Archive for the 'Technology' Category

In the Hall of the Greene King

Thursday, August 17th, 2017

So, there was a bit of work needed at an office in Bury St Edmunds- a bit of network diagnosis and install a ID card printer. I’m chief network monkey, so it’s my sort of job. Time was flexible. I’d always fancied seeing the town, so last Friday my other half and I left out at early-O-clock, and hit the M6T, M6, and A14 again.

Pleasingly, Cathorpe has been finished, and the difference is amazing, such that even with a breakfast stop near Cambridge, we arrived at the office well before 9am, untroubled by the speed cameras, which have mostly evolved into average-speed ones, thereby avoiding the horrors I discussed here.

So then, a fight with the printer and it’s terrible drivers, a quick tweak of a Cisco config, fix a few other minor issues, and finished by 13:40. Off to the lovely hotel, and hit the pubs. Bury is a lovely town; historic, beautiful, but not up-itself- a very rare mix. People were friendly, drinks and food reasonably priced. Even my better half’s bus fare into town from the office was a mere 75p.

The next day, we took a trip to Ickworth, a stunning property, and such a short drive not going would have been madness, and then had a look around the town, visited Green King’s cafe, wandered around Abbey Gardens.

I’m not usually a massive fan of GK’s beers, which maybe made a trip to Bury rather an odd one, as it’s Greene King Central, but the good thing was that some of GK’s less usual beers were about- and the double bonus of getting some work that needed doing done and another part of the UK visited was worthwhile.

Diesel Do

Tuesday, August 1st, 2017

So having had the emmissions-test cheat mode removed from my car, I was interested to see on BBC Watchdog (everyone’s favourite combination of fuckwits and whingers) that there seems to be a growing number of complaints following the “service action”.

It seems the complaints centre around limp-home mode getting triggered, and it seems that the EGR valve has been a common failure. It does seem that logically, the EGR may be more active post-fix in order to reduce NOx at the expense of more particulates and reduced power/economy.

The Watchdog article fairly obviously prompted this letter from VW:

Page one of the VW “all is well” letter. Click to embiggen.

Page two of the VW “all is well” letter. Click to embiggen. Note in section 3, bullet point 5.

And there’s something interesting in section 3, bullet point 5 that gives VW a potential get-out. On page 1, they’re saying that they’ll be favourable to clains for 2 years/up to 160K miles, but then say that they won’t cover a DFP full of ash. There’s scant infornmation about what the VW fix does apart from removing the rolling road detection, but consensus seems to be that is alters injection quantity, pattern, and timing, and tweaks EGR. All of these could have an effect on the particulates produced.

Now, since Euro V, we’re not allowed to pump those particulates out to atmosphere (boo hiss!):

So the particulates have to go somewhere, and that somewhere is the DPF. DPFs obviously can get full of soot, and they then need to be regenerated. This can happen passively (if it gets hot enough), or can be triggered by the engine ECU injecting fuel on an exhaust stroke, so that it burns in the DPF. This turns the soot to ash- the ash that VW won’t replace your DPF for if it’s full of it. Which is interesting: you can’t get something for nothing, and the reduced NOx emissions comes (apparently) at a cost of more particulates, which means more DPF regens, and therefore more ash, so a shorter DPF life.

I don’t know what to make of this, to be honest. My own VW seems have economy and performance unchanged, and doesn’t seem to be doing active regenerations often, but you don’t miraculously lose the NOx without paying for it somewhere. I suppose EGR and DPF life remains to be seen. I’d really like to see a full analysis/reverse engineering of the remapped ECU (because, on the 2L engine, that’s all that happens).

This is interesting in the light of news recently that the sale of conventional diesel & petrol cars is to be outlawed by 2040. I think that’s a bit of a non-story: we’re already in the twilight of internal combustion cars: both petrol and diesel cars are now loaded with lots of controls and mechanisms not to increase efficiency or power, but to limit harmful emissions, and even with those they pollute our environment in a way that is impossible to contain. Electric cars will still pollute, of course, (and will still congest the roads), but the internal combustion engine is on it’s way out, inevitably. We’ll still have IC cars on the road by 2040 (and assuming I make it, I’ll be a pensioner), but they’ll be diminishing in quantity.


Monday, May 29th, 2017

I happened across a tweet from CPMG last week,and retweeted it (amd, indeed, responded to it with both a reply and by completing the survey (which I’d encourage you to do). The conversation that resulted can be viewed on twitter by clicking the first link, but is also screenshotted below:

Screenshot 1 of 2- click to embiggen.

screenshot 2 of 2, click to embiggen.

An interesting conversation, rapidly joined by Livestream Data Systems, who, in their own words, provide backend systems for ANPR. Almost as if they were ready, watching for replies, huh?

They made the very valid point that a number plate (VRM) is public data, publicly visible all the time. This is true, of course, but it’s trivial for people to associate my number plate with me- especially should the “they” be law enforcement, who can look it up in seconds.

Continuing that, it’s pretty trivial to track me by combining ANPR with a few other things. A thought occurred to me as an example: I completed the survey from the holiday flat we rented. I checked the public-side IP of the broadband connection, and it geolocated to within a few miles of my location (I was in Torquay, it said Dawlish). So, taking only public or non-personal data along with potential ANPR data (the camera locations are not public) I follow CPMG on twitter. I completed the survey from a location near Torquay having clicked through from Twitter (this data could be obtained from server logs).

CPMG probably don’t have many followers on the English Riviera, as they’re a Midlands unit.

Now search the ANPR data for cars travelling between the Midlands and the South West. Add in from the server logs that I used Linux, google a bit, and you have me, most likely. You know where I am, what car I drive, and you have my opinions on ANPR, without having to apply for a court order or similar. Analyse ny tweets, dig over this blog and there’s plenty to learn (of course, what I tweet or post here I’m voluntarily supplying, thank fuck I don’t use Facebook).

That might sound a little paranoid, but it’s an example, and it’s why we should all remain vigilant and wary. I don’t have anything to hide, and you could therefore take the view of “who cares”, but are you comfortable with being tracked?

There’s going to be a lot of pressure in coming times for greater surveillance, especially given recent terror events: but one thing to consider here is that if a terrorist is willing to kill or injure many people with explosives, I don’t think using false plates and/or changing vehicles is going to bother them, whereas the majority of us use one or two vehicles regularly, so it’s far easier to track ordinary citizens than the criminals. Most of us voluntarily carry a tracking device (smartphone), use bank cards: do the bad guys do that?

I’d like to make it clear I fully support CPMGs work, keeping the road safe for us all, but I’m a bit concerned about data use (and misuse) here, and this isn’t the first time. It’s the work of seconds to reveal misuse of anti-terror legislation for things as trivial as school catchment areas, and there’s prior cases of ANPR misuse. That’s even before we consider that companies like Livestream- a private company- may be providing the back end and processing for the national network (I don’t know exactly who does), and therefore we could be trusting their systems and employees with this data.

A quick Google search revealed a supplier of services to councils who apparently encrypt ANPR data with SQL.


Oooh- what’s that black helicopter overhead?


Thursday, April 27th, 2017

I’ve had a Volumio music player for a while: pretty good overall, but sometimes a bit prone to corrupt filesystems. Checking the website, there was a new version, so I thought I’d try it. It was….interesting. Cleverly done, with squashfs filesystem images and a data partition to save data, but using it gave me a few issues. First of all, the original Raspberry Pi model B I was using turned out to be too slow: the initial setup took 20 min to complete, and playing audio was glitchy as it couldn’t shift data down the USB fast enough. Changing to a Raspberry Pi2 fixed that, but then it dropped off the network. With no HDMI monitor nearby, this was impossible to troubleshoot, so I tried an alternative: I had a HP thin client lying about, and Volumio has a x86 experimental version, so with a CF-IDE converter and a CF card to replace the tiny flash disk in the HP, off I went. Working out a few bugs in the BIOS that make booting the CF and not trying to boot the external USB drives that just contain music took a while, but it worked, quite well, with 2 problems- firstly, the web interface and the view through Cantata didn’t agree, and secondly…

Ahoy hoy

Friday, March 31st, 2017

It’s not been a good week phone-wise: I managed to lose my Wileyfox Swift last Saturday, so bought a replacement- a Swift 2, which arrived on Tuesday. With it still shiny and new, I went out for a bike ride, and a slightly ill-advised overtake of a jogger resulted in the front wheel getting hung up on the ridges of the path, a slide down the bank, and an unscheduled swim; the first time I’ve gone into the cut in about 35 years of riding.

The canal isn’t as cold as you’d expect, but the ride of about 3 miles home dripping is still quite grim, as was my smell pre-shower. I have no idea if every bearing on the bike is now washed free of lubricant…

The bag of rice failed to resurrect the phone, so back to the old Galaxy S2 it was, and a double claim to the phone insurance. The phones are quite cheap, but doing 2 in in a few days stings a bit.

I’d not been totally happy with the Swift 2: it was dual-SIM like the original, but using a Micro-SD blocked one SIM slot, so I decided to go for a Lenovo Moto G5 Plus, which takes 2 SIMs and a Micro SD, and has a removeable battery, and, like the Wileyfox phones, keeps the bloatware to a minimum, staying quite close to stock Android; The big-name phones, for me, have too much added on, and I’m not going to void the warranty on a brand-new phone to remove it.

Free the Meraki

Wednesday, February 22nd, 2017

So, around 3 years ago, we had some Meraki access points at work. I was pretty keen on the tech, but less so on the licence model, where you pay the going rate for an access point, and then have to pay for a licence to use it, or it becomes useless, because it will only work if connected to Meraki’s cloud managment.

This is no longer true, and became untrue a while ago, and as the Meraki APs we had have come due for renewal, and have been replaced, I had one thrown in my direction.

A bit of searching threw up a few pages suggesting OpenWRT will work just fine, with a couple of caveats about the difficulty of rooting the device to gain enough access to overwrite the Meraki firmware: they’d really rather not let you do this- they give away sample access points, so maintaining their licence model is the way they make money.

Anyway, I already had a CP2102 USB-Serial (TTL level) converter I’d bought to have a play with one of those dodgy webcams, so I bought a PSU from Ebay, and got out the soldering iron, PuTTY, and an ethernet crossover cable.

The basic instructions are here, but to get root, I had to follow the procedure here, and indeed root the standard firmware (to get a reboot command, as my AP would not boot properly with the UART connected to the laptop).

The first challenge was getting the UART cabled correctly: the phrase

an UART adapter wired to the MR18 (speed is 115200). Pinout (left to right): VCC/RX/TX/GND

was misleading for me: first of all, that is corrrect if you hold the AP with the connector at the top like in this picture, and secondly, the RX/TX desgnation refers to which pins you need to connect from the CP2102, rather than their function on the AP, so I had some fun getting the UART cabled.

The second, but not hard, challenge was installing a web server, and realising that openwrt-ar71xx-nand-mr18-initramfs.bin had changed name to openwrt-ar71xx-nand-mr18-initramfs-kernel.bin in a later version.

The third challange was that the AP got stuck in a boot loop from cold with the UART connected, though a warm boot was fine. That wasn’t a problem for the initial rooting (where you hold down “S”), as there’s enough time during the boot cycle after powering up the AP, but when it came to booting the OpenWRT image, I couldn’t hit “2” in time: I resolved this by rooting the Meraki firmware to get a reboot command, then hitting “2”.

With those out the way, it was as simple as setting an appropriate fixed IP on the laptop, connecting the ethernet crossover, logging in to the newly booted image’s LUCI interface, and applying the full firmware image, which erases the Meraki firmware once and for all, and you have a free MR18 🙂

Open the Box

Thursday, January 12th, 2017

Andy presented me with an interesting challenge:

Your mission, should you decide to accept it, is to get Linux on this accursed box.

The accursed box was a Sumvision Cyclone Mini PC: an Intel Atom SoC based PC, in a nice little box about the size of a domestic router. It has been quite popular for a Windows Media playerbox, with wireless built in, and a HDMI-out, but this one was hopefully destined for more geeky things: an easily deployable network monitor, so first thing is Linux.

Apparently others had given up in frustration, and powering it up gave me a particularly unfriendly UEFI shell that didn’t have a scroll-lock, so you couldn’t see the available commands. Nice. I found a way into the BIOS-style setup, and checked all the obvious things; secure boot disabled, clear the secure boot keys, etc. What was notably odd was a OS/BOM seletion screen (that is their typo, not mine) that was set to Windows 8, and all greyed out, and no CSM (or Legacy) boot modes.

Make Tech Difficult

Monday, December 12th, 2016

One of the things non-techies hate about tech is the complexity of setting some things up, and the rise of IoT, and the ubiquity of smartphones and home broadband has meant that our homes have more and more tech, and that tech is expected to talk to the cloud, and perhaps talk back.

Manually configuring this gear can be a bit tricky, so there’s a bunch of things making it easier. Your ISP may well provide a router, with default passwords. IP cameras will “phone home” to the manufacturer’s site to register themselves, so you don’t have to manually set up dynamic DNS. That router from your ISP will probably use UPnP so it can open ports for the camera and any other devices. Things like Nest or Hive bypass that by depending on a server in the cloud on someone else’s computer to make the connection.

All nice so far. Even better, these things are putting my favourite OS, Linux out there. As Linux is free, and powerful, and efficient on the low-power chips in these devices, it gets used a lot.

You’d think I’d be pleased.

But there’s a problem. Lots of these devices have poorly implemented security. Others depend on a hosted service, so if someone decides to stop supporting it, or indeed changes the API you have an expensive paperweight.

The Mirai attacks first turned IP cameras into a huge botnet, and now malware has got its hands on routers: the very device you expect to secure your home network, and let’s not forget that if your IP camera (inside your firewall/router) is compromised, it could be used as a tool to attack your PC, and the router will happily help out by opening ports for it: many cameras have poor web interfaces and hardcoded “root” passwords (I have one myself with a password of “123456”)

I realise I’m sounding a little like a luddite here; or perhaps the techie complaining about tech doing stuff itself and therefore meaning people need fewer techies, but here’s the rub: the more of this stuff that gets out there, the bigger the attack surface, the bigger the gain, and the bigger the effect on everyone. So, a little advice:

1. Think if you really need that IoT device.
2. Change default passwords.
3. Consider tossing your ISP-supplied router. It’s probably shit anyway. Turn off UPnP, even if that means you have to get help opening and forwarding ports. There’s a fucking good reason a firewall closes ports, so why bypass that?
4. Consider not buying the very cheapest IP cam like mine 🙂
5. If you invest in cloud-connected devices, entertain the fact that you just lost control of them.
6. If there’s updated firmware, use it.
7. Linux does not mean secure. The kernel itself probably is, but a lot of embedded devices are poorly secured.


Wednesday, September 14th, 2016

The things you do on a rainy Saturday when you really shouldn’t just go to the pub…

I’ve had a TP-Link WR-2543 router for some time now, since I discovered the Cisco I had before was effectively throttling my connection. For the cost (some time ago), it’s a pretty good device- but it’s getting on, the firmware’s no longer updated (a continual problem with embedded systems), and well…hell. I’ll stop making excuses. I was bored and had another TP-Link router lying about for a bit of experimentation, and haven’t done much at-home tech mucking about for a good while.

OpenWRT, DD-WRT, and others are firmware replacements for domestic routers, born from the famous WRT54G having firmware developed from GPL code (and therefore being required to be made public). They offer more up-to-date software, more facilities, and, as is often the case with anything open-source, a price to pay for the power and tweakability.

As it was, my test router, a WR740N, was a breeze. Log in to the OEM interface, apply the file, job done: a nice web interface and a shell interface over SSH, and everything working. This made me brave, so on went the image to the 2543.

I didn’t brick it :-). In fact, all looked good. The wiki page for this device suggested no major problems, and it was all OK, until I came to connect to the Internet: I just couldn’t get the WAN interface to come up, and in fact, it had a MAC address of 00:00:00:00:00:00. In other words, no interface.

There follows an object lesson in open-source software. RTFM. However, TFM was a bit light for the 2543, so I had to think a little laterally- the experience with the 740 had suggested that the WAN port would appear as a seperate interface, but all I had was 2 sub-interfaces. Poking around the Wiki told me something I hadn’t realised: many of these devices are implemented in 3 blocks, the wifi, the CPU/Memory/Flash, and a single ethernet switch. The WAN interface is just a subinterface, with VLAN tagging to seperate the traffic, so setting up the switch like this:

Screenshot from 2016-09-06 20-48-04

(not sure why “enable VLAN functionality” being off has it working, but WTF)

and manually assigning the MAC (copied from the other router, to make switchover on Virgin Media easy) to the subinterface, and up it springs.

I’ve not yet got beyond configuring it to emulate what I was using the OEM firmware- just adding Dynamic DNS support- but quite apart from the fact it is supported, where the OEM firmware is ancient, the flexibility of hundreds of installable packages looks interesting, and according to the wiki, it will route traffic faster than OEM firmware. It certainly flatlines out the Virgin Media 100Mbit (ish) connection on a wired connection.

High Latency

Thursday, August 25th, 2016

I felt I needed to blog this just because it was so very odd, and there seems minimal documentation of it already on the web: an organisation I help to support has a good few Cisco 3550 switches- WS-C3550-24-EMI. They’re egtting on now, and are due for replacement (having done well, at about 13 years old).

Anyway, we’ve now had three of them fail- not while in use, but after a power failure.

Or so it seemed…

The unusual part of this is that they failed- completely dead, no lights, no fan, no anything, but left alone with power connected for some time (where “some time” could vary between 20 minutes and 3 hours), they would eventually start up and work as normal.

There’s little mention of this online- I could only find this old post, which suggests capacitor failure as a likely cause- a diagnosis I’d agree with. Taking one switch apart didn’t reveal any obvious failures, but that doesn’t mean there weren’t any, of course. As it is, the switches are on a maintanance contract and due for replacement- and the one I tool apart was a spare, so I doubt we’ll ever bother with them. PSUs sell for around a hundred euros or US dollars, and a whole switch can be had for less than that, so unless you have spare time, a bag of capacitors, and soldering skills, it probably isn’t worth it.


A different search found this article and this Cisco tech note.

This blog is protected by Spam Karma 2: 41098 Spams eaten and counting...