BASH Script to generate PDF of Source Code with Syntax Highlighting using LaTeX

Sometimes when I'm learning I like to print source code on paper because I find it easier to read, and nicer to annotate.

I had a rummage online to see if anyone had come up with a nice way to generate PDFs of source code, and improved what I found into this useful BASH script. The script searches for source code in the current directory and its subdirectories, and uses the typesetting software LaTeX to create a PDF of the contents with syntax highlighting.

Extra Modules for Prosody: Instant Message Chat server for Raspberry Pi / Ubuntu


This is part 2 of a 2 part tutorial on Prosody, which will show you how to install and configure extra modules to extend prosody's functionality. Part 1, which deals with basic installation and testing of prosody, is here.

Here's an overview of the important additional functionality we will add to prosody:

  • Multi user chats (XEP-0045)
  • Server side message storage (XEP-0313 Message Archive Management)
  • File and image transfer (SI File Transfer and Jingle signalling; in-band and out-of-band methods)
  • Stream Management for surviving connection interruptions and switches - particularly useful on mobile (XEP-0198 Stream Management)
  • Synchronising messages between multiple devices (XEP-0280 Message Carbons)
  • Battery Saving techniques for mobile clients (XEP-00352 Client State Indication)
  • User Blocking (XEP-0191 Blocking Command)

Not all clients support all of these XEPs. I consider the Android client Conversations (F-Droid | Google Play) to be pretty cutting edge in this respect - it's pushing forward a lot of XEPs that are required if we are going to see XMPP compete with the features of proprietary chat clients, particularly on mobile.

Installing Prosody: Instant Message Chat server for Raspberry Pi / Ubuntu


At the end of 2013, I wrote a series of tutorials explaining how to run an email server at home on a raspberry pi, which turned out to be very popular.

I'm now aiming to do the same for instant messaging. This tutorial will:

  • Introduce the Extensible Messaging and Presence Protocol (XMPP), formerly known as "Jabber"
  • Discuss some of the pros and cons of XMPP vs some other proprietary protocols
  • Give instructions for the installation and configuration of Prosody, a free and open source XMPP server.
  • Discuss various important XMPP Extension Protocols (XEPs) and how to enable them
  • Cover transport layer encryption (i.e. client-server and server-server TLS) and end-to-end encryption for clients
  • Recommend client software for different platforms

Along the way, I'll expose the underlying protocol to give you the tools you need to debug the problem yourself, instead of relying on obscured error messages from GUI applications.

This is part 1 of a 2 part tutorial. Part 2 can be found here.

Getting Started with Apache ModSecurity on Debian and Ubuntu


ModSecurity is a Web Application Firewall: a program that can be used to inspect information as it passes through your web server, intercepting malicious requests before they are processed by your web application.

This tutorial will show you how to install ModSecurity on Apache, and configure it with some sensible rules provided by the Open Web Application Security Project's Core Rule Set (OWASP CRS), which will help to protect your server against SQL injection, denial of service attacks, malformed requests, cross site scripting attacks, and more.

And yes, you can use this guide with your Raspberry Pi if you're running Raspbian, Ubuntu, or another Debian derivative on it.

MX Backup - Postfix Email Server

By far the most popular set of articles I have written is my Raspberry Pi Email Server tutorial. Clearly, there are plenty of people who don't like relying on freemail providers like Yahoo, Outlook and Gmail for a variety of privacy and security reasons.

However, there is one major drawback of hosting your own email server: if your server is taken offline for maintenance, or your internet connection is interrupted, then incoming email can not be delivered and may bounce.

This tutorial will describe how to set up another server to act as an MX backup. The backup server will be hosted on a separate internet connection with a different WAN IP address, and have a lower priority than your primary mail server in your Mail Exchanger (MX) DNS record. When your primary server is offline other MTAs will send email to the backup instead, and the backup will hold them until your primary mail server comes back online, and then deliver them. No more bounced emails.

The biggest challenge when setting up a backup MX is convincing a friend or family member to allow you to run a RasPi or some other server on their network; the rest of the setup is a breeze compared to the full mail server installation described in the main tutorial, because fewer components are required (just Postfix).

This guide is written for Debian and its derivatives (Raspbian, Ubuntu etc.) but since a basic postfix installation is more or less the same across different distributions you should be able to use it for any distro. My backup server runs openSUSE.

Connect Bose SoundTouch 10 to WiFi using Linux / Telnet


I recently received a Bose SoundTouch 10 speaker as a gift. The speaker itself is great, but I've found some of the features of the Android app don't work very well. Specifically, it seems to have trouble detecting the speaker and connecting to a new wifi network, endlessly looping instead.

I was convinced that there must be a way to connect to the device using Linux, and doing a little research online led me to this great post revealing that you can telnet to the Bose SoundTouch, and enable a shell.

What follows is instructions on how to connect to the SoundTouch manually using Linux (or Mac, or Windows box with PuTTY), and give it the username and password for a new wifi network so that you can start using the app again. Technically, it must be possible to add login details for a Bose account and change the hardware button presets from this interface too, but I'll leave that for you to experiment with.

Example Whitelisting Rules for Apache ModSecurity and the OWASP Core Rule Set


Recently, I've spent a lot of time tweaking my ModSecurity configuration to remove some false positives.

This tutorial will:

  • Explain the the various methods of altering ModSecurity rules starting with the crudest and working up to the more specific techniques
  • Give some varied examples of custom rules written for exception handling, with a particular focus on the rules distributed by the OWASP Core Rule Set team.

I am calling the process of removing false positives "whitelisting", but technically I should be calling it "exception handling". However, I think more people looking for this information will find it by searching for "whitelisting".

Local BIND9 Caching DNS Server

This tutorial will show you how to configure a caching BIND9 server on your local network, and configure an OpenWrt router to use it. This should result in slightly quicker DNS lookups, but to be honest, you may not notice a huge difference (my DNS lookups now take 30% less time, but I don't think this has made page loading noticeably faster). Here are a few situations where it could be particularly worthwhile:

  • You have a large LAN with lots of clients, and you want to take some load off your router
  • You are using something like modsecurity's real time RBL lookups and you want to reduce latency
  • Your ISP's nameservers are slow but you would still like to use them
  • You are a curious soul and you want to learn about DNS ;)

Scantool - OBDII Car Diagnostic Software for Linux

My car has been a real pain recently: it has a recurring error code that the garage can't seem to fix (apparently, it's a fault in the air conditioning, but the car doesn't even have air con!). Taking the car to the garage to get the code cleared means I lose the car for a day, which is getting annoying.

So, I decided to buy myself a USB connecter for the car's On Board Diagnostics (OBD) and see if I could get it working with Linux (specifically Kubuntu, but I doubt it matters). I was pleased to find that there was some decent Free Software available for Linux called Scantool that enabled me to read and clear the codes on my car.

Here's how to install and use the software, and some screenshots...

DNS Basics for Websites and Email Servers


This article aims to explain what various DNS records are and how to use them. It is aimed at people hosting websites and email servers on a home server such as a raspberry pi.

How DNS Works

DNS stands for Domain Name System. In a nutshell, it's the system that we use to translate human readable domain names (e.g. samhobbs.co.uk) into the Internet Protocol (IP) addresses for those services (e.g.

The DNS system has a strict hierarchy, and lookups are performed recursively using a client/server model. This means that when your computer asks for the IP address for "subdomain.example.com", the DNS resolver you are using starts at the top and works backwards to find the address. The servers at the top of the pyramid (root name servers) direct clients to the name servers reponsibe for Top Level Domains (TLD, e.g. .com), and that server in turn is able to tell the client which name server is authoritative for the second level domain (e.g. example.com), and so on. Usually for small sites, the DNS records for your domain are managed by your Domain Name Registrar.

The DNS resolver doesn't have to perform all these lookups every time, because each record has a Time To Live (TTL) in seconds, which tells the client how long they can cache the information for until it should be refreshed. That's Time To Live (live free), not Live (live electrical circuit), which is how I first read it!

There are loads of different types of DNS record, so I've picked the most important ones you might need or want to use. These are:

  1. DNS A - used to map a host name to an IP address
  2. Mail Exchanger (MX) - used to tell clients which hostnames are used for email services
  3. Sender Policy Framework (SPF) - used to define which servers are allowed to send email from your domain name
  4. Pointer (PTR) - the opposite of DNS A, this record maps an IP address to the hostname

For a website, you only need a DNS A record. For an email server, you need at least a DNS A record and an MX record; PTR and SPF records will help you get your email through spam filters.

I'll be illustrating how to set up the different types of record using Namecheap, my Domain Name Registrar, as an example. If you haven't registered a domain name yet, I'd recommend Namecheap -avoid GoDaddy if you can, since they have some pretty horrible pricing practices and consistently back the wrong side when it comes to internet censorship acts like SOPA and PIPA.


Subscribe to RSS - Tutorial