Originally – I wasn’t looking for evidence of abuse or brute force attempts to my web server but through analysis of log files – I’ve found some.

A lot in fact. 100K+ HITs per day to particular parts of my site, the majority of which is brute force.

Screen Shot 2016-02-11 at 14.28.08

I’ve noticed weirdness in firewall logs too which I’m beginning to trawl through and start closing off doors because of. Thank the lord for iptables and a decent policy.

I’m now in a state of closing ports, rebinding services to IPs and setting up rate-limiting to thwart repetition. Blocking will now occur and prevent hammering of pages. Next is to start black-holeing IPs that persist.

I had this error displaying to me when attempting to play a few items from my library. The files I knew were OK as VLC playback via sshfs direct from the server was fine.

Read a few things about SSL connections, Subtitles, this, that and the other – but none were the cause of my issue.

Turns out it was disk space.

From ‘Plex Media Server.log’

Feb 09, 2016 10:55:41 [0x7fc28a3f9700] WARN – Low disk space: 5043020343 bytes source file, 18746441728 bytes capacity, 3664343040 bytes available on /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Cache/Transcode/Sessions
Feb 09, 2016 10:55:41 [0x7fc28a3f9700] WARN – TranscodeSession: inadequate disk space for transcode
Feb 09, 2016 10:55:41 [0x7fc28a3f9700] ERROR – Failed to start session successfully.

Who’d have thought only having 3.5GB~ free would be an issue!

Just thought I’d share.

Also posted @ https://forums.plex.tv/discussion/206281/there-was-a-problem-playing-this-item

So this has been bugging me for a while.. MacbookPro 10,1.. 2.3GHz i7, 8GB DDR3 RAM and the fecking audio playback over Bluetooth skips! For a while I suspected the naff’ish bluetooth speaker I was using (Jam) but after upgrading to a BOSE SoundLink.. the issue remained. Seriously now.. what the fudge!

I’d poked around before with trying to fix this problem, but suggestions were stupid; “Turn off the WiFi, Move the speaker further away, Move the speaker closer”. All shit. It seemed to me like the audio agent on the Mac was being scheduled in a way that would introduce lag into the bluetooth stream. I’ve known of similar things before with radio.. delay a process too much and the packets fall out of sync and can’t be recovered which results in transmission gaps. Effectively lag.

Bit of Googling and found a damn useful thread: https://apple.stackexchange.com/questions/167245/yosemite-bluetooth-audio-is-choppy-skips/179209#179209?newreg=4bc544772e98420999b564078c6d264d

I’d seen the commands to manipulate the BluetoothAudioAgent before but didn’t have much luck. The commands below though.. genuinely seem to have fixed my problems.

Firstly, see what you’re default values are:

defaults read com.apple.BluetoothAudioAgent

Might be prudent to make a note of any values displayed using the above command. Update the agent options by setting the values below;

defaults write com.apple.BluetoothAudioAgent "Apple Bitpool Max (editable)" 80
defaults write com.apple.BluetoothAudioAgent "Apple Bitpool Min (editable)" 80
defaults write com.apple.BluetoothAudioAgent "Apple Initial Bitpool (editable)" 80
defaults write com.apple.BluetoothAudioAgent "Apple Initial Bitpool Min (editable)" 80
defaults write com.apple.BluetoothAudioAgent "Negotiated Bitpool" 80
defaults write com.apple.BluetoothAudioAgent "Negotiated Bitpool Max" 80
defaults write com.apple.BluetoothAudioAgent "Negotiated Bitpool Min" 80

Effectively – these commands control how “friendly” OSX is with other Bluetooth devices. Clearly though, being friendly doesn’t provide good audio quality.

After setting these values, reboot. After reboot, issue is fixed. Have been listening now for 90 minutes from Apple Music, YouTube and SoundCloud without a single skip.


I’ve been wanting to watch movies using my AppleTV that I have locally. I use Plex Media Server to make the files available as streams. Plex Media Server is a service running on a CentOS Virtual Machine connected to the LAN. The VMware ESXi host runs a few VMs but I’ll not get into that.

Plex is great. Interface looks fantastic and the software does an amazing job of transcoding files, enabling streaming to every device I’ve tried. I’ve been using an app for iPhone called íMediaShare’ to fire a DLNA stream at the XboxOne for playback on the TV. Works ok but then created a reliance on my phone in order to browse the media library. Not perfect, but not far off!

What I really wanted, was to push media to the AppleTV instead of the Xbox but without needing to navigate media using my phone. AppleTV wouldn’t work with iMediaShare at all so something new was needed.. to Google!

After three clicks, I found this: https://github.com/iBaa/PlexConnect/wiki/Install-Guide

Followed the steps. Downloaded, fired it up on the Plex server and voila! It works! Using the Trailers app I can now browse Plex and stream whatever is available 😀 Awesome!! 😀

I need this to start now every time the server boots. No point it working.. if it’s.. uhh.. not working 🙂

So.. to make a service you have to:

Create it:

sudo nano /etc/init.d/plexconnect
# plexconnect: This shell script takes care of starting and stopping
# plexconnect.
# v1.0 – Nick Fennell @ tbfh.org
# chkconfig: 2345 65 35

. /etc/rc.d/init.d/functions

# See how we were called.
case “$1” in
# Start daemon.
echo -n “Starting PlexConnect: “
touch /var/lock/subsys/plexconnect
# Adapt the line below. Needs to be the PlexConnect.py location.
daemon /home/nickfennell/PlexConnect/PlexConnect.py
# Stop daemon.
echo -n “Shutting down PlexConnect: “
killproc plexconnect
rm -f /var/lock/subsys/plexconnect
$0 stop
$0 start
status plexconnect
echo “Usage: plexconnect {start|stop|restart|status}”
exit 1


Add it:

sudo chkconfig –add plexconnect

Enable it:

sudo chkconfig –levels 345 plexconnect on

Check it:

sudo chkconfig –list | grep plex

Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.

If you want to list systemd services use ‘systemctl list-unit-files’.
To see services enabled on particular target use
‘systemctl list-dependencies [target]’.

plexconnect 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Start it:

sudo service plexconnect start


Through deploying 2012 R2 into my home lab for testing I’ve recognised some “weirdness” with the RRAS requesting 10 DHCP leases when the service is started.

Seems this is normal – RRAS requests 10 IPs (Technet). Keeps the IP/Subnet info but drops everything else offered by the DHCP server such as options. This ensures that dial-in clients have an IP available immediately without needing to await a DHCP response. Clever I guess.. just looks messy on my active leases as they’re all mixed up with my normal network devices. Additionally – my ranges are being consumed by RRAS and creating a lease shortage for the rest of my network.

Now the obvious thing to do here, is increase the size of the range. I know. But that’s far to simple.. What I fancy doing instead.. is creating a New range, and having the RRAS addresses allocated from that. I can tag it within IPAM tool as a RRAS DHCP Range and keep the addresses out of my main network pool.

To do this – I create a new range on my DHCP server (ISC DHCP) with an idea here of associating the DHCPDISCOVER messages coming from the 2012 R2 with this new range in order to keep the RRAS DHCP leases out of my primary range; preventing exhaustion, and making my IP allocation look prettier (it’s important that things look pretty….).

For it to work, I need to establish a way of identifying the request. Let’s take a look at a DHCPDISCOVER message: > [udp sum ok] BOOTP/DHCP, Request from 00:50:56:37:a3:b0, length 319, xid 0xd40c1b0d, Flags [Broadcast] (0x8000)
Client-Ethernet-Address 00:50:56:37:a3:b0
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
CLASS Option 77, length 14: “RRAS.Microsoft
NOAUTO Option 116, length 1: Y
Client-ID Option 61, length 17: ether 52:41:53:20:00:50:56:37:a3:b0:00:00:00:00:00:00
Hostname Option 12, length 10: “MS-Serv001
Vendor-Class Option 60, length 8: “MSFT 5.0”
Parameter-Request Option 55, length 13:
Subnet-Mask, Domain-Name, Default-Gateway, Domain-Name-Server
Netbios-Name-Server, Netbios-Node, Netbios-Scope, Router-Discovery
Static-Route, Classless-Static-Route, Classless-Static-Route-Microsoft, Option 252
END Option 255, length 0

Few different options here. I’ve made bold, and coloured red to highlight.

Using these I could associate allocation of IPs to the:

MAC address of the sending interface (00:50:56:37:a3:b0)
IP address of the sending interface (
The Hostname of the requesting client (MS-Serv001)
The User Class specified by the requesting client (RRAS.Microsoft)

I should note: I did check the hostname option remained consistent across multiple messages, and although a totally viable option – I think I’ll go with the User Class option instead. It’s a nice specific value used to identify requests from the RRAS, and one that won’t be effected by changes to the 2012’s domain or network configuration.



Now, the DHCP Service will need to be reconfigured to prevent allocation to the RRAS from the primary pool (, and instead allocated from the new range (

Matching the User Class is as relatively straight forward once you know the option to use. In this case ‘user-class’. Once determined, choose a name and create the class within the dhcpd.conf as below;

class “Microsoft Routing and Remote Access” {
match if option user-class = “RRAS.Microsoft”;

The class name is now Microsoft Routing and Remote Access

Once the class has been created we can then adjust access to the pool using ACLs. The ACLs deny clients matching class defined from the main pool causing it to fall-through to the next pool in the config. On this pool the class is allowed, and addresses will be allocated as required.

pool {
option domain-name-servers;
option domain-search “home”;
option routers;
option domain-name “lab”;
failover peer “failover-smart-dhcp1.lab”;
deny members of “Microsoft Routing and Remote Access”;allow unknown clients;
pool {
failover peer “failover-smart-dhcp1.lab”;
allow members of “Microsoft Routing and Remote Access”;

Pretty straight forward.

Restart the service and go. You should check the config first but I’m a maverick.. Live life on the edge..

Anyhow.. Looking at the GUI of my DHCP server – it seems the config works well.

Screen Shot 2015-07-09 at 11.42.46My primary scope ( is no longer filled with leases from MS-Serv001! Happy days!!