Ryzen BIOS options and KVM virtualization

I had some troubles when trying to use KVM virtualization on the somewhat new Ryzen platform.

You must enable IOMMU and SVM both. This exact configuration varies depending on your motherboard manufacturer and BIOS, but you should be able to find these settings somewhere in there.

Otherwise you’ll end up with errors relating to being unable to find KVM modules in your kernel, modprobe reporting kvm_amd not found, and dmesg talking about KVM being bios-restricted.

Good luck!

Quickly add one (to many) IPs to an Ubuntu/Debian host

I had a bout of temporary confusion because I hadn’t manually added an IP to a Linux network adapter in a long time. In addition to that, some conventions have changed for the simpler. No longer do you have to append aliases to IPs like :0, :1, and so on.

In the below examples we’ll pretend our main IP is, and we wish to add The subnets and whatever other mask calculation blah blah probably doesn’t match up sue me.

Temporarily add a single IP:

ip addr add dev eth0

snooooooze who adds an IP to be removed on reboot?


Permanently add one or more IPs:

sudo vi /etc/network/interfaces


Observe default:

auto lo
iface lo inet loopback

# The primary network interface
auto ens160
iface ens160 inet static
   #dns-* options are implemented by the resolveconf package, if installed


Modify to add your new IPs’ stanza

auto lo
iface lo inet loopback

# The primary network interface
auto ens160
iface ens160 inet static
   #dns-* options are implemented by the resolveconf package, if installed

iface ens160 inet static

Once you’re done, reset networking either with a reboot, or with:

sudo systemctl restart networking.service

Of course everything above needs to be customized with your unique network information, such as IP addresses, netmask, network, broadcast, gateway. You can use those DNS servers though, they’re OpenDNS.

Have fun!

Windows Subsystem for Linux: Error 0x80070005 (Access Denied)

So you’re trying to automate Windows Subsystem for Linux.

(i’m sorry) – it goes without saying that this is super beta software. expect pain and rough edges. if you have alternatives, explore them until this is a more well-cooked shippable thingy.

Maybe things are going well though. You’ve got a script that can execute under a user to actually get it instantiated via

lxrun /install /y

 and it succeeds!

Now you have another problem though. You can’t just log in via SSH or PowerShell Remoting and invoke


… boo! You get returned 0x80070005 unless you’re totally interactive on the local Desktop with a local user.

That’s not cool though, we want to reach these things remotely and invoke things in an automation-friendly way. As it turns out, there are a couple of things preventing you from achieving this. Primarily:

  • Local launch and activation permissions on the Linux Subsystem / LXSS (as it’s referenced internally) DCOM configuration object.
  • Registry permissions which prevent you from modifying the above.

Let’s start with the registry permissions which are required to touch the items of the first bullet.

  1. Open

     as an Administrator

  2. Traverse into:
    2. Right-click on


    3. Open Permissions > Advanced > Change link to modify Owner
      1. Change to “Administrators”, check “Replace owner on subcontainers and objects”
      2. Give “Full Control” to Administrators group
  3. Go back and dig into:
    1. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\
    2. Complete the same steps as above, instead modifying this folder:
      1. {e82567ae-2ea4-4dbc-bc68-8b0a0526d8d5}

Now for the DCOM configuration, open Component Services from the start menu.

  1. Expand into Component Services > Computers > My Computer > DCOM Config, and set list view as shown in the screenshot:
  2. No, this list is not searchable. You can quickly jump down the index if you have fast fingers and can start typing the GUID that corresponds to the AppID we want to change, 

    . Right click and open Properties, at which point you should be able to “Edit” the Launch and Activation Permissions. If these are gray, you need to go back to the earlier steps and ensure you followed them properly. This is what those permissions adjustments allow us to do.

  3. “Add” Administrators to the security ACL table, and select Local Launch and Local Activation for this group. I opted for Administrators rather than a specific user so that scripting this it can be agnostic of any specific user configuration, and also retain some form of secure design by only allowing those who are already in the Administrators group to be able to touch these perms, and also invoke the LXSS components. This is important because there are serious security implications when inside the LXSS environment where most permissions don’t apply and you can break stuff really fast.
  4. Done!


Now that you’ve completed these steps, you should immediately be able to use Windows Subsystem for Linux in places previously not accessible, such as Win32-OpenSSH.

There’s a good chance your edits could be reverted if an update occurs that touches or otherwise lays down new configuration on top of what you previously modified. It’s a good idea to script this and perhaps run it through Ansible or a scheduled task (yuck) periodically. I’ve done some work to discover the PowerShell necessary to modify these ACLs, and will update this post soon or perhaps create a new one when it’s ready.

For now, you can find that bleeding edge hackery in my Gists.



ESXI 5.5/6.0/6.5 Download Links

Finding these download links is a difficult and annoying task. VMWare really takes a tip from Oracle on this one!!! Hide everything behind massive pay walls. Who cares with anyone that wants to learn or retrieve old software?

ESXI 5.5

ESXI 6.0

ESXI 6.5



Want a license for VMWare’s fine offerings? Head to their web store, or contact a re-seller/VAR.

Opening a graphical application on Mac OS via SSH

This won’t let you interact with it, but you can at least know it’s been opened on the remote machine. This helped me when I needed Teamviewer to be open after it had crashed.

  1. Log into your Mac OS machine via SSH. This has to be preconfigured, it’s not available by default.
  2. Execute the following
open /Applications/TeamViewer.app

TeamViewer.app can be replaced with any app of your choosing. Autocompletion is available in this directory so it makes it a bit easier to look and find what you might be wanting to open.

Good luck!


Using FFmpeg to live stream a webcam to YouTube Live via a Raspberry Pi 3

I found lots of disparate information across the internet as many things are with Raspberry Pi software projects. I wanted to be able to live stream a webcam I’ll have affixed to my 3D printer so myself and others can check out how it’s spectacularly failing making awesome new things. Here’s a concise how-to. As always, never blindly run commands from the interwebs on your local machine. Verify sources, and read up on man pages about any command you’re unfamiliar with. This not only bolsters your stance on security, but you learn a thing or two along the way!

Warning: This is not a “im new to linux and what are $THING” friendly guide. You’re either going to learn a little bit about how Linux manages devices, building from source, and other neat things, or you will blindly install things and potentially hose your meme box. Do your homework, or at least comment!



My configuration:

  • Raspberry Pi 3
  • Raspbian 8 (Debian Jessie)
  • 100Mbit link
  • Logitech C920 (1080p, ~$60)




Install x264 and ffmpeg

I had trouble getting avconf (ffmpeg’s successor) to work. Support for the hardware acceleration the Raspberry Pi 3 (and others maybe?) possesses I could not find in avconf. I didn’t try very hard because it was frustrating and this Just Worked (TM).

[ x264 ]

mkdir -p ~/ffmpeg-source &amp;&amp; cd ~/ffmpeg-source

wget ftp://ftp.videolan.org/pub/x264/snapshots/last_x264.tar.bz2

tar jxvf last_x264.tar.bz2 &amp;&amp; cd x264-snapshot-*

./configure --enable-shared --prefix=/usr


sudo make install


[ ffmpeg ]

cd ~/ffmpeg-source

git clone https://github.com/FFmpeg/FFmpeg.git &amp;&amp; cd FFmpeg

# below is super important, it enables usage of the magical hardware support

sudo ./configure --arch=armel --target-os=linux --enable-gpl --enable-omx --enable-omx-rpi --enable-nonfree

# the below will take a while. probably a hell of a lot longer on anything but a Pi 3. i hear the zero can take 8 hours to build this. omit the -j4 on non-Pi 3's

sudo make -j4

sudo make install


Using ffmpeg
ffmpeg -f mp3 -ac 2 -i ~/Music/vaporwave_mix.mp3 -f v4l2 -s 1920x1080 -r 30 -input_format h264 -i /dev/video0 -vcodec copy -r 15 -g 30 -b:v 3000k -ar 44100 -threads 6 -b:a 96k -bufsize 3000k -f flv rtmp://a.rtmp.youtube.com/live2/KEYIDHERE

Many of these arguments are positional. For the non-technical, this means that their position or order in the command has some level of importance. For example, -i is provided near both the “mp3” and for /dev/video0 this is because it’s meaning is universal. More elaboration below.

-f    force the format. this means you can explicitly define what the format is of the content you are manipulating. in our first instance, we are declaring an mp3. in the second, “v4l2” which is the video4linux2 video driver that allows us to get video from our webcam. in the third example we are forcing flv as this is the best we can do that youtube live (via RTMP) supports.

-ac    the number of audio channels present. for example, mono=1 and stereo=2

-i    input/intake, what is the source of the content? in the first example, we are referencing a file on our local file system. youtube live does not allow you to not provide audio, so i’m putting on a nice lengthy vaporwave mix. you could provide the audio via a microphone as well if this were an interactive stream.

-s    size, resolution. i’m using 1080p (1920×1080). for higher framerates and less CPU crunch you could kick it down to 720p or even 480p.

-r    rate, framerate. 30 fps is a pretty good median, but may be too much for some low power platforms. i hear that youtube won’t stream well at anything less than 15 FPS.

-input_format    this is the declaring the format in which your video is being received. h264 is desirable as it means we don’t need to do additional encoding which is very cpu intensive and would likely destroy this whole scenario.

-vcodec    video codec, in our example we are advising to use whatever is provided in the source, to avoid encoding.

-g    i honestly don’t remember what this means and couldn’t find it in my man page! easter egg!

-b:v    bitrate:video, you’ll need to calculate this ceiling based on your connection speed.

-ar    audio rate, 44100 is CD quality and is perfectly acceptable for most purposes.

-threads    the amount of threads given to ffmpeg to perform the operation, this may need to be tuned depending on your platform.

-b:a    bitrate:audio. how big the audio channel will be when you try to squeeze it down the pipe. too small and you end up losing quality. too high and you have diminishing returns. most users don’t need to care about this.

-bufsize    https://trac.ffmpeg.org/wiki/EncodingForStreamingSites 

rtmp://a.rtmp.youtube.com/live2/KEYIDHERE this is the destination we’re going to through our output FLV encoded output against. add your youtube live key to the end when you plug it into the example

UNRAID: Disabling autostart when passthrough disables the host

I found a weird ‘gotcha’ with UNRAID recently, where if you pass through a PCI-E device into a virtual machine you may lose interactivity with the host if it’s currently relying on that resource when said VM is staretd.

Furthermore, if you’re using auto-start, you’re extra screwed! As soon as you start the array, the VM is kick-started and you lose the device. You cannot modify the VM configuration without the array being mounted, so you’re stuck in this seemingly inescapable loop. Fortunately there is a pretty lightweight solution if you’re even remotely familiar with Linux.

  1. Access Settings > VM Manager from the UNRAID web interface prior to any array being started.
  2. Set Enable VMs = No and apply.
  3. Start the array, so that the disks are mounted.
    1. VMs will still not be available.
  4. At the physical UNRAID host, log into the console or SSH in.
  5. Rename the boot disk of the VM so start fails.
    1. mv /mnt/user/yourVMBootDiskArray/vm-name/vdisk1.img /mnt/user/yourVMBootDiskArray/vm-name/vdisk1.img.backup
  6.  Set Enable VMs = Yes and apply.
  7. The VM attempted to start, and has failed immediately before passthrough was able to occur. Now edit your configuration to exclude the offending device from passthrough.

Good luck!

How-to: Install Hidden: Source

Image result for hidden source

He stalks in the shadows. Watching. Waiting. Killing without warning, forcing you to run and hide, to fight to the last man in this brutal, yet innovative multiplayer game

  1. Download the latest 4b version here. Alternative koiserver.com source coming soon…
  2. Run through the installer.
  3. Restart Steam to populate the title in your Library.
  4. Launch the game to ensure the proper Source SDK is installed. (can require a 2-4GB download, make sure you complete this step in advance!)
    • Don’t forget to update video settings and change the default name (if applicable.)

How-to: Install Goldeneye: Source


GoldenEye: Source is a total conversion mod developed using Valve’s Source engine. GoldenEye: Source is a multiplayer remake of the 1997 Nintendo 64 video game GoldenEye 007, itself based on the James Bond film GoldenEye

This is so kick-ass it does not require an opening intro, let’s get down to business.

  1. Download the main installer package (2GB) here. Alternative source via koiserver.com coming soon…
  2. Run the executable package, decompress, and follow prompts to install.
  3. Restart Steam to show the game from your Library.
  4. Launch the game to ensure the proper Source SDK is installed. (can require a 2-4GB download, make sure you complete this step in advance!)
    • Don’t forget to configure name (if applicable) as well as video settings such as resolution!

“Steam connect failed” – Modern Warfare 2, July 2016

Some users are newly observing that they are unable to connect to the Call of Duty: Modern Warfare 2 online services recently. It appears that after nearly six months of allowing VAC banned users to play online freely, they are now rejecting them once more.

Writing this today as it was very confusing to figure out for a friend why they were unable to play tonight. They had a VAC ban in the game from six years ago.

Hope this helps, and sorry to be the bearer of bad news!