so a few days ago xfce released 4.12 !!!
I keep my own custom local repository and just found the time to update my xfce to the latest version !
my PKGBUILDs are mostly a template of the below file (git repo)
# Contributor: Evaggelos Balaskas < Evaggelos _AT_ Balaskas _DOT_ GR >
# Maintainer: Evaggelos Balaskas < Evaggelos _AT_ Balaskas _DOT_ GR >
_pkg=xfwm4
pkgname=$_pkg-git
pkgver=git
pkgrel=1
arch=('any')
pkgdesc="Xfce's window manager"
_cat='xfce'
_fqdn='git.xfce.org'
url="http://$_fqdn/$_cat/$_pkg"
license=('GPL v2')
depends=(libwnck exo)
makedepends=(automake autoconf libtool gcc m4 pkg-config intltool)
optdepends=(startup-notification)
conflicts=($_pkg)
provides=($_pkg)
replaces=($_pkg)
_gitroot="git://$_fqdn/$_cat"
_gitname=$_pkg
pkgver() {
date +%Y%m%d
}
build() {
if [ -d $_gitname ] ; then
msg "cd $_gitname && git pull origin"
cd $_gitname && git pull origin
msg "The local files are updated."
else
msg "git clone $_gitroot/$_gitname"
git clone $_gitroot/$_gitname
msg "The local files are updated."
fi
cd $srcdir/$_pkg
./autogen.sh --prefix=/usr --disable-debug
make
}
package() {
cd $srcdir/$_pkg
make DESTDIR=$pkgdir install
}
The result is something like this:
If you want to check my entire xfce custom repo, just click xfce-core_4.12.zip
UPDATE
I used this order of installation:
xfce4-dev-tools-git
libxfce4util-git
xfconf-git
libxfce4ui-git
exo-git
xfwm4-git
thunar-git
xfdesktop-git
thunar-volman-git
gtk-xfce-engine-git
tumbler-git
garcon-git
xfce4-appfinder-git
xfce4-panel-git
xfce4-session-git
xfce4-settings-git
Today i tried to install Quote Colors 0.3 on thunderbird.
But i keep hitting the “incompatibility” version problem.
So below my notes on how to “bypass” the Max Version on every mozilla addon xpi.
[~]> cd tmp/
[tmp]> mkdir -pv QuoteColors
mkdir: created directory ‘QuoteColors’
[tmp]> cd !$
cd QuoteColors
[QuoteColors]> wget https://addons.mozilla.org/thunderbird/downloads/latest/170/addon-170-latest.xpi
2015-01-30 13:32:13 (446 KB/s) - ‘addon-170-latest.xpi’ saved [37343/37343]
[QuoteColors]> unzip addon-170-latest.xpi
Archive: addon-170-latest.xpi
inflating: chrome.manifest
inflating: chrome/quotecolors.jar
inflating: defaults/preferences/quotecolors.js
inflating: install.rdf
inflating: license.txt
[QuoteColors]> sed -i -e 's/3.0.*/99.9.9/g' install.rdf
[QuoteColors]> zip -r addon-170-latest.xpi .
updating: chrome.manifest (deflated 80%)
updating: chrome/quotecolors.jar (deflated 15%)
updating: defaults/preferences/quotecolors.js (deflated 77%)
updating: install.rdf (deflated 69%)
updating: license.txt (deflated 53%)
adding: defaults/ (stored 0%)
adding: defaults/preferences/ (stored 0%)
adding: chrome/ (stored 0%)
A few days ago, I wrote a simple wiki page on how to Authenticate to a web site using LDAP backend.
There is a cool (and very simple way) to use Web Roles by matching your user’s ldap attributes to your web app.
A RFC 2255 from 1997 exists on how to implement (and use) the LDAP URL Format. The authldapurl syntax from mod_authnz_ldap explains that the “attribute” field can be used with comma to separate different attributes. Every attribute would be passed to your webserver as an AUTHENTICATED_attribute variable.
In my example:
AuthLDAPURL "ldap://ldap.domain.org/ou=web,dc=domain,dc=org?uid,MyWebAccess?one?(WebAccess=MyWebApp_Level_*)"
returns:
AUTHENTICATE_MYWEBACCESS
MyWebApp_Level_1
AUTHENTICATE_UID
myusername
Dec 1 2014 - Jan 21 2015
top five spammers:
1. adsgreece.com
2. mailendo.com
3. 4udeals.gr
4. eliamep.org
5. mailinglist.gr
Blocked via postfix:
/etc/postfix/header_checks
/massnews\.gr/ REJECT "Plz stop sending SPAM id= 1 "
/glc-emea\.com/ REJECT "Plz stop sending SPAM id= 2 "
/To:.*info@balaskas\.gr/ REJECT "Plz stop sending SPAM id= 3 "
/Akis.Angelakis/i REJECT "Plz stop sending SPAM id= 4 "
/from.*mailendo.com/ REJECT "Plz stop sending SPAM id= 5 "
/specisoft\.biz/ REJECT "Plz stop sending SPAM id= 6 "
/advantech\.gr/ REJECT "Plz stop sending SPAM id= 7 "
/adsgreece\.com/ REJECT "Plz stop sending SPAM id= 8 "
/2020web\.gr/ REJECT "Plz stop sending SPAM id= 9 "
/nfs\.gr/ REJECT "Plz stop sending SPAM id= 10 "
/polimonotiki/ REJECT "Plz stop sending SPAM id= 11 "
/eliamep\.org/ REJECT "Plz stop sending SPAM id= 12 "
/ellak\.gr/ REJECT "Plz stop sending SPAM id= 13 "
/seminaria\.gr/ REJECT "Plz stop sending SPAM id= 14 "
/stock-house\.gr/ REJECT "Plz stop sending SPAM id= 15 "
/Lesfemmes/i REJECT "Plz stop sending SPAM id= 16 "
/aldridge\.com/ REJECT "Plz stop sending SPAM id= 17 "
/inter\.net/ REJECT "Plz stop sending SPAM id= 18 "
/plexpr\.tk/ REJECT "Plz stop sending SPAM id= 19 "
/industrydisruptors\.org/ REJECT "Plz stop sending SPAM id= 20 "
/xinis\.com/ REJECT "Plz stop sending SPAM id= 21 "
/globalgreece\.gr/ REJECT "Plz stop sending SPAM id= 22 "
/hostzone\.gr/ REJECT "Plz stop sending SPAM id= 23 "
/mailinglist\.gr/ REJECT "Plz stop sending SPAM id= 24 "
/profitconsult\.gr/ REJECT "Plz stop sending SPAM id= 25 "
/pedersenco\.com/ REJECT "Plz stop sending SPAM id= 26 "
/diadima\.gr/ REJECT "Plz stop sending SPAM id= 27 "
/helenco\.gr/ REJECT "Plz stop sending SPAM id= 28 "
/adplus\.gr/ REJECT "Plz stop sending SPAM id= 29 "
/entos\.gr/ REJECT "Plz stop sending SPAM id= 30 "
/4udeals\.gr/ REJECT "Plz stop sending SPAM id= 31 "
/oncseminars\.gr/ REJECT "Plz stop sending SPAM id= 32 "
/enimerwsi\.gr/ REJECT "Plz stop sending SPAM id= 33 "
/eliamep\.gr/ REJECT "Plz stop sending SPAM id= 34 "
/ymlpsrv\.com/ REJECT "Plz stop sending SPAM id= 35 "
/dailysoccertip\.com/ REJECT "Plz stop sending SPAM id= 36 "
/bookbazaar\.gr/ REJECT "Plz stop sending SPAM id= 37 "
/zizoo\.gr/ REJECT "Plz stop sending SPAM id= 38 "
/anthemionflowers\.gr/ REJECT "Plz stop sending SPAM id= 39 "
/kourkouta\.com/ REJECT "Plz stop sending SPAM id= 40 "
/ipatata\.com/ REJECT "Plz stop sending SPAM id= 41 "
/ephost\.info/ REJECT "Plz stop sending SPAM id= 42 "
/kadoikonte\@gmail\.com/ REJECT "Plz stop sending SPAM id= 43 "
/mandrillapp\.com/ REJECT "Plz stop sending SPAM id= 44 "
/springer\.com/ REJECT "Plz stop sending SPAM id= 45 "
/mailchimp\.com/ REJECT "Plz stop sending SPAM id= 46 "
/altec\.gr/ REJECT "Plz stop sending SPAM id= 47 "
/winizi\.net/ REJECT "Plz stop sending SPAM id= 48 "
/sed\.gr/ REJECT "Plz stop sending SPAM id= 49 "
/pournara\.com/ REJECT "Plz stop sending SPAM id= 50 "
/emailmarketingnow\.gr/ REJECT "Plz stop sending SPAM id= 51 "
/entypa\.net/ REJECT "Plz stop sending SPAM id= 52 "
/4green\.gr/ REJECT "Plz stop sending SPAM id= 53 "
/imagemail\.eu/ REJECT "Plz stop sending SPAM id= 54 "
/cbr300r\.bike/ REJECT "Plz stop sending SPAM id= 55 "
/PRINTEX\ DIGITAL/i REJECT "Plz stop sending SPAM id= 56 "
/drassi\.gr/ REJECT "Plz stop sending SPAM id= 57 "
/mailstudio\.gr/ REJECT "Plz stop sending SPAM id= 58 "
/extratips\.net/ REJECT "Plz stop sending SPAM id= 59 "
/crmedia\.gr/ REJECT "Plz stop sending SPAM id= 60 "
/venan\.gr/ REJECT "Plz stop sending SPAM id= 61 "
/tonerflow\.info/ REJECT "Plz stop sending SPAM id= 62 "
/epiteugma\.com/ REJECT "Plz stop sending SPAM id= 63 "
A couple days ago, i wrote a blog post about how firefox don’t delete cookies from Pin Tabs here.
A friend of mine D. Glynos from census suggested to me that this problem/feature may be related to session cookies.
I was troubled about it and today i did a little research on the matter.
So when using firefox session restoration feature, firefox keeps all the session cookies in place and you can continue your work without a problem. If you hit F5 (refresh page) then the session is terminated and you have to log-in from the start.
OK, i don’t use session restoration but Pin Tabs. Seems that firefox considers Pin Tab as a session restoration process and that’s why it keeps the session cookies.
And this is by design !!!!!!!
There is also a 7 years bug (still opened - click here) that applies on Pin Tabs also.
Till now, i have not found a config (in about:config) option to tell firefox NOT to keep the session cookies when closing the browser!
UPDATE: 20150325
I got an email from a friend that suggest to take a look on this post from bugzilla:
I did a lot of testing and changed the below values to:
browser.sessionstore.privacy_level = 2
browser.sessionstore.privacy_level_deferred = 2
browser.sessionstore.privacy_level_deferred = 1
that means:
Never store extra session data.
but unfortunately the above did nothing for me.
the above did the trick for me
Anyhow, many thanks to Alex for informing me about this.
[post only in greek - sorry]
#FoodHacking
Στο hackerspace ξεκινάει μια νέα open-related-culture ενότητα, το FoodHacking.
Εάν κι η ιδέα προϋπήρχε ανάμεσα στα μέλη του hackerspace, μετά την επίσκεψη μελών του hackerspace στο πρόσφατο 31st Chaos Communication Congress (31C3), εδραιώθηκε.
Εκεί (#31C3) υπήρχε food hacking assembly κι ήρθαμε σε επαφή με το Food Hacking Base .
Οι hsgr food hackers σκέφτηκαν πως ήρθε η ώρα να ξεκινήσουμε μια (μικρή για αρχή) ομάδα και να αρχίσουμε να πειραματιζόμαστε με συνταγές κι ιδέες. Ήδη στο παρελθόν διάφορες ομάδες στο εργαστήριο έχουν φτιάξει μπύρα, λεμοντσέλο, σούσι κι εάν δεν σας φτάνουν αυτά, έχουν προχωρήσει στην κατασκευή ενός Siphon Coffee maker !
Η δική μου πρόταση: Αλευρόπιτα !
Η δική μου πρόταση για το πρώτο meetup είναι μια παραδοσιακή συνταγή που κάνουν στο χωριό μου και το αποτέλεσμα το ονομάζουν Αλευρόπιτα (σε άλλα μέρη την ονομάζουν ζυμαρόπιτα). Είναι αρκετά απλή, θέλει λίγα υλικά κι είναι ένα από τα πιο υγιεινά σνακ (εάν έχετε παιδιά) που σε περίπου μισή ώρα (εντάξει λίγο παραπάνω) είναι έτοιμη.
Η συνταγή που χρησιμοποίησα είναι η παρακάτω. Επιδέχεται άπειρες αλλαγές και θεωρώ πως ακόμα κι ένας εντελώς άπειρος μπορεί να την φτιάξει πολύ γρήγορα.
- 3ς κούπες αλεύρι
- 3ς κούπες γάλα
- 2 αυγά (μέτρια/μεγάλα) ή 3 μικρά
- 1 πρέζα αλάτι
- Φέτα
- Λάδι
Προσωπικά χρησιμοποιώ μικρές πλαστικές λεκανίτσες για τα μείγματα. Είναι πάμφθηνες και καθαρίζονται εύκολα. Αλλά εάν έχετε ανοξείδωτα ή γυάλινα μπολ είναι πάντα καλύτερο. Πάντα να επιλέγεται μεγάλα μπολ γιατί αρκετές φορές το μείγμα διογκώνεται (ανάλογα τη συνταγή φυσικά).
Γενικές Πληροφορίες
Μερικές πολύ γενικές πληροφορίες:
Όλα τα υλικά χρειάζεται να είναι σε θερμοκρασία δωματίου (εκτός εάν λέει αλλιώς η συνταγή). Δεν αναφέρω γραμμάρια αλλά κούπες/πρέζες γιατί θεωρώ πως στο μαγείρεμα (σε αντίθεση με την ζαχαροπλαστική) είναι καθαρά προσωπική άποψη. Για παράδειγμα στην συγκεκριμένη συνταγή η πρέζα (μια δόση δλδ) μπορεί να είναι σε κουταλάκι του γλυκού/τσαγιού αλλά εάν η φέτα είναι ξαλμυρισμένη και τα προτιμάτε αλμυρά, τότε θα πρέπει να ρίξετε λίγο παραπάνω. Εάν η συνταγή περιέχει αλεύρι κι είναι μείγμα, νερό βάζετε όσο χρειάζεται. Εάν πρέπει να βγει πηχτό λίγο, εάν είναι να βγει αραιό πολύ. Επίσης είναι καλή πρακτική το αλεύρι να το κοσκινίζεται για να μην σβολιάσει. Εάν η συνταγή θέλει φούρνο, πρέπει να τον προθερμάνετε. ΔΕΝ χρειάζεται να είναι πάντα στην θερμοκρασία ψησίματος, αλλά να έχει ομοιόμορφη ζεστή θερμοκρασία. Μπορείτε να χρησιμοποιήσετε και αντικολλητικό χαρτί ψησίματος (κι ίσως πρέπει σε κάποιες συνταγές) αλλά προσωπικά μου αρέσει όταν τα μείγματα ψήνονται απευθείας στο ταψί (ξέρω ξέρω - βίτσιο). Ακόμα, εάν οι συνταγές έχουν δύο μέρη (ξερά/υγρά) τα κάνουμε ξέχωρα και να ενώνουμε στο τέλος! Εάν η συνταγή έχει αυγά - θέλει πολύ καλό χτύπημα. Να θυμάστε την έκφραση: “Χτύπα τα σαν να σου χρωστάνε λεφτά”!
Πιο ειδικά για την παραπάνω συνταγή:
Οι παραλλαγές είναι πάρα μα πάρα πολλές, καθώς μπορείτε στο αλεύρι να βάλετε ότι αλεύρι θέλετε εσείς, ομοίως για το γάλα & φυσικά το ίδιο και για την φέτα. Αντί για λάδι, μπορείτε να κάνετε χρήση βουτύρου.
Πως προχωράμε:
Έχουμε κάνει την φέτα, τρίμμα από πριν. Χρησιμοποιούμε λατεξ γαντάκια για να μην λερωθούμε. Στο μπολ μας (ή στο λεκανάκι εγώ) ρίχνουμε το αλεύρι (ή το κοσκινίζουμε) και το αλάτι. Ανακατεύουμε. Ρίχνουμε τα αυγά και το γάλα. Ανακατεύουμε. Ρίχνουμε το τρίμμα. Ανακατεύουμε. Ρίχνουμε όσο νερό χρειάζεται για να αραιωθεί το μείγμα μας. Δεν θέλουμε να είναι νερουλό, αλλά να μην είναι πολύ πηχτό. Ρίχνουμε λίγο λάδι κι ανακατεύουμε.
Εάν βγει νερουλό το μείγμα, προσθέτουμε αλεύρι. Εάν είναι πολύ πηχτό κι έχουμε ρίξει αρκετό νερό, ρίχνουμε γάλα.
Έχουμε προθερμάνει τον φούρνο μας με το ταψάκι του μέσα στο φούρνο.
Βουτυρώνουμε το ταψί (ή το λαδώνουμε) και περιχύνουμε το μείγμα μας. Θα πρέπει να γεμίσει το ταψί μας αλλά σε ύψος πρέπει να είναι 1/2 εκατοστά. Εάν είναι παραπάνω δεν θα ξεροψηθεί και θα χρειαστεί παραπάνω ψήσιμο. Καλύτερα να βάλετε δύο ταψάκια εάν βγει το μείγμα παραπάνω. Εάν βγει λιγότερο ΜΗΝ ΑΓΧΩΝΕΣΤΕ. Στο μπολ ρίχνουμε αλεύρι, γάλα ή νερό και συμπληρώνουμε όσο χρειάζεται για να φτάσει στο επιθυμητό αποτέλεσμα.
Το αφήνουμε στους διακόσιους (200) βαθμούς για περίπου 35 λεπτά. Εδώ ένα ακόμα “μυστικό” ! Το 35 σημαίνει ότι ανάλογα με την ποσότητα μπορεί να είναι έτοιμο στα 30 ή στους 40 λεπτά ! Κοιτάμε ανά δέκα λεπτά την επιφάνεια της πίτας μας. Εάν το χρώμα του είναι όπως στην παραπάνω εικόνα, τότε είμαστε καλά.
[ PLZ read my new blog post on the matter]
Today i came across to a very nasty security firefox bug: when using Pin Tabs, firefox doesnt remove the first (in alphabetical order domain) cookies.
I am using Firefox v34.0.5 so it’s the latest stable version as of the time of writing this blog post.
PLZ, Let me try to walk you through my findings.
Below my settings:
As you can see, firefox should remove all the cookies when I close it.
I use Pin Tabs for my day-to-day web sites/apps.
I ‘ve noticed that I am always logged in to a specific web site.
That gave me the creeps. How the hell i am already logged in to this web site.
I have just opened up my firefox and firefox should have removed all the cookies!
I closed every opened/pinned tab and removed all cookies by hand.
Restarted firefox, logged in to this site and then closed firefox.
Opened up again firefox and there was no cookie.
Strange
I am now thinking that my morning coffee had vodka inside.
Pin Tabbed a few sites, logged in to all of them, restarted firefox and then i am still logged in only to this specific web site.
Opened up the “Show Cookies …” setting from preferences and show a few cookies. Restarted once more firefox and invest the cookies again. Still logged in to this specific site.
The “Show Cookies …” setting presents the domain cookies in alphabetical order. So that gave me a clue. The site starts from the letter C and is always the first one domain cookie.
OK, time to write some php cookie code to further investigate this issue.
<?php
if ( !isset ( $_COOKIE["aaaa"] ) ) {
$cookie_value = 0;
}
$cookie_value = ++$_COOKIE["aaaa"];
setcookie ( "aaaa" , $cookie_value , strtotime("+1 day") );
?>
<html>
<body>
<?php
echo "Hit F5<br>";
echo "cookie value is: " . $_COOKIE["aaaa"];
?>
</body>
</html>
Keep in mind, that the visiting server must send the set_cookie within the html headers. Before the html body.
Closed everything, removed every cookie. UnPin every tab and restarted firefox.
Visited my php test page, show cookie value, restarted firefox. No cookie.
Opened up once again firefox, visited my php test page. “Pin Tab” the test page, hit F5 a few times and then restart firefox. A cookie !!!!
So there is a security bug.
I’ll try to pass this to my mozillian friends so they file a security bug report.
Remember if you are logged in to amazon via a Pin Tab … amazon will always track you as it would (perhaps) be the first (in alphabetical order) domain cookie.
I ‘ve updated my wiki page to add an android section to my tinc-vpn setup.
So here it is my: tinc-vpn to a redirect-gateway instructions.
Nov 2 2014 - Dec 1 2014
Top spammers:
1. adsgreece.com
2. globalgreece.gr
3. nfs.gr
4. specisoft.biz
5. aldridge.com
Blocked via postfix:
/etc/postfix/header_checks
/massnews\.gr/ REJECT "Plz stop sending SPAM id=1"
/glc-emea\.com/ REJECT "Plz stop sending SPAM id=2"
/To:.*info@balaskas\.gr/ REJECT "Plz stop sending SPAM id=3"
/Akis.Angelakis/ REJECT "Plz stop sending SPAM id=4"
/from.*mailendo.com/ REJECT "Plz stop sending SPAM id=5"
/specisoft\.biz/ REJECT "Plz stop sending SPAM id=6"
/advantech\.gr/ REJECT "Plz stop sending SPAM id=7"
/adsgreece\.com/ REJECT "Plz stop sending SPAM id=8"
/2020web\.gr/ REJECT "Plz stop sending SPAM id=9"
/nfs\.gr/ REJECT "Plz stop sending SPAM id=10"
/polimonotiki/ REJECT "Plz stop sending SPAM id=11"
/eliamep\.org/ REJECT "Plz stop sending SPAM id=12"
/ellak\.gr/ REJECT "Plz stop sending SPAM id=13"
/seminaria\.gr/ REJECT "Plz stop sending SPAM id=14"
/stock-house\.gr/ REJECT "Plz stop sending SPAM id=15"
/Lesfemmes/i REJECT "Plz stop sending SPAM id=16"
/aldridge\.com/ REJECT "Plz stop sending SPAM id=17"
/inter\.net/ REJECT "Plz stop sending SPAM id=18"
/plexpr\.tk/ REJECT "Plz stop sending SPAM id=19"
/industrydisruptors\.org/ REJECT "Plz stop sending SPAM id=20"
/xinis\.com/ REJECT "Plz stop sending SPAM id=21"
/globalgreece\.gr/ REJECT "Plz stop sending SPAM id=22"
/hostzone\.gr/ REJECT "Plz stop sending SPAM id=23"
/mailinglist\.gr/ REJECT "Plz stop sending SPAM id=24"
/profitconsult\.gr/ REJECT "Plz stop sending SPAM id=25"
/pedersenco\.com/ REJECT "Plz stop sending SPAM id=26"
/diadima\.gr/ REJECT "Plz stop sending SPAM id=27"
/helenco\.gr/ REJECT "Plz stop sending SPAM id=28"
/adplus\.gr/ REJECT "Plz stop sending SPAM id=29"
/entos\.gr/ REJECT "Plz stop sending SPAM id=30"
/4udeals\.gr/ REJECT "Plz stop sending SPAM id=31"
/oncseminars\.gr/ REJECT "Plz stop sending SPAM id=32"
/enimerwsi\.gr/ REJECT "Plz stop sending SPAM id=33"
There is a big difference between communication and understanding.
Here is a DNS story:
The Internet Bank of Ebal (paraphrasing customer’s name) has their own Authoritative NameServer for their zone.
In the company i am currently working, we provide a secondary dns service.
Bellow the steps/instructions we provide to our customers - in order of action:
- Inform the customer to allow zone transfer to our Lans
- We confirm the zone transfer
- Inform the customer to add our secondary NameServers to his zone
(NS records inside their dns zone) - Provisioning the service aka add configuration to our NameServers
and finally - inform customer to add our NameServers to the Registry of .gr Domain Names
Just to be perfectly clear - we keep these steps simply cause from our experience not every DNS administrator understand what they must/should do.
So here are the steps the bank’s administrator did:
- Add one of our NameServers into registry of .gr domain names
- Allow zone transfer to our Lans.
in that order!
They raised a complain that we dont provide the secondary service and a lot of bank’s customer cant access their site (obviously)!
We re-inform the customer with the actions/steps and we specific told them to REMOVE our nameserver from the registry of .gr domains till WE confirm that everything is ok.
Below the new steps the bank’s administrator did:
- Add one more of our NameServers into registry of .gr domains names.
So we have a new problem.
I told the administrator (in writing) to remove something and they did the exactly opposite.
Still (at the time of writing this blog post) they havent add our nameservers into their zone
(step number #3).
At this moment i cant think of how to resolve the real problem: “The problem of communication to the point of understanding”
UPDATE:
Seems that we are still having problems with this customer!
The administrator of the bank chose to update the authoritative nameservers on the registry .gr domains.
They removed our authoritative nameservers (acting as secondary) and added our caching nameservers.
Just because i am a sysadmin, doesn’t mean that i can’t hack some HTML5/CSS3 code!
Or even do a better job than some “web” devs or devops !!!
In fact, here is an example of a pure HTML5/CSS3 show/hide help box:
The below code displays a ? on the HTML page,
so that when hovering over it, shows a help box.
HTML5 part
<span class="help">
<font color=blue> ? </font>
<div class="hidden">
<b><u>SOA</u></b><BR>
Specifies authoritative information about a DNS zone,
including the primary name server, the email of the domain
administrator, the domain serial number, and several timers
relating to refreshing the zone.
</div>
</span>
and the CCS3 part:
.help {
width: 5px;
}
.help:hover {
width: 500px;
height: 100px;
background:#f7f7f7;
position: fixed;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
}
.hidden {
display: none;
}
.help:hover > .hidden {
display: block;
background: #f7f7f7;
color: #000000;
text-align: left;
}
I am sure, that this (perhaps) is not the perfect way - but it sure beats every JS code I ‘ve already read from web-devs.
In 30 40 days of my new mail address and the top spammers are:
/massnews.gr/ REJECT "Plz stop sending SPAM id=1"
/glc-emea.com/ REJECT "Plz stop sending SPAM id=2"
/To:.*info@balaskas.gr/ REJECT "Plz stop sending SPAM id=3"
/Akis.Angelakis/ REJECT "Plz stop sending SPAM id=4"
/from.*mailendo.com/ REJECT "Plz stop sending SPAM id=5"
/specisoft.biz/ REJECT "Plz stop sending SPAM id=6"
/advantech.gr/ REJECT "Plz stop sending SPAM id=7"
/adsgreece.com/ REJECT "Plz stop sending SPAM id=8"
/2020web.gr/ REJECT "Plz stop sending SPAM id=9"
/nfs.gr/ REJECT "Plz stop sending SPAM id=10"
/polimonotiki/ REJECT "Plz stop sending SPAM id=11"
/eliamep.org/ REJECT "Plz stop sending SPAM id=12"
/ellak.gr/ REJECT "Plz stop sending SPAM id=13"
/seminaria.gr/ REJECT "Plz stop sending SPAM id=14"
/stock-house.gr/ REJECT "Plz stop sending SPAM id=15"
/Lesfemmes/i REJECT "Plz stop sending SPAM id=16"
/aldridge.com/ REJECT "Plz stop sending SPAM id=17"
/inter.net/ REJECT "Plz stop sending SPAM id=18"
/plexpr.tk/ REJECT "Plz stop sending SPAM id=19"
/industrydisruptors.org/ REJECT "Plz stop sending SPAM id=20"
What started as a Nasa Space App Challenge now becomes an extraordinary opensource achievement on the top five finalist of hackaday.io.
What is SatNOGS in non technical words: imagine a cheap mobile openhardware ground station that can collaborate through the internet with other ground stations and gather satellite signals all together, participating in a holistic opensource/opendata and public accessible database/site !
If you are thinking, that cant be right, the answer is that it is!!!
The amazing team behind the SatNOGS is working around the clock - non stop ONLY with openhardware and free software to do exactly that !
A fully modular system (you can choose your own antennas! or base setup) you can review the entire code on github, you can see in high quality videos and guides for every step, every process, you can participate via comments, emails or even satellite signals !
3D Printing is one of the major component in their journey till now. The have already published every design they are using for the satnogs project on github! You just need to print them. Every non-3d printing hardware are available to every hardware store near by you. The members of this project have published the Arduino code and schematics for the electronics too !!
Everything is fully documented in details, everything is open source !
AMAZING!
It’s seems that i may be bias, so dont believe anything i am writing.
See for your self and be mind-blowing impressed with the quality of their hardware documentation
Visit their facebook account for news and contact them if you have a brilliant idea about satellites or you just want to get a status of their work.
How about the team ?
I’ve met the entire team at Athens Hackerspace and the first thing that came into my mind (and it is most impressive) is the diversity of the members itself.
Not only in age (most of them are university students, but older hobbyists are participating too) but also in the technical area of expertise. This team can easily solve every practical problem they can find in the process.
SatNOGS, as I’ve already mentioned, is fully active and that all started (with the bing bang of-course) with an idea: To reach and communicate with the Space (the final frontier). Satellites are sending signals 24/7 and the ground stations cant reach every satellite (i am not talking to geo-static satellites) and there is no one to acknowledge that. The problem that the satnogs is solving is real.
And i hope with this blog post, more people can understand how important is that this project scale to more hackerspaces around the globe.
To see more, just click here and you can monitor the entire process till now.
a blog post about Wallabag
Tons of information are passing through your eyes every day. People now are browsing than reading and there are some things you really want to store and read them when you have some free time. Bookmarks are pretty useful for storing the url but the actual content could be moved somewhere else or even removed from the original place.
read-it-later applications have worked their magic and offline (or caching) storing the actual content to another location. Some of these applications (or online services) have the ability to synchronize their content to your tablet/smartphone or even your ebook reader. The most known service is, of course, pocket.
But then again you have to register to another online service that uses your email for userid and now knows every single thing you like to read! And what will happen if the company behind this service decides to close this or change their policy to sell yours info or hacked or …. whatever …. ?
Well that’s the nice thing about free software!
You can self-hosting your own application for saving web pages (aka read-it-later) with wallabag
Just download and extract the latest version inside your web server document root path:
cd /var/www/
wget -c http://wllbg.org/latest -O wallabag_latest.zip
unzip wallabag_latest.zip
mv wallabag_VERSION wallabag
At this moment you have your own self-hosted read-it-later service.
You need to generate a token for apps to connect with your wallabag instance (login –> config –> Feeds –> generate token) and it will produce something like that:
Token: sd/sdfSDFsdffd20
User ID: 1
Add the firefox add-on from here and then you have to configure only your wallabag URL.
For your smartphone you can use this app
wallabag from F-droid
For this app you need to write the token so that you can synchronize your feeds to your phone.
Wallabag has many features - the most useful for me is the epub export. I can store my articles to my ebook reader !
How about security ? I dont care to setup wallabag under an SSL certificate or bother with “basic auth” login cause i store public articles !!! If someone obtains my credentials he/she/it can use wallabag to mesh with my articles (ok - i have backups) but he/she/it will not gain access to “private” information. That’s said - that dont mean that i dont value of the above (on the contrary) - is just a way to say that in my wallabag instance, i only store already public/publish web pages!
[Edit] UX - update - support - donate
I forgot to mention on my original post that i do appreciate 3 major things when using an free software project.
First is the UX, if something is toooooo difficult for me to use it, i’ll pass it. Even if it is the best project ever. Wallabag isnt top notch on UX, but the design isnt destructive at all when reading an offline article. The work that nicosomb have made on that is really nice.
Second thing the update process: If is too hard for me to update a project, soon i will be bored to do it. I am an intermediate linux user and an open source advocate but i am lazy. Too lazy. Wallabag is super easy to update. Just download and extract. I am amazed that this process isnt already inside wallabag config section. I hope to see that in the next release. But it’s really nice to be notified (internal checks when using config page) and do the hard work of opening a shell, login, download and extract the new release :P
Third thing in my forgot list is support. Wallabag is active and has a new support process. Something that not many opensource projects have. And Nicola (core developer) isnt a hard man to find on social media. That’s always something useful and handy for small things but a known fact that the developer is not MIA.
Finally i choose to support projects via donations. My donates are always smalls - cause i dont have (yet) millions to spare. But even a small contribution from many people can manage to pay for the VPS or other costs that the developer have to pay from his pocket.
If you missed my previous blog post about fairphone click here: here.
this blog post document how to became root and do “advanced” staff.
iFixit
Fairphone comes with an iFixit app - and of course with some other apps too ;)
If you want to remove it, you can simply connect your phone with your linux box, open USB debugging and adb shell through your phone
Fairphone is already rooted, so when you connect to it via adb, simply type:
su
to became root.
eg.
# adb shell
shell@android:/ $ su
shell@android:/ #
You can do what-ever you like - but be careful with it !
Next, remount your system partition to be read-write:
# mount -o rw,remount /system
and then simply remove the app you dont need:
# rm /system/app/FairPhoneIFixIt.apk
(you can alternative use an App-Remove application - but this is more fun, right ?)
and now to the more interesting thing:
Busybox
How to add busybox to your Fairphone.
You need to download the busybox-armv7l from here
and use adb to push it to your phone:
adb push busybox-armv7l /sdcard/
after that, connect via adb shell, become root, open system to read-write and
cp /sdcard/busybox-armv7l /system/bin/
Fairphone comes with toolbox
There are a few commands point to toolbox:
cat chmod chown cmp cp date dd df dmesg du getevent getprop grep hd id ifconfig iftop insmod ioctl ionice kill ln log ls lsmod lsof md5 mkdir mount mv nandread netstat newfs_msdos notify printenv ps reboot renice rm rmdir rmmod route schedtop sendevent setconsole setprop sleep smd start stop sync top touch umount uptime vmstat watchprops wipe
but busybox has move power:
[, [[, acpid, add-shell, addgroup, adduser, adjtimex, arp, arping, ash,
awk, base64, basename, beep, blkid, blockdev, bootchartd, brctl,
bunzip2, bzcat, bzip2, cal, cat, catv, chat, chattr, chgrp, chmod,
chown, chpasswd, chpst, chroot, chrt, chvt, cksum, clear, cmp, comm,
conspy, cp, cpio, crond, crontab, cryptpw, cttyhack, cut, date, dc, dd,
deallocvt, delgroup, deluser, depmod, devmem, df, dhcprelay, diff,
dirname, dmesg, dnsd, dnsdomainname, dos2unix, du, dumpkmap,
dumpleases, echo, ed, egrep, eject, env, envdir, envuidgid, ether-wake,
expand, expr, fakeidentd, false, fbset, fbsplash, fdflush, fdformat,
fdisk, fgconsole, fgrep, find, findfs, flock, fold, free, freeramdisk,
fsck, fsck.minix, fsync, ftpd, ftpget, ftpput, fuser, getopt, getty,
grep, groups, gunzip, gzip, halt, hd, hdparm, head, hexdump, hostid,
hostname, httpd, hush, hwclock, id, ifconfig, ifdown, ifenslave,
ifplugd, ifup, inetd, init, insmod, install, ionice, iostat, ip,
ipaddr, ipcalc, ipcrm, ipcs, iplink, iproute, iprule, iptunnel,
kbd_mode, kill, killall, killall5, klogd, last, less, linux32, linux64,
linuxrc, ln, loadfont, loadkmap, logger, login, logname, logread,
losetup, lpd, lpq, lpr, ls, lsattr, lsmod, lsof, lspci, lsusb, lzcat,
lzma, lzop, lzopcat, makedevs, makemime, man, md5sum, mdev, mesg,
microcom, mkdir, mkdosfs, mke2fs, mkfifo, mkfs.ext2, mkfs.minix,
mkfs.vfat, mknod, mkpasswd, mkswap, mktemp, modinfo, modprobe, more,
mount, mountpoint, mpstat, mt, mv, nameif, nanddump, nandwrite,
nbd-client, nc, netstat, nice, nmeter, nohup, nslookup, ntpd, od,
openvt, passwd, patch, pgrep, pidof, ping, ping6, pipe_progress,
pivot_root, pkill, pmap, popmaildir, poweroff, powertop, printenv,
printf, ps, pscan, pstree, pwd, pwdx, raidautorun, rdate, rdev,
readahead, readlink, readprofile, realpath, reboot, reformime,
remove-shell, renice, reset, resize, rev, rm, rmdir, rmmod, route, rpm,
rpm2cpio, rtcwake, run-parts, runlevel, runsv, runsvdir, rx, script,
scriptreplay, sed, sendmail, seq, setarch, setconsole, setfont,
setkeycodes, setlogcons, setserial, setsid, setuidgid, sh, sha1sum,
sha256sum, sha3sum, sha512sum, showkey, slattach, sleep, smemcap,
softlimit, sort, split, start-stop-daemon, stat, strings, stty, su,
sulogin, sum, sv, svlogd, swapoff, swapon, switch_root, sync, sysctl,
syslogd, tac, tail, tar, tcpsvd, tee, telnet, telnetd, test, tftp,
tftpd, time, timeout, top, touch, tr, traceroute, traceroute6, true,
tty, ttysize, tunctl, udhcpc, udhcpd, udpsvd, umount, uname, unexpand,
uniq, unix2dos, unlzma, unlzop, unxz, unzip, uptime, users, usleep,
uudecode, uuencode, vconfig, vi, vlock, volname, wall, watch, watchdog,
wc, wget, which, who, whoami, whois, xargs, xz, xzcat, yes, zcat, zcip
to add a new command to your fairphone just link it against busybox:
shell@android:/system/bin # ln -s busybox vi
from here … you can do pretty much whatever you like !.
I am a proud owner of a fairphone.
For about ~300 euros i bought a really cool smartphone.
When you boot up your phone for the first time, there is a widget to add support for google apps.
Just remove it and go on with your life. Nothing useful here.
[EDIT #1] Before we begin our beautiful opensource journey, you must have in mind that ALL your personal devices can be hacked, stolen or be destroyed (crashed/brick/whatever). You have to remember that - you should have your digital data elsewhere and sync/backup/encrypt EVERYTHING. So dont use your phone as an offline image gallery, dont save everything in our mails.
First thing: Encrypt the /sdcard
You need to add a PIN to screen lock (Settings –> Security –> Screen Lock –> PIN)
after that tap through: Settings –> Security –> Encryption –> Encrypt device
Be aware: THIS MUST BE the first thing, cause every data on your SD (internal/external) will be destroyed.
So you have to unlock the screen everytime with that PIN and it’s the same PIN that you need to type on boot time. Not very safe.
It’s safer to change the PIN to decrypt your card with a passphrase. There is an excellent article here or just use (without reading) this app: Cryptfs Password
I downloaded the app (through the f-droid site and not through f-droid app), i’ve changed the PIN to a PASSPHRASE and then removed the app from my phone.
AGAIN you must be sure that no data are in your SDCARD.
Verify that your phone is booting up fine, decryption is using the passphrase, there is an unlock PIN for you mobile card and a different PIN to unlock your screen lock.
It’s not paranoia (not yet) but it’s the most safe and easy thing you can do.
Below i will just document the apps i am using through F-Droid:
- AdAway - Do remove ads
- AFWall+ - Firewall App
- Autostarts - Disable apps from starting at boot (or other state of your phone)
- Barcode Scanner - QR decoder and more
- DavDroid - CardDAV/CalDAV client
- DiskUsage - Disk Usage
- Epub3 Reader - Cause i read epub books
- F-droid - Free software for your android
- Firefox - Web Browser
- k9 - email client
- OpenFlashLight - a simple flash light
- OsmAnd~ - Openstreet Navigator (and more)
- RMaps - Map Client (and more)
- Ted - simple text editor
- Terminal Emulator - cause let’s face it, if you have a shell access you can do everything.
- Tincd-vpn - Vpn client
- VuDroid - Pdf Reader
- Wallabag - offline read later app
- Xabber - Jabber client
There are two closed source apps that i am using and couldnt find a decent replacement on f-droid (and believe me when i am telling you that i’ve tried a few).
- MyBookDroid - book cataloging
- Tweedle - twitter client
MyBookDroid is nowhere to find - I’ve moved it from my previous phone
[EDIT 2]: I’ve installed Twidere and used it for a while - but i didnt like it.
I will document the use of DavDroid to another blog post - cause you need a free software card/cal DAV server to use it.
DavDroid will give you the ability to synchronize your contacts against your own server.
K-9 has the ability to add PGP support - to encrypt your emails when talking to a recipient with PGP.
I will also document k-9 with my mail server setup.
Same thing about openvpn client.
So here it is !
The last couple months (all started when comzeradd ordered two fairphones) i am going through the Great Transition: “Moving Away from every closed source/service to free (opensource) software.”
As i have already mentioned: Moving to free/opensource applications isnt always easy. But then again, when freedom was an easy thing ?.
So the transition has a few bumps in the way.
Some of my decisions are in my twitter’s timeline and some on my wiki.
I will document EVERYTHING but I’ll do it on separated blog posts and code will be in my wiki so that the entire documentation will no be a huge mesh.
I am fortunate enough to have smarted people than me to suggest brilliant things all the time.
Their comments (twitter/blog/mail) have made my life easier and are helping me with this transition.
I would love to read your comments (just remember that i dont accept http links inside blog comments).
So let’s start !
Some time in the last week, the iscsi volume of one of our PostgreSQL went up to 98% and nagios vomited on the standby mobile.
The specific postgres database holds customer’s preferences related to our webmail.
Unfortunately the webmail is a java web app (tomcat) - custom written by some company and the source code is a spaghetti mesh. The code has also gazillion bugs, so we took a decision to migrate to an opensource php based webmail. Hopefully in the near future we will official migrate to the new webmail platform and all known problems to humanity will cease to exist.
Till that time, we have to maintain the current webmail platform and figure out how a ~500Mb database has become a nearly ~50Gb nightmare!
My knowledge on databases are not basic but to be fair i lack in experience. As a veteran standby engineer I know that I need to apply a quick & dirty patch and investigate afterworks. Also I am not afraid to ask for help! And so i did.
First thing to do: increase the volume on the storage machine. I’ve said already that we are using an iscsi partition so it’s pointless that action. In fact - no it isnt !!! The storage machine has a percentage for reserving storage for snapshots. And the increase gave us a little space to breath as the snapshots were “eating” space from the actual volume! You are probably thinking that we should resize the partition - but this is a live-production machine and we dont want a downtime on the service (umount/resize/mount).
From 98% to 93% with only one command.
Second, but most popular thing to do, was VACUUM. A colleague took that step and tried to VACUUM each table separately so not to “lock” or provoke the daemon to a crash or even worst. That gave us a 88% of free space and the time to think before we act again.
For all you people that dont know postgres, postgres doesnt delete actual data from the storage only from the database. So you need to enable autovacuum or vacuum by hand from time to time.
Of course before everything else (or even vacuum) we took a pg_dump to another partition.
But pg_dump was taking hours and hours to complete.
After further investigation, we found a table that pg_dump was getting difficult with.
Fired up a new database and tried to restore this table there.
I couldnt. There was an error of duplicates and the restoration process was failing.
Tried to figured out the duplicate entries. 20 entries! The table has only four columns and a ~ 50.000 data entries. Only 20 of them were duplicates. The amount of data in size is ~20Mb. I was looking the data/entries and removed by hand the duplicates. After that i re-index the specific table and an hour later over 20Gb were free. Down to 44% from 98% by deleted 20 entries.
At that point i was thinking that postgres is mocking me. How the hell a 20Mb table had gone over 20G ?
Now pg_dump is taking 6.5 minutes - but is still taking a long time to dump this specific table.
Tomorrow is a new day to experiment with PostgreSQL
[edit1]: Just to be fair, postgres version is 8.1
[edit2]: The VACUUM process just finished. Another 20G free !!! So in total for 20 duplicate entries a total 40G disk free! We are now at 9% from 98% of used disk.
PS: We have already discussed a lot of plans (upgrade postgres version, restore the dump to a new machine etc etc) in our department but we believe not to focus to any of them (yet) as we havent found the trigger that fired up the database from 500Mb to 50Gb. After that all plays are in hand.
Most of the people that read this blog post should already know what Two-Factor Authentication is.
For those you don’t, in short terms 2FA is when you can login to a server/site/application using two things and not only one (your password).
Something you have and something you know, like when using your bank card (something you have) with it’s pin (something you know).
There are three (3) android apps at f-droid
- Google Authenticator
- FreeOTP
- Gort
I dont want to use the google authenticator, and i havent yet tested FreeOTP, so i’ve chosen Gort to write about.
Gort is using the barada-pam package as the back-end.
Barada/Gort are based on HMAC-Based One-Time Password Algorithm and not on time sync. This is useful if the clocks are drift and the server (barada) can “catch” one-time passwords even if the counter is out-of-sync by a little.
I ‘ve built a Docker image to show barada/gort on the next Security Talk at Athens,Greece Hackerspace and below is the link on my wiki that contains the Dockerfile.
Be aware on the notes/comments on the file.
It seems that you can push a WPAD to desktops via dhcp.
My proxy is based on squid running on 8080.
I ‘ve build a WPAD file similar to the below:
wpad.dat
function FindProxyForURL(url, host)
{
return "PROXY 192.168.1.2:8080; DIRECT";
}
next thing is to publish it via a web server.
I am using thttpd for static pages/files:
how to test it:
# curl -L 192.168.1.2/wpad.dat
after that a simple entry on Dnsmasq
dhcp-option=252,"http://192.168.1.2/wpad.dat"
and restart your dnsmasq
Dont forget to do a dhcp release on your windows machine