iHeinrich

just trying to find the answer…

VPN Protocols and WireGuard

In a previous post, I discussed WHAT a VPN is and WHY you need a VPN. If you missed it, it’s called, “VPN and you“.

So now that you know WHAT and WHY, let’s talk about the HOW.

A VPN Protocol is HOW the connection from you to the server is created and encrypted. It’s really important as this will determine how FAST and SECURE your connection will be.

Old and Useless Protocols:

  1. PPTP2: Written in 1995, it has been cracked by nearly everyone.
  2. LPT2/IPSEC: Written by Microsoft, LPT2 provides ZERO encryption and requires IPSEC for the encryption part. But even that is useless as it’s rumored that the NSA has cracked the encryption. The default port is UDP 500 making easy to spot and block if you’re in a country that actively blocks VPNs, like China or the United Arab Emirates.
  3. IKEV2: Another Microsoft classic, another NSA cracked. See a trend here?

Current Protocols:

  1. OpenVPN: An open source project, it has yet to be cracked and is considered the model of security. Most VPNs use this, as you can change ports, use UDP or TDP, and change encryption methods (but just don’t use Blowfish).
  2. RouterPro: This is only available as a JFIF applet installed on a customized firmware router and connecting to Astrill. Why do I mention this obscure protocol? Because when I lived in a part of the world where they blocked every VPN connection, and OpenVPN connections were unreliable*, this worked like a champ.

There’s a new protocol and it’s awesome:

This EXIT sign has a wire guard, shouldn’t you? ūüėČ

WireGuard. WireGuard is a new protocol written using a fraction of the code that OpenVPN uses and even Linus Torvalds approves of the code. For a super deep dive into WireGuard, check out the Ars Technica initial write up.

I tested WireGuard at home and found it to 3x to 4x faster than my OpenVPN connection. It blew my socks off and forced me to re-think my VPN configuration for 2019.

You can even run WireGuard on your router if you have OpenWRT firmware.

As of this writing, there are only TWO VPN providers who offer the WireGuard protocol.

  • Mullvad. Based in Sweden, they offer a free trial for 3 hours. They are also the perfect choice if you are SUPER paranoid. Example, you can create an account with them, SEND THEM AN ENVELOPE WITH CASH and your account number, and you’re good to go. No names, no e-mail addresses, no paper trail. You can pay with Bitcoin, or credit card as well. They have very simple documentation on connecting using WireGuard. Mullvad also donates to the WireGuard project, so your subscription helps WireGuard (indirectly). While they cost a bit more, they offer 48 WireGuard servers to connect to, with 13 in the US and 2 being in New York. ‚ā¨60 Euros/$68 USD for a year.
  • AzireVPN. Another Swedish company, they also offer a “pay in cash” model for ultimate security. While they are less expensive than Mullvad, they only offer 5 WireGuard servers. ‚ā¨45 Euros/$51 USD for a year.
  • You can roll your own WireGuard server on DigitalOcean or any other cloud computing host.

…and now for some bad news:
It’s still early days for WireGuard. When you connect, you will get a warning that this is still considered ‘alpha’ software. It’s not fully tested, could disconnect unexpectedly, and isn’t for people who are afraid of the command line. (this wasn’t my experience, but your milage may vary).

Eventually, someone may write GUI interface (could be me!) that will make this easy for everyone.

But I think we need to give WireGuard a try.

I wish everyone a safe and healthy holidays and hope 2019 brings you all the things you wish for.

* While OpenVPN was not initially blocked, Etisalat was clearly scanning for OpenVPN connections and terminating them whenever it found them. So you would make your connection, and 15 to 30 minutes later, it would terminate.

I’m rooting for Fedora 28!

Fedora 28 was released last week and it’s buttery smooth.

Many of the old issues with Nvidia graphics which required arcane spells and command line magic (which is the most powerful magic) to configure are GONE! Hooray!

Bizarrely, when you install Fedora 28 now, the user account is configured AFTER installation on THE FIRST boot up. Previously, everything was set up at installation, which I actually prefer.

Furthermore, root is not configured, meaning that UNLESS you set the root password, you won’t be able to wield ultimate command line magic.

But to set it up takes under 30 seconds. Ready? GO!

In the Terminal type:

sudo su -

it will ask for your admin/user password and you’ll get the “Spiderman” warning. Then type:

passwd

to set the password.

 

 

VPN and you.

VPNs are making the news and being advertised everywhere on the internet. If you are wondering WHAT a VPN is and IF you need one, this is the article for you.

What is a VPN?

The term VPN comes from the original use of the VPN as a Virtual Private Network.  Originally, the idea with this:

  • Bob works in an office.
  • The office has a network.
  • The network, for¬† security purposes, DOES NOT have access to the Internet.
  • Bob is outside of the office and needs to access the office network. He uses a VPN.

In this case, Bob connects to the office from home thru a VPN network appliance that sits in his office. He calls that network appliance and it provides a secure connection between Bob and the office. Bob is VIRTUALLY in the office and Bob has a PRIVATE encrypted connection and Bob can use the NETWORK.

DO I need a VPN?

You might be thinking, “Wait, I work in a flower shop, not an office, do I need a VPN?”

Yes, you do my florist friend.

After a hard day of floristing, you come home and connect to the Internet. You go to all your favorite websites and do all your favorite things. But there is a log of all those activities that resides with your internet provider. They can sell that log, sell your information to third parties.

Maybe you visited a website like, “Revolutionary Florists” by accident, or just out of curiosity. These guys advocate that only florists should be in power. Guess what? You just got your name on a watchlist.

Maybe you, in a moment of weakness, downloaded via Bittorrent that Japanese animation about that girl in high school who saves the world from alien demons by yelling at them? (ok, I just described every Japanese animation of these last 20 years). Well, the company and the lawyers of that Japanese animation can come after you. It’s really happened and people have had to cough up serious money.

Maybe you live in a country where all Internet access is very closely watched.

Maybe you work at a company who monitors your internet usage.

The simple fact is, if you want to look at the Internet without care of concern of who is watching you, you need a VPN.

If you value your privacy, you need a VPN.

VPN the nitty gritty.

How to get a VPN? Does it come in a box in the store? No. You need to find a VPN provider, and yes that is going to require some research and yes, you should pay for it.

A word on “Free VPN” providers

Nothing is “free”. Having a VPN company requires expensive software and hardware, so why would it be free? It’s not.

They sell your data to third parties, include adverts and basically do anything to monetize your account. Further, imagine the VPN server as a door. If only a dozen people an hour use that door, traffic flows smoothly. But what if 10,000 people an hour tried  to use that door? Nobody is going anywhere.

What to look for in a VPN provider

Nearly all paid VPN providers charge about the same price, so ignore the cost.

  1. Logs. If the VPN provider keeps logs of your activity, that’s NOT GOOD. Why keep a record of my browsing activity? Good VPN providers DO NOT keep logs so when someone shows up asking, they can honestly say, “sorry, we have no records”.
  2. Customer Support. VPNs can be tricky things to configure and get right. And when you run out of answers, usually a good tech support agent can help out.
  3. Speed. Good VPN providers have plenty of servers and plenty of bandwidth, so they won’t be slowing you down.
Not a review per se, but my experience with VPN providers.

I worked for a company that used to never monitor our internet browsing habits. Then, a few people abused this by watching porn in the office where EVERYBODY could see it and then a new IT director came in. Soon, our browsing became monitored and filtered. Bizarrely, the filter would often block tech sites that developers referenced and we really got annoyed.

I signed up for StrongVPN. It’s a great VPN company and used to have great tech support. I used for them for years. But I had to ditch them for two reasons:

  1. Logs. They kept logs. However, looking at the site now, they claim they do not keep logs anymore.
  2. Tech Support. When I started, it was awesome, after a while it went downhill.

I MIGHT re-consider joining StrongVPN, however, I am very content with my current VPN provider.

Astrill is an awesome VPN provider. This is not a paid endorsement. Some cool things about Astrill:

  1. No logs! Ever!
  2. Unlimited switching of servers. Want to use a server in New York, or Florida or St Louis and see which works best for you? Knock yourself out.
  3. Tech Support is very good. It’s not great, but the people you speak with are usually very sharp.
  4. Custom Protocols. They have their own OpenVPN protocol called RouterPro, which prevents you from being blocked in countries that block the OpenVPN protocol.
  5. Custom tools. I have my VPN configured on my router. This way, traffic from my router is protected. They offer a special JFF file you can install on your router. It’s very handy.
  6. They offer VPN apps for Mac, Windows, Linux, iOS… you name it.

That’s all for now. Next time I’ll discuss VPN protocols and why you shouldn’t use the default Blowfish encryption your VPN provider offers.

 

 

 

Not password, passphrase

For years, people have been warned about using strong passwords and being told that strong passwords have the following characteristics:

  1. Mixed Upper and Lower Case
  2. Special Characters

It goes without saying you should NEVER have a password that might relate to your name or the name of a family member.

But there is a website that will tell you exactly how STRONG (or weak) your password happens to be. The strength of a password is measured in entropy. The higher the entropy, the stronger the password.

http://rumkin.com/tools/password/passchk.php

So, using the above criteria, how strong are the following passwords?

Password Entropy Comment @1k guess per sec
He1nr1ch$ 39.9 Reasonable Strength. But it’s also my name. 17 years
Fleaswtracenlant 72.8 Strong. But it’s also the name of my ‘A’ School in the Navy. 149.7 BILLION years
Trump_8==> 42.9 Reasonable, and reflects a political opinion. 140 years

Is there a better way? Yes. Use four words that only mean something to you.

Example. Chicken Nuggets Tent Farts

I went camping with a friend of mine. He ate an entire 20 pack of Chicken Nuggets. I slept outside for obvious reasons.

What is the entropy here? 116.4 bits, which is incredibly strong. At a 1,000 guesses a SECOND, it would take 2,634,346,452,833,500,000,000,000 years to guess the password.

That’s 2.6 septillion years.

As a frame of reference, the Big Bang event occurred 14 billion years ago and the last dinosaurs died out 65 million years ago.

XKCD had a comic for this…

Fresh Fedora Install? Do this next…

A while back, I installed Fedora 27 on a Dell laptop. I installed it as a partition, so I could dual boot either Windows 10 or Fedora. After a while, I found myself using only Fedora. So I reformatted the drive (using LVM whole disk encryption) and now it’s a Fedora only machine. If I want Windows, I’ll create a VM image.

Update your install

I know you think, “I just installed this, it must be updated…” Yeah, well…. no.

Do this

sudo dnf upgrade --refresh

The instructions are detailed here https://fedoraproject.org/wiki/DNF_system_upgrade.

The upgrade will take a while but it’s worth it. After it’s done, a system reboot is a good idea (it couldn’t hurt).

Install GCC and Ruby

Bizarrely, GCC and Ruby are not installed by default. But you can check by typing:

gcc --version

and if you don’t have gcc installed, you will be offered the choice to install it.

bash: gcc: command not found...
Install package 'gcc' to provide command 'gcc'? [N/y]

Say yes.

Now for Ruby.

ruby -v
bash: ruby: command not found...
Install package 'rubypick' to provide command 'ruby'? [N/y]

again, say yes.

That’s all for this installation of “Fun with Fedora”.

 

 

Do you Sikuli?

Do you SikuliX? You really should…

What is SikuliX? SikuliX is an GUI automation tool. It’s open source, so it’s everyone’s favorite price… free!

Sikuli supports a variety of languages. To quote the website:

  • Python language level 2.7 (supported by¬†Jython)

  • running¬†RobotFramework¬†text-scripts is supported (see docs)

  • Ruby language level 1.9 and 2.0 (supported by¬†JRuby)

  • JavaScript (supported by the Java Scripting Engine)

… and you can use it in Java programming and programming/scripting with any Java aware programming/scripting language (Jython, JRuby, Scala, Clojure, …).

Can you guess what language, I prefer my SikuliX? If you said Ruby, you’ve been paying attention.

I’ve been using it for app testing and browser based testing as well.

SikuliX can’t be trained to carry buckets of water just yet

Linux Distro of Choice

If you ask 20 people who¬† use Linux, “what is the best version of Linux?” you will probably get 20 different answers.¬† ¬†If you’re lucky.

There is actually a website dedicated to tracking every distribution of Linux called,  DistroWatch.

Choosing a version of Linux can be daunting, but it ultimately comes down to what are you looking for in an operating system.

I wanted a version of Linux that had the following specifications:

  • Well documented. When everything goes south, I can’t call somebody, so give me a wikipage I can read.
  • Well supported by a community of users. Many distros are “here today, and gone tomorrow”. That means I need to learn the ins and outs of a new system every few years? No thank you, I am busy enough.
  • Works well, easy to use, doesn’t require a lot of maintenance.
  • Regularly updated. I was looking at one variant of Linux, that looks GORGEOUS, but it hasn’t been updated in over a year.
  • Offers a variety of developer tools. This is a minor consideration, as most Linux distros can use all the same tools.

So which Linux ticked all my boxes? Fedora.

Currently at version 27 (as of this writing), I have been using it a few months now and I am very happy with it.

  • It’s very well documented.
  • It has great community support. In fact, the good people at Red Hat Linux sponsor Fedora.
  • Has it’s own “magazine” with regular tips and tricks for users of all levels. I liked the article which showed how to change your boot up window to a Hot Dog.
  • It works great. Try it yourself.
  • It’s regularly updated, and they release a new update every six months or so. Fedora 27 was released Nov 14th, 2017, and Fedora 28 is expected May 1st, 2018. Upgrading is pretty easy.
  • Has all the software tools and toys you could ever want.

Give it try! It’s light years better, faster, and more secure than Windows.

Mr Hot Dog says, "Eat me!"

Mr Hot Dog says, “Eat me!”

Happy 2018!

It’s a whole new year! I will hopefully be blogging more now.

Java and JavaScript

I was sitting in a meeting and there was a bit of confusion about whether the specification called for Java or JavaScript.

When I asked about which one it was, I got this amazingly hysterical answer.

“Java or JavaScript? Doesn’t matter, it’s really the same…”

Yowza.

Allow me to clarify, in case you find yourself locked in a room with people who speak only in buzzwords and really have no idea what they are talking about.

Java is a programming language written in 1995 by James Gosling. The dream was that it would be a “write once, run everywhere” language. It runs on a Java Virtual Machine, and it’s hugely popular to teach on college campus.

Also, there are like a billion unemployed Java developers.

Let’s take a look at “Hello World” in Java.


class HelloWorldApp {
    public static void main(String[] args) {
        System.out.println("Hello World!"); // Prints the string to the console.
    }
}

Classes, Public, Static, void,…. it’s not for the casual relaxing day of coding by the beach.

JavaScript has nothing in common with Java. It is a completely different language with a similar naming.

Programs in JavaScript are called scripts. They need no compilation, you just write a script, append it to HTML-page and it works.

Let’s take a look at “Hello World” in JavaScript.

<script>
alert('Hello, World!')
</script>

Really simple, and runs in most every browser.

Oh yeah, and they are NOT THE SAME.

Have you read this PDF?

Google-PDF-Image-Result-150x150A friend of mine came to me with interesting situation.

He was a teacher at a school where the¬†student’s email address was their student number + the school server. If you were student number 121, your e-mail address was 121@theSchool.edu.

You get the idea.

The report cards were in PDF form, and they wanted to mail off the report cards to the students. How were they planning on doing this?

  1. Gather a group of teachers in a conference room with their computers
  2. Give them a thumb drive full of report cards on PDFs
  3. Have the teacher open the PDF file
  4. COPY the student number
  5. Create an email, using the COPIED student number (PASTE and type “@theSchool.edu”)
  6. Copy from ANOTHER text source the message, “Dear Student, yakkity yak yak. Here is your report card. Read ’em weep. Love, the School”
  7. SEND email
  8. Rinse, lather and repeat

wearing a mask, a cape and armed with mad Ruby skillz, you can save the world (or at least a roomful of teachers)

This looks like a job for RUBY SUPERHERO!

Part One: Reading PDFs.

Like most tough things in Ruby, there is a GEM for that. In the case of parsing PDFs, you need to install the PDF Reader Gem which is located at:

https://github.com/yob/pdf-reader

Using this Gem, we can read the PDF and put it into a string format and then extract the data we need.

After installing the GEM, your script will start with

#!/usr/bin/env ruby
require 'pdf-reader'

Part Two: Counting the (Report) Cards

Since we have a folder full of PDFs, we need to read the folder and get a count of the PDF files in the folder.


theCount = Dir.glob('*.pdf').count
puts "there are " + Dir.glob('*.pdf').count + " files to e-mail"

I like to toss in friendly put messages so when things go horribly wrong, you get some indication of where it broke.

Part Three: Iterate thru the folder


Dir.glob('*.pdf') do |rb_pdf|

# lots of Ruby Magic! 

end

This nifty line says, “Read the directory, looking ONLY at files that end in .pdf and call the elements “rb_pdf”. As you go thru the elements one by one, do stuff to them.

The stuff part is coming.

Part Four: Read the file!


reader = PDF::Reader.new(rb_pdf)

This is where the GEM pdf-reader comes in. It will read the file element “rb_pdf” and creates an object called “reader”.

Object “reader” has a number of elements, but we are most interested in the text of the object.


longString = page.text

Now that the ENTIRE report card is a string, we just need to find the student number in that string data so we can generate the email address.

But wait, how to find the number in that haystack of data?

Part Five: Oh yeah, it’s REGEX time!

Regular Expressions, or regex, is a great way to find most anything in an ocean of data, but it has a brutal learning curve and it’s very unforgiving to newbies. There are lots of great resources and tools online to help you with Regex, I suggest you use them.

I know the student number is the only 6 digit number in the PDF so I’ll look for that.


studentNumber = longString[/\b\d{6}\b/] 
#returns the six digit number for emailing
eMailTarget = studentNumber + '@theSchool.edu'

Part Six: Mailing ain’t easy
So, you test the code and it all works great… but how to mail?

This was the hardest part, and your milage may vary depending on the mail server configuration where you are.

You might need to install the mail Gem, depending on where you are.


require 'mail'  # ruby mail library. https://github.com/mikel/mail
require 'openssl' #sometimes, Outlook just makes you crazy...
#Sending via Outlook

    Mail.defaults do
      delivery_method :smtp, { 
                               :address              => 'mail.theSchool.edu',
                               :port                 => 587,
                               :domain               => 'theSchool.edu',
                               :user_name            => 'theSchool/poorTeacher',
                               :password             => 'summerVacation',
                               :authentication       => :login,
                                :enable_starttls_auto => true,
                                :openssl_verify_mode => OpenSSL::SSL::VERIFY_NONE  
                               }
 
    end
                          
    # send test message
    Mail.deliver do
 
        from    'poorTeacher@sts.theSchool.edu'
        to      eMailTarget
        subject 'Report Card'
        body    'Congratulations on getting a report card'
        add_file :filename =>  rb_pdf
    end
    
    puts "mailed to " + eMailTarget  
    # end of mailer part

Summary
So what have we learned?

  • If you are doing the same thing 10 or 20 times over, it means a script should be doing it.
  • You can read pdfs using a Ruby Gem.
  • Regex is wicked powerful and can be wicked hard to figure out.
  • Outlook can drive you crazy if you are trying to automate something.

Page 1 of 2

Powered by WordPress & Theme by Anders Norén