About sofistesPosted by Marko Poutiainen Thursday, May 14 2009 15:34:25Since it looks this blogging system at one.com isn't improving at all, I moved my blog to blogger.net. The new blog can be found at
http://sofistes.blogspot.com/. I'll move some of these entries there.
All sorts of geeky stuffPosted by Marko Poutiainen Thursday, May 14 2009 14:58:25This caused a bit of a headache. This is the scenario:
In repo 1:
- Edit some stuff,
- git commit,
- git tag -a,
- git push --tags.
In repo 2:
- git pull --tags,
-> The changes from the edit are visible.
This definitely isn't clear from the
documentation:
--cut--
--tags
All refs under $GIT_DIR/refs/tags are pushed, in
addition to refspecs explicitly listed on the command
line.
--cut--
But very cool, neverthless. This means it's not possible to accidentally only push the tags and not the changes associated with them.
Rest of the WebPosted by Marko Poutiainen Friday, May 08 2009 12:58:58I wrote a
review of Brian Bagnall's brilliant
On the Edge: The Spectacular Rise and Fall of Commodore to
Librarything.
All sorts of geeky stuffPosted by Marko Poutiainen Thursday, May 07 2009 17:09:27Another thing I tried out with git was signing tags with gpg keys. Things would have been a lot easier if I knew more of git or gpg - I'm not yet too familiar with either. Obviously I have used encryption with emails before, but since this has been with Outlook, the whole thing works a little bit differently (the interface for key ring handling is in Outlook).
So here's how you can do it:
1. The user creates a gpg key with
gpg --gen-key.
2. Then he exports the public key with
gpg --armor --export user@email.com > mypk
3. He sends the public key file to you for you to save it in the git user's keyring (assuming you are using gitosis). You then import it with
gpg --import mypk. It might also be a good idea to sign this key with
gpg --edit-key user@email.com.4. Next you need to add the verification somewhere in the git hooks, pre-receive might be the best bet. Checking the validity is done with
git tag -v "tag_id". The code could be something like (I haven't done this yet myself):
#!/bin/perl
while(<>)
{
m/(.+) (.+) refs\/tags\/(.+)/;
my $ret = open(FH, "-|", "git-tag", "-v", $3);
while(<FH>)
{
# Check that output shows the signature is good
}
And hey presto! You have just made sure that your system only accepts tags signed by people you have accepted.
All sorts of geeky stuffPosted by Marko Poutiainen Thursday, May 07 2009 16:44:26So, I started working on Linux and one of my first tasks has been to learn to use
git, the open source version control system used by, among others, Linus Torvalds. I'm familiar with a number of SCM systems but git has quite a lot of new stuff for me. I also installed
gitosis for added security. Gitosis removes the need to create user accounts for everyone who needs to read or write to the repository, which improves security a lot. Setting it up had it's small quirks which meant I couldn't use the otherwise
excellent guides to the point. But I did get there eventually.
Anyways, what I wanted to do was to check that the user is who he says. By simply saying "git config user.email=whoever@whatever.com && git config user.name=Mr. Fake" a user can hide his identity - in practice allowing him to add what he wants to the repository as long as he has write access. Also, there is no extra security for anything else. For instance if you have conditional hooks in your git repository, you can't just the user id for access rights.
The solution is to use gitosis and check that the user really is who he says he is. I already asked this question in
stackoverflow and then ended up
solving the problem myself. The solution requires fixing gitosis, reinstalling it and the adding a pre-receive hook to the git repository. Not overly complicated, but hopefully someone could add that fix to the "official" gitosis code as well.
This solution verifies that the user email address used to create the ssh key for gitosis matches the address the user is using which should be pretty secure. This way the repository history is correct and the culprits can always be tracked down.
Other content in sofistes.netPosted by Marko Poutiainen Wednesday, December 03 2008 15:13:29I changed the DVD web interface to
phpmyprofiler, because the older interface isn't updated any more. This looks a lot nicer than the old one and has some nifty features. Setting this up wasn't much of a task, either. Have a look at the actor pages, for instance.
Here's the
collection, it now includes Mari's DVD's as well.
Rest of the WebPosted by Marko Poutiainen Friday, February 29 2008 20:18:55I wrote a review of Crackdown for XBox360 to MobyGames. Good game, especially when playing on a console.
Speaking of games, yahtzee's Zero Punctuation column at the Escapist Magazine is by far my favourite games reviewer. Maybe not the most accurate or punctual or factual of them, but definitely the funniest. He also manages to find the actual problems and strenghts of the games he reviews.
Rest of the WebPosted by Marko Poutiainen Saturday, November 24 2007 14:08:34Funny how simple ideas can be so interesting. Like guessing the meaning of words and making a miniscule donation every time you get one right.
Free Rice is just that. Every time you know the meaning of an English word right, the organisation donates 10 grains of rice to the developing countries. Doesn't sound that much, does it? But just yesterday the total was about 150,000,000 grains of rice - that's in one day. Total number is now close to 3,5 billion grains, which is quite a lot considering the site opened October 7th.
The game is surprisingly addictive because it adapts to your level, so it's not just random numbers, rather it pushes you to your limit all the time.
Here's how it works: First you get a few random words. Your result with these define roughly your level. Levels are simply decided by how many people get each word right, so the fewer know a word, the higher it's level. Every time you get a word wrong, your level drops by one. If you get three consecutive words right, you rise a level.
My level seems to be about 30, fluctuating between 26 and 35. The only gripe I have about this site is it doesn't "remember" you between sessions, so you can't see you totals. Apart from that this is a great way of having fun, learning AND donating something to the poor. Not a bad effort at all.

Choose image for share content |
---|
|