tag:blogger.com,1999:blog-22995581914979429142024-03-05T05:44:03.156+00:00Geekology, by GarnettYet another IT blog, I hope you find it useful!
Plan for the worst, hope for the bestJayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.comBlogger68125tag:blogger.com,1999:blog-2299558191497942914.post-70983125712556918902017-11-16T16:33:00.001+00:002017-11-16T16:33:29.105+00:00Sage Accounts crashing when emailing invoicesWe've had an issue with Sage Accounts crashing for a user and see this from time to time, mostly with the same customer. This spans multiple years and multiple versions of Sage Accounts, yes they do upgrade every year.<br />
<br />
The environment is a normal network with active directory, Sage data hosted on a server and mapped via the UNC path. The printers on each accounts persons desk is an HP P2035 LaserJet, connected via USB.<br />
<br />
They rarely change accounts staff so we rarely see this issue they have with Sage Accounts crashing when selecting multiple invoices and hitting the email button. Everything else with their setup is well documented from many years ago since they last changed PC's and had a few issues with Sage. I guess this one thing got overlooked in a rush trying to get everything fixed for them.<br />
<br />
Having contacted Sage and being fobbed off with their usual line of 'This is a known issue, please follow the steps in this KB to resolve the issue you are experiencing" and being sent an email with a link to a KB. Suffice to say following the steps in this KB did NOT fix the issue!<br />
<br />
How I fixed it was comparing another PC which is able to send multiple invoices without issue, the only difference was that the new accounts person HP P2035 had the "Enable advanced printing features" ticked under the Advanced tab of the printer properties page. I unticked this, hit ok and asked her to try again. Lo and behold, it worked! I asked her to try several more times to make sure it wasn't a fluke and we rejoiced as she kept trying and it kept working!<br />
<br />
<br />
Now whether this is a Microsoft issue as its a tick box in a Windows dialog box (unlikely their fault as no other customer with Sage has this issue), an HP issue being its their driver and we don't see this with other customers with different printers or a Sage issue as its their software crashing I can't say...Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-57683893842104261542016-04-08T19:59:00.000+01:002016-04-08T19:59:00.180+01:00OpenBSD L2TP/IPSec VPN for AndroidSince posting the L2TP/IPSec VPN configuration for Windows devices I have had a lot of comments asking for me to test this with Android. I wasn't able to follow up on those requests as I had lent my old Samsung S3 to a friend whose iPhone 5S has been playing up and eventually died while he waited for his new phone, he got an iPhone 6S .. how disappointing ?<br />
<br />
Anyway, Once I got the phone back it took me less than 5 minutes to find the correct settings for an Android device - <b>please to bear in mind that if your Android device does not work please check the /var/log/messages file for what was sent by the device and what was expected by the router and make the adjustments in your /etc/ipsec.conf file.</b><br />
<br />
I've decided to make a completely new blog about it so there is no confusion and its just simpler in my mind, I've also just copied and pasted the text and modified the few parts that needed to be for an Android running 4.4.4 (this is an OLD phone and it's running Cyanogen 11).<br />
<br />
In OpenBSD to use L2TP / IPSEC you can use the native <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/npppd.8?query=npppd&sec=8" target="_blank">NPPPD (8)</a> as I have done. I'm a big fan of using the out of the box features, afterall OpenBSD is built for security from the ground up, so using a 3rd party L2TP/IPSEC port wasn't an option, I literally didn't even give it a thought.<br />
<br />
With NPPPD there are a bunch of files you'll need to configure in order to make it work.<br />
/etc/npppd/npppd.conf<br />
/etc/npppd/npppd-users<br />
/etc/ipsec.conf<br />
/etc/pf.conf<br />
/etc/sysctl.conf<br />
/etc/rc.conf.local<br />
<br />
My <b>npppd.conf</b> file looks something like this, note the reference to the npppd-users file, you can configure multiple VPN's here with different users in different files. You'll see I'm using <a href="https://www.freebsd.org/cgi/man.cgi?format=html&query=tun(4)" target="_blank">tun </a>instead of pppx<br />
<br />
<i>authentication LOCAL type local {</i><br />
<i> users-file "/etc/npppd/npppd-users"</i><br />
<i>}</i><br />
<i><br /></i><i>tunnel L2TP protocol l2tp {</i><br />
<i> listen on 0.0.0.0</i><br />
<i> listen on ::</i><br />
<i>}</i><br />
<i><br /></i><i>ipcp IPCP {</i><br />
<i> pool-address 10.0.0.2-10.0.0.254</i><br />
<i> dns-servers 8.8.8.8</i><br />
<i>}</i><br />
<i><br /></i><i>interface tun0 address 10.0.0.1 ipcp IPCP</i><br />
<i>bind tunnel from L2TP authenticated by LOCAL to tun0</i><br />
<div>
<br /></div>
<div>
<br /></div>
<div>
and list of users in the <b>npppd-users</b> file, add as many users you require, you can set them a static IP here too, check the man page for npppd for additional options:</div>
<div>
<br /></div>
<div>
<div>
<i>Username:\</i></div>
<div>
<i> :password=S3cureP4s5vvordz:</i></div>
</div>
<div>
<i><br /></i></div>
<div>
<i><br /></i></div>
<div>
and <b>ipsec.conf</b> file should look something like this, the first two lines set macros as you can in pf.conf, this helps as I have a dynamic IP, although I still have some issues if the IP changes and need to run pf.conf, possibly also reloading ipsec.conf rules, you may need to change aes to 3des or something else your device requires, same applies to modp2048 and hmac-sha1, check /var/log/messages after trying to connect your device:</div>
<div>
<br /></div>
<div>
<div>
<i>IF_WAN=pppoe0</i></div>
<div>
<i>key="B1gPH4tKEYWITHlotsOfRANDOMstuff"</i></div>
<div>
<i><br /></i></div>
<div>
<i>ike passive esp transport \</i></div>
<div>
<i> proto udp from $IF_WAN to any port 1701 \</i></div>
<div>
<i> main auth "hmac-sha1" enc "3des" group modp1024 \</i></div>
<div>
<i> quick auth "hmac-sha1" enc "3des" \</i></div>
<div>
<i> psk $key</i></div>
</div>
<div>
<br /></div>
<div>
If you've got a working OpenBSD router using <b>pf.conf</b> as your firewall, you'll need to modify this too, adding tun to your skip statement, NAT rule allowing VPN clients LAN and WAN access, and the last two lines allow the VPN traffic in otherwise the VPN's wouldn't establish:</div>
<div>
<br /></div>
<div>
<i>set skip on { lo, enc, tun } #Added tun here</i></div>
<div>
<i><br /></i></div>
<div>
<i>match out on $IF_WAN from {$IF_LAN:network, 10.0.0.0/24} nat-to ($IF_WAN:0) \</i></div>
<div>
<i>scrub (no-df max-mss 1440) #Added the network range for the VPN clients</i></div>
<div>
<i><br /></i></div>
<div>
<div>
<i>pass quick proto { esp, ah }</i></div>
<div>
<i>pass in proto udp to $IF_WAN:0 port {isakmp, ipsec-nat-t}</i></div>
</div>
<div>
<i><br /></i></div>
<div>
<i><br /></i></div>
<div>
You also need to add in some <b>sysctl.conf</b> options:</div>
<div>
<br /></div>
<div>
<div>
<i>net.pipex.enable=1 </i></div>
<div>
<i>net.inet.ipcomp.enable=1 </i></div>
</div>
<div>
<br /></div>
<div>
and in <b>rc.conf.local</b></div>
<div>
<br /></div>
<br />
<div>
</div>
<br />
<div style="-webkit-text-stroke-width: 0px; color: black; font-family: 'Times New Roman'; font-size: medium; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 1; word-spacing: 0px;">
<div style="font-style: normal;">
<div style="margin: 0px;">
<i>isakmpd_flags="-K"</i></div>
</div>
<div style="font-style: normal;">
<div style="margin: 0px;">
<i>ipsec=YES</i></div>
</div>
<div>
<div style="font-style: normal; margin: 0px;">
<i>npppd_flags=""</i></div>
<div style="font-style: normal; margin: 0px;">
<i><br /></i></div>
<div style="font-style: normal; margin: 0px;">
<i><br /></i></div>
<div style="margin: 0px;">
There are not many changes, you can either reboot the router or reload the firewall, load the modules in sysctl and start the services. If you already have a VPN configuration then restarting the services should be enough.</div>
<div style="margin: 0px;">
<br /></div>
</div>
</div>
Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com10tag:blogger.com,1999:blog-2299558191497942914.post-25025755846416214552016-03-24T22:09:00.000+00:002016-05-25T21:45:23.201+01:00Windows 7 updates taking ages? Here's a fix!As of about 6 months ago I've been deploying PC's for customers who aren't comfortable with Windows 10 after all the nonsensical press about it spying on users, and they don't want Windows 8/8.1 either because of the UI, some just have software that the vendor hasn't tested on anything newer than Windows 7.<br />
<br />
Each customer needs a different build of Windows with different preinstalled programs, so require different images to be installed from a WDS. While making the first of the base images, which I would then fork into different images for the different customers once updated, I noticed Windows 7 would just sit at trying to check for updates, seemingly never ending.<br />
<br />
Now I knew Microsoft had released an update to Windows 7 update around the time of the Windows 10 launch so I checked my suspicions and yes, this update does resolve the never ending search for updates.<br />
<br />
Once installed within a few minutes Windows 7 will find updates, you can grab the update below for x86, x64 Windows 7 and Server 2008 R2... and IA-64 if anyone actually still uses them:<br />
https://support.microsoft.com/en-gb/kb/3050265<br />
<br />
<u><b>Update:</b></u><br />
Microsoft have now released a convenience rollup update for Windows 7 and Server 2008 R2 which can be found <a href="https://support.microsoft.com/en-gb/kb/3125574" target="_blank">here</a> and will allow you to get the latest updates up through to April 2016 patch Tuesday.Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-8912326523164467122016-03-16T13:20:00.000+00:002016-03-21T22:36:40.825+00:00Raspberry Pi 3: Reasons for a Heatsink and fanI've had Pi's since the original Pi Model B and always instantly put a heatsink on them to "keep them cool" as I'm sure most other Pi users have and on my Pi2 I bought a cheap acrylic case I could cut up and modify, I actually ended up buying 3 in the end until I made my build exactly how I want it, with a big red power button and fan on top (pic later).<br />
<br />
<br />
Upon arrival of my Pi3 the day after launch I decided NOT to put a heatsink on and test the temps on a stock Raspbian image, no overclocking, everything as default in the Pi3 Black case from RS where I'd ordered my Pi3.<br />
<br />
The temps looked pretty bad straight off the bat, with just the Raspbian GUI up and a watch command checking the speed and temps. Put the below text into a file with your favourite text editor and save it with a .sh extension, <span style="font-family: "courier new" , "courier" , monospace;"><i>chmod +x filename.sh</i></span> and run watch <i style="font-family: 'Courier New', Courier, monospace;">./filename.sh </i><span style="font-family: inherit;">I called mine cputemp.sh</span><br />
<br />
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace;"><i>cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq</i></span><br />
<span style="font-family: "courier new" , "courier" , monospace;"><i>/opt/vc/bin/vcgencmd measure_temp</i></span></blockquote>
<br />
The other script you'll want is the fullload.sh which reads /dev/zero into /dev/null - essentially taking as many 0's as it can get and dumping them into a blackhole, but we run this 4 times, once for each core, to generate the load needed, there are other ways of doing this, but this is one of the simplist. The below script is all one line. remember to run <i style="font-family: 'Courier New', Courier, monospace;">chmod +x fullload.sh</i><span style="font-family: inherit;"> so its easier to run with just </span><i><span style="font-family: "courier new" , "courier" , monospace;">./fullload.sh</span></i><br />
<br />
<blockquote class="tr_bq">
<span style="font-family: "courier new" , "courier" , monospace;"><i>fulload() { dd if=/dev/zero of=/dev/null | dd if=/dev/zero of=/dev/null | dd if=/dev/zero of=/dev/null | dd if=/dev/zero of=/dev/null & }; fulload</i></span></blockquote>
<br />
Now watch the temps, my Pi3 was hovering at idle 49C - 51C in the Black case (there's not much ventilation with these cases, the cpu speed kept flickering between 600Mhz and 1.2Ghz.<br />
<br />
With <span style="font-family: "courier new" , "courier" , monospace;"><i>fullload.sh</i></span> running, the temps sky rocketed up to 85.3C pretty quickly ! Using <span style="font-family: "courier new" , "courier" , monospace; font-style: italic;">killall dd</span><span style="font-family: inherit;"> to stop the processes and the temps eventually came back down to about 53C after 5 minutes.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">Adding the copper heatsinks, brought the idle temps down a few </span>Celsius to a max of 49.2C, not a huge difference!<br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;"> Running </span><span style="font-family: "courier new" , "courier" , monospace;"><i>fullload.sh</i></span><span style="font-family: inherit;"> with the copper heatsinks on brought about similar high temps as without heatsinks, so the heatsinks alone do not do a whole lot!</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">I decided to whip my Pi2 out the clear acrylic case and put my Pi3 in it, since that case has a fan and retest the temps with the heatsinks on, I really didn't want to reorder the heatsinks to do a test with a fan and no heatsinks, I'll probably end up buying another Pi3 in the next few months so I'll test again then without heatsinks but with a fan.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">So the Pi3 idle temp with heatsink and fan is 27.2C ! Much better than a Pi3 without a fan.</span><br />
<span style="font-family: inherit;"><br /></span>
Running <span style="font-family: "courier new" , "courier" , monospace;"><i>fullload.sh</i></span> brings the max temp to a decent 49.8C, which is the idle temp without a fan!<br />
<br />
So in conclusion, add a fan to your Raspberry Pi setup if you don't want it running hot, especially if its doing a high work load.<br />
<br />
Now this is the slightly dangerous part ... overclocking to a whopping 1.5Ghz! config.txt mods below:<br />
<blockquote class="tr_bq">
<br />
arm_freq=1500<br />
core_freq=500<br />
sdram_freq=500<br />
over_voltage=6</blockquote>
The temps hover between 29.3C and a max of 31.5C, the small load of <span style="font-family: "courier new" , "courier" , monospace;"><i>watch t</i></span><i style="font-family: 'Courier New', Courier, monospace;">empcpu.sh</i><span style="font-family: inherit;"> is what probably makes it jump to 30.9C and less often 31.5C</span><br />
<span style="font-family: inherit;"><br /></span>
So after It'd been running like that for 15 minutes or so it was time to run <span style="font-family: "courier new" , "courier" , monospace;"><i>fullload.sh</i></span> on the beast, I watch it for about 5 minutes as it slowly climbed to about 44C then went to make a coffee ... when I got back I was greeted with the below in my ssh client and the Pi3 was unresponsive to, not even to pings so it had crashed :(<br />
<blockquote class="tr_bq">
<br />
pi@raspberrypi:~$ ./fullload.sh<br />
pi@raspberrypi:~$ dd: error reading ‘/dev/zero’: Bad address<br />
3379135+0 records in<br />
3379135+0 records out<br />
1730117120 bytes (1.7 GB) copied, 5.55431 s, 311 MB/s<br />
dd: error reading ‘/dev/zero’: Bad file descriptor<br />
7702196+0 records in<br />
7702196+0 records out<br />
3943524352 bytes (3.9 GB) copied, 12.4847 s, 316 MB/s</blockquote>
Upon reboot it booted up fine and I could find no ill effects from being overclocked to 1.5Ghz and fully loaded. I decided to run another load on it and it crashed a lot quicker this time, before I could open another ssh connection and type the watch command ... so I think 1.5Ghz might be a bit much, I stepped it down to 1.45Ghz and it was much more stable with no adverse effects and the temp is a stable 61.6C which I'm happy with.... for a while then it hung a while later :(<br />
<br />
So I stepped it down to 1.4Ghz and so far so good, no crash yet after over an hour and a max temp of 65.4C, not what I was hoping for but better than the stock 1.2Ghz.<br />
<br />
I'd like to get another Pi3 and run the last test with just a fan and no heatsink so see if there any differences between having a heatsink or not, since there's no real difference before adding the fan.<br />
<br />
*Note: I left the Pi3 to run the tests for at least 10 minutes each time, often more, even running at 85.3C as this it was stock Raspbian with no modifications, so if it blew up, they would have to replace it, right?<br />
<br />
I found the basic scripts on another blog, its only right to mention it here: http://www.jackenhack.com/raspberry-pi-3-overclocking/Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-77497064698879178452015-12-10T22:39:00.000+00:002015-12-10T22:39:26.021+00:00Let's Encrypt! with FreeBSD 10.2 & nginxSo with the announcement that Letsencrypt.org has gone into a public beta this last week I decided to give it a go and here are my results.<br />
<br />
If you don't know what this is, visit their website and find out https://letsencrypt.org<br />
<br />
I have a FreeBSD 10.2 dev VM running on my Windows Server 2012 R2 Hyper-V box, it has some internal websites I use but nothing significant.<br />
<br />
<br />
<div class="MsoNormal">
This is assuming the following, it'll be easy to get a LetsEncrypt cert in a few minutes.</div>
<div class="MsoNormal">
Port 80 is open to the world on your webserver (or Port forwarding/PAT is configured).</div>
<div class="MsoNormal">
Your DNS is correct for the www.mydomainname.com and points to the web server.</div>
<div class="MsoNormal">
and lastly that your document root is /usr/local/www/nginx/</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Before asking for help check all of those are correct.</div>
<br />
To install Letsencrypt its a fairly straight forward "pkg install py27-letsencrypt" or cd /usr/ports/security/py-letsencrypt && make install clean. Which as of writing is py27-letsencrypt-0.1.0 on FreeBSD 10.2.<br />
<br />
Once installed you'll need to run a command like:<br />
<div class="MsoNormal">
letsencrypt certonly --webroot -w /usr/local/www/nginx/ -d www.mydomainname.com<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Note: you can add additional arguments like "-d www.myotherdomains.com" to do multiple certs at the same time</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
If you get a successful message then all you need to do is edit your nginx.conf for your sites(s), I'll include a basic sample below which works for me. If you edit your nginx.conf before getting your cert and try to reload it, it won't reload because the cert and key will be missing!</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>server {</i></div>
<div class="MsoNormal">
<i> listen 80;</i></div>
<div class="MsoNormal">
<i> listen 443 ssl;</i></div>
<div class="MsoNormal">
<i> server_name </i>www.myotherdomains.com<i>;</i></div>
<div class="MsoNormal">
<i> ssl_certificate /usr/local/etc/letsencrypt/live/</i>www.myotherdomains.com<i>/fullchain.pem;</i></div>
<div class="MsoNormal">
<i> ssl_certificate_key /usr/local/etc/letsencrypt/live/</i>www.myotherdomains.com<i>/privkey.pem;</i></div>
<div class="MsoNormal">
<i> access_log /var/log/www/access-</i>www.myotherdomains.com<i>.log;</i></div>
<div class="MsoNormal">
<i> error_log /var/log/www/error-</i>www.myotherdomains.com<i>.log;</i></div>
<div class="MsoNormal">
<i><br /></i></div>
<div class="MsoNormal">
<i> location / {</i></div>
<div class="MsoNormal">
<i> root /usr/local/www/nginx/;</i></div>
<div class="MsoNormal">
<i> index index.html;</i></div>
<div class="MsoNormal">
<i>}</i></div>
<div class="MsoNormal">
<i>}</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div>
Now that you have py-letsencrypt installed, your cert and nginx config sorted, all you need to do is restart nginx with:</div>
<div>
<i>service nginx restart</i></div>
<div>
<i><br /></i></div>
<div>
You should now have a working LetsEncyrpt cert!!!</div>
<div>
<br /></div>
<div>
Please note that FreeBSD does not yet have the letsencrypt-auto client as of 9th December 2015, so in 89 days you better renew your certs with the same command as you used above!</div>
Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-47031140410763922442015-11-26T23:54:00.000+00:002015-12-28T00:39:24.660+00:00Setting up an OpenBSD router with TalkTalk FTTCSo a friend of mine wanted a low powered OpenBSD router, he bought a Micro ITX Quad core motherboard with two on board netword cards, 4Gb ram and a swish looking case, parts list will be below when I get them, which came to around £120 from ebuyer.com. This setup is cheaper and more powerful and the Soekris range we use at work, however the Soekris boards come with 4 NIC's now days, but with these Mini ITX and the right case you can add a second 1,2,3 or 4 port NIC - for less than a Soekris. Saying that Soekris boards are probably still lower powered as they use Atom CPU's.<br />
<br />
He followed my OpenBSD router guide for BT Fibre connections, however that didn't work because unlike BT, TalkTalk use MPoA and not PPPoE for the their Fibre connections. He had tried what we thought would be his TalkTalk credentials, TalkTalk had told him there were no credentials ... which we didn't believe until we done some research. I believe TalkTalk ADSL would still require credentials and use a PPPoE connection.<br />
<br />
What that means is that all you need to do with a TalkTalk FTTC/FTTH connection is to set your WAN adapter to get an IP via DHCP and setup the rest of the router in the same way as my other post. This applies to any router on a TalkTalk fibre connection, no credentials needed!<br />
<br />
I'll include the config files here.<br />
<br />
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; margin: 0px; position: relative;">
<b>OpenBSD router config, edit the files as below replacing re0 and re1 for your own NIC identifiers. The below config may be slightly incorrect as I've edited from memory based on the BT config, but I'm sure its fine.</b></div>
<br style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;" />
<b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">File: /etc/hostname.re0 (</b><b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">reX's are Realtek NIC's</b><b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">)</b><br />
<i style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;"> descr "WAN"</i><br />
<i style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;"> dhcp</i><br />
<i style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;"><br /></i><b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">File: /etc/hostname.re1 (reX's are Realtek NIC's)</b><br />
<i style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;"> descr "Internal Network"</i><br />
<i style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;"> inet 192.168.1.254 255.255.255.0 NONE</i><br />
<br style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;" />
<b style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">File: /etc/dhcpd.conf</b><br />
<i style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;"> subnet 192.168.1.0 netmask 255.255.255.0 {</i><br />
<i style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;"> option routers 192.168.1.254;</i><br />
<span style="background-color: white; font-size: 13.2px; line-height: 18.48px;"><span style="font-family: Trebuchet MS, Trebuchet, Verdana, sans-serif;"><i> option dhcp-lease-time 2592000;</i></span></span><br />
<i style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;"> option domain-name-servers </i><span style="background-color: white; color: #333333; font-family: arial, verdana, helvetica, 'Liberation Sans', FreeSans, sans-serif; font-size: 12px; line-height: 15px;">62.24.199.13</span><i style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">, </i><span style="background-color: white; color: #333333; font-family: arial, verdana, helvetica, 'Liberation Sans', FreeSans, sans-serif; font-size: 12px; line-height: 15px;">62.24.199.23</span><i style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">, 8.8.8.8, 8.8.4.4;</i><br />
<i style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;"> range 192.168.1.10 192.168.1.200;</i><br />
<i style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;"> }</i><br />
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<br /></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<b>File: /etc/myname (Setting the hostname of the router, this can be just about anything you want)</b></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<i>Router</i></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<i><br /></i></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<b>File: /etc/resolve.conf (DNS resolvers in here, without configuring this you have no DNS)</b></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<div>
<i>nameserver </i><span style="color: #333333; font-family: arial, verdana, helvetica, 'Liberation Sans', FreeSans, sans-serif; font-size: 12px; line-height: 15px;">62.24.199.13</span><i> #TalkTalk Primary DNS server they may change in the future so check them!</i></div>
<div>
<i>nameserver </i><span style="color: #333333; font-family: arial, verdana, helvetica, 'Liberation Sans', FreeSans, sans-serif; font-size: 12px; line-height: 15px;">62.24.199.23</span><i> #TalkTalk Secondary DNS server </i><i style="font-size: 13.2px; line-height: 18.48px;"> they may change in the future so check them!</i></div>
<div>
<i>nameserver 8.8.8.8 #Google DNS server1</i></div>
<div>
<i>nameserver 8.8.4.4 #Google DNS server2</i></div>
</div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<i><br /></i></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<b>File: /etc/rc.conf.local (Daemon's / Services here, you may not need all, depending if you want VPN access into the network or not)</b></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<div>
<i>sshd_flags="" #Enables SSH access</i></div>
<div>
<i>dhcpd_flags="" #Enables DHCP Daemon/service</i></div>
<div>
<i>ntpd_flags="-s" #Enables Network Time Protocol server</i></div>
<div>
<i>ftpproxy_flags="" #Enables the FTP Proxy service used in pf.conf</i></div>
</div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<i><br /></i></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<b>File: /etc/pf.conf (This is the firewall config file)</b></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<div>
<i> IF_WAN = "re0" #creates a 'variable' for WAN, quicker updating by changing this only</i></div>
<div>
<i> IF_LAN = "re1" #Creates a 'variable' for LAN, in case I change the card/type later on</i></div>
<div>
<i><br /></i></div>
<div>
<i> set skip on { lo, enc } #skips filtering loop back interface</i></div>
<div>
<i> set block-policy drop #drops any packets not dealt with below</i></div>
<div>
<i><br /></i></div>
<div>
<i> block in #Blocks all incoming packets</i></div>
<div>
<i> pass out #Passes out any packets</i></div>
<div>
<i><br /></i><i> #FTP Proxy to allow FTP traffic correctly, this needs to be before your NAT rules</i></div>
<div>
<i> anchor "ftp-proxy/*" #Proxies all FTP traffic</i></div>
<div>
<i> pass in log on $IF_LAN inet proto tcp from $IF_LAN:network to !$IF_LAN \ port ftp flags S/SAFR </i><i>modulate state divert-to 127.0.0.1 port 8021</i><br />
<i><br /></i></div>
<div>
<i> #NAT's the LAN traffic to WAN, which is re0, also alters the MTU to 1440 as this seems to work best</i></div>
<div>
<i style="font-size: 13.2px; line-height: 18.48px;"> match out on $IF_WAN from $IF_LAN:network nat-to ($IF_WAN:0) scrub (no-df max-mss 1492)</i></div>
<div>
<br /></div>
<div>
<i><br /></i></div>
<div>
<i> #Allows Anything on the LAN to talk to the router</i></div>
<div>
<i> pass in on $IF_LAN from $IF_LAN:network</i></div>
<div>
<i><br /></i></div>
<div>
<i> #Allows response to pings</i></div>
<div>
<i> pass in inet proto icmp to $IF_WAN icmp-type { echoreq, unreach }</i></div>
</div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<br /></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<b>File: /etc/sysctl.conf (enabling different system calls)</b></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<div>
<i> net.inet.ip.forwarding=1<span class="Apple-tab-span" style="white-space: pre;"> </span># 1=Permit forwarding (routing) of IPv4 packets</i></div>
<div>
<i> net.inet.ip.mforwarding=1<span class="Apple-tab-span" style="white-space: pre;"> </span># 1=Permit forwarding (routing) of IPv4 multicast packets</i></div>
<div>
<i> net.inet6.icmp6.rediraccept=1<span class="Apple-tab-span" style="white-space: pre;"> </span># 1=Accept IPv6 ICMP redirects (for hosts)</i></div>
<div>
<i> net.inet6.ip6.accept_rtadv=1<span class="Apple-tab-span" style="white-space: pre;"> </span># 1=Permit IPv6 autoconf (forwarding must be 0)</i></div>
</div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<i><br /></i></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<i><br /></i>Once you've edited your config files, connect the BT Openreach modem to your WAN port and reboot, looking for errors during boot. Yes TalkTalk FTTC uses MPoA and the BT Openreach modem you get on a BT FTTC connection.</div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
Check ifconfig for re0 to make sure its got an ip via dhcp.</div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
Do pings to external IP's and hostnames to check connectivitiy and DNS resolution is working, maybe ever hook up a machine to the LAN port and see if it can connect to the internet before connecting the rest of your network.</div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
<br /></div>
<div style="background-color: white; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;">
The re0 section of ifconfig will look like this, this can be checked with the command:<br />
<i><b> ifconfig re0</b></i></div>
<div style="background-color: white;">
<div>
<span style="font-family: Trebuchet MS, Trebuchet, Verdana, sans-serif;"><span style="font-size: 13.2px; line-height: 18.48px;"> </span></span><i style="font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;"> </i><span style="font-family: Trebuchet MS, Trebuchet, Verdana, sans-serif;"><span style="font-size: 13.2px; line-height: 18.48px;"><i>re0: flags=8843<up> mtu 1500</up></i></span></span></div>
<div>
<span style="font-family: Trebuchet MS, Trebuchet, Verdana, sans-serif;"><span style="font-size: 13.2px; line-height: 18.48px;"><i> lladdr 40:8d:5c:1c:16:26</i></span></span></div>
<div>
<span style="font-family: Trebuchet MS, Trebuchet, Verdana, sans-serif;"><span style="font-size: 13.2px; line-height: 18.48px;"><i> description: WAN</i></span></span></div>
<div>
<span style="font-family: Trebuchet MS, Trebuchet, Verdana, sans-serif;"><span style="font-size: 13.2px; line-height: 18.48px;"><i> priority: 0</i></span></span></div>
<div>
<span style="font-family: Trebuchet MS, Trebuchet, Verdana, sans-serif;"><span style="font-size: 13.2px; line-height: 18.48px;"><i> groups: egress</i></span></span></div>
<div>
<span style="font-family: Trebuchet MS, Trebuchet, Verdana, sans-serif;"><span style="font-size: 13.2px; line-height: 18.48px;"><i> media: Ethernet autoselect (100baseTX full-duplex)</i></span></span></div>
<div>
<span style="font-family: Trebuchet MS, Trebuchet, Verdana, sans-serif;"><span style="font-size: 13.2px; line-height: 18.48px;"><i> status: active</i></span></span></div>
<div>
<i style="font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13.2px; line-height: 18.48px;"> inet TALK.TALK.WAN.IP --> TALK.TALK.WAN.GW netmask 0xffffffff</i></div>
</div>
Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-41145249098815333972015-11-05T22:36:00.000+00:002015-11-05T22:36:10.210+00:00New domain name purchaseI've got a bunch of domain names and seeing as its my birthday next week I thought I'd treat myself to a new one ...<div>
<br /></div>
<div>
BEHOLD!!!</div>
<div>
<br /></div>
<div>
fuckingwith.it</div>
<div>
<br /></div>
<div>
I wasted no time in making the subdomain blog. to point here, so if you bookmark blog.fuckingwith.it it'll bring you back here :) </div>
<div>
<br /></div>
<div>
<br /></div>
<div>
The only issue with that is there's no HTTPS option for custom domains with blogger ... </div>
<div>
<br /></div>
<div>
Perhaps its time to find somewhere else to host this ickle blog of mine?</div>
Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-17474711328637036632015-08-07T22:14:00.003+01:002015-08-07T22:15:31.055+01:00OKI B432dn Installation, missing a driver when its not missing?Today whilst on a customer site installing their IT for a new shop, I had the glorious task of installing 5 Oki B432dn's. The computers are USFF Dell's half the size of a novel and no CD/DVD drive, no problem I thought, I'll stick the installation CD in my laptop, copy the files over to their server and install the printers from there as Windows apparently had the Universal PCL 6 Drivers but still had a problem with the printer drivers.<br />
<br />
HAH! My laptop refused to read more than the CD file structure and a few files across multiple CD's. URGH! I'll have to get that replaced then, though I think the laptop is now out of warranty by a few months, so may just get a USB CD/DVD drive.<br />
<br />
Back on topic ...<br />
<br />
I downloaded the drivers from OKI's website, installed them and it still had a problem with them according to Windows and a nasty exclamation mark over the printer object. Funnily enough, the printers would still print without any problems! But no body wants to see an error, even more so one that doesn't actually stop the device from functioning, how will you know when there is actually a problem!<br />
<br />
What the freaking hell! I really didn't want to budge any of the staff out the way to nab one of their PC's with a CD drive to copy the installation media from it, so back to OKI's website and another look of the driver list and I see USBIPP Drivers listed ... hmmm I wonder what that might be I said to myself, so downloaded the 519.5KB file, ran the installed - lo and behold, the nasty exclamation mark had gone and all was well in the world!<br />
<br />
It's these little things that really frustrate me sometimes, but glad it was an easy fix, one that I hope Microsoft / OKI remedy soon. Rant over.Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-89691747141256809952015-08-04T23:50:00.004+01:002016-04-11T08:34:10.141+01:00OpenBSD L2TP/IPSEC VPN (Works with Windows Phone 8.1!)Now I've got my OpenBSD router at home I thought I'd have a crack at making a VPN work.<br />
I chose a L2TP over IPSEC VPN because I was lazy and didn't want the hassle of creating certificates. Also Windows Phone 8.1 since Update 2 (GDR2) has supported L2TP/IPSEC, and as this is the primary device I'll be using my VPN with it was a sealed deal.<br />
<br />
In OpenBSD to use L2TP / IPSEC you can use the native <a href="http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/npppd.8?query=npppd&sec=8" target="_blank">NPPPD (8)</a> as I have done. I'm a big fan of using the out of the box features, afterall OpenBSD is built for security from the ground up, so using a 3rd party L2TP/IPSEC port wasn't an option, I literally didn't even give it a thought.<br />
<br />
If you're looking for L2TP/IPSEC for Android, see my other post here:<br />
http://blog.fuckingwith.it/2016/04/openbsd-l2tpipsec-vpn-for-android.html<br />
<br />
With NPPPD there are a bunch of files you'll need to configure in order to make it work.<br />
/etc/npppd/npppd.conf<br />
/etc/npppd/npppd-users<br />
/etc/ipsec.conf<br />
/etc/pf.conf<br />
/etc/sysctl.conf<br />
/etc/rc.conf.local<br />
<br />
My <b>npppd.conf</b> file looks something like this, note the reference to the npppd-users file, you can configure multiple VPN's here with different users in different files. You'll see I'm using <a href="https://www.freebsd.org/cgi/man.cgi?format=html&query=tun(4)" target="_blank">tun </a>instead of pppx<br />
<br />
<i>authentication LOCAL type local {</i><br />
<i> users-file "/etc/npppd/npppd-users"</i><br />
<i>}</i><br />
<i><br /></i>
<i>tunnel L2TP protocol l2tp {</i><br />
<i> listen on 0.0.0.0</i><br />
<i> listen on ::</i><br />
<i>}</i><br />
<i><br /></i>
<i>ipcp IPCP {</i><br />
<i> pool-address 10.0.0.2-10.0.0.254</i><br />
<i> dns-servers 8.8.8.8</i><br />
<i>}</i><br />
<i><br /></i>
<i>interface tun0 address 10.0.0.1 ipcp IPCP</i><br />
<i>bind tunnel from L2TP authenticated by LOCAL to tun0</i><br />
<div>
<br /></div>
<div>
<br /></div>
<div>
and list of users in the <b>npppd-users</b> file, add as many users you require, you can set them a static IP here too, check the man page for npppd for additional options:</div>
<div>
<br /></div>
<div>
<div>
<i>Username:\</i></div>
<div>
<i> :password=S3cureP4s5vvordz:</i></div>
</div>
<div>
<i><br /></i></div>
<div>
<i><br /></i></div>
<div>
and <b>ipsec.conf</b> file should look something like this, the first two lines set macros as you can in pf.conf, this helps as I have a dynamic IP, although I still have some issues if the IP changes and need to run pf.conf, possibly also reloading ipsec.conf rules, you may need to change aes to 3des or something else your device requires, same applies to modp2048 and hmac-sha1, check /var/log/messages after trying to connect your device:</div>
<div>
<br /></div>
<div>
<div>
<i>IF_WAN=pppoe0</i></div>
<div>
<i>key="B1gPH4tKEYWITHlotsOfRANDOMstuff"</i></div>
<div>
<i><br /></i></div>
<div>
<i>ike passive esp transport \</i></div>
<div>
<i> proto udp from $IF_WAN to any port 1701 \</i></div>
<div>
<i> main auth "hmac-sha1" enc "aes" group modp2048 \</i></div>
<div>
<i> quick auth "hmac-sha1" enc "aes" \</i></div>
<div>
<i> psk $key</i></div>
</div>
<div>
<br /></div>
<div>
If you've got a working OpenBSD router using <b>pf.conf</b> as your firewall, you'll need to modify this too, adding tun to your skip statement, NAT rule allowing VPN clients LAN and WAN access, and the last two lines allow the VPN traffic in otherwise the VPN's wouldn't establish:</div>
<div>
<br /></div>
<div>
<i>set skip on { lo, enc, tun } #Added tun here</i></div>
<div>
<i><br /></i></div>
<div>
<i>match out on $IF_WAN from {$IF_LAN:network, 10.0.0.0/24} nat-to ($IF_WAN:0) \</i></div>
<div>
<i>scrub (no-df max-mss 1440) #Added the network range for the VPN clients</i></div>
<div>
<i><br /></i></div>
<div>
<div>
<i>pass quick proto { esp, ah }</i></div>
<div>
<i>pass in proto udp to $IF_WAN:0 port {isakmp, ipsec-nat-t}</i></div>
</div>
<div>
<i><br /></i></div>
<div>
<i><br /></i></div>
<div>
You also need to add in some <b>sysctl.conf</b> options:</div>
<div>
<br /></div>
<div>
<div>
<i>net.pipex.enable=1 </i></div>
<div>
<i>net.inet.ipcomp.enable=1 </i></div>
</div>
<div>
<br /></div>
<div>
and in <b>rc.conf.local</b></div>
<div>
<br /></div>
<div>
<div>
<i>isakmpd_flags="-K"</i></div>
<div>
<i>ipsec=YES</i></div>
<div>
<i>npppd_flags=""</i></div>
</div>
<div>
<br /></div>
<div>
<i><br /></i></div>
<div>
Now once you've configured your VPN, reboot and try connect your device. You will need to set the username, password and passphrase you had earlier in the npppd-users file. If you have any errors check /var/log/messages log file for hints on what's wrong.</div>
<div>
<br /></div>
<div>
With this configuration I'm able to get 15Mb down and up through the VPN on my Lumia 930, my home FTTP (Fibre To the Premise) connection only has 20Mb upload, so all in its not too shabby taking into count the internet is otherwise in use by my family and the VPN overhead. </div>
<div>
<br /></div>
<div>
PS: My work where I tested it for optimal performance has a 1Gb dedicated fibre line and I'm connected to a Cisco WAP371 AC wireless router no more than 3 metres away, so that wouldn't slow anything down either.</div>
<div>
<br /></div>
<div>
If you have any issues, just ask and I'll do my best to help, don't post any configuration files without altering sensitive data, like passwords, username and the passphrase.<br />
<br />
<br />
PS: Thanks go to the guys at the BSD Now podcast for linking to my BSD blog articles :) Keep up the good work guys, I am an occasional listener!</div>
<div>
<i><br /></i></div>
Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com10tag:blogger.com,1999:blog-2299558191497942914.post-45719695736438946862015-07-31T23:21:00.002+01:002015-07-31T23:21:55.998+01:00Raspberry Pi 2 B Entertainment CentreWell I've had my RPi2 since it was launched and its been in its box waiting for FreeBSD to release an RPi2 compatible image or Microsoft to release a beta of Windows 10 IoT for it. That was until I decided to turn it into retro gaming box! I've detailed most of what I've done to my Pi mostly for my reference, if this helps other people out, then that's great!<br />
<br />
I've also tried to include links to other peoples work that has helped me out, if I've not linked to your content, do let me know and I'll happily edit the post to include your work.<br />
<br />
All commands or text should be typed as you see them, this is Linux and its case sensitive.<br />
<br />
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">Black background with green text are commands.</span><br />
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;">Black background with white text is plain text to copy & paste or type.</span><br />
<br />
What you'll need at a minimum:<br />
<br />
<ul>
<li>RPi2 £26 ex-vat</li>
<li>2A power supply with 1m lead £5, using an underpowered supply or too long a power cable will result in a rainbow box in the top right corner and hinder performance, possibly causing damage to the components. So try to use an original Pi power supply.</li>
<li>RPi2/B+ case, preferably with fan hole or make your own £5</li>
<li>Heatsink, preferably with self adhesive thermal tape £2</li>
<li>microSD card, I recommend a class 10, 16Gb or higher. ~£6+ depending on capacity</li>
<li>HDMI cable, with VGA/DVI or Display Port adapter if required ~£5</li>
<li><a href="http://blog.petrockblock.com/retropie/" target="_blank">Retropi image</a></li>
<li>Controllers, decide what games you'll be playing and purchase the correct USB controllers - or use a PS3 controller with USB cable like I do at the moment (I'll switch over to wireless as soon as I get a USB bluetooth adapter, but wired doesn't bother me at the moment)</li>
<li>ethernet cable or wireless USB adapter</li>
<li>Know how to find the IP of your Pi.</li>
</ul>
<br />
<br />
<br />
I turned to Retropie which is a preconfigured version of Raspian which boots straight into emulationstation. You can purchase roms legally from the likes of Sega on Amazon or even rip your own roms with a small device for not a lot of money with the <a href="http://www.infiniteneslives.com/kazzo.php" target="_blank">Kazzo</a> or maybe you still own the games and want to source them elsewhere and not go through the hassle of ripping them yourself... well that's your choice. But wouldn't ripping them yourself be so much more FUN?<br />
<br />
<h3>
Starting out with the basics</h3>
So anyway, download Retropie and use <a href="http://sourceforge.net/projects/win32diskimager/" target="_blank">Win32diskimager</a> and a SD card adapter to write the Retropie image to your microSD card, I've got a 32Gb Class 10 Samsung which works great.<br />
Power up your pi and you'll get emulationstation after a moment which will prompt you to configure your controller, which might even be a keyboard. Wooooooo!<br />
<br />
Now you've got a bunch of shareware games to play ... not very exciting. So pop a USB stick into the pi, give it a minute and it will create a directory structure on the stick, now go plug the stick into your computer, navigate to the correct rom directory and place your files there, plug the USB stick back into your pi and give it a few minutes while Retropie copies the files to the correct location, the green LED should stop flashing when its finished copying the files. You could also copy them over the network to the shared folder on the pi.<br />
<b><u><br /></u></b>
<b><u>Note:</u></b> The beta of Retropie 3 that I'm using doesn't do the autocopy, so use 2.x or copy them manually and the USB stick should also be FAT32 formatted, Windows doesn't allow greater than 32Gb FAT32 disks so use another <a href="http://www.ridgecrop.demon.co.uk/index.htm?guiformat.htm" target="_blank">tool to do that job</a>.<br />
<br />
You may need to exit emulationstation to refresh the list of games, so hit F4 then type emulationstation from the command line and check if your games are showing, if they aren't make sure they're not zipped or in another format and make sure they have the correct file extension for the emulator you're going to use. Refer to the <a href="http://www.emulationstation.org/" target="_blank">emultationstation</a> website for further details if you're stuck.<br />
<br />
You can install and configure a bunch of other things if you drop to command line by hitting F4 from emulationstation or SSH'ing using putty then typing:<br />
<br />
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">sudo raspi-config</span><br />
<span style="font-family: inherit;"><span style="background-color: white;">and expand the filesystem, exit and type</span></span><br />
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">sudo reboot</span><br />
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;"><br /></span>
<span style="background-color: white; font-family: inherit;">Once you've rebooted, drop to command line again and type:</span><br />
<span style="background-color: black; color: lime;"><br /></span>
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">cd RetroPie-Setup/</span><br />
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">sudo retropie_setup.sh</span><br />
<br />
<br />
One thing you might want to do while you are there is to install Kodi under the experimental packages, we'll do more with that later. You should also configure your controllers from here, under Setup then Configure input devices.<br />
<br />
<h3>
Overclocking</h3>
This isn't really needed, but hey we're having fun so lets have even more fun! While in the command line you can, if you have a heatsink and fan, overclock your pi safely like this, but I take no responsibility for you choosing to do this. This gives you an extra 200Mhz per core without voiding your warranty:<br />
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">sudo nano /boot/config.txt</span><br />
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;"><br /></span>
type/paste this at the bottom of the file, check for typo's:<br />
<div style="text-align: justify;">
<span style="background-color: black; font-family: 'Courier New', Courier, monospace;"><span style="color: white;">arm_freq=1100</span></span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;">core_freq=500</span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;">sdram_freq=500</span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;">over_voltage=6</span></div>
<div>
<br /></div>
<div>
next create a <a href="http://blog.petrockblock.com/forums/topic/continuous-monitoring-of-temperature-via-ssh/" target="_blank">script to check your CPU temps</a>:</div>
<div>
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">touch checktemp.sh</span></div>
<div>
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">chmod +x checktemp.sh</span></div>
<div>
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">nano checktemp.sh</span></div>
<div>
<br /></div>
<div>
and type or paste this in:</div>
<div>
<br /></div>
<div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;">#!/bin/bash</span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;">echo "Press [ctrl+c] to end monitoring"</span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;">echo ""</span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;">while true</span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;">do</span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;"> vcgencmd measure_temp</span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;"> sleep 3s</span></div>
<div style="text-align: justify;">
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;">done</span></div>
</div>
<div>
<br /></div>
<div>
now to check your temps either remotely via ssh or command line - useful for keeping an eye on them while gaming or watching videos with the overclock, type:</div>
<div>
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">./checktemp.sh</span></div>
<div>
<br />
<br />
<h3>
Gaming</h3>
<div>
So by now you should have your controllers configured (let the script time out if you don't have a controller with all the buttons it asks for) and a bunch of games ready and raring to go. If you have any issues with the size and position of the game or if it doesn't perform too well you can press x or m just after selecting the game you want to play, this will bring up a configuration screen where you can change emulator, resolution etc.</div>
<div>
<b><u><br /></u></b></div>
<div>
I have a PS3 controller I use with USB BT dongle I also have USB NES, SNES and PlaySEGA controllers for when I want the retro feel. Mostly they gather dust.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<b><u>Note:</u></b> that the items under Ports will not use the controller but the keyboard, so make sure you've configured that too. If you find a way to enable the controllers here, let me know as I've not had a look at doing that yet.</div>
<div>
<br /></div>
<div>
<u style="font-weight: bold;">Note II:</u> If you have everything setup as you like, now would be a good time to take a backup of your image using Win32diskimager again, but instead of using write, use read.</div>
<br />
<br />
<h3>
Media Centre time!</h3>
So now you've been playing games and you would like to do something else with your Pi to enhance the experience or save having to purchase a second for watching films, TV shows or listening to music.<br />
<br />
This is where installing <a href="http://kodi.tv/" target="_blank">Kodi </a>earlier comes into play.<br />
<br />
You can find Kodi under the Ports, you'll need to use a keyboard and mouse here at first. We'll get onto changing that a in a bit.<br />
<br />
So under Kodi you can go into System, file manager and add locations, such as a shared drive or NAS so it can see all your TV recordings, family photos and music.<br />
<br />
But you can also add other peoples hard work to your Kodi install relatively easily, doing so is likely going to be different depending on how they setup their Kodi. I chose a particularly good custom build I was shown by a friend, its got a lot preconfigured and regularly updated.<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Changing the function of the power button so it doesn't shutdown the Pi and rather gives me the options of what I want to do, so I can shutdown or reboot which will get me back to emulationstation. Unfortunately the Exit option doesn't return you to Emulationstation. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
So drop to command line again, you will need to reboot the Pi if you are in Kodi.</div>
<div class="separator" style="clear: both; text-align: left;">
and type:</div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">cd .kodi/userdata</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">sudo nano guisettings.xml</span></div>
press <span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">control+w</span> and type/paste in <span style="background-color: black; color: white;">PowerBtnAction</span><span style="background-color: white;"> and</span> hit enter<br />
this will find what we need to modify, now delete the word <span style="background-color: black; color: white;">Exit</span> and type/paste the below where that word was between the > and <<br />
<span style="background-color: black; color: white; font-family: Courier New, Courier, monospace;">ActivateWindow(shutdownmenu)</span><br />
<br />
<br />
Using a PS3 controller in Kodi to Navigate your way around:<br />
http://blog.petrockblock.com/forums/topic/kodi-tab-in-emulationstation/<br />
<br />
The alternative is to find a Kodi remote on your smartphone's app store, there are apps on Android, iOS and Windows Phone, and setup the remote control bit in Kodi, to do that go to System > Settings > Services > Web Server and enable the control of Kodi using remote http, set your port, username and password, load your app up and setup the connection using your Raspberry Pi's IP, the port, username and password you set. This won't let you make your way from emulatiuon station to Kodi, so you'll need to use your controller to get to Kodi then your smartphone app to control Kodi or just stick with the controller ...<br />
<br />
Unfortunately at this time there is no way of getting <a href="http://mymediaexperience.com/integrate-netflix-and-hulu-into-xbmc/" target="_blank">Netflix working directly</a> on the Pi, you'll need a subscription service called PlayOn and a Windows computer to install it on in addition to your Pi ... That's not an elegant solution. It's a shame as I enjoy Netflix's content.<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<h3 style="clear: both; text-align: left;">
Shutdown button</h3>
<div>
So I decided to do a shutdown button rather than use the reset header pins which cuts the power and juices it up when a momentary switch it used and pressed down and released and solder some pins in there with a switch. Doing this can corrupt your SD card or some files and cause things to go awry.<br />
<br />
I won't go into to much detail as its well covered elsewhere on the interwebs, if you decide to go for one, use the Safe Shutdown switch in this <a href="http://www.raspberry-pi-geek.com/Archive/2013/01/Adding-an-On-Off-switch-to-your-Raspberry-Pi">link here</a>.</div>
<br />
If you want you can then also add the Reset Switch option to completely cut power to the Pi using a rocker switch instead of a momentary switch.<br />
<br />
<br />
Well, I hope you've found this helpful and if you have any comments or suggestions just shout! </div>
Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-20933676808466237592015-07-31T23:08:00.000+01:002015-07-31T23:08:20.374+01:00Windows 7 x64 slow computers, no free ram available!A few months ago a client reported that all their computers started becoming slow at times, my first thought was a virus on the network because it was ALL the computers and they had been infected with CryptoWall previously, however a lot of scanning with their AV and additional programs found nothing.<br />
<br />
When ever we got control of their computers we couldn't find any viruses, we couldn't see the problem, so I started looking elsewhere.<br />
<br />
All their profile data is redirected to the servers, so I started looking at the network.<br />
They're in a nice serviced building who take care of the cabling and a bunch of the sockets will only connect at 100Mb, they also have old Netgear switches. I'm no fan of Netgear,we've had a tonne of problems with Netgear equipment over the years and much prefer Cisco gear.<br />
<br />
Unfortunately replacing the switches wasn't an option without sufficient proof they were at fault so the search continued. Whilst I was attending a scheduled visit I took a look at the computers and found that one instance of svchost.exe was using over 1Gb of RAM!<br />
<br />
Loading up <a href="https://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx">Process Explorer from Sysinternals</a>, I managed to track down what was consuming the RAM. Surprisingly it was Windows Update! Windows freaking UPDATE!<br />
<br />
Why the heck would it consume all that memory, almost constantly? A bit of digging and it seems like late last year/early this year others started having the same problems with Windows Update with no real reason found, no update in particular causing this.<br />
<br />
The only thing I could find was to change the default Windows Update GPO's to tell Windows to check for updates less often than once an hour which is the default, I set it to 22hours which was the max allowed as there is also a ± 2hour variance in the schedule. (When I remember the exact setting I'll update this post, sorry).<br />
<br />
Within a day they reported their computers were noticeably better! Well except one PC which even after removing from any OU's to prevent the GPO's from applying and rebooting many times, made no difference to it, disabling Windows Updates on that machine does help, but its no fix, its a bodge. Removing it from the domain, readding, reinitializing Windows Updates, etc still no joy, so this sucker is being reinstalled soon, for now its a scheduled task to start Windows Updates overnight and stopping it during working hours. Horrible non-standard fix (read as bodge), but sometimes a tech's gotta do what a tech's gotta do.Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-15815853539661121922015-07-31T20:06:00.000+01:002015-07-31T20:06:00.505+01:00Pinning Hyper-V to Taskbar in Windows 10So I've installed Windows 10 Enterprise at work, added the Hyper-V feature, great? I can now run my VM's again right? Yes, I can, if I could find Hyper-V !<br />
<br />
It doesn't show up in the Start Menu, it doesn't show up in the search.<br />
<br />
I thought sod opening MMC and adding it in and saving it.<br />
<br />
Go to C:\Windows\system32 and find virtmgmt.msc, right click it and choose pin to Start, go to your Start menu, right click Hyper-V Manager and choose pin to taskbar.<br />
<br />
You can't just drag it to the taskbar currently and have to first pin it to Start, I hope this is a bug Microsoft fix. This 'fix' will probably also work for other MMC Snap-in's that Windows 10 doesn't find after installing their features.Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-79593258191005083152015-07-27T23:11:00.003+01:002015-12-28T00:39:09.508+00:00OpenBSD router - BT Home hub 5 replacementAs we deploy OpenBSD based routers at work I decided to pimp up my home broadband in the same style! At work we use purpose built, low power devices, at home, I'm using an old Dell Optiplex 760 Core2Duo with a second NIC.<br />
<br />
The onboard NIC is an Intel 1Gbps unit and the secondary is a Broadcom 1Gbps unit I salvaged.<br />
Fortunately both have good support with OpenBSD.<br />
<br />
At home I have Fibre to the Premise/Home from BT, currently on the mid level package 160Mbps - I'm not paying over the odds for the current 300Mbps package which is £50 at present. I am looking forward to BT's rollout of <a href="http://www.btplc.com/News/Articles/ShowArticle.cfm?ArticleID=1F647C20-6F61-4E0F-A545-E23443E128AB">G.FAST</a> which they're about to trial out in Swansea which still uses copper to the distribution point, the new product will be called FTTdp. What exactly this means for those of us with FTTP, I'm not sure, but I hope we get matching speeds or more than FTTdp.<br />
<br />
So I installed OpenBSD 5.7 on the Dell, it's pretty easy, but not covered here. Once installed I wrote the following files to get the box 'dialled' up to BT, they're the generic BT credentials anyone with a non-BT Home Hub can use, they are the authname bthomehub@btinternet.com and password is BT, you apparently use your BT account login credentials.<br />
<br />
Thus far I'm getting slightly faster speeds than I was with the BT Home Hub 5 in operation.<br />
<br />
If you're not using a home brew OpenBSD router and some other router, then skip on down a bit to find out how to use the BT Hub's as a wireless access point to extend your wifi, you can use this with BT Hub 3,4 and 5's - so if you've got your old ones laying around you can use those to give you better wifi in areas where you may have sketchy wifi in your home.<br />
<br />
<h3>
<b>OpenBSD router config, edit the files as below replacing em0 and bge0 for your own NIC identifiers.</b></h3>
<br />
<b>File: /etc/hostname.em0 (em0 is a Intel NIC)</b><br />
<i> descr "WAN"</i><br />
<i> up</i><br />
<i><br /></i><b>File: /etc/hostname.bge0 (bge0 is a Broadcom NIC, this is a PCIe card)</b><br />
<i> descr "Internal Network"</i><br />
<i> inet 192.168.1.254 255.255.255.0 NONE</i><br />
<br />
<b>File: /etc/hostname.pppoe0 (ppp "dial up" interface)</b><br />
<i> inet 0.0.0.0 255.255.255.255 NONE \</i><br />
<i> pppoedev em0 authproto chap \</i><br />
<i> authname bthomehub@btinternet.com authkey BT up</i><br />
<i> dest 0.0.0.1</i><br />
<i> !/sbin/route add default -ifp pppoe0 0.0.0.1</i><br />
<i><br /></i><b>File: /etc/dhcpd.conf</b><br />
<i> subnet 192.168.1.0 netmask 255.255.255.0 {</i><br />
<i> option routers 192.168.1.254;</i><br />
<i> option dhcp-lease-time 2592000;</i><br />
<i> option domain-name-servers 194.74.65.69, 194.74.65.68, 194.72.0.114, 8.8.8.8, 8.8.4.4;</i><br />
<i> range 192.168.1.10 192.168.1.200;</i><br />
<i> }</i><br />
<div>
<br /></div>
<div>
<b>File: /etc/myname (Setting the hostname of the router, this can be just about anything you want)</b></div>
<div>
<i>Router</i></div>
<div>
<i><br /></i></div>
<div>
<b>File: /etc/resolve.conf (DNS resolvers in here, without configuring this you have no DNS)</b></div>
<div>
<div>
<i>nameserver 194.72.0.114 #BT DNS server</i></div>
<div>
<i>nameserver 194.74.65.69 #BT DNS server</i></div>
<div>
<i>nameserver 8.8.8.8 #Google DNS server1</i></div>
<div>
<i>nameserver 8.8.4.4 #Google DNS server2</i></div>
</div>
<div>
<i><br /></i></div>
<div>
<b>File: /etc/rc.conf.local (Daemon's / Services here, you may not need all, depending if you want VPN access into the network or not)</b></div>
<div>
<div>
<i>sshd_flags="" #Enables SSH access</i></div>
<div>
<i>dhcpd_flags="" #Enables DHCP Daemon/service</i></div>
<div>
<i>ntpd_flags="-s" #Enables Network Time Protocol server</i></div>
<div>
<i>isakmpd_flags="-K" #Enables VPN Daemon, I'll be using this!</i></div>
<div>
<i>ipsec=YES #Enables IPSEC</i><br />
<i>ftpproxy_flags="" #Enables the FTP Proxy service used in pf.conf</i></div>
</div>
<div>
<i><br /></i></div>
<div>
<b>File: /etc/pf.conf (This is the firewall config file)</b></div>
<div>
<div>
<i> IF_WAN = "pppoe0" #creates a variable for WAN, quicker updating by changing this only</i></div>
<div>
<i> IF_LAN = "bge0" #Creates a variable for LAN, in case I change the card/type later on</i></div>
<div>
<i><br /></i></div>
<div>
<i> set skip on { lo, enc } #skips filtering loop back interface</i></div>
<div>
<i> set block-policy drop #drops any packets not dealt with below</i></div>
<div>
<i><br /></i></div>
<div>
<i> block in #Blocks all incoming packets</i></div>
<div>
<i> pass out #Passes out any packets</i></div>
<div>
<i><br /></i>
<i> #FTP Proxy to allow FTP traffic correctly, this needs to be before your NAT rules</i></div>
<div>
<i> anchor "ftp-proxy/*" #Proxies all FTP traffic</i></div>
<div>
<i> pass in log on $IF_LAN inet proto tcp from $IF_LAN:network to !$IF_LAN \ port ftp flags S/SAFR </i><i>modulate state divert-to 127.0.0.1 port 8021</i><br />
<i><br /></i></div>
<div>
<i> #NAT's the LAN traffic to WAN, which is pppoe0 NOT em0 as its the dialling interface, also alters the MTU to 1440 as I had issues with a higher MTU</i></div>
<div>
<i> match out on $IF_WAN from $IF_LAN:network nat-to ($IF_WAN:0) scrub (no-df max-mss 1492)</i></div>
<div>
<br /></div>
<div>
<i><br /></i></div>
<div>
<i> #Allows Anything on the LAN to talk to the router</i></div>
<div>
<i> pass in on $IF_LAN from $IF_LAN:network</i></div>
<div>
<i><br /></i></div>
<div>
<i> #Allows response to pings</i></div>
<div>
<i> pass in inet proto icmp to $IF_WAN icmp-type { echoreq, unreach }</i></div>
</div>
<div>
<br /></div>
<div>
<b>File: /etc/sysctl.conf (enabling different system calls)</b></div>
<div>
<div>
<i> net.inet.ip.forwarding=1<span class="Apple-tab-span" style="white-space: pre;"> </span># 1=Permit forwarding (routing) of IPv4 packets</i></div>
<div>
<i> net.inet.ip.mforwarding=1<span class="Apple-tab-span" style="white-space: pre;"> </span># 1=Permit forwarding (routing) of IPv4 multicast packets</i></div>
<div>
<i> net.inet6.icmp6.rediraccept=1<span class="Apple-tab-span" style="white-space: pre;"> </span># 1=Accept IPv6 ICMP redirects (for hosts)</i></div>
<div>
<i> net.inet6.ip6.accept_rtadv=1<span class="Apple-tab-span" style="white-space: pre;"> </span># 1=Permit IPv6 autoconf (forwarding must be 0)</i></div>
</div>
<div>
<i><br /></i></div>
<div>
<i><br /></i>
Once you've edited your config files, connect the BT Openreach modem to your WAN port and reboot, looking for errors during boot.</div>
<div>
Check ifconfig for pppoe0 to make sure its 'dialled up'.</div>
<div>
do pings to external IP's and hostnames to check connectivitiy, maybe ever hook up a machine to the LAN port and see if it can connect to the internet.</div>
<div>
<br /></div>
<div>
The pppoe0 section of ifconfig will look like this, this can be checked with the command:<br />
<i><b> ifconfig pppoe0</b></i><br />
<br /></div>
<div>
<div>
<i> pppoe0: flags=8851<up> mtu 1492</up></i></div>
<div>
<i> priority: 0</i></div>
<div>
<i> dev: em0 state: session</i></div>
<div>
<i> sid: 0xf PADI retries: 4 PADR retries: 0 time: 02:51:40</i></div>
<div>
<i> sppp: phase network authproto chap authname "bthomehub@btinternet.com"</i></div>
<div>
<i> groups: pppoe egress</i></div>
<div>
<i> status: active</i></div>
<div>
<i> inet MY.BT.WAN.IP --> 172.16.12.23 netmask 0xffffffff</i></div>
</div>
<div>
<br /></div>
<div>
<i><br /></i>
<br />
<h3>
<b>BT Homehub config</b></h3>
<i><br /></i></div>
<div>
Now that I have the OpenBSD box connected to BT's network, I still need WIFI, dammit!!!</div>
<div>
<br /></div>
<div>
So to re-purpose the BT Hub's all you need to do is:</div>
<div>
<ol>
<li>connect a PC/Laptop to the hub via ethernet</li>
<li>Set a static IP on your ethernet adapter on the PC itself, make sure its in the same range as your LAN.</li>
<li>Goto its webpage http://192.168.1.254</li>
<li>Goto Advanced settings and login</li>
<li>Goto Firewall, configuration, and set to disabled.</li>
<li>Goto Home Network, IP Addresses, turn off DHCP</li>
<li>Change IP from .254 to say .200, conveniently out of the DHCP scope I set on the OpenBSD router</li>
<li>Wait a couple minutes and try get to to http://192.168.1.200, if you can't then yank out the BT Hub's power and plug it back in and try again, if you've done the above correctly you'll get into the Hub.</li>
<li>Connect the Hub to your LAN port on the OpenBSD router, and any other devices to your Hub.</li>
<li>Confirm your network works and you can get online.</li>
<li>Remove the static IP you set and confirm you get a DHCP lease and can still get online.</li>
</ol>
</div>
<div>
Providing I've not missed anything and you've followed my directions, you should now be up and running with a home brew OpenBSD router, using your BT Hub as a WIFI access point, if neither of those are at fault then the stars aren't aligned with the planets in our neighbouring galaxy Andromeda.<br />
<br />
<h3>
Installing extra software on your router</h3>
<br />
To install binary packages, the preferred method of installing software not in the base install you should use pkg_add, however to do this you need to tell it where to get the packages from and to do this you simply type:<br />
<br />
<b><span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">echo "export PKG_PATH=ftp://mirror.exonetric.net/pub/OpenBSD/5.7/packages/amd64/" >> .profile</span></b><br />
<br />
You will probably want to change the ftp server, I've tested the speeds of each UK server and found exonetric's to be the "closest" in terms of hops on the internet, yes, I live in Oxford but there are 7 more hops from myself to the Oxford Uni's mirror than there are from myself to exonetric's mirror, this is just how my ISP and no doubt most ISP's route traffic back to London first then back out to the internet.<br />
<br />
Now to install software you just type the below with < and > and choose from the list if asked relating to the software you want to install:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;"><b>pkg_add <pkgname></pkgname></b></span><br />
<br />
<br />
PS: Thanks go to the guys at the BSD Now podcast for linking to my BSD blog articles :) Keep up the good work guys, I am an occasional listener!</div>
Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-29872052933752497342015-04-30T06:30:00.000+01:002015-04-30T06:30:02.927+01:00Outlook automapped mailbox could not be expandedSo the other day I had to grant a user permission to another users mailbox, straight forward you may think? Not so this time!<br />
<br />
After granting the permissions as you normally would, giving it a moment and relaunching Outlook, we couldn't expand the mailbox and received the error "Cannot expand the folder".<br />
<br />
I rechecked everything and the user had full permissions according to the 365 Admin portal.<br />
<br />
I then decided to fire up powershell and see what it said, and to my surprise - it too said the user had full access to the other users mailbox!<br />
<br />
Weird huh?<br />
<br />
Yeah, I thought so too.<br />
<br />
Not to waste having logged into Powershell I removed and added the permissions back with the commands below, checked it was set in Powershell and 365 Admin portal - all looked good so fired up Outlook again - HUZZAH! I could now open and browse the mailbox!!!<br />
<br />
So to remove and add full permissions use the commands below:<br />
<br />
<br />
<ul>
<li style="margin-bottom: 0.1em;"><span style="background-color: black; color: lime; font-family: Courier New, Courier, monospace;">Remove-MailboxPermission -Identity [email address or alias of user whose mailbox needs no longer to be shared] -User [email of user that needs access revoking] -AccessRights FullAccess -InheritanceType All</span></li>
</ul>
<ul>
<li style="margin-bottom: 0.1em;"><span style="background-color: black; line-height: 1.5em;"><span style="color: lime; font-family: Courier New, Courier, monospace;">Add-MailboxPermission -Identity [email of user whose mailbox needs sharing] -User [email of user that needs access] -AccessRights FullAccess -InheritanceType All</span></span></li>
</ul>
Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-90486769592978851882015-04-29T21:33:00.006+01:002015-04-29T21:33:51.495+01:00Office 2010 not working after changing product keySo after rolling our a machine which was installed via WDS I went to change the product key on the Office 2010 installation, as per usual I navigated to Programs and Features in Control Panel, found office, clicked Change and chose the Change Product Key option, went through the wizard, rebooted and to my horror Office said it couldn't activate and closed after clicking OK.<br />
<br />
It's the first time in years I'd come across this problem and lots of articles said to do this, that and the next thing, even on the Microsoft community forums there were a million ways to fix this and none of them worked.<br />
<br />
One of the answers was to use <a href="http://pxc-coding.com/portfolio/office-key-remover/" target="_blank">this app</a> which asks which version of Office you have installed, but upon running it it said it could find no information about the Office install - I guess this is why Office was failing to activate.<br />
<br />
A bit more digging and I found another site with some reg files you run ... Whoa, hold your horses! Before running any program or registry mods found on the internet, I suggest first researching the app , running it in a VM to make sure its safe and scanning it with <a href="http://www.virustotal.com/" target="_blank">Virus Total</a> and opening the reg files in notepad to check they're not going to do anything nasty. Always. No exceptions.<br />
<br />
I found <a href="http://whitepages.unlimitedviz.com/2010/05/how-to-completely-remove-all-traces-of-office-2010-from-your-system/" target="_blank">this blog</a> which describes his own troubles which were different, but we needed the same end goal - to remove all traces of Office having been installed. I removed Office 2010 through Programs and Features then ran the reg files, rebooted, reinstalled Office 2010 with the correct product key - et voila it now activated and worked like a Office product should. Please do head over to his site and have a read of his post too.<br />
<br />
Having read the comments I noticed Microsoft had put out out a Fixit to remove Office when you were unable to remove office normally, but decided as I was able to remove Office I would proceed with the reg files instead.<br />
<br />
Here's the Fixit in case you are unable to remove office in the usual manner: https://support.microsoft.com/en-us/kb/971179<br />
<br />
and a mirror of <a href="https://docs.google.com/uc?export=download&id=0B4p9cy_9kVM5dDlIZEFqT0huMHM" target="_blank">Office Scrubber</a> files "just in case".Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-30905863812090946992015-04-01T21:54:00.000+01:002015-04-01T21:54:24.314+01:00MS-DOS Mobile v1 - Microsoft's best April fools?Today Microsoft released MS-DOS Mobile v1, along with a video on youtube which you can watch <a href="https://www.youtube.com/watch?v=irJQDGw8Ptk" target="_blank">here</a>. So being the MS fanboy I am I installed it on my Lumia 930 and had a play around with it and took a *few* screenshots.<br />
<br />
Welcome to MS-DOS Mobile v1!<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVhut4h8VB_MpmL4kmKdVp2b0kFhhBgNxBUWMw2Lvl0mMkhoab0w-wyz5eIC4NGpIB9crf1p3xBzMaw7AeNQRNCPdJh96p4B0td-WvOgVqqwh6DPOr-r8Ffw8pIIJ8GTz8XN6P7WR7xk3Y/s1600/wp_ss_20150401_0001.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVhut4h8VB_MpmL4kmKdVp2b0kFhhBgNxBUWMw2Lvl0mMkhoab0w-wyz5eIC4NGpIB9crf1p3xBzMaw7AeNQRNCPdJh96p4B0td-WvOgVqqwh6DPOr-r8Ffw8pIIJ8GTz8XN6P7WR7xk3Y/s1600/wp_ss_20150401_0001.png" height="320" width="180" /></a></div>
Not quite as many files as I remember being in the DOS dirctory...<br />
<br />
Full keyboard access, fantastic! It's what I always dreamt of!<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXadDE9aYXo2AaKBNkYHle4gEYkGMFhIyeiYVPmo15VEUbXVjcQXekHUgxNZP8UZmoy60qbgPqjxfEh33TROp-0NrMOKVUaigoZl8DhkHulbcXKiHjoRnuFY8UAzwV8JNKRTEJ5kSIH8KJ/s1600/wp_ss_20150401_0002.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXadDE9aYXo2AaKBNkYHle4gEYkGMFhIyeiYVPmo15VEUbXVjcQXekHUgxNZP8UZmoy60qbgPqjxfEh33TROp-0NrMOKVUaigoZl8DhkHulbcXKiHjoRnuFY8UAzwV8JNKRTEJ5kSIH8KJ/s1600/wp_ss_20150401_0002.png" height="320" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
You can even use 'edit' to well ... edit the autoexec.bat and config.sys files, just like the good old days!</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbT6DRpTdn7GR91N0TTDxI-vxNt-39K4IyPENOwNA-VDvOy69wkDQqnU24CQ8vSZqJrjN8d2xuszUTAHZYynbx5X-yDi0mj1t8Mub5qBBFCV2IpqbT7jScu0YfgrDerVqK2VylM53DgM32/s1600/wp_ss_20150401_0003.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbT6DRpTdn7GR91N0TTDxI-vxNt-39K4IyPENOwNA-VDvOy69wkDQqnU24CQ8vSZqJrjN8d2xuszUTAHZYynbx5X-yDi0mj1t8Mub5qBBFCV2IpqbT7jScu0YfgrDerVqK2VylM53DgM32/s1600/wp_ss_20150401_0003.png" height="320" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
You can even make calls from MS-DOS Mobile v1! Admittedly it just launches the standard phone app and you can't have spaces in the number or NAME, yes you can give it a name, but the name can't have spaces in it ... I'm sure by v1.1 they'll have worked out this bug.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhj8RwNCyH97n_bgbJeAaeAUKnK5wb1-L1-ZfSfspGUyj7-KuTNDOVRf66JrkWvMfzNsrM28rpuKX4jr9qg6KD6HdY0qD-0YOnz4RNbEfvMN_VJO3XUWz_E-ASXVkMuxl1nhV1PZ6F96nHD/s1600/wp_ss_20150401_0006.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhj8RwNCyH97n_bgbJeAaeAUKnK5wb1-L1-ZfSfspGUyj7-KuTNDOVRf66JrkWvMfzNsrM28rpuKX4jr9qg6KD6HdY0qD-0YOnz4RNbEfvMN_VJO3XUWz_E-ASXVkMuxl1nhV1PZ6F96nHD/s1600/wp_ss_20150401_0006.png" height="320" width="180" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
and yes, you even get Windows 3.1 with it, talk about a give software give away?! Do they still charge any ANYTHING any more? It even starts with the classic DAA-DIIIING! </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjekfdUIVpyABfSPJZ3JnjNhRt-oBzoGkGfD9VvYuMb2OYhoXUVYLc4TMNLKs3DhlM6OHJAcO7Sr3MzgwL9rXqBoIY8W4yOmNphJ0Ww5Ytb3HFwJdVSdG1BD5CjAAR4NN-MacBQIcMmBV-y/s1600/wp_ss_20150401_0007.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjekfdUIVpyABfSPJZ3JnjNhRt-oBzoGkGfD9VvYuMb2OYhoXUVYLc4TMNLKs3DhlM6OHJAcO7Sr3MzgwL9rXqBoIY8W4yOmNphJ0Ww5Ytb3HFwJdVSdG1BD5CjAAR4NN-MacBQIcMmBV-y/s1600/wp_ss_20150401_0007.png" height="320" width="180" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUXxQwvEwaQ9ioatgXgWwQ_seEiMUPddMZ7tQPq978fzIOZmItm11OU9Dp1UrIVVz6E6_r_MsWWw7ti4UetMODNYsdDkIYPAQDT71UsL4IWuevJTDgPer-Bs2MqcZLTc8r0CzQZg-35SNx/s1600/wp_ss_20150401_0008.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUXxQwvEwaQ9ioatgXgWwQ_seEiMUPddMZ7tQPq978fzIOZmItm11OU9Dp1UrIVVz6E6_r_MsWWw7ti4UetMODNYsdDkIYPAQDT71UsL4IWuevJTDgPer-Bs2MqcZLTc8r0CzQZg-35SNx/s1600/wp_ss_20150401_0008.png" height="320" width="180" /></a></div>
<br />
It was then time to explore that Game directory...<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1r4Db9X_z3B5xGoB69n31tFLDwksOZZiC0F6zlMP3Lh0ZoPJGbdfXEHrLXRGL7LYOzEjWTpmGSnQXXYc2B70CH_T9Bl93ak9R1e8ogrl2z-3wGET9bZFHLyDwUG-vAw7VYA2CVam0hv9g/s1600/wp_ss_20150401_0011.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1r4Db9X_z3B5xGoB69n31tFLDwksOZZiC0F6zlMP3Lh0ZoPJGbdfXEHrLXRGL7LYOzEjWTpmGSnQXXYc2B70CH_T9Bl93ak9R1e8ogrl2z-3wGET9bZFHLyDwUG-vAw7VYA2CVam0hv9g/s1600/wp_ss_20150401_0011.png" height="320" width="180" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEha4F7usCXyDgG3qd5F2DeCI8iCvwCwI74MOMBJMGlYXNiFzedSDrpfxVpZf7l2yfEX9Qz_jaOoBFlf0LEeXmS8ZG7NJ077UQPUcJuRp4zzOpEE8KB_cR0SB2KuzksTdWoqnORmqNhVnPZA/s1600/wp_ss_20150401_0009.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEha4F7usCXyDgG3qd5F2DeCI8iCvwCwI74MOMBJMGlYXNiFzedSDrpfxVpZf7l2yfEX9Qz_jaOoBFlf0LEeXmS8ZG7NJ077UQPUcJuRp4zzOpEE8KB_cR0SB2KuzksTdWoqnORmqNhVnPZA/s1600/wp_ss_20150401_0009.png" height="320" width="180" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9JRPIh9qLGQXpALJbBuwFJ2wOKSBXOYJzIRs7SSh8B4VMK97DM1CQiXNCXrvgUAoSfCRXJOs9Cuj8JB1HoYJV84Vr2fgSWmX4XVlU_k-MftT_oZ5Kj8000RO7sFe_iaGlyqZGXcMQgt5U/s1600/wp_ss_20150401_0010.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9JRPIh9qLGQXpALJbBuwFJ2wOKSBXOYJzIRs7SSh8B4VMK97DM1CQiXNCXrvgUAoSfCRXJOs9Cuj8JB1HoYJV84Vr2fgSWmX4XVlU_k-MftT_oZ5Kj8000RO7sFe_iaGlyqZGXcMQgt5U/s1600/wp_ss_20150401_0010.png" height="320" width="180" /></a></div>
<br />
Ah yes, nothing like managing your memory, if you were ever lucky enough to have more than 640k you'll remember that pain ... ah yes, QEMM was the way to manage your memory, dump memmaker and use QEMM - its what all the cool kids did ;-)<br />
<br />
<br />
So what exactly is RPS.EXE ? Its Rock, Paper, Scissors of course - DUH! although the CPU only ever seemed to choose Scissors ... I'm sure by MS-DOS Mobile v1.4 they'll have this fixed.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjdHwv5xxSdC6Al7SmYlYZUeugS07e4TXsXFeA-HLDLEAKiIxP1GeHugjRJscalTrLS8UfjuwPskg_FmciqG4o22JvKK-LH1zUkDn3zVRNe9fh1m7R1hh5PZqnyBKdVzC1UKo4u2rGAPwr/s1600/wp_ss_20150401_0014.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjdHwv5xxSdC6Al7SmYlYZUeugS07e4TXsXFeA-HLDLEAKiIxP1GeHugjRJscalTrLS8UfjuwPskg_FmciqG4o22JvKK-LH1zUkDn3zVRNe9fh1m7R1hh5PZqnyBKdVzC1UKo4u2rGAPwr/s1600/wp_ss_20150401_0014.png" height="320" width="180" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKu5sKUqGBnJtskNl15nzueG67R2GDXhj9_3PvY1neMoDPmXQcncYs9MKQDqBHDcf87nuwIq7tJBCan-5ZPSGWIqhhTJdL1YXkMSbqxl55e_maqSpNuKcAJ9CFthXwbZ5YmhcPMw5FiAcB/s1600/wp_ss_20150401_0012.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKu5sKUqGBnJtskNl15nzueG67R2GDXhj9_3PvY1neMoDPmXQcncYs9MKQDqBHDcf87nuwIq7tJBCan-5ZPSGWIqhhTJdL1YXkMSbqxl55e_maqSpNuKcAJ9CFthXwbZ5YmhcPMw5FiAcB/s1600/wp_ss_20150401_0012.png" height="320" width="180" /></a><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE_RqJEIYevDUpO_k1rWBt9DG_6Qsn-0ClFpfTNmStCt6qBNCxJjVCsZ2dbldkRwTD1v9CrYuC8kwP9kO81XO_ZWDalXuafZT_j6c6SDuNsiHve43oYLqUeXhOCi4DDxVY7jt7tAq8FqUu/s1600/wp_ss_20150401_0013.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE_RqJEIYevDUpO_k1rWBt9DG_6Qsn-0ClFpfTNmStCt6qBNCxJjVCsZ2dbldkRwTD1v9CrYuC8kwP9kO81XO_ZWDalXuafZT_j6c6SDuNsiHve43oYLqUeXhOCi4DDxVY7jt7tAq8FqUu/s1600/wp_ss_20150401_0013.png" height="320" width="180" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
I won't spoil any more of the surprises hidden in this gem, so go find them yourself!<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-46607157926449489382015-04-01T21:21:00.001+01:002015-04-01T21:22:31.656+01:00Exchange 365 - give user permission to edit Distribution listHere's a quick run down of how to enable end users to edit distribution lists, this saves you time and gives department managers greater flexibility.<br />
<br />
Go to your company or clients Exchange Admin Centre, go to Permissions then user roles and create a RBAC by hitting the +, give it a good name and description. Under the Distribution groups section, tick the "MyDistributionGroups" option and any others you might need and save the RBAC, the default RBAC has all but the MyApps selected, remember this will replace the Default Role Assignment Policy for the user you assign your RBAC to.<br />
<br />
Now under recipients in the Exchange Admin Centre find the user and edit them, under mailbox features change their Role Assignment policy to that which you've just created and save.<br />
<br />
Now whilst still under recipients, click on Groups, find the group the user needs to manage and edit it, under ownership add the user to is to manage the group and save.<br />
<br />
Now the user should be able to open Outlook, click Address book, find the group and add/remove other users.Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-56621117570521173192015-03-24T20:10:00.000+00:002015-03-24T20:10:42.606+00:00Dropped my Lumia 930 in the dish washer!Yikes! What a scare I had today when I went to grab a fork from the dish washer at work.<br />
<br />
I stupidly pinned my phone between my shoulder and face while talking to my wife as I bent down to open the door and the blasted thing, which is in a cheap £4 dual layer case which has access to all the ports, mic's etc, slipped, slid down the half open dish washer door, sank to the bottom at the back of the damn dish washer ...<br />
<br />
Bad times.<br />
<br />
Whipped it out as quick as I could, dried it off with a dish cloth, the screen wasn't responding to touch oh crap. I finished cooking my lunch in the microwave, went back to my desk tried to dry out the ports with a paper towel and cotton ear bud - this doesn't really work.so well. But on are reboot (which is what happens if you hold the power down for long enough) the screen worked, so I could shut it down properly.<br />
<br />
I went into our workshop, fired up the air compressor and blasted all the ports - this probably pushed the water deeper, but hey ho. I then check youtube for a video on how to remove the back cover, which is actually pretty easy. There wasn't much water at all, just a small amount from where the water was lodged in the charging port scattered out over the top of the back assembly. I tried to remove the back assembly but ended up rounding 1 of the screws heads, so couldn't get it off entirely, but enough to see there was no water on any of the components!!!<br />
<br />
I then reassembled the phone and its been fine so far, touch wood!<br />
<br />
I've decided to get my daughter a Lumia 735 for the front facing camera as she loves selfies and dropping her phones in water, I'm hoping the 735 is just as water safe as the 930 - or more water safe than her android and feature phones she's had yet.Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-69641364615301274582015-03-20T23:57:00.003+00:002015-04-03T22:51:02.430+01:00Really, really, really useful OpenBSD commands you should never overlook...... when diagnosing performance issues which you normally don't see on Xeon server class systems with two physical CPU's and 8 cores on each and 16-64Gb ram.<br />
<br />
However now that we're deploying a heck load more Soekris devices running OpenBSD as routers with various functions we've learnt a lot more than just the basic OpenBSD admin tasks.<br />
<br />
One such Soekris 6501 has IKE two IKE VPN's to two external sites, one of which had shed load of bidirectional traffic which seems to affect the other VPN.<br />
<br />
The first thing to do when you suspect any device is being overloaded is to check processor usage using the 'top' command. We found that the it was hovering between 86% - almost 96% at its peak.<br />
Usually this is around 5% max, and still mostly around 99% idle on other Soekris 6501 units.<br />
<br />
The problem is that the Atom processors are not very powerful, think about the last time you used a netbook and were frustrated with the constant delays in doing tasks because it was so damn slow.<br />
<br />
Now you've got a comparatively slow CPU with NO hardware accelerated encryption/decryption capabilities trying to push 20MBps...<br />
<br />
Check your network throughput with 'systat ifstat 1' it shows ibytes (input) and obytes (output) on each interface including the enc* tunnels (VPN's). This is a great command for monitoring network throughput.<br />
<br />
There are some other systat options you can use, such as 'systat iostat', 'systat netstat', 'systat rules', 'systat states' and so on, I recommend checking out the man page for more options.<br />
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/systat.1?query=systat&sec=1<br />
<br />
Of course don't forget to also use the most basic commands, I recommend <a href="http://freeengineer.org/learnUNIXin10minutes.html" target="_blank">Learn UNIX in 10 minutes</a> to help you refresh your memory ;-)<br />
<br />
<br />Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-76650890680742059352015-03-19T22:53:00.001+00:002015-04-01T21:24:01.256+01:00scan machines on the domain to see who is logged inI got frustrated with not being able to find out who is logged into which computer on the 100's of customer domains we look after so wrote a little script to do it. I know of how to do it with a single computer, but who wants that half the time?<br />
<br />
Use ADTidy to get a list of computers, or csvde or whatever you want, I like ADTidy. Remember to filter out those you don't want and change the column to just Name, export to csv, rename csv to .txt and do a find and replace for double quotes " leaving the replace field as empty to remove all the quotes.<br />
<br />
copy and paste this into a text file and save as a .bat<br />
<br />
<blockquote class="tr_bq">
for /f "delims=" %%x in (list.csv) do echo %%x >> list.txt | qwinsta /server:%%x >> list.txt</blockquote>
<br />
Or you could even do it on IP's with the below, it will display the last octet of the IP as you will know the range its scanning, or alter it to include the full IP - I'll let you figure that out ;-)<br />
<br />
<blockquote class="tr_bq">
for /L %%x in (1,1,254) do echo %%x >> list.txt | qwinsta /server:192.168.0.%%x >> list.txt</blockquote>
<br />
Go get a coffee and some snacks, or move on to your next job, because this is going to take a while.Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-72723289230113700892015-02-12T23:06:00.000+00:002015-03-19T23:06:36.814+00:00Media hyperbole rantI'm so f**king sick of the media blowing things up to be bigger issues than they really are, not just in technology but in everything they report. This is why I've gave up on newspapers a long time ago! I barely watch the news now days too, because again a lot of it is crap and if something is true I'll hear about it on Facebook via BBC and other news sources that are semi-trustworthy.<div>
<br /></div>
<div>
The Daily Mail plain sucks at decent reporting, and yet they sell millions of newspapers. I used to work in a warehouse and saw the guys getting sucked in by the hyperbole spewed out by the crap factory's.</div>
<div>
<br /></div>
<div>
Dr. Oz and his miracle pills, potions and herbs is another clusterfuck of misrepresenting the truth.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Moral of the story, don't rely on a single source for news and always check facts.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Rant over.</div>
Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-605562308038507902014-08-08T18:39:00.000+01:002015-03-19T22:55:48.057+00:00Scammers using SysKeyWe had a home user give us a call saying he had a call from scammers who had convinced him to allow them to access his Windows 7 PC and had now 'irreversibly' locked the computer. He said he had called round a bunch of other companies in the area and they didn't want to touch it, being the helpful and being unable to say no to a challenge we took on the task.<br />
<br />
When we booted it up it was not what we expected, we didn't think it would be a hard job and most likely some sort of randsomware we could easily remove, alas it was syskey. Reading up on it, there seemed to be a lot of people claiming it can be done and various methods.<br />
<br />
One method mentioned was using <a href="http://www.microsoft.com/en-gb/windows/enterprise/products-and-technologies/mdop/dart.aspx" target="_blank">DaRT</a> from Microsoft and a load more using the ntoffline password re-setter from pogostick.net, and the other using chntpwd - none of these worked for us.<br />
<br />
Reading a bit more on what SysKey actually does gave me another idea on how to work around the issue, so I loaded up an Ubuntu Live CD from our Zalman drive which boots ISO's, tore into the Windows\System32\config directory renamed all the registry hives and copied the ones from the sub-directory RegBack to the config folder and rebooted while crossing fingers, toes, arms and legs crossed...<br />
<br />
Thankfully that worked a charm!Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-53484637937240933192014-05-17T10:15:00.002+01:002015-08-21T13:21:44.148+01:00Logging back into a locked Windows 8/8.1 machine failsA few of us in the office have found that if you lock your computer with Windows Key + L, when you come to unlock it, it might not recognise all your keystrokes and in fact seems to start Narrator. This is because Windows gets in a muddle and doesn't realise you've let go of the Windows Key about 18 hours ago.<br />
<br />
Workarounds until/if Microsoft fix this are:<br />
Change your password to not include a shortcut key using the Windows Key<br />
Use Control + Alt + Delete to lock your computer<br />
Use pin or picture passwords.<br />
<br />
<br />
Update:<br />
This seems to affect Windows 10 as well! Keeping using Control + Alt + Del to lock your computers!Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-55828289024686746742014-05-17T10:01:00.001+01:002014-05-17T10:01:53.258+01:00Windows updates, never overlook them! So we just took over the IT for a pretty large customer and the first request we had through was to look at a problem one of the 2003 terminal servers had with loading Twitter in "any of the installed browsers".<br />
<br />
They've got a LARGE network, multiple subnets on various IP ranges, ludicrously slow internet for their size which makes working on their systems remotely a bit of a pain! One of the pains is an old proxy server, which no one apparently has access too! Including their on-site IT guy (whose moving on to various other technology related projects for them while we handle the day to day IT stuff).<br />
<br />
Internet Explorer was giving an error saying the computer was on the internet but could not access the website and gave bunch of potential errors, Chrome reported an SSL error, however since HeartBleed Google had removed any way to proceed past the SSL errors.<br />
<br />
I tried some other SSL enabled sites and they all worked using IE and Chrome!<br />
<br />
I done my usual probing and questioning of the customers who use the server, done the usual network connectivity tests to twitter.com, including telnetting to the site on port 443, it worked as well as telnetting to port 443 does, so almost thought it was the proxy server for a while, that was until I tried Firefox rather than Internet Explorer or Chrome.<br />
<br />
It worked.<br />
<br />
So now Firefox works and the other browsers don't. Weird right? Nope.<br />
<br />
Firefox does not use the built-in Windows Trusted Root CA store, but uses its own Trusted Root CA store. I knew this as I'm a listener of the SecurityNow! podcast by Steve Gibson on the <a href="http://twit.tv/">Twit.tv</a> site, they've mentioned it a lot recently due to things like the NSA spying revelations and <a href="http://en.wikipedia.org/wiki/Heartbleed" target="_blank">HeartBleed</a>.<br />
<br />
So my first port of call after gathering this new found information was to ensure the server had all the latest updates. I logged on late at night after they'd all logged off and installed a tonne of updates that were missing and set it to install updates at 2am, which hadn't been done previously.<br />
<br />
Lo and behold, the next morning Twitter was working through IE and Chrome!<br />
<br />
Suffice to say we've got some very happy customers who've put up with this because no one else they had asked / brought in to fix their network had figured it out until now. We are awesome at my place of work, we really are.<br />
<br />
Thanks to Steve Gibson and Leo from <a href="http://twit.tv/">Twit.tv</a> for their informative podcasts, Firefox for not using the OS's Trusted CA store.Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0tag:blogger.com,1999:blog-2299558191497942914.post-11104381838806617802014-04-26T22:24:00.000+01:002015-04-03T22:46:40.704+01:00Windows 2012 R2 unable to receive/send faxesWell done Microsoft! You've killed the fax with Windows 2012 R2 and Windows 8.1!!! Hurrah!<br />
<br />
Sarcasm aside, I'd be happy to see the end of faxes. It's dated and for the most part no longer needed, but some people are stuck in their ways I guess.<br />
<br />
We recently deployed a Windows 2012 R2 server which required faxing, after a lot of messing around and rechecking everything from cabling, diagnosing the telephone line, swapping fax modems etc it came down to a driver file which is fubar in the latest release of Windows 2012 R2 & Windows 8.1.<br />
<br />
<br />
Download and replace yours from here:<br />
<span style="background-color: white; color: #2a2a2a; font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 18.001800537109375px;">http://hevanet.com/hb/FXST30.dll</span><br />
<span style="background-color: white; color: #2a2a2a; font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 18.001800537109375px;"><br /></span>
<span style="background-color: white; color: #2a2a2a; font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 18.001800537109375px;"><br /></span>
<span style="background-color: white; font-size: 14px; line-height: 18.001800537109375px;"><span style="color: #2a2a2a; font-family: Segoe UI, Lucida Grande, Verdana, Arial, Helvetica, sans-serif;">http://social.technet.microsoft.com/Forums/windows/en-US/57611007-4d60-4fe6-b81d-4b2c809e3a2a/81-broke-my-windows-fax</span></span>Jayton Garnetthttp://www.blogger.com/profile/05321052157184585421noreply@blogger.com0