Archive for Blog’ Category

19

Jul
2019
Comments Off on Fixing a bricked EdgeRouter Lite

Fixing a bricked EdgeRouter Lite

Last week the EdgeRouter I use for my office did not come back after a reboot or perhaps I was too impatient, so I tried to reset it and that is when things went wrong.

Long story short, somehow I got the router into a state where it would not boot up anymore and the only way into it was the console port, for which I did not have a cable. Then I managed to find an old article which messed up my the routers USB drive so things took a turn for the worst. But fear not, it all worked out in the end, even though the only help I got from UBNT support was absolute zilch.

Here I outline some useful links for anyone else that may run into this issue, but mostly so I have it documented for next time ;). Before I get started here, the credit on everything here goes to others who documented this well on various locations.

Connecting to the console

In order to connect to the console, you will need a USB to RJ45 cable. I bought one off of Amazon which worked great right out of the box for me.

In order to connect (on a Mac), all you need to do is run:

> ls -ltr /dev/*usb*
crw-rw-rw-  1 root  wheel   21,   3 Jul  17 15:48 /dev/cu.usbserial-AI038TPF
crw-rw-rw-  1 root  wheel   21,   2 Jul  17 08:56 /dev/tty.usbserial-AI038TPF

> screen /dev/tty.usbserial-AI038TPF 115200

Useful links

There are a few links that were helpful here and I have them listed here, but I am going to outline what I had to do ultimately since I followed the first one and it messed me up more.

(ARCHIVED) EdgeRouter – Last Resort Recovery – DO NOT USE, Only as reference.

Recovering an unresponsive Ubiquiti EdgeRouter Lite router – DO NOT USE, Only as reference

EdgeRouter – Manual TFTP Recovery – Try this link first.

mkeosfs – easily generate USB image for EdgeRouter

mkeosimg

The third link above is perhaps the first thing you should try if you have not messed up your router bad enough, but I had to use the 4th and 5th links.

The EdgeRouter’s USB Drive

I kept reading about this, and could not believe that there was a usb drive in the edge router, but I guess ultimately that was a good design for when it goes bad and these routers used to have a history of the drives going bad.

There are three screws on the back of the router that you can open and the router comes apart (Note: you may void your warranty by doing this). Then the flash drive is right in your face.

ER-Lite with the USB drive pulled out

Recovering the file system

Once the USB drive is unplugged, connect it to your PC/Mac and run the commands to recreate the drive. I found the easiest way was to use the mkeosdrive script provided in the last link above.

I ran the commands below, but if you read the GitHub site properly, there is a way to recreate the drive and include your backup in there as well.

# Get the path to the USB drive
> sudo disk -l

# Then run the command to create the drive
> sudo ./mkeosdrive /dev/sdb ER-e100.v2.0.4.5199165.tar

Rebooting the router

Once the USB drive is ready, plug it back into your router, close things up. Then just wire it up and wait for it to boot. It should be back to normal.

I also found other links where folks talk about creating a backup of the USB drive in case something like this happens again, but what are the chances of that……right? 😉

read more

15

Apr
2018
Comments Off on Dealing with SQLite files in mobile apps

Dealing with SQLite files in mobile apps

Recently I found myself wanting to inspect what was in the application database outside of the mobile application I was working on, which as usual lead me to search for a solution on DuckDuckGo. I found a great link here, which basically says:
  1. Download and install SQLite command line tools if necessary (OSX comes with one).
  2. Find the SQLite file you want to inspect. In my case it was at:
    /Users/<username>/Library/Developer/CoreSimulator/Devices/<Simulator device ID>/data/Containers/Data/Application/<App id>/Library/Private\ Documents/_alloy_.sql
  3. Run the command to open the datbase and inspect it:
    1
    2
    3
    4
    5
    6
    7
    
    sqlite3 /Users/<username>/Library/Developer/CoreSimulator/Devices/<Simulator device ID>/data/Containers/Data/Application/<App id>/Library/Private\ Documents/_alloy_.sql
    sqlite> .tables
    user      order       item
    sqlite> .schema user
    CREATE TABLE user (id INETGER PRIMARY KEY, uname TEXT, fname TEXT, lname TEXT);
    sqlite>select * from user;
    1|jsmith|John|Smith
  4. read more

11

Apr
2018
Comments Off on How to determine and set your default java version on OSX

How to determine and set your default java version on OSX

Open terminal and do the following:
[korey@localhost ~]$ cd /Library/Java/JavaVirtualMachines
[korey@localhost /Library/Java/JavaVirtualMachines]$ ls -al
This will give you a list of JDKs that you have installed. To set the default java version to 1.8.0_131 for example, use the following command:
[korey@localhost ~]$ /usr/libexec/java_home -v 1.8.0_131 --exec javac -version
Related link
read more

17

Jan
2018
Comments Off on IoT Devices and Network Security

IoT Devices and Network Security

Image credits: isBuzzNews

This is going to be a multi-part post about securing your home/business network and separating your IoT devices into their own to keep them and yourself “safer”. With the explosion of IoT in the recent years, it is hard to find anything without some sort of “smart” capabilities. Whether it is a TV, Sonos, Nest thermostat, or even a fridge or a washing machine, more and more manufacturers are adding internet capabilities to their devices. This could be a topic of its own, but we are here to discuss network security. For most home owners with regular wireless gateways, there simply isn’t any possibility of creating a complex network with the stock firmware. To boot, most devices encourage or expect you to install the device on the same network as your PC or mobile so it can more easily connect. You have to either be lucky enough to own a router that can be upgraded to one of the open source firmware options, or do your research and purchase a router that is supported. Of those supported devices, you still have to be lucky enough to have one that will work well with the custom firmware. In some cases, you may have poor WiFi signal or lose a WiFi band (more about this later). The other option, is to use a used/cheap business class router. Some of these are actually cheaper than the higher end wireless routers. No matter the path you choose, you have to do lots of searching and learn a lot about networking to be able to do this sort of setup. So for the rest of this article, I’m going to provide an overview of the options and then get deeper into how the network should be setup. Follow up articles will detail specific applications or devices and how they should be setup.

Consumer grade hardware and custom firmware

This is the first option that we talked about. Here you could go with a router like the Asus AC-RT66U or the Linksys WRT series, but make sure to do your due diligence and confirm that the router you have or you want to get is supported. This includes reading the forums on other users that have setup these routers to see if they have run into issues or not. Here are some of your options for custom firmware:
  • DD-WRT – This is perhaps the most popular option and the one with the widest support for consumer grade routers. Its UI layout is smart enough that basic setup should be a breeze, but it is capable of so much more if you spend the time to dig into it.
  • Tomato – This one has a few versions, but I’ve linked to the more popular version of it. This is like DD-WRT on Steriods since it also provides you live refresh and better statistics tracking right out of the box.
  • Advanced Tomato – This is the same as Tomato but with much nicer UI. I really enjoyed using this briefly. If you like Tomato, you’e gonna love this.
  • OpenWRT / LEDE – LEDE was a fork of OpenWRT, but they have recently announced that they are merging again. This has the least number of supported devices and relieves are less frequent, but if you know your networking, its the best option. This is the only one that includes a package manager UI to you can add other packages easily through the UI. This also makes it easier to add functionality that the other firmwares may not provide out of the box.
Note: This is not for the faint of heart. you could brick your router and have a hell of a time getting it back to its stock firmware, so proceed with caution.

Business grade hardware

As a stepping stone, I recommend you play around by installing one of the custom firmwares mentioned previously on the router that you have so you get familiar with the concepts, and once you get fed up of fighting to get things working, you move up to business grade hardware. I am assuming that you are not reading this far unless you’re a noob. The options here are endless and so are the expenses, so I’ll stick to the option that I’ve had experience with (installing at costomer locations), which gives you a big bang for the buck. Ubiquiti! They provide a range of wired and wireless products that are pretty much in line with high end consumer devices in price, but from a stability and functionality perspective, they are flawless (as much as can be). For example, an Edge Router Lite 3 plus a Unifi AC Pro model can cost less than a Linksys Max-Stream AC4000 MU-MIMO Wi-Fi Tri-Band Router and provide way more functionality and most probably better performance. Setting up a network in a 2700sq.ft. space, I ended up replacing two wireless routers, with just the one Unifi AC Pro. Of course had to use the Edge Router Lite as well since the Unifi by itself does not have everything you need, and you may need a (managed) switch as well if setting up a more complex VLAN. The one downside to the Unifi line of products is that they require a controller software be running on a PC or the cloud key so you can control them (i.e. there is no web interface without the controller software), but still this is a great setup.

The Network

Now the real part. As Spiderman’s wise uncle Ben said, “With great power comes great responsibility.” So the more smart devices you have (more power), the more you need to be careful (responsible). There have been numerous articles about many smart devices that have been either communicating in the open (intentionally or otherwise) or are left open to hacking, so it only makes sense to separate these devices from the rest of your network. We’ll start with the base setup and then make things more complicated optionally. Lets talk in more detail about how this should work:
  • VLAN 10 is the business/home network. Computers and devices on this network have full internet access, as well as full access to the IoT network (VLAN 20).
  • VLAN 20 is the IoT network. This network is isolated from both the business/home network and the guest network. You could provide full internet access to this network or optionally limit access here as well to well known protocols like HTTP/S, DNS, NTP, etc.
  • VLAN 30 is the guest network which should not have access to either of the other networks; just Internet. Again, internet access here could be limited to just a few protocols as well. You could further protect yourself and your guests by using the AP isolation feature of your Wireless Access Point if it has it.
Where things get complicated is when you try to setup the firewall rules to make all this work and depending on your router the instructions are different. I’ll cover the details of the setup in future articles.
read more

16

Apr
2017
Comments Off on Solving Appcelerator Compile Issue – Invalid Request

Solving Appcelerator Compile Issue – Invalid Request

After updating the Appcelerator CLI, my build started failing. The log message was not very helpful, but Google was and it lead me to this link. The gist of it is here:
result from /build-verify=> {"success":false,"error":"invalid request","code":"com.appcelerator.security.invalid.session"}, err=null
The answer, perform the following
[korey@localhost ~]$ appc logout                                                                                                                                                                                                                                                
Appcelerator Command-Line Interface, version 6.2.0
Copyright (c) 2014-2017, Appcelerator, Inc.  All Rights Reserved.
 
 
*** Logged Out ***
 
[korey@localhost ~]$ appc login                                                                                                                                                                                                                                                 
Appcelerator Command-Line Interface, version 6.2.0
Copyright (c) 2014-2017, Appcelerator, Inc.  All Rights Reserved.
 
Appcelerator Login required to continue ...
 
? Appcelerator ID: me@company.com
? Password: *********
Generating Developer Certificate and Private/Public Keys...
me@company.com logged into organization company.com [100011118]
read more

28

Jun
2015
Comments Off on Manage Apache on OSX (Updated or Yosemite)

Manage Apache on OSX (Updated or Yosemite)

Here is a little tip for customizing apache on OSX. The first thing you have to do is turn on Web Sharing in your System Preferences. This will start the local Apache server and you can access it by going to http://localhost. From here, you can start modifying it to your will. Apache customization is a big topic and you can find all you need on the Apache website. Here are a few tips:
  • Apache is installed at: /etc/apache2
  • Apache config is at: /etc/apach2/httpd.conf
  • Apache user config is at: /etc/apach2/users/<username>.conf
  • Apache extra config is at: /etc/apach2/extra/*.conf
  • You can customize your own virtual server by modifying: /etc/apach2/users/<username>.conf
  • You can start/stop Apache by:
    • Enabling/disabling Web Sharing in System Preferences
    • running the following in terminal:
      sudo apachectl <start|stop|restart>
In order for you to get going and have a user directory, you will need to make sure the following is done.
  • Create folder to host your files (e.g. /Users/<my_username>/Sites/)
  • Create an index file in the above folder with a message so you know when it is working.
  • In /etc/apach2/httpd.conf, make sure:
    • userdir_module is loaded (i.e. not commented out).
      LoadModule userdir_module libexec/apache2/mod_userdir.so
    • httpd-userdir.conf is included.
      Include /etc/apache2/extra/httpd-userdir.conf
  • In /etc/apache2/extra/httpd-userdir.conf, make sure that user configuration files are included.
    Include /private/etc/apache2/users/*.conf
  • In /etc/apache2/users, make sure to create a user file for yourself (note: you will have to use sudo to make sure permissions on the file are set to 644 and owned by root:wheel).
    /etc/apache2/users/<my_username>.conf
    Contents:
    <Directory "/Users/<my_username>/Sites/">
      Options Indexes MultiViews
      AllowOverride All
      Require all granted
      DirectoryIndex index.html
    </Directory>
At this point you can should be able to start (or restart) Apache and test your setup. http://localhost/~<my_username>
read more

10

Apr
2015
Comments Off on Have you ordered your Apple Watch?

Have you ordered your Apple Watch?

awatchThe Apple Watch went on sale starting 3AM EST this morning, and its shipping date has already slipped to June, but was it a success? This is exactly what many are trying to determine since Apple got super smart about how it handled the launch. While you can go to an Apple Store to get a feel for the new gadget, you cannot buy one in store. Instead, you will have to go to the Apple Online Store to order it. In this way, Apple can shield itself in case the launch is not the success many have come to expect since it will not release those numbers immediately or even at all unless they are record breaking. Given how expensive the watch is, and how people have come to expect their electronics to be replaced every year with the latest iteration, I know many folks who are very skeptical. More specifically, the first iteration of many products is never as good as the second. Remember the iPad 2? it was the longest lasting Apple gadget that I recall….in fact it is still relevant and upgradable to iOS8. So the big question here is will Apple release a new watch next year? I certainly hope that the Apple Watch has a much slower release cycle than other Apple products given its cost. Most likely future versions will just be iterative improvements in battery and screen, rather than a complete replacement like the iPhone’s current 2 year life cycle. Only time will tell now.
read more

18

Mar
2015

Getting Fancy with Terminal

One of my recent adventures into NodeJS has led me down the path of MEAN and reading various articles on that, I came across various Terminal alternatives and enhancements. I know, I know, I am late to the party, but when I saw FishShell, I was sold. Then I saw Powerline and liked that too, so here is how to set these up. First thing is to make sure you have Homebrew installed. Then you can install fish simply by running the following command:
[korey@localhost ~]$ brew install fish
Now that fish is installed, you will have a few options in making it your default shell. Homebrew provides instructions already, but I just wanted it on my account for Terminal, so I changed the shell command in Terminal’s preferences. term_prefs Great, now you can use fish anytime you open terminal, but what about getting Powerline setup? The instructions are here, but I will include what I did here for completeness.
[korey@localhost ~]$ brew install python
[korey@localhost ~]$ pip install powerline-status
The next step is to install the patched fonts so your prompt will not have strange characters on it. For this part, you need to download the patched fonts zip from github, and then run the install.sh script included there. The last step here is equally important; you should change the font used by your selected terminal profile to one of the fonts for Powerline. term_prefs2 Now that Powerline is installed, you will need to update your Fish config to load it.
[korey@localhost ~]$ vi ~/.config/fish/config.fish
# source autojump
[ -f /usr/local/share/autojump/autojump.fish ]; and . /usr/local/share/autojump/autojump.fish
 
#source powerline
set fish_function_path $fish_function_path "/usr/local/lib/python2.7/site-packages/powerline/bindings/fish"
powerline-setup
My last step was to install auto jump, which is another great tool and you can see that it has also been included in the above listing in my Fish config.
[korey@localhost ~]$ brew install autojump
You should now end up with a autocomplete terminal similar to this: terminal
read more

17

Mar
2015
Comments Off on Installing MongoDB on OSX (Yosemite)

Installing MongoDB on OSX (Yosemite)

Installing MongoDB on OS X is an easy task. However, if you want the service to start each time your computer is restarted, some additional effort is required. The easiest way to get MongoDB installers is to use Homebrew.
[korey@localhost ~]$ brew install mongodb
At this point MongoDB is installed. To start it manually, first create the location where the DB will be stored (default is /data/db):
[korey@localhost ~]$ mkdir /data/db
[korey@localhost ~]$ mongd
Note that the user running mongod needs to have write access to the DB folder. The downside here is that the DB needs to be started manually each time and it will run as your userid. In order to automatically start the service, it is necessary to create a LaunchDaemon which will allow the service to start as soon as the computer starts.
    1. The first step is to create a service account so the service does not run as root. 2. Next, is to create a proper location for the log and database location:
    [korey@localhost ~]$ sudo mkdir -p /var/lib/mongodb
    [korey@localhost ~]$ sudo mkdir -p /var/log/mongo
    [korey@localhost ~]$ sudo chown -R _mongo:_mongo /var/lib/mongodb
    [korey@localhost ~]$ sudo chown -R _mongo:_mongo /var/log/mongo
    3. Now that we have an account and location, it is time to create the daemon plist file:
    <!--?xml version="1.0" encoding="UTF-8"?-->
     
     
     
        Label
        org.mongo.mongod
        ProgramArguments
     
          /usr/local/bin/mongod
          --dbpath
          /var/lib/mongodb/
          --logpath
          /var/log/mongo/mongodb.log
     
        KeepAlive
     
        UserName
        _mongo
        GroupName
        _mongo
    Store this file at: /Library/LaunchDaemons and name it: org.mongo.mongod.plist.
Now you can start and stop the service without having to restart your computer by using the following commands:
[korey@localhost ~]$ sudo launchctl load /Library/LaunchDaemons/org.mongo.mongod.plist
[korey@localhost ~]$ sudo launchctl unload /Library/LaunchDaemons/org.mongo.mongod.plist
read more

17

Mar
2015
Comments Off on Creating a service account on OS X (Yosemite)

Creating a service account on OS X (Yosemite)

Creating service users on OS X is not as straight forward as doing so on Linux system.  For starters, the useradd command is not available. So in order to perform the same action on OS X, open a terminal window and run the following commands. For this example, I will create a group and user in order to run MongoDB.
[korey@localhost ~]$ sudo dscl . -list /Users UniqueID
_amavisd                83
_appleevents            55
_appowner               87
_appserver              79
_ard                    67
_assetcache             235
_astris                 245
_atsserver              97
_avbdeviced             229
_calendar               93
_ces                    32
_clamav                 82
_coreaudiod             202
_coremediaiod           236
_cvmsroot               212
....
The above command lists all the current users along with their UID. This is necessary so that we can pick an unused ID below 500 (UIDs above 500 are for normal users). You can run the same command with /Groups instead of /Users to get a list of groups. First, lets create a group for the users with the same name:
[korey@localhost ~]$ sudo dscl . -create /Groups/_mongo gid 300
[korey@localhost ~]$ sudo dscl . -create /Groups/_mongo RealName "Mongo DB Server Group"
[korey@localhost ~]$ sudo dscl . -create /Groups/_mongo passwd "*"
As you can see the group ID is set to 300, and the password is set to “*”. This is a special password not to allow logins as that group of user. I am not certain if this is necessary, but looking at other similar groups on OS X, it seems to be the right way to do this. Now, lets create the user and make sure that it will not show up as a user on the login screen:
[korey@localhost ~]$ sudo dscl . -create /Users/_mongo
[korey@localhost ~]$ sudo dscl . -create /Users/_mongo uid 300
[korey@localhost ~]$ sudo dscl . -create /Users/_mongo gid 300
[korey@localhost ~]$ sudo dscl . -create /Users/_mongo NFSHomeDirectory /var/empty
[korey@localhost ~]$ sudo dscl . -create /Users/_mongo UserShell /usr/bin/false
[korey@localhost ~]$ sudo dscl . -create /Users/_mongo RealName "Mongo DB Server"
[korey@localhost ~]$ sudo dscl . -create /Users/_mongo passwd "*"
At this point, the service account is created, and its primary group set to the one we just created. Setting the shell and home folders are necessary to make sure that the account does not show up on the login screen and to ensure that even if someone does login as that user, they will not have access to anything. Once again, the account password here is set to “*” in order to not allow logins. If you look at /etc/passwd on your OS X machine, you’ll notice that most service accounts are listed in there, but the above account is not. I am not sure if this will be problematic over the long term, but for all intents and purposes, the service account works as expected. Naturally, I searched a good while before I came up with the above command set and here are some links that helped me:
read more

Page 1 of 912345...Last »