I got into the whole Bitcoin craze a little over a year ago. I’ve used Cavirtex ever since to exchange Bitcoins for Canadian dollars. Bitcoin is very volatile right now and the prices can flucuate wildly. I found myself continually trying to check current prices on my mobile devices but the Cavirtex site is not responsive and is a real pain to use when you aren’t on a full size monitor.

So I built a small Ember.js application that pulls current trade information from Cavirtex and displays it in a nice responsive layout. Check it out and let me know what you think!

My Cavirtex Mobile Site: virtex.matthewsiemens.com

A few months ago I decided to move my personal site and blog from a WordPress platform to Octopress framework.

Octopress is a blogging framework based on Jekyll that generates static files and can be managed completely from the command line.

I made the switch for a number of reasons:

If you use SSH on a regular basis I’m sure you’ve received the warning that the “REMOTE HOST IDENTIFICATION HAS CHANGED”. This occurs any time the SSH key for the host you are trying to connect to does not match the key saved in your known_hosts file (The known_hosts file is in the .ssh directory within your home directory by default).

I recently ran across an error where TrueCrypt wouldn’t start on my computer running Arch Linux. When I tried to run TrueCrypt graphically nothing would happen, but when ran from the terminal I received a message telling me that “TrueCrypt is already running”. This error is caused when your last TrueCrypt session didn’t close cleanly and left a lock file behind in your home directory.

To remove the lock file just run (Replace YOURUSERNAME with the username for your actual account): rm ~/.TrueCrypt-lock-YOURUSERNAME

You can also navigate to your home directory using a file manager and deleting the file graphically. If the file is hidden, you can show it by pressing Ctrl+H in your file manager.

Please remember that it is always a risk to run commands you find on the Internet on your computer. If you cause any damage to your system I am not in anyway responsible!

My brand-new Raspberry Pi was delivered last night. I finally got a chance to start playing with it this evening. The first thing I wanted to do was get my favourite Linux distribution Arch installed.

Here’s a quick and easy way to get Arch Linux ARM installed onto the Raspberry Pi.

These instructions are taken directly from http://archlinuxarm.org/

  1. Download the zip file containing the dd image from one of these resources:

  2. At this time, not all mirrors have the updated rootfs. If you get a 404, please try a different mirror.

  3. Extract the zip file to your hard drive, giving you the dd image archlinux-hf-2012-09-18.img

  4. Write this image to the target SD card. The SD card will need to be 2GB or larger.

    • Linux Replacing sdX with the location of the SD card, run: dd bs=1M if=/path/to/archlinux-hf-2012-09-18.img of=/dev/sdX

      • Windows Download and install Win32DiskImager Select the archlinux-hf-2012-09-18.img image file, select your SD card drive letter, and click Write
    • Eject the card from your computer, insert into the Raspberry Pi, and power it on.

    • If your keyboard, mouse, or other USB device doesn’t appear to be working properly, try using it through a POWERED USB hub. The Raspberry Pi’s USB ports are limited to 140mA.

Please note: The rootfs for the Raspberry Pi has been converted to systemd. There is no more /etc/rc.d or /etc/rc.conf. Please read up on systemd.

Summary

Please keep in mind that Arch is not designed for beginners and it will definitely help a lot if you have some Linux experience, and a great deal of patience. The advantage that it does have is that it is very light on resources, and comes with a very basic install. This means just a terminal interface and a limited number of programs. This is comes in handy when you want to configure your Pi for a specific purpose.

Once you’ve installed Arch and looked around take a look at this Article for some more important steps to get the most out of your Arch Linux Raspberry Pi.

Mikrotik makes some great networking equipment for both business, and home uses. I’ve used Mikrotik routers both while consulting and for my own personal and business use. I use SSH to manage my Mikrotik devices and wanted to be able to detect and block any Brute Force SSH login attempts. Here is a quick and easy way to do exactly that:

First Things First

If you haven’t done this already, try changing the port SSH is running on to something other than the default. When logged in through SSH or Telnet you can edit the SSH port with:

/ip service edit ssh value-name=port

After changing the port to something other than 22 hit Ctrl+o to save your change.

Using Firewall Filters

Firewall rules are read from the top down, meaning if a connection matches a rule it won’t look any further. This is why the following rules seem like they are backwards.

Navigate to: /ip firewall filter If you are using a non-standard SSH port, change 22 in the examples below to whatever port you are using.

add chain=input \
protocol=tcp \
dst-port=22 \
src-address-list=ssh_blacklist \
action=drop \
comment="Drop SSH connection from IP addresses in ssh_blacklist address list" \
disabled=no

This rule will drop any SSH connections that come from IP addresses in the “ssh_blacklist” address list.

add chain=input \
protocol=tcp \
dst-port=22 \
connection-state=new \
src-address-list=ssh_attempt_3 \
action=add-src-to-address-list \
address-list=ssh_blacklist \
address-list-timeout=2w \
comment="Blocked IP address that attempted multiple SSH connections" \
disabled=no

This rule will add any IP address that attempts 4 SSH connections (either successfully or not) within the set time limit to the “ssh_blacklist” address list.

add chain=input \
protocol=tcp \
dst-port=22 \
connection-state=new \
src-address-list=ssh_attempt_2 \
action=add-src-to-address-list \
address-list=ssh_attempt_3 \
address-list-timeout=1m \
comment="IP address that attempted to create 3 SSH connections" \
disabled=no

This rule will add any IP address that attempts 3 SSH connections (either successfully or not) within the set time limit to the “ssh_attempt_3” address list.

add chain=input \
protocol=tcp \
dst-port=22 \
connection-state=new \
src-address-list=ssh_attempt_1 \
action=add-src-to-address-list \
address-list=ssh_attempt_2 \
address-list-timeout=1m \
comment="IP address that attempted to create 2 SSH connections" \
disabled=no

This rule will add any IP address that attempts 2 SSH connections (either successfully or not) within the set time limit to the “ssh_attempt_2” address list.

add chain=input \
protocol=tcp \
dst-port=22 \
connection-state=new \
action=add-src-to-address-list \
address-list=ssh_attempt_1 \
address-list-timeout=1m \
comment="IP address that attempted to create an SSH connections" \
disabled=no

This rule will add any IP address that attempts an SSH connection (either successfully or not) within the set time limit to the “ssh_attempt_1” address list.

Summary – What does it do?

What these five Firewall Filter rules do is detect everytime someone tries to connect to the Mikrotik SSH server (it doesn’t matter if they succed in logging in or not).

  1. The first time an attempt to login occurs the IP address where the attempt comes from is added to the “ssh_attempt_1” address list for 1 minute.

  2. If a second attempt to login to SSH occurs from the same IP address while it is still in “ssh_attempt_1” than the IP address will be added to the “ssh_attempt_2” address list for 1 minute.

  3. If a third attempt to login to SSH occurs from the same IP address while it is still in “ssh_attempt_2” than the IP address will be added to the “ssh_attempt_3” address list for 1 minute.

  4. If a fourth attempt to login to SSH occurs from the same IP address while it is still in “ssh_attempt_3” than the IP address will be added to the “ssh_blacklist” address list and all further attempts will be blocked for the next 2 weeks by the first filter rule we added.

You can modify the address=list-timeout value to change the amount of time that IP addresses stay in each address list to suit your specific needs.

Inspiration for this post came from this Mikrotik Wiki article

Recently I was setting up a Ubuntu server in VMware Player for testing purposes. As I was setting it up, I started to wonder if it would be possible to start the Virtual Machine from the terminal. This way I would be able to start it over SSH if I wasn’t in my office. After some quick looking I found a quick and easy way to accomplish this with Xfvb.

Install Xfvb

The steps to install Xfvb will depend on what distribution you are running. In Arch Linux it is as simple as running:

$ sudo pacman -S xvfb-xorg

Run Virtual Machine from Terminal

Once you’ve installed Xfvb you can start the Virtual Machine from the terminal using:

$ xvfb-run vmplayer LOCATION_OF_VMX_FILE

Create a Bash Script to Simplify the Process

You can make this much simpler by making a simple bash script like this:

#!/bin/sh
xvfb-run vmplayer 'LOCATION_OF_VMX_FILE'

If you put the bash script in your path you will be able to start the Virtual Machine from the terminal just by typing in the name of the bash script. I’m not able to start my Virtual Machines over SSH or even set them to start when my computer starts.

For those of you who don’t know, today March 31st is World Backup Day. In our increasingly digitized world, keeping your data safe and secure both professionally and personally becomes increasingly important!

Today I received an email from Host Gator with the following stats:

  • All hard drives will crash during their lifetime

  • More than 1 in 10 laptops will be stolen in their lifetime

  • A laptop is stolen every 53 seconds

  • Every year 46% of computer users lose their music, photos, and documents

  • 50% of all hard drives will crash within 5 years

  • 89.1% of PC users don’t perform regular backups

  • A recent study from Gartner, Inc., found that 90 percent of companies that experience data loss go out of business within two years.

  • 70 percent of companies go out of business after a major data loss

If you are not regularly backing up your files please take the time to find and setup a backup solution. You can read a number of articles on how to backup your computer at WorldBackupDay.com.

Personally I use a mixture of Rsync and Rsnapshot to backup both my personal and business data. I love the amount of control I have over the backup process, and the fact that none of my data is stored in a proprietary format that locks me into one company or program.

If you aren’t backing up your website my consulting company MennoSites.ca can help you setup an automatic, easy to use solution.

There are a number of reasons why you would want to control how much bandwidth any given program is able to use. This can be done in a couple different ways, including options right with in the software, or through a software or hardware firewall. A great little program for managing bandwidth use is Trickle. Trickle runs completely in userspace, which means we don’t need to mess with a firewall, or even need root access.

If you’re on Ubuntu/Debian you should be able to install Trickle using

sudo apt-get install trickle

Now that you’ve got Trickle installed just use it before any network command to limit its bandwidth. Quite self-explanatory -u specifies upload and -d download.

trickle -u 25 -d 100 myCommand

The reason I first started using Trickle was so I could use Rsync and SCP to copy/backup files on my computer without negatively affecting the speed of my Internet connection. I have a fairly limited upload speed and this is an example of how I would limit the upload speed to 100 KB/s when backup up a folder with Rsync. Please note that when using Trickle with Rsync you have to use the -e option.

trickle -a -e "trickle -u 100 ssh" myFiles matthew@example.com:/home/matthew/backups/

It is even easier using Trickle with SCP where all you would need to do is use:

trickle -u 100 scp myFile.zip matthew@example.com:/home/matthew/backups/