memo.xight.org

日々のメモ

Amazon Drive でロケールを指定する

Summary

Macの言語と地域 (Language & Region) を英語にしていると、
Amazon Drive.app の接続先が amazon.com になってしまう。
言語と地域は英語のままで amazon.co.jp に接続したい。

Amazon Drive.app Version 3.5.4.f946b2a3 を利用。

ロケールを ja_JP で Amazon Drive.app を起動

defaults write com.amazon.clouddrive.mac AppleLocale 'ja_JP'


ロケールを en_US で Amazon Drive.app を起動

defaults write com.amazon.clouddrive.mac AppleLocale 'en_US'


via

Amazon - ヘルプコミュニティ - Cloud Driveデスクトップアプリの接続先
https://www.amazon.co.jp/gp/help/customer/forums/ref=cs_hc_g_tv?iforumID=Fx3DQ8E2OLCW3JW&cdThread=TxZMV7B4K14AOM

tlmgr で gnupg not available

Summary

tlmgr update --self --all を実行したらエラー.
GnuPGをインストールして解決.

% tlmgr update --self --all
tlmgr: package repository ftp://ftp.kddilabs.jp/CTAN/systems/texlive/tlnet (not verified: gnupg not available)
tlmgr: saving backups to /usr/local/texlive/2016/tlpkg/backups

% tlmgr update --self --all
tlmgr: package repository ftp://ftp.u-aizu.ac.jp/pub/tex/CTAN/systems/texlive/tlnet (not verified: gnupg not available)
tlmgr: saving backups to /usr/local/texlive/2016/tlpkg/backups

% tlmgr key list
gnupg is not found or not set up, cannot continue with action `key'
tlmgr: An error has occurred. See above messages. Exiting.


% brew install gnupg2

% tlmgr key list
/usr/local/texlive/2016/tlpkg/gpg/pubring.gpg
---------------------------------------------
pub   2048R/06BAB6BC 2016-03-19
uid       [ultimate] TeX Live Distribution <tex-live@tug.org>
sub   2048R/B001980F 2016-03-19
sub   2048R/19438C70 2016-03-19 [expires: 2017-09-10]

% tlmgr update --self --all
tlmgr: package repository ftp://ftp.u-aizu.ac.jp/pub/tex/CTAN/systems/texlive/tlnet (verified)
tlmgr: saving backups to /usr/local/texlive/2016/tlpkg/backups

パスワードの定期変更をユーザに求めるべきではない

Summary

NIST(National Institute of Standards and Technology) の部門CSD(Computer Security Division) が発行する
Special Publication 800-63B Digital Authentication Guideline の
5.1.1.2 Memorized Secret Verifiers についての話題。

「システムはパスワードの定期的な変更をユーザーに要求すべきではない」の原文はこのあたり。

Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically) unless there is evidence of compromise of the authenticator or a subscriber requests a change.


「秘密の質問を使用するべきではない」の原文はこのあたり。

Memorized secret verifiers SHALL NOT permit the subscriber to store a “hint” that is accessible to an unauthenticated claimant. Verifiers also SHALL NOT prompt subscribers to use specific types of information (e.g., “What was the name of your first pet?”) when choosing memorized secrets.


Reference

DRAFT NIST Special Publication 800-63B Digital Authentication Guideline
https://pages.nist.gov/800-63-3/sp800-63b.html

via

やじうまWatch - 2016-06-27 - 「パスワードの定期変更をユーザーに求めるべきではない」……NISTの文書でついに明示へ
http://internet.watch.impress.co.jp/docs/yajiuma/1007177.html

login と sudo を2要素認証にする

Summary

Google Authenticator を使ってlogin と sudo を2要素認証にする。

install

% sudo apt-get install libpam-google-authenticator


/etc/pam.d/common-auth

auth    [success=1 default=ignore]      pam_unix.so nullok_secure
auth required pam_google_authenticator.so

initialize google-authenticator

% google-authenticator
Do you want me to update your "/home/USER/.google_authenticator" file (y/n) y
Do you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n)
By default, tokens are good for 30 seconds, and to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. If you experience problems with poor time synchronization, you can increase the window from its default size of 1:30min to about 4min. Do you want to do so (y/n)
If the computer that you are logging into isn't hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s. Do you want to enable rate-limiting (y/n)


質問に回答後、 16ケタのsecret key, 6ケタのverification code, 5つの緊急コードが表示される。
secret key は Google Authenticator App の設定に必要。

set up Google Authenticator App

Google Authenticator Appを起動
+ をタップ
Manual entry をタップ
Key を入力
Accountには適当に用途がわかるような名前を付けておく

Reference

linux.com - 2016-05-13 - How to Set Up 2-Factor Authentication for Login and sudo
https://www.linux.com/learn/how-set-2-factor-authentication-login-and-sudo

iTunes - Google Authenticaticator
https://itunes.apple.com/jp/app/google-authenticator/id388497605

Google Play - Google Authenticator
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

Googleアカウントヘルプ - Google 認証システムのインストール
https://support.google.com/accounts/answer/1066446

CUI でタイムゾーン指定

Summary

dpkg-reconfigure tzdata

だとインタラクティブなので、コマンドのみでタイムゾーンを操作したい。

timedatactl を使う

sudo timedatectl set-timezone UTC
sudo timedatectl set-timezone Asia/Tokyo


Reference

How to change time-zone settings from the command line - Ask Ubuntu
http://askubuntu.com/questions/3375/how-to-change-time-zone-settings-from-the-command-line

HTTP API Design - Herokuが実践しているAPIデザインガイド

Summary

Herokuが実践しているAPIデザインガイド

HTTP API design guide extracted from work on the Heroku Platform API


抄訳

SOTA - 2014-06-02 - HerokuのAPIデザイン

Reference

GitHub - interagent/http-api-design: HTTP API design guide extracted from work on the Heroku Platform API
https://github.com/interagent/http-api-design

GitBooks - HTTP API Design
https://geemus.gitbooks.io/http-api-design/content/

via

SOTA - 2014-06-02 - HerokuのAPIデザイン
http://deeeet.com/writing/2014/06/02/heroku-api-design/

/var/log/messages - 2014-06-22 - http api design
http://yamanetoshi.github.io/blog/2014/06/22/http-api-design/