Expat-IT Tech Bits

Home

Contact

Links

Search this site:

Categories:

/ (287)
  Admin/ (122)
    Apache/ (10)
      HTTPS-SSL/ (4)
      PHP/ (3)
      performance/ (2)
    Cherokee/ (1)
    LAN/ (4)
    LVM/ (6)
    Monitoring/ (2)
      munin/ (2)
    SSH/ (6)
    SSL/ (1)
    Samba/ (1)
    VPN-options/ (6)
      OpenVPN/ (1)
      SSH-Proxy/ (3)
      Tinc/ (1)
      sshuttle/ (1)
    backups/ (17)
      SpiderOak/ (1)
      backuppc/ (5)
      dirvish/ (1)
      misc/ (6)
      rdiff-backup/ (1)
      rsync/ (1)
      unison/ (2)
    commandLine/ (24)
      files/ (8)
      misc/ (10)
      network/ (6)
    crontab/ (1)
    databases/ (15)
      MSSQL/ (2)
      MySQL/ (8)
      Oracle/ (3)
      PostgreSQL/ (1)
    dynamicDNS/ (2)
    email/ (11)
      Dovecot/ (1)
      deliverability/ (1)
      misc/ (1)
      postfix/ (7)
      puppet/ (1)
    iptables/ (3)
    tripwire/ (1)
    virtualization/ (9)
      VMware/ (1)
      virtualBox/ (8)
  Coding/ (14)
    bash/ (1)
    gdb/ (1)
    git/ (3)
    php/ (5)
    python/ (4)
      Django/ (2)
  Education/ (1)
  Hosting/ (27)
    Amazon/ (18)
      EBS/ (3)
      EC2/ (10)
      S3/ (1)
      commandline/ (4)
    Godaddy/ (2)
    NearlyFreeSpeech/ (3)
    Rackspace/ (1)
    vpslink/ (3)
  Linux/ (30)
    Android/ (1)
    Awesome/ (3)
    CPUfreq/ (1)
    China/ (2)
    Debian/ (8)
      APT/ (3)
      WPA/ (1)
    audio/ (1)
    encryption/ (3)
    fonts/ (1)
    misc/ (6)
    remoteDesktop/ (1)
    router-bridge/ (3)
  SW/ (45)
    Micro$soft/ (1)
    browser/ (2)
      Chrome/ (1)
      Firefox/ (1)
    business/ (28)
      Drupal/ (9)
      KnowledgeTree/ (6)
      Redmine/ (2)
      SugarCRM/ (7)
      WebERP/ (2)
      WordPress/ (1)
      eGroupware/ (1)
    chat/ (1)
    email/ (1)
    fileSharing/ (2)
      btsync/ (1)
      mldonkey/ (1)
    graphics/ (2)
    research/ (2)
    website/ (6)
      blog/ (6)
        blosxom/ (3)
        rss2email/ (1)
        webgen/ (1)
  Security/ (15)
    IMchat/ (2)
    circumvention/ (2)
    cryptoCurrency/ (1)
    e-mail/ (4)
    greatFirewall/ (1)
    hacking/ (1)
    password/ (1)
    privacy/ (2)
    skype/ (1)
  Services/ (1)
    fileSharing/ (1)
  TechWriting/ (1)
  xHW/ (14)
    Lenovo/ (1)
    Motorola_A1200/ (2)
    Thinkpad_600e/ (1)
    Thinkpad_a21m/ (3)
    Thinkpad_i1300/ (1)
    Thinkpad_x24/ (1)
    USB_audio/ (1)
    scanner/ (1)
    wirelessCards/ (2)
  xLife/ (17)
    China/ (9)
      Beijing/ (5)
        OpenSource/ (3)
    Expatriation/ (1)
    Vietnam/ (7)

Archives:

  • 2016/07
  • 2016/05
  • 2016/02
  • 2016/01
  • 2015/12
  • 2015/11
  • 2015/06
  • 2015/01
  • 2014/12
  • 2014/11
  • 2014/10
  • 2014/09
  • 2014/07
  • 2014/04
  • 2014/02
  • 2014/01
  • 2013/12
  • 2013/10
  • 2013/08
  • 2013/07
  • 2013/06
  • 2013/05
  • 2013/04
  • 2013/02
  • 2013/01
  • 2012/12
  • 2012/10
  • 2012/09
  • 2012/08
  • 2012/07
  • 2012/06
  • 2012/05
  • 2012/04
  • 2012/03
  • 2012/01
  • 2011/12
  • 2011/11
  • 2011/10
  • 2011/09
  • 2011/08
  • 2011/07
  • 2011/06
  • 2011/05
  • 2011/04
  • 2011/02
  • 2010/12
  • 2010/11
  • 2010/10
  • 2010/09
  • 2010/08
  • 2010/07
  • 2010/06
  • 2010/05
  • 2010/04
  • 2010/03
  • 2010/02
  • 2010/01
  • 2009/12
  • 2009/11
  • 2009/10
  • 2009/09
  • 2009/08
  • 2009/07
  • 2009/06
  • 2009/05
  • 2009/04
  • 2009/03
  • 2009/02
  • 2009/01
  • 2008/12
  • 2008/11
  • 2008/10
  • 2008/09
  • Subscribe XML RSS Feed

    Creative Commons License
    This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
    PyBlosxom

    This site has no ads. To help with hosting, crypto donations are accepted:
    Bitcoin: 1JErV8ga9UY7wE8Bbf1KYsA5bkdh8n1Bxc
    Zcash: zcLYqtXYFEWHFtEfM6wg5eCV8frxWtZYkT8WyxvevzNC6SBgmqPS3tkg6nBarmzRzWYAurgs4ThkpkD5QgiSwxqoB7xrCxs

    Mon, 22 Feb 2010


    /Linux/audio: Switching Between Multiple Soundcards

    As a fan of USB audio devices, something that has caused me dissatisfaction for a very long time in my Debian Linux desktop environment has been the inability to gracefully and easily switch between multiple installed sound cards.

    I just installed the pavucontrol module[1] and perhaps this is a thing of the past, at least for Gnome / Pulseaudio users. After installing pavucontrol I get a second loudspeaker / mixer icon in my desktop tray, which is a little confusing, and both mixers seem to interact and have some control over sound volumes. Not elegant, but the key addition inside the pavucontrol "Sound Preferences" dialog is an "Output" pane that lists my available audio outputs: "Internal Audio" and "Audio Adaptor" (USB headset), with a radio button beside each.

    Clicking on the radio buttons transparently switches the audio back and forth between my laptop speakers and my USB headset. Outstanding.

    [1] http://0pointer.de/lennart/projects/pavucontrol/

    posted at: 12:28 | path: /Linux/audio | permanent link to this entry

    Mon, 15 Feb 2010


    /Hosting/Amazon/EC2: Amazon AWS: Information You Need to Give Your System Administrator

    Amazon AWS is designed to be able to give someone else the necessary privileges to control one's Amazon servers, without giving up the password of your Amazon AWS account. Here are a couple of very thorough treatments on the subject of Amazon AWS credentials: [5][6].

    In order to broadly manage your account and its servers, there are two sets of keys your System Administrator is probably going to need to access and control your servers and data stores:

    1. AWS Access Key / Secret Access Key
    2. X.509 Certificate and Private Key

    These two methods of authentication are also explained in the "Authentication" section of [1], and both sets of keys can be obtained from "Your Account" --> "Access identifiers" in your Amazon AWS account.

    The "Access Key / Secret Access Key" is comprised of two long strings, much longer then what one typically thinks of as a "password". This is what a System Administrator needs most of the time for most Amazon AWS management tasks. The ElasticFox Firefox Extension[4], for instance, uses these for authentication. Following are examples of what these keys look like:

    Access key: AKIAJQXQL474IJIOJATA
    Secret Access Key: XQbln80m5ms8a4xUSxPd7xmyF/7IM9hM24bv9aez

    The "X.509 certificate" is a pair of encryption keys (each of them much longer then either elements of the "Access Key / Secret Access Key") primarily used by the Java-based Amazon EC2 API Tools[2], as explained here[3].

    The certificate looks like this:

    -----BEGIN CERTIFICATE-----
    MIICdzCCAeCgAwIBAgIGAOfo0EVXMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
    AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
    GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0wODA5MjcyMzU3MDdaFw0wOTA5
    MjcyMzU3MDdaMFIxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMRcw
    FQYDVQQLEw5BV1MtRGV2ZWxvcGVyczEVMBMGA1UEAxMMdWx3MTFzaTFjYzhrMIGf
    MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmtXexIvZGTtVvRaulv5ibeJR04W9L
    r1ET/hmfQDMrhojGURI+7HYWUtZwxBEUfU/L7JkSEgvtgpCpB4ulLAtzpNcd/aJ0
    lL7gF6B0szIx3LSNX/uidt9JkFUNeCyJygMbGMQsK/V496KqHIbwaHKvB4gqGM5r
    Tpxuqv1Tu6SvQwIDAQABo1cwVTAOBgNVHQ8BAf8EBAMCBaAwFgYDVR0lAQH/BAww
    CgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPWGfgV0fN+glJXzs
    VPxSI3IcI4UwDQYJKoZIhvcNAQEFBQADgYEAcC6rIJiRSwSSx4+pDo/xcXsqX6jD
    /w9gnE/BnAvAtPyR5sH5x3ksGgmH0Z3VFtFk0Zika/EYACCFVpA76dRQeszYamPJ
    gaPwAZo6g7DK4YhWWX9b3p2waTWASUxzbb0ivRiL1bC5zLwin2MfAzMcwI4oYx1B
    BCvS2d6fGxuuXrQ=
    -----END CERTIFICATE-----
    

    And the private key looks like this:

    -----BEGIN PRIVATE KEY-----
    MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMaAtxIVZslDohGnIIXJ/V8HTvzm
    w7/wROrIDIAN7QIGW4G14y7Sy3IHM56Y89pCFuvtzOwX7dAKjAIho8SE1IWiG4XxojGrXkA4Y8HS
    5rxUtj3DrAV+y60QEnwLQzICYPnSqG7w239J1TpPDBnCprec+qziUNu2iAhXMbbJCei9AgMBAAEC
    gYBrivykDXg8finmCneyRDbDL0B5/8P5zwBneq5bCjBnsm4NHi/RBF84jfJHcHJcwwWMGK+3EVfE
    KJKl7Pe+1oAUWd423ARd1AsPfjQhBZ/RXXhNpXovPz7PTFLOnzQbOmtkl59xPo67bIs2gWlu/0jj
    6MXqGLpEp1JI1Z2mnFI6OQJBAOfDLRdUGekgBz5ZKpu8skzSvnVGxL/YGRpXOPKm08RuTMqRPvhW
    cn39nQZcjb9UYzdq2Av6cqwXFdMjcXBZw4MCQQDbQxndNYWmwH9ATH8Bg/D8/U0ciDO22NMj/Yti
    ToLLC0xStt6KXWFjyD/aAwz+3dmVSyvJK1s6stE0xUKiuq6/AkEAmdiF5iZ9zLLmHA00q4znDvgW
    VeNUV8UrZMDhnLIBgTN25kDkfBVmixv/UGm/7nImKnNSVyE5XeM1KaMtelcb4QJAE1xyfTkLqzTW
    R7w5fs3CyuQnGfzg7CVrR4NM+opKPFmsDKW/MuKaBfCZyst4K001uFwh6qqcbKt7k7hTcQEhCwJA
    EdAIyKc80eU5KpkWNwbEL3AqK4MYdihXN2/qAt+KVNNUYROzudpDuW1K96p28CaoavV0n81BWX7p
    UvidCsHK+g==
    -----END PRIVATE KEY-----
    

    [1] http://clouddb.info/2009/05/17/using-and-managing-aws-part-3-aws-security/
    [2] http://developer.amazonwebservices.com/connect/entry.jspa?externalID=351
    [3] http://developer.amazonwebservices.com/connect/entry!default.jspa?categoryID=100&externalID=1791&printable=true
    [4] http://developer.amazonwebservices.com/connect/entry.jspa?externalID=609
    [5] http://alestic.com/2009/11/ec2-credentials
    [6] http://www.elastician.com/2009/06/managing-your-aws-credentials-part-1.html

    posted at: 06:31 | path: /Hosting/Amazon/EC2 | permanent link to this entry

    Sun, 14 Feb 2010


    /Security/circumvention: Downloading Files When You Are Being Blocked

    I live in China, and I have to deal with file downloads being blocked all the time. Particularly of the Canadian and US news podcasts I am fond of watching. For the record, it is hard to tell whether the Chinese are censoring, or whether the providers are trying to save bandwidth by blocking all of China. I think there is a little bit of both going on. So here is how I deal with it.....

    A lot of things are not blocked, and for that I use Miro[1]. Miro has a lot of nice features for video podcatching. In my often bandwidth-starved situation, chief among them is that Miro is pretty good at resuming interrupted downloads, even after an over-night shutdown.

    For blocked podcasts, I have an encrypted SSH tunnel setup from my desktop to one of my servers in the USA. Setup ssh, autossh, and proxychains per these posts[2]. With my tunnel setup, I use a second piece of podcatching software called gpodder[3], which I start in a terminal like this:

    proxychains gpodder&

    to force all gpodder traffic through my encrypted tunnel. Then use gpodder per normal to download blocked podcasts. However....

    In China, there are often extended periods of time when the powers-that-be use the Great Firewall to interfere with these kind of downloads. Sometimes there are repeated network interruptions that cause large files to fail before there download completes. Sometimes this seems to be combined with bandwidth throttling, where each network connection I make is limited to 5 kb/s of download, which makes the download VERY long, and even more prone to interruptions.

    For these particularly difficult situations, I just use gpodder to pull down the list of files from the podcast feeds. Then I use a Firefox plugin called "SQLite Manager"[4] to open gpodder's datebase in ~/.config/gpodder/database.sqlite. In the table called "episodes" can be found a record for each podcast that has been pulled down from the feed. From that record I can extract the actual URL of the file for the podcast, so that I can then download it with wget[5], which is an extremely robust command-line file downloader.

    Then I can start the download in a terminal like this:

    proxychains wget http://www.url.com/path/to/file/filename.something

    Continuing a partially download podcast is as simple as:

    proxychains wget -c http://www.url.com/path/to/file/filename.something

    (Note the "-c".) It is also worth trying the above wget line first without proxychains, as sometimes only the feed URL is blocked, but the server where the actual files reside is not blocked.

    [1] http://www.getmiro.com
    [2] http://blog.langex.net/index.cgi/Admin/SSH-Proxy/ [3] http://gpodder.org/
    [4] https://addons.mozilla.org/en-US/firefox/addon/5817
    [5] http://www.gnu.org/software/wget/

    posted at: 07:14 | path: /Security/circumvention | permanent link to this entry

    Sun, 07 Feb 2010


    /Security/password: The Simplest Encrypted Password Store

    I have been using keepassx[1] as a partial solution. keepassx runs on Linux, Macs, and Micro$oft operating systems, and allows you to lock the file not only with a password, but also a key file. A really nice piece of software. But I was looking for something command-line oriented, that I could access via SSH on one of my servers with a public IP.

    The very simplest solution[2] seems to be vim[3], a turbo-charged version of the venerable Unix "vi" editor that includes a gnupg plugin (enabled by default on Debian).

    To create an encrypted file with vim, just type:

    vi -x test.gpg

    and you will be prompted for the password that will be used to lock the file. Edit and save. Thereafter, if you

    vi test.gpg -or-
    view test.gpg

    to edit or view the file, you will have to give your password to decrypt it.

    Don't be afraid of vi! You only need to know a few keystrokes to get the basic stuff done. When you first open a file for editing, most keystrokes will be ignored because you are in view mode:

    "i" to enter insert mode
    "R" to enter overwrite mode
    Esc key to return to read-only mode
    "r" to overwrite just one character under the cursor
    "x" or Delete key to delete the character under the cursor
    "dd" to delete the line under the cursor
    "ndd" to delete "n" lines under the cursor
    "yy" to copy ("yank") the line under the cursor
    "p" to past the last the last block of line(s) copied or deleted
    "/text" to search for the string "text"
    "zz" to exit and save
    ":q!" to exit without saving.

    I have been using vi fairly hard for years, and I rarely stray from this short list of keystrokes.

    [1] http://www.keepassx.org/
    [2] http://www.lucas-nussbaum.net/blog/?p=431
    [3] http://www.vim.org/

    posted at: 01:49 | path: /Security/password | permanent link to this entry