New version of Tespeed (Terminal network speed test)

Most advanced computer users know about speedtest.net that helps testing your internet bandwidth. While it is a great tool, it has only flash version available on their web site and there are Android and iOS apps for your mobile phones, but there were no tools available for Linux servers without GUI.

Back in 2009 I made a PHP script that tested network speed, wrote the results to text file and generated PNG graphs to be shown on web. It used speedtest.net partner servers and it got the data usage from ifconfig thus making it read the total bandwidth, not just what had been left for the php script itself. I set it up on my home router so I could prove my ISP that their internet is far form what they advertised.

I also uploaded it to Sourceforge and forgot about it’s existence for some time.

Years have passed and it has been downloaded almost 17 000 times, even though it doesn’t really work in every case and it wasn’t that easy to set up.

So I figured I should make a new version, written in Python (just to practice it), and so I did.

The new Tespeed is available at Github: https://github.com/Janhouse/tespeed

It is licensed under MIT license.

There are still some bugs and planned features left to sort out, but after testing it on multiple computers it is working fine.

 

Tespeed in automatic mode looking for best testing server and doing download and upload tests.

The new version finds closest servers and then picks the one with lowest latency.

 

Available server list top 25 (by distance)

 

You can also get a list of all available servers (and see the approximate distance to them) by using list-servers command.

 

Manually specified test server.

 

Please send me some feedback so I could make it better.

And go thank speedtest.net for this great service. 🙂

Hiding your web server behind proxy

In one of my previous blog posts I mentioned hiding your server behind proxy to protect yourself from long downtime.

Since some of you wanted more information, I figured I should write about it. This will still only scratch the surface of it and you should do some additional reading if you want to get a better understanding of how these things work and what they can be used for.

Let’s begin!

Continue reading “Hiding your web server behind proxy”

Internet paranoid handbook

Knowing that internet is not all cute and cuddly and that the line between real and virtual sometimes gets kind of blurry, it is important to think a bit before acting, and possibly save you from getting in trouble.

What I meant by “blurry line between real world and virtual one”  is that what happens on internet not always stays on internet. If you read news, it is possible that you have noticed articles about police raids on some sort of network based service providers or their servers, governments asking communication service providers (e-mail, IM, others) to hand them private conversations to help in their investigations, or blocking network access and disturbing donation receiving.

While some “shady” network services were started by paranoid people (in a good sense), who think a lot about their security and anonymity, most others don’t realise how important it could be or just don’t care.

Who should care about this? People who call themselves media, political organisations, internet pirates and people who want to stay anonymous.

 

Here are some quick tips that could be of some use to you:

1. Domain name

Since most of the visitors reach your service through domain name, make sure you use domain name(s) that can’t be easily taken away by your country’s government or get you in problems for using them.

 

2. Location

2.1. Choosing country

Make sure your files are hosted on servers outside of your government’s reach. In case of  piracy, countries that don’t care about piracy or anti-piracy are best suited for this (Canda?).

Also make sure that your country doesn’t have official international investigation agreements with the hoster country.

2.2. Choosing data center

It would not hurt if the data center would be located deep under ground in some fortress that was previously used as a bomb shelter. Probably most countries have those.

2.3. Don’t bring your work to home

If there is something physical that can’t be encrypted and hidden, don’t keep it at home. Hell, don’t keep it at home even if it is encrypted!

 

3. Laws of your country

In certain cases, make sure that you can’t be extradited to other country. If necessary, move to new home. If you are dealing with some really powerful people, this could be really tricky (Wikileaks case).

 

4. Inability to reach users after takedown

Nothing scares away users more than leaving them wondering what is going one. Make sure you have some social messaging account that is hosted on safe grounds, that all your users know about. In case of problems inform them using those tools.

 

5. Encryption

5.1.Disk encryption

Keep your data encrypted and don’t give the key to anyone. Also recommend this to your clients.

Since computers are getting more powerful all the time, complaining about CPU power needed to use data encryption is silly.

Also make sure that your encryption key can’t be accessed using cold boot attack. If needed, glue the RAM to the motherboard! Seriously, this could help. 😀

5.2. Connection encryption

Use connection encryption between your server and clients.

If you don’t trust your government and certificates given out by some companies, make your own and make sure your clients recognize it.

 

7. Data loss and downtime

Good old saying “Real men don’t make backups” is meant more like a joke and should not be taken seriously. Do make backups! Keep them far away from your main server, hide them, encrypt them, but make sure you have them (and try not to loose the key).

Having not only your data but also server configuration backed up could help reduce downtime in case of server change.

 

8. Hiding

8.1. Fake identities for fake servers

Hiding your super powerful server behind cheap, anonymous VPS could help you stay unidentified by less powerful people. There are some hosting companies that provide cheap VPS hosting and allow you to enter fake owner data for small fee. If you can then hide your payment account and fake your domain name owner data, you could stay anonymous as long as your proxy hoster doesn’t give out your real server address. In this case even if your proxy is taken down, reopening is just a matter of getting new proxy server in some other part of the world.

8.2. Anonymous administration

There is always some risk that your server could be taken and data searched for leads.

If possible, leave no log files about your clients and administrators or make up some fake ones.

Use proxy! Tor Project should help you hide yourself.

8.3. Don’t use Skype

Since Skype was bought by Micro$oft, it can’t provide anonymous communication anymore. As an extra, they probably added the famous “generic crash library” to it. 😀 OK, to be serious, most of the public IM and e-mail networks should be considered unsafe. Set up your own private encrypted IM network and don’t log stuff.

But if we keep talking about Micro$soft, try to stay away from it. You never know what is hiding in their lame binaries and “security through obscurity” (M$’s motto?) is stupid. Open source software is the future, go with it, explore how “security by design” works.

 

Conclusion

It is hard to write universal hiding guide for every project and each case is different. If you think it is necessary, get someone to give you good advices.

Remember that it takes only one small mistake to fail completely.

Most importantly keep your conscience clean and be good! If you are doing it for the right reasons (and have good PR campaign), people will support you (shouldn’t they?).

 

P.S. Feel free to add more tips or point to some errors in the comment section. I’l try to keep this post up to date.

Hamster time tracker in system tray

Project Hamster is probably the best Linux time tracker out there.

But there is a small problem. It is written to be used as Gnome panel applet. I guess that some things will change with Gnome 3 (maybe it will get better Gnome shell integration or something?) but the lead developer has written that there will be no tray icon for Hamster:

generally though the system or notification tray is the no-go zone and one that triggered all the shunning in the panels (too many icons behaving too differently etc).

I found that there is script to use it with Ubuntu’s indicator applet but could not find one for system tray.

So I did it myself.

Inactive icon

I modified hamster-appindicator script by Alberto Milone to work with system tray (instead of appindicator). It now behaves similar to the panel applet. Only noticeable difference is that you don’t see current running task name and time in the tray (because there is only an icon and no text) and how long it has been running, but you can see it in the tooltip of the tray icon.

 

Right click menu

To make it more usable, I have included green and red icons that are used to indicate running task (by default I made it use green icon but you can change it in the script).

Left mouse click toggles tracker window, right click shows menu.

Opened window

Icons and script can be downloaded from https://bitbucket.org/janhouse/hamster-tray/downloads .

I’l later make hamster-tray PKGBUILD for Archlinux and put it on AUR.

If you want to point out any errors (it probably has some since I was making it in rush in the middle of the night) leave a comment. I’l try to update it at some point.

P.S. YAY! I can use Hamster again! 🙂

 

UPDATE:

08.04.2011.

After upgrading my Archlinux today I noticed that it did not work anymore because upgrade contained Gnome3 stuff.

So the error was:

Quick dirty fix for the moment is to edit applet.py and remove line:

This will probably make it not work as Gnome 2 panel applet but I guess that those applets are removed from Gnome3 anyway.

This is just a temporary fix and I will try to completely rewrite this script as soon as I get some time.

Jailkit, mini_sendmail and custom HELO

To be sure that a server stays safe in case when one site is compromised, I try to lock every single site in its own chroot jail. To make it a bit easier I use Jailkit.

Since you probably don’t want to set up sendmail for each chroot, you could use mini_sendmail. It will work as relay and will pass messages to actual sendmail.

The problem is that there is no way to specify a custom username or hostname and this could be quite important in some cases.

In order to solve this problem I did some quick and dirty modifications and here is the patch in case you need it:

Save it as some.patch. Move it inside mini_sendmail source directory and run:

You can specify username with -u and hostname (and HELO message) with -h parameter.

If you are going to use it with PHP, change sendmail_path in php.ini to something like this:

This should make php connect to sendmail running on 127.0.0.1 port 5555 and send example.com as HELO and noreply as username.

Patch was made for version 1.3.6.