For users of screen readers, depending on the screen
resolution, the two checkboxes are for opening and closing the side menus that
appear to the left and right side of the screen. This is designed both for large screens
and for mobile devices with a touch screen. Checking either the main menu or sidebar checkboxes causes
the menu to open from the left or right side of the screen, respectively. Clearing
the checkox in either the main menu or sidebar closes the menu. The checkboxes are
visible to screen readers such as JAWS and NVDA for Windows, Voiceover for Mac,
and Orca screen reader for Linux. When a screen reader says "clickable" for both
main menu and sidebar, that is for the respective checkboxes. End of explaination.
This article is for experienced Linux users who are familar with environment variables such as
$HOME and $USER. These are the Linux users who are familiar with the
command line.
Problem and Solution
Here is an example not to use /home/$USER:
[gpeddie-games@epcotcenter ~]$ su - gpadmin
Password:
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
touch: cannot touch '/home/gpadmin/Templates/Text file': No such file or directory
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
-bash: /home/gpadmin/.local/share/DaVinciResolve/configs/.version: No such file or directory
Welcome. All activities monitored at all times.
Unauthorized access is strictly prohibited.
gpadmin@epcotcenter
~
$
And here's the script (/etc/profile) that illustrates an example:
# fix gnome missing 'New file' option
if [ ! -f /home/$USER/Templates/"Text file" ]
then
mkdir -p /home/$USER/Templates
touch /home/$USER/Templates/"Text file"
fi
# ...
# this is a hack to bypass the Davinci Resolve new install Welcome/Onboarding screen since it does not render properly and is not required.
if [ ! -f /home/$USER/.local/share/DaVinciResolve/configs/.version ];then
mkdir -p /home/$USER/.local/share/DaVinciResolve/configs/
echo "Onboarding.Version=10" > /home/$USER/.local/share/DaVinciResolve/configs/.version
fi
To fix this issue, simply replace all instances of /home/$USER with $HOME.
I am familiar with a text editor called Vim. It's a program that runs inside a terminal, similar to the
Command Prompt or PowerShell in Windows.
Before we proceed any further, let's create a backup copy of /etc/profile:
sudo cp /etc/profile /etc/profile.bak
If anything goes wrong, you now have a backup. You can simply use the cp (copy) command to
restore from the backup. Now let's begin.
First, open the Terminal (Konsole in KDE).
As root (or with sudo privileges), type the following command:
sudo vim /etc/profile
Type in the following command, starting with a colon:
:%s/\/home\/$USER/$HOME/g
The syntax for search and replace in Vim is as follows:
:%s/search/replace/g
Let's not concern ourselves with g at the end for now. Basically this command replaces
"search" with the next text "replace." In other words, we want to replace /home/$USER with
$HOME.
Let's have a look at the script again:
# fix gnome missing 'New file' option
if [ ! -f $HOME/Templates/"Text file" ]
then
mkdir -p $HOME/Templates
touch $HOME/Templates/"Text file"
fi
# ...
# this is a hack to bypass the Davinci Resolve new install Welcome/Onboarding screen since it does not render properly and is not required.
if [ ! -f $HOME/.local/share/DaVinciResolve/configs/.version ];then
mkdir -p $HOME/.local/share/DaVinciResolve/configs/
echo "Onboarding.Version=10" > $HOME/.local/share/DaVinciResolve/configs/.version
fi
So why would we want to replace /home/$USER with $HOME? That
/home/$USER should still work!
Let's look at the output again after we save the changes.
Save the changes to the /etc/profile file.
:wq
A : begins a command. w writes changes to the file and q
quits Vim
If you don't want to make changes to the file, then all you have to do is type :q! to
exit without saving any changes.
As I mentioned, let's look at the output again when I log into my administrator account from a user
account.
[gpeddie-games@epcotcenter ~]$ su - gpadmin
Password:
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
touch: cannot touch '/home/gpadmin/Templates/Text file': No such file or directory
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
-bash: /home/gpadmin/.local/share/DaVinciResolve/configs/.version: No such file or directory
Welcome. All activities monitored at all times.
Unauthorized access is strictly prohibited.
gpadmin@epcotcenter
~
$
Now, let's see the new output when I log back in as an administrator.
[gpeddie-games@epcotcenter ~]$ su - gpadmin
Password:
Last login: Sat Mar 18 11:13:52 EDT 2023 on pts/0
Welcome. All activities monitored at all times.
Unauthorized access is strictly prohibited.
gpadmin@epcotcenter
~
$
This short article is intended for Linux users who are both familiar with the command line and a terminal-based text editor called vim.
For blind users, I don't believe the ranger program is accessible for screen readers. Probably not even in VoiceOver for Mac. For file management tasks, if only the
Mac's Finder could support SSH's Secure Copy Protocol (scp for short) or SSHFS (Secure Sheel File System). Third-party applications will have to be installed.
I do have brew installed for installing homebrew applications tAhat run Linux-like applications in a Mac, but Brew does not support Mac OS 13 (pre-release). I think
the problem with ranger is that VoiceOver for Mac does not read the currently highlighted directory or file that I currently select.
Keyboard Commands for ranger:
Key: h, j, k, l
Left, down, up, and right. Basic commands similar to Vim and Vi. You can also use arrow keys if you want to! Arrow keys work in Vim as well.
Key: yy and pp
Copy and paste a file or directory.
Key: gg
Go to the beginning of the list of files or directories (typing g once instead of twice opens the list of available commands; type g again and it
should move the selector to the top of the list).
Key: G
Go to the end of the list of files or directories.
Key: Enter
Depending on the file associations, opening an HTML file opens w3m and opening a JSON file opens a text editor such as Vim.
Key: F4 (function key)
Opens a text editor for a selected file.
Key: r
Open with: (Type the name of the program you want to open with.)
Key: spacebar
Select multiple files or directories. This is useful when copying files or directories in bulk.
Key: q
Quit ranger.
Command: :search <filename>
Searches for a file. Replace <filename< with the name of the file you are looking for.
Additional details for ranger can be found by visiting the ArchWiki page.
Install ranger:
For Fedora/Red Hat-based Linux distributions:
sudo dnf install ranger
Replace dnf with yum if you are running an older version of Red Hat-based Linux distribution.
For Debian/Ubuntu-based Linux distributions:
sudo apt install ranger
For those who use Arch Linux (if you use Arch Linux, I'm going to assume you know the commands for installing and updating packages. Explaining flags for pacman is beyond
the scope of my article.):
sudo pacman -Syu ranger
Why choose ranger as a terminal-based file manager?
I need a way to copy and paste files into multiple directories. I can do it via the command line, but I can be very lazy with typing the names of directories. With a new flat-file CMS
(Content Management System), I had a new blog setup and I needed to import all of my posts from ClassicPress to my new CMS. For creating new posts, I follow the convention where the
date comes first before the permalink (yyyymmdd-hhmm-permalink). The following list shows how I break it down.
yyyy
Year: 2023
mm
Month: 02 (February)
hhmm
Hour/Minute: 11:00 (Eastern Time)
permalink
Permalink: need-filemanager-linux
The more I use ranger, the more I begin to fall in love with the program. But if I'm going to be using a screen reader with the screen turned off, this can be a problem
for me and even a problem for blind users as well. However, at least ranger saved me from having to type a lot, especially when performing file management tasks. If you
are looking for a file management program while working over a secure shell (SSH), give ranger a try. Oh, and the more I discover keyboard commands, the more I add to the
list of commands. And of course, the more I enjoy using ranger.
This is for anyone who currently host their WordPress or ClassicPress in a virtual private server such as DigitalOcean, Linode, or any other VPS providers. Any Linux user with knowledge of command line can perform backups and restoration tasks. You must be familiar with Linux and you know how to connect to your production server via SSH.
Plus, this article assumes that you have installed and configured WordPress in your VPS server. In addition, this article assumes you can perform basic database administration tasks such as adding a new database along with creating a new user for WordPress or ClassicPress. If your hosting provider provides managed WordPress or ClassicPress hosting, then this article may not apply to you. And because this article is for those who currently run a VPS server, I am going to have to assume that you have some hands-on experience with the Linux command line. This article need not apply to non-technical Linux, Mac, and Windows users. When I say non-technical Linux users, I'm talking about those who wanted to get away from Windows or Mac and simply wanted to use Linux just to browse the Internet and not deal with the command line.
Last, but not least, I am also going to assume that you know how to configure your Apache server as well. Both Apache and NGINX (pronounced Engine-X) configurations won't be covered here, including backing up and copying certificates that you get from your hosting provider.
You have your own VPS server that is running ClassicPress. Your domain name is exmaple.com and your SSH port number is (insert your TCP port number here). You have a development server for developing your own custom ClassicPress theme and you want to use your development server to backup everything from your production server.
Article published: 2022-11-17 08:47
Categories: The World of Computers, Information Technology, Internet, Networking, Scripting and Programming
If you promoted your server to a domain controller, you won't be able to change the hostname for Windows Server Domain Controller without inputting commands in the command prompt. Basically, you need to open the command prompt, add a new alternate hostname, make the domain controller your primary hostname, reboot your server, and then remove the old hostname. This is useful if the server's hostname was not changed before the server gets promoted as a domain controller. The order of commands along with the syntax is as follows:
Adds a new hostname to the domain controller as an alternate hostname. For this example, newcomputername will be added as an alternate hostname for the domain controller.
/makeprimary
Makes a hostname a primary name for the domain controller. newcomputername will be the primary name for the domain controller and the oldcomputername will be the alternate hostname for the domain controller.
/remove
Deletes the hostname from the domain controller. In this case, the /remove flag removes the oldcomputername from the domain controller.
/enumerate
Although not shown in the order of commands above this list of commands, parameters, and flags, this will enumerate the list of hostnames assigned to the domain controller. This flag does not require a parameter, so the colon after the enumerate flag is not needed.
shutdown /r /t 0
This command reboots the server (hence, /r) immediately (/t 0. The /t 0 flag and parameter is a timer.
dcdiag
Not shown in the list of commands above. This command runs a diagnostic for the domain controller to make sure everything in the domain controller is working fine. There might be some errors and warnings, but if computers can login to the domain controller, it should be fine.
Because I did not know the commands myself, I must give credit to "The ICT Guy" (Twitter profile) for writing an article titled Correctly renaming a Domain Controller for a seamless easy migration. That article has been of great help to me since I am testing Windows Server 2016 Essentials edition as part of my virtual homelab setup. For example, I wanted to test the domain joining functionality in macOS and test an Active Directory integration in Nextcloud using an LDAP/AD integration app. LDAP stands for Lightweight Directory Access Protocol and is used for managing users and groups.
I hope I can be of help to Windows administrators.
Article published: 2022-09-25 01:15
Categories: The World of Computers, Information Technology
When creating Linux containers for the purpos of joining them to an Active Directory Domain Controller, make sure the checkbox after the "Unprivileged Container" is unchecked. The "unprivileged container" checkbox is after the "Hostname" edit box. Unprivileged Linux containers won't be able to join to an Active Directory. Essentially, I forgot to uncheck the "Unprivileged Container" and wasted hours of my time, but I consider time well spent when learning the hard way.
Bear in mind that privileged containers are not safe for businesses when it comes to attackers exploiting privileged Linux containers. And yes, it's all about vulnerabilities and exploits when it comes to escaping Linux containers and causing damage to the host; however, for homelab purposes, a privileged Linux container is fine for my needs. If you are concerned about the security of Linux containers, spin up virtual machines instead of Linux containers in Proxmox. Of course, depending on your security hygiene, virtual machines can be as unsafe as privileged and unprivileged Linux containers if you do not have security precautions in place. For more details, learn more about privileged and unprivileged containers.
Article published: 2022-09-22 06:27
Categories: The World of Computers, Computers, Information Technology
From your smartphone (not your desktop or laptop computer), open the Uber application.
Tap Account. The Account button is located at the bottom right of your smartphone's screen.
Tap your avatar to the right of your name.
Tap your email address to change your email address. Skip to step 6 if you do not make use of unique email addresses for every account that you signed up for.
Once you change your email address, tap Update. Go into your email account and look for an email from Uber. Enter the verification code that Uber gave you.
Tap your password. You will need to verify your password first before you generate your new password from a password manager.
And you are done! Congratulations! You have successfully changed your unique email address and password! Stay safe!
For those unfamiliar with LXC and Proxmox, LXC is similar to a virtual machine that runs a guest OS (Windows, Linux, Mac, Android, etc.) but the container part of LXC excludes the core part of the OS and simply provides networking and storage inside a container. Unlike virtual machines, applications inside a container can access resources on a host system directly. Proxmox is a hypervisor for running virtual machines and Linux containers (LXC) in a server hardware.
IP Addresses and Subnetting
Do you need to have multiple IP addresses assigned to a network interface inside an LXC container? In terms of networking, a single NIC can have multiple IP addresses. This is useful if you want to run a single server with multiple websites that have their own IP address. Here's what I mean:
172.20.31.0/23
A small HTML file with a list of websites hosted by the web server.
172.20.31.1/23
A web application running Adminer, a lightweight alternative to phpMyAdmin.
172.20.31.2/23
A development version of my website that mirrors a production version. Anyone who visits my site sees my production version of my website.
Once I test the changes I made in the development website, I push the changes up to the production website.
172.20.31.3/23
A custom-built web application for taking notes. Any notes written in HTML gets shown up in the web browser.
172.20.31.4/23
A development version of the note-taking web application taken from 172.20.31.3.
A note for those new to networking: pay attention to the subnet. A slash 23 subnet can start with 172.20.30.1 and ends at 172.20.31.254. Both 172.20.30.255 and 172.20.31.0 are both valid IP addresses. 172.20.30.0 is a network address and 172.20.31.255 is a broadcast address. Cisco has an article about IP addressing and subnetting in order to help you understand how subnetting works. With that out of the way, let's get into configuring a Linux container running in a Proxmox server.
I watched the video about whether the ransomware can be stopped and I scrolled down through the comment section. While reading comments, some people are suggesting that we switch to Linux because Linux is more secure compared to Windows. That is true that Linux is inherently secure compared to Windows and Mac; however, what if I were to tell you that if you are running Arch Linux, Fedora, Ubuntu, Solaris, FreeBSD, OpenBSD, Haiku OS, or just about any other operating systems in our planet that you can still fall victim to phishing attacks? If we all switch to a different operating system on a basis that one is more secure compared to other operating systems, then we are forgetting about our weakest link.
Let me ask you again. Who or what is the weakest link in the cybersecurity chain? It's not Windows; we are the ones that need education so we can protect ourselves online.
(For my blog post, I want to focus on the audience regarding people who use Internet every single day and knows a lot about cybersecurity. Myself included.)
Imagine a scenario: you went to get your haircut and the place you went to requires you to enter an email address before you get your haircut. Why? Even if I do have a
smartphone and I use Internet every single day, why must I put in my email address? For what purpose? To send spam? For businesses, they might say "we respect your privacy
and take security seriously," but in my mind, I would say that if an email gets compromised in a data breach, it's more likely that those who are not tech-savvy are more
likely to receive spam and phishing emails. Not thinking about security when using the Internet can lead to ransomware and identity theft. They might stop using the
computer altogether because of fear of feeling unsafe online.
What is an operating system? Windows? Mac? Linux? What is an email address? What is a "file?" See where I'm going with? What is Android? iPhone? iOS? How do I manage
files and folders in my computer? How do I check my email? I hope you get my point.
Okay, so you say that your 90-year-old family member knows how to use the Internet, takes care of security themselves, and I should not overly-generalize myself. Well,
that's great, but we should not force everyone to have a smartphone just so they can face dangers lingering in the Internet. I have more details in the full article.
Article published: 2021-10-06 12:00
Categories: The World of Computers, Computers, Security
This is a rendering of my home theater made in Blender. It has a 200" projection screen, 7.2.4-channel speaker system, and comfy seats with cupholders in between.
I have been watching a couple of YouTube videos of people who want a computer in one room (such as a wiring closet) and a keyboard, video, and mouse (KVM) in a home office. To give you an idea of what I'm talking about, I want to post links to YouTube videos.
Embedding YouTube or Odysee videos will insert a tracking cookie in users' personal computers. As a citizen of the US, I need to follow GDPR if European visitors visit my website. I don't like and want to talk to lawyers to be honest. 🤣😀
As for the video from Linus Tech Tips, I would much rather have a couple of computers rather than single computer that can house a couple of virtual machines running desktop OSes such as Linux and Windows just to make it easier for me. So yeah, a virtual machine is a computer within a computer that can serve different purposes such as running Ubuntu within Windows using VirtualBox or by running Windows OS in a Linux host using KVM or Xen.
Article published: 2021-08-14 17:42
Categories: Dreams and Imagination, Homes and Buildings, Home Theater, The World of Computers, Computers, Networking
This is a comparison of two lavalier microphones. Recently, I bought a Shure MX185 cardioid lavalier microphone as I want to test if a uni-directional (cardioid) microphone is right for me, especially if I want to test and hear if my AKG K702 headphone leaks sound to my microphone especially for the Zoom meeting. I bought a Movo LV8-D microphone as of late October so I can participate in Zoom meeting that began November of last year. The Zoom meeting I am participating in is Cisco Academy from National Industries for the Blind. I'm studying for Cisco Certified Network Associate certificate (CCNA, for short) and my class ends by the end of August. I asked if students and my instructor can hear any leaks coming from my K702 headphone and they said they did not hear any leaks at all, which is great. However, I have a Sony WX1000XM3 headphone and because of the shape of my headphone, I don't think my hearing aids are picking up any high frequency sounds unlike when I use my AKG open-back headphone.
I plan to ship my Shure microphone back because the uni-direction nature of a lavalier microphone is not for me, especially as I was reading from left to right as i read the script during the recording.
Do note that even though I did cut out a couple of pauses in my audio production software (Ardour), I tend to speak slow as speaking at a moderate speed for more than a minute is not my second nature. As I live in Altha, FL, a rural town in the United States, I've been very lonely a lot even when I go to restaurants with my family. Plus, I did not position the text inside the dialog in the first part of the video correctly. I do not want to waste another 45+ minutes trying to render the entire video using Blender. Although as a Linux user, I could have used KDenLive instead of Blender; however, as Blender is a very easy tool for me to use, I used it for the majority of my video editing. My familiarity with KDenLive is secondary to Blender.
When I zoom in using GNOME Magnifier (Windows key+Alt+8 to activate the magnifier and Windows key+Alt+- or Windows key+Alt+= to zoom in or out, respectively), there is a small mouse cursor shown in the screen. I think it's a bug with the compositor that draws the entire application, be it Firefox, GIMP, or Ardour). Please ignore the small mouse cursor. Thanks.
Anyway, I appreciate you checking out my video that I linked above. Here are the links to products listed for the video:
As a web developer of my website, I have implemented pagination that allows anyone to view more posts by page and be able to view blog posts by month and year. I created a custom theme from scratch so that I can personalize my website to my liking. I wanted to give the pagination system an "electronic" look.
This screenshot shows pagination implemented in my website. In my development machine, I have set the number of posts per page to 5 in order to demonstrate the effect. I blurred the surrounding image to cut the file size by half.
For those with eyesight, you can click in the image to see a full screen of my desktop that shows the pagination system in effect.
The code for the pagination system for ClassicPress can be found in this full article.
Article published: 2021-05-01 08:57
Categories: The World of Computers, Scripting and Programming
When you setup your new router, it's always a good idea to create a new user other than admin for pfSense and vyos for VyOS in order to reduce the chance that bots and miscreants will gain access to your router.
VyOS
Here's the completed configuration of my VyOS router and I will show you the commands.
Configuration
service {
# ...
ssh {
access-control {
allow {
user <username>
user vyos
}
}
listen-address 10.249.0.1
}
}
system {
# ...
login {
banner {
pre-login "Unauthorized access is strictly prohibited."
}
user <username> {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name "First and last name goes here."
home-directory /home/<username>
}
user vyos {
authentication {
encrypted-password ****************
plaintext-password ****************
}
}
}
# ...
}
Commands
ssh vyos@10.249.0.1
configure
edit system login user <username>
set authentication plaintext-password <your-password-goes-here>
set full-name "First and last name goes here."
set home-directory /home/<username>
exit
edit service ssh access-control
set allow user <username>
set allow user vyos
commit
save
You want to allow vyos access using SSH to make sure it works. Also, there is encrypted-password in VyOS but VyOS gave me an error telling me that the encrypted password is invalid. I did try to discard, but VyOS told me there are not changes to be discarded, so I saved, started a new terminal window, and once I SSH into my VyOS router for 10.249.1.1, everything works fine.
Now don't exit out of VyOS session just yet. You want to make sure SSH is working properly for a user you want to log into. Because otherwise editing and viewing the configuration will have to be done either through the use of a console cable or a monitor and keyboard hooked up to a monitor. SSH using your new username and password you've created. If you can successfully login to VyOS with a different username, you can simply remove the vyos user from the access control list in configuration mode.
delete service ssh access-control allow user vyos
Again, stay logged in to VyOS and use a different terminal to test and make sure you can log into VyOS through SSH. If everything is working as intended, you can safely log out of VyOS from all the terminals you've opened.
Also, you can configure a banner. Examine the configuration above and see if you can add a login banner. The pre-login is for when a user attempts to access the VyOS router using SSH. This will print out a banner before a user gets prompted for a password. After a user logs into VyOS, if the post-login is set, VyOS will print out the banner once the user logs in. This concludes the commands used for securing VyOS.
pfSense
The same can be done for pfSense. Open the web browser, point your browser to pfSense (in my case, http://10.249.2.1), and login to your pfSense web interface. Once you get to the main interface, follow instructions as follows.
In the System menu, open the User Manager.
Click in the + Add button below the list of users.
Enter the Username, Password, and Full Name. No spaces in the username.
In the Group Membership area, select admins and click in Move to "member of" list. This will move the admins group to the "member of" list.
Save the changes, log out, and log back in as the new admin user you have created in step 4.
In the user manager, click in the pencil icon (Edit) to edit the admin user.
Check the checkbox for Disabled. An admin user cannot login once the checkbox is selected.
When done, Save the changes.
Try to login as admin. If successful, you should not be able to log in as an admin user but instead log in as a new user. This concludes the step-by-step instructions for pfSense.
Conclusion
Preventing a root or admin user from logging into a router is one of the security's best practices. You can help ensure that bots and miscreants won't be able to gain access to your router without the correct username and password. Even when bots are performing a brute-force attack. Still, it's important to restrict access to the router through the use of a management subnet and if using pfSense, setup a root and server certificate in the Cert. Manager within the System menu and add a root certificate to your web browser of your choice. Use a management subnet for any devices that have SSH access or a web interface and do not allow managers, sales, web developers, or any other non-IT departments access to the critical network infrastructure.
Update: I just hit "c" twice in my keyboard (ccode instead of code) even though I only typed "c" just once. Ugh... Maybe I just need a different keyboard that prevents double-types regardless of the operating system I'm using... (And yes, I'm using Arch Linux.)
In part 1 of the article, I have covered how to create and configure virtual machines and install both VyOS and pfSense. In part 2 of this article, I'm going to cover how to configure pfSense with OSPF networking. Let's get going, shall we?
If you understand computer networking and know how IPv4 subnetting works, here's a zip file which contains a self-contained HTML file. Double-click in the HTML file and you can begin practicing.
This is part 1 of 2 of configuring multiple networks that can communicate with each other through OSPF.
Introduction
How much do you know computer networking? Do you know how subnetting works? What about IP addresses? Do you know how routers and switches work? Do you have a homelab and do you know what a homelab is? If you answer yes to all of the questions and you want to expand your knowledge of networking, this article is for you. Yes, I'm targeting audience that have a good knowledge in networking. This is even for those with lack of certificates such as CompTIA A+, Network+, and Security+, and even for those without a degree! Well, why don't we delve right into it, shall we? If you are Network+ certified, you must know that OSPF is a dynamic link-state protocol that allows the two or more private networks to talk to each other. If you have a consumer router such as Netgear or Linksys, this article is only for the pros!
Also, my article covers the use of virtual machines and networking bridging, so I'm going to assume you know how to set them up. I'm using Ubuntu Server 20.10 as my Linux home server that runs KVM (Kernel-based Virtual Machine). Virtual machines are what enables a computer to run inside a computer and network bridging behaves similar to a network switch. And because of that, I'm also going to assume you are familiar with the Linux command line.
Now buckle your seatbelt because this article is going to be a very long one.