The 57North Hacklab Planet

March 27, 2017

Tom Jones

Face

Findlater Castle

Findlater Castle


Reading: The Moon is a Harsh Mistress, The Difference Engine

Aberdeen, Scotland: 14°C, Mostly cloudy starting in the evening.

March 27, 2017 12:00 AM

March 26, 2017

Tom Jones

Face

More bread

I did more bread, but at batch 8 this is no longer really interesting to anyone other than me.

People have been complaining that my tweets are marked as offensive material, which is really funny I only really tweet about bread and technology. I looked at my settings and the 'mark as offensive' option was enabled on my output.

I'm sure I accidentally enabled it, but the twitter documentation does say they will add it to accounts that have flagged posts.

I have no love for twitter, if literally anything else had the communities I want to pay attention to posting I would move away. Ideally something federated, but that is only a pipe dream.


Yes my phone autocompleted flour to four, you can't edit twitter posts and phones are the worst thing ever.

It is Sunday, so that makes seven days of writing.

Reading: The Moon is a Hard Mistress, The Difference Engine

Aberdeen, Scotland: 15°C, Clear throughout the day.

March 26, 2017 12:00 AM

March 25, 2017

Tom Jones

Face

Notification Band Thing

Last night I converted by pebble from being a single contained unit, to a 3 part kit.

I am probably going to have to replace it.

Pebble the company is dead, I can still get replacement hardware from amazon or ebay and I suspect it will be generally available at reasonable prices for a year or two.

I used my pebble for 3 things

  1. It's a smart watch, so I used it as a watch for time and date
  2. I used it for weather, with the awesome relaxing watch face
  3. The vibrate function is amazing for notifications. My phone hasn't been off silent for since I got the pebble, notifications for calls and messages are awesome. Better I can forward notifications from a service bus app like pushover and generate them based on things I want.

I can just wear a watch to deal with 1, for 2 I am probably going to use the awesome forecast.io app and not rely on being able to casually check the temperature.

For 3 I am really at a loss what to do. I could just replace the pebble, but really I think I want a smart band with a vibration motor for notifications.

If what I want doesn't already exist, it is probably too niche to ever become a thing.


Reading: The Moon is a Harsh Mistress, The Difference Engine

None, Scotland: 15°C, Partly cloudy until afternoon.

March 25, 2017 12:00 AM

March 24, 2017

Tom Jones

Face

Build a FreeBSD VM Image Release

release(7) documents a set of shell scripts for creating FreeBSD release files in same manner as the release engineering team. The script creates a new chroot environment, checks out a fresh tree, doing the release builds in a clean environment.

That might be what you want.

I want to write some scripts that take in a specified network, some git commit ids and generates a set of virtual machine images running in bhyve to reproduce a test environment. Building in a clean environment isn't what I need.

The Makefiles in release expect to be run from a tree that already has a built kernel and world. They make building the VM images really easy, but apart from comments in the files aren't documented.

I am going to use a directory for all of the stuff:

freebsd/
    -> src        # freebsd src tree
    -> obj        # object directory
    -> destdir    # freebsd destination direcory

$ cd freebsd
$ git clone https://github.com/freebsd/freebsd.git src
$ cd src

Build the kernel and world, setting the object directory to the one in our tree.

$ env MAKEOBJDIRPREFIX=/home/user/freebsd/obj time make -j4 -DKERNFAST buildkernel
$ env MAKEOBJDIRPREFIX=/home/user/freebsd/obj make -j4 buildworld -DWITH_META_MODE=yes -DWITH_CCACHE_BUILD -DNO_CLEAN

Move to the release directory to build our VM images:

$ cd release

# env MAKEOBJDIRPREFIX=/home/user/freebsd/obj make vm-release -j4 DESTDIR=/home/user/freebsd/destdir WITH_VMIMAGES=yes VMFORMATS=raw NOPKG=yes NOPORTS=yes NOSRC=yes  
# env MAKEOBJDIRPREFIX=/home/user/freebsd/obj make vm-install -j4 DESTDIR=/home/user/freebsd/destdir WITH_VMIMAGES=yes VMFORMATS=raw NOPKG=yes NOPORTS=yes NOSRC=yes

I exclude, packages, ports and the src distribution in the images.

As a test launch a bhyve VM with our created disk image:

# sh /usr/share/examples/bhyve/vmrun.sh -c 4 -m 1024M -t tap0 -d ../../destdir/vmimages/FreeBSD-12.0-CURRENT-amd64.raw test

Reading: The Moon is a Harsh Mistress, The Difference Engine

Aberdeen, Scotland: 11°C, Partly cloudy throughout the day.

March 24, 2017 12:00 AM

March 23, 2017

Tom Jones

Face

Help make the internet better

Back in January I wrote about a small tool I had thrown together to do some internet measurements. Back then we decided not to take the next step and attempt to roll the tool out to a large audience.

We have decided we need the network edge data after all and I need your help.

First, you can get edgetrace from https://trace.erg.abdn.ac.uk

In short: We need measurements from as many network edges as possible. Places where people connect are almost always near the edges of the internet. Your home, office, the pub or a park with WiFi is probably near the edge. We need your help by running our tool from these sorts of places. The more the better.

In full: Packets on the internet are given a Best Effort service by default, everything is treated the same. The packets for your video call are treated the same way as a large download, but that means there is more latency when queues grow and packets in your file transfer are dropped when there is network pressure. With Quality of Service and Active Queue Management we can build networks that allow latency sensitive packets through the queue quicker while also stopping packets that shouldn't be dropped from being dropped.

The DSCP Bits in the IP header are used give different IP packets different Quality of Service classes. Right now, no one is really sure how these marks are treated; Are they removed? Changed in someone way? Or much worse, does the presence of these marks lead to packets being dropped?

To find this out we need to perform a survey, we can (and have) bought time on virtual machines in data centers, but that only measures things that are close to the network core. We also need to measure how these marks are treated at the edge, on connections that real people use.

There isn't anyway to easily perform these measurements without asking a whole lot of people for help. This is where you come in.

We need you to download and run our tool. If you can do it from home, the bus or the train that is excellent. Every run of the tool helps us build up more data about what is happening in the internet.

Thank you for helping make the internet better.


Reading: The Moon is a Harsh Mistress, The Difference Engine

Aberdeen, Scotland: 5°C, Partly cloudy throughout the day.

March 23, 2017 12:00 AM

March 22, 2017

Tom Jones

Face

The unix mail command

This xkcd has been relevant today

mail command

If you wanted to know how to use the mail command you could look here.

> d *

Might just make it all go away.


Reading: The Moon is a Harsh Mistress, The Difference Engine

Aberdeen, Scotland: 3°C, Partly cloudy throughout the day.

March 22, 2017 12:00 AM

March 21, 2017

Tom Jones

Face

UUCP

The Simulator Image and the linked picture


POC||GTFO 14 dropped today.

Reading: The Moon is a Harsh Mistress, The Difference Engine

Aberdeen, Scotland: 3°C, Drizzle starting in the afternoon, continuing until evening.

March 21, 2017 12:00 AM

March 20, 2017

Tom Jones

Face

The entire planet

Look at this amazing gem floating in space.

Paper deadline was today, I have to set up a large survey this week, but I am starting to surface again from this insane series of deadlines. There is a lot of FreeBSD Kernel work coming up, hopefully both at work and at home.

I have already poking at an implementation of UDP Options, there is also the possibility of me being given a TCP ABE implementation to port. For this work, unlike the stuff I did before for NewCWV I am going to provide a solid set of tests in the form of VM images. To do that I will need to figure out generation of images from just a git commit id.


Reading: The Moon is a Harsh Mistress, The Difference Engine

Aberdeen, Scotland: 6°C, Partly cloudy throughout the day.

March 20, 2017 12:00 AM

March 19, 2017

Tom Jones

Face

haskell and git annex

I have finally after nearly a year started setting up data stores with git annex, I am going to try it out with my stash of datasheets, documents and books for a while. If it holds up to what I expect I will use it for the rest of my static binary media, video, audio and images.

I have also been revisiting the infuriating torture of learning haskell, with the real world haskell book. I did a haskell course and uni and it was horrible, so far the real world haskell book has been equally unenjoyable and slow.

git annex is written in haskell so the two things sort of tie together. Not that I plan to hack on git annex.


It is Sunday, so that makes seven days of writing.

Reading: The Moon is a Hard Mistress, The Difference Engine

Aberdeen, Scotland: 11°C, Light rain in the morning.

March 19, 2017 12:00 AM

March 18, 2017

Tom Jones

Face

The Mess We're In


Reading: The Moon is a Harsh Mistress, The Difference Engine

Aberdeen, Scotland: 4°C, Light rain overnight.

March 18, 2017 12:00 AM

March 06, 2017

Iain R. Learmonth

Face

Recent Atlas Improvements

This post was originally posted to the Tor Project blog. If you would like to comment on this post, please do so there.


Atlas is a web application to learn about currently running Tor relays and bridges. You can search by fingerprint, nickname, country, flags and contact information and be returned information about its advertised bandwidth, uptime, exit policies and more.

I’m taking this opportunity to introduce myself. I’m Iain R. Learmonth, or just irl on IRC. I began contributing to Atlas in June last year, and I’m currently serving as the maintainer for Atlas. We have made some usability improvements to Atlas recently that we are happy to share with you today.

Thanks to the work of Raphael and anonymous contributors for their help in producing patches. We will continue to work through the open tickets, and if you have a feature you would like to see or spot something not working quite correctly, please do feel free to open a ticket for that. If you would like to contribute to fixing some of our existing tickets, we have a new guide for contributing to Atlas.

Improved Error Handling:

  • Added a new message to warn users when the Onionoo backend is unavailable [#18081]
  • Added a new message for the case where Onionoo is serving outdated data [#20374]
  • No longer attempts to display AS or geolocation information when it's not available [#18989]

UX Improvements:

  • Added tooltips to give descriptions of the meaning for flags [#9913]
  • Made it easy to distinguish between "alleged" and "effective" family [#20382]
  • Removed the graphs for which the data backend will never have any data [#19553]
  • Graphs that have no data, but which may have data in the future, now give a "No Data Available" message [#21430]
  • Relay and bridge fingerprints will now wrap when on smaller screens [#12685]
  • Tooltips are repositioned to avoid them being clipped off on smaller displays [#21398]

Standards Compliance:

  • Now HTML 5 compliant according to the W3C Validator (including generated HTML) [#21274]

March 06, 2017 02:22 PM

February 26, 2017

Robert McWilliam

VNC extra monitors

A couple of times in the past I've thought about using other computers/tablets as additional displays for my main computer.

This time I actually found a way to do it.

xrandr can be used to create a new monitor without the need for an actual monitor, I used the VIRTUAL1 output and was pleased to see a VIRTUAL2 pop into existence when I did. Then x11vnc with an appropriate -clip can make a VNC server for that bit of the virtual desktop.

I tried both a spare laptop and my tablet as extra displays and it seems to work well with either.

The tablet as extra screen will be quite nice when I'm travelling.

February 26, 2017 12:00 AM

February 20, 2017

Derecho

Solving timekeeping issues on an offline Nest thermostat

The issue

Some time ago I received a smart Nest thermostat as part of a promotional offer. I wasn't very keen on the idea of having something like a thermostat phoning home to a centralised server in the "cloud", but it was a good deal and the Nest does still offer some benefits over a traditional dumb thermostat even when it has no access to the internet. I have a good number of reasons for wanting to keep the thermostat disconnected from the internet and I will not go into them here as that is not the point of this article.

There is one downside to keeping the Nest disconnected though; it's not very good at keeping track of the date and time. In fact, it's quite bad at it actually, I'd see it reset to January the 1st 1970 every few days or weeks. As a result, this messes up your heating schedule and you might find yourself being in a cold house when you'd expect it to be warm, or the thermostat might instruct your heating to turn on in the middle of the night wasting unnecessary energy and money.

Looking into Nest traffic

The behaviour as described above indicates that the Nest lacks a proper RTC, or realtime clock. Searching on the internet on several occasions did not yield me many useful results, it appears that most users of the thermostat do not suffer from this problem. This led me to believe that the thermostat relies on some sort of network service to periodically query the time and adjust itself. I suspected it was using the well-established NTP protocol for this, and set out investigate.

As I have OpenWRT running on my router, I added a firewall rule to block all traffic going from the LAN to the WAN for the MAC address of the Nest. I used LuCI for doing this but you can also use uci over ssh if you prefer. You can find out the MAC address of your Nest before connecting it to a network by going into Settings > Technical Info and scrolling all the way down until you see it listed.

After this, I felt comfortable configuring the thermostat to connect to my WiFi AP and to inspect the traffic it would generate. For this I am using tcpdump on the router and examining the capture files with Wireshark on my desktop.

When I did this I noticed I made a small mistake, I blocked the wrong MAC address from accessing the internet and my Nest did in fact phone home. While being connected for less than 5 minutes, it submitted some sort of statistical data to the Nest servers and pulled in a firmware update. I had no way of preventing this update after it was pulled in, though I don't mind that as much as the statistics it managed to send off. So, make sure you block the right MAC address or just even pull the cable to your modem entirely if you want to be on the safe side.

After quickly correcting my firewall rule, I noticed the Nest was not too happy with the connection. It'd try to connect and upon finding that the internet wasn't accessible it'd disassociate from the AP again. The new firmware it pulled in is more tolerant of the restricted network capabilities, it stays connected to the WiFi AP without much complaining. Looks like my little mistake did end up benefitting me after all.

On to addressing the issue at hand, which is timekeeping. I noticed some very convenient behaviour in the traffic I analysed. The Nest does indeed rely on NTP for keeping time, and it actually tries to query your network's gateway for it first! In my case that meant it was trying to connect to an NTP server on my router which I did not have running. After a few failed attempts, it resolves time.nest.com and queries that instead.

The solution

At this point there are three possible approaches I can think of to give the Nest the time information it seeks:

  1. Host an NTP daemon on the router
  2. Redirect DNS queries for time.nest.com to a machine within my LAN that has an NTP daemon running
  3. Explicitely allow NTP requests to access the internet

I decided to go for option 1 as it seemed the simplest and most direct way of remedying the timekeeping issues whilst keeping all control.

For OpenWRT there are various ways to host an NTP daemon, but the quickest way to accomplish this without pulling in any extra packages is to use the ntpd that is compiled into busybox. Instructions on how to do this may be a little unclear online as it seems to be a recent inclusion into OpenWRT, but it is in fact very simple.

Connect to your OpenWRT/LEDE router over ssh and open up /etc/config/system in your favourite editor. There will be a section describing the NTP configuration:

config timeserver 'ntp'
    list server '0.openwrt.pool.ntp.org'
    list server '1.openwrt.pool.ntp.org'
    list server '2.openwrt.pool.ntp.org'
    list server '3.openwrt.pool.ntp.org'
    option enabled '1'

After these existing options defining the nameservers and enabling the client, add the following line:

    option enable_server '1'

Save the file, exit, and run /etc/init.d/sysntpd reload. You're done! At this point you can verify that the ntp daemon is up and running by issuing netstat -l; it should now show that there's a service listening to the NTP port. Further traffic analysis of the Nest shows me that the Nest is indeed getting an NTP response from my router and that it doesn't bother to query time.nest.com after that.

by Derecho at February 20, 2017 01:10 PM

February 12, 2017

Dave Hibberd

Face

Radio Day

This has been a few days of mildly successful radio fidgeting. Few issues diagnosed in the setup, few things fixed and a few things done.

First up, the 6” cable I use to connect the FT-100 radio to my tuner has broken. This was replaced (thanks to Ed) and things tuned nicely. This must have been borked for some time - I’m now able to tune up my (roughly) 20m dipole on 30m and 40m no bother - both matching with swr of less than 1.1. No bother.

I was able to make a couple of contacts on JT65 just as 20m was closing, but didn’t get heard at all on 40m as night came in.

Morning came round and 20m was wide open again - few contacts around Europe - Estonia, Russia, really nice long, freehand QSO with Giovanni IN3GNV in Italy that lasted for some overs. It’s fun to leave the macros for a while and just chat about stuff over PSK31! I had to do a fair bit of radio fiddling to keep it going - DSP on and off, little frequency shifts, loud neighbouring stations. It was good fun.

20 meters was super difficult this weekend - there was a RTTY contest on and, contesters are contesters - they took up all the bits of the band that belong to them, and occupied all the bits of the band that don’t belong to them. I couldn’t really do WSPR, JT65 or PSK in any meaningful manner as there were all these other strong QRM stations about. Disappointing!

After this, I moved on to doing some HF APRS for the first time. HF APRS is pretty cool. It’s done traditional HF packet style. 300 baud with a 1600Hz tone and a 1800Hz tone, and there seems to be activity on 30m, which had no contest on it.

I tuned the dipole for 10.14760MHz - tuned nicely with a SWR of less thatn 1.1. I configured direwolf initially as per Iain MM0ROR’s advice and connected Xastir to it via AGW. Quick transmit and I was received in Germany. That’s super exciting - first transmit and I get a hit on the Continent with an igate!

I heard a station in Sweden, but I didn’t have much success outside that. I could query APRS stations and get a response, that was pretty cool. I’ve proved I can do HF APRS, which is kind of all I set out to do. It’s kind of exciting!

I’ve looked at this kind of stuff for a while. Robust Packet Network looks busy, but I’m not paying £200+ for a special TNC to join their club. It’s 8 subcarrier PSK… this must be easy to reproduce, but no one seems to have done it. I don’t think I’m software clever enough to do it, and I don’t have a permanent setup at home to properly capture and reverse engineer it.

I’d really like to be able to do more packet over HF. 300 baud BBS access tickles my fancy more than a little!

Finally, I’ve decided my trackpad not working when I transmit is officially a problem. It’s probably indicative of common mode currents on the coax transmitting inside my “shack” and making everything stop working. To that end, I need a 1:1 balun of some variety. My research, and friends, suggest a current balun will do the job, so I’ll have to extract the finger and get one built.

How Hard can it be!

February 12, 2017 05:30 PM

February 06, 2017

Robert McWilliam

This Too Shall Pass

I love this adage. Having read the Wikipedia article on it (you have to like any sentence that has its own Wikipedia article) I seem to be in good company; there's wise men, various royals and Abe Lincoln.

One of my plans for if/when I have stupid amounts of money to throw at frivolous projects: write this somewhere that the passing will take a while.

I can probably afford to get it carved in a lump of granite now. Wandering round a graveyard gives you an idea of how long that'll take to pass. I put it at a couple of centuries (if you can stop future people finding a better use for the chunk of granite for that long).

I like the idea of making a standing stones version of the phrase. Stone henge, and the other stone circles, suggest that these can last a few millenia. Though we don't really know how many didn't survive...

Next step up would be to reshape a mountain to spell it out. Mt Rushmore style. A quick Google puts the cost of that on the order of $10 billion. A bit out of my price range at the moment. But about pocket change for a decent sized government. Anybody contemplating a bank bailout or a couple of aircraft carriers: how about carving a mountain to say "This too shall pass" instead?

Properly into mad billionaire territory (I'm looking at you Elon Musk) we could write it on the moon. I could take a swing at figuring out what that would take and how long it would last but this seems like the kind of problem that can be outsourced to xkcd/what if. I have submitted it so I guess we'll see if Randall's productivity is sufficiently superior to mine that he gets to a random submission before I get round to looking into something I've actually wondered about.

February 06, 2017 12:00 AM

February 05, 2017

Dave Hibberd

Face

Field OS

Following on from yesterday’s post, it’s probably worth thinking about sanitising more than my phone. I’m getting quite tired of travelling with 2 laptops - one for work, one for personal. Sometimes I travel with 3 - work, personal and restricted site (specific softwre/hardware requirements depending on the… sensitivity of where I am). Carrying that many machines gets annoying.

I also get a little stressed taking my personal laptop through customs in some of the countries I go to. There exists a worry that the more extreme states like the UK won’t take kindly to “Asylum for Snowden”, Anti GCHQ stickers and other hacker-related nonsense. Mixed with my regular browsing habits, who I talk to, and the media collection on my laptop, I’m happier if it doesn’t come to the Middle East.

I don’t want to do all my normal browsing on my work laptop too - I don’t really know what my employer has installed on there. Our IT policies are changing with no transparency as of late, so I don’t think it’s unreasonable to belive that there could be a keylogger or VNC-type-software silently broadcasting what I’m up to.

With that in mind, I’m travelling with a USB3 San Disk Ultra Fit model memory stick. Instead of doing the normal trick of flashing a live linux distribution’s .iso and a persistant partition on it, I’ve used it as my install target for Debian. It’s small enough to live in a USB port and get forgotten about. If it’s formatted with a filesystem Windows doesn’t recognise, it’s pretty easy to imagine a situation where it gets reformatted by someone who finds it too. Mix in a little bit of encryption and I have a burnable, lose-able system - it’s all good.

My work machine is windows and I only had this bright idea in-country, so I had to work out the best way of doing this from Windows. After some thoughts, it turns out it shouldn’t be difficult.

The process was pretty simple:

  • Create Virtualbox VM with Debian netinst iso as live image
    • Making a virtual hard drive is optional. If you do, your USB device will be /dev/sdb. If you don’t, it’ll be /dev/sda.
  • Bind USB3 device to Debian VM.
    • It’s worth knowing that to get good performance you need the virtualbox extensions pack, under their personal use evaluation license.
  • Fire up VM, run Debian installer.
    • I chose to have no swap space
    • I chose to have a single system partition marked bootable
    • I chose to have a KDE desktop as all my usual machines are quite capable and I absolutely adore the current KDE Software Compilation 5.

I chose to make my drive ext4 - journalling might come in handy at some point, or it might just cause me further issues. Suggestions for other filesystems are welcome, it’s an area I’ve never explored really.

On first boot it didn’t work. I restarted the VM and went into recovery mode - turns out I hadn’t done my bootloader properly. I installed grub on /dev/sdb and it was fine. Booted happily.

My first observations on this sytem is that it’s noticably speedy - I don’t know what my IO figures are supposed to be like, but I’m happier in this than I am using the windows install on the main system. It takes maybe 15 seconds from power on to get the desktop, compared to the 5+ minutes on the Windows side. USB technology appears to have come on some from when I last ran an OS from a memory stick.

I only had to install one non-free piece of firmware to get this working, firmware-iwlwifi. That was quick and painless - I used my phone to download it and MTP transferred the file first time, no questions asked. (Thanks, KDE; ThaDE).

KDE’s Network manager integration has made connecting to my openvpn server a doddle - no fussing about as root or having terminals running in the background, and it imported my client.ovpn config that the server gave me easily enough. Yes, I am a wimp and I do run openvpn access server.

I’m a little curious as to how much of my day-to-day workflow I can achieve in this system - the biggest hurdles I need to work out are connecting to our cisco corporate VPN while I’m out the office and connecting to our in-house shared drives while I’m in the office. Oh yeah, nominally Lync too, but fuck Lync.

The dayjob mixed with linux would make me happier, I think.

February 05, 2017 05:30 PM

February 04, 2017

Dave Hibberd

Face

Android Reset

I’m pretty fond of my OnePlus X - it’s the first phone I’ve owned that has performance I’m happy to call “adequate”. It runs along nicely, no questions asked. It never really stutters or has a little moan at me. Battery life is a little weak for my use case, but that’s fine. I’m almost always near electricity.

I do a lot of work in the Middle East, and before I go I like to clear out my phone, study what I use it for and return it to being a lean device. My standard target has been CyanogenMod, which I’ve been running since it started. That’s no longer developed, so I need to take a little look at alternatives. The OPX mod scene is a little slow these days - the phone is discontinued and never had the biggest sales figures, so there isn’t the most motivated talent pool to keep it up.

I’m settling on the direct descendent of CM, LineageOS. It’s more or less the same developers and codebase under a different name. Currently available for the device (Codename: onyx) is 14.1, which translates to Android numbering as 7.1, or “the latest and greatest”. While there are driver deficiencies - I don’t believe that Qualcomm are going to produce graphics drivers for the snapdragon 801 - people report it runs well.

I’m scaling back my google dependency a little more, this time I can get rid of music, photos, books, gmail, films, keep and a whole load of other stuff I don’t care to remember. OpenGAPPS pico does me fine and I’ll install what I need.

I listed the apps I actually use and care about, and it came to about 30:

Action3
Calendar?
Drive 
Firefox
F-Droid 
iPlayer Radio
K9-Mail (fdroid)
KDE-Connect (fdroid)
Monzo
Nextcloud (fdroid)
Openkeychain (fdroid) (backup)
Orbot (fdroid)
Orfox (fdroid)
Password Store (fdroid)
Podcast Addict (backup)
Plus
Revolut
RBS
Riot
Simple Last.fm Scrobbler (fdroid)
Signal (backup)
Spotify
Termux (fdroid)
Twitter 
VLC
Weechat Android (fdroid)
Whatsapp (backup)
Youtube

Google Drive is required for whatsapp backups, but it has been uninstalled now that whatsapp is restored.

Openkeychain has really, really impressed me in my migration process - it let me export my phone gpg key (used for password store) securely, with a long password to protect it. I was able to move and import easily on the new OS.

Everything’s been relatively painless, to be honest. Ownlcoud replaces google photos, and a whole load of other functions too. It brings ever more of my data back under my control, which is pretty important when you’ve got secrets to hide from nasty Governments like I do. I’ve got an increasing amount of free software there too - fdroid becomes ever more useful for me.

LineageOS is running smoothly. My only issue is that it would not let me write to my SD card from apps, so I couldn’t download podcasts to it or cache spotify. It’s a weird quirk that I’m sure will get worked out. Until then I’ve done the co-opted storage thing, which I really don’t like.

Battery life is still crap, but I think it’s slightly less crap than it was, time will tell!

February 04, 2017 03:00 PM

January 23, 2017

Dave Hibberd

Face

Radio Node

Soundmodem, ax25d and uronode

This is mostly a repost of something that was on my now deceased wiki, spruced up a little for this platform.

Start at the top and work down, you should have a basic, working ax25 packet radio system by the end. I shall address netrom at a later date.

I’m using soundmodem as it presents me with an sm0 device I can easily configure in the following steps!

Note: While this specifies soundmodem, if you change the startup script’s kissattach line to contain a physical tnc or direwolf device, it should still work.

Note: Don’t use my callsign. That’d be bad & illegal.

Get Software

On Debian, I recommend installing the soundmodem, ax25-tools and ax25-apps packages:

sudo apt install ax25-tools ax25-apps soundmodem

Direwolf is also a great tool to replace soundmodem with, but I’m not so experienced at that.

Set up Soundmodem

Using a cheap USB sound interface and soundmodem worked best for me.

For quick reference:

plughw:CARD=Device,DEV=0

is the alsa string for mine.

I use a Yaesu FT7900 as my data radio, and the interface for that has a usb device to key it which usually /dev/ttyUSB0

See below for my /etc/ax25/soundmodem.conf file - note my channel details: KISS, sm0, MM3ZRZ-5. These are important for later. You’re best off running soundmodemconfig to set these configuration details.

Select New->Configuration, name it and press ok. Highlight the configuration, and again select New->Channel to add a channel. Pull information from the config below to handle the rest…

Hint: The IP information is from Aberdeen University’s 44net allocation. I’d appreciate it if you used your own, or an RFC1918 address:)

<?xml version="1.0"?>
<modem>
  <configuration name="UHF_Packet">
    <chaccess txdelay="150" slottime="100" ppersist="40" fulldup="0" txtail="10"/>
    <audio type="alsa" device="plughw:CARD=Device,DEV=0" halfdup="1" capturechannelmode="Mono"/>
    <ptt file="/dev/ttyUSB0" hamlib_model="" hamlib_params=""/>
    <channel name="Channel 0">
      <mod mode="afsk" bps="1200" f0="1200" f1="2200" diffenc="1"/>
      <demod mode="afsk" bps="1200" f0="1200" f1="2200" diffdec="1"/>
      <pkt mode="KISS" ifname="sm0" hwaddr="MM3ZRZ-5" ip="44.131.6.35" netmask="255.255.255.224" broadcast="44.131.6.63" file="/dev/soundmodem0" unlink="1"/>
    </channel>
  </configuration>
</modem>

axports

This file contains information about each of the ‘ports’ and what you’re assigning to them. This is analogous to ports on IP, i.e: 22 for ssh or 443 for https.

# /etc/ax25/axports
#
# The format of this file is:
#
# name callsign speed paclen window description
#
radio     MM3ZRZ-5  1200    255     2	General Packetry (1200  bps)

kissattach

A port is ‘attached’ to a physical interface, like a hardware TNC, or virtual interface, as in soundmodem using a command called kissattach. kissattach has the syntax kissattach tty port - in this case it’s kissattach /dev/soundmodem0 radio.

This provides us a rather useful functionality - you can run multiple ports on the same system. I could have a 1200bd VHF and 9600bd UHF port, kissattached to /dev/soundmodem1 and /dev/ttyUSB1 respectively. This would provide 3 RF points of access to the same packet node!

Note how I’m using radio as my port and assigning it the callsign MM3ZRZ-5 at 1200baud, max packet length of 255 (bytes) and window of 2, whatever that last one means.

ax25d.conf

Ax25d distributes data from incoming axports and spawn something to receive it, analogous to inetd or xinetd.

Note how it works: all requests to MM3ZRZ-5 via interface radio - here is how to deal with them. No callsign, ignore, default case, send to uronode.

# /etc/ax25/ax25d.conf
#
# ax25d Configuration File.
#
# AX.25 Ports begin with a '['.
#
[MM3ZRZ-5 VIA radio]
NOCALL   * * * * * *  L
default  * * * * * *  - root  /usr/local/sbin/uronode uronode
#
# Uncomment to enable netrom
#<netrom>
#parameters 1    10  *  *  *   *   *
#NOCALL     *     *  *  *  *   *   L
#default    *     *  *  *  *   *   0        root /usr/sbin/node node

Avahi

Avahi tends to spam the port with info, so I disabled it. Stopping the publishing function might be neater, check the ubuntuhams resource to get a better idea of that.

Uronode

If you don’t intend to run the system as a node, you can effectively ignore this bit.

If you don’t know what a node is, it’s essentially a frontend for using the computer remotely. It presents a simplified interface that can be transmitted and controlled over a remote, low speed, high latency link while maintaining usability. It opens up commands and functions of the remote computer and is generally quite efficient on the channel, compared to say, ssh.

Uronode had a couple of config files to sort out There’s quite a lot going on in uronode.conf - the timeouts and the callsign replacement bits are important to get it up and running as a basic starting point. I’ve got an amprnet allocation, so I can fill that out in line with what was in the soundmodem config.

There’s lots of advanced things going on here - the aliases for telnetting Callbook, Convers etc are all configurable, as is the passthrough for external commands like netstat. Thats really cool. There are also a pile of netrom things that I’ll look into later.

# /etc/ax25/uronode.conf - URONode example configuration file   12-8-13
#
# see uronode.conf(5)

# Idle timeout (seconds).
# This is how long we hold onto a dead link. 0 disables (this is NOT
# recommended! Time is in seconds.

IdleTimeout	900

# Timeout when gatewaying (seconds).
# This (in seconds) is a keep-alive for dead connects out of the node.

ConnTimeout	600

# Visible hostname. Will be shown at telnet login.
# set this to your ampr.org hostname.

HostName	<callsign>.ampr.org

# SysOp email address
# Set this to your email address - preferred to use an ampr.org email.

Email <callsign@callsign.ampr.org>

# "Local" network.
# This is your local amprnet subnet in full. Do NOT use 44.0.0.0/8!

LocalNet	44.x.x.x/32

# Command aliases. See uronode.conf(5) for the meaning of the uppercase
# letters in the name of the alias. Examples below:

Alias		CAllbook "telnet %{3:144.167.99.66} 2000 %1 s"
Alias		CONVers  "telnet %{2:44.88.0.9} 3600 \"/n %u %{1:1}\""
Alias		DXCluster "connect dxuro s"
Alias		WX	"telnet %{3:38.102.137.140} %1 s"

# Hidden ports.
# List interfaces you wish not to display. Not suggested.

#HiddenPorts	inet

# External commands. See uronode.conf(5) for the meaning of the uppercase
# letters in the name of the extcmd.
#
# Flags:	1	Run command through pipe
#		2	Reconnected flag
#		3	Run through pipe and reconnect
#
ExtCmd		MAil	1	root	/usr/sbin/axmail axmail %u
ExtCmd		NEstat	1	nobody	/bin/netstat netstat --inet

# Node ID.
# This displays before all output texts when the user connects into
# your node via NetRom. Set to "" to leave blank.
# Note: This -must- be defined or will display as "(null)". A space
# is hardcoded in. Example: UROHUB:N1URO-2 do NOT add the bracket
# afterwards "}" this is predefined in URONode.
#
NodeId		<ALIAS:NODECALL-SSID>

# Ax25/Flex ID.
# This displays before some strings and at logout to the end user when
# they connect in via ax25 as defined in your ax25d.conf file. If
# you don't define this "(null)" will be presented to the end user. Its
# suggested you take this from your ax25d config which either faces a
# flexnet system OR your 2-meter user interface. Note: do NOT make this
# ssid the same as your NetRom SSID here or in ax25d.conf.

FlexId		<CALLSIGN>-2

# Netrom port name. This port is used for outgoing netrom connects.

NrPort		nr0

# Syslog Logging level - suggest leaving this at 3 for debugging. 0
# halts logging. Best for Pi on SD card is 0.

LogLevel	0

# The default escape character (CTRL-T)
#
EscapeChar      ^T

Uronode has uronode.motd, uronode.perms and more for further configuration. Go explore!

Running it

All you need to do is start soundmodem, kissattach it to your axport, start ax25d and optionally mheardd.

I’ve brought this together in a script below.

#!/bin/sh
# shut up avahi, no one likes you.
#systemctl stop avahi.service
#systemctl disable avahi.service

# start ax25 with the soundmodem driver using the port
# defined in /etc/ax25/axports
/usr/sbin/soundmodem /etc/ax25/soundmodem.conf -M >/dev/null 2>/dev/null&
sleep 1
#attach physical device to axport
/usr/sbin/kissattach /dev/soundmodem0 radio

# TNC Parameters txd, persist, slottime, txtail are done by
# soundmodemconfig and stored in soundmodem.conf

# listen for stations heard
/usr/sbin/mheardd
sleep 1

# listen for various incoming connects like PMS, node, etc.
/usr/sbin/ax25d
sleep 1

To connect to another packet station run

axcall port callsign

This means, to connect from another station to the node above, it’s

axcall radio mm3zrz-5

This initiates a direct, point to point connection from your station to mm3zrz-5. mm3zrz-5 is what we have just configured - if you come in on the radio axport, then you’ll get uronode. axcall enables you to define relay stations - if you know the best path to the remote node, you can be repeated by them to get to it. If you don’t know the best route, the node might have a “recently heard” option on it.

I’ll document my netrom adventures soon - this alleviates some of the issue by implementing beacons, routing and aliases.

References

Most of my config understanding came from here - it was invaluable

January 23, 2017 09:00 AM

January 22, 2017

Dave Hibberd

Face

Home Network Improvements

I’ve had a problem with my home router for a long time - the LAN side of the set up has been falling over with frustrating regularity. For me, it means my Audio Streaming setup stops playing Spotify. For my housemates, it means lost time on Overwatch!

It’s happening just enough now to be a frustrating lost 5 minutes a few times a day, so it’s time to fix.

My home network has always been a pretty simple affair (apart from when I’m borrowing BTOpenzone) - just the ISP provided modem/router. I am, of course, an engineer in the Telecoms Industry. I can do better!

Typical Connection Diagram:

Network Diagram

Interestingly, when my fault occurs, the WAN side of the network stays stable - the connection logs show no lost time or reset. It’s only a LAN issue. I don’t trust the router to keep a stable LAN connection any more, so I need to have new hardware for both tasks. I can’t just put it into bridge mode and use it as a modem only.

I like having control, and I like openwrt, so I’d like my main network router to be running openwrt, under my control. I can fine tune stuff, add a VPN to avoid the Pry Minister, alongside IPv6 Tunnels and the like as my ISP don’t yet supply IPv6.

Most openwrt routers that are cheap don’t come with inbuilt VDSL modems, so I’ll need to get a separate one. Conveniently, the Huawei HG612 3B has been thoroughly hacked and is proven to run well on UK VDSL connections, and has been supplied by Openreach in the past. It was recommended by a friend who’s done the same thing, so I figured what’s the worst that can happen?

I have an old TP-Link TL-WR841N/ND that yakamo gave to me many moons ago, running openwrt. That will serve as the router. Hooray…

Now the network looks like:

Network Diagram

So far, it has been much more stable - no random LAN fallovers.

The HG612 gives me proper linestats about my VDSL connection - SNR Margin, powers at both ends, what VDSL profile I’m on. I’ve had to learn about DLM and more. As time goes on, I’m going to move the modem around the house and try to improve my speed.

Current figures are:

# xdslcmd info --pbParams
xdslcmd: ADSL driver and PHY status
Status: Showtime
Retrain Reason: 0
Last initialization procedure status:   0
Max:    Upstream rate = 11817 Kbps, Downstream rate = 37372 Kbps
Bearer: 0, Upstream rate = 2000 Kbps, Downstream rate = 22399 Kbps

Discovery Phase (Initial) Band Plan
US: (6,31) (882,1193) (1984,2770)
DS: (33,857) (1218,1959) (2795,4083)
Medley Phase (Final) Band Plan
US: (6,31) (882,1193) (1984,2770)
DS: (41,857) (1218,1959) (2795,3432)
VDSL Port Details                   Upstream                Downstream
Attainable Net Data Rate:           11817 kbps              37372 kbps
Actual Aggregate Tx Power:             5.4 dBm                5.5 dBm
============================================================================================
VDSL Band Status                U0      U1      U2       U3      U4     D1      D2      D3
Line Attenuation(dB):           1.8     30.9    48.5     N/A     N/A    15.8    40.3    65.3
Signal Attenuation(dB):         1.8     30.7    48.3     N/A     N/A    17.3    39.9    65.7
SNR Margin(dB):                 27.0    16.4    11.7     N/A     N/A    11.3    11.3    0.0
TX Power(dBm):                 -4.8    -11.0    4.9      N/A     N/A    8.7     7.3    -19.7

(This has been adjusted so it makes sense, it prints on the terminal a little messy)

As you can see, I’m getting a sync rate of ~37Mbit but I’m being limited to ~23Mbit due to line performance. The line numbers don’t look too bad.

As DLM samples every 15 minutes and then reprofiles at midnight, I’ll give this a week or so to improve before resiting the router in a location closer to the master socket. Unfortunately there’s no 240V outlets in the cupboard the master socket is in or I’d have it in there already!

I’ll get a monitoring tool and set up graphing, I’d be interested to see how the numbers change over time and more. This is something people have done already, how hard can it be.

Now my TODO list includes:

  • 6in4 tunnel (half done, routing’s fucked)
  • VPN (I should do this soon)
  • QOS (to annoy flatmates)
  • Optimise VDSL Linespeed (to get what I pay for)

Network diagrams generated using yuml.me

January 22, 2017 12:01 PM

January 20, 2017

Dave Hibberd

Face

Riot Desktop Install

I installed the Riot desktop app (for matrix) tonight on Debian Stretch (my current laptop). It’s an electron app, so it’s more or less a packaged webapp.

Here’s how it went

wget -qO - https://riot.im/packages/debian/repo-key.asc | sudo apt-key add -

sudo vim EOF /etc/apt/sources.list.d/riot.list

# Riot
deb https://riot.im/packages/debian/ stretch main
deb-src https://riot.im/packages/debian/ stretch main

sudo apt update && sudo apt install riot-web

Simple. Unfortunately, because I did SSL things tonight I don’t have access to my testbed home server, so I can’t test it.

It also doesn’t seem to support login via CAS which is what we’re using on 57N’s implementation.

So it’s ultimately a useless activity, but at least this way I’ll remember how I did it.

Regardless, I’m pretty interested in matrix at the moment so I’ll keep prodding.

January 20, 2017 01:00 AM