the itjerk

my adventures with technology

Category Archives: How-to

dnscrypt2

Spurred on by some recent articles, I decided to switch to dnscrypt2. It’s an improved version, supports a whole slew of things and more resovers.

This was a bit of work, because, stupidly, I disabled dns! Anyway, long story short, I followed the instructions here, and everything worked out okay. I did need to edit /etc/dnsmasq.conf because dnsmasq was also trying to use to 127.0.0.1.

desktop:~$ nslookup -type=txt debug.opendns.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
debug.opendns.com text = "server m33.chi"
debug.opendns.com text = "flags 20 0 70 7950800000000000000"
debug.opendns.com text = "originid 0"
debug.opendns.com text = "actype 0"
debug.opendns.com text = "source 23.122.56.207:33649"
debug.opendns.com text = "dnscrypt enabled (714E7A696D657555)"

One the web:
DNScrypt

Advertisements

the big upgrade

Production website upgrades (do-release-upgrade from 14.04.5 to 16.04.4) are the most nerve-wracking ever. Being a “one-man show” means it’s all or nothing, no team to lean on, just my wits and google. Sure, I had a back-up if everything went south; yes, I had an idea everything would work; and yes, I ran into problems.

The local copy of my website needed an earlier version of php to work. That fix was easy enough, I just installed ondrej ppa for it. But I ran into a problem with the production site because I have iRedMail installed; so yes, the local copy isn’t completely like the production site. Here the problem was auth_mysql, as evidenced by sudo apache2ctl configtest. Two mods I have – awstats and cluebringer – were calling auth_mysql and preventing apache2 to load. The fix was fairly easy, apt-get install libaprutil1-dbd-mysql, and then clearing out the offending *.conf files. Thanks to iRedMail for information.

Seeing that website, email, etc live again was a good, good feeling.

A few weeks later, there were a few more things I had to tweak to get oh-so-right, but most of that was email related, and mostly non-OS related.

phpbb – new website

I have a web property, progressiverock.com, that’s been dormant ever since I rebranded my prog rock site after my book, strawberrybricks.com, a few years ago. One would think that the former URL is worth some money, but to date I have been unsuccessful in finding a buyer. So rather than just serving as a redirect to the latter URL, I decided to install phpbb and relaunch the site as a bulletin board to discuss all things prog rock and generate some brand recognition.

I use Digital Ocean for virtual hosting because it’s cheap (starting at $5/mo) and easy. The process to create a new virtual host “droplet” is simple enough: pick your choice of options (size, memory), hosting location, operating system (you can even get it pre-loaded with LAMP) and then setup the dns records. Within minutes, it was up and running as progressiverock.com.

Immediately after an apt-get update/dist-upgrade, I added some basics to the core system, like openssh server, ufw, postfix/logwatch and apticron. Most were straight forward installs, but for postfix, be sure to setup your A, MX and TX records before you start, and check your logs/errors for what to tweak; I had to add postconf compatibility and manually create the virtual alias map to clear errors I found in mail.log. I also setup sender_canonical because I just have a “no-reply” email system (for now). Also, don’t forget to set your timezone.

After configuring mysql and apache2, I added my rss feed, which needed the php-xml module installed to work. Let’s Encrypt was next, because why not — everyone should be using SSL. I also added awstats, which needed user www-data added to the adm group to correct the errors I generated by cron. The bulletin board software phpbb was quite simple to install; fortunately I remembered some basic mySQL commands to get the database setup beforehand. I then added American English as a language, and found feedpostbot, an extension that uses rss feeds to create topics — perfect for the “Album of the Day.” Forum hierarchy took a little thought, and I’m sure I’ll change it again before it all goes live. My next task is to get a new style for the site, but that my require some outside help. More later.

None of this was complicated, and most steps took but a few minutes to do. My big take away here is that log files and error messages are your friend: listen to them as they tell you exactly what to correct with your installation.

And if you want the domain progressiverock.com, make me an offer that I can’t refuse!

On the web:
phpBB • Free and Open Source Forum Software

bios, baby

I know that everyone hates updates, especially that ultra-pesky 1709 Creators update for Windows 10. But you gotta do them, just like exercising, dieting, eating healthy, etc. Please remember when an update says “DO NOT POWER OFF YOUR COMPUTER” it really means it.

Currently most every “modern” computer needs to have its BIOS updated for those also-pesky chip Spectre/Meltdown vulnerabilities. Most computer manufacturers and motherboard companies have Windows software that helps you perform a BIOS update. Apple calls these firmware, and handles the updates for you via the App Store. Just remember, these updates should be done attended, so that’s more for the itjerk to do!

dnscrypt

Domain Name Service (DNS) is the mechanism by where numeric IP addresses become readable domain names; it’s far easier for me to tell you to visit strawberrybricks.com than a bunch of numbers. When you browse the internet, then, the addresses you type or click on go through a DNS search. Typically, your ISP provides this service, or whomever you get your network connection from – however there is an implicit level of trust involved. Who’s to say that yahoo.com for example, is really yahoo.com? What is the DNS server spoofed the reply? Further, any DNS server can collect a wealth of information by recording your DNS requests. Finally, the speed of your browsing is dependent on how quickly these requests are filled.

Both Google (8.8.8.8) and OpenDNS (208.67.222.222) provide free DNS services that are fast and secure, and supposedly do not track your requests. A third service, Quad9 (9.9.9.9) was very recently launched. Your ISP has a lot of information about you. Switching your DNS to one of these providers is simple (just type them in your router, or network connection), and gives some degree of privacy. Every little bit helps?

DNSCrypt goes one further by encrypting all your DNS requests. It’s an easy enough program to install, available for PC, Mac and Linux, and for routers using DD-WRT. On my Ubuntu box, I needed to install libsodium-dev first, and then was most successful installing DNSCrypt-proxy from source by using the old “configure, make, make install” method with version 1.9.5. Then, you can run it with systemd automatically.

On the web:
DNSCrypt

caa records

If you bother to read this, CAA Mandated by CA/Browser Forum you’ll learn that CAA (Certificate Authority Authorization) standard designed to prevent bad actors from creating unauthorized SSL/TLS certificates has been implemented as of September 2017. CAA records allow domain owners to specify which Certificate Authorities (CAs) are permitted to issue certificates. This is acheived by adding CAA information to your domain’s records at the host level.

Good news. My host added this functionality, and it’s a simple process to now identity who can issue an SSL certificate to your domain. In my case, it’s letsencrypt.org. Now my SSL rating has gone up. Legit.

caa

minidlna

When talking about digital music servers other than Squeezebox Server, I feel like a cheater. It’s been my reliable go-to method for serving up my ripped and downloaded music for over a decade now. But not every piece of hardware speaks to it; Beep appeared a while back and saw me install miniDLNA on my linux box, where all my music files reside.

The Digital Living Network Alliance is a trade group that certifies compliance to a standard for delivering digital media. MiniDLNA is an implementation for Ubuntu, and mini it is! No interface (save a bare bones web page at port 8200), it is configured by editing /etc/minidlna.conf.

Set the path to your music; I’m only looking for audio files, so I mark the directory with an A.
#media_dir=/var/lib/minidlna
media_dir=A,/mnt/data/music

Set the database cache directory (important!) and enable logging:
db_dir=/var/cache/minidlna
log_dir=/var/log

Tell it to look for new files or not:
inotify=yes

Set the name of the server presented to clients. This provides a simple way to check if you’re connecting to you server.
friendly_name=My-MiniDLNA

That’s it! Restart the service after you make changes to the configuration,
sudo service minidlna restart

or rebuild the database if you’ve changed or added music.
sudo service minidlna force-reload

There’s a ton more it can do, including serving videos, pictures, etc, and it also offers per-user configuration as well; but for my purpose my newly acquired Oppo BVD-103 can now stream all the music on my computer.

On the web:
MiniDLNA Ubuntu
ReadyMedia

record cleaning

If you didn’t know, I’ve got a lot of albums, the earliest of which I started collecting in the early 1970s. They’ve been through a lot – teenage years, moves, and many of them were bought used. As I catalog them on discogs.com, I’ve been looking at each and every one. Most look pretty good; very good plus or even mint minus; others, not so much: finger prints, dust and who knows what! A record is made of polyvinyl chloride – PVC. It’s pretty hardy stuff, most modern plumbing is made of it. The grooves are more fragile, and once scratched, scuffed, etc, it cannot be undone. Yet anything that gets into those grooves that makes for a less than perfect playing experience can be rectified with proper cleaning. But please have realistic expectations about $3.00 records from Salvation Army. You can’t undue wear to vinyl – scratches and scuffs are permanent – dirt and dust are not.

Now let’s talk about money. If one had unlimited resources, they could just buy a better copy of an album. Or a $5000 ultrasonic record cleaner. Or even pay someone to clean their records. But I didn’t spend 40 years collecting records just to replace them; that wear and tear is my wear and tear, and those records and all they’ve been through are part of my story. And cleaning them, is my work.

The best way to clean records is by using a wet solution and then vacuuming it dry. Record cleaning machines start at about $500, and go up, though the Record Doctor V is only $200. A product like Spinclean handles the washing part, but not the drying; microfiber clothes are okay, but they don’t provide the “lift” that vacuuming does.

The $29 Vinyl Vac is not only one of the least expensive ways to get into vacuuming records, it’s also one of the best! It’s a PVC tube that attaches to the end of a shop vac, and over the spindle on a turntable. The tube has a slot cut into it, with felt around the edge that rides over the vinyl – pictures speak a thousand words, so here it is:
6183536_1
One can absolutely shine in all their obsessive-compulsive glory when talking cleaning habits; my record cleaning regime may not be yours, but if you’ve made it this far, you must be interested. Make no mistake, ideally, I’d prefer to never clean a record. If it was purchased new and handled properly, there shouldn’t be any need to. But my records are road-hardened. It’s time to clean!

The solution: Guess what’s the most effective cleaning chemical in the world? Water! Yep, all the other stuff – surfactants – just help water do its job. I use a 3:1 mix of distilled water and 91% isopropyl alcohol as the base, and add a minute amount of Dawn dishwashing liquid, and Photoflo, a Kodak “wetting” agent, which helps the water spread across the vinyl as well as aide in drying. Isopropyl Alcohol is a solvent for cutting grease, aka finger prints, and dries quickly. While some consider this controversial, it’s diluted, and PVC is thermally bonded. Plus, it’s only on the record for a few minutes at most.

The tools: I use a flat paint brush to scrub the records on my lazy susan, and a 4″ sponge brush to rinse the records. The Vinyl Vac and a shop vac dry the records. After vacuuming, I let them air dry for a short while, before I return them into the sleeve.

The process: Here’s the video.

The result? The records that needed cleaning are now clean. It’s mostly a one and done process, as I don’t expect them to get dirty again. Yes, it’s a lot of work, but these are my records, scratches, scuffs and all.

ssl 24/7

While I’ve had ssl on my website for sometime (for anything login related), I had never enabled it by default. First, I had to install the patch the Video Filter module to work with https connections to Youtube. Then, using the developers tools built into Chrome, I found I had a http link to a Facebook logo (I have no idea why it isn’t local). That had to be fixed in the site’s theme. Finally, I found I had the remnants of ShareThis in a block. Although I deleted the module eons ago, I forgot about the block (which is how it appears on a page). Thankfully, those developer tools in Chrome made it plain as day. Now that all that was fixed, I edited the .htaccess file for the site, and entered the following to force https connections. (Remember to restart Apache after you edit .htaccess.)

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://mywebsite.com/$1 [R,L]

With a free certificate from Let’s Encrypt, why not enable ssl. Oddly enough, only Chrome, Firefox and Microsoft browsers make it obvious when your connection to a website is secure. What’s up with that Apple?

the book is finished

I finished writing my book: 632 pages. All text. No pictures. Yep, lots of words. It’s a record guide, so non-fiction, but lots of facts. And my audience (mostly old white men) are very picky about getting facts correct, like “It was ‘THE Fountain of Salmacis,’ not ‘Fountain of Salmacis.'” Anyway, I’ve spent the last few months proof reading and fact-checking those 632 pages. Boring, tedious, but being who I am, I just had to get it done. Letting go — knowing when to stop checking-as well as stop writing — was even more difficult.

Anyway, the book is self-published (more below), which means, despite a few kind souls that helped with fact-checking, and a younger soul that I paid to edit my non-final text, and my wife, bless her soul, it was really down to ME to get everything correct. I wonder if a “traditional” publisher could have offered more?

The first edition was published in 2007. Hard to think it was a decade ago, my kids were just babies then. Social media was too! Now, I have soo many options now to market the book, it’s exciting. Foremost, the book doesn’t suck (to borrow a Cubs’s manager Joe Maddon phrase), in fact, for the topic, it’s pretty darn good. And with all the fact checking, those few nasty Amazon reviewers will have NOTHING to bark about. Heck, maybe some adventurous young white men may even want to read it!

I sold 3,000 copies of my first book via Lulu.com. One day, after the book had been in print for a couple of years, sales stopped. That normal November, December surge of 40 books fell to zero. So, rather than argue “what happened to the sales,” I withdrew it from print. As the next edition was readying for sale, I looked at alternatives to Lulu. I found CreateSpace.com, an Amazon company. The process of approving a title is a little more clunky (CreateSpace must do something manually because it takes 24 hours once you submit files), but here’s the slam dunk for CreateSpace:

I’m going to retail the book for $34.95. For direct print sales — someone clicking on my link to buy the book at Lulu.com — my royalty is almost 30%, which is great. But the sales through Amazon — so-called retail print-where 99% of people will buy my book — I just can’t accept $2.67 per copy. And if I were to lower the price of the book, say discount it to $29.95, that rate drops to $0.67!

Enter CreateSpace: Perhaps(?) because it’s an Amazon company, I can earn that 30% on those retail print Amazon sales, which also includes the UK and the EU. The print book isn’t as high quality as Lulu, but each copy costs me $5.00 less to buy outright and I make more money on each sale. Well, not that much worse quality then!

It’s not like I wrote 632 pages for anything but the love of music. But I’ve easily shelled out $2000 for editor, images, art, transcriptions, press, promo copies, postage, etc — let alone the money I’ve spent buying the music that the book covers. And after recouping those expenses, I’d like a little slush fund to buy a few “holy grails” for my collection …at least until I get an IRS form 1099 from CreateSpace to file with my income taxes next year. Ugh.

Buy your copy here: The Strawberry Bricks Guide to Progressive Rock