Hacking and Living on Lanzarote: Day -3

I travelled from Berlin to my home town in order to pick up stuff for the Lanzarote trip. When I stepped out of the bus in Mannheim, my depression almost immediately kicked in. For me, this is a definite sign that the environment is not suitable for my further progress.

I was not sure if it would be a good idea to tell my mother that I’ll be on Lanzarote, but I eventually called her up. She’s for holiday on Fuerteventura, and was understandably confused about my plans. What’s not understandable is the immediate negative vibe she communicated to me. Instead of: “Sounds interesting, what are you doing there?” and wishing me good luck, she covered me with negative aspects of the idea, including missing medical treatment on Lanzarote (which is not true), that I should see my therapist before leaving and so on. I am pretty much sure that she will read this blog post sometime near in the future, but I’m not scared anymore. From every person I’ve told about the Lanzarote plans, I only got positive feedback so far, which confirms that I am on the right track.

What I failed to communicate to my mother is that hackers and nerds are different. We care for each other, and even due to the fact that I had to leave the hacker-hippie-flat in Berlin doesn’t mean that I’m mad with my former flatmates. The essence of us hackers is that we try new things, we explore and make the impossible possible. We communicate mostly open-minded and find new approaches and solutions. We build up huge camps with fast internet and 3000+ people camp every 2 years in the middle of nowhere. We organize the yearly Chaos Communication Congress for 4000+ people. We enable people to get internet access for free using the Freifunk project. We share our inventions, our procedures, our projects and our knowledge.

We are crossing the boundaries for the greater good. We are changing the world. Together. One small step at a time.

If you like to call that crazy, then I guess we are crazy. But it’s more likely that we have a different mind set.

Hacking and Living on Lanzarote – Day -4

My stomach wasn’t that well today, and my mood wasn’t either. I had some doubts if Lanzarote is really the right choice in case something happens to my health. On the other side, I’ve been surviving with those symptoms for the past 5 years and probably some outdoor stuff will do no harm.

I had to order a trekking backpack and trekking shoes which I don’t own. My luggage is split:

Personal Stuff: Everything I need while we seek for the location of the CHT base

  • Sleeping Bag
  • Trekking Shoes
  • Trekking Backpack
  • Camelbak
  • Clothes including Rain Coat
  • Regular Shoes
  • Power Banks, Laptop
  • Cat Ears and Skirt (yes, I love to wear those)
  • Sun Protection
  • Sun glasses and replacement glasses
  • Towel and washcloth
  • Power Banks
  • Mobile Phone and replacement phone
  • Medicine
  • Paracord
  • Hat
  • Camera + Charger to document stuff
  • Pillow
  • Flashlight and Headlamp

Stuff I can put into storage and fetch later when needed for setting up the base

  • 20W+40W Solar Cells
  • Charge Controller
  • Lead-Acid Batteries (if possible to transport by plane)
  • 12V to 230V Inverter
  • Unifi UAP and Unifi EdgeRouter Lite
  • Mechanical Tools like Screwdrivers
  • Cables for wiring up the solar cells, Wago Clamps
  • Spade
  • Replacement notebook
  • Multimeter, Wire strippers, pliers etc
  • Raspberry Pi
  • Network Cables
  • Soldering Iron, Soldering Wire
  • LED Lighting
  • Duct Tape
  • Alligator Clips

 

David confirmed that they’ll pick me up at the airport. Sounds like quite an adventure, but I’m optimistic that things will go nice. My bus from Berlin is leaving tomorrow morning. Hope I didn’t forgot to include anything important to this list. I always carry my ID and stuff with me, so no, that’s not included to the list.

Stay tuned!

Hacking and Living on Lanzarote – Day -5

I’m going to Lanzarote for working, hacking and a hopefully life-changing experience. If you’re following me on Twitter, you probably know about the awkward situation I’m in. I suffer from depression, I have left my family and I’m semi-homeless since two months and staying with friends since then. I had much time to think about my situation and came to several conclusions. I’m not going to list them except for one:

Don’t do what logic and society dictates – do what feels right.

I’ve listened to too many people giving too many false advices, simply because they believe that their lifestyle fits me. I mostly followed their advice without using my own brain. And believe me – that felt very very wrong. I was raised to follow other peoples advice, and I’m changing that since 2010 – since I joined RaumZeitLabor. I learned to accept that I am an individual, a thinker, maker and hacker. I also learned that I need to ask for help and to communicate with people to find creative solutions to problems.

As it’s hard to host people for extended periods of time, I have to move out of my hosts in Berlin. One solution would be to continue couchsurfing, but thanks to Sam, I learned about projects which hosts hackers to hack, work and colaborate on projects and get new views on life and the future of humanity.

One of those projects is totalism.org and the CHT, who hosts a hacker community on Lanzarote. The upcoming season consists of building up an entire community, preferably off-the-grid with own power generators and a water treatment plant. This might sound quite as an adventure, and you’re right: It will be. But I’m not scared anymore, and I want to learn on how to deal with new situations and challenges.

Right now I’m looking for flights and planning what I need to bring, including medication, clothes, solar panels and inverters etc. The flight costs somewhere between 60€ and 100€. The cost for CHT is estimated to be around 400€ per month, which can probably be reduced. If you are able to financially support the project, please donate here.

Stay tuned for hopefully regular updates.

OXID Rants

Today I had a major outage in an OXID-based shop system. The reason is unknown; it did resolve “itself” as quickly as it appeared, leaving behind an almost 3 hour downtime of the system. I assume that it’s a combination of their odd caching, and during debugging what went wrong, I took some notes which I eventually wrote down in this blog entry.

OXID, why do you disable modules without any visual indication on the modules list?

OXID shows that modules are enabled, but some aren’t. Nothing in the error logs. No information on the GUI. After an hour of digging into the code, I found out that there’s a configuration entry in the OXCONFIG table (of course, crypted see below) which holds a serialized PHP array of disabled modules (“adisabledmodules”). I do not know at this point where this array is filled, but if it is, modules are silently ignored – and the worst thing: They are shown as if they are enabled.

OXID, why don’t you give any hints why a module can’t be enabled?

If OXID fails to enable a module, it does so silently. At least, this time you actually see that the module is disabled again, but you get no clue why.

OXID, why you store your config encrypted in the database?

OXID uses DECODE() and ENCODE() with a public known key to store data in the OXCONFIG table. This is next to useless and only makes maintenance harder. The key is actually the same for each installation. Of course, one could change the key, but this isn’t documented. Additionally, some contents of the OXCONFIG table are stored as temporary, unencrypted data in the tmp folder anyways.

OXID, why do you use a custom class extension system?

OXID uses a custom class extension system. Probably to emulate some kind of multiple inheritance. In theory, this doesn’t sound too bad, but in practice, this gives headaches, because it is implemented poorly.

Class names are mangled to lower case in some places, but not in others, causing all sorts of problems, combined with too much or simply wrong caching mechanisms. One needs to add their class extensions into a file called “metadata.php”, which looks like this:

Don’t ever change the case of _any_ class name. Here’s where the inconsistency begins: The actual PHP class name is “Thankyou”. Most modules so far use “thankyou” as class identifier for the “extend” portion of the array. If you’d use “Thankyou” as identifier, you’d mess up the whole system, resulting in “method not found” errors. And if you did that once, it gets cached in the system, and you have no chance to revert this unless you manually delete the information from the OXCONFIG table.

Conclusion

When I first started out with OXID, it didn’t seem too bad as a shop system: They got unit tests and a wide range of modules. Some of them are available as purchase-only variants, which is okay.

However, the quality of the whole OXID infrastructure is a big problem. It uses smarty templates all over the place, even in their admin backend. Modules assume that they are the only one who extend a template, which is often not the case (example: List headers). There’s no documentation on where you should extend functionality. There’s no overall picture of how the business logic works. You can even purchase two modules, which change the business logic.

The lack of technical documentation is a big no-go. Did you knew that database properties are mapped to an object’s tablename__fieldname property? If you want to retrieve an order’s order date, you need to use:

This is neither documented within the oxBase class nor on their OXIDForge Website. If you decide to step into OXID development, be aware that you’ll be on your own – forums aren’t too much help, and expect to read lots of (odd), undocumented code.

We need more troubleshooters for 31c3 (and other big chaos events as well)

This is a small personal review of the 30c3. I realized that the congress (and other big chaos events as well) need more troubleshooters – that is, angels that take responsibility for minor problems and willing to solve them.

Update: jz pointed out that your troubleshooter for all concerns is heaven (DECT 1023), even for minor tasks. So this blog post is mostly obsolete, but kept as-is for reference. However, you (as an angel) still may want to take responsibility to call heaven when you spot a problem which you can’t solve.

While I was not able to attend the congress as I had planned to due to a cold, I did 4 hours of NOC Helpdesk as well as other minor tasks. During that, here is a small list of items which occurred:

  • (unconfirmed) It appeared that some switches (if not all) had ports 1-4 reserved for NAT64, which was not labeled on the switches themselves.
  • The NOC Helpdesk did not have enough seating for the 4 angels assigned to the NOC helpdesk shifts
  • The NOC Helpdesk didn’t have pens, paper and a list of contacts to call (like the NOC itself). This was partially solved
  • Each Colo Server should have a set of contact information (name, DECT/GSM number, departure date, IP address). People put the labels onto by themselves with missing information, until we realized that a printed form would be a better idea (that also decreased setup time for each Colo server)
  • People were going up to the Colo by themselves, without being aware of that they need to report to the NOC helpdesk prior putting their servers up (solved by putting up some signs which said something like “YOU SHOULDN’T BE HERE, REPORT TO THE NOC HELPDESK”)
  • At least one person reported that the WIFI access data should be put up as signs all over the congress (aka you can use any Username/Password combination and which WiFi does what), especially as the wiki was down (was not solved AFAIR, but couldn’t solve it myself due to the cold)
  • A local wiki mirror should have been put up, as it was down several times

All those items listed required that some angel stepped up and took care of it (=responsibility).

This might also go wrong in some cases; in my case, I opened the door for the NOC to the Colo with some lockpicking tricks (the person with the key to the colo was asleep) and I was “caught” by a security angel. I tried to explain the situation, however, even saying that this was for the NOC and he should call the NOC to resolve the issue was ignored. Yes, I probably shouldn’t have opened the door and instead calling somebody, but that wasn’t obvious to me in that situation. So yes, taking responsibility for things sometimes goes horribly wrong and you might end up with wrong decisions.

But again, we need more angels who not only do what they’re told to do, but who do take responsibility and willing to resolve problems (or do improvements) as they appear. After the congress experience (and, of course, the OHM2013 experience where I acted as emergency toilet cleaner/soap/toilet paper refiller), I really feel that there’s a big need for angel problem solvers – maybe not only within their shifts, but in general. This will make the congress more enjoyable for everyone.

Probably there should be a team of “troubleshooters”, which takes care of any “interdisciplinary” issues occurring. That team should also be walking around and ask angels doing shifts what could be improved – because often, angels can’t leave their posts to solve those issues.

30c3 Quick VPN setup

The CongressChecklist mentions that a VPN tunnel is a good idea; in fact it is. Here’s a basic OpenVPN recipe. You need the following tools:

  • A server with enough bandwidth to handle the incoming and outgoing bandwidth (I’ve got a root server with 1Gbit/s connectivity at Hetzer, that should do)
  • OpenVPN

The recipe is fairly simple; I use a preshared secret and NAT so that I don’t need a separate IP.

Note: This setup is only suitable for a single device; it doesn’t do DHCP or other fancy stuff.

Step 1: Generate the shared secret

This generates a key to be used as shared secret. You need the same key on both your server and your client(s). Personally, I’ve placed my key in /etc/openvpn/secrets, but you may use any other path as well (AFAIK).

Step 2: Server Configuration

Additionally, we need a NAT rule which applies to the tunnel network (technically, the netmask is too big; but hey, you can fix that later). eth1 is my output interface.

Step 3: Client Config

Step 4: Testing

Start both tunnels. Check the output of both logs; you should see something like this:

Test that you can ping the server’s internal IP from your client:

Verify that you can ping the interwebz:

Verify that you actually route via the tunnel:

Possible solutions for non-working setups (I’ve not tested them and I am not 100% sure that you need those; they’re just ideas)

  • Check that /proc/sys/net/ipv4/ip_forward on your server is set to 1. On the client, this shouldn’t be necessary.
  • Check that /proc/sys/net/ipv4/conf/all/rp_filter is set to 0 on your server.

Step 5: IPv6 Tunneling

You can tunnel IPv6 over OpenVPN as well, but I have neither setup nor tested this. Technically, you could simply use two static IPv6 addresses and route them via the tunnel; however, this requires additional works with routing tables. You could even setup NAT, but that’s not a good idea either.

A better idea might be to use a tunnel broker or miredo, which should simply use the IPv4 tunnel. If you have comments about how to easily setup IPv6 over the tunnel, feel free to comment!

Updates:

  • The MTU was still too big, 1380 didn’t work (yet?) on the congress network. Using 1300 for now
  • I couldn’t get DNS push to work, probably because clients don’t use DHCP for now – I simply created a script which pushes my own nameserver into /etc/resolv.conf

IP Power Strip “Reverse Engineering”

Wöhlke Websteckdose
Image © Wöhlke EDV-Beratung

I recently came across an IP controllable power strip from Wöhlke, which looked quite neat, however, it was way too expensive. They want 199€ for 3 controllable sockets. Reichelt has an IP controllable power strip for only 70€, and there you have 4 sockets including nice LEDs. The one from Reichelt also looks more like a custom designed product, while the Wöhlke one looked more like a product “mashup” (which isn’t a bad idea at all). They even sell a separate board, so my interest was increasing.

I’ve been looking for a nice power strip which I could re-cable for quite some time, but most power strips are designed down to a price, so they do whatever they can to keep it cheap. That’s also the reason why you’ll find so many power strips in a 45° angle – they’re much cheaper to produce.

A cracked open cheap power strip

I’ve cracked a cheap power strip open (literally – most cheap power strips don’t have screws, because they’re bolted down or only clipped together). You can clearly see how the (presumably) copper strips are arranged. If you’d have 90° outlets, you’d have to pay lots more for the copper strips, because they have to be routed in some sort so that they don’t short out.

I realized that the power strip Wöhlke used must be much simpler to modify, so I did a quite long search for power strips and I finally came across a manufacturer where the power strip looks pretty much identical to what Wöhlke uses: the Bachmann Craftsman Power Strip.

 

hwl_awd_cmyk_igel

The Bachmann Craftsman Power Strip
Image © Bachmann

I decided I’d give it a shot, mainly because of curiousity, and ordered the strip. It isn’t a cheap power strip; it costs 19,98€ on Amazon, whereas most cheap 6 port power strips come in the 3-6€ range. When the strip arrived, I realized that I was absolutely right: You can easily open the strip using 4 screws (2 on each side) and an additional one for the cover. They also use some kind of copper strips, which happen to be about 6mm – great for 6,3mm cable lugs. Now it’s easy to understand how Wöhlke (probably) did it – cut the copper bars, and put cable lugs onto there which are fed into their custom board. The case isn’t aluminium, but plastic, but that’s completely okay for the price IMHO.

 

That’s a real nice base for own projects, and you can even get 9 or 12 port ones, and the 12 port is only 36€ - quite a nice price! Of course, you’d have to rip out 2 or 3 plugs to make space for electronics and take care on how you cover the holes, but the problematic part is solved: Getting a base for any power control projects.

More Pics below!

IMG_2540

IMG_2539 IMG_2538 IMG_2535 IMG_2534IMG_2533

SolarWind currently out of order

A few weeks ago, SolarWind became pretty unstable. This mainly has 2 reasons:

  • The router draws too much power (I planned to upgrade to Carambola2, but haven’t gotten the time yet), thus it becomes unreachable in the night. This was expected.
  • It doesn’t connect to my home WiFi network anymore, which I’m unable to debug due to lack of the serial interface – I’m using the serial to communicate with the power measurement board

This means that there’s no data. I hope that I can free some money to buy a larger panel and finish the Carambola2 upgrade. In the meantime no data is available – sorry!

SolarWind OHM2013 slides

Here are the slides for my talk at OHM2013: Solar Powered Autonomous Routers @ OHM2013

SolarWind updates: MPPT, Carambola2

During the past month, I mainly concentrated on combining my CurrentMonitor with a DIY MPPT charge controller. Work is done at the CurrentMonitor repository.

My design goals for the MPPT charge controller are:

  • 10A (sufficient to cover 250W panels)
  • MPPT charge controller acts as an I²C slave
    • It can be configured via I²C
    • Values like power consumption or power harvested can be queried via I²C as well
    • The MPPT doesn’t have a user interface or LCD by default
  • Uses APR/ATC/ATO blade fuses instead of solar fuses due to the reduced cost (and regular glass fuse holders only are widely available up to 6.3A)
  • +12V Output can be disconnected via software
  • Additional +3.3V 800mA output which also can be disconnected via software

Below is a picture of the prototype, which is likely to heavily change.

IMG_20130716_002117 IMG_20130716_002108