Theme:
Password Sweat
Meuon 2022-12-19
Not enough coffee.

Anyone else type a password in via SSH a couple of times and the third time it refuses you the first thought is: Oh no, the servers hacked!

Then you realize you are misaligned on the keyboard you were not looking at as you typed it.

Or you were hitting caps lock...

Maybe the caffiene keeps me paranoid.

cURL as Linqua Franca
Meuon 2022-12-19
Because we must communicate

Again and again, I read code that shows bare cURL examples and cURL-ish syntax in a language and applied it to a different one. And it Just Worked(tm)!

I'm blown away when I meet a "programmer" that escews learning cURL. You don't have to be an expert, that's what documenation is for. Please at least experiment with it. If you are a web centric programmer, it is the gateway to understanding what is really going on, especially with API's.

https://curl.se/
Something to say?
Meuon 2022-12-19
Playing with code to post/save, organize, search, categorize and display content is EASY! What's really hard is creating content worth doing those things for. We've got to work on more / better / relevant content. Not just reposting, sharing and linking to things. CREATE! Me included.
Curl Post Test
Meuon 2022-12-19
Playing with idea of posting from my website at geeklabs.com directly to fosstodon.org using code munged from Chris Jones and his excellent example at: https://chrisjones.io/articles/using-php-and-curl-to-post-to-the-mastodon-api/ If you are seeing this on Mastodon/Fosstodon: It works!
New Website Code 2022-2023
Meuon 2022-12-16
Going minimal. Mobile Friendly. Will expand.

Yeah yeah, it's 2022 and I'm very late to the "Mobile First" practices of the web. Mostly because I hadn't found CSS and code I liked. So I built it. As in all internet things, I built on the shoulders of giants, dwarves, faeries, furries and whatever else they identify as. I started with Cutestrap as a clean minimal CSS that makes sense to me. I tweaked it some, and added the drop down menu code using the same CSS thoughts in the base CSS. I like it because most of the time, the CSS just makes plain standard HTML look good. It isn't trying to reinvent the UI. Let the browser do it's thing. There are a few quirks as you move page widths from mobile size to a more normal size, but less than most places.

The underlying code is "GLASS". In this case what I'm calling "GLASS-2023" as in the "Geek Labs Application Starter Set" a continuation of the framework and methods that have built a few enterprise applications and a bunch of small projects. This will eventually be made public again. The problem is documenting it. What a pain. Ugh. Should I? Yeah, there are other people that use it for projects in several countries. I've heard the report generator is worth big bucks ;)

Anyway, like most of the internet, this website is a work in progress. Very minimal right now, but functional enough for now.

Social Media Redux 2022
Meuon 2022-12-14
Because Post-Musk Twitter broke my social media habit

Once upon a time, there were BBS's and islands of people with limited coms between them. Even the early internet worked this way, email, mailing lists. These islands became early online systems: Compuserve, Prodigy, AOL/America Online, etc.. which got absorbed by the internet as they joined it. The internet created it's own new islands.. big islands/mainlands: Facebook, Twitter, Reddit.. which seems to exist to post/share things from each other.

I gave in, became active in Twitter and Facebook and... and enjoyed parts of them, mostly the people that I interacted with. Good people, many of whom I know in real life as well.

In late 2022, Elon Musk bought Twitter.com, which broke the facade he had crafted of who and what he was. Twitter has devolved. Many of us geeks left to Mastadon and other places. Back to S=smaller islands that talked to each other. I joined Fosstodon for geeky conversations where I might learn something.

In doing so, I realized that while I can (and did) export my tweets, it's a mess to import (I will eventually). Wow, I created a lot of funny, snarky and useful content. That Elon paid for, but I didn't get any of. It's time to take back control of my content, brain farts, musing and rambling rants. After all, I have the skills. and the technology

2023 GeekLabs Social Media Goals:
  • Initial posts to all social media platforms will be made on this system and then copied via API's to various platforms as apropos.
  • All subsequent conversations may or may not be archived here. Unsure at this point.
  • All sharable photo's will be stored and searchable here.
  • Create More and Better Content.
  • A lot of little things I haven't thought about yet.
Override Network Manager DNS
Mike 2022-03-17
because nmcli does not always work
Sometimes, you just want to set DNS Servers the old fashioned way, but Linux's Network Manager won't let you. Two ways to fix this:

1. Edit NetworkManager.conf

Edit /etc/networkmanager/NetworkManager.conf setting dns=none Then edit /etc/resolv.conf to be whatever you want.. NetworkManager will leave it alone. Am currently preferring/using this one, for no particular reasons.

2. Symlink

Seems at least in my testing, Network Manager will not override a symlink. This is RedHat's official solution, but works on Armbian/Debian. YMMV. Create a file like /etc/resolv.manual.conf with what you need. like:
nameserver 8.8.8.8
nameserver 192.168.1.2
Then remove the current /etc/resolv.conf and symlink it.
rm /etc/resolv.conf
ln -s /etc/resolv.manual.conf /etc/resolv.conf
PHP Shell Exec, pdfinfo example
Mike 2022-03-15

I swear I recreate a variant of parsing the returned text of a PHP shell_exec from scratch once a month for something. Today it was for PDFInfo, just to get the pages of a PDF and other attributes as a bonus.

I'm sticking this here, so a month from now I can forget I saved a generic example and can recreate it again. There are more efficient ways, but this is how my brain works and I can read it and modify to suit. That's important.
pdfinfo = shell_exec("/usr/bin/pdfinfo $file") ; 
$pdi = preg_split('/\n/', $pdfinfo);
foreach($pdi as $pi) { 
  list($key,$val) = preg_split('/\:s+/', $pi);
  if(!empty($key)) { $pdf[$key] = $val ; } ; 
} ; 
print "Pages: $pdf[Pages]n" ; 
Asterisk ALSA notes for Dial(CONSOLE/ALSA...
meuon 2022-03-10
Because I could not find this anywhere.
On Asterisk 16.2 on a small ARM SoC computer using a very generic USB to 3.5mm audio out simply recognized as "USB PnP Sound Device". Some notes:

Alsa Configuration

in /etc/asound.conf
pcm.!default {
    type hw
    card 1
}
ctl.!default {
    type hw           
    card 1
}

Asterisk Config

In /etc/asterisk/alsa.conf
[general]
autoanswer=yes
context=local
extension=s
input_device=plughw:1,0
output_device=plughw:1,0
noaudiocapture=true
;above turns off mic/input 
The magic is plughw because aplay -L lists
plughw:CARD=Device,DEV=0
    USB PnP Sound Device, USB Audio
    Hardware device with all software conversions

This solves the problem/errors with 8000hz and 44100hz conversions. like
chan_alsa.c: Rate not correct, requested 8000, got 44100
as Alsa will do some magic conversions. Also solved Stereo to Mono

This post exists because I could not find anyone using this to solve that problem, but lots of people are having that problem with an insane amount of bad "assistance" out there.,

You also need to put this in /etc/asterisk/modules.conf

noload = chan_oss.so
load = chan_alsa.so

Asterisk Usage

Lots of variations of how to get here, but the important part is:
    same => n,Dial(CONSOLE/ALSA,20,A(beep))

And file system perms

I have a script on boot up that does chown -R asterisk:audio /dev/snd/* to fix the perms. Note that they get reset on boot and on USB audio device insertion and this causes asterisk's ALSA load to blow chunks. You can also set asterisk to be part of the audio group and and.. other ways. Just gotta make sure Asterisk can use that /dev/snd/*
#ls -al /dev/snd

drwxr-xr-x  4 asterisk audio     220 Mar 10 15:35 .
drwxr-xr-x 20 root     root     4420 Mar 10 15:35 ..
drwxr-xr-x  2 asterisk audio      60 Mar 10 15:35 by-id
drwxr-xr-x  2 asterisk audio      80 Mar 10 15:35 by-path
crw-rw----  1 asterisk audio 116,  6 Mar 10 15:35 controlC0
crw-rw----  1 asterisk audio 116,  4 Mar 10 15:35 controlC1
crw-rw----  1 asterisk audio 116,  5 Mar 10 15:35 pcmC0D0p
crw-rw----  1 asterisk audio 116,  3 Mar 10 15:35 pcmC1D0c
crw-rw----  1 asterisk audio 116,  2 Mar 10 15:37 pcmC1D0p
crw-rw----  1 asterisk audio 116,  1 Mar 10 15:35 seq
crw-rw----  1 asterisk audio 116, 33 Mar 10 15:35 timer

Finally

So now, on more modern Asterisk systems using bare ALSA (No pulseaudio, no JackD, etc.. ) you can use that 3.5mm audio jack, or in this case, a USB to 3.5mm audio socket to feed a PA system, overhead speakers, etc..

Disclaimer: This has worked for me, using Allwinner H6's running Armbian on exactly 2 boxen. YMMV, Good Luck!

Drag and Drop File Uploader PoC
meuon 2021-11-03

I went nuts trying to understand this and get a working example. I'm not a JavaScript guy, but I wanted to do this without fat libraries and plugins so that I could integrate this with existing systems. It uploads exactly the same basic way as existing code in a system. Just the UI is very different.

Credit goes to Mozilla for good documentation like: HTML Drag and Drop API

Drag and Drop Javascript PoC / draganddroppoc.html is the working HTML page, except that files don't actually upload (no target in.php on the server). On purpose. I don't want your files.

The raw code: My Drag And Drop File Uploader in Minimal JavaScript - This is a starting point. It needs sanity checks, authentication and input detainting. As I turn this into what will be a small part of ring-u.com upgraded fax services, all of that will get added.

Adding second listening port to Asterisk
lMike 2021-10-07
using IPTABLES NAT to redirect

To add a second listening port to an Asterisk system you have to do some tricks, because Asterisk will only listen to 1 port. IPTABLES to the rescue. You will want "iptables-persistent" if you don't have it. It's the last step because you will want it to save the rules you just made so they survive reboot. If using other iptables managers, you will want to do it their way.

On a bare/fresh Asterisk system running port 5060 or 5061:
#flush existing nat rules
iptables -t nat -F
#redirect 55060 to 5060
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 55060 -j REDIRECT --to-ports 5060
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 55061 -j REDIRECT --to-ports 5061
#show rules
iptables -L -t nat -n
#install iptables-persistent
apt install iptables-persistent
#to save and update rules anytime.
iptables-save >/etc/iptables/rules.v4
#reboot and test. 
Netwatcher.php
mike 2021-02-11

I plug a lot of devices in and out of the GeekLabs (and other) networks, many of which don't have a display. I was constantly diffing nmap scans to see what was new or missing. This evolved into a simple PHP script that keeps track of MAC addresses it's seen before, and display them. It abuses JSON format files as a flat database, with known.json being stuffed with CR's so you can edit it easily. Why did I do it this way? A variant of this can run easily on the hundreds of endpoints I help manage, that are already running some PHP code, so his fits in very well.

Instructions:

  1. Download the file: netwatcher.php.txt and rename it netwatcher.php (or whatever)
  2. Edit it, at the top you can put in the network block you want to monitor (192.168.1.0/24 for example)
  3. As root, run it: php ./netwatcher.php
You may note it made some files. You can delete these at any time and it will recreate them.
  • watched.log - A timestamped log off lost and found devices
  • watched.json - What it saw last time it ran, stored for comparison for next time
  • known.json - Edit this file with what you know about the found devices. Keep notes, name your devices. This file is persistent until you delete it.

I'll suggest that you should run it a few times, add system names/descriptions to known.json and then next time you are looking for something: run it again. There might be some value in automating it and adding notifications via email or text, but on most networks you'll see a lot of chatter.

This code is egoware : If you like it: let me know. If you don't: delete it.

ROC-RK3328-CC GPIO Pins
lMike 2020-04-20

Posting here, hoping to help someone else out. I've been using the Libre Computing Renegade T-Firefly boards for VPN Endpoints running Debian 10.x (Armbian specifically). Needed to use the GPIO pins to manage some relays and solenoids used as button pushing devices for things we aren't allowed tor able o wire into. Lots of mis-information on the 'net, and the common commands like "gpiodetect" don't work. But the classic filesystem methods do. /sys/class/gpio/export etc.. What is nearly impossible to find is what the addresses for the pin outs are. I needed 7. Here they are and what I used. YMMV, This worked for me.

PINAddress
35vdc
60vdc/Gnd
  
8100
10102
16103
18101
1997
2198
2396
Example shell code to control pin 8:
echo 100 >/sys/class/gpio/export
echo out >/sys/class/gpio/gpio100/direction
echo 1 >/sys/class/gpio/gpio100/value
sleep 1
echo 0 >/sys/class/gpio/gpio100/value
sleep 1
sleep 1 >/sys/class/gpio/gpio100/value 

If you look at the pinout descriptions, these pins are all part of the GPIO3_AX group of GPIO controls. You should be able to poke around and find others. Be wary. For example GPIO 90 will blank your screen and lock the system, at least one number I tried wiped the eMMC and I had to reflash, but I don't know which one..

If you are looking for the actual code I'm using, it's a variation of the "kitty" code I have on GitHub, github.com/mikegeeklabs using these values in settings.php: $gpios = array(100,102,103,101,97,98,96) ;

Solar Skoolie Shopping List - Big Items
Mike 2020-04-17

Skoolie. Off Grid Boondocking RV.

This is something I get asked about a bit, We own a small (B+) RV with about 400 watts of solar and 200+ah of AGM battaries and a 2k watt inverter. I run the generator if we need AC, which is rare. I've helped build off-grid homesteads and skoolies for others. Former "BioMedical Engineer" and currently a geek/maker, but not a licensed electrician. Not much of such projects is by code anyway. but it is a good guide. This is my opinion, worth exactly what you paid for it.

Go big, for your home.

If this is a skoolie (School Bus Conversion) or tiny house, or large RV and you are living in it. the answer is: You want as much as you can fit and afford. Go 48 volt DC for batteries, the conversion to 120VAC is more efficient and you can get 12vdc efficiently via some 48v to 12v converters for lights and water pump and basic electronics. Some decisions drive others, it's all got to work as a system. I'm picking "Magnum" brand inverter and MPPT charge controller because the work well together and seem to be quality made. I have some experience with them. Prices are approx as of this article April 2020.

Magnum Energy MS4448PAE 4400 Watt, 48 Volt Pure Sine Wave Inverter/Charger
Converts DC battery to AC, and will charge batteries from AC.
$2,000
Magnum PT-100 MPPT Charge Controller
Solar in (up to 180 VDC!) to charge batteries and feed inverter
$1100
Magnum Energy Advanced Remote Display w/Cable
Sometimes included with above in the package. It communicates/controls both.
$250

That's the heart and brains of your system for about $3500. Buy new or certified refurb. You don't want these if they have been abused by someone and returned. Next are batteries and solar panels. You will need at least 4 12vdc 100+AH batteries or 8 6vdc batteries. Sometimes you can find deals on data center or telecom "pulls" but they are physically a different size. What you chose depends a lot on where they are going and that -may- depend on where you are. Batteries may need to be "inside" in the great white north. In most places, a steel or aluminum battery box outside/underneath is a good choice. Near where your inverter/charge controller is is a good choice, It's a fat stiff cable between them. Personally, I like standard "AGM" or deep cycle batteries. But there are some awesome exotic choices.

Pick one of these:
Duracell Ultra Platinum AGM BCI Group 31M Deep Cycle, 4 at 105AH each.
size of large car batteries
$250 each = $1000
Duracell Ultra Industrial 6V Deep Cycle Battery, 8 at 250-370AH each.
Huge, both in size and capacity
$200-300 = $1600 to $2400
Trojan T105 Battery 6vdc, 8 for 225ah total$200 each or $1600
Trojan T105 Battery 6vdc, 16 for 450ah total (2 strings)$200 each or $3200
Exotic example: Eclipse 48V 100AH LiFePo4$3840
Insert other exotic battery tech here. If interested in "Exotic". an option would be a Tesla Powerwall. for about $7k-$10k.

Solar panels.. Size/efficiency and mounting matters. Fitting on the roof of a Skoolie or RV is an exercise in comprimise. Personally, I really like glueing flexible panels on the roof. It's worked well for me and they don't stick up. Lets do some math, with panel size and efficiency as a selector. The goal is 2500+ watts of solar. More is better.

Renogy flexible 12v 160watt. $270 21% 59.2x26.5x0.08in. 1568.8 sqin/10.9sqft or: 14.67 watts per sqft at $1.68 per watt. Expensive but low profile and only needs a big tube of glue to mount. 16 panels is 2560 watts at a cost of $4320 and need 176 sqft. Smaller panels, possibly fit roof better?

Heliene 370W 72M Monocrystalline PV Module. $300 77"x39"x1.57 and approx 50lbs. 3003sqin/22.6sqft. 16.36 watts per sqft at 0.81 per watt. 8 panels would be 2960 watts at $2400. These are expensive typical size panels, but are efficient for their size and cost. As you only have so much space, you go for the more expensive panels that provide more power per sqft. These are typically USA made panels.

Panasonic N330 HIT Module, $390 each. 62.6 × 41.5 × 1.6 in at 41 llbs. 2594 sqin or 18sqft = 18.33 watts per sqft (more efficient than above)
8 panels would be: 2640 watts and $3120
10 panels might fit (smaller panels) and would be: 3300 watts and $4000.


I used approx pricing, and sourced these descriptions, data and prices from Amazon.com, WholesaleSolar.com and BackwoodsSolar.com - There are other sources. As helpful humans, the BackwoodsSolar.com people get high marks. Batteries from Batteries Plus (don't laugh) and BackwoodsSolar.com - There are other sources. Shipping matters.
Small stuff: You'll need wire, circuit breakers, transfer switches, and some things I'll add here later. Plus lighting, water pump, etc.. a minimum of $3k of misc if buying new at big box stores. I'll try to make a list of that as well when I can.
MELEE Mailing List Engine
meuon 2020-03-01
I've run "mailman" for the Chugalug.org list server since it's creation in 1999, as well as various mailing lists for engineers, recovering *, security nutcases, and extended families. As I build a new server for Chugalug and my personal use, MailMan 3's weight and ecosystem (Python, dJango, etc.. ) and gobs and gobs of weird code made me scream enough to build my own instead of deal with Mailman3. I looked at it as a learning opportunity. Wow, was it. Including diving into the mudpile of what makes email work in 2020, I added GPG/PGP support as well. It's a running open source project at: GitHub MELEE with it's own mailing list for support and questions at: https://geeklabs.com/melee/
E-Mail to Fax Server
Mike 2019-10-01
I may have created the ultimate minimal e-mail to fax server (using T38 via VoIP) on the planet. I'm wondering who else needs such a thing, It's literally a bare Linux server, plus Hylafax, T38modem and not much else. It does not use or require Asterisk. It reads a bare /var/spool/mail/fax mail spool (Postfix) and a little Perl and PHP code... (PHP because I borrowed some code...).
Happy Linux Config
meuon 2019-07-15
Debian 10 Playing
Been playing with Debian 10 and a new Laptop (T470). I'm on my Nth re-install (playing with different Linux installs) and back to my "happy place". Debian with Cinnamon. Install "planK" for a dock, plus the usual load of things I always seem to need. vlc, joe, sniffit, iptraf, nmap, wireshark, whyteboard, ... plus the usual: chrome, gimp,audacity... and it's a functional powerful travel machine :)
Yubikey on Mint
meuon 2019-07-01
I recently started using a Yubikey 5 U2F and it's working well on my Mac and main Debian computer. Linux Mint seems to need some tweaks. Stashed here for future use:
Yubikey U2F fix for Linux Mint and Others
found the magic udev rule:
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0200|0402|0403|0406|0407|0410", TAG+="uaccess"
WordPress Woes
meuon 2019-02-02
robots.txt
I grok that Wordpress is a very popular web site / blog creation engine. As I try to help Nancy with the Charles W. Ferris Association Website I learn that the default robots.txt disallows ALL web search bot crawling, and that changing it is not a built in function of Word Press.
Example of a Manson Script
Mike 2018-11-26
Mass IPTABLES Murdered
This is part of a 5 minutes at DC423 meeting. and subset example part of a system that includes: NOC Display
#!/usr/bin/perl
#EXAMPLE VERSION FOR DC423
#Manson the Mass Murderer. Kills (iptables blocks) errant IP's 
#This version is tuned up for Asterisk Systems with port forwarding at the firewall. 

  #$stalk = "/tmp/modem.log" ; 
  $stalk = "/var/log/asterisk/full" ; 
  @whitelist = ('19.7.11.1','sippy.foo.com','74.1.1.1','127.0.0.1','2600:3a02::f13c:91ff:fa0b:6cb') ; 
#Not the real or full list
  require('/ring-u/manson.cnf') ; 

#$mac='b1:31:92:4e:e9:0b' ; 
#$ip='192.168.1.22' ;
#$network='192.168.1.0' ;
#$cidr='24' ;

  print "Network: $network IP: $ip  CIDR: $cidrn" ; 
  @local = ("$network") ; 

system("/sbin/iptables -L -n >/tmp/iptables") ; 
open(IN,"/tmp/iptables") ; 
while() { 
  if(/all/) { 
  @line = split(/s+/) ; 
  push (@blocked,$line[3]) ; 
  } ; 
} ;   

print "Whitelist: @whitelistn" ; 
print "Blocked: @blockedn" ; 
print "Local: @localn" ; 

open(IN,$stalk) ; 

while() { 
#Contact: sip:100@185.44.76.133:56385
$kill = 'false' ; 
$ip = '' ; 

if(/^XContact/) { #rules for t38modem log with tttt  
    print "$_" ; 
    s///g ; 
    @line = split(/[:@><]/) ; 
    #print $line[3] ; 
    $ip = $line[3] ; 
    $ip =~ s/n//g ; #removes CR's. 
    #print "n" ; 
    #if($ip ~~ @whitelist) { print "WHOO" ; } ; 
    if ( grep( /$ip/, @whitelist ) ) {
      print "IP $ip whitelistedn";
    } elsif ( grep( /$ip/, @blocked) )  { 
    #  print "IP $ip already blockedn";
    } else { 
      $knife = "/sbin/iptables -A INPUT -s $ip -j DROP" ; 
      print "I should kill1: $ip     $knifen" ; 
    } ; 
} ; 


if(/No matching endpoint/ or /Failed to authenticate/) { 
#    print "$_" ; 
    s///g ; 
    s/'//g ; 
    @line = split(/[:@><]/) ; 
    $_ = $line[5] ; 
    @line = split(/s/) ; 
    $ip = $line[3] ; 
    $ip =~ s/n//g ; #removes CR's. 
    @chunk = split(/./,$ip) ; 
    $shortip = $chunk[0] . '.' . $chunk[1] ;
#    print "Short: $shortip    @localn";  
    if ( grep( /$ip/, @whitelist ) ) {
      print "IP $ip whitelistedn";
    } elsif ( grep( /$ip/, @blocked) )  { 
      print "IP $ip already blockedn";
    } elsif ( grep( /$shortip/, @local) )  { 
     # print "IP $ip is local part of $shortipn";
    } else { 
      $knife = "/sbin/iptables -A INPUT -s $ip -j DROP" ; 
      push (@blocked,$ip) ; 
      print "I should kill2: $ip     $knifen" ; 
      system("$knife") ; 
    } ; 
} ; 
} ; 
close (IN) ; 

truncate '/var/log/asterisk/full', 0;
truncate '/var/log/asterisk/security', 0;