Rune Audio some thoughts

Art Pepper Via the rune audio interface

Art Pepper Via the rune audio interf

I spent a few hours this weekend mucking about with an old V2 Raspberry pi and the open source product roon audio.

It’s a pretty good little media management system. I can keep all my music (I’ve copied it to a usb attached to the pi) in one place and access – play that data from the pi to the amplifier. The beauty of course is that I can control the playback and search etc via any device on my local network (be it a phone or computer, ipad, tablet – anywhere in the house). One thing that is nice is it’s simple interface, and it is fairly easy set up. But I also have a few concerns that I thought I’d mention hear.

Once you have burnt the roon audio image to your pi you just plug it in and start the device. You can access it via the url http://runeaudio.local/ or by working out the ip number (you might have to look at your router to find this).

This is very convenient but the issue is the product is not Password protected. So if your neighbour some how hacks your wireless network password, he or she could crank up your music system at 4 AM as a prank!

Another thing to consider is that the image has – uses a root super god user, and the password to that user is publicly available.  So after that neighbour cranks up your music they can ssh to the device with root privileges!

Also there is no basic user space (ie anyone on the network can control the server) although there is a hack that can be run via the htpasswd process within the web server . This allows you to hand code that functionality into the product.

This is not ideal for a basic user!

If you do install a roon audio server in your house – Do change the root ssh password, … NOW! See this link for more information on how to do that.

Also at the time of writing – wireless is not a secure medium,. I recommend a long wireless password that will take hours if not days to hack. As it is currently configured a roon audio server could be a nasty attack vector for a hacker. Changing the root ssh user password is a good start but the file system is rather open (see screen shot) and that could be problematic if not managed in a better way.
Rune via the finder
Unfortunately this is typical of may IOT style products – they need to take security as an important issue – an  initial configuration script could easily manage all of these faults and create a rounder better more secure product. So to sum up.

Ease of setup 8/10

User interface 8/10

Security 2/10

I’ll be keeping an eye on this product – If your not comfortable with the command line and security is important (it should be to everyone!)  it’s probably a good idea not to use this product just now – but if they get their act together around the security issues, I think it has the potential to be something that rivals some of the more expensive commercial products.

Happy new year and some update news!

Well happy new year and I hope that you have had a happy and safe holiday season! I’ve made a few minor changes to my sshfail project. For those of you who don’t know what that’s about have a look at this old post. In a nut shell it’s a script to generate a report that looks at the number of unsuccessful attempts to attack your machine if you have ssh enabled. It also creates a list of the ip address that generate this may hem and it’s darn educational.

My own experience is that the the machine fights back anything from 3 to 6 thousand attempts a day to hack it!  I’m making an assumption that the bigger sites – targets may be taking more flac than that. It’s sobering and sad that this is the state of the internet today. SO be careful out there and secure your machines.

Oh and the pic I’ve included – well stay tuned it’s an exciting arduino pi based project that I may let you all in on soon. But it’s secrete and in testing at the moment!

Hope you all have a most amazing 2018 and that you stay safe and happy.

Kind regards & have fun!

Steve Abrahall

PS for those of you who might like to run – play with the script hear is the source code.

if you have Git installed just cd to your home and run the following.

git clone




Write an iso to an external drive from Mac os X


A quick cheat!

Running an ios based installer from a hard drive, instead of from a usb can often be faster and is useful if you have a swag of machines to re image and esata is a lot faster than say usb V2. I’ve needed to do this a few times but I often spend far to much time looking for the information. So, Now I’ve written this little cheat!

First run this

diskutil list

This will give you a list of drives and the result will look a little like this

/dev/disk2 (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                                                   *80.0 GB    disk2

As you can see hear the disk attached I want to write to is /dev/disk2
The command to use is

sudo dd if=linuxmint-18.2-cinnamon-64bit.iso of=/dev/disk2 bs=1m

This will write the contents of the iso the the external drive

Break down of the command

dd if={path_to_iso_image} of/dev/{location of device you want this written to} bs=1m


Detail and old technology

I keep lots of note books, technical one’s and personal. Unfortunately like most people I’m not blessed with a photographic memory, but I can get rather methodical, and that’s useful.

Technical writing – this blogging thing is valuable. But I also like to write things in long hand and in pencil in note books! I know it sounds crazy, because these days we can google many if not most problems. But writing my own cheat sheets, (spells, as I call them ) can help a lot to jog the memory. Often it can be just as quick if not quicker than trying to find that page in google you forgot to book mark 3 years ago!

Not to mention that there is some evidence that a hand written approach to the problem solving process can have a number of positive side effects.

When I’m working on something technical my journal is close buy but I’ll also have the index open that I maintain in a spread sheet. The reason is that it’s a lot quicker to find things via the spread sheet. But I also have a hand written index that is good for if i’m off line or taking things slowly. We live in very fast times but it’s good on occasion to slow down a little, think and reap the benefits.







Sarah Jamie Lewis and “The Dark Web”!

I have spent the afternoon researching the work of Sarah Jamie Lewis. A very interesting person and among other things she used to work for GCHQ! The irony is that she is now an independent security researcher who is pro anonymity and privacy advocate.

She is also the author of an interesting product called onionscan, which is a tool that can be used for mapping the dark web.

This particular talk I found rather interesting

Sarah Jamie Lewis: OnionScan: Practical Deanonymization of Hidden Services

Among other things it gives rise to the fact that if you want security you should find your self a great Sys admin! Put simply a lot of sites on the “Dark Web” are not well configured and if you use such services you could be at risk.

She covers such topics as why you should be careful if you use apache as a dark web server. Why not to use a google analytics id (don’t use the same id for all your sites) and be aware that if your using it in the real world as well as the dark web this is a rather incriminating vector!

Other things discussed are exif metadata (from photographs for instance) that give away your geolocation, phone type etc!!

Most importantly though she mentions a lot of the good things that the dark web can be used for including, that a lot of the dark web is blog sites, forums that help drug users with regards catching addiction before it happens and harm reduction. Also that the dark web is used to monitor human rights abuses, and censorship data gathering.

She sums up buy proposing that peer to peer may be the future of creating secure communications due to the fact that the client server model is rather difficult to secure and anonymise. Some very interesting, important and thought provoking work. Her twitter feed is also an interesting read and rather humorous but probably NSFW!

Related links
Source for onionscan

Recent outage and snow flake servers!

This is a Wombat not a snow flake!

My server hasn’t been working too well over the last 24 hours due to it becoming a bit of a snow flake, that and the fact the the plumber always has leaky pipes! Not to mention that I was running a rather old version of Debian.

What’s a snow flake server you may ask? It’s what all system admins should avoid! It’s a server that does all sorts of things (often rather well) and as such is a precious little snow flake! The problem with this is that the server will not, or is not, easy to manage or update or improve due to lack of documentation, configuration issues, and / or as was my issue- software and hardware conflicts.

There are a number of ways to manage machine production and developer working environments. These include approaches such as blue green servers, machine imaging with products like puppet and Ansible. As well as a VM approach with products like Vagrant or a software container product like  Docker.

Whats also interesting is that with good old fashioned tools like password less key managed ssh access, and shell scripting you can control a lot of the process that the above products like to take claim for.

I’m going to think quite a bit about this snowflake problem some more in the coming weeks. I shall probably write more about how I, as someone with a “production server” and a number of other needs keeps all the ducks on the wall.  The end result is that I hope I can create a machine from scratch in a very short space of time. Or at least learn a few things.

Stay tuned!





Install howmanypeoplearearound on mac os X

howmanypeoplearearound  “calculates the number of people in the vicinity using the approximate number of smartphones as a proxy”

To do this on Mac os X first make sure that you have “brew” installed.

See the simple instructions / site hear

Your also going to need tshark the cli version of wireshark installed

brew install tshark

Also I found using python3 important as I was having dependency problems with the standard python install

Download and install python3 from hear


sudo pip3 install howmanypeoplearearound

now you can observe howmanypeoplearearound !

Typical usage

sudo howmanypeoplearearound -s 300 -o scan_big2.json -a en1

(Listens to network traffic for 5 minutes writes to the file scan_big2.json in json format using interface en1 (wireless card use ifconfig -a to check that yours is named in the same manner)


Nasty probing http traffic and how to block it!

Ubuntu CLI machine and pi


So I notice the ethernet light on my wee server popping away… I check out the logs and notice something attacking my server. Ah a rather stupid brut force hack attempt. Some automated piece of (Sh!T) digital pollution – Grrrrrrr!

There is nothing quite as satisfying as watching a log go quite after executing something like.



sudo iptables -A INPUT -s -j DROP

Simple and effective!