Farewell, StartSSL

It was that time of year when my SSL certificates needed attention because they were about to expire. But my current certificate authority, StartSSL, is no longer trustworthy following the sale of StartCom to WoSign, a Chinese CA of dubious repute. T…

Forwarding X11 over indirect SSH

Whilst away from my office yesterday I needed to launch a graphical (X11) application over SSH. However my OpenVPN configuration would not allow direct access to the box where I needed to run it*. I could get there indirectly via an intermediate host…

Virtual MacOS

This post is about running MacOS in VirtualBox on Linux (i.e you've installed Linux on your Mac but would like to run macOS in a virtual machine). This explanation is complete with links to download a Virtualbox image. However, its provenance is unce…

Git-dot - Git for dotfiles, with crypto!

I put my dotfiles in Git I sometimes encrypt them too It gives me an enormous sense of well-being And then I'm happy for the rest of the day safe in the knowledge There will always be a bit of Gitolite devoted to it Parklife - Blur (well, kind-of) I …

ssh-argv0 - useful if you're on Debian

I stumbled upon an interesting way to connect to remote hosts with ssh where creating symlinks to ssh-argv0 allows connecting simply by typing the hostname, for example: $ frodo would work if frodo was a symlink previously created like this: $ ln -s …

Mosh - a better SSH ?

Mosh, the mobile shell, is a terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes. Mosh 1.0 was released in March 2012 and reached version 1.2.6 in Augus…

A Dad's guide to Minecraft

The last game I was really into was Quake 1, and that was almost 20 years ago (1996 - wow, can that really be true!). Well,fast-forward twenty years and my daughter has discovered Minecraft. As a Dad who needs to get up to speed, this is a collection…

Big Brother was watching...

I remember in days of yore when Big Brother monitored our servers. This wasn't Orwell's prophetic leader but a system monitoring tool that could be viewed in a browser. That was in the late 1990s; fast-forward to today and BB, as it was known, is no …

Code for Kids

Everyone with a primary school child has probably heard of Scratch and the alternative ScratchJR for preschoolers. But there are alternatives in a similar vein that may be more attractive. A big problem with Scratch is its reliance on Flash which is …

Git Encryption

This is about encrypting Git repositories. There are two approaches to consider: encrypt the entire repository encrypt specific files These approaches are addressed by these tools: git-remote-gcrypt git-crypt There are other tools that can be used gi…

What apps are installed on my Android devices?

I would like to know what apps are installed on my devices. My stock install of CyanogenMod 12.1 (with Pico GApps) on my Amazon Fire has the following apps on it: AudioFX Browser Calculator Calendar Camera Clock Contacts Downloads Email File Manager …

A PDP8 for the 21st Century?

While watching Steve Gibson talk about Windows 10 on SecurityNow, I noticed the three blinking boxes on his bookshelf and curiosity got the better of me. Well, it turns out that they are 2/3 scale replicas of a PDP8/e called the SBC6120 by Spare Time…

Resizing a VirtualBox Disk

I needed to resize a virtual disk for a windows vm. I found that the vm needed to be stopped for the resize to work but also that Windows would not see the additional space until after it was restarted. Also, I discovered that you need to resize the …

OpenVPN Connect for Android

So it was about time that I got around to connecting my Android devices to my VPN, which I implemented a while back using OpenVPN and wrote about in Linux Voice. The Android client is called OpenVPN Connect, a proprietary application available for fr…

My SSL is A+ rated!

I just performed some tweaks to my webserver configuration and it now rates A+ on the SSL Labs test. The less-than-perfect score is due to the lack of some over-restrictive settings. Read more about getting 100% here. Also, I'm using a virtual host w…

OpenSSL and the Rails-Breaking Arch Upgrade

My development Rails server would't start after upgrading Arch today. $ rails server bin/rails:6: warning: already initialized constant APP_PATH /home/john/.../bin/rails:6: warning: previous definition of APP_PATH was here $ ruby -v ruby 2.2.1p85 (20…

Mirroring Github with Gitolite

This note explains how to establish a mirror of a Github repository on a locally-maintained Gitolite server. Choose a Gitolite mirror location Decide on a repository path, for example: github/<gh-user>/gh-repo> where gh-user is the GitHub us…

Rails Polymorphic Routes

When turning a class into a reusable module, I needed to use some routing paths without knowing beforehand what the models were called. I wanted to write things like new_category_path without knowing about category; I needed a model-agnostic way to e…

Bradshaw's Guide: A Great British Railway Journey

Beging quite keen on Michael Portillo's BBC TV series Great British Railway Journeys and, like many others, I fancied a copy of his Bradshaw's Guide that I could thumb through myself. A quick bit of research showed that there are a confusing array of…

GMail: Fetchmail is a "less secure app"

I have been receiving emails from Google about a sign-in attempt prevented. These messages are sent to the recovery address for my GMail account. I run my own IMAP server which uses fetchmail to download any email sent to various third-party email ac…

OpenDocumentFormat versioning with Git

You can very easily keep OpenDocument (LibreOffice, OpenOffice and, at a push Microsoft Office) documents under version control in a Git repository. You need the odt2txt (Archlinux package) whichis a simple converter from OpenDocument Text to plain t…

Weather, and the demise of the Microsoft Gadget

The Windows 7 weather gadget on my spare laptop stopped working, reporting that it cannot connect to service. It can be fixed but I note that gadgets have been discontinued due to serious vulnerabilities that could allow remote code execution. Gadget…

Wrapping a (not-so) simple_form

Here is what should be a pretty simple input requirement: produce this: It's three input fields presented as one and it's part of a larger form. The rest of the form isn't relevant here. We're using Bootstrap 3 and the simple_form gem. This should be…

Monkey-patching Ruby constructors

It's frowned upon, I know. But monkey-patching allows methods to be replaced with new ones that can still call the old ones. I needed to add some code to a constructor for a class whose source I didn't control. Subclassing was inappropriate, so the m…

A full backtrace for a Ruby Exception

When your Ruby code dumps an exception, it can be useful to see a full backtrace instead of the truncated view that Ruby gives you by default. One way to do this is to wrap the offending code in a begin - rescue - end block to catch the exception, ou…

Enabling laptop external display

I want my laptop (running Arch Linux, of course) to run on its own display and use an external display as a second screen if one is connected. Telling X to use a second screen turns out to be very easy: $ xrandr --output VGA-0 --auto --right-of LVDS …

Receive remote syslog into systemd

This article describes how to accept remote syslog messages into the systemd journal, specifically so that router logs can be journalled centrally. The router being used is a Speedtouch TG585 v7 A simple syslog server A syslog servers accepts syslog …

Yay! YAML for bash scripts

Yay : A bash Yamlesque parser. YAML is a data configuration format consisting of hierarchial collections of named data items. Yay is a parser that understands a subset of YAML, or Yamlesque, that is intended as a way to provide basic configuration or…

Visualising Entropy

Entropy has many meanings in different contexts but the general idea is that it's a measure of randomness. The entropy to be visualised in this discussion is the randomness of a large data set of raw binary data such as a data file or a block device.…

Detach your shell

You need to close your terminal but your shell isn't running inside tmux or screen. You want to save your session. What can you do? | Enter Detach and Reptyr. Reptyr Reptyr is a utility for taking an existing running program and attaching it to a new…

Injecting Terminal Input

It all started with a simple question: Is it possible in an interactive bash shell to enter a command that outputs some text so that it appears at the next command prompt, as if the user had typed in that text at that prompt ? What happened was an in…

Get The Current Wallpaper

A simple requirement: save the current desktop wallpaper in a file. Actually not that simple in practice because there isn't a tool that can deliver it. The standard method of screen grabbing is xwd which is great at grabbing an image of a window, ei…

Disable the GMail Spam Filter

I have a gmail account. It's little used because I run my own mail server with my own domains. My server gets my gmail over IMAP. I don't want gmail applying filters because I have my own. I don't want to have to check into gmail just to see if mail …

Migrating to AUR 4

Following the announcement of version 4.0.0 of the Arch User Repository, a new Git-based AUR, those maintaining packages need to migrate them. These notes are about migrating to the new Arch Linux Git-based AUR4 repository. Create a new working direc…

VPN

As good as being there. A Virtual Private Network, or VPN, is an extension of a private network across a public network, making it possible to access the private network's resources when not directly connected to it. They work by establishing a secur…

The OCSP Server has no status for the certificate...

When trying to access a newly created domain over https, my Firefox browser reported to me: An error occurred during a connection to example.com. The OCSP server has no status for the certificate. (Error code: secerrorocspunknowncert) Well, OCSP mean…

Using rsync for backups

A typical SME or SOHO network will have a small number of users' computers containing data that should be backed up, and a file server where backups can be stored. The server provides restricted access to the users that is just sufficient for them to…

Search Privacy

Google is not your friend. Google wants to know everything about you. Fortunately there are search options that respect your right to privacy. startpage.com startpage.com cites itselfas the world's most private search engine. It provides Google searc…

I have a new GnuPG Key

I have transitioned my GnuPG key from 1024-bit DSA to 4096-bit RSA. The old key is revoked and the new key is effective immediately. My GnuPG Public Key: ID 22D05A45 FP 44E4 4ABB 2410 742A 8476 BC9B 955B 200A 22D0 5A45 ID john@lane.uk.net My key is a…

A quick spin of Raspbian

I took a quick look at Raspbian because I wanted to quickly check the performance of its GUI and how easy it was to get audio and video working. I normally run ArchLinux on my kit. I used a first-gen 256MiB Raspberry Pi Model B because that's the spa…

Right-shift a file

Right-shifting a file means moving its contents by a given offset to make space at the beginning of the file. It's a block-level operation that would be performed on raw block devices and involves reading data from the device and writing it back furt…

inCrypt - in-place crypto conversion

inCrypt is a command-line tool that applies encryption to a block device (or a regular file used as such). It allows a data payload to be converted between raw(unencrypted), dm-crypt plain encryption and dm-crypt LUKS encryption. inCrypt was written …

Wrap a C library with Ruby

This article explains how C functions can be used from within Ruby. There are two ways: the new way is to use a foreign function interface and the old way is to write a Ruby extension. To make the example real, it will add Ruby spport for the AFsplit…

CipherShed Video Steganography

CipherShed, the encryption utility formerly known as TrueCrypt, performs on-the-fly filesystem encryption, either onto real block devices or container files, providing encrypted storage volumes. It also supports hidden volumes inside these outer volu…

A painless introduction to CGI

We aren't making movies full of special effects; this CGI is the Common Gateway Interface. It's a way to write scripts to produce dynamic web pages. A CGI script is just like any other script except that it's launched by a web server like Apache (act…

A Bazaar fork in Git

No, not a bizarre forkin' git! I wanted to fork a package so that I could use it myself but it was hosted on Launchpad in a Bazaar repository whereas I like to use Git and Github. It is easy to make a Git repository from a Bazaar one. Here's how. Fir…

Python, Telnet and Speedtouch

I wrote a utility called telscript that can be used to send scripted commands over telnet. I wrote it specifically to send commands to a SpeedTouch 585v7 ADSL Router. It makes use of the Python telnetlib module. Because it expects specific responses …

Seagate Date Code

Seagate hard drives use a code to represent their manufacturing date. It is encoded as a number representing a year, week number and day of the week. The date code is a four or five-digit number that can be interpreted as YYWD or YYWWD where YY is th…

Cocktail Audio X10 Root Password

The Cocktail Audio X10 is a small Linux-based media server. You can use telnet to log in to it as root as long as you know the root password. Once it was easy... I discovered very early on that the web-based user interface's update routine performs a…

Rails Model Validations

I wrote this article as a note to self while learning how Rails model validation messages are produced so that I could modify them. A key feature of the Rails ActiveModel is attribute validation. You can add a declaration to a model, like this valida…