Codex

Dealing with Image Hotlinks & Bandwidth Bandits

How to deal with other sites hotlinking your images and making you pay for their bandwidth.

Getting your Ubuntu server to show up in Finder on OS X

An easy guide to get your Ubuntu machine to show up in the Network window in Finder on your Mac without using Windows File Sharing.

Openswan LAN to LAN IPSEC Tunnel to Draytek 2820

My Openswan to Draytek 2820 LAN to LAN IPSEC tunnel config.

BT Infinity with Linux Router

Posted by arcana on November 26th, 2011

BT just enabled Infinity in my residential area, so I quickly contacted my ISP to see if they could upgrade me. They said they were still working on their fibre rollout and couldn’t estimate when they might be able to provide a fibre to the cabinet connection. Obviously I dropped them like a shitty stick, and put my order in with BT immediately.

My old connection with Bethere would let me download at about 6Mb and upload at well under 1Mb over ADSL2+. After the BT engineer upgraded my connection, I almost squealed with glee to see it was almost 37Mb downstream and 8.6Mb upstream. That’s a serious upgrade!

The engineer installed a new modem and the BT HomeHub router. Of course I don’t want to use a generic router so I unplugged it and began figuring out how I could plug my trusty Linux Acer Revo 3600 back in. The modem has 2 ethernet ports on the back, but one is masked off. Plugging in to that was the easy part. What I wasn’t sure of was what the modem really was – Was it a real modem or was it like my old BeBox which maintained the connection for me and acted as an invisible bridge?

New Server, New Desktop Computer :)

Posted by arcana on January 2nd, 2011

Over the past month, I’ve experienced truly wonderful customer service from Apple and the complete opposite from Easyspace / virtualservers.com.

I instructed 1and1 to transfer my codexsoftware.co.uk domain to Daily so that I could have cheaper renewals, and because that’s where I have most of my other domains. Unfortunately rather than just change the IPS tag and leave everything else as it was, 1and1 decided to also delete my web site and all my mail too…

What a cock up!

Posted by arcana on November 13th, 2010

Well after a monumental cock-up by 1and1, I’ve found myself trying to cobble my site back together. I have most of it except some blog images that I didn’t back up. Doh!

iptables: PPTP Passthrough and UPnP for Xbox 360

Posted by arcana on October 28th, 2010

iptables: PPTP Passthrough and UPnP for XBox 360

I recently decided to replace my nice Draytek 2820 with a Linux box for purely geeky reasons. Since then I’ve come across a couple of little ‘gotchas’.

Firstly I found that I couldn’t open any PPTP connections from computers on my network, despite GRE being allowed to pass through my firewall. The solution was to simply load some extra kernel modules.

/sbin/modprobe nf_conntrack_proto_gre
/sbin/modprobe nf_nat_proto_gre
/sbin/modprobe nf_conntrack_pptp
/sbin/modprobe nf_nat_pptp

To do this at boot time, just append the module names to your /etc/modules file. i.e. mine now looks like this:

# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.

loop
lp
nf_conntrack_proto_gre
nf_nat_proto_gre
nf_conntrack_pptp
nf_nat_pptp

The other thing I noticed was that when playing on my Xbox 360, I’d get a warning about some of the features not being available on Xbox Live. At first I thought it was a temporary problem with their service but I got a bit suspicious after a few days and decided to investigate further.

I ran a connection test from the Xbox and it suggested that I should enable a UPnP server on my router if possible. I installed linux-igd with the usual command.

sudo apt-get install linux-igd

Then I edited the /etc/default/linux-igd file to let it know about my interfaces.

# External interface name.  If undefined then upnpd will not be started.
EXTIFACE=eth1

# Internal interface name.  If undefined then upnpd will not be started.
INTIFACE=eth0

Then I restarted the linux-igd service

sudo service linux-igd restart

The Xbox is now happy. Easy peasy.

Mac OS X Lion Sneak Peek

Posted by arcana on October 23rd, 2010

Gah! No! OS X Lion looks naff. Why would I want my computer to behave like an iPhone? An iPhone has limited screen space and you poke with a finger. My computer has a huge monitor and a proper keyboard and mouse instead because… it’s a computer!

I hate the idea of all those icons displayed over the desktop too. I realize it only does that when you use the Launchpad but desktops should be tidy! It even does that ugly thing that iPhones do with folders. Blech!

Perhaps this is mostly because they want to cash in and put the App Store on the Mac

http://www.apple.com/macosx/lion/

Dealing with Image Hotlinks & Bandwidth Bandits

Posted by arcana on October 21st, 2010

Ever found one of your images on someone else’s site? Then to add insult to injury you find that they’ve actually linked your image directly from their page so you’re paying for the bandwidth for them to display your image on their own page? Bandwidth bandits!

Well here’s a way to write a message across the centre of the image, if the image has been loaded from any site but your own. To do this we need to create 2 files. One is an .htaccess file for use in Apache and the other is a PHP script. Apache must have the mod_rewrite module enabled and PHP must have been compiled with the GD library for this to work.

The following .htaccess file should be dropped in to the root docs folder of your web site. It contains rules that tells Apache to check the referring domain on any file that contains a jpg, gif or png extension. If the referrer is codexsoftware.co.uk, friendlysite.com, google.com or Google’s cache then it’ll serve the image as normal. If it isn’t then it’ll redirect the request to imagehotlink.php in the document root. You should edit these domains for your own site. Remember to put the backslash before all dots in your domain names.

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !codexsoftware\.co\.uk [NC]
RewriteCond %{HTTP_REFERER} !friendlysite\.com [NC]
RewriteCond %{HTTP_REFERER} !google\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
RewriteRule (.*) /imagehotlink.php?pic=$1

Then all we need to do is drop the following imagehotlink.php file in to your document root. It will load the requested image and write the contents of the $text variable across the centre of the image in as large a font as it can – adjust the text to your amusement

<?php
$pic = strip_tags( $_GET['pic'] );
if (!$pic)
	trigger_error("No picture specified.", E_USER_ERROR);
$path_info = pathinfo($pic);
switch ($path_info['extension']) {
    case 'gif':
        $image = imagecreatefromgif($pic);
        break;
    case 'png':
        $image = imagecreatefrompng($pic);
        break;
    case 'jpg':
    case 'jpeg':
        $image = imagecreatefromjpeg($pic);
        break;
}
if (!$image) {
    header("HTTP/1.0 404 Not Found");
    exit;
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Content-type: image/png");
$color_text = imagecolorallocate($image, 255, 255, 0);
$color_shadow = imagecolorallocate($image, 0, 0, 0);
$color_bg = imagecolorallocate($image, 0, 0, 50);
$text = "http://www.codexsoftware.co.uk/ pwns this site";
$ypos = imagesy($image) /2;
$font_size = 5;
$text_width = imagefontwidth($font_size)*strlen($text);
while (($text_width > imagesx($image)) && ($font_size > 2)) {
    $font_size--;
    $text_width = imagefontwidth($font_size)*strlen($text);
}
$xpos = ceil(imagesx($image)/2) - ceil($text_width/2);
imagefilledrectangle($image, 0, $ypos,iagesx($image), $ypos + imagefontheight($font_size), $color_bg);
imagestring($image, $font_size, $xpos+1, $ypos+1, $text, $color_shadow);
imagestring($image, $font_size, $xpos, $ypos, $text, $color_text);
imagepng($image);
imagecolordeallocate($image, $color_text);
imagecolordeallocate($image, $color_shadow);
imagecolordeallocate($image, $color_bg);
imagedestroy($image);
?>

This code was inspired by this excellent article http://www.alistapart.com/articles/hotlinking/ It has a good explanation of the .htaccess rules and how referrers work, but I liked the idea of returning a modified image rather than an HTML block as it allows me to write amusing messages across bandits’ web pages.

Getting your Ubuntu server to show up in Finder on OS X

Posted by arcana on October 15th, 2010

I just found this easy guide to get my Ubuntu to show up in the Network window in Finder on my Mac.

How to get your Linux-based AFP server to show up correctly in Leopard’s new Finder

My Linux server is running Ubuntu 10.10 and the steps I needed to get it working were slightly different, but generally easier since Netatalk seems to have come a long way since that blog post.

sudo -i
apt-get install netatalk
apt-get install avahi-daemon
cd /etc/avahi/services
wget http://www.disgruntled-dutch.com/media/afpd.service
service netatalk restart
service avahi-daemon restart

Worked for me

Apparently you can even use the new Netatalk as a server for Time Machine!

If you’re on an older version of Ubuntu then you might get an error after installing netatalk like this

Starting Netatalk services (this will take a while): nbp_rgstr: Connection timed out
Can't register cctv:Workstation@*

This can happen if you have any virtual network interfaces configured. The solution is to tell netatalk which interface to use. Just edit /etc/netatalk/atalkd.conf to do so and add the network interface on a line by itself. In my case I only want it to use eth0.

Unfortunately at this stage the system considers the netatalk installation to have failed. I found that in order to make aptitude happy, I had to do this:

apt-get remove netatalk
apt-get install netatalk

The remove instruction still leaves your edited /etc/netatalk/atalkd.conf in place which netatalk uses upon installation. Everything should work fine and aptitude should now stop moaning every time you use it.

Additionally you may want to disable AppleTalk, which (I think) only older Mac OS versions use.

ATALKD_RUN=no
PAPD_RUN=no

Then restart netatalk.

Openswan LAN to LAN IPSEC Tunnel to Draytek 2820

Posted by arcana on October 15th, 2010

So I was feeling all geeky and I decided to replace my Draytek 2820 with a little Aspire Revo 3600 running Linux. The Revo only has 1 ethernet interface so I bought a little USB ethernet adapter for the interface to the WAN bridge. It’s gone pretty well but one of the biggest challenges I had was sorting out a LAN to LAN IPSEC tunnel to my co-workers. The Draytek used to magically handle all that for me.

OpenVPN wasn’t an option since the Draytek doesn’t support it so I decided to go with Openswan. It took me a while to figure out but I now seem to have a rock solid link to my co-workers. I thought I’d paste my /etc/ipsec.conf file below in case it’s of use to anyone else looking to do something similar.

Battle.net security is a wipe-fest

Posted by arcana on April 20th, 2010

A while ago, World of Warcraft players were forced to merge their accounts in to new Battle.net accounts. These Battle.net accounts can hold several Blizzard accounts. In my case I now have 5 different WoW accounts merged in to one login, including a mix of US and EU accounts.

R.I.P. Mynx and Marvel

Posted by arcana on April 14th, 2010

On Monday my baby boy, Xander, was playing outside in the back garden with our cat, Marvel, while my wife was hanging out the washing. The weather was lovely. My son has only been walking for a couple of weeks and it was great to see him toddling around with the cat. ”Marvel” is one of the few words he can say. Sometimes he says “Muh-vuh” but usually he just shortens in to “Muh”. In fact Marvel has had such a big influence on him that he generally refers to all animals as “Muh”.