Wednesday 29 August 2007

MacBook temperature monitor

To get temperature info from your MacBook's temperature (SMC) monitor on the command line go get InCrew's speedit kernel extension. From the Terminal go the downloaded directory and run their install program:
% sudo sh install.sh
It should say:
kextload: speedit.kext loaded successfully

To read out the temperatures from the loaded kernel extension use the systctl command:
$ sysctl kern.cpu_temp
kern.cpu_temp: 52


or to read all speedit monitored info try:
$ sysctl speedit
speedit.currentfreq: 1000
speedit.minfreq: 1000
speedit.maxfreq: 2000
speedit.temp_is_valid: 1
speedit.temp: 52

ssh key verification failed: how to check your fingerprints

So you ssh to a usual machine and get:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
3f:d6:e7:72:9a:ab:4e:e1:21:91:3a:88:6b:78:83:ce.
Please contact your system administrator.
Add correct host key in /Users/username/.ssh/known_hosts to get rid of this message.
Offending key in /Users/username/.ssh/known_hosts:73
RSA host key for localhost has changed and you have requested strict checking.
Host key verification failed.
It's worrying.... Has someone hacked my machine (again!?). Or am I being paranoid for the 13th time this week?
This error is due to a mismatch between the RSA key that you already have stored on your machine in the /Users/username/.ssh/known_hosts file, and the one that ssh has just obtained over the network on this login attempt. Note: newer versions of ssh now store hashes of hostnames (see: ssh-keygen -H) in the known_hosts file to maintain privacy. Either the ssh server key has been changed legitimately (by you or some admin) or it's been hacked. It's also possible that someone on has set up a machine on the same IP address as the server you're trying to contact then you'll find you can't login - in which case you (or some admin) needs to track down the rogue machine.
To check the key is correct login to the machine in question - preferably on the console, but if you're connecting via ssh then you'll have to ignore the warnings above. Then you can directly print your server's key's fingerprint. There are a few types of keys: RSA, DSA, ECDSA (for SSHv2), and RSA for SSHv1. If your on a 'standard' Linux box then it's probably at: /etc/ssh/ssh_host_rsa_key.pub (or for DSA /etc/ssh/ssh_host_dsa_key.pub). If you're on a Mac OSX it is in: /etc/ssh_host_rsa_key.pub (or /etc/ssh_host_key.pub or /etc/ssh_host_dsa_key.pub). e.g. So on a Mac OSX box try:
% ssh-keygen -l -f /etc/ssh_host_rsa_key.pub
2048
3f:d6:e7:72:9a:ab:4e:e1:21:91:3a:88:6b:78:83:ce. /etc/ssh_host_key.pub
The key fingerprint (of the corresponding key type - in this case RSA) should match the one shown above. If these don't match then something fishy is going on....
Also just for info you can list all the fingerprints of all your stored host keys
% ssh-keygen -l -f .ssh/known_hosts
Instead you can just compare the public keys stored on your client in ~/.ssh/known_hosts with the keys on the server in /etc/ssh/ssh_host_*.pub

It is also possible that if you've upgraded your version of ssh (or altered your ssh-agent setup), and your machine has previously stored an RSA key in your ~/.ssh/known_hosts file but it is now getting an ECDSA key from the server which obviously won't match but may still be a valid key for that machine. It seems that ssh could work out this problem for itself without any lack of security but currently can lead to such warnings.

[22jan16: Updated to simplify and include ECDSA keys]

Thursday 23 August 2007

Rotten Neighbor (neighbour)

I classic site where you can look up your dodgy neighbors - Yeah that's your American ones for now - I'm sure something like this will surface this side of the water.... What with all those triffic reality shows about your neighbour from hell.

Wednesday 22 August 2007

Google Sky (aka Google Universe, Google Space, Google Space, etc)

Google has announced their Google Sky extension to Google Earth - you just need to download their latest version of Google Earth. To see the sky above your current point on the earth click the Sky button or go to the 'View ' menu option. Have fun! Though I reckon Stellarium isn't bad for checking out what's up in the sky.

Getting ssh-agent going on Mac OSX

It seems irritating that OSX doesn't have an easy way to get ssh-agent running for a login session. However it can be done using launchd and a bit of scripting.

Before you start you'll need to have an /Users/username/.ssh directory (where username is your username) - or alter the scripts appropriately below. Create file /Users/username/Library/LaunchAgents/ssh-agent.plist containing:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.ssh.ssh-agent</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/Users/username/.ssh/ssh-agent.sh</string>
<key>RunAtLoad
</key>
<true/>
<key>ServiceDescription</key>
<string>Launch ssh-agent</string>
</dict></plist>

Then create a file /Users/username/.ssh/ssh-agent.sh containing:
#!/bin/sh
rm /Users/username/.ssh/ssh-agent.pipe
exec /usr/bin/ssh-agent -a /Users/username/.ssh/ssh-agent.pipe -d

Note: ssh-agent has to be started using -d option as launchd doesn't like processes to fork off into 'daemons'...probably why a few people don't like it.

Make the script executable:
$ chmod +x /Users/username/.ssh/ssh-agent.sh

Then ssh-agent will get started next time you login by launchd, or you can start it immediately by running:
$ launchctl start com.ssh.ssh-agent

Now you need to set the following environment variable (you can use RCEnvironment to set ~/.MacOSX/environment.plist) - probably easiest to add the following line to your /Users/username/.profile:
export SSH_AUTH_SOCK=/Users/username/.ssh/ssh-agent.pipe

You can then add your keys (assuming you've set 'em up using ssh-keygen or whatever) to the agent using:
$ ssh-add



Tuesday 21 August 2007

Private searching

You don't want all your searching habits tracked then try scroogle (was black box but they evaporated) search, or if you're using Firefox check these search extensions.

Can't compile code using g2c.h (libg2c) on gcc4

I ran into this in trying to compile nettimer. If you're seeing compile (when using gcc-4.1) errors like:
/usr/include/g2c.h:21: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘integer’
Then, as suggested here, just add the missing typedefs to your code (then it _should_ work in gcc4.1):

// Typedefs to keep g2c.h happy
typedef int __g77_integer;
typedef unsigned int __g77_uinteger;
typedef long int __g77_longint;
typedef unsigned long int __g77_ulongint;

#include <g2c.h>


The alternative is just to use gcc-3.4 which apparently 'just works'.

gcc version switching

So you need something to switch between gcc versions (e.g. 3.4 and 4.1). There's not a generally accepted gcc version switcher out there. It seems that gcc-config is Gentoo specific. On Ubuntu there appears to be a package ccontrol which allows one to switch gcc versions and also control use of distcc, ccache etc. There's one catch though - it seems to bomb when I try it. Oh well - just use export CC=/usr/bin/gcc-3.4 instead.

Post number one

Okey Dokey here we go......

Thursday 9 August 2007

What happened to my nvidia driver and where did it come from anyway?

Which package does nvidia.ko come from on debian Ubuntu (7.04) - as no package claims ownership when running dkpg -L . How to I regenerate/recreate nvidia.ko ?? I get errors in dmesg: nvidia.ko not found

It is generated by the lrm subsystem - linux-restricted-modules-2.* (Note: the module creation is controlled at bootup by /etc/default/linux-restricted-modules-common - make sure you haven't messed that filei - the modules created by /sbin/lrm-manager into a ramfs and mounted onto /lib/modules/2.6.XX-XX-generic/volatile) - why doesn't dpkg know??? (I guess since they're dynamic dpkg would need some more dynamic DB of such files...)

The nvidia.ko, nvidia_new.ko, nvidia_legacy.ko are loaded by the shell script /sbin/lrm-video (called from /etc/modprobe.d/lrm-video) based on [dot]trigger files in /lib/linux-restricted-modules/ e.g. .nvidia_new_installed

How to enable syntax highlighting in vim on Ubuntu

Uncomment (i.e. remove " at line start) containing:
"syntax on

Using your favourite editor as root e.g:
sudo vi /etc/vim/vimrc

Where are all these 'random' shares coming from in my Windows explorer under My Network Places ???

They are automatically culled from your network neighbourhood by the 'netcrawl' functionality of explorer - see: M$ KB, though the article isn't quite correct on reg path it is actually on WindowsXP: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares. Also intriguingly enough Explorer stashes all previously encountered machines at: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions