Expat-IT Tech Bits

Home

Contact

Links

Search this site:

Categories:

/ (287)
  Admin/ (122)
    Apache/ (10)
      HTTPS-SSL/ (4)
      PHP/ (3)
      performance/ (2)
    Cherokee/ (1)
    LAN/ (4)
    LVM/ (6)
    Monitoring/ (2)
      munin/ (2)
    SSH/ (6)
    SSL/ (1)
    Samba/ (1)
    VPN-options/ (6)
      OpenVPN/ (1)
      SSH-Proxy/ (3)
      Tinc/ (1)
      sshuttle/ (1)
    backups/ (17)
      SpiderOak/ (1)
      backuppc/ (5)
      dirvish/ (1)
      misc/ (6)
      rdiff-backup/ (1)
      rsync/ (1)
      unison/ (2)
    commandLine/ (24)
      files/ (8)
      misc/ (10)
      network/ (6)
    crontab/ (1)
    databases/ (15)
      MSSQL/ (2)
      MySQL/ (8)
      Oracle/ (3)
      PostgreSQL/ (1)
    dynamicDNS/ (2)
    email/ (11)
      Dovecot/ (1)
      deliverability/ (1)
      misc/ (1)
      postfix/ (7)
      puppet/ (1)
    iptables/ (3)
    tripwire/ (1)
    virtualization/ (9)
      VMware/ (1)
      virtualBox/ (8)
  Coding/ (14)
    bash/ (1)
    gdb/ (1)
    git/ (3)
    php/ (5)
    python/ (4)
      Django/ (2)
  Education/ (1)
  Hosting/ (27)
    Amazon/ (18)
      EBS/ (3)
      EC2/ (10)
      S3/ (1)
      commandline/ (4)
    Godaddy/ (2)
    NearlyFreeSpeech/ (3)
    Rackspace/ (1)
    vpslink/ (3)
  Linux/ (30)
    Android/ (1)
    Awesome/ (3)
    CPUfreq/ (1)
    China/ (2)
    Debian/ (8)
      APT/ (3)
      WPA/ (1)
    audio/ (1)
    encryption/ (3)
    fonts/ (1)
    misc/ (6)
    remoteDesktop/ (1)
    router-bridge/ (3)
  SW/ (45)
    Micro$soft/ (1)
    browser/ (2)
      Chrome/ (1)
      Firefox/ (1)
    business/ (28)
      Drupal/ (9)
      KnowledgeTree/ (6)
      Redmine/ (2)
      SugarCRM/ (7)
      WebERP/ (2)
      WordPress/ (1)
      eGroupware/ (1)
    chat/ (1)
    email/ (1)
    fileSharing/ (2)
      btsync/ (1)
      mldonkey/ (1)
    graphics/ (2)
    research/ (2)
    website/ (6)
      blog/ (6)
        blosxom/ (3)
        rss2email/ (1)
        webgen/ (1)
  Security/ (15)
    IMchat/ (2)
    circumvention/ (2)
    cryptoCurrency/ (1)
    e-mail/ (4)
    greatFirewall/ (1)
    hacking/ (1)
    password/ (1)
    privacy/ (2)
    skype/ (1)
  Services/ (1)
    fileSharing/ (1)
  TechWriting/ (1)
  xHW/ (14)
    Lenovo/ (1)
    Motorola_A1200/ (2)
    Thinkpad_600e/ (1)
    Thinkpad_a21m/ (3)
    Thinkpad_i1300/ (1)
    Thinkpad_x24/ (1)
    USB_audio/ (1)
    scanner/ (1)
    wirelessCards/ (2)
  xLife/ (17)
    China/ (9)
      Beijing/ (5)
        OpenSource/ (3)
    Expatriation/ (1)
    Vietnam/ (7)

Archives:

  • 2016/07
  • 2016/05
  • 2016/02
  • 2016/01
  • 2015/12
  • 2015/11
  • 2015/06
  • 2015/01
  • 2014/12
  • 2014/11
  • 2014/10
  • 2014/09
  • 2014/07
  • 2014/04
  • 2014/02
  • 2014/01
  • 2013/12
  • 2013/10
  • 2013/08
  • 2013/07
  • 2013/06
  • 2013/05
  • 2013/04
  • 2013/02
  • 2013/01
  • 2012/12
  • 2012/10
  • 2012/09
  • 2012/08
  • 2012/07
  • 2012/06
  • 2012/05
  • 2012/04
  • 2012/03
  • 2012/01
  • 2011/12
  • 2011/11
  • 2011/10
  • 2011/09
  • 2011/08
  • 2011/07
  • 2011/06
  • 2011/05
  • 2011/04
  • 2011/02
  • 2010/12
  • 2010/11
  • 2010/10
  • 2010/09
  • 2010/08
  • 2010/07
  • 2010/06
  • 2010/05
  • 2010/04
  • 2010/03
  • 2010/02
  • 2010/01
  • 2009/12
  • 2009/11
  • 2009/10
  • 2009/09
  • 2009/08
  • 2009/07
  • 2009/06
  • 2009/05
  • 2009/04
  • 2009/03
  • 2009/02
  • 2009/01
  • 2008/12
  • 2008/11
  • 2008/10
  • 2008/09
  • Subscribe XML RSS Feed

    Creative Commons License
    This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
    PyBlosxom

    This site has no ads. To help with hosting, crypto donations are accepted:
    Bitcoin: 1JErV8ga9UY7wE8Bbf1KYsA5bkdh8n1Bxc
    Zcash: zcLYqtXYFEWHFtEfM6wg5eCV8frxWtZYkT8WyxvevzNC6SBgmqPS3tkg6nBarmzRzWYAurgs4ThkpkD5QgiSwxqoB7xrCxs

    Sun, 17 Jan 2010


    /Admin/VPN-options/SSH-Proxy: Proxychains Allows Any Application to Use a Proxy

    My SSH Socks5 proxy[1] works great, especially with the addition of autossh, but unlike most web browsers and Pidgin, many applications (particularly on the command line) just do not have proxy support built in.

    Proxychains[2] is a wrapper that redirects all network traffic through a designated proxy. To get it working is very simple. After installing, I made this change to the bottom of /etc/proxychains.conf:

    # defaults set to "tor"
    # socks4 127.0.0.1 9050
    socks5 127.0.0.1 1082

    ie. I commented out the default Tor proxy and added my local SSH socks5 proxy which I have placed on port 1082.

    Then, for instance, to send my gpodder podcatcher through the SSH tunnel, I just start gpodder in a terminal as follows:

    proxychains gpodder&

    Then all of gpodder's network traffic (DNS queries included) go out via SSH through my out-of-country server. And now I have restored access to many blocked podcasts, PGP key servers, and no doubt many other things as they come up. I have been looking for something like this for years.

    [1] http://blog.langex.net/index.cgi/Admin/SSH-Proxy/
    [2] http://proxychains.sourceforge.net/

    posted at: 09:04 | path: /Admin/VPN-options/SSH-Proxy | permanent link to this entry

    Sat, 16 Jan 2010


    /Security/e-mail: Setting Up PGP E-mail Encryption

    Finally someone has agreed to help me play with PGP e-mail encryption!! So here are my notes:

    In my claws-mail e-mail client, I had to install a plugin (a separate package in Debian) called claws-mail-pgpmime. After restarting, there appeared a "GPG" tab in my per-account e-mail preferences, where I clicked on the "Generate a new key pair" button. (claws-mail apparently does all the necessary pgp stuff under the hood, including adding the new keys to my private key ring....) In the same tab, I also selected the "select key by your e-mail address", which seemed logical. And then in the "Privacy" tab do not forget to select when you want your key sent, and under what circumstances e-mail is supposed to be encrypted. (And I was delighted to see a "Save sent encrypted messages as plain text option", since I have an encrypted home directory anyway.)

    (Note that this FAQ[1] warns that some spammers harvest e-mail address off of the public key servers, so if you intend to publish your key to such a server, choose an e-mail address with good spam filtering....)

    Now for the fun command line stuff....

    PGP can only work if both ends of the communication have one another's public keys, and from what I can tell, the standard way to do that is via the world-wide network of public key servers. For instance, after adding:

    keyserver keyserver.ubuntu.com

    to ~/.gnupg/options, if I open an e-mail signed with a pgp-signature attachment, I can then click on the key icon to the right of my claws-mail message pane and see the prompt:

    "This key is not in your keyring. Do you want Claws Mail to try and import it from a keyserver?

    Of course(!?) this does not work in China because all the keyservers seem to be blocked, so I have to do it through a proxy server as follows:

    proxychains gpg --no-tty --recv-keys A1295TE1D75F5533

    And now claws-mail can verify the signature as "correct". And now

    gpg --list-keys

    will show all the keys on my private key ring, including the one I just imported. That is how I get my friend's public key.

    Per this fine howto[2], I can broadcast my own key to the world thusly:

    gpg --send-keys --keyserver keyserver.ubuntu.com 6D79E522

    where the code at the end of the line is obtainable from the "gpg --list-keys" listing.

    Note that it is also possible to share public keys by exporting them to a file as follows:

    gpg --export -a 6D79E522 > mykey.asc

    and e-mailing the file. Once both ends are supplied with the other's public key, encryption should be trivial.

    [1] http://pgp.mit.edu/faq.html
    [2] https://help.ubuntu.com/community/GnuPrivacyGuardHowto

    posted at: 08:29 | path: /Security/e-mail | permanent link to this entry

    Sun, 10 Jan 2010


    /SW/business/Drupal: My Favorite Drupal Modules

    (As of Drupal version 6.x....)

    Drupal is a very mature piece of software, with a vast number of modules to choose from, often with multiple modules vying to provide the same piece of functionality. After some trial and error, here are my candidates for "best of", modules someone new to Drupal should look into early:

    First some easily overlooked core modules:

    Third-Party modules:

    Here is someone else's list of favorites[6].

    [1] http://drupal.org/project/cck
    [2] http://drupal.org/project/views
    [3] http://drupal.org/project/image
    [4] http://drupal.org/project/image_fupload
    [5] http://drupal.org/project/lightbox2
    [6] http://www.nicklewis.org/40-essential-drupal-6-modules
    [7] http://drupal.org/project/boost

    posted at: 22:40 | path: /SW/business/Drupal | permanent link to this entry

    Fri, 08 Jan 2010


    /Admin/VPN-options/SSH-Proxy: Use autossh to Fix Frequent Disconnects

    Sometimes the bandwidth is so bad here (or is it the "Great Firewall" deliberately trying to break my connection?) that my SSH tunnel will frequently fail. Very inconvenient, as I do not notice until I need it, then I have to do a manual restart and wait for it to connect (and said wait can sometimes be significant when bandwidth sucks...)

    Enter autossh[1].

    I have setup an alias in my .bashrc as follows:

    alias tunnel="autossh -M 0 -v -CND 1082 username@hostname.com"

    To start the tunnel at the beginning of the day, I just type "tunnel" in any terminal. And whenever the ssh connection is broken, autossh automatically (and apparently intelligently) restarts it. So far, so good.

    [1] http://www.harding.motd.ca/autossh/

    posted at: 01:11 | path: /Admin/VPN-options/SSH-Proxy | permanent link to this entry

    Sun, 03 Jan 2010


    /xHW/Thinkpad_a21m: More Sound Card Fun

    In a previous post in this section[1] I noted that the Linux kernel no longer supports my Thinkpad A21M's sound card, and I have been using USB speakers instead. (Another post talks about a borked mother board, which turns out to have been not the case. More on that one another time.)

    Suddenly out of the blue with the latest Debian 2.6.30 kernel I am getting something loading that is pretending to be a sound card and reporting itself to my mixer as a "PC Speaker". The problem with this is both Debian user-land and Linux applications make it difficult to switch from one sound card to another, either globally or per application, and everything defaults to the first sound card. Which spot is now being squatted upon by this useless "PC Speaker" thing, making it difficult for me to use the USB speakers.

    This[2] appears to be the culprit: a "pcsp" module. And sure enough, lsmod tells me there is a snd_pcsp being loaded. So I added:

    blacklist snd_pcsp

    to /etc/modprobe.d/x-local-blacklist, rebooted, and it went away. Back to functioning USB speakers.

    [1] http://blog.langex.net/index.cgi/xHW/Thinkpad_a21m/
    [2] http://speech.braille.uwo.ca/pipermail/speakup/2007-August/044233.html

    posted at: 09:39 | path: /xHW/Thinkpad_a21m | permanent link to this entry