Stevey is currently certified at Master level.

Name: Steve Kemp
Member since: N/A
Last Login: 2013-01-05 09:46:29

FOAF RDF Share This

Homepage: http://www.steve.org.uk/

Notes:

For the curious I live in Edinburgh, Scotland.

I'm a big believer in the benefits of the open source
software. I've written, or contributed, to a large
number of Open Source projects including GNU Emacs,
GNUTella, GoGo, GNUMP3d, MP3Blaster.

Nowadays I guess the most visible thing I do in my spare
time is run a site I created for Debian GNU/Linux system administration:

* http://www.debian-administration.org/

Projects

Articles Posted by Stevey

Recent blog entries by Stevey

Syndication: RSS 2.0

An alternative to devilspie/devilspie2

Recently I was updating my dotfiles, because I wanted to ensure that media-players were "always on top", when launched, as this suits the way I work.

For many years I've used devilspie to script the placement of new windows, and once I googled a recipe I managed to achieve my aim.

However during the course of my googling I discovered that devilspie is unmaintained, and has been replaced by something using Lua - something I like.

I'm surprised I hadn't realized that the project was dead, although I've always hated the configuration syntax it is something that I've used on a constant basis since I found it.

Unfortunately the replacement, despite using Lua, and despite being functional just didn't seem to gell with me. So I figured "How hard could it be?".

In the past I've written softare which iterated over all (visible) windows, and obviously I'm no stranger to writing Lua bindings.

However I did run into a snag. My initial implementation did two things:

  • Find all windows.
  • For each window invoke a lua script-file.

This worked. This worked well. This worked too well.

The problem I ran into was that if I wrote something like "Move window 'emacs' to desktop 2" that action would be applied, over and over again. So if I launched emacs, and then manually moved the window to desktop3 it would jump back!

In short I needed to add a "stop()" function, which would cause further actions against a given window to cease. (By keeping a linked list of windows-to-ignore, and avoiding processing them.)

The code did work, but it felt wrong to have an ever-growing linked-list of processed windows. So I figured I'd look at the alternative - the original devilspie used libwnck to operate. That library allows you to nominate a callback to be executed every time a new window is created.

If you apply your magic only on a window-create event - well you don't need to bother caching prior-windows.

So in conclusion :

I think my code is better than devilspie2 because it is smaller, simpler, and does things more neatly - for example instead of a function to get geometry and another to set it, I use one. (e.g. "xy()" returns the position of a window, but xy(3,3) sets it.).

kpie also allows you to run as a one-off job, and using the simple primitives I wrote a file to dump your windows, and their size/placement, which looks like this:

shelob ~/git/kpie $ ./kpie --single ./samples/dump.lua
-- Screen width : 1920
-- Screen height: 1080
..
if ( ( window_title() == "Buddy List" ) and
     ( window_class() == "Pidgin" ) and
     ( window_application() == "Pidgin" ) ) then
     xy(1536,24 )
     size(384,1032 )
     workspace(2)
end
if ( ( window_title() == "feeds" ) and
     ( window_class() == "Pidgin" ) and
     ( window_application() == "Pidgin" ) ) then
     xy(1,24 )
     size(1536,1032 )
     workspace(2)
end
..

As you can see that has dumped all my windows, along with their current state. This allows a simple starting-point - Configure your windows the way you want them, then dump them to a script file. Re-run that script file and your windows will be set back the way they were! (Obviously there might be tweaks required.)

I used that starting-point to define a simple recipe for configuring pidgin, which is more flexible than what I ever had with pidgin, and suits my tastes.

Bug-reports welcome.

Syndicated 2014-07-21 14:30:14 from Steve Kemp's Blog

Did you know xine will download and execute scripts?

Today I was poking around the source of Xine, the well-known media player. During the course of this poking I spotted that Xine has skin support - something I've been blissfully ignorant of for many years.

How do these skins work? You bring up the skin-browser, by default this is achieved by pressing "Ctrl-d". The browser will show you previews of the skins available, and allow you to install them.

How does Xine know what skins are available? It downloads the contents of:

NOTE: This is an insecure URL.

The downloaded file is a simple XML thing, containing references to both preview-images and download locations.

For example the theme "Sunset" has the following details:

  • Download link: http://xine.sourceforge.net/skins/Sunset.tar.gz
  • Preview link: http://xine.sourceforge.net/skins/Sunset.png

if you choose to install the skin the Sunset.tar.gz file is downloaded, via HTTP, extracted, and the shell-script doinst.sh is executed, if present.

So if you control DNS on your LAN you can execute arbitrary commands if you persuade a victim to download your "corporate xine theme".

Probably a low-risk attack, but still a surprise.

Syndicated 2014-07-19 20:48:25 from Steve Kemp's Blog

So what can I do for Debian?

So I recently announced my intention to rejoin the Debian project, having been a member between 2002 & 2011 (inclusive).

In the past I resigned mostly due to lack of time, and what has changed is that these days I have more free time - primarily because my wife works in accident & emergency and has "funny shifts". This means we spend many days and evenings together, then she might work 8pm-8am for three nights in a row, which then becomes Steve-time, and can involve lots of time browsing reddit, coding obsessively, and watching bad TV (currently watching "Lost Girl". Shades of Buffy/Blood Ties/similar. Not bad, but not great.)

My NM-progress can be tracked here, and once accepted I have a plan for my activities:

  • I will minimally audit every single package running upon any of my personal systems.
  • I will audit as many of the ITP-packages I can manage.
  • I may, or may not, actually package software.

I believe this will be useful, even though there will be limits - I've no patience for PHP and will just ignore it, along with its ecosystem, for example.

As progress today I reported #754899 / CVE-2014-4978 against Rawstudio, and discussed some issues with ITP: tiptop (the program seems semi-expected to be installed setuid(0), but if it is then it will allow arbitrary files to be truncated/overwritten via "tiptop -W /path/to/file"

(ObRandom still waiting for a CVE identifier for #749846/TS-2867..)

And now sleep.

Syndicated 2014-07-16 20:49:02 from Steve Kemp's Blog

A brief twitter experiment

So I've recently posted a few links on Twitter, and I see followers clicking them. But also I see random hits.

Tonight I posted a link to http://transient.email/, a domain I use for "anonymous" emailing, specifically to see which bots hit the URL.

Within two minutes I had 15 visitors the first few of which were:

IP User-Agent Request
199.16.156.124 Twitterbot/1.0; GET /robots.txt
199.16.156.126 Twitterbot/1.0; GET /robots.txt
54.246.137.243 python-requests/1.2.3 CPython/2.7.2+ Linux/3.0.0-16-virtual HEAD /
74.112.131.243 Mozilla/5.0 (); GET /
50.18.102.132 Google-HTTP-Java-Client/1.17.0-rc (gzip) HEAD /
50.18.102.132 Google-HTTP-Java-Client/1.17.0-rc (gzip) HEAD /
199.16.156.125 Twitterbot/1.0; GET /robots.txt
185.20.4.143 Mozilla/5.0 (compatible; TweetmemeBot/3.0; +http://tweetmeme.com/) GET /
23.227.176.34 MetaURI API/2.0 +metauri.com GET /
74.6.254.127 Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp); GET /robots.txt

So what jumps out? The twitterbot makes several requests for /robots.txt, but never actually fetches the page itself which is interesting because there is indeed a prohibition in the supplied /robots.txt file.

A surprise was that both Google and Yahoo seem to follow Twitter links in almost real-time. Though the Yahoo site parsed and honoured /robots.txt the Google spider seemed to only make HEAD requests - and never actually look for the content or the robots file.

In addition to this a bunch of hosts from the Amazon EC2 space made requests, which was perhaps not a surprise. Some automated processing, and classification, no doubt.

Anyway beer. It's been a rough weekend.

Syndicated 2014-07-13 19:08:04 from Steve Kemp's Blog

A partial perl-implementation of Redis

So recently I got into trouble running Redis on a host, because the data no-longer fits into RAM.

As an interim measure I fixed this by bumping the RAM allocated to the guest, but a real solution was needed. I figure there are three real alternatives:

  • Migrate to Postgres, MySQL, or similar.
  • Use an alternative Redis implementation.
  • Do something creative.

Looking around I found a couple of Redis-alternatives, but I was curious to see how hard it would be to hack something useful myself, as a creative solution.

This evening I spotted Protocol::Redis, which is a perl module for decoding/encoding data to/from a Redis server.

Thinking "Ahah" I wired this module up to AnyEvent::Socket. The end result was predis - A perl-implementation of Redis.

It's a limited implementation which stores data in an SQLite database, and currently has support for:

  • get/set
  • incr/decr
  • del/ping/info

It isn't hugely fast, but it is fast enough, and it should be possible to use alternative backends in the future.

I suspect I'll not add sets/hashes, but it could be done if somebody was keen.

Syndicated 2014-07-11 20:36:53 from Steve Kemp's Blog

712 older entries...

 

Stevey certified others as follows:

  • Stevey certified skx as Master
  • Stevey certified zx80user as Journeyer
  • Stevey certified faw as Apprentice
  • Stevey certified Liedra as Journeyer
  • Stevey certified ladypine as Journeyer
  • Stevey certified Sarah as Apprentice
  • Stevey certified Ward as Master
  • Stevey certified chipx86 as Journeyer
  • Stevey certified johnnyb as Journeyer
  • Stevey certified perlpimp as Journeyer
  • Stevey certified CaptainNemo as Journeyer
  • Stevey certified mobius as Apprentice
  • Stevey certified tjansen as Journeyer
  • Stevey certified auspex as Apprentice
  • Stevey certified laymusic as Journeyer
  • Stevey certified apeiro as Journeyer
  • Stevey certified dneighbors as Master
  • Stevey certified alejandro as Journeyer
  • Stevey certified scandal as Master
  • Stevey certified moray as Journeyer
  • Stevey certified sacha as Apprentice
  • Stevey certified Malkin as Journeyer
  • Stevey certified dria as Journeyer
  • Stevey certified Jordi as Journeyer
  • Stevey certified Mysidia as Journeyer
  • Stevey certified dirtyrat as Journeyer
  • Stevey certified bdelacretaz as Apprentice
  • Stevey certified braden as Journeyer
  • Stevey certified pencechp as Apprentice
  • Stevey certified brouhaha as Journeyer
  • Stevey certified fejj as Journeyer
  • Stevey certified hanna as Apprentice
  • Stevey certified aero6dof as Apprentice
  • Stevey certified gman as Journeyer
  • Stevey certified dlecorfec as Apprentice
  • Stevey certified jpr as Journeyer
  • Stevey certified Pizza as Journeyer
  • Stevey certified kroah as Master
  • Stevey certified wingo as Journeyer
  • Stevey certified jwz as Master
  • Stevey certified ploppy as Master
  • Stevey certified nosinut as Journeyer
  • Stevey certified Radagast as Journeyer
  • Stevey certified Jody as Master
  • Stevey certified ariya as Apprentice
  • Stevey certified nausicaa as Journeyer
  • Stevey certified dan as Master
  • Stevey certified kappa as Apprentice
  • Stevey certified slamb as Apprentice
  • Stevey certified stevebaker as Journeyer
  • Stevey certified gregor as Journeyer
  • Stevey certified maelstorm as Apprentice
  • Stevey certified palm as Apprentice
  • Stevey certified Artimage as Journeyer
  • Stevey certified bluets as Apprentice
  • Stevey certified jds as Journeyer
  • Stevey certified steve as Apprentice
  • Stevey certified elanthis as Apprentice
  • Stevey certified afayolle as Journeyer
  • Stevey certified bonzini as Journeyer
  • Stevey certified jml as Apprentice
  • Stevey certified ciphergoth as Journeyer
  • Stevey certified Fefe as Master
  • Stevey certified Denny as Journeyer
  • Stevey certified sethcohn as Journeyer
  • Stevey certified bjf as Apprentice
  • Stevey certified sdodji as Journeyer
  • Stevey certified raph as Master
  • Stevey certified jarod as Apprentice
  • Stevey certified StevenRainwater as Journeyer
  • Stevey certified Surfr as Apprentice
  • Stevey certified rlevin as Journeyer
  • Stevey certified ike as Apprentice
  • Stevey certified ebf as Journeyer
  • Stevey certified chakie as Journeyer
  • Stevey certified gstein as Master
  • Stevey certified dtype as Apprentice
  • Stevey certified pompeiisneaks as Journeyer
  • Stevey certified acme as Master
  • Stevey certified lsdrocha as Apprentice
  • Stevey certified mjg59 as Journeyer
  • Stevey certified squrl as Journeyer
  • Stevey certified physos as Apprentice
  • Stevey certified rasmus as Master
  • Stevey certified jelle as Journeyer
  • Stevey certified chrisime as Journeyer
  • Stevey certified julian as Master
  • Stevey certified eliot as Journeyer
  • Stevey certified sh as Journeyer
  • Stevey certified mascot as Apprentice
  • Stevey certified SyntaxPolice as Journeyer
  • Stevey certified bytesplit as Apprentice
  • Stevey certified nymia as Journeyer
  • Stevey certified thomasvs as Master
  • Stevey certified Bram as Journeyer
  • Stevey certified pfremy as Apprentice
  • Stevey certified todd as Master
  • Stevey certified bma as Journeyer
  • Stevey certified coolvibe as Journeyer
  • Stevey certified deekayen as Journeyer
  • Stevey certified fxn as Journeyer
  • Stevey certified bgeiger as Apprentice
  • Stevey certified angelsun as Journeyer
  • Stevey certified andrelop as Apprentice
  • Stevey certified jono as Master
  • Stevey certified groom as Apprentice
  • Stevey certified axboe as Master
  • Stevey certified jennv as Journeyer
  • Stevey certified tseaver as Journeyer
  • Stevey certified duncanm as Apprentice
  • Stevey certified jc as Apprentice

Others have certified Stevey as follows:

  • fxn certified Stevey as Journeyer
  • wingo certified Stevey as Master
  • faw certified Stevey as Master
  • Liedra certified Stevey as Journeyer
  • ladypine certified Stevey as Journeyer
  • CaptainNemo certified Stevey as Journeyer
  • apeiro certified Stevey as Journeyer
  • dneighbors certified Stevey as Journeyer
  • Jordi certified Stevey as Journeyer
  • Mysidia certified Stevey as Master
  • braden certified Stevey as Journeyer
  • Chicago certified Stevey as Master
  • pencechp certified Stevey as Master
  • brouhaha certified Stevey as Master
  • wardv certified Stevey as Journeyer
  • Pizza certified Stevey as Master
  • jrf certified Stevey as Journeyer
  • ariya certified Stevey as Master
  • maelstorm certified Stevey as Journeyer
  • palm certified Stevey as Journeyer
  • alfie certified Stevey as Master
  • donscarletti certified Stevey as Master
  • afayolle certified Stevey as Journeyer
  • bonzini certified Stevey as Journeyer
  • ciphergoth certified Stevey as Journeyer
  • domi certified Stevey as Master
  • sdodji certified Stevey as Master
  • jarashi certified Stevey as Master
  • jarod certified Stevey as Master
  • ebf certified Stevey as Journeyer
  • lsdrocha certified Stevey as Master
  • alexm certified Stevey as Journeyer
  • richdawe certified Stevey as Journeyer
  • sh certified Stevey as Journeyer
  • mascot certified Stevey as Master
  • realblades certified Stevey as Apprentice
  • lerdsuwa certified Stevey as Master
  • bytesplit certified Stevey as Apprentice
  • thom certified Stevey as Master
  • coolvibe certified Stevey as Master
  • speeder certified Stevey as Master
  • broonie certified Stevey as Journeyer
  • angelsun certified Stevey as Journeyer
  • MAK certified Stevey as Master

[ Certification disabled because you're not logged in. ]

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

X
Share this page