os – Drogueship 🜨

Category: os

Opening programs from browsers on windows

Posted on August 30, 2024August 30, 2024 by Gus

These days a website that opens an app is pretty common although this feature does not have any kind of user interface or accounting

A uri is the start of a url, for example, https.

mailto:// has been around for as long as the internet for email and call:// since the dawn of smartphones. These uri’s send the address as a parameter (text after the path and file for the app, seperated with spaces) to open the application and it saves you a few clicks

Many applications will show you these parameters by opening it from the terminal with application.exe /? Or application.exe –help

In 2009 while in a helpdesk role, I was told doing this was impossible. So I made a script and some registry entries that opens applications and sends the contents of the link, like the ip address and user name, to be formatted and sent as a parameter to putty, vnc and others.

I made a php/JavaScript intranet site using multiple mysql databases to scan networks and populate the database with ports used and the appropriate links for every client in the region. It was similar to modern managed service providers software for internal use

At the time, Mac and Linux were handling things like ssh and vnc but windows applications had little documentation about how to use it. Most software had to be opened and an address and protocol entered, nothing came with those crucial registry entries.

Now it is a component of most software packages but in the days of Windows XP it was up to the user and now, a majority of them can be handled with winscp and most vnc clients

The real magic happens when you start making your own. Automating tasks that require a command line parameter or address can be a click away with as many parameters as you need

An application or script can be used to proxy to other programs using the same method as these uri’s can be entered anywhere, the address bar, run prompt, bookmark, shortcut or command line. They can even be separated or delimited with a , or _ for even more functionality

I wrote a python script to view and edit them for windows which shows the contents of the registry and allows you to add your own if you have administrator access to the system and backup and restore registry files aswell

https://github.com/drogueship/uri

Nftables examples

Posted on May 23, 2024May 23, 2024 by Gus

These nftables firewall examples are from my previous house and all require ipv4.forward to be enabled in /etc/sysctl.conf as well as runing a dhcp server when plugging into an existing routers WAN port.

This allowed me to use raspberry pi’s and usb network adaptors instead of more permanent hardware

The first and last examples were between the nbn box and the internet service providers supplied router. It ended up with some ipv6 and nftables rules in the final one

There are some port forwards, with a few different conditions explained in the comments

There are rules for a few dodgy packets but this is possibly not the ideal way of doing it all but are provided as samples for those googling the subject, hi

This one was for going between the router and nbn box using a usb network card for the wan connection.

#!/sbin/nft -f

flush ruleset

table ip filter {
# allow all packets sent by the firewall machine itself
       chain output {
              type filter hook output priority 100; policy accept;
       }
# allow LAN to firewall, disallow WAN to firewall
       chain input { type filter hook input priority 0; policy drop;
              iifname “eth0” counter accept comment “accept eth0”
              iifname “eth1” ct state established,related counter accept comment “accept traffic from us”
              iifname “wlan0” counter accept comment “accept wlan0”
              iif lo counter accept comment “accept loopback”
              iif != lo ip daddr 127.0.0.1/8 counter drop comment “drop connections to loopback not coming from loopback”
              ip protocol icmp counter accept comment “accept all ICMP types”
              iifname “eth1” tcp dport 22 counter accept comment “accept SSH”
              counter comment “count dropped packets”
       }
# allow packets from LAN to WAN, and WAN to LAN if LAN initiated the connection
       chain forward {
              type filter hook forward priority 0; policy drop;
              iifname “eth0” oifname “eth1” counter accept comment “eth0 to eth1”
              iifname “eth0” oifname “wlan0” counter accept comment “eth0 to wlan0”
              iifname “eth1” oifname “eth0” ct state related,established counter accept comment “external to eth0”
              counter comment “count dropped packets”
       }
}
table ip nat {
       chain early_packet_filter {
             # prio -150 is before pre routing in nat table and after connection tracking (-200)}
              type filter hook prerouting priority -150; policy accept;
               # drop badly formed packets
               ct state invalid drop
              tcp flags & (fin|syn|rst|ack) != syn ct state new drop
              tcp flags & (fin|syn|rst|psh|ack|urg) == fin|syn|rst|psh|ack|urg drop
         tcp flags & (fin|syn|rst|psh|ack|urg) == 0x0 drop
       tcp flags syn tcp option maxseg size 1-536 drop
        }
chain prerouting {
       type nat hook prerouting priority 0; policy accept;
       # exceptions
        iifname “eth1” tcp dport 23 dnat to 192.168.4.80:22 comment “port forward 23 to router ssh”
        iifname “eth1” tcp dport 443 dnat to 192.168.4.80:443 comment “port forward 443 to router”
}
# for all packets to WAN, after routing, replace source address with primary IP of WAN interface
chain postrouting {
        type nat hook postrouting priority 100; policy accept;
        oifname “eth1” counter masquerade comment “masquerade”
        }
}

butles was using a usb WiFi adaptor for the internet (wlan1) on board WiFi for a gopro network (wlan0) and wired connection to the garages router’s wan port (eth0)

#!/sbin/nft -f

flush ruleset

table ip filter {
        # allow all packets sent by the firewall machine itself
        chain output {
                 type filter hook output priority 100; policy accept;
         }
         # allow LAN to firewall, disallow WAN to firewall
        chain input {
                 type filter hook input priority 0; policy drop;
                 iifname “wlan0” counter accept comment “accept wlan0”
                 iifname “wlan1” ct state established,related counter accept comment “accept traffic from us”
                 iifname “eth0” counter accept comment “accept eth0”
                 iif lo counter accept comment “accept loopback”
                 iif != lo ip daddr 127.0.0.1/8 counter drop comment “drop connections to loopback not coming from loopback”
                 ip protocol icmp counter accept comment “accept all ICMP types”
                 iifname “wlan1” ip saddr 192.168.1.0/24 tcp dport 22 counter accept comment “accept SSH from garage”
                 iifname “wlan1” ip saddr 192.168.1.0/24 tcp dport 5000 counter accept comment “accept OCTOPRINT”
                 iifname “wlan1” ip saddr 192.168.1.0/24 tcp dport 8080 counter accept comment “accept WEBCAM”
                 iifname “wlan1” ip saddr 192.168.2.0/24 tcp dport 24800 counter accept comment “accept SYNERGY from routers wan port”
                 counter comment “count dropped packets”
         }
# allow packets from LAN to WAN, and WAN to LAN if LAN initiated the connection
         chain forward {
                type filter hook forward priority 0; policy drop;
                 iifname “wlan0” oifname “wlan1” counter accept comment “eth0 to wlan1”
                 iifname “eth0” oifname “wlan1” counter accept comment “eth0 to wlan1”
                 iifname “eth0” oifname “wlan0” counter accept comment “eth0 to wlan0”
                 iifname “wlan1” oifname “wlan0” ct state related,established counter accept comment “external to wlan0”
                 iifname “wlan1” oifname “eth0” ct state related,established counter accept comment “external to eth0”
                counter comment “count dropped packets”
         }
}
table ip nat {
         chain early_packet_filter {
                 # prio -150 is before pre routing in nat table and after connection tracking (-200)}
                 type filter hook prerouting priority -150; policy accept;
                 # drop badly formed packets
                 ct state invalid drop
                 tcp flags & (fin|syn|rst|ack) != syn ct state new drop
                 tcp flags & (fin|syn|rst|psh|ack|urg) == fin|syn|rst|psh|ack|urg drop
                 tcp flags & (fin|syn|rst|psh|ack|urg) == 0x0 drop
                 tcp flags syn tcp option maxseg size 1-536 drop
         }
        chain prerouting {
                 type nat hook prerouting priority 0; policy accept;
         }

         # for all packets to WAN, after routing, replace source address with primary IP of WAN interface
         chain postrouting {
                 type nat hook postrouting priority 100; policy accept;
                 oifname “wlan1” counter masquerade comment “masquerade”
         }
}

backup of pppoe nbn. Needed a vlan id and authentication copied from supplied routers admin page. Also includes fail2ban and ipv6

#!/sbin/nft -f

flush ruleset
include “/etc/nftables/fail2ban.conf”

table ip fail2ban {
    chain input {
        type filter hook input priority 100;
    }
}

table ip filter {
    # allow all packets sent by the firewall machine itself
    chain output {
        type filter hook output priority 100; policy accept;
    }

    # allow LAN to firewall, disallow WAN to firewall
    chain input { type filter hook input priority 0; policy drop;
    iifname “eth0” counter accept comment “accept eth0”
    iifname “eth1” counter accept comment “accept eth1”
    iifname “ppp0” ct state established,related counter accept comment “accept traffic back from us”
    #iifname “ppp0” counter accept comment “accept traffic from us”
    iifname “wlan0” counter accept comment “accept wlan0”
    iif lo counter accept comment “accept loopback”
    iif != lo ip daddr 127.0.0.1/8 counter drop comment “drop connections to loopback not coming from loopback”
    ip protocol icmp counter accept comment “accept all ICMP types”
    iifname “ppp0” tcp dport 22 counter accept comment “accept SSH”
    iifname “ppp0” tcp dport 23 counter accept comment “accept SSH to slab”
    iifname “ppp0” tcp dport 443 counter accept comment “accept HTTPS to slab”
    counter comment “count dropped packets”
}
# allow packets from LAN to WAN, and WAN to LAN if LAN initiated the connection
chain forward {
    type filter hook forward priority 0; policy drop;
    iifname “eth0” oifname “ppp0” counter accept comment “eth0 to eth1”
    iifname “eth0” oifname “wlan0” counter accept comment “eth0 to wlan0”
    iifname “ppp0” oifname “eth0” ct state related,established counter accept comment “external to eth0”
    counter comment “count dropped packets”
    }
}
table ip nat {
    chain early_packet_filter {
        # prio -150 is before pre routing in nat table and after connection tracking (-200)}
        type filter hook prerouting priority -150; policy accept;
        # drop badly formed packets
        ct state invalid drop
        tcp flags & (fin|syn|rst|ack) != syn ct state new drop
        tcp flags & (fin|syn|rst|psh|ack|urg) == fin|syn|rst|psh|ack|urg drop
        tcp flags & (fin|syn|rst|psh|ack|urg) == 0x0 drop
        tcp flags syn tcp option maxseg size 1-536 drop
    }
    chain prerouting {
      type nat hook prerouting priority 0; policy accept;
        # exceptions
      iifname “ppp0” tcp dport 23 dnat to 192.168.4.80:22 comment “port forward 23 to router ssh”
        iifname “ppp0” tcp dport 443 dnat to 192.168.4.80:443 comment “port forward 443 to router”
    }

# for all packets to WAN, after routing, replace source address with primary IP of WAN interface
    chain postrouting {
        type nat hook postrouting priority 100; policy accept;
        oifname “ppp0” counter masquerade comment “masquerade”
    }
}

table ip6 firewall {
chain incoming {
    type filter hook input priority 0;

    # established/related connections
    ct state established,related accept

    # invalid connections
    ct state invalid drop

    # loopback interface
    iifname lo accept

    # icmp
    icmpv6 type {echo-request,nd-neighbor-solicit,nd-router-solicit,mld-listener-query} accept

    # drop everything else
    drop
}
}

Winamp Shutdown

Posted on October 13, 2023October 13, 2023 by Gus

Winamp has been bothering me by not closing itself when shutting down or sleeping/hibernating and crashing on resuming after closing the laptop lid

I tried a few variations of Event log monitoring with Task scheduler but all proved unreliable

The solution was found in Group Policy by running taskkill.exe with /IM winamp.exe as a parameter in Computer Configuration > Windows Settings > Scripts (Startup/Shutdown)

if you want to test it, enter

taskkill.exe /IM winamp.exe

into the run prompt or command line while winamp is running. You will find taskkill.exe in c:\windows\system32 if you are ever looking, but since system32 is stored in the PATH variable you don’t have to locate it yourself by default

Self hosted web sites for older browsers with the Raspberry Pi

Posted on March 23, 2023March 23, 2023 by Gus

The modern internet is too much for the old ipad. Secure sites and the latest javascript features render most of the internet unusable

The solution for this was to use self hosted sites to make the early 2000’s versions of safari and chrome usefull again, but it could also be usefull on other devices

Keep in mind you will need a fair bit of storage for kiwix, 53gb for Project Gutenberg ebooks or 78gb for wikipedia with no video’s. There are quite a few sites available that are a lot smaller

Due to limited space on the device, it is nice to have access to music streaming

The following command will add a repository on the pi, enabling you to use apt to grab whatever php modules you need

wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add – echo “deb https://packages.sury.org/php/ buster main” > /etc/apt/sources.list.d/php.list

On the pi zero and pi1 A and B this won’t work, you will need to compile php from source as I couldn’t find a package for ARMv6 architecture

I used mariadb-server-10.0 for older ampache versions to support obsolete features but I did have to edit a few SQL files and replace instances of TYPE= with ENGINE= to get them going

And remember…

Do not host these on the internet. This is for internal use only due to vulnerabilities in old software versions

Windowed Ultima 6 Project, glitch free

Posted on October 3, 2021October 3, 2021 by Gus

We use three displays. Dual screens at the desk and a projector for tv. Running games while watching video on other screens is possible by using windowed mode for games, instead of fullscreen

the struggle for the day was the Ultima 6 Project. It’s a Dungeon Siege mod for one of my favorite childhood games and it looks great.

There were 3 main steps.

Installation instructions for The Ultima 6 Project are at http://u6project.com/wp/?page_id=41

to prevent glitches while drawing the game to the screen in windowed mode

right click DungeonSiege.exe in C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 1
select Properties
Compatibility tab
set Reduced color mode to 16-bit (65536) color

For windowed mode and 1080p resolution, create batch file with the following (single) line

start "" "C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 1\DungeonSiege.exe" map_paths=!"C:\PROGRA~2\TEAMAR~1\U6PROJ~1\RESOUR~1" res_paths="C:\PROGRA~2\TEAMAR~1\U6PROJ~1\RESOUR~1" user_path="C:\PROGRA~2\TEAMAR~1\U6PROJ~1" width=1920 height=1080 fullscreen=false

to make it look nice, create a shortcut to the batch file and set the icon location to

%ProgramFiles(x86)%\Team Archon\U6 Project\U6_Project.ico

open your new shortcut and drag top of window to top of screen to maximize it. You may also want to adjust your volume mixer to match volumes with your video

Enjoy

Writing ISO’s to USB Hard Disks in Windows the wrong way

Posted on April 8, 2020April 8, 2020 by Gus

After creating a hand full of Windows installation USB Drives over the years, I wanted to make a Ubuntu installation USB Hard disk rather than burn the image to a DVD. The main benefit from installing from a USB Hard Disk is the speed the OS installs, it is considerably faster than a DVD installation and older flash drives. Plus you don’t need a working optical drive which isn’t always available.

There are many other ways of writing linux images and all of them are better. The ideal way to do this is using Rufus (https://rufus.ie/) which is much easier to use, gives you more options and is a lot safer to use.

I was feeling difficult and decided to try a different way

First stop was to try Win32Diskimager but it was unable to see USB Hard drives, only SD Cards and Flash Drives

So the next step was to grab a copy of dd, a linux tool that has been ported to Windows (chrysocome.net – download)

Although not very pretty, dd on windows is similar to how you use it on linux, with the exception of the paths for your physical drives and partitions

It is not quicker

It is not better

It is much harder

But it works

Raspberry Pi Radio

Posted on April 8, 2020April 9, 2020 by Gus

Setting up your Raspberry Pi to send music over FM could be used to play the same music in every room of the house and even outside at the same time, rather than just one set of speakers, without the latency of some wifi enabled products.

I chose to control what it is playing with ampache, a web based music player that plays via your internet browser and in our case, it sends it to MPD, a music streaming server. MPD then sends it to PiFmRds to send it over the airwaves.

This can’t really be followed as a tutorial without some prior knowledge but I thought I would give you the idea of what is involved in setting up a short range FM radio station. if you do pop an antenna on it (which you shouldn’t for legal reasons) it will not go much further than the walls of your house with a 10cm wire. With a newer radio, it can broadcast a station name and some scrolling text with your audio.

If you are using the 3.5mm headphone jack for your speakers on your pi at the moment, you are going to have a bad time. When PiFmRds broadcasts you will hear an incredibly loud squeal from your pi’s speakers regardless of your volume and overclocking the speed of your pi will make it worse. So only use your HDMI audio as your normal audio output

When you are not playing music the radio will stop transmitting so you will hear static again so make sure you create a nice long queue of music.

Due to Youtube being a spoil sport when it comes to playing music in your video’s here is the volume turned down and the sound of… I have no idea what that sound is.

The white wires connect red for the antenna on the right (GPIO4) and black for ground on the left (ground is not required for transmitting over the air)

This should not be your first project, it could inspire one or be picked apart but be warned, this won’t make sense to everyone

Use the instructions on the following link to Install PiFmRds

https://github.com/ChristopheJacquet/PiFmRds

Ideally you want to type

sudo apt install ampache mpd

but I gave up trying to get ampache to install with apt on my pi 4 due to a dependency issue with raspbian at my end so I used the next command instead and then installed the rest manually by downloading the latest version from http://ampache.org/

sudo apt install mpd apache2 mariadb-server mariadb-client php php-common php-mysql php-curl php-xml composer php-gd ffmpeg

It will ask you to set a password for mariadb, you will need it in a second when you run the following command to turn off insecure options in the database server

mysql_secure_installation

The web server will need AllowOverride All turned on to allow ampache to access your music collection so you don’t have to put it in your web servers root folder. They do this so people can’t download it all of your music without logging in using a couple of .htaccess files

put the contents of the zip file you downloaded in /var/www/html and enter your pi’s IP address into your browser to start setting it up

Enter your databases root password and tick Create a database user with the bottom tickbox. Don’t stress too much about the username and password for the ampache user, you won’t be using it. it is for ampache to talk to the database behind the scenes.

At the end of the process, it will create a conf file and a couple of .htaccess files that you will need to download and put into the appropriate folders but keep in mind you might have to rename them. For example downloading all of them, files like htaccess(2) will have to be renamed to .htaccess again.

Next you need to open your new ampache site and add a localplay instance so ampache knows how to talk to mpd. by default, mpd doesn’t use a password

Then add some music

At this stage you could use the web player in the drop down box, up in the top right corner to test everything so far. When its all running, it will transmit using localplay. You can do local play to FM and web players at the same time

comment out the ALSA output

and add the following at the end of your outputs (you can only have one output)

audio_output {
type "pipe"
name "PiFm"
command "sudo sh /home/pi/piradio.sh"
format "44100:32:2"
}

the piradio.sh script that it runs contains one big line that pipes mpd’s output as a WAV file to PiFmRds

sox -t raw -b 32 -c 2 -r 44100 -e signed-integer - -t wav -b 32 -c 2 -r 44100 - | sudo /home/pi/PiFmRds/src/pi_fm_rds -ctl /home/pi/rds_ctl -freq 88.0 -ps RPi-Live -rt "Streaming from a Raspberry Pi" -audio -

Thats it!

Winamp 5.∞ and R4 visualization on Windows 10 – Part 2

Posted on February 12, 2020April 5, 2020 by Gus

I recently posted about script notifications on Winamp’s R4 plugin but didn’t give many details on how it was done so I thought I would post a little more information about how to get it going.

Once you have enabled network access to R4 (and changed permissions on windows 10), you have control over R4 via the network in a browser

Now you can send text to R4 using GET variables over HTTP. The contents of the “txt” variable will be displayed on screen or if you select the countdown option, it will count down to 0 from whatever number you enter. The display can only handle 250 characters so when using the countdown option, there is a limit to the size of the number and it will ignore numbers too big

I made a simple HTML page for testing, using code from R4’s web interface for trying things out

This may not interest many people but I thought I would follow though for the people that do. As a notification system, it’s really not that fantastic. Those who run visualizations rarely stare at the screen for long enough to see the messages although a loop that repeats a message untill it has been acknowledged is possible. Also without HTTP Authentication it is not an ideal solution for people with other users on the network or public access. As a pleasant looking way of outputting text on the screen, it does its job. Although I think this is cool, even with the fact that I rarely use it, it still works well enough to document in case someone is interested.

Donating to Wikipedia with Brave browser

Posted on February 11, 2020April 5, 2020 by Gus

Brave is a relatively new browser that is focused on privacy, security and speed. One thing it also does well is distributing advertising revenue with cryptocurrency.

www.brave.com

When you opt into displaying advertisements, you get a cut of what the advertisers pay to display the ad. The revenue comes in the form of BAT cryptocurrency. The only catch is, while blocking ads in your web pages, they come as notifications on your phone to earn you money.

The trick is to silence the notifications in your android settings and harvest all that crypto goodness.

Once you have gathered some BAT over time, you can send it as a tip to verified sites. Wikipedia is onboard and sending them money that takes no effort to accumulate gives a little bit back to the internet.

It only takes a day or so to accumulate a BAT coin. I use the browser as my default and check in on my balance every month or so. After setting it up there is little to no upkeep to send wikipedia about few bucks a month.

The experience on Windows, for me, was garbage. The notifications are just annoying and can’t be silenced without breaking the process but if you find a way let me know!

Winamp 5.∞ and R4 visualization on Windows 10

Posted on December 27, 2019December 27, 2019 by Gus

Winamp was taking a little too long to release an update for version 5 for some. It was leaked and in good form the people working on it cleaned it up and released 5.∞

It is what you would expect from a Winamp release, the features of winamp 2 and 3 mashed together. That is why they skipped Winamp 4 to bring us this, the culmination of the two major releases and I suppose it was worth it.

Trivia question for this post is, why did they skip Windows 9? The answer is at the end of this post.

So why do we care about R4? Well for home users, it just looks cool. You can adjust frame rates and resolutions, visualizations and effects. My favorite thing is being able to do text overlays for script notifications using the web front end and it just looks great. For commercial users who buy a licence you could announce promotions, news or updates on products while playing music without the need for a video feed.

The downside for me was that the R4 experience is broken in Windows 10. Mainly due to permissions. People with UAC turned off are not effected but there is a simple workaround for getting this going without making too much of a mess.

R4 wouldn’t even load without being able to write to a log file in the data folder and was unable to save any changes in the session without write access to this folder so the quickest and easiest solution was just to give users full control of the folder.

Have fun, play safe and if you want to call Windows versions 95 and 98, make sure your condition for checking the version doesn’t start with a 9!

http://www.winamp.com/
https://www.rabidhamster.org/R4/download.php