bash time limit on commands
Several programs, like "timelimit" and "timeout", exist to prevent a process from running for too long.
However, if you want to do this on a box where neither is installed, there's a way to do so with bash alone.
Based on the original script I found at pixelbeat.org...
#!/bin/sh
# Execute a command with a timeout
# Author:
# http://www.pixelbeat.org/
# Notes:
# If the timeout occurs the exit status is 128.
# There is an asynchronous (and buggy) equivalent of this
# script packaged with bash (under /usr/share/doc/ in my distro),
# which I only noticed after writing this.
# I noticed later again that there is a C equivalent of this packaged
# with satan by Wietse Venema, and copied to forensics by Dan Farmer.
# Changes:
# V1.0, Nov 3 2006, Initial release
# V1.1, Nov 20 2007, Brad Greenlee
# Make more portable by using the 'CHLD'
# signal spec rather than 17.
if [ "$#" -lt "2" ]; then
echo "Usage: `basename $0` timeout_in_seconds command" >&2
echo "Example: `basename $0` 2 sleep 3 || echo timeout" >&2
exit 1
fi
cleanup() {
{ kill %1 2>/dev/null; }& # kill sleep $timeout if running
kill %2 2>/dev/null && exit 128 # kill monitored job if running
}
set -m # enable job control
trap "cleanup" CHLD # cleanup after timeout or command
timeout=$1 && shift # first param is timeout in seconds
sleep $timeout& # start the timeout
"$@" # start the job
I made a new script in bash, which also returns the correct exit status if the command completed before the timeout:
http://www.dhampir.no/stuff/bash/timeout.bash
Works well for me, at least 
Debian and Ubuntu auto-login and Xorg without a display manager
If you have a harddrive password (most laptops do this) or full disk encryption, you might not feel the need for an additional login after your system boots.
On most Debian-based systems, TTY's 1 through 6 are available after boot, while TTY 7 is used for Xorg. Therefore, I like to put my auto-login TTY on TTY 8, so it's out of the way and leaves TTY 1 available for troubleshooting and similar.
Auto-login to Xorg requires two things: The actual auto-login and a script which loads Xorg.
First things first. The autologin.
In the olden days on a Debian system, this was done by adding a line similar to this one in /etc/inittab:
8:23:respawn:/bin/login -f bolt tty8 /dev/tty8 2>&1
This spawns a TTY 8 and logs in as "bolt" (change to suit your needs). It will do so on runlevels 2 and 3.
Now, however, the tool "rungetty" is generally used for this, as it's more flexible and performs the same functions with a cleaner syntax. First, "apt-get install rungetty" to make sure it's there, then add a line similar to the following:
8:3:respawn:/sbin/rungetty tty8 --autologin bolt
Note that on Debian Lenny and older, the version of rungetty has a specific check in code which only allows --autologin to work on tty1. If asked to autologin on another tty, rungetty would silently fail and spawn a normal login tty. This restriction has been removed from Squeeze and onwards.
On Ubuntu 10.10, the tty configuration is not in /etc/inittab. There, you have to add a file called "/etc/init.d/tty8.conf" with the following contents:
# tty8 - getty
#
# This service maintains a getty on tty8 from the point the system is
# started until it is shut down again.
start on runlevel [23]
stop on runlevel [!23]
respawn
exec /sbin/rungetty tty8 --autologin bolt
I basically copied tty6.conf and modified it to make that.
Autostarting Xorg
So by default when you login, both Debian and Ubuntu will leave you with a bash prompt, and very little graphical goodness. Thus, you want your login script to start Xorg, but only if Xorg is not already running, and we're on tty8. Otherwise, switching from Xorg to a console with, for example, ctrl+alt+f1, would cause another attempt to launch Xorg.
Thus I made this script, named ".bash_login", and put it in my home directory.
# ~/.bash_login: executed by bash(1) for login shells.
# include .profile if it exists
if [ -f "${HOME}/.profile" ] && [ -r "${HOME}/.profile" ]; then
source "${HOME}/.profile"
fi
# if we're not root and we're logged in on tty8, we assume a rungetty autologin and start xorg
if [ ! -z "${UID:-}" ] && [ "$UID" != "0" ] && [ -z "${DISPLAY}" ] && [ ! -z "${SHLVL:-}" ] && [ "$SHLVL" == "1" ]; then
if [ "$(tty)" == "/dev/tty8" ]; then
trap "chvt 1; logout" INT TERM EXIT
chvt 8
while true; do
echo "starting xorg"
startx
echo "sleeping 2 seconds"
sleep 2
done
fi
fi
This script will do a few sanity checks, then run Xorg. If Xorg exits, it will sleep 2 seconds and run it again. If the script is told to stop, it will change to tty1, then logout of tty8.
Remote desktop does not support colour depth 24; falling back to 16
rdesktop on Linux will give this warning message when connecting to a Windows machine which has not been configured for 24-bit color RDP connections. This has, amongst other things, the effect of showing some horrible, jaggy desktop icons. See the pictures on the right for reference.
On Vista, Windows 7 and later (?), the solution is simple: Use 32-bit colors (-a 32)
On XP, which doesn't support 32-bit colors, it gets a little more complicated. XP does support 24-bit connections, but this mode is disabled by default because of bandwidth concerns and bad choices.
To fix this problem on XP (nothing needs changing on the Linux or Windows client) you need to access the Local Machine Group Policy editor.
If you're lucky, going to Start -> Run -> "gpedit.msc" will work for you. Type "gpedit.msc" without the quotes (and click "Run").
If that does not open the group policy editor, this is the long way around:
- Start -> Run and type in "mmc"
- Add the Group Policy snap-in by going to File -> Add/Remove Snap-in -> Add -> Group Policy Object Editor -> Add -> Finish (Local Machine) -> Close -> Ok
In the Group Policy Editor, navigate to Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services, and double-click on the 'Limit maximum Color Depth' object.
Set the item to "Enabled" and set "Color Depth" to "24 bit"
Click OK, then log in with the remote client. If the changes haven't been applied, reboot the server.
Rejoice with your new, shiny desktop icons and full 24-bit desktop.
OTP (one-time passwords) on Debian Squeeze SSH logins
So, you're out of your secret lair and now you need to log in from a computer you don't trust. After all, every computer you don't administer is most likely full of viruses, malware and probably even a hardware keylogger somewhere along the keyboard cord, right?
So you want to use a one-time password, so that even if someone snatches it, it has already been used and can never be used again.
Fortunately, one-time passwords on Debian is a breeze to set up.
apt-get install opie-server
This will install opie-server, which will drag along opie-client and libpam-opie as dependencies, unless you have them already.
Now you have to choose if you want one-time passwords for every single login, or only the ones happening over SSH
I wanted it only for SSH logins, so I edit /etc/pam.d/sshd (might be named just "ssh" in other distros)
At the bottom of the file, I appended:
auth sufficient pam_opie.so auth required pam_deny.so
This will make your server first ask for your password, then ask for the one-time password if the password is correct. If you want it to not ask for your normal password, comment out the last line of the file, saying "@include common-auth"
"common-auth", in /etc/pam.d, is also the file you have to edit if you want one-time passwords for all logins, not just for SSH. Don't have sshd ask for your normal password if you also use that for FTP connections or other stuff which doesn't also require a one-time password. Your normal password should be unique.
Then you need to enable challenge response authentication in SSH, which is disabled by default in Debian Squeeze. Edit /etc/ssh/sshd_config and locate the line "ChallengeResponseAuthentication no" change this to "yes" and restart sshd
/etc/init.d/ssh restart
Next, all you have to do is set a passphrase for your one-time passwords:
opiepasswd -cf
-c is for console mode, -f is only needed if you're currently logged in remotely, to force opiepasswd to assume the connection is secure.
Enter the passphrase it asks for. This should be some sentence you can easily remember, preferably with upper and lower case and punctuation.
Now you're ready to try it. Connect, enter your password, watch the one-time password challenge appear:
ssh myserver.dhampir.no Password: otp-md5 498 sl8229 ext, Response:
You can generate the one-time passwords using any suitable tool. I use VeJOTP to generate the passwords on my Java phone, which is really neat, but you can also just use "opiekey" to generate passwords and print them out:
$ opiekey -n 10 498 sl8229 Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Sorry, but you don't seem to be on the console or a secure terminal. Warning: Continuing could disclose your secret pass phrase to an attacker! Enter secret pass phrase: 489: BABY NAN GALL MONA WEST LUG 490: FEND DES WOO RACE BED AQUA 491: GET FAST HECK BELA NONE RAY 492: NINE SUCH CUNY ARID JUNO SOUR 493: DOTE DUG BRED WARN AWRY SAID 494: FAWN ABUT SAY KILL WAVE WATS 495: RASH AMES BLUE SAP DEE GAB 496: JACK DIRE LUCY ROOM JACK RENA 497: FLUE LOAM TICK LAMB ROWS BEST 498: GLIB ELBA POE OUCH ROW LEN
This command generates the 10 next passphrases, counting down from the requested one (498) based on challenge sl8229.
One-time passwords count downwards, because every key is based on the previous ones, and starting at the end of the list, you then can't calculate the "next" (previous) key.
Windows XP activation doesn’t pop up after repair or ghost
Also, how to log on without activating Windows
------------------------------------------------------------
Ghosted a machine to a new harddrive today, as the old one was failing.
Windows activation pops up on the first boot, as is to be expected, but when I clicked "Activate", nothing happened. The activation wizard simply wouldn't continue. And of course I couldn't get in and activate the system normally, because Windows didn't let me log on without activating. Gah!
The solution, it turns out, is the following:
- Start the machine, while repeatedly hitting F8 from just after the initial BIOS image disappears
- Choose "Safe-mode with command prompt"
- When the command prompt appears, type "explorer" and press <enter>
You're in!
Now you need to (re-)install a hotfix, and Internet Explorer 8. Download them on another machine, and put them on a CD, a USB-stick, or whatever you have available. Install the hotfix first.
Hotfix KB946501: http://support.microsoft.com/default.aspx/kb/946501
Internet Explorer 8: http://www.microsoft.com/windows/internet-explorer/default.aspx
The files you need are called (for English Windows XP):
WindowsXP-KB946501-v2-x86-ENU (hotfix)
IE8-WindowsXP-x86-ENU (Internet Explorer 
Anyway, after they're installed, reboot and activate as usual.
Worked for me
Avoiding invalid commands in Bash history
To avoid having stuff like "ls" in my bash history, I added "ls" to the "HISTIGNORE" environment variable.
However, on late nights, the result of this, and my left and right hand becoming out of sync with each other when I'm tired, is that the entry "sl", which really doesn't do anything, started showing up in my history instead.
Now, invalid commands in bash result in two things. A message saying "command not found" and exit status 127.
The latter is interesting. We can use that to avoid having the invalid entries showing up in the history.
If you don't already have a bash PROMPT_COMMAND set, add this to .bashrc:
PROMPT_COMMAND="mypromptcommand"
function mypromptcommand {
}
That function will now be run every time your prompt is about to appear. Within it, we put this:
local exit_status=$? # If the exit status was 127, the command was not found. Let's remove it from history
local number=$(history | tail -n 1 | awk '{print $1}')
if [ -n "$number" ]; then
if [ $exit_status -eq 127 ] && ([ -z $HISTLASTENTRY ] || [ $HISTLASTENTRY -lt $number ]); then
history -d $number
else
HISTLASTENTRY=$number
fi fi
What this does:
- Gets the exit status of the last command
- Gets the number for the latest entry in your history, if there is one
- Checks if that entry was set to anything
- If it was, we check if the exit status and see if it's 127. We also require the HISTLASTENTRY variable to be either unset or less than the number of the latest history entry. This means the command in question was either added to the history, increasing the number of entries already there, or it was the first command ever (empty history)
- If the above is true, we delete the last history entry
- Otherwise, we set the last history entry to the amount of entries we found, so we can check if it is increased next time.
Improve the mouse response and acceleration in Debian
Note: This information is now slightly outdated, as the patch is already in Debian Squeeze.
One of my biggest issues with moving from Windows to Linux as my desktop is how the mouse is handled in xorg. In xorg, the mouse had (and still has, in Debian Lenny) two settings for mouse speed: acceleration and threshold. Simply put, what these do is that whenever the mouse is moving faster than the threshold, it gets accelerated by the acceleration value, and otherwise it's unaccelerated.
While this may work for some people, I found it horribly annoying. Before anyone jumps up and bites me, I do know that I can set the threshold to 0 and get some sort of normal acceleration, but I hate that one too. Luckily, Simon Thum has come up with a solution.
His solution has been patched into the newer versions of xorg. The bug is available at freedesktop.org, and the latest patch is here. However, while this patch goes into version 1.4 or xorg without a hitch, the Debian (and probably Ubuntu) build system requires an additional change in the Makefile.in file.
In short, here's a howto for Debian Lenny on getting the new and much improved mouse handling in:
Become root
su (type root password)
First, make sure you've installed everything required to build stuff in the first place:
apt-get update && apt-get install build-essential fakeroot
Become a normal user again
exit
Make a temporary directory, cd to it, then get the sources for xserver-xorg-core
mkdir mousepatch cd mousepatch apt-get source xserver-xorg-core
apt-get will download the sources, extract them and apply the Debian-specific patches.
Next, we need all the build-dependencies. These are the libraries used in xserver-xorg-core, which we'll need to compile the source code.
apt-get build-dep xserver-xorg-core
Now make a backup of the source code (This is not strictly necessary, but I like to do so anyway before messing around with it. Saves doing another apt-get download.)
cp -r xorg-server-1.4.2 xorg-server-1.4.2-orig
Now we want to apply the mouse patch. You can either use Simon's original patch from the link above, or you can download a Debian-specific version of it here. This is the exact same patch as the one above, except it only fits into this specific source code, and it contains the changes to the Makefile.in file, which allows dpkg-buildpackage to successfully compile it.
cd xorg-server-1.4.2 patch -p1 <path to mouse patch>
Now build the package.
dpkg-buildpackage -rfakeroot
This will generate quite a few .deb files in the parent directory, and will probably also exit with a return value of 1, complaining it is unable to find Julien Christau's private key. You are most likely not Julien Christau, so you will not be able to sign the package as him. This is irrelevant, as we're not going to distribute this package anyway.
The only .deb you have actually changed is the one named xserver-xorg-core_1.4.2-10_i386.deb, so this is the one we want to install:
cd .. su (root password again) dpkg -i xserver-xorg-core_1.4.2-10_i386.deb
Now, assuming all went well, you may restart X or reboot, whatever your preference, and enjoy your newfound mouse bliss. I actually prefer my new Linux mouse-setup to my dualbooted WinXP IntelliMouse drivers now.
To learn how to set up your new mouse acceleration, please refer to the developer documentation. For the record, these are the relevant lines from xorg.conf for my current setup:
Section "InputDevice"
Identifier "Configured Mouse"
Driver "mouse"
Option "Device" "/dev/input/mice"
Option "Protocol" "auto"
Option "Buttons" "7"
Option "ButtonMapping" "1 2 3 6 7"
Option "ZAxisMapping" "4 5"
Option "AccelerationProfile" "1"
Option "VelocityScale" "10"
EndSection
Only the AccelerationProfile and VelocityScale is specific to this patch. Also, I use "xset m 18/10 0" to set my mouse speed.
Enlightened XFCE4
A howto stolen from http://ubuntuforums.org/showthread.php?t=101066 for later use. All credit to its writer, Iandefor.
ssh: how to permit root login only from local network / ip
From version 4.3p2, sshd supports an interesting option called Match. At the time of writing, this is the version supplied with Debian Etch (stable).
Encrypted swap in Debian
So, you got your home directory encryopted, but you're not sure what sensitive material could end up in swap? After a long day of running a whole lot of applications and processes, many interesting things could potentially wind up there. So here's how to make sure that data is completely garbled after a reboot.