Archiving github

GitHub-Backup is a small project to archive github repos to a local computer. It advertises that one reason to use it is

You are paranoid tinfoil-hat wearer who needs to back up everything in triplicate on a variety of outdated tape media.

which describes why I was searching it out perfectly.

I made a new account on my server (github) and cloned their repo.

sudo useradd -m github
sudo -i- u github
git clone

Despite being semi-unmaintained, everything mostly works still. There were two exceptions–some major design problems around private repos. I only need to back up my public repos really, so I ‘solved’ this by issuing an Oauth token that only knows about public repos. And second, a small patch to work around a bug with User objects in the underlying Github egg:

-       os.system("git config --local gitweb.owner %s"%(shell_escape("%s <%s>"%(,"utf-8"))),))
+       if hasattr(repo.user, 'email') and
+               os.system("git config --local gitweb.owner %s"%(shell_escape("%s <%s>"%(,"utf-8"))),))

Then I just shoved everything into a cron task and we’re good to go.

@hourly GitHub-Backup/ -m -t  vanceza /home/github/vanceza

Edit: There’s a similar project for bitbucket I haven’t tried out:

Configuring mailx’s .mailrc with Gmail

Here’s how I added gmail to .mailrc for the BSD program mailx, provided by the s-nail package in arch.

account gmail {
  set folder=imaps://
  set smtp-use-starttls
  set smtp=smtp://
  set smtp-auth=login
  set smtp-auth-password="PASS"
  set from="John Smith <>"

Replace PASS with your actual password, and with your actual email. Read the documentation if you want to avoid plaintext passwords.

You can send mail with ‘mail -A gmail <params>’. If you have only one account, remove the first and last line and use ‘mail <params>’

Setting up SSL certificates using StartSSL

    1. Generate an SSL/TLS key, which will be used to actually encrypt traffic.
      openssl genrsa -out ${DOMAIN}.key 4096
      chmod 700 ${DOMAIN}.key
    2. Generate a Certificate Signing Request, which is sent to your authentication provider. The details here will have to match the details they have on file (for StartSSL, just the domain name).
      # -subj "/C=US/ST=/L=/O=/CN=${DOMAIN}" can be omitted to fill in custom identification details
      # -sha512 is the hash of your key used for identification. This was the reasonable option in Oct 2014. It isn't supported by IE6
      openssl req -new -key ${DOMAIN}.key -out ${DOMAIN}.csr -subj "/C=US/ST=/L=/O=/CN=${DOMAIN}" -sha512
    3. Submit your Certificate Signing Request to your authentication provider. Assuming the signing request details match whatever they know about you, they’ll return you a certificate. You should also make sure to grab any intermediate and root certificates here.
      echo "Saved certificate" > ${DOMAIN}.crt
      wget # Intermediate and root certificate for StartSSL
    4. Combine the chain of trust (key, CSR, certificate, intermediate certificates(s), root certificate) into a single file with concatenation. Leaving out the key will give you a combined certificate of trust for the key, which you may need for other applications.
      cat ${DOMAIN}.crt sca.server1.crt >${DOMAIN}.pem # Main cert
      cat ${DOMAIN}.key ${DOMAIN}.crt sca.server1.crt ca.crt >${DOMAIN}.full.pem
      chmod 700 ${DOMAIN}.full.pem

See also:

Making my finances public

I decided to post all of my purchases/income. This isn’t something I was totally comfortable with, but I couldn’t think of good reasons not to, and my default position is to release information. I think this is especially interesting since it’s not something I’ve seen made available before. Link:

I think the analysis may be useful to other hackers, as people tend to be insane and cost-insensitive around money. I think having another persons’s finances to look at for comparison is something I’ve wanted for various reasons at various times, and it’s not commonly available. My selfish motivations are to get other people to tell me how I should be saving lots of money, and to feel like my financial decisions are under scrutiny (which is good and bad).


Running a forge server on headless linux

I’ve had a lot of trouble getting Minecraft Forge to run headless. They have a friendly installer option that I just can’t use in my situation, but one of the devs seems actively hostile around providing help to headless servers, so I didn’t bother asking forge for help. I thought I’d write up what I had to do to get things working. As a warning, it requires some local work; you can’t do everything headless with these directions.

I’m running Minecraft 1.6.4, with the latest version of forge for that,

  1. Locally, download and start the minecraft client for the correct version at least once. Not sure if you’ll need to ‘play online’ or not. If you have the current installer, you need to make a new profile with the correct minecraft version and play that.
  2. Copy ~/.minecraft/libraries to the headless machine.
  3. Download forge (the installer version, not the universal) from The non-adly version is the little star for non-interactive use.
  4. Run
    java -jar forge-1.6.4- --installServer
  5. Delete the installer, you don’t need it any more.
  6. Install any mods you want to the ‘mods’ directory, edit, etc. Normal server setup.
  7. To execute the server, run the file indicated in the installer. In my case, I run
    java -jar minecraftforge-universal-1.6.4- nogui

Alternatively, you can install the entire server locally and copy it over.

Amazon AWS

I was originally planning to write a rosetta-stone style guide for similar commands between digital ocean, google compute, and AWS. Instead, I spent all day writing this CLI tool for EC2 which wraps the enormous and unintuitive AWS command-line tool. It’s not totally polished, namely you’ll have to hand-substitute some stuff at the top of the script that should properly go in a config file, but hopefully someone will find it useful.

As a warning it terminates, not just stops, all amazon instances when asked.