Author Archives: brent

Solving WiFi connectivity issues for Wyze Cam v3 on Bell Home Hub 3000

If you’re a Bell customer in Canada trying to use a Wyze Cam v3 on your Bell Home Hub 3000 you may have experienced issues with it connecting to your WiFi during setup. In a standard Home Hub 3000 configuration, the Wyze Cam will report that it “Cannot connect to local network”. In order to fix this, you’ll need to separate your 2.4 GHz and 5.0 GHz SSIDs. This will have a negative impact on the ease of use for your WiFi when dealing with older devices, but it is the only way to get the Wyze Cam v3 to work properly.

Continue reading

Performance monitoring IBM DS SANs with Cacti

This post is a draft that has sat unfinished since 2013. Some information here may still be useful even though it is incomplete. Since I don’t intend to finish rounding out the Cacti configuration information at any point I thought I would publish it in its current state as someone may find the SAN statistic gathering part useful as it is.

I’ve been using the IBM DS series of SAN hardware for a number of years now and one of the things that always stood out was its lack of SNMP support for performance monitoring. There’s also differences in the GUIs for different model versions, some providing more functionality than others. While the DS3500 series provides short term monitoring capabilities through the IBM DS Storage Manager, the DS3400 series does not. What can we do about this?

Recently I stumbled upon a German blog post that described how to use the SMcli utility which is provided with Storage Manager to get the job done. The method described is a good starting point, but the implementation is lacking. Cacti is capable of a lot but sometimes it can be confusing to figure out how to do it. Using the knowledge gained from that post I’ve put together a more robust solution for monitoring the DS series of SANs with Cacti.

I can confirm that this works with the DS3400 and DS3500 SAN hardware. Since my starting point was from information for the DS4800, I believe it should function with many other models. If your Cacti polling is not set to 5 mins, some changes will be necessary. Any code examples contained within this post were written for a FreeBSD system, and may require some modification to run on another operating system.

Continue reading

How to use Cloudflare DNS for the Letsencrypt challenge with Bitwarden’s automatic setup

Bitwarden’s automatic setup script allows you to secure your server’s HTTPS connections using Letsencrypt via certbot but it does not provide control over the challenge type used to issue the certificate. If you wanted to use a DNS challenge and take advantage of the Cloudflare API for example, you’ll need to make some changes to the scripts.

As your docker user, follow the standard steps from the TL;DR guide, which I’ve linked to and copied here just for completion. I do not recommend copy and pasting commands like this without being sure of what you’re executing.

$ curl -Lso bitwarden.sh https://go.btwrdn.co/bw-sh && chmod +x bitwarden.sh
$ ./bitwarden.sh install

You can CTRL+C (or CMD+C if that’s your flavour) to stop the install once it begins prompting you for input. Edit the bitwarden.sh script and comment out the downloadRunFile calls (e.g., at the time of writing lines 109 and 118)

You can then download and apply this diff to ~/bwdata/scripts/run.sh

Once complete the standard install can be reinitiated

$ ./bitwarden.sh install

Installing CorentinJ’s Real Time Voice Cloning project on Windows 10 from scratch

Corentin Jemine (CorentinJ on GitHub) has a project called Real Time Voice Cloning available on GitHub that uses deep learning to take a voice as input and synthesize speech using its properties – in essence creating a “deep fake” of audio. Setting things up from scratch to get it working on Windows 10 involves using specific versions of software and can be a bit difficult for new users to figure out. I intend this as a reference guide for doing just that – assuming you are starting with a fresh Windows 10 install. This does not provide any instruction for using the cloning software once setup.

Continue reading

LibreNMS 1.50.1 packer.io CentOS image high CPU usage

LibreNMS offers prebuilt OVA VM images using packer.io based on Ubuntu 18 and CentOS 7. If you’ve deployed the CentOS image though, you may be aware of it using an excessive amount of CPU – not an issue present in the Ubuntu image.

A quick look at the system with top will show us php processes with new PIDs spiking the CPU endlessly. Output of ps axf will show the parent process as syslog-ng, whose config has a PHP script defined as a program which it is trying to launch. Turning on debugging in syslog-ng doesn’t return any information on what is happening so when something on an RHEL based system doesn’t make sense, what do you do? Check if SELinux is enforcing and look at your audit logs!

Continue reading

Understanding iptable’s hashlimit module

I was having trouble understanding the iptables hashlimit module and couldn’t dig up anything that really helped. The man pages are definitely lacking a clear explanation and /proc/net/ipt_hashlimit/ leaves out some information that would clarify things immensely. After some testing I managed to work it all out, so let’s go through it and see if I can help make sense of it for you too.

I’ll try not to assume too much prior knowledge about the module. We’ll be coming at this with the goal of blocking traffic that exceeds a certain amount of packets per second. From the man page:

hashlimit uses hash buckets to express a rate limiting match (like the limit match) for a group of connections using a single iptables rule. Grouping can be done per-hostgroup (source and/or destination address) and/or per-port. It gives you the ability to express “N packets per time quantum per group” or “N bytes per seconds”

Continue reading

Integrating NextCloud 11 with FreeIPA 4

Nextcloud + FreeIPA

This is a perfect example of banging your head against the wall for a day. Integration information between FreeIPA and just about anything is hard to come by, so I decided to put this short guide together covering it and Nextcloud. This is just a drop in a bucket that desperately needs to be filled. As always, I will endeavour to explain how I figured this out because understanding the how and why is important! Ultimately this investigation resulted in me tracking down a bug in the LDAP app in Nextcloud, and a patch has been merged for the Nextcloud 12 release.

You’ll require a read-only System account in your FreeIPA instance. This is for Nextcloud to bind to for reading users and groups. Basic instructions for creating a user for this purpose are located here on the FreeIPA wiki.

With this in hand and the LDAP / AD Integration app enabled in your Nextcloud instance you can get to configuring. You should be aware of some of your basic configuration settings in FreeIPA, like your basedn which you can find in /etc/ipa/default.conf on your IPA server.

Continue reading

Measuring and graphing I-frame gaps in videos

I’ve been mired in IPTV related work for a while now, popping my head up occasionally to grab a breath and take a look at some other neglected things in my day-to-day job. It isn’t long before I’m back into it though, and all the time I’m picking up more knowledge about the world of TV.

One thing that was brought to me recently was some failures related to a network PVR system having trouble ingesting encrypted video content. According to the support team for the software, I-frames in the content were too far apart to ingest properly. The person working on the issue at our company was interested in seeing just how far apart they were, so I set to creating a little script to do just that.

It turned out to be relatively simple using ffprobe, which is part of the ffmpeg suite. Using that data, it’s then possible to plot the I-frame gaps with gnuplot.

iframe-distance-plot

I-Frame gaps

Continue reading

Enabling pam_tty_audit on RHEL, CentOS, or Scientific Linux 6

aureport output

If you have plans to make use of the audit system in RHEL and its clones, you may decide to use pam_tty_audit. A lot of the top hits on Google will recommend enabling the module in /etc/pam.d/system-auth-ac, but because of changes related to having better support for HIDs like fingerprint scanners, it should actually exist in /etc/pam.d/password-auth-ac, which is included by /etc/pam.d/sshd and others. One other complaint is that it logs passwords, but a patch was implemented in an update to RHEL 6 to address this.

Add the following line to the end of /etc/pam.d/password-auth-ac to enable keystroke logging for all users on a default RHEL, CentOS or Scientific Linux 6 server:

session     required      pam_tty_audit.so enable=*

The raw audit log can then be viewed at /var/log/audit/audit.log (which includes other audit events) or output in a somewhat friendlier format using aureport as root.

aureport --tty -ts today

The audit system caches based on settings in /etc/audit/auditd.conf, so it could take some time before you see audit logs for user activity. Check its man page for further information

The Dog Cam

Dog with camera pack

Pack mounted wireless camera

So you have a dog in your office, work on a residential television service and it’s almost April Fools’. What do you do? Put a camera on it and broadcast it of course. That’s the immediate idea I had anyways, so I spent some time in March figuring out how I could do just that.

Continue reading