Author: JSEvans

LattePanda Gigglescore

A Gigglescore is a ratio score of price to performance for single-board-computers like the LattePanda or Raspberry Pi. A lower Gigglescore means a better value for the money. A higher one is worse. You can see more here: https://gigglescore.com/

My LattePanda:

sudo ./benchmark.sh 149
   Repository 'openSUSE-Leap-15.0-Non-Oss' is up to date.                                                                                                                                                               
   Repository 'openSUSE-Leap-15.0-Oss' is up to date.                                                                                                                                                                   
   Repository 'openSUSE-Leap-15.0-Update' is up to date.                                                                                                                                                                
   Repository 'openSUSE-Leap-15.0-Update-Non-Oss' is up to date.                                                                                                                                                        
   All repositories have been refreshed.
   Category5.TV SBC Benchmark v1.1
   Powered by sysbench 1.0.11
   Number of threads for this SBC: 4
   Performing CPU Benchmark… WARNING: the --test option is deprecated. You can pass a script name or path on the command line without any options.
   576.760 events per second. Price: Ģ930.02 per unit.
   Performing RAM Benchmark… WARNING: the --test option is deprecated. You can pass a script name or path on the command line without any options.
   3,625,781.466 events per second. Price: Ģ0.15 per unit.
   Performing Mutex Benchmark… WARNING: the --test option is deprecated. You can pass a script name or path on the command line without any options.
   6.873 events per second. Price: Ģ7.80 per unit.

Total Giggle cost of this board: Ģ1,397.58

Giggles (Ģ) are a cost comparison that takes cost and performance into account. While the figure itself is not a direct translation of a dollar value, it works the same way: A board with a lower Giggle value costs less for the performance.
 If a board has a high Giggle value, it means for its performance, it is expensive. Giggles help you determine if a board is better bang-for-the-buck, even if it has a different real-world dollar value. Total Giggle cost does not include I/O since that can be impacted by which SD card you choose. Lower Ģ is better.

Being that the suggested retail price is currently $149, we get a Gigglescore of 1,397.58. This is right between the Raspberry Pi 3 B+ and the ODROID XU4 in terms of value for the dollar.

Documentation and Asciidoc

A few weeks ago I wrote a guide for installing OpenSUSE Kubic. I wrote it using my team at work’s lab manual templates in LibreOffice and then exported the output as a PDF. If you ever take a course from SUSE Training, you will receive a complete lab manual like this as a part of your course materials.

I received some good and some less-than-good feedback for this guide from people at SUSECON and on IRC. So a few days ago I began converting the source files from LibreOffice .odt files to AsciiDoc text files and I put them on github.

AsciiDoc is great as a markup language. I can make some very nice and professional output with only a basic “cheat sheet”. The problem is what format do you want your exported to be like? If you want just a standard html, then you can use the asciidoc or the asciidoctor application to export it to html and it looks great. If you want PDF, which is generally how I like distributing documents like this, it isn’t quite what I’m looking for.

So far, I’ve found three ways to export from AsciiDoc to PDF. You can use asciidoctor-pdf which is a plugin for asciidoctor. The asciidoctor-pdf output is nice. It looks quite professional. In the build that I’m linking to, there are some formatting issues that I hadn’t tackled yet, but overall it’s a nice looking document. The second method is with DAPS. DAPS is a technical writing tool from the SUSE Documentation team. In the latest version, 3.0.0, it works natively with AsciiDoc. An intro to AsciiDoc with DAPS can be found here. The output from my files looks like this. Again, it looks pretty nice. However if you look at both of these PDF files from asciidoctor and DAPS, and compare it with the link to my original PDF from LibreOffice above, you will see some important changes. In the original, we in the SUSE Training team have a specific color palette that we use for our documents and I wanted to create a nearly 1:1 translation from LibreOffice to AsciiDoc. Bold Monospace Blue for commands, Bold Monospace Green for urls and filenames, Bold Light Gray for field names. Also, page breaks between sections. This isn’t possible at the time being without me learning how to write my own custom XSLT stylesheets (which probably isn’t going to happen). Is this a negative on AsciiDoc? No, it’s still easier than learning Docbook or TeX. It means that I will need to change how I format my documents using AsciiDoc’s conventions if I use these tools, not my own.

I mentioned that there are three ways to export from AsciiDoc to PDF. The third is with a tool called AsciidocFX. This is a really cool tool that seems to no longer be actively maintained. It gave me the formatting that I wanted in the PDF output, but sadly it gave me a ugly title page which I can probably live with for now. I have mixed feelings about this project. On the one hand, it gives me pretty much what I want but on the other hand, if it isn’t being actively maintained, it’s a bummer. I also have the question whether the color palette that we use for training docs is really as important I think and perhaps I should stick with the standard formatting so that anything that I write look, at least from a format perspective, like what anyone else would write.

I will decide on a standard format soon. The OpenSUSE Kubic installation guide won’t be the last free guide that I write. I’m constantly working on new guides, slide decks, etc. for my day job at SUSE Training, but I also want to contribute to the various open-source communities that I work with more and I think this is a great way to do it.

Onion Services in Windows 10

Notes:

The following is a proof of concept tutorial on how to create a Tor onion service on Windows 10 using Ubuntu in Windows Subsystem for Linux. This has not been security tested by anyone in the Tor project. It is also not exactly the same directions that I would give someone who wants create an onion service in Linux. Namely that WSfL doesn’t use systemd the way it is meant to be used natively. Instead you have to start system daemons using the old SysV method with /etc/init.d/ Also, services do not continue running after the window has been closed. If someone can find a workaround for that, I’ll gladly update this tutorial.

As for Apache and Tor, they seem to be working normally as long as the Ubuntu window is not closed. The default path for the Apache web server is: /var/www/html/index.html. More info on how to build a website with Apache can be found all over the web.

On with the tutorial!

First, open powershell 64-bit as administrator:

Enable Windows Subsystem for Linux and reboot:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

After rebooting, go to the Microsoft Store and search for Ubuntu 18.04 LTS

Install the App but beware that you will be forced to sign in with a Microsoft account.

Open the new app. You will be prompted to create a local Linux account. This will not be tied to anything else. It is only for your computer.

Update the packages in Ubuntu to the latest versions:

sudo apt update -y && sudo apt upgrade -y

Install Tor and Apache:

sudo apt install apache2 tor -y

Edit the tor configuration:

sudo nano /etc/tor/torrc

Remove the # signs from before the following lines:

DataDirectory /var/lib/tor
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

The result should look something like this:

Save by hitting CTRL-x

Start apache and then tor:

sudo /etc/init.d/apache2 start && sudo /etc/init.d/tor start

Get your new .onion site url:

sudo cat /var/lib/tor/hidden_service/hostname

Try your new onion service in Tor Browser!

Does it Leak? — Tumbleweed Edition

The following is a spreadsheet that I put together this weekend testing Linux applications and how well the work on Tor.

The first column is the name of the application and the second is the Linux distribution. In this case, I am using the latest build of OpenSUSE Tumbleweed with the latest patches applied.

The Torsocks column is whether or not the application is compatible with torsocks which is a wrapper around an application that send it’s networking requests to Tor instead of the standard internet.

The Proxy column is whether or not the application supports a SOCKS5 proxy with a DNS Proxy, specifically the one used by the Tor application.

The DNS Leak column is a test that I ran with Wireshark to see if any of the applications were misbehaving with DNS. i.e. Did they try to use DNS even though I set a proxy not to use it and/or did they go around the torsocks application and use DNS directly?

In the No DNS Test, I commented out the nameserver entry in /etc/resolv.conf so that the VM that I was using as a whole would not have access to DNS. Would the application be able to use DNS via Tor alone?

Finally, I tested to see if the application could reach a .onion site. I don’t have a OpenSUSE Repo in an .onion site or a steaming service like youtube to try so I didn’t test those.

ApplicationLinuxTorsocksProxyDNS LeakNo DNS Test.onion
FirefoxTumbleweedNoYesNoPassYes
ZypperTumbleweedYesNoNoPassn/a
LinksTumbleweedNoYesNoPassYes
LynxTumbleweedYesNoNoPassYes
w3mTumbleweedYesNoNoPassYes
curlTumbleweedYesYesNoPassYes
ChromiumTumbleweedNoYesNoPassYes
BraveTumbleweedNoYesNoPassYes
OtterTumbleweedNoYesNoPassYes
Youtube-dlTumbleweedYesNoNoPassn/a

My findings were that none of the applications that I tested had DNS Leaks though there could be other issues that I did not test for. If your concern is strictly about privacy and not being tracked, the official Tor Browser is the way to go. However I am keenly interested in other applications for Tor so this is my first step in finding what could be possible.

Anonymity is Important

Let’s begin with something useful.

In order to use Tor, you ideally need a browser that can access it. The Tor Browser on desktop platforms, formerly known as the Tor Browser Bundle, and the Orfox Browser with the Orbot app on Android are the suggested browsers. Why? Tor takes anonymity seriously.

The four log entries below are from 4 browsers that are using Tor.

Brave:
127.0.0.1 - - [10/Nov/2018:12:56:19 +0000] "GET /favicon.ico HTTP/1.1" 404 209 "http://irvdwucxcq6kb2nm.onion/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36"
Firefox:
127.0.0.1 - - [10/Nov/2018:13:00:58 +0000] "GET /favicon.ico HTTP/1.1" 404 152 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
Tor Browser
127.0.0.1 - - [10/Nov/2018:12:57:27 +0000] "GET /favicon.ico HTTP/1.1" 404 152 "-" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"
Orfox
127.0.0.1 - - [10/Nov/2018:13:04:53 +0000] "GET / HTTP/1.1" 200 396 "-" "Mozilla/5.0 (Android; Mobile; rv:52.0) Gecko/20100101 Firefox/52.0"

The first log entry is from the Brave browser (https://www.brave.com) which has Tor built in into their Private Window mode. This is a really neat concept, but you gain a lot of information about the person using this browser and that makes them stand out. You can see which website that I am trying to access. You can see that I am running 64-bit Linux. You can also see that I am running a browser based on Chrome. None of these things tell you exactly who I am but they fingerprint me as someone who stands out. The goal of anonymity is it blend in with the rest of the internet.

The second entry is normal unmodified Firefox running on Tor. This is a little better. It almost completely matches the entry for Tor Browser, except that it gives away my operating system and it is a not running the same version as the Tor Browser.

I didn’t change to a Windows PC to test the Tor Browser, all versions will always report the same information. It will always report that it is being used in Window since it is the most widely used operating system. It’s important to keep it up to date not only to apply bugfixes but to keep in line with all of the rest of the Tor Browser users.

The final entry is for Orfox. Yes, you can see that I am running it on Android as it is based on the Firefox app for Android. This is a bit of a negative. Preferably you would want it to appear to be the same as the normal Tor browser but there is probably a trade off. All copies of Orfox, no matter the device or version of Android, should look the same. However in order to get mobile versions of websites suitable for a mobile device, the browser needs to identify itself as a mobile browser. We’ll discuss more about fingerprinting in a later chapter.

Installing The Tor Browser

We’ll do this in four parts for Windows, Linux, Mac, and Android users.

Windows

  1. Go to: https://www.torproject.org/projects/torbrowser.html.en
  2. Download the latest version for Windows
  3. Run the installer
  4. You will now see a new folder on your Desktop. Open that and run Tor Browser.
  5. Click Connect
  6. Congrats, you are on Tor!
  7. Go to https://check.torproject.org/ in the Tor Browser

Linux

  1. Go to: https://www.torproject.org/projects/torbrowser.html.en
  2. Download the latest version for Linux
  3. Open a command line
  4. Unzip the application. Replace xxxxxx with the current version that you downloaded

tar -xvJf tor-browser-linux64-xxxxxx.tar.xz

  1. You will now see a new folder. Open that and run Tor Browser.

cd tor-browser_en

  1. Run the application

./start-tor-browser.desktop

  1. Click Connect
  2. Congrats, you are on Tor!
  3. Go to https://check.torproject.org/ in the Tor Browser

Mac

  1. Go to: https://www.torproject.org/projects/torbrowser.html.en
  2. Download the latest version for Mac
  3. Run the installer
  4. You will now see a new folder on your Desktop. Open that and run Tor Browser.
  5. Click Connect
  6. Congrats, you are on Tor!
  7. Go to https://check.torproject.org/ in the Tor Browser

Android

  1. Go to the app store and download the following two apps: Orfox and Orbot. Both are from The Tor Project. Orbot is the Tor service. Orfox is the Android implementation of the Tor Browser. There are many “Dark Web” and “Onion” android apps and many of them are bogus and may steal your data or are just scams.
  2. Start Orbot and connect to the Tor network.
  3. Start Orfox
  4. Go to https://check.torproject.org/ in Orfox.

 

 

We Do It For the Children

I’m staying in a hotel chain in London only to find a firewall that throttles interesting stuff like BBC iPlayer and YouTube. I tried going to my VPN provider. That the website is blocked to protect children and vulnerable people. What?! Meanwhile I have no trouble connecting to #4chan because they only care so much about children.

Untitled

Of course Tor is blocked also, well for other people, I got it to work anyway and now I’m writing this using it out of spite.

If I give them the benefit of the doubt, I would say that they want to keep bandwidth usage down and the best way to do that is to throttle big streaming websites and they want to close loopholes by blocking ways around that.

However the explanation kills me: to help keep children and vulnerable people safe. So this provider says that they want to help make the internet a better place by taking away the anonymity of trolls and online creeps? That makes no sense. Why even provide have internet access at all? I think the real case is above, they need to cut bandwidth costs and that’s fine but leave the nonsensical rhetoric out of it.

My Day with Fedora

I used Fedora 28 today for work instead of my usual OpenSUSE Leap 15 installation. Here’s how it went.

My setup:

  • Intel© Core™ i7-4500U CPU @ 1.80GHz × 2
  • 16GB Ram
  • 250G SSD

Here’s the software that I needed for work today:

  • Synergy
  • LibreOffice > 6.0
  • Chromium Browser
  • Spotify
  • NFS
  • virt-manager
  • Graphical multi-tab text editor
  • Tilix
  • Pidgin
  • Hexchat
  • KeepassXC

I use Synergy as a virtual KVM between my home server machine that handles my storage, email, etc. and this brings us our first real problems. The “software” application in Gnome doesn’t list Synergy even when I search for it and I was wondering if I would have to go download the RPM it’s creator (I have a valid license so that’s not really a problem). I ran ‘dnf search synergy’ and there it was. If your software installation tool only covers “best of” software but not everything then it’s usefulness is only marginal at best.

I installed Synergy and when I ran it I received an error that I shouldn’t close it because there is no systray available. This is a pet peeve that I have with a lot of distros who use Gnome 3. Either the systray isn’t enabled or isn’t available at all. The fact is that a lot of applications still use it. Of the ones that I use, Synergy, Pidgin, KeepassXC, and Hexchat all fall into those categories. I like having a clean work environment and being able to minimize apps to the systray helps with that. And so I said goodbye to the pure Fedora experience and installed Cinnamon (It also wasn’t available from the GUI software application) and the rest of the apps from the CLI.

Everything else went as expected. I didn’t have any more hiccups as long as I used the dnf command to install the apps. I mounted the directories from my home server to my workstation with NFS so I didn’t have to worry about data loss. I did notice lag from the time that some apps were launched until they were ready that I didn’t notice with OpenSUSE, but I didn’t do a real measurement so that was entirely subjective.

There really wasn’t anything keeping me from doing my work that couldn’t be worked around in a matter of minutes.

Suggestions for Fedora:

  • Bring back the systray into Gnome 3
  • Remember yumex? It was an awkward but very powerful graphical tool for Yum. Bring it back at make it your primary software installation tool.

I need a new open source project

A few years ago I wrote this rousing email about the Linux Documentation Project and I made waves in a mailing list that lay mostly dormant for years. After the list was rejuvenated, I set out to learn git, then then to find pieces of Linux documentation all around the web and add it. The idea was, find a central place (i.e. TLDP) to store all of the documentation from here and there and then replicate that central store all over the globe for redundancy so it is never lost. I had big goals and then nothing really came of it.

sigh

Why did nothing happen? 99% was me and my own laziness/busyness/etc. The other 1% was that there isn’t a community there. The mailing lists are dead. The wiki is never updated. New documents are rarely added and old ones are never retired (not deleted, just retired). I felt almost alone in this huge wasteland of a site with so much potential.

I need a new open source project

I want to find a project that I can help with, can make a difference in, and that has a community that is actively working in it.

I have a few projects in mind. I’ll post more when I make a decision.

Adventures with Kubeadm on OpenSUSE Kubic

This video is a little kludgy.  It was literally my first time putting together the cluster and if you notice at the end, it doesn’t actually work. None of the worker nodes are actually usable. Hopefully that will be fixed soon.

linux-3q2c:~ # kubectl get nodes
NAME         STATUS     ROLES     AGE       VERSION
linux-3q2c   NotReady   master    3m        v1.11.1
linux-fykp   NotReady   <none>    1m        v1.11.1
linux-gbv8   NotReady   <none>    51s       v1.11.1

In the meantime, thanks to this post, I’ve reinstalled with cri-o and now have a fully functional cluster.

jsevans@jserver:~> kubectl get nodes
NAME STATUS ROLES AGE VERSION
linux-3q2c Ready master 2h v1.11.1
linux-fykp Ready <none> 1h v1.11.1
linux-gbv8 Ready <none> 1h v1.11.1

What have I been doing with my new cluster?

I installed the Kubernetes dashboard, Helm, and WordPress with Helm. I’ve also had to really dig into what it means to use RBAC.  In CaaS Platform 1-3, a lot of your RBAC stuff was already done for you. Now I’ve had to specifically set RBAC to get the Dashboard credentials working as well as to get Tiller working. It’s a learning experience and it’s good to get these fundamentals down pat.

Screenshot from 2018-08-21 20-56-47

Screenshot from 2018-08-21 20-58-13