sudoedit.com!

Just some guy on the internet.

author: “Luke Rawlins” date: “2023-10-30” title: Look Mom! I'm doing Emacs! description: “I've crossed over to the dark side, and started using Emacs.” url: /learning-Emacs/ tags: – Emacs

Where do I turn in my vim card?

Every so often I get a wild hair up my ass and decide that I want to learn Emacs. A couple weeks ago one of those hairs appeared, and as a result here I am writing a blog post about Emacs, with Emacs, for people who will probably never use Emacs.

Doom Emacs to be exact.

I can't be bothered to learn all the crazy Emacs keyboard bindings, truth be told I'm too old and lazy to put my fragile little pinky fingers through the torture required to become effecient with the default key bindings.

Instead, I've been using Doom Emacs, which is a little bit like Spacemacs but less popular.

Doom Emacs being less popular was important to me. This way I can keep my street cred even after handing over my Vim card.

Doom Emacs has a lot of benifits over the vanilla version of Emacs. Most notibly (like Spacemacs) it has a very discoverable interface that can be explored through the menu that appears when you hit the space bar.

I found the configuration files to be a little more understandable in Doom over Spacemacs. Beyond that I think the Doom Emacs spacebar menu is a little more responsive with a bit easier navigation.

Try them both out and see what you think. Or don't...

I really need to tell you about orgmode!

But I'm not going to right now because I've done about all the writting I can do for the moment.

What I will say is this. From what I can tell every note taking app on earth really really wants to be Emacs Orgmode, but they just can't seem to get it right.

author: “Luke Rawlins” date: “2023-10-28” title: Ohio's issue one description: “Ohio's issue one abortion law” url: /ohio-abortion-law/ tags: – opinion

I've lived in Ohio my entire life. Growing up in a Catholic family, going to Catholic Schools. Having wrestled with my own faith over the 40(ish) years of my life I have a lot of varying and often contradictory opinions on abortion.

At times in my life when certainties seemed easier to come by I was stunchly against abortions of any kind. Even after having walked away from most of the tenants of the faith I grew up in, something about abortion continues to raise all sorts of ethical questions in my mind.

Having the benifit (or misfortune) of years of experience with the many tradgies that can befall a person in life, most of those comfortable certianties of my youth have been replaced by shoulder shrugs and an unwillingness to commit too far into any particular point of view.

One thing I've learned through years of joy, sadness, life, and death is that often life presents us with choices that suck. Choices that have nothing but tradgey at the end of them no matter what you do, or don't do. No amount of legislation will make life and death decisions any easier for any of us when we eventually face them. Make no mistake we will all face these horrible choices someday – some of us will face them more often than is fair.

Imagine for a moment, a women who is ecstatic to learn she is pregnant. She has a family who can't wait to welcome the new baby into the world, they have a baby shower, paint a nursery, and pick out baby names.

Then in a matter of moments all that joy is torn away when they find out the baby is actively dying in her womb, the beautiful baby they have loved since they discovered was on its way has organs growing outside its body, its bones are breaking, and it's only a matter of time till it dies.

Now imagine that woman is told she needs to return to the doctor every couple of days so that they can monitor her and take the baby as soon as it dies so that she doesn't go septic and die herself. Leaving her other children without a mother, and her husband a widower. All because there is still a detectable heart beat and performing an emergency induction is illegal in the place she calls home.

She has to continue to carry the dying baby, being congratuated by strangers at the grocery store, constantly being pressed for updates from friends at work, and being a person of faith herself struggles with ethical questions for which there are no readily avaible answers from her church, other than “pray”.

Imagine the emotional damage done to this woman and everyone who loves her and tell me that abortion is still unequivocally wrong. The shear cruelty of such a statement in light of the reality of the world we live in betray's a certain calous disregard for the well being of other's, or at best an ignorance that requires a ruthless willfulness to maintain.

While I used the word “Imagine” several times in these last few paragraph's I can assure you that this story is not imaginary. It is reality for many women in the State of Ohio, and it's a moral stain on this State and this Country that we allow it to continue.

On November 7th of this year I will vote yes on Issue 1, and I sincerely hope a majority of my friends and neighbors do as well.

authors: [“Luke Rawlins”] date: 2017-05-15 draft: false title: Linux Security description: “Security features built into Linux operating systems that make them more secure than Windows.” url: /linux-security/ tags: – file permissions – Linux – malware – permissions – security

Linux is not a bulletproof operating system, no doubt flaws, vulnerabilities, and exploits exist at this very moment that are unidentified and unpatched. It's also very likely that many Linux systems are running old unpatched kernels that are just waiting to be owned by some nefarious persons driven by who knows what motivations. Linux like Windows has a human flaw built into it, businesses don't want downtime for updates, users want too many permissions, and sysadmins don't want to risk breaking an application by running an OS update. In fact, at some points in time, it has been a point of pride for administrators of Unix systems to talk about uptime of a year or many years. That said, you don't see the problems with Linux that you do with Windows in either scale or degree of damage. Why is that?

I've been a little hesitant to speak about the “WannaCrypt” ransomware campaign that has been plaguing Windows computers over this past weekend for a couple of reasons, and this post isn't really about “WannaCrypt” it's about Linux security features and best practices that I think are relevant to this particular worm. First, my area of expertise is systems management, I'm not a researcher, or a hacker, or a policy writer I don't spend my days analyzing viruses or writing bug fixes. However, systems administrators do need to understand the attack vectors that their systems are vulnerable to and understand how to mitigate those vulnerabilities where they exist. Second, this particular instance of malware primarily affects Window's systems and as such doesn't have an immediate impact on me so it feels a little disingenuous and uncourteous to say “just use Linux” while the rest of the world is putting out this fire. I say primarily in the last sentence because any unpatched Windows client that is using a Linux SMB file server could encrypt files shared from that Linux host. This post should not be interpreted as a call for Linux users to become lax on security, just the opposite actually. A lot of valuable data lives on Linux systems around the world and we should carefully consider how that data is protected and what we can do to prevent this type of problem from occurring on our servers. On the other hand, I think it would be foolish to sit back and pretend to agree that there isn't a better way to provide IT services, or a better platform for providing them. It simply isn't true that Linux and Unix systems are just as vulnerable as Windows and I intend to outline my reasons why below.

Linux is not security through obscurity

Before I begin to lay out my reasons I want to address a misconception, Linux is not an obscure rarely used OS. One of the more annoying things I've seen shooting around the internet, especially on social media, is the idea that Linux users are hiding behind obscurity to keep themselves safe. This is false on two counts. First, it is said that Linux has too small of a market share to be targeted by large-scale ransomware attacks like the one we are seeing now. The claim that Linux is obscure is completely indefensible. Linux is the backbone of essentially all cloud services including AWS. Linux powers some of the world's busiest websites (https://www.linux.com/news/learn/intro-to-linux/how-facebook-uses-linux-and-btrfs-interview-chris-mason), it is trusted by banks, and fortune 500 companies to host databases, critical applications, and internal websites. Not to mention the fact that many of you reading this with skeptical eyes have an Android phone (built on Linux) in your pocket or on your desk at this very minute. Linux is everywhere, the return on investment for pulling off a large-scale attack on Linux or Unix platforms would be very lucrative indeed. (https://www.wired.com/2016/08/linux-took-web-now-taking-world/) To suggest that hackers wouldn't have as much to gain from a widespread Linux exploit is nieve. Which is also why Linux Engineers need to be cautious about configuration practices, and aware of current threats.

Second, Linux is the very definition of an open platform. There is nothing obscure about the code base, anyone can view the code at any time. Good guys, bad guys, professional kernel hackers, governments, businesses, and students. One of the great strengths of Linux is that there are so many eyes on the core of the operating system, which means that bugs can be identified and patched much faster.

With that out of the way, I will now present the reason's why I think Linux is a safer option for critical systems. I say “safer” because I know that no computer system that is turned on and connected to a network is ever completely safe. Safe is something that comes in varying degree's of risk, and no operating system can save you from yourself if you choose to ignore best practices. I think Linux makes it easier to follow industry practices and provides sane defaults from which to base a larger security framework.

User Account permissions

Linux is committed to the idea that each user should only have the minimum permissions required to do their job. This idea is enforced from the moment a user is created and requires an administrator to elevate those permissions.

This is something that Windows has been getting better at, user accounts need to be restricted for normal day to day activities in order to prevent them from causing inadvertent or intentional damage. However, even with UAC (user account controls) being installed by default, too many administrators turn this critical security feature off. Sometimes UAC is turned off because it's easier to disable it than it is to listen to user complaints about the warnings. Sometimes because businesses run legacy software that can't handle UAC. Whatever the reason, it is obvious that UAC is not being implemented in a way that is going to have a meaningful impact on the security landscape for Windows, at least not yet.

In Linux sudo is comparable to UAC, however, separation of powers is so ingrained into Linux systems that it is not even possible (without hacking the crap of your box) to turn this feature off. When a user is created on a Linux system that user has permission only to manipulate files they create or files that they are explicitly given permission to. This includes service accounts which run web servers, databases, LDAP, or any other service running on a system, none of which run as root by default. Users that require more permissions can be given sudo access either for full administrator capability or for specific commands. For example, in Linux, a user can be given permission to start or stop a particular service, without having permission to install, remove, or change the configuration of that service. If Windows has this ability I am unaware of it and have never seen it used in practice.

Sudo allows far more fine-grained control over what a user can and cannot do than UAC does on a Windows system, and as such Linux machines are protected from negligent or malevolent users when admins follow best practices. In fact, on some Linux systems like Ubuntu, the root password is locked by default and no one can log in as the root user. In those cases, all administrative function on the machine must be run through sudo. (https://help.ubuntu.com/community/RootSudo)

What these account controls do, is ensure that the integrity of the entire system is not compromised when one particular user becomes affected by malware. If a Linux user were to become infected by some type of drive-by ransomware infection the problem would be limited only to files which that user has access to. Which on a correctly configured system would be limited to only what that user owns. Correctly configured in this case means the default configuration, at least for every major Linux OS family (Fedora, SuSE, Debian) and all of the derivatives of those families that I've used.

File permissions

Along with, and complementary to user controls, file permissions in Linux will prevent any application that is not running as root from encrypting, copying, or modifying files that are owned by any other user. On a Unix or Unix-like operating system, everything is a file, and all files have an owner. By default when a user creates a file in their home directory, that file is given permissions of 644 which means that only the file owner can modify it, and nothing is executable by default. Since no files are executable until a user makes them executable, and only the file owner can modify a file then any malware would either need to have a method to escalate privileges (not impossible, but not trivial either), or it could only harm the user who downloaded and executed it.

For the extra cautious among us, Linux file attributes can be implemented to prevent even a process running as root from deleting, modifying, or encrypting a file. If you set the immutable flag on a backup archive in Linux it would be very hard for a ransomware campaign to strong arm you into giving up any cash. Since your backups would be untouched.... (plus you keep your backups off site and away from your other systems anyway right?)

SELinux / AppArmor

SELinux and AppArmor are two forms of mandatory access controls. If you are using Ubuntu, or Suse you are very likely to be using AppArmor. Fedora, Centos, and RHEL use SELinux. AppArmor and SELinux both contain applications within a set of policies that are added onto the normal file permissions that will stop an application from reading, writing, or executing a file that it would normally have access to if SELinux or AppArmor were not enabled. If for example, the apache process were to become compromised and a user had decided to keep a file on a system with 777 permissions in their home directory, normal file permissions would allow the attacker to steal those files. However, by enabling SELinux or AppArmor that file still with 777 permissions has become inaccessible to the attacker. Because apache is contained in a predefined context (SELinux) or policy (AppArmor) that will prevent it from being able to have any access, despite the permissions set by a user. For a good write up about this topic see: https://www.linux.com/news/firewall-your-applications-apparmor

This is often thought of as a zero-day defense. Software packages on a system that have known vulnerabilities that have yet to be patched can still be protected by enabling the mandatory access controls that are available on your server, or desktop. You should still patch when you can, obviously, but these tools will provide something of a stop-gap measure between the time a vulnerability is discovered and the time that package update becomes available.

Official software channels

Every Linux distribution provides officially supported package repositories. These repositories are essentially app stores that contain officially supported distribution provided packages. The great advantage of using Linux is that you will rarely if ever need to download a package from an unknown source on the internet. Ubuntu, for instance, has 45,000 packages available in its official repositories. Everything from note taking apps to office applications to high availability database programs and web servers. While we still need to be cautious about installing applications from third party repositories, by default your server or desktop is many times more protected by the fact that most of the software you will ever want is available at the click of a button or a quick command in the terminal. The software repositories are constantly updated and patches are made available for users on a continuous basis.

Online Patching

Ubuntu, Red Hat, and Suse all offer options for users to install patches without the need for a reboot. Ubuntu even offers this service for free for up to 3 desktops or servers. This removes the last real boundary to patching on a regular cycle. If online patching is implemented in your environment, you can reduce the downtime due to reboots by an incredible margin. Suse will support your OS patching for up to 1 year without a reboot. Which is pretty incredible. I'm still inclined to reboot if for nothing else the piece of mind that comes with knowing my systems will come back up in the event an outage, but it's nice to know that I don't have to.

Conclusion

I think Linux systems are more secure and provide better tools to keep a system secure in the long run than proprietary operating systems. A default Linux installation while not bulletproof does provide an excellent starting point to build from, and with proper management is more secure than most of the alternatives that are available. If you disagree let me know in the comments, I'm always open to learning new things. Hopefully, I've convinced at least some of you to switch to Linux ... But in the interest of full disclosure, I do have a bias in this regard since I do make a living using Linux :)

author: “Luke Rawlins” date: “2023-12-28” title: What to do, what to do... description: “Not sure what to do with this blog anymore.” url: /what-to-do/

I'm not sure what to do with this blog anymore.

When I started writting this blog, most of my motivation was to have an online notebook for myself.

It grew into a place for me to do a little bit of public learning.

I've done some how-to's over the years and written about how I've solved a few technical problems as a Linux admin, but I'm not really motivated to do that anymore.

These days I'm more interested in writting about my dog Walter, or how bad I am at video games.

So, if you follow this blog for Linuxy things. I'll probably still post some of that stuff. But just know that I might be mixing in some things about what I've been trying to train Walter to do. Right now he's one hell of a nap taker.

New Year, New Me...

I do plan to write more often in 2024.

This will be my 8th post of this year, and it's a short one. I'd like to bump that number up to 24 next year just to keep up with the writting habit.

I've been inspired by the blogging style that Manuel Moreale has developed. He writes fairly often and in easily digestible chunks.

I'm sure I'll do some Linux posts in the near future. I've been doing some thinking about the FHS lately and wondering about the circumstances behind how it became a standard that everyone ignores.

Hope you have a wonderful new year!

author: “Luke Rawlins” date: “2022-02-26” title: Linux must stand up to the enemies of democracy description: “No aid and comfort to the enemy, Open Source companies must stop aiding the Russian military” url: /linux-non-compliance/ tags: – Opinion

Update 2022-03-09

As of yesterday Red Hat has announced that they are immediately discontinuing sales and services in Russia, Belarus, and organizations headquarted in those countries.

“While relevant sanctions must guide many of our actions, we’ve taken additional measures as a company. Effective immediately, Red Hat is discontinuing sales and services in Russia and Belarus (for both organizations located in or headquartered in Russia or Belarus). This includes discontinuing partner relationships with organizations based in or headquartered in Russia or Belarus.”

https://www.redhat.com/en/blog/red-hats-response-war-ukraine?sc_cid=701f2000000tyBjAAI

Non-Violent Non-Compliance from the Open Source Community

The recent unprovoked and violent invasion of Ukraine by the Russian Military is a disgusting demonstration of how the enemies of democracy will stop at nothing to impose their will on anyone they see as weaker than they are.

If the Open Source community and Open Source Corporations like Red Hat, Suse, and Canonical do not immediately cut off any existing subscription contracts to the Russian military, government, and organizations that support them, then they are providing direct aid and comfort to the enemies of free and open societies.

I have to imagine the logistic, financial, and communications equipment used by the Russian military is primarily run by Linux operating systems. Denying these critical combat systems access to updated software security patches, and professional technical support will help significantly degrade the Russian militaries war fighting capacity and leave them vulnerable to cyber counter attacks from Ukrainian defense forces.

Red Hat, Suse, and Canonical must immediately cut off all support contracts that directly or indirectly benefits the Russian war machine. They must block all repository mirrors in the Russian Federation, and they must publish a knowledgebase article that outlines how other mirrors wishing to stand up to violent dictators can effectively block those organizations from access to their software repositories as well.

Luke

author: “Luke Rawlins” date: “2023-11-01” title: Just do it description: “Don't be the person who is afraid to take action. If something needs to be done, do it.” url: /dont-ask-just-do/ tags: – Opinion

My advice to junior sysadmins.

There is no “right way” just fucking do it.

One persons “best practice” is another persons “OMG what the fuck did you just do”.

I'm not exactly a risk taker when it comes to managing systems, but I'm not paralized with anxiety about making a decision to take action either.

This is especially true if something is already broken – and I expect others (especially senior people) to be able to use their best judgement as well.

If you take some initiative and fuck something up, no one cares.

We all get a good laugh and the person who messed up learns something.

I've litterally never seen anyone get fired for making a mistake, especially if it was a mistake that was intended to make a system or process better.

I've never seen anyone get fired or even repremanded for making a mistake while trying to fix something that is broken.

Stop worrying about getting in trouble and just do the dang work.

You will be wrong a lot, I'm wrong all the time, no one cares, just do your job.

You will never learn anything if you don't take any initiative and never risk being wrong.

Get comfortable with being wrong, it's going to happen a lot and at least most of the time you'll probably walk away from your wrongness having learned something that'll make you less wrong the next time.

Don't seek the no.

I read a book from Colin Powell a few years ago, one of the lessons I remember from that book is “Don't seek the no.”

If you ask 5 people if you are allowed to do “thing”, two of those people will say no if you want to do the thing differently than they do it, and the other three will probably tell you to ask someone else.

Don't do that shit.

If you have an idea on how to do something, just fucking do it.

authors: [“Luke Rawlins”] date: 2015-11-11 draft: false title: Linux DNS and DHCP Server url: /linux-dns-and-dhcp-server/ tags: – Linux – Ubuntu

There are lots of reasons to use Linux for your networking needs both at home and at work not the least of which is the unbeatable price (free). Linux has a well deserved reputation for security and high availability that is unrivaled among modern operating systems.

Setting up a dhcp and dns server with Linux is not as hard as you might think especially when using a package called “dnsmasq”. Dnsmasq is a lightweight package that is available from the default Ubuntu repositories. This guide will serve as a step by step guide to setup a basic dns and dhcp server using dnsmasq.

You can use either Ubuntu Server or Ubuntu Desktop for this. The steps will be the same, just keep in mind that if you ever decided to shut this computer off your entire network will go down! So choose a computer that you don't plan to shut down too often.

Step 1 – Network Setup

The first thing we need to do is setup a static ip address on the computer we will be using as our server.

Ubuntu keeps it's network configuration in a file located at /etc/network/interfaces. As a best practice I recommend that you make a copy of the original file. That way you can restore your original settings if  needed.

cp /etc/network/interfaces /etc/network/interfaces.orginal

Now lets edit the file and set our ip. I'm using vim here but you can use nano or any other text editor you feel comfortable with.

sudo vim /etc/network/interfaces

You will want to make your file look something like this one. Substituting any ip address information that may better suite your environment.

# interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback

auto eth0 iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 gateway 192.168.1.1 dns-nameservers 192.168.1.2

Save and close the file. No need to worry about loosing your network at this point since the current configuration is in memory and will not be read again until you either reboot or restart the network process. — Don't do either yet.

Step 2 – Install and configure dnsmasq

Now we are ready to install dnsmasq.

sudo apt-get update sudo apt-get install dnsmasq -y

Dnsmasq keeps its configuration file at /etc/dnsmasq.conf. It is a rather large file which has inline and block comments to help explain what each setting does. The top of the file should look like this:

# Configuration file for dnsmasq. # # Format is one option per line, legal options are the same # as the long options legal on the command line. See # “/usr/sbin/dnsmasq —help” or “man 8 dnsmasq” for details.

To configure dnsmasq find the lines you need and uncomment them filling in any environment specific details as needed. (Demonstrated below)

Again we will save a copy of the original file so that we can start over if something goes wrong.

cp /etc/dnsmasq.conf /etc/dnsmasq.conf.orginal

Then edit the file:

vim /etc/dnsmasq.conf

This a large file so I have removed many of the lines that are not relevant to this guide. However, I recommend that you read the entire file as there is a lot of valuable information in it. ( Again change any ip or domain details to fit your needs)

# Configuration file for dnsmasq. # ...

# Never forward plain names (without a dot or domain part) domain-needed # Never forward addresses in the non-routed address spaces. bogus-priv

...

# If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. no-resolv

# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv # files for changes and re-read them then uncomment this. no-poll

# Add other name servers here, with domain specs if they are for # non-public domains. server=/localnet/192.168.1.2 server=8.8.8.8 server=8.8.4.4

...

# Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. local=/mydomain.local/ ...

# If you don't want dnsmasq to read /etc/hosts, uncomment the # following line. no-hosts ...

# Set the domain for dnsmasq. this is optional, but if it is set, it # does the following things. # 1) Allows DHCP hosts to have fully qualified domain names, as long # as the domain part matches this setting. # 2) Sets the “domain” DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for “expand-hosts” domain=mydomain.local

...

# Uncomment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally # a lease time. If you have more than one network, you will need to # repeat this for each network on which you want to supply DHCP # service. dhcp-range=192.168.1.50,192.168.1.250,48h

...

# Do the same thing, but using the option name dhcp-option=option:router,192.168.0.1

...

# adapted for a typical dnsmasq installation where the host running # dnsmasq is also the host running samba. # you may want to uncomment some or all of them if you use # Windows clients and Samba. dhcp-option=19,0 # option ip-forwarding off dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s) dhcp-option=45,0.0.0.0 # netbios datagram distribution server dhcp-option=46,8 # netbios node type

...

# Set the limit on DHCP leases, the default is 150 dhcp-lease-max=200

...

# Set the DHCP server to authoritative mode. In this mode it will barge in # and take over the lease for any client which broadcasts on the network, # whether it has a record of the lease or not. This avoids long timeouts # when a machine wakes up on a new network. DO NOT enable this if there's # the slightest chance that you might end up accidentally configuring a DHCP # server for your campus/company accidentally. The ISC server uses # the same option, and this URL provides more information: # http://www.isc.org/files/auth.html dhcp-authoritative

...

# The following line shows how to make dnsmasq serve an arbitrary PTR # record. This is useful for DNS-SD. (Note that the # domain-name expansion done for SRV records doesnot # occur for PTR records.) #ptr-record=http.tcp.dns-sd-services,“New Employee Page.http.tcp.dns-sd-services”

ptr-record=2.1.168.192.in-addr.arpa.,“mydomain.local” address=/batcave.local/192.168.1.2

...

# Include another lot of configuration options. #conf-file=/etc/dnsmasq.more.conf #conf-dir=/etc/dnsmasq.d

Step 3 – Firewall Rules

Don't forget about the firewall!

Luckily Ubuntu's uncomplicated firewall (ufw) makes this easy.

sudo ufw allow bootps sudo ufw allow 53/udp sudo ufw allow 53/tcp

Step 4 – Change your router settings

At this final step you will probably lose your network connection for a short period of time.

Using a web browser navigate to your routers web interface. In my case that is 192.168.1.1 (yours may be different). You will want to disable dhcp for the local area network, and change any dns settings to point at the static ip address that you set for your server (mine was 192.168.1.2). Save your changes – some routers may need to reboot.

Lastly it's time to restart the network on your server so that the /etc/network/interfaces file will be reread and your changes will take effect.

sudo service dnsmasq restart sudo service network-manager restart

Alternatively you can reboot your server.

sudo shutdown -r now

That's all there is too it! This is a relatively simple setup but dnsmasq is capable of configuration that supports ldap, kerberos, tftp and can handle at least 1000 clients (according to the man page).

authors: [“Luke Rawlins”] date: 2018-03-13 draft: false title: The caret is mightier than the up arrow url: /the-caret-is-mightier-than-the-up-arrow/ tags: – Bash – command line – Linux

I learned a fun bash trick a while ago that I thought I would share. In a bash shell you can use the caret ^ symbol to find and replace a sequence of characters in your previous command.

For instance if you type:

sudo systemctl restart httpd

and then want to look at the status of the httpd service all you need to do is:

^restart^status

Bash will look at the last command in your history and replace the first occurrence of “restart” with “status” and run the new command.

Over the last week or so I’ve found that I get the most use out of this trick from my atrocious spelling. More often than not I spell “systemctl” as “systemclt”, or instead of “sudo something” I type “sodu something.” Using the caret syntax I can quickly fix my spelling mistakes in the command line without having to retype long strings  that had a couple of letters out of place.

The other thing this is useful for, is to show off your awesome command line skills and see the looks of adoration you get from your fellow Linuxy people. In fact, to be honest, that is probably the best reason to learn these kinds of things. :)

So next time you are about to press the up arrow and fix a spelling mistake, or change a command option try using the ^oldstring^newstring trick instead.

Till next time

— Luke

authors: [“Luke Rawlins”] date: 2022-05-01 draft: false title: Using the :read command in vim url: /vim-read tags: – vim

This post assumes you know enough about vim to use it relatively comfortably. If you have never used it, or only have cautious interactions with it then you'll want to start with a tutorial.

From your terminal type vim then, Esc followed by :vimtutor press Enter and do the full introduction before proceeding.

The famous vim text editor has lots of great features one of the lesser known features (or one I didn't know about till recently anyway) is the read command.

You can use read in command mode to insert the contents of another file, or the output of a command into a vim buffer (file).

Insert the output of a shell command into vim

This site is written in markdown using Hugo. In Hugo each post has some meta data associated with it that is written at the top of each file called front matter.

Front matter tells Hugo things like: the author, title, date, tags, etc of each post. It looks something like this:

---
authors: ["Luke Rawlins"]
date: 2022-05-01
draft: false
title: vim read command
url: /vim-read
tags:
- vim
---

Instead of writing all that each time I wanted to create a new post in vim, I could use the :read command to insert the front matter of a previous post each time I start a new file.

For example if I wanted to insert the front matter from my previous post I could do that like this:

:read !head 2022-04-09-vimwiki-neovim.md

Or you can shorten it up by just using :r

:r !head 2022-04-09-vimwiki-neovim.md

Which in my case inserts this output into my file:

```

authors: [“Luke Rawlins”] date: 2022-04-09 draft: false title: How to install vimwiki in neovim url: /install-vimwiki-neovim tags: – vim – Linux

````

Those 10 lines are the front matter of my last post. But lets take a look at each part of this command string.

  • First :read or :r
    • This just calls the :read command which is used to insert a file starting at the line below your cursor.
  • !
    • If you are familiar with any programming languages you might expect the exclaimation mark to mean “not”, however, in vim the ! indicates that you are trying to run a shell command. In this case, !head means we want to run the command head in our default shell.
  • Putting it all together
    • :r !head 2022-04-09-vimwiki-neovim.md tells vim to insert the output of the head command into the current buffer by reading in the first 10 lines of the “2022-04-09-vimwiki-neovim.md” file.

One of my most often used cases for inserting the output of a shell command into vim is when I'm building an index file for my notes using the ls command.

:r !ls -C1 /path/to/notes/directory/

Use :read to pull in an entire file.

You might have a need to make a completely new version of a file. Perhaps you want to copy in a configuration file and just make a few minor changes. Or use it to create a template.

:r /path/to/file/

This time instead of getting the output of a shell command you get the contents of another file pulled directly into your current buffer (file).

If you found this useful please support the blog.

Fastmail

I use Fastmail to host my email for the blog. If you follow the link from this page you'll get a 10% discount and I'll get a little bit of break on my costs as well. It's a win win.

Backblaze

Backblaze is a cloud backup solution for Mac and Windows desktops. I use it on my home computers, and if you sign up using the link on this page you get a free month of service through backblaze, and so do I. If you're looking for a good backup solution give them a try!

Thanks!

Luke

authors: [“Luke Rawlins”] date: 2016-12-09 draft: false title: Microsoft and Linux working together! description: “I've been thrilled to see the recent collaboration between Microsoft and various Linux distributions. Everyone has seen the Microsoft <3 Linux headlines over the last few months, and I've been curious about how this relationship has been reciprocated by the Linux community.” url: /microsoft-linux-work-together/ tags: – Bash – Microsoft – Red Hat – SQL Server

Red Hat

I've been thrilled to see the recent collaboration between Microsoft and various Linux distributions. Everyone has seen the Microsoft <3 Linux headlines over the last few months, and I've been curious about how this relationship has been reciprocated by the Linux community. So I decided to ask Stephanie Wonderlick at Red Hat and Rebecca Cradick at Canonical (the company behind Ubuntu) a few questions about the current state of Linux and Microsoft's cross-platform cooperation. After my initial contact with Stephanie, I was able to get a few questions over to Mike Ferris, Vice President of Business Architecture at Red Hat who had some great insights for me. I'll present the full question and answer's a little further down.

_Both companies recognize that customers will have a mix of both Microsoft Windows and Red Hat Enterprise Linux within their development and datacenter architectures and will look to deeper integration._ - Mike Ferris

When you think about it, this type of strategic partnership makes a lot of sense and is mutually beneficial to both platforms. SQL Server will gain a wide audience of developers and administrator's from the Linux community, and in return, Linux will be introduced and further integrated into the well-established SQL Server community. Mike Ferris of Red Hat says much the same in response to my questions about how a partnership like this develops; “Just as Microsoft saw increasing demand for Red Hat Enterprise Linux on Azure, Microsoft also recognized the importance and opportunity for SQL Server native availability on Linux in the enterprise.”

In fact, both Red Hat and Canonical credited Linux on Azure as being a major motivator for collaboration. Rebecca Cradick from Canonical states “we have a very good and close working relationship with Microsoft, in fact, Ubuntu is the most widely used Linux image on Azure and we continue to work on development with them.” In January of this year writing for insight.ubuntu.com John Zannos writes; “Working with Microsoft we have seen tremendous growth of Ubuntu on Azure. Use of Ubuntu on Azure is growing rapidly and, more than one in four VMs running on Azure are Linux”. With such a wide usage of Linux on Microsoft's popular cloud service, it's easy to see how interests between operating system distributors converged with customer demand in this case.

It seems apparent that all sides are taking this collaboration seriously. Here is the full transcript of the questions I had for Red Hat and the response's I received from Mike Ferris.

Me: As a professional Linux Administrator I'm always happy to see better integration of technologies across platform boundaries. Given the release of SQL Server for Linux, how do you envision the future of cooperation between Red Hat and Microsoft?

Mike Ferris: “We started the relationship with enabling our joint enterprise customers with Red Hat Enterprise Linux on Azure backed by integrated support from both companies. We then rapidly expanded our activities to include; making. NET on Linux available directly from Red Hat (http://developers.redhat.com/dotnet/) on both RHEL and Red Hat OpenShift Container Platform, integrating our management platforms including CloudForms and Ansible with Azure and making future statements about our work with AzureStack and SQL Server.  All of these and future activities are being driven directly by our joint customer requests and demand.”

Me: What part did Red Hat play in bringing SQL Server to the Linux platform? And how did such a massive project get started?

Mike: “Just as Microsoft saw increasing demand for Red Hat Enterprise Linux on Azure, Microsoft also recognized the importance and opportunity for SQL Server native availability on Linux in the enterprise.  We have jointly worked to enable the public preview of SQL Server on Red Hat Enterprise Linux (https://www.redhat.com/en/about/blog/sql-server-linux-public-preview-now-available-red-hat-enterprise-linux).   This type of relationship is not new for Red Hat.  Our early work on Red Hat Enterprise Linux with both Oracle and IBM DB2 ensured scalability and performance of those platforms to meet enterprise needs.  Similar activities can also be applied to ensure SQL Server performance, reliability and security in the enterprise as well.”

Me: Does Red Hat have any plans to bring Linux technology to the Windows Platform? Bash is currently being integrated into Windows 10 does that provide any opportunity to bring more features across the isle?

Mike: “Both companies recognize that customers will have a mix of both Microsoft Windows and Red Hat Enterprise Linux within their development and data center architectures and will look to deeper integration. In the same way that including native Bash capabilities into Windows empowers administrators and developers with familiar tools, we are also ensuring that development, operations, and management platforms such as JBoss, OpenShift, and CloudForms and Ansible become natively integrated become a natural extension to Windows environments where appropriate and provide a consistent set of capabilities across both Red Hat and Microsoft platforms.”

It would seem that SQL Server isn't the only promising development coming out of these partnerships. Along with SQL Server coming to Linux, Windows 10 now has a fully featured Bash shell, thanks in large part to Canonical's joint efforts with Microsoft.

_Microsoft was genuinely interested in working with Canonical to deliver the full Ubuntu shell experience to Windows 10 users!"_ - Dustin Kirkland ![Ubuntu](/img/ubuntu-orange.gif)

Ubuntu's work to bring Bash to Windows 10 is even further evidence that both parties are committed to the continued integration of computing technology. Writing for Linux.com Canonical's Dustin Kirkland commented: “this was more than just a science project.  Microsoft was genuinely interested in working with Canonical to deliver the full Ubuntu shell experience to Windows 10 users!”

Not that long ago if someone would've told me that Microsoft and Linux were going to actively work together, and combine their respective strengths in such exciting ways I would've thought you were going a little crazy. I for one am happy to see this kind of collaboration, and I can't wait to see what comes next. Deeper integration of native tools across multiple platforms's cannot be anything less than a dream come true for large I.T. organizations that must work within heterogeneous environments to provide highly available services at low cost.