SSHed into a local Debian 9 server with a USB-attached US ANSI keyboard only to find the settings geared-up for a UK ISO keyboard. Not a biggie except for the location of the “|” … pretty important as chars go 😋
Sooo, my TP-Link Archer C8 AC1750 Gigabit router decided to not play nice after a short power outage. Didn’t do much anyway except keep a couple of machines in a their own little subnet in which the pi-hole was located.
Replaced it with… NETGEAR GS108Tv2 8-Port Gigabit managed switch and flatten the network a little. Everything was peachy with that set up, but the pihole was still on 172.16.0.0/24… reconfigured that with pihole -r and all looked well except for the pi-hole could not ping outside of the LAN. Grrr! Much hair pulling until…
Getting pretty annoyed with keeping track of which browser on which machine has which add blockers installed, so it’s time for a more holistic approach. Enter, stage left, the Pi-hole. In short it:
…acts as a forwarding DNS server, which means if it doesn’t know where a domain is, it has to forward your query to another server that does. When you install Pi-hole, it knows where the ad-serving domains are (because you tell it), so it doesn’t forward those requests.
With a Rapsberry Pi 3 model b and a 64GB micro SD card, a set-up that is beefier than it needs to be, but who knows what the Pi will be used for in the future…
#1 Get Raspbian, and format micro SD card— after much jiggling with the unlock tab on the adapter and delicately repeatedly inserting-half-inserting into 2012 Macbook Pro’s gunked-up card reader port…
Unbound and setting up resolving/recursive DNS (rather than merely forwarding)
What’s the difference? With forwarding, if a name has not been previously associated with an IP (ie. ached on the pi-hole), the request is sent upstream and the result cahed.
Aaand in recursive… request is sent to ROOT servers for resolving say, “.us”, and thence to TLD name servers. Domain lookup will go to AUTHORATATIVE servers handling “yearl” (and subdomains), and all will be relayed and chached locally. So, a few more steps? Why do this? Neither Cloudflare nor Google (or whatever my upstream DNS would have been) will know where I am going. So, err privacy. Why not do this? It will take longer for the first resolution of a name.
<h1>May be set to yesif you have IPv6 connectivity</h1>
# Use this only when you downloaded the list of primary root servers!
# Trust glue only if it is within the servers authority
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes # see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
# Reduce EDNS reassembly buffer size. # Suggested by the unbound man page to reduce fragmentation reassembly problems
# TTL bounds for cache
# Perform prefetching of close to expired message cache entries # This only applies to domains that have been frequently queried
# One thread should be sufficient, can be increased on beefy machines
# Ensure kernel buffer is large enough to not loose messages in traffic spikes
# Ensure privacy of local IP ranges
private-address: 10.0.0.0/8 </code></pre>
EDIT (2018-06-19): Pi-hole was running quite nicely over wi-fi (assigned to 192.168.0.0), went to put it on the LAN and after removing SD card to placement of the Pi board inso some case the SD card decided to go fuck up. Anyhoo repeated above steps with a new (32GB) SD card, and all appears to be peachy-creamy.
My local radio station has a quiz every once in a while. The questions are hardly “University Challenge”, but there is one question that always is fiendishly tricksy and slippery: to identify a place in the county from an anagram of it.
Constantly getting all but one question correct, it is, of course time to cheat use lateral thinking.
#1 get a list of place names. A gazetteer should do.
#2 Build an index (hash). First thoughts were to md5 the names, but there’s an easier way: equalise case, remove spaces and punctuation, order the string…
places = Hash.new()
File.open("./places.txt", "r")do|file| while line = file.gets
place = line.chomp # kill possesives!!
places_hash = line.chomp.downcase.delete(' ').delete("'")
places[places_hash.chars.sort.join]+= [place] end end
File.open("places_hash", "w")do|file| Marshal.dump(places, file) end
#3 Simply pull out the entry that matches the key…
places = nil
places = Marshal.load(file) end
Password: sh-3.2# sh-3.2# cd ~ sh-3.2# pwd /var/root sh-3.2# ssh-keygen-t rsa -b4096-f ~/.ssh/id_rsa_4096
Generating public/private rsa key pair.
Your identification has been saved in/var/root/.ssh/id_rsa_4096.
Your public key has been saved in/var/root/.ssh/id_rsa_4096.pub.
... sh-3.2# cp id_rsa_4096.pub /Users/yearluk/Desktop/root@xolotl-id_rsa_4096.pub sh-3.2# exit
[email protected]:~$ show dns forwarding nameservers -----------------------------------------------
Nameservers configured for DNS forwarding -----------------------------------------------
220.127.116.11 available via 'system'
18.104.22.168 available via 'system'
22.214.171.124 available via 'ppp pppoe0'
126.96.36.199 available via 'ppp pppoe0'
[email protected]:~$ ping 188.8.131.52
PING 184.108.40.206 (220.127.116.11)56(84) bytes of data. 64 bytes from 18.104.22.168: icmp_req=1ttl=60time=18.4 ms 64 bytes from 22.214.171.124: icmp_req=2ttl=60time=14.6 ms
[email protected]:~$ ping google.com
PING google.com (126.96.36.199)56(84) bytes of data. 64 bytes from lhr25s01-in-f14.1e100.net (188.8.131.52): icmp_req=1ttl=57time=15.3 ms 64 bytes from lhr25s01-in-f14.1e100.net (184.108.40.206): icmp_req=2ttl=57time=15.3 ms
Like >90% of folk, I’ve typically used whatever POS modem/router/switch/WAP combo that my ISP supplied me with. These all-in-ones are pretty convenient, but there is something just not right about bundling so many features into a single unit… it basically means that whilst is can do all these things it does not do any one thing particularly well.
Wireless range, for example, is particularly bad (even on the 2.4MHz band). Time for a change. I’ve finally had enough.
#1 get your router’s loin credentials to the service. My ISP had these hard-coded and were not supplied to me. It was a royal waste of 40 minutes trying to explain that I was not trying to login to the TG589vac itself, but instead to use that which allows login to the ISPs edge router… need this to pass on to the replacement router (Ubiquiti’s Edgerouter X) otherwise… no Internetz!
#2 logging in to the TG589vac as “admin” gives one rather limited options, and certainly none for resetting the router. It’s not in the consumer documentation, but log in as “engineer” and use the value next to “Access Key” on the bottom of the device.
#3 Gateway >> Setup Your Gateway >> change “routed type” to bridge
#4 if VSDL retain VLAN 101; if ADSL set ATM VP to 0 and ATM VC to 38
#5 Cross fingers and reboot
#6 Congratulations you now have no Internet access; the TG589vac is now just a modem!
#7 need to get into the device again… that’s an ethernet cable into port #4, so obvs do not connect your new router to this port.
For giggles as “engineer” you get to see that your ISP has probably enabled TR-069 / CWMP. The what now? That’s the L7 protocol that kept your device up-to-date with firmware and such… or is/was a means for them to have get another means to sniff your packets. If you disabled it as soon as you initially got your device, TURN IT BACK ON BEFORE YOU CALL your ISP’s tech support (see #1). Mine got real pissy when I called on an unrelated issue and they could not get in and poke around.
Having just dropped a couple of 4TB Western Digital NAS drives in the openmediavault box, I can now get around to adding more media. My Moby Dick is split over two DVD disks… that’s a pain. Let’s join them…
The obvious, and lazy, and probably-will-not-work way:
~/MyRips/Moby Dick (1998)
$ cat"Moby Dick (1998) - CD 1.avi""Moby Dick (1998) - CD 2.avi">"Moby Dick (1998).avi"
Video will only play the length of the first file because this is where the avi header information is. Have to rebuild header information.