Author Archives: hpeyerl

Upverter … meh …

By hpeyerl January 6, 2017

Angus and I are working on a project together and he decided to try to do the PCB using Upverter. He’s had some limited success with it at one of his customer sites and as we all know, KiCad isn’t exactly the easiest tool in the bench…

I haven’t been interacting with the design much, mostly just hovering around and doing some schematic review.. Conceptually, the Upverter collaborative approach has potential but in practice, seems to mostly fall flat on its face. I’m not sure you can expect much more from something written in javascript and I’m surprised they got this far with it. Thus far I’m finding that it can grind Google Chrome to an absolutely stand-still on my brand-new MacbookPro to the point where my radioparadise stream has to rebuffer (and I have 175mbps link to the internets) and if you look at it wrong, it hangs the tab that it’s in.

Upverter might be an ok hobbyist tool but $100/month/seat, they’re dreaming. Maybe at $5.00/month for hobbyists but in no universe is any enterprise going to buy into this. I’ve spent time using Mentor Graphics which is an actual enterprise tool and Upverter is like comparing Sketchup to Autodesk Inventor.

In addition to instabilities, I haven’t quite figured out how to communicate with my collaborator(s) in Upverter and it would seem that there isn’t actually a way. That’s a very obvious omission for which there is a lot of precedent (google docs anyone?)… I want to highlight an area of the schematic and refer to it in a chat window… I feel kind of stupid because I can’t see how something like this isn’t prominent in the app but I just can’t find it.

The next major irritation is screen real-estate.. When I’m doing CAD, I want to see as much of my design as possible. I try to make toolbars go away but with the Upverter app running inside a browser tab, I lose a ton of screen real estate to the URL bar and the tab bar. Then inside the tab is the Upverter toolbar that also doesn’t appear to want to be hidden away in any fashion.

This is all just from browsing around. I haven’t even tried to design anything with it. It just reinforces my conclusion that online ‘software as a service’ type applications are a waste of time and I’m taking bets on just how long Upverter will be around. I certainly wouldn’t put any of my designs on there because I don’t see them being around in a year or maybe two at the most.

Modifying a Proxmox LXC container

By hpeyerl December 23, 2016

I was introduced to the awesomeness that is Proxmox VE and got down to convering my old virtual server to Proxmox VM’s… Along the way I decided some of my VM’s didn’t need to be VM’s but that LXC containers would be just fine. After making my second container, I got tired of running the same handful of commands (create a user account, git clone my dotfiles, install tmux, etc) so decided to investigate modifying the Ubuntu 16.04 template. This turns out to be very easy using ‘vzdump’.

So here’s another “memo to self”.

First build a container, set it up the way you want it, then use vzdump to create a tarball of it. Copy it to your templates directory and you’re done:

cd <container template dir>
vzdump -dumpdir . 102
gzip vzdump-lxc-102-2016_12_23-07_53_55.tar
mv vzdump-lxc-102-2016_12_23-07_53_55.tar.gz ubuntu-16.04-mpv_1604-1_amd64.tar.gz

NFS client mount within a Proxmox LXC container.

By hpeyerl December 23, 2016

Another “memo to self” …

[ Edit: minor change for Proxmox 5.x at bottom]

Having trouble doing an NFS mount from within a Proxmox LXC container? A google search took me here and it pretty much answers the question but doesn’t work with Proxmox 4.4-1. The error I was seeing after following the advice in the above was:

apparmor="STATUS" operation="profile_replace" profile="unconfined" name="lxc-container-default-cgns" pid=11339 comm="apparmor_parser"

So you also need to edit /etc/apparmod.d/lxc/lxc-container-default-cgns and make it look like so:

# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc

profile lxc-container-default-cgns flags=(attach_disconnected,mediate_deleted) {
 #include <abstractions/lxc/container-base>

# the container may never be allowed to mount devpts. If it does, it
 # will remount the host's devpts. We could allow it to do it with
 # the newinstance option (but, right now, we don't).
 deny mount fstype=devpts,
 mount fstype=nfs,
 mount fstype=cgroup -> /sys/fs/cgroup/**,
}

and then subsequently do:

service apparmor reload

Edit: On proxmox 5.2-1 the file is /etc/apparmor.d/lxc/lxc-default-cgns. The rest of the above is still correct.

Radon in our basement

By hpeyerl November 27, 2016

Some folks at work were talking about their radon detectors the other day. Since I’m a sucker for gathering data, I was curious and did some reading. I’m usually not one for crackpot science and ‘radon’ just sounds like it would fit right in.

The first link I get when I type “radon” into Google is the Health Canada website and the second is Wikipedia. Ok, maybe this isn’t so crackpot after all.

In short, radon is a colorless odorless gas. Why is it that everything that wants to kill us is either colorless and odorless or furry and brown? Radon is produced as a result of the decay of uranium which is in soil, rock and water. Normally it seeps out of the ground and dissipates in the air where it does us no real harm with a half-life of only 3.8 days (unlike furry brown things which don’t dissipate and have much longer half-lives). It can cause problems when it seeps out of the ground and is trapped, say, under the concrete slab in your basement looking for a way in. Once inside the living space of your home, when radon is inhaled, it breaks down further and emits an alpha particle, which I’ve read can strike a lung cell and cause cell death or worse, damage. If a cell is damaged in a particular way, it can cause cancer. As I am not a “nukular scientist” I won’t go into any more detail at the risk of confirming that I am a fool to those readers who already suspect it. Statistically, however, the data is clear: 16% of lung cancers in Canada are caused by radon, as compared with 83% caused by smoking (Health Canada).

If the radon is under the floor of your basement, how does it get into the house? Unfortunately, it’s a very sneaky gas. It can seep right through concrete but usually prefers to enter through cracks or the seams between your basement walls and floor; or any openings like those left for plumbing cleanouts. As many of you know, we spent about five years renovating our Bergen home which included sealing it from top to bottom and adding a heat exchanger to keep the air fresh while reducing the amount of lost energy. Normally when it’s cold outside and your furnace comes on to heat your cold toes, that warm air rises and looks to escape through your ceiling (stack effect)… Even the wind blowing on one side of your home can create a lower pressure area on the other side of your home pulling valuable warm air from inside the house. All of that escaping air creates a slight negative pressure in your home and must be replaced by air from elsewhere. Since most of our homes are relatively well sealed, that makeup air has to come from somewhere so it gets pulled from the under slab in your basement through the cracks and openings I mentioned above.

At first I thought I would measure the radon in our home. We have a heat recovery ventilator and I figured that since the air is being exchanged quite frequently, it would not be an issue. So I bought an electronic radon detector for about $250 and put it in the basement. There are a few different varieties of detectors. The less expensive ones are the type you put in your basement for three to six months and then mail away to a lab where they are analyzed and the results mailed back to you. These can be had for approximately $20 but I wanted something a little more interactive so I went with the electronic version that can give a very approximate number within 24 hours and more accurate data as time goes on.

In Canada, radon is measured using “becquerels per cubic meter”. The World Health Organization recommends a national guideline of 100 bq/m3. Health Canada has set our guideline at 200 bq/m3.

Within 24 hours, the first reading that came back from our detector was 446 bq/m3. Since this is a very rough number as a first reading, I decided to give it a week to get something closer to accurate. Well, seven days later, the reading was substantially higher: 1031 bq/m3.

1031

More than five times what Health Canada recommends as the upper limit, and more than ten times what the World Health Organization recommends.

I decided then that it was time to do something. My goal was to get our readings below 100 bq/m3. I read up on mitigation methods and it looked promising. The best way to mitigate the problem is before the house is built but obviously that’s not an option for us, so I had to look at a retrofit solution. It turns out the way this is done is by installing a fan outside the home (or in the attic) to suck air through a hole in the concrete slab and blow it up and away from the home. The theory is that the gravel underneath your basement floor is fairly porous, so even creating a negative pressure zone in one corner will eventually suck the radon from all over the slab. Normally a radon contractor will be happy to come into your home and install such a thing for $3000 or so. In our case, a plumber already left a convenient hole in our floor exposing the gravel at the bottom through which we were mining for radon.

img_20161113_093509

I knew that I could probably seal the hole and maybe reduce the radon levels a bit but I also suspect that it wouldn’t be significant enough given the various effects of air pressure during the heating months or windy months. I like to think I’m a fairly handy guy (how did Red Green put it? “If the women don’t find you handsome, at least let them find you handy!”), I decided the right thing to do was to follow the recommended mitigation method and install the fan. The fan itself was $300 plus another $100 in PVC pipes and fittings. The fan needs to be mounted outside of the living space. You don’t want it inside the living space because the other side of the fan is pushing high concentrations of radon gas and a small leak will have you back to mining for radon again. It took about 6 hours of work but I finally had the fan hooked up outside the house and powered it up for the first time. I reset the detector and waited.

24 hours later, the first reading came in. 38 bq/m3. I was cautiously optimistic. A week later, it read 2 bq/m3.

Now the drawbacks. The fan is fairly loud when it’s running; especially at the top of the 4″ PVC pipe that’s sticking up the side of the house. It’s also fairly ugly. While the fan is fairly energy efficient, it does consume 82 watts which is about $50/year in electricity.

Over the next year, I’m going to experiment by running the fan periodically. I’ll start with a 50% duty cycle and adjust up or down depending on the readings. Since the fan noise isn’t significant inside the house, I’ll start by running it primarily at night and less during the day. Ideally, I would have one of the very expensive detectors that can hook to a computer so I can add some more intelligent automation behind the process as is my nature. I suspect I’ll be able to get by with running the fan far less during the summer ‘window open’ months. Only the data will tell me.

Now back to figuring out what piece of technology will let me address the furry brown things.

socat on OS X – TCDRAIN returns Invalid Argument.

By hpeyerl June 26, 2016

When using socat, as installed by ‘brew install socat’ on OS X, you will likely get this error when trying to proxy a serial device to another host via TCP:

TCSADRAIN, 0x7fffffffe148):Invalid argument

This is because OS X uses the FreeBSD termios interface and the bug is explained here:

https://lists.freebsd.org/pipermail/freebsd-ports-bugs/2015-March/304366.html

This is the patch you want to apply to ‘socat’:

https://bz-attachments.freebsd.org/attachment.cgi?id=154044

Unfortunately, ‘brew install socat’ just gives you someone else’s precompiled binary and you want to retrieve the source so you can apply the above patch.

Do it like so:

cd `brew --cache`
brew unpack socat
cd socat-1.7.3.1
curl https://bz-attachments.freebsd.org/attachment.cgi?id=154044 > patch
patch < patch
./configure
make
make install

pfSense openvpn client to generic openvpn server in bridge mode

By hpeyerl May 27, 2016

This should really go into the ‘memo to self’ category but I don’t have one. Regardless…

I have an Ubuntu VM running OpenVPN in Bridge mode (tap). I wanted to bridge my cottage network to my home network using pfSense out at the cottage. In the process of making this work, a fair amount of googling was involved so I decided to aggregate all of the information in one place in case I ever needed to reproduce it. Friend Kurt was running up against some of the same issues.

First, make sure your OpenVPN server is working and that you have the following client specific files available (filenames will likely vary):

site.ovpn
ca.crt
ta.key
client.crt
client.key

On the server, I had to make some minor changes to make everything work:

If you can ping client->server but the connection hangs when you try to edit a file or view a web-page

mssfix 142
fragment 1200

If on the client, you see “OpenVPN Bad LZO decompression header byte:”? I had to comment out “comp-lzo” on the server… This seems bogus but it made it work. Need to investigate this later.

The client says “Authenticate/Decrypt packet error: cipher final failed”, the issue is the cipher being used. The default on the server was “BF-CBC” but the pfSense default was “AES-128-CBC”. Change the pfSense to “BF-CBC” and you’re good to go.

The general procedure for making this work in pfSense is the following:

Go to System->Cert. Manager and add your server’s “ca.crt” to Certificate Authorities. Give it a descriptive name.
Then go to System->Cert. Manager->certificates and add your client.crt and client.key. Give it a descriptive name as well. Ensure you do this after you’ve added ca.crt so that when you add this certificate, it will reference the above ca.crt.
Go to VPN->OpenVPN->Client and click ‘Add’
mssfix 142
fragment 1200

The final note I’d like to add is one about IP addresses. When you set your ‘server-bridge’ parameter on the server’s VPN config, you assign a pool of IP addresses that are not in your dhcp server’s range. By default, the IP addresses assigned are specific to the client certificate. So if you find your clients are all getting the same IP address, it is because they each need a unique client certificate. You can override this behavior using the ‘duplicate-cn’ directive in your server’s config file. It’s generally not a good idea though so you should just create unique client certificates.

Zoro Canada – a company that doesn’t “get” e-commerce…

By hpeyerl March 19, 2016

To me, a company that “gets” e-commerce is one that sends you an order confirmation, and then provides a decent interface to track your order. Your order is fulfilled quickly, as in the same or next day. The package is shipped the next day at the latest (barring an item that needs to be manufactured first, and that should be stated clearly before accepting the order)… Also, shipping cost is reasonable. Handling should be part of the price.

Digikey.ca is such a company. Recently, and on two separate occasions, I placed an order after 6PM. I received a FedEx tracking number within 2 hours. The package was at my door 14 hours later (North Dakota to Calgary, Canada) Shipping was $8.00. Simply amazing. You’d never buy parts from Digikey for a mass produced item, but for the home DIYer, it’s an awesome service.

Contrast ZoroCanada against Digikey. I placed an order on March 8th. By March 12th, the status on their useless web interface said “Pending Fulfillment”. When I called, I was told the package was being shipped from their warehouse to their fulfillment center via UPS at which point it would be given to DHL and I would receive it within 48 hours. By March 14th, I received a DHL tracking number. However, the tracking number was essentially that a Waybill had been created but the package had not actually been picked up because, presumably, ZoroCanada hadn’t actually called DHL. March 16th, the DHL tracking number indicated movement. Unfortunately, what happened next was quite surprising. March 18th, I receive a Canada Post tracking number. DHL handed off the parcel to Canada Post at the border and as of March 19th, Canada Post tells me the parcel will be delivered on March 22nd. Shipping cost was $55.00. Now I understand why shipping was so expensive. They had to pay 3 separate carriers! The contents of this package were needed by me before today.

Don’t order from ZoroCanada

iterm2 arrow keys not working in cursor application mode

By hpeyerl February 3, 2016

(TL;DR at the bottom)

This is one of those things that irritated me for ages. I generally don’t use arrow/home/end keys for anything except when I run (rarely) certain applications like ‘make menuconfig’ where I’m forced to navigate using arrow keys.

For the longest time, the arrow keys didn’t work on iterm2 in certain applications. After digging in, I discovered the problem.

Ages ago, I started using OS-X, but terminal.app sucked so I installed iterm. Then iterm2 came out and I upgraded. Sometime thereafter I discovered the arrow keys didn’t work. This morning, I decided enough was enough and I got to the bottom of it. One of the answers on this question posted a handy little script to test whether the keys work in cursor application mode:

sh -c "$(cat <<\EOF
noecho_appmode() {
  stty -echo
  printf '\033[?1h'
}
modes="$(stty -g)"
restore_echo_and_appmode() {
  stty "$modes"
  printf '\033[?1l'
}
printf '\nType <Up> <Down> <Right> <Left> <Control-D> <Control-D>\n'
printf '(no output until after the first <Control-D>, please type "blindly")\n\t'
noecho_appmode             ; trap 'restore_echo_and_appmode' 0
cat -v
restore_echo_and_appmode   ; trap ''                         0
printf '\nExpected:\n\t'
printf 'kcu%c1\n' u d f b | /usr/bin/tput -S | cat -v
printf '\n\n'
EOF
)"

This told me that iterm2 wasn’t working correctly. But it obviously works for many other people.

TL;DR:

When I upgraded from iterm to iterm2, my settings survived and Preferences->Profiles->Keys (NOT Preferences->Keys) contained overrides for the arrow keys and home/end. Once I loaded a Preset for “xterm default”, exited iterm2 and restarted it, arrow keys worked fine.

Delightful find!

By hpeyerl January 21, 2016

Friend Mike sent along this Hackaday link on reverse engineering of some cheap chinese digital radio. Since I dabble in digital radios at work it was of particular interest. That article led me to downloading an issue of PoCk||GTFO which I had never encountered before. A publication dedicated to reverse engineering or a glimpse into what the infinite monkeys are up to. The writing is curiously delightful, most especially in the article on hacking a digital pregnancy test, e.g,

You can either look up the battery type to confirm it’s 3V, or just read the CE-mark label on the outside of the DPT that lists the part number, lot data, confirmation that this test is made by SPD GmbH out of Geneva, Switzerland (made in China), and that the test runs on 3V DC. Safety first, kids.

I spent my ‘hack time’ this morning reading this. [Aside: Usually I don’t allow myself the pleasure of ‘reading the internets’ in the mornings since I am smartest at 5AM and then become progressively more stupid as the day goes on. By 21:30, I’m a drooling sack of meat barely capable of walking up the stairs to bed. So I want to use my smart time for haxx0ring before I have to put it all down and head to work.]

Some christmas leds

By hpeyerl December 1, 2015

Working on a sort of secret-santa gift for members of my truck club, I decided to do something with the WS2812B RGB LED’s. There’s a metric buttload of blog articles about these so I thought I would try to add something.

From what I can see, people are spending a lot of time dealing with timing. Nodemcu can do it but not if WIFI is enabled; or at least reliably anyway.. Since I’d had some success with the hardware SPI on the ESP8266 talking to a thermocouple amplifier, I thought I would try to get the SPI hardware to do my bitbanging for me. Turns out it’s actually quite trivial and ‘just worked’. Thanks to Joost Damad for the pattern which saved me the effort of figuring it out myself. Isn’t the internet amazing? Whenever you get a bright idea, turns out someone’s already done it.

First initialize the hardware SPI interface per David Ogilvy’s blog:

bool
ICACHE_FLASH_ATTR
ws2812b_init(void)
{
        if (initialized || sysCfg.board_id != BOARD_ID_PHROB_WS2812B)
                return true;
        spi_init_gpio(SPI_DEV, SPI_CLK_USE_DIV);
        spi_clock(SPI_DEV, SPI_CLK_PREDIV, SPI_CLK_CNTDIV);
        spi_tx_byte_order(SPI_DEV, SPI_BYTE_ORDER_HIGH_TO_LOW);
        spi_rx_byte_order(SPI_DEV, SPI_BYTE_ORDER_HIGH_TO_LOW);
        SET_PERI_REG_MASK(SPI_USER(SPI_DEV), SPI_CS_SETUP|SPI_CS_HOLD);
        CLEAR_PERI_REG_MASK(SPI_USER(SPI_DEV), SPI_FLASH_MODE);
        initialized = 1;
        pcfg.stringlen = 16;
        pcfg.ms_delay = 500;
        os_timer_setfn(&PatternTimer, PatternTimerHandler, NULL);
        return true;
}

Then simply load the bit in question into the SPI data register:

ws2812b_send_zero(void)
{

        int xtemp;
        xtemp = spi_transaction(1, 8, 0x80, 0, 0, 0, 0, 0, 0);
}

ws2812b_send_one(void)
{
        int xtemp;
        xtemp = spi_transaction(1, 8, 0xe0, 0, 0, 0, 0, 0, 0);
}

and that’s it. To send an RGB sequence for a single LED:

static inline void
ws2812b_send_color(uint8_t c)
{
        uint8_t bit=0x80;
        while(bit) {
                if (c&bit)
                        ws2812b_send_one();
                else
                        ws2812b_send_zero();
                bit>>=1;
        }
}

void
ws2812b_send_rgb(uint8_t r, uint8_t g, uint8_t b)
{
        ws2812b_send_color(g);
        ws2812b_send_color(r);
        ws2812b_send_color(b);
}

I haven’t really put any effort into optimizing this. I suppose it might be possible to pre-generate a pattern and blow the whole thing out the SPI but I wasn’t in the mood. What I’ve got works fairly well.

Here it is in action

Code is available here