It was time for me to start using the #IPv6.
My VPS hosting provider: edis have already allocated me a
2a01:7a0:10:158:255:214:14:0/112
and some extra info
Gateway:
2a01:7a0:10::1
Nameserver:
2a03:f80:ed15:ed15:ed15:ed15:d8b9:da76
2a03:f80:ed15:ca7:ea75:b12d:7b0:3e5b
I have two network cards (I run my own AUTH-NS server and some greek registrars require two different IPs for that).
I have split up the above /112 to two /113 subnets.
2a01:7a0:10:158:255:214:14::/113
2a01:7a0:10:158:255:214:14:8000/113
My settings are based on CentOS 6.6 as the time of this article.
Part Zero: kernel
First thing first, tell kernel to support ipv6 by editing: /etc/sysctl.conf
comment (if there is) the below line:
# net.ipv6.conf.all.disable_ipv6=1
This mean that next time you reboot your machine, ipv6 will be enabled.
There is another way, if you dont want to reboot your vps, by running as root:
sysctl net.ipv6.conf.all.disable_ipv6=0
Part One: Network
Edit your ifcfg-eth* files:
/etc/sysconfig/network-scripts/ifcfg-eth0
IPV6INIT=yes
IPV6ADDR=2a01:7a0:10:158:255:214:14::/123
IPV6ADDR_SECONDARIES=”2a01:7a0:10:158:255:214:14:80/123”
IPV6_DEFAULTGW=2a01:7a0:10::1
/etc/sysconfig/network-scripts/ifcfg-eth1
IPV6INIT=yes
IPV6ADDR=2a01:7a0:10:158:255:214:14:8000/113
IPV6_DEFAULTGW=2a01:7a0:10::1
PLZ dont get confused about eth0. I will circle back to this.
Restart your network:
/etc/init.d/network restart
and verify your network settings:
ip -6 a
ip -6 r
Part Two: Firewall
My default policy is DROP everything and open only the ports you are running services.
Same rule applies for IPv6 too.
:INPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -j REJECT –reject-with icmp6-adm-prohibited
:FORWARD DROP [0:0]
-A FORWARD -j REJECT –reject-with icmp6-adm-prohibited
:OUTPUT ACCEPT [0:0]
At this moment, i only accept PING6 to my VPS server.
Testing this from another machine (with ipv6 support):
ping6 -c3 2a01:7a0:10:158:255:214:14::
and the result is something like this:
PING 2a01:7a0:10:158:255:214:14::(2a01:7a0:10:158:255:214:14:0) 56 data bytes
64 bytes from 2a01:7a0:10:158:255:214:14:0: icmp_seq=1 ttl=60 time=72.5 ms
64 bytes from 2a01:7a0:10:158:255:214:14:0: icmp_seq=2 ttl=60 time=66.9 ms
64 bytes from 2a01:7a0:10:158:255:214:14:0: icmp_seq=3 ttl=60 time=66.3 ms— 2a01:7a0:10:158:255:214:14:: ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2067ms
rtt min/avg/max/mdev = 66.355/68.618/72.573/2.822 ms
At this point we are very happy with our selfs (ipv6 related)!
Part Three: Web Server
What’s the point of having an ipv6 server and not apply some services on ?
Lets start with the apache web server.
I’ve split up my eth0 to /123 subnets cause i want to use different IPs for every service i have.
Thats way my eth0 is like that.
I chose the 2a01:7a0:10:158:255:214:14:80 as my ipv6 ip for my site.
Our web server needs to listen to ipv6.
This is tricky cause apache on ipv6 is using : as a delimiter.
So my http changes are something like these:
Listen 158.255.214.14:80
Listen [2a01:7a0:10:158:255:214:14:80]:80
to support virtual hosts:
NameVirtualHost 158.255.214.14:80
NameVirtualHost [2a01:7a0:10:158:255:214:14:80]:80
To dual stack my site:
‹ VirtualHost 158.255.214.14:80 [2a01:7a0:10:158:255:214:14:80]:80 ›
restart your apache:
/etc/init.d/httpd restart
Dont forget to manipulate your firewall settings:
-A INPUT -m state –state NEW -m tcp -p tcp -d 2a01:7a0:10:158:255:214:14:80/123 –dport 80 -j ACCEPT
restart your firewall:
/etc/init.d/ip6tables restart
Part Four: DNS
The only thing that is left for us to do, is to add a AAAA resource record in our dns zone:
in my bind-file format zone: balaskas.gr
@ IN AAAA 2a01:7a0:10:158:255:214:14:80
you have to increment the SERIAL number in your zone and then reload your zone.
I use PowerDNS so it’s:
# pdns_control reload balaskas.gr
Ok
Part Five: Validate
To validate your dual stack web site, you use go through:
UPDATE: 2015 03 23
Part Six: Mail Server
Imap Server
I use dovecot for imap server. To enable IPv6 in dovecot is really easy. You just uncomment or edit Listen parameter:
listen = *, ::
restart dovecot service and check the dovecot conf:
# doveconf | grep ^listen
listen = *, ::
I use STARTTLS, so my firewall settings should be like these:
-A INPUT -m state –state NEW -m tcp -p tcp -d 2a01:7a0:10:158:255:214:14::/112 –dport 143 -j ACCEPT
Just dont forget to restart and verify your ip6table !
SMTP Server
It’s really easy for postfix (my SMTP server) too. You just have to remember that you need to use brackets for [b]IPv6[/url].
## mynetworks = 127.0.0.0/8 158.255.214.14/31
mynetworks = 127.0.0.0/8 158.255.214.14/31 [2a01:7a0:10:158:255:214:14::]/112## inet_protocols = ipv4
inet_protocols = all
restart your smtp service and you are OK.
Firewall settings: /etc/sysconfig/ip6tables
-A INPUT -m state –state NEW -m tcp -p tcp -d 2a01:7a0:10:158:255:214:14::/112 –dport 25 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp -d 2a01:7a0:10:158:255:214:14::/112 –dport 587 -j ACCEPT
Disclaimer: updated 20150413
Seems that this post has gained some publicity over the web.
I need to disclaim some things, such as:
- I am no a security expert guy. Some of the below security tech info may be wrong!
- I dont claim that i have found a security hole.
- I am not telling you that the entire web banking in greece is not secure.
- I published this story to raise awareness.Even if all of my comments were wrong I wouldnt expect someone telling me to remove it.
More clever people than me, could have commented on my screenshot and put me in place.Again, thanks for your support.
End of Disclaimer
Update 20150315
After reading a lot of comments and discussing this story with a lot of good friends of mine, i came to the decision to remove this blog post. I have my personal reasons on the subject and no one had affect my decision. I have had a lot of stress on the matter and i would like to put this behind me.
Thank you again, for all your support.
so a few days ago xfce released 4.12 !!!
I keep my own custom local repository and just found the time to update my xfce to the latest version !
my PKGBUILDs are mostly a template of the below file (git repo)
# Contributor: Evaggelos Balaskas < Evaggelos _AT_ Balaskas _DOT_ GR >
# Maintainer: Evaggelos Balaskas < Evaggelos _AT_ Balaskas _DOT_ GR >
_pkg=xfwm4
pkgname=$_pkg-git
pkgver=git
pkgrel=1
arch=('any')
pkgdesc="Xfce's window manager"
_cat='xfce'
_fqdn='git.xfce.org'
url="http://$_fqdn/$_cat/$_pkg"
license=('GPL v2')
depends=(libwnck exo)
makedepends=(automake autoconf libtool gcc m4 pkg-config intltool)
optdepends=(startup-notification)
conflicts=($_pkg)
provides=($_pkg)
replaces=($_pkg)
_gitroot="git://$_fqdn/$_cat"
_gitname=$_pkg
pkgver() {
date +%Y%m%d
}
build() {
if [ -d $_gitname ] ; then
msg "cd $_gitname && git pull origin"
cd $_gitname && git pull origin
msg "The local files are updated."
else
msg "git clone $_gitroot/$_gitname"
git clone $_gitroot/$_gitname
msg "The local files are updated."
fi
cd $srcdir/$_pkg
./autogen.sh --prefix=/usr --disable-debug
make
}
package() {
cd $srcdir/$_pkg
make DESTDIR=$pkgdir install
}
The result is something like this:
If you want to check my entire xfce custom repo, just click xfce-core_4.12.zip
UPDATE
I used this order of installation:
xfce4-dev-tools-git
libxfce4util-git
xfconf-git
libxfce4ui-git
exo-git
xfwm4-git
thunar-git
xfdesktop-git
thunar-volman-git
gtk-xfce-engine-git
tumbler-git
garcon-git
xfce4-appfinder-git
xfce4-panel-git
xfce4-session-git
xfce4-settings-git
Today i tried to install Quote Colors 0.3 on thunderbird.
But i keep hitting the “incompatibility” version problem.
So below my notes on how to “bypass” the Max Version on every mozilla addon xpi.
[~]> cd tmp/
[tmp]> mkdir -pv QuoteColors
mkdir: created directory ‘QuoteColors’
[tmp]> cd !$
cd QuoteColors
[QuoteColors]> wget https://addons.mozilla.org/thunderbird/downloads/latest/170/addon-170-latest.xpi
2015-01-30 13:32:13 (446 KB/s) - ‘addon-170-latest.xpi’ saved [37343/37343]
[QuoteColors]> unzip addon-170-latest.xpi
Archive: addon-170-latest.xpi
inflating: chrome.manifest
inflating: chrome/quotecolors.jar
inflating: defaults/preferences/quotecolors.js
inflating: install.rdf
inflating: license.txt
[QuoteColors]> sed -i -e 's/3.0.*/99.9.9/g' install.rdf
[QuoteColors]> zip -r addon-170-latest.xpi .
updating: chrome.manifest (deflated 80%)
updating: chrome/quotecolors.jar (deflated 15%)
updating: defaults/preferences/quotecolors.js (deflated 77%)
updating: install.rdf (deflated 69%)
updating: license.txt (deflated 53%)
adding: defaults/ (stored 0%)
adding: defaults/preferences/ (stored 0%)
adding: chrome/ (stored 0%)
A few days ago, I wrote a simple wiki page on how to Authenticate to a web site using LDAP backend.
There is a cool (and very simple way) to use Web Roles by matching your user’s ldap attributes to your web app.
A RFC 2255 from 1997 exists on how to implement (and use) the LDAP URL Format. The authldapurl syntax from mod_authnz_ldap explains that the “attribute” field can be used with comma to separate different attributes. Every attribute would be passed to your webserver as an AUTHENTICATED_attribute variable.
In my example:
AuthLDAPURL "ldap://ldap.domain.org/ou=web,dc=domain,dc=org?uid,MyWebAccess?one?(WebAccess=MyWebApp_Level_*)"
returns:
AUTHENTICATE_MYWEBACCESS
MyWebApp_Level_1
AUTHENTICATE_UID
myusername
Dec 1 2014 - Jan 21 2015
top five spammers:
1. adsgreece.com
2. mailendo.com
3. 4udeals.gr
4. eliamep.org
5. mailinglist.gr
Blocked via postfix:
/etc/postfix/header_checks
/massnews\.gr/ REJECT "Plz stop sending SPAM id= 1 "
/glc-emea\.com/ REJECT "Plz stop sending SPAM id= 2 "
/To:.*info@balaskas\.gr/ REJECT "Plz stop sending SPAM id= 3 "
/Akis.Angelakis/i REJECT "Plz stop sending SPAM id= 4 "
/from.*mailendo.com/ REJECT "Plz stop sending SPAM id= 5 "
/specisoft\.biz/ REJECT "Plz stop sending SPAM id= 6 "
/advantech\.gr/ REJECT "Plz stop sending SPAM id= 7 "
/adsgreece\.com/ REJECT "Plz stop sending SPAM id= 8 "
/2020web\.gr/ REJECT "Plz stop sending SPAM id= 9 "
/nfs\.gr/ REJECT "Plz stop sending SPAM id= 10 "
/polimonotiki/ REJECT "Plz stop sending SPAM id= 11 "
/eliamep\.org/ REJECT "Plz stop sending SPAM id= 12 "
/ellak\.gr/ REJECT "Plz stop sending SPAM id= 13 "
/seminaria\.gr/ REJECT "Plz stop sending SPAM id= 14 "
/stock-house\.gr/ REJECT "Plz stop sending SPAM id= 15 "
/Lesfemmes/i REJECT "Plz stop sending SPAM id= 16 "
/aldridge\.com/ REJECT "Plz stop sending SPAM id= 17 "
/inter\.net/ REJECT "Plz stop sending SPAM id= 18 "
/plexpr\.tk/ REJECT "Plz stop sending SPAM id= 19 "
/industrydisruptors\.org/ REJECT "Plz stop sending SPAM id= 20 "
/xinis\.com/ REJECT "Plz stop sending SPAM id= 21 "
/globalgreece\.gr/ REJECT "Plz stop sending SPAM id= 22 "
/hostzone\.gr/ REJECT "Plz stop sending SPAM id= 23 "
/mailinglist\.gr/ REJECT "Plz stop sending SPAM id= 24 "
/profitconsult\.gr/ REJECT "Plz stop sending SPAM id= 25 "
/pedersenco\.com/ REJECT "Plz stop sending SPAM id= 26 "
/diadima\.gr/ REJECT "Plz stop sending SPAM id= 27 "
/helenco\.gr/ REJECT "Plz stop sending SPAM id= 28 "
/adplus\.gr/ REJECT "Plz stop sending SPAM id= 29 "
/entos\.gr/ REJECT "Plz stop sending SPAM id= 30 "
/4udeals\.gr/ REJECT "Plz stop sending SPAM id= 31 "
/oncseminars\.gr/ REJECT "Plz stop sending SPAM id= 32 "
/enimerwsi\.gr/ REJECT "Plz stop sending SPAM id= 33 "
/eliamep\.gr/ REJECT "Plz stop sending SPAM id= 34 "
/ymlpsrv\.com/ REJECT "Plz stop sending SPAM id= 35 "
/dailysoccertip\.com/ REJECT "Plz stop sending SPAM id= 36 "
/bookbazaar\.gr/ REJECT "Plz stop sending SPAM id= 37 "
/zizoo\.gr/ REJECT "Plz stop sending SPAM id= 38 "
/anthemionflowers\.gr/ REJECT "Plz stop sending SPAM id= 39 "
/kourkouta\.com/ REJECT "Plz stop sending SPAM id= 40 "
/ipatata\.com/ REJECT "Plz stop sending SPAM id= 41 "
/ephost\.info/ REJECT "Plz stop sending SPAM id= 42 "
/kadoikonte\@gmail\.com/ REJECT "Plz stop sending SPAM id= 43 "
/mandrillapp\.com/ REJECT "Plz stop sending SPAM id= 44 "
/springer\.com/ REJECT "Plz stop sending SPAM id= 45 "
/mailchimp\.com/ REJECT "Plz stop sending SPAM id= 46 "
/altec\.gr/ REJECT "Plz stop sending SPAM id= 47 "
/winizi\.net/ REJECT "Plz stop sending SPAM id= 48 "
/sed\.gr/ REJECT "Plz stop sending SPAM id= 49 "
/pournara\.com/ REJECT "Plz stop sending SPAM id= 50 "
/emailmarketingnow\.gr/ REJECT "Plz stop sending SPAM id= 51 "
/entypa\.net/ REJECT "Plz stop sending SPAM id= 52 "
/4green\.gr/ REJECT "Plz stop sending SPAM id= 53 "
/imagemail\.eu/ REJECT "Plz stop sending SPAM id= 54 "
/cbr300r\.bike/ REJECT "Plz stop sending SPAM id= 55 "
/PRINTEX\ DIGITAL/i REJECT "Plz stop sending SPAM id= 56 "
/drassi\.gr/ REJECT "Plz stop sending SPAM id= 57 "
/mailstudio\.gr/ REJECT "Plz stop sending SPAM id= 58 "
/extratips\.net/ REJECT "Plz stop sending SPAM id= 59 "
/crmedia\.gr/ REJECT "Plz stop sending SPAM id= 60 "
/venan\.gr/ REJECT "Plz stop sending SPAM id= 61 "
/tonerflow\.info/ REJECT "Plz stop sending SPAM id= 62 "
/epiteugma\.com/ REJECT "Plz stop sending SPAM id= 63 "
A couple days ago, i wrote a blog post about how firefox don’t delete cookies from Pin Tabs here.
A friend of mine D. Glynos from census suggested to me that this problem/feature may be related to session cookies.
I was troubled about it and today i did a little research on the matter.
So when using firefox session restoration feature, firefox keeps all the session cookies in place and you can continue your work without a problem. If you hit F5 (refresh page) then the session is terminated and you have to log-in from the start.
OK, i don’t use session restoration but Pin Tabs. Seems that firefox considers Pin Tab as a session restoration process and that’s why it keeps the session cookies.
And this is by design !!!!!!!
There is also a 7 years bug (still opened - click here) that applies on Pin Tabs also.
Till now, i have not found a config (in about:config) option to tell firefox NOT to keep the session cookies when closing the browser!
UPDATE: 20150325
I got an email from a friend that suggest to take a look on this post from bugzilla:
I did a lot of testing and changed the below values to:
browser.sessionstore.privacy_level = 2
browser.sessionstore.privacy_level_deferred = 2
browser.sessionstore.privacy_level_deferred = 1
that means:
Never store extra session data.
but unfortunately the above did nothing for me.
the above did the trick for me
Anyhow, many thanks to Alex for informing me about this.
[post only in greek - sorry]
#FoodHacking
Στο hackerspace ξεκινάει μια νέα open-related-culture ενότητα, το FoodHacking.
Εάν κι η ιδέα προϋπήρχε ανάμεσα στα μέλη του hackerspace, μετά την επίσκεψη μελών του hackerspace στο πρόσφατο 31st Chaos Communication Congress (31C3), εδραιώθηκε.
Εκεί (#31C3) υπήρχε food hacking assembly κι ήρθαμε σε επαφή με το Food Hacking Base .
Οι hsgr food hackers σκέφτηκαν πως ήρθε η ώρα να ξεκινήσουμε μια (μικρή για αρχή) ομάδα και να αρχίσουμε να πειραματιζόμαστε με συνταγές κι ιδέες. Ήδη στο παρελθόν διάφορες ομάδες στο εργαστήριο έχουν φτιάξει μπύρα, λεμοντσέλο, σούσι κι εάν δεν σας φτάνουν αυτά, έχουν προχωρήσει στην κατασκευή ενός Siphon Coffee maker !
Η δική μου πρόταση: Αλευρόπιτα !
Η δική μου πρόταση για το πρώτο meetup είναι μια παραδοσιακή συνταγή που κάνουν στο χωριό μου και το αποτέλεσμα το ονομάζουν Αλευρόπιτα (σε άλλα μέρη την ονομάζουν ζυμαρόπιτα). Είναι αρκετά απλή, θέλει λίγα υλικά κι είναι ένα από τα πιο υγιεινά σνακ (εάν έχετε παιδιά) που σε περίπου μισή ώρα (εντάξει λίγο παραπάνω) είναι έτοιμη.
Η συνταγή που χρησιμοποίησα είναι η παρακάτω. Επιδέχεται άπειρες αλλαγές και θεωρώ πως ακόμα κι ένας εντελώς άπειρος μπορεί να την φτιάξει πολύ γρήγορα.
- 3ς κούπες αλεύρι
- 3ς κούπες γάλα
- 2 αυγά (μέτρια/μεγάλα) ή 3 μικρά
- 1 πρέζα αλάτι
- Φέτα
- Λάδι
Προσωπικά χρησιμοποιώ μικρές πλαστικές λεκανίτσες για τα μείγματα. Είναι πάμφθηνες και καθαρίζονται εύκολα. Αλλά εάν έχετε ανοξείδωτα ή γυάλινα μπολ είναι πάντα καλύτερο. Πάντα να επιλέγεται μεγάλα μπολ γιατί αρκετές φορές το μείγμα διογκώνεται (ανάλογα τη συνταγή φυσικά).
Γενικές Πληροφορίες
Μερικές πολύ γενικές πληροφορίες:
Όλα τα υλικά χρειάζεται να είναι σε θερμοκρασία δωματίου (εκτός εάν λέει αλλιώς η συνταγή). Δεν αναφέρω γραμμάρια αλλά κούπες/πρέζες γιατί θεωρώ πως στο μαγείρεμα (σε αντίθεση με την ζαχαροπλαστική) είναι καθαρά προσωπική άποψη. Για παράδειγμα στην συγκεκριμένη συνταγή η πρέζα (μια δόση δλδ) μπορεί να είναι σε κουταλάκι του γλυκού/τσαγιού αλλά εάν η φέτα είναι ξαλμυρισμένη και τα προτιμάτε αλμυρά, τότε θα πρέπει να ρίξετε λίγο παραπάνω. Εάν η συνταγή περιέχει αλεύρι κι είναι μείγμα, νερό βάζετε όσο χρειάζεται. Εάν πρέπει να βγει πηχτό λίγο, εάν είναι να βγει αραιό πολύ. Επίσης είναι καλή πρακτική το αλεύρι να το κοσκινίζεται για να μην σβολιάσει. Εάν η συνταγή θέλει φούρνο, πρέπει να τον προθερμάνετε. ΔΕΝ χρειάζεται να είναι πάντα στην θερμοκρασία ψησίματος, αλλά να έχει ομοιόμορφη ζεστή θερμοκρασία. Μπορείτε να χρησιμοποιήσετε και αντικολλητικό χαρτί ψησίματος (κι ίσως πρέπει σε κάποιες συνταγές) αλλά προσωπικά μου αρέσει όταν τα μείγματα ψήνονται απευθείας στο ταψί (ξέρω ξέρω - βίτσιο). Ακόμα, εάν οι συνταγές έχουν δύο μέρη (ξερά/υγρά) τα κάνουμε ξέχωρα και να ενώνουμε στο τέλος! Εάν η συνταγή έχει αυγά - θέλει πολύ καλό χτύπημα. Να θυμάστε την έκφραση: “Χτύπα τα σαν να σου χρωστάνε λεφτά”!
Πιο ειδικά για την παραπάνω συνταγή:
Οι παραλλαγές είναι πάρα μα πάρα πολλές, καθώς μπορείτε στο αλεύρι να βάλετε ότι αλεύρι θέλετε εσείς, ομοίως για το γάλα & φυσικά το ίδιο και για την φέτα. Αντί για λάδι, μπορείτε να κάνετε χρήση βουτύρου.
Πως προχωράμε:
Έχουμε κάνει την φέτα, τρίμμα από πριν. Χρησιμοποιούμε λατεξ γαντάκια για να μην λερωθούμε. Στο μπολ μας (ή στο λεκανάκι εγώ) ρίχνουμε το αλεύρι (ή το κοσκινίζουμε) και το αλάτι. Ανακατεύουμε. Ρίχνουμε τα αυγά και το γάλα. Ανακατεύουμε. Ρίχνουμε το τρίμμα. Ανακατεύουμε. Ρίχνουμε όσο νερό χρειάζεται για να αραιωθεί το μείγμα μας. Δεν θέλουμε να είναι νερουλό, αλλά να μην είναι πολύ πηχτό. Ρίχνουμε λίγο λάδι κι ανακατεύουμε.
Εάν βγει νερουλό το μείγμα, προσθέτουμε αλεύρι. Εάν είναι πολύ πηχτό κι έχουμε ρίξει αρκετό νερό, ρίχνουμε γάλα.
Έχουμε προθερμάνει τον φούρνο μας με το ταψάκι του μέσα στο φούρνο.
Βουτυρώνουμε το ταψί (ή το λαδώνουμε) και περιχύνουμε το μείγμα μας. Θα πρέπει να γεμίσει το ταψί μας αλλά σε ύψος πρέπει να είναι 1/2 εκατοστά. Εάν είναι παραπάνω δεν θα ξεροψηθεί και θα χρειαστεί παραπάνω ψήσιμο. Καλύτερα να βάλετε δύο ταψάκια εάν βγει το μείγμα παραπάνω. Εάν βγει λιγότερο ΜΗΝ ΑΓΧΩΝΕΣΤΕ. Στο μπολ ρίχνουμε αλεύρι, γάλα ή νερό και συμπληρώνουμε όσο χρειάζεται για να φτάσει στο επιθυμητό αποτέλεσμα.
Το αφήνουμε στους διακόσιους (200) βαθμούς για περίπου 35 λεπτά. Εδώ ένα ακόμα “μυστικό” ! Το 35 σημαίνει ότι ανάλογα με την ποσότητα μπορεί να είναι έτοιμο στα 30 ή στους 40 λεπτά ! Κοιτάμε ανά δέκα λεπτά την επιφάνεια της πίτας μας. Εάν το χρώμα του είναι όπως στην παραπάνω εικόνα, τότε είμαστε καλά.
Burke & Barry Blended Scotch Whisky
Vs
Tullamore Dew Irish Whiskey
Your choice !
[ PLZ read my new blog post on the matter]
Today i came across to a very nasty security firefox bug: when using Pin Tabs, firefox doesnt remove the first (in alphabetical order domain) cookies.
I am using Firefox v34.0.5 so it’s the latest stable version as of the time of writing this blog post.
PLZ, Let me try to walk you through my findings.
Below my settings:
As you can see, firefox should remove all the cookies when I close it.
I use Pin Tabs for my day-to-day web sites/apps.
I ‘ve noticed that I am always logged in to a specific web site.
That gave me the creeps. How the hell i am already logged in to this web site.
I have just opened up my firefox and firefox should have removed all the cookies!
I closed every opened/pinned tab and removed all cookies by hand.
Restarted firefox, logged in to this site and then closed firefox.
Opened up again firefox and there was no cookie.
Strange
I am now thinking that my morning coffee had vodka inside.
Pin Tabbed a few sites, logged in to all of them, restarted firefox and then i am still logged in only to this specific web site.
Opened up the “Show Cookies …” setting from preferences and show a few cookies. Restarted once more firefox and invest the cookies again. Still logged in to this specific site.
The “Show Cookies …” setting presents the domain cookies in alphabetical order. So that gave me a clue. The site starts from the letter C and is always the first one domain cookie.
OK, time to write some php cookie code to further investigate this issue.
<?php
if ( !isset ( $_COOKIE["aaaa"] ) ) {
$cookie_value = 0;
}
$cookie_value = ++$_COOKIE["aaaa"];
setcookie ( "aaaa" , $cookie_value , strtotime("+1 day") );
?>
<html>
<body>
<?php
echo "Hit F5<br>";
echo "cookie value is: " . $_COOKIE["aaaa"];
?>
</body>
</html>
Keep in mind, that the visiting server must send the set_cookie within the html headers. Before the html body.
Closed everything, removed every cookie. UnPin every tab and restarted firefox.
Visited my php test page, show cookie value, restarted firefox. No cookie.
Opened up once again firefox, visited my php test page. “Pin Tab” the test page, hit F5 a few times and then restart firefox. A cookie !!!!
So there is a security bug.
I’ll try to pass this to my mozillian friends so they file a security bug report.
Remember if you are logged in to amazon via a Pin Tab … amazon will always track you as it would (perhaps) be the first (in alphabetical order) domain cookie.
I like spending my free time reading books. Although i don’t have a good memory and my english are far from perfect, i prefer to read books in english.
A few days ago I was wondering what my potentials would be if i could remember everything i have ever read in my life. When discussing that with a good friend, she told me to read:
The book is AMAZING !
Is about the life of a retarded person, Charlie Gordon, whom - through a brain surgery - was given the gift of intelligence. The only problem is that no one knows how much time Charlie has, before loosing it all. What would you do if you had all the knowledge of the world, speaking 12 languages and understanding every scientific field there is? We are viewing the progress of Charlie though his reports and seeing him transform from a dummy friendly person to an egoistic self-center genius!
Charlie also has another problem. The problem that no one treats him like a person. Before he was the laugh of everyone, after a guinea pig. As his understanding of the world is growing, the same goes for his mental and physiological state. He is straggling to find out who is he real, what’s his place in the world. To learn from his retarded past, to make amens with his parents, to accept his future.
“First published in 1959 as a short story, Flowers for Algernon was released in novel form in 1966 and has since sold millions of copies.”
There are already two movies (at least), some theatrical plays, audio books, cliff notes, study notes, summaries, reviews, etc etc
You have to read this book!
I ‘ve updated my wiki page to add an android section to my tinc-vpn setup.
So here it is my: tinc-vpn to a redirect-gateway instructions.
From my previous book-related blog post, I ‘ve read NONE of them and started two new books:
So, why did I choose those books?
I am a fan boy of police procedural stories (Jeffery Deaver is the BEST in this category) and the DNA-genetic approach was intriguing me. I had tons of questions and a very good friend of mine answered all of my questions on the subject.
So what’s the story of the first book ?
A detective with a dark side is trying to solve a missing-person case. With a strange twist the missing case is transformed to a series of deaths relating to a company that performs genetic research! The dark side of the detective is based on his primitive instincts and that is a result of genetic chimeras. I dont want to spill the beans and that’s way i will not write more about the book. The story is well written and has a technical base around genetics. The book challenges the ethics of DNA research and at what cost we are going to change the quality of our life.
The second book is the sequel of the detective’s story. The detective doesnt seem to be so stable as in the first book. He has health problems and the biggest one is that he is now trying to catch a serial killer who is defacing his victims with acid! The main story is around a HIV research facility which is doing human trials on a new vaccine. The detective is running out of time as his body crashing and everyone has abandoned him.
Nov 2 2014 - Dec 1 2014
Top spammers:
1. adsgreece.com
2. globalgreece.gr
3. nfs.gr
4. specisoft.biz
5. aldridge.com
Blocked via postfix:
/etc/postfix/header_checks
/massnews\.gr/ REJECT "Plz stop sending SPAM id=1"
/glc-emea\.com/ REJECT "Plz stop sending SPAM id=2"
/To:.*info@balaskas\.gr/ REJECT "Plz stop sending SPAM id=3"
/Akis.Angelakis/ REJECT "Plz stop sending SPAM id=4"
/from.*mailendo.com/ REJECT "Plz stop sending SPAM id=5"
/specisoft\.biz/ REJECT "Plz stop sending SPAM id=6"
/advantech\.gr/ REJECT "Plz stop sending SPAM id=7"
/adsgreece\.com/ REJECT "Plz stop sending SPAM id=8"
/2020web\.gr/ REJECT "Plz stop sending SPAM id=9"
/nfs\.gr/ REJECT "Plz stop sending SPAM id=10"
/polimonotiki/ REJECT "Plz stop sending SPAM id=11"
/eliamep\.org/ REJECT "Plz stop sending SPAM id=12"
/ellak\.gr/ REJECT "Plz stop sending SPAM id=13"
/seminaria\.gr/ REJECT "Plz stop sending SPAM id=14"
/stock-house\.gr/ REJECT "Plz stop sending SPAM id=15"
/Lesfemmes/i REJECT "Plz stop sending SPAM id=16"
/aldridge\.com/ REJECT "Plz stop sending SPAM id=17"
/inter\.net/ REJECT "Plz stop sending SPAM id=18"
/plexpr\.tk/ REJECT "Plz stop sending SPAM id=19"
/industrydisruptors\.org/ REJECT "Plz stop sending SPAM id=20"
/xinis\.com/ REJECT "Plz stop sending SPAM id=21"
/globalgreece\.gr/ REJECT "Plz stop sending SPAM id=22"
/hostzone\.gr/ REJECT "Plz stop sending SPAM id=23"
/mailinglist\.gr/ REJECT "Plz stop sending SPAM id=24"
/profitconsult\.gr/ REJECT "Plz stop sending SPAM id=25"
/pedersenco\.com/ REJECT "Plz stop sending SPAM id=26"
/diadima\.gr/ REJECT "Plz stop sending SPAM id=27"
/helenco\.gr/ REJECT "Plz stop sending SPAM id=28"
/adplus\.gr/ REJECT "Plz stop sending SPAM id=29"
/entos\.gr/ REJECT "Plz stop sending SPAM id=30"
/4udeals\.gr/ REJECT "Plz stop sending SPAM id=31"
/oncseminars\.gr/ REJECT "Plz stop sending SPAM id=32"
/enimerwsi\.gr/ REJECT "Plz stop sending SPAM id=33"
There is a big difference between communication and understanding.
Here is a DNS story:
The Internet Bank of Ebal (paraphrasing customer’s name) has their own Authoritative NameServer for their zone.
In the company i am currently working, we provide a secondary dns service.
Bellow the steps/instructions we provide to our customers - in order of action:
- Inform the customer to allow zone transfer to our Lans
- We confirm the zone transfer
- Inform the customer to add our secondary NameServers to his zone
(NS records inside their dns zone) - Provisioning the service aka add configuration to our NameServers
and finally - inform customer to add our NameServers to the Registry of .gr Domain Names
Just to be perfectly clear - we keep these steps simply cause from our experience not every DNS administrator understand what they must/should do.
So here are the steps the bank’s administrator did:
- Add one of our NameServers into registry of .gr domain names
- Allow zone transfer to our Lans.
in that order!
They raised a complain that we dont provide the secondary service and a lot of bank’s customer cant access their site (obviously)!
We re-inform the customer with the actions/steps and we specific told them to REMOVE our nameserver from the registry of .gr domains till WE confirm that everything is ok.
Below the new steps the bank’s administrator did:
- Add one more of our NameServers into registry of .gr domains names.
So we have a new problem.
I told the administrator (in writing) to remove something and they did the exactly opposite.
Still (at the time of writing this blog post) they havent add our nameservers into their zone
(step number #3).
At this moment i cant think of how to resolve the real problem: “The problem of communication to the point of understanding”
UPDATE:
Seems that we are still having problems with this customer!
The administrator of the bank chose to update the authoritative nameservers on the registry .gr domains.
They removed our authoritative nameservers (acting as secondary) and added our caching nameservers.
Just because i am a sysadmin, doesn’t mean that i can’t hack some HTML5/CSS3 code!
Or even do a better job than some “web” devs or devops !!!
In fact, here is an example of a pure HTML5/CSS3 show/hide help box:
The below code displays a ? on the HTML page,
so that when hovering over it, shows a help box.
HTML5 part
<span class="help">
<font color=blue> ? </font>
<div class="hidden">
<b><u>SOA</u></b><BR>
Specifies authoritative information about a DNS zone,
including the primary name server, the email of the domain
administrator, the domain serial number, and several timers
relating to refreshing the zone.
</div>
</span>
and the CCS3 part:
.help {
width: 5px;
}
.help:hover {
width: 500px;
height: 100px;
background:#f7f7f7;
position: fixed;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
}
.hidden {
display: none;
}
.help:hover > .hidden {
display: block;
background: #f7f7f7;
color: #000000;
text-align: left;
}
I am sure, that this (perhaps) is not the perfect way - but it sure beats every JS code I ‘ve already read from web-devs.
After finishing my Cyberpunk reading of Burning Chrome a short story collection & Neuromance by William Gibson started to search for new books to read.
@comzeradd suggested the bellow books:
- Ancillary Justice (2013) by Ann Leckie
- Cryptonomicon (1999) by Neal Stephenson
- Homeland (2013) by Cory Doctorow
- Little Brother (2008) by Cory Doctorow
- Pirate Cinema (2012) by Cory Doctorow
- Robopocalypse (2011) by Daniel H. Wilson
- Snow Crash (1992) by Neal Stephenson
- Permutation City (1994) by Greg Egan
- The Emperor’s New Mind (1989) by Roger Penrose
but (as always) something new caught my eye!
a tweet about free books at noisetrade, a site that i hadn’t heard before.
There are short stories and books from indie (and not) writers that want to promote their job by giving free some stories/books. After a few searches i came up with Social Engineer by Ian Sutherland and immediately hooked up !
Searching the web for other work of Ian Sutherland i found his personal page on wattapad, a platform for writing & self-publishing short stories and books.
I have to say that there are a lot of stories that you have to read there !
I understand that self-publishing isn’t something easy. Major publishers with their “politics”, promotion and marketing can affect your book price or even your fan base. But wattapad builds their status upon readers and the publicity is being via social media (or blog posts like this one).
So I’ve read the first chapters of Invasion of Privacy there.
OK - this dude knows his stuff !!
From technical view is nearly perfect and the story has many “Jeffery Deaver - paranoia points and twists “
I don’t want to spoil anything on both books - but I’ve enjoyed the entire time of reading them the last couple weeks.
Take a look on his site Ian Sutherland for more info.
In 30 40 days of my new mail address and the top spammers are:
/massnews.gr/ REJECT "Plz stop sending SPAM id=1"
/glc-emea.com/ REJECT "Plz stop sending SPAM id=2"
/To:.*info@balaskas.gr/ REJECT "Plz stop sending SPAM id=3"
/Akis.Angelakis/ REJECT "Plz stop sending SPAM id=4"
/from.*mailendo.com/ REJECT "Plz stop sending SPAM id=5"
/specisoft.biz/ REJECT "Plz stop sending SPAM id=6"
/advantech.gr/ REJECT "Plz stop sending SPAM id=7"
/adsgreece.com/ REJECT "Plz stop sending SPAM id=8"
/2020web.gr/ REJECT "Plz stop sending SPAM id=9"
/nfs.gr/ REJECT "Plz stop sending SPAM id=10"
/polimonotiki/ REJECT "Plz stop sending SPAM id=11"
/eliamep.org/ REJECT "Plz stop sending SPAM id=12"
/ellak.gr/ REJECT "Plz stop sending SPAM id=13"
/seminaria.gr/ REJECT "Plz stop sending SPAM id=14"
/stock-house.gr/ REJECT "Plz stop sending SPAM id=15"
/Lesfemmes/i REJECT "Plz stop sending SPAM id=16"
/aldridge.com/ REJECT "Plz stop sending SPAM id=17"
/inter.net/ REJECT "Plz stop sending SPAM id=18"
/plexpr.tk/ REJECT "Plz stop sending SPAM id=19"
/industrydisruptors.org/ REJECT "Plz stop sending SPAM id=20"
What started as a Nasa Space App Challenge now becomes an extraordinary opensource achievement on the top five finalist of hackaday.io.
What is SatNOGS in non technical words: imagine a cheap mobile openhardware ground station that can collaborate through the internet with other ground stations and gather satellite signals all together, participating in a holistic opensource/opendata and public accessible database/site !
If you are thinking, that cant be right, the answer is that it is!!!
The amazing team behind the SatNOGS is working around the clock - non stop ONLY with openhardware and free software to do exactly that !
A fully modular system (you can choose your own antennas! or base setup) you can review the entire code on github, you can see in high quality videos and guides for every step, every process, you can participate via comments, emails or even satellite signals !
3D Printing is one of the major component in their journey till now. The have already published every design they are using for the satnogs project on github! You just need to print them. Every non-3d printing hardware are available to every hardware store near by you. The members of this project have published the Arduino code and schematics for the electronics too !!
Everything is fully documented in details, everything is open source !
AMAZING!
It’s seems that i may be bias, so dont believe anything i am writing.
See for your self and be mind-blowing impressed with the quality of their hardware documentation
Visit their facebook account for news and contact them if you have a brilliant idea about satellites or you just want to get a status of their work.
How about the team ?
I’ve met the entire team at Athens Hackerspace and the first thing that came into my mind (and it is most impressive) is the diversity of the members itself.
Not only in age (most of them are university students, but older hobbyists are participating too) but also in the technical area of expertise. This team can easily solve every practical problem they can find in the process.
SatNOGS, as I’ve already mentioned, is fully active and that all started (with the bing bang of-course) with an idea: To reach and communicate with the Space (the final frontier). Satellites are sending signals 24/7 and the ground stations cant reach every satellite (i am not talking to geo-static satellites) and there is no one to acknowledge that. The problem that the satnogs is solving is real.
And i hope with this blog post, more people can understand how important is that this project scale to more hackerspaces around the globe.
To see more, just click here and you can monitor the entire process till now.
a blog post about Wallabag
Tons of information are passing through your eyes every day. People now are browsing than reading and there are some things you really want to store and read them when you have some free time. Bookmarks are pretty useful for storing the url but the actual content could be moved somewhere else or even removed from the original place.
read-it-later applications have worked their magic and offline (or caching) storing the actual content to another location. Some of these applications (or online services) have the ability to synchronize their content to your tablet/smartphone or even your ebook reader. The most known service is, of course, pocket.
But then again you have to register to another online service that uses your email for userid and now knows every single thing you like to read! And what will happen if the company behind this service decides to close this or change their policy to sell yours info or hacked or …. whatever …. ?
Well that’s the nice thing about free software!
You can self-hosting your own application for saving web pages (aka read-it-later) with wallabag
Just download and extract the latest version inside your web server document root path:
cd /var/www/
wget -c http://wllbg.org/latest -O wallabag_latest.zip
unzip wallabag_latest.zip
mv wallabag_VERSION wallabag
At this moment you have your own self-hosted read-it-later service.
You need to generate a token for apps to connect with your wallabag instance (login –> config –> Feeds –> generate token) and it will produce something like that:
Token: sd/sdfSDFsdffd20
User ID: 1
Add the firefox add-on from here and then you have to configure only your wallabag URL.
For your smartphone you can use this app
wallabag from F-droid
For this app you need to write the token so that you can synchronize your feeds to your phone.
Wallabag has many features - the most useful for me is the epub export. I can store my articles to my ebook reader !
How about security ? I dont care to setup wallabag under an SSL certificate or bother with “basic auth” login cause i store public articles !!! If someone obtains my credentials he/she/it can use wallabag to mesh with my articles (ok - i have backups) but he/she/it will not gain access to “private” information. That’s said - that dont mean that i dont value of the above (on the contrary) - is just a way to say that in my wallabag instance, i only store already public/publish web pages!
[Edit] UX - update - support - donate
I forgot to mention on my original post that i do appreciate 3 major things when using an free software project.
First is the UX, if something is toooooo difficult for me to use it, i’ll pass it. Even if it is the best project ever. Wallabag isnt top notch on UX, but the design isnt destructive at all when reading an offline article. The work that nicosomb have made on that is really nice.
Second thing the update process: If is too hard for me to update a project, soon i will be bored to do it. I am an intermediate linux user and an open source advocate but i am lazy. Too lazy. Wallabag is super easy to update. Just download and extract. I am amazed that this process isnt already inside wallabag config section. I hope to see that in the next release. But it’s really nice to be notified (internal checks when using config page) and do the hard work of opening a shell, login, download and extract the new release :P
Third thing in my forgot list is support. Wallabag is active and has a new support process. Something that not many opensource projects have. And Nicola (core developer) isnt a hard man to find on social media. That’s always something useful and handy for small things but a known fact that the developer is not MIA.
Finally i choose to support projects via donations. My donates are always smalls - cause i dont have (yet) millions to spare. But even a small contribution from many people can manage to pay for the VPS or other costs that the developer have to pay from his pocket.