simple AP with hostapd

Notes on configuring transient WiFi APs with linux and hostapd



hostapd config
node9:~# cat /etc/hostapd/hostapd.wlan0.conf |grep -v "#"
interface=wlan0
driver=nl80211
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
debug=4
ctrl_interface=/var/run/hostapd.wlan0
ctrl_interface_group=0
channel=6
hw_mode=g
macaddr_acl=0
auth_algs=3
eapol_key_index_workaround=0
eap_server=0
wpa=3
ssid=node9
wpa_passphrase=incellll
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP



To enable 802.11n add to the hostapd.conf
ieee80211n=1
wmm_enabled=1
and do not change
hw_mode=g


go
node9:~# hostapd /etc/hostapd/hostapd.wlan0.conf 
or run the hostapd deamon in the background
node9# hostapd -B /etc/hostapd/hostapd.wlan0.conf


Connect to node9
node7:~# wpa_supplicant -i wlan1 -c <(wpa_passphrase node9 incellll)
or put wpa_supplicant in the background
node7:~# wpa_supplicant -B -i wlan1 -c <(wpa_passphrase node9 incellll)


Check the client's wireless interface
node7:~# iwconfig wlan1
wlan1     IEEE 802.11abgn  ESSID:"node9"  
          Mode:Managed  Frequency:2.437 GHz  Access Point: 30:14:4A:15:B7:94   
          Bit Rate=54 Mb/s   Tx-Power=27 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=64/70  Signal level=-46 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:20   Missed beacon:0



List the AP client(s)
node9:~# iw dev wlan0 station dump 
Station 30:14:4a:15:bb:72 (on wlan0)
 inactive time: 2893 ms
 rx bytes: 871
 rx packets: 22
 tx bytes: 537
 tx packets: 3
 tx retries: 0
 tx failed: 0
 signal:   -42 dBm
 signal avg: -46 dBm
 tx bitrate: 1.0 MBit/s
 authorized: yes
 authenticated: yes
 preamble: short
 WMM/WME: no
 MFP:  no
 TDLS peer:  no



Network
node9:~# ifconfig wlan0 192.168.10.9/24
node7:~# ifconfig wlan1 192.168.10.7/24
node7:~# ping -c 1 192.168.10.9
PING 192.168.10.9 (192.168.10.9) 56(84) bytes of data.
64 bytes from 192.168.10.9: icmp_req=1 ttl=64 time=1.66 ms

--- 192.168.10.9 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.668/1.668/1.668/0.000 ms







kismet server and drones



Kismet Drone(s) Setup -- Voyage Linux

Install prerequisites
# apt-get update
# apt-get install libpcap-dev
# apt-get install libnl-dev
# apt-get install pkg-config


Get kismet
# wget http://www.kismetwireless.net/code/kismet-2013-03-R1b.tar.xz


Create the kismet user
# mkdir /var/log/kismet
# adduser kismet --home /var/log/kismet


Compile kismet
# tar xf kismet-2013-03-R1b.tar.xz 
# cd kismet-2013-03-R1b/
# ./configure --disable-client
# make dep
# make


Install kismet and kismet_drone
# make suidinstall
# usermod -a -G kismet kismet


Configure kismet_drone (the Kismet Server is at 10.0.0.225/24)
# grep \#g0 kismet_drone.conf |sed -e s/\#g0//
servername=drone4
dronelisten=tcp://0.0.0.0:2502 
allowedhosts=127.0.0.1,10.0.0.0/255.255.255.0 
gps=false 
ncsource=wlan0 
This is what I changed in the default kismet_drone.conf file.

Drone Test Run

# su - kismet -c "/root/kismet-2013-03-R1b/kismet_drone -f /root/kismet-2013-03-R1b/conf/kismet_drone.conf"
or
# /root/kismet-2013-03-R1b/kismet_drone --daemonize -f /root/kismet-2013-03-R1b/conf/kismet_drone.conf


Kismet Server --Collector and Client --Debian
# apt-get install kismet


To add drones to the Kismet sources in /etc/kismet/kismet.conf you may use the following syntax
 ncsource=drone:host=10.0.0.3,port=2502,name=dr0ne3
 ncsource=drone:host=10.0.0.4,port=2502,name=dr0ne4



Kismet collector,server and client test run
# kismet




debian jessie, notes on setting up subversion

Notes on setting up a subversion server on debian Jessie

Install subversion
# apt-get install subversion


Install the apache HTTP daemon
# apt-get install apache2


Install the WebDAV apache2 module
# apt-get install libapache2-svn


Create directories for the repositories
# mkdir -p /srv/svn/dev
# mkdir /srv/svn/doc


Create the dev and doc repositories
# svnadmin create --fs-type fsfs /srv/svn/dev
# svnadmin create --fs-type fsfs /srv/svn/doc


Add an svn group
# groupadd svnchmod -R 770 /srv/svn/
# addgroup someuser svn
# addgroup someotheruser svn


# chown -R www-data:svn /srv/svn
# chmod -R 770 /srv/svn/ 


Commit on subversion server over SSH
$ mkdir test
$ echo "testing svn over ssh" > test/testing.txt
$ svn import -m "testing testing 123" test/ svn+ssh://192.168.101.11/srv/svn/doc
Adding         test/testing.txt

Committed revision 1.



Check on the server
# svnlook tree /srv/svn/doc/
/
 testing.txt



Configure WebDAV for subversion
# a2enmod dav_svn
# a2enmod dav_fs
# service apache2 restart


Webauth for someuser
# htpasswd -c /etc/subversion/dav_svn.passwd someuser


Configure a repository over WebDAV in /etc/apache2/mods-available/dav_svn.conf e.g.
<Location /svn>
  DAV svn
  SVNParentPath /srv/svn
  SVNListParentPath On
  AuthType Basic
  AuthName "yetAnother Subversion Repository"
  AuthUserFile /etc/subversion/dav_svn.passwd
  Require valid-user
</Location>


restart apache
# /etc/init.d/apache2 restart
rechown /srv/svn, the previous test may brake webdav
# chown -R www-data:svn /srv/svn


Test svn over WebDAV
$ svn co --username=someuser http://192.168.101.11/svn/doc
Authentication realm:  Incelligent Doc Repository
Password for 'someuser': *******

A    doc/testing.txt
Checked out revision 1.
$ echo "testing webdav" > doc/testing-webdav.txt
$ svn ci -m "testing webdav transport"






notes on setting up subversion

install gnome on Centos 7 notes

Notes on installing Gnome on Centos 7

Install the windows manager Gnome 3 and start it by default on boot
# yum groupinstall "Gnome Desktop"
# systemctl set-default graphical.target


Start Gnome
# systemctl start graphical.target




install Gnome on Centos7

move virtualbox guest to KVM

Notes on migrating virtualbox guest to KVM

Convert the vdi image to raw
$ vboxmanage clonehd /media/some/virtualbox-guest.vdi /media/some/x-virtualbox-guest.img --format raw


virt-install --connect qemu:///system --description x-virtualbox-guest -r 4096 --os-type=linux --disk /home/vm/jira/jira.img,device=disk --network=bridge:br0 --hvm --vnc --noautoconsole --name= x-virtualbox-guest--import




Notes on migrating a virtualbox guest to KVM

mongoDB on debian wheezy notes

Notes on setting up MongoDB on Debian Wheezy

The system
# cat /etc/issue /etc/debian_version 
Debian GNU/Linux 7 \n \l

7.9



import the mongodb.org debian repositories key
# apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10


add the mongodb.org debian wheezy repository to the apt sources
# echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main" > /etc/apt/sources.list.d/mongodb-org-3.0.list


update repositories
# apt-get update


Install the latest release of mongodb-org-shell , mongodb-org-server , mongodb-org-mongos and mongodb-org-tools
# apt-get install mongodb-org


Hold mongodb-org packages
# echo "mongodb-org hold" | dpkg --set-selections
# echo "mongodb-org-server hold" | dpkg --set-selections
# echo "mongodb-org-shell hold" | dpkg --set-selections
# echo "mongodb-org-mongos hold" | dpkg --set-selections
# echo "mongodb-org-tools hold" | dpkg --set-selections
# grep -A 1 "Package: mongodb-org" /var/lib/dpkg/status
Package: mongodb-org-mongos
Status: hold ok installed
--
Package: mongodb-org-tools
Status: hold ok installed
--
Package: mongodb-org-server
Status: hold ok installed
--
Package: mongodb-org-shell
Status: hold ok installed
--
Package: mongodb-org
Status: hold ok installed



Create an Administrator
# mongo
> use admin
> db.createUser(
... {
... user: "admin" ,
... pwd: "passwd" ,
... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
... }
... )


Enable authentication and change the IP address the mongo server daemon binds to

# egrep -A 1 "bind|security" /etc/mongod.conf 
  #bindIp: 127.0.0.1
  bindIp: 192.168.101.86

--
security:
  authorization: enabled 

you may use bindIp: 0.0.0.0 to to bind the MongoDB daemon to all the system IP addresses

restart the mongodb server
# service mongod stop
# service mongod start


Log in as admin locally
# mongo --host 192.168.101.86 --port 27017 -u "admin" -p "passwd" --authenticationDatabase "admin"


Log in from a remote host
You better uninstall the official debian repositories mongo stuff and install mongo-org-shell from mongodb.org. I did not encounter any issues using wheezy repositories on jessie hosts. Many "Error: 18 { code: 18, ok: 0.0, errmsg: "auth fails" } " errors are caused when old mongo clients or driver-libraries are trying to talk to new versions of mongodb servers.
# apt-get remove mongodb mongodb-clients mongodb-dev mongodb-server
# echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main" > /etc/apt/sources.list.d/mongodb-org-3.0.list
# apt-get update
# apt-get install mongodb-org-shell
# echo "mongodb-org-shell hold" | dpkg --set-selections
and finally login from a remote host
$ mongo 192.168.101.86/admin -u admin -p passwd
MongoDB shell version: 3.0.7
connecting to: 192.168.101.86/admin
> 


Create a database
use amongodb


Create a user that can read and write on the amongodb
> db.createUser(
        ... { user: "amongouser" ,
        ... pwd: "somepasswd" ,
        ... roles: [ {  role: "readWrite", db: "amongodb" } ]
        ... }
        ... )


and login from a remote host
$ mongo 192.168.101.86/amongodb -u amongouser -p somepasswd








MongoDB on debian notes

fix grub after updating windows 10 in a dual boot Ubuntu-Windows10 system

Fix grub after updating windows 10 in a dual boot Ubuntu-Windows10 system

grub rescue> ls
grub rescue> (hd0,msdos2) (hd0,msdos3) (hd0,msdos4)
grub rescue> ls (hd0,msdos2)/boot/grub
If the above listing returns stuff you found the right partition

Rescue
grub rescue> set prefix=(hd0,msdos2)/boot/grub
grub rescue> set root=(hd0,msdos2)
grub rescue> insmod normal
grub rescue> normal
grub rescue> insmod linux

grub rescue> boot


now the grub menu should come up

boot into Ubuntu and install boot-repair
$ sudo -s
# add-apt-repository ppa:yannubuntu/boot-repair
# apt-get update
# apt-get install -y boot-repair


boot repair
# boot-repair
the first option worked for me





grub rescue dual boot Ubuntu-Windows10 system after windows10 update

tankos code







Remember tankos?



I wrote Tankos in C and I used the ATMEL Studio to put it together,
the code is on github ...





Hardware:
  • one ATmega328 Arduino ( UNO ) board
  • one SR04 ultrasonic range detector
  • tamiya tracks ( got them from a bulldozer toy )
  • one tamiya twin-motor gearbox that I geared to go slow with a lot of torque
  • one small tower pro servo
  • fuses, buttons , switches , breadboard cables , a tiny breadbord, 4 18650s, a twin 18650 case that connects them in series, two single 18650 cases , dc jacks , H bridges , plywood , screws , random pieces of clear plastic, etc




if you want to recreate tankos and you need help in choosing hardware or find your way around the code please contact me .







tankos code



Centos 7 VNC server

Centos 7 VNC server notes

The distro
# cat /etc/issue /etc/redhat-release 
\S
Kernel \r on an \m

CentOS Linux release 7.1.1503 (Core) 



Install tigervnc-server
# yum install tigervnc-server




set the vnc password for the asystemuser user
# su asystemuser
$ vncpasswd


puch the appropriate firewall holes
# firewall-cmd --permanent --zone=public --add-service vnc-server
# firewall-cmd --reload


start VNC server as asystemuser
# su asystemuser
$ vncserver




centos 7 vnc server

notes on moving xen guests to KVM

Set up the KVM guest in the KVM host
virt-install -n xxenguest -r 4096 --vcpus=2 --os-type=linux --disk /home/vm/xxenguest/xxenguest-copy.img --network=bridge:br0 --hvm --vnc --noautoconsole --import








Switch to rtl8139 Ethernet controller module in /etc/modprobe.conf in the KVM guest
# cat /etc/modprobe.conf
#alias scsi_hostadapter ata_piix
alias scsi_hostadapter xen-vbd
alias sym53c8xx off
alias net-pf-10 off
alias ipv6 off
options ipv6 disable=1
alias eth0 8139cp
#alias eth0 xen-vnif







notes on moving xen guests to KVM

upgrade to debian 8

Upgrade wheezy ( debian 7 ) to jessie ( debian 8 )

adjust /etc/apt/sources.list to something like this
deb http://ftp.gr.debian.org/debian/ jessie main non-free contrib
deb-src http://ftp.gr.debian.org/debian/ jessie main non-free contrib

deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free

# jessie-updates, previously known as 'volatile'
deb http://ftp.gr.debian.org/debian/ jessie-updates main contrib non-free
deb-src http://ftp.gr.debian.org/debian/ jessie-updates main contrib non-free

Most likely, NTUA 's debian mirror in athens is not your closest mirror.
You may want to use another debian mirror.

upon adjusting /etc/apt/sources.list update apt index
# apt-get update


and upgrade all the packages and the base system
# apt-get upgrade

or
# apt-get dist-upgrade


You will have to quit a few informative pagers and answer a few questions, but everything works out fine.





upgrade to debian 8



install gnome on jessie

Install gnome on Debian Jessie

The system
# cat /etc/issue /etc/debian_version 
Debian GNU/Linux 8 \n \l

8.2



Install gnome
# tasksel install gnome-desktop --new-install


which is (tasksel test)
# tasksel -t install gnome-desktop
debconf-apt-progress -- apt-get -q -y -o APT::Install-Recommends=true -o APT::Get::AutomaticRemove=true -o APT::Acquire::Retries=3 install task-gnome-desktop









install gnome on jessie

django notes

Notes on setting up a basic django app on a debian system using MySQL and Apache2 ...

Install the apache2 HTTP daemon
# apt-get install apache2


Install the WSGI apache2 module ( Python Web Server Gateway Interface )
# apt-get install libapache2-mod-wsgi


Install MySQL, the MySQL database development files, and the Python interface to MySQL
# apt-get install mysql-server libmysqlclient-dev python-mysqldb


Install gcc, build-essential and python headers
# apt-get install gcc build-essential python-dev


Install Python Virtual Environment Creator to avoid system Python
# apt-get install python-virtualenv


Create a virtual python environment
$ virtualenv django


Create or copy a file listing the python requirements.
e.g.
# cat requirements.txt 
Django==1.8.4                                                                                            
Markdown==2.6.2
MySQL-python==1.2.5
argparse==1.2.1
django-filter==0.11.0
djangorestframework==3.2.3
mysql==0.0.1
mysqlclient==1.3.6
wsgiref==0.1.2


And install them into the django virtual python environment
# source django/bin/activate
(django):~# pip install -r ./django/requirements.txt 


Check python modules installed into the django python virtual environment
(django):~# pip freeze
Django==1.8.4
Markdown==2.6.2
MySQL-python==1.2.5
argparse==1.2.1
django-filter==0.11.0
djangorestframework==3.2.3
mysql==0.0.1
mysqlclient==1.3.6
wsgiref==0.1.2


Create a django_project and configure the Apache HTTP daemon
(django):~# cd /var/www/sites/myproject
(django):~# django-admin startproject myproject .
(django):~# deactivate
#


Create a virtual host, eg.
# cat /etc/apache2/sites-available/000-myproject.conf 
<VirtualHost *:80>

  ServerAdmin g0@spam.bot.ipduh.com
  DocumentRoot /var/www/sites/myproject/www


 WSGIDaemonProcess wids python-path=/var/www/sites/myproject:/home/myproject/django/lib/python2.7/site-packages
 WSGIProcessGroup  myproject
 WSGIScriptAlias / /var/www/sites/myproject/myproject/wsgi.py

 Alias /static/  /var/www/sites/myproject/www/static/

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

# vim: syntax=apache ts=2 sw=2 sts=2 sr noet



Enable the new virtual apache host and restart apache
# a2ensite 000-myproject.conf
# /etc/init.d/apache2 restart


use your browser to see the django welcome page,
you should see: It worked! Congratulations ...

Configure django to use MySQL, it uses SQLite by default.

add a mysql user and a mysql database
# mysql -u root -p
mysql>create database myproject;
mysql> grant all on myproject.* to myproject_user;
mysql> set password for myproject_user=password('somepasswd');
mysql>flush privileges;
mysql> exit
Bye
#


Configure the django project to use MySQL, edit settings.py
DATABASES = {
    'default': {
  'ENGINE': 'django.db.backends.mysql',
#   'ENGINE': 'mysql.connector.django',
        'NAME': 'myproject',
        'USER': 'myproject_user',
        'PASSWORD': 'somepasswd',
        'HOST': 'localhost',
        'PORT': '3306',
    }
}



Create the MySQL schema
(django):# python manage.py migrate


Copy the django-admin-app static files directory to /var/www/sites/myproject/www/static/
The directory that contains the admin static files for admin should be in django/lib/python2.7/site-packages/django/contrib/admin/static

Create a django super user
(django):# python manage.py createsuperuser




django - MySQL - apache2 on debian notes



Just the Privacy and Security part

from ipduh privacy and the https search fix

Many computer users think that by installing and using some browser plugin they will magically protect their privacy --which is false.

Every time you install a browser-plugin you run yet more brilliant xor stupid and good xor evil code that expands the attack surface on your system and your privacy and adds features or bugs or backdoors.

Actually, privacy-wise disabling javascript is OK, installing random plugins that run tones of "obfuscated" javascript or compiled closed code that you have no clue of what it really does in your browser is usually not. Plugins like flash, java, quicktime, itunes, silverlight, adobe reader, windows media player may be more dangerous for your privacy or your security than javascript plugins.

In addition, every time that you do not look like an average human using an average system you stick out and many of your plugins are visible if you are running javascript.

In most modern web browsers you do not need special browser plugins in order to disable cookies or javascript. Try it out. You will soon realize that most of the web is broken without javascript even though ipduh is not very broken.

When it comes to modern web browsers I consider Chrome and Mozilla based browsers put together by companies or groups I "trust" (Google, Mozilla, Debian) more secure than Microsoft Internet Explorer and Opera and IE and Opera more secure than the rest ...
don't ask me for a formal proof ... it is an opinion ...

However, Chromium and Mozilla based browsers ( Chrome , Firefox , Seamonkey , Iceweasel etc ) , Safari , Internet Explorer , Opera and the rest of the modern web browsers are ridiculously complex pieces of software used by millions if not billions of humans. There you have both opportunity and motivation for profit, control and power. Hence, all modern browsers are insecure. Put together or read thoroughly the source of a basic text HTTP(s) client if you are really paranoid.

Certain three letter agencies may have exploits or backdoors that compromise your browser and your privacy ( accessing your system ,even gaining administrator privileges, and certainly seeing 'your' first public IP address ) even if you do not run javascript or plugins. And they may be able to do that without even having you visiting a website they (p)own. Connecting to the Internet and firing up your web browser may be enough.

Up untill recently I had a little 'java applet' that would reveal your private and your first public IP address in the anonymity checker. If an one man weekend software shop can do this, imagine what larger software shops, the software shops that put together your web browser or government agencies can do.

Unfortunately many incompetent or devious folks are in the business of talking privacy or selling privacy. If you are concerned about your privacy you should take the matter in your hands and not leave it to me or anyone else. Use a common up-to-date browser put together by someone you 'trust' that does not stick out and use a combination of privacy tools like Tor or some sort of VPN which is used by many users and not just you.

A VPN, a proxy or an intermediate 'dark net' like Tor or I2P may harm your system or compromise even more your privacy if it is misused by you or purposely configured by its operators to do so.

Combine and alternate privacy tools and test settings and tools in many ways. An easy privacy test is the ipduh anonymity checker.























Just the Privacy and Security part



















added the MAC address to vendor tool to apropos



A while ago I put together a little tool
that maps EUI-48 and EUI-64 Media Access Control ( MAC ) addresses to Vendors
eg 00:00:0C:DE:FE:DC



I just added it to apropos
and it works with : and - delimiters
eg 00:00:08:02:11:B0 or 00:00:08:02:11:a0



MAC to Vendor from apropos

ipduh privacy and the https search fix





If apropos gets a query not related to inter-networking technology stuff like ip , dns , etc
sends it to a custom google

The ipduh custom google search is using google APIs and javascript pulled from google.
By mistake the google javascript URI was using always HTTP even when someone was using ipduh over HTTPS --my bad. I am sorry.

Due to my mistake, javascript run by your browser and some ipduh queries were traveling the internets in plaintext even when you were visiting ipduh over HTTPS. My mistake is fixed now and the google javascript is being always downloaded from a TLS encrypted URL.

If you are concerned about your privacy you should at least visit ipduh over HTTPS.
It is safe to trust and install the ipduh Certificate Authority if you trust me. I am certainly less evil and more skilled than many managers of CAs installed in your browser or your OS by default.

However,there is not an established trust path to ipduh and someone in between you and an ipduh server may serve you another ipduh server cerificate or CA certificate the very first time.

If you want to be sure that you installed the original ipduh CA certificate verify the certificate's fingerprint at https://github.com/ipduh/ipduhca.
My github CA repository provides only a way to verify the certificate fingerprint through an established trust path and has nothing to do with my TLS.

Provided that you trust me and that you installed the original ipduh server certificate or CA certificate in your browser, the authentication of ipduh and the encryption between ipduh and you is the same with the authentication and encryption provided by keys signed by Certificate Authorities like Comodo, Thawte etc.
Authenticating the ipduh servers is just a little tougher the very first time.

Many computer users think that by installing and using this or the other browser plugin they will protect their privacy --which is false.
Every time you install a browser-plugin you run yet more brilliant xor stupid and good xor evil code that expands the attack surface on your system and your privacy and adds features or bugs or backdoors.
Actually, privacy-wise disabling javascript is OK, installing random plugins that run tones of "obfuscated" javascript or compiled closed code that you have no clue of what it really does in your browser is usually not.
Also, every time that you do not look like an average human using an average system you stick out and many of your plugins are visible if you are running javascript.

You may disable cookies and even javascript for ipduh. This way you will evade some of the ipduh analytics and the google ads and still get a somewhat usable site. ( ipduh analytics have absolutely nothing to do with google analytics )
I do my best to provide a service that does not depend on javascript and I tried from the beginning to accommodate scripts and automated tools provided they do not abuse my service.

At least in Mozilla based browsers you do not need special browser plugins in order to disable cookies or javascript. Try it out. You will soon realize that most of the web is broken.

Plugins like flash, java, quicktime, itunes, silverlight, adobe reader, windows media player may be more dangerous than javascript plugins.

When it comes to modern web browsers I consider Chrome and Mozilla based browsers put together by companies or groups I "trust" (Google,Mozilla,Debian) much more secure than Opera, Microsoft Internet Explorer and the rest. However, Chrome and Mozilla based browsers ( Firefox , Seamonkey , Iceweasel etc ) are ridiculously complex pieces of software used by millions if not billions of humans. There you have both opportunity and motivation for profit, control, power. Hence, all modern browsers are insecure. Put together a basic text HTTP(s) client if you are really paranoid.

Certain three letter agencies may have exploits or backdoors that compromise your browser and your privacy ( accessing your system ,even gaining administrator privileges, and certainly seeing 'your' first public IP address ) even if you do not run javascript or plugins.

Back to logging at ipduh.
Most ipduh usage analytics are based on connection logs from layer 3 up to HTTP(S). I am not using google analytics or any other third party web analytics service.
( I am using google analytics at alog though :) )
At ipduh I am the only one who looks at logs and only when something bad happens.

Many incompetent or devious folks are in the business of talking privacy or selling privacy. If you are concerned about your privacy you should take the matter in your hands and not leave to me or anyone else. Use a common up-to-date browser put together by someone you 'trust' that does not stick out and use a combination of privacy tools like Tor or some sort of VPN which is used by many users and not just you.

A VPN, a proxy or an intermediate 'dark net' like Tor or I2P may harm your system or compromise even more your privacy if it is misused by you or purposely configured by its operators to do so.

Combine and alternate privacy tools and test settings and tools in many ways. An easy privacy test is the ipduh anonymity checker.







ipduh https search fix and privacy stuff ...







debian jessie mikrotik winbox

use mikrotik winbox on debian jessie

# su
# dpkg --add-architecture i386
# apt-get update
# apt-get install wine:i386
# exit
$ wine ~/Downloads/winbox.exe


debian jessie mikrotik winbox

Greek ISPs Caching DNS









A list with DNS servers provided by the Greek Internet Service Providers.

sl.ipduh.com/gr-isp-dns

gr-isp-dns (the actual ipduh-list URI)



Most caching name servers operated by Greek ISPs answer only to DNS queries coming from their own networks. You will need to use Public DNS Caches or your own recursive-resolver if you need caching DNS that works everywhere.











Nameservers-DNS for Greek ISPs

windows 10 enable Administrator account

Notes on enabling the Administrator account on Windows10

Run powershell or cmd as Administrator

List users
net user


Enable hidden administrator account
net user administrator /active:yes


Put a password to the adminstrator account
net user administrator *




enable administrator account on windows 10

samba ... mount windows shares from windows

mount windows shares on windows
net use \\192.168.1.2\share password /USER:sambauser







simple git backup server

Simple git Backup Server Notes

Server

Install git on the server
# apt-get install git-core


Create a 'bare' repository on the storage server
$ cd ~
$ mkdir test
$ git init --bare test
Bare are repositories without a working directory, suitable for storage.

Workstation

Generate public and private key pair and copy the public key to the server
$ ssh-keygen -t rsa
$ ssh-copy-id user@server


Create a local repository and push it to the storage server
$ mkdir test
$ cd test
$ echo hi > test.txt
$ git init
$ git add test.txt
$ git commit -m 'first-commit-message'
$ git remote add origin ssh://user@server:/home/user/test
$ git push origin master








Simple git backup Server



bif

bif is a basic iptables firewall setter script



Installation
# git clone https://github.com/ipduh/bif.git
# cd bif/ && chmod 755 install.sh && ./install.sh


Configuration
Edit /etc/bif
Most likely, you will have to adjust WHITE_LIST, BAD_IP_URL and OPEN_INBOUND_TCP

Initialization
# /etc/bif














bif



winbox debian 64b jessie

Install winbox on a
# uname -a
Linux some-desktop 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24) x86_64 GNU/Linux
# cat /etc/debian_version 
8.1


Uninstall wine and remove it's configuration directory
# apt-get remove wine --purge
# rm -r ~/.wine


Install wine32
# apt-get install wine32


Run winbox
$ wine winbox.exe




Install winbox on debian jessie

svn immediates

Notes on svn commits ( add a directory to a project ) without having to download the whole project.

checkout project skeleton --empty 2ond level project directories
$ svn co --username=user --depth=immediates http://myrepo.net/svn/dev/

 --depth immediates 

Include the immediate target of the operation and any of its immediate file or directory children. The directory children will themselves be empty.


add a directory
$ svn add mydir


$ svn ci -m "importing mydir"


For more complicated sparse checkouts lookup
co --depth files ,
up --set-depth infinity dir1 dir2 ,
up --set-depth emty dir3 dir4






svn immediates

debian add printer

Add an IP printer in debian

Install the Common UNIX Printing System --PPD/driver support, web interface, and the client programs
# apt-get install cups cups-client


Use a web-browser to go to http://localhost:631/
and then,
Adding Printers and Classes -> Add Printer
--you may use the root account credentials or add a user to lpadmin.

There is a good chance that you will not see the appropriate PDD there.

For HP printers you may use hplip, go to http://hplipopensource.com/hplip-web/supported_devices/index.html and select the printer model e.g. http://hplipopensource.com/hplip-web/models/officejet/hp_officejet_pro_8610.html for office jet pro 8610.



Download hplip and run it, the automatic installation worked for me in debian jessie



debian add printer



wpa debian

Notes on connecting to an 802.11X/WPA AP with wpa_cli

enable interface
# ifconfig wlan0 up


scan
# iwlist wlan0 scan
or

# iwlist wlan0 scan |egrep -i "ssid|signal|frequency|authenti"
to see just ESSID , Signal Strength , Quality, Frequency and Authentication suites for each cell

Interactive configuration of wpa_supplicant with wpa_cli
# echo "ctrl_interface=/run/wpa_supplicant" >> /etc/wpa_supplicant/t.conf
# echo "update_config=1" >> /etc/wpa_supplicant/t.conf
# wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/t.conf


Associate/Authenticate with the "thESSID" ssid
# wpa_cli
>scan
> scan_results
> add_network
0
> set_network 0 ssid "thESSID"
OK
> set_network 0 psk "thePASSWD"
OK
> enable network 0
OK
> save_config
OK
> quit


and then request an IP address from the DHCP server or set one manually
# ifconfig wlan0 192.168.168.13/24




wpa_cli debian