certbot centos 7 route53 dns verification error

If you recently started to receive the following error while trying to renew your certificates

An unexpected error occurred:
ImportError: cannot import name PROTOCOL_TLS

the simplest fix is to downgrade your python-s3transfer package to version ‘python-s3transfer.noarch 0:0.1.13-1.el7.0.1’

yum downgrade python-s3transfer.noarch

Wemos S2 Mini ( Esp32S2 ) Platformio example

If you recently bought the awesome Wemos S2 Mini with this specs:

  • based ESP32-S2FN4R2 WIFI IC
  • Type-C USB
  • 4MB Flash
  • 27x IO
  • Compatible with LOLIN D1 mini shields
  • Compatible with MicroPython, Arduino and ESP-IDF
  • Default firmware: MicroPython

A good solution is to use the Platformio ecosystem if you don’t want to use micropython or the Arduino IDE to program it, the only problem being that it doesn’t have native support to this board yet.

But this is easy to fix this once you know how to do it.
We first start by creating a project with platformio ( could be using visual studio code or the jetbrains clion IDE ), as a board we choose the esp generic dev board “Espressif ESP32 Dev Module”, in the end it doesn’t matter as we are going to overwrite the platformio config file

After you initialize the project, go to the platformio.ini file and change the contents to the following:

platform = https://github.com/platformio/platform-espressif32.git#feature/arduino-upstream
platform_packages = framework-arduinoespressif32 @ https://github.com/espressif/arduino-esp32#master
# DARDUINO_USB_CDC_ON_BOOT = 1 enables usb serial port
# DARDUINO_USB_MSC_ON_BOOT = 1 enables usb mass storage device
build_flags =
board = esp32-s2-saola-1
board_build.mcu = esp32s2
framework = arduino

Now clean the project and rebuild, your binaries should be compatible with the Wemos S2 Mini Board now.

As we are using a “fake” board, the defines and pins need to be addressed by number and not by constants like “PIN_5”, you can find the diagrams on hte wemos.cc website



Bulk convert mkv h264 to mkv hevc

A nifty script to convert every mkv or mp4 file on a folder from h264 to hevc ( h265 ) maintaining an acceptable quality, my gains were at least 60% reduction in file sizes but YMMV, dependencies are ffmpeg and mediainfo

Start by installing the dependencies.

For Centos 7:

yum install epel-release -y
yum localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm -y
yum install  mediainfo libmediainfo ffmpeg ffmpeg-devel -y


For Debian:

apt install mediainfo ffmpeg -y

Continue reading “Bulk convert mkv h264 to mkv hevc”

Proxmox single host “invalid PVE ticket (401)”

If you are not able to log in to your proxmox server and it just show the error “permission denied – invalid PVE ticket (401)”

You can try a few things:
Try using another browser to see if the problem goes away, if so you can clear the cookies and data of your browser.

If that doesn’t fix the issue, as a last resort you can remove the file “/etc/pve/authkey.pub”, this file usually is rotated once per day but when you remove it Proxmox will recreate a new one in it’s place, this method wasn’t tested on a cluster environment.

openvpn connect old version 3.2.1 (1180)

If you for whatever reason need an historical version of openvpn connect you are mostly fucked.
but if desperate enough to trust a random site on the internet you can download the binary here.
openvpn-connect- x64 only, you can verify the signature at the wayback machine

openvpn-connect- x64 only, you can verify the signature at the wayback machine

Don’t forget to check that the sha256 signature matches, it is good practice when downloading random binaries from the internet.

You can download the older 3.1.3 version from a less suspicious link at https://archive.org/details/openvpn-connect-

Special thanks to the Totally not suspicious URL for being the only backup version for download before this post was made.

Setting the cpu governor to powersave on all cpus

Some of the time the ‘cpufreq-set’ command doesn’t work as expected and you need to run the command for every core on a system but if you have a lot of cores it gets tiring really fast.
The snippet bellow to run cpufreq-set once on every core of the system.

Create the file ‘/sbin/cpufreq-set-all’ with the following:

   MAX_CPU=$((`nproc --all` - 1))
   for i in $(seq 0 $MAX_CPU); do
       echo "Changing CPU " $i " with parameter "[email protected];
       cpufreq-set -c $i [email protected] ;

Enable execution with:

chmod +x /sbin/cpufreq-set-all

Continue reading “Setting the cpu governor to powersave on all cpus”

Configuring Pulse-audio to use a remote server

Let’s Start with some definitions:
Server: The computer that receives the audio and have the speakers connected.
Client: The computer that generates the audio and send it via the network.
On the server side you’ll need to enable the ‘module-native-protocol-tcp’ pulse-audio module, this module usually is already installed by but for security reasons it comes as disabled by default.
You’ll also need to open port tcp/4713 on your firewall.
After that you need to copy the file ‘~/.pulse-cookie’ from the server to every client.
Now that you synced the pulse-cookie file choose your authentication method used by the ‘module-native-protocol-tcp’ and edit the file ‘/etc/pulse/default.pa’.
If you want to let anyone with the right pulse-cookie file to connect and send audio:

    load-module module-native-protocol-tcp auth-anonymous=1 

Or a more secure approach is authentication with pulse-cookie and IP address or Network, if you have multiple clientes you just need to input a list separated by a semicolon:

    load-module module-native-protocol-tcp auth-ip-acl=;<CLIENT_IP_OR_CLIENT_NETWORK>

Continue reading “Configuring Pulse-audio to use a remote server”

Configurando IPV6 com a Copel Telecom no PFSense

Se você utiliza os serviços da Copel Telecom e precisa/prefere de mais funcionalidades do que o roteador oferecido por eles, deve ter se deparado com um problema grande, a falta de conexões entrantes no IPv4 e a impossibilidade de se configurar o PFSense para distribuir IPs por IPv6.
Usando alguns tutoriais encontrados na internet você logo descobre que as configurações que parecem funcionar em outros provedores não funciona para Copel Telecom, alguns exemplos citados abaixo:

Continue reading “Configurando IPV6 com a Copel Telecom no PFSense”

nvidia-kernel-dkms debian buster kernel 5.3

If you use the 5.3 kernel with a Debian Buster install ( ie: Proxmox 6.1 ) you will find that the kernel module for the nvidia driver version 418.X fails to build.
Fortunately it’s an easy fix.
First you need to create a file in your sources.list.d directory:

echo 'deb http://deb.debian.org/debian buster-backports main non-free contrib
deb-src http://deb.debian.org/debian buster-backports main contrib non-free
' > /etc/apt/sources.list.d/buster-backports.list 

Continue reading “nvidia-kernel-dkms debian buster kernel 5.3”

Custom Proxmox Instalation as a Workstation

If you read my other article in this topic Here for Proxmox 5.0 or Here for Proxmox 6.0 after following all the steps you have a fully functional proxmox server installation.
But you might be wondering “Can I use proxmox in my workstation?”.

The answer is “Sure you can, but you might want/need to follow a few extra steps,make sure you install the pve-headers, or else you’ll have problems with packages that need the linux kernel headers.
Continue reading “Custom Proxmox Instalation as a Workstation”