Daniel Cox

UPDATE: forgot to put MY WIFE

In the spirit of "count your blessings", these are a few of my favorite things... ♫ off the top of my head:

Hobo 1.3

when, at the start of spring, every day brings a little more greenery

UPDATE: OneThingWell.org had a post today about a project called "wemux" that makes the following dead-simple. Comes complete with a homebrew recipe.

Today I worked out how to allow "untrusted" people to observe my tmux sessions over ssh. Anyone I want can ssh to the "observer" account on my machine and are forced into a read-only version of my tmux session. They are forcibly logged out on detach. Alternatively, more trusted users of my machine that already have an account just need to be added to group "observer".

First create an "observer" user (and an "observer" group, if this isn't done automatically on your distro), however this is done on your machine.

Next, create a special directory for tmux sessions with the setgid bit, owned by the "observer" group, so that tmux sockets put here will also be owned by that group:

sudo mkdir -p /var/tmux

sudo chmod g+ws /var/tmux

Now tell the ssh daemon to restrict the "observer" user and force it to run tmux in read-only mode on our special socket by adding the following lines to the end of /etc/ssh/sshd_config:

# configuration for a tmux read-only observer

Match user observer

        X11Forwarding no

        AllowTcpForwarding no

        ForceCommand /home/observer/tmux-observer.sh

(Don't forget to restart the ssh daemon!)

As you can see, we now need to fill /home/observer/tmux-observer.sh. Do so with the following:

#!/bin/sh

tmux -S /var/tmux/observable attach -r

To be sure that observers cannot mess with each other, let's just let root own everything in their home directory, but ensure that they can run our little script:

sudo chown -R root:root /home/observer

sudo chown root:observer /home/observer/tmux-observer.sh

sudo chmod g+rx-w /home/observer/tmux-observer.sh

That should do it for the observers. We can now start a shared tmux session:

tmux -S /var/tmux/observable

For convenience, I have a "sharetmux" alias in my ~/.bash_aliases:

alias sharetmux="tmux -S /var/tmux/observable"

So now I make a shared session with "sharetmux", and if I detach, I can easily get back there with "sharetmux attach".

Do "sharetmux", open a new terminal window, and ssh into observer@localhost. You should see the tmux session, but not be able to do anything but watch. If you detached or the owner kills the tmux session, you'll be logged out.

UPDATE: I've made a couple improvements since writing this post:

I've changed my aliases (originally "sharetmux") to make two sessions, "observable" and "staging", and connect me to "observable". New connecting observers connect to "staging", however, so they need my permission to spy on me.

I've also changed the observer's connect script so i get a message in my tmux session informing me that an observer just connected.

Here's the new /home/observer/tmux-observer.sh:

#!/bin/sh

tmux -S /var/tmux/observable display-message "observer connected"

tmux -S /var/tmux/observable attach-session -t "staging" -r

And here are my two new aliases (the "observable" alias is for when I detach and want to reattach or manipulate the observable tmux session from the outside):

alias start_observable="tmux -S /var/tmux/observable new-session -d -s observable ; tmux -S /var/tmux/observable new-session -d -s staging ; tmux -S /var/tmux/observable attach-session -t observable"

alias observable="tmux -S /var/tmux/observable"

Now when I see "observer connected", I can let them in by getting their client path with "list-clients" and "switch-client -c /dev/pts/whatever -t observable".

I've been quietly busy this past month.

In no particular order, I...

• wrote a quick and dirty Ruby script that downloads the individual PDFs of "The Washington Post" from their Today's Paper site and stitches them together into three sections (omitting the sports page, 'cause who reads that?). Then I've been reading it. I wanted to clean up the script and make it more resilient before posting it, but then I realized that I had no motivation to do so. The issues I know about don't bother me. So here it is. Read the WP, and be informed. [UPDATE: I changed my mind and cleaned it up. Now it's shorter and bounces back from occasional WP brokenness.]
• decided to try building a game in Ruby with the Gosu game library and Chipmunk physics engine, so I wrote a bare-bones, proof-of-concept platformer with a character, physics, camera panning, a parallax scrolling background, platforms and a level editor. This was in preparation for building something more interesting with the help of a graphic designer friend, which I'll release when it's done. In the meantime, checkout the Bare Bones Platformer on GitHub.
• started building a desktop app for reading the Bible in an interesting way: I'd like to lay out the entire Bible on a single plane and allow the user to zoom into and pan around any passage they like. I expect this will help my own Bible reading because I frequently want to quickly and fluidly shift the scope of my study, which requires considerable overhead using a paper or online Bible. Ideally, I would be able to throw up passages that occur to me on the wall and move them around at will. Perhaps I can simulate some of that using the Eagle Mode project's API. This is a brilliant piece of software, and I can't believe I'd never heard of it before.
• bought some real furniture - a trying process. It's wonderful though, so I'm certainly not complaining. It's also quite a long process, because I keep having to go back to the store to fix problems.
• started trying to build a desk based on something from "Legare Furniture".
• restarted my search for a full-time job, since my iron-in-the-fire with the DoD unexpectedly fell through after months of waiting, phone calls, interviews, waiting and more waiting.

Early on in my Christian life I heard these catchy definitions of grace and mercy:

This is my public key, on keyserver.ubuntu.com as "Daniel Patrick Cox" <danielpcox ET gmail DAWT com>:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.0.10

mQENBE6XLaUBCADA/TP7ecC4i7HmTQ+22Wewk3UD9uEZGW7gFFKwmZkWFpzy5OI0l+3zbwvl
nPYv0YMoRS/kg9kKGKT7fSK0UJlKSYhX9og9U9JGXJirQsgd0ede3gktkX16cVCYbh2h9vBj
XvKPEfHL48bEXxBSw2/vI4Ce8tPNgQDtU8UjpbDn3wa6UweSi9RdKeXM5Vj6QxB9DrUH9GfZ
YgTtUopLwLZbQfC6vkYX9euSwD7sSl7Y54UbVwNAjCmCKyvs32LLUe7kliSP5Jje+3q++kC/
TKfJgr9HJC0+OJ5xFwR/6xD5pDww9kNS/hyOYhUNfebWZRlRB76AaIyunEeM0mV1CpSHABEB
AAG0KURhbmllbCBQYXRyaWNrIENveCA8ZGFuaWVscGNveEBnbWFpbC5jb20+iQE4BBMBAgAi
BQJOly2lAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDON0TDobrNYGUdCACJ0jps
ssAFTQlAxC8RM4HPbE5hJMp4WHYtADhhf6v90nBMm/Dtg1nAaH7ZNi2YvAnK03HrCjcIRD99
weBny9H7zluS/1AYGLptTIdB7CYjPubPdzPm7lyDoAhj4JbDW0WZS3jQgkBHI+kRuaF2V3fK
c7VVbQL8uOQkSoB5/irpnUCTxgyy5snMFyhon5PsgBm7F6SJFd8/iy3N6pG9FBiihqk6A8H7
e1oLY6GAg+AdzRmAY3vG2mGw3k1gUFx6pZF27xSx5eUdB6Eg8Dtooej9hqwrrgrZYLhAPi8z
wXVlj38DP/F6IHJ4WeT981+yAeDpQQqt0SHHgYn2fdWwMc0huQENBE6XLaUBCAC7vJqf0e+M
F+3jHO7xna9znPPHzUlhPRDwCVpIrd8qxMg5IsDucI8dFY8bnNrLF/1DK78DnTdgYZHGq1zR
ZDFZ+Yz2DA1Dalr4sjh62EL97QHgbOM4C+8Xs3m/7WbZ/uZVJ4psmTWGNGFFd/R7AlNdvOVv
s06V1h+k/sd5R9cgi1TkLOai+Z5hVTT7B2vqxaF9+/v2e6mLoLgMi8zCrYEF4y1vx+PAYVHG
WiHHZR06OSYny5KVpfAbZNR+PMX0YFn57O1P0rJhBioZ05ORI2AzpQlG54fBteqOCiKOXREl
kZisjKZwWl9ZMb76pvnj9phyf+Xf/LJFpnJJK2nfvp5pABEBAAGJAR8EGAECAAkFAk6XLaUC
GwwACgkQzjdEw6G6zWDhLQgAlfnprs7Aacx6FXnt09M70haxeajya9NJi+MoK3wCeAR2flco
2HeZaULRkocRVFkzXwlaDhc5+UZweaD2qYgn234v7912O6Y73OBRmx1XSoCYlmZrgozTttp1
rZiLotc6h1XzpGWTU/XDmuetj7Mv+H9TM/lTPkPapgK6cvI84aEDjeuY3q77r7QLQ0+sKJ/W
gWKEqsB/rCkfYOdtSyF67aqfUqSk+65+lICJGJyLS5m02cUJAerWqEzOFYrC74CMvt7qd0Ex
JYQG/ktr31dTPLZaLw72wMIwKoEhLcgilNPxETeoqRwpxbtmJtSoit4n72qun62hc4J/NljV
QyMMxA==
=VRuf
-----END PGP PUBLIC KEY BLOCK-----