Sunday, March 24, 2019

Finding DNS servers provided by DHCP using network manager on Linux

Suppose you want to figure out which DNS server you're using and it is provided via DHCP. This can be surprisingly difficult. Suppose there's:
  1. Nothing in /etc/resolv.conf
  2. `dig` shows your machine uses a local DNS server (local dnsmasq)
  3. /var/lib/dhcp/dhclient.leases looks...wrong
I resorted to:
sudo tcpdump -i eth0 -s0 -n 'udp port 53'
Which is guaranteed to show you what's going on. It turns out network manager stashes leases under its own directory. If you use
ps aux | grep dhclient
you can see network manager running dhclient (perhaps multiple instances per interface) and the -lf (lease file) parameter will point you at something like
Mystery solved!

Sunday, August 26, 2018

Scrub GPS location from JPEG EXIF data

I tried two linux tools, exiv2 and exiftool. exiftool seems to be better.


View full exif data with this (the default view only gives you a summary):
exiv2 -pa myimg.jpg 
Delete all exif data with this:
exiv2 rm myimg.jpg 
There doesn't appear to be a way to just delete the GPS info with exiv2.


sudo apt-get install libimage-exiftool-perl
View exif data:
exiftool myimg.jpg
Delete just GPS data with this:
exiftool -gps:all= myimg.jpg

Saturday, November 25, 2017

Sharing Kindle content between Amazon household members

Amazon lets you create a "household" to share content, but it's really not obvious how you make kindle content from the other adult turn up on your kindle. Once you have created a household you need to go into each device under your devices section in the web app. There you can click a box to "show content from [insert other adult's name]". Then when you sync your phone kindle app or your physical kindle the books shared will show up. So you'll need to do that every time you want to read on a device.

Sunday, November 19, 2017

Adding a yubikey GPG key onto a new machine

If you are using a Yubikey encryption scheme and want to add the key onto a new system there's a few hoops to jump through. These instructions are for Ubuntu trusty.

First, get set up for using the yubikey:
sudo apt-get install gnupg-agent scdaemon pcscd pcsc-tools
you probably need to logout and back in. This post has extra setup, but I didn't have to do any of that, perhaps the gnome keyring badness has been fixed now.

Now check your yubikey is recognized:
gpg --card-status
Import the public key into the keyring and trust it:
gpg --import mykey_public_only.asc
gpg --expert --edit-key 123456
trust (set to ultimate)
You should now be good to go!

One more note: If you have multiple yubikeys for the same secret key and need to switch to using one of the other yubikeys I've had some problems with gpg wanting to see the card with the previous serial number, even if you delete the secret key. On the mac I found the easiest way to clean this up was to quit GPG Keychain and just remove the whole gnupg directory:
rm -rf ~/.gnupg
You should then be able to import the public key again and get it set up with the new yubikey by running:
gpg --card-status

Monday, October 23, 2017

Upgrading dd-wrt to protect against CVE-2017-14493

Google found, and worked with the dnsmasq author to fix, a bunch of vulnerabilities in dnsmasq. Now everyone needs to update tons of devices, including your router.

It's been a while since I updated this firmware so I had to figure it out from scratch again. AFAICT the procedure is to go find your router in the dd-wrt database. Hopefully it's supported. If it is you can go download the latest firmware from the ftp server and upload via the web interface. Anything later than 33430 should contain the fix.

Friday, May 26, 2017

Switching yubikeys

In this post I described how I set up gpg keys on a yubikey. Since I have multiple yubikeys for some redundancy I occasionally have to use a different one. This basically involves deleting the secret key and re-importing it from the yubikey.


Open up GPG keychain and click through the scary warning to delete the secret keys. If you set it up right these are only stubs, the actual key is on the yubikey. Once you've done that, insert the key you want to use and get the stubs recreated with:
$ gpg --card-status

Tuesday, March 28, 2017

Managing go versions with gvm

gvm is a way to manage multiple go versions. It has some strange behaviour with go paths that I don't really understand. It essentially sets your GOPATH to a different directory for every version. You could just append your real go path, but it seems like there might be tooling that doesn't expect gopath to be a list. My solution was to:
gvm install go1.8
gvm use go1.8
gvm pkgenv
This pops $EDITOR which you can use to set your go path to $HOME/go. Check it with:
go env