To successfully remove Amazon icon appearing on Ubuntu 17, open the Terminal and type the following:
sudo apt-get remove ubuntu-web-launchers
Type the root password and Amazon icon will disappear.
On Linux you don’t need to install OpenVPN because it’s already installed. However, configuration especially via the network manager can be tricky.
Install this additional package on your distro to display a new OpenVPN option in the network manager:
sudo apt-get install network-manager-openvpn-gnome
If you’re migrating from Windows and you’ve already a Windows installation of OpenVPN you can copy .key, .crt, .conf and .ovpn files from the OpenVPN location. Copy these files to your Linux home (e.g. ~/openvpn/) and reshape permissions to allow the access only to the owner.
After you’ve the .ovpn, .crt, .key files locally, you can test the connection using these commands:
cd ~/openvpn/; sudo openvpn my-openvpn-file.ovpn
Type the sudo password, wait and the connection should be established successfully. Press Ctrl+C to stop the VPN from command line.
Now you can configure the Network Manager to accept the .ovpn file.
Click on the network icon on the top right corner of the screen and look for VPN Settings.
Click the + icon aside the VPN title and select Import from file…
Select the my-openvpn-file.ovpn you’ve checked before. A form containing user certificate, CA, private key and the gateway will be automatically filled. It’s very important to select .ovpn and not .conf since the latter will not work.
If the private key is password protected you can also type the password and on Advanced you can do some fine tuning but it’s usually unnecessary.
On the Details tab, uncheck the automatic connection option if you don’t want to start the VPN at every login and choose if you want to allow other users to access the connection.
On IPv4 and IPv6 you can disable a specific protocol or limit the connection to “Use this connection only for resources on its network“. This last step is particularly important because using VPN can limit network connection.
Press Apply and you should be able to connect pressing the network icon on the top right corner > VPN > your VPN name.
Tested on Ubuntu 17.
I was looking for an easy and good alternative for Windows 7 on a laptop used as a media station to watch Netflix and Crunchyroll and I choose Elementary OS.
This GNU/Linux distribution is based on Ubuntu and it’s relatively easy to install. Anyway, it needs some steps to work great as media station. Here we go:
sudo dpkg --configure -a sudo apt update
sudo bash
And type your password.
nano /path/to/file
With these steps your brand new media station is ready for watching streaming relying on the strong security implemented in GNU/Linux systems.
Here how you can get free SSL cerificates using Let’s Encrypt. Forget about the expire of certificates using the auto-renewal script. A complete reference to install a Let’s Encrypt certificate is this Digital Ocean’s howto. Here there’s a quick guide based on it, plus some additional suggestions. Here we go!
The following code download the script and make it executable. (1)
cd /usr/local/sbin wget https://dl.eff.org/certbot-auto chmod a+x /usr/local/sbin/certbot-auto
The following code create a path for ssl certificate. Change /usr/local/etc/my/files/path/ssl_cert with a path for where you’ll store certificates, you can select a path not in your document root. (2)
mkdir /usr/local/etc/my/files/path/ssl_cert
Now edit your /etc/nginx/conf.d/mysites.conf and add this into the server {…} directive to make available example.com/.well-known url (3):
server {
listen 80;
server_name example.com www.example.com mysite.com www.mysite.com;
location ^~ /.well-known {
alias /usr/local/etc/my/files/path/ssl_cert/.well-known;
allow all;
}
}
At this time you’ve to make available .
Check syntax and reload nginx:
nginx -t systemctl reload nginx
Now execute the script to install certificates for your domains. Remember to use the command with -d domain-without-www -d www-domain in this order. (4)
certbot-auto certonly -a webroot --webroot-path=/usr/local/etc/my/files/path/ssl_cert -d example.com -d www.example.com -d mysite.com -d www.mysite.com
An auto check will be performed and you will get a Congratulation message.
Now generate a strong Diffie-Hellman group with this command (5):
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Check syntax and if ok reload the nginx server to apply changes and . (6)
nginx -t systemctl reload nginx
A certificate will be valid for a short period of time, e.g. 3 months.
To auto-renew the certificate for all of your domains, you should add the auto-renewal command to cron.
You can read how to renew certificates on cron here.
To enable SSL on nginx, if you have already a mysite.conf file mapped for uncrypted connection on port 80. Inside the /etc/nginx/conf.d directory, copy the file as mysite_ssl.conf and:
Change all occurrences of:
listen 80;
to:
listen 443 ssl;
In this way nginx will listen to 443 port on SSL. Ensure you have this port available externally (firewall and/or Selinux audit2allow). (8)
In the original file, mysite.conf, you can delete all entries but you have to keep the well-know part (step 3). This will avoid errors by Let’s Encrypt script.
Add and enable cyphers. Here there’s a good cyphers list, reliable for compatibile but secure using TLS only. (9)
server {
# the port your site will be served on
listen 443 ssl;
# the domain name it will serve for
server_name example.com; # substitute your machine's IP address or FQDN
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
##### Cyphers and SSL fine tuning #####
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
##### END Cyphers and SSL fine tuning #####
# charset utf-8; etc...
}
Test nginx syntax with:
nginx -t
and then reload nginx to apply changes (10), on CentOS:
systemctl restart nginx
Here you can find some useful application to look for big files on disk for Windows and Linux. These disk tools are all free software, and very useful to find big files on disk and free disk space.
ncdu screenshot by dev.yorhel.nl: Official Website
Again, you’ll see a coloured map of file occupation by file type.
Screenshot by yuenhoe.com
I got a Raspberry Pi Model B. It’s cheap and I want to do some experiments for fun.
Experiment #1: I have a 1T external HDD (FAT) and I want to turn Raspberry into a very basic NAS.
I used:
I flashed Raspbian into a class 10 SDHC, I follow this useful howto about to turn on HDMI instead of TV and voilà, I got a down-scaled debian system into a silent, little board that I charge with the smartphone charger via microusb (5V, 700mA).
I plug a wireless mouse and keyboard on the first USB port, and then I plug my external drive on the second. Debian read the FAT partition well (mounted on /media/MYDRIVE), but now I have to turn it into a wannabe-NAS.
Shall we dance? With Samba!
I plug the RJ-45 ethernet connector from my modem router into the Raspberry Pi and I follow this howto in Italian.
$ is a pi console (Start > Accessories > LXTerminal)
# is a root console (Start > Accessories > Root terminal)
# adduser guest --home=/home/public --shell=/bin/false --disabled-password # sudo chmod -R 0700 /home/public # chown -R guest.guest /home/public $ sudo apt-get install samba smbfs
Then I have a new user “guest” with no password authentication. The howto covers the creation of a shared home (/home/public) but I do something slightly different (WORKGROUP is my local network name):
editing /etc/samba/smb.conf
## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = WORKGROUP ####### Authentication ####### security = share obey pam restrictions = yes guest account = guest invalid users = root
And now the most interesting part:
[MYDRIVE] comment = Mydrive read only = no locking = no path = /media/MYDRIVE guest ok = yes force user = pi
Where /media/MYDRIVE is the path to your external usb drive.
And then:
# /etc/init.d/samba restart
to apply.
As this howto explains, the “force user” allows a user (i.e. guest) to get the files from a device mounted by another user (i.e. pi, the default raspbian user).
Have fun
Now on the Windows machine on the Network panel I look for RASPBERRYPI and inside it I find the “mydrive” folder, with all the files from MYDRIVE within. I play a 720p video without slowdown. And so, the cheap NAS experiment is successfully completed.
wget http://download.macromedia.com/pub/labs/flashplayer10/flashplayer10_2_p3_64bit_linux_111710.tar.gz
See also:
