lorenzo milesi Posts

28 maggio 2017 / / italiano

Questo articolo è una libera traduzione dell’articolo del 2015 (aggiornato nel 2017) di Salim Virani dal titolo Get your loved ones off Facebook. L’articolo originale è molto dettagliato, cercherò di tradurlo nel modo migliore possibile ma abbiate pazienza se c’è qualche refuso perché non è il mio lavoro. Potete comunque segnalarmi eventuali errori e sarò felice di correggerli.

Ho voluto fare questa traduzione perché mi ricordo agli albori italiani di Facebook che un mio contatto aveva notato come la diffusione del social network nel nostro paese avesse (ovviamente) ricevuto un’impennata dopo l’introduzione della lingua italiana. Traducendo questo testo in Italiano spero che possa rendere più gente consapevole di cosa significa utilizzare questo strumento. È a tratti un po’ ridondante e molto allarmante, ma credo possa dare una chiara visione di quello che Facebook conosce di noi e come lo usa (o potrebbe usarlo).

La lettura richiede circa venti minuti. Prendetevi il tempo, probabilmente ne vale la pena.

Ho scritto queste righe per i miei amici e per la mia famiglia, per spiegare loro perché gli ultimi aggiornamenti dei termini della privacy di Facebook sono realmente dannosi. Spero possa aiutare altri. Referenze esterne – e passaggi per una cancellazione corretta – in fondo.

3 maggio 2017 / / english

Today, while having a look at a Zimbra server running z-push for ActiveSync, I found these errors in log:


03/05/2017 03:18:36 [ 2372] [ERROR] [info] Zimbra->SoapRequest(): SOAP FAULT: Error Code Returned [mail.TOO_MANY_CONTACTS]
03/05/2017 03:18:36 [ 2372] [ERROR] [info] Zimbra->SoapRequest(): SOAP FAULT: Error Code Returned [mail.TOO_MANY_CONTACTS]

Z-Push was kind of spamming this message many times a minute in z-push-error.log.

The answer is pretty easy: by default Zimbra allows at most 10000 contacts per mailbox.

13 aprile 2017 / / english

The same solution done for Joomla some times ago can be applied to WordPress as well. WordPress plugins (almost) never require direct access to PHP files, so you can prevent their access. Usually crackers put malicious PHP files into wp-content or wp-includes directory: you shouldn’t run them.

A friend of mine has a WordPress website who has been targeted for SEO spam. So I’ve done some searches and cooked up an htaccess addition for him. After the RewriteBase statement add the following:

9 marzo 2017 / / android

Every now and then I run into articles, like this, which explain why is better to avoid personal data collectors like social networks and their subsidiaries. In this case, WhatsApp (and Telegram).

So what? There’s the very nice and secure and less privacy invasive Signal app! It still doesn’t have all the features its competitors have, but it’s still fully functional for messaging, and it’s certainly worth a try.

But while testing it to message with my girlfriend I noticed an unfortunate issue: quite often messages would not be notified to the recipient, even if correctly delivered. This was the case on my Xiaomi Mi5 powered by MIUI.

1 marzo 2017 / / english

Today I was going to test bettercap from source and I ran into a rather nasty but quite popular issue:

$ sudo bettercap --help
/usr/local/lib/ruby/gems/2.4.0/gems/bettercap-1.6.1b/lib/bettercap/spoofers/icmp.rb:24:in `<class:ICMPRedirectPacket>': uninitialized constant PacketFu::EthHeaderMixin (NameError)
from /usr/local/lib/ruby/gems/2.4.0/gems/bettercap-1.6.1b/lib/bettercap/spoofers/icmp.rb:17:in `<module:Spoofers>'
from /usr/local/lib/ruby/gems/2.4.0/gems/bettercap-1.6.1b/lib/bettercap/spoofers/icmp.rb:15:in `<module:BetterCap>'
from /usr/local/lib/ruby/gems/2.4.0/gems/bettercap-1.6.1b/lib/bettercap/spoofers/icmp.rb:14:in `<top (required)>'
from /usr/local/Cellar/ruby/2.4.0/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/local/Cellar/ruby/2.4.0/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/local/lib/ruby/gems/2.4.0/gems/bettercap-1.6.1b/lib/bettercap.rb:58:in `block in bettercap_autoload'
from /usr/local/lib/ruby/gems/2.4.0/gems/bettercap-1.6.1b/lib/bettercap.rb:57:in `each'
from /usr/local/lib/ruby/gems/2.4.0/gems/bettercap-1.6.1b/lib/bettercap.rb:57:in `bettercap_autoload'
from /usr/local/lib/ruby/gems/2.4.0/gems/bettercap-1.6.1b/lib/bettercap.rb:62:in `<top (required)>'
from /usr/local/Cellar/ruby/2.4.0/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/local/Cellar/ruby/2.4.0/lib/ruby/2.4.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/local/lib/ruby/gems/2.4.0/gems/bettercap-1.6.1b/bin/bettercap:19:in `<top (required)>'
from /usr/local/bin/bettercap:22:in `load'
from /usr/local/bin/bettercap:22:in `<main>'

That uninitialized constant PacketFu::EthHeaderMixin is a popular error if you look in bettercap’s issue tracker, and among all it’s hard to find the correct solution! But thanks to evilsocket himself I was led to the correct fix.

19 febbraio 2017 / / english

UPDATE 2017.09.11: the script got updates, the latest information is always available at GitHub project page

There’s an extensive guide on Zimbra’s Wiki on how to (manually) set up a Letsencrypt certificate in Zimbra Collboration Server.

There’s a bash script to request and deploy a cert. There’s another method explained on Zimbra’s bug#99549 with mixed scripts.

But would you like to simply type:


certbot_zimbra.sh -n

and deploy the certificate?

4 febbraio 2017 / / english

I’m a big fan of Tor. Not that I live in a country where it’s really needed, but just for the fun of it. Most of non-techie people think it’s just a mess of illegal stuff, they just ignore the fact that a lot of people live in countries where there’s no speech freedom, or limited internet access.

Personally, I occasionally work in places where there are very restrictive firewalls which block non standard ports and do packet inspection, so I wasn’t even able to get out on port 80 with a protocol which wasn’t http! So I needed obfuscated bridges, on port 80.

In the past I bought a cheap VPS via LowEndBox, and installed there an obfs3 Tor bridge. At that time there was no proper way to run obfs3proxy on privileged port (< 1024), and the only way I found on StackExchange was to do some hackish port forwarding. And my bridge is happily doing it’s job.

Lately I was thinking about it and I thought it was a shame to be the only one using it, since due to the forwards it was not publicly advertised and thus not usable by others. And there’s always need of Tor Bridges on port 80 or 443. So I investigated if there was a better way to run a bridge, and thanks to a comment (on StackExchange, again) I was directed to obfs4proxy, which allows binding on port below 1024 without big deals.

So even I wanted to share the whole setup.

20 dicembre 2016 / / italiano

I Piani di Artavaggio sono una meta classica per gli escursionisti della Valsassina. La relativa semplicità del percorso, i suoi ampi spazi, i vasti panorami che si possono godere dalla sua posizione di avamposto delle Prealpi li rendono una località molto attraente.

Per chi volesse uscire dai soliti percorsi vediamo un sentiero alternativo ai due classici Vallone (CAI 24 o a breve CAI 724, partenza dall’area pic-nic di Moggio) e Penscèi – Maesimo (strada agrosilvopastorale che parte qualche chilometro prima del Passo Culmine San Pietro).

Vediamo quindi come raggiungere i Piani di Artavaggio da Moggio lungo il sentiero Cà Rovellasca.

14 dicembre 2016 / / english

After very long time I recently moved from Ubuntu to MacOS. That’s a big switch, which involves time in changing personal habits and restoring the old features…

Among one of them I constantly use Tor. Not that I have anything to hide, it’s mostly for fun and sometimes for work, where I need to escape restrictive firewalls to access outside network. I mostly need ssh to connect to the office, and to tunnel the connection though Tor I prefix the command with torsocks.

So after installing Tor using Homebrew I run the command and:


ERROR: /usr/bin/ssh is located in a directory protected by Apple's System Integrity Protection.

9 novembre 2016 / / deejay reloaded podcaster

Una delle richieste più vecchie fatte sul GitHub del progetto era la possibilità di avere l’archivio completo dei programmi pubblicati.

Essendo un podcast all’inizio non ci avevo pensato, mi bastava che funzionasse da quel giorno in avanti. Poi non ho più avuto occasione di guardarci fino allo scorso fine settimana, quando finalmente ho chiuso la segnalazione avendo implementato la scansione delle pagine dei programmi.