Feed aggregator

Production Packer Passwords: Securing the Root User

CKM Blog - Mon, 2014-06-09 17:21

Packer is a tool for creating identical machine images for multiple platforms from a single source configuration. It is mostly used to create base images for developers using Vagrant. However it’s just as useful for creating virtual machine (VM) images to deploy in production. Using Packer in this way, you can create a consistent starting point for VMs which are then provisioned further with, for example, Puppet or Chef, creating a ready-to-deploy image with your application already installed.

One minor headache for using Packer in this way is how to safely create a root account with a known password without exposing that password in configuration files.

The key to this process is hooking into the scripted install process. For Debian this is known as Preseed. Redhat calls it Kickstart. Most Packer VMs are built with some kind of Preseed/Kickstart file.

You can override the options in the file with some passed on the command line of the Packer boot process. This will allow you to use a dynamic root password instead of a hash stored in a file.

First update your Packer JSON file to prompt for the root password by adding it to the variables section:

"variables": { "root_password": null }

Now, when you run the Packer install, you will be prompted for a root password. You have access to it in your Packer scripts as user `root_password`.

The next step is to replace static SSH credentials with your new root ones. Change the ssh_username and ssh_password lines in your builder section to:

"ssh_username": "root", "ssh_password": "{{user `root_password`}}",

All that is left is ensuring that your distribution sets the root password on install. This is done by modifying the boot_command property in the builder section of your Packer file.

"passwd/root-password=\"{{user `root_password`}}\" passwd/root-password-again=\"{{user `root_password`}}\" ", ]

My full Ubuntu boot_command looks like this:

"boot_command": [ "", "/install/vmlinuz noapic preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg ", "debian-installer=en_US auto locale=en_US kbd-chooser/method=us ", "hostname={{ .Name }} ", "fb=false debconf/frontend=noninteractive ", "keyboard-configuration/modelcode=SKIP keyboard-configuration/layout=USA keyboard-configuration/variant=USA console-setup/ask_detect=false ", "passwd/root-password=\"{{user `root_password`}}\" passwd/root-password-again=\"{{user `root_password`}}\" ", "initrd=/install/initrd.gz -- " ]

Make sure you remove passwd/root-password and passwd/root-password-again from your preseed.cfg if they are present.

That’s it! You can now safely build production VMs without exposing your root password in configuration or source files. Enjoy!

Categories: CKM

EndNote alternative? ReadCube Grows Up!

In Plain Sight - Tue, 2014-06-03 13:58

ReadCube arrived on the reference management scene in late 2011. I looked at it a year ago and found it lacking in comparison to the “big 5” — EndNote, Menedeley, Papers, RefWorks and Zotero (these are in alphabetical order, I am not playing favorites here!).

ReadCube released a mammoth upgrade about a month ago making it worthy of consideration as your primary reference manager. Read Cube works with any browser on both Mac and Windows machines, it also works on iOS devices; there is no Android version yet.

Altmetrics

The basic version is free and now integrates with Microsoft Word, and provides simple altmetrics information. Altmetrics describes a way to measure the impact of the article you are reading. The PRO version costs $5/mo. or $45/yr. but you get several features for your money. It syncs across your iOS devices, adds unlimited cloud storage, advanced article metrics, and “watch folders”. What’s a watch folder? When new article PDFs are added to folders on your computer that you have told ReadCube to watch, they are automatically added to ReadCube. Note: I do not have a PRO account so the above is based on the ReadCube website.

Test Drive:
A search using the PubMed Special Queries (found near the bottom of the PubMed homepage) “Comparative Effectiveness Research” search tool to find information about cost-effective diagnosis of pulmonary embolism found 81 results. Several of these articles looked quite good and I wanted a way to move all of them into ReadCube in one step. It appears that you can only import one article at a time (!) from PubMed by using the by Add to Read Cube bookmarklet.

Comparative Effectiveness Search through PubMed

ReadCube encourages you to use their in-application search. It is convenient, but feels stripped down and is limited to GoogleScholar and PubMed. Sophisticated PubMed searchers will feel hamstrung by the simplified search. GoogleScholar results are shown by relevance, you cannot sort by year. I also searched in Scopus and Web of Science and was able to import one article at a time into ReadCube with the bookmarklet.

GoogleScholar and PubMed search within ReadCube

UCSF full text is easily accessible by selecting “University of California, San Francisco” from the drop down menu in Institutional Affiliation found in Preferences.

Formatting in-text citations and references in Word works well. Like Papers, pressing Control twice will launch the citation tool.

All in all, ReadCube has improved rapidly. As you can see from the above there are some capabilities I would like to see added to ReadCube. With a devoted user group and the quick evolution to date I expect to see further evolution soon.

Please contact me if you have questions. Evans.Whitaker@UCSF.edu

Categories: In Plain Sight

5 Questions with Dr. Daniel Lowenstein

The Better Presenter - Mon, 2013-07-29 08:30

In the previous post, we were introduced to Dr. Daniel Lowenstein and his “Last Lecture” presentation, which was both powerful and inspiring. Shortly after writing the post, Dr. Lowenstein contacted me, and we had an interesting discussion about his experience preparing for, and delivering that presentation.

I have always wanted to incorporate the voices of the instructors, students, and staff at UCSF, who work in the trenches and present or attend presentations on a daily basis. This post marks the beginning of a new series that will feature interviews of those people. I hope you enjoy the first episode of “5 Questions!”

5 Questions with Dr. Lowenstein

Bonus track: The Basement People

The full version of the original presentation has recently been uploaded to the UCSF Public Relations YouTube channel, so please head over there to watch the video, like it, and leave your comments!

If you have any ideas about who the next 5 Questions interviewee should be, please contact me or leave your ideas in the comments section below.

Categories: Better Presenter

Top 5 Lessons Learned from The Last Lecture

The Better Presenter - Thu, 2013-05-16 12:58

Powerful. Inspirational. Emotionally moving.

Those are the words that best describe Dr. Daniel Lowenstein’s “The Last Lecture” presentation, delivered to a packed house in Cole Hall on April 25th. The Last Lecture is an annual lecture series hosted by a UCSF professional school government group (and inspired by the original last lecture), in which the presenter is hand-picked by students and asked to respond to the question, ”If you had but one lecture to give, what would you say?” Dr. Daniel Lowenstein, epilepsy specialist and director of the UCSF Epilepsy Center, did not disappoint. In fact, I can say with confidence that he delivered one of the best presentations that I have attended.

Rather than attempt to paraphrase his words, or provide a Cliff Notes version that doesn’t do his presentation justice, I will instead encourage you to watch the video recording of his presentation. The video is an hour in length, and if you have any interest in becoming a better presenter yourself, it is a must-watch. After the jump, we’ll explore my top “top 5 lessons learned” from Dr. Lowenstein’s presentation.

Last Lecture – Top 5 Lessons Learned:

  1. “PowerPoint” is still boring. Dr. Lowenstein’s projected slide show was not typical PowerPoint. It did not consist of any bullet points, familiar and boring templates, or images “borrowed” from a last minute Google image search. Instead, used images from his own collection, and Prezi to build a canvas of images that moved in all directions, expanding, contracting and rotating to craft his message. The resulting slide show was personal, meaningful and most importantly, relatable.
  2. Story telling is the secret to success. When I first began studying the art of presenting, the idea of incorporating storytelling into a presentation was an elusive one. I am now convinced that storytelling is the secret to transforming a good presentation, into a great presentation. It is the glue that holds all of the elements of your presentation together, as well as the glitter that makes it shine. Dr. Lowenstein’s entire presentation was crafted into a story, the setting of which was established right from the beginning and illustrated by his first content slide. There were also chapters within the story, the most memorable of which for me was the Justice segment of his presentation, and his depiction of The Basement People. He didn’t begin by pointing out the original members of the UCSF Black Caucus that were in the audience, as most presenters would have done. Instead, he gradually painted a picture for us, so we could imagine what it was like to be a minority at UCSF over 50 years ago. He described their struggles in detail, and gave us time to relate, and even pointed out the fact that they had met in that very hall where we all sat. He didn’t reveal their presence until the end of the chapter, creating a crescendo of emotion, and the moment brought tears to the eyes of many audience members.
  3. Vulnerability equals trust. If you want your audience to believe in your message, you must first give them a reason to believe in you. And one of the most effective ways to make that happen is to share your vulnerabilities. In the eyes of the audience, this makes the presenter human, and it creates a bond between both parties. No one wants to listen to a sales-pitch presentation. Instead, they want the whole story with the ups and downs, so they can decide how we feel about it on their own terms. Just be sure to share vulnerabilities that relate to the subject of the presentation, because you’re going for empathy, not sympathy (which could have a negative effect). Dr. Lowenstein, when talking about Joy and Sorrow, shared one of his deepest personal sorrows, which was the unexpected passing of his son. In contrast, he shared a touching moment with his wife, expressing his love for her, right in front of the whole audience. These moments worked perfectly in the presentation because they were genuine, and they gave the audience a deeper understanding of Dr. Lowenstein.
  4. Don’t forget humor. No matter how serious, no matter how technical, there is a place in your presentation for a little humor. It can be used to lighten a heavy moment, open closed minds, and bring everyone in a room together (even if your audience members have very different backgrounds). Amidst Dr. Lowenstein’s presentation were timely moments of humor that seemed to come naturally from his personality. And hey, who doesn’t like a good male-patterened-baldness joke, anyway?! But seriously, if you can laugh at yourself, the audience has no excuse to not laugh along with you. There are two keys to using humor in your presentation; (1) it should be relevant to the current topic or story, and (2) it can’t be forced. If you’re not good at telling jokes, then try another form of humor!
  5. Present on your passions. As a presenter, your goal is simple – to instill in the audience an understanding of your message, and a belief in you. If you give them the impression, even for a moment, that you don’t believe in yourself or the message you’re presenting, you’re a dead man walking (or presenting) in the audience’s eyes. If you choose topics that you are passionate about, however, you will never have this problem. You may think it was easy for Dr. Lowenstein’s to be passionate about his presentation, because his task was, in essence, to present about his life’s passions… but I can assure you, it’s not easy to talk about your own life in front of an audience. In contrast, imagine that you have to give a presentation on, say, your department’s new accounting policies. To make matters worse, imagine that your audience is being forced to attend. What do you do? Surely, there is no passion to be found in accounting policy, is there?! Well, actually, there is, if you take the right angle. For example, does this new accounting policy save the department time, or money? And then, can that saved time and money be applied towards more constructive, or creative tasks that your coworkers actually want to do? If so, and you frame the presentation in a positive light, the audience will listen.

To top it all off, Dr. Lowenstein spent the last few minutes of his presentation reviewing each of the 4 segments of his talk, and then related it all back to a single, clear message. That, my friends, is an example of storytelling 101, so I hope you were talking notes!

Continue on to part 2 of this post, where I interview Dr. Lowenstein about his experiences preparing for and delivering the Last Lecture presentation!

If you also found inspiration in Dr. Lowenstein’s presentation, please share your thoughts below, and I’ll see you at next year’s “Last Lecturer” event.

Categories: Better Presenter
Syndicate content