Evaggelos Balaskas - System Engineer

Gateway Interface: eth0
Wireless Interface: wlan0

$ vim /etc/dnsmasq.conf

interface=wlan0
dhcp-range=192.168.1.240,192.168.1.255,3h

/etc/rc.d/dnsmasq stop
ifconfig wlan0 down
iwconfig wlan0 mode ad-hoc
iwconfig wlan0 essid wireless key s:1234567890123

ifconfig wlan0 192.168.1.1 up

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

/etc/rc.d/dnsmasq start

pirsyncd stands for: Python Inotify Rsync Daemon.

Description:
This is an attempt of writing a daemon to watch a directory for kernel’s inotify events and then execute an rsync command to synchronize two different directories (local or remote). This is a poor man’s mirroring or an alternative (not so) real data replication mechanism and it is based on Pyinotify.

pirsyncd

From ChangeLog:

Plz notice that this is the last version in python2
The next version of piryncd would be only in python3

• Pyinotify.py updated to 0.9.1 (20110405)
• Added ssh port parameter for synchronize of ssh
• Removed trailing slash (/) requirement for source & destination path
• Added Pyinotify.py version3 for pirsyncd.Py3k

plz try ./pirsyncd –help & ./pirsyncd –examples to see more.

Get the latest version of pirsyncd v20110412

It’s super easy to setup a vpn connection over an ssh access.

You dont believe me ?
You can try it by your self in only a few seconds away.

You have to be root on your local machine and you have to ssh as root to your remote machine.
To do that, change your remote /etc/ssh/sshd_config with the below values:

AllowUsers root
PermitRootLogin yes
PermitTunnel = yes

restart your ssh daemon: /etc/init.d/sshd restart

After that, copy the below shell script : ssh.vpn.sh

This is ssh.vpn.sh code:

#!/bin/sh

# Evaggelos Balaskas < ebalaskas _AT_ ebalaskas _DOT_ gr >
# Last change: Mon Feb 21 23:48:53 GMT-2 2011
# If you can spare a dollar, plz donate !

clear
echo "Give me server's name: "
read SERVER
echo "Give me ssh port: "
read PORT
SIP=`host $SERVER|tail -1 | awk '{print $NF}'`
DGW=`ip route show | grep default | awk '{print $3}'`

ssh -fw any:any $SIP -p $PORT 'ifconfig tun0 down; 
ifconfig tun0 10.20.30.40 pointopoint 10.20.30.41; 
echo 1 > /proc/sys/net/ipv4/ip_forward;
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
grep nameserver /etc/resolv.conf ' > /etc/resolv.conf

# Configure  Client tun0 --> point-to-point with server tun0
ifconfig tun0 down
ifconfig tun0 10.20.30.41 pointopoint 10.20.30.40

# Configure Routing
route add -host $SIP dev eth0
route add default gw 10.20.30.40 dev tun0
route del default gw $DGW dev eth0

Make this file executable: chmod +x ssh.vpn.sh
and run it # ./ssh.vpn.sh !!!

You should asked to write the server’s name (eg. ssh.example.com) and the ssh port (eg. 22) and of course your root remote password.

Everything else is automate to make your life

Simple as that.

Open whatismyip to see your new ip address!

Ok i have to admit that large urls are un-friendly, difficult to share and sometimes have privacy info.
Url shorteners provide anonymity and a short-friendly url to use and share.

But they are also a security risk! Browser security is something that we take very light, but we shouldn’t!

When someone sends me a url shortener i have to use a web browser to click on it and see the destination page. With simple urls i have to just mouse over (firefox 3) to see the destination.
Sometimes people send me spam or urls that i dont wish to open or see.

I believe that the design of url shorteners is just wrong!
People should be able to see or even test the urls before they click and open on them.
Browser hijacking is one form of malicious code that url shorteners make it extremely easy !

An idea:

Like google’s “Instant is on”, a similar action should be done with url shorteners.
With mouse over (or whatever else you like) the destination domain/url should reveal to the client.
And then if he/she agrees to verify for open the destination url to a new tab/window.

A simple chrome/firefox extension shouldn’t be that hard.

Or you have a different opinion ?

Very Interesting Linux Events & Confs that you should be there:

Fosdem
http://fosdem.org
05 - 06 Feb 2011
Brussels, Belgium

Open Source Days
http://opensourcedays.org
05 Mar 2011
Copenhagen, Denmark

OpenFest
http://openfest.teipir.gr
9th to 10th of April 2011
Piraeus, Greece

Linux Open Administration Days
http://loadays.org
16th - 17th April 2011
Wilrijk, Belgium

Infosecurity
http://www.infosec.co.uk
19th - 21st April 2011
London, England

Fosscomm
http://fosscomm.gr
7th - 8th May 2011
Patra, Greece

Solutions Linux OpenSource
http://www.solutionslinux.fr/?lg=en
10 - 12 May 2011
Paris, France

Linux Tag
http://www.linuxtag.org
11 - 14 May 2011
Berlin, German

Desktop Summit
http://desktopsummit.org
06 - 12th August 2011
Berlin, German

FrOSCon
http://www.froscon.de
20st - 21nd August 2011
Bonn, Germany

FrOSCamp
http://froscamp.org
17 - 18 Sep 2010
Zurich, Switzerland

T-DOSE
http://www.t-dose.org
05 - 06 November 2011
Eindhoven, Netherlands

The picture speaks for it self.

Same tabs - same sites - same resources - same time - same logins.

Firefox is just a memory leak before it crash your linux box! But it is the most extensible browser. You can do almost everything via Addons.

Chrome is the middle & safe solution but i cant use xmarks with a custom server and i cant use different proxies with exclusions but only shell variables (http_proxy).

Midori has the same engine as chrome (webkit, same restrictions as Chrome. Isnt extensible as chrome but uses UserScripts & UserStyles

But midori uses the least memory, its super fast and perfect for your simple needs.

My opinion is NOT to use only one web browser, but choose the browser by the need you want to cover.

A friend/colleague from work, made a keyboard prank.
So today and after 7 hours of work, i finally figured it out!

Damn blind typing.

He had changed U & Y and V & B, but i never looked once on my keyboard.
Sorry Dude, better lack next time :)

hackfest is mainly for sharing opensource ideas. One of this was suggested to me by comzeradd. He told me that he is using ziproxy to compress data through his phone (story here android-ziproxy).

So i am using ziproxy from October 2010, to compress all my internet traffic.

Another proxy i am using (mostly for the chain forward ability) is privoxy. Privoxy can forward traffic through another proxy (http or a socks) but has filtering features too. Privoxy can block ads & flash on the spot. It is a well known opensource proxy to system administrators too, who they use it to bypass firewalls or dmz or complex networks.

I believe that everyone who respect his self has No Script, Ad Block Plus with kargig’s filter Greek Ad Block Plus Filter and Flash Block enabled on his/her browser.

All the above add-ons block Js, Flash & Ads on client browser. That means that already you have download them.

If you need to reduce http traffic the solution is to combine ziproxy and privoxy!

By the way, it’s extremely easy, so you should give it a try.

You simple install privoxy and run it locally and then open ziproxy.conf to add these:

NextProxy=”127.0.0.1”
NextPort=8118

Run ziproxy as normal and voila !

Some benchmarks to show you the truth:

wget -d -p www.otenet.gr/otenet/ –no-proxy –no-cache

No Proxy:

Downloaded: 73 files, 718K

Ziproxy:

Downloaded: 73 files, 479K

Ziproxy - Privoxy:

Downloaded: 70 files, 475K

Another on:
wget -d -p http://www.villagecinemas.gr/

No Proxy:

Downloaded: 92 files, 1,1M

Ziproxy:

Downloaded: 92 files, 527K

Ziproxy - Privoxy:

Downloaded: 80 files, 160K

You all know about identi.ca & twitter
If you dont, then perhaps your are that kind of people that have a life or even free time!

I am a newbie on both of them, but i I am already frustrate about twitter’s microblogging features.
The web layout is too complex, I cant login with my openid account but the most depressing thing is that i cant see my friends timeline via rss!

The main problem is that twitter have changed to oauth and you can use an application with twitter api.

But Why God, Why?

So i singed with gtweetapp to finally have my friend timeline to rss feed.

Then i wanted google reader to subscribe to my rss feeds (identi.ca and twitter) but google reader doesnt merge the rss feeds.

So i used yahoo pipes to merge, sort & unique feature and then subscribed the result of yahoo pipes to google reader.

And finally i can read all my notices & twitts and my “friends” notices & twitts in my RSS reader!

So is this worth it ?
we ‘ll see in near future :)

till then happy tw…. oh get some work done, you lazy bastards!

Ok, everybody loves opensource projects!

An opensource project has many good noticeable features.
It is nice, it is beautiful, it works, it is secure and it is free of charge.

We use every day opensource projects but we always forgot to give our gratitude to people behind our favorite program.

A thank you email is just fine to express our appreciation to the lonely programmer.
But a donation is the best solution for giving our thankfulness.

I have written an opensource project myself too: pirsyncd and i’ve been grateful for all the love i am getting about it.

I have received patches, t-shirts, thank you notes, publicity via blog entries and donations.
All the above are extremely useful for someone like me. I am always trying to balance around zero on my paypal account and give money to other opensource project or services too.

So dont forget to give some money to people, even a small amount is important!

It is a known fact that gmail’s spam filters get the job done.
I am working with spamassassin on local mail setups and i want spamassasin to learn automatically from my gmail Spam folder.

So is it possible?

Of course it is possible.

First we have to get all the mails from our gmail account into a local dummy mail account (easy we’ll use getmail) and then we have to educate spamassasin from our local dummy mail account (sa-learn).

one config file and two commands via cron will do the work.

First the getmailrc (i shall not bother with the getmail & spamassassin installation or setup).

/root/.getmail/getmailrc

[options]
delete = false
message_log = /var/log/getmail.log
verbose = 0
read_all = false

[retriever]
type = SimpleIMAPSSLRetriever
server = imap.gmail.com
mailboxes = ("[Gmail]/Spam",)
username = username@example.com
password = XXXXXXXXXXXXXXX

[destination]
type = Mboxrd
path = /var/spool/mail/gmail_spam
user = nobody

So now when we execute: getmail
every new mail is gmail spam folder will be downloaded into /var/spool/mail/gmail_spam

Next we need to execute sa-learn

sa-learn --spam --mbox /var/spool/mail/gmail_spam

Thats it!

Simple as that!

Dont forget to add the below cron entries:

@daily getmail &> /dev/null
@daily sa-learn --spam --mbox /var/spool/mail/gmail_spam &> /dev/null

I am supporting a greek company with two linux servers.
These two linux boxes have a lot of services,
including a mail server and they are set upped as active/passive.

In the past week they lost their internet adsl connection.
This is a true and horrible story, but for that i’ll write another post in near future.
So without an internet connection there werent a lot of things i’ve could do.

Thanks to Santa Claus i had predict this problem and i have installed a linux vps server outside of the company as a backup mx/mail server to queue all the undelivered mail.

From the company, i ‘ve been asked if i could keep all the mails in queue and also provide a copy to a gmail account. After google searching about postfix rewrite and re-queue i ‘ve came to automatic recipient bcc.

In my /etc/postfix/main.cf (or you can use postconf) i added this line:

recipient_bcc_maps = regexp:/etc/postfix/recipient_bcc_maps

If you are a careful reader then you have noticed that i wrote regexp for my recipient map file.
And the reason is that i wanted to combine all the mails that came to the backup mx server.

This is my /etc/postfix/recipient_bcc_maps:

/@example.com/       example.com@gmail.com

Of course i had to reload postfix in the vps and send a test email to verify that the blind copy for all the domain is working.

If you want to re-queue all the mails then you have to do something like this:

postsuper -r ALL

PS: As the Journey have said: Don’t Stop Believing …. in Santa Claus
Have a nice holiday :)

This time, only code and no comments:

installation

git clone git://git.berlios.de/iat iat.git
cd iat.git
./autogen.sh
./configure
make

sudo make install

Usage

$ /usr/local/bin/iat -i image.mdf --iso

RAW Block :2352
 100% [:=====================:]

Verification

$ file image.iso 
image.iso: ISO 9660 CD-ROM filesystem data 'image'

A long time ago, i had created an account on a site to use their online service
(the site/company and the service is irrelevant to this story).

This evening i had to use this service again, but i couldnt remember my password!
Thats not a problem, i hit “You forgot your password” button and i followed their instructions.

Just a few clicks and some seconds ago, i was reseting my password to something new.

So i ‘ve tried the login page on the site.

Email or password incorrect.

My first thought was, that i had misspelled my password on the reset form.

I did the reset procedure once again.
This time i wrote the password to an empty text file (just to be sure) and i copied the password from the text file to password & rewrite password text field on the reset page.

After that and one more time:

Email or password incorrect.

So i clicked “support & help, follow this link”.

Thats nice …..

To use their support & help & faq & whatever else they have, i must logon to their site!

HELLLOOOOOO guys

i have problem with your fuc@#$@#$ login page,
how on earth i can login to your help page to open o fuc@#$@# ticket when
my problem is your login page !!!

The Horror! The Horror!

why people are so stupid ?

No so long ago, i’ve noticed that pirsyncd published (not by me) in download.famouswhy.com . I have to say that i didnt know about this site. But the people behind it, have found me and asked me a few questions. So here is my first interview about me & pirsyncd.

When i want to setup a simple http server, i use python with SimpleHTTPServer module.
But in python3 this module is been merged with http.server.

So if you are using python 3, then you should use something like this:

python -m http.server

If you want to use a high port (perhaps you are a simple user) then type something like this:

python -m http.server 8888

If your internal lan is: 192.168.0.0/27

First create a new access-list:

access-list 123 permit ip 192.168.0.0 0.0.0.31 any

and then add this to your line configuration:

access-class 103 in

If you want more help:

€ ssh ROUTER_IP
 password: 

router>en
Password: 

router#conf t 
Enter configuration commands, one per line.  End with CNTL/Z.

router(config)# access-list 123 permit ip 192.168.0.0 0.0.0.31 any

router(config)# line vty 0 4
router(config-line)# access-class 103 in
router(config-line)# end

router# write mem

This post is just a suggestion! Not real data or benchmarks are been provided !

I was reading the manual page of resolv.conf. Yeap thats true, i am that kind of people that are reading manual pages before bed time.

man 5 resolv.conf

or alternative read this: resolv.conf.

I only use nameserver, domain and search configuration options on my resolv.conf, but reading the manual page,i ‘ve read about rotate option.

With this option our machine run queries with a round robin mechanism on our nameserver declarations.
That means that if you are using two dns cache servers in a big infrastructure, we can query both dns servers equally improving the load average on our dns machines.

If you have more, even better.

So give it a try

The Xfce development team is proud to announce the first preview release for Xfce 4.8. Together with this preview release, the Xfce project announces the feature freeze for the final 4.8 release which is set to be pushed out to the world on January 16th, 2011.

Read the full news release here: Xfce 4.8pre1 Released