Encrypted DNS requests with OpenDNS’ dnscrypt-proxy

So first, obviously, you need to sign up and be using OpenDNS’ service. Secondly, I am using dnsmasq for DNS and DHCP – if you are using BIND or something else, then you will require extra/different steps. Thirdly, I have this setup on my Linux (CentOS) firewall/gateway/router at home which is the gateway to the Internet for all Internet traffic on my home network. If you want to use this for a single device that isn’t a firewall/gateway/router, you may require an extra dash of trickery. So here are the resources that I used to set this up and my own personal notes:

http://www.opendns.com/technology/dnscrypt/

http://networkfilter.blogspot.fr/2012/12/dnscrypt-on-raspberry-protect-your.html

The networkfilter.blogspot.fr post I’ve provided above was my main resource and some (possibly all?) of my notes are probably also on that blog. I’ve actually probably copied and pasted some parts into my notes (once I confirmed they worked of course).

## DOWNLOAD
So I think you can download two ways:
wget:
wget 
http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.2.0.tar.bz2

or git:
cd /usr/local/src
git clone 
https://github.com/opendns/dnscrypt-proxy.git
 dnscrypt-proxy

I used wget initially, but it's probably a good idea to use git for easier upgrading.
## INSTALL
useradd -r opendns -s /sbin/nologin
mkdir /home/opendns; chown -R opendns.opendns /home/opendns
tar -jvxf dnscrypt-proxy*.tar.bz2; cd dnscrypt-proxy*
./configure
make -j2
(-j2 will use two CPU cores)
make install

## CONFIGURE DNSMASQ

vi /etc/dnsmasq.conf
# Make sure you have something like below
listen-address=127.0.0.1,x.x.x.x
bind-interfaces
resolv-file=/etc/resolv.conf.dnsmasq

and then create /etc/resolv.conf.dnsmasq

vi /etc/resolv.conf.dnsmasq
nameserver 127.0.0.2

## START DNSCRYPT

/usr/local/sbin/dnscrypt-proxy -a 127.0.0.2:53 --daemonize --logfile=/var/log/dnscrypt-proxy.log --user=opendns

netstat -antlp | grep 127.0.0.2
tcp 0 0 127.0.0.2:53 0.0.0.0:* LISTEN 28066/dnscrypt-proxy

tail /var/log/dnscrypt-proxy.log
[INFO] Generating a new key pair
[INFO] Done
... etc ...
[INFO] Proxying from 127.0.0.2:53 to 208.67.220.220:443

## TEST

Run the following command on the DNS server (firewall/gateway/router):

tcpdump -i eth0 dst host 208.67.222.222 or dst host 208.67.220.220 or src host 208.67.222.222 or src host 208.67.220.220 -n

Run the following on a device on your network:

dig www.cbc.ca

You should see the following in your tcpdump:
15:08:36.102759 IP x.x.x.x.47220 > 208.67.220.220.https: UDP, length 132
15:08:36.130898 IP 208.67.220.220.https > x.x.x.x.47220: UDP, length 304
(x.x.x.x is your public IP)

Notice the "https"

Republic of Doyle Soundtrack

Last week I did a quick Google search for a Republic of Doyle soundtrack, at least for Season 1 for now, but found nothing.  Is there really no soundtrack?  Why not?!  Well, I decided to at least make a list of the songs that I could identify off the episodes.  It’s not finished yet, but here’s what I have so far with links to YouTube videos if I could find them:

• Oh Yeah by Great Big Sea – Theme song from the show
• Oh Yeah by Great Big Sea – Album version live.

Season One

• Back To Me by Kathleen Edwards – S01E01
• One Headlight by The Wallflowers – S01E02
• You Can’t Always Get What You Want by Ben Harper and the Rusted Roots – S01E03
• Magic Carpet Ride by Steppenwolf – S01E03
• The Banks of Newfoundland by Great Big Sea – S01E05
• Radar Love by Golden Earring – S01E05
• Dream Weaver by Gary Wright – S01E06
• Man’s Gotta Be A Stone by Colin James – S01E06
• Sweet Hallelujah by Hawksley Workman – S01E07
• It’s You by  Liam Titcomb – S01E09
• S01E09 – There’s a song playing in The Duke when Rose and Nikki are there, but I’m not sure which one it is. Probably one of the songs in the notes below.
• I Would Give My Love An Apple -  S01E10 – this is an English folk song sung by Leslie at the Duke.
• No Change In Me by Ron Hynes – S01E12
• Republic of Doyle – Season One – YouTube Playlist

Season Two

• Safe and Sound by Hawksley Workman – S02E01
• Jailbreak by AC/DC – S02E02
• Spanish Stroll by Mink DeVille – S02E03
• Is This Love by Damhnait Doyle – S02E04
• White Wedding by Billy Idol – S02E05
• So Far Away by Dire Straits – S02E05
• Fisherman’s Blues by The Waterboys – S02E06
• The St. John’s Waltz by Ron Hynes – S02E07
• Another One Bites the Dust by Queen – S02E09
• Jake and Allison are in conversation in the Duke, there is a song playing, but can’t make out anything – S02E10
• God’s Gonna Cut You Down by Johnny Cash – S02E10
• Mrs. McGrath by Bruce Springsteen – S02E13
• Dirty Old Town by The Pogues – S02E13
• Republic of Doyle – Season Two – YouTube Playlist

Season Three

• Low Down by Tom Waits – S03E01

Here is a list of songs that were supposed to be in the episodes, but I haven’t verified yet.

If anyone knows of a song that I’m missing or sees a mistake with one of the artists or song names or something, feel free to bring it to my attention.  Also, if anyone is aware of an official soundtrack release looming on the horizon, even if just for Season Two, I’d love to know about it. I think it would be cool to have a collection of songs named “Music of Republic of Doyle” or “Music Inspired by Republic of Doyle” or something and have songs featured in the episodes as well as a ton of local music to boot.  That would be deadly.

Running applications remotely in Linux

I have a desktop PC and a laptop at home both running Ubuntu Linux. I use the laptop more because I can take it around the house with me. I have two young kids so this is important. However, I store all my work, music and bookmarks on my computer downstairs which has forced me to find ways to remotely access my desktop PC more efficiently. I usually can do most things using SSH from the laptop.

Generally I use vim for any personal writing that I do so this is easy. I just SSH into the PC downstairs, it gives me a terminal emulator so it is exactly as if I was sitting in front of the PC downstairs, open vim and start writing.

OpenOffice

Sometimes I use OpenOffice though and remotely opening OpenOffice is a little trickier, but not too bad. Here is what I do:

ssh -X andrew@desktopPC

echo $DISPLAY

which gives me something like this:

localhost:10.0

openoffice.org -writer -display localhost:10.0

OR you might not even need to find out what your display is:

openoffice.org -writer -display $DISPLAY

Firefox

I don’t like having two sets of bookmarks sitting on two different computers so I open Firefox up on the desktop PC from the laptop as well – just like I do with OpenOffice:

ssh -X andrew@desktopPC

echo $DISPLAY

which, again, will give you something similar to this:

localhost:10.0

firefox –display=localhost:10.0 -no-remote

or you could try

firefox –display=$DISPLAY -no-remote

virt-manager

I was trying to run virt-manager through SSH but was getting the following error:

X11 connection rejected because of wrong authentication.

…etc …

RuntimeError: could not open display

I could run other applications through SSH, but not this command.  Oh yes, I was using ssh -X user@remote-host to forward X11 and trying to run sudo virt-manager –conect=qemu:///system on the remote host.  Obviously, the sudo command was causing the error.

sudo su – (to become root)

export XAUTHORITY=/home/andrew/.Xauthority

echo $XAUTHORITY

/home/andrew/.Xauthority

Now when I tried it, it worked.

(Thanks to the Gentoo wiki: http://en.gentoo-wiki.com/wiki/X-Forwarding#Using_after_su_or_sudo)

VLC

I have a bunch of videos on the desktop PC and it strikes me from time to time that I would like to watch those on my laptop. There are numerous different ways to accomplish this, but here is how I do it. I already had Apache set up using VirtualHost entries, so I just added a new one for my Video directory. Remember, I’m using Ubuntu so this may be different depending on your distro:

sudo vi /etc/apache2/apache2.conf
Apache Config Example
sudo service apache2 restart

vi /etc/hosts
192.168.0.2 movies.example.com movies

Now on the laptop, open VLC, go File -> Network Stream -> Select HTTP from the drop down -> Put your desktop name (as it appears in /etc/hosts or DNS if you have it) and the video name in the box (e.g. http://movies.example.com/127_Hours.avi) -> Click OK, or Open, Engage, or whatever it says. Oh, and you should be able to browse the files in your Video folder by just going to http://movies.example.com.

UPDATE: you could also just share your video collection with Samba and use XBMC to stream the video … sheesh!

Check for upgradeable packages in Ubuntu

I think the Ubuntu update-manager GUI can be useful at times and annoying most other times so I disabled it in gconf, but I wasn’t sure how to check for updated packages from the terminal.  I knew it was possible because my motd was automatically displaying it for me whenever I logged in via SSH.  Here’s the command you run (I’m using 9.10 Karmic):

/usr/lib/update-notifier/apt-check –human-readable

Check CPU temperature in Linux

I found myself wanting to monitor the temperature of the CPU in my laptop.  Using Ubuntu 10.04 (Lucid), there were a few ways that I could do this, but I’m just going to mention two:

/proc

You can check the temperature of your CPU(s) without installing any additional packages by looking in /proc:

cat /proc/acpi/thermal_zone/THM*/temperature
temperature:             80 C
temperature:             76 C

The exact path may be different, for example, on my desktop PC I check the temperature with this command:

cat /proc/acpi/thermal_zone/THRM/temperature

temperature:             40 C

The location should be generally the same though.

acpi

/proc is cool because there is nothing that you need to install, but I liked the output of acpi better.  You have to install it first before you use it:

sudo aptitude install acpi

Now go ahead and use it:

acpi -t
Thermal 0: ok, 76.0 degrees C
Thermal 1: ok, 79.0 degrees C

Check memory info in Linux

Personally, I consider knowing how much RAM that I have installed, what type it is and how much is being used essential.  There are several ways to get memory information in Ubuntu and Linux in general.  I’ll list them here in order of how frequently I use them.

Free

To find out how much total memory you have available, how much is being used and how much is left, I use the following command:

free -m

              total       used       free     shared    buffers     cached
Mem:          1949       1788        160          0        284        791
-/+ buffers/cache:        713       1236
Swap:         5711         53       5658

the “-m” displays the output in megabytes which makes it easier for me.  The default is to display in kilobytes.

As you can see, this is a quick way to get a snapshot of your memory usage.  Very helpful.

Dmidecode

Dmidecode will grab all of your system details, not just memory and it will give you a very detailed report about your hardware without you having to crack the case open.  To check just the memory, you can do the following:

sudo dmidecode –type 17 | less

dmidecode 2.9
SMBIOS 2.4 present.

Handle 0×0036, DMI type 17, 27 bytes
Memory Device
Array Handle: 0×0035
Error Information Handle: Not Provided
Total Width: 64 bits
Data Width: 64 bits
Size: 1024 MB
Form Factor: DIMM
Set: None
Locator: A0
Bank Locator: Bank0/1
Type: DDR
Type Detail: None
Speed: 400 MHz (2.5 ns)
Manufacturer: None
Serial Number: None
Asset Tag: None
Part Number: None

… etc …

Alternatively, you could pipe the output to a file for leisurely perusal:

sudo dmidecode > /tmp/dmidecode.txt

vi /tmp/dmidecode.txt

lshw

sudo lshw -short -C memory

… etc …

/0/35                       memory         2GiB System Memory
/0/35/0                     memory         1GiB DIMM DDR 400 MHz (2.5 ns)
/0/35/1                     memory         1GiB DIMM DDR 400 MHz (2.5 ns)
/0/35/2                     memory         DIMM [empty]
/0/35/3                     memory         DIMM [empty]

Check my wiki for more information.

Check Ethernet info in Linux

One of the most useful tools that I’ve experienced for anyone who works with computers remotely is ethtool. Imagine the following scenario:

You have installed Linux on a multi homed server and shipped it to a customer’s data center hundreds of miles away.  It is impossible for you personally to get physical access to the machine so you must rely on the data center’s tech team to plug everything in properly and power on the server.  They have told you that everything is plugged in and the computer is on.  You are able to SSH into the server on the network card attached to your network, but can’t access any other networks via the other network cards.  The data center tech’s are 100% confident that they have done their job properly and have left you holding the bag.  You’re not convinced that they have plugged the other cables in correctly or even plugged them in at all.  Here is how you can check:

ethtool ethX

for example:

ethtool eth0

Settings for eth0:
       Supported ports: [ TP ]
       Supported link modes:   10baseT/Half 10baseT/Full
                               100baseT/Half 100baseT/Full
                               1000baseT/Full
       Supports auto-negotiation: Yes
       Advertised link modes:  10baseT/Half 10baseT/Full
                               100baseT/Half 100baseT/Full
                               1000baseT/Full
       Advertised auto-negotiation: Yes
       Speed: 100Mb/s
       Duplex: Full
       Port: Twisted Pair
       PHYAD: 0
       Transceiver: internal
       Auto-negotiation: on
       Supports Wake-on: umbg
       Wake-on: d
       Link detected: yes

this is the network card that you are able to connect to already, so let’s check the others:

ethtool eth1

Settings for eth1:
       Supported ports: [ TP ]
       Supported link modes:   10baseT/Half 10baseT/Full
                               100baseT/Half 100baseT/Full
                               1000baseT/Full
       Supports auto-negotiation: Yes
       Advertised link modes:  10baseT/Half 10baseT/Full
                               100baseT/Half 100baseT/Full
                               1000baseT/Full
       Advertised auto-negotiation: Yes
       Speed: 100Mb/s
       Duplex: Full
       Port: Twisted Pair
       PHYAD: 0
       Transceiver: internal
       Auto-negotiation: on
       Supports Wake-on: umbg
       Wake-on: d
       Link detected: no

… and there you go.  There is no cable plugged into the eth1 network card.

Seagate 2TB GoFlex External Desktop Hard Drive and Ubuntu

I bought the following hard drive for extra storage space on my home PC:

Seagate 2TB GoFlex External Desktop
Model: ST2000DL001-9VT156

I use Ubuntu Linux for my desktop PC at home and I noticed that after awhile, the device got disconnected with the following errors showing up in /var/log/messages:

usb 1-4: USB disconnect, address 7
sd 9:0:0:0: [sdh] Unhandled error code
sd 9:0:0:0: [sdh] Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK
lost page write due to I/O error on sdh1
… etc …

I noticed that there was no On/Off switch and thought maybe there was an automatic cycle down on the hard drive to save power or something. So I created a file on the hard drive and set a cron job to touch that file every second to see if that confirmed my hunch. It hasn’t gone offline since. I know it’s a dirty hack and might not be what’s best for the hard drive, maybe, but I guess I’ll have to wait to see if there are any ill repercussions. I haven’t found a better solution on the Internet, but if anyone has any suggestions I’d love to hear them.

Here is the crontab entry:

crontab -e
* * * * * /root/bin/big_drive_keepalive.sh >/dev/null 2>&1

Here is the shell script:

#!/bin/sh
touch /mnt/big_drive/touchme.txt

I found some helpful commands to find out information about the hard drive too:

hdparm -I /dev/sdh|grep Model
Model Number: ST2000DL001-9VT156

sdparm -a /dev/sdh
/dev/sdh: Seagate Desktop

lsusb
Bus 001 Device 009: ID 0bc2:3300 Seagate RSS LLC

Read RSS feeds from the terminal

If you like doing everything you can from the terminal, then you may be interested in Newsbeuter.  Basically, it is a text based program that lets you read RSS feeds that you have subscribed to from the terminal.  I’ve been using it for about a year and it’s great.  Here’s how you can use it:

Install

sudo aptitude install newsbeuter

Add Some RSS Feeds

vi ~/.newsbeuter/urls

Add the URLs to the “urls” text file in this format:

#
# Newfoundland Related Blogs
#

http://rss.cbc.ca/lineup/canada-newfoundland.xml


http://twemes.com/nltechjobs.rss


http://cornerbrooker.com/feed/


http://bitstop-nfld.blogspot.com/feeds/posts/default


http://riddlefence.com/feed/


http://breakwaterbooks.wordpress.com/feed/


http://www.heritage.nf.ca/nlheritagerss.xml


http://feeds.feedburner.com/NLBlogRoll

and there are even some Newfoundland and Labrador blogs to get you started.

Start Using Newsbeuter

Just type newsbeuter and you will get an interface that looks like this:

Then just follow the prompts at the bottom: lower case “r” to update a single RSS feed, upper case “r” to update all RSS feeds, “q” to quit and so on.

Find image size from terminal in Linux

To find the size of an image file (jpg,png,etc) on your computer using only the terminal, you can use ImageMagick.  Now, this isn’t the only use for ImageMagick – FAR from it, but it does accomplish this simple task.  Anyways, you can use the identify command to find the image size:

identify <file_name>

for example:

identify DSC_5043.JPG
DSC_5043.JPG JPEG 3872×2592 3872×2592+0+0 8-bit DirectClass 2.382MiB 0.000u 0:00.000

So obviously the image size is 3872×2592.  Done.

If ImageMagick isn’t installed, you can install it by issuing the following command:

sudo aptitude install imagemagick

Check my wiki for more info.