Remote access my home lab from Tesla

My home lab runs a few applications need remote access. I have wireguard tunnels setup for general use case, but when it come to Tesla in car experience, my journey started.

Personal Hotspot from mobile phone

This is the simplest solution, just connect to the wireguard tunnel and share the hotspot with Tesla.

But this solution requires root access for Android and not working for iOS, it’s a quick prototype I started.

Mobile router + personal hotspot

After the prototype, I added a small travel router to the solution.

I got a MikroTik mAP lite router, setup it connect to wireguard tunnel, use my personal hotspot for WAN, boardcast a new SSID for Tesla.

This solution perfectly working, the router is very small and can be powered by USB port.

IP whitelist

The next improvement I try is using the builtin network link. I setup a Discord bot, when access from unknow IP, it send me a message and let me approve or deny the future requests.

But Tesla cellular network changes IP really fast, it usually takes 3-5 times before I can whitelist a stable IP address. Further more, the IP looks like NAT through Tesla networks, potential shared with other cars, it’s not 100% safe.


The final solution is Authentik authentication and proxy the public request with authorization. I setup my accounts and disabled the registration.

This is a balance of convenience and security.

Full screen

Lastly, I noticed there are some website provide a technique let the browser go full screen by jump through Youtube.

But they all focused on content, I want personalization. So I created a small tool deployed Let me keep my own bookmark links for full screen experience.

Categorized as 其他







Categorized as 其他


我前段时间为了买WiFi6 AP,顺手一起买了TL-R479GPE-AC。到手发现是4.0版硬件,除了PoE什么都没有,还不如买个更小的AC。这些AP支持VLAN,这个号称企业级的路由器竟然不支持。

虽然旁路连交换机也能用,但是闲置8个PoE我就想折腾折腾,既然是OpenWrt,最难也就是拆开接个Serial Console呗。搜到的文章大都是旧固件有备份漏洞的,然而新版本备份出来不是压缩包。主要参考了两篇文章,链接放在最后。绕了一个大弯子断断续续折腾了好久,最终成功达到目的,只有很简单的两步。


下载固件解压缩以后能看到/etc/passwd里面root有一个默认密码,但是/etc/init.d/dropbear会在启动后根据MAC地址设置一个新的,算法与旧固件不同,是LAN MAC地址经过MD5后的前16位,旧固件是8位。




swconfig dev switch0 vlan 5 set ports '0t 1t 2t 3t 6t'
swconfig dev switch1 vlan 5 set ports '0t 1t 2t 3t 4t 7t'


Categorized as 其他

Share bluetooth mouse between dual boot Win10/Linux

I have recently wiped my old laptop with dual boot Win10 and Arch Linux. My bluetooth mouse can store 3 paired devices but it will be nice to use the same slot.

Thanks to stackexchange, I found it is possible. But some updates are needed.

  1. Windows Regedit will not show content of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys No additional tools are needed as other posts, just “Export” it. The subkey values will be in the exported file.
  2. The key is not a single hex string, there are 4 of them: IRK, LTK, EDIV and ERand. They mapped to /var/lib/bluetooth/[Adapter MAC]/[Device MAC]/infokeys IdentityResolvingKey/Key, LongTermKey/Key, LongTermKey/EDiv and LongTermKey/Rand
  3. EDIV is a DWORD on Windows but decimal for Linux. For my case, I converted "EDIV"=dword:0000c8ae to EDiv=51374
  4. ERand needs conversion as well, two bytes to decimal, "ERand"=hex(b):e4,26,8e,2f,52,4d,a7,5a to Rand=58406363992106942842

As other posts reminded, keep the device off when boot Linux.

Categorized as 技术

My cross-platform development practices

I have learned how to develop apps for mobile platform since 2013. It was a very different area for a back-end engineer start working on client.
Almost all projects I worked need cross platform, at least iOS + Android.

After trying 5 different cross platform solutions, I decided to use native platform for my new project now.
The shortage of these solutions are more than the convenience it brings.

  1. Apache Cordova
    Details feel not like real native app. Feature pass.
  2. C++ Manually build library use ObjC link and JNI load it.
    It works perfect, but it’s too complex to keep C++ and ObjC and JNI at the same time.
  3. Xamarin Forms
    Good for CMS like app, if you don’t care the details for different platforms. Cross platform interface design is a wrong direction for most of my projects.
  4. Xamarin Native
    For now, I think this is the best cross platform solution. C# is also better language than Java.
  5. Native for each platform, use OpenAPI generate server stub.
    The most shared logic I wrote with other 4 solutions are client/server RPC. OpenAPI/Swagger solved this natively.
Categorized as 技术

[Resolved] Codesign error over SSH on macOS 10.12+


I have a shell script running in Jenkins to build my iOS projects. It runs over ssh on a Mac mini.

This stopped working since upgrading to macOS Sierra.


The root error of this problem is xcodebuild returns permission denied.

After step-by-step try on a hello world program, codesign returns the detailed error:

SecKey API returned: -25308, (null)____FILE_PATH____: unknown error -1=ffffffffffffffff

The explanation of this error is:

$ security error -25308
Error: 0xFFFF9D24 -25308 User interaction is not allowed.

This does not make any sense because the script created a new keychain and unlocked it. It needs no user interaction.


After three weeks contacting with Apple support, the solution is adding following command before using the newly created keychain:

security set-key-partition-list -S apple: -k <Password> -D <Identity> -t private

This works perfectly, but I cannot find any related document.

The script have been updated.

You-get 用命令行下载离线视频







Categorized as 技术

PsiApp: A simple beta app distribution tool

Recently, and both started to ask personal ID verification for their service.

I use them to install testing build on devices only, It is good to use HockeyApp oversea but clients from China usually have trouble downloading large files.

This result a small distribution tool created to host IPA and APK files easily and privately.

  • It is PHP only
  • No database required
  • Local write access is optional
  • Support iOS/Android/UWP/Windows/macOS


Categorized as iOS, 技术

Resetting the Push Notifications Permissions Alert on iOS

转自Apple官方文档,如何 重新显示 苹果 消息推送 的 权限提示。

Resetting the Push Notifications Permissions Alert on iOS

The first time a push-enabled app registers for push notifications, iOS asks the user if they wish to receive notifications for that app. Once the user has responded to this alert it is not presented again unless the device is restored or the app has been uninstalled for at least a day.

If you want to simulate a first-time run of your app, you can leave the app uninstalled for a day. You can achieve the latter without actually waiting a day by following these steps:

  1. Delete your app from the device.
  2. Turn the device off completely and turn it back on.
  3. Go to Settings > General > Date & Time and set the date ahead a day or more.
  4. Turn the device off completely again and turn it back on.
Categorized as iOS, 技术