HOWTO: Import Keybase.io Public Keys to SSH authorized_keys

Saturday, July 29, 2017

A little while back I was looking for a way to add a handful of users to the authorized_keys file on some test servers.

This server necessarily required the existence of only one account that when troubleshooting was required, would be used to login/troubleshoot. These servers would be rebuilt every morning and it would have probably been fine to share a password and just login with shared credentials, but the security guy in me is allergic to enabling Challenge/Response authentication. The alternative – sharing a public/private keypair among users – is also a huge no-no0.

Unfortunately, where public/private keys were in use, they were generally generated by the users themselves – one of the perks of being at a dev shop with a bunch of folks who seriously know what they’re doing is that they have generally done this ‘correctly’, however, we didn’t have a central server that stored a record of the public keys for easy distribution.

Another side-effect of being at a dev shop is that many of the users were Keybase users. Unfortunately, Keybase keys are PGP keys, not SSH keys and the two key formats are not inter-changeable. Worse, still, is that they’re really not designed for the same purpose. In the GnuPG world, a key used for authentication would almost always have a sub-key for that purpose. Having been using my keybase key for login to SSH for a while, I’ve had a script (albiet, one that only works with gpg v1) to automate exporting the public/private keypair, making it easy to get the public key to the server with a simple ssh-copy-id, but what about when I have a few users I want to provision without ever handling their private key? I couldn’t find a good reference for doing that so I figured it out on my own.

Importing a GPG public key without the private key and without installing the keybase client

I wrote a shell script, located here, if you want to skip the details and just run it.

Simply login as the user you wish to add an authorized key to and:

chmod 770 ./authorizePublicKeybaseId.sh # only needed the first time
./authorizePublicKeybaseId.sh <id> # where ID is the keybase ID

It requires GnuPG 2 to execute (at least version 2.1.11) because it relies on a feature added in that version.

The script works by grabbing the public key via keybase.io’s public API (beta) and calling GnuPG 2 with the --export-ssh-key (forced with the “!”) to convert the key from GnuPG public key format to SSH public key format.

Because various distributions’ packagers install gpg in different ways, there’s a few checks to figure out which gpg binary is version 2 (often it’s gpg2) and a check to ensure the v2 binary is at the right minor/patch versions to successfully run the script. I also discovered some odd differences in the way that GnuPG 2 behaves between a few distributions – sometimes returning the 32-bit fingerprint rather than the 64-bit fingerprint, so I take an extra step to get the 64-bit fingerprint with some awk parsing.

Currently, this only handles grabbing the public key and it does so without touching the private key (which is something that requires a lot more delicate handling). I’m working on a script to download/import the private key (as well as password protect both the ssh private key and protect it in the GnuPG database). I’ll post that as soon as I’m comfortable that it’s somewhere resembling “safe”, but for the time being, there are several scripts out there that allow you to do this and I’ve tested a few of them against the method I’m using here. They all have worked.

0 I sort of hope I don’t have to explain why, but one big reason is that if one of those employees leaves the company, the shared credential has to be destroyed and removed from every host and a new one has to be issued to all of those users. If one uses

Resetting the Visual Studio Experimental Instance Visual Studio 2010-2017 via PowerShell

Wednesday, July 5, 2017

There’s a handful of things that you have to do frequently enough when debugging a Visual Studio extension that it becomes almost routine, but not frequently enough for you to actually remember the exact shape of the command you need to run.

Since I got horribly tired of having to hit up Bing every time I needed to remember the specific command, I decided to document some of them here.

The TL;DR; - Use PowerShell to Reset the Visual Studio Experimental Instance

I’ve created a simple script to reset the Visual Studio instance, available here. It takes two parameters, -Version and -InstanceName (which matches the “RootSuffix” parameter used … most of the time). You needn’t run it from a Developer Command Prompt, it grabs the install locations from the registry.

Some Useful Bits to Remember

Visual Studio Version Mapping and .Net Framework

Marketing Version Actual Version Framework Versions
2010 10.0 4.0
2012 11.0 4.5.2
2013 12.0 4.5.2
2015 14.0 4.6
2017 15.0 4.6.2

Default Visual Studio Paths

For these defaults, I’m assuming you’re on a 64-bit operating system. If you’re still stuck banging rocks together on a 32-bit OS, just knock out the (x86) where you see it.

Visual Studio 2010 - 2015

The paths for these versions have been pretty predictable. They start in %ProgramFiles(x86)%, which usually maps toC:\Program Files (x86) and are stored in Microsoft Visual Studio 1x.x where x corresponds to one of version numbers in the Actual column.

Install Root:

"${env:ProgramFiles(x86)}\Microsoft Visual Studio 1x.x"

… or if you prefer cmd.exe:

"%ProgramFiles(x86)%\Microsoft Visual Studio 1x.x"

Visual Studio 2017

Things were reorganized a little bit with Visual Studio 2017. The install root is now located at:

"${env:ProgramFiles(x86)}\Microsoft Visual Studio\2017\<Edition>"

Where <Edition> is going to correspond to the edition, Community, Professional or Enterprise.

In addition, the RootSuffix, at least on my machine, is only part of the suffix name. This is a fact that Visual Studio understands, but the tool for creating/managing the experimental instances from the command prompt does not.

The PowerShell script provided above will provide you with experimental instance names if you attempt to reset one that doesn’t exist (as would happen if you provided Exp but the name was actually _70a4f204Exp

Refresh the Experimental Instance with the Script

Basic help can be found by typing Get-Help ResetExperimentalInstance.ps1 -Full, but here’s how you use it:

.\ResetExperimentalInstance.ps1 [-InstanceName] <InstanceName> [-Version <Version>]

Version - Optional - If you have only one version of Visual Studio installed. Note that this includes applications that use other versions of Visual Studio, like SQL Management Studio and System Center Configuration Manager’s management tools. If you have more than one version installed, the script will exit but will print the versions that are available.

InstanceName - Required - Usually the same as what is provided as the /RootSuffix parameter in the Debug panel within Visual Studio for your extension. However, it may actually be _[some 32-bit Hex][RootSuffix], i.e. _71af83c4Exp for the Exp instance. If a corresponding folder for that instance is not found, you’ll be given a list of all of the instances that are found for the provided version and prompted as to whether or not you want to create a new experimental instance.

The _ in the long name is required for the Visual Studio provided tool, CreateExpInstance.exe, which the script uses. However, the script will look for a folder that only differs by the starting _ and will correct your InstanceName if that’s the only difference.

HOWTO: Pair an Intermatic InTouch CA5100 Accessory Switch to SmartThings

Tuesday, November 29, 2016
Problem

You found a good deal on an Intermatic InTouch CA5100 Accessory Switch, you installed it and consulted the manual to set it up only to be pointed at another manual -- not included in the package -- for pairing instructions. Hopefully, you also noticed that this is a switch that doesn't actually control anything; it simply sends Z-Wave commands and reports its status (for people like me that have a regular outlet where it would have been really convenient to have a light switch).

You've searched the internet and you have no doubt discovered that Intermatic appears to have decided to pretend they never created this product. There's no reference to it on their web site and several URLs that once pointed to manuals on a different site run by Intermatic now just redirect to their homepage. Awesome.

How to Pair
Well, first get it all wired up. Hopefully the LED is cycling Red<->Blue. One small caveat - when pairing, the reception of the switch is significantly less than when it is functioning normally. You may need to move your SmartThings hub closer to the device to get it to work. Open the app and choose Add a Device. (I can't confirm this -- mine was in the same room -- it's just something I read several times). You can move it back where it was when you'e done. It'll start searching for devices. Hit "Up", "Down" and then press both buttons on the switch at the same time. It should show up as a Generic Z-Wave Device. Add it, give it a name and you're part way there.
Making it work

You're not quite there, yet. Though the device is recognized, SmartThings doesn't know what it does, yet. Visit this helpful forum post for a groovy script that can be added using the IDE. After you've published the script, you can visit the My Devices tab, select the switch and change its type to Intermatic CA5100.

I'm writing this post mostly for myself because I know at some point I'm going to have to do this again and after having spent about an hour trying to find some hint as to how to pair this thing, I can only imagine it'll get harder in the future. In fact, the only reason I discovered this at all was because I went to the Amazon product reviews and found someone who had mentioned the pairing procedure in passing during his review. Once that product is gone, I don't expect that information to be there any longer. As far as the device, itself -- it was inexpensive compared to others and fit my needs perfectly. Now that it's working, I have no complaints, but failing to include a manual with three simple steps to pair the thing is a pretty big omission and likely caused endless support calls.

HOWTO: Getting the HubPiWi Blue kernel moduels installed on Raspbian Jessie

Monday, September 26, 2016
Background

The HubPiWi Blue is an add-on for the Raspberry Pi Zero that gives you three USB ports, and a combined WiFi/Bluetooth adapter (RealTek chipset). If you poked around after install, you likely noticed that there's a module for a Realtek device already detected and running. We're part of the way there, unfortunately, it's only the "Bluetooth" part and I'm not even sure that it truly works. Thankfully, RealTek provides module sources for a Linux driver and they were great with Raspbian (with a few Makefile tweaks). Unfortunately, this means we'll not be able to update the kernel after this without repeating a lot of these steps again.

Initial Setup

I’ll skip the basics except for this: Get an SD card, load the latest Raspbian image onto it and pop that into the Pi Zero’s available card.  You’ll want a monitor/keyboard handy or an FTDI adapter.  And you’ll need some time – my recommendation: line up some chores to do during each of the major steps and you’ll get a bit done while you’re waiting.

What you’ll need

If you want to follow this post exactly, here’s what you’ll need.  I’ve included notes about alternatives where I can, but I’m doing this as I write, so I’m providing what I used to make it work.

  • A Raspberry Pi Zero
  • A HubPiWi Blue
  • USB power and Micro USB cable
  • An HDMI display and Keyboard or an FTDI Adapter
  • A Wireless network you intend to attach to.
Before We Build the Driver

As always, run the following commands:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo reboot

It’s a Pi Zero, so it’s going to take a while.  To its credit, it performed faster than my original Raspberry Pi.  And for $5 (or if you were one of the lucky ones that grabbed one at Microcenter for a buck), you can’t really complain.

I used the non-LITE version of Raspbian and ended up with 122 packages that needed updating, which took around 35 minutes.

Building and Installing the WiFi Kernel Module

The HubPiWi uses the Realtek 8723BU Chipset and the same Bluetooth module found in the 8723AU. Luckily, there are kernel modules for these. I've created a fork of the WiFi driver repository and modified the Makefile to allow for an easy build on Raspbian, so we'll clone my forked repository and use that to build the module.

cd ~/
git clone https://github.com/Diagonactic/rtl8723bu.git

The driver is kernel version specific, so we need to get the correct linux headers.

sudo apt-get install raspberrypi-kernel-headers

Time for some more chores.  This clocked in at about 10 minutes.

cd ~/rtl8723bu
make 

This will run about 30-40 minutes.  When you’re done, you’ll have a compiled driver and be ready to install:

sudo make install 

At this point you can either reboot with the “reboot” command or type the following:

sudo insmod 8723bu.ko
ifconfig

You should see your wlan0 device ready to go! Of course, you still need to configure it to attach to your network. There's a variety of ways to do that so simply search away and set that up and you'll be connected.  That’s fairly easy and there’s several articles on how to do that.  This device also comes with Bluetooth support, so follow the remaining instructions to get that working if that’s something you’re interested in.

Building and Installing the Bluetooth Kernel Module (Optional)

Since it’s always a good idea to only enable the features you’re actually going to use, if you have nothing to pair the device with or no use for Bluetooth at this time, you can skip this.  These steps are Bluetooth specific and doing them will not improve or affect your ability to get going with WiFi, which is more-than-likely what you wanted to get working, anyway.

The modules above do not include the Bluetooth part, so for that we need to grab and compile a new module.

cd ~/
git clone https://github.com/lwfinger/rtl8723au_bt.git –b kernel
cd rtl8723au_bt.git
make
sudo make install

Note the “-b kernel” on the git clone command.  If you fail to include this the make command will not work (and will instruct you to grab the kernel branch, which is why we’re including the –b kernel above).  This will take about 15-20 minutes on the Pi Zero, so kick back and drink some more coffee.

Now all we need to do is insmod a few modules and we’re in business

sudo insmod btrtl.ko
sudo insmod btintel.ko
sudo insmod btbcm.ko
sudo insmod btusb.ko

Assume you received no error messages, we can now verify that Bluetooth is working:

sudo bluetoothctl

You should see something along the lines of “[New] Controller xx:xx:xx:xx:xx:xx yourhostname [default]”

That’s it!  Pairing devices with this controller is done the same way it would be done with a Raspberry Pi 3.  If you need instructions on that, I’ll leave you to google away since that may change as time progresses (but should always be the same process for this device as it is with others).

Bluetooth Device Compatibility

If you chose to install the Bluetooth Kernel module there’s a small but important disclaimer.  Bluetooth implementations can be hit and miss.  Despite having a “certification” component that’s supposed to mean that a Bluetooth device will operate with anything else that’s certified (indicated by the Bluetooth logo being present on your device), this is often not the case in the real world.  I expect you’ll have no problems with any Android or iOS device, however, if you’re trying to pair with something a little more exotic, like an older Microsoft Windows Mobile phone, Microsoft Branded “Sync” stereo, or other stereo/TV, you may have problems (I’m not picking on Microsoft, directly, here, these are just devices that I have owned that I’ve had Bluetooth pairing problems with in the past).  Bluetooth keyboards, for instance, are notoriously painful to get to pair properly (you may want to use the GUI tools to do this, though it will be very slow on the Pi Zero)

Ongoing Maintenance Note - IMPORTANT!

If you've been messing with Raspberry Pi hardware for a while, you'll recognize those first few steps as common steps for updating the Pi.

Nearly every bit of "help" will point you at these steps as a "do this first" (keeping software up-to-date is always a good idea). The issue, though, is that this will sometimes install a new kernel version. When that happens, the new kernel will not have a module for your WiFi adapter. Not to worry: simply repeat the process from Building and Installing the WiFi Module after a new kernel comes down and you'll be back up and running.

Printing with PC Plus Polycarbonate Filament on a Maker Select v2

Thursday, July 14, 2016

Several months ago I purchased a Maker Select 2.  I believe my quote, most recently, was “It’s been a few months and the 3D printer is still the coolest thing I’ve ever owned.”  It’s also, sometimes, one of the most frustrating.

My current project is printing a multi-extruder printer (aiming for 4, but starting with 2) using a mash-up of a few different designs and I’m working on a Bowden extruder.  Since I had the need to print some very strong parts for another project, I picked up some PC-Plus after a bit of research.

This stuff is stronger than I’d imagined

Since I’ve had, now, four failed prints with this material, I’ve had an opportunity to test the physical properties.  My tests indicate the most optimistic of the marketing materials is spot on.  My PLA+ extruder body was able to be cracked pretty easily with a rubber mallet on my cement basement floor.  The ABS and Nylon parts were pretty solid but one of the components was designed in such a way that the flexibility of those filaments was going to be a problem. 

This stuff was hard to break with a full-on metal hammer.  It’s far less flexible than ABS or Nylon and the point it which it will flex is (in my unscientific estimation) about twice the pressure it takes to completely snap a PLA print.  I’ll admit, it was kind of fun hammering the crap out of the part seeing how hard I’d have to hit it to get it to crack.  About the only bad thing I can say is that it did dent pretty well but it dented at well beyond the point other parts would have broken.

This material is the stuff that profanity is made out of

I’ve yet to run into a filament that is more difficult to print properly with.  I’ve printed with PETT, PETG, T-Glase, ABS, PLA, PLA+.  It’s safe to say that it takes all of the difficulties of each of these and combines them into one magnificent package.  It’s very temperamental with regard to moisture as evidenced by the fact that it shipped in a vacuum sealed pack with a zip-lock seal for easy re-packing.  Luckily we run the air conditioner here like it’s the arctic.

It curls.  No, I mean, like 80s perm psychotic curls.  They used to ship it with a square of BuildTak.  The manual and nearly everywhere you read says it is *required*.  Thankfully, it’s not if you’re creative.

To get that strength, you need to run your hot end at 260 degrees or higher (that’s as high as the Maker Select 2 goes, so that’s what I’m stuck with) and you need to print slowly (details below).

The BuildTak Option

The Maker Select v2 shipped with a BuildTak clone of some kind attached to the metal heated bed.  I say “Of Some Kind” because this was one of the first things I removed from the printer since the PLA and Nylon I was printing with seemed to just bounce off of the surface of whatever this 3M product was.  After trying a few things that worked well for me in the past, I gave up and purchased 3 sheets of BuildTak.

Let me just say: I hate this stuff.  Perhaps that’s strong sentiment borne out of hours of frustration with this filament more than it is a scathing rebuke of BuildTak, but I’ll never buy it again. 

The first problem is that it works a little too well.  PC-Plus sticks to it like super glue and removing the part rips the surface off of the BuildTak.  It’s difficult enough getting the bed leveled perfectly to the factory recommendations but now you have to figure out just how higher you need to level it in order to get the part to stick properly, but not too well.  That’s assuming the BuildTak doesn’t just pull itself right off of the glass due to the heated bed weakening the adhesive.  Since I purchased the 127mm by 127mm sheets, I was printing the part right on the edge of the BuildTak and that’s exactly what happened to my second print. 

Second, and this might be a matter of me improperly cleaning the surface, but I was only able to use a non-ripped sheet twice.  After that, it simply stopped sticking no matter how close I printed. 

Third, geez this stuff is expensive!  Three of those tiny sheets was almost $10.00.  The idea that I’d get about 6 prints for that price didn’t sit well with me.

Lastly, I prefer to print directly on the glass because it makes the part look nice.  BuildTak has a rough surface and it shows up in the finished product.  That wasn’t so important for these parts (just looking at my printer with gray, green, clear, pink (!) and black parts indicates I don’t care what it looks like, I just want it to be durable and functional).

 

(Mostly) Ignoring the Manual

I’ll be the first to say that much of the manual’s recommendations worked fine except for the 0.33mm gap between the raft and the part (which resulted in a “3D printed turd” stuck to the hot end since it wouldn’t adhere to the part below).  I’d imagine part of that had to do with the fact that I can’t get it up to a higher temperature with this printer.

I really hate printing rafts.  Watching the filament burn down as it drops a surface on top of a surface that should be sticking already only to throw that part in the trash (or if it’s ABS, store it to make more glue) is wasteful.  Then there’s separating the part from the raft, which, since I rarely print rafts, I haven’t quite gotten right yet.  It’s either sticking so hard that I have to risk breaking the part to remove it or it fails to stick at all.

I was able to get it to stick perfectly, though by throwing out most of the recommendations and using a few settings that I had used with T-Glase and other finicky materials.

First, clean the hell out of your bed (91% alcohol does the trick).  Level your bed to the factory recommendations and make sure it’s absolutely perfect.

Heat up the extruder to 260 and clean any filament from the last seven failed prints off of the hot end so they don’t become a magnet for the stuff it’s already laid down.  This stuff sticks well to virtually nothing except for itself and while printing, if you get any strings, they’ll gob up and start removing portions you’ve already printed.

Heat up the bed to 90 degrees and apply a nice layer of Elmer’s Glue Stick.  Follow that up with a reasonable amount of ABS Glue (google it, it’s easy to make).  Let everything dry.

I used a 0.1mm gap on the raft when I printed with a raft (I’ve not had to since I cracked the formula for getting this to print properly).  Slow your printing down.  I went to 40mm/s with 20mm/s for the bottom layer and outer layer.  I also stuck with a 40% fill, though this was more because the part required it.  I also used four solid layers top, bottom and sides.  It may be overkill on that, but several forum posts recommended it so I started with those settings.

If your printer goes higher than 260 degrees, try going higher.  I had layer adhesion issues under 260 but still occasionally ran into small sections that didn’t adhere properly at that temperature.  That bit about making sure the head is clean is very important.  Every one of my layer adhesion issues occurred because the head picked up a string, which picked up small bits of printed material as it went along until it got large enough to get snagged somewhere in the printed body and was deposited, causing the bed to sink slightly as the head passed over.  This resulted in a small gap in a spot on the print.  Those small gaps are enough to make a very strong part pathetically vulnerable to snapping.  I resolved most of these issues over a few prints by slowing them down to the point where the head was adequately melting any smallish gobs as it passed over them and increasing the retraction by a factor of two.  Many forum posts recommended going as high as 290 degrees, which I’d imagine would allow print faster and let gravity resolve some of the issues when gobs appear but the printer I was using only allows me to get to 260 degrees.

For tall parts, consider taking a few of those Amazon boxes apart and making an enclosure.  This will keep the temperature consistently higher while printing and reduce curling.

Using these settings, and the ABS Glue plus Glue Stick, though, made the part stuck so hard to the glass I had to use a razor blade to separate it.  There was zero curling on a part that had several little finger-like points on it (and failed to print properly on anything else with this stuff) so I’m fairly convinced this is the way to go for me from now on.  YMMV

Things that didn’t work

3D printing is often about experimentation to get the easiest process to produce consistent prints with a material.  The only thing these attempts did was consistently produce curled parts or 3D printed turds.  All of these were attempted directly on glass.

Hairspray

As is common with ABS, hairspray seems to make the curling worse.  It will stick initially, but after several layers, it’ll start to curl upwards.  If you’re lucky, the print will stick somewhere and you might have a salvageable part if you don’t care about the looks and the curling occurs on part of it that doesn’t affect its performance.  I was printing an extruder so there’s very little of it that can be off.

Glue Stick (alone)

Initially it stuck and didn’t curl as much as the hairspray did.  This might have worked were the part much smaller but on the extruder body it failed after about the 20th layer, pulling completely off of the bed.  I tried this twice and I’m fairly certain it’s not a good solution.

Elmers and Water

Performed similarly but worse than the glue stick

BuildTak after Two Prints

The surface might as well have been covered in olive oil.

That 3M BuildTak like thing that Maker Select ships with

They gave me an extra one which I put in a box since the one that it came with performed so poorly but I thought I’d give it a shot.  It worked as well as it ever has which is to say, not at all.

ABS Glue (alone)

I’ve read some forum posts from people claiming they simply applied ABS glue to the glass and were printing successfully with other materials.  Perhaps mine is too diluted or I’ve done something wrong, but it’s never worked for me even with ABS filament.  This was no exception.

I also tried mixing a few variants of these, especially the hairspray since even though it seems to encourage more curling, if it gets a good stick initially, it won’t budge with other filaments I’ve tried.  The only mix that worked was Glue Stick and ABS Glue, though to be fair, I didn’t try Elmers+Water and ABS Glue and I have a feeling this would have worked.  It’s just less convenient waiting on the Elmers to get tacky enough to begin printing.

I’d love to know what anyone else has tried or if there’s a better method/something I’m missing but it’s a relatively new filament, has lots of pain points and isn’t experimented with enough to find great information from the forums so I’ve been at a loss for any solid help (which was one of the motivations for getting off my butt and writing this).  If you’ve had success with this material using other tricks, please comment!

Many thanks!