closingtags </> – Page 5 – web development and then some
Categories
Linux

A Brief Introduction to the Lemur Pro by System76

I’ve been in the market for a new laptop since the battery died on my secondhand Samsung. Even the replacement (aftermarket) batteries I found for it would only give me 2 hours of usage for the first month and then drastically drop off to 45 minutes. Having to hunt for an outlet everywhere I took it was so much of a nuisance that I couldn’t comfortably use it in my own living room.
So when I saw that System76 announced they were releasing a new laptop that claimed 14 hours of battery life, my mind was made up. I was going to have that machine.
Which brings us to this post. I’ve taken a new approach in an effort to brag share my first impressions with the world by creating videos. I’m well aware that the video quality isn’t great and that’s because I don’t know the first thing about video recording, editing, sound, light, etc. Also, I’m lazy.

Unboxing

Disassembly
System76 is kind enough to provide repair manuals but it’s really simple to get inside and gain access to various components.

Keyboard + Trackpad
The backlit keyboard has 4 different brightness settings as well as the capability of being shut off. The only real complaint I’ve had about the keyboard is that the space bar is so soft that I sometimes wonder if I actually hit it. The arrow keys are quite close together but if you’re doing most of your writing in Vim (I am), it’s not that big of a deal. The trackpad took some getting used to since I’m so used to having physical clickers but the two-fingered tap for right click is has worked really well.
Display
Being such a small form factor with an HD screen, it’s actually quite difficult to read some text. It may just be that my glasses prescription needs to be updated (it desperately does) but I kept finding myself having to bring the device closer to me so I could read it. I’m probably just getting old. In any case, it was an easy fix in the Pop Shell/GNOME accessibility settings. I’ve also turned up the interface size to 125% on applications like Telegram and increased the font size in Firefox to make it easier to read at a comfortable distance.
Battery
Having only had the laptop for a day, there’s not really much that I can say about the battery life yet except that it’s a huge step up for me. I’ve put around 6 hours of actual usage onto and it still has 55% battery left with an estimated 7 hours. During that time, I’ve updated the firmware, the packages, installed around half of the tools needed to do my day-to-day work, streamed music, written this post, cloned my dotfiles repo, and just played around with it.
Update (5/23/20): After using the Lemur Pro for a couple of weeks now, I’ve been averaging a little over 12 hours of usage. That typically includes running a VM for web development, a chat client, email, a browser with multiple tabs, and Vim. Going from less than 10% battery back to 100% typically takes about 5 hours. The only gripe with charging is that the charging cable is the very short. Fortunately, its simple enough to purchase a longer length of cable to use with the charger.
Pop OS
Pop OS 20.04 really steals the show on this machine. I did not expect to be as excited about it as I currently am. Having tiling functionality baked into GNOME with Vim keybindings really gives you the best parts of window managers like i3-gaps and gnome-shell. It’s easy to move between windows and workspaces. I never really used workspaces in GNOME before because it was just so awkward to drag and drop windows to a new location and get them setup how I wanted them. But with tiling built into the Pop Shell, I can use my trackpad to select a workspace or Super + Ctrl + H, J, K, or L to cycle through them. I’m not sure I’m the best person to do an in depth review of Pop OS so if you’re curious about it, you should read everything System76 has done with it. It works really well. I’ve not tried Regolith Linux but that project seems to attempt to solve similar problems that the Pop Shell has.

All of the extensions that come pre-loaded displayed on the gnome shell extensions website via the gnome shell extensions browser add-on.

Competition
As I said earlier, I did some shopping around before settling on the Lemur Pro. The most obvious competitor is the Dell XPS 13 Developer Edition but when I selected a model with similar specifications to this particular Lemur Pro, I was surprised to find that the Lemur Pro was cheaper than the XPS 13.

Granted, the Dell XPS comes with a higher resolution display but the battery life isn’t nearly what the Lemur Pro is and it doesn’t allow for multiple storage devices. It was a no brainer for me, because I also got to support a smaller US based company that is promoting free software.
I never in a million years would buy a Macbook Pro, but I was curious about the difference in price point and, well, I wasn’t surprised that it clocked in at more than $1000 than the Lemur Pro.

Obviously, Apple devices come with an experience that is fine tuned to their environment but I don’t know if I could justify spending so much when other quality options are available.
I had also considered a Surface Pro but unsurprisingly, it was also prohibitively expensive.

3 month update
After using the Lemur Pro for about 3 months now, I have noticed a few issues. The first and most notable being the Page Up/Page Down keys on the keyboard. Because of how often I use those buttons (default keybinding in GNOME terminal tabs), I find it difficult to correctly get to even the arrow keys. If you’ve got fat fingers, this could be a deal breaker for you.
Secondly, the System76 logo on the laptop is just a sticker, which makes sense when you think in terms of the laptop being a rebranded Clevo device. While some people might think this is a downside, it’s also means you can peel the logo off with a tweezers and some GooGone to get a completely nondescript black laptop.
And finally, I’ve noticed some strange issues with WiFi cutting out after resuming from suspend. This has only happened recently which makes me think it was an update that introduced the problem. I try to keep my systems as up to date as possible, but there’s always a chance that something will break in doing so. Hopefull, System76 can address it soon as this seems to be my number one usability issue so far.

For more reading, checkout what these fine folks had to say:
Lemur Pro Review
Unboxing the Lemur Pro
Beyond The Specs: These 2 New Linux Laptops Aren’t Created Equal
If you have questions about the laptop or would like to add some thoughts, leave a comment or contact me and I’d be happy to chat with you about it.

Categories
Linux Programming

Bulk Image Compression via CLI

Occasionally, I like to share HD photos but they always end up tens of megabytes in size and large files can be a pain send to family and friends. To circumvent this, I make sure to do some image compression before ever sending the images. It’s also very helpful when posting images to a website as large files means longer load times for users (and users don’t like that). So when I wanted to add many photos to a blog post but didn’t want to resize and compress each file manually, I had to figure something else out. A quick search led me to this post that reminded me of the power of Imagick. I’ve used it in the past to generate thumbnails based on PDFs so I knew it had a command line interface but this trick takes it to a whole new level. You’ll need to install imagick (available from most package managers) but once done, the command looks like:
mkdir compressed;for photos in *.jpg;do convert -verbose “$photos” -quality 85% -resize 1920×1080 ./compressed/”$photos”; done
Running this command from the directory your images are located in will 1.) create a new sub-directory to add your compressed files to, 2.) run a for loop through all jpegs in the current director, 3.) create a new image file with the same name in the sub-directory with the dimensions of 1920×1080 pixels and compress it by 15%. This one command saved me so much time, I had time to write another post about it.

Categories
Linux Server Yii2

Starting Systemd Services with Vagrant machines

I recently ran into a minor inconvenience with a configuration on one of my Vagrant machines. You see, I’m implementing a queueing service on an application and I needed that service to be started whenever the machine starts up. Normally, this is quite simple and is done by creating a file named myservice@service in /etc/systemd/system with content like so:
[Unit]
Description=My Queue Worker %I
After=network.target
[Service]
User=www-data
Group=www-data
ExecStart=/usr/bin/php /var/www/my_project/my_script –verbose
Restart=on-failure
[Install]
WantedBy=multi-user.target
Then run systemctl daemon-reload and systemctl enable myservice@1 myservice@2 to start two workers on system boot. Reboot your system, run systemctl status myservice@* and you should see both of those services running.
The problem with doing this on Vagrant occurs when the file your service is attempting to run is located in the shared folder that doesn’t end up getting mounted until the system has already started all services. But Vagrant has that handy file for provisioning and it can do all sorts of neat things like run shell commands after provisioning. To get these very same services to start up in a Vagrant VM, you simply need to add this bit to your Vagrantfile:
Vagrant.configure(“2”) do | config|
config.vm.provision “shell”, run: “always”,
inline: “systemctl start myservice@1 myservice@2”
end
Because this is a change to the Vagrantfile, you’ll have to re-provision the VM with vagrant reload –provision. This will shutdown the currently running VM, and re-run all provisions. Normally, these provisions are only run during the provisioning stage of Vagrant but because we added the run: “always” flag, this snippet will be run every time the machine is started. Now, once you’ve booted your VM with vagrant up, ssh into it with vagrant ssh and you should be able to run systemctl status myservice@* to see all of your services running.

Categories
Linux Server

Automating Proxmox LXC Container Creation, Updates, and more with Ansible

I love tinkering with my homelab but there is always a fear in the back of my mind, that one of my servers is running an outdated package that is being actively exploited. I don’t want to spend my free time cleaning up a mess that some nefarious party has made of my servers and network; I want to tinker! I like to keep everything up to date to prevent that, but I hate having to navigate my way into each and every server to run the updates manually. I’m a fan of automating anything that I have to do more than a couple times so I started researching Ansible.
If you’re doing any sort of server management or application deployment, you really ought to be looking into using this tool. It’s simple to get setup with and once you put in the initial time investment, it will undoubtedly save you time. Now when I want to update all of my servers, I can run two commands from my terminal. But it doesn’t just stop at updating servers, oh no. If I want to create a new server, it’s a matter of copying/pasting an existing configuration from one of my “playbooks,” changing a couple variables, and running the playbook. Just like that, I’ve got a brand new server running on my network.
By now, you agreed that Ansible is great and you should be using it, so how can you get started? I’ve got a repo setup on Github where I’ve shared what I have so far. If you’re looking to start using Ansible to automate Proxmox, I’ve done some of the heavy lifting already. A lot of what I have there, is taken from Nathan Curry’s post on his website. Give that a read first, then come back to my repo where you can tweak to your heart’s desire.
 

Categories
Security

Kernelcon – An Epic Gathering of Hackers

Over the past weekend, I had the pleasure of attending Kernelcon 2019 in Omaha, Nebraska and this conference has become my new yearly pilgrimage. If I never go to any other conferences ever again and only went to this one, I’d be perfectly happy with that. What made it so great?
Organization

This conference was incredibly well organized. Not only was our parking paid for, but upon arrival we were greeted by these vinyl pillar wraps which made it immediately clear this conference had thought of everything. After registering, we were given our swag bags which were loaded with stickers, quality notebooks, pens, extra soft t-shirts in our size, our conference badges, and an assortment of goods from various sponsors.

Yes, I wore my WordCamp Omaha 18 shirt in hopes of shamelessly cross promoting a conference I helped organize.

The badges were fully functioning circuit boards that came with 5 LED lights and programmed to allow attendees to changes colors and patterns. Not only was that fun, but they were hackable! People could take their badges to the Hardware Hacking Village in the conference to extend their badges and add even more blinking lights. Along with the actual badges, the conference had a thoughtful privacy policy communicated via two different colored lanyards; if you wore the provided yellow lanyard, it meant that you were not interested in having your picture taken whereas if you wore the black lanyard, it meant you didn’t have a preference. Reminders were posted all around the convention since this was a security conference and people interested in security also tend to be interested in privacy. For the most part, everyone I encountered was very respectful of this policy.

Experience
I didn’t get a chance to attend the morning keynote as the first day, the workshop I wanted to attend started right away in the morning. But I can’t complain all that much because the workshop was fantastic. In it, we assembled an ODROID-GO. Now, this may look like a simple gaming emulator but it’s so much more than that. After installing a few things like the Arduino IDE and some packages that integrate it nicely with the ODROID-GO, we got to tinkering. Click here for the workshop syllabus repository.

Fully assembled ODROID-GO

Some sample tetris code that I didn’t personally write, but could tinker with if I felt so inclined.

Photoresistor (light sensor) with code that prints out sensor reading to the LCD.

After wiring up the bread boards to work with some extra power, we added an ultrasonic sensor (sonar) to measure distance and print the results to the LCD.

Not only did we do these fun little projects, but we also wired up our boards to work with temperature sensors, connected them to a WiFi access point, and reported the temperature data to a server on the network. That’s right, this gameboy-looking device has WiFi on board, and can even connect to Bluetooth. There are so many possibilities!
Along with the workshops, there was a conference wide Capture The Flag (CTF) challenge where attendees could sign up as a team or individual, and score points for competing various challenges like “hacking” a server on the network, finding hidden WiFi access points, or picking locks. I wanted to participate, and even made some friends at the conference who also wanted to but we were so busy practicing lock picking, that we never got around to it.

In the lock picking village, instructors were setup with videos and directions teaching anyone who was interested in learning.

After practicing on beginner locks, I successfully picked my first real lock; a lock that happens to be one of the most common available to consumers.

I also learned how to shim handcuffs with nothing more than a bobby pin.

The second day, I brought my two year old to the conference who SUCCESSFULLY PICKED HIS FIRST LOCK. Granted, I held the tension wrench down for him but he raked the pins all by himself.

I’ve blurred out any potential PII so as to not violate the privacy of patients.

The conference didn’t have a shortage of hackers doing what they do. One attendee, setup his software defined radio (SDR) and tuned it to the frequency of pagers. What does this mean? It means that this person was able to see all things sent back and forth between these devices since they are broadcast over the air like how any wireless technology is. Unfortunately for some of the patients at local hospitals, their personally identifying information was captured and shown to the world. Let this be a reminder to everyone to take their privacy seriously.

This conference took an interesting approach by not providing food to conference attendees and instead, opted for a lunch break. I think most people could appreciate this as it left lunch plans up to attendees and drove economic incentives for Omaha by bringing business into the downtown area. However; supper and drinks were provided at the after party thanks to sponsors. Along with sustenance, the after party made for a great opportunity for attendees to socialize. Mini-games were held, as well as “Who’s Slide is it Anyways” where participants were assigned a presentation with pre-made slides (unseen by them until the presentation) that were on a wide variety of topics like the History of Bitcoin, Why Sloths are Awesome, and my favorite; Corn. Why was corn my favorite? Because it’s the presentation my co-worker and I ended up giving AND WINNING.

Giving a 10 minute presentation on corn is tough, but Jordon and I pulled it off.

As I mentioned before, I brought my two year old with the second day. Not only did he have a blast picking locks, but he also enjoyed some of the games that were available like the Jurrasic Park arcade game. He wanted to play in the Super Smash Bros. tournament, but we’re not quite ready to compete at the level that the hardcore players were.

We played this game together a lot and even made it in the official Kernelcon’s tweets.

He had to play a couple rounds with Jordon as well.

https://twitter.com/_kernelcon_/status/1114551537081225216

Speakers & Presentations
All this, and I haven’t even gone into the different talks by all the great speakers. I know a few wished they had more time, and so did attendees, but there was so much to cram into our two short days. If I had one complaint about the entire conference, it would be that I didn’t get to participate in nearly as many workshops or watch all the talks I wanted to. Decisions had to be made to make the most out of my time but I still managed to see plenty of security focused talks loaded with tips and information about how to become a better developer.

Wrap It Up
At the end of the conference, organizers surveyed attendees to find out what was good, what was not good, where there were hangups, and how people felt overall. I think it was very much appreciated by attendees as everyone who wanted to tell them thank you, was given that opportunity. Prizes for the the after-party games were awarded, along with CTF and the Smash Bros. tournament. Some of those prizes included the Wifi Pineapple (a $200 device), various Arduino boards, and Raspberry Pi’s (a favorite device for hackers). Winners of the CTF were awarded the most coveted prize of all: the Eternal Kernel, a badge that got them free admission to every future Kernelcon. Gasps could be heard throughout the crowd upon this announcement. I’m sure the competition will be ferocious next year.
This is getting to be a very long post so let me just close by saying that Kernelcon was an incredibly well done conference that I can’t wait to attend again. I met lots of interesting people, made some new friends, and learned so much. Big thanks to the volunteer organizers of Kernelcon for putting on one hell of a conference.

All the goodies I took home from the conference with cute pup tax.

Categories
PHP Programming Security WordPress

I Gave a Talk

I recently had the opportunity to give a presentation in front of a live audience with real human beings at the WP Omaha meetup group. For my first technical talk, I thought things went pretty well. There were some minor hiccups with my connection to the live stream cutting out (and poor audio quality), but most of it was the talk was recorded and uploaded to the WP Omaha YouTube page.
https://www.youtube.com/watch?v=Scs_0gaVXoA&t=85
The talk itself was a security talk aimed at developers where we hacked a site installed on my computer in real time, analyzed the vulnerability within the code, and discussed how this could be prevented in the future. If you’re interested, the presentation can be downloaded here.

Categories
Server

DDNS with Cloudflare API

Cloudflare is fantastic but they aren’t a common option for setting up DDNS on your average home router like other services are. Fortunately, it’s super simple to get around this minor inconvenience with the help of their thoroughly documented API. If you’re interested in hosting a website on your own network, are using Cloudflare’s DNS service, and have the problem of your IP changing frequently, then look no further; I’ve done the legwork already.
I took the liberty of borrowing some code I found from Rohan Jain. His post is great and explains how to get your script running as a systemd service. I was lazy and just set the script below to run every 5 minutes in cron job because it’s simple.
To get your DIY DDNS solution up and running follow these steps:

save the bash script from below to a machine on your network
get the appropriate credentials for the script (Cloudflare Email, Auth token, Zone ID, DNS ID, and domain name)
put credentials in the script
create a cron job that runs the script at your desired interval

Categories
WordPress

WordCamp Omaha 2018 Great Success

It was all worth it to see my face on the big screen for the morning announcements

This year, I had the pleasure of giving back to the WordPress community by helping organize WordCamp Omaha 2018.  Not only did I lend a hand with the website, I also planned and managed volunteer activities. I learned a lot about putting an event like this together and had a great time doing it with awesome people. I won’t lie; there were times that I considered backing out of it and giving up but in the end, I’m glad I stuck with as the whole event turned out really well.

Our venue, Mammel Hall at University of Nebraska at Omaha, was awesome. Aside from a couple technical hiccups with speaker laptops not having the proper ports and scrambling to find the correct adapter, everything went smoothly.

The atrium was huge with oh-so-cozy seating. Seriously. Look at those chairs!

Zac Gordon (https://javascriptforwp.com/) gave an excellent talk about Gutenberg and its role in the future of WordPress. I’ll be honest, I was skeptical before his talk but afterwards, I’m a little more comfortable with the change.

After the event, WCO18 treated speakers and sponsors to dinner at Taco Co!

The Taco Co building is an old bank so when you go to use the restrooms, you’re standing where the vault used to be.

We hosted an after-party at Beercade in Benson which was a hit with the WordCamp crowd. In their basement, the games are free (if you reserve the room, otherwise it’s a $3 cover charge to get into the basement)!

The basement just before the WordCamp crowd showed up. There’s also a Wii hooked up to a projector to the right and a fully stocked bar to the left.

I always make it a point to grab as much swag as possible at WordCamps. My goal is to have a complete wardrobe full of free WordCamp shirts.

If you’re a WordPress user of any skill level; complete newbie, expert admin, or a rockstar developer, I would highly encourage you to find a WordCamp near you and attend it. Better yet, volunteer at it and you’ll probably get in for free! There’s a little something for everyone, it’s a great opportunity to meet interesting people, and it’s incredibly fun.

Categories
Linux Security Server

Converting Privileged LXC Containers to Unprivileged

Not long ago, I was looking through my container configurations in the Proxmox GUI and noticed that one very important container had been running as privileged. I must’ve forgotten to click the “Unprivileged” checkbox when I was creating it. For security sake, I try making all of my containers unprivileged. It makes things like sharing files between the host and containers slightly more difficult, but if that particular container is ever compromised by someone with malicious intent, it makes it much more difficult for that malicious actor to compromise the entire host. See the Proxmox documentation on unprivileged containers for more information.
To make this particular container more secure, and to avoid having to set everything up again, I thought it might be easier to simply try and converting it to an unprivileged container. While you can’t just shut the container down, go into the GUI and mark it unprivileged, you can create a backup and make a new container from that backup unprivileged. If you clicked the link to the Proxmox documentation from earlier, you’d see just what I was talking about. In it, you can see under the Creation section, that all you need to do is run
pct restore 1234 var/lib/vz/dump/vzdump-lxc-1234-2016_03_02-02_31_03.tar.gz
-ignore-unpack-errors 1 -unprivileged 
where the first 1234 is your new container ID, and the second (in the backup file) is the old container ID. You can overwrite the previous container with the restore, but it might be a safer bet to just create a new container and then shutdown your old one.
You can also do this through the GUI by navigating to the backups of your container, selecting your backup, and clicking restore. However, when I ran it through the GUI, it gave errors and destroyed the container. Thank goodness for backups, right? Even when running the above command in the CLI, I received errors. Fortunately, they were easy enough to troubleshoot. If you see something like
400 Parameter verification failed.
storage: storage ‘local’ does not support container directories
then you’ll need to specify your storage. This is easy enough to get around by providing the –storage option and selecting the proper storage location. In my case, the entire command looked like
pct restore 1234 /var/lib/vz/dump/vzdump-lxc-1234-2018_05_25-10_29_59.tar.lzo
-ignore-unpack-errors 1 -unprivileged –storage local-zfs.
With that done, you can start up your new container and use it the same way you were before, but this time, it’s a little more secure.

Categories
Javascript Programming

Javascript Factorial Function w/Recursion

This is a fun quick one that you can do right in the Firefox browser, like I did! Open up Firefox, press F12 to open the developer tools, and open the scratchpad. If you don’t see it, don’t worry; you can show it in the Toolbox Options under Default Developer Tools.
As the title says, this is a function that calculates the factorial function of an integer. For those of you who haven’t had to calculate a factorial since high school *cough* me *cough cough*, the factorial function (symbol: !) says to multiply a series of descending natural numbers. For instance, if we wanted to calculate 4!, we would multiply `4 * 3 * 2 * 1` to get our answer. Simple enough, right? Wait until you see the code to do this; it’s mind boggling how simple it is:
https://gist.github.com/Dilden/43a0a51c16798aa627fc9e078b56a917
The first thing we do is declare our function name, followed by the check of our number to see if it’s greater than 0. If it is, we call the very same function we are inside of but we pass the next descending number in our list of integers. Once we reach 0, we stop multiplication. Then call our function with different numbers to test it out. Easy enough, right?
I’m aware that this is a simple problem but a friend had pointed out some crazy ways that this problem was solved and I wanted to take a quick shot at it. I had fun with it and I hope you do too. If you’ve got a creative solution, post it in the comments below!