the itjerk

my adventures with technology

let’s encrypt – free ssl

Let’s Encrypt is “a free, automated, and open certificate authority” from the ISRG (and now apparently the EFF), and a growing list of technology big-names. And in the sounds too good to be true department, they offer not only free ssl certificates, but an easy to use tool that configures your web server, or ACME – automated certificate management environment, in a just a few easy steps. Encrypting web traffic should be utilized not only with sites running e-commerce or email, but whenever the use of passwords is involved.

First step is to install the client via git:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Then run the config:

cd /opt/letsencrypt
./letsencrypt-auto --apache -d yoursite.com

The client will ask a few questions about the certificate you want to install. Most importantly, remember that you probably need to apply it to your default-ssl.conf. To test your new certificate, use SSLLabs website:

https://www.ssllabs.com/ssltest/analyze.html?d=yoursite.com&latest

The tutorial below even shows you how to add renewal options to cron for set and forget ease. Remember to git pull and stash to keep everything up to date. And most of all, it’s a free service!
On the web:

Let’s Encrypt – Free SSL/TLS Certificates

How To Secure Apache with Let’s Encrypt on Ubuntu 14.04

raspberry pi 3

You know, every time I get a new raspberry pi computer, a month or so later there’s a new and improved model out. So that rPi 2 B I got the kids for Xmas is now rendered obsolete by the latest rPi 3 B. Built-in wifi and bluetooth, faster processor  from the 64bit 1.2GHz quad-core chipset, faster RAM and GPU, and hopefully the same footprint because I really like the fancy “official” case they are in.

BTW, I did pickup a rPi Zero for $5, but until I find an HDMI-mini to HDMI cable that costs less than $5, I guess it will just remain in its wrapper.

apple vs doj

Apple has already helped the government retrieve data from some 70 iPhones. Cooks stance is about selling and market share, and not helping solve the heinous murders that the San Bernardino terrorists committed.

 

nexus 7 repaired

The old nexus 7 2nd generation tablet wasn’t charging. Figured my daughter had jammed the micro usb plug in the wrong way, or mangled it while using it plugged in. Ends up the charging board must eventually go bad as the seller on eBay had already sold 190 of these babies. $60 later and the tablet is charging.

2015 in review

The WordPress.com stats helper monkeys prepared a 2015 annual report for this blog.

Here’s an excerpt:

A San Francisco cable car holds 60 people. This blog was viewed about 2,200 times in 2015. If it were a cable car, it would take about 37 trips to carry that many people.

Click here to see the complete report.

genius (sic)

“I tried following the instructions on that site but unfortunately I don’t really understand what they want me to do. For example I downloaded the correct version but I do not know how to run it at the command line.”

iMod

nexus 5x

New phone time! It’s been three years of 3G phone service on my Nexus 4, so I wasted no time to pre-order Google’s Nexus 5X when it was announced a few weeks ago. Offering LTE service was the main reason to make the purchase ($349), but having a new “modern” phone was the real enticement. The phone is again made by LG, and while the specs aren’t that amazing (those are reserved for the pricier Nexus 6P), they present an upgrade in processor, screen resolution, and significantly, camera from my old phone. Let’s face it, our phones OUR are cameras!

unnamed

I did have to walk down to my local T-Mobile store to purchase ($15) a nano SIM card in order to activate my phone, and I’ll need to replace all my USB cables with “c” type in order to connect/charge it with my computers. Speaking of which, there’s a menu now to select what type of connection you want when you connect the phone to a computer:

Screenshot_20151021-092828

The Nexus 5X has the latest Android, Marshmallow 6.0, which wanted to update itself immediately upon starting the phone. I was impressed with the lack of crap-ware preloaded on the phone, and having an extra 8GB of storage is great for my use. The fingerprint sensor took me a little bit to get my head around exactly how it works, but it works like a charm. After scanning a fingerprint and entering another security method for backup (if your fingerprint doesn’t work, or for another user), you just touch the senor on the back of the phone and viola! the phone is both on and unlocked. As one who hasn’t every used a lock on my phone because of the hassle of entering it, this is indeed an upgrade.

Anyway, I chose to install everything from scratch (and not transfer devices) because a clean start is great. But with Google Play, going to My Apps and the All tab shows what apps you’ve put on your other devices.

I received my $50 Google Play credit received three days later, and purchased a case from Amazon. All set.

On the web:
Nexus 5X at iFixit

dns, search engines and browsing

Secure browsing is much more than clearing your browser’s cache when done surfing. While Tor Browser isn’t for everyone, two quick and easy things I recommend are using DuckDuckGo as your default search engine and switching to either GoogleDNS or OpenDNS for your web browsing. And use a modern, up to date browser!

DuckDuckGo bills itself as “the search engine that doesn’t track you”, which is reason enough to switch. The search engine results are very good, but even better, the use of bangs (!) allows searches directly to thousands of sites, including encrypted to Google (g!). Plus, it’s easy to install as the default engine on your browser.

DNS servers help resolve domain names and their numeric ip addresses. Most ISP’s DNS is notorious for being spotty, and of course, not very private. Using either Google or OpenDNS’s can speed up your browsing, protect from DNS hijacking, and offer protection from phishing. There’s a lot more to using these services than I’ll write, but just entering them into your router is the place to start.

Remember, however, that browsing security also ends with one’s exit on the web. Subject for another time…

One the web:
DuckDuckGo
Google Public DNS
OpenDNS

el capitan, thank you

Don’t know if it’s just me or not, but doing a clean install on an old Mac computer has been a pain, since 10.6 Snow Leopard. Back in the early days of Mac OS X, you could boot a Mac into firewire mode and copy an image over. As Apple moved away from firewire, that became more and more difficult. Doing a clean install of an operating system became even more problematic after the switch to Intel processors, as Apple made version-specific demands on installers; this disc only worked with this machine, etc. Of course a few years ago, Apple did away with optical drives all together.

Fortunately, that’s changed, and now making a bootable flash drive is easy business. To perform a clean install of 10.11 El Capitan, go to the App Store and download the free installer, it’s about >6GB and will end up in your /Applications directory. Take a big enough USB drive, format it to “Mac OS Extended (Journaled)” and name it “Untitled”. Providing you keep these defaults the same, you just need to run this simple command to make your very own bootable installer:

sudo /Applications/Install\ OS\ X\ El\ Capitan.app/Contents/Resources/createinstallmedia --volume /Volumes/Untitled --applicationpath /Applications/Install\ OS\ X\ El\ Capitan.app --nointeraction

Boot the Mac by holding down the option (Apple) key and you’ll be able to choose the USB drive as your startup device and proceed with a clean install.

Now that Apple is giving away free upgrades to their OS X, there’s really no reason to not run the latest and greatest version of OS X. (Well, maybe*). El Capitan will run on most any Mac that’s got a 64 bit processor, and you’ll have to go back a decade or so to find one that doesn’t have one – like my little Mac Mini with its core solo* that keeps chugging along after all these years!

audio bliss with the piCorePlayer + HiFiBerry

If one thing has changed in the past forty years of my listening to music, it’s not the music; as Lemmy said in his documentary, (to paraphrase) “you always return to the music of your youth because that’s when you figured out what music you like”. What has changed is how I listen to music; as much as I still enjoy flipping a vinyl record over (and that delicious analogue sound), nothing beats the convenience of digital streaming. Basically, I want all my music on a computer so I can access it, with a click, wherever I may be.

Not like any of this is new. Since the iTunes revolution, music has been reduced to ones and zeros, in more ways than one. The album has vanished, and CDs are mere content delivery units. Services such as Spotify, Pandora, Google Music, Amazon Prime, iTunes Airplay, etc… are the new record stores, serving and predicting what music one wants to hear. Their respective apps, and devices such as Sonos, Beep, Amazon Echo, and the newly announced Chromecast Audio are all there to push that music your way.

But I want my music, the music on my computer. Logitech Media Server, aka SlimServer or Squeezebox Server, has been my go-to for music streaming for probably a decade now. Problem is Logitech stopped making Squeezeboxes years ago. Beep seemed like a nice substitute, but honestly it mostly crashes, far too often to be considered usable.

Screenshot from 2015-09-30 04:04:27

The most elegant and inexpensive solution is the Raspberry Pi equipped with a HiFiBerry DAC running piCorePlayer. The latter has made some serious leaps in the past year in terms of usability and stability, and with the addition of the HifiBerry, sonically as well. So all of this is a long winded way of giving the trio another, hopefully louder shout-out for earning the top spot in my hifi rig. It works, it’s simple and it sounds fantastic. Thank you!

On the web:
piCorePlayer