Mosquitto not authorised

So this morning, I found almost all my sensors and modules were unavailable in Home Assistant. I soon realized that something was wrong with my MQTT. I checked my syslog and found out that Mosquitto had been upgraded from 1.6.12 to 2.0.7. Apparently I used snap to install a recent version on my Ubuntu system, and apparently this upgrades automatically.

This was a typical “install and forget” package, a long time ago. I left all the setting to default. I didn’t even create a config file. So now I had to troubleshoot before the whole house woke up and started complaining.

So, first of all, it uses Snap. I found out by using netstat -tupan | grep LISTEN to see the PID that was listening on port 1883. Then ps aux | grep 13479 gave me this:

Snap has it’s own folder structure, so that’s why I couldn’t find /etc/mosquitto/mosquitto.conf or something like that. On this Mosquitto Snap page I found out that instead you go to /var/snap/mosquitto/common. If you go back one folder, you see that common is a symlink to a number. In my case I used to have 387, now it has 533. Anyways, all I found there was a mosquitto_example.conf.

I figured that the default settings didn’t allow anonymous connections anymore. So I copied mosquitto_example.conf to mosquitto.conf in the /var/snap/mosquitto/common folder and started editting. I’ll save you the trouble if you are like my and just want it back the way it was. I needed to uncomment the lines bind_address and allow_anonymous. So the settings are:

Then I found out that sudo systemctl restart mosquitto doesn’t work either. Even the service management of snap packages is different *sigh*.

So with sudo snap services you can list the services that you have installed with snap. To restart my mosquitto I had to do:

Then all devices and services were connecting again, and all came back to normal. Next step is to add authentication and migrate all devices over to an authenticated connection.

I will probably remember that on a next upgrade.

WordPress nginx update problem

So, this post is probably just a reminder for myself. For years now, I had this stupid problem when I wanted to update a plugin or theme on my wordpress site. On my VPS, I also have a cronjob running which takes care of most of the plugin updates automatically. With a bash script I loop through all my wordpress folders on the server, and then use wp-cli to update the stuff I needed.

I always assumed that this mechanism screw up the ability to update by the browser. Maybe file permissions were overwritten, maybe ownership. I always though: I have to look into this some day. Of course, each time I login to my wordpress and I see pending updates, I still try if it maybe magically works this time. Then the sad smiley face shows up, and I have to remove my .maintenance file manually. Very annoying.

Today I found out that when I wanted to browse the detail of the button, this smiley face also turned up. I finally check my console in the browser, and googled the error that was displayed there.

Then I found out about the X-Frame-Options that were indeed set to DENY in my nginx config (in /etc/nginx/snippets/ssl-params.conf).

I commented this line, and now the I-Frame with the plugin details is working again. I expect that this also solves my problem of not being able to update.

 

3 pin DC jack wiring

I didn’t really understand or know about the use of three pins on a DC connector. Until yesterday, when I wanted to add a DC connector to the bedroom light of my son. The parts I used probably doubled our tripled the value of the lamp, but well, since my new hobby is fiddling with Arduino’s I figured I should be able to do this. This way I don’t need to change the batteries every 2 weeks.

So in my quest how to do this, I found this post that says that a DC jack connector with three pins usually have two pins shorted when the DC connector is not plugged in. It’s meant exactly to do this; support battery power and power from the wall socket. In hindsight this post also put my mind on the wrong track, because I thought the pin 2 and 3 were supposed to be +.

When I got my DC Panel Mount Connector I took it to my multimeter to do some measures before blowing up my sons light. I found out that indeed two pins were shorted when the DC adapter wasn’t plugged in. But when I plugged it in, one of the shorted pins turned out to be the -. So now I had an error in my mind; from my point of view, the + and – were upside down.

Turned out they indeed were, but that doesn’t mean it can still work. It took my a while to figure it out, and I couldn’t find a clear instruction or image through google, so for all other newbies.. here we go.

So when you plug in your DC adapter you should be able to find out the plus and min that are now connected. The plus is the inner pin of the jack. One of the other pins is the -. If you touch those, you will read a voltage on your multimeter. You now found pin 1 (positive) and pin 2 (negative).

DC Jack 3 pin wiring

Now when you disconnect the DC, when you put your multimeter in ‘beep’ mode, you can find pin 3 by touching pin 2, and testing the other two. So pin 2 and 3 share the negative side (the -). Black wire. If this is the case, you have the same DC jack as me.

Now, to support both battery and DC adapter, you should connect pin 1 from the DC jack to your positive side of the circuit. The positive side of your battery also goes to this positive side of the circuit (yes, two + wires to the same point).

Pin 2 goes to the negative side of your circuit.

Pin 3 goed to the negative side of your battery. So when DC is unplugged, pin 3 is shorted with pin 2.

Logitech Z-2300 satellite repair

In a previous post I described how you could repair the control pod by replacing the potentiometer. But I had already bought an extra set of these Z-2300 to replace the control pod (which eventually also failed). This extra set was still useful, because I used this on our yearly trip with friends. Our party weekend without kids. This set already has enough volume and an amplifier, so this is much more portable than a normal set of speakers which would need an amplifier.

On those parties, the later it gets, the louder the music is wanted. So eventually the satellites blew up. Normally that would hurt, but since this was a spare set anyways, it didn’t really. I didn’t throw them away yet, and later I tried them again, and indeed, they didn’t sound that well anymore.

So then I figured: why not fix it, since fixing (or at least trying) electronics is my new hobby anyways. I opened the speakers and was a bit disappointed to see that the hole on top of the speaker was pretty much fake. There was only one speaker in there, and the hole wasn’t even open, so I can’t imagine it has a function.

On the other hand; now I only had to replace one speaker instead of two.

So I tried to measure the speakers a bit, and then went to my favorite website.

Soon I found out that all 3″ inch speakers were a bit too big. So then I tried searching for 2.75″ inch speakers.

Then I even found the original Logitech speakers.

 

 

 

 

But for this price I could also buy another set at our local ebay. Also I would probably blow them up again. So I continued my search, and eventually settled for this pair.

The sizes don’t match, but I figured somehow I would fit them in anyways.

So when they arrived I bent the edged so they would be more flat. Then I cut the wholes so I could use a screw with more flesh to fix the speakers in the original housing. This wasn’t really hard to do. I used a flat-nose plier for the bending and a normal cutter to remove the iron at the holes.

 
All sides bent …

Then I replaced the speakers in their holdings. Note that apparently Logitech switched + and -, because the red wire was connected to – and the black to +. I assume they know how to wire their speakers, so I decided to use the size of the connectors on the speaker as reference. So I put the red wire on the smallest connector and the black one on the largest.

My replaced speaker:Yes, the wires needed to be soldered, but that wasn’t really hard to do. Just heat up the iron on the speaker enough so the wire itself can melt.

Then put everything back together and hook ’em up. I must say that I don’t hear much of a difference. But I’m not sure what they will do on a very high volume. They might blow up as easily as the Logitech speakers.

I guess we’ll have to wait and see.

Network share cache

Problem

At work we have an iOS app that is communicating with a windows application. In fact, it communicates to a WAMP (Apache on Windows) server. On the first request, data is being sent, which is then passed to our Windows application. This application creates a PDF report on a network share. This report will then be fetched by the iOS app.

We had a problem though with fetching the content after the process was done creating the PDF. The file was there, but Apache didn’t see it yet, so it returned a 404. We created a workaround by requesting the URL in a for loop to see when the file was available, and then the creation process would end. In the Apache access logs we could see that after retrying for about 10 seconds, the file finally became available to Apache.

Network cache

The webserver is running on a different server as the fileserver. The file is being saved to a location on the file server. So after testing and debugging for a while, we searched how we might improve the performance of the network.

Finally we found this article by Microsoft, which documents some configuration settings that can be set in the registry. I didn’t think this would help, but we tried it anyways.

To my great surprise: it did work! Now the file was already present at the first request that was made by the Apache web server. So our performance increased 10 times.

The settings we added to the registry were:

FileInfoCacheLifetime: set to 1 sec
DirectoryCacheLifetime: set to 1 sec
FileNotFoundCacheLifetime: set to 1 sec

We added this settings on the client machine, so in our case the webserver that is reaching out to the file server. A reboot was not required. The next time we checked, the response was a lot quicker.

So this was a great improvement. We’re not sure yet what the cost of this change is, but since the servers are running on the same virtual platform, I don’t think there will be any downside to this setup. Maybe when you’re on a slow network these settings could make things worse. But for us this really helped.

Hopefully for you too.

Logitech Z-2300 Remote Control Pod fix

TL;DR

If you hear a squeaking sound when you’re using your volume knob, I think it might be the potentiometer that’s broken. I replaced it, and now it works!

My beloved Logitech

The Logitech Z-2300 were my first own computer speakers that I bought. I think I still lived at my parents house. My brother got them first, and they just sounded awesome. I never heard any other computer speaker set sound better than this.

Unfortunately after a few years, the speakers started to make squeaking sounds when I turned the volume knob. Also sometimes one channel failed; I would only hear the left or the right speaker. At this time, Logitech didn’t produce the speakers anymore, so there was no chance of getting them repaired by them.

Replacement control pod

So then of course, you find yourself googling for another solution. The speakers where fine, so it would be such a waste to replace the whole set, just because the volume knob gave up.

The first time I did my research, I found a guy who reverse engineered the thing. Then he designed an improved version of the control pod, which he would sell on ebay. I was almost going to buy this, but with shipping and all, this would cost me over 50 euro’s.

On our local ebay, I found whole sets for the same price as what this replacement pod would cost me.

So this is what I did, I bought a complete set, just to replace the control pod. The other speakers did come in handy though, because I would take them whenever we would go to a party weekend with our friends. I didn’t have to worry anymore if the speakers would get blown up, or flooded in beer.

Meanwhile, I already asked a friend who I knew owned such a set too, if he was still using his set. He wasn’t, so I could get his control pod. It wasn’t until recently though when I got my hands on it, and actually I tried it a few weeks ago.

You can probably guess: same issues.

Schematics found

So eventually I did another round of research, and found this technical guy that took apart the control pod as well and reverse engineered it. He posted his findings in a blog.

I am very interested in electronics, Arduino’s, soldering stuff, but reading this (simple) schematic was a little too complicated for me. If I could order the PCB I would, but the link didn’t work.

In the comments though, the author was kind enough to tell us what potentiometer we would need to replace it.

So I searched on my favorite site AliExpress, and what do you know .. there they were!

For this kind of money I thought I could give it a shot. Well, also because I had two control pods, of which one was already broken anyways. So in this case there wasn’t that much of a risk.

Replacing the POT

To be honest, I did some soldering before, and already had some equipment in home. Not professional stuff, but enough to get me started. My de-soldering techniques are horrible, so I just cut the six legs of the potentiometer on the board. The I cut away the glue with a utility knife.

Then I first started pulling the potentiometer itself, trying not to break the PCB board. Then the potentiometer itself started to break. So I used my pliers to break it apart. There was still some of the potentiometer left on the board, but I stuck my screwdriver under it and started to move it. Eventually the whole thing launched like a rocket.

Now there was room enough. I cut the legs of the potentiometer as high as possible, so that I had enough left on the board to get them with my pliers. Now it was quite easy to de-solder them, because I could pull the remaining legs out one by one while heating it with my soldering iron. I used some de-soldering wick to get the last solder out, and get the holes open again.

I removed some more of that white glue, so make sure the new potentiometer would fit. And it did.

So now it was very easy to solder the new one. Unfortunately I forgot to make a picture of this too, but well, in the end it worked.

This probably won’t solve all the problems with the control pod, but for this kind of money I guess it’s worth a try. It’s also relative easy, because the pod is large, so the item is easy to remove.

Let me know if it worked for you!

Auto update wordpress plugins using WP-CLI

After installing Wordfence to all of my wordpress sites, I receive a dozen e-mails a day about plugins that should be updated. I don’t use many plugins, so usually I just go ahead and update them with wp-cli, because I feel they are safe to update. Main advantage of the wp-cli is that I don’t get http timeouts or stuff like that.

Updating all the plugins for multiple sites (I think I have about 10 of them) did become a repetitive task, so I wrote a little shell script for it. Of course you have to make sure that all the websites can be auto updated, or if there may be a plugin that will break after an update. So only use this if you are certain you just want to go ahead and take a little risk of breaking things.

I added an .auto-update file in each document root of the site I want to update automatically. I changed the owner permissions of .auto-update to root:webuser so that the webuser cannot remove this file, but still I can use this file to determine the owner of the wp-content folders. I need this to change the ownership back to the website owner after updating.

Very simple and easy script, but well, the stackoverflow generation (myself included) just loves to copy ans paste right? ;-)

I put this script in my /root folder with 700 permissions. I didn’t put this in a cronjob, I keep monitoring the e-mails that Wordfence sends me to see if I need to take action.

Clean infected PHP files with sed on linux console

So I had one of my wordpress site infected. All php files were injected with bogus commands. For example, it looked like this

Infected PHP

So now what? I kind of panicked and deactivated all of my sites. Fortunately I could restore most of them because I had clean backups. For some I didn’t (probably the site which was hacked first).

The bogus all looks the same though, so it should be easy to clean this up right? When the panic was over I took some more time to get this job done on the console.

Eventually I came up with this command:

find ./ -name '*.php' -exec sed -i 's/<?php $am.*-1; ?>//' {} \;

I still don’t completely understand what’s going on, because when I try the regexp at regexr I should escape characters like ?. But well, this seems to work for this particular string. You can change it a bit to your needs. It should start with the very first characters of the bogus, $am in my case, then it uses .* to catch all characters in between, and then -1; is the end of the bogus string.

Maybe some day I may need more complex regular expressions, but for now I wanted to make sure that I documented this.

Update: As bob states rightfully in the comments; this is not a method to completely scan all of your PHP files on the server and find all backdoors. This is just a way to remove bogus code that you already identified. The signature changes with every hack, and also other techniques may have been used / planted to create a backdoor.

So this is not meant as a virus scanner command, but just a hint to show how simple injections could be removed.

REST dummy server

I must admit; even for the easiest problems I try google first. Those people at stackoverflow seem to have a solution for everything, right?

So I wanted a dummy rest server that would just serve static JSON. I wanted to take my development home, on my local machine. So I thought I’d just save some output from our API to a file, and then put it in a dummy server. This was probably too easy, Google came up with solutions that were more complicated. So for the lazyweb, I will share my solution with you. You’ll be al set in a few minutes!

I assume you already have a VirtualBox running with your LAMP stack, or maybe xampp, wamp or whatever. I used Apache for my solution.

Create a virtualhost

I must say I had some issues with this new Apache 2.4 thing, not accepting my .htaccess rewrite rules. So here is my virtual host config, so you can copy paste, and adjust it to your needs.

.htaccess

I didn’t put the rewrite rules in the VirtualHost config, but added that to my .htaccess in the documentRoot like this:

index.php

The php parses the requests, and loads the json files from disc. Nothing more to it. You could adjust it a bit and maybe mock some auth tokens as well, but for me that wasn’t required in this phase.

As you can see, the path if being converted to a filename by replacing the slashes with dashes. So now you can easily create json files for every request.

http://api-server.local/node is read from node.json
http://api-server.local/node/11 is read from node_11.json
http://api-server.local/node/11/statistics is read from node_11_statistics.json

You get the picture, right? Now, wasn’t that easy?

Alternatives

Of course there are way smarter, probably better alternatives. I tried the JSON Server, which is really cool, because it can handle the requests by a simple database which you define in json as well. But my problem was that not all our resources did have primary keys (id’s), so I didn’t know how it should handle that. Also you would have to JSON code the (piece) of database, while in my case I could just dump some requests to file.

Also, our API required more levels (e.g. /node/11/stats/12) and I didn’t want to spend a lot of time figuring out how this could be done with JSON Server.

Mock-server also looked pretty awesome, but it would probably also take me too much time to figure out how to install and configure the thing.

I kind of stopped my journey looking for dummy rests servers there, because I then realized I could build one myself pretty easy.

And now you can too, without even having to think about it. That’s what I wanted too.

HP ZBook Dock multicast problems

At work my HP ZBook is fed through a nice thunderbolt docking station. I plugin one cable, and everything is connected: power, monitors, network, etc.

Then we started working on a C# project that uses multicast to communicate. I couldn’t receive any messages. I thought it was a VLAN issue first, so I took my notebook and plugged it in the wall, using the outlet a colleague uses who didn’t have these problems with the same software. Suddenly my communication was working as well. So I ‘proved’ that the problem was the network right?

Wrong.

After hours of switching cables in the patch panels, checking traffic in the logs of the switch, I suddenly realized that by taking my laptop to another location, I wasn’t using the docking station anymore. As it turns out the network port on the docking station seems to have problems with the multicast messages.

I don’t know why, but when I use the network interface on my laptop instead of the one on the docking station, the multicast communication is working fine.

So, save yourself hours of investigating this problem, and check your other ethernet port first ;-)