EDIT: JuiceSSH has fixed the keyboard issue on Samsung devices running Android 5+!

I’m back to using JuiceSSH since their app is more reliable to me (creating port forwards often failed in ServerAuditor and I could never figure out why, but they always work in JuiceSSH). I’m leaving this post here in case anyone wants to use ServerAuditor and needs these instructions.

ORIGINAL POST:

When it comes to SSH clients on Android devices, I was a fan of JuiceSSH until I began using the Note 5 and started having issues with the keyboard.

The short version is that JuiceSSH has a popup keyboard with ctrl/tab/arrows etc. that shows up when you tap the screen. I like it. But on the Note 5, that popup keyboard often/randomly shows up underneath (think photoshop layers) the regular keyboard, which means you can’t see both at the same time, so requires more keypresses to do a ctrl-x for example (hide the main keyboard, hit ctrl, bring up the keyboard, hit x, then hide the keyboard again to see the output which now shows up under the keyboard as well. You can tell the JuiceSSH popup keyboard to appear at the top of the screen, but then the popup keys are very far from the main keyboard, and worse, sometimes the popup keyboard shows up under the status bar (again, think photoshop layers), so you can’t touch the top row of buttons. Also none of this fixes the issue that the terminal drops under the keyboard so you often can’t tell what you’re typing. I’ve emailed JuiceSSH about this; I will update if I get one, as I am still a fan – and paid user of – JuiceSSH). It’s probably a Samsung issue unique to their setup (maybe multi-window?) or maybe relating to screen resolution, but I did try another keyboard and still had the same problem.

So I found Serverauditor in the Play Store. It has many of the same features in the paid (annual subscription) offering, including encrypted credentials/identities, a popup keyboard that works on the Note 5 (and is customizable!), and some great mappings for volume keys and single / double finger swipes. Down-arrowing through a long document in nano is almost a pleasure now with a double-finger down swipe (it’s mapped to PageDn). So I’m happy with it.

But there’s one piece missing from Serverauditor’s UI that JuiceSSH does correctly. I occasionally like to run services like web servers on my phone. Using KSWEB or Bit Server, for example, it’s possible to run a local LAMP (well, lighttpd or nginx at least) stack on your phone for a quick demo. With a reverse SSH tunnel you can offer up a port on an Internet-facing VPS that tunnels to your android device despite whatever NAT your provider is using. Kind of cool, but it requires a little trick to get working in Serverauditor. Continue reading Host content on Android with reverse SSH port forwarding in Serverauditor →

Recently I’ve noticed a huge increase in spam from domains that are SPF authorized. They’re shilling everything from mesothelioma attorneys to home stairlifts.

After looking at the headers of a few messages I noticed something common to all of them that you can use to filter them out in Postfix (or any mail server, really):

Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=138.99.217.231; helo=candixnigeria.caldwelleducation.com; envelope-from=patrickgraves-first.last=mydomain.com@candixnigeria.caldwelleducation.com; receiver=first.last@domain.com

See where it says “patrickgraves-first.last=mydomain.com@…”? The “first.last=mydomain.com” part was actually my email address (not on this server, in case you’re wondering why I’ve removed it). So I set up a rule in Postfix’ header-checks:

/envelope-from.*-first\.last=domain\.com@/ REJECT Permanently blocked for spamming.

Replace first\.last=domain\.com with whatever format your email address is (might just be something=domain\.com for example), restart postfix, and enjoy the NOQUEUEs.

UPDATE August 2016:

Obviously non-US email senders/subjects may use UTF-8 encoding, so there’s a risk here. Personally this doesn’t affect my server or business, so the rule below was doing well for me. However, legitimate mail services (looking at you, Paperless Post) are sending emails with UTF-8 encoding on the subject line.

I scanned my mail logs and since I’ve set up greylisting and a few additional RBLs, I haven’t seen any UTF-8 spam in awhile, so I’m going to turn this rule off and see how things go. It was fun while it lasted, but at this point I think the rule is too draconian even for US-only email systems.

ORIGINAL POST:

Getting lots of Who’s Who spam? They have a new trick; they are sending messages with UTF-8 encoding, which you can’t see unless you go into the server and really look at the mail or if you look at the subject field in the message headers.

In much the same way as we blocked Rick’s “I am a china based imaging” spam, we use a similar rule in Postfix’ header_checks to block messages with a UTF-8 subject line:

/^Subject: .*\?utf-8\?B\?.*/ REJECT Please do not use UTF-8 encoding to send mail here.

This will prevent them from getting through. Nobody else I know with legit mail uses UTF-8 encoded subject lines, so hopefully good riddance until they find the next thing to use.

Did you start getting this message out of the blue from an iOS device like an iPhone that was working fine just a few hours ago, and you haven’t made any changes?

Before you use the nuclear option of removing and re-creating the account, try this suggestion from faridbe on the Apple Support Forums. Sign into gmail using a web browser. Go to settings, POP/IMAP, then disable IMAP, save changes, then enable IMAP, save changes again.

Then try accessing mail on your device again – perhaps it will work.

Do you have a HostGator shared account and you’re seeing Internal Server Errors intermittently on otherwise-working code?

I have a couple of domains at HostGator (not this domain). One of them experience this issue for several days. Randomly, loading any page on the site would generate “Internal Server Error” and the message in this post subject line in the error logs.

Nobody at HostGator could help me. I sat on with live chat for over an hour with a tech. During that chat session the site went down 3 times and they couldn’t tell me what was going on. I heard something about process limits, but traffic was zero (except for me, trying to load a page, and I wasn’t doing it 25 times). I asked to me moved to another node; they said they couldn’t do that. I have been so spoiled by ServInt and Linode! The problem disappeared on the first domain and hasn’t happened since.

This morning HostGator migrated another of my managed domains to a new host node. This required an IP address change, so I wonder if they changed datacenters. Right after the migration I’ve started having this error on this new domain.

If you’ve experienced this and have any information or just want to add a “me too!”, please comment. These are not errors in my code, because my code works most of the time on their server. There is nothing unusual in the access logs.

When installing Android apps, look closely at the permissions they are asking for. For example, OpenSignal wants to read my text/MMS messages, my call log, and my contacts. Why do they need that information? I’ve asked them; I don’t expect to get a reply, or at least a reasonable one. Probably something about “to improve service and the customer experience” or some similar line. No thanks.

Edit: here is their answer.

http://opensignal.com/blog/2012/11/29/new-permissions-in-version-1-99-and-how-to-check-whether-an-app-is-malicious/

Well written, and makes sense, but I still fundamentally disagree with an app billed to “find the best signal in your area” being morphed into something that tracks data usage. In the context in which OpenSignal is marketed by its own tag line – as a signal tracking tool – it has no business doing anything with SMS/MMS and contact information. The app should be repackaged as a signal and data tracking tool to better manage user expectations, or the new app should be split out so the user can reasonably expect to grant those permissions based on what the software is expected to do. Now it is all-or-nothing, and should the app developer change their mind about what they will do with the information they can collect, there is nothing users can do. They can uninstall the app, but once the data is collected and sent back to the developer, it is no longer in the user’s control.