I purchased the ThinkPad X1 Carbon (6th Gen) laptop about a month ago and have been loving it. My friend Mike convinced me to get it after showing me how nice his was and how well Linux ran on it. I hadn’t run Linux on a laptop or a desktop since around 2010, as I had switched over to almost exclusively OS X.

I installed Manjaro when I got the laptop and used it for a couple of weeks just to get used to Linux again (and the i3 Window Manager). However, this was also my first experience with systemd, and, after using it for a bit, I really wanted something a whole lot simpler. Something that was designed to be lean, easy to understand, and easy to manage.

Enter Void Linux.

</img>

To install Void Linux, I basically copied the steps in this wiki page:

https://wiki.voidlinux.eu/Manual_install_w/full_disk_encryption

with the modifications at the bottom for EFI/UEFI machines.

Read More...

https://www.youtube.com/watch?v=oY33uoBSw3w

TempleOS is an engineering marvel and Terry A. Davis was an inspiration to a lot of people out there including myself. I made this cover as a way to honor him and his legacy and provide support for anybody out there who is dealing with this tragic loss.

This hymn is one of my personal favorites. It is commonly used as the introduction song for most videos by Terry about TempleOS - albeit it in a more MIDI like sound played directly by the PC speaker.

I made a more upbeat version of this song last year, though it wasn’t personally enjoyed by Terry himself.

https://www.youtube.com/watch?v=IdYMA6hY_74

RIP Terry

Around five years ago I started looking into different ways to block ads and trackers in the most effective way on my computers. I discovered this hosts list on someonewhocares.org and even wrote a script to automate the process of downloading, verifying, and installing the list on my machines.

https://github.com/bahamas10/someonewhocares

I recently got back into it when I was setting up Encrypted DNS with dnsmasq and dnscrypt-proxy on SmartOS using OpenNIC. I stumbled across the Pi-hole project and really liked it, however I didn’t want to run a raspberry pi in my house as part of any critical infrastructure. Instead, I took the essence of that project and found a compiled blocklist to use with my existing dnsmasq setup to block these sites at the DNS level.

notracking

I found notracking/hosts-blocklists which is an automatically updating block list compiled from multiple sources compatible with dnsmasq. I created my own set of scripts to download the latest blocklists from GitHub, verify them, and install them for use with dnsmasq, and finally restart dnsmasq so it picks up the changes.

https://github.com/bahamas10/notracking

I installed this on my nameserver zones with:

Read More...

The nginx server that hosts this website can now return your current IP address if you hit the url /ip.

https://www.daveeddy.com/ip

I have an alias in my bashrc to quickly use this to get my current external IP.

$ type externalip
externalip is aliased to `curl -sS https://www.daveeddy.com/ip'
$ externalip
1.2.3.4

To set this up, I modified my nginx config to add a location section for /ip

I basically ripped off this stackoverflow post but modified it to only match the single URL.

location =/ip {
        default_type text/plain;
        return 200 "$remote_addr\n";
}

location / {
        root /var/www/daveeddy.com;
}

For the last 3 years I have been using djbdns on SmartOS and it has all been working great. Recently however, I started looking into DNSSEC and DNSCrypt, which ended up leading me to the OpenNIC Project.

I decided to change my home DNS server setup to forward OpenNIC DNS servers over an encrypted channel as opposed to using OpenDNS like I did with djbdns.

To set this up, I have a zone with dnsmasq and dnscrypt-proxy running

• dnsmasq - listens globally on port 53 for incoming DNS requests, answers local domain DNS requests for my network, and forwards the rest to dnscrypt-proxy
• dnscrypt-proxy - listens locally on port 5300 for incoming DNS requests from dnsmasq and forwards them securely to an OpenNIC DNS server

Install

To start, install dnsmasq with the following command:

pkgin in dnsmasq

Installing dnscrypt-proxy requires a little bit more work as it is currently not in pkgsrc. To install it, we need to pull in some dependencies.

Read More...

At home I have a zone dedicated to running an OpenVPN server. With this I can connect to my home network securely on both my laptop and phone when I’m away.

I followed this guide for getting the zone ready to route properly for OpenVPN, and then used Easy-RSA to generate the certificates needed.

Zone Setup

To get started, make sure the zone is created with allow_ip_spoofing enabled on the NIC of the zone. I used a payload similar to this to create the vpn zone.

{
  "brand": "joyent",
  "image_uuid": "221635c4-3b85-11e8-b6ba-23f68c9bf2c4",
  "autoboot": true,
  "alias": "vpn",
  "hostname": "vpn.rapture.com",
  "dns_domain": "rapture.com",
  "resolvers": [
    "10.0.1.2",
    "10.0.1.3"
  ],
  "ram": 512,
  "nics": [
    {
      "nic_tag": "admin",
      "ip": "10.0.1.41",
      "allow_ip_spoofing": true,
      "netmask": "255.255.255.0",
      "gateway": "10.0.1.1",
      "primary": true
    }
  ]
}

Read More...

Three years ago I set up SmartOS as a Home Router which required creating a zone specifically for handling DHCP requests on my network. As part of wanting to have more visibility into my network, I wrote a program to notify me whenever a new DHCP lease was given out by the server.

https://github.com/bahamas10/node-dhcpd-notifier

Read More...

After installing Bash on Ubuntu on Windows I realized some interesting side effects related to how processes and daemons in the Unix environment are handled. Running a process in the background, or daemonizing a process, will work so long as there is a Bash session open on Windows. Once the last window is closed, all of the processes are cleaned up and killed.

I use ssh keys for authentication when connecting to remote servers which requires the use of ssh-agent. I can run this program manually and it will work so long as there is at least one bash session running on my computer, but once I close the last window the ssh-agent is killed and my keys are unloaded. I’ve found a couple guides online regarding ssh-agent and WSL specifically, but most of them assume the keys you are using are not password protected.

To remedy this situation, I managed to find a way to create a hidden terminal session that runs ssh-agent in foreground mode when I login to my computer which persists through sleeps and hibernations. This way, ssh-agent will run and stay running from the moment I login until the moment I logout (which is almost never, unless I reboot).

Read More...

Last week I made a big change in my life. In 2008, I switched off of using Windows (and even Linux) as my main Operating System for my laptop and haven’t looked back… until this year. Last week I finally made the jump and bought a Microsoft Surface Pro.

I wanted something like an iPad, but that didn’t feel like a crippled version of a computer. Instead, I wanted something that was a powerful computer that could double as a tablet (touchscreen and removable keyboard mostly).

Note: Some, if not all, of this guide may be deprecated with the release of the Windows 10 Fall Creators Update in 2017.

Read More...

If you have a Raspberry Pi on WiFi then you are probably aware of the struggles with it randomly disconnecting. If anything goes wrong with the WiFi (access point restarts, IP address changes, you look at the pi the wrong way, etc.) the WiFi will drop and never fix itself. I’ve written a script called net-dev-kick to kick the network device if a ping check fails.

https://github.com/bahamas10/net-dev-kick

There are a lot of small scripts floating around forums that do what net-dev-kick does (albeit, poorly and with a lot of assumptions) so I decided to clean it all up and make a simple yet robust program to deal with this situation.

This script attempts to ping a server that should always be up (use your router or something similar) and if it fails, it restarts the interface given as $1.

net-dev-kick is intended to be used on the raspberry pi to fix wlan0, but can theoretically be used on any machine to fix any interface. It’s best used as a cronjob that runs every 5 or so minutes.

Read More...