Category Archives: Geek

All things geek

Google Authenticator (and implementing it on Linux)

A few weeks ago Google brought their two-factor auth product, Google Authenticator, to the iPhone and Android devices.  (There may be other implementations they released, but those are all I’ve actually touched.)  Their immediate use for it was with your google accounts, specifically Google mail seemed to be their target. The day after it was released, I was lucky enough to have it turned on for my accounts and I’ve been using it since then.

Not that I’m an internet security expert, but it’s seems a pretty straight-forward software token implementation. On Google’s side, to seed the software on your smartphone, it uses a QR code. (I point this out as its one of the few uses of QR codes in the wild that I’ve seen that doesn’t make me want to vomit everywhere. For the record, the only other use of QR codes that I have condoned is @tcar using them to rickroll people.) They also give you a hand full of one time password codes for you to print out to keep in your wallet in case you are without your smartphone.

In practice with Google’s accounts, when you log in, you’re additionally asked for the current code.  At that time, you can choose to have google assume the machine you’re on is good for 30 days.  For a home or work machine that isn’t going anywhere, that’s probably safe, but I find myself not checking that box a lot.

The only downside is that any application you have that interacts with a Google service but can’t do a secondary form of authentication, such as an mail/IMAP client, you’ll need to set up “application-specific passwords.” These are passwords that application alone uses to get to your account that you can revoke at any time. Its not difficult, its just tedious as I ended up needing to create 10 different passwords due to the variety of applications I use that interact with Google.  However, now that they are set up, I don’t have to touch them again unless one of the passwords get compromised.

In any case, if you depend on some google services, and you have a smartphone, I highly recommend looking into this with your account.

After using Google Authenticator for a few days with google, I became aware of their project on google code. Besides having the code for the Android and Blackberry applications, it contains code for a PAM module. That really peaked my interest as I’ve always toyed with the idea of implementing two-factor auth at home and on the server I share with my friends, but there hasn’t really been a conveniently deployable way to do it.

Here’s where the linux part starts

There’s no code release for the PAM module yet, so you’ll need to check out a copy using Mercurial.  Once that’s downloaded, you want to make sure you have your PAM development libraries installed.  I also suggest (as the Google wiki’s page says) having libqrencode installed so the google-authenticator command line setup tool can spit a QR code out at you to more easily activate it in your smartphone.  Once those are there, its a pretty easy compile since the Google folks seem to be developing it on Linux. If you’re on another platform, your milage may vary.  I also see via a comment on the wiki page that someone made a Ubuntu ppa of it, so that might simplify matters as well.

By default, the PAM module is all or nothing, so either all your users need to be set up for two-factor auth or no one can be.  There is a patch that allows you to modify this behavior to ignore two-factor auth if it hasn’t been set up or not, which would work for a good transitory period. I haven’t implemented this yet, as its from a recent comment on the wiki page, but when I go to implement this on my shared server I’ll be making use of it.

On my ubuntu server, once the PAM module was installed, I just added the following line to /etc/pam.d/sshd after the existing “@include common-auth“:

auth required

Once that was added, I ran the google-authenticator command line tool to create the shared secret and control file for the two-factor authentication.  Once you run it you should see something like this:

Once you say yes to that question and capture the QR code with Google Authenticator on your smartphone, you’re bleepin’ golden.  (Yes, I dummied up an account to generate that, took the screenshot, and then erased that account.  I’m not completely dumb.)

One thing you might need to do is edit your sshd configuration to make sure that ChallengeResponseAuthentication is turned on.  This allows ssh to interactively do extra challenges as required by PAM.  By default this is off in Fedora and Ubuntu.

How are you doing it? Behind the scenes of my little photo project

Two weeks or so ago, in regards to my photo project, dannyman asked me how I was moving the photos and what I was doing in WordPress to make it all work. He also suggested it’d make a good blog post, which I agree. I’ve mentioned before about the cameras I have at my disposal, so this will be more about what I’m doing for post-processing and moving the files around.

This will be a long one, so I’m gonna put the break in here for you front page readers…
Continue reading How are you doing it? Behind the scenes of my little photo project

TiVo2Podcast update

It’s been a long time since I’ve put a new version of TiVo2Podcast out there for people to play with.  I’ve made a lot of changes and tightened things up alot.  There’s still a lot of things I want to do but haven’t gotten to, but I did finally put up a public git repository in case others wanted to join in the fun.

The major changes in this release:

  • Commercials are detected and chapters are added around them.
  • Added “clean up” functionality so that you can deleted unneeded files and the database and rss feeds can reflect that.
  • Increased the wait time for locating the tivo from 2 seconds to 5.
  • Fixed problem created by quotes in the show description.
  • Attempt to avoid re-encoding dupes by checking the program id.
  • Lost of behind the scenes refactoring.

The first item I consider a major enhancement, so I put it in italics.  To make that work, you’ll need to get wine, comskip, and build a helper app.  The documentation is in the hastily wrote README. (A reminder, this is intended for PERSONAL USE ONLY, do not set up podcast feeds and violate the ethics (and also the laws) of copyright left and right.)

As always, this has run daily for months and months on linux. It should work on other UNIXes just fine. On Windows, I have no idea.

Download: tivoscripts-20110123.tar.gz

Things that are fun, but shouldn’t be

The server that this blog lives on has switched in the past two hours.  I share a co-op box with 9 people, but I’m one of the two admins.  You know, I really get a kick out of admining still, which is probably a sign of mental illness.  But the admin fuel, er, beer helps.

In any case, this point was to share that something that shouldn’t at all be fun is, but also to test to see if the blog migrated okay. :)  If you notice anything weird, please let me know.  But if its broken, you probably can’t let me know, and i’ll live in blissful ignorance.

More than meets the eye!

Revoltech 019 Optimus Prime
Creative Commons License photo credit: jquiz

In news that disrupts major portions of my life, there’s this happening:

Robots in disguise will likely alter your commute for the next few days as filming for the third installment of the Transformers film franchise takes over the Magnificent Mile.

Michigan Avenue between Wacker Drive and Ontario Street will close Thursday night and will remain shut down through 5 a.m. on Monday, July 19.

But that’s okay, because that’s a pretty cool thing to have the filming of Transformers 3 in town.  Even cooler is what’s on Michigan Avenue between Wacker and Ontario:  my office.

Because I don’t intend to sit in the office all weekend, I’ve set up a web cam pointed down at the street.  On Friday I’ll aim it better, but for now, you can watch the traffic on Michigan Ave.

Free video chat by Ustream

Also, here’s a bonus photo of my buddy Chris with an Autobot he found in the loop last weekend. (Click for the full size.)

Addings chapters to an existing mp4/m4v file

In the process of working on my TiVo to Video Podcast stuff I finally got to the point where I wanted to do something about commercials.  The ideal solution would be callable from ruby or at least the command line so that it can be used in an automated manner.  After a few weeks or research and playing around I found a workable solution that required me writing some code.

Early on I made the design decision to put chapter markers in around the commercials rather than cut them out.  The main reason for this is “What if the detection is wrong?”  For a 30 minute show, you’d end up missing more than half it in a worse case scenario.  Since its easy to jump ahead to the next chapter on my iPhone and iPad this seemed like a good decision.

Here’s the three most important facts I learned in my research…

  1. Commercial detection: No question, comskip is the right tool to use here.  The downside is that by default its a windows-only command line tool.  It works perfectly under wine, so that mitigates it.  Right now I use it via wine, but the source is available, so in the long run it would be good to have a native linux binary to call.  Comskip creates a variety of output formats, so I picked one that seemed to be the easiest to work with.
  2. There is no good command line tool to add chapters to an existing mp4/m4v file: I dug around and found a lot of potential solutions, but the all were either not on linux, couldn’t take the resultant files that comskip spit out, or just not a good fit for what I was doing.
  3. The MP4v2 library had primitives for adding the chapters: From this point forward, it was just writing some code that did exactly what I wanted.

The code below expects three arguments: 1) The video file to work on, 2) The chapter file output from comskip in ZoomPlayer chapter format, 3) and the total length in seconds of the video file.  The last one I might be able to remove once I have more brain time to devote to this.

#include <fstream>
#include <string>
#include <boost/lexical_cast.hpp>
#include <boost/regex.hpp>
#include <mp4v2/mp4v2.h>
// Compile with something like: g++  AddChapterInfo.cpp -o AddChapterInfo -lmp4v2 -lboost_regex
int main(int argc, char *argv[])
    char *m4vfilename = argv[1];
    char *chapfilename = argv[2];
    uint32_t total_length = boost::lexical_cast<uint32_t>(argv[3]);
    std::ifstream chapfile(chapfilename);
    MP4FileHandle m4vfile = MP4Modify(m4vfilename);
    // Add the chapter track, have it reference the first track
    // (should be the video) and set the "clock ticks per second" to 1.
    // (We may want to set that to 1000 to go into milliseconds.)
    MP4TrackId chapter_track = MP4AddChapterTextTrack(m4vfile, 1, 1000);
    boost::regex chpre("^AddChapterBySecond\\((\\d+),");
    boost::smatch rem;
    std::string s;
    uint32_t last_time = 0;
    while (getline(chapfile, s))
        if (boost::regex_search(s, rem, chpre))
            uint32_t t = boost::lexical_cast<int>(rem[1]) * 1000;
            if (t > 0)
                MP4AddChapter(m4vfile, chapter_track, t - last_time);
                last_time = t;
    if (total_length - last_time > 0)
        MP4AddChapter(m4vfile, chapter_track, total_length - last_time);
    return 0;

I’ve been using this code for over two weeks straight and has been operating perfectly, but obviously this code could be made a lot more robust, especially in the areas of error handling. I’ve only run into issues when comskip guesses commercials wrong, which is only payoff for putting chapters in instead of nuking the commercials all together.

In the long run, I should either write and release a generic tool that helps the next poor sap like me or work on using swig bindings to mp4v2 so I could just do the calls in ruby.

Tivo2Podcast update

I’ve made a few updates since my last release a few weeks ago. I thought I’d toss an updated version out there.  What’s new in this version:

  • Duration is no longer hard-coded to 32:00 and actually reflects the duration of the show
  • The script will attempt to find the TiVo via Bonjour/mDNS/ZeroConf/DNS-SD/whatever unless passed a -t flag with the TiVo’s IP address. If you have more than one TiVo, it will go with the first one it finds.
  • Moved the stuff in lib to lib/tivo so the package is more easier sucked in by something like encap or stow

Download: tivoscripts-20100314.tar.gz

When I get some motivation later in the week, I’ll put the git archive online, incase anyone wants to clone it and do some development on it.

TiVo -> Video Podcast

Previously on “You can imagine where it goes from here”: We released a script to download stuff from the tivo, and then made some improvements to it.

After two years of saying I was going to fully automate the process of downloading and transcoding shows for my iPhone, I finally got off my ass and did it.  The script is called TiVo2Podcast and it not only does the downloading and transcoding, but it stuffs the resultant video into a an RSS feed for easy consumption/playback by a podcatcher such as iTunes. I’m now automatically getting the shows off my TiVo and onto my iPhone for easy commute-time consumption. (I commute by train, I do not recommend commute-time consumption if you are driving.)

The ruby script wraps tivodecode, HandbrakeCLI, and AtomicParsley and is intended to be run from cron.  I’ve tested this on Linux, but it should run on any UNIX-alike, but it won’t run on windows since I make liberal use of the system() call. Also, this is intended for PERSONAL USE ONLY, do not set up podcast feeds and violate the ethics (and also the laws) of copyright left and right.

This is a very early version and can certainly use some tweaks and enhancements, primarily in configuring the shows you want to capture.  Right now, configuration is in the form of doing INSERT statements in SQLite.  Not very friendly, but it gets the job done until I can make a quick and dirty question based TUI. Here’s an example of setting up getting the best fucking news team on the planet:

INSERT INTO configs (config_name, show_name, rss_filename, rss_link,
                     rss_baseurl, rss_ownername, rss_owneremail, ep_to_keep, encode_decomb)
            VALUES ('tds', 'The Daily Show', 'tds.xml', '', 
                    '', 'Keith T. Garner', '', 4, 1);

Download tivoscripts-20100304.tar.gz and let me know what you think. Make sure you read the README!

[Update 3/5: Forgot to add that all the code I wrote is under the Simplified BSD License, so have at it.]