Reset admin account login

Ive had to do this more than I care to mention. I should really know it by heart now, but the short version is:

  1. boot into the grub menu and select advanced options
  2. head into recover mode
  3. drop to root shell prompt
  4. you’ll need to remount the filesystem that is currently read only:
    mount -o rw,remount \
  5. change the password:
    passwd <your-username>
  6. exit
  7. you’re done, reboot.

For a guide with pictures,

How to reset your password in Ubuntu

Flush DNS cache in Ubuntu

According to quite a few users on Stack Exchange, Ubuntu doesn’t cache DNS queries, but I got into an awkward situation where I couldn’t hit an internal server because my installation was convinced my internal server was being hosted on an external IP. 

It wasn’t entirely incorrect, because the server is (sometimes) available externally, but it’s only as needed. I have a few web serviced that need to be reached from outside and although I could use different ports, for ease, I just change the rules according to what service I want to use that day. I know, it’s very awkward and all I really need to do is set up a reverse proxy, but I am yet to get that done. It’s on “the list”! lol

I am using pfsense and the way I have it set up, the services I develop on need to resolve internally and externally. That means when I type https://subdomain.example.com/ and I am inside my network, I need it to resolve to 10.0.0.10 (for example), but when I am not on the network I need it to resolve to my public IP address.

pfsense handles this perfectly.

What I didn’t realise, is that because I mis-configured something, enquiries locally were hitting my public IP address and being hosted that way. Meaning, my DNS request was being directed to my external IP address instead of my internal one. When I changed the order of the rules to allow a different service access to the HTTPS port, I could no longer access my original service. 

Long story, short: my internal server was being accessed by my computer via the public IP address instead of the internal one. 

I fixed the entries in the firewall and now if I did nslookups and digs on the URL, the correct internal IP was being returned. 

Cool!

But it didn’t work. I still couldn’t access the service I needed, because Ubuntu was still accessing it from the external IP address.

Not Cool!

I restarted the resolver in pfsense in case for some reason it didn’t stick. But that wasn’t it. As I said, diging the firewall was returning the correct IP address, but pinging it was returning the external one. This took some time for me to work out that it was Ubuntu that had cached the URL, and it wasn’t the firewall that was now stopping me from accessing that page. 

Let me show you by example:

subdomain2.example.url (all URLs and IP addresses have been changed to protect the innocent) is responding with an internal IP address.

dave@home:~$ dig subdomain2.example.url

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> subdomain2.example.url
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63440
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;subdomain2.example.url.			IN	A

;; ANSWER SECTION:
subdomain2.example.url.		1655	IN	A	192.168.1.78

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Aug 26 23:58:37 AEST 2018
;; MSG SIZE  rcvd: 57

subdomain1.example.url is returning a public IP address (that’s not desired).

dave@home:~$ dig subdomain1.example.url

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> subdomain1.example.url
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2906
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;subdomain1.example.url.		IN	A

;; ANSWER SECTION:
subdomain1.example.url.	7112	IN	A	69.68.67.66

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Aug 26 23:58:48 AEST 2018
;; MSG SIZE  rcvd: 61

I knew this wasn’t quite right, but I couldn’t work out exactly why. So I asked my router where it thought the domain belongs:

dave@home:~$ dig @192.168.1.1 subdomain1.example.url

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> @192.168.1.1 subdomain1.example.url
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1846
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;subdomain1.example.url.		IN	A

;; ANSWER SECTION:
subdomain1.example.url.	3600	IN	A	192.168.2.111

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Aug 27 00:08:02 AEST 2018
;; MSG SIZE  rcvd: 61

As you can see, the router knows the correct internal IP address, but Ubuntu is getting it from somewhere else. 

dave@home:~$ dig subdomain1.example.url

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> subdomain1.example.url
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33482
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;subdomain1.example.url.		IN	A

;; ANSWER SECTION:
subdomain1.example.url.	6551	IN	A	69.68.67.66

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Aug 27 00:08:09 AEST 2018
;; MSG SIZE  rcvd: 61

Then when I googled and found the above referenced Stack Exchange post and most answers were saying Ubuntu does not cache the DNS request, I just got confused. Not being confident of what I was looking at, I didn’t understand that the server IP address (127.0.0.53#53) was a loop back address for the DNS. I knew the port meant that it was a DNS, but I didn’t understand where it was being served from. Yes, I should have quickly realised it was only a loop back address, but I thought it was coming from the router (because of the DNS port entry).

hence my confusion. When I asked the router directly, it was reporting correct. But the computer was getting it from somewhere else.

And that TTL was killing me. I knew if I rebooted the computer it would more than likely fix the issue (it would have), but I had too many things open and I just didn’t want to go down that path. 

Eventually the light bulb turned on and I realised that Ubuntu simply must be caching it itself and I needed to identify the service and restart it. 

Scrolling right down the Stack post I found my answer. Although there’s several answers with differing methods of restarting the service, I went for the systemctl approach. 

sudo systemctl restart systemd-resolved.service

a ping and a dig confirms we’re good to go:

dave@redbox1804:~$ ping subdomain1.example.url
PING subdomain1.example.url (192.168.2.111) 56(84) bytes of data.
64 bytes from ubology.dav3 (192.168.2.111): icmp_seq=1 ttl=64 time=0.874 ms
64 bytes from ubology.dav3 (192.168.2.111): icmp_seq=2 ttl=64 time=0.295 ms
64 bytes from ubology.dav3 (192.168.2.111): icmp_seq=3 ttl=64 time=0.268 ms
^C
--- subdomain1.example.url ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2006ms
rtt min/avg/max/mdev = 0.268/0.479/0.874/0.279 ms
dave@redbox1804:~$ dig subdomain1.example.url

; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> subdomain1.example.url
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21571
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;subdomain1.example.url.		IN	A

;; ANSWER SECTION:
subdomain1.example.url.	3589	IN	A	192.168.2.111

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Aug 27 00:09:44 AEST 2018
;; MSG SIZE  rcvd: 61

dave@redbox1804:~$ 

Some other untested suggestions in the Stack post revolve around restarting the network manager, killing the process, flushing the cache using a command line switch (I probably should have tried that one, just out of curiosity), and restarting the service via init.d, and others. Posted for posterity and “next time” 

sudo service dns-clean
sudo service network-manager restart
sudo /etc/init.d/nscd restart
sudo kill -HUP $(pgrep dnsmasq)
sudo pkill -HUP $(pgrep dnsmasq)
sudo systemd-resolve --flush-caches
sudo systemctl restart systemd-resolved.service

Problem solved!

Now, for the next one:

I need to get a reverse proxy up and running. I did give it a go with squid, but I was obviously not getting something right. Further readings suggest HAProxy might be the way to go. That will probably be my next pfsense adventure.

Will this haircut still be in my head on Monday?

Will this haircut still be in my head on Monday?

Jason really likes his haircut. I think he’s afraid it’ll grow out before he gets to school. 

I convince him that it’ll still be there on Monday. 

Then Harry asks, “what about Tuesday?”

Yes, it’ll be there Tuesday buddy. 

We then went through the rest of the week. 

It might be a bit short for mum’s liking, but he loves it. That’s all that matters. 

A bit late

So many things about the iPhone are actually good or useful.

iOS reminders is not one of them!

Cleaning out the garage

Not that anyone would need a Windows 98SE product key, at least I hope not, but cleaning out the garage I came across this beast.

Each morning…

Each morning when I open my eyes I say to myself: I, not events, have the power to make me happy or unhappy today. I can choose which it shall be. Yesterday is dead, tomorrow hasn’t arrived yet. I have just one day, today, and I’m going to be happy in it

Groucho Marx

Window Tax and the Long S

This should have been two topics, but I just went with it.

  1. Window Tax
  2. The Long S

Window Tax

I happened across a YouTube video of an old house built in the UK. It looks as though the building was either of Georgian or Victorian periods, but upon going through the building, it’s likely that it was built in the late 1600’s given the bricking of several windows to avoid the Window Tax that existed in the UK between 1696 and 1851.

Everything is remarkable about this house from the limecrete floors through to the large beams throughout the house, as well as the utilisation of all space in the roof area. Not to forget the old doors. The YouTuber in this video is very fascinated by the doors. There’s a good reason to be when you consider they’re 400 plus years old.

If you haven’t followed the Window Tax link above, a brief history is outlined here:

  • Coin Clipping was a major problem in the 1600’s where it was considered high treason and punishable by death.
  • As a counter measure to coin clipping, King William III introduced a Window Tax in 1696.
  • To get around the tax many premises boarded up windows.
  • It was a varying rate depending on how many windows the premises had.
  • It was repealed in 1851 after pressure from doctors and others who argued that lack of light was a source of ill health.
  • The same tax was imposed in France in 1798 and only repealed in 1926!
  • The tax was designed to “tax the relative prosperity of the taxpayer, but without the controversy that surrounded the idea of income tax” (wiki).

The Long S

A couple of other side notes from this are detailed in the tax receipt below (click for a larger version):

I am reminded of a conversation I had with my grandmother many decades ago, we were talking about currency and she asked me “What does L.S.D. stand for?” I don’t think I had an idea of the drug at the time, but she continued with, “Pounds, shillings, and pence.” The abbreviation can be seen to the right of the receipt.

I am also reminded of some very early (pre Sydney Morning Herald) Sydney Gazette archival books we had at our school library in the 1980s. I remember reading though them being amazed at the language, but especially the type.

This one took some searching because I had mistakenly thought I was looking for archival Sydney Morning Herald material. It turns out I was looking for material from the Sydney Gazette. The first publication in Australia, running from 1803 to 1842. It was the official paper of the New South Wales government. Under the editorship of Robert Howe in 1824, it ceased to be censored by the colonial government. (This is pre-federation of the states in 1901).

When a non-capital ‘s’ was present in a word, not being the last letter, it was typed as a form of ‘f’.  The exact character varies according to being normalised or italics or even handwritten, but several forms are exhibited below. In normal text is appears as an “f” without the cross bar: “ſ”. In italics, it appeared more like the integral character of mathematics: “∫”

Examples: “ſinfulneſs” for “sinfulness” and “ſucceſsful” for “successful”.

It wasn’t until many years later with the advent of the internet, I found this to be what is known as the “Long S“, or in more modern times, the “short”, “terminal” or “round” s.

Here is the first page of the Sydney Gazette:

Some other examples from the Sydney Gazette and elsewhere from the Internet:

 

MQTT, OpenHAB2, sonoff and home automation

I found out about sonoff about a year ago but never purchased any for quite some time, and then when I did purchase them, they’ve been sitting in the drawer gathering dust. Due to the recent flurry of activity about them on youtube and the internet at large, I’ve been prompted to take a closer look at them and they are VERY impressive!

SmartHouse—Jonathan Oxer

Jon has a few videos dedicated to the sonoff devices, and these are very good if you don’t know what they are. And even if you do know what they are, there’s still some good information in his videos. He is a wealth of knowledge on more than just the sonoff devices with general electrical engineering as it relates to home automation.

I would recommend having a look at this video and then paying a visit to his website:

SuperHouse Episodes

Matt Kaczynski—MK-SmartHouse

I haven’t seen many of the videos on this channel as of yet, but Matt is using a lot of the technology and ideas that I have. For example, he uses OpenHAB2, sonoff devices and is integrating these with the likes of Siri and Alexa to create a custom home automation experience.

This video is an introduction to his setup. It wasn’t until the later half of the video that I realised he uses OpenHAB, something that I have already begun to introduce to my home.

After watching the video I visited his website and found the connections I have been looking for, namely MQTT, and OpenHAB. He has recently revamped his website and it has several guides and general information on his methodologies regarding home automation.

https://www.mksmarthouse.com/guides

Stop by and visit his channel here:

https://www.youtube.com/channel/UC1WPn_mBd7eDmz7lMSXR5bA/videos

Bruh Automation

https://www.youtube.com/channel/UCLecVrux63S6aYiErxdiy4w

I have been following a few of the Bruh youtube channel videos as he’s incorporated modern technology into his home automation. However, he uses an opposing technology to what I have setup. It’s like comparing Holdens and Fords, or Republicans or Democrats. It’s largely personal preference, setup and features. I use OpenHAB where Bruh uses Home Assistant.

There’s nothing wrong with home assistant, it’s just that I’d spent a bit of time setting OpenHAB up and it works on older devices (such as the original iPad running iOS 5.1.1) which Home Assistant does not.

Still, his channel includes some good videos on the subject and I do recommend a visit to his channel.