Install nginix
sudo apt-get install nginx
Add the below line (in bold) to /etc/nginx/nginx.conf
user www-data;
master_process off;
worker_processes 4;
Comment out this line in /etc/nginx/sites-available/default
# listen [::]:80 default_server ipv6only=on;
$ sudo service nginx start
Test it out from the command line:
curl http://127.0.0.1
Should see HTML output for Welcome to nginx!
At command prompt, create the file:
root@lab-SRX% vi /var/db/scripts/op/sit.slax
Followversion 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
match / {
{
var $cmd =
Edit configuration to activate the script:
set system scripts op file sit.slax
Run the alias at CLI:
root@lab-SRX> op sit
<< output of show interfaces terse >>
See more Juniper automation at:
http://forums.juniper.net/jnet/attachments/jnet/Day1Books/6/7/This%20Week%20Applying%20Junos%20Automation_update.pdf
Luna loves to go to the beach, especially when it’s during low tide.
Now, I could go visit local websites daily for the low tides in my area, but…
Lucky for Luna, her daddy knows how to sling some computer coding, so… a script was developed to process daily tide predictions via data directly from NOAA and display only those that are in morning or early evening when it’s a good time to go for a walk on the beach.
Now, I get a daily email in my inbox with the low tide predictions for mornings/evenings of the next three days.
If interested, the python code is over at my github, and it uses lxml / xpath to process and filter the NOAA XML data.
Let’s Encrypt offers free HTTPS certificate for your website. The catch is that they are valid for only 90 days so the certificate has to be renewed four times a year.
The instructions here have made it painless to automatically renew the certificates via a cronjob.
However, if you want to manually check the certificates, here’s a nice shell script to give you a quick overview and shows how many days are left.
cert="/etc/letsencrypt/live/site.com/cert.pem"
echo " "
echo "############"
if openssl x509 -checkend 86400 -noout -in $cert
then
echo "The certificate $cert is good for at least another day!"
today=`date +%D`
expiredate=`openssl x509 -enddate -noout -in $cert | awk -F'=' '{print $2}'`
expdate="date +%D --date='$expiredate'"
ed=`eval $expdate`
daysleft=`echo $(($(($(date -u -d "$ed" "+%s") - $(date -u -d "$today" "+%s"))) / 86400))`
echo " Today's date: $today , expiring on: $ed , $daysleft days left to go."
else
echo "The certificate $cert has expired or will do so within 24 hours!"
echo "(or is invalid/not found)"
fi
echo "############"
echo " "
The output looks like this:
############
The certificate /etc/letsencrypt/live/site.com/cert.pem is good for at least another day!
Today's date: 03/08/16 , expiring on: 04/22/16 , 45 days left to go.
############
One of things that I do to simplify my job is to maintain a local webpage listing servers that I can SSH into. With Windows, I can register the sshs:// URI scheme to putty.exe Windows executable. Any links starting with sshs:// will be opened up automatically using Putty.
All the servers require public/private key to successfully complete the connection, so I create a custom session inside the Putty Configuration app, which sets the private key to use. For example, you can see the the one for ‘zappy’ session.
Create a Windows registry file: register_ssh_session_putty.reg
Copy and paste below registry entries.
Double-click on the reg file to insert into Windows Registry.
——————————————
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\sshs]
@="URL:SSHS Protocol"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\sshs\shell]
[HKEY_CLASSES_ROOT\sshs\shell\open]
[HKEY_CLASSES_ROOT\sshs\shell\open\command]
@="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -Command \"$uri = [System.Uri]'%1';&\"${env:ProgramFiles(x86)}\\PuTTY\\putty.exe\" -load $uri.UserInfo \""
In the local webpage that you maintain, use sshs:// links
To start the putty session named zappy
sshs://zappy@putty
Quick guide to setting up a Flask/Python web app at default root URL alongside phpMyAdmin running off \phpmyadmin
sudo apt-get install nginx
sudo apt-get install mysql-server
Be sure to install mysql server before installing phpmyadmin.
sudo apt-get install phpmyadmin
sudo apt-get install python-pip python-dev php5-fpm
sudo pip install virtualenv
mkdir -p /var/www/fk
Add your account to group www-data so can edit/create files inside /var/www
adduser jared www-data
This script will initialize permissions inside /var/www so there’s no issue editing/creating files.
mkdir -p ~/bin
edit ~/bin/fixweb.sh
#!/bin/sh sudo chown -R www-data:www-data /var/www sudo chgrp -R www-data /var/www sudo chmod -R g+rw /var/www find /var/www -type d -print0 | sudo xargs -0 chmod g+s
Make script executable and run it to set correct permissions for web directories
chmod u+x ~/bin/fixweb.sh
sudo ~/bin/fixweb.sh
with your account – login to www-data group
newgrp – www-data
edit /etc/php5/fpm/php.ini
cgi.fix_pathinfo=0
Confirm inside /etc/php5/fpm/pool.d/www.conf :
listen = /var/run/php5-fpm.sock
service php5-fpm restart
cd /var/www/fk
virtualenv venv
. venv/bin/activate
Now inside the virtual environment
pip install uwsgi
pip install Flask
deactivate
edit /var/www/fk/fk.py
from flask import Flask
app = Flask(__name__)
app.debug = True
@app.route('/')
def index():
return 'Flask Index Page'
@app.route('/hello')
def hello():
return 'Hello World from Flask'
if __name__ == "__main__":
app.run()
edit /var/www/fk/wsgi.py
from fk import app if __name__ == "__main__": app.run()
edit /var/www/fk/wsgi-fk.ini
[uwsgi] module = wsgi:application master = true processes = 5 socket = socket_fk.sock chmod-socket = 664 vacuum = true die-on-term = true
edit /etc/init/fk.conf
description "uWSGI instance to serve Flask webapp" start on runlevel [2345] stop on runlevel [!2345] setuid www-data setgid www-data script cd /var/www/fk . venv/bin/activate # uwsgi --ini flasktest.ini uwsgi -s socket_fk.sock --catch-exceptions --module fk --callable app # uwsgi --catch-exceptions --ini flasktest.ini end script
NGINX default config
edit /etc/nginx/sites-available/default
server {
listen 80 default_server;
root /usr/share/nginx/html;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / { try_files $uri @fk; }
location @fk {
include uwsgi_params;
uwsgi_pass unix:/var/www/fk/socket_fk.sock;
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
}
sudo stop fk ; sleep 1 ; sudo start fk
systemd script for Ubuntu 15.04
/etc/systemd/system/fk.service
[Unit] Description=uWSGI instance to serve fk After=network.target [Service] User=www-data Group=www-data WorkingDirectory=/var/www/fk Environment="PATH=/var/www/fk/venv/bin" #ExecStart=/var/www/fk/venv/bin/uwsgi --ini fk.ini ExecStart=/var/www/fk/venv/bin/uwsgi -s /var/www/fk/socket_fk.sock --catch-exceptions --module fk --callable app [Install] WantedBy=multi-user.target
sudo systemctl start fk
sudo systemctl enable fk
sudo systemctl stop nginx
sudo systemctl start nginx
For years, I’ve relied on Apache web server on my personal machine to continually hone my web programming chops and it doesn’t hurt to readily have a working server configuration for quick reference.
While Apache has performed brilliantly, it was time to switch and get more comfortable with NGINX. It is frequently chosen to reverse proxy and route HTTP traffic towards remote processes which actually ingest the web requests and process them.
In the real world, with reverse proxying, NGINX can manage many thousands of requests by offloading the dirty work to other servers to handle. In my small development setup with all the required processes running on the same machine, NGINX merely hands off the work onto these local services and it all stays on the same machine.
I like to have several resources at my disposal to muck around with. These include:
My desired configuration is pictured below:
The below lists all the steps to get a fully working NGINX reverse proxy to all these resources, located at their respective branch off the default web domain.
Most tutorials out there will tell you how to set up each of these resources but assumes that you want it to be seen at the default ‘/’ location which doesn’t work well when you want multiple stuff running at the same time. It makes more sense to split them off into their own branch off the default web location.
This was done on a vanilla Ubuntu system. I used the localhost server since this was limited to my machine for development reasons. Adjust as needed for a publicly accessible server with a fully qualified domain name.
Reverse proxy to phpmyadmin and default WordPress site
The goal here:
http://site.com/ → to wordpress http://site.com/phpmyadmin → to phpmyadmin
sudo apt-get install nginx
sudo service nginx start
sudo apt-get install phpmyadmin (ignore when asked for apache2 or lighttpd)
phpmyadmin installed in /usr/share/phpmyadmin
sudo apt-get install php5-fpm
sudo vi /etc/php5/fpm/php.ini and edit:
cgi.fix_pathinfo=0
sudo vi /etc/php5/fpm/pool.d/www.conf and edit:
listen = /var/run/php5-fpm.sock
sudo service php5-fpm restart
sudo vi /etc/nginx/sites-available/default
(This is not the final configuration but will get phpmyadmin working)
note that: /phpMyAdmin will be redirected to /phpmyadmin
server {
listen 80;
root /usr/share/nginx/html;
index index.php index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ /index.html;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}
}
service nginx reload
Reverse proxy to Default WordPress site
WordPress was already installed in /var/www/www.jaredlog.com so the steps for installation of WordPress won’t be covered here. Plenty of online tutorials out there to help you with this.
edit /etc/nginx/sites-available/default
root /var/www/www.jaredlog.com;
index index.php index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ /index.html;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
Reverse proxy to uWSGI python with unix socket
The goal here:
http://site.com/pythontest → to Python playground
With python stuff, we will make use of virtual environments to simplify the versioning of python and included packages.
sudo apt-get install python-dev python-pip
sudo pip install virtualenv
cd /var/www/pythontest
virtualenv pytontestenv
Activate the virtual environment
source pythontestenv/bin/activate
(deactivate later on after installation of packages).
pip install uwsgi
uwsgi –version
Setup a simple uWSGI app with unix socket for less overhead
(the Django w/Guincorn setup is mentioned later on)
edit /var/www/pythontest/wsgi.py
def application(environ, start_response):
start_response('200 OK', [('Content-Type', 'text/html')])
return ["<h1 style='color:blue'>Hello There, this is WSGI!</h1>"]
Test it
uwsgi –socket 0.0.0.0:8080 –protocol=http -w wsgi
Open web browser and visit http://localhost:8080
Can deactivate virtual environment now
deactivate
edit /var/www/pythontest/pythontest.ini
[uwsgi] module = wsgi:application master = true processes = 5 socket = pythontest.sock chmod-socket = 664 vacuum = true die-on-term = true
edit /etc/init/pythontest.conf
description "uWSGI instance to serve pythontest" start on runlevel [2345] stop on runlevel [!2345] setuid www-data setgid www-data script cd /var/www/pythontest . pythontestenv/bin/activate uwsgi -ini pythontest.ini end script
sudo stop pythontest ; sleep 2 ; sudo start pythontest
See it running:
ps wwwauxg | grep uwsgi
add to /etc/nginx/sites-available/default
location /pythontest {
include uwsgi_params;
uwsgi_pass unix:/var/www/pythontest/pythontest.sock;
}
sudo service nginx configtest
sudo stop pythontest ; sleep 2 ; sudo start pythontest
sudo service nginx restart
Django installation with Gunicorn, MySQL and unix socket
The goal here:
http://site.com/djangotest → to Django playground
Create MySQL database djangotest
sudo apt-get install libmysqlclient-dev
cd /var/www/djangotest
source djangotestenv/bin/activate
pip install MySQL-python
pip install django
pip install gunicorn
deactivate
django-admin.py startproject djangotest .
edit /var/www/pythontest/djangotest/djangotest/settings.py
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'OPTIONS': {
'read_default_file': '/var/www/pythontest/djangotest/my.cnf',
},
}
}
add to end of settings.py
STATIC_ROOT = os.path.join(BASE_DIR, "static/")
Create /var/www/pythontest/djangotest/my.cnf
[client] database = djangotest host = localhost user = dbuser password = yayouwish default-character-set = utf8
./manage.py makemigrations
./manage.py migrate
./manage.py createsuperuser
./manage.py collectstatic
edit urls.py:
urlpatterns = [ url(r’^djangotest/admin/’, include(admin.site.urls)), url(r’^djangotest/’, include(admin.site.urls)), ]
./manage.py runserver 0.0.0.0:8000
Open web browser to localhost:8000 to confirm.
localhost:8000/admin (log into django)
Gunicorn testing
source djangotestenv/bin/activate
gunicorn –bind 0.0.0.0:8000 djangotest.wsgi:application
confirm via web browser on port 8000
deactivate
/etc/init/djangotest.conf
description "Gunicorn instance to serve djangotest" start on runlevel [2345] stop on runlevel [!2345] setuid www-data setgid www-data script cd /var/www/djangotest . djangotestenv/bin/activate /var/www/djangotest/djangotestenv/bin/gunicorn –workers 3 –bind unix:/var/www/djangotest/djangotest.sock djangotest.wsgi:application end script
sudo stop djangotest ; sleep 2 ; sudo start djangotest
nginx configuration for django:
location /static/ {
root /var/www/djangotest;
}
location /djangotest {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/var/www/djangotest/djangotest.sock;
}
Reverse proxy to Go
The goal here:
http://site.com/gotest → to Golang playground
GVM makes it easier to develop with different versions of Go and packages your projects need. Visit: https://github.com/moovweb/gvm for more information
sudo apt-get install curl git mercurial make binutils bison gcc
bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer)
gvm listall
gvm install go1.4.2
gvm use go1.4.2 –default
gvm list
source ~/.gvm/scripts/gvm
cd ~
mkdir -p go/{bin,pkg,src}
Put in .bashrc or .bash_profile
export GOPATH=$HOME/go export GOBIN=$GOPATH/bin export PATH=$PATH:$GOPATH/bin
cd ~/go/src
mkdir hello
cd hello
vi hello.go
package main
import (
"fmt"
"net/http"
)
func main() {
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello there, Gopher")
})
http.ListenAndServe(":"3000″, nil)
}
go run hello.go
Open web browser to localhost:3000 and confirm you see the output.
sudo vi /etc/nginx/sites-enabled/default and add:
location /gotest {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3000;
}
Open web browser to localhost/gotest and you should see the same output
go install hello.go (installs hello binary in your ~/go/bin directory)
cp ~/go/bin/hello /var/www/gotest
edit /etc/init/gotest.conf
description "instance to serve gotest" start on runlevel [2345] stop on runlevel [!2345] setuid www-data setgid www-data script exec /var/www/gotest/hello end script
stop gotest ; sleep 2 ; start gotest
Reverse proxy to Flask with unix socket
The goal here:
http://site.com/flasktest → to Flask playground
mkdir /var/www/flasktest
cd /var/www/flasktest/
virtualenv flasktestenv
. flasktestenv/bin/activate
pip install Flask
pip install uwsgi
deactivate
vi flasktest.py
from flask import Flask
app = Flask(__name__)
app.debug = True
@app.route('/flasktest')
def index():
return 'Flask Index Page'
@app.route('/flasktest/hello')
def hello():
return 'Hello World from Flask'
edit /var/www/flasktest/wsgi.py
from flasktest import app if __name__ == "__main__": app.run()
. flasktestenv/bin/activate
uwsgi –socket 0.0.0.0:8000 –protocol=http -w wsgi
verify working by checking via web browser at http://localhost:8000/flasktest
deactivate
/var/www/flasktest/flasktest.ini
[uwsgi] module = wsgi master = true processes = 5 socket = flasktest.sock chmod-socket = 660 vacuum = true die-on-term = true
/etc/init/flasktest.conf
description "uWSGI instance to serve flasktest"
start on runlevel [2345]
stop on runlevel [!2345]
setuid www-data
setgid www-data
script
cd /var/www/flasktest
. flasktestenv/bin/activate
# uwsgi --ini flasktest.ini
uwsgi -s flasktest.sock --catch-exceptions --module flasktest --callable app
# uwsgi --catch-exceptions --ini flasktest.ini
end script
/etc/nginx/sites-available/default
location /flasktest {
include uwsgi_params;
uwsgi_pass unix:/var/www/flasktest/flasktest.sock;
}
stop flasktest ; sleep 2 ; start flasktest
service nginx restart
open web browser to http://localhost/flasktest
Finally, here’s the final NGINX configuration in all its glory:
If you have better ideas for the NGINX configuration than what is seen here, feel free to comment below!
On my Windows machine, I use Mobaxterm, which is a great environment based on Cygwin and gives me an UNIX-like alternative to Windows command window.
Git can be set up but needs some configuration first before it’ll work flawlessly.
http://mobaxterm.mobatek.net/plugins.html and get plugins for curl, openssl, git
Will likely see this error, when cloning a Git repo, and Git cannot find the CA certificate bundle required for secure access to Git.
Cloning into 'progtest'... fatal: unable to access 'https://github.com/jaredevans/progtest/': SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
To fix this, download & install the CA certificate bundle, then tell Git where to find it!
In Mobaxterm shell:
mkdir -p /etc/pki/tls/certs curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/ca-bundle.crt git config --system http.sslcainfo /etc/pki/tls/ca-bundle.crt git config -l
Cloning into 'progtest'... remote: Counting objects: 3, done. remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 Unpacking objects: 100% (3/3), done. Checking connectivity... done.
Note: commands with colorized output like:
git log
will output messed up escape characters (can’t correctly show the colors). To fix this:
git config --global core.pager moreMost tutorial examples (for reasons of simplicity) will include DHCP server configuration on the same router that’s connected to the multiple VLANs so that IP addresses can be provided to devices on the network.
For a more clean (and realistic) setup, the DHCP crud can be taken out of the core router and moved to a different router acting solely as a DHCP server for your network as seen below in the topology:
This simple topology has the standard R1 “Router-on-a-Stick” set up with two VLANs, one for PC1 and different one for PC3. There are many tutorials out there for the “ROAS” configuration so that step will not be covered here. RDHCP is a separate router acting as a DHCP server and will take care of all DHCP requests.
Realistic networks almost always run a separate DHCP server to provide IP addresses to devices on the network. Since a router can be set to act as a DHCP server, it’s ideal for a lab demonstrating the proof-of-concept of offloading DHCP service to another device / server.
In the topology, R1 (10.10.10.1) and RDHCP (10.10.10.10) are directly connected with each other.
When a DHCP request is broadcast by a device, it will bubble up to R1’s sub-interface for the VLAN and at which point, a DHCP relay agent can take over and forward the request to the offloaded DHCP server.
On R1,
include the line for DHCP relay agent on each of the sub-interfaces for the VLANs:
interface FastEthernet1/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip helper-address 10.10.10.10
!
interface FastEthernet1/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip helper-address 10.10.10.10
!
When DHCP packets are forwarded to RDHCP, the DHCP server will know which pool to use by checking the IP addresses of the sub-interface that sent the traffic.
If 192.168.10.1, then RDHCP knows to use the pool for VLAN 10, 192.168.20.1 for VLAN 20 pool.
RDHCP:
ip dhcp excluded-address 192.168.10.1 192.168.10.20
ip dhcp excluded-address 192.168.20.1 192.168.20.20ip dhcp pool TEN
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8
!
ip dhcp pool TWENTY
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 8.8.8.8
!
RDHCP also needs to know where to send back its DHCP responses so that the packets can make it all the way back to the devices. Set up two static routes, one for each VLAN to send back the traffic to R1. R1 can then route the packets onto the right VLAN:
RDHCP:
ip route 192.168.10.0 255.255.255.0 10.10.10.1
ip route 192.168.20.0 255.255.255.0 10.10.10.1
Test a VPCS PC and have it make a DHCP request. Note that it gets the first available IP address after the excluded range of the pool:
Verify the DHCP bindings on RDHCP to see a list of leased IP addresses that have been given out:
Quick n’ dirty way to run a HTTP sink (on a server that isn’t supposed to have a HTTP server running) to catch bots scanning all machines across your network.
Leave it up and running to quickly identify and process bot IP addresses that should be blocked. Modify port as needed for other services the bots are trying to find.
Note: I ignore local loopback and virtual networks. Your setup may be different.
watch -n 1 'ip addr | grep inet | grep -v inet6 | grep -v "127.0.0.1" | grep -v 192\.168\.76 | grep -v 172\.16\. | awk '\''{print $2}'\'''
To include in your bash shell start up:
alias watchip='watch -n 1 '"'"'ip addr | grep inet | grep -v inet6 | grep -v 127.0.0.1 | grep -v 192\\.168\\.76 | grep -v 172\\.16\\. | awk '"'"'\'"'"''"'"'{print $2}'"'"'\'"'"''"'"' '"'"' '
Gotta love all those escaping quotes?!?!
My wife surprised me with a cool gadget called Boogie Board Sync, which allows me to write down notes in a natural way and digitally save them to PDFs.
It pretty much works as advertised. You write down a single page worth of notes, then press ‘Save’ button to save it. You have a choice to transfer a copy of the notes as a PNG image or PDF document (my preference). Since Boogie Board records your writing as vectors, the final output is crystal clear when you print or view them on your computer or mobile device.
How sharp? Here’s a close up of my terrible handwriting as a vector-based PDF at 400% zoom:
I only have two gripes about the Boogie Board Sync:
There’s no choice but going the extra mile to get Boogie Board Sync to work the way I want it to by collecting multiple pages of notes into a single PDF and all pages are rotated 90 degrees clockwise so that I can view them without constantly turning my head to the left.
There are multiple websites that will merge/rotate your PDFs into a single PDF but I’m leery about these sites. Who knows what they will do with your PDFs once you upload them to get their “free” service? NO THANKS! I prefer to do it locally on my computer.
There are, indeed, a number of paid software one could buy to run some PDF magic. However, being a computer geek, I preferred to go the open-source (free) approach, if there was one.
Sejda is a console-based command-line utility that can take care of PDF magic for you.
While the installation says Sejda requires (*quelle horreur*) Java 1.5 or older, it works fine with Java 1.7.
Once you have a working installation of Sejda, it’s a snap to group together PDFs into a single PDF and then rotate them 90 degrees:
Rotate each PDF file 90 degrees clockwise:
mkdir ./rotated
sejda-console rotate –pageRotation all:90 -o ./rotated –files *.PDF
Merge multiple PDFs into a single PDF:
cd ./rotated
sejda-console merge -o ./merged.pdf –files *.pdf
Here’s the final merged PDF that’s correctly rotated for ease of viewing:
One of the annoyances about Samsung Android devices such as the Galaxy Tab 3 and Galaxy S3 or S4 is that when you open Chrome app, there is a bookmark folder called “Samsung Mobile” which opens by default.
This folder can be made to disappear if you disable the process that your phone provider is running to force this bookmark folder inside Chrome.
– Open the Android “Settings” app
– Scroll down to “Applications Manager”
– Scroll right to the list of “All” apps
– Scroll down and find the app you want to disable. In this case, “com.android.providers.partnerbookmarks”
– Select it, then tap disable.
When you restart Chrome, the “Samsung Mobile” folder should be gone and Chrome will default to the Mobile Bookmarks folder.
One of the useful things about using screen (a terminal multiplexer) console is that you are able to detach from the screen terminal while keeping your running session alive. At a later time (such as when you arrive home from work), you can reattach and resume the same running session and view any output while you were gone.
Sometimes I’m in this situation: I need to leave but I just started a long running process that I don’t want to restart but I didn’t initially start it from within a screen terminal. I want to avoid killing off the process and bring it over into a screen terminal so that it can continue to run uninterrupted. Enter reptyr which will allow you to attach a process to another terminal console.
[The following steps were done on Ubuntu 12.04]
Install reptyr
sudo apt-get install reptyr sudo vi /etc/sysctl.d/10-ptrace.conf
change this line:
kernel.yama.ptrace_scope = 0
Reboot for this sysctl value to take effect.
Now your system is ready to let you reattach running processes to a different teriminal.
Start a long running program, we’ll use ‘top’ for this example:
# top
Suspend the ‘top’ process
CTRL-Z
[1]+ Stopped top
List jobs
# jobs -l
[1]+ 2961 Stopped (signal) top
Resume job 1 in the background
# bg %1
Detach the process from terminal
# disown %1
bash: warning: deleting stopped job 1 with process group 2961
Start screen then reattach the process:
# screen
Find the process of the ‘top’ process and reattach it to screen terminal
# pgrep top
2961
# reptyr 2961
You are now running the ‘top’ process inside the screen terminal. You may proceed to detach from screen and go home and reattach to it at a later time.
[Above image is the famous Caesar Cipher]
One of the things that irked me about how Google handled the security of their HTTPS traffic was the lack of DHE ciphers. I banged out a post “Google and Amazon do not offer ciphers using Diffie-Hellman Ephemeral mode.“, way back in Oct 2010.
Tonight, out of the blue, I decided to see if anything had changed since then. While it is more than a year ago today but a year after my original blog post, Google finally took the initiative to encrypt their HTTPS traffic using DHE ciphers, as seen here at their Google Online Security Blog.
Google servers will still offer a range of possible ciphers for HTTPS traffic, the ECDHE-RSA-RC4-SHA cipher is now the preferred one, which is supported by all modern browsers. Less secure ciphers are still offered to many visitors who are running ancient browsers supporting only the older ciphers.
This is a great step forward for the security of Google HTTPS traffic: each session of your interactions with Google will be encrypted with a different key that exists only for a short time in memory and never written to persistent storage. If an attacker captures your HTTPS trafic and even a hijacked copy of Google server’s private key, the attacker is still missing one more piece, the ephemeral key that has long since disappeared.
Several decades down the road, if the attacker starts up a powerful (quantum?) computer for decryption attempts, a successful decryption would be limited to one HTTPS session. The attack would have to re-run for each one of the sessions. This will make it very difficult for the attacker to reconstruct what transpired between you and Google during this time.
While it’s better late than never, thank you Google for boosting the security of your traffic, which only gets more sensitive each year as more people become dependent on your services.