Introducing xunitparser

I tend to think good software does not need much publicity; if it’s indexed people will find it, test it and adopt it. I am more than often proved wrong — however it seems like the less time people spend on quality, the more time they spend on publicity (or more exactly, building hype). At least I don’t think I should publicize software that I don’t consider ready for general use.

Anyway, I released xunitparser quietly a few months ago, and what happened was exactly what I usually dream of: many people started using it, sending me requests or bug reports. The weird thing is that it’s not a project I care about yet; actually I haven’t started using it myself! My goal is to analyze Weboob’s buildbot reports, and the first step was parsing the xUnit files. Since Python already has a test framework, I just use the same classes and seed them with the results.

Posted in Python | Leave a comment

Security of remote servers

Here is another example of bad randomness practices that lead to pretty serious issues (something like $15000 stolen).

The interesting part, besides the bad programming practice of writing your own random function, is that the vulnerability is outside of the server. In a way, it’s similar to the “physical access” vulnerability. And even if your hoster does not have a “rescue boot” system, datacenters are not invulnerable to theft (it actually happened more than once). This is why you should use encrypted partitions for your important data, even on remote servers.

Posted in Security | Tagged , , | Leave a comment

GPG encryption to multiple recipients

It is a little known feature of GPG: you can encrypt files to multiple recipients.
Since it uses an intermediary key, the resulting file is not that much bigger.

While it is mostly used for e-mails, I am currently using it for encrypted backups.
After all, one of the issue of encrypted backups is that if you lose the key, you can’t decrypt them, and only one person can decrypt them anyway (and you can’t backup people yet).

My goal was not to be a single point of failure for the newly founded Association Weboob. The result is that, while our user database is hosted on my server, it is backed up outside of it and three people (members of the board) can decrypt it.

To use that feature, just provide the --recipient option multiple times, for example:

gpg --recipient 42FF42FF \
    --recipient 12345678 \
    --recipient FEFEFEFE \
    --encrypt-files backup.tar
Posted in Sysadmin | Tagged , , , | 1 Comment