Browsing all articles in Uncategorized

Flattr this!

As I can never find this online, and man -l /var/qmail/man/man8/qmail-dkim.8 is a pain, I’ve posted the DKIM settings below.

The complete set of letters with the corresponding return status is given below

A – DKIM_SUCCESS – Function executed successfully
B – DKIM_FINISHED_BODY – process result: no more message
body is needed
C – DKIM_PARTIAL_SUCCESS – verify result: at least one
but not all signatures verified
D – DKIM_NEUTRAL – verify result: no signatures
verified but message is
not suspicious
E – DKIM_SUCCESS_BUT_EXTRA – signature result: signature
verified but it did not
include all of the body
F – DKIM_3PS_SIGNATURE – 3rd-party signature
G – DKIM_FAIL – Function failed to execute
H – DKIM_BAD_SYNTAX – signature error: DKIM-Signature
could not parse or has bad
I – DKIM_SIGNATURE_BAD – signature error: RSA verify
J – DKIM_SIGNATURE_BAD_BUT_TESTING – signature error: RSA verify
failed but testing
K – DKIM_SIGNATURE_EXPIRED – signature error: x= is old
L – DKIM_SELECTOR_INVALID – signature error: selector doesn’t
parse or contains invalid values
M – DKIM_SELECTOR_GRANULARITY_MISMATCH – signature error: selector
g= doesn’t match i=
N – DKIM_SELECTOR_KEY_REVOKED – signature error: selector
p= empty
O – DKIM_SELECTOR_DOMAIN_NAME_TOO_LONG – signature error: selector domain
name too long to request
P – DKIM_SELECTOR_DNS_TEMP_FAILURE – signature error: temporary dns
failure requesting selector
Q – DKIM_SELECTOR_DNS_PERM_FAILURE – signature error: permanent dns
failure requesting selector
R – DKIM_SELECTOR_PUBLIC_KEY_INVALID – signature error: selector
p= value invalid or wrong format
S – DKIM_NO_SIGNATURES – no signatures
T – DKIM_NO_VALID_SIGNATURES – no valid signatures
U – DKIM_BODY_HASH_MISMATCH – sigature verify error: message
body does not hash to bh value
V – DKIM_SELECTOR_ALGORITHM_MISMATCH – signature error: selector
h= doesn’t match signature a=
W – DKIM_STAT_INCOMPAT – signature error: incompatible v=
X – DKIM_UNSIGNED_FROM – signature error: not all message’s
From headers in signature

For example, if you want to permanently reject messages that have a signature that is expired, include the letter ‘K’ in the DKIMVERIFY environment variable. A conservative set of letters is FGHIKLMNOQR‐
NO_VALID_SIGNATURES and BODY_HASH_MISMATCH errors, and temporarily SIGNATURE_BAD_BUT_TESTING and DNS_TEMP_FAILURE . Add in S if you want to reject messages that do not have a DKIM signature. You can use
the control files signaturedomains and nosignature domains (See Below) to further fine tune the action to be taken when a mail arrives with no DKIM signature. Note that qmail-dkim always inserts the
DKIM-Status header, so that messages can be rejected later at delivery time, or in the mail reader. In that case you may set DKIMVERIFY to an empty string. If you want to check all message’s From header
in signature set the UNSIGNED_FROM environment variable to an empty string. If you want to check messages without signed subject header, set UNSIGNED_SUBJECT environment variable. If you want to honor
body lengh tag (l=), set HONOR_BODYLENGTHTAG environment variable.

qmail-dkim supports signing practice which can be additonall checked when a signature verifcation fails –

SSP – Sender Signing Practice


ADSP – Author Domain Signing Practice.

When a signature fails to verify for a message, you can use SSP/ADSP to determine if the message is suspicious or not. To verify a message against SSP/ADSP, set the DKIMPRACTICE environment variable to
the desired set of letters allowed for DKIMVERIFY environment variable. SSP/ADSP should be used only when signature verification fails. SSP/ADSP should be invoked only when libdkim returns the error
codes (F,G,H,I,J,K,L,M,N,P,Q,R,S,T,U,V,W,X) for signature verification. In case you want to test against SSP/ADSP only for DKIM_NO_SIGNATURE and DKIM_NO_VALID_SIGNATURE set the environment variable DKIM‐
PRACTICE=”ST”. If you want automatic behaviour, set DKIMPRACTICE to an empty string. In this case ADSP/SSP will be used when return code matches “FGHIJKLMNPQRSTUVWX”. qmail-dkim uses ADSP as the default
signing practice. You can override this by setting the SIGN_PRACTICE to ssp, adsp, local (lowercase). if you set SIGN_PRACTICE to local, qmail-dkim will check the domain against the control file signa‐
turedomains (See Below). If the domain is found listed in signaturedomains qmail-dkim will bypass ADSP/SSP and return DKIM_FAIL if signature fails to verify. Setting SIGN_PRACTICE to anything else will
cause qmail-dkim to disable Signing Practice.

Flattr this!

If you’ve, uh, patched an App for whatever reason, Catalina can be a bit whiny about it, and tell you the app is damaged and can’t be used.

Simple fix

xattr -cr /Applications/

Usual Caveats – only do this if you’ve modified the App yourself.

Flattr this!

If you’ve been running a beta, or if Apple update is just confuzzled 🙂 this may help.

I was getting an error trying to update to the final version of Catalina – “The requested version of Mac OS is not Available”. Installing and removing the beta profile didn’t help.

If you have this issue, you can reset the Software Update Catalog to defaults by doing the following in terminal:

  • sudo defaults delete /Library/Preferences/ CatalogURL
  • defaults delete CatalogURL
  • softwareupdate --clear-catalog

The last one will warn about being deprecated, but still works.
Check software update again, and you should be able to download updates again.

Flattr this!

Have issues with slow loading times for right click, open with menu on OSX?

Copy and paste the below to resolve –

/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -kill -seed -r -f -v -domain local -domain user -domain system

Ignore any errors, as it re-removes and re-registers registered context menu’s – once completed, right click menu’s will be back to their fast speed.

Flattr this!

I bought a Phicomm R1 Speaker for 150RMB delivered, its supposed to have Wifi and a config app, but the App registration is apparently broken.

The Phicomm R1 speaker has Android installed, unfortunately the configuration app for the speaker is no longer working as noted, so you can only use Bluetooth unless you hack it (Bluetooth is available via a triple press of the top button).

For some crazy reason, the speaker has a fairly decent cpu, and is running Android (albeit without a display, which is annoying, but not completely unfixable); we can connect via adb.

Download adb tools here – and stick in your path.

Set the speaker to Wifi (long press of the top button), and connect to the Phicomm_R1_xxx network.

Mine setup a network on, with a gateway of

adb connect

adb shell ls -al

drwxr-xr-x root     root              2016-01-21 16:50 acct

lrwxrwxrwx root     root              2016-01-21 16:50 bcm4329_cybertan.hcd -> /etc/bluez/bcm432x/BCM4329B1_002.002.023.0389.0000_Cybertan-Foxconn_Cls2_extLNA_EDRmaxInputLev+PeakDEVM_NT.hcd

-rw-r--r-- root     root       148936 1970-01-01 08:00 rk30xxnand_ko.ko.3.10.0

drwx------ root     root              2018-04-28 10:50 root

-rw-r--r-- root     root       252134 1970-01-01 08:00 vcodec_service.ko

lrwxrwxrwx root     root              2016-01-21 16:50 vendor -> /system/vendor

Yup, that worked!

Ok, so we can see the thing at least! Lets get some screen viewing software installed. I’m on OSX, so its a simple brew install..

This seems to work reasonably well –

brew install scrcpy

#load ADB first as above on the default unconfigured wifi ip
adb connect

You should now be able to see the device display, and the internal app called Pandora. The pandora app is a rather useless one – it basically doesn’t work. So ignore..
We need to install other tools.

#allow any app install
adb shell settings put secure install_non_market_apps 1

Next up, configure wifi on the thing!

#install adb wifi tool
adb push adb-join-wifi.apk /data/local/tmp/adb-join-wifi.apk
adb shell /system/bin/pm install -t /data/local/tmp/adb-join-wifi.apk

#change YOURSSID, and YOURWIFIPASS as appropriate..
adb shell am start -n com.steinwurf.adbjoinwifi/com.steinwurf.adbjoinwifi.MainActivity -e password_type WPA -e ssid YOURSSID -e password YOURWIFIPASS

It will hopefully setup the wifi. You’ll need to wait for it to ‘timeout’ and tell you wifi setting failed; it will then connect to your normal wifi as set above.

Once on your ‘normal’ wifi, you can adb connect again to the normal ip.
I installed airpin.apk to setup Airplay, now I can connect to the speaker in iTunes, and play. Good enough!

It can be downloaded here –
Install in a similar manner as other apk’s, then use screen mirroring to config the name.
I called mine phicomm

#copy and install airpin APK
adb push AirPin.apk /data/local/tmp/AirPin.apk
adb shell /system/bin/pm install -t /data/local/tmp/AirPin.apk
#run the screen mirroring to configure directly on the device

You can go further and remove the Xiao Xun (小讯) listening software, and install something else, but I haven’t bothered (yet). Mine is still unconfigured.
This is detailed in Chinese over here –

Flattr this!

The mail software has been completely revamped to support additional security precautions.

Failed logins will be blocked by ip address for 1 hour. (5 fails to trigger a 1hr block)

Senders can only send mail from their authenticated email address.

Outgoing mail is now also inspected for spam, if tests fail, sending will fail.

DKIM signing is now possible, we are in the process of implementation and testing.

SSL connections are now set to a minimum of TLS1.2 and 2048bit encryption, as per internet standards.

Support for connecting to servers still using old insecure protocols has been deprecated (i.e. not supported anymore).
The protocol insecurity issue is explained in more detail here –

This has impacted some deliveries to outdated servers, which still use outdated software.

We can resolve these issues on a case by case basis if you forward support the relevant bounce messages.

If you see bounce messages with errors similar to this –
SSL routines:tls_process_ske_dhe:dh key too small;
SSL routines:ssl_choose_client_version:unsupported protocol;

The recipients server’s SSL key setup (the key they use for encryption for their mail server) is an issue.
Their keys are too small, and vulnerable to eavesdropping, and ideally need to be updated, as their communications are vulnerable.



Cert updates

Flattr this!

Certificates for * have been updated to use letsencrypt from April 2019 onward.

Flattr this!

Despite having friends that have broken limbs skateboarding, I decided to buy myself an Electronic Longboard.
I’m still a kid at heart, despite my ongoing age…

Screen Shot 2015-09-18 at 10.11.00 AM

The board I chose to buy is what looks like a copy of the Boosted Board. The design is different though, but its close enough to look like a copy of sorts. Mine is from a company called BenchWheel out of Hangzhou, and although mildly expensive, isn’t too bad in Electric Skateboard pricing terms, especially in comparison to the similarly specced Boosted board at $1499.

I was originally planning to get the Stary board, as its made in Shanghai, and I was watching their Kickstarter, but sadly they don’t seem to want to sell it locally.
So, I scanned Taobao for similar products, and decided on the BenchWheel, as it looked reasonable quality-wise compared to the other options.

BenchWheel is currently available on Taobao for 2899RMB (about 450$USD odd at this moment in time)

They have 2 models for sale – the B board, which is a standard longboard, and the C board, which is a skinnier board at the ends.

Screen Shot 2015-09-18 at 10.11.45 AM

I bought my BenchWheel on Monday, had it delivered on Wednesday (the magic of Taobao), and have been riding it for a whole 2 days now. I’ve never ridden a skateboard or longboard before, and I’m finding it very easy to ride. I’m already comfortable using it on the road for short trips in light traffic here in Shanghai. Took me about 5 minutes to find my balance, and after about an hour riding around my compound avoiding pedestrians and small rodent sized dogs I felt comfortable enough to take it outside on the street with the bigger traffic.

So far I’m quite happy with it. Top speed is faster than I want to go still, and the battery life is quite decent @ +-20km. The entire bottom length of the board is essentially battery.

Having played with most of the things available here, from e-scooters to airwheel’s, I think a Longboard is the most fun/ practical in daily use, especially for last mile from metro -> home.

All in all, it feels like a decent quality item. The parts are solidly built, and it doesn’t feel like cheap crap.
I haven’t tried a Boosted board or other US brand boards though, so can’t compare to those, but I do know what cheap crap feels like, and this isn’t that.

Some notes on using it
The BenchWheel has a carry handle, but I think there needs to be something smoother around the handle as the sandpaper gets rough.
Its light enough to carry short distances, which is good.

Remote control feels comfortable to use. The speed acceleration is good – its not crazy from stopped, it feels like they ramp up in a curve rather than giving you full throttle immediately. Braking on the other hand feels like they give you too much – you need to be more careful braking as its almost too fast on the controller.

Controller could do with some labelling, there are way too many leds that show different colors (red or green).
The bottom 3 show board battery status. The top two are speed allegedly, although they do flash when the board isn’t sync’d.
The remote and the board time out if not used and left on. The lights stay on, but the remote does nothing. Turning both off then on again resolves that. Looks like it does that when left 3-5 minutes unused. I’ve already hit that once or twice tonight talking to people about the board and not using it for a few minutes, then it doesn’t want to work.

My manual is in Chinese, and the instructions are not very clear – I had initial issues syncing the remote with the board despite reading the instructions, and repeating the steps a couple of times.
Their online support was good (aliwang), and I resolved it, but the manual needs to be much clearer.

I’ve actually had a go at making a better english manual here –

I’ll re-iterate, this is really fun to ride. I’m actually excited to go out and ride around, which is good.
I’ve also been quite lucky in that I haven’t fallen yet. Having a brake and not going too fast helps a lot, as you can just jump off if you feel like falling.

Some tech details
N5065 270KV motors x 2 – Not sure what brand, haven’t opened it up yet.
Batteries in a 6S 4P (22.2V nominal @ 6 x 3.7V/ 25V peak/ 20v get off the board before you kill the batteries 😉 ) config using 18650’s @ 8800MAH / 210WH
Wheels are 80x45mm 78A hardness
Board is 920x240x15mm
7.9KG total weight.
Has a carrying handle cut out in the board (useful!)

Dual motors @ 1800W

Expanded view
Screen Shot 2015-09-18 at 8.59.16 AM

Underside view

Whats missing
It feels like a strong version 1.0
That said this is whats missing:

    • Lighting – they need to add underlighting to the board (they actually came out with some the day after I bought mine, grr!, so will be adding mine when it arrives in my next taobao shopping order).
      Carrying handle – great idea, but the board sandpaper surface chafes, so it needs some smoother tape around the handle area.
      Design – There are tons of cool skateboard designs. BenchWheel have completely ignored that and gone with a horridly bad logo font choice and rather basic and bland black board color. This totally needs some work. Luckily you can buy cool stuff on taobao, so thats a fairly easy remedy.
      Packaging – Very white box. Mine actually came slightly damaged, although the board was fine. They need to work on that.
      Battery indicator – The Marbel board has a battery indicator on the board. They need to add something either on the top of the board, or underneath the board with a bar for charge value like you get on electric mopeds and scooters. I might mod mine to add that, as thats fairly easy to do. There is a battery indicator on the remote, but its not too accurate / useful.
      Manual – the existing one isn’t so clear on a few things, even in the Chinese manual.
  • Some action shots below.





    Full set on Flickr


    Flattr this!

    Screen Shot 2013-05-26 at 2.59.04 PM

    As I have an invested interest in consistent electricity back home (see my other recent post on Solar for details) and have been in discussion with the council about net metering and grid tie, I’ve been doing quite a bit of random reading regarding electricity distribution and its various facets.

    Not many of us know that the power company / municipality also uses in-line signalling (aka ripple control) to implement power control and load shedding, so I thought I’d do a little writeup on that.

    Many of us have noticed that streetlights don’t always come on, or go off when its light or dark – they appear to be on a timer system.

    What most people don’t know is that the timer system controls are actually implemented centrally at substations, and these add signals to the power lines to tell the equipment to turn off / on when instructed.

    This is done using ripple control codes.

    With ripple control, a small signal is added to the incoming A/C at a distribution location – eg a substation. This signal is read by a special relay in place on the larger circuits (typically the Geyser), and turns power off or on when the electricity company requires – usually when power is scarce, and they need to shed some load.

    As this signalling can work on multiple channels, each listening relay can be set to listen to a specific channel, and used to power specific things on / off remotely (e.g. Streetlights).

    In South Africa, we use DECABIT signalling to tell things to turn off and on, as well as the older K22 signalling standard.

    When load shedding needs to occur, the electricity distribution system needs to act fast to avoid system failures. Most things are automated, and happen in order of timing.
    Implementations of the protection mechanisms in place have a specific time to occur – eg a latency. Responses to conditions also have a latency – eg getting additional idle power plants online to provide more power when needed, so its important to the grid to have multiple control and response mechanisms to respond to loads. Each response mechanism also has a different cost impact, so its also important to the electricity provider to best manage these.

    A diagram of this is below (Excerpted from ):

    Screen Shot 2013-05-26 at 3.44.21 PM

    For light variances in load, frequency changes as generators speed up or slow down to supply enough electricity to the supply. If there isn’t enough supply to meet load, then frequency drops, and large scale equipment will disconnect until load decreases. This happens almost instantaneously – responses to these issues resolve with a latency of within a few milliseconds to a second. This is called Under-Frequency Load Shedding (UFLS).

    Screen Shot 2013-05-26 at 3.38.27 PM

    As seen in the diagram above Eskom implements automated under frequency load shedding in an increasing percentage margin based off frequency rates.

    (Additional details are in the PDF below),36010947/Appendix_A_-_A_Collation_of_International_Policies_for_Under_Frequency_Load_Shedding.pdf

    The next set of load shedding is the one we’re interested in – ripple signalling. If the system still has too much load after 1 second, then it sends out a signal over DECABIT to turn off more equipment. DECABIT signalling has a latency of about 7 seconds – a minimum DECABIT signal frame is 6.6 seconds, so this is a second stage response to issues.

    As each substation can be connected to up to 20,000 homes/customers (depending on substation load capacity), this allows localized load shedding where its needed, when its needed.

    Eskom calls this Demand Market Participation, and has roughly 800MW of systems added into this mechanism. Municipalities are particularly keen on putting loads onto these mechanisms via DECABIT compliant relays, as this saves them peak power fee’s when loads are high – if they can temporarily cut off power to consumers for 10 seconds – 10 minutes for non-essential high loads, then they can substantially reduce what power costs them from Eskom, and make additional profits.

    A good writeup on Demand Market Participation is below:

    Eskom benefits as they can temporarily avoid adding more infrastructure to cope with growth.
    This has been the case for a few years now, but it only delays the inevitable – you do need to invest in infrastructure, not incentivize clients to use less.

    Eskom also has a secondary mechanism (using the same theory – lets encourage you to turn off power) called VPS. They have an additional 50,000MW of connections using this on a contractual basis – typically industrial users., and are looking to increase this number.

    Its only been through introduction of these mechanisms that we’ve been able to stave off grid collapse. Its gotten so bad, that industrial users have been looking closely at what they can do to provide their own power when Eskom can’t.

    Other countries – notably Germany, and the UK, have allowed consumers to become producers, by encouraging localized small scale production of electricity, thus helping the grid without requiring additional investment from the incumbents. This is called net metering – where both inputs and outputs are metered.

    Eg – if you have a solar system that provides excess power during the day, it can feed into the grid – (when it needs it most), and they’ll credit you for your participation.

    So far, South Africa has been rather reticent to implement this, as the short sighted vision is that its “stealing” from the incumbents profits.

    A choice excerpt from that PDF is this –
    Residential load can also be incorporated within the VPS, particularly when integrated with Smart Metering systems. Numerous pilot and small scale projects are being undertaken within both Municipalities and Eskom in response to the DOE’s Regulation 773 of 18 July 2008.

    The Department of Energies regulation can be found here –

    These state that all systems over a certain size require that smart metering be installed by 2012. As you may have guessed, quite a few municipalities have not met this deadline, and Eskom has been dragging its feet on that too.

    Ironically, introduction of smart metering would actually help the grid here in South Africa, as IPP’s (independant power producers) would make the grid more stable by providing additional energy when needed, and at a lower cost than the incumbents can create it for.

    This however does have its issues – most municipalities generate revenues from Electricity, and so are loath to change the status quo, even when it would benefit the country from a whole.

    So, its unlikely to be implemented in the short-medium term, unless the government drags them kicking and screaming through the process.

    In summation, this –



    DECABIT Ripple Signal Guide
    Thesis on the financial implications of relaxing frequency control as a mechanism. – DoE Regulations – Demand Market Participation,36010947/Appendix_A_-_A_Collation_of_International_Policies_for_Under_Frequency_Load_Shedding.pdf – Load Shedding in International operators

    Flattr this!

    First my tale of woe:

    I just got burgled back home, and they took two of my laptops. One was a small hackintosh Mini9, which I’m not too worried about, but the other was a top of the line IBM Thinkpad which I’d just donated it to my cousin for his studies.
    Sadly we didn’t have insurance, and the likelyhood of getting it back is close to zero. I will be watching Gumtree closely though for the next few weeks!

    As anyone who owns a laptop can tell you, the most worrying things to worry about are:

    The dreaded coffee spill
    (only 1 client this month – get those keyboard… er… condoms!)
    The whoops I dropped it, now my hard drive is dead / screen is broken
    (Too many to mention, you do have backups right?)
    and the most dreaded of all…
    The oh @#$! I left it in a Taxi. Or if you live in South Africa – someone affirmative actioned it..

    While #1 and #2 are relatively easy to recover from (albeit costly), #3 does pose issues.

    There are solutions though.

    One such solution is one I’d suggested to my brother to install prior to the theft – install Prey. Unfortunately for me he hadn’t done it, doh!

    Prey ( is an elegant solution to hardware protection.
    Its an install and forget free service that tracks up to 3 computers (more on a paid basis).

    How does it work?

    You install the Prey software on your computer, and signup for an account (all part of the install).
    Their software then silently runs in the background. There are zero options to set, just install, and setup a user account.
    Its really set, and forget.

    Nothing happens until the computer goes missing – then you can choose from a variety of different useful actions, ranging from taking a photo of the person using the computer (assuming like most laptops these days it has a built in webcam), to monitoring what they’re doing by taking snapshots of the current screen. This is all done silently without the thief knowing that its going on.

    This is great for catching them on Facebook, uh Kaixin001 and spotting their user name.

    Below is a view of the logged in screen for my current laptop

    The modules page shows the list of items I can turn on when needed.

    The useful ones will be the webcam, and session photo captures. Geolocation is a crapshoot in China, and having the IP info is pretty useless here unless you know someone at China Telecom.

    Hopefullly this will be one piece of software that I never use 🙂

    Highly recommended for those with expensive equipment that moves around.