Thursday, July 14, 2011

Moved code to github.

Yea this project is mothballed, but thought I would move the code over to github just in case.

Thursday, December 16, 2010

Public Shellsink instance shutdown

I've turned off It makes sense since all the source code is in launchpad, and since hosting your own private shellsink on appengine is free. Anyone still using shellsink can migrate to their own private shellsink server. And now I can stop paying for the domain name and storing people's shell commands on my appengine account. Thanks to everyone who contributed to the project.

Thursday, December 9, 2010

Introducing shell_sink

What is it?

Shell Sink is a web accessible version of your bash history. Commands issued in bash are sent to shell_sink by a simple open source client application. Once a command is in shell_sink you can search, annotate and tag it.

Why use it?

If you've ever wasted time trying to remember a particular command line incantation, shell_sink is for you. It stores commands and makes them easily accessible with searching and tagging. If you work on multiple computers shell_sink can aggregate your history across all machines. System administrators can even use it to aggregate commands issued across an entire organization making them fully searchable. Never lose a command again.

Who should use it?

shell_sink is for anyone with a unix system. Linux, BSD, OSX, Solaris, Playskool. It should be noted that shell_sink is currently under active development.

Getting started:

  1. Login to shell_sink with your google account.
  2. Copy your unique id from the Preferences page.
  3. Install the client application.

Questions, Issues:

The shell_sink google group is the place for questions and discussion. The bug tracker is where to put your feature requests and issues pertaining to the shell_sink website. The client is open source software. Source code can be found here.

Sunday, November 28, 2010

Installing the shell_sink client application

Installing the sink client should be a snap. There are only 2 steps:
  1. Install the shellsink-client application
  2. Configure a couple environment variables
The client is a python application that you can call from the command line to asynchronously upload a command and relevant tags to the shellsink server. When properly configured it will run behind the scenes every time a command is issued. It can also be easily disabled or enabled for times you don't want to log commands. Here are detailed instructions for installation:

Debian Based Distributions
If you have a Debian based distribution you can install shellsink-client by adding the shellsink repository to your apt sources. Go to this page for instructions and follow the instructions under the link that says "Technical details about this PPA." Once you have added the shellsink repository you can update your package lists and install the client with
sudo apt-get update
sudo apt-get install shellsink
Finally, you must append this file to your ~/.bashrc to enable the client. Be sure to replace the default tags with your own meaningful tags and most importantly set the default id to whatever you see here.

Other Types of Unix
For other flavors of unix you can download the shellsink-client executable here and put it in your path. Once the client is installed you must set a few environment variables. Append the contents of this file to your .bashrc or .bash_profile. If you use zsh see this how-to. Be sure to change the id variable to be the one that was assigned to you by the shellsink server on the preferences page. Also change the tags. I always start with the name of the host machine as my base tag so I know which computer logged which command.

Finally, just close your terminal and reopen it. Type a command and go see if it has been logged to the shell_sink server.

Monday, September 28, 2009

ShellSink adds inline tagging

Release 0.2.2 adds a new feature. You can add tags to a command at the same time as you execute it. This is achieved by using inline comments. Here is an example:
cat /proc/cpuinfo #sysadmin:diagnostic
That command will show up in your shellsink history with the tags sysadmin and diagnostic. This nifty idea was given to me by Jesse Hallett at my shellsink presentation at the open source bridge conference in portland this summer. Thanks Jesse.

Saturday, May 2, 2009

Filtering What Goes Into Your History

When I tell people about ShellSink, many of them say, "hey, that's a great idea!" Then the little sysadmin perched on their shoulder crosses her arms and shakes her head. "Tsk, tsk. Storing your shell history on a remote server is not secure!", she says. This is absolutely true. Not only is your bash history passed via an insecure Http connection, but then it is stored unencrypted on Google's servers where a rogue Google employee, someone who hacked Google, or a rogue ShellSink admin could access them. Don't use shellsink on a system that needs to be ultimately secure!

However, Shellsink is safe to use. If you use Google for email, calendar, documents, etc. then you already trust them with information that is probably more sensitive than your shell history. And if you don't trust me you can download the ShellSink source code and spin up your own server using Google's AppEngine. In any case you should still take some basic precautions. Most importantly, never use inline passwords!! ShellSink will send anything your bash history captures.

Here are several ways to safeguard yourself against sending sensitive information to ShellSink. One technique is to add the following to your .bashrc:
Now any command you precede with a space will NOT be captured by the history, and thus will not be sent to the ShellSink server. Another technique is to add the following to your .bashrc:
In this example any command that starts with netstat or sqlplus will automatically be ignored by the shell history and ShellSink. Both these techniques give you different granularity control over what gets sent to ShellSink. The first technique works on a per command basis and the second covers all commands.

Finally, there is the nuclear option:
shellsink-client -d
This completely disables ShellSink for all terminals. I don't really have much use for this one, but when you start to do something that you are ultra paranoid about, this is one way to be sure nothing is leaving your computer via ShellSink. To re-enable ShellSink simply do this:
shellsink-client -e

ShellSink at the Open Source Bridge Conference

I'm going to be in Portland for the Open Source Bridge Conference (OSB) to talk about ShellSink. The abstract I submitted is overly ambitious as I promised to cover shellsink usage, implementation as well as distribution via Launchpad. I've decided to stick to usage and implementation of shellsink as I am giving a presentation entirely dedicated to distributing software via launchpad at OSCON this year. Of course, OSB has the totally awesome 24hour hacker lounge as well as an entire day dedicated to uncoference antics and open space shennanigans, so if anyone feels shortchanged I'd be happy to spend some time talking about launchpad (or whatever) in any of those situations. Please drop a line if you are going to be at OSCON or OSB this year.