Skip to content

aToad #11: freeSSHd (SSH daemon for Windows)

It’s always been a nightmare to try and install OpenSSHd on Windows. The last thing I tried was this horrible guide involving cygwin, and in the end it didn’t work out, likely because I didn’t want to create a user nor to install the thing as a service.

Anyway, in the end I finally found something called freeSSHd, which reminded me a lot a of Free SMTP Server in its concept: make an equivalent of some widespread GNU software in a decently easy to install (and, incidentally, manage) Windows flavor. In both cases, unlike the name may suggest, it is not “free software” as in FLOSS or free speech, it is just freeware as in free beer. But it fills a gap, and although I wouldn’t use them for critical server applications, where I use GNU/Linux anyway, for development it’s just great.

Even though it is not as rich, and most importantly, not as up-to-date as openSSH (development seems quite slow nowadays), it features a bunch of nice useful features such as:
– SSH users independent from system users
– login via password (stored in SHA1 though) or key
– define permissions for shell, SFTP and tunneling
– IP restrictions for incoming connections
– and of course the GUI which makes it easy to use

Something worth trying if you’re looking for a quick and easy way to set up an SSH server on your Windows computer.

Posted in A Tool A Day.

rev="post-3988" No comments

By patheticcockroach 2013-10-24

Where to find the gnupg keyring in Windows

I’m quietly preparing for an OS reinstall, so I’m trying not to leave behind program data that could be a PITA to recreate later. The Firefox and Thunderbird profile folders are among those (note to self: really, really, don’t forget those), PuTTY too (note to self: look for the bloody folder), and so is my GnuPG keyring.
It can be found in %appdata%/gnupg (generic form of C:\Users\[your username]\AppData\Roaming\gnupg). Interestingly, all config files are there too (you know, the gpg.conf with which you can do some cool stuff such as picking a stronger default hashing or encryption algorithm, or making gnupg ask you for a signature trust level when you sign a key), and some master key, etc.

NB: the keyring is actually spread over several files:
pubring.gpg (public keys)
secring.gpg (private keys)
trustdb.gpg (trust info about the keys, I suppose)

Update (2014-08-19): in gpg.conf, you may want to add:
ask-cert-level
personal-cipher-preferences AES256 TWOFISH AES192 AES
personal-digest-preferences SHA256 SHA512 SHA384
personal-compress-preferences BZIP2 ZLIB ZIP

Posted in GnuPG & co.

rev="post-3983" No comments

By patheticcockroach 2013-10-17

How to duplicate a complete folder with subfolders over SSH using command line only (SCP)

When I got my first dedicated server, I spent a decent amount of time trying to configure some FTP server (one of them was ProFTPD, I believe there was another one but I forgot its name). It was a massive headache, and in the end, not even secure since transfers aren’t encrypted. I eventually found out that transferring files is just as easy over SSH, using for instance the SFTP abilities of FileZilla. It’s secure (encrypted properly), and requires no setup since it just uses the SSH daemon that comes with any minimalistic server setup.

So, after that I started using SFTP withing FileZilla. But I still didn’t know how to use SFTP from the console so I still used FTP there, the few times I had to. I’m not very at ease with it though, but with my tiny cheatsheet, all was fine 🙂 Until I had to connect to a server without an FTP daemon installed. I then found out that switching to SFTP is trivial: take the cheatsheet, but use it with “sftp” instead of “ftp”. For instance: sftp root@s15429750.onlinehome-server.info. Captain Obvious to the rescue.

Ok, that’s the first “problem” solved. The second now, is that I wanted to copy a whole folder, recursively with all its subfolders and stuff. And I didn’t find a way to manipulate “get” (cf the cheatsheet) to do that. But I eventually found about “scp” aka “secure copy”. This thing is part of the minimalist installation of, for instance, Debian, and runs like:
scp -r root@s15429750.onlinehome-server.info:/remote/path/to/copy /local/path/to/copy/to/
The very important part here is “-r” for recursive. For more options you can check the man page, but for the purpose of recursively duplicating a folder, that command line is enough.

PS: kudos to swraman

Posted in FTP, Linux, servers.

rev="post-3981" No comments

By patheticcockroach 2013-10-10

Fault tree analysis of the September 19 downtime

A few weeks ago we had another downtime, and since this time the causes accessible to me were a bit richer than the previous downtime, which was directly caused by a network outage at our provider, I thought it would be fun to use some risk management technique on it. Namely, a fault tree analysis, which is my favorite method because I just like the concept of “why why why” 😀

Note that after some previous undetected downtimes, I had taken steps to improve downtime detection. They proved themselves useful, as this time the downtime was detected within a few minutes of onset.

The tree follows below, in PNG for the preview and in SVG for the zoomed version:
Fault tree analysis of the September 19 downtime

I put the root causes linked to my now former host, 1&1, in red. It’s quite obvious that most of the causes are linked to them, particularly the huge 6h delay to process the payment, which at this epoch is just inconceivable… About the “set it and forget it”, that’s something I’ve always disliked about 1&1: they force you to let them store your credit card info (a bit like Amazon except that Amazon let you deleted those info), so that they can renew automatically. This helps to forget: my other hosts have manual renewal, I never forgot to renew there…

I find this risk analysis method really straightforward. If you’re interested in further reading, some more links (the first one is in English, but the others are in French):
https://en.wikipedia.org/wiki/Fault_tree_analysis
https://fr.wikipedia.org/wiki/Arbre_des_causes
http://eocastle.birdsallinteractive.com/images/arbre-des-causes
http://www.travailler-mieux.gouv.fr/IMG/pdf/CRAM_bourgogne.pdf
http://hse.iut.u-bordeaux1.fr/lesbats/H-arbre%20des%20causes/ADC.HTM
http://fr.cyclopaedia.net/wiki/Arbre-Des-Causes

Posted in security, servers.

rev="post-3977" No comments

By patheticcockroach 2013-10-07

How to fix Piwik’s dashboard stuck on “Loading data…”

Lot’s of posts about Piwik these days ^^ So I recently migrated Piwik from a server to another, had a few initial issues, fixed them, went to sleep, and the morning after I had yet another new issue: the dashboard (you know, the page where you land just after connecting) was basically empty, showing nothing but the “Loading data…” message.

All the other tabs seemed to work fine. The only clue I could find about a possible fuck-up was in the system checks (Settings → Diagnostic → System Check), which indicated, in the File integrity section, that some Javascript file (dashboard.js I believe) was (much) larger than expected. A rapid search found a couple of pretty old tickets in Piwik’s bug tracker, basically suggesting to empty the template cache (that’s in the tmp/templates_c folder). Since the migration was very recent and I still had the former, working installation running on the “legacy” server, on which I could fall back to in case of a big screw-up, I decided it would be simpler to just to reinstalling Piwik and see if it would be possible/easy to hook it up to the current database.

So I grabbed the latest package (I wish they provided some tar.xz or tar.gz instead of a zip, btw……), started the install, carefully entering the same database info (db name, user, db table prefix, etc.) as the previous one, and the same master user too. It detected the previous tables and asked whether to erase or reuse them, of course I chose reuse. And short story short: it worked.

After I finished the installation, I went back to the dashboard and it loaded fine. I checked the File integrity section too, this time no issue there. Actually, I noticed that the menu in Settings was changed! Since I had been running this Piwik installation for about 3 years, I guess the fairly regular auto-upgrade routines corrupted a few things here and there during this time. Comparing the old folder with the new one indeed showed that the new one was a bit lighter, so there was definitely some leftover stuff from previous versions, I assume they ended up causing issues. Maybe even the DNT ignore thingy isn’t broken anymore now?
I didn’t check that, but anyhow, the conclusion of this is, when you have issues with Piwik and you have already run a few upgrades in the past, it’s worth trying to reinstall from scratch. The process is quick and easy (so long as you provide accurate database details – if you forgot them you will find them in your old config file, config/config.ini.php), and you’ll end up with a brand new Piwik on your populated database. The only case where I believe this could get complicated is, as usual (think phpBB, for instance) when you added custom plugins.

Posted in web development.

Tagged with .

rev="post-3976" No comments

By patheticcockroach 2013-10-02

Piwik warning: “ignore DNT” is bull$#!t!

I’m currently (still) in the process of migrating my sites from the old 1&1 server to a new EUserv server. Today I migrated Piwik, which is actually about the biggest site of all (that’s right, the quite moderate traffic stats just take up more space than the actual site contents, although this is old news…). I’m migrating slowly because there’s no hurry since I’ll be keeping the old server for still a while I guess, and because I like to make sure that everything works fine.

So of course, after moving Piwik I tried visiting around to check if it worked fine. And it didn’t. Or rather, not completely: on this blog, I could see visitors, but on some other sites I track, I couldn’t. Since they have a lower traffic, I decided to go around visiting myself and see if I would see me: still nothing. I first thought that it might be due to that anti-block code I had recently implemented, and which I indeed forgot to migrate properly (the Apache “SetHandler” part). After fixing it, still the issue.

Long story short, it took me a while to realize that I couldn’t see myself on the higher traffic sites either. But why would I not see myself? The only thing I could think of was maybe I configured Do Not Track (DNT) and forgot about it. Yet I had configured Piwik to ignore DNT. But still, I applied the quick Apache config trick to remove the DNT header at the HTTPd server level (enable mod_headers and then add somewhere at the end of the Apache config file RequestHeader unset DNT)… and it worked! I could now see myself. So, the logical conclusion of this is that the Piwik option to ignore DNT (in Settings → Privacy → Support Do Not Track preference) is broken, either intentionally or not. If you don’t want to support DNT, you should then kill it at the HTTPd server level.

Posted in web development.

Tagged with .

rev="post-3975" No comments

By patheticcockroach 2013-10-01

Solving “locale: Cannot set XXX to default locale: No such file or directory” in Debian 7

I just received a new server, where this site will eventually get moved, yet it was provided with a little error about the locale. More specifically, each time I’d run apt-get to install or uninstall stuff, I’d get the following error message:

locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

(NB: it can also be reproduced by running locale -a)

After a brief search, I found that this was caused by an incomplete setup of locales. Basically, the steps to solve this are:
nano /etc/locale.gen
Then edit this file (it’s a commented list of all possible locales, I believe), uncommenting the locale you want. When you’re done, run:
locale-gen
Which will generate the locale files for the selected locales. The output will look like:

root@80-5-13-213:/etc# locale-gen
Generating locales (this might take a while)...
  de_DE.UTF-8... done
  en_US.UTF-8... done
Generation complete.

That’s pretty much it, the errors should be gone now. I had this error in Debian 7 but my guess is it’s fairly similar for many distros. For instance the page where I read about the solution presented it for Arch Linux.

Posted in Linux, servers.

rev="post-3969" No comments

By patheticcockroach 2013-09-24

Various Facebook funny lines #4

Finally took the time to compile some more, yay! 🙂

It’s never a lost cause until you believe it is.

With great power comes great electricity bill.

Déjà Moo – The feeling that you’ve heard this Bull before.

A fine is a tax for doing wrong. A tax is a fine for doing well.

Niemand ist mehr Sklave, als der sich für frei hält, ohne es zu sein. – Goethe

Democracy is a pathetic belief in the collective wisdom of individual ignorance. – H.L. Mencken

Gang rape is democracy in action.

I tried to cook something from scratch… and ended up summoning a daemon.

Not only is my short-term memory horrible, but so is my short-term memory.

Morons like you are why people have middle fingers.

Talking on the phone with someone who has kids is like talking to someone who has Tourette’s.

It’s hard to explain puns to kleptomaniacs because they always take things literally.

It’s a beautiful day, I think I’ll skip my meds and stir things up a bit.

Revenge? Nah, I’m too lazy. I’m going to sit there and let karma fuck you up.

I’ve lost my mind and I’m making no effort to look for it.

War does not determine who is right but who is left.

Any fool can know. The point is to understand.

I just did a week’s worth of cardio after walking into a spider’s web.

I would gladly go to Hell, but Satan still has that restraining order against me.

Light travails faster than sound, this is why some people appear bright until they speak.

When people tell me “you’re gonna regret that in the morning” I sleep in until noon because I’m a problem solver.

————
Last but not least, a few quotes that I found nice to serve to spread my love of travels ^^ Unfortunately I didn’t find translations for them, so for the moment I’ll just let the French version with my poor attempts at making them sound nice in English too (sorry folks :())

“Le plus grand voyageur est celui qui a su faire une fois le tour de lui-même.” (Confucius)
=> ~The greatest traveler is the one who managed to travel around himself. (yes, this translation is the worst of all, I believe)

“A quoi sert de voyager si tu t’emmènes avec toi ? C’est d’âme qu’il faut changer, non de climat.” (Sénèque)
=> ~What’s the use of traveling if you bring yourself along? You must change soul, not climate.

“Mais, qu’est-ce que l’Aventure ? Un accident que j’ai toujours cherché à éviter”. (Henry de Monfreid)
=> ~But what is adventure? An accident I’ve always tried to avoid.

“Le meilleur qu’on puisse ramener du voyage, c’est soi-même, sain et sauf.” (proverbe persan)
=> ~The best thing you can bring from your travel is yourself, safe and sound.

“Le vrai voyageur ne sait pas où il va.” (proverbe chinois)
=> ~The true traveler doesn’t know where he’s going to.

“Je sais, d’expérience, que courir le monde ne sert qu’à tuer le temps. On revient aussi insatisfait qu’on est parti. Il faut faire quelque chose de plus.” (Ella Maillart)
=> ~I know, from experience, that traveling around the world only kills time. You come back as unsatisfied as you left. Something more must be done.

Plenty more where that came from (but all in French again): http://www.abm.fr/travail-et-voyages/le-voyage-par-ecrit/le-voyage-par-ecrit-proverbes-et-citations-de-voyage.html

Posted in funnies, Totally pointless.

rev="post-3684" No comments

By patheticcockroach 2013-09-17

Full guide to install CyanogenMod 10.1.2 on LG Optimus G (part 2)

Almost a month and a half after the previous part, I believe it’s more than time to finish writing the second part. Before going further: 1) make sure you read part 1 first (it contains important stuff on how to fix a softbrick screw-up) and 2) the disclaimer again: this is a risky operation, proceed at your own risks and DO make a backup of the data you care about.

Step 4.1: root your phone

Android is based on Linux. Linux has this user privilege thing where standard user can’t do much stuff while root user can do about anything. Most or all manufacturers’ ROM lock the user out of root privileges, and the Optimus G is no exception, so the first step is to claim back those root rights. On the Optimus G, as with most Android smartphones, and as with iPhones (who said Android was more open? :s), it is done using various exploits. Quite a few tools are available, the one that worked for me (although I didn’t try them all) was Framaroot 1.5.3 (1.6.0 wasn’t released when I rooted my phone but I guess it works too), which you can download on this topic on XDA forums:
– download the Framaroot APK
– transfer it to your phone
– install it
– run it with the Gandalf exploit
– if all goes well, the phone will reboot and you’ll be root then. If not, you’re good to search the XDA board or other places for other rooting tools. You can also post in the Framaroot topic, people seem to be quite helpful there.

Optional Step 4.2-pre: get a GSF ID key

This step is optional but highly recommended if you plan not to install Google Apps: this is to allow you to download APKs from the Google Play store without having Google Apps on your device. Indeed, in it’s traditional openness and privacy-friendly ways, Google forces you to identify yourself from your phone via the Google Play app in order to be able to download an APK from the Google Play store. Actually, you’re not even supposed to be able to download the APK, only to directly install it.

However, someone made a Google Chrome (works in Iron too) extension, APK downloader that allows you to download an APK on your computer from the Play store. But in order to use it you still need to have a Google account and a Google Service Framework (GSF) ID Key. I suggest you go to the extension’s website (link above) to see how to install it and configure it (it explains how to get your GSF ID Key out of the Google Apps). For instance you could test it to download FreeGee (that’s the app we use in the next step).

Step 4.2: install a custom recovery

The default “recovery” mode only offers to wipe out the memory so as to obtain a factory reset. Not very helpful to install a new OS. So now that you’re root, you need to install a custom recovery. More specifically, ClockworkMod Recovery, because the alternative TWRP, which I tried first failed at installing CyanogenMod for me. I believe my ClockworkMod version is 6.0.3.0, but anyway the tool to install it will only offer one version. I believe it will offer the choice between a “touch” and a non touch version, they are similar except for the fact that the touch version, as it names says, support the touchscreen while the other can only be controlled using the volume and power buttons. I tried both, the one without touch is easy enough to handle and nice to avoid accidentally selecting an option, but in the end I still preferred the convenience of the touch version.

Anyway, in order to install ClockworkMod you’ll need to unlock the phone. The tool I used for this was FreeGee. It’s actually quite all automated, since it does all (unlock, download ClockwordMod and install it) in just a few guided clicks. However, it said I had unlock using the SBL method, which it says is risky (risky as in hard brick, no soft brick). Maybe make sure Shelnutt2 is on freenode irc #lg-optimus-g before proceeding if you’re scared and want to make sure some help is available. However, when I did my unlocking, I asked and was told that at the moment there had been no report of a hard brick on Optimus G. Again, the decision is yours to make.

Step 4.3: install CyanogenMod

Here is the final step, which is actually one of the easiest, and should in my opinion be the only. This is now as simple as installing a new OS on a PC, except if you also want to install Google Apps, in which case you’ll need to grab the proper zip package from http://goo.im/gapps, and flash it the same way as you flash CyanogenMod (not tested – my main motivation for installing CyanogenMod was to get rid of Google stuff).
– download any version of Cyanogenmod for the e975 (I think it’s better to just get the latest stable one in the first place, so if it screws up you know it’s not because of a broken nightly)
– place it in the sdcard folder (there’s no sdcard in the Optimus G, but there’s a folder named like this)
– boot on the recovery: we saw in part 1 how to do this, that might actually be the hardest thing to do in this step, since the key combinations can be hard to get right: maybe it’s easier to reboot via terminal by typing reboot recovery as root (su then reboot recovery)
– once you’ve rebooted into ClockworkMod, browse around to install CyanogenMod and also wipe the cache. If CyanogenMod crashes at startup, you might have to go back to recovery and also wipe the data.

Well, that’s “all”! You should now how have a great new ROM 🙂 Just a little tip for the road: in Android >=4.2, the developer mode is hidden by default. To allow it back into the settings menu, go to Settings => About phone and then tap multiple times on the Build number.

Posted in Cyanogenmod, LG Optimus G E975.

rev="post-3965" No comments

By patheticcockroach 2013-09-16

aToad #10: online DNS checkers

Just a few sites that let you very easily check on your DNS records:

whatsmydns.net: this one doesn’t give a lot of details (very few, actually, only the resolving IP of a specific domain or subdomain), but gives the results as seen from several (at the moment 20) locations all around the world. So this is great to see if your DNS record is properly propagated everywhere.

intoDNS.com and Pingability.com: on the contrary, those run from only one location (at least one at a time), but they perform a deep analysis of all your DNS record, check for inadequate settings, and offer advice to improve those, if needed. So this is great to diagnose a misconfigured DNS record, once you’ve made sure it propagated. Pingability even does some checking to make sure your e-mail server isn’t configured as an open relay.

Update (2016-09-16)

I had forgotten about this post, so when I did my latest migration last week I found a couple of new ones:

Zonemaster: kind of similar to intoDNS in my opinion, except that as far as I know it’s the only one in my list that will check both TCP and UDP on your DNS server. So it’s the only one that caught that my current DNS server is actually not reachable via TCP (maybe this explains why I couldn’t get AXFR requests to work on this one, while it worked fine with a seemingly identical configuration on my previous server). It also is the only one in my list that does test AXFR requests directly.

DNS Health @ Pingdom: just another one, which doesn’t give much details and keep its results in a cache you can’t empty, so you can’t repeat the test quickly to test your modifications. However, a noticeable thing about it is that you can use it to test an undelegated domain name.

Posted in A Tool A Day, web development.

rev="post-3963" 2 comments

By patheticcockroach 2013-09-12