New home for Miscellaneous Tech Projects/Procedures
We'll see how these shakeout ... I suspect there will be some reorganization and categorization of topics (e.g. smarthome, privacy) as page develops. Notes on this page will likely be very random and may well be incomplete or a total mess!
Salvaged sub pages:
Acer Aspire One OS Alternatives - Notes from tests of various operating systems on AAO Netbook (2013-Present)
<More to come?>
Ghadzooks! STILL A WORK IN PROCESS - OpenWRT is a tad squirrely.
Attempt #3 below seems to be confused about which DNS to use on which interface!
------------------------------
Third time is the Charm! I had been running GREAT for a quite a while, but noticed something was originally set wrong as I attempted to more devices onto the new network. Needed to go back to retrace my steps AGAIN! Pay particular attention to the first prep-step in The Quickstart Guide: "Don't rush the installation, take your time. If something seems weird during installation, find answers first before continuing".
-----------------------------------------
Take 2: I had this all working (quite well!) ... THEN ... went in to create an isolated network for our IOT 'Things' and mucked it all up!
Starting from scratch *and* leaving some tracks for the next time I muck it up!
-----------------------------------------
**** Attempt 3 - This part works ****
Reset router: Held factory reset button for count of 35 (recessed blue on back of EA6350)
Ethernet cable from PC to LAN port on EA6350 (used LAN port 1)
surf (http) into 192.168.1.1
Sign on as root / no password
Initial screen will guide to set Router Password
Set root password and logout/login to dismiss password reminder and double check
ssh in (root@192.168.1.1, w/ new pw) and double-check kernsize (from https://openwrt.org/toh/linksys/ea6350_v3#installation_of_2305_or_newer)
fw_printenv | grep kernsize
Should be: kernsize=500000
***** The next part May STILL needs work *****
Now ... [CAREFULLY] Sing-a-long w/ https://openwrt.org/docs/guide-quick-start/start
Enable WiFi Access point via GUI - Network-> Wireless
Modify both (AC & N) "OpenWRT" SSID's for our network ... REMEMBER TO SAVE
Device Configuration (top) -> Advanced Setup tab: Set Country Code
Interface Configuration (bottom)
General Setup tab: Mode should be "Access Point', Set ESSID for local net
Wireless Security tab: Set Encryption and key
SAVE & APPLY ... then enable both WiFi Devices.
// router should now be accessible via WiFi (if that helps with config) //
System Screen: set Hostname and timezone
Network->Interfaces: LAN: Set subnet, IP address and DHCP start/end
Network->Interfaces: WAN : Set static IP address, gateway and netmask
APPLY AND KEEP CHANGES (little confusing when changing IP/subnet of router)
For our world, add an isolated 'EasyReader' guest-like AP that uses Pi-Hole DNS (No advertisements while surfing)
(Fingers crossed & following along with https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guestwifi_dumbap)
Create new (empty bridge) device: Network->Interfaces, Device tab then press "Add device configuration" button
Device type = Bridge device
Device name = br-guest
check "Bring up Empty Bridge" checkbox
SAVE
Interfaces tab, press "Add new Interface" button
Name = guest
Protocol = Static address
Device = br-guest
CREATE INTERFACE
on subsequent Interfaces->guest screen
General Setting tab:
Check "Bring up on boot" Checkbox
Set IPv4 Address/mask = base of guest subnet (different than main LAN) - e.g. 192.168.3.1/255.255.255.0
Advanced Settings Tab:
Use custom DNS Server = <IP address of PI-Hole Server>
DHCP Server Tab:
Press Setup DHCP Server Button
General Setup Tab: Set Start IP address, Limit and Lease time
SAVE (button)
Interfaces page: Find LAN interface and press "Edit"
Make sure that "Standard Gateway" is set and correct - upstream gateway (WAN)
Force LAN to normal DNS - Quad 9 in our world (9.9.9.9/149.112.112.112)
(to make sure that clients on the LAN are not forced to use PI-Hole ... long story)
Interfaces page: Edit guest interface to add Firewall zone name for new Interface
Interfaces->guest: Firewall Setting Tab
Create / Assign firewall zone Dropdown -> add "guest" (enter to create)
SAVE button
SAVE & Apply Button
Network-> Firewall to create the new firewall zone & traffic rules
Edit guest firewall zone
General Settings Tab:
Name = guest
input = reject
output = accept
forward = reject
Allow forward to Destination: LAN zone
SAVE & Apply
Traffic Rules Tab: ADD (button) 3 rules for guest zone:
1) Name=Guest_DHCP,
Prot=UDP, Source Zone=guest, Dest zone=Device(input), Dest port=67-68, Action=accept
2) Name=Guest_DNS,
Prot=TCP&UDP, Source zone=guest, Dest zone=Device(input), Dest port=53, Action=accept
3) Name=Block_Guest_from_LAN,
Prot=Any, Source zone=guest, Dest zone=LAN, Dest address=<LAN IP x.x.x.0/24), Action=reject
Network->Wireless to add 'guest' wifi (80211ac/n Add button in our world)
General Setup Tab
Interface Configuration section:
Mode=Access Point
ESSID=NoAdNet
Network=guest
Wireless Security tab:
Remember to set encryption and passkey for new SSID
/// Wow, not for the faint of heart!!!, twoudn't be any easier via cmdline!! ///
****************
***********************
Initial Boot (or after factory reset - the button works on OpenWRT!)
Via Ethernet: surf (http) into 192.168.1.1
Sign on as root, no password
Initial screen will guide to set Router Password
ssh in (root@192.168.1.1, w/ new pw) and double-check kernsize (from https://openwrt.org/toh/linksys/ea6350_v3#installation_of_2305_or_newer)
fw_printenv | grep kernsize
Should be: kernsize=500000
VERY quickstart for our net:
System Screen: Hostname and timezone
Network->Interfaces: LAN: Set subnet, IP address and DHCP
Network->Wireless: Mod OpenWRT (AC, radio1.network1), set SSID, PW and security. ENABLE too
Network->Interfaces: WAN : Set static IP address, gateway and netmask
Now that Classic Google Sites have finally disappeared it seemed like a good time to do some cleanup: search engines, web analytics and such ...
Some breadcrumbs & notes in case I ever need to do something like this again:
Remove dead DNS Host records: Our sites were registered via Google and maintained in eNom.
DNS administration is via Google Workspace Admin @ admin.google.com.
Navigate via Account/Domains/Manage Domains, then click on "View Details" action.
Popup offers "Advanced DNS settings", which will ultimately take you to the eNom DNS Domain Management Console.
On eNom: simply remove (space-out) hostname and address and press "save" button.
// More info @ https://access.enom.com/help/host_faq.aspx //
Remove dead/unused sites from Google search: Via Google Search Console @ https://search.google.com/search-console/welcome
// Played with "Removals" in left nav menu. Evidently temporary and didn't seem to do the job - see https://support.google.com/webmasters/answer/9689846 //
Select the Web Property in Search bar
Click on "Settings" in left menu (Gear). You may need to scroll down to see "settings"
Scroll to bottom of Settings Response and Click on "Remove Property"
Remove dead sites from Google Analytics (a total mess due to migration from UA to GA4): Article @ https://support.google.com/analytics/answer/1042032.
This one takes some patience (VERY squirrelly user interface!). Click Admin, then in Property Column select Property Settings and press "Move to Trash Can" button (upper right). Repeat for other website properties via pull-down under header of Property Column
See below, I simply stopped using GA and deleted account ... couldn't figure out GA4 anyhoo!
Check for/remove sites from other web analytics: I found an old Statcounter.com project going for one of the sites. Quite possible that others have been playing with simple alternatives to GA4
Remove dead/unused sites from Bing search: Via Bing Webmaster Tools. Select site in left panel and 'remove' via three dots to right -> "Remove Site"
There is also a Content Removal Tool @ https://www.bing.com/webmasters/tools/contentremoval
<Done?>
During cleanup from final shutdown of Classic Google Sites I was stumbling thru Google Analytics aftermath and decided to simply stop using the thing! Google Analytics 4 (GA4) has really been more frustrating than useful and I'm really not wild about the concept of internet tracking. Search engine statistics are will do the job if I'm ever curious ... Google Search Console, Bing Webmaster Tools, etc
Here are the steps used to stop using Google Analytics on our Google Sites:
Log in to Analytics.google.com. You should see dashboard/home screen
Click the "Gear" icon in lower left to access Administration functions
From https://support.google.com/analytics/answer/9304776: Click on Account Details, then press the "Move to Trashcan" button - this deletes the account and ALL properties. You can also delete properties one by one, but the process was pretty tedious and frustrating ... I went all-in and deleted the entire Analytics Account
Log in to Google Sites via https://sites.google.com/new and turn off Analytics. Be careful, change appears to be immediate (not undo-able) with no need to re-publish the site (I lost a tracking ID or two while playing with the dialog).
Steps: Open each published site ... and ...
Click on "Gear" to bring up settings page
Select Analytics in sidebar and Disable analytics (slider control). This also removes tracking/measurement IDs
Site Analytics are turned off as soon as you exit the Setting dialog (notification @ bottom of screen)
3. Clean up website disclaimers or warnings about use of Google Analytics in Privacy Policies and such.
[ToDo] - Check on cookies after all of this. Looks like 2 of them left (unavoidable?) - "CONSENT" and "NID"
A little adventure getting OpenVAS (Vulnerability Analysis tool) working. Originally thought I had it running on my AAO netbook but it was too slow/weak. Retracing my steps here on a bigger/faster x86 machine just to to see if it really runs .... It Does Run!
Background: It LOOKED like Greenbone/OpenVAS was pre-installed on the Parrot HTB Edition but apparently not quite right ... here are notes from attempts to get it working.
Step by Step
Greenbone/OpenVAS appears to be installed w/ Parrot menu items for most of the GVM setup and admin. Just a few tweaks to get it all working. This should be the quick step-by-step on a new install of ParrotOS (If interested, see below for my original debug.)
update/upgrade
sudo apt update
sudo apt upgrade
<reboot-a-roooo - just to get the witches out>
Run gvm-setup .... via GUI: Applications->Pentesting-Vulnuerability Analysis->Openvas Greenbone->GVM Setup
// VERY long run and verbose - make SURE you record admin password! //
Final output (make note admin password!!):
[+] GVM feeds updated
[*] Checking Default scanner
[*] Modifying Default Scanner
Scanner modified.
[+] Done
[*] Please note the password for the admin user
[*] User created with password 'xxxxxxxx-yyyy-zzzz-yyyy-xxxxxxxx'.
[>] You can now run gvm-check-setup to make sure everything is correctly configured
IF you run gvm-check-setup as suggested, it will probably fail in step 1 and tell you that it is missing the scanner ... something like this:
Step 1: Checking OpenVAS (Scanner)...
ERROR: No OpenVAS Scanner found.
FIX: Please install OpenVAS Scanner.
It wasn't really missing ... just looking in the wrong place (see #3 in stumble notes below). Copy a couple files from "/usr/lib64/" to "/usr/lib/" to fx this, specifically:
sudo cp /usr/lib64/libopenvas_nasl.so.21 /usr/lib/.
sudo cp /usr/lib64/libopenvas_misc.so.21 /usr/lib/.
one more fix before running check-setup again ... permissions on openvas.log file are probably wrong (see #7 below). Fix as follows:
sudo chown _gvm /var/log/gvm/openvas.log
gvm-check-setup should NOW WORK! (or Applications->Pentesting-Vulnuerability Analysis->Openvas Greenbone->GVM Check Setup)
chown _gvm /var/log/gvm/openvas.log
Stop/Started the GVM service and you SHOULD be able to access Greenbone login screen locally via https://127.0.0.1:9392
// remember httpS! it IS NOT listening on 80 //
Edit Service to permit access from other devices on the net (initially restricted to localhost)
sudo systemctl stop gsad.service
sudo systemctl disable gsad.service
edit /usr/lib/systemd/system/greenbone-security-assistant.service (which appears to be the same as /user/lib/systemd/system/gsad.service)
Changed the execstart line to look like this (it was 127.0.0.1)
ExecStart=/usr/sbin/gsad --listen 0.0.0.0 --port 9392
Bring it all back up
sudo systemctl enable gsad.service
sudo systemctl daemon-reload
sudo systemctl start gsad.service
Note: My system periodically displays timeout when starting gsad.service ... BUT ... all seems OK! It must simply be slow ...
Job for gsad.service failed because a timeout was exceeded
See "systemctl status gsad.service" and "journalctl -xeu gsad.service" for details.
That should do it ...
***********************************************
Original Stumble-by-Stumble (prob a mess)
Notes from initial attempt to get it working ... useful or not?
via terminal or ssh:
Run gvm-setup .... VERY verbose, I should have piped the output to see if there were any errors. But just relied on check-setup in between steps ....
sudo gvm-setup
Final output (make note admin password!!):
[+] GVM feeds updated
[*] Checking Default scanner
[*] Modifying Default Scanner
Scanner modified.
[+] Done
[*] Please note the password for the admin user
[*] User created with password 'xxxxxxxx-yyyy-zzzz-yyyy-xxxxxxxx'.
[>] You can now run gvm-check-setup to make sure everything is correctly configured
Run gvm-check-setup .. for the first time!!
sudo gvm-check-setup
... and the answer IS ...
gvm-check-setup 21.4.3
Test completeness and readiness of GVM-21.4.3
Step 1: Checking OpenVAS (Scanner)...
ERROR: No OpenVAS Scanner found.
FIX: Please install OpenVAS Scanner.
ERROR: Your GVM-21.4.3 installation is not yet complete!
Please follow the instructions marked with FIX above and run this script again.
According to /tmp/gvm-check-setup.log: It appears to THINK we are missing openvas libraries "libopenvas_nasl.so.21" and "libopenvas_misc.so.21".
Some sort of libpath or build bug?
Fix (?): I copied both files from "/usr/lib64/" to "/usr/lib/" ... to make it past this step
sudo cp /usr/lib64/libopenvas_nasl.so.21 /usr/lib/.
sudo cp /usr/lib64/libopenvas_misc.so.21 /usr/lib/.
Re-Run gvm-check-setup ... Attempt #2:
sudo gvm-check-setup
... Getting closer! ...
gvm-check-setup 21.4.33
Test completeness and readiness of GVM-21.4.3
Step 1: Checking OpenVAS (Scanner)...
OK: OpenVAS Scanner is present in version 21.4.4.
OK: Server CA Certificate is present as /var/lib/gvm/CA/servercert.pem.
Checking permissions of /var/lib/openvas/gnupg/*
OK: _gvm owns all files in /var/lib/openvas/gnupg
OK: redis-server is present.
OK: scanner (db_address setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock
OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock.
OK: redis-server configuration is OK and redis-server is running.
OK: _gvm owns all files in /var/lib/openvas/plugins
OK: NVT collection in /var/lib/openvas/plugins contains 115774 NVTs.
Checking that the obsolete redis database has been removed
OK: No old Redis DB
OK: ospd-OpenVAS is present in version 21.4.4.
Step 2: Checking GVMD Manager ...
OK: GVM Manager (gvmd) is present in version 21.4.5.
Step 3: Checking Certificates ...
OK: GVM client certificate is valid and present as /var/lib/gvm/CA/clientcert.pem.
OK: Your GVM certificate infrastructure passed validation.
Step 4: Checking data ...
OK: SCAP data found in /var/lib/gvm/scap-data.
OK: CERT data found in /var/lib/gvm/cert-data.
Step 5: Checking Postgresql DB and user ...
OK: Postgresql version and default port are OK.
gvmd | _gvm | UTF8 | C.UTF-8 | C.UTF-8 |
OK: At least one user exists.
Step 6: Checking Greenbone Security Assistant (GSA) ...
Oops, secure memory pool already initialized
OK: Greenbone Security Assistant is present in version 21.4.4.
Step 7: Checking if GVM services are up and running ...
Starting ospd-openvas service
the control process exited with error code.
See "systemctl status ospd-openvas.service" and "journalctl -xeu ospd-openvas.service" for details.
Waiting for ospd-openvas service
ERROR: ospd-openvas service did not start.
Please check journalctl -xe
journalctl -xe says:
Sep 28 03:15:41 parrot openvas[2635]: init_openvas: Can not open or create log file or directory. Please check permissions of log files listed in /et>
Sep 28 03:15:47 parrot openvas[2636]: init_openvas: Can not open or create log file or directory. Please check permissions of log files listed in /et>
Sep 28 03:15:52 parrot systemd[1]: ospd-openvas.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit ospd-openvas.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Sep 28 03:15:52 parrot systemd[1]: ospd-openvas.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit ospd-openvas.service has entered the 'failed' state with result 'exit-code'.
Sep 28 03:15:52 parrot systemd[1]: Failed to start ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas).
░░ Subject: A start job for unit ospd-openvas.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit ospd-openvas.service has finished with a failure.
░░
░░ The job identifier is 3151 and the job result is failed.
Sep 28 03:16:19 parrot sudo[2640]: tped : TTY=pts/1 ; PWD=/home/tped ; USER=root ; COMMAND=/usr/bin/journalctl -xe
Sep 28 03:16:19 parrot sudo[2640]: pam_unix(sudo:session): session opened for user root(uid=0) by tped(uid=1000)
Crap! I forgot .... lets update/upgrade Parrot before I dig my grave any deeper
sudo apt update; sudo apt upgrade
Re-Run check-setup .... no change. Step 7 failed running ospd-openvas.service
systemctl status ospd-openvas.service says that it is down/disabled .... no surprise!
journalctl -xeu ospd-openvas.service was much more helpful:
"init_openvas: Can not open or create log file or directory. Please check permissions of log files"
/etc/gvm/ospd-openvas.conf claims log_file is /var/log/gvm/ospd-openvas.log, which is owned by root!
Fix (?): Hmmm?! Everything else is owned by _gvm user ... let's set openvas.log the same:
chown _gvm /var/log/gvm/openvas.log
Re-Run gvm-check-setup ... Attempt #4:
sudo gvm-check-setup
... I THINK we got it! Made it through Step 7 AND 8 ...
Step 7: Checking if GVM services are up and running ...
OK: ospd-openvas service is active.
Starting gvmd service
Waiting for gvmd service
OK: gvmd service is active.
Starting gsad service
Waiting for gsad service
OK: gsad service is active.
Step 8: Checking few other requirements...
OK: nmap is present in version 21.4.4.
OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.
WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work.
SUGGEST: Install nsis.
OK: SELinux is disabled.
OK: xsltproc found.
WARNING: Your password policy is empty.
SUGGEST: Edit the /etc/gvm/pwpolicy.conf file to set a password policy.
It seems like your GVM-21.4.3 installation is OK.
Stop/Started the GVM service and POOF! I could access Greenbone login screen locally via https://127.0.0.1:9392
Many opinions on this one, but to enable LAN access to the Greenbone Web UI I simply edited the gsad service. It is runs with a "--listen" parameter.
Step by step ... right-or-wrong
sudo systemctl stop gsad.service
sudo systemctl disable gsad.service
edit /usr/lib/systemd/system/greenbone-security-assistant.service (which appears to be the same as /user/lib/systemd/system/gsad.service)
Changed the execstart line to look like this (it was 127.0.0.1)
ExecStart=/usr/sbin/gsad --listen 0.0.0.0 --port 9392
Bring it all back up
sudo systemctl enable gsad.service
sudo systemctl daemon-reload
sudo systemctl start gsad.service
sudo gvm-feed-update
... I think it was required, UI was constantly showing 'updating' on feed status. Once feed-update was done, it was good to go!
**********************
SAVE THIS ... it happened on the AAO but NOT this time around .... not sure what changed, but was a dickens to fix
Re-Run Check Setup AGAIN AGAIN .... Yikes! Same thing. This is NUTS!
"ERROR: redis-server is not running or not listening on socket: /var/run/redis-openvas/redis-server.sock"
It IS Running but there is no such thing as /var/run/redis-openvas directory say nothing of redis-server.sock
There appear to be TWO versions of redis.conf in /etc/redis ...
the current Service uses redis.conf, but there is also a redis-openvas.conf.
No sign of 'socket' in redis.conf (but more comments than I've ever seen!)
Something strange with permissions on rdis stuff ... per my buddy chatgpt I'll set:
sudo chmod 755 /etc/redis
sudo chmod 644 /etc/redis/redis-openvas.conf
sudo systemctl disable redis-server.service
sudo systemctl daemon-reload
sudo systemctl enable redis-server.service
sudo systemctl start redis-server.service
gvm check set up AGAIN AGAIN AGAIN! Hey! made it through redis socket crap!
Building a NLP Python Development Environment: Attempting to get the same world on Macbook AND Raspberry Pi. Probably just a bookmark collection for now:
SpaCy on my Pi and Mac?
Virtual Environments: Everybody seems to be doing it!
Python venv: how to create/activate/deactivate/delete @ https://python.land/virtual-environments/virtualenv
Intro/benefits @ https://kyletk.com/index.php/2017/10/28/python-benefits-using-virtual-environment/
The Right & Wrong way to install Python @ https://opensource.com/article/19/5/python-3-default-mac
Lightweight/Simple IDE that runs on Mac and RPI
Geany for now (been there/done that). More @ https://www.geany.org/
https://stackoverflow.com/questions/42013705/using-geany-with-python-virtual-environment
Homebridge Tweak: Adding Cameras to Apple Homekit world to integrate into IOS Home app and to see how they may fit into home automation. The following uses older/cheap WiFi cameras that were previously interfaced using their own apps. Not too difficult, here are a few notes and links from the activity.
Camera Plugins: Gadzooks! There were 20 options when searching for Homebridge plugin @ https://www.npmjs.com/search?q=keywords%3Ahomebridge%20camera. Settled on Homebridge Camera FFmpeg, it seems to works fine. Installed plugin via Homebridge Config UI X . Some camera naming oddities but plugin seems to do fine with multiple cameras.
Interface strings for cameras: There is a large database of working/tested configurations on GitHub, will submit our working configs to the DB if everything seems solid. There is also a handy-looking RTSP directory @ https://security.world/rtsp/.
Other useful links:
Bottom-line: Cameras work but of marginal utility, will play with adding MotionEye to our HomePi world to incorporate into home automation.
We will see how this all works out: Samsung/Smartthings sent an email offer to get an Aeotec hub for $35. Appears that ST is getting out of the hardware biz? Anyhoo, our ST hub is pretty old, v1 from 2014 or ..... so .... I bought the new hub. Will attempt to keep ST devices going for a few more years - looks easier than making a zigbee/z-wave gizmo out of a Raspberry Pi! This chatter may become a page of its own ...
Objective: Migrate ST V1 home hub and devices to Aeotec
Notes/Research
Aeotech Smartthings area - https://aeotec.com/smartthings/
Aeotech Smart Home Hub Setup - https://aeotec.freshdesk.com/support/solutions/articles/6000240326
AND ... The kick in the pants to get this going: Our SmartThings Hub (2013) will stop working on June 30, 2021!
ST Forums @ community.smartthings.com (Note: ST is, indeed, a POS - it always has been. This forum is fun, lots of whining)
Migrating to Aeotec - https://community.smartthings.com/t/migrating-to-aeotec/211876
New Hub - https://community.smartthings.com/t/anyone-order-a-new-st-hub-from-the-smartest-house/222386
Official Update Regarding Hardware - https://community.smartthings.com/t/an-update-regarding-our-hardware/208259
Step by Step (apparently no migration tool for ST Hub V1 to Aeotech .... soooo hereeeee weeee goooo)
Inventory: In our case, we have Smartthings AND Homebridge (see homepi project). We use ST for some automation & remote access. but native homekit (Apple Ios) around the house ... e.g. - "Hey Siri, turn on the light"
The Smartthings Mobile App has always been total junk ... no config print or download/restore. I guess we make record (by hand) of config
I snapped a iPad screenshot of the stuff in the menu bar - this will be a MAJOR prob for large configurations:
Rooms, Devices, Scenes, Automations, SmartApps & mainscreen to show which devices were in which rooms! Yeeesh!
Main Screen to show which devices were in which rooms!
Via the ST Developer Site (https://graph.api.smartthings.com/) ...
Created a spreadsheet (copy/paste) of Smartthings stuff My Devices and My SmartApps
Simplify: In our case (destined for apple homekit), reduce the number of devices that are directly controlled by ST hub.
Some Hue Bulbs were paired directly with the ST hub, these were reset and moved back to the Hue hub where they belonged!
Smartthings is a friggin rats-nest! We moved EVERY device that we could AND automations to homekit.
Luckily, we had our HomePi: Homebridge running on a Raspberry Pi
Connect all non-compliant devices to homebridge.io
Hue v1 hub: https://github.com/ebaauw/homebridge-hue#readme
Turn new Smartthings hub into a simple zigbee & z-wave hub/controller:
https://github.com/tonesto7/homebridge-smartthings#readme
Reset any Homekit Compliant devices and connect directly to Home app
In our case - isolated IoT subnet - it was important to have ios device connected to target WiFi network
Apple Accessory info @ https://support.apple.com/en-us/HT204893
WiFi devices: I found "Set up New Device" in Settings/Wi-Fi an easy route for WiFi-only devices
Resubnet: Yeeesh! HomePod pretty much requires iOS devices on the same subnet as HomePod and all those creepy IoT thingies!
Managed to keep our main systems w/ data isolated - Mac's, PC's, Linux & MIPi, of course
Had to move HomePi to 'Things' subnet
Background: YouTube Add-on on Kodi stopped working in past year or so. I simply stopped using it on my parent's MoviePi. Created another MoviePi for our house and YouTube seemed to work fine ... FOR A WHILE. I'll be back to figure this out and clean this up
I fugured this out a while ago - step-by-step is in MoviePi Recipe
Notes/Research
This guide walked me thru Google API Key - https://www.videoconverterfactory.com/kodi/youtube-api-key.html
More on YouTube Add-On here - https://koditips.com/setup-use-youtube-kodi-addon/
Web Interface - https://www.comparitech.com/kodi/kodi-web-interface/
Another cleanup item
The Problem: One of our LIFX (wifi) bulbs appears to have paired with Smarttings AND Homekit. Shows up twice in home app.
This was easily fixed when I moved from the Smartthing Hub to Aerotec - THERE WAS NO MIGRATION TOOL! I simply reset the LIFX bulbs and now use native HomeKit (Apple), never moved them back to Smartthings! See below ... we now now using Smarthings for as little as possible ... in our home, only to control original Smartthings devices (Centralite Zigbee) or Z-Wave.
Factory Reset article here - https://support.lifx.com/hardware-resetting-your-lifx-ryXKbdiLO
The Big Issue: Our "Smarthome" is getting outdated. Hubs and devices purchased during the dawn of IoT are slowly being dropped from support
Little Issue: We have a lone v1 Hue Light bulb that was paired directly to a v1 Smartthings hub. I needed to factory reset it and move to the Hue Hub in an attempt to get a few more years out of it. Here's my How-to-collection and hopefully a procedure that works
Circa 2017 (some broken links):
From smartthings forum: https://community.smartthings.com/t/hue-bulb-factory-reset-solved-if-your-hue-bulb-is-on-a-zll-channel/84967,
http://thingsthataresmart.wiki/index.php?title=How_to_Reset_Philips_Hue_Bulbs
Using Bulb Serial number and Hue App - MUCH Easier! https://www.howtogeek.com/247801/how-to-troubleshoot-your-philips-hue-lights/
This last one worked! Simple! Bulb operates fine via Hue app so I deleted the ST bulb! Too Easy!
In Hue App: Room Setup, add bulb to desired room - sos you can see it!
in Smartthings App: Delete the old/original bulb. It will still show in app after the move, but ST can't control it
Easier than the last time I tried this ... BUT ...
ST "Smart Lighting" app is now gooffed upped! When I try to adjust ANY Automations in the Smart Lighting App - I see "Something Went wrong. Please try to reinstall the SmartApp again" ... which is a pain in the arse because we have all sorts of complicated lighting automations that were really hard to define on the stupid ST app in the first place.
Ack! Rebooted the hub, reset all IOS ST apps, still the same ... will have to hand-record all automations and delete, re-add the "Smart Lighting App"(This is going to turn out bad, I just know it!) . The topic is on fire on the ST support board @ https://community.smartthings.com/t/help-smart-lighting-app-issue-with-error-something-went-wrong-please-try-to-install-the-smartapp-again. I put a watch on it and filled my email inbox!
I basically recreated all of the Smart Lighting App rules using the 'Automations' feature on the new ST app. Really wasn't that bad to do. I'll bet the ST folk are trying to get others to use this feature and get rid of the smart apps. They should just say something on the forum!
This stuff goes back to approx 2008 when I got creeped out by the Creepiness factor .... how did we get here
Link Collection for now ... will be weeding thru these ...
Going-going ... Privacy stuff from old Ventures site
IoT Security & Privacy Resources (thru 2019) @ https://web.archive.org/web/20230128135623/http://ventures.tpedersen.net/errata/iotsecurity
Online Privacy Check up (thru 2018) @ https://web.archive.org/web/20230402122508/http://ventures.tpedersen.net/projects/online-privacy-checkup
Jan 28 is Data Privacy Day (thru 2017) @ https://web.archive.org/web/20230531191054/http://ventures.tpedersen.net/projects/dataprivacyday2015-passtheword
Online Privacy 3-Step (2013) @ https://web.archive.org/web/20230531182810/http://ventures.tpedersen.net/projects/onlineprivacy3-step
Privacy Primer (2012) @ https://web.archive.org/web/20230531193048/http://ventures.tpedersen.net/projects/privacyprimer
Privacy on the Web: Is it a Losing Battle? @ https://knowledge.wharton.upenn.edu/podcast/knowledge-at-wharton-podcast/privacy-on-the-web-is-it-a-losing-battle/
Politics & Campaigns