From Wikipedia: The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, and authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols developed by the FIDO Alliance.

Why should you encrypt your disc in the first place? It’s for your own privacy. It’s to ensure that personal data doesn’t go astray.

Excerpt from man: Snapper is a command-line program for filesystem snapshot management. It can create, delete and compare snapshots and undo changes done between snapshots.

Snapper never modifies the content of snapshots. Thus snapper creates read-only snapshots if supported by the kernel. Supported filesystems are btrfs as well as snapshots of LVM logical volumes with thin-provisioning.

The only way to be safe for ransomware, except for keeping a offline backup, is to have a immutable online backup.

restic is a deduplication backup sofware, designed for ease of use and security. Rclone is a versatile program for syncing data between a huge variety of protocols and cloud providers. What is especially nifty is that restic can use rclone as a backend, and by that extend restic destination into most cloud providers.

Your private SSH key is the key for the kingdom. This means always having a password on the key. With YubiKey, you can keep your secret key outside your machine too.

Excerpt from Wikipedia: The YubiKey allows users to sign, encrypt and decrypt messages without exposing the private keys to the outside world.

This is a short how-to to get startet with using Yubikey to SSH into your servers.

YubiKey as private SSH key

Pre requests

1. Install the YubiKey management software.

   [Read More]

From zram documentation: The zram module creates RAM based block devices named /dev/zramID (ID = 0, 1, …). Pages written to these disks are compressed and stored in memory itself. These disks allow very fast I/O and compression provides good amounts of memory savings. Some of the usecases include /tmp storage, use as swap disks, various caches under /var and maybe many more :)

• zram

Example of compressed swap in memory

Write this commands in /etc/rc.local to create a 2G compressed swap partition in memory.

Ever wondered on how to record the audio from one application? Either the browser or a streaming application that don’t have the option to save audio to a file.

The PulseAudio sound server in your desktop makes this quite easy.

I’ve created a small script that captures the current playing sound stream and redirects it to FLAC audio file. After the capture is started, you can start playing sound from other programs. It won’t interfere with the current capture.

If you want to use Vagrant with OpenStack, you need to prepare Vagrant with installing the vagrant-openstack-plugin. I had some problems installing it directly through vagrant plugin install. I had to clone it from Github and install it manually.

One time configuration

Install OpenStack plugin in Vagrant

cd /tmp
git clone https://github.com/cloudbau/vagrant-openstack-plugin
cd vagrant-openstack-plugin
gem build vagrant-openstack-plugin.gemspec
vagrant plugin install vagrant-openstack-plugin-*.gem

Add a dummy box to Vagrant thats needed by the plugin.

vagrant box add dummy https://github.com/cloudbau/vagrant-openstack-plugin/raw/master/dummy.box

Download OpenStack RC file

• Log into OpenStack
• Download OpenStack API RC file
  • Go to Project -> Compute -> Access & Security -> API Access
  • Down RC file by hitting Download OpenStack RC File
  • Put $USER-openrc.sh in your ~/ or somewhere you prefer

Configure a Vagrant VM

Vagrantfile

This is a default generic Vagrant file which starts a m1.tiny flavor image of Ubuntu Utopic. It requires that you already have added your ssh key to OpenStack. Please add your ssh key with the name $USER_ssh_key.

From man page: fio is a tool that will spawn a number of threads or processes doing a particular type of I/O action as specified by the user. The typical use of fio is to write a job file matching the I/O load one wants to simulate.

This example only show how to use fio to make reproduceable test on a file system. For me it’s been useful to catch changes in I/O throughput before and after a system has gone into production. Buy running the same tests on all systems the numbers are comparable.

Google now supports Google Earth in Google Maps. As far as I know it works in Chrome and Chromium. If Google Earth isn’t available where the satellite view options is, your graphic card is in the browsers blacklist.

To force enabling WebGL in the browser start it with the following options

chromium-browser --enable-webgl --ignore-gpu-blacklist

Now you can use Google Earth in maps.google.com.

Flashing a custom image on an Android mobile could be just fun. But if you don’t know why you want to do it, or do it just because it’s a challenge. Then don’t!

The bad and the good

I’m only pointing out some of the cons and the pros here.

Negative sides

• An OS image could contain malware; only use community trusted images.
• If you don’t pay attention you can get malware running as root. That’s B A D !
• May not have all the phones vendor functionality.
• The image may be buggy.

Consequences of a buggy image

• Lock up your phone when you least expect it.
• Drain the battery quicker.
• Suddenly reboot.

Positive sides

• You can get a newer more secure operating system.
• Use less battery.
• No crapware.
• Extra security functions.

Flashing CyanogenMod

One of the custom Android images based on AOSP is CyanogenMod. As I know, it’s one of the more used ones. Quite stable if you keep away from the nightlies and rich on functionality but not bloated.

This is my notes for how to update my Pelican blog automaticlly when I write new posts. See Creating a blog based on Pelican for getting started with Pelican blog engine.

A way to be able to blog from anywhere is to use Dropbox as repository for the your blog. Then let Pelican auto regenerate the blog on changes in the Dropbox folder.

A prerequest for this recipe is that /var/www is not directly exposed to the web.

The router firmware Tomato, see previous post RT-N66u with Tomato by Shibby firmware, can act as an OpenVPN server.

Using open Wi-Fi access points can be very useful and necessary, but it is inherently insecure. Using the router as an OpenVPN server can increase your privacy and security when you are on the go. By creating an encrypted VPN connection back home to the router, you don’t only get protection from nosy eavesdroppers but you get access to all your equipment behind the router at home as well.

This is a part of my personal notes. Use this information at your own risk. If you are uncertain or don’t know what you are doing. Do not proceed.

Asus RT-N66U is a Linux based wireless router. The stock firmware can be a bit limiting for the more advanced user. If you want better QoS, OpenVPN or just more control over the network I recommend installing Tomato by Shibby firmware.

Download the latest version of the firmware from Tomato by Shibby. Look for Asus RT-N66u 64k in the version folder in K26RT-N repository.

This is a small example how to use getopts in bash. I wrote it down for my own sake, as my own cheatsheet :)

Options set in .vimrc applies to all vim files. You can use modelines to set specific vim options for one file. Modeline option must be set in .vimrc to take advantage of this option.

Pelican is a static website generator written in Python. It’s perfect for maintaining a tiny blog without having to mess around with databases. Static pages can be served from any Web server. Even your wireless router if you run custom firmware as Tomato by Shibby or dd-wrt.

Running Ubuntu Trusty I chose to use Pelican package in repository. A very quick recipe for creating a blog with the default theme.

1. Install Pelican and package for Markdown language. With Markdown you write the content in text and Pelican translates it to HTML.

   [Read More]