Installing ExpressVPN on Manjaro

The title of this post is deliberately misleading, but that’s for a good reason.  The likelihood is, you are an ExpressVPN subscriber (the worlds most popular VPN service provider and arguably the best) and have just switched from Linux Mint to Manjaro, only to find that Fedora and Debian based distributions are always well catered for, but Arch Linux based distributions like Manjaro, well not so much.

The title is misleading since the solution to this immediate brick wall you’ve come up against, is to not install ExpressVPN at all – but still use it.

Enter OpenVPN.  Installed already in Manjaro, and just waiting for you to perform a manual configuration.  (Cue the groans)

In fact it is no more taxing that installing the regular fedora or debian pre-compiled packages and then entering your subscription code obtained by logging onto ExpressVPN’s website using your email address and password set up when you originally subscribed.

On the page where you can download the packages for many different devices and operating systems (except Arch Linux), there is a Manual Config option too.  You can use this with OpenVPN.

Ensure OpenVPN is selected in the right-hand pane and expand your region at the bottom and choose from a list of ExpressVPN Servers for say, Europe and download the .ovpn file.

Now you can configure OpenVPN to use the ExpressVPN Server of your choice, with the following command…

You will be immediately prompted for your VPN Username and Password which you can copy and paste from the same ExpressVPN Manual Config page shown above.

You should see that a connection has been established.   Just be sure to leave the terminal window open (maybe move it to a different workspace to keep it out of harms way if you’re a habitual window-closer like I am).

To close the VPN connection, just CTRL-C it in the Terminal window.

That’s it.  But I’m always keen to give that little bit extra value, so I’ll continue, describing how you can also configure it using your Network Manager

Right-click on your network icon in the bottom right hand corner (or ‘systray’ as the Windows folks would call it) and you’ll see there is an option to Add a VPN connection.

Select Import a saved VPN configurationnot OpenVPN!

Select your preferred .ovpn file downloaded from ExpressVPN’s site.

Copy and Paste the username and password from the ExpressVPN page…

Next, click on the Advanced… button.

Under the General tab, make sure to following boxes are checked:

Use custom gateway port: 1195
Use LZO data compression
Use custom tunnel Maximum Transmission Unit (MTU): 1500
Use custom UDP fragment size: 1300
Restrict tunnel TCP Maximum Segment Size (MSS)
Randomize remote hosts

Under the Security tab…

Under TLS Authentication tab…

Click OK to finish.

You may need to reboot the computer at this point.

To connect to the ExpressVPN Server, simply select it from the Network icon on the bottom right-hand corner…

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Fix Windows 10 Slowness/Lag

Windows 10 Slowness seems to bug most users, with a constant degree of lag when flicking between tasks.  It can be stressful and disruptive to your reaching a productive, flow state.

Most modern mid-range laptops are more than capable of running multiple operating systems simultaneously, rocking Intel core i5 processors with vPro technology just like their floor standing, desk based or rack mounted workstation and server brethren so why then, is your laptop slow when all it has to do is run a single instance of Windows 10, – often on a SSD (Solid State Drive) that claims to be faster than it’s mechanical, spinning counterpart?

Many users have reverted to Windows 7 seeing as Windows 8 was such an abomination (Windows 10 is a long way from winning me over too, tbf) and are left wondering what the future holds for them from here on in, in terms of upgrade path and acceptable snappy performance.

Aside from the mammoth processors and supercharged block storage devices inside the modern affordable laptop, there is also the huge amount of RAM too.  Large RAM requirements have arisen out of the desire to run multiple applications simultaneously and flick between them, but also as a result of a widespread transition from 32-bit operating systems and applications to 64-bit – a move that in itself warrants double the amount of physical RAM in order to match the performance.

And just look at all that %Idle time?  HOW CAN IT BE SO SLOWWW?!!

Back in the 32-bit 1GB RAM days when RAM was expensive, page files were used to write pages of memory to disk, to free up precious, fast volatile RAM (You can still run many light weight distributions of Linux on that spec with very little to no slowness and minimal to no swapping to virtual memory too.  Same is true of 64 bit with 2GB RAM.)

The size of the pagefile defaulted to the amount of RAM.  This was due to the assumption that if the amount of pagefile needs to be any bigger than that, then you really do need more physical RAM as your system would have undoubtedly ground to a snails pace already.

And that is still the default.  The problem with that, is that in a laptop with a single partition, a single 8GB file used for regularly paging the chosen contents of 8GB physical memory out to it, puts a fair bit of strain on the IO subsystem – and it’s unnecessary strain.  With 8GB RAM, you’ll not need much if any page file at all, for most tasks.

So with that in mind, change your virtual memory settings from being “system managed”, so a fixed size pagefile set at the “Recommended” size.

In Control Panel, System…

These settings will need a reboot to take effect.  You should notice snappier performance as a result.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Mount USB HDD by UUID in Linux

The danger with USB hard disk drives is that when you have more than one plugged into your workstation, the device name assigned to it by the operating system might not be consistent between reboots.  i.e. /dev/sdb1 and /dev/sdb2 might swap places.  Potential disaster if you rsync data from one to the other on a periodic basis.

If permanently mounting usb hard disks, it’s much safer to mount according to the UUID of the disk instead of the device name assigned by the OS.

If you change to root using sudo su – and cd into /dev/disk you’ll see that there are multiple links in there, organised into different folders.  The unique unit id is written in /dev/disk/by-uuid and links the device name to the unique id.

You can see what device name is mounted where using df -h.  Then use the output of ls -al of /dev/dsk/by-uuid to correlate uuid to filesystem mount.  There’s probably other ways to match filesystem to uuid but this is quick and easy enough to do.

Note that I’ve also taken the liberty of piping the commands through grep to reduce output, just showing me what I want to know,  i.e. the uuid’s mounted to devices named /sda1, /sda2, /sdb1 etc.

Once you’re confident you know what UUID is what disk, then you can permanently mount the disk or disks that are permanent fixtures by creating a mount point in the filesystem and adding a line to /etc/fstab

finally, mount -a will pick up the UUID and mount it into the mount point.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Download the full Firefox stand-alone installer

There’s nothing more frustrating than downloading an installer that assumes that you’re going to have internet access on the machine that you subsequently intend to run the installer on (called a stub installer).

For example, downloading firefox so that you can get to your enterprise storage arrays java based admin interface without the agony presented by internet explorer’s tendency to throw its toys out the pram over the certificate and the settings are locked down by IE policy, this policy, that policy and the other policy that all exist to make the environment so much more “secure” but actually just don’t allow anything, anywhere, ever.  It’s secure!, it’s been signed off as being suitably unusable to prevent exposing ourselves to any kind of imaginary threat!  Aren’t we clever?.  No.  Rant over.

It’s secure!, it’s been signed off as being suitably unusable to prevent exposing ourselves to any kind of imaginary threat!

I’ve probably digressed, I can’t tell.  I’m too angry.  And you are too probably, if you’ve ended up here.  Installers that assume an internet connection are completely useless in the enterprise environment (best read in the voice of Clarkson).

Whats even more frustrating is that the stub installer is the only apparent option, judging by mozillas website.  Well it isn’t the only option – you can still download the full-fat, stand-alone installer from their ftp site – but ftp is blocked by your firewall!

No bother, just replace ftp:// with http:// at the beginning of the URL, or even better just click here for the 64 bit version (or here for the 32 bit version).

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail

When Google Chrome won’t start.

So Chrome won’t start and the error message is unhelpful.  Microsoft support won’t help of course and Google’s sledgehammer approach is

“just blow away your User Data and start over”

but you don’t want to loose your bookmarks, stored passwords etc that make your life easier and more efficient.  Plus you can’t remember half your passwords anymore.

Well, here’s what that unhelpful error message should look like in a perfect world…

…It’d save a lot of pain if it did.  You’re welcome Google.

So, using Task Manager, kill off any running Google Chrome processes (from having clicked on it 20 times before realising it’s never going to start).

To get to the folder you need to rename in order to get your Chrome browser up and running again with all your bookmarks intact (mine survived ok),

Click Start, Run,

Rename the Default folder to BackupDefault

Try restarting Chrome.  Hopefully you’re sorted.

If not, Google also recommend deleting the following User Data folder.  I don’t know what will survive if you do.  Fortunately, it never came to that for me.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Protect your Anonymity online with Vadalia, Privoxy and Proxychains

Happy New Year.  You will be monitored.  We are watching you.  We know who you are.  We know where you are.

The following is a concise guide to configuring Internet Anonymity on Linux by leveraging the tor network (vidalia) and a local proxy server (privoxy) then running your web browser using proxychains.

I have tried the tor browser bundle but couldn’t access most of my websites so found it to be pretty useless in everyday life.  This however, lets me access all my sites fine (so far), so provides protective anonymity without getting in the way.

I have found certain sites like Google sometimes use captcha to prove you’re a human but it’s no big deal.  It is a response that is more likely to be coming from OpenDNS rather than Google actually.

Disclaimer:  The following should be used for educational purposes only and not to facilitate any illegal online activity.

This is a compliment to your firewall.  It should remain ON.  You can further harden your web browser by “jailing” it to prevent penetration by following this guide here.

Remember:  Todays paranoia is tomorrows security standard.

TEST
firefox www.dnsleaktest.com www.whatismyip.com
You should see your IP address and location.

This information is logged along with the sites you visit and held by your ISP in line with new regulations.  Everything they need to lead them right to your door.  FTS.

PACKAGES TO INSTALL
sudo apt-get install privoxy vidalia proxychains

PRIVOXY – local privacy proxy server runs on 127.0.0.1:8118
vi /etc/privoxy/config, search for localhost:8118 and replace with 127.0.0.1:8118

VIDALIA – tor front-end. set up relaying to use local privoxy proxy (enter privoxy settings above) then add vidalia to Session & Startup apps list.

  Note that the green Tor onion may take a little while to go green after your computer initially connects to the network/wifi.

DNS SERVICES – change your network/wifi IPv4 settings
Use OpenDNS addresses 208.67.222.222 208.67.220.220

PROXYCHAINS
ProxyChains allows to run any program through HTTP or SOCKS proxy.
This tool tunnels all TCP and DNS connections of given applications.

Note: precede launcher command of application with proxychains, i.e. proxychains firefox %u

vi /etc/proxychains.conf
comment out strict_chain
uncomment dynamic_chain
add these lines under [ProxyList] section
socks4 127.0.0.1 9050
socks4a 127.0.0.1 9050
socks5 127.0.0.1 9050
http 127.0.0.1 8118

TEST
proxychains firefox www.dnsleaktest.com www.whatismyip.com
You should see that you now appear to be in a foreign country, not your actual geographical location.

Download the latest Linux .iso file to create some bandwidth and view the bandwidth graph in vidalia.

That’s it.  You’re Anonymous!

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Best file manager on Linux? Dolphin.

Need a powerful file manager on Linux?  Minimalism is so last decade.  Functionality is king and it needn’t look ugly either.  Look no further than Dolphin.  KDE’s file manager and it’s an absolute cracker of a file manager.  It’s nothing new as it’s been about a while.

My favourite feature, other than the split screen and integrated command line panel (so long as you install konsole as well as dolphin), is being able to pause multiple, individual in-flight IO operations.  This is great if you’re making multiple copies to a USB stick and want to queue up the individual copy requests so they’ll ultimately complete quicker.

It’s quite simply the best file manager I’ve ever seen.  All about functionality.

sudo apt-get install dolphin konsole

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Notepad++ for Linux (Notepadqq)

Add yours and my favourite text editor (Notepad++) to your preferred Linux distribution (Linux Mint) using the following commands…

sudo add-apt-repository ppa:notepadqq-team/notepadqq
sudo apt-get update
sudo apt-get install notepadqq

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Protect your Linux system by jailing your web browser

Your Linux system is inherently less vulnerable to attack than Microsoft Windows for a number of reasons.

  1. You’re less of a target to virus attack by being in the minority (Only 2.18% of people run Linux as their desktop operating system with most of those running a Debian derivative, the most popular being Linux Mint).
  2. You execute user processes as a non-privileged user (Remote code executing in your browser is not running in the context of a local Administrator account so has much less privileges to do potentially damaging things to your computer and data).
  3. Your Linux system is built entirely from packages obtained and installed from known, trusted repositories (No dodgy software downloaded from goodness-knows-where that may or may not be what you think it is.  The code of any given package undergoes constant scrutiny and improvements by the open source community.)
  4. There’s no marketing, advertising, ransom-ware or hidden agendas lurking in the operating system or the applications that are ultimately built by the people, for the people, and distributed to the people for free (feel the love).

Despite all these advantages, we live in the (dis)information age, and that means that the way to reach your users is through their web browsers.  So this next part should interest you.

…we live in the disinformation age, and that means the way to reach you is through your web browser.  So this next part should interest you.

How do I protect my web browser? (Firefox is the default web browser on Linux Mint -my OS and browser of choice)

firewall

  1. Enable the firewall (above)
  2. Once a new installation of Linux Mint is complete, I reboot, log on, Install all pending updates by typing sudo apt-get update && sudo apt-get dist-upgrade in a terminal window.
  3. Connect to my WiFi network, open Firefox and install the AdBlock Plus and uBlock Origin plugins.

And that’s it.  Or at least it has been until now, and in fairness it’s kept me safe since 2005.  I’ve never installed anti-virus software and never had a problem in over a decade.  AV products on Linux such as clam are usually for the benefit of Windows users on the same network or mail attachment scanning on Linux mail servers, neither of which is applicable in my home network environment.

Today though, I learned about something else.  The existence of firejail, -a program that “jails” certain other programs, and I really like what I see.

Like most Linux programs, it’s super quick to install with a quick sudo apt-get install firejail command in a terminal window and as easy to “use”.  In firejail’s case, you just edit the shortcuts of your existing launchers and pre-pend the command firejail

e.g. firefox %u becomes firejail firefox %u

firejail

By jailing the firefox process, it prevents the web browser from being able to access your system, quite literally.  Kind of like a firewall for processes rather than TCP/UDP ports, that only allows certain interactions with the rest of the operating system through.

For example, look what happens when trying to upload a picture I’ve saved to my Desktop to this very blog post…

desktop

The Desktop looks empty.  Nothing.  Blank.  No files or subfolders.  Yet my Desktop folder contains loads of images and other files and subfolders, as does my Pictures folder – same again, blank.  This is because firefox is jailed.  It can’t get out and into your filesystem.  Brilliant – and only a little inconvenient as it can still access my Downloads folder.  So if I want to upload a file, I just have a make a copy into my Downloads folder first using my File manager caja (which isn’t jailed).  Uploading to my Dropbox account using the web based interface would be a bit of a pain, but the Dropbox daemon running on my computer does all my file syncing anyway, so it doesn’t present a problem.  I don’t actually need to use Dropbox’ web interface.

This all works in accordance with the application profile in /etc/firejail/firefox.profile -there’s loads of them, not just for firefox but other internet/vulnerable programs like filezilla, transmission etc too.

Filezilla’s firejail profile on the other hand seems to be a lot more lenient and allows access to your home directory where you might wish to upload an entire folder structure to your web server.  You could always edit the filezilla.profile to harden it yourself I guess.

Whilst I found firejail in my repositories, I didn’t find the accompanying firetools package – a simple launcher that sits on your desktop.  It’s not really needed if you’ve edited your launchers to your favourite apps already and just allows you to add some additional programs to it and shows any running jailed processes if you’re interested in seeing that.  It places a convenient icon in your systray area too, for easy recall.

firetoolsfiretools-trayfiretools-processes

 

 

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail

What groups am I a member of?

Need to know what groups you’re a member of in Active Directory, but don’t have access to AD Users and Groups management snap-in?  Try this command.  It may help to run cmd.exe as Administrator if that privilege is available to you, but may not be necessary.

gpresult /r

The output at the bottom will be something like this, along with any additional Global group names you’re a member of.

gpresult

An alternative is whoami /groups which provides an output similar to this…

whoami

Note: whoami also works on Linux/UNIX systems.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail