Remote access my home lab from Tesla

My home lab runs a few applications need remote access. I have wireguard tunnels setup for general use case, but when it come to Tesla in car experience, my journey started.

Personal Hotspot from mobile phone

This is the simplest solution, just connect to the wireguard tunnel and share the hotspot with Tesla.

But this solution requires root access for Android and not working for iOS, it’s a quick prototype I started.

Mobile router + personal hotspot

After the prototype, I added a small travel router to the solution.

I got a MikroTik mAP lite router, setup it connect to wireguard tunnel, use my personal hotspot for WAN, boardcast a new SSID for Tesla.

This solution perfectly working, the router is very small and can be powered by USB port.

IP whitelist

The next improvement I try is using the builtin network link. I setup a Discord bot, when access from unknow IP, it send me a message and let me approve or deny the future requests.

But Tesla cellular network changes IP really fast, it usually takes 3-5 times before I can whitelist a stable IP address. Further more, the IP looks like NAT through Tesla networks, potential shared with other cars, it’s not 100% safe.

Authentik

The final solution is Authentik authentication and proxy the public request with authorization. I setup my accounts and disabled the registration.

This is a balance of convenience and security.

Full screen

Lastly, I noticed there are some website provide a technique let the browser go full screen by jump through Youtube.

But they all focused on content, I want personalization. So I created a small tool deployed carbookmark.com. Let me keep my own bookmark links for full screen experience.

Published
Categorized as 其他

Keychron使用体验

入手Keychron的键盘三个月,它成了我工作的主力设备。

我用键盘的手感偏轻,以前用的最多的是Cherry银轴和NiZ的30g静电容,以前我所有的键盘都是有线全尺寸的,一月份被蓝牙5.1吸引,买了两把Keychron。

K8的机械青轴比Cherry青轴略重,声音也闷一些。K3的光电轴是可拆卸的,我买了红、白、Blue(青?)、Banana四套。现在字母键用Blue,方向键用Banana,控制键用白轴,其他用红轴。

Keychron替代以前的设备主要原因是小,80%和75%的尺寸都可以叠放在MacBook上,不占桌面额外的空间。我也很喜欢新键盘功能键和Mac系统匹配的更好。

说到不足,青轴很吵,K8放在MacBook上就更严重了,视频会议的时候完全不能用。K3的超薄设计对习惯了全高的我还是有挑战的,至少需要两周适应。K3的电池续航也比K8弱很多,同样的背光设置K3用不到一周,K8可以用一个月。

Published
Categorized as 其他

TL-R479GPE-AC设置VLAN

我前段时间为了买WiFi6 AP,顺手一起买了TL-R479GPE-AC。到手发现是4.0版硬件,除了PoE什么都没有,还不如买个更小的AC。这些AP支持VLAN,这个号称企业级的路由器竟然不支持。

虽然旁路连交换机也能用,但是闲置8个PoE我就想折腾折腾,既然是OpenWrt,最难也就是拆开接个Serial Console呗。搜到的文章大都是旧固件有备份漏洞的,然而新版本备份出来不是压缩包。主要参考了两篇文章,链接放在最后。绕了一个大弯子断断续续折腾了好久,最终成功达到目的,只有很简单的两步。

第一步,计算root密码。

下载固件解压缩以后能看到/etc/passwd里面root有一个默认密码,但是/etc/init.d/dropbear会在启动后根据MAC地址设置一个新的,算法与旧固件不同,是LAN MAC地址经过MD5后的前16位,旧固件是8位。

启用SSH在管理界面就有,叫“故障诊断模式”,端口默认是33400。

第二步,设置VLAN。

我只把这个设备当AC,为了省事就把所有端口都加了tag,没有分析对应的编号。这两行写到了/etc/rc.local,试了一下重启和断电后都还在,猜测是有特殊处理。

swconfig dev switch0 vlan 5 set ports '0t 1t 2t 3t 6t'
swconfig dev switch1 vlan 5 set ports '0t 1t 2t 3t 4t 7t'

参考文章:

https://www.right.com.cn/forum/thread-332822-1-1.html

Published
Categorized as 其他

Share bluetooth mouse between dual boot Win10/Linux

I have recently wiped my old laptop with dual boot Win10 and Arch Linux. My bluetooth mouse can store 3 paired devices but it will be nice to use the same slot.

Thanks to stackexchange, I found it is possible. But some updates are needed.

  1. Windows Regedit will not show content of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys No additional tools are needed as other posts, just “Export” it. The subkey values will be in the exported file.
  2. The key is not a single hex string, there are 4 of them: IRK, LTK, EDIV and ERand. They mapped to /var/lib/bluetooth/[Adapter MAC]/[Device MAC]/infokeys IdentityResolvingKey/Key, LongTermKey/Key, LongTermKey/EDiv and LongTermKey/Rand
  3. EDIV is a DWORD on Windows but decimal for Linux. For my case, I converted "EDIV"=dword:0000c8ae to EDiv=51374
  4. ERand needs conversion as well, two bytes to decimal, "ERand"=hex(b):e4,26,8e,2f,52,4d,a7,5a to Rand=58406363992106942842

As other posts reminded, keep the device off when boot Linux.

Published
Categorized as 技术

My cross-platform development practices

I have learned how to develop apps for mobile platform since 2013. It was a very different area for a back-end engineer start working on client.
Almost all projects I worked need cross platform, at least iOS + Android.

After trying 5 different cross platform solutions, I decided to use native platform for my new project now.
The shortage of these solutions are more than the convenience it brings.

  1. Apache Cordova
    Details feel not like real native app. Feature pass.
  2. C++ Manually build library use ObjC link and JNI load it.
    It works perfect, but it’s too complex to keep C++ and ObjC and JNI at the same time.
  3. Xamarin Forms
    Good for CMS like app, if you don’t care the details for different platforms. Cross platform interface design is a wrong direction for most of my projects.
  4. Xamarin Native
    For now, I think this is the best cross platform solution. C# is also better language than Java.
  5. Native for each platform, use OpenAPI generate server stub.
    The most shared logic I wrote with other 4 solutions are client/server RPC. OpenAPI/Swagger solved this natively.
Published
Categorized as 技术

[Resolved] Codesign error over SSH on macOS 10.12+

Background

I have a shell script running in Jenkins to build my iOS projects. It runs over ssh on a Mac mini.

This stopped working since upgrading to macOS Sierra.

Causes

The root error of this problem is xcodebuild returns permission denied.

After step-by-step try on a hello world program, codesign returns the detailed error:

SecKey API returned: -25308, (null)____FILE_PATH____: unknown error -1=ffffffffffffffff

The explanation of this error is:

$ security error -25308
Error: 0xFFFF9D24 -25308 User interaction is not allowed.

This does not make any sense because the script created a new keychain and unlocked it. It needs no user interaction.

Solution

After three weeks contacting with Apple support, the solution is adding following command before using the newly created keychain:

security set-key-partition-list -S apple: -k <Password> -D <Identity> -t private

This works perfectly, but I cannot find any related document.

The script have been updated.

You-get 用命令行下载离线视频

这个工具很赞,命令行下载离线各大网站的视频和音乐。能自动合并分段的高清视频,并且把flv转换成mp4格式(都是用ffmpeg)。

家里电视连着RaspberryPi跑Kodi,看下载的视频比stream要方便。

上周想看英雄联盟总决赛,但是you-get的腾讯视频功能只能下载最差的质量那个版本。于是花了几个小时写了个patch,这周已经合并到主线了。现在从腾讯视频就可以下载到1080p和720p的版本了,优先选最高的。腾讯视频有限速,但是1MB/s也足够了,1小时的1080p只需要15分钟,限速还不是按IP,可以同时开多个。

网站:https://you-get.org/

源码:https://github.com/soimort/you-get

下一步有空写个浏览器插件,省去复制粘贴,直接post到下载机上就更方便了。

Published
Categorized as 技术

PsiApp: A simple beta app distribution tool

Recently, fir.im and pgyer.com both started to ask personal ID verification for their service.

I use them to install testing build on devices only, It is good to use HockeyApp oversea but clients from China usually have trouble downloading large files.

This result a small distribution tool created to host IPA and APK files easily and privately.

https://github.com/sinofool/PsiApp

  • It is PHP only
  • No database required
  • Local write access is optional
  • Support iOS/Android/UWP/Windows/macOS

 

Published
Categorized as iOS, 技术

Resetting the Push Notifications Permissions Alert on iOS

转自Apple官方文档,如何 重新显示 苹果 消息推送 的 权限提示。

Resetting the Push Notifications Permissions Alert on iOS

The first time a push-enabled app registers for push notifications, iOS asks the user if they wish to receive notifications for that app. Once the user has responded to this alert it is not presented again unless the device is restored or the app has been uninstalled for at least a day.

If you want to simulate a first-time run of your app, you can leave the app uninstalled for a day. You can achieve the latter without actually waiting a day by following these steps:

  1. Delete your app from the device.
  2. Turn the device off completely and turn it back on.
  3. Go to Settings > General > Date & Time and set the date ahead a day or more.
  4. Turn the device off completely again and turn it back on.
Published
Categorized as iOS, 技术