Anti-Title : One of these blog, that is never ever finished

Programming, Server Administration, Libreoffice and Electronics!

A Dashing entry!

No! Not that shell!!!

My experience with dash has always been one of hatred. I didn’t quite felt the emotion myself, but I always felt that dash hated me and my scripts. Any script I would throw at it, it would chew back with tons of errors and I’d swear maybe even arrogance back at me. Being in such a situation with it, I was totally baffled that people could actually use that… devil shell!

In my scripts, to avoid the pain of it’s draconian touch I would usually do this :

case "$(readlink -f  /proc/$$/exe)"; in
        echo "We don't support dash"
        exit 1
        sh="$(readlink -f /proc/$$/exe)"

I would then have the insurance that my scripts would not go through this (insert curse here) shell!

One day

as I was working with jailTools, FrozenFox (A fellow friend on freenode’s IRC channel #xroutine) pointed out that I should try to stick as close as possible to POSIX compatible shells as to support as many shells as possible. To my bafflement FrozenFox mentionned the shell `dash’ as being one of the most POSIX conforming shell! So I took a (very) deep breath and decided to finally give that shell a chance. What seemed like mountains before were actually just technicalities after all. It turns out I wasn’t that far off from the POSIX style after all.

Some of The Changes I had to do

It turns out that the major “issue” with dash is the fact that it does not support the “function” bash way of creating functions.

Instead of doing :

function foo() { 

We should do :

foo() {

With this change, the bulk of my scripts were actually working correctly! I could finally bury the hatchet of war and support dash. Sure, it doesn’t support any bashisms like Substring expansion, but that is easily fixed with sed.

Where we do this in bash :

a="thisVeryLongVar"; echo "${a:0:4}${a:8}"

Giving the result :


We would need to create our own function using sed :

# substring offset <optional length> string
# cuts a string at the starting offset and wanted length.
substring() {
    local init=$1; shift
    if [ "$2" != "" ]; then toFetch="\(.\{$1\}\).*"; shift; else local toFetch="\(.*\)"; fi
    echo "$1" | sed -e "s/^.\{$init\}$toFetch$/\1/"

a="thisVeryLongVar"; echo "$(substring 0 4 $a)$(substring 8 $a)"

And it would give the same result :


A bit more code to do the same thing, but it should be portable to pretty much all the other shells out there.

Now the next issue was with the command `read’. Under dash read is not as featureful as in bash/zsh, under these, we could do :

read -d "" myList << EOF
entry one
entry two
entry three

In dash, read does not feature ‘-d’, but suprisingly we can do this instead :

myList=$(cat << EOF
entry one
entry two
entry three

and it accounts to exactly the same thing.

dash also doesn’t have the environment variable UID :


so instead we use ‘id’ :

uid=$(id -u)

The outcome

So the mountain I thought was the Everest, is now just a petty mound. A few changes and we can use this very fast shell. Sure, there’s nothing that will make someone actually use it as their actual command line shell as it doesn’t support a history and many other features we take for granted in the other shells. Let’s keep things to their strengths, shall we? Dash is meant for running scripts and it does it well.

I now converted jailTools to fully support dash thanks to these changes and they lived happily ever after, having the task to convert all of their scripts to support dash in the future. ^_^

Free SSL/TLS certificates with Let’s encrypt!

It is now possible to have a fully secure internet for totally free!

(I mean this in the grand scale of things, not just downsizing the word “internet” to mean “http”, eheh)

(it does sound preacherlike, but I am very excited by this :D)

This text describes one of the many ways to implement secure HTTP for lighttpd and STARTTLS for postfix and courier-imap.

Some background information on secure HTTP

Domain certificates used to cost at least 100$ (probably more!) per year minimum to get SSL/TLS keys for a single domain (https://)! Now, with let’s encrypt, this is totally free! And the certificates are fully legitimate. This is not just some self signed certificate that only certain browsers support. This is fully compatible with a lot (I wanted to write all, eheh, but I’m staying prudent) of the most important pillars of the current internet.

There are absolutely no reasons not to do this. It might become mandatory for websites to offer secure http soon; There are talks that every websites will need to support encrypted HTTP on the internet. While this will probably never happen, the fact that this can be done for free will certainly be a major stepping stone for this important (read very!) vision.

Here are some reasons why implementing secure HTTP is important :

  • To seriously limit Man in the middle attacks (eavesdropping).
  • To have much more certainty that the website we want to use is indeed the one we think it is.
  • Encryption is great :D.

Things you need to follow this guide

  • a server you own/rent
  • at least one domain you own
  • The GNU/linux operating system
  • more than just basic system usage knowledge (this is intended for system administrators after all)

on your system:

  • use lighttpd as your web server (although we give pointers for the others)
  • git
  • bash or zsh, curl, sed, etc.

optional parts :

  • postfix
  • courier-imap

Let’s Encrypt

Let’s encrypt provides certificate signing using the ACME protocol (Nothing has be done on their website; there is no need to create an account and give out sensitive private information).

There are quite a few different clients that were made to interface with let’s encrypt’s ACME server instance. This link contains quite a few different options. I chose dehydrated, mainly because it is implemented fully as a shell script. It can be ran whenever we wish (like put in a cron script) and is fairly easy to use.

Dehydrated, an ACME client

To get dehydrated, we’ll simply clone their git repository from github.

So just clone the dehydrated git repository.

There’s only 2 configuration files we have to edit to get rolling. (You can also set up a shell script file called ‘’ if you need to do more finegrained steps in your certificate signing process)

The first is the file “domains.txt” : This file should start with the domain name, followed by the full URL of all the subdomains for this domain separated by space. Each line should be for a single domain and it’s subdomains

example content of “domains.txt” :

The second is the file “config” :

we want to start with the example from “docs/example/config”

add this :


just after :


This will make the us request the staging (test) server rather than the production one.

(very important! It is very easy to be temporarily banned and it takes quite some time to be allowed afterwards)

Later on, when everything works correctly with our staging dummy certificates, we can comment the first one and uncomment the second. (We’ll get on that later)

Ownership verification

To be awarded a signed certificate, ACME needs to make sure that we are indeed the owner of the domain name (and of the website). ACME ownership verification can be done using 2 methods with the particular client we will show in this guide. A website method and a dns method. We will go over only the website method in this guide.

(Note that the website method is not technically a perfect way to ensure that a server is really controlled by the person owning the domain name. Strictly because it would be possible for someone controlling a web server to use these methods to gain a certificate for a domain name they do not own (granted the domain name points to that server’s IP). However, it is fully accepted by the ACME protocol and it is the method we will show in this guide)

first uncomment this line in the “config” :


You can change it, just make sure that your lighttpd has read access to it and that the user with which you will run the dehydrated script has read and write access to that directory. This is where the test data will be posted. The ACME server will then need to have HTTP access to files in this location (files in it will have some kind of hashed name approximately of 10 random characters).

In lighttpd (or any web server for that effect), we will need to make the path “/.well-known/acme-challenge/” point to “/var/www/dehydrated” and make any external source able to read it’s content.

To do that reliably on all domain names, we will make use of lighttpd’s “mod_alias” plugin, so you need to make sure it is activated in your “server.modules”. Here’s what you need to add to your lighttpd configuration file :

# ACME challenge for HTTPS
alias.url += (
    "/.well-known/acme-challenge/" => "/var/www/dehydrated/"

With this, for whatever domain they will access, the URL “/.well-known/acme-challenge” will point to “/var/www/dehydrated”. So say “” must be the content of “/var/www/dehydrated” (I don’t mean that it should actually “show” the content, just that if an external source knows what to look for, it should be able to download it from there).

Test the whole ordeal with the staging Let’s encrypt

Now that we have this set up, it’s time to test! Double check in the section dehydrated that you effectively have your CA set to the staging URL.

Now, rubs hands, just run this :

./dehydrated -c

It will verbosely show the process of getting the certificates signed and all. It will also say if you did a correct job setting your “Wellknown” set up.

To Do list in this entry

  • domains (domains you own obviously) (done)
  • staging (very important! It is very easy to be temporarily banned and it takes quite some time to be allowed afterwards) (done)
  • ACME website verification (also can be done with dns) (done)
  • “Wellknown” verification method (done)
  • run dehydrated to get mock certificates from the staging letsencrypt when all the domains get verified and get certificates, we can run the real deal.
  • At this point, we are given quite a few file types. What we want are : the private key, the host certificate and the chain certificate. And we mainly need all these in “pem” format. (The fullchain is simply the chain and host certificate copied together, one after the other).

lighttpd postfix courier-imap

great tool to help know what to put in your HTTP server configuration : disable SSL3, why ( test with (

forward secretive ciphers/key echange : what it means

to test pop3 starttls openssl s_client -starttls pop3 -connect URL:110 test smtp starttls openssl s_client -starttls smtp -connect URL:25 test shttp openssl s_client -connect URL:445

list all compatible ciphers with nmap! nmap –script ssl-enum-ciphers -p PORT DOMAIN # when it is a non official port nmap -sV –script ssl-enum-ciphers -p PORT DOMAIN

LibreOffice’s Basic - Objects position and size

How do we change the size and position of an object?

Normally we do that with the GUI, but here’s how to do this programmatically using Basic.

standard component properties are in :

thisComponent.DrawPage.Forms.getByName(<form name>).getByName(<component name>)

Theoretically, its position and size should be there too, right? Unfortunately, no. The positionning and size properties are elsewhere. They are in thisComponent.DrawPage.getByIndex(). The index is not the same as in the normal Xform component though, so you can’t just fetch the index there and search that index in DrawPage.

Certain (and yes, it’s really certain components) contain a variable called “Control” that links to the above component element. So you can actually get the name of the component. The problem is that not all elements in the indexes actually contain the variable “Control”. We actually have to filter all the elements by their ShapeType. Say we loop all elements to look for say lblTitle. Our looping variable is ‘i’. We would do something like this :

if obj.getByIndex(i).getShapeType() = "". If that is true, then

we are garanteed that the variable Control is available. We then do something like this :

if obj.getByIndex(i).Control.Name = "lblTitle" then ...

At that point, we can look up exactly the element for which we want to either get or set the position or size. The 2 variables we are interested in are : Position and Size. Position contains X and Y and Size contains width and height. You just need to assign position or size to an Object variable then you can change it’s value and push it back into the component. Like so :

(say the component object we got from earlier was put into the variable shapeObj)

Dim oPos AS Object
Dim oSize AS Object

oPos = shapeObj.Position
oSize = shapeObj.Size

oPos.X = oPos.X + 5
oSize.width = oPos.width + 5

shapeObj.Position = oPos
shapeObj.Size = oSize

And that’s it! You can move and resize any of your components from your scripts!

Happy Hacking!