ThinkPad X1 Carbon Gen 6 BIOS Update

Posted by Dave Eddy on Sep 09 2018 - tags: tech

I purchased the ThinkPad X1 Carbon (6th Gen) laptop over a month ago and have been happily using Void Linux on it for the last couple of weeks or so. The battery on this thing is absolutely amazing - without any tuning specifically for the battery itself, I can get really great battery life.

I posted about my install on reddit and was asked specifically about the power usage. I said:

I keep firefox with ~15 tabs open and have a couple terminal windows open - that’s my daily workflow, and I can get like 8 full hours on this laptop! Sleeping however is a nightmare. It doesn’t support s3 out of the box and I have yet to try this patch to enable deep sleep - i’ll report back when I do. When the laptop is suspended it’ll last about 48 hours before it is completely dead (WHICH IS TERRIBLE).

However, my friend Mike showed me this tweet showing that the latest ThinkPad BIOS update added support for better sleeping on Linux! I really wanted better battery life when sleeping, so I jumped into trying to update it as fast as I possibly could - and in that process, I learned a lot and failed pretty hard at first. This is my journey into getting a good nights sleep on my ThinkPad with Linux.

Read More...


Encrypted Void Linux Install on my ThinkPad X1 Carbon

Posted by Dave Eddy on Sep 05 2018 - tags: tech

I purchased the ThinkPad X1 Carbon (6th Gen) laptop about a month ago and have been loving it. My friend Mike convinced me to get it after showing me how nice his was and how well Linux ran on it. I hadn’t run Linux on a laptop or a desktop since around 2010, as I had switched over to almost exclusively OS X.

I installed Manjaro when I got the laptop and used it for a couple of weeks just to get used to Linux again (and the i3 Window Manager). However, this was also my first experience with systemd, and, after using it for a bit, I really wanted something a whole lot simpler. Something that was designed to be lean, easy to understand, and easy to manage.

Enter Void Linux.

</img>

To install Void Linux, I basically copied the steps in this wiki page:

https://wiki.voidlinux.eu/Manual_install_w/full_disk_encryption

with the modifications at the bottom for EFI/UEFI machines.

Read More...


In Honor of Terry Davis and TempleOS

Posted by Dave Eddy on Sep 04 2018 - tags: tech

https://www.youtube.com/watch?v=oY33uoBSw3w

TempleOS is an engineering marvel and Terry A. Davis was an inspiration to a lot of people out there including myself. I made this cover as a way to honor him and his legacy and provide support for anybody out there who is dealing with this tragic loss.

This hymn is one of my personal favorites. It is commonly used as the introduction song for most videos by Terry about TempleOS - albeit it in a more MIDI like sound played directly by the PC speaker.

I made a more upbeat version of this song last year, though it wasn’t personally enjoyed by Terry himself.

https://www.youtube.com/watch?v=IdYMA6hY_74

RIP Terry


Block Tracking Sites With dnsmasq

Posted by Dave Eddy on Jul 19 2018 - tags: tech

Around five years ago I started looking into different ways to block ads and trackers in the most effective way on my computers. I discovered this hosts list on someonewhocares.org and even wrote a script to automate the process of downloading, verifying, and installing the list on my machines.

https://github.com/bahamas10/someonewhocares

I recently got back into it when I was setting up Encrypted DNS with dnsmasq and dnscrypt-proxy on SmartOS using OpenNIC. I stumbled across the Pi-hole project and really liked it, however I didn’t want to run a raspberry pi in my house as part of any critical infrastructure. Instead, I took the essence of that project and found a compiled blocklist to use with my existing dnsmasq setup to block these sites at the DNS level.

notracking

I found notracking/hosts-blocklists which is an automatically updating block list compiled from multiple sources compatible with dnsmasq. I created my own set of scripts to download the latest blocklists from GitHub, verify them, and install them for use with dnsmasq, and finally restart dnsmasq so it picks up the changes.

https://github.com/bahamas10/notracking

I installed this on my nameserver zones with:

Read More...


Nginx Return Remote IP Address

Posted by Dave Eddy on Jul 17 2018 - tags: tech

The nginx server that hosts this website can now return your current IP address if you hit the url /ip.

https://www.daveeddy.com/ip

I have an alias in my bashrc to quickly use this to get my current external IP.

$ type externalip
externalip is aliased to `curl -sS https://www.daveeddy.com/ip'
$ externalip
1.2.3.4

To set this up, I modified my nginx config to add a location section for /ip

I basically ripped off this stackoverflow post but modified it to only match the single URL.

location =/ip {
        default_type text/plain;
        return 200 "$remote_addr\n";
}

location / {
        root /var/www/daveeddy.com;
}

Encrypted DNS with dnsmasq and dnscrypt-proxy on SmartOS

Posted by Dave Eddy on Jul 07 2018 - tags: tech

For the last 3 years I have been using djbdns on SmartOS and it has all been working great. Recently however, I started looking into DNSSEC and DNSCrypt, which ended up leading me to the OpenNIC Project.

I decided to change my home DNS server setup to forward OpenNIC DNS servers over an encrypted channel as opposed to using OpenDNS like I did with djbdns.

To set this up, I have a zone with dnsmasq and dnscrypt-proxy running

  • dnsmasq - listens globally on port 53 for incoming DNS requests, answers local domain DNS requests for my network, and forwards the rest to dnscrypt-proxy
  • dnscrypt-proxy - listens locally on port 5300 for incoming DNS requests from dnsmasq and forwards them securely to an OpenNIC DNS server

Install

To start, install dnsmasq with the following command:

pkgin in dnsmasq

Installing dnscrypt-proxy requires a little bit more work as it is currently not in pkgsrc. To install it, we need to pull in some dependencies.

Read More...


OpenVPN Server Setup With Easy-RSA on SmartOS

Posted by Dave Eddy on Jul 05 2018 - tags: tech

At home I have a zone dedicated to running an OpenVPN server. With this I can connect to my home network securely on both my laptop and phone when I’m away.

I followed this guide for getting the zone ready to route properly for OpenVPN, and then used Easy-RSA to generate the certificates needed.

Zone Setup

To get started, make sure the zone is created with allow_ip_spoofing enabled on the NIC of the zone. I used a payload similar to this to create the vpn zone.

{
  "brand": "joyent",
  "image_uuid": "221635c4-3b85-11e8-b6ba-23f68c9bf2c4",
  "autoboot": true,
  "alias": "vpn",
  "hostname": "vpn.rapture.com",
  "dns_domain": "rapture.com",
  "resolvers": [
    "10.0.1.2",
    "10.0.1.3"
  ],
  "ram": 512,
  "nics": [
    {
      "nic_tag": "admin",
      "ip": "10.0.1.41",
      "allow_ip_spoofing": true,
      "netmask": "255.255.255.0",
      "gateway": "10.0.1.1",
      "primary": true
    }
  ]
}

Read More...


DHCPD New Lease Notifier

Posted by Dave Eddy on Apr 12 2018 - tags: tech

Three years ago I set up SmartOS as a Home Router which required creating a zone specifically for handling DHCP requests on my network. As part of wanting to have more visibility into my network, I wrote a program to notify me whenever a new DHCP lease was given out by the server.

https://github.com/bahamas10/node-dhcpd-notifier

dhcpd-pushover

Read More...


Persistent ssh-agent on Bash on Ubuntu on Windows

Posted by Dave Eddy on Oct 18 2017 - tags: tech

After installing Bash on Ubuntu on Windows I realized some interesting side effects related to how processes and daemons in the Unix environment are handled. Running a process in the background, or daemonizing a process, will work so long as there is a Bash session open on Windows. Once the last window is closed, all of the processes are cleaned up and killed.

I use ssh keys for authentication when connecting to remote servers which requires the use of ssh-agent. I can run this program manually and it will work so long as there is at least one bash session running on my computer, but once I close the last window the ssh-agent is killed and my keys are unloaded. I’ve found a couple guides online regarding ssh-agent and WSL specifically, but most of them assume the keys you are using are not password protected.

To remedy this situation, I managed to find a way to create a hidden terminal session that runs ssh-agent in foreground mode when I login to my computer which persists through sleeps and hibernations. This way, ssh-agent will run and stay running from the moment I login until the moment I logout (which is almost never, unless I reboot).

Read More...


Install Bash on Ubuntu on Windows

Posted by Dave Eddy on Oct 17 2017 - tags: tech

Last week I made a big change in my life. In 2008, I switched off of using Windows (and even Linux) as my main Operating System for my laptop and haven’t looked back… until this year. Last week I finally made the jump and bought a Microsoft Surface Pro.

surface

I wanted something like an iPad, but that didn’t feel like a crippled version of a computer. Instead, I wanted something that was a powerful computer that could double as a tablet (touchscreen and removable keyboard mostly).

Note: Some, if not all, of this guide may be deprecated with the release of the Windows 10 Fall Creators Update in 2017.

Read More...