Category Archives: Articles in english

hardening ssh (debian wheezy)

LogJam requires some action. (Article in german) Update (open-)ssh to a recent version (6.6)   $ echo "deb http://ftp.de.debian.org/debian wheezy-backports main" | sudo tee -a /etc/apt/sources.list $ sudo apt-get -u update $ sudo apt-get install -t wheezy-backports ssh $ sudo apt-get autoremove Harden crypto   $ sudo tee -a /etc/ssh/sshd_config <<EOF_SSH_CFG   # https://stribika.github.io/2015/01/04/secure-secure-shell.html KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 […]

redmine & chruby (fetch emails)

  #!/bin/bash # chruby needs bash # # # redmine email import with chruby. # # # Put this script into <redmine_dir>/script and a set crontab like # $ sudo -u www-data crontab -l # */15 * * * * <redmine_dir>/script/fetch-email.sh # cd "$(dirname "$0")/.."   log="log/$(basename "$0" .sh).log" cat >> "$log" <<EOF   $(date […]

lua & timezones by name

A bit hard to puzzle due to scarce documentation. #!/usr/bin/env lua local luatz = require ‘luatz’ — https://github.com/daurnimator/luatz/   local tz_name = ‘Europe/Berlin’ local ts_loc = luatz.time({year=2014, month=12, day=31, hour=23, min=59})   — %z isn’t supported yet: https://github.com/daurnimator/luatz/blob/523b2e0f1ece77c569f6db4c040886ed3124512e/luatz/strftime.lua#L178 local function tz_off_iso8601(tz_offset_seconds) local separator = ” — 8601 %z compliant — separator = ‘:’ — 8601 […]

Why PHP is utterly broken

tl;dr: neither does DATE_RFC1123 produce a rfc1123-date, nor does DATE_RFC850 a rfc850-date. What sense does that make? This example may look scrupulous but seems typical. Mind the mandatory word ‘GMT‘ at the end of rfc1123-date. While DATE_RFC1123 renders something ending with +0000. Which is the same timezone but not the same string. So DATE_RFC1123 is useless for HTTP headers (RFC2616). I wonder what else […]

Validate GPX

$ xmllint –noout –schema http://www.topografix.com/GPX/1/1/gpx.xsd <gpx file or url>

Key-based FTP authentication

make a strong ssh key $ ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa turn to RFC 4716 $ ssh-keygen -e -f ~/.ssh/id_rsa.pub add to ~/.ssh/authorized_sftpkeys on destination host try out: $ curl -u “<username>:” –key ~/.ssh/id_rsa –pubkey ~/.ssh/id_rsa.pub -T <file to upload> sftp://<target host>/<target path>/ $ lftp -u <username>,xx … sftp://<target host> P.S.: Hetzner FAQ zum […]

Ad Blocking Proxy = abloprox

as an act of digital hygiene, I installed abloprox on a raspi and added this PAC file to save some keystrokes when configuring: function FindProxyForURL(url, host) { if (shExpMatch(host,"*.fritz.box")) return "DIRECT"; if (shExpMatch(host,"*.local")) return "DIRECT"; if (shExpMatch(host,"*.akamaistream.net")) return "DIRECT"; if (shExpMatch(host,"*.m945.mwn.de")) return "DIRECT"; // auto config: // 1. ensure there’s a host ‘wpad’ in the current […]

Opening Xcode projects and workspaces

Inspired by ortas post about it I came up with this one-liner: alias openx=’open *.xcworkspace 2>/dev/null || open *.xcodeproj 2>/dev/null || echo "nagnagnag"’

Download WWDC2014 session pdf + mov

. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 #!/bin/sh cd "$(dirname "$0")"   PREFIX=wwdc2014 bwlimit="1000K"   for url in $(curl https://developer.apple.com/videos/wwdc/2014/ | egrep -hoe ‘[^"]+.pdf[^"]+’) do dst="$PREFIX/$(basename $url ?dl=1)" echo "$dst" curl –output "$dst" –time-cond "$dst" –remote-time –silent –create-dirs –location –limit-rate "$bwlimit" –url […]

install ruby @ OS X

OS X comes with a pretty hung ruby (1.8.7) until ‘Mavericks’. ruby 1.8.7 had it’s planned EOL long ago, even debian/stable nowadays comes with a newer one. So if you’re still running Mountain Lion or older, you may need to install ruby. I chose rbenv and here’s how I did: RTFM install rbenv: $ brew […]