Category Archives: Tech

Server Management for Middle Schoolers Part 3: Ease of Use

I may be crazy, but I know there are some Middle Schoolers who can run a server. So I’m teaching them headless shell management and scripting, all so they can play Minecraft (the carrot, in this case.) They are learning surprisingly well, but then, so am I. I’ve never had to create a fully group setting on Linux, and didn’t anticipate all the issues I’d run in to. Wanting to have 17 kids in an ssh group, with access to a games folder that consistently outputs files they can all use, and allows them to run an instance of Minecraft they can all access… It is a lot to figure out. This series is going to cover the settings I came up with.

Bash Script Startup and Ease of Use

The biggest problem that I knew I was going to have dealt with the running of scripts. Most of these kids had never been exposed to a Linux environment, much less actually dealt with a command line. We were secure shelling in, so there wasn’t a GUI for them to learn and play with, but they had dealt with all of that issue like a champ. Some of them were getting taxed on the amount of commands they had to use, so I didn’t want to burn them out.

The tmux script that I was working with basically did three things. It set up the temp folder for the tmux instance, made sure that the group managed it, and then dropped in to the instance to operate it. The problem was the amount of typing each of these commands took. Individually, they look like this:

tmux -S /tmp/tmuxDirectory new-session -d -s Minecraft
chgrp MyGroupName /tmp/tmuxDirectory
tmux -S /tmp/tmuxDirectory attach-session -t Minecraft

which is a lot to remember for newly minted shell users. So I opted for scripts. Fortunately, these things are easy to write, and simple to use when you teach them.

Taking those commands and working them into a new serverstart.sh file looks nearly identical. I just commented what was happening with each line before I wrote it, for clarity, and threw a hash-bang /bin/bash on the top. Then I noticed I might want a little more abstraction, so I altered the file to pull the directory, the session name, and the group (incase it needed to change for some reason) out of this file. They are represented here by the $CONSTANTS

#! /bin/bash

# Import server configuration
source config.sh

# Abstract tmux code start $CONSTANTS in config.sh
tmux -S $DIR new-session -d -s $SESSION

# Change the group setting of the $DIR
chgrp $GROUP $DIR

# Start the server
echo Starting $SESSION Server Now

And at this point using the tmux ability to pass along keys is important.

tmux -S $DIR send-keys “java -Xmx2048M -Xms1024M -jar minecraft.jar nogui” C-m

obviously, even this code could (and should) be abstracted a little bit.

With all of this set, the only command the kids will need to remember to start the server is the executable ‘./startserver.sh’. So make it executable.

chmod +x startserver.sh

Other Useful Bash Scripts

Besides starting the server, there may be a time your team will need to manage the server, or stop it. Here are those scripts

serveraccess.sh

#! /bin/bash

# load the configuration
source config.sh

# Attach to shared server instance
tmux -S $DIR attach-session -t $SESSION

serverstop.sh

#! /bin/bash

# Load the configuration
source config.sh

# Stop the server
echo Stopping $SESSION Server
tmux -S $DIR send-keys “/stop” C-m

# Wait 5, then kill the Session folder
sleep 5
tmux -S $DIR kill-session -t $SESSION

You could, of course, be much nicer in this script and give players time to log out, but the flavor of that is up to you.

Wrap Up

I’ll be writing an update soon to tell about how these lessons have been received, how they are progressing, and some interesting difficulties with this situation that have arisen.

 

Advertisements

Server Management for Middle Schoolers Part 2: The Group Folder

I may be crazy, but I know there are some Middle Schoolers who can run a server. So I’m teaching them headless shell management and scripting, all so they can play Minecraft (the carrot, in this case.) They are learning surprisingly well, but then, so am I. I’ve never had to create a fully group setting on Linux, and didn’t anticipate all the issues I’d run in to. Wanting to have 17 kids in an ssh group, with access to a games folder that consistently outputs files they can all use, and allows them to run an instance of Minecraft they can all access… It is a lot to figure out. This series is going to cover the settings I came up with.

Setting up the Group Folder

The plan here, was to have all the group with ssh access have a united home folder that we could work from for our game instances. The top level folder, and everything underneath it, would need to be accessible to the group, not just to the creator, so I played around with some settings, and came up with a solution that worked.

Setting the Permissions right

The first thing I did was create a ‘games’ folder in the ‘home’ directory. I knew I wanted this folder to be a group folder, so I ran the chgrp command for it:

$ chgrp myGroupName games/

Then, when you run the $ ls -la, you’ll notice that the creator is still listed as your user, but the group is switched to myGroupName. That way everyone in the group will have access to that file. So I copied the Minecraftserver.jar in there and thought that would be it. Since we were planning multiple instances of Minecraft, I also added a folder for this first, vanilla version. The tree looks something like this:

/home/
|-> games/
|-> vanilla_minecraft/
|-> minecraftserver.jar

When I ran the minecraftserver.jar so I could edit the EULA, I noticed a problem. The file (even though I had changed its permissions as well) ran as if all the files were being produced by, and for, just my user. This was a problem. I could go back and change it often enough, but that wouldn’t work for times where I wanted the kids to handle things. I needed the new files to have the same group setting.

Setting the GID on the folder

So I emptied out the ‘vanilla_minecraft’ folder and got ready to try again. I made sure all the files had the right permissions, then did one more step on the ‘games’ folder. I set the GID for the folder. This is a handy trick, because it allows all the files created within the directory to inherit that same level of permission for the group use. Here’s the command:

$ chmod g+s /home/games

to make it apply to all subdirectories as well, simply add the -r flag. This way, whenever any group user runs an executable, any files created will be created with the group permissions of the top folder.

Security Note

This can be a dangerous procedure if you aren’t careful where you apply this type of thinking. It is useful as a shorthand to give a group permission to run files, but you have to be careful what type of files are put in there, and what other things those files touch. I tested it out a couple of times, and was able to create some files in other directories that I didn’t have access to normally because of the group setting. So be careful here, your group needs to know that this is a potential danger on a server, but it’s probably the best balance of security and ease that I was able to strike.

Actually Starting the Server

At this point, I created an open port for the minecraft server, and then ran the server to get the files setup, but that created other problems. I used screen to start the instance the first time, but then realized that we were going to have a problem when the kids tried to attach to that screen, that they weren’t going to be able to. After a bit of searching, I found out that screen wasn’t going to work for what I needed, so I switched over to tmux and found some nifty hackarounds that would work. Namely, creating a specific /tmp folder for the tmux instance and setting its group permissions. This solution, however, was going to be a headache for the kids (it already was taxing me to write out all those commands every time) so I knew what had to be done next. Time for some Bash scripts!

Server Management for Middle Schoolers Part 1: sshd_config

I may be crazy, but I know there are some Middle Schoolers who can run a server. So I’m teaching them headless shell management and scripting, all so they can play Minecraft (the carrot, in this case.) They are learning surprisingly well, but then, so am I. I’ve never had to create a fully group setting on Linux, and didn’t anticipate all the issues I’d run in to. Wanting to have 17 kids in an ssh group, with access to a games folder that consistently outputs files they can all use, and allows them to run an instance of Minecraft they can all access… It is a lot to figure out. This series is going to cover the settings I came up with.

Setting up a good sshd_config

There are some really great settings in the sshd_config script (/etc/ssh/sshd_config) that shouldn’t be overlooked. Options like changing the default port, assigning an approved group, and, optimally, using RSA keys are a must here, at least eventually.

Changing the Default Port

Because I need this server to be secure, it is attached to our school network after all, and because I want a group of lively administrators to have a sandbox to work on, I need a way to lock out unwanted access. The first step, which a student in the group duly noted, is to change the port number away from the default 22. That’s a simple fix, just look for the line and change it:

 # What ports, IPs, and protocols we listen for
Port 22

You can’t pick arbitrarily, but you can assume that most numbers below 1000 will be useful here. Settle on a port that isn’t used by another popular program as a default and you should be okay on traffic issues. Just as a point of reference, I got 2200 hits against Port 22 in the weekend before I could get our network admin to change the routing table to our new Port. They ranged from attempts to login using every possible username from ‘root’ to ‘techhelp’, to attempting to negotiate RSA keys. The saving grace from these attacks was the next step I took.

Setting Up an SSH Group

I’d prefer to use RSA keys for login, but haven’t had a chance to fully explain that process to the students yet, so we’re using passwords for now. Getting away from port 22, which is often attacked by bots as a pre-trial for an actual attack, was the first step. The next step is a bit of an extra measure. I knew I was going to need a group for these kids with special privileges, but I certainly wasn’t about to give them su. Inside the sshd_config there’s a setting to grant ssh privileges to a group of users, you can change it like this:

# Allow only certain UserGroups to access the ssh
AllowGroups myGroupName

This way, all of the random tries for usernames (even for root) will result in a failure, but it won’t tell the attempter why. This also accounts for attempts to attach with an RSA key, so bonus there. Only users in this group will be allowed to remote shell, however, so be sure to add yourself to the group. I speak from experience here.

Creating a Banner for Good Measure

It’s a good idea to also set up a banner for good measure. There should be a commented line in the sshd_config file that looks a bit like this one:

Banner /etc/issue.net

That gets printed out on an attempted login, say someone guesses a name that is in the userGroup approved to remote ssh. This may happen, and this file will, at the very least, show that you are paying attention to details. Most hackers won’t actually care, honestly, but amateurs might get a moment of pause. You can make yours funny for the added measure of giving a potential hacker a chuckle, may save you some time down the line. Currently, mine’s a mix of legal disclaimer, and boring threat. I’m working on something snappy.

Conclusions for SSH Access

This was a good lesson in the config files for ssh for me. I knew about some options, but not others. I think the real gem here is the setup of an allowed group. Keeping in mind that each user typically has their own group in a UNIX setup is a valuable thought for a broader sense of server management, and the idea that you could set multiple allowed groups through this setting is also quite useful. Next time I’ll talk about the Group ID and setting the group bit on a folder so that the whole group can access files and run services that are interoperable.

State of my FOSS 2015 – The Artistic

There’s an artist in all of us, and sometimes we can make money with that. Here are some of the FOSS programs I’ve found useful for 2D / Digital art.


2D Art and Photo Editing Software – Makes stuff pretty

The GIMP -> Replaces Adobe Photoshop

The GIMP is a pinnacle example of Open Source Software. One of the best communities out there, a cohesive concept of what they are making, and countless script additions to fill needs the community has for the program. The learning curve for this program is no more steep than for Photoshop, and there are any number of reputable places to learn about it online. If you’re transitioning from Photoshop, I recommend this setup tutorial to make GIMP comfortable for you. If you aren’t, I still recommend reading that article for the ‘set to single window’ step, because that’s going to make your life a lot easier. This program is a must for ‘higher end’ image editing without the cost of a subscription to Adobe.

Krita -> Replaces Adobe Fireworks / Illustrator (sorta)

Krita is a nifty, quick paint program. You can make of it what you will, it isn’t as powerful as GIMP at image editing, but allows you a lot of freedom to get art on the digital canvas. It doesn’t vector as well as Illustrator, so that’s why I don’t give it full marks for that component, but it more than holds its own in its field. If you are a digital artist, this is a program you should have in your arsenal.

Inkscape -> Replaces Adobe Illustrator

Inkscape is a vector graphics program which works, in a very basic way, like Illustrator. It is lacking in some of the functionality that I’d like to see in a vector art program, but is useful enough that I haven’t had any problems switching to it over Illustrator full time. If there were an open source community that I’d like to throw my hat in to programming for, this would be it. It has a decent following, but kinda falls through the cracks with programs like GIMP and Krita on the market. The biggest advantage is the vector images, but most people needing to make those are in a pipeline, and will have one of the commercial programs for it. Technically, this is a necessary addition to any serious digital artist’s 2D FOSS tool bag, though your mileage may vary based on your desire to profit from your art.

IrfanView -> Replaces {image viewer}

While IrfanView is technically only a media viewer, there are some powerful extras hidden in it that make it very worthwhile for artists. Primarily, it is very useful for metadata analysis. Always remember, as an artist, to save your work with metadata, and then check it against this program. You can also check your favorite images for their metadata here, and get some insight to the artists, hopefully.

State of my FOSS, 2015 – The Operating System

I am a huge proponent of the Free / Open Source Software movement. I love the communities surrounding free and open source software, attempt to contribute where I can, and continually advocate for more openess in development. Software is one area in which cloud thinking can truly, fundamentally, improve the status quo. More companies need to get behind this movement, and with Unity’s announcement that their 5th installment of their platform has a ‘free but limited’ component, we’re going to start seeing more of a move in this direction.

So, without further ado, here is the state of my FOSS. These are software I use as alternatives to their closed / pay cousins and what I like about them where I have room to compare. I’m going to start with the operating system, and break the rest into chunks I’ll be posting through out the week. See the whole thing as it is built here.


Linux -> replaces MacOS or Windows
my variety: Linux Mint Quiana XFCE

This one is fairly self explanatory. The version of Linux I use is called Mint, and I prefer the XFCE desktop environment, which is very light and out of the way. If you are transitioning from Windows, this is going to be a very easy experience (Ubuntu would be my other recommendation.) The reason there are multiple ‘flavors’ of Linux is simple, it’s open source. Anyone who would like to, can get at the code and develop new branches of it. If you are interested in knowing every single piece of software that runs your computer from the ground up, you should try Arch (experienced Unix operators only.)

The biggest hurdle to overcome here is the concept of Graphical User Interface installs. Though there is a component of this to any Ubuntu based variation (Mint is one of these) the real power of Linux is in learning the command line syntax. Being able to quickly open a terminal and type a few commands to get what you want is really, very powerful. The other challenge is in finding software that works ‘out of the box’ on your machine. The rest of the stuff on this list will work wonderfully, because it is designed with open source in mind, and Linux is top of that list. Most games and commercial software, however, aren’t as nice playing with Linux. Fortunately there are workarounds, like WINE, which take a little effort to set up correctly, but run most Windows programs wonderfully.


More about my stuff coming soon. Comments or questions, be sure to drop them here or connect with me on social media.

Amazon Fire Phone in hand

Amazon Fire Phone, a surprise, a warning, and a review

A couple of weeks ago I got a new Amazon Fire Phone. Due to family issues, I wasn’t able to really sit down and give it a full review until today. So here’s the review.

I really like this phone. My perspective might be a bit tainted from coming from a Galaxy S3 (from all experience I’ve heard the Galaxy line is all talk, no walk.) this phone is snappy, interesting, and just the right size. Having the five cameras facing front is a little bizarre, but makes sense when you get used to the hand movements for certain commands. I wonder if the accelerometer wouldn’t have been better for the most part in all the functionality, but I’m not that much of a mobile programmer yet, so I can’t say that authoritatively. My favorite feature with this phone is that it grabbed the LTE from MetroPCS immediately. It surprised my Metro guy, he says he nearly always has to do some back end stuff to get BYODs on the network properly. Having an S3 BYOD before this one, I can say I never got LTE with that phone. It also fits my hand much better than the S3 seems to have, though the sizes are very similar.

The lock screen is the first thing new users notice, and the 30 3D active scenes are gorgeous. They have apparent depth to them, and change perspective as you move the phone. The featured image is currently of my lock screen, and the cave walls on the right and left seem to conceal a larger cave in the back that shifts with your tilting the phone. This brings me to the warning, this phone can be very disorientating to someone who is not used to ‘forced 3D’ (I’m at home because of my time working with Blender, but the Metro guy was a little thrown off.) This is probably the biggest barrier to this phone being more than a niche / geeky phone.

Fire Phone Carousel ScreenshotOne thing you notice as a user is that this is definitely an Amazon phone. The two homescreen options are for a rotating carousel of apps (updated according to use, but modifiable to an extent) and an app list (like you would find on most phones by pulling up an app menu, but modifiable to contain ‘folders’.) My biggest gripe with this setup is the lack of ability to change the background from the dark gray scales, but more on that in a minute. I say you notice this is an Amazon phone because in the carousel you see a big picture of the app logo (which wiggles around as you tilt the phone, literally everything in the home area feels like it is floating around your movements) and then beneath it, you see suggestions of apps you might like similar to that app. This function is changed beneath relevant apps, like your email which shows you the most recent emails you’ve received. As far as I’m concerned it’s a bit of a space waster, but it might work well for some people, particularly if they have fat fingers. The carousel swipes left and right with a definite end, and apps can be ‘pinned’ to the carousel so that they appear at the far left on the homescreen. There is no way to organize them other than to pin them in order, which sucks if you get a new app you want to pin, but not at the front of the list. At the bottom of the carousel you have four quick slots to add apps that you use a lot (really only three because it is a phone, after all, and that one will always be there.) Fortunately, the OS always defaults to the last homescreen you were on, so the app menu is the one I use all the time, though it puts the four quick buttons at the top, rather than the bottom.

Amazon Fire Phone Left TrayThere are a couple of useful gestures that are available due to the cameras on the front. A quick left tilt left provides a menu on the left side of the screen, a right tilt docks it. Same for the other side. These gestures aren’t easy at first, but become second nature pretty quickly. A quick flick of the phone pulls down the ‘utilities’ menu (airplane mode, wireless, settings, bluetooth, etc.) The hard-coded default menu on the left is very Amazon: Apps (takes you to the appstore), Games (takes you to your game tray), Web (Silk web app), Music, Videos, Photos, Books (yay, all my Amazon books!), Newstand, Audiobooks, Docs, Shop, Prime (which is sorta useless based on the rest, as far as I can tell.) The tray on the right is non-customizable (seeing a theme here yet?) and provides the ‘latest updates’ including the weather, emails, alerts, calendar items, etc. These menus vary based on the app you are in.

If you are interested in browsing on this phone, don’t ever look back. The distinct lack of an ‘offscreen’ back button will be a challenge for nearly all android users. Silk isn’t a bad browser, though, and I haven’t felt a need to load anything else, which I nearly always do on mobile. The nav buttons (and many other things on the phone generally, like the bars/battery/time bar) have a tendency of disappearing until you tilt the phone to get them back. This can lead to confusion, but does provide a nicer experience with the whole screen being available when looked at face on.

Probably the coolest function of the physical buttons is the Firefly app. Hold the camera button and you get a menu that allows you to listen to music or shows and have them pulled up in the Amazon store or on IMDB (if they aren’t available in Amazon.) The prediction tech is pretty quick, and accurate as far as I have seen. It seems to work on audio only, but that works well enough in my experience with it. It even picks up shows that are ‘now airing’ like “Marvel’s Agent Carter,” or “Galavant.”

The headphones aren’t the most amazing I’ve ever used, but they are better than what I sometimes expect from ‘comes with the device.’ For that matter, the in phone speakers are loud and good enough, if a little tinny, to play music throughout my house (we were cleaning this weekend.) They are positioned on the bottom, so cases won’t cover them, though your hand might when playing.

The phone is NFC enabled, though I haven’t tried that function out yet, I’m excited about it. I have put my card into my on phone wallet, and plan on using it as soon as the program’s password protection starts working (haven’t been able to get it to pull up yet.)

The real drawback to this phone is that it is half android. Having to load apps from the Amazon store means that many of the apps are a few versions behind. The onus is on the developers to fix this, and they likely won’t as the sales from the Amazon app store aren’t as significant a portion of their business as the other two big contenders. It also means no G+ app (which I know isn’t a big deal to most people, but it is to me and other users) and no access to my google music (which is the biggest hit to me, because I have to offload everything and figure out how to upload it to Amazon.) So if you are in for this phone, you need to be in for a migration, or already have a pretty full Amazon account. Side-loading apps isn’t a big deal, but you do have to turn off the default “Use only Amazon apps” setting in the menu, thankfully it isn’t hard to find. I’ve read that you can sideload the Google apk to get the store and things, but haven’t gotten that desperate for it yet. Time will tell.

There is also no external storage, no removable back to have backup battery (though it eats next to nothing anyway), and the phone tends to run a little hot under gaming use. There’s only a little over a Gig worth of the 32GB internal storage used for the OS, so you don’t have to worry about the bloat you’ll get from time to time with other phones. The camera is pretty good, takes nice pictures, and is quick to load, which has me excited after a long stint of missing stuff with my S3. It nicely loads it’s drivers onto both Windows and Linux devices, haven’t tried my Mac yet, but I can’t see it being much different. (I think Amazon has learned from the overall Kindle experience here.)

If you are going to get this phone, remember to factor in the $90 for a year of Prime, which is credited to your current account when you purchase it. Also, realize that you have digital copies of many of the CDs that Amazon sells you on your account (I didn’t know this until I searched my music and found the Frozen soundtrack there and was baffled until I remembered that’s what my daughters have been pestering me with since Christmas.) Ting (which is a well rated mobile company) is opening to the GSM network now, so it might be a good time to try them out. My service with Metro is so vastly improved with this phone, however, that I’m probably going to stay with them for the time being.

Did I miss something you are interested in? Did this review help? Leave a comment or hit me up on one of my social networks (linked to the right.)