Yubikey Full Disk Encryption with LUKS

So I finally got my self a yubikey, and what was the first thing I tried with it – luks full disk encryption. Yea.. better said than done. After a bit of research (read: failed attempts) I found this repo on github, seemed promising. However it didn’t work.. what gives.. after a bit of research into the repo I found a few pull requests that fix a couple of things. I went ahead and cloned the repo, made the changes, and what do you know it works. So I decided to fork the project and added some of the changes here where I’ll attempt to maintain it. See below the README.md.

I’ve tested this on Debian Sid, so your mileage may vary. If it breaks, you get to keep both halfs :).

Pull requests welcome!!!

Read more ›

[one-liners] Find Reverse Depends of a Package

Sometimes you have a package installed and you want to know what other packages depend on it (such as a lib package). This one-liner only works on Debian/Ubuntu (apt/dpkg) based systems, but I’m sure a simmilar method works for rpm based distros such as CentOS.

for depends in $( apt-cache rdepends ${package} ); do dpkg -l | grep ${depends}; done

Where ${package} is the name of the package you are looking to find which other packages are dependent on it. Lets see it in action:

OK so what happened here…

apt-cache rdepends ${package} provides us with a list of packages which depend on the package – which for most cases that would be the end of it. But I like pretty things… So we place that list into a loop, for each package in the list, we run dpkg -l which lists all packages, pipe that into grep ${depends} to list (and colorize*) the results in a nice ordered list.

I could have done this without grep and run dpkg -l ${depends} but then we would get some unnecessary output. This method also makes it easy for scripts looking for the reverse-depends of a given package, and what the install status, versions and architectures are.

* Note: I have a grep alias which includes –color
Tagged with: , , , , ,

Apt-cacher-ng Toggle Proxy on Hosts

Hi everyone and happy Festivus!!

So I was at my parents this morning for one of those non-secular holidays for gifts, and of course I bring my Linux laptop. After the festivities of gift giving, I pop open my lappy and start killing some time – and while doing that also start an apt update (patch your ‘S‘). I then start getting a bunch of errors that apt couldn’t reach any of the repos. I remember I have an apt-cacher-ng proxy running at home and my lappy is configured to use it, so it’s not reachable from where I was. I could have simply VPN’d in – but what’s the fun in that!

On Ubuntu’s page for apt-cacher there’s a few scripts that will automatically enable/disable the proxies (mostly based off ping), either by running the script manually, in cron, or by events such as network. Well none of those were good enough for me; all of them required something that was not in my mobile environment or simply did not like cron/manual running. I ended up taking the ideas (and maybe a line or two) from one of the examples and wrote my own. You can find it here on my gitlab server….

Heres the initial comments:

# Name   : toggle_apt-cache.sh
# Purpose: Toggles usage of proxies listed in ${aptProxyConf}
# Usage  : toggle_apt-cache.sh [start|on|off]
#     start       Same as calling script with no arguments. Run normal test
#                 and enable/disable routines
#     on          Toggle ALL proxies listed in ${aptProxyConf} ON
#     off         Toggle ALL proxies listed in ${aptProxyConf} OFF
# Installation: Make a symlink from where ever this script lives
#               to /etc/network/if-up.d, or simply put the script there:
#  ln -s /path/to/toggle_apt-cache.sh /etc/network/if-up.d/toggle_apt-cache.sh

What’s great about my version, is it uses the file where you have configured your apt proxies and parses out the necessary information. Which is a major plus for me – it means I don’t need to update more than one file when I add/remove/change apt-proxy servers. The script also supports multiple servers listed in a single file and will dynamically enable/disable based on server availability when the script runs. I currently have it symlinked to /etc/network/if-up.d/toggle_apt-cache.sh.

I’m also add at some point support for turning on/off all proxies at once, or individually via toggle_apt-cache.sh [on|off] host.example.com. But that’s an addition for another day.

Hope you all enjoy this…

Tagged with: , , , , , , ,

Raspberry Pi Scanner Server

It’s come time that we (my fiancĂ© and I) required the use of a color printer. My B/W Laser wasn’t going to cut it this year for her class room printings. So we went out an picked up an Epson WP-3620 on sale at BestBuy. It’s an All-In-One like most [read: ALL] consumer printers you’ll find on the market today, this one even came with an Ethernet port (a requirement on my network 🙂 ). The printer portion of the printer setup just fine as one would expect – but network scanning has been an issue. Not because I have it setup as a wired printer, but because my quest for the perfect network I have ALL network peripherals / IoT devices on a separate VLANs (if you question why, here’s an example, and another, and another). However by doing this and making my network more secure, the secret sauce Epson uses to make network scanning … well … work … is defeated. I assume it uses some form of NetBIOS as the port is listening and Wireshark shows lots of NB packets during the setup, but I cannot seem to get it to work properly without it being on the same subnet as my production rigs (maybe WiFi direct would work – but I disabled that). SANE straight will not connect to it via the network, however USB works fine and is officially supported.

So to make scanning work (and please my future wife) I did what I do best, engineer a solution.

Putting my RPi Model B to good use (It’s not really up to much these days). Let’s run Raspbian Lite and SANE, then wait for scanner requests on the network. This How-to should work on any Linux computer with a USB and Ethernet port.

Read more ›

Tagged with: , , , ,

Triple Monitor Gaming with Nvidia Graphics on Linux

I’ve been gaming exclusivity on Arch Linux for some time now, but one thing that I have been longing for is Triple Monitor Gaming that our M$ Windows counterparts have been enjoying for some time now. I have an Nvidia GTX 760 in my rig (yes I know out dated at this point but still is no slouch) which supports quad displays just fine on Linux – I currently have 3 displays connected; however Nvidia does not “supportStereoscopic Surround on Linux (shame on them).

Today I finally figured out how to make this work. I was actually trying to fix another graphics issue (games opening on wrong monitor) and came across Jakejw93 youtube video on how to enable gaming across all 3 monitors.

Read more ›

Tagged with: , , , , , ,

Woman dumps rare Apple I worth $200,000 at recycling center

Yea Apple isn’t open source or open hardware. However this piece of tech history would defiantly put my Intel 386 Tandy to shame…

A Bay Area recycling center is attempting to track down an unidentified woman who dropped off a 1976-model Apple I in April, after the computer sold to a private collector for $200,000 this month. This woman obviously didn’t know what she had!!!

Apple I


Read more at Apple Insider here.

I Just Installed Windows Mint…. Wait What?!

My Sunday afternoon was spent installing Windows… wait… Linux… oh I don’t know at this point. It’s stable as hell but looks like most peoples desktop. I’ll call this mashup: Windows Mint. OK, you caught me. I did not install windows at all. Instead I wanted to see how close I could get Linux Mint to look like Windows, and I think I did a pretty damn good job. I started with Linux Mint 17.1 Cinnamon as a base install and went from there. This shows is the massive customizability of the Linux Operating System, with little effort.

Read more ›

Command fu: a function to find the fastest free DNS server

timeDNS() { parallel -j0 –tag dig @{} “$*” ::: | grep Query | sort -nk5; }


Tagged with: , , ,

Runs Linux: Scientists Use Ubuntu to Interpret Hubble Telescope Data – Softpedia

A new documentary about the Hubble space telescope was just released on Nova, and a Reddit user pointed out that one of the scientists was using Linux to manage the data provided by the telescope.

Read more at Softpedia:

Tagged with: , , , ,

Security Audit Of TrueCrypt Doesn’t Find Any Backdoors — But What Will Happen To TrueCrypt?

The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.

That doesn’t mean Truecrypt is perfect. The auditors did find a few glitches and some incautious programming — leading to a couple of issues that could, in the right circumstances, cause Truecrypt to give less assurance than we’d like it to.

For example: the most significant issue in the Truecrypt report is a finding related to the Windows version of Truecrypt’s random number generator (RNG), which is responsible for generating the keys that encrypt Truecrypt volumes. This is an important piece of code, since a predictable RNG can spell disaster for the security of everything else in the system.


Read the full story on techDirt.