sofistes.net

Moving the blogAbout sofistes

Posted by Marko Poutiainen Thursday, May 14 2009 15:34:25

Since it looks this blogging system at one.com isn't improving at all, I moved my blog to blogger.net. The new blog can be found at http://sofistes.blogspot.com/. I'll move some of these entries there.

Hidden secrets of gitAll sorts of geeky stuff

Posted by Marko Poutiainen Thursday, May 14 2009 14:58:25

This caused a bit of a headache. This is the scenario:

In repo 1:
- Edit some stuff,
- git commit,
- git tag -a,
- git push --tags.

In repo 2:
- git pull --tags,

-> The changes from the edit are visible.

This definitely isn't clear from the documentation:

--cut--

--tags

All refs under $GIT_DIR/refs/tags are pushed, in addition to refspecs explicitly listed on the command line.

--cut--

But very cool, neverthless. This means it's not possible to accidentally only push the tags and not the changes associated with them.

On the EdgeRest of the Web

Posted by Marko Poutiainen Friday, May 08 2009 12:58:58

I wrote a review of Brian Bagnall's brilliant On the Edge: The Spectacular Rise and Fall of Commodore to Librarything.

Using signed tags with gitAll sorts of geeky stuff

Posted by Marko Poutiainen Thursday, May 07 2009 17:09:27

Another thing I tried out with git was signing tags with gpg keys. Things would have been a lot easier if I knew more of git or gpg - I'm not yet too familiar with either. Obviously I have used encryption with emails before, but since this has been with Outlook, the whole thing works a little bit differently (the interface for key ring handling is in Outlook).

So here's how you can do it:

1. The user creates a gpg key with gpg --gen-key.
2. Then he exports the public key with gpg --armor --export user@email.com > mypk
3. He sends the public key file to you for you to save it in the git user's keyring (assuming you are using gitosis). You then import it with gpg --import mypk. It might also be a good idea to sign this key with gpg --edit-key user@email.com.
4. Next you need to add the verification somewhere in the git hooks, pre-receive might be the best bet. Checking the validity is done with git tag -v "tag_id". The code could be something like (I haven't done this yet myself):

#!/bin/perl
while(<>)
{
m/(.+) (.+) refs\/tags\/(.+)/;
my $ret = open(FH, "-|", "git-tag", "-v", $3);
while(<FH>)
{
# Check that output shows the signature is good
}

And hey presto! You have just made sure that your system only accepts tags signed by people you have accepted.

Improved security with git and gitosisAll sorts of geeky stuff

Posted by Marko Poutiainen Thursday, May 07 2009 16:44:26

So, I started working on Linux and one of my first tasks has been to learn to use git, the open source version control system used by, among others, Linus Torvalds. I'm familiar with a number of SCM systems but git has quite a lot of new stuff for me. I also installed gitosis for added security. Gitosis removes the need to create user accounts for everyone who needs to read or write to the repository, which improves security a lot. Setting it up had it's small quirks which meant I couldn't use the otherwise excellent guides to the point. But I did get there eventually.

Anyways, what I wanted to do was to check that the user is who he says. By simply saying "git config user.email=whoever@whatever.com && git config user.name=Mr. Fake" a user can hide his identity - in practice allowing him to add what he wants to the repository as long as he has write access. Also, there is no extra security for anything else. For instance if you have conditional hooks in your git repository, you can't just the user id for access rights.

The solution is to use gitosis and check that the user really is who he says he is. I already asked this question in stackoverflow and then ended up solving the problem myself. The solution requires fixing gitosis, reinstalling it and the adding a pre-receive hook to the git repository. Not overly complicated, but hopefully someone could add that fix to the "official" gitosis code as well.

This solution verifies that the user email address used to create the ssh key for gitosis matches the address the user is using which should be pretty secure. This way the repository history is correct and the culprits can always be tracked down.

New DVD collectionOther content in sofistes.net

Posted by Marko Poutiainen Wednesday, December 03 2008 15:13:29

I changed the DVD web interface to phpmyprofiler, because the older interface isn't updated any more. This looks a lot nicer than the old one and has some nifty features. Setting this up wasn't much of a task, either. Have a look at the actor pages, for instance.

Here's the collection, it now includes Mari's DVD's as well.

CrackdownRest of the Web

Posted by Marko Poutiainen Friday, February 29 2008 20:18:55

I wrote a review of Crackdown for XBox360 to MobyGames. Good game, especially when playing on a console.

Speaking of games, yahtzee's Zero Punctuation column at the Escapist Magazine is by far my favourite games reviewer. Maybe not the most accurate or punctual or factual of them, but definitely the funniest. He also manages to find the actual problems and strenghts of the games he reviews.

Free RiceRest of the Web

Posted by Marko Poutiainen Saturday, November 24 2007 14:08:34

Funny how simple ideas can be so interesting. Like guessing the meaning of words and making a miniscule donation every time you get one right.

Blog imageFree Rice is just that. Every time you know the meaning of an English word right, the organisation donates 10 grains of rice to the developing countries. Doesn't sound that much, does it? But just yesterday the total was about 150,000,000 grains of rice - that's in one day. Total number is now close to 3,5 billion grains, which is quite a lot considering the site opened October 7th.

The game is surprisingly addictive because it adapts to your level, so it's not just random numbers, rather it pushes you to your limit all the time.

Here's how it works: First you get a few random words. Your result with these define roughly your level. Levels are simply decided by how many people get each word right, so the fewer know a word, the higher it's level. Every time you get a word wrong, your level drops by one. If you get three consecutive words right, you rise a level.

My level seems to be about 30, fluctuating between 26 and 35. The only gripe I have about this site is it doesn't "remember" you between sessions, so you can't see you totals. Apart from that this is a great way of having fun, learning AND donating something to the poor. Not a bad effort at all.