Archive for the 'Technology' Category

Free the Meraki

Wednesday, February 22nd, 2017

So, around 3 years ago, we had some Meraki access points at work. I was pretty keen on the tech, but less so on the licence model, where you pay the going rate for an access point, and then have to pay for a licence to use it, or it becomes useless, because it will only work if connected to Meraki’s cloud managment.

This is no longer true, and became untrue a while ago, and as the Meraki APs we had have come due for renewal, and have been replaced, I had one thrown in my direction.

A bit of searching threw up a few pages suggesting OpenWRT will work just fine, with a couple of caveats about the difficulty of rooting the device to gain enough access to overwrite the Meraki firmware: they’d really rather not let you do this- they give away sample access points, so maintaining their licence model is the way they make money.

Anyway, I already had a CP2102 USB-Serial (TTL level) converter I’d bought to have a play with one of those dodgy webcams, so I bought a PSU from Ebay, and got out the soldering iron, PuTTY, and an ethernet crossover cable.

The basic instructions are here, but to get root, I had to follow the procedure here, and indeed root the standard firmware (to get a reboot command, as my AP would not boot properly with the UART connected to the laptop).

The first challenge was getting the UART cabled correctly: the phrase

an UART adapter wired to the MR18 (speed is 115200). Pinout (left to right): VCC/RX/TX/GND

was misleading for me: first of all, that is corrrect if you hold the AP with the connector at the top like in this picture, and secondly, the RX/TX desgnation refers to which pins you need to connect from the CP2102, rather than their function on the AP, so I had some fun getting the UART cabled.

The second, but not hard, challenge was installing a web server, and realising that openwrt-ar71xx-nand-mr18-initramfs.bin had changed name to openwrt-ar71xx-nand-mr18-initramfs-kernel.bin in a later version.

The third challange was that the AP got stuck in a boot loop from cold with the UART connected, though a warm boot was fine. That wasn’t a problem for the initial rooting (where you hold down “S”), as there’s enough time during the boot cycle after powering up the AP, but when it came to booting the OpenWRT image, I couldn’t hit “2” in time: I resolved this by rooting the Meraki firmware to get a reboot command, then hitting “2”.

With those out the way, it was as simple as setting an appropriate fixed IP on the laptop, connecting the ethernet crossover, logging in to the newly booted image’s LUCI interface, and applying the full firmware image, which erases the Meraki firmware once and for all, and you have a free MR18 🙂

Open the Box

Thursday, January 12th, 2017

Andy presented me with an interesting challenge:

Your mission, should you decide to accept it, is to get Linux on this accursed box.

The accursed box was a Sumvision Cyclone Mini PC: an Intel Atom SoC based PC, in a nice little box about the size of a domestic router. It has been quite popular for a Windows Media playerbox, with wireless built in, and a HDMI-out, but this one was hopefully destined for more geeky things: an easily deployable network monitor, so first thing is Linux.

Apparently others had given up in frustration, and powering it up gave me a particularly unfriendly UEFI shell that didn’t have a scroll-lock, so you couldn’t see the available commands. Nice. I found a way into the BIOS-style setup, and checked all the obvious things; secure boot disabled, clear the secure boot keys, etc. What was notably odd was a OS/BOM seletion screen (that is their typo, not mine) that was set to Windows 8, and all greyed out, and no CSM (or Legacy) boot modes.

Make Tech Difficult

Monday, December 12th, 2016

One of the things non-techies hate about tech is the complexity of setting some things up, and the rise of IoT, and the ubiquity of smartphones and home broadband has meant that our homes have more and more tech, and that tech is expected to talk to the cloud, and perhaps talk back.

Manually configuring this gear can be a bit tricky, so there’s a bunch of things making it easier. Your ISP may well provide a router, with default passwords. IP cameras will “phone home” to the manufacturer’s site to register themselves, so you don’t have to manually set up dynamic DNS. That router from your ISP will probably use UPnP so it can open ports for the camera and any other devices. Things like Nest or Hive bypass that by depending on a server in the cloud on someone else’s computer to make the connection.

All nice so far. Even better, these things are putting my favourite OS, Linux out there. As Linux is free, and powerful, and efficient on the low-power chips in these devices, it gets used a lot.

You’d think I’d be pleased.

But there’s a problem. Lots of these devices have poorly implemented security. Others depend on a hosted service, so if someone decides to stop supporting it, or indeed changes the API you have an expensive paperweight.

The Mirai attacks first turned IP cameras into a huge botnet, and now malware has got its hands on routers: the very device you expect to secure your home network, and let’s not forget that if your IP camera (inside your firewall/router) is compromised, it could be used as a tool to attack your PC, and the router will happily help out by opening ports for it: many cameras have poor web interfaces and hardcoded “root” passwords (I have one myself with a password of “123456”)

I realise I’m sounding a little like a luddite here; or perhaps the techie complaining about tech doing stuff itself and therefore meaning people need fewer techies, but here’s the rub: the more of this stuff that gets out there, the bigger the attack surface, the bigger the gain, and the bigger the effect on everyone. So, a little advice:

1. Think if you really need that IoT device.
2. Change default passwords.
3. Consider tossing your ISP-supplied router. It’s probably shit anyway. Turn off UPnP, even if that means you have to get help opening and forwarding ports. There’s a fucking good reason a firewall closes ports, so why bypass that?
4. Consider not buying the very cheapest IP cam like mine 🙂
5. If you invest in cloud-connected devices, entertain the fact that you just lost control of them.
6. If there’s updated firmware, use it.
7. Linux does not mean secure. The kernel itself probably is, but a lot of embedded devices are poorly secured.


Wednesday, September 14th, 2016

The things you do on a rainy Saturday when you really shouldn’t just go to the pub…

I’ve had a TP-Link WR-2543 router for some time now, since I discovered the Cisco I had before was effectively throttling my connection. For the cost (some time ago), it’s a pretty good device- but it’s getting on, the firmware’s no longer updated (a continual problem with embedded systems), and well…hell. I’ll stop making excuses. I was bored and had another TP-Link router lying about for a bit of experimentation, and haven’t done much at-home tech mucking about for a good while.

OpenWRT, DD-WRT, and others are firmware replacements for domestic routers, born from the famous WRT54G having firmware developed from GPL code (and therefore being required to be made public). They offer more up-to-date software, more facilities, and, as is often the case with anything open-source, a price to pay for the power and tweakability.

As it was, my test router, a WR740N, was a breeze. Log in to the OEM interface, apply the file, job done: a nice web interface and a shell interface over SSH, and everything working. This made me brave, so on went the image to the 2543.

I didn’t brick it :-). In fact, all looked good. The wiki page for this device suggested no major problems, and it was all OK, until I came to connect to the Internet: I just couldn’t get the WAN interface to come up, and in fact, it had a MAC address of 00:00:00:00:00:00. In other words, no interface.

There follows an object lesson in open-source software. RTFM. However, TFM was a bit light for the 2543, so I had to think a little laterally- the experience with the 740 had suggested that the WAN port would appear as a seperate interface, but all I had was 2 sub-interfaces. Poking around the Wiki told me something I hadn’t realised: many of these devices are implemented in 3 blocks, the wifi, the CPU/Memory/Flash, and a single ethernet switch. The WAN interface is just a subinterface, with VLAN tagging to seperate the traffic, so setting up the switch like this:

Screenshot from 2016-09-06 20-48-04

(not sure why “enable VLAN functionality” being off has it working, but WTF)

and manually assigning the MAC (copied from the other router, to make switchover on Virgin Media easy) to the subinterface, and up it springs.

I’ve not yet got beyond configuring it to emulate what I was using the OEM firmware- just adding Dynamic DNS support- but quite apart from the fact it is supported, where the OEM firmware is ancient, the flexibility of hundreds of installable packages looks interesting, and according to the wiki, it will route traffic faster than OEM firmware. It certainly flatlines out the Virgin Media 100Mbit (ish) connection on a wired connection.

High Latency

Thursday, August 25th, 2016

I felt I needed to blog this just because it was so very odd, and there seems minimal documentation of it already on the web: an organisation I help to support has a good few Cisco 3550 switches- WS-C3550-24-EMI. They’re egtting on now, and are due for replacement (having done well, at about 13 years old).

Anyway, we’ve now had three of them fail- not while in use, but after a power failure.

Or so it seemed…

The unusual part of this is that they failed- completely dead, no lights, no fan, no anything, but left alone with power connected for some time (where “some time” could vary between 20 minutes and 3 hours), they would eventually start up and work as normal.

There’s little mention of this online- I could only find this old post, which suggests capacitor failure as a likely cause- a diagnosis I’d agree with. Taking one switch apart didn’t reveal any obvious failures, but that doesn’t mean there weren’t any, of course. As it is, the switches are on a maintanance contract and due for replacement- and the one I tool apart was a spare, so I doubt we’ll ever bother with them. PSUs sell for around a hundred euros or US dollars, and a whole switch can be had for less than that, so unless you have spare time, a bag of capacitors, and soldering skills, it probably isn’t worth it.


A different search found this article and this Cisco tech note.

A long, slow death…

Friday, April 15th, 2016

..and a very welcome one.

The Telegraph is reporting that Phorm, everyone’s favourite privacy-invading, ad-serving shitfest has finally died. If you don’t remember it, there’s some old posts here:

Phorm Dumped

Moron Phorm

A Phorm of Intrusion

Sadly, some of the links don’t work anymore, as it seems even if I now post infrequently, I am at least here for the log run, unlike some other blogs…

Hell, their comms team seemed nice, back in 2008. Now where did I put the words tiniest violin?

Self Serving

Wednesday, March 23rd, 2016

Is it a necessity that if you design a self-service till for a shop, that you must fuck up the UI so badly that it’s totally unusable?

I’m a techy. I love shopping online, I hate supermarket queues, and I’m not yet old enough to look forward to a chat with the cashier, so you’d think I’d love them.

I probably would, were they not so shit.

First, they’re all touch-screen. Industrial touch screens are shit. Laggy, no haptic feedback, imprecise- so unlike the touch-screen on your phone or tablet. Add to this that they’re usually a lousy bit of software- slow and laggy- and then a bit of ambiguous wording, and the fact that you want the till to verify all the items (and the correct items) are being scanned and bagged, and you have a big, big, fail.

I’ve used 2 recently. 1 in a WH Smith at the QE hospital, and one in a convenience (oh the irony) store in Birmingham’s New St. The WH Smith one, to be fair, asks sensible questions (did you use a bag (or not need to), did you take one of our bags), but it’s still laggy, but by the second time you use it you learn the shitness of the UI and compensate.

The one on New St today was awful, however: the touchscreen worse than normal, it was slow, and it starts with the question “Own Bag?”. This is ambiguous. What it wants you to do here is say yes if you have a bag you want to put on the scale it uses to sense what is being scanned, and no if you don’t, and that scale is directly behind the handy-looking platform you assume is to put a bag on.

Having crossed that bridge with the help of the bloke that could have just taken the 70p for the bottled water I bought, I then encountered the coin mechanism; a mini conveyor belt that takes several seconds to swallow a pound coin (and yes, the WH Smith one does this better, but not well), and longer again to deliver my change. A bloke at a till would do it in a quarter of the time.

Am I alone in this? I happily use pay-at-pump fuel pumps, ticket machines in car parks or rail stations, and vending machines. There’s just something awful about supermarket self-service tills that makes me want to avoid them.

Someone must have costed this out, and decided that the combination of having a member of staff to help people work the tills, and the losses from intentional or deliberate mis-scans is cheaper than staffing tills, presumably, but at least could they be made to work?

All your files are exactly where you left them

Wednesday, January 13th, 2016

The title of this post comes from a Windows message displayed during a update to Microsoft Windows 10. At the time @theardvaark posted this tweet voicing his distrust of the statement, I muttered to myself “Don’t be soft. Why on earth would a simple windows update move them?

Despite now having worked with the Evil Empire’s products for something like 27 years, and so being used to useless error messages (“An unexpected error has occurred”, for example) and being downright lied to (any message produced by Internet Explorer), I still get caught out at times, and one such thing gave me a nasty shock the other day.

School of Hard NOx

Wednesday, September 23rd, 2015

Oh dear, VAG seem to have cocked up, huh?

The fact that the EPA in the US caught them gaming the system with emission testing is interesting, and given that they face a huge fine, and the CEO Martin Winterkorn, having recently ousted Ferdinand Piech from his role, has now resigned.

I’m more interested in the tech. Simplified, it all hinges on EGR. It’s a common trick to disable EGR in a tuned diesel- in many ways it’s a huge pain in the arse, reducing efficiency, and therefore power and economy, and being prone to clogging up intakes, so with an EGR delete, your diesel will do better MPG, perform better, and not get so claggy. Also, as a diesel runs with excess air, if you don’t run EGR, you produce less particulates (soot), which is good.

The disadvantage comes with NOx production. No EGR means more NOx, which is one form of pollution generated by internal combustion engines, with health and environmental impact. This, and other pollutants, are regulated by EU Directives in Europe, and the EPA in the states, and cars that do not meet the standards cannot be sold new.

So, there’s a balancing act: try to keep particulates down, power and MPG up, but don’t create too much NOx.

Some diesels do this with AdBlue, but VAG have claimed to be able to meet the latest standards without the extra complication, cost, and space of the kit needed to inject it, managing with just a DPF. Nice trick.

Trick would seem to be the operative word, and you have to admire it. We’ve seen how networked cars are now, and that meant a clever algorithm was able to detect when the car was on a rolling-road being emmission-tested, and crank up the EGR, lovering the NOx output. On the road, EGR is reduced, so up goes the power and MPG. WIN!

How the conversation at Wolfsburg may have gone. From CommitStrip, click for original.

How the conversation at Wolfsburg may have gone. From CommitStrip, click for original.

Trouble is, that’s specifically not allowed by the EPA (PDF, 2.35MB), leaving VAG with a big headache stateside.

This does set me thinking if the diesel car boom could be ending: in particular, the UK’s CO-based taxation favours diesels, but as the amount of emissions gear required to meet the regulatory standards increases, the performance of the engines comes down and the complexity increases, and so therefore does cost. In one way, VAG’s (rather elegant) trick was actually good for the consumer, reducing costs and increasing performance, while seeming to meet all required standards. In another, it’s a cynical attempt to evade emissions law, risk public health, and increase profit. For sure, the fix is going to be painful for both VAG and its customers in the US: it remains to be seen if they have a problem in Europe too.

The root of the problem

Sunday, August 23rd, 2015

The other day, I did something a bit unwise, and power-cycled my Volumio music player, and it failed to return to life. Eventually I got it hooked up to a TV to see what was wrong, and predictably:

Give root password for maintenance (or press Control-D to continue)

Unix and Unix-like systems don’t like having their power shut off without a clean shutdown, and the Raspberry Pi seems particularly prone to corrupting the root filesystem given a bit of provocation.

Now, generally, using fsck is like using chkdsk on Windows. It might fix things, or it might break them more. Not a big issue with what is quite a small image on an SD card, so breaking out dd soon should fix that: the music is on an external drive, and there’s very little config to do.

Except it didn’t. I wrote the image, and tried again. Many times, with new SD cards, even with a USB-microSD adaptor in case the laptop I was using had a duff SD slot, and also tried my other Raspberry Pi. each time, it failed. After much fscking about (literally) I realised the one thing I hadn’t changed. A Raspberry Pi runs off a micro-USB phone charger, and instead of the usual, decent quality one I used where the Pi is installed, I used a cheap nasty one that was handy. Evidently it wasn’t stable enough.

With it booting correctly and back in place, back to the music, and I’ve just discovered another great thing. As Volumio is based on MPD, you can either use the (very nice) web interface built-in, or connect a client like Cantata:

Cantata's interface- plays the music, gives info.

Cantata’s interface- plays the music, gives info.

or one of the multitude of others,and control from a phone, tablet, or PC.

I can’t help but wonder how many commercial jukeboxes are using this stuff in the backend…

This blog is protected by Spam Karma 2: 40934 Spams eaten and counting...