CyanogenMod 10.1.2 high network traffic

Ok, I know I fucked up, I know everyone who knows me just a little bit would never expect this, but I got my first mobile phone or, like they call them nowadays: a smartphone. I don’t like the smartphone buzzword since I think the only smart ones here are the guys who are able to sell this stuff for hundreds of bucks to billions of people, so I’ll stick with the old and almost forgotten mobile phone name. Anyway, I got this brand new Nexus 4, played with it a couple of days and then, following the official guide on CyanogenMod site, I installed the latest stable release of it (based on Android 4.2.2). – Why the Nexus 4? Because Nexus devices are the only Android phones worth to be bought. – CyanogenMod works great and with some programs (don’t fucking call them apps, seriously, don’t do it) installed (k-9 Mail, OpenVPN, BusyBox and JuiceSSH) I’m almost able to perform all the tasks I usually do with my workstation or Thinkpad. The only real issue is the process, or whatever it is, called Google Services using an enormous amount of network resources without any apparent good reason. Luckily I’ve a friend called DuckDuckGo which in a bunch of seconds was able to tell me how to solve the issue. The problem seems to be connected to the Google Play Store which is completely retarded and keeps downloading some kind of system updates which obviously is not able to install since I’m not using the stock Android operating system provided by Google. The solution is pretty simple: …

Posted on

CentOS 6.4, QEMU+KVM

It’s summer, it’s hot as hell, I am back home from mountains and I’ve plenty of free time. Between a barbecue and the next one I spend my time playing with and learning new stuff: this week new stuff is called QEMU-KVM. Yesterday I also tried XenServer but to be honest I wasn’t impressed, it just look like to be an old version of CentOS minimal install with some custom repos and a fancy GUI. I played with it for just a bunch of hours, but the thing that just performing an installation on a software RAID-1 turned out to be a PITA to say the least is a clear sign that it’s not the best tool for my needs. I swapped a couple of HDDs and in 2 minutes I went back to the already installed CentOS 6.4 with QEMU+KVM. The client machine, for what it matters, is my Fedora 19 x86_64 workstation, virsh and virt-manager the tools I use for remote administration tasks. Installing QEMU-KVM is just a matter of typing yum install libvirtd qemu-kvm bla bla bla, chkconfig libvirtd on and doing a system reboot (better safe than sorry). The tricky part at least for me was setting up a damn bridged network interface, luckily I found this great writeup. I am going to report here what I did to setup a couple of bridged network interfaces on my setup. …

Posted on

nginx and TLS v1.2

Given that SSL and TLS, especially v1.0, suffer from serious security issues (e.g. https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS) I thought it would be a good idea to use the latest and more secure version of it: v1.2. On CentOS 6.4 the openssl version included is quite old and doesn’t support TLS v1.1 and 1.2. So, first of all we have to install the latest version 1.0.1e, it can be done compiling from sources or by adding a third party repository; I chose the latter. …

Posted on

WordPress admin, SSL, Apache + nginx

Let’s say we have a WordPress blog and we would like to encrypt our login pages and the whole back-end of the site. There are many ways to do it, but since I already have a nginx instance configured as reverse proxy running in front of Apache I’ll use it to protect my admin pages and logins. In this page I’ll not cover Apache’s configuration, which, by the way, is trivial to say the least, so please refer to this other post: Apache + nginx as reverse proxy. Using the configuration posted in the above’s link as starting point, to add SSL encryption to admin pages we should add a couple more bunch of lines of code. First of all, we must create our own Certificate Authority and issue a SSL certificate. Another option is buying a certificate, but I don’t trust CA (certificate forgery anyone?) and I don’t mind having a properly signed certificate for a page I am the only one accessing to. Follows a brief explanation on how to create a CA and issue a certificate. …

Posted on

Linux Kernel 3.10 and VMware Workstation 9

A new Linux kernel version is released and guess what: VMware Workstation fucked up once again. The fix posted on the Arch Linux wiki is applicable also to Fedora 19, I’ll post it here for future reference. $ cd /tmp $ curl -O http://pkgbuild.com/git/aur-mirror.git/plain/vmware-patch/vmblock-9.0.2-5.0.2-3.10.patch $ curl -O http://pkgbuild.com/git/aur-mirror.git/plain/vmware-patch/vmnet-9.0.2-5.0.2-3.10.patch $ cd /usr/lib/vmware/modules/source # tar -xvf vmblock.tar # tar -xvf vmnet.tar # patch -p0 -i /tmp/vmblock-9.0.2-5.0.2-3.10.patch # patch -p0 -i /tmp/vmnet-9.0.2-5.0.2-3.10.patch # tar -cf vmblock.tar vmblock-only # tar -cf vmnet.tar vmnet-only # rm -r vmblock-only # rm -r vmnet-only # vmware-modconfig --console --install-all For more information: https://wiki.archlinux.org/index.php/VMware#3.10_kernels …

Posted on

DeaDBeeF compiled from source

Yesterday was the big day, Fedora Schrödinger's Cat 19 stable release was released. Since I had a free afternoon I decided to install it on my Thinkpad, and luckily everything was fine, even Anaconada installer issues with UMTS modules are gone, VMware Workstation 9.0.2 was working fine and so on. The only issue I had was with DeaDBeeF audio player, I am using it from quite a long time and I like it a lot; too bad it’s not included in the default Fedora’s repos nor in the epel ones so every time I have to install it manually. On the official site there’s no sign of an rpm built for Fedora 19 (ok, I understand it, it’s been released less than 48 hours ago) and I don’t seem to be able to install the one for Fedora 18, so I decided to compile it from source, and that was a PITA to say the least. The README file included in the source code tar.gz archive is not of much help since, even with all the listed dependencies installed, after a good 2 o 3 minutes of compilation I got only an half working program which shows up properly but doesn’t play any kind of audio file. Official documentation pages are also well hidden, but at least they are somewhat useful to compile the program so I guess it’s a good idea publicise them here. Needed dependencies (rpmfusion free and non-free required) are: …

Posted on

Apache + nginx as reverse proxy

One of the things I was planning to do but never did is installing nginx as reverse proxy in front of Apache. nginx is present in the epel repos for CentOS, so the installation process is just a matter of: yum install nginx mysql mysql-server phpmyadmin httpd wget -q -O - http://www.atomicorp.com/installers/atomic | sh yum install mod_rpaf mkdir /etc/nginx/v.hosts vi /etc/nginx/nginx.con http { include v.hosts/*.conf; include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; charset utf-8; keepalive_timeout 65; server_tokens off; sendfile on; tcp_nopush on; tcp_nodelay off; # Default Server Block to catch undefined host names # server { # listen 80; # server_name _; # root /usr/share/nginx/html; # index index.html index.htm; } } /usr/sbin/nginx -t server { listen 80; server_name uwot.eu; access_log off; error_log off; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_redirect off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; client_max_body_size 10m; client_body_buffer_size 128k; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; } } sudo /usr/sbin/nginx -t service nginx restart

Posted on

Wireshark as unprivileged user

Documentation on the Wireshark wiki seems to not be really up to date, or at least it’s not completely applicable to Fedora 18, so here is what I did to make it work. After installing Wireshark (and its GUI) with the usual: yum install wireshark-gnome It should automatically create a group called wireshark and we are supposed to add our user (mafio in my case) to this group: usermod -a -G wireshark mafio newgrp wireshark ### used to force the new settings without having to logout/login Then issue this last command: …

Posted on