So a little over a year ago, around the original launch of this blog, I mused about my apprehension that I wouldn't ever update it. As I said it then:
I spend enough time sitting in front of a computer, and a blog just [is] yet another thing to keep me from ever seeing the sun. So why now? I'm not really sure, other than a recurring and nagging desire to share my thoughts and notes.
Well. I was right that I would never update the site; or at least I haven't substantially in 16 months or so. Though that nagging feeling is back. This post is mainly to make sure my workflow still functions, and get the juices flowing, so that I can write a slew of new posts following up on my previous post about privilege separation using xpra, this time using machine virtualization.
In the time that has passed since I stopped post here, lots has happened.
Today, I was responding to an issue on Mayfirst's issue tracker, involving the ssh key for a decommissioned server having never been revoked (and thus still active in the monkeysphere). Since the ticket had languished without followup for two years, I wanted to see if the work had been done, and just not commented on, so I went to check for revocations. There was only one problem — I rarely do that and realized that the process wasn't clear in my mind.
A little bit of searching on the Internet turned up descriptions and howtos about creating and publishing revocation certificates. Also, many layers of links back to some version of the GPG manual. Read up there for background on key and signature revocation.
To fill the lazy search void that I found, here is a quick and dirty guide to determining revoked keys and signatures.
This fairly new and simple blog has actually been months in the making. Almost two months at this point. For many reasons, I've been falling down what seems like an unending rabbit hole with Ikiwiki. Somewhere towards the bottom I found that I had backported ikiwiki, and written an ikiwiki puppet module for Mayfirst servers, and was working on an auto.setup file specific to MFPL servers.
Launching this site was far harder than I had imagined when I first started setting up Ikiwiki. It turned into about four different projects.
I just heard a about this new thing, they call it a blog! Have you heard? As one who is always up on their latest tech, I welcome you to my blog.
So, yeah, I'm really late to the whole blogging thing. If it were 2004, I might be ahead of the curve, but like a true trend setter I've waited until no one cares anymore. These days, setting up a blog is about as exciting as setting up an email address. But, like email, blogs are now a part of the way information travels on the Internet.
This is the next in a series on changes I made when I upgraded from Debian squeeze to wheezy (see the first one). I decided to take to opportunity of the upgrade to do some better privilege separation on my system. The goal was to get the software that I don't think should have any access to the rest of my running X session, to run as its own user and be completely cut off from my X session. This had to happen in a way that doesn't change my work flow and browsing habits. I accomplished this using Xpra, and some handler scripts.
I recently upgraded from Debian squeeze to wheezy. As happens with these upgrades, I was awash in things that no longer worked quite the way I expected them to, and configuration changes to make.
This is the first of a couple pieces on what I did to get things working to my liking. As the title suggest, this is about the the interactions of startx, ConsoleKit, and Xfce 4.8. Or, more accurately, how the interactions between those things broke in my setup when I upgraded, and how I got it working again.