[{"content":"Thus therefore pray ye\nOur Father who is in heaven,\nHallowed be Your name.\n‘Your kingdom come.\nYour will be done,\nOn earth as it is in heaven.\n‘Give us this day our daily bread.\n‘And forgive us our debts, as we also have forgiven our debtors.\n‘And do not lead us into temptation, but deliver us from evil.\nNASB Matthew 6:9–13.\nThe Prayer Template for the Way of Life The text starts with:\nGreek: ουτως ουν προσευχεσθε.\nMy translation: According to this manner make prayer.\nThe Didache says it a little differently \u0026ldquo;This is what you should pray\u0026rdquo;.\nAnd the copy of the Lord\u0026rsquo;s Prayer in Luke 11:2 uses similar language.\nGreek: Οταν προσευχησθε λεγετε.\nMy translation: While you make prayer use this expression.\nNASB: When you pray, say.\nWhat is immediately obvious when reading the various translations of the initial introductory statement by Jesus, is that this prayer is a framework. It has all the ingredients of what the Lord is looking for when we pray.\nIt also appears that the Luke version, and the Didache seem to lean towards praying it verbatim. Not as a special formula but as a type of sacrifice.\nThrough Him then, let us continually offer up a sacrifice of praise to God, that is, the fruit of lips that give thanks to His name.\nHeb 13:15\nAnd the Didache concludes with \u0026ldquo;This is what you should pray three times a day.\u0026rdquo; linking it to the daily sacrifices similar to how Daniel did so while in exile. [Daniel 6:10].\nIt\u0026rsquo;s also important to note that the prayer itself starts with \u0026ldquo;Our Father\u0026rdquo;, not \u0026ldquo;My Father\u0026rdquo;. This seems to indicate that the intention is for it to be used as a corporate prayer. Perhaps as a congregation or a family.\nThis framework for prayer is something that I\u0026rsquo;ve selected to pray verbatim in a group or corporate setting. But treat it more as a guide for personal prayer.\nPersonalization Example Father in Heaven, may your name be sanctified in the way that I live, in the workplace, at home. Tomorrow when I speak to this friend, may I be a good representative of Your Kingdom. And let us advance your Kingdom in the actions we select to take.\nWhatever our plans are, you are the Lord of my life and You have the permission to change my direction at any point.\nPlease show me today a piece of the coming Kingdom. My mom is dealing with a health issue, would you give us a taste of your Kingdom by healing her.\nShow me if there are any offenses that I need to forgive today, and thank you for the covering of your mercy in my life.\nAs I go to the workplace, and there are ungodly influences, do not allow me to fall in the grasp of these temptations. May all power, glory and honour be yours forever. Amen.\nWhat About the Ending | The Doxology If you\u0026rsquo;ve grown up with the Lord\u0026rsquo;s Prayer memorized, you likely ended it with: \u0026quot;For Yours is the kingdom and the power and the glory forever. Amen.\u0026quot;.\nYou may be surprised to know that this does not exist in early manuscripts.\nIn fact some more recent translations such as the ESV do not include it at all. The NASB includes it in brackets.\nSo Where did it Come From? Yours, O Lord, is the greatness and the power and the glory and the victory and the majesty, indeed everything that is in the heavens and the earth; Yours is the dominion, O Lord, and You exalt Yourself as head over all.\nDoes this sound familiar? This is not something written by Christians, not even in the New Testament. It is much older. You will find this declaration in 1 Ch 29:11.\nHow would language from the book of Chronicles, make it into modern day Christian bibles, and be recited by believers worldwide?\nHow many are aware that they are quoting what is considered by Christians one of the top 4 most boring books of the Old Testament?\nAs it turns out, all the early Christians were Jewish. In fact it would be more accurate to say that Christianity was considered a sect of Judaism, being referred to as the sect of the Nazarenes. Paul referred to himself as belonging to this sect in Acts 24:5.\nAnd Jewish prayers often concluded with doxologies.\nThe earliest record of this doxology is in the Didache. It\u0026rsquo;s a first century writing. Likely written by the apostles as a manual for followers of Jesus for the goyim [gentile nations].\nThe copy of the Lord\u0026rsquo;s Prayer in this book is verbatim to the one in Matthew. Except that it includes the doxology at the end.\nThis indicates very early on, congregations were corporately praying the Lord\u0026rsquo;s Prayer word for word. Per the common Jewish practice of adding these type of endings to prayers.\nAt this point you might be thinking, I\u0026rsquo;ve never heard of the Didache, why are we all familiar with this doxology and how did it get into the King James translation of the Bible?\nDuring the 16th Reformation of Western Christianity, the protestant translators working to compile an English translation of the Bible that was as close to the sources as possible, only had access to Byzantine manuscripts which came from the Greek Orthodox Church. The only other option was to use sources from the Roman Church, which as you might imagine was not considered a viable option for the protestants.\nWhile it\u0026rsquo;s purely speculation, it\u0026rsquo;s possible that the Byzantines added the doxology to their greek manuscripts for convenience when it was being used for recitation.\nRegardless of why it was added, we can be fairly certain that this was a widely established ending used by early believers, based on the wording in 1 Chronicles 29:11.\nThe Kingdom Prayer The Kingdom is a central focus in the Lord\u0026rsquo;s Prayer, and what I want to do here is show how each component of the prayer speaks of the Kingdom in some way.\nΠατερ ημων ο εν τοις ουρανοις αγιασθητω το ονομα\nMy translation\nOur Father in Heaven, may your name be sanctified.\nThis invocation establishes the foundational reality that undergirds kingdom prayer: God’s sovereignty and majesty demand recognition and reverence.\nHe is elevated above the kingdoms of the earth. And He commands all power in His Kingdom.\nελθετω η βασιλεια σου γενηθητω το θελημα σου ως εν ουρανω και επι της γης\nMy Translation May Your Kingdom Grow, May your will in Heaven, also be upon the earth.\nMost translations say something like \u0026ldquo;Your Kingdom come\u0026rdquo;. The thing is, \u0026ldquo;the kingdom of God is in the midst of you\u0026rdquo; according to the words of Jesus in Luke 17:21b. Which implies that at the very least, the Kingdom has seeded as a mustard seed, and is growing. It appears in the Lord\u0026rsquo;s Prayer that Jesus is teaching us to pray that His Kingdom will continue to be established, and come to a state of fullness.\nτον αρτον ημων τον επιουσιον δος ημιν σημερον\nMy translation\nThe bread of ours for tomorrow, grant it to us in the current age.\nNowhere is the kingdom focus of the prayer more evident, than in this statement regarding bread.\nMost Christians think of this statement as a request for our daily needs. But just a few versus down Jesus says \u0026ldquo;do not be worried about your life, as to what you will eat or what you will drink\u0026rdquo;. There must be something more to this request. And there is.\nIf you look at the greek word επιουσιον that many English translations have as \u0026ldquo;daily\u0026rdquo;, it is only used in 2 places in the whole Bible. Which is Matthew 6, and Luke 11, both in the Lord\u0026rsquo;s Prayer.\nThe only other sources we have for this word is again the Didache. It appears nowhere in wider Greek literature, whether Christian or Pagan.\nIf the writer wanted to say daily, there are common greek words that can be used to communicate this.\nIn Matthew 15:26 Jesus said \u0026ldquo;It is not good to take the children’s bread and throw it to the dogs.\u0026rdquo;. And the children\u0026rsquo;s bread he was referring to is the goodness of the Messianic age, the Kingdom.\nBack to the greek word epiousios, there is evidence the word is better translated \u0026ldquo;tomorrowly\u0026rdquo; or \u0026ldquo;of tomorrow\u0026rdquo;. Many Bible commentators agree that it is a Kingdom focused word.\nI believe Jesus is telling us to ask for a portion of the coming Kingdom, immediately today. Think of expectations of the Kingdom including perfect health, abundance, victory over evil, restoration of Israel and universal recognition of the one true God. Jesus wants to give us a foretaste of these things today.\nκαι αφες ημιν τα οφειληματα ημων ως και ημεις αφιεμεν τοις οφειλεταις\nMy translation\nAnd forgive our offenses, in the same way we forgive those who have offended us.\nRooted in Israel’s redemptive traditions of Jubilee and the Sabbatical Year. Every seven years \u0026ldquo;each creditor shall release what he has lent to his neighbor\u0026rdquo;. This represents the fundamental building block of freedom in the Kingdom.\nForgiveness is not merely a personal virtue, without it participation in the Kingdom is not possible.\nBut if you do not forgive, neither will your Father who is in heaven forgive your transgressions. The LORD then declares, \u0026ldquo;I will forgive their iniquity, and their sin I will remember no more.\u0026rdquo;.\nJust as Israel had to be freed from slavery in Egypt, those who wish to enter the Kingdom must be freed from the slavery of unforgiveness.\nThe request to forgive our offenses is a call for the righteous principles of redemption to be applied in our present age.\nκαι μη εισενεγκης ημας εις πειρασμον αλλα ρυσαι ημας απο του πονηρου\nMy translation\nAnd do not bring us into the grasp of temptation, but rescue us from the evil one.\nThe Lord\u0026rsquo;s Prayer ends on a major eschatological point. One of the promises of the New Covenant is that \u0026ldquo;they will not teach again, each man his neighbor and each man his brother, saying, ‘Know the Lord,’ for they will all know Me.\u0026rdquo;.\nThis final petition expresses that we are prone to sin, and we are yearning for the consummation when our Lord will put an end to all that is evil, and establish his eternal kingdom of righteousness and holiness.\nOn a personal application level, the disciples themselves were all tested and without divine strength the temptations would have been too intense to resist. When we humble ourselves and submit to the reign of the Holy One, He is able to deliver us from situations where otherwise we would be unable to stop ourselves from falling.\nTo recognize Jesus as the one who rescues us from the evil one, speaks of the future Kingdom age where God’s righteousness will reign completely, where there will no longer be any temptation to sin, and all the world will know the Lord.\n","permalink":"https://blog.artooro.com/2026/03/21/the-lords-prayer/","summary":"\u003cp\u003e\u003cem\u003eThus therefore pray ye\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003eOur Father who is in heaven,\u003cbr\u003e\nHallowed be Your name.\u003cbr\u003e\n‘Your kingdom come.\u003cbr\u003e\nYour will be done,\u003cbr\u003e\nOn earth as it is in heaven.\u003cbr\u003e\n‘Give us this day our daily bread.\u003cbr\u003e\n‘And forgive us our debts, as we also have forgiven our debtors.\u003cbr\u003e\n‘And do not lead us into temptation, but deliver us from evil.\u003c/p\u003e\n\u003cp\u003eNASB Matthew 6:9–13.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch1 id=\"the-prayer-template-for-the-way-of-life\"\u003eThe Prayer Template for the Way of Life\u003c/h1\u003e\n\u003cp\u003eThe text starts with:\u003cbr\u003e\n\u003cstrong\u003eGreek:\u003c/strong\u003e \u003ccode\u003eουτως ουν προσευχεσθε\u003c/code\u003e.\u003cbr\u003e\n\u003cstrong\u003eMy translation\u003c/strong\u003e: \u003ccode\u003eAccording to this manner make prayer.\u003c/code\u003e\u003c/p\u003e","title":"The Lord's Prayer"},{"content":"This recipe comes from my grandma, who\u0026rsquo;s mother-in-law learned it from locals in Mexico.\nIt has a wonderful kick to it from the onions and cayenne pepper, crunch of corn tortillas, and smoothness of mozzarella cheese. A perfect comfort food.\nIngredients 1 cup of all-purpose flour 1 heaping tsp of Cayenne Pepper 1 tsp of Salt 1 1/2 pack of corn tortillas 8 cups of loose shredded cheese 1 1/2 cup of chopped onion Instructions Start by boiling 4 cups of water in a medium pot. While you\u0026rsquo;re waiting for it to boil, make a slurry by dissolving the flour, cayenne and salt with cold water. Once the pot is boiling, mix in the slurry while mixing. Continue to stir as needed, the consistency should be a little thicker than gravey. You might need to add some hot water to thin it out.\nIt is done when bubbling. Set aside the sauce, and fry the tortillas so that the bottoms are starting to become crisp. 6. Compile the Stacks There are two options, you can simply take serving plates, make the stacks and serve.\nOr what we like to do is take a rectangular baking dish, stack the layers in there, and then stick into the oven for 10-15 minutes to get it all nicely melted together and even crisp up some of the cheese.\nStart by laying down a bit of sauce to add moisture to the bottom of the dish. Add corn tortilla layer Sprinkle onion on top of the tortilla Sprinkle cheese over the onion Drizzle sauce over the cheese Repeat as many times as desired to get a good looking stack Extra Option Fry an egg and add it to the top.\n","permalink":"https://blog.artooro.com/recipes/cheese-onion-enchiladas/","summary":"\u003cp\u003eThis recipe comes from my grandma, who\u0026rsquo;s mother-in-law learned it from locals in Mexico.\u003cbr\u003e\nIt has a wonderful kick to it from the onions and cayenne pepper, crunch of corn tortillas, and smoothness of mozzarella cheese. A perfect comfort food.\u003c/p\u003e\n\u003cp\u003e\u003cimg alt=\"photo\" loading=\"lazy\" src=\"/recipes/cheese-onion-enchiladas/plate.jpg\"\u003e\u003c/p\u003e\n\u003ch2 id=\"ingredients\"\u003eIngredients\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e1 cup of all-purpose flour\u003c/li\u003e\n\u003cli\u003e1 heaping tsp of Cayenne Pepper\u003c/li\u003e\n\u003cli\u003e1 tsp of Salt\u003c/li\u003e\n\u003cli\u003e1 1/2 pack of corn tortillas\u003c/li\u003e\n\u003cli\u003e8 cups of loose shredded cheese\u003c/li\u003e\n\u003cli\u003e1 1/2 cup of chopped onion\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2 id=\"instructions\"\u003eInstructions\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eStart by boiling 4 cups of water in a medium pot.\u003c/li\u003e\n\u003cli\u003eWhile you\u0026rsquo;re waiting for it to boil, make a slurry by dissolving the flour, cayenne and salt with cold water.\u003c/li\u003e\n\u003cli\u003eOnce the pot is boiling, mix in the slurry while mixing.\u003c/li\u003e\n\u003cli\u003eContinue to stir as needed, the consistency should be a little thicker than gravey. You might need to add some hot water to thin it out.\u003cbr\u003e\nIt is done when bubbling.\u003c/li\u003e\n\u003cli\u003eSet aside the sauce, and fry the tortillas so that the bottoms are starting to become crisp.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch3 id=\"6-compile-the-stacks\"\u003e6. Compile the Stacks\u003c/h3\u003e\n\u003cp\u003eThere are two options, you can simply take serving plates, make the stacks and serve.\u003cbr\u003e\nOr what we like to do is take a rectangular baking dish, stack the layers in there, and then stick into the oven for 10-15 minutes to get it all nicely melted together and even crisp up some of the cheese.\u003c/p\u003e","title":"Grandma's Cheese \u0026 Onion Enchiladas"},{"content":"I teach seminars about the digital age and protecting kids.\nIf you\u0026rsquo;d like to host, reach me at internet@artooro.com\n","permalink":"https://blog.artooro.com/internet/","summary":"\u003cp\u003eI teach seminars about the digital age and protecting kids.\u003c/p\u003e\n\u003cp\u003eIf you\u0026rsquo;d like to host, reach me at \u003ca href=\"mailto:internet@artooro.com\"\u003einternet@artooro.com\u003c/a\u003e\u003c/p\u003e","title":"The Internet"},{"content":"Smokeping is a popular tool to measure and graph latency and packet loss to Internet destinations of your choosing.\nUse cases would be to track the quality of your ISP connection, or just to look at some pretty graphs 😊\nInstalling on VyOS It\u0026rsquo;s a pretty simple process, the main thing that is not talked about in most docs is that you need to give the container access to net-raw kernel privileges, otherwise fping will give you a \u0026ldquo;Operation not permitted\u0026rdquo; error.\n# In operational mode add the image to the system add container image lscr.io/linuxserver/smokeping:latest # Create local directories for config and data mkdir -p /config/smokeping/config mkdir -p /config/smokeping/data # Go into configuration mode and setup the image configure set container name smokeping capability \u0026#39;net-raw\u0026#39; set container name smokeping environment PGID value \u0026#39;1000\u0026#39; set container name smokeping environment PUID value \u0026#39;1000\u0026#39; set container name smokeping environment TZ value \u0026#39;America/Toronto\u0026#39; set container name smokeping image \u0026#39;lscr.io/linuxserver/smokeping:latest\u0026#39; set container name smokeping network smokeping set container name smokeping port web destination \u0026#39;80\u0026#39; set container name smokeping port web source \u0026#39;8222\u0026#39; set container name smokeping volume config destination \u0026#39;/config\u0026#39; set container name smokeping volume config source \u0026#39;/config/smokeping/config\u0026#39; set container name smokeping volume data destination \u0026#39;/data\u0026#39; set container name smokeping volume data source \u0026#39;/config/smokeping/data\u0026#39; set container network smokeping prefix \u0026#39;172.16.222.0/29\u0026#39; commit save You should now be able to browse to your VyOS IP on port 8222, for eg. if it\u0026rsquo;s 192.168.0.1 you should browse to http://192.168.0.1:8222\nConfiguring Smokeping From a VyOS shell, run sudo vi /config/smokeping/config/Targets to edit the Targets file.\nYou\u0026rsquo;ll probably want to edit the value of remark at the top to make it personal to your install.\nSee https://oss.oetiker.ch/smokeping/doc/smokeping_examples.en.html for help customizing the remaining options. I\u0026rsquo;d recommend adding a local site such as your ISP\u0026rsquo;s web site or upstream gateway.\nAfter editing the Targets file, run the command restart container smokeping for the changes to apply.\n","permalink":"https://blog.artooro.com/2024/05/18/smokeping-on-vyos/","summary":"\u003cp\u003eSmokeping is a popular tool to measure and graph latency and packet loss to Internet destinations of your choosing.\u003c/p\u003e\n\u003cp\u003eUse cases would be to track the quality of your ISP connection, or just to look at some pretty graphs 😊\u003c/p\u003e\n\u003cp\u003e\u003cimg alt=\"smokeping screenshot\" loading=\"lazy\" src=\"/2024/05/18/smokeping-on-vyos/smokeping_screen.png\"\u003e\u003c/p\u003e\n\u003ch2 id=\"installing-on-vyos\"\u003eInstalling on VyOS\u003c/h2\u003e\n\u003cp\u003eIt\u0026rsquo;s a pretty simple process, the main thing that is not talked about in most docs is that you need to give the container access to \u003ccode\u003enet-raw\u003c/code\u003e kernel privileges, otherwise fping will give you a \u0026ldquo;Operation not permitted\u0026rdquo; error.\u003c/p\u003e","title":"Smokeping on VyOS"},{"content":"There are some free IPv6 tunnel broker services such as the popular https://tunnelbroker.net from Hurricane Electric. It\u0026rsquo;s a great service that I used for years. But over time I ran into two major issues. First the performance of the only server in Canada had become pretty poor. And second, many services were blocking the prefixes uses by tunnelbroker.net making it less practical to use on a regular use network.\nLooking for options I came across the unique ability on Linode to assign a virtual machine a /56 IPv6 prefix. Immediately the wheels started spinning and in a short amount of time I fully switched to using a small $5/month VM on Linode as my IPv6 tunnel \u0026ldquo;broker\u0026rdquo; service.\nSetup your Linode If you\u0026rsquo;re new to Linode, sign up using this link which tells them I referred you (thank you).\nCreate a new VM (also called a Linode), and my recommendation is to keep it simple with Debian 12, whatever region is nearest to you, and the Shared CPU Nanode 1 GB plan.\nI won\u0026rsquo;t go into the little details of creating a VM, if you\u0026rsquo;re new to this I\u0026rsquo;d recommend going over \u0026ldquo;Create Your First Compute Instance\u0026rdquo; which will guide you through that process. My expectation is that you know the basics on how to use SSH, and at least some beginner Linux knowledge.\nOnce you have your Linode up and running, go to the Network tab, and click the Add an IP Address button. You will want to select the IPv6 /56 prefix option, and hit Allocate.\nConfigure Network Stack SSH into your Linode VM, and let\u0026rsquo;s do three things.\nInstall WireGuard Enable IPv6 forwarding mode Manually configure network interface for IPv6 sudo apt install wireguard sudo echo \u0026#34;net.ipv6.conf.all.forwarding=1\u0026#34; \u0026gt;\u0026gt; /etc/sysctl.d/99-sysctl.conf Because the IPv6 forwarding prevents SLAAC from working properly, take note of your Linode\u0026rsquo;s SLAAC IPv6 address and we\u0026rsquo;ll manually configure it on the VM.\nIn your Linode settings, go to the Configurations tab, and click Edit for your boot config. Disable Auto-configure networking and Save Changes.\nNow edit the file /etc/network/interfaces and modify the line iface eth0 inet6 auto replacing it with the following.\n⚠️ Replacing the address with your IPv6 SLAAC address you noted earlier.\niface eth0 inet6 static address 2001:db8::a01b:19ff:76:126d/64 gateway fe80::1 Now reboot your VM to apply settings and test to make sure everything continues to work. For eg. maybe run ping6 dns.quad9.net to ensure your v6 network is still functioning.\nDivide your /56 subnet You will need to separate your /56 IPv6 prefix provisioned by Linode to smaller /64 subnets that you can assign to your local networks. A simple calculator you can use is https://subnettingpractice.com/ipv6-subnet-calculator.html where you can paste in your /56, hit Calculate, select /64 and Calculate again to list out all the possible subnets you can use.\nWe will use the first subnet for the WireGuard tunnel interface, which is 2001:db8:b123:2100::/64 in the example shown here.\nConfigure WireGuard Tunnel on your Linode At this point we\u0026rsquo;re ready to configure the server side of the WireGuard tunnel.\nStart by creating a private and public key pair. We\u0026rsquo;ll need a key for both the Linode (server) and client (router) side.\nwg genkey | tee linode_privatekey | wg pubkey \u0026gt; linode_publickey wg genkey | tee client_privatekey | wg pubkey \u0026gt; client_publickey Create your WireGuard Config Use an editor to create /etc/wireguard/wg0.conf and save your config file using the example below. For example you may want to use nano if you are a beginner.\nsudo nano /etc/wireguard/wg0.conf ⚠️ I am using \u0026lt;\u0026hellip;\u0026gt; as placeholders below, use the contents of the files generated from the above two genkey commands in place. Also remember to replace the example IPv6 addresses with your own.\n[Interface] PrivateKey = \u0026lt;linode_privatekey\u0026gt; Address = 2001:db8:b123:2100::1/64 ListenPort = 51820 [Peer] PublicKey = \u0026lt;client_publickey\u0026gt; AllowedIPs = 2001:db8:b123:2100::/56 Enable wg0 WireGuard Interface sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0 # You should see interface: wg0 with a single peer from belows command output sudo wg show And that\u0026rsquo;s it, your Linode server side configuration is complete at this point.\nConfiguring Your Router In the example below I am going to be using VyOS which is an open-source firewall OS that has a very good feature set.\nWe\u0026rsquo;ll be using the WireGuard keys generated above with the genkey commands.\nSSH to VyOS and run the following configuration commands.\nconfigure set interfaces wireguard wg1 address \u0026#39;2001:db8:b123:2100::2/128\u0026#39; set interfaces wireguard wg1 description \u0026#39;Linode IPv6 Tunnel\u0026#39; set interfaces wireguard wg1 peer linode address \u0026#39;\u0026lt;Your Linode IPv4 – Public address\u0026gt;\u0026#39; set interfaces wireguard wg1 peer linode allowed-ips \u0026#39;2001:db8:b123:2100::1/128\u0026#39; set interfaces wireguard wg1 peer linode allowed-ips \u0026#39;::/1\u0026#39; set interfaces wireguard wg1 peer linode allowed-ips \u0026#39;8000::/1\u0026#39; set interfaces wireguard wg1 peer linode port \u0026#39;51820\u0026#39; set interfaces wireguard wg1 peer linode public-key \u0026#39;\u0026lt;linode_publickey\u0026gt;\u0026#39; set interfaces wireguard wg1 private-key \u0026#39;\u0026lt;client_privatekey\u0026gt;\u0026#39; set protocols static route6 ::/0 interface wg1 commit save At this point you should be able to ping a public IPv6 address on the internet, maybe ping Quad9 just to make sure it\u0026rsquo;s working.\nping 2620:fe::fe ℹ️ If you\u0026rsquo;re using another system that supports WireGuard it should be fairly easy to copy the idea from the configuration commands above.\nUse IPv6 Prefixes on your Local Interfaces The final step is to use your prefixes on your local network interfaces. Let\u0026rsquo;s say for example you have a LAN and a VLAN 100, you might do something like this to configure one of your /64 prefixes on each interface and configure SLAAC router advertisements so that your devices can get an IP.\nconfigure set interfaces ethernet eth1 address \u0026#39;2001:db8:b123:2101::1/64\u0026#39; set interfaces ethernet eth1 vif 100 address \u0026#39;2001:db8:b123:2102::1/64\u0026#39; set service router-advert interface eth1 name-server \u0026#39;2001:db8:b123:2101::1\u0026#39; set service router-advert interface eth1 prefix 2001:db8:b123:2101::/64 set service router-advert interface eth1.100 name-server \u0026#39;2001:db8:b123:2102::1\u0026#39; set service router-advert interface eth1.100 prefix 2001:db8:b123:2102::/64 commit save The above example assumes you are using the DNS forwarder or some other DNS service on your router.\nOther Recommended Tasks This will bring you to the place of having your own personal IPv6 tunnel broker, but you will want to also look at the following items.\nMake sure you have appropriate firewall policies especially for ingress as you do not have NAT in front of your internal devices. You may want to configure DHCPv6 for devices that have trouble with SLAAC. If you\u0026rsquo;d like to run an IPv6-only network, take a look at my blog post on setting up NAT64. ","permalink":"https://blog.artooro.com/2024/02/25/build-your-own-ipv6-tunnel-broker-using-linode-and-wireguard/","summary":"\u003cp\u003eThere are some free IPv6 tunnel broker services such as the popular \u003ca href=\"https://tunnelbroker.net\"\u003ehttps://tunnelbroker.net\u003c/a\u003e from Hurricane Electric. It\u0026rsquo;s a great service that I used for years. But over time I ran into two major issues. First the performance of the only server in Canada had become pretty poor. And second, many services were blocking the prefixes uses by tunnelbroker.net making it less practical to use on a regular use network.\u003c/p\u003e\n\u003cp\u003eLooking for options I came across the unique ability on Linode to assign a virtual machine a /56 IPv6 prefix. Immediately the wheels started spinning and in a short amount of time I fully switched to using a small $5/month VM on Linode as my IPv6 tunnel \u0026ldquo;broker\u0026rdquo; service.\u003c/p\u003e","title":"Build your own IPv6 Tunnel Broker using Linode and WireGuard"},{"content":"If you want to operate an IPv6 only network, there is a new way to make it happen that is much simplified compared to what we had to do in the past.\nAnd this is using VyOS as your router which has integrated Jool starting in v1.4 making it very easy to setup and use out of the box.\nDNS64 Just as important as the NAT64 component is DNS64. This is what translates a DNS lookup that only has an A record to also respond with an AAAA record usually using the NAT64 well-known reserved prefix 64:ff9b::/96.\nThere are several options for DNS64. If you are currently using a custom DNS server it may already have this feature and you simply need to turn it on. I will list 2 simple methods.\nGoogle DNS Google offers a public DNS64 version of their DNS service which makes it super easy. You can use it directly or configure your existing DNS server to use Google DNS64 as it\u0026rsquo;s upstream forwarder. To use it simply enter the following DNS servers.\n2001:4860:4860::6464 2001:4860:4860::64 The downsides to this approach is it will only translate public DNS records. It won\u0026rsquo;t allow you to access private IPv4 hosts via DNS. And it will always use the well-known prefix, you have no ability to customize it if desired.\nBuilt-in DNS Forwarder The 2nd most simple approach is to use the DNS forwarder service built into VyOS.\nThe following example shows how to configure it. Of course modify allow-from and listen-address to match the prefix and address you are using for the network you want to implement NAT64 on.\nI used the well-known DNS64 reserved prefix, although you technically can use whatever you want. A /96 prefix size is recommended. For the upstream forwarder I used Quad9 in the example below.\nconfigure set service dns forwarding allow-from \u0026#39;2001:db8:a002::/64\u0026#39; set service dns forwarding cache-size \u0026#39;20000\u0026#39; set service dns forwarding dns64-prefix \u0026#39;64:ff9b::/96\u0026#39; set service dns forwarding listen-address \u0026#39;2001:db8:a002::1\u0026#39; set service dns forwarding name-server 2620:fe::9 set service dns forwarding name-server 2620:fe::fe set service dns forwarding port \u0026#39;53\u0026#39; commit save NAT64 Now we get to enable the actual translation part, which takes the IPv6 addresses returned by the DNS64 server and translates them to make the IPv4 connection and return it back to the client IPv6 endpoint.\nconfigure set nat64 source rule 1 source prefix \u0026#39;64:ff9b::/96\u0026#39; commit save And that\u0026rsquo;s it! 🤯\nSuper easy way to build an IPv6-only network.\nWhat about Direct IP Connections without DNS? Most modern operatings systems including iOS, macOS and Linux support something called 464XLAT. The way this works is the OS detects the NAT64 prefix being used on the network, and if an IP connection is attempted it translates the address on the network stack allowing all your apps to function transparently, not even aware that they are connecting via an IPv6 transition layer.\nOn Linux you may need to install clatd\nHow it works There is a special FQDN called ipv4only.arpa which when queried, the DNS64 resolver will return two AAAA records.\nThese addresses indicate the NAT64 prefix to the client.\nipv4only.arpa.\t21600\tIN\tAAAA\t64:ff9b::c000:aa ipv4only.arpa.\t21600\tIN\tAAAA\t64:ff9b::c000:ab As a result the operating system knows how to translate IPv4 into an IPv6 address and there is no need to deal with the complexity of dual-stack for client endpoints.\n","permalink":"https://blog.artooro.com/2024/02/18/nat64-on-the-router-using-vyos/","summary":"\u003cp\u003eIf you want to operate an IPv6 only network, there is a new way to make it happen that is much simplified compared to what we had to do in the past.\u003c/p\u003e\n\u003cp\u003eAnd this is using \u003ca href=\"https://vyos.io\"\u003eVyOS\u003c/a\u003e as your router which has integrated \u003ca href=\"https://github.com/NICMx/Jool\"\u003eJool\u003c/a\u003e starting in v1.4 making it very easy to setup and use out of the box.\u003c/p\u003e\n\u003ch2 id=\"dns64\"\u003eDNS64\u003c/h2\u003e\n\u003cp\u003eJust as important as the NAT64 component is DNS64. This is what translates a DNS lookup that only has an \u003ccode\u003eA\u003c/code\u003e record to also respond with an \u003ccode\u003eAAAA\u003c/code\u003e record usually using the NAT64 well-known reserved prefix \u003ccode\u003e64:ff9b::/96\u003c/code\u003e.\u003c/p\u003e","title":"NAT64 on the Router Using VyOS"},{"content":"Normally we wouldn\u0026rsquo;t recommend hosting applications on your firewall, but considering the UniFi Network Application (Controller) is connected closely to your network, there is at least some rational for running MongoDB on your firewall 😎\nAll you need to get started is a working VyOS installation. At this moment I am using v1.4 and v1.5 would be the same procedure.\nI also want to say thanks to the LinuxServer.io team who has done a great job maintaining this docker image. See more details on the image itself at https://github.com/linuxserver/docker-unifi-network-application\nStaging Files We\u0026rsquo;ll need to mount a few paths to the filesystem for data persistence. Also a configuration file will need to be created to initialize the database settings.\nCreate the following two directory paths.\nmkdir -p /config/unifi/db mkdir -p /config/unifi/app Create a file with your MongoDB initialization parameters. You may want to consider changing the password from CHANGEME to something more legit.\nbash -c \u0026#39;cat \u0026gt; /config/unifi/init-mongo.js\u0026#39; \u0026lt;\u0026lt; \u0026#34;EOF\u0026#34; db.getSiblingDB(\u0026#34;unifi\u0026#34;).createUser({user: \u0026#34;unifi\u0026#34;, pwd: \u0026#34;CHANGEME\u0026#34;, roles: [{role: \u0026#34;dbOwner\u0026#34;, db: \u0026#34;unifi\u0026#34;}]}); db.getSiblingDB(\u0026#34;unifi_stat\u0026#34;).createUser({user: \u0026#34;unifi\u0026#34;, pwd: \u0026#34;CHANGEME\u0026#34;, roles: [{role: \u0026#34;dbOwner\u0026#34;, db: \u0026#34;unifi_stat\u0026#34;}]}); EOF Configure Containers Let\u0026rsquo;s first add the two images we\u0026rsquo;ll need to the system with the following operational commands.\nadd container image docker.io/mongo:4.4 add container image lscr.io/linuxserver/unifi-network-application:latest And now it\u0026rsquo;s time to go into configure mode and set the container details.\nItems you will probably want to adjust are:\nMEM_LIMIT, in the example below I set it to 512 because that\u0026rsquo;s the VyOS container default, and my test network was small. You may need to increase this along with the container memory limit depending on the size of your network. MONGO_PASS, the same sample password from above was used, this needs to match what you entered into the MongoDB init script. TZ, I\u0026rsquo;ve set it to Toronto, you\u0026rsquo;ll probably want to set this to your region. configure set container name unifi-db allow-host-networks set container name unifi-db image \u0026#39;docker.io/mongo:4.4\u0026#39; set container name unifi-db volume db destination \u0026#39;/data/db\u0026#39; set container name unifi-db volume db source \u0026#39;/config/unifi/db\u0026#39; set container name unifi-db volume init destination \u0026#39;/docker-entrypoint-initdb.d/init-mongo.js\u0026#39; set container name unifi-db volume init mode \u0026#39;ro\u0026#39; set container name unifi-db volume init source \u0026#39;/config/unifi/init-mongo.js\u0026#39; set container name unifi-network-application allow-host-networks set container name unifi-network-application environment MEM_LIMIT value \u0026#39;512\u0026#39; set container name unifi-network-application environment MONGO_DBNAME value \u0026#39;unifi\u0026#39; set container name unifi-network-application environment MONGO_HOST value \u0026#39;localhost\u0026#39; set container name unifi-network-application environment MONGO_PASS value \u0026#39;CHANGEME\u0026#39; set container name unifi-network-application environment MONGO_PORT value \u0026#39;27017\u0026#39; set container name unifi-network-application environment MONGO_USER value \u0026#39;unifi\u0026#39; set container name unifi-network-application environment PGID value \u0026#39;1000\u0026#39; set container name unifi-network-application environment PUID value \u0026#39;1000\u0026#39; set container name unifi-network-application environment TZ value \u0026#39;America/Toronto\u0026#39; set container name unifi-network-application image \u0026#39;lscr.io/linuxserver/unifi-network-application:latest\u0026#39; set container name unifi-network-application port application destination \u0026#39;8080\u0026#39; set container name unifi-network-application port application source \u0026#39;8080\u0026#39; set container name unifi-network-application port discovery destination \u0026#39;10001\u0026#39; set container name unifi-network-application port discovery protocol \u0026#39;udp\u0026#39; set container name unifi-network-application port discovery source \u0026#39;10001\u0026#39; set container name unifi-network-application port httpportal destination \u0026#39;8880\u0026#39; set container name unifi-network-application port httpportal source \u0026#39;8880\u0026#39; set container name unifi-network-application port https destination \u0026#39;8443\u0026#39; set container name unifi-network-application port https source \u0026#39;8443\u0026#39; set container name unifi-network-application port httpsportal destination \u0026#39;8843\u0026#39; set container name unifi-network-application port httpsportal source \u0026#39;8843\u0026#39; set container name unifi-network-application port l2discovery destination \u0026#39;1900\u0026#39; set container name unifi-network-application port l2discovery protocol \u0026#39;udp\u0026#39; set container name unifi-network-application port l2discovery source \u0026#39;1900\u0026#39; set container name unifi-network-application port stun destination \u0026#39;3478\u0026#39; set container name unifi-network-application port stun protocol \u0026#39;udp\u0026#39; set container name unifi-network-application port stun source \u0026#39;3478\u0026#39; set container name unifi-network-application volume config destination \u0026#39;/config\u0026#39; set container name unifi-network-application volume config source \u0026#39;/config/unifi/app\u0026#39; commit save You can now browse to port 8443 https://...:8443 on your routers IP address, for example if your router is 192.168.1.1 you would browse to https://192.168.1.1:8443\nIt will probably take a few minutes to go live depending on how powerful your hardware is. On my 2-core Celeron N3350 with 2GB of RAM, it took about 3 minutes.\nFrom here on you can use it like any other UniFi controller, without needing to purchase a separate Cloud-key or host it in the cloud.\nUpgrading It\u0026rsquo;s as simple as running the following two commands.\nupdate container image unifi-network-application restart container unifi-network-application ","permalink":"https://blog.artooro.com/2024/02/15/how-to-run-unifi-network-application-on-vyos/","summary":"\u003cp\u003eNormally we wouldn\u0026rsquo;t recommend hosting applications on your firewall, but considering the UniFi Network Application (Controller) is connected closely to your network, there is at least some rational for running MongoDB on your firewall 😎\u003c/p\u003e\n\u003cp\u003eAll you need to get started is a working \u003ca href=\"https://vyos.io/\"\u003eVyOS installation\u003c/a\u003e. At this moment I am using v1.4 and v1.5 would be the same procedure.\u003c/p\u003e\n\u003cp\u003eI also want to say thanks to the \u003ca href=\"https://linuxServer.io\"\u003eLinuxServer.io\u003c/a\u003e team who has done a great job maintaining this docker image. See more details on the image itself at \u003ca href=\"https://github.com/linuxserver/docker-unifi-network-application\"\u003ehttps://github.com/linuxserver/docker-unifi-network-application\u003c/a\u003e\u003c/p\u003e","title":"How-to Run Unifi Network Application on VyOS"},{"content":"After the great success of my ABCPBCC recipe, when I started using sourdough in 2019 the natural progression was how do I incorporate a sourdough starter into the worlds best chocolate chip cookie recipe? This started about a year of testing and experimentation which finally resulted in the following refined recipe. The dough goes through a slow ferment in the fridge which accomplishes both a development of flavour and the health benefits from the sourdough yeast doing its magic.\nIngredients Flour 183g Salt 3/4 tsp Baking Soda 3/4 tsp Backing Powder 1/4 tsp Butter 30g Maple Syrup 10g Starter 60g White Sugar 30g Brown Sugar 150g Peanut Butter 60g Vanilla 6g Egg 1 Chocolate Chips 120g Instructions Brown the Butter Place the butter into a small pot or pan and set heat to high. As soon as the butter is completely melted set heat to medium-high. While continuing to stir, allow the butter to boil and as soon as it becomes a light brown remove from the heat and allow to cool while the remainder of the ingredients are mixed. Mix Dry Ingredients Flour, Salt, Baking Soda and Baking Powder.\nMix Wet Ingredients Except for the chocolate chips, with the Butter being last allowing it to cool as much as possible.\nMix the dry ingredients into the wet ingredients and mix just until you have a consistent texture.\nFold in the chocolate chips\nPlace bowl into the fridge for 24-96 hours or optionally make into cookie balls and refrigerate for 24-48 hours and then place into a freezer to be baked whenever desired.\nBake at 350 F for 10-12 minutes.\n","permalink":"https://blog.artooro.com/recipes/cookies-v2/","summary":"\u003cp\u003eAfter the great success of my \u003ca href=\"/recipes/abc-pb-chippers/\"\u003eABCPBCC recipe\u003c/a\u003e, when I started using sourdough in 2019 the natural progression was how do I incorporate a sourdough starter into the worlds best chocolate chip cookie recipe? This started about a year of testing and experimentation which finally resulted in the following refined recipe. The dough goes through a slow ferment in the fridge which accomplishes both a development of flavour and the health benefits from the sourdough yeast doing its magic.\u003c/p\u003e","title":"PB Chocolate Chip Sourdough Cookies"},{"content":"If you\u0026rsquo;ve just upgraded your web server to PHP-FPM you probably noticed that your web sites went down and your Nginx logs or whatever server you are using are giving you an error message that include the following statement:\nconnect() to unix:/var/run/www.sock failed (13: Permission denied) while connecting to upstream To provide some context for this problem see http://www.openwall.com/lists/oss-security/2014/04/29/5\nWhat was happening before is that the sockets were being created with a mode (permissions) of 0666 which makes it possible in theory for any web site to connect to them. This could be a security issue for shared hosting as an example. So the security fix was to have PHP-FPM create the sockets with a permission mode of 0660 instead.\nNow the problem with most default web server configurations is that the sockets are created under the root user while nginx or apache are running as a web server such as www-data. This means the web server is not able to read the PHP socket.\nThe Solution The solution is very simple which you can find at stackoverflow http://stackoverflow.com/a/23596317/1195553\nYou simply add the following 2 lines to your PHP-FPM web site configuration before or after you set the path to the socket itself.\nlisten.owner = www-data listen.group = www-data This causes the the socket to be created with the owner and group of www-data which allows the web frontend to access the socket without any permission issues.\nHappy administration!\n","permalink":"https://blog.artooro.com/2014/05/11/connect-to-fpm-socket-permission-denied-after-upgrade-to-php-5-5-12/","summary":"\u003cp\u003eIf you\u0026rsquo;ve just upgraded your web server to PHP-FPM you probably noticed that your web sites went down and your Nginx logs or whatever server you are using are giving you an error message that include the following statement:\u003c/p\u003e\n\u003cdiv class=\"highlight\"\u003e\u003cpre tabindex=\"0\" style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;\"\u003e\u003ccode class=\"language-shell\" data-lang=\"shell\"\u003e\u003cspan style=\"display:flex;\"\u003e\u003cspan\u003econnect\u003cspan style=\"color:#f92672\"\u003e()\u003c/span\u003e to unix:/var/run/www.sock failed \u003cspan style=\"color:#f92672\"\u003e(\u003c/span\u003e13: Permission denied\u003cspan style=\"color:#f92672\"\u003e)\u003c/span\u003e \u003cspan style=\"color:#66d9ef\"\u003ewhile\u003c/span\u003e connecting to upstream\n\u003c/span\u003e\u003c/span\u003e\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cp\u003eTo provide some context for this problem see \u003ca href=\"http://www.openwall.com/lists/oss-security/2014/04/29/5\"\u003ehttp://www.openwall.com/lists/oss-security/2014/04/29/5\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWhat was happening before is that the sockets were being created with a mode (permissions) of 0666 which makes it possible in theory for any web site to connect to them. This could be a security issue for shared hosting as an example.\nSo the security fix was to have PHP-FPM create the sockets with a permission mode of 0660 instead.\u003c/p\u003e","title":"Connect to FPM Socket Permission Denied After Upgrade to PHP 5.5.12"},{"content":" One really annoying thing about working with high definition video on the Windows platform is that none of the video editing application out there seem to understand that video clips from the camera may be split into multiple files because of the 2GB file size limitation of the FAT32 file system. In my case I\u0026rsquo;m working with a Canon XA10 recording to an SD card and editing using Adobe Premier.\nAt home I have a couple Macs with OS X and iMovie and Final Cut Pro X. All of the OS X programs have no issues with video clips that span multiple .MTS files, so it\u0026rsquo;s really annoying to me that none of the Windows apps know how to handle them.\nA friend of mine came up with a really simple solution for us, which is a batch file that does a copy /b on the MTS files. We have this batch file sitting on the desktop and then simply select the MTS files we want to merge and it merges them into a single file. It makes things much easier, although of course it would be nice if it just worked like it does on a Mac.\nHere is a slimmed down version of the batch file we use. Simply enter this code into notepad and save it as merge.cmd or something like that as long as it has a .cmd file extension. And then select the .MTS files from the camera\u0026rsquo;s SD card and drag them onto the merge.cmd script, and it will ask you to enter a path to save the merged file to, so enter that and hit enter, and it will do the magic. Have fun!\nOne quirky thing we discovered, when dragging the .mts files from the SD card, click on the first file from the set when dragging, otherwise the order could get messed up.\nThe batch file code @echo off title Merge Files. set /p choice=\u0026#34;Enter path to merge to: (eg. C:\\video\\test.MTS) \u0026#34; if \u0026#34;%~1\u0026#34;==\u0026#34;\u0026#34; exit if not \u0026#34;%~1\u0026#34;==\u0026#34;\u0026#34; SET one=%1 if not \u0026#34;%~2\u0026#34;==\u0026#34;\u0026#34; SET two= + %2 if not \u0026#34;%~3\u0026#34;==\u0026#34;\u0026#34; SET three= + %3 if not \u0026#34;%~4\u0026#34;==\u0026#34;\u0026#34; SET four= + %4 if not \u0026#34;%~5\u0026#34;==\u0026#34;\u0026#34; SET five= + %5 copy /b %one%%two%%three%%four%%five% \u0026#34;%choice%\u0026#34; PAUSE ","permalink":"https://blog.artooro.com/2013/04/08/merge-split-mts-avchd-clips-on-windows/","summary":"\u003cp\u003e\u003cimg alt=\"AVCHD logo\" loading=\"lazy\" src=\"/2013/04/08/merge-split-mts-avchd-clips-on-windows/logo_avchd-300x157.jpg\"\u003e\nOne really annoying thing about working with high definition video on the Windows platform is that none of the video editing application out there seem to understand that video clips from the camera may be split into multiple files because of the 2GB file size limitation of the FAT32 file system. In my case I\u0026rsquo;m working with a Canon XA10 recording to an SD card and editing using Adobe Premier.\u003c/p\u003e","title":"Merge Split MTS AVCHD Clips on Windows"},{"content":"Yes, it is time…. to post the first recipe I ever wrote. I put this together at about 12 years of age or so, and since then each time I’ve made them it’s been a family event.\nSo here it is for your enjoyment! Just remember, these cookies require a personal touch. Don’t look at the recipe as a law book, but only as something to guide you in the right direction.\nMain Important Ingredients: Chocolate Chips, Peanut Butter, Brown Sugar.\nCooking Time: 10 minutes a plate at about 350 degrees Fahrenheit.\nAuthor: Arthur Wiebe Revision: 20,051,122\nFull List of Ingredients 4 3/4 cup Flour 1 1/4 tsp. Salt 1 3/4 tsp. Baking Soda 1/4 tsp. Baking Powder 3/4 cup Peanut Butter 1 1/4 cup Softened Butter 2 1/4 cup Brown Sugar 1/2 cup White Sugar 2 tbsp. Vanilla 2 tbsp. Corn Syrup or Honey 3 Medium Sized Eggs 4 tbsp. Whole Milk or Light Cream 3+ cup Chocolate Chips 1 1/2 cup Walnuts or Pecans (Optional) Instructions In a mixing bowl, mix Flour, Salt, Baking Powder, and Baking Soda. In a larger bowl mix Peanut Butter, Butter, Brown Sugar, White Sugar, Vanilla, Corn Syrup, Eggs, and Milk. Now stir in the mixed dry ingredients into the mixed wet ingredients in 3 intervals. Slowly stir in the Chocolate Chips and Nuts. Bake at 350 degrees for 8-11 minutes. Once out of oven, wait 7 minutes for cookies to cool and bond.\nCopyright 2005-♾️ Arthur Wiebe (Do not use for illegal purposes, and do not sell it without giving me some revenue)\n","permalink":"https://blog.artooro.com/recipes/abc-pb-chippers/","summary":"\u003cp\u003eYes, it is time…. to post the first recipe I ever wrote.\nI put this together at about 12 years of age or so, and since then each time I’ve made them it’s been a family event.\u003c/p\u003e\n\u003cp\u003eSo here it is for your enjoyment! Just remember, these cookies require a personal touch. Don’t look at the recipe as a law book, but only as something to guide you in the right direction.\u003c/p\u003e","title":"ABC Peanut Butter Chocolate Chippers (aka ABCPBCC)"}]