Author Archives: gbl

Syncthing and Log Spam

Syncthing is a great piece of Software to keep multiple PCs – and tablets – in sync. Unfortunately, it produces a LOT of log spam; on my Ubuntu machines, more than half of the entries in /var/log/syslog are useless syncthing INFO messages.

Here’s how they get produced:

  • Syncthing outputs stuff on stdout/stderr
  • Systemd, which starts syncthing, connects that stdout and stderr to itself, and sends everything it gets to rsyslogd
  • Rsyslogd has a default config to send pretty much everything to /var/log/syslog

And here’s how to change that:

Create a file /etc/rsyslog.d/30-syncthing.conf:


# Ignore syncthing INFO messages
if $programname == 'syncthing' and $syslogseverity-text == 'info' then stop

Restart rsyslogd:
systemctl restart rsyslog

Done!

OpenGL applications over ssh -X

Lately, I needed to set up VirtualBox on some server I use to ssh into, and I wanted to use the GUI for initial setup. I did this previously, without any problems – ssh -X, then just start the GUI.

Not so with VirtualBox 5, the only message I got was libGL error: failed to load driver: swrast.

Turns out that the VirtualBox 5 GUI uses OpenGL, while previous versions didn’t, and there seem to be some issues whether that should be rendered locally or remotely.

Finally I found a solution in a 20 year old discussion: https://groups.google.com/forum/#!msg/comp.security.ssh/DXHF6hGznYI/15zYRY4L5pYJ is still valid.

GLFORCEREDIRECT=no VirtualBox

works.

Updating Minecraft liteloader mods

Every now and then, there is a new minecraft subversion, and when your favourite server updates, you need to update as well. Which is easy if you’re running a plain vanilla client, but can be quite an annoyance when you’re using mods, and your mod author doesn’t update them in time.

When there’s a lot of changes to the client itself, then, well, mods have to adjust to these changes. But when the changes are very minor, like 1.12 to 1.12.1 to 1.12.2, most of the time, plugins will still work.

As long as they’re forge mods. Not so, with liteloader.
Continue reading

The annoying alternate screen in vte-based terminal applications

Current Linux terminal emulators have a feature that many people consider a bug.

Read the manual of some command. Find what you wanted to check. Quit the viewer to return to the command line. Poof, your screen is restored to what it was before you started man, and the information you were looking for is gone.

Same if you start your editor; quit the editor and the screen restores to the previous content.

Continue reading

Using Logitech G keys in Linux (Ubuntu, 14.04)

Finding a useful resource for this took me quite a while. The solution comes with the standard repository:

apt-get install g15daemon

On my 18-key G15, keys G1..G18 map to key 175..192, and M1..MR map to 193..196.

xmodmap can be used to reassign keys; unfortunately, you can’t assign a sequence of keys to one key press. Still looking for a solution to this.

Setting up an SSL server to use a key exchange that wireshark can decrypt

Sometimes, you need to decrypt SSL. Wireshark says you can do that if you have the server key.

This works .. almost.

It doesn’t work if the key exchange uses a DH (Diffie-Helmann) cipher. You need to use a RSA cipher for the key exchange. Several people on the internet tell you this, but i was never able to find any information which keys to use and which not to use.

Seems this works, however:

I made it work. As SYN-bit said, the reason because my server and client use DH cipher to exchange key, I should config my server to use RSA cipher to exchange key. with Apache :

SSLCipherSuite RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

Now I can decrypt https traffic.

How to get a free codesigner certificate, and sign Java jars with it

Oracle is (rightfully!) tightening the security requirements around the .jnlp web starter more and more. Formerly, they were just started; later, you got warning messages if they weren’t signed with a proper certificate, and in the newest versions, you need to explicitly manage a list of servers you permit execution from.

So, even if you’re a developer of open source, or freeware, you need to sign your code, which requires a certificate, which normally costs money. Unless you use the services of the nice company Unizeto, who, with their Certum certificates, give code signing certificates to open source developers for free.
Continue reading