Main Page
Old things!
Radios
You will find a few notes here eventually!
TBA
Computing
Z80-MBC2
creating a new SD-CARD.
You need to format the SD-CARD first, so it is blank. It must be in FAT16 or FAT32
Download the latest software from:
https://cdn.hackaday.io/files/1599736844284832/SD-S220718-R240620-v1.zip
In windows 10, you right-click the file and use "extract all", in the next screen browse to the sd-card you just formatted. And let the files extract to it.
You should now be able to eject the card (right click) and boot from it.
CP/M
Someone asked for the differences between CP/M-68k v1.2 and v1.3 I found this README.TXT on the v1.3 distribution disk. It pretty much says it's a load of bug fixes:
CP/M-68K Version 1.3 README.TXT File
------------------------------------
October 2, 1985
---------------
CP/M-68K Version 1.3 replaces CP/M-68K Version 1.2. The primary difference
is that Version 1.3 includes fixes for a number of bugs. These bug fixes
are listed below, by system component. Because this release is so similar
to Version 1.2, the Version 1.2 README.TXT file is included here for
reference. New versions of the C compiler and assembler are included.
VERSION 1.3 BUG FIXES
---------------------
The RELOC utility now operates properly on programs with zeros at the end
of the data segment.
SIZE68 now allows more than one file name on the command line.
DUMP now accepts drive P: .
DDT: Bus Errors are handled better.
The E command can load a file with a blank file type.
The E command will now work after a previous failure to load.
An error message is printed for numbers greater than 0xffffffff.
G and other commands specifying odd PC values yield error messages.
The FW command works properly for all values.
A default blank command tail is provided if the I command is omitted.
The I command now allows up to 128 characters in the command tail.
All instructions now disassemble correctly.
ED: Specifying an output drive on the command line now works.
The Juxtapose command now works with a repeat count.
The X and R commands now recognize invalid file names.
The X command now works properly.
STAT sets the I/O Byte properly. Note that the I/O Byte is an optional
feature of your BIOS. If the BIOS writer did not implement it, STAT will
appear to fail.
ERA will no longer erase files with invalid names. The classic example
was:
ERA foo.s.o => foo.s is erased
This will no longer occur.
The REN command will no longer accept incorrectly formed or blank file names.
The 'length of free memory after BSS' value in the base page is now set
correctly for all command files. Previously, if the command file contained
only a text segment, this value would be incorrectly set to zero.
The '#' character is no longer accepted as a response to a CP/M disk error
message.
(For BIOS writers only.) The allocation vector is now accessed by bytes, so
it may be aligned on either an odd or an even address.
DISTRIBUTION MEDIA AND FILES
----------------------------
CP/M-68K is distributed in two forms: 5 1/4-inch diskettes tailored for the
Motorola VME/10 (tm) development system and 8-inch diskettes tailored for the
Motorola EXORmacs (tm). The 8-inch diskettes follow the standard single-
density CP/M standard media format, and should be readable on any CP/M system
which accepts 8-inch diskettes.
Each distribution kit contains a bootable diskette, and the 8-inch kit contains
two bootable diskettes. Diskette #1 of the 5 1/4 inch set will boot directly
on a Motorola VME/10. The CPM.SYS file on this disk is configured for a 5-MB
hard disk system, and will work on all VME/10 configurations. However, if
your hard disk is larger, you will want to rebuild the system using the BIOS
files supplied. (Inspect 'normbios.h' for details.) The minumum memory
configuration of 384K is ample for CP/M-68K.
In the 8-inch kit, disk #1 will boot directly on an EXORmacs with Universal
Disk Controller. (Place disk in the left-hand floppy drive and boot.)
Disk #2 will boot directly on an EXORmacs with Floppy Disk Controller.
Each of these disks have different versions of CPM.SYS, configured for the
different controllers. At least 196K of memory is required to boot the
system as distributed.
Certain files are distributed in two forms, one for the VME/10 and one
for the EXORmacs. These are mainly BIOS and boot loader files and the
machine-specific PUTBOOT utility. All significant forms of each file
are distributed with both media sets. Generally the EXORmacs versions of
these files have an 'x' prefixed on their names. These files are summarized
below. Files which are specifically for the EXORmacs Floppy Disk Controller
(FDC) will be identified. All others are either for all EXORmacs systems or
for the Universal Disk Controller (UDC).
FILES
VME/10 EXORmacs CONTENT
----------- ----------- -------
PUTBOOT.* XPUTBOOT.* The PUTBOOT utility.
LOADBIOS.H XLOADBIO.H Include file for building loader BIOS.
LDBIOS.O XLDBIOS.O Object for loader BIOS.
XFLDBIOS.H Include file for FDC loader BIOS.
XFLDBIOS.O Object for loader BIOS.
NORMBIOS.H XNORMBIO.H Include file for building normal BIOS.
BIOS.O XBIOS.O Object for normal BIOS.
XFNMBIOS.H Include file for building FDC normal BIOS.
XFBIOS.O Object for normal FDC BIOS.
LDBIOSA.S XLDBIOSA.S Source for assembler portion of loader BIOS.
LDBIOSA.O XLDBIOSA.O Object for assembler portion of loader BIOS.
BIOSA.S XBIOSA.S Source for assembler portion of normal BIOS.
BIOSA.O XBIOSA.O Object for assembler portion of normal BIOS.
BOOTER.S XBOOTER.S Source for bootstrap portion of loader system.
BOOTER.O XBOOTER.O Object for bootstrap portion of loader system.
CPMLDR.SYS XCPMLDR.SYS Object for loader system.
XFCPMLDR.SYS Object for loader system for FDC.
CPM.REL XCPM.REL Relocatable object for CP/M-68K.
CPM.SYS XCPM.SYS CP/M-68K relocated to 0x25000. Note that
CPM.SYS on disks 1 and 2 of the 8-inch media
kit are EXORmacs versions of CP/M.
NORMBIOS.SUB XNORMBIO.SUB Submit files to build a normal BIOS.
XFNMBIOS.SUB Submit file to build a normal FDC BIOS.
LOADBIOS.SUB XLOADBIO.SUB Submit files to build a loader BIOS.
LCPM10.SUB XLCPM.SUB Submit file to build CPM.SYS. These submit
LCPM.SUB files also illustrate the difference between
68010 and 68000 system builds respectively.
MAKELDR.SUB XMAKELDR.SUB Submit files to build CPMLDR.SYS, XCPMLDR.SYS.
CP/M-68K Version 1.2 README.TXT File
------------------------------------
May 14, 1984
------------
CP/M-68K V1.2 is an upgrade to CP/M-68K V1.1. The new release
incorporates several new features and bug fixes. Features which
have been added are:
1. Typeahead support.
2. Support for the 68010 chip.
3. Floating point support for C. The compiler and runtime
support both the Motorola Fast Floating Point (FFP) and
IEEE formats for floating point numbers.
4. Support for wild cards, quoted strings, and redirection
with append on command lines for C programs.
5. The ability to specify a user number / drive combination
when opening a file in C. This feature extends to files
used in wildcarding and redirection.
6. Various debugger enhancements, including a limited
symbolic capability.
7. Support for the Motorola VME-10(tm) as the sample system.
The EXORmacs BIOS sources are also included as examples.
68010 Support
-------------
With the exception of programs which execute in Supervisor state,
it should be possible to run all CP/M-68K V1.1 programs on a
68010 system without change. CP/M-68K on a 68010 supports
programs which use the "MOVE from SR" instruction, which was not
privileged on the 68000, but is privileged on the 68010. The
68010 privilege violation handler dynamically changes "MOVE from
SR" instructions to the non-privileged "MOVE from CCR" instruc-
tion. User programs which handled exceptions using the BDOS Set
Exception function (61) need not be changed. CP/M-68K simulates
the 68000 exception stack frame on the 68010.
CP/M-68K Version 1.2 README.TXT File Page 2
05/14/84
To build the system for a 68010, use the submit file "LCPM10.SUB"
rather than the normal file "LCPM.SUB".
DDT Enhancements
----------------
DDT has been upgraded to support symbols in the program file to
be debugged. Two versions of the debugger are available: "DDT"
for the 68000 chip, and "DDT10" for the 68010. Symbols automati-
cally appear in disassembled instructions using the "l" command.
You can specify a symbol in a command by prepending it with a
period ("."). For example, to go from the current PC to the
symbol "quit" in the object program, you would specify:
g,.quit
You can use a symbol anywhere you normally would specify a hex
number. When using this feature with C programs, remember that
the C compiler prepends an underscore ("") to the beginning of
external symbols. For example, to "go" with a breakpoint at the
C function "blivot", you type:
g,.blivot
Additionally, you can use the "tw" command to single-step over a
call instruction, and the "p" command to set a permanent
breakpoint. "-p" will remove a permanent breakpoint.
Generating A System with S-Record Files
---------------------------------------
The two S-Record files, "CPM400.SR" and "CPM15000.SR", are built
with no BIOS code. These two systems are ORG'ed at 400 (hex) and
15000 (hex), respectively. A hard-wired equate was used to
establish the BIOS "init" entry point within CP/M-68K. There is
no need to patch the S-Record files as in CP/M-68K V1.1. The
BIOS may be placed following the "init" point in memory. You can
determine the address of "init" and the address of the ccp (for
doing warmboots) by looking in the files "CPM400.MAP", and
"CPM15000.MAP". These files are the output of NM68 on the
"CPM.SYS" file for these two systems. The values of the symbols
correspond to the actual memory addresses. (I.e., we used the
"-t" switch of the linker, rather than RELOC, to ORG the system).
You can generate a system from these files as outlined in the
"CP/M-68K System Guide".
CP/M-68K Version 1.2 README.TXT File Page 3
05/14/84
VME-10 Support
--------------
There are now two distribution formats for CP/M-68K: standard
8-inch 3740 compatible floppies, and VME-10 format 5.25 inch
floppies. The 8-inch version will boot on an EXORmacs(tm), while
the 5.25 inch format boots on a Motorola VME-10.
The sample system for CP/M-68K is now the Motorola VME-10,
instead of the EXORmacs(tm). The floppies supplied with the
VME-10 system are 96tpi, 160 tracks (80 cylinders), with eight
512 byte sectors per track. Tracks are numbered in a manner
compatible with the IBM Personal Computer (tm) format. Tracks
0-79 are on side 0 of the disk, and tracks 80-159 are on side
one. There are two reserved tracks, and 128 directory entries.
Due to a TENbug requirement for bootable diskettes, track 0 con-
tains 16 single-density 128-Byte sectors and track 159 is
reserved, in addition to tracks 0 and 1, for the LOADER. (Track
159 is directly opposite of Track 0 of Side 0 on Side 1. Tracks
0 and 1 are reserved by limiting the disk size in the DSM entry
of the DPB to 157 tracks.)
VME/10 Memory Map
-----------------
The location of the CP/M-68K system can be changed by the user.
For certain application programs it may be necessary to relocate
the CP/M-68K system to higher system addresses. The Transient
Program Area (TPA) starts at C00 (Hex address just above the RAM
area reserved for TENbug) and continues to just below the
CP/M-68K System. The system is shipped relocated to execute at
28000 (Hex). There will be a conflict if a user wishes to
utilize the high-resolution graphics capabilities of the VME/10.
The graphics RAM starts at 30000 (Hex) when in high resolution
mode and 48000 (Hex) when in low-resolution mode.
Also the use of the RAM disk (device e:) conflicts with the use
of the graphics RAM. Refere to the VME/10 system manuals for
more information.
VME/10 Utilities
----------------
Three VME-10-specific utilities are included in the distribution:
TERM, CONFIG and XFER86.
CP/M-68K Version 1.2 README.TXT File Page 4
05/14/84
The TERM Terminal Emulation Program
-----------------------------------
TERM is a terminal emulation program which allows you to emulate
a DEC VT-52(tm) terminal using an MVME400 serial card. It is
invoked as TERM.REL. To use the terminal program you need an
MVME-400 Dual Serial Port Card. It will be necessary to recon-
figure the board for use in the term program by transferring the
jumpers from J15 to J14 (10 jumpers total). The TERM program
expects to see the board at Hex address 0xf1c1cd, the factory
default.
The serial port #1 is the Auxiliary device used for the link.
TERM operates in a transparent mode until receiving a command
character from the remote machine, the command character is a
Control-A. It is followed by a single letter which allows you
to:
o - Open a file on the CP/M-68K system and redirect the I/O
stream from the serial line to that file instead of the
screen.
c - Close a file previously opened return output stream from
the remote host to the screen.
u - Upload a file from the CP/M-68K system to the host
(ASCII).
The 'o' and 'u' commands expect a filename to follow immediately
behind the command and terminated with a new line.
Commands from the keyboard are:
h - Display the help screen.
o - Open a file and redirect the stream from the host into it.
c - Close a file previously opened, flush the buffers and
direct the output stream from the back to the screen.
q - Exit the terminal program.
Using the TERM program as a terminal emulator is trivial. The
program will copy all input from the keyboard to the serial port
and all output from the remote host from the port to the screen
(unless redirected). This is the mode in which the TERM program
comes up. The TERM program emulates a DEC VT52 terminal and the
program has been used very successfully with screen editors such
as the UNIX System V vi(1) screen editor.
CP/M-68K Version 1.2 README.TXT File Page 5
05/14/84
To download a file from the host to the VME/10, the following
pseudo "C" program on the host will accomplish that:
char filename[] = "myfile.c";
/*
* send command to TERM program to open "filename"
* with the two byte sequence "Ctl-Ao" followed by
* the filename.
*/
printf("\001o%s", filename);
{
this section just does a byte by byte copy of the
ASCII source on the host to the standard output of
the program. It will be caught by the TERM program
and put into the file specified above.
}
printf("\001c");
The TERM program will detect the 'CTL-A' (\001) and 'o' pair and
read the characters following it as a file name to open and
redirect its input from the host (the host's output stream) into
it until detecting the 'CTL-A', 'c' pair to close the file.
The upload feature works in a similar manner. It is not
necessary to write a program to initiate the downloads and
uploads, it is possible to write a command script on some systems
(e.g. UNIX) to echo the command start sequence, print the file
and echo the close command.
The CONFIG Program
------------------
The CONFIG allows you to set the serial port baud rate.
The XFER86 Program
------------------
XFER86 is a program which will allow you to read (but not write)
diskettes written by CP/M-86 on an IBM Personal Computer. XFER86
provides a file transfer capability from CCP/M-86 disks written
by the IBM PC to CP/M-68K running on the VME/10. XFER86 provides
this capability by modifying the disk parameter block (DPB) for
the CCP/M-86 disk.
The procedure for transferring files is:
CP/M-68K Version 1.2 README.TXT File Page 6
05/14/84
1. Execute XFER86.
2. XFER86 will request you to insert the CCP/M-86 disk, do
so.
3. type c <return>. XFER86 modifies the DPB and returns to
CP/M-68K.
4. transfer files from the CCP/M-86 disk (a:) to the VME/10
hard disk (c:) using pip. The disk may be removed and
replaced with other CCP/M-86 disks with the same format
for further file transfers.
5. Execute XFER86 to restore the DPB.
6. XFER86 will request you to insert the CCP/M-86 disk, do
so.
7. Type r <return>. XFER86 restores the DPB and returns to
CP/M-68K.
XFER86 requires the following disk format for proper operation of
the file transfers:
48 tpi, DSDD, 40 cylinders, 8 512-byte sectors/track
XFER86 requires the following CCP/M-86 disk parameters for proper
operation of the file transfers. These parameters may be varied
on the CCP/M-86 system using its "show dsk:" command:
2,528: 128-byte records
316: kilobyte drive capacity
64: 32-byte directory entries
256: 128-byte records/directory entry
16: 128-byte records/block
32: 128-byte records/track
1: reserved track
VME/10 BIOS Terminal Emulation
------------------------------
The VME-10 BIOS emulates a VT-52 terminal, so you can use
screen-oriented programs by configuring them for a VT-52.
CP/M-68K Version 1.2 README.TXT File Page 7
05/14/84
Machine Specific PUTBOOT Utility
--------------------------------
The PUTBOOT utility also contains VME-10 specific code. The old
version (for the EXORmacs) is contained in file "XPUTBOOT.S" and
is included as a reference.
Known bugs in CP/M-68K V1.2
---------------------------
1. The assembler (AS68.68K) generates files with bad reloca-
tion bits when a "movec" instruction follows an instruc-
tion which references a symbol. The following example:
move.l d0,a
movec vbr,d0
move.l d0,b
.data
a: .dc.l 0
b: .dc.l 0
illustrates the problem. A workaround is to place a
".dc.w $4e71" statement following the movec instruc-
tion. (4e71 is a NOP instruction). The assembler gives
no error message, but neither linker (LO68 or LINK68) will
accept the file as input.
2. The assembler (AS68.68K) places a single-character ASCII
constant in the high byte of a word operand. For example:
move.w #'U',d1
loads d1 with the hex constant "5500". Of course, the
argument could be made that you should use a byte instruc-
tion to do single character moves.
3. The assembler (AS68.68K) will evaluate a symbol of the
form "$xyz" as a hex constant with value 0. If used on a
single operand directive, such as:
.dc.b $xyz
the offending statement is not flagged with an error.
4. The editor (ED.68K), when invoked using an output drive,
e.g:
CP/M-68K Version 1.2 README.TXT File Page 8
05/14/84
ED file b:
will not create the file on the output drive.
5. The editor (ED.68K) "Juxtapose" command does not function
properly when specified with a repeat count.
6. The editor (ED.68K) X command does not respond in a
friendly manner to an invalid syntax. When an invalid
filename is used, such as "x23:t", the editor prints
"INVALID FILENAME" and exits to the operating system.
This obliterates any editing session in progress.
7. The C compiler generates an incorrect error message,
"Initializer Alignment", on a statement which initializes
a static unsigned or float array.
8. The C compiler does not correctly handle the modulo ("%")
operator in constant expressions.
9. The C compiler will not properly substitute a macro argu-
ment inside a quoted string if the argument is preceded by
a backslash escape sequence. For example,
#define x(a) printf("\na");
will not expand properly. Placing a space between the
escape sequence and the argument fixes the problem.
10. The C compiler will not substitute a macro argument inside
a quoted string if the text to be substituted contains a
single quote character.
11. The C compiler will not properly handle initializations of
auto variables with register variable parameters. For
example:
func(a,b)
register int a,b;
{
int i=a+b;
}
will not initialize the variable "i" to the proper value.
If the parameters are not declared as "register", the ini-
tialization will work.
12. The C compiler does not properly handle expressions
involving pointers with non-unique structure names. The
sequence:
CP/M-68K Version 1.2 README.TXT File Page 9
05/14/84
struct s1 {struct s2 *a,*b;};
struct s2 {struct s1 *b,*a;};
.
.
.
q = ((p->a)->a)->a;
does not properly initialize "q".
13. The compiler does not properly handle byte subscript
expressions involving the "++" and "--" operators. The
following sequence does not work:
char x[100];
func() {
char y;
y = x[++x[0]];
A workaround is to rewrite the subscript expression so
that the "++" operation is done before (or after) the
indexing:
x[0]++;
y = x[x[0]];
14. The compiler does not properly initialize a structure
which contains an array of structures.
15. The C Preprocessor will occasionally eat a line or two
following a "#include" declaration. The workaround is to
append some blank lines to the "#include" occurrence.
This can produce some hard to track down bugs if variable
declarations are lost due to the bug.
16. Conditional assembly occasionally causes loss of label
immediately preceding conditional statement in the assem-
bler.
17. The assembler can be made to generate code at an odd
address by embedding odd byte length data in the text
section. The assembler will not realign its program
counter to an even address. The user should pad the data
in the text section to an even byte boundary himself.
18. The compiler will generate an error message for:
CP/M-68K Version 1.2 README.TXT File Page 10
05/14/84
struct a { long x; };
struct b { char x; };
due to the non-unique member names in the structure. Make
them unique.
Trademark Information
---------------------
CP/M-68K is a trademark of Digital Research. Motorola, EXORmacs,
and VME-10 are trademarks of Motorola. IBM Personal Computer is
a trademark of IBM. DEC and VT-52 are trademarks of Digital
Equipment Corporation. UNIX is a trademark of Bell Laboratories.
General Notes
VMware remote support esxi
Useful command, working remotley
ESXi 4.x, 5.x and 6.0 To power on a virtual machine from the command line: <pre> List the inventory ID of the virtual machine with the command: vim-cmd vmsvc/getallvms |grep <vm name> Note: The first column of the output shows the vmid. Check the power state of the virtual machine with the command: vim-cmd vmsvc/power.getstate <vmid> Power-on the virtual machine with the command: vim-cmd vmsvc/power.on <vmid> Open a console session where the esxcli tool is available, either in the ESXi Shell, the vSphere Management Assistant (vMA), or the location where the vSphere Command-Line Interface (vCLI) is installed. Get a list of running virtual machines, identified by World ID, UUID, Display Name, and path to the .vmx configuration file by running this command: esxcli vm process list Power off one of the virtual machines from the list using this command: esxcli vm process kill --type= [soft,hard,force] --world-id= WorldNumber Notes: Three power-off methods are available. Soft is the most graceful, hard performs an immediate shutdown, and force should be used as a last resort. Alternate power off command syntax is: esxcli vm process kill -t [ soft,hard,force] -w WorldNumber Repeat Step 2 and validate that the virtual machine is no longer running. For ESXi 4.1: Get a list of running virtual machines, identified by World ID, UUID, Display Name, and path to the .vmx configuration file by running this command: esxcli vms vm list Power off one of the virtual machines from the list by running this command: esxcli vms vm kill --type= [soft,hard,force] --world-id= WorldNumber
Bind 9
Current ip's for Coopzone
Link for settings Name Server config
Tsig keys
Setting up secure updates using TSIG keys for BIND 9 for DNS agent
In the following example, the domain is example.com.
To use secure updates using TSIG keys, perform the following steps at the DNS server:
Run the dnssec-keygen command with the HMAC-MD5 option to generate a pair of files that contain the TSIG key:
# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST example.com.
View the example.com.+157+00000.key file. After you run the cat command, the contents of the file resembles:
# cat example.com.+157+00000.key
example.com. IN KEY 512 3 157 +Cdjlkef9ZTSeixERZ433Q==
Copy the shared secret (the TSIG key), which looks like:
+Cdjlkef9ZTSeixERZ433Q==
Configure the DNS server to only allow TSIG updates using the generated key. Open the named.conf file and add these lines.
key example.com. {
algorithm hmac-md5;
secret "+Cdjlkef9ZTSeixERZ433Q==";
};
Where +Cdjlkef9ZTSeixERZ433Q== is the key.
In the named.conf file, edit the appropriate zone section and add the allow- updates sub-statement to reference the key:
allow-update { key example.com. ; } ;
Save and restart the named process.
You need both files to use nsupdate to your dns server.
Tsig Keys part 2 the easy way
The above method works, but the up-to-date versions of dnssec-keygen no longer supports HMAC. So you can still use above but with different key types. Really using dnssec-keygen is a bit overkill for tsig anyway.
This and the fact that the vast majority using t-sig are for simple dns updates, you can use this as an alternative:
- Generatethe config for bind9 and nsupdate in obe go with:
ddns-confgen -k update_key -z coopzone.uk.to
This will give an output you can save to a file and use as the key for nsupdate and you can add the same output to a bind zone file to allow the updates. It even gives you the instructions on how to use it!
Sample output:
ddns-confgen -k update_key -z coopzone.uk.to
# To activate this key, place the following in named.conf, and
# in a separate keyfile on the system or systems from which nsupdate
# will be run:
key "update_key" {
algorithm hmac-sha256;
secret "8jWVFokMGOIHgrqu35zhYg5zdjSQDCM+4f2dfSG+Vg8=";
};
# Then, in the "zone" definition statement for "coopzone.uk.to",
# place an "update-policy" statement like this one, adjusted as
# needed for your preferred permissions:
update-policy {
grant update_key zonesub ANY;
};
# After the keyfile has been placed, the following command will
# execute nsupdate using this key:
nsupdate -k <keyfile>
Using let's encrypt certificates
Plenty of info on how to use these from let's encrypt.
But if you want to use them on another service other than https. You can create a dummy website using apache/nginx. Then create the certificate and copy it to your server. The only stipulation being you must be on the same ip address.
In this example config, both vpn and www hosts are on one ip address, but different ports.
vpn=5000 www=80,443
# Settings for dummy server to get a cert for smtp
server {
listen 80;
root /var/www;
server_name vpn.coopzone.org.uk;
location /.well-known {
root /var/www/vpn/;
}
}
Create the dummy location:
mkdir -p /var/www/vpn/.well-known/acme-challenge
Use certbot to create the certificate:
certbot certonly --webroot -w /var/www/vpn/ -d vpn.coopzone.org.uk
Now copy the keys / certificates to the correct server or where ever your vpn lives. I do this in the same cronjob that updates the certificates using certbot reniew.
Linux
linux Linux (centos / debian) notes
SASL testing/setup
Setup on new server apt-get install libsasl2-2 sasl2-bin libsasl2-modules-db
change /etc/defaults/saslauthd lines:
START=yes MECHANISMS="sasldb" OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
add sasl group to postfix user usermod -G sasl postfix
create /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd saslauthd_plugin: sasldb mech_list: PLAIN LOGIN
Need this section in master.cf
192.168.1.151:submission inet n - y - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_tls_received_header=yes -o smtpd_tls_auth_only=yes -o smtpd_tls_req_ccert=no -o smtpd_tls_cert_file=/etc/ssl/certs/cert -o smtpd_tls_key_file=/etc/ssl/private/cert.key -o smtpd_tls_CAfile=/etc/ssl/certs/QuoVardis.crt -o smtpd_sasl_type=cyrus -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_path=smtpd -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -o smtpd_milters=inet:127.0.0.1:12345 -o smtpd_proxy_ehlo=smtp.host.com #
Adding/removing/showing authentication records
NOTE: You need to do these commands on all servers
commands to add/remove show users:
add user:
saslpasswd2 -c -u mail.mail.com derek
change user password:
saslpasswd2 -u mail.mail.com derek
del user:
saslpasswd2 -d -u mail.mail.com derek
list users:
sasldblistusers2
Testing
Test auth for sasl:
testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -r mail.mail.com -u derek -p XXXXXXX
Test auth from postfix/smtpd using openssl
Generate an plain test password hash to test with
printf '\000derek@mail.mail.com\000XXXXXXXX' | openssl base64 -A
(copy the output ready to paste below)
Connect to the server to test the authentication.
openssl s_client -connect mail.mail.com:587 -starttls smtp
......
ehlo local
AUTH PLAIN {copy text from above}
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye
Sasl Postfix relayhost problems
Settings should be:
smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous #smtp_sasl_tls_security_options = noanonymous smtp_tls_security_level = encrypt header_size_limit = 4096000 relayhost = [the_relay]:587
sasl_password:
[the_relay]:587 saslrelay@auth.cz0.uk:verygoodpassword
Make sure you have cyrus client installed, or you will get NO MECH AVAILABLE
yum install cyrus-sasl-plain systemctl restart postfix
SoftEther VPN Notes
To diable vpnserver from calling home, i.e. stop all the chit-chat for nat traversal and just use it as a normal vpnserver.
Step 1 dissable DDNS
change the config file DDNS section to read:
declare DDnsClient { bool Disabled true }
Step 2 dissable UDP acceleration I did this from the config file by setting:
bool DisableUdpAcceleration true
Step 3, Disable Nat Traversal In the config file change the following setting.
bool DisableNatTraversal true
Step 4, turn off keep alive. This is via the GUI on the server encryption and network button.
Step 5, turn of auto update check. Again this is via the GUI on the server encryption and network button.
Having done the above (thanks to dnobori, for the ones I missed) and restarted the server, I know don't see any outbound / unexpected traffic.
Virtualization
Qcow2 images
/usr/bin/qemu-img create -f qcow2 -o preallocation=metadata /export/vmimgs/glacier.qcow2 8G
Qcow2 with LXC
You can use, qemu-nbd to mount a qcow image then copy/create the rootfs to it.
then if you use the following options in the config file:
lxc.hook.pre-start = /var/lib/lxc/up.sh lxc.hook.post-stop = /var/lib/lxc/down.sh
and make sure each config file has a unique nbd_device
#MUST set the nbd device to be unique for each container lxc.rootfs = /dev/nbd1
up.sh
#!/bin/bash
qemu-nbd -c ${LXC_ROOTFS_PATH} /lvmdir/${1}.qcow2
exit 0
down.sh
#!/bin/bash
while [ -f /sys/fs/cgroup/pids/lxc/${1}/pids.current ]; do
sleep 0.5
done
qemu-nbd -d ${LXC_ROOTFS_PATH}
exit 0
Brother 32bit drivers on 64bit linux
Debian example:
apt-get install lib32z1 lib32ncurses5 optional: apt-get install cups mkdir -p /var/spool/lpd dpkg -i --force-all mfc5890cnlpr-1.1.2-2a.i386.deb dpkg -i --force-all mfc5890cncupswrapper-1.1.2-2a.i386.deb
Some info for LVM
Using Snapshots.
Create a snapshot
lvcreate -L 1G -s -n test1_snap /dev/vg0/test1
(Make it big enough to take the changes you make)
To revert the snapshot (step back to before any changes)
1, umount it (stop using it) the LVM needs to be free for the revert to work
2, use:
lvconvert —merge /dev/vg0/test1_snap
3, The above will also remove the snapshot volume.
To commit the snapshot
1, unmount it (stop using it)
2, use:
lvremove -f /dev/vg0/test1_snap
Openvz / proxmox
Adding nat iptables modules to container, example:
vzctl set 115 --iptables "iptable_nat iptable_filter iptable_mangle ip_conntrack ipt_conntrack ipt_REDIRECT ipt_REJECT ipt_multiport ipt_helper ipt_LOG ipt_state" --save
virt All sorts on virtualization, Xen etc
Windows does not boot virtio especially after moving vm
1. Add both windows 10 DVD/CD ISO and virtio driver ISO to VM. Make a note of the drive letters assigned by windows (or once booted to recovery mode, you can manually dir each drive to find them) The latest driver ISO can be pulled out of the RPMs found at https://fedorapeople.org/groups/virt/virtio-win/repo/latest/
2. Boot off windows 10 DVD/CD and get into a command prompt from repair mode option.
3. Load the driver via the CLI e.g.
drvload e:\viostor\w10\amd64\viostor.inf
In my case e: was where the virtio install ISO got assigned.
4. After loading the driver f: was where the windows install became mounted.
5. Use the DISM command to inject the storage controller driver
dism /image:f:\ /add-driver /driver:e:\viostor\w10\amd64\viostor.inf
As above, change drive letter assignments according to your own environment.
KVM settings to help windows idle cpu issue
<clock offset='localtime'> <timer name='rtc' tickpolicy='catchup'/> <timer name='pit' tickpolicy='delay'/> <timer name='hpet' present='yes'/> <timer name='hypervclock' present='yes'/> </clock>
ABOVE: the hpet = yes line is the change, normally hpet = no.
Sometimes it's better like this (not all the "features" are needed, if virsh complains about them just remove the line)
It seems to be mostly the clock options that make a real difference to cpu idle 40% -> 1-2%
<features>
<acpi/>
<apic/>
<hyperv>
<relaxed state='on'/>
<vapic state='on'/>
<spinlocks state='on' retries='8191'/>
<synic state='on'/>
<stimer state='on'/>
</hyperv>
<vmport state='off'/>
</features>
<clock offset='localtime'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
<timer name='hypervclock' present='yes'/>
</clock>
Openvz7 virtuozzo
Either install in from the bare-hardware install CD, or if you only want to run it in a KVM/VMWARE environment do this:
Install basic Centos7 system. setup /vz as ext4
setup network
(you need bridge-utils)
update
(optional)
Next install the following:
yum install -y wget net-tools vim lvm2
yum install -y epel-release
yum install -y yum-plugin-priorities
rpm -ivh python-subprocess32-3.2.6-5.vz7.1.x86_64.rpm
rpm -ivh openvz-release-7.0.0-57.vz7.x86_64.rpm
yum install -y vzkernel
Now install the tools:
yum install -y crit criu libvzctl libvzevent openvz-docs pcompact ploop ploop-lib vcmmd virtuozzo-motd vzctl vzmigrate vzpkgenv410x64 vzpkgenv44 vzpkgenv44x64 vzpkgenv47 vzpkgenv47x64 vzpkgenvdebx64 vzpkgenvzypp49x64 vzprocps vzreport vzstat vztt vztt-lib
Optional: (you only seem to need this if you use the templates / updates provided by openvz team, i don't)
yum install -y prl-disp-service
reboot
You should now update (several times!) Since openvz7 -> virtuozzolinux upgrade. At some point it may well moan that it does not have a GPG key for the new packages. You should be able to find the key on there website, just search for VZLINUX_GPG_KEY.
Last time I did this install you can download and install it like this:
wget https://docs.virtuozzo.com/keys/VZLINUX_GPG_KEY mv VZLINUX_GPG_KEY /etc/pki/rpm-gpg/
Add any templates if you want to use the vzlinuz7 templates ( i don't as yet):
yum install -y `yum search x86_64-ez | grep noarch | awk '{print $1}’`
you need to update the local cache for each template installed, so for cento7 it would be:
vzpkg update cache centos-7-x86_64
(it's the same name as the templates installed above but without the -ez on the end!)
at this point it's more or less the same as the old openvz for cents 6, if you want to use the new tools for install etc then:
optional:
yum install -y prlctl
LXC
LXC Config in Azure VM
to setup host basic notes
Build ubuntu server 18
apt install iptables-persistent
add rule to snat any 10.x.x.x to the main ip on eth0
configure swap space /etc/waagent.conf
apt-get install zfsutils-linux lxc
Clam-AV or HAproxy
You can either install clamav on the host VM, as below, or if you have access to a central clamd scan engine (this is preferred as you only need one VM with enough memory to handle it, at least 2 gig) see using haproxy next section.
Clamav
apt-get install clamav-daemon
change /etc/clamav/clamd.conf
LocalSocket /var/run/clamav/clamd.ctl #FixStaleSocket true #LocalSocketGroup clamav #LocalSocketMode 666 TCPAddr 192.168.200.1 TCPSocket 3310
Haproxy
Install haproxy on the host VM
apt install haproxy
then configure a frontend/backend to connect port 3310 to clamd scanner hosts, example:
listen stats
bind 127.0.0.1:8404
stats enable
stats uri /stats
stats refresh 5s
frontend clamav
bind 192.168.200.1:3310
mode tcp
option tcplog
timeout client 300s
default_backend clamav_backend
#note: timeout client and server are the same as recommended for tcp connections
backend clamav_backend
mode tcp
timeout connect 30s
timeout server 300s
balance roundrobin
default-server inter 10s fall 2 rise 1
server clamav_mail2 ip-first:3310 check weight 100
server clamav_home ip-second:3310 check weight 10
Setup lxc bridge
change/create /etc/default/lxc-net
LXC_BRIDGE="lxcbr0" LXC_ADDR="192.168.200.1" LXC_NETMASK="255.255.255.0" LXC_NETWORK="192.168.200.0/24" LXC_DHCP_RANGE="192.168.200.128,192.168.200.253" LXC_DHCP_MAX="125" USE_LXC_BRIDGE="true"
create the disk file for LXC
dd if=/dev/zero of=/zdisk0_block bs=1024M count=26 zpool create zdisk0 /zdisk0_block zfs set compress=on zdisk0 zfs set dedup=on zdisk0
LXC using multiple ip's and iptables
The basic idea is to attach public ip's to additional ip's on the azure vm, then use iptables to re-direct traffic to LXC containers.
First you have to add multiple secondary static ip address's to your network card on the azure vm. This is not a full tutorial so you will have to work your way through the azure interface to find this for yourself.
NOTE : This breaks the waagent ! You must SNAT the traffic from the vm to appear as the primary ip address on the network card when appearing from the 10.0.0.0 ip's, then if you need to add addition SNAT rules for the secondary ip address's. If you don't do this waagent looses connectivity to the end points in azure and has a pink fit!
NOTE 2: No so critical, the other SNAT rules match outbound connections to the eventual public ip's, either one-to-one or many-to-one
NOTE 3: The last rule MASQUERADE is a catch all for any missing SNAT lines, it really should be another SNAT rule, but this one is actually added by LXC-NET so i just left it in place.
See example iptables, in this example (only showing the nat rules, azure adds others in using waagent) the last but one line:
-A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to-source 10.0.0.6
Is crtical to keeping waagent a happy bunny!
Example:
*nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [8:480] :POSTROUTING ACCEPT [0:0] -A PREROUTING -d 10.0.0.40/32 -i eth0 -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.200.10 -A PREROUTING -d 10.0.0.40/32 -i eth0 -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.200.10 -A PREROUTING -d 10.0.0.40/32 -i eth0 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.200.10 -A PREROUTING -d 10.0.0.40/32 -i eth0 -p tcp -m multiport --dports 25,465,587,993 -j DNAT --to-destination 192.168.200.18 -A PREROUTING -d 10.0.0.43/32 -i eth0 -p tcp -m multiport --dports 443,80 -j DNAT --to-destination 192.168.200.13 -A PREROUTING -d 10.0.0.44/32 -i eth0 -p tcp -m multiport --dports 443,444,500,4500 -j DNAT --to-destination 192.168.200.17 -A PREROUTING -d 10.0.0.44/32 -i eth0 -p udp -m multiport --dports 5060,443,444,500,4500 -j DNAT --to-destination 192.168.200.17 -A PREROUTING -d 10.0.0.44/32 -i eth0 -p udp -m udp --dport 10000:20000 -j DNAT --to-destination 192.168.200.17 -A POSTROUTING -s 192.168.200.10/32 ! -d 192.168.200.0/24 -j SNAT --to-source 10.0.0.40 -A POSTROUTING -s 192.168.200.18/32 ! -d 192.168.200.0/24 -j SNAT --to-source 10.0.0.40 -A POSTROUTING -s 192.168.200.13/32 ! -d 192.168.200.0/24 -j SNAT --to-source 10.0.0.43 -A POSTROUTING -s 192.168.200.17/32 ! -d 192.168.200.0/24 -j SNAT --to-source 10.0.0.44 -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to-source 10.0.0.6 -A POSTROUTING -s 192.168.200.0/24 ! -d 192.168.200.0/24 -j MASQUERADE
LXC 2.0 on Centos 7
Install a base system for Centos 7 + whatever tools you normally use, vim, wget etc
search for and download the lxc 2.0 repo called "thm-lxc2.0-epel-7.repo", copy to your /etc/yum.repos.d
enable the epel repo, yum install epel-release
install:
yum install lxc lxc-templates
LXC 2.1 Build on Centos from source
yum -y groupinstall base development yum -y install libcap-devel yum -y install epel-release yum -y install iptables-services yum -y install docbook2X yum -y update yum clean all cd /usr/local/src wget https://linuxcontainers.org/downloads/lxc/lxc-2.1.0.tar.gz tar xvf lxc-2.1.0.tar.gz cd lxc-2.1.0/ ./configure --enable-capabilities --enable-doc --prefix=/usr --sysconfdir=/etc --localstatedir=/var make install
Set a different root / home directory for the lxc containers, if required:
cat /etc/lxc/lxc.conf lxc.lxcpath = /vm
Edit the file above to suite your needs
Next alter create the default file, for anything you want all containers to start with:
cat /etc/lxc/default.conf lxc.net.0.type = veth [root@lxc1 ~]# more /etc/lxc/default.conf lxc.net.0.type = veth lxc.net.0.link = br0 lxc.net.0.flags = up lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx lxc.cgroup.memory.limit_in_bytes = 384000000 lxc.start.auto = 0
Now create an ld.so.con file to include the libraries for LXC
cat /etc/ld.so.conf.d/lxc.conf /usr/lib
And the default network settings
cat /etc/sysconfig/lxc-net LXC_BRIDGE="lxcbr0" USE_LXC_BRIDGE="true" LXC_ADDR="10.0.0.1" LXC_NETWORK="255.255.255.0" LXC_DHCP_RANGE="10.0.0.10,10.0.0.99"
LXC no console on container when using systemd
Create your own copy of the getty@.service cp /lib/systemd/system/getty@.service /etc/systemd/system Comment out the line ConditionPathExists=/dev/tty0 in the copied getty@.service
LXC apparmor settings for autofs, smb, nfs
In the file /etc/apparmor.d/lxc/lxc-default-cgns
change/add :
deny mount fstype=devpts, mount fstype=cgroup -> /sys/fs/cgroup/**, mount fstype=cgroup2 -> /sys/fs/cgroup/**, mount fstype=rpc_pipefs, mount fstype=nfs, mount fstype=cifs, mount fstype=autofs,
Mac OSX
mac Mac related notes
Vodaphone useful numbers
vodafone Vodafone numbers
Apps and software
- software Applications notes (mostly web based apps, notes on configuring building apache,php,openssl etc)
- unreal Unreal tournament
- bitsBits and pieces
- asterisk Asterisk notes
- mwiki MediaWiki bits and bobs
- dovecot Things about dovecot and postfix
- postfixadmin Adding new fields to postfix admin v3
- Docmgr Installation notes
DNS
DNS related Notes on dns, mostly out of date
Mac DNS Mac DNS flush cache
mariadb mysql replication Master/Master on Centos 7
On both servers, add entries for the hosts in /etc/hosts, in our case db1 and db2
Configure the firewall for mysql:
firewall-cmd --permanent --add-port=3306/tcp firewall-cmd --reload
On db1, in /etc/my.cnf.d/server.cnf
[mariadb-5.5] # bind-address = 127.0.0.1 server-id = 2 report_host = db2 log_bin = /var/log/mariadb/mariadb-bin log_bin_index = /var/log/mariadb/mariadb-bin.index relay_log = /var/log/mariadb/relay-bin relay_log_index = /var/log/mariadb/relay-bin.index auto_increment_increment = 2 auto_increment_offset = 2 # replicate-do-db = testdb expire_logs_days = 14
On db2, in /etc/my.cnf.d/server.cnf
[mariadb-5.5] # bind-address = 127.0.0.1 server-id = 1 report_host = db1 log_bin = /var/log/mariadb/mariadb-bin log_bin_index = /var/log/mariadb/mariadb-bin.index relay_log = /var/log/mariadb/relay-bin relay_log_index = /var/log/mariadb/relay-bin.index auto_increment_increment = 2 auto_increment_offset = 1 # replicate-do-db = testdb expire_logs_days = 14
On both db1 and db2
restart mariadb on both servers
systemctl restart mariadb systemctl status mariadb
Connect to the sql server.
mysql -uroot -p
Create the replication user
create user 'replusr'@'%' identified by 'xxx-verystrongpassword-xxx'; grant replication slave on *.* to 'replusr'@'%';
On db1, make note of master status;
show master status;
show master status; +--------------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +--------------------+----------+--------------+------------------+ | mariadb-bin.000001 | 479 | | | +--------------------+----------+--------------+------------------+ 1 row in set (0.00 sec)
On db2, configure the slave/master setup
STOP SLAVE; CHANGE MASTER TO MASTER_HOST='db1', MASTER_USER='replusr', MASTER_PASSWORD='xxx-verystrongpassword-xxx', MASTER_LOG_FILE='mariadb-bin.000001', MASTER_LOG_POS=479; START SLAVE;
show the slave status (look for any errors)
SHOW SLAVE STATUS\G
Make a note of the master status:
show master status; +--------------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +--------------------+----------+--------------+------------------+ | mariadb-bin.000002 | 245 | | | +--------------------+----------+--------------+------------------+ 1 row in set (0.00 sec)
On db1. setup slave/master (as on the other server but other direction)
STOP SLAVE; CHANGE MASTER TO MASTER_HOST='db2', MASTER_USER='replusr', MASTER_PASSWORD='xxx-verystrongpassword-xxx', MASTER_LOG_FILE='mariadb-bin.000002', MASTER_LOG_POS=245; START SLAVE;
Check status of slave, again look for errors.
SHOW SLAVE STATUS\G
Thats it, you can also check the master status:
SHOW MASTER STATUS\G
You should be able to create a database on one and it will appear on the other etc.
Rebuild Database Master - Master
If your MySQL (5.0+) replication is broken, there’s two ways to fix it: The easy way, and the right way.
Run commands starting with $ on Unix.
Run commands starting with mysql> in the MySQL client.
The easy way: Skip the problem
If you hit both databases at the same time, with the same INSERT, they will create their own record, and try and replicate to the other, which already has that record, causing a duplicate error.
In a simple case like that, you just want to skip the offending statement:
mysql>SET GLOBAL SQL_SLAVE_SKIP_COUNTER=1; START SLAVE;
More details on skipping MySQL duplicate errors
Most of the time, you skip one statement, and replication breaks again straight away, because there’s a whole queue of problem statements coming up.
The right way: Rebuild
If you are not sure that you can skip the duplicate, or if replication has been broken long enough that your two servers are out of synch, pick one database to be the master, and rebuild the other from a copy of that master.
First make sure your site is only using the master server. Stop any processes that might modify data on the server you need to rebuild.
We have two database servers:
Good Server: The good one, with the correct data.
Rebuilding Server: The one we are fixing. All it’s data will be erased with the Good Server data.
1. On the Good Server
Dump data from the Good Server. The master-data switch adds a statement at the end of the file to start replication.
The quick switch makes dumping large tables use a lot less memory, so on a VPS it’s much faster.
All tables will locked during the dump.
Replace ‘my_database’ with your database name.
$ mysqldump --add-drop-table --master-data --routines
--quick -u root -p my_database > my_database.sql
$ bzip2 my_database.sql
2. On the Rebuilding Server
Copy the dump onto the Rebuilding Server. Replace ‘myuser’, ‘good-server’ and ‘my_database’ as appropriate.
$ scp myuser@good-server:my_database.sql.bz2 . $ bunzip my_database.sql
Load the dump. This can take a few minutes for a large database.
mysql> stop slave; $ mysql -u root -p my_database < my_database.sql
mysql> show slave status\G
You should see Slave_IO_Running: Yes and Slave_SQL_Running: Yes.
The master-data switch to mysqldump, in step 1, started replication at the right place for us. How nice. I love MySQL.
The \G means show vertical instead of the usual horizontal. It works with any MySQL command.
Now you have statements flowing Good Server –> Rebuilding Server. Next we need to get data going the other way.
mysql> flush tables with read lock; mysql> show master status;
Make a note of the File and Position rows.
3. On the Good Server
Set the slave here to be in synch with Rebuilding Server. Use the file name and log position from the previous step.
mysql> stop slave; mysql> change master to master_log_file='mysql-bin.000044', master_log_pos=132059667; mysql> start slave; mysql> show slave status\G
4. On the Rebuilding Server
mysql> unlock tables;
Windows
To enable telnet
Start
Control Panel
Programs And Features
Turn Windows features on or off
Check Telnet Client
Windows product keys (copied from Microsoft web site)
MSProductKeys Microsoft keys for use with corporate products
How to Convert Evaluation Server 2016 or 2019 to Licensed Version
To convert Windows Server 2019 or 2016 Evaluation to Licensed (Retail):
Open PowerShell as Administrator and give the following command to find the installed version of Server 2016/19:
DISM /Online /Get-CurrentEdition
Then give the following command to convert the Server 2016 Evaluation version to Full Retail (Licensed):
DISM /online /Set-Edition:ServerEdition /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula
For example… If the installed edition is the "ServerStandarEval" then the command is:
DISM /online /Set-Edition:ServerStandard /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula
If the installed edition is the "ServerDatacenterEval" then the command is:
DISM /Online /Set-Edition:ServerDatacenter /ProductKey:xxxxx-xxxxx-xxxxx-xxxxx-xxxxx /AcceptEula
If you have a KMS host running in your deployment, then you can use a KMS Product key for activation or you can use the KMS key to convert the Evaluation version to licensed and then (after the conversion), to change the product key and activate Windows by using the slmgr.vbs /ipk command.
Using Rsync for backup
First you need to install Cygwin, with the ssh client and rsync client.
Here is a useful bat file to rsync some directories back to your ssh server.
@echo off set user=cooperd cd c:/Users/%user% for %%F in ( Documents Desktop ) do ( echo %%F %1 rsync -avz %1 -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i c:/Users/%user%/.ssh/backup_key -2 -p022"^ %%F xxxx@yyyy.com:/data/backup/windows/%user%/ )
Adjust the username as required. Also the username for the ssh server, the server and possible the -p022 to specify the ssh port
Building Windows to go notes
partition disk.
Command Prompt with administrative rights
diskpart, (if you have already used the drive letters suggested below choose a different one and substitute it in the commands.)
List the available disks by running "list disk" and you should see your usb device.
Select your USB drive by typing "select disk #" and hit Enter. For example, “select disk 1”.
Clean the partitions on the disk by typing "clean" and hit Enter.
Now create the boot partition by running the following command:
create partition primary size=350 Now create the OS partition by running the following command to create a partition taking up all remaining space: create partition primary The boot partition needs to be formatted, configured and assigned a drive letter, run the following commands: select partition 1 format fs=fat32 quick active assign letter=b (if the b drive letter is already in use on your PC, substitute a different letter and replace b with your letter throughout the rest of this guide) The same must be done for the OS partition, run the following different commands: select partition 2 format fs=ntfs quick assign letter=o (if the o drive letter is already in use on your PC, substitute a different letter and replace o with your letter throughout the rest of this guide) Exit Diskpart by typing Exit.
Extract wim file.
(from the windows 8/8.1 install media) sources directory.
dism /apply-image /imagefile:c:\path\install.wim /index:1 /applydir:o:\
add drivers (optional)
dism /image:u:\ /add-driver /driver:*BootCamp Directory*\Drivers /recurse
make bootable
o:\windows\system32\bcdboot o:\windows /f ALL /s b:
Revert windows 10 VPN connection to older type 'connect' button
Open regedit (WIN+R and type regedit.exe)
Go to
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ControlPanel\Settings\Network
Take ownership of the “Network” key/folder (rightclick, Permissions)
Select “Advanced” in the Permissions window In the Advanced window,
select “Change” where the owner field is (top of the window)
Type in your username and save your changes. Close the advanced window.
Now select “Administrators” in the security tab. Make sure “Full control” is selected, then apply changes.
Now that’s done, double click “ReplaceVan” Change it’s value to 2
Certificates
Check key / cert are mached (also csr )
checking the modulus and the public exponent portions in the key and the Certificate must match.
But since the public exponent is usually 65537 and it's bothering comparing long modulus you can use the following approach:
$ openssl x509 -noout -modulus -in server.crt | openssl md5 $ openssl rsa -noout -modulus -in server.key | openssl md5
And then compare these really shorter numbers.
if I want to check to which key or certificate a particular CSR belongs you can compute
$ openssl req -noout -modulus -in server.csr | openssl md5
Re-install Grub / fix partitions
Boot from the live CD or live USB, in "Try Ubuntu" mode.
Determine the partition number of your main partition. GParted (which should already be installed, by default, on the live session) can help you here. I'm going to assume in this answer that it's /dev/sda2, but make sure you use the correct partition number for your system!
Mount your partition:
sudo mount /dev/sda2 /mnt #Replace sda2 with your partition number Bind mount some other necessary stuff:
for i in /sys /proc /run /dev; do sudo mount --bind "$i" "/mnt$i"; done
chroot into your Ubuntu install:
sudo chroot /mnt At this point, you're in your install, not the live session, and running as root. Update grub:
Remember to use blkid to get the UUID's for changing in the fstab before re-installing grub.
update-grub If you get errors, go to step 7. (Otherwise, it is optional.)
Re-install grub on new disk etc - alternative version
Terminal Commands
Mount the partition your Ubuntu Installation is on. If you are not sure which it is, launch GParted (included in the Live CD) and find out. It is usually a EXT4 Partition. Replace the XY with the drive letter, and partition number, for example: sudo mount /dev/sda1 /mnt.
mount /dev/sdXY /mnt
Now bind the directories that grub needs access to to detect other operating systems, like so.
mount --bind /dev /mnt/dev && mount --bind /dev/pts /mnt/dev/pts && mount --bind /proc /mnt/proc && mount --bind /sys /mnt/sys
Now we jump into that using chroot.
chroot /mnt
Now install, check, and update grub. This time you only need to add the drive letter (usually a) to replace X, for example: grub-install /dev/sda, grub-install –recheck /dev/sda.
grub-install /dev/sdX grub-install --recheck /dev/sdX
Remember to use blkid to get the UUID's for changing in the fstab before re-installing grub.
blkid /dev/sXX1 (root partion, etc) >> /etc/fstab
Once you have all the id's edit the fstab file and replace the old id's with the ones now at the end of the file from above commands. Clean up and save the file
Then re-build the grub menu
update-grub --recheck /dev/sXX (disk to use)
Now grub is back, all that is left is to exit the chrooted system and unmount everything.
umount /mnt/sys && umount /mnt/proc && umount /mnt/dev/pts && umount /mnt/dev &&
Shut down and turn your computer back on, and you will be met with the default Grub2 screen.
You may want to update grub or re-install burg however you like it.
Electronics Related
433mhz 1ch radio module
mini rf module
press 8 times to delete any codes (that would be the learning button!)
press 1 time for momentary use, then send a code
press 2 times for toggle, then send code.
press 3 time for latch mode, then send first code(on) followed by second code(off)
You need to delete codes to change modes(8 presses). Codes from 28280 upwards seem to work ok.
Microphone pre-amp for apple mac
This simple circuit was built on vero board in a matter of 40 mins. Not pretty but it was made of mostly second hand bits, infact two of the resistors bellow where from a PC board from a 1980's computer!
Arduino Atmega8 using internal 8mhz clock
How to add atmiga8 chip to the IDE interface for Arduino, this is for the old version 1.0.6. I've never bothered using the later versions but I would think is mostly the same
Change to the optiboot directory (this is on the Mac OS X version, for windows just look for the bootloaders directory
cd /Applications/Arduino.app/Contents/Resources/Java/hardware/arduino/bootloaders/optiboot/
Add this to the Makefile, I would suggest just after the existing atemga8 section, I used the letter i to indicate internal clock
atmega8i: TARGET = atmega8 atmega8i: MCU_TARGET = atmega8 atmega8i: CFLAGS += '-DLED_START_FLASHES=3' '-DBAUD_RATE=38400' atmega8i: LDSECTIONS = -Wl,--section-start=.text=0x1e00 -Wl,--section-start=.version=0x1ffe atmega8i: AVR_FREQ = 8000000L atmega8i: $(PROGRAM)_atmega8i.hex atmega8i: $(PROGRAM)_atmega8i.lst atmega8i_isp: atmega8i atmega8i_isp: TARGET = atmega8 # 2.7V brownout atmega8i_isp: HFUSE = CC # internal clock 8mhz atmega8i_isp: LFUSE = A4 # 512 byte boot atmega8i_isp: EFUSE = 04 atmega8i_isp: isp
You can then make the boot loader with the omake command (on the Mac you have to chmod +x omake first)
./omake atmega8i
(you will end up with a " optiboot_atmega8i.hex ") file in the directory,
Next add these lines to the boards.txt file (normally at the bottom of the file)
This adds two entries to your board selection the first 8-16MHZ is for Crystal clock, the second (8mhz) is the internal clock version at 8mhz. You can change the fuse bits to get other clock speeds if you need them.
############################################################## opti8.name=Arduino Optiboot-Atmega8-16 opti8.upload.protocol=arduino opti8.upload.maximum_size=7680 opti8.upload.speed=115200 opti8.bootloader.low_fuses=0xbf opti8.bootloader.high_fuses=0xcc opti8.bootloader.path=optiboot #opti8.bootloader.file=optiboot_atmega8-16.hex opti8.bootloader.file=optiboot_atmega8.hex opti8.bootloader.unlock_bits=0x3F opti8.bootloader.lock_bits=0x0F opti8.build.mcu=atmega8 opti8.build.f_cpu=16000000L opti8.build.core=arduino opti8.build.variant=standard ############################################################## ############################################################## opti8i.name=Arduino Optiboot-Atmega8-16 (8mhz) opti8i.upload.protocol=arduino opti8i.upload.maximum_size=7680 opti8i.upload.speed=38400 opti8i.bootloader.low_fuses=0xa4 opti8i.bootloader.high_fuses=0xcc opti8i.bootloader.path=optiboot opti8i.bootloader.file=optiboot_atmega8i.hex opti8i.bootloader.unlock_bits=0x3F opti8i.bootloader.lock_bits=0x0F opti8i.build.mcu=atmega8 opti8i.build.f_cpu=8000000L opti8i.build.core=arduino opti8i.build.variant=standard ##############################################################
Arduino Atmega328 using internal 8mhz clock
How to add atmiga328 chip to the IDE interface for Arduino, this is for the old version 1.0.6. I've never bothered using the later versions but I would think is mostly the same
Change to the optiboot directory (this is on the Mac OS X version, for windows just look for the bootloaders directory
# Standard atmega328, using 8Mhz internal RC oscillator # atmega328i: TARGET = atmega328 atmega328i: MCU_TARGET = atmega328p atmega328i: CFLAGS += '-DLED_START_FLASHES=3' '-DBAUD_RATE=38400' atmega328i: AVR_FREQ = 8000000L atmega328i: LDSECTIONS = -Wl,--section-start=.text=0x7e00 -Wl,--section-start=.version=0x7ffe atmega328i: $(PROGRAM)_atmega328i.hex atmega328i: $(PROGRAM)_atmega328i.lst atmega328i_isp: atmega328 atmega328i_isp: TARGET = atmega328 atmega328i_isp: MCU_TARGET = atmega328p # 512 byte boot, SPIEN atmega328i_isp: HFUSE = DE # Int. RC Osc. 8MHz, slowly rising power-65ms atmega328i_isp: LFUSE = E2 # 2.7V brownout atmega328i_isp: EFUSE = 05 atmega328i_8_isp: isp
You can then make the boot loader with the omake command (on the Mac you have to chmod +x omake first) ./omake atmega328i (you will end up with a " optiboot_atmega328i.hex ") file in the directory, Next add these lines to the boards.txt file (normally at the bottom of the file) This adds an entry to your board selection,"ATmega328 Optiboot 8MHz Int. RC Osc.". You can change the fuse bits to get other clock speeds if you need them.
############################################################## atmega328i.name=ATmega328 Optiboot 8MHz Int. RC Osc. atmega328i.upload.protocol=arduino atmega328i.upload.maximum_size=30720 atmega328i.upload.speed=38400 atmega328i.bootloader.low_fuses=0xE2 atmega328i.bootloader.high_fuses=0xDE atmega328i.bootloader.extended_fuses=0x05 atmega328i.bootloader.path=optiboot atmega328i.bootloader.file=optiboot_atmega328i.hex atmega328i.bootloader.unlock_bits=0x3F atmega328i.bootloader.lock_bits=0x0F atmega328i.build.mcu=atmega328p atmega328i.build.f_cpu=8000000L atmega328i.build.core=arduino atmega328i.build.variant=standard ##############################################################