Changing Terminal preferences in Gnome 3

It turns out this was not that obvious, at least for me, how to change various profile preferences for Gnome Terminal under Gnome 3.

You can go and fetch the list of profiles this way:

~# dconf list /org/gnome/terminal/legacy/profiles:/
:b1dcc9dd-5262-4d8d-a863-c897e6d979b9/

And then you can use the profile id to list and change various settings:

~# dconf list /org/gnome/terminal/legacy/profiles:/:b1dcc9dd-5262-4d8d-a863-c897e6d979b9/
foreground-color
login-shell
palette
use-system-font
use-theme-colors
font
bold-color-same-as-fg
bold-color
background-color
audible-bell

~# dconf write /org/gnome/terminal/legacy/profiles:/:b1dcc9dd-5262-4d8d-a863-c897e6d979b9/font "'Inconsolata for Powerline Medium 18'"
~# dconf write /org/gnome/terminal/legacy/profiles:/:b1dcc9dd-5262-4d8d-a863-c897e6d979b9/login-shell true

flattr this!

PoC or GTFO

Hey – to all you curious folks –
the new issue of PoC or GTFO is well, out !
The best minds in infosec on exploits and more.
Lots of hardcore programming knowledge to obtain.
For your convenience, as it’s not that easy to get this on the webs,
I’ve took a liberty of uploading this here:
http://blog.cyplo.net/hosted/pocorgtfo00.pdf
http://blog.cyplo.net/hosted/pocorgtfo01.pdf
http://blog.cyplo.net/hosted/pocorgtfo02.pdf
http://blog.cyplo.net/hosted/pocorgtfo03.pdf

flattr this!

IMG_0942

Sunpowered server setup

Remember my NAS stuff ? It turned out great ! Very reliable storage, I had a disk failure once and haven’t noticed for some time because all the files were just there. Hardware enhanced virtualization is another great stuff. I ended up migrating  all my of infrastructure there, each service in separate virtual machine; email, calendar, contacts, tor node and such. Only caveat ? Power consumption. This setup just eats Watts. About 50W constant power usage is not something you want to have turned on 24h/day.

One such day I had a realization that this giant ball of plasma that is hanging out there might be of some use. One side of my balcony is to the south somewhat, gets lots of sunshine no matter whether it’s morning or evening. Why not exploit that ?

That’s how my first solarpowered server setup was born. Enjoy the photos !
Also please find upgrade options and general notes after the break !

Setup itself consists of:

  • 144W solar panel
  • 33Ah 12V battery
  • trusty old WRT54GL
  • Raspberry Pi model B
  • charging controller
  • 12V and 5V step up/step down converters. Don’t use linear converters, especially for the 5V rail. As these will give you the 5V by dissipating the difference from 12V directly onto their heatsinks, huge power loses.
  • around one hundred M3 hexhead screws with nuts and washers. yup.

The router acts as wireless bridge to my home WiFi network, there are no cables running from inside the house to the balcony. Router and raspi use about 8W total. It is winter in here now and  this seems to be holding nicely, panel being able to charge the battery for the night during relatively short day, even if the weather is bad. However, I want more computing power there and this setup does not seem to be very scalable. Another raspi model B means another 4W constant power usage. I estimate the whole thing will start loosing power during the night with about 15W constant consumption. Which is okay for stuff like email server, but not really for blog or other sites.
Hence my first idea for improvement: discard router and change for the separate raspis, model A, with wireless network cards each. Should be much better.

Some general notes:

  • Use equipment specifically designed for DC. You want to disconnect the solar panel or battery sometimes. To be able to to that without that fancy sparks show you need proper DC switch able to handle high currents. AC switches as any other equipment dragged from AC land are not really a choice. If you use AC mains switch to switch high current DC you might end up with nice weld in place of your switch. Same for fuses.
  • My ability to cut acrylic to line is nonexistent. Probably maybe use better tools ? Or even, since I now know how the box should be cut – just order pieces for box 2.0 cut to size already.
  • Same for my ability to make stuff look nice and clean
  • I like the look of bare PCBs inside of transparent box though
  • The box itself seems to be holding up nicely against below zero temperatures as well as rain.
  • Air flow is nice, nothing is heating up. Air enters from the bottom, heats up a bit and moves up. Goes through the holes on the left, into the funnel and exist on the right. Water does not enter as there is pretty steep slope there.
  • Watch for SD card corruption. Most often, the cause is having 5V not really being 5V. Raspi does not really like lower voltages. One preventive measure would be not to use some cheap voltage converters. Another is to mount SD card with very conservative options. I use
    /dev/mmcblk0p2  /               ext4    defaults,rw,data=journal,journal_checksum,discard  0 1
  • Make sure your electronic components are rated for -40C to +80C
  • I’m a bit worried of battery being in such proximity to the airco unit. We’ll see in the summer whether it needs relocation, for now the unit is completely powered off.
  • mountain climbing equipment comes in handy when hanging stuff from your balcony

Future improvements:

  • most pressing: get the power usage down by changing to model A + wifi card
  • add monitoring, something like ADC connected to raspi’s GPIO ports, gathering voltages all across. I would like to get readings on: solar panel voltage, battery voltage, 5V rail actual voltage and the whole system power usage at least
  • more safety fuses and bypass diodes

flattr this!

Compiling tarsnap on RaspberryPi

Just a quickie for tarsnap 1.0.35.
Featuring my new favourite, the download software called aria2.

aptitude install aria2 libssl-dev zlib1g-dev e2fslibs-dev
aria2c https://www.tarsnap.com/download/tarsnap-autoconf-1.0.35.tgz
aria2c https://www.tarsnap.com/download/tarsnap-sigs-1.0.35.asc
gpg --recv-key 2F102ABB
gpg --decrypt tarsnap-sigs-1.0.35.asc
sha256sum tarsnap-autoconf-1.0.35.tgz # should get the value from sig file, 6c9f67....9a
tar xf tarsnap-autoconf-1.0.35.tgz
cd tarsnap-autoconf-1.0.35/
./configure
time nice ionice make -j2

How do I know that -j2 really gives some advantage on raspi ? Well, here are the timings:

#fresh, j1
real    14m7.129s
user    6m30.790s
sys 0m21.640s

#-j2
real    11m33.868s
user    6m36.690s
sys 0m19.880s

#-j1 again, caches warmed up
real    12m38.598s
user    6m30.960s
sys 0m20.470s

#-j2 again
real    10m14.975s
user    6m34.980s
sys 0m20.710s

flattr this!

Meetings

Decisions

Most of the meetings come from the desire to have a decision made.
The problem is in most cases is that these are not decisions to be made now.
Software prototyping is cheap. We should just try to build a working solution and iterate around.

Let’s prototype. Get someone most annoyed by the problem and leave them to build it.
Of course, the clearer communication of what they are actually doing the better.
It should be something like ‘hey I’m gonna build this – okay’ or even ‘hey, I”ve build that, let’s see how it behaves’
Not like “we should now spend multiple meetings on discussing how this should be done’. Just make it work, instead of talking about it.

Documentation

There are people that like those meetings around decision making.
And those decisions, that should not be made now, of course, need proper documentation around to prove the point. And document the decision-making process.
Oh, and office software and document versions of course. That’s what everyone uses. What, you developers have text files and this git stuff ?!

The thing is if the need for some documentation for something comes from the team then the team will make it when needed. If not then probably not.

Sharing the knowledge

Other possible reasoning behind having a meeting can be that of some knowledge needs to be shared.
And that’s a noble cause. Just don’t make a meeting out of it. Make a lecture. A presentation.
No audience members interacting with each other.
Speaker talking and maybe sometimes allowing questions.

The knowledge sharing sessions are oftentimes a prelude to the decisionmaking meetings. See above.

Confirming your ideas

Sometimes however somebody just wants some confirmation on their idea, maybe before building a prototype.
Then, there is a good chance that they already know who they should ask.
No meeting then. Just ask the people you know you should ask.
1-on-1 interaction. Maybe somebody will overhear and start listening.
Notice that the social dynamic is very different from the meeting then, two people having a conversation and another one politely listening, maybe being invited to the conversation after some while.
Just look how it works in between talks on conferences. Very different from “everybody says everything” meetings.

The meetings that are left

Also, if for some cosmic reason you really need to have a meeting – make it opt-in.
Just the people who are interested coming. Set the timer. There is one I particularly like – a clock showing amount of money wasted so far by this meeting.

Post scriptum

37 signals on meetings: http://gettingreal.37signals.com/ch07_Meetings_Are_Toxic.php

These guys have the idea of every communication should be async and read when convenient, hence their emphasis on email.
That gets you to really think of your proposal and really describe it and stuff, which is sometimes good. To stop and think, RFC-style.
However, as mentioned above, imho most of the times it’s quicker to just write the software.

Possibly, also, I just like ‘hey, got a second?’ approach better.

flattr this!

WordPress and nonstandard ports and protocols

I needed to set up a WordPress installation where https is on nonstandard port and the admin interface lives in that land, while the site itself is using plain http.

As we are on this topic, I’ll be moving my blog to the hugely powerful engine of static sites. Yup. Write on my computer, generate, upload. No live code running on the server. More on that coming up.

But back to the point, here you are, the recipe. A note here, I don’t know if that’s the best solution, just a working one. Also I feel dirty after working with PHP.
In wp-config.php

if (!empty($_SERVER['HTTPS'])) {
	define('WP_SITEURL', 'https://example.com:12345');
	define('WP_HOME', 'https://example.com:12345');
}
else {
	define('WP_SITEURL', 'http://example.com');
	define('WP_HOME', 'http://example.com');
}

This allows the installation to properly see resources like images and css if accessed via nonstandard port. So if you don’t see image previews in the admin panel or your css is screwed up or you just don’t see new posts’ previewes – this might be it.

flattr this!

30C3 day 1

I’m writing this on the beginning of the day 2 of 30C3, as day 1 was so packed with action that I was not able to sit down and type, not even for a little while. First of all – Glen Greenwald. Yep. Glen Greenwald’s keynote was moving the crowd, making the audience interrupt him with rounds of applause every few minutes. Lots of mobile phone network exploitation talks along with general anti-buffer-overflow techniques. Tor guys talking about the interesting times we live in. Quite a day. Here are some photos, with no Congress people, except for me, in them, as the tradition goes.

flattr this!

Booting Gentoo with LUKS+LVM2+systemd

I’ve spent quite some time recently trying to get a laptop running Gentoo boot from an encrypted partition with LVM.
I thought that this might be useful for someone else, so here you are:

First things first: I’m assuming you’ve followed Gentoo handbook and are operating from within livecd’s shell.
You’ve done the regular luksFormat + lvm stuff and you’ve come up with a layout similar to this one:

dagrey ~ # lsblk
NAME                          SIZE TYPE  MOUNTPOINT
sda                           55.9G disk
└─sda1                        55.9G part
  └─crypthome (dm-3)          55.9G crypt /home
sdb                           29.8G disk
├─sdb1                       485.4M part  /boot
└─sdb2                        29.4G part
  └─root_sdb2-vg-root (dm-0)  29.3G crypt
    ├─vg-swap (dm-1)             8G lvm   [SWAP]
    └─vg-root (dm-2)          21.3G lvm   /

You need a kernel to boot this, a kernel that understands crypto stuff as well as lvm.

genkernel --symlink --save-config --no-mrproper --luks --lvm --udev --menuconfig all

If you’re using gentoo-sources you’d notice the fancy gentoo-specific menu on top.
Go there and check systemd. Apart from the usual stuff, please make sure to check stuff on this list, and also this one:

Device Drivers
 Multi-device support (RAID and LVM)
 [*] Multiple devices driver support (RAID and LVM)
 <*>  Device mapper support
 <*>  Crypt target support

Cryptographic API 
 <*>  SHA256 digest algorithm
 <*>  AES cipher algorithms

Your setup is so new that you need grub2.
Grub2 is very picky about its configuration. Take this one and avoid hours of reading:

dagrey ~ # cat /etc/default/grub

GRUB_DISTRIBUTOR="Gentoo"

GRUB_DEFAULT=0
GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=3

GRUB_PRELOAD_MODULES=lvm
GRUB_CRYPTODISK_ENABLE=y
GRUB_DEVICE=/dev/ram0

# Append parameters to the linux kernel command line
GRUB_CMDLINE_LINUX="real_init=/usr/bin/systemd quiet real_root=/dev/mapper/vg-root crypt_root=/dev/sdb2 dolvm acpi_backlight=vendor"

You’re using initrd to set everything up for the kernel, so you need real_root and real_init instead of regular ones. cryptdevice no longer works, use crypt_root
And dolvm is essential, without it only the first part will work, leaving you with open crypt container and kernel panic just afterwards.
Also notice GRUB_DEVICE, GRUB_CRYPTODISK_ENABLE and GRUB_PRELOAD_MODULES.

Make sure the first partition on the disk you’re installing grub onto is starting at 2048.
If it’s any earlier grub just won’t be able to fit its magic in there.
Finally, install grub

grub2-install --modules="configfile linux crypto search_fs_uuid luks lvm" --recheck /dev/sda
grub2-mkconfig -o /boot/grub/grub.cfg

That should be sufficient to boot the system and initialize root.
What about those other encrypted partitions like /home though ?

Well, init subsystem needs to initialize them,
OpenRC did such by reading /etc/fstab and then /etc/dmcrypt/dmcrypt.conf accordingly.
Systemd is a bit different here. You still need your /etc/fstab entries for it to know which partitions need to be initialized.
The place where you say how to map and decrypt crypto containers, however, is in /etc/crypttab.

dagrey ~ # cat /etc/fstab

/dev/sdb1              /boot     ext2    defaults    1 2
/dev/mapper/vg-root    /         ext4    defaults    0 1
/dev/mapper/vg-swap    none      swap    sw          0 0
/dev/mapper/crypthome  /home     ext4    defaults    0 2

dagrey ~ # cat /etc/crypttab
#crypthome /dev/sda1
crypthome /dev/sda1 /etc/conf.d/dmcrypt.key

The keyfile is available from then already decrypted root partition.
You can also skip the key and the you’ll get a password prompt, sometimes hidden somewhere in systemd messages. Hit enter to reveal it once more

flattr this!