Support

Blog

Flattr this!

I bought a Phicomm R1 Speaker for 150RMB delivered, its supposed to have Wifi and a config app, but the App registration is apparently broken.

The Phicomm R1 speaker has Android installed, unfortunately the configuration app for the speaker is no longer working as noted, so you can only use Bluetooth unless you hack it (Bluetooth is available via a triple press of the top button).

For some crazy reason, the speaker has a fairly decent cpu, and is running Android (albeit without a display, which is annoying, but not completely unfixable); we can connect via adb.

Download adb tools here – https://www.xda-developers.com/install-adb-windows-macos-linux/ and stick in your path.

Set the speaker to Wifi (long press of the top button), and connect to the Phicomm_R1_xxx network.

Mine setup a network on 192.168.43.0/24, with a gateway of 192.168.43.1

adb connect 192.168.43.1:5555

adb shell ls -al

drwxr-xr-x root     root              2016-01-21 16:50 acct

lrwxrwxrwx root     root              2016-01-21 16:50 bcm4329_cybertan.hcd -> /etc/bluez/bcm432x/BCM4329B1_002.002.023.0389.0000_Cybertan-Foxconn_Cls2_extLNA_EDRmaxInputLev+PeakDEVM_NT.hcd

-rw-r--r-- root     root       148936 1970-01-01 08:00 rk30xxnand_ko.ko.3.10.0

drwx------ root     root              2018-04-28 10:50 root

-rw-r--r-- root     root       252134 1970-01-01 08:00 vcodec_service.ko

lrwxrwxrwx root     root              2016-01-21 16:50 vendor -> /system/vendor

Yup, that worked!

Ok, so we can see the thing at least! Lets get some screen viewing software installed. I’m on OSX, so its a simple brew install..

This seems to work reasonably well – https://github.com/Genymobile/scrcpy

brew install scrcpy


#load ADB first as above on the default unconfigured wifi ip
adb connect 192.168.43.1:5555
scrscpy

You should now be able to see the device display, and the internal app called Pandora. The pandora app is a rather useless one – it basically doesn’t work. So ignore..
We need to install other tools.

#allow any app install
adb shell settings put secure install_non_market_apps 1

Next up, configure wifi on the thing!

#install adb wifi tool
wget https://github.com/steinwurf/adb-join-wifi/releases/download/1.0.1/adb-join-wifi.apk
adb push adb-join-wifi.apk /data/local/tmp/adb-join-wifi.apk
adb shell /system/bin/pm install -t /data/local/tmp/adb-join-wifi.apk

#change YOURSSID, and YOURWIFIPASS as appropriate..
adb shell am start -n com.steinwurf.adbjoinwifi/com.steinwurf.adbjoinwifi.MainActivity -e password_type WPA -e ssid YOURSSID -e password YOURWIFIPASS

It will hopefully setup the wifi. You’ll need to wait for it to ‘timeout’ and tell you wifi setting failed; it will then connect to your normal wifi as set above.

Once on your ‘normal’ wifi, you can adb connect again to the normal ip.
I installed airpin.apk to setup Airplay, now I can connect to the speaker in iTunes, and play. Good enough!

It can be downloaded here – http://www.waxrain.com/product_en.html
Install in a similar manner as other apk’s, then use screen mirroring to config the name.
I called mine phicomm

#copy and install airpin APK
adb push AirPin.apk /data/local/tmp/AirPin.apk
adb shell /system/bin/pm install -t /data/local/tmp/AirPin.apk
#run the screen mirroring to configure directly on the device
scrcpy

You can go further and remove the Xiao Xun (小讯) listening software, and install something else, but I haven’t bothered (yet). Mine is still unconfigured.
This is detailed in Chinese over here –
https://www.right.com.cn/forum/thread-855587-1-5.html

Flattr this!

The mail software has been completely revamped to support additional security precautions.

Failed logins will be blocked by ip address for 1 hour. (5 fails to trigger a 1hr block)

Senders can only send mail from their authenticated email address.

Outgoing mail is now also inspected for spam, if tests fail, sending will fail.

DKIM signing is now possible, we are in the process of implementation and testing.

SSL connections are now set to a minimum of TLS1.2 and 2048bit encryption, as per internet standards.

Support for connecting to servers still using old insecure protocols has been deprecated (i.e. not supported anymore).
The protocol insecurity issue is explained in more detail here –
https://weakdh.org

This has impacted some deliveries to outdated servers, which still use outdated software.

We can resolve these issues on a case by case basis if you forward support the relevant bounce messages.

If you see bounce messages with errors similar to this –
SSL routines:tls_process_ske_dhe:dh key too small;
SSL routines:ssl_choose_client_version:unsupported protocol;

The recipients server’s SSL key setup (the key they use for encryption for their mail server) is an issue.
Their keys are too small, and vulnerable to eavesdropping, and ideally need to be updated, as their communications are vulnerable.

 

Apr
30

Cert updates

Flattr this!

Certificates for *.computersolutions.cn have been updated to use letsencrypt from April 2019 onward.

Feb
22

DNS Updates

Flattr this!

As part of our DNS migration in mid 2016 (June / July last year), we asked all our clients to update their DNS to the below servers.

ns1.digitalocean.com
ns2.digitalocean.com
ns3.digitalocean.com

Note that as of today (22nd Feb 2017), our previous DNS servers are now offline, and will no longer resolve.

If you are having issues with email and website hosting today (22nd Feb 2017), please ensure that your DNS has been updated as requested.

This will only affect clients that maintain their own DNS, if your services are managed by us, this was done last year.

If you are unsure on how to proceed, please contact us.

Flattr this!

小米 sells a small little wifi camera which works quite painlessly.
I’ve bought several over the last few years.

My recent ones don’t work oversea’s though (which is where I install them).
Its extremely bogus selling equipment that is limited to a country, especially when they don’t tell you about it.

Annoying, as my older models aren’t “region locked”, but the newer ones are.

There is a fix for it, although it will likely get more difficult to patch at xiaomi’s whim.
If so, I’ll probably stop buying the camera’s. Lovely how vendors want to mess with customers…

First up, enable telnet on the camera.
Get an SD card or take the card out of the camera.

Create a folder named test on the card.
Create a plain text file called equip_test.sh in that folder, and add the following bash script:


#!/bin/sh
# Telnet
if [ ! -f "/etc/init.d/S88telnet" ]; then
echo "#!/bin/sh" > /etc/init.d/S88telnet
echo "telnetd &" >> /etc/init.d/S88telnet
chmod 755 /etc/init.d/S88telnet
fi
dr=`dirname $0`
# fix bootcycle
mv $dr/equip_test.sh $dr/equip_test.sh.moved
reboot

The script will enable telnet on the camera, and then rename the script so it doesn’t run again on the next boot.

Stick the prepared card into the camera, power on, and it should reboot (twice).
If you check the open ports on the camera ip you should now see port 23 (telnet) is open.

Login with the default user/pass (as below) via telnet

User: root
Password: 1234qwer

Once telnet’d in, enter the following, line by line –

Find and kill the watchdog process

killall watch_process

Find and kill /home/cloud process so we can edit it without the watchdog watch_process restarting it

killall cloud

Change the check within /home/cloud executable to query a fake domain so it never returns a failure, then reboot.


sed -i 's|api.xiaoyi.com/v4/ipc/check_did|api.xiaoyi.foo/v4/ipc/check_did|g' /home/cloud
reboot

Notes – The camera checks for the country by running an executable called /home/cloud
This calls an api at api.xiaoyi.com which does a ip check, then returns a true or false value if it thinks you’re in China or not. We change the /home/cloud executable ip check call to a bad url, which means it can’t perform its check.

Worked on my camera’s running version 1.8.6.1Q_201607271501

Flattr this!

We are currently seeing some issues sending TLS encrypted mails to Outlook.com hosted email addresses.
This appears to only be affecting some of the Outlook.com hosted server ip addresses intermittently
213.199.154.87 / mail-db34087.inbound.protection.outlook.com
213.199.154.23 / mail-am14023.inbound.protection.outlook.com

If messages fail to be delivered, you will receive a bounce message similar to the following:

TLS connect failed: timed out; connected to 213.199.154.87.
I’m not going to try again; this message has been in the queue too long.

In the interim we have disabled TLS encryption to the affected addresses.
We are currently unsure if this is a Microsoft issue, or a China Firewall Issue, so this may or may not resolve the issue.

We will update this post when we have further information.

May
16

SSL Updates

Flattr this!

The SSL certificate for the all servers have been updated to use a wildcard certificate.

We *finally* changed over to use a wildcard cert, as pricing has come down enough to not warrant having separate certificates per server.
Our new wildcard certificate is valid until 2019.

What does this mean for you?

The bad news
Really old browsers won’t be able to open our site
If you are an XP user running IE6, you won’t be able to load our encrypted sites anymore. We strongly suggest you upgrade though if you fall into that category!
Same goes for those running Android 2.x (which is equally ancient in computer terms).

The good news
Email is now encrypted point to point using AES256 SHA encryption where possible, and webmail is SHA256 encrypted from server to your browser.
Mail servers that support it (i.e. all of ours, plus the major providers like Google, Yahoo etc, will send encrypted mail to our servers).
Mail Headers will include things like the below if encryption is supported –
Received: from usa4.computersolutions.cn (162.210.36.26) by mail.computersolutions.cn with AES256-SHA encrypted SMTP;

Lastly – our new cert gets us a test rating of A at the SSL Labs site.
https://www.ssllabs.com/ssltest/analyze.html?d=computersolutions.cn&latest

Screen Shot 2016-05-16 at 1.15.56 AM

Flattr this!

Despite having friends that have broken limbs skateboarding, I decided to buy myself an Electronic Longboard.
I’m still a kid at heart, despite my ongoing age…

Screen Shot 2015-09-18 at 10.11.00 AM

The board I chose to buy is what looks like a copy of the Boosted Board. The design is different though, but its close enough to look like a copy of sorts. Mine is from a company called BenchWheel out of Hangzhou, and although mildly expensive, isn’t too bad in Electric Skateboard pricing terms, especially in comparison to the similarly specced Boosted board at $1499.

I was originally planning to get the Stary board, as its made in Shanghai, and I was watching their Kickstarter, but sadly they don’t seem to want to sell it locally.
So, I scanned Taobao for similar products, and decided on the BenchWheel, as it looked reasonable quality-wise compared to the other options.

BenchWheel is currently available on Taobao for 2899RMB (about 450$USD odd at this moment in time)

They have 2 models for sale – the B board, which is a standard longboard, and the C board, which is a skinnier board at the ends.

Screen Shot 2015-09-18 at 10.11.45 AM

I bought my BenchWheel on Monday, had it delivered on Wednesday (the magic of Taobao), and have been riding it for a whole 2 days now. I’ve never ridden a skateboard or longboard before, and I’m finding it very easy to ride. I’m already comfortable using it on the road for short trips in light traffic here in Shanghai. Took me about 5 minutes to find my balance, and after about an hour riding around my compound avoiding pedestrians and small rodent sized dogs I felt comfortable enough to take it outside on the street with the bigger traffic.

So far I’m quite happy with it. Top speed is faster than I want to go still, and the battery life is quite decent @ +-20km. The entire bottom length of the board is essentially battery.

Having played with most of the things available here, from e-scooters to airwheel’s, I think a Longboard is the most fun/ practical in daily use, especially for last mile from metro -> home.

All in all, it feels like a decent quality item. The parts are solidly built, and it doesn’t feel like cheap crap.
I haven’t tried a Boosted board or other US brand boards though, so can’t compare to those, but I do know what cheap crap feels like, and this isn’t that.

Some notes on using it
The BenchWheel has a carry handle, but I think there needs to be something smoother around the handle as the sandpaper gets rough.
Its light enough to carry short distances, which is good.

Remote control feels comfortable to use. The speed acceleration is good – its not crazy from stopped, it feels like they ramp up in a curve rather than giving you full throttle immediately. Braking on the other hand feels like they give you too much – you need to be more careful braking as its almost too fast on the controller.

Controller could do with some labelling, there are way too many leds that show different colors (red or green).
The bottom 3 show board battery status. The top two are speed allegedly, although they do flash when the board isn’t sync’d.
The remote and the board time out if not used and left on. The lights stay on, but the remote does nothing. Turning both off then on again resolves that. Looks like it does that when left 3-5 minutes unused. I’ve already hit that once or twice tonight talking to people about the board and not using it for a few minutes, then it doesn’t want to work.

My manual is in Chinese, and the instructions are not very clear – I had initial issues syncing the remote with the board despite reading the instructions, and repeating the steps a couple of times.
Their online support was good (aliwang), and I resolved it, but the manual needs to be much clearer.

I’ve actually had a go at making a better english manual here – http://computersolutions.cn/downloads/benchwheel/

I’ll re-iterate, this is really fun to ride. I’m actually excited to go out and ride around, which is good.
I’ve also been quite lucky in that I haven’t fallen yet. Having a brake and not going too fast helps a lot, as you can just jump off if you feel like falling.

Some tech details
N5065 270KV motors x 2 – Not sure what brand, haven’t opened it up yet.
Batteries in a 6S 4P (22.2V nominal @ 6 x 3.7V/ 25V peak/ 20v get off the board before you kill the batteries 😉 ) config using 18650’s @ 8800MAH / 210WH
Wheels are 80x45mm 78A hardness
Board is 920x240x15mm
7.9KG total weight.
Has a carrying handle cut out in the board (useful!)

Dual motors @ 1800W

Expanded view
Screen Shot 2015-09-18 at 8.59.16 AM

Underside view
TB278_6eXXXXXawXXXXXXXXXXXX_!!25106345.jpg

Whats missing
It feels like a strong version 1.0
That said this is whats missing:

    • Lighting – they need to add underlighting to the board (they actually came out with some the day after I bought mine, grr!, so will be adding mine when it arrives in my next taobao shopping order).
      Carrying handle – great idea, but the board sandpaper surface chafes, so it needs some smoother tape around the handle area.
      Design – There are tons of cool skateboard designs. BenchWheel have completely ignored that and gone with a horridly bad logo font choice and rather basic and bland black board color. This totally needs some work. Luckily you can buy cool stuff on taobao, so thats a fairly easy remedy.
      Packaging – Very white box. Mine actually came slightly damaged, although the board was fine. They need to work on that.
      Battery indicator – The Marbel board has a battery indicator on the board. They need to add something either on the top of the board, or underneath the board with a bar for charge value like you get on electric mopeds and scooters. I might mod mine to add that, as thats fairly easy to do. There is a battery indicator on the remote, but its not too accurate / useful.
      Manual – the existing one isn’t so clear on a few things, even in the Chinese manual.
  • Some action shots below.

    20921767554_59ae162d35_k

    21356686058_7bec4abf8a_k

    21356301820_795dd6d824_k

    20923405313_3799292a18_k

    Full set on Flickr

    Video:

    Flattr this!

    Some of our clients are experiencing delivery issues to some domains that use Gmail/Google for their email.

    I previously covered that here – http://www.computersolutions.cn/blog/2015/04/gmail-and-other-google-hosted-mail-delivery-issues/

    The issue is that China is still blocking Gmail/ Google hosted mail, and the recipient domain hasn’t setup their MX records correctly.

    This is fine for servers outside of China, where all of googles mail servers (should) work, but breaks things for those inside China, where only a few servers are reachable.

    Google hosted mail settings are here: https://support.google.com/a/answer/33915?hl=en

    You’ll note that there are 5 different email servers that are listed in priority order.

    Priority Mail Server
    1 ASPMX.L.GOOGLE.COM.
    5 ALT1.ASPMX.L.GOOGLE.COM.
    5 ALT2.ASPMX.L.GOOGLE.COM.
    10 ALT3.ASPMX.L.GOOGLE.COM.
    10 ALT4.ASPMX.L.GOOGLE.COM.

    For mail servers, the higher number is more important, so a priority of 1 will be the first server tried, then the next highest number, and so on.

    If I try to connect to the servers from China.

    telnet ASPMX.L.GOOGLE.COM 25
    Trying 74.125.200.27…
    (times out)

    telnet ALT1.ASPMX.L.GOOGLE.COM 25
    Trying 173.194.72.26…
    (times out)

    telnet ALT2.ASPMX.L.GOOGLE.COM 25
    Trying 74.125.25.26…
    (times out)

    telnet ALT3.ASPMX.L.GOOGLE.COM 25
    Trying 64.233.169.26…
    Connected to ALT3.ASPMX.L.GOOGLE.COM.
    Escape character is ‘^]’.
    (yay, we have a winner!)

    telnet ALT4.ASPMX.L.GOOGLE.COM 25
    Trying 74.125.70.27…
    Connected to ALT4.ASPMX.L.GOOGLE.COM.
    Escape character is ‘^]’.
    (yay, we have a winner!)

    So, we can see that alt3, alt4 work, but none of the others do (as of 9th September 2015 from Shanghai)

    So, some rudimentary testing shows that some servers work, and some do not.
    How does that apply to real world examples.

    Lets look at a non-working domain – ihg.com

    dig mx ihg.com

    ;; ANSWER SECTION:
    ihg.com. 600 IN MX 100 aspmx3.googlemail.com.
    ihg.com. 600 IN MX 50 alt1.aspmx.l.google.com.
    ihg.com. 600 IN MX 50 alt2.aspmx.l.google.com.
    ihg.com. 600 IN MX 100 aspmx2.googlemail.com.
    ihg.com. 600 IN MX 10 aspmx.l.google.com.

    You should easily be able to see 2 things.
    1 – that the MX records are not as per Google settings.
    2 – that the 2 working MX records are not listed.

    This means that while their MX records probably work oversea’s, they will not be deliverable from China. They need to amend their MX records to Googles recommended settings.

    Lets look at another example.

    dig mx rsms-west.com

    ;; ANSWER SECTION:
    rsms-west.com. 6238 IN MX 30 alt2.aspmx.l.google.com.
    rsms-west.com. 6238 IN MX 10 aspmx.l.google.com.
    rsms-west.com. 6238 IN MX 40 aspmx2.googlemail.com.
    rsms-west.com. 6238 IN MX 50 aspmx3.googlemail.com.
    rsms-west.com. 6238 IN MX 20 alt1.aspmx.l.google.com.

    Once again, we can see that the alt3, and alt4 servers are missing, and unfortunately none of the other listed servers are connectable from China.

    Lastly, lets look at a working server

    dig mx teamsequel.com

    teamsequel.com. 12878 IN MX 1 ASPMX.L.GOOGLE.com.
    teamsequel.com. 12878 IN MX 5 ALT1.ASPMX.L.GOOGLE.com.
    teamsequel.com. 12878 IN MX 5 ALT2.ASPMX.L.GOOGLE.com.
    teamsequel.com. 12878 IN MX 10 ALT3.ASPMX.L.GOOGLE.com.
    teamsequel.com. 12878 IN MX 10 ALT4.ASPMX.L.GOOGLE.com.

    You can see that they have the correct Gmail settings as per Gmail / Google settings page, and mail to them is deliverable (as alt3, alt4 are currently not being blocked by the beneficent government of China).

    Unfortunately as this is an issue that is out of our control (MX records are incorrect, and China is being difficult), we cannot mitigate against it. The affected domains will need to amend their MX records appropriately as per the page here- https://support.google.com/a/answer/33915?hl=en.

    Flattr this!

    I have a couple of older Mac Pro desktops that I tend to.
    As my machines usually get upgraded to the max, they’re still pretty darn useful.
    Currently they’re all Dual Quad Core 3Ghz / 16G Ram 1,1->2,1 flashed, which is more than enough for dev purposes.

    Sadly though, they still have the original graphics cards – rather crappy 7300GT’s.

    One of the issues with the Mac Pro 1,1 is that in Yosemite* the original graphics cards aren’t really supported.

    *Sure Yosemite isn’t really supported either, but it does work after a bit of EFI boot mangling.

    You can work around things, by having a newer NVidia card (i.e. anything 6XX and above), but then you lose boot graphics till the OS loads drivers.

    As I sort of quite need boot graphics due to the bootloader side of things getting borked on occasion, I thought I’d source myself a compatible card.

    There aren’t really that many options unfortunately for vintage equipment, its mostly 8800GT’s that are at least 5 years+, and priced at silly money.

    There are other options though – certain PC graphics cards are usable.

    As a Mac Pro 1,1 (2,1), it needs a card that:
    #1 – Shipped on a Mac Pro 1,1 or 2,1 (so that AMD created an _EBC_ based Mac BIOS).
    #2 – Has a flashable BIOS. This rules out most of the NVidia’s of that era, so its a select number of ATI cards.

    Netkas.org is a good source of reading for that sort of thing.

    ATI 4870 appears to be flashable, and wasn’t too “$$ bills yo!” on Taobao

    So, sourced myself a 4870 1G card (235RMB w/shipping), and set to work.

    There is a wealth of information out there about flashing, but unfortunately all the links appear to be pretty dead.

    The general consensus is to dump the original firmware, then patch it yourself. There are tools for this, but they don’t really work. Cindori’s Zeus et al..

    I tried to do this inside the Mac Pro itself, but it wasn’t having any of it, and didn’t like the perfectly fine DOS USB key(s) I made. Luckily I also had a Windows box available to dump / flash.

    Fun and games with PSU connectors later, I booted off a DOS boot disk, used ATIFlash to dump my original rom, then shutdown again.

    IMG_0068

    Stuck the USB key back in my laptop, used a ROM I found inside Zeus (show package contents, copy the 4870EFI.ROM out) + patch that with my dumped rom using fixrom.py from here – http://forum.netkas.org/index.php/topic,692.0.html and the patch instructions here – http://forums.macrumors.com/threads/race-to-dump-the-4870-rom-whos-first.661681/page-14#post-7297669

    Copied the patched rom back onto the USB, rebooted off again into the DOS boot disk on my Window box, and flashed the new patched EBC rom bios.

    IMG_0069

    A few minutes of recabling later on the Mac, I got a nice boot screen off the card.

    Works fine in OSX too (sleep etc appear to be fine).
    IMG_0070

    As this was a royal pain in the ass, I have the pre-patched rom here – ROM

    Its specifically for the 4870 card I have, so don’t randomly flash to your 4870 card, unless the part number matches. My P/N is below.

    Radeon HD4870 1G Dual DVI
    PN 288-20E85-230AC

    Enjoy.