Category: Tips

Quickly Exiting Insert Mode in Vim

Changing from insert mode to normal mode is usually quick. The other direction is more cumbersome. You either have to reach for the Escape key or use Ctrl-[ (which I never got used to).

After seeing a blog post suggesting mapping jk to exit insert mode, I was inspired to create my own mapping. I chose kj because it’s faster to type, as typing inward is faster than outward (you can check for yourself by tapping your fingers on your desk). To use it, add the following to your .vimrc:

:inoremap kj <ESC>

Now, whenever you are in insert mode, quickly typing kj will exit insert mode. It will introduce a short pause after typing k, but this is only a visual one, so it doesn’t actually slow you down. kj is one of the rarest bigrams in English, so you’ll almost never have to actually type it inside a text, but if you do, just wait a bit after typing k before typing the j.

After writing this post, I came across a Vim Wiki page listing all kinds of ways to avoid the Escape key.

I’ve recently published my vimrc; take a look – it might give you ideas for other neat tricks.

Binary Downloads Are Back on GitHub

Eight months after dropping support for binary downloads, GitHub re-enabled them and calls them Releases. It’s a welcome move, which in my opinion is vital, as offering binary releases is crucial for any project in a compiled language that targets end users (as opposed to developers). Plainly put, when a user wants to download and use some software, he doesn’t want to mess with compilation issues and dependencies. Unless, of course, he is a Gentoo user, and then he’s probably more of a developer than a regular user.

The new GitHub releases have a nice feature that allows, actually requires, you to tag your release in version control. That’s something I haven’t seen in other project hosting services, and it looks really positive. However, they still lack a basic feature SourceForge has had for years: download stats. It’s really nice to be able to know how many people downloaded each release of your project. Even a plain download counter will do; you don’t need the full-blown download stats SourceForge has. I really look forward to and hope that GitHub will implement this.

Downloading Audio/Songs from YouTube

Sometimes you come across a video on YouTube and you want to save its audio. Originally, I thought it would take some searching for the actual URL of the FLV source, then downloading it using wget, and finally converting it using ffmpeg. But luckily for me, it turns out there is a much simpler way to do so: youtube-dl is a small Python script that does it all. It will download and extract the audio from a YouTube video without any hassle.

Installation is quick via pip:

$ pip install --user youtube_dl

Note that there is an underscore there instead of a hyphen. youtube-dl is also available in Ubuntu’s repository; however, the version there is too old and didn’t work for me. The --user flag tells pip to install it for the current user (I just don’t like installing unnecessary things as root :-)). Now all you have to do is:

$ youtube-dl --extract-audio http://www.youtube.com/watch?v=XXXXXXXXXX

All that is left is to fix the metadata tags of the file to the correct values with your favorite player.

Mozilla Persona

I came across Mozilla Persona today. It’s a Single Sign-On (SSO) system that is similar to OpenID. While it looks like there is no need for yet another SSO, it does have some promising features compared to OpenID, and especially OpenID provided by “Big Players” like Google and Facebook (actually, Facebook doesn’t provide OpenID but a similarly working Facebook Connect).

The one main benefit is privacy. The first kind of privacy is related to the provider. In OpenID, the provider knows exactly where you’ve logged in to. For example, if I want to use my Google account as an OpenID to sign in to a gardening forum, Google will know that I’ve signed up there, and they will get notified every time I sign in. Persona, on the other hand, seems to sidestep this issue. After registering with a Persona provider (Mozilla offers one), the provider gives the user a cryptographically signed token, which he can present to sites he signs in to. The site can verify the validity of the certificate without telling the provider which user it wishes to validate.

Another aspect of privacy provided by Persona is how easy it is to create alter egos (and thus keep our anonymity on the net). Facebook and other OpenID-like providers require extensive personal information and have a real-name policy (which, in case of violation, can result in a blocked account). Persona, by allowing you to register with any email address (think about Mailinator), allows you to create these anonymous personas. It also allows you more control over the kind of profile information it shares with providers.

There is one last remaining issue, which still concerns me. If you use an OpenID provider, such as Google, and it decides to block your account, then you lose access to all those places you authenticated to using that account. This can be worked around by setting up your own OpenID provider, but that’s not simple. I’m not sure if Persona offers an easier way around it.

Overall, Persona looks very promising as an alternative to OpenID. If anyone has real experience with it, I would love to hear.

Dealing with Spam – Follow-up

In the beginning of June, I wrote about the rising number of spam missed by Akismet. The main issue was a noticeable increase in the number of spam messages that get through Akismet, which is kind of the de-facto spam filter for WordPress. Twice a day, on average, I had to manually mark comments as spam, which really got under my skin. After writing that post, I looked at a number of solutions.
Continue reading Dealing with Spam – Follow-up

Something gone wrong with Akismet?

Akismet is a great spam-filtering service for WordPress that did wonders for my blog. Actually, it’s quite generic and can be used with any commenting service, for example with Trac (I used this for Open Yahtzee’s Trac before reverting back to SourceForge’s new ticket system). For a long time, Akismet allowed me to blog without worrying much about spam, as it hardly missed any – usually fewer than 5 spam messages a month. But something went wrong in the last three months, as can be seen in this chart:

spam_chart

As you can see, the number of missed spam messages increased rapidly from February to May (more than 15-fold), while the number of overall spam messages decreased. I have to manually mark the missed spam, and I really can’t say why some of them are missed. They are as spammy as always and surely not unique in any sense.

Although it’s not a deluge of missed spam, I really don’t like dealing with it, so I am considering adding CAPTCHA to supplement Akismet. This will also help with my backups, because Akismet keeps all the spam messages it flags for 15 days, which means that unfortunately I back up more than 20,000 spam messages each week (hopefully, one day I’ll find a good use for them).

Has something gone wrong with Akismet? Do you experience the same problems?

Securing Access to phpMyAdmin on Lighttpd via SSH

phpMyAdmin lets you easily manage your MySQL databases, and as such it also presents a security risk. Logging in to phpMyAdmin is done using a username and password for the database. Hence, if someone is able to either eavesdrop or guess them by brute force, they could wreak havoc on your server.

A possible solution to the eavesdropping problem is to use SSL to secure communication to phpMyAdmin. However, SSL certificates don’t provide any method to stop brute-forcing. To prevent brute-force attempts, you could limit access to your IP address. However, most of us don’t have static IPs at home. The solution I came up with kind of combines both approaches.

Instead of using SSL to encrypt the data sent, I’m using SSH, and instead of limiting access to my IP address, I’ll limit access to the server’s IP address. How will it work? First, we start by editing the phpMyAdmin configuration for lighttpd. This usually resides in /etc/lighttpd/conf-enabled/50-phpmyadmin.conf. At the top of the file you’ll find the following lines:

alias.url += (
        "/phpmyadmin" => "/usr/share/phpmyadmin",
)

These lines define the mapping to the phpMyAdmin installation; without them, phpMyAdmin wouldn’t be accessible. We use lighttpd’s conditional configuration to limit who is able to use that mapping by changing the above lines to:

$HTTP["remoteip"] == "85.25.120.32" {
        alias.url += (
                "/phpmyadmin" => "/usr/share/phpmyadmin",
        )
}

This limits access to phpMyAdmin only to clients whose IP is the server’s IP (of course you’ll need to change that IP to your server’s IP). This curtails any brute-force attempts, as only someone trying to access phpMyAdmin from the server itself will succeed.

But how can we “impersonate” the server’s IP when we connect from home? The easiest solution would be to use the SOCKS proxy provided by SSH.

ssh user@server.com -D 1080

This will set up a SOCKS proxy on port 1080 (locally) that will tunnel traffic through your server. The next step is to instruct your browser or OS to use that proxy (in Firefox it can be done via Preferences->Advanced->Network->Connection Settings; it can also be defined globally via Network Settings->Network Proxy under GNOME). This achieves both of our goals. We are now able to connect to the server while using its own IP, and our connection to the server is encrypted using SSH.

This method can be used to secure all kinds of sensitive applications. We could have achieved the same thing by using a VPN, but it’s more hassle to set up compared to SSH, which is available on any server.

Incremental WordPress Backups using Duply (Duplicity)

This post outlines how to create encrypted incremental backups for WordPress using duplicity and duply. The general method, as you will see, is pretty generic, and I’ve been using it successfully to back up Django sites and MediaWiki installations as well. You can use this method to make secure backups to almost any kind of service imaginable: ftp, sftp, Amazon S3, rsync, Rackspace Open Cloud, Ubuntu One, Google Drive, and whatever else you can think of (as long as the duplicity folks implemented it :-)). If you prefer a simpler solution, and don’t care about incremental or encrypted backups, see my Improved FTP Backup for WordPress or my WordPress Backup to Amazon S3 Script.
Continue reading Incremental WordPress Backups using Duply (Duplicity)

Manually Install SSL Certificate in Android Jelly Bean

Apparently it’s pretty easy, but there are some pitfalls. The first step is to export the certificate as a DER-encoded X.509 certificate. This can be done using Firefox (on a PC) by clicking the SSL lock icon in the address bar, then More Information -> View Certificate -> Details -> Export. The exported certificate needs to be saved in the root directory of the phone’s internal storage, with a *.cer extension (or *.crt). Other extensions will not work.

Afterward, on the phone, click on “Install from device storage” under Settings -> Security -> Credential Storage. If you did everything correctly in the previous step, it will display the certificate name and ask you to confirm its installation. If you’ve exported the certificate in the wrong format, given it the wrong extension, or placed it somewhere other than the root of the internal storage, it will display the following error:

No certificate file found in USB storage

If you see it, just make sure you are exporting the certificate correctly and saving it in the right place.

More details: Work with certificates (geared toward the Galaxy Nexus, but should apply to any Android 4.0 and above).

Updated Aug 2015: Fixed a broken link.

GitHub Stops Offering Binary Downloads

Only a few months ago, almost anyone would swear by GitHub and curse SourceForge. GitHub was (and probably still) the fastest-growing and by now the largest code repository, while SourceForge was the overthrown king. SourceForge looks like an archaic service despite some major facelifts, while GitHub is the cool kid on the block. Recently, GitHub showed us why SourceForge is still relevant for the open-source community.

Back in December, GitHub dropped support for downloading files from outside the code repository. They say that they believe code should be distributed directly from the git repository. This is probably fine for projects written in dynamic languages (such as python, ruby, javascript), where no binary distribution is expected. However, this seems to me like a blow to any GitHub-hosted C/C++ project. No one expects lay users to compile projects directly from source; it’s a hassle for most people except developers (and possibly Gentoo users :-)).

It might be a good idea on GitHub’s part, as they promote themselves as a developer collaboration tool, and also most of their projects are indeed in dynamic languages (see the top languages statistics). The GitHub team offers two solutions in their post: uploading files to Amazon S3 and switching to SourceForge, and I’ve read at least a few people recommending putting binary releases in the git repository (bad idea).

Overall, I think this move by GitHub just turned SourceForge into the best code repository (for compiled code) once again.