Privilege escalation permissions have to be general. Ansible does not always
use a specific command to do something but runs modules (code) from a
temporary file name which changes every time. If you have /sbin/service or
/bin/chmod as the allowed commands this will fail with ansible as those
paths won’t match with the temporary file that ansible creates to run the
I seem to learn more about the nuances of the Go language every other day. Sometime back, I had looked at how Go untyped constants work during maths operations with typed variables.
I just found another significant part of the spec that I had previously glossed over, this one is also about untyped constants - numeric constants in Go live in an unified space with arbitrary precision and a fungible numeric type.
The various implementations of field encoders provided in zap can sometimes feel inadequate. For
example, you might want the logging output to be similar to that in syslog or other common log
formats. You might want the timestamps in the log to ignore seconds, or the log level to be wrapped
within square brackets.
To have your own custom formatters for the metadata fields you need to write custom encoders.
Using the logger presets in zap can be a huge time saver, but if you really need to tweak the
logger, you need to explore ways to create custom loggers. zap provides an easy way to create
custom loggers using a configuration struct. You can either create the logger configuration using a
JSON object (possibly kept in a file next to your other app config files), or you can statically
configure it using the native zap.Config struct, which we will explore here.
I was intrigued when Uber announced zap, a logging library for Go with claims of really high
speed and memory efficiency. I had tried structured
logging earlier using logrus, but while I did not experience
it myself, I was worried by a lot of folks telling me about its performance issues at high log
volumes. So when zap claimed performance exceeding the log package from standard library, I had
to try it. Also, its flexible framework left the door open to a future plan of mine of sending logs
filebeat style to ELK.
The documentation for the library was pretty standard, but I
could not find a reasonable introduction to explore the various ways one can use the library. So I
decided to document some of my experiments with the library.
I collected my code examples in Github, and decided to
break it up into a series of posts.
I admit I had not paid much attention to Netlify earlier. It sort of seemed like yet another web performance related startup.
But on reading Fatih’s article on hosting Hugo on Netlify, it piqued my interest. A CDN/hosting service which puts your content in caches all around the world, and triggers Hugo (and bunch of other common scripts) on Github commits? And all this for free? Sounds too good to be true, and memories of Posterous floated in my mind.
But again, the best part of using static blogging software like Hugo, is that there is so less to lose from trying out a new hosting option - no databases to setup, no old content to migrate.
And so i decided to try it out as well. And it turned out to be blindingly simple! Netlify turned out to be awesome!
Here are all the stuff I needed to do to move my Hugo hosting from my shared hosting account at Dreamhost to Netlify.
Seems like Jetbrains has finally ditched that weird name for their Go IDE and changed it to a
more palatable, but not really very inventive version (come on, I think PyCharm is a pretty nice
name for a Python editor).
Gogland is now GoLand!
I have been using Hugo as a static website generator for a while. I love the speed, coming from
its Go origins. I love a static website generator for the peace-of-mind it gives me (No did I forget to update my XXX
blog software after that bug came out? ).
How to have shared state between different instance of a class without a singleton pattern.
The ‘Singleton’ DP is all about ensuring that just one instance of a certain
class is ever created. It has a catchy name and is thus enormously popular,
but it’s NOT a good idea – it displays different sorts of problems in
different object-models. What we should really WANT, typically, is to let as
many instances be created as necessary, BUT all with shared state. Who cares
about identity – it’s state (and behavior) we care about!
This might be a very esoteric topic for most people, but since I could not find information about this anywhere, I
decided to document this in a post.
Here is the problem. I use Jira at work, and today, I needed to close a
bunch of tickets based on a search result. Now, searching or doing batch operations is simple enough from the browser,
but a small detail made the exercise impossible via the web UI.
In a welcome move, the Indian patent office has temporarily stopped issuing software patents.
"In view of several representations received regarding interpretation and scope of section 3(k) of the Patents Act 1970 (as amended), the Guidelines for Examination of Computer Related Inventions... are kept in abeyance till discussions with stakeholders are completed and contentious issues are resolved," the Controller General of Patents said in a notification issued last week. Again, this is a temporary measure and given the intensive lobbying that happens behind doors, it could still be revised.
The Internet Engineering Task Force(IETF) has finally created a standard for when a page has been taken down due to legal reasons. The new status code, 451, indicates that a host has received a legal demand to deny access to a resource. Via TheNextWeb
Ok, I don’t particularly like calling a bug fantastic, in this case, it is
more of a fantastic troubleshooting of a bug. What I found interesting was the
layers that were unpeeled one by one to reach the probable region of the root
cause. (Yeah, the root cause is probably so esoteric and confined to a specific
combination of version, that it is unlikely to be looked at by anybody).
Apple has patented a piece of technology which would allow government and
police to block transmission of information, including video and photographs,
from any public gathering or venue they deem “sensitive”, and “protected from
In other words, these powers will have control over what can and cannot be
documented on wireless devices during any public event.
And while the company says the affected sites are to be mostly cinemas,
theaters, concert grounds and similar locations, Apple Inc. also says “covert
police or government operations may require complete ‘blackout’ conditions.”
Who said the field of security cannot have humour! An Android app to
control the commode in Japan (you know the
land of fully programmable toilets, I kid you not) has announced a
vulnerability because the bluetooth pairing code is hardcoded.
Curious about several peculiar Apple related 404 errors for images in my web
server logs, I decided to find what is going on, and became knowledgeable about
yet another nugget that I really didn’t want to know. (sigh)
photo by zebedee
Just now read a rather disturbing article from Sophos security. The article describes the interpretation of the law by NSA and some of the internal policies that they use in surveillance.
They also reveal that courts don’t always determine who’s targeted for surveillance because that discretion is practiced by the NSA’s own analysts, with only a percentage of decisions being reviewed by regular internal audits.
High Scalability had an interesting link today about a project that combines Raspberry
PI, btsync and owncloud to create essentially a personal Dropbox
replacement with none of the costs or the storage limitation. Also very importantly, keeping up with
the hot topic nowadays, the peace of mind from knowing that you are not making it easy for
intelligence agencies to go through your most important and personal data.
‘tabata-ramen’ by Danny
Another “hey there is a term for it” moment today!
Years ago when I was running a business of my own, my intention was never to be wildly successful. All I wanted to do was to make my ends meet, learn a lot of stuff, do a lot of work on stuff that really interested me, and work in a way that made sense. After giving this some time, and when I am somewhat self-sustaining, the next stage was to organically scale up with a set of productized services (as an Opensource focused company normally does) which will fund the next stage which was to come out with actual products which really rakes in the moolah.
In a sensational release yesterday, Guardian has revealed scary
details of how Microsoft has been collaborating with NSA to give access to its
customer data for PRISM purposes. The extent of privacy breach is shocking:
There is no doubt that Wordpress is a wonderful blogging system. But being a dynamically generated website, all the nightmares of scripting languages kick in. Patches come regularly to Wordpress and until you login and update, it keeps nagging you inside and ruins your happiness.
For a while I have been puzzled why Nautilus doesn’t allow me to simply unmount an USB pen drive from the context menu. The only options I could see for USB pen drives was - eject and safely remove drive, which was puzzling on its own as them meant the same to me.
Selecting “eject” or “safely remove” drive does the same thing for USB drives - it unmounts the drive and powers it down.
One of the first things that irked me after my Precise installation was how DNS suddenly seemed slow. I normally use dnscache for local DNS caching and while setting it up this time, I noticed that oddly, 127.0.0.1 was already setup as my name server. Netstat told me that this was handled by DNSMasq for some reason. No worries, I thought, and I setup dnscache on 127.0.0.2 instead. I added the IP to the prepend nameserver option in /etc/dhcp/dhclient.
The Pale Blue Dot
You might need to dust your laptop or desktop monitor to see this one clearly. You see a tiny dot in the photo above? In the middle of that light colored line? That is Earth, how it looks from the edge of the solar system. This famous photograph, that I discovered only today is called the Pale Blue Dot (actually it is the representation of earth in the photo that they are talking about here, but you get my drift).
I kept reading and reading Mark Shuttleworth’s post of how Ubuntu plans to replace menus with something called HUD display. And all I could do is take deep sighs.
To summarise, in the new “advanced” Ubuntu releases, instead of clicking the traditional menus, you have to type in a few words in a special screen every time, and select from a drop-down which pops down.
12.04 HUD concept (From Mark’s post)
Unbelievable how such a major issue got missed and is, according to the bug status, still not fixed.
Thankfully, there is a workaround which worked for me. Just putting it out there so that people can find about this more easily than I did (fume).
(Photo by Beate Firlinger)
How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did
As Pole’s computers crawled through the data, he was able to identify about 25 products that, when analyzed together, allowed him to assign each shopper a “pregnancy prediction” score. More important, he could also estimate her due date to within a small window, so Target could send coupons timed to very specific stages of her pregnancy.
Very interesting point made out by this blog post by Patrick Rhone, about how Microsoft’s core business faces an existential threat:
MS office on Flickr
Microsoft for many years had convinced the world that, in order to get “real work” done, you needed Office.
Then, she explained, the iPhone came. There was no Office. People got things done. Then the iPad came. There was no Office.
Flickr has published two amazing high-def photos of earth from one of NASA’s earth observing satellite - Suomi NPP. The photos are created by joining several high def photos and joining them together, as explained here.
Most Amazing High Definition Image of Earth - Blue Marble 2012
Eastern Hemisphere - Blue Marble 2012
The original photo on the left of the western hemisphere is available on Flickr with a resolution of 8000x8000 or 64 megapixels!
Finally a victory!.
A French laptop buyer has won a refund from Lenovo after a four-year legal battle over the cost of a Windows license he didn’t want. The judgment could open the way for PC buyers elsewhere in Europe to obtain refunds for bundled software they don’t want, French campaign group No More Racketware said Monday.
The first sane judgement against the fraud on consumers which has been happening for almost two decades - bundling the Windows OS with all new consumer laptops and desktops.
Thanks to a tip from a colleague - Anshu, I found out further confirmation that the Secureboot issue, that I blogged about earlier, is going to bite us badly just as we expected.
According to this post of the Software Freedom Law Center, Microsoft has recently revised it’s Windows 8 Hardware Certification requirements to lock out all alternative OSes from the ARM-based mobile devices that it ships on.
The Certification Requirements define (on page 116) a “custom” secure boot mode, in which a physically present user can add signatures for alternative operating systems to the system’s signature database, allowing the system to boot those operating systems.
Don’t try this in India yet, but in US, a district court is about to judge on whether you have to hand over encryption keys to the law if asked. Or can you decline because that is akin to self-incrimination? Given that the general pattern in our country of late is that you are guilty till proven innocent, trying this at “home” is probably only going to get yourself convicted,
.. the easing of reinstalling it. I am not joking. Here is the official blog post about this: Refresh and reset your PC
As Business Insider says it well:
Think about any other product that is so unreliable and degrades in performance with such predictable regularity that the next version will have a feature that makes it easy to WIPE IT CLEAN and start over. Is that a product you’d be super-excited to buy?
For those who aren’t aware of this, FSF (Free Software Foundation) has been running a campaign for the last few months about Microsoft’s malicious Secureboot initiative (which FSF calls restricted boot). Given the mostly Microsoft friendly corporate IT environments out there, I think this is one topic on which most employees should be very aware.
A nice summary of the issue can be read up at: http://www.theregister.co.uk/2011/10/18/fsf_windows_8_campaign/
Apparently, Microsoft is practically arm-twisting OEM manufacturers to implement Secureboot to be able to install Windows 8 on their systems - it is a Windows 8 requirement.
There was a time when I used to blog frequently. After the age of twitter, it reduced. But rather than keeping on writing, I focused on an issue which was a lower priority - splitting up blogs so that the topics do not collide. That was in 2008, today it is 2012. I have posted only about two dozen entries in over 3 years.
Do you know how many blogs I have ended up maintaining?
I have been noticing that writing a commit message in git just like I have been doing in svn or CVS gives me a rather colorful output (see the credited link below for a screen grab).
Searching on the web led me to this post about someone else who found it odd and actually posted about it.
Turns out that the vim syntax file is trying to point out git commit messages best practices.
Spending all my time at work with Redhat’s suite of products and at the same time sticking to having my primary working OS to be Ubuntu was causing too much dissonance. So I finally decided to move to Fedora as my primary OS after 6 years of Ubuntu. My guess was that as a desktop user, beyond packaging issues, the transition is going to be minimal. But as with any new release, there are always some niggling issues, and I am going to document them here in one place as I continue to find them.
The only annoying this I find in the otherwise indispensable GNU Screen is the fact that once you have launched screen (not resume) and have detached and logged off the first time, ssh-agent magic stops working in the screen sessions.
Obviously this is because the next time you login, your ssh agent socket changes but the screen sessions still only have the location of the ssh-agent socket when you launched screen for the first time.
We Indians have been cribbing about ISP data caps for broadband called very insultingly as Fair Usage Policy (FUP), but I have heard few making a very good case about why this is a bad idea for the market. And how the ISP’s justifications of minority data hoggers is a case of 💩.
But I just heard about a very good case being made against such data caps in the US broadband market.
Here is a quick tip which I have gleaned from multiple sources which makes using procmail filters a breeze. I subscribe to dozens of mailing lists, and it really is somewhat of a chore to create filters for every mailing list I signup for so that mails for that list goes to a separate folder.
However, it is possible to setup procmailrc in such a way that you really don’t need to update procmailrc for every new mailing list that you signup for.
The European Commission has put into effect a June 2009 agreement stating that major cellphone manufacturers should standardize their charging/data connection ports to the popular microUSB format.
Finally. It took over a decade (in Indian market) to get to this point. I wonder why it took so long. But I am so glad that already my Android phone, Kindle and bluetooth headset all use the same charger.
Theodore Ts’o reports that …
Starting with Gingerbread, newer Android phones (starting with the Nexus S) will be using the ext4 file system.
Android Arena mentions one of the main advantages:
YAFFS is single-threaded, which would have been a bottleneck when trying to record those full HD video clips, and save them to the flash memory, whereas Ext4 doesn’t have this limitation. Thus the new file system is more suited for usage with the multicore ARM-based chipsets that will be creeping into handsets and tablets next year.
Amazing work by all the people involved!
Venkatesh Hariharan reported on the Linux Delhi mailing list today:
The open standards policy has been finalized and it incorporates many of the suggestions made by the FOSS community in India. In the previous draft dated 25/11/2009, our major objection was to section 4.1.2 of the policy which said.
4.1.2 The essential patent claims necessary to implement the Identified Standard should preferably be available on a Royalty-Free (no payment and no restrictions) basis for the life time of the standard.
I am trying out this post aggregator called Posterous. It allows you to use email for posting to many other sites where you post content, like Flickr, Facebook, Twitter, etc. It has a neat idea of specific email addresses like firstname.lastname@example.org for posting to facebook and likewise for others. You can even combine destinations, like email@example.com. For links to images, it inserts the image for you (I think), for videos, it embeds the video player in your posts(they say).
Ok. This is fairly trivial stuff for many of you, but what I found interesting is that the SystemBus lets you shutdown/restart/suspend/hibernate as an ordinary user. Of course, if you think of a desktop, that is a pretty basic expectation of what an ordinary end-user should be able to do.
But when I think about a server, the thought that people can bypass a sudo while doing a shutdown makes me uneasy.
Every time I come back to Python from the land of Perl here at work, I need to re-learn how to use regular expressions in Python, as it is, IMHO, quite a bit different from Perl.
Rather than trawling through the docs again, I made some online notes this time.
Hope it is useful to somebody.
This is something that has bothered me always for the past several years, especially in the period when I was working on my own. Paul Graham has managed to put this so eloquently into words:
… There are two types of schedule, which I’ll call the manager’s schedule and the maker’s schedule.
The manager’s schedule is for bosses. Its embodied in the traditional appointment book, with each day cut into one hour intervals.
The latest Ubuntu releases makes it real easy to set up a local DNS cache for your workstation using dnscache from the well-known djbdns software by D. J. Bernstein.
For those who have historically installed djbdns/ucspi-tcp/daemontools from source because of distribution restrictions, things changed really for the better after DJB placed all these software in the public domain in 2007. You can now setup all this in about one minute! (depending on your Internet connection though.
11 years back, I was just yet another guy out of college with a background of Turbo C/C++ and Pascal as most other batchmates of mine. My software career could have gone anywhere. PC Quest Linux was just a toy with which I was playing with but wasn’t too much attached to yet.
A stroke of good luck helped me get an opportunity to work with one of my close school friends - Inder, who introduced me to PHP 3.
This time when we went to Pondicherry on the year end, we took two cameras - I took my Rebel XTi and my wife the LX3. While uploading our photos to Flickr, we had a problem. We wanted to merge our photo sets, but because of the different photo naming conventions of the two cameras, the photos won’t be sorted according to time taken. The solution, as I found out after a bit of digging and trying out different exif tools, was simple enough.
A quick tip. I couldn’t find this from a quick search when I really needed it.
The problem - command line programs like fetchmail use the system wide openssl CA certificates to verify the authenticity of the server certificates they are provided when they connect to an SSL server like POP3 or IMAP.
Sometimes, you will have providers like Dreamhost, who will get smart and ditch the atrocious certificate issuing set up we have right now, and give you a self-signed certificate to verify their servers.
I normally use jUploader for uploading photos to Flickr from my Ubuntu Jaunty box. However, since I got the amazing Panasonic DMC-LX3 compact camera, I have been uploading HD videos too to Flickr. Now none of the FOSS tools that I know of support video right now. Since I insist on uploading photos in the order that I have taken them, it makes my photo upload workflow really messy - upload a few photos from jUploader, go to flickr.
Akamai footprint awesomeness.
My IP address.
sandipb@pluto:~$ wget -O - -q http://www.whatismyip.com/automation/n09230945.asp;echo 188.8.131.52 sandipb@pluto:~$ host 184.108.40.206 220.127.116.11.in-addr.arpa domain name pointer ABTS-KK-Dynamic-079.0.167.122.airtelbroadband.in. Akamai CDN for downloading Adobe AIR.
sandipb@pluto:~$ host airdownload.adobe.com airdownload.adobe.com is an alias for airdownload.wip3.adobe.com. airdownload.wip3.adobe.com is an alias for airdownload.adobe.com.edgesuite.net. airdownload.adobe.com.edgesuite.net is an alias for a1396.g.akamai.net. a1396.g.akamai.net has address 18.104.22.168 a1396.g.akamai.net has address 22.214.171.124 sandipb@pluto:~$ host 126.96.36.199 10.62.101.203.in-addr.arpa domain name pointer dsl-KK-static-010.62.101.203.airtelbroadband.in. I am downloading from a server co-located at my ISP.
Texinfo manuals are used primarily by various GNU projects like Glibc, gcc, gdb, etc. Texinfo is an extremely powerful format for writing high quality professional documentation and can be easily converted to HTML, PDF, Docbook XML and various other formats. The language features tex macros which are quite easy to pick up, and much easier to hand write as compared to the new fangled XML formats.
However, my pet grouse for a long time was that the PDFs, which look excellent on screen don’t seem to print too well on paper.
Many service providers have started encrypting the statements that they send you. While at some level, it does add some amount of security when the path to your inbox is not very secure. However, it is sometimes a major pain when you want to archive your emails. This is because every provider has decided on a different secret to encrypt your PDF. So if one day you wish to access a statement of your phone bill from three months back, you have to look up the bill from your archive and read the mail to find out what they used to encrypt it.
(If you want to skip all this background, and go directly to the steps to make card payments through ICICI Infinity, click here])
With Indian banks making life worse for customers using their credit cards, especially while paying their dues, I am exploring the mechanisms available to make payments for credit cards electronically. After all, if I can currently make payments for virtually any of my bills from the Internet, why do I have to run around looking for a place to deposit the credit card cheque?
I was recently introduced to the world of binaural recordings, and was blown away with the dramatic experience.
What is special about binaural sound is that you are totally immersed into the sound. No, the sound isn’t around you like in 5.1 channel surround sound. Rather, the sound is almost within your head, as if your ears were there, and the sound is moving all around you … so realistic that every one I introduced to this magic, spent the first few minutes in disbelief.
I finally figured out why I kept seeing a mysterious “J” frequently in mails. I use Thunderbird, and it never struck me that what was common between all these mails is that they are all from Outlook users. It seems that in all its wisdom, Outlook converts any smileys (like : - ) ) in the plain text mails to the letter “J” in Wingdings, which stands for the smiley in that font.
A recent study found out that 1/5th of all research papers are being abandoned because of conflicts with patent holders. One of the slashdot readers asked why. There was this remarkable answer, which was different than other normal economics drenched answers.
We have them because the average American wants to believe in a world where he/she can one day strike it rich by inventing some widely used product.
The problem is, the patent system doesn’t really work that way, no matter how much patent supporters pretend it protects powerless inventors.
Here is a great article on Linux Journal about the new Opendocument file format. For those who dont know much about this, think about the word .doc files that you have might have been using all this time. Opendocument is an alternate file format similar to .doc, for storing your word processing documents.
Opendocument file format is supported natively by a number of Office applications like OpenOffice2, StarOffice, KOffice, Abiword, eZ publish, IBM Workplace, Knomos case management, Scribus DTP, TextMaker and Visioo Writer.
I have been busy in the last few days migrating my mind from web based apps to native apps. Currently, I am reading about wxpython as a possible answer.
Here is an interesting post on the wxpython mailing list on how to use python + wxPython + Twisted + zope + XSLT.
Also some discussion on the problems on using wxpython and twisted together because of threading conflicts.
A Serious XML-RPC bug has been discovered in PHP XML-RPC applications. Upgrade your PEAR library. Wordpress has come out with a new version fixing the problem. Unfortunately, they still don’t provide an easy way to upgrade. Here is the patch file to upgrade your Wordpress installation
How to upgrade Wordpress in one step
Download the patch file somewhere in your server. Change your current directory to your wordpress installation. Verify that your installation will get patched cleanly: patch -p1 --dry-run < /path/to/patchfile If no error reported in last step, finally patch the file: patch -p1 < /path/to/patchfile Yeah, I know.
The Canon A95
Canon India is selling Powershot A95 at an MRP of Rs. 25,995/-.
Amazon’s listing of A95 mentions a list price of $349.95 (or Rs. 15,121 at today’s exchange rates). Amazon actually sells it for $269.94 (or Rs. 11,664 today).
The question is why does Canon India sell its regular products at a 70% higher price in India? How much duty do these products attract anyway?
Reuters is reporting that Sony recently got a pie-in-the-sky patent on using ultrasonic waves to beam sensory perceptions, like sights, sounds, and smells, directly into the brain. So in a sense, Sony’s patent is an improvement on The Matrix and the traditional cyperpunk notions of a sensory-enabled network that inspired it, because Sony’s method is non-invasive and doesn’t require you to “jack in.” I suppose you could say it’s “wireless,” to use a current buzz word.
March 07, 2005. Geneva. - Last week, the World Intellectual Property Organization (WIPO) announced that it will shut out most public interest organizations at two important meetings devoted to intellectual property and development. As a result, WIPO delegates from 182 nations will discuss these issues without hearing from many of the world’s best-qualified experts.
Scheduled for next month, two WIPO “Development Agenda” meetings will focus on the impact of copyright, patent, and other intellectual property rights regimes on the developing world.
I might be one of the last people to know about this, but here goes anyway.
I was (yet again) at the MySQL website looking for the place to download the latest documentation, when I noticed this curious download link called Thoutreader format. Intrigued, I clicked on the link and it took me to the MySQL documentation download link at http://www.osoft.com .
Turns out that the OSoft ThoutReader is an opensource (GPL) Java based cross-platform ebook reader (Sourceforge project).
Novell “open sources” its Netmail product to start off Hula Server - a new calendar and mail server available under both LGPL and MPL.
Interestingly, the licence is the more permissive LGPL and not GPL. Perhaps, this is so that the result of the community work can be integrated into proprietary solutions like Novell’s own enterprise offerings.
The screenshots look real pretty. I dont see any mention of Evolution in any of the initial pages.
I have normally had a bad experience with multimedia related software till today. An expensive IBM PC camera has not been working for quite a while, so I had banished it to my family’s Windows XP machine. But I needed one to play with for my own FC3 linux box.
My hardware dealer at first insisted that I try out a damn cheap Chinese cam costing Rs. 950. The package was as cheap as it could be made, but the demo that he showed me was impressive.
Over the years I have tried various software to manage the content on my personal home page. From hand edited HTML, to a bunch of my own PHP scripts, to some *nuke software, and finally to Drupal.
So why did I finally shift over to WordPress?
The answer is simple - if all you would really be doing on your site is blog … get a blogging software.
The blog module of Drupal is good, but: