Enable remote SSH access to Ubuntu 14.04 LTS Live

Steps to enable remote SSH access to a computer running Ubuntu 14.04 Live. Useful for helping non-technical people remotely:

# Press windows key or click the top left, type 'Term'. Open 'Terminal'

sudo -i

apt-get update -y && apt-get -y install openssh-server
passwd root

# Type a password, press enter. Retype it, press enter

sed -i 's/PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config

service ssh restart

# Get their IP
curl ifconfig.co

# Setup port forwarding on their router to get access
# ssh [email protected]
# Enable public key auth only, create a new user and disable root login when you have gained access

OpenVPN with DNS AdBlocking using Docker

OpenVPN and DNS AdBlocking is a useful way to block ads on your smartphone without having to root it. This post describes how to setup such a service on your own server.

The idea is to set a DNS server in your OpenVPN DHCP options to push to clients. The DNS server runs in another Docker container and uses hosts files to block ads, trackers etc.

1. See https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04 as an example of how to set up an OpenVPN Docker container on a Ubuntu VPS. At the ovpn_genconfig step, set -n so there is only a single placeholder DNS server to overwrite later on. Otherwise your settings will fallback to Google’s secondary DNS.

2. Setup the DNS container, this uses dnsmasq to block the bad hosts:

git clone https://github.com/arthurkay/sagittarius-A && cd sagittarius-A && ./build.sh

3. Run the dnsmasq container:

docker rm saga-dns; docker run --restart=always --name=saga-dns --expose 53 --cap-add=NET_ADMIN arthurkay/sagittarius-a &

We expose port 53 explicitly as the file does not currently contain an EXPOSE directive.

4. Run the OpenVPN container, linking to the saga-dns container:

docker rm openvpn; docker run --restart=always --volumes-from ovpn-data --name openvpn --link saga-dns:saga-dns -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn bash -c 'sed -i -E "s/(push dhcp-option DNS).*/\1 $SAGA_DNS_PORT_53_TCP_ADDR/" /etc/openvpn/openvpn.conf && ovpn_run' &

This updates the saga-dns container’s IP in the OpenVPN config before running OpenVPN.

(Hopefully) enjoy much faster browsing and less tracking on your mobile devices.

Fixing php5-fpm and Apache hanging with WordPress

I had issues with Apache periodically hanging (failing to deliver a response body to any requests) on all my vhosts. This turned out to be solved by restarting php5-fpm. I enabled the slowlog in php5-fpm to try and find out which scripts were stalling:

sudo mkdir -p /var/log/php5-fpm
sudo vim /etc/php5/fpm/pool.d/www.conf

; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php5-fpm/$pool.log.slow

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_slowlog_timeout = 5s

After a day or so I read the logs and found lots of slow requests to xmlrpc.php for WordPress vhosts.

A crude but effective solution is to block requests to the XML-RPC and Trackback APIs. These features are sometimes targeted by bots for brute force login attempts. I do not use them so I don’t mind disabling them entirely.

Edit your Apache vhost configuration (or .htaccess if you don’t have access to this):

<FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
Order Deny,Allow
Deny from all
#Allow from x.x.x.x

I noticed considerably lower latency when serving requests to PHP pages after this change.

Hide Facebook ‘Like’ News

If you use Facebook, you’ve probably seen entries like this in your news feed. facebook_like_newsThey seem to just be popular posts from pages that your friends ‘like’. I find them to generally be irrelevant, so I made a user script to hide them.

It was an interesting opportunity to poke around the Facebook frontend JavaScript code. I also tried out MutationObservers and built my knowledge of XPath, which is very powerful.

Code is in the Hide_Facebook_Like_News.user.js Gist, which also explains how to use it:


passletters is a tiny command line utility to read a password from stdin and echo it with letters enumerated (for entry into web prompts that demand random, individual letters). The terminal scrollback is cleared afterwards.

sudo pip install passletters

NB: sudo may be needed to install the passletters script somewhere in your PATH.



Fezzle – Try all those bands you’ve only ‘heard of’

Fezzle logo

Fezzle is a new site I’ve created which is based around playlists of the most popular songs for artists playing at festivals. It’s a way to discover who the other bands are at a festival you’re (potentially) going to. It is borne of frustration from looking at line-ups and searching by hand on YouTube or Spotify, and is essentially a quicker way to do that without a lot of copy and pasting or alt-tabbing.

Current development status:

  • Tested on major desktop browsers as well as iOS simulators for iPhone and iPad
  • Festival list is rather UK-centric.

Planned features – Lots! But firstly:

  • Get more festivals included, especially those not in the UK.
  • More information displayed about festivals and artists (country, bio, etc.)
  • Some way to export or note what you liked – especially integration of favourites into the excellent Clashfinder.


Generate Favicons and Apple Touch Icons

Here is a script to generate different sizes and formats of favicon as well as apple touch icons for different tablets and phones. It uses the convert program which is part of ImageMagick.

As a starting point, create a square PNG with dimensions > 144px. I went with 512px. The script generates the different favicons for IOS, Android and desktop browsers as well as outputting the HTML to put in your header.

convert favicon.png  -bordercolor white -border 0 \
          \( -clone 0 -resize 16x16 \) \
          \( -clone 0 -resize 24x24 \) \
          \( -clone 0 -resize 32x32 \) \
          \( -clone 0 -resize 48x48 \) \
          \( -clone 0 -resize 64x64 \) \
          -delete 0 -alpha off -colors 256 favicon.ico
for SIZE in 57 72 114 144
    for SUFFIX in "" "-precomposed"
    convert -resize x$SIZE favicon.png $FILENAME
    if [ "$SIZE" -ne "57" ]
        HTML=$HTML"<link href=\"${FILENAME}\" rel=\"apple-touch-icon${SUFFIX}\" sizes=\"${SIZE}x${SIZE}\" />\n"
# Don't need the dimensions explicit for the 57x57 icon
mv apple-touch-icon-57x57.png apple-touch-icon.png
mv apple-touch-icon-57x57-precomposed.png apple-touch-icon-precomposed.png
HTML='<link href="apple-touch-icon.png" rel="apple-touch-icon" />\n<link href="apple-touch-icon-precomposed.png" rel="apple-touch-icon-precomposed" />\n'$HTML
echo $HTML



How to Add a Favicon to your Site
Adding an Icon for iPhone, iPad & Android to Your Website
Don’t Forget About Favicons on Retina Screens
Apple: Custom Icon and Image Creation Guidelines
Microsoft: Customizing the Site Icon
ImageMagick Favicon Recipe