{ the code ninja }

Jellyfin on Hisense Vidaa

I have a self-hosted Jellyfin instance on my home network that I have wanted to use with my Hisense 55U7QF with Vidaa OS.

The DLNA playback on the Hisense TV is unstable as some videos will not play at all and others play with stutters and glitches. Accessing the Jellyfin web interface in the TV browser is not a good experience when navigating with TV remote. The TV browser reports HEVC support, the playback of HEVC content is glitchy. x264 content plays just fine.

Hisense Vidaa Browser HEVC Playback Glitches

Then I discovered you can add web apps in Hisense using the debug options and it properly supports Jellyfin web’s TV mode where the navigation is far superior. The HEVC playback remains a problem because Jellyfin does not allow you to force transcoding HEVC to x264 unless the playback bitrate is lower than the video bitrate. This makes the videos unwatchable.

In this blog post I will show you how to:
1. Add Jellyfin web to your Hisense TV as an app for easy navigation
2. Patch Jellyfin Web to ignore Hisense browser’s HEVC support so it always transcodes to x264 while maintaining resolution/quality.

Pipewire Combined Sink

Pipewire comes with a native module to send audio output to all connected audio devices. This is done by creating a combined output sink using module-combine-stream in Pipewire config. This is ideal if you have multiple Bluetooth headsets or speakers and want to output same audio to all of them at the same time.

The following instructions are tested on Debian 12 (Bookwork) using Gnome. They should work on other Debian based distros i.e. Ubuntu, Mint

Never buy a Baseus product

UPDATE: I guess this post reached someone higher up at Baseus and I got the following message:

I have agreed to take the replacement and refund, but the blog post stays with this update.

tl;dr: Baseus does not honor any warranty claims and resorts to shady tactics to avoid accountability. This applies to their official store and authorized sellers.

Save your time and money, do not buy Baseus Products.

Baseus is a Chinese lifestyle brand that makes some good products and does great marketing for those products. I was impressed with their 120w GaN charger, as it would mean I will have less charging bricks to deal with and plug in to the wall socket. The charger looked good, had good reviews and came with a 1 year warranty (this point is very important), so I pulled the trigger and purchased it from their official store on AliExpress in November 2020. It got delivered early December 2020.

Fast Forward to May 2021 (5 months later), my laptop which was plugged into the Baseus 120w GaN charger stopped charging and I got a strong burning smell coming from the charger. I immediately unplugged it. My charger was dead and my string of misfortunes with Baseus began.

Properly Configure Nginx alias directive with PHP

When using alias directive, the SCRIPT_FILENAME parameter passed onto FastCGI interpreter should be $request_filename instead of the default $fastcgi_script_name. This ensures that the PHP interpreter receives the correct file path and does not return 404 Not Found.

Example Code:

   location /myalias {
      alias /path/to/alias;
      location ~ \.php$ {
         fastcgi_pass fastcgi_backend;
         include fastcgi_params;
         fastcgi_param SCRIPT_FILENAME $request_filename;
      }
   }

Keyword based inline Search and Replace with sed

sed is a nifty utility that allows you to search and replace text in a file using a short 1-liner.

The following command does the following:
1. Searches for the keyword in every line of the input_file
2. In every matching line it looks for search_string
3. It replaces every instance of search_string with replace_string

sed '/keyword/s/search_string/replace_string/g' input_file

Neat!

Reference:
https://unix.stackexchange.com/a/155340

Bluetooth Audio Receiver / A2DP Sink with Raspberry Pi

After much trial and error, I have managed to configure Raspberry Pi to function as a Bluetooth Audio Receiver, also known as A2DP Sink mode.

Much of the articles and configurations on the web are for older version of Debian (<=7.x) which worked correctly with older versions of PulseAudio (<=4.x), Alsa & Bluez (<=4.x).

The following configuration has been tested with latest release of Xbian, which is based on Debian Jessie (8.0) and Raspberry Pi 3, which comes with a built-in bluetooth module. Other compatible bluetooth modules should work as well. Continue reading Bluetooth Audio Receiver / A2DP Sink with Raspberry Pi

How to search and replace with nano text editor

Nano is a very compact and feature packed text editor commonly found on Linux and Unix based OS. One of the lesser used feature that is very useful is search & replace.

To Search and Replace text in the currently open file:

Press Ctrl + \
Enter your search string [return]
Enter your replacement string [return]
Press A to replace all instances

The search string can also be a regular expression.

Port Forwarding in Mikrotik RouterOS

Ports can be opened/forwarded in Mikrotik RouterOS using the snippet below.

/ip firewall nat add chain=dstnat dst-port=1234 action=dst-nat protocol=tcp to-address=192.168.1.1 to-port=1234

Note the following parameters and edit as necessary:

dst-port
to-port
to-address
protocol

Introduction to hashing passwords in PHP (5.5+)

Every PHP developer at some point has a need for restricting access to certain parts of their web application and allow users to pass through secure areas with a username and password.

Due to it’s long history, PHP has a lot of practices around security which are no longer secure, or appropriate for the application requirements these days. Among such practices is hashing and securing passwords using algorithms such as MD5, SHA1, etc.

Securing passwords with md5, SHA1, SHA256 or custom hash generators is considered bad practice these days. According to PHP.net

Hashing algorithms such as MD5, SHA1 and SHA256 are designed to be very fast and efficient. With modern techniques and computer equipment, it has become trivial to “brute force” the output of these algorithms, in order to determine the original input.

Because of how quickly a modern computer can “reverse” these hashing algorithms, many security professionals strongly suggest against their use for password hashing.

The methods considered secure a few years ago, are now obsolete/insecure due to ever increasing computing power and advanced techniques. And unless you are well versed in the area of cryptography and security, it is never a good idea to roll your own security mechanisms.

The current best practice is to use the native password hashing API, introduced in PHP version 5.5. The API provides two useful functions, namely password_hash and password_verify.

password_hash() creates a new password hash using a strong one-way hashing algorithm.

password_verify() verifies that the given hash matches the given password.

Using these functions is fairly straightforward. See the following example.

<?php

$hash = password_hash('valid_password', PASSWORD_DEFAULT);

if (password_verify('invalid_password', $hash)) {
    // Correct Password
} else {
    // Wrong password
}

password_hash() currently provides Blowfish algorithm for creating the hash, and it is set as the default algorithm. The PASSWORD_DEFAULT constant is currently set to use the Blowfish algorithm. However, you may specify the Blowfish algorithm explicitly using the PASSWORD_BCRYPT constant, if the requirement is to always use Blowfish. Note that the password_verify() function is forward compatible, therefore PASSWORD_DEFAULT is the preferred option as it will provide the best possible hashing mechanism as PHP updates in future, while still working with previously generated hashes.

Blowfish allows specifying the cost of generating the hash. The cost of the hash implies the complexity and the processing power required to generate the hash. The higher the cost, the more complex the hash, the more processing power and time required to generate the hash. Depending on the use case of the application, and the required security complexity, the cost can be specified. The default cost of the Blowfish algorithm used in password_hash function is 10.

The generated hash is made up of algorithm, cost and salt as part of the returned hash. This eliminates the need to separately generate and store random salt values, and according to PHP.net it is considered simplest and most secure approach.

See the following pages to get up to speed with native Password Hashing API in PHP

UPDATE:

I have corrected the article to reflect the point made by /u/LawnGnome on reddit about hashes being forward compatible, this it is preferred to use PASSWORD_DEFAULT for algorithm.
password_compat library provides the password_* functions for PHP >= 5.3.7. https://github.com/ircmaxell/password_compat – Thanks /u/PolarZoe
Updated Blowfish constant to PASSWORD_BCRYPT, in line with native hashing API.

Simpler Role Based Authorization in Yii 2.0

UPDATE: Starting with version 2.0.2, Yii2 Advanced Template does not contain “role” column in the User table by default. Before proceeding to the tutorial below, do the following:

Create a column called role in the user table.
Update the User model by adding the role attribute and updating the User class docblock accordingly.

Yii 2.0 has a built in Access Control that supports 2 roles out of the box to check whether the user is a guest or if the user is logged in. Sometimes there is a need to simply extend the Access Control Layer with few more roles to distinguish the logged in users i.e. admin, moderator, without the full blown RBAC graph with permissions, roles and role assignments that Yii provides.

In this post, I will show how to implement simple Role Based authorization by simply extending the AccessRule class that defines the default rules and overriding the matchRule() function call, which will provide the additional rule matching logic. Continue reading Simpler Role Based Authorization in Yii 2.0