Zulucrypt

.. I miss Truecrypt.. Ok that may be a slight exaggeration but I did find it useful on occasion so hide sensitive information from prying eyes… Ok that is also an exaggeration, I have never had to hide anything from anyone but if I ever did then Truecrypt would have been awesome.

Sadly the devs decided to stop developing Truecrypt but luckily for us other alternatives arrived. One of my favourites (based on the “feature list”) is Zulucrypt. https://mhogomchungu.github.io/zuluCrypt/

So at least I can rest easy knowing that when I have something sensitive I need to keep secure I have a good open source option to do it.

I would not take this as a “review”, think of this as just a personal note for myself to make sure I don’t forget about this tool. I have not used it before.

Backing up System

A while back I decided I needed to back up my system so using the Arch wiki put together this command to copy the whole HDD to a location excluding some directories. Works a treat and whilst not totally ideal this is what I am using for the moment.

rsync -aAXv –exclude=”/dev/*” –exclude=”/proc/*” –exclude=”/sys/*” –exclude=”/tmp/*” –exclude=”/run/*” –exclude=”/mnt/*” –exclude=”/media/*” –exclude=”/lost+found” –exclude=”/home” –exclude=”/var” –exclude=”/minecraft” –exclude=”/docker” / /home/*****/Backup

To VM or not to VM…

Ok so I run Linux on my main system and all is great. However I enjoy playing games on my computer and despite that the Linux offering for games is getting much better all of the time there are many games that are Windows only. So a couple of years ago I read about a way to solve this dilemma. Run Windows in a VM and use VGA Passthrough to give the VM full control of the graphics card.

Well after months of faffing about I got a Windows VM set-up and then a few months after I got a Linux one set-up. I won’t cover the full steps here, ~I used the following tutorial which worked really well for me (using Nvidia graphics card) https://bufferoverflow.io/gpu-passthrough/ I did discover a couple of other little “gotchas” that I wanted to record here so that I don’t lose them:

For the Windows VM

You need to install the VirtIO drivers within Windows to make sure you get full performance out of hardware. Redhat make these drivers available for download here.

Something else I had to do to get good sound audio was install an old AC97 audio driver and after that crystal clear sound quality. Getting this done was a bit of a nightmare but I did answer a question on Stack Overflow about this issue and those instructions still stand Crystal Clear Audio in Windows. The original YouTube video I found that showed me how to do it has disappeared but at least I wrote out those instructions 🙂

For Windows that was pretty much it, make sure to install the latest graphics card drivers and if you get stuck look on forums.

For the Linux VM

This one was a bit more tricky and required some more steps, I do need to point out that these steps were relevant the first time I installed the Linux VM (Mint 17.3 Mate) but my most recent time (with mine 18.1 Mate) I didn’t have to faff about with the nomodeset stuff or anything on the EFI command line. The very last step about changing the name of grubx64.efi still applies though. This is not so bad as you can manually navigate to that file in the EFI “settings screen” (press F12 on a reboot and in those options you can select the hard drive and the boot file) :

Well that is it, this was one monster of a project to get working but I am so glad I have. I now have Linux as my main system and if I ever need it Windows is a command away. I do have to have 2 mine and keyboard plugged in just to make sure I can still access the host system if things go wrong but that is a small price to pay.

Thought I would add I use a GTX-970 and whilst haven’t benchmarked to discover how good the VM compares to bare metal but the performance is bloody brilliant.

What Ports??

Oftentimes when debugging some form of online service on Linux if can be handy to know what ports are currently open on the system you are working on. Back “in the day” we got this functionlity via netstat. Unfortunately that has now been deprecated so how do we achieve this.

In short ss

ss -lntu

Will generate similar output to the netstat command and with the -p command you can see the process id that has bound to the port as well.

I recommend using man ss for information on what all the command switches do.

ext4 Reserved Blocks

Recently I was looking at my file system space and noticed things didn’t quite add up. The space available and free space were not quite right. After doing some digging I discovered that ext4 reserves a small amount of space on the drive for the root files on the system.

In my case root is on its own seperate drive so this feature is pretty useless to me. Found an askubuntu post (https://askubuntu.com/questions/249387/df-h-used-space-avail-free-space-is-less-than-the-total-size-of-home) about this issue and it is quite simply a case of:

To see information about reserved blocks
sudo tune2fs -l /dev/sda8

To set the reserved blocks to 0:
sudo tune2fs -m 0 /dev/sda8

Update Plex

I have Plex media server installed on a dedicated machine that runs headless 24 hours.

Just to remind myself more than anything to update need to wget the download file.

Run yum localinstall rpm-file-downloaded

systemctl restart plexmediaserver

All done.

I have Plex in a VM on the main server so must remember to connect to that VM first instead.

Label Printing In Linux

I have a label printer (Brother QL-500). It was reasonably cheap at Amazon to buy and comes with single-label and continuous paper clear. #Also these instruction come from http://www.itbert.de/brother-ql-570-auf-archlinux/ which is in German, these are translated using Google Translate and wording slightly adjusted.

At Brother you can download the drivers, I am in an Arch based distro (Antergos) and I went with the .deb files. Unpacking the drivers:

# ar xv ql570cupswrapper-1.0.1-0.i386.deb
# ar xv ql570lpr-1.0.1-0.i386.deb

There are two parts to this driver if I recall (apologies I actually did this months ago and am only using my rough notes that I kept) I just double check and they are the LPR printer driver and the CUPS wrapper. Once they are both installed you just need to configure them with options below.

The contents of the data.tar.gz can then be copied to “/”. Then you just have to execute a command to configure the driver in cups:

# /opt/brother/PTouch/ql570/cupswrapper/cupswrapperql570pt1
Unfortunately, this did not quite enough for me. I had to specify the size of the paper. The supplied paper has a width of 62mm. The command is best created with the output from the cupswrapper command (because of the serial number):

# lpadmin -p QL-570 -E -v usb://Brother/QL-570?serial= -P /usr/share/cups/model/Brother/brother_ql570_printer_en.ppd -o PageSize=62×29
Then you can also print directly in the specified size using gLabels directly 🙂 The matching options can be easily displayed:

# lpoptions -pQL-570 -l

An issue I ran into was having to find the command in the PTouch directory to specify the page size but once the pagesize specified it printed fine.Label Printing in Linux

Splitting MKV audio

So recently I had a nice high quality 1080p file with a dodgy audio track on it along with a 720p file with a correct audio track on it. Obviously I wanted to keep the 1080p file on my server but I just needed to switch out the audio. Turns out it is pretty straight forward and whilst I am not going to go through step by step I will list the commands I used that made this possible.

mkvextract – This is what does the actual extraction part, see this link for some documentation. Basically you have to specify the file and the track to extract.

mkvmerge -i <file> – This command tells us the number of the track that we need to use, quite helpful

As an example here is the command I used:  mkvextract tracks file.mkv 2:test this extracts track 2 of file.mkv and names it test.

Then I used MkvToolNix Gui program and opened up the 1080p file, added in the new audio track (and removed the dodgy old audio track) and re-encoded the video. Job done.

After that all I had to do was get subtitles, the only downside the available subtitles didn’t account for my video having a 13 second introduction. So much twiddling, cutting, and offsetting I was able to get it working. I used Shotcut for the video editing. That program worked a treat.

 

Using MongoDB

Recently I decided to try using MongoDB within a PHP application, I had heard good things about it and thought it was worth a try, little did I realise the trouble I was in for (as is usually the case with first time installs of new software) though really the problems came when getting the new MongoDB bits to work with my compiled PHP7 installation, but that is for another day.

Right now I want to talk about installing and configuring Mongodb with some user authentication, which is disabled by default. Also a note I did this a couple of months back this isn’t a tutorial as such as this is what I used to get set-up, go read for yourself and learn and be awesome.

I am using a CentOS7 Minimal install as the base system.

As for the actual installation, it is fairly simple and in the docs they even have a small guide on how to do it, rather than shamelessly re-type it here I thought I would just link it: https://docs.mongodb.com/manual/tutorial/install-mongodb-on-red-hat/#configure-the-package-management-system-yum

So now it is installed, all easy enough, start it up with systemctl and you are good. Then you need to connect and create a user, I like to create a admin user and then a user specifically for my application. To be honest the MongoDB docs again have great pages on creating users and enabling authentication so here are some links:
https://docs.mongodb.com/manual/core/security-users/
https://docs.mongodb.com/manual/tutorial/enable-authentication/

So I read those and felt I had a fairly good grasp of how things should work but I had no way of connecting to the database to run the db.createUser command, I also didn’t want to use the command line so started searching (I run Antergos on my main system) and I stumbled upon some software called Robomongo. It did everything I wanted, except for support SSL key authentication, not a real problem especially as that was already developed but just hadn’t been released for the free community version yet (it is now by the way) https://robomongo.org

So using Robomongo I was able to connect and set-up the admin user I want and then create my new database and a user for it, then I actually had to stop MongoDB and edit the config file ‘/etc/monogod.conf’ to enable user authentication. It isn’t the most obvious on how to set-up that file so below is a small excerpt of mine:
#security:
security:
authorization: enabled

Ok so that really is simple isn’t it, then restart MongoDB and suddenly you need a password to log-in.

Nice and simple and it looks fairly straightforward to set-up ssl key authentication as well which is something I will be going for in the future.

To anyone that reads this I hope you find it useful