Category: Uncategorised

Busted Door Bell Button

We had a situation. Our original door bell that came with the house from 1999 (more than 20 years old) decided to crack and disintegrate on us last summer.

We used some transparent packaging tape to salvage the button, but last month it too has had enough of the weather.

Once again our 3D printer came to the rescue. First I designed a replacement button in Autodesk Fusion 360 after I meticulously did all the measurements at least three times. Since it was a very small part, after around 20 minutes of printing, I had the replacement ready to go. Here is the final part installed:

I was on the receiving end of some ridicule when I first purchased the 3D printer, but it certainly has come in quite handy.

PlexConnect with Apache 2

To get Plex working on my old Apple TV 3, I had to setup a PlexConnect server that bridges the Apple TV 3 to the Plex Media Server. Previously I discussed about hosting the PlexConnect server on a virtual machine (VM) because the host that PlexConnect is running on must be listening to port 80 and 443. Having a virtual machine is a big nuisance, because the VM may not be up and running. I even try to host PlexConnect on a dedicate Raspberry Pi so that I can leave it on, but that proved to be too slow.

I do have a Network Attached Storage (NAS) server so it will be ideal to run PlexConnect on that, but the NAS server is running Apache 2 which is already using port 80 and 443. Eureka! How about running a reverse proxy that points to an instance of PlexConnect running on the NAS that is running on a separate port. A quick Google search for the term “PlexConnect and Apache 2” found this page on GitHub. The article turned out to be extremely helpful.

I downloaded PlexConnect as before and created the certificates.

cd /home/kang

wget https://github.com/iBaa/PlexConnect/archive/V0.6.tar.gz

tar zxvf V0.6.tar.gz 

mv PlexConnect-0.6 PlexConnect

rm V0.6.tar.gz

cd PlexConnect/assets/certificates

openssl req -new -nodes -newkey rsa:2048 -out trailers.pem -keyout trailers.key -x509 -days 365 -subj "/C=US/CN=trailers.apple.com"

openssl x509 -in trailers.pem -outform der -out trailers.cer && cat trailers.key >> trailers.pem

I then have to tell PlexConnect the following:

Do not enable DNS since we already have a DNS server running;
Do not enable automatic IP detection because it will get the wrong VPN client IP, instead I hard coded the 192.168.168.198 IP;
Disable SSL server because this will be handled by Apache 2;
Change the port number from 80 to 18080

The final Settings.cfg configuration file looks like this with the changed values highlighted in bold:

[PlexConnect]
enable_plexgdm = True
ip_pms = 192.168.178.10
port_pms = 32400
enable_dnsserver = False
port_dnsserver = 53
ip_dnsmaster = 8.8.8.8
prevent_atv_update = True
intercept_atv_icon = True
icon = movie-trailers
enable_plexconnect_autodetect = False
ip_plexconnect = 192.168.168.198
hosttointercept = trailers.apple.com
port_webserver = 18080
enable_webserver_ssl = False
port_ssl = 18443
certfile = ./assets/certificates/trailers.pem
allow_gzip_atv = False
allow_gzip_pmslocal = False
allow_gzip_pmsremote = True
loglevel = Normal
logpath = .

I had to configure my firewall’s local DNS to resolve trailers.apple.com to my NAS server, which is 192.168.168.198. This was pretty simple on my UniFi Universal Secure Gateway (USG).

The Apache 2 configuration files needed to be setup with the reverse proxy for both port 80 and 443. To do this I added the following VirtualHost settings.

<VirtualHost *:443>
        ServerName trailers.apple.com

        SSLEngine on
        SSLProxyEngine on
        SSLCertificateFile "/home/kang/PlexConnect/assets/certificates/trailers.pem"
        SSLCertificateKeyFile "/home/kang/PlexConnect/assets/certificates/trailers.key"

	<Proxy *>
		Require ip 192.168.168.0/255.255.255.0
	</Proxy>

        RequestHeader set User-Agent AppleTV
        ProxyRequests Off
        ProxyPass / http://avs.localdomain:18080/ nocanon
        ProxyPassReverse / http://avs.localdomain:18080/
</VirtualHost>
<VirtualHost *:80>
        ServerName trailers.apple.com
        SSLEngine off

	<Proxy *>
		Require ip 192.168.168.0/255.255.255.0
	</Proxy>

        RequestHeader set User-Agent AppleTV
        ProxyRequests Off
        ProxyPass / http://avs.localdomain:18080/ nocanon
        ProxyPassReverse / http://avs.localdomain:18080/
</VirtualHost>

I also needed to enable the headers module.

sudo a2enmod headers

We then needed to create a new systemctl service for PlexConnect. I had to create a plexconnect.service file in /etc/systemd/system with the following contents.

[Unit]
 Description=Plexconnect
 After=plexmediaserver.service
 
 [Service]
 Type=simple
 ExecStart=/usr/bin/python /home/kang/PlexConnect/PlexConnect.py
 User=root
 Group=root
 Restart=on-failure
 RestartSec=15
 StartLimitInterval=10s
 StartLimitBurst=3
 
 [Install]
 WantedBy=multi-user.target

The final steps are:

Check the Apache configuration file
Restart Apache
Start PlexConnect

sudo apache2ctl configtest

sudo systemctl restart apache2

sudo systemctl start plexconnect.service

Went to the Apple TV 3, and reconfigure the DNS to auto, removed the old profile and re-add http://trailers.apple.com/trailers.cer as the new profile. I discussed in my previous blog.

After signing into my Plex account, and testing various Plex media sources with the Trailers app, as well as trying out YouTube and the Prime Video app, everything is good! The VM is no longer required and we declare victory!

Plex on Apple TV 3

In my previous post, I talked about adding the Apple TV 3 to a value projector that I purchased on Black Friday. I was pretty satisfied with that solution, but then my ambition kicked in. Wouldn’t it be nice if the ATV3 can access my local Plex Media Server instead of streaming it from my iOS device using the Plex App via AirPlay?

A quick Google search yielded the discovery of the PlexConnect project. This is a very cool project. It allows the old ATV3, which does not support the native Apple TV Plex App, to act as a Plex client by spoofing the Trailers app that came with the box. To do this, the ATV3 needs to point its DNS network setting to a PlexConnect server, which performs the magic of bridging ATV3 requests to the Plex Media Server and handles the rendering.

PlexConnect was very easy to setup. I reused an existing Windows 10 virtual machine on my MacBook Pro for this purpose. My other servers in the house cannot be used because the required ports needed by PlexConnect are already in use. We cannot run PlexConnect on another port other than 80 and 443.

Changing the DNS settings on the ATV3 was straight forward, but adding the required profile of http://trailers.apple.com/trailers.cer was interesting. The instructions for the profile were:

Go to the AppleTV settings menu.
Select “General” then scroll the cursor down to highlight “Send Data To Apple” and set to “No”.
With “Send Data To Apple” highlighted, press “Play” (not the normal “Select” button) and you will be prompted to add a profile.
Enter (without the quotes): “http://trailers.apple.com/trailers.cer”

Once the above is done, all apps on the ATV3 including Prime, YouTube, etc. will not work without having the PlexConnect server up and running. Another note is that I had to run PlexConnect using administration privileges on Windows, otherwise it will not be able to listen to the secure ports.

Having the virtual machine up and running to service Plex was a bit bothersome. I setup another PlexConnect server on a Raspberry Pi to see if this can be an alternative solution, but it was just too slow with its 100Mbps network connection and its slow processor. It worked but the user experience was simply not good.

Perhaps the simplest thing is just to buy another Apple TV 4 during Boxing Day sale, and be done with it.

My ambition is still not fully met. My next step is to install a projector mount on the ceiling, so the projector is not taking up precious little desk space.

Apple TV with Projector

During the Black Friday / Cyber Monday weekend I performed an impulse buy and acquired a Vankyo V600 native 1080p projector for $280.49. The regular price for this unit is usually $399.99. I was curious what a big picture experience would be like on the flat wall of my curved staircase, which connects our main and second floors.

Projecting a Korean Variety Show (during Daylight)

The above end result was pretty impressive for the amount of dollars invested. I had an old Apple TV 3rd generation that was lying around not doing anything, and thought this would be a perfect media source for the projector.

For good sound, a pair of Edifier 1850DB speakers, connected to an Airport Express, already existed upstairs. All I had to do was connect the Apple TV to the projector and set the Apple TV to AirPlay to the Edifier speakers. All of this worked as expected. However, I did run into a snag. The volume signals from the Apple TV was quite low. Even when I cranked up the Edifier volume, it was still barely audible. It took me a long time to figure out how to change the volume on the Apple TV.

Apparently when a video is being played on the Apple TV, you have to press and hold the select (centre) button on the remote until a menu shows up pertaining to subtitles, audio, and speakers. You have to select the speakers and find the AirPlay speakers that the Apple TV is using. In my case, the Edifier speakers were labeled as “Upstairs Speakers”. The volume controls are presented by the blue slider bar.

Now everything works as expected on my private Local Area Network (LAN). We can play YouTube, or any iOS apps that does video. However, it would be nice for guests to be able to AirPlay to the projector. With the holiday season fast approaching, our dinner parties could be spiced up with this idea.

After fudging around with my firewall setup, the old Apple TV is now accessible from our guest WiFi. Now anyone can literally and figuratively project a video source from their mobile device on to my huge wall upstairs.

I am super happy how this turned out. We’ll have to wait for the final verdict from our guests this holiday season.

The Mechanics of Rights

Lately the phrase, “I have the right to …”, comes up a lot. Living in a society where basic and human rights exist and are protected and enforced by law is a good thing. These rights represent the rise of our social beliefs from savagery to civility, and encourage all of us to treat each other humanely.

We have long since conquered are basic needs, such as food, and shelter. Aside from members of our own species we do not fear any other species invading the security of our homes and families. We live largely in peace, and we argue and debate about things that really does not impact our basic needs. Instead, the things that we bicker about largely involve with how to improve our discretionary free time, such as:

How to make and spend money;
How to protect ones ownership and assets;
How to punish those who do not adhere to social norms;
How to maintain and climb whatever progress ladder that you want to climb;
How to change leadership;
Dream up new rights so that we can all be more comfortable;

We take for granted that it is this peaceful social atmosphere that allows us to contemplate how we can improve ourselves when living, working, and generally dealing with others. Without this basic-need social security blanket, all bets are off with rights.

I therefore assert that the notion of rights, whether they are human, civil, and even corporate are luxuries afforded by peaceful societies when they have enough time and sensibilities to create and enforce these rights. They are not a right but a privilege that we as a society has decided to define and maintain so that there is a higher sense of equality (protecting the weak from the strong), and civility.

Therefore it becomes very dangerous when people who would like to pursue new or change existing rights by adopting methods that endanger or violate the basic-need social security blanket. Radicals who justify the use of violence and threaten the basic social fabric and infrastructure to achieve their desire changes are also jeopardizing all other rights, threatening the livelihoods of others.

In essence, rights cannot be had, without peace and law. This is why I find very ironic that the people of Hong Kong are fighting for new rights by risking the current livelihood that others have enjoyed for so many years. Whether they know it or not, they are pursuing a path of country building and not protesting. Country building is much harder than instituting new rights. Many country’s foundation are ladened with blood and sacrifices.

Thoughts on the Hong Kong Protests

On the Maslow hierarchy of needs scale, Hong Kong currently share many of its basic needs with the mainland, including food, fresh water, and electricity. The end game of these protests should give due consideration to these geographical dependencies. Even if a political divorce is possible in the long run, it will be really difficult to live independently when you are still forced to share the same bed.

A symbiotic existence between Hong Kong and China seems to be unavoidable, as such finding common ground seems to be a better approach than inflammatory tactics based on hate and violence. The latter dehumanizes the opposition and ironically for all people of Hong Kong, erodes the one of the core values of a democracy, basic human rights. This is the same value that the protestors are advocating for.

Observing from recent history, it is really hard to pinpoint a country involved in the Arab Spring events that are better off now than before. Perhaps conciliatory talks can give rise to more creative possibilities of coexistence, and the elixir of democracy does not have to be the only arrow in the quiver to achieve peace and prosperity.

Leviton Decora Smart Dimmer with HomeKit

I purchased these DH6HD HomeKit compatible dimmer switches from Leviton from February of 2018 (over 1 1/2 years now).

When they work, they are great. BUT! My HomeKit app frequently report these switches with “Not Responding”. The only remedy that I know of is to remove the accessory and then re-add it again.

The process of adding the accessory is extremely frustrating and time consuming. Adding the accessory to the WiFi network is a hit and miss affair. It really is a crapshoot.

Today after three tries adding the Leviton without success, I almost gave up. Finally I discovered the following process in this reddit article. Even the technique outlined by the article did not work until I restarted the avahi-daemon.service on my Linux server, figuring that it may interfere with the Bonjour discovery process when adding the accessory.

Using the WiFi setup of the iPhone to add the Leviton device to the WiFi network definitely works smoother than using the Home app. Here are the steps:

Reset the light switch by pressing and holding the on position of the switch until its LED light switches rapidly from red and amber. This can take more than 10 seconds.
Set the iPhone to the appropriate WiFi network.
Goto the iPhone WiFi menu, and you will the Leviton switch available for adding to the WiFi network. Add this device to the network.
If an error is encountered when adding to the network, then restart the avahi-daemon service (or other mDNS service that may be competing).
Once the switch is added to the network, proceed to add the switch with the Home app.

Apparently there is a firmware update for these switches. However, the update from 1.4.13 to 1.4.32 fail with the Leviton iOS app.

If you are thinking of getting a light switch for your home automation project, I would steer away from these switches!

DIY Garage Stereo with DML Speakers

I wanted music in my garage when I am cleaning my bike or doing some other work. However, I did not want to spend a lot of money but I also wanted to make sure that it sounded okay.

I was couch surfing one day and came across this YouTube video.

YouTube Video: https://youtu.be/CKIye4RZ-5k
YouTube Channel: Tech Ingredients

The video talks about joining audio exciters to extruded polystyrene boards, traditionally used for insulation. I was intrigued.

I purchased a pair of DAEX25TP-4 by Dayton Audio from solen.ca. They look like this:

I joined these exciters to FOAMULAR CodeBord Extruded Polystyrene Rigid Insulation which I purchased from Home Depot. I simply purchased a 24″ x 96″ and cut them in half so that I have a pair.

Last I bought a cheap Lepy LP-2020A Class-D amplifier.

I had an old Airport Express lying around which I can use as my source material by piping Apple Music through it. Here is the end result in my garage.

For less than $100, the sound is loud and good! The low end can be improved with a sub, but I won’t be doing that since this will be rarely used. The next step is to install some shelving and hide the wires so it is more presentable.

Traffic Violation?

This morning on the way to work after picking up breakfast from McDonald’s (the one on 9989 BAYVIEW), I decided that heading East bound on Major Mackenzie from Bayview to Leslie was too busy, so I decided to turn right onto Boake Trail from Major Mackenzie.

After my right turn I was stopped immediately by a police officer. He told me that I was not allowed to turn right.

Since I had a dashcam installed on my car, I replayed the footage and found that there was simply no sign indicating that a right turn is restricted. The matter was even more confusing when there is a dedicated right turn lane. See for yourself below.

Dashcam Video

Also on Google Maps, the no right turn sign is also non-existent.

I decided to contest this matter. I am providing this quick blog entry as near to a contemporaneous note as possible of the event this morning in case I need to refresh my memory three months from now in court.

Update: My sharp eye wife spotted the no-left turn sign beside the traffic lights. So even with the video and Google Map reference I missed it on multiple, post-event analysis. The dedicated right turn lane threw me off and baited me into the turn, an honest mistake.

Old Media Server with OpenVPN

I am in the process of building and configuring a media server for my parents. After my recent media server upgrade, I have extra gear lying around. By purchasing a power supply and a small case, I can cobble together another media server with my old processor and motherboard. I will call this my parent’s media server. The goal is to replace the current Raspberry PI unit that is currently running OSMC acting as their media server. Although the OSMC solution with Raspberry PI has been working really well, it is under powered to play any HEVC encoded video at full 1080p HD resolution.

I wanted to convert the majority of our video media to HEVC simply to save storage space. If I do this with my media library, I will not be able to share our media with them because of their under powered Raspberry PI.

To solve this issue, I installed Ubuntu 18.04 along with Kodi on my parent’s media server that I just created. I have been testing this solution for the past couple of weeks and both the hardware and media player works really well.

I also configured the box to auto mount USB disks, and installed SAMBA so that both videos and music files can be shared with other devices on the same network. The SAMBA is primarily used by my parents with their SONOS speakers.

With this media server at their location, I can also consider future upgrades such as replacing their WiFi network with a Ubiquiti solution, and even ponder on a site-to-site VPN solution with both of our networks.

Perhaps that is looking too far into the future. My immediate concern is how to remotely administer the box. With the Raspberry PI, I just had a simple SSH setup. However with the extra horse power, and a full blown Ubuntu distribution, I can now setup OpenVPN.

I followed these instructions on the DigitalOcean site, and it worked flawlessly. During the setup, I made a major error. I skipped the firewall (ufw) setup on the box, thinking that I don’t need a firewall because an external firewall already exists. However, OpenVPN will not route external traffic to the internal private network if IP masquerading (NAT) is not setup properly. Thanks to a coworker’s advice, I configured the firewall with IP forwarding NAT, but also change all default actions to ACCEPT so that the firewall only function as a NAT router. Lesson learned!

Since this VPN will only be used by me for remote management, I will not configure any HTTPS tunnelling or install and configure ObfsProxy. We will continue to use UDP and stick with the default 1194 port.

We will do some final testing before finally deploying it to my parent’s place.