The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,854 other subscribers

Archive for the ‘Power User’ Category

« Previous Entries
Next Entries »

MikroTik PoE: automatically power cycle and reboot device when it becomes unresponsive.

Posted by jpluimers on 2021/09/24

In the past I had these manual scripts to power-cycle a hung RaaspberryPi device:

/interface ethernet poe set ether5 poe-out=off
/interface ethernet poe set ether5 poe-out=forced-on

or on one line:

/interface ethernet poe set ether5 poe-out=off; /interface ethernet poe set ether5 poe-out=forced-on

I am going to try this script for the port having a Raspberry Pi on it (note: this requires a 48V power brick for the Mikrotik!) on RouterOS version 6.48.3 (stable):

/interface ethernet
set [ find default-name=ether5 ] comment="RaspberryPi" poe-out=\
    forced-on power-cycle-ping-address=192.168.124.38 power-cycle-ping-enabled=\
    yes power-cycle-ping-timeout=2m

The above has not worked for a long time as per [Wayback] No POE Power Cycle @ hEX POE – MikroTik:

But it might be fixed as of [Wayback] RouterOS version v6.47.3[stable] as per [Wayback] MikroTik Routers and Wireless – Software: 6.47.3 (2020-Sep-01 05:24):

*) poe – fixed “power-cycle” functionality on RB960GSP;

Similar issues exist on RB760iGS/Hex S, and there the fix requires new hardware in addition to firmware as per [Wayback] POE OUT issue on ether5 rb760igs (no power) – MikroTik

Note that I did disassemble both of these routers for inspection and there are obvious changes to the hardware to correct the PoE problems – most notably a completely different relay, capacitor and some minor circuit design changes.

If it still fails, I might try

[Wayback] No POE Power Cycle @ hEX POE – MikroTik: workaround script

:local ipPing ("x.x.x.x")
:local pingip
#
# pingip below RUNS and sets the variable
# to number of successful pings ie 3 means 3 of 45 success
# can also use ($pingip > 1) or ($pingip >= 1) both TESTED
# ($pingip >= 1) means if only 1 or 0 pings do the IF, not the ELSE
#
:log info ("ping CHECK script IS RUNNING NOW")
# first delay 90 b4 ping test incase this is running at POWER UP
:delay 90
:set pingip [/ping $ipPing count=45]
:if ($pingip <= 3) do={ :log warning (">95% lost ping LOSS to isp GW IP x.x.x.x via ether5 so DO POE powerCYCLE")
  /interface ethernet poe set ether5 poe-out=off
  :delay 12
  /interface ethernet poe set ether5 poe-out=auto-on
  :delay 10
  :log warning ("ether5 POE HAS BEEN TURNED BACK ON")
  :delay 90
  /system script run emailPOEresult
} else={
  :log warning ("PoeCyclePINGcheck ELSE ran so no ping loss detected by script")
}

Based on:

Read the rest of this entry »

Posted in Development, Hardware Development, Internet, MikroTik, Power User, Raspberry Pi, routers | Leave a Comment »

5 days before the Let’s Encrypt’s Root Certificate is expiring!

Posted by jpluimers on 2021/09/24

Only 5 days left to take a close look at both your web-clients (including back-end clients!) and servers to prevent potential Let’s Encrypt mayhem.

Last week, [Wayback] Scott Helme published about [Wayback/Archive.is] Let’s Encrypt’s Root Certificate is expiring!

Let’s Encrypt has done loads of work over the past lustrum to prevent trouble like cross-signing, issuing the successor certificates, and more.

The problem is that people like you and me have refrained from keeping their clients and servers up-to-date, so some security issues will occur. Hopefully they are limited to non-functioning communication and not leaking of data.

It is about this DST Root CA X3 certificate, used by the vast majority of Let’s Encrypt certificates, [Wayback/Archive.is] Certificate Checker: CN=DST Root CA X3, O=Digital Signature Trust Co.:

DST Root CA X3
Certificate Trusted anchor certificate
Subject DN CN=DST Root CA X3, O=Digital Signature Trust Co.
Issuer DN CN=DST Root CA X3, O=Digital Signature Trust Co.
Serial Number 44AFB080D6A327BA893039862EF8406B
Valid  to  Key RSAPublicKey (2048 bit)
SHA1 Hash DAC9024F54D8F6DF94935FB1732638CA6AD77C13 MD5 Hash 410352DC0FF7501B16F0028EBA6F45C5
SKI C4A7B1A47B2C71FADBE14B9075FFC41560858910 AKI

Quoting Scott, these clients likely will fail, so need attention:

  • OpenSSL <= 1.0.2
  • Windows < XP SP3
  • macOS < 10.12.1
  • iOS < 10 (iPhone 5 is the lowest model that can get to iOS 10)
  • Android < 7.1.1 (but >= 2.3.6 will work if served ISRG Root X1 cross-sign)
  • Mozilla Firefox < 50
  • Ubuntu < 16.04
  • Debian < 8
  • Java 8 < 8u141
  • Java 7 < 7u151
  • NSS < 3.26
  • Amazon FireOS (Silk Browser)

On the server side, you can help Android devices by using a Let’s Encrypt certificate that is cross-signed with the ISRG Root X1 certificate [Wayback/Archive.is] Certificate Checker: CN=ISRG Root X1, O=Internet Security Research Group, C=US:

ISRG Root X1
Certificate
Subject DN CN=ISRG Root X1, O=Internet Security Research Group, C=US
Issuer DN CN=DST Root CA X3, O=Digital Signature Trust Co.
Serial Number 4001772137D4E942B8EE76AA3C640AB7
Valid  to  Key RSAPublicKey (4096 bit)
SHA1 Hash 933C6DDEE95C9C41A40F9F50493D82BE03AD87BF MD5 Hash C1E1FF07F9F688498274D1A18053EABF
SKI 79B459E67BB6E5E40173800888C81A58F6E99B6E AKI C4A7B1A47B2C71FADBE14B9075FFC41560858910

Via [Archive.is] Scott Helme on Twitter: “There are only 10 days left until the Let’s Encrypt root certificate expires and there are still questions over what the impact will be! Full details here: …” which links to the above article showing a nice graph of the current Let’s Encrtypt root certificate setup:

–jeroen

Posted in Communications Development, Development, Encryption, https, HTTPS/TLS security, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development, TCP, TLS, Web Development | Leave a Comment »

Download macOS 10.4 Mojave .dmg

Posted by jpluimers on 2021/09/24

Hopefully one of these works:

–jeroen

Posted in Apple, Mac OS X / OS X / MacOS, Power User | Leave a Comment »

Chocolatey: forcing a certain package version and pinning it at that version

Posted by jpluimers on 2021/09/23

For my future self.

Due to an issue with choco-cleaner versions [WayBack] 0.0.6 and [WayBack] 0.0.7, I needed to ensure it was installed as version [WayBack] 0.0.5.2 and keep it that version.

Not sure if this is the canonical way, but this worked:

choco uninstall --yes choco-cleaner
choco install --yes choco-cleaner --version 0.0.5.2
choco pin add --name=choco-cleaner --version 0.0.5.2
choco pin list

This worked to revert:

choco pin remove --name=choco-cleaner
choco pin list
choco upgrade --yes choco-cleaner

Aftere this upgrade, choco-cleaner version 0.0.7.1 shows a nice error message when the environment variable %ChocolateyToolsLocation% fails to exist.

In that case calling RefreshEnv.cmd will create that environment variable.

Related:

–jeroen

Read the rest of this entry »

Posted in .NET, Chocolatey, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows | Leave a Comment »

Twitter thread by thread by @0xdade; More unicode shit: zero width space and a zero width nonjoiner in filenames

Posted by jpluimers on 2021/09/22

[WayBack] Thread by @0xdade: Today I learned that you can put zero width spaces in file names on Linux. Have fun. I’m playing with this because punycode/IDN is fascinati…

Today I learned that you can put zero width spaces in file names on Linux. Have fun.

I’m playing with this because punycode/IDN is fascinating, and I wanted to know what happened when I started shoving unicode in the path portion of the url, which isn’t part of how browsers try to protect URLs, as far as I can tell

wiki.mozilla.org/IDN_Display_Al…

I think it’s more entertaining to have a file that is named *only* a zero width space, but I think using them throughout a filename is better to break tab completion and not stand out too much. A filename that is just blank looks strange in ls output.
Thank goodness adduser is looking out for our best interests.
Oooh this one is pretty subtle.
Just about pissed myself with this one.

Not related to the terminal fun, but related to zero width characters:

You can:
– Break url previews https://0xda​​​​​​.​de
– @​0xdade without tagging
– Make a word like system​d not searchable twitter.com/search?q=from%…

Okay but back to command line crap. I really like this one. Create a directory named .[ZWS]

One thing that is cool about using zero width spaces is that “ls” has a flag, “-b”, that is meant to escape non-graphic characters. Inserting a newline, for instance, would be escaped to \n. But the zero width space is technically a graphic character, so nothing happens.

Fun.

Have no fear, though. It’s not unbeatable. It’s only fun if the language and LC settings are set to support utf-8. If you set LC_ALL=C or whatever that isn’t utf-8, then it looks like this.

Putting a link to this tweet here so that I don’t lose it again in the future.

dade@0xdade
Replying to @0xdade @munin

My god, it is beautiful. I mean except all the whitespace I can’t get rid of before the command lmao.

View image on Twitter

19

Twitter Ads info and privacy
But on the other hand if you just have a search for the zws, then whatever you find is probably worth investigating. 
I guess I’ll start the hashtag before @QW5kcmV3 does for #irresponsibleutf8 🤭😏😂 

And these tweets:

[WayBack] Thread by @Plazmaz: @0xdade Was doing some real fucking around with urls recently: gist.github.com/Plazmaz/565a5c… (was gonna flesh it out more but didn’t find…:

mentions Was doing some real fucking around with urls recently:

(was gonna flesh it out more but didn’t find the time) 

mentions This one is my fave:
‘⁄’ (\u2044)
or
‘∕’ (\u2215)
Allow for this:
google.com⁄search⁄query⁄.example.com
google.com⁄search⁄query⁄@example.com 

[WayBack] url-screwiness.md · GitHub:

This is a list of methods for messing with urls. These are often useful for bypassing filters, SSRF, or creating convincing links that are difficult to differentiate from legitimate urls.

And a bit of documentation links:

–jeroen

 

Posted in *nix, .NET, C#, Development, NTFS, Power User, Python, Scripting, Software Development, Windows | Leave a Comment »

“This does not compute”: Mac SE/30 repair

Posted by jpluimers on 2021/09/21

A while ago, This does not compute had a few nice videos on a Mac SE/30 and it’s repair, including the recap process of replacing the electrolytic capacitors (or condensators in some other languages), and cleaning the board (some wash it with hot water and soap, others with isopropyl-alcohol, often called rubbing alcohol).

Note the simasimac can have many causes: bad capacitors in main board are the most common, but it can also be bad memory.

White lithium grease can make the floppy work again (see also [WayBack] Lithium soap – Wikipedia and [WayBack] Grease (lubricant) – Wikipedia).

He also added some links to which I added some quotes and WayBack links:

Notes

Desolder can be tricky, especially for surface mount. This helps:

  • Add some fresh 60/40 solder to the joints with a solder gun (as modern solder is lead free, whereas past solder contained lead)
  • Carefully heat up the component and surrounding area with a heat-gun

Choosing capacitors:

Soldering: always add some fresh solder on the pads before soldering surface mount (SMD) capacitors.

–jeroen

Read the rest of this entry »

Posted in 68k, Apple, Classic Macintosh, Development, Hardware Development, History, Macintosh SE/30, Power User, Soldering | Leave a Comment »

Unix and NTFS file systems, hardlinks, inodes, files, directories, dot directories, bugs and implementation details

Posted by jpluimers on 2021/09/21

Lots of interesting tidbits on unix and NTFS file systems.

If you want to blow up your tooling, try creating a recursive hardlink…, which is likely one of the reasons that nx file systems do not support them.

Covered and related topics:

Read the rest of this entry »

Posted in *nix, Development, File-Systems, History, NTFS, Power User, Software Development, Windows, Windows Development | Leave a Comment »

The spookback localghost address to resolve 👻 

Posted by jpluimers on 2021/09/21

“Spooky dev environment hack: add 127.0.0.1 xn--9q8h to /etc/hosts and then all your dev servers can be accessed at http://👻 It’s localghost!”

Via:

–jeroen

Posted in Communications Development, Development, HTTP, Internet protocol suite, Power User, Software Development, TCP | Leave a Comment »

Reggefiber NTU: convert blind cap to become pure fiber, so no ethernet media converter is needed

Posted by jpluimers on 2021/09/20

Some links:

Edit 20210922: added the below Twitter thread, added searches for the now unavailable videos

[Archive.is] Joel Haasnoot on Twitter: “Freedom laat je alles zelf doen zonder monteur, maar risico als het stuk gaat is 2000-6000 euro om nieuwe splice te doen. Maar er zijn dus ook geen filmpjes oid :)… “

Joel Haasnoot‏ @webguy· Sep 20

Ik moest mij hier een paar maanden gelden hier induiken, maar enigszins bizar hoe weinig documentatie of Google-baar spul is. Er wordt vanuit gegaan dat sysadmins dit maar leren…
Jeroen Wiert Pluimers‏ @jpluimers· Sep 20

Inderdaad. Helaas is het youtube filmpje inmiddels private. Wat heb jij uiteindelijk gedaan?
Joel Haasnoot‏ @webguy· Sep 21

Paar problemen, deels omdat ik een van de eerste 128 oid was bij Freedom en er geen verhuisproces was. Had eerst een patchcover nodig voor nieuwe TK-01 (https://www.kpnwebshop.com/modems-routers/producten/patchcover-kit-ftu-tk01/2 …) en daar zat geen patchkabel bij (geen NTU nodig bij Freedom), want dat was opeens een SC ipv LC eind.
Joel Haasnoot‏ @webguy· Sep 21

Uiteindelijk had KPNNetwerkNL 4 weken nodig om licht op de lijn te krijgen… Ik heb nu nog een patchkabel + optics liggen voor Mikrotik router, maar vooor nu nog maar even via router.
Replying to @webguy @jpluimers
Freedom laat je alles zelf doen zonder monteur, maar risico als het stuk gaat is 2000-6000 euro om nieuwe splice te doen. Maar er zijn dus ook geen filmpjes oid :)

Videos:

–jeroen

Read the rest of this entry »

Posted in fiber, Internet, Power User | Leave a Comment »

Low cost remote IP KVM and control, is it possible?

Posted by jpluimers on 2021/09/20

A long time ago, I bought one [Wayback/Archive.is] SpiderDuo Local and Remote KVM Over IP | Lantronix, which – without power control unit – was already some USD 400 (while writing this in fall 2021, the price has increased to almost USD 600 [Archive.is]).

1PORT Local + Remote USB Securelinx Spiderduo KVM Over IP : Electronics - Amazon.com

It was about the only “affordable” remote KVM over IPv4 available and by now has a big drawback: it’s based on Java in the browser, which is a pain in the ass to keep working.

So I went looking for alternatives and found only two reasonable ones:

I will likely go for the Pi-KVM ; it’s on kickstarter right now

Not only that, but I found a few comparisons favouring PiKVM:

I found the Pi-KVM via [Archive.is] Solar Designer on Twitter: “PiKVM v3 HAT, “Raspberry Pi based open-source KVM over IP” by @mdevaev, is now funded on Kickstarter “

At USD 145 or less on kickstarter (excluding a Raspberry Pi 4 or power brick, so add some USD 50 for those), it is way cheaper than the SpiderDuo above which I bought some 5 years ago.

The kickstarter closes in about a week from now, so if you consider one: don’t be late! [Wayback/Archive.is] PiKVM v3 HAT by Maxim Devaev — Kickstarter shows what you get:

  • The PiKVM v3 HAT board for Raspberry Pi 4
  • USB-C bridge board – to connect the HAT with Pi over USB-C
  • ATX controller adapter board and wiring – to connect the HAT to the motherboard (if you want to manage power supply through hardware)
  • 2 flat CSI cables
  • Screws and brass standoffs

You will also need:

  • Raspberry Pi 4 with 2Gb RAM or more
  • MicroSD card
  • USB-C to USB-A cable
  • HDMI cable
  • Straight Ethernet cable (for the ATX expansion board connection)
  • Power supply unit (5.1V 3A USB-C, recommended by the Raspberry Pi)

You can use our free 3D printing case design to build a beautiful complete unit or wait a bit for the official PiKVM metal case we are working on!

–jeroen

Read the rest of this entry »

Posted in Hardware, KVM keyboard/video/mouse, Power User | Leave a Comment »

« Previous Entries
Next Entries »