Tag: Tinkering

Stuff I attempt to fix or improve.

  • enter the virtual

    I’m in the process of cleaning up my gaming PC, so it is easier to virtualize. The C: drive has grow over the years to 153 GB of crap. Naturally, I found the opensource Bulk-Crap_uninstaller. I was monkey’n around in Visual Studio 2022 already, so I was able to clone it from github and compile it with a handful of clicks. It is pretty nice. I wish I had found it before I spent like an hour manually uninstalling things.

  • Programmable Search Engine

    I just found out about this programmablesearchengine.google.com site. It is for adding a custom site search bar to you website, but it also allows you to just do a regular google search on the web, and then include and exclude up to 500 sites, so it seems like the perfect way to configure some searches for specific tasks.

  • Twitter

    Twitter suspended my account for posting the link to the Vance dossier. I just had to delete the tweets with the links in them. So this post is just so I can post it on twitter, then tweet the link, and see if my account gets banned again. I’m curious if they are just looking for the original URLs or doing some more extensive filtering.

    I figure I’ll try the direct link first, and then just host the file directly on the site if that doesn’t work.

    Scroll down and there is a download link for the full PDF.

    https://www.kenklippenstein.com/p/read-the-jd-vance-dossier

  • The technology that will replace us

    The technology that will replace us

    I saw a post on reddit with a bunch of hilarious responses when asking ChatGPT “How many Rs are in Strawberry?”, so I got on Chatbot Arena and tried it myself.

    If you aren’t familiar, Chatbot Arena is a leader board for various chatbots. You can submit a question and it will send it to two random chatbots, and then you pick the best answer. It can be useful for wasting time at work.

    The original post received the answer 2 Rs, and that’s what both models gave me my first try. And was by far the most common answer I received in testing.

    Model A: gemma-2-27b-it – Model B: gemma-2-2b-it

    This is an interesting take…

    Is this better or worse?

    Model B: toto-medium

    K.

    Model B: deepseek-coder-v2

    Can’t fool Gemini..

    Model B: gemini-1.5-pro-api-0514

    After a while it seemed most just can’t count, or assume I’m talking about rupees. I decided to rephrase the question to eliminate the rupees misunderstanding, “How many occurences of the letter R are in the word Strawberry?”. Which worked well, but most couldn’t could. GPT4o got it right every time, and Gemini 2 did also.

  • New blog theme

    I spent a couple hours at work browsing different themes for the site. I’m still not quite happy with this one, but it will work for now. I’ll probably spend the rest of the night looking into creating my own theme.

  • VNC over Guacamole

    I’ve been using the new setup from work for a couple days now and I have decided to run a network cable to my office finally. I’ve got an old cheap wifi card that is only connecting at 144 Mbps up/72 down, so I’ve had to configure the display for 8 bit color. The default of 32 was taking several seconds to draw if it needed to update more than an eighth of the screen, so it was pretty much unusable. I’ll run the cable when I get off work, and test it out Saturday evening when I’m back at work.

  • Guacamole – Day 4

    Guacamole – Day 4

    Configuring VNC was pretty trivial. I went with TigerVNC server on my Gaming(it’s named gaming, but is no longer fit for gaming as it’s 10 years old) computer. The setup was trivial. Install, poke holes in firewall, set password, and configure the connection in Guacamole. It doesn’t really perform that bad, but I’m guessing RDP would be better, but I don’t have Windows professional, and this PC is Windows 10 and I’m not going to pay to upgrade now because support for it ends in a little over a year.

    I just ran the check for Windows 11 and it’s too old for it, which I assumed but had yet to actually check. I don’t really feel the need to replace this one though, so I’ll probably be switching to Linux for it at some point. My laptop is only a year old so that will be my only Windows system for now.

  • Guacamole – Day 3.5

    Guacamole – Day 3.5

    Time to configure. Instructions here.

    Guacamole is incredibly configurable and can be unforgiving. After going through the instructions I was curious exactly how long the instructions were so I pretended to print it. 56 pages. Lucky for me I’m just in the testing phase and I found that all I really needed to confirm it works was to create user-mapping.xml in /etc/guacamole.

    <user-mapping>
    
        <!-- Per-user authentication and config information -->
        <authorize username="cweb" password="<password>">
                <connection name="SSH to thecweb.com">
                    <protocol>ssh</protocol>
                    <param name="hostname">localhost</param>
                    <param name="port">22</param>
                    <param name="username">cweb</param>
                    <param name="enable-sftp">true</param>
                </connection>
        </authorize>
    
    </user-mapping>

    It took like an hour to get this far. I still need to setup VNC on my one of my Windows systems and go through some steps to secure this colander I call a server. But I’m done for today.

  • New Roomba

    I finally replaced the horrible Shark vacuum I got to replace my original Roomba.  This one is the s9+.  So far it seems much smarter than the last two.  It’s going through a making procedure, and it apparently has the ability to move without the vacuum on, so it’s pretty quiet.  I haven’t actually seen the cleaning power yet.  One thing I’m concerned about is the size of the dust bin.  It’s tiny.  It also got stuck on the time in front of my fireplace.  I guess we’ll see how it does.  It will certainly do a better job of keeping the house vacuumed than I.

    I picked a very appropriate name for this one.

  • Guacamole – Day 3

    Guacamole – Day 3

    Ok, time to download the source and compline. I’m still following the manual located here.

    So I’ll download the client and server tars and decompress them to temp.

    cweb@thecweb:/tmp$ tar -xzf guacamole-client-1.5.5.tar.gz
    cweb@thecweb:/tmp$ tar -xzf guacamole-server-1.5.5.tar.gz
    cweb@thecweb:/tmp$ ls guac*
    guacamole-client-1.5.5.tar.gz  guacamole-server-1.5.5.tar.gz
    
    guacamole-client-1.5.5:
    CONTRIBUTING  LICENSE  README  extensions  guacamole-common     guacamole-docker  pom.xml
    Dockerfile    NOTICE   doc     guacamole   guacamole-common-js  guacamole-ext     src
    
    guacamole-server-1.5.5:
    CONTRIBUTING  LICENSE      Makefile.in  README      bin        config.h.in  configure.ac  m4   util
    Dockerfile    Makefile.am  NOTICE       aclocal.m4  build-aux  configure    doc           src
    cweb@thecweb:/tmp$

    It looks to be the standard configure, make, make install that is common in FOSS software. For the server configure got me this,

    ------------------------------------------------
    guacamole-server version 1.5.5
    ------------------------------------------------
    
       Library status:
    
         freerdp2 ............ yes
         pango ............... yes
         libavcodec .......... yes
         libavformat.......... yes
         libavutil ........... yes
         libssh2 ............. yes
         libssl .............. yes
         libswscale .......... yes
         libtelnet ........... yes
         libVNCServer ........ yes
         libvorbis ........... yes
         libpulse ............ yes
         libwebsockets ....... yes
         libwebp ............. yes
         wsock32 ............. no
    
       Protocol support:
    
          Kubernetes .... yes
          RDP ........... yes
          SSH ........... yes
          Telnet ........ yes
          VNC ........... yes
    
       Services / tools:
    
          guacd ...... yes
          guacenc .... yes
          guaclog .... yes
    
       FreeRDP plugins: /usr/lib/x86_64-linux-gnu/freerdp2
       Init scripts: no
       Systemd units: no
    
    Type "make" to compile guacamole-server.

    so it looks like all the dependencies installed correctly. make completed without errors so now make install.

    sudo make install completed without errors, so I just need to sudo ldconfig to update the system library cache. And add the server to systemd.

    cweb@thecweb:/tmp/guacamole-server-1.5.5$ sudo guacd
    guacd[24340]: INFO:     Guacamole proxy daemon (guacd) version 1.5.5 started
    
    cweb@thecweb:/tmp/guacamole-server-1.5.5$ sudo systemctl enable guacd
    Failed to enable unit: Unit file guacd.service does not exist.

    Shit. Looks like I didn’t include the option –with-init-dir=/etc/init.d when I ran configure, so we’re going to be repeating a few steps. It’s important to actually read install instructions and not just skim them.

    Shit. I want to use systemd not initd. And the instructions don’t say what the option is for that. Rather than guessing we’ll just do this

    cweb@thecweb:/tmp/guacamole-server-1.5.5$ cat configure | grep systemd
    systemd_dir
    with_systemd_dir
      --with-systemd-dir=<path>
                              install systemd units to the given directory
    # Check whether --with-systemd_dir was given.
    if test ${with_systemd_dir+y}
      withval=$with_systemd_dir; systemd_dir=$withval
     if test "x${systemd_dir}" != "x"; then
      build_systemd="${systemd_dir}"
      build_systemd=no
       Systemd units: ${build_systemd}

    I probably could have guessed that.

    Now that I’ve got that redone, I was still getting an error because I gave the path as /etc/systemd instead of /etc/systemd/system, but that was easy to fix. We are now in business.

    cweb@thecweb:/tmp/guacamole-server-1.5.5$ sudo mv /etc/systemd/guacd.service /etc/systemd/system/guacd.s
    ervice
    cweb@thecweb:/tmp/guacamole-server-1.5.5$ sudo systemctl enable guacd
    Created symlink /etc/systemd/system/multi-user.target.wants/guacd.service β†’ /etc/systemd/system/guacd.service.
    cweb@thecweb:/tmp/guacamole-server-1.5.5$ sudo systemctl start guacd
    cweb@thecweb:/tmp/guacamole-server-1.5.5$ sudo systemctl status guacd
    ● guacd.service - Guacamole Server
         Loaded: loaded (/etc/systemd/system/guacd.service; enabled; vendor preset: enabled)
         Active: active (running) since Mon 2024-07-29 20:17:11 UTC; 7s ago
           Docs: man:guacd(8)
       Main PID: 41937 (guacd)
          Tasks: 1 (limit: 9251)
         Memory: 10.0M
            CPU: 10ms
         CGroup: /system.slice/guacd.service
                 └─41937 /usr/local/sbin/guacd -f
    
    Jul 29 20:17:11 thecweb.com systemd[1]: Started Guacamole Server.
    Jul 29 20:17:11 thecweb.com guacd[41937]: Guacamole proxy daemon (guacd) version 1.5.5 started
    Jul 29 20:17:11 thecweb.com guacd[41937]: guacd[41937]: INFO:        Guacamole proxy daemon (guacd) ver>
    Jul 29 20:17:11 thecweb.com guacd[41937]: guacd[41937]: INFO:        Listening on host 127.0.0.1, port >
    Jul 29 20:17:11 thecweb.com guacd[41937]: Listening on host 127.0.0.1, port 4822
    cweb@thecweb:/tmp/guacamole-server-1.5.5$

    The guacamole-client files and extensions are just java files that they provide precompiled, so I’m just going to do that. I’m just going to copy over the client without extensions now because I’m not sure which ones I want to use yet.

    cweb@thecweb:/tmp$ sudo cp guacamole-1.5.5.war /var/lib/tomcat9/webapps
    cweb@thecweb:/tmp$ sudo systemctl restart tomcat9
    cweb@thecweb:/tmp$ sudo systemctl restart guacd
    cweb@thecweb:/tmp$

    Yay! It’s working! No, wait. It’s not started, and starting it gives me an error. I messed around with trying to figure out what was wrong for a little while and then just tried Undeploy and then deployed it through the app manager using the link below, and now it’s started.

    Yay!!!!!!!!!!!!!!!!! πŸ₯³πŸΎπŸ•Ί

    Now I need to configure it behind a reverse proxy using the instructions here. This isn’t required but it enhances the system security by allowing the applet to run without root, and allows be to access Guacamole over port 443 instead of 8080. Which is good because I don’t need to poke another hole in my firewall and it should also help hide the traffic from big brother while I’m at work.

    Step one is to add the bolded lines to the Tomcat server config file at /etc/tomcat9/server.xml. This is to handle non-Latin characters. So I probably don’t really NEED it but that is what the docs say.

    <Connector port="8080" protocol="HTTP/1.1"
                   connectionTimeout="20000"
                   URIEncoding="UTF-8"
                   redirectPort="8443" />

    In the same file I need to add this stuff so Tomcat can get the remote client’s IP address. Without this it will only see the reverse proxy’s IP. If you’re curious why this is needed there are several paragraphs in the proxy instructions explaining it under the heading “Setting up the Remote IP Valve”.

    <Valve className="org.apache.catalina.valves.RemoteIpValve"
                   internalProxies="127.0.0.1"
                   remoteIpHeader="x-forwarded-for"
                   remoteIpProxiesHeader="x-forwarded-by"
                   protocolHeader="x-forwarded-proto" />

    Now I need to enable the modules to add reverse proxy support in Apache.

    cweb@thecweb:/etc/tomcat9$ sudo a2enmod proxy
    Enabling module proxy.
    To activate the new configuration, you need to run:
      systemctl restart apache2
    cweb@thecweb:/etc/tomcat9$ sudo a2enmod proxy_http
    Considering dependency proxy for proxy_http:
    Module proxy already enabled
    Enabling module proxy_http.
    To activate the new configuration, you need to run:
      systemctl restart apache2
    cweb@thecweb:/etc/tomcat9$ sudo a2enmod proxy_wstunnel
    Considering dependency proxy for proxy_wstunnel:
    Module proxy already enabled
    Enabling module proxy_wstunnel.
    To activate the new configuration, you need to run:
      systemctl restart apache2
    cweb@thecweb:/etc/tomcat9$ sudo systemctl restart apache2
    cweb@thecweb:/etc/tomcat9$

    For the site configuration I need to add the below to /etc/apache2/sites-enabled/chrisweber.online-le-ssl.conf to tell Apache use the reverse proxy to access Tomcat when the specific URL Location is requested.

    <Location /sneakypete/>
                    Order allow,deny
                    Allow from all
                    ProxyPass http://127.0.0.1:8080/sneakypete/ flushpackets=on
                    ProxyPassReverse http://127.0.0.1:8080/sneakypete/
            </Location>
    
            <Location /sneakypete/websocket-tunnel>
                    Order allow,deny
                    Allow from all
                    ProxyPass ws://127.0.0.1:8080/sneakypete/websocket-tunnel
                    ProxyPassReverse ws://127.0.0.1:8080/sneakypete//websocket-tunnel

    Shit! I’m getting a 404 error when trying to access https://thecweb.com/sneakypete. It’s embarrising how long this took me to fix. Probably half an hour of looking at the Guacamole manuals and the mod_proxy documentation, and then another half an hour of googling with no resolution in site I thought maybe I actually need to create the directory that location is referring to? Yup… I miss understood what the Location directive actually does. I thought it just mapped the URL to the directives without referencing the servers filesystem. Nope. If the directory doesn’t exist, Apache doesn’t even go that far. So a simple “sudo mkdir sneakypete” in the site’s /var/www directory and now I’ve got the login page. Reverse proxy is working!

    I think I’m done for the day. If not there will be a 3.5 post after I’ve cleared my head.