How To: Fix Intel Laptop Coil Whine and Squeaking

There’s nothing worse than getting a new laptop, booting it up, and then hearing that incessant coil whine noise that kicks in and out. I’ve noticed it’s worse on the HP laptops we’ve used, but HP isn’t to blame. Intel is.

In our testing, the issue seems to be related to Intel’s TurboBoost feature that allows your CPU to kick into a super boosted mode when it needs to (and in some cases increase its clock speed from 1.6GHz to 3.5!), but this can come at a cost. Coil whine.

The only way we’ve found to fix this is to disable TurboBoost. On Windows laptops you have two options:

1. Disable TurboBoost in BIOS/UEFI

One option is to head into your BIOS settings and see if there’s a way to disable TurboBoost there. We’ve seen this option on many laptops, but strangely the HP we used did not have the option in BIOS which leads us into the next option:

2. Disable TurboBoost in Windows

This option requires Administrator permissions and involves a couple of easy to do steps.

Firstly open up Notepad. Paste in the following text

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\54533251-82be-4824-96c1-47b60b740d00\be337238-0d82-4146-a960-4f3749d470c7]
"Attributes"=dword:00000002

Then save the file, make sure you pick the Save type as “Any file” and end the file name in .reg – once saved, double click the file and merge this into your registry.

Then head to Advanced Power Settings in the Control Panel (Control Panel > Power Options > Change Plan Settings > Change Advanced Power Settings:). Once that’s open look under Processor power management > Processor performance mode > and Processor performance boost mode. Make sure Battery and Plugged In are set to ‘Disabled’. Reboot, and you’re done!

 

 

 

 

How To: Basic Server Security (CentOS 7) – April 2019

Out of the box, servers are often insecure and come with outdated software. In this guide we will be going through the basics of what you need to do to secure a server. This guide applies to CentOS 7 and was last updated April 2019.

1. Updates! Updates! Updates!

The first thing you need to focus on is updates. Ensuring your server is up to date is key, and you need to make sure you do this regularly.  Downtime in the name of security is justifiable, but with the correct configuration and redundancy you can avoid downtime too (but that’s for another blog post).

To update in CentOS, run:

sudo yum update && yum upgrade

2. Firewall

2.1 – Install the firewall

My preference for a firewall for beginners is CSF + LFD  (ConfigServer Firewall + Login Failure Daemon). To install CSF you’ll need to run the following commands:

sudo yum install wget nano perl-libwww-perl.noarch perl-Time-HiRes

Enter the /usr/src folder:

cd /usr/src/

Download the CSF tarball:

wget https://download.configserver.com/csf.tgz

Extract and install:

tar -xzf csf.tgz
cd csf
sh install.sh

Run the test to see if the server should be compatible:

cd /usr/local/csf/bin/
perl csftest.pl

The result should be:

# perl csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

2.2 – Configure the firewall

Now the firewall is installed, you need to configure it. This basic configuration will allow incoming traffic on a number of ports, you should edit the csf.conf file later to lock this down.

cd /etc/csf # Enter the CSF directory
cp csf.conf csf.conf.bak # Back up the existing csf.conf file
sed -i 's/TESTING = "1"/TESTING = "0"/g' csf.conf # Turns Testing mode off

Next, we’ll disable the existing firewall service and enable CSF.

systemctl stop firewalld # Stop firewalld 
systemctl disable firewalld # Disable firewalld from starting at boot
systemctl start csf # Start the new CSF firewall
systemctl enable csf # Enable CSF on boot
systemctl start lfd # Start LFD
systemctl enable lfd # Enable LFD on boot

You can whitelist your IP address to prevent you from getting locked out if you have too many incorrect password attempts, but only do this if you have a static IP. Do this by running:

csf -a 1.2.3.4 # Replace 1.2.3.4 with your IP Address (v4 or v6)

Once making a change, restart CSF with:

csf -r

3. Secure SSH

Securing SSH is the next important aspect. I’m going to assume you are already connecting to your server using public key auth with your own user in the wheel group (AWS, DigitalOcean, Azure, Linode use this by default) – if you aren’t using public key auth, do so.

We’re going to disable root login and disable login by passwords. This will prevent hackers from brute-forcing their way in over SSH to the default root account. 

cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
echo "PermitRootLogin no" >> /etc/ssh/sshd_config

In the future, we will release a blog post on achieving PCI Compliance to achieve baseline security, keep your eyes peeled or follow us on Twitter (@cyberhatch).

ASCII Art featured image

Cheat-sheet: Linux Commands in Windows

If you spend a lot of time in the command line you may find it a bit difficult to remember the different commands you need to use to achieve basic things depending on whether you’re using Unix/Linux or Windows that day. This guide contains a cheat-sheet with some of the most used Unix commands and their Windows counterparts. If you use PowerShell you’re in luck because Microsoft has added a large number of the Unix commands as aliases for their Windows counterparts for you, but if you use CMD/Command Prompt still this list is for you.

 

Cheat-sheet:

Unix command: clear
CMD command: cls
The clear command is used to clear the window you currently have open, useful if the clutter is distracting you. The Windows alternative is cls (clear screen).

 

Unix command: ls
CMD command: dir
The ls command is used list the contents of the current directory, append with the location of another directory to list the contents of a different directory. The Windows alternative is dir (directory).

 

Unix command: cat
CMD command: type
cat is most frequently used to output the content of a file to the command line, or to add the content of file into another file. The Windows alternative is type (fairly self explanatory).

 

Unix command: sudo
CMD command: powershell Start-Process cmd.exe -Verb runAs
Windows doesn’t have an in-built answer to the sudo command (used to elevate your command line to run commands that are system sensitive), but powershell Start-Process cmd.exe -Verb runAs will open another CMD window for you running as the administrator user.

 

Unix command: rm
CMD command: del
Used to remove files and folders. The Windows alternative is del (delete).

 

Unix command: cp
CMD command: copy
Used to copy files and folders. The Windows alternative is copy (self explantory). xcopy also exists.

 

Unix command: nano, vi, ee
CMD command: notepad
CMD doesn’t have an in-built text editor*, but prefixing a file name with notepad will open it up in Notepad so you can edit it in the GUI. If you need to open a file as an Administrator (for example to edit the hosts file), see the next command.
* Some older versions of Windows come with edit from the DOS days, but Windows 7 64-bit and above does not.

 

Unix command: sudo nano
CMD command: powershell Start-Process “notepad.exe <filename>” -Verb runAs
This will open the file you want to edit in an elevated Notepad instance. For example, to edit the hosts file run: powershell Start-Process “notepad.exe C:\Windows\System32\drivers\etc\hosts” -Verb runAs and then you can make the changes needed and save the file in the GUI.

 

Unix command: ssh
CMD command: ssh
Windows 10 supports SSH! (Version 1809 does, anyway – older versions probably do too).

 

Unix command: shutdown (and shutdown -r or reboot) 
CMD command: shutdown
Windows supports the shutdown command but the flags are slightly different. Replace the hyphen with a forward slash (e.g; rebooting on Windows requires shutdown /r instead of shutdown -r). Execute shutdown and CMD will display a list of arguments.

How To: Enable Wi-Fi Calling on the OnePlus 6T (Vodafone UK and EE)

One trick the OnePlus 6T has up its sleeve is that despite not being listed on Vodafone and EE’s supported devices list, it actually comes with the keys and certificates required to connect to the VoWiFi/Wi-Fi Calling servers – all you need to do is enable it in a debugging menu.

Please note that this is intended only for debugging, and is a feature that could be removed at any point (or, hopefully, enabled by default…) – as always, we do not accept any responsibility for any damage this may cause. 

Check it isn’t already available:

First off, check that Wi-Fi Calling isn’t already available by heading to Settings > Wi-Fi & Internet > SIM & Network > select your SIM and then looking under Enhanced Communications. Wi-Fi Calling may already be an option. If it is, simply enable it. If not, carry on reading.

How to enable VoWiFi/Wi-Fi Calling (and maybe even VoLTE!)

Open the dialer, and then open the keypad and enter:

*#800#

The phone should automatically pop up with the OnePlus Debug Menu (titled Log_test). Read the warning notice that may come up and if you’re happy to continue, tap Enter, in the window that then pops up, press on oneplus Logkit.

Scroll down the list and tap on Function Switch.

  

If you need VoLTE, tap the tickbox next to VoLTE switch. On the reboot notice that pops up, tap Cancel. Then, tap the tickbox next to VoWifi switch, then tap Reboot on the reboot notice that pops up.

Once you’ve rebooted the phone, head to Settings > Wi-Fi & Internet > SIM & Network > select your SIM, and then look again under Enhanced Communications. You should see the toggles for enabling VoLTE (if you enabled that), and Wi-Fi Calling. You can even select which method of Wi-Fi Calling you’d prefer (Mobile Data Preferred which will likely handle most calls over the cellular network, or Wi-Fi Preferred which will push most/all calls over Wi-Fi). 

  

When you’re done, simply turn enable Airplane Mode, and turn the Wi-Fi back on. Once VoWiFI appears in the top right (you may need to pull the notification shade down to see it, depending on how many icons are already displayed) place a call. If the call goes through, Wi-Fi Calling works.

Note: If you have Dual SIMs, you will need to enable Dual 4G networks on the SIM & Network Settings page to use Wi-Fi Calling on both SIMs.

How To Fix: Could not get metalink for EPEL

Quick Fix

Error message:

Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64 error was 14: HTTPS Error 503 - Service Unavailable

Fix:

sudo rpm --query --file  /etc/pki/tls/certs/ca-bundle.trust.crt

Output (will change as time goes on):

ca-certificates-2018.2.22-70.0.el7_5.noarch

Copy and paste output, and then run:

sudo yum reinstall ca-certificates-2018.2.22-70.0.el7_5.noarch

Then try yum update again.

 

 

 

 

 

Settings

Mac How To: How to stop accidentally quitting apps

If you’ve ever accidentally pressed CMD+Q and quit an app when you wanted to press CMD+W to close a tab or the window, you can easily re-map the key combination required to quit a specific app (or all apps) in Settings. 

To do this open Settings, head to Keyboard, and then Shortcuts.

Then select App Shortcuts from the list on the left and then press the icon

Settings

If you wish to remap the key required to quit a specific app enter the following:

Application: Select the app you want to change (e.g; Safari).
Menu Title: Type Quit
Keyboard Shortcut: Click in this box and press the new key combination you wish to use to quit apps.

Click Add and then quit and re-open the app you’ve changed the shortcut for.

Safari

If you wish to remap the key required to quit all apps enter the following:

Application: Leave All Applications selected
Menu Title: Type Quit
Keyboard Shortcut: Click in this box and press the new key combination you wish to use to quit apps.

Click Add and then reboot. 

All Apps

macOS How To: Enable AAC and aptX Bluetooth Audio Codecs

By default, macOS defaults to the SBC audio codec for Bluetooth headphones regardless of whether your headphones supports AAC or aptX. macOS itself, however, does support these codecs, it just needs enabling.

In my case, I am using the Bang & Olufsen Beoplay H9i that support the AAC codec, but this guide also includes a step for aptX for any headphones that support it.

To see what codec your Mac is currently using for audio on your headphones, hold down the option key on your keyboard, and click on the Bluetooth icon in the menu bar. Once the menu has popped up, move the mouse cursor down to the connected device and it will pop out another menu displaying the currently used codec:

Bluetooth Menu showing Beoplay H9i connected with SBC

If the Active Codec: is shown as SBC and your headphones support AAC or aptX, you’ll be able to enable the correct codecs with the following commands in Terminal (you’ll need administrator access on your account). Turn off your headphones before doing this (not doing so shouldn’t cause any harm, but it’s just easier).

To enable AAC:

sudo defaults write bluetoothaudiod "Enable AAC codec" -bool true

To enable aptX:

sudo defaults write bluetoothaudiod "Enable AptX codec" -bool true

Then run the following command and you should see the following settings afterwards:

sudo defaults read bluetoothaudiod

The above command should show the following:

Jons-MacBook-Pro:~ jonprocter$ sudo defaults read bluetoothaudiod
{
    "Enable AAC codec" = 1;
    "Enable AptX codec" = 1;
}
Jons-MacBook-Pro:~ jonprocter$ 

Once that is done, you can now re-connect your headphones. Once reconnected, start playing some audio and then go back to the Bluetooth menu (holding down the Option key again) and you should see the following (with aptX in place of AAC if your headphones support it):

Bluetooth Menu showing Beoplay H9i connected with AAC

If needed, you can disable AAC and/or aptX again using the following:

To disable AAC:

sudo defaults write bluetoothaudiod "Enable AAC codec" -bool false

To disable aptX:

sudo defaults write bluetoothaudiod "Enable AptX codec" -bool false

Linux How To – Install BSD’s EasyEditor on CentOS 7

Easy Editor (ee) is one of my favourite built-in utilities from FreeBSD. It’s my preferred text editor (vs vi, vim, nano, pico etc). Thankfully it is easy enough to install it on CentOS 6 and 7 (tested on 2018.03.18).

1 – Prerequisites

Firstly, you’ll need to install some prerequisites:

yum install libX11 libXdmcp

This command should install a total of 4 things.

2 – Fetch the .rpm installer

wget https://cyberhatch.net/downloads/easyedit-1.5.0-2.el6.rf.x86_64.rpm

3 – Install it

rpm -Uhv easyedit-1.5.0-2.el6.rf.x86_64.rpm

If there are any missing dependencies, try running “yum install …” (replace “…” with the names of the missing dependencies).

macOS How To: Update your Mac in Terminal

When updating your Mac, you usually have to go through the App Store to do it. This can be annoying because it takes around 20 minutes to do each update and you can’t use your Mac at the same time. But did you know there’s a way to do it via the command line interface?

The utility you can use to do this is called ‘softwareupdate’ and it’s pretty powerful, but we only need one command to check for and install updates:

softwareupdate -ia

If you’re interested in the other features this utility offers, you can run:

softwareupdate -?

Tips:

If you’re interested in being able to check for updates and install them and then reboot automatically afterwards you can add the following line to your ~/.bash_profile file with your favourite text editor such as ee, vim, or nano.

alias update='sudo sh -c "softwareupdate -ia && reboot"'

Then save and exit the file and run the following to re-load your .bash_profile file.

source ~/.bash_profile

DrayTek How To – Create Guest WLAN/Wireless SSID with VLAN Tagging

In this guide, we will be creating a guest WLAN/WiFi network and isolate it from your existing network by creating a guest VLAN and putting all devices on this VLAN on a operate subnet. This can be scaled to create numerous VLANs but we’ll just be creating two (your own network, and a guest network).

We’ll be using LAN1 for your internal network, and LAN2 for your guest network. If your router has WiFi enabled, we’ll also be using SSID1 for the internal network and SSID2 for the guest network. This can be tweaked but make sure you do it properly.

1. Configure VLAN Tagging

The first step here is to create the new VLAN Tag on your central router. To do this, head to VLAN (LAN > VLAN).

Ensure Enable is ticked in the top left, and then enter the following details:

VLAN0: tick all of the ports on the LAN segment (for my router, there are only 4 ports so P1 though 4 are all ticked – a Vigor 2925 for example will have 5 though – tick all of them). If your router does WiFi, tick SSID1. Then select LAN1 from the Subnet dropdown menu. For the VLAN Tag section, make sure Enable is unticked and VID is set to 0.

VLAN1: As before, tick all of the ports on the LAN segment. If your router does WiFi, tick SSID2. Then select LAN2 from the Subnet dropdown menu. For the VLAN Tag section, make sure Enable is ticked and VID is set to 2.

Scroll down and click OK and reboot the router.

2. Configure LAN2

The next step is to configure LAN2 to your needs. head to General Setup (LAN > General Setup) and click on Details Page on the LAN 2 row.

Enter the following details (if you tweak them, make sure you use a different IP range to your other LANs.

Network Configuration:
Enable: Selected
For NAT Usage: Selected
IP Address: enter an IP for your DrayTek router on this LAN – I’m using 10.0.0.253
Subnet Mask: 255.255.255.0 (tweak if needed)

DHCP Server Configuration:
Enable Server: Selected
Start IP Address: 10.0.0.50 (tweak if needed)
IP Pool Counts: 100 (tweak if needed)
Gateway IP Address: Make this the same as the IP address you set earlier (again, I’ve used 10.0.0.253)

Click OK and reboot your router.

3. Wireless Configuration

If you use the built in WiFi on your DrayTek router, follow step 3a. For DrayTek VigorAPs (such as the VigorAP 902), follow step 3b. You can also push these settings out via an AP Profile if you push config out to your DrayTek VigorAPs by just associating the correct VLAN tag in the SSID configurations during the profile wizard (read the steps on 3b to know what to enter and which boxes to tick if you’re unsure).

For other access point brands, follow their own documentation – this guide is only for DrayTek gear.

3a. Built in wireless on DrayTek Router

The DrayTek router will use the settings configured in the VLAN section for defining which VLAN tag each SSID will use, so tweak the configuration below if you associated different a different SSID for the guest VLAN tag. Repeat these steps if your DrayTek router supports 5GHz networks too if needed.

Head to General Setting  IEEE 802.11 (Wireless LAN > General Setup) and ensure Enable Wireless LAN is ticked.

For SSID 1 set the SSID name and make sure Isolate Member and Isolate VPN are both unticked.

Then for SSID2, tick Enable and enter the network name and tick Isolate Member.

Click OK.

You’ll need to configure security and WiFi network passwords separately.

3b. DrayTek VigorAPs

Ensure your DrayTek Vigor AP is plugged into your network and head to its user interface. Then head to the Wireless LAN config settings (Wireless LAN 2.4GHz > General Setup) – my guest network is only on the 2.4GHz spectrum as I want 5GHz to be only for the internal network but tweak/repeat if you want to have the guest network be on both spectrums or just 5GHz (all this depends on whether your AP supports this).

Make sure Enable Wireless LAN is ticked.

For SSID1, enter the SSID name and make sure Isolate Member is unticked if necessary and leave VLAN ID as 0 (untagged).

For SSID2, make sure Enable is ticked and enter the SSID. Then, tick Isolate Member and enter 2 in the VLAN Tag box.

Click OK.

You’ll need to configure the password separately under the Security section of each Wireless LAN section (if your router supports 2.4GHz and 5GHz).

All done! Test connecting to your guest WiFi network, and check you have been given an IP address from the LAN2 subnet.