Categories
Awesome Linux Open source PinePhone Projects

Mouse in a Pipe

Have you ever wanted to control your notebook directly from your desktop? How about controlling your phone? Wouldn’t it be better to type that chat message using a real keyboard? I wanted the same thing, so I wrote an app for that!

More precisely I created a tool that enables you to redirect mouse and keyboard events from one device to another. It’s like you reconnected your mouse and keyboard, but without the physical effort! All of this happens on a very low level (through the kernel) so this works seamlessly with any application you want to control. All you need is a Linux OS on both of the devices.

Repository: https://github.com/Dejvino/mouse-piped

One more interesting point is that the input events are pushed through a pipe, which is a generic way of transferring data among processes in Unix-based operating systems. It is up to you how you decide to transfer the data. Though most likely it will happen via SSH. You can easily generate input events on your main computer and then pipe them through SSH to your secondary computer (or a phone) and control it that way. Or you might decide to create a TCP connection and pass the data through that. That’s up to you!

And you know what else is this useful for? That’s right, you can finally play OpenTTD on a PinePhone with the full comfort of a mouse and keyboard!

(20)

Categories
Linux Open source PicoPosts PinePhone Projects

Arch Linux ARM Installer for PinePhone

I started building an automated Arch Linux ARM installation and customization set of scripts to be used for the PinePhone. The aim is to make the process easier while still being able to customize every aspect of the OS.

Repository URL: https://github.com/Dejvino/pinephone-arch-install

Arch Linux ARM running LXDE, Firefox and Onboard keyboard.

Arch Linux ARM was the best OS for PinePhone I’ve seen so far. It might be due to personal preference, but I just love how you have the full power of Arch on your mobile phone.

And if Arch is not your thing, at least you can learn what are the steps required for bringing a Linux OS into a PinePhone.

(196)

Categories
Linux Open source PinePhone

PinePhone Status Review 2020-02-22

I’ve spent a bit of time with my new Linux toy, PINE64 PinePhone. This is a smartphone built on top of components that are supported well by the mainline Linux kernel. So in theory it should be a piece of cake to get installed. Is it?

Various Gotchas

Let’s start with a few gotchas that somewhat surprised me.

WiFi needs a battery

The WiFi / GSM modem needs a battery to be connected in order to operate. Otherwise it won’t even appear as an available device. You could spend a lot of time trying to connect to the WiFi like this. In vain.

Power Hungry

The phone is really hungry for power and often it is not enough to connect it to a PC. The battery will discharge even when connected via a USB cable, unless the power source is strong enough. Running on 0.5A (2.5W) is not enough. It generally takes around 1.4A (7W) when running a full featured OS and it will drop to 0% eventually.

Keyboard!

You never appreciate it enough until you lose it. Having a shell in your phone is great. Though you can’t really use it, since there is no keyboard available. This one is somewhat obvious, but it is a big hurdle when trying out various systems. You can install some virtual keyboard, but it won’t have all the keys you need and it doesn’t work in every environment. Not reliably at least. Your best bet is to get an SSH connection going as a workaround. Hardware keyboards are not supported / don’t exist right now.

Operating Systems

I’ve tried out multiple systems and environments, here are a few thoughts about them.

postmarketOS

I’d say this is the best OS out there right now. At least in terms of having a solid PinePhone support, configurability and a reasonable Linux distribution underneath. It has a dedicated PinePhone wiki page. You have a choice of multiple UI environments (including phosh, mate and xfce4). It is based on Alpine Linux with all of its ARM packages at your disposal.

Though it was very exciting to have a full blown Linux desktop like Xfce on the phone’s screen, the touch controls were something to be desired. A much better experience can be achieved with Librem’s Phosh. This on the other hand has a scaling turned on (lowered DPI), which messes up a lot of applications so that they become unusable. But it is still closest to a usable working environment.

What I appreciated the most was pmbootstrap which is a CLI tool that lets you configure your custom OS image down to what UI and packages you want to include by default. Thanks to this you have a tailored SD Card ready to be used with your PinePhone.

Arch Linux ARM

My favorite Linux distribution is available for PinePhone as well! Although not customized for it, it is possible to use this and customize it on your own. There is a general guide on installing Arch for PINE64 board, which the PinePhone is based on. There is also a customized kernel that you can use over at xnux.eu with a nice tutorial on how to install it.

I’ve just started with this one, so not much to report apart from that it is working. I have a terminal login prompt on the screen and a SSH connection over a USB cable from my PC. Life is good.

Fedora Mobile

You can install all sorts of things on the PinePhone. I’ve tested this set of shell scripts that help you prepare a Fedora Mobile on an SD Card. A system that was not optimized for this device. The result itself was unusable (at least the release that I tested). Nevertheless I enjoyed learning about the process of preparing a bootable SD Card. Even though it is basically the same for every OS, this set of bash scripts was really easy to study and use it as a tutorial.

Ubuntu Touch

Ubuntu Touch somewhat effortlessly worked to the extend you’d expect with a partially supported device. I liked that they provide an SD Card image for the PinePhone, so all you have to do is to flash it (e.g. using dd) and pop it into the phone.

I personally don’t enjoy Ubuntu for some reason so I won’t experiment with it or comment on this much more.

PS:

Did I mention you can run OpenTTD on it? Oh yeah…

(105)

Categories
Hardware Open source Programming

LilyBook – Tiny E-Ink Ebook Reader

As laid out in a previous post, I prepared an open source firmware for the ESP32 with e-ink display, LILYGO® TTGO T5 V2.4 and posted it on GitHub. See the git repository on how to build the source code.

Currently the firmware allows you to scroll through a whole book (in plain text format) that you can load from an SD card into the device’s flash memory. It also tells you your progress (how far in the book you’ve come).

But wait! There is not only the source code, I created a tightly fitting enclosure as well. You can fabricate it on your 3D printer. <STL to follow when I feel like it (-_-) >

(12)

Categories
Ideas Open source Programming Projects Technology

Idea: Tiny E-Ink Reader

I was shopping around on Aliexpress, looking at the current options for a small e-ink display. To find out if there was maybe something I could attach to the back of my future PinePhone. And then I discovered this:

LILYGO® TTGO T5 V2.2 ESP32  2.9″ EPaper Plus Module E-Ink Speakers

H208-_07
H208-_06

It is an ESP32 SoC with a 2.9″ e-ink display, microSD card slot, speaker and 4 buttons, all on a single board. Ready to be programmed. There is even a GIT repository (not just one, but two!) for a ready-built firmware.

This gave me an idea — how about building a tiny low-power, WiFi/Bluetooth-enabled ebook reader? Sounds like a plan!

I ordered the “version 2.4” of the board, whatever that means: Aliexpress link

G702-C主图01
2.9″ black and white version

Originally I was considering getting the Black-White-Red version of the display, but then I found out that the red color takes ages (up to 8 seconds) to redraw, so I went for the regular e-ink display. Hopefully it comes soon!

(13)

Categories
Awesome Open source Programming Projects Technology

How to use an ESP8266 — a jumpstart tutorial

If you haven’t done so already, go buy yourself an ESP8266-based board. It is a powerful little microcontroller. Something like Arduino but with WiFi.

ESP8266 in the wild

What hardware to get

What software to get

  • ESP open SDK
    • Contains all the tools needed for compiling your own ESP firmware.
  • NodeMCU firmware
    • This converts the ESP to a LUA-powered computer.
  • ESPlorer
    • Very helpful serial terminal with direct ESP8266 and NodeMCU support

What to do with it all

  1. Find the pinout of your board. Get the connections ready (USB-UART + 3.3V power source + ESP8266)
    • 3.3V to VCC, GND to GND
    • RX to TX and TX to RX (ESP–UART).
    • CH_PD to VCC
    • Leave Reset floating, connect to GND to reset the chip when needed.
    • Pull the GPIO0 low for flashing.
  2. If you just want to get the ESP fired up, use the esptool.py and upload the precompiled NodeMCU bin images.
  3. If you want to play around some more, get the SDK and NodeMCU source code. Compile the former and then the latter. Flash our own bin images.
  4. Remove GPIO0 connection to leave the flashing mode.
  5. Open the ESPlorer and issue some commands to the chip!

Useful links

  • Dejvino’s NodeMCU firmware
    • Forked from the original NodeMCU firmware repository. Contains a new Sniffer module — packet sniffing functions exposed to the LUA interpreter. This allows WiFi packet sniffing using the ESP8266.
  • NodeMCU API
    • List of provided LUA functions in the NodeMCU firmware.
  • LUA language reference
    • Beware that not everything is supported in the ESP version of LUA.

(10533)

Categories
Awesome Linux Open source Programming Projects Technology Web development

HTTP and HTTPS running on the same port

Running HTTP and HTTPS on the same port with Apache. They said it couldn’t be done. They were wrong!

https://github.com/Dejvino/https-multiplexer

I’ve modified a simple Python port forwarding utility to act as a port multiplexer that can automatically forward HTTP and HTTPS requests to the appropriate ports. If the request looks like an HTTP in plain text, it forwards it to port A. Otherwise it is assumed to be HTTPS and is forwarded to port B.

Now you can run your web applications from a single port, regardless of using HTTP or HTTPS. Hooray!

(1999)

Categories
Linux Open source Privacy Projects Technology Web development

How to become a Certification Authority

This short How-To has been compiled based on the work I’ve done so far while building my personal home server. To achieve reasonable level of privacy without spending a fortune on it, I’ve become my own Certification Authority (CA).

Overview

These are the basic steps covered later in detail:

  1. Create a CA key and certificate.
  2. Create a server key and a Certificate signing request (CSR).
  3. Sign the CSR using the CA key.
  4. Use the new server certificate in Apache.
  5. Import the CA certificate into your browsers.
  6. … Profit!

What this results in is a single certificate file for your CA that you distribute and import into your browsers (PC, phone, …). Every individual signed server / service certificate you create and use is then automatically recognized as valid and trusted. If you are using a personal set of services (various web applications, XMPP server, etc.), this saves you a lot of “exception adding”, just import one (your) CA certificate and everything is working, no need for the browser to nag about self-signed certificates.

Detailed how-to

Creating a CA key pair

First, prepare your “playground”, a data storage somewhere on your (preferably Linux) computer. It should look like this:

root-ca
 |-- conf     ... for configuration files.
 |-- private  ... for private CA key (protect this directory!)
 |-- public   ... for public CA key
 |-- requests ... for incoming CSR
 +-- certs    ... for resulting certificates

Now cd to the root-ca directory. Create a configuration file conf/openssl.conf with the following content:

[ req ]
default_bits            = 2048
default_keyfile         = ./private/root.pem
default_md              = sha1
prompt                  = no
distinguished_name      = root_ca_distinguished_name
x509_extensions = v3_ca

[ root_ca_distinguished_name ]
countryName             = UK
stateOrProvinceName     = Sussex
localityName            = Brighton
0.organizationName      = Example Inc
commonName              = Example Inc Root CA
emailAddress            = david@example.com

[ v3_ca ]
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid:always,issuer:always
basicConstraints        = CA:true

[ ca ]
default_ca              = CA_default

[ CA_default ]
dir                     = .
new_certs_dir           = ./certs/
database                = ./conf/index
certificate             = ./public/root.pem
serial                  = ./conf/serial
private_key             = ./private/root.pem
x509_extensions         = usr_cert
name_opt                = ca_default
cert_opt                = ca_default
default_crl_days        = 30
default_days            = 365
default_md              = sha1
preserve                = no
policy                  = policy_match

[ policy_match ]
countryName             = match
stateOrProvinceName     = match
organizationName        = match
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional

[ usr_cert ]
basicConstraints        = CA:FALSE
subjectKeyIdentifier    = hash
authorityKeyIdentifier  = keyid,issuer:always
nsCaRevocationUrl       = https://www.example.com/example-ca-crl.pem

It might look long and complicated, but most of it is pretty self explanatory. What you should edit is the root_ca_distinguished_name section and the nsCaRevocationUrl.

Then initialize the “certificate counters”, like so:

echo "01" > conf/serial
touch conf/index

Finally, generate a CA key pair (public and private root.pem files):

openssl req -nodes -config conf/openssl.conf -days 1825 -x509 -newkey rsa:2048 -out public/root.pem -outform PEM

Creating a server key pair

On the server for which you want to obtain a signed certificate, do this:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

Then you can transfer the server.csr file to the CA’s requests directory.

Signing the CSR

Simply call this command and you get a signed certificate server.cert from a request server.csr:

openssl ca -batch -config conf/openssl.conf -in requests/server.csr -out certs/server.cert

Setting up SSL in Apache

Somewhere in the httpd.conf or inside a virtual host configuration add these lines:

 Listen 443
 SSLEngine on
 SSLCertificateFile /path/to/keys/server.cert
 SSLCertificateKeyFile /path/to/keys/server.key
 SSLCertificateChainFile /path/to/keys/root.pem

These lines activate SSL and the port for SSL, specify server certificate, private certificate key and (optionally) root CA certificate. After restarting the server, HTTPS should be ready to use.

Importing and using

Different applications have different ways of importing trusted CA certificates.

On Windows, you just “execute” the certificate and install it into the appropriate category. This should take care of most of your applications. Web browser (e.g. Firefox) might need to have this certificate installed explicitly, ignoring certificates in the OS.

On Linux, look for /etc/ca-certificates.conf, add the certificate filename there and copy the file to /usr/share/ca-certificates/. Then run update-ca-certificates –fresh to recreate the list of known certificates.

 

Based on these articles:

(2911)

Categories
Friendica Ideas Open source Privacy Projects Raspberry Pi Technology Uncategorized

Prism break

If you haven’t heard about the Prism scandal, you should read a bit about it. But basically, numerous large companies based in the US have allowed private information of their users to be accessible to the government (the NSA, to be more exact). Maybe even yours, if you’ve ever interacted with companies like Google, Apple, Facebook and others.

As mentioned on the Prism-Break website, there are lots of alternatives to the services and software most of us currently use. And surprisingly, it should’t be that hard to switch to a more secure and privacy-protecting solution to your daily internet-related needs.

Here is my personal ‘Prism break’ roadmap, or a security todo list:
Note: work in progress, subject to change.

Email

Biggest challenge as far as I can see. The concept itself is sadly not really that secure.

Must have:

  • highly reliable (so no self-hosted solutions are acceptable)
  • web client for easy accessibility
  • address based on own domain name (and email address), e.g. me at dejvino dot com
  • at least country-local hosting (i.e. here in Czech Republic for me)

Should have:

  • contacts
  • calendar

Could have:

  • email content encryption. Currently it seems pretty impractical, but who knows. Maybe there is a usable solution?

Some cheap web-hosting with emails? http://hosting.wedos.com/cs/webhosting.html

IM

Similar to email. Doesn’t require 100% availability.

Ideas:

  • own secure Jabber/XMPP server? Could be self-hosted / VPS. Expensive, hard to maintain.
  • rented server? server-side history is hard to come by. Only Google has got it all…

Should have:

  • encrypted transmission
  • secured history saved on server side

Web hosting

I’m currently using external paid services. I might switch to a more custom solution, i.e. home server.

Raspberry Pi anyone? … UPDATE: nope, it could work for really simple services, but running anything more sophisticated results in long response times. And since I’ve got big plans, it is not the right solution.

Cloud storage

Dropbox has been a great service — lots of free space, great tools on Windows as well as on Android.
I’m in the process of switching to a more controlled ownCloud server solution.

Must have:

  • web interface
  • handle large files
  • access restrictions
  • per-user space limits (quotas)
  • PC client (Windows)

Should have:

  • online music streamer
  • public file-linking capability
  • applications / plugins / extensions

Could have:

  • Android client
  • synchronization / backup support

Social media

Friendica is a project I’ve been using a bit and am planing to use a bit more. But the other “standard” ones still seem quite usable, to some extent.

Should have:

  • RSS-feed-reader-like view
  • responsive design / client for Android
  • integration of different social networks

TODO: move Friendica to a more powerful server. It is quite CPU-demanding.

Web browsing

Type Current New Status
Browser Google Chrome Firefox DONE
Passwords KeePass KeePass + KeeFox DONE
Plugins DoNotTrackMe, HTTPS Everywhere, … see FixTracking.com as a handy guide. DONE

(3892)

Categories
Open source PicoPosts Programming Technology

Inferno vs. Java

An interesting read back from the year 1996 about Inferno vs. Java – http://doc.cat-v.org/inferno/historical_documents/website/infernojava

Infernos with its programming language (Limbo) seemed like such an awesome project. Why did it not take off and why do we use Java instead? I guess some concepts just come too soon, before it is their time to shine…

(1203)