Author Archives: sanjurjot

About sanjurjot

Box Breaker || Spiritual Battle Commander || Catechist

Server Management for Middle Schoolers Part 3: Ease of Use

I may be crazy, but I know there are some Middle Schoolers who can run a server. So I’m teaching them headless shell management and scripting, all so they can play Minecraft (the carrot, in this case.) They are learning surprisingly well, but then, so am I. I’ve never had to create a fully group setting on Linux, and didn’t anticipate all the issues I’d run in to. Wanting to have 17 kids in an ssh group, with access to a games folder that consistently outputs files they can all use, and allows them to run an instance of Minecraft they can all access… It is a lot to figure out. This series is going to cover the settings I came up with.

Bash Script Startup and Ease of Use

The biggest problem that I knew I was going to have dealt with the running of scripts. Most of these kids had never been exposed to a Linux environment, much less actually dealt with a command line. We were secure shelling in, so there wasn’t a GUI for them to learn and play with, but they had dealt with all of that issue like a champ. Some of them were getting taxed on the amount of commands they had to use, so I didn’t want to burn them out.

The tmux script that I was working with basically did three things. It set up the temp folder for the tmux instance, made sure that the group managed it, and then dropped in to the instance to operate it. The problem was the amount of typing each of these commands took. Individually, they look like this:

tmux -S /tmp/tmuxDirectory new-session -d -s Minecraft
chgrp MyGroupName /tmp/tmuxDirectory
tmux -S /tmp/tmuxDirectory attach-session -t Minecraft

which is a lot to remember for newly minted shell users. So I opted for scripts. Fortunately, these things are easy to write, and simple to use when you teach them.

Taking those commands and working them into a new serverstart.sh file looks nearly identical. I just commented what was happening with each line before I wrote it, for clarity, and threw a hash-bang /bin/bash on the top. Then I noticed I might want a little more abstraction, so I altered the file to pull the directory, the session name, and the group (incase it needed to change for some reason) out of this file. They are represented here by the $CONSTANTS

#! /bin/bash

# Import server configuration
source config.sh

# Abstract tmux code start $CONSTANTS in config.sh
tmux -S $DIR new-session -d -s $SESSION

# Change the group setting of the $DIR
chgrp $GROUP $DIR

# Start the server
echo Starting $SESSION Server Now

And at this point using the tmux ability to pass along keys is important.

tmux -S $DIR send-keys “java -Xmx2048M -Xms1024M -jar minecraft.jar nogui” C-m

obviously, even this code could (and should) be abstracted a little bit.

With all of this set, the only command the kids will need to remember to start the server is the executable ‘./startserver.sh’. So make it executable.

chmod +x startserver.sh

Other Useful Bash Scripts

Besides starting the server, there may be a time your team will need to manage the server, or stop it. Here are those scripts

serveraccess.sh

#! /bin/bash

# load the configuration
source config.sh

# Attach to shared server instance
tmux -S $DIR attach-session -t $SESSION

serverstop.sh

#! /bin/bash

# Load the configuration
source config.sh

# Stop the server
echo Stopping $SESSION Server
tmux -S $DIR send-keys “/stop” C-m

# Wait 5, then kill the Session folder
sleep 5
tmux -S $DIR kill-session -t $SESSION

You could, of course, be much nicer in this script and give players time to log out, but the flavor of that is up to you.

Wrap Up

I’ll be writing an update soon to tell about how these lessons have been received, how they are progressing, and some interesting difficulties with this situation that have arisen.

 

Advertisements

Server Management for Middle Schoolers Part 2: The Group Folder

I may be crazy, but I know there are some Middle Schoolers who can run a server. So I’m teaching them headless shell management and scripting, all so they can play Minecraft (the carrot, in this case.) They are learning surprisingly well, but then, so am I. I’ve never had to create a fully group setting on Linux, and didn’t anticipate all the issues I’d run in to. Wanting to have 17 kids in an ssh group, with access to a games folder that consistently outputs files they can all use, and allows them to run an instance of Minecraft they can all access… It is a lot to figure out. This series is going to cover the settings I came up with.

Setting up the Group Folder

The plan here, was to have all the group with ssh access have a united home folder that we could work from for our game instances. The top level folder, and everything underneath it, would need to be accessible to the group, not just to the creator, so I played around with some settings, and came up with a solution that worked.

Setting the Permissions right

The first thing I did was create a ‘games’ folder in the ‘home’ directory. I knew I wanted this folder to be a group folder, so I ran the chgrp command for it:

$ chgrp myGroupName games/

Then, when you run the $ ls -la, you’ll notice that the creator is still listed as your user, but the group is switched to myGroupName. That way everyone in the group will have access to that file. So I copied the Minecraftserver.jar in there and thought that would be it. Since we were planning multiple instances of Minecraft, I also added a folder for this first, vanilla version. The tree looks something like this:

/home/
|-> games/
|-> vanilla_minecraft/
|-> minecraftserver.jar

When I ran the minecraftserver.jar so I could edit the EULA, I noticed a problem. The file (even though I had changed its permissions as well) ran as if all the files were being produced by, and for, just my user. This was a problem. I could go back and change it often enough, but that wouldn’t work for times where I wanted the kids to handle things. I needed the new files to have the same group setting.

Setting the GID on the folder

So I emptied out the ‘vanilla_minecraft’ folder and got ready to try again. I made sure all the files had the right permissions, then did one more step on the ‘games’ folder. I set the GID for the folder. This is a handy trick, because it allows all the files created within the directory to inherit that same level of permission for the group use. Here’s the command:

$ chmod g+s /home/games

to make it apply to all subdirectories as well, simply add the -r flag. This way, whenever any group user runs an executable, any files created will be created with the group permissions of the top folder.

Security Note

This can be a dangerous procedure if you aren’t careful where you apply this type of thinking. It is useful as a shorthand to give a group permission to run files, but you have to be careful what type of files are put in there, and what other things those files touch. I tested it out a couple of times, and was able to create some files in other directories that I didn’t have access to normally because of the group setting. So be careful here, your group needs to know that this is a potential danger on a server, but it’s probably the best balance of security and ease that I was able to strike.

Actually Starting the Server

At this point, I created an open port for the minecraft server, and then ran the server to get the files setup, but that created other problems. I used screen to start the instance the first time, but then realized that we were going to have a problem when the kids tried to attach to that screen, that they weren’t going to be able to. After a bit of searching, I found out that screen wasn’t going to work for what I needed, so I switched over to tmux and found some nifty hackarounds that would work. Namely, creating a specific /tmp folder for the tmux instance and setting its group permissions. This solution, however, was going to be a headache for the kids (it already was taxing me to write out all those commands every time) so I knew what had to be done next. Time for some Bash scripts!

Server Management for Middle Schoolers Part 1: sshd_config

I may be crazy, but I know there are some Middle Schoolers who can run a server. So I’m teaching them headless shell management and scripting, all so they can play Minecraft (the carrot, in this case.) They are learning surprisingly well, but then, so am I. I’ve never had to create a fully group setting on Linux, and didn’t anticipate all the issues I’d run in to. Wanting to have 17 kids in an ssh group, with access to a games folder that consistently outputs files they can all use, and allows them to run an instance of Minecraft they can all access… It is a lot to figure out. This series is going to cover the settings I came up with.

Setting up a good sshd_config

There are some really great settings in the sshd_config script (/etc/ssh/sshd_config) that shouldn’t be overlooked. Options like changing the default port, assigning an approved group, and, optimally, using RSA keys are a must here, at least eventually.

Changing the Default Port

Because I need this server to be secure, it is attached to our school network after all, and because I want a group of lively administrators to have a sandbox to work on, I need a way to lock out unwanted access. The first step, which a student in the group duly noted, is to change the port number away from the default 22. That’s a simple fix, just look for the line and change it:

 # What ports, IPs, and protocols we listen for
Port 22

You can’t pick arbitrarily, but you can assume that most numbers below 1000 will be useful here. Settle on a port that isn’t used by another popular program as a default and you should be okay on traffic issues. Just as a point of reference, I got 2200 hits against Port 22 in the weekend before I could get our network admin to change the routing table to our new Port. They ranged from attempts to login using every possible username from ‘root’ to ‘techhelp’, to attempting to negotiate RSA keys. The saving grace from these attacks was the next step I took.

Setting Up an SSH Group

I’d prefer to use RSA keys for login, but haven’t had a chance to fully explain that process to the students yet, so we’re using passwords for now. Getting away from port 22, which is often attacked by bots as a pre-trial for an actual attack, was the first step. The next step is a bit of an extra measure. I knew I was going to need a group for these kids with special privileges, but I certainly wasn’t about to give them su. Inside the sshd_config there’s a setting to grant ssh privileges to a group of users, you can change it like this:

# Allow only certain UserGroups to access the ssh
AllowGroups myGroupName

This way, all of the random tries for usernames (even for root) will result in a failure, but it won’t tell the attempter why. This also accounts for attempts to attach with an RSA key, so bonus there. Only users in this group will be allowed to remote shell, however, so be sure to add yourself to the group. I speak from experience here.

Creating a Banner for Good Measure

It’s a good idea to also set up a banner for good measure. There should be a commented line in the sshd_config file that looks a bit like this one:

Banner /etc/issue.net

That gets printed out on an attempted login, say someone guesses a name that is in the userGroup approved to remote ssh. This may happen, and this file will, at the very least, show that you are paying attention to details. Most hackers won’t actually care, honestly, but amateurs might get a moment of pause. You can make yours funny for the added measure of giving a potential hacker a chuckle, may save you some time down the line. Currently, mine’s a mix of legal disclaimer, and boring threat. I’m working on something snappy.

Conclusions for SSH Access

This was a good lesson in the config files for ssh for me. I knew about some options, but not others. I think the real gem here is the setup of an allowed group. Keeping in mind that each user typically has their own group in a UNIX setup is a valuable thought for a broader sense of server management, and the idea that you could set multiple allowed groups through this setting is also quite useful. Next time I’ll talk about the Group ID and setting the group bit on a folder so that the whole group can access files and run services that are interoperable.

What My Bike Has Taught Me About White Privilege

I have nothing to add to this. It is very accurate and an experience I share and will cherish as an example.

A Little More Sauce

The phrase “white privilege” is one that rubs a lot of white people the wrong way. It can trigger something in them that shuts down conversation or at least makes them very defensive. (Especially those who grew up relatively less privileged than other folks around them). And I’ve seen more than once where this happens and the next move in the conversation is for the person who brought up white privilege to say, “The reason you’re getting defensive is because you’re feeling the discomfort of having your privilege exposed.”

I’m sure that’s true sometimes. And I’m sure there are a lot of people, white and otherwise, who can attest to a kind of a-ha moment or paradigm shift where they “got” what privilege means and they did realize they had been getting defensive because they were uncomfortable at having their privilege exposed. But I would guess that more often than…

View original post 1,649 more words

Hope is a Furious Road

My name is Max. My world is reduced to a single instinct: Survive. As the world fell it was hard to know who was more crazy. Me… Or everyone else.

This is part of Max Rockatanksy’s opening narration to George Miller’s spartan tale of survival and hope in a world on fire. There are currently two focal points for reviews on this film:

  1. This is an amazing action movie, shot almost entirely in sequence on the backs of cars, full of amazing, tactile explosions and over the top insanity.
  2. This is a feminist story at its finest, with the heroine not only being a capable leader, but a disabled woman to boot.

See this movie for either of those reasons, because they are well fulfilled in the movie itself. I’d like to propose another reason to see it, however. This movie is a master course in story telling. It’s rare to get a movie that is so fully aware of itself that it does away with the need to have a character to ‘bring the audience up to speed.’ It’s exceptionally rare to find it in an action flick that borders on science fiction, both notorious for using the coming-of-age tale to expound on their universe. Miller’s Fury Road is uncompromising in its story telling, however, and does not pander to an audience unwilling to literally ride along on the ridiculously over worked car-steeds.

The cars themselves are as good a place to start as any. Gaudy, over worked, gas guzzling monstrosities, the cars are full extensions of the characters being portrayed. This is a simple issue to miss, in the frenzy of the movie, possibly mistaken for a well played trope, and to be sure, they are the very core of the world of Mad Max. This movie does something amazing with them, however, and to miss that is to miss the larger point of the story. The cars themselves are like the viking ships so prized by the Danish raiders of the 8th and 9th centuries. The clear correlation here is made with various mentions of Valhalla and the prayers of the War Boys to their cultish god of war and conquest, the V8, as well as their desire to be ‘witnessed’ and ‘die historic on the Fury Road.’ This cult is embodied by their leader Immortan Joe, who rules like a feudal lord, dispensing water, rather than riches, to his people, and hoarding ‘clean’ women as ‘breeders’ for hopefully healthy sons. Don’t mistake the over-the-top cars with simple eye candy, they tell the story of the War Boys, Citadel, and the apocalypse very clearly, their life is secured and advanced by those cars, and their status in the ranks of Citadel is illustrated in how unreasonable their modifications can be. The cars are idols, to be worshiped and revered, decorated and viewed with awe.

This bare bones story telling (none of this is ever mentioned directly) is a hallmark of great writing that colors so much of this movie. This is a lean film, spartan in the way it doles out details. I was worried at the initial narrated voice-over, setting up Max’s past, but that small moment of letting us in as an audience was the entire introduction we get. From that point on, we’re along for the ride. And that ride is truly magnificent.

The other great rarity of such a clear action movie, is the development of character. For a hero to gain some sort of self-awareness in one of these movies is very rare, for a secondary character to even be more than a flat reflective surface for the hero, is even more rare. Fury Road deftly handles three characters through an entire plot arc of self-awareness and growth, and then juggles the stories of at least two more very complex characters (one being Immortan Joe himself, despite his villainy) with very little screen time wasted on introspection or dense conversation. I’m going to focus on an aspect of Max’s growth for the sake of this part of the review.

You know… Hope is a mistake. If you don’t fix what’s broke, you’ll go insane.

~Max Rockatansky

The nihilism present in the Mad Max films is always a sore point with many viewers. Miller has, in Max, a character that illustrates that people live on long after they stop hoping. Max is no hero, he is a survivor. At the time we catch up to him in the movie, he has survived too much, and his guilt is gnawing at him continually. Every action he takes for the first half of the film is an animalistic, reflexive move to survive. It’s clear he has no desire to ‘be witnessed’ in a heroic death, but what’s unclear is why he doesn’t simply succumb. For some reason, he struggles to live, despite having nothing to live for. In many ways, his nihilism is a fear of dying, because there are things waiting for him on the other side of death’s door that are far worse than the scrabbling existence on this side. Gradually, and subtly, Max is given something to live for, and by the end of the film, we see that maybe something is being fixed. Not only is he a more than a hopeless survivor, but he is become a champion of a cause greater than any of the individual characters in the tale.

Opposed to Max’s story, or perhaps in a sort of counter point harmony to it, we have the story of Imperator Furiosa, the female hero that is being much raved about in the media. The truth of the matter is, she fits no trope of a female hero that we see regularly in film. She is all too human, and this is the threat of this character. She is approachable, and as a viewer, we can follow her arc from beginning to end in a very believable progression. She wastes no time on screen being impossibly hard (as many female leads tend to be) or in distress (as a romantic interest), rather, Furiosa is a story unto herself, and a damned fine one as well.In all, Fury Road is one of the best movies that will come out this year. If you go see it for either of the reasons it is getting a lot of press, you’ll likely leave wondering why it was so much more fantastic than you thought. I hope this post goes a little way to clearing some of that up. There’s obviously much more of the movie to review. In an ironic sort of turn, I’ll leave you with a quote from Ernest Hemingway on what makes a great story to explain it better than I could:

The dignity of movement of an ice-berg is due to only one-eighth of it being above water.~Ernest Hemingway in Death in the Afternoon

Functional Anarchy

I was going in to a local grocery to get some things for my wife this weekend, and had to pause as I saw a police cruiser pull to a stop in the fire lane in front of the store. The officer got out of the cruiser and left it running as he went into the store in front of me. I thought this was interesting, and wondered what he was doing. Responding to a call? Getting a donut?

Image found on wikimedia. I'm not stupid enough to take a picture of a police car.

Image found on wikimedia. I’m not stupid enough to take a picture of a police car.

Turns out he was just going inside to get a Mother’s Day card. This isn’t the interesting part of the story. What caught my attention was the fact that he left the cruiser running. Keys in the ignition, in the fire lane, in front of the store. This is anarchy. You may balk and say, well, he’s a police officer. It probably wasn’t his best move (definitely doesn’t fit office regs, I’m sure) but it illustrates a point.

Anarchy isn’t about people being crazy and doing whatever the heck they want, whenever they want. It is about people respecting property, either out of a sense of propriety, or a sense of self-preservation. The officer, rightly, assumed that no one would simply jump in a police cruiser and drive off with it. The point I want to make is the reason he was right in this assumption has less to do with ordered society than with functional anarchy.

A ‘law abiding citizen’ wouldn’t jump in the car and drive off because that would be illegal. There are all sorts of reasons they might come to this conclusion, “I’d be arrested”, “I’d be fined”, “I’d be shot”. All of these are valid reasons not to take the cruiser. The funny thing is, it isn’t the officer’s property, it belongs to the police force, and thus is payed for by the citizens’ taxes. It’s more right to say that the citizens own the cruiser, and the officer is borrowing it. But none of them take it.

Now, you may say this isn’t anarchy, and you’re right. What an anarchist would think on seeing that same situation is, “It’s not mine, so I’m not going to take it.” You might throw up your hands and say, “well that’s what I thought before those other things as well,” and I’d tell you, “then you are an anarchist.”

We should all be able to drive up to a store, leave the keys in the ignition and the car running, and go in to grab a mother’s day card without fear of our car being driven off by someone else. It shouldn’t take the fear of a badge to keep people behaving. If you think this is idealism, then why are the police officers the only ones able to do this kind of thing?

Let’s Talk About Sex

"Lujuria / Lust: Pecado Original" by Gabriel S. Delgado C. is licensed under Creative Commons Attribution 2.0.

“Lujuria / Lust: Pecado Original” by Gabriel S. Delgado

There’s a lot of really great food in the world.

I love tasty food. I like to taste food. I regularly feel like I shouldn’t go quite as long between meals as I do, because I’m sure to miss out on something. My belt, however, is telling me that I haven’t been balancing my meals out with enough exercise lately. Apparently, I’m in the majority in the United States.

Sure, I snack, but it’s because I can’t concentrate well if I don’t. I drink a good amount of coffee, because it’s important to my productivity as well. I’m not addicted to these things, however, so they aren’t really necessary, I just like them. I indulge in an occasional alcoholic beverage, but I avoid milk like the plague. That stuff’s bad for my stomach, seriously. I’ve been a happier person since I stopped drinking it. Well, mostly stopped, I do like the taste of cereal every once in a while. I was told a while back that you could never put as much sugar on your corn flakes as they have in the sugary varieties, so I do that, rather than buy the really color rich kid cereals. I’m an adult, after all. Don’t get me started on office snacks, it’s not my fault we have those cheesballs in such large quantity in there… or that I don’t bring my own lunch very often.

Point is, I know what my mouth’s for. It’s for tasting stuff. Well, that and chewing on stuff, like my pens, and maybe my nail beds (nervous habits die hard.) Straws are a relentless target, for sure, and who can resist crunching ice every now and again time I get a fountain drink? These things are fine, surely they don’t do as much damage as my dentist tells me.
The most important reason to eat is for the taste.