Ik wilde mijzelf uitdagen om te kijken hoe goed een telefoon werkt zonder enige vorm van Google software en bibliotheken zoals Google Mobile Services (GMS).

Om de lat extra hoog te leggen maak ik ook geen gebruik van alternatieven welke GMS emuleren, zoals ​microG welke onder andere in ​/e/ gebruikt wordt. Ik maak gebruik van ​LineageOS.

Eerste uitdaging; ik kan niet makkelijk apps installeren. Als alternatief gebruik ik:

• ​F-Droid
  • F-Droid Privileged Extension maakt automatische installatie via F-Droid mogelijk, echter dit was pittig lastig te installeren (sideloading met ADB root, script hacken, etc).
• ​AuroraStore (helaas toch een beetje valsspelen, want deze maakt in de achtergrond gebruik van de Play Store infrastructuur).
  • Automatische installatie van apps vereist Aurora Services, welke bij mijn telefoon elke keer 'verdween' na een update (​fix gemaakt).

Nu ik een manier had om apps te installeren kwam de volgende uitdagingen, heel veel apps gebruiken 'onbewust' delen van Google Mobile Services (GMS) of aanverwante Google bibliotheken, waardoor delen van de applicatie niet werkt.

Over de hoofdlijnen genomen is het een hele uitdaging om een telefoon te gebruiken zonder Google software en/of bibliotheken. Ik heb diverse (overheids) instellingen aangeschreven over de constatering dat hun applicatie niet (goed) werkt zonder Google bibliotheken, echter het uniforme antwoord is 'We nemen het mee in toekomstige ontwikkelingen'.

Kortom het nog wat voeten in aarde om software eco-systemen hier bewust van te maken en op te laten acteren.

GIMP (2.10) has very small menu fonts on my screen which barely readable. I cannot found a way to increase the font size in the Preferences, how-ever editing the theme file is a easy quick fix.

For example for the 'System' theme:

$ diff -u /usr/share/gimp/2.0/themes/System/gtkrc.orig /usr/share/gimp/2.0/themes/System/gtkrc 
--- /usr/share/gimp/2.0/themes/System/gtkrc.orig        2021-09-14 16:26:24.970000000 +0200
+++ /usr/share/gimp/2.0/themes/System/gtkrc     2021-09-14 15:57:37.440000000 +0200
@@ -38,7 +38,7 @@
 
 # Uncommenting this line allows to set a different font for GIMP.
 #
-#font_name = "sans 10"
+font_name = "sans 20"
 
   GtkPaned::handle-size             = 6
   GimpDockWindow::default-height    = 300

Bij tijd en wijlen komen er artikelen langs die spreken over CO2 'compensatie', zoals bijvoorbeeld bij de recente blogpost ​CO2-compensatie voor gasverbruik, hoe werkt dat? van samen|om.

Ik vind het storend om de term co2-compensatie en co2-reductie te gebruiken en vooral de manier waarop dit wordt gebruikt is feitelijk onjuist. Het gaat o.a. dan deze uitspraak: "Wanneer je aan CO2-compensatie doet, dan betekent dit dat je de hoeveelheid CO2 die je uitstoot op een andere manier weer terugdringt. Het resultaat hiervan is dat er netto geen extra CO2 bijkomt."

CO2-compensatie is geen "netto geen extra CO2 maatregel". Als je (bijvoorbeeld) 500kg CO2 uitstoot zonder CO2-compensatie, dan stoot je zonder CO2-compensatie 500kg CO2 uit. De CO2 die iemand anders uitstoot is hier niet aan verbonden en kan dan ook niet als uitgangspunt worden genomen.

Bij een CO2-compensatie van 500kg CO2 wordt er opeens gebruik gemaakt van een andere rekensom. Nu wordt wordt gesteld 500kg CO2 uitstoot + 500kg CO2 uitstoot door een externe partij. De laatste 500kg CO2 wordt verhinderd door de CO2-compensatie maatregel. De totale CO2 uitstoot is echter dan nog steeds 500kg CO2.

Het stellen dat bij CO2-compensatie 'netto geen extra CO2 bijkomt' is feitelijk onjuist, er komt in algemene zin namelijk nog steeds 500kg CO2 vrij. Het is niet zo dat met een klein bedrag de eigen impact 'afgekocht' kan worden, de impact is wel degelijk nog aanwezig.

Hierna spreken van CO2-reductie of CO2-neutraal is al helemaal verwarrend en onjuist, CO2 welke vrijkomt is per definitie een toename van de totale hoeveelheid CO2 in de atmosfeer. Zaken welke CO2 reduceren, dus de totale hoeveelheid CO2 verminderen in de atmosfeer, zijn zaken als CO2 direct air capture, bos bijplanten en bijhouden, onderhouden tot de eeuwigheid en dus niet 'CO2 compensatie uit andere projecten'.

Ik verwacht van 'om | nieuwe energie' een eerlijk en helder verhaal en dit valt hier niet onder.

Following the SIDN blogposts on ​implementing SPF, DKIM and DMARC in PostFix and ​implementing DANE in Postfix I got myself interested in getting two times an 100% score at the testing service ​internet.nl. The first badge is earned for mail services and secondly for web services.

Unfortually I cannot find a guide available which implements the ​IT Security Guidelines for Transport Layer Security (TLS) from National Cyber Security Centre (NCSC) within Apache HTTPD 2.4, which is my default webserver of choice.

I went for 'good'-ish instead of 'suffient', since I can manage the fall-out if stuff breaks in unexpected ways.

Alter change ssl_module settings, I am running FreeBSD www/apache24, so mine are found at /usr/local/etc/apache24/extra/httpd-ssl.conf:

SSLCipherSuite 'HIGH:-EXP:-LOW:-MEDIUM:-aNULL:-eNULL:-SRP:-PSK:-kDH:-ADH:-AECDH:-kRSA:-DSS:-RC4:-DES:-IDEA:-SEED:-ARIA:-AESCCM8:-3DES:-MD5:-DH'
SSLProxyCipherSuite 'HIGH:-EXP:-LOW:-MEDIUM:-aNULL:-eNULL:-SRP:-PSK:-kDH:-ADH:-AECDH:-kRSA:-DSS:-RC4:-DES:-IDEA:-SEED:-ARIA:-AESCCM8:-3DES:-MD5:-DH'

SSLHonorCipherOrder on 

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLProxyProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

SSLPassPhraseDialog  builtin

SSLSessionCache        "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout  300

SSLUseStapling On
SSLStaplingCache "shmcb:/var/run/ssl_stapling(32768)"
SSLStaplingStandardCacheTimeout 3600
SSLStaplingErrorCacheTimeout 600

The 'magic' value posted at SSLCipherSuite is ​interpreted by openSSL to a list of available ciphers to use. For example:

openssl ciphers -v 'HIGH:-EXP:-LOW:-MEDIUM:-aNULL:-eNULL:-SRP:-PSK:-kDH:-ADH:-AECDH:-kRSA:-DSS:-RC4:-DES:-IDEA:-SEED:-ARIA:-AESCCM8:-3DES:-MD5:-DH'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES256-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-CCM  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESCCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(256) Mac=SHA384
ECDHE-RSA-CAMELLIA256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(256) Mac=SHA384
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=Camellia(128) Mac=SHA256
ECDHE-RSA-CAMELLIA128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=Camellia(128) Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1

The optional features of hardening websites was a bit more troublesome. Take a good read at the documentation at Mozilla Developer Network (MDN) of ​Access-Control-Allow-Origin, ​X-Frame-Options, ​X-Frame-Options, ​X-Content-Type-Options, ​Content-Security-Policy and ​Referrer-Policy. Especially Content-Security-Policy is troublesome since it disallows inline javascripts, which broke some unexpected functionality.

To enable include snippet in VirtualHost entry or httpd.conf root if you like to have it enabled globally.

# Make sure headers_module is loaded/enabled
Header always set Access-Control-Allow-Origin "*"
Header always set X-Frame-Options "DENY"
Header always set X-Content-Type-Options "nosniff"
Header always set Content-Security-Policy "default-src 'self'; frame-ancestors 'self'"
Header always set Referrer-Policy "same-origin"

Restart your Apache HTTPD webserver and get yourself tested at ​internet.nl.

I changed a username/password to of one of my foscam devices, which I forgot to write down. The password was stored in the 'Foscam VMS' application, how-ever the GUI did not allow me to retrieve it.

Luckily for me the application was written in .NET and was very well debug-able. With tooling like ​ILSpy and ​dnSpy, the the database was found to be SQLite with encrypting using Legacy_CryptoAPI, which is ​deprecated/removed.

Wrote some glue-code (see attached) to remove encryption from the database. The decryption password was stored plain text in code.

Next browsing the database with ​SQLite Browser and mission accomplished.

I find looking at myself when attending an MS teams call really distracting. It feels like looking at the mirror how-ever with just a very small delay.

Apparently I am ​not the only one who has to deal with this issue and not liking it.

Turning off the video feature is not the preferred option, since I do think conversations with video makes a better conversation.

The good old solution is a sticky note glued to your screen, covering your selfview. A more elegant digital alternative can be produced by using 'Sticky Notes' and an open source application called ​DeskPins.

Much bettter:

I got myself an old Creative Sound Blaster Z to replace my build-in sound card, to amplify my sound experience, how-ever on first install I got myself into a pickle:

feb 24 22:54:52 technetium kernel: snd_hda_intel 0000:09:00.0: Direct firmware load for ctefx-desktop.bin failed with error -2
feb 24 22:54:52 technetium kernel: snd_hda_intel 0000:09:00.0: Direct firmware load for ctefx.bin failed with error -2

$ sudo lspci -v -s 09:00.0
09:00.0 Audio device: Creative Labs Sound Core3D [Sound Blaster Recon3D / Z-Series] (rev 01)
	Subsystem: Creative Labs SB1570 SB Audigy Fx
	Flags: bus master, fast devsel, latency 0, IRQ 39, IOMMU group 14
	Memory at fca04000 (64-bit, non-prefetchable) [size=16K]
	Memory at fca00000 (64-bit, non-prefetchable) [size=16K]
	Capabilities: [40] Power Management version 3
	Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
	Capabilities: [70] Express Endpoint, MSI 00
	Capabilities: [100] Advanced Error Reporting
	Capabilities: [140] Virtual Channel
	Capabilities: [170] Device Serial Number 00-00-00-00-00-00-00-00
	Capabilities: [180] Power Budgeting <?>
	Kernel driver in use: snd_hda_intel
	Kernel modules: snd_hda_intel

Found a brilliant suggestion ​Raymond (back in 2016):

$ dnf provides /lib/firmware/ctefx.bin
$ sudo dnf install alsa-firmware

Reboot the system and it was al working as expected.

Bonus tip if you want to switch between headphone and speaker output

If you STILL don't have sound, try opening alsamixer, selecting your card with
F6, and toggling "HP/Speaker Auto Detect" with the 'm' key. This switch sets
whether or not you want to manually select the output with the 'Output Select' control.

Credits ​The original writer of the driver Conmanx360

Output switch script

This will provide a shortcut to quickly switch between headphone and speaker output with (as bonus) an shortcut key for Gnome:

Create install directory if does not exists:

$ mkdir -p $HOME/bin

'Install' script audio-switch-output.sh script:

$ cat << 'EOF' > $HOME/bin/switch-audio-output.sh && chmod 755 $HOME/bin/switch-audio-output.sh
#!/bin/sh
#
# Quickly switch between headphones and speakers 
# Tested on Creative Sound Blaster Z soundcard which is assumed to be card0
#
cmd="amixer -c 0"
if $cmd sget 'Output Select',0 | grep -q "Item0: 'Speakers'"; then
	$cmd -q sset 'Output Select',0 'Headphone'
else
	$cmd -q sset 'Output Select',0 'Speakers'
fi
EOF

Warning: Be careful, this will override any existing custom gnome shortcut keys, use Gnome GUI Settings -> Keyboard Shortcuts.

Add shortcut to call script quickly:

$ cat <<EOF | DCONF_PROFILE=user dconf load /org/gnome/settings-daemon/plugins/media-keys/
[/]
custom-keybindings=['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/']

[custom-keybindings/custom0]
binding='<Primary><Alt>AudioMute'
command='$HOME/bin/switch-audio-output.sh'
name='Switch audio output'
EOF

My DCP-L3550CDW printer was not printing multiple copies of the same document when asked via LibreOffice using the default (driverless) driver. It is most likely caused due to the fact the default driver does not implement the ​collate CUPS feature well so was hoping the Brother vendor provided ​DCP-L3550CDW driver is going to work fine.

How-ever printing revealed no output at all. Debugging output for the cups wrapper could be enabled (DEBUG=1) at file:/opt/brother/Printers/dcpl3550cdw/cupswrapper/brother_lpdwrapper_dcpl3550cdw which in turns stores debug logging at file:/tmp/br_cupswrapper_laser.log and file:/tmp/br_cupswrapper_laser_lpderr.

The last one give me a good error message:

Can't locate File/Copy.pm in @INC (you may need to install the File::Copy module) (@INC contains: /usr/local/lib64/perl5/5.32 /usr/local/share/perl5/5.32 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /opt/brother/Printers/dcpl3550cdw/lpd/filter_dcpl3550cdw line 9.
BEGIN failed--compilation aborted at /opt/brother/Printers/dcpl3550cdw/lpd/filter_dcpl3550cdw line 9.

The fix is easy:

$ sudo dnf install perl-File-Copy

And voila, printing of multiple copies is working. Big thanks to brother for providing linux printer drivers which can be debugged (unlike other vendors)!

Even though I have enabled spam filtering the blog get swarmed with blog comment spam for some reason.

Since their are no user generated comments, time to start fresh again:

$ sudo -u www sqlite3 trac.db
sqlite> DELETE from fullblog_comments;

Next job, find out how the comments get here in the first place.

UPDATE 1 dec 2020:
Seems like Recaptcha2 is being automated or abused somehow:

Captcha (15): Human verified via CAPTCHA (Recaptcha2)

Deleted it in favor of my own running my own version... to be continued.

Got myself a old(er) MEDION "PC Medion Erazer X5308 F / B551 EU" with specs:

Model: MT 20
Type: MET MT 8047N
MSN: 1002 0291

on which I would like to downgrade the GPU since the installed one (NVIDIA GTX 970) was overspected and more useful somewhere else. Hoping to install an old ATI Radeon HD7870 card.

Trying to boot the machine resulted in a beeping system (long - short - short), this BIOS error code means something is wrong with the GPU.

Made sure PSU and GPU were both functioning as expected by plugging them into an alternative system, leaves me with a bit of a puzzle. Since the mainboard (type MS-7848) is custom made no manual could be found for good debugging.

After some searching around I stumbled on a similar error, how-ever the use-case is completely different. Thanks to Dragna at the MEDION Cummunity forum for ​answering his own question I found the hint I was looking for.

  - In the BIOS > Advanced > OS Settings -> Select Win7/Other.
  - Go in the CSM menu which just appeared and set everything to UEFI except "Launch Video OpROM policy" which should be set "Legacy".

Root cause pretty simple after all,the Sapphire HD 7870 does ​not support UEFI at all. Hence the modification of the BIOS settings to support the old legacy stuff.

Voila, problem solved. Yet another piece of hardware saved from the e-waste.

Intro

I sometimes need extra ethernet connectivity for debugging and development. Lets have a look at some I have around. All dongles are tested with USB3 host system, unless otherwise stated. Testing is done with iperf3.

Linksys USB3GIG-EJ

Box says Linksys ​USB Ethernet adapter gigabit USB 3.0, works like a charm:

rick@WINNIE:~$ iperf3 -c 192.168.88.1
Connecting to host 192.168.88.1, port 5201
[  5] local 172.22.29.135 port 51080 connected to 192.168.88.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   112 MBytes   943 Mbits/sec    0   3.15 MBytes       
[  5]   1.00-2.00   sec   112 MBytes   944 Mbits/sec    0   3.15 MBytes       
[  5]   2.00-3.00   sec   111 MBytes   933 Mbits/sec    0   3.15 MBytes       
[  5]   3.00-4.00   sec   112 MBytes   944 Mbits/sec    0   3.15 MBytes       
[  5]   4.00-5.00   sec   112 MBytes   944 Mbits/sec    0   3.15 MBytes       
[  5]   5.00-6.00   sec   112 MBytes   943 Mbits/sec    0   3.15 MBytes       
[  5]   6.00-7.00   sec   112 MBytes   944 Mbits/sec    0   3.15 MBytes       
[  5]   7.00-8.00   sec   111 MBytes   933 Mbits/sec    0   3.15 MBytes       
[  5]   8.00-9.00   sec   112 MBytes   943 Mbits/sec    0   3.15 MBytes       
[  5]   9.00-10.00  sec   112 MBytes   944 Mbits/sec    0   3.15 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  1.10 GBytes   942 Mbits/sec    0             sender
[  5]   0.00-10.06  sec  1.10 GBytes   935 Mbits/sec                  receiver

iperf Done.

Wavlink NWU220G

The Wavlink ​WL-NWU220G is a USB 2.0 to Gigabit Ethernet Adapter. It's using the ​axe(4) driver under FreeBSD.

rick@WINNIE:~$ iperf3 -c 192.168.88.1
Connecting to host 192.168.88.1, port 5201
[  5] local 172.22.29.135 port 51086 connected to 192.168.88.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  34.0 MBytes   285 Mbits/sec    0   1.56 MBytes       
[  5]   1.00-2.00   sec  31.2 MBytes   262 Mbits/sec    0   3.00 MBytes       
[  5]   2.00-3.00   sec  30.0 MBytes   252 Mbits/sec    0   3.00 MBytes       
[  5]   3.00-4.00   sec  31.2 MBytes   262 Mbits/sec    0   3.00 MBytes       
[  5]   4.00-5.00   sec  31.2 MBytes   262 Mbits/sec    0   3.00 MBytes       
[  5]   5.00-6.00   sec  30.0 MBytes   252 Mbits/sec    0   3.00 MBytes       
[  5]   6.00-7.00   sec  31.2 MBytes   262 Mbits/sec    0   3.00 MBytes       
[  5]   7.00-8.00   sec  31.2 MBytes   262 Mbits/sec    0   3.00 MBytes       
[  5]   8.00-9.00   sec  30.0 MBytes   252 Mbits/sec    0   3.00 MBytes       
[  5]   9.00-10.00  sec  31.2 MBytes   262 Mbits/sec    0   3.00 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   312 MBytes   261 Mbits/sec    0             sender
[  5]   0.00-10.13  sec   311 MBytes   258 Mbits/sec                  receiver

iperf Done.

Still impressive, it's almost maxing out the maximum transfer speed of USB2.0 protocol, but by far not the gigabit port.

Sitecom LN-030v3

Also have a old ​Sitecom LN-030v3 adapter lying around. It is a USB 2.0 adapter with 100 Mbit ethernet speed. It's using the ​ure(4) driver under FreeBSD.

rick@WINNIE:~$ iperf3 -c 192.168.88.1
Connecting to host 192.168.88.1, port 5201
[  5] local 172.22.29.135 port 51094 connected to 192.168.88.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  14.1 MBytes   118 Mbits/sec    0    595 KBytes       
[  5]   1.00-2.00   sec  11.2 MBytes  94.3 Mbits/sec    0   1.14 MBytes       
[  5]   2.00-3.00   sec  11.2 MBytes  94.4 Mbits/sec    0   1.70 MBytes       
[  5]   3.00-4.00   sec  11.2 MBytes  94.4 Mbits/sec    0   2.26 MBytes       
[  5]   4.00-5.00   sec  11.2 MBytes  94.4 Mbits/sec    0   2.83 MBytes       
[  5]   5.00-6.00   sec  11.2 MBytes  94.4 Mbits/sec    0   3.00 MBytes       
[  5]   6.00-7.00   sec  11.2 MBytes  94.4 Mbits/sec    0   3.00 MBytes       
[  5]   7.00-8.00   sec  10.0 MBytes  83.9 Mbits/sec    0   3.00 MBytes       
[  5]   8.00-9.00   sec  0.00 Bytes  0.00 bits/sec    1   1.41 KBytes       

iperf3: error - unable to receive control message: Connection reset by peer

Using USB3 ports is causing the module to 'choke' and resets itself, which is highly unwanted. Trying on an (old) USB2 port:

rick@WINNIE:~$ iperf3 -c 192.168.88.1
Connecting to host 192.168.88.1, port 5201
[  5] local 172.22.29.135 port 51106 connected to 192.168.88.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  13.6 MBytes   114 Mbits/sec    0    601 KBytes       
[  5]   1.00-2.00   sec  12.4 MBytes   104 Mbits/sec    0   1.15 MBytes       
[  5]   2.00-3.00   sec  11.2 MBytes  94.4 Mbits/sec    0   1.71 MBytes       
[  5]   3.00-4.00   sec  11.2 MBytes  94.3 Mbits/sec    0   2.27 MBytes       
[  5]   4.00-5.00   sec  10.0 MBytes  83.9 Mbits/sec    0   2.83 MBytes       
[  5]   5.00-6.00   sec  11.2 MBytes  94.4 Mbits/sec    0   3.02 MBytes       
[  5]   6.00-7.00   sec  11.2 MBytes  94.4 Mbits/sec    0   3.02 MBytes       
[  5]   7.00-8.00   sec  11.2 MBytes  94.4 Mbits/sec    0   3.02 MBytes       
[  5]   8.00-9.00   sec  11.2 MBytes  94.4 Mbits/sec    0   3.02 MBytes       
[  5]   9.00-10.00  sec  11.2 MBytes  94.4 Mbits/sec    0   3.02 MBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   115 MBytes  96.3 Mbits/sec    0             sender
[  5]   0.00-10.27  sec   115 MBytes  93.7 Mbits/sec                  receiver

iperf Done.

Excellent speed, how-ever 10x slower of course then the Linksys alternative.

Conclusion

If you need maximum performance, use the adapter suited for the job, how-ever when performance is not critical the older adapter are also still well suited for the job, how-ever bear in mind potential issues with USB devices dropping out, so (stress-)test your hardware before using it.

Fun fact: All USB Ethernet dongles roughly costed 20-25 EUR the moment I bought them, which makes interesting to see that technology really ages quickly, since the old dongles are basically worth-less :-).

Typing the shortcuts to your home directory with the tilde (~) sign, requires an extra space after the character ​when using an 'US International keyboard' layout which could be rather annoying since I type a lot.

Setting keyboards and languages is a mess under windows GUI settings, luckaly powershell to the rescue (​thanks to this reddit post for the suggestion):

# Set some sane defaults (for NL programmer)
Set-WinUserLanguageList en-NL -Force

PS C:\Users\info> Get-WinUserLanguageList
LanguageTag     : en-NL
Autonym         : English (Netherlands)
EnglishName     : English
LocalizedName   : English (Netherlands)
ScriptName      : Latin
InputMethodTips : {2000:00000409}
Spellchecking   : True
Handwriting     : False


# Default keyboard layout of en-NL is 'US International', which includes dead keys
# really annoying for (UNIX) programming input.
PS C:\Users\info> Set-WinUserLanguageList en-NL -Force
PS C:\Users\info> Get-WinUserLanguageList


LanguageTag     : en-NL
Autonym         : English (Netherlands)
EnglishName     : English
LocalizedName   : English (Netherlands)
ScriptName      : Latin
InputMethodTips : {2000:00020409}
Spellchecking   : True
Handwriting     : False


# Change to 'US' to get rid of dead-keys
PS C:\Users\info> $someVar = Get-WinUserLanguageList
PS C:\Users\info> $someVar[0].InputMethodTips.Remove('2000:00020409')
True
PS C:\Users\info> $someVar[0].InputMethodTips.Add('2000:00000409')
PS C:\Users\info> Set-WinUserLanguageList $someVar -Force

PS C:\Users\info> Get-WinUserLanguageList


LanguageTag     : en-NL
Autonym         : English (Netherlands)
EnglishName     : English
LocalizedName   : English (Netherlands)
ScriptName      : Latin
InputMethodTips : {2000:00000409}
Spellchecking   : True
Handwriting     : False

I recently helped migration to an new android phone. One part of the process was to store old (WhatsApp) stored images on internal storage towards the external storage SD Card.

Installing the new phone revealed an unexpected fall-out of having all the old pictures being sorted as being taken today.

Close inspection revieved Android Media Store uses the ​EXIF CreateDate to store the moment the picture was taken, missing the tag, it will use the file modification date as backup. How-ever this modification date of course was reset, because the file was copied from internal storage, without preserving the file modification dates.

The first attempt of fixing the issue was by turning off the phone, removing the SD card and fix the modification time of every file, based on the date identifier found in the file e.g. $ touch -a -m -t 201906230000 IMG-20190623-WA001.jpg.

After an re-insert of SD and turning the phone back on, it was not fixing anything. Basically the re-indexing needed to be forced. This is best done by removing all data from the 'Media Storage' System App. Go to Settings -> Apps -> "3 dots button" -> "Show System Apps" -> "Media Storage" -> Storage -> "Clear Data" -> OK. And next reboot the phone and open the images overview on the SD card using Settings -> "Device Care" -> Storage -> "SD Card" -> "Images". Depending on the amount of pictures this could take a while before your device is responsive again.

So finally all pictures and videos are indexed again and the Gallery shows pictures and videos in good order again. All happy right? ... but wait what about Facebook App ... personally I would nuke it and never look back, how-ever some people do not care about being 'the product' and will happily 'pay' for the service by providing lots of personal data. Having this said, I like a good engineering puzzle, so let's get started.

Facebook App (and maybe others) are still showing pictures garbled, which is annoying when for example wanting to upload older pictures, since you have to scroll down a long while before getting to the good stuff again. Apparently facebook does not rely on the metadata generated by the "MediaStore" and generates it's own, how-ever it blindly ignores the file modified date if EXIF data is missing and simply tags the picture as being taken the moment it is indexed. So how-to fix it?

First and foremost we need help, by some very powerful software ​EXIFTool, this will help us create the required EXIF tags based on the date string found in the filename. So turn off the phone again and plug the SD Card into a computer ones more.

We are going to use this magic:

$ exiftool \  
    "-datetimeoriginal-=" \
    '-datetimeoriginal<${filename;$_=substr($_,4,8)} 00:00' \
    "-createdate-=" \
    '-createdate<${filename;$_=substr($_,4,8)} 00:00' \
    '-filemodifydate<${filename;$_=substr($_,4,8)} 00:00' IMG-*WA*

To explain a little:

• Do not update DateTimeOriginal EXIF tag if already exists:

"-datetimeoriginal-="

• Base the DateTimeOriginal EXIF tag on the filename, by selecting the 5th until 12th character in the filename and expanding this with time midnight (00:00). This special rule is required to ensure file named like IMG-20190405-WA-1290.jpg could be parsed without issues, normal syntax is causing 90 to be specified as minutes which causes errors on importing.

'-datetimeoriginal<${filename;$_=substr($_,4,8)} 00:00'

• Same applies for EXIF CreateDate:

     "-createdate-=" \
      '-createdate<${filename;$_=substr($_,4,8)} 00:00' \
  

• our previous $ touch equivalent is a nice-to-have yet not required:

'-filemodifydate<${filename;$_=substr($_,4,8)} 00:00' IMG-*WA*

Now, put your SD card back in the phone and turn it back on. Clear your facebook data "Settings -> Apps -> Facebook -> "Clear Data" -> "Ok' and restart your Facebook Apps and wait a long time again. After your phone (literally) cools down it's time to enjoy the result.

I am confused about Firefox under linux not being about to properly preview all images in the "File Upload" dialog. Since camera's do not generate meaning file-name trying to guess/remember/pick the file-name to be used is annoying time consuming.

More-over the behaviour is not consistent, it only seems to happen on large image files, the small ones are generated properly.

Turns out I looking at a work-around for a CVE issue fixed 5 years ago, as seen in Firefox bugzilla ​issue:1184009.

The work-around consist of disabling the preview for pictures larger than 4096px in height or width). It has been reported multiple times to have it fixed, how-ever all cases being closed, as it was not safe enough.

5 years down the road an new argument comes to table seen at ​issue:1571984. "They need to re-implement it ourself, since the external library cannot be trusted.", which seems to make sense at first glance.

Leaves me wondering what they mean with "rigging up their own imagelib". Since 10 months has passed since the last comment. I guess it's challenge accepted, I will try to write a patch somehow ....

I recently ​found out the term 'master' as repository name is considered offensive, since it is often used in conjunction with the term 'slave' Which in hindsight is indeed ​not correct to use.

Since it is not technology limiting how a branch is named, changing is just a matter of making of spending some time on it. If I can make the world a better place by renaming a few of repository trees, it's time well spend.

Since FreeBSD and subversion is using the word ​trunk together with branches for ages, so I thought it would make a much better alternative.

Switching is a semi-easy, first create and new branch:

$ git checkout -b trunk
Switched to a new branch 'trunk'
$ git push -u origin trunk
Total 0 (delta 0), reused 0 (delta 0)
remote: 
remote: Create a pull request for 'trunk' on GitHub by visiting:
remote:      https://github.com/rickvanderzwet/nagios-plugins/pull/new/trunk
remote: 
To https://github.com/rickvanderzwet/nagios-plugins.git
 * [new branch]        trunk -> trunk
Branch 'trunk' set up to track remote branch 'trunk' from 'origin'.

Deleting old branch:

$ git push origin --delete master
To https://github.com/rickvanderzwet/nagios-plugins.git
 ! [remote rejected]   master (refusing to delete the current branch: refs/heads/master)
error: failed to push some refs to 'https://github.com/rickvanderzwet/nagios-plugins.git'

Whoops make sure to change the GitHub default branch, in mine case found at:

​https://github.com/rickvanderzwet/nagios-plugins/branches

And try again:

$ git push origin --delete master
To https://github.com/rickvanderzwet/nagios-plugins.git
 - [deleted]           master

# Delete local branch:
$ git branch -d master
Deleted branch master (was 82e57d4d).

# Update head reference pointer:
$ git remote set-head origin trunk

I use terminator as my favorite terminal emulator, which uses the shortcut CTRL+ALT+e to open a new window (vertical split).

How-ever recently the key-binding is hijacked by the emojicon hipsters on GNOME to allow inserting emojicons.

To re-claim the key-binding, use ibus-setup and head to the 'Emoji' tab to free the keybinding.

I have a old ​Samsung SGH-E530 phone which I wanted to convert to play phone. One worry about the phone was the ability to call emergency services (112, 911).

Flight mode was no option, since the phone had to be powered-down, which makes it quite useless as play phone.

Option number two involves drastic measures. Since I will not be needing any GSM capabilities any-more, let's take it out or at least the antenna bit.

Opening the phone was easy peasy, just remove 5 standard philips screws and good to go. Located the antenna, both internal and external and removed a few filter capacitors using tweezers to break them off the board. This will decouple the antenna.

Re-assembly and turning it back in, "Limited service 5 bars". A bit flaky though (holding the phone would make it drop a few bars) how-ever still stable enough to make calls.

Time for a revised plan, time to dive in again. Now locating the Power Amplifier Module (PAM), took the de-soldering station and removed the ​SKY77328-13 chip from the PCB.

Re-assembly and turning it back in, "Limited service 2 bars"!!! I am located 500 meters from a GSM tower (line of sight), so I am guessing this also helped the process.

Still more to be removed apparently. The "complete RF front end for multi-band GSM and GPRS wireless communications" ​SI4205-BM is the next canidate for heat-gun removal.

Re-assembly attempt number 3 and finally "No service available", guess I have hit the bulls-eye :-)

Bonus-challenge is setting the date or more precisely the year. The SGH-E530 will not accept the current year (2020), further inspection reveals the date must be set between 1-1-2020 and 31-12-2016. Either no engineer bothered to look this far in the future or a classical case of ​planned obsolescence.

I would like to set the date correctly to allow learning the day of the week kind of things. Every year the weekday to shift by 1 weekday (365 mod 7), except on a leap year, which is causing the weekday to shift by 2 weekdays.

I order to work around the date restriction I have to improvise. 1-1-2020 was a Wednesday, 6 years earlier, mind the leap-year 2016 in between, 1-1-2014 should be the solution. How-ever 2014 is not a leap-year unlike 2020, thus first of March 2014 is on a Saturday. 1st of March 2020 is located on on a Sunday.

Going back 6 more years to 2008 reveals an other interesting case. The leap-year criteria matches, how-ever located on Tuesday it's incorrect, since there are now 2 leap-years (2012 & 2018) involved.

Going back to 2003 gives me the correct weekday, how-ever no leap year. Going back to 1997, disqualifies as being no leap year. Next in line 1992. Jackpot, first of all a leap-year and secondly 1-1-1992 weekday is Wednesday.

My surprise grows since this behaviour (28 years) is consistent since 1-1-1964 is the next candidate in line. Which is even before ​UNIX Epoch Time, making it an unlikely candidate to even to be considered :-). I have tried to wrap my head around the math involved to explain it, how-ever I have to leave it "exercise left to the reader".

Back to my pressing matter of setting the right year allowing the weekdays to match has proven to be a rather difficult issue. I can only deal with it by using a work-around. Set the year to 2014 and at 1st of March change the year to 2015. Sounds like next level ​daylight saving time/summertime :-).

TODO: Complete

​https://www.dell.com/support/article/nl-nl/sln300987/de-efi-bootloader-repareren-op-een-gpt-hdd-voor-windows-7-8-8-1-en-10-op-uw-dell-pc?lang=nl

​https://blog.jacobclarity.com/using-bcdedit-on-windows-from-recovery-mode/

​https://blog.fpmurphy.com/2016/06/uefi-based-windows-10-platform-failure-to-boot-due-to-bcd-error.html

​https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/bcd-system-store-settings-for-uefi

​https://support.microsoft.com/en-us/help/4026030/how-to-use-windows-recovery-environment-winre-to-troubleshoot-common-s

I switch a lot between en_GB and nl_NL for spell checking in firefox in the context menu (right mouse click).

The context menu how-ever is really bulky showing all kind of languages I never use. Firefox running on Fedora is using file:/usr/share/myspell directory to populate this list.

One quick and dirty solution is to remove the ones I do not use. Since the are (luckily) all symlinks, this could be done in a breeze:

$ sudo find /usr/share/myspell -type l -delete

Inspired by the blog post ​Increase Font in GRUB for High DPI Screens from Ward Muylaert. I decided to try to make it work under Fedora 32 on a system which uses EFI boot.

First make the font compatible for grub: $ grub2-mkfont /usr/share/fonts/dejavu-sans-mono-fonts/DejaVuSansMono.ttf --size=48 --output=/boot/efi/EFI/fedora/fonts/DejaVuSansMono48.pf2

Next update the grub configuration: $ sudo grub2-mkconfig -o /etc/grub2-efi.cfg

Strictly speaking not required, how-ever I like to keep the files in sync: $ sudo grub2-mkconfig -o /etc/grub2.cfg

Alter content of file:/etc/default/grub to include font reference. The GRUB_TERMINAL_OUTPUT is optional, it should be included by default when specifying a new font.

#GRUB_TERMINAL_OUTPUT="console"
GRUB_TERMINAL_OUTPUT="gfxterm"

GRUB_FONT=/boot/efi/EFI/fedora/fonts/DejaVuSansMono48.pf2