Aug 232016

Cananka board (bottom)[This post is part four in the series.]

The most difficult part of board setup is done for us – we have both dimensions and we’ve decided on components. Even better we don’t need to think about board much as our HAT specification has it all sorted out. Or does it?

If you make board based on HAT specification you won’t be able to fit official case around it. We need additional cutouts if we want it to fit – bigger on the left side and just a small one on the right. As board is not really crowded, it was easy to carve out the additional space. However, it might not be as easy for more dense layouts.

Cananka boardTop side is dominated by our DC-to-DC converter and nice 3.81 mm 4-pin CAN bus connector. Additionally there are through-hole LEDs so we can see activity and a through-hole oscillator purely because I hate SMD ones. To help with troubleshooting a few pads without solder mask are along the edge.

The whole board is essentially split into two parts. On top we can find components that can safely connect to Raspberry Pi. Most notable being MCP2515 CAN bus controller and 24C32 EEPROM needed for HAT compatibility.

Between CAN bus connector and controller we have isolation border crossed only by isolated DC-to-DC converters and ISO1050 CAN bus transceiver. Two millimeter spacing between these two universes should provide adequate protection.

It is a pretty straightforward layout mostly driven by the need to have isolation border and the size of the components.

Now, let’s get the board working.

Aug 172016

WordPress - missed scheduleIt seems with every new WordPress version there is the same issue. For one reason or another, post scheduling stops working. Exact cause is varied but most commonly it is the caching plugin playing games.

Usual solutions for this are either manually calling wp-cron.php via wget or getting WP Scheduled Plugin. I believe most sites, including mine, need another plugin as much as pig needs a wig. I am not judging if you are into either of it, but I recommend limiting both activities.

Using curl or wget to manually execute wp-cron.php might also not work on sites that are properly secured and have most of php disabled in .htaccess to start with. Yes, you can always make an exception, but there is a better way.

First step is common, just disable standard WordPress cron behavior in wp-config.php:

define('DISABLE_WP_CRON', true);

Then either use crontab -e from command line or your web provider’s task scheduling web interface (CPanel or similar) to add following command:

/usr/bin/php -q /home/user/www/wp-cron.php

This will call upon PHP to manually execute wp-cron.php bypassing Apache and .htaccess completely. Notice that you must use full paths as cron jobs are ran in limited environment.

For my needs, a daily frequency (@daily or 0 0 * * *) is actually sufficient as I schedule my posts always for midnight. Those needing more precise time might decide to go hourly (@hourly or 0 * * * *) or even more often.

Aug 112016

Bimil: Password generatorOne of major issues reported with Bimil was the lack of password generator. In this version, you have two. :)

Classic password generator will allow you selection of password length and what it will consist of. You can choose between lower and upper letters, numbers, and special characters. Length can be anywhere between 4 (you’re crazy) and 99 (you’re paranoid) characters. For those of weak heart, generated passwords can be simplified a bit. It is pretty standard stuff really.

Followers of XKCD have probably seen his word-based password cartoon. For those taking his (actually quite good) recommendation to heart, Bimil now allows for random generation of just such passwords. It has a database of over 15,000 English words and 12,000 names so it should provide reasonable variety. Additionally it allows for further strengthening by using numbers and special characters so good entropy can be achieved even if somebody knows exactly which dictionary you used.

Both will give you a highly pessimistic view on how good your password is. It assumes omnipotent enemy and exaggerates his power. It is probably a bit too paranoid but it won’t hurt a bit. Just remember that any password with an 1 year estimate is actually pretty good. Of course, aiming for Eternity rating will give you more nerd points. :)

With more and more passwords it gets rather difficult to find what is where. While title does give a hint, often a search within content is needed. Now you can search for anything appearing in any of the visible fields. It definitely helps in situations when you remember user name or some similar detail but you don’t remember exact title.

For some purposes it comes in handy to track previous passwords. If you add password history field to any item, Bimil will remember up to three password changes before it starts dropping the oldest one. Most of the time you won’t need it but it beats manual storing of password in notes when you do.

In addition to these changes, lot of small improvements have happened but I will leave you to discover them when you download Bimil or upgrade from within application.

Aug 052016

Wireshark - NBNSI have already written how to poke holes in guest network for Chromecast and that method is sufficient for vast majority of devices. However, occasionally you might stumble upon device presenting a bit more challenge. One example is my Brother MFC-J475DW or better said pretty much anything in Brother’s MFC printer lineup.

In order to determine why my printer wouldn’t work despite explicitly allowing for its MAC address, I snooped all traffic using Wireshark. As I knew printer was using IPv4 address, that was my Wireshark filter (ip.version == 4).

After playing with printer for a while (trying printing, scanning, rebooting, etc.), I stopped snoop and started going over captured packets. One packet stood out from the bunch – it was a name query packet for something looking suspiciously like my printer’s name. That packet was broadcasted to my whole network from my computer. As that packet went unanswered, my PC though there is no printer.

Armed with that knowledge, firewall-start script can be adjusted not only to allow traffic from and to the MAC address belonging to the printer (as done for the Chromecast adventure) but also to allow broadcast traffic on the first 2.4 GHz guest WiFi interface:

echo "#!/bin/sh" > /jffs/scripts/firewall-start
echo "ebtables -I FORWARD -p ARP -i ! eth0 -o wl0.1 -j ACCEPT" >> /jffs/scripts/firewall-start
echo "ebtables -I FORWARD -s 34:68:95:A7:64:F5 -i wl0.1 -o ! eth0 -j ACCEPT" >> /jffs/scripts/firewall-start
echo "ebtables -I FORWARD -d 34:68:95:A7:64:F5 -i ! eth0 -o wl0.1 -j ACCEPT" >> /jffs/scripts/firewall-start
echo "ebtables -I FORWARD -d ff:ff:ff:ff:ff:ff -i ! eth0 -o wl0.1 -j ACCEPT" >> /jffs/scripts/firewall-start
echo "logger Poked hole for Brother MFC printer" >> /jffs/scripts/firewall-start
chmod a+x /jffs/scripts/firewall-start

PS: During snooping do close all other programs that are using network and try to keep any non-printer activity to a minimum. Makes snoop analysis much easier.