Skip to content.

A Note About Website Navigation

Skip to main menu.

For users of screen readers, depending on the screen resolution, the two checkboxes are for opening and closing the side menus that appear to the left and right side of the screen. This is designed both for large screens and for mobile devices with a touch screen. Checking either the main menu or sidebar checkboxes causes the menu to open from the left or right side of the screen, respectively. Clearing the checkox in either the main menu or sidebar closes the menu. The checkboxes are visible to screen readers such as JAWS and NVDA for Windows, Voiceover for Mac, and Orca screen reader for Linux. When a screen reader says "clickable" for both main menu and sidebar, that is for the respective checkboxes. End of explaination.

List of Blog Posts

Vim: How to Delete Text Enclosed In Quotes

Instructions

Navigate to the first character after the quote/double-quote and type the following in Vim:

di"

This is useful if you have something like the following:

{
    "title": "Vim: How to Delete Text Enclosed In Quotes",
    "permalink": "vim-how-to-delete-text-enclosed-in-quotes",
    "published": "2023-08-12 14:00",
    "categoryIDs": "5,5:0,5:1,5:5",
    "description": "In Vim, 'di\"' is the one to use for deleting text in quotes.",
    "thumbnail": "",
    "smallimage": "",
    "largeimage": ""
}
So, to navigate to the first character that starts with a double-quote, simply type /"e; and the insertion point will highlight the double-quote. To get to the next double-quote, press the n key again until you get to the one you want. After that, press the l key to move to the first character and type the following:

di"

The output will be as follows:

{
    "title": "",
    "permalink": "vim-how-to-delete-text-enclosed-in-quotes",
    "published": "2023-08-12 14:00",
    "categoryIDs": "5,5:0,5:1,5:5",
    "description": "In Vim, 'di\"' is the one to use for deleting text in quotes.",
    "thumbnail": "",
    "smallimage": "",
    "largeimage": ""
}

And now, you can type whatever you want by pressing the i key on your keyboard. Press the ESC (escape) key to get out of INSERT mode and back into normal mode. To save changes and quit the Vim text editor, type :wq.

Bonus: If you have delimiters with quotes while writing the code such as:

"This is some \"quote\"!"

Vim will automatically delete the delimiters with quotes along with them, so performing di" will delete everything that is in between quotes.

""

And you do not need to be inside quotes in order to delete inside the quotes! How cool is that? *grinning face*

Oh, and you can also use the "change inside" sequence as well:

ci"
This puts you into INSERT mode so you can type text inside quotes.

Audience

This is for Linux users experienced in using the Vim text editor. Vim users should already know the basics such as :q! for quitting the text editor without saving changes, :wq for saving changes and quitting the text editor, i for going into INSERT mode and use the ESC (escape) key to get back into normal mode. All keyboard commands are beyond the scope of this short article that I wrote.

Conclusion

Hopefully this keyboard command can be of help to you. If you are a Linux user, please give Vim a try.

Original Source

In Vim, how can I delete everything between quotes including the quotes?

Note that I was searching for information about deleting text inside quotes and not including the quotes.


Article published: 2023-08-12 14:00

Categories: The World of Computers, Computers, Information Technology, Scripting and Programming

How To List All SELinux Contexts

Audience and Prerequisites

This is intended for Linux users who have experience working with the command line. You should be running any Red Hat-based distributions such as Rocky Linux, AlmaLinux, or Oracle Linux. CentOS Stream is not a candidate for taking the RHCSA (Red Hat Certified System Administrator) exam. A lot of people in the Linux community are not happy about Red Hat discontinuing support for CentOS 8 and now Red Hat does not want source code to be available for everyone, including Rocky Linux and AlmaLinux. Enough with wordy paragraphs! We don't want anyone to scroll down too much in order to get to the most important part! Let's get into the command line, shall we?

Oh, please pardon me for boring you with this, but I almost forgot. This article assumes that you are logged in as a root user. This is bad security practice in the production environment, but in the exam, it's okay to be root. If you break it, you fix it and that will count against your time in the exam. But the important thing is that you must come up with solutions as fast as possible. Of course, don't be in a hurry in such a way that you will fail the exam. Okay, enough already! Let's get in with it! *grinning face*

Type: File Contexts

The command for listing all available SELinux type contexts is:

seinfo -t

The command for listing only the type contexts that relate to the web server:

seinfo -t | grep httpd

So, you searched for anything related to httpd and you came across httpd_sys_content_t. You need to specify a directory to host your content other than in /var/www. To add the type context to a directory, the command will be as follows:

semanage fcontext -a -t httpd_sys_content_t "/data/nas/www(/.*)?"
restorecon /data/nas/www

Longer version:

semanage fcontext --add --type httpd_sys_content_t "/data/nas/www(/.*)?"

The seinfo command is the SELinux policy information tool, semanage is a SELinux policy management tool, and restorecon is for restoring default SELinux security contexts to files and directories. The "type" contexts is the only one to be to be concerned about when studying for any Linux exams, such as RHCSA (Red Hat Certified System Administrator).

As for (/.*)?, that's called a regular expression. This is for setting any subdirectories and files with the same context as the main directory. Try to remember this in the RHCSA exam: open parenthesis, forward slash, period, asterisk, close parenthesis, question mark, and that's about it. The only thing to remember is to have the entire path along with the symbols in double quotes. In the RHCSA exam, you have access to the man pages, so take advantage of that whenever possible.

For users of NVDA screen reader (Non-Visual Desktop Access), NVDA does not speak a question mark such as CTRL+? (control plus question mark). I do not know if this is a bug in the screen reader or if this is intentional, but at least it's all I can do to help out if screen readers ignore question marks. That symbol is an important part of a regular expression, so it needs to be translated to words. Hopefully I can be of help.

Type: Contexts for Ports

What about ports? If you modify the port number in SSH configuration file (/etc/ssh/sshd_config) and you restart the service (systemctl restart sshd), even if you configure the firewall to allow a different port number (example: firewall-cmd --add-port 12345 --permanent), you won't be able to SSH into your server because SELinux gets in the way! It's easy to disable SELinux if you do not mind exposing your server to outside security risks, but when studying for the exam, it's important to never disable SELinux. Instead, let's search for port-related contexts.

Let's search for any services that have a phrase "port" for any type contexts:

seinfo -t | grep port

You should get a list of services. Let's narrow it down to SSH:

seinfo -t | grep port | grep ssh

Ah ha! There it is. It's ssh_port_t. Of course, I could also type the following:

seinfo -t | grep ssh_port

And that should give me the same output. So, let's configure SELinux to allow TCP port 12345 so that we can SSH into our Linux server.

semanage port -a -t ssh_port_t -p tcp 12345

And there you have it! You should now login to your server using SSH.

ssh -p 12345 username@servernameoripaddress

Of course, if you want to search for other services, such as Postfix:

seinfo -t | grep postfix

Oh, wow! So many contexts to choose from! But aren't we looking for port-related contexts?

seinfo -t | grep port | grep postfix

Hmm... There are no port-related contexts related to Postfix. Of course, what we do want is SMTP, which is port 25 by default, so let's narrow it down to just "port" and "SMTP" (all lowercase, of course).

seinfo -t | grep port | grep smtp
# or "seinfo -t | grep smtp_port" (without quotes)

And you should get smtp_port_t. However, configuring an SMTP server is beyond the scope of this tutorial about viewing the list of available contexts. Plus, configuring firewalls and enabling/starting services in a Linux server is also beyond the scope as well.

What Packages Provides seinfo and semanage?

dnf whatprovides */seinfo

The asterisk represents a wildcard, so this would assume that we do not know the full path to seinfo command. That dnf command, when executed, reveals a package called setools-console. So, so install setools-console, just use the dnf install command as follows:

dnf install setools-console

The same is for semanage:

dnf whatprovides */semanage
dnf install policycoreutils-python-utils

That package policycoreutils-python-utils is so wordy, isn't it? *smile* Don't stress over trying to remember that package name in the exam and in the real world.

Conclusion

I hope I can be of help to anyone studying for RHCSA exam. Hopefully you should be able to know how to set SELinux type contexts for directories and ports. If you are not taking an exam (you should if you want to further your career in Linux and Information Technology), I hope I can be of help as well! Have fun administrating your Linux servers!

And yes, I could have used emojis, but screen readers come first! *smile*


Article published: 2023-08-12 13:10

Categories: The World of Computers, Computers, Information Technology, Security

Having Trouble Upgrading Nobara Linux? It Could be the Problematic GPG Keys

Prerequisites

This article is for Linux users who have hands-on experience working with the command line.

Instructions

Open the terminal in GNOME (Konsole in KDE) and type in the following commands as root:

sudo dnf update fedora-gpg-keys --nogpgcheck --refresh
sudo dnf update nobara-gpg-keys --nogpgcheck --refresh

Press ENTER, enter the user password (if prompted), and let the updater take care of the rest.

Example Error Messages

This is when I tried to see if there are any packages available and I came across the messages:

...
GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-nobara-appstream-pubkey.gpg (0x0FE970A2) is already installed
The GPG keys listed for the "nobara-appstream" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: dkms-nvidia-3:535.86.05-1.fc38.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-nobara-appstream-pubkey.gpg
Public key for mesa-dri-drivers-23.1.3-2.fc38.i686.rpm is not installed. Failing package is: mesa-dri-drivers-23.1.3-2.fc38.i686
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-nobara-appstream-pubkey.gpg
Public key for mesa-dri-drivers-23.1.3-2.fc38.x86_64.rpm is not installed. Failing package is: mesa-dri-drivers-23.1.3-2.fc38.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-nobara-appstream-pubkey.gpg
...

Frankly, I'm not too sure how I am getting this error messages.

Frequently Asked Questions

What is Nobara Linux?

Nobara Linux is an operating system that is suited for gamers and content creators. Nobara makes it easy for point-and-click users to install software such as Blender and OBS as well as installing proprietary drivers for hardware such as NVIDIA GeForce GPUs or any wireless adapters that do not work with Linux out of the box.

What is GPG?

GPG (or GNU Privacy Guard) is used by various Linux distributions for verifying packages such as Steam, Blender, OBS, the Linux kernel, and so many other packages. Without a signature of any kind, any threat actors can push a package to a repository that can load any malicious software (malware) into your computer (even if the name of the package is Blender). GPG is also used for encrypting files and directories. The three letters (GNU) for GNU Privacy Guard is a recursive acronym for GNU is Not Unix.

How did you find out the commands?

While getting these error messages when I do a dnf update, a search led me to a thread in Reddit where someone had a different problem than mine. I tried the commands that bypasses the GPG checks and it worked! By "different," I meant that poorly-formatted error message with <br /> (line break) tags that have a completely different error message than mine. For web accessibility enthusiasts, this fails WCAG 2.0 Success Criteron 1.3.1 (info and relationship) and 4.1.1 (parsing). It seems Reddit did not parse the text as HTML. The error message in Reddit is as follows (not mine):

Invalid package file:

package mesa-vulkan-drivers-23.2.0-git.20230714.27d30fe.fc38.i686 cannot be verified and repo nobara-appstream is GPG enabled: /var/cache/PackageKit/38/metadata/nobara-appstream-38-x86_64/packages/mesa-vulkan-drivers-23.2.0-git.20230714.27d30fe.fc38.i686.rpm could not be verified.

Conclusion

The issue is resolved in my end and I can go about my day. Hopefully yours should be fixed as well if you are currently running Nobara Linux. Happy gaming and content creating!


Article published: 2023-07-24 16:27

Categories: The World of Computers, Computers, Information Technology

Use $HOME, not /home/$USER in BASH scripts

Audience

This article is for experienced Linux users who are familar with environment variables such as $HOME and $USER. These are the Linux users who are familiar with the command line.

Problem and Solution

Here is an example not to use /home/$USER:

[gpeddie-games@epcotcenter ~]$ su - gpadmin
Password: 
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
touch: cannot touch '/home/gpadmin/Templates/Text file': No such file or directory
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
-bash: /home/gpadmin/.local/share/DaVinciResolve/configs/.version: No such file or directory
Welcome. All activities monitored at all times.
Unauthorized access is strictly prohibited.
gpadmin@epcotcenter 
  ~
$

And here's the script (/etc/profile) that illustrates an example:

# fix gnome missing 'New file' option
if [ ! -f /home/$USER/Templates/"Text file" ]
then
    mkdir -p /home/$USER/Templates
    touch /home/$USER/Templates/"Text file"
fi

# ...

# this is a hack to bypass the Davinci Resolve new install Welcome/Onboarding screen since it does not render properly and is not required.
if [ ! -f /home/$USER/.local/share/DaVinciResolve/configs/.version ];then
    mkdir -p /home/$USER/.local/share/DaVinciResolve/configs/
    echo "Onboarding.Version=10" > /home/$USER/.local/share/DaVinciResolve/configs/.version
fi

To fix this issue, simply replace all instances of /home/$USER with $HOME. I am familiar with a text editor called Vim. It's a program that runs inside a terminal, similar to the Command Prompt or PowerShell in Windows.

Before we proceed any further, let's create a backup copy of /etc/profile:

sudo cp /etc/profile /etc/profile.bak

If anything goes wrong, you now have a backup. You can simply use the cp (copy) command to restore from the backup. Now let's begin.

  1. First, open the Terminal (Konsole in KDE).

  2. As root (or with sudo privileges), type the following command:

    sudo vim /etc/profile
  3. Type in the following command, starting with a colon:

    :%s/\/home\/$USER/$HOME/g

    The syntax for search and replace in Vim is as follows:

    :%s/search/replace/g

    Let's not concern ourselves with g at the end for now. Basically this command replaces "search" with the next text "replace." In other words, we want to replace /home/$USER with $HOME.

    Let's have a look at the script again:

    # fix gnome missing 'New file' option
    if [ ! -f $HOME/Templates/"Text file" ]
    then
        mkdir -p $HOME/Templates
        touch $HOME/Templates/"Text file"
    fi
    
    # ...
    
    # this is a hack to bypass the Davinci Resolve new install Welcome/Onboarding screen since it does not render properly and is not required.
    if [ ! -f $HOME/.local/share/DaVinciResolve/configs/.version ];then
        mkdir -p $HOME/.local/share/DaVinciResolve/configs/
        echo "Onboarding.Version=10" > $HOME/.local/share/DaVinciResolve/configs/.version
    fi

    So why would we want to replace /home/$USER with $HOME? That /home/$USER should still work!

    Let's look at the output again after we save the changes.

  4. Save the changes to the /etc/profile file.

    :wq

    A : begins a command. w writes changes to the file and q quits Vim

    If you don't want to make changes to the file, then all you have to do is type :q! to exit without saving any changes.

As I mentioned, let's look at the output again when I log into my administrator account from a user account.

[gpeddie-games@epcotcenter ~]$ su - gpadmin
Password:
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
touch: cannot touch '/home/gpadmin/Templates/Text file': No such file or directory
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
-bash: /home/gpadmin/.local/share/DaVinciResolve/configs/.version: No such file or directory
Welcome. All activities monitored at all times.
Unauthorized access is strictly prohibited.
gpadmin@epcotcenter
  ~
$

Now, let's see the new output when I log back in as an administrator.

[gpeddie-games@epcotcenter ~]$ su - gpadmin
Password: 
Last login: Sat Mar 18 11:13:52 EDT 2023 on pts/0
Welcome. All activities monitored at all times.
Unauthorized access is strictly prohibited.
gpadmin@epcotcenter 
  ~
$

I have covered more explanation regarding how this works and I have discussed a scenario in my article.


Article published: 2023-03-18 15:37

Categories: The World of Computers, Computers, Information Technology, Scripting and Programming

Need a Command Line-based File Manager for Linux?

Audience

This short article is intended for Linux users who are both familiar with the command line and a terminal-based text editor called vim.

For blind users, I don't believe the ranger program is accessible for screen readers. Probably not even in VoiceOver for Mac. For file management tasks, if only the Mac's Finder could support SSH's Secure Copy Protocol (scp for short) or SSHFS (Secure Sheel File System). Third-party applications will have to be installed. I do have brew installed for installing homebrew applications tAhat run Linux-like applications in a Mac, but Brew does not support Mac OS 13 (pre-release). I think the problem with ranger is that VoiceOver for Mac does not read the currently highlighted directory or file that I currently select.

Keyboard Commands for ranger:

Key: h, j, k, l
Left, down, up, and right. Basic commands similar to Vim and Vi. You can also use arrow keys if you want to! Arrow keys work in Vim as well.
Key: yy and pp
Copy and paste a file or directory.
Key: gg
Go to the beginning of the list of files or directories (typing g once instead of twice opens the list of available commands; type g again and it should move the selector to the top of the list).
Key: G
Go to the end of the list of files or directories.
Key: Enter
Depending on the file associations, opening an HTML file opens w3m and opening a JSON file opens a text editor such as Vim.
Key: F4 (function key)
Opens a text editor for a selected file.
Key: r
Open with: (Type the name of the program you want to open with.)
Key: spacebar
Select multiple files or directories. This is useful when copying files or directories in bulk.
Key: q
Quit ranger.
Command: :search <filename>
Searches for a file. Replace <filename< with the name of the file you are looking for.

Additional details for ranger can be found by visiting the ArchWiki page.

Install ranger:

For Fedora/Red Hat-based Linux distributions:

sudo dnf install ranger

Replace dnf with yum if you are running an older version of Red Hat-based Linux distribution.

For Debian/Ubuntu-based Linux distributions:

sudo apt install ranger

For those who use Arch Linux (if you use Arch Linux, I'm going to assume you know the commands for installing and updating packages. Explaining flags for pacman is beyond the scope of my article.):

sudo pacman -Syu ranger

Why choose ranger as a terminal-based file manager?

I need a way to copy and paste files into multiple directories. I can do it via the command line, but I can be very lazy with typing the names of directories. With a new flat-file CMS (Content Management System), I had a new blog setup and I needed to import all of my posts from ClassicPress to my new CMS. For creating new posts, I follow the convention where the date comes first before the permalink (yyyymmdd-hhmm-permalink). The following list shows how I break it down.

yyyy
Year: 2023
mm
Month: 02 (February)
hhmm
Hour/Minute: 11:00 (Eastern Time)
permalink
Permalink: need-filemanager-linux

The more I use ranger, the more I begin to fall in love with the program. But if I'm going to be using a screen reader with the screen turned off, this can be a problem for me and even a problem for blind users as well. However, at least ranger saved me from having to type a lot, especially when performing file management tasks. If you are looking for a file management program while working over a secure shell (SSH), give ranger a try. Oh, and the more I discover keyboard commands, the more I add to the list of commands. And of course, the more I enjoy using ranger.


Article published: 2023-02-19 11:15

Categories: The World of Computers, Computers

Backup Your WordPress or ClassicPress Files, Configuration, and Database with a Single Script

Audience and Prerequisites

Skip to scenario if you want to jump into the main article.

This is for anyone who currently host their WordPress or ClassicPress in a virtual private server such as DigitalOcean, Linode, or any other VPS providers. Any Linux user with knowledge of command line can perform backups and restoration tasks. You must be familiar with Linux and you know how to connect to your production server via SSH.

Plus, this article assumes that you have installed and configured WordPress in your VPS server. In addition, this article assumes you can perform basic database administration tasks such as adding a new database along with creating a new user for WordPress or ClassicPress. If your hosting provider provides managed WordPress or ClassicPress hosting, then this article may not apply to you. And because this article is for those who currently run a VPS server, I am going to have to assume that you have some hands-on experience with the Linux command line. This article need not apply to non-technical Linux, Mac, and Windows users. When I say non-technical Linux users, I'm talking about those who wanted to get away from Windows or Mac and simply wanted to use Linux just to browse the Internet and not deal with the command line.

Last, but not least, I am also going to assume that you know how to configure your Apache server as well. Both Apache and NGINX (pronounced Engine-X) configurations won't be covered here, including backing up and copying certificates that you get from your hosting provider.

If you are interested in learning Linux, a tutorial from Guru99 will help get you started on learning Linux.

Are you ready? Then let's get started!

Scenario

You have your own VPS server that is running ClassicPress. Your domain name is exmaple.com and your SSH port number is (insert your TCP port number here). You have a development server for developing your own custom ClassicPress theme and you want to use your development server to backup everything from your production server.


Article published: 2022-11-17 08:47

Categories: The World of Computers, Information Technology, Internet, Networking, Scripting and Programming

Take Me To a Different Part of the World Using a Holodeck

(Grayson sees a tweet from Cycling Professor and watches a video about people enjoying their time and riding their bicycles.) (Alternative text: People are having conversations with others and they have bicycles nearby. Plus, people ride their bicycles with children behind adults. The video was taken place in the city of Houton, in the country of The Netherlands.)

Grayson: (He walks over to the holodeck in U.S.S. Enterprise 1701-D starship.)

Computer, take me to Amsterdam in the Netherlands, 1:00, warm spring day.

Computer: (The computer loads up the city of Amsterdam in The Netherlands)

Program complete, you may enter when ready.

Grayson: (Enters the holodeck, door closes and fades away from behind him)

Computer, can you please make me a tricycle?

Computer: (The computer generated a tricycle.)

Grayson: (He rides a tricycle on the city streets of Amsterdam and is having a whole lot of fun.)

Here is a video of the holodeck in Star Trek: The Next Generation. Closed caption and audio description is not available; however, I can provide alternative text in order to satisfy Web Content Accessibility Guidelines, which satisfies 1.2.1. Basically, Commander Riker asked ensign regarding the location of Commander Data. Ensign asked the computer the location of Commander Data and directs Riker to the holodeck via a series of dots pointing towards the direction of the holodeck. The computer senses Riker's movement and directs him near the door. As he enters the holodeck, the door closed behind him and fades away. As William Riker enters the forest, he travels over the rocks above the river, making sure he does not fall into the water and meets Data. Data walks back along with Commander Riker and that is the end of the YouTube video.

Basically, a holodeck creates an artificial environment. Be it EPCOT Center from the 1980s, Amsterdam during the mid-2020s, a forest from a thousands of years ago, a 24th-century restaurant in the city of Paris (We'll Always Have Paris), or we could even create a simulation of the 24th-century bridge! Of course, if we want to buy a CD in the holodeck of EPCOT Center, try to take that CD right through the door and the CD will disappear right off your hands. If you watch Star Trek: Voyager, you do know that The Doctor is a hologram, right? Let's see if The Doctor can stick his hand through the open door. Basically, after Kes asked "are you sure about that," The Doctor walks towards the door and after the door opens, he puts his hand through the door and parts of his arm diappeared until he pulls his arm back and the hand reappears. The reason The Doctor cannot go through the door is because of the holo-emitters installed in Sick Bay. Another example is a book in the episode of "Ship in a Bottle." Captain Picard throws a book at the door in the holodeck, but the book disappeared because the book is a hologram. Put it simply, everything in a holodeck is a simulation. However, I'm not going to spoil the entire show as I did for the two episodes in my blog post. I wanted to provide alternate text for those who are blind or have low vision.

Oh! How about traveling to Grayton Beach without leaving the house? I would love to do that while in the holodeck!

This image shows Grayson riding a tricycle in Grayton Beach in 2018.

Anyway, I hope you enjoy my blog post. Is it possible if we could build a holodeck in the near future? Time will tell, but I am thinking that once we rid ourselves of the monetary system, anything is possible if we have the technology to build a holographic simulator for the purpose of creating artificial environments.

Please note: Due to Europe's GDPR and cookie laws, I am not able to embed YouTube or Odysee videos. I have decided to take the easy way out by linking to YouTube videos instead. Of course, embedding YouTube or Odysee videos can degrade the performance of my website for mobile users and those with slow connection speeds, so I want to keep my website speedy for everyone. And the best part? No advertisements in my website! 🙂


Article published: 2022-10-22 15:24

Categories: Dreams and Imagination

Need to Change Hostname for Windows Server Domain Controller?

If you promoted your server to a domain controller, you won't be able to change the hostname for Windows Server Domain Controller without inputting commands in the command prompt. Basically, you need to open the command prompt, add a new alternate hostname, make the domain controller your primary hostname, reboot your server, and then remove the old hostname. This is useful if the server's hostname was not changed before the server gets promoted as a domain controller. The order of commands along with the syntax is as follows:

netdom computername oldcomputername.yourlocaldomain.lan /add:newcomputername.yourlocaldomain.lan
netdom computername oldcomputername.yourlocaldomain.lan /makeprimary:newcomputername.yourlocaldomain.lan
shutdown /r /t 0
netdom computername newcomputername.yourlocaldomain.lan /remove:oldcomputername.yourlocaldomain.lan
netdom computername
The command to execute.
oldcomputername
Old hostname (example: WIN-R61PT45).
yourlocaldomain.lan
Local domain name (example: graysonpeddie.lan)
newcomputername
New hostname (example: grayson-dc1)
/add
Adds a new hostname to the domain controller as an alternate hostname. For this example, newcomputername will be added as an alternate hostname for the domain controller.
/makeprimary
Makes a hostname a primary name for the domain controller. newcomputername will be the primary name for the domain controller and the oldcomputername will be the alternate hostname for the domain controller.
/remove
Deletes the hostname from the domain controller. In this case, the /remove flag removes the oldcomputername from the domain controller.
/enumerate
Although not shown in the order of commands above this list of commands, parameters, and flags, this will enumerate the list of hostnames assigned to the domain controller. This flag does not require a parameter, so the colon after the enumerate flag is not needed.
shutdown /r /t 0
This command reboots the server (hence, /r) immediately (/t 0. The /t 0 flag and parameter is a timer.
dcdiag
Not shown in the list of commands above. This command runs a diagnostic for the domain controller to make sure everything in the domain controller is working fine. There might be some errors and warnings, but if computers can login to the domain controller, it should be fine.

Because I did not know the commands myself, I must give credit to "The ICT Guy" (Twitter profile) for writing an article titled Correctly renaming a Domain Controller for a seamless easy migration. That article has been of great help to me since I am testing Windows Server 2016 Essentials edition as part of my virtual homelab setup. For example, I wanted to test the domain joining functionality in macOS and test an Active Directory integration in Nextcloud using an LDAP/AD integration app. LDAP stands for Lightweight Directory Access Protocol and is used for managing users and groups.

I hope I can be of help to Windows administrators.


Article published: 2022-09-25 01:15

Categories: The World of Computers, Information Technology

Pro Tip for Proxmox Users: Using Linux Containers (LXC) For Testing The Ability To Join Linux to an Active Directory?

When creating Linux containers for the purpos of joining them to an Active Directory Domain Controller, make sure the checkbox after the "Unprivileged Container" is unchecked. The "unprivileged container" checkbox is after the "Hostname" edit box. Unprivileged Linux containers won't be able to join to an Active Directory. Essentially, I forgot to uncheck the "Unprivileged Container" and wasted hours of my time, but I consider time well spent when learning the hard way.

Bear in mind that privileged containers are not safe for businesses when it comes to attackers exploiting privileged Linux containers. And yes, it's all about vulnerabilities and exploits when it comes to escaping Linux containers and causing damage to the host; however, for homelab purposes, a privileged Linux container is fine for my needs. If you are concerned about the security of Linux containers, spin up virtual machines instead of Linux containers in Proxmox. Of course, depending on your security hygiene, virtual machines can be as unsafe as privileged and unprivileged Linux containers if you do not have security precautions in place. For more details, learn more about privileged and unprivileged containers.


Article published: 2022-09-22 06:27

Categories: The World of Computers, Computers, Information Technology

How To Change Your Uber Email Address and Password?

Instructions

  1. From your smartphone (not your desktop or laptop computer), open the Uber application.
  2. Tap Account. The Account button is located at the bottom right of your smartphone's screen.
  3. Tap your avatar to the right of your name.
  4. Tap your email address to change your email address. Skip to step 6 if you do not make use of unique email addresses for every account that you signed up for.
  5. Once you change your email address, tap Update. Go into your email account and look for an email from Uber. Enter the verification code that Uber gave you.
  6. Tap your password. You will need to verify your password first before you generate your new password from a password manager.

And you are done! Congratulations! You have successfully changed your unique email address and password! Stay safe!

Here's a link to the full article about why I changed my email address for Uber.


Article published: 2022-09-17 12:16

Categories: The World of Computers, Information Technology, Security

A Nice Home Theater Processor That Makes Me Drool!

Who is this blog article for?

Anyone who is into home theater electronics and those who understand home theater terms such as a home theater receiver, a home theater processor, and eARC. This article is unsuitable for blind users who do not have eyesight.

A Cool New Home Theater Processor!

I received an email from AVSForum about a 9.4.6 Home Theater At CEDIA That You Definitely Don't Want To Miss (that's 9 speakers near the wall, 4 subwoofers (2 front, and 2 rear subwoofers), and 6 ceiling speakers) and I came across a processor that is used at CEDIA called StormAudio ISP Elite MK3, so I went to that page and–wow! A multi-theater processor!!!

Okay, so what does that do? Does the ISP processor... (Interrupted by the "I don't care about cookies" web page as I type. A browser extension in Firefox about getting rid of cookie warnings or cookie notifications in websites opened up a new tab after updating a browser extension as I type. Now I'm getting off-topic. Thanks to you, browser extensions!)

Hah... 😆 Let me get myself back in control of my moment as I write my blog post. Because that cool new home theater processor interests me a lot! 🤣😀

Okay, so what does that new home theater processor do? Does the ISP processor let me have multiple theaters? Yes! That's having two home theater processors in one processor! Okay, let me explain. Most people that have a surround sound system typically have a home theater receiver with amplifiers built-in. A processor does not have an amplifier, so it needs an external amplifier. An ISP processor can have up to 32 channels of audio. That's 32 speakers. What!? 32 speakers!? Yes. "But you don't need 32 speakers–let alone 4 or 8 subwoofers for a dedicated home theater room," you exclaimed. That's true, but that's not the point. Think about AMC Theatres. If you have been to a movie theater, you know AMC Theatres has so many auditoriums, right? Think about just one device that can connect to 16 speakers per theater room. Actually, commercial movie theaters do have multiple rows of surround speakers. Each row of surround speakers can be located to the left and right side of the room and can surround multiple rows of seating. Of course, that can be done using a StormAudio ISP processor, but that's not what I am interested in.

What piked my interest is the multi-theater feature of the StormAudio ISP MK3 processor. This would allow me to assign 16 channels of audio to a dedicated home theater room and 8 channels of audio to my home office/gaming/studio room. A home theater processor has two HDMI outputs. One HDMI output is linked to the 16 channels for the home theater room. Another 8 or 16 channels of audio (depending on the modules installed in a processor) can go to my home office/gaming/studio room. So people might be thinking "is it possible for a home theater receiver with an integrated amplifier to have 32 channels of amplification?" The problem with that is, the home theater receiver's power supply is very limited in terms of the amount of current that must be pushed from an electrical outlet to the speakers. The receiver can get so hot to the touch even if nothing is playing. That's why going with external amplifiers is better when playing at high volumes. A dedicated home theater room needs to be connected to a dedicated circuit breaker in order to provide enough power to the speakers in a dedicated home theater room. For a computer room, I may not need a lot of power, so a 700w amplifier going into 7 channels (that's 100 watts each per speaker) is more than enough for me.

Although the price of the StormAudio ISP MK3 processor is sky-high, for me, that is similar to buying two cheaper home theater processors, but the cool thing about this is I could have more speakers in a dedicated room and still have leftover for the speakers in the computer room. And I could control the processor to show me a different video source going out to HDMI 2, which is the connector going out to my computer room. If I want to see what's playing in a dedicated movie theater from a computer room, I can do that because the processor acts as a hub. Sure, if I could find a multi-theater processor at a lower price than the StormAudio, that's great, but I get what I pay for. Right now, the MK3 only supports HDMI 2.0, which means I cannot game at 4K (3840x2160) at 120Hz and my TV (Samsung 43" QN90B) supports HDMI 2.1.

I have my PC connected to my TV, then from the TV to an eARC HDMI audio extractor, and then to my Denon AVR-X3400H which does not support eARC. Basically, eARC allows 5.1 or 7.1 surround sound audio to come directly from the TV and the audio passes into a receiver's HDMI out for the receiver to process audio information so that the sound can output through the speakers. But because my home theater receiver does not support eARC, I use an audio extractor (that I linked above) in order to supply audio going out to my receiver. Here's how it works:

  1. "HDMI Out" from an audio extractor connects to my Samsung 43" QN90B's HDMI 3, which lists "eARC." Connecting an audio extractor to HDMI 1, 2, or 4 in the back of my TV won't work as those HDMI ports do not provide eARC support.
  2. "HDMI Audio Out" connects to my Denon AVR-X3400H's audio input. This allows my receiver to process audio that came from my PC that hooks up to my TV's HDMI 2.1 inputs.
  3. "HDMI Input" from an audio extractor connects to my Denon AVR-X3400H's HDMI Output. This allows me to select HDMI3 on my TV. Any video going from my receiver to my TV passes through my audio extractor's HDMI input.

And that's all there is to it! In short, my PC connects to my TV via an HDMI cable, the TV connects to an audio extractor, and an audio extractor connects to my receiver. An HDMI audio extractor avoids having me buy a new receiver. Think about this. Back on late 2018, my Marantz SR-5008 was having issues and the audio continues to make squealing noise after the outbreak of Hurricane Michael. Since January of 2019, I wanted a new receiver. Should I buy a Denon AVR-X3500H which supports eARC or should I buy a Denon X3400H which does not? Back around August of 2013, I bought a 4K-ready receiver, thinking that $900 would give me a much better sound compared to Marantz SR-5007, which was a discontinued model. That's why I bought myself into that "$900" hype! Bad! Bad mistake! So let me ask you this. Would you spend $300 extra just for eARC support? Me? I don't think so. I bought a Denon X3400H just to save $300 in the process. Sure, Amazon mentioned that X3400H is a discontinued model (yes, it "was" as it's past-tense, but let's forget about the tenses for now), but I bought it anyway! Why? So I can quit being a fool! The sound character is the same regardless of whether it's a 2010 model or a 2022 model!

Of course, I've gotten way too far off-topic from my article, but the point is, I'm going to wait for ISP to come out with a new processor that supports HDMI 2.1 such as 4K at 120Hz. 4K at 120 Hz would last for a very long time for me. Maybe a decade? Even if HDMI Alliance (or whatever it's called) upgrades to 8K (a resolution of 7680 by 4320) at 120Hz? Okay, hold on a minute. Today, I don't think modern graphics cards can even handle 4K at 120 frames per second or even at 240 FPS unless people play older games or turn down the graphics settings. I mean, I'm talking Cyberpunk 2077 that can push even an NVIDIA RTX 3090 so hard that gamers can't get more than 90 to 100 frames per second. So, HDMI 2.1 will be with us for a very long period of time. Well, I'm pretty sure that games such as Cyberpunk 2077 could run the GPU (graphics processor unit) down to 20 frames per second or even lower. 😂🙂

Anyway, one day I could save up my money for an awesome StormAudio home theater processor. One day. That is, if I could get into network engineering and make a whole lot of money (I am Cisco CCNA certified as of October 2021; I am CompTIA CySA+ certified as of August 23rd of this year, which renewed my CompTIA A+, Network+, and Security+ certifications).

Related Article:


Article published: 2022-18-19 18:19

Categories: Home Theater

Pro Tip for Proxmox Users: Need to Add Multiple IP Addresses for a Single NIC in LXC?

A Note About Proxmox and LXC (Linux Containers)

For those unfamiliar with LXC and Proxmox, LXC is similar to a virtual machine that runs a guest OS (Windows, Linux, Mac, Android, etc.) but the container part of LXC excludes the core part of the OS and simply provides networking and storage inside a container. Unlike virtual machines, applications inside a container can access resources on a host system directly. Proxmox is a hypervisor for running virtual machines and Linux containers (LXC) in a server hardware.

IP Addresses and Subnetting

Do you need to have multiple IP addresses assigned to a network interface inside an LXC container? In terms of networking, a single NIC can have multiple IP addresses. This is useful if you want to run a single server with multiple websites that have their own IP address. Here's what I mean:

172.20.31.0/23
A small HTML file with a list of websites hosted by the web server.
172.20.31.1/23
A web application running Adminer, a lightweight alternative to phpMyAdmin.
172.20.31.2/23
A development version of my website that mirrors a production version. Anyone who visits my site sees my production version of my website. Once I test the changes I made in the development website, I push the changes up to the production website.
172.20.31.3/23
A custom-built web application for taking notes. Any notes written in HTML gets shown up in the web browser.
172.20.31.4/23
A development version of the note-taking web application taken from 172.20.31.3.

A note for those new to networking: pay attention to the subnet. A slash 23 subnet can start with 172.20.30.1 and ends at 172.20.31.254. Both 172.20.30.255 and 172.20.31.0 are both valid IP addresses. 172.20.30.0 is a network address and 172.20.31.255 is a broadcast address. Cisco has an article about IP addressing and subnetting in order to help you understand how subnetting works. With that out of the way, let's get into configuring a Linux container running in a Proxmox server.


Article published: 2022-06-21 20:22

Categories: The World of Computers, Networking

Who is the Weakest Link In a Cybersecurity Chain? We Are!

I watched the video about whether the ransomware can be stopped and I scrolled down through the comment section. While reading comments, some people are suggesting that we switch to Linux because Linux is more secure compared to Windows. That is true that Linux is inherently secure compared to Windows and Mac; however, what if I were to tell you that if you are running Arch Linux, Fedora, Ubuntu, Solaris, FreeBSD, OpenBSD, Haiku OS, or just about any other operating systems in our planet that you can still fall victim to phishing attacks? If we all switch to a different operating system on a basis that one is more secure compared to other operating systems, then we are forgetting about our weakest link.

Let me ask you again. Who or what is the weakest link in the cybersecurity chain? It's not Windows; we are the ones that need education so we can protect ourselves online.


Article published: 2022-04-17 15:56

Categories: The World of Computers, Security

Dynamically-Resizing Televisions and Monitors

Let me ask you a question. Do you find yourself wanting a larger TV because a movie looks too small? Do you not like black bars above and below the movie that is formatted for ultra-wide screens? Before reading any further, I want to link to an article that talks about aspect ratios. Now, please note that this article will require anyone to have eyesight, so this will not be suitable for those who are using a screen reader. Of course, it might be helpful if anyone who is blind could visualize in their head. Maybe a Braille measuring tape could help?

If a full article interests you, here's my setup of how I use my computer. Having my monitor up close to me is great so I do not have to use a magnifier all the time.

Monitor is very close to me (Grayson Peddie)
This is my setup of how I have my LG 32" 4K monitor close to me. I was watching Security Now! on TWiT.TV while participating on Discord as a member of Club TWiT.

And here's a video with two file formats to choose from. Note that there's no sound. A full article contains contains an alternative text version of the video.


Article published: 2022-01-30 13:33

Categories: Dreams and Imagination, Electronics

Got a new Nintendo Switch Recently? Don't Buy a Cheap MicroSD Card!

After Christmas, I wanted to buy a Nintendo Switch so I can play Breath of the Wild. I wanted to buy a highest capacity MicroSDXC card for Nintendo Swtich that I can afford. So I looked through Amazon and I saw a 512GB MicroSD card for less than $15. The description mentioned Nintendo Switch, so I went ahead and bought the MicroSD card. Once I have a Nintendo Switch in hand, I went ahead and inserted a MicroSD card and decided to install The Legend of Zelda: Breath of the Wild. Later on, I wanted to try Skyward Sword and the data corruption happened. I downloaded the game again and same thing happened again. I then reformatted the MicroSD card and tried to install Skyward Sword, then Breath of the Wild, but then the data corruption happened again as well. This led me to believe that the MicroSD card I bought can only fit one large game at a time. I am able to download small games such as Dragon Quest and Dragon Quest III, but that's about it.

Just because the description says "Nintendo Switch" does not mean it is compatible with Nintendo Switch. There's no review of the card mentioning "Nintendo Switch" until I wrote a review. If you do a search for "Nintendo Switch" (without quotes) in the product page, I am the only one who wrote the review of Nintendo Switch and I gave it a one-star rating. No one has ever written a review of the 512GB MicroSD card for Nintendo Switch except me.

So, I went with a SanDisk 256GB MicroSD card. Yes, it's more expensive, but the truth is, I have not had any problems with two large games and a couple of small games that was downloaded into my SanDisk MicroSD card and I gave it a 5-star rating for that. I wanted the largest capacity I can get, but at the end of the day, I think 256GB is more than adequate for purchasing console-exclusive games for Nintendo Switch.

One game that is not console-exclusive is Dragon Quest XI S, which is available for both Steam for PC and Nintendo Switch. I already have Dragon Quest XI S in my Steam library, so I do not see myself purchasing the game for Nintendo Switch. I have my Switch docked and the dock is hooked up to my home theater receiver, so I can play games on a large screen monitor. And yes, my computer is hooked up to my receiver via HDMI, so I use my computer all the time. If I want to play games that are exclusive to Nintendo Switch, I can switch my receiver to Nintendo Switch. So anyway, I don't care for portability aspect of Nintendo Switch because the screen size is not suitable for my visual impairment.

Should I have went with a 400GB MicroSD card? Yes. However, I've had to ask myself this question: am I going to play games in Nintendo Switch that is available for Steam? The answer is no, which I already covered that in the previous paragraph. So it's only going to be console-exclusive games such as Mario, Zelda, Pokémon, and just about any games that are not available in Steam. If I factor in games that take up to 16GB in disk space, I can only see myself playing 15 large games, which is way more than enough for me. Of course, with a 400GB MicroSD card I would have bumped up to 24 large games. However, I would be looking at spending hundreds of dollars in games before I run out of space in a MicroSD card. I have already spent $120 for two large Zelda games and even Link's Awakening is another $60. Yikes. So yeah, 256GB is more than enough for me for now.

With all that said, you get what you pay for when it comes to pairing a MicroSD card with Nintendo Switch. Don't skimp on a price of a MicroSD card just because you get a much higher capacity for your new Nintendo Switch. Now go play some Zelda games and have fun!


Article published: 2022-01-21 10:34

Categories: Entertainment, Gaming

Internet and Safety: Why Physical Businesses Should Not Require Everyone To Use Internet?

(For my blog post, I want to focus on the audience regarding people who use Internet every single day and knows a lot about cybersecurity. Myself included.)

Imagine a scenario: you went to get your haircut and the place you went to requires you to enter an email address before you get your haircut. Why? Even if I do have a smartphone and I use Internet every single day, why must I put in my email address? For what purpose? To send spam? For businesses, they might say "we respect your privacy and take security seriously," but in my mind, I would say that if an email gets compromised in a data breach, it's more likely that those who are not tech-savvy are more likely to receive spam and phishing emails. Not thinking about security when using the Internet can lead to ransomware and identity theft. They might stop using the computer altogether because of fear of feeling unsafe online.

What is an operating system? Windows? Mac? Linux? What is an email address? What is a "file?" See where I'm going with? What is Android? iPhone? iOS? How do I manage files and folders in my computer? How do I check my email? I hope you get my point.

Okay, so you say that your 90-year-old family member knows how to use the Internet, takes care of security themselves, and I should not overly-generalize myself. Well, that's great, but we should not force everyone to have a smartphone just so they can face dangers lingering in the Internet. I have more details in the full article.


Article published: 2021-10-06 12:00

Categories: The World of Computers, Computers, Security

My Dream Home of the Future: Computer in Server Closet; KVM in Home Office; Home Theater

Home theater rendered in Blender with 3 chairs and cup holders between chairs
This is a rendering of my home theater made in Blender. It has a 200" projection screen, 7.2.4-channel speaker system, and comfy seats with cupholders in between.

I have been watching a couple of YouTube videos of people who want a computer in one room (such as a wiring closet) and a keyboard, video, and mouse (KVM) in a home office. To give you an idea of what I'm talking about, I want to post links to YouTube videos.

Embedding YouTube or Odysee videos will insert a tracking cookie in users' personal computers. As a citizen of the US, I need to follow GDPR if European visitors visit my website. I don't like and want to talk to lawyers to be honest. 🤣😀

As for the video from Linus Tech Tips, I would much rather have a couple of computers rather than single computer that can house a couple of virtual machines running desktop OSes such as Linux and Windows just to make it easier for me. So yeah, a virtual machine is a computer within a computer that can serve different purposes such as running Ubuntu within Windows using VirtualBox or by running Windows OS in a Linux host using KVM or Xen.


Article published: 2021-08-14 17:42

Categories: Dreams and Imagination, Homes and Buildings, Home Theater, The World of Computers, Computers, Networking

Mic Comparison: Shure MX185 Cardioid vs Movo LV8-D Omni-Directional Lavalier Microphone

Here's a link to a video on Odysee's website:

A microphone comparison video that leads to a website for playing a video

Embedding any videos from any external sources will insert tracking cookies in your computer or mobile device so I decided to link a video instead. Even in the US, I have to comply with Europe's GDPR as I want to allow all visitors to visit my site. Inserting any kind of tracking cookies is against my privacy policy. I would like to upload my videos to my website; however, videos take up a lot of space and that's why I uploaded my video regarding the mic comparison to Odysee.

This is a comparison of two lavalier microphones. Recently, I bought a Shure MX185 cardioid lavalier microphone as I want to test if a uni-directional (cardioid) microphone is right for me, especially if I want to test and hear if my AKG K702 headphone leaks sound to my microphone especially for the Zoom meeting. I bought a Movo LV8-D microphone as of late October so I can participate in Zoom meeting that began November of last year. The Zoom meeting I am participating in is Cisco Academy from National Industries for the Blind. I'm studying for Cisco Certified Network Associate certificate (CCNA, for short) and my class ends by the end of August. I asked if students and my instructor can hear any leaks coming from my K702 headphone and they said they did not hear any leaks at all, which is great. However, I have a Sony WX1000XM3 headphone and because of the shape of my headphone, I don't think my hearing aids are picking up any high frequency sounds unlike when I use my AKG open-back headphone.

I plan to ship my Shure microphone back because the uni-direction nature of a lavalier microphone is not for me, especially as I was reading from left to right as i read the script during the recording.

Do note that even though I did cut out a couple of pauses in my audio production software (Ardour), I tend to speak slow as speaking at a moderate speed for more than a minute is not my second nature. As I live in Altha, FL, a rural town in the United States, I've been very lonely a lot even when I go to restaurants with my family. Plus, I did not position the text inside the dialog in the first part of the video correctly. I do not want to waste another 45+ minutes trying to render the entire video using Blender. Although as a Linux user, I could have used KDenLive instead of Blender; however, as Blender is a very easy tool for me to use, I used it for the majority of my video editing. My familiarity with KDenLive is secondary to Blender.

When I zoom in using GNOME Magnifier (Windows key+Alt+8 to activate the magnifier and Windows key+Alt+- or Windows key+Alt+= to zoom in or out, respectively), there is a small mouse cursor shown in the screen. I think it's a bug with the compositor that draws the entire application, be it Firefox, GIMP, or Ardour). Please ignore the small mouse cursor. Thanks.

Anyway, I appreciate you checking out my video that I linked above. Here are the links to products listed for the video:


Article published: 2021-06-08 12:30

Categories: The World of Computers, Multimedia Productivity

When Uploading A Screenshot of a Website, Be Aware Of Your Browser Tabs

When uploading a screenshot of your website (or someone else's website), make sure your email address (or portion of your email address) is not exposed when taking a screenshot. I uploaded my screenshot of pagination for my website and a part of my email address has been exposed over the web and I had to retake the screenshot without it. If you have a webmail opened in one browser tab such as GMail/Google Workspace, your browser tab will look similar to this:

Inbox (5): yourname(at)your...

That tab is exposed by the <title> tag inside a website. Here's what I mean:
<html>
  <head>
    <title>Inbox (5): yourname(at)yourdomainname(dot)com</title>
  <head>
  <body>
    <h1>Your E-Mail Provider</h1>
    <p>Your email messages go here.</p>
  </body>
<html>

Instead of "@", I use "(at)" so that spam harvesters and bots won't harvest any email addresses in my website; however, I won't give away any of my 170+ email addresses at all. Pay special attention to the title of web pages that you currently have opened. By "title," I meant your browser tabs. My advice is do not leave anything sensitive unattended. I hope I can be of help to everyone. Be safe out there in the web!


Article published: 2021-05-01 10:01

Categories: General, Announcement

New Addition to my Website: Pagination (ClassicPress)

As a web developer of my website, I have implemented pagination that allows anyone to view more posts by page and be able to view blog posts by month and year. I created a custom theme from scratch so that I can personalize my website to my liking. I wanted to give the pagination system an "electronic" look.

Pagination along with month and year for my website
This screenshot shows pagination implemented in my website. In my development machine, I have set the number of posts per page to 5 in order to demonstrate the effect. I blurred the surrounding image to cut the file size by half.

For those with eyesight, you can click in the image to see a full screen of my desktop that shows the pagination system in effect.

The code for the pagination system for ClassicPress can be found in this full article.


Article published: 2021-05-01 08:57

Categories: The World of Computers, Scripting and Programming

How To Create a New User in pfSense and VyOS?

When you setup your new router, it's always a good idea to create a new user other than admin for pfSense and vyos for VyOS in order to reduce the chance that bots and miscreants will gain access to your router.

VyOS

Here's the completed configuration of my VyOS router and I will show you the commands.

Configuration
service {
    # ...
    ssh {
        access-control {
            allow {
                user <username>
                user vyos
            }
        }
        listen-address 10.249.0.1
    }
}
system {
    # ...
    login {
        banner {
            pre-login "Unauthorized access is strictly prohibited."
        }
        user <username> {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            full-name "First and last name goes here."
            home-directory /home/<username>
        }
        user vyos {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
        }
    }
# ...
}
Commands
ssh vyos@10.249.0.1
configure
edit system login user <username>
set authentication plaintext-password <your-password-goes-here>
set full-name "First and last name goes here."
set home-directory /home/<username>
exit
edit service ssh access-control
set allow user <username>
set allow user vyos
commit
save

You want to allow vyos access using SSH to make sure it works. Also, there is encrypted-password in VyOS but VyOS gave me an error telling me that the encrypted password is invalid. I did try to discard, but VyOS told me there are not changes to be discarded, so I saved, started a new terminal window, and once I SSH into my VyOS router for 10.249.1.1, everything works fine.

Now don't exit out of VyOS session just yet. You want to make sure SSH is working properly for a user you want to log into. Because otherwise editing and viewing the configuration will have to be done either through the use of a console cable or a monitor and keyboard hooked up to a monitor. SSH using your new username and password you've created. If you can successfully login to VyOS with a different username, you can simply remove the vyos user from the access control list in configuration mode.

delete service ssh access-control allow user vyos

Again, stay logged in to VyOS and use a different terminal to test and make sure you can log into VyOS through SSH. If everything is working as intended, you can safely log out of VyOS from all the terminals you've opened.

Also, you can configure a banner. Examine the configuration above and see if you can add a login banner. The pre-login is for when a user attempts to access the VyOS router using SSH. This will print out a banner before a user gets prompted for a password. After a user logs into VyOS, if the post-login is set, VyOS will print out the banner once the user logs in. This concludes the commands used for securing VyOS.

pfSense

The same can be done for pfSense. Open the web browser, point your browser to pfSense (in my case, http://10.249.2.1), and login to your pfSense web interface. Once you get to the main interface, follow instructions as follows.
  1. In the System menu, open the User Manager.
  2. Click in the + Add button below the list of users.
  3. Enter the Username, Password, and Full Name. No spaces in the username.
  4. In the Group Membership area, select admins and click in Move to "member of" list. This will move the admins group to the "member of" list.
  5. Save the changes, log out, and log back in as the new admin user you have created in step 4.
  6. In the user manager, click in the pencil icon (Edit) to edit the admin user.
  7. Check the checkbox for Disabled. An admin user cannot login once the checkbox is selected.
  8. When done, Save the changes.

Try to login as admin. If successful, you should not be able to log in as an admin user but instead log in as a new user. This concludes the step-by-step instructions for pfSense.

Conclusion

Preventing a root or admin user from logging into a router is one of the security's best practices. You can help ensure that bots and miscreants won't be able to gain access to your router without the correct username and password. Even when bots are performing a brute-force attack. Still, it's important to restrict access to the router through the use of a management subnet and if using pfSense, setup a root and server certificate in the Cert. Manager within the System menu and add a root certificate to your web browser of your choice. Use a management subnet for any devices that have SSH access or a web interface and do not allow managers, sales, web developers, or any other non-IT departments access to the critical network infrastructure.

Update: I just hit "c" twice in my keyboard (ccode instead of code) even though I only typed "c" just once. Ugh... Maybe I just need a different keyboard that prevents double-types regardless of the operating system I'm using... (And yes, I'm using Arch Linux.)


Article published: 2021-02-25 21:04

Categories: The World of Computers, Networking

IPv4 Subnetting Practice

If you understand computer networking and know how IPv4 subnetting works, here's a zip file which contains a self-contained HTML file. Double-click in the HTML file and you can begin practicing.

ipv4subnet.zip

Have fun!


Article published: 2021-02-12 22:47

Categories: The World of Computers, Networking

Part 1: OSPF (IPv4) - Connecting 2 Instances of VyOS and pfSense Together

This is part 1 of 2 of configuring multiple networks that can communicate with each other through OSPF.

Introduction

How much do you know computer networking? Do you know how subnetting works? What about IP addresses? Do you know how routers and switches work? Do you have a homelab and do you know what a homelab is? If you answer yes to all of the questions and you want to expand your knowledge of networking, this article is for you. Yes, I'm targeting audience that have a good knowledge in networking. This is even for those with lack of certificates such as CompTIA A+, Network+, and Security+, and even for those without a degree! Well, why don't we delve right into it, shall we? If you are Network+ certified, you must know that OSPF is a dynamic link-state protocol that allows the two or more private networks to talk to each other. If you have a consumer router such as Netgear or Linksys, this article is only for the pros!

Also, my article covers the use of virtual machines and networking bridging, so I'm going to assume you know how to set them up. I'm using Ubuntu Server 20.10 as my Linux home server that runs KVM (Kernel-based Virtual Machine). Virtual machines are what enables a computer to run inside a computer and network bridging behaves similar to a network switch. And because of that, I'm also going to assume you are familiar with the Linux command line.

Now buckle your seatbelt because this article is going to be a very long one.


Article published: 2021-02-08 00:03

Categories: The World of Computers, Networking

ClassicPress and Custom CMS for my Website

Transitioning From Custom CMS To ClassicPress

I have rebuilt my website using ClassicPress instead of a custom-built Content Management System (CMS for short). The reason for why I chose ClassicPress is simplicity. However, simplicity comes with compromises regarding the security and underlying control of my website such as not being able to separate the administration panel from the core CMS. I have first built my website with my own theme in mind due to my experience with HTML, CSS, JavaScript, and PHP. I built my own admin panel from scratch as well, although it's very tedious and it took me a lot of time. Even though building my admin panel is tedious, mine turned out pretty well--well, almost. I wanted to write PHP code that would synchronize my changes from hte local database to my production database, but I did not put my time into it. So, while building my CMS from scratch is fun, at the end of the day, ClassicPress simplifies the implementation of features for me such as search, categories, and archive for listing posts by month.

About my website that I built with a custom CMS, I focused in the paradigm called Model-View-Controller, or MVC for short. I will get into more detail at a later time as I want to keep my blog article short. However, I can show you the images for those who have eyesight.


Article published: 2021-02-05 18:50

Categories: General, Announcement

Hello, and Welcome to my Website

Hello! My name is Grayson Peddie and this is my first time writing my blog from scratch instead of using WordPress. I was born in Panama City and raised in Tallahassee, Florida throughout my entire life. I am CompTIA A+, Network+, and Security+ certified and I love to get into career in Information Technology. I want to get my feet wet in a little bit of cybersecurity and a lot of network engineering. Not only that, I would also like to setup a homelab with a couple of servers for running OpenStack.

Let's talk about my hobbies. So what do I do for a living? I listen to music, play games, and watch YouTube videos. I even administer my own network and program my home automation system using Home Assistant. Specifically, Home Assistant Core, although I do have a tendency to refer "Home Assistant Core" as "Home Assistant" because I've been a user for about 4 years as of Home Assistant 0.17 and the latest version is 0.108.

So what music do I listen to? Because I'm an adventure type, I like to listen to new age and Celtic music from around the world. ("Celtic" is pronounced "keltic" but with a "c.") I listen to music from David Arkenstone, Yanni, Cusco, Kitaro, Loreena McKennitt, Clannad, Enya, and so many artists that I could list, but could get rather long. Plus, I like to listen to smooth jazz, symphony orchestra, 40s instrumental jazz, and even 60s, 70s, 80s, and early 90s. Most of the time, I listen to instrumental music. Unlike vocals, musical instruments speak their own language.


Article published: 2021-02-03 05:20

Categories: General, Introduction