Medo's Home Page

The Cost of A+

As someone maintaining my own web server, I often use various tools to determine if things are good. As web servers are not my daily job, I found that is the only way to save both sanity and time.

One of the most helpful tools comes courtesy of SSL Labs. Their SSL/TLS test suite is both simple to use and full of really good data. While getting a good score doesn’t guarantee everything is secure, it shows you are doing at least some things right.

As of Jan 31st 2020, SSL Labs decided to cap grade to B for lower TLS (1.0 and 1.1) protocols. That means even if your server was a class star until then, starting February it got relegated to a B league. Totally unacceptable!

Fortunately, if you are using Apache, change is easy:

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:-MEDIUM:!LOW:!aNULL:!MD5
SSLHonorCipherOrder on

With this adjustment your server can enjoy A+ again.

PS: Cost? Say goodbye to Android 4.3, Windows Phone 8, Java 7, Safari 6, and Internet Explorer on Windows 7. For me personally all things I can live without.

PPS: If you want to disable some algorithms manually, a table mapping between OpenSSL and IANA names will be most useful.

PPPS: For curious, here are my TLS definitions for Apache:

SSLProtocol "TLSv1.3" "+TLSv1.2"
SSLCipherSuite "TLSv1.3" "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
SSLCipherSuite "HIGH -MEDIUM !LOW !aNULL !MD5 !3DES !AES128 !ARIA128 !CAMELLIA !RSA"
SSLHonorCipherOrder on
SSLOpenSSLConfCmd Curves secp521r1:secp384r1:prime256v1
SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOptions +StrictRequire
SSLCompression off
SSLStrictSNIVHostCheck off

SSLSessionCache "shmcb:/run/httpd/sslcache(512000)"
SSLSessionCacheTimeout 300

SSLStaplingCache "shmcb:/tmp/stapling_cache(128000)"
SSLUseStapling on

Adding Space Before Equals in Git Prompt

I like using Git-Prompt to decorate my bash prompt. It’s nice, simple, and it would be perfect if it didn’t put equals next to branch name. Not sure what I’m talking about?

If you have modified files, Git-Prompt will make sure to let you know by writing master %= in prompt line. If you want to quickly copy branch name, you simply double click it and only master is selected. However, when there are no modifications to Git tree, output will be master=. Notice the lack of space. When you double click on this, both branch name and equals sign get copied. What I want is to have a space no matter whether branch is modified or not.

Cause for this issue can be found in the following line

local gitstring="$c$b^^${f:+$z$f}^^$r$p"

This makes it for that extra flags get space. If there are no flags, there is no space. Solution is simple - just add space always thus changing line like this:

local gitstring="$c$b$z$f$r$p"

Or, if you like to do it programmatically:

sed -i 's/local gitstring=.*/local gitstring=$c$b$z$f$r$p/' ~/.git-prompt.sh

PS: If you are wondering, this is how my prompt setup looks:

LC_COLLATE=C

if [ -f ~/.git-prompt.sh ]; then
    GIT_PS1_SHOWDIRTYSTATE=true
    GIT_PS1_SHOWSTASHSTATE=true
    GIT_PS1_SHOWUNTRACKEDFILES=true
    GIT_PS1_SHOWUPSTREAM="auto"
    GIT_PS1_STATESEPARATOR=" "
    GIT_PS1_DESCRIBE_STYLE="default"
    GIT_PS1_SHOWCOLORHINTS=true
    GIT_PS1_HIDE_IF_PWD_IGNORED=
    . ~/.git-prompt.sh
fi

function ps1_timer_start {
    PS1_TIMER=${PS1_TIMER:-$SECONDS}
}

function ps1_timer_stop {
    PS1_TIMER_VALUE=$(($SECONDS-$PS1_TIMER))
    if [[ $PS1_TIMER_VALUE -eq 0 ]]; then
        PS1_TIMER_VALUE=""
    elif [[ $PS1_TIMER_VALUE -lt 60 ]]; then
        PS1_TIMER_VALUE=" ${PS1_TIMER_VALUE}s"
    else
        PS1_TIMER_VALUE=" $((PS1_TIMER_VALUE / 60))m$((PS1_TIMER_VALUE % 60))s"
    fi
  unset PS1_TIMER
}

trap 'ps1_timer_start' DEBUG
PROMPT_COMMAND=ps1_timer_stop

PS1='\[\e[36m\]\n\u@\h\[\e[0m\] \w\[\e[34m\]$PS1_TIMER_VALUE\[\e[37m\] \[\e[36m\]\[\e[7m\]`__git_ps1 " %s "`\[\e[0m\]\n\[\e[36m\]\\$\[\e[0m\] '

Disabling USB Auto-Suspend on Ubuntu

These days Linux supports a lot of devices. However, occasionally you will find a device that works but only for a while, requiring a reboot to work again. This is often due to the device itself not behaving according to the USB standard, and that’s more often than not caused by misbehaving USB suspend.

The proper way of fixing this would be either a workaround in the driver or, God forbid, a fix in the device’s firmware. But quite often nobody does anything, so what’s left is to do the improper. And the easiest improper fix is to disable USB autosuspend.

For the command line, just add usbcore.autosuspend=-1 to GRUB_CMDLINE_LINUX_DEFAULT:

sudo sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="[a-z ]*/& usbcore.autosuspend=-1/' \
    /etc/default/grub

sudo update-grub2

reboot

Once the system is up, you can check that the value is indeed -1 (disabled).

cat /sys/module/usbcore/parameters/autosuspend

Increasing and Decreasing Surface Go Backlight on LXQt

One annoying absence from LXQt is lack of keyboard support for backlight adjustment. Yes, you can adjust backlight from settings but doing so just via keyboard is not possible. Well actually it is, if you are willing to adjust system a bit.

The first order of business is installing Backlight Tracer. As of 0.1.1 this utility has ability of increasing/decreasing backlight via command line. Why would you need this? Well, this is so you can go to Preferences, LXQt settings, Shortcut Keys. There just add two new shortcuts: XF86MnBrightnessDown executing /usr/bin/backlight-decrease command. And a similar XF86MnBrightnessUp executing /usr/bin/backlight-increase.

Now you can use your laptop keyboard to control backlight.

Determine Client WiFi Channel on Linux

If you have network with the same name on both 2.4 and 5 GHz it might not be obvious which network you are connected too. Well, on Linux, it’s easy enough - use iwlist utility.

If you run it with frequency as an argument you’ll get list of all supported channels followed by currently used channel.

iwlist frequency
 wlp4s0    32 channels in total; available frequencies :
           Channel 01 : 2.412 GHz
           Channel 02 : 2.417 GHz
           Channel 03 : 2.422 GHz
           Channel 04 : 2.427 GHz
           Channel 05 : 2.432 GHz
           Channel 06 : 2.437 GHz
           Channel 07 : 2.442 GHz
           Channel 08 : 2.447 GHz
           Channel 09 : 2.452 GHz
           Channel 10 : 2.457 GHz
           Channel 11 : 2.462 GHz
           Channel 12 : 2.467 GHz
           Channel 13 : 2.472 GHz
           Channel 36 : 5.18 GHz
           Channel 40 : 5.2 GHz
           Channel 44 : 5.22 GHz
           Channel 48 : 5.24 GHz
           Channel 52 : 5.26 GHz
           Channel 56 : 5.28 GHz
           Channel 60 : 5.3 GHz
           Channel 64 : 5.32 GHz
           Channel 100 : 5.5 GHz
           Channel 104 : 5.52 GHz
           Channel 108 : 5.54 GHz
           Channel 112 : 5.56 GHz
           Channel 116 : 5.58 GHz
           Channel 120 : 5.6 GHz
           Channel 124 : 5.62 GHz
           Channel 128 : 5.64 GHz
           Channel 132 : 5.66 GHz
           Channel 136 : 5.68 GHz
           Channel 140 : 5.7 GHz
         ^^Current Frequency=2.462 GHz (Channel 11)^^

1 … 51 52 53 54 55 … 268