Embedded environment monitoring.

Disclaimer: This post has lots of links to the Adafruit website.  There are no referral links, I received no consideration, I just buy parts from there and do cool things with them.

A couple of weeks months ago I did a writeup of a prototype environment monitoring device for my office built out of a Raspberry Pi Zero W and some off the shelf components.  In the time since I've found time here and there to work on the embedded version, which doesn't use a full computer system but a microcontroller with just enough functionality to drive a couple of …

Read more...

Setting up a mail relay server with Postfix, DKIM, and a little Nebula trickery.

Given the proliferation of spam on just about every vaguely workable platform these days it seems sheer insanity to attempt to run your own mail server.  If it's out there, it's ripe for abuse in one way in another.  And yet, e-mail is still probably one of the best ways to get status reports from your machines every day (my SMTP bridge notwithstanding).  It is thus that the default configuration for mail servers these days defaults to "no way in hell will I relay a message for you," which is a net good for the the Internet as a whole …

Read more...

Simple environment monitoring with spare parts.

It's going on summer in the Bay Area, which means that it's warming up a bit both outside and inside (because air conditioning is Not A Thing out here).  That, coupled with the not inconsiderable research infrastructure I have at home has left me wondering and worrying about just how hot my office gets during the day while I'm working.  Now, I could just put a simple little thermometer on my shelf (and I did) but my concerns are a bit bigger than that.  What happens if my office temperature reaches a critical point and servers start melting down on …

Read more...

Extending a wireless network with OpenWRT.

One of my earliest covid-19 lockdown projects was doing a little work on my home wireless network.  I have a fairly nice wireless access point upstairs running OpenWRT, sitting behind the piece-of-shit DSL modem-slash-wireless access point our ISP makes us use.  All of our devices connect to that AP instead of the DSL modem.  Let's call it Upstairs.  However, the dodginess of the construction of our house being what it is (please don't ask), wireless coverage from upstairs isn't the greatest downstairs.  The fix for this, conveniently, is to set up another wireless access point downstairs and connect the two …

Read more...

Faking a telnet server with netcat.

Let's say that you need to be able to access a server somewhere on your network.  This is a pretty common thing to do if you've got a fair amount of infrastructure at home.  But let's say that your computer, for whatever reason, doesn't have the horsepower to run SSH because the crypto used requires math that older systems can't carry out in anything like reasonable time.  This is a not uncommon situation for retrocomputing enthusiasts.  In the days before SSH we used telnet for this, but pretty much the entire Net doesn't anymore because the traffic wasn't encrypted, so …

Read more...

Tunneling across networks with Nebula.

Longtime readers have no doubt observed that I plug a lot weird shit into my exocortex - from bookmark managers to card catalogues to just about anything that has an API.  Sometimes this is fairly straightforward; if it's on the public Net I can get to it (processing that data is a separate issue, of course).  But what about the stuff I have around the lab?  I'm always messing with new toys that are network connected and occasionally useful.  The question is, how do I get it out of the lab and out to my exocortex?  Sometimes I write bots to …

Read more...

Migrating to Restic for offsite backups.

20201023: UPDATE: Added command to clean the local backup cache.

20200426: UPDATE: Fixed the "pruned oldest snapshots" command.

A couple of years back I did a how-to about using a data backup utility called Duplicity to make offsite backups of Leandra to Backblaze B2. (referrer link) It worked just fine; it was stable, it was easy to script, you knew what it was doing.  But over time it started to show its warts, as everything does.  For starters, it was unusually slow when compared to the implementation of rsync Duplicity uses by itself.  I spent some time digging into it …

Read more...

Using Nginx to spoof HTTP Host headers.

EDIT: s/alice.bob.com/alice.example.com/ to fix part of the backstory.

Let's say that you have a server (like Prosody) that has one or more subsystems (like BOSH and Websockets).  You want to stick them behind a web server like Nginx so that they can be accessed via HTTP - let's say that you want a browser to be able to communicate with those subsystems for some reason.  Or more likely you have a web application that needs to communicate with them in the same way (because Javascript).  Assuming that the above features are already enabled in Prosody …

Read more...

Integrating Huginn with a Matrix server.

Throughout this series I've shown you how to set up a Matrix server and client using Synapse and Riot, and make it much more robust as a service by integrating a database server and a mechanism for making VoIP more reliable.  Now we'll wrap it up by doing something neat, building a simple agent network in Huginn to post what I'm listening to into a Matrix Room.  I have an account on libre.fm that my media players log to which we'll be using as our data source.  Of course, this is only a demonstration of the basic technique, you …

Read more...

Making a Matrix server STUN-enabled.

Previously in this series I showed you how to migrate a Matrix server to use Postgres, a database server designed for busy workloads, such as those of a busy chat server.  This time around I'll demonstrate how to integrate Synapse with a STUN/TURN server to make the voice and video conferencing features of the Matrix network more reliable.  It's remarkably easy to do but it does take a little planning.  Here's why I recommend doing this:

If you are reading this, chances are you're behind a NATting firewall, which means that your device doesn't have a publically routable IP …

Read more...