TWRP with FS encryption and CM13 support for OPO

Android ROM scene is cluster fuck of inhumane proportion; the complete lack of documentation, decent how-to, decent guides and the retarded works for me attitude the whole community has really amazes me. TWRP project is a good example of a really useful tool used by [millions] of people all over the world, one would assume that it has to be maintained in a professional way but this is as far from the reality as something can get. The official site lacks any kind of documentation, the only information one can find there are either completely useless or partial and incomplete (e.g. the how to build from source guide linked on TWRP faq page is a link to a XDA forum post saying absolutely nothing on how to build this shit). Not only that, but the site download page (one would hope that at least that part was taken care of…) is not up to date. For bacon (oneplus one), which is a really popular phone among modders, the latest version present in the download page of the official TWRP site is the buggy and completely useless twrp-2.8.7.0-bacon. To get the latest version (twrp-2.8.7.1-bacon) which supports file-system encryption on CM13 and correctly flash the baseband ROM one has to dig through a whole pile of shit on XDA and finally find a post where pajeet post a link where to download it: http://build.twrp.me/twrp/twrp-2.8.7.1-bacon.img The irony is that the link is from the TWRP official site even though it can’t be found anywhere on the bacon download page on the very same site. In case someone decide to delete the file I am rehosting it here: https://uwot.eu/misc/twrp-2.8.7.1-bacon.img …

Posted on

mdadm RAID on Linux

Every time I have to setup a software RAID in Linux using mdadm I forget something, this time I am writing it down once and for all (or at least I hope so). For the sake of simplicity I will use the creation of a RAID1 as example but this very same procedure can be applied for any other kind of RAID. RAID array creation 1. Partition the drives This step must be repeated for each drive of the array (/dev/sdb and /dev/sdc in my case). …

Posted on

Defragment XFS file system

XFS just like EXT4 (I wrote a post about it last year) supports online defragmentation, to manage those volumes on CentOS and Fedora xfsprogs package is needed. Fragmentation level of XFS volumes can be checked with the command: [root@CentOS ~]$ xfs_db -c frag -r /dev/sdb1 actual 4491, ideal 4006, fragmentation factor 10.80% To perform online defragmentation of XFS volumes run the following command: …

Posted on

QEMU+KVM, reclaim disk space

After some time qcow2 images tend -especially after taking snapshots- to grow bigger and bigger, even bigger than the maximum size specified at creation time. QEMU provides a tool called virt-sparsify (install libguestfs-tools package in CentOS 7) that can effectively make a virtual machine disk thin provisioned (space is not preallocated, only the actual space needed is used). virt-sparsify has a nice number of options, the most interesting one is --in-place, it tells QEMU to shrink the volume in place without requiring any addition space. …

Posted on

CentOS, DNSCrypt and pdnsd

DNSCrypt installation process is pretty simple since it is present in the repository, pdnsd on the other hand is missing, luckily compiling from source is not that hard. For the sake of completeness I will also cover the procedure to install DNSCrypt from source, alternatively yum install dnscrypt-proxy. Install the required dependencies and get the source code: [root@CentOS ~]# yum install gcc libsodium-devel libtool-ltdl-dev git wget [root@CentOS ~]# git clone https://github.com/jedisct1/dnscrypt-proxy.git [root@CentOS ~]# wget http://members.home.nl/p.a.rombouts/pdnsd/releases/pdnsd-1.2.9a-par.tar.gz pdnsd Compile and install: …

Posted on

Setting up Vim on Fedora

Since every time I am about to install Vim I forgot how to set it up, set it as default system wide text editor and so on I figure I’ll write it down once and for all. First of all let’s install Vim, specifically the so called enhanced version which is capable of loading plugins and colorschemes: [user@Fedora ~]# sudo dnf install vim ### powerline plugin [user@Fedora ~]# sudo dnf install vim-plugin-powerline I personally really like molokay colorscheme from tomasr; putting it in the default colorscheme directory does the trick if we want to use it for every user. …

Posted on

ejabberd and fail2ban

Fail2ban is a useful tool capable of mitigating brute force attacks performed against a multitude of services (ejabberd in our case). Configuration is split between a multitude of files: jail.conf defines which filters are active while the filters scripts are placed in ./filter.d directory. [root@CentOS ~]# vi /etc/fail2ban/jail.conf --- bantime = 1200 findtime = 1200 maxretry = 10 backend = auto [ejabberd-auth] enabled = true port = 5222,5280,7777 action = iptables-multiport[name=ejabberd, port="5222,5269,5280,777", protocol=tcp] logpath = /var/log/ejabberd/ejabberd.log --- [root@CentOS ~]# vi /etc/fail2ban/filter.d/ejabberd-auth.conf --- [Definition] failregex = ^=INFO REPORT==== ===\nI\(<0\.\d+\.0>:ejabberd_c2s:\d+\) : \([^)]+\) Failed authentication for .+ from IP <HOST> \({{(?:\d+,){3}\d+},\d+}\)$ ^(?:\.\d+)? \[info\] <0\.\d+\.\d>@ejabberd_c2s:wait_for_feature_request:\d+ \([^\)]+\) Failed authentication for \S+ from IP <HOST>$ ^.* Failed authentication for \S+ from <HOST>$ ^.* from <<"<HOST>">> failed with error: <<"inexistent-account">>$ ^.* from <<"<HOST>">> failed with error: <<"bad-password">>$ ^.* from <<"<HOST>">> failed with error: <<"badformed-jid">>$ ignoreregex = [Init] journalmatch = --- The first two regular expressions are for user authentication while the others are for administration panel login. Other useful commands are: …

Posted on

ejabberd SOCKS5 proxy – file transfer

Ejabberd XMPP server includes a SOCKS5 proxy, setting it up correctly is what makes the difference between fast or very slow file transfer operations. As per XEP-0065 file transfer is either peer-to-peer or mediated by a proxy server. In Conversation peer-to-peer transfer is done by converting the file in base64, split it in 4 kb chunks sent one at the time always awaiting first for the ACK of the precedent one; this makes the whole process painfully slow and bandwidth consuming. The other file transfer method supported by Conversation is defined by XEP-0234 (or Jingle file transfer) which relies on a SOCKS5 proxy and also allow to negotiate parameters like encryption. Ejabberd configuration: …

Posted on