Expat-IT Tech Bits

Home

Contact

Links

Search this site:

Categories:

/ (287)
  Admin/ (122)
    Apache/ (10)
      HTTPS-SSL/ (4)
      PHP/ (3)
      performance/ (2)
    Cherokee/ (1)
    LAN/ (4)
    LVM/ (6)
    Monitoring/ (2)
      munin/ (2)
    SSH/ (6)
    SSL/ (1)
    Samba/ (1)
    VPN-options/ (6)
      OpenVPN/ (1)
      SSH-Proxy/ (3)
      Tinc/ (1)
      sshuttle/ (1)
    backups/ (17)
      SpiderOak/ (1)
      backuppc/ (5)
      dirvish/ (1)
      misc/ (6)
      rdiff-backup/ (1)
      rsync/ (1)
      unison/ (2)
    commandLine/ (24)
      files/ (8)
      misc/ (10)
      network/ (6)
    crontab/ (1)
    databases/ (15)
      MSSQL/ (2)
      MySQL/ (8)
      Oracle/ (3)
      PostgreSQL/ (1)
    dynamicDNS/ (2)
    email/ (11)
      Dovecot/ (1)
      deliverability/ (1)
      misc/ (1)
      postfix/ (7)
      puppet/ (1)
    iptables/ (3)
    tripwire/ (1)
    virtualization/ (9)
      VMware/ (1)
      virtualBox/ (8)
  Coding/ (14)
    bash/ (1)
    gdb/ (1)
    git/ (3)
    php/ (5)
    python/ (4)
      Django/ (2)
  Education/ (1)
  Hosting/ (27)
    Amazon/ (18)
      EBS/ (3)
      EC2/ (10)
      S3/ (1)
      commandline/ (4)
    Godaddy/ (2)
    NearlyFreeSpeech/ (3)
    Rackspace/ (1)
    vpslink/ (3)
  Linux/ (30)
    Android/ (1)
    Awesome/ (3)
    CPUfreq/ (1)
    China/ (2)
    Debian/ (8)
      APT/ (3)
      WPA/ (1)
    audio/ (1)
    encryption/ (3)
    fonts/ (1)
    misc/ (6)
    remoteDesktop/ (1)
    router-bridge/ (3)
  SW/ (45)
    Micro$soft/ (1)
    browser/ (2)
      Chrome/ (1)
      Firefox/ (1)
    business/ (28)
      Drupal/ (9)
      KnowledgeTree/ (6)
      Redmine/ (2)
      SugarCRM/ (7)
      WebERP/ (2)
      WordPress/ (1)
      eGroupware/ (1)
    chat/ (1)
    email/ (1)
    fileSharing/ (2)
      btsync/ (1)
      mldonkey/ (1)
    graphics/ (2)
    research/ (2)
    website/ (6)
      blog/ (6)
        blosxom/ (3)
        rss2email/ (1)
        webgen/ (1)
  Security/ (15)
    IMchat/ (2)
    circumvention/ (2)
    cryptoCurrency/ (1)
    e-mail/ (4)
    greatFirewall/ (1)
    hacking/ (1)
    password/ (1)
    privacy/ (2)
    skype/ (1)
  Services/ (1)
    fileSharing/ (1)
  TechWriting/ (1)
  xHW/ (14)
    Lenovo/ (1)
    Motorola_A1200/ (2)
    Thinkpad_600e/ (1)
    Thinkpad_a21m/ (3)
    Thinkpad_i1300/ (1)
    Thinkpad_x24/ (1)
    USB_audio/ (1)
    scanner/ (1)
    wirelessCards/ (2)
  xLife/ (17)
    China/ (9)
      Beijing/ (5)
        OpenSource/ (3)
    Expatriation/ (1)
    Vietnam/ (7)

Archives:

  • 2016/07
  • 2016/05
  • 2016/02
  • 2016/01
  • 2015/12
  • 2015/11
  • 2015/06
  • 2015/01
  • 2014/12
  • 2014/11
  • 2014/10
  • 2014/09
  • 2014/07
  • 2014/04
  • 2014/02
  • 2014/01
  • 2013/12
  • 2013/10
  • 2013/08
  • 2013/07
  • 2013/06
  • 2013/05
  • 2013/04
  • 2013/02
  • 2013/01
  • 2012/12
  • 2012/10
  • 2012/09
  • 2012/08
  • 2012/07
  • 2012/06
  • 2012/05
  • 2012/04
  • 2012/03
  • 2012/01
  • 2011/12
  • 2011/11
  • 2011/10
  • 2011/09
  • 2011/08
  • 2011/07
  • 2011/06
  • 2011/05
  • 2011/04
  • 2011/02
  • 2010/12
  • 2010/11
  • 2010/10
  • 2010/09
  • 2010/08
  • 2010/07
  • 2010/06
  • 2010/05
  • 2010/04
  • 2010/03
  • 2010/02
  • 2010/01
  • 2009/12
  • 2009/11
  • 2009/10
  • 2009/09
  • 2009/08
  • 2009/07
  • 2009/06
  • 2009/05
  • 2009/04
  • 2009/03
  • 2009/02
  • 2009/01
  • 2008/12
  • 2008/11
  • 2008/10
  • 2008/09
  • Subscribe XML RSS Feed

    Creative Commons License
    This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
    PyBlosxom

    This site has no ads. To help with hosting, crypto donations are accepted:
    Bitcoin: 1JErV8ga9UY7wE8Bbf1KYsA5bkdh8n1Bxc
    Zcash: zcLYqtXYFEWHFtEfM6wg5eCV8frxWtZYkT8WyxvevzNC6SBgmqPS3tkg6nBarmzRzWYAurgs4ThkpkD5QgiSwxqoB7xrCxs

    Tue, 30 Oct 2012


    /Linux/Debian/APT: Apt-Pinning and Mixing Multiple Repositories in the Same Machine

    I generally run a Debian Testing box, but frequently find the need to install stuff from the unstable repository. And I am getting tired of juggling my sources.list manually.

    So I have created the following file, with thanks to Paul Wise[1]:

    Package: *
    Pin: release a=testing
    Pin-Priority: 800
    
    Package: *
    Pin: release a=unstable
    Pin-Priority: 700
    
    Package: lintian
    Pin: release a=unstable
    Pin-Priority: 900
    

    and included sources for both testing and unstable in my sources.list. Note that a higher Pin-Priority gives that source a higher priority for sourcing the specified package(s).

    So now when I do an "apt-get upgrade" APT will pull updates from testing only, UNLESS the package does not exist in testing and only exists in unstable. And installing a newer version of a package that already exists in testing from the unstable repo is the usual

    apt-get install -t unstable packageName

    [1] http://bonedaddy.net/pabs3/log/2012/10/29/thoughts-on-debian-testing/

    posted at: 01:44 | path: /Linux/Debian/APT | permanent link to this entry

    Sat, 20 Oct 2012


    /xHW: The TL-WR703N[1] OpenWRT-Compatible Wireless Access Point

    Finding out about Open Source-compatible network equipment while it is still new enough to be found in shops is quite rare, in my experience. This would be the first time I have been so lucky. This device can be had for about 100 RMB / less then $20 just about everywhere in Beijing right now.

    The TL-WR703N[1] is a TINY device, not much bigger then an mp3 player, with one ethernet port, one ordinary USB port, and one mini-USB port for power supply. Made only for the Chinese market, with a Chinese GUI, well-supported by OpenWRT[2].

    This[3] is the version of OpenWRT I flashed the device with. (I went with a beta of the new stable, as it seemed likely that the old stable would not support the TL-WR703N.) Flashing is as simple as using the existing Chinese OS to update the firmware.

    [2] gives very good instructions for unbricking the device if you break the OpenWRT network config. Which in my experience is very likely if you try to deviate from the default config which bridges together the ethernet and wireless into transparent AP mode. I wanted a standard router config with ethernet (WAN) and wireless (LAN) on separate, firewalled subnets, but I found the state of this version of the OpenWRT config frontend to be quite buggy. I tried from both the Luci GUI and manually editing the config files, and neither approach produced a working device. So I am living with the bridged mode right now.

    So far I am very happy with the hardware and the OpenWRT support. Not so happy with the OpenWRT config front end.

    [1] http://www.tp-link.com.cn/pages/product-detail.asp?d=225
    [2] http://wiki.openwrt.org/toh/tp-link/tl-wr703n
    [3] http://downloads.openwrt.org/attitude_adjustment/12.09-beta/ar71xx/generic/openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin

    posted at: 20:46 | path: /xHW | permanent link to this entry

    Thu, 04 Oct 2012


    /Admin/VPN-options/SSH-Proxy: A Do-It-Yourself Proxy For Those Who Need to Circumvent a Firewall

    Thanks to Jon[2] for reminding me that there is something better then flaky public proxies and the over-taxed Tor network[1]. Tor is still better if you want end-to-end security and anonymity, but if you just want a secure hop out of the local censored network and after that you do not care, renting a cheap server (as little as $8/month at vpslink[3], 100G of bandwidth included) is a simple and easy option.

    Assuming your remote server is called hostname.com, setting up an encrypted tunnel is as simple as executing this on a local terminal (must be root):

    ssh -v -CND 1080 username@hostname.com

    Note that for my own Debian server on the other end of the SSH proxy tunnel, I have found that "username" cannot be "root". I am not sure why this is (and it is definitely counter-intuitive) but if I try to tunnel to the root account on my server, when I try to use the tunnel to browse to a website it does not work and the following error is reported:

    channel 1: open failed: administratively prohibited: open failed

    If I tunnel to an ordinary user account on my server, I get no error and everything works. Go figure.....

    To semi-automate this I created an alias in my ~/.bashrc:

    tunnel="autossh -M 0 -v -CND 1080 username@hostname.com"

    Thereafter, in any terminal, just invoke "tunnel" to create the encrypted tunnel. (To eliminate the password prompt, setup passwordless authentication[6].)

    Any browser can use this proxy, by pointing its proxy setting at localhost and port 1080, with SOCKS 5 turned on. The Firefox FoxyProxy[4] plugin makes this infinitely more flexible by allowing the simultaneous configuration of multiple proxies, and providing fine-grained control over which websites are accessed using which proxies.

    Once FoxyProxy is installed into Firefox, you have the option of selecting any one proxy (or none) for all of your surfing, or associating certain websites with certain proxies and running FoxyProxy in "Patterns" mode. Since youtube is often getting itself blocked, a pattern for youtube would be:

    *.youtube.com/*

    While you are at it, install privoxy[5] and make it your default proxy for websites that have not been diverted to Tor or your just created personal proxy. Privoxy blocks a lot of advertisements and information gathering by nosy websites.

    Finally, note that

    ssh -v -CND 1080 username@hostname.com

    will only allow connections from the localhost. To allow connections from other computers over your local network, start it like this for example:

    ssh -v -CND [192.168.8.58]:1080 username@hostname.com

    This will allow any connections to port 1080 on the machine's exterior network interface. To start this as a persistent service at boot, add the following line to /etc/rc.local:

    su username -c 'autossh -M 0 -v -CND [192.168.8.58]:1080 username@hostname.com'&

    where username is the account you wish the service to run under.

    [1] http://www.torproject.org/
    [2] http://rejon.org/2009/07/access-facebook-through-the-great-firewall-second-line-ssh-tunnel/
    [3] http://blog.langex.net/index.cgi/Hosting/vpslink/
    [4] https://addons.mozilla.org/en-US/firefox/addon/2464
    [5] http://www.privoxy.org/
    [6] http://blog.langex.net/index.cgi/Admin/SSH-SSL/passwordless-ssh-authentication.html

    posted at: 08:39 | path: /Admin/VPN-options/SSH-Proxy | permanent link to this entry