Archive

Archive for the ‘technology’ Category

Secure Email?

October 1, 2017 1 comment

If you want to send confidential content via email you have to think about quite a few things. Its not enough to secure the channel you have to also secure the content. And when I say secure the channel, you have to hope it is, because while a lot of email endpoints or MTAs are now setup with optimistic TLS, some are not, and you won’t really know until you’ve been hacked.

And of course your metadata isn’t encrypted, and this might be as revealing as your content in some cases. DMARC, SPF, DKIM and so on will help, or you could run a scan with a tool like SSL labs on the domain, or some of the available mail test services against a known MTA, but that might be beyond some. As for mobile, things vary from OS to OS, version to version and so on.

PGP is still your friend here, but if you have your tinfoil hat on as well you might want to get away from some of the global multi-function services that have interests in aspects of your behaviour, your traffic patterns, email relationships and their attitudes to law enforcement requests. So, here is a quick, off the cuff comparison of a couple of services: MailFence and ProtonMail. Tell me where I have my facts wrong if you spot something!

Mailfence Protonmail
free version available yes yes
cost for upgrade €2.50 – €7.50 per month €4.00 – €24.00 per month
pgp yes yes
keychain yes no – but coming
secure non-user email Yes – PGP Yes – proprietary OTP
app x yes – Android, iOS
web yes yes
TLS yes yes
imaps, pops, SMTPS,… Yes – with paid versions No – but coming
SPF,DKIM,DMARC,… Yes Yes
mail yes yes
calendar yes no
contacts yes no
docs yes no
location BE CH
jurisdiction EU-BE CH
applicable law GDPR, NIS, ePrivacy CH
Multi Factor Authentication  Yes Yes
Other integrations POPs, IMAPs, SMTPs,
iOS, Android, Exchange, LDAP
 Business version
ssllabs test  A+  A+
custom domains yes – paid yes – paid
open source no yes
Advertisements

ExoPlayer 2 and streamed audio

September 26, 2017 Comments off

I need a good media player for on the go – in particular it needs a large buffer and robust retry. Standard Android media player library doesn’t seem to cut it. VLC on Android seems to use its own media library but it still cuts out and fails to reconnect at 70mph on the motorway. ExoPlayer might do it, but I need to test it out first. The ExoPlayer demo app is the starting point.

So

  1. Download the ExoPlayer v2 library and demo from GitHub. [git clone https://github.com/google/ExoPlayer.git%5D
  2. Install Android Studio v3. I have beta 6 – this is needed for ExoPlayer v2. You may also need to set the tmp location for studio if your tmp folder is a tmpfs location in fstab – studio is hungry. Set the tmp location in studio.sh
    export _JAVA_OPTIONS=-Djava.io.tmpdir=/var/tmp
  3. Set up the app in Studio by importing the ExoPlayer git directory. The demo app is referenced from the demo.iml.
  4. Have some getting to know you time with Studio, break gradle and its plugin, start again
  5. Edit the demo asset with the playlists and samples, but don’t edit it (i.e. cut it down) completely because there seem to be some code dependencies on certain parts of the structure of this file. [Explayer/demo/src/main/assets/media.exolist.json]
  6. Add some streaming URLs in an array of their own [e.g. see the list at http://www.suppertime.co.uk/blogmywiki/2015/04/updated-list-of-bbc-network-radio-urls/%5D
  7. Build, run and deploy to your device.
  8. UAT Test at 70mph…..

More later….

[12/10/17]

Have literally been roadtesting, while making some code changes. Exoplayer may or may not behave better than say VLC, but at least I have code and can try and make changes. So I have upped the number of retries and buffer settings using a LoadControl and passing this in a different constructor call for SimpleExoPlayer in the PlayerActivity. However, the 3G/HSDPA signal while on the road is still so choppy and unreliable that, according to LogCat, I am getting SocketTimeout exceptions. Buffers do not seem to be depleted, and at the current size equivalent to a 5 minute cache of the radio stream, I am wondering why I am getting cutouts so often. I don’t believe a buffer that size is being built up, or being depleted because sometimes when starting out playback begins in under a minute and is interrupted about a minute later. Need more info!

[16/10/17]

Playing with loadControl some more isn’t really going to help here. The root cause is the buffer or its consumption rate. It doesn’t seem to me to ever get to the point where it is allocated fully (e.g. if you set a minBuffer size of 1min, playback invariably starts before 1 min). And the DefaultLoadControl only comes with one other element – the Allocator – that can be used to manipulate the internals of ExoPlayerInternalImpl where all the work is happening. Tracing back the points where the player datastats are set so that the UI displays e.g. buffering points to a method shouldContinueLoading. This compares the min and max buffer to the current internal buffer size or allocation and continues if its somewhere in between. But the Allocator also has a minimum size that maintains a byte array for the buffer and that can be manipulated in the Allocator constructor. Doing this, I thought I had stumbled upon the answer because I got continuous playback on one part of my drive where I couldn’t before. Unfortunately, I got a socket exception after this. So back to square one? (I have tried another player and it has the same trouble).

 

Categories: technology

Openmediavault (omv), squid3 and webmin

July 7, 2017 Comments off

Need a proxy in addition to OpenDNS for kids to provide some additional parental control.

1) Install webmin as per latest instructions. Webmin has “unused plugin” for squid3. Check it runs on http://localohost:10000. Edit /etc/webmin/config to allow for unknown referers if you get xss warnings in the UI – “referers_none=0”

2) Install squid3. I had to chown proxy:proxy on the cache dir I wanted and add it to the cache config. (not essential). Edit /etc/squid3/squid.conf

#allow localnet access
 http_access allow localnet
 acl localnet src 192.168.1.0/24
 #allow webmin access
 acl SSL_ports 10000
 #add blacklisted URL keywords reference file
 acl blockkeywords regex_url /etc/squid3/keywords.txt
 #add MAC addresses to apply to
 acl sysmacs arp /etc/squid3/mac_addrs.txt
 #combine keywords and MAC for denial
 https_access deny blockkeywords sysmacs

Now, restart (sudo service squid3 restart) or apply the config in webmin.

3) Test – you should get a squid3 access denied page when you use your keywords on the machines with the configured MAC addresses. If you have trouble, back things out and start to test one-by-one. Dont forget to add the proxy config to your browser, or the wifi connection in android (long press -> modify ->manual proxy config).

Categories: technology

KDE Plasma 5 Icons

March 4, 2017 Comments off

Or launchers, or applications, or shortcuts.

As a reminder to myself, to add an application shortcut to your desktop (not a folder view) you can either

  1. drag from Dolphin to the desktop
  2. Right click the application (K) launcher -> Edit Applications. Choose a category to put your shortcut in then click “New Item” from the toolbar and fill in the details. Save.
  3. Now, back in the K menu, you should see your new application menu item.
  4. Right click and choose add to Desktop

If you want to move or resize your new icon, do a long-click on it until you get the KDE icon widgets showing you on the right hand side.

Bit of a palaver….

Categories: technology

Firefox sync limits

January 30, 2017 Comments off

Firefox on mobile seems to have a hard limit on the number of URLs it will sync. So, I have to dedupe and test my thousands of bookmarks somehow. A previous Check Links plugin has stopped working, and with the move to WebExtensions probably won’t be updated again. Nothing else in the add-ons store seems to meet the bill so I am going to have write some code. Makes a welcome change from the day job….

Sync docs seem a little behind the times too.

Thought I’d tackle it by exporting and manipulating the bookmark files as json and then re-importing, but the data is a bunch of nested children, immutable, and not all are bookmarks. After some coding it all starts to get a bit messy. Surely there is an easier way? Eh, probably: For a hint at accessing Firefox sqlite database see [http://myexps.blogspot.ie/search/label/Firefox] and for the sqlite bookmark schema see [https://developer.mozilla.org/en-US/docs/Mozilla/Tech/Places/Database]. 

The schema keeps changing it seems, and “tags” don’t seem to be in the tables any more (even tho they still exist) .  I seem to have lots of triplicate entries in moz_bookmarks too. And Sqllite doesnt support sensitive type or concurrent connection types, so it looks like a case of going through each entry in moz_bookmarks (17000 odd), checking/pinging each URL, recording the id of each fail and then using a preparedStatement to delete these rows. Better make a backup first!

Code on Github at https://github.com/uoccou/firefoxbookmarks. Depends on another project alink-utils (with Mockito, Powermock tests). Tests for bookmark checker are a WIP for now, as is documentation.

https://docs.services.mozilla.com/sync/objectformats.html#bookmarks

Categories: technology

Boonex Dolphin – non default port

November 19, 2016 Comments off

Not using port 80 on my install and want to change to another – eg 8888 – for https/ssl/tls access. Support forums say change $site[‘url’] in header.inc.php to https from http – but the port number is also hardcoded in the redirect url config where it sets the Location http header, further down the config file. So for now, I have changed this to also hardcode the port to 8888 instead of 80.

if ( isset($_SERVER[‘HTTP_HOST’]) and 0 != strcasecmp($_SERVER[‘HTTP_HOST’], $aUrl[‘host’]) and 0 != strcasecmp($_SERVER[‘HTTP_HOST’], $aUrl[‘host’] . ‘:8081’) ) {

To get modules to install I also had to chmod 775 the lot !

Categories: technology Tags: ,

Parsing m3u file for curl checks using AWK

July 28, 2016 Comments off

I recently had reason to make use of an m3u playlist file for an IPTV device. I found one on http://www.sattvhelp.com, a great resource for all kinds of sat and IPTV issues. IIRC I came across this after finding a post about a filmon.tv plugin at http://iptvlivestream.com/iptv/filmon-tv/.

In any case the m3u file contained lots of links to IPTV stations that were no longer available of not responding anymore so I wrote an awk script to parse the m3u and based on an expression execute and action that was a system() call. AWK is a great tool to use search expressions and logic on records in files but is a PITA to debug – and my other attempts at using getline didnt help either. M3U files are a sequence of paired records which makes grep and shell scripting innappropriate I think (which I did try firstly) and awk seems a better way, even if it needs a bunch of calls out to another process/shell.

See my post on sattvhelp.com for more (http://www.sattvhelp.com/forum/technomate-non-linux-chat/54223-iptv-channels-tm-f3-5-tm5402-m3-33.html#post149601) but heres the script if you need it to parse/validate any other kind of m3u playlist from time to time.

#!/usr/bin/awk -f
 BEGIN {
 FS="\n"
 print "#EXTM3U"
 }
 {
 if ( $0 ~ /^#EXTINF/ ) {
 ITM=$0
 #reset URL so it doesnt print the same one twice
 URL=""
 } else if ( $0 !~ /^#EXTINF/ ) {
 URL=$0
 #print "Found "URL
 }

#print ITM"\n"URL
 # curl --connect-timeout $SLEEP --output /dev/null --silent $u
 #
 #RC=system("curl --connect-timeout 5 --output /dev/null -silent" URL)

if ( URL != "" ) {
 cmd = "curl --head --location --fail --max-time 10 --connect-timeout 5 --head --output /dev/null -silent " URL
 #print "Calling : "cmd
 RC = system( cmd )
 #print "Return code : "RC
 if ( RC == 0 ) {
 print ITM"\n"URL
 }
 }

}