Centralizing Certificate Management of LetsEncrypt with a Raspberry PI

Lets Encrypt is a new Certificate Authority (CA), run for the public’s benefit by the Internet Security Research Group (ISRG). At the time of writing it’s currently in Beta and is due to go public in December 2015.

Update: Lets Encrypt went into public -beta on December 3 2015. I have updated this article with the minor change needed to work with the live servers.

Now in the default mode, the standard Lets Encrypt client (it’s not the only one) can manage this automatically – however it’s not ideal if you have more than one server.

What I describe here is how to centralize managing certificate registration (& later renewal) on a central machine. When a certificate is then registered or renewed we can then copy the certs to the remote servers.

Continue reading “Centralizing Certificate Management of LetsEncrypt with a Raspberry PI”

Setting up a Weather WebCam on Linux

Weather webcams are always popular and it is easy and free to set one up yourself.  This article will show how to setup a simple USB webcam to produce still images and serve them on a local apache webserver.

Continue reading “Setting up a Weather WebCam on Linux”

Formatting xml in emacs

I had this problem of debugging some xml but when reading the output of some log4j it was almost impossible to read so I needed some way of prettifying the xml quickly.

For this example I have the following xml:

<?xml version="1.0"?><xml><iq xmlns="jabber:component:accept" from="test1@temp.retep.org/client" id="iq_257" to="service.retep.org" type="get"><query xmlns="some:namespace"/></iq></xml>

So how do we pretify this in emacs?

Well the first thing to do is to write an extension function & place it into your ~/.emacs file. Placing it here means that when you open emacs the extension is available:

(defun xml-format ()
  (interactive)
  (save-excursion
    (shell-command-on-region (mark) (point) "xmllint --format -" (buffer-name) t)
  )
)

Now this works by passing the buffer to the xmllint utility and replaces it with the output – in this case nicely formatted xml.

Now we need to install xmllint:

pi@lindesfarne: ~$ sudo apt-get install libxml2-utils

Ok so now open emacs and open the xml. To format first select the xml you want to format then Press Escape then x followed by xml-format & press return. You should then get the xml nicely formatted:

<?xml version="1.0"?>
<xml>
  <iq xmlns="jabber:component:accept" from="test1@temp.retep.org/client" id="iq_257" to="service.retep.org" type="get">
    <query xmlns="some:namespace"/>
  </iq>
</xml>

Using NFS to provide extra disk to a Raspberry PI

As the Raspberry PI uses an SD Card for it’s boot device there are times when you need either more space than is available on that device or a device that’s faster – writing to flash is slow and flash cards do have a limited number of writes that can be made to them.

Now there’s several ways to accomplish this:

  • Use an external USB drive (the common route)
  • Use a network shared drive

Using a USB drive is simple and is the faster option but it means it’s dedicated to the PI whilst it’s in use, hence this article on using a network drive – in this instance a directory on another Linux box in the network.

Also having it shared on the network means that multiple machines could use it at the same time. Imagine if you are a teacher with a collection of PI’s being used by your students. You could setup a central read-only directory with your class work which they can all access as if it’s installed locally.
Continue reading “Using NFS to provide extra disk to a Raspberry PI”

Whoopsie & how to disable it on Ubuntu 12.04 or Mint 13

New in Ubuntu 12.04 is whoopsie – which sends a crash log to ubuntu. Nice feature? Well no as they don’t tell you about it nor to they ask you, they just do it.

Nice privacy issue guys.

To tell if you have it check the file /etc/default/whoopsie

[General]
report_crashes=true

If you see that then it’s enabled. You’ll also see a process running called whoopsie as well.

To turn it off just change it from true to false & kill the whoopsie process (or reboot).

Note this affects any distribution based on Ubuntu 12.04 including Mint 13 so check you are not infected by whoopsie.

Generating private keys with openssl

Keys are the basis of public key algorithms and PKI. Keys usually come in pairs, with one half being the public key and the other half being the private key. With OpenSSL, the private key contains the public key information as well, so a public key doesn’t need to be generated separately.

Public keys come in several flavors, using different cryptographic algorithms. The most popular ones associated with certificates are RSA and DSA, and this  article will show how to generate each of them.

Generating an RSA key

A RSA key can be used both for encryption and for signing and generating a key is quite easy, all you have to do is the following:

  openssl genrsa -des3 -out privkey.pem 2048

That will generate a private key with is password protected (it will prompt you for the password during generation). If you don’t want it password protected (usually for server side use) then leave the -des3 parameter out, i.e.:

  openssl genrsa -out privkey.pem 2048
 The number 2048 is the size of the key, in bits. Today, 2048 or higher is recommended for RSA keys, as fewer amount of bits is considered insecure.

Generating a DSA key

A DSA key can be used for signing only. This is important to keep in mind to know what kind of purposes a certificate request with a DSA key can really be used for.

Generating a key for the DSA algorithm is a two-step process. First, you have to generate parameters from which to generate the key then to generate the key itself.

  openssl dsaparam -out dsaparam.pem 2048
  openssl gendsa -des3 -out privkey.pem dsaparam.pem

Again like RSA, 2048 is the size of the key, in bits with anything smaller than 2048 being insecure in todays standards.

Also the -des3 parameter will prompt you for a pass phrase – for server use leave it out:

  openssl dsaparam -out dsaparam.pem 2048
  openssl gendsa -out privkey.pem dsaparam.pem

Installing the latest Firefox on Linux Mint

This probably applies to Ubuntu as well, but on my Linux Mint 10 install it was stuck on Firefox 3.5 with the occasional updates so how do you get the latest Firefox to install with updates?

Well it’s pretty simple, first make sure FireFox isn’t running then:

 sudo add-apt-repository ppa:mozillateam/firefox-stable
 sudo apt-get update
 sudo apt-get install firefox ubufox

Thats all thats needed.