Add-on development for Kodi

no comments

On the heels of the QNAP NAS setup notes, here’s a fun integration with my home automation system for living room lights.

The idea is to send the same commands from the Kodi app as the custom Android app does to the Arduino controlled relays. Before the movie starts, the lights go off. I’ll skip the details of that code, but point to a few useful pages to get started. It’s simple.

The Kodi Add-on documentation is good. To get started, you need at least two files: The addon.xml configuration, and your Python script, e.g. myaddon.py. These have to be in a directory on the format script.name (more in the linked documentation) and zip-ed in a ZIP file which does not use use compression, as seen below. This zip-file can now be copied to the NAS, and installed from Kodi.
zip -0 -r myaddon.zip script.myaddon

One gottcha is that the addon.xml file cannot contain a final new-line. At least some people have reported that causing a install error.

For an easy way to get started, look at the Hello World add-on example, as well as its source code. It doesn’t get easier than that.

Securing a Postfix mail server – TLS transport encryption

no comments

I previously discussed SPF and DKIM setup for the Postfix mail server. Here’s some notes on TLS transport encryption. (Although, maybe those articles should have come in opposite order).

Using a self-signed certificate (which should be fine for small scale usage), setup is rather easy and straight forward. Creating the keys and certificats boils down to these instructions, copied from here. (Similar instructions here).

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem
openssl genrsa -out device.key 2048
openssl req -new -key device.key -out device.csr
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 500

Modifying /etc/postfix/main.cf, you might end up with something like this, assuming you’ve copied the keys as indicated by the linked article.
smtp_use_tls = yes
smtpd_use_tls = yes
 
smtp_tls_note_starttls_offer = yes
 
smtpd_tls_security_level = may
smtpd_tls_ask_ccert = yes
smtpd_tls_security_level = may
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
 
smtpd_tls_key_file = /usr/share/ssl/certs/postfix/device.key
smtpd_tls_cert_file = /usr/share/ssl/certs/postfix/device.crt
smtpd_tls_CAfile = /usr/share/ssl/certs/postfix/rootCA.pem

Once all the changes are made, restart postfix:
service postfix restart

Now you can verify the setup with telnet:
telnet mail.example.com 25
 
EHLO example.com
STARTTLS

This should yield:
220 Ready to start TLS

Another way to confirm the setup is to send an email to a gmail.com account, and observe the lock status icon on the header field drop-down, explained in detail here.

Finally, the official Postfix documentation and notes on authentication (older doc) might come in handy.

QNAP NAS and autofs auto mount

Comments Off

After considering multiple options to cover a HTPC and a NAS, I finally went with the combined “living room” QNAP HS-251+ NAS earlier this year. I’ll leave the reviews to other sites, and just summarize the main features:

  • 2 bay 3.5″ or 2.5″ HDD or SSD
  • Intel Celeron 2GHz Quad core; 2 GB DDR3 RAM
  • 2x 1Gb RJ-45 ports; 2x USB 2.0; 2x USB 3.0
  • 1x HDMI
  • Fan-less
  • Simple remote control
  • Multiple in-house and external apps
  • Good support for Kodi (aka. XBMC)
  • Linux based 32-bit OS, with most common tools and network services available, including SSHD, NFS, SMB, FTPS, rsync.

NFS

Setting up NFS shares on the NAS side is straight forward through the web based UI under “Control Panel”. You probably want to create one or more users which match your own client (e.g. laptop) user, and possibly also related group. All this can be achieved through the UI, however, for setting specific user IDs, SSH into the NAS (using the admin account) and edit /etc/passwd and /etc/group. If the IDs are changed, you’ll also have to update /mnt/HDA_ROOT/.config/nfssetting.

/etc/passwd
david:x:1001:8008:Linux User,,david,:/share/homes/david:/bin/sh
john:x:1000:8008:Linux User,,john,:/share/homes/john:/bin/sh

/etc/group
foobar:x:8008:david,john

The reason for changing the user or group IDs manually might be to match existing IDs on the client machines. In that case, you might also have to provide this option, to make those IDs are actually used by the NAS. This setting is not permanent, so if the NAS is restarted frequently, you might consider a start-up script solution.
echo N > /sys/module/nfs/parameters/nfs4_disable_idmapping

The two relevant configuration files for the NFS setup on the NAS are /etc/exports and /mnt/HDA_ROOT/.config/nfssetting. They will be automatically configured by the UI, however some manual tweaking might be needed. I ended up with something like this, for two machines (with DNS names”laptop”, “desktop” – you can also use IP address) and two shares (“pictures”, “video”). The user (UID) and group (GID) ids will match what’s seen in the /etc/passwd and /etc/group files above.

/etc/exports

"/share/CACHEDEV1_DATA/pictures" laptop(rw,async,no_subtree_check,insecure,no_root_squash) desktop(rw,async,no_subtree_check,insecure,no_root_squash)
"/share/CACHEDEV1_DATA/video" laptop(rw,async,no_subtree_check,insecure,no_root_squash) desktop(rw,async,no_subtree_check,insecure,no_root_squash)

/mnt/HDA_ROOT/.config/nfssetting
"/share/CACHEDEV1_DATA/Public" *(rw,async,no_root_squash,insecure)
[Global]
Version = 4.2.0
[Access]
/share/CACHEDEV1_DATA/Public = FALSE
/share/CACHEDEV1_DATA/pictures = TRUE
/share/CACHEDEV1_DATA/video = TRUE
[AllowIP]
/share/CACHEDEV1_DATA/Public = *
/share/CACHEDEV1_DATA/pictures = laptop,desktop
/share/CACHEDEV1_DATA/video = laptop,desktop
[Permission]
/share/CACHEDEV1_DATA/Public = rw
/share/CACHEDEV1_DATA/pictures = rw,rw
/share/CACHEDEV1_DATA/video = rw,rw
[SquashOption]
/share/CACHEDEV1_DATA/Public = no_root_squash
/share/CACHEDEV1_DATA/pictures = no_root_squash,no_root_squash
/share/CACHEDEV1_DATA/video = no_root_squash,no_root_squash
[AnonUID]
/share/CACHEDEV1_DATA/Public = 65534
/share/CACHEDEV1_DATA/pictures = 1001,1000
/share/CACHEDEV1_DATA/video = 1001,1000
[AnonGID]
/share/CACHEDEV1_DATA/Public = 65534
/share/CACHEDEV1_DATA/pictures = 8008,8008
/share/CACHEDEV1_DATA/video = 8008,8008

After making any changes to the NFS config, restart the service:
/etc/init.d/nfs restart

Client side and autofs

On the client, e.g. laptop or desktop, you’d want to point your NFS mount configuration to the shares created above. However, since either NAS or more likely personal machine will be rebooted, it is useful to configure this through autofs instead of the traditional /etc/fstab config. That way, the shares will be mounted and re-mounted on demand. It will also avoid long waits at boot and shutdown of the client machines.

First, make sure the NFS and autofs packages are installed:
apt-get install portmap nfs-common autofs cifs-utils

Edit /etc/auto.master and add the following line, which specify local mount point, and specific configuration files. Note that that has to match with your setup, so you might want to change the names here. As long as the /mnt directory and config file match, you can use whatever names you like.

/etc/auto.master
/mnt/qnap /etc/auto.qnap

The share specific configuration is then added in the file referenced above. It assumes you’ve named the shares on the NAS “pictures” and “video”. It also assumes the DNS name of the NAS is “qnap” (or you can use an IP here). Finally, it assumes that the shared group is called “foobar”, which should match the GID 8008 above. That GID should also be present on the client machine.

/etc/auto.qnap
pictures -fstype=nfs,rw,soft,tcp,nolock,gid=foobar qnap:/pictures
video -fstype=nfs,rw,soft,tcp,nolock,gid=foobar qnap:/video

Finally, after making changes to the NFS / autofs confg, restart the service:
/etc/init.d/autofs restart

Comments Off

Privacy attacks and government surveillance continue

Comments Off

At the Symantec Government Symposium on Tuesday, FBI director James Comey said he “can’t resist talking about encryption and going dark”, and will continue an “adult” discussion into 2017. What’s stopping him now, seems to be the media attention on the presidential election. He continued “The challenge we face is that the advent of default, ubiquitous strong encryption is making more and more of the room we are charged to investigate dark”. Referring to device encryption on iPhones and Android phones, as well as Whatsapp, etc.

Meanwhile in Europe, French and German politicians have seized on the recent fear of violence to push similar rhetoric. Last week French Interior Minister Bernard Cazeneuve and German Interior Minister Thomas de Maizière said that “they will push for a Europe-wide law requiring tech companies to provide law enforcement agencies with access to encrypted messages when necessary”. Cazeneuve said, “We propose that the EU Commission studies the possibility of a legislative act introducing rights and obligations for operators to force them to remove illicit content or decrypt messages as part of investigations, whether or not they are based in Europe”. The “our law” should universal thinking, in other words.

The “crypto wars” are as hot as ever, and even though the latest communication technology offerings have made it easier for everybody to stay private, it is clear that the Western surveillance states will not give up without a fight.

Comments Off

Hand soldering Surface Mount Components

Comments Off

I recently got a $3 practice board for soldering SMD devices. It comes with components of various sizes, including resistors in 1206, 0805, and 0603 sizes; 1206 didoes; SOT-23 transistors; and a SOP14 chip. The board itself has no purpose, and only the resistors and didoes are actually connected. Given that the goal of this was to practice soldering, I’m happy with the outcome, as seen in the pictures below.

As can be seen, the 100 Ω resistors (“101″) are 1206 (3.2 x 1.6 mm); 82 Ω (“820″) are 0805 (2.0 x 1.25 mm); and 750 Ω (“751″) are 0603 (1.6 x 0.8 mm).

Some requirements and observations on hand soldering:

  • Soldering hygiene is paramount: The tip always has to be speckless; the solder has to be clean and untouched (cut off its tip if necessary).
  • Visual magnification is required to see what you are doing. Both a tweezer with a magnifying class and a pair of magnifying eye glasses are required.
  • A thin solder, preferably 0.5mm.
  • A thin solder tip.
  • Extreme patience is a must.

As opposed to through-hole soldering, SMD hand-soldering requires a flawless process every time. The tip always has to be clean and wet; so the sponge must always be clean to avoid picking up solder bits. Nothing must be in the way of the working area, including the solder iron wire. The components must be ready and almost in place. A typical iteration of my personal beginner’s technique went something like this:

  1. Remove old solder from the sponge.
  2. Clean and wet the solder tip: First with the iron cleaner; then on the sponge; wet with a bit of solder; clean on the sponge.
  3. Inspect the solder tip under a magnifying glass. It should be shiny and without spots or old soler. Repeat step 1 if necessary. 
     
  4. Put the solder tip down on one of the board pads, and move the solder in to add a bit of solder. Repeat for more solder points.
  5. If the solder starts to bubble, repeat the cleaning steps.
  6. Add solder to the tip before putting it back in its holder. 
     
  7. Open the SMD strip to push out one or two components.
  8. Using a magnifying glass and tweezer, orient the component in almost the correct location, right next to the pre-soldered pad from step 4.
  9. Clean and prepare the soldering tip.
  10. Hold the component down with the tweezer + magnifying glass.
  11. Heat the solder from step 4, and push in the component into its correct position.
  12. Without moving the tweezer, remove the solder iron.
  13. Repeat for more components.
  14. Add solder to the tip before putting it back in its holder. 
     
  15. Clean and prepare the soldering tip.
  16. Both hands are required, so use a handless magnifier, e.g. the magnifying glasses linked above.
  17. Heat the other side of the component (or solder pad) placed on the board.
  18. Carefully come in with the solder. Try to make it melt by touching the pad on the board, rather than the solder tip.
  19. If the solder starts to bubble, repeat the cleaning steps.
  20. Repeat for more components.
  21. Add solder to the tip before putting it back in its holder.

As this suggests, the cleaning can get repetitive, however it’s absolutely necessary to make this work. As the wetting and cleaning might actually waste quite a bit of solder, a tip refresher paste might be useful. The one at DX is sold out, but AliExpress has the same.

If it wasn’t clear already, this is hand-soldering at a rookie level. For professional techniques, better look elsewhere.

Comments Off

Review: “Blackwater: The Rise of the World’s Most Powerful Mercenary Army”, Jeremy Scahill

Comments Off

In journalist Jeremy Scahill’s exposé of the American private mercenary company Blackwater, he documents its origin, its founder Eric Princ’s life and family history, the early start as a North Carolina military and police training facility, later involvement in the wars in Afghanistan and Iraq, its close political and military ties, and several of the controversial and deadly contracts and missions, including the infamous Fallujah ambush, Najaf siege, Blackwater 61 plane crash. He goes on to investigate some of the characters involved with the company, some right out dangerous like Cofer Black from CIA; while other more comically incompetent like Pentagon’s Inspector General Joseph Schmitz.

As an investigation and documented history of the company and its conduct, Scahill has done an extraordinary job in revealing all the details. Albeit it can get somewhat long when every bullet fired is included in the narration, as almost seems to be the case with the Najaf siege. Further details of the preceding contracts, and following lawsuits of wrongful death paints a picture of a company shrouded in secrecy and with deep far-right political and military connections.

It is perhaps in revealing these connections the book raises above a mere critic of the private mercenary company, and shines light on the power brokers of Washington and Pentagon. It is not a coincidence that the same names and the same circles always repeat: Donald Rumsfeld set the stage for privatization of the military; always working closely with Paul Wolfowitz. Of course Dick Cheney is there; as well as Scooter Libby. On the military and intelligence side, Paul Bremer (Presidential Envoy to Iraq) and Cofer Black (CIA) move through the revolving doors multiple times. Tying much of it together are the Council for National Policy (CNP) organization and the influential Project for the New American Century (PNAC), which William Kristol (son of Irving Kristol) and Robert Kagan founded. CNP in particular acts as a meeting point between conservative politicians, donors and activists. Here the Prince family huddles with prominent neoconservatism like Jerry Falwell (evangelical Southern Baptist pastor), Gary Bauer (1999 presidential nominee), Wayne LaPierre (NRA), and more. The focal points center around conservative politics, Christian evangelical and to some degree Judaist religion, and aggressive military foreign policy. As Scahill’s book shows, the military industrial complex is not an abstract entity or idea; rather it is a surprisingly small network of public and private figures who yield immense political and military power.

Scahill book is well worth a read, to gain insight into the private side of the US military industrial complex, its incredible cash-flow, and deep connections. Although he is clearly skeptical of both the mercenary company and several of the political figures involved, his presentation is factual objective and well written.

Comments Off

DealExtreme orders

Comments Off








































































































































































































































































































Comments Off

ESP8266 galore

Comments Off

More than a year ago, I tried out the ESP8266, but didn’t get very far. The scene and products have evolved a lot since then, and today it’s as easy to use and develop with the ESP8266 as with the Arduino. Some shields are also coming online, although there are no common form factors yet.

DealExtreme stocks a number of different boards and chips. Among them, the most interesting are the various boards from Wemos. They have a two form factors: The “D1″, a rather large board which matches the Arduino Uno layout and header pins; and the neat and small “D1 min” at only 34×25 mm. What makes the latter very appealing, is a range of small shields which stack on top of each other, just like the old Arduino.

There are already several interesting shields available from Wemos. Including a temperature sensor; 64×48 pixel OLED display; 220 V relay; motor driver; SD card; battery connector; single button; single LED; and a DIY “proto board”. These are not available from DX, and are best ordered from Wemo’s AliExpress shop. Please note, the ones linked here do not have the header pins soldered, so a bit of manual soldering work is required.

 

Comments Off

Storage prices

Comments Off

As predicted in January, there have indeed been a number of exciting releases and announcements so far this year: Samsung finally launched their 15TB SSD; Intel brought 16nm TLC SSD to market; SanDisk (now owned by Western Digital) continue to launch faster larger SD cards; and a new large and heavy 8 TB USB 3.1 C external drive from Seagate was just made available.

On the list below, there are also a few changes, including some new 8 TB disks from Western Digital. Prices are coming down a bit, but also due to currency fluctuations. Several 8 TB spinning disks are now very competitively priced.

SSD drives are also coming down in price, and starting last year, more drives are now becoming cheaper per byte than optical media. That is of course mainly due to the fact that there has been no development in the latter technology, however, it’s a milestone worth noting since the next is in fact price parity with certain spinning disks. Where the gap has been 10x for the last decade (and still is for the cheapest HDD), it is now closing in more rapidly. Between the cheapest SSD byte and most expensive HDD byte the factor is now 3x-4x.

Media Type Product Capacity Price CHF Price Euros Euros / GB GBs / Euro
HDD-SMR Seagate ARCHIVE HDD 8TB 8000 GB 259.00 237.61 0.03 33.67
External 3.5 Western Digital Elements Desktop 4TB, USB3 4000 GB 132.00 121.10 0.03 33.03
HDD Seagate Desktop 4TB 4000 GB 133.00 122.02 0.03 32.78
SMR External 3.5 Seagate Backup Plus Desktop 8TB 8000 GB 269.00 246.79 0.03 32.42
External 3.5 Western Digital My Book 4TB, USB3 4000 GB 135.00 123.85 0.03 32.30
External 3.5 Western Digital My Book 8TB, USB3 8000 GB 274.00 251.38 0.03 31.82
External 3.5 Western Digital My Book 6TB, USB3 6000 GB 209.00 191.74 0.03 31.29
HDD Western Digital Green 3TB 3000 GB 106.00 97.25 0.03 30.85
HDD Western Digital Green 4TB 4000 GB 148.00 135.78 0.03 29.46
External 3.5 Western Digital My Book 3TB, USB3 3000 GB 115.00 105.50 0.04 28.43
External 3.5 Western Digital Elements Desktop 3TB, USB3 3000 GB 116.00 106.42 0.04 28.19
HDD Western Digital Red 3TB 3000 GB 120.00 110.09 0.04 27.25
HDD Western Digital Red 4TB 4000 GB 165.00 151.38 0.04 26.42
HDD-He Western Digital Red 8TB 8000 GB 339.00 311.01 0.04 25.72
HDD Western Digital Green 2TB 2000 GB 84.80 77.80 0.04 25.71
HDD Western Digital Green 6TB 6000 GB 255.00 233.94 0.04 25.65
HDD Western Digital Red 5TB 5000 GB 214.00 196.33 0.04 25.47
HDD Western Digital Red 6TB 6000 GB 259.00 237.61 0.04 25.25
External 2.5 Western Digital Elements Portable 2TB, USB3 2000 GB 91.00 83.49 0.04 23.96
External 2.5 Western Digital My Passport Ultra 3TB, USB3 3000 GB 142.00 130.28 0.04 23.03
HDD Western Digital Red 2TB 2000 GB 99.00 90.83 0.05 22.02
External 2.5 Western Digital My Passport Ultra 2TB, USB3 2000 GB 99.00 90.83 0.05 22.02
External 2.5 Western Digital Elements Portable 1TB, USB3 1000 GB 64.00 58.72 0.06 17.03
HDD-He Hitachi Ultrastar He6 6TB 6000 GB 436.00 400.00 0.07 15.00
External 2.5 Western Digital My Passport Ultra 1TB, USB3 1000 GB 73.00 66.97 0.07 14.93
Blu-ray Verbatim BD-R SL 10 @ 25GB 250 GB 19.00 17.43 0.07 14.34
HDD-He Hitachi Ultrastar He8 8TB 8000 GB 724.00 664.22 0.08 12.04
DVD-R Verbatim 16x DVD-R 100 @ 4,7GB 470 GB 46.00 42.20 0.09 11.14
Blu-ray Verbatim BD-R DL 10 @ 50GB 500 GB 51.90 47.61 0.10 10.50
DVD+R DL Verbatim 8x DVD+R DL 50 @ 8,5GB 425 GB 71.00 65.14 0.15 6.52
DVD+R DL Verbatim 8x DVD+R DL 25 @ 8,5GB 213 GB 39.00 35.78 0.17 5.94
SSD Crucial BX200 SSD, MLC, 480GB 480 GB 125.00 114.68 0.24 4.19
SSD Crucial BX200 SSD, MLC, 240GB 240 GB 69.10 63.39 0.26 3.79
SSD Crucial MX200 SSD, MLC, 1000GB 1000 GB 288.00 264.22 0.26 3.78
SSD Samsung SSD 850 EVO Basic, TLC, 1TB 1000 GB 299.00 274.31 0.27 3.65
SSD Crucial MX200 SSD, MLC, 500GB 500 GB 155.00 142.20 0.28 3.52
SSD Samsung SSD 850 EVO Basic, TLC, 500GB 500 GB 166.00 152.29 0.30 3.28
SSD Crucial BX100 SSD, MLC, 1000GB 1000 GB 339.00 311.01 0.31 3.22
SSD Crucial BX100 SSD, MLC, 500GB 500 GB 181.00 166.06 0.33 3.01
USB Flash SanDisk Ultra, USB 3.0, 256GB 256 GB 96.90 88.90 0.35 2.88
SSD Samsung SSD 850 EVO Basic, TLC, 250GB 250 GB 99.00 90.83 0.36 2.75
SSD Crucial MX200 SSD, MLC, 250GB 250 GB 99.30 91.10 0.36 2.74
USB Flash SanDisk Cruzer Edge Flash Drive 64GB 64 GB 25.80 23.67 0.37 2.70
SSD Samsung SSD 850 Pro, MLC, 1024GB 1024 GB 436.00 400.00 0.39 2.56
USB Flash SanDisk Ultra, USB 3.0, 64GB 64 GB 28.80 26.42 0.41 2.42
SSD Samsung SSD 850 Pro, MLC, 512GB 512 GB 241.00 221.10 0.43 2.32
CD-R Verbatim CD-R 100 @ 700MB 70 GB 34.50 31.65 0.45 2.21
microSDXC SanDisk Ultra Premium microSDXC 90MB/s, 200GB 200 GB 99.00 90.83 0.45 2.20
SSD Samsung SSD 850 Pro, MLC, 256GB 256 GB 134.00 122.94 0.48 2.08
USB Flash SanDisk Cruzer Edge Flash Drive 32GB 32 GB 17.10 15.69 0.49 2.04
SDXC SanDisk Extreme Pro SDXC UHS-I, Class 10/UHS 3, 95/90MB/s, 256GB 256 GB 144.00 132.11 0.52 1.94
USB Flash SanDisk Ultra, USB 3.0, 32B 32 GB 19.50 17.89 0.56 1.79
SDXC SanDisk Extreme Pro SDXC UHS-I, Class 10/UHS 3, 95/90MB/s, 128GB 128 GB 79.10 72.57 0.57 1.76
SSD Samsung SSD 850 EVO Basic, TLC, 120GB 120 GB 79.00 72.48 0.60 1.66
SSD-NVM-M.2 Samsung SSD 950 Pro, M.2 2280, MLC, 2500/1500MB/s, 512GB 512 GB 359.00 329.36 0.64 1.55
SDXC SanDisk Extreme Pro SDXC UHS-I, Class 10/UHS 3, 95/90MB/s, 512GB 512 GB 371.00 340.37 0.66 1.50
SSD Samsung SSD 850 Pro, MLC, 128GB 128 GB 97.40 89.36 0.70 1.43
SSD-NVM-M.2 Samsung SSD 950 Pro, M.2 2280, MLC, 2200/900MB/s, 256GB 256 GB 195.00 178.90 0.70 1.43
USB Flash SanDisk Cruzer Edge Flash Drive 16GB 16 GB 12.90 11.83 0.74 1.35
microSDXC SanDisk Extreme Pro microSDXC, Class 10, 90/95MB/s, 64GB 64 GB 52.00 47.71 0.75 1.34
SDXC SanDisk Extreme Pro SDXC UHS-I, Class 10/UHS 1, 95/90MB/s, 64GB 64 GB 55.00 50.46 0.79 1.27
SDHC SanDisk Extreme Pro SDHC UHS-I, Class 10/UHS 1, 95/90MB/s, 32GB 32 GB 33.00 30.28 0.95 1.06
Compact Flash SanDisk Extreme 120MB/s, UDMA 7, 64GB 64 GB 75.00 68.81 1.08 0.93
USB Flash SanDisk Cruzer Edge Flash Drive 8GB 8 GB 10.90 10.00 1.25 0.80
Compact Flash SanDisk Extreme Pro 160MB/s, UDMA 7, 128GB 128 GB 175.00 160.55 1.25 0.80
Compact Flash SanDisk Extreme Pro 160MB/s, UDMA 7, 256GB 256 GB 351.00 322.02 1.26 0.79
Compact Flash SanDisk Extreme Pro 160MB/s, UDMA 7, 64GB 64 GB 98.50 90.37 1.41 0.71
Compact Flash SanDisk Extreme 120MB/s, UDMA 7, 32GB 32 GB 52.30 47.98 1.50 0.67
SDHC SanDisk Extreme Pro SDHC UHS-I, Class 10/UHS 1, 95/90MB/s, 16GB 16 GB 27.00 24.77 1.55 0.65
SDXC SanDisk Extreme Pro SDXC UHS-II, UHS 3, 280/250MB/s, 64GB 64 GB 116.00 106.42 1.66 0.60
Compact Flash SanDisk Extreme Pro 160MB/s, UDMA 7, 32GB 32 GB 59.10 54.22 1.69 0.59
SDHC SanDisk Extreme Pro SDHC UHS-II, UHS 3, 280/250MB/s, 32GB 32 GB 75.10 68.90 2.15 0.46
Compact Flash SanDisk Extreme 120MB/s, UDMA 7, 16GB 16 GB 39.20 35.96 2.25 0.44
SDHC SanDisk Extreme Pro SDHC UHS-II, UHS 3, 280/250MB/s, 16GB 16 GB 49.70 45.60 2.85 0.35

Exchange rate: 1 Euro = 1.090000 CHF.

Comments Off

DIY Arduino Debug Shield

Comments Off

Debugging with LEDs; it’s probably even more primitive than debugging with printf statements. However, to get a very immediate feedback on what’s happening, or which pins are in use, it can be useful. So what better way then than a ~$2 homemade shield to pop on top of your existing project.

DealExtreme supplies all the parts needed: A versatile prototyping shield board with holes and wires in sensible locations; a bag of assorted LEDs; resistors; and header pins. (The board and headers in this project used 6x and 8x header pins, to fit with the older Duemilanove. The Uno another other boards have slightly different pin layouts, so plan ahead).

Now, I’m not an expert at soldering, nor product design, but this shield does the job, and already helped in programming my next project. Lesson learnt: Lay out the components all the way before heading off with the iron. I should have gone with the 3mm LEDs all the way. Or, maybe surface mount could have worked. Next time.

Comments Off

Hello World! from the UG-2864 “OEL Display Module” / SSD1306

Comments Off

There is a wide range of cute small OLED (organic LED, aka. Organic Electro-Luminescence) display modules around. Adafruit has a range, the same or similar can also be found all over eBay and Amazon, and of course from DealExtreme. They are available in modules for the Arduino, Raspberry Pi, or other micro controllers. Some are based on basic DATA, CONTROL, LOCK interfaces, while others implement the SPI or I2C bus protocols. The OLED makes for a bright high contrast wide viewing angle screen. Most are monochrome, while a few come with 16 bit colors.

I got the $7 0.96 inch 128*64 pixel I2C version from Deal Extreme. It is indeed small, but also very nice and sharp. Even small fonts are easily readable. It was easy to get up and working with the Arduino UNO, although with a few gotchas to watch out for. The I2C interface makes it very easy to hook up, with only two wires in addition to power (5V and ground).

For background, this GeekOnFire page goes into detail about the memory addressing and low level commands. Further details can be found in the Univision Technology display (UG-2864HLBEG01, UG-2864HSWEG01) and Solomon Systech driver chip (SSD1306) data sheets. See also this note which compares the SPI and I2C protocols.

Scan and Detect

There are also multiple drivers and graphics libraries around, some of which are available directly through the Arduino IDE Library Manager. I’ll go through the details below, but before we get there, make sure the module is hooked up correctly and detected. See the Arduino Wire library reference for which pins to hook up. It varies based on Arduino board and version.

Note, for the Arduino Uno, the pins are Analog 4 and Analog 5.

Once plugged in, copy the sketch from this simple I2C Scanner, and upload. Open the Serial Monitor, and observe something like “I2C device found at address 0x3C“.

Take great care to note the exact address. It might be either 0x3C or 0x3D, and the libraries below will have to be modified accordingly.

U8glib

The U8glib library supports a long list of different LEDs. It is available directly from within the Arduino IDE Library Manager by searching for “U8glib”. Once installed, open the Examples list, and try the “HelloWorld” example.

However, before uploading, you need to uncomment the correct display. In my case, it was around line 90, and looked like:

U8GLIB_SSD1306_128X64 u8g(U8G_I2C_OPT_NONE|U8G_I2C_OPT_DEV_0); // I2C / TWI

Once uploaded, the display should show “Hello World!”. Also try out the other examples, like the GraphicsTest, but make sure to always uncomment the correct initialization line.

Adafruit

The Adafruit library focuses on the displays they offer, and comes in two parts, the SSD1306 driver and the Adafruit Gfx library. Searching for “Adafruit SSD1306″ and “Adafruit gfx” in the Arduino IDE Library Manager should give perfect hits.

The Adafruit driver and examples take some custom modifications before they work, though. First, in the file Adafruit_SSD1306/Adafruit_SSD1306.h, make sure the following lines are uncommented and correct according to the display you have (see the scanner section above). Make sure the other similar lines above or below are commented out.

#define SSD1306_I2C_ADDRESS 0x3C

#define SSD1306_128_64

Secondly, in the ssd1306_128x64_i2c example sketch, again make sure that the address is defined correctly, according to what the scanner said. Within the setup() method, you will see this line, which you might have to modify:

display.begin(SSD1306_SWITCHCAPVCC, 0x3C);

GeekOnFire

Finally, the GeekOnFire library is yet another easy wait to get started with the OLED display. It is not available in the Arduino Library Manager, but can just as easily be downloaded from their site, and installed from the Arduino IDE through its ZIP file.

As with the Adafruit library, the I2C address has to be modified, and a similar initialization line can be found within the setup() method of their examples:

GOFoled.init(0x3C);

Comments Off

RFID tag reading with the RDM630 module

Comments Off

To read RFID tags with an Arudino is easy using the RDM630 card reader module (also sold as RDM6300 in a slightly different version). It’s available from DealExtrme, including a pack of 10 RFID cards, or keychain fobs. These are all based on 125 kHz cards and reading, using the EM4100 protocol. (That is important, since there are many different frequencies and protocols used under the same umbrella name RFID).

John Boxall at tronixstuff.com has an excellent beginner’s tutorial on using the module. Hooking up the module is easy, needing only +5V and ground, plus a single pin (lower left on the RDM6300) to a digital pin on the Arduino. He opts for using SoftwareSerial so he can define the incoming RX data pin to something else than the standard pin 0. That way, it does not interfere with the serial transfer while uploading new sketches.

Reading from the module then boils down to reading from the SoftwareSerial class. In essence, it looks some like this, when surrounding boilerplate is removed:

#include <SoftwareSerial.h>
SoftwareSerial RFID(2, 3); // RX, TX

// setup
RFID.begin(9600);

// loop
if (RFID.available() > 0) {
  int byte = RFID.read();
}

He goes on to implement some convenience methods which parse the incoming numbers and compare them to a whitelist of accepted cards.

The only missing feature I had wished for in this reader, is to detect multiple cards at once. As far as I understand, that is not possible, and only more expensive readers (or possibly other protocols) can do so.

Comments Off

Raspberry Pi 3 with Wifi and Bluetooth on sale now for $35

Comments Off

The Raspberry Pi Foundation is not holding back. Since the original Raspberry Pi B launched four years ago, there has been a steady stream of new devices and upgrades: The much improved Raspberry Pi 2 came out two years ago, and it was just before Christmas that the tiny form-factor Pi Zero launched. Today, they’ve announced another upgrade in the form of Raspberry Pi 3 B, also selling for $35.

Apart from an upgrade to a 1.2GHz 64-bit quad-core ARM Cortex-A53 CPU, the most exiting news is the integrated 802.11n wireless LAN and Bluetooth 4.1. Ideally, it means that no other external devices are needed, assuming that a Bluetooth keyboard works (sometimes they can be flaky).

This will likely be a hit, so expect to wait for some time for stocks to fill up with the different retailers. And of course, the stated price might not be obtainable if buying locally.


Comments Off

Let’s Encrypt TLS certificate setup for Apache on Debian 7

Comments Off

Through Let’s Encrypt, anybody can now easily obtain and install a free TSL (or SSL) certificate on their web site. The basic use case for a single host is very simple and straight forward to set up as seen here. For multiple virtual hosts, it is simply a case of rinse and repeat.

On older distributions, a bit more effort is required. E.g. on Debian 7 (Wheezy), the required version of the Augeas library (libaugeas0, augeas-lenses) is not available, so the edits to the Apache config files have to be managed by hand. Furthermore, for transitioning from an old HTTP based server, you need to configure the redirects for any old links which still might hard code “http” in the URL. Finally, there’s some security decisions to consider when selecting which encryption protocols and ciphers to support.

Installation and setup

Because the installer has only been packaged for newer distributions so far, a manual download is required. The initial execution of the letsencrypt-auto binary will install further dependencies.

sudo apt-get install git
git clone https://github.com/letsencrypt/letsencrypt /usr/local/letsencrypt
 
cd /usr/local/letsencrypt
./letsencrypt-auto --help

To acquire the certificates independently of the running Apache web server, first shut it down, and use the stand-alone option for letsencrypt-auto. Replace the email and domain name options with the correct values.

apache2ctl stop
 
./letsencrypt-auto certonly --standalone --email johndoe@example.com -d example.com -d www.example.com

Unless specified on the command line as above, there will be a prompt to enter a contact email, and to agree to the terms of service. Afterwards, four new files will be created:

/etc/letsencrypt/live/example.com/cert.pem
/etc/letsencrypt/live/example.com/chain.pem
/etc/letsencrypt/live/example.com/fullchain.pem
/etc/letsencrypt/live/example.com/privkey.pem

If you don’t have automated regular backup of /etc, now is a good time to at least backup /etc/letsencrypt and /etc/apache2.

In the Apache config for the virtual host, add a new section (or a new file) for the TSL/SSL port 443. The important new lines in the HTTPS section use the files created above. Please note, this example is for an older Apache version, typically available on Debian 7 Wheezy. See these notes for newer versions.

# This will change when Apache is upgraded to >2.4.8
# See https://letsencrypt.readthedocs.org/en/latest/using.html#where-are-my-certificates
 
SSLEngine on
 
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

To automatically redirect links which have hard coded http, add something like this to the old port *.80 section.

#Redirrect from http to https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

While editing the virtual site configuration, it can be useful to watch out for the logging format string. Typically the logging formatter “combined” is used. However, this does not indicate which protocol was used to serve the page. To show the port number used (which implies the protocol), change to “vhost_combined” instead. For example:

CustomLog ${APACHE_LOG_DIR}/example_com-access.log vhost_combined

To finish, optionally edit /etc/apache2/ports.conf, and add the following line to the SSL section. It enables multiple named virtual hosts over SSL, but will not work on old Windows XP systems. Tough luck.

<IfModule mod_ssl.c>
  NameVirtualHost *:443
  Listen 443
</IfModule>

Finally, restart Apache to activate all the changes.

apache2ctl restart

Verification and encryption ciphers

SSL Labs has an excellent and comprehensive online tool to verify your certificate setup. Fill in the domain name field there, or replace your site name in the following URL, and wait a couple of minutes for the report to generate. It will give you a detailed overview of your setup, what works, and what is recommended to change.

https://www.ssllabs.com/ssltest/analyze.html?d=example.com

Ideally, you’ll get a grade A as shown in the image below. However, a few more adjustments might be required to get there. It typically has to do with the protocols and ciphers the web server is configured to accept and use. This is of course a moving target as security and cryptography research and attacks evolve. Right now, there are two main considerations to make: All the old SSL protocol versions are broken and obsolete, so should be disabled. Secondly, there’s an attack on the RC4 cipher, but disabling that is a compromise, albeit old, between its insecurity and the “BEAST” attack. Thus, disabling RC4 now seems to be preferred.

Taking all this into account, the recommended configuration for Apache and OpenSSL as it stands excludes all SSL versions, as well as RC4 versions. This should result in a forward secrecy configuration. Again, this is a moving target, so this will have to be updated in the future.

To make these changes, edit the Apache SSL mod file /etc/apache2/mods-available/ssl.conf directly, or update the relevant virtual host site config file with the following lines.


SSLHonorCipherOrder on
 
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4 !ECDHE-RSA-RC4-SHA"
 
SSLProtocol all -SSLv2 -SSLv3

Restart Apache, and regenerate the SSL Labs report. Hopefully, it will give you a grade A.


 
 

Final considerations

Even with all the configuration above in place, the all-green TSL/SSL security lock icon in the browser URL bar, as seen below right, might be elusive. Instead a yellow warning like the on in the image to left might show. This could stem from legacy URLs which have hard coded the http protocol, both to the internal site and external resources like images, scripts. It’s a matter of either using relative links, excluding the protocol and host altogether, absolute site links, inferring the protocol by not specifying it, or hard coding it. Examples:

<img src="blog_pics/ssl_secure.png">
 
<img src="/blog_pics/ssl_secure.png">
 
<img src="//i.creativecommons.org/l/by-sa/3.0/88x31.png">
 
<img src="https://i.creativecommons.org/l/by-sa/3.0/88x31.png">

On a blog like this, it certainly makes sense to put in some effort to update static pages, and make sure that new articles are formatted correctly. However, going through all the hundreds of old articles might not be worth it. When they roll off the main page, the green icon will also show here.

 
 

Comments Off

Storage prices

Comments Off

There are number of new interesting storage alternatives on the market these days, and more are set to arrive throughout 2016. The large 8 TB SMR Seagate drives, both internal and external, top the list as most affordable per byte. They are followed by various traditional 3 and 4 TB drives. At the bottom amongst the HDD, we find the helium filled HGST drives. A 10 TB SMR version is expected to reach the market soon.

In SSD land, the picture is reversed, where it is the largest drives which gives you most capacity per coin, at continuously decreasing prices. Added to the mix, is the new NVM-M.2 motherboard socket standard, which attaches directly to the PCI bus. This gives vastly improved performance, at up to 5x read/write speeds of the traditional SATA3 connection.

Finally, amongst flash card and stick storage, there is similar prices decrease as SSD, and also increase in max size. The biggest SD cards are now at 512 GB.

Media Type Product Capacity Price CHF Price Euros Euros / GB GBs / Euro
HDD-SMR Seagate ARCHIVE HDD 8TB 8000 GB 238.00 216.36 0.03 36.97
SMR External 3.5 Seagate Backup Plus Desktop 8TB 8000 GB 274.00 249.09 0.03 32.12
HDD Seagate Desktop 4TB 4000 GB 139.00 126.36 0.03 31.65
HDD Western Digital Green 4TB 4000 GB 144.00 130.91 0.03 30.56
HDD Western Digital Green 3TB 3000 GB 110.00 100.00 0.03 30.00
External 3.5 Western Digital Elements Desktop 4TB, USB3 4000 GB 149.00 135.45 0.03 29.53
External 3.5 Western Digital My Book 4TB, USB3 4000 GB 154.00 140.00 0.04 28.57
External 3.5 Western Digital Elements Desktop 3TB, USB3 3000 GB 123.00 111.82 0.04 26.83
External 3.5 Western Digital My Book 6TB, USB3 6000 GB 248.00 225.45 0.04 26.61
HDD Western Digital Red 3TB 3000 GB 125.00 113.64 0.04 26.40
HDD Western Digital Green 2TB 2000 GB 83.60 76.00 0.04 26.32
HDD Western Digital Green 6TB 6000 GB 253.00 230.00 0.04 26.09
External 3.5 Western Digital My Book 3TB, USB3 3000 GB 130.00 118.18 0.04 25.38
HDD Western Digital Red 5TB 5000 GB 229.00 208.18 0.04 24.02
HDD Western Digital Red 6TB 6000 GB 275.00 250.00 0.04 24.00
HDD Western Digital Red 4TB 4000 GB 184.00 167.27 0.04 23.91
External 2.5 Western Digital Elements Portable 2TB, USB3 2000 GB 98.40 89.45 0.04 22.36
HDD Western Digital Red 2TB 2000 GB 103.00 93.64 0.05 21.36
External 2.5 Western Digital My Passport Ultra 3TB, USB3 3000 GB 155.00 140.91 0.05 21.29
External 2.5 Western Digital My Passport Ultra 2TB, USB3 2000 GB 111.00 100.91 0.05 19.82
External 2.5 Western Digital Elements Portable 1TB, USB3 1000 GB 68.20 62.00 0.06 16.13
External 2.5 Western Digital My Passport Ultra 1TB, USB3 1000 GB 73.20 66.55 0.07 15.03
HDD-He Hitachi Ultrastar He6 6TB 6000 GB 441.00 400.91 0.07 14.97
Blu-ray Verbatim BD-R SL 10 @ 25GB 250 GB 23.70 21.55 0.09 11.60
DVD-R Verbatim 16x DVD-R 100 @ 4,7GB 470 GB 46.00 41.82 0.09 11.24
Blu-ray Verbatim BD-R DL 10 @ 50GB 500 GB 50.00 45.45 0.09 11.00
HDD-He Hitachi Ultrastar He8 8TB 8000 GB 875.00 795.45 0.10 10.06
DVD+R DL Verbatim 8x DVD+R DL 50 @ 8,5GB 425 GB 73.30 66.64 0.16 6.38
DVD+R DL Verbatim 8x DVD+R DL 25 @ 8,5GB 213 GB 39.00 35.45 0.17 5.99
SSD Samsung SSD 850 EVO Basic, TLC, 1TB 1000 GB 336.00 305.45 0.31 3.27
SSD Crucial BX100 SSD, MLC, 500GB 500 GB 169.00 153.64 0.31 3.25
SSD Crucial MX200 SSD, MLC, 1000GB 1000 GB 344.00 312.73 0.31 3.20
SSD Crucial BX200 SSD, MLC, 480GB 480 GB 168.00 152.73 0.32 3.14
SSD Crucial BX100 SSD, MLC, 250GB 250 GB 88.00 80.00 0.32 3.13
SSD Crucial BX100 SSD, MLC, 1000GB 1000 GB 352.00 320.00 0.32 3.13
SSD Samsung SSD 850 EVO Basic, TLC, 500GB 500 GB 177.00 160.91 0.32 3.11
SSD Crucial MX200 SSD, MLC, 500GB 500 GB 182.00 165.45 0.33 3.02
USB Flash SanDisk Ultra, USB 3.0, 256GB 256 GB 96.90 88.09 0.34 2.91
SSD Samsung SSD 850 EVO Basic, TLC, 250GB 250 GB 97.20 88.36 0.35 2.83
SSD Crucial BX200 SSD, MLC, 240GB 240 GB 98.10 89.18 0.37 2.69
SSD Crucial MX200 SSD, MLC, 250GB 250 GB 110.00 100.00 0.40 2.50
SSD Samsung SSD 850 Pro, MLC, 1024GB 1024 GB 469.00 426.36 0.42 2.40
USB Flash SanDisk Cruzer Edge Flash Drive 64GB 64 GB 29.80 27.09 0.42 2.36
SSD Samsung SSD 850 Pro, MLC, 512GB 512 GB 247.00 224.55 0.44 2.28
CD-R Verbatim CD-R 100 @ 700MB 70 GB 34.90 31.73 0.45 2.21
SSD Samsung SSD 850 Pro, MLC, 256GB 256 GB 140.00 127.27 0.50 2.01
USB Flash SanDisk Cruzer Edge Flash Drive 32GB 32 GB 18.70 17.00 0.53 1.88
SSD Samsung SSD 850 EVO Basic, TLC, 120GB 120 GB 73.60 66.91 0.56 1.79
SDXC SanDisk Extreme Pro SDXC UHS-I, Class 10/UHS 3, 95/90MB/s, 256GB 256 GB 161.00 146.36 0.57 1.75
SSD-NVM-M.2 Samsung SSD 950 Pro, M.2 2280, MLC, 2500/1500MB/s, 512GB 512 GB 345.00 313.64 0.61 1.63
SDXC SanDisk Extreme SDXC, Class 10/UHS 3, 40/60MB/s, 128GB 128 GB 93.40 84.91 0.66 1.51
SDXC SanDisk Extreme Pro SDXC UHS-I, Class 10/UHS 3, 95/90MB/s, 128GB 128 GB 94.00 85.45 0.67 1.50
SSD Samsung SSD 850 Pro, MLC, 128GB 128 GB 97.30 88.45 0.69 1.45
SSD-NVM-M.2 Samsung SSD 950 Pro, M.2 2280, MLC, 2200/900MB/s, 256GB 256 GB 199.00 180.91 0.71 1.42
USB Flash SanDisk Cruzer Edge Flash Drive 16GB 16 GB 12.90 11.73 0.73 1.36
SDXC SanDisk Extreme Pro SDXC UHS-I, Class 10/UHS 3, 95/90MB/s, 512GB 512 GB 419.00 380.91 0.74 1.34
microSDXC SanDisk Ultra Premium microSDXC 90MB/s, 200GB 200 GB 168.00 152.73 0.76 1.31
microSDXC SanDisk Extreme Pro microSDXC, Class 10, 90/95MB/s, 64GB 64 GB 57.60 52.36 0.82 1.22
SDHC SanDisk Extreme SDHC, Class 10/UHS 3, 40/60MB/s, 32GB 32 GB 29.00 26.36 0.82 1.21
microSDHC SanDisk Ultra microSDHC Android, Class 10, 48MB/s, 32GB 32 GB 30.60 27.82 0.87 1.15
SDXC SanDisk Extreme Pro SDXC UHS-I, Class 10/UHS 1, 95/90MB/s, 64GB 64 GB 62.00 56.36 0.88 1.14
SDHC SanDisk Extreme Pro SDHC UHS-I, Class 10/UHS 1, 95/90MB/s, 32GB 32 GB 38.10 34.64 1.08 0.92
USB Flash SanDisk Cruzer Edge Flash Drive 8GB 8 GB 10.00 9.09 1.14 0.88
Compact Flash SanDisk Extreme Pro 160MB/s, UDMA 7, 256GB 256 GB 342.00 310.91 1.21 0.82
Compact Flash SanDisk Extreme Pro 160MB/s, UDMA 7, 128GB 128 GB 187.00 170.00 1.33 0.75
Compact Flash SanDisk Extreme Pro 160MB/s, UDMA 7, 64GB 64 GB 98.50 89.55 1.40 0.71
Compact Flash SanDisk Extreme 120MB/s, UDMA 7, 32GB 32 GB 52.00 47.27 1.48 0.68
SDXC SanDisk Extreme Pro SDXC UHS-II, UHS 3, 280/250MB/s, 64GB 64 GB 114.00 103.64 1.62 0.62
SDHC SanDisk Extreme Pro SDHC UHS-I, Class 10/UHS 1, 95/90MB/s, 16GB 16 GB 30.70 27.91 1.74 0.57
Compact Flash SanDisk Extreme 120MB/s, UDMA 7, 64GB 64 GB 127.00 115.45 1.80 0.55
Compact Flash SanDisk Extreme Pro 160MB/s, UDMA 7, 32GB 32 GB 64.00 58.18 1.82 0.55
SDHC SanDisk Extreme Pro SDHC UHS-II, UHS 3, 280/250MB/s, 32GB 32 GB 76.20 69.27 2.16 0.46
Compact Flash SanDisk Extreme 120MB/s, UDMA 7, 16GB 16 GB 43.00 39.09 2.44 0.41
SDHC SanDisk Extreme Pro SDHC UHS-II, UHS 3, 280/250MB/s, 16GB 16 GB 50.10 45.55 2.85 0.35

Exchange rate: 1 Euro = 1.100000 CHF.

Comments Off