Arch Linux and running applications in terminal as root.

Want to run app as root from the terminal? Its a bad idea from a security point of view. You need it for debugging / testing for permission issues? Ok I guess…

Running application from terminal as root will give You errors:

[root@wishmasus andrzejl]# systemsettings
No protocol specified
systemsettings: cannot connect to X server :0

[root@wishmasus andrzejl]#

To fix this add these 2 lines (modified properly):

export XAUTHORITY=/home/username/.Xauthority
export $(dbus-launch)

to this file:

/root/.bashrc

Close the terminal, re-open it, use su to gain root’s privilages and try running application again.

IF You don’t want to add this line:

export $(dbus-launch)

You can skip it but then some of the apps will spit out errors:

[root@wishmasus andrzejl]# systemsettings
QDBusConnection: session D-Bus connection created before QCoreApplication. Application may misbehave.
systemsettings(6839): KUniqueApplication: Cannot find the D-Bus session server: “Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.”

systemsettings(6838): KUniqueApplication: Pipe closed unexpectedly.

[root@wishmasus andrzejl]#

and You will need to start them with dbus-launch prefix like this:

dbus-launch systemsettings

Cheers.

Andrzej

Thank You very very much Sarah from Vodafone Ireland Customer Care helpline.

I had a dilemma today…

I am planning a “little” trip soonish and by little I mean 4 hours drive one way. It will be boring and tedious and on top of that the driver decided to not to take their own car so there is total smoking / vaping ban… Lovely… I thought – IF I am going to survive this – I need Internet on my phone… So I went to the Vodafone Ireland website to check their offers. 2 things I could do:

– spend €15 and buy 1GB internet bundle or
– opt into the FREEINT

What is the FREEINT? At the moment every time I top up with €20+ voucher I will receive 30 days of free Vodafone to Vodafone calls and text messages and 20+ Cherry Points. Good enough. FREEINT will however add 250MB of Internet data allowance to them.

Both options are great! The only problem is… I have ~€19 of credit on my phone. I don’t want to spend 3/4 of it buying a 1GB of the Internet add-on which I won’t use anyway, neither do I want to opt into FREEINT because I will need to top up my phone with €20 voucher 2 weeks ahead of time if I want to get the internet add-on… I am short on cash… It’s a week when ESB bill and rent came together… I bet You know the pain.

So… I thought MAYBE I will give Vodafone Customer Care a call. Maybe they have cheaper add-ons like a 100MB for a fiver or something like that. After going thorough the automated menu I finally had an option to speak to customer service representative. “Vodafone Customer care Sarah speaking. How can I help You?“. Polite Young woman (after confirming my identity with several security questions) patiently listened to my story. She told me about the 1GB for €15 add-on and about the FREEINT options that I had. Unfortunately there were no other (cheaper) internet bundles that the Vodafone was providing at the moment. “I am screwed.” I thought. But then Sarah said something that made my day. “I will opt You into the FREEINT, then I will top up Your account with €20 to activate it and then I will take the €20 out from Your account. I will do that as an exception…” WOW! I was floored… I could not believe it… Thank You very very much Sarah. You are a good person and a lifesaver… This means that I get the 250MB internet allowance for free and I don’t have to purchase the 1GB internet add-on or top up with €20…

I am very pleased. Thank You again Sarah from Vodafone Ireland Customer Care.

Cheers.

Andrzej

Edit 01: The Dublin trip may not be such a PITA after all… Unexpected change of driver may change many aspects of the trip. Positive vibes… at last.

My changes in the Tempera theme.

I am loving this theme but there were few changes I had to make… (with most of them I received help from Olgierd – thanks Olo!).

Added these:

#bg_image {
max-width: 100%;
height: auto;
}

.entry-content blockquote {margin-bottom: 1em;}

code, pre { background: #333; color: #18ef18 !important; }

.widget-container {
padding:2px;
margin: 2px 0 5px 0;
}

.widget-container ul li {
display:block;
float:none;
margin-bottom:2px;
}

to the Custom CSS section in the Miscellaneous settings of the Tempera:

Tempera_Settings_Miscelaneus_Custom_CSS.png

And then I had to comment few things out in the style.css file body.

/* */ out the:

white-space: nowrap;

in the:

.entry-content code {
border: 1px solid transparent;
border-bottom:3px solid transparent;
clear: both;
display: block;
float: none;
margin: 0 auto;
overflow: auto;
padding: 10px !important;
text-indent: 0;
white-space: nowrap;
}

/* */ out the

height:100%

in the:

#header-container {
display:block;
float:none;
position:absolute;
top:0px;
width:100%;
height:100%;
}

And here is my theme options export file.

Last step was to replace the files Etsy.png and Technocrati.png in the /var/www/html/wordpresswp-content/themes/tempera/images/socials/ folder with the custom SMF Forum and Piwigo icons that I have created in Inkscape.

Custom_Icons.png

Tadaaaa… All done ;).

Cheers.

Andrzej

Kdiff3… I am loving this tool… Tempera’s theme upgrade – almost a headache… Almost…

I have noticed that there is an upgrade of the Tempera theme that I am using (and enjoying very much). I did the upgrade just to realize that it overwrote my style.css file changes (I did it improperly – I should have added it in custom css file – this way it would not be overwritten – so I don’t blame them). I have a backup! HELL YEAH! But… the style.css file is 2000+ lines long – I don’t remember which lines were added / removed / modified by myself and which were not… How would I compare them? I tried diff command line tool few times. Its… not for me – not for such big task. I remembered reading about kde tool that will do the same thing… Lo and behold… Kdiff3. FANTASTIC tool. Simple. Clear. Very user friendly. Very ejeet-proof. Very very easy to read. PERFECT. Thanks to this tool I had all the changes highlighted and fixing my theme was a breeze instead of a headache. Recommending kdiff3 to anyone. Its utterly freakin brilliant.

"So You say You want to compare 2 files? Point me to them!"

Comparing_2_Files_With_kdiff3_001.png

"You don't have to search for the differences... I will clearly mark them on the scroll bar for You..."

Comparing_2_Files_With_kdiff3_002.png

"And I will add those green and blue rectangles and other visual hints so You don't get confused!"

Comparing_2_Files_With_kdiff3_003.png

Cheers.

Andrzej

Embedding, resizing and centering YouTube videos in WordPress posts.

I got very much annoyed by the fact that when I was adding YouTube video links the player size was just bloody huge… I tried finding the solution for it and at first it seemed like I have 2 choices… WordPress shortcodes or some 3rd party plug-in recommended by few users. I don’t want to add a 3rd party plug-in so I got left with shortcodes… and they simply suck… Example? You can find this on their examples site:

[youtube=https://www.youtube.com/watch?v=JaNH56Vpg-A&w=320]

[youtube=https://www.youtube.com/watch?v=JaNH56Vpg-A&w=320]

and as You can see it does nothing of what its promising. It behaves like a politician after the won elections. It just sits there and does absolutely nothing…

It almost seemed like I am out of the options… and then I have found this… I tried it using the same video as above…

[embed width=320]https://www.youtube.com/watch?v=JaNH56Vpg-A[/embed]

https://www.youtube.com/watch?v=JaNH56Vpg-A

[embed height=320]https://www.youtube.com/watch?v=JaNH56Vpg-A[/embed]

https://www.youtube.com/watch?v=JaNH56Vpg-A

Results are promising…

It’s embedded and resized. Now… Let’s try centering… Wrapping the whole thing in:

<p style="text-align: center;">TheWholeThing</p>

<p style="text-align: center;">[embed width=480]https://www.youtube.com/watch?v=JaNH56Vpg-A[/embed]</p>

https://www.youtube.com/watch?v=JaNH56Vpg-A

So… Centering works…

Now lets try starting it at 20 seconds… adding:

&#t=00m20s

<p style="text-align: center;">[embed width=640]https://www.youtube.com/watch?v=JaNH56Vpg-A&#t=00m20s[/embed]</p>

https://www.youtube.com/watch?v=JaNH56Vpg-A&#t=00m20s

That works too…

So… Embedding? &#x2713 Resizing? &#x2713 Centering? &#x2713 Starting at a certain time? &#x2713

All good.

Cheers.

Andrzej

Sometimes… On a very rare occasions I think that we might have made a mistake…

Sometimes… On a very rare occasions I think that we might have made a mistake when we have decided not to have children.

Hearing the neighbors kids playing in the garden next door is a very painful and very quick remedy for this situation…

It sounds roughly something like this:

Thank you neighbor’s kids for reassuring us in the moments of doubt…

And now if You don’t mind…

Shut_Your_Pie_Holes_And_Get_Of_My_Lawn.jpg

Cheers.

Andrzej

How to find all the empty folders inside a current folder using terminal? How to filter the output of the command to only show folders that name DOES NOT match a certain pattern?

Hi.

How to find all the empty folders inside a current folder using terminal? How to filter the output of the command to only show folders that name DOES NOT match a certain pattern?

It’s simple:

find . -depth -type d -empty | grep -i -v -e "pattern"

You can filter out more then one pattern:

find . -depth -type d -empty | grep -i -v -e "pattern1" -e "pattern2" -e "pattern3" -e "pattern4"

This command will find all the empty folders in the current (.) folder and will grep (ignoring the UPPER or lower case) for names that DO NOT match the pattern word and will display only those names.

Cheers.

Andrzej

Passwordless SSH authentication. Using authentication keys.

Hi all.

It would drive me bananas if I would have to remember password for each and every of my shell accounts… Using password as an authentication method is also not the greatest thing as the password could be brute-forced… Leaving the account with no password is unacceptable however from the security point of view. Solution? Use authentication keys – public and private.

How to get them? Its very easy.

Open terminal on Your local machine.

Use command:

ssh-keygen -t rsa -b 8192

When asked for:

Enter file in which to save the key (/home/mylogin/.ssh/id_rsa):

Press [ENTER].

Enter passphrase (empty for no passphrase)

Press [ENTER].

Enter same passphrase again:

Press [ENTER].

Passwordless_SSH_authentication_Using_authentication_keys_001-1024x546.png

[andrzejl@wishmasus ~]$ ssh-keygen -t rsa -b 8192
Generating public/private rsa key pair.
Enter file in which to save the key (/home/andrzejl/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/andrzejl/.ssh/id_rsa.
Your public key has been saved in /home/andrzejl/.ssh/id_rsa.pub.
The key fingerprint is:
c4:f6:76:41:cb:00:ac:88:4b:d8:fd:67:2e:75:91:30 andrzejl@wishmasus.loc
The key's randomart image is:
...
Randomart
...
[andrzejl@wishmasus ~]

SO what You did so far? You have generated a pair of authenticating keys. Private – which is for Your eyes only and public which can be shown to anyone.

Keys are placed in those two files:

PRIVATE KEY:

~/.ssh/id_rsa

PUBLIC KEY:

~/.ssh/id_rsa.pub

Run this command:

cat ~/.ssh/id_rsa.pub

Lets say it spits out this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDITvIRB6YbQlkp0GuXSnxtYANQqQ6mw4zhvDsEjW4xfpg63PvUsJepeD7QtCZr06iuWM2lmTKWtKgALIgRvJtL1v483EAyHSap84Q2+j5AC+wuLTuwYB41QkRZzUAW0+vvTUOAoRZdpSGU6F0FQJ73rQPBkwrJp+qD/0Pa5+eVH1fXOM/A5/F0LLOV1Bp92X9Pjd9RmL4BFAeRcEiOyUUklpDI1rDFcpOWxRBsWK/vnp2KEM6nPemIPYrie4wDqkOJtch32xcx70qXoJZVBZvo26T/PpHjUbOlV1XjBP9IlL/oEXkCRowP7tu2ZnRPnv8CQ2780IVee0QATXTS+Fw5yuUJfO/HMyOH2tmO2whgqr+MoLOOigmcXESeKb+LAysrudmc94cdnqxeAKPmUjIkILeQUDpHJQtwOFpE+1Ls/KGsZ4ThY6UkopuHVp3nYBNL7TOwyqAR9yv/afsLFwmseQ8sbo1doPDAf3XZItY70jLos5xIMs/ZdDkyV+XN+EIynG0pqd8+2Rz31ZxeIbNTt1zEEd52TImOKa/ibPHvObtvPEN5fYsptWNjSHDSWF6qFrCdEr1+yJAkMQt1VkZGkbN3Cru8zjaVWJx9oXkNRZ0TlSC3McuP9BThK6WoEAifrQA7NpDEdFOxWPnknI0gI7wUYPEYKQLG5b9ABP4GfKc8C9DzCCNzaQnPcJ9P9BmlHELEEBuIOLIDDzsxoJ7WB/NmUmwKVpCqwaqsHOiZuwFaFKtyJAY39i1qC6MDsQRuPUuAnui4QM0yKyhOyRr9GUJzfSlZ5jzRTD8v8Ri9V+aaAqJgJ7nEk2wRrhoAwIO8G3j1+5EALy1l1AnurZMbwVyDZDoDbgkbHwIBnoL6xGHZbLQA7vCpRk+1PmdGe7Hql+4mz06TUyavkWQPgl+OLtJT99/i5Lm8glgyNvrMsZsK9hptXnc3iWrpn43CpqUfjdQmaP+x2aKNDnz/rkCfPUZTr3hZz/LnRFzxNKp3FriNbsUUEEnmf/3UVh939krsMCa/INScILeCrdV0Zgy9XN2SfidMNep2dIyAjIRGuiBqsauHbJ31ZB9XRRqkRoj3RrNXaWIQe471oBsw+5oA2Y+v40ksdbR0VU600teLDbU9yMaf839zVHzoZKBswu9nO6DhO41ffHEHJ+oprLbcC9C/W8N5v/WmqNE10fOLFasF1j/N/sup6wIhXzQ8xiiJ+0PrR88k64pGl2Bb9zySUR0lfSibv4nMt904xV8ebdgH++B9h9KGUJMD4iPPkC7an7EyGA+apf70aMEOzjKe+G4bSdCBkkAnUXzP3G5lo0D6nL+Zo/AIBUjSF5bcsC4NP04E2zD7S/uTNAC93BSZ andrzejl@wishmasus.loc

Now copy this ^^^ ENTIRE line.

Now that You have generated authentication keys and copied the public one – You have to place the public key in a file on the remote machine. Not just any file. Its a specific file in a specific folder both with a specific permissions.

Passwordless_SSH_authentication_Using_authentication_keys_002-1024x543.png

Open new terminal. Ssh Yourself to the remotemachine.net

ssh -p 22 -l mylogin remotemachine.net

Create directory in .ssh in Your home folder

mkdir ~/.ssh

Give it correct permissions:

chmod 700 ~/.ssh

Create file authorized_keys in the newly created directory

touch ~/.ssh/authorized_keys

Give it correct permissions:

chmod 600 ~/.ssh/authorized_keys

Paste the content previously copied from the cat /home/mylogin/.ssh/id_rsa.pub command combined with

echo "PASTE" > ~/.ssh/authorized_keys

Example:

echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDITvIRB6YbQlkp0GuXSnxtYANQqQ6mw4zhvDsEjW4xfpg63PvUsJepeD7QtCZr06iuWM2lmTKWtKgALIgRvJtL1v483EAyHSap84Q2+j5AC+wuLTuwYB41QkRZzUAW0+vvTUOAoRZdpSGU6F0FQJ73rQPBkwrJp+qD/0Pa5+eVH1fXOM/A5/F0LLOV1Bp92X9Pjd9RmL4BFAeRcEiOyUUklpDI1rDFcpOWxRBsWK/vnp2KEM6nPemIPYrie4wDqkOJtch32xcx70qXoJZVBZvo26T/PpHjUbOlV1XjBP9IlL/oEXkCRowP7tu2ZnRPnv8CQ2780IVee0QATXTS+Fw5yuUJfO/HMyOH2tmO2whgqr+MoLOOigmcXESeKb+LAysrudmc94cdnqxeAKPmUjIkILeQUDpHJQtwOFpE+1Ls/KGsZ4ThY6UkopuHVp3nYBNL7TOwyqAR9yv/afsLFwmseQ8sbo1doPDAf3XZItY70jLos5xIMs/ZdDkyV+XN+EIynG0pqd8+2Rz31ZxeIbNTt1zEEd52TImOKa/ibPHvObtvPEN5fYsptWNjSHDSWF6qFrCdEr1+yJAkMQt1VkZGkbN3Cru8zjaVWJx9oXkNRZ0TlSC3McuP9BThK6WoEAifrQA7NpDEdFOxWPnknI0gI7wUYPEYKQLG5b9ABP4GfKc8C9DzCCNzaQnPcJ9P9BmlHELEEBuIOLIDDzsxoJ7WB/NmUmwKVpCqwaqsHOiZuwFaFKtyJAY39i1qC6MDsQRuPUuAnui4QM0yKyhOyRr9GUJzfSlZ5jzRTD8v8Ri9V+aaAqJgJ7nEk2wRrhoAwIO8G3j1+5EALy1l1AnurZMbwVyDZDoDbgkbHwIBnoL6xGHZbLQA7vCpRk+1PmdGe7Hql+4mz06TUyavkWQPgl+OLtJT99/i5Lm8glgyNvrMsZsK9hptXnc3iWrpn43CpqUfjdQmaP+x2aKNDnz/rkCfPUZTr3hZz/LnRFzxNKp3FriNbsUUEEnmf/3UVh939krsMCa/INScILeCrdV0Zgy9XN2SfidMNep2dIyAjIRGuiBqsauHbJ31ZB9XRRqkRoj3RrNXaWIQe471oBsw+5oA2Y+v40ksdbR0VU600teLDbU9yMaf839zVHzoZKBswu9nO6DhO41ffHEHJ+oprLbcC9C/W8N5v/WmqNE10fOLFasF1j/N/sup6wIhXzQ8xiiJ+0PrR88k64pGl2Bb9zySUR0lfSibv4nMt904xV8ebdgH++B9h9KGUJMD4iPPkC7an7EyGA+apf70aMEOzjKe+G4bSdCBkkAnUXzP3G5lo0D6nL+Zo/AIBUjSF5bcsC4NP04E2zD7S/uTNAC93BSZ andrzejl@wishmasus.loc" > ~/.ssh/authorized_keys

Logout from the remote machine:

exit

Log back in.

ssh -p 22 -l mylogin remotemachine.net

Remote ssh server shouldn’t ask for a password. If it does – You messed up…

You can use 1 private key to connect to multiple servers. Just copy the public key to all of them like I explained above. Permissions are crucial. 700 for the .ssh folder and 600 for the authorized_keys file. 99% of errors are connected to the wrong permissions of the folder / file or due to the wrong file name.

Cheers.

Andrzej

SSH installation and first steps…

SSH as in Secure SHell in the words of wikipedia:

Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. It connects, via a secure channel over an insecure network, a server and a client running SSH server and SSH client programs, respectively.

Its great. Its awesome. Its fantastic. Its the best thing since the sliced bread…

Install it:

pacman -S openssh

Enable it:

systemctl enable sshd

Start it:

systemctl start sshd

By default sshd uses port 22. Make sure that its open in Your firewall.

Now go to Your other machine and type in:

ssh -p 22 -l loginTOtheREMOTEmachine ipORhostname

Port, login and ip / hostname can vary but in general the command should look something like this:

ssh -p 22 -l andrzejl 192.168.0.100

If You did everything properly – You should see a password prompt from the remote machine. Type in the password. There… You are now in control of the remote computer.

Cheers.

Andrzej

Secure access to the website’s resources with .htaccess and .htpasswd files.

This is a very loose translation of this article by SloniuPL. Its actually an improvement as You don’t have to rely on a 3rd party website to generate password hashes plus there is no password length limit and the encryption used is not md5 but far more secure bcrypt.

Secure access to the website’s resources with .htaccess and .htpasswd files.

So… You have this subdomain on Your httpd (apache) server that You want to restrict access to? Awesome…

Use the .htaccess and .htpasswd files to demand authorization. How? Ok.

Lets say that the root of Your website is located in /var/www/html/ and in there You have this SuperSecret folder that You want to password protect.

Go into this folder:

cd /var/www/html/SuperSecret/

Create the .htaccess file:

mcedit .htaccess

Paste this as a content:

AuthName "Speak friend and enter:"
AuthType Basic
AuthUserFile /var/www/html/SuperSecret/.htpasswd
Require valid-user

F2 to save the file, F10 to close mcedit.

Now we will use the htpasswd utility to generate access credentials.

htpasswd comes with apache:

[root@icsserver andrzejl]# which htpasswd
/sbin/htpasswd
[root@icsserver andrzejl]# pacman -Q –owns /sbin/htpasswd
/sbin/htpasswd is owned by apache 2.4.9-1

If You want to know more about it read man page or --help. I will just show You how to create login credentials just how I do it.

Lets say that You want to give access to this folder to:

User Name: Gandalf
Password: mellon

I would run this command because it will create the most secure password hash:

htpasswd -nb -B -C 31 Gandalf mellon

but.. FAIR WARNING: It will take forever and a day to generate that password hash – IF Your machine is not up to the task it may even freeze / crash (not just during the password hash generation but also during the browsing of the password protected resources!) – use lower value (think 3 times before going with something higher then 10!) for the -C switch. 5 is default, accepted values are between 4 and 31. The higher the value – the more time and cpu power is used to generate the password’s hash – the more secure it is. Let’s go with:

htpasswd -nb -B -C 10 Gandalf mellon

The result will look somewhat like this:

[root@icsserver SuperSecret]# htpasswd -nb -B -C 10 Gandalf mellon
Gandalf:$2y$15$q6v13VuSpKmmwJmjXRZiruxYZY5HJZr4u3zEupS5OI2uGrhkJSZ0q
[root@icsserver SuperSecret]#

Copy the line that the command spat out and run:

mcedit .htpasswd

Paste the Gandalf:$2y$15$q6v13VuSpKmmwJmjXRZiruxYZY5HJZr4u3zEupS5OI2uGrhkJSZ0q bit, F2 to save the file, F10 to close mcedit.

If You want more users to have access to this folder generate the password hashes for all of them using the same command we have used before and paste them in the .htpasswd file (every user in a separate line).

Secure_access_to_the-websites_resources_with_.htaccess_and_.htpasswd_files_001-1024x546.png

From now on if someone tries to join Your https://domain.loc/SuperSecret (or any subdirectory in the SuperSecret) they will see a password prompt.

Secure_access_to_the-websites_resources_with_.htaccess_and_.htpasswd_files_002.png

AND if they will fail…

Secure_access_to_the-websites_resources_with_.htaccess_and_.htpasswd_files_003.png

That’s all that they will see ;)…

Cheers.

Andrzej

P.S. Passwords like mellon are to short / simple – they should never be used – it was just an example / Lord of The Rings reference ;).