Tunnel browser traffic through ssh with limited network access
November 6, 2017
I go to conferences and meetups quite a lot, and one thing I always encounter on those trips, is bad wifi or internet access. The “public” networks made available to visitors often limit network access to http(s) and e-mail. This means for instance that I can’t use my XMPP/Jabber chat. A second problem with those networks is that my e-mail provider blocks e-mail access because they think I’m in an unknown location and I’m an intruder. The third problem is that there often are other people snooping around on the network trying to see what they can intercept. This is how I solve those problems for myself:
I use TorBrowser to set up a connection to the Tor network. This works on those limited networks, because Tor can connect over http(s). Tor also starts a SOCKS5 proxy on port 9150 on my computer (it does that by default), which I can use to tunnel traffic trough the Tor network. This would already solve most of my problems, except that my email provider doesn’t trust Tor, and won’t let me connect over the Tor network. We need to go deeper.
Another solution would be to use SSH with its -D option to setup a connection to my VPS (which my email provider trusts) and again, make a SOCKS5 proxy available to my local system to connect to the internet over that SSH connection. That, however, doesn’t work because those public wifi networks don’t allow SSH connections. Let’s combine this with the TorBrowser step: I setup SSH to use the proxy that TorBrowser started by putting this in my ~/.ssh/config file:
ProxyCommand /usr/bin/nc -x 127.0.0.1:9150 %h %p
Then, I use ssh over that proxy and let it expose another proxy, to which I can connect my email client:
ssh -D 9999 user@server
Now I can make all my apps (e-mail, XMPP/Jabber, etc…) use the SOCKS5 proxy on port 9999 to connect to the internet. They will appear to connect from my VPS, but actually, they’re going over SSH, which runs over Tor. It’s tricky, but it fixes my problem!
Enjoy it!
Mac OSX quick development setup
June 29, 2015
I recently changed jobs, and I thought it would be a time-saver in the future if i’d write down some quick instructions to setup my mac.
first step: install a decent browser
I use firefox. At the same time i installed some of my favorite plugins: Vimperator, JSONView, HTTPS Everywhere, Privacy Badger, Ghostery, Disconnect, Adblock Plus
install a decent terminal
I use iTerm2 all the time, it’s epic. Don’t forget to set the fullscreen mode to classic.
With a decent terminal in place, let’s get some of the things we need:
Install Homebrew
Run these commands to install some basic tools:
brew update
brew install ack chicken cowsay ctags ffmpeg git gpg guile newsbeuter node pandoc pass screen sl stow the_silver_searcher tig trash tree vim wget z
install dot files
Clone dot files from dotfiles repo on bitbucket and install them using stow.
install virtualbox & vagrant
Install virtualbox & vagrant
configure some stuff
- mails
- git
- dropbox?
That’s about it, set up in 1 hour!
Readline support in the GNU Guile REPL
February 6, 2015
As you all know, Scheme is epic, and guile is a really nice environment for scheme programming. What bothered me for some time was that the REPL (read-eval-print-loop) lacked readline support. After some digging around in the official guile documentation I found a really simpel way to activate it. Guile is actually compiled with readline support, you just have to enable it manually due to licencing problems.
just issue these commands at the REPL:
(use-modules (ice-9 readline))
(activate-readline)
I’ve gone one step further, and created a .guile config file in my home directory, containing those two lines. That enables readline automatically, every time i start the REPL. Nice!
Toon
Manipulate image files from the cli using sips
October 10, 2014
If you’re on Mac OSX, you have a really nifty cli tool at your disposal: sips. It uses OSX core image processing capabilities, and makes them available for shell scripting or batch image manipulation. Rejoice!
This would be a basic example:
sips -Z 200x200 image.jpg
To resize image.jpg to be 200×200 pixels.
For more info, check
man sips
Have fun!
Move commits on master to a new branch
December 22, 2013
This is a problem that i encounter sometimes: I’ve committed on the master or dev branch when in fact i wanted to do those commits on a feature branch like feature-foobar. Let’s fix that.
Important: don’t do this when you’ve already pushed your commits to a remote.
- Checkout the branch in which you made the commits to be moved. e.g.:
git checkout master - Create and checkout the feature branch where you wanted the commits to be in te first place. e.g.:
git checkout -b feature-foobar - Checkout the main branch again. (See 1).
- Reset this branch a number of commits (use
git log --decorate) to see how many commits you want gone from the main branch and moved to the new one. Use this number in the reset command. In my case, i want 5 commits moved:git reset HEAD~5
And that’s it really. Simple as that!
IMAP email debugging
November 21, 2013
Isn’t it a problem when you have to debug a problem with emails in an existing project? You never know if they are sent and to whom? I just found out that python has an awesome IMAP debugger built in! Just set your project to use these email settings:
IMAP host: localhost
IMAP port: 1025
IMAP user: {leave empty}
IMAP password: {leave empty}
Then you run this in your terminal:
python -m smtpd -n -c DebuggingServer localhost:1025
You’ll now see every mail that’s sent from your application displayed in your terminal!
That’s it… Have fun debugging
PSR coding standards
October 26, 2013
I think cross-project, language wide coding standards like PSR are great. It makes reading or writing code from other projects easy. And since PSR is so widely adopted in the PHP programming scene, it’s a really good coding standard to adopt. When studying it, though, I came across two things that I really dislike in their standard. They both apply to PSR-2.
The eternal Spaces vs. Tabs debate
Indents are a really personal thing. Some people find 4 spaces a good indentation width, others prefer 2 spaces, even others prefer 8. That’s why tabs are so awesome, every good editor allows you to set your own tab width, so that your indentation is perfect for you in your editor, and perfect for somebody else in his or her editor of choice. Now, i’m really talking about indentation, not alignment. Allignment SHOULD be done using spaces. Things will still align, even if the tab with is changed. This is perfect in every case.
An example. . are spaces, and thus fixed width spacing. - stands for one space width inside a tab in a certain editor.
One tab is 2 spaces wide
/**
.*.This.is.an.example.class
.*/
class.ClassName {
--/**
--.*.The.fooBar.method,.takes.two.arguments
--.*
--.*.@param.string..............$argument1.......The.first.argument
--.*.@param.string[optional]....$argument2.......The.second.argument
--.*/
--public.function.fooBar($argument1,.$argument2.=.null).{
----if.($argument1.===.$argument2).{
------//.Return.Foo
----}
----else.{
------//.Return.Bar
----}
--}
}
One tab is 4 spaces wide
/**
.*.This.is.an.example.class
.*/
class.ClassName.{
----/**
----.*.The.fooBar.method,.takes.two.arguments
----.*
----.*.@param.string..............$argument1.......The.first.argument
----.*.@param.string[optional]....$argument2.......The.second.argument
----.*/
----public.function.fooBar($argument1,.$argument2.=.null).{
--------if.($argument1.===.$argument2).{
------------//.Return.Foo
--------}
--------else.{
------------//.Return.Bar
--------}
----}
}
As you can see in these two examples, things keep aligning perfectly, everyone gets to use their own prefered indentation width, *and* your git history is as clean as using only spaces. When used consistently this method has all the upsides of the PSR-2 “only spaces” rule, and none of the downsides.
Curly brackets
PSR is not really consistent in this case. Control structures like if, elseif, switch, for and while must have their opening brackets on the same line, while functions, methods and classes must have their opening brackets on the next line.
I think it would be more consistent if control structures, functions, methods and classes would all have the same notation with brackets on the same line, like in this example:
<?php
namespace Vendor\Package;
class ClassName {
public function fooBar($argument1, $argument2 = null) {
if ($argument1 === $argument2) {
// Return Foo
}
else {
// Return Bar
}
}
}
Also notice in the above example that every closing bracket is on its own line, unlike the PSR-2 standard way of putting the if closing bracket on the same line as the else statement, like this:
if ($argument1 === $argument2) {
// Return Foo
} else {
// Return Bar
}
I think this is inconsistent, and doesn’t help for readability.
That’s all…
How to set default screen resolution in Crunchbang GNU/Linux (#!)
September 16, 2013
1. Check your screen name
Open a terminal and type this command:
xrandr
You’ll get a list of available screen sizes, along with the name of your screen. In my case, that’s default.
2. Run xrandr as an OpenBox startup command
Open the ~/.config/openbox/autostart file, and add this line:
xrandr --output {screen name} --mode {window size} &
e.g.:
xrandr --output default --mode 1280x800 &
That’s it! OpenBox will now use your desired screen resolution at startup.
Track your dotfiles and homedir configurations in git using GNU Stow
September 12, 2013
I recently discovered the awesome GNU Stow application (works on unix-like systems like GNU/Linux or Mac OSX). Stow is a symlink manager, that allows you to easily deploy and remove files to or from a directory.
Setup
Let’s say you have some configuration files in your home directory (eg: .bashrc, .vimrc and a config directory .vim) and you want to have them in git to be able to track your changes and such. It’s not a really good idea to make your whole home directory a git repo. That’s where Stow comes in. Just create a configuration directory, for instance ‘dotfiles’, and create a subdirectory for every app you have configs for. Then place the appropriate files into the right subdirectory, like this:
/home
/{user}
/dotfiles
/vim
.vimrc
/.vim
...
/bash
.bashrc
You can now make the dotfiles directory a git repository, and keep your dotfiles safe in git. But they’re not yet in the right place, so we’ll ask our symlink manager to fix that for us.
Create symlinks
cdto the dotfiles directory- You can make Stow symlink the files to your homedir like so:
stow {package}
where you replace {package} with the name of the subdirectory you created earlier. - If you now want to remove a certain package’s config files, just do this:
stow --delete {package}
How to install Stow
On Mac OSX
Use Homebrew:
brew install stow
On GNU/Linux
Install stow using your favorite package manager, e.g.:
apt-get install stow
That’s it!
Access the internet from a server without outbound internet access
September 9, 2013
Important
- This procedure assumes that you’re running a debian based OS, on your local machine. It might work from MacOSX too, possibly using Homebrew to install Privoxy, and from Windows, using the .exe installer for Privoxy and a *nix-like terminal like Mingw or Git Bash.
- The server OS needs to be unix based for this to work, and you’ll need root access over SSH.
- We will not have to install anything on the server.
How this works
To allow the server to access the internet, we’ll tunnel the server’s internet traffic through our local computer. To do this, we’ll need to run a simple proxy on our own computer. This proxy usually listens only for local connections. We’ll then port-forward the local port to a port on the server. From the server’s point of view, it then looks as if a proxy server is available on a local port. We can then tunnel certain server’s application’s traffic through that proxy.
Setting up the proxy over SSH
Install Privoxy proxy server and run it
On your local machine
sudo apt-get install privoxy
sudo service restart privoxy
Privoxy should now be running and accepting connections from localhost only, on port 8118.
Log in to the server over ssh and port-forward the privoxy port (8118) over that connection
ssh -R 8118:localhost:8118 root@{server}
This makes the server open port 8118 for connections, which will be forwarded to port 8118 on your local machine, on which privoxy will be listening. Privoxy will then handle the request.
Forwarding traffic over the Proxy
APT
Create or edit the /etc/apt/apt.conf file to set proxy settings for APT
On the server:
vim /etc/apt/apt.conf
Insert this line:
Acquire::http::Proxy "http://127.0.0.1:8118";
At this point, apt will work over the proxy.
The problem now is that we can’t resolve DNS requests over the proxy (We can’t use a SOCKS5 proxy because apt doesn’t work with SOCKS5 out of the box). To solve that problem we’ll edit the /etc/hosts file to contain the repository record.
On the server:
vim /etc/hosts
Insert this line (replace the x’s with the actual ip):
{xx.xx.xx.xx} archive.debian.org
If you don’t know how to get the ip address for archive.debian.org
On your local machine:
nslookup archive.debian.org
Now you should be able to use apt to update or install packages.
Example:
apt-get install git
Other programs
If you want to use the proxy for other programs on the server, like wget or git use this:
http_proxy=127.0.0.1:8118 {command}
This way you’re setting the proxy as an environment variable, while running the command {command}. Most (well-written) command line software will use that variable, but sometimes this won’t work.
Example:
http_proxy=127.0.0.1:8118 wget github.com
That’s it!
Toon's UNIX recipes and nasty computer thoughts 