Privacy/Security
Linux(Mint)
dns:
dnscrypt
init.d script
apt-get install sysv-rc-conf
sysv-rc-conf dnsycrypt-proxy on
apt-get install unbound
/etc/unbound/unbound.conf:
forward-zone:
name: "."
forward-addr: 127.0.1.1@53
airplane init.d # cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
# OpenDNS Fallback (configured by Linux Mint in /etc/resolvconf/resolv.conf.d/tail).
nameserver 208.67.222.222
nameserver 208.67.220.220
disable dnsmasq (not caching):
airplane init.d # cat /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
#dns=dnsmasq
disabled dnssec in unbound:
# DNSSEC validation using the root trust anchor.
# auto-trust-anchor-file: "/var/lib/unbound/root.key"
mail:
thunderbird/openpgp
http://www.mailvelope.com/
tor:
tor-browser
non-exit relay:
bandwidth limit
secure-delete:
sudo apt-get install secure-delete
srm
password management:
passwordmaker
TODO:
filesystem encryption
#############
android:
apg
#############
firefox:
ghostery
adblock plus (disable reasonable ads)
Thursday, August 22, 2013
linux mint 15 (cinnamon) on chromebook pixel
linux mint 15 (cinnamon) on chromebook pixel
(Sorry for the info dump, hopefully will fix soon)
setup mint 15 on chromebook
http://www.reddit.com/r/chromeos/comments/1eqsjp/tutorial_how_to_install_any_linux_distro_on_the/
http://www.webupd8.org/2011/12/how-to-enable-mac-os-x-like-natural.html
date/time in panel:
http://www.foragoodstrftime.com/
sudo apt-get install gnome-tweak-tool
sudo sh ./install_firmware_from_alsa_project.sh
sudo add-apt-repository ppa:zedtux/naturalscrolling
sudo apt-get update
sudo apt-get install naturalscrolling
enable for trackpad, usb mouse
enable start on login
firefox:
default full zoom
ghostery
adblock plus
trackpad:
disable left tap
enable two finder scroll
small amount of acceleration
windows tiling management:
gTile extension:
http://cinnamon-spices.linuxmint.com/extensions/view/21
https://github.com/shuairan/gTile/commit/3277b72e84407bc70df0dce95e96a7e283587481
screen:
add brightness applet to panel
keyboard shorcuts:
sudo apt-get install xbacklight
/usr/bin/xbacklight -dec 10
-inc 10
suspend fix:
http://blog.brocktice.com/2013/03/09/running-debian-wheezy-7-0-on-the-chromebook-pixel/
/etc/modules:
tpm_tis force=1 interrupts=0
touchpad:
disable right lower corner as right click:
/usr/share/X11/xorg.conf.d/50-synaptics.conf
31 ##Section "InputClass"
32 ## Identifier "Default clickpad buttons"
33 ## MatchDriver "synaptics"
34 ## Option "SoftButtonAreas" "50% 0 82% 0 0 0 0 0"
35 ##EndSection
cursor:
sudo apt-get install oxygen-cursor-theme
settings...theme..other settings..mouse pointer: oxy-white
power:
powertop
arrow over to Tunables
hit enter on each 'bad', turn it to 'good'
esc to exit
change whether plugged in/not
http://askubuntu.com/questions/112705/how-do-i-make-powertop-changes-permanent
add output of "sudo powertop --csv=powertop.csv" to battery /etc/pm/power.d/power
disable bluetooth by default:
Run gksu gedit /etc/rc.local and add this before line with exit 0:
rfkill block bluetooth
#####################
Cinnamon desktop optimizations:
windows management:
x-tile
keyboard launcher:
kupfer
themes:
window borders: HighContrast
check "show icons on buttons"
cursor:
fix comixcursors
apt-get install comixcursors
get .tar.bz2
extract to:
/etc/X11/cursors/
/usr/share/icons/
reload cinamon alt-f2 "r"
tar xjf ComixCursors-0.7.3.tar.bz2
(Sorry for the info dump, hopefully will fix soon)
setup mint 15 on chromebook
http://www.reddit.com/r/chromeos/comments/1eqsjp/tutorial_how_to_install_any_linux_distro_on_the/
http://www.webupd8.org/2011/12/how-to-enable-mac-os-x-like-natural.html
date/time in panel:
http://www.foragoodstrftime.com/
sudo apt-get install gnome-tweak-tool
sudo sh ./install_firmware_from_alsa_project.sh
sudo add-apt-repository ppa:zedtux/naturalscrolling
sudo apt-get update
sudo apt-get install naturalscrolling
enable for trackpad, usb mouse
enable start on login
firefox:
default full zoom
ghostery
adblock plus
trackpad:
disable left tap
enable two finder scroll
small amount of acceleration
windows tiling management:
gTile extension:
http://cinnamon-spices.linuxmint.com/extensions/view/21
https://github.com/shuairan/gTile/commit/3277b72e84407bc70df0dce95e96a7e283587481
screen:
add brightness applet to panel
keyboard shorcuts:
sudo apt-get install xbacklight
/usr/bin/xbacklight -dec 10
-inc 10
suspend fix:
http://blog.brocktice.com/2013/03/09/running-debian-wheezy-7-0-on-the-chromebook-pixel/
/etc/modules:
tpm_tis force=1 interrupts=0
touchpad:
disable right lower corner as right click:
/usr/share/X11/xorg.conf.d/50-synaptics.conf
31 ##Section "InputClass"
32 ## Identifier "Default clickpad buttons"
33 ## MatchDriver "synaptics"
34 ## Option "SoftButtonAreas" "50% 0 82% 0 0 0 0 0"
35 ##EndSection
cursor:
sudo apt-get install oxygen-cursor-theme
settings...theme..other settings..mouse pointer: oxy-white
power:
powertop
arrow over to Tunables
hit enter on each 'bad', turn it to 'good'
esc to exit
change whether plugged in/not
http://askubuntu.com/questions/112705/how-do-i-make-powertop-changes-permanent
add output of "sudo powertop --csv=powertop.csv" to battery /etc/pm/power.d/power
disable bluetooth by default:
Run gksu gedit /etc/rc.local and add this before line with exit 0:
rfkill block bluetooth
#####################
Cinnamon desktop optimizations:
windows management:
x-tile
keyboard launcher:
kupfer
themes:
window borders: HighContrast
check "show icons on buttons"
cursor:
fix comixcursors
apt-get install comixcursors
get .tar.bz2
extract to:
/etc/X11/cursors/
/usr/share/icons/
reload cinamon alt-f2 "r"
tar xjf ComixCursors-0.7.3.tar.bz2
Wednesday, June 5, 2013
monkeyrunner hanging on input/raw_input on Mac OS X: RESOLVED
I found recently that my monkeyrunner scripts started failing after updating the Android SDK Tools to version 22.0.1. This is a known bug in the jython version shipped with it. Luckily it's easily fixed by replacing one .jar file.
http://www.jython.org/latest.html:
Jython 2.5.4rc1 Release Notes
Bugs Fixed:
[ 1972 ] jython 2.5.3 sys.stdin.readline() hangs when jython launched as subprocess on Mac OS X
1) Download latest jython 2.5.4rc1:http://search.maven.org/remotecontent?filepath=org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar
2) Copy into ${ANDROID_ROOT}/sdk/tools/lib/
3) move or delete the existing jython-standalone-2.5.3.jar
That's it! monkeyrunner now process raw_input() and input() correctly.
Sunday, February 10, 2013
Move over Yahoo Notepad, welcome Github Gist
Github's gist are a pretty good match for a lot of stuff I do; simple one file scripts, not big projects.
I've been putting up a few scripts I've embedded in this blog, and I'm looking through old files for more. I even have some stuff in an old Yahoo Notepad. Yea, Yahoo Notepad. It was/is a simple way to store text files in folders. No support for sharing, and you had to cut and paste into a form to 'upload' them. There doesn't seem to be any links in YMail to that system anymore, so you have to go directly to notepad.yahoo.com; but it still works. I've had a Yahoo account since they first offered them back in 1997. Unfortunately, during the early times they had pretty restrictive mailbox size limits (I think it started at 5MB), so I had to delete a bunch of stuff back then. The earliest mail I still have is dated September 5, 2003.
It's terribly thing relegating some of this stuff to Notepad; I had embedded version numbers in the scripts themselves. Not quite as reliable as Git, I must say.
My Gists:
https://gist.github.com/dgulino
I've been putting up a few scripts I've embedded in this blog, and I'm looking through old files for more. I even have some stuff in an old Yahoo Notepad. Yea, Yahoo Notepad. It was/is a simple way to store text files in folders. No support for sharing, and you had to cut and paste into a form to 'upload' them. There doesn't seem to be any links in YMail to that system anymore, so you have to go directly to notepad.yahoo.com; but it still works. I've had a Yahoo account since they first offered them back in 1997. Unfortunately, during the early times they had pretty restrictive mailbox size limits (I think it started at 5MB), so I had to delete a bunch of stuff back then. The earliest mail I still have is dated September 5, 2003.
It's terribly thing relegating some of this stuff to Notepad; I had embedded version numbers in the scripts themselves. Not quite as reliable as Git, I must say.
My Gists:
https://gist.github.com/dgulino
Wednesday, February 6, 2013
OSX SSH Terminal Console Coloring, Redux 2.0
Something about my previous take on this breaks autocompletion in OSX in a weird way: After I finish my first SSH session, tab completion no longer autocompletes. It does provide suggestions as a list, but will not complete the line I'm typing.
I've tried all kinds of things to get this to work, and here's my latest take: simply create a bash script and create an ssh alias to it.
/Users/USERNAME/ash.sh:
#!/bin/bash
ARGS="$@"
A="${ARGS}"
IFS=" "
set -- "$ARGS"
ARGSARRAY=( $@ )
FQDN="${ARGSARRAY[0]}"
IFS="."
set -- "${FQDN}"
FQDNARRAY=( $@ )
HOST="${FQDNARRAY[0]}"
DOMAIN="${FQDNARRAY[1]}.${FQDNARRAY[2]}"
IFS="-"
set -- "${HOST}"
MYARRAY=( $@ )
SERVERTYPE="${MYARRAY[0]}"
ENVNAME="${MYARRAY[1]}"
if [ "${ENVNAME}" = "pro" ]; then
if [ "${serverType}" = "p19" ]; then
PROFILE="Basic Green"
else
PROFILE="Basic Black"
fi
elif [ "${ENVNAME}" = "qa" ]; then
PROFILE="Basic Grey"
elif [ "${ENVNAME}" = "stage" ]; then
PROFILE="Man Page"
elif [ "${ENVNAME}" = "shadow" ]; then
PROFILE="Basic Blue"
elif [ "${DOMAIN}" = "test.info" ];then
PROFILE="Basic Grey"
elif [ "${DOMAIN}" = "test.net" ];then
PROFILE="Basic Black"
else
PROFILE="Basic"
fi
echo "tell app \"Terminal\" to set current settings of \
first window to settings set \"${PROFILE}\"" | osascript
/opt/local/bin/ssh "${A}"
echo "tell app \"Terminal\" to set current settings of \
first window to settings set \"Basic\"" | osascript
alias ssh='/Users/USERNAME/ash.sh'
This isn't perfect; it doesn't color my csshX sessions, and seems to mess up scp file autocompletion (you use that?). But it's reliable, you don't have to remember anything but 'ssh', and you can use other ssh parameters, as long as the hostname is the first argument.
Wednesday, January 30, 2013
'yum update' that excludes Puppet managed files
I have many machines that I manage with Puppet. If you have more than one machine, you need to use a tool like it.
It does a great job of managing the configuration of packages that we use directly or are direct dependencies. But we do not put every package that is installed on a box in Puppet; I don't think anyone does this. On our boxes we have around 500 packages installed.
I imagine some environment would have the time to review each rpm to ensure it was compatible, and then change it's version in Puppet, ensuring that no dependencies for that package have changed.
A much more realistic approach is to just update a test machine to the latest, and then test out your application, only reviewing the changes for the packages that are direct dependencies.
Even better would be to have yum update all packages except the packages you have specified in Puppet. You want all the basic upgrades, like a kernel update, without changing that version of ruby you have been using.
How to do this?
First, run puppet a puppet no operation test, to update the local catalog:
Then build up a list of packages that are controlled by Puppet, and exclude them from a 'yum update' command:
Found the data when I checked out puppet-ls
How to do this?
First, run puppet a puppet no operation test, to update the local catalog:
/usr/bin/puppet agent --onetime --ignorecache --server ${puppet_master} \
--no-daemonize --verbose --detailed-exitcodes \
--logdest /var/log/puppet/puppet.log --noop --test
Then build up a list of packages that are controlled by Puppet, and exclude them from a 'yum update' command:
packages=$(grep "reference:\ \"Package" /var/lib/puppet/client_yaml/catalog/*.yaml \
| awk -F"[" '{print $2}' \
| awk -F"]" '{print $1}')
exclude=$(for package in ${packages};do echo -n " -x ${package}";done);
yum update ${exclude}
Found the data when I checked out puppet-ls
Friday, January 25, 2013
OSX SSH Terminal Console Coloring, Redux
UPDATE: http://technicalmusings.blogspot.com/2013/02/something-about-my-previous-take-on.html
I've come up with a much better, simpler recipe to color my OSX Terminal session depending on the host I'm ssh-ing into. First, take a function with some cool BASH-only splitting and arrays and add that I found a way to address the current session in Applescript. Then add a one line way to enable bash ssh auto-complete when using the function. Ensure you pass all args to SSH so you can tunnel, etc. Finish with another line to switch the colors back to some default when you disconnect. Add this to your .profile, and voila!
This function assumes a certain host naming scheme, and that you have a Terminal profile for each environment. I just copied 'Basic', and changed the background colors. If you can't parse your server names, you need a better naming scheme ;)
gist: https://gist.github.com/4638756
One limitation currently, is that the hostname must be the first argument.
Another slight disadvantage is that you have to type something other than 'ssh'. You could rename the ssh binary to something else, and then name the function 'ssh'. Don't just name the function 'ssh' w/out renaming the binary (try it and find out why!)
Ideas taken from everywhere, including: https://raw.github.com/c3w/ash/master/ash
This function assumes a certain host naming scheme, and that you have a Terminal profile for each environment. I just copied 'Basic', and changed the background colors. If you can't parse your server names, you need a better naming scheme ;)
ash() {
ARGS="$@"
IFS=" "
set -- $ARGS
ARGSARRAY=( $@ )
HOST=${ARGSARRAY[0]}
IFS="-"
set -- ${HOST}
MYARRAY=( $@ )
SERVERTYPE=${MYARRAY[0]}
ENVNAME=${MYARRAY[1]}
if [ "${ENVNAME}" = "pro" ]; then
if [ "${serverType}" = "p19" ]; then
PROFILE="Basic Green"
else
PROFILE="Basic Black"
fi
elif [ "${ENVNAME}" = "qa" ]; then
PROFILE="Basic Grey"
elif [ "${ENVNAME}" = "stage" ]; then
PROFILE="Man Page"
elif [ "${ENVNAME}" = "shadow" ]; then
PROFILE="Basic Blue"
else
PROFILE="Basic"
fi
echo "tell app \"Terminal\" to set current settings of first window to settings set \"${PROFILE}\"" | osascript
ssh "${ARGS}"
echo "tell app \"Terminal\" to set current settings of first window to settings set \"Basic\"" | osascript
}
complete -o default -o nospace -F _ssh ash $ ash test-pro-wxy01.test.com gist: https://gist.github.com/4638756
One limitation currently, is that the hostname must be the first argument.
Another slight disadvantage is that you have to type something other than 'ssh'. You could rename the ssh binary to something else, and then name the function 'ssh'. Don't just name the function 'ssh' w/out renaming the binary (try it and find out why!)
Ideas taken from everywhere, including: https://raw.github.com/c3w/ash/master/ash
Subscribe to:
Posts (Atom)