Exifpeeler update: SSL

After months of letting it churn happily along, I finally spent 5 minutes making a fairly important change to exifpeeler: it now supports SSL. If you visit https://exifpeeler.com instead of just http://exifpeeler.com, your data should be secure in transit and not just at either end. 

I've left the http version enabled for now, but of course recommend you use the https version -While people probably aren't scrounging through all your web traffic looking for interesting tidbits, it never hurts to be careful. 

(if this is the kind of thing you worry about, may I also recommend the excellent HTTPS everywhere.)

ExifPeeler: A web-based exif removal tool

I bought a cheap-and-cheerful VPS a year or two ago from the gentlemen at BuyVM.net. I've used it on and off for the many useful things that you can do with a VPS, but hadn't really tested it's limits. But the server is single core with an astounding 128mb of ram and 10gb hard drive, what can you really do with that?

Enter ExifPeeler. It does one thing and does it competently: You upload a batch of pictures, it strips out the EXIF data from them and gives them back to you nice and clean. You can then do anything you like with the pics without worrying about accidentally giving away your location or any other personal data.

Here's what it looks like.

And here's what it looks like after you upload files. Simple, right?

Features:

• Batch upload. You can upload up to 100 files or 50mb at once, and download the results individually or as one big zip file. 
• Unique URLs: Each pic has a unique and distinctive URL. Only you or anybody you link to your images will be able to see them.
• Secure Timed Destruction: After an hour, your files are deleted. There are no options to keep them. Because I have such limited hard server space, I can't afford to leave your holiday snaps lying around for weeks. Let's call it a security feature.
• Cross-Browser Support: Works great on firefox, chrome, and safari. IE9 and below support single-file upload only. I haven't tested with IE10, so let me know how it goes.
• Mobile Device Support: It handles batch uploading from ios, android, and blackberry like a pro.   I haven't tested on win phone 7 or 8, so let me know if you try it. 
• Duplicate Renaming: If you upload 5 pics called 'image.jpg' at once, they'll all get appropriately renamed.
• Relatively Graceful Failure: if any individual pictures you upload fail - say, you accidentally upload a word document at the same time - it will still clean all the legitimate pictures and list any failures separately at the end.

Technology:

The server I'm running it on pretty much dictated the rest of the choices. One PHP script that does all the admin (uploading, removing anything that isn't photos, creating thumbnails, etc), while it farms out all the hard work to exiftool. It double-checks to see that the exif data is definitely gone, and will refuse to even display the image if it's not successfully removed. Every 5 minutes a cron job runs and removes any files uploaded more than an hour ago. 

The key consideration is traffic. I've done some stress-testing, and it should be able to handle multiple file uploads per second. Under heavy load you might get a 5-second delay when uploading large batches (50+ files), but we'll have to see how it goes in real-world conditions.

Why an exif remover?

I really just wanted to see how easily it could be done. While my solution isn't particularly elegant, it works and is damn simple to implement. It consists of one php script, one third-party program, and one cron job. 

I also couldn't find another site that does the same thing. There are sites that will let you remove exif data from single files, there are sites that have exif removal as a bonus feature hidden away in menus, and there are of course hundreds of local exif-removal tools. I couldn't spot a web-based exif removal tool that lets you upload more than one file at once. This fills that niche.

Don't a lot of websites remove EXIF data anyway?

Yes, they do. Sites like blogger, facebook, and flickr will prevent other users from seeing some or all exif data from your pics. The data is still present, and the companies can still use it for what they like. They just don't provide it to viewers.

Most smaller sites don't seem to remove EXIF data. If you're uploading pics to a forum or emailing them to somebody, it's definitely good to remove the EXIF first.

If I shouldn't send files around without removing the EXIF, Doesn't that mean I shouldn't upload them to ExifPeeler?

Yes. If you're worried about it, strip out the data before you send it anywhere. The aforementioned exiftool is good and there are lots of other options. Exifpeeler is great for casual use but if you have information you genuinely need to keep private it's best it never goes on the internet at all. 

Where's the script so I can run it in my own project?

I'll probably put it up here soon, but in the meantime you can email me if you want more info. The script is nothing special, I just want to clean it up a bit and see how it works in the real world before I post it. 

How many times was EXIF mentioned on this page?

18.

If you have the time try it out, and let me know if you manage to break it. If you do break it, please send a screenshot along with a brief description of what you were doing.

Dead Man's Switch on Linux, Part 1: Basic bash

I've always liked the idea of a dead man's switch. It's a partial fix for the 'what happens if I get hit by a bus' problem: how would you give your important account details to your family? How can you get a last minute message to your loved ones? Most importantly, who will delete your porn?

Traditionally, they work with the assistance of a third party. They've been used to launch nukes. Wikileaks used it to cause shenanigans. And you can sign up for some web-based solutions that will send pre-recorded emails for you when you show signs of being dead.

Of course, you have no control over that. the whole site might go down without you realising, rendering your efforts useless. So here's the same basic principle, implemented on your own software in bash script.

If you just want the script, skip to the end. It does things like this:

The Simplest Script Of All

We need three basic components to make this work:

1. The main script file. When run, it checks to see if the timer has expired. If it has, it performs pre-set actions (like sending email)
2. A method to 'reset' the timer. A one-line script file will work fine here.
3. A way to trigger the first script to run. We'll use cron.

We also need a way to check whether we've hit the time limit. To keep things simple, I'm going to use the 'modified' time on the main script file. When it runs, it'll compare when it was last modified against the current time to act as the timer. To reset, you just need to run 'touch myscriptname.sh' to change the modified time. Easy, right? 

So here's the main script, set to do the most important task of all: Delete Your Porn.

#! /bin/bash
# Simple Dead Man's Script

timelimit=30 #Number of days to wait without update

let timelimit=$timelimit*60*60*24 #turn that into seconds
lastaccessed=$(stat -c %Y $BASH_SOURCE)
timenow=$(date +%s)
let timeleft=($timenow-$lastaccessed)
if [ $timeleft -gt $timelimit ]
then 
    rm -rf $HOME/myporndirectory
fi

Here's the 'reset' script, saved somewhere on your desktop:

#! /bin/bash

touch pathto/themainscript.sh

And here's the line you have to add to cron (crontab -e to get there):
0 0 * * * pathto/themainscript.sh

Simple, right? make the scripts executable, and if you ever go 30 days without running the reset script it'll delete all your porn. Careful with your holidays.
It can do anything that can be done from the command line. with minimal trouble it can ftp files around, modify/upload entire websites, start torrents, or just update twitter with what you had for lunch the other day. I want to use it to send an email.



The Slightly Less Simple Script


Obviously I took a simple concept and made it both unnecessarily complex and annoyingly basic. It now has a setup option that should work most of the time, and a 'test' option that emails yourself and makes sure it works.

Boring Notes:

• The setup option assumes a generic install - that you have crontab access, that you have a home directory, etc. It will fail horribly if run as root.
• The setup script creates a .dmswitch/ folder in your home dir. Inside will be the check script, the message file, and an attachment directory. The message file is plain text and as long as you need.
• It also adds a reset_switch.sh file to your desktop. each time you run this, it resets the counter.
• The setup is optional. If you manually move the files where you like and change the variables, it'll work just fine.
• I'm using sendemail to do the email sending since it plays nicely with gmail. You can use any other method you like. If you use the script unmodified you'll need to install sendemail.
• Any files in the attachment directory will be attached to the email. No spaces in filenames though, because I am lazy.

Quick Install:

On debian/ubuntu, it takes four lines and some variable editing.

• sudo apt-get install sendemail libio-socket-ssl-perl
• gedit  dmswitch.sh (or nano, vim, emacs, etc.)
• paste in the script, and edit the email account details to your own. Save.
• chmod +x dmswitch.sh
• ./dmswitch.sh setup

Test it by running .dmswitch/check_switch.sh test . If the email settings are correct, you should have a test email arrive shortly.

Removal:

• rm -rf .dmswitch/
• crontab -e, remove the entry pointing to the script.

Finally, The Script itself.

#!/bin/bash
# Basic Dead Man's Switch v1.0
# Options:
# 1) dmswitch setup
#    sets up the script in your home dir with some default settings.
#    best to set it up manually or automatically rather than a mix of the two.
# 2) dmswitch test
#    sends a test email to the itself.
# 3) dmswitch reset
#    'checks in' with the dead man switch and resets the counter to zero
#    Just does the same thing as touching the scriptfile.
# 4) dmswitch
#    default. if the time has expired, IT WILL SEND AN EMAIL.


#SETUP VARIABLES
#some running variables are based on the setup vars
setupdir=$HOME"/.dmswitch"
setupattachmentdir="attachments"
setupmessage="message"
checkscript="check_switch.sh"
resetscript=$HOME"/Desktop/reset_switch.sh"
croncommand="0 0 * * * "$setupdir"/"$checkscript #cron line for how often it checks expiry. Default is daily.


#RUNNING VARIABLES
#make sure you change the email settings. 
dmdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
timelimit=30 #Number of days to wait without update
expired=0
emailto="someemail@gmail.com" #The target address
emailfrom="myemail@gmail.com" #The account you send with
emailusername="myemail@gmail.com" #The username for your email account
emailpass="myemailpassword" #password
emailserver="smtp.gmail.com"
emailport="587"
emailsubject="Automated email from Dead Man's Switch."
message=$dmdir"/"$setupmessage # the text file you want your message stored in
attachmentdir=$dmdir"/"$setupattachmentdir # put any attachments you want to include here


#checks if the time has run out. Does the maths in unix time.
function checkifexpired() {
    let timelimit=$timelimit*60*60*24 
    lastaccessed=$(stat -c %Y $BASH_SOURCE)
    timenow=$(date +%s)
    let timeleft=($timenow-$lastaccessed)
    if [ $timeleft -gt $timelimit ]
    then expired=1
    fi
}

#sends an email. replace sendemail with whatever program you prefer.
function sendemail() {
    attachmentlist=$(ls $attachmentdir)
    cd $attachmentdir
    sendEmail -f $emailfrom -t $emailto -u $emailsubject -s $emailserver":"$emailport -xu $emailusername -xp $emailpass -a $attachmentlist -o message-file=$message
}

#sets up a directory to run from and creates the necessary files.
function setupdm() {
    mkdir -p $setupdir
    cp $BASH_SOURCE $setupdir"/"$checkscript 
 rm $BASH_SOURCE 
    cd $setupdir
    chmod +x $checkscript
    mkdir $setupattachmentdir
    touch $setupmessage
    echo "If you can read this, I'm dead or arrested or something" >>$setupmessage

    #append cron job to existing cron file
    (crontab -l; echo "$croncommand" ) | crontab
    
    #setup reset script on desktop
 touch $resetscript
    echo "#! /bin/bash" >>$resetscript
    echo "checkfile="$setupdir"/"$checkscript >>$resetscript
    echo "touch $""checkfile" >>$resetscript
    chmod +x $resetscript
    echo "setup complete"
    
}


#main script starts here

checkifexpired

if [ "$1" == "setup" ]
then 
    setupdm
elif [ "$1" == "test" ]
then
    #send test email to yourself
    emailto=$emailfrom
    emailsubject="TEST: "$emailsubject
    sendemail
 
elif [ "$1" == "reset" ]
then
 touch $BASH_SOURCE
elif [ $expired -eq 1 ]
then
    #send the email, and disable the script from running
    sendemail
    chmod -x $BASH_SOURCE
else exit
fi

Go wild.
Part two will cover the fact that not everybody leaves their desktop on for months at a time and suggest several overly-elaborate ways to trigger the reset while running it on a remote machine.

iPad hanger v0.1

INGREDIENTS:

• One wire coat hanger. (30c)
• Your bare hands. (free?)
• One tablet computer. ($150-$1000)

TIME REQUIRED:
About 3 minutes, but it really depends on how quickly you can bend stuff.


METHOD:

1. Take the coathanger and bend it into a vague rectangle. 
2. Make a few extra bends in it to stop the iPad falling out the bottom
3. Make a slight concave bend towards the top. This is just to make the iPad lean backwards so it's more structurally stable if you knock it.
4. Just look at these pictures.

I know my lighting and camera work sucks. Pro cameras are wasted on coat hangers.

If  you use fancy tools like 'pliers' you can probably make it way more attractive to look at.

RESULT:

You now have a flexible, mouldable tablet stand that works surprisingly well and can hang off damn near anything in your vicinity. If you're in a room doing something, chances are you can hang your iPad somewhere.

Watch TV while cooking!

Use the Verge Collection Map while driving!

Also a great way to keep up with facebook on the drive to work. 

And of course, look up recipes in the shower.

For demonstration purposes only. You should use a ziploc bag when actually showering with an iPad.

Entirely seriously though; I have half a dozen home made and bought tablet stands at home and at work. The coathanger now gets more use than all of them, cost a grand total of 30c, and can be quickly remodelled on the fly to fit whatever you need it to do.

This is also just the prototype. With a pair of pliers and a ruler you can hide that metal bar at the base, even up the bends on either side, and do pretty much whatever else you can imagine. It's weirdly stable and I haven't managed to knock it loose once (despite my clumsy showering technique).

Make one. 

Ghetto PowerShell fix via admin shares and an infinite loop

At the office, most of our work is done with one major government agency. To work with them, we have to use their in-house database system. It's slow, it's troublesome, and it tends to be down for 'unplanned maintenance' quite regularly.

The most annoying feature is that they will silently push out updates to the client software about once a week. It downloads the new version in the background, and then removes the old version when it's next launched. Lately this has been going wrong: about a third of the time, on any computer running windows 7 64-bit, it deletes the old version before it downloads the new version properly. This will continue on every computer multiple times a day until the next update is pushed about a week later, whereupon it will all play nice again.

There are two solutions to this:

• Reinstall the software daily (it will correctly download the older version once, and then fail when it later tries to upgrade)
• Manually copy over the files to the correct directory on each computer.

Option 2 is the much faster option, and so we have

The initial fix:

param([string]$targetName = "8200-01")

robocopy "C:\fixess\data" "\\$targetname\c$\Program Files (x86)\Common Files\Government\Program\201207030908" /MIR /E /V /R:2 /W:2 /fp /eta  /A-:SH

exit

When a computer wasn't working, I called that script (fixcomputer.ps1 computernamehere), it'd copy the files over to that computer with the magic of admin shares, and everybody was happy....until I wanted to take a few days off and had to come up with a slightly more robust option.


The updated fix (click here for a prettier version)

$computerlist="computer01","computer02","computer03","computer04","computer05","computer06","computer07","computer08","computer09","computer10","computer11","computer12","computer13","computer14","computer15" #list of computer names that need fixing
$sourcedir="C:\fixess\data"
$targetdir="c$\Program Files (x86)\Common Files\Government\Program\201207030908"
$count=0 #counting the number of loops for no useful reason
$wait=60 #how many seconds to wait between runs

Write-host "$(Get-Date) Script started"

While($true)
{
  foreach ($computer in $computerlist)
  {
  #if the computer is on and the directory doesn't exist, 
      #silently copy the files over
   if ((test-path "\\$computer\c$") -and -not (test-path "\\$computer\$targetdir"))
   {
      robocopy "$sourcedir" "\\$computer\$targetdir" /MIR /E /R:0 /W:1 /NJH /NJS /NDL /NC /NS /NP /NFL /A-:SH
      Write-host "$(Get-Date) Fixed: $computer on pass $count"
   }
  }
  $count++

  #Every 20 loops, post an update just so I know it's still running
  if ($count%20 -eq 0) { Write-host "$(Get-Date) Don't worry, the script is still running" }

  #Have a break before running the script again.
  Start-Sleep -s $wait

}



How it works:

• We start an infinite while loop to wrap everything in
• Cycle through each computer in the list provided at the start
• Check whether they're accessible and the files have been deleted, and copy over the data if so
• Every 20 loops, post a reassuring message just so I know the script hasn't died
• Finally, wait a little while. There's no sense running this script constantly, but I've never been a big fan of task scheduler as an alternative to cron.

What it looks like:

In summary:

Let's be honest, this is a complete hack job. It's an ugly fix to get around a bug in one unpleasant piece of software. It's slow, inflexible, and wouldn't scale up to hundreds of computers without some major changes. 

Despite that it works, keeps users happy, and lets me take time off despite the best efforts of the government. I'm calling it a win.

Update:
And here's what a slightly-modified version looks like after two weeks chugging away on its own.

Corporate Desktop Support using msra and batch files.

Reasoning:

I was getting tired of spending valuable minutes of my time walking around, so decided it was time to set up remote assistance for my office. There are plenty of options already out there like iTALC and TeamViewer but I had a few requirements:

• Entirely local. The aim was to support machines on the internal network so there's no need to rely on external hardware/software.
• We don't need most of the features. No asset management, and no 'background spying' on a users desktop and habits. This will do one thing: access computers remotely
• As simple as possible.

All our hardware is tagged, so it turns out it's pretty easy to offer basic remote support with one Astoundingly-Simple batch file and a few changes to group policy.

The Batch File:

SET /P target="Target Computer/IP:"
msra.exe /offerra %target%


That's all you need at a basic level - type in the computer name and it launches the remote assistance tool.

Here's the slightly-expanded version I'm using:

@echo off
set logfile=%appdata%\assistancelog.log
SET /P target="Target Computer/IP:"


nslookup %target%
wmic /node:"%target%" ComputerSystem Get UserName
echo Offering assistance to %target% at %date% %time% >> "%logfile%"


msra.exe /offerra %target%






This is what it does:

• Requests the network name of the computer from you. If all your machines are tagged you'll have no problems.
• Grabs the network address of the computer and the username of whoever is logged in
• Writes to a log file - nothing fancy, just the computer name and time
• Launches Windows Remote Assistance pointed at the target computer

The Group Policy Change: 

A quick overview of the change you need to make:

All nice and simple, just changing a few settings and adding the users/security groups you wish to have access.

Additionally, you may wish to add these:

This just punches a couple of holes in the firewall for both Remote Desktop and wmic. While I set mine to allow localsubnet you can easily lock yours to a specific IP range instead. Apply the policy to all the company computers and you're done.


Usage:
Run the batch file as and you get this:

The user gets a popup requesting access to their computer, and when they accept you get remote access. simple, supported, and done entirely using the software baked into windows.



Notes:

• This doesn't really work for terminal servers. Enable session shadowing on the server to get the same effect.
• This was tested and used shortly after we finished migrating to Windows 7/2008. It probably wont work out-of-the-box if you've got XP machines mixed in.
• It is possible to do this in reverse, with a user running a batch file that requests assistance from tech support. It's a bit trickier to set up if you want to minimise user options, but it works.

It's time to admit I have a problem

You know you're an addict when you've used a phone seven times as long as it's even existed.

It's true: I've been using this iPhone 3G continuously since the 6th of October, 1987.