https://www.ssllabs.com

SSL LABS has a SSL server test, checking https://luisaranguren.com on it made me realize it wasn’t doing too bad but there was some room for improvement. Overall rating was 64 “C”. Scored 100 except on protocol support, because I was still using SSL v2, which is deemed insecure and 40 in key exchange.

First step is to modify to protocol support, for that I changed the httpd-ssl.conf file to:

#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#By Luis Aranguren 2011-12-12
#ssllabs.com suggestions/test
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP:+eNULL

Thus removing the SSLv2 support with !SSLv2 and removing all low strength ciphers with !LOW. Just those two changes increase my score to 85 “A”. With protocol support to 85 and Key Exchange to 80. This only removed the ciphers from the protocol and not the protocol itself, so I need to add the following to the same file:

SSLProtocol ALL -SSLv2

This removed the protocol, but did not improve the score.

Torrage + Apache

A while ago I tried to install Torrage with Apache and not the suggested lighthttpd. I had to modify the suggested “README-lighttpd.txt” in the docs directory to suit an apache .htaccess in the main folder.


RewriteEngine On
RewriteCond %{HTTP_HOST} ^torrage.luisaranguren.com$
RewriteRule ^torrent/([0-9A-F]{2,2})([0-9A-F]{2,2})([0-9A-F]{36,36}).* /t/$1/$2/$3.torrent [R=301,L]
<FilesMatch "\.torrent">
Header set Content-Encoding "gzip"
</FilesMatch>

<FilesMatch "\.ghtml">
Header set Content-Encoding "gzip"
</FilesMatch>

This definitely did the trick and got Torrage working flawlessly with Apache.

ZNC + MySQL

Been meaning to do this for some time, in the end was quite easy. All the information needed is in http://wiki.znc.in/MySQL_Log

  1. Download the mod
  2. Build with znc-buildmod mysql_log.cpp
  3. Copy compiled mod to the modules directory in ZNC
  4. Create database and table in MySQL
  5. Load with loadmod mysql_log <DB user> <DB password> <DB host> <DB name> <Table name>

It’s alive!

 

http://www.prxjdg.com

Well since the proxy judge I added to luisaranguren.com has created so much traffic recently, I decided to set it up in its own domain. This script has been around forever, and I guess it deserves a little recognition.

www.prxjdg.com

Hopefully will catch on and become the place to judge your proxy.

I don’t know much about the original creator of this script besides the information that is on the script itself “prxjdg – created by PRX4EVER thanx to Team Cr[y]ackerz”, thanks to them.

ZNC + Minbif + irssi

For some time I’ve been using the mix of ZNC (an IRC bouncer) with Minbif (an IRC-like interface multiprotocol IM client), this gives me an stable connection to IRC thru the server running those two servers. I just then use my prefered IRC client to connect to ZNC and voila, I have connection to all my IM accounts from everywhere since it supports multiple clients connected at the same time.

Also I use ZNC to connect to regular IRC networks, so on the same IRC client I have all my IM and all my IRC, with all connections handled by the server running ZNC. I think it’s a very elegant solution, and much better than handling everything from the client machine, running windows, rebooting every two days because this and that security patch.

For ZNC to handle several connections to different networks, you need to set up different accounts with different user names, I am not going to go into that and assume this has been already done, but because of this I was having a little bit of trouble setting up irssi to auto-connect whenever it ran. The solution was as follows:

First, in ZNC, I set up one network for each connection I want to do to ZNC

/network add <network1>
/network add <network2>

then I add a server to each network

/server add -auto -network <network1> -ssl <server> <port> <login1:password>
/server add -auto -network <network2> -ssl <server> <port> <login2:password>

and that was it, now whenever I run irssi, it autoconnects to my IRC and my IM.

Patching BASE 1.4.5

For some time BASE 1.4.5 has been giving me tons of log warnings from deprecated php functions for example:

PHP Deprecated: Function ereg_replace() is deprecated in base/includes/base_state_common.inc.php on line 184
PHP Deprecated: Function ereg_replace() is deprecated in base/includes/base_state_criteria.inc.php on line 255
PHP Deprecated: Function ereg() is deprecated in base/includes/base_signature.inc.php on line 142

There is a patch available to fix this issue at http://sourceforge.net/tracker/?func=detail&aid=3009648&group_id=103348&atid=635584

To apply the patch simply download it and use in BASE folder with:

patch -p0 -Nu < patch_base_1.4.5_php5.3.txt

iOS 4.3.2 Durango 8H7

iOS 4.3.2
iOS 4.3.2

Finally upgraded my iPod touch 4G to iOS 4.3.2, I have been putting off upgrading since 4.2.1 because of all the pain it involves, but after this upgrade went so smoothly I will probably stay up to day from now on.

Only struggle I had was because of my own mistake. I thought I would be upgrading and jailbreaking at the same time using redsn0w 0.9.6rc14, which is not the case. I needed to upgrade first thru iTunes and jailbreak after that making sure I disconnect the iPod from iTunes before it tries to sync after the upgrade it’s done, because it it does it will delete all the non-authorized apps from it.

This is part of the dump I got while rebooting after the jailbreak payload was uploaded to the ipod:

The volume Jasper8C148.N81OS appears to be OK.
fscking disk0s2s1...
** /dev/rdisk0s2s1
Executing fsck_hfs (version diskdev_cmds-488.1.7~391).
disk0s2s1: ioctl(_IOW,'d',24,4) is unsupported.
** Checking Journaled HFS Plus volume.
** Detected a case-sensitive volume.
** Checking extents overflow file.
** Checking catalog file.
** Checking multi-linked files.
** Checking catalog hierarchy.

This peaked my curiosity and after some research found out it meant that I still had iOS 4.2.1 (Jasper8C148) in my iPod and when I was trying to jailbreak iOS 4.3.1 (Durango 8H7). That’s what I get for not reading.

As per the cydia apps, they will get deleted no matter what, but with aptbackup it’s fairly easy to get them installed back and the only work it to move them again into their own containers.

Spamassassin and Thunderbird

Configured spamassassin to process daily running sa-learn on a folder, where I move emails that slip through the initial spamassasin run.

Created a script in /etc/cron.daily/sa-learn-spam.sh :

#!/bin/sh
#
# sa-learn
#
#By Luis Aranguren 2011-04-11
#
# Learns spam from "spam2learn" folder and moves the learnt spam to "processed spam" folder
sa-learn --spam -C /etc/mail/spamassassin --dir /home/pizzaman/Maildir/.spam2learn/cur/
mv /home/pizzaman/Maildir/.spam2learn/cur/* /home/pizzaman/Maildir/.processed\ spam/cur/

Now I just need to create a pair of folders called “processed spam” and spam2learn in this email account in thunderbird, when an email gets thru I just move it to spam2learn, when the script runs it automatically moves it to the processed spam folder. This way the spam bayesian learning is done automatically every day.