ameir dot net

There are a few Yahoo! Mail IMAP proxies out there (YPOPS!, FreePOPs), but to be honest, I haven't had much luck with either of them.  Additionally, switching webmail interfaces to Asia or Classic or whatever can be a bit of a hassle.

Yahoo! supports IMAP on some mobile devices, and now also allows it for anyone using the Zimbra mail client.  Unfortunately, I'm not too fond of that client and much prefer my Thunderbird; too bad it isn't natively supported.

Luckily, Yahoo's IMAP implementation isn't too far off from what other clients recognize; it simply requires a "ID ("GUID" "1")"  to be issued before logging in.  No clients do that (except for these hacked up versions of Thunderbird), so my workaround was to create a simple IMAP proxy.

This proxy simply takes the commands sent to it by your mail client, passes them on to Yahoo, and relays them back to your client.  It all the while looks for your client to issue a "login" command so that it can inject the "id" command to unlock IMAP access.

This program is written in C and has been tested on Linux and Windows (via Cygwin). Read the release notes in the source for more information.  I haven't written in C for a while, and I know that this program can be improved.  If anyone does so, I'd like to hear from you.

Download latest source

Download Windows Cygwin version

I just spent countless hours trying to revive an old laptop with seemingly no hope left in it.  Its CD-ROM drive is bad, it doesn't support booting from USB, and it has no floppy drive.  After backing up the hard drive using a USB caddy, I tried countless ways of loading up bootdisks over PXE using MEMDISK and PXELINUX.  I got very close several times, but unfortunately both FreeDOS and MS-DOS failed me.  The closest I got was by partitioning the hard disk such that I had a 1GB FAT partition at the end with the XP installation files copied to it.  Running winnt32.exe from DOS brought me a lot of hope, but also a lot of pain, namely the error "Setup is out of memory and cannot continue."  I hacked away and the config.sys file and kept editing various bootdisks, but no luck in the end.  I tried dozens of things, but I'll skip that all and get to the good stuff:  how I got it working.

If you're an Ubuntu fan like me and use (or want to use) OpenVZ, you might not be too excited that the OpenVZ site doesn't yet have the latest edition of Ubuntu, 9.10 Karmic Koala, available as a precreated template.  Luckily, you can find them here.

For my purposes, I downloaded ubuntu-9.10-minimal_9.10_amd64.tar.gz.  After setting up a virtual instance with Proxmox and opening up a VNC session, I found that this template is way more minimal than I ever expected.  In all reality, that isn't so bad.  The lighter, the better.  Unfortunately, since I was setting up this new instance as a server, I had a good bit of work ahead of me.

Firstly, networking wasn't working at all with my bridged setup out of the box.  The solution:

edit /etc/network/interfaces and configure your NICs.  I had to comment out some properties of the venet0 interface to get things working.  Here's my final config file:

Notice that I'm using a static IP address.  You may want to try DHCP starting out since it'll make things easier.  Confirm network connectivity by pinging a remote host.  Don't forget to edit /etc/resolv.conf if you need to.

Now, I need to get some goodies installed on this thing.  In the end, I'm looking to install Virtualmin and host some websites, so I need to prep for that.  Luckily, Ubuntu makes it easy to get things started quickly.  Start off by issuing:

An ncurses dialog should appear.  Go ahead and select what you need.  I can tell you that I learned the very hard way by not initially selecting "Basic Ubuntu Server."  If you don't select that (don't worry, it's only a couple of small packages), none of your services will start at boot-time and you'll have to start each of them manually.

From there, you should be on your way.  I strongly recommend Webmin (add the apt repo) to ease server administration tasks.

Also, before I leave you be, if you're not using Proxmox to perform all of this OpenVZ magic, you're definitely missing out.  Hurry up and convert already!

According to the Virtualmin website, the latest version of Ubuntu that is supported is 8.04 LTS.  That's probably a safe stance to take since non-LTS versions of Ubuntu have a six-month lifecycle, and most serious hosting companies would stick with LTS versions.  For those of us who live on the bleeding edge and want to try Virtualmin on the latest version of Ubuntu, 9.10 (Karmic Koala), you'll find that the standard method of installation (the install.sh script on their site) will fail.

Luckily, the solution is simple.  

Add the following repository to your sources.list file:

Then run the following as root:

Webmin and Virtualmin will now be installed.  Note that the repository may not be as up-to-date as the direct download link.  If that scenario arises, simply find the URL of the latest Virtualmin package from the link, and do:

Interested in securing your website?  There are several types of certificates out there at wildly varying prices, but they all provide exactly the same function--encryption.  In most cases, you're no more secure with a $300 certificate than a $10 one; the difference lies in the verification the certificate company performs to confirm your identity.  In short, if you're not a bank or think your users won't trust you using a cheapo certificate, then you'll be fine with a cheapo.

Below the cheapest SSL certificates I found online and have personally used:

AlphaSSL from Dynadot ($41.50/5 years)

Positive SSL from CheapSSLs.com ($24/3 years)

RapidSSL from CheapSSLs.com ($27/3 years)

RapidSSL from Servertastic ($50/5 years)

Registerfly ($9.99/year)

As you can see, you get discounts if you pay for multiple years in advance.  If you plan on keeping the domain for a while, it shouldn't hurt--just be sure to keep the certificate and key in case you decide to switch servers over time.

If you know of any other deals, let me know! 

In a previous article, I outlined the steps I took to "roll" my own customized OpenVPN installer, and it worked like a charm back then.  OpenVPN has gone through several revisions since, and getting things running (especially on different architectures) with the new versions just doesn't work so well.  Luckily, there's another way to approach this problem and have OpenVPN installed as it was intended (i.e. the correct TAP driver will be detected and the shortcuts where they belong).  This method is more of a workaround, but definitely works.  Note that with this method you can't rename OpenVPN to "MyVPN" or whatever like the previous method.

This method employs the use of an SFX that installs the vanilla OpenVPN installer as downloaded from their site, then automatically installs the keys afterwards.  You have the option of making the install entirely silent as well--it's all up to you.

Prerequisites:

7-ZIP SFX Maker (version 2.0 at the time of writing)

7-Zip (or another 7-Zip-capable archiver such as IZArc)

OpenVPN (version 2.1_rc19 at the time of writing)

Your OpenVPN keys

Steps:

First, package your OpenVPN keys with 7-Zip.  If you want multiple OpenVPN connections configured on the same machine, it's a good idea to have each connection's keys in a subfolder.  Ensure that each connection has a .ovpn or .conf file with a unique name.

Next, open up 7-ZIP SFX Maker and add your archived keys by clicking on the "+" symbol.  Now, go to the "General" tab.  Under "Extract to specified folder", enter %ProgramFiles%\OpenVPN\config.  You can right-click for some preset environment variables if you want to change the path.

You can change other options if you'd like.  I have "Beginning extraction of keys..." in the "Begin prompt" field of the Text tab.  From here, you're ready to click "Make SFX".

Now, create another 7-Zip archive with your new SFX and the OpenVPN installer.  Add this archive to 7-ZIP SFX Maker.  In "General" enter %tmp% or another writable directory in the "Extract to specified folder" field.  I have "Allow user to change extraction path" checked as well--this all depends on your environment and needs.  Under the Text tab, I have it filled as follows:

Under the Shortcuts tab, I created a shortcut to OpenVPN GUI in Startup so that it starts on login.

Now, (and this is important), go to the Execute tab.  We will tell the SFX maker to run the OpenVPN installer then run the SFX for the keys.  Be sure to list them in that order.  Note that I have a /S in the first entry because I want OpenVPN to install silently.  Sadly, not everyone at my company knows how to install software, and I'm satisfied with the setup defaults anyway.

You're now ready to "Make SFX"! Your new installer will be placed in the folder your files were in.

You might want to play around with settings until the installer suits your tastes.

There are many situations where you'd want a site to be accessible only securely, and there are several resources online on how to accomplish this.  Unfortunately, I couldn't find a perfect solution for me.  Influenced by this info and following the steps outlined here (under In Windows Server 2003 (IIS 6.0)), I came up with the following:

It works well for my purposes, but of course, your mileage may vary.

More resources:

1.  http://support.microsoft.com/kb/239875
2.  http://support.microsoft.com/kb/839357
3.  http://blog.opsan.com/archive/2005/04/17/395.aspx

This is a script I wrote a while back but never posted up.  It allows you to switch from one gateway to another by repeatedly pinging your ISP gateway (or another external IP) and--upon detection of failure--switching to another gateway.  If the primary line is up upon the next run, we switch over to it.

This isn't a very advanced script and doesn't factor in other considerations, such as the state of the physical interfaces.  It simply attempts a number of pings, and considers the link dead or unreliable if they don't all come back.

If you have mutt installed, you will get an email alert when the primary link is considered 'dead.'  You can easily change this behavior by modifying the script.

It will probably work on other POSIX/Unix-like OSes, but I've only tested it on Linux in a BASH environment.  With all that said, here are the goods:

Download it here.

This script was written for the company I work for well over a year ago, but I just decided to release it to the public now.  It has been in use all of this time and is still in use now, so that should tell you that it's a pretty reliable script.  Any bugs we encountered over the course of using this program have been fixed.  Hopefully you'll have the same luck as us.

Basics:

This script is run as a SVN hook (post-commit).  After committing changes to your subversion repository, this script is invoked and synchronization begins.  The script creates a local copy of the repository, and files just committed are sent via FTP.

Usage:

One copy of the script can be used for an unlimited number of repositories, so the script can be placed in a globally-available location.  In our scenario, we placed the script at /usr/local/bin/svn2ftp.sh .  There are four command-line arguments to the script that are required.  The first two arguments can be kept the same as below, as they're passed to the script by subversion.  The third parameter is the path between the repository and the trunk (e.g., if your SVN path is http://<host>/svn/repo/dir/trunk, then you'd put "dir" as the parameter; otherwise, you'd put "." if there's no directory in between).  The fourth parameter is the full path to the config file of the repo.  A sample to put in repo/hooks/post-commit:

We have our directory structure as follows, but you can change it as you please:

/svn2ftp/conf     #  Where config files are stored

/svn2ftp/logs     #  Where log files are stored

/svn2ftp/repos   #  Where raw repo contents are stored

The code:

I initially wrote this program using the Linux 'ftp' program.  It works well and all, but if I encounter server or any other errors, the program still exits with a successful error code.  This was a bummer in our situation, so I wrote an FTP client in PHP that reports errors correctly.  When an error is encountered, files that were not uploaded successfully will be retried upon the next commit.  Links to both versions, as well as the config file, are below:

Version using Linux 'ftp' program

Version using PHP FTP program

Sample config file

PHP FTP Updater

Sorry for the inconvenience, and welcome back .

There is large interest in OpenDNS, and I happen to be a fan of it myself.  Sadly, Fon routers, when connected directly to a modem and using DHCP, use the ISP's DNS servers and don't allow you to override those settings.  Fortunately, there is a loophole in older Fon firmware that allows you to enable a BusyBox shell (so you can connect to it via SSH).  This is actually a security hole and shouldn't be a good thing at all, but hey, I'm kind of glad it exists.  Anyways, let's get started.

Enable SSH access to your Fon router by following these instructions.  Be sure to enable permanent SSH access, as it'll be very useful later.  When your Fonera updates to newer firmware that doesn't allow code injections, SSH will still be enabled.  Be sure to leave your network cable unplugged until after you enable SSH permanently or you might form some gray hairs.

Now, in a shell, let's create a startup script that overrides the ISP's DNS settings after the network is initialized.  Type the following:

vi /etc/init.d/S45opendns

Now, in the vi window, paste this (press i to insert text):

echo "nameserver 208.67.222.222" > /etc/resolv.conf
echo "nameserver 208.67.220.220" >> /etc/resolv.conf

This will "blank" /etc/resolv.conf and load it with the OpenDNS settings.  Save and exit vi (press the esc key then type :x).

Now, to make the file executable type:

chmod +x /etc/init.d/S45opendns

You're all done!  OpenDNS settings will be persistent across reboots.  You can activate the settings now without having to reboot by simply running your new script:

/etc/init.d/S45opendns

If DHCP renewals cause your new nameserver settings to be overwritten to the ISP's, you can create a cron job that runs every few minutes (you can pick a time based on your ISP's DHCP lease time):

Type crontab -e in the terminal window.  When vi opens, insert the following line at the end:

15 * * * * /etc/init.d/S45opendns

This will run your new script every 15 minutes, so there will never be more than a 15-minute period where you will not be using OpenDNS.

That should be all you need to get you going. If you're using more advanced features of OpenDNS, you can use DNS-O-Matic on your Fon to keep OpenDNS informed of IP changes. Comment below with your experiences.

When downloading via IE, the software they want you to install is called "ADSTechnology" and "FireBit" when using Firefox. I have actually installed ADSTechnology before and it seemed harmless, but the malware warnings from my AV were discouraging enough that I removed it. Also, the software doesn't appear to have any impact on downloading at all.

Now to the good stuff: how to bypass the plugin. I'll give the Firefox case since it subsumes the IE case (plus Firefox is better anyways ).

1. Install the User Agent Switcher addon for Firefox and restart the browser
2. Go to Tools -> User Agent Switcher -> Internet Explorer 7 (Windows Vista)
3. Browse to the file in BitRoad.net that you want to download. You'll be shown a small box mentioning ADSTechnology.
4. Right-click and view the page source
5. Ctrl+F in the source code window and search for "check_install"
You'll see something that looks like this:

onsubmit="check_install('http://b7.bitroad.net/download5/3f0605518729_k0adf32ybm046/filename.ext')">

6. Copy the URL in the single quotes and enter it in the address bar. The download should now begin.

Domains are
added via a web interface, and a sample zone file (from a template that
you can configure) is created. From there, you can use their web
interface to add records, or just dive into the zone editor. The zone
editor is recommended for those who have a bit of experience with DNS
servers as errors can be easily made, but that method is extremely
efficient. For example, if you want to create dozens of CNAMES that
point to www.domain.tld, copying and pasting one line multiple times is
much easier than going to through the web interface dozens of times.


Also, since the zone editor is essentially a plain-text editor that
offers you full control, you can easily import and export zone files
from/to different locations. Afraid.org allows you to export your zone
file, so moving to DollarDNS just involves a simple copy-and-paste.
You can also use your own text editor or a script to generate your zone
file and paste it into DollarDNS when finished.

No minimum TTL maximum hostname limit appears to be mentioned
anywhere, so I doubt that there are any. You seemingly have infinite control over your zone.

I
currently use them for slave DNS and after a NOTIFY, DollarDNS requests
a transfer within a second or so. Compare that to any other service.

DollarDNS
offers two DNS servers, although only ns1.dollardns.net appears to be
authoritative (ns2.dollardns.net refuses queries immediately). Still,
assuming you have other DNS servers authoritative for your domain, that
isn't a major issue.

Dynamic DNS is also supported via a client
that they provide, although I have not tested it. Based on the quality
of the service overall, I expect the dynamic portion to work flawlessly
as well.

I recommend this service overall due to its feature set, quality, reliability, and the admin's modesty (the admin created a page comparing DollarDNS to others, and he admits on the homepage that domain registrations through his service aren't the cheapest around).

If you know of a free host that amazes you, leave a comment. I'd like to hear about it.

Note:  See "Creating a customized OpenVPN installer - Round 2" for another approach to a custom OpenVPN installer.

OpenVPN is an excellent product with seemingly infinite configuration options. After setting everything up to your tastes, though, you may find that your end users are a bit too "simple" to install OpenVPN and your custom config files successfully. I find that many users (well, where I work at least) are uncomfortable browsing to and placing files in C:\Program Files\OpenVPN. You can easily get around this by creating a self-extracting executable with a default output path of C:\Program Files\OpenVPN (use IZArc to make nice free SXEs). Although that gets the job done, the end user would still need to install OpenVPN, the run the SXE. Why not cut down the number of steps in half (or by one :p ), while at the same time adding your company's touch to the OpenVPN installer?

Recent documentation on this is not very widespread, but luckily still of good use. The main source of documentation on this can be found here, and is supplied by the creator of OpenVPN GUI. The documentation can be followed, but unfortunately the packages provided are a bit outdated. To get up-to-date (and to become Vista-compatible), we first download a copy of the current release candidate (2.1 RC4 at the time of writing). I actually had to get the Windows installer since I didn't want to bother compiling from source. Next, I downloaded the 2.1 beta 7 package from the OpenVPN GUI site. I installed the Windows installer by accepting all defaults, then extracted the install source (anywhere should work). Next, to get things up-to-date I replaced openvpn.exe and openvpn-gui.exe in the openvpn\bin folder of the extracted archive with that from my Windows installation (C:\Program Files\OpenVPN\bin).

To get our installer to work with Vista, we need to replace the blacklisted 0801 TAP driver with the newer 0901 TAP driver. This is not documented anywhere I could find, but doing this turned out to be easy and effective. Simply make replacements as we did above, but instead copy the contents of C:\Program Files\OpenVPN\driver to the openvpn\tap-win32\i386 folder of the extracted archive. You can safely remove the older 0801 files. To make this work, we now have to edit the openvpn-gui.nsi script in the extracted archive. In any text editor (Notepad++ worked great for me and offered syntax highlighting), open up openvpn-gui.nsi, look for !define TAP "tap0801", and replace that with !define TAP "tap0901". Your archive is now Vista-compatible.

There are many other changes that can be made in the Nullsoft installer script such as including your company name, custom icons, and most importantly your OpenVPN client config. You can look through the script to understand how it works and modify it accordingly. To include your custom config/cert files, browse in your text editor to Section "OpenVPN GUI" SecGUI. You will see a comment indicating where your custom config files go. To include multiple files in the install, simply add more File entries, like so:

This will include client.ovpn, ca.crt, dh2048.pem, etc. to your custom installer, and will place them in the config folder upon installation.

To compile your masterpiece into an executable, you need to download and install The Nullsoft Scriptable Install System. Although a newer edition may work, I went with the original documentation's recommendation and installed the older v2.05. You can get this here. Once installed, you can simply right-click on the openvpn-gui.nsi script you modified and click on "Compile NSIS Script". A log of the compilation will show and an opportunity to test the installer will show if everything went well. You will also have an installable .exe waiting for you in the current directory waiting to be distributed to your clients.

If you ran into errors, look through the logs to try to identify what's going on. Otherwise, you can simply just make some changes to the archive I already hacked up:
http://www.ameir.net/blog/uploads/openvpn_install_source-2.1rc4-gui-1.0.3.zip

If you're just interested in creating a custom OpenVPN installer for Windows and don't particularly care to dabble in Nullsoft install scripts or are just lazy, download the archive above and make whatever changes you may need. The hacks described above are implemented in this package.

NOTES:

In Vista, if you're using routing (tun mode), the end user must run OpenVPN by running as an administrator. This is because the routing table must be modified to tell your computer how to get to your company network. Otherwise, the client may appear to be connected (he/she actually is), but attempts to access the company network will fail, as packets are instead trying to go through the default route (usually your ISP). Using tap mode eliminates this requirement as clients are given IPs in the company's subnet range, therefore eliminating the need to do routing.

If using certificate authentication, then each of your users will need unique files in their config directory. I don't know of a way to automate this, unless you generate the client certificates on the fly and have a program initiate a compile of openvpn-gui.nsi with the new certificates included. In my install of OpenVPN, users are authenticated via Active Directory, so we don't have to distribute any user-specific files.  You may very well just have to use self-extracting archives or train your users how to work with zip files!