NerdFaxing – Automatically Print Faxes from Email

fax-historyNerdFaxing has just been uploaded at https://github.com/artooro/nerdfaxing and is a fax to email to print automation script.

It will download PDF email attachments from a POP SSL mail account and send them to whatever Windows printer you want. It’s written in Python and uses gsprint from GSView to do the printing.

It’s designed to run on Windows but it could be easily adapted to run on a Linux platform. My specific need was for it to run on Windows where all the network printers are setup.

Connect to FPM Socket Permission Denied after upgrade to PHP 5.5.12

If you’ve just upgraded your web server to PHP-FPM you probably noticed that your web sites went down and your Nginx logs or whatever server you are using are giving you an error message that include the following statement:

connect() to unix:/var/run/www.sock failed (13: Permission denied) while connecting to upstream

To provide some context for this problem see http://www.openwall.com/lists/oss-security/2014/04/29/5

What was happening before is that the sockets were being created with a mode (permissions) of 0666 which makes it possible in theory for any web site to connect to them. This could be a security issue for shared hosting as an example.
So the security fix was to have PHP-FPM create the sockets with a permission mode of 0660 instead.

Now the problem with most default web server configurations is that the sockets are created under the root user while nginx or apache are running as a web server such as www-data. This means the web server is not able to read the PHP socket.

The Solution

The solution is very simple which you can find at stackoverflow http://stackoverflow.com/a/23596317/1195553

You simply add the following 2 lines to your PHP-FPM web site configuration before or after you set the path to the socket itself.

listen.owner = www-data
listen.group = www-data

This causes the the socket to be created with the owner and group of www-data which allows the web frontend to access the socket without any permission issues.

Happy administration!

OS X – clang: error unknown argument…

I want to post this because it took me awhile to figure it out. If you need PyOpenSSL or PyCrypto on Mac OS X 10.8, 10.9 you may come across this problem when using easy_install to get it installed.

Processing pycrypto-2.6.1.tar.gz
Running pycrypto-2.6.1/setup.py -q bdist_egg --dist-dir /tmp/easy_install-YmqMpv/pycrypto-2.6.1/egg-dist-tmp-vI68Ck
clang: error: unknown argument: '-mno-fused-madd' [-Wunused-command-line-argument-hard-error-in-future]
clang: note: this will be a hard error (cannot be downgraded to a warning) in the future
error: Setup script exited with error: command 'cc' failed with exit status 1

Personally I’m running on Mavericks. Turns out this is due to an Xcode change and the correct command to run to make it work is:

sudo ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future easy_install -Z pycrypto

Easily Build White Lists Using Google Chrome

If you work in IT or have ever had the opportunity to compile a white list for a customer, you’ll know that it can be a little complicated to find all the dependencies for a web site that you want to white list.

For example if you want to allow a single web site such as canadiantire.ca, you’ll find that you will also need to allow scene7.com and ajax.googleapis.com just to name a couple.

I’ve used Astaro (now Sophos) UTM and firewall appliance to do whitelisting as well as our new solution at DNSthingy.
Sophos does web filtering via proxy while DNSthingy uses DNS to do the filtering.

The Solution

I’ve been working on a Chrome extension (add-on) that takes care of the hard leg work of building a white (or black) list.

Whitelist Assistant will detect all the domains that resources are being loaded from inside the browser, and keep track of them and display them to you in a very simple and easy to understand list.

You can copy and paste this list straight into most UTMs or filtering solutions including Sophos and DNSthingy.

I’ll be adding features that will make it even easier for DNSthingy users. For example if you are a user you can create a whitelist for your network with a single click instead of even having to copy and paste.

Have fun, and enjoy the internet!