HOWTO setup your very own Jabber server…

XMPP (aka Jabber) in combination with OTR is a secure way to chat with others. There are some public servers available, but their popularity centralizes the infrastructure and leaves single points of failure. A recent example is Chaos Computer Club’s Jabber server (jabber.ccc.de) which was down for some days between Christmas and New Years 2014/2015, as a consequence of a DOS attack.

I’ve been setting up a Jabber server of my own on my Raspberry Pi. Here is how you can too:
Continue reading “HOWTO setup your very own Jabber server…”

Flattr this!

Fail2ban country statistics…

I was lucky enough to seize a “Raspberry Pi Colocation“-slot for my Raspberry Pi.

To secure it further I just recently installed fail2ban.
The software basically detects login attempts and blocks the IP for some limited time in the future. This prevents a depletive password guessing for server logins.

I was interested in the password-guessers` country of origin. Now I can confirm, at least for my Raspberry Pi, that most attacks come from China.
110 CN
2 UA
2 RU
2 DE
1 VN
1 PE
1 KR
1 CZ
1 BD

the quick and dirty command for this looks like this: (you need to have ‘whois’ installed)

for i in `sudo cat /var/log/fail2ban.log | sed 's/.*[Bb]an \(.*\)/\1/' | sort | uniq | cut -d ' ' -f 1 | grep "\."`; do
echo $i; whois $i | grep country\: |head -n 1 >> fail2ban_ctry.log ;
done
cat fail2ban_ctry.log fail2bancry2.log | sed 's/country: //g' |sort | uniq -c |sort -nr

Flattr this!

Adding SSL to transmission’s web interface…

If you’re using transmission’s web interface to manage your torrent downloads, and you are doing this remotely (from outside your LAN), you might want to add some privacy.

As previously posted there are ways to use magnet links with transmission’s web interface. This webinterface works well when you are on your local network aka LAN and don’t have to fear prying eyes.
The moment you’re using the transdroid android app or your laptop in a coffee shop the commands and responses of your transmission daemon at home can be read by anyone.

Luckily the transdroid android app offers an SSL option. All you have to do is configure a proxy on your transmission daemon machine.

Here is how:
Install nginx (a lightweight http/https server):
apt-get install nginx
Continue reading “Adding SSL to transmission’s web interface…”

Flattr this!

pakete verfolgen…

es ist lange her, dass ich zum pakete verfolgen geblogt habe.

Parcels oder Pakete heisst die App die einem das Leben mit den Trackingnummern erleichtert.

man bestellt etwas und erhält meist eine nummer die einem nicht recht nützen mag. die tracking nummer. das eintippen auf der seite des zustellers ist mühsam, die ständige kontrolle ob sich das päckchen auch bewegt noch mehr. zum glück gibt es eine android app die einem das leben leichter macht!
parcels” oder “pakete” heisst diese und hilft ausständige zusendungen zu beobachten.

man kann trackingnummern von verschiedensten zustelldiensten verwenden. man kann sich benachrichtigen lassen, wenn sich beim status eines paketes etwas ändert und sogar definieren wann die app nichts von sich hören lassen soll, etwa wenn man schläft.

dringende installationsempfehlung! natürlich nur wenn man wissen will wo die packerln g’rade sind…

Flattr this!

cryptsetup and the yubikey…

i recently set up my laptop with a new install of gentoo linux. i’ve been using gentoo for years, but not on my laptop recently.

since encryption was no issue back then i had to get myself up to speed with cryptsetup and initramfs, which you can build yourself in gentoo. there is an option via genkernel to do this automatically, but where is the fun in that?

my basic setup includes two partitions. sda1 is boot, sda2 contains a crypt device, which contains the root partition and the user’s home partition in a lvm container.

this post is about cryptsetup and the method i use to swap the password for the container on every bootup with a cycling challenge response provided by the yubikey. let’s get to it! Continue reading “cryptsetup and the yubikey…”

Flattr this!

Opening magnet links with xdg-open on a remote transmission daemon…

chromium asks for permission to open a magnet link
i posted a how to on a similar solution about one and a half years ago. this time we configure xdg-open to do the same.

note: if you are using ubuntu you might want to try the solution of the previous post. the approach discussed here was needed for a gentoo system, which comes with xdg-open part of xdg-utils.

the setup is as follows:
we have a remote server that runs transmission. the desktop system runs gnome.

the use case: we click a magnet link on the desktop system and the torrents starts downloading on the remote transmission server.

first we need to make a default application that we can hand our magnet link to:
we use the script we know from my previous post:

#!/bin/bash
test -z $1 && echo "need magnet link!
$0 <magnet link>" && exit -1

HOST=127.0.0.1 #YourRemoteHostNameOrIP
PORT=9091 #YourPort(default is 9091)
USER=User
PASS=pass

LINK="$1"
# set true if you want every torrent to be paused initially
#PAUSED="true"
PAUSED="false"
SESSID=$(curl --silent --anyauth --user $USER:$PASS "http://$HOST:$PORT/transmission/rpc" | sed 's/.*<code>//g;s/<\/code>.*//g')
curl --silent --anyauth --user $USER:$PASS --header "$SESSID" "http://$HOST:$PORT/transmission/rpc" -d "{\"method\":\"torrent-add\",\"arguments\":{\"paused\":${PAUSED},\"filename\":\"${LINK}\"}}"

put this script where you like, we will refer here to /home/user/Scripts/magnetLinkTransfer.sh, make it executable, and configure it according to your transmission setup on your remote machine. you might also need to install ‘curl’, which is used by this script.

second we need to define this new ‘application’ in /usr/share/applications/:
add the file “magnet.desktop” in the folder /usr/share/applications/ with the following content:

[Desktop Entry]
Name=Magnet
Type=Application
Comment=Open a magnet link remotly with the help of a script
Exec=/home/user/Scripts/magnetLinkTransfer.sh %U
Categories=Network;WebBrowser;
MimeType=x-scheme-handler/magnet;

lastly we need to add our new ‘application’ in “.local/share/applications/mimeapps.list”. add ‘x-scheme-handler/magnet=magnet.desktop’ to the default applications in that file, like this:

[Default Applications]
# there might be more other default applications defined, leave them unchanged.
x-scheme-handler/magnet=magnet.desktop

that should be it! now when you click a link in your browser it should either work, or ask you if it is ok to start “xdg-open magnet:…”, as seen in the picture. you may set the check box to avoid future confirmations.

Flattr this!

Integrating android devices into the torrent landscape…

Transdroid Screenshot on ICS (Android 4.0)
i’m using bittorrent for downloading. more precisely the transmission daemon on my home server for the heavy lifting (downloading torrents). to administer the downloads the web frontend is perfect. in the background runs the transmission daemon which handles the torrents and accepts requests of all sorts of clients. you can even pass magnet links you clicked, from your desktop to the remote daemon with a little hacking.

To get the same comfort for your android device (phone or tablet), you need an app. i’m using transdroid, which currently is NOT available in the google play store (former android market). get the latest transdroid apk here.

Transdroid download link
Before you install transdroid you might want to read a little about the app on the transdroid website. Further you need to allow apps from ‘unknown sources’ in your android settings. Download the app via the link above or the QR-code (get a qr-code reader here).

Continue reading “Integrating android devices into the torrent landscape…”

Flattr this!