Running HTTPS and SSH over the same port with SSLH

Do you need to access your network services from remote locations but are blocked by firewalls or other
access restrictions? You might want to try SSLH, a powerful open-source tool that enables you to run multiple network services over a single port. This allows you to bypass firewalls and access your network services from anywhere. Here will show you how to use SSLH to run both HTTPS and SSH on the same port, but SSLH also supports HTTP and OpenVPN. 

Installing SSLH

SSLH is available in most Linux distributions' package managers, so installation is straightforward. You can install SSLH using the following command:

$ sudo apt-get install sslh

Configuring SSLH

Once SSLH is installed, you need to configure it to run both HTTPS and SSH on the same port. The configuration file for SSLH is usually located at /etc/default/sslh. In the configuration below SSLH listens on all available network interfaces on port 443, and it proxies SSH to port 22 of localhost and HTTPS to port 2443 of localhost. 

DAEMON_OPTS="-u sslh -p 0.0.0.0:443 -s 127.0.0.1:22 -l 127.0.0.1:2443 -P /var/run/sslh.pid"

RUN=yes

Before restarting SSLH, make sure to configure your web server to listen to 2443 instead of 443. Then, restart SSLH with

$ /etc/init.d/sslh start

Testing SSLH

To test SSLH, you can try accessing both the HTTPS and SSH services through the SSLH port. For example, to access HTTPS, open a web browser and navigate to https://<your-server-address>:443. To access SSH, open a terminal and use the ssh command  ssh your-server-address -p 443. 

source: https://memo-linux.com/sslh-https-et-ssh-sur-le-meme-port/, https://github.com/yrutschle/sslh

Reset Windows passwords with chntpw using a Linux Live USB

Have you ever forgotten your Windows login password and been locked out of your own computer?
There is a way to reset your Windows password using a Linux Live USB drive and a tool called chntpw. Here, we will show how.

Step 1: Create a Linux Live USB drive

First, you'll need to create a Linux Live USB drive. You can use any Linux distribution that includes the chntpw package. We will be using Ubuntu:

• Download the Ubuntu ISO file from the official website.
• Burn the ISO file to a USB drive using a tool like Rufus or Etcher.
• Boot your computer from the USB drive.

Step 2: Install chntpw

Once you have booted into the Linux Live USB, you'll need to install the chntpw package. To install chntpw, open a terminal and run the following command:

sudo apt install chntpw

Step 3: Mount the Windows partition

Next, you'll need to mount the Windows partition that contains the password database. In the terminal, navigate to the directory where the Windows partition is mounted. This will typically be the Windows/System32/config/ directory.

cd ~/winmount/Windows/System32/config/

Step 4: List the Windows users

Now, list the Windows users stored in the password database by running the following command:

sudo chntpw -l SAM

This will display a list of Windows users along with their corresponding User IDs (UIDs).

Step 5: Reset the Windows password

Finally, you can reset the password for a specific Windows user by running the interactive command:

sudo chntpw -i SAM

This will launch a menu where you can select the user whose password you want to reset and also unlock accounts. Follow the prompts to reset the password. Then reboot into Windows.

Sources: https://doc.ubuntu-fr.org/tutoriel/chntpw; https://ostechnix.com/reset-windows-password-with-linux-live-cd/

Make a bootable Linux/Ubuntu live USB drive on OS X

We'll see how to create a bootable Linux/Ubuntu USB drive, from an ISO image, on OS X using command line commands.

Step 1: Download the Ubuntu Image

The first step is to download the Ubuntu image from the official website. Live CD images allow to run Ubuntu without installing it. Here, we'll use an old Ubuntu 16 image from https://releases.ubuntu.com/xenial/: ubuntu-16.04.6-desktop-i386.iso

Step 2: Identify the USB Drive

Next you'll need to identify the USB drive that you want to use for the installation. You can do this by opening up a Terminal window and typing:

$ diskutil list

This command will list all of the disks currently connected to your computer. Identify the USB drive that you want to use for the installation and take note of its device identifier (e.g., /dev/disk2).

Step 3: Unmount the USB Drive

Before you can write the Ubuntu image to the USB drive, you need to make sure that it's unmounted. To do this, type the following command into the Terminal:

$ diskutil unmountDisk /dev/disk2

Note: Make sure to replace /dev/disk2 with the device identifier of your USB drive.

Step 4: Write the Ubuntu Image to the USB Drive

Now that your USB drive is unmounted, you can write the Ubuntu image to it using the dd command. Type the following command into the Terminal:

$ sudo dd if=~/Downloads/ubuntu-16.04.6-desktop-i386.iso of=/dev/rdisk2 bs=1048576

Note: Make sure to replace ~/Downloads/ubuntu-16.04.6-desktop-i386.iso with the path to the Ubuntu image on your computer, and /dev/rdisk2 with the device identifier of your USB drive.

The dd command will take some time to complete, so be patient. Once it's finished, you should see a message indicating how many bytes were transferred.

Step 5: Eject the USB Drive

Finally, you need to eject the USB drive to ensure that all of the data has been written correctly. Type the following command into the Terminal:

$ diskutil eject /dev/disk2

Note: Make sure to replace /dev/disk2 with the device identifier of your USB drive.

That's it! You've successfully created a bootable Ubuntu USB drive using command line commands on OS X. You can now use this USB drive to install or run Ubuntu on any computer that supports booting from USB.

Source: https://thornelabs.net/posts/create-a-bootable-ubuntu-usb-drive-in-os-x/

Download/backup BibTeX library from CiteULike, including all the attached PDF

CiteULike is a convenient solution for bibliographic management, but sometimes an off-line replica of the bibliography is also needed. This can be achieved by exporting the CiteULike library in BibTeX format, furthermore BibDesk (and probably other managers too) can be synchronized directly with the CiteULike server.

While it is easy to export a .bib file from CiteULike, downloading all the attached files and having the .bib linking to the downloaded files is a different story.

BibTeX and JSON exports of the CiteULike library can be retrieved from:

  http://www.citeulike.org/json/user/USERNAME

  http://citeulike.org/bibtex/user/USERNAME

The BibTeX export can be read directly into a bibliographic manager, but the JSON export contains more information than the .bib, in particular it contains the location of the attached PDFs. So the idea of the Python script linked below is to do the following: 

1. download the CiteULike library in BibTeX and JSON formats
2. parse the JSON export and download all the attachments
3. modify the .bib file to include links to the downloaded copies of the attachments

the links in the .bib file should work for BibDesk and JabRef.

Before running the script:

• setup CITEULIKE_USERNAME and CITEULIKE_PASSWORD variables in the script
• verify you have wget and pybtex installed

Download the Python script:  citeulike_backup.zip

Resources:

http://www.macresearch.org/how_do_you_organize_digital_article_collections

http://www.andrewberman.org/projects/sync/

http://www.academicproductivity.com/2009/citeulike-bibdesk-sync-your-references-and-live-smarter/ 

http://wiki.citeulike.org/index.php/Importing_and_Exporting#JSON

---

Gory details from http://wiki.citeulike.org/index.php/Importing_and_Exporting#JSON:
# save session cookies

> wget -O /dev/null --keep-session-cookies  --save-cookies cookies.txt --post-data="username=xxxx&password=yyyy&perm=1" http://www.citeulike.org/login.do

# download bibtex with private comments and download an attachment

> wget -O export.bib --load-cookies cookies.txt http://www.citeulike.org/bibtex/user/xxxx
> wget --load-cookies cookies.txt http://www.citeulike.org//pdf/user/xxxx/article/123456/891011/some_99_paper_123456.pdf

Writing floating point multi-channel TIFFs in Matlab

In a previous post I've commented on how to read a multi-channel floating point TIFF in Matlab using the Tiff class (available since R2009b).
The Tiff class also permits to write all TIFF flavors. But since this TIFF format is so flexible, setting up everything for writing a file is not straightforward. Concretely I'm interested in writing a multi-channel floating point TIFF. Using the details found here, I've wrote this functions that wraps all the parameter setup for writing this type of TIFF files.

function writeTIFF(data, filename)
% writeTIFF(data, filename)
% writes data as a multi-channel TIFF with single prec. float pixels
   t = Tiff(filename, 'w');
   tagstruct.ImageLength = size(data, 1);
   tagstruct.ImageWidth = size(data, 2);
   tagstruct.Compression = Tiff.Compression.None;
   %tagstruct.Compression = Tiff.Compression.LZW;        % compressed
   tagstruct.SampleFormat = Tiff.SampleFormat.IEEEFP;
   tagstruct.Photometric = Tiff.Photometric.MinIsBlack;
   tagstruct.BitsPerSample =  32;                        % float data
   tagstruct.SamplesPerPixel = size(data,3);
   tagstruct.PlanarConfiguration = Tiff.PlanarConfiguration.Chunky;
   t.setTag(tagstruct);
   t.write(single(data));
   t.close();

Sources: http://www.mathworks.com/matlabcentral/answers/7184#comment_15023http://www.mathworks.fr/help/techdoc/ref/tiffclass.hhttp://www.mathworks.fr/help/techdoc/ref/tiffclass.htmltml

otool: shows the shared libraries of a file (like ldd)

In OSX, the command to show the shared libraries that a binary uses is:
   /usr/bin/otool -L  binary_file

In Linux and Solaris the equivalent command is ldd, and I am used to it,
so I have this alias in my ~/.bash_profile  file:
   alias ldd="/usr/bin/otool -L "

Two-finger scrolling in Windows laptops (also Linux)

Two-finger scrolling and two-finger tapping (right click) are the two multi-finger gestures that I use the most in Mac. I'm so habituated to them that when I use a Windows laptop becomes a frustrating experience: always reaching for the right button or the scroll area of the pad.

Turns out that Synaptics TouchPads allow multi-finger gestures, and it is just a matter of drivers to enable them (just to be clear, almost all TouchPads out there are Synaptics).
Even better, without manipulating the driver. Two-Finger-Scroll is a small application that allows to enable two and three finger gestures on the Synaptics TouchPads, and it works just fine.

Source: http://www.howtogeek.com/howto/35065/how-to-enable-macbook-style-two-finger-scrolling-on-windows-laptops/

Update: multi-finger gestures also available for Linux!!  In Ubuntu/Debian just install the gpointing-device-settings package, or anything that says Synaptics.

Convert PDF presentations to Keynote

PDF to Keynote is a free tool for converting PDF-based presentations (e.g., made using LaTeX with Beamer) into Apple's Keynote format. Once translated into Keynote format, every page of the original PDF becomes an image on its own slide, so no further edition is possible.
The advantages of presenting PDFs using Keynote include: the presenter display, rehearsal support, and notes visible only to the presenter.

Source: http://www.cs.hmc.edu/~oneill/freesoftware/pdftokeynote.html

Read floating point multi-channel TIFFs in Matlab >=R2009b

For reading a TIFF image in Matlab usually the imread function suffices:

d1 = imread('myfile.tif'); 

This call will even load single channel f32 (32bit floating point) images. But for multi-channel f32 images will fail. This is not a surprise, since most of the applications don't even load the single channel f32 files.

Starting from version R2009b Matlab includes a new Tiff class that implements much more of the TIFF format, allowing to read and write many flavors of TIFF files. The call is slightly different from imread: 

t = Tiff('myfile.tif'); 
d2 = t.read();

Sources: http://compgroups.net/comp.soft-sys.matlab/reading-64-bit-tif-image/405858
http://www.mathworks.fr/help/techdoc/ref/tiffclass.hhttp://www.mathworks.fr/help/techdoc/ref/tiffclass.htmltml

Import electronic certificate into OSX Keychain for Safari & Chrome

By mistake I've used Safari for obtaining a public key certificate from a website that was designed for Firefox or Internet Explorer. At the end of the procedure I've downloaded a file (descargarCert) but the certificate was not installed in the Keychain. I assume that Firefox should recognize the certificate's format and install it automatically, but Safari did not.
After some googling I've discovered that the X.509 certificate formatted as PEM file, and Keychain needed DER.

• First split the long lines of the original file, with less than 75 chars per line;
• Then run:
     openssl pkcs7 -inform PEM -in descargarCert -outform DER -out certificate.der -print_certs
• Lastly import the certificate into the Keychain by opening the output file: certificate.der

Sources:
http://bitacorasigloxxi.wordpress.com/2008/04/28/certificado-digital-fnmt-en-mac-os-x/
http://www.applesfera.com/mac-os/applesfera-responde-certificado-digital-de-la-fnmt-en-mac-os-x

vm_stat: virtual memory statistics (free memory)

The vm_stat utility displays the virtual memory usage


Mach Virtual Memory Statistics: (page size of 4096 bytes)
Pages free:                   183268.
Pages active:                 363375.
Pages inactive:               262727.
Pages wired down:             176360.
.....

From this cryptic output the free memory is given by the free pages:
    183268 x 4096 bytes = 715 Mb

Source: http://arstechnica.com/apple/reviews/2001/10/macosx-10-1.ars/8

Stack overflow! Increasing the stack size in OSX (beyond ulimit's 64Mb and up to 1Gb)

Some C programmers instead of allocating memory for their arrays

  {
  float *all = malloc(N*sizeof(float));
  ...
  free(all);
  }

like to use variable length arrays 

  {
  float all[N];
  ...
  }

the resulting code is less verbose and there is no need for freeing the arrays since it is returned at the end of the block. These variable length arrays are stored in the stack.
The issue with the stack is that it has a determined maximum size for an execution of the program, and when the stack runs out of memory the program crashes with a SEGAULT exeption.

When this happens the solution is to increase the stack size with ulimit -s, and run the program again. Or add the ulimit command to the .bash_profile, so that all the applications run with a big enough stack.

The problem occurs when we what to use, let's say, 100Mb of the stack, in Linux this is not an issue since the stack can be set to unlimited with ulimit -s 0 and it can grow to be as large as the phisical memory. But in OSX the maximum value for ulimit is harcoded in the kernel, and for a 32bit system it is 64MB. In practice it is even less, the maximum value of the stack I'm allowed to set is:

  ulimit -s 52800

There are a couple of methods to overcome the stack size limit in OSX.
The first one involves recompiling the kernel and I'm not going to discuss it here (see the reference).
The second one is simpler but involves recompiling the the application. It consists in indicating the linker (ld) the size and location of the stack for a particular application.
For instance to use a 256Mb stack compile the program with:

  gcc -o test256M big_array.c -Wl,-stack_size,0x10000000,-stack_addr,0xc0000000

The flag -stack_size,0x40000000 indicates the size of the stack, in this case 1Gb.
And -stack_addr,0xf0000000 sets the base address (4Gb which is the maximum for a 32bit system), also remember that the stack grows backwards.

For a 1Gb stack compile with:

  gcc -o test1G huge_array.c -Wl,-stack_size,0x40000000,-stack_addr,0xf0000000

I could not manage to use use that 1.5Gb of stack memory in a system with 4Gb. Anyway this should be sufficient to satisfy these stack hungry programs under OSX. On the same system a single malloc can grow well beyond 3Gb. 

Source:  How to increase the stack size on MAC OS X

Link order of libraries - gcc: undefined reference to `func_in_lib'

This linker error
  program.c:(.text+0x212): undefined reference to `sqrt'

usually appears when a certain library (in this case libm) is missing. 

Some versions of gcc also produce this error even if the corresponding library (-lm) is present in the command line but in the incorrect order

  gcc -lm program.c -o program

the linker search for external functions from left to right in the files specified in the command line.

The correct order is to include the libraries after the source or object files that reference them:

  gcc program.c -lm -o program

Note that for simple examples, this issue may not appear. 

With gcc-4.4 I obtained this error linking a program with a 2 level dependence:

  g++ -o main -lcsparse sparseinterface.o main.cpp

the correct call is

  g++ -o main main.cpp sparseinterface.o -lcsparse 

But with gcc-4.0 both calls work perfectly.

Source: http://www.network-theory.co.uk/docs/gccintro/gccintro_18.html

Wine (windows emulator) for OSX

The wine emulator permits to run Windows binary on Linux and now OSX:
http://wiki.winehq.org/MacOSX

A packaged .dmg file is also available for download at:
http://winebottler.kronenberg.org/

Symbolic links and aliases

Aliases* and symbolic links do essentially the same thing but behave differently, one of the main problems with the formers (alias) is that they cannot be navigated from the terminal. On the other hand symbolic links can be navigated both from the terminal and Finder. Fortunately there is a way to create symbolic links in the Finder via AppleScript.

(*) The aliases behave like hard links, the source file can be moved but the alias always points to the same filesystem object. But they are more powerful than a hard link, with an alias you can link a folder or an object in another filesystem.

includegraphics with pdflatex and filenames with dots

I never truly understood how to use the includegraphics directive when writing in LaTeX, and maybe because of that I've always had problems in that regard. I still do not understand anything about it, but now I've found the solution to a couple of problems.

1. Compiling latex documents with pdflatex (without converting/renaming .eps files)
   (source: http://kile.sourceforge.net/Documentation/html/build_epsgraphics.html, and many others)
   
   
   
   
   
   Most of the time I'm sharing a LaTeX document with other authors, that compile it with latex, but since I use TexShop and compile with pdflatex it has become a problem to manage the graphics inclusions. So I'd like to compile with pdflatex a document that contains .eps images without changing the includegraphics directive nor converting explicitly the image to .pdf, .png or .jpeg.
   
   
   The epstopdf package handles this situation, by adding a couple of lines to the preamble and compiling with the option 'pdflatex --shell-escape' (this is a default setting in TexShop)
   
   
   \usepackage{graphicx}

   
   
   
   

   \usepackage{ifpdf}

   \ifpdf

   \DeclareGraphicsRule{.eps}{pdf}{.pdf}{`epstopdf #1}

   \usepackage{epstopdf}
   \epstopdfsetup{suffix=-\SourceExt-converted-to}

   \pdfcompresslevel=9 % 0: no compression

   \fi

   ...

   \includegraphics[width=0.2\textwidth]{fig/qwerty.eps}

   
   

   this will automatically convert each .eps file to .pdf during the compilation with pdflatex.

   
   
2. Handling filenames with dots
   (source: http://www.tex.ac.uk/cgi-bin/texfaq2html?label=unkgrfextn)
   
   Suppose you want to include a graphics file home.bedroom.eps using the dvips driver; the package will conclude that your file’s extension is .bedroom.eps, and will complain.
   
   The latest grffile package deals with the last problem (and others — see the package documentation); using the package, you may write:
   
   \usepackage{graphicx}
   \usepackage{grffile}
   ...
   \includegraphics{home.bedroom.eps}
   
   or you may even write
   
   \includegraphics{home.bedroom}
   
   and graphicx will find a .eps or .pdf (or whatever) version, according to what version of (La)TeX you’re running.

In conclusion combining these changes it is possible to include .eps images in the document and compile with pdflatex or latex without any special treatment. If necessary the conversion of the file is done automatically by epstopdf, even if the extension is not specified in the includegraphics directive.

My preamble looks like this (ATTENTION I'm using epstopdf package 2010/02/09 v2.5) :

\usepackage{graphicx} % allows for inclusion of EPS files

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

% Running 'pdflatex --shell-escape...' will automatically recognize

% the eps files in the includegraphics and convert them to pdf.

% No file rename nor change to the document is needed.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\usepackage{ifpdf}

\ifpdf

\DeclareGraphicsRule{.eps}{pdf}{.pdf}{`epstopdf #1}

\usepackage{epstopdf}
\epstopdfsetup{suffix=-\SourceExt-converted-to}

\pdfcompresslevel=0 %\pdfcompresslevel=9

\fi

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

% This line loads the latest grffile.sty : 2010/01/28 v1.11

% Multidot improves the parsing of the filenames and in includegraphics.

% The extension of a file (ej kk.c1.eps), can be omitted in the

% includegraphics directive (ej kk.c1) and the compiler will guess the

% extension based on the known file types for the current mode.

% To change the preferred extension order use grfext

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

\usepackage[multidot]{grffile}

Setup of a Linux TimeMachine backup server, accessible from OS X

I've found a couple of sites that describe a procedure for defining a networked TimeMachine Volume using Ubuntu Linux.

http://chriscarey.com/wordpress/?p=51

http://adamcohenrose.blogspot.com/2008/03/time-machine-wireless-backup-continued.html

http://www.kremalicious.com/2008/06/ubuntu-as-mac-file-server-and-time-machine-volume/

The last one is very clear and complete. This is a summary of the commands I used for configuring Ubuntu 9.04.

Update: seems that this procedure also work for Ubuntu 10.04. After upgradind the server I could not mount the shares and received the messages:

Jul  5 09:04:35 machine afpd[18138]: cnid_open: dbenv->open of /home/user/TimeMachine/.AppleDB failed: DB_VERSION_MISMATCH: Database environment version mismatch
Jul  5 09:04:35 machine afpd[18138]: Cannot open CNID db at [/home/user/TimeMachine].
Jul  5 09:04:35 machine afpd[18138]: Fatal error: cannot open CNID or invalid CNID backend for /home/facciolo/TimeMachine: cdb

The database contained in the .AppleDB directories has changed format. The solution is to remove it (See: http://www.gentoo-wiki.info/HOWTO_Share_Directories_via_AFP#Troubleshooting).

1) Install and configure packages in Ubuntu 9.04

apt-get install netatalk

apt-get install avahi-daemon

apt-get install libnss-mdns

Edit: /etc/default/netatalk

ATALKD_RUN=no

PAPD_RUN=no

CNID_METAD_RUN=yes

AFPD_RUN=yes

TIMELORD_RUN=no

A2BOOT_RUN=no

Append to: /etc/netatalk/afpd.conf

- -transall -uamlist uams_randnum.so,uams_dhx2.so -nosavepassword -advertise_ssh

Edit: /etc/netatalk/AppleVolumes.default

~/ "$u" allow:username1,username2 cnidscheme:cdb

/home/username/TimeMachine TimeMachine allow:username1,username2 cnidscheme:cdb options:usedots,upriv

Do not forget to create the backup directory:

mkdir /home/username/TimeMachine

2) Configure avahi and start services (Ubuntu)

Edit: /etc/nsswitch.conf

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns

Edit: /etc/avahi/services/afpd.service

<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=Xserve</txt-record>
</service>
</service-group>

Start the services:

/etc/init.d/netatalk restart

/etc/init.d/avahi-daemon restart

By now the network drives (home and TimeMachine) should be visible from OSX Finder.

4) Enable networked TimeMachine Volumes in OS X
In a terminal run:

defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

5) Create a disk image for the first use of TimeMachine
5.1) Obtain the MAC address (ifconfig -a) here marked as XXXXXXXXXXXX:

en0: flags=8863.....

ether XX:XX:XX:XX:XX:XX

....

5.2) Obtain the computer name (hostname -s) : mycomputer

5.3) Create the image with Disk Utility

1. New Image
2. Set the image name to : mycomputer_XXXXXXXXXXXX.sparsebundle
3. Set Image Format to: sparse bundle disk image
4. Set Volume Size to: Custom
5. Create and save the image on the LOCAL drive (not the networked one)
6. Copy the image to the networked drive and erase the local one

6) Choose the TimeMachine network drive and backup.

You may also want to change the backup interval (3600 sec by default):

Edit the file /System/Library/LaunchDaemons/com.apple.backupd-auto

Mount OS X NFS share from Linux

The nfs server that comes with OS X is picky.

------------ IN THE SERVER OSX ------------

->/etc/exports

/Users/ 192.168.114.128

/Users/ localhost

->/etc/nfs.conf

nfs.server.require_resv_port = 0

nfs.server.mount.require_resv_port = 0

> sudo nfsd enable

> sudo showmount -e

---------FROM LINUX ---------

sudo mount 192.168.114.2:/Users /mnt/OSXUSERS

The user in the linux system MUST have the same UID as in the OSX, the mapall option doesn't work.