Skip to content

# download gitea binary
wget -O gitea1.9.3.xz https://github.com/go-gitea/gitea/releases/download/v1.9.3/gitea-1.9.3-linux-amd64.xz

# extract archive
unxz gitea1.9.3.xz

# check binary integrity
cat https://github.com/go-gitea/gitea/releases/download/v1.9.3/gitea-1.9.3-linux-amd64.sha256
sha256sum gitea1.9.3

# make binary executable
chmod +x gitea1.9.3

# move gitea binary to final location
mv gitea1.9.3 /usr/local/bin/

# create symbolic link to current version
ln -s /usr/local/bin/gitea1.9.3 /usr/local/bin/gitea

# create system user to run gitea
adduser \
--system \
--shell /bin/bash \
--gecos 'Gitea' \
--group \
--disabled-password \
--home /home/gitea \
gitea

# create directories and permissions
mkdir -p /var/lib/gitea/{custom,data,log}
chown -R gitea:gitea /var/lib/gitea/
chmod -R 750 /var/lib/gitea/
mkdir /etc/gitea
chown root:gitea /etc/gitea
chmod 770 /etc/gitea

# create gitea service
# https://github.com/go-gitea/gitea/blob/master/contrib/systemd/gitea.service
nano /etc/systemd/system/gitea.service

[Unit]
Description=Gitea
After=syslog.target
After=network.target
#Requires=mysql.service
Requires=mariadb.service
#Requires=postgresql.service
#Requires=memcached.service
#Requires=redis.service

[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
RestartSec=2s
Type=simple
User=gitea
Group=gitea
WorkingDirectory=/var/lib/gitea/
ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
Restart=always
Environment=USER=gitea HOME=/home/gitea GITEA_WORK_DIR=/var/lib/gitea
# If you want to bind Gitea to a port below 1024 uncomment
# the two values below
###
#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
#AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

# enable and start service
systemctl enable gitea
systemctl start gitea

# create database and user
mysql -u root

CREATE DATABASE gitea;

CREATE USER 'gitea'@'localhost' IDENTIFIED BY 'password';

GRANT SELECT, INSERT, UPDATE, DELETE, DROP, INDEX, ALTER, CREATE, CREATE TEMPORARY TABLES, CREATE VIEW, EVENT, TRIGGER, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EXECUTE ON `gitea`.* TO 'gitea'@'localhost';
FLUSH PRIVILEGES;

# create SSH tunnel between server and local machine for port 3000
ssh user@octopuslabs.io -i private.pem -L 3000:localhost:3000 -N -v

# install gitea through browser
http://localhost:3000/install

# create the first user account which will be the main admin
http://localhost:3000/register

# once installation is complete, update permissions
chmod 750 /etc/gitea
chmod 640 /etc/gitea/app.ini

# to use gitea without SSH tunnel and on default port 80, we setup gitea running through apache reverse proxy
# add to apache site https config

...


Order allow,deny
Allow from all

AllowEncodedSlashes NoDecode

# Note: no trailing slash after either /git or port
ProxyPass /gitea http://localhost:3000 nocanon
ProxyPassReverse /gitea http://localhost:3000

# enable apache proxy module
a2enmod proxy_http

# restart apache
systemctl restart apache2

# edit gitea config
[server]
ROOT_URL = https://octopuslabs.io/gitea/

# restart gitea service
systemctl restart gitea

# test in browser
https://octopuslabs.io/gitea/

# enable git lfs support
LFS_START_SERVER = true
LFS_CONTENT_PATH = /home/gitea/data/lfs

# hide gitea from search engine
You may want to hide your gitea installation from search engines...

# tweak gitea configuration
https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample

Debugging php code on a production server using xdebug is a pain to get working.
This guide will help you set it up and make sure it works.

Server Operating System: Ubuntu 18.04.3 LTS, apache and php fpm
Client Operating System: Windows 10, PHPSTORM

# install xdebug on production server
apt install php-xdebug

# xdebug gets automatically activated for all 3 php clients
# disable xdebug for all php cli, apache2 and fpm
phpdismod xdebug

# edit xdebug config
nano /etc/php/7.2/mods-available/xdebug.ini

# https://xdebug.org/docs/basic
zend_extension=xdebug.so

# remote debugger
xdebug.remote_enable=1
xdebug.remote_host=127.0.0.1
xdebug.remote_port=9001 # use port 9001 as 9000 is used by php-fpm
xdebug.remote_log = "/var/log/xdebug/xdebug.log"

# make xdebug log directory
mkdir -p /var/log/xdebug

# and make it owned by www-data
chown www-data:www-data /var/log/xdebug

# enable xdebug for php fpm only
phpenmod -s fpm xdebug

# restart php
systemctl restart php7.2-fpm

# create test page to check if xdebug is working - check for xdebug section in phpinfo()
<?php
function test()
{
echo "Called @ ".xdebug_call_file() .":". xdebug_call_line() ." from". xdebug_call_function();
}
test();
phpinfo();

# install browser plugin
Firefox https://addons.mozilla.org/en-GB/firefox/addon/xdebug-helper-for-firefox/
Chrome https://chrome.google.com/extensions/detail/eadndfjplgieldjbigjakmdgkmoaaaoc
Opera https://addons.opera.com/addons/extensions/details/xdebug-launcher/?display=en

Chromium - first install it to chrome, then in chromium go to extensions, activate developer mode and load the extension from

C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eadndfjplgieldjbigjakmdgkmoaaaoc

# set browser plugin IDE key to PHPSTORM

# create SSH tunnel between the server and the local machine
The cool thing about the SSH tunnel between the server and the local machine is that it will work whatever firewall settings and network configuration.

ssh user@server.com -i private-key.pem -R 9001:localhost:9001 -N -v

# setup PHPSTORM
* in run menu: start listening for debug connections + break on first line
* file > settings > PHP > Debug > XDebug > port 9001

# happy debugging!

# profile php code
# https://xdebug.org/docs/profiler

# enable profiler globally
;xdebug.profiler_enable = 1

# enable profiler if trigger is used
xdebug.profiler_enable_trigger = 1
xdebug.profiler_enable_trigger_value = "hello"

;xdebug.profiler_append = 1
xdebug.profiler_output_dir = "/var/log/xdebug"
;xdebug.profiler_output_name = "callgrind.out.%t-%s"
xdebug.profiler_output_name = "cachegrind.out.%s.%H"

# start profiler
https://server.com/?XDEBUG_PROFILE=hello

Things to optimize are:

  • server connection time
  • time to first byte
  • number of server requests
  • total size of downloaded content

Before you start optimizing, test your site's performance using https://tools.keycdn.com/performance

  1. Request to server
    1. DNS request
      • Here it's probably interesting to switch to a CDN because they usually have faster DNS servers than the standard providers.
    2. connect to server
    3. SSL handshake
  2. Server processing
    1. i/o and memory
    2. httpd
    3. php
    4. mysql
    5. load and execute wordpress
    6. load and execute themes and active plugins
  3. server gives response to client (time to first byte)
    1. update apache to the latest version, something like 2.4.x. to check your version httpd -v
    2. add caching plugin to wordpress W3 total cache
      • page cache enable - disk enhanced
      • minify disable - modpagespeed will do that
      • Opcode Cache enable - zend opcache (enable it in php.ini by uncommenting zend_extension=opcache)
      • Database cache enable - disk
      • Object cache enable - disk
      • Browser cache disable - modpagespeed will do that
      • Fragment cache enable - disk
    3. add modpagespeed to site
      • ...
    4. move to http/2 https://icing.github.io/mod_h2/howto.html
      • in http.conf, uncomment
        LoadModule http2_module modules/mod_http2.so<IfModule http2_module>
        LogLevel http2:info
        </IfModule>
      • in virtual hosts, add this
        # for a https serverProtocols h2 http/1.1# for a http server
        Protocols h2c http/1.1
      • An additional requirement is that no cipher from a specified black list may be used. An acceptable Apache SSL configuration regarding this is:
        SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
        SSLProtocol All -SSLv2 -SSLv3
      • restart apache and test it: https://tools.keycdn.com/http2-test or chrome://net-internals/#http2
    5. change apache from mpm_prefork to mpm_worker/mpm_event
      • check apache server mpm type using httpd -V
      • install php-fpm package
      • start php-fpm service
      • edit httpd.conf and switch to event or worker
        LoadModule mpm_event_module modules/mod_mpm_event.so
        #LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
        #LoadModule mpm_worker_module modules/mod_mpm_worker.so
      • uncomment
        LoadModule proxy_module modules/mod_proxy.so
        LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
      • create new httpd config file php-fpm.conf
        DirectoryIndex index.php index.html
        <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php-fpm/php-fpm.sock|fcgi://localhost/"
        </FilesMatch>
      • include it at the bottom of httpd.conf
        Include conf/extra/php-fpm.conf
      • restart services php-fpm and httpd
    6. get rid of not used apache modules. to check which modules are used httpd -M
    7. check apache workers count and memory usage httpd-mpm.conf
    8. get rid of unnecessary wordpress plugins
    9. speed can be tested with xdebug
      • install xdebug
      • edit /etc/php/conf.d/xdebug.ini
        zend_extension="/usr/lib/php/modules/xdebug.so"

        ; profiler https://xdebug.org/docs/profiler
        xdebug.profiler_enable_trigger = 1
        xdebug.profiler_enable_trigger_value = "test"
        xdebug.profiler_output_dir = "/var/log/xdebug"
        xdebug.profiler_output_name = "callgrind.%s.%H"

      • systemctl restart httpd
        systemctl restart php-fpm
      • You can test if xdebug is working with the following code in a php file:
        function test()
        {
        echo "Called @ ".xdebug_call_file().
        ":".xdebug_call_line()." from".
        xdebug_call_function();
        }

        test();

      • to test the profiler https://octopuslabs.io/blog/?XDEBUG_PROFILE=test

references: https://www.tecmint.com/apache-performance-tuning/
https://www.digitalocean.com/community/tutorials/how-to-optimize-apache-web-server-performance

3

Surveillance cameras are big business and way too expensive when you want to buy one from a reputable brand. Here's an example: Logitech Alert 750e Outdoor Master Security Camera System with Night Vision currently sells at US$999.

In this post I'll show you how to build your own surveillance camera for fun and for way cheaper. Let's get started.

For this, you'll need:

  1. a Raspberry Pi 2
  2. a 16GB micro SD card for the Raspberry software
  3. your favorite USB webcam
  4. an Ethernet cable and a router with at least one RJ-45 free LAN slot
  5. And of course a computer with an SD card reader

raspberry-pi-setupsd-card

  • The first step is to download and install the operating system for the Raspberry Pi. While Raspbian the official Linux OS for the Raspberry Pi is an option, I didn't like it that much as there are way too many things that get automatically installed on it. I decided to go the leanway by installing Debian Jessie instead. Download it from here https://sjoerd.luon.net/posts/2015/02/debian-jessie-on-rpi2/ (latest image at https://images.collabora.co.uk/rpi2/jessie-rpi2-20150705.img.gz) then extract the gzip archive and use Win32DiskImager to write the downloaded image to the SD card.win32-disk-imager
  • Eject the SD card and insert it into the Raspberry Pi, then power the Raspberry using the micro-USB slot. Also connect the Raspberry to your router using Ethernet cable.
  • The Raspberry Pi will automatically boot on the SD card pre-installed image, establish an network connection and the SSH deamon will be listening for us. But first we need to find its IP address. For that we can use nmap which is a network scanner. Download and install nmap then open a command prompt .
  • In the command prompt type ipconfig. This will provide valuable info about our local network. As you can see, my IP address is 192.168.88.47.ipconfig-result
  • Now we scan the network using nmap -p22 192.168.88.2-192.168.88.254 (replace 88 with your local flavor). What this does is to scan the whole local network (except for the gateway) for devices listening on port 22 which is the SSH default port.nmap-results
  • In this example, you can see that 6 devices are present (my computer included) and among them are 4 Raspberry Pi. Now that we have its IP address we can establish a connection using SSH. Probably the best SSH option on Windows is Putty. Download and install it.
  • Start Putty and enter the IP address of the Raspberry Pi under Host name then click openputty-connect
  • The default login is root/debianlogin-as-root
  • Start by changing the root password using the passwd commandpasswd
  • Update the system: apt-get update then apt-get upgradeapt-get-update
  • Update the Raspberry date, time and timezone.
    1. apt-get install ntpdate
    2. ntpdate pool.ntp.orgntpdate
    3. cp /usr/share/zoneinfo/Europe/Riga /etc/localtime to set the time zone (adjust to your flavor)set-timezone
  • Install sudo and add a user account: apt-get install sudo then adduser yourusersudo-adduser
  • Make the new user a system administrator: sudo adduser cat sudosudo-adduser-2
  • Now that we created the user account, let's disconnect from this session and reconnect but with the user account this time. Now let's remove the possibility to login as root. sudo passwd -l rootremove-root-loginIf you want to learn more about why it's important to disable root login...
  • Add USB utilities: sudo apt-get install usbutils
  • Check that your camera is detected: lsusb detect-usb-camera
  • Install the camera software: sudo apt-get install motioninstall-motion
  • Backup the motion configuration file: sudo cp /etc/motion/motion.conf /etc/motion/motion.conf.bak
  • Edit the motion configuration file: sudo nano /etc/motion/motion.conf
  • Here's the list of changes I made on mine
    logfile /var/motion/motion.log
    width 1280
    height 960framerate 5quality 95

    #sdl_threadnr 0

    snapshot_interval 360

    target_dir /var/motion

    snapshot_filename snapshot-%Y-%m-%d_%H%M%S-%v
    picture_filename motion-%Y-%m-%d_%H%M%S-%v-%q-%v
    movie_filename movie-%Y-%m-%d_%H%M%S-%v
    timelapse_filename timelapse-%Y-%m-%d
    stream_quality 95
    stream_motion on
    stream_localhost off

Save the file CTRL + O and exit nano CTRL + X

  • Create dir /var/motion/ : sudo mkdir /var/motion and assign ownership to motion: sudo chown motion:motion /var/motionmotion-dir
  • Start the motion deamon when the system starts: sudo nano /etc/default/motion and set daemon to yes
  • Test if everything works accordingly: sudo service motion restart
  • After a few seconds check if any content was generated in the motion target dir: ls /var/motion/ -lmotion-test
  • And even better, you can now also access the live stream server at https://192.168.88.26:8081 . Well that's it! If you have any issues or problems, just report them in the comments section.live-stream
  • Update: if you notice after reboot that no photos are being captured, here's how to troubleshoot: sudo service motion status. This will show the status of the motion service and will show any errors that could have occurred. It's usually permission issues on the motion config file or the motion log file which can be fixed with chown and chmod.

I recently broke my iPhone 5S screen and decided that I should try to fix it myself.

I headed to ifixit.com to see how hard this could be. After a quick search on their website, I found the exact guide I needed as well as the price for a replacement screen. A quick look at the repair guide convinced me and off I went to order the replacement screen. A week later or so I received the package and was ready to start the surgery 🙂

Following the guide made the repair relatively easy, the only issue I experienced was that the screen connector was not exactly in place the first time I tried which resulted in screen artifacts.

photo 1photo 2

photo 3photo 4

 

 

Windows 10 now being definitely released, I wanted to have a fresh look at it and decided to install it. As I want to keep my current installation of Windows 7 for the time being, I opted to install it on a second internal hard drive I have on my fantastic Folio 9470m (it has 2 HD slots: one for a standard 2.5" SATA drive and another for a mSATA micro-drive).

Unfortunately this turned into a really frustrating fiasco as the installer is not letting me decide anything!

The only options I have is to upgrade my current Windows 7 to Windows 10 or make a Windows 10 clean install!!! WTF?

windows10-installation-2

While I certainly understand the installation process should be kept as simple as possible for the non-techy crowd, I simply refuse to imagine that the people in charge of UI have not thought about any other options.

For now I'm just going to enjoy doing other stuff instead of trying to find the hack for this ocean of frustration...

I recently had the opportunity to play around with x64_dbg as OllyDbg can only debug 32 bit executables. In fact this is not exactly correct as there is a version 2 of OllyDbg that supports x64 but it's still a work in progress (last updated in February 2014) and I didn't have much success with the apps I tested.

My initial impression is that any OllyDbg user will immediately feel familiar with x64_dbg and quickly get debugging. Of course x64_dbg being a relatively new project it only has a few plugins so far. Anyway try it out if you have any 64 bit apps laying around.

x64_debug

Sysinternals' Process Explorer is just the best when it comes to watching all processes that are running on your machine. I've been using it for years and I'm not afraid to say it's the best single executable I ever came across. Tools such as this one are what makes Windows a great OS to work on.

process-explorer-overview

I use it all the time to check:

  • how much memory/cpu processes take
  • to kill processes
  • to find new processes running on my machine (such as after a new software install: I dislike those pesky installers that silently install services and processes that start with Windows)
  • to find the path to a certain executable

What I recently discovered however is that right from within Process Explorer, you can actually verify the signatures of all presently running executables.

process-explorer-verify-signatures

and even better submit the hash of every single running executable to Virustotal for validation with all major antivirus engines.

process-explorer-check-virustotal

Here's how it looks once the check was done.

process-explorer-virustotal-results

As you can see I have one process that requires further attention. It's Notepad++. Simply clicking on the "1/57" brings up the virustotal report which after verification proves to be harmless.

process-explorer-virustotal-result-notepad

I have experienced problems with one of the 2 USBasp programmers we have at MakeRiga and decided to flash the firmware. Here's how to do it.

  • Download the latest firmware from https://www.fischl.de/usbasp/. At the time of writing this it was https://www.fischl.de/usbasp/usbasp.2011-05-28.tar.gz
  • Extract the archive
  • There are 3 firmwares inside the usbasp.2011-05-28\bin\firmware directory: usbasp.atmega88.2011-05-28.hex, usbasp.atmega8.2011-05-28.hex and usbasp.atmega48.2009-02-28.hex. The difference between them is the target micro-controller. Check which one you have.

usbasp-view-top

  • To update the firmware you also need to set jumper J2 on the USBasp to update as explained in  the Readme.txt
  • Set both USBasp to 5V on jumper J1 and connect them via a 10 pin cable
  • Finally connect the programmer to the computer USB port

usbasp-connected-to-usbasp

    • Now let's get to avrdude. Copy the correct firmware to the avrdude directory.
    • Backup the original firmware. You'll need to replace VARIABLE with your micro-controller version: atmega8, atmega48 or atmega88

avrdude -c usbasp -p VARIABLE -U flash:r:flash-usbasp.bin:r

avrdude-flash-dump-usbasp

  • To write the latest firmware. Replace FIRMWARE with your firmware

avrdude -c usbasp -p VARIABLE -U flash:w:FIRMWARE

avrdude-update-usbasp-firmware

That's it!

In May, MakeRiga organized a great hacking event. I provided a few software challenges for the competitors while others contributed with hardware challenges. These last few days I spent some time discovering the later as I have close to no experience in hardware. Here's my journey with my first hardware challenge: Blinky. Blinky is simple circuit with a blinking red led and a green led that stays switched off.

circuit


There are 2 objectives for this challenge:

  1. Make the green led blick synchronously with the red led
  2. Make the green led blick asynchronously with the red led

challenge

The first thing I did is look at the components on the circuit and the associated wiring.

circuit-pinout

  • a chip labeled ATMEL1412 TINY13A SSU
  • 1 green led, 1 red led
  • 2 resistors
  • 1 capacitor
  • 1 switch
  • 3V CR2032 battery

Of course the most interesting part is the chip and as I didn't know what it does, I searched for it on duckduckgo.com (I started google detox a few days ago and so far I'm very happy with the results Duck Duck Go gives me). Here's the official documentation for the chip.

The Atmel picoPower 8-bit AVR RISC-based microcontroller featuring 1KB of ISP Flash, 64-byte EEPROM, 64-byte SRAM, 32-Byte register file, and 4-channel 10-bit A/D converter. The device achieves up to 20 MIPS throughput at 20 MHz at 1.8-5.5 V operation.

So since it's a micro-controller, it means that there's software written inside it to blink the led. So at this stage, there are 2 ways to complete the objectives:

  • hardware: solder new wires to the circuit
  • software: modify the software on the chip

As I'm more of the software guy I took this approach. It ended up being much longer than the hardware approach but I really learnt a lot from it. So my first question was: how can I extract the software from the micro-controller?

I found out that you need both software and hardware for that task. For software avrdude is very popular and for hardware I opted for a USBasp programmer as we have 2 of them at MakeRiga. Here's how it works: Avrdude communicates with the micro-controller through the USBasp. For it to work the USBasp pins must simply be connected to the corresponding pins on the ATtiny 13A micro-controller. I also had to solder pins to the circuit for easier connection.

usbasp-pinoutattiny13-pinoutcircuit-soldered-pins

Here's how it looks with everything connected. Note that the led is blinking because the circuit is powered through the USBasp.

usbasp connected to circuit

Now it's time to dump the software from the chip:

avrdude -p t13 -c usbasp -U flash:r:flash-13.bin:r

avrdude-flash-dump

For it to work make sure that avrdude finds its config file and that the jumper 3 on USBasp is connected. Here's a copy of flash-13.bin (it's only 64 bytes of code). To check that everything is working, let's upload the firmware back to the device.

avrdude -p t13 -c usbasp -U flash:w:flash-13.bin

avrdude-flash-upload

Now that we know it's working comes the next question: how can I write software for the micro-controller? I found out that the main options are Arduino IDE with a few changes or use Atmel Studio. I opted for Arduino IDE as it was a lighter download. Atmel Tiny micro-controllers are unfortunately not supported out of the box and I had to fiddle for a while until I found out how to do it thanks to this blog.

In Arduino IDE, under Tools, select board ATtiny, processor ATtiny13 and clock 1Mhz internal.

Next problem was to get some start source code to play with. Arduino IDE has a blink example so I started with this one.

arduino-blink-example

The code only required a few modifications to work. First our micro-controller only has 8 pins, so it can't be pin 13. After looking at the circuit pinout again, I concluded that PB0 is connected to the red led and PB1 to the green led and PB0 is pin 0, PB1 is pin 1. I uploaded the code and ended up with a red led but not blinking. strange...

Changing the pin to 1 turned the green led and setting the digitalWrite to low would turn the light off. So I understood there was some problem with the delay function. I found out that I had to use another function named _delay_ms and that did the trick.

arduino-blink-example-fixed

Interestingly my software ended up costing 364 bytes, which is a huge inflation compared to the original 64 bytes.

Solving the objectives 1 and 2 was a piece of cake from there on. Here's the code for both leds blinking at the same time.

arduino-both-leds-blinking

And asynchronously...

arduino-both-leds-blinking2

Finally the software way was much harder but definitely a lot more fun 😀

Here's how the hardware approach looks for the alternative blinking.

hardware-solution