Archives

All posts by K1WIZ

Had an application where I had to convert a ton of CSV logs to JSON format for ingestion by another system. I didn’t have good luck with Python, so I tried PHP. Posting this work here in the hopes it will help someone else. Keep in mind, this is a basic example and the following warning applies should this be considered for production use:

Stern Warning: This example assumes the source of the CSV files is doing any error handling before writing records in the CSV source files. It is also assumed that the source CSV files each have a KEY as the first row in each file so that fields in the data rows are properly represented. If this is not the case in your application, the below example will require further enhancement. Only use the example as shown if you are confident that your application/process creating the CSV source input files is doing proper data validation and handling!

The Code: (convert.php)

<?php
// php function to convert csv to json format.  Takes 2 arguments:
// arg1 = input csv file     arg2 = output json file

$fin = $argv[1];
$fout = $argv[2];

function csvToJson($fin,$fout) {
    // File Handles
    if (!($fp = fopen($fin, 'r'))) {
        die("Can't open file...");
    }

    $fo = fopen($fout, 'a');

    // Processing
    $key = fgetcsv($fp,"0",",");

    while ($row = fgetcsv($fp,"0",",")) {
            $json = array_combine($key, $row);
            $json = json_encode($json) . "\n";
            fwrite($fo, $json);
    }

    // release file handles
    fclose($fp);
    fclose($fo);
}
    // phone a friend
    csvToJson($fin,$fout);
?>

To use this script, here’s an example from my shell:

for FILE in /var/convert/csv/*.csv; do php /var/convert/convert.php $FILE /var/convert/json/$(basename $FILE).json; done

If this helped you, or if you have suggestions for refinement, please let me know in the comments below! 🙂

FIRST: A STERN WARNING!

The technology discussed in this article has serious potential to land you in trouble under possible state and federal wiretap statutes. Your use of this information is at your own risk and I cannot be held liable for your failure to use this information in accordance with local/federal laws. You agree that any use of this information is at your risk and that you agree to follow laws in your area when using the materials and software technology discussed herein. This information is published for educational purposes only.

I wanted to build a super sensitive microphone to pickup sounds and transmit them via my cloud streaming server so that I could monitor an area remotely. The project goals were:

  • had to be inexpensive, compared to commercially available “off the shelf” offerings
  • had to use existing open source components (software/hardware)
  • had to be sensitive enough to pickup sounds from adjacent rooms
  • had to be wireless
  • had to use an efficient sound codec to transmit picked up audio
  • had to be easy to operate

Parts List:

  • Raspberry Pi Zero 2W (any small ARM board should work, but it’s got to have wifi) $15
  • 32GB MicroSD card – you can use smaller, but this is what I had on hand $8
  • Dupont ribbon cables – $1
  • 5V wall wart – I had these on hand, but you should be able to source for about $5
  • MEMS Mic element – (INMP441) – $4
  • Polycarbonate project case – (BUD Industries PIP-11760-C) $15
  • Raspbian OS 11 – (based on Debian Linux) FREE
  • Liquidsoap audio toolkit – (installed via OPAM) FREE

Total Project Cost: $48USD Here’s a picture of the finished unit (I built 2):

Mic McCloud

The mic element is held in place by a bead of super glue around the edge. In this project, I did not build a stereo mic, but rather just a mono pickup. (I only wired one mic element and set it to the LEFT channel) It would be fairly easy to wire a second element and do a stereo version. Refer to the wiring diagram for how to wire a stereo version:

For stereo, wire as shown with two elements. For mono, just wire one element as LEFT

Here’s a picture of the hardware kit. I built two units, so what is shown are two Raspberry Pi Zero 2W and two INMP441 MEMS elements:

Why build one, when you can build 2?

Here’s a close-up of the MEMS mic element:

Don’t let the tiny hole fool you, this mic hears EVERYTHING!

SOFTWARE

For software, I wanted to keep things simple: no GUIs, no top heavy libraries or applications, just bare Linux, minimal ALSA config, I2S driver, and one of my favorite audio tools: liquidsoap. Follow these steps to prepare your system:

Deploy your OS

I used Raspbian OS 11 as the OS, it is based on Debian so that makes it a familiar and logical choice. I won’t get into how to deploy the OS, as that’s not really the scope of this article, but you can get this information on the raspbian website. Once you have the OS deployed to your card, you will need a temporary Pi to use that has more RAM (NOTE: the Raspberry Pi Zero 2W only has 512MB ram, which is NOT enough to do the compilation of the software you will need. I suggest you put the SD card into a Pi 3 or Pi 4 with at least 2GB of RAM and do all the steps herein before finally transferring the card to your Raspberry Pi Zero 2W for production use.

Install required packages

Now that you have your OS loaded on your SD card, put the card in your temporary Pi unit and perform these steps logged in as your default “pi” user:

sudo apt update
sudo apt install opam screen aptitude make gcc git bc libncurses5-dev bison flex libssl-dev debhelper-compat linux-headers dkms
sudo usermod -aG audio pi

At this point, go ahead and reboot the Pi by issuing: sudo reboot. When the Pi reboots, we need to uncomment the source deb repository so we can install libfdk-aac-dev from the source packages. Debian is not able to distribute these as binary packages because AAC+ codec is not free. We can however easily get it from the source packages and have debhelper compile it for us. Follow these steps as your “pi” user:

sudo nano /etc/apt/sources.list

(uncomment the source deb package repo as shown):

deb http://raspbian.raspberrypi.org/raspbian/ bullseye main contrib non-free rpi
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
deb-src http://raspbian.raspberrypi.org/raspbian/ bullseye main contrib non-free rpi

(save the file in nano by doing CTRL-O then exit by doing CTRL-X), and run the following command:

sudo apt update
sudo apt-get source libfdk-aac-dev
sudo apt-get --build source fdk-aac

(after the packages are downloaded and built, you will have the following packages in your current directory), run the following commands to finally install them:

sudo dpkg -i libfdk-aac2_2.0.1-1_armhf.deb
sudo dpkg -i libfdk-aac-dev_2.0.1-1_armhf.deb

At this point, we should have the minimum necessary packages installed. We can now go ahead and setup the I2S driver:

sudo nano /boot/config.txt

(you need to ensure the following are set as shown):

dtparam=i2s=on
#dtparam=audio=on

(after any changes, save the file and exit)

wget https://github.com/opencardev/snd-i2s_rpi/releases/download/v0.0.2/snd-i2s-rpi-dkms_0.0.2_all.deb
sudo dpkg -i snd-i2s-rpi-dkms_0.0.2_all.deb
sudo modprobe snd-i2s_rpi

(edit /etc/modules and add the following, then save and close the file):
snd-bcm2835
snd-i2s_rpi

sudo reboot

Last, we create a very simple ALSA config file:

(open for editing: /etc/asound.conf and REPLACE all contents with, save and close the file):

pcm.!default {
        type hw
        card 0
}
 
ctl.!default {
        type hw
        card 0
}

At this point, your Pi is ready to support I2S sound input. Reboot the Pi once more and then you can do the following command to verify:

arecord -l
**** List of CAPTURE Hardware Devices ****
card 0: sndrpii2scard [snd_rpi_i2s_card], device 0: simple-card_codec_link snd-soc-dummy-dai-0 [simple-card_codec_link snd-soc-dummy-dai-0]
  Subdevices: 0/1
  Subdevice #0: subdevice #0

The last software bits we need to add are Liquidsoap via OPAM:

opam init
opam switch create 4.10.0
opam depext taglib mad lame vorbis cry samplerate ocurl liquidsoap fdkaac alsa
opam install taglib mad lame vorbis cry samplerate ocurl liquidsoap fdkaac alsa
sudo ln -s ~/.opam/4.10.0/bin/liquidsoap /sbin/liquidsoap

At this point Liquidsoap should be installed, and now we can create a .liq file to define the output stream. I assume you already have an icecast server and this article assumes you know how to setup an icecast streaming server and connect sources to it. To define your mic’s liquidsoap stream output create a file in “pi”s home directory with the following content:

input = mksafe(input.alsa()) 
input = amplify(10.0,override="replay_gain",input)
input = filter.iir.butterworth.low(frequency = 10000.0, order = 8, input)
input = filter.iir.butterworth.high(frequency = 200.0, order = 8, input)

output.icecast(
  %fdkaac(channels=2, samplerate=44100, bandwidth="auto", bitrate=32, afterburner=true, aot="mpeg4_he_aac_v2", transmux="adts", sbr_mode=false),
  host="my.stream.host",
  port=8000, password="[email protected]", genre="live",
  description="LIVE", mount="/mic2",
  name="MIC 2", user="source",
  url="http://my.stream.host:8000/mic2", input)

****** AT THIS POINT: GO AHEAD AND PUT THE SD CARD INTO YOUR PI ZERO W ******

Once you have this file set, you can test your install by doing:

liquidsoap -v mic.liq

If all is good, you should see the stream start. To automate it to start at boot time, you can place a file in /etc/cron.d:

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

@reboot         pi      screen -d -m liquidsoap -v /home/pi/mic.liq

Save the file and reboot. Your live mic stream should now startup after reboot. You can then use any media endpoint you wish to tune in the stream and listen to the mic, or record the stream using VLC

You may wish to turn off and disable your swap to save your SD card:

sudo dphys-swapfile swapoff
sudo dphys-swapfile uninstall
sudo update-rc.d dphys-swapfile remove
sudo apt purge dphys-swapfile

A quick howto for setting up liquidsoap to create your own online radio station and transmit using the efficient and awesome AAC+ audio codec. I’ve made it super simple to create an encoder that can take program audio and create an AAC+ encoded stream that you can send to one or more icecast distribution servers – to broadcast around the world! Read on:

Install an up to date OS (as of this writing, Ubuntu 20.04 is what I used). Just the bare command line only server install is all you need. You could even do this on a Raspberry Pi with a USB audio pickup and then connect your program audio from the output of your processed audio chain. Installation is quite simple by following these commands:

sudo apt install opam screen
opam init
opam switch create 4.10.0
opam depext taglib mad lame ffmpeg vorbis cry samplerate ocurl liquidsoap fdkaac alsa
opam install taglib mad lame ffmpeg vorbis cry samplerate ocurl liquidsoap fdkaac alsa
sudo ln -s ~/.opam/4.10.0/bin/liquidsoap /sbin/liquidsoap

Answer Yes to any yes/no prompts, and once complete, you will have a working copy of liquidsoap with full AAC+ support. Now that liquidsoap is installed, you can now create a .liq file to set the parameters of your stream. Once you create this file, launching your stream becomes quite simple. Here’s an example .liq file. You can change any of the parameters to suit your needs:

set("log.file.path","/tmp/basic-radio.log")

input = mksafe(input.alsa()) 

output.icecast(
  %fdkaac(channels=2, samplerate=44100, bandwidth="auto", bitrate=96, afterburner=true, aot="mpeg4_he_aac_v2", transmux="adts", sbr_mode=false),
  host="my.icecast.host",
  port=8000, password="[email protected]", genre="live",
  description="LIVE", mount="/live",
  name="MY STATION NAME", user="source",
  url="http://my.icecast.host:8000/live", input)

Now that you have your liquidsoap and .liq file installed and ready, simply launch a screen session and invoke the following command:

liquidsoap -v ./myliqfile.liq

You can disconnect from your screen session and the stream should still continue running. To reconnect to your detached screen session, you can simply do: screen -r You can have multiple streams running on the same host by opening more screen sessions and invoking additional liquidsoap instances. If running multiple screens, you can list them by running: screen -ls

Now and then, heavily used systems may need to have their swap usage cycled (reset) to increase performance. There are many occasions where even though a system has enough RAM, there may still be a growing swap usage. The steps I outline here are safe to run on a production host to reduce swap usage and return swap contents to RAM.

Check current swap use:

[email protected]:~# free -m
              total        used        free      shared  buff/cache   available
Mem:           7800        4822         383           1        2594        2668
Swap:          4095         429        3666
[email protected]:~#

We can see here that about 430MB of swap is used even though there is plenty of RAM available. In this case, the system gets average consistent use and has been up for 206 days. We want to also see what the swappiness setting is currently set at and maybe reduce it:

[email protected]:~# cat /proc/sys/vm/swappiness
60
[email protected]:~#

[email protected]:~# sysctl vm.swappiness=20
vm.swappiness = 20
[email protected]:~# cat /proc/sys/vm/swappiness
20
[email protected]:~#

This new setting of 20 should help the system swap less often. We now want to force the system to move swap contents back to RAM where it belongs. To do that, we’ll turn swap off, and WAIT approx. 30 seconds, then turn swap back on:

[email protected]:~# swapoff -a
[email protected]:~# swapon -a
[email protected]:~# free -m
              total        used        free      shared  buff/cache   available
Mem:           7800        5295         143           2        2360        2194
Swap:          4095           0        4095
[email protected]:~#

We can now see that swap contents has been moved to RAM and that swap has reclaimed space. It should be easy to write a cron job to check swap usage and periodically do this when swap usage goes above an acceptable threshold.

Those plug-in smart switches that are uniquitous in the market are only good to 10 amps. (most of them) I had one on my dehumidifier project to control when the dehumidifier would turn on and off (by turning it completely off, we save energy and money on the electric bill). After a couple years of use, the “plug in” smart switch died, likely because the dehumidifier draws close to or beyond the current limit of the small relay in those switches. I looked around on the ‘Net and was hard pressed to find something that would handle higher currents. The unit is on a 20A circuit so I needed to be sure that whatever I used was rated to switch that much current. Most of the relays that are out there for “arduino” projects seem to also be limited to 10 amps as well. Boo!

I found a relay on Amazon that was capable of switching up to 30 amps! I’m thinking “this ought to last”, but I need to build a circuit that can energize a 12V DC coil. The ESP8266 module runs on 5 volts, and doesn’t put out nearly enough voltage and current to drive the coil. I needed to add a 12 volt modular switching power source, a 5 volt regulator for the ESP8266, and a MOSFET transistor pack (triggered by the GPIO pin on the ESP8266) to switch the 12 volt supply and send DC to energize the relay coil. Here’s what I used to build this industrial strength appliance smart switch:

Of course, it goes without saying, I installed the open source Tasmota software on the ESP8266 module! I then set pin D1 to drive the relay:

12 VDC buck switching supply:

120-240VAC IN – 12VDC OUT

Here’s a picture of the ESP8266, 5VDC buck regulator, and MOSFET module all wired up on a PCB. This is what gives the switch its smarts and allows the automation system to control it over MQTT/WiFi:

Here you can see the large relay. It is DPDT (double pole, double throw), has a 12V coil, and the switch contacts are rated for 30A @250VAC:

This is the entire smartswitch build finished:

All enclosed in a sealed IP67 rated enclosure. This design can be used outdoors!

And of course, with power applied (it passed the smoke test!):

ABSTRACT

A neighbor (looking at you Chad) recommended cloudflare for my website and I figured I’d try it out.  Doing so entailed changing my NS records on my domain at the registrar.  This effectively moved all my DNS zone for the domain over to cloudflare.  Awesome!  Getting the benefits of cloudflare, only thing is, I realized that my old bash script which kept my home network IP tied to a DNS host name now no longer works.  I needed to update it.   So I set out to rewrite the script and figured I’d share it here, hopefully to help someone else wanting to have a DDNS hostname for a dynamic IP at home.  Without further delay, here’s the script, all that is needed is to plug in the values for the variable, set it in a crontab, and done:

#!/bin/bash

time=$(/bin/date)
myip=$(/usr/bin/curl -X GET "ipinfo.io/ip")
# Populate with your own cloudflare specs
myZoneID   = ""
myRecordID = ""
myKey      = ""
hostname   = ""
email      = ""

curl -X PUT "https://api.cloudflare.com/client/v4/zones/$myZoneID/dns_records/$myRecordID" \
        -H "X-Auth-Email: $email" \
        -H "X-Auth-Key: $myKey" \
        -H "Content-Type: application/json" \
        --data '{"type":"A","name":"'$hostname'","content":"'$myip'","ttl":1,"proxied":false}'

echo "$time IP Updated to: $myip for $hostname" >> /var/log/DNS-UPDATE-$(date +"%Y-%m-%d").log

In addition to updating your DNS record, this also keeps logs of the changes to preserve a history of IP address changes.

There are many websites out there that will gladly take the details of your wifi network and in exchange for receiving those details, will generate an QR code that you can use to allow others easy access to your guest network, or business wifi. I strongly recommend against use of such sites as you can’t be sure they aren’t mining the data to build a repository of such information, and for what other purposes.

Instead, I used a freely available tool in Linux known as qrencode. Fortunately, qrencode is a simple program that you run locally on your linux machine (hell you could even roll up a linux VM to do this if you don’t have a machine with linux on it).

Installing qrencode in debian or ubuntu is as easy as:
sudo apt install qrencode

Once you have it installed, the format for generating the QR code is pretty straightforward:
qrencode -l H -t PNG -o qrwifi.png "WIFI:S:{SSID name of your network};T:{security type - WPA or WEP};P:{the network password};;"

So say your wifi name is “FBI VAN” with a password of “b0nehead” and has WPA encryption, your command to generate the QR would look like this:
qrencode -l H -t PNG -o qrwifi.png "WIFI:S:FBI VAN;T:WPA;P:b0nehead;;"

You would then see this QR code generated: (go ahead, scan it here!)

Once done, you have a nice QR code you can print and display for your guests. This makes it easy to get them connected, and they don’t have to worry about bothering anyone for the wifi password anymore. It’s a win on both sides.

ABSTRACT

So we recently moved to Northbridge (July 2020) and we were excited that (at the time) the NPS school district was not a GoGuardian customer.  Our family fought with our last school district in North Attleboro to stop deploying GoGuardian to our equipment at home for the reasons I documented back then.  The concept is simple:

  • MY house
  • MY home network
  • MY privately paid for internet
  • MY computers
  • MY electricity that was/is being paid for to run such an invasive application extension software

As a student/family privacy advocate, I do believe the school should monitor it’s own equipment and only on school grounds.  When it comes to family owned equipment used at home or anywhere off school campus, it should be HANDS OFF!  Students (and families) deserve a reasonable expectation of privacy in their own homes and on their own computers.

You should know that today (at the time of this writing) I telephoned the product team at GoGuardian, and asked them about their data collection and retention policies.  They refused to give me any information citing that I wasn’t their customer and that they have a policy against disclosing this information to parents.   Tax dollars funded the acquisition and installation of this software in our schools, I think full disclosure is totally appropriate.

LATEST FINDINGS/HOW TO TELL IF YOUR SCHOOL IS WATCHING

So at home, it’s YOUR computer, and your child is logged in to process homework, or email a teacher.  How do you know your school is watching and recording all their browsing history?  Here’s how:

Ensure they are logged into their school account on chrome.  Once logged in, type this in the address bar:

chrome://extensions

You will see something like this showing GoGuardian is installed: (click for larger view)

Here you can see GoGuardian is installed and running on the browser.  Did you ever give your school system permission to install a monitoring agent on YOUR equipment?  No?  then you need to complain to the highest levels of administration up to and including your school committee.  They are hoping this goes unnoticed, but I bet if they held a public forum on it and went out asking for consent, that most people would decline when they fully understand what GoGuardian really does.  I’ll also note that it isn’t possible to remove this extension – the ability to remove it is managed by the school district’s Google Apps domain policy.

You can see here the permissions given to the GoGuardian browser extension – it’s disturbing:  (note: it is  also  not  possible  to  turn  off  the  extension.   It  is  forced  on.)

Here’s a snapshot of the DNS queries I saw in our logs just after doing a test search for illicit materials on our machine: (click for larger image)

That right there friends, is GoGuardian “phoning home” on what I just did.  (in this case web browsing history and searching) was sent to GoGuardian, and whatever I did is now visible to school officials.  There are real ramifications to this kind of wholesale tracking (which I will not go into here) but simply put, you should contact your school system and demand removal of this invasive browser extension from running in your home.  Here’s a brief use case/reasons why:

  • when the equipment and network the application/extension is running on does not belong to NPS
  • students need to have a perceived sense of privacy within their own home and on family owned equipment.
  • on shared family owned equipment, the data collection could violate the privacy of any person who uses that equipment and unknowingly is operating within a chrome browser logged into that account.  People seldom check to see who chrome is logged in as – they just open a window and go online.
  • This also has the potential to implicate the “tracked” student in other people’s internet activity unfairly, on privately owned (but possibly shared) equipment.

Also the EFF (Electronic Frontier Foundation) has released an extensive study into the privacy matters and even legality of off-campus school surveillance.

SIGN THE PETITION TO REMOVE GOGUARDIAN FROM SCHOOLS

You can sign the petition here (I did): https://www.change.org/p/goguardian-ban-goguardian-in-schools-across-the-globe

HOW CAN MY SCHOOL MAKE THIS RIGHT?

Simple.  All the technology department needs to do is work with GoGuardian to prevent it’s extension from being deployed on non-school owned assets:

  • Work with GoGuardian to come up with a way to better control extension deployment by confining it to the following:
  • Define a Google Apps OU just for school-owned assets
  • Put all school-owned assets in that OU
  • Push GoGuardian deployment policies to ONLY that OU containing school owned assets.

UPDATE 9/24

I spoke with Director Tiago Vital and Superintendent McKinstry today about the privacy concerns with the GoGuardian extension running on privately owned equipment.  Here are the key points:

  • Superintendent McKinstry agrees that this extension running on “private property” is a bit concerning, wants to find a solution to exclude private computing equipment where possible.
  • Director Vital has actually looked into fixating GoGuardian to specific OUs within the NPS GApps domain, but mentioned it doesn’t appear that GoGuardian currently honors this in it’s current version.
  • Both Director Vital and Superintendent McKinstry agreed that a joint conference to discuss directly with GoGuardian, ways of excluding private equipment from the product deployment scope is desired and have invited me to join the call to present the concern from a parent’s point of view.
  • Time and date of such call is yet to be determined.

I will provide additional updates as they become available.

UPDATE 9/27

I got an email back from Director Vital which makes it clear GoGuardian does not wish to hear from/or involve in discussion, parents.  Here’s what the email said (and my response) click for larger view:

It should be noted that the claim of the extensions on non-chromebook devices are inaccurate.  Our family computer is a Linux (Ubuntu 20.04) machine running Chrome browser.  You can see from the screenshots above from that computer, that the extension was present and alive.  A test search for porn, bomb making, etc caused several DNS queries for goguardian servers to immediately show, indicating that the computer was talking to and sending data to GoGuardian.  This computer is private property, and we don’t consent to the residency of this executable extension (and code) belonging to GoGuardian, running on our private property (computer) in our home.

Since I learned that GoGuardian will not talk to parents – I went to my local police department (Northbridge Police) and filed a police report. (I’ll copy any developments herein as they happen)  I intend to fully pursue the legality of a school system and/or company placing executable monitoring agents in people’s homes on privately owned equipment.  I need parents to join this effort to preserve the expectation of privacy in our homes.  I also believe there are serious 4th & 5th amendment (unlawful search & right to not self-incriminate) civil rights violations at work here.

UPDATE 9/30

I’ve kept an eye on our machine over the last couple days and there has no longer been any GoGuardian traffic.  The extensions also appear to be missing from Chrome now.  I suspect that the school has removed this extension somehow from being deployed to our equipment when the kids log on – THANK YOU!   I do ask that parents use this guide to check and verify if the GoGuardian extensions have disappeared from their chrome browsers also.  Please follow the steps above and please feel free to comment below.   NOTE: I believe this removal is only for PRIVATE at home equipment.  If your child is using school issued equipment at home or on campus, I believe you will still see this extension in use.   Please remember that the focus of this cause, is ONLY for removal of the goguardian extension from PRIVATE equipment used OFF CAMPUS.

UPDATE 10/27

During another security audit of my network, I have discovered that again, GoGuardian has been reinstated on our family computer. I also see constant traffic in our DNS logs (times shown are in UTC):

I went to Northbridge Police Department to enter a second complaint against NPS for this unauthorized software running and monitoring activity on our family PC. I have also formally demanded the following information from Superintendent McKinstry:

Superintendent McKinstry,
I have returned from the Northbridge Police Department after bringing evidence of this repeat complaint and have spoken with Officer O’Malley this evening.I am formally demanding a copy of all data that GoGuardian has collected on both Jianna and Sophia Rogers.   I also want a copy of any policies on data retention:

  • where this data resides (both within NPS and within GoGuardian)
  • who has access to it
  • what data was collected and where
  • lifetime of data retention – when and where is it destroyed and how
  • a written scope of all GoGuardian functionality the district is subscribed to from GoGuardian
  • a list of any 3rd parties this data is shared with

Please provide these materials pursuant to my demand no later than 30 days.  If you require a court order to provide this, please immediately say so, and I will immediately have my attorney seek one.

UPDATE 10/28

Now that GoGuardian was quietly put back on our family computer when the kids are signed in, I decided to do some additional forensics on the machine to determine:

  • Is the executable extension permanently resident on the computer’s hard drive regardless of whether my kids are logged in?
  • Can I delete the extension or does it come back the next time they login?

Here’s what I found:

  • Whether or not the kid is logged in, GoGuardian’s chrome extension IS resident on my computer’s hard drive. In other words, if they aren’t logged in, it may not be running, but it IS resident on the drive and occupying about 12MB worth of space. I did not consent to this and the machine is my property, and it is NOT welcome on my machine or in my home!
  • I was able to delete the directory containing the extension (the directory is named after the extension ID – you can get this ID by going to chrome://extensions then click on the GoGuardian extension and the ID is visible in the address bar of the browser. I deleted the directory and it was removed. The next time my kid signed into school, the extension was re-deployed to my computer!

See the screenshot showing the contents of the directory (click for larger image):

There is NO WAY to permanently remove this software unless the school administration removes it – such removal is governed by their GSuite deployment policy, which they control. This is what causes the GoGuardian software to deploy to private computers in private residences. Such deployment to, and active wholesale monitoring of private property should be illegal and stopped.

I believe this is why GoGuardian wishes not to speak about data collection, retention, and destruction with parents because they are likely aware they are riding the very sharp edge of the law here with regard to their software ending up on private computing assets. THIS IS WHAT I’M FIGHTING FOR – privacy and private property rights! I’m OK if the software runs on school owned equipment within the school campus, but in my private residence, that’s NOT ACCEPTABLE!

ABSTRACT

In our home, we have 2 garage doors with RF remotes in our cars.  For most people, this is generally considered “good enough”.  I wanted to come up with a way to connect our garage door openers to our home automation system.  Doing so would have the added benefit of remote control from anywhere, especially if we are away.  This could be useful so that deliveries could be placed in the garage, or for any other reason where we would want to allow someone access to the garage but not the rest of the house.  Some folks have a code entry panel that serves this purpose but then you have to share that code and by doing so, can compromise security should the code be shared without your knowledge.  With the ability to remotely open the garage, allows access without needing to share a credential.

This article makes the following assumptions:

  • You already know how to flash Tasmota onto ESP8266 hardware
  • You are familiar with Domoticz home automation console and adding devices
  • You use some method of message transport ie. MQTT between Domoticz and your Tasmota powered hardware

View the following video to see a demo of how this works:

 

SOLUTION

Since I already have an in-place home automation system, all I needed to do was configure two buttons on the console that would accept a pushbutton command and send a signal to a relay to open the door.  For hardware, I used a dual relay board that has an esp8266 chip.  The 8266 chip was flashed with the latest Tasmota release, and configured to operate the relays.  The switch output of the relays is wired to the existing wall switches of the garage door so that when tripped, will cause the door to operate just as the physical wall buttons already do. 

The Tasmota configuration uses the “Generic” template and configures GPIO0 to be Relay1, and GPIO2 to be Relay2.  After setting the GPIOs, I had to enter some settings and a ruleset into the Tasmota Console on the ESP-01.  To enable the ESP-01 to talk to the relay serial chip on the board, I had to go to the console and enter the following command and ruleset:  (NOTE: some older versions of this dual relay board may use 9600 baud instead of the 115200 baud shown here.)  Also, the dual relay board needs to operate in Mode 1 (default mode and indicated by a red LED on the board).

seriallog 0
Rule1
on System#Boot do Backlog Baudrate 115200; SerialSend5 0 endon
on Power1#State=1 do SerialSend5 A00101A2 endon
on Power1#State=0 do SerialSend5 A00100A1 endon
on Power2#State=1 do SerialSend5 A00201A3 endon
on Power2#State=0 do SerialSend5 A00200A2 endon

Then to enable the above rule:

rule1 1

turns on rule1.  Once enabled, I want to ensure that power disturbances do not trigger the relays or cause the ESP-01 to lose it’s config.  To ensure that the relays stay OFF when there are power interruptions or power cycles, I needed to enter this command on the Tasmota Console:

PowerOnState 0

I also wanted to make sure the config would remain intact even if there were several power cycles/disturbances (sometimes Tasmota can reset to defaults if there are more than 6 fast consecutive power cycles), so I also entered this command into the Tasmota Console:

SetOption65 1

Finally, we want the relays to only trigger momentarily when activated so that a pulse is registered to the garage door openers.  To do that, we must enter two more commands on the Tasmota Console of the relay board:

PulseTime1 1
PulseTime2 1

Once these changes are set, all that is needed is to set the Domoticz IDX address to match the two pushbuttons that were added to the Domoticz console.   At this point it should be possible to remotely trigger the relays from Domoticz and they will trigger ON for 1 second and then switch off when called via Domoticz.  All that is left to do is wire the relay N.O. contacts to the physical garage door wall switches in the garage.  It will now be possible to open or close the garage doors from the Domoticz console via any mobile device that has access to the Domoticz home automation console.

ABSTRACT

I moved to an area where my AM news station (WBZ) comes in rather scratchy.  Sure I could stream them over the internet on a mobile device, but what about the radios I currently have?  Have they now become paperweights?  Fortunately, WBZ streams online and I found a cool FM transmitter module that I thought “I could use this with a Raspberry Pi to put WBZ on the FM dial near my home”.  The FM module is about $12 and available on Amazon and I already had a raspberry pi computer I could dedicate for the project.  Why not try it?

SOLUTION

WARNING *** WARNING *** WARNING *** WARNING

This article is for informational/educational purposes only.  If you make use of any information in this article, I will not be liable for your use of this information and any action you take based on the technical discussion herein is solely at your own peril/risk!  Please check local laws for this application in your country of residence!  This article also deals with a solution powered by AC mains voltage.  If you do not understand what you are doing, PLEASE be safe and get qualified help!

I installed Ubuntu Linux 20.04.2 server on the raspberry pi computer, and then installed a software called liquidsoap.  Liquidsoap is an audio/streaming swiss army knife and is of course, open source.  Normally, people use liquidsoap to capture a live audio source and then create a stream on the internet.  I wanted to do the reverse, and pull in an internet stream and play it over the USB DSP that is built into the FM module.  A bonus is that the FM module is also powered via the USB connection – one cable does it all.  Shown here is the finished transmitter:

The FM module is quite versatile.  It has an analog line-in, condenser mic, and USB audio interface all built in!  Depending on what input you use, the module is smart enough to pick that input and use only that.  When I hooked the module to my raspberry pi and ran:

aplay -l

I was able to see the USB audio interface on the FM module:

[email protected]:~$ aplay -l
**** List of PLAYBACK Hardware Devices ****
card 0: Headphones [bcm2835 Headphones], device 0: bcm2835 Headphones [bcm2835 Headphones]
Subdevices: 8/8
Subdevice #0: subdevice #0
Subdevice #1: subdevice #1
Subdevice #2: subdevice #2
Subdevice #3: subdevice #3
Subdevice #4: subdevice #4
Subdevice #5: subdevice #5
Subdevice #6: subdevice #6
Subdevice #7: subdevice #7
card 1: CD002 [CD002], device 0: USB Audio [USB Audio]
Subdevices: 0/1
Subdevice #0: subdevice #0

The “card 1” device is the USB connection to the FM module.

All I needed to do now was install and setup liquidsoap.  For that I used this guide and installed with OPAM.  Once I had liquidsoap installed, I created a .liq script which had the following configuration to stream WBZ and play it on the FM module’s USB interface:

str = "http://cast.wizworks.net:8000/wbz"
prog = mksafe(input.http(str))
prog = amplify(0.7,override="replay_gain",prog)
output.alsa(device="plughw:CARD=CD002,DEV=0",prog)

With this .liq file saved as play.liq, I could then start it up by running:

liquidsoap ./play.liq

If you want to add this as a systemd service, just follow the conventions to create the service file and install it as a service so it comes up whenever the raspberry pi is started.

FM Module Tips

The FM module as it comes, does not have an antenna on it.   For best results, solder a 1 meter length of wire on the “ANT” solder pad and place the entire RPi/FM setup in a high location within your home.  You should find a clear spot on your FM dial using a portable radio and set the FM module to that frequency.  When properly set, you should be able to pickup the signal from your RPi/FM package at least 4 houses away before you start to hear static.  This amount of range from such a small module is pretty decent and sufficient to enjoy your streamed audio source on any ordinary radio near your home.  The sound quality is very good for a $12 module and sounds nice on my Tivoli and other radios.

PRO TIP FOR MORE RANGE (FOR YOU RADIO PIRATES)

Connecting the home brew transmitter to a small RF amp brings the power output up to about 10 watts. This power is then fed through an RF bandpass filter before the antenna. This helps eliminate RF harmonics that WILL get you busted in short order! DO NOT operate a device like this at any considerable power level without proper filtering, it is a guaranteed way to get busted for radiating harmonics and interfering with other signals!

The transmitter connected to the amp module (live audio is fed from an icecast stream over CAT6 cable). Note the small white WiFi smart outlet. This lets me remotely turn off the transmitter if I get wind that the FCC is taking an interest. I have the ability to remotely kill it from my smartphone from anywhere, at a moment’s notice:

The RF bandpass filter (SUPER IMPORTANT!)

Finally, the TUNED circular polarized antenna – circular polarization helps reduce multipath signal distortion for mobile listeners. This antenna is precisely tuned to the desired broadcast frequency of 95.1 using a cheap portable VNA (Vector Network Analyzer)