Rawhide (rh(1)) lets you search for files on the command line using expressions and user-defined functions in a mini-language inspired by C. It's like find(1), but more fun to use.

sshdo provides an easily configurable way of controlling which commands may be executed via incoming ssh connections.

But, what if you really want to be really precise on the command? Using the above example, not only running rsync but also specifying the path and the arguments? You could cheat and find what the command you are sending is supposed to look like by replacing (temporarily) your wrapper script with this

 #!/bin/sh

 DEBUG="logger" # Linux
 #DEBUG="syslog -s -l note" # OSX

 if [ -n "$SSH_ORIGINAL_COMMAND" ]; then
         $DEBUG "Passed SSH command $SSH_ORIGINAL_COMMAND"
 elif [ -n "$SSH2_ORIGINAL_COMMAND" ]; then
         $DEBUG "Passed SSH2 command     $SSH2_ORIGINAL_COMMAND"
 else
         $DEBUG Not passed a command.
 fi

Then you run the ssh command and see what it looks like in the log file. Copy that to your original wrapper script, and you are good to go. So

 ssh -t -i /home/raub/.ssh/le_key raub@virtualpork echo "Hey"

Results in

 Dec 26 13:34:05 virtualpork syslog[64541]: Passed SSH command echo Hey

While

 rsync -avz -e 'ssh -i /home/raub/.ssh/le_key' raub@virtualpork:Public /tmp/backup/

results in

 Dec 26 13:28:17 virtualpork syslog[64541]: Passed SSH command rsync --server  --sender -vlogDtprze.iLs . Public

The latter meaning our little wrapper script would then look like

 #!/bin/sh
 case $SSH_ORIGINAL_COMMAND in
     "rsync --server --sender -vlogDtprze.iLs . Public")
         $SSH_ORIGINAL_COMMAND
         ;;
     *)
         echo "Permission denied."
         exit 1
         ;;
 esac

///

find command:
grep "Passed SSH command" /var/log/syslog

The authorized_keys has a command="..." option that restricts a key to a single command. Is there a way to restrict a key to multiple commands? E.g. by having a regex there, or by editing some other configuration file? //

You can have only one command per key, because the command is “forced”.

But you can use a wrapper script. The called command gets the original command line as environment variable $SSH_ORIGINAL_COMMAND, which it can evaluate.

 lsattr -aR .//. | sed -rn '/i.+\.\/\/\./s/\.\/\///p'

 lsattr -Ra 2>/dev/null /|awk '$1 ~ /i/ && $1 !~ /^\// {print}'

Change i to d to find "nodump" attribute/flag

FreeBSD:
find . -flags +nodump

GNU Rush is a Restricted User Shell, designed for sites providing limited remote access to their resources, such as, for example, savannah.gnu.org. Its main program, rush, is configured as a user login shell for users that are allowed only remote access to the machine.

Our second line of defense in securing our script setup is to use the command ="" directive, also specified in the authorized_keys file. The syntax for this looks like:

 command ="command",  KEY

This tells SSH to run command and then exit. It effectively limits your ability to run commands on the remote server.

Matt Huber is a professor of geography at Syracuse University. He writes about energy, economies and the way that energy sources have influenced modern societies and economies.

One of his first books was Lifeblood: Oil, Freedom, and the Forces of Capital (2013) which is very briefly described as follows:

Looking beyond the usual culprits, “Lifeblood” finds a deeper and more complex explanation in everyday practices of oil consumption in American culture. Matthew Huber, associate professor of geography and the environment, uses oil to retell American political history from the triumph of New Deal liberalism to the rise of the New Right, from oil’s celebration as the lifeblood of postwar capitalism to increasing anxieties over oil addiction.

In April 2022, Huber published a significant piece in Jacobin with Fred Stafford that explains how his research has revealed that most of the financial benefits associated with renewable power system development and electricity production “deregulation” have been captured by entities that the Left is supposed to dislike.

When we look at the actually existing decentralized renewable energy industry, we see many things the Left should abhor — deregulated markets, tax shelters for corporations, a rentier development model, and an anti-union industry dependent upon a transient and insecure workforce.

Though the environmental left may not want to accept it, the small-is-beautiful approach of decentralized energy provides ideological cover for a ruthless form of renewable energy capitalism. And even worse, it threatens our fight to halt climate change in its tracks.
-- In Defense of the Tennessee Valley Authority, Jacobin 40/04/2022

Huber believes that large, capital intensive power plants have been valuable investments as anchors in our electricity grid. Contrary to the characterizations offered by critics and advocates of radical transformation, he believes that the grid is one of the greatest inventions of the 20th century and that we should add to its capabilities instead of seeking to completely rebuild it with a different generation model.

Darryl Siemer is a professional chemist who spent his career in nuclear waste remediation at the Idaho National Laboratory. While there, he developed a reputation as someone who will not go along to get along and apparently made quite a few waves by suggesting improvements in processes or technical decisions that might have resulted in the loss of numerous jobs by actually completing tasks and reducing expenditures on technical dead ends.

In a world dominated by “cost plus” contracting, beneficial suggestions are often quite unwelcome and can result in efforts to isolate and marginalize the source. //

Darryl points out that there are several fatal flaws in the current technical path being followed at the Hanford tank farm. He is certain that attempting to segregate the sludge in the tanks is difficult enough to be called impossible within the constraints of any foreseeable expenditures. He knows that the borosilicate glass that has been chosen as the final waste form is incompatible with several of the components of the sludge. Finally, he believes that it is a fantasy to assume that there will be any available “somewhere else” that will accept the material, no matter what form it is in.

Darryl’s suggested path forward dodges each of those flaws in a rather elegant, “lazy cheapskate’s” approach to solving the very challenging problem.

Aside: One of the highest compliments I can pay to a scientist or engineer is to point out that they are following a “lazy cheapskate” approach. In my view, a good problem solver should be a lazy cheapskate who prefers to ponder rather than work, and to come up with a solution that will not result in any excessive costs and the minimum possible work in the future. End Aside.

Plutonium-239 (Pu-239) is a nuclear fuel source that should play an important role in a sustainable, rapidly growing nuclear power enterprise. It is a natural byproduct that is created inside every fission reactor using uranium fuel. It is fissile with characteristics that are similar to U-235, the fissile material that provides most of today’s nuclear power.

During the 1960s and into the 1970s, energy visionaries spoke and wrote about a coming Plutonium Economy that would gradually replace the existing Hydrocarbon Economy and give human society an inexhaustible fuel source. //

It’s easy to imagine that people whose wealth and power came from the Hydrocarbon Economy weren’t thrilled about the near-term prospect of having their comfortable lives disrupted by a powerful new competitor.

A sustained campaign aimed at demonizing plutonium began sometime in the early 1970s. Plutonium has been called the most toxic substance known to man. //

Jack Devanney says:
August 3, 2023 at 3:03 PM

Excellent post.

I would add that a combination of thorium and plutonium is pretty useless as a weapon.

In ThorCon’s case, we found that even if you pulled the fuel out at the ideal point when the plutonium was 94% Pu-239, as long as the fuel contained 10 times as much thorium as Pu-239, it would not go critical. no matter how much Pu you had. Thorium soaks up neutrons. To make a weapon from this stuff , you would need a Thorex plant which is even more difficult than a Purex plant.

The tragedy is with no HALEU, designs like ThorCon cannot spike the fuel with thorium and we lose this safeguard.

The Russian government today handed down a treason conviction and 14-year prison sentence on Iyla Sachkov, the former founder and CEO of one of Russia’s largest cybersecurity firms. Sachkov, 37, has been detained for nearly two years under charges that the Kremlin has kept classified and hidden from public view, and he joins a growing roster of former Russian cybercrime fighters who are now serving hard time for farcical treason convictions.

In 2003, Sachkov founded Group-IB, a cybersecurity and digital forensics company that quickly earned a reputation for exposing and disrupting large-scale cybercrime operations, including quite a few that were based in Russia and stealing from Russian companies and citizens. //

Prior to his arrest in 2021, Sachkov publicly chastised the Kremlin for turning a blind eye to the epidemic of ransomware attacks coming from Russia. In a speech covered by the Financial Times in 2021, Sachkov railed against the likes of Russian hacker Maksim Yakubets, the accused head of a hacking group called Evil Corp. that U.S. officials say has stolen hundreds of millions of dollars over the past decade.

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents. //

re: “Teach a Man to Phish and He’s Set for Life”
This is an old saw from the UN … Give a man a fish and you’ve fed him for a day, teach a man to fish and you’ve fed him for life.

A coworker fixed it for me: Feed blowfish sushi to spammers as often as necessary.

Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world. //

Looks like the encryption algorithm was intentionally weakened by intelligence agencies to facilitate easy eavesdropping. //

And I would like to point out that that’s the very definition of a backdoor.

Why aren’t we done with secret, proprietary cryptography? It’s just not a good idea. //

Clive Robinson • July 26, 2023 11:51 AM

@ Bruce, ALL,

Re : It started in WWII.

“Why aren’t we done with secret, proprietary cryptography? It’s just not a good idea.”

Remember this actually goes back well into the last century, that is it’s more than 20years old.

United Airlines’ oldest Boeing 767 is likely a write-off after the fuselage skin buckled and tore in a hard landing at Houston on July 29. The aircraft arrived from Newark at 10:34 a.m. with 193 passengers and 11 crew, none of whom were injured. Circumstances of the landing have not been released, but the crew taxied to the gate as normal after their rough arrival.

Ground crews found the damage and the plane remains in Houston. //

Tim S
August 3, 2023 At 1:13 pm
That airplane has had the same thing happen before, and United decided to repair it.

Apparently it’s the oldest 767 (and probably the oldest airframe period) United has, so they may decide it’s cheaper to just part it out than do that king of repair a second time.

SkyFi is on a mission to help GIS experts and data analysts replace manual labor research with easier access to Earth observation data. What was once a high-tech process is now simple, affordable, and accessible to everyone. Start using SkyFi now to find and access the  high-quality, affordable satellite photos you need for any project.

B.F. Randall
@Mining_Atoms
Word Fission power does not have a natural lobby or constituency. Fission consumes far too few resources--and produces far too much energy for a large supply chain. The world uranium market is only worth about $790 million. That's enough heat to provide all of humanity's energy nearly 6x current consumption (in a closed fuel cycle). The cow dung fuel market in India is valued at $4 billion.

@mdawese11
is doing precisely what everybody who understands objective reality and cogent energy policy should do: educate, persuade, lead. As Orwell said: restatement of the obvious is the first duty of intelligent humans. Well done, Mark.
Quote Tweet

Mark Dawes
@mdawese11
·
Jul 28
In the @DailyMailUK on why we need nuclear power to tackle climate change.

And why the positive response is to campaign with groups like @emergencyreact @Gen_Atomic for the environment.

Interest in nuclear energy as a climate change solution is rising, but no new commercial projects are planned in the U.S. right now

Creativity and Ideation
Each year, the Nuclear Innovation Bootcamp equips a select group of students and early-career professionals with the tools and understanding needed to approach the clean energy challenges of today and tomorrow.

Berkshire Hathaway purchased $123 million worth of shares in Occidental Petroleum. Even more interesting, over the past 18 months, Buffett has bought $13 billion worth of Occidental shares, bringing his total investment in the oil-producing giant to more than 25 percent.

Buffett has also been busy gobbling up shares of oil-producer Chevron. Berkshire Hathaway currently holds close to $26 billion in Chevron stock.

At his recent annual meeting, Buffett made it clear that he thinks oil production remains central to U.S. prosperity. “In the United States, we’re lucky to have the ability to produce the kind of oil we’ve got from shale,” he said. He also declared, “We do not think it’s un-American to be producing oil,” and vowed, “We will make rational decisions” in reference to fossil fuel investment.

Moreover, Buffett seems to be suspicious of environmental, social, and governance (ESG) investing, which seeks to divest in fossil fuel companies while promoting nebulous social justice causes, even when these efforts reduce returns for investors.

In fact, Buffett has referred to ESG as “asinine,” and believes it belies Berkshire Hathaway’s sole purpose: increasing returns for clients.

Frowning, the owl in the oak complained him
Sore, that the song of the robin restrained him
Wrongly of slumber, rudely of rest.
"From the north, from the east, from the south and the west,
Woodland, wheat-field, corn-field, clover,
Over and over and over and over,
Five o'clock, ten o'clock, twelve, or seven,
Nothing but robin-songs heard under heaven:
How can we sleep?

Peep!' you whistle, andcheep! cheep! cheep!'
Oh, peep, if you will, and buy, if 'tis cheap,
And have done; for an owl must sleep.
Are ye singing for fame, and who shall be first?
Each day's the same, yet the last is worst,
And the summer is cursed with the silly outburst
Of idiot red-breasts peeping and cheeping
By day, when all honest birds ought to be sleeping.
Lord, what a din! And so out of all reason.
Have ye not heard that each thing hath its season?
Night is to work in, night is for play-time;
Good heavens, not day-time!