Redhatter (VK4MSL)

Dec 282020
 

So, a while back I tore apart an old Logitech wireless headset with the intention of using its bits to make a wireless USB audio interface. I was undecided whether the headset circuitry would “live” in a new headset, or whether it’d be a separate unit to which I could attach any headset.

I ended up doing the latter. I found through Mouser a suitable enclosure for the original circuitry and have fitted it with cable glands and sockets for the charger input (which now sports a standard barrel jack) and a DIN-5 connector for the earpiece/microphone connections.

The first thing to do was to get rid of that proprietary power connector. The two outer contacts are the +6V and 0V pins, shown here in orange and white/orange coloured cable respectively. I used a blob of heat-melt glue to secure it so I didn’t rip pads off.

Replacing the power connector. +6V is orange, 0V is orange/white.

The socket is “illuminated” by a LED on the PCB. Maybe I’ll look at some sort of light-pipe arrangement to bring that outside, we’ll see.

The other end, just got wired to a plain barrel jack. Future improvement might be to put a 6V DC-DC converter, allowing me to plug in any old 12V source, but for now, this’ll do. I just have to remember to watch what lead I grab. Whilst I was there, I also put in a cable gland for the audio interface connection.

Power socket and audio connections mounted in case.

One challenge with the board design is that there is not one antenna, but two, plus some rather lumpy tantalum capacitors near the second antenna. I suspect the two antennas are for handling polarisation, which will shift as you move your head and as the signal propagates. Either way, they meant the PCB wouldn’t sit “flat”. No problem, I had some old cardboard boxes which provided the solution:

PCB spacer, with cut-out for high-clearance parts.

The cardboard is a good option since it’s readily available and won’t attenuate the 2.4GHz signal much. It was also easy to work with.

I haven’t exposed the three push-buttons on that side of the PCB at this stage. I suppose drilling a hole and making a small “poker” to hit the buttons isn’t out of the question. This isn’t much different to what Logitech’s original case did. I’ll tackle that later. I need a similar solution for the slide-switch used for power.

One issue I faced was wrangling the now over-length FFC that linked the two sides. Previously, this spanned the headband, but now it only needed to reach a few centimetres at most. Eyeballing the original cable, I found this short replacement. I’ll have to figure out how to mount that floating PCB somehow, but at least it’s a clean solution.

Replacement FFC.

At this point, it was a case of finish wiring everything up. I haven’t tried any audio as yet, that will come in time. It still powers up, sees the transceiver, so there’s still “life” in this.

Powering up post-surgery.

I plugged it into its charger and let it run for a while just to top the LiPo cell.

Charging for the first time since mounting.

One thing I’m not happy with is the angle the battery is sitting at, since it’s just a bit wider than the space between the mounting posts. I might try shaving some material off the posts to see if I can get the battery to sit “flat”. I only need about 1mm, which should still allow enough clearance for the screwdriver and screw to pass the cell safely.

The polarity of the speakers is a guess on my part. Neither end seemed to be grounded, hopefully the drivers don’t mind being “common-ed”, otherwise I might need to cram some small isolation transformers in there.

Dec 202020
 

So, some years back, my father purchased a Hema HX-1 GPS navigator to replace an older Hema unit… and for the past few years, the unit itself has performed just fine.

Then, about a month ago, he goes out to the car, and sees that the GPS has attempted a partial deconstruction. The LiPo cell inside had expanded, partially popping the case open. The unit was unresponsive to external power input, or really, any input.

Since the job of opening the thing was half-done, the least I could do is finish the job and open it up completely to survey the damage.

I didn’t take any photos of the GPS at this point. Apparently, this failure mode is very common with this model of GPS. First thought for me was getting that battery out! I started by disconnecting it from the PCB.

When disconnecting the battery, cut ONE WIRE AT A TIME! A LiPo cell, even a damaged one like this one, can easily generate enough current to spot-weld a set of side-cutters shut. You can also trigger overheating of the already damaged cell leading to possible explosion of the cell.

I cut the wires close to the cell so I’d have some wire to work with should I need it. I didn’t like my chances of accidentally shorting something in the process, so I figured by leaving the leads out of the dud cell as short as possible, I’m less likely to have them short each-other. The battery is a fairly standard 3.7V 5Ah single-cell LiPo battery with built-in thermister.

Next step was to remove the battery. This is tricky because the battery is stuck-down with double-sided tape, and the case makes accessing the underside difficult. You do NOT want to bend the cell, as that will cause fireworks too. Also, do NOT use metal implements to shift the battery, one puncture and there’ll be fireworks.

I found a semi-flexible plastic divider from a storage box worked: I just wedged it in under the cell, then moved it side-to-side to slowly “cut” the double-sided tape. You want something that is fairly flat, stiff, but with some “give” in it. Also, you’ll want some patience, this will be a slow process.

The old battery, removed from the GPS.

The code 2016ABAD didn’t escape my attention, maybe this cell’s credentials were dodgy from the start? Anyway. You can see how close I cut the output leads: I don’t want anyone ever using this cell again, and this is the easiest way to discourage it.

Next, I needed to see if the GPS was still alive. So, I stripped the ends of the old battery leads, spliced on a bit of extra cable, and hooked it to my bench supply set at 3.6V. A little current, and the GPS eventually woke up, moaning bitterly about a “low” battery, but the thing is, it worked, so it was worth proceeding.

For the replacement battery, I measured up the old one and found this 6Ah 3.7V cell to be a good match: it was almost the exact same size, featured a thermister the same as the old one, and was about the same capacity. If your cell lacks a thermister, you might have to bodge a 10k NTC in somehow. The pin-out of this particular cell though, pretty much exactly matched the pads on the PCB:

Existing battery connections.

Now, I could just take any suitable cell, cut the connector off (again, one wire at a time!) and solder it to the PCB, but I didn’t like my chances of accidentally bridging connections.

The cell I was buying had a JST-style connector, so I figured I’d ask about where I could get a mating socket. Turns out, Core Electronics have those too. The idea was I was going to mount this to the pads, then simply plug the cell in. I found I could simply bend the pins on this connector so that instead of exiting at a right-angle, they continued straight, making it very easy to simply “tack”-solder the connector to the old pads.

I just needed to ensure I got the connector around the right way!

Installing a battery connector.

Here’s a close-up without the annotations.

Close up of installed connector.

The install looked clean, so I tried firing up. No dice, it didn’t respond to the power button. Okay, maybe the battery is a little low, let’s try applying power. The GPS went into a boot-loop, seemingly unable to complete a full boot sequence. I left it that way for a few hours, but it didn’t improve.

I measured the cell voltage at about 3.8V… I figured maybe the charging circuitry just needed a helping hand. I had bought a LiPo charger a few weeks before, a clearance item, but not used it until now. I made up a pig-tail to mate with the cell’s connector.

LiPo charger with pigtail

I then unplugged the battery from the GPS, and plugged it into the charger. The POWER LED illuminated the moment the battery was connected, and once I fished around for a 5V 1A PSU (had a 2A one in the junk box), plugged that in, the STATUS LED illuminated. Reading the data sheet, that meant it was charging.

I left it run for a few hours then checked again, the STATUS LED had gone dark, indicating charging was complete. So I powered off the charger, unplugged the battery and put it back in the GPS. Held down the power button, and… SUCCESS! It booted straight up, and reported about 80% battery capacity (okay, whatever… at least it turned on).

Now, all was not completely rosy… in the opening and shutting of the GPS, I managed to tear off the coax from an antenna. I wasn’t sure whether it was for GPS reception or WiFi at this point, the antenna is a stick-on passive type, which is unusual for GPS, but a likely candidate for WiFi.

At this point, I had no GPS fix, so I did have concerns about that. I left the GPS for a bit, and over time, it eventually acquired a satellite fix, which might just be down to the GPS being powered down for over a month.

The old antenna and its broken coax feed.

Either way, I should try fixing that before I close it up. At first I was going to try soldering to the antenna, but that proved impossible, so I peeled off the old one, and set about replacing it outright. GPS reception didn’t seem too bad, but I did notice WiFi was down to about 1 bar of reception.

The coax is some of the tiniest cable I’ve seen, so I decided I’d just replace that too. The case design does not make accessing the solder pads easy, and I’m probably in need of a new tip on my soldering iron. Removing the old coax was easy enough… soldering to those pads was a pain.

My thought was to make a simple “dipole” antenna with some RG-195 coax, stripping off its jacket to reduce the outer diameter, putting a small length of heat-shrink to insulate part of the braid, then folding the braid back over the heat-shrink-insulated section to form a “sleeve” balun. I had thought I’d just tack the coax to the PCB, but this proved a nightmare, so I wound up using copper enamel wire to bridge from the pads to my antenna.

New antenna, connected to PCB using copper enamel wire

This is not ideal, as the wire will be inductive, but thankfully it’s short, so I’ll get away with it. You’ll notice there’s a small plastic “poker” that presses the power button on the PCB: I had to cut away a little bit of plastic there to allow the coax to pass underneath. I then stuck the other end of the antenna down with electrical tape. VSWR at 2.4GHz is probably horrible, but it seems to work anyway:

WiFi, seemingly working okay with the homebrew antenna

At this point, the battery was in, the antenna was fixed, and it was time to button it all up. I used some electrical tape to help keep the battery in place, figuring that with the tight tolerances in there it likely wouldn’t move far anyway.

GPS took a little while to “wake up”, having been disconnected from power for nearly a month, but eventually it picked up the satellites and had a reasonably accurate fix. given I was indoors I’m happy with that.

GPS status screen, showing a ~5m accuracy on the fix from 7 satellites
OziExplorer (Android) showing my current position.

Dec 162020
 

Well, this month has been a funny one. When we moved to the NBN back in March, we went from having a 500GB a month quota, to a 100GB a month, with a link speed of 50Mbps.

That seemed, at the time, like a reasonable compromise, since much of the time, my typical usage has been around 60~70GB a month. There’s no Netflicks subscriptions here, but my father does hit YouTube rather hard, and I lately have been downloading music (legally) from time to time.

This year has also seen me working from home, and doing a lot of Slack and Zoom calls. Zoom in particular, is pricey quota-wise, since everyone insists on running webcams. Despite this, the extra Internet use has been manageable. Couple of times we got around 90GB, maybe sailing close to the 100GB, but never over. This is what it looked like last month:

November’s Internet quota usage

This month, that changed:

Internet usage this month

Now, the start of the month data got missed because of a glitch between collectd and the Internode quota monitoring script I have. Two of the spikes can be attributed to:

  • the arrival of a Windows 10-based laptop doing its out-of-box updates (~4GB)
  • my desktop doing its 3-monthly OS updates (~5GB)

That isn’t enough to account for why things have nearly doubled though. A few prospects were in my mind:

  • a web-based script going haywire in a browser (this has happened, and cost me dearly, before)
  • genuine local user Internet activity increases
  • website traffic increases
  • server or workstation compromise

Looking over the netflow data

Now, last time I had this happen, I did two things:

  • I set up collectd/influxdb/Grafana to be able to monitor my Internet usage and quota
  • I set up nfcapd on the border router to monitor my usage

This is pretty easy to set up in OpenBSD, and well worth doing.

I keep about 30 days’ worth of netflow data on the border router. So naturally, I haul that back to my workstation and run nfdump over it to see what jumps out.

Looking through the list of “flows”, one target identified was a development machine hosted at Vultr… checking the IP address, revealed it was one of the WideSky test instances my workplace uses, about 5GB of HTTP requests and about 4GB of VPN traffic — admittedly the couple of WideSky hubs I have here have the logging settings cranked high.

That though doesn’t explain it. The bulk of the traffic was scattered amongst a number of hosts. I didn’t see it until I tried aggregating it by /16 subnet:

RC=0 stuartl@rikishi /tmp $ nfdump -R /tmp/nfcapd -A srcip,dstip -o long6 -O bytes 'net 114.119.0.0/16'  
Date first seen          Duration Proto                             Src IP Addr:Port                                 Dst IP Addr:Port     Flags Tos  Packets    Bytes Flows
2020-11-27 23:11:30.000 1630599.000 0                             150.101.176.226:0     ->                         114.119.146.185:0     ........   0    4.7 M    6.8 G  2535
2020-11-22 13:02:41.000 2099541.000 0                             150.101.176.226:0     ->                         114.119.133.234:0     ........   0    4.3 M    6.1 G  2376
2020-11-18 14:38:42.000 2439079.000 0                             150.101.176.226:0     ->                         114.119.140.107:0     ........   0    3.8 M    5.4 G  2418
2020-11-20 10:43:58.000 2280070.000 0                             150.101.176.226:0     ->                          114.119.141.52:0     ........   0    3.7 M    5.3 G  2421
2020-11-21 22:34:35.000 2151244.000 0                             150.101.176.226:0     ->                         114.119.159.109:0     ........   0    3.4 M    4.9 G  2446
2020-11-24 00:11:52.000 1972657.000 0                             150.101.176.226:0     ->                          114.119.136.13:0     ........   0    3.4 M    4.8 G  2399
2020-11-25 04:24:32.000 1870854.000 0                             150.101.176.226:0     ->                         114.119.136.215:0     ........   0    3.3 M    4.8 G  2473
2020-11-24 15:49:55.000 1916848.000 0                             150.101.176.226:0     ->                           114.119.151.0:0     ........   0    3.0 M    4.4 G  2435
2020-11-27 20:15:43.000 1641316.000 0                             150.101.176.226:0     ->                         114.119.129.181:0     ........   0    2.6 M    3.7 G  2426
2020-11-27 21:38:37.000 1636635.000 0                             150.101.176.226:0     ->                          114.119.159.16:0     ........   0    2.5 M    3.6 G  2419
2020-11-27 23:11:30.000 1630599.000 0                             114.119.146.185:0     ->                         150.101.176.226:0     ........   0    4.1 M  175.9 M  2535
…
2020-11-19 22:02:04.000     0.000 0                             150.101.176.226:0     ->                         114.119.138.111:0     ........   0        3      132     1
2020-11-25 03:37:11.000     0.000 0                             150.101.176.226:0     ->                          114.119.152.27:0     ........   0        3      132     1
2020-12-06 19:59:49.000     0.000 0                             150.101.176.226:0     ->                         114.119.151.153:0     ........   0        3      132     1
2020-11-22 08:23:11.000     0.000 0                             150.101.176.226:0     ->                          114.119.130.23:0     ........   0        3      132     1
2020-11-25 15:43:47.000     0.000 0                             150.101.176.226:0     ->                         114.119.128.219:0     ........   0        3      132     1
2020-11-24 09:05:13.000     0.000 0                             150.101.176.226:0     ->                          114.119.140.85:0     ........   0        3      132     1
Summary: total flows: 56059, total bytes: 51.7 G, total packets: 65.0 M, avg bps: 150213, avg pps: 23, avg bpp: 794
Time window: 2020-11-13 11:01:52 - 2020-12-16 20:19:41
Total flows processed: 39077053, Blocks skipped: 0, Bytes read: 2698309352
Sys: 3.744s flows/second: 10436251.9 Wall: 15.108s flows/second: 2586482.6 

51.7GB in a month!!! Drilling further, I noted it was mostly targeted at TCP ports 80 and 443, and UDP port 53. Web traffic, in other words. Reverse look-up on a randomly selected IP showed the reverse pointer petalbot-xxx-xxx-xxx-xxx.aspiegel.com, and indeed, in server logs for various sites I host, I saw PetalBot in the user agent.

Plucking some petals off PetalBot

So, I needed to put the brakes on this somehow. I’m fine with them indexing my site, just they should have some consideration and restraint about how quickly they do so.

Thus, I amended pf.conf:

# Rate-limited "friends"
ratelimit_dst4="{ 114.119.0.0/16 }"
#ratelimit_dst6="{ }"

# Traffic shaping queues
queue root on $external  bandwidth 25M max 25M
queue slow parent root   bandwidth 256K max 512K
queue bulk parent root   bandwidth 25M default

# …

# Rate-limit certain targets
pass out on egress proto { tcp, udp, icmp } from any to $ratelimit_dst4 modulate state (pflow) set queue slow
#pass out on egress proto { tcp, udp, icmp6 } from any to $ratelimit_dst6 modulate state (pflow) set queue slow

So, the first line defines the root queue on my external interface, and sets the upload bandwidth for 25Mbps (next month, I will be dropping my speed to 25Mbps in favour of an “unlimited” quota).

Then, I define a queue which is restricted to 256kbps (peak 512kbps), and define all traffic going to a specific list of networks, to use that queue. PetalBot should now see a mere 512kbps at most from this end, which should severely crimp how quickly it can guzzle my quota, whilst still permitting it to index my site.

Yesterday, PetalBot chewed through 8GB… let’s see what it does tomorrow.

Dec 132020
 

So, in the last 12 months or so, I’ve grown my music collection in a big way. Basically over the Christmas – New Year break, I was stuck at home, coughing and spluttering due to the bushfire smoke in the area (and yes, I realise it was no where near as bad in Brisbane as it was in other parts of the country).

I spent a lot of time listening to the radio, and one of the local radio stations was doing a “25 years in 25 days” feature, covering many iconic tracks from the latter part of last decade. Now, I’ve always been a big music listener. Admittedly, I’m very much a music luddite, with the vast majority of my music spanning 1965~1995… with some spill over as far back as 1955 and going as forward as 2005 (maybe slightly further).

Trouble is, I’m not overly familiar with the names, and the moment I walk into a music shop, I’m like the hungry patron walking into a food court: I want to eat something, but what? My mind goes blank as my mind is bombarded with all kinds of possibilities.

So when this count-down appeared on the radio, naturally, I found myself looking up the play list, and I came away with a long “shopping list” of songs I’d look for. Since then, a decent amount has been obtained as CDs from the likes of Amazon and Sanity… however, for some songs, I found it was easiest to obtain them as a digital download in FLAC format.

Now, for me, my music is a long-term investment. An investment that transcends changes in media formats. I do agree with ensuring that the “creators” of these works are suitably compensated for their efforts, but I do not agree with paying for the same thing multiple times.

A few people have had to perform in a studio (or on stage), someone’s had to collect the recordings, mix them, work with the creators to assemble those into an album, work with other creative people to come up with cover art, marketing… all that costs money, and I’m happy to contribute to that. The rest is simply an act of duplication: and yes, that has a cost, but it’s minimal and highly automated compared to the process of creating the initial work in the first place.

To me, the physical media represents one “license”, to perform that work, in private, on one device. Even if I make a few million copies myself, so long as I only play one of those copies at a time, I am keeping in the spirit of that license.

Thus, I work on the principle of keeping an “archival” copy, from which I can derive working copies that get day-to-day playback. The day-to-day copy will be in some lossy format for convenience.

A decade ago that was MP3, but due to licensing issues, that became awkward, so I switched over to Ogg/Vorbis, which also reduced the storage requirements by 40% whilst not having much audible impact on the sound quality (if anything, it improved). Since I also had to ditch the illegally downloaded MP3s in the process, that also had a “cleaning” effect: I insisted then on that I have a “license” for each song after that, whether that be wax cylinder, tape reel, 8-track, cassette tape, vinyl record, CD, whatever.

This year saw the first time I returned to music downloads, but this time, downloading legally purchased FLAC files. This leads to an interesting problem, how do you store these files in a manner that will last?

Audio archiving and CDs

I’m far from the first person with this problem, and the problem isn’t specific to audio. The archiving business is big money, and sometimes it does go wrong, whether it be old media being re-purposed (e.g. old tapes of “The Goon Show” being re-recorded with other material by the BBC), destruction (e.g. Universal Studios fire), or just old fashioned media degredation.

The procedure for film-based media (whether it be optical film, or magnetic media) usually involves temperature and humidity control, along with periodic inspection. Time-consuming, expensive, error prone.

CDs are reasonably resilient, particularly proper audio CDs made to the Red Book audio disc standard. In the CD-DA standard, uncompressed PCM audio is Reed Solomon encoded to achieve forward error correction of the PCM data. Thus, if a minor surface defect develops on the media, there is hopefully enough data intact to recover the audio samples and play on as if nothing had happened.

The fact that one can take a disc purchased decades ago, and still play it, is testament to this design feature.

I’m not sure what features exist in DVDs along the same lines. While there is the “video object” container format, the purpose of this seems to be more about copyright protection than about resiliency of the content.

Much of the above applies to pressed media. Recordable media (CD-Rs) sadly isn’t as resilient. In particular, the quality of blanks varies, with some able to withstand years of abuse, and others degrading after 18 months. Notably, the dye fades, and so you start to experience data loss beginning with the edge of the disc.

This works great for stuff I’ve purchased on CDs. Vinyl records if looked after, will also age well, although it’d be nice to have a CD back-up in case my record player packs it in. However, this presents a problem for my digital downloads.

At the moment, my strategy is to download the files to a directory, save a copy of the email receipt with them, place my GPG public key along-side, take SHA-256 hashes of all of the files, then digitally sign the hashes. I then place a copy on an old 1TB HDD, and burn a copy to CD-R or DVD-R. This will get me by for the next few years, but I’ve been “burned” by recordable media failing, and HDDs are not infallible either.

Getting discs pressed only makes sense when you need thousands of copies. I just need one or two. So I need some media that will last the distance, but can be produced in small quantities at home from readily available blanks.

Archiving formats

So, there are a few options out there for archival storage. Let’s consider a few:

Magnetic tape

Professional outfits seem to work on tape storage. Magnetic media, with all the overheads that implies. The newest drive in the house is a DDS-2 DAT drive, the media for which has not been produced in years, so that’s a lame duck. LTO is the new kid on the block, and LTO-6 drives are pricey!

Magneto-Optical

MO drives are another option from the past… we do have a 5¼” SCSI MO drive sitting in the cupboard, which takes 2GB cartridges, but where do you get the media from? Moreover, what do I do when this unit croaks (if it hasn’t already)?

Flash

Flash media sounds tempting, but then one must remember how flash works. It’s a capacitor on the gate of a MOSFET, storing a charge. The dielectric material around this capacitor has a finite resistance, which will cause “leakage” of the charge, meaning over time, your data “rots” much like it does on magnetic media. No one is quite sure what the retention truly is. NOR flash is better for endurance than NAND, but if it’s a recent device with more than about 32MB of storage, it’ll likely be NAND.

PROM

I did consider whether PROMs could be used for this, the idea being you’d work out what you wanted to store, burn a PROM with the data as ISO9660, then package it up with a small MCU that presents it as CD-ROM. The concept could work since it worked great for game consoles from the 80s. In practice they don’t make PROMs big enough. Best I can do is about 1 floppy’s worth: maybe 8 seconds of audio.

Hard drives

HDDs are an option, and for now that’s half my present interim solution. I have a 1TB drive formatted UDF which I store my downloads on. The drive is one of the old object storage drives from the server cluster after I upgraded to 2TB drives. So not a long-term solution. I am presently also recovering data from an old 500GB drive (PATA!), and observing what age does to these disks when they’re not exercised frequently. In short, I can’t rely on this alone.

CDs, DVDs and Bluray

So, we’re back to optical media. All three of these are available as blank record-able media, and even Bluray drives can read CDs. (Unlike LTO: where an LTO-$X drive might be backward compatible with LTO-$(X-2) but no further.)

There are blanks out there that are designed for archival use, notably the M-Disc DVD media, are allegedly capable of lasting 1000 years.

I don’t plan to wait that long to see if their claims stack up.

All of these formats use the same file systems normally, either ISO-9660 or UDF. Neither of these file systems offer any kind of forward error correction of data, so if the dye fades, or the disc gets scratched, you can potentially lose data.

Right now, my other mechanism, is to use CDs and DVDs, burned with the same material I put on the aforementioned 1TB HDD. The optical media is formatted ISO-9660 with Joliet and Rock-Ridge extensions. It works for now, but I know from hard experience that CD-Rs and DVD-Rs aren’t forever. Question is, can they be improved?

File system thoughts

Obviously genuinely better quality media will help in this archiving endeavour, but the thought is can I improve the odds? Can I sacrifice some storage capacity to achieve data resilience?

Audio CDs, as I mentioned, use Reed-Solomon encoding. Specifically, Cross-Interleaved Reed-Solomon encoding. ISO-9660 is a file system that supports extensions on the base standard.

I mentioned two before, Rock-Ridge and Joliet. On top of Rock-Ridge, there’s also zisofs, which adds transparent decompression to a Rock-Ridge file system. What if, I could make a copy of each file’s blocks that were RS-encoded, and placed them around the disc surface so that if the original file was unreadable, we could turn to the forward-error corrected copy?

There is some precedent in such a proposal. In Usenet, the “parchive” format was popularised as a way of adding FEC to files distributed on Usenet. That at least has the concept of what I’m wishing to achieve.

The other area of research is how can I make the ISO-9660 filesystem metadata more resilient. No good the files surviving if the filesystem metadata that records where they are is dead.

Video DVD are often dual UDF/ISO-9660 file systems, the so-called “UDF Bridge” format. Thus, it must be possible for a foreign file system to live amongst the blocks of an ISO-9660 file system. Conceptually, if we could take a copy of the ISO-9660 filesystem metadata, FEC-encode those blocks, and map them around the drive, we can make the file system resilient too.

FEC algorithms are another consideration. RS is a tempting prospect for two reasons:

zfec used in Tahoe-LAFS is another option, as is Golay, and many others. They’ll need to be assessed on their merits.

Anyway, there are some ideas… I’ll ponder further details in another post.

Dec 012020
 

The last few years have been a testing time for world politics. Recent events have seen much sabre-rattling, but really, none of this has suddenly “appeared”… it’s been slowly bubbling away for some time now.

Economic tunnel-vision

For a long time now, much of our world has revolved around the unit of currency. Call it the US dollar, the Australian dollar, the British Pound, Chinese Yuan, whatever… for the past 50 years or so, we have been “seduced” by two concepts which developed in the latter part of last century:

  • economies of scale
  • just-in-time production

The concepts are on the surface, fairly simple.

Just-in-time production forgoes having a large stock and inventory of components to feed your supply-lines in favour of ordering just enough of what you need to fulfil the orders you have active at the present moment. So long as nothing disrupts your supply lines, all is rosy. You might keep a small inventory just as a buffer, but in general, that might only last a day or so.

Economies of Scale was the other concept that really took hold last century, and was the reason why smaller workshops got shut down in favour of making lots of a widget in one central place, and shipping it out to everywhere from that one point.

Again, works great, until something happens in that place where you are doing the manufacturing, or something happens that hampers your ability to shift parts or product around.

The latter in particular took a dark turn when instead of making things close to where the demand was, “we” instead outsourced it, shifting the production to places where the labour was cheapest. As a consequence, many countries are forced to import as they no longer have the expertise or capabilities to manufacture products locally.

Both these concepts were ideas conceived with people wearing rose-coloured glasses, they emphasise cost-cutting over contingency plans on the grounds that disruption to manufacturing and supplies are unlikely events.

The rise of “the world’s factory”

Over time, companies pushed this concept of centralised manufacturing to extremes, whereby they were largely making things in one place. Apple for instance, were leaning heavily on Foxconn in China for the manufacture of their hardware.

None of this is without precedent, when I was growing up, Nike used to cop a lot of flack for the exploitation of workers in various third-world localities.

That said, history has often had something to say about putting all of one’s eggs in a single basket. There’s mostly nothing wrong with having products made in China, the problem is having things made exclusively in China.

At first, products made in China were seen as dodgy knock-offs of things made elsewhere. The same was said of things made in Japan in the 1950s and 1960s… but then Japan improved their systems and processes, and with it, the products they made improved too. In the case of China, initially things were done “cheaply”, which gave rise to a perception that things made in China were all “dodgy”.

Over time, processes again improved, and now there are some great examples of products and services, which are designed and built by people based in China. Stuff that works, and is reliable. There are some very smart people over there who are great at their craft.

That said, manufacturing all revolves around the dollar, and so when it came to cutting costs, something had to give.

Trouble in Xinjiang

With this global demand for manufacturing, China had a problem trying to find people to do the mundane jobs. Quality had to be maintained, and so some organisations over there tried to solve the cost problem a different way: cheaper labour.

Now, it’s well known that China’s government is not a government that particularly values individualism. This is evident in the manner in which the Tienanmen Square protests were so violently silenced.

The Uighur Muslim community is one such group that has been in their sights for a long time. This is a group that has been clamped-down on for more than 6 years. Over time, a narrative was developed that tried to cast this group as being “trouble makers” in need of “re-education”.

Over time, members of this community found themselves co-opted into being the cogs in this “global” factory. At first, such actions were hidden from view, including from the direct customers of these factories.

COVID-19 makes its entrance

So, over time, global manufacturing has shifted to China, in some cases involving forced labour in the effort to drive the cost down and make the end product seem more competitive.

Much of these problems have been hidden from the outside world, but for now, whilst we’re starting to learn of these issues, we still do the majority of our manufacturing in one country.

Then, about this time last year, a bizarre respiratory condition started showing up in Wuhan. Nobody knew much about this condition, other than the fact that it was discovered it was highly contagious.

Even today, we’re still unsure exactly how it came about, but the smart money is that it jumped from some reservoir host such as a bat, via some intermediate host, to humans. Bats in particular are major carriers of all kinds of corona-viruses, and as such, are a highly probably suspect in this.

I do not believe it is synthetic in origin.

COVID-19 threw a major spanner in the works for everybody. Community event calendars looked like an utter train-wreck with cancellations and deferrals all over the place. For me, some of the casualties I was looking forward to include the 2020 Yarraman to Wulkuraka bike ride and numerous endurance horse-riding events (where I assist in operations).

It also threw a major spanner in the works for just-in-time manufacturing (since freight was running inefficiently due to a lack of flights) and rolling shut-downs across China as COVID-19 did its worst.

Some businesses have already closed for good.

Knee-jerk reactions

Numerous countries, notably ours, called for an investigation into the origins and initial handling of the COVID-19 pandemic.

I for one, think such an investigation should go ahead. We owe it to the people who have lost their lives, and those who have lost their livelihoods, to this condition, that we try and find out what went wrong. It’s not about blaming people.

We’re not interested in who made the mistakes, it’s more a question of what the mistakes were. This event will repeat itself again, and again, until such time as we get to understand what “we” (globally) did wrong.

China’s government does not seem to have seen it this way. It’s as if they see it as a witch-hunt. As a result, we as a nation that seems to have been singled-out, with heavy tariffs placed on goods that we as a nation export to China.

Notably absent in this trade-war is iron ore, partially because the other major producer of iron ore, Brazil, has been left a complete basket-case by this pandemic, and Australia was a major supplier of iron ore long before COVID-19 reared its ugly head.

A plan “B”

Right now, things are escalating in this diplomatic row. Whilst the politicians are trying to resolve this with as little fuss as possible, I think China’s position is becoming very clear. They’ve told the world “F You” in no uncertain terms.

We are most definitely dealing with a rebellious and violent teenager, more than capable of smashing holes in a few walls and inflicting grievous bodily harm.

I think it would be wonderful if things could be reset back to the way they were, but at the same time, I think that really, we may need to realise that “peak China” days may be behind us now.

I know there are organisations that have built their entire business model around exports to China, and that literally overnight, conditions have changed which now make that greatly risk business viability.

They are geared around the huge appetite that this country’s people have previously demonstrated for our goods and services. I think now, more than ever, we should be looking around. Where else can I outsource to? Where else can I sell to? How can we make do with less demand?

If China does come around, then sure, maybe a certain portion of your market can be serviced there. I think it folly though to be reliant on one single region for your supply or demand though.

Two or three alternatives may not totally balance things, but having at least a partial income is better than none at all!

The Australian coat-of-arms features the emu and the kangaroo. These animals are quite different from one another, but they share a few common attributes. Yes, some might say they’re two of the less brainy members of the animal kingdom, but also, they are not known for going “backwards”.

Whilst we momentarily look over our shoulder at our past, I think it important that we keep moving “forwards”.

Learning from our mistakes

I think in all of this, it’s fair to say none of us are perfect. Yes, our SAS troops have been implicated in some truly horrendous war crimes. Not all of them, thankfully, but enough to cast a cloud over the military in general. Some of the Army’s chopper pilots are not exactly famous for fast reporting of fires either.

We’re investigating this, and yes, some of the top brass are ducking for cover, as it’s likely some know more than they’ve been letting on. An analysis of what went wrong will be done, and we, collectively, will learn from those mistakes.

In the case of COVID-19, for the first few months of 2020, we were told “No, we don’t need help, we’re fine, we’ve got this!”. Taiwan saw this, and immediately sprang to action, as did many other nations close to China. They’ve seen similar things happen before (SARS, MERS), and so maybe their scepticism shielded them somewhat.

I think one of the biggest lessons of all is to realise that asking for help is not a sign of weakness, it’s a sign of maturity. We’re on this planet, together. We are in this mess, together. We need to work this all out, together.

What am I doing?

So, based on the above… where do I sit? Not on the fence.

I myself have started seriously considering my suppliers.

In particular, I have practically destroyed my credentials for AliExpress, having bought the last few things I’m likely to want from there. I’ve ordered printed circuit boards from a supplier in Hong Kong.

During last year, I had ordered a few PCBs from their sister factory in mainland China as I was concerned about the civil unrest there (and on that, I do think the people there have a valid point to raise) causing delays, but had originally intended to move things back once things settled down. However, with China being so adamant that Hong Kong is “theirs”, I’m forced to treat Hong Kong the same as mainland China.

As such, I’ll probably be looking to the US, Europe or India to evaluate options there. I might still use the old Hong Kong supplier, but they won’t be the sole supplier.

Where possible, I’ll probably be paying more attention to country-of-origin for products I buy from now on, and preferring local options where possible. This won’t always be the case, and some things will have to be imported from China, but I aim to diversify my sources.

I may start making things myself. Yes, time-consuming, expensive, but ultimately, this means I become the master of my own destiny, it’s likely a worthwhile journey to undertake.

Above all, I am not out to discriminate against the people of China. I may not always agree with some of their customs, but that does not give one the right to indulge in racism. My only real complaint with China at this time, is the conduct of its government.

Maybe with time, diplomatic relations might turn this around, and we may see a more co-operative Chinese government, only time will tell on that.

In the meantime, I plan to not reward their government for what I consider, bad behaviour.

Nov 042020
 

So, today I was doing some work for my workplace, when a critical 4G modem-router dropped offline, cutting me off. Figuring it was a temporary issue, I thought I’d resume this headset rebuild.

The replacement battery had turned up a few weeks back, a beefy 1000mAh 3.7V LiPo pack intended for Raspberry Pi PiJuice battery supplies. This pack was chosen because it has a similar arrangement to the original Logitech battery: single cell with a 10k thermistor. As a bonus, the pack appears to be at least triple the original cell’s capacity. I just had to wire it up.

The new battery being charged by the headset circuitry

The connectors are not compatible, being both physically different sizes and the thermistor and 0V pins being swapped. Black and Red are the same conventions on both packs, that is, red for +3.7V and black for 0V… the thermister connects to the blue wire on the old pack and yellow on the new pack.

I’m at two minds whether to embed the electronics directly into the earmuffs, or whether to just wire the microphone/speaker connections to a DIN-5 connector to make it compatible with my other headsets.

For now at least, the battery is charging, not getting hot, and the circuitry detects the base transceiver when it is plugged into a laptop USB port, so the circuitry is still “functional”.

Sep 052020
 

So, this is not really news… for the past 12 months or so, the scammers have been busy. They’ve been calling us long before we moved to the NBN, and of course we’ve just hung up the moment they started their spiel. The dead giveaway is the seconds of silence at the start of the call. Dead silence.

Of course, it’s not just the NBN, we’ve had “Amazon Prime”, “Visa”, “Telstra” and others call. Far and above all others has been NBN-related scams.

The latest on the NBN front is they claim your connection has been “compromised” by “other users”, in a British accent.

This is the call I received this morning. You can hear other callers in the back-ground. This is not a professional call-centre, this is a back-yard operation!

The home number recently moved from the PSTN to a VoIP service, so this actually gives me a lot of scope for dealing with this. For now, it’s a manual process: when they call, put them on hold. If I put someone on hold on this number, you better be a Deborah Harry fan!

Long term, I’ll probably look at seeing if I can sample the first 2 seconds of call audio, and if silent, direct the call to a voicemail service or IVR menu. In the meantime, it’s a manual process.

Thankfully we get caller ID now, something Telstra used to charge for.

MoH considerations

There’s three big considerations with music on hold:

  1. Licensing: You need to do the research into how music is licensed in your country. If you want to be safe, go look for something that is “public domain” or one of the “Creative Commons” family of licenses. In Australia, you probably want to have a look at this page if you want to use a piece of commercial music (like “Hangin’ On The Telephone”).
  2. Appropriateness: is the caller likely to get offended by your choice of hold music? (Then again, maybe that’s your goal?)
  3. Suitability for your chosen audio CODEC: Some audio CODECs, particularly the lower-bitrate ones, do an unsurprisingly terrible job, with music.

Regarding point (3) always test your music choice! Try different CODEC settings, and ensure it sounds “good” with ALL of them. Asterisk actually supports transcoding, but will choose the format that takes the least effort. RIFF Wave files (.wav) can be used too, but they must be mono files.

I slapped a CD-quality 44.1kHz stereo version in there, and wondered why it got ignored: that’s why — it wasn’t mono and Asterisk won’t down-mix.

Signed 16-bit linear is a pretty safe bet: effort of going to that to PCMA/PCMU (G.711a/G.711u) isn’t a big deal, but to anything else, you’re at the mercy of the CODEC implementation. Using G.722, things sounded fine, but I found even with Speex settings cranked right up (quality=10 complexity=10 enhancement=true), my selection of audio sounded terrible in Ultra-wideband Speex mode. I wound up with the following in my MoH directory:

vk4msl-gap# ls -l /usr/local/share/moh/
total 8280
-rw-r--r--  1 root  wheel   527836 Aug 29 17:02 moh.sln
-rw-r--r--  1 root  wheel  1055670 Aug 29 17:02 moh.sln16
-rw-r--r--  1 root  wheel  2111342 Aug 29 17:01 moh.sln32
-rw-r--r--  1 root  wheel   104793 Sep  5 12:17 moh.spx
-rw-r--r--  1 root  wheel   177879 Sep  5 12:34 moh.spx16
-rw-r--r--  1 root  wheel   184617 Sep  5 12:16 moh.spx32
  • .sln* is for 16-bit signed linear, the 16 and 32 suffixes refer to the sample rate, so 16kHz (wideband) and 32kHz (ultra-wideband). These should otherwise be “raw” files (no headers). Use sox <input> -r <rate> -b 16 -e signed-integer -c 1 <output>.sln to convert.
  • .spx* is Speex: Here again, I’ve got 8kHz, 16kHz and 32kHz versions. These were encoded using the following command: speexenc --quality 10 --comp 10 moh.wav moh.spx

There are various other CODEC selections, but right now, I’ve just focussed on signed linear and Speex since the latter is what needs careful attention paid. I tested between my laptop running Twinkle and the ATA on my network, and when I placed the call on hold from my laptop it sounded fine there, so I figure it’ll be “good enough”.


“Visa Security Department”

So, had “Visa” call me this morning… this too, is another scam. Anonymous caller. Bear in mind I do not actually have a credit card. Never have had one, never will.

“Visa security department”

They didn’t stick around, seems their system just drops the call if it hears a noise which isn’t a DTMF tone.

Interestingly, both this call, and the previous one were G.711u (µ-law PCM). Australia normally uses A-law PCM. America uses µ-law encoding. What’s the difference? Both are logarithmic encoding schemes. µ-law encoding has a wider dynamic range, however A-law has less distortion for quieter signals.


“Amazon”

“Amazon”

Almost the same structure as before. Audio CODEC was G.729 this time.

Aug 082020
 

So, lately I’ve been working from home, which means amongst other things, playing music as loud as I like, not getting distracted by co-workers, and the kettle a short walking distance from my workspace.

Eventually though, I will have to return to the office. For this aim, I’ll need to be able to “drown out” the background noise. Music is good for this, but not everyone is into the same tastes as I am — I am a bit of a music luddite.

Years ago (when the ink was drying on my foundation license) I purchased a Logitech Wireless headset. Model A-00006 (yes, that is quite old now). This headset worked, but it did have two flaws:

  1. the audio isolation wasn’t great, so they tended to “leak” sound
  2. they had the dreaded asymmetric audio sample rate problem with JACK.

Now, for home use I bought a much nicer set which solves issue (2) and isn’t too bad with (1), but I’d like to keep them home. (2) isn’t a problem at work since I don’t generally have the need for the audio routing I use at home. So (2) isn’t going to be a problem.

This headset sat in a box for some years, and over time, the headband and earpads have fallen to bits. The electronics are still good. What if I bought a pair of earmuffs and stuffed the old headset guts inside those? That’d solve issue (1) nicely.

Getting inside

These things didn’t open up without a fight. I found that where the speakers are concerned, you will permanently break the housing. The two sides are joined by a 8-wire ribbon cable. The majority of the electronics is in the right-hand side. The battery is most of the guts of the left side.

You’ll need to destroy the headband to liberate the ribbon cable, and you’ll need to destroy the speakers’ housing to get at the screws behind.

I now have the un-housed headset guts sitting on the table, with the original charger plugged in charging the very flat battery, which is a single-cell 3.7V LiPo pouch cell; no idea what capacity it is, I doubt it’s more than 200mAh.

Charging

I plugged everything back together and tried the headset out. It still works, although instead of indicating a solid amber LED for charging, it was showing a slow blink.

fccid.io has a copy of the original documentation online, as well as photos of the guts here. In that, it did not discuss what a “slow blink” meant, which had me concerned that maybe the battery had been left too long and was no longer safe to charge.

Battery voltage whilst charging is sitting around 4.2V, which sounds fair for a 3.7V cell. It eventually stops blinking, going solid, but then the other LED turns RED. Disconnecting the battery reveals 0V across the pins.

So I might be up for a new battery, the PiJuice batteries look to be a similar arrangement (single cell with termistor pin) and may be a good upgrade anyway.

Next steps

I prefer the microphone on the right-hand side, so that’s one thing I’ll be looking at changing. The ribbon cable connects using small FPC connectors, so I’m thinking I might see if I can de-solder those and put a beefier 2.54″ KK-style connector in its place. This will require soldering some wire-wrap wire up to the pins, but the advantage is it’s a much easier connector to work with.

The break-out board on the left side is very simple, no components other than a momentary switch for detecting the microphone boom position, and pads to which the left speaker, microphone, mute LED and battery connect. I’ll still put the battery in the left side, so there’ll still be 5 wires running across the headband. It should be easier to interface with a new battery as well doing this.

I will also have to bring the buttons and switch out to the outside of the earcup, so I’ll probably use KK connectors for those too. The power switch is a through-hole part, so that should be easy.

I’ll probably replace the proprietary power connector with a barrel jack too. Not sure if these will charge from 5V, the original charger has a 6V output.

I think once I’ve got more hacker-friendly connectors onto this, I should be able to look at readying the new home for the electronics.

Aug 052020
 

Some people make fun of my plain-text emails, but really, I think it’s time we re-consider our desire for colours, hyperlinks and inline images in email messages, especially for those who use web-based email clients as their primary email interface.

The problem basically boils down to this: HTML gives too much opportunity for mischief by a malicious party. In most cases, HTML isn’t even necessary to convey the information required. Tables are about the only real “feature” that is hard to replicate in plain text, for everything else there’s reasonable de-facto standards already in existence.

Misleading hyperlinks

HTML has a feature where a link to a remote page can take on any descriptive text the author desires, including images and other valid URIs. For example, the following piece of HTML code is perfectly valid:

<a href="http://www.google.com.malicious.website.example.com/">
   http://www.google.com
</a>

There are many cases where this feature is “useful”, however in an email, it can be used to disguise phishing attempts. In the above example, the link is claiming to be to Google’s search website, however would otherwise re-direct that user to some other, likely malicious, website.

Granted, not every user can read a URI to determine if it is safe. There are adults who “grew up with the Internet”, that have never typed a URI in an address bar ever, instead relying on tools like search engines to locate websites of interest.

However, it would seem disingenuous to say that because a proportion of the community cannot read a URI, we should hide any and all links from everybody. For that small portion, showing the links won’t make a difference, but it will at least make it easier to avoid such traps.

Media exploits

Media decoders are written by humans, and humans are imperfect, thus it is fair to say there are media decoders that contain bugs, some of which could be disastrous for computer security.

Microsoft had such a problem in their GDI+ JPEG decoder back in 2004. More recently, there was a kernel-level security vulnerability in their TrueType font parser.

Modern HTML allows embedding of all this, and more. Most email clients will also allow you to “preview” an email without opening it. If an email embeds inline media which exploits vulnerabilities such as the one above, just previewing it will be sufficient to gain access.

Details are scarce, but it would appear it was a vulnerability along these lines that allowed unauthorised access into the Australian National University back in 2018.

Scripting

Modern web standards allow all kinds of means for embedding scripts, that is, small pieces of interpreted code which runs client-side in the HTML renderer. ECMAScript (JavaScript) can be embedded:

  • in <script> tags (the traditional way)
  • inside a hyperlink using a javascript: URI
  • HTC and XBL features in Internet Explorer and Mozilla Firefox, respectively.

Probably lots more ways I haven’t thought about.

Web-based email clients

Now, a stand-alone email client such as Microsoft Outlook, Eudora or Mozilla Thunderbird can simply not implement the scripting features, however the problem is highly acute where web-based email clients are used.

Here, you’re viewing an email in a HTML engine that has complete media and scripting capabilities. There’s dozens of ways to embed both forms of content into a blob of HTML, and you are entirely at the mercy of your web-based email client’s ability to sanitise the HTML before it dumps it inside the DOM tree that represents your email client.

As far as the web browser is concerned, the “email” is just another web page, and will not hesitate to execute embedded scripts or render inline media, whether the user wishes it to or not.

It’s not known what ANU uses for their email infrastructure, but many universities are big fans of web-based email since it means they don’t have to explain to end users how to configure their email clients, and provides portability for their users.

Putting users at risk

Despite the above, it would appear there are lots of organisations that are completely oblivious to this problem, and insist on forcing people to render their emails as HTML, putting their customers/users at risk of security breach.

The purpose of multiple formats in the same email is to provide alternate formats of the same content. Not to provide totally different emails because you can’t be stuffed!

For example, my workplace’s hosting provider, recently sent us an email, which when viewed as plain text, read as follows:

Hello Client,
 
Unfortunately your email client is outdated and does not support HTML emails, our system uses HTML emails as standard. You will NOT be able to read this email.
 
HOW DO I READ THIS EMAIL?
 
To read this email please login to your domain manager https://hostingprovider.example.com/login/ and click on Notifications to see a list of all sent emails.
 
Thank You
 
Customer Support

The suggestion that an email client configured to read emails as plain text, counts as it being “outdated” is naïve in the extreme, and I’d expect a hosting provider to know better. I’m thankful I personally don’t purchase services from them!

Then there’s financial service providers. One share registry’s handling of the situation is downright abusive:

Link Market Services sent numerous emails that looked exactly like this.

Yeah, rather than just omitting the text/plain component and letting the email client at this end try to render the HTML as plain text (which works reasonably well in many cases), in this case, they just sent an empty text/plain body:

From: …redacted… <comms@linkmarketservices.com.au>
To: …redacted…
Reply-To: donotreply@linkmarketservices.com.au
Date: Wed, 29 Jul 2020 04:42:30 +0000
Subject: …redacted… Funds Attribution Managed Investment Trust Member Annual
 Statement
Content-Type: multipart/alternative;
 boundary=--boundary_55327_8fbc43bd-48f3-4aa1-9ab7-9046df02b853
ZMID: 9f485235-9848-49cf-9a66-62c215ea86ba-1
Message-ID: <0100017398e10334-d45a0a83-ff4d-4b83-8d19-146b100017f6-000000@us-east-1.amazonses.com>
X-SES-Outgoing: 2020.07.29-54.240.9.110
Feedback-ID: 1.us-east-1.oB/l4dCmGdzC38jjMLirCbscajeK9vK6xBjWQPPJrkA=:AmazonSES


----boundary_55327_8fbc43bd-48f3-4aa1-9ab7-9046df02b853
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"


----boundary_55327_8fbc43bd-48f3-4aa1-9ab7-9046df02b853
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"

PCFET0NUWVBFIGh0bWw+Cgo8aHRtbCBsYW5nPSJlbiI+CjxoZWFkPgo8bWV0YSBjaGFyc2V0PSJ1
dGYtOCI+CjxtZXRhIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwgaW5pdGlhbC1zY2FsZT0x
IiBuYW1lPSJ2aWV3cG9ydCI+CjxtZXRhIGNvbnRlbnQ9IklFPWVkZ2UiIGh0dHAtZXF1aXY9Ilgt

Ohh yeah, I’m so fluent in BASE64! I’ve since told them to send it via snail mail. Ensuring they don’t burn down forests posting blank sheets of A4 paper will be their problem.

The alternative: wiki-style mark-up

So, our biggest problem is that HTML does “too much”, so much that it becomes a liability from a security perspective. HTML wasn’t the first attempt at rich text in email… some older email clients used enriched text.

Before enriched text and HTML, we made do with various formatting marks, for instance, *bold text might be surrounded by asterisks*, and /italics indicated with forwardslashes/. _Underlining_ could be done too.

No there was no colour or font size options, but then again this was from a time when teletype terminals were not uncommon. The terminals of that time only understood one fixed-size font, and most did not do colour.

More recently, Wikis have built on this to allow for some basic mark-up features, whilst still allowing the plain text to be human readable. Modern takes of this include reStructured Text and Markdown, the latter being the native format for Wikis on Github.

Both these formats allow for embedding images inline and for tables (Markdown itself doesn’t do tables, but extensions of it do).

In email clients such images should be replaced with place-holders until the user clicks a button to reveal the images (which they should only click if they trust the sender).

Likewise, hyperlinks should be rendered in full, e.g. in a web-based client, the link [a cool website](http://example.com/) might be rendered as <a href="http://example.com">[a cool website](<code>http://www.example.com</code>)</a> — thus allowing for malicious links to be more easily detected. (It also makes them printable.) Only plain text should be permitted as a “label” for a hyperlink.

Use of such a mark-up format would have a number of benefits:

  • the format is minimal, meaning a much reduced attack surface for security vulnerabilities
  • whilst minimal, it would cover the vast majority of peoples’ use cases for HTML email
  • the mark-up is light-weight, reducing bandwidth for those on low-speed links or using lower-power devices

The downside might be for businesses, which rely on more advanced features in HTML to basically make an email look like their letter head. The business community might wish to consider the differences between a printed letter sent via the post, and an email sent electronically. They are different beasts, and trying to treat one as a substitute for the other will end in tears.

In any case, a simple letter head could be embedded as an inline image quite safely if such a feature was indeed required.

It is in our interests to curtail the features used in email communications if we intend to ensure communications remain safe and reliable.

Jul 222020
 

I noted at the last horse endurance ride we did up at Imbil that we had a packet of pancake mix whose “best-before” date had expired early last year. We were too busy that event to go making pancakes for breakfast, so the packet wound up coming back with us in the van.

I made a note of this, bought a new packet to replace the one in the van (turns out there’s a second one there too!) and bring the old packet to use up. Thinking about this, I thought, why not experiment? What would it be like if I used coffee instead of water to make up the mix?

So, I poured in some coffee from the percolator up to the marking on the packaging, and whilst chatting on the Bayside District Amateur Radio Society morning “coffee net”, I cooked up a number of small pikelets.

No I won’t win awards for my pancake flipping skills… but they taste alright.

Two things I’d do different:

  1. use slightly stronger coffee (the mix I used is perhaps a little weak, so the coffee flavouring is only subtle even though the colour is notably darker)
  2. thicken the mixture up a bit so the pikelets are not as thin

In fact, not using >18 month old mixture, or doing the batter from scratch might help too!