How To Install LEDE on a Linksys WRT1900ACS.

This post will guide you through a LEDE Linksys WRT1900ACS installation. It’ll show you how to install LEDE on a WRT1900ACS fresh out of the box.

Understand this: Always flash firmware using a wired connection, never via WiFi. Failure to adhere to this substantially increase the probability you will brick your router. I’ve only included instructions for flashing via an Ethernet below. If you chose to use a wireless connection instead, you’re on your own.
Warning: Flashing third party firmware will void your warranty. I will not be held responsible if anything goes wrong. Flashing a device’s firmware is always a risky operation, especially when you’re dealing with custom, unofficial firmware. By following this amateurish guide you understand that you might end up with a brick – a useless piece of hardware.

Flashing a router with third party firmware isn’t a trivial thing to do, even with the help of this step-by-step guide. Make sure you read through the entire guide at least twice before you start so you get an overview of the steps.

With that out of the way, let’s get started.

Continue reading "How To Install LEDE on a Linksys WRT1900ACS."

How To Enable HTTP/2 in Apache on Ubuntu 16.04.

Here’s a simple guide showing how you can enable HTTP/2 in Apache on Ubuntu 16.04.

The internet is awesome. It can be used by governments to very efficiently spy on their citizens, it got Donald elected, and it’ll be mentioned in future history books as the main tool used in the second rise of fascism. There are also a few funny cat pictures.

Today’s internet connections are amazingly fast. You younglings might not believe this, but there was a time when we actually had to sit and wait for a website to appear. If you want to experience the internet speeds of the past, give 56k Emulator a try. It will give you the basic idea. And keep in mind that 56K modems were freakin’ fast when they became available.

But I digress. Sorta. Even though today’s internet connections are fast, the technology used to push propaganda around inside the tubes is old and slow. HTTP/1.1 was never intended to be used with the kind of content-heavy website we have today. Thankfully, there’s a new option available, the marvelous RFC-7540. Or HTTP/2, if you will.

HTTP/2 is a major revision of HTTP/1.1. Its main goal is to make web sites appear in your browser quicker, and with the need to send less data than with HTTP/1.1. The “number one HTTP server on the internet”, Apache 2 only has experimental support for HTTP/2. This means that it’s not available in the version Ubuntu 16.04 includes by default.

Once again, we have to turn to our PPA packaging hero Ondřej Surý for support. Not only does he maintain packages for the latest and greatest version of PHP (that we used here), he also makes sure Ubuntu users can be on the bleeding edge of Apache goodness.

Continue reading "How To Enable HTTP/2 in Apache on Ubuntu 16.04."

How to Secure SSH with 2FA on Ubuntu.

As you know, I love two factor authentication (2FA). Now the time has come to secure SSH with 2FA on all our Ubuntu servers.

I recently noticed that the bandwidth usage on VBOX4 had increased slightly. Apart from the spikes that come when the server is doing its nightly offsite backup, there was also an average increase in bandwidth usage. In an ideal world, that would be caused by the success of my Facebook antics, but I’ve got Piwik stats that says otherwise.

Now, that there is a slight bandwidth increase that last for a few days isn’t uncommon. Google sometimes finds it necessary to index the entire site. But I’m a curious little nerd, and with the help of netstat I checked incoming connections. It showed a Chinese IP address trying to connect to poor VBOX4 via SSH. That isn’t necessarily a reason to panic either. If you have a computer connected to the internet, there will be bots trying to connect to various services around the clock. For my own convenience, I’ve got SSH running on the standard port, 22, which makes it a prime target for that kind of shenanigans.

Moving it away from the standard port could be an option. But security by obscurity isn’t really security IMHO. Sure, it makes things a little bit harder. But there are only 65,535 ports to choose from, and if a bot wants to find your SSH port, it will find it eventually. Port knocking might be a better scheme if you want to hide your doors.

Or, you can hire a kick-ass doorman! That’s what we’re going to do with 2FA.

Continue reading "How to Secure SSH with 2FA on Ubuntu."

How To Install the Latest PHP Version on Ubuntu.

Here’s a simple guide showing how you can install the latest PHP version on Ubuntu.

Purchasing the Samsung Galaxy S7 had an unforeseen consequence: My A Picture A Day code stopped pulling GPS coordinates from the EXIF data embedded in the pictures I took with the phone. I knew the GPS data was there somewhere, because every EXIF reader I tried showed it – I just couldn’t get my PHP code to extract the data.

A bit of research on the interwebs revealed that the missing GPS data was caused by a bug in PHP, and the good news was that the bug was fixed in PHP 7.0.10. The bad news was that Ubuntu 16.04 is stuck on PHP 7.0.8.

This is the flip-side to using Ubuntu. APT and the Ubuntu packages make it very easy to install new software. Compiling, dependencies, and standard configuration are handled for you, but you’re also at the mercy of the package maintainers, and how quickly they compile new packages. In the case of PHP, this means Ubuntu 16.04 LTS users currently are locked to PHP 7.0.8, lagging four patch versions behind the official packages available from PHP.net.

Continue reading "How To Install the Latest PHP Version on Ubuntu."

How To White List JetPack Servers.

JetPack is a collection of WordPress power tools maintained by the WordPress creators Automattic. It will, among other things, provide you with site stats and analytics, automatic social network sharing, 24/7 uptime monitoring, and access to a high-speed content deliver network for images.

Many of JetPack’s features use the WordPress.com infrastructure, and to use it on a self-hosted WordPress install – like the one you’re looking at right now – the WordPress XML RPC interface has to be accessible to the WordPress.com servers. The problem with that approach is that XML RPC interface is one of the favorite attack vectors for WordPress hackers script kiddies. So the interface is ideally locked down and made inaccessible unless it’s strictly necessary to make it available.

To get JetPack to work properly it’s necessary to make the XML RPC interface accessible from the in-ter-net. But you don’t want every single Russian basement dweller to get access: Ideally, you just white list the JetPack servers.

Continue reading "How To White List JetPack Servers."