tag:blogger.com,1999:blog-66409033120176729822024-03-13T03:52:04.579-07:00Cods PlaiceCodfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.comBlogger258125tag:blogger.com,1999:blog-6640903312017672982.post-32652963831412140262024-01-25T04:57:00.000-08:002024-01-25T04:58:54.062-08:00How to simply build and maintain your own VPN service for complete privacy<p><img alt="TorGuard VPN review: A serviceable VPN | Macworld" class="detail__media__img-highres js-detail-img js-detail-img-high" src="https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fimages.idgesg.net%2Fimages%2Farticle%2F2020%2F03%2Fvpn_network_security_by_putilich_gettyimages-1203543580_2400x1600-100837104-large.3x2.jpg&f=1&nofb=1&ipt=65dc28db6a1f8b6188f0148bd3017a10ae46f9ecc71b151a7912cb517350dd51&ipo=images" style="display: block; height: 298px; width: 447px;" /></p><p>One of the best ways of staying safe on the web is to use a VPN(Virtual Private Network), which keeps all your traffic across the internet encrypted, and more importantly away from prying eyes.</p><p>Now the easiest way for most people to do this is via a paid for service, and for 95% of the population that's perfectly fine. However, the fact you are using someones else's service for computer professionals leaves a worry that logs(although they claim they don't keep them) could be kept on where you visited and when. This is unacceptable to me.</p><p>So I have built my own service using these basic tools.</p><ol style="text-align: left;"><li><span style="color: red;">Amazon EC2 service</span></li><li><span style="color: red;">Wireguard kernel VPN service docker container<br /></span></li><li><span style="color: red;">Ubuntu 22.04(soon to be 24.04) operating system built on an Amazon AMI virtual instance</span></li><li><span style="color: red;">Terraform to build the whole service from scratch</span></li><li><span style="color: red;">Ansible to configure and constantly keep state of the virtual instance.</span></li><li><span style="color: red;">Docker and Docker Compose <br /></span></li></ol><p>Now there is a lot of programming code that is tucked away in my private gitlab instance for this, but I will describe how the process works and how the system gets built from scratch.</p><p>Basically the Terraform code builds the infrastructure and Ubuntu Virtual Machine(VM) that the VPN will work on. Once this code has run, it will have created everything - including a static IPv4 and IPv6 address that the VPN can use.</p><p>Once the VM is up and running, and I can successfully log onto the machine with SSH, I then run Ansible code to build all the required parts of the system, and upload the docker compose code ready for building the docker container that will be the VPN server endpoint.</p><p>Once that has all been completed and the docker container is up and running, I test that the new container is accessible from my local laptop using netcat - via the AWS security groups that were built with Terraform.</p><p>The initialisation of the Wireguard docker container creates several user configuration files that are required by any client application that wishes to connect to this VPN. </p><p>With the Wireguard client installed on any laptop or desktop, you can now connect to the VPN anywhere in the world that you created the VM in. This allows for great flexibility and availability.</p><p>Also as Docker containers are so efficient and small in size, this allows the VM to be used for many other task's using other docker containers, like OpenVpn, Transmission, Gitlab etc etc.</p><p>I have been using this method for many years now and it is rock solid and extremely reliable. </p><p>This supports a small team of users, but could be easily scaled to support many more users, and multiple instances would provide resilience.</p><p>Another major advantage is this can all be run on an AWS micro instance, so is inexpensive, though slightly more expensive than just using a paid for service, you have 100% control and know that all logs can be deleted on a daily basis and the VM can be destroyed and re-built in minutes in another region, availability zone or any other reason. </p><p>With the way the Internet is going and every company wishing to snoop on your work and activities, then the more you can keep things private, the better.<br /></p>Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-64525861254553032112023-02-10T02:28:00.003-08:002024-01-25T04:59:43.165-08:00Things discovered while installing pi-hole service as a docker container on a Raspberry Pi 8GB Pi4 (Raspbian Buster OS)<p><img alt="Docker Data Containers" class="detail__media__img-highres js-detail-img js-detail-img-high" src="https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fwww.freecodecamp.org%2Fnews%2Fcontent%2Fimages%2F2019%2F07%2F1_AUiK5PwnsPG_xaT9jcVoSA-2.jpeg&f=1&nofb=1&ipt=676d2e5113ce7df602e6845e13a0bfac9e7265e8a329d64d7855382a90536239&ipo=images" style="display: block; height: 312px; width: 629.426px;" /><span style="font-size: large;"><b> <br /></b></span></p><p><span style="font-size: large;"><b>Things discovered while installing pi-hole service as a docker container on a Raspberry Pi 8GB Pi4 (Raspbian Buster OS)</b></span><br /><br />Using the docker compose file from the GitHub installation site it was obvious that this version of the OS was not compatible with the latest versions of Pihole - so the first task was to up grade the OS to Bullseye. <br /><br />The pihole docker container install site is here.<br /><br /><a href="https://github.com/pi-hole/docker-pi-hole">https://github.com/pi-hole/docker-pi-hole<br /></a><br />This website offers a great simple method. It’s not as seamless as Ubuntu - but also not rocket science either.<br /><br /><a href="https://www.tomshardware.com/how-to/upgrade-raspberry-pi-os-to-bullseye-from-buster">https://www.tomshardware.com/how-to/upgrade-raspberry-pi-os-to-bullseye-from-buster<br /></a><br />The first problem was there was a service already sitting on port 53 - so this has to be disabled as Pihole uses this port for it's service. The eventual truth was there were actually two services fighting over this port - systemd-resolver and connman dnsproxy.<br /><br />They both need separate solutions to stop them. <br /><br />Systemd-resolver needs to have it’s config file altered as follows,<br />Change DNS=1.1.1.1 and DNSStubListener=no - then restart the service.<br /><br />With connman you need to follow the instructions in this blog post to turn off it’s attempt to grab that port</p><p> <a href="https://wiki.archlinux.org/title/ConnMan#Avoiding_conflicts_with_local_DNS_server">https://wiki.archlinux.org/title/ConnMan#Avoiding_conflicts_with_local_DNS_server</a> <br /><br />Once this was completed - the docker container would still not start - it was giving a spurious error message about IPv6 issues.<br /><br />On further reading around - it appeared that the version of docker requires to be version 20 or above, so I updated that in Bullseye as follows using:</p><p><br /><b>sudo apt install docker.io/bullseye</b><br /><br />After all this the docker container started correctly and the Raspberry Pi is now function as our DNS proxy for the whole house network to try and stop all the crap the web throws at you. <br /></p>Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-39647186537940883802020-04-23T15:48:00.000-07:002020-04-23T15:48:20.364-07:00Switching on DNS over HTTPS on various browsers <div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-tP-O6F1suL8/XqIVz711UWI/AAAAAAAAJLc/gBapQi3O0fgFgV4yzKqwI_ELRAQreyHvgCLcBGAsYHQ/s1600/Dark-Web-Monitoring.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="1600" height="200" src="https://1.bp.blogspot.com/-tP-O6F1suL8/XqIVz711UWI/AAAAAAAAJLc/gBapQi3O0fgFgV4yzKqwI_ELRAQreyHvgCLcBGAsYHQ/s400/Dark-Web-Monitoring.jpg" width="400" /></a></div>
<br />
<br />
A new feature that is hitting all new modern web browsers is the ability to turn on DNS over HTTPS, which in my opinion is a very good idea - to keep the ISP snoopers off your traffic - so they have no idea where you are looking up or searching for. Not all Browsers have this facility at the moment - but I will cover those that do.<br />
<br />
This by association is a recommendation for those that do. <br />
<br />
<h2>
Mozilla Firefox:</h2>
To turn this feature on in Firefox go to <b>Preferences/Network/Settings</b> and the just select the DNS over HTTPS as shown below.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-tLY86fJF8iE/XqIXk2gvQcI/AAAAAAAAJLo/-kNr2Y9ik44Jx16u87mgUK97e5V6QdOgACLcBGAsYHQ/s1600/Screenshot%2B2020-04-24%2Bat%2B00.32.33.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="1282" height="320" src="https://1.bp.blogspot.com/-tLY86fJF8iE/XqIXk2gvQcI/AAAAAAAAJLo/-kNr2Y9ik44Jx16u87mgUK97e5V6QdOgACLcBGAsYHQ/s320/Screenshot%2B2020-04-24%2Bat%2B00.32.33.png" width="256" /></a></div>
<br />
<h2>
Google Chrome Chromium:</h2>
To turn this feature on in Chrome or Chromium, open a new tab and type <b>chrome://flags</b> and in the search bar type dns and enter. The following will appear and just select enable for DNS over HTTPS<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-wWdnXiLUMcY/XqIYs1ALfGI/AAAAAAAAJLw/Lw3m_UCmq6Qw3zya_qd2d7CZYyJ-DSgCgCLcBGAsYHQ/s1600/Screenshot%2B2020-04-24%2Bat%2B00.37.22.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="272" data-original-width="1600" height="54" src="https://1.bp.blogspot.com/-wWdnXiLUMcY/XqIYs1ALfGI/AAAAAAAAJLw/Lw3m_UCmq6Qw3zya_qd2d7CZYyJ-DSgCgCLcBGAsYHQ/s320/Screenshot%2B2020-04-24%2Bat%2B00.37.22.png" width="320" /></a></div>
<h2>
Opera:</h2>
As this browser is based on Chromium you have to type <b>opera://flags</b> and then follow the above.<br />
<br />
<h2>
Microsoft Edge:</h2>
Again, this browser is based on Chromium, only this time just type <b>edge://flags </b>and then follow the above.<br />
<br />
<h2>
Apple Safari and Microsoft Internet Explorer:</h2>
I'm afraid at the time of writing the above two don't support it. Safari may well in the future, but I very much doubt Internet Explorer ever will.Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-16048331981969647222020-04-15T14:37:00.001-07:002022-01-30T04:37:07.259-08:00Switching to a small footprint Intel NUC computer to do everything - unexpectedly surprised at performance<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-Lq9-xQLYhOw/XpbKG_GvulI/AAAAAAAAJKs/9A13X94dXZw3nUZG_MONPwd24BC8aztigCLcBGAsYHQ/s1600/Intel-NUC-i3-1-1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="748" data-original-width="1600" height="186" src="https://1.bp.blogspot.com/-Lq9-xQLYhOw/XpbKG_GvulI/AAAAAAAAJKs/9A13X94dXZw3nUZG_MONPwd24BC8aztigCLcBGAsYHQ/s400/Intel-NUC-i3-1-1.png" width="400" /></a></div>
<br />
I don't know about you, but I have a variety of computer systems in my house for a whole range of uses. Everything from a Mac mini to an Amazon Firestick, all doing their job for the task required. However the Mac minis I have serve as media servers and players but are getting a bit long in the tooth, so I decided to upgrade the media server with an Intel NUC.<br />
<br />
I decided to spec it as fully as possible and gave it a 6 Core processor, 32 GB RAM, and a 1TB m.2 NVME SSD drive. This should make it future proof for a good few years, that was the thinking. It came in at around £700, which was way less than a new Mac Mini.<br />
<br />
Its main purpose in life was to support 4 USB 3.1 Gen2 external hard drive boxes (Akitio) for all my media and backups. If it was capable of anything else that would be a bonus, but not expected. It is attached to a 32" Samsung curved monitor with 144Hz refresh at 2.5+K - crystal clear and super responsive.<br />
<br />
I installed <a href="https://xubuntu.org">Xubuntu </a>as the base operating system, though I only use openbox window manager on it to reduce the overhead of the host operating system even further. That has been a great learning curve to show how little GUI you actually need just to get stuff done.<br />
<br />
However, the real surprise happened when I spun everything up, was just how fast this little box is. The memory wasn't being used by the media software (Plex) so I thought let's try running a few docker containers on here as well to do other network jobs for me. No issue at all. I currently have the following running on the box 24/7<br />
<ol>
<li>Pi-hole DNS service</li>
<li>Portainer container manager service</li>
<li>Jenkins job management service</li>
<li>OpenVPN service</li>
</ol><p>
So, I thought, I wonder how it would perform if I stuck a few virtual machines on there as well whilst it's doing everything else.<br />
<br />
No problem at all, I'm currently running a beta version of Ubuntu and a separate Arch Linux using KVM and QEMU, and it still is not scratching the sides of what this little box can do. It's currently using 8GB of RAM and the load on the server is never above 3, even while everything is running and I'm streaming HD content to other parts of the house.<br />
<br />
Considering I used to have tower machines cluttering up my workspace to do this sort of thing, I now have one device to do it all.<br />
<br />
Intel have just brought out a new edition of these, with even faster processors and RAM capacity, so I will be getting one of those to work alongside this one when my other Mac Mini dies.<br />
<br />
The Mac mini's served me well, but I have now found a better device and with all the cost savings of not buying Apple kit again, I can literally have three for the price of one.</p><p><b>30/01/2022 Update</b></p><p>I have added several more docker containers to the machine to see just how far this can be pushed </p><ol style="text-align: left;"><li>Gitlab for source code control</li><li>Plex for home media and music playback</li></ol>As before with all these services running and pushing the device with streaming and carrying out all it's other functions it is still performing perfectly. The replacement of the installed plex server to use a docker container is simply one of ease of maintenance. There is nothing wrong with the installed app version, but keeping plex up to date now is just a matter of a "Docker pull" and I've got the latest version - no Library issues etc.<br />Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-19908592804190033582020-04-13T15:02:00.000-07:002020-04-23T14:54:17.816-07:00Building a small footprint Ubuntu desktop or server for old,singleboard or virtual machines.<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-8znGvxSgC4Y/XpTW1fUZThI/AAAAAAAAJKc/-sRFJiNcPRUC86_jtfa5rAV-bOw4GNZgACLcBGAsYHQ/s1600/Screenshot%2B2020-04-13%2Bat%2B21.32.14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1049" data-original-width="1600" height="260" src="https://1.bp.blogspot.com/-8znGvxSgC4Y/XpTW1fUZThI/AAAAAAAAJKc/-sRFJiNcPRUC86_jtfa5rAV-bOw4GNZgACLcBGAsYHQ/s400/Screenshot%2B2020-04-13%2Bat%2B21.32.14.png" width="400" /></a></div>
<br />
So the lockdown offers time to try out things I have put on the back burner for a while. This little project was to build as easily as possible a diminutive Linux install that can be used for many use cases, like single board computers, virtual machines and my older hardware that I use for various tasks. Also offering complete control over what you do and don't install.<br />
<br />
I have tried all sorts of Linux distributions, but I think I have found the ideal solution with this one.<br />
<br />
Starting with the <a href="https://help.ubuntu.com/community/Installation/MinimalCD" target="_blank">Ubuntu mini iso</a> this makes the starting point very easy. You can install as much or as little as you like as you go through the installation process. Burn the iso file onto a USB drive or use it directly for your virtual machines. I basically didn't install anything that I didn't need to - especially towards the end when it ask's about GUI desktops - select nothing.<br />
<br />
One thing to look out for is when partitioning the disk, whether virtual, SD or SDD don't set up a swapfile - it allocates 500MB on a device with 4GB of ram - which is pretty common these days.<br />
<br />
Once all is installed you are presented with a standard command line when you reboot - which can be enough for a lot of people if you are going to run this as a server for some purpose. That takes up around 1.5GB disk space. This could be pruned further if needed, but even with a 16GB SD card, that's not too shabby. Especially compared to a full Gnome Ubuntu install which will eat around 6.5GB.<br />
<br />
Now to get a simple working desktop on top of that I recommend using openbox - the following command installs all you need to get going, and give you the desktop above - minus the wallpapers - more of that in a mo.<br />
<br />
<blockquote class="tr_bq">
<b>sudo apt install openbox obconf obmenu vim xterm lightdm lightdm-gtk-greeter tint2 nitrogen ncdu xfce4-terminal arandr</b></blockquote>
The above is one command on one line.<br />
<br />
Reboot your machine and you will be greeted with a login screen - login with the user you set up and you will be presented with a blank screen and a cursor - that is Openbox's starting place - immediately right-click the mouse and select the terminal.<br />
<br />
Then carry out the following:<br />
<ol>
<li>Launch tint2 to give you a panel</li>
<li>Launch arandr to set your video resolution - and save it to a file name to be used later.</li>
<li>Copy any wallpaper from any machine or website using ssh to your users home directory</li>
<li>Launch nitrogen to set that wallpaper you just saved. You can install more later.</li>
<li>Make these changes permanent.</li>
</ol>
To make option 5 happen:<br />
<br />
Create a folder in <b>/home/your username/.config</b> called <b>openbox. </b><br />
In that directory create a file called <b>autostart</b>.<br />
<br />
Add these lines to that file<br />
<br />
<b>nitrogen --restore &</b><br />
<b>tint2 &</b><br />
<b>/home/your username/.screenlayout/name-you-saved-it-as &</b><br />
<br />
Once you have done this - you are good to go. Logout and back in, and you will have similar to the above image.<br />
<b> </b><br />
Now with the Ubuntu eco-system, you can install anything you like. This can be a Bastion, NFS, Samba, DNS server - whatever.<br />
<br />
If you want to make it into a full-function desktop, add Firefox, VLC, Spotify, etc, etc.<br />
<br />
However, the base from which you now start is 2.4GB of disk space used, which is the key to this.<br />
<br />
You now have complete control over whatever you want to install and make this device into something you have designed and like.<br />
<br />
It also minimises your security attack vector - as you have a lot less installed, less to update and less to keep an eye on. This is a massive plus for the whole process.<br />
<br />
<b>Updated:</b> 14/4/2020<br />
<br />
<br />
<br />Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-26222083937762629312020-03-28T06:11:00.000-07:002020-04-23T14:55:21.023-07:00Getting DNS working with an Ubuntu 20.04 virtual machine installed on an Ubuntu 19.10 host<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-PPgKSZlvimg/Xn9H9EwYOyI/AAAAAAAAJIw/BgiyI34f_sY-2aedy2jP6TLDxB-EhfGMgCLcBGAsYHQ/s1600/Ubuntu-20.04-Focal-Fossa.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="675" data-original-width="1200" height="180" src="https://1.bp.blogspot.com/-PPgKSZlvimg/Xn9H9EwYOyI/AAAAAAAAJIw/BgiyI34f_sY-2aedy2jP6TLDxB-EhfGMgCLcBGAsYHQ/s320/Ubuntu-20.04-Focal-Fossa.png" width="320" /></a></div>
While taking a look at the next LTS release of Ubuntu - I found after I had spun up the new image in KVM on an Ubuntu 19.10 host that the DNS would not resolve - which scuppered me taking a really good look at it.<br />
<br />
Now, they have moved DNS resolution into systemd for a while now, and on the host machine this has not caused me an issue. I have to say though, it appears to me that using systemd to resolve DNS is not only overly complicated but a waste of everyone's time - but I'm sure someone must appreciate the value of it.<br />
<br />
I tested that the network was working correctly and the virtual machine could access the DNS resolver if it had been configured correctly with the following command:<br />
<br />
<b>dig @192.168.1.1 www.ubuntu.com</b><br />
<br />
This worked, so I knew that the virt. machine would work if the DNS resolver was working correctly.<b> </b><br />
<br />
So, how to fix the issue. I tried several methods - each trying not to disable the systemd service - but all met with failure with my testing , so in the end I decided to just turn it off and use the tried and trusted /etc/resolv.conf<br />
<br />
The commands to achieve this are:<br />
<br />
<b>systemctl stop systemd.resolved</b><br />
<b>systemctl disable systemd.resolved</b><br />
<br />
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; font-weight: 400; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; orphans: 2; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; widows: 2; word-spacing: 0px;">
Then edit the following line in the file <code style="background-color: var(--black-050); border: 0px; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 1px 5px; vertical-align: baseline; white-space: pre-wrap;"> </code></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<b><code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 1px 5px; vertical-align: baseline; white-space: pre-wrap;">/etc/NetworkManager/NetworkManager.conf<code style="background-color: var(--black-050); border: 0px; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 1px 5px; vertical-align: baseline; white-space: pre-wrap;"> </code></code></b></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<b><code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 1px 5px; vertical-align: baseline; white-space: pre-wrap;"><code style="background-color: var(--black-050); border: 0px; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 1px 5px; vertical-align: baseline; white-space: pre-wrap;">[main]</code> </code><code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;"> </code></b></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<b><code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;">dns=default</code></b></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;">Then remove the link in /etc</code></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;"><b>rm resolv.conf</b></code></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;">Now create a new resolv.conf in /etc with the name of the nameserver you wish to use i.e.</code></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;"><b>namesever 192.168.1.1 < or whatever yours is ></b></code></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;">The you need to restart the NetworkManager</code><code style="background-color: var(--black-050); border: 0px; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;"> </code></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<b><code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;">sudo systemctl restart NetworkManager</code></b></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;">This worked perfectly and the virtual machine is now happily resolving DNS correctly.</code></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;">None of the above is destructive and can be reversed if the systemd could be made to work, but as this was only a test machine, I decided I had wasted enough time on it.</code><br />
<br />
<code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;">NB. While working on some more virtual machines I came across this blog post which offers a more elegant solution to this DNS problem for Ubuntu/Debian based distros.It allows you to keep DNS resoltion in systemd - so I can't have been the only person having issues with it.<br /><br /><a href="https://www.tecmint.com/set-permanent-dns-nameservers-in-ubuntu-debian/" target="_blank">Solve local DNS issues in Ubuntu and Debian</a></code></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;"> </code><b><code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;"> </code></b></div>
<div style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px none; box-sizing: inherit; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; letter-spacing: normal; line-height: inherit; margin: 0px 0px 1em; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; word-spacing: 0px;">
<code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;"><b> </b></code><b><code style="background-color: var(--black-050); border: 0px none; box-sizing: inherit; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;"></code></b></div>
<br />
<br />
<br />Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-5869818775653411752019-11-13T03:24:00.001-08:002020-04-23T14:55:57.241-07:00How to use pi-hole with a Docker container on your Mac Laptop to stop unwanted internet adverts.<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-d6CjjYrFdTg/XcvFfH353pI/AAAAAAAAJAM/N5Fd2pIRcykR0H_lkM6zv3PI8Oah4nYkwCLcBGAsYHQ/s1600/blackhole-1920-800-19.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="667" data-original-width="1600" height="265" src="https://1.bp.blogspot.com/-d6CjjYrFdTg/XcvFfH353pI/AAAAAAAAJAM/N5Fd2pIRcykR0H_lkM6zv3PI8Oah4nYkwCLcBGAsYHQ/s640/blackhole-1920-800-19.png" width="640" /></a></div>
If you are fed up with pointless internet advertising on sites you visit, here is a great additional service you can install on your local machine - or more importantly for your network to stop it dead. I shall not go through what this product is as here is a link - <a href="https://pi-hole.net/" target="_blank">Pi-Hole</a>.<br />
<br />
Basically, you need to install the Docker application on you laptop or desktop so that running up the pi-hole docker container is straight forward. You can get docker for Mac <a href="https://www.docker.com/products/docker-desktop" target="_blank">here</a>. For the network installation, a Linux server virtual machine or docker container on a machine continuously running would make sense.<br />
<br />
Then you need to clone the pi-hole docker git repository to your local machine<br />
<br />
<b>https://github.com/pi-hole/docker-pi-hole.git</b><br />
<br />
Change into that directory and run <b>docker_run.sh </b><br />
<br />
Once the script has run - it will spit out an admin password that you will need to remember to log into the web-based admin screen.<br />
<br />
You can look at that by pointing a browser tab at http://127.0.0.1<br />
<br />
Once logged in you will see something like this.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-887057FA0TE/XcvkA2mD68I/AAAAAAAAJAY/q4bwKT0fd98yBmSEUTJMNquTsIPrtGpBgCLcBGAsYHQ/s1600/Screenshot%2B2019-11-13%2Bat%2B11.07.17.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="857" data-original-width="1600" height="212" src="https://1.bp.blogspot.com/-887057FA0TE/XcvkA2mD68I/AAAAAAAAJAY/q4bwKT0fd98yBmSEUTJMNquTsIPrtGpBgCLcBGAsYHQ/s400/Screenshot%2B2019-11-13%2Bat%2B11.07.17.png" width="400" /></a></div>
<br />
<b> </b>The last part of getting this working on your laptop is to point the DNS resolution of OSX to point to the localhost - as pi-hole is now listening on port 53. Again for network-based installation you would point this at the IP address of your server running the service. You can also then setup that IP address in your routers DHCP settings so any machine on your LAN will get the same protection as they will push all their traffic through the new DNS server.<br />
<br />
<b></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-Sq6whQ5KR7Q/XcvkhPWM1OI/AAAAAAAAJAg/7NtYykuDFGQ7rJ045kNvQlAvFYLv8fqggCLcBGAsYHQ/s1600/Screenshot%2B2019-11-13%2Bat%2B11.09.44.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="882" data-original-width="1266" height="276" src="https://1.bp.blogspot.com/-Sq6whQ5KR7Q/XcvkhPWM1OI/AAAAAAAAJAg/7NtYykuDFGQ7rJ045kNvQlAvFYLv8fqggCLcBGAsYHQ/s400/Screenshot%2B2019-11-13%2Bat%2B11.09.44.png" width="400" /></a></div>
<br />
<b></b>
You can then run a test from the command line to make sure all your DNS requests are going via your new DNS service like so:<br />
<br />
<b></b>
<b>dig www.ubuntu.com</b><br />
<br />
<b>;; Query time: 23 msec<br />;; SERVER: 127.0.0.1#53(127.0.0.1)<br />;; WHEN: Wed Nov 13 11:16:40 GMT 2019<br />;; MSG SIZE rcvd: 139</b><br />
<br />
You will notice the response comes from your machines localhost - so all is working. With the settings of pi-hole you can specify several upstream DNS resolvers which also keeps your DNS queries out of the clutches of Google. There are many options - but I tend to use OpenDNS and 1.1.1.1<br />
<br />
Enjoy. <b> </b><br />
<b></b><br />
<b> </b> <br />
<br />Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-64473972312575204162019-03-09T07:46:00.009-08:002024-01-25T05:00:33.801-08:00Staying safe on the Web - what can I do to make my browsing more secure and leach less data?<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-IMwEB-d6c9U/XIPVzRl0gaI/AAAAAAAAIC0/gXIHDxDVsBIXY7lQQzqx2bdfsKxNF6qYQCLcBGAs/s1600/dark-web.jpeg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="645" data-original-width="1200" height="172" src="https://2.bp.blogspot.com/-IMwEB-d6c9U/XIPVzRl0gaI/AAAAAAAAIC0/gXIHDxDVsBIXY7lQQzqx2bdfsKxNF6qYQCLcBGAs/s320/dark-web.jpeg" width="320" /></a></div>
<br />
Friends and family often ask me about technologies they can use to make their lives just that little bit safer on the Web. So to save me having to answer the same questions repeatedly - I thought I would write a blog post to just highlight the tools,apps and extensions I use to make it better than just connecting to the web and hoping for the best.<br />
<ul>
<li>Use a VPN whenever and wherever you are. There are so many good and inexpensive examples to use these days - there is really no excuse not too. I hear good things about these ones <a href="https://www.mozilla.org/en-US/products/vpn/">Mozilla VPN</a> or <a href="https://www.expressvpn.com/" target="_blank">ExpressVPN</a>. <b>Make sure when choosing a VPN that the provider guarantees to not keep logs - very important.</b> I use my own - but those should be a good ones. This will work with you PC, iPad, mobile phone. So you will be covered whenever you decide to get some free internet in a cafe you have never been to before :-)</li>
<li>Use <a href="https://www.mozilla.org/en-US/firefox/new/">Mozilla Firefox</a>, Safari or <a href="https://www.opera.com/">Opera Browser</a> as your main browser. I know Google Chrome offers many features, but can you honestly trust Google to not be constantly looking to take your data and use it? I certainly don't trust Chrome anymore.</li>
<li>Install a good set of extensions to stop trackers and unwanted information leaching.</li>
<ul>
<li><a href="https://adblockplus.org/about" target="_blank">Adblock Plus</a></li>
<li><a href="https://www.ghostery.com/" target="_blank">Ghostery</a></li>
<li><a href="https://en.wikipedia.org/wiki/UBlock_Origin" target="_blank">uBlock Origin</a></li>
<li><a href="https://duckduckgo.com/app" target="_blank">DuckDuckGo privacy essentials</a></li>
<li><a href="https://www.eff.org/privacybadger" target="_blank">Privacy Badger</a></li>
<li><a href="https://www.eff.org/https-everywhere" target="_blank">HTTPS Everywhere</a></li>
</ul>
</ul>
<ul style="text-align: left;">
<li>Don't use Google as your default search engine - switch to using DuckDuckGo - it is an option on all modern browsers - just change the default. You will be amazed at how all the targeted ads suddenly stop appearing everywhere - because you will have stopped Google building a complete profile of you on the web.</li>
<li>Never use Facebook or Twitter to log into another site - always select to create a new account with your email and a strong password. </li>
<li>Use a password manager to ensure strong passwords on all sites you use. Three good examples are <a href="https://bitwarden.com/" target="_blank">Bitwarden</a>, <a href="https://www.lastpass.com/" target="_blank">Lastpass </a>or <a href="https://1password.com/" target="_blank">1Password</a>. </li>
<li>Where sites allow it use <a href="https://www.turnon2fa.com/tutorials/" target="_blank">2FA</a> - 2 Factor Authentication - on all sites. Not all sites do - but check and where you can implement it. There are many apps you can use , FreeOTP, YubiKey Authenticator, Protectimus Smart OTP, Lastpass Authenticator, Google Authenticator.</li>
<li>Turn on Firefox browsers "DNS over HTTPS" to keep your ISP from snooping on your site visits - it's to be found in <b>Preferences/General/Network Settings</b></li>
<li>If you must use <a href="https://github.com/mozilla/contain-facebook" target="_blank">Facebook</a> - I recommend you don't - then install an extension that puts it in a sandbox container - Firefox FB Container. This will reduce the amount of data you will leach from that app. </li><li>Talking about Firefox containers - then you can isolate all sort of other apps as well , using this add-on<br /><a href="https://www.maketecheasier.com/firefox-multi-account-containers-explained/">Firefox containers - Howto</a><br /></li>
<li>Also for facebook - look at this article and turn it off - <a href="https://www.vox.com/2020/1/28/21112380/facebook-activity-tool-data" target="_blank">How to delete Facebooks off page tracking of you web surfing.</a></li>
<li>Always look to use an anti-virus products on your phones, tablets and computers - there are many to choose from - I use AVG.</li>
<li> Make regular backups - so if you machine does get hijacked you have always got access to you valuable files. This can be to a secure cloud storage area as well as local USB type storage disk.<br /></li>
<li>Glasswire is a great tool for keeping an eye on your Windows and Android machines activity and is worth installing <a href="https://www.glasswire.com/">https://www.glasswire.com/</a> <br /></li><li>Useful YouTube video on securing Google Chrome if you must use it <a href="https://youtu.be/9lIMSzrjUrU">https://youtu.be/9lIMSzrjUrU</a></li><li>Switch on DuckDuckGo anti-tracking feature on your Android phone. <a href="https://www.theverge.com/2022/11/16/23462053/duckduckgo-app-tracking-tool-beta-android-users">duckduckgo-app-tracking-tool-beta-android-users</a> <br /></li><li><div class="post-full-title">Use the DuckDuckGo Extension to Block FLoC, Google’s New Tracking Method in Chrome <a href="https://spreadprivacy.com/block-floc-with-duckduckgo/">Stop FLOC</a></div><div class="post-full-title"><br /> </div><div class="post-full-title"> <br /></div> </li>
</ul><p style="text-align: left;">
There are other add-ons to stop javascript - which can stop a lot of nasty attacks - however - it can make a huge difference to the way the web looks and feels and a lot of sites depend on it. So unless you know what you are doing , I would stay clear of that to start.<br />
<br />
I have also just started using <a href="https://pi-hole.net/blog/" target="_blank">pi-hole</a>, a network-wide tool to stop unwanted advertising in its tracks. I will be writing an article shortly on how to set this up on your local laptop or network server.</p><p style="text-align: left;">Here is the article on using a docker container to run pi-hole - but you can use a virtual machine or a dedicated little machine like a Raspbery-pi to achieve the same thing. It is incredible useful and effective to stop all sorts of rubbish coming into your machine and network.</p><p style="text-align: left;"><a href="https://codsplaice.blogspot.com/2019/11/how-to-use-pi-hole-with-docker.html" target="_blank">Setting up Pi-hole locally using Docker</a><br />
<br />
<u><b>Updated: 15/7/2019 </b></u><br />
<u><b>Updated: 13/11/2019</b></u><br />
<u><b>Updated: 9/02/2020</b></u><br />
<u><b>Updated: 1/3/2020 </b></u><br />
<u><b>Updated: 16/6/2020</b></u><br />
<u><b>Updated: 11/09/2020</b></u><br />
<u><b>Updated: 15/03/2021</b></u><br />
<u><b>Updated: 14/05/2021</b></u><br />
<u><b>Updated: 8/8/2022</b></u><br />
<u><b>Updated:4/12/2022</b></u><br />
<br />
Useful reading on the Topic :<br />
</p><ul>
<li><a href="https://www.eff.org/" target="_blank">Electronic Frontier Foundation</a></li>
<li><a href="https://duckduckgo.com/newsletter" target="_blank">Security Crash course</a></li>
</ul>
Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-68625402698212183522017-11-04T06:27:00.000-07:002017-11-04T06:27:04.932-07:00DNS resolution in Docker containers with Ubuntu Artful on AWS<div style="background-color: white; border: 0px; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
This post is solution to a problem I discovered - so I hope others will find it useful.</div>
<div style="background-color: white; border: 0px; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
Spinning up AWS Ubuntu Zesty - 17.04 - images with Docker installed was straight forward with Ansible and Terraform , but then arrived Ubuntu Artful - 17.10 , and the containers spun up could not resolve DNS, regardless of which version of Docker I installed.</div>
<div style="background-color: white; border: 0px; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
After a lot of testing , it appeared to me that the host computer was passing through the wrong DNS server entry into resolv.conf within the container - so it would never work.</div>
<div style="background-color: white; border: 0px; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline;">The Solution:</strong></div>
<div style="background-color: white; border: 0px; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
With systemd and docker, the preferred way to change a daemon setting is to create a new file in /etc/docker called daemon.json.</div>
<div style="background-color: white; border: 0px; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
In that file add the following to get it use the AWS VPC default DNS resolver - 10.0.0.2 - like so</div>
<pre style="background-color: #eff0f1; border: 0px; color: #242729; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-size: 13px; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 1em; max-height: 600px; overflow: auto; padding: 5px; vertical-align: baseline; width: auto; word-wrap: normal;"><code style="border: 0px; font-family: Consolas, Menlo, Monaco, "Lucida Console", "Liberation Mono", "DejaVu Sans Mono", "Bitstream Vera Sans Mono", "Courier New", monospace, sans-serif; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; white-space: inherit;">{
"dns": ["10.0.0.2"]
}
</code></pre>
<div style="background-color: white; border: 0px; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
Restart the docker daemon , and the containers can now resolve DNS. There may be other ways to resolve this issue, but this works perfectly , and uses methods preferred by the docker community.</div>
<div style="background-color: white; border: 0px; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
I hope this helps others who may run into this problem.</div>
<div style="background-color: white; border: 0px; clear: both; color: #242729; font-family: Arial, "Helvetica Neue", Helvetica, sans-serif; font-size: 15px; font-stretch: inherit; font-variant-numeric: inherit; line-height: inherit; margin-bottom: 1em; padding: 0px; vertical-align: baseline;">
Other settings that can be made in that file can be found here. <a href="https://docs.docker.com/engine/reference/commandline/dockerd/" rel="nofollow noreferrer" style="border: 0px; color: #005999; cursor: pointer; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; font-weight: inherit; line-height: inherit; margin: 0px; padding: 0px; text-decoration-line: none; vertical-align: baseline;">Dockerd settings documentation</a></div>
Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-11876240986384798242017-06-06T04:19:00.001-07:002017-06-06T04:19:47.503-07:00Getting apps to work in cutting edge Ubuntu Docker containers when they grizzle about locales.<div class="tr_bq">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-ppHqdudf7gI/WTaO7vCHjgI/AAAAAAAAG8U/IDnQw2hNwyog0x-AgL0NjhR3n2Ia8bVrQCLcB/s1600/UBUNTU-17.10-artful-aardvark.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="506" data-original-width="900" height="179" src="https://2.bp.blogspot.com/-ppHqdudf7gI/WTaO7vCHjgI/AAAAAAAAG8U/IDnQw2hNwyog0x-AgL0NjhR3n2Ia8bVrQCLcB/s320/UBUNTU-17.10-artful-aardvark.jpg" width="320" /></a></div>
<br />
<br />
<br />
Whilst running up an Artful Aardvark Ubuntu docker container on a Zesty Ubuntu host server, I received a message that it couldn't load certain apps due to the locales for UTF-8 were not configured.</div>
<br />
This was annoying, but I initially worked around it , by installing the <b>locales-all</b> package into the container - it worked - but it bloated the container considerable.<br />
<br />
There is a better and simpler way, which I found after a lot of digging around in the Docker documentation, as others must have hit this issue before.<br />
<br />
What you need to do is set the following env variable in your Dockerfile when you build your container, and the problem does get solved for most apps, like tmux and screen within the container.<br />
<br />
<blockquote class="tr_bq">
ENV LANG C.UTF-8</blockquote>
If you find that this doesn't cure it for your application , you may need to move to the next step and include the following in your Dockerfile.<br />
<br />
<pre style="background-color: #eeeeee; border: 1px dashed #999999; color: black; font-family: "andale mono" , "lucida console" , "monaco" , "fixed" , monospace; font-size: 12px; line-height: 14px; overflow: auto; padding: 5px; width: 100%;"> <code style="color: black; word-wrap: normal;">
RUN apt-get update && apt-get install -y locales \
&& rm -rf /var/lib/apt/lists/* \
&& localedef -i en_US -c -f UTF-8 -A \
/usr/share/locale/locale.alias en_US.UTF-8
ENV LANG en_US.utf8
</code>
</pre>
Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-86465577805392283952017-05-12T08:43:00.000-07:002017-05-12T08:43:09.634-07:00Getting an elastic search shard to relocate after a cluster nodes disk had become full <div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-k-JZmUQfkLE/WRXXuGFxiYI/AAAAAAAAG7c/dmJyqILjX7YtaahhKxZaOxwysPWe7XBEACLcB/s1600/elasticsearch.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="https://3.bp.blogspot.com/-k-JZmUQfkLE/WRXXuGFxiYI/AAAAAAAAG7c/dmJyqILjX7YtaahhKxZaOxwysPWe7XBEACLcB/s320/elasticsearch.jpg" width="320" /></a></div>
<br />
<br />
I came into work today to find one of the test environments elastic search(ES) nodes had run out of disk space. A bad job had gone berserk overnight and filled the logs - which then filled ES nodes disks.<br />
<br />
So what to do with a volume with 100% utilisation? After chatting to a few colleagues , it was decided to delete one of the earlier indices - as the data in the dev environment was not life or death.<br />
<br />
I first tried this from the GUI - which didn't work at all , so I switched to the CLI and issued the following<br />
<br />
<b>curl -XDELETE curl localhost:9200/mydodgylogs-2017.05.08 </b><br />
<br />
That did the trick and we now had 80% disk utilisation, so I was expecting the shards to sort themselves calmly out. Unfortunately no go - there was one shard that was still refusing to relocate and it was effectively marking the cluster as yellow, so I had another chat with my colleague and he informed of a recovery log file which could make this happen. Effectively the disk being full had left the shard in an unstable state, and needed some help to sort itself out.<br />
<br />
So on the cli again, I found the offending shard directory in the correct index and removed the following file<br />
<br />
<b>mydodgylogs-2017.05.08/4/translog/translog-1234567890.recovering</b><br />
<b><br /></b>
As soon as that was removed the shard relocated fine and the system went back to being happy and green.<br />
<br />
As it took some time with a few colleagues to get to the bottom of the problem, I thought others may find it useful in the future.<br />
<br />
Running the normal health check command then gave me the following healthy output.<br />
<br />
<b>curl localhost:9200/_cluster/health?pretty</b><br />
<b><br /></b>
<b>{</b><br />
<b> "cluster_name" : "myclustername",</b><br />
<b> "status" : "green",</b><br />
<b> "timed_out" : false,</b><br />
<b> "number_of_nodes" : 2,</b><br />
<b> "number_of_data_nodes" : 2,</b><br />
<b> "active_primary_shards" : 45,</b><br />
<b> "active_shards" : 90,</b><br />
<b> "relocating_shards" : 0,</b><br />
<b> "initializing_shards" : 0,</b><br />
<b> "unassigned_shards" : 0,</b><br />
<b> "delayed_unassigned_shards" : 0,</b><br />
<b> "number_of_pending_tasks" : 0,</b><br />
<b> "number_of_in_flight_fetch" : 0</b><br />
<b></b><br />
<b>}</b><br />
<b><br /></b>
<b><br /></b>Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-284718807285146772015-08-26T03:54:00.002-07:002015-08-26T03:54:52.997-07:00Using S3cmd to list the ACL's of all the files in an S3 bucket<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-APO2UiFlqxU/Vd2admu8bUI/AAAAAAAAD0c/ycRSeQ17mG8/s1600/Amazon_S3_Bucket_Wide.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="177" src="http://4.bp.blogspot.com/-APO2UiFlqxU/Vd2admu8bUI/AAAAAAAAD0c/ycRSeQ17mG8/s320/Amazon_S3_Bucket_Wide.png" width="320" /></a></div>
<br />
In the absence of any replies from the S3cmd forum, I managed to use a command line hack to get the ACL status of all files in a bucket with this:<br />
<br />
I tried parsing the whole bucket with an "astrix" as an option , but that didn't work with version 1.0.1 or 1.0.5 of S3cmd.
<br />
<br />
<blockquote class="tr_bq">
<b>s3cmd -c ~/.s3cfg_uk2 ls s3://test-hubs/ | awk '{print $4}' | sed 's/s3\:\/\/test-hubs\///g' | xargs -I file s3cmd -c ~/.s3cfg_uk2 info s3://test-hubs/file </b></blockquote>
<br />
This is all on one line - and the xargs option is a capitol "i" and not an "el" as it appears here ;-)
If anyone can see how to refactor this to make it more efficient be my guest, but it works.<br />
<br />
Or indeed answer my original question with a snappy command line option to s3cmd ;-)<br />
<br />
<br />
If you want to see if there is "anyone" access to a file you will see "anon" as the ACL setting , so you can search on that if you want to look for globally available files - which is what I wanted to do.Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com1tag:blogger.com,1999:blog-6640903312017672982.post-38755714436945274902015-06-11T02:17:00.000-07:002015-06-11T02:18:47.547-07:00VM created by boot2docker init does not have DNS set up correctly - heres how to fix it<a href="http://2.bp.blogspot.com/-79huXaVwD3o/VXlRub4H-MI/AAAAAAAADyE/vmj816S93Vg/s1600/what_is_docker.png" imageanchor="1" ><img border="0" src="http://2.bp.blogspot.com/-79huXaVwD3o/VXlRub4H-MI/AAAAAAAADyE/vmj816S93Vg/s400/what_is_docker.png" /></a>
I came across this problem while setting up Docker on my OSX environment , and after searching the web , I found a method that works well, and cures the problem.
Basically once the Virtualbox VM is created you need to edit the network adapter drivers and set them to "PCNET-FAST III" instead of the paravirtualised drivers. You need to do both adapters, and then restart boot2docker.
You will notice that you get the correct settings now in your /etc/resolv.conf file.
This was annoying me, and meant I had to reset the settings in the above file everytime I start docker - which is not ideal.
Hope this saves you some time.Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-39419729566332570602015-04-03T02:52:00.002-07:002015-04-21T01:45:42.681-07:00Little trick I found helpful programming the DigitalOcean v2 API - create a new droplet<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-UcmWg3Ai950/VR5hk1MfVgI/AAAAAAAADwU/d30YG3-1WuI/s1600/digital-ocean.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-UcmWg3Ai950/VR5hk1MfVgI/AAAAAAAADwU/d30YG3-1WuI/s1600/digital-ocean.png" height="180" width="320" /></a></div>
<br />
<br />
While looking through several examples I found a few good links on how to create a new Virtual machine(VM) using the Ruby programming language, and the digital ocean gem they provide.<br />
<br />
They all however left off one important point out, that you have to specify the SSH key id number as part of the call to create a new VM.<br />
<br />
Without this last extra bit of the puzzle , you end up with a VM that is up and running, but you can't use your ssh keys to log into.<br />
- not ideal ;-)<br />
<br />
The ssh keys have to be specified as a ruby array, as you could want more than one ssh key associated with your VM's once they have been created - so here is an example - with the missing piece inserted. The token mentioned in this code segment - is your oauth token that you create when you set up your digital ocena account. You can set it up as an env variable - but I have not shown how to do this here.<br />
<br />
To start you need to install this gem into your Ruby environment<br />
<br />
<pre style="background-color: #f6f6f6; border-radius: 3px; box-sizing: border-box; font-family: monospace, serif; font-size: 14px; margin-bottom: 28px; overflow: auto !important; padding: 13px 17px; word-wrap: normal !important;"><code langs="" style="border-radius: 0px; color: #111111; font-family: monospace, serif; margin: 0px; padding: 0px;">gem install droplet_kit</code></pre>
<pre style="background-color: #f6f6f6; border-radius: 3px; box-sizing: border-box; font-family: monospace, serif; font-size: 14px; margin-bottom: 28px; overflow: auto !important; padding: 13px 17px; word-wrap: normal !important;"><code langs="" style="border-radius: 0px; color: #111111; font-family: monospace, serif; margin: 0px; padding: 0px;">
#!/usr/bin/ruby
require 'droplet_kit'
token=ENV['<span class="highlight" style="background: none; color: #de3939;">Oauth_key</span>']
client = DropletKit::Client.new(access_token: token)
droplet = DropletKit::Droplet.new(name: 'example.com', region: 'nyc3', size: '1gb', image: 'ubuntu-14-04-x64', <b>ssh_keys: [1234567]</b>)
client.droplets.create(droplet)
</code></pre>
<br />
<span style="font-family: Times, Times New Roman, serif;">The code is downloadable from Github gist link below.</span><br />
<span style="font-family: Times, Times New Roman, serif;"><br /></span>
<span style="font-family: Times, Times New Roman, serif;">You can find out the id number of your ssh keys with the following bash script , so that you know which id's to put into the array.</span><br />
<span style="font-family: Times, Times New Roman, serif;"><br /></span>
<br />
<div style="background-color: #f2f2f2; color: #333333; font-family: proxima-nova, sans-serif; font-size: 15px; margin-bottom: 17px; padding: 0px;">
<b>curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $TOKEN" "https://api.digitalocean.com/v2/account/keys" | jq "."</b></div>
<div style="background-color: #f2f2f2; color: #333333; font-family: proxima-nova, sans-serif; font-size: 15px; margin-bottom: 17px; padding: 0px;">
</div>
<br />
Where $TOKEN is you oAuth API v2 key.<br />
<br />
Hope this saves you time getting this up and running.<br />
<br />
Ref blog post and Github gist of the code:<br />
<a href="http://goo.gl/TfUOHy" target="_blank">How to use the DigitalOcean v2API</a><br />
<a href="https://gist.github.com/a2aa57f57262797462f9#file-gistfile1-rb">Github Gist of the code</a>Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-55126313056290375172014-08-31T03:39:00.000-07:002020-02-09T03:35:19.376-08:00Using Docker to run rtorrent to reduce your servers resource requirements<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-VN_Xdv4GEgw/VAL6-8vcwCI/AAAAAAAADFs/Nx7sYYJSBiM/s1600/docker2.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://4.bp.blogspot.com/-VN_Xdv4GEgw/VAL6-8vcwCI/AAAAAAAADFs/Nx7sYYJSBiM/s1600/docker2.jpeg" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
Let me state early and clearly , any one who thinks Docker is a new technology, knows nothing about IT and even less about virtualisation. So if some smartalec in your office starts spouting about this new technology, take them down a peg or two with a few links to Solaris containers, OpenVZ or LXC.<br />
<br />
What the Docker team have done extremely well, is make these ancient technologies very accessible and very easy to use, with a well defined tool set and API. This they must be highly praised for.<br />
<br />
In the words of Einstein however, they work on the shoulders of giants, who did a lot of the heavy lifting, and let us all not forget this.<br />
<br />
I have been using containers for years, and we worked on a very successful cloud at Nokia using OpenVZ, where we built our own tools.<br />
<br />
So I thought I would give Docker a spin on one of my cloud servers and just kick the tyres to start. I picked an application I use a lot for downloading Linux ISO's so it seemed a good choice. It was very straight forward indeed.<br />
<br />
The host operating system was CentOS 6.5 - which I'm growing less fond of as each week passes, as in the fast moving cloud space, Ubuntu is simply better. It was installed however, and I couldn't be bothered to change it. You need to enable the EPEL repository and install docker with <a href="http://goo.gl/TxJv36">yum</a>.<br />
<br />
I decided to download and use the userland tools of a Docker Ubuntu image - but whatever image you choose - the host kernel is the one that will be used. This is to do with the historically <a href="https://groups.google.com/forum/#!topic/docker-user/IDz4iQ15t0A">well thought out ABI</a> built into the Linux kernel that allows this all to work.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-pItt_ySQmQU/VAL00Seu_KI/AAAAAAAADFc/1lvBzLzsJ8k/s1600/Docker-image.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://2.bp.blogspot.com/-pItt_ySQmQU/VAL00Seu_KI/AAAAAAAADFc/1lvBzLzsJ8k/s1600/Docker-image.jpeg" /></a></div>
<br />
<br />
Once the image was retrieved from the Docker registry - I fired up a container with Ubuntu 14.04 tools and installed screen, rtorrent , vim and htop.<br />
<br />
I always run rtorrent with screen so I can just leave it running and come back to it when required. Also importantly - when starting your container use /bin/bash so you can have an interactive session with it to be able to go back and check your screen/rtorrent session. A command like the following will do.<br />
<br />
<b>docker run -i -t my-ubuntu-image /bin/bash</b><br />
<br />
Be care however when you want to exit this container , DON'T type exit but CTRL-p, CTRL-q , so everything keeps running and you can reattach to the container when you wish to check on progress.<br />
<br />
This uses significantly less resources than spinning up a KVM virtual image to do the same job, as it uses the resources of the host system that are already running.<br />
<br />
I have deliberately not put all the commands need to do this here , as the <a href="http://goo.gl/NJyrho">Docker documentation</a> is good and very clear, so duplication is pointless<br />
<br />
<br />
<br />
<br />Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-26790741995351079642014-07-19T01:12:00.001-07:002014-07-19T09:05:40.017-07:00Industries illogical use of Agencies in IT contractor procurement - a humorous musing<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-O9aV9tgkHJk/U8om_vFkrmI/AAAAAAAAC8o/k1a0khCwS0s/s1600/confused-businessman-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-O9aV9tgkHJk/U8om_vFkrmI/AAAAAAAAC8o/k1a0khCwS0s/s1600/confused-businessman-1.png" height="222" width="320" /></a></div>
<br />
<br />
I thought I would write a light hearted look at what I genuinely consider to be the most illogical waste of companies money, in paying the middle men. These middle men take anything from 10-30% off the top of other peoples work, for doing virtually nothing.<br />
<br />
Hiring IT managers know the sort of people they need, but instead of putting an advert directly on their web site or via aggregated sites like Jobserve, they employ the services of an agency. Here in lies the problem, as most agents have a strange and various past employment history and almost exclusively know next to nothing about complex IT systems. They may have heard of Windows if you're lucky, but start talking about Linux, Java, Ruby and Cloud Services and they start to glaze over<br />
<br />
So in an attempt to consider what might be going through an ex-RSPCA dog handlers mind when talking to an IT hiring manager - here is my stab.<br />
<br />
1) Agile - hmm so he wants the new guy to do yoga - probably a small office<br />
<br />
2) Puppet - ok that makes sense he can keep the kids happy with a show on "bring your kids to work day"<br />
<br />
3) Chef - good point , saves on kitchen staff as he can cook lunch while programming<br />
<br />
4) Java - well if he is making the lunch he might as well make the coffee as well.<br />
<br />
5)Tomcat - lion taming is a great skill, and could work well while the kids are in<br />
<br />
6) VMware - probably similar to Tupaware - but why he wants him to sell home goods is a bit odd<br />
<br />
7) Solaris - well green energy is in vogue - so sola panel knowledge could be handy<br />
<br />
8) Perl - Knowledge of jewellery is always handy - especially to please the bosses wife<br />
<br />
9) Ruby - Boy he really is into his Jewellery, I will have to check what they do for a business.<br />
<br />
10) Python - that is just odd, perhaps he keeps snakes in the office as pets. Hope they don't escape, could cause chaos with the Lion.<br />
<br />
This is obviously not an exhaustive list , and I could have been a lot harsher, but I hope it makes you smile like it does me when I see job adverts for Pearl developers - do they want me to polish gems for a living.<br />
<br />
<br />Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-38660927711472575812014-06-28T23:53:00.000-07:002014-06-28T23:53:10.397-07:00Is using email still relevant? Hell yes<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-X3S8K8KFcGU/U6-zlbR4e5I/AAAAAAAAC5g/v70cTFP-pCY/s1600/email+clipart.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-X3S8K8KFcGU/U6-zlbR4e5I/AAAAAAAAC5g/v70cTFP-pCY/s1600/email+clipart.png" height="229" width="320" /></a></div>
I have been working in IT long enough to remember many changes in technology usage. I can remember just missing out on having to use punch cards to get my programs loaded into the mainframe.<br />
<br />
So I can remember a time when people seriously did not think that email would or could be useful. I have actually worked in companies where the senior managers would get their secretaries to print out their emails and give them to them on paper. I can also vividly recall the many hours spent convincing these people of the benefit of email , and how it could save them time and money.<br />
<br />
If you look at the world today through your 21st Century eyes, you would probably find those sentiments cute, if not funny, however I'm beginning to hear statements in my technology reading about the post email era, and I really think this would be a bad thing for many busy people.<br />
<br />
I know we all get fed up with the spam we get, and the unsolicited contacts etc. but with a well set up email configuration, and not clicking on all those "send me updates" boxes, this can be controlled fairly easily. <br />
<br />
Now I'm not some techno Luddite arguing from the sidelines as your knowledge gets swept away with yesterdays chip papers, but from a very practical perspective. I have shifted to using the mobile technology paradigm like everyone else, and use Whatsapp, Facebook Chat, Twitter and Wechat as well as the next man, but they have a big drawback. They are all great tools and I can see a use for them going forward , no doubt. However on your mobile devices they demand your attention , and are constant interrupts to your busy day. They are like a nagging yappy dog , constantly demanding to get in your face. Yes you can turn them down or the notifications off , but you have just killed 9/10ths of the usefulness of them in the first place. They are either in your face , or why bother using them at all?<br />
<br />
The absolute beauty of email is it's asynchronous nature, and you can choose the time and place that you wish to read or respond to what has arrived in your inbox. It has also got thirty years of tooling development surrounding it, so finding and dealing with issues that took place a year ago is a breeze. Try doing that with Whatsapp - good luck with that.<br />
<br />
Skype does a better job than most for recording what you have been up to with conversations, but it is still time limited. You can literally search you email threads from the day you opened your account, which has saved my bacon on more than one occasion.<br />
<br />
I think the tricks to using email wisely are to be ruthless on your inbox, make sure you have a sensible structure with the folders/tags of the email you wish to keep and constantly look to help your spam engine to get rid of rubbish. <br />
<br />
I'm sure email will be replaced at some point with probably more human friendly methods of communication , like video or on-the-fly video conversation recording. The main issue there will be the extremely complex nature of search, not a trivial issue with video. Lets hope the worlds computer scientists are on the case as I type ;-)Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-6675643954270995012014-04-30T07:13:00.000-07:002014-04-30T07:13:27.191-07:00Problem loading/starting a KVM virtual machine on a CentOS 6.5 host that has SELINUX disabled <div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-PgHm4lIbXrw/U2ED8M2EasI/AAAAAAAABJE/epvUw9T0024/s1600/KVM_Overview.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-PgHm4lIbXrw/U2ED8M2EasI/AAAAAAAABJE/epvUw9T0024/s1600/KVM_Overview.jpg" height="218" width="320" /></a></div>
<br />
If you have recently built a KVM host for all your virtual machines and left SELINUX enabled, then all will be well, but what happens when you turn that setting off. Well you will end up with VM's that won't load with the error message<br />
<br />
<b>error: Failed to start domain Ubuntu1404<br />error: unsupported configuration: Unable to find security driver for label selinux</b><br />
<br />
It is easy to fix , use the following command and just remove the seclabel section on the virtual machine domain XML - <b>virsh edit Ubuntu1404</b><br />
<br />
<pre style="background-color: #eeeeee; border: 1px dashed #999999; color: black; font-family: Andale Mono, Lucida Console, Monaco, fixed, monospace; font-size: 12px; line-height: 14px; overflow: auto; padding: 5px; width: 100%;"><code># virsh edit Ubuntu1404
...
<;seclabel type='dynamic' model='selinux' relabel='yes'>;
<label>system_u:system_r:svirt_t:s0:c95,c664</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c95,c664</imagelabel>
</seclabel> </code></pre>
<br />
Once you have done that, the domains will load as normal.<br />
<br />
Make sure if you have backup's of the domain XML, they are also changed, as I have found that they will over write the domain if your not careful<br />
<br />
Check in /etc/libvirt/qemu to make sure the changes have happen, and the XML has been updated.Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-27884988319647549482014-04-03T04:33:00.000-07:002014-04-03T04:33:23.002-07:00Fixing a problem with VMware vcloud when putting a Virtual Machine back into the cloud Catalog<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-ojxbdvdwa_c/Uz1Gq3zcKpI/AAAAAAAABIk/MwOo86a_t_U/s1600/vmw-dgrm-vcloud-connector-one-cloud-lg.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-ojxbdvdwa_c/Uz1Gq3zcKpI/AAAAAAAABIk/MwOo86a_t_U/s1600/vmw-dgrm-vcloud-connector-one-cloud-lg.jpg" height="240" width="320" /></a></div>
<br />
<br />
<br />
If you use vcloud, then I'm sure you have pushed fully patched and configured virtual machines back into the catalog as gold masters many times. If you have customised scripts, then you may or may not have come across this problem.<br />
<br />
However yesterday, I came across a problem where the custom script settings within vcloud version 5.5 were not working, and the init scripts were not be run when you created a new vapp. This is a setting that tells the VM, if they have been run or not<br />
<br />
It turns out the code for pushing VM's back into the catalog was not resetting the static file needed, to tell the init scripts to run correctly. If you look in .customisation in roots home directory, you can see the file it is looking for.<br />
<br />
So , the work around - after much digging around in the code to find the file that VMware tools were looking for - is as follows<br />
<br />
On a Linux system just type the following.<br />
<br />
<h4>
<b>touch /.guest-customisation-post-reboot-pending</b></h4>
<br />
Once this file is in place, shutdown your VM, copy it back to the catalog, and all will be fine on the next start - it will run your desired init scripts as you wanted in the first place ;-)<br />
<br />
Hope this saves you some time.Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-61981255933618116182014-03-12T08:51:00.001-07:002014-03-12T08:51:14.246-07:00Setting up Adobe Flash with Wine and Windows Firefox on Linux - all to get VMware vSphere working in a browser<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-jhp_WBDIMRo/UyCAopKSFAI/AAAAAAAABH4/5IB21K0zmLk/s1600/adobe.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-jhp_WBDIMRo/UyCAopKSFAI/AAAAAAAABH4/5IB21K0zmLk/s1600/adobe.jpeg" /></a></div>
<br />
<br />
<br />
As I regularly need to use vmware software for a lot of cloud implementations , it has become more of a pain to keep switching to a virtual machine just to allow me to use a later version of Flash, that Adobe no longer supports in Linux. This is because VMware in their wisdom have decided that the web version of vSPhere management will only work with Flash version 11.5 and above.<br />
<br />
So I decide today to do something about it, and make it easier.<br />
<br />
Here are the steps to get it working.<br />
<br />
1) Install wine from your Distros repos - or download the latest from WineHQ<br />
<br />
2) If you are behind a proxy make sure you have http_proxy set - if this doesn't work then use this util to set the proxy in Wine - Proxycfg.exe - links at bottom<br />
e.g. wine Proxycfg.exe -p http://myproxy-server.co.uk:8080 <br />
<br />
3) Download and install a Windows version of Firefox from the link below<br />
e.g. chmod u+x Firefox Setup 27.0.1.exe ; wine Firefox Setup 27.0.1.exe<br />
<br />
4) Download the version of Adobe flash I point to in the links - don't go to the Adobe page it doesn't work for me.<br />
<br />
5) Run the command "wine install_adobe_flash_11_plugin.exe" and just follow the instructions.<br />
<br />
6) Start up firefox with wine, and heh presto you can now connect to the vSphere console, and go to other Adobe sites if you like.<br />
<br />
Hope this saves people time when trying to do the same.<br />
<br />
<a href="http://download.cdn.mozilla.net/pub/mozilla.org/firefox/releases/27.0.1/win32/en-GB/">Latest stable Windows version of Firefox</a><br />
<br />
<a href="http://www.postcodeanywhere.co.uk/support/useful-downloads.aspx">Copy of the Proxycfg.exe file for configuring wines proxy settings</a><br />
<br />
<a href="http://www.neowin.net/news/adobe-flash-player-115502149">The version of Adobe Flash I found to work with Ubuntu 12.04 - wine version 1.4</a><br />
<br />
<a href="http://wiki.winehq.org/FAQ#head-d582e2a4e92f4d8ae6c3401daebd7d5621eb220f">Wine help on how to use Proxycfg.exe - search page for proxy</a>Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com1tag:blogger.com,1999:blog-6640903312017672982.post-8455038925757367572014-02-12T02:47:00.000-08:002014-02-12T02:47:31.539-08:00A quick post on how to get Ubuntu 14.04 graphics working with Virtualbox 3.6 with Ubuntu 12.04<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-Zd61FrQJ-z0/UvtQytZTwKI/AAAAAAAABHU/bXI8UpB8wKA/s1600/virtualbox.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-Zd61FrQJ-z0/UvtQytZTwKI/AAAAAAAABHU/bXI8UpB8wKA/s1600/virtualbox.jpg" /></a></div>
<br />
This post is going to be short and to the point.<br />
<br />
The title is a mouthful I know, but it does describe the problem.<br />
<br />
Like all users of Virtualization I like the ability to look at the future and the past of operating systems, but with this combination it was proving problematic.<br />
<br />
Basically the screen resolution was dreadful after installing the Virtualbox tools on the Ubuntu 14.04 guest, and something needed to be done.<br />
<br />
I trawled the web and found the following commands that should be run in the guest 14.04 virtual machine, and you then get graphic resolutions you can work with for testing.<br />
<br />
Here they are.<br />
<br />
<br />
<div style="border: 0px; font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 1.428571em; margin-bottom: 0.714285em; padding: 0px;">
sudo apt-get update<br />
sudo apt-get upgrade<br />
sudo apt-get install linux-headers-$(uname -r)</div>
<div style="border: 0px; font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 1.428571em; margin-bottom: 0.714285em; padding: 0px;">
sudo apt-get install dkms build-essential</div>
<div style="border: 0px; font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 1.428571em; margin-bottom: 0.714285em; padding: 0px;">
<span style="font-family: Ubuntu; font-size: small; line-height: normal;">Then mount the install CD image for the Virtualbox tools and install them.</span></div>
<div style="border: 0px; font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 1.428571em; margin-bottom: 0.714285em; padding: 0px;">
cd /media/nick/VBOXADDITIONS_4.3.6_91406/<br />
sudo ./VBoxLinuxAdditions.run<br />
<br clear="none" />
sudo apt-get install virtualbox-guest-x11</div>
<div style="border: 0px; font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 1.428571em; margin-bottom: 0.714285em; padding: 0px;">
<br /></div>
<div style="border: 0px; font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 1.428571em; margin-bottom: 0.714285em; padding: 0px;">
<span style="font-family: Ubuntu; font-size: small; line-height: normal;">Then, once this is done you will have decent screen resolutions.</span></div>
<div style="border: 0px; font-family: Helvetica, Arial, 'Droid Sans', sans-serif; font-size: 14px; line-height: 1.428571em; margin-bottom: 0.714285em; padding: 0px;">
<span style="font-family: Ubuntu; font-size: small; line-height: normal;">Hope this saves you some time and effort.</span></div>
<br />Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-24064398715271104832013-04-09T03:44:00.002-07:002013-04-09T03:44:45.366-07:00Using an External Node Classifier in a masterless configuration with Puppet<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-1vDQ5EiJLa0/UWPr6G4q6dI/AAAAAAAAAeI/tEZl5bZWR_U/s1600/puppet.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-1vDQ5EiJLa0/UWPr6G4q6dI/AAAAAAAAAeI/tEZl5bZWR_U/s1600/puppet.jpg" /></a></div>
<br />
I use standalone puppet a lot for managing my own machines and cloud servers, but the site.pp file was starting to grow large and it became obvious the solution was to use an external node classifier or ENC.<br />
<br />
There is lots of documentation on the web on how to do this with a puppet master/ agent configuration, but nothing I could find on how to do this.<br />
<br />
The key change is where you specify the change of node class information in the puppet.conf file. If you follow the puppetlabs documents , it won't work. If however you put the new ENC definition into the [main] section , it works just fine. Only a minor change , but it will not work unless you do.<br />
<br />
The code you need looks like this:<br />
<br />
<br />
<b>node_terminus = exec</b><br />
<b>external_nodes = /usr/local/bin/node_classifier.py</b><br />
<b><br /></b>
The node classifier can be whatever you want, but I used python just to get it up and running quickly for testing.<br />
<br />
<br />
I hope this saves someone hours of hunting around to get this sorted.<br />
<br />
During my research , I have also found that it should be possible in the latest releases to use Hiera as your ENC to generate the YAML required. Next on my list to try.<br />
<br />
<a href="http://docs.puppetlabs.com/guides/external_nodes.html">Link to Puppet Labs ENC documentation</a><br />
<br />
<a href="http://www.garyhetzel.com/2012/04/12/hiera_as_a_puppet_enc">Using Hiera as your ENC</a>Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-47622969080104206432013-04-07T03:37:00.001-07:002013-04-08T05:49:36.712-07:00Apple computing can change the end user computer landscape for ever.<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-46PrG_06nrU/UWFGHSgIwlI/AAAAAAAAAd4/U6PQhJBInwk/s1600/apple-computing-image.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-46PrG_06nrU/UWFGHSgIwlI/AAAAAAAAAd4/U6PQhJBInwk/s1600/apple-computing-image.jpg" /></a></div>
<br />
<br />
As a long time computer professional, I have lived and worked through the mainframe, mini computer , LAN based and now cloud computer eras. I have seen them all, large and small, and the changes that have affected our industry, which does love to evolve, sometimes rapidly. It also tends to have very painful outcomes for the incumbents - just ask IBM about OS/2.<br />
<br />
There is absolutely no doubt we are living through one of these large changes at the moment and it is coming in several forms , that all point to a post-PC era - reference below. This blog post is being typed on a Google Chomebook from Samsung, and a lot of the research for the article was done using my iPad and Google Nexus 4 phone. No PC involved at all. I fully accept that I embrace technologies faster than most, but I never jump to join technologies and think carefully before I act. So if you are reading this on your trusty old PC with windows XP installed , then bear with me, you will get to this future faster than you think.<br />
<br />
Apple really did push a large boulder over a cliff when they introduced the iPhone, intentionally or not they really did change the industry. Google could see the wisdom in this move and jumped on the bandwagon and built its' own operating system and infrastructure to compete, Microsoft did nothing but release another tired old version of Windows phone which crashed horribly.<br />
<br />
At the same time Amazon introduced the world to the concept of cloud computing for the enterprise, which was first seen as a curiosity, but is now in any good CTO's strategic planning as the way forward. Google also saw this as an opportunity and introduced fairly quickly the concept of their cloud applications, and Dropbox showed the way for cloud storage. Microsoft was not so badly placed here, but really did not execute on its' good start with Hotmail, and basically seemed to do nothing, until this year when they released Office365 - years behind its' competitors. Its' cloud offering is not that amazing or different , but does offer some good features.<br />
<br />
Microsoft have always been strong on the desktop, which they have owned for a decade, but with another badly received release with Windows 8 in all its' forms, it is currently very vulnerable PC sales are dropping off dramatically while tablet and smartphone sales are booming. Microsoft is very badly positioned in both these markets and that is where the end user industry is heading. They will be fine in the corporate landscape for many years to come on the server side, but the desktop will change. The cloud means you can use anything as a client access device. Why pay $500 dollars per employee device when you can pay $200 - simple economics. Even better encourage your staff to bring their own - BYOD - even cheaper. If you are paying $100-$200 for a client device - why would you spend $200 on Microsoft office, when most apps are $5 for you Apple or free from Google?<br />
<br />
Another cash cow slaughtered.<br />
<br />
If Apple wished to grab this once-in-a-generation opportunity all they need to do is have a re-think about prices and product ranges, and simply introduce a budget range - nothing smarter than that. Google are already trying with their Chromebook, but they are not for everyone. They are having a lot more success with their Android smartphones - just see the sales figures and all the very cheap Chinese clones. If Apple were to partner with HTC,Asus or Dell and bring out a budget range of laptops, tablets and smartphones - cheap iPhone is already rumoured - just think how disruptive this would be. Google would have a real fight on its' hands and the competition would be fierce. Microsoft, and in truth a lot of other players would be next to pointless. Their tiny share in the smartphone market would evaporate and the their tablets which are already dying on their feet would disappear. They would become significantly less relevant in the new era, and we would at last have two decent competitors.<br />
<br />
This would mean Apple going against a lot of its' historical DNA, and it has always sworn they would not do this, but this strategy is what nearly bankrupted them in the 1990's. They need to be very careful about how they proceed from here. Google is now their main competitor, and not just for devices but for the cloud experience that they are offering to their customers, and Google is a lot more open, and offers most of its' products for free.<br />
<br />
I personally hope they do, as we have seen significantly more innovation since Apple and Google really got stuck in, as Microsoft had become stale. Internet explorer was a prime example. Once Mozilla, Google and Apple started to innovate IE became a much smaller player in the field.<br />
<br />
Here is a link I read recently on the topic, but there are literally hundreds of other examples - just Google it ;-)<br />
<br />
<a href="http://goo.gl/bdHbC">Research from Gartner on post PC era</a><br />
<br />
<br />
<br />
<br />Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-24808400619237760962013-04-05T03:53:00.001-07:002013-04-05T03:53:56.092-07:00Using an encrypted git repository on Dropbox to store my puppet code in the Cloud.<div class="separator" style="clear: both; text-align: left;">
<a href="http://3.bp.blogspot.com/-sqNdDJe3okE/UV6aExJh3fI/AAAAAAAAAdo/VTEOgcL5daQ/s1600/xps_wizardciphers.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="http://3.bp.blogspot.com/-sqNdDJe3okE/UV6aExJh3fI/AAAAAAAAAdo/VTEOgcL5daQ/s320/xps_wizardciphers.png" width="320" /></a></div>
<br />
Today, most technologists have said they love the cloud storage paradigm and to have files and configs at their finger tips , no matter where they are , or how they access them.<br />
<br />
Dropbox was arguably the first, easiest and globally available cloud storage solution out their, and it's the one I continue to use today. Like all cloud solutions - apart from owncloud - they have one drawback, who else can look at your files? This tends to make users suspicious and cautious about what they are prepared to store in the cloud, me too. As I control various ssh keys with my puppet code, I certainly don't want people having access to these.<br />
<br />
So the solution I found was <a href="http://www.truecrypt.org/">Truecrypt</a> - a great open source project that allows you to create encrypted volumes that you can mount on all popular operating systems, including Linux, OSX and Microsoft. As I use all three of these systems at various times, it gives me great coverage. In the post PC era, it would be nice to see IOS and Android versions available in the future, but in all honesty I have not seen a real need yet.<br />
<br />
My purposes only required a small amount of space, as code does not generally take up too much room, so I only made it 10MB. Your mileage may vary of course. There are good tutorials on the Truecrypt web site, and if you like what you see, then please donate to the project.<br />
<br />
Once Truecrypt has been installed , created your volume and you have mounted it , you can now create your git repository using standard git commands like so:<br />
<br />
<b>git init --bare project.git</b><br />
<b><br /></b>
You can then take the project you have been working on your local hard drive, and commit it to your new git repo, like so<br />
<br />
<b>git remote add origin /media/truecrypt1/git/project.git</b><br />
<b>git push -u origin master</b><br />
<b><br /></b>
That's all there is too it, so now I have my puppet git repository where ever I go, and I can very quickly bring a machine up to my requirements with all the settings and packages I need to get work done with puppet and a few git commands. It literally saves hours of time, and I can rest easy in the knowledge it is safe in the cloud.<br />
<br />
You can obviously use Truecrypt for storing all sorts of other things in the cloud, as I do. If you want to make sure only you can see sensitive data then this a good way to go.Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0tag:blogger.com,1999:blog-6640903312017672982.post-74489829340197580282012-11-28T03:54:00.003-08:002012-11-28T03:54:29.161-08:00Is BYOD the real reason Microsoft has gone out of style?<a href="http://1.bp.blogspot.com/-fE50277eoGA/ULX4hBjBRoI/AAAAAAAAAck/KoyoLRLOf0E/s1600/byod-image.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-fE50277eoGA/ULX4hBjBRoI/AAAAAAAAAck/KoyoLRLOf0E/s1600/byod-image.jpg" /></a>There is no doubt about it , the younger digital natives think Microsoft is the company of their parents, the tool they used for work and it's boring and out dated. This reasoning has taken a long time to come about, but with Apple ,Google and Linux constantly chipping away at the thinking that you need Microsoft to do anything it has finally taken hold, and I think for Redmond it is going to get a lot worse.<br />
<br />
You don't have to look far to see the signs of this , with young people using smartphones far more often than they use any other form of IT device. When they do turn to a laptop, they would prefer to use an Apple or Tablet than anything else. Windows 8 has not been the huge success it was supposed to be, and the Windows 8 Phone has been a complete flop plus the ARM based tablet has been slow to sell. To be honest , in a group of young people you will never see one in action, perhaps just the older IT users. That is part of the problem Microsoft is now seen as the old peoples platform , it's not what younger people want.<br />
<br />
Now with the introduction of Bring Your Own Device - BYOD - into the corporate environment, Microsoft has never seen such pressure. People want to use their iPhone and Android phones to access the company data, and their tablets need to work too. They are far more likely to own an Apple, and these need to access the company network and data too. In the past they were given whatever the company wanted, normally with Microsoft , and they just used it. This is now not the case in a lot of cases, so people will not be forced to use anything they don't like.<br />
<br />
An increasing large number of people are getting there work done, with the iPhone, iPad, Galaxy S III Android phone. I happily use Ubuntu Linux on the desktop, an iPad and an Android phone , with no Microsoft in sight. This is partly due to the switch to cloud based applications and the market dominance now of Google Chrome and Firefox. These are desktop platform neutral so you can run them on virtually anything. The availability of good apps on the other platforms that let you get work done has also increased, and will continue to become more compelling.<br />
<br />
Some analysts are calling this the post PC era, and I can see for a large part of the population that is now true, and will increase. New tablet devices arrive almost daily from India and China at ever reduced prices, and Google is bringing the price of laptops down to rock bottom prices with Google Chromebooks. Smartphones are getting bigger screens and more powerful with each iteration, I can see docking stations for these devices becoming more popular.<br />
<br />
The future will be different to what we have known in IT, and Microsoft will be playing a significantly reduced role in it. This is great, as I have never liked their monopoly , and active competition is good for the consumer.<br />
<br />
<br />
<br />
<br />
<br />
<br />Codfatherhttp://www.blogger.com/profile/08154105349733694376noreply@blogger.com0