Disable search and autocomplete on url bar of Firefox

/ chirale / Leave a comment

To disable search on url bar of Firefox, first re-enable the double search bar:

  1. Go to Settings
  2. Go to Search settings
  3. On Search Bar, select the 2 bar option

Now disable the search on the url bar:

  1. Visit on the main bar about:config
  2. Accept to continue
  3. Search “keyword”
  4. Change the status from true to false (double click on it)

Now if you try to type a keyword, you will be redirected to the keyword.com website, e.g. boh will redirect to boh.com.

Data aren’t sent anymore to other search engines except for autocompletes, but you can disable it following next steps.

Disable search autocomplete on urlbar

  1. Go to about:config
  2. Search browser.urlbar.suggest.searches
  3. Set value from true to false (double click on it)

Now if you type a search on the url bar, the search will be performed on the history alone, but if you use the search bar autocomplete will works normally.

Reasons

The default configuration of Firefox can cause a search to be performed when an url is wrong using the main bar, or auto-suggestion to be performed silently.

At the end of this howto, Firefox will be back to a status where the user take back more control of searches, reducing disclosed data to external services.

Advertisements

Sort of CDN to serve client-side libraries via an auto-pull git repo on tmpfs

/ chirale / Leave a comment

This configuration will allow to install on a Debian-based system a fast server for client libraries. Key technologies used are:

  • tmpfs to serve files from volatile memory
  • git / mercurial from github / bitbucket to get files from a public or private repository
  • systemd units to mount tmpfs and sync
  • nginx to serve files to user

On this first step you’ll create a service to reserve some RAM for static files, pulling them from a private or public repo.

Mount tmpfs with systemd

To serve files directly from RAM, you have to mount a tmpfs directory. You can do it on fstab:

/etc/fstab

tmpfs /mnt/cdn tmpfs rw,nodev,nosuid,size=300M 0 0

Or with a systemd unit:

/etc/systemd/system/mnt-cdn.mount

[Unit]
Description=Mount empty CDN directory on volatile memory

[Mount]
What=tmpfs
Where=/mnt/cdn
Type=tmpfs
Options=defaults,noatime,size=300M

[Install]
WantedBy=multi-user.target
  • noatime will disable last access on contained files, reducing write on disk
  • size will reserve 300MB for /mnt/cdn partition on RAM (increase as needed)
  • WantedBy=multi-user.target mount the partition on runlevel 3 (multi-user mode with networking)

Create two units on a local path like /usr/local/share/systemd then create a symlinks on /etc/systemd/system or create directly them on /etc/systemd/system. You can also directly create them on /usr/local/share/systemd.

Create the pull service

When the /mnt/cdn is successfully loaded, pull static files from your repository.

/etc/systemd/system/cdn-pull.service

[Unit]
Description=Pull on CDN directory.
BindsTo=mnt-cdn.mount

[Service]
User=youruserhere
Group=youruserhere
ExecStart=/usr/local/share/systemd/cdn-pull.sh

[Install]
WantedBy=mnt-cdn.mount
  • Clone the git repository with a user on system using a key with an alias
  • Change youruserhere to the user who cloned the repository
  • Add to /root/.ssh/config and to  /root/.ssh/my_private_key the private key to do the pull
  • WantedBy=mnt-cdn.mount copy the files to RAM only after the /mnt/cdn is created

On pull, all files will be written by root as youruserhere:youruserhere.

After the pull, to reduce RAM occupation, this script doesn’t download directly to RAM .git directory but copy them with rsync excluding them:

/usr/local/share/systemd/cdn-pull.sh

#!/bin/bash
# stop on first error
set -e
cd /srv/cdn-all
git pull
exec rsync -a --exclude=.git --exclude=.gitignore /srv/cdn-all/* /mnt/cdn/

Get systemd to know about the mount and service

To reload systemd units, you have to

systemctl daemon-reload

Then do the mount via the systemd unit:

systemctl start mnt-cdn.mount

Enable on boot

Since the cdn-pull.service is tied to mnt-cdn.mount, both have to be enabled to run:

systemctl enable mnt-cdn.mount
systemctl enable cdn-pull.service
  1. When the system is ready create the tmpfs on /mnt/cdn/
  2. After tmpfs is successfully created by the unit, the file will be automatically synced through cdn-pull.service.

Mount will auto-start sync

Start only the mnt-cdn.mount:

systemctl start mnt-cdn.mount

And then ask for info about both services:

systemctl status mnt-cdn.mount
systemctl status cdn-pull.service
  • mnt-cdn.mount have to be active (mounted)
  • cdn-pull.service should be active (script is running) or inactive (sync is completed). In both cases, it’s ok.

With this set-up, when you restart the mnt-cdn.mount files will be automatically pulled and synced to RAM when system starts and when you start or restart mnt-cdn.mount service.

Next you can serve these files on nginx and the final step could be to auto-detect push to update files automagically.

See also

Autorestart nodejs app with supervisor on error and changes

/ chirale / 1 Comment

This howto will show how to restart automatically a nodejs app on crash or on file changes using supervisor and nodemon.

Autorestart on changes

To install nodemon to autorestart app when you change app files:

npm install -g nodemon

To test it’s working, use nodemon like node, passing all parameters you would pass to node:

nodemon app.js --myoptionalparameter MYVALUE;

Autorestart on errors

To install supervisor on a Debian-based system to restart app on crashes:

sudo apt-get install supervisor

Then create a supervisor-app-run.sh wrapper script on a custom location to monitor:

#!/bin/bash
cd /path/to/my/app;
exec node app.js --myoptionalparameter MYVALUE;
  • exec is very important since it gave to supervisor the control of the process
  • if you specify nodemon instead of node , the app will not autorestart on crashes but only on changes. On production, only node should be used while on development nodemon is fine to track errors.

Now set up the config file for supervisor creating a new file on /etc/supervisor/conf.d/myapp.conf with:

[program:myapp]
directory=/path/to/my/app
command=bash /path/to/my/supervisor-app-run.sh
priority=10                ; the relative start priority (default 999)
autostart=true              ; start at supervisord start (default: true)
autorestart=true            ; retstart at unexpected quit (default: true)
; startsecs=-1                ; number of secs prog must stay running (def. 10)
; startretries=3              ; max # of serial start failures (default 3)
exitcodes=0,2               ; 'expected' exit codes for process (default 0,2)
stopsignal=QUIT             ; signal used to kill process (default TERM)
; stopwaitsecs=10             ; max num secs to wait before SIGKILL (default 10)
user=USER_TO_RUN_APP_HERE                   ; setuid to this UNIX account to run the program
log_stdout=true             ; if true, log program stdout (default true)
log_stderr=true             ; if true, log program stderr (def false)
logfile_maxbytes=10MB        ; max # logfile bytes b4 rotation (default 50MB)
logfile_backups=10          ; # of logfile backups (default 10)
  • change USER_TO_RUN_APP_HERE to a system user who can access to app files and directory

Now you have to reread to apply changes without restarting all other services:

sudo supervisorctl reread

So in case of errors you got something like:

ERROR: CANT_REREAD: Invalid user name fakeuserhere in section ‘program:myapp’ (file: ‘/etc/supervisor/conf.d/myapp.conf’)

On success:

myapp: available

Keep an eye on supervisor processes with:

sudo supervisorctl status

Results:

myapp                            RUNNING   pid ****, uptime 0:00:59
anotherapp                       RUNNING   pid ****, uptime 0:29:33

Control the processes

Since exec was specified in the wrapper script before, supervisor can stop the node app on demand with:

sudo supervisorctl stop myapp

Then supervisorctl status will display something like this:

myapp                             STOPPED   Apr 27 22:53 AM
anotherapp                        RUNNING   pid ****, uptime 0:28:16

To run again:

sudo supervisorctl start myapp
  • When you will restart the service with systemctl restart supervisor, all /supervisor/conf.d/ files will be read again, then if they are set to autostart they will even if you’ve stopped them.
  • If you’ve specified node instead of nodemon on the wrapper script, you should use supervisorctl restart myapp to apply changes
  • If your node.js app has more than one file to run (e.g. a couple of servers) you can copy and append the [program:myapp] configuration on the same file changing this second block to something like [program:myapptwo] specifying a new wrapper script

Using multiple deploy keys on github using .ssh/config

/ chirale / Leave a comment

You can use multiple deploy keys for Github created with ssh-keygen following with these steps.

You have to add to your ~/.ssh/config

Host github_deploy_key_1
    Hostname github.com
    User git
    IdentityFile ~/.ssh/github_deploy_key_1_rsa

Host github_deploy_key_2
    Hostname github.com
    User git
    IdentityFile ~/.ssh/github_deploy_key_2_rsa

If you haven’t added your github name on git:

git config --global user.name "yourgithubname"
git config --global user.email "youremail@example.com"

Then clone your repository specifying your custom host, adapting what github suggest to you on repo page:

git clone git@github_deploy_key_1:yourgithubname/your-repo.git

If you have enabled push permissions you can use this deploy key even to update the repository.

In this way you can keep a server clean from your github passepartout and add only the keys it needs.

Create a Windows 10 recovery disk on Linux

/ chirale / Leave a comment

In this howto there are the steps to follow when a Windows 10 OS is not bootable anymore and you haven’t a recovery disk. This is a typical case after a new OS will be installed on Dual boot or boot partition was altered.

    1. Download Windows 10 iso:
      1. Download the official Windows 10 image
    2. Prepare USB to be bootable:
      1. Open GParted with 
        gparted /dev/DEVICE-TO-ERASE
      2. Select the USB drive
      3. Device > New partition table
      4. Select GPT
      5. Apply: this will delete any data on the USB
      6. Create a new NTFS partition then Apply (do not use FAT32 since some files can be greater than 4GB)
      7. Close GParted
    3. Write files:
      1. Unplug and plug USB
      2. Copy all Windows files to the empty USB drive using 7zip with: 
        7z x -y -o/media/user/path-to-USB/ Win10_1809Oct_Italian_x64.iso
      3. If something goes wrong during copy, you can mount the ISO image then rsync the source with the USB drive (the trailing slash is important): 
        cd path/to/usb/drive
rsync -avzp /media/myuser/CCCOMA_X64FRE_IT-IT_DV91/ .
      4. umount
    4. Add boot flag
      1. Open the
      2. Select the new partition then
      3. Select Partition > Manage flags
      4. Select boot flag (esp will be auto-selected)
  1. Use windows tools
    1. Follow this howto by MS to recover MBR, restore BCD or similar actions

You can follow these steps to write on a USB a recovery ISO from windows the same way.

Disable password authentication on sshd

/ chirale / Leave a comment

To disallow password authentication on ssh, adduser –disabled-password will not disable openSSH password.

To disable the password authentication, you have to put these values on /etc/ssh/sshd_config to:

PasswordAuthentication no
UsePAM no
PermitRootLogin no

Then you’ve to:

systemctl restart sshd

to apply changes.

Connection will not be reset so before logout try to login on a different terminal to check you can login.

Actually PermitRootLogin disable the root login for any method, but it’s an useful addition. Remember to add at least one user to the sudo group or you will not be able to operate as super-user without using su – root.

To check if password auth is disabled:

ssh -o PreferredAuthentications=password USER@HOST

Exprected output is:

USER@HOST: Permission denied (publickey).

Partition a new disk on linux using fdisk, lsblk and mkfs

/ chirale / Leave a comment

First, you’ve to create a new partition.

You can list all available storage device with:

lsblk

If your disk is new, the new device will appear empty (without children on the tree).

Then:

fdisk /dev/sdc

Press m to show the manual.

To create a partition larger than 2TB, you’ve to use a GPT partition (g) then create a new extended partition (n) then with (p) it will show you how the partition will like before you write (w) them.

Then, lsblk will show the device with the new partition, e.g.:

sdc 8:32 0 3.5T 0 disk 
└─sdc1 8:33 0 3.5T 0 part

Then format the new partition /dev/sdc1 with the specified filesystem (e.g. ext4):

mkfs -t ext4 /dev/sdc1

If you haven’t take not of the UUID shown by mkfs after format, use blkid command to list the UUID of the device, so if device name change the fstab is still valid.

And add to /etc/fstab (put the last 0 to 1 to check filesystem on startup):

UUID=xxxxxxx-xxx-xxxx-xxx-xxxx /mnt/mydata ext4 defaults 0 0

To get the UUID later:

sudo blkid /dev/sdc1

Create the mount directory with:

mkdir /mnt/mydata

Then mount the new partition with:

mount /mnt/mydata