When adding a portable version of Git to Visual Studio Code, there are two things to be careful of:
  1. The path to the git executable is not in the main folder. It is in /bash/git.exe or \cmd\git.exe for Linux or Windows.
  2. When adding the git path to Visual Studio Code, open the settings.json file (Settings, Preferenes) and find the Git section. Add the git.path variable, but be sure to use double backslashes: "git.path": "C:\\PortableAppsPlatform\\PortableApps\\Git\\git-bash.exe"

 

I’m also playing with the Visual Studio Code Github extension but I haven’t had much success.

To get it to work, get a Github Personal Access token and then, in VSC, press Ctrl + Shift + P to open the command bar, then type in Github: Set Personal Access Token.... Add your code, then press Enter. And then apparently it should work, but it isn’t doing so for me.
With help from: 1, 2

An OMV server running OMV 3 (Erasmus) may experience a loss of wifi (wlan0) due to drivers being removed from the backports package.

Run the code below to download the broadcom wifi controller drivers and re-enable wifi (wlan0) (from OMV forums)

wget https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm/brcmfmac43430-sdio.bin
wget https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm/brcmfmac43430-sdio.txt
sudo mv brcmfmac43430-sdio* /lib/firmware/brcm/
sudo reboot

 

Consequently, this is also a good time to learn about wireless network troubleshooting tools:

ifconfig -a
iwconfig
sudo iwlist wlan0 scan
sudo ifdown wlan0 && sudo ifup -v wlan0

If any of these show an error or do not show the wlan0 interface, you may have a driver issue, such as the one with OMV and the RPi3 backport repository.

References: 1, 2, 3, 4

 

How do you increase the default wordpress file size limit? There are several different things to do:

  1. Increase the file size in Settings> Media or Network> Settings for multisite
  2. Increase the file size in php.ini (/etc/php-version-and-type-/php.ini)

Find these settings and change them to your desired file size:

Note that memory_limit must be larger than post_max_size must be larger than upload_max_filesize.

 

Resources: 1, 2

Security@Georgeliu.me

There’s a lot of private information on the internet. Your credit card companies, banks, grocery stores, discount clubs… basically everyone in the US is selling your data to 3rd party information aggregators, who in turn process it and sell it to other interested people.

Why should you be concerned? If people have your name, they learn about you. They can steal your identity. They can target you. All kinds of things, because there are bad people out there.

This is a list of things to do to remove your personal information (address, name, and phone number) from the internet.

1. Search for yourself.

If you’re lucky, you have a fairly common name. You won’t be too easy to find (which can be a problem if you want to be famous!). Although a common name and a specific address can be very easy to find.

If you’re not lucky, you have a very specific name, and you also tend to use your middle name when signing contracts or filling in forms. You are very easy to find.

2. Note which websites are selling your information.

There are a lot of big data aggregators out there. Some of the big ones that came up as I was helping my mother remove her information were:

There are tons of these companies. It’s easy to aggregate data, but InstantCheckmate seems to be especially privacy-offending, as they offer maps of your address as well as linking to all your relatives.

These companies also change their privacy policies and opt-out links regularly. And they require you to specifically ask to remove single pages when multiple pages have your info. And they put up the information again as it becomes available. It’s their business, but they don’t make it easy to like them.

3. Opt-out if you can, obfuscate if you can not.

Remove your information using the links above. If you can’t remove information, try signing up for store point cards or services using fake names and fake addresses.

Remember that the data aggregation services can only buy your data because other people are selling it to them. You, yourself, might be putting private information on the internet by:

  • signing up for store point cards
  • entering a raffle or contest
  • setting up a business
  • filling out a census report
  • filling out a survey
  • not opting-out of credit card/bank information sales

4. Protect yourself.

Kotaku has a good guide on how to protect your private information. Basically:

  1. Don’t put sensitive stuff on the internet.
  2. Lock down your privacy on social media.
  3. Don’t use your real name (your full name) for unimportant stuff.
  4. Don’t get hacked (use strong passwords and two-factor authentication)
  5. Don’t be a dummy.

 

 

Note that if you remove information on yourself from the internet, it can be harder to find you for legitimate purposes. Celebrities may wish to hide their real names, but may also wish to promote themselves as well.

You also provide information with every credit-card signup and business document. It’s hard not to put information on the net, so you need to be vigilant about removing your information.

 

You can’t always protect yourself. But there are things you can do to make it harder for others to attack you.

While setting up LetsEncrypt to work with CloudFlare, I ran into a bunch of issues with my NginX config that caused me a bunch of downtime. Because I run multiple domains, I wanted to keep my non-www to www URL redirects and also redirect HTTP to HTTPS.

Before, I was using just:

server {
server_name "~^([^.]*\.[^.]*)$";
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
return 301 $scheme://www.$host$request_uri;
}

It’s an incredibly elegant redirect. But it didn’t work well with my HTTPS redirect. So, I changed it to be a bit easier to understand (and more time-consuming to set up), which looks like this:

# NGINX Server Block for:
# Redirect non-www base domain (domain.com) to www (www.domain.com)
# Redirect HTTP to HTTPS SSL (HTTP2)
# Supports multiple domains and subdomains
# Created by George Liu (www.georgeliu.me / Github:tgmgroup)
# STEP 1 - Base HTTPS Block
server {
#Listen only on HTTPS, use STEP 3 to redirect from HTTP
listen 443 ssl http2;
listen [::]:443 ssl http2;
# Put Includes Here
# Change .domain1.com and .domain2.com to your own domain
# The .domain1.com wildcard format (DOT domain) catches all domains and subdomains of domain1.com
server_name .domain1.com .domain2.com;
# Put Server Configs Here
# Put Other Configs Here
}
# STEP 2 -  Redirect base (non-www URL) to HTTPS www
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# Catch only www subdomains on HTTP and HTTPS
server_name domain1.com domain2.com;
# Permanent redirect to HTTPS and www
return 301 https://www.$host$request_uri;
# Use the following if redirecting www to non-www URLs
#        server_name www.domain1.com www.domain2.com;
#        return 301 https://$host$request_uri;
# If using both HTTPS and HTTP (only www redirect), edit STEP 1 to include
#        listen 80;
#        listen [::]:80;
# and remove STEP 3
# and change the return 301 line to use "$scheme://" instead of "https://"
}
# STEP 3 -  Redirect all non- base-non-www HTTP to HTTPS
server {
listen 80;
listen [::]:80;
# Catch all base and subdomains on HTTP, including redirects from STEP 2
server_name .domain1.com .domain2.com;
# If user prefers, use "www.domain1.com *.domain1.com" combination instead of
# ".domain1.com" wildcard to avoid NGINX warnings
return 301 https://$host$request_uri;
}
view raw config hosted with ❤ by GitHub

Don’t forget the linux commands to edit and restart NginX

sudo nano /etc/nginx/sites-enabled/(config)
sudo nginx -t && sudo service nginx restart (OR) sudo systemctl restart nginx

And don’t forget to change your DNS settings at your DNS provider:

add a CNAME record: www as name and @ as hostname

Resources: 1, 2, 3, 4, 5, 6, 7, 8

About Boot Mode

The Raspberry Pi 3 can now be booted from a compatible USB drive. It works pretty well, but there are no noticeable differences in speed between a good SD card and a good USB drive. Primarily, cost may be a factor, as good USB drives are generally cheaper than good SD cards. Not all USB drives are supported–my Sandisk Ultra Fit worked, but my Trancend JetFlash did not.

Read the official documentation to learn how to set it up.

 

Boot Mode and Updates

I used apt-get update/upgrade to update my Raspberry Pi, which wiped out the boot mode. Make sure not to upgrade the bootloader, or save an edited bootable sd card to reapply the boot mode edits.

 

sudo mkdir /mnt/target
 sudo mount /dev/sda2 /mnt/target/
 sudo mkdir /mnt/target/boot
 sudo mount /dev/sda1 /mnt/target/boot/

cd /mnt/target
 sudo mount --bind /dev dev
 sudo mount --bind /sys sys
 sudo mount --bind /proc proc
 sudo chroot /mnt/target

sudo BRANCH=next rpi-update

exit
 sudo umount dev
 sudo umount sys
 sudo umount proc

sudo reboot

Official forums also have some more information.

While updating my RPi for a Cloudflare auto-ip-updater script, I ran into an issue where the dig command couldn’t be found. Also, the dnsutils package containing dig was not in the Raspbian repository. So, you can easily replace the dnsutils package with the knot-dnsutils package, and you get dig back. Install with sudo apt-get install knot-dnsutils.

 

Look for more here: 1, 2, 3

I previously created a RPi3 OMV server to share some pictures and movies across the network. But I configured the underlying Debian  to check for updates outside of OMV, which means it probably upgraded to Debian 8 Jessie instead of staying with Debian 7 Wheezy. Since OMV was based on version 2 (Stoneburner), it crashed everything.

So I started again. This time, I wanted to be sure I didn’t crash everything, so I installed OMV 3 (Erasmus) on Raspbian Lite (Jessie). What a headache! OMV reconfigures a bunch of things I didn’t want it to, especially sshd configs and wifi configs.

The first issue was that I couldn’t login through ssh. To fix that, add your user to the root or ssh group in the OMV web interface. You also want to check the sshd config to make sure that root can’t login and make other security changes.

Then, I rebooted the Pi and it was gone from my network. I couldn’t understand why, as I was working remotely, but when I got home, I saw it was still running and could bring up a locally connected display. It just wasn’t connecting to the internet. Trying ifconfig -a will give you an idea if it is connected or not.

To fix that, I had to go into the /etc/network/interface file and add back a bunch of wifi lines:

allow-hotplug wlan0
auto wlan0
iface wlan0 inet dhcp
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Now it’s working…again…I hope.

Security@Georgeliu.me

Before, I had written about a CloudFlare auto-ip-updating script, but it required a lot of user input and a lot of user effort. Luckily, or not, I  crashed my OMV server, and I think an error ate up my PiVPN sd card. So I had to start all over!

This time, I updated the CloudFlare script to be auto-updating.

This bash script requires the following inputs in this order (INFO example):

  • FULLDOMAIN cloudflare.com
  • SUBDOMAIN web.cloudflare.com
  • EMAIL [email protected]
  • KEY 9a7806061c88ada191ed06f989cc3dac
  • FILEPATH /home/path

If you organize your inputs in this order, it is very easy to copy once and paste to get your results.

Create and Run Script

Create a script and paste the following code in:

sudo nano cf_ip_updater_creater.sh

sudo chmod +x cf_ip_updater_creater.sh
./cf_ip_updater_creater.sh
Script Code
#!/bin/sh

#Get User Data
echo -n "Enter your FULL-DOMAIN (e.g. cloudflare.com) and press [ENTER]: "
read FULLDOMAIN

echo -n "Enter your SUB-DOMAIN (e.g. web.cloudflare.com) and press [ENTER]: "
read SUBDOMAIN

echo -n "Enter your Cloudflare Email (e.g. [email protected]) and press [ENTER]: "
read EMAIL

echo -n "Enter your Cloudflare API Key (e.g. 9a7806061c88ada191ed06f989cc3dac) and press [ENTER]: "
read KEY


echo -n "Enter path to create cf_ip_updater.sh script (e.g. /home/path) and press [ENTER]: "
read FILEPATH


#Get Zone and Record IDS
ZONEID=$(curl -X GET "https://api.cloudflare.com/client/v4/zones?name=$FULLDOMAIN" \
  -H "X-Auth-Email: $EMAIL" \
  -H "X-Auth-Key: $KEY" \
  -H "Content-Type: application/json" | jq . | grep id | head -1 | cut -d '"' -f4)

RECORDID=$(curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONEID/dns_records?name=$SUBDOMAIN" \
  -H "X-Auth-Email: $EMAIL" \
  -H "X-Auth-Key: $KEY" \
  -H "Content-Type: application/json" | jq . | grep id | head -1 | cut -d '"' -f4)


#Print IDS
echo "Your Zone ID:   $ZONEID"
echo "Your Record ID: $RECORDID"


#Create script
FILE="$FILEPATH/cf_ip_updater.sh"
echo "Your script name: $FILE"


cat <>$FILE
#!/bin/sh

[ ! -f /var/tmp/current_ip.txt ] && touch /var/tmp/currentip.txt

NEWIP=\$(dig +short myip.opendns.com @resolver1.opendns.com)
CURRENTIP=\$(cat /var/tmp/currentip.txt)

if [ "\$NEWIP" = "\$CURRENTIP" ]
then
  echo "IP address unchanged"
else
  curl -X PUT "https://api.cloudflare.com/client/v4/zones/$ZONEID/dns_records/$RECORDID" \
    -H "X-Auth-Email: $EMAIL" \
    -H "X-Auth-Key: $KEY" \
    -H "Content-Type: application/json" \
    --data "{\"type\":\"A\",\"name\":\"$SUBDOMAIN\",\"content\":\"\$NEWIP\"}"
  echo \$NEWIP > /var/tmp/currentip.txt
fi
EOM

chmod +x $FILE
Limitations

If you run this file more than once, it appends to the bottom of the previous run for cf_ip_updater.sh . Otherwise, I guess it’s OK.

 

Resources and References
  • http://unix.stackexchange.com/questions/45781/shell-script-fails-syntax-error-unexpected
  • http://askubuntu.com/questions/186808/every-command-fails-with-command-not-found-after-changing-bash-profile
  • http://unix.stackexchange.com/questions/48392/understanding-backtick
  • http://stackoverflow.com/questions/11710552/useless-use-of-cat
  • http://stackoverflow.com/questions/7549404/bash-script-to-pass-variables-without-substitution-into-new-script
  • http://unix.stackexchange.com/questions/238881/how-do-i-append-multiple-lines-involving-variables-to-the-end-of-a-bash-script
  • http://unix.stackexchange.com/questions/331068/append-multiple-lines-specified-as-verbatim-bash-variable-after-a-matched-line
  • http://unix.stackexchange.com/questions/147082/how-to-append-multiple-lines-to-a-file-with-bash-with-in-front-of-string
  • http://stackoverflow.com/questions/7875540/how-do-you-write-multiple-line-configuration-file-using-bash-and-use-variables
  • http://unix.stackexchange.com/questions/77277/how-to-append-multiple-lines-to-a-file-with-bash
  • http://stackoverflow.com/questions/4181703/how-can-i-concatenate-string-variables-in-bash
  • http://unix.stackexchange.com/questions/94664/how-to-echo-variables-using-cat-into-file
  • http://www.tldp.org/LDP/abs/html/here-docs.html#HERELIT
  • http://stackoverflow.com/questions/11162406/open-and-write-data-on-text-file-by-bash-shell-scripting
  • http://stackoverflow.com/questions/4662938/create-text-file-and-fill-it-using-bash
  • http://stackoverflow.com/questions/8737638/assign-curl-output-to-variable-in-bash
  • http://stackoverflow.com/questions/25320928/how-to-capture-the-output-of-curl-to-variable-in-bash
  • http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-5.html
  • http://stackoverflow.com/questions/840536/how-to-use-environment-variable-inside-a-quoted-string-in-bash-script
  • http://unix.stackexchange.com/questions/148285/extract-value-between-double-quotes
  • http://unix.stackexchange.com/questions/166359/how-to-grep-the-output-of-curl

Servers@GeorgeLiu.me

Did you ever get this code while using FreeFileSync: “Windows Error Code 1314: A required privilege is not held by the client.“?

I did. Many times. I thought it was a Linux file permission error on my Raspberry Pi 3 OMV setup, and I chmodded and chowned an unbelievable amount of times, to no effect. And then, while setting up a new temporary NAS on a Raspberry Pi 3, I found a new page: “Windows Error Code 1314: A required privilege is not held by the client.

If you don't really need to copy file system permissions, 
turn them off in global settings.

I solved the problem!