I dont like advertisements… PI-Hole for Smartphones!

Well… I recently bought some PS3s because they’re cheap and the last console-generation (to my knowledge) that is (comparatively) easy to jailbreak. But thats another story. Its just the reason that made me do the things i want to tell now. I started youtube on my PS3 and… got advertisements.

Disclaimer on the beginning: I didnt manage to completely block youtube-ads with Pihole, so if thats your goal: dont bother reading further.

As i was trying to block youtube, i noticed its pretty effective against mobile advertisements on my phone.

There were several problems: The PI was only running behind a NAT in my LAN, and my phone isnt rooted so i couldnt set DNS-Resolvers globaly.

The first problem was resolved by me remembering a virtual server i have rented, and installing pihole there:

51.38.191.141

On that IP i am running the pihole now. After solving that problem, i quickly noticed another problem: PiHole doesnt seem to be able to block malicious clients, so i nearly instantaneously got traffic from two clients demanding IPs for “.” and “sl”.

I blocked them manually and havent got any problems with it so far, and i am unsure if it was just stupidity or malicious. Whatever – manually blocking ips doesnt scale well so i am happy that there were only two.

The second problem i had was, as mentioned above, that my phone isnt rooted and i couldnt simply change my DNS-Resolvers globally. I got around that problem by finding… an APP (who would have guessed).

The Problem is that i wanted to use pihole for more privacy and to use just the first that changes dns-servers isnt the best idea, probably as its possible for those to get quite some insight in my surfing (and app) habbits.

In the end i found the DNSChanger for IPv4/IPv6 Open source and ad-free (quite a name) from Frostnerd (https://play.google.com/store/apps/details?id=com.frostnerd.dnschanger&hl=en&gl=US) that seems to be what it sais.

At least its open-source and adfree, and i had a (very) short glance into the code and it wasnt obviously harmfull.

The technique is quite interesting:

The app opens a (local) vpn and tunnels the traffic through that (locally) to change the DNS for all traffic. Quite elegant to circumvent the rooting-need. (Lets be honest: The only reason you cant just change your DNS is because of phone-advertisements, BUT in many regions VPNs are needed to not be hanged for watching porn or being gay while on your phone, so even the advertising-industry (google) left this loophole to get every bit of traffic through.)

Now i have an ad-free phone. I wonder how long (see the unanticipated problem) pihole will be running.

P.S.: Of course you can use my PI-Hole if you want – as long as its there. 😉

Unlocking enrypted Server – Remotely via SSH

Well… the headline said everything, basically…

I had problems with my server and had to drive to it to unlock it, after a power-failure.

That was annoying, so i followed this guide (https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/) to be able to unlock it!

Works like a charme. The only downside is that the signature of the server changes so i have to clean the known-host line every reboot.

Apart from that its quite nice.

After connecting you simply have to type

cryptroot-unlock

and then your password.

Docker – First steps and basic commands

As i have to use docker, i decided to write this (mostly for myself) to be able to look up useful docker things.

I got them from https://docker-curriculum.com/ – so visit there for more details!

Definitions:

Images: The blueprint and environment for containers

Containers: Are created from images with run and are the processes of the images (so to speak)

Commands:

#install container
docker pull $containername

#run container
docker run $container
docker run -d $container #detached
docker run -P $container #attach internal ports to random (outside) ports

##mostly used:
docker run -d -P --name $customname $container

#run container with terminal
docker run -it $container sh

#show containers
docker ps -a

#show used ports
docker port $customname

#stop containers
docker stop $customname #or container id

#delete exited containers (caution)
docker container prune

#show local images
docker images

Simple one-liner to generate secure passwords in linux

I recently checked my firefox-account and my logins and passwords.

Bad idea…

I noticed that i use pretty weak passwords in general, but i dont want to use a password-manager (anymore).

So… i wrote a simple line to get me random characters from /dev/random and put it into my .bashrc.

Here it is:

echo \ && head -c 100 /dev/urandom | tr -cd '[:alnum:]' | head -c 18 && echo \ && echo \ 

The echos at the beginning and end are for line-breaks to make the output more distinguishable from the rest in the terminal. head gives you the first (in this case) 100 characters from /dev/random, tr filters them, and the next head gives you a nice alphanumerical password of the length 18. its unlikely to not get at least 18 alphanum characters out of 100 random ones, so it works. you can tweak the length yourself, but remember to make the input (100) longer if you change your output-length!

After that i put it into my .bashrc to be able to run it from my terminal anytime. An easy way to do that is:

echo "alias passgen='echo \ && head -c 100 /dev/urandom | tr -cd '[:alnum:]' | head -c 18 && echo \ && echo \ '" >> .bashrc

Now i am able to just type “passgen” into my terminal and i get 18 random characters for me to use!

Quite nice.

vnstat is good

not long ago i was surfing on my notebook while outdoors (yes, in winter, i am a little bit insane on that regard – like him… https://stallman.org/favorite-photos.html ) and suddenly my mobile data was used up (that happens in germany because its really expensive – about 5€ a month per 1 GB data -so we generally dont have much data) and i couldnt surf anymore… if i had known, would have surfed less. the problem is that my provider only lets me check my data in the browser and books the traffic for that (about 2MB every time) from my available data…

so i had an idea:

I am using vnstat (https://wiki.archlinux.org/index.php/vnStat) for years now on my server(s).

Why not on my notebook?

I have to say: its working flawlessly and as long i only use my mobile-data-stick with my notebook it should be accurate…

TL/DR: Use vnstat – it is very good! Not only on your server but also on your mobile devices 😉

X-forwarding with XPRA

I have a server, as some maybe know. I am using mosh for ssh connections, and as a “normal” admin i was using vnc for remote graphical connections.

The problem: Its shit.

Maybe i was using it wrong all those years, but my client informed me quite often that an 8 character password was the best the server could do.

However – i was running a graphical programm for quite some time, when i was notified that i was disconnected because of too many connection attempts.

I had to kill the vnc-server and the running programm with it – and restart it.

Apparantly i am on some kind of list now, because i had too many failed attempts again, a short while later.

Thats when i thought about ssh with x forwarding.

Problem: The program stops when the pipe is broken.

Solution: Xpra ( https://xpra.org/ )

Its a program to forward an X-Display and you can detach and reattach whenever you want.

From the site:

xpra start ssh:SERVERHOSTNAME --start=xterm

To start a terminal (for test purposes, but you can start firefox as well, if you want)

xpra attach ssh:serverhostname

To reattach a running window.

Quite handy!

SSHFS – a useful tool

I got my NAS up and running.

To use the files remote (via internet) as if they were on my computer, i discovered a nice tool for mounting the filesystem via terminal and ssh, so no extra configuration is needed.

Here is the link to a wiki-page:

https://wiki.archlinux.org/index.php/SSHFS

And here is my line:

sshfs -o reconnect -o sshfs_sync $myserver:/path/to/mount /local/mountpoint

The reconnect option is useful if the internet isnt THAT stable ( or youre changing locations, for example when using a notebook) and sshfs_sync enables write-sync, so that the progressbar while copying is showing whats really already written, and its not put into some buffer or something and synced in the background. For using it over the internet with my notebook its useful, because you can tell if its already done, and know whats left to copy.

So… Nice tool!

How to use aurutils

I dont want to search for my own post just to go to reddit and hope, so:

Search for packages:

aur search $yourpackagename

Install Packages:

aur sync $yourpackagename
sudo pacman -S $yourpackagename

Updating aur:

aur sync -u
sudo pacman -Syu (Updates all packages)

Easy enough… So far…

Setting up Archlinux: aurutils

As i want to have “all” the packages for arch, i want to use the aur-repos with the user-maintained packages.

it is discouraged to use a utility for that because one should be able to fix and edit problems with those packages by themselves should some arise.

but… i am really lazy and after using gentoo (and after that arch) for some years, i think i will be able to at least google fo a solution.

having said that: aurutils…

i had to install them manually, obviosly, as i didnt have aurutils to install packages from aur.

Here is a guide for manual installation: https://wiki.archlinux.org/index.php/Arch_User_Repository#Installing_and_upgrading_packages

I used the following site to configure aurutils: https://gist.github.com/geosharma/afe1ea9ebe58cb67aaaba62a0d47bc7a

Some guidence on how to use aurutils may be found at https://www.reddit.com/r/archlinux/comments/bf4rvm/aurutils_guidance/ .

After that it worked and i could easily install packages from aur, without manually installing them via git.