Recent Blog Posts

Convert Protected M4V videos from iTunes to MP4s with TunesKit

So, I have amassed a pretty massive media library over the years—my goal has always been to maintain every single bit of digital media I own locally via iTunes (and/or other libraries which can be shared with devices in my home), and be able to play any of my DVDs, Blu-rays, digital purchases, etc. on any of my devices (mostly in the Apple kingdom, but there are a few Raspberry Pis and other devices floating about).

I also like the convenience of purchasing media on the iTunes Store, so I have also amassed a decent collection of movies and TV shows there. One problem: none of those files can be played outside the Apple ecosystem! In the past, I outlined how I put Blu-ray, HD-DVD, and DVD media onto my Mac. In this post, I'll run through my process for stripping the DRM from protected M4V videos I purchased and downloaded from the iTunes Store.

Aside: It's ironic that the International Day against DRM was a couple days ago—it has no bearing on my writing this post, it's just coincidental.

Idempotently adding an SSH key for a host to known_hosts file with bash

I noticed on one of the CI servers I'm running that the .ssh/known_hosts file had ballooned up to over 1,000,000 lines!

Looking into the root cause (I tailed the file until I could track down a few jobs that ran every minute), I found that there was the following line in a setup script:

ssh-keyscan -t rsa github.com >> /var/lib/jenkins/.ssh/known_hosts

"This can't be good!" I told myself, and I decided to add a condition to make it idempotent (that is, able to be run once or one million times but only affecting change the first time it's run—basically, a way to change something only if the change is required):

if ! grep -q "^github.com" /var/lib/jenkins/.ssh/known_hosts; then
  ssh-keyscan -t rsa github.com >> /var/lib/jenkins/.ssh/known_hosts
fi

Now the host key for github.com is only scanned once the first time that script runs, and it is only stored in known_hosts one time for the host github.com... instead of millions of times!

Getting AWS STS Session Tokens for MFA with AWS CLI and kubectl for EKS automatically

I've been working on some projects which require MFA for all access, including for CLI access and things like using kubectl with Amazon EKS. One super-annoying aspect of requiring MFA for CLI operations is that every day or so, you have to update your STS access token—and also for that token to work you have to update an AWS profile's Access Key ID and Secret Access Key.

I had a little bash function that would allow me to input a token code from my MFA device and it would spit out the values to put into my .aws/credentials file, but it was still tiring copying and pasting three values every single morning.

So I wrote a neat little executable Ansible playbook which does everything for me:

To use it, you can download the contents of that file to /usr/local/bin/aws-sts-token, make the file executable (chmod +x /usr/local/bin/aws-sts-token), and run the command:

Fixing Safari's 'can't establish a secure connection' when updating a self-signed certificate

I do a lot of local development, and since almost everything web-related is supposed to use SSL these days, and since I like to make local match production as closely as possible, I generate a lot of self-signed certificates using OpenSSL (usually using Ansible's openssl_* modules).

This presents a problem, though, since I use Safari. Every time I rebuild an environment using my automation, and generate a new certificate for a domain that's protected with HSTS, I end up getting this fun error page:

Safari Can't Open the Page - Safari can't open the page because Safari can't establish a secure connection to the server servername.

Safari Can't Open the Page – Safari can't open the page because Safari can't establish a secure connection to the server 'servername'.

Fixing 'UNREACHABLE' SSH error when running Ansible playbooks against Ubuntu 18.04 or 16.04

Ubuntu 16.04 and 18.04 (and likely future versions) often don't have Python 2 installed by default. Sometimes Python 3 is installed, available at /usr/bin/python3, but for many minimal images I've used, there's no preinstalled Python at all.

Therefore, when you run Ansible playbooks against new VMs running Ubuntu, you might be greeted with the following error:

How to focus stack a set of images in Photoshop

I recently rented a Nikon 105mm VR Macro lens for a weekend, and wanted to experiment with different types of macro photography.

One of the things I was most interested in was focus stacking. See, there's a problem with macro photography in that you're dealing with a depth of field measured in millimeters when reproducing images at a 1:1 ratio, even stopped down to f/8 or f/11. And, wanting to avoid diffraction at higher apertures, there's no way to take a straight-out-of-camera picture of a 3D object that's sharp from front to back.

One frequent subject of my close-up photography is the Raspberry Pi single board computer. You can see the problem when taking just one photo:

Pages

Subscribe to Jeff Geerling's Blog