Free DNS provides easy shared DNS hosting & URL forwarding

Wednesday, July 2, 2014

Starting Skype in invisible mode

I recently installed Audio Recorder which has a very cool feature: to automatically start recording Skype calls. So that I don't waste time or forget about it, I set Audio Recorder to automatically start when I log in. There is one downside: when Audio Recorder starts, it automatically starts Skype, which starts with its last online status. This is very annoying, as it shows me online in Skype right away I log in Ubuntu, even if I don't want to be online or I don't want to be visible.

After googleing a bit, I run into this Skype forum thread of users complaining about this feature (or lack of feature to set startup status). One of the posts explains how to manually change the SQLite database that Skype uses for accounts. I tested that and worked great so in order to integrate this into Audio Recorder, I wrote the following bash script located saved as ~/bin/skype:

#!/bin/bash
sqlite3 ~/.Skype/YOURSKYPEIDHERE/main.db 'UPDATE Accounts SET set_availability=6'
/usr/bin/skype $*

Note that ~/bin/skype has to be executable and ~/bin/ has to come in $PATH before /usr/bin for this to work.

Thursday, April 17, 2014

Udev tricks - How to toggle built-in wi-fi on/off

My Toshiba Satellite laptop has a RTL8192CE built-in wifi, which is a total joke. It only works if I'm within a few meters range of the router and without any big obstacles between. For example, if I'm in my home office I can't even use the router that is in the next room. All other devices in our house can connect and mark it as strong signal. If by any luck my laptop manages to connect, the connection is unusable, with network speeds of less than 1Mb/s and most of the packages failing their CRC checksum.

I googled and test various solutions. None of them worked. I found many others which have same problem. Different OSes, different laptop models, same card type, same problem. After loosing (in total) more than 3 days on this, I decided it's just not worth it and bought and Atheros external USB wifi dongle (model TL-WN721N). It works perfectly and without any problems.

The problem I had now is that when I plug the USB wifi, Network Manager in Ubuntu clutters its menu and dialog boxes with various options to select which wifi card to use. For example, when I want to connect to a hidden network, it asked me to select which card to use for connection. It also used to keep trying to reconnect to the home network on the faulty card (but that I fixed by deleting Wi-fi network settings). This is annoying and overall makes me waste a lot of time. Therefore, I read udev man pages to find out how can I disable the built-in wifi whenever I plug in the USB one. Eventually I came up with these rules:

SUBSYSTEM=="net", ACTION=="add", ENV{INTERFACE}=="wlan1", RUN+="/sbin/rmmod rtl8192ce"
SUBSYSTEM=="net", ACTION=="remove", ENV{INTERFACE}=="wlan1", RUN+="/sbin/modprobe --quiet rtl8192ce"

The major time waster was ENV{INTERFACE}=="wlan1" because NAME=="wlan1" works on add event, but not on remove. I also lost some valueable time trying to get it work with INTERFACE=="wlan1", before I actually understood that INTERFACE is not a property.

These rules go under: /etc/udev/rules.d/99-disable-builtin-wlan.rules.

Later on, I decided to do something similar for the built-in soundcard (for similar reasons). It took me some time to find out the proper commands to disabled it. First I tried to remove its modules (like i did with the wifi), but that option failed because they were always in use by PulseAudio. So I started to look into PulseAudio options. I found the pactl (and pacmd) which seemed to do what I needed. It took another 30 minutes of testing to find out how to use them for this task and another 15 minutes to find out that they don't work as root, but should be run as the current user. After that, writing the udev rules was a piece of cake:

SUBSYSTEM=="sound", ACTION=="add", ENV{ID_TYPE}=="audio", RUN+="/bin/su abautu -c '/usr/bin/pactl set-card-profile alsa_card.pci-0000_00_1b.0 off'"
SUBSYSTEM=="sound", ACTION=="remove", ENV{ID_TYPE}=="audio", RUN+="/bin/su abautu -c '/usr/bin/pactl set-card-profile alsa_card.pci-0000_00_1b.0 output:analog-stereo+input:analog-stereo'"

Note that you need to replace "su abautu" with your own username or it won't work.

Thursday, January 30, 2014

How to create ASCII armored signatures/encrypted files with Seahorse plugin

Recently I played looked into various Linux (Ubuntu) software that can digitally sign documents. After testing various software (open source and proprietary) and various signature options, I decided that Ubuntu's Seahorse best fits my needs. After installing the seahorse-plugins package, I was thrilled with the results with respect to flexibility, ease of use, and end results.
Only one thing was bugging me: when signing (or encrypting) a file, the result file was in binary format. It worked fine, but I just felt that an ASCII armored file would be better (for me). I tried to find some UI option to change that, but I didn't. I googled for this feature, but found nothing interesting (except for requests/forum posts of other people asking about this feature). In the end, I decided to download the source code and see how it works. After 15 minutes of searching through code, I found out what I needed. It's really easy.
To create ASCII armored signatures/encrypted files with Seahorse plugin (in Nautilus) I followed these steps:
1. open gconf-editor
2. navigate to /desktop/pgp/ascii_armor
3. enable the ascii_armor option
Once I found out what the option name was, googleing exactly that got me to this page: https://wiki.gnome.org/Apps/Seahorse/SpecialGconfKeys

Saturday, November 9, 2013

Openssl - setting up a custom CA certificate, requesting and approving certificates with Subject Alternative Name (SAN)

I spent last couple of hours reading web resources, man pages and config files to get what I need: a custom CA setup that allows me to sign certificate request which include Subject Alternative Name (SAN) extensions.

Setup custom CA certificate

I started with the Ubuntu certificates guide. It explains how to setup the custom CA. I used the instructions in there, but I decided to use the default Ubuntu CA setup (which used /etc/ssl/demoCA directory).
First I edited /etc/ssl/openssl.cnf. In the CA_default section:
- I changed dir = ./demoCA to dir = /etc/ssl/demoCA (this is so that I can run openssl ca from any directory without entering full paths)
- I uncommented copy_extensions = copy  (this is required so that I can include in certificates SANs from their certificate requests)

In the req section:
- I uncommented req_extensions = v3_req

In the v3_req section
- I added subjectAltName = $ENV::subjectAltName so that I can pass SAN content via environmental variables (I found this trick somewhere on the internet, in order to avoid writing them in config files).


Finally I ran following commands to create the required files:
sudo mkdir /etc/ssl/demoCA
cd /etc/ssl/demoCA
sudo sh -c "echo '01' > serial"
sudo touch index.txt
sudo mkdir private newcerts
sudo chown 700 private newcerts
sudo openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 3650 -newkey rsa:2048

Create a certificate with SAN

As indicated in the Ubuntu docs (and lots of other places):
openssl genrsa -des3 -out server.key 2048
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
env 'subjectAltName=DNS:testbox.local' openssl req -reqexts v3_req -new -key server.key -out server.csr
openssl req -in server.csr -noout -text
sudo env 'subjectAltName=DNS:testbox.local' openssl ca -in server.csr 
The signed certificate will be saved in /etc/ssl/demoCA/newcerts/.