Your cart is currently empty!
Author: jitdor
-
Upgrading VMware ESXi via ESXCLI
We can upgrade our existing ESXi host using the command line. I would recommend doing it over SSH since it would allow better cut-and-paste operations, but the web prompt would work equally well.
The latest version at the time of writing is 8.0U1a, which is identified by the image name
ESXi-8.0U1a-21813344. The commands to upgrade your ESXi host using the standard profile would therefore be:esxcli network firewall ruleset set -e true -r httpClient esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-8.0U1a-21813344-standardAfter a few minutes, the command line upgrade will show “The update completed successfully.” You will also see the recommended action “Reboot Required: true” being displayed.
-
Fix: NO_PUBKEY error when installing ookla/speedtest-cli on Debian 11
You’re here probably because you tried to use install the official Ookla Speedtest client in Linux, and failed. When you do an
apt updateyou will be presented with the following error:W: GPG error: https://packagecloud.io/ookla/speedtest-cli/debian bullseye InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8E61C2AB9A6D1557 E: The repository 'https://packagecloud.io/ookla/speedtest-cli/debian bullseye InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default.This happens because, unfortunately, the installation script did not put the public cert that is used to verify the signature of the repository at the correct place, when you’re running Debian Bullseye.
To fix this issue, first create an empty folder (if it isn’t already there), and make sure it has read and execute access for everyone and also write access for the owner (aka 0755):
mkdir -p /etc/apt/keyrings chmod 755 /etc/apt/keyringsThen add the GPG public key to the newly-created folder:
curl -fsSL https://packagecloud.io/ookla/speedtest-cli/gpgkey | gpg --dearmor > /etc/apt/keyrings/ookla_speedtest-cli-archive-keyring.gpgNote that
/etc/apt/keyrings/ookla_speedtest-cli-archive-keyring.gpgis actually specified in the repository file,/etc/apt/sources.list.d/ookla_speedtest-cli.list. If you have saved the .gpg file in a different name, be sure to also modify the references in the .list file. -
CoinTickr Setup Guide
Finally received my Kickstarter-backed CoinTickr, onlyt to realize it doesn’t come with a user manual, even though the packaging clearly states otherwise. The QR code teleports you to the cointickr.io site, with no sight of setup instructions besides a ton of marketing stuff on its Indiegogo campaign right now, which is lame.
Fortunately, for someone with an immense number of IoT devices, it ain’t rocket science to figure it out. I’m putting together a quick guide so that you can get yours up and running in a jiffy.
Nope, that User Manual bullet point is a blatant lie - If you see BTC/USDT 88,888, the device should already be broadcasting a Wi-Fi network named Coinstats. It is a 2.4Ghz network that can be joined without password. Get on that network with your mobile device or laptop. If you are not seeing this network, try a different device, or long press the top button on the CoinTickr to enter configuration mode. If you are using your mobile phone, it would help to temporarily disable your mobile internet.
- You should be assigned an IP from the
10.10.0.0/24subnet. Your device is likely to prompt you “no internet”, which is ok. - Fire up your browser of choice, and key in http://10.10.0.2 in the address bar.
- You will be presented with the admin page.
- Pick your Wi-Fi network from the list (2.4Ghz only!) and supply the password. Key in the coin/fiat pair and hit the Save Changes button.
- You’re all set!
- The Coinstats Wi-Fi will be disabled at this point and if you want to update the settings in the future, simply long-press the top button and repeat step 3-5.
-
HEVC Video Extensions for Windows 11, free from Microsoft Store
If you have installed a fresh copy of Windows and attempted to play an H.265-encoded 4K UHD movie file, chances are you will be prompted to purchase this HEVC extension for S$1.50.
However, there is actually a free version of this extension that is not searchable from the Microsoft Store.
You’re welcome.
-
Setting up Cloudflared, the DNS-over-HTTPS client, the correct way
DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol, which prevents eavesdropping and manipulation of DNS data by man-in-the-middle attacks by employing HTTPS encryptions between the DoH client and the DoH-based DNS resolver. At the time of writing, the official guide at Cloudflare is broken, as the
cloudflared service installcommand would fail to complete. This article walks you through the process of setting up DoH on your Debian 10 system. -
Building the latest Windows 10 Enterprise VL USB installer from scratch
If you are a Microsoft Volume License customer, the usual channel for obtaining creating a bootable USB for OS installation is to obtain the ISO images via the Volume License Service Center (VLSC) or Microsoft Business Center (MBC), and then using tools such as Rufus or the good old Windows USB/DVD Download Tool to write the ISO to USB. However, there exist situations whereby you can’t get hold of the ISO in a timely fashion, such as when the person with the download rights went on leave, or that a new release is not yet available for download. In this article, I’ll show you how you can build a bootable USB drive with the latest Windows 10 Enterprise release from scratch with just the Media Creation Tool from Microsoft.
(more…) -
Safely upgrade from Debian 9 to Debian 10
It is jarring when you come across VPS providers in mid-2020 and they only provide up to Debian 9 (or Debian 8) for the OS image. Fortunately, it can be easily upgraded via a few commands, as depicted in this article.
(more…) -
HAProxy as a TCP reverse proxy with DDNS target discovery and load balancing
HAProxy is an excellent tool for forwarding or load-balancing TCP traffic. It is far more memory-efficient than
socatand offers a persistent configuration between reboots, but without requiringnet.ipv4.ip_forwardto be enabled. Compared to NGINX, HAProxy offers a more comprehensive and user-friendly status page with far more metrics, which can be easily integrated with third-party monitoring services. -
A Cloudflare DDNS script that uses an API Token instead of your Global API Key
I have been using this simple bash script for a while for my DDNS needs. It is simple enough for quick deployment, and gets the job done. That is until Caddy2’s Cloudflare DNS provider moves away from Global API Key to API Token for the API access. This prompted me to rethink the security implications of using that script.
The Global API Key basically allows for *ALL* access to your entire Cloudflare account, which includes making changes to other domains under your account as well as your account settings. And this key is stored as plain-text within the script, to be placed on a server which you don’t have physical access — sounds a lot like the perfect recipe for a security nightmare. An API Token, on the other hand, is created with specific permissions. You can, for instance, create a Token that only has the permission to make changes to a specific domain, without the ability to add or delete anything.
-
Get Caddy 2.0 now with Cloudflare DNS Provider module for automatic TLS
Caddy 2.0 has finally entered GA since about a day ago, after three Release Candidates which I didn’t use. So now is high time to upgrade all our production servers to the latest and greatest version, because those 1.0.4 installation works really well and life is too boring when everything just works, we need to spice things up a little.
For Debian/Ubuntu distros, Caddy 2 now has an official repository at
apt.fury.io/caddy/which you can add to APT sources and then install it via apt install caddy. However, unlike the slickcurlmethod in Caddy 1.x, it is no longer possible to include modules on-the-fly upon installation. If you need the popular Cloudflare DNS TLS Provider module to be included in Caddy 2, the only option at this point is to build it from source.