the itjerk

my adventures with technology

pixel 7

I bought my wife Google’s new Pixel 7. She had an older Pixel 3 which was showing it’s age. Plus, there’s some power in saying “Wife, you have the most modern tech in the household.” Anyway, arrived quickly, easily connected to Google Fi, only cost $499 and I haven’t had a chance to use it yet… but early reports are “OMG, this phone is faster than my old one”.

Advertisement

roon arc

Just announced today is Roon ARC, a new app for Android and iOS that allows streaming outside your home network! That’s a huge feature, and one that I’m sure will pay huge dividends for the company as having your music “on the go” was one of two features missing from Roon. (The other? Yes, it’s the ability to add your own reviews, bios, etc.).

I first updated my core, desktop, etc. to Roon 2.0, and then downloaded Roon ARC to my cell phone. I next opened the desktop application to configure Settings>Roon ARC. Before this connected, I had to open the following firewall port in UFW on Ubuntu box (see above, looks like it’s configurable):

sudo ufw allow 40229/tcp comment roonarc

I then cut wifi on my phone and guess what, I’m streaming! Now Roon, please add ARC to the Microsoft Store so I can get it on my Surface Go when I travel.

On the Web:
Roon 2.0

dnscrypt-proxy

Time to setup dnscrypt-proxy on my new Ubuntu 22.04 LTS box. I found the best way to do this was to also install resolvconf and use that to ensure that /etc/resolv.conf always get the dnscrypt port of 127.0.2.1. Previously I’ve used a bunch of different methods, but for this distro, I’m happy with my results.

sudo apt udpate
sudo apt install dnscrypt-proxy resolvconf
sudo nano /etc/dnscrypt-proxy/dnscrypt-proxy.toml

Here you can change the settings for dnscrypt, by altering the server_names line (e.g. [‘cisco’], [‘cloudflare’]). Also ensure that the listen_addresses is empty. Restart the service if you make changes.

sudo systemctl restart dnscrypt-proxy

Next, open your Network Manager and go to the IPv4 settings. Turn off Automatic DHCP and set the address to 127.0.2.1. Restart the NetworkManager service.

sudo systemctl restart NetworkManager

Finally, edit the following resolvconf file to use the dnscrypt’s address in /etc/resolv.conf by adding the following line: nameserver 127.0.2.1

sudo nano /etc/resolvconf/resolv.conf.d/head

Now restart your computer.

You can test a number of ways. If you used [‘cisco’] you can do the following. Note in the ANSWER section “dnscrypt enabled”.

dig txt debug.opendns.com
; <<>> DiG 9.18.1-1ubuntu1-Ubuntu <<>> txt debug.opendns.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28688
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;debug.opendns.com.		IN	TXT

;; ANSWER SECTION:
debug.opendns.com.	59	IN	TXT	"server m45.chi"
debug.opendns.com.	59	IN	TXT	"flags 20040022 0 50 180000000000000000003950000000000000000"
debug.opendns.com.	59	IN	TXT	"originid 585506578"
debug.opendns.com.	59	IN	TXT	"actype 2"
debug.opendns.com.	59	IN	TXT	"bundle 13458843"
debug.opendns.com.	59	IN	TXT	"source 76.229.202.213:57968"
debug.opendns.com.	59	IN	TXT	"dnscrypt enabled (7158645166363443)"

;; Query time: 4 msec
;; SERVER: 127.0.2.1#53(127.0.2.1) (UDP)
;; WHEN: Fri May 06 10:48:39 CDT 2022
;; MSG SIZE  rcvd: 313

Another way of checking is to visit https://www.dnsleaktest.com/ which will tell you your DNS resolver.

The only thing I don’t get is this: Why does this use the old address? For another day.

dnscrypt-proxy -resolve google.com -config /etc/dnscrypt-proxy/dnscrypt-proxy.toml 
Resolving [google.com] using 127.0.0.1 port 53

Unable to resolve: [read udp 127.0.0.1:35375->127.0.0.1:53: read: connection refused]

parental controls

I have a teen that refuses to do homework. You know, gets a “zero”. Thus, I take the phone away. However, teen needs a computer for homework. Fine. But you know when she gets on to the computer, she’s going to go to all those sites where “screenagers” waste their time. That’s fine. I’m going to show you how to block individual sites using OpenDNS and your Router. [Note that I’m going to use terminology for my Netgear, but chances are if you’re bothered to read this, you’ll know what I’m talking about. Also, while my Netgear router has a “Blocked Sites” function, it doesn’t work. Useless!]

DNS can be set in many places: local computer, router, modem. I’m not quite sure what trumps what, but I believe that’s the line. Using your router for DNS is better than using your modems – my AT&T modem does not allow it to change! Setting on an device level, well, that’s a lot of work. Also, I have to believe that most “screenagers” don’t know what DNS even is. So, here we go.

The first step is to open your router’s settings and go to Internet Settings (also called WAN). Set the Primary and Secondary numbers to OpenDNS, 208.67.222.222 and 208.67.220.220. Now, all requests originating form your router will go through OpenDNS. I’m sure there is some chatter on whether using Cisco-owned product is all that good, but from what I’ve read, it’s one of the better choices out there for the home user. What you may give up in privacy, you’ll gain in secure web browsing.

The second step is to let OpenDNS know that request from your router are yours. Okay, that may sound all scary and Big Brother, but let’s not pretend that our web surfing is anonymous. It’s not. You buy your internet from someone, or are you really getting it for free from a leaky neighbor or a nearby Starbucks?

To sign up for an OpenDNS account, go to their website and sign up for a free Home account. All it requires is an email address. Once completed, open their Dashboard from a computer on your home network. Under settings, add your local network: it’s going to be the IP address of your modem. Give it name, and save it. OpenDNS will now associate requests from that IP as yours. Under Web Content Filtering, you’ll see two areas. The top is a predefined set for a variety of “undesirable” sites – if I had teenage boys, I’d sure as hell use this to block the “naughty bits”. The bottom section allows individual site blockage. Here’s what I wanted:

Give it about five-ten minutes (they say three) and those sites are as good as gone! While a web browser may give a different warning (usually a cert error), dig one deeper with nslookup, you’ll see what’s going on:

PS Desktop> nslookup snapchat.com
Server: UnKnown
Address: 192.168.0.1

Non-authoritative answer:
Name: snapchat.com
Addresses: ::ffff:146.112.61.104
146.112.61.104

And if you go to that IP:

Couple of points: First, you’ll probably need to run Cisco’s OpenDNS-Updater program as your ISP provides your modem with a dynamic host; exact same thing as if you were running a DynamicDNS service like DuckDNS. Second, a really smart kid could probably figure out how those sites are being blocked. My kid is smart, but if she was really that smart, she’d just do her homework in the first place.

One the web:
https://www.opendns.com/home-internet-security/

no wayland

Having run Ubuntu 22.04 LTS for a week now, I tracked a lot of the “misbehavior” down to the Wayland display server protocol. Totem never quite loaded correctly, if it even ran, while seemingly innocuous tasks like dropping a file on Audacious also proved troublesome. So until Ubuntu figures out Wayland’s inadequacies, I’m back to using good ol’ Xorg.

When you log in to Ubuntu, there’s a gear in the bottom right screen to choose which display server you want to use. But to make it a little more foolproof, simply edit Wayland out of existence:

sudo nano /etc/gdm3/custom.conf

#Uncomment the line below to force the login screen to use Xorg
WaylandEnable=false

You can always check which display you are using with:
echo $XDG_SESSION_TYPE
x11

ubuntu 22.04lts jammy jellyfish

Now that the new box is built, it’s off to make it work. As previously stated, I downloaded Ubuntu 22.04 LTS on DVD, but it had issues loading. I quickly made a bootable USB drive and was off to the races. I chose a minimal install without encryption and with updates. I can’t be bothered entering a password after every reboot, let alone remotely; but foremost, there’s nothing on the computer that needs to be encrypted.

Once completed, I first got the RAID1 with my music configured by creating a mount point, adding it to /etc/fstab and made an alias for it in my home folder. I then downloaded Roon, made it executable, installed its dependencies (curl, ffmpeg, cifs-utils) and then ran the installation script. On my Windows computer, I signed into Roon Desktop (btw, remember to sign out of any previous installations), added my music libraries and – most importantly – restored the latest backup of my previous Roon Core!

Next up was getting Duckdns so I can login remotely, UFW because it’s open for remote access, and configuring SSH for my website’s production host. Most of this was simple, though I did have to temporarily enable PasswordAuthentication on the production host for keys, and I also needed to reconfigure my router with the MAC address for the new motherboard to access the computer via port forwarding.

I then set to install the applications I need. Some are little tweaks like numlockx, while others were from that list I made – Audacious, Brasero, MOC, Easytag, etc, while fre:ac was a snap. I have issues with dt14-tmeter, which has always been prickly (fixed 04/26/22), and Totem which crashes and doesn’t play correctly under Wayland. I also imported bookmarks into Firefox and did quick run through of my top sites to get their passwords remembered.

I’m on the fence about tweaking out the UI, as the older I get the less I care about having it my way: Ubuntu and Gnome are good enough out of the box. I’m sure at some point I’ll get bored and add Gnome Extensions, Tweaks, get the Snap-free Firefox, change the colors etc, but for now, the computer is fine as it is. In the meantime, I will continue to use Xorg as everything seems to run best under it, including Totem, Audacious, etc.

One the web:
https://ubuntu.com/download/desktop

byopc 2022

With the arrival of Ubuntu 22.04 LTS, aka Jammy Jellyfish, it’s time to build a new Linux box. Hard to believe that another four years has already passed. I’m still happy with the old one, but the fans are a bit noisy, and I’d like to up performance. Note that this computer is an “always-on” dedicated music server for Roon software, containing a 4TB RAID1 with my music collection. And that’s just about all I use it for: ripping CDs to the library, running Roon server, the occasional DVD or CD burn, and of course, having the Linux environment at home to keep my itjerk skills up.

Over the years, I’ve found myself gravitate almost exclusively to the Windows environment for “day to day” computing. Why? It’s just fine for me. Other than running a few applications (mostly InDesign), the vast majority of my desktop experience is inside a web browser. Yours too, probably. And as someone that’s spent the past 20+ years in desktop support, I’m completely agnostic about Mac vs Windows vs Linux. Whatever costs less should be one’s top choice, not some brand fetish. Whether it’s a Dell or any Apple, Windows or macOS or Ubuntu, a properly maintained computer is both safe and secure. “Better” is subjective.

I’ve chose an Intel i3-10105 processor for the computer because a) it’s the cheapest I could find ($89) and b) it gives me plenty of “boost” from the current G4400 Pentium; more cores/threads/cache, faster clock, and only mildly less power efficiency (65w vs 54w). For the motherboard, I’ll need an LGA 1200 socket and a quick look at the Microcenter website yields the ASUS H510M-E Prime Intel microATX for $85. I’ll throw in a very fast 256GB NVMe M.2 drive for $32 for the boot drive and that’s about all I need. I have 8GB of DDR4 2133 RAM from the previous build that to reuse (along with case, power supply, etc). That’s a total bill of $202 for new computer “guts”.

The very first thing to do is ensure I have a backup of the RAID1. I’m going to transfer the RAID card and drives to the new mobo, which should go without a hitch (it did), but having a fresh backup gives me 100% peace of mind. I’m getting a new M.2 boot drive, so I’ll have the previous SSD to copy things over. Then, I’ll be sure to get a list of programs I’ll need to reinstall along with bookmarks, config files and my bash history (a wealth of knowledge!). With an initial minimum install of Ubuntu, I’ll need a few things, but mostly they and their dependencies relate to Roon, CD ripping and playback (notably Fre:AC and it’s config files!), plus a few DVD programs like Handbrake, DeeVeeDee and DVDAE. No need to bring extra software baggage to a clean install; if I forgot something, I can always install later.

One thing about the installation: maybe I’m getting old or maybe the lighting was just bad, but I did have to recheck some of my connections inside the case. RAM wasn’t clipped completely, USB header was off and I didn’t push the audio plug in all the way! The old SPDIF card I had doesn’t have the right pin config, so I’ll splurge $17 for a new one.

After downloading Ubuntu 22.04 LTS, I burned a DVD of the iso but it didn’t work. So I quickly made a USB drive and installation was fine. I did a minimal install, no encryption (PITA to enter a password and no way to do it remotely). I did get a couple boot warnings, but after I updated the mobo’s BIOS and the ACPI warning went away, while enabling VMX in the BIOS advanced settings corrected that. Still have “SGX disabled in BIOS” to deal with. One other thing, when the computer boots, it doesn’t display the RAID card’s screen. Hmmm.

Now on to Jammy Jellyfish!

Microsoft Surface Go 3

Yeah, I’m a jerk, I bought one. $379 from their website, delivered in a couple days. It booted into Windows 11 and all is good except screen sharing cuts out though after a minute or so. Wonder why? Sold the orignal Surface Go on eBay for $156.50 plus shipping.

wireless display

Every since I found out my Surface Go wasn’t Windows 11 capable, I started to plot ways to get rid of it. Well, not any more. It can function as a Wireless Display for my desktop computer! Now that I’ve started working on The Strawberry Bricks Companion, I found the need for a second display as my main monitor is filled with Adobe InDesign. A quick google search and I found that the Surface is indeed able to function as a wireless display, and here’s how:

First step is to enable the wireless display feature set for Windows on the Surface. Go to Apps>Optional Features and then search for “wireless display” and install. Next on the Surface, open Windows settings and go to Projecting to this PC. There, enable the first option to “Available Everywhere” and turn power source off. (You can adjust the specific settings as you wish, these worked for me.) That’s it for the Surface. To connect to the Surface from my desktop, I just go to Settings> Displays, find the Multiple Display option and click connect! Viola! I have two displays.

Now you may be asking, why don’t you have two monitors? Well, my original Scan Design computer desk from the late 80s isn’t that big, so I opted for one 24″ monitor. Given my eyesight (I have single vision glasses just for computer work), it fits my needs.

roon firewall update

For some reason which I now forget, I signed up for the beta channel for Roon’s Linux server software. It updates maybe once a month, and very recently (with 1.8.x) everything stopped working right. A quick jump to the community boards and I found out that Roon Labs had changed the ports required for the software. Even more astonishingly, it’s undocumented. Here’s what I’m using.

22/tcp                     ALLOW       Anywhere                  
9003/udp                   ALLOW       192.168.0.0/24       # roon
9330:9339/tcp              ALLOW       192.168.0.0/24       # roon
8008:8009/tcp              ALLOW       192.168.0.0/24       # roon
30000:30010/tcp            ALLOW       192.168.0.0/24       # roon
8010                       ALLOW       Anywhere             # chromecast
1194/udp                   ALLOW       192.168.0.0/24       # roon
22/tcp (v6)                ALLOW       Anywhere (v6)        
8010 (v6)                  ALLOW       Anywhere (v6)        # chromecast