As I build more and more Pi-based systems, I find the need to add management scripts for accessing SSH, OpenVPN, and all kinds of other tools. This leads me to version 4 of the CloudFlare Dynamic DNS AutoIP updater script. It’s now hosted on GitHub.

Pulling off of GitHub:


Cloudflare-Subdomain-AutoIP-Updater

Create a private Dynamic DNS using the CloudFlare API with this script.

If you have a domain registered at CloudFlare, you can use this script to update the IP of the subdomain with a specific computer. The computer will get its IP address and send the information to CloudFlare using the API.

This script creates 3 files:

  1. an initializing script that creates and runs everything: cf_ip_script_creator.sh
  2. a script that gets all the CF details from you: cf_ip_updater_creator.sh
  3. a script that updates the subdomain IP address: cf_ip_updater.sh

Put the 3rd script (cf_ip_updater.sh) into a cron job to run every 5 or 15 minutes or so so that you can use access your system anywhere.

  sudo crontab -e
  
  */10 * * * *  nice -n 16 /home/scripts/cf_ip_updater.sh

Potential uses:

  • log into your computer anytime with SSH
  • run a portable OpenVPN server
  • keep your blog server private by using CloudFlare caching
  • whatever you can think of

Some potential issues:

  • if you fail to successfully run the script, the cat commands that append text to existing commands will force you to delete the create scripts (cf_ip_updater.sh, cf_ip_updater_creator.sh) before you run the initializing script (cf_ip_script_creator.sh) again.

You need the following information:

  • FULLDOMAIN cloudflare.com (your registered domain name)
  • SUBDOMAIN web.cloudflare.com (your subdomain linked to your system’s IP address)
  • EMAIL [email protected] (your account name)
  • KEY 9a7806061c88ada191ed06f989cc3dac (your CloudFlare API key details)
  • FILEPATH /home/path (where you want the script to be)

How to run:

  wget https://raw.githubusercontent.com/tgmgroup/Cloudflare-Subdomain-AutoIP-Updater/master/cf_ip_script_creator.sh
  chmod +X cf_ip_script_creator.sh
  sudo bash cf_ip_script_creator.sh

Dependencies:

  • The jq command requires the jq package (sudo apt install jq)
  • The dig command requires dnsutils (Debian) or bind-utils (Cent-OS) (sudo apt install dnsutils)

Read more at:

The last few days, I’ve been working on a vpn server for my home network. It’s so that my family all over the world can see the pictures of my son, which are hosted on a local server. However, I don’t want to expose those pictures to the world, hence the need for a vpn.

While using PiVPN to set up an OpenVPN server, I ran the script once and, since I hadn’t finished everything yet, I selected the Static IP option for the server. Since I was close to finishing all the setup, I wondered, how do you change the PiVPN OpenVPN config to use either a static ip address or dynamic domain name after running the initial configuration script?

It’s not difficult to change this in the ovpn config files that PiVPN generates, and OpenVPN apparently doesn’t care if the server name is an IP or a domain, so long as the client reaches the vpn server. However, I like to be a little bit of a perfectionist and it makes sense to change it to make future client configuration issues easier.

So after searching the PiVPN git page and the local /etc/ directories, I realized that the place to change the server name option was in this file:

/etc/openvpn/easy-rsa/keys/Default.txt

Just run a simple sudo nano /etc/openvpn/easy-rsa/keys/Default.txt command to edit the “remote” field:

client
dev tun
proto udp
remote Your-Domain-Name Your-Port-Number
resolv-retry infinite

Then run the pivpn add command to create a new client, and use sudo nano /home/pi/ovpns/Your-New-Client.ovpn to check to see that the domain name is being used instead of a static IP.

 

 

Photo by Nguyen Vu Hung (vuhung)

 

I talked about how to use PiVPN to set up an OpenVPN server on a Raspberry Pi at home previously, here and here. The next step for me was to use CloudFlare as a DNS server, instead of signing up for yet another internet service and having another login here or there to worry about.

This very smart guy, Tomasso Barbato, wrote up how to do it, but he includes two versions, an APIvUnknown and an APIv4 version. CloudFlare only supports the APIv4 version as of next month, I guess, so I’m copying the scripts here, as many of my referenced internet pages have gone offline in recent months. Read his page, though, so that you know what to do. I’ve also bolded the variables so that you can simply run a Replace All command in a text editor to easily adapt the scripts for your use. An enterprising hacker would create a bash script to automate all the other scripts, but…

Initial setup

This should be pretty easy, but:

  1. Go to CloudFlare
  2. Add an A record to your domain through the DNS page
  3. Use your current IP address of your server for the record
  4. Read the page to learn how to do it, but use my edits for an easier time.

The important variables

FULL-DOMAIN: example.com
SUB-DOMAIN: sub.example.com

From the CloudFlare user settings page

EMAIL: Account Email:    X-Auth-Email: [email protected]
KEY: API Key:    X-Auth-Key: 9a7806061c88ada191ed06f989cc3dac

*Note: the API Key is the shorter of the two keys that you have the option of requesting

Use scripts to obtain

ZONE-ID: Zone ID (domain name): “id”: “dac9320b638f5e225cf483cc5cfdda41”
RECORD-ID: Record ID (subdomain/A record): “id”: “8ada191ed06f989cc3dac9a7806061c8”

*Note: I’m using a VARIABLE: explanation: example format here.

The scripts

Get Zone ID:
curl -X GET "https://api.cloudflare.com/client/v4/zones?name=FULL-DOMAIN" \
  -H "X-Auth-Email: EMAIL" \
  -H "X-Auth-Key: KEY" \
  -H "Content-Type: application/json" | jq .
Get Record ID:
curl -X GET "https://api.cloudflare.com/client/v4/zones/ZONE-ID/dns_records?name=SUB-DOMAIN" \
  -H "X-Auth-Email: EMAIL" \
  -H "X-Auth-Key: KEY" \
  -H "Content-Type: application/json" | jq .
Bash script for crontab
#!/bin/sh

[ ! -f /var/tmp/current_ip.txt ] && touch /var/tmp/currentip.txt

NEWIP=`dig +short myip.opendns.com @resolver1.opendns.com`
CURRENTIP=`cat /var/tmp/currentip.txt`

if [ "$NEWIP" = "$CURRENTIP" ]
then
  echo "IP address unchanged"
else
  curl -X PUT "https://api.cloudflare.com/client/v4/zones/ZONE-ID/dns_records/RECORD-ID" \
    -H "X-Auth-Email: EMAIL" \
    -H "X-Auth-Key: KEY" \
    -H "Content-Type: application/json" \
    --data "{\"type\":\"A\",\"name\":\"SUB-DOMAIN\",\"content\":\"$NEWIP\"}"
  echo $NEWIP > /var/tmp/currentip.txt
fi

 

By using this script, I now have an OpenVPN server that is somewhat protected by CloudFlare that I can access anywhere and whenever I want, no matter if my home router reboots or if I change internet providers.

There is a caveat: CloudFlare can only protect ports that are used with HTTP HOST headers, SSH or OpenVPN or any other protocol requires the A record to disable its CloudFlare protection. This exposes your IP address somewhat, but it is also protected somewhat. There’s a tradeoff between domain name privacy and personal convenience here.

I also read that a SRV record hides the IP of an origin server better than an A record, so that’s a logical next step, but not one that I have time for right now.

 

Photo by Nguyen Vu Hung (vuhung)

 

Security@Georgeliu.me

Before, I had written about a CloudFlare auto-ip-updating script, but it required a lot of user input and a lot of user effort. Luckily, or not, I  crashed my OMV server, and I think an error ate up my PiVPN sd card. So I had to start all over!

This time, I updated the CloudFlare script to be auto-updating.

This bash script requires the following inputs in this order (INFO example):

  • FULLDOMAIN cloudflare.com
  • SUBDOMAIN web.cloudflare.com
  • EMAIL [email protected]
  • KEY 9a7806061c88ada191ed06f989cc3dac
  • FILEPATH /home/path

If you organize your inputs in this order, it is very easy to copy once and paste to get your results.

Create and Run Script

Create a script and paste the following code in:

sudo nano cf_ip_updater_creater.sh

sudo chmod +x cf_ip_updater_creater.sh
./cf_ip_updater_creater.sh
Script Code
#!/bin/sh

#Get User Data
echo -n "Enter your FULL-DOMAIN (e.g. cloudflare.com) and press [ENTER]: "
read FULLDOMAIN

echo -n "Enter your SUB-DOMAIN (e.g. web.cloudflare.com) and press [ENTER]: "
read SUBDOMAIN

echo -n "Enter your Cloudflare Email (e.g. [email protected]) and press [ENTER]: "
read EMAIL

echo -n "Enter your Cloudflare API Key (e.g. 9a7806061c88ada191ed06f989cc3dac) and press [ENTER]: "
read KEY


echo -n "Enter path to create cf_ip_updater.sh script (e.g. /home/path) and press [ENTER]: "
read FILEPATH


#Get Zone and Record IDS
ZONEID=$(curl -X GET "https://api.cloudflare.com/client/v4/zones?name=$FULLDOMAIN" \
  -H "X-Auth-Email: $EMAIL" \
  -H "X-Auth-Key: $KEY" \
  -H "Content-Type: application/json" | jq . | grep id | head -1 | cut -d '"' -f4)

RECORDID=$(curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONEID/dns_records?name=$SUBDOMAIN" \
  -H "X-Auth-Email: $EMAIL" \
  -H "X-Auth-Key: $KEY" \
  -H "Content-Type: application/json" | jq . | grep id | head -1 | cut -d '"' -f4)


#Print IDS
echo "Your Zone ID:   $ZONEID"
echo "Your Record ID: $RECORDID"


#Create script
FILE="$FILEPATH/cf_ip_updater.sh"
echo "Your script name: $FILE"


cat <>$FILE
#!/bin/sh

[ ! -f /var/tmp/current_ip.txt ] && touch /var/tmp/currentip.txt

NEWIP=\$(dig +short myip.opendns.com @resolver1.opendns.com)
CURRENTIP=\$(cat /var/tmp/currentip.txt)

if [ "\$NEWIP" = "\$CURRENTIP" ]
then
  echo "IP address unchanged"
else
  curl -X PUT "https://api.cloudflare.com/client/v4/zones/$ZONEID/dns_records/$RECORDID" \
    -H "X-Auth-Email: $EMAIL" \
    -H "X-Auth-Key: $KEY" \
    -H "Content-Type: application/json" \
    --data "{\"type\":\"A\",\"name\":\"$SUBDOMAIN\",\"content\":\"\$NEWIP\"}"
  echo \$NEWIP > /var/tmp/currentip.txt
fi
EOM

chmod +x $FILE
Limitations

If you run this file more than once, it appends to the bottom of the previous run for cf_ip_updater.sh . Otherwise, I guess it’s OK.

 

Resources and References
  • http://unix.stackexchange.com/questions/45781/shell-script-fails-syntax-error-unexpected
  • http://askubuntu.com/questions/186808/every-command-fails-with-command-not-found-after-changing-bash-profile
  • http://unix.stackexchange.com/questions/48392/understanding-backtick
  • http://stackoverflow.com/questions/11710552/useless-use-of-cat
  • http://stackoverflow.com/questions/7549404/bash-script-to-pass-variables-without-substitution-into-new-script
  • http://unix.stackexchange.com/questions/238881/how-do-i-append-multiple-lines-involving-variables-to-the-end-of-a-bash-script
  • http://unix.stackexchange.com/questions/331068/append-multiple-lines-specified-as-verbatim-bash-variable-after-a-matched-line
  • http://unix.stackexchange.com/questions/147082/how-to-append-multiple-lines-to-a-file-with-bash-with-in-front-of-string
  • http://stackoverflow.com/questions/7875540/how-do-you-write-multiple-line-configuration-file-using-bash-and-use-variables
  • http://unix.stackexchange.com/questions/77277/how-to-append-multiple-lines-to-a-file-with-bash
  • http://stackoverflow.com/questions/4181703/how-can-i-concatenate-string-variables-in-bash
  • http://unix.stackexchange.com/questions/94664/how-to-echo-variables-using-cat-into-file
  • http://www.tldp.org/LDP/abs/html/here-docs.html#HERELIT
  • http://stackoverflow.com/questions/11162406/open-and-write-data-on-text-file-by-bash-shell-scripting
  • http://stackoverflow.com/questions/4662938/create-text-file-and-fill-it-using-bash
  • http://stackoverflow.com/questions/8737638/assign-curl-output-to-variable-in-bash
  • http://stackoverflow.com/questions/25320928/how-to-capture-the-output-of-curl-to-variable-in-bash
  • http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-5.html
  • http://stackoverflow.com/questions/840536/how-to-use-environment-variable-inside-a-quoted-string-in-bash-script
  • http://unix.stackexchange.com/questions/148285/extract-value-between-double-quotes
  • http://unix.stackexchange.com/questions/166359/how-to-grep-the-output-of-curl

Security@Georgeliu.me

There’s a lot of private information on the internet. Your credit card companies, banks, grocery stores, discount clubs… basically everyone in the US is selling your data to 3rd party information aggregators, who in turn process it and sell it to other interested people.

Why should you be concerned? If people have your name, they learn about you. They can steal your identity. They can target you. All kinds of things, because there are bad people out there.

This is a list of things to do to remove your personal information (address, name, and phone number) from the internet.

1. Search for yourself.

If you’re lucky, you have a fairly common name. You won’t be too easy to find (which can be a problem if you want to be famous!). Although a common name and a specific address can be very easy to find.

If you’re not lucky, you have a very specific name, and you also tend to use your middle name when signing contracts or filling in forms. You are very easy to find.

2. Note which websites are selling your information.

There are a lot of big data aggregators out there. Some of the big ones that came up as I was helping my mother remove her information were:

There are tons of these companies. It’s easy to aggregate data, but InstantCheckmate seems to be especially privacy-offending, as they offer maps of your address as well as linking to all your relatives.

These companies also change their privacy policies and opt-out links regularly. And they require you to specifically ask to remove single pages when multiple pages have your info. And they put up the information again as it becomes available. It’s their business, but they don’t make it easy to like them.

3. Opt-out if you can, obfuscate if you can not.

Remove your information using the links above. If you can’t remove information, try signing up for store point cards or services using fake names and fake addresses.

Remember that the data aggregation services can only buy your data because other people are selling it to them. You, yourself, might be putting private information on the internet by:

  • signing up for store point cards
  • entering a raffle or contest
  • setting up a business
  • filling out a census report
  • filling out a survey
  • not opting-out of credit card/bank information sales

4. Protect yourself.

Kotaku has a good guide on how to protect your private information. Basically:

  1. Don’t put sensitive stuff on the internet.
  2. Lock down your privacy on social media.
  3. Don’t use your real name (your full name) for unimportant stuff.
  4. Don’t get hacked (use strong passwords and two-factor authentication)
  5. Don’t be a dummy.

 

 

Note that if you remove information on yourself from the internet, it can be harder to find you for legitimate purposes. Celebrities may wish to hide their real names, but may also wish to promote themselves as well.

You also provide information with every credit-card signup and business document. It’s hard not to put information on the net, so you need to be vigilant about removing your information.

 

You can’t always protect yourself. But there are things you can do to make it harder for others to attack you.

Lastpass is a great tool for keeping users secure, but it is not free across mobile and desktop platforms. With a little work, KeePass can be installed and configured to use the same password data as LastPass.

You will need an app called MiniKeePass on iOS or Android KeePass on Android or the equivalent. You will also need Excel and NotePad.

Here’s the general process:

  1. Export the LastPass database to a csv file.
  2. Open the csv file in Excel.
  3. Remove the last column (the favorites column).
  4. Save the csv file.
  5. Open an iOS file manager and navigate to the MiniKeePass data folder.
  6. Export the database file to the MiniKeePass app.

Alternatively, MiniKeePass can sync with DropBox. Just make sure your master password is secure when syncing through DropBox.

Also, Windows and Excel do not have very good multi-language support out of the box. Special characters and foreign languages are often deleted when opening in Excel.  To keep UTF-8 special characters and prevent conversion to ANSI, open the csv database in Notepad, first. Then save it as a UTF-8 csv file before opening it with Excel.

 

Sources – 1, 2

 

 

Long-time users of Office often need to copy Excel data into Word and vice versa. There are often errors, though, as Word likes to convert spreadsheets into tables that often do not fit the document’s formatting or size.

Instead of converting into a table, use the “Save as Picture” option. While this doesn’t allow for further editing, the image preserves all the original data and styles.

In Excel, select the data and copy (Ctrl+C).

In Word, right click and select “Save as Picture”.

That’s it!

 

Source – wikihow

Windows 8 and Word 2013 are much better adapted to touch controls than Windows 7 and previous Windows operating systems. However, Word 2013 and all the other Office 2013 programs have a very annoying habit of popping up the touch keyboard whenever the touch panel is used. The touch keyboard can cover up to half the screen of the tablet, making it impossible to work using mixed input operations.

The key to solving this annoyance is to either use Touch mode in Office 2013 or disable the Touch Keyboard. The latter is the more effective solution and can be simply done by pulling up the Services console and disabling the Touch Keyboard and Handwriting Panel Service:

  1. Press ”Win+R”
  2. Type in ”services.msc”
  3. Find the ”Touch Keyboard and Handwriting Panel Service”
  4. Click ”Stop”

The Touch Keyboard can be easily re-enabled by restarting the service or clicking on the Touch Keyboard icon in the Task Bar.

However, the process of always stopping and starting the touch keyboard can be a big hassle. Wouldn’t it be easier to create a simple toggle switch?

 


 

The basic functions

It is possible to create shortcuts to start or disable the Touch Keyboard on demand. The basic programs for this can easily be created using the command line interface, notepad, and batch files.

Simply open NotePad, enter one of the following two lines, and save as a ”.BAT” file (e.g., ”StopTouchKeyboard.bat”).

net stop TabletInputService
net start TabletInputService

The ”sc query” command can also be used for a more verbose message instead of the ”net” command, although the command line interface popup is so quick to disappear that neither command’s message can be seen.

The toggle function

However, the above solutions using net stop and net start are very basic, meaning users need two batch files. Why not create a toggle switch? The || (else) command makes this very simple:

net start TabletInputService || net stop TabletInputService

The || operand means that if net start does not successfully execute (because the service is already running), net stop should execute. If the service is not running, net stop will never execute since net start will successfully execute.

There is at least one glaring problem with this method, however. Batch files normally do not have administrative privileges, which can be a problem when activating these services. To run these batch files, users need to right click and select Run as Administrator. One workaround is to download the ”setinacl” tool from Microsoft, which grants programs administrative privileges; another is to download and run tools such as ”Elevated Shortcut”.

Creating an executable

The next step in this program, then, is to change the batch file from a ”.bat” to a ”.exe” executable. This will make it easier to run the program and give it administrative rights. To do this, run the program called ”iexpress.exe” as an administrator. Iexpress is actually a program to create an installer, but it can be used to run batch files. The options to choose are these (you may want to select other options to troubleshoot the installer):

  • Open ”iexpress.exe” (as an administrator)
  • Select ”Create new Self Extraction Directive file”
  • Select ”Extract files and run an installation command”
  • Type in the desired program name (i.e. TouchKeyboardToggle)
  • Select ”No Prompt” (no installation confirmation)
  • Select ”Do not display a license”
  • Add the batch file (containing the line net start TabletInputService || net stop TabletInputService)
  • Type in this command: “cmd /c “ProgramName.bat” (i.e. cmd /c “TouchKeyboardToggle.bat”)
  • Select ”Hidden” (installation window)
  • Select ”No message” (no post-installation message)
  • Browse for and type in desired program name (i.e. ”C:\Users\UserName\Desktop\TouchKeyboardToggle.exe”) and be sure to select ”Store files using Long File Name inside Package”
  • Select ”No restart”
  • Select ”Don’t save” (don’t save the SED file to create another iexpress installation executable)

Now the process should be done. Run the new executable as an administrator to test the toggle. It should work, if you avoid some common problems. The following are some errors I ran into while creating the toggle:

  • Invalid parameters: If you enable verbose messages (prompts and confirmations), an error will show up when you run the toggle if you do not include quotes around the batch file name in this line: ”cmd /c “ProgramName.bat””. The quotes are very necessary.
  • Windows 7 and higher cannot run 16-bit programs: Windows 7 and 8 do not include the ”command” function, but they do include the ”cmd” function. There is a very small, very important difference of 16 bits between the two very similar programs. Be sure to include ”cmd /c” in this line: c”md /c “ProgramName.bat”” instead of simply ”ProgramName.bat” in order to use the 32-bit cmd function.
  • Cannot create *.RPT (report) file: If you do not run iexpress as an administrator, the system will not allow it to create certain necessary files, meaning the executable will not be created.
    Packaged .bat doesn’t run: If you do not check the ”Store files using Long File Name inside Package” option, the installer might rename the file; when the program runs, it will no longer be able to find the .bat file and nothing will happen.

Giving the program administrative privileges

Now for the final step in the toggle: the administrative rights. It is very easy to bypass the Windows User Account Controls through adjusting UAC settings, creating shortcuts, or creating user tasks. However, the easiest method is probably to simply run the program in compatibility mode with administrative rights always on—this is safe so long as you trust the program. Since this program does very little except turn on and off the Touch Keyboard, there should be no problem with trust, especially if you write it yourself. Simply follow this process:

  1. Right Click on the .exe
  2. Click ”Properties”
  3. Click on the ”Compatibility” tab
  4. Check ”Run as administrator”
  5. Click ”OK”

Final steps

Last, you will probably want to put this program in a nice folder (i.e. ”C:\Program Files\TouchKeyboardToggle\”) and pin a shortcut to it on the task bar for easy access. To create the shortcut, follow this process:

  1. Right Click on the .exe
  2. Click ”Create a Shortcut”
  3. Right Click on the shortcut
  4. Click ”Rename”
  5. Rename the shortcut (i.e. TouchKeyboardToggle)
  6. Press Enter
  7. Right Click on the shortcut
  8. Click ”Pin to Taskbar”

To skip all these steps

I have included the Toggle Switch and Shortcut for readers of this blog. You can find the programs and shortcuts [here|http://s.tgmjapan.com/TouchKeyboardToggle] at [TGM Japan|http://www.tgmjapan.com].

However, you will need to edit the shortcut to point to the correct file location, and you will need to add administrative rights to the program. The program may also not work correctly due to idiosyncrasies within the iexpress OS environment.

One last thing to note is that the program, which is technically an installer, may cause Windows to pop up an error message the first time it runs, asking if the program has installed correctly. Click yes and it should not happen again.

To change the Icons

If you want to change the icons to a more attractive icon, see this resource or simply right click on the shortcut.

 


 

 

Credits:

Other resources: