Tag Archives: debian

Automatically lock your Linux machine via bluetooth

I had a requirement to lock my laptop at work automatically without having to touch it. The way devised by a friend was to enable the screensaver and its locking mechanism every time my phone’s bluetooth was out of range i.e. could not be seen via hcitool scan. It works *really well*! Now my laptop locks whenever I leave the room.

Update: It seems this was popular with reddit.com/r/linux, so I’ve uploaded the script to github and added unlocking support!

Here’s the code:

#!/bin/bash
DEVICE=the bluetooth MAC id
DEV_NAME="The actual device's alias/name"
INTERVAL=5 # in seconds
# Start xscreensaver if it's not already running
pgrep xscreensaver
if [ $? -eq 1 ]; then
echo "Starting xscreensaver..."
xscreensaver &
fi
# Assumes you've already paired and trusted the device
while [ 1 ]; do
opt=`hcitool name $DEVICE`
echo $opt
if [ "$opt" = "$DEV_NAME" ]; then
echo "Device found. Not locking"
else
echo "Can't find device $DEVICE ($DEV_NAME); locking!"
xscreensaver-command -lock
fi
sleep $INTERVAL
done

Server Backup with Spider Oak

I’m a SpiderOak fan. It’s secure, easy and well documented. Some really good traits. Their support is fantastic too.

After using it on my Laptop, I thought I’d start using it for my Debian server’s backup. It makes sense to use something that bundles encryption and zero-knowledge to satisfy offsite backup.

The same client you would use on your Linux desktop can be used in headless or batch modes. Combined with the --backup command, you can target your essential backup areas quickly and easy.

Assuming you have signed up (you get 3GBs free with this referral link), all you need to do is follow these easy steps.

Step 1 – Get SpiderOak on your sever
wget https://spideroak.com/directdownload?platform=slackware&arch=i386

Extract it to a place of your choosing and cd there (for argument’s sake, we’ll call this extraction directory $SO_HOME).

Step 2 – Copy the shared libraries
SpiderOak’s client will expect shared libraries to be available on your system. These are bundled in the .tar.gz you’ve downloaded. Copy these to your /usr/lib/ to make life easy.

cp $SO_HOME/usr/lib/SpiderOak /usr/lib/ -R

Step 3 – Initialise SpiderOak
You need to give SpiderOak a username and password and then let it add the server as a new device. You can do this by executing the following command and completing the prompts:
SpiderOak --setup=-

Step 4 – test the client works
Running a simple $SO_HOME/usr/bin/SpiderOak --help should show no errors and present you with the help message.

Step 5 – run a backup
Now all you’ll have to do is execute SpiderOak with a backup target and let it run!

SpiderOak --batchmode --backup=/home

Voila!

Convert LaTeX to any output format easily

I use LaTeX to take notes, record TODO lists, the shopping and everything in between.

Oftentimes, I’ll need to copy my notes to somewhere: a wiki, this blog, or to put in an email. It’s at this point I need to quickly convert to my target format.

So, to satisfy the above, I wrote a wrapper script that takes a file name and corresponding target format for output (according to Pandoc):

#!/bin/bash
if [ $# -lt 2 ]; then
echo "Please provide a filename and output format compatible with pandoc"
exit 1
fi
pandoc -f latex -t $2 $1

Very simple. Like I said, take a file name and the pandoc output format and then pass it all to pandoc to convert the LaTeX original to a format of my choosing. Very handy!

IPTables Firewall for your Server

Don’t write your own. Why? ’cause you’ll mess it up and end up in a false sense of security.

Some Norwegian dude called Vegar told me of the Debian package arno-iptables-firewall. It’s an iptables-based firewall that can be administered in your favourite text editor or more conveniently by dpkg!

So, remove that crappy iptables script that you wrote to “protect” your public-facing server and go do this:

apt-get install fail2ban arno-iptables-firewall

Linux + svn + ssh+ Samba/NTFS: Operation Not Permitted!

My fancy-dancy and super-awesome SheevaPlug has certainly settled in at home.

It exposes my media from my NAS so I can access it anywhere; runs transmission-daemon headless for all the ISO downloading of open source software I do; runs subversion/svn for my source code versioning needs; cleans the cat when it runs in with…OK, no. Honestly: it’s simply brilliant.

The latter function — subversion — was suffering from a teething problem or two. I run it via ssh login, so I configured openssh-server to match a group and force running svnserve as follows:

Match Group svn
ForceCommand /usr/bin/svnserve -t -r /mnt/code/scm/svn/repo/

which allows me to login using ssh users and be super-secure over-the-wire. Great.

I then mounted my NAS share (still on the SheevaPlug) that holds the (yet to be created) svn repo. using the following line in /etc/fstab:

//192.168.1.90/code /mnt/code smbfs username=alex,password=moo,uid=1002,gid=1002 0 0

all good.

I then create a repository and try to commit some code, but am presented with:

Transmitting file data .svn: Commit failed (details follow):
svn: Can't chmod '/mnt/code/scm/svn/repo/atc/db/tempfile.8.tmp': Operation not permitted

darn.

Turns out the uid option in the fstab line was referring to a non-existing user. So I corrected it and added umask=000 to the fstab line and it was all back up-and-running.

Sweet.

Off to code more bugs.