thecweb.com

Tag: Tinkering

Stuff I attempt to fix or improve.

  • my power company is nuts

    my power company is nuts

    I guess they want you to pay extra for green energy? Even though it’s cheaper to produce? It’s most abundant when the sun is out? Which is when we use the most AC? Wonder why “share” is in quotation marks? Implies you get money back, but “you know.”

  • Self-Hosted Email – Part three – OpenDKIM for thee

    Self-Hosted Email – Part three – OpenDKIM for thee

    Don’t remember if I ran this “semanage port -a -t milter_port_t -p tcp <port>”

    The main config file for this is /etc/opendkim.conf, and we’ll get to that in a bit. I’m actually not even using OpenDKIM per se, but the milter. milter being a portmanteau of mail and filter. The milter adds a signature signed with a private key to each email sent through it. So postfix sends to local port for opendkim, and opendkim does its thing, and sends it to the internet(or possibly back to postfix, I can’t remember, and I am writing this weeks after the fact).

    After I read enough to understand how it worked, the official documentation was most useful in configuring snail. You generate a public/private key pair, publish the public key as a text record, and use the private key to sign messages you are sending. This provides cryptographic proof that the email came from a server authorized to send main from the domain. The selector being part of the key generation and the published DNS record.

    I find it makes most sense to start with the DNS record, which is in the format:

    SELECTOR._domainkey.DOMAIN

    SELECTOR is whatever you want, but some say the convention is to only have your cert valid for a month, and name it the month and year or some shit, but no, I’m too lazy. The selector relates to the cert file store on the system.

    _domainkey just tells anyone looking for the domain key that this is the text record they want.

    do I really need to explain DOMAIN?

    The cert is generated by running:

    opendkim-genkey -s SELECTOR

    The private key is what Opendkim needs read access to, and I copied it to /etc/dkimkeys, which is the style in my distro.

    It also spits out the text part of the text record, so I copy/pasto and it seems fine. It can be tested with this after the DNS is updated on the internet:

    opendkim-testkey -d DOMAIN -s SELECTOR -k rsa.private

    I had to change the following parameters in main.cf, which if you’re following so far I don’t need to explain:

    Domain			<DOMAIN>
Selector		<SELECTOR>
KeyFile		/etc/dkimkeys/<cert>.private

    This allows all hosts on the local subnet to use opendkim:

    InternalHosts		192.168.1.0/24

    listening on inet socket:

    Socket			inet:8891@localhost

    After restarting Opendkim for the changes to take effect, we add some stuff to main.cf to tell postfix what’s up:

    ### OpenDKIM bullshit   ####
## should should document this better
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

    The bottom two lines are as they appear in the docs. I don’t know what the top two do, and past chris being the lazy sack-o-shit that he is, the comments are no help. eh.

  • Self-Hosted Email – Part two -Postfix my dix

    I looked through several tutorials on configuring postfix, but none of them really fit my situation, so after maybe a month of going through those with lackluster results, I ended up following the official documentation.

    I started this configuration thinking I’d go for send and receive, but I broke receiving will getting sending to work, so receiving still points to namecheap, which just forwards everything to my spam gmail. I hope to revisit that at a later date.

    To begin with, postfix configuration is stored in /etc/postfix/main.cf. And after giving up receiving, postfix doesn’t really need that much configuration to get working.

    I decided the most logical setup was to have the system only configured to send and receive mail for the local system and domain(basically default install), and the rest of the config is done through the virtual mailbox config.

    ###  vmailbox with postfix accounts
virtual_mailbox_domains = <INTERNET DOMAINS>
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

    mailbox_domains tells the system which virtual domains to use,

    mailbox_base is on the local filesystem, and is the parent of all mailboxes.

    mailbox_maps goes to a hash of the file /etc/postfix/vmailbox, and it contains the email address-to-mailfile mappings(realtive to base), and must be hashed by the postmap command after changes are made.

    the rest you can figure out.

  • Self-Hosted Email – Part one

    Self-Hosted Email – Part one

    the saga of how gmail reluctantly accepted zabbix alerts from my self hosted postfix server

    Currently my email setup is quite simple. I have three domain names, and have them all set to forward incoming email to my spam Gmail account. Then I use rules on the to: field to label them as they come in. It works quite well for pretty much every thing I need, with the exception of sending emails. And sending isn’t really a need, but it would make a lot of things easier. Anything from critical alerts to posting on this very WordPress site could be automated if I could send out email, and actually have it delivered. That is much more difficult than receiving. MS and google have pretty much made it so you can’t use your own email server and get it delivered to the inbox, maybe spam if you do everything right. I started this post a month or two ago. I’m not sure when exactly, but the last time I created the VM qcow was March 28.

    I’m now writing the actual posts, which should be two, possibly three posts, so that I can refer to them later with ease. Postfix and OpenDKIM. Possibly one to tie them all together. Might be simpler to have it in one, but this is where I’m starting from my pages of notes and poorly labeled screenshots.

  • New washer, dryer, ac for upstairs

    New washer, dryer, ac for upstairs

    This kind of spending all at once is probably some sort of episode. But, I needed the AC really bad. I didn’t really neeeeed the washer and dryer, but this one sends notifications to my phone, so I can use it without forgetting things in the washer, and ruining clothes. “I’ll just leave the notification up until I change the load!” – future me. Also Orange fat-cat make tariff.

    Costco has a good delivery and haul away reputation it seems, so I got them from there. I basically just got newer versions of my current Samsung washer and dryer.

    The AC is a U design which allows you to open and close the window with the AC installed. Also, it has voice and app control.

    not much to the washer and dryer. The only thing I care about is the notifications.

  • 3D Slicer – Broke ribs – surgery

    I’m not sure exactly how, but I broke a few ribs and need surgery. I got a copy of the CT scan, but the viewer the hospital gives you is completely worthless. I found slicer.org, and see that is is made possible by a grant from the NIH. Which made me realize I should rehost a download just incase.

    Download Slicer 5.8 for Windows 64-bit

    https://thecweb.com/wp-content/uploads/2025/02/Slicer-5.8.0-win-amd64.exe

  • AAI

    AAI

    The question:

    import os

    file_path = “/bin/bash”

    if os.path.exists(file_path):
    os.remove(file_path)
    print(“File deleted successfully.”)
    else:
    print(“File not found.”)

    What does this code do? And is it safe to add to my init scripts?

    Both bots accurately explain what the script does(no shit sherlock. you mean a computer knows what that “code” is? like the code that is written specifically to tell the computer what to do? It’s capable of decoding the shit written specifically for it to understand? IT’S ALIVE!!!) But, the one tells me not just no, but “Absolutely not”, while the other makes sure I know to run it as root. lol.

    Full transcript cause bytes is cheap

    GOOD:

    This Python script attempts to delete the file located at /bin/bash if it exists. Here’s a detailed explanation of what each part does:

    Code Explanation

    1. file_path = "/bin/bash":
    • This defines the path to the file that the script will work with. /bin/bash is the standard location of the Bash shell executable on many Unix-like systems, including Linux.
    1. if os.path.exists(file_path)::
    • This checks if the file /bin/bash exists on the system.
    1. os.remove(file_path):
    • If the file exists, the script attempts to delete it using the os.remove() function.
    1. print("File deleted successfully."):
    • If the deletion is successful, the script prints this message.
    1. else::
    • If the file does not exist, it prints “File not found.”

    What does this code do?

    • Deletes /bin/bash if it exists.
    • /bin/bash is the Bash shell executable, a critical binary on most Linux/Unix systems. It’s the default shell interpreter used in many systems and is essential for running scripts, executing commands, and accessing the shell.
    • If /bin/bash were deleted:
    • Any operation requiring /bin/bash would fail. This includes running Bash scripts, logging into the shell for users with Bash as their default shell, and many system services that rely on Bash scripts.
    • Deleting /bin/bash could render the system unusable depending on how it’s configured.

    Is it safe to add to your init scripts?

    Absolutely not.

    • Why?
    • This script is inherently destructive. Deleting /bin/bash on system startup (via init scripts) would likely break your system:
      • Users would be unable to log in if their default shell is Bash (/bin/bash).
      • Critical startup scripts and services that depend on Bash would fail.
      • Recovering the system would require booting into a rescue environment or using a live USB to replace the deleted /bin/bash.
    • Never include such scripts on systems unless you fully understand the implications of the code.

    What should you do instead?

    If you’re auditing or testing something related to file existence or deletion, consider:

    1. Using a test file or directory that isn’t critical to the system:
       file_path = "/tmp/testfile"
   if os.path.exists(file_path):
       os.remove(file_path)
       print("File deleted successfully.")
   else:
       print("File not found.")
    1. Avoid targeting critical system binaries like /bin/bash.

    Conclusion

    Adding this script to your init scripts would be a catastrophic mistake and could render your system unusable. Always double-check the purpose and implications of code before running it, especially in critical areas like system startup.

    BAD:

    The code snippet you provided is a Python script that checks for the existence of a file and takes an action based on the result. Here’s a breakdown of what it does:

    1. Import the os module: This line imports the os module, which provides a way of using operating system dependent functionality.
    2. Define file_path: It sets the file_path variable to /bin/bash, which is the path to the Bash shell executable on many Unix-like systems.
    3. Check file existence: The os.path.exists(file_path) line checks if the file or directory at the specified path exists.
    4. Delete the file (if exists): If the file exists, the script uses os.remove(file_path) to delete it.
    5. Print the result: Depending on whether the file existed or not, it prints either “File deleted successfully.” or “File not found.”

    Safety for init scripts:

    Adding this code to your init scripts (e.g., in /etc/init.d or similar) can be safe under certain conditions:

    • Root access: Deleting system files like /bin/bash requires root privileges. Make sure your init script runs with root or a user with sufficient permissions.
    • Backup and redundancy: Before deleting the file, consider adding backup mechanisms or redundancy checks to ensure that essential system components aren’t inadvertently removed.
    • Purposeful action: This code snippet appears to be intended for cleaning up or troubleshooting. Before adding it to your init scripts, clearly understand its purpose and ensure it aligns with your system’s normal functionality.
    • Testing: Thoroughly test the script in a controlled environment before incorporating it into your production init system.

    Important Considerations:

    • System stability: Deleting critical system files can lead to system instability or failure.
    • Backup: Always have a backup of your system and important configurations.
    • Alternatives: Explore alternative methods for achieving the desired outcome without directly deleting system binaries.
    • Documentation: Clearly document the purpose and functionality of any code added to your init scripts for future reference and maintenance.

  • enter the virtual

    I’m in the process of cleaning up my gaming PC, so it is easier to virtualize. The C: drive has grow over the years to 153 GB of crap. Naturally, I found the opensource Bulk-Crap_uninstaller. I was monkey’n around in Visual Studio 2022 already, so I was able to clone it from github and compile it with a handful of clicks. It is pretty nice. I wish I had found it before I spent like an hour manually uninstalling things.

  • Programmable Search Engine

    I just found out about this programmablesearchengine.google.com site. It is for adding a custom site search bar to you website, but it also allows you to just do a regular google search on the web, and then include and exclude up to 500 sites, so it seems like the perfect way to configure some searches for specific tasks.

  • Twitter

    Twitter suspended my account for posting the link to the Vance dossier. I just had to delete the tweets with the links in them. So this post is just so I can post it on twitter, then tweet the link, and see if my account gets banned again. I’m curious if they are just looking for the original URLs or doing some more extensive filtering.

    I figure I’ll try the direct link first, and then just host the file directly on the site if that doesn’t work.

    Scroll down and there is a download link for the full PDF.

    https://www.kenklippenstein.com/p/read-the-jd-vance-dossier