Archive for the ‘Script Day’ Category

Script day: check the currently set Plasma desktop wallpaper

I like to have some kind of slideshow as a desktop background wallpaper, and there are various ways of doing that – using your local picture library or multiple variations of remote image sources (everyone love NASA’s Astronomy Picture of the Day), and you can find a lot of discussions online about how best to go about automating setting the desktop’s background wallpaper image – in KDE Plasma it is particularly not that easy as you have to contend with multiple “activities”, with each has multiple screens, with each has multiple “desktop containments” – fortunately Plasma no longer supports different wallpapers for different virtual desktops – otherwise it would really have been a massive mess.

But sometimes I don’t want to change the wallpaper – just to figure out which one I’m looking it (maybe I want to delete it?). There isn’t any discussion about that on the internet, so I wrote this script and here it is for posterity (and also in this Github Gist):

(more…)

Script day – different default browser per KDE activity

This is a bit of a weird script day – the script is pretty simple but the integration is interesting. I’m scratching my own itch here and also demonstrating how to:

  • Use dbus-monitor to listen to D-Bus events
  • Use SystemD user services to run a session service
  • Update KDE configuration safely from scripts

(more…)

Script Day: “secure” password generated one liner

Ever needed to create a “secure” password to register to a web site1 and you couldn’t be bothered to invent a secure password? Just paste this command line to your terminal:

ruby -e 'puts [*"a".."z",*"A".."Z",*"0".."9",
  "!@#$%^&*()_+[]/-=.,".split("")
  ].shuffle[0..(ARGV.shift.to_i)].join' 16

The last argument is the number of characters to put into the password.

  1. that probably annoyingly require “at least 1 upper case letter, 1 lower case letter, 1 number and 1 special character” []

Script Day: AWS CLI with multiple accounts with ease

Maybe you are a consultant and juggle multiple clients with Amazon Web Services deployments, maybe you just have accounts for all the start-ups you ever worked for, or maybe you just like to use 17 different AWS accounts for the free-tier usage, but eventually your ~/.aws/credentials file looks like an MS-Windows INI file.

At this point, running the AWS CLI is kind of annoying – you need to remember the correct --profile flag to set for each scenario, and bash will not complete these for you…

Bash aliases to the rescue!

(more…)

SSH-over-HTTPS for fame & profit

In the past, I’ve discussed using SSH to circumvent restricted networks with censoring transparent proxies, but that relied on the restricted network allowing free SSH access on port 22 (what we call in the industry – the single network requirement for getting work done).

Unfortunately, there are restricted networks that don’t even allow that – all you get is the transparent censoring HTTP proxy (which has recently became the case with the free Wi-Fi on the Israeil Railways trains).

But fortunately for us, there is still one protocol which they can’t block, they can’t proxy and they can’t man-in-the-middle  – or else they’d break the internet even for people who only read news, search google and watch YouTube – that is HTTPS.

In this article I’ll cover running SSH-over-HTTPS using ProxyTunnel and Apache. The main consideration is that the target web server is also running some other websites that we can’t interrupt. The main content is based on this article by Mark S. Kolich, but since it only covers using plain HTTP and in addition to some simple changes in the example configurations I also wanted to cover getting an SSL certificate, here’s my version of the tutorial:

(more…)

Script day: persistent memoize in bash

One type of task that I often find myself implementing as a bash script, is to periodically generate some data and display or operate on it – maybe through a cron job, watch or simply a loop. Sometimes part of the process is an expensive computation (could be network based, IO intensive or simply subject to throttling by another entity). The way to deal with issues like that in modern programming languages is a caching technique known as “memoization” (based on the word “memorandum”) in the results of an expensive call is retained in memory after the first time, and returned for future calls instead of running the expensive calculation. We also need to clear the cache every once in a while, but that’s another issue.

So, how to implement in bash?

(more…)

Script Day: Cloud-init for MS-Windows, The Poor Man’s Version

Cloud-init is a Linux technology that allows easy setup and automation of virtual machines. The concept is very simple – the VM infrastructure provides some way of setting some custom data for each virtual machine (many providers call this “user data”), and when the operating system starts the cloud-init service reads that configuration, loads a bunch of modules to handle various parts and let them configure the system. As a user it is very convenient – you write a setup scenario using the variety of tools offered by cloud-init, you can store the scenario in a source control to allow to develop the scenario further, then just launch a bunch of machines with the specified scenario and watch them configure themselves.

The situation is much worse on the MS-Windows side of the fence: want to have an MS-Windows server configured and ready to go? Start a virtual machine, connect to is using RDP and Next, Next, Finish until your fingers are sore. Need to deploy a new version? either retrofit an existing image (again, manually) and risk deployment side effects, or do the whole process again from scratch.

Here’s a script to try to help a bit with the problem – at least on Amazon Web Services: a poor man’s cloud-init-like for MS-Windows server automation.

(more…)

Script day – Amazon AWS Signature Version 4 With Bash

As anyone who works with the Amazon Web Services API knows, when you submit requests to an AWS service you need to sign the request with your secret key – in order to authenticate your account. The AWS signing process has changed through the years – an earlier version (I think version 1) I implemented in a previous blog post: upload files to Amazon S3 using Bash, with new APIs and newer versions of existing APIs opt in to use the newer signing process.

The current most up to date version of the signing process is known as Signature Version 4 Signing Process and is quite complex, but recently I had the need to use an AWS API that requires requests to be signed using the version 4 process in a bash script1, so it was time to dust off the old scripting skills and see if I can get this much much much more elaborate signing process to work in bash – and (maybe) surprisingly it is quite doable.

With no further ado, here is the code:

(more…)

  1. I’m trying to use SQS to send change notifications from a FreeBSD jail running on a FreeNAS server – a place were I’m uncomfortable installing the AWS CLI tool or the SDK. This also help explains all the FreeBSD compatibility written into the code []

Script Day: Upload Files to Amazon S3 Using Bash

Here is a very simple Bash script that uploads a file to Amazon’s S3. I’ve looked for a simple explanation on how to do that without perl scripts or C# code, and could find none. So after a bit of experimentation and some reverse engineering, here’s the simple sample code:

(more…)

Script Day: SSH to a host behind a NAT

I use SSH daily to work with different remote services, and its always a very straight-forward process… unless the remote server you want to work with is on LAN somewhere behind NAT1. When you need to access such an internal server, the only option is to SSH into the firewall2, and then SSH again to your server of choice.

But there’s a better way, and you don’t even have to fiddle with the firewall server!

(this is not actually a script, though minimal text editing is required)

The solution is actually quite simple: set up an alias in your .ssh/config file that you can use to call the remote server when you are outside the LAN (if you are inside the LAN its better to access it directly), and for that alias we will set up a ProxyCommand that will tell SSH to first access the firewall server and open a tunnel to the target LAN server.

It looks like this:

Host remote-alias
ProxyCommand ssh firewall-user@firewally-server nc lan-server 22

This set up works best if your access to the firewall-user account is without password or passphrase (using an SSH private key that is either without passphrase or already loaded in the agent), then the login is as streamlines as a direct access – but the worst is that you’d need to type in two passwords.

Enhanced by Zemanta
  1. router that does Network Address Translation so the servers address is not accessible from outside the LAN []
  2. or some other server that has legs both inside and outside the LAN – I’m using a DNATed server, what most off-the-shelf routers incorrectly call “DMZ []