denyhosts: remove!

Anyone of you using denyhosts? It works quite well, but I regularly need to remove some false positives. Manually. And that sucks.

Manually removing an IP

To remove a false positive you need to remove the IP from the following files:

  • /etc/hosts.deny
  • $DENYHOSTS/hosts
  • $DENYHOSTS/hosts-restricted
  • $DENYHOSTS/hosts-root
  • $DENYHOSTS/hosts-valid
  • $DENYHOSTS/users-hosts

with $DENYHOSTS being the working directory of denyhosts, in Debian’s case it is /var/lib/denyhosts/. Open every file, search for $IP, remove the line. As soon as you have a few users that do not get used to using SSH keys this workaround gets annoying quite quick..

Fortunately, there are scripts!

The scripty way

Here is the script:


if [ -z "$1" ]
    echo "give me an ip"
    exit 1

echo Removing $1 from denyhosts tables
IP=`echo $1 | sed 's/\./\\\\./g'`
service denyhosts stop
eval "sed -i /$IP/d /etc/hosts.deny"
eval "sed -i /$IP/d ${WORK_DIR}hosts"
eval "sed -i /$IP/d ${WORK_DIR}hosts-restricted"
eval "sed -i /$IP/d ${WORK_DIR}hosts-root"
eval "sed -i /$IP/d ${WORK_DIR}hosts-valid"
eval "sed -i /$IP/d ${WORK_DIR}users-hosts"
service denyhosts start

Just call it passing the IP address as an argument. Also available as bf-denyhosts-remove from my apt repo.

You’re welcome :)

node? No such file or directory..

I just wanted to install some software that uses NodeJS, but that failed with the following error:

/usr/bin/env: node: No such file or directory

I’ve been sure I installed NodeJS from the repository, so I had a look at the build script of the software that I was about to install. It started with:

#!/usr/bin/env node

As I just discovered, the debian package providing NodeJS installs the binary as:

$ dpkg -L nodejs

You see, on my system the NodeJS binary is called nodjs, not node (as assumed by the tool I wanted to install). Easy to work around this problem: Just create a link to nodejs and call it node:

ln -s /usr/bin/nodejs /usr/local/bin/node

I installed the link to /usr/local/bin/node because that’s also in my $PATH and won’t conflict with other software that might provide /usr/bin/node..

Useful git stuff


Configure some stuff before you can get started:

# which name do you want to see in your commits?
git config --global "Martin Scharm"

# which email do you want to use
git config --global martin@dev

# tell git which gpg key to use by default
git config --global user.signingkey E81BC3078D2DD9BD

# always push all branches and all tags
git config --global --add remote.origin.push '+refs/heads/*:refs/heads/*'
git config --global --add remote.origin.push '+refs/tags/*:refs/tags/*'


Global aliases are stored in ~/.gitconfig. I’m using the following aliases:

# beautify the log: list actions of last 14 days in a tree like view
git config --global alias.lg "log --all --pretty=format:'%x09%C(bold blue)%an%Creset%x09%Cred%h%Creset %Cgreen%ad%Creset%x09%s%d' --graph --date=short  --since='14 days ago'"

# search for a particular thing in the history
git config --global "log --all --pretty=format:'%x09%C(bold blue)%an%Creset%x09%Cred%h%Creset %Cgreen%ad%Creset%x09%s%d' --graph --date=short -m -i -G"

# shortcut for the status
git config --global alias.s "status -s"

# shortcut for commiting
git config --global alias.c "commit -a"

# shortcut for checkout
git config --global "checkout"

# shortcut for checkout
git config --global "checkout"

# shortcut for pulling and pushing
git config --global alias.d "pull origin --all --tags"
git config --global alias.u "push origin --all --tags"

# diff two commits using meld
git config --global alias.meld "difftool -d -t meld"

# show ignored files
git config --global alias.i "clean -ndX"

Jump around the git tree

  • HEAD always points to you current position in the tree.
  • You can always checkout old commits or branches using git checkout XXX, with XXX being a commit hash or a branch name
  • Branch names are pointers to commits. If you’ve checked out a branch and do a commit the branch pointer will move on to your new commit.
  • You can address commits relatively using ^ (go one up in tree) and ~X (go X up in tree), eg.
    • git checkout master~2 Makefile checkout the file Makefile from the second last commit before master
    • git checkout master^^ get the third last commit on branch master

Move a branch

If you want the branch mybranch to point to target you just need to call the following command:

git branch -f mybranch target

You forced mybranch to point to target. target may be a commit hash or a branch name (any ref git can resolve into a commit).

Track down a bug using cherry-pick

Let’s assume you have a history such as

master: init -> c1 -> ... -> c6

and you discovered a bug in commit c6, you would probably intruduce a lot of echos/prinlns/etc to detect the bug. Afterwars you need to get rid of all these debugging things and commit just the fix.

But it’s ways easier using cherry-pick. Just create a bugfix branch. Do all your debugging stuff in there, find the bug and do another commit (commits db1 to db3). Finally, fix the bug and commit it with db4:

master: init -> c1 -> ... -> c6
bugfix*:                       db1 -> db2 -> db3 -> db4
                                ^add echo/println    ^bug fixed

You can then simply checkout the master and use cherry-pick to append the commit db4 to it, which fixes the bug in the master branch without all the debugging stuff. Git’s cherry-pick will apply commits from anywhere in the tree onto HEAD (as long as that commit isn’t an ancestor of HEAD). Here are the git commands:

git checkout master
git cherry-pick db4

And your final graph would look like:

master*: init -> c1 -> ... -> c6 ------------------------> db4'
                               \                        /
                                \                      /
bugfix:                         db1 -> db2 -> db3 -> db4
                                 ^add echo/println    ^bug fixed

Of course, your commit hashes are a bit more complex than c6 and db4, but I hope you got the idea :)

Modifying an old commit

Let’s assume you have a history such as

master: c4 -> c5 -> c6

and you forgot to do something in c5. Then you can reorder the last two commits using git rebase -i HEAD^^ --aboveAll to receive the following:

master: c4 -> c6 -> c5

now change the last commit using git commit --amend and you’ll end up with:

master: c4 -> c6 -> c5'

Finally, just reorder the last two commits using git rebase -i HEAD^^ --aboveAll:

master: c4 -> c5' -> c6

You can achieve the same with less reordering using git’s cherry-pick. Just checkout the commit c to modify and modify it to c' (using --amend). Afterwards, you can cherry-pick all commits that came after c.

Further Resources

  • Learn about branching/merging/rebasing/detaching/etc in an interactive tutorial from pcottle.
  • Learn about undoing things in git, including redoing a commit, resetting a git add and unmodifying a file.

Goodmorning jekyll!

As you can see, I left WordPress and moved to jekyll! Even if I really like the name, discarding WordPress was on my schedule for quite some time.

Why leaving?

The main reasons for leaving WordPress:

  • I always wanted to get rid of the whole overhead: admin interface, database connection, all the javascript stuff that slows the browser… All not necessary for just publishing some words…
  • I do not like software that calls home without asking me. Sure, it’s convenient for some people, but I hate such a behavior. And it makes me skeptic. No idea what is transferred exactly, but I’m almost sure they have my mail address..

There are some more reasons, but those two were sufficient to make me move.

Where to go?

Recently, Micha pointed me to jekyll. Jekyll is a software to generate websites. You can simply write your stuff using MarkDown and jekyll will build your page. Jekyll is really very simple. The generated page is static. And Jekyll is blog-aware.

I of course had a look at some other static-page-generators, but jekyll indeed seems to be the most convenient (and maybe sophisticated?) software.

But how?

Basically, building a jekyll blog is dead easy.

Install jekyll

You need to have ruby and ruby-dev installed, the just call:

gem install jekyll

Not you can create a new website using

jekyll new my-site

And you’ll find a directory structure as explained on their website. You can also just clone a git repository to get a start. There are also plenty of themes out there.

Start publishing

A bit trickier than installing: You need to think.. ;-)

Posts go to _posts and should always be named They always have a preamble (so-called front matter) which looks like:

layout: post
title: Your title goes here.

But that’s it. Now you can start writing. Read more about posting.

Pages just live in the root of your jekyll instance. They will just be copy-translated. Thus, if you create a file about.html in the root jekyll will just translate included markdown and then copies it to

But how2?

Yes, of course, I didn’t want to start from scratch. So I was looking for tools to convert my WordPress stuff to markdown for jekyll. That was more or less successfull. There are tons of approaches. But non of them really met my needs. So I decided to extend on of those and forked a php-based wordpress-to-jekyll converted from davidwinter.

After a few commits the converter now exports posts, pages, and comments. It also distinguishes between published and draft. And downloads the attachments. Just give it a try and tell me if you experience any trouble.


You’re right. Comments on a static page is a bit contradictory. But not impossible.. ;-)
I saw some blogs using the crap of Disqus and Facebook and stuff. Not my world, obviously..

But there is also a static comment pluglin for jekyll. I forked it to implement my changes. I do not need the PHP stuff, to submit a comment for my blog you can use one of the following three options. I will then decide whether I’m going to include the comment in my blog. I guess that is the ultimate way to fight Spam..

Submit a comment

  • Send me an email with your comment. Do not forget to mention the article you want to comment. And optionally include a website and a name to sign the comment.
  • I am maintaining a feedback site. It is meant to receive feedback in general, for presentations, for my work, code, for the coffee that I serve to guests. Stuff, precisely. It is also available through the TOR network, so you can make sure you’re really anonymously. You can use this website to also create comments. Every page contains a link submit a comment through the feedback page, which brings you to that page. Just make sure to mention the article, and if you want me to give you the credits also add include your name and a mail address; and optionally a website.
  • You can simply fork the blog’s repository and create a comment yourself in the _comments directory. Just have a look at the other comments. Send me a pull request and I’ll have a look at it :)


Converting images from WordPress was a bit trickier. There they use code similar to this:

[caption id="attachment_XXX" align="alignXXX" width="XXX" caption="XXX"]<a href="XXX"><img src="XXX" alt="XXX" title="XXX" width="XXX" height="XXX" class="size-thumbnail wp-image-XXX" /></a> XXX[/caption]

However, in jekyll you do not have the whole environment by default. After some searching I stumbled across a solution. Eventually, my wordpress-to-jekyll converter substitues these environments with

{ % include image.html align="alignXXX" url="XXX" img="XXX" title="XXX" caption="XXX" % }

and _includes/image.html (see GitHub) creates something that’s similar to the caption environment of WordPress. Some more CSS and everything worked like a charm! :)

I think that’s it for the moment. Moving to jekyll was not that difficult. And I now have a static website that’s hopefully changing from time to time…

Suspend and Resume Aircrack sessions

The aircrack tool unfortunately does not have a suspend or pause mechanism, thus as soon as you stop it you need to start again from the very beginning. Of course, you may manually adjust the dictionary, but that’s tedious and “error prone”.. ;-)

Lucky us, there is john the ripper to give us a hand. John knows about sessions. Just start a run which prints the words in the dictionary one after the other:

john --session=somename --stdout --wordlist=dictionary

Stop the run at any point in time using e.g. Ctrl+c and john will store the information about the session. Just return the session with --restore:

john --restore=somename

and john will continue from where it was stopped.

To make aircrack read the words from stdin use -w -. A typical run might look like

# start john
john --session=somename --stdout --wordlist=dictionary | aircrack-ng -w - handshake.cap -b 01:12:23:34:45:56
# kill the run
# restart from where is was stopped
john --restore=somename | aircrack-ng -w - handshake.cap -b 01:12:23:34:45:56

gem installation fails? update gcc!

Just wanted to install a ruby package using gem. However, I’m not a ruby dev and it took me a while to work around a certain problem with gem..

I wanted to install the Effing Package Management:

% gem install fpm
Building native extensions.  This could take a while...
ERROR:  Error installing fpm:
        ERROR: Failed to build gem native extension.

    /usr/bin/ruby2.1 extconf.rb
*** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers.  Check the mkmf.log file for more details.  You may
need configuration options.

Provided configuration options:
/usr/lib/ruby/2.1.0/mkmf.rb:456:in `try_do': The compiler failed to generate an executable file. (RuntimeError)
You have to install development tools first.
        from /usr/lib/ruby/2.1.0/mkmf.rb:541:in `try_link0'
        from /usr/lib/ruby/2.1.0/mkmf.rb:556:in `try_link'
        from /usr/lib/ruby/2.1.0/mkmf.rb:642:in `block in try_ldflags'
        from /usr/lib/ruby/2.1.0/mkmf.rb:635:in `with_ldflags'
        from /usr/lib/ruby/2.1.0/mkmf.rb:641:in `try_ldflags'
        from /usr/lib/ruby/2.1.0/mkmf.rb:1762:in `pkg_config'
        from extconf.rb:15:in `<main>'

extconf failed, exit code 1

Gem files will remain installed in /var/lib/gems/2.1.0/gems/ffi-1.9.6 for inspection.
Results logged to /var/lib/gems/2.1.0/extensions/x86_64-linux/2.1.0/ffi-1.9.6/gem_make.out

Especially line 35 drove me insane: You have to install development tools first. That made me think I need to install more *-dev stuff. Took me some time to find out that there was a problem with gcc! Turns out that gcc version 4.8.3 (Debian 4.8.3-13) (gcc -v) wasn’t able to build the package for me. So I installed gcc version 4.9.1 (Debian 4.9.1-19) and everything worked like a charm. :)

Web Screenshots. W/O browser!

Just discovered a nice way to take screenshots of web sites from the command line! No browser needed. Cool.

The tool I’d like to advertise is called gnome-web-photo :

aptitude install gnome-web-photo

For instance. To take generate an image of my website just call:

gnome-web-photo --timeout=60  binfalse.png

Just take a look at binfalse.png to examine the result. I obtained a 1024x6334 image. I guess the main use case is to generate some kind of preview/thumbnail. To get a thumbnail simply add --mode=thumbnail :

gnome-web-photo --timeout=60 --mode=thumbnail  binfalse-thumb.png

Afaik, there is no option to generate a larger thumb, but you could just pass --width= without the --mode=thumbnail . And then crop the pic yourself (e.g. using imagemagick). However, you need to run X and you need to have GTK, if I understand correctly. Nevertheless, I like that solution.

Record Stream Using VLC

I just needed to record a video stream. Usually, I use mplayer for these kinds of jobs, but this time it failed. However, on the internet I found a way to do it using VLC, which apparently has quite a command line interface.

This comment revealed that the VLC media player comes with some command line magic. Of course, not much is documented in the man page, but the user guide on their website seems to be useful.

Long story short, I ended up with the following command to save the stream http://STREAM.mp4 to /tmp/file.mkv :

vlc http://STREAM.mp4 --sout="#std{access=file,mux=mkv,dst='/tmp/file.mkv'}" vlc://quit


For the records, here are some alternatives:

# using mplayer
mplayer -dumpstream http://STREAM.mp4 -dumpfile /tmp/file.mp4
# using ffmpeg
ffmpeg -i http://STREAM.mp4 -acodec copy -vcodec copy /tmp/file.mp4

New GPG Key

It was time to finally replace my old GPG key. I created the key in 2008 and from today’s perspective a 1024 bit DSA key is really weak. Thus, today I decided to move to a new key and created a 4096 bit RSA key.

My old key was

pub   1024D/446DB306 2008-07-15 [expires: 2017-07-13]
      Key fingerprint = 0E75 62A5 405E 65B1 B477  4215 D9B3 5173 446D B306

And the new key is:

pub   4096R/8D2DD9BD 2014-01-15 [expires: 2019-01-14]
      Key fingerprint = 08E6 6E72 A83A 9871 CD49  3441 E81B C307 8D2D D9BD

For those of you who already trust my old key I created a transition note which is signed by both my old and my new key.

To import my new key to your key chain you can use the following command:

gpg --keyserver --recv-key 8D2DD9BD

The new key is already signed by the old key. Those of you trusting my old key may verify the signature using:

gpg --check-sigs 8D2DD9BD

To sign the new key execute the following command:

gpg --sign-key 8D2DD9BD

And it would be nice if you upload the signed to one of the key servers:

gpg --keyserver --send-key 8D2DD9BD

You are of course free to give me a call in order to verify the fingerprint ;-)

Gajim idling error

Just stumbled upon a small bug in Debian’s version of Gajim (0.15.4-2 – currently in testing and sid).

The following error occurs when Gajim starts to idle:

Traceback (most recent call last):
  File "/usr/share/gajim/src/common/xmpp/", line 533, in _process_events
    return IdleQueue._process_events(self, fd, flags)
  File "/usr/share/gajim/src/common/xmpp/", line 394, in _process_events
  File "/usr/share/gajim/src/common/xmpp/", line 420, in pollin
  File "/usr/share/gajim/src/common/xmpp/", line 606, in _do_receive
  File "/usr/share/gajim/src/common/xmpp/", line 620, in _on_receive
  File "/usr/share/gajim/src/common/xmpp/", line 488, in dispatch
    handler['func'](session, stanza)
  File "/usr/share/gajim/src/common/", line 2009, in _StreamCB
    conn=self, stanza=obj))
NameError: global name 'obj' is not defined

This results in a dis- and a subsequent reconnection. As the traceback already suggests the error can be found in /usr/share/gajim/src/common/ on line 2009. This is the corresponding function:

def _StreamCB(self, con, iq_obj):
            conn=self, stanza=obj))

Obviously, there is no variable obj : The passed argument is called iq_obj … To fix that mistake just substitute the function definition with (replace iq_objobj in line 2006):

def _StreamCB(self, con, obj):
            conn=self, stanza=obj))

This bug is already fixed in their repository (13861:239ec662de5a). Thus, this article is mainly for people not familiar with python/programming, who need a quick fix. (wasn’t able to find something on the Internet)

Btw. I’m not sure why, but this error just affected one of my four machines which are running Gajim.