the itjerk

my adventures with technology

Category Archives: How-to

dnscrypt-proxy

Time to setup dnscrypt-proxy on my new Ubuntu 22.04 LTS box. I found the best way to do this was to also install resolvconf and use that to ensure that /etc/resolv.conf always get the dnscrypt port of 127.0.2.1. Previously I’ve used a bunch of different methods, but for this distro, I’m happy with my results.

sudo apt udpate
sudo apt install dnscrypt-proxy resolvconf
sudo nano /etc/dnscrypt-proxy/dnscrypt-proxy.toml

Here you can change the settings for dnscrypt, by altering the server_names line (e.g. [‘cisco’], [‘cloudflare’]). Also ensure that the listen_addresses is empty. Restart the service if you make changes.

sudo systemctl restart dnscrypt-proxy

Next, open your Network Manager and go to the IPv4 settings. Turn off Automatic DHCP and set the address to 127.0.2.1. Restart the NetworkManager service.

sudo systemctl restart NetworkManager

Finally, edit the following resolvconf file to use the dnscrypt’s address in /etc/resolv.conf by adding the following line: nameserver 127.0.2.1

sudo nano /etc/resolvconf/resolv.conf.d/head

Now restart your computer.

You can test a number of ways. If you used [‘cisco’] you can do the following. Note in the ANSWER section “dnscrypt enabled”.

dig txt debug.opendns.com
; <<>> DiG 9.18.1-1ubuntu1-Ubuntu <<>> txt debug.opendns.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28688
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;debug.opendns.com.		IN	TXT

;; ANSWER SECTION:
debug.opendns.com.	59	IN	TXT	"server m45.chi"
debug.opendns.com.	59	IN	TXT	"flags 20040022 0 50 180000000000000000003950000000000000000"
debug.opendns.com.	59	IN	TXT	"originid 585506578"
debug.opendns.com.	59	IN	TXT	"actype 2"
debug.opendns.com.	59	IN	TXT	"bundle 13458843"
debug.opendns.com.	59	IN	TXT	"source 76.229.202.213:57968"
debug.opendns.com.	59	IN	TXT	"dnscrypt enabled (7158645166363443)"

;; Query time: 4 msec
;; SERVER: 127.0.2.1#53(127.0.2.1) (UDP)
;; WHEN: Fri May 06 10:48:39 CDT 2022
;; MSG SIZE  rcvd: 313

Another way of checking is to visit https://www.dnsleaktest.com/ which will tell you your DNS resolver.

The only thing I don’t get is this: Why does this use the old address? For another day.

dnscrypt-proxy -resolve google.com -config /etc/dnscrypt-proxy/dnscrypt-proxy.toml 
Resolving [google.com] using 127.0.0.1 port 53

Unable to resolve: [read udp 127.0.0.1:35375->127.0.0.1:53: read: connection refused]

parental controls

I have a teen that refuses to do homework. You know, gets a “zero”. Thus, I take the phone away. However, teen needs a computer for homework. Fine. But you know when she gets on to the computer, she’s going to go to all those sites where “screenagers” waste their time. That’s fine. I’m going to show you how to block individual sites using OpenDNS and your Router. [Note that I’m going to use terminology for my Netgear, but chances are if you’re bothered to read this, you’ll know what I’m talking about. Also, while my Netgear router has a “Blocked Sites” function, it doesn’t work. Useless!]

DNS can be set in many places: local computer, router, modem. I’m not quite sure what trumps what, but I believe that’s the line. Using your router for DNS is better than using your modems – my AT&T modem does not allow it to change! Setting on an device level, well, that’s a lot of work. Also, I have to believe that most “screenagers” don’t know what DNS even is. So, here we go.

The first step is to open your router’s settings and go to Internet Settings (also called WAN). Set the Primary and Secondary numbers to OpenDNS, 208.67.222.222 and 208.67.220.220. Now, all requests originating form your router will go through OpenDNS. I’m sure there is some chatter on whether using Cisco-owned product is all that good, but from what I’ve read, it’s one of the better choices out there for the home user. What you may give up in privacy, you’ll gain in secure web browsing.

The second step is to let OpenDNS know that request from your router are yours. Okay, that may sound all scary and Big Brother, but let’s not pretend that our web surfing is anonymous. It’s not. You buy your internet from someone, or are you really getting it for free from a leaky neighbor or a nearby Starbucks?

To sign up for an OpenDNS account, go to their website and sign up for a free Home account. All it requires is an email address. Once completed, open their Dashboard from a computer on your home network. Under settings, add your local network: it’s going to be the IP address of your modem. Give it name, and save it. OpenDNS will now associate requests from that IP as yours. Under Web Content Filtering, you’ll see two areas. The top is a predefined set for a variety of “undesirable” sites – if I had teenage boys, I’d sure as hell use this to block the “naughty bits”. The bottom section allows individual site blockage. Here’s what I wanted:

Give it about five-ten minutes (they say three) and those sites are as good as gone! While a web browser may give a different warning (usually a cert error), dig one deeper with nslookup, you’ll see what’s going on:

PS Desktop> nslookup snapchat.com
Server: UnKnown
Address: 192.168.0.1

Non-authoritative answer:
Name: snapchat.com
Addresses: ::ffff:146.112.61.104
146.112.61.104

And if you go to that IP:

Couple of points: First, you’ll probably need to run Cisco’s OpenDNS-Updater program as your ISP provides your modem with a dynamic host; exact same thing as if you were running a DynamicDNS service like DuckDNS. Second, a really smart kid could probably figure out how those sites are being blocked. My kid is smart, but if she was really that smart, she’d just do her homework in the first place.

One the web:
https://www.opendns.com/home-internet-security/

no wayland

Having run Ubuntu 22.04 LTS for a week now, I tracked a lot of the “misbehavior” down to the Wayland display server protocol. Totem never quite loaded correctly, if it even ran, while seemingly innocuous tasks like dropping a file on Audacious also proved troublesome. So until Ubuntu figures out Wayland’s inadequacies, I’m back to using good ol’ Xorg.

When you log in to Ubuntu, there’s a gear in the bottom right screen to choose which display server you want to use. But to make it a little more foolproof, simply edit Wayland out of existence:

sudo nano /etc/gdm3/custom.conf

#Uncomment the line below to force the login screen to use Xorg
WaylandEnable=false

You can always check which display you are using with:
echo $XDG_SESSION_TYPE
x11

ubuntu 22.04lts jammy jellyfish

Now that the new box is built, it’s off to make it work. As previously stated, I downloaded Ubuntu 22.04 LTS on DVD, but it had issues loading. I quickly made a bootable USB drive and was off to the races. I chose a minimal install without encryption and with updates. I can’t be bothered entering a password after every reboot, let alone remotely; but foremost, there’s nothing on the computer that needs to be encrypted.

Once completed, I first got the RAID1 with my music configured by creating a mount point, adding it to /etc/fstab and made an alias for it in my home folder. I then downloaded Roon, made it executable, installed its dependencies (curl, ffmpeg, cifs-utils) and then ran the installation script. On my Windows computer, I signed into Roon Desktop (btw, remember to sign out of any previous installations), added my music libraries and – most importantly – restored the latest backup of my previous Roon Core!

Next up was getting Duckdns so I can login remotely, UFW because it’s open for remote access, and configuring SSH for my website’s production host. Most of this was simple, though I did have to temporarily enable PasswordAuthentication on the production host for keys, and I also needed to reconfigure my router with the MAC address for the new motherboard to access the computer via port forwarding.

I then set to install the applications I need. Some are little tweaks like numlockx, while others were from that list I made – Audacious, Brasero, MOC, Easytag, etc, while fre:ac was a snap. I have issues with dt14-tmeter, which has always been prickly (fixed 04/26/22), and Totem which crashes and doesn’t play correctly under Wayland. I also imported bookmarks into Firefox and did quick run through of my top sites to get their passwords remembered.

I’m on the fence about tweaking out the UI, as the older I get the less I care about having it my way: Ubuntu and Gnome are good enough out of the box. I’m sure at some point I’ll get bored and add Gnome Extensions, Tweaks, get the Snap-free Firefox, change the colors etc, but for now, the computer is fine as it is. In the meantime, I will continue to use Xorg as everything seems to run best under it, including Totem, Audacious, etc.

One the web:
https://ubuntu.com/download/desktop

byopc 2022

With the arrival of Ubuntu 22.04 LTS, aka Jammy Jellyfish, it’s time to build a new Linux box. Hard to believe that another four years has already passed. I’m still happy with the old one, but the fans are a bit noisy, and I’d like to up performance. Note that this computer is an “always-on” dedicated music server for Roon software, containing a 4TB RAID1 with my music collection. And that’s just about all I use it for: ripping CDs to the library, running Roon server, the occasional DVD or CD burn, and of course, having the Linux environment at home to keep my itjerk skills up.

Over the years, I’ve found myself gravitate almost exclusively to the Windows environment for “day to day” computing. Why? It’s just fine for me. Other than running a few applications (mostly InDesign), the vast majority of my desktop experience is inside a web browser. Yours too, probably. And as someone that’s spent the past 20+ years in desktop support, I’m completely agnostic about Mac vs Windows vs Linux. Whatever costs less should be one’s top choice, not some brand fetish. Whether it’s a Dell or any Apple, Windows or macOS or Ubuntu, a properly maintained computer is both safe and secure. “Better” is subjective.

I’ve chose an Intel i3-10105 processor for the computer because a) it’s the cheapest I could find ($89) and b) it gives me plenty of “boost” from the current G4400 Pentium; more cores/threads/cache, faster clock, and only mildly less power efficiency (65w vs 54w). For the motherboard, I’ll need an LGA 1200 socket and a quick look at the Microcenter website yields the ASUS H510M-E Prime Intel microATX for $85. I’ll throw in a very fast 256GB NVMe M.2 drive for $32 for the boot drive and that’s about all I need. I have 8GB of DDR4 2133 RAM from the previous build that to reuse (along with case, power supply, etc). That’s a total bill of $202 for new computer “guts”.

The very first thing to do is ensure I have a backup of the RAID1. I’m going to transfer the RAID card and drives to the new mobo, which should go without a hitch (it did), but having a fresh backup gives me 100% peace of mind. I’m getting a new M.2 boot drive, so I’ll have the previous SSD to copy things over. Then, I’ll be sure to get a list of programs I’ll need to reinstall along with bookmarks, config files and my bash history (a wealth of knowledge!). With an initial minimum install of Ubuntu, I’ll need a few things, but mostly they and their dependencies relate to Roon, CD ripping and playback (notably Fre:AC and it’s config files!), plus a few DVD programs like Handbrake, DeeVeeDee and DVDAE. No need to bring extra software baggage to a clean install; if I forgot something, I can always install later.

One thing about the installation: maybe I’m getting old or maybe the lighting was just bad, but I did have to recheck some of my connections inside the case. RAM wasn’t clipped completely, USB header was off and I didn’t push the audio plug in all the way! The old SPDIF card I had doesn’t have the right pin config, so I’ll splurge $17 for a new one.

After downloading Ubuntu 22.04 LTS, I burned a DVD of the iso but it didn’t work. So I quickly made a USB drive and installation was fine. I did a minimal install, no encryption (PITA to enter a password and no way to do it remotely). I did get a couple boot warnings, but after I updated the mobo’s BIOS and the ACPI warning went away, while enabling VMX in the BIOS advanced settings corrected that. Still have “SGX disabled in BIOS” to deal with. One other thing, when the computer boots, it doesn’t display the RAID card’s screen. Hmmm.

Now on to Jammy Jellyfish!

wireless display

Every since I found out my Surface Go wasn’t Windows 11 capable, I started to plot ways to get rid of it. Well, not any more. It can function as a Wireless Display for my desktop computer! Now that I’ve started working on The Strawberry Bricks Companion, I found the need for a second display as my main monitor is filled with Adobe InDesign. A quick google search and I found that the Surface is indeed able to function as a wireless display, and here’s how:

First step is to enable the wireless display feature set for Windows on the Surface. Go to Apps>Optional Features and then search for “wireless display” and install. Next on the Surface, open Windows settings and go to Projecting to this PC. There, enable the first option to “Available Everywhere” and turn power source off. (You can adjust the specific settings as you wish, these worked for me.) That’s it for the Surface. To connect to the Surface from my desktop, I just go to Settings> Displays, find the Multiple Display option and click connect! Viola! I have two displays.

Now you may be asking, why don’t you have two monitors? Well, my original Scan Design computer desk from the late 80s isn’t that big, so I opted for one 24″ monitor. Given my eyesight (I have single vision glasses just for computer work), it fits my needs.

roon firewall update

For some reason which I now forget, I signed up for the beta channel for Roon’s Linux server software. It updates maybe once a month, and very recently (with 1.8.x) everything stopped working right. A quick jump to the community boards and I found out that Roon Labs had changed the ports required for the software. Even more astonishingly, it’s undocumented. Here’s what I’m using.

22/tcp                     ALLOW       Anywhere                  
9003/udp                   ALLOW       192.168.0.0/24       # roon
9330:9339/tcp              ALLOW       192.168.0.0/24       # roon
8008:8009/tcp              ALLOW       192.168.0.0/24       # roon
30000:30010/tcp            ALLOW       192.168.0.0/24       # roon
8010                       ALLOW       Anywhere             # chromecast
1194/udp                   ALLOW       192.168.0.0/24       # roon
22/tcp (v6)                ALLOW       Anywhere (v6)        
8010 (v6)                  ALLOW       Anywhere (v6)        # chromecast


new raid1

The linux computer crashed. Upon restart, it wanted a disk check. Fair enough. But then when it rebooted, it went to the recovery console. Uh, oh, something is up. I went to Advanced Options and did a dpkg check, which found a few things to correct before I could reboot back into the GUI. At first I thought the OS drive was bad, but it ends up that the data drive was the one that had the error.

Upon the next reboot, my RAID card gave me a warning, “HDD may be not available. Please contact…” but when I went into the RAID menu, all drives were good. Hmmm. Does the ASMedia really read the disks’ SMART status? Once inside Ubuntu I then checked the SMART status of my drives using smartctl:

sudo smartctl -d sat --all /dev/sdx -H

The OS drive was fine, but the RAID said DISK IS LIKELY TO FAIL SOON, even though the RAID menu reported both disks as fine. While smarctl is very useful, it cannot look inside the ASMedia controller to let me know which disk was failing. Card said fine, OS said not fine. Who do I trust? Ubuntu. Bottom line: SMART is not to be ignored.

First, I immediately did a backup. Success. I then popped down to my local Microcenter and purchased two new (price matched!) 4TB Seagate IronWolf drives and setup a new RAID1. Why? Foremost, all the drives were still working, no data had been lost. So why not start fresh, reset the clock on the drives to Late 2021 and gain an extra TB of space?

It’s just a lot of time to complete a restore, but everything is safe again.

new dell pc

Recently I searched this website for information about my Windows desktop only to find BYOPC 2016 – is that computer really five years old? Indeed it is, so with little hesitation I set out to find a replacement. Why? Foremost, I believe in a four (4) year replacement cycle for desktop computers. Remember, there’s no badge of honor earned from your janky old computer. Performance, security, safety, peace of mind and your itjerk’s respect all factor in. Second, the computer is not Windows 11 compatible, which as an IT professional will be important for me. Finally, it was an inexpensive build, on the noisy side (cheap case) and low on storage (128GB boot drive). Yet as cheap as it was, it served me well, but now it’s time to move on!

As my primary desktop, it was quite easy for me to arrive at the decision to buy a new computer. Building computers is fun, but good, workable options are just inexpensive. Don’t forget, PC makers spend a lot of time designing well-engineered systems; that’s part of what we pay for. I don’t game, so I have little need for power or anything but a standard configuration, including one that is Windows 11 ready. Now, I haven’t had a Dell computer since the old Dimension C521 in 2007, but my recent experiences with my daughter’s Latitude 3190s (despite initial problems) brought me around again.

A quick trip to Dell.com yielded a Vostro 3681 in a small form-factor case, with 8GB RAM, 256GB M.2 PCIe NVMe Solid State Drive and an Intel 10th Gen i5-10400 processor(6-Core, 12M Cache, 2.9GHz to 4.3GHz) processor, all for $499 (after a $50 coupon code). The HDMI port fits well with my KVM, and it has an extra bay for a spare hard drive. Pandemic-driven built-in bluetooth and wifi card in most desktops (here via a second M2 slot) is handy as well. Plus it’s kinda cute, with that red front bezel.

It arrived quickly (Sat->Wed), and within no time I had an extra 8GB RAM installed, as well as the 128GB drive from my old computer. I signed in with my Microsoft account, and OneDrive did a pretty good job of getting everything in place. I did have to ensure that my Documents and Pictures folders did not connect to OneDrive, as I don’t want them to sync nor be in the Cloud. The perfunctory Windows (shipped with 20H2) and Microsoft Store updates were next, followed by Dell’s System Update. I had previously made a list of the applications I needed, so it was off to the races to download and install them. One thing I realized is that my old Quicken 2007 software is a real relic; getting that now requires an annual subscription, so I’m glad I still had the CD! Once I copied the data from my old drive over, I took it out and plugged in a 1TB “scratch disk” from the old computer that I have a bunch of misc files on. It’s an old SATA drive, so I may replace it with a SSD to keep the “silence” the Vostro 3681 provides.

Update: That 1TB “scratch disk” was actually a 500GB drive, and I did replace it with a 512GB SSD.

Nota Bene: Before you wipe clean your old computer, be sure to give the new computer a run through of your most important tasks. For instance, opening my book InDesign and printing a PDF copy yielded a couple missing fonts (which I had) and a PDF preset (which luckily I found). In other words, don’t be in a hurry to throw out the old!

All in all, it’s a silent, snappy little computer that more than provides for what I need in a desktop environment. Good on you Dell.

One the web:
Dell Vostro

google hangouts to google chat?

Hey Google, I understand that for whatever reason you are switching Google Hangouts to Google Chat, but please do not forget to transfer the Group Hangouts over. I have one for my family, it’s how we communicate, you know, as a family.

Hangouts was a nice solution for communicating with my wife and our kids. We use it exclusively for intra-family communication. No messages, no texts, no messenger, etc., just Hangouts. So when that green bubble notification comes up, we immediately all know it’s a family matter. In addition to the app, it also sits conveniently at the bottom left of Gmail.

C’mon Google, do the right thing. Convert the Group Hangouts over to Chat!

Edit Jan 27th – Our family hangout appeared in Google Chat under Rooms! thanks Google!