Category Archives: Linux

Raspberry Pi 3 Model B+ 4 USB Ports

Connecting a Raspberry Pi 3 to Wifi and add defaults

  1. Connect the Raspberry to an existing local area network by cable.
    –  I used the Ubuntu “Shared to other computers”-Network manager Setting to bridge my eth0 to my wlan0 connection providing internet access.
  2. Connect via ssh to this device
    username: pi
    password: raspberry
    – usually you don’t now the ip of the device use nmap 10.42.0.0/24 -p 22  to search for open ssh devices
  3. Scan for local wifi networks: sudo iwlist wlan0 scan 
  4. sudo nano /etc/wpa_supplicant/wpa_supplicant.conf  and add your wifi connection data:

    network={
        ssid="networkname"
        psk="password42!"
    }
  5. restart the wifi and bring it to connection sudo ifdown wlan0 && sudo ifup wlan0
  6. Get the latest software status lists: sudo apt-get update
  7. Update all installed software: sudo apt-get upgrade -y
  8. Install common software to harden the system:
    sudo apt-get install x11vnc htop bmon fail2ban vnstat ufw
    x11vnc: nice tool to use VNC connections on the main x session
    htop: visualizes processes and load in color
    bmon: visualizes network traffic
    fail2ban: handles bruteforce attacks by banning Ips for a certain amount of time
    vnstat: counts network traffic over time
    ufw: makes it easier to handle ipables and configure your firewall
  9. Start the Raspberry Pi 3 Configuration Programm: raspi-config
    – expand file system to match your sd card size
    – set hostname in advanced settings
  10. enjoy your new Raspberry Pi 3 \o/

Building tinc1.1pre11 on Ubuntu

Because local package sources currently only offers tinc 1.0* versions we need to compile tinc ourselfs to use the features like invite or join of 1.1.

## we need root privileges
sudo -i

apt-get install build-essential liblzo2-dev libssl-dev libncurses5-dev libreadline-dev libghc-zlib-dev

cd /usr/local/src

wget http://www.tinc-vpn.org/packages/tinc-1.1pre11.tar.gz
tar -xvzf tinc-1.1pre11.tar.gz

cd tinc-1.1pre11

./configure --prefix= --sysconfdir=/etc --localstatedir=/var && make && make install

 

Controlling ws2812b with an esp8266 by open-pixel-control protocol

Harder than it looks but controlling an 5m led stripe using the esp8266 by the open pixel control protocol took me a night (and might be the reason for extra bad english as i write this post directly after it). But it’s real fun!

There are several ways to make the controller blink, the easiest way is shown here:

while true; do ( echo -en '\x00\x00\x02\xA6'; dd if=/dev/urandom bs=678 count=1 status=none ) | ncat --send-only --udp 172.22.99.155 2342; sleep 0.1; done

For the duration of infintiy, it sends the static header consisting of 4 bytes ( prio, command and checksum) followed by 8bit red 8bit green and 8bit blue for each led of the stripe. It gets the blinking values by asking the source of random in linux.  It lacks a bit of white as my power source got to its limits, so if you reimplement this use 5V and 1A per 30 leds.

Another thing to mention is the data length field which are bytes 3-4 of the header or \x02\xA6 as in the command above. This length needs to equal the amount of leds times three, so in this example 226 Leds where controlled as the bytes in network order end up to be 678.

This results in that little animation:

Another possibility is to send these packets by a small python script like that:

import socket
import time

from struct import *

HOST = 'your-hostname'    
PORT = 2342              
colors = [(255,255,255), (255,0,0) ,(0,0,255), (0,255,0)  ]


for color in colors:
        print "sending color {} {} {}".format(color[0],color[1],color[2])
        data = [pack('b',0),pack('b',0), pack('!h',678)];

        for i in range(0,226):
                data.append(pack('BBB',color[0],color[1],color[2]))

        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)


        for i in range(0,1024):
                s.sendto("".join(data),(HOST,PORT))

        time.sleep(0.5)
        s.close()

import pdb; pdb.set_trace()

Code for the controller at github.

docker-compose wordpress with rerun-able volumes

There are several tutorials and files for running wordpress in docker. For me nearly none of them worked, therefore i wrote my own rerunable docker-compose file, which I like to share here now:

wordpress:
  image: wordpress
  container_name: wordpress
  links:
   - mysql
  ports:
   - "80:80"
  environment:
    WORDPRESS_DB_USER: root
    WORDPRESS_DB_NAME: wordpress
    WORDPRESS_DB_PASSWORD: "ch4ngeThis!"
  volumes:
    - /var/www/html/
mysql:
  image: library/mysql:latest
  mem_limit: 256m
  container_name: wordpress-mysql
  environment:
    - MYSQL_ROOT_PASSWORD=ch4ngeThis!
    - MYSQL_DATABASE=wordpress
    - MYSQL_USER=wordpress
    - MYSQL_PASSWORD=ch4ngeThis!
  volumes:
    - /var/lib/mysql

Just put this code into docker-compose.yml, change the passwords accordingly and run a new wordpress simply by:

docker-compose up

Howto use docker volumes containing remote sshfs mounts

For my audiobook-feeds github repository I needed docker to be able to use a host volume mount which contained a remote  sshfs mount located on my local raspberry pi with a attached external hard drive. For my own sake of documentation and to offer you something to profit from, I created this small howto:

First of all, connect to your server and mount your remote device via sshfs using the -o allow_root flag. The allow_other option I tried first didn’t work for some reason.

sudo sshfs paul@192.168.42.23:/my/remote/path/ /my/local/server/path/files/ -o allow_root,reconnect,default_permissions

Then run the container using the –privileged flag.

sudo docker run --privileged --rm -v `pwd`:/usr/src/myapp -w /usr/src/myapp -it --rm -p 127.0.0.1:8088:8080 --name audiobook-feeds audiobook-feeds go run feed.go

After that the root user of the container is able to list and to server the remote files.

PaulPetring\audiobook-feeds

I love podcasts.

I use them frequently and automatically downloaded by the Podcatcher BeyondPod onto my smartphone. In contrast to podcasts, I transfered my audiobooks to my smartphone by cable – which usually was very annoying. Therefore I wrote a little script that is able to close the gap by converting all my audiobooks into subscribable podcast feeds!

Of course it is open source and can be found here:  https://github.com/PaulPetring/audiobook-feeds

Some adittional facts:

  • it serves a website to browse your audiobooks and subscribe to certain books
  • serves rss and atom feeds for import
  • it offers a simple password protection to prevent copy right issues
  • runs in docker container (see MakeFile and DockerFile)
  • works when placed in subdirs example.com/audio/ (e.g. reg for ssl without wildcard)
  • allows custom theming and uses material design as default theme
  • handles encoding of filenames at best effort
default

Screenshot of the first available version of my audiobook-feeds project

I use it on regular basis and would like others to enjoy it as much as I do. So please feel free to use, spread and contribute to it. And see you soon 🙂

PaulPetring\audiobook-feeds

I love podcasts.

I use them frequently and automatically downloaded by the Podcatcher BeyondPod onto my smartphone. In contrast to podcasts, I transfered my audiobooks to my smartphone by cable – which usually was very annoying. Therefore I wrote a little script that is able to close the gap by converting all my audiobooks into subscribable podcast feeds!

Of course it is open source and can be found here:  https://github.com/PaulPetring/audiobook-feeds

Some adittional facts:

  • it serves a website to browse your audiobooks and subscribe to certain books
  • serves rss and atom feeds for import
  • it offers a simple password protection to prevent copy right issues
  • runs in docker container (see MakeFile and DockerFile)
  • works when placed in subdirs example.com/audio/ (e.g. reg for ssl without wildcard)
  • allows custom theming and uses material design as default theme
  • handles encoding of filenames at best effort
default

Screenshot of the first available version of my audiobook-feeds project

I use it on regular basis and would like others to enjoy it as much as I do. So please feel free to use, spread and contribute to it. And see you soon 🙂

PaulPetring\audiobook-feeds

I love podcasts.

I use them frequently and automatically downloaded by the Podcatcher BeyondPod onto my smartphone. In contrast to podcasts, I transfered my audiobooks to my smartphone by cable – which usually was very annoying. Therefore I wrote a little script that is able to close the gap by converting all my audiobooks into subscribable podcast feeds!

Of course it is open source and can be found here:  https://github.com/PaulPetring/audiobook-feeds

Some adittional facts:

  • it serves a website to browse your audiobooks and subscribe to certain books
  • serves rss and atom feeds for import
  • it offers a simple password protection to prevent copy right issues
  • runs in docker container (see MakeFile and DockerFile)
  • works when placed in subdirs example.com/audio/ (e.g. reg for ssl without wildcard)
  • allows custom theming and uses material design as default theme
  • handles encoding of filenames at best effort
default

Screenshot of the first available version of my audiobook-feeds project

I use it on regular basis and would like others to enjoy it as much as I do. So please feel free to use, spread and contribute to it. And see you soon 🙂

Brace yourself, Windows Updates are coming… …aaaand they’re gone :)

Certain programs (e.g. sketchup) and games (surprisingly just a few worth the effort) require to maintain a windows computer or virtual machine. Therefore updates on a regular basis are non optional. But why do I have to watch them, blocking the computer for hours and finally failing completely ?

… not a very valuable post, but sitting in front of an 3h force updating computer softens the sense for time wasting.

DNSSec DANE and hosteurope – impossible to host secure services.

They do not support  DNSSec.  That’s bad.

I host my families E-Mail server, which is a combination of dovecot, postfix, postgrey, nginx, webmailer, etc. It highly depends on CA trusted SSL/TLS-encryption and in order not to be filtered by spam filters the credibility of not beeing  spam.  Therefore I also host my own nameserver with a glue record an set several important records in it, and offer several DNSSec records to provide a reliable chain of trust.  –  with one point of failure: hosteurope.

Not capable to connect my chain to the registrar authothority by publishing my DS Record.
Therefore every authority, bad mood admin or hacker can interrupt the dns pathfinding of clients or usual mail server and man-in-the-middle my setup, generate fake certificates and read my families mail. Thanks to ‘beeing economicly not relevant and therefore nothing we offer’- hosteurope.

In conlusion, all the things I’ve done to increase security have been for nothing – at least until I change my domain host. Which I will do, and highly would advise to everyone who wants to harden their infrastructure after the nsa scandal.