Skip to content

Making PlexPass Work


I’ve been using Plex for quite a while. You have to jump through some hoops (it only supports MKV files, not DVD or Blu-Ray directory structures), but it does in the end work quite well with my Fire TV stick and with the Google Nexus Player (Android TV).

I recently got a PlexPass subscription. This should let me create user profiles for people in the house. (These are called Managed Users or Home Users depending on the documentation.) I should also be able to sync contect (offline copy) to portable devices.

Except for whatever reason, the system was horribly broken in my house. The server would be unavailable for most of the UI’s–especially the one where you designate users and define what server libraries they have access to.

After a good day of debugging (total), I found that there were two reasons this didn’t work.

Security Features

One laudable thing Plex does is try to maintain a secure connection to your server. This is detailed here. Essentially, they own the domain and can assign any number of hostnames under that address, all of which direct to your personal server. This is necessary because plex has to create a security certificate that matches the hostname of your server. This hostname additionally needs to resolve to an IP address that works. (A LAN subnet address while at home and an Internet IP address when you’re outside your home.)

The problem is that devices inside my house need to (for example) query the hostname, and what is supposed to happen is that the DNS is supposed to return (the local IP address of the server, within the LAN subnet).

Unfortunately, in my case, pfSense blocks this from happening because it doesn’t want a fully-qualified domain resolving to something within the house. The fix is to let pfSense know that is allowed to resolve locally. This information is detailed here.

But, that didn’t fix the problem. The next thing that happened is OpenDNS (the DNS service I use) then also blocked the IP address lookup. The only way to fix that problem was to disable this option at OpenDNS:

Security setting in OpenDNS to help Plex resolve local addresses.

Security setting in OpenDNS to help Plex resolve local addresses.

NAT Reflection

Curiously, even after I got the above DNS resolution working, my Plex server still didn’t work right. I would get a message saying secure connections aren’t possible and that I need to fall back to insecure connections. This happened even when I was accessing the player web interface on the plex server. How can it not create a secure connection to itself?

I did a tcpdump to investigate. I saw that the Plex server was trying to contact my WAN address. (I had to do port-forwarding to get the server accessible outside my home network.) I assumed that while I was on my subnet, Plex clients (including the web client) would use the LAN subnet address. For whatever reason (bad coding, bad configuration), this local-addressing isn’t the case.

The Plex web client was trying to contact the Plex server through the WAN (routable Internet) address. Most NAT systems can’t do this. Luckily, pfSense can handle it well. I just had to create a NAT reflect rule (with proxy) to accept those connections and redirect them as necessary.

Curve-Ball: Disk Space

The long version of the story is that things didn’t stop there. I still couldn’t access the server. I got farther htan I did before, but the Plex Android app wasn’t syncing content. It wouldn’t transcode; it wouldn’t do anything. In fact, it wouldn’t even play a video. (Although songs were fine.)

What I found was that my Plex server was out of disk space. I basically had a 32GB booot/OS drive in there, and it was full. I did some cleaning and that helped. Then I also noticed that there’s a transcoding directory in the Plex server settings. I presume that this is set to /tmp or to the plex installation path, but in my case, both sit on a single small drive. So, I pointed it to my ZFS system, where there is plenty of space.

This has seemed to clear everything up. Huzzah!

Suspicious Quirk

I also had a long battle with Managed Users. Adding one for my wife (for example) did not show any selectable libraries I could share with her. I ended up blowing away my install, installing with the PlexPass version, and then re-adding users. It’s probably coincidence, but it seemed that when I created libraries in a different order (adding SD quality before HD), things worked. But, it’s very unscientific, and perhaps it was related to the other issues already listed.

Be the first to like.

Setting up an FTP-only user on FreeBSD


I recently bought an IP camera. (To be honest, I went on a bit of a shopping spree for IP cameras.)

These cameras support FTP as a storage mechanism for video and snapshots (motion-detecting for example).

As a result, I wanted to set up an FTP user on my FreeBSD machine.

Iniitally, I tried creating a user with a shell of /usr/sbin/nologin, but that doesn’t work for FTP. FTP users need to have a shell in /etc/shells.

I saw this post which talks about FTP requiring a shell in /etc/shells, and that adding /sbin/nologin is a bad idea. Instead, it recommends making a copy in /usr/local/bin/ and adding that copy to /etc/shells.

Instead, I made a link—in case (for some reason) there’s an update to /sbin/nologin, I want the FTP user to get an update.

ln -s /sbin/nologin /usr/local/bin/nologin-ftp-only

I then added /usr/local/bin/nologin-ftp-only to /etc/shells.

To be even more secure, I made the FTP user’s account chrooted by creating /etc/ftpchroot.

Be the first to like.

Inateck USB3 2.5″ enclosure


I got an Inateck USB 3.0 2.5″ SATA III disk enclosure. I placed my OCZ SSD in there, and got the following Crystal Disk Mark results:

CrystalDiskMark 5.0.2 x64 (C) 2007-2015 hiyohiyo
Crystal Dew World :
* MB/s = 1,000,000 bytes/s [SATA/600 = 600,000,000 bytes/s]
* KB = 1000 bytes, KiB = 1024 bytes

Sequential Read (Q= 32,T= 1) : 205.100 MB/s
Sequential Write (Q= 32,T= 1) : 116.950 MB/s
Random Read 4KiB (Q= 32,T= 1) : 63.336 MB/s [ 15462.9 IOPS]
Random Write 4KiB (Q= 32,T= 1) : 88.529 MB/s [ 21613.5 IOPS]
Sequential Read (T= 1) : 188.123 MB/s
Sequential Write (T= 1) : 105.710 MB/s
Random Read 4KiB (Q= 1,T= 1) : 13.939 MB/s [ 3403.1 IOPS]
Random Write 4KiB (Q= 1,T= 1) : 40.063 MB/s [ 9781.0 IOPS]

Test : 1024 MiB [H: 89.4% (99.8/111.7 GiB)] (x5) [Interval=5 sec]
Date : 2015/08/15 20:09:11
OS : Windows 8.1 Pro [6.3 Build 9600] (x64)

1 person likes this post.

HP 350 G1 i3-4005U DDR3 Benchmarks


I recently bought this laptop. It came with 4GB of DDR3L-1600 CAS-11 memory.

I also recently purchased a pair of 8GB OF DDR3L-1600 CAS-9 memory, figuring that this pair would allow for dual-channel acces and also that the CAS-9 would improve performance (not to mention that the extra memory in general would also help).

I followed the directions here:

And here are the benchmarks before I upgraded the memory:

__GENUS : 2
__CLASS : Win32_WinSAT
__DYNASTY : Win32_WinSAT
__RELPATH : Win32_WinSAT.TimeTaken="MostRecentAssessment"
__SERVER : HP-350-G1
__NAMESPACE : root\cimv2
__PATH : \\HP-350-G1\root\cimv2:Win32_WinSAT.TimeTaken="MostRece
CPUScore : 6.5
D3DScore : 4.9
DiskScore : 8.1
GraphicsScore : 4.7
MemoryScore : 5.9
TimeTaken : MostRecentAssessment
WinSATAssessmentState : 1
WinSPRLevel : 4.7
PSComputerName : HP-350-G1

… and here are the results after the memory upgrade:

C:\Users\Poojan> winsat formal -restart

C:\Users\Poojan> powershell /c Get-WmiObject -Class Win32_WinSAT

__GENUS : 2
__CLASS : Win32_WinSAT
__DYNASTY : Win32_WinSAT
__RELPATH : Win32_WinSAT.TimeTaken="MostRecentAssessment"
__SERVER : HP-350-G1
__NAMESPACE : root\cimv2
__PATH : \\HP-350-G1\root\cimv2:Win32_WinSAT.TimeTaken="MostRece
CPUScore : 6.5
D3DScore : 5.1
DiskScore : 8.1
GraphicsScore : 5.8
MemoryScore : 7.3
TimeTaken : MostRecentAssessment
WinSATAssessmentState : 1
WinSPRLevel : 5.1
PSComputerName : HP-350-G1

Be the first to like.

Crucial m550 128GB as ZIL/SLOG (the ZIL really does limit your performance)


I got my hands on an m550 128GB drive (for around $75 with the recent pre-Thanksgiving/pre-Christmas discounts).

Here are some comparisons between my old ZIL (the m500 128GB) and the new one:

ZIL Throughput (sustained) MB/s
none 195.6
m500 128GB 124.0
m550 128GB 265.9

Here are some snippets of zpool isotat output:


m500 128GB as ZIL

m550 128GB as ZIL

Be the first to like.

Crucial m550 128GB SSD benchmark


Fresh out of the box:

Curiously, there are no firmware updates for this drive (nor the m500). Guess Crucial got it right the first time.

Be the first to like.

Sandisk Extreme USB 3.0 64GB SDCZ80-064G-GAM46 Benchmark


Fresh out of the box:

That’s 167 MB/s sequential write—pretty cool. Since this is on Windows 7, there’s no UASP support, which should improve performance even more.

Be the first to like.

Fun with SchoolSpeak


So, our school has adopted SchoolSpeak as their online platform. This includes lunch orders, and I’ve been asked to help the administration out with some summary reports (at least until SchoolSpeak can directly support what we need).

Basically, I need to figure out how much money was made each day of the month, totaled by week-day.

Unfortunately, the only view that has this information is a summary of orders on a day-by-day basis. So, I need to:

  1. Download each day for the month
  2. For each day, grab the total and keep it in a running sum (categorized by week-day)
  3. Email the result to the admin

For #1, I have a single day download-able via Selenium. (Which rocks by the way!) So, it’s just a matter of making it iterate over days of the month. To do that, I need to:

  1. Accept (probably from the command-line) an month/year combination
  2. Figure out how many days there are in that month
  3. Run over a range of days and download each day. (Luckily the download is already implemented as a function which takes a m/d/y as an argument; I will probably refactor it to take a datetime argument.)

For #1, I’ll use argparse, and it looks like so:

The above accepts both year-month-day and year-month format. I intended for a year-month to be the entire month, but the datetime module will parse it as year-month-1 (1st of the month), so I’ll need to add a command-line parameter to iterate over the month.

Speaking of which, how do I figure out how many days in a month? Turns out there’s a calendar module for that. And it has an iterator over days of the month. Sweet!

Knowing that, let’s make my get-date function always return an iteratable of’s:

More to follow…

Be the first to like.

12V dc adapter efficiency measurement


So, you remember that pfSense build that I talked about before? Well, it was drawing around 25 W.

I know, right? Unacceptable!

So, one of the things I tried to figure out is what the main power draw is. The PicoPSU accepts a 12V input. Could the ac/dc adapter be hurting my efficiency?

The adapter I have is a 12V / 5A (60W) adapter that I got for around $10 off Amazon. I figure it wasn’t anything special, and was probably not terribly high efficiency.

I decided to measure the efficiency of the ac/dc adapter. I did this by measuring the power into the adapter with a Kill-A-Watt. And to measure the output power, I used an ammeter (the ammeter function of a multimeter). (I assumed the PSU was delivering 12V; if it was a little low, my efficiency assumptions would be wrong.)

To do this, I had to cut one of the chords on the adapter and place the multimeter in series. (I could alternatively cut the input chord on the PicoPSU, but I figure an adapter is easier to come by than a PicoPSU.) Here’s a picture of how that looks:

Multimeter in series with dc supply chord

Multimeter in series with dc supply chord

And here are the readings on the Kill-A-Watt and multimeter:

Kill-A-Watt reads 20.6 W

Kill-A-Watt reads 20.6 W


Multi-Meter reads 1.64A

Multi-Meter reads 1.64A

Which all means that my efficiency is 1.64A * 12V = 19.68 W / 20.6 W = 95.5%.

I gotta say, I did not expect it to be that high. This is pretty cool. (And a bit surprising, since it seemed like the ac/dc adapter gets pretty warm.)

I should also note that the power draw is less than I remember. I thought it was more like 25A, but I never wrote it down, so I can’t be sure. I’ll take 20A, and be quite happy.

The current on the multimeter bounced around a bit, from 1.6 A to around 1.8 A, but it was well under 2A. Originally, I was interested in getting a (smaller) 2A supply, but I don’t see any need to, with this being so high efficiency. (And who knows, the smaller supply may be lower in efficiency, since they tend to be more compact.)

Be the first to like.

Setting up VLAN tagging on an OpenWRT router (My Net N750)


I have pfSense box running with an Intel PCI dual-port gigabit NIC.

However, I’ve recently discovered that this PCI card draws around 10 watts. (I unplugged the PCI card and measured on my Kill-A-Watt.)

So, I came up with a different idea: use an OpenWRT device ahead of the pfsense box to VLAN-tag WAN vs LAN traffic. This additional device allows me to use only one NIC (the motherboard NIC) on my pfsense box. I can remove the PCI card, and all will be well.

It turns out that setting this up was easier to do than I thought. (I was also contemplating buying a managed switch.)

I flashed the OpenWRT image using instructions here.  I used the -RC1 image first, and then re-did this with trunk. To be honest, I wasn’t sure what I was doing the first time, so I’m not sure if the version matters.

I logged in using telnet and set a password.

I then logged in using ssh (just for kicks) and began editing configuration, using the Dumb AP instructions. The only difference is that I didn’t remove the VLAN for the WLAN–instead, I just left it and I made port 4 tagged for both VLAN & WLAN. Here is my /etc/config/network; note that both switch_vlan have a 4t in them–port 4 is a member of both VLANs (and is tagged):

root@OpenWrt:~# cat /etc/config/network

config interface ‘loopback’
option ifname ‘lo’
option proto ‘static’
option ipaddr ‘’
option netmask ‘’

config globals ‘globals’
option ula_prefix ‘fd9f:d820:9e00::/48’

config interface ‘lan’
option ifname ‘eth0.1’
option force_link ‘1’
option type ‘bridge’
option proto ‘static’
option ipaddr ‘’
option netmask ‘’
option ip6assign ’60’

# config interface ‘wan’
# option ifname ‘eth0.2’
# option proto ‘dhcp’
# option macaddr ’00:90:a9:cd:a8:40′

#config interface ‘wan6’
# option ifname ‘@wan’
# option proto ‘dhcpv6’

config switch
option name ‘switch0’
option reset ‘1’
option enable_vlan ‘1’

config switch_vlan
option device ‘switch0’
option vlan ‘1’
option ports ‘0t 1 2 3 4t’

config switch_vlan
option device ‘switch0’
option vlan ‘2’
option ports ‘0t 4t 5’

Also, the instructions say how you can disable dnsmasq on one interface only, but what you really want to do (probably) is:

root@OpenWrt:~# /etc/init.d/dnsmasq disable

I then also disabled firewall, and reloaded network settings. I haven’t installed LUCI (it appears that it does not come with the N750 images), and that’s fine–I probably won’t use it much.

Be the first to like.