Monday, August 29, 2022

Chrome ERR_CERT_INVALID

I never knew….
If you cannot continue in Chrome because of an ERR_CERT_INVALID error, even after pressing Advanced: there’s a secret passphrase built into the error page. Just make sure the page is selected (click anywhere on the background), and type `thisisunsafe`

Sunday, July 24, 2022

ffmpeg reminder

Personal reminder:

Download latest: https://ffmpeg.org/download.html
Run ffmpeg -i MyMovie.mkv and look for stream info, e.g.:

Stream #0:0: Video: h264 (High), yuv420p(tv, bt709/unknown/unknown, progressive), 1920x800, SAR 1:1 DAR 12:5, 23.98 fps, 23.98 tbr, 1k tbn, 47.95 tbc (default)
Stream #0:1(dut): Audio: ac3, 48000 Hz, 5.1(side), fltp, 448 kb/s
      title           : Dutch
Stream #0:2(dut): Audio: ac3, 48000 Hz, 5.1(side), fltp, 448 kb/s
      title           : Flemish
Stream #0:3(eng): Audio: ac3, 48000 Hz, 5.1(side), fltp, 448 kb/s
      title           : English
Stream #0:4(dut): Subtitle: subrip (default) (forced)
Stream #0:5(dut): Subtitle: subrip
Stream #0:6(eng): Subtitle: subrip

Say, I would like to have the video with the Flemish audio and all the subtitles (since they don’t take that much space)

ffmpeg -i MyMovie_2160p.mkv -vf scale=640:-2 -ac 2 -af "pan=stereo|FL=FC+0.30*FL+0.30*BL|FR=FC+0.30*FR+0.30*BR" -map 0:v:0 -map 0:a:1 -map 0:s MyMovie_640p_2ch.mkv
-vf scale=640:-2	= video filter: 640p, -2 means keep aspect ratio for vertical pixels
-ac 2			= (convert to) 2 audio channels
-af "pan=......		= audio filter: copy multichannel audio without losing center channel (dialogs)
-map 0:v:0		= copy first (0) video stream
-map 0:a:1		= copy second (1) audio stream (Start from 0. So 0 would be Dutch, 1 Flemish, 2 English)
-map 0:s		= copy all subtitles 
but if you have non-convertible subtitles (bitmapped), then first map the desired sub and copy, e.g.: -map 0:s:3 -c:s copy

Monday, July 11, 2022

ser2net p1 adapter yaml config

Because i didn’t make a backup. For next time’s reference:

connection: &p1usb
  accepter: tcp,10001
  enable: on
  connector: serialdev,/dev/ttyUSB0,local,115200n81

Older ser2net, shipped with debian buster with ‘just’ a .conf file is easy:

10001:telnet:600:/dev/ttyUSB0:115200 8DATABITS NONE 1STOPBIT banner

Thursday, July 7, 2022

pfSense Multi VLAN DNS (host) overrides

pfSense’s DNS resolver has the ability to do host overrides from the gui, but these are global overrides.
Unbound (the underlaying DNS resolver) has the ability to create DNS views to do different things based on source addresses.
It is located under Services - DNS Resolver - General - Custom options. It is a free format field.

Example:

server:
access-control-view: 10.123.12.0/24 vlan15activedirectory
access-control-view: 10.158.1.0/24 vlan16guest

view:
name: "vlan15activedirectory"
local-zone: "vpn.client.net" static
# adding the host as a zone results in NXDomain lookup

view:
name: "vlan16guest"
local-data: "vpn.client.net. 90 IN A 11.12.13.10"
# adding a specific host and map it to a specific ip

More info: https://unbound.docs … ring/tags-views.html

Friday, March 18, 2022

Run powershell specific function from task scheduler

Executable is powershell.exe. Arguments:

-command "& { . "c:\location\to\script.ps1"; my_function_name }"

Powershell speed hacks

Powershell can be painfully slow when dealing with larger arrays, reading files and listing large directories. Here are some workarounds.

Arrays
Slow:

$myarray = @()
foreach ($x in $y) {
  $myarray += $x
}

Much faster is working with an arraylist:

$myarray = [System.Collections.ArrayList]@()
foreach ($x in $y) {
  $null = $procarray.Add($x)
}

Reading files
Slow:

get-content $filename

Fast:

([System.IO.File]::ReadAllLines($filename))

Listing large directories
Slow:

$items = get-item "\\server\share\*.csv" | sort LastWriteTime

The fastest workaround i’ve been able to find is actually using a dos prompt. Use dir switches for sorting purposes.
Note: dir returns just text, while get-items returns objects with all sorts of properties. It depends on your use case whether this hack is actually usable or not.

$items = cmd /r dir "\\server\share\*.csv" /OD /B

Tuesday, October 5, 2021

Install Windows 11 without TMP 2.0

When Windows 11 complains about your system not being compliant:

  • press shift+F10
  • regedit
  • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\Setup
  • new key: LabConfig
  • new dword value: BypassTPMCheck = 1
  • new dword vlaue: BypassSecureBootCheck = 1

Go back and resume the installation again.

Thursday, February 18, 2021

ESXi 7.0 U1 on a HP DL380p Gen8

Check your CPU here. Mine are Intel Xeon E5-2600 “version 0” series.
Download the HPE customized image

Does it work?
screenshot-from-2021-02-18-21-25-08.png
YES IT DOES.

According to the warning, the future is uncertain. But right now, 7.0 U1 is just fine!

Wednesday, February 10, 2021

Azure/O365/Teams authentication and monitoring bash curl scripts

Authorize for teams.
Replace YOUR_TENANT_ID, YOUR_EMAIL and YOUR_PASSWORD.
Use one of these client_id’s, depending on your usecase.
1fec8e78-bce4-4aaf-ab1b-5451cc387264 (Teams mobile/desktop application)
5e3ce6c0-2b1f-4285-8d4b-75ee78787346 (Teams web application)

auth.sh:

#!/bin/bash

curl -s -X POST https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/token \
-c cookies.txt \
-o auth.blob \
-F grant_type=password \
-F resource=https://teams.microsoft.com/ \
-F client_id=1fec8e78-bce4-4aaf-ab1b-5451cc387264 \
-F username=YOUR_EMAIL \
-F password=YOUR_PASSWORD

This will save your bearer token, amongst others, to auth.blob in a json object.

Because the bearer token is only valid for a certain period of time, you’ll need to refresh it. Here’s how. You’ll need ‘jq’ installed to decompose the json object.
refresh.sh:

#!/bin/bash

REFRESHTOKEN=`cat auth.blob | jq ".refresh_token" | sed 's/"//g'`

curl -s -X POST https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/token \
-c cookies.txt \
-o auth.blob \
-F grant_type=refresh_token \
-F resource=https://teams.microsoft.com/ \
-F client_id=1fec8e78-bce4-4aaf-ab1b-5451cc387264 \
-F refresh_token=$REFRESHTOKEN

In the script you can keep repeating actions, but in order to keep your token active, you can use the following piece of code:

if [ -f "auth.blob" ]; then
  EXPIRES=`cat auth.blob | jq ".expires_on" | sed 's/"//g'`
  NOW=`date +%s`
  TTL=`expr $EXPIRES - $NOW`
  if [ $TTL -lt 60 ]; then
    echo "time for a refresh!"
    ./refresh.sh
  fi
else
  echo "no previous auth present!"
  ./auth.sh
  EXPIRES=`cat auth.blob | jq ".expires_on" | sed 's/"//g'`
  NOW=`date +%s`
  TTL=`expr $EXPIRES - $NOW`
fi

Now you can do the cool stuff like query your calendar or whatever:

#!/bin/bash

BEARER=`cat auth.blob | jq ".access_token" | sed 's/"//g'`
curl -s --write-out "%{http_code}|%{time_total}n" -o bla.txt "https://teams.microsoft.com/api/mt/emea/beta/me/calendarEvents?StartDate=2021-02-07T23:00:00.000Z&EndDate=2021-02-14T23:00:00.000Z" \
-H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Teams/1.3.00.30866 Chrome/80.0.3987.165 Electron/8.5.1 Safari/537.36" \
-H "authorization: Bearer $BEARER"

Or verify your local timezone:

#!/bin/bash

BEARER=`cat auth.blob | jq ".access_token" | sed 's/"//g'`

date "+%Y.%m.%e %T %N"
curl -v 'https://teams.microsoft.com/api/mt/part/emea-03/beta/me/calendarEvents/timeZoneSettingsWithOffset?timezone=Europe%2FAmsterdam' \
-H "authorization: Bearer $BEARER" \
-H 'authority: teams.microsoft.com'
echo ""
date "+%Y.%m.%e %T %N"

Sunday, December 6, 2020

The Linux Desktop project

Since my work laptop is too restricted, i’m trying to set up Ubuntu on a USB stick and boot from there.
Actually, it has proven to be a very smooth experience so far. I’m impressed by the overall speed and battery performance.

Couple of things i must not forget.
WORK IN PROGRESS

Get some essentials:

sudo apt install curl ffmpeg keepassxc

Latest Google Chrome Browser: link
Latest Citrix Workspace (Receiver): link
Latest Citrix RTME (HDX for Skype): link

After installing the ica client:

sudo ln -s /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts
cd /opt/Citrix/ICAClient/keystore/cacerts
sudo wget https://www.quovadisglobal.com/wp-content/files/media/quovadis_quovadisrootca2.pem
sudo /opt/Citrix/ICAClient/util/ctx_rehash

modify /opt/Citrix/ICAClient/config/wfclient.template before making the first connection

MSLocaleNumber=0x00000413
KeyboardLayout=US-International

Also: modify /opt/Citrix/ICAClient/config/All_Regions.ini

MouseSendsControlV=False

Lastly:

sudo apt-get install --reinstall libcanberra-gtk-module
/opt/Citrix/ICAClient/util/configmgr (for mapping local drives)

Install Microsoft Teams:

sudo curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
sudo echo "deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main" > /etc/apt/sources.list.d/teams.list
apt update
apt install teams

Connecting to exchange web services (for calendar sync)

sudo apt install evolution-ews

Google drive support e.g. for keepass

sudo add-apt-repository ppa:alessandro-strada/ppa
sudo apt-get update
sudo apt-get install google-drive-ocamlfuse

edit ~/.gdfuse/default/config and set mv_keep_target=true

mkdir ~/Documents/GoogleDrive
google-drive-ocamlfuse ~/Documents/GoogleDrive

startup file for google drive mount and offline backup of keepass databases:

#!/bin/bash

google-drive-ocamlfuse ~/Documents/GoogleDrive
if [ ! -d ~/BACKUP/keepass/ ]; then mkdir -p ~/BACKUP/keepass/; fi
if [ -d ~/Documents/GoogleDrive/keepass/ ]; then cp -f ~/Documents/GoogleDrive/keepass/*.kdbx ~/BACKUP/keepass/; else echo Offline; fi

gedit json formatter:
Preferences - Plugins - enable External Tools
preferences - Manage external Tools
“+”, give name e.g. “Format Json”, shortcut key Ctrl+Alt+J, input=Current Document, output=Replace current document
code:

#! /usr/bin/env python
 
import json
import sys
 
j = json.load(sys.stdin)
print( json.dumps(j, sort_keys=True, indent=2) )

Kodi:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:team-xbmc/ppa
sudo apt-get update
sudo apt-get install kodi

Youtube-dl:

sudo curl -L https://yt-dl.org/downloads/latest/youtube-dl -o /usr/local/bin/youtube-dl
sudo chmod a+rx /usr/local/bin/youtube-dl
sudo ln -s /usr/bin/python3 /usr/local/bin/python