Okay, I finally have a blog. Not exactly sure what I'll be doing with it though. Someone commented that I seem to be more interested in the technology behind the blog rather than the content.

So, let's see what comes out of this, shall we?

This semester break is going to be very hectic. As usual, I'm tinkering with system configuration and administration of the various computers under my charge. The schedule is extremely tight though.

Mediawiki has been upgraded to PHP 5, so the various content management systems in use have to be tested. There are plans to migrate the linuxNUS domain to our own server, and set up email services for it too. As such, a testing server has to be set up, not at all trivial when the production and testing systems are located within 2 different networks. Sigh...

On the bright side, Eugene Teo has agreed to do a security talk! He can't think of what to say though, so I am going to bait the linuxNUS mailing list.

Update: Damn, still can't get Xen up on the testing server. I'm badly behind schedule.

Tips and Tricks for the Linux (and maybe solaris too) platform

Encountered a problem deleting a file with the name "--option=backup" (without the quotes). Don't ask me how it got there, I have no idea. It can't be deleted using rm or renamed using mv.

[user@system /]# rm '--owner=backup'
rm: unrecognized option `--owner=backup'
Try `rm --help' for more information.
[user@system /]# mv '--owner=backup' nothing
mv: unrecognized option `--owner=backup'
Try `mv --help' for more information.

Solution? Shyam Mani suggested unlink '--option=backup'. Apparently, it directly uses the Linux unlink system call to delete files, so does not encounter the same problem as rm
Update 1: Some people suggested alternatives like rm -- '--option=backup', or rm ./--option=backup. Both worked nicely.
Update 2: And yes, Konqueror can delete that file too. Why didn't I think of that?

Yeah, I was part of a charity donation drive organised by linuxNUS, donating food for the Boys Brigade Sharity Gift Box. The donation drive was launched only 2 days before the end of the event, but we managed to collect $100 even without much publicity.
In total we bought 60kg of rice, 2 big tins of Ovaltine, and 5 boxes of cerals.
Things could have been organised better if we had a few more days though. Maybe we could source for wholesale distributors to buy the food, or find someone willing to transport the food we bought from the distributors. Next time then.
Warm and fuzzy feeling...

As mentioned previously, I had to mirror a server for testing purposes across two networks through a computer in the middle. The best way I found was to do an rsync over ssh, but this requires a non-password authentication, hence I have to set up a RSA key-pair login.

Server setup

First, the ssh server must allow this authentication method. Make sure /etc/ssh/sshd_config has the following:

Protocol 2            # use ssh protocol 2!!

# Authentication

RSAAuthentication      yes
PubkeyAuthentication   yes
AuthorizedKeysFile      .ssh/authorized_keys

Restart your ssh server. You might want to start another ssh session first, in case there's something wrong and your ssh server can't restart.

Make sure you are the only user able to access ~/.ssh/authorized_keys by changing the permissions to 600.

[user@server] $ chmod 600 ~/.ssh/authorized_keys

Client side

The default location of the RSA key-pair is in ~/.ssh/id_rsa (private key) and ~/.ssh/id_rsa.pub (public key). This is set in /etc/ssh/ssh_config of your client computer, under IdentityFile.

In your own account, generate a RSA key-pair. You do not need a password passphrase. Store the keys in the location indicated in your ssh client configuration.

[user@client] $ ssh-keygen -t rsa

Change the permissions such that only you can read the files.

[user@client] $ chmod 600 ~/.ssh/id_rsa
[user@client] $ chmod 600 ~/.ssh/id_rsa.pub

Append your public key to the ssh server. Of course you can cut and paste, or you can do this:

[user@client] $ cat ~/.ssh/id_rsa.pub | ssh username@ssh.server "cat - >> ~/.ssh/authorized_keys"

Test your setup

If everything works, you should be able to login without typing in any passwords. Hooray!

I just found out I'm indexed by Technorati when I logged into the linuxNUS site. Geez, since I'm already indexed, I might as well claim the blog...

Cheers, and merry christmas!