Tag - linux

Entries feed - Comments feed

13 Mar 2025

Automating an Amateur Radio Hotspot

By Adam on 13 Mar 2025, 07:12 - Amateur Radio

Scheduling Linux tasks isn't a new idea, but as I was creating a quick cron entry on my hotspot, it occurred to me that there may be some hams out there who aren't familiar with the process.

My objective was to have my hotspot connect to the "East Coast Reflector's (ECR)" YSF room each morning at 7am (eastern) for "The Morning Brew" radio net. My hotspot is running WPSD, which is a fork of the typical PiStar OS. This same concept should work on a PiStar hotspot, however, using the pi-star equivalent commands.

There are two common methods for scheduling a task on a modern linux machine, Systemd's "Timer" units and Cron. My preference in most cases is to use systemd, which is more modern and feature-rich, but cron has the benefit of being quicker to create. For this simple task, I felt cron was the right approach.

Cron works by reading a "cron table" generally referred to as a "crontab." The commands I want to run require root privileges, so I will edit root's crontab with the command "sudo" (do as root, aka SuperUser) followed by "crontab" with the edit argument: sudo contab -e

Crontabs uses five fields to define a date/time, followed by the commands (known as a "job") to run at the specified time. The five fields are minute, hour, day of the month, month, day of the week. A * is used to indicate that the job should run on "every", so a * for the day of the month would mean "every day of the month."

Here's my crontab:

0 7 * * MON-FRI wpsd-ysflink unlink && wpsd-ysflink ysf44444
0 9 * * MON-FRI wpsd-ysflink unlink

To break it down, the first line will run at 0 minutes, on the 7th hour (7am), on every day of the month, during every month, on the days of the week from Monday to Friday. The command wpsd-ysflink unlink && wpsd-ysflink ysf44444 is actually two commands together: wpsd-ysflink unlink which will disconnect the hotspot from any current reflector, and wpsd-ysflink ysf44444 which will connect it to reflector ysf44444, which is part of ECR. Then, at 9am, it will disconnect from the reflector.


Of course, this doesn't help me remember to actually turn my radio on, but that's on me.

no comments no trackbacks

19 Feb 2025

Inspect What You Expect

By Adam on 19 Feb 2025, 06:53 - Tech

That's a phrase I heard for the first time when I became a manager; my boss would tell me I needed to "inspect what I expect." To be honest, I don't think I fully understood the phrase until a lot later. In the context of leadership, it means that if you have certain expectations for your team, you should actively verify that those expectations are being met and investigate the cause if they're not. Don't wait until eval season to say "You failed to meet expectations", instead, review expectations regularly, and if someone isn't meeting them, it's your job to figure out why. Have you defined the expectations in a way that they understand? Are your expectations realistic? Did you provide the resources they needed to meet the exceptions? Did you provide guidance when needed? And so on.

You might be asking: "Sure, but why is this on a blog about computers and stuff?"

Expectations


You might have the expectation that your network is secure. You don't remember adding any firewall rules or forwarding any ports, or maybe you followed some YouTube tutorial and they told you to proxy your incoming connections through Cloudflare. Maybe you set up a "deny all" line in that NGINX config or you only access your network through a VPN. You expect that your network is safe from outside actors.

To use a real world example, my father set up several Lorex brand CCTVs on his home network to save video to an NVR. He configured a VPN to allow secure remote access to the NVR and assumed that everything was safe. He didn't create any firewall rules or port forwarding to allow access by anything other than the VPN. He expected that this was safe, and in theory, it should have been.

Inspection


We traveled together for a holiday and while drinking coffee one morning, I showed him Censys. Censys is search engine, but unlike Google or Bing, which search for webpages, Censys searches for the actual devices. It indexes the IP addresses of everything on the internet and everything about them. You can write queries to search this index for almost anything you can think of.

For a quick demonstration, I just searched for his home IP address, and we were both surprised when we saw the results:
not actually his results

Umm... What?

For those who might not know RTSP stands for Real-Time Streaming Protocol. It is a protocol designed to stream video over a network, commonly used for CCTV cameras. The HTTP port was the HTML login screen for one of his cameras. We clicked it and I sarcastically tried a default login (admin, admin) and we found ourselves staring at his basement.
As far as he knew, he took all the appropriate steps to secure the devices on his network and expected that nothing was unsafely exposed, but he hadn't inspected that expectation. We found that the camera was factory configured to expose itself via uPnP, a technology which allows devices to request changes to port-forwarding and firewall rules without user involvement. This is supposed to allow for easy set-up by inexperienced users, but it can also create significantly compromise security without the use knowing about it. In our case, my father is not an inexperienced user, he's been a computer engineer since the 80s and has even worked for one of the major producers of networking equipment. He took all the right steps to get his expected result, he just hadn't inspected it ensure that his expectation was being met.

Inspect What You Expect


Censys can be a great starting point when evaluating your network by helping you to understand what you have exposed to the internet. Censys queries can be as simple as an IP address if you just want to see a single point, or they can search broadly for very specific things.

Here are the results of a very simple query looking for exposed FTP servers based out of japan:
japan

There's a lot of FTP servers, obviously, but did you notice that SSH server on port 10022? Some people expect that services will be hidden if they run them on non-standard ports, but don't inspect to see if that's actually the case. Here, we can see that the SSH server is still quite visible, despite being on a non-standard port, just like those non-standard HTTP servers on the other entries. Clicking into an entry will provide even more information, like the software versions, request responses, and so on.

Through Censys, I realized that I was running an older version of Nginx than I thought I was, and that this older version had a number of vulnerabilities that were patched in later versions. I expected that I was running the a current version, but my inspection showed me otherwise.

Final thoughts


While a tool like Censys isn't the only tool you should use to inspect your security expectations, it's a great starting point, since it can show you what your network looks like to the internet. t's also a fun tool to use to explore the internet from a different angle. Instead of just searching the surface of the web for youtube videos and news stories, try searching deeper for Roombas, smart lights, or security cameras.

The important takeaway, though, is that just because you think that something is working how you expect it to, doesn't always mean that it is.
The only way to know for sure is to inspect what you expect.

no comments no trackbacks

14 Feb 2025

Lynx - A Text Based Web (and Gopher) Browser

By Adam on 14 Feb 2025, 06:36 - Tech

What is it?

The Lynx Browser (not to be confused with the later Links Browser), is the oldest actively maintained web browser, initially developed in 1992 and still being maintained today. What makes lynx look a bit different from other modern browsers is the fact that even in 2025, it can only display basic text. The lynx browser ignores all of the ads, pictures, JavaScript, fancy formatting, and annoying infinitely-scrolling slop, to just delivery the content you want to read. Not only does this reduce distractions, but it's also great to use if your internet connection has limited bandwidth.

Using lynx

Lynx is included in the repos of most Linux distributions, so installing it is just a matter of running install lynx via your favorite package manager. Lynx runs in the terminal emulator, and can be started by the command lynx or you can directly open a specific website with lynx {website you want}.

Here's an example of Google.com:

google.com

And here's Wikipedia:

Wikipedia

The formatting has obviously changed quite a bit, but all of the content is still there. This makes lynx great for sites where you just want to be able to read the content quickly, without distractions. Lynx also supports the gopher protocol, and since gopher is a text-based service to begin with, browsing the gopherspace from lynx feels completely natural.

Super Dimensional Fortress's User's Gophersites:

Super Dimensional Fortress

Pitfalls

There are, however, a few downsides to accessing the modern W3 through a text-only browser. The things that many of us would like to avoid (ads, JavaScript, endlessly scrolling slop, etc) have been so deeply entrenched in some sites that the they simply can't function without it. You might think that this could be a great way to revisit pages that you used to enjoy, like Facebook, but here's how the modern Facebook (even m.facebook) looks on Lynx:

facebook

In fact, even some some simple websites might not display well in lynx built if they're built with certain older formatting tools, like frames. Here's my own website as an example. It's worth noting, though, that while my site doesn't look correct without displaying frames, it can still be fully navigated by using the FRAME: links at the top:

k3can's homepage

Thoughts

So, while lynx is unlikely to fully replace your graphical browser on the modern web, it's still surprisingly useful for focused reading, navigating gopherspace, and for situations with limited bandwidth. Installing lynx is simple and the entire browser is only 6 MiB in size, so it's a great tool to have on your system.

no comments no trackbacks

23 Nov 2024

Caching Apt with Apt-Cacher NG

By Adam on 23 Nov 2024, 19:44 - Homelab

It recently occurred to me that as I update each Linux container or VM, I'm downloading a lot of the same files over and over again.  While the downloads aren't huge, it still seems wasteful to request the same files from the repo mirrors so many times... So why not just download the update once and then distribute it locally to each of my systems?  

That's the purpose of a caching proxy.

I chose apt-cacher ng as it's very simple to setup and use, so I spun up a dedicated LXC and installed apt-cacher ng via apt. Once it was up and running, it was just a matter of following the included documentation to point all of my other systems to that cache.

After upgrading just a couple of systems, I can already see the cache doing it's job:

Those "hits" are requests that were able to be fulfilled locally from the cache instead of needing to download  the files from the repo again. Since this is caching every request, it actually becomes more efficient the more that it's used, so hopefully the efficiency will increase even more over time.

So what exactly is happening?

First, this is not a full mirror of the Debian repos. Rather, apt-cacher ng acts as a proxy and cache. When a local client system wants to perform an update, it requests the updated packages from apt-cacher instead of the Debian repo directly. If the updated package is available in apt-cacher's local cache already, it simply provides the package to the requesting client. If the package is not in the local cache, then the proxy requests the package from the repo, provides that package to the client, and then saves a copy of the package to the cache. Now it has a local copy in case another system requests the same package again.

Some packages, like Crowdsec, are only installed on a single machine on my network, so the cache won't provide a benefit there. However, since most of my systems are all running Debian, even through they may be running some different services,  they will still all request a lot of the same packages as each other every time they update, like openssh or Python.  These will only have to be downloaded the very first time they're requested, and all of the subsequent requests can be filled from the proxy's local cache.

Do you use a cache in your homelab? Let me know below!

no comments

17 Nov 2024

Cities Skylines 2 - Skyve Install in Linux

By Adam on 17 Nov 2024, 09:50 - Gaming

Ah, Cities Skylines 2:

I recently got back into Cities Skylines 2 after leaving the game for a while due to the release of PDX Mods essentially breaking all of the mods I had been using via r2modman at the time.

Now  that some time has passed, I decided to give it another go. I was quite interested to see that the Skyve mod manager has now come to C:S2, meaning that I didn't actually have to directly interact with PDX mods and could use a proper mod manager instead. Installing Skyve is supposed to be a two-step process, first you install the Skyve "mod", which is essentially just an installer, then you use that installer to install the actual Skyve program. Once installed, Skyve is a free-standing application that interacts with the C:S2 data without requiring steam or C:S2 to be running at the time. Not only can Skyve install and uninstall mods without needing to launch C:S2, but it also alerts you when other users have flagged a mod as broken or incompatible with another mod you have installed. 

Unfortunately, while C:S2 runs beautifully on Linux without any additional configuration (likely better than it does on Windows), Skyve was a different story. Skyve requires the Microsoft dotnet framework and doesn't appear compatible the opensource alternative Mono, which is commonly what would be used on Linux. It took a bit of trial and error to get Skyve running, so I thought I would share the process which ultimately worked for me:

The first step is simply installing the Skyve "mod" via PDX Mods. After installing the Skyve mod and restarting C:S2 twice, the "Install Skyve" button appeared in the menu as it was supposed to and clicking on it did bring up an installer interface. The installer appeared to run, but ended with an error message.  I switched from Proton Experimental to Proton GE 9.20, using ProtonUP to download and active the new Proton version. ProtonUp isn't needed, but it does make the process very simple.

After switching, the installer ran without any errors, but Skyve itself would not start.

Next, I used ProtonTricks to install the .Net 4.8 framework:

Open ProtonTricks and select the game:

Then select the "default" Wine prefix:

Then install component:

Then select .Net 4.8 (other 4.x versions might work):

That installed .Net, but when I tried to launch Skyve, I received an error about the .Net "RootInstall" registry not being found, so my next step was to install that:

In ProtonTricks, select "Run regedit"

Once in regedit, I navigated to

HKEY_LOCAL_MACHINE/Software/Microsoft/.NETFramework

 

There, I created the missing registry key, pointing to the .Net framework path:

 

Finally, my last step was to run Skyve.
I ran the binary via ProtonTricks' application launcher, which ensures that the program is run in the correct prefix. Skyve started and immediately recognized the C:S2 install and correctly listed all of my current mods and even suggested a few I should remove. After confirming that I wanted to remove the mod, I booted up C:S2 and found that the mod had been successfully removed. I tried installing a new mod as well, and that worked exactly as intended.

Hopefully this might be helpful to someone else who finds themselves struggling to get Skyve running.

Thanks for reading!

 

no comments