Android get GSF ID (Google Services Framework Identifier)

The Google Services Framework Identifier (GSF ID) is a unique 16 character hexadecimal number that your device automatically requests from Google as soon as you log to your Google Account for the first time. For a specific device, the GSF ID will change only after a factory reset. To get this information programmatically, you need to do two steps.

A) Add the following to your manifest

<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES" />

B) Execute the following code

private static final Uri sUri = Uri.parse("content://com.google.android.gsf.gservices");
public static String getGSFID(Context context) {
 try {
  Cursor query = context.getContentResolver().query(sUri, null, null, new String[] { "android_id" }, null);
  if (query == null) {
   return "Not found";
  }
  if (!query.moveToFirst() || query.getColumnCount() < 2) {
   query.close();
   return "Not found";
  }
  final String toHexString = Long.toHexString(Long.parseLong(query.getString(1)));
  query.close();
  return toHexString.toUpperCase().trim();
 } catch (SecurityException e) {
  e.printStackTrace();
  return null;
 } catch (Exception e2) {
  e2.printStackTrace();
  return null;
 }
}


GNU/Linux: How to give access to a subfolder to a user where the user does not have execute permission over the parent folder

On GNU/Linux, you can traverse a directory if and only if you have execute permission on the whole path that you are going to use to access it. This rule applies a limitation to scenarios where for some reason you want to give execute access to a certain user on a subfolder but you do not want to enable the execute permission on the all the folders in the path.

In order to access the folder theFolder in the path /folderA/folderB/theFolder, if you are on the same level as folderA (or higher) you need to have execute permission both on folderA and folderA/folderB additionally to the permissions needed on theFolder. On another scenario if you are located in the same level as folderB (and you have execute rights to it) even if you do not have the execute rights to folder folderA you would still be able to access theFolder as your whole path (which is a relative path in this scenario) skips folderA. This feature is due to the fact that in GNU/Linux that the path that you use to access a folder determines your access constraints. In cases where the user does not have execute access to the whole path, creating symbolic links for them will not help you give them access. The kernel will still go through the access rights of the whole path that the symlink describes and it will act accordingly.

A hack-ish solution around this issue is to use mount to remount a part of the file hierarchy somewhere else using the bind parameter. For example: if we needed to give access to a user to the folder theFolder that resides in /folderA/folderB/theFolder without enabling execute rights on folderA nor /folderA/folderB we could execute the following command in a folder where that user already has execute access in (for example in the user’s home folder).

sudo mount --bind /folderA/folderB/theFolder finallyTheFolder;

Notes:

  • This solution circumvents security, be sure to think things through before implementing it
  • This solution ‘escapes’ normal good practices so it could lead to software bugs on your behalf
  • The bind will not persist after a reboot
  • To make this change permanent, you will need to add a configuration line in /etc/fstab
  • If the directory that you wish to bind contains mounted file systems, these file systems will not be transferred to the target. The mount points will appear as empty directories.

How to update all pulled Docker images that are tagged as latest

Recently, we moved a client to Docker and we needed to give them a way to automagically update all «latest» Docker images.
Since Docker does not have a single command to update all pulled images we used this one-liner to update all images at once:

docker images --format "{{.Repository}}:{{.Tag}}" | grep ':latest' | xargs -L1 docker pull;

The above command will:

  1. Print all images in the format RepositoryName:Tag
  2. Then it will filter all lines that end with the suffix :latest (which is the tag we are interested in)
  3. Finally, for each result (which is one per line) it will be fed  via the command xargs -L1 to the command docker pull

Please note that you cannot really update an existing container using docker commands, what you need to do is actually:

  1. Stop the container whose image was updated
  2. Delete it
  3. Recreate it using the parameters of the previous container

As you understand, it is a good practice to save all of your data in volumes outside the container to make the update process easy.

For example, below you will find the commands using which we updated the jwilder/nginx-proxy and the jrcs/letsencrypt-nginx-proxy-companion images along with the two containers that were using them:

docker container stop nginx-proxy nginx-letsencrypt;
docker container rm nginx-proxy nginx-letsencrypt;
docker run -d -p 443:443 \
     --name nginx-proxy \
     --net reverse-proxy \
     -v $HOME/certs:/etc/nginx/certs:ro \
     -v /etc/nginx/vhost.d \
     -v /usr/share/nginx/html \
     -v /var/run/docker.sock:/tmp/docker.sock:ro \
     -v $HOME/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro \
     --label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true \
     jwilder/nginx-proxy:latest;

docker run -d \
     --name nginx-letsencrypt \
     --net reverse-proxy \
     --volumes-from nginx-proxy \
     -v $HOME/certs:/etc/nginx/certs:rw \
     -v /var/run/docker.sock:/var/run/docker.sock:ro \
     jrcs/letsencrypt-nginx-proxy-companion:latest;


Using TeamViewer tar package on Ubuntu

Recently, we needed to start TeamViewer on an Ubuntu GNU/Linux machine where we did not want to install it.
To do so, we used the 64bit tar package from the TeamViewer Linux download page.

After downloading the package and extracting its content, we realised that we could not start TeamViewer (./teamviewer) as is.
In order to troubleshoot, we used a terminal and executed the check libraries functionality (./tv-setup checklibs;) from the archive folder that gave us some missing dependencies:

./tv-setup checklibs

    -=-   TeamViewer tar.xz check   -=-     

  In order to use the tar.xz version of TeamViewer,
  you have to make sure that the necessary libraries are installed.

    Writing raw output to /home/xeirwn/Downloads/teamviewer_13.1.3026_amd64/teamviewer/logfiles/DependencyCheck.log

 Analyzing dependencies ...           
    libQt5Core.so.5 => not found
    libQt5DBus.so.5 => not found
    libQt5Gui.so.5 => not found
    libQt5Network.so.5 => not found
    libQt5Qml.so.5 => not found
    libQt5Quick.so.5 => not found
    libQt5WebKit.so.5 => not found
    libQt5WebKitWidgets.so.5 => not found
    libQt5Widgets.so.5 => not found
    libQt5X11Extras.so.5 => not found

    The libraries listed above seem to be missing.
    Please find and install the corresponding packages.
    Then, run this command again.

    QtQuickControls seems to be missing

    The following command may be helpful:
      apt-get install libdbus-1-3 libqt5gui5 libqt5widgets5 libqt5qml5 libqt5quick5 libqt5webkit5 libqt5x11extras5 qml-module-qtquick2 qml-module-qtquick-controls qml-module-qtquick-dialogs qml-module-qtquick-window2 qml-module-qtquick-layouts;

Solution: Following the instructions we executed the following:

sudo apt-get install libdbus-1-3 libqt5gui5 libqt5widgets5 libqt5qml5 libqt5quick5 libqt5webkit5 libqt5x11extras5 qml-module-qtquick2 qml-module-qtquick-controls qml-module-qtquick-dialogs qml-module-qtquick-window2 qml-module-qtquick-layouts;

After the installation of the libraries, we executed once more the check libraries functionality (./tv-setup checklibs;)  where we got the message that everything seem to be OK.

 ./tv-setup checklibs

    -=-   TeamViewer tar.xz check   -=-     

  In order to use the tar.xz version of TeamViewer,
  you have to make sure that the necessary libraries are installed.

    Writing raw output to /home/xeirwn/Downloads/teamviewer_13.1.3026_amd64/teamviewer/logfiles/DependencyCheck.log

 Analyzing dependencies ...           

    All library dependencies (*.so) seem to be satisfied!

    QtQuickControls seems to be installed

Trying to start the (./teamviewer)  application did not gave an error but it would not start again.
It appeared that there was a service running which would not allow the GUI to show up.
To avoid too much fuss, we restarted the machine and tried (./teamviewer)  once more, this time with success.
So after installing the libraries and restarting the machine, we were able to start TeamViewer on our Ubuntu machine without installing it.


[Video] Android OpenCV – Face Detection and Recognition Demo

Android OpenCV – Face Detection and Recognition Demo using Android NDK/JNI to load OpenCV library.

Google Play: https://play.google.com/store/apps/details?id=net.bytefreaks.opencvfacerecognition

Get it on Google Play

Our application is based on the ‘Face Detection’ sample of OpenCV. The sample that is available for download from http://sourceforge.net/projects/opencvlibrary/files/opencv-android/, you will notice that there are many versions there, we used version opencv-2.4.13.6-android-sdk. Refer to this (http://docs.opencv.org/2.4/doc/tutorials/introduction/android_binary_package/O4A_SDK.html) introduction for more information.


WordPress Action: Cookie compliance on IEEE websites

Greetings,

If you have been identified as the owner of an IEEE website, you need to be aware of the new European Union (EU) regulation called the General Data Protection Regulation (GDPR) that takes effect on 25 May 2018 and is expected to have a far-reaching impact on how business is conducted worldwide with respect to the collection and use of personal data.

In order to comply with the new regulations, IEEE needs to look at the personal data collected through cookies – such as a user’s personal address, email address, demographic information, and more. As a step toward the direction the GDPR wants IEEE to move to, you need to add an informational banner on your IEEE related websites about cookies.

Following are the instructions to help you apply the informational banner on your WordPress website. The content that feeds to the banner will be managed by IEEE staff. This banner will briefly outline how IEEE uses cookies to enhance the user’s experience, as well as link to the IEEE Privacy Policy for more information.

In the functions.php file of your theme paste the following snippet:

function bytefreaks_header_cookies(){
?>
 <script src="https://s3-us-west-2.amazonaws.com/ieeeshutpages/gdpr/settings.js"></script>
 <link rel="stylesheet" type="text/css" href="https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css" />
 <script src="https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js"></script>
 <script>
   window.addEventListener("load", function(){
     window.cookieconsent.initialise(json)
   });
 </script>
<?php
};
add_action('wp_head', 'bytefreaks_header_cookies');

Fedora GNU/Linux : Disable USB Storage Devices

There is this machine that runs Fedora GNU/Linux, for which its owners asked us to block all USB Storage Devices without affecting other peripheral devices like keyboards and mice. The reason for that was to prevent unlawful data leakage that the users of that machine could do.

On Linux there is a kernel module named usb_storage that can be found at /lib/modules/$KERNEL_VERSION/kernel/drivers/usb/storage/usb-storage.ko.xz (to get the kernel version, execute uname -r;) which operates as the USB Mass Storage driver for Linux.

Apparently, we just needed to block the usb_storage module.  Initially, we tried to block the module by using the /etc/modprobe.d/blacklist.conf file but with no success. We failed to blacklist the module using the following commands (we were not sure which of the two names are correct, so we tried both, one at a time. It appears that both can be correct..):
echo -e "usb_storage\n" | sudo tee -a /etc/modprobe.d/blacklist.conf;
echo -e "usb-storage\n" | sudo tee -a /etc/modprobe.d/blacklist.conf;

After creating/updating the blacklist.conf file we restarted the machine as the module does not get loaded on boot automatically, it only gets loaded when needed. Unfortunately, as we mentioned before, these attempts led to no solution as we were still able to use USB storage devices even after creating the blacklist.conf file.
Since this method failed, we had to turn our heads towards a different solution, that due to its nature, it can be considered a hack.

Solution

What we did was to create a new configuration file in /etc/modprobe.d/ that would prevent usb_storage from being loaded by redirecting any requests to load the specific module to the /bin/true application.

echo "install usb_storage /bin/true" >> /etc/modprobe.d/disable-usb-storage.conf;
# Or the following (both names usb_storage and usb-storage seem to work)
# echo "install usb-storage /bin/true" >> /etc/modprobe.d/disable-usb-storage.conf;

Then, we had to make sure that the module was not already loaded. To see if the usb_storage module was already loaded we executed:

lsmod | grep -i usb_storage;

When lsmod | grep -i usb_storage; did not return any results, then it meant we were done! Since it was not in the list, it meant that the module was not loaded and so the next time someone tried to use a USB mass storage device they would not be able to load the module.

In cases were we got a line back (and thus the module was already loaded), then we needed to unload it manually or restart the machine. To avoid rebooting the machine we used modprobe to unload the usb_storage module.

modprobe -r usb_storage;

Some times, we would get the following error: modprobe: FATAL: Module usb_storage is in use.. This error meant that some other kernel module was using usb_storage and would not allow us to unload it. Using lsmod | grep -i usb_storage; we would get back a line like the following: usb_storage 73728 1 uas. The last column is a comma separated list of kernel modules that use usb_storage and we would need to unload them as well (replacing commas with space characters). Since we had only one dependency, our command became like the one below:

modprobe -r uas usb_storage;

And we were done!

To Re-enable USB mass storage devices (revert)

That is the easy part, to re-enable access to the USB mass storage devices, all we had to do was delete the configuration file:

rm /etc/modprobe.d/disable-usb-storage.conf;

Of course, to block them again, the we would have to follow the steps in the above solution.


Fedora GNU/Linux: Disable/Stop or Enable/Start Bluetooth service

There was this Fedora box for which we were asked to disable most of the methods it had available for communicating with the outside world.
One of the features of the box that we decided to block was its Bluetooth device.
To make our life easy, and since the users would not have admin rights, we decided to simply stop and disable the Bluetooth service on the box and be over with it!

The way we stopped and disabled the Bluetooth service was with the following two devices.

#Stop Bluetooth service that is currently executing
systemctl stop bluetooth;
#Prevent Bluetooth service from starting after a reboot
systemctl disable bluetooth;

Once you disable the service and stop it, you will notice that on the GUI of the Gnome settings application it still shows the basic menu for the Bluetooth device.
That should not worry you though because if you enter the Bluetooth configuration tab you will notice that the user will not be able to turn the device on and make use of it.

Revert changes and re-enable / re-start the Bluetooth service:

In order to restore the Bluetooth service back to normal (to enable it and start it), just execute the following two commands:

#Start the Bluetooth service right now
systemctl start bluetooth;
#Make sure that Bluetooth service will start after each system restart
systemctl enable bluetooth;


Anonabox Pro – Disable Wi-Fi

The following video demonstrates how to disable the Wi-Fi on an  Anonabox Pro.

  1. Connect to the device via the LAN Ethernet port.
    It has a build DHCP server by default so you do not need to configure the IP.
    After you get connected, go to the default location of the device interface, which is http://192.168.19.84:1776/.
  2. After the interface loads, enter the root password and click on the Login button.
    (if you are using a brand new Anonabox or a box that was recently flashed then click on the Login button without entering a password (if you enter one, it will be ignored)).
  3. Then, go to the top menu Network and select the option Wireless
  4. At the new page, under the category Wireless Overview click on the Disable button.
  5. Finally, click on the OK button when you get the Really shut down network? confirmation box and wait for the changes to get applied, the image with the Wi-Fi logo will change to one that has a red stamp on it and right under the SSID field you will get the message Wireless is disabled or not associated.

To enable the WiFi, just repeat the steps above and click on the Enable button.


GNU/Linux Fedora 27: Prevent Network Manager from restarting after reboot

Recently we were working on a Fedora 27 GNU/Linux box where we needed to completely disable the Network Manager.
Initially, we just stopped the NetworkManager service and then disabled it thinking that it would be enough.
To our surprise after we rebooted the box, we noticed that the Network Manager was active again!

After some research we found out that another service called NetworkManager-wait-online was starting the NetworkManager as some sort of recovery mechanism.
So, in order to permanently block NetworkManager from starting on boot, we disabled NetworkManager-wait-online as well.

In the end our solution to disable the NetworkManager service came down to executing the following commands as root (or using sudo):

systemctl stop NetworkManager;
systemctl stop NetworkManager-wait-online;

systemctl disable NetworkManager;
systemctl disable NetworkManager-wait-online;