blog.lundscape.com

Fix ISP DNS Hijacking with DD-WRT

Published on August 5, 2011 by Zachary Lund in CenturyLink, DD-WRT and DNS. 2 Comments Tags: bogus-nxdomain, CenturyLink, DD-WRT, DNS, DNSMasq, OpenDNS.

Ars Technica recently wrote up an article ISPs hijacking DNS requests to watch web searches. A couple years ago, I discovered that any time that I punched in an invalid domain name, instead of telling me the domain name did not exist, I was redirected to a search page. The search page had an opt out feature, but it reset after a few hours. I wrote a script to automatically opt myself out every few hours, but it was ineffective. When I called CenturyLink (my ISP) about this problem, they first denied it. After arguing with the representative for a while, he eventually informed me that this was how the feature was supposed to work. I asked him how that could be useful if the opt out really wasn’t an opt out. He didn’t have an answer. Eventually I opted to use alternative DNS. However, one solution for those of us running DD-WRT on our routers is to add additional DNSMasq options. While OpenDNS does honor opt outs, I still add the IP addresses they use to my configuration.

Before adding anything, pinging an invalid domain shows:

ping garbage.invalidtld
PING garbage.invalidtld (67.215.65.132) 56(84) bytes of data.
64 bytes from hit-nxdomain.opendns.com (67.215.65.132): icmp_req=1 ttl=56 time=54.4 ms

I went into the Services page of DD-WRT and added the following to the “Additional DNSMasq Options” section:

bogus-nxdomain=67.215.65.132
bogus-nxdomain=184.106.31.182

Now the same command returns the proper response:

ping garbage.invalidtld
ping: unknown host garbage.invalidtld

I could have applied the same method to filter CenturyLink’s DNS responses, but I have been happier with OpenDNS and decided not to switch back.

Google CDN URL for Dojo Changes

Published on June 30, 2011 by Zachary Lund in Uncategorized. 2 Comments

As Dojo suggests on their website, I opted to use Google’s copy of the Dojo Toolkit:

<script src="http://ajax.googleapis.com/ajax/libs/dojo/1.6/dojo/dojo.xd.js" type="text/javascript"></script>

This worked very well until today. After doing some digging, I realized that according to Google’s documentation, the URL has changed:

<script src="http://ajax.googleapis.com/ajax/libs/dojo/1.6.0/dojo/dojo.xd.js" type="text/javascript"></script>

I have to imagine that this will be bad for a lot of websites, but at least the solution is fairly simple.

Spawn a Styled xterm into Home and Disown It

Published on December 28, 2010 by Zachary Lund in Ubuntu. 0 Comments Tags: disown, Shell, terminal, Ubuntu, xterm.

First, I set up the styling (no scrollbar, font, font size, background, and foreground colors):

xterm +sb -fa monaco -fs 10 -bg black -fg white

Next, I redirected the output and backgrounded the process:

xterm +sb -fa monaco -fs 10 -bg black -fg white > /dev/null 2>&1 &

This worked well for quite a while, but when I spawn a shell in an arbitrary directory, I wanted my shell to start in home so I added:

eval $( cd ; xterm +sb -fa monaco -fs 10 -bg black -fg white > /dev/null 2>&1 & )

Finally, I wanted to fully disown the new xterm from the shell I spawned it from. Therefore, my .bash_aliases file now has:

alias term='eval $( cd ; xterm +sb -fa monaco -fs 10 -bg black -fg white > /dev/null 2>&1 & disown %1 )'

Now I can cleanly spawn a new terminal that sends no output to the existing shell.

How Nvidia Took the Fun Out of Dual Screen Xorg Configuration

Published on December 18, 2010 by Zachary Lund in Ubuntu. 0 Comments Tags: Dual Screen, Nvidia, nvidia-xconfig, twinview, Ubuntu, X11, Xorg.

Dual screen configuration used to be quite the hassle on Linux. However, Nvidia has made it incredibly easy with their nvidia-xconfig command. The “–no-logo” argument eliminates the Nvidia logo when X starts, and “–twinview” enables the second display.

nvidia-xconfig --no-logo --twinview

Now I can configure my systems for dual displays during an Ubuntu installation without the need for reinstalling an old hacked together xorg.conf file.

Adobe Flash 10 for 64-bit Ubuntu Linux

Published on December 6, 2010 by Zachary Lund in Adobe Flash and Ubuntu. 0 Comments Tags: Flash, Ubuntu.

Since Ubuntu Hardy Heron, it has become much easier to install Flash on Ubuntu, but the included restricted packages always leave me a bit disappointed. Luckily, Adobe provides a proper 64-bit version of Flash for Linux called “Square”. Since I tend to automate my installations, I wrote a script to install the latest version of Flash on my computer:

#! /bin/bash

# Remove any installed Flash packages
aptitude remove --quiet --assume-yes flashplugin-installer flashplugin-nonfree

cd /tmp/
FLASH="flashplayer10_2_p3_64bit_linux_111710.tar.gz"
wget http://download.macromedia.com/pub/labs/flashplayer10/$FLASH
tar xzvf $FLASH
mv libflashplayer.so /usr/lib64/mozilla/plugins/
rm $FLASH

Now Flash runs properly, and with the switch to “Square,” it even seems to consume fewer resources on my machine.

MySQL Duplicate Key in Table Errors

Published on December 3, 2010 by Zachary Lund in MySQL. 0 Comments Tags: Database, MySQL.

Recently, I tried to dump data from a production database and import it locally in a development environment. I went through the normal process of dumping the data:

mysqldump database > database.sql

And importing it locally:

mysql database < database.sql

However, I quickly got a duplicate key error:

ERROR 1022 (23000) at line 1170: Can't write; duplicate key in table 'sys_tracking_archive'

After some looking, I discovered the “–insert-ignore” option:

mysqldump --insert-ignore > database.sql

The second attempt to import the data worked correctly. Alternatively, I could have replaced all instances of “INSERT” with “INSERT IGNORE” in the original SQL dump file.

Privileged SSH Port Forwarding with Sudo

Published on August 7, 2010 by Zachary Lund in Secure Shell. 0 Comments Tags: SSH, SSH Agent, SSH Key, SSH Port Forwarding, sudo.

There are many articles about privileged SSH port forwarding but not much about properly using SSH keys and config files.

The problem is that upon typing:

ssh dakara -L 80:localhost:80

the response is:

Privileged ports can only be forwarded by root.

The obvious solution is to just use sudo:

sudo ssh dakara -L 80:localhost:80

but this produces:

ssh: Could not resolve hostname dakara: Name or service not known

Unfortunately, “dakara” is a host configured in ~/.ssh/config and not available to root. This can be fixed with:

sudo ssh -F ~/.ssh/config dakara -L 80:localhost:80

but this tries to connect as root and prompts for a password. Adding “-l $USER” sets the user name to my user name (This could also be set in the SSH config file.), and adding “-E” to sudo preserves the environment allowing my SSH agent to be used.

sudo -E ssh -F ~/.ssh/config -l $USER dakara -L 80:localhost:80

Now everything connects, and I am not prompted for a password.

FreeNX on Ubuntu

Published on April 15, 2010 by Zachary Lund in Ubuntu. 0 Comments Tags: FreeNX, Remote Access, Terminal Server, Ubuntu.

I have been using FreeNX on Ubuntu Linux as a terminal server for remote graphical access. (It’s similar to Remote Desktop on Windows.) It’s fast and works quite well on slow Internet connections. NoMachine provides clients for Mac OS X, Windows, and Linux, which means I can connect to my machine from anywhere.

Most of the instructions are available in Ubuntu’s documentation for FreeNX. First, add the repository, update the package listings, and install the FreeNX package:

add-apt-repository ppa:freenx-team aptitude update aptitude install --quiet --assume-yes freenx

Finally, set up FreeNX. I opt to use the default SSH key pairs (“–setup-nomachine-key”) because it doesn’t require additional configuration for the client to connect. I added the “–clean –purge” to fix authentication errors that I began having after I upgraded to Ubuntu 9.10.

/usr/lib/nx/nxsetup --install --setup-nomachine-key --clean --purge

After I install a client, I can connect to my computer from anywhere and use it as though I were sitting in front of it.

Simple Scan on Ubuntu

Published on March 5, 2010 by Zachary Lund in Ubuntu. 0 Comments Tags: HP ScanJet 5300C, Simple Scan, Ubuntu, XSane.

I have an HP ScanJet 5300C scanner and have had no luck getting it to run on Mac OS X after 10.3 Panther, Windows Server 2003, and Ubuntu Hardy Heron. After I upgraded to Ubuntu Karmic Koala, the XSane Image Scanner applications would scan a preview but would not actually save the image. (That’s more progress than I have had for a few years.) Next, I installed Simple Scan, which scanned and saved the image nicely. The program is a little simpler than I would like, but it beats the complexity of XSane. More importantly, it worked.

Review of Lake Erie Systems

Published on March 3, 2010 by Zachary Lund in Printing. 0 Comments Tags: Fuser, HP Color LaserJet 2550, Lake Erie Systems.

I recently purchased an HP Color LaserJet 2550 Fuser from Lake Erie Systems. It was a little pricey, but it arrived quickly and functioned as promised. Apparently I was not particularly observant when I purchased a new fuser because I did not see that they also had an exchange program for refurbished fusers. I inquired via email as to options to return my old (empty) fuser and possibly receive some sort of credit. The representative that I worked with explained that credit is only available for refurbished fusers but that he would refund me $10 regardless. I informed him that I had not received a shipping label to return the current fuser. He apologized and sent out a shipping label, which arrived promptly. I mailed the fuser back and received my $10 credit.

Bottom line: Lake Erie Systems delivers their products promptly and as advertised. Their customer service is attentive and accommodating.