tag:blogger.com,1999:blog-13861404454936824842024-03-05T07:28:25.004+00:00Stable ITBlog about system engineering, programming and networksPavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.comBlogger3170125tag:blogger.com,1999:blog-1386140445493682484.post-80184930586219033802097-12-04T20:24:00.004+00:002021-09-11T19:57:55.555+01:00DDoS attack detection solution - FastNetMon<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" on="" style="text-align: left trbidi=;">
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg01g8Wl_nssiZSer-6P37OT_Ok4xY_GPvqefEGMshzRmixEzGheE7MY57S6jsQiFRgo1CCH82zQJgb4SlKe9kYM8AQlg5Q2J0JIypEn2aWVei2qKWS9btOaAZ2fj_UFcP_DyNRCBM1ER0/s512/cropped-new_logo_3var-e1515443553507-1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="250" data-original-width="512" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg01g8Wl_nssiZSer-6P37OT_Ok4xY_GPvqefEGMshzRmixEzGheE7MY57S6jsQiFRgo1CCH82zQJgb4SlKe9kYM8AQlg5Q2J0JIypEn2aWVei2qKWS9btOaAZ2fj_UFcP_DyNRCBM1ER0/s16000/cropped-new_logo_3var-e1515443553507-1.png" /></a></div>
<br /><br />Hello! :) As you know I'm an author of DDoS detection application called FastNetMon.<br /><br />FastNetMon allows you to find out host which was a DDoS attack target and apply some actions to mitigate it. Mitigation can be implemented using BGP Blackhole (which blocks all traffic to/from host on ISP level) or you can use BGP Flow Spec to filter out only malicious traffic. As most flexible option you can use script call.</div><div dir="ltr" on="" style="text-align: left trbidi=;"><br /><br />
FastNetMon provides lots of information about your network and provides nice way to access it using Grafana:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyNZ3r4SfdFby-3q1cSRgY6bjOstpEgLF-__VjJI0P5JiRVIPcsG_MrweQNFJPmd6tru9US8OmqHcQpN99ToHalWMHQVa9hcDott7cz7eZ48x3umj4D79GTjCuWi0BUjYP1PBhXzT6QkY/s1600/grafana+example.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="293" data-original-width="1600" height="58" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyNZ3r4SfdFby-3q1cSRgY6bjOstpEgLF-__VjJI0P5JiRVIPcsG_MrweQNFJPmd6tru9US8OmqHcQpN99ToHalWMHQVa9hcDott7cz7eZ48x3umj4D79GTjCuWi0BUjYP1PBhXzT6QkY/s320/grafana+example.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
FastNetMon supports all equipment available on market and implement following network telemetry protocols:</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<ul style="text-align: left;">
<li>sFlow v5</li>
<li>Netflow v5, v9, v10</li>
<li>IPFIX</li>
<li>SPAN/Mirror</li>
</ul>
<br />
To learn more check official site of project: <a href="https://fastnetmon.com/" target="_blank">https://fastnetmon.com</a><br />
<br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><br />
</div>
Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-33819737980324263652024-03-02T15:26:00.009+00:002024-03-02T16:01:04.530+00:00How to create bootable USB for Windows 2022 server on Ubuntu 22.04<p>NB! Sadly this guide below did not work on my system (apparently because it's not very recent system) and I decided to use <a href="https://github.com/WoeUSB/WoeUSB">WoeUSB</a> instead. </p><p>It's very easy to use:</p><blockquote><p>sudo ./woeusb-5.2.4.bash --device ~/Documents/Window/SERVER_EVAL_x64FRE_en-us.iso /dev/sdX</p></blockquote><p>Please note that it will overwrite all data on USB stick.</p><p>Example output:</p><p></p><blockquote><p>WoeUSB v5.2.4</p><p>==============================</p><p>Info: Mounting source filesystem...</p><p>Info: Wiping all existing partition table and filesystem signatures in /dev/sda...</p><p>/dev/sda: 8 bytes were erased at offset 0x00000200 (gpt): 45 46 49 20 50 41 52 54</p><p>/dev/sda: 8 bytes were erased at offset 0x729bffe00 (gpt): 45 46 49 20 50 41 52 54</p><p>/dev/sda: 2 bytes were erased at offset 0x000001fe (PMBR): 55 aa</p><p>/dev/sda: calling ioctl to re-read partition table: Success</p><p>Info: Ensure that /dev/sda is really wiped...</p><p>Info: Creating new partition table on /dev/sda...</p><p>Info: Creating target partition...</p><p>Info: Making system realize that partition table has changed...</p><p>Info: Wait 3 seconds for block device nodes to populate...</p><p>mkfs.fat 4.2 (2021-01-31)</p><p>mkfs.fat: Warning: lowercase labels might not work properly on some systems</p><p>Info: Mounting target filesystem...</p><p>Info: Copying files from source media...</p><p>Splitting WIM: 4127 MiB of 4127 MiB (100%) written, part 2 of 24%</p><p>Finished splitting "./sources/install.wim"</p><p>Info: Installing GRUB bootloader for legacy PC booting support...</p><p>Installing for i386-pc platform.</p><p> </p><p><br /></p><p>Installation finished. No error reported.</p><p>Info: Installing custom GRUB config for legacy PC booting...</p><p>Info: Done :)</p><p>Info: The target device should be bootable now</p><p>Info: Unmounting and removing "/tmp/woeusb-source-20240302-155025-Saturday.g0vizR"...</p><p>Info: Unmounting and removing "/tmp/woeusb-target-20240302-155025-Saturday.T2VU0b"...</p><p>Info: You may now safely detach the target device</p><div></div></blockquote><div><br /></div><p>As first step format USB stick by creating new GPT partition table on it:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEico8WSh6J-6n1vDNs_lh0gWRmLglln9EkQfwKkBwZATK5B5_U25v0GcEdHdZZIPvDbWicPNO3ViWLn4EpfG5BQEaVxh2JrBIqg3vSdJbiOzTJfIbZOpMP8NHB80EagkdRpXk9owHv7PJLErGtqWDS5pshyfKyMWirTPZB1-Xz78rvXe0Njs0EHiW8Svg/s1790/Screenshot%20from%202024-03-02%2015-17-56.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1197" data-original-width="1790" height="214" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEico8WSh6J-6n1vDNs_lh0gWRmLglln9EkQfwKkBwZATK5B5_U25v0GcEdHdZZIPvDbWicPNO3ViWLn4EpfG5BQEaVxh2JrBIqg3vSdJbiOzTJfIbZOpMP8NHB80EagkdRpXk9owHv7PJLErGtqWDS5pshyfKyMWirTPZB1-Xz78rvXe0Njs0EHiW8Svg/s320/Screenshot%20from%202024-03-02%2015-17-56.png" width="320" /></a></div><br /><p style="text-align: center;">Then create single partition on it using NTFS file system:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj618AyqdswUr3U4YQSLwAA7Yx1O70HpxYQNLAvMiu9FzgLMIbdWIBbU83wThyI1iRG7TGUtxyG0gnIDAqqnZye7i2hQWYdTCW3QOEUOEhCLKncDIMLX6LqNsbcST2euUGOXZXZnRHZhGn2Igpjxyt_jEego8A3QRuBcoDSNmTZY_5gTJXQG3qYGoV7iA/s1192/Screenshot%20from%202024-03-02%2015-19-49.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="858" data-original-width="1192" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj618AyqdswUr3U4YQSLwAA7Yx1O70HpxYQNLAvMiu9FzgLMIbdWIBbU83wThyI1iRG7TGUtxyG0gnIDAqqnZye7i2hQWYdTCW3QOEUOEhCLKncDIMLX6LqNsbcST2euUGOXZXZnRHZhGn2Igpjxyt_jEego8A3QRuBcoDSNmTZY_5gTJXQG3qYGoV7iA/s320/Screenshot%20from%202024-03-02%2015-19-49.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;">Then review changes:</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8R5aMXUZVCPhOUFUBY4p7IiRYi6y_2i6IVA0bohjpn9JH-K8128J0JghHrEyhnfGdpp8Seo7tg7yNYfmZJHdMdSAdYs3qlBNhh3bWZKKXD5rYqHt5H2UkPehAvuJowDJIkeWUMTgK41SVv38glZSAlPlxokpsLkrPIDZwRa1fXolqYJL0gufkUFxfVw/s1805/Screenshot%20from%202024-03-02%2015-20-01.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1198" data-original-width="1805" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8R5aMXUZVCPhOUFUBY4p7IiRYi6y_2i6IVA0bohjpn9JH-K8128J0JghHrEyhnfGdpp8Seo7tg7yNYfmZJHdMdSAdYs3qlBNhh3bWZKKXD5rYqHt5H2UkPehAvuJowDJIkeWUMTgK41SVv38glZSAlPlxokpsLkrPIDZwRa1fXolqYJL0gufkUFxfVw/s320/Screenshot%20from%202024-03-02%2015-20-01.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;">After that you will see that this partition will be mounted in file manager:</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhU00MBdlFvCSfOvItPHTMpCNo0mjIBCFgcuuoJ7mVexbM_5g3U2_e7AVNXEdRZJvY7Thz4XfL9v4qKjMZvJ0tRhzT63iJWfDeFyLm1Tn9W8JjO_q7ppSOySqNzqFH2VCJf_uMrNHKTMhI8K7txEhKRX_TcSYeUVkewUlytPpSba8-zbOv_exUjS3_HAQ/s3110/Screenshot%20from%202024-03-02%2015-23-40.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1423" data-original-width="3110" height="146" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhU00MBdlFvCSfOvItPHTMpCNo0mjIBCFgcuuoJ7mVexbM_5g3U2_e7AVNXEdRZJvY7Thz4XfL9v4qKjMZvJ0tRhzT63iJWfDeFyLm1Tn9W8JjO_q7ppSOySqNzqFH2VCJf_uMrNHKTMhI8K7txEhKRX_TcSYeUVkewUlytPpSba8-zbOv_exUjS3_HAQ/s320/Screenshot%20from%202024-03-02%2015-23-40.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;">After that download ISO image for Wndows 2022 server from official web site and click twice on downloaded ISO and it will be mounted too:</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMbRWomwm-m7jteEc9Xs6gYKKZokMW9jjpg_jDD1B0mFqw6I2xpaVGE-IByBbR834AQc49oUDZCZBU0C4xtRnsNpRwPqOqEewcfFe_ox-kUtzBEXt6ANn066aGLlFllSYsYseVHR1TiG5Uy5IYz8pwRw4RViCZ0nSAvxU7HY7GCrz5Pp3atQ76YSgcqQ/s2021/Screenshot%20from%202024-03-02%2015-25-19.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1145" data-original-width="2021" height="181" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMbRWomwm-m7jteEc9Xs6gYKKZokMW9jjpg_jDD1B0mFqw6I2xpaVGE-IByBbR834AQc49oUDZCZBU0C4xtRnsNpRwPqOqEewcfFe_ox-kUtzBEXt6ANn066aGLlFllSYsYseVHR1TiG5Uy5IYz8pwRw4RViCZ0nSAvxU7HY7GCrz5Pp3atQ76YSgcqQ/s320/Screenshot%20from%202024-03-02%2015-25-19.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;">Then select all files from mounted ISO disk to mounted NTFS partition on USB disk:</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-eQ5j2ONbtl_3nRM0yhX8UQqFUeZyMrpVQQ4IezHy2_eNGeBPYJuJ7mX6-Tw9i-OSGNMg6W1YMo-xNuKQmQysZeF5pa1joPDA-WiFXowtVHTUMhv9YQjl-lSiQOxPXrg7zPJGm8s-JWbhXrV49etmAzKOYLvUJViMoUEaTn-qGftjtd93Oj7nLgOp5A/s3115/Screenshot%20from%202024-03-02%2015-25-45.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1419" data-original-width="3115" height="146" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-eQ5j2ONbtl_3nRM0yhX8UQqFUeZyMrpVQQ4IezHy2_eNGeBPYJuJ7mX6-Tw9i-OSGNMg6W1YMo-xNuKQmQysZeF5pa1joPDA-WiFXowtVHTUMhv9YQjl-lSiQOxPXrg7zPJGm8s-JWbhXrV49etmAzKOYLvUJViMoUEaTn-qGftjtd93Oj7nLgOp5A/s320/Screenshot%20from%202024-03-02%2015-25-45.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div>Wait until finish and unmount it using unmount button on left side:<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhj4CIszkplxhD5KMGKROjm6DXzaelNzWZZ8XQsRziRwrxWNnLBZqOoLvt7-oYgd2V1WAwbtelVqvc4okM8qRO8jGQmZ94wnq22RZoIJHalnDglLFsuzPE2LI0FYJeoFLOZ6ZCfNABtcU3FRJ12A4fn3NS724zsZv31rr7iJlmEs53u1gXe6OVmaDqnJQ/s775/Screenshot%20from%202024-03-02%2015-26-32.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="326" data-original-width="775" height="135" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhj4CIszkplxhD5KMGKROjm6DXzaelNzWZZ8XQsRziRwrxWNnLBZqOoLvt7-oYgd2V1WAwbtelVqvc4okM8qRO8jGQmZ94wnq22RZoIJHalnDglLFsuzPE2LI0FYJeoFLOZ6ZCfNABtcU3FRJ12A4fn3NS724zsZv31rr7iJlmEs53u1gXe6OVmaDqnJQ/s320/Screenshot%20from%202024-03-02%2015-26-32.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;">Please be patient as unmount will take significant time:</div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHMDfDhSh_KqnFQcOOouPtaa5FxtvUrMOh2ipeQ6QcIuETKXSHFOjYzOCRS0dojajzYpc4BiDSNG5lRB2m7MriqzDqr6UdwXRQ8bAdS209k-QA38FmS-RMGdhuWcuVi71_9r9USr5VtR2HM1j1fJZD0Lsi5907XU-S9Fy_WR-3L7Wblv0uM5_uiisr9A/s628/Screenshot%20from%202024-03-02%2015-29-21.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="92" data-original-width="628" height="47" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHMDfDhSh_KqnFQcOOouPtaa5FxtvUrMOh2ipeQ6QcIuETKXSHFOjYzOCRS0dojajzYpc4BiDSNG5lRB2m7MriqzDqr6UdwXRQ8bAdS209k-QA38FmS-RMGdhuWcuVi71_9r9USr5VtR2HM1j1fJZD0Lsi5907XU-S9Fy_WR-3L7Wblv0uM5_uiisr9A/s320/Screenshot%20from%202024-03-02%2015-29-21.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;">Done!</div><br /><div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><p><br /></p></div>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-4168790828676264612024-01-21T20:54:00.000+00:002024-01-21T20:54:48.942+00:00jTAG / UART / serial console access for ROCKPro64 with CH340 UART USB<p>I bought ROCKPro64 quite long time ago and it's still pretty good even in 2024. So I decided to install official Debian for it to use it for NAT64 gateway and home automation platform. </p><p>To install Debian I need console access as HDMI does not work until you install Linux Distro which supports it.</p><p>So I decided to play with serial port access. On SBC you need to plug 3 pins to Pi-2-bus with following order.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4gLFLnKVqUPOIEElAQIHPRTvhaFHRAx_7cy5N-bDIsNpMQOhHRMN6Fdaof0g0Kig6gcSyEvyi10p9Zk3NUFOPOUXb9JPqnVs3PmUA74-hPAognv_--xrLZumV8PIEaQ3tfyG7CuuyPryUyY9P2aPJ8Gf9n8GAmPwzGf7vIRKtgRfuphOpbyH8XqU/s1600/signal-2022-12-26-192646.jpeg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1200" data-original-width="1600" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4gLFLnKVqUPOIEElAQIHPRTvhaFHRAx_7cy5N-bDIsNpMQOhHRMN6Fdaof0g0Kig6gcSyEvyi10p9Zk3NUFOPOUXb9JPqnVs3PmUA74-hPAognv_--xrLZumV8PIEaQ3tfyG7CuuyPryUyY9P2aPJ8Gf9n8GAmPwzGf7vIRKtgRfuphOpbyH8XqU/s320/signal-2022-12-26-192646.jpeg" width="320" /></a></div><br /><p>On CH340 you need to plug them in following order:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwH33bxaXBf3D1kS36lVPj-Qx2-JXQddHcsJzwX2m5LanYeYbZmUYmVTdcbVqmrzU2u-hx1R9u1ldvoJQF4chBteTv3W-W0Jd0x3BgHHx4ofCEED3gVQWyQDgr_-cOipRYBxLT-rOBIgX78FUBcz-nALNDx-C3p5NLKypTSOcJunZOz5XxYi6MRw4/s1600/signal-2022-12-26-192650.jpeg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="1200" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwH33bxaXBf3D1kS36lVPj-Qx2-JXQddHcsJzwX2m5LanYeYbZmUYmVTdcbVqmrzU2u-hx1R9u1ldvoJQF4chBteTv3W-W0Jd0x3BgHHx4ofCEED3gVQWyQDgr_-cOipRYBxLT-rOBIgX78FUBcz-nALNDx-C3p5NLKypTSOcJunZOz5XxYi6MRw4/s320/signal-2022-12-26-192650.jpeg" width="240" /></a></div><br /><p>And yellow jumper need to be in 3V3 mode this way:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgow-D0Zh3DKp69dY4pPnsoQTRRguglvytyVHNa9JADTH1Yc4EvcRJt854I7Uk6Myf8NsEMwrCKvpc0Qk-of8ifaAoK67nEDrn1AiusLxjTADBeaCkwP0ToQn6OFPKV23SbjwmZd15HAiCDUYIITx0YvJSnV5tYc22JUMVq_-8D9L5__3lyoSmBWPSYIg/s1280/3v.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1280" data-original-width="960" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgow-D0Zh3DKp69dY4pPnsoQTRRguglvytyVHNa9JADTH1Yc4EvcRJt854I7Uk6Myf8NsEMwrCKvpc0Qk-of8ifaAoK67nEDrn1AiusLxjTADBeaCkwP0ToQn6OFPKV23SbjwmZd15HAiCDUYIITx0YvJSnV5tYc22JUMVq_-8D9L5__3lyoSmBWPSYIg/w240-h320/3v.jpg" width="240" /></a></div><br /><p><br /></p><p>Then you need to plug CH341 to your PC and check that it recognised correctly in dmesg:</p><blockquote><p>[ 6981.858478] usb 1-5: new full-speed USB device number 23 using xhci_hcd</p><p>[ 6982.107488] usb 1-5: New USB device found, idVendor=1a86, idProduct=7523, bcdDevice= 2.64</p><p>[ 6982.107492] usb 1-5: New USB device strings: Mfr=0, Product=2, SerialNumber=0</p><p>[ 6982.107494] usb 1-5: Product: USB Serial</p><p>[ 6982.120247] ch341 1-5:1.0: ch341-uart converter detected</p><p>[ 6982.134269] usb 1-5: ch341-uart converter now attached to ttyUSB0</p></blockquote><p>It may not connect from first attempt but you can try it multiple times to get required results. </p><p>After that you can run screen or minicom on your Linux box:</p><p></p><blockquote>screen /dev/ttyUSB0 1500000</blockquote><p>And finally reboot SBC using power (keep it for 5+ seconds) or reset button and then you will see boot sequence:</p><p></p><p></p><blockquote><p></p><p>Hit any key to stop autoboot: 1 </p><p></p><p>switch to partitions #0, OK</p><p>Scanningmmc1:1... </p><p>Retrieving file: /extlinux/extlinux.conf</p><p><br /></p><p>Enter choice: 1: Debian-Installer</p><p>Retrieving file: /initrd.gz</p><p>Retrieving file: /dtbs/rockchip/rk3399-rockpro64.dtb</p><p>Moving Image from 0x2080000 to 0x2200000, end=4050000</p><p> 01f00000</p><p> Booting using the fdt blob at Loading Ramdisk to ef112000, OK</p><p> Loading Device Tree to 00000000ef0ff000, end 00000000ef111300OK</p><p><br /></p><p>Starting kernel ...</p></blockquote><p></p><div><br /></div><p>My guide was based on this <a href="https://forum.pine64.org/showthread.php?tid=6387">reference</a> guide. </p><p>In some cases device may refuse loading when TXD cable is plugged and you will need temporarily unplug it.</p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-81618541000959135432023-10-15T14:31:00.003+01:002023-10-15T14:41:32.018+01:00Using TP Link TL-SG108E web UI configuration tool on Ubuntu 22.04<p>My research was based on this great <a href="https://shred.zone/cilla/page/383/setting-up-tp-link-tl-sg108e-with-linux.html">post</a> from 2014.</p><p>This switch has UI which can be accessed via windows application and has UI which can be accessed via browser. </p><p>Just for entertaining purposes I decided to try Window app on my Ubuntu 22.04 Linux machine.</p><p>To do so I installed wine:</p><p></p><blockquote>sudo apt install wine-development</blockquote><p>Then I downloaded version v1.3.10, 2022-04-12 from <a href="https://www.tp-link.com/uk/support/download/tl-sg108e/#Easy_Smart_Configuration_Utility">TP Link</a> web site and unpacked it:</p><p></p><p></p><blockquote><p></p><p>wget https://static.tp-link.com/upload/software/2022/202204/20220412/Easy%20Smart%20Configuration%20Utility%20v1.3.10.0.zip</p><p></p><p>unzip "Easy Smart Configuration Utility v1.3.10.0.zip"</p></blockquote><p></p><p>After that I was able to run installer:</p><p></p><blockquote><p>wine Easy\ Smart\ Configuration\ Utility\ v1.3.10.0.exe</p><p></p></blockquote><p>Installation was finished successfully and then all exe files were put to "~/.wine/drive_c/Program Files (x86)/TPLINK/EasySmartConfigurationUtility".</p><p>And I was able to run it from first attempt:</p><p></p><blockquote><p>cd ~/.wine/drive_c/Program Files (x86)/TPLINK/EasySmartConfigurationUtility </p></blockquote><blockquote><p>wine Easy\ Smart\ Configuration\ Utility.jar</p></blockquote><p></p><p>Unfortunately, it did not find switch:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjZSsD-VCxpKKZq7vwDu30QrtNkOQNN_Y7pWvq-bQLfwifpzNKE5BbUNUTg7r9JmYG0Vg-yJjgYzCuUHO6JjHMEAnqLEQh7dBfmFD7q50ix50pnUZGwRZ6aEkrRYGg8-9XlJvDipo6IWCacKY6gb2trDmFFzNq-KzZzF0lhGyVi1AOKSkSukzt77ND7uQ" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="651" data-original-width="917" height="227" src="https://blogger.googleusercontent.com/img/a/AVvXsEjZSsD-VCxpKKZq7vwDu30QrtNkOQNN_Y7pWvq-bQLfwifpzNKE5BbUNUTg7r9JmYG0Vg-yJjgYzCuUHO6JjHMEAnqLEQh7dBfmFD7q50ix50pnUZGwRZ6aEkrRYGg8-9XlJvDipo6IWCacKY6gb2trDmFFzNq-KzZzF0lhGyVi1AOKSkSukzt77ND7uQ" width="320" /></a></div>Then I used trick from article I referenced above. You need to replace 192.168.1.201 by local IP address in your network:<p></p><div><div></div><blockquote><div>echo 1 > /proc/sys/net/ipv4/ip_forward</div><div><br /></div><div>iptables -t nat -A PREROUTING -p udp -d 255.255.255.255 --dport 29809 -j DNAT --to 192.168.1.201:29809</div></blockquote><p>After that it worked just fine:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjcpsL2-7zPkGm7c9CebMcjo2OM8z38tDqSdG9V-nnQnsK14B2xj7n2aLfelnSTZHfTwQe4r2Byzp-3qoyQy5ERhiozQEcSXI0NWGdJGr1B6SbKgSUqt7GstLdKtwd9tarA7BYwpbjXMTSzkwP1baGMCFVW5Xd1RxPcfA81suWC5BHh_bOz-VuJoI6aOg" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="698" data-original-width="963" height="232" src="https://blogger.googleusercontent.com/img/a/AVvXsEjcpsL2-7zPkGm7c9CebMcjo2OM8z38tDqSdG9V-nnQnsK14B2xj7n2aLfelnSTZHfTwQe4r2Byzp-3qoyQy5ERhiozQEcSXI0NWGdJGr1B6SbKgSUqt7GstLdKtwd9tarA7BYwpbjXMTSzkwP1baGMCFVW5Xd1RxPcfA81suWC5BHh_bOz-VuJoI6aOg" width="320" /></a></div><br />Yay! For some reasons DHCP did not work well and IP address wasn't changed. In this case UI tool solves one of the most annoying issues: IP address discovery. <p></p><p>I was able to change password to new one but everything else causes wine to crash:</p><p></p><blockquote><p>0130:err:ole:com_get_class_object class {597d4fb0-47fd-4aff-89b9-c6cfae8cf08e} not registered</p><p>0130:err:ole:com_get_class_object no class object {597d4fb0-47fd-4aff-89b9-c6cfae8cf08e} could be created for context 0x1</p><p>0130:err:ole:com_get_class_object class {597d4fb0-47fd-4aff-89b9-c6cfae8cf08e} not registered</p><p>0130:err:ole:com_get_class_object no class object {597d4fb0-47fd-4aff-89b9-c6cfae8cf08e} could be created for context 0x1</p><p>#</p><p># A fatal error has been detected by the Java Runtime Environment:</p><p>#</p><p># EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d2efe4d, pid=244, tid=304</p><p>#</p><p># JRE version: 7.0_15-b03</p><p># Java VM: Java HotSpot(TM) Client VM (23.7-b01 mixed mode windows-x86 )</p><p># Problematic frame:</p><p># C [glass.dll+0xfe4d] _Java_com_sun_glass_events_KeyEvent__1getKeyCodeForChar@12+0x134d</p><p>#</p><p># Failed to write core dump. Minidumps are not enabled by default on client versions of Windows</p><p>#</p><p># An error report file with more information is saved as:</p><p># C:\Program Files (x86)\TPLINK\EasySmartConfigurationUtility\hs_err_pid244.log</p><p>#</p><p># If you would like to submit a bug report, please visit:</p><p># http://bugreport.sun.com/bugreport/crash.jsp</p><p># The crash happened outside the Java Virtual Machine in native code.</p><p># See problematic frame for where to report the bug.</p><p>#</p><p>0130:err:msvcrt:_invalid_parameter (null):0 (null): (null) 0 </p></blockquote><p>After reading the Internet I found that this exe file is in fact Java JAR file and I've tried running it using OpenJDK:</p><p></p><blockquote>sudo apt install default-jre</blockquote><p></p><p>Sadly it failed miserably:</p><p></p><blockquote><p>java -jar Easy\ Smart\ Configuration\ Utility.exe </p><p>Error: JavaFX runtime components are missing, and are required to run this application</p></blockquote><p>As final attempt I've tried using Java from <a href="https://www.java.com/en/download/ ">Oracle</a> directly. You need to download it manually and then unpack it:</p><p></p><blockquote>sudo tar -xf jre-8u381-linux-i586.tar.gz -C /opt</blockquote><p></p><p>And run:</p><p></p><blockquote>/opt/jre1.8.0_381/bin/java -jar Easy\ Smart\ Configuration\ Utility.exe </blockquote><p></p><p>Sadly it failed too:</p><p></p><blockquote><p>Exception in thread "main" java.lang.reflect.InvocationTargetException</p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at java.lang.reflect.Method.invoke(Method.java:498)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at sun.launcher.LauncherHelper$FXHelper.main(LauncherHelper.java:904)</span></p><p>Caused by: java.lang.UnsupportedOperationException: Internal Error</p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at com.sun.glass.ui.gtk.GtkApplication.lambda$new$5(GtkApplication.java:158)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at java.security.AccessController.doPrivileged(Native Method)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at com.sun.glass.ui.gtk.GtkApplication.<init>(GtkApplication.java:140)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at com.sun.glass.ui.gtk.GtkPlatformFactory.createApplication(GtkPlatformFactory.java:41)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at com.sun.glass.ui.Application.run(Application.java:147)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at com.sun.javafx.tk.quantum.QuantumToolkit.startup(QuantumToolkit.java:279)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at com.sun.javafx.application.PlatformImpl.startup(PlatformImpl.java:211)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at com.sun.javafx.application.LauncherImpl.startToolkit(LauncherImpl.java:675)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at com.sun.javafx.application.LauncherImpl.launchApplicationWithArgs(LauncherImpl.java:337)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>at com.sun.javafx.application.LauncherImpl.launchApplication(LauncherImpl.java:328)</span></p><p><span style="white-space: normal;"><span style="white-space: pre;"> </span>... 5 more</span></p></blockquote><p><br /></p><p> You may try running older version of Oracle Java as bundled JRE is dated by 2013:</p><p></p><blockquote><p>root@station:/home/pavel/.wine/drive_c/Program Files (x86)/TPLINK/EasySmartConfigurationUtility/jre# head COPYRIGHT </p><p>Copyright � 1993, 2013, Oracle and/or its affiliates. </p><p>All rights reserved.</p><p><br /></p><p>This software and related documentation are provided under a</p><p>license agreement containing restrictions on use and</p><p>disclosure and are protected by intellectual property laws.</p><p>Except as expressly permitted in your license agreement or</p><p>allowed by law, you may not use, copy, reproduce, translate,</p><p>broadcast, modify, license, transmit, distribute, exhibit,</p><p>perform, publish, or display any part, in any form, or by</p><p>root@station:/home/pavel/.wine/drive_c/Program Files (x86)/TPLINK/EasySmartConfigurationUtility/jre# cat release </p><p>JAVA_VERSION="1.7.0"</p><p>OS_NAME="Windows"</p><p>OS_VERSION="5.1"</p><p>OS_ARCH="i586"</p><p>SOURCE=" .:f37a75bd3959 corba:e5b996dabec6 deploy:3bb10c0238fe hotspot:5b55cef461b0 hotspot/src/closed:759fc4d1d429 hotspot/test/closed:2d8e36f71952 install:0154bd493323 jaxp:a55f67cfe182 jaxws:eaf9b2990670 jdk:87e45d30e24d jdk/make/closed:b83ea3e4144a jdk/src/closed:d8651f160809 jdk/test/closed:7e4b15d6c1bb langtools:c160d7d1616d pubs:06f851196d93 sponsors:2dbf246921cb"</p></blockquote><p> </p><blockquote><p>With IP address in hands I was able to access web UI:</p></blockquote><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU-i-1lb7dLgIAzMzPU83n5jsPSykptGR11gOTH5WDBtWCiBUdsDASEA0rCH9rqOQ5vceQaDYyDOUI_q07Qi4OgELKiETOmXZm5BXwspVR19Fn3QioowIv1oiV5C5xC67KY4qvn0aC_C2T7NOG8TOAo02FI1mc4VnbxJHW4lnqNVB2L3s2GF3VJ0_qoQ/s917/Screenshot%20from%202023-10-15%2014-32-30.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="651" data-original-width="917" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU-i-1lb7dLgIAzMzPU83n5jsPSykptGR11gOTH5WDBtWCiBUdsDASEA0rCH9rqOQ5vceQaDYyDOUI_q07Qi4OgELKiETOmXZm5BXwspVR19Fn3QioowIv1oiV5C5xC67KY4qvn0aC_C2T7NOG8TOAo02FI1mc4VnbxJHW4lnqNVB2L3s2GF3VJ0_qoQ/s320/Screenshot%20from%202023-10-15%2014-32-30.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;">And finally I can use capability for which this switch was bought - port mirror:</div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhuXJdzMkj7AkM1GU0-43D8oRQdX-xXpeRciiiuuz4V-ifXz0dARbrYgjXH5RfwsMW11g7RJlqnbwQttWkZKI5kjPo_ADovyb59FURJg5KJ4bTSOZzNqD3LwC9MbyI_Rsxyni7XpnMvOH5yXmWOvu98g9evOmZ2ITPN12Y2JSLmghKABmcSJ61_qvXoeA" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1236" data-original-width="1416" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEhuXJdzMkj7AkM1GU0-43D8oRQdX-xXpeRciiiuuz4V-ifXz0dARbrYgjXH5RfwsMW11g7RJlqnbwQttWkZKI5kjPo_ADovyb59FURJg5KJ4bTSOZzNqD3LwC9MbyI_Rsxyni7XpnMvOH5yXmWOvu98g9evOmZ2ITPN12Y2JSLmghKABmcSJ61_qvXoeA" width="275" /></a></div><br /><br /></div><br /><p> </p><blockquote><p> </p><p></p></blockquote><p><br /></p><p></p><p></p><div></div></div>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-43125328103123364092023-05-06T21:02:00.008+01:002023-05-06T21:53:21.339+01:00Ubuntu 22.04 installation on VirtualBox using command line<p>We use VirtualBox for process of preparing VM images for our product. Sadly some things had to be done manually and we're heading towards full automation and it was an attempt to prepare VM for Ubuntu 22.04 installation from ISO using only command line interface.</p><p>NB! If you have IPv4 disabled on your machine you have to enable it as otherwise VM will not have connection and installer may fail. </p><p dir="ltr" id="docs-internal-guid-308c5137-7fff-fb55-6216-539261007589" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">Set some variables shared by next steps:</span></p><p dir="ltr" id="docs-internal-guid-308c5137-7fff-fb55-6216-539261007589" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote><p dir="ltr" id="docs-internal-guid-308c5137-7fff-fb55-6216-539261007589" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">export VM_NAME=Ubuntu2204_TEST_OVA</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">export VM_ROOT_FOLDER="/home/pavel/VirtualBoxVMs"</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">export VM_FOLDER="$VM_ROOT_FOLDER/$VM_NAME"</span></p></blockquote><p>By default VirtualBox uses path with nasty space in it and that's why I changed it to custom one without spaces as I do not like spaces and bash agrees with me about it. </p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><p>Create VM and register it in VirtualBox:</p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote>VBoxManage createvm --name $VM_NAME --register --ostype=Ubuntu22_LTS_64 --basefolder=$VM_ROOT_FOLDER</blockquote><p></p><p>If you plan to use another OS then you can<span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;"> get all list of all OS types using this command:</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">VBoxManage list ostypes</span></p><p></p></blockquote><p>Then set some basic hardware options:</p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">VBoxManage modifyvm $VM_NAME --ioapic on </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">VBoxManage modifyvm $VM_NAME --memory 16384 --vram 128 </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">VBoxManage modifyvm $VM_NAME --cpus 8</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">VBoxManage modifyvm $VM_NAME --nic1 nat</span></p></blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><p>Then create 150G disk for VM and attach it to it:</p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p><blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">VBoxManage createhd --filename $VM_FOLDER/disk.vdi --size 150000 --format VDI</span></p></blockquote><p>Add SATA controller: </p><blockquote><p><span style="font-family: Arial; font-size: 11pt; white-space: pre-wrap;">VBoxManage storagectl $VM_NAME --name "SATA Controller" --add sata --controller IntelAhci</span></p></blockquote><p>And attach our disk to it: </p><blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">VBoxManage storageattach $VM_NAME --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium $VM_FOLDER/disk.vdi</span></p></blockquote><p>Then add IDE controller to mount ISO disk with installer: </p><blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">VBoxManage storagectl $VM_NAME --name "IDE Controller" --add ide --controller PIIX4</span> </p></blockquote><blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">VBoxManage storageattach $VM_NAME --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium ~/Downloads/ubuntu-22.04.2-live-server-amd64.iso </span></p></blockquote><blockquote><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">VBoxManage modifyvm $VM_NAME --boot1 dvd --boot2 disk --boot3 none --boot4 none</span></p></blockquote><p>Then you can run VM:</p><p></p><blockquote>VBoxManage startvm $VM_NAME</blockquote><p></p><p>Based on this <a href="https://andreafortuna.org/2019/10/24/how-to-create-a-virtualbox-vm-from-command-line/ ">guide</a>. </p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-alternates: normal; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"></span></p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-27404593967986121602023-05-04T13:54:00.002+01:002023-05-04T13:54:40.660+01:00sign_and_send_pubkey: signing failed for RSA "PIV AUTH pubkey" from agent: agent refused operatio<p>This error is very annoying and it happens when you use Yubikey for ssh auth and by accident you did not click on Yubikey when you did ssh auth.</p><p>After this happens you need to restart machine or ssh agent and all the things to fix it.</p><p>When it happens I was able to catch this error log:</p><p></p><blockquote><p>sudo systemctl status pcscd.service </p><p>● pcscd.service - PC/SC Smart Card Daemon</p><p> Loaded: loaded (/lib/systemd/system/pcscd.service; indirect; vendor preset: enabled)</p><p> Active: active (running) since Thu 2023-05-04 10:46:27 BST; 2h 39min ago</p><p>TriggeredBy: ● pcscd.socket</p><p> Docs: man:pcscd(8)</p><p> Main PID: 2505 (pcscd)</p><p> Tasks: 9 (limit: 38276)</p><p> Memory: 2.6M</p><p> CPU: 88ms</p><p> CGroup: /system.slice/pcscd.service</p><p> └─2505 /usr/sbin/pcscd --foreground --auto-exit</p><p>May 04 10:46:27 station systemd[1]: Started PC/SC Smart Card Daemon.</p><p>May 04 13:22:18 station pcscd[2505]: 00000000 ccid_usb.c:1566:InterruptStop() libusb_cancel_transfer failed: LIBUSB_ERROR_NO_DEVICE</p></blockquote><p></p><p>Then I feed "ccid_usb.c:1566:InterruptStop() libusb_cancel_transfer failed: LIBUSB_ERROR_NO_DEVICE" to Google. </p><p>I have this issue on Ubuntu 22.04 and I've tried version from Ubuntu 22.10 which has version 1.99 of affected <a href="https://launchpad.net/ubuntu/+source/pcsc-lite">package</a> and it did not help. </p><p>Apparently this bugfix may <a href="https://github.com/LudovicRousseau/PCSC/commit/a3e09df033e024541314bc6bb7dba6f4b5d05d6e">fix</a> this issue and it wasn't part of 1.99 release. Related GitHub <a href="https://github.com/LudovicRousseau/PCSC/issues/57">issue</a>.</p><p><br /></p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-30469227987582280452023-05-01T22:54:00.001+01:002023-05-01T22:54:07.878+01:00Can Mozilla VPN users connect Mullwad servers directly? <p>I've tried to fix my IPv6 compatibility issues by using Mozilla VPN over NAT64 box <a href="https://www.stableit.blog/2023/05/mozilla-vpn-without-ui-on-ubuntu-linux.html">this</a> way.</p><p>I've tried to improve this setup but it did not work as expected. </p><p>Mozilla VPN uses Mullwad internally and we can find Mullwad's server name using this interface. Just fill "us-nyc-wg-505" in hostname field and after that you will see something like: "us-nyc-wg-505.relays.mullvad.net".</p><p>With this information on our hands we can replace:</p><p></p><blockquote>Endpoint = x.y.z.y:23662</blockquote><p></p><p>To:</p><p></p><blockquote>Endpoint = us-nyc-wg-505.relays.mullvad.net:23662</blockquote><p></p><p>Sadly in my case this trick did not work ;(</p><p>If you have any advice about ways to fix it please share. </p><p><br /></p><p><br /></p><p><br /></p><p> </p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-56421952247008967272023-05-01T22:47:00.001+01:002023-05-01T22:49:13.311+01:00Mozilla VPN without UI on Ubuntu Linux 22.04 over NAT64<p>Mozilla VPN service is a really nice service but their UI does not support IPv6 only environment. I use NAT64 box in my network and it does not help either.</p><p>Sadly it's known <a href="https://github.com/mozilla-mobile/mozilla-vpn-client/issues/5393">bug</a> and it's still here ;( Luckily I found nice way to workaround it using command line interface. </p><p>I found nice workaround </p><p>Install their <a href="https://support.mozilla.org/en-US/kb/how-install-mozilla-vpn-linux-computer">Linux app</a> as documented on web site. </p><p>Then we're going to use console app to authenticate. Start authentication process using:</p><p></p><blockquote><p>mozillavpn login</p><p></p></blockquote><p>Then check that you're successfully authenticated:</p><p></p><blockquote><p>mozillavpn status</p></blockquote><p>Then get list of all available servers:</p><p></p><blockquote><p>mozillavpn servers</p></blockquote><p>And select your favourite one:</p><p></p><blockquote><p>mozillavpn select us-nyc-wg-505</p><p></p></blockquote><p>Generate Wireguard configuration using wgconf option which was added <a href="https://github.com/mozilla-mobile/mozilla-vpn-client/pull/5817">recently</a>:</p><p></p><blockquote><p>mozillavpn wgconf > mozilla-vpn.conf</p><p></p></blockquote><p>Optiwas added <a href="https://github.com/mozilla-mobile/mozilla-vpn-client/pull/5817">recently</a>. </p><p>Then open mozilla-vpn.conf with editor and alter line like this:</p><p></p><blockquote>Endpoint = x.y.z.y:23662</blockquote><p></p><p>To:</p><p></p><blockquote>Endpoint = 64:ff9b::x.y.z.y:23662</blockquote><p></p><p>Then establish VPN:</p><p></p><blockquote><p>wg-quick up mozilla-vpn.conf</p><p></p></blockquote><p>To shutdown it you can use:</p><p></p><blockquote>wg-quick down mozilla-vpn.conf</blockquote><p>In this case we will use NAT64 gateway for connection.</p><p><br /></p><p></p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-62700240882104807282023-04-30T13:24:00.003+01:002023-04-30T13:24:53.463+01:00Yubikey ssh on Ubuntu 22.04<p>Today I did full fresh installation of Ubuntu 22.04 to migrate to new 2T NVME disk from Samsung as I had disk space issues with my old 500G drive. </p><p>After installation I noticed that I cannot use my Yubikey for ssh auth as documented <a href="https://github.com/pavel-odintsov/yubikey-ssh">here</a>. </p><p>I tried to add Yubikey as auth source and it failed with pretty weird error:</p><p></p><blockquote><p>ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so</p><p>Enter passphrase for PKCS#11: </p><p>Could not add card "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so": agent refused operation</p></blockquote><p> This error can mean literally anything.</p><p>I've tried running ssh agent manually in foreground mode:</p><p></p><blockquote>ssh-agent -d</blockquote><p></p><p>And after that I saw error which sounds like "no available slots".</p><p>So I back to <a href="https://github.com/pavel-odintsov/yubikey-ssh">guide</a> as I suspected that my Yubikey died and I've sued following command:</p><p></p><blockquote><p>sudo ykman list --serials</p><p>WARNING: PC/SC not available. Smart card (CCID) protocols will not function.</p><p>ERROR: Unable to list devices for connection</p><p>1232134323</p></blockquote><p>That's interesting and this error lead me to this <a href="https://github.com/Yubico/yubioath-flutter/issues/786">bug</a> and I got fix:</p><p></p><blockquote><p> sudo systemctl start pcscd</p><p></p></blockquote><p>After that it worked just fine.</p><p>As long term fix you need to enable automatic start on machine boot: </p><blockquote><p>sudo systemctl enable pcscd</p></blockquote><p>Sadly it's known Ubuntu <a href="https://bugs.launchpad.net/ubuntu/+source/pcsc-lite/+bug/1971984">bug</a>. </p><div><br /></div>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-55765318354416485732023-04-13T13:33:00.006+01:002023-04-13T13:33:50.027+01:00Yubikey ssh and signing failed for RSA "PIV AUTH pubkey" from agent: agent refused operation You may face this issue if you use ssh and Yubikey like covered in this <a href="https://github.com/pavel-odintsov/yubikey-ssh">guide</a>. <div><br /></div><div>Previously I had to reboot machine to address this issue but I found nice trick to get it work.</div><div><br /></div><div>Originally error looks like:</div><div><div></div><blockquote><div>ssh server</div><div>sign_and_send_pubkey: signing failed for RSA "PIV AUTH pubkey" from agent: agent refused operation</div><div>root@xxx: Permission denied (publickey).</div></blockquote><p>It may happen when you forgot to tap confirmation on Yubikey and it was just slow.</p><p>First attempt to fix it was to kill all ssh agent processes which may be run on system:</p><p></p><blockquote><p>ps aux|grep ssh</p><p>odintsov 16493 0.0 0.0 7972 5820 ? S 12:36 0:00 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh</p><p>odintsov 16494 0.0 0.0 164340 11584 ? SLl 12:36 0:00 /usr/lib/openssh/ssh-pkcs11-helper</p><p>odintsov 27798 0.0 0.0 7972 3848 ? Ss 13:20 0:00 ssh-agent -s</p><p>odintsov 27801 0.0 0.0 164340 11572 ? SLl 13:20 0:00 /usr/lib/openssh/ssh-pkcs11-helper</p></blockquote><p>The best way to kill them is:</p><p></p><blockquote>pkill ssh</blockquote><p></p><p>After that we need to start ssh agent again:</p><p></p><blockquote>eval `ssh-agent -s`</blockquote><p></p><p>After that load Yubikey key to agent:</p><p></p><blockquote><p>ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so</p></blockquote><p>For last command I use fancy alias in ~/.bashrc:</p><p></p><blockquote><p>alias ssh_add='ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so'</p></blockquote><p>It's not clear why Yubikey fails that way. I think it has something to do with ssh-pkcs11-helper being stuck in operation to Yubikey hardware. </p><blockquote><p> </p></blockquote><blockquote><blockquote><p></p></blockquote></blockquote><blockquote><p></p></blockquote><p></p><p></p><div></div></div>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-72584327719667037042023-04-08T15:16:00.004+01:002023-04-08T15:17:32.721+01:00How to enable IPv6 on Google Cloud?<p>Google Cloud has native support for IPv6 but you need to create special VPC network to use IPv6.</p><p>As first step open VPC configuration:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi07vKG_s0MjGGomwAdaJnZ96uoz_mfv9y3oPlabKU0ICt1H-HO2e2XoHb0Oym-XqG457BDJzikKy9G-Mppj6qJnxHkbEQH5gmqobDUZdLXFhjdWUZtm2Br9acfS2iUbSL7geuk7lts58wgey9m19yL1NyfpCAZMtmSOzsQXpe2gfPp-2vceefLuak/s2959/step1_VPCs.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="823" data-original-width="2959" height="178" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi07vKG_s0MjGGomwAdaJnZ96uoz_mfv9y3oPlabKU0ICt1H-HO2e2XoHb0Oym-XqG457BDJzikKy9G-Mppj6qJnxHkbEQH5gmqobDUZdLXFhjdWUZtm2Br9acfS2iUbSL7geuk7lts58wgey9m19yL1NyfpCAZMtmSOzsQXpe2gfPp-2vceefLuak/w640-h178/step1_VPCs.png" width="640" /></a></div><br /><p>Then create new VPC network and fill all fields as on my screenshot. </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWOvd90LkNTbZrjrzuvuYsZZtObN_38_ZHRXaVt2ogPKE8jx3ajTjQOz9U8Vp8mGVyGrfhC1u2f2gW6-5mYoag7iFlqcdeSo6nsFFxWwobsa6xTlF1G0v9gUqfpEl6_4Nl0oCTtP34oRIMu7raAzYsO6yNsmFwZ5lb4zFu1FjPMvDzcqDcMpKPIy8/s2091/step2_new_vpc_subnet.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2091" data-original-width="1510" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWOvd90LkNTbZrjrzuvuYsZZtObN_38_ZHRXaVt2ogPKE8jx3ajTjQOz9U8Vp8mGVyGrfhC1u2f2gW6-5mYoag7iFlqcdeSo6nsFFxWwobsa6xTlF1G0v9gUqfpEl6_4Nl0oCTtP34oRIMu7raAzYsO6yNsmFwZ5lb4zFu1FjPMvDzcqDcMpKPIy8/w462-h640/step2_new_vpc_subnet.png" width="462" /></a></div><br /><p>Then configure subnet settings. The most important step to specify dual stack. </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghAYwfRl30KXne5mJowHixaoKfQFtFX_pHkisjtYtGj4Q_1-zWmM5XETr6bDoMPpHGEUMve79MlLjzV_weNeR0ZNsxvIeOLW1Yk3lwXCIhTtF1rQ71v2UH7invWeYT4YnE3pecQ3dycrQc8fIoa92Znf-hF0aHwmHBtP5DVh3ftXH-XlOAoRrn0i8/s908/step3_add_custom_subnet.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="908" data-original-width="534" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghAYwfRl30KXne5mJowHixaoKfQFtFX_pHkisjtYtGj4Q_1-zWmM5XETr6bDoMPpHGEUMve79MlLjzV_weNeR0ZNsxvIeOLW1Yk3lwXCIhTtF1rQ71v2UH7invWeYT4YnE3pecQ3dycrQc8fIoa92Znf-hF0aHwmHBtP5DVh3ftXH-XlOAoRrn0i8/w376-h640/step3_add_custom_subnet.png" width="376" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">Then you need to create default firewall rules to allow ICMPv6. You may notice that we use number 58 instead of ICMPv6 due to following <a href="https://pavel.network/icmpv6-and-google-cloud-compute/">issue</a>:</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAd29I44O67VCoPQXThKVzRwZOB3hlVtlM7cxLz6XBOIjXI0ZjZn7Akgc0pY9Ah-0B5OZrtvu4qYMgi0aH8cWDBShjF6KYcWPHWAPHfUktNfnTpRDsC0CCAOhcqLd0pNPat5zUvLstTF4Un18wi3yn6crB6d3xGPgatlgigMQfMAJ6i5IdTajYzvQ/s1462/step7-allow-icmp-v6.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1462" data-original-width="607" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAd29I44O67VCoPQXThKVzRwZOB3hlVtlM7cxLz6XBOIjXI0ZjZn7Akgc0pY9Ah-0B5OZrtvu4qYMgi0aH8cWDBShjF6KYcWPHWAPHfUktNfnTpRDsC0CCAOhcqLd0pNPat5zUvLstTF4Un18wi3yn6crB6d3xGPgatlgigMQfMAJ6i5IdTajYzvQ/w266-h640/step7-allow-icmp-v6.png" width="266" /></a></div><br /><div class="separator" style="clear: both; text-align: left;">Then enable ssh:</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9aWYtV3dDL_Iz_4-67N3s9zEDQULiqH0pcD78FaEuxaHcm33HWhuveX1rnxZV_kXDxd324xXmKRZprDQOCa7Sm7zWJ7RL26X4-5bSg177xAhvhsPwSaOQOrUu2kMDMijZXqimlHpSmkaNoOjHY8AS_xD-_G63O1ol3LVLuPWojLPNc8jP4K5MQkc/s1586/step6-allow-ssh.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1586" data-original-width="1142" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9aWYtV3dDL_Iz_4-67N3s9zEDQULiqH0pcD78FaEuxaHcm33HWhuveX1rnxZV_kXDxd324xXmKRZprDQOCa7Sm7zWJ7RL26X4-5bSg177xAhvhsPwSaOQOrUu2kMDMijZXqimlHpSmkaNoOjHY8AS_xD-_G63O1ol3LVLuPWojLPNc8jP4K5MQkc/w460-h640/step6-allow-ssh.png" width="460" /></a></div><div><br /></div>After these steps you can create new Compute instances in this region. Then you need to open advanced settings and select our new IPv6 enabled network in list:<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ8nbOpFotc7afGRoUV7qdbhF1NCLi8Sd74kx0ina-4Gsa4iqCRrYH0hPiIEZU9ZPnsxkhKaEt5bR9DwAPGjsA_Gy3-VQU0BWpRPxUwZ3fqPG4785v8EshPtXzqYF8zyriP6m0X6a9dgGCNYQNXsqERzrvP3Y5CuNAoLRfxTujhxuZe2Tmu-KVZL4/s819/step4_select_network_new_ipv6_subnet.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="819" data-original-width="609" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ8nbOpFotc7afGRoUV7qdbhF1NCLi8Sd74kx0ina-4Gsa4iqCRrYH0hPiIEZU9ZPnsxkhKaEt5bR9DwAPGjsA_Gy3-VQU0BWpRPxUwZ3fqPG4785v8EshPtXzqYF8zyriP6m0X6a9dgGCNYQNXsqERzrvP3Y5CuNAoLRfxTujhxuZe2Tmu-KVZL4/w476-h640/step4_select_network_new_ipv6_subnet.png" width="476" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">And finally select dual stack:</div><div><div><div class="separator" style="clear: both; text-align: center;"><br /></div></div></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2AN6tNVdLugwPs_rVPwL9kaZ77QqetO_D2dHsQlr5Yv_81mUAlc1f3LaWBeSLZLVY9kJw9xDRHXdF6wiFKnPurzBuMnMBGJxrRRKn9Br4Dfzg79KxTmIFJlwItxEZLFCpU0sqzqSt7jpdxD5Dw-cFb3h5w4TnEQa7xGV7E0mtFeBkUiChsxgMULo/s819/step5_select_dual_stack.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="819" data-original-width="609" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2AN6tNVdLugwPs_rVPwL9kaZ77QqetO_D2dHsQlr5Yv_81mUAlc1f3LaWBeSLZLVY9kJw9xDRHXdF6wiFKnPurzBuMnMBGJxrRRKn9Br4Dfzg79KxTmIFJlwItxEZLFCpU0sqzqSt7jpdxD5Dw-cFb3h5w4TnEQa7xGV7E0mtFeBkUiChsxgMULo/w476-h640/step5_select_dual_stack.png" width="476" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">The fun thing that you actually can disable IPv4 completely or you can allocate dedicated IPv6 address for machine. </div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">Pricing for IPv6 addresses even static ones is mostly <a href="https://cloud.google.com/vpc/network-pricing#ipaddress">free</a>:</div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiVLQRvZ1WpMJmcPMBpYP-J96tc4SScLqu-6mms8qVujVtz8Bue6aJ_pU3-Iva-DLwuCmn_KiGQ1JB_pYh9GxNehME_KViP9xK0BaHr5h0e5CMShBExZecBBuEW16pjBkjNRrUHpPWbzU_qX2DR4S20dNQ9y45WjTzGDGCvPa8ARv1HmjnaoArQyMU" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1262" data-original-width="1967" height="256" src="https://blogger.googleusercontent.com/img/a/AVvXsEiVLQRvZ1WpMJmcPMBpYP-J96tc4SScLqu-6mms8qVujVtz8Bue6aJ_pU3-Iva-DLwuCmn_KiGQ1JB_pYh9GxNehME_KViP9xK0BaHr5h0e5CMShBExZecBBuEW16pjBkjNRrUHpPWbzU_qX2DR4S20dNQ9y45WjTzGDGCvPa8ARv1HmjnaoArQyMU=w400-h256" width="400" /></a></div><br /><br /></div><br />Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-44062708474420565742023-04-02T14:39:00.001+01:002023-04-02T14:41:21.888+01:00Building log4cpp 1.1.4rc3 on msys2 environment on Windows Server 2022<p> I got following error during my attempts to build lo4cpp in msys2 environment:</p><blockquote><p>"../include/log4cpp/config-MinGW32.h:27:17: error: 'long long long' is too long for GCC"</p></blockquote><p>It can be easily fixed by commenting following code in file include/log4cpp/config-MinGW32.h</p><p></p><blockquote>// #define int64_t __int64 </blockquote><p>I'll try to report this issue to upstream to have it fixed. </p><p>Got this hint from this <a href="https://zhjxue.wordpress.com/2010/03/26/log4cpp-buildcompile-in-mingw-envrionment/">blog</a>.</p><p></p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-11392347734498487962023-04-02T12:45:00.005+01:002023-04-02T12:46:27.542+01:00Enabling SSH server on Windows 2022 Datacenter edition<p>After friend's advice I realised that modern Windows versions have bundled SSH server and that's a best way to work with remote Windows platforms as RDP is not as cool as old good console.</p><p>First of all we need to install OpenSSH server component, you can do it this way:</p><p></p><ul style="text-align: left;"><li>Start</li><li>Settings</li><li>Apps</li><li>Apps and Features</li><li>Optional Features</li><li>Add Feature</li><li>OpenSSH Server</li></ul><div>Then we need to start it. Search for "Services" in search panel and then open it. Looks for OpenSSH SSH server and then click right mouse button and Start it. </div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuGoL-VFsODh4ddWrDVbqw2_Ss6vLpeMHH2fbrQbPrqlQe6c26oWvDNTFX84mnUfGpKaH1C5eEA9LsfEtNO8F3OmOr1CQ6jCDrDVlaDzhfRx2QSjHxuQhz8dZgA7JMWDi4Ar9rUQRTd1IQFzOOsZ5WXIyVE9jo_1IgOO8BvL9xwmvlMJFdZ7lbwOc/s2640/openssh_service.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1289" data-original-width="2640" height="156" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuGoL-VFsODh4ddWrDVbqw2_Ss6vLpeMHH2fbrQbPrqlQe6c26oWvDNTFX84mnUfGpKaH1C5eEA9LsfEtNO8F3OmOr1CQ6jCDrDVlaDzhfRx2QSjHxuQhz8dZgA7JMWDi4Ar9rUQRTd1IQFzOOsZ5WXIyVE9jo_1IgOO8BvL9xwmvlMJFdZ7lbwOc/s320/openssh_service.png" width="320" /></a></div><br /><div><br /></div><p></p><div>Then open properties and switch startup type from "manual" to "automatic". We need it to launch it automatically on boot.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKpII-b-h5Dd3xkmQPd0S2dLUOXBhSYEeVJ_TJ52oDufhLuYLVP1LY9l0WRuNLX5Q8Y8Wp-9fzf7o2S2x21-F1R8L00UyIsSl3wZ4USp4romFi_tOxEbwPwO-kLM3S6yo_qNFjlMAvbiXEf7hYAASr9gTlbpBExbZuChgLpaYENyFJkUWZvGzugII/s2640/openssh%20on%20boot.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1289" data-original-width="2640" height="156" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKpII-b-h5Dd3xkmQPd0S2dLUOXBhSYEeVJ_TJ52oDufhLuYLVP1LY9l0WRuNLX5Q8Y8Wp-9fzf7o2S2x21-F1R8L00UyIsSl3wZ4USp4romFi_tOxEbwPwO-kLM3S6yo_qNFjlMAvbiXEf7hYAASr9gTlbpBExbZuChgLpaYENyFJkUWZvGzugII/s320/openssh%20on%20boot.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">After that you can connect to this server via normal SSH client from Linux:</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7QrqQ9Nj7A3Z1EYetBEUj--k5_hB0Eq9Loo0veGja159bi3s7FLtJdawL5L-uS-U3ZcnszlmD5nyZjQCbptFlely6EndScvQCYLWpJ7k8IpDzVlLFhYRIdt8ul0xctOhX3wkel9QUlj0l8JDg_sd4xlLIq1wVQeupRQI-OpPDeLBz6e-MbHiVJKY/s2238/openssh%20window.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1426" data-original-width="2238" height="204" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7QrqQ9Nj7A3Z1EYetBEUj--k5_hB0Eq9Loo0veGja159bi3s7FLtJdawL5L-uS-U3ZcnszlmD5nyZjQCbptFlely6EndScvQCYLWpJ7k8IpDzVlLFhYRIdt8ul0xctOhX3wkel9QUlj0l8JDg_sd4xlLIq1wVQeupRQI-OpPDeLBz6e-MbHiVJKY/s320/openssh%20window.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: left;">Based on this <a href="https://winscp.net/eng/docs/guide_windows_openssh_server">guide</a>.</div><br /><div><br /></div>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-41384216094740606112023-02-01T23:51:00.003+00:002023-02-02T00:03:42.754+00:00How to control RGB leds on Logitech G Pro X keyboard from Linux?<p> Official software is coming only for Windows but fortunately we have nice <a href="https://github.com/MatMoul/g810-led">project</a> for it.</p><p>On Ubuntu or Debian it's very easy to install: </p><p></p><blockquote>sudo apt install -y g810-led</blockquote><p></p><p>Then try setting this thing, it's my favourite one so far:</p><p></p><blockquote>sudo gpro-led -p /usr/share/doc/g810-led/examples/sample_profiles/colors</blockquote><p>Install it as default profile:</p><p></p><blockquote>sudo cp /usr/share/doc/g810-led/examples/sample_profiles/colors /etc/g810-led/profile </blockquote><p></p><p>Example:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6gXjDhmyNmoYmUGJ8qDXDLKhII5-Jsxge2oFvTrBrMJF-aKhM5uS9ZXlu0UeqCv-jdtyHo0Y0ANzhuy0MEJKs1Fv9mYGIP-bhw5kGO3vT1aGOZ_ZtUrqRhksqXCMCd_n3ODkv1n_xroYC_e-slCcRpfC2OAGj8-_mVWg7p4j8Mv412rkEOFJXrxI/s1600/logitech_rgb.jpeg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1200" data-original-width="1600" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6gXjDhmyNmoYmUGJ8qDXDLKhII5-Jsxge2oFvTrBrMJF-aKhM5uS9ZXlu0UeqCv-jdtyHo0Y0ANzhuy0MEJKs1Fv9mYGIP-bhw5kGO3vT1aGOZ_ZtUrqRhksqXCMCd_n3ODkv1n_xroYC_e-slCcRpfC2OAGj8-_mVWg7p4j8Mv412rkEOFJXrxI/s320/logitech_rgb.jpeg" width="320" /></a></div><br /><p><br /></p><p></p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-77978246160801991532023-01-28T00:02:00.006+00:002023-01-28T00:06:52.953+00:00Using Radvd to advertise IPv6 prefix for NAT64<p>Some time ago I published <a href="https://www.stableit.blog/2022/12/nat64-on-debian-12-bookworm-box.html">article</a> about my own NAT64 gateway and configuration for it was quite far away from perfect: </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJAFZIw6ANlXLq3SfTG5AyPERpKvaGmXm_ryh5VegZWMEvrdmreTth_1R9gF9LMi7XM8iChMYLBXsmh5D56k1QjApN_RMl1c65duI7wJ7vfp-oqwkZI0J5vHfDyQDR6isSa9AMepzzTv-0qmkzxHHdwTM_-TKQxJkbu1AXt690ECJV67LlwXKaHJE/s1167/ugly.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="965" data-original-width="1167" height="265" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJAFZIw6ANlXLq3SfTG5AyPERpKvaGmXm_ryh5VegZWMEvrdmreTth_1R9gF9LMi7XM8iChMYLBXsmh5D56k1QjApN_RMl1c65duI7wJ7vfp-oqwkZI0J5vHfDyQDR6isSa9AMepzzTv-0qmkzxHHdwTM_-TKQxJkbu1AXt690ECJV67LlwXKaHJE/s320/ugly.png" width="320" /></a></div><br /><p>It even looks ugly as you need to keep this prefix in mind all the time. IPv6 offers very nice way to announce such prefix from our NAT64 box automatically using RA / Router Advertisement announces.</p><p>To make it possible we need to install package:</p><p></p><blockquote><p>sudo apt-get install -y radvd</p><p></p></blockquote><p>Then we need to create configuration for it in file /etc/radvd.conf :</p><p></p><blockquote><p>interface end0 {</p><p> MinRtrAdvInterval 3;</p><p> MaxRtrAdvInterval 5;</p><p> </p><p> AdvSendAdvert on;</p><p> AdvDefaultLifetime 0;</p><p> route 64:ff9b::/96 {};</p><p>};</p></blockquote><p>With such configuration radvd daemon will advertise that this prefix is accessible via machine's IPv6 address and all hosts in network will be able to use it. </p><p>You will need to replace end0 by name of your external interface of NAT64 box.</p><p>Then start it and enable autostart:</p><p></p><blockquote><p>sudo systemctl enable radvd</p><p>sudo systemctl start radvd</p></blockquote><p>Finally, reboot or disable / enable network on client machine.</p><p>To debug it from client I recommend installing this tool:</p><p></p><blockquote><p>sudo apt install -y radvdump</p><p></p></blockquote><p>Then you need to run application with same name:</p><p></p><blockquote>radvdump</blockquote><p></p><p>And after few seconds you will see banner like this:</p><p></p><blockquote><p>interface enp37s0f0</p><p>{</p><p><span style="white-space: pre;"> </span>AdvSendAdvert on;</p><p><span style="white-space: pre;"> </span># Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump</p><p><span style="white-space: pre;"> </span>AdvManagedFlag off;</p><p><span style="white-space: pre;"> </span>AdvOtherConfigFlag off;</p><p><span style="white-space: pre;"> </span>AdvReachableTime 0;</p><p><span style="white-space: pre;"> </span>AdvRetransTimer 0;</p><p><span style="white-space: pre;"> </span>AdvCurHopLimit 64;</p><p><span style="white-space: pre;"> </span>AdvDefaultLifetime 0;</p><p><span style="white-space: pre;"> </span>AdvHomeAgentFlag off;</p><p><span style="white-space: pre;"> </span>AdvDefaultPreference medium;</p><p><span style="white-space: pre;"> </span>AdvSourceLLAddress on;</p><p><br /></p><p><span style="white-space: pre;"> </span>route 64:ff9b::/96</p><p><span style="white-space: pre;"> </span>{</p><p><span style="white-space: pre;"> </span>AdvRoutePreference medium;</p><p><span style="white-space: pre;"> </span>AdvRouteLifetime 15;</p><p><span style="white-space: pre;"> </span>}; # End of route definition</p><p><br /></p><p>}; # End of interface definition</p><div></div></blockquote><div>In same time your Linux routing table will receive following entry:</div><div><div></div><blockquote><div>sudo ip -6 route|grep ff9</div><div>64:ff9b::/96 via fe80::8832:73ff:fe02:edb6 dev enp37s0f0 proto ra metric 100 pref medium</div></blockquote><div></div></div><div>So we have nice network path towards our NAT64 prefix. That's very convenient and works just fine.</div><p>As final step I can recommend checking that some IPv4 host is accessible via IPv6 NAT64 prefix.</p><p>I've decided to try GitHub:</p><p></p><blockquote><p>ping6 64:ff9b::140.82.121.3 -c 3</p><p>PING 64:ff9b::140.82.121.3(64:ff9b::8c52:7903) 56 data bytes</p><p>64 bytes from 64:ff9b::8c52:7903: icmp_seq=1 ttl=246 time=14.6 ms</p><p>64 bytes from 64:ff9b::8c52:7903: icmp_seq=2 ttl=246 time=14.1 ms</p><p>64 bytes from 64:ff9b::8c52:7903: icmp_seq=3 ttl=246 time=14.2 ms</p><p><br /></p><p>--- 64:ff9b::140.82.121.3 ping statistics ---</p><p>3 packets transmitted, 3 received, 0% packet loss, time 2003ms</p><p>rtt min/avg/max/mdev = 14.145/14.305/14.574/0.190 ms</p><div></div></blockquote><div>This approach highlights great deal of flexibility in IPv6 protocol as it was very easy to add new prefix for our own purposes inside of our own network. </div><div><br /></div><div>I used following articles as basis for my research <a href="https://ungleich.ch/u/blog/ipv6-router-advertisement-without-default-router/">one</a> and <a href="https://gist.github.com/unixfox/98f696318d356de6381779ed3541218d">two</a>. </div><div><br /></div><div>In following release after 2.19 radvd will receive update which will make specific <a href="https://github.com/radvd-project/radvd/pull/179">statement</a> for NAT64 prefix announcements. </div><div><br /></div><p></p><p></p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-77260372576384590692023-01-21T20:03:00.010+00:002023-01-21T20:08:24.413+00:00 Realtek 8153 based USB Ethernet adaptor on Debian Linux<p>I received my Lenovo Ethernet USB 3 adaptor based on Realtek 8153 and it identified well on my PC:</p><p></p><blockquote><p>4021.908466] usb 1-1: USB disconnect, device number 6</p><p>[ 4021.908858] r8152 1-1:1.0 enx606d3cece3ed: Stop submitting intr, status -108</p><p>[ 4023.337656] usb 1-1: new high-speed USB device number 7 using xhci_hcd</p><p>[ 4024.434537] usb 1-1: New USB device found, idVendor=17ef, idProduct=720c, bcdDevice=30.00</p><p>[ 4024.434542] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=6</p><p>[ 4024.434543] usb 1-1: Product: Lenovo USB-C to LAN</p><p>[ 4024.434545] usb 1-1: Manufacturer: Lenovo</p><p>[ 4024.434545] usb 1-1: SerialNumber: ECE3ED000000</p><p>[ 4024.599450] usb 1-1: reset high-speed USB device number 7 using xhci_hcd</p><p>[ 4025.532652] r8152 1-1:1.0: load rtl8153a-3 v2 02/07/20 successfully</p></blockquote><p>Sadly when I plugged it to my SBC RockPro64 I got following:</p><p></p><blockquote><p>[ 4182.236792] usb 7-1: new high-speed USB device number 2 using xhci-hcd</p><p>[ 4182.386057] usb 7-1: New USB device found, idVendor=17ef, idProduct=720c, bcdDevice=30.00</p><p>[ 4182.386108] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=6</p><p>[ 4182.386132] usb 7-1: Product: Lenovo USB-C to LAN</p><p>[ 4182.386152] usb 7-1: Manufacturer: Lenovo</p><p>[ 4182.386171] usb 7-1: SerialNumber: ECE3ED000000</p><p>[ 4182.440134] usbcore: registered new interface driver r8152</p><p>[ 4182.448147] usbcore: registered new interface driver cdc_ether</p><p>[ 4182.610609] usb 7-1: reset high-speed USB device number 2 using xhci-hcd</p><p>[ 4182.800168] r8152 7-1:1.0: firmware: failed to load rtl_nic/rtl8153a-3.fw (-2)</p><p>[ 4182.800868] firmware_class: See https://wiki.debian.org/Firmware for information about missing firmware</p><p>[ 4182.801738] r8152 7-1:1.0: firmware: failed to load rtl_nic/rtl8153a-3.fw (-2)</p><p>[ 4182.802385] r8152 7-1:1.0: Direct firmware load for rtl_nic/rtl8153a-3.fw failed with error -2</p><p>[ 4182.802401] r8152 7-1:1.0: unable to load firmware patch rtl_nic/rtl8153a-3.fw (-2)</p><p>[ 4182.839821] r8152 7-1:1.0 eth0: v1.12.13</p><p>[ 4182.880701] r8152 7-1:1.0 enx606d3cece3ed: renamed from eth0</p></blockquote><p></p><p>To address it we need to add non-free repository to list of standard Ubuntu repos by adding non-free after main in /etc/apt/sources.list like this:</p><p></p><blockquote><p>deb http://deb.debian.org/debian/ debian-code-name main non-free</p></blockquote><p>And then install firmwares:</p><p></p><blockquote><p>sudo apt-get update</p><p>sudo apt-get install -y firmware-realtek </p></blockquote><p></p><p>After that unplug USB adaptor and plug it again.</p><p>In my case I got following successful identification: </p><p></p><blockquote><p>[ 4778.769681] usb 7-1: new high-speed USB device number 4 using xhci-hcd</p><p>[ 4809.225536] usb 7-1: new high-speed USB device number 5 using xhci-hcd</p><p>[ 4809.374948] usb 7-1: New USB device found, idVendor=17ef, idProduct=720c, bcdDevice=30.00</p><p>[ 4809.375000] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=6</p><p>[ 4809.375024] usb 7-1: Product: Lenovo USB-C to LAN</p><p>[ 4809.375044] usb 7-1: Manufacturer: Lenovo</p><p>[ 4809.375063] usb 7-1: SerialNumber: ECE3ED000000</p><p>[ 4809.570774] usb 7-1: reset high-speed USB device number 5 using xhci-hcd</p><p>[ 4809.738340] r8152 7-1:1.0: firmware: direct-loading firmware rtl_nic/rtl8153a-3.fw</p><p>[ 4809.760907] r8152 7-1:1.0: load rtl8153a-3 v2 02/07/20 successfully</p><p>[ 4809.790911] r8152 7-1:1.0 eth0: v1.12.13</p><p>[ 4809.831468] r8152 7-1:1.0 enx606d3cece3ed: renamed from eth0</p></blockquote><p></p><div><br /></div><p><br /></p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-51013498363606434782023-01-18T13:45:00.009+00:002023-01-18T15:26:59.920+00:00spotifyd installation Ubuntu Linux 22.04<p>First of all, we need to install service which can play music from Spotify.</p><p>I'll use <a href="https://github.com/Spotifyd/spotifyd">Spotifyd</a>.</p><p>It's relatively <a href="https://spotifyd.github.io/spotifyd/installation/Ubuntu.html">easy</a> to build as it uses Rust:</p><pre><code class="language-bash hljs"></code></pre><blockquote>sudo apt install libasound2-dev libssl-dev pkg-config cargo<br />git clone https://github.com/Spotifyd/spotifyd.git<br />cd spotifyd<div>cargo build --release</div></blockquote><div>Then you need to create <a href="https://spotifyd.github.io/spotifyd/config/File.html">basic</a> configuration for it which includes login and plain text password. Create configuration folder:</div><blockquote>mkdir ~/.config/spotifyd<div></div></blockquote><div><br /></div><div>Then open file with favourite editor:<br /><blockquote>vim ~/.config/spotifyd/spotifyd.conf</blockquote><br />And then add following:<br /><div></div><blockquote><div>[global]</div><div># Your Spotify account name.</div><div>username = "xxx@gmail.com"</div><div><br /></div><div># Your Spotify account password.</div><div>password = "xxx"</div></blockquote><p>And finally launch daemon:</p><p></p><blockquote>~/spotifyd/target/release/spotifyd --no-daemon </blockquote><p>Then you can see following log messages when you try to play music:</p><p></p><blockquote><p>Loading config from "/home/xxx/.config/spotifyd/spotifyd.conf"</p><p>No proxy specified</p><p>Using software volume controller.</p><p>Connecting to AP "ap.spotify.com:443"</p><p>Authenticated as "xxx" !</p><p>Using Alsa sink with format: S16</p><p>Country: "GB"</p><p>Loading <Damascus> with Spotify URI <spotify:track:xxx></p><p><Damascus> (122880 ms) loaded</p></blockquote><p>For production use I can recommend installing it to /opt:</p><p></p><blockquote>sudo cp ~/spotifyd/target/release/spotifyd /opt/spotifyd</blockquote><p>Then you will need to copy configuration file into system configuration path:</p><p></p><blockquote>sudo cp ~/.config/spotifyd/spotifyd.conf /etc </blockquote><p></p><p></p><p>And creating <a href="https://github.com/Spotifyd/spotifyd/blob/master/contrib/spotifyd.service">systemd</a> unit for it:</p><p></p><blockquote>sudo vim /lib/systemd/system/spotifyd.service</blockquote><p></p><p>With following content:</p><p></p><blockquote><p>[Unit]</p><p>Description=A spotify playing daemon</p><p>Documentation=https://github.com/Spotifyd/spotifyd</p><p>Wants=sound.target</p><p>After=sound.target</p><p>Wants=network-online.target</p><p>After=network-online.target</p><p>[Service]</p><p>ExecStart=/opt/spotifyd --no-daemon</p><p>Restart=always</p><p>RestartSec=12</p><p>[Install]</p><p>WantedBy=default.target</p></blockquote><p>And finally enable start on boot and start Spotifyd daemon:</p><p></p><blockquote>sudo systemctl daemon-reload<br />sudo systemctl enable spotifyd<br />sudo systemctl start spotifyd </blockquote><p></p><p>After that I can recommend checking that daemon started successfully using this command:</p><p></p><blockquote>sudo systemctl status spotifyd</blockquote><p></p><p>Example output:</p><p></p><blockquote><p>spotifyd.service - A spotify playing daemon</p><p> Loaded: loaded (/lib/systemd/system/spotifyd.service; enabled; preset: enabled)</p><p> Active: active (running) since Wed 2023-01-18 14:13:11 GMT; 3s ago</p><p> Docs: https://github.com/Spotifyd/spotifyd</p><p> Main PID: 8963 (spotifyd)</p><p> Tasks: 8 (limit: 4513)</p><p> Memory: 976.0K</p><p> CPU: 30ms</p><p> CGroup: /system.slice/spotifyd.service</p><p> └─8963 /opt/spotifyd --no-daemon</p><p><br /></p><p>Jan 18 14:13:11 rockpro64 systemd[1]: Started A spotify playing daemon.</p><p>Jan 18 14:13:11 rockpro64 spotifyd[8963]: Loading config from "/etc/spotifyd.conf"</p><p>Jan 18 14:13:11 rockpro64 spotifyd[8963]: No proxy specified</p><p>Jan 18 14:13:11 rockpro64 spotifyd[8963]: Using software volume controller.</p><p>Jan 18 14:13:11 rockpro64 spotifyd[8963]: Connecting to AP "ap.spotify.com:443"</p><p>Jan 18 14:13:11 rockpro64 spotifyd[8963]: Authenticated as "xxx" !</p><p>Jan 18 14:13:11 rockpro64 spotifyd[8963]: Country: "GB"</p><p>Jan 18 14:13:11 rockpro64 spotifyd[8963]: Using Alsa sink with format: S16</p></blockquote><p></p><p></p><p>After that you can install <a href="https://github.com/Rigellute/spotify-tui">Spotify console</a> client. If you see any errors from client then you will need to click "d" and select spotifyd as output device. </p><p>The great benefits of SpotifyD that it exposes itself via native Spotify protocol and you will see it in your app from phone or another computer:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSj5YWn9ocLk9Wieyp5mFJVQs_n0VI6xP-LfbqKxlQdTuOOhaeY3CreH0aSkSimfq3zsF94eJzSBTNQPKutOfVNRa1Ow6yuThApF1K8D5eDSRBoLWreMe49N4ZlxVm_mZJ5MAlcTFPt9rqlFnXSGgu-KTkB6periwMPuEPylJE4OtHoex1lRtOcec/s828/spotify.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="282" data-original-width="828" height="109" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSj5YWn9ocLk9Wieyp5mFJVQs_n0VI6xP-LfbqKxlQdTuOOhaeY3CreH0aSkSimfq3zsF94eJzSBTNQPKutOfVNRa1Ow6yuThApF1K8D5eDSRBoLWreMe49N4ZlxVm_mZJ5MAlcTFPt9rqlFnXSGgu-KTkB6periwMPuEPylJE4OtHoex1lRtOcec/s320/spotify.jpeg" width="320" /></a></div><br /><p><br /></p><p><br /></p><p><br /></p><p><br /></p><p> </p><p></p><div></div></div>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-67848526275055431402023-01-15T11:26:00.007+00:002023-01-15T19:21:16.831+00:00CircleCI hardware: January 2023<p>I tried to find information about hardware used by CircleCI in Docker and Machine modes but failed to get any up to date information.</p><p>I'll focus only on largest resource classes available on Free / OSS plan. </p><p>So I decided to use my own instances to get it. Docker Large.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhcXF5n6B8FKVwa4O6IQ2gYxXhlD7FrrWwTQnojNGlDs_GCwr32Fu0dWX-ZCvLqossUXC0kI5AgBmmhuaGpgD3EkZUza0FWmZ5Wt8cmy3-b8GsMte03DS57anXY1-TBLAIIsbdtzvNdzPX0QGVw-tzAD9Jb4cFYboKbFzUAEIxFBJ7Tsv4otBgFGPw" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="173" data-original-width="406" height="136" src="https://blogger.googleusercontent.com/img/a/AVvXsEhcXF5n6B8FKVwa4O6IQ2gYxXhlD7FrrWwTQnojNGlDs_GCwr32Fu0dWX-ZCvLqossUXC0kI5AgBmmhuaGpgD3EkZUza0FWmZ5Wt8cmy3-b8GsMte03DS57anXY1-TBLAIIsbdtzvNdzPX0QGVw-tzAD9Jb4cFYboKbFzUAEIxFBJ7Tsv4otBgFGPw" width="320" /></a></div><br />Internally:<p></p><blockquote><p>processor<span style="white-space: pre;"> </span>: 0</p><p>vendor_id<span style="white-space: pre;"> </span>: GenuineIntel</p><p>cpu family<span style="white-space: pre;"> </span>: 6</p><p>model<span style="white-space: pre;"> </span>: 85</p><p>model name<span style="white-space: pre;"> </span>: Intel(R) Xeon(R) Platinum 8124M CPU @ 3.00GHz</p><p>stepping<span style="white-space: pre;"> </span>: 4</p><p>microcode<span style="white-space: pre;"> </span>: 0x2006c0a</p><p>cpu MHz<span style="white-space: pre;"> </span>: 2999.998</p><p>cache size<span style="white-space: pre;"> </span>: 25344 KB</p><p>physical id<span style="white-space: pre;"> </span>: 0</p><p>siblings<span style="white-space: pre;"> </span>: 36</p><p>core id<span style="white-space: pre;"> </span>: 0</p><p>cpu cores<span style="white-space: pre;"> </span>: 18</p><p>apicid<span style="white-space: pre;"> </span>: 0</p><p>initial apicid<span style="white-space: pre;"> </span>: 0</p><p>fpu<span style="white-space: pre;"> </span>: yes</p><p>fpu_exception<span style="white-space: pre;"> </span>: yes</p><p>cpuid level<span style="white-space: pre;"> </span>: 13</p><p>wp<span style="white-space: pre;"> </span>: yes</p><p>flags<span style="white-space: pre;"> </span>: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq monitor ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx avx512f avx512dq rdseed adx smap clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves ida arat pku ospke</p><p>bugs<span style="white-space: pre;"> </span>: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit mmio_stale_data retbleed</p><p>bogomips<span style="white-space: pre;"> </span>: 5999.99</p><p>clflush size<span style="white-space: pre;"> </span>: 64</p><p>cache_alignment<span style="white-space: pre;"> </span>: 64</p><p>address sizes<span style="white-space: pre;"> </span>: 46 bits physical, 48 bits virtual</p><p>power management:</p></blockquote><p>According to specs this runner allows you to use <a href="https://circleci.com/product/features/resource-classes/">4 CPU</a> cores and 8G of memory.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhz3uiFMG-QdAcurt0z1YpDn-DunK0t8_YgeHQt9iEZjq6gpz1KojPJG0geYnVFAqJ0Bl6q5qHr1R5jhP4UteiV9jVJb0utwEJlJupkF7I_fnX8vXTsnkQiSd94mYF-t4oPt45ymoakCRUu_kssJ4JHA_F4A47KHjx5AJDK5U6JV9OiBdQU9Tl2tlQ" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="156" data-original-width="2299" height="22" src="https://blogger.googleusercontent.com/img/a/AVvXsEhz3uiFMG-QdAcurt0z1YpDn-DunK0t8_YgeHQt9iEZjq6gpz1KojPJG0geYnVFAqJ0Bl6q5qHr1R5jhP4UteiV9jVJb0utwEJlJupkF7I_fnX8vXTsnkQiSd94mYF-t4oPt45ymoakCRUu_kssJ4JHA_F4A47KHjx5AJDK5U6JV9OiBdQU9Tl2tlQ" width="320" /></a></div><br /><br /><p></p><p>I can clearly see that it can use all 4 CPU cores:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgZXbG4Uodq1kYwImZBjYjDlfY-89TpfNPRNNp5qcZxX1IclYBH3mnTZGX1Cqo0kfSwvDMofgdXEolkVe2l1ejLOj8enOhDwe6qQM_SSFPBIj8VHZXPglvJRqUCpX38-v4HGxBmxu7y0Sc0FSbhYstfdTtfJQkYpGevsRXbUFKspROjrejtZldZkrc" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="410" data-original-width="1646" height="80" src="https://blogger.googleusercontent.com/img/a/AVvXsEgZXbG4Uodq1kYwImZBjYjDlfY-89TpfNPRNNp5qcZxX1IclYBH3mnTZGX1Cqo0kfSwvDMofgdXEolkVe2l1ejLOj8enOhDwe6qQM_SSFPBIj8VHZXPglvJRqUCpX38-v4HGxBmxu7y0Sc0FSbhYstfdTtfJQkYpGevsRXbUFKspROjrejtZldZkrc" width="320" /></a></div><br />Physical machine is not very overloaded from my perspective but it's clearly busy:<p></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEijzUDdnH7-g_-x18GCa76xu2KBYmhEAz9Dlo0TkyZD5vN1yqkAhmCXV3PewC_10zDixEYsrUGCBf23pTZeH7D2l61httP39QgX2poD-rq3up7kTcdRCUgirFDxN-3aAiwDhNWAWdjzwNqRD6LUtUehaabWeezthwPoBAJX3QOFeklc5vXZMm9H4LM" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="274" data-original-width="2848" height="31" src="https://blogger.googleusercontent.com/img/a/AVvXsEijzUDdnH7-g_-x18GCa76xu2KBYmhEAz9Dlo0TkyZD5vN1yqkAhmCXV3PewC_10zDixEYsrUGCBf23pTZeH7D2l61httP39QgX2poD-rq3up7kTcdRCUgirFDxN-3aAiwDhNWAWdjzwNqRD6LUtUehaabWeezthwPoBAJX3QOFeklc5vXZMm9H4LM" width="320" /></a></div><br /> Let's talk about Machine executor "Linux Large" which is VM.<div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhDkfmLaCxisKWnscGvJTohLb7JvWHAy4Z9cPRKt3UUfXkhnGUF1EIkrOvNmjsVe1alswBpf82WEtlGHr3BLZuE1trYmPIgkvNL_0ZP3hmHC6HQhqQbOQ9jsEzmNioQHLu0qcJNFX0TbHEOwdh6ic4oEMxYE4xKmF2ko4XO0acIHUS8z4Ouvh7OdP4" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="173" data-original-width="520" height="106" src="https://blogger.googleusercontent.com/img/a/AVvXsEhDkfmLaCxisKWnscGvJTohLb7JvWHAy4Z9cPRKt3UUfXkhnGUF1EIkrOvNmjsVe1alswBpf82WEtlGHr3BLZuE1trYmPIgkvNL_0ZP3hmHC6HQhqQbOQ9jsEzmNioQHLu0qcJNFX0TbHEOwdh6ic4oEMxYE4xKmF2ko4XO0acIHUS8z4Ouvh7OdP4" width="320" /></a></div>This one has same number of CPU cores but has more memory:</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh4eoEbswdmFpEhck8R7CRB9fhfyvHZHSrXTjAZlyujkz7LBKOca5Okuebg_DrlLQ_4CoJuPXqE2yAtd5jfCztnKZESAiVuM_KcIwVuRRuXVlJqwt_YHmP_0Wvk8yzpaxZ-3XA490-ZE4c8eMV2mMg_GdOATmyDyj4G8rgcg0TFjC3PMpqr9ZlQrVY" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="148" data-original-width="2287" height="21" src="https://blogger.googleusercontent.com/img/a/AVvXsEh4eoEbswdmFpEhck8R7CRB9fhfyvHZHSrXTjAZlyujkz7LBKOca5Okuebg_DrlLQ_4CoJuPXqE2yAtd5jfCztnKZESAiVuM_KcIwVuRRuXVlJqwt_YHmP_0Wvk8yzpaxZ-3XA490-ZE4c8eMV2mMg_GdOATmyDyj4G8rgcg0TFjC3PMpqr9ZlQrVY" width="320" /></a></div><br />Considering same cost of Docker Large and Machine Large (20 credits) Machine option looks more attractive.</div><div><br /></div><div>CPU:</div><div><br /></div><div><div></div></div><blockquote><div><div>processor<span style="white-space: pre;"> </span>: 0</div><div>vendor_id<span style="white-space: pre;"> </span>: GenuineIntel</div><div>cpu family<span style="white-space: pre;"> </span>: 6</div><div>model<span style="white-space: pre;"> </span>: 106</div><div>model name<span style="white-space: pre;"> </span>: Intel(R) Xeon(R) Platinum 8375C CPU @ 2.90GHz</div><div>stepping<span style="white-space: pre;"> </span>: 6</div><div>microcode<span style="white-space: pre;"> </span>: 0xd000331</div><div>cpu MHz<span style="white-space: pre;"> </span>: 2899.970</div><div>cache size<span style="white-space: pre;"> </span>: 55296 KB</div><div>physical id<span style="white-space: pre;"> </span>: 0</div><div>siblings<span style="white-space: pre;"> </span>: 4</div><div>core id<span style="white-space: pre;"> </span>: 0</div><div>cpu cores<span style="white-space: pre;"> </span>: 2</div><div>apicid<span style="white-space: pre;"> </span>: 0</div><div>initial apicid<span style="white-space: pre;"> </span>: 0</div><div>fpu<span style="white-space: pre;"> </span>: yes</div><div>fpu_exception<span style="white-space: pre;"> </span>: yes</div><div>cpuid level<span style="white-space: pre;"> </span>: 27</div><div>wp<span style="white-space: pre;"> </span>: yes</div><div>flags<span style="white-space: pre;"> </span>: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single ssbd ibrs ibpb stibp ibrs_enhanced fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves wbnoinvd ida arat avx512vbmi pku ospke avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg tme avx512_vpopcntdq rdpid md_clear flush_l1d arch_capabilities</div><div>bugs<span style="white-space: pre;"> </span>: spectre_v1 spectre_v2 spec_store_bypass swapgs mmio_stale_data eibrs_pbrsb</div><div>bogomips<span style="white-space: pre;"> </span>: 5799.94</div><div>clflush size<span style="white-space: pre;"> </span>: 64</div><div>cache_alignment<span style="white-space: pre;"> </span>: 64</div><div>address sizes<span style="white-space: pre;"> </span>: 46 bits physical, 48 bits virtual</div><div>power management:</div></div><div></div></blockquote><div>This machine is clearly 100% allocated only for us and I can see how my code uses all available CPU resources:</div><div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjeiQ_lr2XimhdkAjx4sTOoeyEcueB1fqw5iyJOeDXT-rTY23dFCbs25T-7CnWyezfVCGDhsD_FhS8cwmsATwuTZBiwIVS3MCosFBAY2cjzdxcrsowTYoz9LNjtJk18wnNfLam3-4UoCRWgBdME8EWSy5gPEZbmEvDwI-BX4BsTYHx8kznwxVw3LkE" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="506" data-original-width="3038" height="53" src="https://blogger.googleusercontent.com/img/a/AVvXsEjeiQ_lr2XimhdkAjx4sTOoeyEcueB1fqw5iyJOeDXT-rTY23dFCbs25T-7CnWyezfVCGDhsD_FhS8cwmsATwuTZBiwIVS3MCosFBAY2cjzdxcrsowTYoz9LNjtJk18wnNfLam3-4UoCRWgBdME8EWSy5gPEZbmEvDwI-BX4BsTYHx8kznwxVw3LkE" width="320" /></a></div><br />It's clearly AWS EC2 instance but we can try getting more information about instance type using <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html">metadata</a> query:</div><div></div><blockquote><div>curl http://169.254.169.254/latest/meta-data/</div><div></div></blockquote><div>Let's get instance type:</div><div><div></div></div><blockquote><div><div>curl http://169.254.169.254/latest/meta-data/instance-type</div><div>m6i.xlarge</div></div><div></div></blockquote><p>And you can find information about it at <a href="https://aws.amazon.com/ec2/instance-types/m6i/">AWS</a> web site. </p><p>Let's investigate ARM Large VMs.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiaURBy4tHCsboLV7tkrytRd-0ufdDxBYyMMCUfqwEQyVubVz1IIoZn0Ldyu-AFHAIyXuNYKJCuL35JzVWwqGrdYQqzZJZvsjTAeeJQnrc9WB8aLiIWRV8rS68nN5MsVFViWb_Sjfbfq0uCaHmyI0gkpeQtTOU_VvEvCRsitUivQJsxj2Q9fEtJwW0" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="162" data-original-width="578" height="90" src="https://blogger.googleusercontent.com/img/a/AVvXsEiaURBy4tHCsboLV7tkrytRd-0ufdDxBYyMMCUfqwEQyVubVz1IIoZn0Ldyu-AFHAIyXuNYKJCuL35JzVWwqGrdYQqzZJZvsjTAeeJQnrc9WB8aLiIWRV8rS68nN5MsVFViWb_Sjfbfq0uCaHmyI0gkpeQtTOU_VvEvCRsitUivQJsxj2Q9fEtJwW0" width="320" /></a></div>It's clearly AWS too.<p></p><p>CPU information:</p><p></p><blockquote><p>cat /proc/cpuinfo </p><p>processor<span style="white-space: pre;"> </span>: 0</p><p>BogoMIPS<span style="white-space: pre;"> </span>: 243.75</p><p>Features<span style="white-space: pre;"> </span>: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp ssbs</p><p>CPU implementer<span style="white-space: pre;"> </span>: 0x41</p><p>CPU architecture: 8</p><p>CPU variant<span style="white-space: pre;"> </span>: 0x3</p><p>CPU part<span style="white-space: pre;"> </span>: 0xd0c</p><p>CPU revision<span style="white-space: pre;"> </span>: 1</p></blockquote><p>lscpu:</p><blockquote><p>Architecture: aarch64</p><p>CPU op-mode(s): 32-bit, 64-bit</p><p>Byte Order: Little Endian</p><p>CPU(s): 4</p><p>On-line CPU(s) list: 0-3</p><p>Thread(s) per core: 1</p><p>Core(s) per socket: 4</p><p>Socket(s): 1</p><p>NUMA node(s): 1</p><p>Vendor ID: ARM</p><p>Model: 1</p><p>Model name: Neoverse-N1</p><p>Stepping: r3p1</p><p>BogoMIPS: 243.75</p><p>L1d cache: 256 KiB</p><p>L1i cache: 256 KiB</p><p>L2 cache: 4 MiB</p><p>L3 cache: 32 MiB</p><p>NUMA node0 CPU(s): 0-3</p><p>Vulnerability Itlb multihit: Not affected</p><p>Vulnerability L1tf: Not affected</p><p>Vulnerability Mds: Not affected</p><p>Vulnerability Meltdown: Not affected</p><p>Vulnerability Mmio stale data: Not affected</p><p>Vulnerability Retbleed: Not affected</p><p>Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl</p><p>Vulnerability Spectre v1: Mitigation; __user pointer sanitization</p><p>Vulnerability Spectre v2: Mitigation; CSV2, BHB</p><p>Vulnerability Srbds: Not affected</p><p>Vulnerability Tsx async abort: Not affected</p><p>Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm lrcpc dcpop asimddp ssbs</p></blockquote><p></p><div>We can retrieve EC2 instance type using metadata query:</div><div><div></div><blockquote><div>curl http://169.254.169.254/latest/meta-data/instance-type</div><div>m6g.xlarge</div></blockquote><p>It's AWS Graviton2 based instance and you can find more details <a href="https://aws.amazon.com/ec2/instance-types/m6g/">here</a>. </p><div>For full review we can try GCE enabled VM type which can be requested using Android Machine images. </div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjRn2es6-0exQh5hphxCC6v3KFftES9wrh1FMnfykRfkn7zZNX2-Ah6VWP133c6idTu5oEnibiH3Z5oo5tSkJqkQ1xBoBq1elRYIwaaUuCw-JMlLFLBZCjBKww8m1O5tjc5XLDCh8M31W3LRVU_Eoh0AsnVfkal0FbuNVUKUHf_CMRqv0bHZa7giUk" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="150" data-original-width="489" height="98" src="https://blogger.googleusercontent.com/img/a/AVvXsEjRn2es6-0exQh5hphxCC6v3KFftES9wrh1FMnfykRfkn7zZNX2-Ah6VWP133c6idTu5oEnibiH3Z5oo5tSkJqkQ1xBoBq1elRYIwaaUuCw-JMlLFLBZCjBKww8m1O5tjc5XLDCh8M31W3LRVU_Eoh0AsnVfkal0FbuNVUKUHf_CMRqv0bHZa7giUk" width="320" /></a></div><div>CPU:</div></div><p></p><div></div><blockquote><div>processor<span style="white-space: pre;"> </span>: 0</div><div><div><div>vendor_id<span style="white-space: pre;"> </span>: GenuineIntel</div><div>cpu family<span style="white-space: pre;"> </span>: 6</div><div>model<span style="white-space: pre;"> </span>: 63</div><div>model name<span style="white-space: pre;"> </span>: Intel(R) Xeon(R) CPU @ 2.30GHz</div><div>stepping<span style="white-space: pre;"> </span>: 0</div><div>microcode<span style="white-space: pre;"> </span>: 0xffffffff</div><div>cpu MHz<span style="white-space: pre;"> </span>: 2299.998</div><div>cache size<span style="white-space: pre;"> </span>: 46080 KB</div><div>physical id<span style="white-space: pre;"> </span>: 0</div><div>siblings<span style="white-space: pre;"> </span>: 4</div><div>core id<span style="white-space: pre;"> </span>: 0</div><div>cpu cores<span style="white-space: pre;"> </span>: 2</div><div>apicid<span style="white-space: pre;"> </span>: 0</div><div>initial apicid<span style="white-space: pre;"> </span>: 0</div><div>fpu<span style="white-space: pre;"> </span>: yes</div><div>fpu_exception<span style="white-space: pre;"> </span>: yes</div><div>cpuid level<span style="white-space: pre;"> </span>: 13</div><div>wp<span style="white-space: pre;"> </span>: yes</div><div>flags<span style="white-space: pre;"> </span>: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid xsaveopt arat md_clear arch_capabilities</div><div>bugs<span style="white-space: pre;"> </span>: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs</div><div>bogomips<span style="white-space: pre;"> </span>: 4599.99</div><div>clflush size<span style="white-space: pre;"> </span>: 64</div><div>cache_alignment<span style="white-space: pre;"> </span>: 64</div><div>address sizes<span style="white-space: pre;"> </span>: 46 bits physical, 48 bits virtual</div><div>power management:</div></div></div></blockquote><div><div><div></div></div><div>Then retrieve instance type using GCE metadata API:</div></div><div><div></div></div><blockquote><div><div>curl "http://metadata.google.internal/computeMetadata/v1/instance/machine-type" -H "Metadata-Flavor: Google"; echo -e "\n"</div><div>projects/1027915545528/machineTypes/n1-standard-4</div></div></blockquote><p>It's n1-standard-4 and you can find official documentation about it <a href="https://cloud.google.com/compute/docs/general-purpose-machines#n1_machines">here</a>. </p><p>Data as table:</p><p></p><ul><li>Machine Linux large: AWS EC2 m6i.xlarge</li><li>Machine Linux large / Android image: GCE n1-standard-4</li><li>ARM Linux Large: AWS EC2 m6g.xlarge</li></ul><p>I'll do performance comparisons between Docker and VMs in future posts. </p></div><div><blockquote><p> </p></blockquote></div>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-21427248040360003402023-01-11T15:30:00.004+00:002023-01-21T19:57:40.792+00:00USB-3 Gigabit 1G Ethernet card<p>I'm playing with my SBC Rock64Pro and found myself limited by single Ethernet port.</p><p>So I decided to find decent Ethernet adapter with USB-3 support.</p><p>Fortunately, I found really nice <a href="https://tomcore.io/docs/articles/RaspberryPI/raspberry-pi-4b-usb-network-performance/">blog</a> which compares performance between Realtek RTL8153 based USB Ethernet adapters and ASIX AX88179 based ones.</p><p>Realtek one clearly wins as ASIX shows not very perfect performance and cannot reach 1G in many tests. </p><p>Just for clarity RockPro64 uses RTL8211F based adaptor for onboard ethernet. </p><p><br /></p><blockquote><p></p></blockquote><p><br /></p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-52866004876961588652022-12-31T21:12:00.003+00:002023-10-04T18:57:07.613+01:00NAT64 on Debian 12 Bookworm box<p>Want to be among leading engineers testing IPv6 protocol by disabling IPv4 completely for your PC or laptop but keeping access to obsoleted IPv4 based Internet? </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYeuchtcVD_dFO35I8-h8_W9OTkSpPVCts4yPHZqgXHdmsMPJMLC_o6kUSiidU4N5HdB4XEoQoNlXVhGcjW-8rGalEvIBMpKQPxCUQ-MKMV-ZvVJs3y7mFLWj9kBFdn_TJnDJR_S2PEuJQvfOgaA_1a7uzbDOZ-Cn_RXdX8NsPqH1ss0tWgWRA9j0/s1135/legacy.jpeg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1135" data-original-width="828" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYeuchtcVD_dFO35I8-h8_W9OTkSpPVCts4yPHZqgXHdmsMPJMLC_o6kUSiidU4N5HdB4XEoQoNlXVhGcjW-8rGalEvIBMpKQPxCUQ-MKMV-ZvVJs3y7mFLWj9kBFdn_TJnDJR_S2PEuJQvfOgaA_1a7uzbDOZ-Cn_RXdX8NsPqH1ss0tWgWRA9j0/s320/legacy.jpeg" width="233" /></a></div><br /><p>That's pretty simple and can be accomplished by using NAT64. </p><p>I'll use Debian 12 on my SBC board as server and Ubuntu 22.04 as client. </p><p>First of all you will need to install your own Recursive DNS server. You may use cloud DNS offerings for NAT64 but you still need server for NAT translations and there are no reasons to leak your personal browsing to companies and countries with weak data protection policies. </p><p>I used <a href="https://www.stableit.blog/2022/12/ipv6-friendly-unbound-configuration-for.html">Unbound</a> for my setup and you can use any other guide.</p><p>To enable DNS64 you just need to make few configuration changes for module config:</p><p></p><blockquote><p>module-config: "dns64 validator iterator"</p><p></p></blockquote><p>And then manually add prefix for DNS64:</p><p><span style="white-space: pre;"> </span># DNS64 prefix for NAT64:</p><p><span style="white-space: pre;"> </span>dns64-prefix: 64:ff9b::/96</p><div>Then you need to install Tayga and configure it.</div><div><br /></div><div>Install is simple:</div><div></div><blockquote><div>sudo apt install -y tayga</div></blockquote><p>Configuration is relatively easy too:</p><p></p><blockquote>sudo vim /etc/tayga.conf </blockquote><p></p><p>And then add following (you will need to replace xx by actual IP addresses of your NAT64 server):</p><p></p><blockquote><p>tun-device nat64</p><p># TAYGA's IPv4 address</p><p>ipv4-addr 192.168.1.xx</p><p># TAYGA's IPv6 address</p><p>ipv6-addr XXXX</p><p># The NAT64 prefix.</p><p>prefix 64:ff9b::/96</p><p># Dynamic pool prefix, not clear what is it</p><p>dynamic-pool 192.168.255.0/24</p><p># Persistent data storage directory</p><p>data-dir /var/spool/tayga</p></blockquote><p></p><p> Then apply configuration and enable auto-start:</p><p></p><blockquote><p>sudo systemctl restart tayga</p><p>sudo systemctl enable tayga</p></blockquote><p></p><div>This machine will work as router and we will need to enable forwarding for Linux kernel:</div><div><blockquote>echo -e "net.ipv4.ip_forward=1\nnet.ipv6.conf.all.forwarding=1" | sudo tee /etc/sysctl.d/98-enable-forwarding.conf</blockquote><p>And then apply these changes:</p><p></p><blockquote>sudo sysctl --system </blockquote><p>Then create iptables rules for NAT:</p><p></p><p></p><blockquote><p>sudo iptables -t nat -A POSTROUTING -o nat64 -j MASQUERADE</p><p></p><p>sudo iptables -t nat -A POSTROUTING -s 192.168.255.0/24 -j MASQUERADE </p><p></p></blockquote></div><div>Then I can recommend installing iptables-persistent. It will ask you to save your current confdiguration into file and you will need to confirm it:</div><div></div><blockquote><div>sudo apt install -y iptables-persistent</div><div></div></blockquote><div>After making all these changes I recommend doing full reboot for server to confirm that all daemons started on boot.</div><div><br /></div><div>After that you need to change configuration for client machine in network manager (yes, using UI) that way:</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEh4oT9mJfmNa1alCvinRrsWYUmPxGqUV7pCoroEarQ4E4BerUY6LZW9s8Gb3PffIZlOXR3jzOoWhwRHE8FJtyuA-kZenBqAI4PqqBpcWj1k_NyasbQ8-l6OSumeGk2seTPHDtfdlkUSTq-CELst3IsZRziwMzcqeUZUTXX77OLhm1Tzptcs8a0QRgg" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="965" data-original-width="1167" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEh4oT9mJfmNa1alCvinRrsWYUmPxGqUV7pCoroEarQ4E4BerUY6LZW9s8Gb3PffIZlOXR3jzOoWhwRHE8FJtyuA-kZenBqAI4PqqBpcWj1k_NyasbQ8-l6OSumeGk2seTPHDtfdlkUSTq-CELst3IsZRziwMzcqeUZUTXX77OLhm1Tzptcs8a0QRgg" width="290" /></a></div></div><div>After that you can finally try disabling IPv4 this way:</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEj7LY8YJeybIPT_67EI3CbrMecg2-SzMZ_ClK6j3mSmiN_5pk-DhBfQDhhjuJuDwmiKExO8Oj4XsFuoI3Hm5uOLb3tpw5y0Uh_jvi4WHZrLSSRpkqdwzhPJC9KxZnicW9YKzpMQuau5zE0MAlzuu3i3oQpKef_badrED9VV5c5B30XKJlu7_8AbMMc" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="965" data-original-width="1167" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEj7LY8YJeybIPT_67EI3CbrMecg2-SzMZ_ClK6j3mSmiN_5pk-DhBfQDhhjuJuDwmiKExO8Oj4XsFuoI3Hm5uOLb3tpw5y0Uh_jvi4WHZrLSSRpkqdwzhPJC9KxZnicW9YKzpMQuau5zE0MAlzuu3i3oQpKef_badrED9VV5c5B30XKJlu7_8AbMMc" width="290" /></a></div><br />And checking access to some IPv4 only site like <a href="http://github.com">github.com</a>. </div><div><br /></div><div>Congrats! You may face some issues as some apps may not work and you will need to investigate root cause and kindly ask service provider to fix it. </div><div><br /></div><div>My guide was based on <a href="https://robin.meis.space/2022/05/18/setup-nat64-on-debian-using-unbound-and-tayga/">this</a> one.</div><div><br /></div><div>I have reworked this article and published it on my <a href="https://pavel.network/building-gateway-to-access-legacy-ipv4-internet-from-ipv6-only-work-laptop/">new blog</a>.</div><p><br /></p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-88327704047665815942022-12-31T18:10:00.004+00:002022-12-31T20:27:31.755+00:00IPv6 friendly Unbound configuration for home DNS recursor on SBC<p>I recently discovered how unfriendly is Unbound configuration for Debian installations. I had to spent few hours to craft my own <a href="https://gist.github.com/pavel-odintsov/2367902fe58123d35337d6dc4279f5a7">configuration</a> for it and put it to /etc/unbound/unbound.conf.d/recursor.conf. </p><p>This configuration has preference to use IPv6 for DNS lookup when possible. </p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-32591447197556964652022-12-27T19:08:00.004+00:002023-01-25T18:45:42.180+00:00Installing Debian 12 Bookworm RockPro64 on NVMEFor few last days I've been playing with RockPro64 in attempts to install standard upstream Debian Bookworm on it using standard Debian installer and I succeeded.<div><br /></div><div>To accomplish it I used custom <a href="https://www.stableit.blog/2022/12/boot-rockpro64-from-usb-or-pxe.html">U-Boot</a> to run <a href="https://www.stableit.blog/2022/12/installing-vanilla-debian-11-on-rockpro.html">Debian installer</a> from USB stick:<br /><div><br /></div><div>I used PCI-E adaptor for NVME WD Black SN 750 250G:</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhbzi7q8ILwX3qFzslQtHoeUXhgAUwd2nWn7HnTKvJ6RM1JRAEg0s9AgdqcvmYK_bmwef8T6NhvFgP_x3wGP9U-tCSMpNBbubNou3WkGYVBJByl_JTufSG_HJrrc0NCq640M2OkfbvXp32f2gOBAElyPzMots8CXIIJ7TyWuQNchjYgx1__yN98zI/s1600/wd.jpeg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="1200" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhbzi7q8ILwX3qFzslQtHoeUXhgAUwd2nWn7HnTKvJ6RM1JRAEg0s9AgdqcvmYK_bmwef8T6NhvFgP_x3wGP9U-tCSMpNBbubNou3WkGYVBJByl_JTufSG_HJrrc0NCq640M2OkfbvXp32f2gOBAElyPzMots8CXIIJ7TyWuQNchjYgx1__yN98zI/s320/wd.jpeg" width="240" /></a></div><br /><div>One of the main tricks was to install /boot partition on SD card this way from Debian Installer:</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsDEi1YuehWsRW6gQr-quW3BP4FqVpH9MleYMaeFdUs2uYbxJz3rLzB_qWtGJpvGPD-26P5e-66tQFikNkj6zFkrmHUgq6-pj-fvGSYIrpeaB8wkG7VSFm-vkYAAG3vNILRrMdJwKRJUhyRPzANkWT11W2dDOf3xBkU-SXX83GXHh0zZvgPo9TSkA/s1600/part.jpeg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1200" data-original-width="1600" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsDEi1YuehWsRW6gQr-quW3BP4FqVpH9MleYMaeFdUs2uYbxJz3rLzB_qWtGJpvGPD-26P5e-66tQFikNkj6zFkrmHUgq6-pj-fvGSYIrpeaB8wkG7VSFm-vkYAAG3vNILRrMdJwKRJUhyRPzANkWT11W2dDOf3xBkU-SXX83GXHh0zZvgPo9TSkA/s320/part.jpeg" width="320" /></a></div><br /><div>As you can see I used ext2 partition on SD card for /boot partition. It does not cause any performance issues and significantly simplifies our lives.</div><div><br /></div><div>Finally, I got completely working Debian using upstream / vanilla Debian installer:</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjV0t6PYNgQxU0-Q3jC1PZsQ6sqN0OY92Z9JA1XkvyqNIy78LLQVYllTX9c2B2_aZwgMEDTseQOopPgDsxphiXEivp1Od_-tdkI8mlh24Z1EOP8n9TZukEDzI5dTVRmOj6AUK5--_M-QuWG4jn1WzNbuB6XRfGhhE5VkRKP6mJlXvzU5VjePZ0OM0g" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="370" data-original-width="973" height="122" src="https://blogger.googleusercontent.com/img/a/AVvXsEjV0t6PYNgQxU0-Q3jC1PZsQ6sqN0OY92Z9JA1XkvyqNIy78LLQVYllTX9c2B2_aZwgMEDTseQOopPgDsxphiXEivp1Od_-tdkI8mlh24Z1EOP8n9TZukEDzI5dTVRmOj6AUK5--_M-QuWG4jn1WzNbuB6XRfGhhE5VkRKP6mJlXvzU5VjePZ0OM0g" width="320" /></a></div><div><br /></div>Previously I tried using U-Boot in SPI with USB boot support but it was unable to start from my USB-3 SSD / SATA disk for some reasons. I think it was some kind of issue with Debian installer as installation on USB is quite unusual and I do not blame it for failing.</div><div><br /></div><div>Running RockPro64 from NVME is tricky too and I had no U-Boot with such capability to flesh SPI with it.</div><div><br /></div><div>What is the point to use NVME? Look, perfornance.</div><div><br /></div><div>Compare SD performance:</div><div><div></div><blockquote><div>dd if=/dev/mmcblk1 of=/dev/null bs=1M count=10000 iflag=direct</div><div>10000+0 records in</div><div>10000+0 records out</div><div>10485760000 bytes (10 GB, 9.8 GiB) copied, 454.419 s, 23.1 MB/s</div></blockquote><div></div></div><div><br /></div><div>With NVME:</div><div><div></div><blockquote><div>dd if=/dev/nvme0n1p2 of=/dev/null bs=1M count=10000 iflag=direct</div><div>10000+0 records in</div><div>10000+0 records out</div><div>10485760000 bytes (10 GB, 9.8 GiB) copied, 15.994 s, 656 MB/s</div></blockquote><p>With SATA SSD attached via USB-3 adaptor:</p></div><blockquote><div>sudo dd if=/dev/sda of=/dev/null bs=1M count=10000 iflag=direct</div><div>10000+0 records in<br />10000+0 records out<br />10485760000 bytes (10 GB, 9.8 GiB) copied, 32.7685 s, 320 MB/s </div></blockquote><div><br /><br /><br /></div><div><br /></div><div><br /></div></div>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-1425643606028877942022-12-27T15:10:00.006+00:002022-12-27T15:15:19.783+00:00Boot RockPro64 from USB or PXE<p>By default RockPro64 can boot only from SD or eMMC card. So if you're looking for alternative options then you need to install U-Boot into bundled SPI memory using <a href="https://github.com/ayufan-rock64/linux-build/blob/master/recipes/flash-spi.md">this guide</a>.</p><p>You need to be extremely cautious and do not interrupt procedure after it started. It need around few minutes to finish.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhKLZas2oO7iJp2uTEioIyCAymoro7SHOgc5Nh1lg7SLY7R_cGbtY7u0dwy4S8RtNA5Odyfynhozv4HuYy4WOJ4Pr8ivgKH1aPhXllIAO1TyRnxU7HYtz9prdN-Q7ZGAFiPA1rb7ONUb-ehZBENLiVkAsrtHoes-Ras4z1c9Jl8oyEe_rLHKwKxKY/s2724/SPI.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1386" data-original-width="2724" height="204" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhKLZas2oO7iJp2uTEioIyCAymoro7SHOgc5Nh1lg7SLY7R_cGbtY7u0dwy4S8RtNA5Odyfynhozv4HuYy4WOJ4Pr8ivgKH1aPhXllIAO1TyRnxU7HYtz9prdN-Q7ZGAFiPA1rb7ONUb-ehZBENLiVkAsrtHoes-Ras4z1c9Jl8oyEe_rLHKwKxKY/w400-h204/SPI.png" width="400" /></a></div><br /><p>After that you need to wait for text "SF: ... bytes @ 0x8000 Written: OK" and then wait little bit more until white led on board starts blinking with 1 second interval. It may mean that process finished. </p><p>Then you can power it off and remove SDcard and start normal boot procedure and in this case it will load U-Boot from SPI memory:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgnnMKhQ30Tc180L4aMvkdJbf8DWTyRiA-bDOEor0s2bfiQr0gusODqspTagnXEeVLSgvWwliP4Mivx2RJKz_8ISt_ZfUCpKeFIAbdRfEUuQQch-TfG2-ib2SSuzw1ifVpYLjHhmKXyE_4N4UNm2ExE36O5_QsQlPyRfQB9Du9WTBZhyWSPGxhgCw4" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="768" data-original-width="1956" height="126" src="https://blogger.googleusercontent.com/img/a/AVvXsEgnnMKhQ30Tc180L4aMvkdJbf8DWTyRiA-bDOEor0s2bfiQr0gusODqspTagnXEeVLSgvWwliP4Mivx2RJKz_8ISt_ZfUCpKeFIAbdRfEUuQQch-TfG2-ib2SSuzw1ifVpYLjHhmKXyE_4N4UNm2ExE36O5_QsQlPyRfQB9Du9WTBZhyWSPGxhgCw4" width="320" /></a></div><br />It will try checking your USB devices and then will try to boot from PXE:<p></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhNfGWdjVCw70Q-vH_fReXe5sQQsCPIoNmC7L3i6X9hxYNeh7Sj1hTR8ejlkCcEOqq__W7DjbxSgaD278N_5RnzcwppqZMR0lefaJPVLSnL5Xr80KGBfnhswZ5VPwKAGb0Y5tAhok5TJxn9w_rmqVv3lV4BU2sZ-JIiWNfR5I8_CE68XfXFmTcned0" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="981" data-original-width="1582" height="198" src="https://blogger.googleusercontent.com/img/a/AVvXsEhNfGWdjVCw70Q-vH_fReXe5sQQsCPIoNmC7L3i6X9hxYNeh7Sj1hTR8ejlkCcEOqq__W7DjbxSgaD278N_5RnzcwppqZMR0lefaJPVLSnL5Xr80KGBfnhswZ5VPwKAGb0Y5tAhok5TJxn9w_rmqVv3lV4BU2sZ-JIiWNfR5I8_CE68XfXFmTcned0" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">You can easily check that it works fine by using bootable USB stick with Linux and it was very successful in my case:</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiyfzSUeJJFEG9ZPehOe1JSk8KnHc8HsC8qIIko8aE8vwPJaLZ1CP4HzOjspRSEbq2wYqFCZUG4RGtSQIBhG1e5H3MXEoAd9MrGRmJVa0lHBK3BRT4-8ivj3SESIZLC7O_qp-SYBb9AjgCn6mZRwGNL1KLicqr-7MxWRKFi_wISEnN5Oi6lziK50P8" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1270" data-original-width="1685" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEiyfzSUeJJFEG9ZPehOe1JSk8KnHc8HsC8qIIko8aE8vwPJaLZ1CP4HzOjspRSEbq2wYqFCZUG4RGtSQIBhG1e5H3MXEoAd9MrGRmJVa0lHBK3BRT4-8ivj3SESIZLC7O_qp-SYBb9AjgCn6mZRwGNL1KLicqr-7MxWRKFi_wISEnN5Oi6lziK50P8" width="318" /></a></div><br />In case of RockPro64 you can create bootable USB using <a href="https://www.stableit.blog/2022/12/installing-vanilla-debian-11-on-rockpro.html">official Debian images</a> for RockPro64.</div><p></p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-64813761576750248532022-12-26T21:19:00.009+00:002024-01-18T17:35:32.504+00:00Installing vanilla Debian 11 on RockPro 64 from Ubuntu 22.04<p>That's hard to believe but you actually can use upstream / vanilla images to install Debian for SBC RockPro 64.</p><p>NB! You can find Debian 12 Bookworm images <a href="https://deb.debian.org/debian/dists/bookworm/main/installer-arm64/current/images/netboot/SD-card-images/">here</a>. More options <a href="https://wiki.pine64.org/wiki/ROCKPro64_Software_Releases#Debian">here</a>.</p><p>First download images from <a href="https://d-i.debian.org/daily-images/arm64/daily/netboot/SD-card-images/">official</a> Debian server </p><p></p><blockquote><p>wget https://d-i.debian.org/daily-images/arm64/daily/netboot/SD-card-images/firmware.rockpro64-rk3399.img.gz </p><p>wget https://d-i.debian.org/daily-images/arm64/daily/netboot/SD-card-images/partition.img.gz</p></blockquote><p></p><p>Combine them into single image:</p><p></p><blockquote><p>zcat firmware.rockpro64-rk3399.img.gz partition.img.gz > complete_image.img</p><p></p></blockquote><p>If you like me use USB adaptor for SD card then you need to manually umount partition from console (not from Ubuntu UI as it will unplug device).</p><p>Finally, write it on SD card:</p><p></p><blockquote>sudo dd if=complete_image.img of=your_chosen_boot_device bs=4M</blockquote><p>If you have relatively <a href="https://www.stableit.blog/2022/12/boot-rockpro64-from-usb-or-pxe.html">modern U-Boot</a> installed into SPI you can use USB stick for installation. </p><p>The best option to monitor boot process to have <a href="https://www.stableit.blog/2022/12/jtag-uart-serial-console-access-for.html">serial console</a> enabled but installer is unusable from it and look this way:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbFhZNaOhuS7Vi5Y-tbkcy7-4Ky9lQ7joqM_Gf3UtbvRbc01X2rIcyHjmJ6sD5EsaseJxyy9yCvO_1GjgidAxt-nrED2dyCldu-MLf_T7uz8PLWYmeyxs05HdcP_Se4gklr-lkiAqi5wpNvGvsMnUjtql28G3jyt6wmEiJZyBikWYn1ytGSeU8F54/s2202/debian_installer.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1652" data-original-width="2202" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbFhZNaOhuS7Vi5Y-tbkcy7-4Ky9lQ7joqM_Gf3UtbvRbc01X2rIcyHjmJ6sD5EsaseJxyy9yCvO_1GjgidAxt-nrED2dyCldu-MLf_T7uz8PLWYmeyxs05HdcP_Se4gklr-lkiAqi5wpNvGvsMnUjtql28G3jyt6wmEiJZyBikWYn1ytGSeU8F54/s320/debian_installer.png" width="320" /></a></div><br /><p>Fortunately, at that exactly time you will have HDMI working fine and you can plug external display and continue installation. </p><p>Also you will need proper keyboard for it. </p><p></p><p>Based on <a href="https://wiki.pine64.org/wiki/ROCKPro64_Software_Release">official guide</a>. </p><p><br /></p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0tag:blogger.com,1999:blog-1386140445493682484.post-25286905903934834942022-12-04T16:53:00.002+00:002022-12-04T16:53:21.494+00:00How to create additional access_key and secret_key only for specific Google Storage bucket?<p>It's a great example of task which looks simple but escalates to enormous complexity.</p><p>My task was very simple: create Google Storage Bucket (Same as Amazon AWS S3) and create specific user which can upload data to it without using global system account. I needed access_key and secret_key which are compatible with s3cmd and Amazon S3.</p><p>My plan was to use this key for CI/CD system and reduce potential consequence from leaking this key.</p><p>First of all, we need to enable IAM API open <a href="https://cloud.google.com/iam/docs/creating-managing-service-accounts">link</a> and then click "Enable the IAM API".</p><p>Then we need to create so called "Service account" which will belong to our CI/CD system. To do it open same <a href="https://cloud.google.com/iam/docs/creating-managing-service-accounts">link</a> and scroll to "Creating a service account".</p><p>In my case link was <a href="https://console.cloud.google.com/projectselector2/iam-admin/serviceaccounts?supportedpurview=project">this</a> but it may change with time.</p><p>Then you need to specify project where you keep your bucket.</p><p>Then click "Create service account" on the bottom of page. Fill only name and do not allocate any permisisons for it. It will create service account for you in format: xxxx@project-name.iam.gserviceaccount.com </p><p>Then go to Cloud Storage section in your management console <a href="https://console.cloud.google.com/storage/browser ">link</a> </p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjWfXsfrwwWSvToXTDojCeKrO4D_Acp2ylWw-tks-MOrIa97TOkKzRpZ4TeKm4ftUnRybwDbanLGSo-aK2UHrqmzsuyu18HDj-cCBVAyVs9z0Tva78V2qhEr7oqwCVgqZBmGt4ob-nuRm3tUokZuRL_uu8KZxPqp5REKppJeeSBQRBWnGB6M2yF1FY" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="391" data-original-width="505" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEjWfXsfrwwWSvToXTDojCeKrO4D_Acp2ylWw-tks-MOrIa97TOkKzRpZ4TeKm4ftUnRybwDbanLGSo-aK2UHrqmzsuyu18HDj-cCBVAyVs9z0Tva78V2qhEr7oqwCVgqZBmGt4ob-nuRm3tUokZuRL_uu8KZxPqp5REKppJeeSBQRBWnGB6M2yF1FY" width="310" /></a></div><p></p><p>Select your bucket, go to permissions, click "Grant Access" and in section Principals insert "xxxx@project-name.iam.gserviceaccount.com" then for Assign Roles select "Cloud Storage" on the left side and select "Storage object Admin" on right side then click Save.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiuDYfCuxFI1rkqvsYy0iSz4dZC3nUnXh5TpzGWNegjm0zieR_leo_sXm1zrj8V9YIvxXSUhmwUJweF-Zx7-5Y33JHOrBOZKGPhSkMIqopx_xeF8HPDoEenGVLQPaBpNbXcn125i_CrPgdLaDvVYehSl2jUURnbwZ89LYmxVHEzuuVs0yeY7L1Pgx8" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1241" data-original-width="2265" height="175" src="https://blogger.googleusercontent.com/img/a/AVvXsEiuDYfCuxFI1rkqvsYy0iSz4dZC3nUnXh5TpzGWNegjm0zieR_leo_sXm1zrj8V9YIvxXSUhmwUJweF-Zx7-5Y33JHOrBOZKGPhSkMIqopx_xeF8HPDoEenGVLQPaBpNbXcn125i_CrPgdLaDvVYehSl2jUURnbwZ89LYmxVHEzuuVs0yeY7L1Pgx8" width="320" /></a></div><br /><br /><p></p><p>We're not done. We need to create access_key and secret_key for this user.</p><p>To do it open "Cloud Storage" <a href=" https://console.cloud.google.com/storage/browser">section</a> in console. </p><p>On the left side click "Settings". Then on the right side click Interoperability.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjHPsggwzxo1CIheOPT2kQUcxR6psgb7Rpj-mO9GK7vtUueqsQ7AZBEznonyB8TA-YUi7mFYK2qQVOqaTHaoxYQ-s0yC_A2QFBNMTh4Pz1U1deSEVPx5XUKaO_iCttkZSZHhlYgFImHZavJdiYBgrVjU4_mXa77v78zyVQjQv0044QzTvS4gnN62vY" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1259" data-original-width="1733" height="232" src="https://blogger.googleusercontent.com/img/a/AVvXsEjHPsggwzxo1CIheOPT2kQUcxR6psgb7Rpj-mO9GK7vtUueqsQ7AZBEznonyB8TA-YUi7mFYK2qQVOqaTHaoxYQ-s0yC_A2QFBNMTh4Pz1U1deSEVPx5XUKaO_iCttkZSZHhlYgFImHZavJdiYBgrVjU4_mXa77v78zyVQjQv0044QzTvS4gnN62vY" width="320" /></a></div><br /><br /><p></p><p>Then follow to "Access keys for service accounts" and click "Create a key for another service account". In this list select our service account created previously and click create key.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhyDKOQTrO9PSkg0GZvaECEsBOdd1FvgEcvuOiEVegIlhUxjxlBuGHIgf9hIfUIQC9uAMCBPn41Y6ZRdeAclhvAWWRC9J_vdcUNol4rKwnYMEhaflU-CEOs4sPHxYa6k9m6g2y-jAr6BDZXbthk7V-moZcN5J1sMxZKQs3KbpV1RKPA0BGVJsG6sBg" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="115" data-original-width="720" height="51" src="https://blogger.googleusercontent.com/img/a/AVvXsEhyDKOQTrO9PSkg0GZvaECEsBOdd1FvgEcvuOiEVegIlhUxjxlBuGHIgf9hIfUIQC9uAMCBPn41Y6ZRdeAclhvAWWRC9J_vdcUNol4rKwnYMEhaflU-CEOs4sPHxYa6k9m6g2y-jAr6BDZXbthk7V-moZcN5J1sMxZKQs3KbpV1RKPA0BGVJsG6sBg" width="320" /></a></div><br /><p></p><p>Then copy both keys as they will disappear immediately after.</p><p>Then provide both keys as AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as environment variables for s3cmd.</p>Pavel Odintsovhttp://www.blogger.com/profile/05424682716332865946noreply@blogger.com0