the itjerk

my adventures with technology

Category Archives: Linux

ssl 24/7

While I’ve had ssl on my website for sometime (for anything login related), I had never enabled it by default. First, I had to install the patch the Video Filter module to work with https connections to Youtube. Then, using the developers tools built into Chrome, I found I had a http link to a Facebook logo (I have no idea why it isn’t local). That had to be fixed in the site’s theme. Finally, I found I had the remnants of ShareThis in a block. Although I deleted the module eons ago, I forgot about the block (which is how it appears on a page). Thankfully, those developer tools in Chrome made it plain as day. Now that all that was fixed, I edited the .htaccess file for the site, and entered the following to force https connections. (Remember to restart Apache after you edit .htaccess.)

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R,L]

With a free certificate from Let’s Encrypt, why not enable ssl. Oddly enough, only Chrome, Firefox and Microsoft browsers make it obvious when your connection to a website is secure. What’s up with that Apple?

raid, finally

I’ve always kept my media on a second drive in my linux box and backed it up to a remote NAS. While a perfectly acceptable setup, what I always wanted was two mirrored drives with all my data. The computer already a WD Red 1TB drive so I thrilled when I found another of the exact same drive for $67. Always a best practice to use the same model when building a mirrored RAID1.

I bought a Syba 2-port SATA RAID controller card that plugged into the empty PCI-e slot on the motherboard. It was only $25, but honestly if I had a motherboard with more features, I wouldn’t have needed it. Nonetheless, after moving the drives around in the case so the power connectors would match up to all the drives, I booted the computer and used CTRL-R immediately to get to the card’s BIOS to setup the RAID. It didn’t initially recognize all the drives, so I booted into Ubuntu and used the program Disks to format the new drive. (I also edited /etc/fstab and took out the reference to the old single drive). Rebooting again, the card recognized both drives, and then setup them up as a RAID1 using the card’s BIOS utility.

Continuing into Ubuntu, I again ran Disks and formatted the new single drive. I then edited /etc/fstab with the new mount point (which I had to create), and then ran a sudo mount -all to access it.

Now it’s time to copy everything back to my new mirrored data drive. Remember, when it comes to data, you must have two copies of everything you’d ever expect to keep. But two drives mirrored are really only one copy (think accidental erase), so I’ll still need to keep a backup of files I want to keep forever.

ubuntu 16.04 xenial xerus

Last week the first point release for Ubuntu 16.04 LTS triggered the update on my 14.04 computer and I went for it. There are several questions that pop up and need an answer for the upgrade to continue, so it’s an attended upgrade. I didn’t pay too much attention to what was upgraded, removed, not supported, etc, I just figured I would figure out whatever I need to.

Drupal 6 didnt work out of the box because 16.04 ships with Php7; but it was easy enough to install Php5.6, with the help of this repository (the guy is an official packager for Debian) so now I again have a local copy of my website.

I also needed to upgrade Logitech Media Server to 7.9, which is a beta version, but once installed, my Slimserver – the thing that got me into linux so many years ago – started working again right away.

I have to admit, that with the LTS releases, there really isn’t much of a point to upgrading, because the base distribution is supported for five years. At that point, it’s time for a new computer and a clean install.

On the web: Xenial Xerus

let’s encrypt – free ssl

Let’s Encrypt is “a free, automated, and open certificate authority” from the ISRG (and now apparently the EFF), and a growing list of technology big-names. And in the sounds too good to be true department, they offer not only free ssl certificates, but an easy to use tool that configures your web server, or ACME – automated certificate management environment, in a just a few easy steps. Encrypting web traffic should be utilized not only with sites running e-commerce or email, but whenever the use of passwords is involved.

First step is to install the client via git:

sudo git clone /opt/letsencrypt

Then run the config:

cd /opt/letsencrypt
./letsencrypt-auto --apache -d

The client will ask a few questions about the certificate you want to install. Most importantly, remember that you probably need to apply it to your default-ssl.conf. To test your new certificate, use SSLLabs website:

The tutorial below even shows you how to add renewal options to cron for set and forget ease. Remember to git pull and stash to keep everything up to date. And most of all, it’s a free service!
On the web:

Let’s Encrypt – Free SSL/TLS Certificates

How To Secure Apache with Let’s Encrypt on Ubuntu 14.04

putty and ssh keys

If you have a Windows computer, no doubt you’re using putty for your ssh needs. In order to use keys to sign into remote hosts, you’ll need to run puTTYgen program, generate a new pair of keys, and then copy/paste the public key to your remote host, and cat it to the remote authorized_hosts file. You can use the GUI interface, just don’t copy the last bit “== rsa-key-20150204”. After you generate your keys, be sure to change permissions on the directory you store them in on your Windows computer!

On the web:

squeeze2upnp + beep = lms

Screenshot from 2015-03-11 18-56-42

Logitech Media Server (LMS), the old Squeezebox Server or Slimserver, is my go-to for playing my music library on hard disk. I use a Squeezebox v3, various Raspberry Pi’s, and now with the help of this nice little program, my Beep. Squeeze2upnp (sq2u) is as it says, “a bridge between LMS and uPNP devices”. It translates LMS instructions for UPnP devices. More simply, it makes my Beep appear as a playback device in any LMS app or webpage.

You can download Squeeze2upnp below, it’s precompiled for Linux and Windows. There’s instructions in the user guide on how to set it up and get it running. Make sure your Beep is playing while Squeeze2upnp is in “discovery” mode, and be sure to daemonize it with the “-z” option, otherwise CPU usage goes through the roof. You will also have to edit the config.xml file to support FLAC playback. Also, you may have to monkey with your firewall, I’m not sure what ports it uses, but it caused an issue for me. (more later).

to discover UPnP devices on local subnet and configure sq2u to play them:
./squeeze2upnp-x86 -i config.xml
to daemonize sq2u:
./squeeze2upnp-x86 -z

That’s it, give it a few minutes and your UPnp device will appear
Big shout out to philippe44 for his active development of the Squeeze2upnp program. I had an issue with it crashing, sent him a debug file, and all is now well. That’s the beauty of FOSS.

Update: philippe44 is currently working on a third-party plug-in for LMS that automates discovery and playback to your Beep inside the LMS interface. Check out the thread above at for more info.

On the web

this is beep

Just before the holidays I received Beep, a $99 music streaming device. It’s a very simple thing, whose purpose is to provide wireless streaming capability to dumb systems, like a pair of powered speakers, stereo system, boom box, well, just about anything that has an audio input that accepts either 3.5mm analog or digital optical output. I especially like that last part, digital. The Beep runs on 5VDC, sports a metallic finish and consists of a large multifunction knob (start/pause/skip/stop/volume) and some cool flashing lights.

It’s controlled by an app, available on either Android or iOS, that also helps you setup the player on your network. When I first got it, Beep was pretty limited. I could play either Spotify or Pandora, or in my case, neither (because I don’t use either service), though it now also supports SomaFM radio. Okay, it’s still pretty limited. No support for Google Play, Amazon Music, that iTunes thingy, etc.
Recently however, Beep have added support for DLNA music servers. This is great news, because I can now play all the music on my local media server via the Beep. In order for me to do so, I first installed MiniDLNA software on my Ubuntu box using apt-get, manually edited the config file to get it setup, and opened a few ports in my computer’s firewall, 8200 TCP and 1900 UDP to let MiniDLNA out. It would have been easier if the Beep would just connect to my Squeezebox Server (aka LMS), but it’s just not there, yet…

It would also be better if Beep were a little more stable, and transparent. Throughout the day it randomly lights up “smiley face” (looking for network connection) and “sun shining” (all lights glowing, who knows what this means). That’s ultimately going to be the hard sell on Beep: without a display, no one wants to decode blinking lights; what’s it doing? why is it doing that? It just needs to work.

To use Beep as a renderer (something that plays media from a DLNA server), I had to get another Android app, BubbleUPnP. It’s a fairly straight forward app, though I did have to install the “demo server” in order for it to find my MiniDLNA server. Not sure if this is me or the app, but it was not very intuitive to figure out. That done, however, I can stream my server’s music library to whatever I connect my Beep to.

On the web:
Beep | Bringing music to every room in your home
BubbleUPnP Server

good bye spam

I hate spam. Okay, everyone hates spam. Anyway I’d been getting a shit-ton of it lately, in the mail from one of my domains. I wanted to take ACTION, because, yeah, you guessed it, I hate spam, and as a good itjerk, I wanted to beat those spammers.

Step one is to figure out why is it spam and what makes it different than good email. So the first thing to check was the message header, where I found this interesting bit:


They put my MYDOMAIN in the Return-Path! Fortunately, it’s an easy fix, all I have to do is create a rule in spamassassin to filter it our. Off to edit /etc/mail/spamassassin/, I added the following, and gave it a BIG score:

# checking for local domain in return path
header LOCAL_RETURN Return-Path =~ /MYDOMAIN\.com/i
score LOCAL_RETURN 50.00
describe LOCAL_RETURN mark with score 50 all mails with Return-Path ""

Now, all that spam has this in it’s header, and goes directly to my Junk folder! I win!!!

X-Spam-Flag: YES
X-Spam-Score: 47.003
X-Spam-Level: ***********************************************
X-Spam-Status: Yes, score=47.003 tagged_above=2 required=6.31
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
autolearn=no autolearn_force=no

raspberry pi 2 b

Well, just about six weeks after I purchased a raspberry pi b+ a new, vastly improved model is released. Faster multicore processor and double the RAM mean it’s much nearer to a real PC than ever. One will probably need recompiled software to take advantage of the multicore processor.

  • A 900MHz quad-core ARM Cortex-A7 CPU (~6x performance)
  • 1GB LPDDR2 SDRAM (2x memory)
  • Complete compatibility with Raspberry Pi 1

On the web:

ubuntu not enough free space

I went to do updates today and I got the following message. Seems my /boot partition doesn’t have enough space to update to the newest kernel.
Screenshot from 2014-08-14 20:42:55
Seems autoremove isn’t working. This is easy to fix, but the potential for n00b disaster is high. First, get your current kernel version by issuing:

 uname -r

Now let’s go to /boot and take a look at what’s taking up all the room /boot:

cd /boot
total 152330
drwxr-xr-x 4 root root 3072 Aug 12 17:41 .
drwxr-xr-x 23 root root 4096 Aug 12 17:41 ..
-rw-r--r-- 1 root root 1161764 Jun 4 16:57 abi-3.13.0-29-generic
-rw-r--r-- 1 root root 1162257 Jul 4 17:18 abi-3.13.0-30-generic
-rw-r--r-- 1 root root 1162712 Jul 14 23:29 abi-3.13.0-32-generic
-rw-r--r-- 1 root root 1162712 Jul 29 12:41 abi-3.13.0-33-generic
-rw-r--r-- 1 root root 165544 Jun 4 16:57 config-3.13.0-29-generic
-rw-r--r-- 1 root root 165576 Jul 4 17:18 config-3.13.0-30-generic
-rw-r--r-- 1 root root 165611 Jul 14 23:29 config-3.13.0-32-generic
-rw-r--r-- 1 root root 165611 Jul 29 12:41 config-3.13.0-33-generic
drwxr-xr-x 5 root root 1024 Aug 12 17:41 grub
-rw-r--r-- 1 root root 28137510 Jun 13 08:43 initrd.img-3.13.0-29-generic
-rw-r--r-- 1 root root 28189493 Jul 6 09:09 initrd.img-3.13.0-30-generic
-rw-r--r-- 1 root root 28223565 Jul 23 16:24 initrd.img-3.13.0-32-generic
-rw-r--r-- 1 root root 28222396 Aug 12 17:41 initrd.img-3.13.0-33-generic
drwx------ 2 root root 12288 May 22 13:20 lost+found
-rw-r--r-- 1 root root 176500 Mar 12 07:31 memtest86+.bin
-rw-r--r-- 1 root root 178176 Mar 12 07:31 memtest86+.elf
-rw-r--r-- 1 root root 178680 Mar 12 07:31 memtest86+_multiboot.bin
-rw------- 1 root root 3378267 Jun 4 16:57
-rw------- 1 root root 3378641 Jul 4 17:18
-rw------- 1 root root 3381262 Jul 14 23:29
-rw------- 1 root root 3381262 Jul 29 12:41
-rw------- 1 root root 5792544 Jun 4 16:57 vmlinuz-3.13.0-29-generic
-rw------- 1 root root 5792608 Jul 4 17:18 vmlinuz-3.13.0-30-generic
-rw------- 1 root root 5798112 Jul 14 23:29 vmlinuz-3.13.0-32-generic
-rw------- 1 root root 5798688 Jul 29 12:41 vmlinuz-3.13.0-33-generic

Yep, a whole bunch o’ files, previous kernels that I no longer need. Let’s delete them by purging them with apt-get. Remember, don’t delete your current kernel!

sudo apt-get purge linux-image-3.13.0-29-generic
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
linux-image-3.13.0-29-generic* linux-image-extra-3.13.0-29-generic*
0 upgraded, 0 newly installed, 2 to remove and 15 not upgraded.
After this operation, 193 MB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 347115 files and directories currently installed.)
Removing linux-image-extra-3.13.0-29-generic (3.13.0-29.53) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 3.13.0-29-generic /boot/vmlinuz-3.13.0-29-generic
update-initramfs: Deleting /boot/initrd.img-3.13.0-29-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 3.13.0-29-generic /boot/vmlinuz-3.13.0-29-generic
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-3.13.0-33-generic
Found initrd image: /boot/initrd.img-3.13.0-33-generic
Found linux image: /boot/vmlinuz-3.13.0-32-generic
Found initrd image: /boot/initrd.img-3.13.0-32-generic
Found linux image: /boot/vmlinuz-3.13.0-30-generic
Found initrd image: /boot/initrd.img-3.13.0-30-generic
Found linux image: /boot/vmlinuz-3.13.0-29-generic
Found memtest86+ image: /memtest86+.elf
Found memtest86+ image: /memtest86+.bin
Purging configuration files for linux-image-extra-3.13.0-29-generic (3.13.0-29.53) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 3.13.0-29-generic /boot/vmlinuz-3.13.0-29-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 3.13.0-29-generic /boot/vmlinuz-3.13.0-29-generic
Removing linux-image-3.13.0-29-generic (3.13.0-29.53) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 3.13.0-29-generic /boot/vmlinuz-3.13.0-29-generic
update-initramfs: Deleting /boot/initrd.img-3.13.0-29-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 3.13.0-29-generic /boot/vmlinuz-3.13.0-29-generic
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-3.13.0-33-generic
Found initrd image: /boot/initrd.img-3.13.0-33-generic
Found linux image: /boot/vmlinuz-3.13.0-32-generic
Found initrd image: /boot/initrd.img-3.13.0-32-generic
Found linux image: /boot/vmlinuz-3.13.0-30-generic
Found initrd image: /boot/initrd.img-3.13.0-30-generic
Found memtest86+ image: /memtest86+.elf
Found memtest86+ image: /memtest86+.bin
Purging configuration files for linux-image-3.13.0-29-generic (3.13.0-29.53) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 3.13.0-29-generic /boot/vmlinuz-3.13.0-29-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 3.13.0-29-generic /boot/vmlinuz-3.13.0-29-generic

Gone! Now do those updates.