November 07, 2017

Iain R. Learmonth


Mastodon + XMPP + SIP

This is an idea. I haven’t looked at actually doing it yet, but I might.

Mastodon needs complimentary instant messaging and I’ve been thinking about how this might be achieved. XMPP and SIP are great federated protocols and it’s possible to use the same domain used for Mastodon for these through SRV records.

Authentication for XMPP and SIP is based on passwords. Mastodon could be extended to write out password hashes to a database to have one password for each service per device. You could then have those servers query the database and check password hashes. I’m not sure what the security properties of this would be compared to OAuth, but I think it’s similar just without the in-band setup.

I’m told there was previously an attempt to build out a social network on top of XMPP which sounded interesting, but OStatus seems to have won in this space. Still, if it’s possible for Mastodon to control authentication for the XMPP server, temporary passwords could be created for access from a web client embedded in the Mastodon frontend to provide federated real-time chat.

Adding users to your roster would likely need to be a seperate step (which would perhaps be beneficial to those that don’t want to chat with everyone they follow). The actual level of integration may vary between instances and that’s perfectly fine, implementations would need to consider this.

Presence information (online/offline status) would perhaps raise privacy concerns and so information would need to be conveyed to users about possible implications.

I’m not sure whether to start off with the backend work or the frontend work either. It would be possible for one to exist without the other entirely, you could link an XMPP account to your Mastodon account and use an external service, or you could only create the XMPP account from Mastodon and use only external clients.

If this is something that interests you, I’d be happy to have a discussion about it. On Mastodon I am

November 07, 2017 03:00 PM

November 06, 2017

Iain R. Learmonth


Talking to Hackers

Yesterday Ana finished setting up FreePBX for our house, and revived the Cisco SIP phones to make them useful again. Eventphone provides SIP, DECT, GSM and other telephony technologies at hacker events like CCC and also runs a long-running SIP service, known as EPVPN to connect hackerspaces and hackers between events.

We set up our extension as a trunk in FreePBX and could easily test outbound calls, but it was a little more difficult to test inbound calls. There was no system to queue up a test call (at least that I could find) so we needed to find someone to call back manually.

SpaceAPI provides a JSON document that lets you know if a hackerspace is open or not. It was 11pm in the UK so I wanted to make sure whoever I was calling wouldn’t mind the call. Once I found a hackerspace (Hackspace Marburg) that was open I placed a call and someone answered, but the hackerspace was in Germany and the call was answered in German. Luckily, they also spoke English.

After looking up the documentation of how to call Eventphone extensions using their hackerspace PBX, I got a call back and confirmed that I could receive incoming calls.

Some next steps:

  • Add extensions for the DECT phones which live downstairs
  • Set up a SIP phone for 57North Hacklab for which I have registered extension 1057

November 06, 2017 11:00 PM

November 03, 2017

Iain R. Learmonth


Free Software Efforts (2017W44)

Here’s my weekly report for week 44 of 2017. This has been a quiet week.

Tor Project

In this week I have looked at metrics-bot being compliant with the Tor metrics team’s Java style guide (#24080 ) and integrating it into a unified package naming scheme (#24036 ).

There has been a lot of refactoring in metrics-bot this week as components are starting to mature. I have started work on using metrics-base, the metrics team directory structure for Java projects and also formatting, but this still needs more work before it is completed.


I believe it is important to be clear not only about the work I have already completed but also about the sustainability of this work into the future. I plan to include a short report on the current sustainability of my work in each weekly report.

I have not had any free software related expenses this week. The current funds I have available for equipment, travel and other free software expenses remains £60.52. I do not believe that any hardware I rely on is looking at imminent failure.

November 03, 2017 10:00 PM

October 29, 2017

Iain R. Learmonth


Free Software Efforts (2017W43)

Here’s my weekly report for week 43 of 2017. This has been a quiet week.

Tor Project

In this week metrics-bot has had some issues where Onionoo was disappearing (#23928 ). I have been building in better error handling for requests to external services. I’ve also started to investigate other templates for status updates that might be useful (#23937 ), and have added a configuration framework to allow for credentials for services to be externally provided (#23933 ).


I believe it is important to be clear not only about the work I have already completed but also about the sustainability of this work into the future. I plan to include a short report on the current sustainability of my work in each weekly report.

I have not had any free software related expenses this week. The current funds I have available for equipment, travel and other free software expenses remains £60.52. I do not believe that any hardware I rely on is looking at imminent failure.

October 29, 2017 10:00 PM

October 26, 2017

Iain R. Learmonth



I joined Mastodon today. So did metrics-bot who is now simultooting to the fediverse.

metrics-bot on Mastodon

metrics-bot on Mastodon

Annoyingly, the API for Mastodon is different enough from the API for Twitter that I’ve needed to use a new library in metrics-bot. I’m using the mastodon4j library for now, but I’m really using so little of the API I do wonder if it would be easier to just reimplement the parts that are needed and drop the rest. The only part I’m really worried about is the OAuth authentication and I’m sure that won’t be anywhere near as bad as I think it will be.

October 26, 2017 10:00 PM

October 25, 2017

Iain R. Learmonth


Behringer Xenyx 302USB

I have decided to invest in a USB audio interface. My primary motivation for this is that I might like to produce some screencasts in the near future. My secondary motivation was being able to have a headphone socket on my desk to give me more freedom of movement than I would have plugged into the front of the workstation under my desk.

I went with a Behringer Xenyx 302USB and I’ve been quite happy with it so far.

The 302USB on my desk

The 302USB on my desk

I have heard that some audio interfaces have trouble with Linux as they require DSP implemented in software provided by Windows-only drivers. In the case of the 302USB, as soon as I plugged it into my Debian workstation, PulseAudio had picked up the new interface and I could use it straight away.

I have the main mix output hooked up to my amplifier and this is my default speaker output from the workstation now. The sound quality is great, plus the 2 band graphic EQ allows for me to tweak the sound for my speakers.

There are two mic inputs, although I believe you can only use one at a time. One is a 3.5mm jack next to the headphone jack and will be great for using the headset with Mumble.

The main mic input is a combination 6.25mm/XLR jack that accepts both types of jack. I had no idea such a connector existed, but it does and it means that I have three options for connector for attaching microphones. The main jack also provides phantom power.

For the price (£48), I would definitely recommend this model to anyone thinking of getting a simple USB audio interface.

October 25, 2017 10:00 PM

October 24, 2017

Iain R. Learmonth


Security by Obscurity

Today this blog post turned up on Hacker News, titled “Obscurity is a Valid Security Layer”. It makes some excellent points on the distinction between good and bad obscurity and it gives an example of good obscurity with SSH.

From the post:

I configured my SSH daemon to listen on port 24 in addition to its regular port of 22 so I could see the difference in attempts to connect to each (the connections are usually password guessing attempts). My expected result is far fewer attempts to access SSH on port 24 than port 22, which I equate to less risk to my, or any, SSH daemon.

I ran with this alternate port configuration for a single weekend, and received over eighteen thousand (18,000) connections to port 22, and five (5) to port 24.

Those of you that know me in the outside world will have probably heard me talk about how it’s insane we have all these services running on the public Internet that don’t need to be there, just waiting to be attacked.

I have previously given a talk at TechMeetup Aberdeen where I talk about my use of Tor’s Onion services to have services that only I should ever connect to be hidden from the general Internet.

Onion services, especially the client authentication features, can also be useful for IoT dashboards and devices, allowing access from the Internet but via a secure and authenticated channel that is updated even when the IoT devices behind it have long been abandoned.

If you’re interested to learn more about Onion services, you could watch Roger Dingledine’s talk from Def Con 25.

October 24, 2017 10:00 PM

October 23, 2017

Iain R. Learmonth


Bugs in websites

Reporting a bug in free software is easy. It turns out that everything I thought I knew about bug reporting was turned on its head when I tried to report a bug in the Tesco groceries website.

I was finding some sort of JavaScript problems in that my CPU was held at 100% and the page wasn’t really usable.

As with bug reports, I was expecting to at least have some technical information logged along with my email address so someone can contact me if they want me to try some things out. What I actually got:

Hmm. No. These are not standard fields in bugzilla.

In the end Tesco logged my bug report “anonymously”, claiming something about data protection as the reason.

I haven’t checked today if the issue is solved, but I have been using Tesco’s groceries website without issue for years now, so hopefully this is temporary.

October 23, 2017 10:00 PM

October 22, 2017

Iain R. Learmonth


Free Software Efforts (2017W42)

Here’s my weekly report for week 42 of 2017. In this week I have replaced my spacebar, failed to replace a HDD and begun the process to replace my YubiKey.


Eariler in the week I blogged about powerline-taskwarrior . There is a new upstream version available that includes the patches I had produced for Python 2 support and I have filed #879225 to remind me to package this.

The state of emscripten is still not great, and as I don’t have the time to chase this up and I certainly don’t have the time to fix it myself, I’ve converted the ITP for csdr to an RFP.

As I no longer have the time to maintain, I have released this domain name and published the sources behind the service.

Tor Project

There was a request to remove the $ from family fingerprint on Atlas. These actually come from Onionoo and we have decided to fix this in Onionoo, but I did push a small fix for Atlas this week that makes sure that Atlas doesn’t care if there are $ prefixes or not.

I requested that a Trac component be created for metrics-bot. I wrote a seperate post about metrics-bot.

I also attended the weekly metrics team meeting.


I believe it is important to be clear not only about the work I have already completed but also about the sustainability of this work into the future. I plan to include a short report on the current sustainability of my work in each weekly report.

I have not had any free software related expenses this week. The current funds I have available for equipment, travel and other free software expenses remains £60.52. I do not believe that any hardware I rely on is looking at imminent failure.

I do not find it likely that I’ll be travelling to Cambridge for the miniDebConf as the train alone would be around £350 and hotel accomodation a further £600 (to include both me and Ana).

October 22, 2017 10:00 PM

I operated to provide a map of Debian contributors and mirrors. There were plans to add in Debian events/sprints but I just did not have the time. The service broke one day, and I didn’t find the time to fix it.

I’ve now uploaded the sources of this very simple application to GitHub and perhaps someone else will pick it up. Having given the code a go today, I’ve not managed to persuade it to load any objects onto the map.

The code in will fetch the coordinates of Debian contributors from the website and convert them to a KML file.

The code in html was the webroot, and the KML files were pushed into the data directory there to be used by the embedded OpenStreetMap.

To find a map of Debian mirrors, see:

I believe the KML file for the mirrors was based on the above link, but I do not have the code I used. To produce the KML, the same system of grabbing the list of mirrors and then using GeoIP databases could be used, instead of using the data from that site.

October 22, 2017 11:00 AM

October 18, 2017

Robert McWilliam

I want a new camera

I think it's about time I got a new camera. I've thought this for a while, but keep baulking at the price of getting something that would be a decent improvement over what I currently have.

What I have

I have a Sony A55 at the moment. The internet tells me it was released in 2010, and I think I got mine between Christmas and New Year that year. On the lens side I've a Sigma 18-250 super zoom and a 50mm prime that cover most of what I do and I still have the 18-70 kit zoom from my A200 that I sometimes use as I have close focus filters that fit it and let it get really up close to stuff.

What I want

I'd like better performance - noise levels at higher ISOs look much better on more modern cameras, higher res video and not overheating when shooting video would be nice and, though 16 megapixels is usually plenty for what I do more would allow a bit more cropping.

But, the overriding consideration for me getting a new camera is to get something smaller.

My current setup is big enough and heavy enough that I mostly leave it at home - I want something small enough that it would live in my laptop bag (since that comes most places with me), and not be something that I have to think about if it comes or not when I'm travelling.

I definitely want a viewfinder on a camera. I much prefer that to only having a screen - I think it helps to have the picture you're taking be all that you see when composing it. This apparently makes me a bit weird as it seems to be only a small subset of cameras that still have viewfinders.

What I'm considering

Micro 4/3

For the most part the micro 4/3 bodies are a lot smaller than my current camera. The lenses are definitely smaller from targeting the smaller sensor - which has the nice effect of them also being quite a bit cheaper than equivalents for APS-C or 35mm. I really like the Panasonic rangefinder style GX cameras.

Canon EOS M5

APS-C 24 megapixel sensor in quite a compact body. But quite expensive, doesn't do 4K and a disappointing and expensive selection of native lenses.

Nikon 1 V3

Seems to be quite expensive for the specs. Again the native lenses have a disappointing selection and look expensive. And they're a pain to find as search results are swamped by "normal" Nikon lenses - "1" is a stupid name for a lens type.

Sony mirrorless

Maybe switch over to Sony E-mount? A6000 looks like it would be a decent step up from the A55. There's a decent amount of E-mount lenses available (though a bit more expensive than micro 4/3) and adaptors to let you use just about anything else. A bit higher res than the best of the micro 4/3 cameras. I was pretty tempted by the A6500 when it came out, but I don't think I want to spend that much and the jelly from the rolling shutter seems particularly bad with it.

A compact camera

If I really want to go all out on small: get something like a Sony Rx100 or Panasonic LX100. These are small enough to put in a pocket or clip onto my belt so could definitely come everywhere with me. I'm not really sold on giving up on interchangeable lenses though.


I think a small normal crossing zoom would be the best bet for usually living on the camera lens. That should give a nice small package for always carrying around and still be reasonably flexible.

I've seen a few reviews of the Olympus 40-150 that say it's quite good and very good for the price: from ~£50 on eBay. If I get a micro 4/3 camera I'll probably get one of these to have something for the longer end. Might not get that right away.

The Panasonic 12-35 f2.8, or Olympus 12-40 f2.8 "premium"/"professional" zooms look really nice, but they start at ~£500 on eBay so would eat pretty much all of my budget without getting a camera to put them on.

Micro 4/3 or Sony E-mount have a pretty small flange to sensor distance and with the sensors being quite small (especially micro 4/3) you can get adaptors to use most other types of lenses. There are a lot of really cheap and fast C-mount lenses out there, and some old M42 lenses look quite nice. C-mount extension tubes look fun for some macro stuff.

Speed Booster

Metabones Speed Booster gives a 0.71x focal length multiplier (on the ultra, 0.64 on XL variants) to allow full frame lenses to be used while kind of counteracting the crop from the small sensor and making the lens about a stop faster. The metabones version is quite expensive (and not widely available - I haven't yet found any for sale in Europe), there are a couple of cheaper alternatives, but reviews I've seen have been fairly negative for them. Since, to me, the whole point of this kind of adaptor would be to use some of the nice older lenses the adaptor adding issues would kind of spoil that. If I can live with distortion and vignetting C-mount lenses at about equivalent speeds are a couple of orders of magnitude cheaper. Some nice older lenses on a Speed Booster is fun to fantasise about but is probably still more expensive than I'm likely to spend in the near future.

A Speed Booster would let me get some fast older manual primes and make them even faster. Or there are versions that support modern AF lenses but those adaptors are more expensive and the lenses tend to be lots more expensive.

Crop factor

I was a bit worried about the crop factor taking away some of the wide end. My current widest lens is 18mm on the wide end of my kit and super zooms - adn I have often wanted something a bit wider than that. On my APS-C camera that comes in at about 29mm full frame equivalent. Need about 14mm to match that so the cheap standard zooms are about what I currently have and the premium/pro/bloody expensive standard zooms would be a bit wider. EBay has some cheap C-mount lenses out to 7mm without being listed as fisheye but they might have enough distortion that they actually would be fisheye in my book.


I'm still havering. I have bid on a couple of GX7s on eBay but other people seem to think they're worth more than I do, so haven't won them. I'm really surprised how much they go for, only £50-100 less than a GX80 (and second hand GX80s are surprising close to new ones - the higher end of the range are listing them above the new price on Amazon). I think the improved detail from the GX80 not having the low-pass filter makes it worth the extra over the GX7.

So, I'm currently leaning towards a Panasonic GX80 with the kit zoom and a couple of C-mount manual primes. Can maybe upgrade to native, or M42 primes later. I think I'll spend a while watching them on eBay but it is very tempting to push the button on Amazon to get one tomorrow...

October 18, 2017 11:00 PM

August 22, 2017

Tom Jones


FreeBSD on the GPD Pocket

In the distant past before smart phones became identical black rectangles there was a category of devices called palmtops. Palmtops were a class of PDA PC thing that fit in the palm of your hand. Today the Psion 5 series of devices most often capture peoples attention. Not only are they small and awesome, but they have something like a real keyboard.

This form factor is so popular that there are projects trying to update Psion 5 devices with new internals. The Psion 5 is the sort of device I have complained isn't made for a long time, at some point I picked one up on ebay with the intention of running the NetBSD port on it.

Earlier this year the world caught up and two big crowd funding projects appeared for modern Psion like palmtop devices. Neither the Gemini or the GPD Pocket campaigns convinced me that real hardware would ever appear. In May reviews of the GPD Pocket started to appear and I became aware of people that had backed and received their earlier campaign for the GPD WIN.

With a quirk in indiegogo allowing me to still back the campaign I jumped on board and ordered a tiny little laptop computer.

GPD Pocket vs Psion 5mx


FreeBSD is the only choice of OS for a pc computer. Support is good enough that I could boot and install without any real issues, but there was enough hardware support missing that I wanted to fix things before writing a blog post about it.

Somethings don't work out of the box others will need drivers before they will work:

  • Display rotation
  • WiFi (broadcom 4356)
  • Bluetooth (broadcom BCM2045A0)
  • Audio (cherry trail audio chrt54...)
  • Graphics
  • Nipple
  • USB C
  • Keyboard vanishes sometimes
  • Battery
  • Suspend
  • Touch Screen (goodix)
  • fan (there is some pwm hardware)
  • backlight
  • I2C
  • gpio


The most obvious issue is the display panel, the panel it self reports as being a high resolution portrait device. This problem exists in the bios menus and the windows boot splash is rotated for most of the time.

GPD Pocket FreeBSD bootsplash

Of course the FreeBSD bootsplash and framebuffer are also rotated, but a little neck turning makes the installer usable. Once installed we can address the rotated panel in X, accelerated graphics are probably in the future for this device, but the X framebuffer drive is good enough for FreeBSD hacking.

With X we can sort of the rotation problem. xf86-video-scfb is required to use the framebuffer.

# pkg install xf86-video-scfb

And the following lines have to be added to /usr/local/etc/X11/xorg.conf.d/driver-scfb.conf

Section "Device"
    Identifier "Generic FB"
    Driver "scfb"
    Option "Rotate" "CW"

 Section "Device"
     Identifier    "Card0"
     Driver        "scfb"

GPD Pocket FreeBSD

The screen resolution is still super high, there doesn't seem to be anyway to do DPI hinting with the framebuffer driver (or in i3 at all), but I can make terminals usable by cranking up the font size.

Keyboard and touchpoint

A Keyboard is vital for a usable computer, out of the box the keyboard works, but the touch point does not. Worse, touching the touch point caused the built in USB keyboard to die.

Some faffing trying to debug the problem with gavin@ at BSDCam and we got both keyboard and mouse working. For some reason my planck keyboard presents as a mouse among other things, pluggin in a mouse and power cycling the USB device caused ums(4) to correctly probe and attach.

Manually loading ums(4) at boot got the touch point working correctly. In fact, ig4(4) also attaches when manually loaded.

Add these lines to /boot/loader.conf


The dmesg shows some problems with ACPI probing, this is probably the source of some of the device problems.

Other devices

Wifi, bluetooth and graphics are bigger problems that will hopefully be caught up in others work and made to work soon. The touchscreen controller is adding a driver and support for Cherry View GPIO, there are datasheets for these and I am working on them.

No battery level indicator makes it annoying to use the GPD Pocket out and about. Without a driver the charge controller is using a really low current to recharge the battery. Datasheets are quite readily available for these devices and I am writing drivers now.

GPD Pocket

The Pocket is a great little device, I think its 'cuteness' makes everyone fall in love with it on first sight. I am really looking forward to getting the final things working and using this as a daily device.

August 22, 2017 12:00 AM

August 21, 2017

Tom Jones


Gherkin 30% keyboard


I like keyboards, I have been using an OLKB Planck as my daily driver for 18 months now. I saw a really nice ortholinear 30% keyboard go by on mastodon and I had to have one.

The keyboard I saw was actually the excellent gherkin by di0ib. di0ib has worked in the true spirit of open source and provided all of the design files and firmware for the gherkin. Beyond that they have included child proof instructions to order pcds.

Gherkin PCB

I tricked some friends into agreeing to build boards if I got a run of PCBS and set off. Amazingly was offering 5 more boards (10 vs 5) for just $2 extra. I managed to get 10 sets (board, key plate and base) of the PCBs for about £80.


The build was really easy to do, there is some advice for the socket on 40 percent club, but if you test fit everything as you go it should be straight forward. A build is probably around 2 hours depending on proficiency.

Parts Per Keyboard:

1  Keyplate PCB
1  Bottom PCB
1  Main PCB

16 M2 Spacers (14mm length)
32 M2 screws

30 key switches
30 key caps

1  Arduino Pro micro
1  machine pin socket (wide 24 pin (2x12))

30 3mm leds (your choice of colour)
30 1N4148 diodes
1  100 ohm resistors
1  100k ohm resitors
30 470 ohm reistors
1  mosfet (probs A04406A 4406A)

Key caps are a harder thing to buy (so many awesome choices) so I ended up using some spares I found in a desk drawer.


Flashing the firmware to the keyboard was a little harder to figure out. Eventually I found some instructions that included the correct avrdude flags on, you also need to use a switch pulling RST down to GND to put the micro controller in programming mode.

Pro Micro flash switch

Most of the work is done by the TMK make file, but you must manually specify a target for the program command. The command I used looks like:

# programming directive
MCU = atmega32u4
PROGRAM_CMD = avrdude -p $(MCU) -P /dev/tty.usbmodem1411 -c avr109 -U flash:w:$(TARGET).hex


With the board built and programmed (first try) it is time to figure out how to use it. It took a couple of months of daily use to get used to using the planck, it will be the same with the gherkin. To help learn I have printed out the keyboard layout and the combination of layers.

Gherkin Layout

I modified the default layout a little to make it more similar to how I normally type. I moved space bar to my left hand, made 'X' a repeatable key(gotta be able to delete chars in vim) and added a 'CMD' key. I have a fork of the repo with my layout and Makefile changes.

The layer system is easy to use, if you hold any of the keys on the base layer it will enable the alternate function for a meta key or it will switch to another layer for a layer key.

August 21, 2017 12:00 AM


Last updated:
December 16, 2017 07:20 AM
All times are UTC.

Powered by: