Tag: tech

DIY Project: Light Therapy Lamp with Dimmer for the Light Sensitive

On By DrewIn tech

Parts:

Instructions:

  • Take all components out of their packaging.
  • Remove the vented cap from the top of the HappyLight. In current models this is just held on with magnets; older models have two standard slothead screws holding it down.
  • Remove the cylindrical compact fluorescent bulb that the Happylight comes with; this has a GU24 2-post base with rotary locking channels, so you can unscrew it about a quarter turn by hand and it’ll pop loose. If you don’t want to save it, remember that these compact fluorescent bulbs contain mercury and may have special recycling instructions in your area.
  • Replace it with the bulb base adapter.
  • Screw the dimmable LED bulb into the base adapter.
  • Slide the diffuser lens into its slot over the front of the bulb enclosure.
  • Put the top vent cover back on.
  • Plug the Happylight’s cord into the inline dimmer plug. You can use the cable ties that the HappyLight came with to tie the two cords together so they’re easier to work with.
  • Plug the dimmer into a nearby wall socket or extension cord. You can then turn on the HappyLight with the switch on the back and adjust the brightness with the dimmer remote.
  • Adjust it to be as bright as you can have in your visual field without discomfort, and then you can just leave the dimmer at that level; mark it with a bit of tape or nail polish so you can find the right setting if the slider gets bumped out of place.
  • Have it on and in your visual field for maybe a half hour a day; best time is in the morning around breakfast, or at least sometime before lunch.

Freeware TACACS+ on CentOS

On By DrewIn security, tech

A while back I had a need to deploy a TACACS+ server in an isolated environment, as a stopgap pending connection of that environment to my main environment.

For those not already in the know, TACACS+ is a technology that one can use to centralize authentication for network devices like switches, routers, load balancers, etc. so one does not have to go around and set up individual local accounts on each device, a big pain. That said, even with a TACACS+ setup, it’s still best practice to have at least one local account as a fallback just in case something happens to your TACACS+ server (so you don’t get locked out in an emergency).

After some research, the most reasonable choice for my specific use case was the freeware tac_plus TACACS+ daemon package from Shrubbery Networks, deployed on a CentOS 7 virtual machine. The setup docs we used:

Doc: https://networklessons.com/uncategorized/how-to-install-tacacs-on-linux-centos/

Forum comments with some more helpful details: https://forum.networklessons.com/t/how-to-install-tacacs-on-linux-centos/1010

Set up the VM as a barebones deployment with only SSH and TACACS+ ports allowed inbound. After some research and monkeying, found that there are multiple ways to set up authentication for this server; the use case that was the best fit for us was to just use the /etc/tac_plus.conf file to store that information. This presented the problem of the server admin having access to the auth credentials, not something the docs covered.

After some more research, found that the tac_plus server can leverage the encryption capabilities of the OS to protect credential information in that tac_plus.conf file. If Python is installed on the VM, one can use a fairly straightforward AES256 hash script to encrypt the credentials. Users can run that Python script from a different machine for their regular and enable passwords and provide the hashes to the VM admin for account setup.

The script in question (found on Internet forums, don’t remember source):

python -c ‘import crypt; print(crypt.crypt(“<password>”, crypt.mksalt(crypt.METHOD_SHA256)))’

Specifying a hash for credentials in the user account section of tac_plus.conf:

login = des <hash>
enable = des <hash>

Note that the keyword “des” is just a hook that tac_plus uses to say “just use the OS’s encryption capabilities to process this.” It’s not literally telling the OS that this is specifically a DES hash. One can use any encryption method that the OS supports.