SSH-over-HTTPS for fame & profit

Tuesday, April 18th, 2017

In the past, I’ve discussed using SSH to circumvent restricted networks with censoring transparent proxies, but that relied on the restricted network allowing free SSH access on port 22 (what we call in the industry – the single network requirement for getting work done).

Unfortunately, there are restricted networks that don’t even allow that – all you get is the transparent censoring HTTP proxy (which has recently became the case with the free Wi-Fi on the Israeil Railways trains).

But fortunately for us, there is still one protocol which they can’t block, they can’t proxy and they can’t man-in-the-middle  – or else they’d break the internet even for people who only read news, search google and watch YouTube – that is HTTPS.

In this article I’ll cover running SSH-over-HTTPS using ProxyTunnel and Apache. The main consideration is that the target web server is also running some other websites that we can’t interrupt. The main content is based on this article by Mark S. Kolich, but since it only covers using plain HTTP and in addition to some simple changes in the example configurations I also wanted to cover getting an SSL certificate, here’s my version of the tutorial:

(more…)

Is Precise Canonical’s XP?

Wednesday, March 15th, 2017

Canonical, makers of the Ubuntu operating system, have just announced that their about to expire “long term support” version is getting a longer “security only” life extension.

Sounds familiar?

Like other vendors who have similarly offered such life extensions in the past, the new support contract will only be offered to corporations who subscribe to the pricey commercial support package (at $250/year per VM and $750/year per physical server).

(more…)

Fix RVM “run script from the internet to install”

Friday, May 8th, 2015

On Wednesday I complained about the latest UN*X fad of installing software by running scripts from the internet, without any regard to how your operating system handles software installation.

Docker, that I complained about last time, at least has a script that takes into account the local software management solution (uses apt for Ubuntu, yum for Fedora, etc), but RVM – the Ruby Version Manager which is a popular tool among rubyists everywhere, just downloads a bunch of executable stuff (granted, most of it are scripts, but the difference is lost on most people) into arbitrary location on your file system. At least it doesn’t install system software, oh wait – it does.

While I can’t help with RVM’s desire to install system level software (that it actually needs because one of the things you want RVM to do for you is to compile ruby versions from source), I can try to help you figure out how to install RVM where you want it and use it how you want it.

(more…)

Docker and the horrible “one line installation” fad

Wednesday, May 6th, 2015

One of the weird things that sane (or some would say “old skool”) system administrators complain about lately is that with the rising popularity of UN*X systems (mostly Mac OS X and Linux) in the world, and in particular in the software development world, people using UN*X system want less and less to understand how to manage their systems and the culmination is the

to install this complicated system level software, just copy and paste simple wget command to your terminal

with Docker being the most horrible example of that behavior. No sane person (who understand UN*X) will ever think that installing Docker by feeding the content of a URL to bash is a good idea, but for some reason this is the documented and recommended way by the Docker people. Other examples are abound, but lets concentrate on fixing the Docker scenario.

(more…)

Best Terminal Emulator Application

Thursday, April 16th, 2015

Edge-gnome-terminal

Frankly, I don’t think that there is any point of discussion, it is hands down KDE’s Konsole, but as recently I’ve been using GNOME 3.16 as my main desktop environment, I thought it will be useful to have a list of features missing from GNOME Terminal to be a contender:

(more…)

Microsoft open-sourced MSBuild

Thursday, March 26th, 2015

The Microsoft initiative to open source the .Net platform (which the MSBuild tool is a part of) has been talked about a lot in the past (though I have something to say about this as well, probably later in this post), but the fanfare has died down quite a bit since the last announcement. One might say that the reason they didn’t open source the entire thing at once was so Microsoft can space out the announcement and synthetically generate continued buzz about their platform, but knowing how these things usually work, its much more likely that because preparing a project for open-source is difficult and time consuming and a project as large as .Net doubly so (or a thousand times so), so it makes sense to do so in parts.

But to the question at hand – what does an open source MSBuild means to you? (more…)

What to do when your virtual private server is really slow

Sunday, June 8th, 2014

Ok, this is not a real solution for all types of problems – just a tip, that worked for me today, to try out if you can’t figure out what the problem is.

I’m running a VM on Amazon EC2, and looking at top, I saw that most of the CPU time was spent either in “steal/guest” or “IRQ“. Now steal/guest is kernel speak for “I wanted to allocate some CPU time for progams, but the hypervisor stole it” – which is not surprising on a a virtualization solution, but if it happens all the time then that means that your physical host is constantly loaded by other VMs that take as much CPU time as they can. The second item “IRQ” is time the kernel spends at handling interrupt requests from the hardware. This shouldn’t consume a significant amount of time unless the hardware has a problem – another good indication that you want to move your VPS to another physical host.

(more…)

How to fix “No bootable device” after Ubuntu installation

Monday, April 22nd, 2013

When installing Ubuntu on a disk partitioned with a GUID partition table (GPT), the Ubuntu installer doesn’t set the boot flag correctly on the partitions, and on computers with older bioses (like my Intel ICH9 board), the BIOS will not recognize the disk as bootable and will refuse to start the boot loader, claiming that “No bootable device found”.

The solution is to set the boot flag on the boot partition (the real one in the GPT) as well as on the “protective MBR partition”:

  1. Start your computer with the Ubuntu live CD again, and select “try Ubuntu before installing”
  2. When the Ubuntu desktop loads, open the dash and start “gparted”
  3. When gparted starts, select your boot drive and from that select your boot partition – usually the first Linux partition on the drive, and right click it and select “flags” in the menu. In the flags dialog check “boot”.
  4. Open the dash again and start “terminal”
  5. In the terminal type “sudo fdisk /dev/sda” (or whatever your boot drive is). You’d get a bunch of warning about the disk using a GPT scheme – ignore them. type “a” to set the bootable flag and choose partition “1”. Finally type “w” to write out your changes.

Now its safe to reboot and your old computer should have no problem starting the boot loader now.

Powershell still sucks

Sunday, March 17th, 2013

Powershell is a great command line shell, if you all you know is cmd and batch. There are so many things it is missing when trying to compete with current Unix shells such as Bash, and while some of them have semi-working workarounds, many are sorely missing.

My pet peeves are:

  • A decent pager. “more” is basically at the same stage it was when I started working in MS-DOS 3.30, and it is nowhere near the functionality of “less”(1).
  • Persistent history. I’ve seen some workarounds but couldn’t get any of them to work properly.

Both of these features have been available to me since I started working with Linux in 1995, and it is really difficult living without them in MS-world. A decent terminal emulator will be nice too – the Powershell box has advantage over the cmd.exe box in that it is blue – other then that they are both in the same sorry state that the “dos box” of Windows 3 fame was at. I’m using “Console 2” to get some useful work done, but it too leaves much to be desired.

Also, startup is so.. fscking.. slow.. Starting Powershell on a brand new machine (with no per-session user scripts) can take as much as 3 seconds. Those are minutes of my life everyday that I would never get back.


  1. and I’m not talking about the built-in editor, just being able to “page up” would have been nice []

Definetly the weirdest LDAP management tool

Tuesday, February 21st, 2012

Its called ldapvi, and its just about what you’d expect with that name :-). The author would like you to think about it as vipw for your LDAP based authentication, and in addition to a few command line option it really isn’t much more then that (UI-wise):

(more…)


Spam prevention powered by Akismet