John's Musings


Yeah, Me Neither

Tecsun PL-880 vs. Tecsun PL-660

If you go online and Google a shootout vs. the Tecsun PL-880 (left) and the Tecsun PL-660 (right) you'll almost see the PL-660 come out on top, which is surprising since the PL-880 is the newer and more expensive version of the two.


Usually the shootout is based around Single Sideband (SSB) performance and the fact that the PL-660 has an Air Band (airplane/airport monitoring). At any rate, I tend to prefer the PL-880 and here's why:


First of all I seldom listen to SSB transmissions. I own multiple Software defined radios (SDR) that have excellent discrimination for listening to SSB transmissions. Same goes for Air Band. If I want to listen to Air Band I'll just go grab an SDR.




Also regarding the Air Band on the PL-660 there is no scanning on the Air Band. You either have to turn the tuning dial manually or KNOW what frequency you are listening for and manually input it. What the hell, man? The manually tuning is God awful slow. It would take you an hour and give you carpal tunnel syndrome to work your way through the band. Still, I guess it is a cool feature.


Okay so maybe this review is not for you. I bought this radio to be well , errrrr, a radio. It's primary function is ShortWave Listening (SWL). Both radios perform about the same in my estimation regarding signal capture and playback but there are some inherent differences. Here are some PL-660 observations.


  • The PL-660 auto scan is SLOOOOOOOWWWW. Painfully slow.
  • The PL-660 auto scan stops on every bit of static in some bands. It would take forever to work it's way around the whole spectrum.
  • The PL-660 sounds pretty good.
  • The PL-660 tuning knob feels kind of cheesy and moves with minimal progress.
  • The PL-660 has a tuning meter that lets you see how strong the signal is.
  • There is no Line Out on the PL-880. Cannot record to another device such as a computer.


Here are some PL-880 observations:


  • The PL-880 auto scan is considerably faster.
  • The PL-880 will seemingly auto skip bands which have high static. At least I think that's what it is doing.
  • The PL-880 has no Air Band.
  • The PL-880 SSB performance seems okay to me despite what others say about it. Maybe I'm not that picky.
  • The last tiny element of the antenna feels like it is going to be easily broken off. Extra care must be taken.
  • THERE IS A LINE OUT on the PL-880. THIS IS AN AWESOME FEATURE.



Regarding the line out feature of the PL-880........I discovered that most laptops these days DON'T have a Line In. File that under "You gotta be shitting me". Higher end laptops have them but your average every day ordinary laptop won't.


Fortunately there is a cheap cure.


About $6 gets you a USB Sound Adapter that has a Line In. Plug it in and then download Audacity


Audacity has a cool trick where you can set up voice activated recording (VOX) so lets say you were recording a Ham Radio conversation you'd get only the speaking and none of the empty space in between. A cool feature indeed.







Here's a pic of the Audacity setting that shows you how to turn on VOX. Once you click on where it is highlighted blue then you press the record button in Audacity. It will just sit there until voice is heard. (Yeah you may have to play around with the squelch or the sound activation level (the setting below VOX) but you'll figure it out.




Let's face it. There is a lot of cool stuff out there in ShortWave Land. Stuff that is worth recording sometimes. If this even remotely impresses you as a "feature to have" then you better get the PL-880 because the PL-660 doesn't do it. The Line Out is what seals the deal for me more than anything else at all. Also you could Line Out to stereo speakers or something as well. Mono - eh - mono is all you get with the PL-660


Ultimately they are both great radios on AM/FM/SW. Air Band is cool but not a deal breaker for me. Ditto with SSB stuff. Both radios sound okay but, hey, they are both little bedside radios. Both come with 20' long, long wire antennas for SW reception. What a great addition that is to both radios.


What both radios are MISSING though is an adapter for hooking up an external antenna. The included 20' wire antenna has a 1/8th plug on it. No other HAM radio antenna in the world comes with a 1/8th inch connector. You need an adapter like this:





1/8th inch connector to Coaxial Type F












You can't go wrong with either radio but I lean heavily towards the PL-880.



Comments

Dreams of a Little Boy

When I was a kid, probably around 12 years old or so I was into the CB radio craze. My mom and dad got me a Lafayette Tube CB and dad installed an antenna on the house for me and ran the coax inside. Can't say I wasn't supported well!


From there one of dad's friends gave me a tube (Probably a Collins) Short Wave radio. I used to sit up spinning that big dial seeing what I could hear. Back in those days short wave was alive and hopping. It still kind of is but nothing like those days. Oh the things you could hear. Just an awesome experience for a kid. Sooooooo badly I wanted a HAM radio license and I'm not sure why I never got one. Mom and dad surely would have supported that as well. When I joined the Navy I wanted one.......when I became a father I wanted one........my whole life I have wanted a HAM radio license. It has ALWAYS been in the back of my mind and on my "To Do" list.


Well I am happy to report that the little boy of 12 who is now a 54 year old man finally got a HAM radio license. I took my test today, Saturday August 19th, 2017 and passed it the first go around.




And I'm as proud as can be. The test was no joke. I studied for weeks. Being an electronics tech rep really helped me nail a portion of it but much of the test had to do with rules and regulations, frequency conversions, what meter band is what frequency, antenna theory, modulation, wavelength. Like I said the test was no joke.


Now I'm not going to tell you I'm special for passing the HAM radio test......I'm not. Tons of people have done it before me. It's totally doable. But it is something you have to work for and earn. And that's what feels good about it.


In a day and age where society makes sure nobody fails and everybody gets a trophy it is a breath of fresh air to be given a test by several 60 to 70 year old guys, on paper, where multiple people verify the test score and it IS POSSIBLE TO FAIL. And it costs money to FAIL. $15. Ahhhhhh the old days and the old America that I long for.


And it is one less piece of unfinished business for a guy rapidly approaching senior citizen status.


I did it.

Comments

Tecsun PL-880 Review

Recently rediscovered an old love of mine. Short Wave Listening (SWL). I have many SDR radios which are technically superior because they have that big old computer behind them allowing you to do more. Also software is fluid, allowing you to do many different things or use specific pieces of software for specific tasks.


Still, there are times when a radio by the bedside is what you need. Or for casual listening while on travel in the hotel room. Or tuning into that cool frequency you found with the strong signal thereby freeing up your computer for some other important task.


Here's another thing to ponder. An SDR plugged into the computer, using software only you are familiar with, hooked to an antenna only you know how to position is not intuitive to other members of the household. From a sheer emergency or preparedness situation any family member including children can operate a radio.


So now that I've convinced you that you need a radio.............Here's the one I got. The Tecsun PL-880. If you google up "best shortwave radio" on almost every list you will find the PL-880. As a matter of fact you will find it at the top of almost every list.




Again if you are looking for a hardcore technical review, you have come to the wrong website. I'm a regular guy who uses regular items and records regular observations. Here's my first observation:


Despite all the buttons and dials it is a pretty intuitive radio to use. You can figure it out pretty quickly. I particularly like the Scan button (top row, far right). It will scan backwards too if you give the dial a slight turn in the backwards direction first and then push the scan button, consequently that works in the forwards direction as well.


When reversing the scan though the scan arrows still point to the right which threw me for a loop for a minute or two. Wish those arrows would point the other way for a quick indication of direction of scan.





As it is you have to watch the numbers roll and it takes a half second or so to see which way they are rolling. Once or twice I caught myself scrolling in the unintended direction.



The radio comes with a 20' flat wire short wave antenna which is cool however the whip antenna worked just as well indoors as far as I was concerned. I'm sure that antenna would work much better stretched out flat on the ground outside. Speaking of antennas I have a 40 meter band dipole antenna in the back yard and I'd sure like to utilize it however the plug for the antenna is a 1/8th inch (probably 3.5mm, made in China) jack. It sure would have been nice to have an adapter come with the $159 radio. Wink, wink, hint, hint.


You can buy one of these adapters from Amazon here. It is a 1/8th to F Type Coaxial.


I can't stress enough how much more impressed I'd have been with this radio had an adapter been included. Yeah, it's not a deal breaker but it seems like a no-brainer.


Can't find one of these that is 1/8th to SMA. It's probably out there, just that I can't find it.






What else is cool? The carrying case.




My only beef with the carrying case is that if you put the included charging cable in there (the radio has a rechargeable battery) it will distort the case if it even fits at all. With just the radio in there it is a sleek, and tight fit.


And speaking of charging the battery............the cable that comes with the radio is a USB cable. There is no brick. You would have to charge off of a computer or in my case my home has those fancy electrical outlets that have USB ports in them in almost every room. I can plug the radio right into the wall. Sure you can pick up a brick for next to nothing and you probably have 5 already laying around that you don't even remember what they are for.


Still. It's slightly incomplete but again not even close to being a deal breaker.


You can download a manual from here.


Also there are hidden features. Some claim they are awesome hidden features, others claim they are crappy or experimental so Tecsun never put them in the manual. Either way, they are there. Here's a cool chart someone made of them.


As far as the radio goes...........from a technical standpoint.......I'm happy. It's a fine piece of hardware that is pretty intuitive to use despite all the buttons and knobs. I compared it to my old Grundig S350 and while the S350 held its own, the PL-880 had better sound, sensitivity, selectivity, features, etc. I love my old S350 but the PL-880 is better, smaller, lighter, better looking, etc.




The only complaints I had are that for $159 I'd love an antenna adapter and a power brick. Even if I never used the power brick I'd like to see it there, if not for me but for others.


If you are an SWL 'er, who travels or doesn't want a computer with an SDR and a coax across your lap in bed all the time, or you want a good radio for the family to use in a pinch...........look no further.








Comments

Reading Other Peoples Pager Traffic And Shit

Did you know a lot of people still used pagers? I had no clue. Did you know that all that pager traffic and all those messages are sent unencrypted and can be easily decoded? All you need for hardware is a $10 USB SDR radio stick with a cheap indoor whip antenna.


NOTE: Reading pager traffic is NOT against the law, however retransmitting it or acting on any information you learn from it is. Decode for good. Not evil.


And much like any other Linux techie project I've ever done following the directions somewhere else DIDN'T WORK. Oh, it mostly worked but something is always missing. This page is for the first timer trying to figure this out. And for me to recreate this once I screw it up or my computer dies.


Doing this on Windows is easiest and the directions I found here DID WORK. This will be a tutorial on Ubuntu (Or LinuxMint) Again most everything worked but the actual decoding process didn't until I changed a thing or two. Also one major step was left out that almost caused this to epic fail for me. YMMV. Depends on the Decoder your system is using.


First of all you need a few dependencies on Linux. Open a terminal and do this. (one command per line).


sudo apt-get update
sudo apt-get install git cmake build-essential libusb-1.0 libusb-1.0-0-dev qt4-qmake libpulse-dev libx11-dev sox


After that installs lets get gqrx


sudo add-apt-repository -y ppa:bladerf/bladerf
sudo add-apt-repository -y ppa:ettusresearch/uhd
sudo add-apt-repository -y ppa:myriadrf/drivers
sudo add-apt-repository -y ppa:myriadrf/gnuradio
sudo add-apt-repository -y ppa:gqrx/gqrx-sdr
sudo apt-get update
sudo apt-get install gqrx-sdr


You have to be able to pipe the audio to multimon-ng so depending on your system you may need this. (I didn't need it).


sudo apt-get install pavucontrol


Now you need rtf-sdr


git clone git://git.osmocom.org/rtl-sdr.git
cd rtl-sdr/
mkdir build
cd build
cmake ../
make
sudo make install 
sudo ldconfig


Lastly we get multimon-ng


git clone https://github.com/EliasOenal/multimon-ng.git
cd multimon-ng
mkdir build
cd build
qmake ../multimon-ng.pro
make
sudo make install


Almost there. Now open GQRX and find a pager signal. Set the settings on the right hand side the same as mine (obviously your frequency may be different) and be sure and push the UDP button in. No UDP streaming, no pager traffic.



Okay we have a good signal and we are streaming it over port 7355 on UDP. Time to decode.


In a terminal type the following command (or cut and paste it, its a doozy). make sure it is all one one line and one command as well.


nc -l -u 7355 | sox -r 48000 -t raw -b 16 -c 1 -e signed-integer /dev/stdin -r 22050 -t raw -b 16 -c 1 -e signed-integer - | multimon-ng -t raw -c -a POCSAG512 -a POCSAG1200 -a POCSAG2400 -a FLEX -a SCOPE -f alpha /dev/stdin


See near the end of that command where is says "-a FLEX"? Go to any tutorial on the internet and they have ONLY the POCSAG decoders in the command line. I ran the command and sat and waited and not one thing happened. It was only when I installed this on Windows (the link near the top of the page) that I discovered our local pager system was using FLEX as a decoder. About one second after I added -a FLEX to my command I started getting messages. EVERYBODY ALWAYS LEAVES SOMETHING OUT. Here's what it looks like. Note, that if you are not getting a signal in the white box.........something ain't right.




Notice that I redacted the decoded pager messages. The law, remember?


Now you don't want to type that command every single time lets make a super easy script file to launch it. Go to the folder where you want to store the script and do this. I'm going to name my file "pager" but you can name it anything you want.


touch pager.sh


That makes an empty file. Open it with the following command:


sudo nano pager.sh

Now paste in this:


#!/bin/sh

nc -l -u 7355 | sox -r 48000 -t raw -b 16 -c 1 -e signed-integer /dev/stdin -r 22050 -t raw -b 16 -c 1 -e signed-integer - | multimon-ng -t raw -c -a POCSAG512 -a POCSAG1200 -a POCSAG2400 -a FLEX -a SCOPE -f alpha /dev/stdin


Hit the Control key plus the X key. It will ask you if you want to save it. Hit Y and then Enter. Done.


Now lets make it executable.


sudo chmod +x pager.sh


Now you can just click on that file. Now you can read other people's pagers and shit.


Comments

Emby vs. Plex

It's been a while since I talked about media servers. Every mythical "power user" should have a NAS (Network Attached Storage). And on that powerful file serving NAS you should be running a media server to control all that music and all those videos. There are lots of choices, however I've narrowed my choices down to two go to media servers. Emby and Plex.



Now this is not an all encompassing review of every cool power user feature for a media server. This is a review of how I use a media server. Here's a quick rundown of some features I like and don't like. Lets start with Emby. Here's my home screen with Emby.




First of all Emby installs perfectly, and easily on FREENAS which is the NAS operating system I use. On the left you'll notice the blue square which says "Live TV". Emby does live TV but you need a TV tuner and the amount of tuners that work are limited. When I started using Emby you could only really use HDHomeRun devices. Not sure if they've expanded that or not. In this day and age of cord cutting I put a powered antenna with a high gain amplifier in the attic. I pull down all the local channels in HD for free. With Emby and my HDHomeRun Connect device (you gotta get one of these things) you can not only watch Live Tv but you can watch it across your network on any device. Also I VPN into my network when I'm on travel and I can watch it (if the internet connection is fast enough where I am).



It will segregate your movies and TV shows and the metadata and clip art it pulls down is perfect. With Live TV though to get a decent Electronic Program Guide (EPG) you need to buy a subscription but it is AWESOME and worth it to me. Even pulls the station graphics down nicely. You can click on any show below and just record it. Just like a Tivo. A very inexpensive DVR and besides, your NAS has tons of storage, right? Mine does.



So that's my key feature I use Emby for. Yeah it's nice to rip DVD's of Movies and TV shows but the Live Tv is a KILLER feature. I used to have no TV in my bedroom but now I do. Any device with a browser is now a TV.


Now, onto Plex. Plex does some of the same stuff Emby does and to be honest the interface is pretty slick and pretty. However I have one problem with Plex. While it kinda does Live TV it only does it on devices like Android, IOS, or Apple TV. Not on any device or laptop. Also you need an app to watch. Don't get me wrong, Emby has apps that do similar but you can still WATCH LIVE TV ON ANYTHING. Plex, not so much.



Plex puts the movies and TV shows on the Home page like Emby does and it is fairly similar in that respect however the Program Guide, which is FREE (Yeah).........sucks. It sucks ass. Oh, it looks okay, right up the point where you try to use and it and to see what is on TV several hours from now. Plex needs help here. But.......it's free. I can overlook a lot of stuff for free.



Plex does the same thing with a DVR device and in fact the latest beta of Plex has included lots and lots of popular TV tuner devices. It finds and uses my HDHomeRun Connect as well.



Plex DOES NOT install well on FREENAS, at least not for me and I always have to do a manual install inside of a BSD Jail. If you don't know what that means......consider yourself lucky. I will say that I also run another server at home on Ubuntu Linux and it also runs Emby and Plex (as a backup in case the NAS goes down). Plex installs PERFECTLY on Linux.


Also when I record on Plex from FREENAS I have to record inside the jail and not outside. Again, if you don't know what that means it translates into this:


It's a Pain In My Ass. I'm sure it is a permissions thing but I'm pretty good with Linux and I haven't figured it out yet. Still I have some work arounds. And once again if I install Plex on my Ubuntu server I have no such issues. I can record anywhere. Why this is important is that I can have one drive somewhere with all the data on it and access it from all media servers so I don't have the same data is several different places.


For John Hagensieker and John Hagensieker alone it's Emby all the way for me. The usability of the Live TV pushes it over the top for me even though Plex has some other cool tricks I didn't mention (namely channels).


Emby. Emby. Get Emby if you want a good intuitive media server that works everywhere.


Comments

SDRPlay RSP2 Review

Like I don't have enough SDR radios............I have a couple of the black dongles, a couple of the blue dongles, a couple of the Version 3 dongles, a FunCube Pro dongle, a NooElec Nano 3, a Ham It Up Upconverter, an Airspy, and a Spyverter up converter. I also have a HackRF.


I use one for FM radio at work and to listen to military aircraft ground communications. (I work in the Operations Building at MCAS Cherry Point, NC). Another one is in my attic doing PiAware and tracking aircraft with a filter and antenna. The Funcube Pro is my go to dongle for grabbing NOAA satellite data. For some reason I get the best results with it. The HackRF is doing replay attacks. The Airspy is a digital trunking radio. The Nano 3 stays in the laptop bag so I can show off SDR to lesser humans. Any or all of them can be used for HF listening as well. I just grab what's closest. I particularly like listening to this one Holy Roller on Shortwave who just knows the end of the world is coming right after the eclipse later this month. :)


Oh I almost forgot.......I have a Dreamcatcher and LNA antenna for talking to INMARSAT and the "Outernet" If you don't know what Outernet is.....check here.


This is not a review chocked full of technical information and numbers. This is a review from a hobbyist who is using the device for the first time(s) and my observations. While devices such as RSP2 are technically superior to regular SDR dongles it all depends on how you use it. If you buy an RSP2 and pay $169 and only listen to AM and FM radio....you spent too much. I'm using mine to track satellites, and sniff signals out of the air and trying to learn a thing or two about signals and signal security.


So while I know a thing or two about SDR, I'm still very much just a hobbyist with a Linux problem.


Decided to pick up an RSP2 from SDRPlay.com


The principal difference between the less expensive RSP1 and the RSP2 is the number of antenna ports. It has 2 SMA ports (A and B) and one High Z port for HF frequencies. The A port is just kind of a normal port and the B port has a Bias - T enable which allows you to crank a few volts out of the port to power a Low Noise Amplifier (LNA) which is an awesome feature. The High Z port has P, N, and Ground connections allowing for balanced installations.


So right out of the chute it is fat on features. An SDR experimenters dream. I was kind of surprised when the box arrived and it was just as it appears in a form fitting clear plastic box. And that's wonderful until you realize there is no USB cable, and oddly enough the thing that got me the most was the absence of the 4 sticky rubber feet that usually come with an item like this.


Neither of those things are deal breakers though, just minor annoyances.



Here's another thing that gets me (and I promise this isn't going to be a negative review). It doesn't work with the de facto standard SDR program SDR#. Well, that's kinda true. It does work if you use an older version of SDR# and a plug in. The great thing about SDR# though is that you run it from a folder in Windows and not your typically installed Windows program. That means I can have my up to date SDR# and launch the older version with the plug in from another folder.


UPDATED NOTE: I installed version SDR# 1491 and the RSPSDRPlay Plugin and it works great. Hopefully they'll get this resolved so one day I only have to have one instance of SDR# on the computer........but who cares? It works!





SDRPlay uses a program called SDRUNO downloadable from their website and while it looks powerful beyond all belief there is a steep learning curve compared to using SDR# or GQRX (free program for Mac and Linux). But once you learn how to navigate around well then, you've got it made.






I own exactly one Windows laptop that I just bought a couple weeks ago. I got it specifically to run some SDR projects that aren't ready for prime time in Linux. But, alas I am a Linux guy. To use an RSP2 on Linux you have to install a driver (which is a .RUN file, which you just don't see very much of in Linux) and then you have to install a program called CubicSDR. Oh if it were only that simple. You must install the driver, install some dependencies, and then build and install 6 programs from source code. That sounds daunting if you've never done it before. The instructions are here. While it looks terrible to the newbie, the reality is that it is just a lot of cutting and pasting. Depending on how fast your computer is it will take 20 to 30 minutes to work through it all. There was ONE mistake in the instructions. Under Step 6.2 for wxWdigets......See the space between the dash and the 3 below? Remove that space and hit enter.


https://github.com/wxWidgets/wxWidgets/releases/download/v3.1.0/wxWidgets- 3.1.0.tar.bz2


In fact I'm going to say right now that if you are a bright and shiny SDR user that is not above average in computer geekiness this SDR may NOT be for you.


However, comma, if you can get through the install this is THE radio to get. The 10 MHz of useable bandwidth is huge and allows you to use the RSP2 to cover multiple trunked radio control channels and channels.


Also following the Non-Windows workflow will install a useable driver for GQRX as well.




The Device String ends up being:


driver=sdrplay,soapy=0


And while it works, the waveform looks different under GQRX than it usually does when using an RTL-SDR dongle or comparable SDR such as the Airspy.


You can build an additional driver for Linux for GQRX however, as of yet I haven't done it yet. Probably won't on my work computer since all I do it listen to FM radio and ground voice communications.






And here's what CubicSDR looks like.


SDRPLAY RSP2 Device UNDER SOAPYSDR




CUBICSDR ON UBUNTU 16.04.2 LINUX


MY TAKE:


This SDR is a little less plug and play than other SDR dongles. If you are listening to AM and FM radio and tracking aircraft (dump1090) then buy a $25 dongle on Amazon or eBay and save some money. However if you KNOW you are going to grow your interest in SDR radio you NEED a device that has this fantastic 10 MHz of bandwidth because eventually you are going to build a digital trunking scanner. You're also going to want the 4.7 volt Bias-T to drive a Low Noise Amplifier (LNA) when you're chasing satellites. That will prevent you from adding a power supply to your rig. A power supply or voltage converter or stuff means another wire running up the pole and another extension cord or cable run.


If you are a hard core hobbyist this is MONEY WELL SPENT. You win.



Comments

Make a Raspberry Pi 3 RTL-SDR Server

First of all, why would you want to do this? Here's my best explanation. You can mount the SDR and Raspberry Pi somewhere permanent like the attic and maybe even outdoors. Then you can access the SDR from your computer without having an SDR plugged in and being tied to an antenna. Makes you mobile.


Here's my rig.


Raspberry Pi 3 - $35


NooElec Nano 3 - $27.95




Quite a portable little setup. Occupies a little more space than a can of Altoids.


Download Rasbian Jessie here and burn the image file with Etcher. Once you get booted up follow the directions on this excellent page to set up rtl_tcp. I'd copy the instructions here but I couldn't do it better than the page that is linked. Once you have a booted Pi with rtl_tcp running then you need to have client software like GQRX or SDR#. GQRX runs on Mac and Linux. SDR# runs on Windows.


Start GQRX and then click the crossed wrench and screwdriver.



Figure out your Pi's IP address and configure GQRX as so. (My IP address is 192.168.20.89 with port of 1234) Your address may be different.




To start a listening stream fill in the following:


Device string = rtl_tcp192.168.20.89:1234

Input rate = 1200000 (theoretically this should be 2400000) however mine choked a bit so I throttled it back some.




Now on your remote computer (connected to the same network) start GQRX. Note that at the top it shows connected to the rtl_tcp server you set up. Note that tuning is a bit slow. But it works. Now you can play with your SDR radio from ANYWHERE IN THE WORLD. Open port 1234 in your router to the IP of the Raspberry Pi using TCP and you can access it from anywhere. Listen to your favorite radio station from another state. Listen to Ham Radio from a hotel room without a 20' antenna or basically any gear at all.






Comments

Create a Trunking Scanner for $25 (okay $50)

First of all some definitions:


Trunked radio - Unlike a conventional radio which assigns users a certain frequency, a trunk system takes a number of frequencies allocated to the system. Then the control channel coordinates the system so talkgroups can share these frequencies seamlessly.


Trunking Scanner - Most scanners that can listen to trunked radio systems (called trunk tracking) are able to scan and store individual talkgroups just as if they were frequencies. The difference in this case is that the groups are assigned to a certain bank in which the trunked system is programmed.


Here's my definition: Digital radio, bro. Analog radio was just one frequency or the other. Now you have various channels that support higher usage without congestion automatically.


Yep, you can buy one if you have a spare $350 or so laying around. One that barely gets the job done might cost about $100.


Now let's create a trunking scanner. First a little primer.


I live in New Bern NC. Let's google "New Bern Frequencies" and it leads us to here. Note that not only can you buy a Scanner you can have the dealer preprogram it for you. Go ahead and click that link and check the prices. First though they want personal information. Trust me, you'll do this my way.





If you keep scrolling down the page you'll see all the individual frequencies you can select for the various city services. Scroll all the way to the bottom and you'll find the Trunking systems. I'm going to snag New Bern Public Safety.





I can't quite squeeze it all in a screen shot but I show the frequencies and there is a list of the talk groups below.


We also want to take note of the Radio System Type. This is Project 25 Phase 1 or P25-1. Remember this for later.






Okay this isn't that hard but I'm going to do it on Ubuntu Linux. This program is cross platform written in Java so you should be able to do this on Windows or Mac as well. On windows there is a Program called Unitrunker that is probably more powerful than this. This however is a tutorial on Ubuntu Linux using a program called SDRtrunk. I watched a six part video series on how to set it up and was thinking I was in for a lengthy fight. Then I just followed the directions on the github link I just gave you. There's only a few things to do. All that being said the videos I saw are AWESOME. They are what attracted me to this project and the guy that did them did a great service to the SDR community. I was going to work through his videos then thought, "Let me try this first" and it worked.


I have done this to three Linux computers. One with LinuxMint 18.2, one with Ubuntu 17.04, and one with Debian Jessie 8. It worked the same on all.


First you need Java version 8 or better. Three commands. On Ubuntu do this:


sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer


Now that's done. Technically we can just download and launch SDRTrunk but we need a decoder for the P25 radio system.


But lets get SDRtrunk first.


Go here to download. Now unzip (and I unzipped this in my /home/john directory which created a folder called sdrtrunk)


tar -zxvf sdrtrunk_0.3.0-beta13.tar.gz




Go here and download the latest JMBE release. Get the jmbe_builder.tar.gz file.


Now run the following two commands (in the directory the file is located in)


tar -zxvf jmbe_builder.tar.gz


./make_jmbe_library_linux.sh


This creates a file called jmbe-0.3.3.jar


Now copy this file into sdrtrunk folder (making sure your path is right)


sudo cp jmbe-0.3.3.jar /home/john/sdrtrunk


HURRAY YOU DID IT!

Now lets start the program. Plug in your SDR Dongle (you don't have to have this one, any one will do)


./run_sdrtrunk_linux.sh


Should start with a pretty waterfall. My dongle was tuned to the FM band. They always store the last frequency they saw.




Just below the waterfall click the tab that says "Tuner" and then select the device it finds. It will open up details on the right side for the Tuner. Just keep the defaults for the device however you need to tune the Control Channel frequency from that page at the beginning of this tutorial. Mine is 858.2625




Now click the Channels tab and select "New".




At a minimum fill out the following:

Name - Anything you want.


Now go to the source tab and type in that frequency again. 858.2625 (yours will be different, unless you're my neighbor).



Now go to the Decoder tab and select P25 Phase 1 and Simulcast (LSM) (This may vary depending on your radio system). Finally click the enable button bottom left.



It should show up on the "Now Playing" tab as a Control Channel. I have noted that my AirSpy SDR dongle (as depicted in this tutorial) doesn't work very well and freezes the program at higher bandwidths (10 MHz). If I set it to 2.4 MHz it works fine on this very old laptop.




Here's the problem with that. The first frequency is 854 MHz (approximately) and the last is 859 something. That's 5 MHz. You won't get all the channels unless you add another SDR dongle (Cha Ching $25 more dollars). Technically the AirSpy should cover this with its 10 MHz spread but alas all it does is Overflow errors on the talk channels. Actually it also could be that this program desires a big old fat Intel i7 chip with a massive clock speed. This is a very old laptop I'm doing this on. I read some forum posts on the internet that lead me to believe this might be the cause.


If my SDR card has a limited bandwidth of 2.4 MHz then lets say my Control Channel is tuned to 858. We'll just round it up to keep it simple. Basically you have 1.2 MHz of bandwidth on both sides or 856.8 to 859.2. That doesn't begin to capture the bandwidth. But what I can do is add another inexpensive dongle and say tune it to 855.6 (theoretically this should cover, YMMV). See how that works? Two or three $10 SDR's covers the bandwidth you need covered.


I can confirm that the AirSpy device works GREAT on a much newer laptop. I have a Windows 8 era Dell laptop at work and the AirSpy SDR works famously on it and utilizes all 10 MHz of bandwidth which covers the whole New Bern trunking frequencies. Awesome! That being said you can buy a whole handful of RTL-SDR dongles for the price of an AirSpy ($169 OUCH) . With this program you can add multiple devices and set the frequencies on them to cover the bandwidth you need. 2 or 3 cheap dongles is way cheaper than an AirSpy or other advanced SDR radio.


All that being said the AirSpy is AWESOME! If you need to step up your SDR game the cheap dongles just don't cut it forever.


Therefore I declare this project and SDRTrunk program to work BEST with the el cheapo RTL-SDR dongles. That's actually a good thing. Save some buckazoids.


Here we are in action:




Update: Since starting this project I have since added one additional SDR dongle (v3 stick) along with my Airspy which allows me to capture the entirety of two trunking radio systems here in New Bern. I'm tracking two Control Channels and essentially getting all the city EMS, Police, Police Helicopters, Fire, Public Works, Animal Control, etc.

Seems the Airspy and SDRtrunk are a match made in heaven.

Great little project.


Comments

How to use an UpConverter with SDR in GQRX

As with most geeky things I've found that NOBODY hardly puts those "seal the deal" details on the internet. Smart guys will say something like "balance the decombobulator" without actually telling you how to do it. Hey, they know how to do it and that's what matters.


In fact that is the whole premise of my webpage and my blog. To capture that minutia and those details and write them in a step by step easy to follow process.


First of all, what is an UpConverter? An upconverter allows you to get roughly between 0 and 24 MHz. There is where you find AM radio, Shortwave, and HF transmissions. Just beyond 24 MHz, and usually reachable with an upconverter is CB radio as well. So your basic SDR dongle doesn't quite reach that. Well actually one does. This one.



Here's how you do it in GQRX. When launching GQRX for the first time or while selecting "Configure I/O Device" here's how to get the HF frequencies........


Select the Realtek device and make sure the Device string says


rtl=0,direct_samp=2


beneath that set LNB LO to:


-125.000000 MHz




Score. You might need to make sure "No Limits" is selected In the "Input Controls" tab as well in order to properly tune.




That makes that RTL-SDR an awesome little device. For $25 and some geekery you can listen to HF band radio on the cheap. An upconverter always works best though.


Here are the other two I have. An AirSpy Spyverter and a NooElec Ham It Up.




For the NooElec set it up like below. It is ALMOST exactly the same as above. Simply hook it up, then remove the ,direct_samp=2 from the Device String. The LNB LO is also -125.000000 MHz. Here's a pic with me getting a great signal from the local AM radio (1450).





Lastly........The AirSpy R2 and Spyverter. Very similar but different values.


In the device string type:


airspy=0,bias=1

with an LNB LO of -120.000000 MHz




And Bob is your uncle.


The Outernet and Shit

You know what the internet is. Did you know there was such a thing as the Outernet?


The Outernet is sometimes called the "Library in Space" and I believe the intent was to bring news, weather, and Wikipedia (encyclopedia type information) to areas where there is no Internet connection. The Outernet can be accessed by using an RTL-SDR device with a special antenna and Low Noise Amplifier (LNA). Or you can buy a kit for $90 from here. I opted to go this route. All you need to get going is to write an image file to an SD card, insert it, and then align and lock onto the satellite and it will immediately start downloading.



What you get in the kit is a Dreamcatcher version 2.03 computer board with ARM processor which has a built in RTL-SDR. It contains the following as well for the antenna.


  • L-band SAW filter (1525 - 1559 MHz)
  • Two-stage L-band LNA with 34dB gain


Because the signal from the satellite is weak, it is my opinion that it's best just to buy the Dreamcatcher kit rather than source parts and use a Raspberry Pi plus RTL-SDR, plus filter, plus LNA.


So when you receive the kit you receive the board, antenna and patch cable. That's it. No instructions or anything. Luckily it is a piece of cake to get working with the latest software. Download the software from here. Be sure to read the Readme.txt file for instructions. It's the closest thing you'll find to instructions. Because I bought the kit from them it instructs you to use the image file for the active antenna. At the time of this writing it is skylark-dc-1706222246-active-antenna.img.gz. Uncompress this file. The unpacked file should be named skylark-dc-1706222246.img


Now the easiest way to get this on the SD card is to download a program called Etcher. Then you select your file, select your SD card (I don't have one plugged in in the image below but you get the idea) and then click the flash button. IT IS THAT SIMPLE.




Now install the SD card into the slot next to the LED's labelled SD0_OS. Then plug it in the wall. THAT'S IT. Well, not really.


Now you need to align the satellite antenna.


The board creates a WiFi hotspot called "Outernet" connect to that WiFI and type the following address into the browser:


outernet.is


You'll see this:

Log in with user= outernet

pass = outernet



This is what you see next.



Click the little blue button on the top left and a toolbar will pop up. Click on Tuner > Status



You'll notice I have a lock and that I'm downloading in my example below. Yours may say no to "Lock", at least until you align the satellite.



There are a couple ways to align the satellite. I found this to be the easiest way. Obviously you need to know where to start looking. The Satellite we want is Inmarsat 4-F3 and it is located a little SW of North America.



The easiest thing to do is get a compass app on your phone and an inclometer app. Turn the compass until your heading is 212 degrees (and this is of course dependent on WHERE YOU ARE). Different compass headings for different locations. And slightly different elevations as well.



You can also get that information from an IOS app called "Dish Align". Shows you on a map which way to point and even has tools to help you align. I personally thought it was easier to get a lock with compass and inclinometer.





Takes a while to download information. Text based news comes down fast, and wiki articles are a bit slower. The Wiki articles seem relevant to current events (at least initially). The first one to come down I think was "G20" and of course the G20 summit is going on currently.


The weather takes a while and maybe it's because it is only published every so often daily. Might be a timing thing?. After 12 hours or so all I have are Ocean Currents data. Still.........it's cool.








Anyway, this is cool. Power goes out, internet goes out............betcha that satellite doesn't go out. You can still track news, and weather.


Well it took a while but I finally got the weather data! Here is wind, followed by heat.




And here are the various options for display. Quite a few things to display including precipitation. And the map zooms in.



YOU IS A SATELLITE HACKER AND SHIT.

Comments

Survival Computer

We all have computers however they are more and more reliant on an internet connection, but what do you do when that internet connection is gone? Seems everyday on the news they are saying North Korea will pop an EMP off rendering the US power grid toast. I'm not really thinking that may happen but I live right in the chute of a hurricane tunnel. That's a lot more likely and I'm liable to be without power for a few days. I have a generator but what if that high speed internet connection isn't working? What if cell service is out? I've decided to dedicate one laptop to the task of being an Over The Air (OTA) device, non-reliant on the internet.


What can a computer do that isn't hooked to the internet? Quite a lot actually. Here's a few things you can do:


  • Watch digital over the air television
  • Listen to FM or AM radio
  • Listen to Shortwave Radio
  • Listen to Amateur Radio
  • Listen to emergency service transmissions such as police, fire, weather, etc.
  • Decode NOAA Weather Satellite Images
  • Detect Aircraft Overhead


Not a bad list, huh? So the big hurricane hits and all the power and utilities are out it almost seems like a must to have all this. Here's what you need to get started.

  • Laptop - I prefer an older Windows Vista / Windows 7 era laptop. They are plentiful, cheap, and many of them had Core Duo processors which are now dirt cheap. You could take an old Core Duo and slap a higher end chip in it for a few dollars. I took an old Dell 1545 with a 2.0GHz CPU and put a 2.80 GHz chip in it for $15 I think. A quick eBay search shows you can get an X9100 3.06 GHz CPU for about $15. Then again a Core Duo 2.0 does the job here almost as well. Go to BestBuy and look at laptop chip speeds now. A girly 1.8 GHz Celeron or some AMD low power thing. They are designed to last forever on battery and frustrate you with their lack of CPU and graphics speed. I don't care if you think these laptops are old but a Core Duo 3.06 GHz CPU running on Linux KICKS ASS.
  • Operating system. You can use Windows here but if you have an old laptop with say Windows XP or Vista you'll probably want to upgrade WHICH COSTS MONEY. I use Linux which is FREE and does everything we need to do nicely here. I like LinuxMint, Debian, and Ubuntu. For this project I used Ubuntu Desktop. If you read the page it recommends 2.0 GHz as the slowest chip. There are a million flavors of Linux and some that don't need much horsepower such as Lubuntu.
  • RTL-SDR Radio - Get this one if you can. $25 and it comes with a decent sized whip antenna.
  • TV Tuner - Hauppauge X Box Tuner for aprox. $50 I guarantee you can find cheaper TV Tuners but I know this one works with Linux and I know it works WELL. They sell a Hauppauge HVR-955Q for about $70 but I read somewhere this X Box Tuner is the exact same hardware. I also own the 955Q and it works awesome as well.
  • Antenna - I won't run too deep here but you can buy a cheap discone antenna from the internet which gives good broadband coverage. A $25 cheap Yagi TV antenna will work well here too. Heck you can MAKE YOUR OWN ANTENNA as well for next to nothing. If you live in a high signal area the whip antennas that come with the devices may be enough. With the cheap whip with my TV Tuner I get 12 Channels in New Bern, NC. 3 major affiliates with local and national news. I think if the stuff ever hits that fan that is what I'm shooting for anyway. Just note that if you want to decode satellite images you may need a handheld, tuned antenna or a DIY type antenna specific for that application.

As far as Linux software goes you'll need something called GQRX and Me-TV. If you are using Windows you can get a free program called SDR# (SDR Sharp) for the SDR Radio.


Here's a screenshot of Me-TV and of course the picture will go full screen if you want it to. You even get a free electronic program guide (EPG).



Here's GQRX pulling in a local FM radio station.



The SDR Radio I linked to above will do HF, which encompasses Amateur and Shortwave and AM radio as well. It's just a little geeky to get going but this device will do all the necessary bands. There are other, cheaper RTL-SDR USB radios but they don't natively do HF, AM, Amateur, and Shortwave without an UpConverter which will make you another $40 or so lighter in the wallet area. And before you ask, yes I have an UpConverter too.


Downloading NOAA transmissions is a bit geekier and can be done easily in GQRX. I have on overview on my page here for doing it. Basically you need GQRX, sox, and WXtoIMG. A program called GPredict is also a necessity for tracking where the satellites are. All these programs are free. Here is GPredict configured with my favorite satellites. We can see that NOAA 19 is right over the top of me.



See the biggest circle on the page around North and South America? That is INMARSAT 4-F3. It is in geosynchronous orbit over the Americas. Its job is to be a library in space called Outernet. Get it? Internet, Outernet. By the way you can connect to it with an Outernet Dreamcatcher Kit. I have a kit in the mail I'll review later. So.... imagine power has been out for a while. You can hit the satellite up everyday for weather, news, and encyclopedia information. Seems pretty useful to me.


But the ability to predict the weather is PRICELESS if you are in a no power, no communications situation. I am really not kidding. You can get this quality of satellite imagery (below) from a $25 SDR Radio. Wouldn't it be nice to keep a close eye on that hurricane approaching?




Having an SDR radio in your hurricane kit is as valuable as a few cases of water, canned meat, and gasoline. YOU NEED ONE OF THESE.

Comments

Software Defined Radio

Software Defined Radio - What is it? Most of us think of it as a hardware device and it is but it passes many critical functions off to the host computer and as the name implies most of the magic happens in software. We're going to focus on something called RTL-SDR which is usually a USB device that contains an RTL2832U chip. These are usually TV Tuner devices. But they do much, much more than act as TV Tuners. Much more. There is a list of items a simple $20 USB RTL-SDR can do on this page. This is the most concise list I have seen to date.


NOTE: THIS IS CUT AND PASTED FROM THE LINKED WEBSITE ABOVE. NOT MY LIST.


The RTL-SDR can be used as a wide band radio scanner. Applications include:


Look at that list. That's insane. All that stuff you can do with this:




Here's the quickest of the quick things you can do with it. Download a program called GQRX. Plug stick into computer (I'm using a Mac). Select the stick in GQRX.



Tune into a local FM radio station. Make sure that MODE is selected to FM Mono or Stereo. You need a faster computer to do stereo.





Now with a proper antenna you can listen to Police, Fire, Aircraft, Ham Radio Operators, CB Radio, Baby Monitors, Cordless Phones, Satellites (not kidding), the International Space Station (so not kidding), Boats, Weather Balloons.......like I said.....this is insane.


I have a handheld antenna tuned to about 138 MHz. I can use software (GPredict) to track satellites then when, say a NOAA weather satellite comes overhead I can download and decode the signal which turns into that picture you see on the Weather map on the news every night. YOU CAN DO THIS IN YOUR OWN BACKYARD.


Here's a pic of Tropical Storm Cindy sneaking up on Louisiana.




Here's another thing you can do. Track Aircraft. This is done with a Raspberry Pi and an RTL-SDR. These are the planes flying over my house as I type this. Pretty cool, huh?




Get a load of this. Many cities and their provided services (EMS, Police, Public Works, Fire Dept. etc) have gone to digital trunking radio systems. No longer will your old analog police scanner catch all the conversations unless it can be programmed to follow the trunked radio frequency changes. An RTL-SDR can also do Trunked Radio. Absolutely amazing. A scanner that listens to all city services for $25. That my friends, is a bargain.




Now picture this. The shit has hit the fan. There's no power but you have a generator and can charge a laptop. You have a TV Tuner, FM Radio, Aircraft Tracker, that by God can tell you if terrible weather is inbound. I would say this is much more than a hacker toy. This is a vital piece of survival equipment.


Actually I'm not totally sure you can watch TV on this as it is a PAL receiver and the US uses ATSC. I guess you could get an up converter or you could just buy a US TV tuner USB stick for another $30 or $40. I have a Hauppage 955Q. Most laptops have multiple USB ports. SDR in one, TV Tuner in the other and you are ready for any emergency.


Anyway you NEED one of these. You don't just want one. You really need one of these.


Although I'm not a preparedness guy I wrote an article once for a cool website called ruralsurvival.info It's pretty similar to this page but goes into some more specific details.









Comments

iPhone Tethering with Router with DD-WRT

Suppose you are a very low usage internet person. Check email and read FoxNews once a day. You probably have a smart phone that has a Hotspot. My phone plan is Unlimited Data with 10 GB's of hotspot per month. That's so you don't share with 90 people and everybody rides for free. I know many people who don't use 10GB of data a month. Also I have an iPad that gets 20GB a month so that's 30GB's a month I can use that I seldom do use. I could almost fire the cable internet company.


Or lets say you want to surreptitiously run a wifi network at the office so you can check cutekittens.com which you know you aren't supposed to do on the work network. Or lets say you're somewhere and don't trust that network but you need to hook up multiple devices or you need a little better range than what you get with the phone or iPad.


You can also add an ad-blocker, run a VPN server, block web sites........stuff that you can't do on that phone or iPad.


I've found a good solution that is inexpensive, lightweight and not too obtrusive. We're going to hook our iPhone or iPad to the router and use it as a WAN connection so we can hook up to the wifi of the router.


The D-Link DIR-860L version B1 goes for about $40. It's very lightweight and about the size of couple of coke cans. Probably more suitable for a suitcase than a big rectangle with antennas sticking out all over it.



First in order to pull this off we need to install DD-WRT. Open a browser and type "ftp.dd-wrt.com" On Mac it asks if you want to open in finder. You can do that or just navigate via the webpage. Go to Betas > 2017 > the newest one > D-Link DIR-860 and grab the factory to dd-wrt file. Make sure you get the correct version. I have version B1.



Now log in your router interface and flash the file you downloaded. Sorry, no screenshot here. It takes 5 minutes or so but the address of the router will change to 192.168.1.1 and you'll have an open wifi network called "dd-wrt"


Once you go to the main setup page after setting a password you set your WAN connection type to "iPhone Tethering".



No go to "Wireless" and "Wireless Security" to change your SSID (if you want to) and to enable a password.


Go to Settings on your iPhone and turn off wifi and personal hotspot. Now plug your iPhone into the USB port on the back of the router. It will ask you if you want to Trust the Computer. Click yes.




Now turn on Personal hotspot and it should ask you to turn wifi on. Click yes.




Now in DD-WRT do this:


Next on the top bar click the tab that says "Status" and then "Site Survey"





Your phone will be listed in there somewhere and you may have to click the "Join" button (not depicted) Once you do that it will show up as a wireless node.


At this point you should be connected and you'll see a blue bar at the top of your iPhone page indicating a connection. After the site survey you may have to turn off wifi and personal hotspot and then pull the plug from the iPhone and start again with "Trust this computer". It takes a time or two maybe the first time you do it but after you get the blue bar you are using your iPhone as a WAN device on the router. Now you can connect to the router with it's wifi.







Yer doing it! You have successfully used your phone to provide internet to a router. Your telephone is acting like a cable modem. Depending on where you are you'll top out at 4G speeds.


Remember the data you use from hooking to the wifi on the router is part of the Hotspot data. Don't watch Netflix unless you have an unlimited hotspot plan.



Comments

Synology RT2600AC Review

I'm a firm believer that a stock router from Walmart or Target is wildly ineffective and minimally secure. I'm also a firm believer that you have to be a lot different from the crowd and that act itself makes you a little more secure simply because it makes you not as soft a target. Some ways to be different are to run open source firmware such as DD-WRT or LEDE. Yet another way is to get a non mainstream router such as a Synology RT2600AC. It has some great features not found on many regular routers.


First of all it does one amazing thing not found on almost any other router. IT MAKES YOU CHANGE THE DEFAULT ROUTER PASSWORD. Most routers steer you towards a hardened WIFI password while completely ignoring the actual "hooked directly to the internet via ethernet" connection. Default passwords are published on the internet. If your wifi has a gaping hole somebody has to be within 300 feet or so of you to exploit it. If your router is PHYSICALLY connected to the internet with a default password of admin / admin or admin / password then you're a sitting duck. MOST PEOPLE DON'T CHANGE THEIR DEFAULT ROUTER PASSWORDS. A blind kid could hack you.


It also has a unique feature where you can schedule the wifi to shut off. If you go to bed at, say 10 PM every night, why leave your wifi on? It can't be hacked if it isn't turned on. This router also has a button on the side where you can manually turn wifi on and off. What a concept!


Also you can schedule the LED lights to turn on and off at certain times. Nice to extinguish the flashing distractions especially if your router is in the bedroom or next to the TV you're trying to watch a movie on.


Because Synology routers are not really mainstream or sold in huge quantities they're a less attractive target.


What's the downside you say? It's a little tougher to set up. A bit more geeky. Another bizarre thing I noted was that as soon as I set it up it told me the SRM (firmware) needed to be updated. So I updated. It took longer than most routers AND when it was finished and just for fun I asked it to check again it found yet another firmware update. Apparently the upgrades are incremental. That's not very intuitive. Finally it tells me it's up to date!



Take notice of the control page here. It looks more like an operating system than a router configuration page. And of course it is. And of course they all are but this has a way different feel to it. This is like your basic window type graphical user interface. This router feels more like a Office/Small Business router rather than a home router. It is definitely a few steps up from a bottom shelf router at Walmart.


There is a Package Center where you can add packages (apps) to give increased functionality. This router provides excellent hardware specs to run a VPN Server and it has one of the easiest implementations of setting up a VPN server and providing client configurations to put on your devices. It's easy. It also can auto configure your firewall to keep the VPN from getting blocked. The only thing about that I didn't like it that it asked to open the ports for every kind of VPN the device supports. There is no reason to open the ports for an L2TP or PPTP VPN if you are running an OpenVPN instance. Advanced users will know to uncheck the radio boxes for those unnecessary ports but I don't think a first timer would. Never have open ports on your firewall that you don't need or intend to use. It's an open door or at the very least a poorly locked door with a really cheap lock on it.


Also it has a package called Intrusion Detection (Beta). Synology defines it as this:


Intrusion Prevention guards your Synology NAS from network threats, and identifies malicious packets to prevent your Synology NAS from infection and data compromise.


Other devices do this as well. For example my pfSense hardware firewall uses a program called pfBlockerNG which is similar. I'm sure the concept is the same. After reading through some forum entries I'm not sure this is smooth and polished yet. Without having deployed this at all I can tell you that many times these things are too restrictive. You just want to go to some website and it's blocked or elements of it are blocked. Then you go in the program and try to find the "rule" that blocked it. Many times you end up clearing the log and trying to recreate the problem so you can identify it so you can whitelist the problem. It's network administrator stuff, not Jenny from the Block stuff.


But if you put in the time and effort you'll have a decent intrusion detection system. Will it keep the NSA out? Ha. Doubtful, but it will keep out some segments of exploit attempts. I doubt a nation state or super hacker wants in your computer. It's the people scanning for social security numbers, identity theft mining, and pictures of wife getting frisky after the Christmas party with the new GoPro she got you that you are worried about.

Comments

Home Automation - The Struggle is Real

Decided to make some upgrades to my oh, so perfect home automation system and alas, this is when you find the struggle is real. Everyone that comes here is impressed with the setup but there is a lot that goes on behind the scenes. Home automation is not quite ready for the casual user.


But alas, it is. Go in any department store and they sell home automation hubs, which connect to all these devices and, yeah, it kind of works but you don't have tons of control over the user interface and you can't get under the hood to fix problems that pop up, and oh brother do they pop up. And while home automation is getting wildly popular, it isn't well thought out in my opinion. Picture this: You have a $70 light bulb in the lamp next to the bed or in the hall. Do you really want to fumble around in the dark to find your phone to scroll through screens, to find the app, to turn on the light so you can go to the bathroom or let the dog out? Or how about this "ALEXA, TURN ON BEDSIDE LAMP" when your lovely sleep deprived wife is laying next to you. Go ahead, it'll be alright. Automation is cool! So is practicality.


Sadly to integrate automation successfully it needs to also be manual, just like the home of old. A little kid needs the lights on too. And when you have tons of devices, who can remember the names of them all the time to trigger them from Alexa? Was that "Front Window Lamp, Light, or Outlet? How do you change intensity? Get this: I have a GE 12730 Ceiling Fan Switch.


GE 12730 SMART FAN CONTROL




$45 and it controls a 3 position ceiling fan motor at, low, medium, and high. It's awesome, hold the switch up a second or two and the little blue light flashes and it turns up a notch. Turning it down works the opposite. The nice folks at Home Assistant incorporated it into their program and you can manually select the speed as well.





Really nice as well, but how do you voice trigger it? By golly, like this: "ALEXA SET BEDROOM FAN INTENSITY TO 66" 33=low, 66=medium, 99=high. By golly, that's intuitive. Try remembering that at 3 AM when it's stuffy and you want the fan speed up. Not medium, Sixty-Six. Awesome.


And while we're on the subject of Fan Switches......GE makes another one. The box looks identical except on the upper left corner of the box face there is no model number. That my friends is a GE 14287 switch which by golly isn't yet really supported by Home Assistant because it hasn't seemingly been added to the OpenZWave manufacturer_specific.xml file. Awesome! What the hell does that even mean? It means your $45 dollar switch doesn't work yet unless you have one of the home automation hubs on the box, and I've seen discussion that they don't always work yet either. It's too new.


So you try to name things with common names you can easily remember. I have a vacuum tube amp and preamplifier. The preamp is called a Bottlehead Foreplay. Try as I might Alexa will not voice command it. If I say "ALEXA TURN ON BOTTLEHEAD FOREPLAY OUTLET" it starts playing music through the Echo Dot. I'm so not kidding. So I had to rename it "Foreplay" because I can remember that. When I show off my system almost invariably the first thing someone asks is "Why do you have a device named Foreplay and why would it burn down your house?". And then I get that Ahhhhhhh.........you dirty old man look, usually followed to a punch to the shoulder. Man acceptance.



I love my home automation system, but I fear I'm the only one that can work it. It runs from an Aeotec Zwave Stick in a Raspberry Pi 3 and I have about 40 devices. The subsequent configuration file THAT YOU HAVE TO HAND CODE is about 700 lines long. Hey, anybody can do that right? But my implementation is better than one of these generic hubs that make you follow their methodology. And what do you do when you have 40 devices and then number 41 won't name correctly. That happens. You gonna reset the whole device and start over because you can't dig around under the hood and get in the weeds because you have a hub that won't let you?


Home Automation = COOL!

Home Automation = Frustrating




Open Source Firmware for Routers and Shit.

Sigh. I'm always touting network security and I'm firmly of the belief that one of the best things you can do is to buy a new router and install Opensource Firmware on it such as DD-WRT or LEDE. It's a GREAT first line of defense. In general the firmware is much less prone to exploits, the code is open and when exploits are discovered, the geeks on the projects close them fast. Ok you're sold.


NOT SO FAST!


I've been running Open Source firmware exclusively for years. I won't run any manufacturers firmware at all. So when somebody releases a fancy pants new router and I see it is supported by the Open Source community I get all excited, buy the router and then find out that while the router works it has all kinds of bugs and problems and well, just doesn't work good at all.


Case in point. Linksys WRT3200ACM. On the product web page it says that it is "Open Source Ready" with OpenWRT and DD-WRT.


Let's dissect that statement, shall we? OpenWRT is basically a dead duck. Its developers jumped ship to a new program called LEDE, so technically it's still there but also no great strides are being made. So that's sorta true but not good news. Also what they don't tell you is that the wifi chip uses a driver called "mwlwifi" which is made by Marvel and the driver is PROPRIETARY. So if you buy the router and use the driver Linksys paid for it'll work but if you use DD-WRT and LEDE the Open Source driver is still under development with all kinds of bugs.



So they tighten the driver up real nice and I'm ready to deploy my brand new shiny WRT3200 and lo and behold none of my Internet of Things (IoT) devices with ESP8266 chips in them will connect to the router. I have exactly 10 Home Automation devices in my home that will not connect to this router. That is a problem. A big problem.


JUST BECAUSE A ROUTER CAN USE OPEN SOURCE FIRMWARE DOESN'T MEAN IT CAN USE IT WELL.


So I have this router that cost $200 (I paid $119 for a refurbished one) that I can't use unless I use the factory software on it which I refuse to do.


So you really need to do your homework before you decide to run Open Source Firmware. There are hundreds of devices that can run Open Source Software. There are so very few that do it well. Here's a short list.


- Netgear Nighthawk R7000 I know what you're thinking. This is an old router. Comparatively it is older, however it is still way more router than anyone needs. The router is an AC1900 and reading the box leads you to believe you get 1900 MBPS speed. WAY UNTRUE. That is the combined speed of the 2.4 and 5 Ghz networks. You can't get that speed. In fact, look at this:



I'm in the room next to my router and I connect at 527 Mbps. In fact my MacBookAir maxes out at 867 Mbps so why would I need a router any faster than that. 1300 Mbps on the 5 Ghz band is unachievable. Now tell me again how this is an old router. The R7000 still has a very active community and it is still used by a lot of the super geeks. Years of development have gone in this platform make is super fast, and super stable and secure. That's what we're shooting for. In fact, the R7000 is my number one recommendation.


What are the cons? It's friggin huge. That's about it.


- Netgear R7800 - Ok, you have to have new, I get it. This is what you want. This is the current darling of the Open Source Firmware community. In fact you may want to explore the installation of LEDE firmware for this bad boy. In my mind LEDE is a little faster, a little more secure and a little more stable. I could be wrong about that though but that is my gut feeling. I have an R7800 that I use for my guest network and it runs LEDE and I love it. In fact I installed LEDE and haven't touched it since. It's super stable and I get high wifi speeds over great distances.


- DLink DIR-860L version B1- The reason there are two hot links there is because the B1 version is HARD TO FIND. The amazon link is a version A1. The DIR-860L is the best "cheap" router you can get. You shouldn't pay more than $40 or $50 for it. Also it doesn't have big honking antennas on it so it's better suited to small homes and apartments. The guys at LEDE are working hard at making it faster than Richard Petty on crank as well. It's an amazing little device.


- Archer C7v2 - This router came out a couple years ago and had bells and whistles on it that only much higher priced routers had at the time at a fraction of the price. It immediately became a hit and that hit gravitated over to the Open Source Community. Good solid builds for this device and excellent open source support for its Qualcomm Atheros wifi chipset. Can't go wrong with this router.


In my mind that's really about it. Honorable mention to Linksys WRT1900ACS. Although it also has Marvel wifi drivers in it they cracked the nut for that particular chipset a while back. The WRT3200ACM remains problematic. I have a WRT1900ACS as the main router in my home with DD-WRT and it works flawlessly. I have a build from late March and my understanding though is that some of the newer builds have problems as well.


I realize that most people don't have the know how to flash routers and understand what chipset is better supported than other ones but that's why us geeks are here. Hug a geek today.

More Router Security

The other day I made a Facebook post which got more attention than I expected. I told the story of an acquaintance of mine who heard I was "the router guru" and who contacted me because their monthly internet data usage from the cable company spiked in a HUGE way. She contacted the cable company who came out, told her she'd been hacked and she needed to change her passwords and drove away. No help at all.


And on top of it they told her she would have to pay for the overage because she was using her own router and not the cable company's which I find to be very bizarre because cable companies use combo modem/routers which have just about the worst track record for security imaginable. However, if I owned the cable company that would probably be my bottom line fiscal policy as well. Guess it depends which side of the fence you sit on.


I've been trying to raise awareness for home network security in my circle of friends for some time. Most probably just tolerate my posts as most folks aren't as geeky as I am. I get that, I really do. And when you learn some giant tidbit that excites you regarding computer security there is no one to tell that understands it, so I tell Mr. FaceBook. So everybody probably just thinks I'm that crazy geeky guy with a poodle.


And most people have this attitude about hacking..........."I'm not very interesting. Anybody who hacks me is wasting their time. I don't have anything important on my computer I care that much about.


And you know what..........For the most part, for most people, that may be true.


But then this thing happens. Lady is minding her own business, not hurting anyone, someone hacks her and then IT COSTS HER MONEY. She was the victim of a crime that had a fiscal impact. Believe me when I tell you folks......this can happen to you too. Someone can steal your data which can cost you money.


Getting hacked could cost you the Presidency as well. :) Ask Hillary Clinton.


Getting hacked also could reveal all your emails which reveal you to be a Spirit Cooking, UFO nut as well. Ask John Podesta.


It could cost you your job. Ask Debbie Wasserman Schultz or Donna Brazille.


All these things happened. Sorry if that offends your political ideology, but they happened.



Let's say I'm a black hat hacker and lets say I deal in images for money. You can use your imagination here. Naked pics of celebrities, kiddie porn, whatever. You don't think I'm storing that crap on my computer, do you? Nope, I'll store it on YOUR network and sell links to the images. SUDDENLY YOU ARE COMPLICIT IN A CRIME.


Okay, lets get real here. When the investigators roll in it won't take them long to figure out it isn't you. You probably will never see the inside of a booking room or cell but oh what a pain in the ass it will be when they knock on your door and take your stuff.


Here's another scenario. I break into your network and hack a computer or all of your computers and turn them into my evil bots. I use them to attack other computers. You don't think I'm gonna hack the Pentagon from my computer, do you? Nope, I'd do it from your computer. You don't think I'm going to do a Denial of Service Attack from my computer, do you? Are you beginning to get the picture here?


So why are you so vulnerable to attack? First of all lets discuss how you connect to the internet. Generally in this day and age it's via a cable or satellite modem, hooked to a wireless router inside your home. There are combo devices which do both as well. Or you can connect via a MiFi brick which is becoming more and more common as well but that's a discussion for another day. It's still just an access point.


Now let's go to the store and go router shopping. Look at the boxes. They all tell you how FAST they are, but look for a box that tells you how safe and secure it is. You won't find one. Why? Because they aren't the least bit safe or secure. I've said this before and it always bears repeating..........That router is designed for the stupidest person capable of opening the box getting connected to the internet easily without having to call their expensive tech support people on the phone lines.


Now, flip your router upside down. There's a sticker there that gives you an awesome WiFI password. ChittyChittyBangBang498374$%&)


And you know what? That's great. It really is.


EXCEPT FOR ONE THING. YOUR FUCKING ROUTER IS CONNECTED DIRECTLY TO THE INTERNET VIA AN ETHERNET CABLE TO THE MODEM AND THAT INTERFACE HAS A PASSWORD TOO! Wanna guess what that password is?


I swear to God it is usually "password", or admin, or NOTHING. Nothing filled in the password block. I AM SO NOT KIDDING.


Don't believe me? Google up "Netgear default password", "Linksys default password".........whatever.


Most people NEVER change this password. When you boot into the router software to set it up IT DOESN'T PROMPT YOU TO CHANGE THIS PASSWORD.


Why not? Because the stupidest person capable of opening the box will change it, screw something up, then call tech support and tell them "I dunno what my password is". And then they have to pay the tech support person to sit on the phone with that person for 30 mins to an hour teaching them how to reset the router and starting all over again.


There is no security folks. Most of you have a 5 year old router, with 5 years of dust on it behind your TV that you've never updated, and certainly never changed the password. When you read the news and it says "The hacking group Anonymous took down Coca-Cola corporation today with a Denial Of Service Attack using 500,000 bot computers....." Guess what? You're one of them. Maybe two of them. Maybe even three of them.


If I'm a super skilled hacker I can break in your router EVEN IF you do all this because the router manufacturer puts software designed for that stupid person on the device that's full of gaping holes. Even if you do change your passwords which is a must, there are other ways to break in. Someone can probably always break in but for God's sakes don't make it easy. The super hackers don't want to look at pics of your grandkids. You're no great prize to them. But to the 14 year old hacker in Prague you are. All the people who think they have skills can get in, they will, and they'll steal your data and THAT CAN COST YOU MONEY.


You should do the following things at a minimum:


- Call the cable company as ask them to provision your modem and install the latest firmware on it. They are supposed to do that. By the way modems are hackable too. Google up "Arris Surfboard hacks". Most home users have an Arris Surfboard modem. Walmart and Target sells the shit out of them.


- Buy a modem that can install third party firmware such as DD-WRT or LEDE and buy a geek a pizza and a six pack to configure it for you. I myself like combination pizza and Michelob Ultra.


- Change the router password in addition to the wifi password.


- Turn off remote management,ssh, telnet, and Universal Plug and Play (UPnP). The only way you should be able to interface with that router is through an ethernet cable hooked directly to it or via wifi.


- Get a hardware firewall appliance. pfSense is popular and it is FREE. You heard me correctly. It's free. Totally free. You can buy an old rack mount server on eBay for less than $100 that has the horsepower to run pfSense. THEN YOU HAVE A HARDWARE FIREWALL RIGHT AFTER THE MODEM AND RIGHT BEFORE THE ROUTER. This will cost you several pizzas and a case or two of beer. Money is also accepted.


There's much more you can do to protect yourself. Right now you're making it too easy for the bad guys. And it could cost you.



DD-WRT OpenVPN

Okay this is harder than it should have been. Tons of information on the internet, NONE of it in one place. Why, SpongeBob, why?

This is a tutorial done on a Linksys WRT3200ACM with BrainSlayer DD-WRT dated May 27, 2017. And I'm doing this from a Mac. If you are doing this from Windows or Linux you need to ask Mr. Google what to do.

First we need a program called Tunnelblick. Download and install it.

Now we need to make some encryption keys. Type the following in your Terminal program. And make sure you replace "john" with whatever your path name is.


$ cd /Users/john/Library/Application\ Support/Tunnelblick/easy-rsa


Or let me show you a cool Mac Trick. Go in Finder to the Library path above. Open Terminal and type cd and add a space. Then highlight and drag the easy-rsa folder into the terminal. It fills out that long complicated path for you.







We'll do some housework in the vars file by changing our locations and setting up a 2048 bit key.


Now type:

sudo nano vars


Now adjust the following parameters regarding your location and change the 1024 to 2048 as per the example below. Scroll down a bit until you find this section. Then change:

export KEY_SIZE=1024 to export KEY_SIZE=2048


A little further down where it says "These are the default values for fields" Fill in the information to match your key best. Make sure to uncomment the lines (if they are commented out) by removing the # in front of the word export.



Once that is done hit CTL +X and Y to save then run the following commands.


$ . vars
$ ./clean-all


This will create a directory called "keys" which will create server and client keys that you need to pull this off.


$ ./pkitool --initca


The command above will make your ca.crt and ca.key files


$ ./build-key-server server


This makes your server.crt and server.key files


$ ./build-dh


This makes your SSL/TLS parameters.


$ ./build-key john


This makes your client keys. You can name this anything you want. john, jane, phone, computer, mom, whatever.


The files circled are the ones you'll need for configuring DD-WRT OpenVPN. You won't have a "config" directory. I did that for convenience.




Now go to "Services > VPN > OpenVPN Server / Daemon and configure as below.



Add your keys by right clicking on them and Open With "Text Editor" and copy the contents between these two lines and make sure to include the Begin Certificate and End Certificate lines with all the dashes as well:


-----BEGIN CERTIFICATE-----

All the crap between these lines.

-----END CERTIFICATE-----


Paste these four fields in the corresponding boxes.


Public Server Cert = server.crt

CA Cert = ca.crt

Private Server Key = server.key

DH PEM = dh2048.pem



WHOOPS GOT THE CA Cert Field Copied Twice. Ignore please.


In Additional Conig add the following


dev tun0

keepalive 10 120

push "redirect-gateway def 1"


Now we need to set up our client certificate. Add the following by opening Text Edit. Make sure you are making a plain text doc and paste in the following. Make sure on the fifth line this points to your ddns server or static IP address (if your ISP gives you one). Make sure the three lines about the certs match the name of your certs as well. Mine are john.crt and john.key. Remember yours could be phone.crt or whatever. Also note that I have changed the VPN port from 1194 to 1195. It never hurts to take a service and move it to another port. Does that make you foolproof from hacking? No but it's another layer somebody has to punch through. Make it harder.


client
dev tun0
proto udp
float
remote yourddnswebsite.com 1195
remote-cert-tls server
tls-cipher TLS-RSA-WITH-AES-256-CBC-SHA256 
cipher aes-256-cbc
auth sha1
ca ca.crt
cert john.crt
key john.key
comp-lzo adaptive 
keepalive 15 60
resolv-retry infinite
nobind 
redirect-gateway def1


Save this file and call it


config.ovpn


and place it in a directory called HomeVPN with the following other files (or whatever you named your client keys)


ca.crt

john.crt

john.key


Now rename the folder from HomeVPN to HomeVPN.tblk


That will place the 4 files into one container.




You can now double click this container file to import into Tunnelblick. After configuring your firewall you should be good to go with your OpenVPN server.


If you have an iPad or iPhone download the OpenVPN app, then connect your phone or iPad to iTunes to sync. Go to "Apps" and scroll down the Apps page to the "File Sharing" section and then click on the OpenVPN app. Drag those 4 files in and sync again.




Now when you open the OpenVPN app it will ask you if you want to import the connection. It'll be ready to roll after we complete the following steps.



Now set up the firewall:


Go to "Administration > Commands" and insert the following then click on "Save Firewall"


iptables -I INPUT 1 -p udp --dport 1195 -j ACCEPT
iptables -I INPUT 3 -i tun0 -j ACCEPT
iptables -I FORWARD 3 -i tun0 -o tun0 -j ACCEPT
iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT



One final step. Let's set up DDNS. This allows you to be able to find your OpenVPN server even when your ISP changes your IP address. If your ISP assigns a static IP address you don't need to do this.


There are a multitude of free DDNS servers out there. In this instance I used NoIP.com. Another favorite of mine is DuckDNS. With DD-WRT NoIP is in the drop down list which makes it a little easier to configure. Only bad thing about NoIP is that you have to confirm once a month that you are still using the DDNS. They send an email, and you update it. No biggie but a pain sometimes.


Once you create an account you can make a hostname, like yourlastname.ddns.net, or bigpoodleinthesky.ddns.net or whatever. Now go to Server > DDNS and fill in your account name, password, and hostname. When you click Apply it should say it updated successfully.




You should now be able to connect to your OpenVPN instance from an outside network. Congrats.

LED Strip Lighting

Home automation is kind of like a drug. The more you get the more you want. And the more you study and read up about it the more you see people messing with LED strip lighting. There are all kinds of LED strip lighting you can buy but I'll center this discussion around WS2811, 12 volt strips and WS2812, 5 volt strips. I only have one strip which is the WS2811 which I bought here for a little bit less than $27. You can get cheaper stuff on eBay as well. For my first excursion into this I wanted to make sure I had something tried and tested and I read several on line accounts of people who used these successfully. Here's what a cut shortened section looks like.




The roll you get is 5 meters long and has connectors on it. I just cut this section off to play around. See the line going through where the power wires get soldered onto on the left side are? That is the cut line. You can cut these strips to any length.


This is not a definitive work on LED strips but just my experience with this one strip. And my control mechanism is an MQTT server used under Home Assistant Home Automation software. I basically replicated the work of "Ben" and used his code. If you use Home Assistant software it's hard not to know who Ben is as he has made several great informative YouTube videos.


If you do not know what an MQTT server is or what Home Assistant is ..........move on quickly. You can however buy these lights as kits with RF controllers that have remote controls with them. Rather than just jamming power into it you power the RF controller which plugs right into the end of your LED strip and then you just click-ity click on the remote to get the colors you want displayed. Easy money.


By setting this up with MQTT and using an ESP8266 Internet of Things chip you can computer control your lights and make them part of your home automation which is what I've done here. My pic below is an oversimplification to be sure. Here are the parts you need:


12volt power supply. This can be a brick or a dedicated power supply. I got this one. It makes some noise as it has a fan for cooling which kicks on sometimes so if you need whisper quiet get a 12 volt, 10 amp computer type brick. Also since you have 12 volts readily available now it is best to get your 5 volts for the ESP8266 from a 12 volt to 5 volt step down converter. I used this one. Lastly you'll want a NodeMCU ESP8266 WiFi chip from here.


Also note on my pic below that that isn't the drawing for the LED strip I ordered above. It was as close as I could find. Ignore the markings on the drawing below but wire as depicted in my photo above.







The LED Strip you receive will have 3 wires connected to a plug already soldered on it. And you'll receive another plug with a short section of wiring with bare wires on the end. When I shoved these wires into the breadboard and the longest run of wire I had was about 6" it worked PERFECTLY. However when I drilled a hole through the wall, then routed the wires down to the noisy power supply in the garage the run was about 3' long. I had what I would call some data issues due to the length of the cable.


Here's the deal with that. The data signal coming off the ESP8266 pin D5 (as per the code, you could move the pin if you wanted to) is 3.3v. The data signal the LED Strip wants is 5v. If you have short wires, and maybe not a full LED strip this may in fact be adequate, however if you have long wire runs and a long LED strip you may need a Logic Shifter. It will shift your signal from 3.3v to 5v. Right at the moment I am not using a logic shifter but will probably add one. Just to be safe. I picked mine up here. Don't buy one up front until you know you need one.


One more gotcha here........The code that is written has all manner of cool animations. Your LED strip can be quite amazing however after running the animations for a few minutes it crashes. This seems to be a known issue and the code developer (Ben) is working on it. As it is the solid colors work fine for me. I'm not really into running animations on my LED strip, as I just wanted it for back lighting effects so I'm good!

NOTE: As of today, 2 June 2017, there seems to be a fix to the code which is working well so far! Told ya.





As you can see I laid mine on top of the decorative arch in my living room. It was the perfect length and it just laid down flat, no tape, no staples, nothing. I can remove it in moments if I need to.


I drilled a hole through my wall into the attic and then pushed the wires down into the garage.





There were some issues with this setup. The data wire (green wire on the left side of the ESP8266) was about 2' to 3' away from the actual LED strip. When I applied power the first three LED's immediately lit up. When I turned them on those LED's would behave as the others, same color and all and then when I shut the strip off the first three LED's would remain lit and color shift a bit.


I figured the data signal was corrupting or something so I took apart this rig and laid all the components out on a breadboard and laid them on top of my decorative arch right next to the LED strip. That worked GREAT but you could see the breadboard from the ground and when the LED strip came on it cast a noticeable shadow from the breadboard and components. That bothered me too much.


So I took a protoboard and soldered the NodeMCU in with a 3.3v to 5v Logic Level Shifter. This takes the 3.3v signal and amplifies it. I was then able to mount everything back in the garage.


Here's the layout.



And here's the real deal:



Now nothing is visible at all and the LED lights are in my mind professionally installed now.


Here a quick rundown of the system:




Best Router Deal in History with some caveats.

Ok the goal of getting on the internet at home usually involves having the cable company come out and give you a modem. You in turn need a router but you know deep down the cable company router is a screw job extraordinaire. So you go buy your own. You go to Walmart and buy the cheapest thing that says "REALLY REALLY FAST" on the box. And they advertise speeds that you can't actually achieve but that's a blog for another day!


Never mind.......I'll touch on it. I have a MacBook Air. Top wifi speed is 867 MBPS. I don't care how fast the router is..........the max speed I'm going to connect is 867 MBPS. See where I'm going with this? TEST QUESTION: So an AC 3200 MBPS router connects me at what speed? If you answered 3200 MBPS you are clueless and probably a democrat. The correct answer is 867 MBPS.


Also, look at the router box real close. See any discussion about security on it? Nope. You won't. Why? Because they aren't secure because the real goal is that the dumbest person who opens the box be able to connect to the internet without them paying a tech support person for an hour to help you on the phone. Isn't that swell?


So here's a banging banging deal on a router that nets you decent security as well. First of all we want a D-Link DIR-860L version B1. Go in any store that sells them and you'll likely get a version A1. We want the B1. Look carefully at the box. They're a little hard to find in the US but I found one on eBay for $40 here.





It looks different than most routers which are rectangular boxes. Now right off the bat I'm going to tell you that D-Link has HORRIBLE SECURITY but we're going to blast their router software and add our own. This propels the DIR-860L into beast mode.


We're going to use LEDE firmware. This is a little geeky but worth the effort. Go to this page and download this file:


Now I am having you download the Developmental version that has no graphical interface. There is a stable version that does have a graphical interface and that would make a lot of the steps below not necessary but we want to enable something called Smart Queue Management Quality of Service (SMQ QoS) which crashes on the stable version right at the moment of this writing (5 May 2017). So we use the bleeding edge version.



Now power up your router and connect to your computer through port number 1, not the one that says internet, the one that says port 1.


Now go to a browser after it boots and type this address in the bar. At this point do not hook the router to the internet. Crappy security, remember?


192.168.0.1


You'll see the router config page. It'll try to get you to configure the internet but just X out of all that and you'll land at this page:





Click on advanced and then UPGRADE. And make no mistake, LEDE is an upgrade!




Now flash that file you downloaded previously. It will take a few minutes and you won't really be able to watch it because the address will change from 192.168.0.1 to 192.168.1.1 Just let the page countdown to 100% and take a short break to be sure it gets flashed.


Now developmental versions don't have a graphical interface but it's no problem to install one. Open Terminal in Mac or Putty in Windows and go to 192.168.1.1. In Mac type this.


ssh 192.168.1.1 -l root


That's a lower case letter L before root.


It will bark at you because there is no password. Ignore for the moment. Get ready to copy and paste these commands then hook the router to the internet and pass these 4 commands one at a time.



opkg update

opkg install luci

/etc/init.d/uhttpd start

/etc/init.d/uhttpd enable


Now go to your browser and type


192.168.1.1


and then configure your password. You can type anything in for a password then it will take you to the password change screen where you can change it. Make it a strong password. While you are on the password page set dropbear ssh to LAN as shown below. Then at the bottom of that page (not shown below) click save and apply.






Now go to Network "Wireless" and configure your WiFi





The Wireless Security tab is where you set the password.




Use Force CCMP (AES) as that is most secure




Now you have a $40 router that is a bad mama jamma. Now here is a bad ass trick to deal with something called BufferBloat. Bufferbloat quite simply is this:



Bufferbloat is the undesirable latency that comes from a router or other network equipment buffering too much data.


So this is probably something you didn't even know you suffered from. Why? Because your router is set for the stupidest user like I said before. Not the fastest or most secure user.


So lets put the DIR-860L into Internet Beast Mode.


Go back to your terminal and type


opkg install luci-app-sqm


Now go to System > Startup




Scroll down to "sqm" and click the start button and make sure it is enabled.




Now go to the Network Tab and at the bottom should say SQM-QoS. Click on that.




Now I set mine up according to the screenshots below. Your Mileage May Vary and I may not have it set up perfect but I pass the Bufferbloat tests at DSLReports like a boss. Note that each picture is of each of the three tabs on the page.






Now test at DSLREPORTS Speed Test.



Forty Bucks Folks. Forty bucks. Secure AND FAST.

Router Firmware - LEDE

Well, I bought a new router and that means I've got to exploit it for all it's worth. If you have even an inkling of network security awareness you know by now that home routers are by and large un-secure. Here's a good example of that. Not THREE days ago in the mail I received a shiny, new, refurbished Linksys WRT3200ACM router. State of the art, she is. One of the hottest, fastest, sexiest routers going right at the moment.


Look at what's in the news TWO days ago. Linksys router security story. Great. I had it a whole day and it's a security nightmare.


Think about this. This is the newest, biggest, and baddest router and it is about as secure as your son at Michael Jackson's Neverland Ranch.


Most of us are fairly router un-aware. Content to use the router the cable or satellite company gives you. Or at best buy a cheap router at Walmart then jump for joy when we plug it an and it works. It's usually hidden behind the TV never to be thought of again unless it breaks. Old hardware, running old software, hooked directly to the internet. What could go wrong?


There are some things you can do to mitigate. You can secure your network with a hardware firewall. There are several Open Source solutions for doing that and this isn't the blog for that scenario. However, that being said I run a pfSense appliance as my hardware firewall. It's very geeky to set up and in fact as you configure it you can be TOO restrictive which becomes a pain as well.


To really mitigate, or to at least improve the situation you can take your fancy router and install an Open Source Firmware on it. This essentially is a new operating system for the router. By and large they are Linux based. Because they are Open Source you have a community of people looking at them and patching up holes as they find them.


If you have a fancy new router and use the manufacturers firmware it probably has a fancy box which allows you to auto-update the firmware. And that's great right up to the point where I demonstrated above that the brand new, expensive as all get out router is basically Swiss cheese. With Open Source Firmware you're probably not going to have that fancy auto update box, nor do you want it because sometimes in the bleeding edge world of Firmware stuff breaks.


And if you're going to mess with Open Source Firmware I recommend you have TWO routers around in case one experiences some down time.


Now I haven't painted a very rosy picture here but the reality is that if you run said Open Sourced Firmware you are going to be more secure, have way better performance, and stability and you'll have community support. Try emailing Linksys or Netgear with a problem. You'll get an immediate email letting you know you're alive and then a crap answer 2 days later written by someone that knows less about routers than you do that you'll have to follow up on.


Also with Open Source Firmware you'll have the ability run programs that are not included in most manufacturers firmware. Things like Ad-Blockers, OpenVPN servers, proxy servers, DNSCrypt Proxy, guest networks, use your router for Home Automation.........you name it. I didn't even get close to covering all the bases there.


Here are some firmware choices you can use (provided your hardware is compatible).

OpenWRT - The granddaddy of the Open Source Firmware world. Started in around 2004 for the Linksys WRT54G routers (which is still a huge seller by the way) and sadly now just about a dead duck.


LEDE - Based on OpenWRT. Most of the developers didn't like the direction of OpenWRT and thought it was getting too closed. So they broke off and started their own thing which I just rediscovered.


DD-WRT - probably the firmware with the best name recognition and most popularity. Probably supports a lot more routers than all the other projects put together.


AsusWRT-Merlin - based on AsusWRT stock firmware. This is an amazing firmware but of course limited to Asus hardware and is ported to a few other routers. For example I run AsusWRT-Merlin on my NetGear R7000 Nighthawk router. It's awesome.


Tomato - There are a few forks of Tomato so i won't hot link anything. Shibby Tomato was a favorite of mine in years past but it sadly seems to be a dead duck as well.


Gargoyle - I don't have much experience with Gargoyle but I see it mentioned on the Forums quite a bit.


And of course there are more, probably many more but those are the most common ones.


So I have this shiny new Linksys (which is really Belkin) WRT3200ACM router and my go to firmware is and always has been DD-WRT however because this router uses a Marvel wifi chip and Marvel is NOT Open Sourced so much the wifi drivers on the Linksys WRT routers are usually CRAP for a year or so until the community hackers fix 'em up. For example I have a Linksys WRT1900ACS I got a little more than a year ago. It was a few months before DD-WRT got the drivers right. Now it just plain works, day in and day out, solid as a rock.


But the boys in OpenWRT and LEDE land always seem to compile the drivers in first before DD-WRT so what typically would happen was I'd hear about a new driver and I'd install OpenWRT and play around with a bit and then gravitate to DD-WRT later. Now that LEDE has spun off and I'm running a version of it I'm big time impressed with it. That is provided these wifi drivers hold up.


It's lean, mean, doesn't consume all the RAM and the LEDE developers are playing around with CPU scalability as well. They've really built a fine firmware. Right now the "Stable" branch still has the buggy wifi drivers in it but that will change soon and then I'll deploy this router as my main device.


One of the great tricks LEDE has is that I can change the power setting in the WiFi output. Yep, more power. More coverage. Because I am running behind a hardware firewall all I really need is a router that is:


a) Powerful

b) Stable

c) Fast


I don't require any other widgets. I do all my Ad Blocking, and Firewalling and VPN servers on my hardware firewall appliance. Here's a peek at the interface.



Simplistic. Not a lot of bells and whistles (although there are LEDE builds that have them) I end up getting EXACTLY what I need here. No more, and no less.


ME: Hardware Firewall to LEDE router which is secure


YOU: Cable modem to 5 year old router you've never updated.


Which one of us best stands a chance of not seeing our taxes on The Racheal Maddow Show?


Okay, here's how I did it and bear in mind I'm running a Development snapshot because of those drivers. The "Stable" version you just flash it from your Linksys firmware where you select the file and then flash. LEDE has a graphical interface, viewed in a browser, called LuCI.


The development snapshots don't gotta no LuCI (said in your best Ricky Ricardo voice). If you don't know who Ricky Ricardo or "Lucy" is just please leave now and never try to run Open Sourced Firmware.


Navigate to this page and download this file:

Make sure to get the squashfs-factory image file.



Now flash it from your Linksys firmware updater.


Once you flash it now open a terminal or Putty program and (in Mac OS X) type:


ssh 192.168.1.1 -l root


You may need to adjust your IP address but the initial flash I believe always turns the router into 192.168.1.1


Once you get in it will bark at you for not having a password set. Just press on quickly.


At your terminal prompt run the following 4 commands, one at a time, and yes, you must be hooked to the internet.



opkg update

opkg install luci

/etc/init.d/uhttpd start

/etc/init.d/uhttpd enable


Reboot, and then point your browser to http://192.168.1.1 and Bob's your Uncle.


I think by and large though for a home router that you want wicked stability on you want to only run the stable releases however I'm stuck between a rock and an unstable place because of the Marvel Wifi Driver issue (which will be resolved soon, you'll see). In fact the super geeks are getting much closer to solving this problem. I'd estimate a couple more weeks and it'll be resolved.


Power. Stability. Speed. Reliability. AND SECURITY.

Comments

Router Review - Linksys WRT3200ACM

I need another router like I need a hole in the head or an STD. That being said I stumbled across the router deal of the decade for a refurbished Linksys WRT3200ACM for $119. It's a great deal because retail is roughly double that and it's a brand new state of the art router.


All that being said, it's still a Linksys router and the home router market is just not as secure as you'd like it to be. The goal of the router manufacturer is that the dumbest customer they have open the box, plug it in, and get it working. That's not exactly built with security in mind.


For more details go to this website RouterSecurity.org.


You personally couldn't get me to run a home router directly off of a cable company modem. I run my home network behind a hardwire firewall. You should too. I use a pfSense SG-2220. You don't have to buy an appliance from there to have a pfSense firewall. It is open source software. You can buy an old rack mounted server on eBay for next to nothing with a Pentium Xeon chip and install pfSense which is free. You can use an old computer as well with 2 network cards. Only problem with that scenario is that you want an appliance that sips electricity, rather than gulps it. That's why an appliance with no fans and such is desirable. You can build your own as well with a mini ATX motherboard and CPU with passive heat sink. Throw a stick of RAM in and a hard drive and you're all set. Buying old on eBay is your least expensive route though.


Also I don't run stock firmware on my routers. I use Open Source Firmware which I believe to be more secure, faster, and just a better all around experience. They have plenty of added features that the stock firmware doesn't have. For example you can configure Ad Blockers, or set up a VPN server or client, or make a cool page where users have to log in like you see in hotels and such.


The Linksys WRT3200ACM claims to be OpenSource Ready and while that's kind of true, let me clue you in on something. Linksys is owned by Belkin and while they do support Open Source the Wifi Chips in this router are made by Marvel and their Open Source driver development is ages behind their proprietary drivers. The DD-WRT and OpenWRT forums are rife with problems with wifi right at the moment (APR 2017).


What's that mean for you? It means if you run DD-WRT or OpenWRT right at this moment you're going to likely experience wifi issues. Common problems reported are "IT WORKS AWESOME" then two days later you see "MY WIFI SPEED CHOKED DOWN TO NOTHING AND I HAD TO REBOOT THE ROUTER"


When I bought this routers cousin, the WRT1900ACS which I'm currently running the exact same scenario played out. It was about a year before the wifi drivers were good enough for daily usage. My WRT1900ACS is rock solid stable and has been for some time.


So I'm counting on Marvel to come through so the Open Source Firmware guys can incorporate those new drivers in their builds. So I opted to buy the WRT3200ACM at $119 knowing the problems will be resolved soon (hopefully).


But because I run behind a hardwire firewall it SHOULDN'T be an issue for me to run the Linksys Firmware for a bit until they get it resolved.


My home network is a bit more complicated than most as you can see. It's a conglomeration of hard wired ethernet and 2 wifi Access Points. Clients are not depicted. Thank goodness. The page isn't large enough :)







One of the best key features that no one knows about except super geeks is that there are two boot partitions. What that means is that your router comes with Linksys firmware and if you upgrade to DD-WRT Firmware that in reality BOTH FIRMWARES RESIDE ON YOUR SYSTEM. So let's say you muck up DDWRT real good or even you think you might have bricked the router you can turn it off on the switch on back, then turn it on three times until the lights come on, then turn off again. I think on the 4th boot it will revert to the other boot partition.


Or you telnet into the box and can run the following commands:


ubootenv get boot_part # this returns a number 1 or 2

ubootenv set boot_part 1 # this would set your partition to 1, change it to 2 for 2

ubootenv get boot_part # check it to make sure

reboot # restart to the partition you want to boot into.


One thing you don't want to do is update DDWRT from DDWRT because then it resides on both partitions. ONLY INSTALL OR UPDATE DDWRT FROM THE LINKSYS FIRMWARE. There is no DDWRT to Factory Firmware .............yet. The WRT1900ACS has one but the WRT3200ACM does not have a revert file yet.


It's not impossible to get it back but you end up using a TTL to serial converter and cracking open the router case. Not something you really want to do.


Anyway the WRT3200ACM came with the latest firmware (and oh by the way today Linksys announced there were 10 exploits that are unpatched found in their firmware)


The Linksys Stock Firmware is adequate and even has an OpenVPN setup in it which is quite easy. I found that things like Dynamic DNS are hidden or at the least not very intuitive to find. Whatever happened to the left hand link called "ADMINISTRATION"?




It isn't tremendously attractive but I managed to install a variant of OpenWRT firmware called LEDE. Great Open Source Project, very, very powerful firmware but not for the faint of heart. It's fairly geeky. But I'd say it's fairly secure as well. Power and geekiness doesn't always equal polished.





Comments

How to Make Your Own VPN Server

So the ISP's are selling your web history, and you never should trust the wifi network at the hotel, the restaurant, or the coffee shop. What's a soul to do? Get a Virtual Private Network (VPN).


Nowadays your fairly new router should have the ability to set up a VPN but you lack some control over configuration and security. It's really a piece of cake now to install a VPN server on a Raspberry Pi computer ($35) and leave it on 24/7. There is a program called PiVPN that makes it almost too easy to do.

What you need to pull this off is:


- Raspberry Pi 3 (recommended) Get the one I linked because it has a good 2.5 amp power supply with it for $41 total. Heck the Pi itself costs $35 to $40 usually.

- Micro SD card I like San Disk, and about 8GB is plenty good for this project. The card I linked is $10. You can get them cheaper than this especially if you get a Class 4 card. I personally run San Disk Class 10 cards in all my Pi's.

- Ethernet cable. (optional) I recommended running the Pi right off your router via ethernet. It'll be faster. The Pi 3 has on board wifi though so it isn't a must.


Now you have the hardware. Lets download the software. First you need the OS and we'll use Raspbian. There is a Raspbian and a Raspbian Lite. Either one will work. Technically the Lite version is enough to pull this off but I like to run the full Rasbian because you can VNC into it graphically and control the Pi from afar from its desktop interface. Download one or the other from here.


Rasbian and Raspberry Pi are nothing to be scared of. If you plugged Raspbian into your monitor, keyboard, and mouse, it looks just like any other Operating System. It's lean, mean and very intuitive. Click the little Raspberry in the top left corner and it's set up like a windows type desktop.




Now download Etcher. Once Etcher is downloaded put your micro SD card in your computer, point it towards your downloaded file and click the FLASH button. It's that easy.





Now this is kind of a sticking point. Because we are going to be running this Pi headless, which means without monitor, keyboard, or mouse we have to access it from the command line from another computer. Since November of last year Raspbian has disabled Secure Shell (SSH) from being enabled as default on a fresh install. You have to enable it. Two ways to do that. One is to hook up a monitor, keyboard, and mouse and open Raspi-Config put your SD card in and boot up. Once at the desktop you can open Raspi-Config. You can open it from terminal by typing:


sudo raspi-config


Select Number 5



Then number 2




Then "yes"



Okay, that's kind of a pain. (I'm doing this from a Mac, so it only works on a Mac. Google up your OS directions if you have something else).


While the SD card is still in after you run Etcher, open a terminal and type:


cd /Volumes


then


cd boot


then


touch ssh


Then place the SD card in the Raspberry Pi and boot it up.


To SSH into your Pi from a terminal type


ssh 192.168.x.xx -l pi (where x.xx is the IP address of your Pi) (i.e. ssh 192.168.1.2 -l pi)

password = raspberry


Change the password once you boot up for the first time by going to Raspi-Config and selecting number 1.


Now go to a terminal and type:


curl -L https://install.pivpn.io | bash


Then follow along with the directions here. The directions are slightly outdated but the newer installation flow is much more intuitive. It probably takes 30 mins or so to complete. The lengthy part of the process is the generation of encryption keys. Everything else goes fast.


Once that is done use an SFTP client such as FileZilla to move your client certificates to your computer or tablet, or phone for installation. (All that is also covered in the directions).


Here's one thing I noticed though. The configuration file it generates DOES NOT route all traffic through the VPN and by golly that's what I want.


From a mac computer you can import your ovpn

file into a program called Viscosity. Once you tell Mac you want to open that .ovpn file with Viscosity it will import it then you can easily make it route all traffic through the VPN by doing this. I named my test file "VPNatMoms". Highlight and Click "Edit".




Now go to Networking Tab and click the radio button to route all traffic through the VPN. Then hit Save.




That works great for Viscosity, but if you want to ensure you route all traffic over the VPN on your IOS device it's not that easy. Back to Viscosity:


Highlight your connection then click "Export Connection" Save it wherever you want.


MAKE SURE THAT YOU CLICK TO ROUTE ALL TRAFFIC THROUGH THE VPN ON EVERY PROFILE YOU NEED TO DO THIS BEFORE YOU DO THE NEXT STEPS!




Now you can right click on the file and "Show Package Contents"



There will be a file called config.visc


Change it to whatever you want dot ovpn (i.e. john.ovpn)



Now make sure you have the OpenVPN app on your IOS device. Now hook your phone or tablet to your Mac and open iTunes to sync. Now go to the OpenVPN app under File Sharing on the "Apps" page which will give you a box called "OpenVPN Documents" to allow you to drag those 5 files into and then sync your phone or iPad. It's kind of weird because when you click on Apps in the left hand pane it kind of looks like a complete page, but you can scroll down to find the File Sharing section. It's a real head scratcher for sure. HIDDEN.




Now you should be able to open the OpenVPN app and connect. You'll have to add your password first time.


There's another way to do it but it's fairly geeky. Install a program called ruby on your mac. From a terminal type:


brew install ruby


Once installed click the "Download Zip" button from this page. Once unzipped the file will be called viscosity-to-ios-connect.rb. Open it with Text Editor. Find the 8th line of text and do this:


change line 8 from: File.read(file).each do |line| to File.read(file).each_line do |line|




config_files = Dir.glob("#{ENV['HOME']}/Library/Application Support/Viscosity/OpenVPN/*/config.conf")
config_files.each do |file|
  certificate_files = ['ca', 'cert', 'key', 'tls-auth']
  config_dir        = File.dirname(file)
  connection_name   = nil
  new_config        = []
  File.read(file).each_line do |line|
    line.strip!
    if line.start_with?('#viscosity name')
      connection_name = line.match(/^#viscosity name (.*)/)[1]
      next
    end
    next if line.start_with?('#')
    (key, value) = line.split(/\s+/, 2)
    if certificate_files.include?(key)
      # Special case for tls-auth which is "key direction"
      if key == 'tls-auth'
        # add direction to config
        (value, direction) = value.split(/\s+/)
        new_config << "key-direction #{direction}" unless direction.nil?
      end
      certificate = File.read("#{config_dir}/#{value}")
      new_config  << "<#{key}>"
      new_config  << certificate
      new_config  << "</#{key}>"
      next
    end
    new_config << line
  end
  raise "Unable to find connection name in #{file}. Aborting." if connection_name.nil?
  new_config.unshift("# OpenVPN Config for #{connection_name}")
  out_file = "#{connection_name}.ovpn"
  File.open(out_file, 'w') { |f| f.write(new_config.join("\n") + "\n") }
  puts "wrote #{out_file}"
end




Save the file.


Now go back to the terminal, make sure you are in the same directory that file is and type:


ruby viscosity-to-ios-connect.rb


It will take every Viscosity profile and change it to an OpenVPN profile. You can email it to yourself then just click on it in your iPad to import it. Note that I have 6 profiles for OpenVPN. Your mileage may vary.




Now the profiles you install in OpenVPN will ROUTE ALL TRAFFIC THROUGH THE VPN. Safety, Security. Ahhhhhhhhh.


They seem to have left out on vital detail. What happens if you don't have a static IP address and your ISP routinely changes your address? During configuration they have you select between IP address and DNS address (which I chose DNS address and configured it to hagensiekerj.duckdns.org) And I thought that was cool but then I realized THERE IS NO TOKEN ADDED TO ACTUALLY CHANGE THE ADDRESS. It won't actually update the address.


So ......... go to DuckDNS.org and make a domain and click on "Add Domain". It will give you a token (which I have redacted in the photo below) Your domain can be anything, your name, your dogs name, nonsense letters.......anything. I made hagensiekerj




Now click the install tab on the DuckDNS toolbar, click on "Pi" and choose your domain from the dropdown box




That will give you a directions page to follow to install a script file which checks your IP address every 5 minutes and changes it as necessary.



I noticed some problems here so I'm going to lend a little advice. The script only ran if I ran it as super user. Go to the line that says "vi duck.sh" and instead type


sudo nano duck.sh


And because of the way the script is run and the permissions it wants to write the log file to the root owner. So on the second line of the script where it says


~/duckdns/duck.log


change that by removing the ~ to this:


/home/pi/duckdns/duck.log


Now click the Control Key plus the X key, then the Y key to accept and Enter to save.


Now you need to sudo the ownership command below:


sudo chmod 700 duck.sh


Then sudo the crontab -e command below as well.


sudo crontab -e


add this to the last line


*/5 * * * * /home/pi/duckdns/duck.sh >/dev/null 2>&1



Now click the Control Key plus the X key, then the Y key to accept and Enter to save.


Now when you run the command


cat duck.log


It should return OK but it showed in a bizarre place in my terminal.




If it says "KO" you suck. Try again.


Now when your computer boots it will check it's DDNS address every 5 minutes and update as required. So in the worst case scenario it could be down for 5 minutes if your ISP changes your address.


You is a steely eyed missile man.

MQTT PIR Motion Sensor with ESP8266 Feather Huzzah in Home Assistant

Because Motion Sensors for Home Automation cost so much money I decided to build one of my own from the prodigious spare parts box in Castle Hagensieker.


BOM



Adafruit Feather Huzzah - $16.95 plus shipping. I chose this because, a) I had one, and b) it has a battery attachment point.


Adafruit PIR Sensor - $9.95


Micro USB charger - You have one already don't you from an old cell phone?


Bear in mind you do NOT need these exact parts. You can go to eBay and buy the cheapest, from China, ESP8266 and PIR module and they will work fine.


Time to wire it up. Quite simple. One gotcha. Feather Huzzah is 3.3v and PIR module generally requires 5v. In my case I didn't need to modify anything but there is a voltage regulator on the PIR module. You tack solder a wire on it and use it instead of the red wire depicted below. I don't think you need it, but if you do you'll have to Google it. There are a dozen or more pages that show you how to do it. Mine just works.


PIR 5v to Feather Huzzah 3v = red

PIR GND to Feather Huzzah GND = black

PIR Signal to Feather Huzzah GPIO12 = yellow





Okay I'm assuming if you have an ESP8266 and Arduino you know how to set it up and ensure you have the proper libraries. If not read and follow this article. I could write the steps but they did it better.


Now make sure you have the following libraries installed:


ESP8266WiFi.h

Adafruit_MQTT.h

Adafruit_MQTT_Client.h"


Use this sketch making sure to fill out your wifi, and MQTT credentials.


/*
 Basic ESP8266 MQTT PIR sketch


*/


#include <ESP8266WiFi.h>
#include "Adafruit_MQTT.h"
#include "Adafruit_MQTT_Client.h"


// Update these with values suitable for your network.


/************************* WiFi Access Point *********************************/


#define WLAN_SSID       "yourwifi"           // Wi-Fi network name
#define WLAN_PASS       "your password"           // Wi-Fi password


/**************************** MQTT Broker ************************************/


#define AIO_SERVER      "192.168.XX.XX"  // MQTT broker IP
#define AIO_SERVERPORT  1883             // MQTT broker port
#define AIO_USERNAME    "user"           // MQTT username
#define AIO_KEY         "pass"           // MQTT password
#define AIO_CID         "ESP-PIR-01"     // MQTT client ID




// Start a counter for serial logging and set the initial value to no motion 
int counter = 0;
int previousReading = LOW;


WiFiClient client;
// Setup the MQTT client class by passing in the WiFi client and MQTT server and login details.
Adafruit_MQTT_Client mqtt(&client, AIO_SERVER, AIO_SERVERPORT, AIO_USERNAME, AIO_KEY, AIO_CID);


// Setup publish feeds - define topic name in parenthesis 
Adafruit_MQTT_Publish status  = Adafruit_MQTT_Publish(&mqtt, AIO_CID "/feeds/motion");
Adafruit_MQTT_Publish motion_topic  = Adafruit_MQTT_Publish(&mqtt, AIO_CID "/feeds/motion");


long lastMsg = 0;
char msg[50];
int value = 0;


/////////////////////////////
//VARS
//the time we give the sensor to calibrate (10-60 secs according to the datasheet)
int calibrationTime = 15;        


//the time when the sensor outputs a low impulse
long unsigned int lowIn;         


//the amount of milliseconds the sensor has to be low 
//before we assume all motion has stopped
long unsigned int pause = 5000;  


boolean lockLow = true;
boolean takeLowTime;  


int pirPin = 12;    // the digital pin connected to the PIR sensor's output
int ledPin = 16;    // the digital pin connected to built-in LED




void MQTT_connect();


void setup_wifi() {


  delay(10);
  // We start by connecting to a WiFi network
  Serial.println();
  Serial.print("Connecting to ");
  Serial.println(WLAN_SSID);


  WiFi.begin(WLAN_SSID, WLAN_PASS);
  while (WiFi.status() != WL_CONNECTED) {
    delay(500);
    Serial.print(".");
  }


  Serial.println("");
  Serial.println("WiFi connected");
  Serial.println("IP address: ");
  Serial.println(WiFi.localIP());
}


  // Setup a MQTT subscription
void callback(char* topic, byte* payload, unsigned int length) {
  Serial.print("Message arrived [");
  Serial.print(topic);
  Serial.print("] ");
  for (int i = 0; i < length; i++) {
    Serial.print((char)payload[i]);
  }
  Serial.println();


  // Switch on the LED if an 1 was received as first character
  if ((char)payload[0] == '1') {
    digitalWrite(BUILTIN_LED, HIGH);   // Turn the LED on (Note that LOW is the voltage level
    // but actually the LED is on; this is because
    // it is active low on the ESP-01)
  } else {
    digitalWrite(BUILTIN_LED, LOW);  // Turn the LED off by making the voltage HIGH
  }


}


void MQTT_connect() {
  int8_t ret;


  // Stop if already connected.
  if (mqtt.connected()) {
    return;
  }


  Serial.print("Connecting to MQTT... ");


  uint8_t retries = 3;
  while ((ret = mqtt.connect()) != 0) { // connect will return 0 for connected
       Serial.println(mqtt.connectErrorString(ret));
       Serial.println("Retrying MQTT connection in 5 seconds...");
       mqtt.disconnect();
       delay(5000);  // wait 5 seconds
       retries--;
       if (retries == 0) {
         // basically die and wait for WDT to reset me
         while (1);
       }
  }
  Serial.println("MQTT Connected!");
  status.publish("online");
}


void setup() {
  pinMode(BUILTIN_LED, OUTPUT);     // Initialize the BUILTIN_LED pin as an output
  Serial.begin(115200);
  setup_wifi();
  pinMode(pirPin, INPUT);
  pinMode(ledPin, OUTPUT);
  digitalWrite(pirPin, HIGH);


  //give the sensor some time to calibrate
  Serial.print("calibrating sensor ");
    for(int i = 0; i < calibrationTime; i++){
      Serial.print(".");
      delay(500);
      }
  Serial.println(" done");
  Serial.println("SENSOR ACTIVE");
  delay(50);




}


void loop() {
  // Ensure the connection to the MQTT server is alive (this will make the first
  // connection and automatically reconnect when disconnected).  See the MQTT_connect
  // function definition further below.
  MQTT_connect();


     if(digitalRead(pirPin) == HIGH){
       digitalWrite(ledPin, LOW);   //the led visualizes the sensors output pin state
       if(lockLow){  
         motion_topic.publish("ON");  
         //makes sure we wait for a transition to LOW before any further output is made:
         lockLow = false;            
         Serial.println("---");
         Serial.print("motion detected at ");
         Serial.print(millis()/1000);
         Serial.println(" sec"); 
         delay(50);
         }         
         takeLowTime = true;
       }


     if(digitalRead(pirPin) == LOW){       
       digitalWrite(ledPin, HIGH);  //the led visualizes the sensors output pin state


       if(takeLowTime){
        lowIn = millis();          //save the time of the transition from high to LOW
        takeLowTime = false;       //make sure this is only done at the start of a LOW phase
        }
       //if the sensor is low for more than the given pause, 
       //we assume that no more motion is going to happen
       if(!lockLow && millis() - lowIn > pause){  
           motion_topic.publish("OFF");  
           //makes sure this block of code is only executed again after 
           //a new motion sequence has been detected
           lockLow = true;                        
           Serial.print("motion ended at ");      //output
           Serial.print((millis() - pause)/1000);
           Serial.println(" sec");
           delay(50);
           }
       }


}


Now hook up the Feather Huzzah and ensure you select the correct board and port. Then click the upload button which is the right arrow looking one.



Getting close. Once the uploads completes it will connect to your MQTT server and publish the topic "ESP-PIR-01/feeds/motion" You can then use an MQTT client, (I use MQTT.fx) to see if the sensor is reading ON and OFF



If it triggers on and off with motion then you're ready to configure Home Assistant as a binary sensor. Add this to your configuration.yaml file under binary_sensor:


- platform: mqtt

state_topic: "ESP-PIR-01/feeds/motion"

name: PIR Sensor

payload_on: "ON"

payload_off: "OFF"

qos: 0

device_class: motion


Once you restart Home Assistant it should show up as a binary sensor and indicate ON or OFF. Note that my PIR Sensor is the last one on top on the right.






Now that the binary sensor is installed and reads the motion state you can use it to trigger events in automation. For example this is going on the Back Porch. A motion trigger turns on the back porch light (which is actually a Z-Wave GE switch on the inside of the home). The following automations allow for this. And automation 7 stops the lights from coming on during daylight hours. Pretty smart, huh?


automation 7:

  alias: Back Porch Light On

  trigger:

    - platform: state

      entity_id: binary_sensor.pir_sensor

      to: 'on'

  condition:

    condition: and

    conditions:

      - condition: state

        entity_id: binary_sensor.pir_sensor

        state: 'on'

      - condition: time

        after: '19:00:00'

        before: '07:00:00'

        weekday:

          - mon

          - tue

          - wed

          - thu

          - fri

          - sat

          - sun

  action:

    - service: switch.turn_on

      data:

        entity_id: switch.ge_12722_onoff_relay_switch_switch_8_0

automation 8:

  alias: Back Porch Light Off

  trigger:

    - platform: state

      entity_id: binary_sensor.pir_sensor

      to: 'off'

      for:

        minutes: 1

  action:

    - service: switch.turn_off

      data:

        entity_id: switch.ge_12722_onoff_relay_switch_switch_8_0


Enjoy.

Printing on Eggs and Shit.

So I've got a couple 3D printers and a vinyl sign machine and I'm always looking at related forums and reading the industry magazines. One day on Thingverse.com I stumble across the Sphere-O-Bot which shows a 3D printed frame with a couple of NEMA 17 motors and an arduino. And I think "I have to make that". Forget that I have absolutely no reason to print on eggs or ping-pong balls but just as a man climbs Everest because it is there so it is with me.


There is a kit from a place called J-Robots or you can source the parts yourself. The software is open source. The thing is that an Arduino Leanardo, a Brainboard, and two stepper motors and drivers will set you back over $60 maybe more with shipping. Then you need the hardware and the other related stuff. Might as well get the kit.


However, I'll say this up front. IF PRINTING ON EGGS IS SOMEHOW IMPORTANT TO YOU......... buy a bigger kit. This barely and I mean barely holds a Large egg. In fact some of the eggs I have won't fit. I always buy the largest ones in the store. There are bigger kits out there. Same stuff, just it holds bigger items.


Here's another gotcha. I could not for the life of me get the Arduino software to load or the Inkscape plug in to work on Mac Sierra. Everything works perfectly on Linux Debian. I can't speak for Windows but Mac wasn't working right.


Another caveat is that when I was looking at the J-Robots kit they didn't have the 3D printed parts available. No problem, for me BUT the frame takes about 13 hours to print. But it looks mighty nice when it's all said and done. If you print this frame you won't need to print with supports. Brilliant. Get the rest of the parts here, except for the frame of course.




The other parts can be zipped off in an hour or so. Here's what it looks like assembled with the help of my poodle model.



Assembly is pretty easy but forcing the suction cup on the left side into the fitting was no fun. Follow the software installation instructions here. For me it was literally just unzipping some files to my extension folder for inkscape from here. For mac and windows there is an installer but again it didn't work for me under Mac Sierra.


Setup is a little un-intuitive but if you've successfully built it you'll figure the rest out quick enough. I screwed up only a couple of eggs before I got great prints. So there is a learning curve but not a big one.


Here's a video of me printing over some screw ups with a geometric pattern.




And finally here is a video showing the whole device in operation.




I have a few things to figure out still. I can easily see where tinkering with positioning, pen height, different types of pens, etc. will make a huge difference in quality.


So until I figure out what to do with this thing I do know a few people with little kids and Easter is coming up! Okay, okay, I wasted a hundred dollars. Sue me.





Original Prusa i3 Mk 2 - 3D Printer Review

I started 3D printing about a year or so ago with an inexpensive Prusa i3 3D kit from RepRapGuru. Wow the price went up some! It was like $280 and sold on Amazon and I remember seeing the same kit sold on eBay from the same person with a "Make An Offer". I think I offered $250 or something and they took it. Anyway the kit was pretty great and after using it a month or two I got upgrade-itis and rebuilt it with a new extruder and new lead screws, and added belt tensioners and good bearings for the belts to ride on. And I put overpriced Japanese bearings in it. It's really a great printer now but as with all things technology moves on. Prusa i3 kits now use PINDA probes for exacting nozzle positioning and mesh bed leveling which means even if your build surface is not perfectly flat or straight that the software (firmware) will compensate for it. This adds a huge quality increase, a speed increase if you are so inclined, and the printer in general prints about 31% larger objects. Of note there were a few things I wanted to print that wouldn't quite fit on the old printer.


Of note is the fact that my first kit was called a "Prusa"........that stands for Josef Prusa who now is in business and makes and sells the new Original Prusa i3 Mk2. Here's the best part. Make Magazine gave it the BEST OVERALL and BEST VALUE award for 2017. Think about that. Best printer at the best cost. You can read their review here. Also there is a guy named "Tom" on the internet that does the best YouTube videos for 3D printing there is. Don't mess with Tom. This video alone sold me.



Okay so Josef Prosa has his own company and makes the best printer at the best price. You can buy the kit for $700 or a fully assembled one for $900. I opted for the kit. And because it comes from overseas expect to pay $80 or so for shipping. Also there is such demand for the kits the lead time is 7 weeks!. While that sucks in this day and age of "I want it now" it speaks volumes for the kit in my opinion.


When the box showed up it was WAY smaller than I imagined. It is very well packed and very intelligently packed. The parts and hardware are in well labelled zip lock bags which correspond to the steps in the manual. I found no deficiencies in the packaging. Also they give you a bag full of spare hardware AND the tools to build the kit with. They literally thought of everything. I promise you the bag of spare hardware was added by someone who builds them for a living who drops screws and nuts behind the workbench. What an incredible touch. Spare hardware.


Electronics and motors and such are boxed wonderfully and safely as well. Parts that hook up to the electronics board that are similar and which could be potentially plugged into the wrong place are intelligently and distinctively marked in a couple of different manners. Really smart.


The build quality of the 3D printed construction parts in the Prusa i3 Mk2 kit is amazing.


When I built my first RepRap kit the build quality of the printed parts was "meh". I literally had to zip tie the X axis ends together so I could print new ones to rebuild it with. But such is the life of a 3D printer geek. Anyway the parts in the Prusa kit are perfectly printed. Another thing I enjoy about this kit is that although it is an advanced printing platform the end user building the kit doesn't have to dive deep into the extruder calibration. All that has already been figured out and preprogrammed. When I built my first RepRap kit I had to measure extrusion levels, do math, change values in the firmware to make sure the proper extrusion rate was happening. Not so with the Mk 2 kit. So while it a highly evolved Prusa i3 the end user just has to put it together.


It took me about 3 short sessions to build the kit but remember, I've built and then rebuilt a 3D printer before. I would guess it took me 5 hours or so to construct the whole thing. Basically as soon as it was built and I ran the first calibration it passed successfully and I was able to immediately start printing. The secret to that success is to ensure the Y axis frame is built perfectly and is square and the bed frame tracks perfectly. If the Y axis is built crooked you are doomed, doomed, doomed to have problems. Take the time and do it right and it will calibrate on the first go around.


Build quality of the kit is amazing. It is sturdy and the cable wraps make for a neat installation profile with great cable management. Here's a pic without the electronics and heated bed.



Now here is a pic of the completed, and working printer.



To make sure I was up to snuff I decided to print the dragon that is used in their promotional pictures and is shown on their web site. Kind of a rite of passage thing. Also the Dragon model (Adalinda, included on the SD card) takes about 7 hours and change to print and is pretty complex. I figure if my first print is a 7 hour complex model and it works then I can declare the build a success.


Nailed it!



Finally I gained another capability that I didn't easily possess on my RepRap kit. The ability to do 2 (or more) color prints. The picture below is also included on the supplied SD card.



Now, to make sure this wasn't some fluke I decided to try this on another model to make sure I could do this to anything I wanted to do it to. You have to modify the gcode to tell the printer when to stop. Prusa has added easy instructions and a gcode tool on their website to do this. The page even includes a great video that explains the process. Here's my stab at it.



As someone who has built a printer before and then rebuilt it and pushed it to the limits I can tell you that the Original Prusa i3 Mk2 kit raises the bar for 3D printers. The fact that it comes in an inexpensive kit form is like icing on the cake. They also have great software support and even have a customized version of Slic3r, the slicing software that generates the gcode used in printing.


Of note: Once I built my printer sure enough there was a firmware update and sure enough the firmware wouldn't load in Mac Sierra. And then equally sure enough on their support pages it seems there is a special firmware loader for Mac Sierra. Now it works great!. You can find a link to it on this forum page. Other than that there were only a couple steps where I scratched my head in the manual however the on-line assembly manual here has a place for builders to add comments which is ANOTHER STROKE OF GENIUS. All my head scratching questions were contained within the answers. Take the time to read the comments unless of course the directions are crystal clear, and most of the time they are.


Order one of these printers today. Best thing going. Thanks Josef Prusa!


And here I am in action and still using my first 3D printer as well. It's still viable just not as great as the Mk2.













Home Automation Hardware

So you've decided to automate your home some, huh? But don't know much about it, huh? Seems you go to Walmart or Home Depot or Best Buy and the store areas of smart home components is getting bigger and bigger and everything looks SOOOO cool, but alas, it isn't and it doesn't all play together nicely. There are so many different standards and none seems to have prevailed yet. Here are some of the popular ones.

- ZWave

- Zigbee

- WiFi

- Bluetooth


There are others but lets just start with these. So you decided to take the plunge and buy a smart bulb. Seems the logical place to start. Then you get it home and realize the light bulb that cost you grocery money for the week WON'T WORK WITHOUT A CONTROLLER OR HUB. You look at the box and there it is in small print. Then you find out the hub is expensive and somewhat proprietary to the bulb. Then you buy another device and figure out it needs a hub too!.


But you're lucky. You got a wifi bulb which works from an app. Then you get another wifi device which works from an app. Then you realize the bulb must be in the on position all the time and YOU CAN ONLY CONTROL IT FROM THE APP. You went into the dark bathroom and your phone is in the other room and then you realize you didn't think this out as well as you should have.


So I guess what I'm saying is you need a plan BEFORE you embark on throwing a sea of money at making your home smarter. You need to know the conditions that are acceptable to you before you start buying expensive items.


There are hubs out there that control various protocols. I bought the Wink Hub 2 which seemingly does them all but I found it to have some latency issues. Also you have no control over getting deep inside the component and tweaking it's hidden settings. Wink is for simplification and not for a mythical power user like myself. Also I bought some Osram Lightify light bulbs which are Zigbee protocol and worked with Wink Hub 2. If I turned power out or something it seems I had to reconfigure the bulbs or maybe the distance from the bulb was just too far from the hub. At any rate it wasn't working well in my setup so I decided to get and stick with Z-Wave components. Not a fan of Zigbee and wifi seems so hackable. Nobody is going to run around and hack your Z Wave stuff (I don't think).


So I bought a few items and managed to get them to play nicely around an Open Source project called Home Assistant. Keeps you from using a dozen smart phone apps however the one and only controller I use is a Z-Wave protocol. It is the Aeotec 5th Generation USB stick.


AEOTEC 5th Generation USB Stick


Small, simple, and easy to program. More on that later.


I already touched on my first big home automation discovery.........The app controlled light bulb. When I wake up I just want to switch the lamp next to the bed on, not find the phone, find the app, etc. I very quickly came to the conclusion that wall switches that also work manually are most suited for normal home operation. Well, now I need to make sure my switches are either Z-Wave or Wifi. Were I to get a Zigbee protocol switch I'd need to buy another hub. Been there. Done that.

So I settled for GE Wall Switches 12722


GE Z-Wave Wall Switch


This allows me to use my program Home Assistant or the switch itself. Best thing is these switches can be wired up as three way switches. That is where you have 2 switches controlling one light. Like at the top and bottom of the stairs. BUT, you are tied to using ONLY the GE Add on Switch. The switch works great but I learned that the add on switch doesn't have a Z-Wave controller so that if you push it your Home Automation software won't report the change until it polls the light and sees that it is off. Polling is typically done every 30 seconds on Z-Wave. If you are obsessive compulsive and can't wait a few seconds for the switch state to change in your software the GE Add on switch is not for you. I'm told the HomeSeer line of switches add on switches report state. (Don't hold me to that). Me, personally, I can wait 30 seconds for the slider to slide over. It only bothers you when you're setting this all up or showing it off. In real world applications you turn the light on or off and then don't run to the computer to see what happened. Trust me, this is good enough.


So I have multiple Z-Wave switches in the house and just for fun I bought a Wemo Wifi Switch to put in the guest room.


WeMo Wall Switch


It works great but this switch is NOT a three way switch. Again you have to plan accordingly.


Now there is a place for smart light bulbs...........I use them in lights that I want to control to make it look like someone is home at night or at least awake. You know the light I'm talking about, the decorative one you never actually use in the living room. Or the front porch lamp that you realize you forgot to turn on AFTER you got all comfortable in bed. No more, I say to you. No more.


Not only can you control these lights from Home Assistant, you can automate them to come on at sunset and turn off at sunrise. I've done this with all my outside lights and some inside ones. They come on when the sun goes down and I never have to worry about it again.


So here's my current rough set up. Sensors across the top. Several for my Ring Pro doorbell, and Nest Thermostat. On the top left I have several hacked WiFi outlets I bought at Walmart. These use machine to machine protocol (MQTT) which I haven't discussed yet. These control the lamps in my house that I never actually turn on. Now I can give the dog light when I'm gone or make it look like someone is moving around inside. Also I have some relays which also run via MQTT or aRest platform. Right now these are experiments but I intend to deploy these as garage door openers and maybe yard sprinklers. As you can see I have 4 GE Z Wave switches and the one WeMo wifi switch. The automation set up shows for turning the lights on and off with sunrise and sunset and then also my LIFX lights and GE Z Wave bulb (Walmart $19) is in the garage. I'm going to tie this one into a motion sensor. I'll make it so the motion sensor only works from say 5PM to 7 AM to save a nickel or two a year. Also I can control my NEST thermostat from the Climate Section.






In another cool discovery I found I can add a web links section. Mine is titled LogitechMediaServers and these are links to my music servers.



Here's the media server. i think it's pretty cool I tied it to the Home Assistant program. Also, think about it, you could tie any other web app to this as well.



So I have multiple devices............and I've decided that the truly smart home is somewhat centered around smart wall switches and smart outlets. i prefer Z Wave and I prefer the smaller USB stick controller to the big gigantic hub. Also the Z Wave controller is LOCAL and most of the hubs are CLOUD. Yuck!

Wifi lamps such as LIFX are preferable to me than Phillips Hue which requires a hardware bridge.


For simple VOICE control you can get an Amazon Echo Dot and say "Alexa, Discover Devices". And then you can say "Alexa, Turn on Garage Light" or in the case of my garage light it is a GE dimmer bulb I can also say "Alexa, Turn on Garage Light to 50%". It is ONLY simple control if you keep Alexa local. If you chose to you can create Alexa actions but it is VERY GEEKY and you must open your Home Assistant instance up to the internet. Currently my Home Assistant instance is behind a firewall and is not accessible from the internet. And I know what you're thinking............"What good is that when you're gone?"


My answer to that is that I have a Virtual Private Network (VPN) that I can connect to and then I have full local control. In my mind it makes it a little more secure.


I have a smart lock and I guess I should have gotten a Z wave lock (yep, they make 'em) but I opted for bluetooth. I really like that I can have my phone or a FOB on my keychain and just TOUCH THE LOCK to unlock the door. To me that is better than clicking a slider in a web page or app. So again, every smart appliance needs to be thought out before you buy it. Yeah it would have been cool to control the lock from Home Assistant, but why? if someone is coming over I trust I can email them an encrypted access key. No more hiding keys.


My only regret is that I bought exterior security cams before I got interested in smart home stuff. My cameras, at least now, don't play nicely with this stuff. It's regrettable but hardly the end of the world. I love my camera system and it also was a very well thought out and contrived purchase. It suits my needs perfectly, I just can't view the cameras in the Home Assistant interface. This is NOT that important to me.


I guess the moral to the story is that NO MATTER, no ONE SINGULAR SOFTWARE OR HARDWARE PLATFORM WILL SUIT YOUR ENTIRE NEEDS. For now it is a mishmash of consumer products with no standard set in place.

Home Automation

Well, I don't know much about Home Automation, but I'm learning, and I like it. This journey started out with one goal in mind. To turn a single solitary light online from the internet in my front window to make the house look occupied when I'm on travel.


So I started an EcoPlug project and figured out how to set up a machine to machine protocol server (Mosquitto) and then thought......"Well, since I've got this server.........".


One Ecoplug turned into four, and then I learned to control mechanical relays with ESP8266 Internet of Things (IoT) chips. Then I bought a wifi LIFX colored lamp and then I bought two Orsam Lightify wifi lamps. Then I found out that the Lightify lamps wouldn't work because they used something called Zigbee which is a mesh network that hooks devices together. Then I found out there is another standard called Z Wave. Then I found out they sell hubs that do both among other standards. One such hub that I bought is the Wink Hub 2.


Now with all this I can add motion sensors, door sensors, more lights, cameras, you name it.


So now as you can imagine, I have several devices from several companies and several different apps to control them. Once again there is a program called Home Assistant that lets you tie it all together on a single control portal. Here's mine as it stands right this moment:



As you can see I can control my plugs, My lights, my relays and even my Nest Thermostat. As an added bonus it pulls in Plex Media Server, Chromecast, and my music servers (logitechmediaserver) as well.


Then you can take your devices and set automation up. For example my outside light and living room light are set to come on 30 minutes prior to sunset and turn off just before sunrise. (I need to tweak that a little). If you group your devices, as I have done here you can turn them all on at once or individually. Home Assistant also gives you the ability to add custom icons and custom names so now I know exactly what switch I'm controlling when I flip the switch. Just by adding some automation commands I can turn on outside lights at sunset and turn them back off at sunrise. I just worked through the first night of it and I'm positively giddy that it worked.


#Automation
automation:
  alias: Turn on lights when sun sets
  initial_state: True
  hide_entity: False
  trigger:
    platform: sun
    event: sunset
    offset: "-00:05:00"
  action:
    - service: light.turn_on
      entity_id: light.front_porch
    - service: light.turn_on
      entity_id: light.living_room_lamp
automation 2:
  alias: Turn off lights when sun rises
  initial_state: True
  hide_entity: False
  trigger:
    platform: sun
    event: sunrise
    offset: "-00:30:00"
  action:
    - service: light.turn_off
      entity_id: light.front_porch
    - service: light.turn_off
      entity_id: light.living_room_lamp




Home Assistant is kind of odd in that in the days of drag and drop you have to hand code a yaml file. And while it looks like computer code, you don't really need coding skills as the Home Assistant web site provides excellent tutorials for each device you can hook up and their forums are extremely helpful. Trust me, I've been on plenty of unhelpful forums and Home Assistant is great. Even asking the newbie questions, someone will help you and help you to completion of the task.


I'm just scratching the surface here and there are some Home Assistant gurus out there who would make your head spin with their impressive feats of automation with motors, servos, switches, lights, relays, cameras, cell phones, etc. In my mind it's a bit much but remember this is coming from the guy who only wanted to control one light previously.


By the way check out the level of control you have with the LIFX lights. You can control brightness and select from one of about a billion colors or even pick themes. I love this LIFX light. I love it a lot. However for $60 it should love me back.



Here's the problem as I see it though. Lack of standardization. I have plugs that run on machine to machine protocol and are wifi. There are wifi lights. There are wifi lights that need Zigbee protocol, there are devices that use Z wave. There is bluetooth, and IR remotes. Having a hub is almost a necessity as it allows you to not lock into one particular standard which can limit you.


And while the hub allows you access to all the standards and a larger variety of hardware..........good old hooking a wifi outlet up to lamp using machine to machine protocol (MQTT) allows for the fastest operation and response from Home Assistant. Having Z Wave and a hub creates latency between the device, hub, and Home Assistant. Having the device app open also seems to introduce weirdness into the mix at times. My Zigbee Orsam Lightify lights are very slow to react through the home assistant interface. The actual light comes on quick enough but the reaction time to the proper display setting on the Home Assistant page takes a few seconds. In short the light works fine, but the latency in the software is weird. I even had one light working fine that Home Assistant told me was "Unavailable". So did it's app. So did the hub app. But it was still accepting controls fine. Weird.


Another epiphany I had was that if you have a smart bulb in a regular lamp you have to leave the lamp on and it can really only be controlled by the app, or computer. There's something to be said for rolling over in bed and just not being able to flip the light on. It's not the end of the world by any stretch but it's not optimum either. So the thing to do is to install a smart switch in the wall. Unfortunately that involves messing around with the 120 volt mains power. Not a problem for me. The smart switch acts like a regular switch and can be wifi controlled as well. You get the best of both worlds. A switch that works normally on the wall that can be controlled from wifi.


Picked up a GE Iris Wifi enabled switch today at Lowe's. This by and large is the cats meow. Works with Z Wave which of course is what my Wink Hub 2 covers. I removed my old switch, wired this on in and added the device in the Wink app on my phone. It configured perfectly. I wired it with my recessed lighting back in my den.




If there's money to be spent the smarter money is on smart outlets and switches that go in the wall.


Stay tuned for more later as this evolves. Oh, and it will evolve.

Songle Internet Controlled Relay from ESP8266

I bought a Songle 2 channel relay from here with the hopes of hooking it directly to the ESP8266 GPIO and using it over the internet based on this excellent tutorial.


Unfortunately it just didn't work that easy. The digital GPIO signal from the ESP8266 is 3.3v and the relay just won't read that input on the IN1 or IN2 channel.


So you have to build a driver circuit for it. I used a 2N3904 transistor that I got from RadioShack here. Thank goodness my town still has a RadioShack.


Here's a rough and dirty detail.


This project uses Digital Pin 5 which is actually Pin D1 on the NodeMCU 1.0. Yeah, that's intuitive.


This is all from the flat part of the resistor towards you.


- From D1 a 1K ohm resistor goes to the base of the transistor. That is the middle leg.



- The Emitter, left leg, is tied directly to ground.



- The collector, right leg, goes to IN1 or IN2 on the relay. Also from the collector a 1N1004 diode goes to the 5v power source with the banded end at the 5v input. Put it in backwards and you are creating the condition to fry your transistor.



- The NodeMCU requires 3.3 volts (sharp eyes will see I'm using 5V to drive mine, and it works but it's wrong, kinda, sorta.)



- The relay Vcc requires 5 volts and of course ground is tied to ground.


Here it is on a breadboard layout. Nothing to it.




And here it is in action.




To drive both relays though you need to build another driver circuit for the other relay input. Also you need firmware to control 2 relay channels. I used this code I got from here. With this you just find the IP address of your ESP8266 and go to that page in a browser and you get 2 sets of on and off controls.








#include <ESP8266WiFi.h>
#include <aREST.h>
#include <aREST_UI.h>

// crée aREST instance
aREST_UI rest = aREST_UI();

// WiFi parameters
const char* ssid = "Your-SSID";
const char* password = "Your-Password";

// port conncetions TCP
#define LISTEN_PORT 80

// crée un instance du server
WiFiServer server(LISTEN_PORT);
void setup(void)
{
Serial.begin(115200);
// crée UI
rest.title("Relay ");
rest.button(2);
rest.button(0);
// donne nom et ID au module
rest.set_id("1");
rest.set_name("esp8266");
// connecte au wifi
WiFi.begin(ssid, password);
while (WiFi.status() != WL_CONNECTED) {
delay(500);
Serial.print(".");
}
Serial.println("");
Serial.println("WiFi connected");
// initialise le serveur
server.begin();
Serial.println("Server started");
// imprimme l'adresse IP
Serial.println(WiFi.localIP());
}

void loop() {
WiFiClient client = server.available();
if (!client) {
return;
}
while(!client.available()){
delay(1);
}
rest.handle(client);
}


Also you can configure this in Home Assistant to make dashboard switches.


switch 5:
  platform: command_line
  switches:
    arest_pin_two:
      command_on: "/usr/bin/curl -X GET http://192.168.20.102/digital/2/1"
      command_off: "/usr/bin/curl -X GET http://192.168.20.102/digital/2/0"
      friendly_name: Relay 1
switch 6:
  platform: command_line
  switches:
    arest_pin_zero:
      command_on: "/usr/bin/curl -X GET http://192.168.20.102/digital/0/1"
      command_off: "/usr/bin/curl -X GET http://192.168.20.102/digital/0/0"
      friendly_name: Relay 2



ESP8266 Hack of inexpensive WiFi Outlet

NOTE: This is a fairly involved project that requires soldering, Chip programming, setting up a server of sorts, etc. Took me two and a half days to figure all this out with lots of community help. Took me less than 30 minutes to do the second device. So it's a quick project THE SECOND TIME AROUND.


I AM IN NO WAY SHAPE, OR FORM THE AUTHOR, DISCOVERER, INVENTOR, OR ANYTHING ELSE OF THIS PROJECT. I am documenting this in easier to follow steps as it took some time to figure all this out because it is spread out in bits and pieces everywhere.


The original project (that I merely duplicated) is located at The Great Geekery. Before you do this project you for sure need to look over his original information. Wouldn't hurt to do a google search on "Ecoplug ESP8266" and read some backgound information on the whole thing. Very enlightening.


In today's blog I'm going to hack a wifi outlet to be able to be operated from wi-fi. Wait. What? These devices are made by KAB and branded with several different names such as WiOn, Ecoplug, WorkChoice, etc. In fact I ordered a Ecoplug from Walmart to be picked up in the store and when I got there received a WorkChoice. They may have different brands, different cases, but they are the same device.


They all contain the very hackable and very popular ESP8266 wifi chip which powers much of the Internet of Things (IoT) that you're always hearing about.


When people started taking these apart for reverse engineering they also discovered another dirty little secret. By using a program called WireShark that sniffs network transmissions and packets they discovered that these devices were SENDING YOUR WIFI SSID AND PASSWORD IN THE CLEAR TO AN OVERSEAS SERVER.


DO NOT BUY ONE OF THESE AND USE IT IN YOUR HOME. If you do realize that you have no expectation of security or privacy.


However you can hack 'em. Then they can't phone home. Here's the one I got at Walmart.



Now lets get to some hardware hacking. Remove the 4 screws in the back. The ESP8266 that we're going to reprogram is under the light brown shield. Remove the three screws holding it.



Now we need to solder 5 wires to the chip. Make sure the 2 holes are at the bottom and the chip is facing towards you. We are going to locate Power, Ground, Transmit, Receive, and GPIO0 which must be held low to ground on boot to put the device into boot loader mode so it can be programmed.



Also take note of the fact that right through the arrow line that says 3.3v's is an empty space on the board that is supposed to be populated with a reset switch. Dirty dogs removed the reset switch. Some of me thinks it was to make stuff like this harder. More than likely it saves .04 cents per unit.


Now take some breadboard wires and solder them on. I used 4 female ended wires with the GPIO 0 wire being a male end.



Now you need an FTDI programmer to hook from your computer to the board wires. I use the Adafruit FTDI Friend here. It costs $15. There are FTDI's on eBay for like $3 and even less. They use a fake FTDI chip and sometimes there are issues with drivers. I think they work just fine but I don't want the headache down the line.


HERE' ANOTHER POTENTIAL ISSUE. The FTDI programmer puts out 5v. The ESP8266 input power is supposed to be 3.3v. I have programmed 2 of these outlets and various other ESP8266's with 5v before. I've never had one blow up, HOWEVER, there are folks out there who have had them fry. If you put 5v into your chip be aware there is SOME risk involved with that. If you are the careful sort you can build a voltage divider with two resistors on a breadboard and chop your 5 volts down to 3.3. If you have a 1K ohm tie it to hot. Then take a 2K ohm and tie it to ground in series with the 1k. Right in the middle of those two resistors you'll be outputting roughly about 3.5v.



Now hook the chip to the FTDI like this. (from board to chip)

Vcc to 3.3v

GND to GND

Tx to Rx

Rx to Tx

GPIO 0 held to ground. I used an alligator clip to do this.



Now the hardware is ready. Let's get the software ready. i programmed mine from Arduino IDE on Mac OS X. Get the latest from here.


Now go on the toolbar when it is opened and go to Arduino > Preferences and add the following line to Additional Boards manager and Click Ok.


http://arduino.esp8266.com/stable/package_esp8266com_index.json




Now go to Tools > Board > Board Manager



Type in "ESP8266" and add the ESP8266 by ESP8266 Community Package (mine is already installed)



Now we need to add some Libraries. Go to Sketch > Include Libraries > Manage Libraries



Go here and download Homie Firmware. Download the Zip file. See the pic above? Go to add zip library and then navigate to, and then add the zip folder you just downloaded. It will install Homie into the Arduino Library. Now go to "Manage Libraries and search for and add the following packages:

ArduinoJson

Bounce2

PubSubClient

Async-mqtt-client (download and install as zip)

ESPAsyncTCP (download and install as zip)


Now lets load firmware. This was kind of weird and I'll explain it to the best of my understanding. When I downloaded the ino file from Scott Gibson's project I couldn't get it to compile successfully. I got with the developer of the Homie firmware project who told me the firmware code changed. So I think that between the time Scott wrote it and the time I found it the Homie firmware changed a bunch. Mind you I know nothing about code but I took the example below of Scott's code below and changed where it was failing (using a homie example as a template). SOMEHOW IT WORKED! Still, the tutorial advice I am giving below is the homie firmware example and you only have to tweak the Pin, LED, and Button stuff a little.


The only difference that I can tell between the two codes is it seems like that if you push the button in Scott's firmware it turns the socket on manually. The Homie IteadSonofButton example below does not do that. But, hey, it's a wifi socket. If it ain't wi-fi-ing .......unplug it and plug your thing in the real socket. I don't see much advantage to going manual. The whole point is to have a wifi controlled socket. Here is the code I tweaked. This is Scott Gibson's code. Feel free to use it if you want. It works. If you use the Homie example well then you know for a fact there should be no compilation errors. Copy this to a new arduino sketch and verify.


#include <Arduino.h>


#include <Homie.h>


#include <Bounce2.h>
#include <Homie.h>
#include <Button.h>


const int PIN_RELAY = 15;
const int PIN_LED = 2;
const int PIN_BUTTON = 13
;




HomieNode switchNode("plug", "switch");
Button button1(PIN_BUTTON); // Connect your button between pin 2 and GND


bool lightOnHandler(HomieRange range, String value) {
  if (value == "true") {
    digitalWrite(PIN_RELAY, HIGH);
    switchNode.setProperty("on").send("true");
    Serial.println("Light is on");
  //  switchState = true;
  } else if (value == "false") {
    digitalWrite(PIN_RELAY, LOW);
    switchNode.setProperty("on").send("false");
    Serial.println("Light is off");
//    switchState = false;
  } else {
    Serial.print("Error Got: ");
    Serial.println(value);
    return false;
  }


  return true;
}






void setup() {
  Serial.begin(115200);
  Serial.println();
  Serial.println();
  //pinMode(PIN_BUTTON,INPUT_PULLUP);
  pinMode(PIN_RELAY, OUTPUT);
  digitalWrite(PIN_RELAY, LOW);
  Homie.setLedPin(PIN_LED, LOW);
  //Homie.setResetTrigger(PIN_BUTTON, LOW, 5000);
  Homie_setFirmware("ecoplug", "1.0.0");
  switchNode.advertise("on").settable(lightOnHandler);
  button1.begin();
  Homie.setup();
}


void loop() {
  Homie.loop();
  if (button1.pressed())
  {
    digitalWrite(PIN_RELAY, !digitalRead(PIN_RELAY));
  }
  


}


OKAY THIS IS THE HOMIE EXAMPLE FIRMWARE BELOW. You still need to add the homie library even if you use the code above.


Now navigate to your Arduino libraries. In Mac OS X it is under "Documents"



Open your homie-esp8266-develop folder and go to examples. Open the one that says IteadSonofButton and double click the ino file




It will look like this after you alter the pin data as mentioned below:




We're going to change the value of the top 3 pins to this: (please bear in mind someone taught me this and that I wasn't smart enough to figure it out myself).


const int PIN_RELAY = 15;
const int PIN_LED = 2;
const int PIN_BUTTON = 13;


Make sure it looks like the picture above then click on "Verify" where my yellow circle is.



Now go into Arduindo under "Tools" and set your chip to Generic ESP8266 and then make sure all the other settings are the same. Make sure you have the proper Com Port selected as well. When I took this screenshot my FTDI controller was not plugged in. Again make sure you have it plugged in and selected.



If that works click on the right arrow next to the verify button and watch it upload to your chip.




HARDWARE HACKING COMPLETE!


Now the outlet should be in WiFi Access Point Mode. Check to see what wifi address it is broadcasting and connect to it.



Now go to this address to configure it. NOTE: IT WILL NOT CONFIGURE FROM A MAC. Must use Windows, or Linux, or Chromebook or Android or something else. The developer is aware of it and confirmed to me there was a bug.


http://setup.homie-esp8266.marvinroger.fr


TAKE NOTE OF THE DEVICE ID (the numbers and letters in the Wifi SSID after the dash) AND WRITE IT DOWN. It's just the mac address of the device but you need it later. If you change the device ID........WRITE THAT DOWN TOO. First thing you'll probably see is this:



If it does that I had to connect to my home wifi and then click on the setup link I posted above and get the page started and then quickly switch back to the Homie Wi-Fi Access Point. I think that is more of a browser cache thing than a bug of some sort. Anyway if you hit it right you'll see this below:



Now hit Next and fill in the following regarding your network credentials:



Now some other config. The broker address is the address of your MQTT server. I discuss that down below. You need an MQTT server before you can proceed. You can go ahead and fill this out if you know what the IP address is going to be of the computer where you install the server at. Note my mistake below.



Now finally, give it a name and then put your device ID in. Also check the box that says OTA enabled. After you hit next it should write to the device and restart and be ready to be controlled.




Run through the configuration. The only thing I couldn't figure out was the MQTT broker. This is the LEAST intuitive part of the process. Devices have their own protocol called MQTT which is a light weight protocol which runs on top of the http protocol. Anyway you need to connect to an MQTT server somewhere. There are free cloud ones however I just made my own. I installed a program called Mosquitto (yes, with two t's) on my Ubuntu Server. I won't get into the install and configuration of Mosquitto but it wasn't horribly hard and I will note it runs on Port 1883 and if you have a crappy home router it is easy enough for someone to enter port 1883 and turn your stuff on and off. So installing and turning on mosquitto is easy, but configuring it with security is kind of geeky. I run behind a good firewall appliance so my server is not accessible to the internet.


There are MQTT servers for every platform such as Windows, Linux and Mac. I just didn't want to install it on my mac laptop because when the laptop is gone, the mqtt server is gone and no home automation.


Okay so now I have this device configured. And now I have an MQTT server running. It was at this point I had zero clue what to do next. And it isn't intuitive at all. If you were the last person on earth no way you'd figure this out alone. Basically MQTT subscribes and publishes messages from machine to machine.


By the way........although I'm showing you the commands for using MQTT to turn the switch on..........don't look to me for too much help at this part of the tutorial. I'm slightly below beginner, noobie status on MQTT.


Ultimately I figured out (somebody told me what to do) that from my MQTT server I had to issue the following command to make the outlet turn on. Make sure you have the right topic name and device ID in your string here.


mosquitto_pub -t 'homie/382b78075571/switch/on/set' -m true


IF YOU USE SCOTT GIBSON'S FILE THE DEVICE TO CONTROL WILL BE "PLUG" NOT SWITCH. Here's an example


mosquitto_pub -t 'homie/382b780742c4/plug/on/set' -m true


I'll try to explain. The outlet broadcasts all the services it is running and you would be surprised how many. One of them is switch>set>on. True turns it on, false turns it off. So here's how it works.

- mosquitto_pub means we're going to publish to the outlet.

- The broker Topic is "homie". That is the default set in the configuration.

- The next field is your device ID or Mac address (unless you changed it)

- Now we're setting switch/on/set to true

Works like a champ.




Now I know you don't want to log into your server and issue a long command every single time. There are front ends for MQTT and one of the more popular ones is Home Assistant. Home assistant makes a webpage with a toggle switch to turn it on and off.



Basically once Home Assistant is installed you have to configure a file called configuration.yaml to see the switch and run the mqtt command. It isn't hard at all.


On your Mac where Home assistant is go to the terminal and type this:


cd ~/.homeassistant


sudo nano configuration.yaml


Add this to the bottom of the file: Be sure to .change your ip address on the 2nd line. Also change your Device ID's.


mqtt:

  broker: YOUR IP ADDRESS

  port: 1883

  client_id: home-assistant-1

  keepalive: 60

switch:

  - platform: mqtt

    name: "Wall Outlet"

    state_topic: "homie/382b78075571/switch/on"

    command_topic: "homie/382b78075571/switch/on/set"

    payload_on: "true"

    payload_off: "false"

    optimistic: false

    qos: 0

    retain: true

switch 2:

  - platform: mqtt

    name: "Wall Outlet2"

    state_topic: "homie/382b780749c1/switch/on"

    command_topic: "homie/382b780749c1/switch/on/set"

    payload_on: "true"

    payload_off: "false"

    optimistic: false

    qos: 0

    retain: true




That's it in a nutshell. Once you work through this MQTT thing once it isn't as bad as it seems and it then becomes easy enough to automate many more home items. Enjoy.




Older Entries

35,429