Category: IT

Posted on
by

Today I had to access my computer via VNC. There are several manuals how to enable VNC on a typical Linux desktop nowadays. It usually involves some sort of clicking on Sharing => Enable Screenshare and you’re done. It’s really that easy.

How would I do this however remote when I can not access my already running desktop computer via VNC? SSH is enabled on my machines since most of my work involves jumping and tunneling my way through various networks to get stuff done. Just forwarding X was not enough today.

Turns out this is really easy as well. The screensharing feature on my distribution is done with Vino. That’s an integrated server for and this is exactly what the user starts by enabling the screenshare feature. Since is part of gnome it can be configured using gsettings.

So after enabling the screenshare for testing on my laptop I tested for all existing keys by running this listing:

gsettings list-recursively | grep Vino

It’s really short and basically all settings are no-brainers. Only the password had me wondering but it turned out this is just base64 encoded (and also optional). All that is left is running the vino-server binary in the end. This needs the correct environment variable $DISPLAY set since our target is a running X session. This one we can determine by executing the command w and looking for the TTY in use. Hint: It’s :1 in this case.

 beko  ~  w
  20:35:15 up  5:12,  1 user,  load average: 1,92, 2,33, 2,37
 USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
 beko     :1        15:24   ?xdm?   2:02m  0.00s /usr/libexec/gdm-x-session --run-script /usr/bin/gnome-session

Oh and you should also not connect with the X11 forward option -X because running the vino-server with this will result in some really funny endless picture in picture mode that I did totally not try out by mistake 😉

Now that I had all the information I needed I hacked together this little script that does this more or less automatically so I can forget about this again [and look it up two years later in my own blog]. It’s really crude and your mileage may vary. It does not account for multiple users or multiple running X Sessions:

export DISPLAY=$(w -oush | grep -Eo ' :[0-9]+' | uniq | cut -d \  -f 2)
echo "Display is $DISPLAY"
gsettings set org.gnome.Vino require-encryption true
gsettings set org.gnome.Vino use-alternative-port false
gsettings set org.gnome.Vino disable-background false
gsettings set org.gnome.Vino alternative-port 5900
gsettings set org.gnome.Vino icon-visibility 'client'
gsettings set org.gnome.Vino disable-xdamage false
gsettings set org.gnome.Vino authentication-methods "['vnc']"
gsettings set org.gnome.Vino prompt-enabled false
gsettings set org.gnome.Vino require-encryption true
#pw is just base64 so basically just echo -n 'awesomeness'| base64
gsettings set org.gnome.Vino vnc-password "YXdlc29tZW5lc3M="
gsettings set org.gnome.Vino view-only false
/usr/libexec/vino-server &
export VINOPID=$!
echo "Try vnc://$HOSTNAME:5900/"
echo "vino-server pid may be $VINOPID"

And that’s it. There is no root or sudo involved.

Example output executing the script

Don’t forget to kill the pid when done 🙂

CC-BY-NC-SA

This content is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International license.

Evaluating micro.blog finally myself. All I know of it before was from presentation or FAQ and I recommended it a lot already as your one-stop solution. Time to take a closer look myself. My first trial expired because I never finished the sign up process when confronted with adding credit card information upfront. I hear this is not or no longer required and @manton, creator of all this, kindly reset my trial.

So far I’m pretty impressed. Oh and it’s also powered by – my latest favourite toy I started playing around with 😀

Posted on
by
Decentralised SMTP is for the greater good (poolp.org)
TL;DR: - SMTP is the way computers exchange e-mails - it is a decentralised protocol meaning that ANYONE can run a node and be independant - it is being centralised at companies that have a history of abuse - it is being centralised in a country that has a history of abuse Where did you read this already ? In August, I published a small article titled “You should not run your mail server because mail is hard” which was basically my opinion on why people keep saying it is hard to run a mail server.

This is a good read about SMTP and why it’s a bad idea to roll with the big 5:

https://poolp.org/posts/2019-12-15/decentralised-smtp-is-for-the-greater-good/

We’re currently at a point where it is even difficult to run your own mailserver because small mailservers tend to end up on some blocklist thanks to “bad neighbourhood”. That’d be ips “next” to you. Getting removed again – even for no reason – is a PITA, because there is no unified way of doing so. Happened again and again and while the big 5 won’t bother blocking entire ranges most of the spam bouncing of my own mailserver is indeed from the big mailserves themself. So nowadays I simply stopped caring at all.

My advice for affected people is the same: Use a smaller provider or even run your own. Do not use the mailservices of the big companies. It’s not that hard. Even a consumer NAS can do it.

Posted on
by

Dieser Tage dem Housekeeping zum Opfer gefallen: Die Parteizugehörigkeit zur

Mit dem Wegfall meiner 4-stelligen Mitgliedsnummer 34** erinnere ich mich gerne an die Anfangszeit. Die für mich so wichtigen Kern-Themen sind inzwischen in der Gesellschaft angekommen, womit sich meine Gründe für mein damaliges Engagement erledigt haben. Ich bin davon überzeugt dass vieles deutlich schlimmer hätte kommen können.

Inzwischen ist immerhin ein gewisses Bewusstsein für Datenschutz und Privatsphäre entstanden, was sich in Gesetzen wie dem (DSGVO) niedergeschlagen hat.

Wer sich nicht mehr erinnert, wie die Netz-Politik damals in Deutschland aussah, kann das Gedächtnis zum Beispiel im Archiv des AK-Zensur.de auffrischen.

Übrigens: Ich bin sogar weiterhin mit dem Parteiprogramm ganz einverstanden. Trotzdem fühle ich mich nicht mehr zugehörig und habe den Anschluss verloren. Damit ist das alles wieder bei Theater angekommen – und hier findet man den höchsten Unterhaltungswert gerade anderweitig *zwinkersmiley.

Posted on
by

There’s a thing that puzzles me every time I visit some doctor, or hospital or dentist. You get it. Everywhere you get to sign a (or refuse to, like I do) and next thing happening is you’re sited in a room waiting for your turn. With a computer. Usually with your patient file already opened and on screen.

There is _so_ much you could do now. Like editing, opening other files, install a keylogger or some other device to the net – even wifi. WPS button is on the router next to it – default password on it’s back. System is in most cases horrible out of date and even if the screensaver is on it’s password is usually short, never changed and can be easily guessed or observed. And that’s all in a very sensitive setting. I observed this in various places now and when called out I get that “We’re not computer experts” shrug.

…but you signed that GDPR so all is [probably] good.

Am I the only one bewildered by this?

Posted on
by

Most Linux users know some systemd by now. There is systemd stop $someservice and systemd disable $someservice. If you think that’s all one has to know about systemd you’re missing out on a lof of features. That’s not the story for today tho.

Some services tend to come back even when disabled and stopped. Socket services come to mind. This is e.g. the case for rpcbind starting a portmapper service on tcp/111 that can be used for a DDoS reflection attack. There are various ways to deal with this from uninstall to firewalling or to mask this service. Since everbody on Linux gets to pick their own poision I decided to use mask to make sure this can simply no longer start without having to break dependencies by removing it or fiddle with the firewall:

systemctl stop rpcbind.service
systemctl mask rpcbind.service
Created symlink /etc/systemd/system/rpcbind.service → /dev/null.
systemctl daemon-reload

A masked service can not even be restarted manually any more. It’s dead in the water as long as this symlink exists.

Read more on this from Poettering himself:

http://0pointer.de/blog/projects/three-levels-of-off

Posted on
by

Visited Berlin / Germany for the to learn more about the . We changed plans last minute and went by train to the camp when we found out about the new and kinda cheap from Stuttgart to Berlin.

Tram station in Berlin

The itself has been a blast. The location was the office grounds of Mozilla Berlin and we were even offered a tour to take a good look at it (and it’s coffee machines).

The group was a very mixed bunch from various places. Some even took planes over the ocean to visit the camp on the continent. It’s nice to put faces on people I only knew from reading so far and I’m grateful for this chance.

Tantek Çelik speaking

The first day was all about getting to know the people. Organizer Tantek Çelik invited everyone to speak up and introduce themselves and their websites so we got a lot of examples of itches already scratched with principles.

We also learned about the OptOutTools project from the keynote speaker Teresa Ingram with the bold claim to work on AI capable of detecting misogyny online. It’s browser extention is designed like an ad-blocker or personal firewall where the user can decide how much of offending text may be displayed (or even none at all). Undetected phrases can be added to the filter to train it even more as well.

This resulted in a lof of discussion about intented and unintended side effects and how and in what ways speech will change and how people will try to break it. Detecing e.g. hate speech by AI is a goal even FB was (officially) not able to tackle so far. I’m very curious if and how this succeeds so I’ll keep an eye on their GIT repositories.

Learning about RFC 6920

Parallel other talks were held in various rooms. This way I learned about the proposed RFC 6920 on Naming Things with Hashes or a quick introduction to held by David Shanske. There were also some less technical discussions. Two teenagers attented to the camp as well so we had a talk about what’s in for them on the and we learned about TikTok dances. Some did their very first TikTok dance this day. So perhaps we’ll soon see a or provider for .

The evening was all about finding food for a group of ~15 people. That wasn’t an easy task. Berlin is an ever changing city and all restaurants were packed or gone for good. The online informations are sparse on this and way to often badly out of date. We were about to give up on this when we found a really small store that switches to some sort sort of food place in the evenings usually only visited by the local neighbourhood. They threw a bunch of tables together for us and somehow we all squeezed into it. Such a cozy and friendly place. I loved it and that night became a really short one for us.

The next day was about getting things done – a hard task beeing sleep deprived from the travels and short nights before.

While some just offered assistance others had more pratical goals in mind. This ranged from setting up a new enabled blog to hacking on gallery systems, location visualisation or in my own case on my provider for Okuna.io.

It’s really nice to see how other people work and get their projects done. Everybody has some very personal workflow here and I enjoy peeking over people’s sholders and catch a glimse of this.

In the end everybody got a chance to show what was achieved or learned. I got my prototype for backfeeding reactions going and used the chance to show this to the audience off the record without the cameras going. Okuna is still in closed beta so I’m sensitive on this topic. As mentioned I always have some invites to give away. I’d love to see more IndieWeb users on Okuna as well. I’ll need lab rats testers for my bridge soon anyway 😀

That was a great weekend and we met some awesome people at the camp. Of course we also snatched a bunch of new stickers and we ate as much candy from the stashes @MozillaBerlin as we could. Always fun to let the inner Geek run wild on such events 😉