Wednesday, August 25, 2010

how to disable sshd authentication log

  • grml 2010.04 Release Codename Grmlmonster [2010.04.29] (debian based)
I don't want the system to log when I ssh to it.  Normally, when I ssh to the server, there will be authentication logs get logged to:


Below is the sample logs when I logged on via ssh:

Aug 23 11:21:01 grmllinuxrocks sshd[18155]: pam_sm_authenticate: Called
Aug 23 11:21:01 grmllinuxrocks sshd[18155]: pam_sm_authenticate: username = [grml]
Aug 23 11:21:01 grmllinuxrocks sshd[18155]: Accepted password for grml from port 1074 ssh2

which I want to get rid of.

In order to get rid of this authentication log, you have to edit this file:


Open it and look for the lines:

auth,authpriv.*          /var/log/auth.log
*.*;auth,authpriv.none   -/var/log/syslog

And change them to:

auth,authpriv.*          /dev/null
*.*;auth,authpriv.none   -/dev/null

And that's it.  Enjoy your anonymity.

how to disable caching of squid

You can disable caching by adding these 2 lines below in your squid's configuration (/etc/squid/squid.conf):

cache deny all
cache_dir null /tmp

how to disable squid's logs

For the extreme anonymity, ones might also want to disable all the logs generated by squid.  Here is the easiest way I found to disable the logs.  In squid's configuration file which is, for my case:


access_log /var/log/squid/access.log squid
access_log /dev/null squid

cache_log /var/log/squid/cache.log
cache_log /dev/null

cache_store_log /var/log/squid/store.log
cache_store_log /dev/null

"/dev/null" is a magic device file in unix.

Tuesday, August 24, 2010

dyndns and ddclient configuration under grml linux (or, probably, other debian based distros)

Dynamic DNS allows you to have domain name with your dynamic ip address assigned by your local ADSL Internet.  One thing you need to do is to set up a dynamic dns client in a machine inside your local network where it uses your local ADSL Internet.   Nowaday, many ADSL routers support dyndns.  However, I'd prefer setting it up on a linux machine instead as I will surely have full control over the system.  By default, the configuration (/etc/ddclient.conf) in grml 2010.04 looks like this:

# Configuration file for ddclient generated by debconf
# /etc/ddclient.conf

use=web,, web-skip='IP Address'

This is not enough for my case.

After I spent time through trail and error I found I have to edit file /etc/default/ddclient:

set daemon_interval="60"

And in file /etc/ddclient.conf

# Configuration file for ddclient generated by debconf
# /etc/ddclient.conf

use=web,, web-skip='IP Address',

The most important thing is that you have to provide your domain names on the last line which will get updated.  Note that I tried setting daemon_interval in /etc/ddclient.conf but it didn't work so I instead set it in /etc/default/ddclient.

I am sure there must be other settings that work too.  But I will just stick with this approach.

Saturday, August 14, 2010

programmers' tools for files and directories comparison

In Linux, I use dirdiff to compare directories and I use vimdiff to compare files.

How To Resize ext3 Partitions Without Losing Data in Linux

I had a single unencrypted partition.  I wanted to have an encrypted partition so I had to shrink my existing partition first.  Then, created a new partition and encrypt it using cryptdisk.  Thanks to HOWTOFOURGE.  Please check it out.  The author does his best job writing such a good HOWTO:

Friday, August 13, 2010

how to sync ftp directory with a local directory in linux [part 2]

I did some more research and found out that lftp can accomplish my requirement!

All you have to do is to pass the following options to lftp : "-c -e"

Here is an example.  I have a file ~/main.conf:

user somepassword
set ftp:ssl-allow no
mirror -c -e

I also have another shell script to call lftp with proper configuration,


cd ~/projects/somehost-ftpdir
lftp -f ~/main.conf

I then call everytime I want to sync my local directory with the ftp server.

Please see previous blog post:

how to sync ftp directory with a local directory in linux [part 1]

monitor brightness adjustment in linux

Platform which I tested on:
  • grml 2009.10 Release Codename Hello-Wien [2009-10-31]
  • Debian GNU/Linux squeeze/sid
  • Lenovo laptop G460
There is a file:


If you cat it, you will see something like:

levels:  0 10 20 30 40 50 60 70 80 90 100
current: 70

Assuming you want to change your monitor brightness to 60, you can do this (as root) by:

# echo "60" > /proc/acpi/video/VGA/LCD/brightness

And today is Friday the 13th, make sure you brighten your monitor!

Thursday, August 5, 2010

recording any audio from your macosx

Ladies and gentlemen, I give you WIRETAP !!!

I bold it.  I italicise it.  And I even underline it.

The best tool ever to record any audio that can play on your MacOSX machine.  What I feel is that it just records directly from some  very low-level device or device driver I have no idea.  It's just amazing.  Go Get It Now!!!  And start recording everything!!!

Wednesday, August 4, 2010

screen title and vim (a.k.a. vi)

I use "screen" everyday whether I am on Grml Linux or MacOSX.  And also every time I log on to any unix servers, I have to run screen too as it is the best way to keep my sessions safely whenever there is Internet connection disruption.

Normally, when I do coding, I run multiple vim s under screen like this:

The blue status line comes from a setting in my .screenrc :

hardstatus on
hardstatus alwayslastline
hardstatus string "%{.bW}%-w%{.rW}%n %t%{-}%+w %=%{..G} %H %{..Y} %m/%d %C%a "

As you may notice, all the title of each screen are just the same "vi" even though I ran:
  • [screen 0] vi a
  • [screen 1] vi b
  • [screen 2] vi c
Therefore, I have no idea which file it is unless I switch to that screen which can be cumbersome most of the time.

Luckily, vi can send some special status to shell and screen to display a customized title.  All you need to do is to add these lines in your .vimrc file:

let &titlestring = "vi(" . expand("%:t") . ")"
if &term == "screen"
  set t_ts=^[k
  set t_fs=^[\
if &term == "screen" || &term == "xterm"
  set title

Note that the "^[k]" and "^[\" are control characters which you have to enter them by (in vim):
  • [in edit mode] ctrl+v => esc => k
  • [in edit mode] ctrl+v => esc => \
After that you re-run screen and use vi to open files and it should look like this:

Notice the vi(a), vi(b) and vi(c) - Now they display which file names they are opening!


Sunday, August 1, 2010

using bridge mode networking for guest operating system with VirtualBox

I installed virtualbox by adding this line to apt's source.list file in grml:

deb lenny non-free

Then I executed "au" (au is an alias for apt-get update in grml), followed by "agi virtualbox-3.2" (agi is an alias for apt-get install in grml).  Then I could run virtualbox for the first time by calling "VirtualBox" from shell.  I then installed Windows XP and everything went smoothly.  The default of guest os's networking type is NAT mode.  However, I wanted to use bridged mode as I think it will be fair for my guest os to co-exist in the same  LAN as other computers.  I then told VirtualBox I wanted to use bridge mode networking which was when it printed out some error message which I couldn't remember.

Anyway, after some researching I found out that after a fresh installation of everything, I also needed to install "dkms" package by:

# agi dkms

Then I restarted VirtualBox and I now can use bridge mode networking with the Guest OS under VirtualBox.

captcha killer

Even though captcha was originally designed to serve purpose of preventing malicious users or robots to submit html form,  there are (and always are) still people who need to kill it.  There are many different algorithms to read captcha and returns them as text.  Either direct purpose captcha killer or ocr (such as gocr under GNU/Linux) can be used to solve the same problem which depends on kinds of captcha we are dealing with at hand.  Each algorithm will have different limitations.

However, while I was searching on google about this topic, I found an interesting service by a Chinese-based company:

I like their idea.  I guess they set up a call centre-like office where their staffs sit in front of computers and type whatever they see on the screens.  They should develop some kind of libraries which will send all captcha to their office which are when they are being translated by HUMAN and returned back to the caller function.  This way, I believe there is no captcha on earth that they can't solve!

It is a paid service of course.  Consult them when you really need to kill severely difficult captcha such as hotmail's.