Day 441 of self-isolation - Coworth Park

Coworth Park

We were there for two days, very enjoyable. All the staff were wearing masks. I spent most of the weekend close to the K5 that you can see in this picture.

 

Thanks to Silverspoon London for this picture.

Day 440 of self-isolation - The Great Mask Cock-up

The Great Mask Cock-up

15 months ago, we were being told that masks are useless against the virus.

Now we're being told that masking slows the spread of the virus.

What changed?

Nothing changed. It was a cock-up.

For me, it was always clear. Covid is at least partly (and more like, almost wholly) an airborne disease. It is a respiratory disease. We always knew that it attacks the lungs and bronchial tube. Yes, hand washing is a good idea, and has no downsides, but Covid spreads mostly through the air.

My blog in May 2020 reported a scientific experiment, using hamsters, that showed that masking reduced R0 by so much that the virus would peter out. And that people who did get infected, would be less likely to hospitalise or die.

I'm not a medical expert. This study was available to everyone. Fox News picked it up, and in May 2020, were strongly in favour of masks.

Everyone knows that surgeons and nurses wear masks to reduce infection. Everyone knows that in the Far East, people who have even a cold, wear a mask. Everyone knows that coughs and sneezes spread diseases.

Yet we were being told "Don't mask". We were being told that it's useless, we were even being told that it could increase your chances of getting Covid. The official excuse was that they were trying to preserve the limited stocks of N95 masks for healthcare workers. But that doesn't wash - it's easy to make a cloth mask, and paper masks were readily available. No, our oven-ready government (and that in the USA) was advising against masking, because reasons. Maybe they should have been honest, if lack of N95 masks was the issue.

And now, of course, we have a substantial section of the population who don't mask because why would they believe the current line? 

OK, "the science" changes when new data become available. But in this case, "the science" didn't change, only the politicians. Trump has been strongly anti-mask, and suggested that wearing a mask signalled that you didn't like Trump.

In March 2020, 10 countries had policies recommending face covering. By July, that was 130, but by that time, the first wave was over.

So, imagine this.

Suppose, instead of crashing the economy, governments has recommended masking. Or even mandated masking. If most people had complied with this (and why wouldn't they?) then the economy could have been maintained, with fewer people hospitalised or dead.

This was the Great Mask Cock-up, and has probably has effects that are even worse than delays in going into lockdown, or in travel restrictions.

 

Day 439 of self-isolation - Coworth Park

Coworth Park

Today, we go to Coworth Park, for a jolly with the family. Things are getting back to normal!

Day 438 of self-isolation - Increasing cases

Increasing cases

Two worrying tendencies.

1. The number of new cases yesterday was 3542, which is a lot more than the 2500-odd we've been seeing

2. The Indian variant is 75% of new cases.

How did the Indian variant get a hold so quickly? There's two reasons. The first is that it's more infectious than the Kent variant, which is itself more infectious than the original virus. There's nothing we could have done about that. But the second reason, is the reaction of our oven-ready government.

When it became clear that the Indian variant was an issue, the government did nothing. Because they were trying to get a trade deal with India, they didn't shut down travel from there. So, yet another dividend from Brexit.

Do the current vaccines protect against the India variant? We're being told that it does, but given the steady stream of lies from our world-beating government, I'm not yet convinced. Given that most UK citizens are vaccinated, how come the India variant is spreading so fast?

Incompetence, lies and cover-ups. Blunders, bloopers and boo-boos. I see no reason why we would suddenly see a competent government, and can only console myself with the thought that Useless Corbyn would have been worse.

Covid restrictions are set to end on June 21, but will they? We'll keep an eye on the figures.

 

Day 437 of self-isolation - 14-11

14-11

And anyone 30 or over, can get vaccinated.

Dominic Cummings says that our government was totally incompetent throughout the whole Covid mess. I've blogged several times on this. They were running around like panicked politicians, spraying money in all directions (mostly to their cronies) buying useless systems and not taking the whole thing as seriously as it deserved..

But one thing was new to me - according to Cummings, Boris suggested that he get himself injected with Covid-19 virus live on TV, to show how unimportant this pandemic was. If he'd gone through with that, it would probably have killed him - remember that he was in intensive care when he picked up a much lighter load of virus.

And we can speculate that with Boris dead of Covid, the reshuffled government would have taken Covid a lot more seriously, a lot earlier, both in the March-May wave and in the October-March wave. Far fewer people would have died. The sacrifice of Boris would have been a good trade.

Day 436 of self-isolation - 14-12

14-12

 And another one bites the dust.

Day 435 of self-isolation - Ghost busted

Ghost busted

I found why the server vick0 was crashing. It wasn't the motherboard, or the memory, or the CPU, or the power supply.

One of the tasks of vick0, is to run a large (3tb) hard drive for backups. And each time I swapped anything out, I kept that large drive connected. Because an attached drive can't possibly be causing crashes.

But it was.

Now I've swapped out that hard drive, and it's sitting on the desk in front of me while I load up the replacement drive.

 

Day 434 of self-isolation - Vick0 problems

Vick0 problems

I have a server called vick0, and it's been crashing every few days. So I decided to fix it.

First, I did a memory test, which it passed. 

Then I changed the power supply, which led to it crashing more.

So I changed the motherboard, which led to more crashes.

And then I changed the CPU. More crashes.

So at that point, I had changed everything except the hard disk. So I disconnected the hard disk. Still crashing.

Then I swapped out the memory. Still crashing.

Which means that I'd changed everything. This was a whole new computer, giving the same problem I started with.

Is this server haunted?

 

Day 433 of self-isolation - Can't pay

Can't pay

I tried to pay for our excursion to London. The Congestion Charge web site is down.

 

Day 432 of self-isolation - London Excursion

London Excursion

Today, we're going on a trip to London. Ladysolly has to have something done to her hair, in preparation of something else to be done to her hair. I think her hair looks fine, but she's keen to have something done. I'll wait outside while the thing is done, and then ...

Then we make a Visitation to daughter.1 and .2, and a small assortment of grandsons.

This is our first trip since 14 months ago, so we're very excited about it.

And we come bearing presents!

 

Day 431 of self-isolation - Paypal - not scam

Paypal - not scam

So, it turns out that the email that Paypal told me was a scam and I should ignore - was not a scam.

It turns out that, contrary to them saying "The email address mx1.slc.paypal.com is not from PayPal." the latest email came from mx1.slc.paypal.com and really was from Paypal.

They said "The email address that we are using in sending emails or notifications are service@paypal.com or service@paypal.co.uk alone nothing more nothing less." The "From: " does say that, but we al know that this is easily forged. The important thing is the header, which says which server the email really did come from, and that is mx1.slc.paypal.com

 I have two email addresses on record with Paypal. The first "scam" email was sent to my first address, the second one to my secondary address.

So how do I now that this latest email was really from Paypal (and that the first one was also)? Because when I went to Paypal (not by clicking on the email, obviously), there was indeed an "account notification", and they did indeed want a few additional details, which I've given them.

So it's no wonder that first email looked so realistic. It's because it really did come from Paypal, but Paypal were too incompetent to know that they send emails from
mx1.slc.paypal.com, and were too incompetent to be able to see that the email had indeed come from Paypal when they checked their records.

This has been a problem for a long time. For MANY years, there have been obvious holes in the security of banks and financial organisations. The problem boils down to this - they prioritise convenience over security, and prefer fake security to real security.

 

Day 430 of self-isolation - 70% jabbed

70% jabbed

Seventy percent of all adults in the UK, have had at least one vaccination. And vaccination is still going as fast as it can be delivered. We're now in a race between vaccinations and the India variant, and I think we're winning. The evidence that we're winning, is the very low hospital occupancy of Covid patients, and the fact that we had only three Covid deaths on Tuesday.

Day 429 of self-isolation - The Amazon Prime scam

The Amazon Prime scam

First, let me make it clear that this doesn't come from Amazon. It's scammers using their name

It starts off with a phone call (a robot call) telling me that I'm signed up to Amazon Prime for a year, and if I want to cancel and get my £79.99 back, I should press 1.

This is plausible, because Amazon make it very easy to mistakenly sign up for Prime. I've had to cancel it twice, and cancelling isn't easy.

So then they talked me through downloading and installing AnyDesk, a product that allows other people to take over and use your computer. So, at that point, I invented the fiction that the computer was in a different room from the phone, which gave them the reason why it took a minute or two between each thing they told me to do, and me telling them I've done it.

Why? Because while they're wasting time talking to me, they aren't scamming someone else.

So we went through that three times; each time the software wouldn't run (I lied), before the guy I was talking to passed me on to guy-2. Guy-2 talked me through installing Awesun, another remote access enabler. Same problem. Won't install.

I feel no compunction in lying to people who are lying to me in order to scam me.

At that point, they gave up on the attempts to install software, and concentrated on getting money. And I was transferred to guy-3. They asked me for my bank details. So I gave them a made-up credit card number. I guess they tried to bill it, because they said it didn't work. So I gave them the number again. It didn't work again. So they asked me to give them the number slowly, so I gave it to them one digit at a time. It still didn't work.

I offered to call my bank. They thought that wasn't necessary, and could I give them my bank details from a recent statement. I left them hanging for several minutes, pretending to look for a statement, which I "couldn't find", and then offered them another credit card number, which they accepted.

So I made up another non-existent number. Same problem. And then they asked a very strange question, "Why do you want to cancel your Amazon account?" This would be normal if they really were Amazon, but this is just someone trying to get money out of me. So, naturally, I answered, "Yes, you're right, Amazon Prime is a pretty good service, and £79.99 is a good value for a whole year's access. Maybe I should keep it?"

And they hung up on me. I think I wasted about an hour of their time, maybe more.

So now I have this fictitious Amazon Prime account, bought with one of two non-existent credit cards.

I should have asked them if they could add Netflix.

 

Day 428 of self-isolation - The India variant

The India variant

This is still being researched, but from what we know so far, it's more infectious than the Kent variant, which itself was more infectious that the original Covid.

We don't know that it's more likely to lead to hospitalisation, or death. And we don't know if the vaccines are as protective as against Kent or Original.

We know that it's more infectious, because it's overtaking the Kent variant in Canterbury and Bradford. That means that herd immunity won't happen until we reach 85% immunity. Maybe even more.

Vaccination is still going well, and (unlike the USA) we don't need to resort to bribery to get people jabbed. 95% of people over 50 have been vaccinated, and the number of people in hospital is down from the peak of 40,000, to 1,000. Hospitals are returning to normal, and are doing the non-urgent surgeries again.

We're seeing some caution from the government, but the planned easing of lockdown today went as planned.

Deaths over the last seven days averaged at ten per day, new cases at 2200.

 

Day 427 of self-isolation - Under fifteen

Under fifteen

I am under fifteen. The last time I was under fifteen was a very long time ago. I was under fifteen when I took my first O levels, and that was also a very long time ago.

But I am under fifteen again. To be exact, I am fourteen stone, thirteen
pounds.

Rejoice!

 

Day 426 of self-isolation - Mars

Mars

 China has landed a rover on Mars

This makes me feel that China is more technologically advanced than Europe in general, and Britain in particular.

I remember when China was an economic basket case. But now they have lifted themselves out of poverty, had their industrial revolution, and reached into space - ahead of Britain!

We need to think about how to catch up with China, and I think that the best way would be to join the EU, and work in partnership with France, Germany and the other 25 nations.

Day 425 of self-isolation - Ransomware

Ransomware

In the USA, gas prices have risen because of a ransomware attack on the "Colonial pipeline". There are calls for greater cybersecurity, but there are very few suggestions on how to achieve that.

So let's look at that.

Ransomware is when a trojan (unwanted) program encrypts the data no your system, and the criminal demands payment for restoring the data. How do you defend against that. Backups? It isn't that easy.

So let's start off by looking at how a nasty ransomware system would work.

First, the user installs the ransomware on their computer. Unwittingly, of course. I'll discuss later how that can happen.

The ransomware has access to the same data that they user can access. If the user can write to a file, so can the ransomware.

So, all the files that they user can access, can be encrypted. 

But surely, the user would notice that he no longer has access to his data? No, because the ransomware also decrypts the data, on the fly, whenever the user tries to use it. So it can be working silently, in the background, for days, weeks, even months. And then, eventually, it triggers.

So what backup are you going to restore, one that is six months old?

What about decrypting the data? No - modern crypto is strong enough to make that impossible.

What about paying the ransom? Colonial Pipeline paid $5 million. Let's hope that they got their data back - but this is obviously going to encourage more people to deploy ransomware. It's a get-rich-quick that works. And payment is in bitcoin, and so impossible to trace.

I first met ransomware in 1989, when a 5 1/5 floppy arrived through the post. It was the "Aids Info disk". It came with a piece of paper requesting $189 as the cost of the software. And when I installed it, it encrypted (with a very simple code) all the filenames (not the files) on the test computer that I installed it on; it was easy to reverse this. The perpetrator eventually got arrested and tried

So, the ransomware is only writing to files that the user has wrote access to. The only way to stop it, is to prevent it from being installed.

Some people suggest "user education". That doesn't work. It's been tried. We can't even stop people from killing themselves with tobacco or speeding cars, or using the phone while driving.

And also, maybe you remember the Incident of The Register? I do, because it got me. The Register is an informative tech news web site, I visit it most days. On 2004, I made one of my regular visits, and immediately, all hell broke loose. It turned out that if you were running Windows, and Internet Explrer version 6, you wee vulnerable. The malware was in an advert, being served by Falk AG (a middleman in the advertising business) into an iframe on the register page.

I spent half an hour trying to get rid of it, but I obviouslty didn't root it out deeply enough, because each time I thought I got rid of it, it came back. Eventually, I decided to Zap that hard drive and reinstall Windows . and then I realised that this would be a good time to change to Linux Workstation.

 https://www.theguardian.com/technology/2004/dec/02/onlinesupplement.insideit

So, you see - no amount of user education would have stopped me visiting a legitimate tech news site (that I still visit). And that is why I even today, block most advertising.

Having said that, there are so many other ways that malware can get onto your computer. I block adverts, and also javascript - but sometimes I have to allow it, so that I can perform some action. This wouldn't be an issue for most users; most users don't need to see adverts, popups or dancing chickens. So maybe a good start would be to lock down users computers to disallow all that.

Another useful precaution, is to avoid using software that most people are using. So, I don't use Windows now. If you really hae to use Windows, don't use one of the common browsers.

But the bottom line is that as long as ransomware is immensely profitable, people will create and spread it.

Day 424 of self-isolation - Vaccinations

Vaccinations

In the UK, there have been 80 vaccinations per 100 people; of course some of us have had two vaccinations. And the call has gone out  for 38 to 39 year olds. Daughter.1 has had her first jab, and daughter.2 will soon be getting hers. There's still a long way to go - we need to do 18 to 37 year olds (and maybe younger), but the NHS is doing a grand job.

In the USA, the number is about the same at 79 vaccinations per 100, but now they are running into "vaccine hesitancy". There's no age restrictions on who can get the vaccine now. And so bribes are being offered to persuade people to get jabbed.

I'm in two minds about this. Is this an effective use of public money? Why should we pay people to do something that is to their own benefit?

 

Day 423 of self-isolation - Census

Census

We were visited by the census today. I've already filled in the online census, but this was a cross-check. The idea is to see if the door-to-door came out with the same distribution as the online census. 

Data collection isn't as easy as you might think. Anyone who has worked with published statistics, knows that they are imperfect in various way; some random, some systematic.

The standard way that I used to teach this, was to get people to extract population statistics for Germany, 1950 to 1980. When you do that, you might notice that there's a sudden jump in one year (in the sixties), and the population is two million more than you'd expect.

This isn't because Germans suddenly got jiggy.

It's because from that year on, they started to include the population of Berlin in the population of Germany. If you check the footnotes and appendices carefully, you'll probably discover this reason.

But if you just use that stream of numbers for time series analysis, you'll bump into problems.

Day 422 of self-isolation - Paypal scam

Paypal scam

 Subject: Please provide your missing account information by 9 July 2021 

Hi [My full name],  
 
Please provide your missing account information
 
 
Please send it by 9 July 2021.
 
 
It looks like we're missing some information for your account. To comply with applicable laws, we need to collect certain information from
you to help make the PayPal community as secure as possible.

So I checked the email header.

Received: from mx1.slc.paypal.com (mx0.slc.paypal.com [173.0.84.225])   by
 mail.[mymailserver.com]

Therefore, it came from the paypal.com domain. So it all looks legitimate.

But then I contacted Paypal, using their messaging system, and they told me that unless it came from service@paypal.co.uk or service@paypal.com, then it isn't from them.

Which leaves me in doubt. The "From" address was service@paypal.co.uk, but we all know that the from-address is easy to spoof, it's the "Received: from" that tells the truth. And that says it's from a paypal subdomain.

So I don't have confidence that the person on the messaging system understood the problem, I don't have confidence that Paypal understands it's own system.

 Here's the message that I got from the Paypal messaging system.

 

 

Good day. Welcome to PayPal Messaging, my name is Renelyn. I understand how important for you to know if the email was from PayPal.

I've reviewed your account and it shows that the email you received was not from PayPal. We didn't send any email to you regarding missing information.

The email address mx1.slc.paypal.com is not from PayPal.

For future your future reference I've included the guidelines below on how a legitimate email from PayPal looks like. This might be long but I want to make sure that you will be able to get all the details.

You will know that an email is not from PayPal when:

• The email uses a generic greeting like 'Dear user' or 'Hello, PayPal member’. We always address you by your first name and last name or the business name on your PayPal account.

• The email requests financial and other personal information. For example, an email from PayPal never asks for the numbers of your bank account, debit or credit card, or driving licence. We also do not request your email addresses, your full name, your account password, or the answers to your PayPal security questions.

• The email includes an attachment, a software update to install on your computer.

• Never ask you for money in an email, and we will never ask you to send money through Western Union, MoneyGram or any other third party money transfer service.

• The email address that we are using in sending emails or notifications are service@paypal.com or service@paypal.co.uk alone nothing more nothing less.

• If you are viewing the email in your mobile device, long press your finger on the email address of the sender and the real email address of the sender will appear.

• If you are viewing the email using your desktop or computer, just hover or point your mouse on the email address that the sender used and the real email address of the sender will appear.

Here are some security tips below to help you stay protected online:

• Never provide the tracking number of a posted item before receiving payment into your PayPal account

• Never give your PayPal password to anyone

• We'll never ask you for financial details via email.

• When using the PayPal, always ensure that the URL address listed at the top of the browser displays as https://www.paypal.com. The 's' ensures that the website is secure.

• Even if the URL contains the word 'PayPal', it may not be a PayPal webpage.

• Look for the 'lock' symbol that appears in the address bar. This symbol indicates that the site you are visiting is secure.

• You can always see your payment when you log into your PayPal account. If you receive an email saying that you've received a payment, always log in to your PayPal account at www.paypal.com (do not click on any links in the email) and check your account balance there.

Kindly send the email to spoof@paypal.co.uk so that our Fraud Prevention Team can investigate the origin of the email and ensure that the people and the related site will get shut down.

Don't forget to delete this from your email after forwarding to ensure that you will not be attempted to entertain this in the future.

Rest assured, Your PayPal account is secured and protected.

Thank you for contacting PayPal and for being a valued customer. If you have no further questions, please close this conversation. You can close this conversation by selecting End Conversation or by clicking the X". If you respond to this message, another agent will follow up with you.

So I've forwarded the email to spoof@paypal.co.uk.

There is nothing under "Account notifications" to click on or follow, so really, that's all I can do. And they said in the message above, that they sent me nothing.

If Paypal terminates service on 9 July 2021, I'll contact them further. But at this point in time, I'm taking no action.

Day 421 of self-isolation - Voter ID

Voter ID

This sounds like a good idea to me. Look at the kerfuffle that is still going strong in America, where a large percentage of the population think that the election was fraudulent.

In the UK, as in America, there is very little voter fraud, but we've seen now how even a completely baseless claim, can undermine people's faith in democracy.

The idea is that you show a picture ID when you vote (postal voting is a lot easier to secure). That picture ID would be your driving licence or passport. For those people without either of those, the government would provide a photo ID free of charge.

 

Day 420 of self-isolation - Hugs are go!

Hugs are go!

Michael Gove has revealed that hugging will be allowed very soon.

Ladysolly is being asked by several bridge clubs if she's willing to play face-to-face in a few weeks.

We're planning a trip to London very soon.

Things are getting back to normal!

 

Day 419 of self-isolation - The Great Influenza

The Great Influenza

By John M Barry. I've been reading this, and it's really good. It explains things about viruses in general, and influenza in particular that I hadn't known before. It explains how viruses can acquire characteristics from other viruses, and how an initially weak virus, can increase in infectiousness and deadliness. How the "cytokine storm" is not a new thing, it happened 100 years ago. It explains "long Covid", because flu can do the same thing.

Covid-19 looks bad - but actually, we've dodged a bullet. Coronaviruses don't mutate as rapidly as influenza. Influenza is more like a swarm of similar viruses, of which a large percentage can't infect, but those that can, evolve rapidly.

Also, the symptoms, including anosmia, can be the same as for flu. And flu can be a bigger killer than Covid.

Spoiler - 50 million died, but eventually the pandemic ended.

Day 418 of self-isolation - Fan

Fan

While I was in the server room, I heard a grinding noise. That's usually a bad noise. I have two ears, so I was able to track down the server making that noise, and sure enough, when I powered it down, the noise stopped. 

A grinding noise is usually a faulty fan.

I opened up the server, and it was easy to locate the fan with the problem. I had to dismantle the power supply to get it out, and it checked out - the bearing had worn out.

Fans run 24/7, and because they are mechanical, they are a frequent failure. This fan was 40x40x20 mm, and I have a few of those in stock, so I replaced it with a good fan, and everything is OK now. 

But what was I doing in the server room? Another computer was faining to start up. When I put it n the workbench, it was starting up then immediately going into a "kernel panic", which is a situation where the  system has failed so badly, it has to stop immediately.

I swapped out the memory, and replaced the system drive, and one of those two changes fixed the problem. Some time soon, I'll test the memory to see if it's usable.

 

 

Day 417 of self-isolation - an election

An election

Which we didn't vote in, because we don't know the candidates, or the issues, and we aren't going to vote Conservative because of the two major ways they have messed up this country (Brexit and Covid), and we aren't going to vote Labour because I'm still seeing a disturbing amount of racism there.

So we decided not to vote.

The important election will be 2024.

Day 416 of self-isolation - Fedora 34

Fedora 34 

The latest version of Fedora is out. I've downloaded it and burned to DVDs, and I'm updating each of the servers to this new version. Updating is fairly easy.

yum update -y

dnf -y --releasever=34 --setopt=deltarpm=false distro-sync --allowerasing

There is a problem with updating the rpmfusion apps, but I don't think that's important.

 

India

India is getting worse. 3982 deaths and 412k new cases each day. At this rate, India will push the USA off the top slot for new cases per day within a month. And only 11% of the population is vaccinated.

Day 415 of self-isolation - Single figures

Single figures

We've seen single-figure numbers for new deaths this  weekend; it even got down to a single death. Things are looking really good, and the lockdown is being ease even more.

In India, the disaster continues to unfold, with nearly 4,000 deaths per day and nearly 400,000 new csaes. And that probably under-reported.

Day 414 of self-isolation - Hello, Albert Einstein here ...

Hello, Albert Einstein here ...

I keep hearing an advertisement that starts " Hello, Albert Einstein here ..." which goes on to promote smart meters.

This is fundamentally dishonest. Einstein never said anything at all like this, and pretending that he did, or would, is dishonest.

If this is someone's recommendation, then the advertisement should name him or her. "Hello, Jane Formby here ...". Or don't use a name, just give your opinion that more people should use smart meters.

They go on to claim that if everyone in this country used a smart meter, then it would save CO2 like planting 10 million trees every year until 2030.

This is a claim that you use less energy if you have a smart meter. The assumption is that people will have a better sense of how much electricity they are using, and would therefore use less. I query that. The latest research is that such a saving would be 21p per week. But it would also mean that energy providers could start to use surge pricing, making electricity cost more at peak times.

There are better ways to save electricity consumption.

So we have a weak claim (saves you CO2 and money) and a clear falsehood (I'm Albert Einstein).

If I hear this one more time, I'm going to complain, on the grounds that advertisements should be truthful.

Day 413 of self-isolation - Fifteen love

Fifteen love

My weight is down to 15 stone zero pounds, that's 210 pounds, or  95 kilograms. That give a BMI of 29.4. which puts me as "Overweight"

That's good news, because until recently, I was "Obese".

But the BMI calculator tells me I need to lose another 32 pounds and get down to 12 stone 10 pounds.

That might not be possible.

 

Day 412 of self-isolation - Pi wifi access points

Pi wifi access points

Following the investigation into wifi access points, I decided to set up some pi access points.

https://thepi.io/how-to-use-your-raspberry-pi-as-a-wireless-access-point/

I didn't do the DHCP stuff, there's already four DHCP servers on the network.

As you can see, I'm using a Pi version 1 for this. 

I've built two of them, so if I need to, I can scatter them around.

 

Step 1: Install and update Raspbian

Check out our complete guide to installing Raspbian for the details on this one. Then plug everything in and hop into the terminal and check for updates and ugrades:

sudo apt-get update
sudo apt-get upgrade

If you get an upgrade, It’s a good idea to reboot with sudo reboot.

Step 2: Install hostapd and dnsmasq

These are the two programs we’re going to use to make your Raspberry Pi into a wireless access point. To get them, just type these lines into the terminal:

sudo apt-get install hostapd
sudo apt-get install dnsmasq

Both times, you’ll have to hit y to continue. hostapd is the package that lets us create a wireless hotspot using a Raspberry Pi, and dnsmasq is an easy-to-use DHCP and DNS server.

We’re going to edit the programs’ configuration files in a moment, so let’s turn the programs off
before we start tinkering:

sudo systemctl stop hostapd
sudo systemctl stop dnsmasq

Step 3: Configure a static IP for the wlan0 interface

For our purposes here, I’m assuming that we’re using the standard home network IP addresses, like 192.168.###.###. Given that assumption, let’s assign the IP address 192.168.0.10 to the wlan0
interface by editing the dhcpcd configuration file. Start editing with this command:

sudo nano /etc/dhcpcd.conf

Now that you’re in the file, add the following lines at the end:

interface wlan0
static ip_address=192.168.0.10/24
denyinterfaces eth0
denyinterfaces wlan0

(The last two lines are needed in order to make our bridge work –- but more on that in
Step 8.)

After that, press Ctrl+X, then Y, then Enter to save the file and exit the editor.

Step 4: Configure the DHCP server (dnsmasq)

We’re going to use dnsmasq as our DHCP server. The idea of a DHCP server is to
dynamically distribute network configuration parameters, such as IP addresses, for
interfaces and services.

dnsmasq’s default configuration file contains a lot of unnecessary information, so
it’s easier for us to start from scratch. Let’s rename the default configuration file and
write a new one:

sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo nano /etc/dnsmasq.conf

You’ll be editing a new file now, and with the old one renamed, this is the config file that dnsmasq will use. Type these lines into your new configuration file:

interface=wlan0
  dhcp-range=192.168.0.11,192.168.0.30,255.255.255.0,24h

The lines we added mean that we’re going to provide IP addresses between 192.168.0.11 and 192.168.0.30 for the wlan0 interface.

Step 5: Configure the access point host software (hostapd)

Another config file! This time, we’re messing with the hostapd config file. Open ‘er up:

sudo nano /etc/hostapd/hostapd.conf

This should create a brand new file. Type in this:

interface=wlan0
bridge=br0
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
ssid=NETWORK
wpa_passphrase=PASSWORD

Note that where I have “NETWORK” and “PASSWORD,” you should come up with your own names. This is how you’ll join the Pi’s network from other devices.

We still have to show the system the location of the configuration file:

sudo nano /etc/default/hostapd

In this file, track down the line that says #DAEMON_CONF=”” – delete that # and put the path to our config file in the quotes, so that it looks like this:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

The # keeps the line from being read as code, so you’re basically bringing this line to life here while giving it the right path to our config file.

Step 6: Set up traffic forwarding

The idea here is that when you connect to your Pi, it will forward the traffic over your Ethernet cable. So we’re going to have wlan0 forward via Ethernet cable to your modem. This involves editing yet another config file:

sudo nano /etc/sysctl.conf

Now find this line:

#net.ipv4.ip_forward=1

…and delete the “#” – leaving the rest, so it just reads:

net.ipv4.ip_forward=1

Step 7: Add a new iptables rule

Next, we’re going to add IP masquerading for outbound traffic on eth0 using iptables:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

…and save the new iptables rule:

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

To load the rule on boot, we need to edit the file /etc/rc.local and add the following
line just above the line exit 0:

iptables-restore < /etc/iptables.ipv4.nat

Step 8: Enable internet connection

Now the Raspberry Pi is acting as an access point to which other devices can connect. However, those devices can’t use the Pi to access the internet just yet. To make the possible, we need to build a bridge that will pass all traffic between the wlan0 and eth0 interfaces.

To build the bridge, let’s install one more package:

sudo apt-get install bridge-utils

We’re ready to add a new bridge (called br0):

sudo brctl addbr br0

Next, we’ll connect the eth0 interface to our bridge:

sudo brctl addif br0 eth0

Finally, let’s edit the interfaces file:

sudo nano /etc/network/interfaces

…and add the following lines at the end of the file:

auto br0
iface br0 inet manual
bridge_ports eth0 wlan0

Step 9: Reboot

Now that we’re ready, let’s reboot with sudo reboot.

Now your Pi should be working as a wireless access point. Try it out by hopping on another device and looking for the network name you used back in step 5.

 

Day 411 of self-isolation - Sorting out Wifi

Sorting out Wifi

After considerable cogitation and use of nmap, I found the problem. Some of the wifi access points were offering dhcp service that led to no access to the internet, because they weren't giving the right  gateway. I've disabled those, brought Buffalo-10 into ladysolly's room, and everything looks good now.

The Pfizer jab gave me a slightly sore arm, but I think it's calming down now.

And today, I did my VAT, the tax codes, and all the end-of-month stuff.