Hangsun S80 Lamp

I purchased one of these lamps in 2016.  Below details my findings and some help to others (maybe).

The product is not good at all – indeed if returning it were a practical option I would – but because I live down-under, shipping costs make this prohibitive – so I’ve tried to make the best I can.

Problems I encountered –

I could not download the Android App, no matter how hard I tried – I assume this is because of country restrictions set by the developer.   Luckily, I reached out to them, and they responded, and they responded with a QR code to download the app (not sure if this is a different one to the one on the base of the unit and manual, or if they updated there permissions), but here it is:

QR Code

This app seems to work a lot better then the IPad app I previously needed to use – specifically it fixes a bug where you could not set maximum brightness on the lamp, and has a cleaner interface.

The display

The display on the unit is backlit – and the backlighting only comes on when you are interacting with it – it is also blindingly bright white light – particularly in a dark room.   This means that you can’t simply look over at the clock to see its 3am.    I greatly greatly reduced this issue by adding a small red LED to the back-light (in conjunction with a 150 ohm resistor, which I attached to the top and bottom pins of the conveniently located CON6 connector to the left of the display board).   This allows me to read the light without having to turn it off.    Next time I open the unit, I intend to disconnect one of the 2 white LEDs which power the backlighting.  (Its not possible to simply replace one of these with a red LED, as they are merged into the display).

The hardware

Although very, very let down by the software, the hardware appears to be OK – although it is all plastic.  The design appears to be modular and thus somewhat hackable.

One confusing and disappointing thing though is the maximum lamp voltage is supposedly 6 watts (according to the package this is the size of the replacement lamp, and according to an email from them this is the maximum size).   The problem with this theory is that the lamp included is a 7 watt warm white dimmable LED.    While more-or-less adequate, its not fantastic, and certainly not as good as my previous jerry-rigged system which used the equivalent of a 100 watt CFL bright white light.

Other notes and letdowns

The promotional video seems to imply you can program a significant number of on-off events – this is incorrect – you are limited to a maximum of 2 events.  You can not specify which days, although you can turn the alarm on and off manually – this is nowhere near as convenient as a 7 day timer for example.

You can’t have the light come on  without an alarm – the alarm level can be set to low, but not off.  This is irritating.  I intend to install a switch so I can disconnect the speaker.

The light seems to turn on at random times – but without sound.  Interestingly this has stopped after I unplugged the unit for an extended period out of frustration of it coming on in the middle of the night.

On my unit, you can’t output sound over Bluetooth to the device.  (You are supposed to be able to do this according to the manual).  Not sure why this is, the unit is paired, just no sound output, regardless of volume!

The amazon  account has a number of 5 star reviews – if you look at the reviewers though, they are all (as of the time of this post) shills, having all posted exactly 2 reviews on the same 2 products.   The other reviews stand at 1 – except for mine, which I need to upgrade to 2 (I’m doing  that as part of a deal I’ve done with them to get the QR code and confirmation of the maximum wattage – and to be honest, the unit is kinda useable)

Samsung 840 EVO Geometry

I recently had a need to upgrade a 500 gig (raided) hard drive to an SSD.   I noted that the standard geometry for a 500 gig hard drive presents as 500.1 gigs, while the data sheet for the Samsung 840 EVO MZ-7TE500BW SSD claims to be fractionally smaller on the detailed spec sheets I found.

Happily this is not the case, and it shares the same size as most 500 gig hard drives, ie RawCHS=16383/16/63

Swap and Encfs mounting on Startup in Ubuntu

I use Ubuntu 14.04 on my laptop and I have a somewhat unique setup, whereby I use DRBD and encfs to mirror and secure my data as I understand that when SSD drives fail they tend to do so catastrophically and without warning.   I thus have a rather complex boot process.

I spent the morning tidying up the boot process so it looks professional (* which is not to say that this is the professional or best way to do it – but it works)

I discovered there is a dearth of information on the kinds of things I want to do, but needed to become familiar with the following –

Plymouth – The fancy boot screen that Ubuntu throws up when it boots – thats run by plymouthd. It is possible to interact with plymouthd by using plymouth.  Your mileage may vary, but i discovered that when plymouthd is running it has a pid file in /dev/.initramfs/plymouth.pid – so by checking for that file I can request the passphrase using plymouth or a command prompt as appropriate.

encfs – Using the -S switch allows the command prompt to be read from stdin. rc.local – I run this entire script from rc.local – because its easy enough to do, and happens automatically and before plymouth exits.

The script is as follows:

#! /bin/bash
ifconfig eth0 my.internal.ip
/etc/init.d/drbd start
/bin/mount /dev/drbd0 /media/drbd0

if [ -f "/dev/.initramfs/plymouth.pid" ]
then
        /bin/plymouth ask-for-password --prompt "Passphrase: " | /usr/bin/encfs /media/drbd0/ /data/ssd --public -S -o nonempty
else
        /usr/bin/encfs /media/drbd0/ /data/ssd --public -o nonempty
fi

while [ $? -ne 0 ]
do
        if [ -f "/dev/.initramfs/plymouth.pid" ]
        then
                /bin/plymouth ask-for-password --prompt "Passphrase was not accepted.  Please enter Passphrase: " | /usr/bin/encfs /media/drbd0/ /data/ssd --public -S -o nonempty
        else
                echo "Incorrect Password"
                /usr/bin/encfs /media/drbd0/ /data/ssd --public -o nonempty
        fi
done

# We have all sorts of problems if /tmp is not mounted before X
# but we want to ensure its encrypted !!

#echo "Note: We destroy /tmp on restart as good Linux systems do, but "
#echo "there is a backup of the last boot at /data/ssd/tmp-old"

echo "Stopping services that need /tmp or a network and fixing these"
/etc/init.d/openvpn stop
/etc/init.d/ssh stop

rm -r /data/ssd/tmp-old
mv /data/ssd/tmp /data/ssd/tmp-old
mkdir /data/ssd/tmp
chmod 777 /data/ssd/tmp
rm -r /tmp
ln -s /data/ssd/tmp /tmp

dhclient eth0 &

echo "Restarting services that need /tmp  or a network"
/etc/init.d/ssh start
/etc/init.d/openvpn start

/usr/sbin/lxdm

In addition I did the following:

Stopped display managers from starting under system control on boot. This is a bit weird because they exist in /etc/init, rather then /etc/init.d where I would have expected. Anyway, I moved gdm.conf, lightdm.conf and lxdm.conf out of /etc/init (and into a new directory called /etc/notinit which I created).

I also took steps to encrypt the swap space on startup.  This does not appear to be well documented, but is quite easy.  Simply make the following modifications to

/etc/crypttab  (Create it if it does not exist)

swap /dev/mapper/ubuntu--vg-swap_1	/dev/urandom swap,cipher=aes-cbc-essiv:sha256

This line creates “/dev/mapper/swap” using the backing device “/dev/mapper/ubuntu–vg-swap_1”, along with a random password it creates on the fly

and /etc/fstab

/dev/mapper/swap none            swap    sw              0       0

Which mounts /dev/mapper/swap  (Remember to comment out the old swap)

If you look through my rc.local script, you will see I jump through all kinds of hoops to move /tmp into encrypted space after startup.  An easy alternative might be to do something similar for /tmp as I did for /swap above – the downside being that it requires a fixed amount of diskspace which is carved out of my ssd.

Its worth noting that all sorts of wonderfully weird and non-obvious failures occur if /tmp is not mounted and readable by all (including X window managers crashing and issues with sound).  /tmp really needs to be useable BEFORE X is loaded.

 

BD-F6500 region free upgrade – Firmware 1010 / 1017 note

In case anyone has the same issue –

A few months ago I purchased a SamsungBD-F6500 from Noel Leemings (A whiteware retailer in New Zealand).   A few days ago, we purchased some DVDs which were “region 2” and would not play on our NZ/AU – region 4 player(s).

I attempted to region unlock the DVD using the method on the Internet, ie Start the DVD player, open and close [empty] dvd drive, press repeat, enter in “7 6 8 8 4“, then “9” for region free.   This failed to work a number of times.

With nothing to loose I upgraded the firmware to 1017, and was able to unlock the drive using the above process without issue on the first attempt.

(Of-course, friends who download their content using filesharing networks don’t have these issues – and the media industry wonder why movie piracy is so common ?)

nn1

Adding Perfect Forward Secrecy to OpenVPN

Perfect Forward Secrecy is a methodology applied to encryption to frustrate the decoding of traffic captured and stored prior to the discovery of the secret key by an adverse party.  This is done by generating a new random key every time data is transmitted.

Enabling this in OpenVPN is quite easy, but does not appear to be well documented.  The steps to do this are:

Create a common private key, eg

openvpn --genkey --secret /path/to/store/pfs.key

Securely distribute this key to each OpenVPN client, then add the following to the server

tls-server
tls-auth /path/to/store/pfs.key 0

and this to each client

tls-client
tls-auth /path/to/store/pfs.key 1

 

It is also possible to embed the tls-auth certificate in the configuration file itself. To do this
open a <tls-auth> tag, embed the key and add a closing tag. Then add another directive key-direction X, where X is 0 for the server or
1 for the client (ie the same as the second argument on the tls-auth line when using a certificate file.

So the appropriate snipped would look something like:

#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-------
.
.
-----END OpenVPN Static key V1-------

Windscreen Flyer Solution

I am one of those people who get irritated when I come to my car and find a flyer has been stuck under the windscreen. I discovered a (at least partial) solution to the problem – one which is so obvious I wonder why I have not heard of it before.   (That I have been dealing with some frustrating spam related issues probably helped focus my mind)

I was recently at a favorite watering hole one evening, and had parked my car in a public car park. When I returned to my vehicle I noticed a local restaurant had placed a flyer under my windscreen. (I was, of-course, aware of the restaurant – it was within 200 meters of where I parked).

As I was inconvenienced to get out of my car to remove the flyer the solution was obvious. Armed with a few sweet wrappers and the flyer, I walked in to the restaurant, caught a waiters attention and sprinkled my advertising for the sweets (and their flyer) while protesting the placement of litter on my car, across an unoccupied table at the restaurant before leaving. From the deeply satisfying protestations I heard as I exited, I believe I made my point.

In hind site, I could have done this a little better. Looking back, I realize I should have torn the flier into small pieces and scattered that instead of depositing my own “sweet advertisement”. Of-course, in addition to the Litter act of 1979 (*assuming the flyer or “sweet advertisement” can be defined as litter), Auckland Council also has a bylaw – preventing the placement of flyers on cars.  You can find it here – the key is the definition of poster “means a temporary sign of 1.5 square meter or less, including a placard, leaflet, flyer or communication device of a like nature, which is directly affixed (without the need for a supporting structure) to walls, buildings or structures, furniture, utilities, traffic signage or placed on any car windscreen, the message of which does not relate to the site or public place where the poster is displayed.” and section 27.3.7 prevents the displaying of the poster – interestingly this includes private land  – so I don’t think there will be too much push-back.

Fail2Ban and Brute-Force Password attacks on WordPress

I maintain a server hosting a fair number of WordPress blogs and I get inundated with brute-force password attempts.    In order to minimize the likelyhood of success of an attack, I have taken to limiting the number of login attempts I’ve customised some Fail2Ban rules to provide “overriding” lockout of accounts.

The code certainly has its limitations – for example it will – without warning –  temporarily lock out people who have forgotten their passwords, however for the most part it works pretty well.

One of the things I’ve noticed recently is that some attempts are persistent – they will continue to try log in even when null-routed, and for long periods of time.  I’ve thus written a second rule which looks through the fail2ban logs and bans – for an extended period – anyone which has been banned more then a few times.   This further reduces the likelyhood of a compromise, and also reduces the amount of “fail2ban spam” I receive, ie notifications of a ban being put in place.

Additionally, I’ve come up with a custom rule to ban IP’s sniffing around for a wordpress site where none exists.

The appropriate Fail2Ban rules are as follows –

apache-wplogin.conf

# Fail2Ban configuration file
#
# Author: Tim Connors
# Tweeked by David Go
#

[Definition]

# Ignore specific client who often forgets password.
ignoreip = XXX.XXX.XXX.XXX

# Option:  failregex
# Notes.:  Regexp to catch Apache dictionary attacks on Wrodpress wp-login
# Values:  TEXT
#
failregex = :80 <HOST> -.*(GET|POST).*/wp-login.php.*(HTTP)
:443 <HOST> -.*(GET|POST).*/wp-login.php.*(HTTP)

apache-wp-probe2.conf

# Fail2Ban configuration file
#
# Author:  David Go
#

[Definition]

# Option:  failregex
# Notes.:  Regexp to catch Apache dictionary attacks on Wrodpress wp-login
# Values:  TEXT
#
#failregex = <HOST>.*] "POST /wp-login.php

failregex = \[client <HOST>\] script \'/PATH/TO/VIRTUALHOSTSl/(.*)/wp-login.php\' not found or unable to stat

persistentban.conf:

# Fail2Ban configuration file
#

[Definition]

# Make sure we never lock ourselves out.
ignoreip = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

failregex = fail2ban.actions: WARNING.* Ban <HOST

And, of-course, the appropriate lines in jail.conf

[apache-wp-probe]
maxretry = 3
findtime = 180
bantime = 14400
enabled = true
port    = http,https
filter  = apache-wp-probe
logpath = /var/log/apache2/error.log
action  = iptables-multiport[name=wpprobe, port="80,443", protocol=tcp]
sendmail-whois[name=wpprobe]

[apache-wp-probe2]
maxretry = 3
#findtime = 14400
bantime = 14400
enabled = true
port    = http,https
filter  = apache-wp-probe2
logpath = /var/log/apache2/error.log
action  = iptables-multiport[name=wpprobe2, port="80,443", protocol=tcp]
sendmail-whois[name=wpprobe2]

[persistentban]
maxretry = 3
enabled = true
filter = persistentban
findtime = 3600
bantime = 86400
logpath = /var/log/fail2ban.log
action = iptables-multiport[name=multiban, port="80,443,21", protocol=tcp]
sendmail-whois[name=multiban]

Review of the Domain DM-DV703USB 2 DIN video/mp3/cd car stereo

My Toyota VITZ 2004 came with a “Japanese Only” Stereo, which included a reverse camera. To get the reverse camera working, in addition to some wiring tweaks (See my post on “Original Toyota Reverse Light Camera on 2004 Vitz/Echo with an aftermarket stereo“).

As I can’t call myself an audiophile, and I can be tight-fisted (who wants to spend 1/10th of a run-around vehicles value on expensive stereo equipment – especially when it spends time in a “not-that-good” neighbourhood), I decided to purchase a budget stereo off Trademe.

I picked up a Domain 7″ DVD/CD/USB/SD receiver, model DM-DV703USB from Sound Tech for arround $200 (you can get a similar one from Jonvy), and tried to install it.

First the good news – It uses an ISO wiring harness, meaning I could just spend a few dollars converting the Toyota stereo cabling to work with this stereo, and it uses standard RCA inputs for video.   The wires are labled, so this is all quite straight forward.

When the unit starts up, it shows the stereo splash screen, complete with a picture of Auckland CBD (Sky Tower is clearly prominent).  From the lack of information about this stereo I thus presume its a Chinese Import which has been customised and labelled for a New Zealand Importer.

The screen looks quite readable, and there is a row of buttons down the bottom.   The front screen tilts down to reveal the CD and SD slots.  There is a mini USB port on the front.   One nice thing about this unit (which is not boasted about) is that it also has a full size rear USB port – which is what I plugged my memory stick into, as I was able to access this from underneath dash even when the radio was installed.

The sound was quite good – I’m no audiophile, but certainly nothing to complain about.  The stereo also seemed to work well, automatically picking up the station names as it found them.   I did not try playing any DVD’s.

I really wanted this unit to be good enough – and gave it my best – I even communicated with the manufacturer who eventually took the unit back – after convincing themselves the unit was not faulty.

Now the Problems.  Unfortunately they were – for me – dealbreakers.  I eventually returned the unit for a refund from the supplier.

There were some (tolerable) limitations to the stereo design – It relied very heavily on a resistive touch screen, so skipping tracks required taking ones eyes off the road for longer then is ideal.   Still, at $200, I could have lived with that.

The problem I could not live with were the software / touch screen bugs.  The software in this unit is clearly buggy.  The biggest problem is that intermittently the touch screen would just stop working.  Even restarting the vehicle or powering off the stereo would not fix it.    (I now believe removing the USB stick might have fixed the problem, I only worked this possibility out when I was removing the unit to send back to the seller).

See the video above to show me pushing at the touch screen and nothing happening, even after a reset and other attempts.

When the touch screen was not working, the remote also did not respond.

There were other intermittent software faults as well.   For example (and despite accusations it was not wired correctly – which don’t stand up to scrutiny as the video below shows), the reverse camera sometime stayed on even when not reversing.  (It could not have been a wiring issue as changing the inputs reset it to work, and there was music playing while the camera input was showing.  The reverse camera only had a video input, and when I was in reverse no sound was played, so this is clearly a software fault.

Conclusion – This would be a great deal if it worked properly.  There is nothing fundamentally wrong with the hardware, but the software just does not cut it for me – not by a long shot.   If, and its a big if, a firmware revision comes out fixing these bugs it might be worth looking at again, but I’m not holding my breath as the distributor never responded to my request for a firmware upgrade.

Original Toyota Reverse Light Camera on 2004 Vitz/Echo with an aftermarket stereo.

I recently got a 2004 Vitz with some cool factory upgrade.  (Most of the world has the Vitz under the “Echo” brand, the Vitz means its imported from Japan)  Coming from Japan, it came with a factory new stereo system which only worked in Japanese,  did not play MP3’s and committed Seppuku when unplugged from the battery.

(While this is a post about replacing the stereo, a quick note – Toyota New Zealand are absolute bastards, and I won’t do business with them.  They would not even tell me the part number or frequency of the remote the car uses – because they correctly knew I would pick up an aftermarket one for a fraction of the price.   I didn’t even ask them about the disk needed for the firmware for the radio – required to restore it to working (in Japanese) after the battery is unplugged – which I believe sells for over US$100 and can’t be easily found online.    I have resolved to ensure Toyota New Zealand never see a dime of my money – thus far they have lost out on a service and break fix for my other Toyota which my wife wanted to get done through a Toyota dealer).

Anyway, information on getting the factory reverse camera working with this vehicle is very hard to come by.  Using some educated guesses and a lot of Googling I managed to get my (new, cheap-and-cheerful Chinese import Radio/display) working.  Hopefully this information is useful to others.

The first thing to note is the camera is powered by the radio with a 6 volt supply.  While I don’t know the current draw, the wires are very thin, so I’d imagine its not much current.  Of-course, most stereos don’t supply 6 volts.   This is easily rectified with a LM7806 voltage regulator IC  and a couple of (possibly not needed) 100nf or similar caps.  I used 200nf ceramic ones.   The 7806 (rated to 1 amp dissipation) voltage regulator cost about $US3 from Jaycar with a small heat-sink.

Toyota 4 pin reversing camera plug
Toyota 4 pin reversing camera plug

The original connector to the stereo has 4 pins – 2 of them are ground (black and white, and connected together with a wire as per the image),  red being 6 volts, and yellow being the signal.

Bastardizing an RCA lead, I soldered the yellow wire to the centre pin and grounded the shielding wire against the chassis.   I fed this in to the reverse camera input of the stereo.

There is a 5 pin cable on the standard stereo with 3 wires, the green/white wire measuring 12 volts when the car is reversing.  I tapped this line both to power the camera through the LM7806 (ie indirectly to red wire) and the reverse signal input in the stereo – which means the output is automatically displayed when reversing.

lm7805-vitzThe wiring for the LM7806 is quite trivial.  Looking at it head on, the centre pin goes to ground/chassis, the left pin goes to the green wire (or another source of voltage > 8 volts DC) and the right pin is the regulated 6 volt DC which goes to the red pin of the reverse camera.   For good measure I threw a 200nf ceramic cap between the input voltage and ground, and another one between output voltage and ground.   (Some stuff on the Internet says this is not required, I did it because that’s what I was taught to do in another life when playing with its close cousin the LM7805 and TTL logic circuits, and I believe its best practice.  At least it can’t hurt – if you don’t somehow damage the 7805 while soldering them on !)   Unfortunately I lost the picture I took of this.

Although it took me a long time to do, it worked first try.

Alo Alo… Alo Vaikeli

I enjoy occasional Mugu baiting.  This was my first non-Internet attempt.

I recently had need to find a tenant for a rental property.   As the timing of this rental was off (it came available just before Christmas), there was not a lot of immediate interest in the property – however I did get one very keen applicant.

The year was 2013, and he introduced himself as Alo Vaikeli, providing a business card for Birkenhead Quality Fencing Limited, listing himself as a specialist and Director of the Company.  The phone numbers on this card were 022-1549264, and listed a company landline 09-482-2194.  (FWIW the card did not have a picture of him, otherwise I would have scanned it.)

Although badly dressed, this guy posed (badly) as a model tenant.  For a start he claimed to be a pastor at a church, and wanted to rent the back unit out for me as well, he also had 2 rental properties in South Auckland so he knew what it was like to be a landlord.  He had just sold his Birkenhead property to buy a large businesses and was planning on being a long term (very specifically 7 years in fact) tenant.   And here’s  the thing – he needed a place URGENTLY to move into because he had to move out of his house.

If Pigs could fly and his story was true it would have been any landlords wet dream – a long term, stable tenant with good community roots and money, wanting to move into a vacant property immediately.   The only concerns about taking on this tenant was that his English varied from quite good – when what he said made sense, to almost non-existant when questioning something which did not add up.  Oh , and that pigs don’t fly.

I decided to check him out, and play along to see where it went.  (Who knows, maybe GE pigs can fly and no one told me ?).    First stop, check out his company.   Well, good news.  His company does exist, and he was, indeed the sole director of it.   Bad news – it was struck off in 2008 – http://www.business.govt.nz/companies/app/ui/pages/companies/1915781

As he wants the tenancy urgently, I advised him to bring references etc with him so he could fill out the paperwork and I could approve his application the following day.  He failed to do so.    He was definitely interested, and wanted to pay 2 weeks bond immediately + 1 week up front and move in (with the remainder coming later).   In fact, he wanted to move in on the Wednesday morning and pay the bond and sign the tenancy on Wednesday night….  I think he was upset when I would not let him move in until the bond and payment had been paid.

After chasing him to provide the application form if he wanted the property – he was keen-as – I received a form which was very cleverly filled in – Mr Big Business claimed to be earning $800 per week, but able to afford a $490 per week property – and yet, somehow, “forgot” to sign the application form… the bit which said I could do credit and reference checks and the like.    Strangely his form did not mension his Company, his address, his houses, the church where he was a pastor.

Also of interest, Birkenhead Quality Fencing Limited, despite having lots of staff has neither Internet nor a scanner – Its director had to go down to the Birkenhead Public Library to scan me the application form.  Also no email address.  Yet it lists on on Trademe – and touts for business there.

So, Of-course, I call Alo Vaikeli  to get more information – at which point it all falls apart for him.  The trigger was my casually worded comment “I need to do reference checks, after all, I don’t know that you are not a scammer” – which sent him into an angry tirade of accusing me of not trusting him, and he is as good as his word etc.   Unsurprisingly, he agreed with the BS I made up about reference checks required for insurance purposes – which he of-course would understand, owning mortgaged rental properties himself), but still would not sign the form, eventually, angrily backing out of the deal (more or less – I’m sure he would have been in like a shot if I had agreed to drop due diligence)

FWIW, BQF Limited (actually struck off) currently is advertising on Trademe – The associated login ID is manse6 and contact persdon is Alo Vaikeli – I’m not entirely sure why Trademe have not pulled his listing as of today – but it can be found at http://www.trademe.co.nz/Members/Listings.aspx?mcat=9334-&member=4319458

Also of interest might be the post from this unlucky person – http://www.dirtydebtors.co.nz/description.php?descriptionID=96&alpha=V who was obviously upset enough to pay money to let the world – and me know.

Anyway, the idea behind this post is that if anyone googles Alo Vaikeli, director of Birkenhead Quality Fencing Limited – there are now at least 2 posts warning them to steer clear.