sudo /usr/bin/vim: Not a Good Idea

I’ve seen this configuration in /etc/sudoers before, but I wanted to explain a little more about why it is not a good idea to do this. First of all, you are editing your sudoers file with visudo, right? (RIGHT?!) If not, you should be. The reason being is that when you use visudo, it does a syntax check on the /etc/sudoers file before comitting. If you have it bunked up, it will let you know, and will allow you to fix the problem before you commit (you always want to fix before you commit). If you simply edit /etc/sudoers file, bunk up the syntax, and commit it anyway, there’s a good chance that NONE of your sudo config will work.

Now, lets get on with putting /usr/bin/vim in the sudoers file. I can see why one would do this, perhaps you have web admins that don’t use a code repository and simply make backups on the dev box and edit the configs on the machine. Probably not the best idea, but it happens everyday. You likely have a group in /etc/groups called something like “webdevs” populated with the names of your web developer accounts:

webdevs:x:599:jsmith,plawrence,ljames,mpayne

Thus, your sudoers file might have a line in it that is similar to (this assumes you have a host alias for the development web servers set to DEVWEB):

%webdevs    DEVWEB = /usr/bin/vim /docroot/index.html

This seems like an innocent thing right? I mean, how much damage can they do? You’ve locked them down to just being able to edit the index.html file in /docroot, right?

WRONG!

The funny thing about vim is that you can press the escape key, then type:

:shell

And it will drop you to a shell, and when run in sudo, it’s not just any shell, it’s a root shell. Now everyone in your webdevs group can get a root shell!

So, how do we fix this? Well, we use the program “/usr/bin/sudoedit” in place of /usr/bin/vim. Now, if the user tries the same :shell trick, it drops them to a non-elevated shell.

tl;dr:

  • Use visudo when editing /etc/sudoers
  • If users are allowed to utilize /usr/bin/vim with sudo privs, you’ve just given them a root shell
  • Use /usr/bin/sudoedit in place of /usr/bin/vim when attempting to allow users to edit privileged files

 

 

 

Double-Hopped Jamaican Hot Chocolate IPA

It’s been a while since I’ve brewed a batch of beer (or updated this blog for that matter), my kegs are empty, it’s cold outside, so what better way to spend a few hours than brewing a beer? My favorite kind of beer is an IPA. I’m a hop head and I’ve found that it’s best just to brew what you enjoy the most. I also enjoy a good spicy dish, and since a good friend of mine has recently been making his own hot sauces, I figured I would combine the two tastes in one awesome beer.

I was initially going to try to do a Habanero IPA, but my buddy convinced me to try a different style of pepper that is a little more fruity. He brought me a Red Savina and a Jamaican Hot Chocolate and asked me to smell both. After doing so, the choice was clear, I was going to use Jamaican Hot Chocolates for this recipe (however, I threw in a Red Savina because I didn’t want to see the one he cut open go to waste).

First step, steep the grains (1 lb. Caramel 20L) and make wort. Basically, just steep the grains while you are heating your water. I steep mine for ~20 minutes at 155°-160° F.

Steeping Grains
Steeping Grains

After the steeping has commenced, you will have some of your fermentable sugars in the form of wort. The rest of the fermentable sugars in my brew will from adding liquid malt extract (LME).

Wort after grains had been steeped
Wort after grains had been steeped

Hops are a funny thing. Some are for bittering, some are for aroma, and both can be altered based on how long you boil them . I have Cascade Hops for bittering and Willamette for aroma.

Beautiful Things
Beautiful Things

I added the Cascade hops (I purchased an extra bag in addition to what came with the kit) at the beginning of the boil because I want the full 60 minutes to really bring out the hoppiness of them.

Cascade Hops
Cascade Hops
All 84g of them
All 84g of them

 

After adding the hops
After adding the hops

After adding the Cascade hops and 3.3 lbs of LME, I boiled for 40 minutes. At the 40 minute mark, I added an additional 3.3 lbs LME. It was starting to look lovely. At this point, I decided to pour myself a little bourbon.

Hops & LME
Hops & LME
A little bourbon for sippin'
A little bourbon for sippin’

With 10 minutes left in the boil, I added three Jamaican Hot Chocolate Peppers and one Red Savina. They smelled absolutely awesome while boiling.

Peppers
Peppers

With 5 minutes left, I added the Willamette hops. After terminating the boil, I cooled the wort and pitched my yeast. Today, I went to check the beer to see if the yeast was doing its thing yet, and sure enough, she was bubblin’.

Bubblin'
Bubblin’

A month from now, I’ll get to see how it turns out. A friend made a good point about the peppers: “If it’s not good for drinking, it will make excellent beer cheese.”

Now we wait.
Now we wait.

Let’s hope I don’t end up making 5 gallons of beer cheese.

 

Moving VMs in VMware Fusion

I ran into an issue with my VMware Fusion implementation where I needed to move my VMs off of my local hard drive and on to an external drive. I am currently running a single SSD in my laptop, and as you know, SSD storage ain’t cheap. The VMs are just test machines, so I am willing to take the performance hit. If you are running into the same issue, or just want to know how to safely move your VMs to a new disk, follow this (hopefully) simple guide:

1. Turn off your VM! This means to shut down your VM completely, even if it’s in a current state of suspension. You could probably just save state and be ok, but it’s better than to be safe than sorry.

2. Find your VM bundle. This is relatively simple. With VMware Fusion as the active application, select Window > Virtual Machine Library. Then Ctrl-Click your VM and select Show in Finder (it’s most likely in /Users/<your name>/Virtual Machines).

3. Drag and drop, it’s that easy, kinda… Ya see, Mac’s default action is to copy. To move, like we want to do, hold the Command key while you drag and drop. Your dialog box should say “Moving “<your vm name>” to “<new location>”.

4. Completing the process. After the file move process is complete, you are gonna want to start your VM. To do this, with the Fusion app active, click File > Open… and select your VM in its new location. When VMware asks you if you moved or copied the file, tell it that you moved it. If you tell Fusion that you copied the VM, it will generate a new UUID and MAC address, which can cause configuration problems.

5. Clean up. I like to tidy up after myself in my projects, and I’m going to assume you are no different. Now that your newly moved VM is up and running (you started it to make sure it works, right?), you’re gonna want to remove the old one. With the Fusion app active, click Window > Virtual Machine Library and simply two-finger (right click) the old VM shell and delete it.

That’s it! Now you have reclaimed some of your HD space for more important things, like cat photos.

Fixing Stuck Pixels on an LCD TV

I recently noticed that a column of pixels on my TV was becoming more and more noticeable. I did some research and it appeared that a column of pixels was simply “stuck.” I stumbled upon UDPixel and figured I would give it a shot, as the alternative is to purchase a new TV. It works by flashing the primary RGB colors as well as white and black. I ran it for about 2 minutes and it seemingly fixed the problem.

 

Check it out: http://udpix.free.fr/index.php?p=dl

Charter Filters MAC Addresses

A couple of days ago I noticed that my internet was no longer working. I tried to ping 4.2.2.2 with no avail. My network setup consists of a Motorola Surfboard Cable Modem and a Netgear WNR3500L Wireless-N router. I connected my laptop directly to the cable modem and it worked perfectly. I thought that perhaps it was just a power-cycle issue, so I connected the router back to the cable modem and rebooted both. Still, no internet access from the wireless network.

I did a little more digging and found that the cable modem wasn’t assigning the wireless router an IP address, yet if I plugged my laptop directly in to the modem, DHCP worked flawlessly. It then dawned on me that perhaps Charter was doing some type of MAC address filtering to determine which devices to authorize DHCP to use.

MAC (media access control) addresses are the physical address of network cards, both wired and wireless. The first three octets of the MAC address specify the manufacturer of the network card. This allows Charter to differentiate between a wireless router and a laptop computer.

If you are having this issue, there is an easy fix. First, determine the MAC address of your wired connection. If you are on a Windows machine, open a command prompt and type “ipconfig /all”. You will get the following prompt:

The MAC address is the line that says “Physical Address.”

If you are on an Apple/Mac computer, open a terminal window and type “ifconfig”. The local wired connection is en0. The MAC address is the field that says “ether”:

Next, log on to your router and determine where you can set the MAC address, it will look something like this:

Input your physical MAC address and apply your settings. After that, you should be able to obtain an IP.

The only reason I suspect Charter does this is to force you to buy their “Wireless” bundle.

Boxer is Awesome

Hey, do you remember your childhood? What’s the one thing you remember when it comes to computers? To me, it was Doom. I have longed to play Doom again and go through every level, and today I finally found a convenient way to do so: Boxer.

Ya see, Boxer is built on DosBOX and it is so simple to use, my mom could do it. Here’s how it works. First, you’re going to want to download it. After you unzip and install, you are presented with this screen:

Click on “Import a new game” and you get this easy to use context. Really, all you do is drag and drop.

After it runs your setup utility, you are presented with a nice library of your games. What does my library look like? Well, I had to go with all the games I played non-stop during my childhood…

I still need to get a couple from my old collection, such as Kings Quest, Return to Zork, and Myst. Do yourself a favor, get all nostalgic and install Boxer. It’s a great application.

Update: Facebook Chat for Pidgin

I got a comment from a user claiming that the Facebook chat fix I posted earlier no longer works. I downloaded the latest version, 2.7.11, and got to configuring.

First, in your buddy list window, select Accounts > Manage Accounts (Ctrl+A), then click Add…

Next, select Facebook Chat (XMPP) and make your configuration match the one below, using your username. If you are confused on this, your Facebook username is whatever comes after the / in your Facebook URL. For example, mine is www.facebook.com/kylebubp so my username is kylebubp. If you aren’t sure what your username is, login to Facebook and click on Profile in the top right. Your URL will be displayed in your address bar.

Next, click on the Advanced tab. Make your settings match these:

That’s it. Click add and you should be good to go. If you need assistance, comment and I will email or reply in the comments.