Hacks Tips and Tweaks for Cross Platform Geeks
After a summer hiatus Knightwise is back with a bit of a deep dive into creating your own interconnected network with Tailscale.
LINKS
DISCORD
The action is happening over at our Discord server: Join by clicking this link
CREDITS
Sometimes the way to achieve “less” is to make more use of the things you already have. If the thing you already have is a fairly powerful old laptop, what you may find is that it makes the perfect home server. This week Knightwise tells us all about the laptop with the new lease on life.
Credits
Episode produced by Keith Murray
Home screen picture courtesy of PixaBay
With all the news lately about the risks to your online privacy and personal information knowing how to look after your data has become an essential skill. It’s not too difficult to do this at home where you have full control of your environment, but what do you do when you’re at work?
Links
Music
Credits
This week i’m testing out my new Acer A730 to see just what it can do and how far we can take it. One of the frustrations I bumped in earlier this week was that there were limited options when it came to “Phoning home”. Setting up encrypted tunnels to your home network over the internet using VPN or Proxy connections is something we should consider when using public Wifi hotspots.
With the Chromebook relying completely on some wifi connection on a (perhaps foreign) network I was disappointed to find that the only protocols that were supported were L2TP and OpenVpn. Not a bad set to choose from but not something that I had setup on my home network.
Previously I used an SSH server and the SSHuttle app to tunnel my internet, dns and even network traffic over a Socks5 proxy to my home network. I wondered if this would be possible with the Chromebook. Turns out it is ! Let’s start cooking.
To get this little piece of magic working you need 3 things. A : One SSH server (A linux machine) on your home network that has at least one port open to the internet. B : The Secure Shell app from the Chrome store. C : The Switchy-Sharp extension.
Setting it up is quite easy. Lets say we opened up port 8800 of our SSH server to the internet. Setup Secure Shell to connect to the your home SSH server with the additional option to create a port forwarding tunnel on lets say port 8800 with the option -D 8800
Next we setup Switchy Sharp as to use the SSH connection (and port 8800) as a socks 5 proxy.
All you need to do next is Connect to your home SSH server and use the Switchy Sharp extention in your browser to use the connection. The Chromebook will tunnel all http and https requests AND the DNS queries through the tunnel. That way 95% of your Chromebooks traffic (we aren”t a 100 percent sure about what protocols any other apps you have might use) are piped through a secure tunnel. You don’t only get to connect to your home network (to open up any web-interface to any device or server you have) but also you get to do it all ‘in private’
Links.
Last weekend I bought a Chromebook. A somewhat controversial device that sits between a laptop and a thin client. A laptop that hardly cost me 249 euro’s and is basically an network card with a screen. A device that is almost useless without an internet connection. And I challenged myself : Could I survive on the Chromebook alone… for a week ? Here is my Day to day rapport.
The second day : Out to the races.
Monday morning marked the end of the honeymoon weekend with my Chromebook. Sitting at home on the couch, playing around and getting to know the machine… it was fun ! But now its time for the serious work. Since I was going to survive on the Chromebook alone for a week, this meant that the Chromebook was going to be a major part of my workflow. Aside from being a cross-platform internet blogger-podcaster-superstar I’m also a freelance IT Consultant. So taking along the Chromebook meant that it was going to have to earn its keep.
That and we had several things on the To-Do list that needed to be done : A blogpost for Knightwise.com, Checking emails, Updating some online job-profile sites, a conference call and a visit to a client. Just some of the things we needed to do.
Writing the Blogpost.
The days of Dreamweaver are far behind me. Both blogs I write for are WordPress blogs so I didn’t think the Chromebook was going to give me any trouble connecting to the web interfaces. Before I just “surfed over” I did check out a couple of Chrome Apps/Extentions in the store that were WordPress related but .. to no avail. Most of the apps/extentions (very confusing) were mostly just shortcuts to the WordPress backend page. No offline love there. No matter, I never write my blogposts in WordPress directly anyway. “Writebox for chrome” is a great app that lets you punch out simple text files in a clutter free environment. Available offline I lets me write up a Blogpost that gets synced over to my Google Drive. You can play with the colors (I went for green letters on a black background) and felt like Doogie Houser writing his dairy. To add some comfort I propped up the Chromebook on a notebook riser and plugged in my external Logitech keyboard. Thing works like a charm. Write blogpost, copy over to wordpress, publish. Ding ! Chromebook wins.
Before I left for my client I needed to take a long a couple of multimedia files to show them. How was I going to connect to my NAS ? One of the great things about owning a Synology Nas is that it comes with a pretty powerful web interface. This allowed me to select and download the files I wanted to the Chromebooks (tiny) harddrive. Chromebook Wins.
Arriving at the client I was unsure that I could connect to their wireless guest network which gave me some trouble the last time when hooking up my Macbook Pro. The Chromebook connected ok and it was great to have this simple ‘instant on’ experience while waiting for the meeting to start. Just like whipping out your phone and checking Facebook, you whip out your Chromebook, open it up and start surfing. No boot times .. no restore. However : During the meeting I suddenly noticed that I had forgotten ONE FILE at home on my server. How was I going to get to it ? VPN ? The Chromebook DOES have the option to use VPN but not all protocols are supported. Luckily I was able to pull a copy off the file from Dropbox and all was good. The HDMI connector on the back allowed me to connect to the big TV in the meeting room and the “Subtitle Videoplayer app” was up for the job. The sound was a little tiny .. but my client was impressed with the tricks my little 249 euro machine could do.
When I got back home it was time do do some more work. One of the tasks that needed to be done was to print out our Christmas cards. Printing with the Chromebook is pretty easy for me since I have our home printer setup as a network connected “Cloud printer’ allowing me to print documents from any Chrome browser.
Printing 2 copies of our Christmas card on ONE page proved to be beyond what Google Print (and the Chromebook) can do. Its a functionality that is not supported : Fail for the Chromebook. I had to do this from my Mac.
The rest of the day went off without a hitch.
Doing Emails, Visiting websites, downloading and forwarding attachments and even hosting a Google Hangout was easy. I was getting impressed by the little machine AND the fact that most of my workflows don’t need some expensive device to get stuff done. At 9Pm (!) the little machine beeped to remind me that its battery was running low. I had been working away on it all day long .. and still it had some juice to spare.
So can you take your Chromebook to work ?
The question if the Chromebook is right for you (and suitable for work) is not a matter of what the Chromebook can or can not do. Its a matter of how your workflows are organised. If you can get stuff done in a browser .. there is hardly anything the Chromebook cant pull off (its just a browser in a box) The device is nice, cheap and simple and buying a Chromebook is easy. But tweaking your workflows to be device independent is what makes you a Cross Platform Jedi Master.
This week in “Server week” we are going to set up a variety of servers that allow you to do a variety of things. One of the most basic and versatile server you can set up must be the SSH Server. Long time fans probably know that the SSH server is the base ingredient for a lot of fun stuff you can do. For example.
These are just a couple of things you can do, but before you can do that, you will need the basic ingredient : Let’s set up an SSH Server.
Required ingredients.
Let’s get cooking.
And starting out that is ALL you need to do. If you want to do this from the internet you need to forward the correct port (The standard port is Port 22) from your router to your linux machine so you can make it accessible from the internet.
Lets make it pretty.
Lets make it secure.
Lets start using it.
The SSH server offers you a variety of functionalities we talked about in previous blogposts. We will line up the best uses for SSH here.
These are just a couple of examples of what you can do over this very powerful little SSH connection. Remember always to use strong passwords and keep your server up to date. Have fun !
Today’s tip in our “Privacy week” is geared a little bit towards the more advanced geek .. (Who am I kidding, you are ALL advanced Geeks here). In our every lasting quest to ensure our privacy when surfing on “foreign networks” like the one at work, the one at your dorm or the free wifi hotspot at Starbucks , we try to find more ways to make sure all your web traffic is encrypted and your privacy is kept safe.
Enter SSHuttle ( NOOO , not the STAR TREK Shuttle) , A brilliant little transparent proxy application that directs ALL or PART of the network traffic from your trusty Linux or Mac machine (the laptop you use on the road) through an SSH tunnel to an SSH server of your choice (perhaps your own server at home). That way your traffic is completely (or partially) obscured from whoever is trying to sniff your traffic on an untrusted network. An added bonus is however that it is a transparent proxy ! This means your computer will actually think it is directly connected to the network where the SSH server is running. It is like running a very very very long cable through the internet straight from your machine to the network where your SSH server is located.
So let’s start cooking.
Ingredients.
How to install SSHuttle on your client machine.
Shuttle is simple but VERY powerful. It will create an encrypted tunnel between your laptop and the SSH server you setup at home. Depending on what kind of traffic you want to shove through that tunnel you can do different things like :
So how does it work ?
Once installed using SSHuttle is pretty simple. SSHuttle works from the command line and depending on the “switches” it will do different things for you. So on your client laptop , fire up your terminal and start typing.
sshuttle --dns -r username@yourremoteserver.com:2222 0/0Enter the command above to push ALL of your traffic through the SSH tunnel towards your server at home. This is the example of running a virtual network cable THROUGH the internet towards your switch at home. All of your traffic is sent through this encrypted tunnel. USERNAME = A user you have created on your SSH server at home. YOURREMOTESERVER.COM = The external ip address (or Dynamic DNS name) of your home router. 2222 = The port on which you have your SSH server running. In this example I took a non-default port.
With this command you can create a site to site VPN. Instead of typing 0/0 is going to send ALL the traffic through the tunnel. Typing the network range of your home network (in this case 192.168.0.0) tells SShuttle to send all the traffic that needs to go to the 192.168.0.0 domain through the tunnel, while sending out the rest of your traffic through whatever network gateway you are connected to. The /24 is your subnet mask ( you know , the 255.255.255.0 subnet number of your network).
There are a lot of other switches that you can use , but if you use the two commands we mentioned above you will have a LOT of power at your fingertips. I love using the second command. It allows me to connect to the exchange server at work for my work stuff, but also lets me quickly open up the web interface of my home router (on the LAN SIDE) to do some tinkering. SSHuttle is a very very nice tool that keeps you connected .. and keeps your privacy .. private.
Find out more about SSHUTTLE in this HAK5 episode.
Who do you trust ! That is of course the main question in most of the topics of this weeks “Privacy Week” on our blog. When you connect to the internet on your tablet or mobile phone, you have a choice between different networks and carriers. You can go directly via your mobile phone’s dataplan (if you have one) or connect via Wifi. In both cases “somebody” is going to connect you to your internet. For your cell connection that will be your Telco, for your Wifi connection that will be your ISP or the kind person/company who set up the wifi hotspot you are using. The question is : Do you trust them ? As we told you in our first post : Sniffing unencrypted traffic is very very easy on a network. So when it comes to those open networks in a coffee shop, you never know who is watching. So why not “tunnel” your mobile traffic too.
Hotspot Shield VPN is my FREE application of choice. It allows you to tunnel all your traffic through their VPN tunnel and lets it emerge somewhere in the US. So anyone who wants to sniff you (either your telco, your local ISP or the dingy kid in the corner with his laptop running Wireshark) won’t be able to make out what you are doing. But because you “exit” to the internet on AnchorFree’s network (they make the app) , THEY will.
Hotspot shield VPN is free and easy to use. Its not always fast and it comes with adds. Opinions about this service might be mixed, but I regularly use it when I take my IOS or Android mobile device onto an open wifi network that I do not trust. Hotspot Shield also comes with a paid plan with “Monthly and Annual subscriptions available for faster connection, better cost savings and enhanced security. All subscriptions provide unlimited VPN bandwidth and NO ADS” So you can even pay if you want to. Keep stuff safe in a simple way, but remember that every connection (no matter if its through your ISP, the hotspot or these guys) requires ‘trust’ in whoever is carrying your data.
Get Hotspotshield VPN for : ANDROID and IOS.
I recently got a question from a friend of the show that he would like to know how to print from his iPad. A fairly common question that did require some thinking on my behalf. The problem for me is : I’ve stopped ‘printing’ things out all together since we have the iPads lying around the house and seldom need to use a sheet of ground-up tree to write things down. Apps like notability let me easily take screenshots (or pictures) of documents where I digitally “scribble” on.
But for those who DO need to print for their iPads Apple has of course come up with “AirPrint” that lets you print FROM your iPad to any “AirPrint approved printers” Great when you haven”t bought a printer yet, bummer if you have. However : There is a cool solution. It does require a mac and its not free but for 19.95$ its quite a cute little app. Printopia lets you print from your iPad to any printer connected to your Mac or export to a pdf file that gets stored on your mac. You can even “print” your document or screenshot to Evernote. It gets REALY interesting if you combine this with a VPN. Out and about on the road ? Need to make a pdf of the booking you just made ? Or need to pop it off at home ? Why not use Printopia to “dump” a paper copy out of your printer while you continue on your digital voyage. Or perhaps you want to install it on one of your office machines and hook up the multifunctional printer so your co-workers can stop putting their iPad screens on the copier. 20 bucks may be a little bit on the steep side, but hey : at least you don’t need to buy a new printer.
The Knightcast Episode 37 : Remote Domination part 2,
Direct link to the show. http://www.knightwise.com/podcasts/kc_24112006.mp3
Summary : Join us for episode 37 : Remote domination part 2 as we dive further into the world of remote controlling your computers. Learn how to use Hamachi to become the ultimate road-warrior, Set up remote assistance scenario’s or roll out your own severfarm across the net.
Shownotes :
Hamachi : http://www.hamachi.cc/
HamachiX : http://homepage.mac.com/lxr/homepage/spaceants/hamachix/
Wiki Hamachi : http://en.wikipedia.org/wiki/Hamachi
Hamachi on Security Now : http://www.grc.com/sn/sn-018.htm and http://www.grc.com/sn/sn-019.htm
Screencasts Online : http://www.screencastsonline.com/sco/Shows/files/category-10.html
Use Hamachi and VNC : http://www.help2go.com/Tutorials/Software_Utilities/Remote_Control_Another_PC_Securely_with_VNC_and_Hamachi.html
Setup Hamachi on a linux system : http://ubuntuforums.org/showthread.php?t=135036
Music :
Alienation : Morning Sky
B-4 Now : Tresspasing