the itjerk

my adventures with technology

uncomplicated firewall (ufw)

RoonUFW
I run a Roon Server or “Core” on my Ubuntu box to supply music to various endpoints on my local subnet. Because the computer also has a window to the outside world, I run a firewall, ufw. Like its namesake, it’s easy to configure, you can get the basics here. Anyway, I need to open a few ports so Roon Server can be discovered on my subnet, by creating an application profile and then adding a rule to the firewall.

First, we’ll create a file “roon” in the following location:
$ cd /etc/ufw/applications.d/
$ sudo touch roon
$ sudo nano roon

Here’s what’s in the file:
[Roon]
title=Roon Server
description=Roon Labs Core Music Server
ports=9003/udp|9100:9200/tcp

Note the context of the ports entry: The pipe separates udp from tcp, and ranges are set with a colon (and individual ports with a comma). Once you create the file, you can quickly check syntax by running ufw status, and it will let you know if you made any errors, which is handy. Once that’s created, it’s easy enough to add the rule to ufw, and check status again to see it working:

$ sudo ufw allow from 192.168.1.0/24 to any app roon
$ sudo ufw status

Status: active
To Action From
— —— —-
Roon ALLOW 192.168.1.0/24

I should note that the reason I’m doing this is because Roon doesn’t document what ports need to be open, and I’m having an issue with one piece of hardware being recognized on reboot. There’s probably another series of ports that I need to open up, so having a profile is an easy way to trouble shoot; once I make changes, I can edit the profile then update ufw with the following command:

$ sudo ufw app update Roon

Since Roon uses randomized ports, my interim fix is to allow access to the server from the endpoint in question:

$ sudo ufw allow from [endpoint ip]

Nothing scary here folks, just some computer and network basics.

wireguard vpn

On my to-do list for my newly christened Ubuntu box was to install a VPN. I had previously used OpenVPN-AS (Access Server), which is a lite version (two user) of OpenVPN that uses a web interface for most configuration. I also considered using “regular” OpenVPN but to be honest, there’s a fair amount of work in setting up keys, and I didn’t want to use scripts downloaded from github. Enter WireGuard.

Here’s the pitch. “WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec (and OpenVPN), while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.” In short, it’s easy to configure, lightweight to use, and it’s already in the Ubuntu 20.04LTS repo.

To install WireGuard, we install the program, create keys, configure the virtual network device (wg0), and then configure the client (Android).

#install WireGuard
$ sudo -i
$ apt update && install wireguard

#generate server keys (these are stored in /etc/wireguard/)
$ umask 077; wg genkey | tee privatekey | wg pubkey > publickey
cat publickey

#configure the WireGuard interface wg0 (leaving peer empty for now)
$ cd /etc/wireguard
$ nano wg0.conf

[Interface]
Address = 192.168.6.1/24
SaveConfig = true
ListenPort = [port]
PrivateKey = [server privatekey]

[Peer]
PublicKey = [client publickey]
Allowed IPs = 192.168.6.2/32

#open port on firewall for WireGuard to listen
$ ufw allow [port]/udp

#enable and start Wireguard server
$ sudo systemctl enable wg-quick@wg0
$ sudo systemctl start wg-quick@wg0
$ sudo systemctl status wg-quick@wg0

#now that the service is started, let’s stop it, and configure our client.
#first we create client (keys we’re not going to save them)
$ sudo systemctl stop wg-quick@wg0
$ wg genkey | (
read privk
echo "android-private-key: $privk"
echo "android-public-key: $(echo "$privk" | wg pubkey)"
)

#edit wg0.conf and enter the publickey for your client, then restart WireGuard
$ sudo systemctl start wg-quick@wg0
$ sudo systemctl start wg-quick@wg0

#now let’s create a config_file for the client.
$ exit
$ cd ~/Desktop
$ nano config_file

[Interface]
#client
PrivateKey = [client privatekey]
Address = 192.168.6.2/24

[Peer]
#server
PublicKey = [server publickey]
AllowedIPs = 192.168.6.0/24
Endpoint = [ip or host name]:[port]
PersistentKeepalive = 15

#save the file and generate a qrcode to scan with your phone
$ qrencode -t utf8 < config_file

That’s it! I installed the WireGuard app on my Pixel phone, selected QR code for the connection and scanned the image, then the app asked me to name my new connection. All set, I connected and viola, I have my own VPN server.

Couple of notes. Pay attention to the IP addresses and masks; they must be exact. You can use whatever port you want for WireGuard to listen, and it works well with DuckDNS dynamic hostname. Multiple peers can be configured as well. The Android app could do a better job “hiding” both keys, but there you are.

On the web:
WireGuard

duplicate files

Finding duplicate files is big part of my Ubuntu data cleanup plan. Here’s some tips: Fdupes finds duplicate files via checksum; the first command will summarize what it finds in a recursive search, while the latter will delete the files (N means NO CONFIRMATION!). Warning: there’s no going back! The third command will change the date of pictures to what’s in the jpegs header, for easier sorting.

fdupes -rSm .
fdupes -rdN .
jhead -ft *

microsoft surface go 4/64

I have had a Microsoft Surface Pro 3 for quite a few years now. It’s a “hand-me-down” from work, that gives me access to Active Directory, etc. when I’m not in the office. Nice computer, but it’s showing its age, type pad is glitchy, front camera doesn’t work – but what do you expect for free?

I’ve been using that and what amounts to be a terrible tablet (Lenovo Tab 7) – painfully slow, always needs updates, poor battery life – in my man cave for running Roon controller, and that old Surface for running REW, Room EQ Wizard software. Here’s the thing. This room is my sanctuary. Once I’m at home, I leave my phone in the kitchen, not to be bothered. I want to sit in the sweet spot when I play digital music, and not get up; one must get up to play vinyl! So, the desktops won’t do. Plus, I need the portability of a notebook or laptop for room correction. So having a Windows computer that can do all that, and a few other things – having a working webcam – is a real bonus. Yes, the itjerk loves Windows, and that old Surface.

IMG_20200428_142828
I looked on CDWG’s site and found the Microsoft Surface Go 10″ Pentium Gold 4415Y 4GB RAM 64GB EDU in stock for $390. Wow. In stock! Plus, as an EDU edition it comes with a license for Windows 10 Pro. So a couple days later, here I am settling in with my new Go. It’s very elegant hardware, with a screen that’s great on my eyes, though maybe a bit small. But the kickstand and touch screen are fantastic! I didn’t initially get the cover type pad, but will, eventually.

The Surface Go was only current to Windows build 1809, which meant a ton of updates. I know what I’m getting into with a Pentium with 4GB RAM. It’s just fine to run a few applications and surf the web; after all, I’m not planning on using Adobe Creative Cloud on it. But updating to the current 1909 build took a long time. The tablet has one USB-C port and one 3.5mm audio out – minimal to say the least. Thankfully it doesn’t use that USB-C for charging; speaking of which, that’s one universal ding the Surface Go gets – battery life. Another thing to look out for is disk space. 64GB is pretty paltry, especially considering I only had 14.5GB free after all those updates (though running Disk Cleanup freed 38GB, including 32GB from the Previous Windows version). TGFTC? (Thank God For The Cloud)!

All in all, it’s great solution because as a Windows notebook, I can do more than I could with an Android tablet, and as a tablet it’s much more convenient and less expensive than a notebook.

One the web:
Meet Surface Go – Portable Power – Microsoft Surface

ubuntu 20.04 lts

Yes, the latest LTS distribution of Ubuntu, 20.04 aka Focal Fossa, has been released. I’m raring to upgrade my desktop but there’s always a bit of work involved. Of course, with the COVID-19 pandemic in full swing, I’ve got plenty of time on my hands. But a few other things first. Watch this space.

Here’s my thoughts:
1. I need my Ubuntu server to be dedicated to music (and video); that’s why I got into the Linux game in the first place, and I’m all-in with Roon. I’ll do a clean install of 20.04, get 99% of it setup in no time at all.
2. The local copy of my production website(s) needs to go to a virtual machine. Great solution to a small problem.
3. Backup for photos and documents. Why not pay for a cloud service? I don’t like the idea of having a few hard drives laying around, I’m too OCD for that. Get it organized, put it in the cloud.

Now that’s a plan.

farewell, dvd?

I have some DVDs. I don’t know what to do with them. Playing DVDs is passé, right? Everyone has at least a couple services they subscribe to (we have Netflix and Amazon Prime), and everything is on Youtube anyway. But I thought maybe I could rip them to my computer.

In order to rip them to disk, I first installed libdvd-pkg (which allows Ubuntu to decrypt and play DVDs), configured it, and finally installed Handbrake, which is the software that rips the DVDs. Easily done from the command line:
sudo apt-get update
sudo apt-get install libdvd-pkg
sudo dpkg-reconfigure libdvd-pkg
sudo apt-get install handbrake

Ripping DVDs takes a time – it’s pretty much in real time, a rather boring, cpu-intensive and disk-intensive chore. Then, what do I do with all these gigabytes on my drive? I’m not watching them on my computer, no, that’s passé too.
yessongs
Step in VLC media player. Under Playback>Renderer lo and behold I find my Vizio TV. Now I’m Chromecasting away… as long as port 8010 is open!

Another physical format bites the dust.

covid-19

We have entered uncharted territories with COVID-19, as the threat is serious for the elderly and those with underlying conditions. Let’s all do our part to “flatten the curve.” As most everyone is out of school, work, etc., here’s some tips I shared at work, slightly modified for your work from home (WFH) experience.

  • Ensure your laptop or home computer is updated and in good working condition, with the appropriate drive and VPN software installed. Battery not holding a charge? Buy a new one!
  • Work from the Cloud. Use Google Drive, Box, Dropbox, OneDrive, etc. to have access/share your files and data from wherever you may be. Remember, best to use whatever service your organization subscribes to.
  • Export your bookmarks from your work or office computer. Use a single browser exclusively for work on your home computer. And remember, when your work VPN is on, it’s exactly like you’re at the office (remember NSFW).
  • Have a business/team/group continuity plan in place, including a calling tree, and make sure it is up to date.
  • CLEAN YOUR KEYBOARD AND MOUSE. Paper towels and 70% EtOH are effective cleaning and disinfecting them. Avoid using your keyboard and mouse while eating, and wear gloves if you need to share your workstation.
  • Prioritize. Some things can wait and don’t be afraid to say “no.”

Stay safe everyone. We’ll get through this!

spotify

rekkids

I come from the age of vinyl. I love my physical formats. Mix tapes, not playlists. I never really considered paid streaming services, mainly because I own all the music I listen to. But things change… When we purchased our new vehicle, we were presented with the convenience of bluetooth. My daughters had been using Spotify for years, albeit with “free” accounts. They’re really not into music that much, so I guess not being able to skip songs and having to listen to ads are no big deal – much like when I was younger, back in the days of FM radio.

Anyway, we purchased a Spotify “Premium Family” plan for $15/month (with the first three (3) months free). It allows up to six (6) family members the ability to play any song ad-free, any time, with the added convenience of offline listening. The last item is key, because it avoids data charges when not on wifi or ethernet – like in the car. So, at the cost of roughly one (1) new CD per month, Spotify is not only inexpensive, it’s good for everyone in my family.

So how’s Spotify?

1. Foremost, the vast majority of artists don’t earn much by having their music streamed on Spotify. Why? Spotify pays out their revenue “pro-rata” vs “user-centric” – the more streams one has, the bigger piece of the total Spotify revenue pie one earns, as opposed to the latter method, where my $15 would be split among what my family listened to that month. There are a lot of arguments, moral and otherwise, around this, and I’ll save that for another post. But make no mistake, if you want to support musicians, go see them live and buy their merchandise with cash. Period.

2. The Spotify app for Android is the worst app of all time. I can’t say anything good about it, other than it works. You’d think being the single point of contact between the company and its consumers, that Spotify would put some effort into the app, you know, a better user interface, personalization options, alternate layouts, etc. Nothing. Total crap.

3. Spotify works with bluetooth. I don’t really listen to music directly on my phone or my computer(s), but I can stream to the car’s radio, my Google Nest Mini, my kid’s Google Home Mini’s (if I really want to pester them) and my Hifiberry. I imagine there’s no need for a portable MP3 player either with Spotify, phones have plenty of storage these days. Also, Spotify does not integrate with Roon, the music management software I use in my house. Why? My guess is the terrible sound quality Spotify serves would be even more terrible on a great hifi. But there are other services that offer high-quality streaming.

4. It’s all about selection. As an aficionado of a rather specialized genre of music, I am astounded at what’s available on Spotify. Japan’s Flower Travellin’ Band, Wales’ Man, Finland’s Tasavallan Presidentti are right beside the catalog favorites (Yes, Genesis, Renaissance) and classic rock I would expect to find. But what’s most frightening, is that it’s all there – there’s no need to buy anything. For a guy that spent decades hunting dusty record bins for every rarity he could find, just about everything, right there, instantly, for $15 a month. Wow.

5. Whatever your take on it, paid streaming services are the future. That’s the big curve of technology – from recording, to physical format, the internet, data files, wireless and now streaming – all the part of one big continuously evolving arc. And in addition to Spotify, Amazon, Apple Music, Deezer, Google Play Music, I Heart Radio, Pandora, Qobuz, and Tidal are ready for you to sign up.

The future now. A big, endless plate of all you can eat music.

Spotify

the joy of a very good wireless router

img23

Wifi in the home has been wanting for some time now, so I went to my local Microcenter and purchased an Orbi System from Netgear. It was model RBK20W and was a whopping $173.99. So what is it? Orbi is a “Whole Home Mesh WiFi System” – fancy term for a router and a wall plug Satellite. It’s good for 3500 sq feet, which is enough to cover the three floors in my house. I did a perfunctory review-check and CNET rated it highly. FWIW…

What sold me on it was this: the two pieces of hardware actually “sync” to form one unified network throughout my home. That’s great news, because those wifi-extenders I was using didn’t really work that well. In certain rooms, we would need to toggle our wifi to get it working, and the issues I have had with the Google Home/Nest Minis may also be related.

Anyway, setup was a breeze because the Orbi has browser-based configuration, a big plus over using an app, and another selling point. After a quick firmware update, I setup my WAN, LAN, DNS servers and SSIDs for both wifi and Guest-wifi. I did need to go into my U-verse modem and mark the new router for DMZ services. One niggle, I had to buy a switch because the router has only one (1) ethernet port.

All seems pretty good, I did check “beam forming” to boost quality, and did move the satellite’s placement. The web interface does have a very graphic display detailing Attached Devices to the router, including which access point it’s connected to. It also allows device annotation and is great for seeing exactly what’s connected in my home. Happy wifi days ahead? We can hope!

One the web:
Orbi Wifi System (RBK20W)

android file transfer

Happy New Year!
When the year changes, I make a concerted effort to backup and archive my digitalia. While some backups are easily defined, others are becoming more and more cumbersome – mainly the thousands of photos on my phone. What to do? Google no longer syncs my photos to my computer. Do I really want to leave them on Google cloud forever? This actually works:

1. Unlock your phone.
2. With a USB cable, connect your phone to your computer.
3. On your phone, tap the “Charging this device via USB” notification. Under “Use USB for,” select File Transfer.
4. A file transfer window will open on your computer. Use it to drag files.
5. When you’re done, eject your phone from Windows.
6. Unplug the USB cable.

Another recommendation: Completely clear your browsers of everything, cookies, saved info, etc. Sure it’s a pain to log back into everywhere, but that doesn’t stop this from being a good idea.