Tom's Tips

If, like me, you've got a scrappy Linux host lying around to run a few websites you're probably interested in taking its security up a notch from the standard install. Assuming you're running the highly common apache2 and iptables, see the links below for some surprisingly straightforward configuration tweaks to improve the security of your webserver. Add HTTPS with Let's Encrypt If it's been a while since you've looked into certificates, you may be surprised to learn you can get them for free from Let's Encrypt. There are many guides around, but it is well and truly time to join the HTTPS-only movement: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04 SSH Cipher gardening You're probably already using SSH keys, have disabled password login and are using denyhosts or failtoban. However, have you ever considered reducing the number of ciphers your server accepts to just the most secure? Te...

So, this brash American dude who ran a relay race event decided to go fancy. None of this using phones to manually scan NFC chips for race timing. He was going to have chips in bibs. He convinced another organisation that also ran races to chip in some funding ... and then went online. He found an RFID reader system. The kind of ground mats that you run over, that connects to a box that goes beep. It was from China. It was insanely cheap. Like fall-off-the-back-of-a-truck cheap. It was delivered, hardware checks out. It came with no software. Last time , we'd figured out that it also provided RFID tag information using a proprietary binary protocol and were trying to lock down exactly what that was. It was one of the most arduous Google sessions I've had for a while. Trawling the entire web for some document or code that probably only existed inside an office in Shenzhen. But I found something! It was amazing, because of the source, and how perfectly it fit my n...

So, this brash American dude who ran a relay race event decided to go fancy. None of this using phones to manually scan NFC chips for race timing. He was going to have chips in bibs. He convinced another organisation that also ran races to chip in some funding ... and then went online. He found an RFID reader system. The kind of ground mats that you run over, that connects to a box that goes beep. It was from China. It was insanely cheap. Like fall-off-the-back-of-a-truck cheap. It was delivered, hardware checks out. It came with no software. Commence epic yak shaving side project! The reader is a Hopeland (previously Clou) CL7206C4 . Basically an ARM9 box running (amazingly) Familiar Linux v0.8.3 with a 2 2-port UHF transceivers . The transceivers are based on the Impinj R2000 platform, which is a popular platform for race timing. I pulled a venerable Thinkpad out of a draw and plugged it into the ethernet jack and fired up wireshark. No DHCP requests, but some documentat...

 Taiwan offers a smart card to adult foreign residents that can be used to verify their identity online. This allows some government services previously only available in person to be provided online, including: Tax return submission Applying for credit reports Accessing healthcare data from the NHI Requesting a police check Certificate of Entry and Exit dates from the NIA Ordering Face Masks Sounds great! However, the system relies on some ironically insecure/outdated technology, a mishmash of different browser plugins and very few support staff know about its existence. Here's a tip on how to use yours... How to pay Taiwan income taxes online I've successfully paid taxes online for the past few years using this method. It is straightforward, thanks to the automated data download powered by the Digital Citizen Certificate. Get a Digital Citizen Certificate and set it up in your card reader Change your computer's regional format to be "Taiwan...

The release of Monster Hunter: World on PC has broken records. Powered by the unfamiliar MT Engine, Linux users were worried that they might miss out on the experience. Luckily, some got it working on day 1 (hat tip Vahron and all the users on the reddit thread). Here's a way to get it working :) Upgrade to Ubuntu 18.04 Bionic Beaver. The previous release, 17.10 Artful Aardvark didn't work for me. Install lutris . Lutris is a launcher for games on Linux. There are so many different wine versions and configuration options. Lutris manages them all for you and has installers with 'known good' configurations. Open lutris and install the 'Wine Steam' runner. (Lutris -> Manage Runners -> Wine Steam -> Install). This will let Lutris run games via a wine-installed version of steam Manage the wine version of lutris to install esync-3.13 . (Lutris-> Manage Runners -> Wine -> Manager versions -> Tick esync 3.13). This will make the latest high...

Skype for Business is the new name for Office 365 Lync. The Desktop Client does not work under Linux. Luckily, there's a pidgin plugin (pidgin-sipe) that works just fine for attending Skype for Business audio meetings. It involves a couple of advanced configuration tweaks. The guide below works find under 17.04 to set it up: https://garywoodfine.com/pidgin-office-365-lync/ There are also some notes on the desktop sharing client here: https://forums.mauilinux.org/showthread.php?tid=24347 Once setup, to join the meeting, copy the URL from the email invite and paste it in the box under Accounts > Your Account > Join Scheduled Conference.

Recently (2018-03) purchased a Philips 55PUH6002/96 Smart TV, which appears to be a Taiwan-only model 55" 4K TV. It runs Android TV, but it is very locked down (eg no Google Play Store), so here are some notes on how to get various stuff working. Model: Philips 55PUH6002/96  Max resolution: 3840x2160 @ 60 CPU: ARM Cortex A53 (supports arm64) GPU: Mali-820MP4 Memory: 4GBEMMC, 1GB DDR3 Internal Storage: 2GB Android Version: 5.1.1, probably How to enable installation from unknown sources on 55PUH6002/96 Installation from unknown sources is normally hidden from view. Luckily, there is a non-invasive hack that will allow you to enable it. The PTS / 公共電視 App requires YouTube to work, which is not installed by default and can't be found in the Philips App Store. This is great, because it starts installation for it. Install the PTS / 公共電視 App from the Philips App Store When it asks to install YouTube select Yes When it complains about the package being from unknown...