Z-Car

Moen shower faucet provides no cold water, only hot

hot-girl-cold-broken-shower

A common issue with older Moen shower faucets is only cold, or only hot water coming out of the faucet or shower head.  This often happens with showers that are not used very often, or where the water supply is particularly hard or has high levels of contaminants.  If you search the web for help, the most often suggest is to replace the main cartridge (part number Moen 1225 or 1200).  However, this is most likely not the source of the issue.

If you remove the shower faucet knob, and remove the cover behind it, you should see something like the image below.  This is a Moentrol 3570 valve, there are other similar model numbers.

moenvalve

Within the valve is what is called a balancing spool.  This balancing spool valve contains a piston which moves back and forth maintaining a given temperature even if the pressure on the cold side is reduced, for example someone flushes a toilet when the shower is in use.  It prevents a sudden blast of hot water which can lead to burns.  When you suddenly experience only the cold or hot water flowing regardless of where you set the flow handle, this valve is almost always the culprit.

The piston which is inside the balancing spool will get stuck in one position or the other.  When this happens, it essentially shuts off flow to either the hot or cold side.  Poor water quality and age will eventually cause the piston to get stuck in its bore.   The balancing spool (part number Moen 1423) can be seen clearly in the photo below.

moentrol valve

The first step in repairing the balancing spool valve is to remove it.  You will need to use a VERY large screw driver to unscrew the valve (number 2 above).  Make sure you shut off your water first!  You can also use a straight-edge piece of metal clamped in vice grips if you do not have a large enough screw driver.  Spray the outside of the screw with Liquid Wrench or other penetrating oil in advance of your attempt, it can be difficult to loosen.  If you are lucky, the valve will come out with the screw.  But, most likely the top of the spool will separate, like in the photo below.

IMG_5753

If this happens, you will need to retrieve the stuck piece.  The way that I accomplished this was to soak it in Liquid Wrench for an hour before my attempt.  I inserted a screw driver down into the piston and tried to lever it out, tapping with a hammer at the same time.  I then bent a piece of metal rod into a hook shape and fished it inside and caught it against one of the holes in the body of the spool.  Using a pair of vice grips I pulled until it came loose.  This may take some work, so be patient.

Once removed you have two options, replace with a new one, which is not cheap, retail price is between $55-95.00.  Or, you can usually successfully clean the spool.  To do this, remove the round piece of metal at the back of the valve (seen above).  Just slip a small screw driver into the gap and twist it out.  Then tap the piston out of the bore.  I used a socket to support the back of the spool, and used a hammer and screw driver to tap it out.

Next, you want to use fine sandpaper to clean off the piston journals, and the inside of the bore of the valve.  Get aggressive, you want the bore and journals to be polished clean.  Work the piston back and forth in the bore until there is absolutely no sticking or binding.  Then apply plumbers grease and reassemble.  Turn the water back on and test the faucet, you should now have hot and cold water, and just saved yourself a couple hundred dollar repair bill.


Unable to renew using LetsEncrypt Certbot-Auto with CRON – Fail

Recently I had a fail when trying to automate the renewal of my LetsEncrypt SSL certificates using a CRON job, I experienced the following error when running “certbot-auto renew” :

Error: couldn’t get currently installed version for //.local/share/letsencrypt/bin/letsencrypt:
//.local/share/letsencrypt/lib64/python2.6/site-packages/cryptography/__init__.py:26: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of cryptography will drop support for Python 2.6
  DeprecationWarning
An unexpected error occurred:
ContextualVersionConflict: (setuptools 0.9.8 (/.local/share/letsencrypt/lib/python2.6/site-packages), Requirement.parse(‘setuptools>=1.0′), set([‘certbot’]))

At first glance, this failure would appear to have something to do with Python 2.6 and the cryptography site-package.  However, this actually just turns out to be a warning.  The unexpected error below is what causes the issue.  If you look closely at the error (couldn’t get currently installed version for //.local/share/letsencrypt/bin/letsencrypt) line and the line starting with ContextualVersionConflict, you will see that it is trying to access (/.local/share/letsencrypt/lib/python2.6/site-packages).  In both cases, the issue is with //.local/, when running as a cronjob, this needs to point to /root/.local.  There are a couple ways to fix this.

One, you can edit your crontab and edit HOME=/ to HOME=/root/
Two, you can create a wrapper script that changes your HOME directory before calling certbot-auto renew
Lastly, you can choose to do what I did and directly edit the certbot-auto script.   I hard-coded the values for HOME and XDG_DATA_HOME.  This has the disadvantage of getting wiped out if you ever update that script, however it also guarantees that no matter how that script is executed, it will always be pointing to the correct location.

To edit the script, add the following lines :
HOME=/root/
XDG_DATA_HOME=/root/.local/share

before the line that has :
VENV_NAME=”letsencrypt”

Leave a comment if this solved your problem, or if you are experiencing any other strange issues running certbot-auto from a cron job.


Installing LetsEncrypt Certbot on Amazon Linux Server

The LetsEncrypt Certbot is an awesome tool for getting and maintaining SSL certificates for your sites.  In most cases, it is extremely easy to setup and maintain.  However, installing it on Amazon’s proprietary Linux server in EC2, it often fails.  These are the steps I took to get it to install properly in my environment.  

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
sudo yum install libffi-devel
sudo yum install openssl-devel
sudo chown -R ec2-user:ec2-user .well-known/
./certbot-auto –no-self-upgrade –no-bootstrap

After performing these commands, you should now be able to use Certbot as you would normally.

Certbot will place your completed SSL certs in the following paths.

  • Certificate: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/cert.pem
  • Full Chain: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/fullchain.pem
  • Private Key: /etc/letsencrypt/live/YOUR_WEBSITE_HERE/privkey.pem

To setup auto renew, you will need to add the following line to your crontab file.  Make sure you are running as root when you do so using sudo su.

Adding this  line will run the renewal process twice per day.

0 2,14 * * * /home/ec2-user/certbot-auto renew

 If you have any issues, leave a message in the comments so we can help.


Upgrade your Miata’s headlights with Hella H4 halogen bulbs, Cibie eCode projectors, and a relay kit.

 

My 1994 Mazda Miata has suffered over the years with a very poor headlight setup.  It got to the point where I just did not enjoy driving it at night anymore.  The pathetic yellow light dripped from the front of the car, providing limited visibility, even in urban driving.  Rural driving, out where I live, was just down right scary.

So, I finally decided to do something about it.  I ultimately decided to upgrade my sealed beams for a set of Cibie eCode projectors fitted with H4 100/80W bulbs.  When upping the watts and amperage from stock values to these floodlights, it is important to add an aftermarket lighting relay.  Your factory wiring harness and light switch will thank you, 20 year old thin wire usually does not like having 10+A flowing through it on a regular basis.  

First step, buy a quality relay harness that will work with your Miata.  The picture below shows the unit I went with.  Installation took all of about an hour.  I suggest connecting the power to the main fuse panel via the main breaker bolt.  Also, wire it in with your stock lights first to test operation before upgrading to the H4’s.  Changing one thing at a time helps with troubleshooting if you run into any issues.

The next step is to replace your sealed beams with the Cibie eCodes.  These are European styled projectors that will amaze you with how much better they project light down the road.  The light is focused, yet is aimed so as not to dazzle oncoming traffic.  Swapping out the projectors just involve popping your headlights, removing the plastic shroud around the pop-up, and then loosen the three screws around the silver retaining benzel.  

 

Lastly, we get to the Hella H4 100/80W bulbs.  Most folks will stick with the more standard 60/55W bulbs, however I highly recommend upgrading to a higher wattage.  The difference in output is just stunning, and when combined with the Cibie eCodes, you will not blind other drivers.  There are other wattage H4’s such as a 130/90, 130/100, and 100/90.  As long as you have upgraded your wiring with a relay harness, it is safe to give these bulbs a try.  However, it has been reported that the high wattage bulbs have very short lifetimes, sometimes only hundreds of hours before they fail.  Also, care must be taken when installing an H4 to get NO fingerprints on the bulb.  The oil from your hands will cause early failure as well. 

If you shop around (click on pictures to see on Amazon), you can pick up all the parts you need for less than $150.  And, future replacement bulbs can be picked up for less than $10 each.  Don’t put it off, click on the pictures above, go to Amazon, and be amazed at how awesome a new headlight setup will enhance your night time driving!  Leave a message to let us know how it goes for you.  

 


Troubleshooting and Hacking the Ambient Weather WS-0900 Weather Station

For Christmas I received the Ambient Weather WS-0900-IP Wireless Internet Remote Monitoring Weather Station.  This little unit is a great way to setup your own personal weather station, which as a bonus allows you to access the data over the Internet.

So, after setting up the unit, and playing with it for a while, I got the urge to start hacking it.  I found out that you can access the device over telnet.  The built-in controller has a limited set of commands, and unfortunately on this model, does not really have much utility.  After playing around with various commands to try and redirect the units update from weather underground to my own servers, I accidently used the fwupdate command which wiped out the units ROM.

Lesson learned, don’t mess around with stuff unless you are ok breaking it!  After a bit, I was able to work out the following procedure for reloading a valid firmware.

This is the proper fix if your  IP Observer is not connecting.  In this case, only the Power, Link and ACT lights are lit blue on the unit, and the ObserverIP module does not communicate to the server, and you cannot access the unit via the built-in web server.   This state will require that the firmware be reloaded.

  • Download the latest firmware here:  http://www.AmbientWeather.com/observerip.html 
  • Turn off the power to  the ObserverIP module however leave it connected to your network. 
  • Launch the IP Tools.   Because the ObserverIP module is turned off, you will not be able to locate it on your network, but continue anyway. 
  • Select the Upgrade button in IP Tools. 
  • Select the Select File button, and browse to the location of the file you downloaded in Step 1. 
  • Select the Upgrade Firmware button. 
  • Plug in the ObserverIP module. The software will locate the device on your network and begin the update.  The dialog box will display Received a Read Request from the ObserverIP module. A green progress bar will provide you with the upgrade status. 
  • Once the firmware upgrade is complete, the dialog box will display Read session is completed successfully.
  • Wait about one minute for the ObserverIP module to reboot, and then access the web server.

You should have a restored fully functioning unit!  I still have not been able to redirect the weather updates to another server.  In my unit, a WS-0900 with the 3.0.8 version it appear that the server that it connects to is a hard coded IP address.  Leave a message here if you have found a way to make this work.


Some useful custom SpamAssassin rules and settings – modify your own

 

I have a Linux server that I use for managing web sites, development work, etc.  In addition, I use it to host a mail server for two domains that I have had since 1993.  Because of their age, and the number of email addresses that were used on them over the years, they receive a LOT of Spam.  In order to manage this huge volume of SPAM, I use SpamAssassin, and a ton of custom rules in Postfix to minimize the amount of spam that ultimately reached my inbox.  

Here is a collection of score changes, and custom filters that I use.  These change on a fairly regular basis, as the Spammers are always making changes.  I will try and keep this updated fairly often.

If you have any questions on how to write a rule, or have a suggestion for a good one, leave a comment or email.  

score RAZOR2_CHECK 5
score BAYES_999 1.0
score BAYES_00 -4
score T_FREEMAIL_DOC_PDF 2
score DIGEST_MULTIPLE 5
score MPART_ALT_DIFF 5
score RCVD_IN_MSPIKE_L5 4
score URIBL_BLACK 5
score URIBL_DBL_SPAM 5
score DCC_CHECK 5
score PYZOR_CHECK 5

mimeheader ZIP_ATTACHED Content-Type =~ /zip|xls|docm|doc/i
describe ZIP_ATTACHED email contains a zip file attachment
score ZIP_ATTACHED 4.5
header CUSTOM_PHP_ID_SPAM X-PHP-Originating-Script =~ /class.php/
score CUSTOM_PHP_ID_SPAM 5

header CUSTOM_UNQ_ID_SPAM X-MC-Unique =~ /randcase/
score CUSTOM_UNQ_ID_SPAM 5

header CUSTOM_UA_ID_SPAM User-Agent =~ /Mutt/
score CUSTOM_UA_ID_SPAM 5

rawbody CUSTOM_GMAIL_SPAM /style\=\”color\:\#245dc1\;text\-decoration\:none\;/
score CUSTOM_GMAIL_SPAM 4

rawbody CUSTOM_WHATSAP_SPAM /background\:\#d9d9d9\;font\-family\:arial\;font\-weight\:normal\;font\-size\:11px\;color\:\#808080\;/
score CUSTOM_WHATSAP_SPAM 4

rawbody CUSTOM_FEDEX_SPAM /style\=\”text\-decoration\:none\;color\:\#4d148c\;\” alt\=\”Privacy policy\” title\=\”Privacy policy/
score CUSTOM_FEDEX_SPAM 4

body CUSTOM_FARGO_SPAM /FARGO\, ND 58103/
score CUSTOM_FARGO_SPAM 4

rawbody CUSTOM_INLINE_IMAGE /src=”cid:/
score CUSTOM_INLINE_IMAGE 5.5

rawbody CUSTOM_TRACKING_CODE /img src=”(.*)\.us(.*)\?email/
score CUSTOM_TRACKING_CODE 5.5

rawbody CUSTOM_ENDS_IN_GUID /[A-Za-z0-9]{8}[A-Za-z0-9]{4}[A-Za-z0-9]{4}[A-Za-z0-9]{4}[A-Za-z0-9]{12}$/
score CUSTOM_ENDS_IN_GUID 7.5

rawbody CUSTOM_ALT_IN_GUID /alt=”[A-Za-z0-9]{8}[A-Za-z0-9]{4}[A-Za-z0-9]{4}[A-Za-z0-9]{4}[A-Za-z0-9]{12}”/
score CUSTOM_ALT_IN_GUID 0.5

 


Building a custom version of Apache 2.4 on CentOS – Support for socket.io proxying

Last year I needed a way to create a specific Apache version that would support proper handling of proxying socket.io  connections to a Node client.  I had to hunt around, however here are some notes I created to get the version I needed built.

There are a lot of threads on the Internet that point to running Apache 2.4 on RHEL 6 as being a difficult setup. It’s actually quite easy, thanks to Apache’s wonderful packaging. Since Apache builds their source packages so they can easily be compiled into RPMs. (All of these steps were performed on a fresh installation of CentOS 6.6.)

First we need to install all of the tools for building RPMs and create the directory structure –

yum -y install rpm-build
mkdir -p ~/rpmbuild/{SOURCES,SPECS,BUILD,RPMS,SRPMS}

Let’s start by downloading the Apache Httpd sources and trying to compile –

cd ~/rpmbuild/SOURCES
wget http://www.gtlib.gatech.edu/pub/apache/httpd/httpd-2.4.4.tar.bz2

Now we can identify the missing dependencies and figure out how to continue –

# rpmbuild -tb httpd-2.4.4.tar.bz2 
error: Failed build dependencies:
    autoconf is needed by httpd-2.4.4-1.x86_64
    apr-devel >= 1.4.0 is needed by httpd-2.4.4-1.x86_64
    apr-util-devel >= 1.4.0 is needed by httpd-2.4.4-1.x86_64
    pcre-devel >= 5.0 is needed by httpd-2.4.4-1.x86_64
    openldap-devel is needed by httpd-2.4.4-1.x86_64
    lua-devel is needed by httpd-2.4.4-1.x86_64
    libxml2-devel is needed by httpd-2.4.4-1.x86_64
    distcache-devel is needed by httpd-2.4.4-1.x86_64

We have packages available for autoconf, pcre-devel, openldap-devel, lua-devel, and libxml2-devel. APR is included in RHEL and CentOS, but it’s unfortunately an old version, so we’ll have to recompile that too. distcache is often the problem people are reporting when installing Apache 2.4, but continue reading for a nice trick to make this easier.

Next, we’ll download the sources of all of the custom packages we need to compile for Apache (your versions may change) –

cd ~/rpmbuild/SOURCES
wget http://www.gtlib.gatech.edu/pub/apache/apr/apr-1.4.6.tar.bz2
wget http://www.gtlib.gatech.edu/pub/apache/apr/apr-util-1.5.2.tar.bz2

Each of these can now be easily used to create RPMs for installation. Let’s start with APR –

cd ~/rpmbuild/SOURCES
# Install apr dependencies
yum -y install autoconf libtool doxygen
rpmbuild -tb apr-1.4.6.tar.bz2
# Install our freshly build apr RPMs
rpm -ivh ~/rpmbuild/RPMS/x86_64/apr-1.4.6-1.x86_64.rpm ~/rpmbuild/RPMS/x86_64/apr-devel-1.4.6-1.x86_64.rpm
# Install apr-util dependencies
yum -y install expat-devel libuuid-devel db4-devel postgresql-devel mysql-devel freetds-devel unixODBC-devel openldap-devel nss-devel
# For some reason this has failed for me once or twice, but completed successfully the next time.
rpmbuild -tb apr-util-1.5.2.tar.bz2
rpm -ivh ~/rpmbuild/RPMS/x86_64/apr-util-1.5.2-1.x86_64.rpm ~/rpmbuild/RPMS/x86_64/apr-util-devel-1.5.2-1.x86_64.rpm

Installing distcache on RHEL can be a pain, but we can take advantage of Fedora’s SRPM to get us started –

cd ~/rpmbuild/SRPMS
wget http://www.gtlib.gatech.edu/pub/fedora.redhat/linux/releases/18/Fedora/source/SRPMS/d/distcache-1.4.5-23.src.rpm
rpmbuild --rebuild distcache-1.4.5-23.src.rpm
rpm -ivh ~/rpmbuild/RPMS/x86_64/distcache-1.4.5-23.x86_64.rpm ~/rpmbuild/RPMS/x86_64/distcache-devel-1.4.5-23.x86_64.rpm

Now that we have apr and distcache taken care of, the Apache compilation and install is quite easy –

cd ~/rpmbuild/SOURCES/
# Install remaining httpd dependencies
yum -y install pcre-devel lua-devel libxml2-devel
rpmbuild -tb httpd-2.4.4.tar.bz2

Now you’re ready to install httpd, but you’ll get one last error –

$ rpm -ivh ~/rpmbuild/RPMS/x86_64/httpd-2.4.4-1.x86_64.rpm 
    error: Failed dependencies:
        /etc/mime.types is needed by httpd-2.4.4-1.x86_64

Let’s find out which package provides that file –

$ yum whatprovides "/etc/mime.types"
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * base: ftp.osuosl.org
 * epel: ftp.osuosl.org
 * extras: ftp.osuosl.org
 * updates: ftp.usf.edu
mailcap-2.1.31-2.el6.noarch : Helper application and MIME type associations for file types
Repo        : base
Matched from:
Filename    : /etc/mime.types

We’re finally ready to install httpd –

yum -y install mailcap
rpm -ivh ~/rpmbuild/RPMS/x86_64/httpd-2.4.4-1.x86_64.rpm

Now you’re all ready to go with Apache 2.4! And since you’ve built proper RPMs, you’re also ready to deploy the packages out to all of your servers.

ProxyPass        /    ws://localhost:8080/
ProxyPassReverse /    ws://localhost:8080/
ProxyPass        /    wss://localhost:8080/
ProxyPassReverse /    wss://localhost:8080/

ProxyPass        /  http://localhost:8080/
ProxyPassReverse /  http://localhost:8080/

 

This works

RewriteEngine on

    RewriteCond %{QUERY_STRING} transport=polling
    RewriteRule /(.*)$ http://localhost:$port/$1 [P]

    ProxyRequests off
    ProxyPass /socket.io-client/ ws://localhost:$port/socket.io-client/
    ProxyPassReverse /socket.io-client/ ws://localhost:$port/socket.io-client/

    ProxyPass / http://localhost:$port/
    ProxyPassReverse / http://localhost:$port/