Category: Howto

Installing Dual-boot Linux on Asus Chromebook Flip C302

asus flip c302[YO! In case you didn’t know, installing a new OS on any computer is always risky. You are likely to lose all your data, brick your Flip, and suffer grievous injury if you follow the steps below.]

I’ve been a big fan of the Flip line of Chromebooks from Asus. It started with the absolutely fun 10.1″, which was a goddess-send on cramped flights (hello, Spirit?). I moved on to the C301, a plasticky thing that was all standard Chromebook and not as much fun. But once I saw the almost identically named C302. an all-aluminum unibody beauty, I knew I needed one.

On the other Flips, I installed Crouton. That’s software that allows you to run Linux on top of ChromeOS. That’s very useful: ChromeOS is great for media consumption and online work, but it lacks in everything else I want from a laptop. You can’t program, you can’t use software that isn’t available online, etc. Crouton allows you to do all that and then some and I loved it. 

Still, I run Linux natively on all my computers and it was a pain to deal with the limitations of an add-on. Cron jobs wouldn’t work, init scripts weren’t run, and whenever something didn’t work as expected, the first task was always to figure out if it was a problem with the environment or with my code. I wanted real Linux, not just an emulation. But I wanted to be able to continue using ChromeOS because Google is powerful enough to force media companies to run their stuff on its platform.

Dual-boot it had to be. Fortunately, since installing on the C301, the options for Linux installation have vastly improved and gotten more stable, easy-to-use, and reliable. Also, the first Linux distributions specifically meant for Chromebooks have appeared and sounded quite awesome.

(more…)

SSL Certificates with Let’s Encrypt

You probably noticed a microscopic difference when accessing the site: suddenly, when you type in mrgazz.com, you get redirected to the secure site, https://www.mrgazz.com. Why, and how?

First the why: Google announced it was going to prioritize search results according to the security of the site. That makes a lot of sense: “secure” sites have a modicum of respectability and require extra work compared to plain HTTP sites. You have to set up a secure server, which means you have to do more than simply point a DNS name to an IP address. 

If you think it’s unfair that HTTP sites get downvoted, it’s an argument that makes sense. At the very least, sites that have been running on HTTP for years should not be suddenly penalized because someone else abuses HTTP. But Google does what Google wants, and frankly the number of search hits this site gets is not a hot priority.

Setting up SSL on a web server is not tragic. In essence, you need a server certificate, you install it according to the instructions of the server, and you set up a separate web server instance that responds to secure requests. It’s a bit of a pain, especially if you only have a single web site to transition, but it’s not a huge stumbling block.

First, getting the certificate. What’s that? It’s a document (file) that certifies that you are who you say you are. When you connect to www.mrgazz.com using SSL, the web server presents this certificate (the public version of it) to your client (the browser), and the browser verifies it. Technically, the browser has a list of trusted authorities that are allowed to certify my certificate, and if one of those authorities says I am good, then your browser agrees. 

Which also means that you have to get an authority to certify you. For the longest time, this meant you had to fill out a form and pay money for a certificate to be issued. Certificates would last a year or so, then you’d have to go and renew. This was a double pain point: on one side, a whole year is a lot of time and lots of mischief can happen during that period. Ideally, certificates should last shorter. On the other hand, if you forgot to buy your new certificate, all browsers that connected to your site would suddenly sound alarm bells and tell the user that your site was fishy. They would also generally make it really hard to connect.

Let’s Encrypt is a new project that has a completely different approach. Instead of making the web site owner fill out a form and make a payment, Let’s encrypt matches who you are and who you say you are by running software on the web server. You install the Let’s Encrypt client on the machine that runs the web server, then the software tries to connect to itself using the DNS name. If it succeeds, then it knows you are who you say you are. It then issues a certificate.

The most amazing thing about Let’s Encrypt is not the approach, no matter how amazing it is and how wonderful it is not to have to pay $10 a year. What’s really special is how easy it is to set up on the standard web servers on the Internet. If you run a latest-version Debian or Ubuntu, installing Let’s Encrypt is as simple as:

sudo apt-get install python-letsencrypt-<webserver>

[Note: until recently you had to download an archive and install manually, which I really, really, really didn’t like, because I had no idea what that package would so. Having a package file from the default repository makes me feel much better!]

Running the software for the first time is also completely braindead:

sudo letsencrypt --<webserver>

In my case (as in many), the webserver is apache:

sudo letsencrypt --apache

But letsencrypt comes in a variety of styles for the most common web servers on the Internet.

From the command prompt, you get into an interactive series of dialogs where you essentially confirm which ones of your available sites you want to convert to SSL, and whether you want to allow access to both HTTP and HTTPS or only to HTTPS.

Magically, letsencrypt will write new site rules to make your new SSL connection available. I tried it both with sites that had no SSL configuration at all, as well as this site, which ran a mix of secure and insecure sites, now all converted to secure. letsencrypt figured out how to change the configuration for both types and restarted everything, so that there was the absolute minimum downtime.

This is where I found the absolutely only downside of letsencrypt, and it’s really not its fault. You can access this site, like many web sites on the Internet, under both mrgazz.com and www.mrgazz.com. The former is what geeks call the domain name, while the latter is the server name. If you want to know the difference, you must educate yourself on the Domain Name System and the beauty of A records and CNAMES. That’s beyond the scope of this article. 

Suffice to say that letsencrypt refuses to generate certificates for domain names and will issue them only for server names. That means you cannot have https://mrgazz.com, because letsencrypt will not issue a certificate for that server.

You could go about it two ways, just as outlined in the dialog that letsencrypt presents: you could have https://www.mrgazz.com run independently of http://mrgazz.com. That is, users could connect to either independently. In that case, you don’t have to do anything. 

If instead you want all traffic to your site to go to the SSL version, you need to do a little extra configuration: in the Apache configuration file, you will see this section:

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mrgazz.com 
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

What this does is to take the requests sent to the insecure version and redirect them to the secure version. THe problem here is that it does so only for www.mrgazz.com, so you have to add mrgazz.com. Also, the rule redirects to SERVER_NAME, which would redirect to mrgazz.com. You need to change that, so that it always redirects to www.mrgazz.com. In the end, you get this section:

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mrgazz.com [OR] 
RewriteCond %{SERVER_NAME} =mrgazz.com 
RewriteRule ^ https://www.mrgazz.com%{REQUEST_URI} [END,QSA,R=permanent]

Notice the [OR} at the end of the line. Once you reboot the server, everything is just as you wanted.

Extra points:

  • letsencrypt configures your secure web server almost flawlessly. When you check the configuration from a security perspective, you get an A rating for security.
  • letsencrypt security certificates can run multiple web server names from a single web server. You can put as many secure sites as you want on your web server, letsencrypt will configure them all correctly.

Creating Pebble Apps: A Guide for the Novice (Like Me)

Great News! The intro I had written about smartwatches in general and why the Pebble is better than others is gone! Now more Pebble App Development tips!

Developing for Pebble is fun! No, really! It’s complicated, but it’s fun. It has lots of moving parts, but it’s fun!

I am going to skip the part where I tell you why you should develop for Pebble. Because it’s fun! And that’s all anyone needs to know, really.

The first decision to make is not easy: develop online or on your machine? CloudPebble or local SDK? The good news (more good news!) is that both give you essentially the same results. The difference is mainly one of trust and access. With CloudPebble, you have to have an Internet connection (access) and you have to trust Pebble with your code. With the local SDK, development works on Linux and iOS (not Windows) and you have to trust yourself with the installation.

I chose to go the SDK route, but if you are just trying things out, you should go for CloudPebble. It’s much easier, and you can do pretty much the same things there. If you do so, follow the instructions on CloudPebble. If you do the SDK, you’ll end up having more control, but will also need to get your hands dirty with the command line. You can, incidentally, still run the SDK if you are a Windows user. You just have to install Linux on your Windows machine, which is really easy. Pebble (and I) suggest that you do so by installing a virtual machine (think VirtualBox) on your Windows computer and run Linux on it.

(more…)

Automate Instant Messages with Pidgin and DBus

Despite being an overall fan of KDE, I always preferred the Gnome version of the Instant Messenger, Pidgin. It is really designed for ease of use, it is extensible with incredibly useful plugins, and is available on a ton of platforms. Also, it can be easily configured and you can synchronize the configuration files with no issues, even using OwnCloud or Dropbox.

No surprise then that I would use Pidgin to automate all sorts of tasks. I will send myself a message so I get notified on all my phones, using whatever mechanism I want to use. Pidgin comes with a plethora of protocol plugins. If you need something that isn’t on the list, you can also look for third-party plugins. And you can, of course, write your own. I am doing that as a side project to include small social networking sites that only use a web interface.

One of the advantages of Pidgin is that it is scriptable. You can either write scripts internally (using the plugin mechanism) or you can direct Pidgin from the outside. If you want to call Pidgin methods and make them do things, you use the universal DBus interface.

DBus is universal in that you don’t need a particular environment or programming language to make it work. In fact, DBus was born out of the desire to make different bus interfaces work together. KDE used to have DCOP (which frankly was far superior to DBus). Gnome, if I am not mistaken, used CORBA.

You can send DBus messages using a shell script, or from the command line. DBus comes with utilities that send messages to various interfaces, making it easy to script things.

In my case, I decided to use Python. The Python DBus interface is rock solid and stable, and the language fairly easy to use and parse. If you want to send a message to a DBus object, you simply invoke it.

(more…)

Turning a Fixed Width Site to Variable Width Using Web Technology

I love my Y50. The 4k screen resolution gives me both a chance to see a lot more on a single page and much better and crisper text if I want to see it normal size. The only downside? Software that assumes pixel sizes.

It doesn’t really matter what I am looking at: anything that comes with predefined pixels turns into a microscopic smudge. It’s completely impossible to realize what the buttons do in the Gimp, for instance. Checkboxes are so small, it’s virtually impossible to tell whether they are checked or not.

I can deal with everything else, though. The one thing that is an eternal pain is the web. In particular: sites that define their content in pixels.

User interface design has always been caught between two extremes: on one side, the desire to make everything predictable by forcing it to look exactly as it looks on the designer’s screen; on the other, the desire to make everything work universally on all screens. The former is epitomized by PDF and iOS; the latter by HTML and … the Web.

A PDF document is many things. Most importantly, though, it’s a blob that looks the same no matter where you are and how you look at it. The part where it looks the same everywhere is very useful in certain cases – like if you want to shuttle an official document around, or if you need to ensure that elements don’t get moved out of place.

(more…)

Speedtesting Your ISP, Command Line Version

I currently pay an obscene $66 for 25 MBit/sec Internet. On top of that, I had to pay a mandatory $99 equipment fee for an enormous modem, and another $99 fee for mandatory installation.

Just as I was done with my first year promotional price and things “reverted” to the “regular” price of $66, I received a message. I had been underbilled, apparently, but I was lucky and they were not going to backcharge me. But from now on, I had to pay the “regular” price of $74.50.

At the same time, performance of my Internet connection started getting really random. At times, things would load just fine. Most of the time, though, there were sudden hickups and slowdowns. For instance, I would get all tiles on a Google Maps page – but then the last five or ten or twenty wouldn’t load for minutes.

You may have heard of Speedtest.net. It’s been around forever, and it’s a fairly reliable indicator of Internet connection speed. It also collects information about Internet providers and gives you an idea of what everybody’s paying around you. It’s also getting a little heavy on the commercialization now, so I don’t know how long I would continue using it, since its utility is paired with the simplicity of the thing it does.

(more…)

Emergency Update

In case you were on here yesterday, for a brief period (a very long hour for me) the site was down. What happened? A confluence of things:

  • The main hard drive filled up with an ever-expanding collection of source code
  • I split said source code onto several machines, requiring a re-installation of the SCC software
  • I ended up with repositories incompatible with the old version of the SCCS
  • So I had to update the operating system
  • Which updated everything, making my configuration files pretty much unusable

Here is the skinny.

1. Filled Up Hard Drive

The first problem I encountered were yelps from the server itself: it sent me messages gasping for air, as all internals started dying because there was no room left. Temporary files would not write; log files and rotation would die; even cron jobs would shatter.

(more…)

Setting Up Kubuntu on a Lenovo Y50 – Data Immortality Edition

Lenovo Y50 FrontI am the lucky owner of a brand new Lenovo Y50. It’s a screaming fast machine, with a gorgeous screen (despite what naysayers complain about – mostly the yellows and the refresh rate). It’s meant for gamers, but a developer like me can like it, too. It’s just beautiful, and relatively lightweight, and did I mention it’s screaming fast?

But the big question was: How Do I Set It Up Most Efficiently?

“Most efficiently” in this context means: least time, best setup moving forward. I wanted to recreate my development desktop onto the laptop, which meant not just installing the OS and the software, but to also move configuration files and data.

It’s a problem I have been grappling with for a while: where should stuff live to be “immortal?” Where should it live to be easy to access? And where should it live not to be a burden?

(more…)

HOWTO: Redundant Data Backup in the Cloud for Linux

After the previous article explaining the principles behind this form of “safe” cloud backup, here a step-by-step tutorial on how to make it work. The software used and the commands issued are all for Ubuntu, but you should be able to translate them into any modern Linux variant. On the other hand, much of the infrastructure required works only on Linux.

1. Prerequisites

Aside from the obvious (a modern version of Linux), you will need a series of tools that don’t come installed standard. First the actual commands, then an explanation:

sudo apt-get install mdadm lvm2 cryptsetup-bin

We are installing three packages:

mdadm: the package to control RAID arrays. From the description: “tool to administer Linux MD arrays (software RAID) The mdadm utility can be used to create, manage, and monitor MD (multi-disk) arrays for software RAID or multipath I/O.”

lvm2: the package required for logical volume management, allowing us to resize after creation. “This is LVM2, the rewrite of The Linux Logical Volume Manager.  LVM supports enterprise level volume management of disk and disk subsystems by grouping arbitrary disks into volume groups. The total capacity of volume groups can be allocated to logical volumes, which are accessed as regular block devices.”

cryptsetup-bin: the package to encrypt the data. Technically, this is just a utility to manage the process, while the Linux kernel does the actual encryption, but to us it’s the same thing. “Cryptsetup provides an interface for configuring encryption on block devices (such as /home or swap partitions), using the Linux kernel device mapper target dm-crypt. It features integrated Linux Unified Key Setup (LUKS) support.”

(more…)

PRIMER: Redundant Data Backup in the Cloud for Linux

Here is my problem: when I travel, I want to have access to my most important documents (like my passport, or my drivers license, or the airline tickets, or a bunch of other things). I want to have access to those documents particularly if I lose my computer and the originals. Imagine I am in Fiji on a surf trip (I wish!) and my everything gets stolen while i conquer Cloudbreak. I come out, have nothing, and have nothing to prove that I once had something.

I could store documents online, of course. But then I have to deal with security issues. What if someone gains access while I am not watching? Can I trust the company that stores them to do so securely? What if the company runs out of business? What if a hacker locks me out of my account, and I have no way to get back access?

Also, once I come up with a system that stores my emergency documents safely and securely, what about non-emergency documents? Can I find a system that stores things securely and safely, but can be updated constantly? Is there a way to have files saved online that doesn’t jeopardize their integrity?

I figured out the way, and now I am replicating my sensitive documents online, trusting my experience and not any company’s promise. And this article is a howto on how you can do so, too.