Blog

Workshop on 11/02/2020: Introduction to CAcert

Thanks to our excellent guest speaker Alex Robertson for coming in and giving this talk.

You can find details of what was covered in the main talk in the files below which were used for the presentation. Other than that, there was plenty of times for questions regarding the current state of the project as a whole and ways people can volunteer.

We had a good turn out of about 18 people which isn’t bad considering this wasn’t an official ATE (which is a CAcert training event). Also thanks to CAcert (see their blog post here), Hack:Keele and Internet Central (their tweet here) for publicising the event. We even had people travelling in from much further away areas too. Hopefully we can repeat this event in the next 6 to 12 months and as the number of people capable of assuring grows, we can expand on these numbers.

Most people brought along their own CAP forms ready to do assurances afterwards (although we have an absolutely massive stack of blank ones if anyone wants to do more in the future) and this went down very well. Especially as we had all just received the knowledge (or a refresh of the knowledge) on which IDs would be acceptable from people – who the majority remembered to bring!

The presentation files can be obtained below…

We also updated a CAcert leaflet (found from here originally) for the event and a copy of that can be found here…

The rest of this blog post was here even before the workshop had occurred.

Essentially it is a step by step set of instructions on how to get started with installing the root and intermediate certificates on your computer, creating an account, making a client certificate and finally taking the assurers challenge.

Thankfully in the workshop event itself, all of our computers were working with a new CAcert setup created for the event that allowed people to securely take the test if they wanted to and generate private keys from within the browser (by using an ESR version of Firefox that hasn’t yet taken away that ability).

Also if you get stuck following any of this then you can always talk to us using our usual contact details (such as chat rooms, mailing lists, etc…) about it. Additionally CAcert have various channels for help too.

Install CAcert’s root & intermediate certificates

The PC’s at the workshop will already have these installed, but if you want to use the CAcert website and maybe take the Assurer Challenge prior to arrival, you should also have them installed on your machine,

Dependant on your OS/browser there’s different ways of installing these as detailed on the CAcert wiki here and here. We’ve detailed a few likely scenarios below whilst assuming you’re running a modern OS/browser. If these instructions don’t work then see the CAcert wiki for more options.

It’s always a good idea to view any certificate you install to check the fingerprints match what you expected. This is so if they were tampered with while being acquired, you can spot it! You can find out more in the CAcert wiki as well.

Adding to Firefox (on any desktop OS)…

Browse to the following web page… http://www.cacert.org/index.php?id=3

Click ‘Root Certificate (PEM Format)’, tick ‘Trust this CA to identify web sites.’ and then OK. Finally click ‘Intermediate Certificate (PEM Format)’ and just click OK (no need to click Trust on that). For a step by step view see the gallery below…

Adding to Linux (e.g. Chrome and Opera)…

Whilst you could add these certificates system wide (and how you did that would differ vastly dependant on your distribution), it wouldn’t help accessing the CAcert website. That’s because Chrome, Opera and Firefox (see above if using Firefox) all use their own certificate stores if they’re running on Linux. So ultimately we’re just going to show you how to add them to Chromium-based (which Chrome and Opera are) browsers running on Linux.

Start by downloading the ‘Root Certificate’ and ‘Intermediate Certificate’ (both in PEM Format) from… http://www.cacert.org/index.php?id=3

Access your browsers settings and search for ‘Manage certificates’, then on the ‘Authorities’ tab first import the ‘root’ certificate and remember to tick ‘Trust this certificate for identifying websites’. Then afterwards import the ‘class3’ (intermediate) certificate (you don’t need to tick Trust for this). For a step by step view see the gallery below…

Adding to macOS (e.g. Safari, Chrome, Opera and Edge)…

Start by downloading the ‘Root Certificate’ and ‘Intermediate Certificate’ (both in PEM Format) from… http://www.cacert.org/index.php?id=3

Open the ‘root’ certificate first, pick ‘System’ when it asks for a keychain, confirm your normal macOS password and then finally mark it as trusted (see the screen shots below). Then open the ‘class3’ (intermediate) certificate and add it in the same way (no need to manually mark this as trusted). Your browser may need to be completely closed an reopened for it to have any effect. For a step by step view see the gallery below…

Adding to Windows (e.g. Edge, IE, Chrome and Opera)

Start by downloading the ‘Root Certificate’ and ‘Intermediate Certificate’ (both in PEM Format) from… http://www.cacert.org/index.php?id=3

Open the ‘root’ certificate first, then choose to install the certificate (it may prompt for permission) to the ‘Local Machine’ location under the ‘Trusted Root Certification Authorities’ store. Then repeat the process for the ‘class3’ (intermediate) certificate only this time you want the ‘Intermediate Certification Authorities’ store. For a step by step view see the gallery below…

Creating a CAcert account

Phew! Now that’s over with (we’ll be going in to why that is required for CAcert vs. other CA’s in the workshop!) head over to cacert.org to make a new account. This should be self explanatory, just make sure you put your proper full legal name (as shown on government ID) and an e-mail address you can access for verification. Here are few images showing the steps in case for some odd reason you get confused…

Creating a client certificate

You’ll need to create a client certificate to identify yourself to systems such as the one for the Assurers Challenge. This requires a private key and certificate signing request (CSR) to be generated. In the past web browsers could do this on the page itself but sadly this feature has been dropped. So we’ll use the OpenSSL utility to generate them instead.

Luckily macOS and Linux users will likely find this utility already installed, but not so for Windows users! They can instead follow someone else’s guide for getting a pre-built copy of OpenSSL (compiled by ‘Shining Light Productions’) installed on their system… please make sure you follow that last step regarding adding it to your path!

Open a Terminal (or ‘Command Prompt’ for you Windows users) and change to the directory where your web browser downloads files to (e.g. your ‘Downloads’ directory). Then run the following command…
DON’T CLOSE your Terminal/Command Prompt when you’re done.

openssl req -nodes -newkey rsa:2048 -sha256 -keyout client.key -out client.csr -subj "/"

Open your favourite text editor (e.g. Gedit, Kate, Pluma, Notepad, TextEdit, etc…) and open the file ‘client.csr’ which you just created.

Leave that open and now using your web browser go to cacert.org and login using the ‘Password Login’ on the right hand side, then under ‘Client Certificates’ pick ‘New’.

Tick your e-mail address (if you’ve already earned enough points to be assured, you’ll find you can also add your full name too… this allows you to print a certificate off for the Assurer Test – but it’s mostly vanity) and also tick ‘Show advanced options’ so that we can copy & paste the CSR from our text editor into the area called ‘Optional Client CSR’.

Finally accept the ‘CACert Community Agreement’ and press ‘Next’ (BE PATIENT! the next page will load but it’ll take a while!). Finally click ‘Download the certificate in PEM format’ and rename the file that downloads to simply be named ‘client.crt’.

Finally we need to import your client private key and certificate into your OS/browser. The best way to do this is merge them into a single PKCS #12 formatted file first. Back on your Terminal (or Command Prompt) run the below, it’ll ask you for a password (choose wisely and remember it) which you’ll need when importing it later into your OS/Browser…

openssl pkcs12 -export -out client.pfx -inkey client.key -in client.crt

Once this is created you should keep a copy of this new ‘client.pfx’ file in a safe place and you can delete (checking things like Trash/Bin/Recycle Bin) any files like ‘client.crt’ and ‘client.key’ which were used in its creation.

Importing into Firefox (on any desktop OS)…

Go to Preferences and find the button for ‘View Certificates…’. Under the ‘Your Certificates’ tab use ‘Import…’ select ‘client.pfx’ and enter your secret password. It’s that simple, but here’s some nice pictures just in case…

Importing into Linux (e.g. Chrome and Opera)…

As mentioned before with the root and intermediate certificates, this essentially just covers Chromium based browsers running on Linux (as Firefox is covered above and Linux has no common certificate store).

In your Settings go to ‘Manage certificates’ then under the tab ‘Your certificates’ use the ‘Import’ button, select ‘client.pfx’ and enter your secret password. As ever, here are some handy images to show the steps…

Importing into macOS (e.g. Safari, Chrome, Opera and Edge)…

Just open the ‘client.pfx’ file from your Downloads directory, it’ll prompt you for your normal macOS user password and then afterwards ask for your secret password. At this point it’ll be installed and you can close the ‘Keychain Access’ program, you may need to completely close and re-open your web browser for it to work too. Here are some screen shots…

Importing into Windows (e.g. Edge, IE, Chrome and Opera)

Open the ‘client.pfx’ file from your Downloads folder and follow the default options of installing it for the current user & automatically select the store, just provide your secret password. Screen shots below…

Take the Assurer’s Challenge!

Basically head on over to cats.cacert.org using whichever OS and browser you’ve properly got your root, intermediate and personal client certificate and key installed into. Click ‘Login’ and it should confirm your details. If you included your full name in your client certificate it should show here, otherwise it’ll just be your e-mail address… click ‘Yes’ if it all looks good at the bottom.

You may find this particular part of the CAcert wiki handy when taking the test! http://wiki.cacert.org/AssuranceHandbook2

To start the test click ‘Tests’ on the top and then on the right you’ll see ‘Assurer’s challenge (EN)’ and ‘start test’.

Workshop on 28/01/2020: CCTV cameras and control systems

In this much anticipated workshop we had one of our regular LUG members Darren go over a topic he knows both professionally and personally, CCTV systems.

The emphasis was on getting the most out of inexpensive hardware and using both in a secure way (especially due to possibility of malware being in the firmware) and intelligent way by pairing it with useful control software.

Also Wi-Fi was covered somewhat as you may be forced to use it for more remote locations you wish to have CCTV. This was in additional to general infrastructure talk when it came to things like switches, point to (multi) point links and Power over Ethernet (Poe).

For anyone interested in using Darren for his professional services, just drop a message on the mailing list and he’ll get in touch directly.

For anyone interested in the slides they are below. Simply extract the ZIP file and you should get a folder with a HTML file you can open (created using remark).

Also a big thanks for some of the guys who popped over from Shropshire LUG, it was great to see people mixing from the other areas. Hopefully a bunch of us will be able to pop by at one of your workshops soon.

Workshop on 14/01/2020: Introduction to OpenStreetMap

So this workshop was to cover the basics of what the OpenStreetMap project is all about, how the data is gathered (and is licensed) and it’s aims. Also covered during the workshop was…

  • How OSM covers the entire world, stats were given for the number of contributors worldwide.
  • History of the project, how it came to be and the previous challenges around proprietary mapping systems.
  • What ‘trap streets’ were, fictitious streets on proprietary mapping systems used to catch out copyright violators.
  • The humanitarian benefits of OSM in events such as the Haiti Earthquakes in 2010, where there was no adequate map information in existence already.
  • Detail around the data formats, nodes, ways, areas and relations.
  • The possibilities for custom tagging, layering, representing multiple storeys etc…
  • Briefly talked about how the OSM engine could be used to represent fictitious places (e.g. Mordor, J. R. R. Tolkien’s fictional world of Middle-earth)
  • Talked about the features Google has (history, timeline, 3D buildings etc…) that would be good to implement into OSM.
  • Discussed the pros and cons of the various mapping tools with the conclusion that OSM has the biggest advantage of being co-operative and has “many eyes” looking to spot mistakes and inconsistencies.
  • Lastly a demo of how to edit, and discussed the different editors available to use.

Here’s a gallery showing off some of the things looked at during the presentation…

In terms of the main presentation, this was HTML based slides which you can find in the ZIP file below. Just extract the ‘osm_presentation_webpages’ directory from the ZIP and then open ‘index.html’. Your default web browser should take care of the rest without needing the Internet.

During the lab exercises some sample OSM and GPX formatted data was used and looked at, these can be found in this ZIP below…

As for the growth of OpenStreetMap, Iain prepared this handy table…


Year
UsersNodes
20051000
20063000
200710000
200825000250
2009100000500
2010200000750
20115000001000
20127500001350
201310000002000
201414000002500
201520000002700
201628000003250
201742000003750
201850000004500
201956000005200

As of when the presentation was given (14th January 2020) there are…

  • Number of users: 5,968,421
  • Number of uploaded GPS points: 7,637,593,413
  • Number of nodes: 5,699,926,279
  • Number of ways: 632,110,826
  • Number of relations: 7,415,306

At the end a flyer was handed out with further information, you can find the original source of this at this link on GitHub, however we’ve provided copies from there in PDF format below too…

Finally these are the rough notes that our presenter Iain used during the meeting, these could be handy if you’re trying to remember the order things were covered. Any images referenced in these notes can be found in the ‘osm_presentation_webpages.zip’ ZIP file (in the ‘src’ directory) above…

A tale of an old subscriber list

So if you’re on this page it’s very likely because you clicked a link to it in an e-mail we’ve just sent you!

That e-mail was sent January 2020 and is basically just a reworded version of an e-mail originally sent back in August 2019 reminding people that the LUG has relaunched.

The short version…

Image result for sorry cake

We’re sorry if you’ve got an e-mail from us a second time!

Our main reason for sending another e-mail was because we’d randomly stumbled upon an old file with the e-mail addresses of older subscribers who we think we’ve likely forgot to tell about our relaunch. It’d always been meant to be a one-off e-mail and we won’t be doing it again… that file is also now gone.

For a better explanation (and how we’re protecting your personal information) you’ll need the longer version below…

Oh and we also threw in about 4 or 5 extra e-mail addresses in… who were already on the general@ mailing list but not on meetings@, just in case you’d forgotten we have both!

The longer version 🙂

Image result for lord of the rings hobbit

When we relaunched back in August we sent an e-mail out to everyone who was still on the older (Mailman 2.1 based) mailing list of “staffslug@staffslug.org.uk” (which has since been retired and archived).

Basically it just said that we were finally back and how you could re-subscribe yourself manually (either by sending an e-mail or using the web interface) to the new Mailman 3 based mailing lists.

This had a few issues…

  • Many of you just wanted a button to push which would do it for you.
  • The list of people on the old mailing list had dwindled a lot (from 150 to about 70) presumably during the LUGs dormant phase!
  • All the e-mails were sent using BCC, which I imagine got some of the e-mails trapped in spam filters.

We only know it was about 150 as an old e-mail with minutes from a meeting in 2013 (yes, even back then a bunch of us were trying to restart things!) shows the old LUGMaster stating that figure.

Anyway, after the e-mail in August was sent… we deleted the sent copy of the e-mail (with all the BCC’s) so that we weren’t retaining those addresses.

However over the last few years… files have been accumulating from past attempts to move the mailing lists over. In a recent tidy up we’ve spotted an old CSV format file with e-mail addresses of those who we’re guessing have either subscribed to an older mailing list before or used one in some way.

Dusting this off a bit… we removed from that list anyone who is already subscribed or we remembered e-mailing/telling back in August (although it’s a lot of e-mail addresses, sorry if our memory isn’t great!).

Suffice to say this latest reminder e-mail is based on what was left… sorry if you got one in August as well!

This time we’ve sent it using an excellent “Mail Merge” add-on for Thunderbird (and not using BCC) which accepts CSV files! It also includes handy buttons for resubscribing… which we have connected to little scripts we’ve made to automate the job!

The file we’ve discovered has since been deleted and additionally (just like with the BCC e-mail from before) sent copies of the e-mails have gone too.

Hope this all makes sense!

Workshop on 17/12/2019: End of quarter activities

Workshop… with added tinsel!

It’s Christmas! So it was time to deck out the workshop with at least a bit of tinsel! We weren’t expecting a great number of people (considering the time of year) but we got a nice healthy 11 through the door.

This workshop activity was a little different to the ones that preceded it, and the first of it’s kind… this was a chance to…

  • Look back to previous workshops this quarter, add any updates to them… there wasn’t much to say on this except how we might run them again in the future with more/different details.
  • Bring in gadgets/toys which we can play with play (especially since this time it’s Christmas!). We had a TuxDroid by Kysoh and looked at some DVDs, more them below…
  • Lightning talks of 5 to 10 minutes if anyone has anything they’d like to share with the group. This was in an “un-conference” style (like OggCamp), but perhaps the intentional disorganisation got away with us a bit here! It might be an idea to gather some ideas via the mailing list before hand! However there was still plenty of topics and distributions talked about regardless!
  • Talk about what is planned for the next quarter including planning new talks and labs that people want to see. More on that below…

This seemed to go very well indeed and I think it was the longest workshop we’ve had since the relaunch. Everyone got into the spirit of things and it was a good group conversation amongst us all. The hope is to do this kind of meeting at the end of every quarter, so the next one should be at the end of March or start of April.

These random 3 things represent some of the changes we’ll be doing to the workshop ready for next year…

  • A clock, we’ll likely put this somewhere so that the person giving a talk can see it. We’ve been very good so far time wise with our talks, but this may help keep the pace too.
  • We’ve acquired a pair of 24-port TP-Link gigabit PoE switches. So we should be able to up the 30 PC’s/Phones from those little blue unmanaged 10/100mbps Netgear PoE switches daisy chained to each other. This should help with boot up times as the OS runs from the network. It should also give us some extra PoE enabled cables a the ends of the desks to run things like Raspberry Pi’s from.
  • A fridge! That’s right, we’ve got sick and tired of carrying in the fridge from IC’s office. So we’ve bought another one! Plenty of place for soft drink cans and that all important “LUG MILK”!

We were also trying to get the TuxDroid working. At the moment we’ve got it all hooked up and it’s capable of saying “Hello” (with its crazed blue eyes flashing and wings flapping) but that’s about it. Unfortunately because the Kysoh company went bankrupt a year after this was launched (2009) the downloads are very hard to find to make it work. However we’ve got a few leads on this and should be able to have our talkative Tux running soon.

There was also the idea floated of potentially having some kind of documentary / film nights. Plenty of great IT and FOSS related films (dramatised or documentary style) that people might be interested in watching and discussing. Brought in two that we had on DVD just to get the idea across a bit.

Some additional ideas for workshops next year included (this is not an exhaustive list and I’m sure we’re missing some, there were many ideas!)…

  • Equivalents to MS Access
  • Monitoring (inc. Icinga)
  • Automation (inc. Ansible)
  • Arch Linux
  • Docker
  • VMs and Containers (inc. Proxmox VE)
  • Cryptocurrencies (inc. Bitcoin)
  • Wine (inc. Crossover, PlayOnLinux & Proton)
  • Nextcloud (inc. Collabora)
  • Password Managers (inc. KeePassXC)

And that was it! StaffsLUG wishes you all a very Merry Christmas and a Happy New Year. More great things to come in 2020!

Workshop on 3/12/2019: Introduction to the LAMP stack

This topic covered what the LAMP stack is followed by a hands on lab actually building 3 production web servers (as there were 3 teams of people) on Virtual Machines where the OS (Debian 10 in this case) had already been pre-installed with minimal packages.

Ultimately, for those unfamiliar, the LAMP stack has been traditionally been made up of (but often people swap bits) these 4 packages which is where it gets that acronym…

The lab covered how to get these all installed and then configure them manually in a way that would mean the web server is capable of serving multiple websites in their own directories, virtual hosts and database for each (if they need one).

A quick look at the colourful whiteboard…

It should go without saying that these VM’s are no longer live so there is little point trying to use these login details now!

The steps followed to do a basic Debian 10 server install though was explained by just showing screenshots of the screens gone through in the installation, most of which you can get away with just hitting enter.

Here are those screenshots though in case anyone wanted a closer look…

Finally the actual “slides” (if you can call them that) for how to get the lab task accomplished… was nothing more than a text file shown on our big TV at size 36pt font! Basically each “slide” is the 14 lines in between each horizontal line. But it worked, these notes also include other things we covered at the end…

At the end we had time for questions where we also went over some of the various free/open source and commercial control panels that can deal with a lot of this for you (but it’s always good to know how it’s done for diagnostic purposes) such as…

  • ISPConfig
  • DirectAdmin
  • Froxlor
  • Plesk
  • cPanel

And that was it for this time!

Ideas on Coverage

Since 1999 the LUG has always been fully titled as Staffordshire Linux User Group, abbreviated as simply StaffsLUG. However Staffordshire is a rather large county with the majority of it’s population in the northern end of it. This is mostly due to the city of Stoke-on-Trent. Many local community and campaign groups in the area have chosen to either title themselves with the prefix ‘North Staffordshire’ or ‘Potteries’ to try and specifically target the northern end of the county.

Although a large number of our local members (past and present) are from the northern end of the county, there are still plenty that have come in from places such as Crewe and Stafford. These are not ‘North Staffordshire’, neither are they part of ‘the Potteries’ either.

Given the well established Wolverhampton LUG is very close to both Cannock and Lichfield in the south of Staffordshire, it’s very likely they are catering for people from those neighbouring areas too. This makes sense as Wolverhampton is by far the closest/largest urban area. Equally we’d like to hope that the east of Staffordshire (such as Burton-upon-Trent) could be catered for by a LUG in Derby for the same reason, but as of yet no LUG seems to have popped up there (contact us if you know of one).

As for our LUGs own name? Well StaffsLUG has a nice ring to it, it’s not completely inaccurate nor does it seem to be really bothering anyone. It’s been thought to change the name some day (both for geographical reasons and to sound less Linux-centric), but certainly not for the foreseeable future and not without a lot of people really wanting that.

Ultimately this blog post is just here to show off a map with a big circle on it! It certainly does seem to show the Potteries area mostly in the middle, which makes sense as that’s our closest large urban area. Keele is marked in blue mostly just for clarity about where our meetings are normally held. That in itself is a good location for meetings as it’s both outside of the busy roads of Stoke-on-Trent, whilst also near the M6 that runs its way vertically through the centre of the map.

Of course this in no way changes who can participate in the LUG! Anyone from anywhere in the world can show up at meetings and join in on the mailing list. But this does give people a general idea as to the locality of people we generally pull in. If you feel like the circle isn’t quite right (e.g… extra towns you know we’ve had local members from, etc…) or just want to share your thoughts then comment below, contact us or use the mailing lists. It’s roughly a 15 mile radius with postcode ST5 8SN at the centre (a postcode of no particular note, except that it’s at the centre of the circle).

p.s. If anyone knows of a way of showing the same amount of detail and clarity (at that map zoom distance) using OpenStreetMaps let us know. We’d have much rather preferred to use that, but it never seemed to quite look as good.

Click me to make me bigger!

Workshop on 22/10/2019: Virtual Tabletop Gaming (inc. VASSAL)

The topic is essentially about simulating table top gaming (card games, role playing games, board games, etc…) on to a desktop PC. In our workshop the focus was bringing these ‘in real life games’ to digital platforms with a focus on how you can do that in Linux using a bit of software called VASSAL.

Click to visit the VASSAL web site

Here’s how we left the whiteboard…

Things discussed…

  • Who plays what?
  • Why would you choose to play via tabletop?
  • Social experience, bit of fun, can maintain this aspect of gaming digitally whilst maintaining the unique character of the games.
  • Reasons to go digital
    • Distance restrictions and limitations.
    • Regular group, e.g. weekly games nights.
    • Tournament practice.
    • Experimenting with different options and different strategies.

Vassal is a platform where the most popular modules are things like X-Wing, Advanced Squad Leader as well as…

  • Traditional games – monopoly, scrabble.
  • War gaming – games with miniatures.
  • Card gaming – MTG etc…

Take a look at the full list of VASSAL modules here, there are over 2000 modules in total. Other alternatives to VASSAL are…

During the workshop we had a go at the Scrabble module to get a handle on the basics, then loaded up the Warhammer 40K inspired Vassal40k module.

Lastly took a quick look at the module editor to basically see how all these overlaying bitmaps interact within the game.

The talk for this weeks workshop meeting was presented by LUG member Darren who is known as d72 online and is one of the current maintainers of the Vassal40k module. It is likely a version of this talk will be ran again sometime in the next 6 to 12 months with other games in mind too.

Additionally if you are interested in development of new VASSAL modules, working on VASSAL itself or working to improve existing modules and want to work with other LUG members face to face… then please use the meetings@ mailing list to discuss as there can always be ongoing projects in the background of any workshop meetings.

Trip: OggCamp (2019)

So a bunch of us at StaffsLUG went to OggCamp this year on Saturday 19th October 2019.

Plenty of talks to see, some of them on the “Main Track” (i.e. scheduled in advance and in the main room) and some of them scheduled as the day went on via a system of post-it notes and suggestions/offers of topics.

Managed to chat with a couple of people from Free Software Foundation Europe and also the Open Rights Group. Got some free stuff like leaflets and stickers from them for the LUG. Also making the rounds were a couple of people from Potteries Hackspace interested in many of the same talks, especially the one on MQTT.

The talk by LibreOffice was especially interesting to hear how IBM had been financing the war of OpenDocument vs Open Office XML. But sadly since then the specification of the OpenDocument formats has been left untouched for about 8 years until this year with a new standards editor part-paid for by Microsoft of all people!

There was also a very interesting talk by the Open Rights Group regarding how the RTB system used by online advertises violates GDPR. That one is definitely worth looking in to.

All in all it was very good, would go back again.

For more information look at the captions of the photo’s below.

Workshop on 08/10/2019: DNS Sinkholes (inc. Pi-hole)

The talk this week was about setting up a DNS sinkhole. Essentially instead of the machines on your network sending their DNS requests either to your ISPs recursive name server (or to your router which then forwards the request to the same place)… instead setup your own DNS server which forwards these requests on instead, but it has the ability to record and create statistics for the kinds of things seeking to be resolved.

The software used in the lab demonstration was…

Click to visit their website

Basically we had a number of Raspberry Pi Zero boards in cases powered by PoE (with PoE splitters) and hooked up to USB ethernet adapters scattered around the desks.

Pi-hole can however run on various platforms including VMs and pretty much any distribution or hardware you like. See their website.

The Pi’s had been pre-setup with Raspbian already and just needed the software installing which is largely just done with a one liner (see this page for details)… Please note: this is very case sensitive!

curl -sSL https://install.pi-hole.net | bash

Richard was leading this particular talk as he’d used the software before and was following his own notes which are provided below and were available for people to download on the day… (note: these are largely based on a thread/guide found over in the Linus Tech Tips forum)

Worked out very well, got some interesting results. Will definitely be revisiting this topic and others similar again in the near future.

In action!

You might have noticed we chose to go with Raspberry Pi Zero devices when testing out Pi-hole mostly due to their affordability, but they do need an additional USB ethernet adapter.

We’ve also found that a Zero model (compared to say a normal v3 model B for example) can be powered (if you’ve got a PoE switch or injector) with little micro USB PoE splitter adapter quite well.

Richard has also very graciously donated two kits of Raspberry Pi Zero’s to Function Office so they can be used with other similar StaffsLUG workshops which might need to use them.