Stuff I'm Up To

Technical Ramblings

Tunnelling RDP over SSH — February 4, 2020

Tunnelling RDP over SSH

After a day of battling with a very laggy and Windows bound Logmein we decided it was time to get to the customers Windows machines via a conveniently placed Linux server.

It’s a case of connecting to the remote server over ssh and then using port forwarding to direct traffic to the Windows RDP server. We can then run Remmina to access Windows using a much smoother performing method.

Continue reading
Dual Boot Windows 10 and Ubuntu — February 3, 2020

Dual Boot Windows 10 and Ubuntu

EFI, Windows 10 and Ubuntu make for a bumpy road. After installing Ubuntu onto the partition I made available in Windows 10, Ubuntu configured grub and when I rebooted there was a nice menu to let me select which OS I wanted to boot. “Ubuntu” or “Windows 10 Boot Manager”.

It worked great … until I booted into Windows 10 and then at the next boot there was no more menu. Just boot straight back into Windows 10 again.

It appears Windows likes to overwrite your boot manager with it’s own after every startup.

After some Googling it’s a common problem, and many look towards EasyUEFI to help. In my case it was useful as it showed me what boot manager Ubuntu was was using, which meant I could use that to replace the Windows 10 boot manager – I didn’t use EasyUEFI for this.

Windows 10 has a command line utility bcdedit that allows you to change boot settings. Now that EasyUEFI let me find that the Ubuntu boot manager used \EFI\ubuntu\shimx64.efi I was able to change the Windows path for the Ubuntu path using:

c:\> bcdedit /set {bootmgr} "\EFI\ubuntu\shimx64.efi"

Of course I made a copy of the settings before changing it from \EFI\Microsoft\Boot\bootmgfw.efi to \EFI\ubuntu\shimx64.efi.

It looks like the basic principle would be applied to other EFI boots of other Linux distributions too. Find the distributions boot efi file and then change Windows 10 to point at that.

ntfs-3g UserMapping — February 1, 2020

ntfs-3g UserMapping

Never done dual boot partitioned a Windows and Linux system before and to be fair never really ever want to again. The idea is good in principle but if you want to share a common data drive between the two you are going to have to get your hands dirty with sharing permissions between Linux and Windows.

ntfs-3g can mount a Windows ntfs partition happily in Linux, but I ran into trouble when I redirected windows documents, pictures and music folders into Linux and tried to use the same folders there.

Originally I mounted the NTFS volume onto /home and learned very quickly that this isn’t a good idea. All sorts of issues cropped up about ownership of the .gnupg folder and keys. I eventually settle on mounting the volume onto /mnt/data and using symbolic links for David’s Document, Pictures, Downloads and Music folders.

$ cd ~
$ ln -s /mnt/data/david/Documents

I mounted the Windows D: drive in Linux using an entry /etc/fstab:

UUID=176D74A26CE8F9F7 /mnt/data ntfs-3g auto 0 1

I wanted a seamless user experience so I could create a document or an image file in Windows and use it from the same folder in Linux. I began taking ownership of folders in Windows and then not being able to create files in Linux or vice versa.

Thankfully this was all done for one user so I set about using UserMapping.

Continue reading
JumpCloud — October 23, 2019

JumpCloud

Sometimes I’m surprised at why I’ve never come across things before. This is a big one for me. For the longest time I was pondering how to resolve some SSO requirements whilst maintaining a corporate managed directory and not spending a fortune. Traditionally this would be the infrastructure to get the likes of Azure Active Directory, ADFS, RADIUS and multi-factor authentication – and then BOOM! JumpCloud.

What I really liked about this is that I got my own directory setup in under 15 minutes and had a Linux client logging on using my SSH key. I haven’t had to do anything laborious just install the JumpCloud agent onto the machine. Once I created my user account on the cloud interface and (optionally) gave it my SSH key I was set.

The JumpCloud agent handles replicating my account to the “systems” I install the agent on. It also delivers my SSH key for me so I can connect securely to the systems I’m allocated immediately.

Auth and Management for SSO, LDAP, RADIUS, Mac, Windows, Linux, and More

As a new user I get 10 FREE accounts which is plenty to setup my own directory for home and testing. I didn’t even need a credit card.

 https://jumpcloud.com/
Developing in Windows — September 25, 2019

Developing in Windows

Surely not! Whoever would want to develop software using Windows?

Well over the past week or so I’ve been taking a look at how things would look if I were to develop using Windows as the OS.

There are a few challenges. One of them relating to CRLF vs LF, but there are also a few other issues that add complexity.

For instance, using Nginx and redis server on Windows, isn’t as simple as grabbing them from the apt repository and installing them so they start as a service. Both of these are a little clunky when it comes to setting them up as Windows services, not impossible, but certainly not point and click.

Then what about using different versions of PHP depending upon the project you are working on? Pretty straight forward on Linux, but frustrating on Windows.

That was until I came across Laragon.

Laragon bundles a load of services and programs into a convenient wrapper so you can easily chop and change your development platform to suit your project.

Laragon includes services for web servers, both Apache and Nginx – including SSL/HTTPS support. It includes redis server. Includes the ability to swap PHP versions, run Node.js and provision databases using MySQL.

TailBlazer —
Git Credentials — September 18, 2019

Git Credentials

Using git to push commits up to the remote is all in a days work. The change happens when you switch to a new remote and use a new account.

My first actions where to change the remote for my local project. This is easy enough using git remote set-url origin [url]. It was only when I went to push this project up to the new remote repository that I found I was being denied with a 403 error, which means permission denied.

The big reason for the problem was a change from ssh to https. Using ssh was pretty straight forward, as long as you have your key and it is registered in your .gitconfig for the host your pushing to the credentials are pretty robust.

I’d take a step toward running the remotes on https due to firewall and proxy issues that meant https should be easier.

But because ssh keys can make life easier by not having a key password (cool, unless your user password is weak), the change to https means you need to provide credentials on each push.

This is where you need to start looking at Git Credentials Storage.

Under Linux you can specify a credentials file that will feed your details into the process. The file should be placed somewhere every secure and with the correct permissions to ensure it isn’t misused. For instance as a hidden file under your home directory with nly you having permission to access it.

eg.

$ touch  ~/.my-credentials
£ chmod 600 ~/.my-credentials
$ git config credential.helper 'store --file ~/.my-credentials'

But with Windows things actually get a bit easier! Which is hard for a Linux head to accept :)

The git helper for Windows means that your credentials get stored with your windows account.

$  git config credential.helper manager

Because I changed remotes and changed the account I was using, under Windows I needed to remove my old credentials. This is easy enough. I just brought up the start menu and type “credentials“. Then I chose the option for “Manage Windows Credentials“. In the list of generic credentials I could see my old account and simply removed it. The next time I pushed I was asked for new credentials which then got added into the list for me.

VSCode CRLF vs LF Battle — September 4, 2019

VSCode CRLF vs LF Battle

I’m a Linux guy. I like my line feeds a simple LF. but when developing cross platform and you hit Windows and face CRLF. It can be a real linting challenge.

Git tries to be helpful in that it translates LF to CRLF when you pull onto a windows platform. But that doesn’t help at all when your projects .eslintrc.js is set for unix type line endings.

      "linebreak-style": [
        "error",
        "unix"
      ], 

Changing CRLF to LF in VSCode is easy enough, but having to do it on every file you open is madness.

Continue reading
Guzzle and Curl — August 12, 2019

Guzzle and Curl

Related to my previous post about Laravel. Guzzle and Nginx I ran into an issue with our proxy. The proxy is always a source of fun and games.

Because the proxy breaks open SSL traffic to scan the content the clients are required to have an SSL certificate installed that tells them to trust our proxy server certificate. In Windows and Linux you can insert the CA cert into the OS using group policy or writing it into the certificate store.

Curl uses it’s own certificate store so we needed to copy the proxy CA cert into the curl store.

On Windows there wasn’t a certificate store. I created one in a location that would remain even if anything was updated or moved.

Download the cacert.pem file and place it in c:\certs. Then I just added my proxy cert in PEM on the end.

C:> type proxy.pem >> c:\certs\cacert.pem

Edit your php.ini and change the curl setting to point at the new cacert.pem file

[curl]
 curl.cainfo = c:/certs/cacert.pem

You can find what php.ini you are using with:

C:> php --ini
Configuration File (php.ini) Path: C:\windows
 Loaded Configuration File:         C:\tools\php73\php.ini
 Scan for additional .ini files in: (none)
 Additional .ini files parsed:      (none)

Restart any php service, like Apache, Nginx, Artisan, etc. and curl should then trust the proxy server.

Chocolatey Proxy —

Chocolatey Proxy

I was tidying up another PC today and came across an annoying issue that I couldn’t resolve. It took me a while, reinstalling, uninstalling choco etc. and still not getting to the bottom of it.

When I ran choco from the PowerShell command line I got asked for my proxy credentials and I could use the CLI. But every time I started Chocolatey GUI I’d get an error:

System.InvalidOperationException: Cannot read keys when either application does not have a console or when console input has been redirected from a file.

I had a light bulb moment in that this meant the GUI was waiting for an input of my user name and password to get through the proxy.

The solution was to use the CLI to set the proxy and credentials.

choco config set proxy 
choco config set proxyUser  #optional
choco config set proxyPassword  # optional

The the GUI fires up and I can update and install apps.

References: https://warlord0blog.wordpress.com/2019/02/27/chocolatey-package-manager/

Ignore Comments in Files — July 27, 2019

Ignore Comments in Files

A very handy grep that you can use to cat your files without the hash (#) comments:

$ grep '^[^#]' /etc/systemd/timesyncd.conf

Produces only the lines that aren’t comments, eg:

[Time]
NTP=192.168.1.55 192.168.1.108
FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org

Extending this to exclude lines where the hash isn’t the first character and have blanks before a comment, eg.

$ grep '^[[:blank:]]*[^[:blank:]#;]' /usr/share/postgresql/postgresql.conf

Shows only the active parts of the config, which in the case of postreSQL may not be many lines from a highly commented file.

VSCode rest-client — July 15, 2019