Category: Uncategorised

Remote Learning

I have two boys enrolled in York Regional District School Board (YRDSB). Both are in high school, Kalen is in grade 9 and Jason is in grade 11. As with their peers both had to accommodate their learning habits in the new age of the Covid-19 pandemic. Both have recorded their experience during this crisis, and you can read their perspectives:

Jason – Coronavirus Quarantine, and Online Learning
Kalen – School Closure Continuation

As an observer of their new habits during the pandemic I noticed the following things:

We have to impose a strict schedule that mirrors a regular school day. For example, they have to wake up no later than 9am, and must conduct their studies from 9am to 3pm. They have a lunch break which last between 30 minutes to an hour, and they can use their own discretion to take 15 minute breaks throughout this period. However, if we notice the breaks are being abused, then they are persuaded to continue with their assigned curriculum. This was followed for about 6 weeks, but since Ontario has decided to cancel the remaining school year, the start time of this schedule is slowly creeping to 10am instead of 9am. Without this imposed schedule discipline, they will continue to sleep in until the afternoon.
In subject areas where they are challenged and find the online learning medium to be insufficient of their needs, we hired tutors from Superprof.ca. Even though the tutoring sessions are still remote, the technology employed by the tutors offer a more one on one and real-time access to the material and help. In contrast, all most all the remote learning from YRDSB is based on material delegation. Students are expected to check for online updates and materials, and follow reference links to other self-learning materials, such as power points and PDF documents. Assistance can be obtained through commenting systems or online forums. Although both of my sons are dealing with the situation I think for most students, this is simply woefully inadequate. A live video conferencing medium I think will go a long way here.
The technology employed is under-utilized or insufficient and on the whole subpar to the contemporary online tools that today’s businesses are employing to assist telecommuting. Most teachers are simply inexperienced on how to manage a remote group atmosphere. Students may have the impression that the teachers themselves are being cavalier, so they adopt the attitude of, “Why should I care?”
Group cohesion that is typically experienced within a classroom has disappeared entirely, because no one has access to standardized technology to get together in a live fashion.
The learning motivation has disappeared, since most students feel a lack of recognition for the work that they do put in. Positive enforcements are hard to convey when it is not live.

Like all of us, the Covid-19 situation has caught all of us off guard and many find ourselves unprepared for the crisis. Therefore, it is understandable that our education system falls short in trying to attain the same level of education with the students in a remote setting. In hindsight, it was a good effort, but the goal is simply too ambitious and not enough resources, training, and support to achieve it.

I am not complaining, but simply taking this opportunity to note the observations that were experienced by both Jason and Kalen. I hope by articulating our experiences here, we can help the movers and shakers at YRDSB to formulate an enhanced strategy for the Fall of 2020, as I fear the current situation will continue to persist until a vaccine is widely available.

Apple HomeKit with Unifi G3 Flex

Over the past few months, I have been peppering the house with the Unifi G3 Flex security camera. They were very easy to install and since they use PoE, they minimize the wiring as well.

To monitor the cameras, I installed the Unifi Video server software on my Ubuntu Server that is up 7 x 24. All of this hardware components are behind my Unifi Security Gateway firewall.

For whatever reason, I had a thought whether Apple HomeKit can talk to these cameras? With a little Google searching, I came across this article. The instructions from the article was a bit outdated, but what peeked my interest was the use of the homebridge server. I already had homebridge service installed on my Ubuntu server because I use the same technique to have HomeKit talked to my home made garage door opener. After looking through the instructions, it looks like all I need to do is:

Configure Unifi Video to enable RTSP streaming for each of the camera that it is managing;
Download a homebridge camera plugin called homebridge-camera-ffmpeg;
Configure homebridge to add the cameras;
Add the cameras to the Home App;

The first step was extremely simple. First we had to enable RTSP streaming for all cameras managed by Unifi Video.

We then had to select each camera and enable the resolution that we want streamed.

I tested the RTSP URL on the VLC App just to make sure the streaming is working properly.

Installed the plugin with the following command line:

npm install -g --unsafe-perm homebridge-camera-ffmpeg

Add the platform section to the homebridge config.json file, which for my server was located in /var/homebridge.

"platforms": [
{
    "platform": "Camera-ffmpeg",
    "cameras": [
    {
        "name": "Dining Room",
        "videoConfig":
        {
            "source": "-rtsp_transport http -re -i rtsp://192.168.168.198:7447/5e42fef4a8faffa2326b5d38_0",
            "maxStreams": 4,
            "maxWidth": 1280,
            "maxHeight": 720,
            "maxFPS": 15,
            "maxBitrate": 600,
            "mapvideo": "0:1",
            "mapaudio": "0:0",
            "vcodec": "h264",
            "audio": true,
            "packetSize": 188,
            "hflip": false,
            "additionalCommandline": "-x264-params intra-refresh=1:bframes=0",
            "debug": false
        }
    },
    {
        "name": "Garage",
        "videoConfig":
        {
            "source": "-rtsp_transport http -re -i rtsp://192.168.168.198:7447/5e417ffba8faffa2326b5c80_0",
            "maxStreams": 4,
            "maxWidth": 1280,
            "maxHeight": 720,
            "maxFPS": 15,
            "maxBitrate": 600,
            "mapvideo": "0:1",
            "mapaudio": "0:0",
            "vcodec": "h264",
            "audio": true,
            "packetSize": 188,
            "hflip": false,
            "additionalCommandline": "-x264-params intra-refresh=1:bframes=0",
            "debug": false
        }
    },
    {
        "name": "Great Room",
        "videoConfig":
        {
            "source": "-rtsp_transport http -re -i rtsp://192.168.168.198:7447/5e0bacf4a8fa51584a2a94cb_0",
            "maxStreams": 4,
            "maxWidth": 1280,
            "maxHeight": 720,
            "maxFPS": 15,
            "maxBitrate": 600,
            "mapvideo": "0:1",
            "mapaudio": "0:0",
            "vcodec": "h264",
            "audio": true,
            "packetSize": 188,
            "hflip": false,
            "additionalCommandline": "-x264-params intra-refresh=1:bframes=0",
            "debug": false
        }
    },
    {
        "name": "Kitchen",
        "videoConfig":
        {
            "source": "-rtsp_transport http -re -i rtsp://192.168.168.198:7447/5e430638a8faffa2326b5d3a_0",
            "maxStreams": 4,
            "maxWidth": 1280,
            "maxHeight": 720,
            "maxFPS": 15,
            "maxBitrate": 600,
            "mapvideo": "0:1",
            "mapaudio": "0:0",
            "vcodec": "h264",
            "audio": true,
            "packetSize": 188,
            "hflip": false,
            "additionalCommandline": "-x264-params intra-refresh=1:bframes=0",
            "debug": false
        }
    }]
}]

I had four cameras installed so you will see four cameras configured within the Camera-ffmpeg platform. Note that the entire platforms section should be sibling to the accessories and bridge sections.

I restarted the homebridge service with systemctl, and you should see messages similar to:

May 14 15:00:05 avs homebridge[2973]: [2020-5-14 15:00:05] Please add [Dining Room] manually in Home app. Setup Code: 031-45-153
May 14 15:00:05 avs homebridge[2973]: [2020-5-14 15:00:05] Please add [Great Room] manually in Home app. Setup Code: 031-45-153
May 14 15:00:05 avs homebridge[2973]: [2020-5-14 15:00:05] Please add [Kitchen] manually in Home app. Setup Code: 031-45-153
May 14 15:00:05 avs homebridge[2973]: [2020-5-14 15:00:05] Please add [Garage] manually in Home app. Setup Code: 031-45-153

You simply open the Home App and add the above camera accessories using the manual process instead of the scan code method.

If everything works, you should see something like this on the Home App. Below is a screen shot taken from the macOS version of the Home App.

So it is pretty cool to have something working in your home for several months, and because of a thought, I now have a new capability in the house via Apple’s HomeKit Home App.

Thank you to the homebridge community and the UniFi Protect with HomeKit – Setup Guide.

Evidence of an Attack

Today I went about performing my regular server maintenance update and noticed an IP address 202.107.188.12 hitting my Apache web server. Out of pure curiosity I thought I lookup this IP address. After a quick whois command, I found out it came from Xinjiang Province, China, specifically from the http://www.chinanet-online.com ISP.

After more investigation, I noticed that this particular visitor was attempting a ThinkPHP remote code execution attack. I don’t run the ThinkPHP framework. Below is the log recording its attempt.

202.107.188.12 - - [25/Apr/2020:12:58:01 -0400] "GET /TP/public/index.php HTTP/1.1" 302 499 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
202.107.188.12 - - [25/Apr/2020:12:58:05 -0400] "GET /TP/public/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 HTTP/1.1" 302 695 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"
202.107.188.12 - - [25/Apr/2020:12:58:08 -0400] "POST /TP/public/index.php?s=captcha HTTP/1.1" 302 519 "-" "Go-http-client/1.1"
202.107.188.12 - - [25/Apr/2020:12:58:11 -0400] "GET / HTTP/1.1" 302 499 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)"

I have always wondered how many bad actors are out there and whether these bad people will end up attacking my stuff. Well now I know, experienced first hand.

It is a scary place out there.

Face Masks

They are now part of our lives. Like shoes, we now have to don one of these before we head out. I don’t disagree with this practice, but it certainly fits the bill of a “new” normal.

We have started to wear a mask when going outside for primarily grocery shopping. My immediate experience with them is the act of putting it on. It immediately felt restrictive. It is not the same as wearing a face covering toque while skiing or going out on a windy, winter day. Those are much more breathable than a mask that is suppose to filter microscopic drops of fluid. Your face immediately gets uncomfortably warm as you recycle more of your own breathes.

If put on loosely, the warm exhalation will escape and causes fogging on your glasses. It took me a couple of days to really experiment and find the best way to wear one so to minimize this effect. I have gotten it to be bearable but still not ideal.

When I check out of the store, simple acts like a smile when saying thank you can no longer be expressed fully. The concealments of such natural expression felt like I was deceiving the person that I’m communicating with. A thank you without a smile seemed incomplete. I wonder how prevalent future misunderstandings this will cause as our face to face interactions become more faceless. Will we be more angrier and less respectful of others like we are when we are in our cars to other drivers? Will this make us a less friendly society with less consideration for others? Will this make us less human to others? I certainly hope not but one has to wonder.

The physical act of checking out made me suddenly discovered that I can no longer use Face ID to authenticate Apple Pay. Luckily I still have my Apple Watch on hand. I know first world problems, but it really makes you realize how often you check your phone, from looking up contact information to monitoring simple notifications.

Aside from my unhelpful whining in regards to sporting one of these and looking like a typical Mortal Kombat character, I do support and believe that wearing one during the Covid-19 pandemic does help to limit the spread of the virus. However, I can’t help but wonder how society will change with this simple facial garment.

Perhaps this is all nothing as we all adjust to this new normal and it is no different than interacting with everyone on a cold blizzard day when everyone’s faces are concealed. However, something tells me that this will be more impactful. How do you feel about wearing a mask?

HTML5 Video on iOS 13

This past weekend, I was writing a simple HTML5 utility that provides certain videos that I have in my own personal library. The idea is that I can make a limited selection of videos and present it on a web page, so that the user can simply click on the cover art of the video and plays inline on the web page.

I thought it was a pretty simple requirement and I should be able to whip this up in a few minutes. I used the HTML5 <video> tag. Everything worked on my Mac and my iPad. It even worked on my LG OLED TV. However, when it came to the iPhone, mobile Safari would load the movie but it would not play. I was even able to seek through the movie by scrubbing the scroll bar, but when I press the play/pause button, nothing would happen.

After many hours scouring the web, I found out many caveats when serving videos on iOS with the iPhone.

Videos behind an authorized location may not work on an iPhone because when Safari passes this information to the player, the player does not inherit the previously authorized identity. To get around this, I had to create a token based technique, where the main page have to pass this token to a PHP page that checks this token and serves the video contents.
The PHP used to serve the video also need to handle HTTP Range based requests. This wonderful contribution from GitHub really helped me out!
Multichannel audio such as 5.1 audio encoded in AAC will load but not play on my iPhone XS currently running iOS 13. The video will play if I re-encode the audio to either AAC stereo, or 5.1 multichannel in AC3 encoding.
Multiple audio streams also did not work. The iOS player was only happy with a single compatible audio stream.
If you want to make the video autoplay while inlined within the page, it must first be muted.

Lots of things to consider here. I lost about a day and halve researching and experimenting with this, so here it is all recorded just in case I forget in the future. I also hope that this information will help you out as well.

Busted Door Bell Button

We had a situation. Our original door bell that came with the house from 1999 (more than 20 years old) decided to crack and disintegrate on us last summer.

We used some transparent packaging tape to salvage the button, but last month it too has had enough of the weather.

Once again our 3D printer came to the rescue. First I designed a replacement button in Autodesk Fusion 360 after I meticulously did all the measurements at least three times. Since it was a very small part, after around 20 minutes of printing, I had the replacement ready to go. Here is the final part installed:

I was on the receiving end of some ridicule when I first purchased the 3D printer, but it certainly has come in quite handy.

PlexConnect with Apache 2

To get Plex working on my old Apple TV 3, I had to setup a PlexConnect server that bridges the Apple TV 3 to the Plex Media Server. Previously I discussed about hosting the PlexConnect server on a virtual machine (VM) because the host that PlexConnect is running on must be listening to port 80 and 443. Having a virtual machine is a big nuisance, because the VM may not be up and running. I even try to host PlexConnect on a dedicate Raspberry Pi so that I can leave it on, but that proved to be too slow.

I do have a Network Attached Storage (NAS) server so it will be ideal to run PlexConnect on that, but the NAS server is running Apache 2 which is already using port 80 and 443. Eureka! How about running a reverse proxy that points to an instance of PlexConnect running on the NAS that is running on a separate port. A quick Google search for the term “PlexConnect and Apache 2” found this page on GitHub. The article turned out to be extremely helpful.

I downloaded PlexConnect as before and created the certificates.

cd /home/kang

wget https://github.com/iBaa/PlexConnect/archive/V0.6.tar.gz

tar zxvf V0.6.tar.gz 

mv PlexConnect-0.6 PlexConnect

rm V0.6.tar.gz

cd PlexConnect/assets/certificates

openssl req -new -nodes -newkey rsa:2048 -out trailers.pem -keyout trailers.key -x509 -days 365 -subj "/C=US/CN=trailers.apple.com"

openssl x509 -in trailers.pem -outform der -out trailers.cer && cat trailers.key >> trailers.pem

I then have to tell PlexConnect the following:

Do not enable DNS since we already have a DNS server running;
Do not enable automatic IP detection because it will get the wrong VPN client IP, instead I hard coded the 192.168.168.198 IP;
Disable SSL server because this will be handled by Apache 2;
Change the port number from 80 to 18080

The final Settings.cfg configuration file looks like this with the changed values highlighted in bold:

[PlexConnect]
enable_plexgdm = True
ip_pms = 192.168.178.10
port_pms = 32400
enable_dnsserver = False
port_dnsserver = 53
ip_dnsmaster = 8.8.8.8
prevent_atv_update = True
intercept_atv_icon = True
icon = movie-trailers
enable_plexconnect_autodetect = False
ip_plexconnect = 192.168.168.198
hosttointercept = trailers.apple.com
port_webserver = 18080
enable_webserver_ssl = False
port_ssl = 18443
certfile = ./assets/certificates/trailers.pem
allow_gzip_atv = False
allow_gzip_pmslocal = False
allow_gzip_pmsremote = True
loglevel = Normal
logpath = .

I had to configure my firewall’s local DNS to resolve trailers.apple.com to my NAS server, which is 192.168.168.198. This was pretty simple on my UniFi Universal Secure Gateway (USG).

The Apache 2 configuration files needed to be setup with the reverse proxy for both port 80 and 443. To do this I added the following VirtualHost settings.

<VirtualHost *:443>
        ServerName trailers.apple.com

        SSLEngine on
        SSLProxyEngine on
        SSLCertificateFile "/home/kang/PlexConnect/assets/certificates/trailers.pem"
        SSLCertificateKeyFile "/home/kang/PlexConnect/assets/certificates/trailers.key"

	<Proxy *>
		Require ip 192.168.168.0/255.255.255.0
	</Proxy>

        RequestHeader set User-Agent AppleTV
        ProxyRequests Off
        ProxyPass / http://avs.localdomain:18080/ nocanon
        ProxyPassReverse / http://avs.localdomain:18080/
</VirtualHost>
<VirtualHost *:80>
        ServerName trailers.apple.com
        SSLEngine off

	<Proxy *>
		Require ip 192.168.168.0/255.255.255.0
	</Proxy>

        RequestHeader set User-Agent AppleTV
        ProxyRequests Off
        ProxyPass / http://avs.localdomain:18080/ nocanon
        ProxyPassReverse / http://avs.localdomain:18080/
</VirtualHost>

I also needed to enable the headers module.

sudo a2enmod headers

We then needed to create a new systemctl service for PlexConnect. I had to create a plexconnect.service file in /etc/systemd/system with the following contents.

[Unit]
 Description=Plexconnect
 After=plexmediaserver.service
 
 [Service]
 Type=simple
 ExecStart=/usr/bin/python /home/kang/PlexConnect/PlexConnect.py
 User=root
 Group=root
 Restart=on-failure
 RestartSec=15
 StartLimitInterval=10s
 StartLimitBurst=3
 
 [Install]
 WantedBy=multi-user.target

The final steps are:

Check the Apache configuration file
Restart Apache
Start PlexConnect

sudo apache2ctl configtest

sudo systemctl restart apache2

sudo systemctl start plexconnect.service

Went to the Apple TV 3, and reconfigure the DNS to auto, removed the old profile and re-add http://trailers.apple.com/trailers.cer as the new profile. I discussed in my previous blog.

After signing into my Plex account, and testing various Plex media sources with the Trailers app, as well as trying out YouTube and the Prime Video app, everything is good! The VM is no longer required and we declare victory!

Plex on Apple TV 3

In my previous post, I talked about adding the Apple TV 3 to a value projector that I purchased on Black Friday. I was pretty satisfied with that solution, but then my ambition kicked in. Wouldn’t it be nice if the ATV3 can access my local Plex Media Server instead of streaming it from my iOS device using the Plex App via AirPlay?

A quick Google search yielded the discovery of the PlexConnect project. This is a very cool project. It allows the old ATV3, which does not support the native Apple TV Plex App, to act as a Plex client by spoofing the Trailers app that came with the box. To do this, the ATV3 needs to point its DNS network setting to a PlexConnect server, which performs the magic of bridging ATV3 requests to the Plex Media Server and handles the rendering.

PlexConnect was very easy to setup. I reused an existing Windows 10 virtual machine on my MacBook Pro for this purpose. My other servers in the house cannot be used because the required ports needed by PlexConnect are already in use. We cannot run PlexConnect on another port other than 80 and 443.

Changing the DNS settings on the ATV3 was straight forward, but adding the required profile of http://trailers.apple.com/trailers.cer was interesting. The instructions for the profile were:

Go to the AppleTV settings menu.
Select “General” then scroll the cursor down to highlight “Send Data To Apple” and set to “No”.
With “Send Data To Apple” highlighted, press “Play” (not the normal “Select” button) and you will be prompted to add a profile.
Enter (without the quotes): “http://trailers.apple.com/trailers.cer”

Once the above is done, all apps on the ATV3 including Prime, YouTube, etc. will not work without having the PlexConnect server up and running. Another note is that I had to run PlexConnect using administration privileges on Windows, otherwise it will not be able to listen to the secure ports.

Having the virtual machine up and running to service Plex was a bit bothersome. I setup another PlexConnect server on a Raspberry Pi to see if this can be an alternative solution, but it was just too slow with its 100Mbps network connection and its slow processor. It worked but the user experience was simply not good.

Perhaps the simplest thing is just to buy another Apple TV 4 during Boxing Day sale, and be done with it.

My ambition is still not fully met. My next step is to install a projector mount on the ceiling, so the projector is not taking up precious little desk space.

Apple TV with Projector

During the Black Friday / Cyber Monday weekend I performed an impulse buy and acquired a Vankyo V600 native 1080p projector for $280.49. The regular price for this unit is usually $399.99. I was curious what a big picture experience would be like on the flat wall of my curved staircase, which connects our main and second floors.

Projecting a Korean Variety Show (during Daylight)

The above end result was pretty impressive for the amount of dollars invested. I had an old Apple TV 3rd generation that was lying around not doing anything, and thought this would be a perfect media source for the projector.

For good sound, a pair of Edifier 1850DB speakers, connected to an Airport Express, already existed upstairs. All I had to do was connect the Apple TV to the projector and set the Apple TV to AirPlay to the Edifier speakers. All of this worked as expected. However, I did run into a snag. The volume signals from the Apple TV was quite low. Even when I cranked up the Edifier volume, it was still barely audible. It took me a long time to figure out how to change the volume on the Apple TV.

Apparently when a video is being played on the Apple TV, you have to press and hold the select (centre) button on the remote until a menu shows up pertaining to subtitles, audio, and speakers. You have to select the speakers and find the AirPlay speakers that the Apple TV is using. In my case, the Edifier speakers were labeled as “Upstairs Speakers”. The volume controls are presented by the blue slider bar.

Now everything works as expected on my private Local Area Network (LAN). We can play YouTube, or any iOS apps that does video. However, it would be nice for guests to be able to AirPlay to the projector. With the holiday season fast approaching, our dinner parties could be spiced up with this idea.

After fudging around with my firewall setup, the old Apple TV is now accessible from our guest WiFi. Now anyone can literally and figuratively project a video source from their mobile device on to my huge wall upstairs.

I am super happy how this turned out. We’ll have to wait for the final verdict from our guests this holiday season.

The Mechanics of Rights

Lately the phrase, “I have the right to …”, comes up a lot. Living in a society where basic and human rights exist and are protected and enforced by law is a good thing. These rights represent the rise of our social beliefs from savagery to civility, and encourage all of us to treat each other humanely.

We have long since conquered are basic needs, such as food, and shelter. Aside from members of our own species we do not fear any other species invading the security of our homes and families. We live largely in peace, and we argue and debate about things that really does not impact our basic needs. Instead, the things that we bicker about largely involve with how to improve our discretionary free time, such as:

How to make and spend money;
How to protect ones ownership and assets;
How to punish those who do not adhere to social norms;
How to maintain and climb whatever progress ladder that you want to climb;
How to change leadership;
Dream up new rights so that we can all be more comfortable;

We take for granted that it is this peaceful social atmosphere that allows us to contemplate how we can improve ourselves when living, working, and generally dealing with others. Without this basic-need social security blanket, all bets are off with rights.

I therefore assert that the notion of rights, whether they are human, civil, and even corporate are luxuries afforded by peaceful societies when they have enough time and sensibilities to create and enforce these rights. They are not a right but a privilege that we as a society has decided to define and maintain so that there is a higher sense of equality (protecting the weak from the strong), and civility.

Therefore it becomes very dangerous when people who would like to pursue new or change existing rights by adopting methods that endanger or violate the basic-need social security blanket. Radicals who justify the use of violence and threaten the basic social fabric and infrastructure to achieve their desire changes are also jeopardizing all other rights, threatening the livelihoods of others.

In essence, rights cannot be had, without peace and law. This is why I find very ironic that the people of Hong Kong are fighting for new rights by risking the current livelihood that others have enjoyed for so many years. Whether they know it or not, they are pursuing a path of country building and not protesting. Country building is much harder than instituting new rights. Many country’s foundation are ladened with blood and sacrifices.