’t have any keys in memory, it prompts you for the password. Simple, and as seamless as I can make it.

## Add key to ssh-add if it has not been added.

ssh-add -l &> /dev/null
SSHADDRESULT=$?
if [ "$SSHADDRESULT" -ne "0" ]; then
ssh-add
fi

UPDATE 2008-07-02: Here’s a much more succinct way of writing that:

ssh-add -l &>/dev/null || ssh-add

I need to start going to conventions, user group meetings, etc. — immediately I’m going to start attending the Los Angeles Linux User Group meetings and the local Python SIG. I’m not sure what else I’m going to do, but it’s becoming obvious that I don’t scale — that the long-term solution is NOT for me to increase my skills, as I’ve been doing, but to hire people who have the skills.

That said, in the short term, it’s clear that there’s three technical areas where I must improve my skills:

1. I need to be a world-class guru in apt-based package management.
2. I need to greatly improve my skills at low-level TCP/IP issues — packet captures, diagnosis of networking problems, etc.
3. I need to greatly improve my skills at dealing the Linux kernel, on all levels — compiling, kernel options, loadable modules & drivers, etc.

I guess it’s good to have a clear vision of where I need to go. Now I need to get there.

I’ve written an introduction to SPBS, and the reasons I’m writing it here, at http://code.google.com/p/spbs/wiki/SPBSIntroduction

Some background: There’s a very useful website located at whatismyip.com, which reports the IP you used to connect to the site. If you’re on a computer behind a router which does NAT (Network Address Translation), you can’t find out what your external IP is by issuing commands on the computer. Your computer’s address is (for instance) 192.168.1.5, but when traffic reaches the router, the router translates (with NAT) your address to an external IP address, such as 34.23.64.9 (an IP address I just made up).

WhatIsMyIP.com (and other sites like it) sprang up to fill that void, and give you a simple way of finding out what external IP address you’re using.

Ubuntu Geek’s script fetches the whatismyip.com page with wget, parses it to find the IP address, and prints the IP address.

I tried it on my OS X box, and it didn’t work, because wget isn’t installed on OS X — but curl, a similar tool, is.

So I started modifying the script to use curl — and discovered an interesting comment in the source code to whatismyip.com’s page:

<!–Please set your code to scrape your IP from www.whatismyip.com/automation/n09230945.asp Please set your code to hit this page at a REASONABLE pace. For more info, please see our “What’s New” page.–>

Hitting that link gets you just your IP address, which has two benefits over Ubuntu Geek’s implementation — it means you have no parsing to do, and it gives a SIGNIFICANTLY lower load to WhatIsMyIP’s servers. (It’s rude to slam someone else’s servers with an automated script — even though a script that simply fetches a web page once doesn’t slam a server, 10,000 people running that script would.)

Here’s my take on Ubuntu Geek’s BASH script:

#!/bin/bash

echo -n “Your external IP Address is: ”
curl http://www.whatismyip.com/automation/n09230945.asp
echo “.”

For comparison’s here’s Ubuntu Geek’s original script:

#!/bin/bash

echo Your external IP Address is:
wget http://Www.whatismyip.com -O – -o /dev/null | \
grep ‘<TITLE>’ | sed -r ’s/<TITLE>WhatIsMyIP\.com \- //g’ | \
sed -r ’s/<\/TITLE>//g’
exit 0

Moral of the story? Always look for a simpler way of doing things.

There’s very little payoff in stealing 20 servers (the amount stolen in the recent robbery) for the hardware value — this is most likely about stealing the DATA on the servers. Most people in the market for rackmount servers wouldn’t buy them off trucks, and so you’ve got a crime with serious time and very little payoff if they were stealing hardware. I wonder how much valuable data (including credit card numbers) was stored on those boxes?

Eckels took umbrage at reports that their facility had been robbed four times in the last two years:

One of the biggest mistakes is that people are talking about four robberies. A robbery means than property has been seized through violence or intimidation. C I Host has technically only been robbed twice in two years. The other two were break-ins where things were stolen, but not robberies.”

Umm. That doesn’t exactly make me feel better. Although the facility’s staff probably prefer the burglaries — their night manager was repeatedly tasered and “struck with a blunt instrument” during the most recent robbery.

Well, there’s a standard way of doing that in Linux/Unix, called setuid. You set the “setuid bit” to on, and the program will run as the owner of the program. So, since it’s owned by root, a regular user can run a particular program, and have that program run with the permissions that root has. Very handy.

But I couldn’t figure out why the program was not being installed setuid root. I could see in the postinst script that the command was valid. I could cut-and-paste the chmod line (that set the setuid bit) from the script to the command-line, run it, and it worked perfectly. And there weren’t any other commands in the postinst script that affected permissions (the setuid bit is a permission bit) for that file.

However, there WAS a chown command later in the script. (It started in a parent directory and recursed into the directory with the C program I was dealing with.) Eventually, I narrowed it down to that chown line, and once I saw chown was the cause, I guess it sort of made sense. I was able to reproduce the problem by chowning a file after setting the setuid bit.

I guess from a security standpoint, you could do a lot of stupid things by setting the setuid bit (making a program operate as the owner of the program) and then changing the owner. So, to prevent you from shooting yourself in the foot, changing ownership of a file unsets the setuid bit.

Still, this seems somewhat counter to the philosophy of Unix — first, to not do unexpected things, and second, to give users approximately an order of magnitude more rope than they’d need to hang themselves. I can’t think of many other commands that silently prevent you from doing something that MAY be stupid. Unix usually assumes that you know what you’re doing — even to the point that you can enter a command to delete every file on your hard drive, and Unix will happily delete all your files without asking for confirmation. The fact that chown has this behavior was NOT obvious to me.

(This is a highly technical rant, and I’m writing it late at night after coding for a while — if it doesn’t make any sense, it’s probably me, not you.)

(As it turns out, xkcd doesn’t mind when you use their content in a blog. See “Can we print xkcd in our magazine/newspaper/other publication?“)

Yep. I just removed myself from all the groups except for vboxusers. Brilliant! I absolutely hate when I do stupid shit like that. It’s not like this was hard to fix – I just didn’t remember of the top of my head what groups I was supposed to belong to. Of course since I was no longer part of the sudo and admin groups I could no longer sudo. Luckily enough, back in the day I decided to enable the root password. So I was able to su to become root, and then usermod myself to admin, and bunch of other groups I needed like audio, video, tty, lp and etc… I wonder what would happen if I did this on a default Ubuntu box without root account. I wonder if I would be able to recover from this that easily.

The short answer is “Yes, you would.” Single User Mode is your friend.

At bootup, hit ESC to get into the Grub menu, and select recovery mode. If you haven’t entered a root password, recovery mode will dump you to the console as root. If you HAVE defined a root password, recovery mode will dump to a login prompt, where you’ll have to enter the password.

You can remove all “.svn” directories starting below “~/svn/exampleproject” — change this to suit your system — with the following command:

find ~/svn/exampleproject -name “\.svn” -exec rm -rf {} \;

To make sure that the above command is going to do what you want it to do, you may want to first generate a list of what it will delete (I highly recommend it).

find ~/svn/exampleproject -name “\.svn” -exec echo “rm -rf {}” \;

Text editing is TextMate. I was trying to use vim, because it’s one editor I can use both on my OS X desktop and SSH’d across the network to linux boxes. I will continue to use vim remotely — though I may look at emacs as well. But for local editing, it’s TextMate for sure. Its functionality when dealing with large source code files and trees with many different files is impressive — I can see myself working significantly more efficiently with TextMate.

I’m used to working on the command-line with Subversion, but TextMate integrates with it, so I can commit changes by hotkey, etc.

And Python is rapidly becoming my system administration language of choice. All of this seems to fit together really well.

I have no experience with Media Temple. But Grid-Server seems like one of the brilliant ideas that are obvious once someone else invents them. Oh sure, other people have done redundant web hosting before. Thousands of little guys plus Google, Amazon, Yahoo, MySpace, etc. are dividing web-hosting duties between many computers such that if one goes, down, the others can keep the website running.

But no commercial webhosting company I’m aware of currently offers grid-based hosting. This leads to outages and slowness for clients. DreamHost has had a number of recent problems. To their credit, they are quite open and honest about what went wrong. But there’s also a constant parade of announcements of servers going down for 10 minutes here, 10 minutes there for RAM upgrades, hardware replacements, etc.

There is NO REASON I can think of why my website, even at DreamHost’s low prices, should be dependent on ONE database server, ONE web server, and ONE file server. Any one of them goes down; my website goes down.

Creating a grid of dozens of computers, each of which can shuffle around websites to balance load or handle failures is not an easy task. It would take me loads of research before I was even ready to begin that sort of project, and I’d have to hire a team of people to do it. It’s a big deal.

On the other hand, it’s been proven that this sort of thing is possible. It’s not like we need basic research or feasibility studies. You can hire people who know how to do this if you’re willing to pay for it.

It’s not like this should be a tough decision for DreamHost. One of the primary benefits of this technology is to eliminate problems with over- and under-selling. The host has a pool of resources that can be grown incrementally, as resource use grows, without worrying about the growth rates of individual sites.

Sites have fewer worries about going down, both from the Slashdot / Digg effect, and from hardware failure or misconfiguration at the hosting company.

So why isn’t DreamHost doing this? My hope is that they’re already working on it — but I wish they’d let us know.

UPDATE June 9, 2007: This site is now hosted at NearlyFreeSpeech.net. So far, I love them. (An unfortunate truism of web hosting is that all hosts are great until they start to suck.) I’ve eventually been disappointed with every host I’ve tried. I host both personal and business websites; so far, pair.com and nearlyfreespeech.net are the only hosts on my “not sucking yet” list.

E: Couldn't find these debs: 33024830

The error code itself is not Googleable, because it apparently changes for each install. (I got several different codes during the course of my troubleshooting.) Google got me here, where I learned that the –resolve-deps option was the secret. Appears to be working — at least, I’m much farther along in the process without failing.