2021-04-17

Tooth ache

I am sure we have all had tooth ache. I rarely have to see a dentist and rarely have tooth ache, but, well, I do now, and the delay in getting to actually get it fixed is painful.

Why my whole mouth

I have seen the dentist, and he has booked me in for a filling next week. It seems that it is just one tooth, with a broken filling, and that is it. So why does it feel like my whole jaw is trying to kill me, not just one tooth. I think "referred pain" is the answer, but it is hell. At least now I know it is one tooth I know that is the problem that needs attention.

Why some times and not others

OK I understand if I eat something and get something in the broken tooth on to the nerve, it will hurt, but it is far from that simple. Eating can make it worse, and cleaning my teeth can make it better, yes. But it seems it will be hours, maybe even all day, without a twinge - I can forget I have tooth ache. But then can be hours in agony - meaning I can't think, can't sleep, can't work. There is no clue to it at all.

Right now eating a meal is challenging though.

Temporary fillings

You can buy them (amazon!) and initially they appeared to work, but then not. They don't last long and come out easily. It is now the point where if I put in a temporary filling I will be in agony, so that is no good. Shame.

Pain killers

You would think pain killers would be the answer, so here is the list of what makes fuck all difference!

  • Paracetamol
  • Prescription strength co-codamol
  • Ibuprofen (seems to help a bit, maybe)
  • Bonjela
  • Infant teething granules (aka "baby crack")
  • Sensitive toothpaste

What works?

The only thing that helps, and not for very long, is literally cleaning my teeth with isopropyl alcohol. Obviously used with care although not particularly toxic.

I am, however, trying more normal ethanol ingestion as well as a method to reduce the impact of the pain.

Only a few more days...

2021-04-16

Home automation for geeks

This is mainly about bridging some of the "trendy apply shit" and "command line forever" types of working for home automation.

Background: I have done quite a bit for home automation here at the new house. There are thousands of IoT devices (smart sockets, lights, switches, all sorts). They all come with their own app, cloud service, and feature set, but thankfully most work using ESP8266 chipset and can be "reflashed" with tasmota. Tasmota is an open source IoT application, and very flexible. It is not that tasmota is "better" than the systems that come with these devices (though it usually is), more that almost any device from almost any manufacturer can be made to work in the same way with the same config. The main one I have been using of late is the Shelly 1, which is very easy to reflash and has a relay and switch input. I do, however, have a number of my own devices, including environmental monitors. The tasmota devices can do lots of automation and send messages to each other as needed. I have, however, tried to keep it simple so a light with a Shelly 1 will have the switch connected and will work the light based on the switch even with no WiFi or Internet working!

These all work over WiFi and connect to an MQTT server. MQTT allows devices to talk to each other using a "topic" (simple text string) rather than that pesky IP addressing stuff :-) But it is very much in the school of "command line" over "GUI".

Bring on apple!

I use an iPhone, but I have not bought in to their home automation. As I say, it is more "command line" for me. That is until now. After much nagging from my son, I have managed to link my Shelly 1 and other devices, including my own environmental sensors, to my iPhone!

  • I have MQTT running on a Raspberry Pi in my loft. It is just apt install mosquitto. You may want to set up some security too.
  • I installed homebridge. There is a Raspberry Pi image even. I just followed the instructions and it worked. Again, set a password!
  • I installed the add on homebridge-tasmota plug in (just search on the plug in tab on the web config for homebridge).
  • I sent a cmnd/tasmotas/SetOption30 1 to turn on Home Assistant Discovery on all my tasmotas.
  • I added the homebridge to me "home" on my iPhone. It asked what room each device was in. It warns it is not an approved bridge :-)

It is worth pointing out it is not perfect. If devices are added afterwards they appear in the "room" where the iPhone thinks the homebridge is located. You can move them to the right room, and rename them, but it is not quite as stable - resetting things can move it back very easily. So I recommend getting on homebridge first then adding the bridge. It asked where each devices it when you do that. You can reset the bridge and re-add if needed.

As for my environmental monitors, I added the necessary home assistant discovery messages, and it works. I had to do a bit of trial and error, and reading the homebridge-tasmota plugin code, but managed to make it see Temperature, Humidity and CO2 properly. Again, it seems better if these are seen by the homebridge before adding the bridge to the iPhone.

But yes, it works. I am all GUI'd up now!

2021-04-15

Why Three Words

In case you did not know, What Three Words is a system that assigns three words to a location in the world within a few metres.

What is the problem this is trying to solve?

Well, the issue is that people often have an exact location but need to convey that to someone else. The classic example is someone on a telephone call to Emergency services. Reading, Speaking, and Typing a latitude and longitude is very error prone. Reading, speaking an typing three common words is less so.

Does it work?

To be frank, I don't know. But the words can easily be confused with similar words. There are examples where one letter, making a word plural, can give a location a few miles away (though often misheard words will be a long way apart).

Is there a better solution?

Yes, emergency services should get out of the stone age and stop being based on phone calls. A common API to allow calls for voice and video to emergency services with supplementary data should be developed by international co-operation, and become standard on mobile phones. It could allow not only voice, and video, but location data and medical data (many phones have medical data and can even do an ECG, report pulse, temperature, blood sugar, all sorts). This would solve a lot of problems, and I am sure mobile phone operators would be on board with this.

Other ideas?

Well, the issue here is communications. Someone has a device that knows the location and is on a call to someone that needs to know it - whether emergency services, vehicle breakdown, or heck - pizza delivery! How to get that location from an app on the device to someone on the end of a call. That is what W3W does.

Here's an idea...

DTMF is standard on audio calls, and even over mobile it has out of band encoding to work reliably to/from the mobile device if needed. So how about phones (or an app you install) work out that the other party has sent a DTMF sequence. DTMF in to a mobile is rare so something simple like "20" in DTMF would be more than adequate. The phone / app pops up saying "send location?" and if you say yes it sends that as DTMF. A simple *latitude*longitude# would suffice. Maybe use some less common A-D DTMF codes to frame it instead. Of course this could be something an app can send anyway without an in call prompt if the user commands it. It needs some common standard for the DTMF sequence to use, and maybe a check digit is in order.

This would be very easy for the phone app to do. Someone just needs to write a spec. But importantly this is very easy for a call centre system like emergency service, vehicle breakdown, or anyone, to handle automatically. No special API. DTMF is really very standard.

It may be a neat way to do this for now until we have proper multi-media APIs for this.

Or, you know, another "standard"

Plus codes look pretty neat and not that hard to speak. More on the spec here. Given the common usage of using 4 characters and a location name rather than all 8 characters before the plus, this can give a pretty good location with only 4 letters rather than 3 words. Emergency services have a rough location from cell ID anyway, so this has to be better than W3W. Notable some phones (android) have this coding available without installing an app even!

Or even easier than DTMF...

2021-04-12

Discussion: Not an Elechouse PN532 board

A company called Elechouse make a PN532 RFID reader board.

There are actually a few PN532 boards available, but the Elechouse one seems to be the most popular. Annoyingly, it seems that there are a lot of cheap copies that don't work as well. It has a number of advantages over the alternatives, mainly (I think) its compact design.

The actual circuit is basically the PN532 reference design from the datasheet.

However, there are a few niggles I have with it where I have used it in projects. My main use case was where this is the external module on an access control system, in a small case. The main issue was it lacked any feedback (e.g. LEDs). I worked around this by using its internal GPIO pins to work a red/green LED, and a tamper switch.

So I was thinking, I could make my own board. The issue for a home made board is soldering the PN532 itself, but I have been practising and am reasonably confident that with a hot air gun I can manage it. The result would be an open source PCB that can be home made. Obviously it could be properly made with pick and place and sold as well.

I am concerned over "feature creep" in such a design, and even just pondering it for a few minutes I am already seeing ways I could be improved on. Thankfully a lot of features could be "optional fit" on the PCB, basically adding no cost when not needed.

But I am in two minds over making this - it will not take too long to design and have made, but may need some tinkering to ensure I have the antenna matching right (and I may even need help with that). Before I start, I am interested in feedback, especially from anyone that may think they would like to use it themselves.

So here are my design thoughts.

  • A small square board (note the Elechouse is not actually square, but I am thinking the same sort of size, maybe 42mm x 42mm) with simple mounting holes.
  • Components can be only on one side making easier to mount (same as Elechouse).
  • Using larger (e.g. 1206) components that can more easily be hand soldered.
  • Not having the big DIP switch - I am thinking fixed HSU mode, but maybe pads for a link to make I2C mode as they use the same pins. This is to keep the profile low, and hence easier to fit in a smaller case. My testing suggested HSU is just as fast as I2C for actual card access, and much more reliable as tx/rx are driven at each end not just pulled up like I2C, so survive a long cable. So HSU is likely to be the fixed mode for this board.
  • Whilst it may have additional pads, the main 4 pins for connection are GND, VBAT, TX, RX (Note TX/RX could be I2C). The VBAT can be 3.3V to 5V but signals would be 3.3V.
  • The 4 pins for connection would probably be 0.1" header, and 2.5mm SPOX (straight or right angle) header, and 2x2 molex milli-grid in the centre of the board. Design to allow connectors to be either side of the board. This makes mounting as a reader very flexible.
  • Pad to allow a contact switch on either side of the board as a tamper contact - connected to a GPIO pin.
  • Three LEDs arranged in a corner in traffic light style, Red / Amber / Green, connected to GPIO pins. This is perhaps the most important feature as it allows feedback to a user. These can be pads for a small 1206 LED as well as through plated for standard leaded LEDs. Again, making pads both sides to allow LEDs to be either side as needed. Leaded LEDs can be more useful in a simple case design instead of light pipes.

Some possible feature creep...

  • An FTDI FT230X and 4 pins for USB lead connection, so can be used as serial to HSU mode USB device. This would allow it to work as a USB connected reader and hence for applications using a Raspberry Pi, or simply for connection to a PC for configuring cards on a security system. Given that you can so easily get an FTDI in a USB plug and serial lead, this probably really is unnecessary as that could be used with the 4 pin serial connection directly with ease.

Obviously I can include some 3D case designs too.

But I am interested in feedback - would you use such a board? Would you make one yourself if I do this (all open source)? Would you need other features? Would you take away any features I have suggested?

P.S. This is the sort of idea... Though obviously this shows multiple connectors when you would only use one. This idea is any of the connectors, switch, and LEDs could go either side as required. OK I have ordered these...



2021-04-10

The good, the bad, and the ugly

There are lots of different people in the world. Living in a social bubble, one does not always encounter some of the extremes. Having our dog go missing has highlighted some of the differences though.

The good

There are lots of good people:

  • People that have helped look for Lilly, walking around the area, checking under hedges, knocking on doors and asking people. Putting a lot of time in to help.
  • People that tried to catch her to return her to us.
  • People that have published details and shared details, and given us kind words of support.
  • Even the police, and now the press, that have taken it seriously.
Thank you all. Hopefully she will be returned.

The less good

There are obviously people that are more indifferent. I can understand that. I can understand that people probably have just ignored a dog wandering alone. I understand it even more during a pandemic - not just hassle to catch a dog and hand her in, but it means interacting with more people to do so. There can be other reasons for not helping, too. But either way, thank you for not being bad, though.

The bad

It seems, from reports we have had, that someone picked up Lilly, in a car, and took her away. Initially we thought this was good, as they would surely hand her over to police, vet, council, etc.

Sadly not, no sign of her. This is why the police are now treating this as a theft.

She is old, spayed, and no value to anyone else - why do this?

The ugly

There are people that actively call those that have lost pets (no doubt from a burner phone), demand money, and threaten to cut the dogs head off and put it on the gate if not paid. I am at a loss for words, sorry.

2021-04-03

UK Cyber Security Council

There is a press release for a new UK Cyber Security Council (here).

It is not 100% clear who they are, and whilst they mention various links with government and NCSC it is not 100% clear to me how they are linked, or who the Cyber Security Alliance is exactly. The press release looks a tad shoddy with broken markdown/CMS.

So it may be important news.

Of course "Cyber Security" is important to all of us. One of the tips I can give you when it comes to cyber security is that you should be careful to ensure that contact details you publish actually belong to you. The press release includes contact details for press :-

[Screenshot, as it has since been corrected]

So, understandably, press will email press@ukcybersecurity.org.uk for more details. Good.

The problem is that if the domain ukcybersecurity.org.uk is not actually owned by UK Cyber Security Council, that could lead to loads of bogus emails to whoever owns it. Worse, if it is not owned by anyone, then some fraudster could quickly register it.

You may think it is no big deal, but it sort of is. If a fraudster can hijack even one point of contact for an organisation they can do a lot of damage. It becomes easy for them to impersonate that organisation. When it is the press contact for a new organisation they get a huge "foot in the door" as they can reply with helpful details on the organisation along with more contact details (names, email, website, phone, postal), all of which at likely to be helpfully published verbatim by the press who have made enquiries.

This then leaves a trail of misinformation on the internet and search engines for the new organisation, possibly swamping the actual accurate details, and allowing fraud to continue for years.

Fortunately for the UK Cyber Security Council the domain they published in the press release (ukcybersecurity.org.uk), the domain that was not theirs, and was not anyone's, has been registered not by a fraudster but by someone that decided it would be prudent to register in order to stop a fraudster doing so. It took a while to stop laughing at the irony first, but now, yes, the UK Cyber Security Council are welcome to ukcybersecurity.org.uk. They can email me at press@ukcybersecurity.org.uk for more information (be nice). Do follow me on twitter.

Of course it is also a sensible cyber security move to register related domains as well, so as to avoid some types of fraud happening. You cannot register every possible alternative, obviously. One issue though is not having an actual web site when you "launch". I am sure you can guess what happens if you try to go the the UK Cyber Security Council's actual domain (ukcybersecuritycouncil.org.uk) as a web site? That's right, not even a bland holding page or perhaps a copy of the press release. Indeed, having no web site on your actual domain makes you look fake, and the fraudsters look legit.

As to whether the UK Cyber Security Council is an organisation you should consider talking to when it comes to advice on cyber security - well, I'll leave that one up to you...

P.S. thanks to Spy Blog on Twitter for pointing this out. He tweeted what looks like their Twitter account so that they could fix this quickly.

Best comment I have seen so far, proper LOL at the last line!

Updates:

  • Someone has created PGP keys for press and security addresses at this domain (obviously no idea who).
  • Various people have registered the related domains and set up web sites, e.g. ukcybersecuritycouncil.uk, because the UK Cyber Security Council did not think of protecting the obvious alternatives in advance.
  • Someone from an omarketing.com email, implying they were from UK Cyber Security Council, sent an email to a rather odd contact for me (not as above) asking that I delete this post "as stated". Whilst I'm happy to delete the domain if that press release is fixed, or transfer it to UK Cyber Security Council, I don't see any reason I would remove this blog post.
  • Looks like late Sunday they have fixed that press release at last, although the bad markup on the page has not been fixed.
  • Some actual press enquiries asking me about it all (i.e. they have seen this blog), and some reports on this fiasco. Thanks - nice to be called "one of the good guys".
  • Oddly, one news article was removed. It was reposted elsewhere, and we don't know why it was removed by the host site, but seems strange.
  • Someone called saying the UK Cyber Security Council would like the domain. They called A&A press office number saying that they had been trying to email admin at my Mastodon instance, neither of which contacts make a lot of sense, especially when I said how to contact me in this blog post!
  • I have given the domain to them now (i.e. set the Registrant), just waiting for them to let me know what Tag they want it on at Nominet.
  • Domain has now been retagged to their ISP. No doubt they will eventually get around to setting new name servers.
  • Fri 9th, finally it is on their DNS now. Handed over.

Wow, instead of pointing to the same site, or having a simple redirect, they actually pointed it to a site redirection service thing somehow, which, of course, does not work with https. Yay for "cyber security".