Skip to main content

Posts

Fix Google Security Code

Google Security Code (http://g.co/sc) is one type of 2-step verification. This is particularly useful when security keys and passkeys are not available. I have been using it in my LXC containers, until today I found out that it stopped working. It just kept saying "The code is invalid". It is easy to rule out some factors: The code works on other browsers on my laptop. The code works on other devices that are directly connected to the router. So it appears that Google also checks IP addresses besides the security code. Recently I have IPv6 enabled, so most devices that are directly connected to the router have both IPv4 and IPv6 addresses. But  I only enabled IPv4 for my LXC containers. So I guess when a code is generated by device A and used by device B, Google should be able to check that device A and device B are closely located. But in my case, IPv6 address appears on device A but not on device B, which may look suspicious. To fix the problem, I just needed to disable IPv...
Recent posts

Cleaning Up Old Emails and Accounts

Every month I receive ~5000 spam emails. I am not very surprised, knowning that my email addresses appear in ~20 data breaches. Email providers filtered out most of them, but after filtering I still receive ~100 every month. It is very annoying when I'm interrupted by an email notification, only to realize that it's from a spam email. Meanwhile I cannot just disable all notifications. Three months ago, I started to try to improve the situation. First of all I explored options for email aliases . Then in the past 3 months, I have been manually reviewing all email messages in the inbox. That are in total ~70k messages. Basically I'm creating a whitelist of senders, and I only enabled notifiation for allowed messages. This turned out to work quite well, I can clearly feel the improvement of life quality. Occassionally I may still need to manually review other messages, but that's OK. Meanwhile, I took this opportunity to review all accounts that I have previouly registered...

[Updated] Failed Attempt: NixOS in LXC

[Updates: 2024-10-21] I found a working solution: - Disable sandboxing in configuration.nix - Build a tarball image using `nixos-generator -f lxc` - Create an LXC container with `lxc-create -t none` - Modify the config of the LXC container (e.g. specify rootfs path, set unconfined AppArmor) - Create the rootfs directory and remove all POSIX ACL (setfacl --remove-all) - Extract the tarball into rootfs/ I planned to try NixOS in LXC. I have found a few successfull stories: 1 , 2, 3 . However they are all using Proxmox LXC, and/or the image file is for LXD. First, I tried to download the official image via lxc-create. The image can boot, but I have trouble running `nix-channel --update`, which complains about sandboxing. I think it's related to unprivileged LXC containers. Further, as part of the nice feature of NixOS, I cannot easily disable sandbox from there. Second, I tried to build a NixOS image from scratch, using nixos-generators. This is mentioned in the 3rd link above. This ...

Chasing an IO Phantom

My home server has been weird since months ago, it just becomes unresponsive occassionally. It is annoying but it happens only rarely, so normally I'd just wait or reboot it. But weeks ago I decided to get to the bottom of it. What's Wrong My system set up is: Root: SSD, LUKS + LVM + Ext4 Data: HDD, LUKS + ZFS 16GB RAM + 1GB swap Rootless dockerd The system may become unresponsive, when the IO on HDD  is persistantly high for a while. Also: Often kswapd0 has high CPU High IO on root fs (SSD) From dockerd and some containers RAM usage is high, swap usage is low It is very strange that IO on HDD can affect SSD. Note that when this happens, even stopping the IO on HDD does not always help. Usually restarting dockerd does not help, but rebooting helps. Investigation: Swap An obvious potential root cause is the swap. High CPU on kswapd0 usually means the free memory is low and the kernel is busy exchanging data between disk and swap. However, I tried the following steps, none of the...

Find Duplicate Photos and Videos

Last month I received a warning that there's almost no more free space left for my Google account, so I decided to delete all files in Google Photos. But before that, I downloaded all files via Google Takeout. I decided to copy files to my local backup if I don't have a local copy, for example, panorama photos generated by Google Photos. However I don't know which exactly ones that I should copy. There are ~27k files in total. I processed them in different steps, through each step I expect to find more files that I do not need to copy. Binary Comparison I can easily find binary identical files, by computing hashsums of all files. Unfortunatley, only ~7k files have a binary identical local backup. Binary Content Comparison It is possible two files have slighly different metadata but exactly same content (i.e. video stream). Using `ffmpeg -f md5 -` I can compute a hashsum of the content of a file. Unforunately, only 1 file is found in this step. Quite disappointing! Of course...

Dates in Leaked Passwords

I have been playing with data from haveibeenpwned.com , especially I was exploring 8-digit passwords that look like dates. I checked all dates between 19000101 and 20231231, where - The date must be in the YYYYMMDD format - Some invalid dates are also included, e.g. 19120231 Further, by default I only analyzed valid  dates after 19240101. By Year 1986 is the most popular year. It roughly forms a normal distribution. The distribution might review the distribution of the ages of the users (of the leaked services). By Month & Day It is clear that October, November and December are more popular than other months, but I think this is is because people may use 1912312 rather than 19120312. We can also see a pattern for each month, especially 1st is more popular than other days. Other than those, the passwords are roughly evenly distributed among all days. The most popular dates are: 0101, #=81516 1010, #=79997 1212, #=71724 1111, #=62065 1001, #=61109 Seems that they are just nice ...