OpenVPN, easy configuration, and that damned ta.key file.

Apr 15, 2017

Now that ISPs not selling information about what you do and what you browse on the Net is pretty much gone, a lot of people are looking into using VPNs - virtual private networks - to add a layer of protection to their everyday activities.  Most of the time there are two big use cases for VPNs: Needing to use them for work, and using them to gain access to Netflix content that isn't licensed where you live.  Now they may as well be a part of everyday carry.

So: Brass tacks.  Here's a quick way to set up your own VPN server, as well as a solution to a problem that frustrated me until very recently.  For starters, unless you're an experienced sysadmin don't try to freestyle the setup.  There is an excellent script on Github called openvpn-install that will do all of the work for you (including adding and deleting users) in less than a minute.  Use it to do the work for you.  Please.  Also, if you build an OpenVPN server, consider going in with a couple of friends on the cost.

Chances are you're running either Windows or Mac OSX (Linux and BSD users, you know what to do) so you'll need an OpenVPN client on the users' end.  This means that you want to run either the Windows version of the OpenVPN client or an OSX client like Tunnelblick.  However, these clients assume that you're just loading an all-in-one configuration file, called an .ovpn file.  If you've never done it before they're remarkably tricky to build but they're basically a copy of the OpenVPN client.conf with all of the crypto keys embedded in special stanzas.  It took me a lot of fumbling and searching but I eventually figured out how to reliably make them.  To save you some time here's a copy of the one I use with all the unique stuff removed from it.  If you open it in a text editor you'll notice a couple of things: First, the very first non-commented line says that it's for the client and not the server.  Second, I have it configured to use TCP and not UDP.  This is so that you don't have to reconfigure the firewall you're behind to get your traffic through.  Keep it simple, trust me on this.  Third, the ca, cert, and key directives are commented out because those keys are embedded at the end of the file.  Fourth, I have tls-auth enabled so that all traffic your server will handle is authenticated for better security.

If you freestyle (that is, build by hand) your OpenVPN server, you'll need to keep in mind the following things:

Setting up converse.js as a web-based chat client.

Apr 09, 2017

As not bleeding edge, nifty-keen-like-wow the XMPP protocol is, Jabber (the colloquial name for XMPP I'll be using them interchangably in this article) has been my go-to means of person-to-person chat (as well as communication protocol with other parts of me) for a couple of years now.  There are a bunch of different servers out there on multiple platforms, they all support pretty much the same set of features (some have the experimental features, some don't), and the protocol is federated, which is to say that every server can talk to every other server out there (unless you turn that function off), kind of like e-mail.  You can also build some pretty crazy stuff on top of it and not have to worry about the low-level stuff, which isn't necessarily the case with newer protocols like Matrix.  There are also interface libraries for just about every programming language out there.  For example, in my Halo project I use SleekXMPP because it lets me configure only what I want to out of the box and handles all of the fiddly stuff for me (like responding to the different kinds of keepalive pings that Jabber clients send).  Hack to live, not live to hack, right?  There are also XMPP clients for just about every platform out there, from humble Android devices to Windows 10 monstrosities.  However, sometimes you find yourself in a situation in which your XMPP client can't reach the server for whatever reason (and there are some good reasons, let's be fair).

Repelling invasions of Argentine ants.

Feb 28, 2017

In California, we periodically have problems with armies of Argentine ants invading houses at certain times of the year.  It doesn't matter how clean you keep your house or how carefully you maintain it, they'll still find a way in.  They're quite small and routinely squeeze through cracks less than 1mm in size, which is roughly the size of the gap between a baseboard and floor in most homes out here.  They invade (and I use that word carefully) in extremely large numbers, often in the hundreds; often your first sign is an inch-wide column of ants marching down a hallway.  They don't seem to care much for sweets, so they ignore things like cookie crumbs dropped on the floor.  The times of year they seem to make a break for the inside are when it's fairly cold outside (low to mid 50's Fahrenheit) or after a few continuous weeks of drought.  I'm not entirely sure what they look for during cold times (my guess is they're in it for the warmth), but I have observed them pass up food that's been left out and garbage during droughts and head straight for sources of moisture: Rinsed out bottles and cans, wet paper towels, and sinks.  They're certainly not afraid to make use of drainpipes to enter a house - I've caught them coming up through the overflows of sinks and the bathtub more times than I care to think about.

WARNING: This strategy is for houses that have neither children nor pets.  Liberally laying ant poison down in a house is dangerous to both, don't do it.  If you have children or pets in the house, you're out of luck.  I can't help you.  Call an exterminator.

Here's how I take care of this problem.  I don't want to shill for any particular product or manufacturer, but I do want to be specific enough that this blog post is useful.  I use wet ant baits (basically containers of liquid ant killer) and an insecticide powder that is primarily boric acid.  Read the ingredients, and get the biggest bottle you can because you're doing to go nuts with the stuff.

First up, figure out how long, roughly speaking, the ant phalanx is.  If you can break it into thirds or quarters (or, ye gods, fifths), do so by placing liquid ant bait equidistantly.  Make sure that you put each ant bait right on top of the column of ants so that they're sure to find it.  This is so that you kill more of the ants faster; you'll prevent them from advancing any farther into the house and you'll basically be executing multiple kills simultaneously.  Don't worry that you're wasting the stuff becuase you're not.  Second, figure out where they're coming in from.  You're probably going to have to get down on your hands and knees with a flashlight, and work backwards along the column of ants.  When you find it (and you'll undoubtedly be cursing the day you were born by that point), drop another liquid ant trap right in front of the entry point.  Then crack open that bottle of insecticide powder and wall off the entire area that they're coming in through.  Be sure to pen them in along with that last liquid ant bait you laid down.  You're going to make a mess.  You already have a metric fuckton of ants in your house.  This prevents any more ants from coming in: The ants that are sufficiently motivated to try to cross the line of insecticide are going to die in the attempt.  The ants that manage to keep coming in from outside are, as before, going to head right for the liquid ant bait and carry little droplets of the stuff back outside to the nest, which is going to chop down the ant population considerably.  Some of the ants will have a fine coating of insecticide powder on them, and they'll track it back through the walls of the house, and possibly back into the nest.  See how I got the stuff on top of the baseboard?  That's to keep them from climbing up the walls to avoid the insecticide (yes, they do that). While you're at it, take a look around for other large-ish gaps in the baseboards or walls and shoot some of the insecticide powder down inside of those, too.

Now, go do something else for a while.  I recommend getting out of the house for the rest of the day to take your mind off the situation.  You've no doubt spent an entire day coming up with creative new ways to swear, you need the break.

Some time during the next day, take another good look at the floor and see what kind of progress has been made.  If all's gone according to plan, there will no longer be a conga line of hundreds of ants marching across the floor because the carpet bombing of ant poison you've carried out will have taken care of them.  There should be lots of dead ants piled up around the liquid ant baits and lots of dead ants piled up in the insecticide powder you laid down.  If not, figure out where you need to reinforce (maybe there's a low-hanging cable that they're using to avoid the boric acid powder? (yes, I've seen them do that)) and cut 'em off.

When you've gone a day without ants taking over your house, sweep and mop the floors with ammonia solution.  This will remove the scent trails that ants use to self-organize.  After the floor's dry, put the liquid ant baits back in the same positions and lay a somewhat more thin line of boric acid powder across the entry point you found.

If they're coming up through sink overflows, get the liquid ant bait that comes in an oversized syringe, and just squirt it into the overflows.  It won't hurt you because water's supposed to go down those inlets if the sink's too full.  Be sure to coat as much of the inside surface as you can so the ants are sure to find it.  Individually, they're not terribly bright; en masse, they seem to opt for the path of least resistance.  If you put what they're looking for directly on top of them, they'll stop advancing because there will be a ready source right there.

Fixing the clock in Kodi.

Feb 25, 2017

I've mentioned once or twice that I have a media box at home running Kodi on top of Arch Linux.  Once you've got your media drives registered and indexed, it's pretty easy to use.  Save for the clock in the upper right-hand corner of the display, which almost never seems to coincide with the timezone set when you install Arch.  So I don't forget again, and to try to fix the problem of skillions of worthless threads on the Kodi forums, here's how you fix it from inside of Kodi when it's running:

  • System -> Settings
  • Appearance menu
  • International tab
  • Timezone Country
  • Pick the country you live in
  • Timezone
  • Pick the timezone you're in
  • You're done.

Guerilla archival using wget.

Feb 10, 2017

Let's say that you want to mirror a website chock full of data before it gets 451'd - say it's  You've got a boatload of disk space free on your Linux box (maybe a terabyte or so) and a relatively stable network connection.  How do you do it?

wget.  You use wget.  Here's how you do it:

[user@guerilla-archival:(9) ~]$ wget --mirror --continue \
    -e robots=off --wait 30 --random-wait

Let's break this down:

  • wget - Self explanatory.
  • --mirror - Mirror the site.
  • --continue - If you have to re-run the command, pick up where you left off (including the exact location in a file).
  • -e robots=off - Ignore robots.txt because it will be in your way otherwise.  Many archive owners use this file to prevent web crawlers (and wget) from riffling through their data.  Assuming this is sufficiently important, this is what you want to use.
  • --wait 30 - Wait 30 seconds between downloads.
  • --random-wait - Actually wait for 0.5 * (value of --wait) to 1.5 * (value of --wait) seconds in between requests to evade rate limiters.
  • - The URL of the website or archive you're copying.

If the archive you're copying requires a username and password to get in, you'll want to add the --user=<your username> and --password=<your password> to the above command line.

Happy mirroring.  Make sure you have enough disk space.

Saving stuff before it vanishes down the memory hole.

Jan 26, 2017

UPDATE - 20170302 - Added Firefox plugin for the Internet Archive.

UPDATE - 20170205 - Added Chrome plugin for the Internet Archive.

Note: This article is aimed at people all across the spectrum of levels of experience with computers.  You might see a lot of stuff you already know; then again, you might learn one or two things that hadn't showed up on your radar yet.  Be patient.

In George Orwell's novel 1984, one of his plot points of the story was something called the Memory Hole. They were slots all over the building in which Winston Smith worked, into which documents which the Party considered seditious or merely inconvenient were deposited for incineration.  Anything that the Ministry of Truth decided had to go because it posed a threat to the party line was destroyed.  This meant that if anyone wanted to go back and double check to see what history might have been, the only thing they could get hold of were "officially sanctioned" documents written to reflect the revised Party policy.  Human memory's funny: If you don't have any static representation of something to refer back to periodically, eventually you come to think that whatever people have been telling you is the real deal, regardless of what you just lived through.  No mind tricks are necessary, just repetition.

The Net's a lot like that.  There are literally piles and piles of information everywhere you look, but most of it resides on systems that aren't yours.  This blog is running on somebody else's server, and it wouldn't take much to wipe it off the face of the Net.  All it would take is a DMCA takedown notice with no evidence (historically speaking, this is usually the case).  This has happened in the past a number of times, including to an archive maintained by Project Gutenberg and documents explicitly placed into the public domain so somebody could try to make a buck off of them.  This is a common enough thing that the IETF has made a standard HTTP error code to reflect it, Error 451 - Unavailable for legal reasons.

So, how would you make local copies of information that you think might be pulled down because somebody thought it was inconvenient?  For example, climatological data archives?