XMPP (aka Jabber) in combination with OTR is a secure way to chat with others. There are some public servers available, but their popularity centralizes the infrastructure and leaves single points of failure. A recent example is Chaos Computer Club’s Jabber server (jabber.ccc.de) which was down for some days between Christmas and New Years 2014/2015, as a consequence of a DOS attack.
I’ve been setting up a Jabber server of my own on my Raspberry Pi. Here is how you can too:
I was lucky enough to seize a “Raspberry Pi Colocation“-slot for my Raspberry Pi.
To secure it further I just recently installed fail2ban.
The software basically detects login attempts and blocks the IP for some limited time in the future. This prevents a depletive password guessing for server logins.
I was interested in the password-guessers` country of origin. Now I can confirm, at least for my Raspberry Pi, that most attacks come from China.
1 2 3 4 5 6 7 8 9 | 110 CN 2 UA 2 RU 2 DE 1 VN 1 PE 1 KR 1 CZ 1 BD |
the quick and dirty command for this looks like this: (you need to have ‘whois’ installed)
1 2 3 4 | for i in `sudo cat /var/log/fail2ban.log | sed 's/.*[Bb]an \(.*\)/\1/' | sort | uniq | cut -d ' ' -f 1 | grep "\."`; do echo $i; whois $i | grep country\: |head -n 1 >> fail2ban_ctry.log ; done cat fail2ban_ctry.log fail2bancry2.log | sed 's/country: //g' |sort | uniq -c |sort -nr |
If you’re using transmission’s web interface to manage your torrent downloads, and you are doing this remotely (from outside your LAN), you might want to add some privacy.
As previously posted there are ways to use magnet links with transmission’s web interface. This webinterface works well when you are on your local network aka LAN and don’t have to fear prying eyes.
The moment you’re using the transdroid android app or your laptop in a coffee shop the commands and responses of your transmission daemon at home can be read by anyone.
Luckily the transdroid android app offers an SSL option. All you have to do is configure a proxy on your transmission daemon machine.
Here is how:
Install nginx (a lightweight http/https server):
1 | apt-get install nginx |
es ist lange her, dass ich zum pakete verfolgen geblogt habe. 
man bestellt etwas und erhält meist eine nummer die einem nicht recht nützen mag. die tracking nummer. das eintippen auf der seite des zustellers ist mühsam, die ständige kontrolle ob sich das päckchen auch bewegt noch mehr. zum glück gibt es eine android app die einem das leben leichter macht!
“parcels” oder “pakete” heisst diese und hilft ausständige zusendungen zu beobachten.
man kann trackingnummern von verschiedensten zustelldiensten verwenden. man kann sich benachrichtigen lassen, wenn sich beim status eines paketes etwas ändert und sogar definieren wann die app nichts von sich hören lassen soll, etwa wenn man schläft.
dringende installationsempfehlung! natürlich nur wenn man wissen will wo die packerln g’rade sind…
i recently set up my laptop with a new install of gentoo linux. i’ve been using gentoo for years, but not on my laptop recently.
since encryption was no issue back then i had to get myself up to speed with cryptsetup and initramfs, which you can build yourself in gentoo. there is an option via genkernel to do this automatically, but where is the fun in that?
my basic setup includes two partitions. sda1 is boot, sda2 contains a crypt device, which contains the root partition and the user’s home partition in a lvm container.
this post is about cryptsetup and the method i use to swap the password for the container on every bootup with a cycling challenge response provided by the yubikey. let’s get to it!
note: if you are using ubuntu you might want to try the solution of the previous post. the approach discussed here was needed for a gentoo system, which comes with xdg-open part of xdg-utils.
the setup is as follows:
we have a remote server that runs transmission. the desktop system runs gnome.
the use case: we click a magnet link on the desktop system and the torrents starts downloading on the remote transmission server.
first we need to make a default application that we can hand our magnet link to:
we use the script we know from my previous post:
#!/bin/bash
test -z $1 && echo "need magnet link!
$0 <magnet link>" && exit -1
HOST=127.0.0.1 #YourRemoteHostNameOrIP
PORT=9091 #YourPort(default is 9091)
USER=User
PASS=pass
LINK="$1"
# set true if you want every torrent to be paused initially
#PAUSED="true"
PAUSED="false"
SESSID=$(curl --silent --anyauth --user $USER:$PASS "http://$HOST:$PORT/transmission/rpc" | sed 's/.*<code>//g;s/<\/code>.*//g')
curl --silent --anyauth --user $USER:$PASS --header "$SESSID" "http://$HOST:$PORT/transmission/rpc" -d "{\"method\":\"torrent-add\",\"arguments\":{\"paused\":${PAUSED},\"filename\":\"${LINK}\"}}"
put this script where you like, we will refer here to /home/user/Scripts/magnetLinkTransfer.sh, make it executable, and configure it according to your transmission setup on your remote machine. you might also need to install ‘curl’, which is used by this script.
second we need to define this new ‘application’ in /usr/share/applications/:
add the file “magnet.desktop” in the folder /usr/share/applications/ with the following content:
[Desktop Entry] Name=Magnet Type=Application Comment=Open a magnet link remotly with the help of a script Exec=/home/user/Scripts/magnetLinkTransfer.sh %U Categories=Network;WebBrowser; MimeType=x-scheme-handler/magnet;
lastly we need to add our new ‘application’ in “.local/share/applications/mimeapps.list”. add ‘x-scheme-handler/magnet=magnet.desktop’ to the default applications in that file, like this:
[Default Applications] # there might be more other default applications defined, leave them unchanged. x-scheme-handler/magnet=magnet.desktop
that should be it! now when you click a link in your browser it should either work, or ask you if it is ok to start “xdg-open magnet:…”, as seen in the picture. you may set the check box to avoid future confirmations.
To get the same comfort for your android device (phone or tablet), you need an app. i’m using transdroid, which currently is NOT available in the google play store (former android market). get the latest transdroid apk here. 