yoursunny blog
computer, Internet, and life

How HomeCam Registers NDN Prefixes?

Junxiao Shi

HomeCam, a browser-based home surveillance camera, is one of my major side projects during the past few years. My last post gave an overview on the overall architecture and various components of HomeCam. I mentioned that HomeCam delivers pictures via Named Data Networking (NDN), which provides better scalability because the camera only needs to serve each picture once even if there are multiple viewers, and the network takes care of the distribution.

Both HomeCam viewers and cameras connect to the global NDN testbed network via WebSockets. A viewer sends Interests to the network to request a picture from a specific camera identified by part of the Interest name. The network forwards the Interests to the named camera, and the camera responds with Data packets that contain the picture. But how does the network know where the camera is?

The camera must register its prefix onto the NDN testbed network.

For a regular end host running the NDN Forwarding Daemon (NFD), you may let the world reach your NFD via auto prefix propagation. This procedure involves sending a prefix registration command to the network, which causes the router to add a route toward the end host. A requirement is that the prefix registration command must be signed by a key trusted by the network.

HomeCam camera is a browser-based application that directly connects to a testbed router, and there is no NFD running locally to do auto prefix propagation for us. However, HomeCam can still have a route added toward the camera by sending a prefix registration command.

(read more)

How to Change the MAC Address of ESP8266?

Junxiao Shi

Each ESP8266, like every other WiFi network interface card, comes with a MAC address that identifies itself to the network. Sometimes you want to change the MAC address of an ESP8266. How to do that?

ESP8266 has the built-in MAC address

ESP8266 Arduino core does not provide an API to change ESP8266's WiFi MAC address. While there is a WiFi.macAddress function, it actually retrieves the current WiFi MAC address, instead of setting it. However, Espressif SDK offers an API to change the WiFi STA MAC address:

bool wifi_set_macaddr(uint8 if_index, uint8 *macaddr);

This API is declared in user_interface.h. To get access in this API, you'll need to include this header.

(read more)

Show Temperature and Humidity as WiFi SSID with ESP8266 and HTU21D Sensor

Junxiao Shi

Since I started playing with ESP8266 WiFi microcontroller in 2016, I had a TMP36 temperature sensor. TMP36 is an analog sensor: it uses a voltage between 0.00V and 1.75V to represent a temperature reading between -50℃ and 125℃. The ESP8266 has an analog-to-digital converter (ADC) capable of reading voltages up to 1.00V. To read a temperature from TMP36 into ESP8266, I need to use a pair of resistors as a voltage divider, so that the resulting voltage does not exceed ADC's limit. However, I feel the temperature reading is very inaccurate: is my room really 19℃ when @TheTucsonHeat is in town? I once replaced the carbon resistors with metal film resistors, and the temperature reading instantly changed by as much as 8℃.

I need an upgrade to the temperature sensor! The new sensor must output digital signal, so that my lousy resistors wouldn't affect its accuracy. After comparing DHT11, DHT22, DS18B20, and several others, I eventually chose HTU21D-F because it has an I2C interface, which can be added directly to my LCD kit.

The HTU21D sensor arrives in the mail a few weeks later. It needs a bit of soldering to add the pin headers onto the breakout board; ImmodderNation has a soldering video to get you started. Afterwards, wiring is simple: just add it into the existing I2C bus! As long as you don't short the wires, you won't burn down the office.

HTU21D on I2C bus of ESP8266

A quick test with Adafruit's library confirms the HTU21D sensor is working correctly. Temperature and humidity readings are showing up on the serial console. However, I don't want to tug around the laptop to measure temperature around the house, and don't want to program the LCD or connect to Losant or NDN right away. I thought up a quick and easy way: let's create a Wi-Fi hotspot from the ESP8266, and show temperature and humidity as the WiFi network name (SSID)!

(read more)

How to Deduplicate BibTeX Entries?

Junxiao Shi

I'm writing my dissertation recently. My dissertation is a combination of several publications from my PhD career. Therefore, part of my dissertation writing process involves copy-pasting the papers together into a single document.

Like any good academics, I typeset my publications with LaTeX, and use BibTeX to incorporate citations into the documents. My collection of bibliographies is fairly ad hoc: during each writing project, I search for related work to cite in my paper. Unlike most others, I create a separate bib file for each BibTeX entry named after the citation key. For example, I would have bib/ndn-tlv.bib for a BibTeX entry named "ndn-tlv", and bib/Mininet.bib for the "Mininet" entry. This allows me to find available citation keys with a quick glance over the bib/ directory. My build process then concatenates these small bib files into ref.bib as an input to BibTeX.

My dissertation combines all my publications, and thus needs a union of BibTeX entries from those combinations. To make this union, I can copy all these single-entry bib files into the same directory. If two previous papers cited the same reference, their bib files should have the same name, and only one copy would be left in the combined directory.

Except that the above assumption is true only if I cited the same reference with the same citation key. And so I discovered a citation appearing twice in my dissertation:

duplicate references in dissertation

(read more)

How HomeCam Works?

Junxiao Shi

HomeCam, a browser-based home surveillance camera, is one of my major side projects during the past few years. HomeCam allows you to capture pictures via the webcam on a laptop or smartphone, and view real-time images from a different device. No specialized hardware or software installation is needed: HomeCam works directly in a web browser. This article gives an overview of the web technologies that enable HomeCam.

If you have not used HomeCam, try it today!

Functionality Review and General Workflow

The HomeCam web app can operate in either viewer or camera mode. To enter either mode, the user is required to specify a "camera name", which serves as an identifier. Each camera should have a distinct camera name. Any number of viewers can be active at the same time, and they will retrieve real-time pictures from the camera with the same camera name.

Under the hood, this works in three steps:

(read more)

yoursunny.com is in Git and Completely Rebuilt

Junxiao Shi

I started making websites since 2001. This website, yoursunny.com, started in 2006. In the past 11 years, I've rebuilt the site several times, switched from ASP to PHP, and moved from Windows dedicated hosting to shared hosting and eventually to Linux VPS. So far, every time I want to perform a major edit to the website, I copy original versions of affected files to a backup folder on my computer, and then go ahead to do the edit. After having tested the modification locally, I upload changed files via FTP or SFTP to the server. One constant worry over my head is, what if I lose all the files on my computer, and my hosting provider vanishes so I can't get them back? Another headache is, sometimes I may make an edit incorrectly, but I couldn't revert it back because I didn't copy the original files to the backup folder as I determined the change wasn't "major" enough to warrant a backup.

During my studies at University of Arizona, I learned a useful tool called git. Git is a source control system: it allows developers to create a repository and put source code into the repository, and will automatically keep track of all the edits applied to each file. By putting website source code into a git repository, I can find out what modifications I've performed to each file over time, regardless of whether it is "major" or "minor". Additionally, I can synchronize the git repository with a remote git server, so that the server has a copy of my website, including edit histories as well. This would solve both the worry of losing files, and the headache of not having an earlier version to revert to in case of an incorrect modification.

After delaying this projects several times, I am finally determined to move yoursunny.com into git repositories in Apr 2017. At the same time, to keep the website source code as clean as possible, I decide to try out two new technologies: static site generators and Composer. That is, I would rebuild yoursunny.com, copying page by page, into a new website stored in git repositories.

I spent about 2 months for this rebuild/move, and I'm happy to announce that yoursunny.com is now under source control.

Main Site with Composer

(read more)

How to Access Gogo Inflight WiFi on American Airlines for Free?

Junxiao Shi

Gogo offers WiFi Internet access on American Airlines domestic flights within United States. The Internet services are provided through Air-To-Ground (ATG) technology: a cellular radio network of over 200 towers in North America points their antennas to the sky; a Gogo-equipped airliner connects to one of these cellular towers, and provides Internet to passengers via WiFi. Pricing for Internet access via Gogo in-flight WiFi starts at USD 4.95 for 30 minutes.

gogoinflight airborne splash page

American Airlines and Gogo also provide inflight personal device entertainment through the same gogoinflight Wi-Fi signal. This service is free of charge, and allows passengers to watch movies and TV episodes on their own smartphones and tablets. Presumably, contents are pre-downloaded to a server located inside the aircraft, and therefore accessing those contents do not consume radio bandwidth.

Rogue One: A Star Wars Story movie provided on gogoinflight

While watching videos are permitted during the flight, Gogo does not want passengers to download these copyrighted movies for watching later at home. Therefore, users must have the Gogo Entertainment app on their mobile devices in order to watch movies. The app is compatible with the Digital Rights Management technology used in the entertainment server, to ensure that the movies can be watched for free, but cannot be (easily) downloaded. But what if the device does not already have the Gogo Entertainment app?

(read more)

reboot-into.sh: Fast Operating System Switch for BerryBoot

Junxiao Shi

BerryBoot is a bootloader for Raspberry Pi, allowing multiple operating system images to be placed on a single microSD card. It displays a menu upon system boot, so that the user can choose which OS to load.

I use a Raspberry Pi 3 as my primary desktop computer. It loads Ubuntu Mate 16.04 by default, in which I can code, read, and write dissertation. The same computer is also equipped with RetroPie, as my gaming machine playing FreeDoom.

One problem I'm frequently facing is: in order to switch from work mode to game mode, I must reboot the machine. Shutting down Ubuntu Mate can take as little as 10 seconds, or as much as 3 minutes, depending on luck. I hate to stay with the machine while it's rebooting, but if I walk away, I may miss the 10-second window in which I should select RetroPie from the BerryBoot menu, before it loads the default, Ubuntu Mate, automatically.

A less known feature of BerryBoot is its runonce file. You may instruct BerryBoot to load a specific image at next boot by writing the image name to data/runonce file in BerryBoot partition. This works particularly well if the Raspberry Pi is headless and does not have a keyboard, but it requires 5 steps and requires typing the full image name in the runonce file.

To simplify this process and quickly switch to another operating system in BerryBoot, I wrote a little script:

(read more)

"freewifi" via ESP8266 Captive Portal

Junxiao Shi
last updated

Many outdoor places do not have permanent Wi-Fi access points. Occasionally I can get a weak unencrypted WiFi signal from a nearby shop; otherwise, I'll have to face the fact of not having WiFi, and resort to my slow and expensive SIM card for cellular Internet access.

Since I learned that the ESP8266 can serve as a WiFi hotspot, I got an idea. I can make an ESP8266 appear as a Wi-Fi access point (AP), and provide free WiFi to everyone at the outdoor venue. Except that, this is a freewifi prank: I am providing free WiFi, but my WiFi does not offer Internet access.

Screenshots

ESP8266 makes a freewifi WiFi access point SSID:

freewifi SSID

(read more)

Install OpenConnect VPN Server with Trusted Certificate from Let's Encrypt

Junxiao Shi

OpenConnect VPN server, or ocserv, is an SSL VPN server compatible with Cisco AnyConnect. It can easily be installed in a cheap OpenVZ Virtual Private Server (VPS) with TUN capability. However, most online tutorials for installing OpenConnect VPN server rely on certtool to generate a self-signed certificate via OpenSSL. Afterwards, since the self-signed certificate is not trusted by operating systems, either the VPN client must be configured to skip certificate checking, or the self-signed certificate must be imported as a trusted certificate on the VPN client machine. Both practices are insecure. Bypassing certificate checking would allow an attacker to impose as the VPN server. Importing a trusted certificate does not seem wrong at first, but in case the private key is compromised, an attacker would be able to impose as any server to the client, including online shopping and bank websites, using a certificate signed by that private key. Remember that the self-signed certificate's private key is stored on the VPS filesystem, it is much less secure than Hardware Security Modules used at real CAs to store private keys, and therefore it is a bad idea to trust such certificates in client machines.

Let's Encrypt is a free, automated, and open Certificate Authority (CA). It allows anyone to obtain a domain-verified certificate within minutes, and without paying anything. Certificates from Let's Encrypt are trusted by most modern operating systems. They are ideal for securing an OpenConnect VPN server.

This article explains how to request a proper trusted certificate from Let's Encrypt for use with ocserv, how to install OpenConnect VPN Server and use the Let's Encrypt certificate, and how to configure Cisco AnyConnect client to connect to ocserv. These steps are verified with an OpenVZ Ubuntu 16.04 64bit VPS provided by SecureDragon. It is required to enable TUN devices for the VPS, typically through a button in SolusVM or other control panel provided by the hosting company.

Request Let's Encrypt Certificate for OpenConnect VPN Server

Before requesting a certificate from Let's Encrypt, you must have a Virtual Private Server with an IPv4 address, and have a domain name (could be subdomain) resolved to the server so that you are able to ping the server via the domain name.

(read more)