notes to my self

Thoughts, stories and ideas.

to create a simple ca and certificates for bareos you don't need x11 tools like xca or tinyCA, just use openssl

#create ca
openssl genrsa -aes256 -out ca.key 2048  
openssl req -x509 -new -nodes -extensions v3_ca -key ca.key -days 3650 -out ca.crt -sha512

#create and sign cert
openssl genrsa -out backup.key 4096  
openssl req -new -key backup.key -out backup.csr -sha512  
openssl x509 -req -in backup.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out backup.crt -days 3650 -sha512  

in yosemite there is no pcscd anymore.
Your reader will be claimed by Apples ifdhandler
to kill it:

sudo launchctl unload /System/Library/LaunchDaemons/  

don't install the smartcard redirection feature with the horizon agent.
To show the smartcard reader in the usb list run following command:

sudo defaults write com.vmware.viewusb AllowSmartcard true  

for perl there is no library, for php there are a few including the php-emitter.
For me nothing worked really well, so i decided to communicate with my server the unix way.
in production i use php -> node client -> node server
where php and the client running on the same server.
it run's very well and serves over 500.000 users monthly.

here is my node.js script to open a unix socket.
Every line the socket gets will be emitted

var net = require('net');  
var fs = require('fs');

//do the connect
var io = require('').connect(  
        'http://other_server', {
        port: 80

if (fs.existsSync('/tmp/node_socket')) {  

var server = net.createServer(function(con) {  
    con.on('data', function(data) {
        if(typeof data != 'undefined' && data != null)
            var str = data.toString();
            var arr = str.split("\n");
            arr.forEach(function(string) {
                 if ( string ) {
                     console.log('Data received by socket: ' + string);
                     io.emit('something', JSON.parse(string));




in php i simply do

$sock = stream_socket_client('unix:///tmp/node_socket', $errno, $errstr);
fwrite($sock, 'SOME string'."\n");  

Download the actual Package from
add the repository, install flirc and the libraries needed for the gui in the zip package

echo "deb binary/" >> /etc/apt/sources.list  
apt-get update

apt-get install flirc lib32stdc++6 libxt6:i386 \  
libXext6:i386 libXi6:i386 libxinerama1:i386 \  
libxrandr2:i386 libfontconfig1:368 \  
libfontconfig1:i386 libglib2.0-0:i386  

this is a complete server Setup to run a minimal sni proxy.
you will need a little server with a IP located in the US. offers very cheap ones.
one virtual root server with 256mb ram should be enough.

after the server is setup and you are logged in as root generate the locales:

locale-gen en_US.UTF-8  
export LANGUAGE=en_US.UTF-8  
export LANG=en_US.UTF-8  
export LC_ALL=en_US.UTF-8  
locale-gen en_US.UTF-8  
dpkg-reconfigure locales  

than we will need dependencies and standard software
nano is my favorite text editor, tmux a terminal multiplexor, bmon a bandwith monitor, ufw the firewall from ubuntu, landscape-common to get a little report on every login, netcat to check if a port is open, fail2ban to protect against ssh attacks. And the rest is for the sni-proxy

apt-get update  
apt-get install nano tmux bmon ufw landscape-common netcat fail2ban git build-essential autotools-dev cdbs debhelper dh-autoreconf dpkg-dev gettext libev-dev libpcre3-dev libudns-dev pkg-config  

change your hostname

nano /etc/hostname  
nano /etc/hosts  

a handy script to reset the firewall

nano clear_iptables  
iptables -F  
iptables -X  
iptables -t nat -F  
iptables -t nat -X  
iptables -t mangle -F  
iptables -t mangle -X  
iptables -P INPUT ACCEPT  
iptables -P FORWARD ACCEPT  
iptables -P OUTPUT ACCEPT  

later we only want to get access to the sni proxy from our home ip, for that we will need a iptables rule
i use to get a dyndns host and use this one in the rule below

nano iptables  
iptables -A INPUT -i venet0 -s -d 192.x.x.x -p tcp -m tcp --dport 80 -j ACCEPT  
iptables -A INPUT -i venet0 -s -d 192.x.x.x -p tcp -m tcp --dport 443 -j ACCEPT  

make the script executeable and use ufw to allow access to port 22 and close every other port

chmod 755 iptables  
chmod 755 clear_iptables  

ufw allow 22  
ufw status  
ufw enable  

now we will install the sni proxy

git clone  
cd sniproxy/

./autogen && dpkg-buildpackage

dpkg -i ../sniproxy_0.3.6_amd64.deb  

and here comes the config to forward all requests for netflix

nano /etc/sniproxy.conf  
user daemon  
pidfile /var/tmp/

error_log {  
    syslog daemon
    priority notice

listener 80 {  
    proto http
    access_log {
        filename /var/log/sniproxy/http_access.log
        priority notice
listener 443 {  
    proto tls
    access_log {
        filename /var/log/sniproxy/https_access.log
        priority notice

table {  
    netflix\.com *
    ip2location\.com *

to start the proxy with the provided initscript we will need to edit

nano /etc/default/sniproxy.conf  

set enable 1 and uncomment deamon_args
after that start the proxy with

service sniproxy start  

thats the server part.
Now you need to manipulate our dns querys.
i use dnsmasq on my router, here is a simple config:

nano /etc/dnsmasq/dnsmasq.conf  


and the intereisng part

nano /etc/dnsmasq/sni-proxy.conf  

restart dnsmasq

service dnsmasq restart  

and browse to and look if you ip is the US ip of your little new server

install nodejs as you would normaly do, apt-get, extra repo or compile it by yourself

after that create a new user and set the Homedirectory (here /node).
all my nodeapplications are located under /node
i think something like /var/www/node would be cleaner

useradd -s /bin/bash -m -d /node -c "node.js" node  

now this user needs the right to open port 80 or any other privileged port you want. there are several ways, mine is to install libcap2 and give the application the right

apt-get install libcap2-bin  

give the node binary the right:

setcap cap_net_bind_service=+ep /usr/bin/nodejs  

install pm2, a node application to manage node applications ;-)

npm install pm2 -g --unsafe-perm  

set it up to startup on boot and run the applications as user node

pm2 startup -u node ubuntu  

now switch to user node an start your application and save these states for reboots

su - node  
NODE_ENV=production pm2 start blog.js  
pm2 save  

thats it, play a little with pm2, its really nice, try some of these:

pm2 status  
pm2 monit  
pm2 logs  
pm2 restart blog  
pm2 delete blog  

use addClass if you have many elements in favor of .hide() and removeClass for show();

.hide {


simply use CMD + Left

a javascript object can't be used like obj.each(function()...
but we can use jquery's each function:

$.each(obj, function( i, val ) {
  console.log(i+": "+val);