Cyanogenmod, Bluetooth and a Sphero

2015-03-03 22:49:12 PST

Tags: , ,

I bought a Sphero unboxed it and was disappointed. Not in the Sphero but in Cyanogenmod on my phone, which sadly was using the latest Installer/stable version which was last updated in August 2014 and had bluetooth connectivity issues. I could pair with the Sphero, but connections dropped quite quickly and often (like never up to a minute)

Apparently this is a know but not high priority issue and has been resolved but no stable release currently forthcoming. So I downloaded the latest nightly build (20140302), followed the instructions from the wiki on flashing (sadly because the installer versions are incompatible with the nightlies I couldn’t just “upgrade” but had to wipe and install) and volia, Bluetooth and the Sphero were working great. Then an hour of signing into all my apps again and everything is good. (Seriously though, if you are going to blow away your phone? Make a ton of notes, go through your apps, because all your authenticators will need a restore plan at minimum. I filled a page with notes in preparation)

StrongSwan VPN (and ufw)

2015-01-26 17:29:54 PST

Tags: , , , , ,

I make ample use of SSH tunnels. They are easy which is the primary reason. But sometimes you need something a little more powerful, like for a phone so all your traffic can’t be snooped out of the air around you, or so that all your traffic not just SOCKS proxy aware apps can be sent over it. For that reason I decided to delve into VPN software over the weekend. After a pretty rushed survey I ended up going with StrongSwan. OpenVPN brings back nothing but memories of complexity and OpenSwan seemed a bit abandoned so I had to pick one of its decendands and StrongSwan seemed a bit more popular than LibreSwan. Unscientific and rushed, like I said.

So there are several scripts floating around that will just auto set it up for you, but where’s the fun (and understanding allowing tweeking) in that. So I found two guides and smashed them together to give me what I wanted:

strongSwan 5: How to create your own private VPN is the much more comprehensive one, but also set up a cert style login system. I wanted passwords initially.

strongSwan 5 based IPSec VPN, Ubuntu 14.04 LTS and PSK/XAUTH has a few more details on a password based setup.

Additional notes: I pretty much ended up doing the first one stright through except creating client certs. Also the XAUTH / IKE1 setup of the password tutorial seems incompatible with the Android StrongSwan client, so I used EAP / IKE2, pretty much straight out of the first one. Also seems like you still need to install the CA cert and vpnHost cert on the phone unless I was missing something.

Also, as an aside, and a curve ball to make things more dificult, this was done one a new server I am playing with. Even since I’d played with OpenBSD’s pf, I’ve been ruined for iptables. It’s just not as nice. So I’d been hearing about ufw from the Ubuntu community from a while and was curious if it was nicer and better. I figured after several years maybe it was mature enough to use on a server. I think maybe I misunderstood its point. Uncomplicated maybe meant not-featureful. Sure for unblocking ports for an app it’s cute and fast, and even for straight unblocking a port its syntax is a bit clearer I guess? But as I delved into it I realized I might have made a mistake. It’s built ontop of the same system iptables uses, but created all new tables so iptables isn’t really compatible with it. The real problem however is that the ufw command has no way to setup NAT masquerading. None. The interface cannot do that. Whoops. There is a hacky work around I found at OpenVPN – forward all client traffic through tunnel using UFW which involves editing config files in pretty much iptables style code. Not uncomplicated or easier or less messy like I’d been hopnig for.

So a little unimpressed with ufw (but learned a bunch about it so that’s good and I guess what I was going for) and had to add “remove ufw and replace with iptables on that server” to my todo list, but after a Sunday’s messing around I was able to get my phone to work over the VPN to my server and the internet. So a productive time.

OpenSSH + 2 and 3 factor auth

2014-08-30 08:01:03 PST

Tags: , , ,

Windows and C#, oh my!

2014-08-28 14:12:38 PST

Tags: , ,

So this happened at work


That’s right, after 13 years of being a purely Linux user, work asked if I’d like to be cross trained in Windows/C# development and I said “sure” and here I am.

So first thoughts: VirtualBox’s ability to boot from a harddrive is a massive help, crutch, safety blanket and amazing, I have my origional work Ubuntu install runing off the harddrive in VirtualBox fullscreened on one of my two screens fairly seamlessly interacting with the host Windows (copy/paste etc). Windows 8.1 is less broken than I remember my one half hour of messing around with Windows 8 to be. Also little apps like AltDrag help ease the transition. Although there have been a good few cases of wrong window typing because I’m about 13 years out of practice with click-to-focus. Visual Studios + ReSharper are at least trying to ease the burden of coming up to speed on a new language, environment and code base by making exploring easier, so that’s appreciated (“Find declaration/implementation/usage” are getting a lot of usage from me).

As for a deeper why? Well, my new director basically made a more complelling argument about Visual Studios and C# being good languages for a lot of productivity in a way that clearly got my interest unlike anyone else in the past. Naturally final verdict is TBD (will need some good time on that one), but I appreciate the oppurtunity because this stack isn’t one that would often land in my lap to experiment with and learn on.

So, new learning adventure comenses. We’ll see where this takes me.

Link: Linux Encryption in the Cloud using LUKS on Linode

2014-08-26 21:42:13 PST

Tags: , , , , ,

Linux Encryption in the Cloud using LUKS on Linode – an excellent guide to setting up a Linode with root disk encryption – 2013
Work around for 14.04 …

USB passthrough to a VM, via GUI only

2014-05-26 06:43:15 PST

Tags: , ,

It sure has gotten easier to add USB devices to VMs with libvirt-manager and it’s nice UI

Email server todo: read up on DMARC

2014-04-07 15:55:22 PST

Tags: ,

The latest bolt on top email security specification, on top of SPF and DKIM is DMARXC. Need to read up on and get to implementing I suppose.

git branch in bash prompt

2014-03-18 13:20:31 PST

Tags: ,

Adding ‘$(__git_ps1)’ to my .bashrc PS1 bash prompt was the greatest idea/discovery I’ve had in a bit, as now I know exactly what branch any repo I enter is on:

dan@dan-work:~/src/work-project/ (master)$ 

Ubuntu 14.04 because I couldn’t wait

2014-03-14 06:33:49 PST


Well, for better or worse, I semi impulsively upgraded my main laptop Minerva to Ubuntu 14.04 a month and a bit ahead of release. I used to upgrade to all the latest Ubuntu versions a month and change ahead of release because back in the 10.04 and before days the Ubuntu alpha’s and beta’s had amazing stability. After that the stability went away, even in some case from the actual releases (12.04 has always been a bit unstable to my mind, even two years later). But so far (knock on wood) nothing has exploded so that’s good.

I’ve always been a fan of ‘focus follow mouse’ so while I had previously just removed the Ubuntu appmenu (because the two do no work together and also appmenu degrades functionality on bigger screens) I’m now trying their new “Menus in title bar”. I’m glad they are now remembering and acknowledging big desktop interface users.

Now I just need to track down the new beta’s of ROS that will work on Ubuntu 14.04 and we’ll really be cooking…

Warning: Ubuntu 12.04 kernel 3.8.0-37 panics during init and fails to boot (for me)

2014-03-11 10:17:40 PST


So I installed some packge updates on my work machine and rebooted and… kernel panic during init. Repeatedly. So that was surprising, concerning and worrying. On the fourth try I booted the previous 3.8.0-36 kernel and the system came up fine. So they shipped a kernel than panics, at least on my system. Not good. There seems to be some confrimation popping up on AskUbuntu and I chimed in there.

But I was curious why the first google hit was AskUbuntu and not launchpad for a pretty dire bug. So I hoped over to launchpad. Logged in for the first time in a very long time and looked around. No “report bug” link. Ok. That’s odd, it’s their bug reporting system. So I poked around and eventually figured maybe I had to pick a project (not super obvious from their front page) so I found Ubuntu and poof, there was the report bug link! Except it linked to a long detailed help document on how to report bugs. I just want to report a non-booting kernel. So in there after some other non working links to more documentation I found a link specifically for reporting System Crashes. But I’m still on their wiki, and just being passed around to read more and more and not actually report a bug. I don’t want to read pages of documentation on their convuluted bug reporting process at work. I have work to do they’ve already crapped all over by shipping a buggy kernel, and now I’m wasting my time reading aobut their kafka-esque reworking of a bug tracking system. Have they removed the web report a bug system and replaced it only with wiki pages and some programs? I’m sure it’s great once you’ve drank the kool-aid, spent the requisite month in solitude learning it. But FFS, for a random guy who just had a system crashing bug, it’s all useless. I’m trying not to be rude but I’m pretty angry. How hard is it to have a web interface for bug reports? Were they just getting too much so hide it behind a maze of wiki page or just removed it and repalced it with a bunch of apps you have to install and read manual pages on to use? Not really acceptable IMHO. I know the inundation of bugs might have been a problem, but obfuscating the process for only people who have a load of time to drop seems like not the answer. If you screwed up you should probably make the barrier for finding out as low as possible. Get a smarter system that auto groups likely dups, don’t write a barage of docs and desktop/cli apps and hide behind those instead. So maybe they’ll not learn today they are shipping a kernel-panic bug. Awesome.

Huge really amazing fail Ubuntu both on shipping a non booting kernel and then making AskUbuntu the only way non-super initiated people can report it.

Valid XHTML 1.0!
Valid CSS!
This is a personal web page. Things said here do not represent the position of my employer. is proudly powered by WordPress
Entries (RSS) and Comments (RSS).
17 queries. 0.376 seconds.