05 Feb 2022

Automate OpenBSD anonymous public wifi log in

Security is somewhat cat and mouse game. This does not mean however you be careless or just live with what you are handed to when it comes to protecting yourself from ill-intentioned actors out in the wild. Generally, I recommend choosing security over convenience, speed or shiny features for your offline and online computing needs. To start with, you are much better protected if you start using secure defaults of the system you are using. For example, Firefox has HTTPS-Only Mode that you can enable especially if you find yourself using public wifi. If you happen to use OpenBSD, you are in a treat :). Below bash script will allow you to log in to public wifi using random MAC addresses each time you connect to it: NOTE: iwm0 is the wireless card name on my laptop and you need to replace it with yours.

#!/usr/bin/env bash

doas ifconfig iwm0 up
sleep 3
echo Wireless card is up

if [[ -z "$pass" ]]; then
    doas ifconfig iwm0 nwid "$ssid" lladdr random
    echo Joining public $ssid
    doas ifconfig iwm0 nwid "$ssid" wpakey "$pass"
    echo Joining private $ssid

sleep 3

doas dhcpleasectl iwm0

echo Renewing inet address
sleep 3

echo Visiting to test connection
proxy=$(curl -s -L -I -o /dev/null -w '%{url_effective}'

firefox $proxy

Tags: openbsd security
29 Jan 2022

OpenBSD 7 Xfce Desktop

I blogged previously about why one should use OpenBSD and this time I would like to document steps to have a fully working Xfce Desktop with default installation. My goal is to keep the changes minimal only to absolutely required steps, nothing more nothing less. If you find steps missing (or did not work as expected) or not necessary, please drop me a line via k tuman at acm dot org so I can address and update this blog if needed.

  1. Download the img and make USB boot disk:

    curl -O
    sudo dd if=~/Downloads/install70.img of=/path/to/usb
  2. Boot from USB disk. Press I and hit enter when you see the `Welcome to the OpenBSD/amd64 7.0 installation program.` and follow the prompt. It is pretty straightforward. Once it is done, just reboot, which will automatically downloads and installs needed firmwares for your laptop. --NOTE:– You can select whole disk and auto layout if you are not sure. Using wired connection for network interface is highly recommended.
  3. Once you login, switch to root account, add needed packages and needed configs like this:

    su  ## prompts for root password
    pkg_add xfce xfce-extras ## install xfce desktop
    sed -i 's/xconsole/#xconsole/' /etc/X11/xenodm/Xsetup_0 # no xconcole
    usermod -G operator <user name> # so you can use xfce to log out, reboot etc
    usermod -G wheel <user name> # so you can use doas
    echo "permit persist :wheel" >> /etc/doas.conf # doas = sudo
    rcctl enable messagebus ## enable dbus
    rcctl start messagebus ## start dbus
    rcctl enable apmd ## enable power daemon
    rcctl start apmd  ## start power daemon
    exit # switch to your user account
    echo "exec startxfce4" > ~/.xsession ## auto launchs xfce4 desktop
    doas reboot ## restart to have a xfce default desktop

Bonus Tips and Tricks

Tags: openbsd
12 Dec 2021

Few notes on Strange Loop 2021

This year's Strange Loop was my 4th and it was as good as it has been in the past. One of the main reason I like to go to conferences especially Strange Loop was to see beyond the state of the art transmittable knowledge, which is the untransimittable one. In this age of Google search, Stack Overflow copy/paste and Coding school driven programming, which has its own place in our industry, we need to be cognizant of the existence and importance of the untransimittable part of software engineering knowledge that can only be acquired by learning from the masters. And Strange Loop has never failed me so far to provide an opportunity to jolt my brain to find easier those tacit knowledge that otherwise might have taken me long winding road to acquire. I would like to present few of those that I have taken notes so it will help my aspiring fellow engineers.

Domain Driven Design : There are numerous books/posts/videos about how to do it right and I have been using it with success for the last few years. However, I have always been little bit unclear about how I measure its benefit within my engineering team. I got the `AHA` moment when second day keynote put up a quote on its slide stating that 'Small change in product (Domain), should result in small change in the code (implementation)'. Now, I know how to measure if we are doing it right or wrong in my team.

API Design : There is a talk about using Rust's type system in aiding you to design a robust API that does validation and error reporting right. While that talk focus on how Rust type system is tremendously useful to library (API) designer, what I see from that talk is way beyond just helpfulness of a well designed type system, which is a languages ability to allow you to specify your system's interfaces exactly as you intended. If you are not using one of those languages (Rust, F#, Ada and Clojure … any language that allows you specify interfaces) in your library/API work, you should be checking them out to see what you are missing (also remember to keep an eye for what you are loosing. It is all about trade offs).

Dependencies : This is a topic that is very dear to day to day practice considering my current preferred tool of choice (Clojure and ClojureScript). The branchstack talk triggered sort of `AHA` moment for me in treating the entire state of your system (code) vs the state of your outside dependencies. I'd like to think of them as your internal state vs external state. I have been advocating and practicing a sort of convention your system should only be just three steps away from being able to be worked upon, which is:

git clone <your_system_x> && make deps && make run

Note that it does not have to be git and make. Any tool of your choice will do. The idea is that as a project owner, it is your responsibility to make sure that your system workflow is easily reproducible and those tools should be treated as first class citizen as your system logic code.

Again, those kind of tacit knowledge can only be learned by being in the presence of crafts people and having actually conversation with them in close vicinity. I have enjoyed all the talks that I attended and even more so the hallway and lunch table conversation. And I am looking forward to Strange Loop 2022 already :).

Tags: conference strange-loop
01 Aug 2021

Why Eshell? - Part 5

One of the feature of Eshell that took me sometime to really appreciate is its built-in ability to emulate Plan9 smart Shell. It allows you to run a script or a command, run it again by just hitting enter key after you modify it, say you made a mistake or want to change part of it using Emacs editing power. You might say that you can do same thing in any terminal using your up arrow key and command line editing. But I challenge you to try it until you fully realize the advantage you have vs regular terminal. Below is a simple screen recording to show you what I mean:


I recommend you read following post to learn more about smart shell and more about eshell including aliases:

This concludes my `Why Eshell` series. Hope you find it useful and happy Eshelling!

Tags: eshell emacs
17 Jul 2021

Why Eshell? - part 4

Since eshell buffer is just a regular emacs buffer, we have all of the emacs power at our disposal. In part 3 of my post, I briefly alluded to multiple terminal management by just using few lines of elisp and all without using any third party packages. I am posting the main elisp function for posterity here:

(defun krun (cmd)
     "Enter cmd to run (append ##name for buffer name): "
     (let ((history nil))
       ;; We have to build up a list ourselves from the ring vector.
       (dotimes (index (ring-length keshell-history-global-ring))
	 (push (ring-ref keshell-history-global-ring index) history))
       ;; Show them most-recent-first.
       (setq history (nreverse history))))))
  (let* ((cmds (split-string cmd "##"))
	 (tag (or (-> cmds second)
	 (buff-name (-> tag s-chomp s-trim)))
    (kshell cmd buff-name)))

The above function (along with those from the previous post) will allow you to do following:

Following demonstrates above cases I am talking about:

Tags: eshell emacs
Other posts