pfSense home router using the PC Engines APU1D4

My old home router based on a sandy bridge dual core celeron and a gigabyte motherboard got “stolen” by my wife to use as a desktop as her old laptop was getting pretty slow.

I ran for a while Tomato on a Cisco E3200 router but it wasn’t able to keep up with my home connection (300 down / 100 up). Even if the router has gigabit ports it was only able to nat at ~100-150Mbit and openvpn was limited to around 10Mbit

The decision came (due to what is available in my part of the world) to the Fitlet X or the PC Engines APU1D4.

The fitlet has 4 intel LAN ports and a quad core AMD 1GHz cpu (two generations newer than the APU). This was really apealing oposed the APU’s dual core bobcat and 3 realtek based NICs.

Eventually I settled with the APU due to the two internal mini-pcie slots and being only half the cost of the Fitlet. (Consider that you have to buy RAM for the fitlet-x and that you don’t have any internal mini-pcie left, the only one is used by the FACET card with the 3 LANs)

I won’t go into detail about the build or do a full review as this has already been made. I will only go trough the bits of information I had trouble finding before and after buying it.

  • Throughput: without heavy use (squid, snort, etc.) you should see 400-500 Mbit WAN->LAN (limited by the realtek NICs). I know Mbit is not a good measure of a router/firewall performance but this is what matters to me at home. I saw mentions of 600 Mbit. I was eager to deploy it so I didn’t do any testing so all I can say is that 300Mbit works fine without any strain.
  • OpenVPN: it does around 50Mbit for me using AES-CBC-128. This was really a tough one as I didn’t find any useful values before buying and it was important for me. It’s a bit disappointing but very usable. The Bobcat T40E doesn’t support AES-NI but as far as I found out from others it’s not really helping OpenVPN either. There is low hope that newer versions of OpenVPN will perform better. The Fitlet-X CPU should be 15% faster due to IPC gains on it’s newer core so you should see a bit more.
  • Temperature: it appears that ~60 deg. C in idle is normal. Coming from Intel CPUs this worried me at first but seems normal for this CPU
  • Wireless: if you go the pfSense route as I did get the Compex WLE200NX usually sold together with the APU. It’s atheros (best for pfSense) and what most pfSense developers using the APU have.
  • SSD: don’t buy the 16GB crap SSD that is offered together with this board. Get a cheap ADATA/whatever instead. It’s probably going to be 32GB and at least twice as fast
  • Case: important due to the solution PC Engines chose for cooling. Note that this case doesn’t offer space for a 2.5 SSD/HDD (even if one SATA port is onboard), additional USBs (even if headers are present) or for a second set of antennas (even if two mini-pcie devices can be installed)

Brightness keys on Linux Mint for Acer E3-111

Enabling brightness control is moderately easy (I’m pretty sure they worked out of the box on slackware).

Go to https://github.com/codingtony/acer-brightness-linux-acpi and follow the instructions. Change /etc/acpi/events/acer-tm-brightness-down and /etc/acpi/events/acer-tm-brightness-up with the correct events:

event=video/brightnessdown BRTDN 00000087 00000000

and

event=video/brightnessup BRTUP 00000086 00000000

Restart acpid and the shortcuts should start working.

Repairing a Husky Hunter after reversing batteries.

Ok, I did it. For the first time since I remember I inserted batteries wrongly and reversed polarity. And that in a device I’m pretty fond of, and I recently aquired: a Husky Hunter. It was only for a few seconds before I realized my mistake but it was enough, the computer was dead. I tried leaving it overnight with fresh batteries thinking that my mistake instantly depleted the onboard RAM battery (if it’s empty a Husky will just play dead until it gets a bit of charge). It didn’t work. Time to open it (again; the first time was for cleaning and inspection)

I was in luck, close to the battery compartment was a fuse. The multimeter quickly confirmed, it was interrupted. I began to hope that it did it’s job quick and the rest of the electronics would be fine.

I replaced (actually soldered along side it) a 1 ohm resistor (didn’t have any 0 ohm around and I hope that the small wattage resistor will act as a fuse if I’m that stupid to repeat my mistake. It is not a proper repair, next time I order parts, I’ll be sure to order a new fuse with the correct rating. Happily the Husky is back to life.

Migrating Gerrit to Google OAuth from Google OpenID

I expect this post to be obsolete pretty soon, but for now I expect this will help you skip many of the issues and questions I had going forward with upgrading Gerrit and switching to Google OAuth from OpenID.

This post is not exhaustive, I trust that you are familiar with Gerrit if you’ve come so far. I am running a gerrit installation that was stuck at v2.10 as all our users used Google OpenID. With OpenID being retired in a few weeks it was imperative to find a sollution and I really wanted to go with Google OAuth (so we don’t have to recreate/merge all our users by hand). The Gerrit developers bounced around the fixes up until the last minute (IMHO) as only 2.10.2 supports the gerrit-oauth-provider plugin out of the box without the need of cherry picked changes.

is required reading and fun to read and see how a thing like this can take a year of missed commits, approvals, etc. 🙂 Why gerrit refuses to have built in user management like any other half-sane web app around is beyond me but happily beyond the goal of this post too.

Let’s try to organize what you have to do in steps:

  1. Shut down gerrit and update to 2.10.2 or newer, see here.
  2. Clone the gerrit repository, checkout v2.10.2 (or same version as above) and build with buck. Use gerrit buck as they seem to differ from facebook buck, see gerrit build instructions.
  3. Clone gerrit-oauth-provider inside /plugins (per build.md instructions, those are supposed to be valid and at the time of writing this building stand-alone might or might not work) and build it with buck. Add gerrit-oauth-provider.jar in your site’s plugins/ folder.
  4. Create your google project by visiting the Google Developer Console and obtain api and client secrets, per documentation or wiki.
  5. Following the [cci_bash]java -jar gerrit.war init -d site/[/cci_bash] to reconfigure the client-secret is added to [cci_bash]site/etc/secure.config[/cci_bash] but for now it doesn’t work, it has to be in [cci_bash]gerrit.config[/cci_bash] under the plugin configuration.
  6. Trust the OpenID accounts by adding [cci_bash]trustedOpenID=^.*$[/cci_bash] to the [cci_bash][auth][/cci_bash] section. See this issue.
  7. You must keep the same URL otherwise automatic linking of OpenID<=>OAuth accounts doesn’t happend and you end up with new users that have to be merged (painfully especially if you use mysql as the documentation is limited to postgress).
  8. Pray, start gerrit, pray some more. Preferably to the Spaghetti Monster.

It might be that some steps are not actually needed because due to confusing or downright missing documentation I had to scour mailing lists, github issues, gerrit commit logs and try each setting one by one until I got it working. When everything worked as expected I refused to go back and check whether some particular step (like building in tree, the need for trustedOpenID, etc.) is actually needed or it was already deprecated.

I’m pretty sure there are better ways to spend those hours.

Raspberry Pi A+ Nixie NTP Clock

Who doesn’t like a Nixie tube based clock. Even my wife loved it. Bonus points if it’s very accurate.

I had in my parts box, for a very long time now, the display PCB from an old PH-meter. Old enough that it was done using Rusian 74141 clones – K155ID1 nixie drivers – a lot of logic chips (decade counters, serial latches, etc) and nixie tubes. It was also wired in a way that defied logic. Nobody could explain to me how it was supposed to work.

I used a hacksaw to discard everything from the old board except the nixie tubes and K155ID1 drivers.

A raspberry pi A+, a Nixie PSU from here [kosbo.com] and the PSU from an old IDE external HDD completes the build.

The A+ pi is nice because it’s cheap, small, draws less power than a B and has enough GPIOs to do away with any supplemental chips.

The first question I needed answered was if 3.3V is enough to drive the inputs of TTL chips (like the K155ID1). A breadboard circuit and a quick prayer not to burn the PI I had my answer: YES. Since I don’t read TTL outputs (feeding 5V to the unprotected PI GPIOs) I should be fine.

Second question, could I turn off a Nixie tube using the PI. Yes, setting the GPIOs driving the particular K155ID1 chip as inputs effectively turns off the tube attached to that driver.

The HV PSU takes 12V and outputs 150V for the tubes and 5V for the logic. Unfortunately the 5V part is done using a 7805 and so I was afraid a PI with a WI-FI adapter would be too much. I needed something outputting 12V and 5V with enough power for everything. I used the PSU (ok, the usb part is there too but unused) of a USB external 3.5 HDD enclosure.

Left PI with TP-Link Wi-Fi dongle. Right HDD PSU and USB adapter, bottom center HV PSU

The software part is quite easy. The PI has NTP configured to keep the clock accurate (and sets the time automatically on boot since the PI lacks an RTC). To drive the display part I run a simple python script.

The schematic is pretty simple: 4 x 4GPIOs connect to A, B, C, D inputs of the four K115ID1 drivers, 0..9 outputs go to tube cathodes. 12V power the HV PSU that raises this voltage to 150V connected via 22K resistors to tube Anodes. The PI and the four drivers are powered by the 5V line.

CentOS 6.x misses nobootwait fstab option.

Recently I added a new storage disk to a cloud server. The issue is that this disk might not always be available at boot time. There is an easy fix for this kind of problems. The nobootwait mount option (like it would show in a fstab entry):

/dev/xvdd1 /storage ext4 defaults,nobootwait 0 0


Note that the fsck order of 0 already ensures that fsck will not hold the boot process by complaining the disk is missing.

This is what I did, then I tried to mount my new attached disk:

mount /storage
mount: wrong fs type, bad option, bad superblock on /dev/xvdd1,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail  or so

I checked dmesg and this is what it spitted out:

dmesg | grep xvdd1 | tail -n1
EXT4-fs (xvdd1): Unrecognized mount option "nobootwait" or missing value

I’ll be, CentOS never heard of it (surprise, surprise). I thought about nofailm but I was not sure it would do the trick.

This is what fstab(5) says about nobootwait

The mountall(8) program that mounts filesystem during boot also recognises additional options that the ordinary mount(8) tool does not. These are: bootwait which can be applied to remote filesystems mounted outside of /usr or /var, without which mountall(8) would not hold up the boot for these; nobootwait which can be applied to non-remote filesystems to explicitly instruct mountall(8) not to hold up the boot for them; optional which causes the entry to be ignored if the filesystem type is not known at boot time; and showthrough which permits a mountpoint to be mounted before its parent mountpoint (this latter should be used carefully, as it can cause boot hangs).

and this about nofail

nofail do not report errors for this device if it does not exist.

So I took the hackish route of adding noauto instead of nobootwait. This way the disk is not even mounted at boot time, and so it can be missing and added a mount line in rc.local.

cat /etc/rc.local

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

/bin/mount /storage &amp;

Let me know if you know or find a better way of doing this.

No album cover art in Symbian ^3 Belle on an E7

Sooo, my beloved n900 kicked the bucket and the fine folks at Nokia Romania decided it’s not fixable and they replaced it. With an E7. After 6 weeks. Hey Nokia still wondering why you’re going down the drain?

I have my music neatly organized and with cover art embeded inside the id3tag. But it won’t show up. Actually it showed up for one album out of 15. So I started the hunt to see why. For tagging I use the excellent EasyTAG. First suspect was Type. When you select Pictures to embed you can set the type. I set it to Cover (front) A transfer and library refresh later I was happy to see that it still didn’t work. I checked it for the album that had cover art displayed and it was set too to Cover (front) but the Description: field was empty. On the albums that showed no covers it was set to the original filename.

So step 2 is to set Description: to empty.

So the excellent Symbian coders who released a half baked music app ( you can’t play an album if it has different artists for example) took the time to check for this damn filed and show nothing if it’s filled. Really, really smart.

Update:

Step 3, if you already copied an album and just updated the tags and copied over the cover will not appear. You need to rename the album folder and rescan. You can rename it back and rescan again if you want.

The n900 will be probably the last in a long line of Nokia phones I bought.

Star Trek S.C.E.

Have Tech, Will Travel is an anthology collecting the first four books from Pocket Books’ original eBook series about the Starfleet Corps of Engineers, depicting the missions of a rapid response team of SCE taking place during the 2370s. Several canon characters and concepts were included in the stories, but with new details not mentioned in televised Star Trek of the era.

I have recently finished reading every novel in the Star Trek S.C.E. series (Star Fleet Corps of Engineers). Being a Star Trek fan I read and like pretty much every Star Trek novel that’s out there. But from the ones I read I found SCE very, very good. Nice characters developing in the course of over 60 novels, unexpected plot turns and more.

Memory Alpha says:

Star Trek: Starfleet Corps of Engineers (or Star Trek: SCE) is a novel series which follows a rapid-response team of the Starfleet Corps of Engineers. First released as eBooks by Pocket Books, the books are also collected in paperback. It was conceived and created by Keith R.A. DeCandido and John J. Ordover.
In September 2006, DeCandido announced that, as of #67, the series would be renamed Star Trek: Corps of Engineers and the numbering reset, in an attempt to bring new readers to the line. In addition, the reprints in hardcopy – starting with Aftermath – would be in trade paperback format, allowing six to eight eBooks to be included per volume. The number of eBooks published per year would be reduced from twelve to six, to allow other ranges to be developed.
It was announced in March 2008 that original eBook publications from Pocket Books would go on hiatus following the end of Slings and Arrows – trade paperback reprints of the existing eBooks would continue.

If you havent, I reccomend you start with the Have Tech, Will Travel series (the first four novels), and I bet you’ll be hooked !

Star Trek 2009

I’m a geek, that means I like Star Trek. That also means that I watched the latest Star Trek movie as soon as it was possible. I didn’t have many expectations. Nemesis was a bit of a disapointment, and with everything new and changed I just went to see it. I was pleasently surprised. I found it to be a good movie. A bit different from what I call Star Trek.

Like the line said – Whatever our lives might have been, if the time continuum was disrupted, our destinies have changed. Abrams took a break from everything we knew. Every little detail we knew about the Star Trek world is broken. That, on one side, gives the producers the freedom to create a new Star Trek world for the current generations. On the other hand it’s a bit hard to digest for an old trekie like myself. I invested a lot of time to know, learn and imagine all the events in the Star Trek universe, it’s not nice for somebody to come and tell me to forget everything !

Another good thing is the music. I found it great. I listened to the sound track, and I can say that it’s very, very good.  Especially Labor of Love. If you haven’t yet, I suggest you go out and buy the soundtrack and listen to it – loud !

All in all, I’m happy that the franchise is back, and with a good movie. Even if it lacks the atmosphere I expect from trek movies, at least is good and worth watching.

Adam Savage on his obsessions

Ok so this might be old news for you, after all the video is from Dec. 2008 but I still find it extremely interesting, especially for the ones that only know Adam Savage as the guy goofing around on mythbusters.

Ok so this might be old news for you, after all the video is from Dec. 2008 but I still find it extremely interesting, especially for the ones that only know Adam Savage as the guy goofing around on Myth Busters.  If you like making stuff you WANT to see this.

Be Creative, experiment. It inspired me to brush up my creative projects folder. I really find that Adam once started is hard to stop. His insight into problem solving is also very interesting. Anyways, just watch it and comment. I bet that, if you are into building or tinkering with stuff you will like it too!