Ubuntu – Automatically Connect to VPN on Boot (Without Keyring Prompt)

This post assumes that you have set up a VPN connection on Ubuntu already that you are able to use, and will show you how to make that connection start on boot.

First, the easy step; tell your existing connection to automatically connect to the VPN:

  1. Open up “Network Connections”
  2. Highlight your default network connection
  3. Click edit
  4. Choose the “General” tab
  5. Check the box “Automatically connect to VPN when using this connection” and choose your VPN connection
  6. Save

automatically-connect-checkbox

Stop the Keyring Prompt

At this point, if you restart your machine, you’ll be prompted to enter your keyring:

unlock-login-keyring

To make this go away on boot, navigate to /etc/NetworkManager/system-connections and look for a file named after your VPN connection.  For me, it was “pia-toronto(openvpn)”.  In this file, make two changes:

  1. Under the “[vpn]” section, remove the “password-flags=1” line.
  2. Add a new section, “[vpn-secrets]” to the file with your VPN account password underneath it:
[vpn-secrets]
password=my_vpn_password

And now you should be good to go.

Using Keepass on Multiple Devices

Keepass on multiple devices

Intro

If you don’t use a password manager, you definitely should.  The security benefits far outweigh the risks.

I used to use Lastpass.  I enjoyed the multi-device convenience, but the idea of trusting just one company so completely that always has a copy of my DB made me uneasy.

Using Keepass arguably still has issues because you are trusting an application, and trust is the opposite of security, but since it’s offline, and I take responsibility for the data sharing/syncing myself, I feel it’s at least less likely that all of my passwords will ever be stolen.

But, I still have multiple devices that I need to access my passwords on: desktop, laptops, phone, tablet, etc.  And, there is truly a need to have automatic syncing.  If you leave it to manual, you’ll forget to copy the DB file after changing that password that you’re trying to use and then you have to wait until you’re on the device with the right version of the DB.

How to Sync the DB File

The program you want to look into is Syncthing.  It does what it sounds like and syncs files/folders across devices.  So essentially, you can now have the Keepass DB file automatically sync across your various devices whenever a change is made.

Here’s why I like it:

  • Support each platform I use (Windows, Linux, Android) and more, but I haven’t tried the others.
  • Encrypted
    • The Keepass DB is encrypted, yes, but it’s still better to keep it from being stolen if at all possible.
  • Open Source
    • You don’t want to use closed source applications where the encryption is important unless you truly trust the company to do it properly.  Having others examine that the encryption is done correctly is a huge bonus.
  • Can be used on machines without Admin rights.

Syncthing Model

For this to really work, you don’t have to connect every device to every other device, instead you’ll need a machine that’s always reachable.  The way my setup works, is that my home computer is always on and the router has port forwarding configured so that Syncthing requests can make it there.

Once you have one reachable Syncthing host, the other hosts just need to connect to this one.  This gives you a connection model that can be visualized like this:

syncthing model

So, let’s consider an example and see how the changes will propagate:

  1. Update password DB on my phone.
  2. My phone connects to my Desktop at home, sees that there is a change and syncs the file
  3. Other devices connect to my Desktop, see that there is a change, and sync the file.

I’ve been using this for many months now and it works very well.

Finding the Versions of All Java Jars in a Directory

Tasked with converting a project to Maven, I needed to find out the version of the dependencies, as not all of them had the version in the name.

jars-without-versions-edited

Looking Up a Single Jar

If it’s a single jar you want to look up, it’s quite easy.  Simply take the sha1 hash of the file, head over to the Maven Central Advanced Search, and put the hash in the “SHA-1 Checksum” field.

maven-central-search-results

Looking Up Many Jars

The above becomes very tedious very quick if you have dozens of jars to lookup.  A whole directory of mysterious dependencies.

Maven Central has a search API that I quickly took advantage of to automate the above process in Python.  I created a script that will, for every file in a given path, hash the file and search for its version.

You simply run it as >jar_version.py <path>

jar-versions-found

The Script

Feel free to use the script.

import sys
import urllib2
import json
import os


def sha1_of_file(file_path):
    import hashlib
    with open(file_path, 'rb') as f:
        return hashlib.sha1(f.read()).hexdigest()


def search_maven_central(sha1_hash):
    maven_hash_url = "http://search.maven.org/solrsearch/select?q=1:%22" + sha1_hash + "%22&rows=20&wt=json"
    response = urllib2.urlopen(maven_hash_url)
    return response.read()


def pull_result_version_from_results(maven_central_response):
    results_parsed = json.loads(maven_central_response)
    if results_parsed["response"]["numFound"] == 0:
        return "Not Found"
    else:
        specific_results = results_parsed["response"]["docs"][0]
        return specific_results["g"] + " " + specific_results["a"] + " v" + specific_results["v"]


def process_artifact(artifact_path):
    sha1_hash = sha1_of_file(artifact_path)
    html = search_maven_central(sha1_hash)
    result_value = pull_result_version_from_results(html)
    print artifact_path + " -> " + result_value


def main():
    path = sys.argv[1]
    if os.path.isfile(path):
        process_artifact(path)
    else:
        for root, _, files in os.walk(path):
            for f in files:
                full_path = os.path.join(root, f)
                process_artifact(full_path)


main()

 

Running JBoss EAP 6 as a Windows Service

I spent some time myself trying to figure out how to easily install JBoss EAP as a Windows service.  I then came across an excellent thread post on developer.jboss.org which let me do what I wanted.  My own post will be based on that.

Files You’ll Need

First, you’ll need commons-daemon-1.0.15.jar, which is from Apache and can be downloaded here.

Second, you’ll want prunsrv.exe, also from the Apache commons-daemon library.  But this item you’ll need to get from the Windows binary downloads section.

Lastly, you’ll need the batch file that will create the service for you, using the previously acquired jar and exe.  This file can be found directly in either the comment I am basing this post on (service.bat.zip), or the bugzilla ticket that post is basing itself on.

Place everything in %JBOSS_HOME%\modules\system\layers\base\native\sbin

Installing the Service

Open up a command prompt in the sbin directory previously mentioned.  And run

service.bat install

The parameters you can pass to this batch file are as follows (pulled from the batch file’s usage output):

  • /controller <host:port>: The host:port of the management interface
    • default: %CONTROLLER% – “localhost:9999”
  • /host [<domainhost>]: Indicates that domain mode is to be used with an optional domain controller name
    • default: %DC_HOST% – “master”
    • Not specifying /host will install JBoss in standalone mode
  • /loglevel <level>: The log level for the service: Error, Info, Warn or Debug (Case insensitive)
    • default: %LOGLEVEL% – “INFO”
  • /name <servicename>: The name of the service – should not contain spaces
    • default: %SHORTNAME% – “JBossEAP6”
  • /desc <description>: The description of the service, use double quotes to allow spaces
    • default: %DESCRIPTION% – “JBoss Enterprise Application Platform 6”
  • /serviceuser <username>: Specifies the name of the account under which the service should run.
    • Use an account name in the form DomainName\UserName
    • default: not used, the service runs as Local System Account
  • /servicepass <password>: password for /serviceuser
  • /jbossuser <username>: jboss username to use for the shutdown command
  • /jbosspass <password>: password for /jbossuser

Spybot Anti-Beacon – Turn Off Windows Tracking

Tracking / telemetry features in software is rather controversial.  Often split between two groups.

Group A will want the features that go along with the tracking, for example: having Google Now tell you when a package is scheduled to arrive just because you got an email about it.

Image from EFF

Image from EFF

Group B will be on the side of privacy for the sake of privacy.  They fear that all of these features are putting in place an infrastructure to be taken advantage of by bad actors, such as the implementers of the features themselves or even someone like the NSA.

I typically find myself in one camp for certain issues, and the other for well… others.

In Windows 10, I don’t use any of these features, such as Cortana.  So I’m perfectly happy to disable any kind of information sharing my computer and Microsoft are making use of.

Spybot Anti-Beacon

If you are like me and want to disable as much of the windows 10 tracking as you can, I recommend you check out Spybot Anti-Beacon.  It’s a tool that helps you disable the tracking features.

It also works for Windows versions going back to 7.

Description from their site:

Spybot Anti-Beacon is a standalone tool which was designed to block and stop the various tracking (telemetry) issues present in Windows 10. It has since been modified to block similar tracking functionality in Windows 7, Windows 8 and Windows 8.1 operating systems.

Check it out, it’s neat.