Roundtable February 2016

roundtable@muug.ca

16 participants
14 discussions

IBM "clicky" keyboards
by Adam Thompson 13 Oct '16

13 Oct '16

Enough people have wondered/asked/complained to me about this that I'm posting this now as a public service. IBM Model "M" keyboards are still available, *NEW*, today. They are expensive, but they are the original design that you can use as a melee weapon. The catch is that they don't say "IBM" or even "Lexmark" on them. They are available for purchase from the manufacturer, Unicomp, who can be found online at http://www.pckeyboard.com/. You can also find some vintage NIB units from time to time at http://www.clickykeyboards.com/. There are also a number of other manufacturers now making similar, but not quite as good, keyboards. - CVT Inc., the maker of the Avant Stellar (I own two of them), which is the direct descendant of the Northgate Omnikey, seems to have restructured and no trace of their keyboard manufacturing operation can be found online. However, Northgate keyboards are still available new-in-box from (this is a horrible site, beware) http://www.northgate-keyboard-repair.com/. - The Happy Hacking keyboard (now owned by Fujitsu, apparently) is equally comforting to some people despite having a totally different feel. They, and many others, can be had from http://www.elitekeyboards.com/ - Das Keyboard - Anything using Cherry MX Green, Blue, or White keyswitches. The "green" switches apparently are the closest anyone's come yet to emulating the IBM/Lexmark/Unicomp switches... and they can be had in MUCH cheaper keyboards, like the Rosewill RK-9000 (http://www.newegg.ca/Product/Product.aspx?Item=N82E16823201040 and http://techreport.com/review/23405/rosewill-rk-9000-series-mechanical-ke yboards-reviewed). - And there are an increasing number (yes, again, after the big die-off ca. 2009) of speciality manufacturers of "ergonomic" keyboards that are making clicky keyswitches available as an option. One of the better ones is a tiny shop in Ontario, but I can't find the name right now. References: http://en.wikipedia.org/wiki/Model_M_keyboard http://en.wikipedia.org/wiki/Unicomp http://deskthority.net/wiki/Cherry_MX -Adam Thompson athompso(a)athompso.net

7 12

anti-spoofing geoloc in HTML5
by Trevor Cordes 28 Feb '16

28 Feb '16

I'd like to have a web page / form that gets the geo-location (via HTML5 and js) of the user (expected to be on a GPS phone) in such a way that I can be pretty sure they are at the coordinates I'm expecting. In other words, I want them to only access my page when they are at a certain place. I want to minimize hackers capturing / spoofing this page so that they can't do replay attacks, reverse engineering, etc. I don't want them to trick the site into thinking they are at the place the next day when they are not. The main page will be a form which requests geoloc and fills in a hidden form field with coords, and the user fills in some user text fields. The results get posted to my server. Since this is just a web page (not a native app), I understand I probably (almost assuredly!) can't lock this down 100%. But maybe I could stop the average (smart-ish) joe from spoofing it? I've thought of a few ways to make the spoof harder: tokens, timestamps, js obfuscation of post data and code, etc. I just thought I'd pick the brains of the MUUG geniuses for some ideas.

1 0

at command
by Trevor Cordes 28 Feb '16

28 Feb '16

Is there a way to tell after the fact what command(s) an "at" command ran? I got an email about an error in a cron job and it appears to be an at command that was queued up. The error is suspicious, and I don't remember queueing this at command (though I do use at from time to time). I can find in logs that it was atd running it under my user id, but the at queue is now empty and I can't find a way to retroactively see what commands/script tried to run. I'm doing a full fs search on some of the error strings but I am not hopeful. Is there a way to find out more about what at ran? Are there options that in the future would give me more log/debug output so I can more easily answer this type of question?

3 4

Re: [RndTbl] at command (John Donovan)
by jd 27 Feb '16

27 Feb '16

From where I'm at a) if it's being logged as having been run as user theo then we know theo is in /etc/at.allow Maybe anticipate the mystery process' next run and temporarily remove/disallow user theo Later, see error log for user theo The fully-spelled mystery command may show up. Also check root's error log (or errlog of anyone else in /etc/at.allow) in case the mystery command is invoked by spoofing .. $ sudo su theo -c "/explicitpath/script.sh" And, further on Theodore's mention of the -m option for at b1) I am a fan of alias, so .. add to your ~/bashrc alias at='/usr/bin/at -m' (for this Debian+bash example: to be accurate in spelling out the explicit invoke path, here, I did a $ which at and I was surprised to learn Ubuntu/Mint does not include it [at] in default install) Hmpf. b2) $ sudo mv /usr/bin/at /usr/bin/_at Then write a clever script named /usr/bin/at ( <-- no .SH this time) That can jot out a few notes about how & when it got called, then invoke the intended process, calling the re-named binary _at c) Optional reading - - at-tangent at ack-ack attack - - Early OCR would substitute a default character for any it could not recognise, into its text output. The chosen char was commonly @ Until you tuned scan resolution, etc (or until better OCR came along) your output would contain a lot of @ My pal Walter Gibbons is blind and in ancient days, we futzed with his kit to run OCR output thru his spiffy DECTalk TextToSpeech jobby, which would faithfully voice each @ simply as "AT" In the tuning, we sure laughed a lot (and swore) @ all the @ @ @, and we still n@ter at each other "AT AT, AT-AT-AT" for lev@y. Meanwhile .. my theory is th@ one of the writers of "Mars @tacks!" must have also run flaky OCR output through TextToSpeech and those creepy aliens' eery language was h@ched ! I pointed out to Walter that one of the sc@ological folk-names for the "@"-sign was dog[poop], and I pointed out further that we can 'train' the TextToSpeech to pronounce @ any way we wish. Walter cog@ated a bit, and declined the enhancement. Just as well, for soon, email was everywhere, and his system might have voiced: " EmailName DOG[POOP] email.com "

1 0

The O'Reilly Animals
by Trevor Cordes 24 Feb '16

24 Feb '16

The O'Reilly Animals An Adult Coloring Book http://shop.oreilly.com/product/0636920050223.do?sortby=publicationDate# !!!

2 1

SpamAssassin false positives on DATE_IN_FUTURE_96_Q?
by Gilbert E. Detillieux 23 Feb '16

23 Feb '16

I mentioned this problem at the last round-table session, but didn't get a solution, so I thought I'd post it here, just in case anyone has any suggestions to offer. I'm still seeing a whole bunch of false positives in SpamAssassin, since an update was installed in mid-September on a CentOS 5.7 system, for a rule called DATE_IN_FUTURE_96_Q, which is only supposed to be triggered when the "Date:" header has a date that is 4 days to 4 month ahead of the date in the "Received" header that has the _smallest_ difference in date. Here are the headers from the latest e-mail I've received with this false-positive. (I've stripped out irrelevant headers, for the sake of clarity and simplicity.) From topfivestories(a)messagent.itworldcanada.com Mon Nov 14 07:50:13 2011 Received: from mail.messagent.itworldcanada.com (mail.messagent.itworldcanada.com [207.112.10.80]) by palladium.cs.umanitoba.ca (8.13.8/8.13.8) with SMTP id pAEDoAxV028594 for <gedetil(a)cs.umanitoba.ca>; Mon, 14 Nov 2011 07:50:12 -0600 Date: Mon, 14 Nov 2011 08:50:13 -0500 X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,DATE_IN_FUTURE_96_Q, HTML_MESSAGE,RP_MATCHES_RCVD autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on palladium.cs.umanitoba.ca Note that I'm calling spamd via the spamass-milter on a system running sendmail. Note also, that in the above example, the only "Received" header was the one generated by my own server. (I've had other false positives, however, with multiple "Received" headers, all of which were within seconds of the time in the "Date" header.) Any ideas? -- Gilbert E. Detillieux E-mail: <gedetil(a)muug.mb.ca> Manitoba UNIX User Group Web: http://www.muug.mb.ca/ PO Box 130 St-Boniface Phone: (204)474-8161 Winnipeg MB CANADA R2H 3B4 Fax: (204)474-7609

6 11

Yesterdays Slides
by Wyatt Zacharias 23 Feb '16

23 Feb '16

If anyone would like to download the slides from last nights meetings they are available in pptx and pdf formats at the links below. http://muug.mb.ca/meetings/WirelessTheoryandRegulations.pdf http://muug.mb.ca/meetings/WirelessTheoryandRegulations.pptx -- Wyatt Zacharias

6 10

partial PS use?
by Trevor Cordes 17 Feb '16

17 Feb '16

Is it possible to use a standard AT (old style) computer power supply just for its +5v out? I have a project and I just need 5v with a beefy amount of amps, and I have lots of AT PS's around that would fit the bill, but I'm wondering if running a computer PS just for its 5v line might damage it somehow? There would be no load on the 12v (and other) lines. Anything I should worry about? Thanks!

6 14

a tool for building many related SRPMs?
by Grigory Shamov 17 Feb '16

17 Feb '16

Hi All, Do you know if there is there a lightweight, more or less distro-agnostic (to work on CentOS 6 without big modifications to the system) tool to build a bunch of inter-dependent RPMs from source RPMS? Something like AUR on Arch but for RPMs? Thanks! -- Grigory Shamov Westgrid/ComputeCanada Site Lead University of Manitoba E2-588 EITC Building, (204) 474-9625

2 1

is a font free?
by Trevor Cordes 14 Feb '16

14 Feb '16

Is there a way to tell if a font is free? A designer gave me some fonts that their web page should use (css font-face src) but I have no idea if these files are free or not. One of the fonts is Myriad Pro Regular. From the net I can see it's easy to download, but that doesn't mean anything. Wikipedia says it's included with Adobe stuff, but that doesn't mean it's free. a) Does anyone know if this font is free for anyone to embed in their web site? b) Is there a generic way to tell if a font is free or not? c) Does anyone care? (My use scenario puts it on an important (read: sue-able) enterprise web site, so I may have to care a bit more than Joe Shmoe might.) Thanks!

3 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

Roundtable February 2016