Disclaimer: I’m not an expert in networking, so the instructions below may be flawed. Be warned and proceed with caution! Corrections are highly welcome.

DNS leaks are nasty. ISPs may tamper with DNS for purposes of censorship or eavesdropping. Luckily, there are public DNS servers, e. g. Google (8.8.8.8), Cisco OpenDNS (208.67.222.222) and Quad9 (9.9.9.10) which may behave better.

I’ve set up my router to use public DNS servers instead of provider’s. In LEDE (OpenWrt) router firmware this can be done in GUI: go to Network → Interfaces → WAN → Edit → Advanced Settings, uncheck ‘Use DNS servers advertised by peer’ and add custom server IPs below.

The trouble is that LEDE runs its own DNS server and advertises its address (e. g. 192.168.0.1) to clients via DHCP. When NetworkManager connects to OpenVPN it keeps this address as one of DNS resolvers (even if you add push "dhcp-option DNS 9.9.9.10" to OpenVPN server config). You can check it with

cat /etc/resolv.conf
> 9.9.9.10
> 208.67.222.222
> 192.168.0.1

This way, DNS requests may occasionally be sent to the router which forwards them to configured servers skipping VPN tunnel and making them visible to the ISP (unless you’ve set up DNSCrypt, of course).

Read more

I’ve upgraded my Manjaro kernel from 4.9.65 to 4.14.2 today and suddenly my bluetooth mouse stopped working. The adapter is Intel Wireless 8260 on Lenovo T460s laptop. After some searching I stumbled upon this kernel bug, but fiddling with firmware didn’t seem like an exciting prospect.

Thankfully, I’ve found solution in this thread on Manjaro Forums. Seems like the bug is there at least since kernel 4.13.2:

sudo nano /etc/modprobe.d/iwlwifi.conf

options iwlwifi bt_coex_active=0

After reboot the mouse is working fine with Wi-Fi turned on, audio receiver is yet to be tested.

UPD: bluetooth audio receiver is working fine too.

Recently I was struggling to make tab close icons look closer to Breeze theme. Now I managed to make tabs look Breeze-ish too! The icon rules are also better now, opacity works without superposition problems:

Firefox tabs a-la Breeze

Firefox tabs a-la Breeze - circular icon

Read more

UPD: See this post for better icons and Breeze tab style.

I was upset that close tab (×) and new tab (+) buttons in Firefox didn’t match my current icon theme (Breeze). Thankfully, a workaround is still possible in v.48.

Breeze tab icons in Firefox

Read more

openHAB site openHAB chart

In this post I want to share some details about my simple low budget smart home system based on 433.92 MHz receiver/transmitter controlled by Arduino. It can be easily extended with many cheap wireless devices, such as door bells, remote sockets, smoke alarms, leak detectors, etc. I’ll describe how to control remote socket, receive alarms from wireless smoke detector and draw a plot of room temperature obtained from regular wired sensor.

Read more

Ever since I’ve learned about alternative router firmware I wanted to give it a try. With bugs and security holes being found in vendor firmware every now and then it was becoming even more relevant. Being an open source software advocate, I was mostly looking into OpenWrt. Unfortunately, my hardware was either not supported (ZyXEL P660 ADSL router) or in some early alpha stage (D-Link DIR-300). But then I learned about a reasonably cheap TP-LINK TL-WR841N[D] router which has good OpenWrt support. So I bought it (for ~18 €, got version 9.2) and immediately flashed OpenWrt on it — which was super easy: I just uploaded .bin file and waited for reboot.

Read more

Let's Encrypt
It’s finally here. Well, it’s still in beta and invite-only, but it works. Let’s Encrypt will give you free trusted certificate for your HTTPS server and provide an easy script to verify, obtain and renew it.

So far only Apache is fully supported, so if you use NGINX or Lighttpd you’ll have to configure it manually. Which is not a big deal, especially if you were using TLS with self-signed certificate before.

The only trick was that one has to use fullchain.pem for ssl_certificate in NGINX config (possibly the same applies to Lighty). After that the certificate was accepted by all my browsers on both Linux and Android: https://glsk.net.

У забавной мышки Logitech T400 вместо колеса тачпад, а под ним две кнопки — в передней и задней части. И все бы хорошо, но производитель почему-то решил на одну из них (переднюю) повесить вызов меню «Пуск», а привычную среднюю кнопку мыши задвинуть в заднюю часть, так, что нажимать её приходится, неудобно скривив палец.

Ситуацию можно исправить, если пожертвовать клавишей «Windows» на клавиатуре. Вернём среднюю кнопку мыши на переднюю часть тачпада, а задней придумаем другое применение.

Read more

Raspberry Pi в роли уютного сервачка

Вот эта кроха с недавних пор обслуживает glsk.net и домашний медиа-сервер. Конечно, LAMP еле ворочается на 496 МБ, но тут есть простор для оптимизации.

Наконец-то нашел плагин для Пиджина, размещающий список контактов и разговоры в одном окне: Window Merge. Оценив удобство такого подхода, долгое время использовал Гаджим, но хотелось чего-то побыстрее и менее питонистого. Вот как выглядит Пиджин после компиляции и установки плагина:

UPD: Собрал RPM-пакет версии 0.3 для Fedora 18 64-bit:

pidgin-window_merge-0.3-1.fc18.x86_64.rpm