Sunday 4 September 2011

Markdown in Blogger

I'd been avoiding blogger for while because I like neither wysiwyg
editors nor raw HTML.  I find wysiwyg annoying because I never know
what the editor is doing and what sort of weird codes it is inserting
which will come back and bite me later.  I find HTML has a horrible
authoring user experience: it is way too easy to forget to close some
tags and end up with non-conforming HTML.

I have been a fan of
[Markdown]( for many
years. I find its light weight mark up to be very good for authoring
content.  Wordpress has long supported markdown but it wasn't right
for me: the free hosted service couldn't support vanity
domains properly (and doesn't include the markdown plug in); I don't
write enough in my blog to justify paying for hosted Wordpress; and I
didn't fancy running my own web server with Wordpress (and its
security updates).  What I really wanted was Markdown support in
Blogger which offered free hosted blogs with support for vanity

My investigations into existing options found solutions which only
really solved the problem for post creation rather than authoring in
general which includes editing.  Typically, they were along the lines

  1. write blog post in markdown
  2. convert (and save) as HTML
  3. publish.

The problem now is that the post is in its converted form which means
you cannot edit the post in its original markdown syntax any more.

Instead, I decided to "roll my own" (well, reuse what exists out there
to do it my way).  The basic idea is:

   1. write and save post in markdown syntax between `pre` tags
   2. convert markdown syntax on the client-side using a javascript
      markdown implementation.

Now, if you happened to be using a browser that doesn't support
javascript, at worst you'd have an unrendered post in markdown syntax
which thankfully is quite readable already.

Fortunately, most of the hard work had already been done by
which is a javascript port of a markdown.  I just took showdown and
plumbed it together with some more javascript which

   1. finds `pre` elements marked with `class='markdown'`
   2. call showdown to convert their contents into html and inject
      that back into the post inside a `div`.

It was a actually a bit trickier than I had first thought.  I'd had to
fight to check it worked in a reasonably recent version of IE which
always seemed to behave differently from the other browsers (Chrome,
Safari and Firefox).  I also fell into some weird javascript holes
(yeah, my javascript-fu mostly sucks).

The result is a .js file which you use by adding one `script` tag to
your Blog template.  It's still work in progress so I'll hold off
sharing the code (properly) until I think it's ready.

There is one major caveat.  Though I am now freed from the tyranny of
angle brackets and matching open and close tags, I still have to make
sure I escape special characters such as <, > and
& since the content of the `pre` tag still has to be html.

This article is written in markdown.  What do you think?

I hate capslock

Update 4.ix.2011: I'd originally written this in April 2006 but it
appears the following instructions still work in Windows 7.

The standard UK and US 102-ish keyboard layouts annoy me: the capslock
is in the wrong place.

I used to swap the capslock and the left control key, but this usually
caused problems whenever someone else tried to use my computer,
because they'd inevitably hit the key labelled "Ctrl" and end up
turning on capslock.  Eventually, I finally accepted that I _never_
use capslock (well, maybe once a year - max!) and now use three
control keys (i.e. the two standard ones, plus the key which is marked
"capslock").  Note: don't do this if you're a FORTRAN77 programmer AND

In Windows 2000 and XP, there's a feature called the [Scan Code Mapper
which allows you to remap keys.

You can either try to understand the scan code mapper by reading the
page linked above, or just believe that I did it once, trust me and
paste the following lines into a file `ihatecapslock.reg` (or
something similarly imaginative), and then run it through the Windows
Explorer interface.

    ; make capslock key another control key
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]
    "Scancode Map"=hex:00,00,00,00,00,00,00,00,02,00,00,00,1d,00,3a,00,00,00,00,00

If you ever want to scrub your scan code map, i.e. return your
keyboard settings back to the factory default, paste the following
into a file called `resetscanmap.reg` and use it analogously:

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout]

You will have to reboot your PC for the scan code mapper to notice the
registry changes (log-out/-in might be enough to do it too).

Saturday 13 August 2011

How to use Google Authenticator in Debian Wheezy

Google have [released a PAM for the Google
which can use used together with its mobile app to provide two-step
authentication for linux-based systems.

Note that this uses the same mobile app as for [2-step
which you may already use for GMail and other Google Apps.

This document describes how to set up two-step authentication using
the Google Authenticator PAM on a Debian Wheezy system.  It should be
possible to modify these instructions for other linux variants and
older versions of Debian linux but Wheezy is convenient since there is
already a `libpam-google-authenticator` package.

## Installation on the phone

If you are using Android, install the [Google Authenticator App from

Google Authenticator is available for other platforms too.  It's
currently available for iOS and Blackberry.  See the
project page for apps for other mobile platforms.

## Installation on the server

Tip: before you start tinkering with pam settings for ssh, make sure
you have an alternative way into your system, such as a serial console
or a keyboard+monitor.  I.e. if your machine is in some remote
colocation facility and all you have is ssh access, you should be
pretty confident you know what you are doing.

Install the Google Authenticator package

    sudo apt-get install libpam-google-authenticator

Generate a key and the emergency login codes. (Each user needs to do
this and after you have enabled the PAM, those users who have not
generated a key will not be able to log in any more.)


This will print a QR code in your ANSI terminal.  Scan this QR code
using the mobile app to send the secret to the App on your phone.

It will also list six emergency login codes which can be used in case
you do not have your phone available.  Keep a hard copy of these codes
in a safe place such as your wallet.

Create a `/etc/security/access-local.conf` to allow connections from
subnet (edit to suit) to skip the two-step code:

    cat <<EOF | sudo tee /etc/security/access-local.conf
    # only allow from local IP range
    + : ALL : LOCAL
    + : ALL : ${LOCAL_SUBNET}
    - : ALL : ALL

Edit `/etc/pam.d/ssh` by appending two `auth` lines to the end of the

    cat <<EOF | sudo tee -a /etc/pam.d/ssh
    # skip one-time password if logging in from the local network
    auth [success=1 default=ignore] accessfile=/etc/security/access-local.conf
    auth required

If you want two-step authentication for _all_ ssh connections no
matter the source IP address, you only need the last `auth` line from
above (and you can skip creating the `/etc/security/local-access.conf`

Finally, make sure in `/etc/ssh/sshd_config` the following is enabled

    ChallengeResponseAuthentication yes

This was `no` on my freshly installed Wheezy system.

## Further information

   * [Google Authenticator project page on Google
   * [PAM Installation