Tech Talk & Other Thoughts

Some nerd talk by Brian and other random thoughts

For a while I was making my own certs, just to see that I could and to understand how to setup and force https.  However, since my certs were not signed every browsers said my site wasn’t secure (rightly so).  So after a few times of my certs expiring I turned off forcing https and all redirects related to it.

With Chrome now making https more mandatory I looked into getting real SSL certs.  I found ZeroSSL.com could do the trick.  I followed the new user directions and have a few trips I was able to get real certs.  However, I read that these certs expire every 90 days.  Now I’m not the best at remembering to do updates like this so I set out to figure out how to refresh my certs automatically.  

Perhaps I’ll get into the details later, but my final messy solution is a php script that will create an html output will run the refresh command.  It translates the refresh command output to a less descriptive output (i.e. it hides all the folder paths and files used).  If the refresh command generates keys the command is setup to place the keys in my webservers SSL folder. From there I use a windows batch file to call the php file and to log the output to a html file.  The batch file also transfers the lastest html log file to a known folder that I can see from my website (the reason I don’t capture the full refresh command output into the html log file).  Finally, I have Windows Scheduled task setup to run the batch file every night.

 

And with that I should have SSL certs always up to date….at least that’s the theory.

Tags: , ,

Just experienced my first corrupt database error. All repair attempts failed. Fortunately, I have the WP-DBManager plugin running with periodic full backups. With a previous backup I was able to use the import function in phpMyAdmin to recover my WordPress site back to my last post.

Tags: , ,

I’ve been trying to sort out why my Plex media server hangs occasionally or takes a while to load content. One of my suspicions was the access time to the hard drive with the media. It was an external hard drive on a shared USB bus. I just recently moved it off of that to a dedicated USB 3.0 input and ran the CrystalDiskMark program recommended by several sites including this one.

WD Speed Test

———————————————————————–
CrystalDiskMark 5.2.2 Shizuku Edition x64 (C) 2007-2017 hiyohiyo
Crystal Dew World : http://crystalmark.info/
———————————————————————–
* MB/s = 1,000,000 bytes/s [SATA/600 = 600,000,000 bytes/s]
* KB = 1000 bytes, KiB = 1024 bytes

Sequential Read (Q= 32,T= 1) : 139.284 MB/s
Sequential Write (Q= 32,T= 1) : 124.293 MB/s
Random Read 4KiB (Q= 32,T= 1) : 0.530 MB/s [ 129.4 IOPS]
Random Write 4KiB (Q= 32,T= 1) : 1.327 MB/s [ 324.0 IOPS]
Sequential Read (T= 1) : 134.639 MB/s
Sequential Write (T= 1) : 118.700 MB/s
Random Read 4KiB (Q= 1,T= 1) : 0.354 MB/s [ 86.4 IOPS]
Random Write 4KiB (Q= 1,T= 1) : 1.303 MB/s [ 318.1 IOPS]

Test : 1024 MiB [G: 29.9% (836.9/2794.5 GiB)] (x5) [Interval=5 sec]
Date : 2017/10/08 21:29:44
OS : Windows 7 Home Premium SP1 [6.1 Build 7601] (x64)

The sequential Read and Writes look pretty good, but the randoms are horrible.  I know sequential is the most important in my case, but still thats bad.

To compare I ran the speed test on a Seagate Drive still on the USB bus and on my C drive which is a RAID 0 2 drive system.

Seagate Speed Test

———————————————————————–
CrystalDiskMark 5.2.2 Shizuku Edition x64 (C) 2007-2017 hiyohiyo
Crystal Dew World : http://crystalmark.info/
———————————————————————–
* MB/s = 1,000,000 bytes/s [SATA/600 = 600,000,000 bytes/s]
* KB = 1000 bytes, KiB = 1024 bytes

Sequential Read (Q= 32,T= 1) : 0.838 MB/s
Sequential Write (Q= 32,T= 1) : 0.812 MB/s
Random Read 4KiB (Q= 32,T= 1) : 0.275 MB/s [ 67.1 IOPS]
Random Write 4KiB (Q= 32,T= 1) : 0.387 MB/s [ 94.5 IOPS]
Sequential Read (T= 1) : 0.838 MB/s
Sequential Write (T= 1) : 0.629 MB/s
Random Read 4KiB (Q= 1,T= 1) : 0.211 MB/s [ 51.5 IOPS]
Random Write 4KiB (Q= 1,T= 1) : 0.382 MB/s [ 93.3 IOPS]

Test : 1024 MiB [F: 29.2% (816.9/2794.5 GiB)] (x5) [Interval=5 sec]
Date : 2017/10/08 21:58:01
OS : Windows 7 Home Premium SP1 [6.1 Build 7601] (x64)

C Drive Speed Test

———————————————————————–
CrystalDiskMark 5.2.2 Shizuku Edition (C) 2007-2017 hiyohiyo
Crystal Dew World : http://crystalmark.info/
———————————————————————–
* MB/s = 1,000,000 bytes/s [SATA/600 = 600,000,000 bytes/s]
* KB = 1000 bytes, KiB = 1024 bytes

Sequential Read (Q= 32,T= 1) : 87.041 MB/s
Sequential Write (Q= 32,T= 1) : 61.630 MB/s
Random Read 4KiB (Q= 32,T= 1) : 1.862 MB/s [ 454.6 IOPS]
Random Write 4KiB (Q= 32,T= 1) : 2.187 MB/s [ 533.9 IOPS]
Sequential Read (T= 1) : 60.815 MB/s
Sequential Write (T= 1) : 61.664 MB/s
Random Read 4KiB (Q= 1,T= 1) : 0.856 MB/s [ 209.0 IOPS]
Random Write 4KiB (Q= 1,T= 1) : 2.107 MB/s [ 514.4 IOPS]

Test : 1024 MiB [C: 66.0% (393.4/596.1 GiB)] (x5) [Interval=5 sec]
Date : 2017/10/10 21:30:17
OS : Windows 7 Home Premium SP1 [6.1 Build 7601] (x64)

 

Both of these drives are showing a really poor performance which makes me start to wonder if there is something wrong with Windows 7 and/or the hard drive drivers.   Any suggestions where to go from here?

Tags: , , , ,

I discovered a method that worked for me to determine what the image size of the feature image should be.  I right clicked on a featured image and choose save as.  In the file name it had the dimensions.  For the theme I am using, Absolum, and whatever other settings affect the image size the featured image size is 940 x 198 or a 4.747 size ratio.

 

Tags: , , ,

Below is an unfinished post as I eventually gave up as I could not get bridging (tap) to work.  Instead I resorted to going back to Windows 7 and discuss it more here

 

My latest adventure in setting up my media server is to get a VPN server going so that I can watch my movies outside of my home network without opening up my dlna ports to the world. After reading about VPN servers it was pretty clear that OpenVPN is the preferred method due to its strength over PPTP and L2TP.  However, with the issues that I ran into with installing and getting OpenVPN up and running it seems the simplicity of PPTP is attractive.  I just have to keep telling myself that this is a one time setup. Once I decided that I’d go with OpenVPN I got swirled around for a while before I discovered the http://openvpn.net/ website hosts the Open Source Project version, called the Community OpenVPN, and a commercial not-free version, called VPN Solution.  Prior to knowing this it seemed the VPN solution was the way to go.  I installed it and was working with the configurations when I noticed that I was only allowed 2 licnesnes and was required to buy more if needed.  From what I say the VPN solution had a nice web interface, but I want to use the Open Source Project version and not me limited to 2 licenses or have to make a purchase.

Installing OpenVPN

At first it seemed that this might be straight forward as there are two applications through quantal universe packages that appeared to do want I wanted: openvpn and network-manager-openvpn.  After installing these with an ‘apt-get install’ I discovered that this is for maintaining the client side of OpenVPN. It turns out that most blogs, forums, how-tos are about setting up the client and very few are about setting up a OpenVPN server (maybe this will help someone in the future) So onto the Community OpenVpn.net site about getting a OpenVPN server up and running.   Well the How-To documentations makes installing OpenVPN to be pretty easy:

  1. Download the tarball
  2. Expand the .tar.gz file:    tar xfz openvpn-[version].tar.gz
  3. cd to the top-level directory
  4. And type:
./configure
make
make install

Getting and opening the tarball is easy, but I ran into several issues with the ./configure First issue was

error: configure: error: ssl is required but missing

After several Google searches I found this forumn post which informed me to run:

apt-get install libcurl4-openssl-dev

 Second issue was

configure: error: lzo enabled but missing

A few more Google searches directed me to the LZO download page, http://www.oberhumer.com/opensource/lzo/download/,  where I downloaded latest version 2.06.  I dide the untar, configure, make, and make istall with no issues.  I don’t know if the original files are needed after the isntall so I moved the untar’d version to /sbin/lzo* just in case. The third issue was

configure: error: libpam required but missing

Again more Google searches which lead me to install a libpam version: apt-get install libpam0g-dev Well after 3 issues the ./configure worked, followed by the make and the make install.

 Installing Easy-RSA

The How-TO documentation then directs me to use the Easy-RSA for creating certificates. This site also has some good directions about using Easy-RSA.   The fun part about this as it doesn’t really go into how to get Easy-RSA.    Easy-RSA is in a git hub, so by following the directions from a nice document I started to installing Git: apt-get install git and then doing the directions for a first time install. Now it is time to get the easy-rsa files.  I went to the /usr/share directory and then typed sudo git clone https://github.com/OpenVPN/easy-rsa.git (Note after doing all of the above, I later realized that the OpenVPN installation placed Easy-RSA in the /usr/share/doc/openvpn/examples folder.)  From reading the configure.ac file it seems that a program called autoconf is needed.  So I setout to get that going with apt-get install autoconf but after more poking around I think everything is ready to go in the easy-rsa/2.0 folder.  At the command prompt I followed the directions and typed:

. ./vars

/usr/share/easy-rsa/easy-rsa/2.0$ . ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/share/easy-rsa/easy-rsa/2.0/keys

./clean-all

/usr/share/easy-rsa/easy-rsa/2.0$ ./clean-all
mkdir: cannot create directory `/usr/share/easy-rsa/easy-rsa/2.0/keys': Permission denied
/usr/share/easy-rsa/easy-rsa/2.0$ sudo ./clean-all
Please source the vars script first (i.e. "source ./vars")

It took me quite some time to figure out why I was running into this error.  I read through the vars and clean-all files and everything seemed good.  In the end the error is a pretty basic one, the permissions were wrong.  When I used the ‘git source’  the folder permissions belonged to root as 755.  With a sudo chmod 777 -R easy-rsa the permissions were fixed and the scripts worked as advertised

Server certificates and keys

./build-ca

./build-key-server server

When you run the build scripts the fields are pre-populated with the information edited from the vars file.  Simply press enter through the prompts.

Client certificates and keys

The directions then go to create client keys with the ./build-key.  I’m a fan of of password protecting the client keys so I used the ./build-key-pass script to create my keys

Other items

I’m not too sure what these do and didn’t spend the time researching it, I simply ran them. I created then Diffie Hellman parameters with:

 ./build-dh 

From the wiki site and the Hardening OpenVPN Security section I created the HMAC  with

openvpn –genkey –secret /keys/ta.key

 Configuring OpenVPN Server

The How-TO directions continue with setting up the configuration files.  The documentation does not provide any directions where all these files should go, but after poking around the openvpn.init file in the sample scripts (/usr/share/doc/openvpn/examples/sample-scripts) the script will look for the configuration files in the /etc/openvpn/ folder. I started with the sample server.conf and made changes as needed.  I changed the following:

  • For the ca, cert, key, and dh lines I added the full path name /etc/openvpn/server_keys/ as recommended in the wiki  . Additionally for these files, I did the following:
    • created a server_keys folder to keep the folders organized.
    • changed the permissions on the files so that they can be moved.moved all the keys, certs, etc files with exception to the client files and the ca.key file to this folder
      • The client files went to another location to be shared as needed
      • The ca.key file went to a different computer as recommended
  • Uncommented the client-t0-client line to allow my VPN clients
  • Uncommented the HMAC line, tls-auth, and changed the path to the server_keys folder
  • Changed the crpytographic cipher to, cipher AES-256-CBC, rather than any of the 3 listed options in the file for stronger security.  I’ve also read that this has little impact to the throughout of the VPN network too.
  • Enabled and changed the max clients to 10.  This is for a small home network and really 10 is too much too.
  • Enabled ‘user nobody’ and ‘group nogroup’ lines.  Note the example file has nogroup rather than nobody as noted in the How-to and wiki for the group option.
  • Enabled log-append.  I don’t expect too many logons so this file shouldn’t grow to a massive size.
  • TODO: write about lof file and other permission erorrs
    • created a log folder and changed the log paths to point to it as I was getting an error

:/usr/sbin$ openvpn –config /etc/openvpn/server.confTue Mar 19 14:02:02 2013 Warning: Error redirecting stdout/stderr to –log file: openvpn.log: Permission denied (errno=13)Options error: –dh fails with ‘/etc/openvpn/server_keys/dh1024.pem’: No such file or directoryOptions error: –ca fails with ‘/etc/openvpn/server_keys2/ca.crt’: No such file or directoryOptions error: –key fails with ‘/etc/openvpn/server_keys/M1730_server.key’: Permission deniedOptions error: –status fails with ‘openvpn-status.log’: Permission deniedOptions error: Please correct these errors.

Next I made copied the client.conf file from the examples and made the changes below.  The wiki seemed pretty clear for this, but once I started into it I realized that the file is specific to each client crt/key combo.  Since I made several client keys during the Easy-RSA section I had to create a client.conf file for each client key combo and then named the file appropriately.

  • created a client_keys folder to keep the folders organized.
    • note the ca.crt and ta.key files are shared and I left them in the server_keys folder
  • update the ‘remote’ line for my specific IP address and ports
  • Enable the user and group lines.  Again the group has the nogroup option rather than the nobody.
  • Enabled the ‘mute-replay-warnings’ as I plan to use the VPN for laptops and my android phone
  • Updated the ca, cert, key, and tls-auth lines to point to the files.  Again I used the full filepath /etc/openvpn/client_keys/ as suggested by the wiki
  • Changed the crpytographic cipher to, cipher AES-256-CBC

 

Other Things

My VPN server is behind a router that uses dd-wrt.  In order to expose the VPN ports to the world I went to the NAT/QoS -> Port Forwards tab and added my VPN server to the list of port forwards.  I also have the VPN server set to have a static IP address which is configured on Services -> Services tab.

 

Running and Troubleshooting

 

ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)

run to fix permission problem: sudo openvpn –config /etc/openvpn/server.conf

 

OpenVPN on Android

One thing I want to be able to do is get to my home network from my phone, Samsung Note 2, so I used OpenVPN on Android for my VPN client.  The setup is pretty straight foward.  The only catch that I found was that:

  • Select ‘Certificates’ for the type in the ‘Basic tab
  • For each file selected tap on it then tap the ‘select’ button at the bottom
  • For the Encryption cipher I had to use all lower case (my phone capitalized the first character) for ‘aes-256-cbc’.
  • Change the TLS Authentication direction to 1, rather than the default of no direction
Authenticate/Decrypt packet error: packet HMAC authentication failed
Tue Mar 19 15:53:51 2013 us=248361 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.99:63090

check to see if openvpn is running (change port # as needed)

 

Other links and tools that I was using

#netstat -ltnup | grep 1194

 

samba shares not seen.  Added IP address to interfaces line in /etc/samba/smb.conf file per http://serverfault.com/questions/137933/howto-access-samba-share-over-vpn-tunnel

https://help.ubuntu.com/10.04/serverguide/openvpn.html   OpenVPN for Andriod https://play.google.com/store/apps/details?id=de.blinkt.openvpn&hl=en http://openvpn.net/index.php/open-source/documentation/howto.html#install

 

Bridge setup (Never got this to work)

get the openvpn bridge scripts from the sample-scripts folder

modify the bridge-start script

in the command prompt type ifconfig and get the information of the IP, netmask, and broadcast addresses

change the /etc/interfaces file to add

iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT

create a symboloc link to creat the bridge at startup before openvpn

/etc/rc0.d$ sudo ln -s /etc/openvpn/bridge-start K79openvpn-bridge

create a symbolic link to remove the bridge at shutdown

/etc/rc6.d$ sudo ln -s /etc/openvpn/bridge-stop K99openvpn-bridge

Tags: , , , , , , , , , ,

A while back I started converting an older laptop, Dell M1730, and had the best intentions to setup a media center with Ubuntu.  I stumbled into problems right away with the graphics card, but was able to overcome then. At least I thought.  I setup a VNC server, plex, and started into setting up a VPN account.  But no matter how little memory and processor throughput that I used the computer simply could not play a video without skipping.  After a lot of work I discovered that there where issues with the graphics card causing hardware interrupts.  After way too much time, I’ve finally tossed in the towel.

So rather than continue to eat up more time I’ve wiped the computer and loaded Windows 7.   With a fresh install I started updating all the drivers and wham, my pc started going so slow, unusable slow.  Again the culprit was the graphics card, specifically the Aegis physics processor.  Even after an uninstall the computer couldn’t recover.  Fortunately, I was able to revert back to all the defaults.  I also found out that one of my external USB hard drives had failed and was causing windows to lock up.  After some work on that I found out the drive really did fail and fortunately the drive was still under warranty and Seagate replaced it in 4 days.

Now I have a very simple pc setup as a media server with two 3TB external hard drives.  I used Plex to share my videos.  I have UltraVNC Server setup to remote into the laptop when I need to do something as I keep closed up and tucked under the entertainment center.  I use GoodSync to backup from our computers and cell phones to an external drive and mirror the content to the other external drive.  Finally, I have setup SoftEther for a VPN server so that I can get into our home network remotely.  I would have to say this setup was much much easier than Ubuntu and it is working.

 

Tags: , , , , ,

homebrewtalk.com forum

I’ve been working to understand my various volume measurements throughout brew day and wonder how Trub and other material is handled. For instance, from my batch sparging I have an idea how much grain absorption and MLT losses to expect, but I know when I do a pre-boil volume measurement there is a fair amount of material in there that is going to add to the measurement.

Also, when doing a, lets say, 5g recipe I assume the is the amount of wort into the fermenter. Is this correct? I know that the amount of trub carried into the fermenter various by beer and beer maker so how does one account for the variations?

Trub impacts to volume measurements and calculations

homebrewtalk.com forum

Currently I gravity feed my immersion chiller. I’ve used a pump in the past, but from what I’ve discovered it isn’t the rate of water that is effecting the rate at which i can chill the beer (gravity is just fine) it is the amount of wort that comes in contact with the beer. So to help things along I’ve been stirring with a spoon. I’m working on adding a pump into my brewing setup to make life easier on me, but I’m not too sure how to go about priming the pump. I plan to have a simple inlet and outlet pipes with 90 bends to push the water around and through the coils of the chiller. I’m not going for a whirlpool affect, at least for now, with my wimpy pump but am just trying to move the wort around the coils without me stirring. For the record i have a valve on my kettle, but I don’t want to use that as I have a filter around it that I want to keep clear until I transfer to the primary. . Anybody have any suggestions of how to go about priming my setup? I know adding another valve would solve my problem, but I’m looking for other ideas as I’m not too keen on this idea as I want this idea to work with several other kettles. Thanks.

Priming Suggestion

Tags: , ,

homebrewtalk.com forum

I’ve been looking around for differences between the plastic and stainless heads on the chugger pumps. Of course most people say go with the stainless, but I’ve yet to see any rational for it other than fear that the plastic might break (haven’t seen anyone actually report one breaking).

I’m looking to hear from those that have plastic heads or have converted from plastic to stainless what their experiences are.

Chugger Pump Head – PP vs SS

Tags: , , , , , ,

homebrewtalk.com forum

I’ve used gelatin in a secondary and have been able to bottle condition just fine. I’m working on making a Kolsch and want to see how clear I can get this to be. Any experiences or thoughts on cold crashing and using gelatin in the primary and repeating it again the same steps later in the secondary?

Double gelatin – primary and secondary

« Older entries