Mostly work related stuff which I would've entered into my "Log book". Instead of hosting it on an intranet site, outsourcing the hosting to blogger!
Sunday, January 29, 2023
quality loss when converting "warpings" with OCVWarp
Friday, January 27, 2023
using a VPN for faster downloads without ISP throttling
FTP downloads on our 100 Mbps BSNL fiber averaged at around 10 Mbps when downloading from Fiske planetarium's server in Colorado. First I tried setting up OpenVPN to one of our Azure servers, and when that setup did not go according to plan, I tried ProtonVPN's free plan.
Using a free server in the US, FTP traffic tunneled through ProtonVPN went at around 30 Mbps on average, touching 40-48 Mbps occasionally.
Going back to the OpenVPN setup - I went through this webinar on OpenVPN for ZTNA where there is a mention of how to tunnel certain specific domains through OpenVPN - tried it, but instead of specifying only Fiske's server, I tried it with the Split Tunnel Off for a particular user I created. The IP address was being shown as our Azure machine's IP address, but there was not much of a speed improvement - rather, there was the issue of FTP not going through at all. This might have been due to some PASV mode setting etc, but I didn't try troubleshooting since ProtonVPN was sufficient for my needs.
Detailed setup:
ProtonVPN setup was relatively easy. Just create the free account, download the GUI client, and click to start.
OpenVPN cloud setup was more complicated. I wanted to explore some of its features, so I tried various options. The setup steps were mostly as per
https://openvpn.net/cloud-vpn/quick-start/
https://openvpn.net/cloud-docs/user-guide-protecting-your-users-and-your-network-using-cyber-shield/
But instead of a Linux internet gateway, I was using our Azure server running Windows. For setting up connectors and users, some hiccups were caused due to the following points.
- For the Internet gateway setup, there is a "Deploy connector" option leading to the download of the common Windows connector (which creates a TAP network adapter etc). But when connecting with that connector, we should first download the profile file - which is also available in the Deploy connector drop-down - and use that profile for the connector. That is the correct profile for an internet gateway.
- When creating users, we need to manually set a temporary password, then view that temporary password if we're creating a user without an optional email linked to it. On first login, the temporary password needs to be changed.
- The OpenVPN Cloud free plan has unlimited data and we can create a large number of users, but is limited to 3 concurrent connections.
Tuesday, January 24, 2023
resize iframe automatically
That did not work, so tried going with width=100% height=25%
html - How do you give iframe 100% height - Stack Overflow
Current code has something like
<iframe width="100%" style="height: 75vh;"
etc. A bit ugly, and crops content which resizes automatically on mobile, but that will do for now.
backing up mysql databases to google shared drive
Following the unixcraft script, also seen on github, implemented a weekly backup for some of our mysql databases.
# 05 0 * * Sun /path/to/script.sh
as root.
Edit: The reason for the issue below was different. Explained in a separate post here.
When I added an rclone move line after the backup line to the script, it was moving incomplete 20 kB files to the shared google drive. So, am running the rclone move as a separate script after half an hour,
# 35 0 * * Sun /path/to/script.sh
which has lines similar to
MBD="$DEST/mysql"
rclone --config "/home/ouruser/.config/rclone/rclone.conf" move $MBD/ gshareddrive:/
The database dump takes only a couple of minutes, so the half an hour gap is more than sufficient.
Some things to remember about using this script:
- If we're defining only a few databases to be backed up, like
# Store list of databases
DBS="db1 db2"
then we need to disable/comment out the DBS= line which appears later,
#DBS="$($MYSQL -u $MyUSER -h $MyHOST -p$MyPASS -Bse 'show databases')" - As seen above, the list of databases (or those to be ignored, in the IGGY variable) are to be entered separated by spaces.
- The script changes the directory permissions for security, so it is meant to be run as root. Otherwise, we will find that it could not write the files (if run as an unprivileged user).
- Edit: Have to provide hard-coded full path to MYSQLDUMP - see this post.
Bitnami mysql VM disk usage - disable binlog
Found that the disk utilization for one of our database servers was 83%. Checking with df -h and du -sh, found that the directory with most data usage was
/bitnami/mysql/data$ sudo du -sh *
192K #ib_16384_0.dblwr
8.2M #ib_16384_1.dblwr
676K #innodb_temp
4.0K auto.cnf
1.1G binlog.000867
1.1G binlog.000868
1.1G binlog.000869
1.1G binlog.000870
1.1G binlog.000871
1.1G binlog.000872
1.1G binlog.000873
1000M binlog.000874
1.1G binlog.000875
So, these binary logs were taking up all the space, when the actual database itself was only less than a GB. Followed this to disable binary logging - How to Disable Binary Logging in MySQL on Bitnami servers? (supportsages.com)
sudo /opt/bitnami/ctlscript.sh stop mysql
sudo nano /opt/bitnami/mysql/conf/my.conf
and added the disable line after
[mysqld]
disable_log_bin
sudo /opt/bitnami/ctlscript.sh start mysql
Waited for some days, but the bin logs were not getting auto deleted. So, manually deleted them and did a restart of mysql with
sudo /opt/bitnami/ctlscript.sh restart
Now the disk is only 30% used.
Monday, January 23, 2023
file not found error on Google Apps Script Drive API for files on shared drives - workaround
Failing to get a file in Google Apps Script using the Drive API - Stack Overflow
So, we must add a parameter to the Drive API call, instead of just the file id,
Drive.Files.get('111111FileIDxxxxxxxxxxx', {supportsAllDrives: true});
Moodle course slow to load
An issue with one of our Moodle instances - one of the courses was loading very slowly in Edit Mode, and was timing out. Another issue - the question bank was not loading at all.
1. Question bank issue - The database table prefix_question_statistics showed a(n abnormally?) high number of entries - that table alone is 49 MB, with more being added every day. Apparently that was the issue. Statistics was disabled for the question bank, and the question bank started loading again.
Moodle in English: Very large course takes a minute to load unless "editing" is on
" It's almost always because somebody is trying to build the learning material on the course page itself rather than in activities/resources "behind" the page. There's nothing wrong with that, of course, but it's does have an effect.
We had a course with 120 videos embedded in labels on the course page. It took 10 minutes plus to load - even on a good connection."
So, probably not a good idea to embed all your content on the course page itself, they should be "activities/resources behind the page".
Also, another person says:
"To track down the culprit I usually switch to one section per page. With one section per page, only the content for that pages loads, so some sections will load normally, but your dragger will still drag."
How to show one topic per page:
Course format types in Moodle · Technology Help · Lafayette College
another way to improve performance overall is to move out three folders namely (cache, localcache and temp) out of moodle data folder. Here is a tutorial for the same. https://youtu.be/qXnSlwYzDfU )
Sunday, January 22, 2023
trying out Google Earth Studio for planetarium fulldome content
When I was googling for ways to create fulldome or 360 VR content from Google Earth (desktop), came across this interesting product.
https://earth.google.com/studio/docs/making-animations/rendering/
Apparently, this is a separate product from Google Earth (desktop) and is invite only at present. I sent in a request and got approved within 12 hours.
We can render 360 VR scenes fairly easily, with the caveat that their attribution must appear onscreen, and we should not sell the resulting content.
Using OCVWarp, I tried out turning the rendered 360 VR files into fulldome content, a couple of examples below.
Deprecated SSL/TLS version warning from NIC-CERT - action taken on cloudflare
Copy-pasting from an email exchange after one of our institutions received an email saying that some/all of their domains had deprecated versions of TLS -
https://www.acunetix.com/blog/
Saturday, January 21, 2023
tunneling through ssh
We wanted to protect one of our database servers by closing its open ports and only allowing tunneling via ssh or a vpn. Since this post indicates that ssh is less cpu intensive than openvpn, wanted to keep an ssh tunnel open across reboots. Autossh seems to be a ready-made solution for this -
autossh(1): monitor/restart ssh sessions
So, in our case, via
Create an ssh tunnel background service with autossh and systemd (systemctl)
and
16.04 - Start autossh on system startup - Ask Ubuntu
sudo apt install autossh
sudo nano /etc/systemd/system/ourtunnel.service
[Unit]
Description=our tunnel service
After=network.target network-online.target sshd.service
[Service]
ExecStart=/usr/bin/autossh -i /home/ouruser/.ssh/id_rsa_ourkey -L 9999:localhost:9999 -NT ourserveruser@our.remoteserver.tld
[Install]
WantedBy=multi-user.target
The -NT switch is important - otherwise, the sshd on the remote server complains, "Pseudo-terminal will not be allocated because stdin is not a terminal." And the service status will show that it failed -
service ourtunnel status
autossh[494191]: ssh exited prematurely with status 0; autossh exiting
linux - Pseudo-terminal will not be allocated because stdin is not a terminal - Stack Overflow
After a few days of use, top shows the CPU usage - around 6.6% for autossh on the tunnel client which runs a web server, and the tunnel server which runs a db shows 8 to 12% CPU usage for sshd.
Thursday, January 19, 2023
issues with a Moodle course
One of our institutions had some trouble with one of their courses not loading - or being very slow to load. After first suspecting server issues, some excerpts from an email exchange:
I do not think anyone was adding questions. I have only been opening that page to troubleshoot. The problem still existed even after upgrade. However, I found a fix by disabling question statistics which seems to be triggering every time we access the question bank.
For now this should work till moodle finds a permanent solution for the statistics trigger.
sudo forever stop index.js
Moodle in English: Very large course takes a minute to load unless "editing" is on
"It's almost always because somebody is trying to build the learning material on the course page itself rather than in activities/resources "behind" the page. There's nothing wrong with that, of course, but it's does have an effect.
We had a course with 120 videos embedded in labels on the course page. It took 10 minutes plus to load - even on a good connection."
So, probably not a good idea to embed all your content on the course page itself, they should be "activities/resources behind the page".
Now, whether you are already doing this, or how to do this if you are not doing this - maybe S can help.
Also, another person says:
"To track down the culprit I usually switch to one section per page. With one section per page, only the content for that pages loads, so some sections will load normally, but your dragger will still drag."
How to show one topic per page:
Course format types in Moodle · Technology Help · Lafayette College
delete old files - Google Apps Script
gives an unattributed code snippet, but seems to be OK. (I've not yet implemented this.)
https://gist.github.com/mbierman/f29f8e7846d2824a81c4e74c5522a34b
uses getDateCreated() instead of searchFiles() & modifiedDate. This second script also has an elegant way of emailing using Logger.getLog()
If we want to permanently delete instead of sending to trash, which we might want to do in case of rapidly filling up drives and so on, there is the Files API delete function, https://developers.google.com/drive/api/v2/reference/files/delete#examples which might be called from Apps script by enabling the Drive API on the LHS and Drive.Files.delete(fileid).
Wednesday, January 18, 2023
Filelink with Thunderbird
Copy-pasting from an email exchange with PB
I tried the filelink feature in Thunderbird with the "Send Server" .... It worked once and then kept failing after that. Having Google drive work with Thunderbird to send large attachments as a link would have been the ideal solution.Have you used any other method to send large attachments in a mail client?
Windows 11 login background images
Windows 11 - by default - shows some very pretty background images on the login screen. Apparently, these images are called windows spotlight images.
From there, we can copy the files to another directory and rename them with .jpg using the method mentioned in the post above,
ren * *.jpg
caveats while using select count() in mysql
Helped by How to get multiple counts with one SQL query? - Stack Overflow I can probably improve the run time performance of https://github.com/hn-88/ad-hoc-moodle-database-queries/blob/main/Files%20by%20Asset%20type
Another possible way to improve performance might be to change the order of the WHERE conditions.
Apparently all queries which use the COUNT() function will lock the table until processing finishes. In this case, for some of the larger numbers like 300,000+ rows, the query takes well over a minute to run, causing the entire site to stop responding. To prevent that from happening, I have not put this query in the Moodle ad-hoc queries list.
To prevent timeouts from other queries, we have to limit the numbers using the parameters, like choosing to query a limited number of days/months, or limited number of users, etc.
Tuesday, January 17, 2023
Why we're leaving the cloud - blog post from Basecamp
An interesting blog post to which I can refer people who are obsessed with "moving to the cloud" - Why we're leaving the cloud
The cost and "all eggs in one basket" reliability issues are highlighted.
Firefox "rupee symbol" overlapping problem
I reported a possible bug about Firefox showing the rupee symbol overlapped with text, like the screenshot at
https://github.com/webcompat/web-bugs/issues/116442#issuecomment-1379785455
But even I was unable to reproduce it on another machine (which had a higher resolution screen to start with). Anyway, the workaround seems to be to change the view, Ctrl- or Ctrl+ to zoom the view in or out; that fixes the rendering as mentioned in the thread above.
Sunday, January 15, 2023
checking for sudo rights
Easy way to check if a user can sudo:
groups <username>
On regular Linux machines, the sudo group will turn up if the user is allowed to sudo. On bitnami VMs, the groups bitnami and bitnami_admins are used.
bitnami user and separate admin user
When setting up key-based login for one of our Bitnami servers, found that
- The bitnami user, which is the super user, has SSH logins turned off
- We can login as our_custom_user, which is also a sudo user.
- When we login as our_custom_user, the username on the prompt is shown as bitnami, but has the home directory ~ as /home/our_custom_user - so we should keep that in mind.
Saturday, January 14, 2023
finding files modified in the last 15 days with Linux command line
Finding files modified in the last 15 days,
Friday, January 13, 2023
submitting a form without a refresh - jquery technique
This page - https://www.geeksforgeeks.org/how-to-submit-a-form-or-a-part-of-a-form-without-a-page-refresh-using-jquery/ - has a nice javascript form submitter code snippet. Another interesting thing there is that the form is submitted to https://reqres.in/api/users - which is a free API testing site.
<script src=
"https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js">
</script>
<script type="text/javascript">
$(document).ready(function() {
$('form').on('submit', function(event) {
event.preventDefault();
// It returns a array of object
let userinfo = $(this).serializeArray();
let user = {};
userinfo.forEach((value) => {
// Dynamically create an object
user[value.name] = value.value;
});
let url = "https://reqres.in/api/users";
$.ajax({
method: "POST",
url: url,
data: user
}).done(function(msg) {
// When the request is successful
$('span').text('user is successfully created with Id ' + msg.id);
}).fail(function(err, textstatus, error) {
$('span').text(textstatus);
});
});
});
</script>
If we're using this with Google Apps Script, we need to return 'Success' using something like
return ContentService.createTextOutput().append('Success').setMimeType(ContentService.MimeType.JAVASCRIPT);
If there is no return statement, "error" is displayed in the form response SPAN.
Thursday, January 12, 2023
prevent staggered look for HTML elements with CSS
When using CSS and 'float'ing elements, if we get a staggered look with each element in subsequent rows offset to the right, that would be due to not using "clear"
html - why is my css staggered? - Stack Overflow
Also, the clearfix overflow: auto which is mentioned in the w3schools page above would be useful in many cases.
workaround for same-origin-policy block for AJAX query to google apps script
https://www.labnol.org/code/20197-jquery-ajax-call-google-script
This post describes the exact problem and solution - the solution seems to be to use JSONP (JSON with padding) for the data, and then client page should read the JSON and appropriately display/use the data.
- use a try catch in the Google Apps Script to prevent errors from preventing responses
- convert to JSONP with
result = JSON.stringify({ result: result, }); return ContentService.createTextOutput(e.parameter.callback + '(' + result + ')').setMimeType( ContentService.MimeType.JAVASCRIPT );
- The AJAX query can be easily called with jQuery like
var request = jQuery.ajax({ crossDomain: true, url: url + encodeURIComponent(parameterIfAny), method: "GET", dataType: "jsonp" });
- The script with jQuery must come after jQuery is included, like for example,<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js"></script>
</head>
GMailApp sendEmail - "from" needs to be an alias
Just a quick note - GMailApp SendEmail options do have a "from" address which we can choose, but the "from" needs to be an alias of the account from which the email is being sent. "replyTo" does not have that limitation, so we can use that instead.
https://developers.google.com/apps-script/reference/gmail/gmail-app#sendemailrecipient,-subject,-body,-options
https://developers.google.com/apps-script/reference/gmail/gmail-app
https://developers.google.com/apps-script/reference/gmail/gmail-app#sendemailrecipient,-subject,-body,-options
https://developers.google.com/apps-script/reference/gmail/gmail-app#advanced-parameters_1
https://developers.google.com/apps-script/reference/gmail/gmail-app#advanced-parameters_1
Sunday, January 08, 2023
find all ip addresses on a network
https://www.google.com/search?q=find+all+ip+addresses+on+network
showed arp -a
It worked OK on Windows the first time. But after a day or two, arp -a still showed the old ip address, and not the refreshed ip address of another machine which had been switched on and off in the interim. So, this is not bulletproof.
https://www.comparitech.com/net-admin/scan-for-ip-addresses-local-network/
points to Angry IP Scanner. Will try it out some time.
creating a network share with samba on linux command line
sudo nano /etc/samba/smb.conf
sudo service smbd restart
Moodle server issues, possible reasons and fixes
Copy-pasting from emails:
1. In November,
... had mentioned a temporary connection failure with the server when running ad-hoc queries. This could most probably have been due to some query overloading the database momentarily.
But when checking the logs, I find repeated "Web service authentication failed" messages, spaced every few minutes, from a set of regularly spaced IP addresses.
This means that our server is under distributed brute force attack. Which means that (a most-probably automated) attacker is using many different computers or devices to guess passwords (in this case web service tokens) by trying all possible combinations.
This sort of thing is common for SSH ports, but this particular attack seems to be tailored to Moodle. One way to block this particular attack would be to disable web services, but that would block the mobile app also. Will look for other solutions, may be asking in Moodle forums.
Not something which we need to worry too much about, just something we need to do to make the server a little safer.
2. Disabling "login from new device" notification emails. Disabled sending emails saying "new login from -- device",
from https://our.server.org/admin/message.php
"New login notifications"
3. Send only Digest emails from Forums -
The forum email notification setting seems to be off already. Perhaps the emails are due to someone deliberately sending a message to all forum users,
Bulk user actions - MoodleDocs
or something like that?
4. Stop send email altogether to specific users, like the bouncing users above - I have set
emailstop=1
for the user bouncinguser@somedomain.org
But I'm seeing bounced messages to noreply@someotherdomainofours.org - I'm not sure where this non-existent email id has been entered. It must be somewhere in the settings, instead of noreply@correctdomain.org entered as noreply@someotherdomainofours.org - but I could not trace out where.
corrupted frames repair
One of our planetarium shows had some 2-5 seconds of bad frames. Worked around it by
- cutting the pre- and post- sections using Avisynth Trim()
- Extending a few sections of the pre- section with virtualdub - making it 15 fps and interpolating frames
- joining together the extended pre- and post- sections using Avisynth Dissolve()
subscribing to google group via email
Apparently we can subscribe to a google groups mailing list by just sending an email - and then replying to the confirmation email. Checking, I tried sending an email to
sai-inspires+subscribe@sssmediacentre.org
from an id which is currently not a member.
Currently, this group is set to invitation only. So, the subscribe action did not go through.
I then tried the unsubscribe email - sai-inspires+unsubscribe@sssmediacentre.org
I got a bounce message saying "Leave failed Not a member".
So probably it would work for those who are members.
autofit in Google sheets
Adjust the column width to fit text in Google Sheets - the method seems to be
- Highlight the column(s) you want to auto fit
- Hover the cursor over the right-border of the header of that column (or one of the columns) till it changes to the "resize by dragging" cursor
- Double-click. After a small delay depending on the size of the sheet, the autofit will happen.
Saturday, January 07, 2023
adding Google input tools to Google Docs
If we want to type in Indian languages, Google's input tools are a good option for transliteration of Indic scripts. For enabling them inside Google Docs toolbar, the procedure is to go to
Google Account --> Personal Info --> General Preferences for the Web --> Input tools
and enable the languages you want. There is no need to enable English in my case, since my default keyboard settings are English. But we can enable English handwriting input etc if needed, if we're using a tablet etc.
revisiting super-resolution filters and cartoon effect filters
Either super-resolution or cartoon effect could (theoretically) be used to blow up low-res video content for planetarium fulldome projection.
http://www.infognition.com/
- I had a previous post about this, and also "junk" according to this - https://forum.videohelp.com/threads/398876-Super-Resolution-Plugin-For-Vdub
Lanczos resize should be better, apparently.
"Cartoon look" thread
http://forum.doom9.org/archive/index.php/t-182043.html
The Sobel etc filter near the end of the thread seems to be best for us, looks like watercolor.
Or can try any of the MSU filters
https://videoprocessing.ai/video_filters/
Also interesting - cloud based video processing, but not free,
https://www.pixop.com/pricing
Friday, January 06, 2023
auto update of LetsEncrypt certificate failed on Windows
One of our development servers had one of its domains not connect over https, most probably due to a bad certificate. At first, I wondered if it was due to the update being scheduled at night when the server was shut down. But no, the default time is 9 am, and the task runs between 9 and 10 am. The log is located at %programdata%\win-acme\$baseuri$\Log
according to https://www.win-acme.com/manual/advanced-use/custom-logging and checking there, found errors like
Warning - Existing https binding "oursite.com":443"" not updated because it doesn't seem to match the new certificate!
Information - Committing 1 "https" binding changes to IIS
Information - Updating existing https binding "oursite.com":443"" (flags: 1)
Running the command-line wacs.exe and choosing to force update the certificate worked fine.
This seems to be a bug in win-acme,
https://github.com/win-acme/win-acme/issues/2076#issuecomment-1060274192
so I've now upgraded to the latest version 2.1.23 hoping the next renewal 3 months later would be fine.
Edit - the next renewal also failed. So, shifted to cloudflare origin certificate instead, https://hnsws.blogspot.com/2023/03/setting-up-cloudflare-origin.html
Monday, January 02, 2023
bulk email solutions
Somewhat related to my mailing list trials, but larger in scale. I had a request to look at AWS Simple Email Service (SES) since the pricing is so much lower than Sendinblue et al. for their requirement of around 50k emails, but only once in 2 months or so. Since they would have difficulty with writing their own code, I mentioned Sendy to them, having come across it here.
Another possibility was, making multiple users in their Google Workspace, and sending emails via those users. This would be easier for them to do, since it doesn't involve any coding. Unfortunately they don't put in unsubscribe links in their emails. This would probably be leading to low deliverability rates.
Putting their mailing list into a google group was another solution I had earlier suggested.
Sending mails through gmail smtp relay - 10k per user per day? - is another possibility, but more complicated -
https://www.gmass.co/blog/understanding-gmails-email-sending-limits/
https://support.google.com/a/answer/2956491
More detailed copy-paste from our email exchange about usage, pros and cons -