shadowsocks auto deploy

I wrote a cloud-init script to automate the deployment of a shadowsocks server. I shared it in a gist here.

Features:

  • Creates a non-privileged user
    • Uploads your ssh public key to the user
    • Adds this user to the sudoers group
  • Disables ssh login for the root user
  • Downloads and installs libraries required for chacha20
  • Creates a “random” password and writes it in the config.json file
  • config.json file is in the /root directory. (You will need the password in this config file to be able to connect to your shadowsocks server.)
  • Starts the shadowsocks server.

You have to fill out the _YOURUSERNAMEHERE_, _YOURSSHPUBLICKEYHERE_ and _YOURFULLNAMEHERE_ with your data.

You can use this script in DigitalOcean easily following this document.

Air Quality Index Bot

After the devastating Northern California wildfires, I found myself looking at AirNow multiple times a day. Also at work, like many Bay Area tech companies, we use HipChat (or Slack). Naturally I was inclined to issue a slash command to get the latest air quality index (AQI) for my area in a chat channel. I couldn’t find a good AQI bot so I wrote one.

Installation for Heroku is on the README of the project. How to add a slash command for HipChat and/or Slack are not covered in this blog entry, but it’s very easy 🙂 (I used /aq <zipcode> for command)

The bot (really an API endpoint) is here in my github repo. Feel free to use, improve, contribute to it.

iCloud Photos, Meraki and Traffic Shaping

I turned iCloud Photo Library on this week. We have close to 250 GB of photos, videos in several different computers and mobile devices. You might have guessed it: it flooded our network since our outbound internet peaks around 6 Mbs (realistically). I needed to do something.

I have at home a Meraki MX65 and a MR42 (Thanks Dağhan 😉 ) They give great visibility and control over our home network. I can easily pinpoint where the problem is and take actions. Here is a great chart that shows how the nature of our traffic changed on Sep 24 after turning iCloud Photo Library on. (See the light blue? That’s increased upload!)

One of the easiest way to slow this traffic down is to shape it with Meraki Traffic Shaping rules. This document talks about in detail how to do this. However the iCloud settings in the canned traffic shaping rules is only related to backup and doesn’t work with iCloud Photo Library traffic.

Meraki allows you to do application layer or layer 3 traffic shaping. Since the traffic is encrypted, the application layer traffic shaping was not an option. For layer 3, I needed the IPs that the Photos app was talking to. Since Apple owns the entire 17.0.0.0/8, it’s always an option to craft your rule using the entire class A subnet. However that wouldn’t be “elegant” 🙂 So let’s do some tcpdump exercise.

iMac:~ user$ sudo tcpdump -i en1 -n -c 1000 ip and net 17.0.0.0/8 | grep '>'| cut -d '>' -f 2 | cut -d "." -f 1-4 | grep 17\. | sort | uniq -c 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 262144 bytes
1000 packets captured
2120 packets received by filter
0 packets dropped by kernel
 647  17.248.128.44

What this tells us is that we captured 1000 packets and looked for all the ones that has “17.” in it, and counted them. In total 647 packets were transmitted to 17.248.128.44. Also it’s on port 443 only.

I did a similar packet dump for 10K packets. Which revealed that the sync between Photos app and iCloud is always happening on subnets: 17.248.0.0/16 and 17.188.0.0/16 on port 443. (There might be a more specific subnet, but this was enough for me to start with)

Let’s apply this to Meraki MX65 traffic shaping rules. In this rule below my upload limit per client is 1.5 Mbps. Depending on how many clients you have and your upload speed, you can come up with something more suitable for your network.

In order to figure out how to define these in Meraki, please follow the instructions in the previous doc that I linked.

Et Voilà! You got your home network back 😉

Yaesu FTM-400XDR and Chirp

I use Chirp. I love it. It’s the only way to program my Baofeng UV-R(+) radios… Period.

Also I love that I can download repeater settings according to a zip code, county, state, etc…

I wanted to use Chirp for my Yaesu FTM-400XDR. However it looks like Chirp doesn’t support this model. So my initial reaction was to create the repeater list with Chirp, export on CSV, and import it to Yaesu.

But, that wasn’t possible either since Yaesu expects the data in a different order and format.

I wrote a small python script that rearranges and reformats the CSV file to the expected import file for the Yaesu’s own software. Check out the README to read how you can install and use the script.

By the way, Yaesu’s software to program the radio doesn’t work on Mac OS X natively, since it’s a Windows software. I managed to run it on Mac OS X using wine. But that’s another blog entry…

No timer in Mac OS X? No problem!

Mac OS X doesn’t come with a timer installed by default. There are bunch of timers in the App Store, you can definitely install one of those.

But here is how to make one from scratch. Open terminal screen and type:

sleep 5 ; say "Time is up"

Well that’s it 🙂 This command will sleep for 5 seconds and say “Time is up” at the end of 5 seconds.

We can make a little script out of it and save as /usr/local/bin/timer as below:

#!/bin/bash
sleep $1 ; say "Time is up"

You can invoke the command like this, it will sleep 5 seconds and tell you “Time is up”:

timer 5

As a bonus, if you want minutes instead of seconds, you can always do something like this which will run the timer for 5 minutes:

timer `echo "5*60" | bc`

Replacing Unity with XFCE in Ubuntu

Here is what I do as soon as I install a new Ubuntu instance: I remove unity desktop and replace it with XFCE. And if you want to do the same it’s pretty straightforward. 😉

Perform all of these as root in a terminal window, or prepend with sudo. (Look elsewhere for GUI steps 🙂 )

  1. Update your repos:
    apt-get update
  2. Uninstall Unity and ubuntu-desktop:
    apt-get purge ubuntu-desktop unity-*
  3. Install XFCE Desktop environment:
    apt-get install xubuntu-desktop
  4. Restart lightdm:
    /etc/init.d/lightdm restart

Voilà! You’re using XFCE desktop! 😉

ý yerine ı görmek istiyor musunuz?

Türkçe karakterlerin sorunsalı olan ISO-8859-9 formatıyla UTF-8 arasındaki uyuşmazlığı çözen küçük bir python scripti yazdım. Program girdi olarak ISO-8859-9 formatlanmış bir yazı alıyor ve de UTF-8 ile formatlayıp dosyaya yazıyor.

Kullanımı:

python convertToUnicode.py --input /path/to/filename.srt --output /path/to/convertedfilename.srt

ya da

python convertToUnicode.py -i /path/to/filename.srt -o /path/to/convertedfilename.srt

Siz de kullanmak istiyorsanız: https://github.com/emresaglam/convertToUnicode

OpenVPN client test, without a client.

If you need to test the connectivity of your openvpn server from a client’s perspective, you can use this command:

echo -e “\x38\x01\x00\x00\x00\x00\x00\x00\x00” |     timeout 10 nc -u your.openvpnserver.ip port | cat -v

 

This sends TLS negotiation header to the server and expects a reply in 10 seconds. If you get an empty line, things timed out. If you get a reply like the line below, you have connectivity.

@M-QM-^MTM-aM-^U^VM-Q^C^@^@^@^@^@@M-QM-^MTM-aM-^U^VM-Q^C^@^@^@^@^@

My letter to Recaro

91NL3dV8fxL._SL1500_Dear Recaro,

Today we are going to talk about a nasty topic: Puking. When input is not routed correctly, it becomes a nasty, dangerous projectile. And that’s exactly what happened when my almost 2 year old daughter started puking on our brand newish Recaro Performance Sport ChildSeat.

Your product acted like a champ!

Stopped the overflows in many layers, absorbed some of the half chewed blueberry leftovers, deflected some others. The smell and the colors of the grapes, almost fermented by the bodily juices and scorching sun, were very easy to clean since the different layers of fabric and foam were super easy to remove.

The designer team of the harnesses needs a raise or a trip to Hawaii or something like that. Where the harnesses meet the seat was designed so good that all I needed to do is to spray some fabric cleaner and use a toothpick to remove the oozy, jelly grape particles.

Overall, if you test your seats against puking, you already know you are doing a great job. If not, you can sleep very good tonight knowing that your product passed my daughter’s puking and my cleaning test!

Thank you Recaro!