Inlägg

Visar inlägg från 2016

keybase.txt

Please ignore this post, it is only a proof of identity for https://keybase.io/johanh ================================================================== https://keybase.io/johanh -------------------------------------------------------------------- I hereby claim: * I am an admin of https://baldpenguin.blogspot.com * I am johanh (https://keybase.io/johanh) on keybase. * I have a public key ASDbPq9SjZ5TkkITqw710MGA9aU_Zhu9Q36nAOFhL1gPKgo To do so, I am signing this object: { "body": { "key": { "eldest_kid": "0101676dc63b160044ed9489c75dfcd9e4670d4d278b466a5b9946433dada98d602e0a", "host": "keybase.io", "kid": "0120db3eaf528d9e53924213ab0ef5d0c180f5a53f661bbd437ea700e1612f580f2a0a", "uid": "10c48c0cdf4f071acf09cbc4e3cc0b19", "username": "johanh" }, "service": { "hostname": "baldpenguin.blogspot.com", "protocol": "https:...

Two-factor authentication part 2 - 2FA with SSH

On any linux based server, it is possible to protect SSH with two-factor authentication using the Google Authenticator PAM module. This is actually easy to install and configure. Login to your SSH server and install the module. On Debian (or for instance Raspbian): sudo apt-get install libpam-google-authenticator On Fedora: dnf install google-authenticator Create the verification key for the user. I prefer to not allow root access to a server, so this step should be run as the user that should be able to login: google-authenticator You can answer y to most questions. Finally, you will get a QR code that can be scanned by your phone TOTP app (any standard TOTP application will do). Make sure to store the emergency codes in a safe place, such as a Keepass database or on a paper. Now you need to make a few changes, so that PAM (which is responsible for authentication on most linux systems) asks for the verification code in addition to your password when logging in thr...

Two-factor authentication with TOTP applications

Bild
Many websites and online services offer two-factor authentication (2FA) using SMS or using a Time-based One-Time Password (TOTP) application (some services also offer an email link, but I will not cover it here, although it also adds security in a similar way). It is highly recommended to use two-factor authentication to sign in to websites. It adds one layer of information besides the password, which makes signing in to online websites a bit more secure. The only way someone can get into your account is if they acquire both your password and the secret key on your phone. I prefer TOTP over SMS, because SMS is sometimes more unreliable and slower. (I won't discuss which method is more secure; there are potential vulnerabilities in both use cases depending on device and platform) Time-based One-Time Password A Time-based One-Time Password algorithm calculates a one-time password from a shared secret key and the current time. It is a standard described in RFC 6238 . It re...

Firefox Tracking Protection for all users

Bild
Firefox Tracking protection is a great feature used in Private browsing mode. But turning on Firefox tracking protection permanently has several benefits. According to researchers it makes pages load 44% faster and reduces data usage by 39%. You will also get rid of most personalized advertisement, thus the increased performance. Personally, I prefer to choose my advertisement myself. You can turn on the feature in Firefox by typing about:config in the location bar and hitting enter. Type and find privacy.trackingprotection.enabled and double-click it to toggle it to true. But how to turn this feature on for all users on the same PC ? Usually family members are not tech-savvy enough to mess around in the Firefox configuration interface. Behold, if you are an administrator, you can set a machine-wide setting. You can tell Firefox to read system preferences by creating a file defaults/pref/local-settings.js in the Firefox installation directory. Then set the default preferenc...

SleepyHead in Fedora Copr

Fedora Copr is an automated build system with a repository as output. You upload the source, select desired build systems (Fedora, Redhat) and get one or more rpm packages in repositories automatically. There is now a Fedora 24 Copr repository for SleepyHead: https://copr.fedorainfracloud.org/coprs/johanh/sleepyhead/ This means you can install SleepyHead from command line with: sudo dnf copr enable johanh/sleepyhead sudo dnf install sleepyhead As long as the repository is enabled, you will also receive any updates to SleepyHead when updating your system with dnf update.

SleepyHead Fedora rpm package

Bild
Sleep apnea It is not so bad getting a diagnosis for sleep apnea. Some people are not even aware of their condition. But it is important to get help, because your health could suffer. Some people might feel a little tired, but other could develop serious illnesses. For more information, see https://en.wikipedia.org/wiki/Sleep_apnea . CPAP units So I got this CPAP unit (almost for free because of our Nordic national health insurance). It is locked down, so I can't get any useful data directly out of it. But there is an SD card that is meant to be analyzed by my doctor. And there are free software on the Internet. SleepyHead Meet SleepyHead: http://sleepyhead.jedimark.net This is a very nice and free (GPL3) cross-platform program. Works in Windows, Mac and Linux. It is able to import data from an SD card of the most common CPAP units. There is also support for a few pulse oximeters. Below is a screenshot of the welcome screen. It is important to note that you...

Enabling Hibernation in Fedora 23

By default, Fedora doesn't enable hibernation (suspend to disk). Basically what you need is a big enough swap partition. Then it has to be added to fstab and Grub. Initramfs also has to support resuming from hibernation. On my laptop (MSI GE60) unfortunately the swap partition was too small. Fedora recommends that a swap partition should be half the size of RAM without hibernation and 1.5 the size of RAM with hibernation with 8 GB - 64 GB of RAM [1] . This laptop has 12 GB of RAM, but only a 6 GB swap partition. The partition has to be extended to 18 GB. There is a 250 GB SSD with 174 GB of space in /home (ext4 on LVM). I had to reduce the home partition to 162 GB to free up space for the swap partition. Of course, I had to free up enough space in the filesystem first. It is better to have a few times more free space than the amount to be reduced. Resizing an LVM/ext4 /home partition I don't recommend doing this, unless you have knowledge about partitions and LVM. Yo...

Using Dropbox from command line in Fedora

Dropbox is a file hosting service operated by Dropbox Inc. that offers easy cloud storage on multiple platforms. Note that Dropbox is proprietary software, but offers a free account with up to 2 GB of storage [1] . Personally I've used Dropbox to sync files between PCs and also phones. In Fedora linux, you can install Dropbox from the RPM Fusion repository [2] . This is basically an installer and command line client script for the binary Dropbox daemon (application) that then has to be separately installed by each user. There is also a plugin for nautilus, the file manager: nautilus-dropbox. To install, simply issue on the command line as root (or sudo): dnf install dropbox nautilus-dropbox You could also download the program from Dropbox home page and install it manually [3] . I prefer using the Fedora package, then it will be nicely integrated also in Gnome on a desktop PC. The following instruction is how to install and configure on a headless PC, using only the comm...