Remote reboot over IPC

Rebooting remote systems can normally be done using ' shutdown /i ' however this runs in your locally logged in user context.

So what if you want to use a username and password that is not understood by your local system. I came across that issue today and the solution is quite simple ... but you have to know it can be done.

first establish a IPC connection to the target system

NET USE \\<TargetSystemIP/Name>\IPC$ <UserPassword> /USER:<Domain>\<UserName>

then issue the reboot command via that

shutdown /r /t 3 /c " <comment for reboot> " /m \\<TargetSystemIP/Name>

wait a moment and the target system will reboot

Azue MFA web SDK, server 2008R2 and TLS 1.0

In my last post I mentioned that IIS remote manager does not work if you turn off TLS 1.0.

Well now I've found another, the azure MFA WebSDK and MAF mobile app server both need TLS 1.0 to make them work.

Ref https://azure.microsoft.com/en-gb/documentation/articles/multi-factor-authentication-get-started-server-webservice/

note how MS say nothing about TLS 1.0 being needed on the install page, however it turns out you have to keep both client and server TLS 1.0 protocols enabled on the servers to make it work.

I'm not sure if this is the problem with MFA affects server 2012 R2 as well, but given that the IIS remote manger bug affects all IIS versions up to 8.5 at a minimum I would not be surprised if it did.

IIS remote managment and TLS restrictions

Recently I came across a strange problem with IIS remote management and TLS/SSL protocol restriction.

I was setting up some IIS servers for use with Microsoft Azure MFA and thus after the basic setup was done I looked to hardening the web interface (well it is for an authentication system) so I turned off all the SSL protocols and also TLS1.0 as they have known vulnerability.

That done I moved on to other tasks and never tried to access the systems via IIS remote manager, until a few days back, when I wanted to check some settings on the MFA webSDK web app I had just added to the systems (note the servers run 2008R2 core thus have no GUI IIS manager on them).

As you can imagine I was some what perplexed that the IIS remote manager would not connect. RDP, powershell, remote mmc connections all worked so why did IIS manager not ?

After quite a lot of searching and getting the correct search terms in line, I found this forum thread.

http://forums.iis.net/t/1230207.aspx?IIS+8+5+Management+Services+and+disabling+TLS+1+0

and it turns out that disabling TLS1.0 breaks IIS remote management, so if you ever get a message like

The underlying connection was closed: An unexpected error occurred

then it may be an idea to check what TLS options are enabled on the server you are trying to connect to.

Docker on Windows 10

So on the docker site it says that windows 10 is not supported(link), however you can still get it to run, you just need a few apps/settings first.

Software

Virtual box test build
(https://www.virtualbox.org/wiki/Testbuilds)
Virtual box expansion pack (http://download.virtualbox.org/virtualbox/5.0.2/Oracle_VM_VirtualBox_Extension_Pack-5.0.2-102096.vbox-extpack)
Docker Tool box
(https://www.docker.com/toolbox)

Install process
> Install the latest VirtualBox (I used 5.0.x revision 102010)
> Install the expansion pack for VirtualBox
> Install Docker Tool box, ensuring to un-check the install VirtualBox option (you already installed the win 10 working one)

Then just run the 'Kitematic (Alpha)' (more on why not to use 'Docker Quickstart Terminal' later). If the Kitematic app reports it can't connect to the VM then more likely than not the docker VM did not start as it should have (this happened to me).

If so open VirtualBox and double click on the 'default' docker VM to bring up the management frame for it, more likely than not you will get an error about like  "VT-x/AMD-V hardware acceleration is not available on your system. Certain guests (e.g. OS/2 and QNX) require this feature and will fail to boot without it."

This happens when VirtualBox can't use the hardware virtualization capabilities of the host system, most systems have either VT-x or AMD-V, you can check this by looking on the 'performance' tab of the task manager if you see 'enabled' next to you have the needed hardware.

In my case it was Microsoft Hyper-V that was holding on to the VT-x resource so I un-installed the Hyper-V platform module from my system, rebooted then VirtualBox worked fine with full VT-x functions available.

Further info regarding how to setup a shell (ps or cmd) to interact with docker can be found here or you can just run 'Kitematic (Alpha)' and then have it spawn a configured powershell interface for you, it can even spin-up the VM for you as well and I recommend you do created the VM via Kitematic as it seems to do a better job at sorting out connection certs then the 'Docker Quickstart Terminal'

Finally what how-to document would be complete without a 'proof of working state' image so here you go

ComputerCraft - lua tables

So recently I started looking into ComputerCraft (a Minecraft mod) and thus had to start learning lua code.

The first problem I came across was with tables, more specifically inserting extra values into them.
 eg
local caches = {}

caches.insert(caches,v)

where v was a value from a loop I had the program iterating through

however I kept getting the error  "attempt to call nil"

so.. what was I doing wrong?

The example was basing the code off was

local Table = {"One"}
table.insert(Table, "Three")

things learned were

1> Instantiated variables do not take on the properties of their type (un-like some other languages)
2> lua is fully case sensitive throughout

so the solution to all the problems was ... that 'table' was a base function, not an instantiated variable having a function of insert()

so changing ' caches.insert(caches,v) ' to 'table.insert(caches,v)' fixed the problem

Raspberry pi + PiTFT Mini Kit - 320x240 2.8" TFT+Touchscreen

After some research and some help from notro, I'v finally gotten my raspberry pi up and running fully with the Adafruit PiTFT Mini Kit, using notro's 3.12.21+ #1 PREEMPT kernel.

This means that I have full support for the wifi chips I needed to use and really early activation of the fbtft screen (good for seeing if there are any boot time errors).

In the end i used the following process.
(note some extracts taken verbatim from notro's site)

Install rpi-update

rpi-update is used to install this kernel.
It must have REPO_URI support (auto updating doesn't work, since it overwrites the REPO_URI variable):

sudo wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update -O /usr/bin/rpi-update && sudo chmod +x /usr/bin/rpi-update

Raspian: Remember to expand the filesystem if you haven't done so

sudo raspi-config

Raspian: Remember to enable SPI if needed

# remove or comment out the spi blacklist line
sudo nano /etc/modprobe.d/raspi-blacklist.conf

Install the kernel

FBTFT drivers built into the kernel proper

sudo REPO_URI=https://github.com/notro/rpi-firmware BRANCH=builtin rpi-update
sudo reboot

Enable modules to drive the screen hardware

edit /etc/modules
and  add/uncoment the following lines

spi-bcm2708
i2c-bcm2708 
i2c-dev
stmpe_device cs=1 chip=stmpe610 blocks=gpio,ts irq-pullup irq-gpio=24 irq-base=330 sample-time=4 mod-12b=1 ref-sel=0 adc-freq=2 ave-ctrl=3 touch-det-delay=4 settling=2 fraction-z=7 i-drive=0
gpio_backlight_device gpio=252

edit /boot/cmdline.txt
and add the following 

fbtft_device.name=pitft fbtft_device.rotate=270 fbtft_device.speed=48000000 fbtft_device.fps=50 fbtft_device.debug=0 fbtft_device.verbose=0 fbcon=map:10 fbcon=font:8x8

Configure touchscreen
this can be done by using the Adafruit guide at their site so I won't reiterate it here.

Controlling the backlight

# Turn off backlight
echo 1 | sudo tee /sys/class/backlight/*/bl_power

# Turn on backlight
echo 0 | sudo tee /sys/class/backlight/*/bl_power

Brightness is currently not supported (need a kernel PWM driver for the Raspberry Pi).

Reference: http://www.mjmwired.net/kernel/Documentation/ABI/stable/sysfs-class-backlight

Backlight control outside of FBTFT

Wiring Pi can be used to dim the backlight.

gpio -g mode 18 pwm 
gpio -g pwm 18 1023

----------------------------

and that's it.
hopefully this will give you the necessary pointers to get this up and running for yourself

Raspberry pi time on screen

Ever wanted to have the time show on the console all the time?
Well there's an easy way to do it.

just edit

/etc/kbd/config

and enable

DO_VCSTIME

at the end of the file