I recently bought a Lego Technic set for my son. It has motors controlled via Bluetooth Low Energy (BLE), using an Android app (Lego Technic Control+).

The Lego app informed me that it needs to have both Bluetooth and location services enabled in order to work. So, obviously Bluetooth needs to be enabled, but why Location Services?

At first I assumed that Lego were being sneaky with permission requirements, even though it seemed counter to their general company ethos. A little digging on the Internet revealed that Google started to make Location Services a pre-requisite for using BLE. It’s not just Lego’s app that required this. Any app that needs to scan for BLE devices has to require Location Services.

In order for me to use a childs toy, Google requires me to enable fine-grained location tracking, and to agree to share MAC addresses and other information that’s associated with my location.

There is no reasonable explanation for this, except that Google will use whatever lever they can in order to track as much information about you as they possibly can. If anyone can provide a less creepy explanation (that actually makes sense!), then please leave a comment.

Otherwise, it cements my opinion that Google has become a truly shitty company.

Why do I even care?

I’m not sure I can articulate this succinctly.

Tracking data is clearly very valuable to some people, because they go to great lengths to get it. These efforts get hidden behind the scenes, but you can see them if you know how to look. The goal is to build as detailed a picture as possible of us, by piecing together many thousands of bits of data. That’s immensely powerful data, and I’m wary of how it is, or could be, being used.

A mobile phone is a particularly personal device, pretty much nobody but me uses it, and it goes most places with me. As a matter of principle, I should be in control of that device. Yet, for example, if I deny Google permission to track my biometric data, my phone starts raising intrusive alerts when I send or receive SMS, or receive phone calls. It doesn’t need biometric data to send an SMS. Google just wants this data. This irks me quite a lot!

So the issue of Bluetooth requiring my location data to operate is another example of Google using their control of my phone to gain the data that they want. In this case, I have no real option but to comply, and that also irks me quite a lot!

In any other setting, this level of personal intrusion would never be tolerated. If someone was literally following you around with a notebook, recording every detail they observed, it would get very annoying very fast! Yet that is what’s happening, it’s just that you don’t easily see it.

I have a Testo 875-1i Thermal Imaging camera that, as a daft expensive toy, had been sitting unused for a while. When I needed it, I noticed that the battery (marked 0515 1100) was no longer working at all. It would not power the camera, and the camera wouldn’t charge it.

The camera has had little use compared to the levels it was designed for, so the battery was not degraded due to discharge cycles. I suspected that the charge controller was refusing to charge it because the cell voltage had fallen too low.

The cells themselves were registering just over 1.55V each, so they were pretty much fully drained. The lower threshold for a deep-discharged cell is typically 1.5V, below which the cell should be discarded, so I figured if I could push a surface charge into the cells, then I could persuade the charging circuit to activate.

And it worked! So I don’t have to throw out a serviceable battery, or fork out £130 or so for a new one.

Warning: This article is not a recommendation that you should do this yourself. Lithium Ion batteries can be dangerous. They hold a lot of charge, and can deliver a lot of energy in a short amount of time. If you suspect the battery is actually faulty or has been depleted through use, then just replace it. Certainly do not try to revive a cell that has fallen below 1.5V, because conductive bridges may have formed internally. In my case, the cells were very likely still above the safe pre-charge level, and I took the precautions of checking for signs of overheating repeatedly during charging. If you are not confident you know what you are doing, play safe and buy a new battery.

I was recently gifted an old 8-bit computer, an unloved BBC Micro that had gone up in a puff of smoke. As it turns out, the fault was a common problem with the X capacitors in the PSU, and easily fixed. Four keys also needed to have their switches dismantled and repaired, but after a good clean it was literally looking and working as new.

This was a well designed and well built computer, in fact I’m really quite blown away by just how impressive this computer is. The modern enhancements that people have come up with is, I think, testimony to just how well thought-out the design was. I suppose that, given many of the designers were also the people behind the ARM CPU, I shouldn’t be so surprised.

The hardware I was gifted included a dual 5.25″ floppy disk unit. This thing is heavy! A metal case, two PSUs, two drives, and all the magnetics that they required back in time. Surprisingly, all the disks in the two boxes I was given still work. My first instinct was to back them up somehow, so I bought a Turbo MMFS card, which drives a MicroSD card by bit-banging SPI on the BBC’s User Port. It comes with a custom filing system EPROM that contains MMFS. This is all pretty much enthusiast-developed stuff, and it works flawlessly.

What I see is a naive education system being led astray by a hugely influential data harvesting company. Leaving aside my huge reservations about giving Google access to my kids, to harvest their data and keep it for their entire lives, I’ll simply talk about one tiny issue that I see as the first hurdle they fell at. The very first thing I looked into regarding Google in the Classroom set off alarm bells.

They partner with Kahoot, a Google Education Partner, Google Classroom. Even at a glance, Kahoot looks to me like a shady company. The Common Sense Privacy Report sort of backs up my gut feeling, 66% with an amber ‘Warning’ badge is way below the standard I expect in my child’s education.

As an example of what looked shady to me, if I search Google for ‘Kahoot Data Harvesting’ I get the following URL: –

(http://) (cervinotechworkshop.weebly.com) (/kahoot-collecting-data.html)

I have broken up the above URL because I don’t want to add to its value by linking to it. That’s marketing spam! Worse still, it has been deliberately designed to shadow legitimate questions being asked about ‘Kahoot data harvesting’. Instead of talking about privacy issues, the article purports to be advising teachers on how best use Kahoot in classrooms. There is no doubt in my mind that this is driven by Kahoot. It’s shady and it’s deceptive.

Advertising is destroying the web, some say it is already destroyed. Most people who work in the tech industry know this, but only because we get to see the web evolve. For everyone else, it’s hard to get any visibility into what’s going on, so I’ll try to explain it.

Every time you visit a web page, absolutely any page, there’s an opportunity to make money. That’s because when you’re looking at a screen, you could also be looking at an advert. Advertisers will pay money to have their ad on your screen at that moment.

The ad-tech industry is complex, but most of that complexity is internal to the industry. Really, there’s just the advertiser, the publisher, and the reader. The publisher creates interesting stuff, and we read it. Advertisers who want to reach people like us will pay publishers to get their message in front of our eyes.

On the web, there are billions of people with a web browser, and every page you view is opportunity to make a tiny amount of money. These tiny amounts add up. An advertiser somewhere will be willing to pay some tiny sum for even a slim chance of profit.

If you think email spam is bad, then realise that spam represents the lower bound of internet advertising, and the worst web advertising is little better than email spam.

The Gemini project defines a protocol and markup for serving documents. The server runs on port 1965 by default, it responds to gemini:// URLs, it uses TLS with client certificates, and it has a simple markdown that fixes the shortcomings of Gopher pages without adding much extra. There are GUI, terminal, and command line clients already available.

The protocol has been designed with just enough features to allow publishing of simple documents, small files, and it also allows for rudimentary input handling. The bare simplicity of Gemini is a deliberate design choice. Client and server software is easy to write, as are Gemini documents. There are no features that could meaningfully aid tracking and advertising, so it’s unlikely to ever gain commercial interest. This is itself a key feature.

My own Gemini server is at gemini://gemini.susa.net/. In order to read any content there, it’s first necessary to install Gemini client (just as you need a Web browser to read content on the World Wide Web). There are a number of web-based proxies that have been made available by members of the community, and while these can be used to access Gemini ‘capsules’ (the Gemini equivalent of a web-site), I’d recommend using a proper client instead.

Gemini is overwhelmingly text-based. Not even inline images are supported, and although some clients do offer inline image loading, you generally have to choose to download an image, e.g. by clicking a link just like any other link. Again, this is a matter of principle in the protocol design; that is, it’s you who’s in charge of what you view, not the page author or site owner, nor any advertiser.

So, if you want to publish stuff somewhere that’s separate from the world wide web, then this seems like a good alternative. The markdown is simple, yet gives headings, paragraphs, pre-formatted blocks, lists, and links. You can simply type some words in a text file, and that’s your document ready to serve to the world. The immediacy and accessibility is refreshing (more so as I type this in WordPress, which is lagging in a browser on a fast 8-core Intel i7 laptop with 16GB of RAM).

I’ve been playing with the idea of Commerce Filtered Search, which is essentially a search engine of stuff that doesn’t exist simply to get you to click it. Sort of like how the Internet used to be, a place for those with boundless curiosity by those who just like to share what interests them.

My original plan was to ‘seed’ a web crawler with high-quality links, and fan out from there. The seed links were extracted from Hacker News, Reddit was on my radar. I also wrote an add-on for Firefox that lets me record links that I happen to find for subsequent crawling. The resulting search engine (with an outdated index) can be found here. I find it hugely promising, but each iteration seems to yield more complexity – search is hard.

So, I’m paring back. My goal right now is for a personal search engine that I can throw URLs from various good sources and have them fed into the index. I’m keeping a record of useful tools to help with this, and this page is currently a repository of information that should evolve into a more coherent post.

Interesting stuff to consider:

Sonic describes itself as “Fast, lightweight & schema-less search backend. An alternative to Elasticsearch that runs on a few MBs of RAM.” https://github.com/valeriansaliou/sonic

This seems promising because it claims to work well with limited resources, which is something I’d trade some of Lucene’s flexibility for.

Linkalot is a basic (at the time of writing) self-hosted link manager, and can be used to accumulate interesting links. It works well with Send-Tab-URL extension. https://gitlab.com/dmpop/linkalot

jusText is used for boilerplate removal. It has many implementations and forks of the original unmaintained algorithm. You will likely find things like cookie consent and image captions among your text. https://pypi.org/project/jusText/

spaCy could possibly be used to add a bit of semantic reasoning or keyword extraction to give the index more meaningful information to store. https://spacy.io/usage

readability-cli is a library based on the Firefox Reader Mode code that provides a command to fetch and simplify pages to just the article text. As you’d expect, it works as well as Firefox Reader Mode, which is to say it works really well.

I want to expose different containers on specific URL paths, possibly on different hosts, and nghttpx, from the nghttp2 library by Tatsuhiro Tsujikawa, does this in an intuitive way, and does a lot more besides.

    sudo apt-get install nghttp2-proxy

An example configuration is installed in /etc/nghttpx/nghttpx.conf, which configures nghttpx to listen for cleartext http on port localhost:3000 and proxies (e.g. forwards to) localhost:80.

    frontend=127.0.0.1,3000;no-tls
    backend=127.0.0.1,80

I’ve been working on and off on the Commerce Filtered Search Engine (CFS), essentially a survey of the web to find sites that are not commercially driven, in order to index them for searching. The idea is that if we can filter out all the click-bait and commercial stuff, what’s left might actually be interesting, novel, and informative (and a fair bit of rubbish, I expect, but perhaps it’ll at least be honest and sincere rubbish).

Up until now, I’ve been using Puppeteer with uBlock Origin. I was able to handle request failures and check for the error net::ERR_BLOCKED_BY_CLIENT, which indicates that a request was deemed to be ad or tracking related. The more hits per page I survey, the more spammy I rank the site.

This was an impulse purchase, because for some unfathomable reason I really wanted a RISC-V CPU to play with. Sipeed’s Longan Nano, a small board based on the GigaDevice GD32VF103 SoC is just that; a RISC-V CPU with a bundle of decent peripherals. There are links below if you want details on this board.

The GD32V implements an RV32IMAC CPU, where ‘RV32I’ refers to a 32-bit CPU with the Base Integer Instruction Set, the ‘M’ denotes the Standard Extension for Integer Multiplication and Division, the ‘A’ denotes the Extension for Atomic Instructions, and the ‘C’ refers to the Extension for Compressed Instructions (i.e. 16-bit opcodes for commonly used instructions, useful for this memory constrained device).

Email is one of those conceptually simple things that are a lot more complex in practise – get it wrong and you miss incoming mail, or your mail gets lost or junked, or spammers exploit your server.

This post is intended for technical people who want to run their own personal mail server, and describes the steps required to get a basic server setup that can be run safely and reliably.

The patent for the 6502’s ALU adder circuits, now expired, I found while writing a BCD adder in Verilog to go with a toy 6502ish CPU I am designing. So, I thought I’d re-implement it loosely based on the MOS solution.

Here’s the sketch, it just reads and dumps to the console, the bridge can be used to send the data to the GNU/Linux side of the Yun.

See the other post on doing this with a Raspberry Pi for some code to turn the data into something useful.

I’m using the MCU of the Yun to do the RF stuff, and using the AUREL RX-4MM5 (a proper OOK receiver), it seems a lot more dependable than the Raspberry Pi + RFM01 (or RFM12B).

Here are some notes on how I used LXD to run a container for WordPress. This is (a lot) more convenient than using Docker, which was my original approach to getting my WordPress site into a container. The main advantage for me is that a single container runs all the components together – no need for the ‘wiring’ between containers for each process.

There is a bash script that automates this at https://github.com/Kevin-Sangeelee/lxd-wordpress, and is a more complete description of the process since it automatically configures SSL/TLS and Exim.

We have a Braun Thermoscan infra-red (IR) thermometer that has been working perfectly for about five years. It started complaining about low batteries and shutting off, despite me replacing with new batteries that I checked had plenty of charge.

When I opened it, I discovered that the batteries connect to the circuit board via simple metal clip contacts, and that the contacts had some corrosion on them, which was preventing power from getting to the board, hence why it was complaining of low batteries.

So a very simple fix is to just clean the corrosion from the battery terminals inside the thermometer. You’ll need a Torx T8 (T9 also fits) screwdriver (Maplin, eBay, Amazon, maybe pound shops).
Continue reading →

This article is a work in progress to create a power-controller for the Raspberry Pi based on a PIC microcontroller and MOSFET. The PIC implements an I2C slave to allow power control, and also to approximate the registers of a PCF8563 Real Time Clock (RTC) chip, to allow timed wake-up of the Pi.

• Power the Raspberry Pi off and on with a push-button.
• Fully shut down the Raspberry Pi on ‘shutdown -h’.
• Wake-up at a specified time (one-off or periodic).
• Monitor the supply voltage.
• Log glitches in the power-supply (e.g. caused by USB device activity).
• Maintains the time from a CR2032 button cell.

During power-down, the circuit currently consumes around 5μA of power, useful where a battery is being used to power the Pi (remote solar-power applications, or in-car systems, for example).

The Pi is able to instruct the PIC to power it down using a short I2C command sequence. Wake up events include a push-button, or other voltage-sense on an input pin. Continue reading →

Moving a standard WordPress installation to a different host is a minor pain – I only do this occasionally, so every time I need to consider the configuration of the original environment and how this translates to the new server. Nothing too challenging, but tedious and prone to error.

So I figured Docker containers are the way to go and, sure enough, Docker Hub has more than enough images for my needs. The only issue is that I don’t dedicate my server to WordPress – it’s in a ./wordpress subdirectory of the web root. Docker’s official WordPress image keeps reinstating the WordPress files if they’re not found in the web root. Continue reading →

Atech’s Postal is an SMTP server and web management interface that’s geared towards transactional and bulk mailing (e.g. for application to user communication, and for marketing respectively). It’s quite well documented, but more importantly it’s open source (MIT license), and also seems well written – elegant, self-documenting code that’s easy to follow, useful comments, well structured. A bit of a joy really.

The Fast Server is a web server process that’s separate from the management interface server, that’s used to handle requests from click and open tracking links. However, the documentation on the Fast Server process, which is used for logging email Open and Click events, seems to be at least partially out of date, so I thought I’d dig into the code to understand and document the bits that I was unsure of. Continue reading →