Good morning all! It feels like forever since I last blogged . Which is extremely bad of me *slaps own wrist*. However, I m been horrendously stupidly busy. As some of you may know, I m very much an Android fan. Recently, I ve gotten myself a shiny Galaxy SII. Given the fact that alongside my day job of being a Web Developer for an Online Retailer, I m also a Voluntary Ambulance Person I thought it d be useful to ask my current workplace if they d provide me a mobile phone cover for my new phone. Of course, work were more than happy to provide me with a shiny Samsung Galaxy S2 case (I actually went for the Case-Mate Barely There in brushed aluminium). Being a voluntary Ambulance Person, I regularly have to go to random places to pick up an ambulance/attend an event. Because of that I rely quite heavily on Google Maps and it s navigation features (Free Sat Nav in my opinion, the killer feature of Android). Having only had my phone a week, I started to find that there were a few problems with the GPS. Whereas previously, I d been able to lock on almost instantly, It d now take me about half an hour (literally) to get a lock on anything. I tried Googling, I tried everything I could think of, but to no avail. I downloaded GPS Test, and it was showing that while it was picking up a couple of sattelites, it wasn t picking up enough to get a decent lock The image above is a screenshot of the GPS test from directly outside my front door, taken after it had settled down. As you can imagine, I wasn t happy and was ready to send the phone back. Then, for some reason, a brainwave hit me (It doesn t happen often). What changed from when it was working to now? I know! The Case *takes case off, tries GPS test again* It can be amazing what happens when you realise that shiny case you have is mainly made of aluminium. Guess what works well at deflecting radio signals and the like You got it, aluminium. So now I need to decide whether to get another case or whether to just take the case off when I need to do sensible things. Other than the case problem, I m finding that the Samsung Galaxy SII is a great phone (as soon as I got rid of Touchwiz). I m not a fan of the OEM Samsung crap that s been bolted onto the phone, and will, as soon as there s a decent release, be putting a copy of CyanogenMod on the phone (I ve already made most of the tweaks I just want rid of SNS) In other news I ve started more and more gaming again. If you re interested in a couple of rounds of TF2 or some SC2 (or some Portal 2 Co-Op) then give me a shout with your Steam ID / Battle.net ID and I ll see what I can do. I m thinking of starting doing some Let s Play Videos, as my Youtube Channel is looking a bit sparse! I m going to try and start blogging a bit more aswell so if there s anything you want to see me blog about pop a post in the comments below! Till next time..

So, I haven t read the planets in a couple of days but I m going to guess that, like twitter, a lot of people are going to be raving about Google+. For those of you who haven t heard about Google+, it s a new Social Networking site from Google and it brings a new take to the world of social networking. In real life, we communicate differently to the different people in our social contexts. For example, most people will converse differently to their work colleagues than they will to their family. They ll converse differently with their drinking buddies than they will with their Family. There are things that you want only certain people to know, and there are aspects of your personality that you only want to show to certain people. I think giving an example here might be better. This is an example of a friend of mine, who we ll call Fred. Fred is a teacher. Fred also likes to go out of a weekend and party till dawn, while consuming lots of tequila. I, as Fred s friend, am on a night out of drunken debauchery, and I ve my camera with me, and decide to post lots of pictures online of the night s revelry. The next day, one of Fred s colleagues logs into a Social Networking site, and sees said pictures in Fred s profile. Now things aren t looking so bright for Fred. He no longer gives across that professional image that he should do at work. Some may say that this is Fred s fault for going out and doing these things, but everyone s entitled to a personal life, right? At the moment, on Fred s social networking site, it s an all or nothing option. If he allows you access to his profile, he allows you access to see anything and everything that might show up on there. (It s a bit more complicated than this, but let s keep it simple for now). Every time Fred has someone add him as a contact he has to make that decision Do I want this person to be able to see everything I may or may not get up to . Put simply, how many of you have refused someone to add you on the Social Networking site du jour because what you show on their may be harmful to you, or give over an impression that isn t what you want to give across. Enter Circles. Circles brings to the social networking scene the way we interact with people in real life. We show a different aspect of our personality to different people we interact with. I m a bit of an organisational freak, and I know that there are different groups of people that either for the fact of portraying a persona, or not annoying everyone else, I might want to push in different ways. For example, I might want to send out a BBQ at my house, bring lots of alcohol message to all my friends, but don t really want my co-workers coming along and making it so I have to be on my best behaviour. Below is a screenshot of my (current) circles. As you can see I have a fair few, and only a relative few people. Now, let s say that I wanted to send out that BBQ message As you can see I ve the option to send this to the 5 people that are in my Friends group (it s currently mostly geeks on there there are only a few of my real life friends on there so far!) Now with only a few clicks, I ve managed to send out a message to just those few people that I want to Over the next few days, I ll write a bit more about Google+, but I thought I d start with an introduction into the Circles feature. I ll be giving a bit of feedback about what I like, what I dislike, and also making a few suggestions for what I d like to see happen in the future (and probably use the word siloing a fair bit!) For now, toodles.

It seems that once again, the squirrel has it right:- <iframe allowfullscreen="allowfullscreen" frameborder="0" height="390" src="http://www.youtube.com/embed/5_mZrUkzabk" title="YouTube video player" width="480"></iframe> For those of you reading this via a planet, or similar, please click on the title of this post to see the video I ve embedded above. (Please note, may contain language that offends some)

Then this would be apt:-

Strange but very cool (via a friend of mine, hellocatfood)

1. Go and buy a turkey.
2. Take a drink of whisky (scotch or bourbon).
3. Put turkey in the oven.
4. Take another two drinks of whisky.
5. Set the degree at 180 ovens.
6. Take three more whiskies of drink.
7. Turn oven the on.
8. Take four whisks of drinky.
9. Turk the bastey.
10. Whisky another bottle of get.
11. Stick a turkey in the thermometer.
12. Glass yourself a pour of whisky.
13. Bake the whisky for four hours.
14. Take the oven out of the turkey.
15. Take the oven out of the turkey
16. Floor the turkey up off the pick.
17. Turk the carvey.
18. Get yourself another scottle of botch.
19. Tet the sable and pour yourself a glass of turkey.
20. Bless the saying, pass and eat out.

Merry Christmas Everyone!

A few months ago, my company made the decision to switch from our previous mail provider, to use Google Apps. It was a no-brainer really, most of the company were using it already, for the calendars, and Documents, and well we were a bit fed up with our previous mail provider. So we made the move. As an online retailer, we obviously get a lot of Financial related emails, and our Accountancy Department has an email address setup as a group, where the group sends to all the members in the Accounts Team. A pretty simple setup. However, for the last 2 months, I ve been fighting an uphill battle to get this to work properly. When an email gets delivered to a Google Group, it stops there, and then Google re-sends the email to the people in the group. Somehow, this triggers the receiving account to believe that it s originated from the Google Groups servers, rather than the actual originating server. Google Apps emails have a pretty nifty spam filtering service. For those well-known services on the web, it ll check whether it actually came from them (I think through some combination of DKIM and SPF), and bounce it if not. Can you see where I m going yet? Google Groups has a nifty feature to stop it attempting to send emails to addresses that don t exist. If an email address bounces at a certain rate, it ll flag it as undeliverable. If all the emails in a group are flagged as undeliverable, it ll bounce that email to the original party, so that they know no-one received it. The Accounts team are setup to receive information regarding Paypal Payments, Disputes, etc etc. A couple of days in, I had our Financial controller tell us that the Accounts team had stopped receiving emails. Well, being who I am I sent a test email out guess what I got back? Hello <redacted>, Your message could not be delivered because of previous failures during delivery attempts to this mailing list. Please update the list with valid addresses. This is an example of some of the bounces we received: ----------------------------------------------
Recipient: pa.......@mobilefun.co.uk 550 550 5.7.1 Unauthenticated email is not accepted from this domain. u22si29486554yba.55 (state 18).
Message-Id: <redacted> ----------------------------------------------
Recipient: ni........@mobilefun.co.uk 550 550 5.7.1 Unauthenticated email is not accepted from this domain. u22si29486554yba.55 (state 18).
Message-Id: <redacted> ----------------------------------------------
Recipient: lu..........@mobilefun.co.uk 550 550 5.7.1 Unauthenticated email is not accepted from this domain. u22si29486554yba.55 (state 18).
Message-Id: <redacted> *sigh* time to play with the group. I change the members of the group to use one of our alias domains instead of the @mobilefun.co.uk this gets emails working again. 2 days later . our Financial Controller comes to me and complains that clients are complaining that they re receiving bounce emails when sending to his team I check, and once again, get the same message. Time to open a support ticket. That was in October since then we ve tried everything Changing to user-defined groups and switching off the spam filters, whitelisting the groups, setting up DKIM on our domain, changing the spam levels, clearing bounce statuses all to no avail I ve been back and forthing with Google Enterprise Support for 2 months and have still not found a suitable solution *sigh*. I must say however, that the person dealing with the case at Google (Josephine H) has been professional and helpful all the way along, even with my rising frustration at the issue. Today I ended up calling their service unusable number, after having tried a couple of times to change the groups so that the Accounts Team could receive emails again and finding that none of my previous tricks worked. While on hold, I found that I could use a local part extension to an email address, and the group would recognise it as a new email address and therefore have no bounce status. I ve now made a script using the Provisioning APIs, and a bit of python-fu that will generate a local part extension based on the current date/time, and replace the users in the group for the Accounts team with those. Say for example, the primary email address for a user was test@example.com it d add a user of test+20101221235641@example.com. This is set to run each day so it s pretty much the same as resetting the bounce status (which fixes things for a short while) on a daily basis. According to my latest email from Google Enterprise support:-

At the moment there is an incentive going on to fix this outright as messages from Paypal etc have been causing bounce s for other domains. This fix is supposedly due very early in the New Year and will solve this problem indefinitely.

I wait with baited breath but for now, I m happy with my hack.

Due to the fact that my previous VPS was well out of date (Ubuntu Intrepid!!!) I m currently in the process of moving everything to a new server. I ve had lots of fun re-setting up my email and it s now very shiny and easy for me to use (I ll be writing a tutorial at some point in the near future) Other than that I d like to give a quick shameless plug to my VPS provider, Bitfolk. They re awesome, and have a great policy for Migrating to a new VPS.

<script type="text/javascript"> var flattr_wp_ver = '0.9.11'; var flattr_uid = '34168'; var flattr_url = 'http://www.sourceguru.net/bad-tech-support-feel/'; var flattr_btn = 'compact'; var flattr_hide = 0; var flattr_lng = 'en_GB'; var flattr_cat = 'text'; var flattr_tle = 'How bad tech support makes me feel'; var flattr_dsc = ''; var flattr_tag = 'punch,stabby,tech support'; </script> <script src="http://api.flattr.com/button/load.js?v=0.2" type="text/javascript"></script>

One of the things that I love about our Local LUG is the people. At our LUG, we have our resident geek artist, Antonio Roberts (aka hellocatfood) who, on the odd occasion, gets harassed into doing a talk for us. His talks are always fairly awesome. His previous talk about FLOSS + Art is the video with the highest views on our video archive, and tomorrow night, Thursday 16th September, at 19:30pm BST, he ll be delivering his next talk about his experience in the FLOSS community as an artist to us. In his own words:-

This talk extends greatly on what was said and goes into issues of copyright and what experiences I ve had as an artist in the open source world

His previous talk was a bit of an eye-opener to me, as a pure geek with barely a trace of artistry in me, and it s always good to see the FLOSS world from the eyes of someone who doesn t exactly fit the stereotype of what you d normally expect to see. The video will be available after the event, at some point, but for those who re interested in gaining an insight into artistry and FLOSS, we ll be broadcasting the talk live over the interwebs. <script type="text/javascript"> var flattr_wp_ver = '0.9.11'; var flattr_uid = '34168'; var flattr_url = 'http://www.sourceguru.net/freedom-creativity/'; var flattr_btn = 'compact'; var flattr_hide = 0; var flattr_lng = 'en_GB'; var flattr_cat = 'text'; var flattr_tle = 'Freedom in Creativity'; var flattr_dsc = 'One of the things that I love about our Local LUG is the people. At our LUG, we have our resident geek artist, Antonio Roberts (aka hellocatfood) who, on the odd occasion, gets harassed into doing a talk for us. His talks are always fairly awesome. His previous talk about FLOSS + Art is the video with the highest views on our video archive, and tomorrow night, Thursday 16th September, at 19:30pm BST, he\'ll be delivering his next talk about his experience in the FLOSS community as an artist to us. In his own words:- This talk extends greatly on what was said and goes into issues of copyright and what experiences I ve had as an artist in the open source world His previous talk was a bit of an eye-opener to me, as a pure geek with barely a trace of artistry in me, and it\'s always good to see the FLOSS world from the eyes of someone who doesn\'t exactly fit the stereotype of what you\'d normally expect to see. The video will be available after the event, at some point, but for those who\'re interest'; var flattr_tag = 'art,artist,floss,lug,presentation,sblug birmingham lug,streaming,talk,video'; </script> <script src="http://api.flattr.com/button/load.js?v=0.2" type="text/javascript"></script>

Please, those of you who send me emails, remember the following:-

• An email has a subject line use it
• If you put a proper description in your subject line, it s easier for me to find the email again
• The subject line is that what the email is about. It s NOT meant for the entire content of your message, no matter how brief
• If you send me an email entitled FYI Don t bitch at me when I don t reply.
• If you ask a question, and it s a vague one, don t get annoyed at me when I ask for clarification

I do love a bit of Geek Art and I loved what one of our LUGgers (whose name escapes me!) bought with them tonight s LUG Meeting A great addition to any condiment cupboard!

With his announcement of the N-imal for Ubuntu 11.04 I m being driven slightly insane, as I now now have this song stuck in my head (and probably will do for weeks to come!)

Martin Meredith wrote a blog post about logging in as root and the people who so strongly advocate against it [1]. The question is whether you should ssh directly to the root account on a remote server or whether you should ssh to a non-root account and use sudo or su to gain administrative privileges. Does sudo/su make your system more secure? Some years ago the administrator of a SE Linux Play Machine used the same home directory for play users to login as for administrative logins as for his own logins he used newrole to gain administrative access (like su or sudo but for SE Linux). His machine was owned by one of his friends who created a shell function named newrole in one of his login scripts that used netcat to send the administrative password out over the net. He didn t immediately realise that this was a problem until his friend changed the password and locked him out! This is one example of a system being 0wned due to having the double-authentication of course if he had logged in directly with administrative privs while using the same home directory that the attacker could write to then he would still have lost but the attacker would have had to do a little more work. When you login you have lots of shell scripts run on your behalf which have the ability to totally control your environment, if someone has taken over those scripts then they can control everything you see, when you think you run sudo or something they can get the password. When you ssh in to a server your security relies on the security of the client end-point, the encryption of the ssh protocol (including keeping all keys secure to prevent MITM attacks), and the integrity of all the programs that are executed before you have control of the remote system. One benefit for using sshd to spawn a session without full privileges is in the case where you fear an exploit against sshd and are running SE Linux or some other security system that goes way beyond Unix permissions. It is possible to configure SE Linux in the strict configuration to deny administrative rights to any shell that is launched directly by the sshd. Therefore someone who cracks sshd could only wait until an administrator logs in and runs newrole and they wouldn t be able to immediately take over the system. If the sysadmin suspected that a sshd compromise is possible then a sysadmin could login through some other method (maybe visit the server and login at the console) to upgrade the sshd. This is however a very unusual scenario and I suspect that most people who advocate using sudo exclusively don t use a SE Linux strict configuration. Does su/sudo improve auditing? If you have multiple people with root access to one system it can be difficult to determine who did what. If you force everyone to use su or sudo then you will have a record of which Unix account was used to start the root session. Of course if multiple people start root shells via su and leave them running then it can be difficult to determine which of the people who had such shells running made the mistake but at least that reduces the list of suspects. If you put PermitUserEnvironment yes in /etc/ssh/sshd_config then you have the option of setting environment variables by ssh authorized_keys entries, so you could have an entry such as the following: environment= ORIG_USER=john@example.com ssh-rsa AAAAB3Nz[...]/w== john@example.com Then you could have the .bashrc file (or a similar file for your favorite shell) have code such as the following to log the relevant data to syslogd:
if [ "$SSH_TTY" = "" ]; then
logger -p auth.info "user $ORIG_USER ran command \"$BASH_EXECUTION_STRING\" as root"
else
logger -p auth.info "user $ORIG_USER logged in as root on tty $(tty)"
fi I think that forcing the use of su or sudo might improve the ability to track other sysadmins if the system is not well configured. But it seems obvious that the same level of tracking can be implemented in other ways with a small amount of effort. It took me about 30 minutes to devise the above shell code and configuration options, it should take people who read this blog post about 5 minutes to implement it (or maybe 10 minutes if they use a different shell or have some other combination of Bash configuration that results in non-obvious use of initialisation scripts (EG if you have a .bash_profile file then .bashrc may not be executed). Once you have the above infrastructure for logging root login sessions it wouldn t be difficult to run a little script that asks the sysadmin what is the purpose for your root login and logs what they type. If several sysadmins are logged in at the same time and one of them describes the purpose of their login as to reconfigure LDAP then you know who to talk to if your LDAP server stops working! Should you run commands with minimum privilege? It s generally regarded that running each command with the minimum privilege is a good idea. But if the only reason you login to a server is to do root tasks (restarting daemons, writing to files that are owned by root, etc) then there really isn t a lot of potential for achieving anything by doing so. If you need to use a client for a particular service (EG a web browser to test the functionality of a web server or proxy server) then you can login to a different account for that purpose the typical sysadmin desktop has a dozen xterms open at once, using one for root access to do the work and another for non-root access to do the testing is probably a good option. Can root be used for local access? Linux Journal has an article about the distribution that used to be known as Lindows (later Linspire) which used root as the default login for desktop use [2]. It suggests using a non-root account because If someone can trick you into running a program or if a virus somehow runs while you are logged in, that program then has the ability to do anything at all of course someone could trick you into running a program or virus that attempts to run sudo (to see if you enabled it without password checks) and if that doesn t work waits until you run sudo and sniffs the password (using pty interception or X event sniffing). The article does correctly note that you can easily accidentally damage your system as root. Given that the skills of typical Linux desktop users are significantly less than those of typical system administrators it seems reasonable to assume that certain risks of mistake which are significant for desktop users aren t a big deal with skilled sysadmins. I think that it was a bad decision by the Lindows people to use root for everything due to the risk of errors. If you make a mistake on a desktop system as non-root then if your home directory was backed up recently and you use IMAP or caching IMAP for email access then you probably won t lose much of note. But if you make a serious mistake as root then the minimum damage is being forced to do a complete reinstall, which is time consuming and annoying even if you have the installation media handy and your Internet connection has enough quota for the month to complete the process. Finally there are some services that seek out people who use the root account for desktop use. Debian has some support channels on IRC [3] and I decided to use the root account from my SE Linux Play Machine [4] to see how they go. #debian has banned strings matching root. #linpeople didn t like me because Deopped you on channel #linpeople because it is registered with channel services . #linuxhelp and #help let me in, but nothing seemed to be happening in those channels. Last time I tried this experiment I had a minor debate with someone who repeated a mantra about not using root and didn t show any interest in reading my explanation of why root:user_r:user_t is safe for IRC. I can t imagine that good the #debian people expect to gain from denying people the ability to access that channel with an IRC client that reports itself to be running as root. Doing so precludes the possibility of educating them if you think that they are doing something wrong (such as running a distribution like Lindows/Linspire). Conclusion I routinely ssh directly to servers as root. I ve been doing so for as long as ssh has been around and I used to telnet to systems as root before that. Logging in to a server as root without encryption is in most cases a really bad idea, but before ssh was invented it was the only option that was available. For the vast majority of server deployments I think that there is no good reason to avoid sshing directly as root.

• [1] http://www.sourceguru.net/login-root/
• [2] http://www.linuxjournal.com/article/7166
• [3] http://www.debian.org/support
• [4] http://www.coker.com.au/selinux/play.html

I ve recently gotten a lot of flack from a couple of people for an innocent comment I made about logging into a machine as root.
I d like to think of myself as pretty savvy when it comes to security, and as far as I m concerned, the reasons for not logging in as root are:-

• Password could theoretically be sniffed
• Unsecure connection could theoretically be hijacked
• You don t get an audit trail like you would with su or sudo
• Password could be brute forced
• You could easily run a command unintentionally which causes damage to your system

Ok, so we have the reasons not to and they re good reasons. This is why, generally, I don t login to my boxes as root. However, the box in concern mitigates the above in the following ways

• We only ever connect via SSH
• Access to root is only allowable through SSH keys
• Due to the nature of the server (local file storage) we don t need an audit trail
• Password login is only ever allowed from a secure TTY (aka the box itself)
• The only reason we ever need to login to this machine is to perform maintenance which requires root access

Is there any good reason that I shouldn t be logging in as root in the above circumstances?

A mini-meme that has been spreading round the IT team at my workplace is IOGraph a small Java program that tracks and draws the status of your mouse over a period of time. Lines are movement, circles are places where the mouse has stopped The bigger the circle, the longer it was there. I have 2 monitors, which explains the weird dimensions!

For those of you who don t know, I occasionally write for Linux Format. As I ve got an article coming out in the next issue (available on April 29th), I thought I d have a check to see if the PDF s are available in the subscribers area yet. Unfortunately, they re not, however, I did notice that my first article for Linux Format has now been released to the general public. If you head on over to Issue 121, you ll find my tutorial Security: Protect your server has a Click here to read! link underneath it. One of my other articles for them, Super Snooper , has also found it s way onto TuxRadar, and, while it doesn t have the pretty artwork (or a mugshot, or any mention of me, it seems!) that the magazine does, it s still well presented on the site! Let me know in the comments if you ve any feedback to either of them! Along the same lines, I m thinking that I want to write a book (mainly so that I ll eventually come first in Google, rather than what used to be second and now for some reason seems 7th ). But what should I write about? I ve a few thoughts, and the one that I feel like I want to write the most is about becoming a Google Ninja (using Analytics, Website Optimiser, etc etc to their full potential) but I don t know would people be interested in buying that?

<object height="344" width="425"><param name="movie" value="http://www.youtube.com/v/3drE5LFAdyY&amp;hl=en_US&amp;fs=1&amp;"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed allowfullscreen="true" allowscriptaccess="always" height="344" src="http://www.youtube.com/v/3drE5LFAdyY&amp;hl=en_US&amp;fs=1&amp;" type="application/x-shockwave-flash" width="425"></embed></object>
If you can t see the video above, click here

grr!

Transforming data is hard. When I joined my current company, there were stupendous amounts of Perl/PHP/Bash/<insert random programming language here> scripts that would run on a cron job and do magic things to our data. They d create reports, they d tell the purchasers when we were running out of stock, they d synchronise data between our Frontend and backend databases, they d collect, they d collate, they d do everything and anything. Except, with all these scripts, in all these random languages, written by a multitude of previous developers (at different skill levels), they weren t particularly maintainable (and sometimes, they weren t particularly readable or understandable either imagine a 6000 line perl script that pretty much ran different permutations of the same data over and over again) Enter Pentaho, and specifically it s Kettle project. (since renamed Pentaho Data Integration ), a tool that lets you manipulate your data in pretty much any way you can imagine, in the simplest and easiest way imaginable.

That s right, it s a GUI for data manipulation.

I know a lot of you are probably sceptical right now. The first time I ever saw this was when a previous boss of mine put it forward as a potential solution for one of our problems (getting our orders from the front end database down to the office/warehouse). I saw it, and I thought GUI? Nah, that s not how real programmers do things! , so after the development team put forward another proposal to solve this, and it got accepted, I thought I d never see the thing again.

That was until my current boss started playing with it, trying to work out what it was doing so that he could get these evil GUI based scripts into something manageable, like nice, pretty code. Thing s, when my boss plays with things that he doesn t know about, he tends to read up, research, and, 9 times out of 10, change his mind.

We wiped the previous server (it was rather noisy! We re glad it s no longer switched on!) and set up a new server to house our BI platform . Starting off with a few scripts, my boss learnt to love this tool, and then, as I m his 2nd in command (aka general lackey) started making me learn how to use it.

Again, I was sceptical, I didn t want to learn, and I put up resistance, but my boss was going away for nearly a month, and by this time, a few of our key business processes relied on Kettle, so, grudgingly, I sat down, and started to learn.

You may be wondering now, why I started off this story talking about all those magical and wonderful scripts that no one seemed to know the inner workings of. These scripts, as I ve already mentioned were unwieldy, and at times, god-damned awful. The plan was to move them to the BI system (as my boss had been doing already).

I like to think of Kettle as a bridge between the process-flow diagram, and the code. I started converting these scripts, and I was astonished by the fact that most of the conversions I was doing was converting a long perl script into 3 or 4 Integration steps

I m totally besotted with this program now. Any time I have to do data manipulation, I turn to it. I can t describe how (once you ve got used to it s quirks) easy it is to use, how simple it is, and how much it just makes sense. Best of all, most of those evil scripts are gone now, and replaced with pretty diagrams that do the work for you.

If you have to play with large data sets on a regular basis, I urge you to try it out. You can buy me a beer for reccommending it next time you see me at $conference.

Ok, so recently, Richard Johnson and Michael Lustfield blogged about tab completion for SSH hosts. I m an avid user of zsh, and have my own way of doing this (liberally stolen from Daniel Silverstone). Now, this requires a little setup to start with, as some Linux Distributions have a habit of creating hashed known_hosts files. So, what I ve done, is before I ever SSH into a host, I add the following line to my ~/.ssh/config

HashKnownHosts no

From here, I can then add the following line to my ~/.zshrc

zstyle -e ':completion::*:*:*:hosts' hosts 'reply=($ =$ $ (f)"$(cat /etc/ssh_,~/.ssh/known_ hosts( 2)(N) /dev/null)" %%[# ]* //,/ )'

Now, when I try and ssh into a host, I can use tab completion to complete any host I ve previously ssh d into and any new hosts I ssh into get automatically added to the list