Running Google MusicManager for two profiles

I’ve previously made mention of my addiction to Google Play Music… but I was called out recently, and asked about the script I used at the time. I’m sorry to say that I have had some issues with it, and instead, have resorted to using X forwarding. Here’s how I do it.

I create a user account for that other person (note, GMM will only let you upload to 3 accounts using this method. For any more, you’ll need a virtual machine!).

I then create an SSH public/private key with no passphrase.

ssh-keygen -b 2048 -N “” -C “$(whoami)@localhost” -f ~/.ssh/gmm.id_rsa

I write the public key into that new user’s .ssh/authorized_keys, by running:

ssh-copy-id -i ~/.ssh/gmm.id_rsa bloggsf@localhost

I will be prompted for the password of that account.

Finally, I create this script:

This is then added to the startup tasks of my headless-but-running-a-desktop machine.

One to install: Gist (a Ruby Script)

Found this over the past week trying to find somewhere to ship some logs to raise a bug on Vagrant (which I then couldn’t duplicate…. anyway!)

http://defunkt.io/gist/

On Ubuntu, make sure you have ruby installed

sudo apt install ruby

Then install the gem package

sudo -H gem install gist

Once this is done, you can then call it like this

YourCommand | gist               # Put the output of your command into a new anonymous gist
YourCommand | gist -f output.log # Name the file you uploaded "output.log"
YourCommand | gist -d 'Your Desc'# Set a description on the gist
gist yourscript.sh -p            # Upload yourscript.sh to gist, mark it "private"

You can also login, and all the commands above then get put in your gist tree (mine is https://gist.github.com/jontheniceguy) instead of an anonymous path. To login, do this:

gist --login

If you want to force the fact your gist will be anonymous once you’ve logged in? Do this:

gist -a yourscript.sh

 

 

What to do when your Facebook account gets hacked?

Hello! Congratulations, you’ve been hacked! Oh, OK, that’s probably not how it feels, right?

You’ve probably just had a message from someone to say that your account has been messaging loads of people, or that there is stuff on your timeline that … well, you didn’t put there.

It’s OK. It happens to a LOT of people, because Facebook is a very clear target. Many many people spend large quantities of their life scrolling through the content on there, so it’s bound to be a target, and for some reason, they found your account.

What happened?

So, first of all, let’s address how this probably happened.

  1. Most common: Someone found your password. I’ll cover how this could have happened in a bit – under where it says “Passwords – Something you know” below.
  2. Less common, but still frequent: Someone convinced you (using “Social Engineering” – again, I’ll explain this in a bit) to let them log in as you.
  3. A bit of a stretch, but it does happen occasionally: An application, service, or website you use that is allowed to use Facebook on your behalf, got compromised, and that system is using it’s permissions to use your account to post stuff “as you”.
  4. Someone got into your email account (because of one of the above things) and then asked for a password reset on your Facebook account.

Fixing the problem.

It’s easier to do this from the Facebook website, but you can probably still do all this lot from a mobile device.

Let’s solve the first two. Go into the Facebook Security Settings page, where you should change your password and boot off any sessions that aren’t YOU right now (don’t worry if there’s LOADS there – if you’ve used your phone somewhere that’s not where you are now, Facebook stores it as a new session). You can always log back into those other sessions later if you need to.

The third one can be a bit time consuming: kicking off apps you don’t use (mine was like walking into a museum!). Head into the Facebook Apps Settings page, and start clicking the X buttons to remove the apps you don’t use. Every now and then you might get a message saying that there was an error removing one of those apps. It’s fine, just give it a second and then try again. If someone has got into your account because of one of the first two, it’s probably worth checking this part anyway just in case they did something else to your account than just sending spam…

You might also want to check out your timeline, and remove the messages you sent (if they were posted to your timeline) or contact people who have been messaged to let them know you lost control of your account.

If someone got into your email and started resetting passwords then you’ve got a much worse problem, and I can’t really go into it here, but, it’s probably best to say that if they were just after your Facebook account, you were REALLY lucky. Your email account typically has the ultimate reset code for *EVERY* account password, so it’s probably best to make sure that what I’m saying about Facebook is also true for your email provider!

Making it less likely to happen again in the future.

Passwords – “Something you know”

If you’ve done the above, but you’ve picked a password you’ve used somewhere else before, then you’re kinda setting yourself up for this to happen to you again in the future.

You see, the way that most of these attacks happen is by someone getting hold of a password you’ve used on a less secure site, and then tried logging into your Facebook account with that password they’ve snaffled. Want to see how likely this is? Visit Have I Been Pwned and see if your details are in there (the chances are very very very high!) and you’ll see websites who have been breached in the past and had your details taken from there… and this is just “the ones we know about” – who knows how many other websites have been breached and we don’t know about!

You can prevent this by not using the same password everywhere. I know. It’s hard to think of a new password every time you come to a new website, and how will you remember that password the next time you get there? Well, fortunately, there’s a solution to this one – a password manager. It’s an application for your laptops, desktops and mobile devices that stores your password for you, and tells you about them when you go to login to a website.

What’s more, that password manager can create passwords for you, not like “BobIsMyBestFriend1988” but more like “za{UHCtqi3<6mC_j6TblSk3hwS” (which, unless you’re some kind of savant, you’ll never remember that)…. and then tell you about that in the future. So now, you only need to remember one password to get into the password manager, and it will tell you about everything else! So, that helps!

There are two ways to do this – run an add-on in your web browser and on your mobile devices which synchronises everything to the cloud for you, or run a separate app and synchronise those passwords yourself. Personally, as I’m a bit geeky, I’m happy doing the second, but most people reading this are probably going to want someone else to sort out the synchronising.

Second Factor: “Something you have”

What if you accidentally gave your password to someone? Or if you went to a website that wasn’t actually the right page and put your password in there by mistake? Falling prey to this when it’s done on purpose is known as social engineering or phishing, and means that someone else has your password to get into your account.

To reduce the impact of something like this, we can force someone logging in to use a “second factor” – something you have, rather than something you know, sometimes referred to as “Two Factor” or “2FA”. You might already use something like this at work – either a card with a chip on it (called a “Smartcard”), a device you plug into the USB port on your computer, or a keyring style device with numbers on. Or… you might have an app on your phone.

If you want to set this up on Facebook, you’ll need to enable it. Take a look at their help page about this!

(And if you want to know about securing your email account, check out the “Docs” column on this site for instructions about many email providers)

Game Review – Kingdomino

Today saw a new game added to our collection – Kingdomino by Blue Orange.

In Kingdomino, you play the ruler of a single square of land, and each turn you compete with the other players to select which piece you get to play into your kingdom next. Each piece has a value on it’s back ranging between 1 and 48, with the lower rated pieces having less chance of increasing the value of your kingdom, and the higher value pieces (complete with crowns) helping each patch score more points.

The game is pretty quick to pick up (match at least one side of your tile with another piece you’ve played already, maximum board size of a 5×5 grid, the crowns offer a way to score points, multiplied by the size of the patch of same-land-types) and easy enough to play that my 3-year-old managed it. Two determined adults (Jules and I) got through two games in 30 minutes. The kids took a little longer (but not by much).

Make sure you have something to tot up the scores at the end though!

Podcast Summary – The Ubuntu Podcast, S10E26

In two weeks I have appeared in three podcasts, and this is the third!

I was asked to participate in The Ubuntu Podcast – S10E26 – Endurable Wiry Bird because of my organisational involvement in the most recent OggCamp. I also mention a VPN product I think is useful for protecting yourself on public WiFi, and I mention my struggles with “Bash on Ubuntu for Windows” (symlinks of directories and FUSE filesystems). My wonderful and constructive wife said that I wasn’t very good at being interviewed (I kept having to be dragged back to talking to “normal people” level), but that it sounded like a professional radio show.

I really enjoy being on all these podcasts… I just wish I was a better guest on them!

Weird technical note: I have recently taken to recording the feeds from two separate microphones and submitting them both to the podcast for mixing purposes. On this occasion that back-fired… The “better” microphone picked up the other people in the audio from the “more rubbish” communications headset I use at work, that we were using to have the conference call. Fortunately, I’d recorded the audio from that too, as that had removed (or, more likely, never picked up) the audio from the other parties on the call… So next time, I need to either use better in-ear headphones for that, it just stick with the comms headset, and hope for the best!

Podcast Summary – Admin Admin Podcast #58

Less than two weeks after my last “Live” show with the podcast, I’m once again contributing to the show. This time, I’m covering for Jerry as a guest presenter on The Admin Admin Podcast – #58 The Correct Answer to the Microsoft Question? this time being a bit controversial for anyone who knows me… By defending Microsoft. I also mention using Ansible to automate server software deployments, and tried to work out how small IT firms work out when to get support contracts. I briefly mention kanban as a task tracking methodology and a specific implementation for MS Outlook.

The Admin Admin podcast is a really nice and broad ranged podcast by three guys who work in IT support at different levels of the support chain. I think, if you work in IT, it’s probably worth having a listen.

Podcast Summary – Admin Admin Podcast #57

I’m back again! I’m standing in (again) for Andy as a guest presenter on The Admin Admin Podcast episode #57- Live at OggCamp talking about getting Open Source products under support in a proprietary company. The “famous” Martin Wimpress stands in for Jerry.

As I said last time I was on there, the guys who host the Admin Admin podcast are a really nice, and cover a really great range of subjects about working as a server or network administrator. They have a chat room on Telegram, so if you’re interested in being an admin, it’s worth having a listen, and then maybe join the chat room!

Check Point Management API tips

I was very fortunate yesterday to spend some time with two Check Point engineering staff. Check Point make high-end firewall products that I’m using at work. During the conversation, I mentioned two issues I’ve had during automated builds of Checkpoint appliances…

  1. During the build process, I want to add lots of devices. In my build, however, I need to log in to the management API, and therefore hand into the clear-text userdata field the credentials for the user account – NOT GOOD! What I was told was that actually, you don’t need to operate like that! If you’re running commands on your manager, you can instead run the command in “root” mode to make it bypass any requests for authentication, and as an added “win” it publishes every change you make on exit too! Here’s how:mgmt_cli -r true add host name "New Host 1" ip-address "192.0.2.1"
  2. My other option was to make it so that we can finish our Ansible deployment of the OpenStack server, and then, once it was up and accessible… call out against the API. But how do you do this during the build? Well, you can run four commands against the server to allow remote access to the API, and then you should have access from all the same places your GUI client can access it from! Here’s how:mgmt_cli -r true login domain "System Data" > id.txt
    mgmt_cli -s id.txt set api-settings accepted-api-calls-from "all ip addresses that can be used for gui clients" automatic-start true
    mgmt_cli -s id.txt publish
    api restart

My sincere thanks to Javier and Uri for their guidance. For those wondering about those API calls – see these links: Using the -r flag and configuring the API for remote access.

Podcast Summary – Admin Admin Podcast #55

This week sees the publication of The Admin Admin Podcast episode #55 in which I guest present (and guest introduce!) about network infrastructure. I also answer some questions about using certbot (the free TLS certificate provider), about where to put script files on Linux and a bit about MTU (Message Transfer Units) – although that’s a bit outside my area of expertise, so if I got it wrong, let them know!

The guys who host the Admin Admin podcast are a really nice, and cover a really great range of subjects about working as a server or network administrator. They have a chat room on Telegram, so if you’re interested in being an admin, it’s worth having a listen, and then maybe join the chat room!

One to read: “SKIP grep, use AWK” / ”Awk Tutorial, part {1,2,3,4}”

Do you use this pattern in your sh/bash/zsh/etc-sh scripts?

cat somefile | grep 'some string' | awk '{print $2}'

If so, you can replace that as follows:

cat somefile | awk '/some string/ {print $2}'

Or how about this?

grep -v 'something' < somefile | awk '{print $0}'

Try this:

awk '! /something/ {print $0}' < somefile

Ooo OK, how about if you want to get all actions performed by users when the ISO formatted dates (Y-m-d) match the first day of the month, but where you don’t want to also match January (unless you’re talking about the first of January)…

# echo 'BLOGGSF 2001-01-23 SOME_ACTION' | awk '$2 ~ /-01$/ {print $1, $3}'
(EMPTY LINE)
# echo 'BLOGGSF 2002-02-01 SOME_ACTION' | awk '$2 ~ /-01$/ {print $1, $3}'
BLOGGSF SOME_ACTION

This is so cool! Thanks to the tutorials “SKIP grep, use AWK” and the follow-up tutorials starting here…