Create root SSH keys OS X (MacOS High Sierra)

 Apple, MacOS, os x, tech, tech, os x, Apple  No Responses »
May 182018
 

In all the years I’ve been running OS X (or MacOS as it is now called) I’ve never had the need to su,sudo was always good enough. And this is as it should be.

Until now. Obvs, “root” is disabled in High Sierra. So…

$ cd /System/Library/CoreServices/Applications/
$ ls

Some cool apps here…

drwxr-xr-x  3 root  wheel    96B Mar 30 12:48 About This Mac.app
drwxr-xr-x  3 root  wheel    96B Mar 30 12:48 Archive Utility.app
drwxr-xr-x  3 root  wheel    96B Mar 30 12:48 Directory Utility.app
drwxr-xr-x  3 root  wheel    96B Mar 30 12:48 Feedback Assistant.app
drwxr-xr-x  3 root  wheel    96B Mar 30 12:48 Folder Actions Setup.app
drwxr-xr-x  3 root  wheel    96B Mar 30 12:48 Network Utility.app
drwxr-xr-x  3 root  wheel    96B May  2 10:03 RAID Utility.app
drwxr-xr-x  3 root  wheel    96B Mar 30 12:48 Screen Sharing.app
drwxr-xr-x  3 root  wheel    96B Mar 30 12:48 Storage Management.app
drwxr-xr-x  3 root  wheel    96B May  2 10:03 System Image Utility.app
drwxr-xr-x  3 root  wheel    96B Mar 30 12:48 Wireless Diagnostics.app

Open Directory Utility is the chappie we are interested in

$ open Directory\ Utility.app

@ menu bar: Edit >> Enable Root User
Set the password… y’all know the rules here.

Oh, look! What’s this? Past Self left me a little note. Thanks, Past Self! http://stephen.yearl.us/ssh-key-pair-authentication/

$ su
Password:
sh-3.2#
sh-3.2# cd ~
sh-3.2# pwd
/var/root
sh-3.2# ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_4096
Generating public/private rsa key pair.
...
Your identification has been saved in /var/root/.ssh/id_rsa_4096.
Your public key has been saved in /var/root/.ssh/id_rsa_4096.pub.
...
sh-3.2# cp id_rsa_4096.pub /Users/yearluk/Desktop/root@xolotl-id_rsa_4096.pub
sh-3.2# exit

Job’s a good un!

Edgerouter X — DNS issues

 networking, tech  No Responses »
Apr 192018
 

#1 plug laptop into eth0

#2 Edgerouter X defaults to 192.168.1.1 as did the TG589vac, but that doesn’t matter as it is now just a modem

#3 get on same net segment… statically configure laptop to
IP 192.168.1.42 (’cause Douglas Adams, obvs)
NM 255.255.255.0
DG 192.168.1.1

#4 Browser to 192.168.1.1, default login usr and pswd: ‘ubnt’ / ‘ubnt’

Dice!

OOH WHAT A PRETTY INTERFACE. Kinda overwhelming actually. Enable SSH, enable DNS forwarding on all interfaces. Should be good to go right? Wrong!

$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=59 time=15.007 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=59 time=15.275 ms

$ ping google.com
ping: cannot resolve google.com: Unknown host

Oh noes.

$ ssh 192.168.1.1 -p 2222 -l ubnt

[email protected]:~$ show dns forwarding nameservers
-----------------------------------------------
 Nameservers configured for DNS forwarding
-----------------------------------------------
1.1.1.1 available via 'system'
8.8.8.8 available via 'system'
89.145.254.78 available via 'ppp pppoe0'
94.30.127.100 available via 'ppp pppoe0'

[email protected]:~$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_req=1 ttl=60 time=18.4 ms
64 bytes from 1.1.1.1: icmp_req=2 ttl=60 time=14.6 ms

[email protected]:~$ ping google.com
PING google.com (216.58.213.78) 56(84) bytes of data.
64 bytes from lhr25s01-in-f14.1e100.net (216.58.213.78): icmp_req=1 ttl=57 time=15.3 ms
64 bytes from lhr25s01-in-f14.1e100.net (216.58.213.78): icmp_req=2 ttl=57 time=15.3 ms

[email protected]:~$configure
[email protected]#set service dns forwarding system
[email protected]#commit
[email protected]# commit
[edit]
[email protected]# save
Saving configuration to '/config/config.boot'...
Done
[edit]
[email protected]# exit
exit
[email protected]:~$

DICE!

Now for the rest of the network… but it’s sooo nice outside. There’s this orange thing in the sky, apparently

Technicolor MediaAccess TG589vac in bridge mode

 networking, tech  1 Response »
Apr 192018
 

Like >90% of folk, I’ve typically used whatever POS modem/router/switch/WAP combo that my ISP supplied me with. These all-in-ones are pretty convenient, but there is something just not right about bundling so many features into a single unit… it basically means that whilst is can do all these things it does not do any one thing particularly well.

Wireless range, for example, is particularly bad (even on the 2.4MHz band). Time for a change. I’ve finally had enough.

#1 get your router’s loin credentials to the service. My ISP had these hard-coded and were not supplied to me. It was a royal waste of 40 minutes trying to explain that I was not trying to login to the TG589vac itself, but instead to use that which allows login to the ISPs edge router… need this to pass on to the replacement router (Ubiquiti’s Edgerouter X) otherwise… no Internetz!

#2 logging in to the TG589vac as “admin” gives one rather limited options, and certainly none for resetting the router. It’s not in the consumer documentation, but log in as “engineer” and use the value next to “Access Key” on the bottom of the device.

#3 Gateway >> Setup Your Gateway >> change “routed type” to bridge

#4 if VSDL retain VLAN 101; if ADSL set ATM VP to 0 and ATM VC to 38

#5 Cross fingers and reboot

#6 Congratulations you now have no Internet access; the TG589vac is now just a modem!

#7 need to get into the device again… that’s an ethernet cable into port #4, so obvs do not connect your new router to this port.

For giggles as “engineer” you get to see that your ISP has probably enabled TR-069 / CWMP. The what now? That’s the L7 protocol that kept your device up-to-date with firmware and such… or is/was a means for them to have get another means to sniff your packets. If you disabled it as soon as you initially got your device, TURN IT BACK ON BEFORE YOU CALL your ISP’s tech support (see #1). Mine got real pissy when I called on an unrelated issue and they could not get in and poke around.

Join two or more videos on the command line

 tech  No Responses »
Mar 092018
 

Having just dropped a couple of 4TB Western Digital NAS drives in the openmediavault box, I can now get around to adding more media. My Moby Dick is split over two DVD disks… that’s a pain. Let’s join them…

The obvious, and lazy, and probably-will-not-work way:

~/MyRips/Moby Dick (1998)
$ cat "Moby Dick (1998) - CD 1.avi" "Moby Dick (1998) - CD 2.avi" > "Moby Dick (1998).avi"

Video will only play the length of the first file because this is where the avi header information is. Have to rebuild header information.

http://www.mactricksandtips.com/2011/01/join-avi-or-other-movie-files-together.html suggests mencoder, but another tool from half-a-decade ago seems like hassle.

So let’s do this with ffmpeg (making temporary list first for flexibility)…

~/MyRips/Moby Dick (1998)
$ printf "file '%s'\n" ./*.avi > manifest.txt
$ ffmpeg -f concat -safe 0 -i manifest.txt -c copy "Moby Dick (1998)"

DICE!

UNTRIED, BUT MAYBE NEATER:

$ find STREAM -type f -name '*' -printf "file '$PWD/%p'\n"

What movie files are not 1080P?

 media, tech  No Responses »
Mar 082018
 

Again with the Openmediavault NAS.

A fair few movies I encoded to result in less than 1080P files in order to preserve disk space. That is not really an issue (for now). So, what movies have what resolution?

(I feel like this should all been in shell script, but hey; whatever works right?!)

require 'find'

basedir = '/Volumes/Movies'

# get filetypes
# find . -type f | egrep -i -E -o "\.{1}\w*$" | sort -su

files = %x[find #{basedir} -type f | egrep -i -E  "\.mp4|\.avi|\.mkv|\.m4v|\.mpg" | sort -d]
videos = files.split(/\n+/)
videos = videos.reject! {|item| item =~ /sample.*|\._.*/i }

# puts "#{videos.size} videos found\n"
# videos.each { |x|
#   puts "#{x}\n"
# }

File.open('low-res-video.txt', 'w') do |fo|
  videos.each do |x|
    size = %x[/usr/local/bin/ffprobe -v error -select_streams v:0 -show_entries stream=width -of default=noprint_wrappers=1:nokey=1 '#{x}']
    if size.to_i < 1080
      fo.puts "#{x}...#{size} less than 1080P... reencode?"
    end
  end
end

Output something like:

/Volumes/Movies/_German language movies/Nackt unter Wolfen (2015)/Nackt unter Wolfen (2015).mkv...720
 less than 1080P... reencode?
/Volumes/Movies/_German language movies/The Edukators (2004)/The Edukators (2004)-CD1.avi...592
 less than 1080P... reencode?
/Volumes/Movies/_German language movies/The Edukators (2004)/The Edukators (2004)-CD2.avi...592
 less than 1080P... reencode?

Installing Solus linux on a Macbook Pro 9,1 (A1286): PART 2

 Apple, Linux, os x, tech  No Responses »
May 112017
 

Part 2 of installing Solus Linux on a 2012 Macbook Pro.

Part 1- simply booting the liveCD to even allow installation is here:
https://stephen.yearl.us/installing-solus-linux-on-a-macbook-pro-9

Rebooting after install lead to, you guessed it, the Black Screen of Death again. Solus was installed, accepting all defaults (and therefore one humongous / paritiion), to /dev/sdb2, /dev/sda1 is the EFI partition on which rEFInd was installed when running OSX MacOS.

❯ lsblk
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sdb      8:16   0   477G  0 disk
├─sdb2   8:18   0 473.2G  0 part /
└─sdb1   8:17   0   3.7G  0 part [SWAP]
sdc      8:32   1   3.9G  0 disk
sda      8:0    0 465.8G  0 disk
├─sda2   8:2    0   465G  0 part
├─sda3   8:3    0 619.9M  0 part
└─sda1   8:1    0   200M  0 part

#1 boot back into MacOS, mount EFI paritition:

sudo /Users/yearluk/Downloads/refind-bin-0.10.7/mountesp
❯  cd /Volumes/ESP/loader/entries
nano Solus-lts-4.9.22-17.conf

#2 CHANGE:

title Solus 2017.04.18.0
linux /EFI/com.solus-project/kernel-com.solus-project.lts.4.9.22-17
initrd /EFI/com.solus-project/initrd-com.solus-project.lts.4.9.22-17
options root=PARTUUID=c96bc351-b364-4c61-9fe6-8489f0ceec8f quiet ro splash resume=UUID=8f7d1509-fe95-4e47-8017-41611ad0a14c

TO:

title Solus 2017.04.18.0
linux /EFI/com.solus-project/kernel-com.solus-project.lts.4.9.22-17
initrd /EFI/com.solus-project/initrd-com.solus-project.lts.4.9.22-17
options root=PARTUUID=c96bc351-b364-4c61-9fe6-8489f0ceec8f ro nomodeset nouveau.blacklist=1  resume=UUID=8f7d1509-fe95-4e47-8017-41611ad0a14c text 3

#3 Repeat steps #3 through #8 from Part 1 (#7 this time was modprobe nvidia)

#4 update entire system

sudo eopkg up

#5 using the Apple bootloader [hold opt key whilst booting] to boot… boots graphically now.

Installing Solus linux on a Macbook Pro 9,1 (A1286)

 Apple, Linux, os x, Solus, tech  1 Response »
May 082017
 

I’ve been sunning* Solus as guest in a Parallels virtual machine on a macOS Sierra 10.12.4 host for a couple of months now, and I am delighted and impressed, so impressed I bought the company** wanted to install this on Apple iron. Solus installed beautifully on an 2010 Lenovo X201 and on a new and cheap and plastically Dell Inspiron 14-3452, so it should have no probs installing on a mid-2012, 15.4″ Hi-Res MBP. Right? Right? Wrong!

[*] s/sunning/running/ but gonna let that stand because, as typos go, this is pretty funny
[**] Showing my age… thanks Victor Kiam!

So, minus the bits where I was as angry frustrated as a guy who met a stranger in the Alps [may not be SFW. Depends where you work.]:

————————–
EDIT: 2017-05-11
#001 Disable SIP (System Integrity Protection)
Reboot, holding CMD+R

❯ csrutil disable

Reboot

❯ csrutil status
System Integrity Protection status: disabled.

————————–

#01 Grab the 2017-04-18 ISO torrent from https://solus-project.com/download/
#02 Burn to a 16GB shiny-new USB thumdrive using etcher.
#03 Press opt (alt) key at boot, select the livecd image

and, Mr. Franklin, it balked. Black Screen of Death. If you do the googles this usually has something to do with graphics *and stuff*. Which, for me, means:

❯ system_profiler SPDisplaysDataType | grep -i chipset
      Chipset Model: Intel HD Graphics 4000
      Chipset Model: NVIDIA GeForce GT 650M

Boot at runlevel 3, wired connection and all that. Run the usual dmesg | less , journalctl | less, linux-driver-management status, modprobe and the googles. Poke and prod and pull hair, and finally…

—————

#1 Press opt (alt) key at boot, select the livecd image
#2 Immediately press ‘e’ and edit the kernel command line parameters (boot options), replacing “quiet splash” with “nomodeset nouveau.blacklist=1 3”. Full KMS now reads:

initrd root=live:CDLABEL=SolusLiveBudgie ro rd.luks=0 rd.md=0 nomodeset nouveau.blacklist=1 text 3

#3 Login prompt. User is “live”, there is no password
#4 Become root, password is “root”
#5 Unload nouveau (open source NVIDIA drivers)

# modprobe -r nouveau

#6 get more drivers from the Solus repository

# eopkg it nvidia-glx drivers

#7 load Intel (integrated) graphics

# modprobe i915

#8 Boot graphically

# /sbin/init 5

#9 Install and…
#10 sell as lakefront property
#11 PROFIT!

Create a bootable ISO of macOS Sierra

 Linux, os x, tech  No Responses »
Apr 172017
 

Playing with Solus recently got me to thinking that maybe I could live again in a Linux world, but rather than running Linux in a Virtual Machine (that would currently be Parallels 12 for me), what if I dit it the other way around? That is, run OS X 10.12.4 (macOS Sierra) as a guest and Linux as a host…

Download MacOS Sierra from AppStore.

Reboot.

❯ hdiutil attach /Applications/Install\ macOS\ Sierra.app/Contents/SharedSupport/InstallESD.dmg -noverify -nobrowse -mountpoint /Volumes/install_app
❯ hdiutil create -o /tmp/Sierra.cdr -size 7316m -layout SPUD -fs HFS+J
❯ hdiutil attach /tmp/Sierra.cdr.dmg -noverify -nobrowse -mountpoint /Volumes/install_build
❯ asr restore -source /Volumes/install_app/BaseSystem.dmg -target /Volumes/install_build -noprompt -noverify -erase
rm /Volumes/OS\ X\ Base\ System/System/Installation/Packages
cp -rp /Volumes/install_app/Packages /Volumes/OS\ X\ Base\ System/System/Installation/
cp -rp /Volumes/install_app/BaseSystem.chunklist /Volumes/OS\ X\ Base\ System/BaseSystem.chunklist
cp -rp /Volumes/install_app/BaseSystem.dmg /Volumes/OS\ X\ Base\ System/BaseSystem.dmg
❯ hdiutil detach /Volumes/install_app
❯ hdiutil detach /Volumes/OS\ X\ Base\ System/
❯ hdiutil convert /tmp/Sierra.cdr.dmg -format UDTO -o /tmp/Sierra.iso
mv /tmp/Sierra.iso.cdr ~/Desktop/Sierra.iso

I grabbed this off the internets somewhere, and I do not know whence. Thanks to the original author, whoever she he may be.
EDIT [2017-05-08]: Found you: https://gist.github.com/arobb/447a962af4f07ef81e79987d686275e5

Remapping Macbook Pro eject key under Solus linux

 Linux, Solus, tech  2 Responses »
Mar 192017
 

# Disable “Eject” in keyboard settings. It is the first entry under “Sound and Media”
# create a file, ~/.Xmodmap, adding the line:

keycode 151 = BackSpace

# run

xmodmap ~/.Xmodmap

# add that to wherever your startup scripts are for persistence

The keycode mappings I got from xev, kind of like “keyboard viewer” in OS X. Its available in the Solus repo:

sudo eopkg install xev

Librevault on Solus OS

 Linux, Solus  No Responses »
Mar 112017
 

Still playing with Solus OS, and liking it more and more. The eopkg repository of software is a little thin in comparison to the likes of Debian-based apt-get and Arch’s AUR, but most of the things I want are there. And if they are not there I am thinking maybe I should review my needs… I am in the process of planning for a life without OS X/MacOS after all, so a prefect time for reflection. This is also part of the reason I am attracted to Solus… because not everything is there, and because not everything is answered by a quick google search, I have to take some effort to actually find things out again. Some nostalgia there.

 

Cloudage

Librevault is… “transfers data directly from one device to another. You can use it in your local network, and it will work even without Internet access.” So not exactly cloud storage. In fact not even close to that. So why do I think I need it? I don’t. But I wont know until I try. Chances are I can get away with continuing with Dropbox, but since I am working on a major change of OS I might as well kinda think about previous tools and workflows and so on. Anyway there is no librevault in the Solus repository. Compiling time!

Not to flog a dead horse, but what follows is what worked for me, soup to nuts. Playing with librevault will have to wait a few days, cause the weather is awesome and I’ve a potato patch to dig out of raw sod up the orchard, Besides rclone and Google drive are working for what I need *at the moment*… and all that is, is, primarily, syncing files from the MacOS partition to the Solus partition. Google drive will have to go though when the time is right.

$ sudo eopkg it -c system.devel
$ sudo eopkg it cryptopp-devel libboost-devel libicu-devel openssl-devel protobuf-devel
$ sudo eopkg it qca-qt5 qt5-base-devel qt5-svg-devel qt5-tools-devel qt5-websockets-devel

$ mkdir ~/usr/src
$ cd ~/usr/src
$ git clone https://github.com/Librevault/librevault.git
$ cd librevault &amp;&amp; git submodule update --init
$ mkdir build &amp;&amp; cd build
# $ cmake .. &amp;&amp; cmake --build .
$ cmake --pthread .. &amp;&amp; cmake --pthread --build .
$ sudo make install

DICE!
Install the project…
— Install configuration: “RelWithDebInfo”
— Installing: /usr/local/bin/librevault-daemon
— Installing: /usr/local/bin/librevault-gui
— Installing: /usr/local/share/applications/Librevault.desktop
— Installing: /usr/local/share/icons/hicolor/scalable/apps/librevault.svg
— Installing: /usr/local/bin/librevault-cli

Now, do I go to the trouble of packaging this? Other’s who better know what they are doing in this area will prolly get it done soon enough, but why not give it a shot, eh? If I am going to be living with Solus I might as well get to know her a little better.

 Older Entries  Newer Entries