LL       III  NNN  NN KK KK  EE      RR   RR RR   RR OO   OO RR   RR
LL       III  NN  NNN KK KK  EE      RR  RR  RR  RR  OO   OO RR  RR 

Here’s a branch which revamps the fluxbox tiling code and adds a new padding feature for tiled windows (aka ‘useless gaps’).

All of the old tiling mechanisms (ArrangeWindows, ArrangeWindowsVertical, ArrangeWindowsStackedLeft, etc,… ) were handled by one single monster function which became harder and harder to extend.

The solution I implemented is to have a separate command class for each tiling mechanism, which inherit a base class that takes care of most of the code shared by all tiling mechanisms.

You can configure the padding using

session.screen0.tiling.padding: 20

in your ~/.fluxbox/init file (The default is 10) (units are pixels)

fluxbox useless gaps screenshot

Branch can be found here: https://github.com/jnse/fluxbox/tree/feature/tiling_redone

New files:

Slightly changed files:

The commands are slightly renamed (they were kind of long), ~/.fluxbox/keys example:

Mod4 a :TileGrid (name!=tint2) (class!=Pidgin)
Mod4 Left :TileStackedLeft (name!=tint2) (class!=Pidgin)
Mod4 h :TileHorizontal (name!=tint2) (class!=Pidgin)
Mod4 v :TileVertical (name!=tint2) (class!=Pidgin)
Mod4 Right :TileStackedRight (name!=tint2) (class!=Pidgin)
Mod4 Up :TileStackedTop (name!=tint2) (class!=Pidgin)
Mod4 Down :TileStackedBottom (name!=tint2) (class!=Pidgin)

pixelstats trackingpixel


Looks like the good folks at fluxbox accepted my little patch:

There was also a bug with the arrange windows code on multihead systems that was fixed:

Many thanks to Mathias Gumz (ak|ra) for taking the time to test and merge the patch with the fluxbox code!

pixelstats trackingpixel


Worked on a little patch for fluxbox this weekend that allows for ‘stacked’ tiling.
With stacked tiling, I mean:

  • Divide the screen in half, and fill half the screen with the focused window.
  • Use the remainder of the space for tiling the rest of the windows

So you can place the main (big) window on the top, bottom, left, or right half of the screen.
This patch introduces 4 new Tiling mechanisms in fluxbox to accomplish this: ArrangeWindowsStackLeft, ArrangeWindowsStackRight, ArrangeWindowsStackTop, ArrangeWindowsStackBottom

It is a tiny bit different than traditional ‘stacked’ tiling, since traditionally only one column is used tiling the remainder of the windows, but I think I like dividing things up in multiple columns, for now. Maybe the next version will add an option for that. (it should be trivial as the existing fluxbox tiling mechanism allows for manipulation of the number of columns and rows)

Here is an example for what you can put in ~/.fluxbox/keys to assign keybindings to this new functionality:

Ctrl Alt Left  :ArrangeWindowsStackRight
Ctrl Alt Right :ArrangeWindowsStackLeft
Ctrl Alt Up    :ArrangeWindowsStackBottom
Ctrl Alt Down  :ArrangeWindowsStackTop

This will cause the ‘main’/big window to appear on top if you press ctrl-alt-uparrow, on the bottom if you press ctrl-alt-downarrow, etc,…
Works quite well.

The patch is against the (at the time of writing) latest git.

pixelstats trackingpixel


This might be useful for any sysadmins doomed with the terrible fate of administering plesk servers.
I wrote a little script you can stick in cron for emailing reports of overuse in plesk.
It can optionally also run with the -i (interactive) option for console output without emailing.

The script: http://linkerror.com/programs/check_overuse.pl.txt

pixelstats trackingpixel


Ported latest rxvt-unicode (aka urxvt) to Sgi IRIX (needs some cleaning up yet). More info and download links on the nekochan forum: http://forums.nekochan.net/viewtopic.php?f=15&t=16727827

The binary requires neko perl 5.8.9
If you’re brave and want to compile the patched source, I suggest you read the forum thread.

pixelstats trackingpixel


I have always been a big fan of gnuplot as it allows you to create quick graphs on the fly, and supports piping data to it.

It’s possible to create real-time graphs using this.

I figured I’d share some useful bash oneliners:

# graphical traceroute
traceroute -q1 slashdot.org | sed '1 d' | awk '{print $1"\t"$4"\t"$2}' | \
gnuplot -persist -e 'set xtics rotate by -45' -e 'plot "-" using 2:xticlabels(3) with lines'

traceroute with gnuplot

# disk usage plot
find . -maxdepth 1 -type d -not -name . -exec du -s {} \; | \
gnuplot -persist -e 'set style histogram' -e 'set style fill solid 1.0 border 3' \
-e 'set style data histogram' -e 'set xtics rotate by -45' -e 'plot "-" using ($1/1024):xtic(2)'

disk usage gnuplot

I think gnuplot is an example of a graphical application done right – you can script it, pipe to it, etc…
I wish more graphical applications were written in a way that they can be combined with bash-kungfu

Some more examples:

# graphical 'top' with the 5 highest cpu consuming processes
 ps aux | awk '{print $3"\t"$11}' | sort -rn | head -n5 |\
 gnuplot -persist -e 'set style histogram' \
-e 'set style fill solid 1.0 border 3' \
-e 'set style data histogram' \
-e 'set xtics rotate by -45' \
-e 'plot "-" using 1:xtic(2)'

# same as above but with memory consumption
ps aux | awk '{print $4"\t"$11}' | sort -rn | head -n5 |\
gnuplot -persist -e 'set style histogram' \
-e 'set style fill solid 1.0 border 3' -e 'set style data histogram'\
-e 'set xtics rotate by -45' -e 'plot "-" using 1:xtic(2)'
pixelstats trackingpixel


I stumbled upon an article that talks about how over-zealous syntax-highlighting can be counter-productive. It argues for only coloring comments and the difference between a comparison operator (==) and assignment (=).

The concept of such minimalistic coloring seems intriguing, so I wrote a little vim syntax highlighting theme that only colors comments.

It uses 256 colors, so you need a terminal setup to support 256 colors, however you can easily edit the colors in the .vim file.
If you do have a terminal that supports 256 colors, and you want to change the colors, you can use this chart to convert the numbers to colors.

To use the color scheme, just save the file below under ~/.vim/colors and type :color justcomments once you have started vim – or put colorscheme justcomments in your ~/.vimrc

Download the vim colorscheme here

pixelstats trackingpixel


Being a sysadmin you end up running ssh to multiple servers at the same time, all the time. Being a paranoid sysadmin you also have different (long) passwords for every one of these servers.

Unless you want to spend more time entering passwords than doing actual work, you probably have some kind of master-password system setup.

Most people will use an ssh key uploaded to the servers in order to accomplish this. – (hopefully one that is password protected.)

However there are some situations where this is not preferred, for example, when an account is shared by multiple people, or when you simply cannot leave ssh public keys lingering around. Or when you simply don’t want to have to re-upload the key every time the home directory gets wiped…

It sure would be nice to have a password manager, protected with a master password, remember passwords you enter for ssh, in those cases.

This is possible with kdewallet and a small expect script wrapper around ssh.

I don’t personally use kde, but I do use some of the utilities it ships with from time to time, kdewalet being one of them. Kdewallet uses dbus for ipc. The qdbus utility lets you interact with dbus applications from the command line (and from shell scripts), so that’s what this script makes use of. The KDE Wallet password management system consists of system daemon (kwalletd) and a front-end gui application to view the password database, create folders, etc, called kwalletmanager. You don’t have to have kwalletmanager running for this to work. The script will automatically start kwalletd if it’s not running.

You can use kwalletmanager to create a separate folder to store your ssh passwords “eg, a folder called “ssh”) and specify the folder in which to store the passwords at the top of the script, where some other constants can be adjusted such as the location of the needed binaries…

If a password was not found in kwallet, it will prompt for the password and store it. (If you entered the wrong password you’ll have to remove it using kwalletmanager.)

The script is implemented using ‘expect’ which can be obtained here : http://expect.nist.gov/ – Which uses TCL syntax.

#!/usr/bin/expect -f

# Entry point -----------------------------------------------------------------

# Constants
set kwalletd "/usr/bin/kwalletd"
set qdbus "/usr/bin/qdbus"
set kdialog "/usr/bin/kdialog"
set appid "ssh"
set passwdfolder "ssh"

# Get commandline args.

set user [lindex $argv 0]
set host [lindex $argv 1]
set port [lindex $argv 2]

# Check arg sanity
if { $user == "" || $host == "" } {
  puts "Usage: user host \[port\] \n"
  exit 1

# Use a sane default port if not specified by the user.
if { $port == "" } {
  set port "22"

# Run kde wallet daemon if it's not already running.
set kwalletrunning [ 
  exec "$qdbus" "org.kde.kwalletd" "/modules/kwalletd" "org.kde.KWallet.isEnabled" 
if { $kwalletrunning == "false" } {
  puts "kwalletd is not running, starting it...\n"
  exec "$kwalletd&"
  sleep 2
} else {
  puts "Found kwalletd running.\n"

# Get wallet id 
set walletid [
  exec "$qdbus" "org.kde.kwalletd" "/modules/kwalletd" "org.kde.KWallet.open" "kdewallet" "0" "$appid"

# Get password from kde wallet.
set passw [
  exec "$qdbus" "org.kde.kwalletd" "/modules/kwalletd" "org.kde.KWallet.readPassword" "$walletid" "$passwdfolder" "$user@$host" "$appid"

# If no password was found, ask for one.
if { $passw == "" } {
  set passw [
    exec "$kdialog" "--title" "ssh" "--password" "Please enter the ssh password for $user@$host"
  if { $passw == "" } {
    puts "You need to enter a password.\n"
    exit 1
  # Now save the newly entered password into kde wallet
  exec "$qdbus" "org.kde.kwalletd" "/modules/kwalletd" "org.kde.KWallet.writePassword" "$walletid" "$passwdfolder" "$user@$host" "$passw" "$appid"

# Run ssh.
if [
  catch {
    spawn ssh -p $port $user@$host 
  } reason
] {
  puts " Failed to spawn SSH: $reason\n"
  exit 1

# Wait for password prompt and send the password.
# Add key to known hosts if asked.
# Resume after successful login.
expect {
  -re ".*assword:" {
    exp_send "$passw\r"
  -re ".* (yes/no?)" {
    send -- "yes\r" {
    -re ".*Warning: Permanently .*known hosts.\r\r\n" exp_continue
  -re ".*Last login" exp_continue;

# Send a blank line
send -- "\r"

# Now finally let the user interact with ssh.
pixelstats trackingpixel


When you’re running any type of shared hosting server, with hundreds of clients that have the ability to run php scripts, send emails, etc,… How do you make sure you’re not setting yourself up to be one big spam haven? (the true answer is: you don’t, since shared hosting is one big mess.- You’re screwed.) – A compromised script of a client could be sending out spam mail without using your MTA, so it would not show up in your logs or mailqueue.

For this reason I wrote a little perl script which sniffs all outgoing SMTP traffic and dumps it to a file. You could then set up a cron job which scans the file for known keywords used by spammers (viagra/v1agra/Vi4Gr4/etc…….) and alerts you when something is found; or you could make it extract the emails and run them through spamassassin.

This way, even if the outgoing traffic is sent by some script using sockets to connect to port25 of some external mail server, bypassing your mta, you will still know about it.

Just change the settings on top of the script to reflect the ip address(es) you’re using and the network interface open to the internet.

Download/View it here

pixelstats trackingpixel


For a while now, trojans, and the botnets they work for, have employed several techniques for stealing FTP credentials. Whether it be through sniffing unencrypted FTP traffic, grabbing credentials from saved password files from popular FTP clients, or brute-forcing weak passwords on the server, as a server administrator, having a user’s FTP account compromised is something you would want to detect as early as humanly possible.

I have witnessed quite a few of these compromised accounts, and every time, it seems that there are many logins from many different countries into the account, presumably, by botnet drones dropping all sorts of malware or who knows what else.

This actually makes it fairly easy to write a little script to detect whether an account has been compromised, simply by looking at from how many different countries it has been accessed.

Granted, some people may travel, but most people will not travel to more than 10 countries in a short amount of time.

Thus I have written a perl script that can be used as a nagios sensor, which will grab the `last` output, and do a geoip lookup (using the geoiplookup utility) for each IP address. Then count the number of different countries, and depending on the warning / critical flags, will return the appropriate return value.

Example output:

# ./check_login

User 'weakling' has logins from 33 countries: Egypt Bolivia Taiwan
 Australia Sweden Switzerland Pakistan Dominican Canada China Peru
 Indonesia Vietnam Honduras Portugal Trinidad Grenada Turkey Serbia 
Korea, Mexico United Colombia Brazil Bahrain Japan France Mali South 
Poland Slovenia India - CRITICAL

Grab it here.

pixelstats trackingpixel