Amo Probos

It's been over two years since the bug was opened and the SSH agent built into gnome-keyring still does not support constrained identities, particularly the confirmation constraint.

If you are forwarding your SSH agent connection through an intermediate (or bastion) host and the intermediate host is compromised (or has an untrustworthy admin), your forwarded agent connection could be hijacked and your key could be used to access other hosts without your knowledge.  Therefore, when forwarding an SSH agent, it's important that your agent asks for confirmation before the key is used.  That way you will be alerted if your agent is used by someone else to access your key.

Because the SSH agent component in gnome-keyring does not support confirmation dialogs, it should be disabled if you want to use SSH keys in this way.  In order to do that, you must use gconf:

$ gconftool-2 --set -t bool /apps/gnome-keyring/daemon-components/ssh false

If that were the only bug in GNOME, the ssh-agent from openssh would take over on your next login and everything would be fine.  However, if you have seahorse-plugins installed (you probably do), you'll run into this bug.  The Xsession script provided by seahorse-plugins abuses a variable that is supposed to be available to all Xsession scripts, and in doing so, prevents ssh-agent from running.  You could edit the file to fix it, but it's perhaps better to just add another file that undoes the damage.  As root:

# cat > /etc/X11/Xsession.d/60seahorse-plugins-fix <<EOF
# This file is sourced by Xsession(5), not executed.
OPTIONS=$(cat "$OPTIONFILE") || true
EOF

Once that is done, you can add "/usr/bin/ssh-add -c" to your gnome startup items.

The Yubikey is an authentication key suitable for use in multi-factor systems and is significantly cheaper and easier to work with than other hardware authentication keys.  The authentication server and several clients (including PAM) are available as Free Software.

The device presents itself to the host as a USB keyboard, and when you press (short or long -- it has two memory slots) the button (it's capacitive -- no moving parts) it "types" the authentication token.  This is very convenient, as long as your system and the Yubikey agree on the keyboard layout.

If you have a Dvorak keyboard, that is unlikely to be the case.  As of x.org 1.8 it is easy to use a Yubikey with a Dvorak keyboard by adding a section to your xorg.conf.  Of course, you might not have an xorg.conf anymore since almost everything is autodetected, but it's still supported for those exceptional cases like this.  The following instructs X to use the "basic" keyboard variant ("dvorak" is a variant) when the Yubikey is inserted.

Section "InputClass"
  Identifier      "yubikey"
  MatchIsKeyboard "on"
  MatchVendor     "Yubico"
  MatchProduct    "Yubico Yubikey II"
  Driver          "evdev"
  Option          "XkbRules" "evdev"
  Option          "XkbModel" "pc105"
  Option          "XkbLayout" "us"
  Option          "XkbVariant" "basic"
EndSection

Update: Just don't leave it plugged in when X first starts.

If you ever see this chuckwagon, eat there.

They have some of the best barbecue I've ever had.  Ever.

The sign appears to say "BBQ Ribs".  But look closer, it's two signs. "BBQ".  "Ribs".  They serve all kinds, including pulled pork.  Oh, and the sweet tea is just right.

You can see the smoker hanging off the back of the wagon, and they haul the whole thing behind the truck (plus camper) visible on the left.

They operate out of Colorado, traveling around to festivals, dog shows, and other events during warm weather (it's not a cold-weather wagon).  We encountered them in Moab, Utah, setting up for Jeep Safari week (just as we were getting out of town).  On our way out we must have seen hundreds of Jeeps on the highway (many being towed) heading the other direction.

I just published ExiFilm, a suite of programs that I use with my large format film workflow, under the GPLv3.

When I'm shooting in the field I carry around a notepad of exposure record forms where I record subject information, luminosity, camera geometry, exposure values, and other notes.  This form is included in ExiFilm as a PostScript document.

I scan all of my film at a moderate resolution to JPEG files for digital light-table purposes.  It's convenient to have the notes that I took while shooting available with the files, and what better place to store them than in the files themselves.  The program ExiFilm is used to enter that information and add to the EXIF tags of the files.

I keep the original sheet film in a three ring binder, so to make the same information conveniently accessible with the film, the package includes a program that sets the metadata in the exposure record form and produces PostScript output of four exposure forms that I bind in right behind their corresponding sheet film.

From the README:

ExiFilm is a suite of programs that can be used to annotate digital images with information about the film exposure used to create them. In particular, it is designed for use with large format film cameras where the photographer may then scan the film to create a digital copy for a library or for digital processing.

By storing the exposure metadata in EXIF tags of scanned images, the photographer can have electronic access to the same information contained in the written record from the field from within an image viewer.  Further processing of the data can be done without the need to store the metadata in a separate database.

THE PROGRAMS:

The file "lfrecord.ps" is a PostScript file that can be printed on US letter paper (or other sizes).  It is a single page of four exposure record forms design for large format photography.  The author trims the four forms and binds them together as a notepad to take into the field.  The PostScript program is hand-written and can be altered fairly easily.

The Python program "exifilm.py" provides a data entry screen similar to the form in "lfrecord.ps".  It takes an optional argument of a path to a directory with JPEG image files.  It will provide a drop-down list of JPEG files in the directory, and selecting one of the files will load the EXIF information from that file.  In this way it allows the user to quickly enter metadata for a number of scanned film images.  The metadata are saved immediately upon loading a new file or exiting the program.

The Python program "printrecord.py" loads the metadata previously entered with "exifilm.py" and produces pages similar to those in "lfrecord.ps" with the metadata typeset into the fields.  The resulting file may then be printed and bound into a photo archive with the original film.  Example usage:

  python printrecord.py /path/to/images 1 16 | lpr

Produces four pages of output including the metadata for image IDs 1 through 16.

It wasn't that long ago that "tea" meant "hot tea" everywhere except the South, where it means "sweet iced tea", or just "sweet tea".  As iced tea becomes more popular, we're now fortunate enough to have some potential for confusion when we order "tea" outside of the South.  Though I still await the day when I can order sweet tea at a California restaurant (along with all the other wonderful preparations of tea to be had).

As a transplanted southerner, I've found that I am making sweet tea in California far more often than in North Carolina.  With kitchen space at a premium, I have eschewed the single-purpose kitchen tool, the iced tea machine, and I make mine with a saucepan.  In the South, many people are accustomed to dumping most of the ice from their automatic ice maker's bin into half a gallon of tea.  I don't have an automatic ice maker, so I experimented to find the most efficient way to make iced tea.

After brewing tea bags in varying amounts of water, I observed that beyond a certain point, the amount of water and the time that the tea bags remain in the water no longer have an affect on the strength of the resulting tea.  This is in contrast to green tea which continues to get stronger the longer it steeps, and indeed, is often better in second or later brewings.

That's good news for efficient tea brewers.  That means we can use a relatively small amount of water to brew the tea, and then quench it with our single tray of ice cubes and a bunch of cold water to bring it to refrigerator temperature.

Boil 4 cups of water.  Steep 14 Lipton tea bags for 5 minutes.  Add 4/3 cups of sugar.  Maybe less.  Maybe more.  Stir until the tea is clear again.  Observe the amazing deep color of the liquid, and muse on why it's called "red tea" instead of "black tea" in China.  Drop in most of a tray of ice cubes, add water to bring it up to 1 gallon, and add the remaining ice cubes.

You're on your own if you want to use Luzianne.