TIDAL on Android with external USB DAC

I had spent $900 on a DAC, one which has been praised all over the net. Yes, you guessed it right, Chord Mojo!

This little gem was supposed to change the music experience for me once forever, however it didn't happen till this very moment.

First I must give you a bit of background and the current setup that I am using on a daily basis. A Google Nexus 6P mobile phone with Android Marshmallow 6 and TIDAL native app installed as the Digital Audio Player, of course my Chord Mojo which is connected to the phone through an OTG cable and my beloved headphones NAD Viso HP50 that is connected to Mojo via 3.5mm standard output. Sound quality? Good, but not what you expect from a setup worth $1.3k! So, something has to be wrong in between and indeed there is an issue with Android internal audio system which can be easily addressed. Once I did it, a 40% improvement achieved, literally!

When you play any audio including music on an Android device, by default the operating system takes over the audio processing and as a result Android limitations applies. Android does some unnecessary bit and sampling rate conversion which results in poor audio output and extensive battery usage.

The first step towards addressing above is to disable USB audio routing. That's easily achievable by enabling 'Developer Options' on Android. Once done, you can disable 'USB Audio Routing' by toggling a button:

However as soon as you disable USB audio routing, you won't be able to hear anything through the USB DAC with the TIDAL native app. Now install 'USB Audio Player PRO' from Google Play which comes with its own proprietary USB driver. It enables the app to bypass the internal Android audio system and sends the digital audio directly to DAC. This app is TIDAL friendly, therefore it could be easily connected to your TIDAL subscription and lots of other media sources including local storage, network, UPnP/DLNA servers, etc. Once done, you could use this app to play your music and WoW! Who could think the quality would dramatically change like this!?

USB Audio Player PRO is a must have application for every audiophile and HiFi enthusiast. It unlocks the real potential of your DAC and drives it to its maximums. Don't be afraid to put down $10 on it, you will be really happy with this fantastic little app.

Now enjoy the music with real Lossless quality!

Cisco AnyConnect VPN Client on BlackBerry 10.3.1.x

As you may know, Cisco has recently published its popular AnyConnect VPN Client for 10.3.1.x version of BlackBerry 10 operating system. But it's still in Beta stage, therefore no one is able to find the app directly by searching it on BlackBerry World. To resolve the issue, you need to point to the app URL using the native BlackBerry browser on your phone. To do so, please open the following URL on your phone browser and you will be redirected to the app page on BlackBerry World which you can easily download the app:

http://appworld.blackberry.com/webstore/content/59952066/

I have shortened the URL as follows:

http://goo.gl/zYa6nE

Enjoy!

Ubuntu WiFi issues with Macbook Pro

If you are one of those who installed any version of Ubuntu on your Macbook Pro and the OS doesn't detect your WiFi, get connected to internet using cable, Bluetooth, etc. and simply run the following command:

sudo apt-get update && apt-get install linux-firmware-nonfree b43-fwcutter firmware-b43-installer -y && reboot

Voila!! Your computer restarts and it should easily detect your WiFi hardware.

Obfuscating HTTP Proxy traffic to bypass DPI firewalls

Chinese and Iranian governments are well known for their hatred behavior against free internet. These two countries have implemented big Deep Packet Inspection units on their internet gateways to drop any known and recently unknown internet protocols normally being used to bypass internet censorship. It includes HTTP Proxy which could easily be implemented using well known tools like Squid, Microsoft TMG, etc.

In this article I'm trying to setup and run Obfsproxy on Ubuntu 12.04 LTS to obfuscate HTTP Proxy traffic in order to bypass firewalls and have access to free internet again.

Almost everybody knows Tor, a very well known project to help people stay anonymous on the web and bypass internet censorship in countries like China, Iran, Syria, etc. A few years a ago, they have started an add-on project to Tor named Obfsproxy to help people living in Iran and China, bypass DPI firewalls being newly used by these countries. This project is now reached to an stable condition and is ready to be implemented in small environments.

We are using Obfsproxy in server and client modes to provide an extra layer of obfuscation tunneling to achieve the above mentioned goal. Let's start by installing the latest edition of Obfsproxy on our Ubuntu server:

s1@p:~$ sudo -i

root@p:~# apt-get update

root@p:~# apt-get upgrade -y 

root@p:~# apt-get install gcc build-essential python-dev python-pip -y

root@p:~# pip install obfsproxy

I assume that a proxy server application like Squid is already installed and configured to listen on port 3128/TCP. So, let's run Obfsproxy for the first time:

root@p:~# obfsproxy obfs2 --dest 127.0.0.1:3128 server 0.0.0.0:8080

It will run Obfsproxy to listen on port 8080/TCP and redirects all the traffic to port 3128/TCP on localhost where Squid is waiting to serve proxy requests.

We can simply create an INIT script to run the following command on every system startup:

root@p:~# nano /etc/init.d/obfsproxy

Place the following line in the file and save it:

obfsproxy obfs2 --dest 127.0.0.1:3128 server 0.0.0.0:8080 > /var/log/obfsproxy.log 2>&1 &

Change the permission of the file and mark it as auto startup:

root@p:~# chmod 755 /etc/init.d/obfsproxy

root@p:~# update-rc.d obfsproxy defaults

That's all! From next reboot, it will automatically run Obfsproxy on system startup.

Let's go to client side. I'm just explaining the Windows configuration, because it's the most popular operating system at client side:

Download the following file and extract it on your computer:

https://www.dropbox.com/s/bfpo7l5hsgthmwq/obfsproxy.zip

Run CMD and change to Obfsproxy directory, then run obfsproxy in client mode:

obfsproxy.exe obfs2 --dest YOUR_Server_IP:8080 client 127.0.0.1:5050

It will listen on localhost port 5050/TCP and redirects all the traffic to your server on port 8080/TCP.

You can easily create a Windows service for Obfsproxy using third party tools like NSSM.

Block torrent and SMTP on Ubuntu Server

For us, I mean VPN providers, it's very important to block and control the traffic that is passing through our UK and US located servers. We all know, if we don't care, our servers would be suspended very soon due to many copyrights infringements from our clients.

In this case, I'm trying to block and control torrent activities on my Ubuntu server using a combination of Iptables and PeerGaurdian. To do so, I simply start by defining many rules in Iptables as follows:

root@VPN:~#

iptables -A OUTPUT -m string --algo bm --string "GET /announce?info_hash=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /announce?info_hash=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /scrape?info_hash=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /scrape?info_hash=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /announce.php?info_hash=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /announce.php?info_hash=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /scrape.php?info_hash=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /scrape.php?info_hash=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /announce.php?passkey=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /announce.php?passkey=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /scrape.php?passkey=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /scrape.php?passkey=" -j DROP
iptables -A OUTPUT -m string --algo bm --hex-string "|13426974546f7272656e742070726f746f636f6c|" -j DROP
iptables -A FORWARD -m string --algo bm --hex-string "|13426974546f7272656e742070726f746f636f6c|" -j DROP
iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j DROP
iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j DROP
iptables -A FORWARD -m string --algo bm --string "peer_id=" -j DROP
iptables -A FORWARD -m string --algo bm --string ".torrent" -j DROP
iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j DROP
iptables -A FORWARD -m string --algo bm --string "torrent" -j DROP
iptables -A FORWARD -m string --algo bm --string "announce" -j DROP
iptables -A FORWARD -m string --algo bm --string "info_hash" -j DROP
iptables -A FORWARD -m string --string "get_peers" --algo bm -j DROP
iptables -A FORWARD -m string --string "announce_peer" --algo bm -j DROP
iptables -A FORWARD -m string --string "find_node" --algo bm -j DROP
iptables -A OUTPUT -m string --algo bm --string "BitTorrent" -j DROP
iptables -A OUTPUT -m string --algo bm --string "BitTorrent protocol" -j DROP
iptables -A OUTPUT -m string --algo bm --string "peer_id=" -j DROP
iptables -A OUTPUT -m string --algo bm --string ".torrent" -j DROP
iptables -A OUTPUT -m string --algo bm --string "announce.php?passkey=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "torrent" -j DROP
iptables -A OUTPUT -m string --algo bm --string "announce" -j DROP
iptables -A OUTPUT -m string --algo bm --string "info_hash" -j DROP
iptables -A OUTPUT -m string --string "get_peers" --algo bm -j DROP
iptables -A OUTPUT -m string --string "announce_peer" --algo bm -j DROP
iptables -A OUTPUT -m string --string "find_node" --algo bm -j DROP

If you still didn't block SMTP ports, go ahead and define these six rules:

iptables -A OUTPUT -p TCP --dport 25 -j DROP
iptables -A OUTPUT -p TCP --dport 465 -j DROP
iptables -A OUTPUT -p TCP --dport 587 -j DROP
iptables -A FORWARD -p TCP --dport 25 -j DROP
iptables -A FORWARD -p TCP --dport 465 -j DROP
iptables -A FORWARD -p TCP --dport 587 -j DROP

Now list your current Iptables rules to make sure all above mentioned rules are successfully entered:

root@VPN:~# iptables -L

At this moment we need to make all these rule persistent, so if we reboot the server, Iptables automatically reloads them:

root@VPN:~# apt-get install iptables-persistent

Next step is PeerGaurdian installation and configuration:

root@VPN:~# apt-get install python-software-properties

root@VPN:~# add-apt-repository ppa:jre-phoenix/ppa

root@VPN:~# apt-get update

root@VPN:~# apt-get install pgld pglcmd pglgui

Note: Be aware of PeerGaurdian automatic start during installation.

Now edit your PeerGaurding configuration file:

root@VPN:~# nano /etc/pgl/pglcmd.conf

Add these five lines to your config and save the file:

INIT="1"

CRON="1"

LOG_SYSLOG="0"

LOG_LOGFILE="0"

WHITE_TCP_OUT="https http ftp"

Now, let's edit PeerGaurdian block list configuration:

root@VPN:~# nano /etc/pgl/blocklists.list

There are many predefined block lists in this configuration file. Simply un-comment your preferred lists and save the file. I suggest you to go on with following lists:

http://list.iblocklist.com/lists/bluetack/bogon

http://list.iblocklist.com/lists/bluetack/level-1

http://www.botrevolt.com/lists/Bot-Revolt-Exclusive

http://list.iblocklist.com/lists/tbg/primary-threats

As you notice, most of these block lists are supplying by iBlocklist.com. They have also many commercial lists available for an small annual subscription fee. Subscription to iBlocklist.com is recommended to have the opportunity to use their Anti-Infringement list.

Our configuration is finished now. Just restart your PeerGaurdian:

root@VPN:~# pglcmd restart

It takes a few seconds to update all lists and it would start automatically. To make sure it's working correctly, just ping BBC website since it's available in block list and should be blocked by default:

root@VPN:~# ping bbc.co.uk

You will face with "Destination Port Unreachable" as ping reply. It means your PeerGaurdian configured properly and blocks any suspicious Anti-infringement IP address out there.

Now reboot your server and make sure both Iptables and PeerGaurdian are working properly.

An additional configuration to zPanel installation

Recently, I've configured many A records on my zpanel DNS configuration with same name but different values. I was expecting the DNS server which installed with zPanel by default, reply a resolve request with a random value (IP address) but it was replying a fixed IP address, normally the first value that I had created for this A record. In order to resolve this issue, I was trying to change the BIND configuration:

root@hosting:~# nano /etc/bind/named.conf

Put the bold line in the "options" section and reboot your server:

options {
.....
recursion no;
dnssec-validation yes;
dnssec-lookaside auto;
rrset-order {order random;};
....

That will do the trick and from now on, the DNS server will respond with a random value upon a query request.

zPanel Installation on Ubuntu

In this Tutorial, I'm trying to Setup and Run a powerful web hosting server using Zpanel and Ubuntu Linux Server plus a way to setup your main domain address and its name servers.

For requirements, we need a fresh install of Ubuntu 12.04 LTS.

Logon to your server using terminal or SSH if you're managing your server remotely and enter following commands:

taher@hosting:~# sudo -i

root@hosting:~# apt-get update

root@hosting:~# apt-get upgrade

root@hosting:~# apt-get install curl

It's recommended to disable IPv6 on your server, if you're not going to use that:

root@hosting:~# echo "#disable ipv6" | sudo tee -a /etc/sysctl.conf

root@hosting:~# echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf

root@hosting:~# echo "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf

root@hosting:~# echo "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf

root@hosting:~# reboot

After reboot, run the following command to make sure IPv6 is fully disabled:

root@hosting:~# cat /proc/sys/net/ipv6/conf/all/disable_ipv6

0 means it's enabled and 1 means disabled.

Find a download link of an appropriate version of Zpanel on their official download page: http://www.zpanelcp.com/download/

root@hosting:~# wget https://github.com/bobsta63/zpanelx/releases/download/10.1.0/installer-10-1-0-ubuntu-64.sh.x

root@hosting:~# chmod 777 installer-10-1-0-ubuntu-64.sh.x

root@hosting:~# ./installer-10-1-0-ubuntu-64.sh.x

Accept software License and continue installation. For FQDN, enter an address that will point to your control panel configuration page. For example: zpanel.myhosting.com

Remember, choosing a correct FQDN is important, because it is the only way to manage your hosting.

Installation will automatically proceed and run. Give it a few seconds to complete. The process will follow with an automatic server reboot. A second server reboot is recommended, to finish all installation and update procedures.

root@hosting:~# reboot

During installation, Zpanel automatically generates secure password for each element of our hosting server. To find those credentials, simply enter the following command:

root@hosting:~#  less /root/passwords.txt

zadmin Password :: HqxWgERUXcCpucXN
MySQL Root Password :: hpNmPHlInekX7880
MySQL Postfix Password : YzcCLClovWUzDFh1
Ip Address :: xxx.xxx.xxx.xxx
Panel Domain :: zpanel.myhosting.com

Now, Logon to your Zpanel by entering the IP address of your Ubuntu server in a browser:

http://IP_address

Use following information to login:

Username: zadmin

Password: password_from_last_step

That's all! Welcome to your Zpanel control page :-)

Now extend Domain Management section and click on Domains. Just simply create your main domain.



Now click on DNS Manager and choose your domain from the list and click on Edit. The next step would be defining an A record for Zpanel control page as we already entered during installation process:



Now we are finished with our server. Let's make sure our registrar is correctly configured to point to our server. In this example I'm using Name.com registrar, because I keep lots of domains there. The procedure would be same for all other registrars. Logon to your Name.com account, choose your mydomain.com domain name and click on NS Registration (commonly Child DNS or Glue Records in other registrars). Now create two entries with ns1 and ns2 as host names and your server IP address as IP address:



Comeback to your domain and click on Nameservers. Enter ns1.mydomain.com & ns2.mydomain.com as your domain name servers:



Hurry!! We just finished the configuration of a professional web hosting using Zpanel on Ubuntu. From now on, you can register many domains and simply use ns1.mydomaincom & ns2.mydomain.com as their name servers. Just don't forget to create a Domain with a same name in your Zpanel too.

Your Zpanel configuration page could always be accessible from: http://zpanel.mydomain.com