GPS and Raspberry Pi

12 January 2016

I ordered a 56 Channel GPS Receiver (GP-20U7) from hobbytronics. The GPS is made by SparkFun, its tiny as you can see below. So far it is working well and was easy to get working.

gps module

Cable things up

I guessed the pinout from the datasheet. Nothing exploded.

RPI -- GPS
GND -> GND
RX  -> TX
3V  -> VCC

Unbind serial

The RPI comes with the serial pins bound to a TTY terminal. This lets you plug it into a USB-TTL cable and use screen to control the PI. To use the PI with a device that uses serial to talk you need to unbind it first.

  • Remove console=ttyAMA0,115200 from /boot/cmdline.txt
  • Remove T0:23:respawn:/sbin/getty -L ttyAMA0 115200 vt100 from /etc/inittab
  • Reboot.

Test and go

Check its working with screen, you'll see the raw NMEA-0183 protocol:

sudo screen /dev/ttyAMA0 9600

Install and start gpsd:

sudo apt-get install gpsd gpsd-clients 
sudo gpsd /dev/ttyAMA0 -F /var/run/gpsd.sock

Use either cgps -s for CLI, or xgps for a GUI.

XGPS cgps

It took a good 15min for the first boot to get all the data. This is normal. After it was able to keep a solid lock inside next to a window.


Laptop Gets its first set of stickers

09 January 2016

After a friend came back from CCC, he gave me a few stickers. Also my wife got me a wonderful giant 'root' sticker for my birthday last year.

There is more than enough space for stickers which I hope to amass from FOSDEM later in the Month.

ThinkPad T450s with stickers

Click to get more pixels


Sublime Text Customisation

08 January 2016

Here are a list of some plugins I like to use with Sublime Text, you can install the Package Manager from: https://packagecontrol.io/installation

I do a lot of markdown editing and pandoc converting. e.g. Markdown to PDF, which first converts it to LaTeX so it looks pretty good.

Plugins

  • Pandoc: Converts markdown into, HTML5, PDF, and Word Documents.
  • Word Count: Displays a word count in the status bar, I like to enable the enable_readtime setting to give me an indication of how long my text will take to read.
  • LaTeX Tools: When I'm working with LaTeX, LaTeXTools provides good enough features for me without getting in my way.
  • SublimeLinter: A framework for linting code. I combine it with the write-good library to lint my English.

Style

Normally I modify the Monokai theme to include some Markdown highlighting found here.

Recently found a theme called 'Markdown Light' which has some really good styles, aside from changing the background colour.


Vagrant with KVM for development

07 January 2016

Vagrant allows for quick deployment of virtual machines for development use. It allows you to provision software, forward ports, and share development environments between people are computers.

First install vagrant and the KVM (libvirtd) provider.

sudo apt-get install vagrant
sudo apt-get install libxslt-dev libxml2-dev libvirt-dev zlib1g-dev
vagrant plugin install vagrant-libvirt

Then create a vagrant configuration file (Vagrantfile), which specifies the image to use. Vagrant calls images Boxes, and they are found over at hashicorp. Make sure that you choose a libvirt image, and not the default VMware.

Vagrant.configure(2) do |config|
  config.vm.box = "naelyn/ubuntu-trusty64-libvirt"

  config.vm.network "forwarded_port", guest: 8001, host: 8001
  config.vm.network "forwarded_port", guest: 8000, host: 8000

  config.vm.provision "shell", path: "install.sh"
end

This config will spin up a Ubuntu based image with two ports forwarded and execute the install script when it is first created. To re-run the provisioning script (install.sh) simply call vagrant provision.

The install file is project specific, and in this case it updates the package manager and installs node and PostgreSQL. It then changes to the shared folder and installs all the dependencies for the node project. Contents of install.sh:

sudo apt-get update
sudo apt-get install -y nodejs npm postgresql
sudo ln -s $(which nodejs) /usr/bin/node 
cd /vagrant 
npm install 

/vagrant is mapped to the relative path of where the Vagrantfile is stored. This is normally stored in the git repository for the project. You will need to run vagrant rsync-auto to sync the changes between the VM and the host.

And that's it Vagrant in a nutshell. All that's left to do is start the VM:

vagrant up

It will update and install the software as specified in the install script.

vagrant ssh

PS. If you have not got KVM working...

apt-get install qemu-kvm libvirt-bin bridge-utils # Install KVM stuff
usermod -a -G libvirtd <user> # Add existing user to libvirtd group

Preventing Wi-Fi Access Point Spoofing

06 January 2016

To prevent an adversary from spoofing your wifi's access point. i.e Setup another router with the same name '_The Cloud' for example. Debian based systems which use NetwrokManger allow for whitelisting BSSIDs, the MAC address of the access point (ap)/router. Once you provide NetworkManager with a BSSID it will force the connection to use only that BSSID value. This can cause issues with roaming though.

You can do this in two ways, nm-applet or nmcli.

In nm-applet select the connection, and open the edit connection dialog. Enter the BSSID of the ap in the BSSID field and hit save.

nm-applet edit connectionn

For nmcli run the command below:

 nmcli connection modify The-Pump-House  +802-11-wireless.bssid <BSSID>

nmcli has a complex syntax but is very useful.

If you'd like such things for your Android device have a look at Wi-Fi Privacy Police it is available on Google Play and F-Droid source over at GitHub the developers have published a few papers on the subject.


hstr - Alternative ctrl+r in bash

05 January 2016

Found out about this nice little tool which upgrades bash and zsh's history searching.

HSTR Working

You can optionally configure it by:

hh --show-configuration >> ~/.bashrc

It appears to add the above defaults to your bashrc without your consent. I installed it by adding the developers repository to apt-get as advised. It also apears to only have monochromatic or hicolor settings, I'd like it more if I could configure each colour option.


Identify which port is USB3

04 January 2016

I wanted to plug in a USB3 device into my work machine. I did not know if it even had USB3 support. So I used lsusb to find out.

$ lsusb 
Bus 004 Device 006: ID 0bda:2838 Realtek Semiconductor Corp. RTL2838 DVB-T
Bus 004 Device 005: ID 413c:2003 Dell Computer Corp. Keyboard
Bus 004 Device 043: ID 046d:c077 Logitech, Inc. M105 Optical Mouse
Bus 004 Device 044: ID 18d1:4ee2 Google Inc. Nexus 4 (debug)
Bus 004 Device 003: ID 03f0:b707 Hewlett-Packard 
Bus 004 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 003: ID 0480:a00c Toshiba America Inc 
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 003: ID 0424:2514 Standard Microsystems Corp. USB 2.0 Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

From this I was able to workout that it had some USB 2 and one USB 3.

Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub

But how do I know where that is on my computer, and how do I know once I've plugged it?

lsusb -t gave me the answer.

$ lsusb -t
/:  Bus 04.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/2p, 480M
    |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/8p, 480M
    |__ Port 1: Dev 3, If 0, Class=Mass Storage, Driver=usb-storage, 480M
    |__ Port 2: Dev 44, If 0, Class=Vendor Specific Class, Driver=, 480M
    |__ Port 2: Dev 44, If 1, Class=Vendor Specific Class, Driver=, 480M
    |__ Port 3: Dev 43, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
    |__ Port 6: Dev 5, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M
    |__ Port 7: Dev 6, If 0, Class=Vendor Specific Class, Driver=usbfs, 480M
    |__ Port 7: Dev 6, If 1, Class=Vendor Specific Class, Driver=, 480M
/:  Bus 03.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/2p, 480M
    |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/6p, 480M
/:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 5000M
    |__ Port 2: Dev 3, If 0, Class=Mass Storage, Driver=usb-storage, 5000M
/:  Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 480M
    |__ Port 1: Dev 3, If 0, Class=Hub, Driver=hub/4p, 480M

It prints it out information about USB devices in a tree format, showing which hub devices are plugged in and to what hub. 5000M means USB3 and 480M is USB2.

/:  Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 5000M
    |__ Port 2: Dev 3, If 0, Class=Mass Storage, Driver=usb-storage, 5000M

As you can see the Mass Storage is plugged into the USB3 port, yaay.

P.S It turns out that the port has a 'SS' written on the outside which means USB3 >.>


cpio - copy files to and from archives

03 January 2016

I found this command when I picked up Unix in Easy Steps Went to page 40~ and saw how to make backups. Thought "pfft they will just use tar". And there it was cpio, never head of it before. Book said that its commonly used to create archives, madness.

ls | cpio -ov > directory.cpio

Stick all the files in the current directory into an archive directory.cpio. -o creates and -v verbose.

Extracting an archive requires a bit more thought because cpio will not create directories by default. Another characteristic, is it will not overwrite existing files unless you tell it to.

cpio -iv < directory.cpio

This will retrieve the files archived in the file directory.cpio and place them in the present directory. The -i option extracts the archive and the -v shows the file names as they are extracted. If you are dealing with an archived directory tree, you need to use the -d option to create directories as necessary, something like:

cpio -idv < tree.cpio

This will take the contents of the archive tree.cpio and extract it to the current directory. If you try to extract the files on top of files of the same name that already exist (and have the same or later modification time) cpio will not extract the file unless told to do so by the -u option.

https://www.gnu.org/software/cpio/manual/html_node/index.html


Duplicity and Hubic

02 January 2016

Install the dependencies (See note at end).

sudo apt-get install duplicity 
sudo pip install pyrax

Create a ~/.hubic_credentials with the format below. Get the client ID and secret from the Hubic website under 'My Account -> Developers', add an application with a descriptive name and set the redirect domain to 'http://localhost/.

[hubic] 
email = <hubicemailaddress>
password = <hubicpassword>
client_id = <hubicclientid> 
client_secret = <hubicclientsecret>
redirect_uri = http://localhost/

You should now be able to use duplicity to backup to the Hubic storage.

duplicity --no-encryption Some/Local/File cf+hubic://remote_huic_location

~~NOTE: Maybe you need the hubic library installed https://hubic.com/en/downloads~~ Works with out the hubic library.


Part One - Fresh Install

01 January 2016

This is the first part in my documentation series about managing a Debain server for fun and profit.

Install some packages

apt-get install vim htop fail2ban ufw nginx git jekyll logwatch apticron ntp screen weechat stow vnstat vnstati sudo

Add user

useradd osaka
usermod -a -G sudo osaka

Select the correct time zone:

dpkg-reconfigure tzdata

Make sure the time is correct:

service ntp stop
ntpd -gq
service ntp start

Setup exim to send emails, for status reporting etc.

dpkg-reconfigure exim4-config

Select 'internet site' and keep defaults, enter your domain when asked. Alias the root account to your external email address. It could also be the new user you just created.

echo "root: user@example.com" >> /etc/aliases

Setup firewall

ufw allow 22/tcp
ufw allow 80/tcp 
ufw allow 443/tcp

Force key based ssh authentication:

PubkeyAuthentication yes
ChallengeResponseAuthentication no 
PasswordAuthentication no        

Setup auto update by uncommenting the below in /etc/apt/apt.conf.d/50unattended-upgrades this will auto update stable, stable-updates, proposed-updates as well as Debian-Security:

"o=Debian,a=stable";
"o=Debian,a=stable-updates";
"o=Debian,a=proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian-Security";

Reconfigure unattended-upgrades and select yes. This will create the file /etc/apt/apt.conf.d/20auto-upgrades, which lets apt know that it should update.

dpkg-reconfigure -plow unattended-upgrades

Setup some websites:

git clone ... /home/osaka/sites/$SITE
jekyl build
ln -s /home/osaka/stites/$SITE/public_html /var/www/$SITE

Craft an NGINX config file, a bit like this:

server {
        listen       443 ssl;
        server_name  nationpigeon.com;

        ssl_certificate /etc/letsencrypt/live/nationpigeon.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/nationpigeon.com/privkey.pem;

        location / {
                root   /var/www/nationpigeon.com;
                index  index.html;
        }

        error_page 404 /404.html;

        location = /404.html {
                root  /var/www/nationpigeon.com;
        }

}

Then enable the site:

ln -s /etc/nginx/sites-avilable/$SITE /etc/nginx/sites-enabled/$SITE

Generate some SSL certs:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
service nginx stop
./letsencrypt-auto certonly --standalone -d nationpigeon.com -d www.nationpigeon.com

In the second part of this series I will cron the renewal of the certs. For now there is a helpful service which will notify you when your cert will expire via email. https://certificatemonitor.org