Programmatically create Django security groups

Django authentication has security roles and CRUD permissions baked in from the get-go, but there’s a glaring omission: those roles, or Groups, are expected to be loaded by some competent administrator post-installation.  Groups are an excellent method of assigning access control to broad roles, but they don’t seem to be a first-class concept in Django.

It seems that you can kind-of save these values in by doing an export and creating a fixture, which will automatically re-load at install time, but that’s not terribly explicit – not compared to code. And I’m not even sure if it will work.  So here’s my solution to programmatically creating Django Groups.

management.py, which is created in the same directory as your models.py and is automatically run during python manage.py syncdb:

from django.db.models import signals
from django.contrib.auth.models import Group, Permission
import models 

myappname_group_permissions = {
  "Cinema Manager": [
    "add_session",
    "delete_session",
    "change_ticket",
    "delete_ticket",         # for sales reversals
    "add_creditcard_charge", # for sales reversals
    ],
  "Ticket Seller": [
    "add_ticket",
    "add_creditcard_charge",
    ],
  "Cleaner": [ # cleaners need to record their work
    "add_cleaning",
    "change_cleaning",
    "delete_cleaning",
    ],
}

def create_user_groups(app, created_models, verbosity, **kwargs):
  if verbosity>0:
    print "Initialising data post_syncdb"
  for group in volunteer_group_permissions:
    role, created = Group.objects.get_or_create(name=group)
    if verbosity>1 and created:
      print 'Creating group', group
    for perm in myappname_group_permissions[group]: 
      role.permissions.add(Permission.objects.get(codename=perm))
      if verbosity>1:
        print 'Permitting', group, 'to', perm
    role.save()

signals.post_syncdb.connect(
  create_user_groups, 
  sender=models, # only run once the models are created
  dispatch_uid='myappname.models.create_user_groups' # This only needs to universally unique; you could also mash the keyboard
  )

And that’s it. Naturally, if the appropriate action_model permissions don’t exist there’s going to be trouble.  The code says: After syncdb is run on the models, call create_user_groups.

Samsung Galaxy SII doesn’t mount under Linux

unable to mount samsung_android: error initialising camera -1 unspecified error

Screenshot of the error message

Unable to mount SAMSUNG_Android

Error initialising camera: -1 Unspecified error

So this is the error message I get when plugging my Samsung Galaxy S2 into the USB port on my Linux boxen, all running Linux Mint Maya running the MATE desktop (Ubuntu 12.04). 

PTP_transfer_enable The answer is, of course, you need to enable PTP transfers, rather than MTP transfers.  MTP transfers work great for Windows or Mac, but not Linux.  On your phone, drag down the Notifications screen, then under “Ongoing” you’ll find something about “other USB options”.  Select that and you can pick the PTP transfer.

Per the notes on how to take a screenshot on a different phone, I took a screenshot of the final screen. Getting the screenshot onto my computer, that was a whole world of hurt.  Settings | More Settings | USB utilities | USB mass storage needs to be turned on, otherwise the file browsing from Linux shows only the directory structure, no files whatsoever.

Of course, Cathy’s HTC Desire, it Just Works.

New graphics card in the Mac Pro

To recap: I’ve got two old 2008 Mac Pros. Lovely machines. The video card in one went bung (possibly power problems).

As a workaround I’ve been using a friend’s spare ATI Radeon 3870, which only works in Windows, not OS X.

I’ve just bought an upgrade: an nVidia GeForce GTX 480. Very nice. A beast of a card, too, very impressive looking. Got it on eBay from a bloke in NSW selling under the name “Mac PC Parts” for about A$270, which is a bit cheaper than the official Apple upgrade — which is no longer available anyway — and a LOT cheaper than any of the new cards at OWC or other etailers and retailers that I could find.

Mac Pro, video card installed

A note of caution to fellow Mac Pro 2008 users: it appears to be near-impossible to get the card out once plugged-in, due to the placement of the PCIe catch on that model of Mac Pro. It might explain why later models went to a bar thingy which is easier to get to. This also means it’s worth plugging in the two power cables before the card goes in.

Anyway, the card has taken the graphics rating in Windows 7′s Performance index thingy from 5.1 to 7.9. It even seems more responsive for regular web browsing.

There’s a certain amount of geek pride in getting each item, one by one, to the top of the scale.

But given the weak point is now the hard drive, it would seem that the next upgrade needs to be a new hard drive/SSD.

Windows performance index

But the main reason I wanted to get it was to get this computer running OS X again — son the elder is getting familiar with it at uni, and may need to run OS X-specific software again soon.

Alas, plugging in the OS X drive and trying to boot off it got me a “Operating system not found on disk” error. It would seem the Microsoft gremlins got onto it.

The disk doesn’t have anything important on it anyway, so stand by for updates as I figure out how to wipe it and rebuild OS X.

Update: It was easy. Download Mavericks onto a USB, boot it up and use the built-in disk manager to re-partition the OS X drive (I unplugged the Windows drive just to be sure I wouldn’t accidentally wipe it) then install onto it.

Plugged the Windows drive back in, and installed ReFit again to provide a more visible boot menu. Done.

Getting Excel data into a plain HTML table

I’d been looking for something like this for ages, but must have been Googling the wrong terms.

How to get the contents of an Excel spreadsheet into a simple, no-format, plain HTML table:

No-Cruft Excel to HTML Table Converter

Genius.

Diablo I (yes, Diablo 1) LAN play on Vista or Windows 7

- and presumably 8.

There’s various convoluted steps to get LAN play working on more recent versions of Windows.

Mount the ISO on your hard drive, and use the somewhat unstable Microsoft supplied ISO mounting program to fool the program into thinking you CD is in a CD drive.  Install Diablo from here.  This step is not strictly necessary, but it’s so much quicker and cleaner than the alternatives.

Fetch and apply the patch to bring Diablo 1.00 up to version 1.09.  It may also be helpful to pull up the properties of the .exe and enable compatibility mode with WinXP Service Pack x. When fetching patch, get it for the version you’re installing – much confusion is caused if you get the spawned Diablo patch and apply it to the full version.

Go and get IPXWrapper, and per the instructions drop the DLL files into your Diablo directory. If you have a heterogeneous environment, all machines need to use this wrapper – IPXWrapper is a translation layer than transforms IPX into UDP, and without it IPX aware OSes like WinXP won’t see the network traffic of the IPX unaware OSes like Vista.  Punch a hole in your Windows Firewall to allow UDP port 54792.

To fix the palette issue, you might want to wrap the exe in a batch script to kill Windows Explorer whilst you’re playing Diablo.

See?  Easy.  Doesn’t take more than a few hours if you don’t know what you’re doing.

Where did I take that photo?

I couldn’t find anyone extracting out the geolocation geotagging EXIF data from their photographs so they could pull it up on something like Google Maps.  There are stand-alone programs with embedded maps, but the bits and bobs lying around on the average system ought to be enough to just generate a URL to a mapping website.  The following bash script echoes the  URL that geolocates your JPEG.  Because my camera doesn’t emit it, I couldn’t be bothered dealing with the seconds part of a location, but I did detect that you don’t have a camera the same as mine.  Drop a line if you’ve used this and fixed it.

#!/bin/bash
# emit a hyperlink to google maps for the location of a photograph
declare Seconds=""
Seconds=`exif -m --ifd=GPS --tag=0x02 $1 | grep -oP "[\d|\d\.]+$"`
if (( $Seconds=='0' ))
then
  Seconds=`exif -m --ifd=GPS --tag=0x04 $1 | grep -oP "[\d|\d\.]+$"`
fi
if (( $Seconds!='0' ))
then
  echo
  echo "Script does not support seconds being specified"
  exit
fi
echo -n "https://maps.google.com.au/?q="
declare NorthSouth=`exif -m --ifd=GPS --tag=0x01 $1`
if [ "$NorthSouth" == "S" ] 
then
  echo -n "-"
fi
echo -n `exif -m --ifd=GPS --tag=0x02 $1 | grep -oP "^[\d|\d\.]+"`
echo -n "%20"
echo -n `exif -m --ifd=GPS --tag=0x02 $1 | grep -oP "(?<= )[\d|\d\.]+,"`
declare EastWest=`exif -m --ifd=GPS --tag=0x03 $1`
if [ "$EastWest" == "W" ]
then
  echo -n "-"
fi
echo -n `exif -m --ifd=GPS --tag=0x04 $1 | grep -oP "^[\d|\d\.]+"`
echo -n "%20"
echo -n `exif -m --ifd=GPS --tag=0x04 $1 | grep -oP "(?<= )[\d|\d\.]+(?=,)"`
echo

The Age: subscriber problems

Recently The Age has been hassling me when I get to 30 articles/month. But I’m already a subscriber!

I suspect their code is buggy. Not hard to see how it might be trouble-prone when you see how many Cookies there are: no less than 92.

The Age/Fairfax cookies

Clearing them made the problem go away… for a little while, at least. (Isn’t that how freeloaders fool it?)

Not sure if that’s a permanent solution though. And as a paying customer, it’s very annoying.

Gmail: wrong messages ended up in deleted/spam folders

Anybody else get this warning?

Gmail warning

This article has some more detail — it appears to have only affected GMail mobile/iPad apps.

I’ve checked — nothing seems to have accidentally fallen into the Bin/Trash or Spam folders.

Just goes to show, even GMail/Google ain’t perfect.

Can’t copy address bar from Google Chrome

I’ve had periodic problems with Google Chrome on Windows (Version 32.0.1700.102 m, but this has also happened occasionally in the past); sometimes it will refuse to copy the address bar.

Instead of copying, it will clear the clipboard.

Copying from other places, such as a web page (content or using Right-click / Copy Link Address) works fine.

Not sure if it’s an environmental issue — only seems to happen on my work machine; I haven’t seen the same at home.

Very odd.

Blogging it here because I can’t see any mentions of it online (which might be because it’s just me). Will post back if I find the solution.

Update 2014-01-31: I uninstalled and reinstalled Chrome… it seems to work again, for now.

Update 2014-02-05: The problem seems to have come back. Very odd.

Update 2014-02-20: Some old posts on a related problem seemed to suggest it might be a Chrome Extension causing issues, so I removed all of mine. The problem seems to still be intermittently occurring.

ANZ: The rodeo clowns of online security

For years now I’ve been… less than impressed with the ANZ bank’s concept of how a secure banking website should work. Finally they’ve taken steps to harden their site. They’ve introduced “secret questions”, like “who was your best friend in high school”, “what’s your partner’s nickname” and “what’s your nickname for your youngest child”. At last, my money is now safe from thieves who will never guess that my my partner’s nickname is Cathy, my best friend in High School was Robert, and my youngest’s nickname is Marky. Oh, darn! I accidentally disclosed the answers to those secret questions! It’s as if that information would be widely available to any thief who took the time to look me up on Facebook (don’t bother, I’m not on Facebook).

Because in providing answers to these questions the security on my account was going up, not down, I couldn’t possibly be allowed to opt-out, with dire warnings about being liable for losses if someone found out the answers. To these most basic of questions.

Most other banks have implemented two-factor authentication. Even G-mail has two-factor authentication. But not the ANZ, they’ve stepped things up a notch. They’ve eschewed two-factor, and gone for “You’ll never guess the name of my pet, which I post on Facebook all day long”.

So I took my standard defensive action: attack surface reduction and target-value minimisation. To reduce the attack surface, for each answer I mashed the keyboard – so thieves, remember my first Primary School was in the suburb of pwofkmvosffslkdflsifcmmsmclsefscdsfpsdfpefsdflsd, or something. To minimise the value of the target, I swept all the funds out of the account. What’s wrong the the technique of establishing identity by the production and examination of 100 points of identifying documents?  Why do I need to have a favourite colour?

Cathy worked for the ANZ until recently, and the day she received her final paypacket she shut the account. Hated their account with a passion, but the ANZ is incapable of paying their employees through anything other than an ANZ account. Because, you know, banking is hard.