Category: Computer Maintenance and Repair

Posted on

Dropped Computer Warranty Work

Good Morning from my Robotics Lab! This is Shadow_8472 and today I have an update on my father’s (Leo_8472) new computer. Let’s get started!

It’s Going Back

I have throughly tested my father’s new Thelio Mira from System76: it needs to go back. There is no doubt: the shipping company dropped it, and it sustained damage. While Sonic Frontiers seemingly eventually stabilized after re-seating the graphics card (GPU), the RTX remasters of Portal and its unofficial mod, Portal Prelude, crash the system in around half an hour.

The human System76 agent we’ve been working with (I’ll call him Luke for this post) mentioned advanced replacement where we retain the original computer while waiting for the new one. Once we sign to receive delivery, we have two weeks to return the old or it goes on a provided credit card. This arrangement gave us time to swap the hard drive –an M.2 chip– as we’d spent some good time setting everything up. And since it’s a Linux machine as opposed to Windows, the operating system won’t give us any licensing flack over a different motherboard!

M.2 Exchange

The replacement system arrived with its packaging scratched, but not crushed. M.2 drives typically mount directly to the motherboard, and Leo’s system is no exception. Luckily, the its innards are arranged for access without removing the CPU heatsink and having to redo the thermal paste – though we do have to remove the GPU to get to them. There, we find four M.2 slots in a 1+3 arrangement with the 1 slot having a a fancier heatsink supposedly intended to host a primary OS drive.

The Thelio Mira has some convenience ports on the top. When the first system was dropped, these got tweaked – giving us a bad first impression; the warranty replacement lined up, leaving me with a sense of satisfaction every time we closed up the case. Where the original had a lone, damaged bracket to stabilize the GPU during shipment, the new system arrived with two square brackets secured a little tighter than before. As we had explained our plan to swap the drives to Luke, I expected no M.2 chip. Sure enough, the single chip bank was empty. Curiosity struck however, and we found one of equivalent size when we removed the larger bank’s heatsink. We swapped the chips and re-assembled the new computer.

Testing and Return

When booted, the new system gave nothing until we bypassed the video card. We unplugged everything for the I-forget-how-many-th time, opened it back up, and reseated the card. In the process, a push wing broke off the PCI slot’s retainer clip – leaving us with no easy removal of the GPU once it clicked into place. During long-term testing involving a [mostly?] blind game of Portal Prelude, we noticed that the system was significantly quieter while under load.

We kept Luke informed about the development, and he appeared confused at our request to buy the good clip off the dropped-computer motherboard. To our simultaneous request to purchase and retain the additional M.2 chip, he referred us to an online store instead of offering a price to buy the one in hand. We went ahead and extracted the good clip. Leo used a wooden chopstick to interface with the damaged clip when extracting the good GPU. As “beautiful” as the unused M.2 drive was, we installed it in the dropped computer when reassembling the machines, printed off a shipping label, and packaged the dropped computer in its original, dropped box. As a good customer, I planned to include the unused power cord, but we couldn’t find it. I extracted the original System76 cord from use at Leo’s workstation and replaced it from our sock. It should be in the mail by this afternoon.

Takeaway

System76 takes customer support seriously. Luke (not his provided first or last name) worked to turn our poor initial impressions around where a support chatbot would have worked toward cementing us against future computers from them. I in turn could play an active role in diagnostics – presumably skipping some early portions of his script. Perhaps catering towards Linux attracts more tech savvy customers, meaning fewer cases where a bot would be helpful.

Regarding the computer case: it’s a little more tedious to open than I like when working on computers, but we got faster each time. The custom cut rocket graphics are fun, but the most I saw of them were the PCI expansion bay covers I usually found tricky to re-install. I don’t like dealing with the case, but it was miles better than shipping it back and forth and having to wipe its data.

Final Question

Leo and I have been maintaining separate accounts, and I believe this has given me a better intuition about normal users vs. using sudo. Have you ever meaningfully shared a Linux machine?

Posted on

Maintenance: Pacman and Power Supply

Good Morning from my Robotics Lab! This is Shadow_8472 and today I am working on my Upstairs Workstaion. Let’s get started!

Twin Issues Both Alike in Annoyance

Over Black Friday this last November, I picked up a time travel sandbox game called No Time where our main character takes his totally-not-a-DeLorian with a totally-not-a-flux-capacitor on a journey through the history of Pine Island. My Upstairs Workstation struggled to keep up with rendering time portals when I drive [or fly] fast enough, but I made it through the main story [to date] without issue. Fun game, I can recommend it.

While hunting down a few more Steam achievements –however– I started getting sudden power cutoffs followed by the motherboard booting to an warning after a few seconds. It explained how an anti-surge mechanism tripped from a potentially faulty Power Supply Unit (PSU). I dusted it, and the problem went away for a couple weeks, but now it’s back.

While I have at least a couple projects I’ve actively worked on this week, it’s always bad news and top priority when the package manager breaks. I ignored the first issues over Mickey’s Public Domain Day release celebration post, but the second would otherwise get priority 1.

Pacman PGP Key Lockout

I want to install a power diagnostic tool for the PSU, but can’t with Pacman crippled. It took a couple sessions on different days, but I circled back around to a near-perfect description of my problem (but with a different list of keys), which you can read about on the EndeavourOS community forum. Link in Works Cited section [1]. I suspected at first that the keys expired over New Year’s – including one important to re-installing the keyring system, but I’m not curious or annoyed enough yet to find out for sure.

The solution that worked for me was found in a linked FAQ on another thread on the same forum: basically move Pacman’s keys to a backup in root’s home directory and follow a few steps for repopulating them.

Motherboard Crash

Having repaired Pacman, I installed Powertop, but couldn’t figure it out on my own. When I looked it up, I just got more confused. One source even recommended using some other laptop battery utility instead.

My suspect PSU is 650 Watts. Derpy has a PSU rated at 1,000 Watts, so an initial plan was to move that one over, but I also have a 500 Watt PSU that shipped with my sister’s computer, but wasn’t good enough for her system. The big power draws are CPU and GPU. My father and I looked up the ones I’m using, and they totaled in the 300 Watt range, so we installed my sister’s old supply.

A power supply transplant is the single most invasive procedure without needing to change thermal paste. Given the motherboard geometry with the heat sync towering over the CPU, the CPU power connector is tightly wedged into the corner of the case. I used a pair of needle nose pliers to extract it. Installing the new CPU power cord was even more of a hassle. The power cord barely reached as it was and the replacement PSU is a fraction of an inch shorter. Consequently, it took a shortcut across the top of the RAM on its way to the case’s cable management area.

While the PSU was out though, we took the opportunity to re-attach a plastic foot. Originally, it snapped into place, but we installed a screw/washer/nut to match another foot which had similarly undergone repair. At some point, I’d like to get a PSU tester to see what exactly it’s doing that trips my motherboard’s protection.

The new PSU solved the problem. Otherwise, I suspected we’d be looking at a dying graphics card or the possibility of the UPS (Uninterruptible Power Supply) giving an unstable voltage. Worst of all would have been the motherboard frying. All that was left was to refresh some encryption keys from Caddy, as I got that working again, but I still don’t have it fully figured out.

Takeaway

I’m thankful I had that spare part around. Otherwise, I’d be down a machine. In any case, I’ve already got a my month lined up. Hopefully we don’t get any more priority 1 side projects until those are cleared out.

Final Question

What side topics could you get excited about this year?

I look forward to discussing them in the comments below or on my Socials!

Work Cited

[1] points, et. al, “Cannot update due to key errors,” endeavouros.com, Feb. 14, 2023. [Online]. Available:https://forum.endeavouros.com/t/cannot-update-due-to-key-errors/37286 [Accessed Jan. 8, 2024].

Posted on

Commissioning my Father’s New Computer


Good Morning from my Robotics Lab! This is Shadow_8472 and today my father (Leo_8472) and I are diagnosing, fixing, and commissioning the new Thelio Mira we ordered from System76. If you haven’t yet, be sure to read last week’s post where we unboxed it. Let’s get started!

Continuing on from last week where Leo and I verified receipt of the purchased hardware and started customizing KDE (desktop environment), I made my own account and began stress testing it with an old? benchmarking program called GLmark2. At no point did I hear any fans straining to keep components cool when running this test, but my first time running it, the whole system destabilized spectacularly. Effects included a hue shift and massive color depth reduction – followed by a constellation, of glitch rectangles poking through from a terminal session – and finally a seemingly irrelevant section of system log with purple (and later sometimes green) glitch lines in front of them. The system responded to system requests (alt+print screen+<command key>), so I got well acquainted with using them to reboot.

Included with the purchase is a 1 year warranty, but it cost me a day waiting for my father’s administrative assistance, which turned into the motif of the whole week. In the meantime, I ran an additional battery of tests. I ran MemTest86+ and passed the RAM. I demonstrated the crash happened while using both X and Wayland variations on the official PopOS desktop environment, but not while booted to a live session of Bodhi Linux. We had a crash while using FreeTube, and sometimes it would crash while idling.

It took a couple days, but Leo and I got in touch with tech support from System76. He talked us through reinstalling the NVIDIA driver. Initial tests were promising with the system idling for hours on end, but when I powered through Steam’s confirmation e-mail dance (see Takeaway section below) to install Sonic Frontiers, a game I’ve been looking to play, Steam downloaded it at around 94 mbps; we have gigabit service. Furthermore, it knocked out DNS service to the house. We identified the issue by pausing the download, but figured it could be solved later.

When I finally did start the game, I had some black screen issues with Proton, but after around 10 minutes of total game time, hopes were dashed with a slightly less colorful crash sequence. I showed initiative exploring the problem while waiting for daily support tag and found a Portal [1] mod with RTX that crashed it in 30 seconds. Somewhere in there, I enabled SSH it was only the graphical shell crashing.

One day, I sent the whole system log, and we confirmed the issue was with the NVIDIA card. Talks were had of possibly needing a return label, but we offered to try re-seating the card just in case it was a poor connection. While talking with support, we’d learned from the manual how at least one part of the business inside the case I was intimidated by last week was a brace for the graphics card only needed for shipping. While re-seating the card, we found some white paint transferred from the card to the brace; this matched a crushed edge on the shipping box: someone along the way dropped our box clearly marked fragile.

Fortunately for both us and System76, re-seating the card appears to have fixed the system. I about went straight for the RTX enabled Portal mod, and for the moment, we’re calling it good. The computer has been pushed into service.

As for the bad download speed: our first fear was a bad switch. It would have explained both the slow download speed as well as the choked DNS. Turns out it was a bad Cat 6 cable, and the DNS remains a mystery I lack the incentive to definitively solve at this time. My father pulled out his pocket knife and invited me to cut off the bad cord’s tips – only then did I realize it would have been interesting to run it past our conductivity tester. Oh well.

Takeaway

While attempting to make Steam happy with the new computer, I needed a confirmation e-mail. My e-mail wanted a password change, properly taking care of which would have required time working on Vaultwarden on ButtonMash, which I’ve mindfully laid aside as much as reasonably possible this December.

I had to make an effort to stay on task so I could finish the project at hand instead of doing all kinds of tech demonstrations as is my custom.

Final Question

Have you ever benchmarked/stress-tested a modern graphics card? What open source solutions have you used?

Posted on

Unboxing: System76 Thelio Mira

Good Morning from my Robotics Lab! This is Shadow_8472 with a side project of the week. Let’s get started!

Some weeks ago, I helped my father, Leo_8472, spec up a Thelio Mira from System76, and it arrived this weekend. The first thing we did after unboxing yesterday (as of posting) was open it up and look inside the case. While everything appeared to be there, the system is very self-aware when it comes to airflow – having a dedicated duct from the side to the back for the CPU and an all around crowded feel inside the case. If you’re considering one of their systems, I’d recommend not opting to assemble your first one yourself.

We became concerned when the graphics card appeared to be the later-released budget variation on the NVIDIA RTX 4070 Ti one we thought we ordered. Leo found his receipt listing parts we remembered, and we set it up by my server stack for initial setup and taking inventory.

It shipped with PopOS installed – on a recovery partition with self-contained installation media. The installer appeared normal, but it skipped over/I didn’t notice it asking for installation drive, time zone, or host name – the later two of which we provided later.

When we ordered, Leo was very interested in Bluetooth, but I couldn’t find it. One of the first things he did after logging in after initial updates was find and test it. I installed SuperTuxKart to test it with his hands-free headset. He even beat a few races.

Other stuff we loaded up: Firefox data from Mint (4 tries to get right), FreeTube, Discord. I installed KDE as a desktop environment for when I need to use the computer, and chose SDDM for a login manager, and we had fun picking out themes. We found this black hole login splash screen I hacked to display mm/dd/yyyy instead of its default dd/mm/yyyy.

Over this process, we verified hardware with a few commands: lsblk (hard drive size), lspci (GPU, failed), free (RAM size), neofetch (installed special, wasn’t insightful towards GPU). Eventually, we confirmed the correct graphics card from within KDE’s System Settings>About this System.

Unfortunately, the system destabilized before we finished moving in. Leo documented the failure and we contacted support. I further noted that it still failed colorfully under the default “Pop” theme.

To do: copy over MultiMC, enable SSH, NFS mounts/automounts.

Takeaway

Even though it wasn’t immediately plug and play, I’m thankful for the time I’m spending with my father working on this system.

Final Question

Have you ever bought a system designed for Linux?

Posted on

My First Computer “Rack”

Good Morning from my Robotics Lab! This is Shadow_8472 with a side project of the week. Let’s get started!

So far, I’ve been assembling my servers (ButtonMash, RedLaptop, and GoldenOakLibry) on and under a foldable table. Add a workstation, and it’s getting a bit cluttered. We’ve had a set of glass shelves going unused for a while now, and I think they might do nicely to organize the servers’ room.

I started by measuring ButtonMash’s case against the shelves’ metal frame. While it was close, I estimated an inch vertical clearance once the shelves were in place. Otherwise, the tentative plan was to remove a shelf. My father and I moved the shelves in and loaded them and the setup’s UPS (Uninterruptible Power Supply). Wiring was relatively straightforward with the traditional wire Medusa in the back, but out from underfoot.

Unfortunately, I left ButtonMash in a precarious state such that a reboot before moving it knocked out my known house of cards supporting PiHole and Unbound. What I didn’t realize was that I never got Caddy working on that machine in the first place. In trying to fix Caddy, I wiped the containers I actually the whole house was using for DNS. As a patch, I pointed the router back at our normal DNS servers.

While I’m trying to avoid server work this month, I went ahead and looked up how to change my specific DNS settings temporarily to restart my DNS containers. From there, I did not encounter any notable issues, though I wasn’t up to testing the removal of my patch.

Takeaway

I have a rack. That’s my story and I’m sticking to it.

Final Question

How do you organize your tech stack?

Posted on

Rocky Server Stack Deep Dive: 2023 Part 2

MAJOR progress! This week, I’ve finally cracked a snag that’s been holding me for two years. Read on as I start a deep dive into my Linux server stack.

Good Morning from my Robotics Lab! This is Shadow_8472 and today I am continuing renovations on my home server, ButtonMash. Let’s get started!

The daily progress reports system worked out decently well for me last week, so I’ll keep with it for this series.

Caddy is an all-in-one piece of software for servers. My primary goal this week is to get it listening on port 44300 (the HTTPS port multiplied by 100 to get it out of privileged range) and forwarding vaultwarden.buttonmash.lan and bitwarden.buttonmash.lan to a port Vaultwarden, a Bitwarden client I use, is listening on over Buttonmash’s loopback (internal) network.

Tuesday Afternoon

From my Upstairs Workstation running EndeavourOS, I started off with a system upgrade and reboot while my workspace was clean. From last week, I remember Vaultwarden was already rigged to have port 44300, but straight away, I remembered its preferred configuration is HTTP coming into the container, so I’ll be sending it to 8000 instead.

My first step was to stop the systemd service I’d set up for it and start a container without the extra Podman volume and ROCKET arguments needed to manage its own HTTPS encryption. Getting my test install of Caddy going was more tricky. I tried to explicitly disable its web server, but figured it was too much trouble for a mere test, so I moved on to working with containers.

While trying to spin up a Caddy container alongside Pi-Hole, I ran into something called rootlessport hogging port 8000. I ran updates and rebooted the server. And then I realized I was trying to put both Caddy and Vaultwarden on the same port! I got the two running at the same time and arrived on Caddy’s slanted welcome page both with IP and via Pi-Hole-served domain_name:port_number.

Subdomains are my next target. I mounted a simple Caddyfile pointing to Vaultwarden and got stuck for a while researching how I was going to forward ports 80 and 443 to 8000 and 44300, respectively. Long story short, I examined an old command I used to forward DNS traffic to Pi-Hole and after a much background research about other communication protocols, I decided to forward just TCP and UDP. I left myself a note in my administration home directory.

DNS: Domain Name System – Finds IP address for URL’s.

sudo firewall-cmd –zone=public –add-forward-port=port=8000:proto=tcp:toport=8000 –permanent
sudo firewall-cmd –zone=public –add-forward-port=port=8000:proto=udp:toport=8000 –permanent
sudo firewall-cmd –zone=public –add-forward-port=port=44300:proto=tcp:toport=44300 –permanent
sudo firewall-cmd –zone=public –add-forward-port=port=44300:proto=udp:toport=44300 –permanent

I still don’t get a reply from vaultwarden.buttonmash.lan. I tried nslookup, my new favorite tool for diagnosing DNS, but from observing Caddy’s cluttered logs, I spotted it rejecting my domain name because it couldn’t authenticate it publically. I found a “directive” to add to my declaration of reverse proxy to use internal encryption.

But I still couldn’t reach anything of interest – because reverse-proxied traffic was just bouncing around inside the Caddy container! The easy solution –I think– would be to stack everything into the same pod. I still want to try keeping everything in separate containers though. Another easy solution would be to set the network mode to “host,” which comes with security concerns, but would work in-line with what I expected starting out. However, Podman comes with its own virtual network I can hook into instead of lobbing everything onto the host’s localhost as I have been doing. Learning this network will be my goal for tonight’s session.

Tuesday Night

The basic idea behind using a Podman network is to let your containers and pods communicate. While containers in a pod communicate as if over localhost, containers and pods using a Podman network communicate as if on a Local Area Network down to ip address ranges.

My big question was if this was across users, but I couldn’t find anyone saying one way or the other. Eventually, I worked out a control test. Adding the default Podman network, “podman,” to the relevant start scripts, I used ip a where available to find containers’ ip addresses.Pi-Hole then used curl to grab a “Hello World!” hosted by Caddy on the same user. I then curled the same ip:port from Vaultwarden’s container and failed to connect. This locked-down behavior is expected from a security point of view.

On this slight downer, I’m going to call it a night. My goal for tomorrow is to explore additional options and settle on one even if I don’t start until the day after. In the rough order of easy to difficult (and loosely the inverse of my favorites), I have:

  1. Run Caddy without a container.
  2. Run Caddy’s container rootfully.
  3. Run Caddy’s container in network mode host.
  4. Move all containers into a single user.
  5. Perform more firewalld magic. (Possibly a flawed concept)
  6. (Daydreaming!!) Root creates a network all users can communicate across.

Whatever I do, I’ll have to weigh factors like security and the difficulty of maintenance. I want to minimize the need for using root, but I also want to keep the separate accounts for separate services in case someone breaks out of a container. At the same time, I need to ask if making these connections will negate any benefit for separating them across accounts to begin with. I don’t know.

Wednesday Afternoon

I spent the whole thing composing a help request.

Wednesday Night

The names I am after for higher-power networking of Podman containers are Netavark and Aardvark. Between 2018 and around February 2022 it would have been Slirp4netns and its plethora of plugins. Here approaching the end of 2023, that leaves a8 and onword is an outright betrayal round four years worth of obsolete tutorials to not quite two years with the current information – and that’s assuming everyone switched the moment the new standard was released, which is an optimistic assumption to say the least. In either case, I should be zeroing in on my search.

Most discouraging are how most of my search results involving Netavark and Aardvark end up pointing back to the Red Hat article announcing their introduction for fresh installs in Podman 4.0.

My goal for tomorrow is to make contact with someone who can point me in the right direction. Other than that, I’m considering moving all my containers to Nextcloud’s account or creating a new one for everything to share. It’s been a while since I’ve been this desperate for an answer. I’d even settle for a “Sorry, but it doesn’t work that way!”

Thursday Morning

Overnight I got a “This is not possible, podman is designed to fully isolate users from each that includes networking,” on Podman’s GitHub from Lupa99, one of the project maintainers [1].

Thursday Afternoon

Per Tuesday Night’s entry, I have multiple known solutions to my problem. While I’d love an extended discourse about which option would be optimal from a security standpoint in a production environment, I need to remember I am running a homelab. No one will be losing millions of dollars over a few days of downtime. It is time to stop the intensive researching and start doing.

I settled on consolidating my containers into one user. The logical choice was Pi-Hole: the home directory was relatively clean, I’d only need to migrate Vaultwarden. I created base directories for each service noting how I will need to make my own containers some day for things like games servers. For now, Pi-Hole, Caddy, and Vaultwarden are my goals.

Just before supper, I migrated my existing Pi-Hole from hard-mounted directories to Podman volumes using Pi-Hole’s Settings>Teleporter>Backup feature.

Thursday Night

My tinkerings with Pi-Hole were not unnoticed. At family worship I had a couple family members reporting some ads slipping through. At the moment, I’m stumped. If need be, I can remigrate by copying the old instance with a temporary container and both places mounted. My working assumption though is that it’s normal cat and mouse shenanigans with blocklists just needing to update.

It’s been about an hour, and I just learned that any-subdomain.buttonmash.lan and buttonmash.lan are two very different things. Every subdomain I plan to use on ButtonMash needs to be specified on PiHole as well as Caddy. With subtest.buttonmash.lan pointed at Caddy and the same subdomain pointed at my port 2019 Hello World!, I get a new error message. It looks like port 80 might be having some trouble getting to Caddy…

$ sudo firewall-cmd –list-all

forward-ports:
port=53:proto=udp:toport=5300:toaddr=

That would be only Pi-Hole’s port forward. Looking at that note I left myself Tuesday, and I can see I forwarded ports 8000 and 44300 into themselves! The error even ended up in the section above. Here’s the revised version:

sudo firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8000 --permanent
sudo firewall-cmd --zone=public --add-forward-port=port=80:proto=udp:toport=8000 --permanent
sudo firewall-cmd --zone=public --add-forward-port=port=443:proto=tcp:toport=44300 --permanent
sudo firewall-cmd --zone=public --add-forward-port=port=443:proto=udp:toport=44300 --permanent

I also removed Tuesday’s flubs, but none of these changes showed up until I used

sudo firewall-cmd --reload

And so, with Pi-Hole forwarding subdomains individually and the firewall actually forwarding the HTTP and HTTPS ports (never mind that incoming UDP is still blocked for now), I went to https://vaultwarden.buttonmash.lan and was greeted with Firefox screaming at me, “Warning: Potential Security Risk Ahead” as expected. I’ll call that a good stopping point for the day.

My goal for tomorrow is to finish configuring my subdomains and extract the keys my devices need to trust Caddy’s root authority. It would also be good to either diagnose my Pi-Hole migration or re-migrate it a bit more aggressively.

Friday Afternoon

To go any farther on, I need to extract Caddy’s root Certificate Authority (CA) certificate and install it into the trust store of each device I expect to access the services I’m setting up. I’m shaky on my confidence here, but there are two layers of certificates: root and intermediate. The root key is kept secret, and is used to generate intermediate certificates. Intermediate keys are issued to websites to be used for encryption when communicating with clients. Clients can then use the root certificate to verify that a site’s intermediate certificate is made from an intermediate key generated from the CA’s root key. Please no one quote me on this – it’s only a good-faith effort to understand a very convoluted ritual our computers play to know who to trust.

For containerized Caddy installations, this file can be found at:

/data/caddy/pki/authorities/local/root.crt

This leads me to the trust command. Out of curiosity, I ran trust list on my workstation and lost count around 95, but I estimate between 120 and 150. To tell Linux to trust my CA, I entered:

trust anchor <path-to-.crt-file>

And then Firefox gave me a new warning: “The page isn’t redirecting properly,” suggesting an issue with cookies. I just had to correct some mismatched ip addresses. Now, after a couple years of working toward this goal, I finally have that HTTPS padlock. I’m going to call it a day for Sabbath.

My goal for Saturday night and/or Sunday is to clean things up a bit:

  • Establish trust on the rest of the home’s devices.
  • Finish Vaultwarden migration
  • Reverse Proxy my webUI’s to go through Caddy: GoldenOakLibry, PiHole, Cockpit (both ButtonMash and RedLaptop)
  • Configure Caddy so I can access its admin page as needed.
  • Remove -p ####:## bound ports from containers and make them go through Caddy. (NOT COCKPIT UNTIL AVAILABLE FROM REDUNDANT SERVER!!!)
  • Close up unneeded holes in the firewall.
  • Remove unneeded files I generated along the way.
  • Configure GoldenOakLibry to only accept connections through Caddy. Ideally, it would only accept proxied connections from ButtonMash or RedLaptop.
  • Turn my containers into systemd services and leave notes on how to update those services
  • Set up a mirrored Pi-Hole and Caddy on RedLaptop

Saturday Night

Wow. What was I thinking? I could spend a month in and of itself chewing on that list, and I don’t see myself as having the focus to follow through with everything. As it was, it took me a good half hour to just come up with the list.

Sunday

I didn’t get nearly as much done as I envisioned over the weekend because of a mental crash.

Nevertheless, I did do a little additional research. Where EndeavourOS was immediately recipient to the root certificate such that Firefox displayed an HTTPS padlock, the process remains incomplete from where I tried it on PopOS today. I followed the straightforward instructions found for Debian family systems on Arch Wiki, but when I tell it to update-ca-certificates, it claims to have added something no matter how many times I repeat the command without any of the numbers actually changing. I’ve reached out for help.

Monday Morning

I’ve verified that my certificate shows up in /etc/ssl/certs/ca-certificates.crt. This appears to be an issue with Firefox and KDE’s default browser on Debian-based systems. I’ll decide another week if I want to install the certificate directly to Firefox or if I want to explore the Firefox-Debian thing further.

Takeaway

Thinking back on this week, I am again reminded of the importance of leaving notes about how to maintain your system. Even the fog:head AM brain is better able to jot down a relevant URL that made everything clear where the same page may be difficult to re-locate in half a year.

My goal for next week is to develop Nextcloud further, though I’ll keep in mind the other list items from Friday.

Final Question

What do you think of my order of my list from Friday? Did I miss something obvious? Am I making it needlessly overcomplicated?

Let me know in the comments below or on my Socials!

Works Cited

[1] Shadow_8472, Luap99, “How Do I Network Rootless Containers Between Users? #20408,” github.com, Oct. 19, 2023. [Online]. https://github.com/containers/podman/discussions/20408. [Accessed Oct 23, 2023].

[2]. Arch Wiki, “User:Grawity/Adding a trusted CA certificate,” archlinux.org, Oct. 6 2022 (last edited), [Online]. https://wiki.archlinux.org/title/User:Grawity/Adding_a_trusted_CA_certificate#System-wide_–_Debian,_Ubuntu_(update-ca-certificates). [Accessed Oct 23, 2023].

Posted on

What I do with Trash Computers

Good Morning from my Robotics Lab! This is Shadow_8472 and today I am exploring a computer my father found. Let’s get started!

Taking Inventory

While attending a work bee at my church’s school, my father was throwing something away in the dumpster when he noticed an old computer with the hard drive still inside. He took it home for me to look at with the stipulation that I’d need to be sending it along within a week.

The computer in question didn’t promise much on the outside by today’s standards. 1GB of memory. 250GB storage. OEM sticker for Windows XP Media Center Edition 2005. Least promising of all was the sunken power socket. Two disk drives are present – one a LightScribe CD burner and the other a DVD reader. It has no interesting PCI expansion cards. The front panel is two plastic clips from falling off out of an original six to hold it on and is covered in several unsightly stickers. The rest of the case has some scratches, but the side panel opens (and closes) beautifully.

Powering Up

The first thing when working with an unknown system is to try booting it. My first instinct was to locate and install a backup power supply – no-thank-you Dell for the non-standard connections in our stockpile.

A previous project of mine left a free power supply. I confirmed its compatibility (only difference being 600Watt vs 300Watt), swapped it out, screwed it in, and connected it up to all the components – until I got to the dedicated CPU power socket. The old motherboard adheres to a standard with 2×2 pins, and the new standard is 2×3. While the socket itself might fit in terms of power and shape of pins, a stray capacitor blocked this approach.

As noted before, the original power supply’s socket was sunken. Its plastic “screw wings” are broken and there’s not anything good inside to brace it against as is the case for my red laptop. Now, this next part is generally inadvisable, but my father grabbed a spare power cord and we carefully opened up the power supply. The broken part would only need a few solder points and it would work again. As a proof of concept, we connected the cord back up, and I re-installed the original supply.

The computer booted into an admin account on Windows 8.1.

Digital Archeology

First of all, I noticed how the system clock (including time and date) was only around half an hour slow. Also: props to whoever cleaned off this computer. The only clues to its history were in the system logs and the product ID keys for Internet Explorer and Windows.

This computer appears to have had a service life starting some time around 2004/2005 (OEM sticker). It was upgraded –presumably to Windows 7– around 2013 (IE key), where it was used regularly until being upgraded to Windows 8.1 in January, 2018. This upgrade must not have done it so well, as it was only booted a couple times since for around four days total in May and July, 2018 before my activity in 2023 showed up.

At this point, I easily could have run some more invasive file recovery program as a demonstration of why you shouldn’t dispose of your computers improperly, but I decided against it before I even began work on it.

Installing Linux [Hard Mode]

I grabbed the keys and loaded the computer into BIOS to point it at my trusty Ventoy USB. Only, the version of BIOS this thing runs is so old, it only supports booting to internal hard drive and CD. On a whim, I located and force-fed it my GRUB disk after opening the DVD drive by sticking a dulled safety pin up its manual eject hole. From there, I was able to load Ventoy. And from Ventoy, I was able to attempt loading one of my images.

This process took several minutes where it should have been seconds. I had many failed attempts (one casualty of which was a Debian installation I had on a USB stick I turned into installation media), but eventually managed to load Bodhi Linux 7 – specifically a late-cycle release candidate. For whatever reason I was never able to figure out, I had to boot using GRUB2 mode as opposed to “normal mode” from Ventoy. My guess as I write this is it has something to do with the BIOS not supporting USB booting.

The live experience wasn’t impressive. I chose to do a split-partition install simply because I’d never done one before. Otherwise, it booted Linux and ran poorly, but better than over a USB 2.0. I installed Firefox with the intention of it serving again as a backup, but is the system even needed?

Disposal

Technology marches on. 10-15 year-old desktops built near state-of-the-art quality may remain relevant as adequate get-me-online machines after a new hard drive, graphics card, and progressively slimmer versions of Linux, there comes a time when an almost 20 year-old budget crunch system struggles to land a kiosk job – that is if it’s worth the owner’s time to find a buyer.

For this tower, it is time to send it on its way in the Great Material Continuum. In this case: a local e-waste drop off location. My father and I spent some time sorting our tech stockpile and identifying stuff as broken, working, or unknown. We stripped down the systems we sending off for what RAM they had remaining, a couple CPU’s, a bunch of computer screws, and the hard disk from the star of our goodbye party.

An hour or two before we left, I’d lost my de-pointed safety pin from earlier. I had to disassemble it to extract my boot CD. I ended up prying open the back of the case and tilting the unit around until my disk fell out the back.

Takeaway

I don’t know what secrets this computer might have had on its hard drive before I started poking at it. Perhaps nothing. It was certainly tidied up beyond a casual inspection before it found its way to me, but the criminally curious might have applied more powerful recovery tools in the hopes of finding some personal information to steal. This is why some computer recyclers will destroy your hard drive with a drill press while you watch. Better still would be scrambling the hard drive with random bits a few times beforehand.

Final Question

Would you have had a better re-use for the computer I worked on this week?

I look forward to hearing from you in the comments below or on my Socials.

Posted on

Windows Licensing is a Mess!

Good Morning from my Robotics Lab! This is Shadow_8472 and today I am exploring the notably hostile environment of recycling old Windows keys. Let’s get started!

Among my long-term projects box is a retro gaming VM running one or more old versions of Windows. How hard can it be to move an installation legally?

VM: Virtual Machine

Very.

What is a Computer?

I grew up on Windows. Our tech stockpile has no shortage of outdated machines or extracted hard drives with valid installations of the operating system. Surely, there should be nothing wrong with playing Musical Chairs with components until I have something that meets my needs. Microsoft’s licensing doesn’t work that way.

I feel like Moses proclaiming, “Let my people go!” to Pharoh with the way nostalgia of boyhood intermingles with a starkly contrasting mission. The worst I’ve had Linux complain about hardware is when I duplicated a Debian drive and GRUB got upset over a UUID mismatch (it remains unaddressed to this day). To illustrate: I’ve had three Windows XP installations sitting around for years – one on the Old Church Computer I’ve been featuring lately and a couple pulled from other machines. I tried booting one of the pulled drives with the Old Church Computer, and the obtuse operating system asked for its installation disk before it would consent to my game of Musical Chairs. For all intents and purposes, Windows figures your computer is your motherboard because that’s most involved part of the system.

UUID: Unique Universal IDentifier – a [hopefully] unique number for identifying hard drives

Product ID’s and Keys

Major versions of Windows are were sold through different channels under different licensing terms. The important variations today are between Retail, OEM, and Volume. A Retail/“full version” (usually bought off a store shelf) follows the owner, entitling him to a single Windows workstation. OEM licenses offer some marginal savings in return for the license following the hardware; factory OEM’s will flash a system’s key into the motherboard’s BIOS. Volume licenses are sold with bulk in mind; one key can activate as many installations as its organization paid for, but if individual computers are ever sold off, the license stays with the organization. Each of these classifications have multiple channels each as identified by a triplet of digits in the Product ID [1].

The main event this week is a software tool called NirSoft [2] that scans Windows’ registry (or a mounted installation of Windows) and extracts product ID’s and activation keys for both Windows and a small selection of other software. From the three readily available installations of XP, I recovered two OEM type keys and one 011 type (upgrade to XP Home Edition) [1]. Luckily, a matching upgrade CD recently turned up.

Takeaway

I counted four different ways I could pirate Windows XP with the tools I have. I may frown on Microsoft’s data-gobbling and competition crushing policies, but I respect them enough to keep it to name calling in unprofessional venues. Even if I did steal and post about it, I doubt it would be worth their time coming after me. I’m doing this 100% legit to the best of my ability, and I’d encourage anyone looking to make a similar VM to practice integrity as well.

Final Question

Unless I can also scrounge a retail Windows 95 or 98 disk + key, I can’t install XP fresh. My tentative plan therefore is to move the existing retail installation over to a VM and situate it with the matching CD I found. My one concern at the moment is weather the XP upgrade license overrides or augments whatever underlying license, which may be an unmovable OEM license. I don’t know if I can even tell. Am I safe to proceed?

Works Cited

[1] Lunarsoft Wiki, “Product IDs,” wiki.lunarsoft.net, Nov. 7, 2016. [Online]. Available:https://wiki.lunarsoft.net/wiki/Product_IDs. [Accessed June 19, 2023].

[2] N. Sofer, “NirSoft,” nirsoft.net, [Online]. Available:https://www.nirsoft.net/. [Accessed June 19, 2023].

Posted on

Hard Drive Full: Decluttering

Good Morning from my Robotics Lab. This is Shadow_8472, and today I’m finishing off my move from Manjaro to EndeavourOS. Let’s get started!

About Last Week

14 hours. That’s how long it took for a proper fix to Space Engineers after I posted my attempt at a high-quality walkthrough for the workaround. I feel humbled, but in a good way. Someone at Keen, the game’s studio, took the time to fix a Linux problem for a Windows game. There’s also been some other good news I’d talk more about if I understood it, but the gist is that there are people working to optimize Space Engineers’ Linux experience.

Clearing Space on Manjaro

The big push this month has been to prepare EndeavourOS for daily use and make sure it’s stable in case I need a full reinstall. With NVIDIA drivers sorted and Space Engineers well-established, it’s time to move more stuff over. These last two posts were especially important to me, so I took the extra time with them. Now, I’m back at my original endgoal: Manjaro running again.

My Manjaro installation is so full, it can finish its update – or even log in anymore. Space Engineers is a big game, so I’m uninstalling it from there. I moved over my save data and reviewed it briefly in case I ever want to see my old creations.

“Easy Diffusion” basically takes care of itself, so while it had to [re]download some files to get going again, it was an easy 12gb to free. While I was at it, I added a new model I’ve been looking at. It was as simple as download and place in the right directory as directed (see Easy Diffusion’s help section for links).

With those offloaded, I easily booted Manjaro to apply several hundred updates amounting to a non-trivial download time. I now have a working backup OS on my Upstairs Workstation again.

Takeaway

There is more to life than big projects all the time. There will always be more to hand craft. I am thankful that my computer is usable.

Final Question

What is your idea of an “off week” project?

Posted on

I Glitched Cockpit and Discovered Multi-user Login

Good Morning from my Robotics Lab! This is Shadow_8472 with a side project for the week. Let’s get started!

My mother needed an extra browser, so I installed Firefox hardened it a little. I took the liberty of adding the Bitwarden plugin, encouraging her to make an account on my self-hosted instance. Remembering my failure so far to diagnose the “Network Error” blocking log in, I spared the time to learn how new Bitwarden clients are slightly incompatible with old Vaultwarden servers.

I easily could have updated Vaultwarden with maybe a note on the blog Discord. Instead, I felt like adding VaultwardenUsr@localhost to Cockpit with “Add new host.” This stunt worked at the cost of forwarding shadow8472@ButtonMash to VaultwardenUsr@ButtonMash when to logging in. Relogging didn’t help, and the hosts list saw VaultwardenUsr as the primary login – disallowing me from removing it, and as a remote login – blocking my attempts to add my real primary account back in with the same stunt.

While exploring this bug, I logged into my old laptop server and linked its Cockpit back into ButtonMash without getting forwarded to VaultwardenUsr. At this point, I submitted a bug report to Cockpit’s GitHub. I soon found the malformed host list at /etc/cockpit/machines.d/99-webui.json. I backed it up, purged the malformed entry, and updated GitHub with my workaround.

Out of curiosity, I added VaultwardenUsr@192.168.0.— as an alternate host. This sends packets for an extra detour, but it works as required. Only after all this did I update my Vaultwarden image from Docker Hub and deploy a new container from it using the same command as the last two successful times.

Note: While working on next week’s project, I logged into VaultwardenUsr@127.0.0.1 and other loopback IP’s with no problems. It’s just name@localhost that causes problems.

Takeaway

1 day for the win! My push for PiHole and supporting network projects has been intense lately, so it’s great to have a smaller project where I still learn while by doing something important.

Final Question

Have you ever misused a software feature successfully? What challenges did you face before getting it to work how you had in mind?

look forward hearing your answers on in the comments below or on my Socials.

Privacy Policy