• Most votes
  • Most comments
  • Newest
  • Activity
    1. Edit: Version Control Sytem System. Whoops. Can't edit the title now though... Github, Gitlab, git this, git that...I have spent the last few years learning the damn thing. But as an electrical...

      Edit: Version Control Sytem System. Whoops. Can't edit the title now though...

      Github, Gitlab, git this, git that...I have spent the last few years learning the damn thing. But as an electrical engineer, I don't really have to deal so much with collaborating with others and merging branches all that often. I just want to keep track of SPICE netlists, verilog code, Jupyter notebooks, LaTeX files, and maybe some Arduino C code for rapid prototyping. Git seems to be too verbose for me.

      At first glance, I like the idea of Mercurial, perhaps because it is seems simpler, and because it is written in Python, and I have an affinity for Python projects even if I don't really look at their source code (like Tildes), but is this reliably used?

      Is there a VCS for a person who doesn't want to spend every day thinking about how they are supposed to use their VCS?

      15 votes
    2. I'm a computer science student at the moment, and while I've had the advantage of having a parent who was in the software industry from the very start, many of the people in my program have not...

      I'm a computer science student at the moment, and while I've had the advantage of having a parent who was in the software industry from the very start, many of the people in my program have not had such an advantage.

      Our department is small and focuses primarily on the theoretical aspects of computer science, partly because it's technically part of the math department. This is fine until students without a background like mine get to the capstone courses where they're expected to not just write code but actually work together to produce working software!

      Most students don't know anything at all about basic ideas like using the command line, the differences between compiled and interpreted languages, and how networking is done on modern operating systems, but the courses rely on them to either know these things or learn them themselves without guidance, which is massively exclusionary!

      Inspired by the excellent zines of Julia Evans, I want to produce a set of free-to-download illustrated zines, between 8 and 16 pages or so, which introduce people to these kind of concepts.

      So far, the topics I've thought of which are small enough to tackle in something this size and important enough to spend time on writing (and reading!):

      • What is computer science?
      • Kernels, shells, and the command line (theory of shell/kernel)
      • The GNU/Linux command line (bash, coreutils, some other utilities)
      • Computer Programming (Python, maybe? variables, control flow)
      • Programming Paradigms (imperative vs OO vs functional vs maybe more)
      • Basic data structures (e.g. arrays vs linked lists vs hash tables vs ...)
      • Big-O notation / algorithmic thinking

      I would really appreciate any suggestions and/or resources you know of in a similar vein!

      12 votes
    3. Just a bit curious. Currently, mine looks like this. It runs Elementary OS, however considering hijacking it to Bedrock Linux, mainly to get cutting edge software from the AUR (for stuff like...

      Just a bit curious. Currently, mine looks like this. It runs Elementary OS, however considering hijacking it to Bedrock Linux, mainly to get cutting edge software from the AUR (for stuff like Firefox and GIMP) without losing all my data. I think I'll wait for Bedrock to go stable first, though.

      It uses the ePapirus icon theme, which is just Papirus with better support for Elementary's UI. GTK theme is (if I remember correctly) Qogir and the Plank theme is the GTK one. What do yours look like?

      25 votes
    4. The Meta-application layer works by using a number of pre-configured free-to-use web applications such as FB messenger, gmail, skype, gchat, yahoo email, etc to establish a connection and transmit...

      The Meta-application layer works by using a number of pre-configured free-to-use web applications such as FB messenger, gmail, skype, gchat, yahoo email, etc to establish a connection and transmit data over top the application layer.

      It's purpose is to establish a meta-layer for new applications to make use of, to decrease centralization, and to increase privacy. Take the power back from big corporations, and put it back in with the People! (or some such thing, maybe...).

      So each end of the communication would check some pre-configured number of free-online web apps for a code/key from the other side. Once found that key would determine the ordering, frequency, and mediums to use for communication. Such as: gmail - first message, skype - second message, yahoo email - third and forth message, repeat 10x, then reverse order, repeat 10x, and then start over again or better yet some hard-to-discern pattern.

      Privacy would be increased through both obscurity (typically not a good way to do security) and through the use of a multitude of different web applications, each with their own varying degrees of security.

      The actual messages would be the binary code...or for a more directed-application - text messages... Communication would be slow....but possible?

      Anyways, that thought popped into my head so I thought I'd share it in case it took your own brain to any interesting places :)

      4 votes
    5. Does anyone have any experience working as a contractor in the IT field? I have 4 years of experience in the IT industry, all of it as a full time direct hire. I may have an opportunity to work...

      Does anyone have any experience working as a contractor in the IT field? I have 4 years of experience in the IT industry, all of it as a full time direct hire. I may have an opportunity to work for a very large company on a 2 year contract at fairly reasonable salary increase. The most important part to me is that I will be getting some experience off of the service desk as well, which I can use to continue my career going forward.

      My main concern is that I am unfamiliar with contract work. I do know that I get health benefits / 401k / sick days, but I assume there must be a drawback to being a contractor, right? I feel like being a contractor is inherently more unstable than being an actual hire. The position I am being considered for is a 2 year contract, but I worry that the position could simply disappear a few months in and I'd be out of a job. Is this a fair feeling, and is there any way I can gauge how true this might be for my position? Is there something I could discreetly ask in my interview that might help me understand if this is a stable position?

      If anyone has any experience as a contractor, I'd love to hear it.

      4 votes
    6. For my particular use case I share my home PC with my spouse and since I'm the more tech-savvy of the two I'll need to occasionally remote in and help out with some random task. They know enough...

      For my particular use case I share my home PC with my spouse and since I'm the more tech-savvy of the two I'll need to occasionally remote in and help out with some random task. They know enough that the issue will usually be too complex to simply guide over the phone, so remote control it is.

      I'm also trying to improve my personal efforts toward privacy and security. To that end I want to avoid closed-source services such as TeamViewer where a breach on their end could compromise my system.

      The following is the current state of what I'm now using as I think others may benefit from this as well:

      Setup

      Web

      I use a simple web form as my first authentication. It's just a username and password, but it does require a web host that supports server side code such as PHP. In my case I just created a blank page with nothing other than the form and when successful the page generates a 6 digit PIN and saves it to a text file in a private folder (so no one can simply navigate to it and get the PIN).

      I went the text file route because my current hosting plan only allows 1 database and I didn't want to add yet another random table just for this 1 value.

      Router

      To connect to my home PC I needed to forward a port from my router. I'm going to use VNC as it lets me see what is currently shown on the monitor and work with someone already there so I forward port 5900 as VNC's default port. You can customize this if you want. Some routers allow you to SSH into their system and make changes that way so a step more secure would be to leave the port forward disabled and only enable it once a successful login from the web form is disabled. In my case I'll just leave the port forwarded all the time.

      IP Address

      To connect to my computer I need to know it's external IP address and for this I use FreeDNS from Afraid.org. My router has dynamic DNS support for them already included so it was easy to plug in my details to generate a URL which will always point to my home PC (well, as long as my router properly sends them my latest IP address). If your router doesn't support the dynamic DNS you choose many also allow either a download or the settings you would need to script your own to keep your IP address up to date with their service.

      Signal

      Signal is an end-to-end encrypted messenger which supports text, media, phone and video calls. There's also a nifty command line option on Github called Signal-cli which I'm using to provide my second form of authentication. I just downloaded the package, moved to my $PATH (in my case /usr/local/bin) and set it up as described on their README. In my case I have both a normal cell phone number and another number provided by Google Voice. I already use my normal cell phone number with Signal so for this project I used Signal-cli to register a new account using my Google Voice number.

      VNC

      My home PC runs Ubuntu 18.04 so I'm using x11vnc as my VNC server. Since I'm leaving my port forwarded all the time I most certainly do NOT want to leave VNC also running. That's too large a security risk for me. Instead I've written a short bash script that first checks the web form using curl and https (so it's encrypted) with its own login information to check if any PIN numbers have been saved. If a PIN is found the web server sends that back and then deletes the PIN text file. Meanwhile the bash script uses the PIN to start a VNC session with that PIN as the password and also sends my normal cell the PIN via Signal-cli so that I can login.

      I have this script set to run every minute so I'm not waiting long after web login and I also have the x11vnc session set to timeout after a minute so I can quickly connect again should I mess something up. It's also important that x11vnc is set to auto exit after closing the session so that it's not left up for an attacker to attempt to abuse.

      System Flow

      Once everything is setup and working this is what it's like for me to connect to my home PC:

      1. Browse to my web form and login
      2. Close web form and wait for Signal message
      3. Launch VNC client
      4. Connect via dynamic DNS address (saved to VNC client)
      5. Enter PIN code
      6. Close VNC when done

      Code

      Here's some snippets to help get you started

      PHP for Web Form Processing

      <?php
      // Variables
      $username = 'your_username';
      $password = 'your_password_super_long_and_unique';
      $filename = 'path_to_private_folder/vnc/pin.txt';
      
      // Process the login form
      if($action == 'Login'){
      	$file = fopen($filename,'w');
      	$passwd = rand(100000,999999);
      	fwrite($file,$passwd);
      	fclose($file);
      	exit('Success');
      }
      
      // Process the bash script
      if($action == 'bash'){
      	if(file_exists($filename)){
      		$file = fopen($filename,'r');
      		$passwd = fread($file,filesize($filename));
      		fclose($filename);
      		unlink($filename);
      		exit($passwd);
      	} else {
      		exit('No_PIN');
      	}
      }
      ?>
      

      Bash for x11vnc and Signal-cli

      # See if x11vnc access has been requested
      status=$(curl -s -d "u=your_username&p=your_password_super_long_and_unique&a=bash" https://vnc_web_form.com)
      
      # Exit if nothing has been requested
      if [ "$status" = "No_PIN" ]; then
        # No PIN so exit; log the event if you want
        exit 0
      fi
      
      # Strip non-numeric characters
      num="${status//[!0-9]/}"
      
      # See if they still match (prevent error messages from triggering stuff)
      if [ $status != $num ]; then
        # They don't match so probably not a PIN - exit; log it if you want
        exit 1
      fi
      
      # Validate pin number
      num=$((num + 0))
      if [ $num -lt 100000 ]; then
        # PIN wasn't 6 digits so something weird is going on - exit; log it if you want
        exit 1
      fi
      if [ $num -gt 999999 ]; then
        # Same as before
        exit 1
      fi
      
      # Everything is good; start up x11vnc
      # Log event if you want
      
      # Get the current IP address - while dynamic DNS is in place this serves as a backup
      ip=$(dig +short +timeout=5 myip.opendns.com @resolver1.opendns.com)
      
      # Send IP and password via Signal
      # Note that phone number includes country code
      # My bash is running as root so I run the command as my local user where I had registered Signal-cli
      su -c "signal-cli -u +google_voice_number send -m '$num for $ip' +normal_cell_number" s3rvant
      
      # Status was requested and variable is now the password
      # this provides a 1 minute window to connect with 1-time password to control main display
      # again run as local user
      su -c "x11vnc -timeout 60 -display :0 -passwd $num" s3rvant
      

      Final Thoughts

      There are more secure ways to handle this. Some routers support VPN for the connect along with device certificates which are much stronger than a 6 digit PIN code. Dynamically opening and closing the router port as part of the bash script would also be a nice touch. For me this is enough security and is plenty convenient enough to quickly offer tech support (or nab some bash code for articles like this) on the fly.

      I'm pretty happy with how Signal-cli has worked out and plan to use it again with my next project (home automation). I'll be sure to post again once I get that ball rolling.

      14 votes
    7. Hi guys, I'm really stumped and looking for a nudge in the right direction for how to utilise the ghoneycutt/pam module in puppet. Relatively new to this but got what I'd like to think as most the...

      Hi guys,

      I'm really stumped and looking for a nudge in the right direction for how to utilise the ghoneycutt/pam module in puppet. Relatively new to this but got what I'd like to think as most the basics down.

      I've configured a few things using modules such as NTP, SSSD and NSSWITCH but I'm just stuck on how I can use this module and pull info from Hiera into it.

      So, lets start with

      .yaml file:

      
              ### nsswitch.conf authentication configuration
      
              nsswitch::passwd:     'files sss'
      
              nsswitch::shadow:     'files sss'
      
      
      

      And then looking at the nsswitch.pp file:

      
              ### nsswitch.config setup
      
              class profile::linux::base::nsswitch {
      
              # Get heira values
      
                class { 'nsswitch':
      
                  passwd    => [lookup('nsswitch::passwd')],
      
                  shadow    => [lookup('nsswitch::shadow')],
      
      
      

      Simple enough to call the values I want and works how I want, now I'm trying to do the same type of thing for PAM using the ghoneycutt/pam module and there doesn't seem to be much info on how to use it, or it's just not sinking in for me.

      Some of my PAM Heira values:

              pam::pam_auth_lines:
                - '# Managed by Hiera key pam::pam_auth_lines'
                - 'auth        required      pam_env.so'
                - 'auth        sufficient    pam_fprintd.so'
                - 'auth        sufficient    pam_unix.so nullok try_first_pass'
                - 'auth        requisite     pam_succeed_if.so uid >= 500 quiet'
                - 'auth        sufficient    pam_sss.so use_first_pass'
                - 'auth        required      pam_deny.so'
              pam::pam_account_lines:
                - '# Managed by Hiera key pam::pam_account_lines'
                - 'account     required      pam_unix.so'
                - 'account     sufficient    pam_localuser.so'
                - 'account     sufficient    pam_succeed_if.so uid < 500 quiet'
                - 'account     [default=bad success=ok user_unknown=ignore] pam_sss.so'
                - 'account     required      pam_permit.so'
              pam::pam_password_lines:
                - '# Managed by Hiera key pam::pam_password_lines'
                - 'password    requisite     pam_cracklib.so try_first_pass retry=3 type='
                - 'password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok'
                - 'password    sufficient    pam_sss.so use_authtok'
                - 'password    required      pam_deny.so'
      

      Some things I've tried:

      1:

              class profile::linux::base::pam {
                # resources
                class { 'pam':
                  password-auth-ac  => [
                    lookup('pam::pam_auth_lines')],
                    lookup('pam::pam_account_lines')],
                    lookup('pam::pam_password_lines')],
                    lookup('pam::pam_session_lines')],
                 }
      
      

      2:

      
      	
      	      passwd  => [
      	
      	      lookup('pam::pam_auth_lines'),
      	
      	      lookup('pam::pam_account_lines'),
      	
      	      lookup('pam::pam_password_lines'),
      	
      	      lookup('pam::pam_session_lines'),
      	
      	      ],
      	
      	  }
      
      
              include ::pam
      
      	class profile::linux::base::pam {
      	
      	  # resources
      	
      	    include ::pam
      
      	         lookup('pam::pam_auth_lines')
      	
      	}
      
      
      

      I've tried a few other ways and can't get it to work as I want it to. Can anyone help?

      Thanks

      4 votes
    8. As an undergrad computer science student, I'll be starting my career soon. I want to make it enjoyable, productive, avoid too many mistakes and generally try to succeed. If you want to share...

      As an undergrad computer science student, I'll be starting my career soon. I want to make it enjoyable, productive, avoid too many mistakes and generally try to succeed.

      If you want to share anything that could be beneficial to succeeding in various tech fields, either books, advice or really anything else - I'd like to hear it.

      Books
      Are there any books that you can recommend, which helped you in your career. From hard technical skills, to soft interpersonal skills required to succeed in software engineering, systems engineering, or similar fields. Books oriented towards problem solving, algorithms, good engineering practices, etc.

      A book I found recommended quite a lot, but didn't get around to reading just yet is Designing Data-Intensive Applications.

      Blogs or any other sources are welcome as well.

      A bit of background

      I'm currently an undergrad computer science student, but I started programming around 8 years ago and finished a few projects on my own. I've been working at a small software company for the past 2 years, but I don't really feel like I'm improving as much as I could - mostly due to constrained budgets and short deadlines, which don't allow me to grow. I want to read and improve my skills on my own time as well.

      I'm not sure if this topic has been discussed before - I'm new to Tildes and haven't figured out how to filter results to only display topics in ~comp.

      20 votes
    9. I'm curious as to what the Tildes Linux/BSD community (and I suppose other answers like Windows or MacOS would be acceptable, though they may feel a bit more dry) use for their desktop. I imagine...

      I'm curious as to what the Tildes Linux/BSD community (and I suppose other answers like Windows or MacOS would be acceptable, though they may feel a bit more dry) use for their desktop. I imagine that Ubuntu and Gnome will dominate the answers as you would expect, but maybe you'll surprise me. Personally, I'm on Arch Linux with i3-gaps. I use Arch because I enjoy the DIY aspect of Linux as well as the aur and slim nature of Arch. I'd also be lying if I didn't say I use it partially just because I like the "pacman" pun.

      As for i3-gaps, I think that WMs are generally more customizable and good for 'ricing', plus they go with my workflow and are convenient in that they load faster and the likes, though I have to admit I have only ever used i3 (I've been considering trying out bspwm). So, what do you guys use? You can also of course share more information such as your shell or DM if you wanted, though I highly doubt anyone cares what display manager you us or anything.

      25 votes
    10. I've been thinking about this but based on the current rulings in the Oracle v. Google court case, it would seem that APIs are indeed copyrightable. This would mean that Wine would be infringing...

      I've been thinking about this but based on the current rulings in the Oracle v. Google court case, it would seem that APIs are indeed copyrightable.

      This would mean that Wine would be infringing on Microsoft's copyright of the Windows API and system calls. Of course it wouldn't matter until Microsoft actually does something about it. But as Wine gets better and better and its market share higher and higher, I worry that Microsoft might set their sights on Wine now that they have the law on their side.

      15 votes
    11. One of the people in an IRC channel I frequent pointed out a site I've been building uses CDNs that are IPv4 only. I never realized this, I just assumed every major provider had deployed IPv6. Oh,...

      One of the people in an IRC channel I frequent pointed out a site I've been building uses CDNs that are IPv4 only. I never realized this, I just assumed every major provider had deployed IPv6. Oh, how very wrong I was. A quick check of some major (to me) sites shows a shocking lack of IPv6, including:

      • Bootstrap (stackpath.bootstrapcdn.com)
      • Discord
      • FontAwesome (use.fontawesome.com)
      • GitHub/GitHub pages
      • GitLab/GitLab pages (self-hosted supports IPv6, but officially hosted GitLab only supports IPv4 due to Azure limitations)
      • jQuery, IF you use code.jquery.com (some tutorials use ajax.googleapis.com, which does have IPv6, but an unfortunate amount use code.jquery.com, including the getting started page for Bootstrap)
      • Parts of Amazon/AWS (Amazon is IPv4 only, some of AWS is IPv4 only, including S3)
      • Reddit
      • Stack Overflow/Exchange/etc
      • Twitter

      An honorable mention goes to Angular's websites because the websites themselves are IPv4 only but the libraries are hosted on ajax.googleapis.com, which is IPv6 accessible. I checked npm, PyPI, RubyGems, and Tildes, and they all support IPv6.

      I can understand why companies like Amazon have partial support (upgrading can be a PITA if you're a cloud service provider with uptime requirements), but then you have services like Discord (launched in 2015 with no obligation to maintain service) that only support IPv4. At the very least, I'd expect CDNs referenced by thousands (if not millions) of webpages to be on IPv6 by now.

      Am I missing something? CDNs are pretty static, it's just a matter of choosing one that supports IPv6, you don't even need to update your application if you just change the DNS entries.

      13 votes
    12. I just received a mail from my own e-mail address, hosted on Gandi on my own domain name. It said that the sender has hacked me, used malware, keyloggers and RDP to get my passwords and copy all...

      I just received a mail from my own e-mail address, hosted on Gandi on my own domain name. It said that the sender has hacked me, used malware, keyloggers and RDP to get my passwords and copy all my files to his own computer, and took videos of me while watching adult content using my webcam (I never noticed the light turning on for it). Claims they've been doing this for a few months. Gives a bitcoin address and wants $1000 (a sum I can't and won't give, don't even have a fraction of it) in 48 hrs, or else will share the videos with my contacts. It said something about a pixel the message included.

      I viewed the message from K-9 mail on android (which didn't tell anything about pixels or whatnot), and when I went back on my computer to check the headers and stuff, the message was deleted.

      Now, is this some sort of phishing or or have I really been pwned? I feel like it's just phishing, but the message deleting itself kinda gave me shills of fear. I promptly changed my password for the mail account.

      10 votes
    13. There seems to be a trend lately of people switching over to BSD operating systems. Having read some blog posts on the matter and now given the recent system-d controversy, I'm genuinely curious...

      There seems to be a trend lately of people switching over to BSD operating systems. Having read some blog posts on the matter and now given the recent system-d controversy, I'm genuinely curious to give FreeBSD or OpenBSD a go as my main OS.

      For those who have switched over to BSD, what are some problems you've encountered and/or what are some things you miss?

      33 votes