Hackviking He killed Chuck Norris, he ruled dancing so he took up a new hobby…

10Aug/168

Unable to delete file: System cannot find the file specified

Running hybrid systems spanning from windows to different flavors of Linux sometimes present you with interesting behavior. One that I have faced every now and then is files that you can't delete due to special characters in the filename. They do show up in the file explorer but when you try to delete them you get "Item not find" or similar error. Seen a lot of different solutions online with third party software and other complex solutions but there is two simple "built-in" ways to deal with this in windows.

dir /x method

Open up a cmd window and navigate to the folder in question. Run a simple dir /x command and it will list the files with the non-8dot3 short names. Then you can just go del {non-8.3-filename} and you will get rid of the file.

rd /s "\\?\c:\temp" method

Not all files generate the non-8dot3 name for some reason, don't ask me why - didn't dig that deep. For this there is a solution as well. In this scenario make sure that the files you want to get rid of are the only one/ones in the directory and run rd /s "\\?\C:\folder\containing\problem\file". This command will remove all the files and the directory as well.

9Aug/162

Front-end Demos on Github

I really like both JSFiddle and Plunker but they come with limitations. To counteract cross site scripting issues and other security concerns they sandbox the code with iFrames and similar methods. That is just fine when you do simple examples of front-end implementations. I actually managed to implement a connection to Google oAuth ina JSFiddle but it was hard and requires several re-loads of the page before the user actually get anywhere. Plunker suffer from similar limitations but is much better for larger demos since you can split the code into several files. I also like their editor better.

For more complex demos that implement oAuth, requiring post-backs or other more advanced features I'm now using the Github.io pages. Simply put the service allows static pages, which is great for JavaScript demos, to be served straight from a Github repository!

First you setup a repository named {githubusername}.github.io and check in whatever HTML, CSS and JavaScript content you'd like to run. This will be accessible via the {githubusername}.github.io web address. It has support for SSL (HTTPS) as well as custom domain names. If you use a custom domain name you will not be able to use SSL at this time. I have seen workarounds with CDN solutions like CloudFlare but I haven't tested it my self yet.

For any other repository you create you can commit files to a branch named "gh-pages" and they will be served at {githubusername}.github.io/{repositoryname}. In my case I put a "front page" in my {githubusername}.github.io repository linking other demos but you could actually build a complete blog in that space if you like. So far I have only scratched the surface of what can be done with this but there are a lot of information out there. At the bottom of this post there is a link to some more information to get you started.

The reason I ended up with this solution was due to JSFiddle/Plunker implementation complexity for my latest demo. When I moved to the US from Sweden my phone took care of my phone numbers missing country code and allowed me to dial them as +46. When I used Skype to dial them it just got the original number entered in the phone without country code. One big difference between the dial screen in Skype and the phone is that you can't edit the phone number in Skype. You have to delete the whole thing and type it in with country code and then the number. Since I sync my phone with Google Contacts I figured I'll use their API and a E164 (country code + phone number) javascript library to update all contacts in my address book.

Since the code use for my self was a bit of a one of, I now type in new numbers with country code, I thought I'll make a functioning demo out of the code. If people want to use it to correct their own address book they can. At the same time it's a complete Google oAuth, API implementation demo written in AngularJS.

E164 formatter demo: https://kallsbo.github.io/gcontactse164/
G
ithub demos: https://kallsbo.github.io

More info on Github pages: https://pages.github.com/

In the menu above you will find links to my demos on JSFiddle, Plunker and Github.

14Jun/160

Control Kodi with your TV-remote without CEC

HDMI-CEC is a wonderful thing when you have it! It enables your TV to relay control signals over the HDMI cable which gives you the ability to control your Kodi mediaplayer, or similar device, with your TV remote. Unfortunately not all TV's support this and that leaves you with a few options with disadvantages.

The smart phone apps available for controlling Kodi are good, no question about it. But every time I put on my TV I need to find my smartphone or tablet and make sure I'm on the correct wifi. Call me old fashioned but I like the TV as a semi stand alone device if you know what I mean.

Secondary remotes come in a number of different types. There are the regular IR based once that require additional hardware, if you don't have IR reception on your device. Since all my Kodi boxes are Raspberry Pi based I need additional hardware. There is also stand alone remotes connected to wifi ro Bluetooth which are pretty good but expensive. As soon as your dog, child or other semi destructive member of your household get their hands on it will be broken or gone.

As I mentioned before you need additional hardware on the Raspberry Pi to support a remote control unless it's communicating over the HDMI port. I also want a cheap solution that I can easily replace if damaged or lost. And if possible I don't want a second remote control for my TV setup. Here comes Flirc and saves the day!

Flirc is a programmable USB IR-receiver that can be used with any remote control! It even has a profile for Kodi in it's setup application. It's usually recommended for Kodi users in combination with a standard Apple TV remote. Even if I like the Apple TV remote it's still a second remote. There are a number of unused buttons on any TV remote that can be programmed into the Flirc. In my case I realized that the up, down, right and left keys on my TV remote, that are crucial for Kodi operations, where unused while not in the menu system of my TV. If I tried to use them without the menu open there where no response from the TV at all.

The setup of the Flirc is really easy! Just connect it to your computer and download the software, select the profile and then program the buttons you want. Then just unplug it and connect it to your Kodi box. It is also very sensitive for IR-signals, all my Raspberry Pi's are strapped to the back of my TV furniture but thanks to my white walls the IR-signal bounces in there and are picked up without any problem.

It's currently priced under $23 on Amazon and really worth it. It can be used with any remote and you can replace your TV set and just reprogram it if needed.

 

13Jun/161

WinSCP: SFTP – FTP over SSH

It was a while since I did a tool post and I realize that many people doesn't know about WinSCP or even SFTP, FTP over SSH. I use it all the time to quickly transfer files to Linux based boxes like Raspberry Pi or my Amazon Web Services VPS machines. As long as you have SSH access you can use WinSCP to transfer files. You can set it up to use sudo and make every part of the file system writable but I wouldn't recommend it, it's easy to make a mistake that destroys your system - especially if your working with remote systems. By default WinSCP, or other SFTP clients, end up in the logged in users home directory. If you then need the files anywhere else on the system you can use an SSH client, like Putty, to move the files to the correct location later.

winscp

12Jun/162

Raspbian Jessie: Set a static IP-address

For many of my projects on the Raspberry Pi a static, or fixed, IP-address has been needed. Here is a quick tutorial on how to set it up. This is aimed for SSH users who have no GUI on there Pi. Before you configured this by editing the network interfaces config file but not any more. Raspbian Jessie comes with dhcpcd5 by default and you can uninstall it it's just easier to append to it's configuration. Start by opening it's configuration.

sudo nano /etc/dhcpcd.conf

dhcpcd.conf

At the end of this line you can add a static IP-address configuration. Here is an example:

#static ip
interface eth0
static ip_address=192.168.0.3/24
static routers=192.168.0.1
static domain_name_servers=8.8.8.8 8.8.4.4

First we specify the interface eth0 then all options follows with the prefix static. Ip address is specified with subnet, /24 is the equivalent of a subnet mask of 255.255.255.0. We also specify the networks default gateway for all traffic that will leave the network. In most cases this is your router for home built projects. We also need some DNS servers so we can use FQDN instead of just ip addresses when we communicate. In this example I have used the two Google DNS servers.

3Jun/160

HifiBerry Dac on Raspberry Pi OpenElec Kodi

Have been experiencing static noise from the analog output on my Raspberry Pi for some time. Tested several different power sources and it came to a point where I wasn't sure if the noise has always been present or not. In the end I got a HifiBerry Dac+ and some decent cables and the issue went away. The installation was really easy and well documented in the HifiBerry Knowledge base. In the video above you can see the difference, I very much recommend this!

20May/160

BtSync: Refuses to connect to any peers

Have a few ARM based nodes running BitTorrent Sync (btsync) and needed to re-install one of them. Trying to remove it I ended up with my main node (owner) for all my folders to stop connecting to peers or accepting incoming connections. Took me a while to figure out a solution and I couldn't find much about it on the forums or when I googled so I thought I'll share this quick story.

Background

This applies, in my case at least, to the distribution installed via apt-get from YeaSoft. After reading a forum thread about how to remove old and abandoned peers I decided to set the peer_expiration_days setting to 0 to clean the old peer out. So I used the dpkg-reconfigure btsync command and set it to 0. The old peers where cleaned out so I went back to revert the config back to it's original. In the "wizard" it stated that leaving it blank would render the default value of 7 days. So I removed the 0 and saved the configuration. This might have been a mistake on my part but the configuration tool actually seems broken in this distribution.

Error

After doing that I could not set the value via dpkg-reconfigure btsync to anything else and no peers could connect or where contacted. Right after recycling the daemon they showed up for a few seconds and then disconnected. Since I'm running the free, unlicensed version, I can't switch owner of the folders so I had to get this online again. Changing config files didn't matter since they were, as stated in them, overwritten every time the daemon started again.

Solution

Finally I downloaded the latest version from the getsync.com website and unpacked it in the temp folder. Looking at the command line used in the /etc/init.d/btsync script I could find what config file it used. So I started the latest version, which have support for "power user options" in the UI, with the same config file parameter. Went in to the UI and changed the peer_expiration_days back to it's original value, there even is a reset value link. Then shot down the process and started the original daemon with init.d and order where restored.

18May/1616

WD MyPassport Wireless with BitTorrent Sync

SD-card backups in the field as well as automatic upload to your NAS whenever you have an internet connection? Yes it can be done with Western Digital MyPassport Wireless and BitTorrent Sync!

In the past I have always uploaded the footage from my GoPro and compact camera via my laptop in the hotel rooms (or where ever I can find an internet connection). I wanted a more streamlined process and an easy way to empty an SD-card in the field. The MyPassport Wireless takes care of the first problem out of the box. With a built in SD-card reader you can move all content on an SD-card to the built in hard drive. Just set it up to do an automatic copy as soon as an SD-card is present in the reader and it will dump everything to disc.

I also wanted to make an "of site" backup whenever possible. I have been setting up a geo-location backup built on BitTorrent Sync so I already have those servers in place. Since the MyPassport Wireless is ARM based, like a Raspberry Pi, it's pretty straight forward to setup BtSync on this device. It also has built in support for accessing wifi hotspots and connect to the Internet. This can be done via the mobile app. So this guide will give you the following functionality:

  • Dump SD-cards to a hard drive just by carrying the small WD MyPassport Wireless
  • When ever it's conected to the Internet it will start to sync all the new data to your BitTorrent Sync servers.

I'm not sure what the WD warranty would say about this so you do this on your own risk. There is no package manager installed on the MyPassport Wireless so it all have to be done manually. I'm making no claims that this is the best way to do it but I have been testing it out for a while now and it works great so far. Continue reading...

5May/162

WD NAS: Enable FTPS

Sending unencrypted FTP across the internet is a bad idea! You send your credentials in plain text compromising access security as well as the data your sending. My book live duo has, as most NAS products, support for unencrypted FTP. Since it's based on vsftpd it's only a matter of configuration to make it a much more secure FTPS implementation instead. In this post I'm using my Western Digital My Book Live Duo but this is applicable to most Western Digital NAS products and many other brands as well.

Enable SSH

First of all we need to enable SSH to be able to get access more configuration options for the FTP service. By accessing http://{WD IP-address}/UI/ssh you will see a screen where you can enable SSH access and get the root password.

Enable SSH

After this we can connect to the Live Duo via SSH. I recommend that you change the root password the first thing you do, use the passwd command to accomplish this.

Create certificate

The My Book Live Duo, and probably most of the other models as well (since the share much of the firmware), already have openssl installed which we can use to create the certificate. First we need to create a folder for the certificates and generate them. I generate both 2048bit and 4096bit certificates since I want to test the performance difference (see below). You should not use the 1024bit key length since that has been proven to be weak and can be broken.

mkdir /etc/ssl/ftp
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/ftp/vsftpd_2048.key -out /etc/ssl/ftp/vsftpd_2048.pem
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl/ftp/vsftpd_4096.key -out /etc/ssl/ftp/vsftpd_4096.pem

You will be asked a bunch of questions about location and other stuff. You can more or less put in whatever you like since this is a self signed certificate it will never automatically be trusted by clients anyway so the information is pretty much irrelevant.

Configure FTP (vsftpd)

The My Book Live Duo already have an FTP service that you can enable from the UI. It use vsftpd which supports SSL and TLS, which we want to use for this, as long as OpenSSL is available on the box and apparently it is since we generated the certificates. First we make a copy of the original conf file for save keeping and then open it for editing.

cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
nano /etc/vsftpd.conf

At the end of the file we add:

#SSL CONF
rsa_cert_file=/etc/ssl/ftp/vsftpd_2048.pem
rsa_private_key_file=/etc/ssl/ftp/vsftpd_2048.key

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

require_ssl_reuse=NO
ssl_ciphers=HIGH

Then CTRL + O to save and then CTRL + X to exit nano. Then we restart the FTP service.

/etc/init.d/vsftpd restart

filezilla_ssl_warning

Now you can try it from Filezilla, or what ever client software you like that supports ftps. In Filezilla you will get this certificate warning where you can see the additional information you put in when you created the certificate.

Performance - 2048 vs 4096

First run with the configuration above gave me around 8.9MiB/s transfer speeds and the CPU of the Live Book Duo was around 89%. I change the certificates to the 4096bit ones, restart the service and try again. More or less got the same numbers with the higher encryption so the CPU is not the bottleneck for the throughput. At the same time I'm not running any other services besides the SMB shares on this device.

Make backup of the config file

cp /etc/vsftpd.conf* /shares/Backup/

The backup is good to have if a firmware update changes the config file back. I have tried to enable and disable the FTP service and that doesn't effect the configuration at least.

20Apr/160

Raspberry Pi: Wifi AP-client

You have a wifi connection but need an Ethernet connection or need to share it with several computers over Ethernet? That can be easily accomplished with a Raspberry Pi. Sometimes I need two different internet connection for testing different setups. In addition to my own internet connection there is community wifi in public areas in my apartment complex. Since I live right my the pool I can connect to that wifi at my window. To make it easy to use I wanted a router that I could use as my default gateway on any computer or server to access the secondary internet connection. To accomplish this I used a Raspberry Pi 2 with the latest version of Raspian.

Basic setup

I presume that people interesting in doing this kind of setup have the basic knowledge in setting up the Raspberry Pi, like expanding the file system and setting the root password. There are enough guides out there so I'm not going to cover that in this post. Instead we jump right into configuring the wifi. If you use a Raspberry Pi 3 you can use the built in wifi but this guide will work with any Raspberry Pi compatible dongle. Depending on the distance and quality of the signal you might need to opt for one with a better antenna.

If we run cat /etc/network/interfaces we can see that wlan0 refers to /etc/wpa_supplicant/wpa_supplicant.conf for configuration. So let's go ahead and edit that configuration file with sudo nano /etc/wpa_supplicant/wpa_supplicant.conf. The contents looks something like this:

country=GB
 ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
 update_config=1

You can change the country to where ever you are but in most cases you can just leave it be. Some countries use different channels and might need additional configuration. I went with the basic GB even though I'm in the US and it works fine. Then we need to add the configuration for our network, just append it at the end. This guide is for a WPA2 secured network and you should not use anything else for security reasons.

network={
    ssid="xxxxxx"
    psk="xxxxxx"
    proto=RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP
    auth_alg=OPEN
}

Here is a basic outline of what these parameters are for:

SSID - Name of the network you want to connect to.
PSK - Password for the network.
PROTO - RSN = WPA2, WPA = WPA1.
KEY_MGMT - WPA-PSK = Preshared key (regular wifi password setup), WPA-EAP = Authentication via enterprise authentication server.
PAIRWISE - CCMP = AES cipher (WPA2), TKIP = TKIP cipher (WPA1).
AUTH_ALG - OPEN = WPA2

Save that file and exit nano, now we can restart the connection and see that it works.

sudo wpa_action wlan0 stop
sudo ifup wlan0

It will take a while for the DHCP to finish. Then we can check the status in with sudo wpa_cli status. Now we want to make sure that the Raspberry Pi actually uses the internet connection from the wifi and not the local one. Also I want a static ip-address on the Raspberry Pi since it's going to be a router. In raspbian jessie this can't be done from /etc/network/interfaces anymore so we need to add these two lines to /etc/dhcpcd.conf.

interface eth0
static ip_address=192.168.0.2/24

This will make the IP-address 192.168.0.2, subnet mask will be 255.255.255.0 and the lack of default gateway will route all internet traffic over the wifi. I also disable ipv6 since my internal network uses that and I don't want any traffic to spill over that connection. sudo nano /etc/sysctl.conf and add this line at the end:

net.ipv6.conf.all.disable_ipv6 = 1

Then reload the settings and reboot the Raspberry Pi to get the new network settings.

sudo sysctl -p
sudo reboot

Setup forwarding

After reconnecting to the new ip-address we need to enable forwarding. sudo nano /etc/sysctl.conf again and add this line:

nnet.ipv4.ip_forward = 1

And then reload the settings

sudo sysctl -p

Configure IPtables

Then we need to setup iptables to take care of forwarding, NAT and also security.

sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

Setup NAT from internal network (eth0) out onto the wifi (wlan0).

sudo iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT

Allow all traffic from inside to outside.

sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT[/bash]

Allow all established connection back in (let the response through).

sudo iptables -A INPUT -i lo -j ACCEPT

Allow loopback traffic. This is very important otherwise some services will not work on the Raspberry Pi.

sudo iptables -A INPUT -i eth0 -p icmp -j ACCEPT

Allow ping from the local network.

sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

Allow SSH from internal network.

sudo iptables -A INPUT -i eth0 -p tcp --dport 10000 -j ACCEPT

Allow webmin from local network (see below).

sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Allow responses to traffic we initialized.

sudo iptables -P FORWARD DROP
sudo iptables -P INPUT DROP

Lock it down, disallowing all traffic we didn't specify above

sudo apt-get install iptables-persistent
sudo systemctl enable netfilter-persistent

We make the iptable rules we just added persistent after reboot, just answer yes on the questions in the install. The second command will make it persistent after reboot. If you change any iptable rules after this just run the command below to save them. A reference to iptables can be found here http://ipset.netfilter.org/iptables.man.html

sudo netfilter-persistent save

Now our new router is ready to rock! Just change the local clients default gateway to 192.168.0.2 and you will go out to the internet over the new connection.

Install additional packages

Since I'm going to use this for testing purposes I want quick access to config of iptables for example. For this I want to install webmin which is a web based UI for configuring different services on Linux systems. First we need to add the webmin repository to our sources list, so sudo nano /etc/apt/sources.list and add these two lines at the end.

deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

Install the repository key so the packages can be verified.

wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc

Then update and install.

sudo apt-get update
sudo apt-get install webmin

Now you can browse to https://192.168.0.2:10000 and login with your pi account. There are extensive documentation for this software online so I'm not going deeper into it in this post but it's an easy way to change the configuration of your box without the need to SSH into it each time. I also want speedtest-cli installed so I can test the speed of the connection. It's just a CLI implementation of the speedtest.net website so you can test the connection speed.

install speedtest-cli for testing as well