How to prevent https://r.twimg.com/jot from opening

Recently, I noticed that I had a tab opening in Firefox with the URL https://r.twimg.com/jot in a new tab. Apparently, when visiting RSS feeds in Thunderbird, this tracker is opened in another tab, which is quite annoying.

I've read a lot of solutions to this issue, most of them being changes in the settings of either Thunderbird or Firefox. Probably the best solution was to deny ||r.twimg.com/jot through ad block plus.

My solution was a quick hack: I fixed it by adding a patch to /usr/bin/firefox
if [ "`echo $@|grep r.twimg.com/jot`" != "" ]; then
echo jot stopped | logger
exit 0
fi
if [ "`echo $@|grep twitter.com/i/jot`" != "" ]; then
echo jot stopped | logger
exit 0
fi

© GeekLabInfo How to prevent https://r.twimg.com/jot from opening is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

IPv6 neighbour proxy

When experimenting with IPv6 this weekend, I thought it would be cool to give my IPv4-only devices such as my webcam an IPv6 address.

Using Tayga to do NAT64, I could route an IPv6 range to a virtual network interface where Tayga translates incoming packets to IPv4. As Tayga's documentation states: "You will need to select an unused /96 from your site's IPv6 address range which will be used as the NAT64 prefix." Unfortunately, I  only have one single /64 available, a range that should not be split.

What I did, was the following:

Diagram1

This is not really best practice, as hosts in the range 2001:400:1234:567:ffff:0:0:0 - 2001:400:1234:567:ffff:ffff:ffff:ffff  could be located on both the LAN and the Tayga virtual router, it's the only working method for the time being.

The Linux router sends packets for 2001:400:1234:567:ffff::/96 to Tayga instead of direcly to the lan. This works for outside hosts, but hosts on the LAN don't know that packets for this range should be sent to the Linux router.  They try to find my webcam on the LAN, but obviously can't find it.

Neighbour discovery

This looking for the webcam on the LAN is called neighbour discovery. The Neighbour Discovery Protocol performs functions similar to IPv4 ARP for finding other nodes on the same LAN. With above setup, the host at 2001:400:1234:567:ffff::1 is actually off the LAN. The Linux router must tell my laptop to send packets for this IP to the router.

proxy_ndp

You can do this using proxy_ndp, the IPv6 variant of proxy_arp. First enable proxy_ndp by running:

sysctl -w net.ipv6.conf.all.proxy_ndp=1

You can enable this permanently by adding the following line to /etc/sysctl.conf:

net.ipv6.conf.all.proxy_ndp = 1

Then run:

ip -6 neigh add proxy 2001:400:1234:567:ffff::1 dev eth0

This means for the Linux router to generate Neighbour Advertisement messages in response to Neighbour Sollicitation messages for 2001:400:1234:567:ffff::1 that enter through eth0. Note that 2001:400:1234:567:ffff::1 itself is not found on eth0, but on another virtual interface.

ndppd - NDP Proxy Daemon

While proxy_arp could be used to proxy a whole subnet, this appears not to be the case with proxy_ndp. To protect the memory of upstream routers, you can only proxy defined addresses. There is a daemon that can proxy a whole subnet, ndppd. It's available at
http://priv.nu/projects/ndppd/.

Links

Another interesting page on this subject is found at:
http://linux-attitude.fr/post/proxy-ndp-ipv6
(French, use google translate) - multiple /64's in a /56

http://wiki.stocksy.co.uk/wiki/IPv6%2BXen_on_a_Hetzner_server_with_routing_to_dummy0_and_proxy_ndp - exactly what I'm doing, but for other purposes. Just found this page after typing my own.

© GeekLabInfo IPv6 neighbour proxy is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Bash: download and execute shell scripts

Sometimes, when running 1 bash script repeatedly on several different machines, I found that being able to download and immediately execute a script is very handy.

The following command will download a script and immediately execute it:

bash <(curl -s http://geeklab.info/my-script.sh)

This command uses Bash's Process Substitution to do it's job. command2 <(command) means for bash to put the output of command in a pipe and then run command2 [tempfile]. So above statement does the same as:

TMPFILE=$(mktemp /tmp/my.XXXXX)
curl -s http://geeklab.info/my-script.sh > $TMPFILE
bash $TMPFILE
rm $TMPFILE

Process substitution is also very useful when you want to know the difference between the output of two commands:

diff <( command1 ) <( command2 )

Furthermore, it's possible to pipe the contents of the temporary file into command2. For instance:
bash < <(curl http://geeklab.info/my-script.sh) would do the same as:

TMPFILE=$(mktemp /tmp/my.XXXXX)
curl -s http://geeklab.info/my-script.sh > $TMPFILE
bash < $TMPFILE
rm $TMPFILE

With bash, this difference is small, but with other commands, it may not be.

© GeekLabInfo Bash: download and execute shell scripts is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Outlook: Where will sent items be saved?

Some of my colleagues share mailboxes. They have a personal account and a shared account for the group. Their question was: where will sent items be saved?

I found that by default, Outlook 2007 saves sent items in the primary user account. This can be changed in the registry:

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Preferences]
"DelegateSentItemsStyle"=dword:00000001

This is described on this microsoft kb article.

If that doesn't work, try the hotfix from microsoft support.

© GeekLabInfo Outlook: Where will sent items be saved? is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

IPv6 privacy

On most Linux distributions, the right hand part of the IPv6 address is based on the computer's MAC address. As your MAC address is fixed and (in theory) worldwide unique, your computer can be traced anywhere it goes online. While cookies track you all the time, stil having another tracker around is not desired.

The "IPv6 Privacy Extensions" fix this by giving you a regularly changed random IPv6 address.

To enable IPv6 Privacy Extensions, edit the file /etc/sysctl.conf and add these lines:

net.ipv6.conf.wlan0.use_tempaddr = 2
net.ipv6.conf.eth0.use_tempaddr = 2
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2

Still, whenever you go online on a browser that carries your cookies/flash cookies/zombie cookies/supercookies, you may be identified. But at least, it's a little harder to track you.

© GeekLabInfo IPv6 privacy is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 4.00 out of 5)
Loading...

Review: Belkin KVM Omniview 5216K – part 3

Tonight, it's time for part 3 of my Belkin Omniview IP 5216K KVM Switch

End 2010/begin 2011 I bought a Belkin KVM Omniview 5216K. When I first started to use is a few months later, it crashed so often that the device was useless. And if accidentilly, I could connect, keys got stuck so often that typing my username or password was absolutely impossible.

With one of the required reboots, the device finally died on june 17 of that year. After having to deal with a terrible helpdesk that answered things that resemble "so, your car crashed into a canyon? Have you tried to restart your car to fix this?" and weeks of waiting, it finally got replaced by a 32 port switch, the Belkin Omniview IP 5232K KVM Switch..

Since the new device has a new firmware, the stuck keys got a little better. But another problem came up. I just tried to login to the device. And I definitely used the right password. The device is only accessible over VPN, so it's very unlikely that someone else got access to the device. And last time, I had this problem, the device just needed a restart to recognise my password again.

Probably the internal authentication daemon has died or something.

© GeekLabInfo Review: Belkin KVM Omniview 5216K – part 3 is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

How to decrypt a PDF file on Linux

Sometimes, I receive digital invoices in PDF format with a password. That way I shouldn't be able to modify them and commit fraud. Unfortunately, this also makes it impossible to perform normal operations on them, such as removing unneeded specifications or merging all invoices into one single file.

Luckily, most Linux distributions come with a tool that can be used to remove these passwords: ghostscript.

In order to remove the password, simply run:

gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=unencrypted.pdf -c .setpdfwrite -f encrypted.pdf

While this does remove the password, I'm not sure if it does not degrade the quality of the file a little (I don't notice any quality difference, but if you use highres files, you may lose quality).

© GeekLabInfo How to decrypt a PDF file on Linux is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 4.67 out of 5)
Loading...