Katriel Cohn-Gordon

Cyber security researcher at Oxford. Not nearly rational enough.

Read this first

remote time machine

Super easy: you can use a Linux server running netatalk as a Time Machien backup drive. Easy peasy.

Instructions at the link, but in brief:

sudo apt install build-essential devscripts debhelper cdbs autotools-dev dh-buildinfo libdb-dev libwrap0-dev libpam0g-dev libcups2-dev libkrb5-dev libltdl3-dev libgcrypt11-dev libcrack2-dev libavahi-client-dev libldap2-dev libacl1-dev libevent-dev d-shlibs dh-systemd avahi-daemon libc6-dev libnss-mdns

git clone https://github.com/adiknoth/netatalk-debian
cd netatalk-debian
debuild -b -uc -us
sudo dpkg -i ../*.deb

sudo nano /etc/netatalk/afp.conf

You probably want to make a new user with adduser --home $BACKUP_DIR and point the backups to there, adding valid users = $user to afp.conf.

Give it a while for avahi to kick in (I rebooted) and then you should see it in the list of Time Machine drives you can add in Settings.

Continue reading →


This is all pretty obvious, but recording it here for posterity. spotifyd is an open-source, lightweight Spotify client for Premium accounts. We use it for our home server, which runs a couple of instances to enable Spotify Connect to the home speakers.

Setup is pretty easy but requires a little systemd messing around. Step 1 is to clone the repo and build spotifyd (which needs Rust’s cargo), and then symlink it into /usr/bin. I’m using the pulseaudio backend, so the command to build is cargo build --release --features pulseaudio_backend. Step 2: write

Description=A spotify playing daemon

ExecStart=/usr/bin/spotifyd --no-daemon


to /etc/systemd/user/spotifyd.service and chmod it to readable for everyone. Step 3: for each user that wants to run spotifyd

Continue reading →

user pulseaudio

Michael and I have a home server running spotifyd (which is really a story for another post); each running a user systemd service to keep it up.

This seemed to confuse pulseaudio a little. The default ubuntu configuration runs one pulseaudio service per user, and only the “active user” gets to actually make sounds come out of the speakers. The definition of active user wasn’t entirely obvious; if someone was logged in to a graphical session then they got it, and otherwise it seemed to take turns based on who was actually playing.

Anyway, apparently it’s not recommended to run pulseaudio as a system user, mostly for security reasons, but as an Official Security Person I can clearly ignore all of these and just run it anyway. So, to get it working:

sudo systemctl enable pulseaudio
sudo systemctl start pulseaudio

then for each user that should play music, add that user to the audio and

Continue reading →

fish history sync

I use fish in tmux with maybe two dozen shells open at a time, for various projects that I have hanging around. By adding

# history across fishes
function save_history --on-event fish_preexec
    history --save
alias hr 'history --merge'  # read and merge history from disk
bind \e\[A 'history --merge ; up-or-search'

to ~/.config/fish/config.fish, reverse search now syncs across all history in all shells (or you can bring a shell up to date with all other shells using hr). That feels good.

Continue reading →

flux and hue

[f.lux](www.justgetflux.com) is pretty awesome. Now that my room is lit by hue, I wanted a way to make my room colour temperature match my screen. This requires a few ingredients:

  • a working hue setup, obviously
  • some way to control the lights from the command line. You don’t actually need anything for this, since the bridge actually just accepts HTTP requests to set values, but it’s nice to have a wrapper so you don’t have to worry. I used hue-cli – which, beware, is not the only hue-cli package out there. It has a command hue lights all red which does what you expect
  • some way to get the desired colour temperature when the script is run. Ideally I’d use the f.lux one, and I’ve emailed the devs to ask, but in the meantime the open-source f.lux clone redshift will tell you what it thinks the colour should be given your current location. Note that f.lux has much more aggressive reddening

Continue reading →

appengine doesn’t work OOTB

Google App Engine for Python doesn’t work out of the box with Python 2.7.9 as of Jan 2014; you have to patch its fancy urllib overload.

Specifically, you get an error about an unexpected context argument, which is because the base AbstractHTTPHandler now allows more arguments in its do_open function which the child has to pass through.

To fix it, patch .../path/to/sdk/platform/google_appengine/lib/fancy_urllib/fancy_urllib/__init__.py.

Continue reading →

website hosting

I’m in the process of setting up cohn-gordon.org and cohn-gordon.com for my brother and me. They use a cute trick to host out of Dropbox and proxy via GAE, in order to get nice, fast, free websites.

 Step 1

We’re going to host the actual domain statically out of a Dropbox public folder. To do this, simply (create the Public folder in your Dropbox root if it isn’t already there then) make an index.html and copy the public link. Write this website as you will.

 Step 2

This now hosts your website on Dropbox, with a URL of the form dl.dropbox/com/u/.../index.html. We’ll run a proxy on GAE to create nice URLs. I used the shin1katayama fork of dropbprox, which uses index.html as the root of any directory if it isn’t specified. Follow the instructions on dropbprox to setup a new GAE app, clone the code, add your app ID to app.yaml and your Dropbox UID and index.html to mirror.py, and deploy.

Continue reading →


For the next in the collection of “short blog posts with things that will make your life better”, I give you [followupthen.com](followupthen.com): forward any email to them and it’ll come back when you say.

For example, if you want a reminder to do something in two weeks, email twoweeks@followupthen.com (or the short version twoweeks@fut.io) and it’ll bounce back to you in two weeks.

If you want to make sure someone has replied within a day, bcc [tomorrow@fut.io](tomorrow@fut.io) and it’ll come back in a day.

If you want to get nagged every evening to do something, email tomorrow8pm-t@fut.io and it’ll come back every day until you clear it.

Etc, etc. Great service, and has the advantage over competitors like Mailbox or Boomerang that it works over email so mobile is as good as desktop.

Continue reading →


A quick one: tmuxinator is a super-easy way to manage your tmux configurations, setting up windows and panes just as you like them. When set up, you just have to run

mux work

to connect to your “work” tmux session. Mine, for instance, opens up three different windows, for each of three projects I’ve been working on lately, and one editor window that I just use for command-line stuff, split into two panes.

To get it working just brew install tmux tmuxinator, and then run mux new work to set up a “work” tmuxinator config.

Continue reading →

iButton hackery

To get in to various places around Oxford, many places use little iButton fobs, which run on the Dallas Semiconductors 1-Wire protocol. When you tap them against a “master” device, they broadcast their unique ID, which the master can then look up in its list of people.

iButton fob

Kevin and I decided that this was excessively simple, and that we should build something to read and impersonate these fobs. Fortunately, the 1-Wire protocol they use is relatively standard, and there’s already an Arduino library to handle them.

The circuit you need is simple: connect some pin to a 4.7k resistor, +5v power and the centre of the fob, and ground the outside. Then run the following and the serial monitor should spit out the unique ID of any iButton you tap.

#include <OneWire.h>

// This is the pin with the 1-Wire bus on it
OneWire ds(PIN_D0);

// unique serial number read from the key
byte addr[8];


Continue reading →