find file types in a path (recursively) and copy them all to 1 location

Find file types in a path (recursively) and copy them all to 1 location:

find /path/to/directory -name "*.mp3" -exec cp {} /some/other/dir/ \;

*.mp3 could be “.jpg or *.whatever.

Setting up OpenVPN on your Debian-based Linux Server

I’ve written extensively about using SSH to to create a “poor man” proxy to protect your data when connecting to an untrusted network (for example in a Starbucks cafe or a hotel). Using an SSH connection with a SOCKS5 proxy is often cumbersome and not all applications natively support the SOCKS protocol.

A simpler method from the client side (although more complicated to set up on the server end) would be to configure your home Linux server to serve as an OpenVPN server. You would then configure your laptop or Android-based mobile device (or any Apple devices) to use the OpenVPN client. An OpenVPN client will force all traffic (including DNS requests) through the home Linux computer and force all Internet-based traffic out of your home Internet connection.

Continue reading

Hilarious: Little girl hacks into her father’s computer using her Raspberry Pi

This video is precious. This precocious little girl can’t be more than 8 or 9 year’s old. She uses her Raspberry Pi to SSH into her father’s Mac and doesn’t readily reveal how she got his password either …!

She run’s a who command to list up her father’s shells, runs a top command to find a specific process that she knows indicates the application her father is currently working in and proceeds to wreak havoc.

This is hilarious and amusing to watch. Here’s the link to the Reddit discussion on the video as well.

How to securely backup LUKS-encrypted partitions, incrementally.

These days, security is at the forefront of many computer users’ minds. Running your primary machine with encryption is important to ensure privacy and security. Generally, the most common form of partition level encryption for Linux machines is the LUKS encryption specification which is directly supported by the Linux kernel.

Most file level backup applications (like rsync) require that the partition already be decrypted so it can backup the files. This is inherently insecure in that the partition must remain open/decrypted for the backup to take place. In addition, the backed up files at the destination will be unencrypted.

Continue reading

The Ultimate Open Source Software List for 2015

A master list of over 1200 applications organized by category, this Ultimate Open Source Software List is a great repository of applications if you’re looking for a solution to a specific problem. From backup applications to cloud infrastructure to paint programs and games, the list is expansive and thorough and listed alphabetically by category. Each item has its own link out to the project’s homepage for further details.

Though it would be nice if it offered a master index of categories at the front, as it’s currently laid out you have to page through the entire list Web 1.0 style.

Backup your GMail to your local hard drive, or any other Google service based files

Here’s a great feature by Google – they allow you to backup (download) your Gmail, Calendar, Contacts, the contents of your Google Drive, Google Books, Google Voice, Hangouts and other services that may host your content.

This is great if you want a local backup of all your data.

Unfortunately, it seems you cannot ask for a backup of your GMail from a certain date (assuming you’ve already done a full backup of your GMail recently), so you’d have to run this master/full backup over and over again if you wanted to obtain periodic backups of your new emails since your last backup/download.

Continue reading

BAD USB!

BadUSB – Turning devices evil. Once reprogrammed, benign devices can turn malicious in many ways, including:

  1. A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
  2. The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
  3. A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.

For the security conscious, USB devices should be considered potentially as risky as contaminated hypodermic needles. Of course to infect a machine it will require physical access to the computer, but once infected the entire computer can never be trusted again.

A BadUSB device can actually replace a system’s BIOS. Wiping & reinstalling the operating system will do nothing as the corrupted firmware of the USB device is outside the control of an operating system installation. Apparently, this security hole has been known for some time and has already been weaponized.

There is no known fix to this security hole.

Hopefully USB manufacturers can issue a patch that can be applied universally to pre-existing firmware.

Sources: One, two.

Mail Server in a Box

Pretty interesting group of applications. I can see where this has merit for easy deployment of a mail server, though I think SPAM filtering might be a headache.

 

Mail-in-a-Box

NetHogs: A simple ‘net top’ tool

A great little application that runs in a shell prompt to let you know which applications are eating your bandwidth – live.

sudo apt-get install nethogs

Then run . . .

sudo nethogs

. . . from your shell prompt and enjoy the detailed information!

One odd caveat though: I had a Windows virtual machine running under Virtualbox that was using about 150Kbps and NetHogs did not list it by application, instead it listed it by IP address – in this case, the IP address of the virtual machine along with source and destination port numbers. It also did not attribute the traffic to eth0, but left the device blank.

I was expecting it to list the application, but I suppose in some scenarios (especially virtualization) all the available information may not be immediately available to NetHogs and so it will simply default to source/destination IP & port number.

(Source)

Command line based bandwidth speed test

Speedtest-CLI

Simply retrieve the python script:

wget -O speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py

Then make the downloaded script executable and execute it (the below commands assume you’re in the same directory as the downloaded file):

chmod +x ./speedtest-cli
./speedtest-cli

Execute the command and enjoy a hassle-free, simple bandwidth speed test application from your shell prompt.

(Source)

Convert MKV files to M4V files

MKV files are great — the format offers excellent compression and high quality video bit for bit. I do find that when I try to play MKV files on my Blu-Ray or Samsung TV (via USB device) it will not fast forward or rewind. The fix is to change the container to an mpeg 4 video container.

Here’s the simple command: (-threads 0 = use all CPU cores)

ffmpeg -threads 0 -i input.mkv -vcodec copy -acodec copy -absf aac_adtstoasc output.m4v

How to secure public WIFI connections on PC’s, Laptops and Android devices

Wifi connections are convenient and are nearly essential these days for most users. However, securing your connection can be complex and difficult, especially if using a free wifi hotspot at an airport, hotel or cafe.

If you have the option, using a VPN is often a simple, effective way to create a secure connection. However, not everyone has a VPN server available and may want a homegrown/personal solution. Here, secure shell is the best way to go.

This blog post will cover how to secure your wireless connection from prying eyes when using free or paid public wifi when using Linux. Even if the free/public wifi is “secured” with encryption, you don’t want to trust these 3rd parties as you have no control over who else has access to the network or how it’s configured.

Securing your wireless connection could be done in Windows as well, through Putty and I may cover that in another post in the future.

Doing this will require a Intermediate understanding of the bash shell, the dynamics of SSH, public IP’s, port forwarding, as well as the concept of SOCKS Proxies.

Continue reading

SSH: On the fly port forwarding.

[Post Updated]

Once inside an SSH session, you may realize that you need to reach another box via the local port redirect (-L 1234:192.168.0.5:23 for example).

Most people think you need to kill your SSH session to add a new -L option, then reinitiate the SSH session; this is NOT true.

You can open an internal SSH shell within an SSH session to add new redirects!

From within an SSH session, simply type (the ~ is the tilde character, which is shift + the key to the left of the number 1)

~# then hit

~C then hit (capital C)

Then type: help and <enter>

You’ll see a listing of available commands. To add a new local redirect, just type

-L 4567:192.168.0.12:5900, then hit <enter>

…and voilà, you’ve added a new local redirect. Just hit <enter> once, and you’ll be dropped back into command line.

There are other escape-commands. Just type ~? from within an SSH session for more escape-commands.

Just press <enter> on a line by itself to return back to the SSH session.

FYI: This also works for remote redirects, as well.

Here’s a Google search link offering more info:

For those who need the USS Enterprise engine noise in the background

SoX is the “Sound Exchange”  –  the swiss army knife of audio manipulation in Linux. It offers a lot of functionality.

One of the cool/nerdy things you can do with SoX is generate tones or white noise.

To that end, if you’d like to hear the USS Enterprise’s warp engines running in the background while you go about your nerdy business, simply type this command at your shell prompt, assuming SoX is installed. This is better than finding a clip on the internet and looping it.

[Nerd Alert]
play -c2 -n synth whitenoise band -n 100 24 band -n 300 100 gain +20

There is an alternate (lower in volume) version you can try:

play -c2 -n synth whitenoise band -n 100 24 band -n 300 100 gain +4  synth whitenoise lowpass -1 100 lowpass -1 100  lowpass -1 100 gain +2

[/Nerd Alert]
To end it, simple hit ctrl-c. Play around with the gain and other numbers if you’d like to tweak it.

…make it so.

[source]

Something wicked happened resolving packages.medibuntu.org

Looks like the medibuntu folks have called it quits on their repository.

Anyone who still has medibuntu in their Linux repos should remove it. If they don’t, they’ll see error messages similar to this when they perform their periodic sudo apt-get update command:

Something wicked happened resolving 'packages.medibuntu.org:http' (-5 - No address associated with hostname)

or

http://packages.medibuntu.org precise Release: The following signatures were invalid: NODATA 1 NODATA 2

Some Google searches imply this is a DNS issue when in fact, medibuntu has gone offline.

The simple fix is to remove medibuntu from your repository. There’s a single command that can do this for you:

sudo sed -i '/^deb http:\/\/packages.medibuntu.org*/d' /etc/apt/sources.list /etc/apt/sources.list.d/*.list


Thanks to this forum thread for the details.

The poor man’s SSH server, complete with DNS redirects.

For years I’ve been using SSH (redirecting local ports to IPs within range of the SSH server) as a poor man’s version of a VPN. It’s more convenient for me and also, my VPN server manufacturer doesn’t have a proper VPN client for linux <smirk>. Of course when running Windows in a VM, I get to use my native VPN client, but when in Linux natively, I have to resort to SSH.

Windows users would use Putty to SSH to servers, whereas in Linux, I just use the ssh application native to Linux.

Normally, I have a pretty long ssh command with a lot of local redirects, at least 20 … but I’ve recently discovered a python-based SSH server, where the client automatically redirects all traffic (similar to a socks proxy) through the SSH server, including DNS requests.

I have not yet tested this application, though I plan to — however it seems robust enough that it might be able to replace my 3-line-long SSH command and also make my poor man VPN a bit more robust.

It’s worth trying and at the very least, when I get some time my blog post here will remind me to try it.

Links:

sshuttle

Here’s a HowTo document.

Public Key Encryption – a depthful explanation for beginners: Part 2

In my last post I briefly discussed and posted videos discussing the basic concepts of public key encryption. In this post I shall go over the basic process of creating a public/private key pair for yourself as well as basic usage for exporting, importing keys and sending files and/or messages.

First of all, I located what seems to be a well done how-to document on Tutonics. They seem to do a pretty good job. So if my explanation seems confusing at all, take a look at their how-to.

From the Linux command prompt, type:

gpg --gen-key

You will see the following output:

 Continue reading 

Public Key Encryption – a depthful explanation for beginners: Part 1

I’ve been asked by various people recently about encryption for secure communications. This is a very complex topic involving very advanced principles. Implementing a method to communicate securely over a digital connection (such as e-mail or live chat) can be very difficult for the average user.

Over a series of blog posts, I shall attempt to give a basic introduction (offering a variety of links and videos) to public key cryptography and ways to implement it to achieve relatively secure communications.

Most people tend to do better with videos than with big blocks of text, so I’ll offer here a few videos that help explain the concepts involved. Some of them are old – one specifically is a 5 year old video, which is still current in its technical details because advances in cryptography come slowly, but all of these videos go a long way in explaining the specific concepts involved and the basic commands involved in using Public Key Encryption.

You may find yourself watching some of these videos a few times to fully understand the concepts involved. But once understood, the actual mechanics of generating the keys and encrypting the messages in Linux (or Windows) is relatively simple, though unfortunately not quick or convenient. This is why many people don’t bother to use public key encryption as it’s a bit cumbersome to use, but it’s still the best method to secure communications through the Internet.

Continue reading

Godmother of Unix admins Evi Nemeth presumed lost at sea

Evi Nemeth (73 years old) literally wrote the book on Unix. From The Register:

The New Zealand authorities have formally called off the search for the sailing cruiser Nina, and say its seven-person crew, which includes Evi Nemeth who for the last 30 years has written the system administration handbooks for Unix and Linux, is now presumed lost at sea.

[…] Nemeth was born in 1940 and earned her PhD in mathematics in 1971 before entering computer science in 1980. Her math skills were proven when she found problems with the “Diffie–Hellman problem” used for cryptography, but for systems administrators she is best known for her seminal handbooks on network management.

In 1989 she wrote the 1989 Unix System Administration Handbook, which she revised in 1995 and 2000. She also published the Linux Administration Handbook in 2002 (revised in 2006) and in 2010 authored the combined Unix and Linux System Administration Handbook.

All are best-sellers and explain the basics of network topology and administration simply and without recourse to hype. Nemeth saw the need to simplify the arcane language of the IT industry, a language that sometimes did more harm than good.

“Many people equate the word ‘daemon’ with the word ‘demon,’ implying some kind of Satanic connection between Unix and the underworld,” she wrote. “This is an egregious misunderstanding. ‘Daemon’ is actually a much older form of ‘demon’; daemons have no particular bias towards good or evil, but rather serve to help define a person’s character or personality.”

“The ancient Greeks’ concept of a ‘personal daemon’ was similar to the modern concept of a ‘guardian angel’ – ‘eudaemonia’ is the state of being helped or protected by a kindly spirit. As a rule, Unix systems seem to be infested with both daemons and demons.”

[…]Like any offshore sailor, Nemeth would have been aware of the risks and accepted them. If the Nina is lost with all hands, we can at least take comfort from the fact that Nemeth died doing something she loved.

The entire article can be read here.

Continue reading

Alternative to SoundConverter: PACPL. The Perl Audio Converter.

I’ve had issues with SoundConverter on Linux. It wouldn’t always transcode my FLAC files to MP3 (or any other format for that matter). It would often just cut out … stopping the transcoding at random points in each FLAC file. It also was very light on features.

I was researching ways to manually transcode FLAC files into MP3 (for the purposes of listening to audio files on-the-go on my phone, while taking up less space) and thought about doing it via command line. After making sure FLAC and LAME were both installed on my machine, just running:

for f in *.flac; do flac -cd "$f" | lame -b 320 - "${f%.*}".mp3; done

This command will work straight from a shell prompt or as a script, so long as all the files you want to transcode are in ONE directory. If you want to do it recursively (as well as handle directories with spaces or multiple spaces) you need a more complex bash script.

My alternative solution was much better and more versatile. The Perl Audio Converter: PACPL.

This does more than SoundConverter and is more stable. Unlike SoundConverter, it supports normalization, which really helps for audio files that are a bit low on volume. Since in this audio batch I had about 12.5 gigs of FLAC files that I wanted to transcode into MP3, I just copied the entire directory, creating a duplicate. I then ran this command:

pacpl -t mp3 --bitrate 192 -r ./ --normalize --delete

This command will convert everything below the ./ current path and transcode every audio file (regardless of file type) into MP3 (-t mp3) at a bitrate of 192 (–bitrate 192). The -r will do this job recursively from the current directory. It will also normalize (–normalize) each file and then delete (–delete) the original source/input file.

When the script was done a few hours later, my duplicate directory was now an MP3 version of the original directory, at about 1/3rd the size.

There are plenty of options that make PACPL much more versatile than SoundConverter (though there’s no GUI to PACPL, it’s just run from command line).

You can apt-get it from most debian based repositories (sudo apt-get install pacpl) and then just to a man paclp for more information.

The project hasn’t been updated since 2009, but it appears to be quite versatile if you check out their website. It also supports CD Audio ripping with CDDB lookup. It can also work under Windows leveraging Cygwin.

From their site:

Perl Audio Converter is a tool for converting multiple audio types from one format to another. It supports AAC, AC3, AIFF, APE, AU, AVR, BONK, CAF, CDR, FAP, FLA, FLAC, IRCAM, LA, LPAC, M4A, MAT, MAT4, MAT5, MMF, MP2, MP3, MP4, MPC, MPP, NIST, OFR, OFS, OGG, PAC, PAF, PVF, RA, RAM, RAW, SD2, SF, SHN, SMP, SND, SPX, TTA, VOC, W64, WAV, WMA, and WV. It can also convert audio from the following video formats: RM, RV, ASF, DivX, MPG, MKV, MPEG, AVI, MOV, OGM, QT, VCD, SVCD, M4V, NSV, NUV, PSP, SMK, VOB, FLV, and WMV.

A CD ripping function with CDDB support, batch conversion, tag preservation for most supported formats, independent tag reading/writing, and extensions for Amarok, Dolphin, and Konqueror are also provided.

Richard Stallman Inducted into the 2013 Internet Hall of Fame

from FSF.org

The Internet Hall of Fame inducted Stallman for his contributions as creator of the GNU Project, main author of the GNU General Public License, and his philosophical contributions as founder of the free software movement.

Stallman has been named an Innovator, a category which recognizes and celebrates individuals who made outstanding technological, commercial, or policy advances and helped to expand the Internet’s reach.

Stallman had this to say upon his induction: “Now that we have made the Internet work, the next task is to stop it from being a platform for massive surveillance, and make it work in a way that respects human rights, including privacy.”

The Free Software Foundation congratulates Stallman and all of the other inductees, and thanks them for their contributions to the Internet.

A complete list of 2012 and 2013 Internet Hall of Fame inductees and their bios can be found at http://www.internethalloffame.org.

How to record your desktop with audio from a mic feed in Linux

Simple command, using FFMPEG:

ffmpeg -f x11grab -r 25 -s 1360x768 -i :0.0 -f alsa -ac 2 -sameq -i pulse -vol 500 ./output.mkv

Change your desktop resolution from 1360×768 to match your desktop. If needed, the option “-vol 500” amplifies the volume 5x. This may be needed on some mics that do not have any mic boost set (I had to use it on mine). You can increase this number to 1000 or 2000 (10x, 20x), etc.

The “-r 25” is the frame rate option. You can increase this to 30 or decrease it if you want to reduce the file size without compromising quality, but the video will miss a lot of moments in between captures: 25 should be the lowest setting.

You can run a “man ffmpeg” to research what each options does, but this will give a well-compressed video file with audio for a screen capture of your desktop.

TMate – instant terminal sharing

This reminds me of TeamViewer, but for the terminal shell.

TMate.

I haven’t yet had a need to share my terminal with anyone, but this is amusing and could be useful someday. Some of you may find it very helpful.

Convert Flash Videos (.flv) to MPEG with FFMPEG

If you download YouTube videos (using youtube-dl for example) you may want to convert them to mpeg for people who may have troubel viewing FLV files (perhaps Windows users who aren’t very technical).

The easy command is:

ffmpeg -i ./input.flv -sameq -ar 44100 ./output.mpg

The -sameq tells ffmpeg to maintain the same video quality as the original and -ar tells ffmpeg set an audio sampling frequency of CD quality (44100). This works in reverse, of course.

How to extend your SUDO timeout

This annoyed me for a while. The default timeout on SUDO in Linux is pretty short …. and I wanted it extended.

The easy way to do it is:

sudo visudo

Then, look for the line:

Defaults        env_reset

From here, simply add to the end of the line:

Defaults        env_reset,timestamp_timeout=2

Where the 2 is the number of minutes you want your SUDO credentials to last before you’ll be asked to re-enter the password. No need to add a space between the comma.

Pretty easy.

Load more