The Lone Geek Blog

One geek in a sea of nerds.


Old Calculator for Windows 10

| Comments

Old Calculator for Windows 10

Here’s a little program I found on the net cause I liked the old calculator better. The Win10 calculator app just doesn’t do it for me. Frequently opens up all big and taking up 1/3 of my screen and feels slower to start. The old one is fast, light, and has a smaller UI. :)

Download Link (889KB)

Resizing Root Fs for Ubuntu

| Comments

I needed to resize one of my VMs. This will serve as some better notes than what I see online.

1. Shutdown VM and open the ESXI WEB UI to resize the virtual disk and check a box to force the bios to open on power up.

2. Attach gparted iso to VM then power it up and adjust boot order to boot iso.

3. Once booted, deactivate LVM root volume and resize both extended and logical partitions to max disk size or as desired.

You should see something like this, with different sizes and uuid.

# vgdisplay
  --- Volume group ---
  VG Name               system
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  3
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               1
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               <15.52 GiB
  PE Size               4.00 MiB
  Total PE              3973
  Alloc PE / Size       2437 / <9.52 GiB
  Free  PE / Size       1536 / 6.00 GiB
  VG UUID               rVuKv3-0fim-f6CQ-4HJs-XqnE-Vaec-xc2jr9

4. Extend LVM Volume

# lvextend -l +1536 /dev/mapper/system-root

5. Extend filesystem.

# resize2fs /dev/mapper/system-root

6. End result. More space. :) Enjoy.

# df -h /
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/system-root   16G  8.3G  6.3G  57% /

VM Creation Script for ESXI 6.5 Hosts

| Comments

So I had an idea to make creating VMs a little easier for me instead of clicking a handful of buttons and powering up the VM then waiting for it to install. I found a blog post intended for Mac VMs that was inspired from a now deleted site’s blog post by a guy who needed to make a bunch of them quicker so I forked Tamas’s script (the original one I think) and modified it to create Ubuntu VMs. :) I also added a few scripts of my own that would tell me if a VM was ready and another to give me the IP. I may try to integrate those two at some point.

How does it work?

Glad you asked. wink Basically, you give the script some parameters and it does it’s thing, it mainly needs the name of the VM; the rest is optional. Details on that is in the readme file.

Extended version

The script has a list of defaults you can set so all you need is a name. From those defaults, there’s a list of loops that check for an input and do some error checks then if none is provided, it uses the defaults. It also checks if the datastore and vm name provided exists. If everything checks out, it proceeds to create the directory, VM Disk Image, and the VM file (.vmx) itself populated with a bunch of stuff the hypervisor needs. Once that is done, it then registers and powers on the VM and prints out the config details.

Following all that, I have two scripts to check if it’s ready and print the ip to the console. All the scripts need is the VM ID outputted from the create.sh script.

What I added to the create.sh script

I added support for multiple datastores and put the network name in a variable if one needed to change it for a single instance or something. I also changed the original RAM and VDISK values to suit my needs as well as the guestOS type for the vmx file it makes and set the location to my ISO file.

Feel free to read all the code and compare with the other guy’s repo. I think this script ought to do just nicely. :)

Bonus points

Moving the script from it’s home in the primary datastore to /usr/bin and run auto-backup.sh on the host itself.

Setup windows (via the win10 linux subsystem unless you can make it work with putty or powershell) to create VMs from a cmd or powershell prompt. All you’d need to do is add your public ssh key to /etc/ssh/keys-root/authorized_keys on the host and run the aforementioned backup script. If that backup script isn’t ran, any changes outside of the datastores and what is usually backed up will be lost upon reboot.


I think that’s all. It’s a cool script, props to the guy who made it. I just improved it some. ;) Cheers.

Moving VMDK Images Between ESXI and VBox

I did a thing that works but requires a little manual work to do...

| Comments

About 10 days ago, I decided to shutdown my server because my room was getting uncomfortably hot half way into the night but before I shut it down for the time being, I copied a couple virtual machines over to my continuously running file server that I wanted to remain up. The VM I do my webdev stuff on and a small ftp server for the networked printer to upload scans to.

The process is fairly straight forward. Just download the VMDK disk image to my file server and create a .vbox file for VirtualBox. I kept the virtual NIC’s MAC addresses so they’d get the same IP from my pfsense box but due to NIC driver changes from the differing hypervisors, I had to adjust the network config within the VMs. No biggie.

Gave the webdev vm 2vCPUs and the ftp server got just one and kept the ram allocation the same and it’s almost like nothing happened as far as the guests are concerned. :)

When I decide to start using the room heater / VM box, I can simply shutdown the guests before making minor networking changes again and copy the disk images back over to fire them up on it.

Side note

The space heater computer has got me thinking about a second cooler running machine to run ESXI on as well then it’d be a simple migration to and from as needed or desired. I’m thinking maybe single Xeon E5-something or i7 2nd or 3rd gen cpu with 32GB of ram and about 1TB of disk space ought to do.

Just making a public note. :) Cheers.

Installed an Amp in My Truck

because the factory deck just wasn't loud enough. ;)

| Comments

I installed an amp in my truck 🚚 because I got tired of having to crank it almost to max just to make out words playing in a podcast. The stock unit did ok with music, just lacked any decent power to jam with. Initial testing yielded pleasent results.

Install proceedure is typical. Radio outputs to Amp, Amp outputs to Speakers. Grabbed power from an old unused cigarette lighter and tucked all the wires and amp into the dash. Sounds pretty good for ~$92 on amazon. I have 4 3-way speakers in the truck that was installed a few years ago. I tuned the radio to put more power to the back and reduce the highs from the audio from the fronts.

It sounds good, has better bass now that I don’t need to turn the radio up so loud to hear it. It has me thinking about a subwoofer for that extra thump but I dunno where I’d put it exactly, maybe under the driver seat. ;)


DNS Over TLS Using PFsense

and why you need it.

| Comments

Before I begain, this guy talks a bit about it and does it the “old” way for systems with version 2.4.3 and older.

In version 2.4.4, pfsense was updated to offer support within the webui. Just 3 check boxes and your outgoing dns traffic is encrypted. You can do a packet capture on port 853 of you WAN interface to verify. I did a scan on my network and discovered there is still some plain DNS traffic but I’m unsure what to make of it. Some to microsoft and some to “akadns.org” (some sort of CDN for something). Maybe I need to do some checking at some point.



For those who run unbound on other systems (or older pfsense boxes), you can try this bit of config code to see if it will work for you.

    name: "."
    forward-ssl-upstream: yes
    forward-addr: [email protected]
    forward-addr: [email protected]
    forward-addr: 2606:4700:4700::[email protected]
    forward-addr: 2606:4700:4700::[email protected]

Now to encrypt what little HTTP traffic I have without triggering Amazon and Netflix’s Anti-VPN/Tunneling block…


Creating a Home Based Cloud Service

A log about my home cloud adventure

| Comments

Idea of sorts

For the past few weeks I’ve been poking around on a git repository listing a bunch of self hosted software to get an idea on what to play with on my lab server and maybe keep around and that’s when I came across the “file sharing and synchronization” section. I found some software called Pydio


This one was or is a bit tricky imo. I started out with a simple ubuntu vm (4 vcpu, 4gb ram, 8gb system disk, 20gb data disk), getting that all setup and ready to go for the application; no biggie.

Attempt 1

I got the application running but ran into a tiny issue with fine tuning the datastores portion in order to store all my data in the data disk and not on the system disk. Well, what should have been a simple change of the paths, it kept saving data in the original locations and any attempts to remedy that seem to fail. I can’t seem to get it to cooperate. I’m probably going to wipe the install and mount the data disk to .config/pydio and not worry about changing the paths within the app itself. This seems to be an easier method in my mind.

Attempt 2

Mounted the bigger disk to .config/pydio and now it seems to work. :/ Technology eh?


Tried to change the url in which the application loaded from and well, that just flat out broke it and I can’t find a way to fix it without reinstalling it again. the mysql database is useless, the config still points to the server ip (I wanted to use a local dns name). Oh well. Time to look for another one.


Found an alternative to Pydio after a few google searches. I must say, it was far more easier to do and not so complicated to setup and configure. Just download and run a bash script on a minimal server install. I’ve got it in a VM with 4vCPUs, 1GB RAM, 20GB vDisk and seems far more responsive than Pydio. I’m not sure what to with it for now so I’m gonna shutdown the these two VMs for now to mess with at some point in the future.

I’ll probably finish the config with a reverse proxy and set to auto start with the OS.


I’m probably going to delete pydio and not even bother with it anymore. I don’t even understand where it defines the URLs to it’s various services. I checked the database and the only config file I found in .config/pydio.

I may use Seafile for something, not sure what. Resillo Sync and Dropbox has served me well for local and remote file synchronization respectively. I just want something I can link my parents to so they can upload things to me without bothering with archives or anything complicated.

The adventure continues!

Isolating Machines Within a LAN

Creating a isolated segment within a bigger LAN

| Comments

Today, I decided to try creating a single point to point connection from a host on my LAN to the Pfsense box while at the same time, preventing it from connecting to other devices on the LAN. This is not like a VLAN where you’d have multiple networks on the same wires but I think it similar to how ISPs and some businesses engineer their networks.

I did it by creating a Virtual IP Alias on Pfsense to serve has the gateway with the subnet mask of /22 then assigning the second ip on the client with the virtual ip as the gateway and pointing the dns to that virtual ip as well.

Windows IPv4 Settings Windows IPv4 DNS Settings

I then created aliases to point to the right things. Allow rules for the host to Pfsense and specific hosts on the larger lan. A general deny rule to prevent the isolated host from connecting to any private IP. Pretty basic stuff.

Firewall - Isolated IPs

The goal is to isolate a thing while giving it access to the internet and approved nodes on the LAN. This is one method I’ve thought of outside of replacing all the switches on the network with managed ones for doing VLANS to different physical devices on the network. I don’t believe this is a fool proof method as all it’d take is some program or privileged person with the knowledge to modify the host’s IP settings and bump it back on the main LAN. It should work just fine for what I intend to use it for.

I’m curious to see what kind of security risks this poses to the main LAN should a isolated device become infected with something. Some research is required in the matter.

I think for the first real world test is to assign a computer to the isolated IP for my niece and nephew to use for school work. Maybe I can utilize OpenDNS for content filtering :) and of course, grant them unprivileged permissions on the computer. Microsoft has some parental tools for reporting child activity that could be useful.

That’ll be it for now. Until next time, keep geeking out!

The Pfsense Box - Part 2

An update in my adventures of being a sysadmin at home.

| Comments

The Pfsense box - Part 2

Time for an update. I think I’ve figured out how statefull firewalls work now. I have 7 networks configured on it, 4 of them leading back to virtual networks on my server, one of them intended for the wireless network, a OpenVPN network, and the main one is of course my LAN.

The Networks

  • Main LAN - Has access to everything and consists of anything that can’t be placed on a VLAN yet.
  • WLAN - For wireless traffic but likely will be devoted to guest use. Maybe I’ll setup two, each taking a /25 segment.
  • OpenVPN - Not explicitly configured but can access the LAN and LAB_NET when a client connects remotely.
  • DMZ - Intended for one machine or VM at a time. Has no access to any other local network but machines on the Main LAN can access it, mainly for RDP access. I may fine tune the level of incoming access later for just RDP.
  • LAB_NET - For any VMs I don’t want on the LAN but still want access to. VMs here can access preapproved nodes on the LAN and nothing else.
  • WINLAB - For VMs within my Windows Server AD network. Has no outgoing access to anything. It is just setup so I can RDP to the windows VMs. I need to lock down the incoming ports.

All networks but the WINLAB can access the internet at varying degrees to later be defined. It took 13 months before I finally learned how to properly configure the firewall to allow all this to work. Learning the order of operations, how rules can influence how next one below it works, how deny rules placed before an allow rule can block all but allow some packets to flow or something like that.

The DMZ can ping and lookup dns on the pfsense box, is denied access to all RFC1918 addresses, and is only permitted outgoing traffic for ports 80 and 443 to the WAN.

The LAB_NET has 3 deny rules to WINLAB, DMZ, and VLAN100, 3 allow rules to 3 nodes on the LAN and one LAB_NET to ANY with the destination inverted for the LAN. Blocking all outgoing access to the LAN but the ones I allow.

The WINLAB has no rules defined so pfsense just blocks traffic originating within the network.

^ That feels redundant but w/e.

Everything is subject to change as I learn more and build on it. I am currently working on a way to grant guest access to the WLAN and looking at getting a Ubiquity Unifi WAP to replace the two routers turned WAPs and sharing the same SSIDs and passwords and hopefully gain some much desired wireless performance to boot. Our laptops will need a upgrades to their wireless cards but that would be an easy swap.

Firewall - WAN Firewall - LAN Firewall - WLAN Firewall - DMZ Firewall - LAB_NET

Err, small update. I originally wrote this on July 20th and not long after, I managed to break the config of my pfsense box and find out that the SSD I had installed had partially failed to a read-only state. Not even formattable. So I have to resort to using a usb flash drive and recover the lost config to get what I had recently setup back up and running. I still don’t have Suricata, Squid, or pfBlocker running atm as I need to rebuild the configs for them and setup so that they don’t write to my flash drive and kill it. In due time.

I had just configured pfBlocker and was testing and playing with it when I get this wild idea to make /tmp and /var into ramdisks. Not realizing that /var had at least a gigabyte of logs from Suricata and roughly 60gb of Squid Cache. Welp, the system did NOT like that and refused to boot and had the SSD been writeable, I could have easily reverted and recovered the system. The purpose of the ramdisk? To save writes to a disk with over 5TB of writes since I deployed it and only 50GB of reads. Seems backwards but yeah, bad config.

Now the plan is to either deploy the OS on flash media and save logs and cache to a spinning hard drive. I’d probably only need to just mount the hard drive to /var and /tmp to ram manually in the /etc/fstab file and be set. Perhaps some work in a lab and/or googling might help with this study. :)

So um, cheers. Keep hacking the things!

Car Radio for Powered PC Speakers

A thing about my PC Radio. :)

| Comments

Car Radio for Powered PC Speakers

Here’s a thing I use for sound for my desktop. It’s not a typical set of powered satellite speakers. No, I use a car stereo. Specifically, a Jensen CD6112 the someone gave me. Overall, it’s a good little radio. Any of them will do with the only requirement is a auxiliary input of some kind. 3.5mm or RCA. It sits in a box dad made a long time ago for the purpose of having a home made weather radio during the event of a severe storm. I re-purposed it several years ago for my computer. It had a previously had a radio that could tune to the weather channels but only had a cassette player and FM/AM tuners. That worked for a while till the sound quality got annoying so I installed the Jensen from my old truck that I had no use for. Details I’m not going into.

Anyhow, so I got a box with the radio in it. Now, power is simple. Power comes from a standard 12v 5A brick that is always on. There’s a couple 40w 3-way satalite speakers for sound and wired to the front channels only of the radio. I have a simple antenna that was originally screwed into the box just kinda draped across my door frame. It’s been hanging just fine for years.

Audio from the computer runs thru a 3.5mm standard cable into a kvm and out that to the radio’s rear RCA plugs.

The interesting bit, imo, is how I wired it to turn on. First, there is a 5v relay being powered by my PC that is wired in series of a switch hanging below my secondary monitor. The purpose being is when the switch is on, the radio turns on/off with the computer but I can still turn off the radio when the computer is still on. There is a secondary switch in the box that bypasses both switch+relay, essentially wired in parallel, in case I wanted to play the radio without the computer.

And that is that. To me it’s simple setup. :)

Oh, the sound quality is still better than most pre-built setups you’d get in a electronics store imo. That could be just the speakers themselves but still. They get loud and bassy without the need of any kind of sub. I set the EQ to -2 Treble, +3 Bass.

Cue All About Dat Bass song