Nyeste i IT og Internet emnet
Venstres holdning til fildeling
| Lix-tal: 48Svær: Debatlitteratur og populærvidenskabelige artikler
Link til indlægget | Kommentarer (2)
Følgende er d.d. sendt til partiet Venstre:
Kære Venstre,
I forbindelse med jeres brug af en fotografs billede af Villy Søvndal og Helle Thorning-Schmidt udtaler jeres partisekretær til Politiken, at der bør være plads til et vist albuerum.
Vil I bekræfte, at dette også gælder den almindelige danskers brug af billeder, som vedkommende har fundet på nettet, samt evt. musik og andre værker, der er omfattet af copyright?
Med venlig hilsen,
Ole Wolf
(Adresse m.v.)
Kære Venstre,
I forbindelse med jeres brug af en fotografs billede af Villy Søvndal og Helle Thorning-Schmidt udtaler jeres partisekretær til Politiken, at der bør være plads til et vist albuerum.
Vil I bekræfte, at dette også gælder den almindelige danskers brug af billeder, som vedkommende har fundet på nettet, samt evt. musik og andre værker, der er omfattet af copyright?
Med venlig hilsen,
Ole Wolf
(Adresse m.v.)
Kære Lars Barfoed,
I Googles "transparency report" fremgår det d. 6. juli 2011 om den danske regering, at "For the first time, we received a significant number of content removal requests".
Regeringen har flere gange tydeligt understreget, at vi har ytringsfrihed, og Grundloven beskriver, at censur og andre forebyggende forholdsregler aldrig igen vil kunne indføres.
Derfor vil jeg gerne have oplyst, hvad det er for anmodninger om fjernelse af indhold, den danske regering har fremsendt til Google.
Med venlig hilsen,
Ole Wolf
(adresse m.v.)
I Googles "transparency report" fremgår det d. 6. juli 2011 om den danske regering, at "For the first time, we received a significant number of content removal requests".
Regeringen har flere gange tydeligt understreget, at vi har ytringsfrihed, og Grundloven beskriver, at censur og andre forebyggende forholdsregler aldrig igen vil kunne indføres.
Derfor vil jeg gerne have oplyst, hvad det er for anmodninger om fjernelse af indhold, den danske regering har fremsendt til Google.
Med venlig hilsen,
Ole Wolf
(adresse m.v.)
Jeg har oversat mit script til installation af NemID-certifikatet til ".deb"-filer, så NemID kan installeres som en pakke. Hent filen på de følgende links afhængigt af, om du bruger et hhv. 32-bit eller 64-bit Ubuntu-system:
Du kan også installere dem uden at skulle downloade filerne ved at tilføje mit "repository". Så sikrer du dig, at filerne bliver opdateret helt automatisk fremover. Det gør du ved at udføre følgende kommandoer i en terminal:
Klik på "Hent NemID-certifikat". Du får nu følgende vindue, hvor du skriver dit NemID-brugernavn og password:
Klik på "Hent certifikat", og dit certifikat er installeret.
I terminalen bliver du nu opfordret til at lukke din browser, men det vil næppe ødelægge noget, at du fortsætter uden at lukke den. Tryk på Enter for at bekræfte, at du vil fortsætte, og dit certifikat er nu installeret, så du kan vælge det i mailprogrammet Evolution.
Hvis du bruger Thunderbird, skal du følge DanIDs vejledning, idet "Security Device"-filen ligger i biblioteket "/usr/lib".
- 32-bit: nemid-1.0-i686.deb
- 64-bit: nemid-1.0-amd64.deb
Du kan også installere dem uden at skulle downloade filerne ved at tilføje mit "repository". Så sikrer du dig, at filerne bliver opdateret helt automatisk fremover. Det gør du ved at udføre følgende kommandoer i en terminal:
wget -q debian.blazingangles.net/OleWolf-gpg.asc -O- | sudo apt-key add -Når du har installeret NemID-pakken, skal du åbne en terminal for at installere dit personlige certifikat. Her skriver du:
sudo wget --output-document=/etc/apt/sources.list.d/olewolf.list \
http://debian.blazingangles.net/olewolf.list && sudo apt-get --quiet update
installer-nemidDu får nu følgende vindue:
Klik på "Hent NemID-certifikat". Du får nu følgende vindue, hvor du skriver dit NemID-brugernavn og password:Klik på "Hent certifikat", og dit certifikat er installeret.I terminalen bliver du nu opfordret til at lukke din browser, men det vil næppe ødelægge noget, at du fortsætter uden at lukke den. Tryk på Enter for at bekræfte, at du vil fortsætte, og dit certifikat er nu installeret, så du kan vælge det i mailprogrammet Evolution.
Hvis du bruger Thunderbird, skal du følge DanIDs vejledning, idet "Security Device"-filen ligger i biblioteket "/usr/lib".
Emner
IT og Internet
Som konsekvens af, at DanID ikke kan finde ud af at supportere Linux ordentligt, idet de beder brugeren overskrive vigtige systemfiler samt binder brugeren til et mailprogram, der ikke er standard mailprogram i Ubuntu, må vi andre jo tage affære.
NB: Hvis du hellere vil installere NemID som en pakke i standard Ubuntu-format, har jeg sammensat en anden vejledning, der måske er lidt nemmere.
Jeg har derfor sat et script sammen, der foretager følgende:
1. Det sørger for, at Ubuntu har filer installeret på forsvarlig vis, så det kan undgås at overskrive filerne med DanIDs filer.
2. Det henter NemID-applikationen og installerer den.
3. Det starter NemID-applikationen, så brugeren kan hente sit NemID-certifikat.
4. Det installerer certifikatet således, at Evolution uden videre kan bruge det. Endvidere kan man bruge det til at underskrive dokumenter i LibreOffice.
Mit script, der kan benyttes frit, så længe det er i ikke-kommerciel sammenhæng, kan hentes her: installer-nemid.sh. Sørg for at give scriptet udføre-rettighed:
Script'et vil bede om dit administrator-password, hvis ikke det finder de nødvendige filer. Der er ingen risiko forbundet med dette, hvilket kyndige Linux-brugere vil kunne forvisse sig om ved eftersyn af script'et.
Kære DanID: Det tog mig under to timer at finde ud af, hvordan jeg skulle installere jeres certifikat i Evolution samt skrive det ovenstående script. Og det tog få sekunder at gennemskue, at man ikke behøver kopiere filer ned i systembibliotekerne. Skam jer, at I ikke som mindstemål laver en .deb pakke, så afhængighederne udredes automatisk, og skam jer, at I ikke engang kan flikke et sådant script sammen.
NB: Hvis du hellere vil installere NemID som en pakke i standard Ubuntu-format, har jeg sammensat en anden vejledning, der måske er lidt nemmere.
Jeg har derfor sat et script sammen, der foretager følgende:
1. Det sørger for, at Ubuntu har filer installeret på forsvarlig vis, så det kan undgås at overskrive filerne med DanIDs filer.
2. Det henter NemID-applikationen og installerer den.
3. Det starter NemID-applikationen, så brugeren kan hente sit NemID-certifikat.
4. Det installerer certifikatet således, at Evolution uden videre kan bruge det. Endvidere kan man bruge det til at underskrive dokumenter i LibreOffice.
Mit script, der kan benyttes frit, så længe det er i ikke-kommerciel sammenhæng, kan hentes her: installer-nemid.sh. Sørg for at give scriptet udføre-rettighed:
chmod 775 installer-nemid.sh
./installer-nemid.sh
Script'et vil bede om dit administrator-password, hvis ikke det finder de nødvendige filer. Der er ingen risiko forbundet med dette, hvilket kyndige Linux-brugere vil kunne forvisse sig om ved eftersyn af script'et.
Kære DanID: Det tog mig under to timer at finde ud af, hvordan jeg skulle installere jeres certifikat i Evolution samt skrive det ovenstående script. Og det tog få sekunder at gennemskue, at man ikke behøver kopiere filer ned i systembibliotekerne. Skam jer, at I ikke som mindstemål laver en .deb pakke, så afhængighederne udredes automatisk, og skam jer, at I ikke engang kan flikke et sådant script sammen.
Emner
IT og InternetNemID går frem og tilbage over åen efter vand
| Lix-tal: 45Svær: Debatlitteratur og populærvidenskabelige artikler
Link til indlægget | Kommentarer (9)
Lad mig indlede med at sige, at det er lykkedes mig at installere et NemID-certifikat på min computer, og at jeg ikke havde problemer med det.
Men nu er jeg altså også ekspert i feltet, både hvad angår almindelig computerbrug og mht. IT-sikkerhed og håndtering af certifikater. Jeg kan ikke med bedste vilje hævde, at NemID er spor nemt. Skal man installere et NemID-certifikat, så man kan underskrive sine mails, er der lange vejledninger, som skal følges meget nøje. Selv kompetente computerbrugere kan komme til at lave fejl, når antallet af nødvendige trin bliver højt.
I skrivende stund er der to længere vejledninger, som skal følges nøje, før man kan underskrive sine email med sit NemID-certifikat.
Første vejledning: Installation af en applikation
Den første beder i "trin nul" - inden vejledningen - brugeren downloade en applikation. Ja, det er rigtigt: NemID, som DanID højt og helligt lovede, at man kunne bruge, uden at man skulle installere applikationer på ens computer, kræver installationen af en applikation. Hvis man følger den syv trin lange vejledning - hvor man blandt andet bliver præsenteret for den for DanID pinlige besked om, at Windows ikke kan bekræfte certifikatetudstederens gyldighed - har man nu et certifikat. (Hele vejledningen i sin eksisterende form har jeg gemt i PDF-format her.)
På Linux afslører DanID en usædvanlig inkompetence: Her skal man downloade en såkaldt "tarball", der svarer lidt til en zip-fil med filer i. Den skal man pakke ud, hvilket DanID åbenbart antager, at man ved, hvordan man gør. Man kunne forvente, at DanID ville gøre som alle andre, nemlig tilbyde applikationen i en såkaldt "pakke", der blot skal hentes og dobbeltklikkes. Det gør DanID imidlertid ikke, og blandt andet derfor indeholder DanIDs "tarball" nogle systemfiler, som brugeren selv skal kopiere ud, så de overskriver nogle af Linux's systemfiler (igen kræver denne handling viden fra brugeren, for Linux's systemfiler lader sig ikke bare sådan lige overskrive). Dette er for det første ikke nødvendigt (fremstilleren af applikationen ville kunne benytte sig af såkaldt static linking, eller "pakken" kunne sørge for, at systemfilerne blev installeret). For det andet er det meget dårlig udviklingsstil at overskrive andres software, fordi man kan ødelægge det. For det tredje er DanIDs erstatningsfiler af ældre dato, og indeholder derfor ikke de seneste sikkerhedsopdateringer. Dermed gør DanIDs overskrivning af vigtige filer hele ens computer mindre sikker!
Anden vejledning: Opsætning af email-program
Men omvejen er langt fra overstået, for nu skal email-programmet sættes op. Det har NemID også en lang vejledning til. Først skal man dog vælge sit styresystem og email-program. Hvis vi siger, at styresystemet er Windows 7, skal man helst ikke have installeret Microsoft Outlook 2010 som email-program, for det er i skrivende stund ikke understøttet af NemID. Det er lidt pinligt al den stund, at Outlook 2010 har været på markedet i et helt år. Med Outlook 2007 og Outlook 2003 er det om ikke nemt, så i det mindste ikke rigtig muligt at gøre det meget nemmere, så her kan man ikke klantre DanID. Det skulle da lige være for ikke at have sat emailprogrammet op for en, når nu man allerede har installeret en applikation fra DanID.
DanID er tvangsindlagt til at yde support til de af os, der enten ikke kan eller ikke vil betale i dyre domme for Microsoft Outlook, idet DanID skal gøre det muligt at benytte et gratis email-program. Her har DanID valgt en løsning, der kræver, at man installerer email-programmet Thunderbird. Det er det eneste email-program, der i følge DanID virker med NemID-certifikater. Og her bliver en mindre kyndig computerbruger unægtelig straffet hårdt.
For det første skal vedkommende installere Thunderbird. Det er næppe svært, men dog ikke noget, som enhver computerbruger vil gå i kast med. Det vil kun i sjældne tilfælde være muligt at installere det på en offentligt tilgængelig computer. Straffen kommer, når Thunderbird skal sættes op, for her skal man følge en temmelig omfattende vejledning (gemt i PDF-format her). Prøv at læse vejledningen: Der er 10 trin, hvor man bl.a. skal ud og finde en bestemt "security device" - en hjælperapplikation - fra den applikation, som DanID installerede i første del.
Den nemmere løsning
Det kunne have været gjort langt nemmere, og uden behov for installation af applikationer.
Til sammenligning findes der f.eks. løsninger (f.eks. CAcert), hvor man blot klikker sig frem til sit certifikat på en webside. Når man har klikket på det, er det derefter "ja" til alle Windows' spørgsmål, og så ville certifikatet være installeret uden ekstra applikationer eller behov for de Java-applets, som skal installeres, før man kan indtaste sit NemID-brugernavn og password.
Med et sådant certifikat i det meget udbredte såkaldte PKCS#12-standardformat ville man i Thunderbird kunne vælge sit certifikat allerede i trin 2, og så ville Thunderbird være sat op. Endvidere ville certifikatet uden videre kunne benyttes til at underskrive dokumenter i OpenOffice og LibreOffice, der er de mest udbredte gratis programmer til tekstbehandling og andre kontoropgaver.
Det ovenstående kunne benytte eksisterende, gratis software, kombineret med en passende webside. I stedet har DanID valgt at afvige fra kravet om, at der ikke skulle installeres applikationer på brugernes PC samt tvunget brugerne til at benytte bestemte email-programmer. Og hvis nogen mener, at de to vejledninger i installationen af et NemID-certifikat er nemme, vil jeg nødig se DanIDs opfattelse af, hvad der er svært.
Men nu er jeg altså også ekspert i feltet, både hvad angår almindelig computerbrug og mht. IT-sikkerhed og håndtering af certifikater. Jeg kan ikke med bedste vilje hævde, at NemID er spor nemt. Skal man installere et NemID-certifikat, så man kan underskrive sine mails, er der lange vejledninger, som skal følges meget nøje. Selv kompetente computerbrugere kan komme til at lave fejl, når antallet af nødvendige trin bliver højt.
I skrivende stund er der to længere vejledninger, som skal følges nøje, før man kan underskrive sine email med sit NemID-certifikat.
Første vejledning: Installation af en applikation
Den første beder i "trin nul" - inden vejledningen - brugeren downloade en applikation. Ja, det er rigtigt: NemID, som DanID højt og helligt lovede, at man kunne bruge, uden at man skulle installere applikationer på ens computer, kræver installationen af en applikation. Hvis man følger den syv trin lange vejledning - hvor man blandt andet bliver præsenteret for den for DanID pinlige besked om, at Windows ikke kan bekræfte certifikatetudstederens gyldighed - har man nu et certifikat. (Hele vejledningen i sin eksisterende form har jeg gemt i PDF-format her.)
På Linux afslører DanID en usædvanlig inkompetence: Her skal man downloade en såkaldt "tarball", der svarer lidt til en zip-fil med filer i. Den skal man pakke ud, hvilket DanID åbenbart antager, at man ved, hvordan man gør. Man kunne forvente, at DanID ville gøre som alle andre, nemlig tilbyde applikationen i en såkaldt "pakke", der blot skal hentes og dobbeltklikkes. Det gør DanID imidlertid ikke, og blandt andet derfor indeholder DanIDs "tarball" nogle systemfiler, som brugeren selv skal kopiere ud, så de overskriver nogle af Linux's systemfiler (igen kræver denne handling viden fra brugeren, for Linux's systemfiler lader sig ikke bare sådan lige overskrive). Dette er for det første ikke nødvendigt (fremstilleren af applikationen ville kunne benytte sig af såkaldt static linking, eller "pakken" kunne sørge for, at systemfilerne blev installeret). For det andet er det meget dårlig udviklingsstil at overskrive andres software, fordi man kan ødelægge det. For det tredje er DanIDs erstatningsfiler af ældre dato, og indeholder derfor ikke de seneste sikkerhedsopdateringer. Dermed gør DanIDs overskrivning af vigtige filer hele ens computer mindre sikker!
Anden vejledning: Opsætning af email-program
Men omvejen er langt fra overstået, for nu skal email-programmet sættes op. Det har NemID også en lang vejledning til. Først skal man dog vælge sit styresystem og email-program. Hvis vi siger, at styresystemet er Windows 7, skal man helst ikke have installeret Microsoft Outlook 2010 som email-program, for det er i skrivende stund ikke understøttet af NemID. Det er lidt pinligt al den stund, at Outlook 2010 har været på markedet i et helt år. Med Outlook 2007 og Outlook 2003 er det om ikke nemt, så i det mindste ikke rigtig muligt at gøre det meget nemmere, så her kan man ikke klantre DanID. Det skulle da lige være for ikke at have sat emailprogrammet op for en, når nu man allerede har installeret en applikation fra DanID.
DanID er tvangsindlagt til at yde support til de af os, der enten ikke kan eller ikke vil betale i dyre domme for Microsoft Outlook, idet DanID skal gøre det muligt at benytte et gratis email-program. Her har DanID valgt en løsning, der kræver, at man installerer email-programmet Thunderbird. Det er det eneste email-program, der i følge DanID virker med NemID-certifikater. Og her bliver en mindre kyndig computerbruger unægtelig straffet hårdt.
For det første skal vedkommende installere Thunderbird. Det er næppe svært, men dog ikke noget, som enhver computerbruger vil gå i kast med. Det vil kun i sjældne tilfælde være muligt at installere det på en offentligt tilgængelig computer. Straffen kommer, når Thunderbird skal sættes op, for her skal man følge en temmelig omfattende vejledning (gemt i PDF-format her). Prøv at læse vejledningen: Der er 10 trin, hvor man bl.a. skal ud og finde en bestemt "security device" - en hjælperapplikation - fra den applikation, som DanID installerede i første del.
Den nemmere løsning
Det kunne have været gjort langt nemmere, og uden behov for installation af applikationer.
Til sammenligning findes der f.eks. løsninger (f.eks. CAcert), hvor man blot klikker sig frem til sit certifikat på en webside. Når man har klikket på det, er det derefter "ja" til alle Windows' spørgsmål, og så ville certifikatet være installeret uden ekstra applikationer eller behov for de Java-applets, som skal installeres, før man kan indtaste sit NemID-brugernavn og password.
Med et sådant certifikat i det meget udbredte såkaldte PKCS#12-standardformat ville man i Thunderbird kunne vælge sit certifikat allerede i trin 2, og så ville Thunderbird være sat op. Endvidere ville certifikatet uden videre kunne benyttes til at underskrive dokumenter i OpenOffice og LibreOffice, der er de mest udbredte gratis programmer til tekstbehandling og andre kontoropgaver.
Det ovenstående kunne benytte eksisterende, gratis software, kombineret med en passende webside. I stedet har DanID valgt at afvige fra kravet om, at der ikke skulle installeres applikationer på brugernes PC samt tvunget brugerne til at benytte bestemte email-programmer. Og hvis nogen mener, at de to vejledninger i installationen af et NemID-certifikat er nemme, vil jeg nødig se DanIDs opfattelse af, hvad der er svært.
Emner
IT og InternetTil videnskabsministeren angående NemID-certifikater
| Lix-tal: 49Svær: Debatlitteratur og populærvidenskabelige artikler
Link til indlægget | Kommentarer (5)
Kære Charlotte Sahl-Madsen:
Jeg ved desværre ikke, hvem jeg skal henvende mig til med dette problem. Jeg har fået et NemID-certifikat for at kunne underskrive mine emails i mine henvendelser til det offentlige. Men selv om DanID har slået på, at alle vil kunne bruge NemID på en hvilken som helst computer, og selv om DanID har bedyret, at man ikke skal installere applikationer på computeren for at bruge NemID, så har jeg fået følgende oplyst af DanID:
1. NemID-certifikatet kan KUN bruges sammen med email-programmet Thunderbird, der ikke er standard email-program i den mest udbredte Linux-distribution, som jeg bruger.
2. For at kunne bruge NemID-certifikatet med Thunderbird, er jeg nødt til at downloade en applikation fra NemIDs hjemmeside og gennemgå en temmelig detaljeret opsætning af programmet. Hvis blot certifikatet kunne modtages i andre formater end DanIDs foretrukne, ville det være yderst nemt at installere certifikatet i andre email-programmer. Standard email-programmet i Ubuntu (Linux) kan således underskrive emails, hvis blot man giver email-programmet certifikatet i det såkaldte PKCS#12-format. DanID vil kun levere det i x.509-format. (Denne email er f.eks. underskrevet med en digital signatur fra CAcert, der ikke har krævet nogen omveje med applikationer og besværlig opsætning.)
Årsagen er øjensynligt, at NemID er skruet sådan sammen, at DanID ejer brugernes private nøgler. Enhver ekspert i IT-sikkerhed kan fortælle, at dette er fundamentalt usikkert (det svarer til, at andre ejer nøglen til ens hus); og fordi DanID har valgt denne løsning, er DanID nødt til at lave fordyrende krumspring med særlige applikationer, der skal installeres, og er nødt til at fastlåse brugeren til specifikke 3-parts applikationer. Allerede brugen af Java til NemID-login gør det også nødvendigt at installere flere applikationer (nemlig Java samt login-applikationen, der kræver Java), og dette kan ikke forventes at være generelt muligt på offentligt tilgængelige computere.
Hvad vil I gøre for at sikre, at NemID virkelig kan bruges på enhver computer, og uden at brugerne skal installere applikationer fra DanID, sådan som det oprindeligt var hensigten?
Med venlig hilsen,
Ole Wolf
(Adresse m.v.)
Jeg ved desværre ikke, hvem jeg skal henvende mig til med dette problem. Jeg har fået et NemID-certifikat for at kunne underskrive mine emails i mine henvendelser til det offentlige. Men selv om DanID har slået på, at alle vil kunne bruge NemID på en hvilken som helst computer, og selv om DanID har bedyret, at man ikke skal installere applikationer på computeren for at bruge NemID, så har jeg fået følgende oplyst af DanID:
1. NemID-certifikatet kan KUN bruges sammen med email-programmet Thunderbird, der ikke er standard email-program i den mest udbredte Linux-distribution, som jeg bruger.
2. For at kunne bruge NemID-certifikatet med Thunderbird, er jeg nødt til at downloade en applikation fra NemIDs hjemmeside og gennemgå en temmelig detaljeret opsætning af programmet. Hvis blot certifikatet kunne modtages i andre formater end DanIDs foretrukne, ville det være yderst nemt at installere certifikatet i andre email-programmer. Standard email-programmet i Ubuntu (Linux) kan således underskrive emails, hvis blot man giver email-programmet certifikatet i det såkaldte PKCS#12-format. DanID vil kun levere det i x.509-format. (Denne email er f.eks. underskrevet med en digital signatur fra CAcert, der ikke har krævet nogen omveje med applikationer og besværlig opsætning.)
Årsagen er øjensynligt, at NemID er skruet sådan sammen, at DanID ejer brugernes private nøgler. Enhver ekspert i IT-sikkerhed kan fortælle, at dette er fundamentalt usikkert (det svarer til, at andre ejer nøglen til ens hus); og fordi DanID har valgt denne løsning, er DanID nødt til at lave fordyrende krumspring med særlige applikationer, der skal installeres, og er nødt til at fastlåse brugeren til specifikke 3-parts applikationer. Allerede brugen af Java til NemID-login gør det også nødvendigt at installere flere applikationer (nemlig Java samt login-applikationen, der kræver Java), og dette kan ikke forventes at være generelt muligt på offentligt tilgængelige computere.
Hvad vil I gøre for at sikre, at NemID virkelig kan bruges på enhver computer, og uden at brugerne skal installere applikationer fra DanID, sådan som det oprindeligt var hensigten?
Med venlig hilsen,
Ole Wolf
(Adresse m.v.)
Emner
IT og Internet, Oles breve
The Dallas 1-wire protocol makes it possible to attach a variety of devices ranging from counters, temperature sensors, memory, and humidity sensors, onto just a single data wire. Several of the sensors require no supply voltage line; instead, they draw the supply voltage from the data wire in so-called "parasitic" mode. The communication protocol allows a short burst of current on the data line that charges an internal capacitor in each of the attached 1-wire devices. Once charged, the internal capacitors provide just enough current to allow the 1-wire devices to do their thing and respond on the data wire.
A 1-wire controller is necessary, and while it is relatively easy to build a serial version with only a few components, Hobby Boards sells a USB adapter that is compatible with Ubuntu Linux.
Each device has a unique ID that is queried by the controller. Only those devices whose ID matches the controller's request are allowed to respond on the data line. Hence, all 1-wire devices are simply attached in parallel on the data wire, limiting the total wire count to two wires (one for data, one for ground). Some 1-wire devices that require large amounts of currents, such as LCD devices, require their own supply voltage, however. This may increase the wire count to three if you want to power all of these devices from a shared power supply, but you may also choose to power the 1-wire devices separately. The temperature sensors don't require a power supply unless you're using poor wire types, long wires, or have attached a large number of sensors on the same wire.
With Ubuntu, temperature logging requires only one Dallas one 1-wire controller, as many 1-wire temperature sensors as you want, and some scripting skills. Hobby Boards sells 1-wire sensors, too, which readily fit into their USB adapter. However, I chose to purchase a handful of bare DS18B20 temperature sensors from a local electronics outlet instead. I also needed an RJ45 connector for the USB adapter, which appears to be Hobby Boards' preferred connector. I was a little surprised to learn that Hobby Boards had chosen the black wire for data and red one for data/power.
The 18B20 device comes in a TO92 housing. The outermost pins are ground and power supply. When shorted, they indicate parasitic mode where the 18B20 draws power from the data pin in the middle. So, from the USB adapter, ground goes to the outer pins on the 18B20, and data goes to the middle pin. Of course, I built the 18B20 devices into small cases with adapters on them, enabling them to easily be connected in parallel with other cases containing 18B20 devices. For outdoor use, I enclosed the device and the cables in an epoxy-filled case to shield it from moisture.
Next, the software. The Ubuntu Linux kernel already includes 1-wire support, and the only required external software was "digitemp," which is found in the Ubuntu software repositories. I originally installed it on Ubuntu 9.10 where I had to blacklist the DS2940 kernel module. A file named "/etc/modprobe.d/blacklist-ds2940.conf" with the following contents takes care of that:
It may not be required on current Ubuntu releases, but it probably doesn't hurt.
Plug in the USB adapter, and Ubuntu loads the proper kernel; you can see in /var/log/messages what happens when the adapter is plugged in.
The next step is to determine the unique IDs of the attached 18B20 sensors. Digitemp can be used to send a broadcast query that returns the IDs as follows:
You may need to "sudo" the command. For some reason, this currently doesn't output anything on my own server, but back when I originally queried the IDs, it yielded an output similar to the following:
You'll have to figure out on your own which device ID (the string to the left in the list that is output) belongs to which sensor. These IDs are required to query the proper device, and must be copied to a configuration file. I called my configuration file "/root/digitemp.conf", and it contains the following:
The ROM codes are your choice of device numbers and the IDs that were output by the previous broadcast query.
Finally, the script that queries the temperatures of the 1-wire sensors is a simple Bash script stored in the /root folder:
Before calling the script, create a writeable directory in /var/lib/temperature, where the sensor outputs are stored in a file named "current". Call the script every, say, five minutes using a crontab entry:
The last line in the script calls another script that inserts the temperatures and time stamps for all temperature sensors into a MySQL database. If you don't need logging but only want the most recent temperature output, simply delete the last line of the script and read the current temperatures from /var/lib/temperature/current. You won't need any of the following either in that case.
The MySQL database insertion script simply reads and parses the file in /var/lib/temperature/current and inserts the values into a previously created MySQL database. The database contains the following tables:
The MySQL logging script looks like this, except that my password has been obscured:
To display the temperature log, a web server comes in handy. There are several graphical plotting options available, and I settled for the free version of JpGraph. I downloaded it from the web site because the version in the Ubuntu repositories seemed rather outdated. I recall I had to specify the directory for TrueType fonts and ensure that JpGraph was in PHP's search path, but otherwise I think it worked straight out of the box.
The script that uses JpGraph is called via the "img" HTTP tag. The script compiles image that is embedded into the main graph display script. My graphing script allows the user to enter a plot interval, and is simply the index file, "index.php". Rather than including the PHP scripts here, you may download them as a tarball here: temperature.tar.gz. Install them in a directory together with JpGraph. You'll have to do a few customizations: JpGraph may have to be tweaked a little to make sure it's visible from the scripts; you'll also have to set the database, username, and password in "config.php" according to the MySQL database you created previously; and, you'll want to modify the script to display those sensors that are appropriate for your own setup. Once configured, the script should display an output similar to the following:
A 1-wire controller is necessary, and while it is relatively easy to build a serial version with only a few components, Hobby Boards sells a USB adapter that is compatible with Ubuntu Linux.
Each device has a unique ID that is queried by the controller. Only those devices whose ID matches the controller's request are allowed to respond on the data line. Hence, all 1-wire devices are simply attached in parallel on the data wire, limiting the total wire count to two wires (one for data, one for ground). Some 1-wire devices that require large amounts of currents, such as LCD devices, require their own supply voltage, however. This may increase the wire count to three if you want to power all of these devices from a shared power supply, but you may also choose to power the 1-wire devices separately. The temperature sensors don't require a power supply unless you're using poor wire types, long wires, or have attached a large number of sensors on the same wire.
With Ubuntu, temperature logging requires only one Dallas one 1-wire controller, as many 1-wire temperature sensors as you want, and some scripting skills. Hobby Boards sells 1-wire sensors, too, which readily fit into their USB adapter. However, I chose to purchase a handful of bare DS18B20 temperature sensors from a local electronics outlet instead. I also needed an RJ45 connector for the USB adapter, which appears to be Hobby Boards' preferred connector. I was a little surprised to learn that Hobby Boards had chosen the black wire for data and red one for data/power.
The 18B20 device comes in a TO92 housing. The outermost pins are ground and power supply. When shorted, they indicate parasitic mode where the 18B20 draws power from the data pin in the middle. So, from the USB adapter, ground goes to the outer pins on the 18B20, and data goes to the middle pin. Of course, I built the 18B20 devices into small cases with adapters on them, enabling them to easily be connected in parallel with other cases containing 18B20 devices. For outdoor use, I enclosed the device and the cables in an epoxy-filled case to shield it from moisture.Next, the software. The Ubuntu Linux kernel already includes 1-wire support, and the only required external software was "digitemp," which is found in the Ubuntu software repositories. I originally installed it on Ubuntu 9.10 where I had to blacklist the DS2940 kernel module. A file named "/etc/modprobe.d/blacklist-ds2940.conf" with the following contents takes care of that:
# To get digitemp to work
blacklist ds2940
It may not be required on current Ubuntu releases, but it probably doesn't hurt.
Plug in the USB adapter, and Ubuntu loads the proper kernel; you can see in /var/log/messages what happens when the adapter is plugged in.
The next step is to determine the unique IDs of the attached 18B20 sensors. Digitemp can be used to send a broadcast query that returns the IDs as follows:
digitemp_ds2940 -w -sUSB
You may need to "sudo" the command. For some reason, this currently doesn't output anything on my own server, but back when I originally queried the IDs, it yielded an output similar to the following:
# digitemp_DS2490 -w
DigiTemp v3.5.0 Copyright 1996-2007 by Brian C. Lane
GNU Public License v2.0 - http://www.digitemp.com
Found DS2490 device #1 at 003/005
Turning off all DS2409 Couplers
...
Devices on the Main LAN
28913B56020000F2 : DS18B20 Temperature Sensor
282221560200006D : DS18B20 Temperature Sensor
(etc.)
You'll have to figure out on your own which device ID (the string to the left in the list that is output) belongs to which sensor. These IDs are required to query the proper device, and must be copied to a configuration file. I called my configuration file "/root/digitemp.conf", and it contains the following:
READ_TIME 2000
LOG_TYPE 1
LOG_FORMAT "%Y-%m-%d %H:%M:%S Sensor %s C: %.2C F: %.2F"
CNT_FORMAT "%Y-%m-%d %H:%M:%S Sensor %s #%n %C"
HUM_FORMAT "%Y-%m-%d %H:%M:%S Sensor %s C: %.2C F: %.2F H: %h%%"
SENSORS 5
# Server Room
ROM 0 0x28 0x91 0x3B 0x56 0x02 0x00 0x00 0xF2
# Home Office
ROM 1 0x28 0xFC 0x63 0x56 0x02 0x00 0x00 0xD0
# Heater
ROM 2 0x28 0x22 0x21 0x56 0x02 0x00 0x00 0x6D
# Outside, East
ROM 3 0x28 0x5E 0x17 0x56 0x02 0x00 0x00 0x90
# Living room
ROM 4 0x28 0x1F 0x3A 0x56 0x02 0x00 0x00 0xC6
The ROM codes are your choice of device numbers and the IDs that were output by the previous broadcast query.
Finally, the script that queries the temperatures of the 1-wire sensors is a simple Bash script stored in the /root folder:
#!/bin/bash
DIGITEMP_CMD=/usr/bin/digitemp_DS2490
CONFFILE=/root/digitemp.conf
STATEFILE=/var/lib/temperature/current
TMPFILE=/tmp/digitemp.XXX
# Abort after first script error.
set -e
# Get a unique temporary tamper-proof file name.
tmp=$(mktemp $TMPFILE)
# Create a full poll list of the temperature array. This takes up to
# 5 seconds per sensor, and therefore must be done to a (slowly growing)
# temporary file.
$DIGITEMP_CMD -q -c $CONFFILE -a -sUSB -l $tmp
# 'Atomically' move the freshly created state file in place.
chmod 644 $tmp
mv $tmp $STATEFILE
# Insert new measurements into database.
/usr/bin/php /root/digitemp-insert.php
Before calling the script, create a writeable directory in /var/lib/temperature, where the sensor outputs are stored in a file named "current". Call the script every, say, five minutes using a crontab entry:
# Read temperature probes every 5 minutes.
*/5 * * * * /root/digitemp.sh > /dev/null 2>&1
The last line in the script calls another script that inserts the temperatures and time stamps for all temperature sensors into a MySQL database. If you don't need logging but only want the most recent temperature output, simply delete the last line of the script and read the current temperatures from /var/lib/temperature/current. You won't need any of the following either in that case.
The MySQL database insertion script simply reads and parses the file in /var/lib/temperature/current and inserts the values into a previously created MySQL database. The database contains the following tables:
- id (int, autoincrement, primary key)
- sensor (tinyint)
- date (datetime)
- temperature (float)
The MySQL logging script looks like this, except that my password has been obscured:
<?
// Read the temperature log.
$entries = array( );
$fileHandle = fopen( "/var/lib/temperature/current", "r" );
while( ! feof( $fileHandle ) )
{
$temperatureLogEntry = fgets( $fileHandle );
// Break down the string, which looks like this:
// Jul 20 11:25:21 Sensor 0 C: 24.31 F: 75.76
$entry = array( );
$pattern = '/';
// Date and time
$pattern .= "^([0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2})";
// Sensor number.
$pattern .= " Sensor ([0-9]{1,3}) ";
// Sensor temperature.
$pattern .= "C: (-*[0-9]{1,3}\.[0-9]{1,3}) ";
$pattern .= "/";
if( preg_match( $pattern, $temperatureLogEntry, $entry ) )
{
$entries[ ] = $entry;
}
}
fclose( $fileHandle );
$mysqlBase = "temperatur";
$mysqlUser = "temperatur";
$mysqlPass = "*************";
$con = mysql_connect( "localhost", "$mysqlUser", "$mysqlPass" );
if( ! $con )
{
die( 'Could not connect: ' . mysql_error( ) );
}
mysql_select_db( "$mysqlBase", $con );
foreach( $entries as $entry )
{
$date = $entry[ 1 ];
$sensor = $entry[ 2 ];
$temperature = $entry[ 3 ];
$sensorName = $sensors[ $sensor ];
$timestamp = strtotime( $date );
$query = "INSERT INTO temperatur ( sensor, date, temperature ) "
. "VALUES( '$sensor', '$date', '$temperature' )";
$result = mysql_query( $query );
}
mysql_close( $con );
?>
To display the temperature log, a web server comes in handy. There are several graphical plotting options available, and I settled for the free version of JpGraph. I downloaded it from the web site because the version in the Ubuntu repositories seemed rather outdated. I recall I had to specify the directory for TrueType fonts and ensure that JpGraph was in PHP's search path, but otherwise I think it worked straight out of the box.
The script that uses JpGraph is called via the "img" HTTP tag. The script compiles image that is embedded into the main graph display script. My graphing script allows the user to enter a plot interval, and is simply the index file, "index.php". Rather than including the PHP scripts here, you may download them as a tarball here: temperature.tar.gz. Install them in a directory together with JpGraph. You'll have to do a few customizations: JpGraph may have to be tweaked a little to make sure it's visible from the scripts; you'll also have to set the database, username, and password in "config.php" according to the MySQL database you created previously; and, you'll want to modify the script to display those sensors that are appropriate for your own setup. Once configured, the script should display an output similar to the following:
Emner
Do-It-Yourself, IT og Internet
Wacken Death Box: Linux Based MP3 Player for Festival Use
This blog entry is part documentation for future reference, part documentation for others who may want to build a similar application such as a car PC. Note: this is not advanced engineering, but some development experience is required.
Together with a handful of friends, I visit the German village of Wacken each year in early August for the Wacken Open Air festival. Over the years we've become older and our need for luxury has increased steadily. Eventually we decided we wanted to play our own music while we were back from the concerts in our camp, and about four years ago I decided I'd construct some high-storage MP3 player hardware together with a power amplifier, both capable of running off a car battery and a charger.
Since then, MP3 players have become available sporting many gigabytes of harddisk space, so the design has become somewhat outdated: today it would suffice with a design featuring a car battery, a power amplifier, and an iPod instead of the customized PC that forms the MP3 player in the Wacken Death Box. In fact, that's precisely what I brought along in 2010, but since I had already purchased the PC components I continued building the MP3 player nonetheless.
The key components are:
Computer Hardware
This motherboard was chosen for two reasons: firstly, the power consumption is quite low without significantly sacrificing processor speed. With a proper Linux kernel, the processor can operate at speeds between 400 MHz and 1,2 GHz on demand, guaranteeing the lowest possible power consumption and heat production. Secondly, the motherboard is fanless, that is, it includes no moving parts.
The now outdated M1-ATX power supply is capable of powering the motherboard and harddrive, and provides some features of special interest to battery-operated computers: the power supply includes an ignition connector that automatically starts the computer five seconds after the ignition is turned on. When ignition is lost, the power supply sends a shutdown signal to the computer, letting the computer shutdown safely before the power supply removes all power from the computer's power rail. This makes it possible to maximize battery life while the computer is turned off. The power supply may be configured via five switches. I configured it for the most aggressive power savings, sending the off signal to the computer 5 seconds after ignition is lost and removing power from the power rail 45 seconds later.
In addition, the power supply provides a stable supply for battery voltages between 6 and 24 Volts, and features a "delayed on" connector for the car amplifier to avoid speaker pops when the computer is turned on and off.
The harddrive was selected among a number of high-storage drives (at that time, 120 GBytes was about as much as you could get on a 2.5" notebook drive) because of its comparatively low power consumption of about 2.5 Watts.
I enclosed the power supply, the motherboard, and the hard drive between two sheets of acrylic glass (because I happened to have that; two sheets of wood or metal would have worked fine, too) separated with spacers. The version shown here includes a SoundGraph iMon receiver for IR remote control, which for some reason I couldn't get to work and therefore removed later:
I chose Ubuntu 10.10 as an operating system although most Linux distributions will probably work; in fact, as will be explained later, Ubuntu 10.04 would probably have given me fewer headaches. I just happen to be more familiar with Ubuntu.
A few customizations were necessary: because the motherboard apparently doesn't report the BIOS date, I had to add "acpi=force" to the GRUB_CMDLINE_LINUX_DEFAULT boot options. Also, to save power, I disabled the graphical login by setting the GRUB_CMDLINE_LINUX option to "text".
The specifications indicate a maximum power consumption of about 17 Watts. With Ubuntu 10.10 and no peripherals (LAN, keyboard, mouse, and monitor attached) except the LCD display, the actual power consumption is somewhat lower: 14.6 Watts according to the power supply used for development. This can be expected to increase slightly while decoding MP3 files. Once the power supply has cut the power from the motherboard, the total power consumption is about 0.1 Watts.
LCD Display
The LCD display requires a serial connection and a 5 Volts power supply. This is easily obtainable with an adapter cable sold by Canadian-based Matrix Orbital, which also manufactures the display. In spite of the warning in the LCD display manual, the cable can actually be connected directly to the floppy power connector; don't worry that the red wire goes to the floppy power connector's GND. The serial connector goes to the serial port on the motherboard.
Software
There are a variety of sound players available for Ubuntu, but without a monitor and a keyboard, I had to find one that was capable of using the LCD display together with a keypad for user interaction. irmp3 was developed with this in mind, and although I find its user interface somewhat problematic, it saved me from programming except for a bug fix and a few workarounds.
The Ubuntu repository version of irmp3 is somewhat dated, and I decided to download and build the source version from the Sourceforge tarball (.tar.gz) instead.
Ubuntu 10.10 introduced another problem for irmp3: OSS was removed from the Ubuntu kernel since 10.10, and without OSS, irmp3 cannot set the mixer levels, leaving output at maximum. I'm afraid my friends at the camp won't appreciate this setting. Attempting to install oss4-base and oss4-kpms enabled the otherwise missing /dev/mixer but instead broke audio playback, so I decided on a workaround instead, using irmp3's ability to execute shell scripts. The scripts are quite simple, and are invoked by specifying in irmp3.conf that two particular keypresses should execute one of the following two browser scripts:
and
These two scripts, when called, increase or decrease the volume and write back the new volume in percent to irmp3 which displays the new volume on the LCD display. A proper configuration of lcdproc and irmp3 (see configuration files shortly) ensures that these scripts are called.
While experimenting, it turned out that "browser scripting" is broken, and I hacked the code to ignore what seems to be an inevitable error (the return value doesn't appear to be set anywhere). In the file "mod_browser.c", the if clause around the call to mod_browser_script( … ) should be eliminated:
leaving only the call itself:
This is probably not a proper fix, but it works for me. The real culprit is likely the function that doesn't set the return value properly.
irmp3 works closely together with lcdproc, which must each be configured properly. I've saved the configuration files here: LCDd.conf and irmp3d.conf for reference. (I've now learned that apparently all the keypresses should be changed to upper-case because upper-case letters indicate a keypress; lower-case letters indicate that the key was released. The configuration files linked here don't include this modification yet.) When the computer is booted, this configuration first introduces lcdproc and then about two seconds later the irmp3 browser on the LCD display:
Initial tests reveal that the first time a directory is selected from the file browser, the volume keys don't work. However, stepping back from the directory enables the volume keys, and I can live with that for now.
Keypad
The LCD display provides a connector for a 5x5 key matrix. Shorting any row with any column will produce a key from 'a' to 'z' from the LCD display. I might have been able to find some keypad, but I'd had a number of pushbuttons laying around. I soldered them onto a prototype board with 0.1" spaced stripes providing rows for the pushbuttons. By cutting the stripes and adding small pieces of wire, the columns were also soon ready. (This is pretty standard stuff, so you should be able to find descriptions on the web.)
Car Amplifier
The car amplifier is a standard 2 x 100 Watt amplifier ready for installation in a car. It includes an ignition connector, which is connected to the "delayed on" pin on the M1-ATX power supply. All other connections to the car amplifier are obvious: power goes directly to the battery (through fuses, of course), audio input comes from the motherboard's audio out, and the speaker outputs are wired to speaker connectors on the box.
Wiring It Together
I decided to organize the battery connections in a small plastic box so that the battery would only be connected in one place. From here, I drew wires to the amplifier, wires to the M1-ATX power supply, and wires to a car cigarette lighter socket useful for powering, say, an iPod charger or a cooler box.
I decided not to connect the car charger permanently to the battery until I've measured the leak current. It may be neglectible, but I prefer to rather be safe than sorry.
The computer (and hence the amplifier) are turned on via a pushbutton wired from the battery's anode to the ignition connector on the M1-ATX power supply.
The motherboard's power switch connector is wired to the motherboard power output connector on the M1-ATX power supply. This enables the M1-ATX to simulate a power button keypress for powering on and off the computer. The fan is connected to the motherboard's "system fan" connector, serving to cool the entire box once equipped with a power amplifier.
The Box
The box itself is light-weight but solid enough to sustain the weight of a heavy 70 Ah car battery. I constructed a wooden frame with reinforcement beneath the car battery. The wooden "rail" just below the top of the frame is intended to suspend the car amplifier above the other components in the box. Metal straps suffice to fasten the charger and the battery to the box:
The box was then covered with a metal mesh on one side, allowing airflow from the fan. The other sides were covered with a thin sheet of wood. I applied hinges to the top cover for easy maintenance. Computer, display, fan, and keypad have not been added yet, but there is sufficient room below the amplifier. There are loudspeaker connectors, line input connectors, and an ignition button on the side, enough to playback sound from an iPod:
Finally, with the remaining items added, the Wacken Death Box becomes a relatively uninteresting and clearly home made piece of electronic equipment of some sort. That's how it should be at a festival, although it may accumulate some festival stickers during its lifetime:
Miscellaneous
The choice of loudspeakers was based on a financial shortage the week before we departed for Wacken in 2010, so they're probably a weak link. I settled with a low-cost set of car loudspeakers with no subwoofer. The MP3 player is intended for outdoor (albeit not all-weather) use where a subwoofer will require a disproportionate level of amplification and hence battery life to make any difference.
Future Work, or What You May Consider
Today I would have chosen an Intel Atom-based motherboard. The power consumption is comparable to that of the EN12000EG board but with higher processor speeds. In addition, I'm less than impressed with Via's Linux support where the current display driver doesn't allow movie playback using hardware MPEG decoding.
The movie playback option would require a small monitor, but that seems doable. I was able to locate a low-cost, low-power 7" VGA monitor for the original Wacken Death Box, but its warranty had expired before I realized it was broken. In the meantime a variety of USB monitors have emerged, and while I'm not certain whether they are capable of real-time movie playback, Linux drivers appear to exist. I haven't investigated whether these USB monitors are touch screens, but otherwise I recall seeing screen overlays providing touch feedback. This setup could eliminate the use of the display and the keypad, and with the Ubuntu Netbook edition that is tailored for small displays the user interface could be made as good as would be possible on any netbook.
I'm not too happy with irmp3. It's buggy and the browser could easily be improved: firstly, it should rely on a database of artists and albums rather than browsing a directory of files. Secondly, a 40x4 display allows a much better real estate than is provided by irmp3. Thirdly, keys on the keypad should have state-based functionality; for example, the "next" and "previous" keys used to skip songs could be doubled with the "leave" and "enter" keys on the browser, and the volume keys could be doubled with the "up" and "down" keys. MPD provides an excellent back-end for the sound server and comes with a variety of front ends. Unfortunately I haven't been able to locate a front-end based on lcdproc.
I may also want to experiment with a solar charger, but that's a rather expensive solution.
This blog entry is part documentation for future reference, part documentation for others who may want to build a similar application such as a car PC. Note: this is not advanced engineering, but some development experience is required.
Together with a handful of friends, I visit the German village of Wacken each year in early August for the Wacken Open Air festival. Over the years we've become older and our need for luxury has increased steadily. Eventually we decided we wanted to play our own music while we were back from the concerts in our camp, and about four years ago I decided I'd construct some high-storage MP3 player hardware together with a power amplifier, both capable of running off a car battery and a charger.Since then, MP3 players have become available sporting many gigabytes of harddisk space, so the design has become somewhat outdated: today it would suffice with a design featuring a car battery, a power amplifier, and an iPod instead of the customized PC that forms the MP3 player in the Wacken Death Box. In fact, that's precisely what I brought along in 2010, but since I had already purchased the PC components I continued building the MP3 player nonetheless.
The key components are:
- A Via EPIA EN12000EG motherboard with a fanless 1.2 GHz processor
- M1-ATX intelligent power supply
- 1 GBytes RAM
- 120 GBytes SATA harddisk
- 40x4 LCD serial-port display (Matrix Orbital LK404-25)
- Home made keypad
- 2 x 100 Watt car amplifier
- Economy car battery charger
- Ø 12 cm fan
- 70 Ah car battery
- Ubuntu v. 10.10 "Maverick"
Computer Hardware
This motherboard was chosen for two reasons: firstly, the power consumption is quite low without significantly sacrificing processor speed. With a proper Linux kernel, the processor can operate at speeds between 400 MHz and 1,2 GHz on demand, guaranteeing the lowest possible power consumption and heat production. Secondly, the motherboard is fanless, that is, it includes no moving parts.
The now outdated M1-ATX power supply is capable of powering the motherboard and harddrive, and provides some features of special interest to battery-operated computers: the power supply includes an ignition connector that automatically starts the computer five seconds after the ignition is turned on. When ignition is lost, the power supply sends a shutdown signal to the computer, letting the computer shutdown safely before the power supply removes all power from the computer's power rail. This makes it possible to maximize battery life while the computer is turned off. The power supply may be configured via five switches. I configured it for the most aggressive power savings, sending the off signal to the computer 5 seconds after ignition is lost and removing power from the power rail 45 seconds later.
In addition, the power supply provides a stable supply for battery voltages between 6 and 24 Volts, and features a "delayed on" connector for the car amplifier to avoid speaker pops when the computer is turned on and off.
The harddrive was selected among a number of high-storage drives (at that time, 120 GBytes was about as much as you could get on a 2.5" notebook drive) because of its comparatively low power consumption of about 2.5 Watts.
I enclosed the power supply, the motherboard, and the hard drive between two sheets of acrylic glass (because I happened to have that; two sheets of wood or metal would have worked fine, too) separated with spacers. The version shown here includes a SoundGraph iMon receiver for IR remote control, which for some reason I couldn't get to work and therefore removed later:
I chose Ubuntu 10.10 as an operating system although most Linux distributions will probably work; in fact, as will be explained later, Ubuntu 10.04 would probably have given me fewer headaches. I just happen to be more familiar with Ubuntu.
A few customizations were necessary: because the motherboard apparently doesn't report the BIOS date, I had to add "acpi=force" to the GRUB_CMDLINE_LINUX_DEFAULT boot options. Also, to save power, I disabled the graphical login by setting the GRUB_CMDLINE_LINUX option to "text".
The specifications indicate a maximum power consumption of about 17 Watts. With Ubuntu 10.10 and no peripherals (LAN, keyboard, mouse, and monitor attached) except the LCD display, the actual power consumption is somewhat lower: 14.6 Watts according to the power supply used for development. This can be expected to increase slightly while decoding MP3 files. Once the power supply has cut the power from the motherboard, the total power consumption is about 0.1 Watts.LCD Display
The LCD display requires a serial connection and a 5 Volts power supply. This is easily obtainable with an adapter cable sold by Canadian-based Matrix Orbital, which also manufactures the display. In spite of the warning in the LCD display manual, the cable can actually be connected directly to the floppy power connector; don't worry that the red wire goes to the floppy power connector's GND. The serial connector goes to the serial port on the motherboard.
Software
There are a variety of sound players available for Ubuntu, but without a monitor and a keyboard, I had to find one that was capable of using the LCD display together with a keypad for user interaction. irmp3 was developed with this in mind, and although I find its user interface somewhat problematic, it saved me from programming except for a bug fix and a few workarounds.
The Ubuntu repository version of irmp3 is somewhat dated, and I decided to download and build the source version from the Sourceforge tarball (.tar.gz) instead.
Ubuntu 10.10 introduced another problem for irmp3: OSS was removed from the Ubuntu kernel since 10.10, and without OSS, irmp3 cannot set the mixer levels, leaving output at maximum. I'm afraid my friends at the camp won't appreciate this setting. Attempting to install oss4-base and oss4-kpms enabled the otherwise missing /dev/mixer but instead broke audio playback, so I decided on a workaround instead, using irmp3's ability to execute shell scripts. The scripts are quite simple, and are invoked by specifying in irmp3.conf that two particular keypresses should execute one of the following two browser scripts:
#!/bin/sh
NEWVOL=`/usr/bin/amixer set Master 1+ | grep -o -e '[0-9]\{0,3\}%'`
echo "Volume: $NEWVOL" > $1and
#!/bin/sh
NEWVOL=`/usr/bin/amixer set Master 1- | grep -o -e '[0-9]\{0,3\}%'`
echo "Volume: $NEWVOL" > $1
These two scripts, when called, increase or decrease the volume and write back the new volume in percent to irmp3 which displays the new volume on the LCD display. A proper configuration of lcdproc and irmp3 (see configuration files shortly) ensures that these scripts are called.
While experimenting, it turned out that "browser scripting" is broken, and I hacked the code to ignore what seems to be an inevitable error (the return value doesn't appear to be set anywhere). In the file "mod_browser.c", the if clause around the call to mod_browser_script( … ) should be eliminated:
if (!mod_browser_script(command)) {
(etc.)
leaving only the call itself:
mod_browser_script(command);
// if (!mod_browser_script(command)) {
(etc.)
// } else {
// log_printf(LOG_DEBUG, "mod_browser_exec(): Script execution failed.\n");
// mod_sendmsgf(MSGTYPE_INFO, "browser info Error");
// }
This is probably not a proper fix, but it works for me. The real culprit is likely the function that doesn't set the return value properly.
irmp3 works closely together with lcdproc, which must each be configured properly. I've saved the configuration files here: LCDd.conf and irmp3d.conf for reference. (I've now learned that apparently all the keypresses should be changed to upper-case because upper-case letters indicate a keypress; lower-case letters indicate that the key was released. The configuration files linked here don't include this modification yet.) When the computer is booted, this configuration first introduces lcdproc and then about two seconds later the irmp3 browser on the LCD display:
Initial tests reveal that the first time a directory is selected from the file browser, the volume keys don't work. However, stepping back from the directory enables the volume keys, and I can live with that for now.
Keypad
The LCD display provides a connector for a 5x5 key matrix. Shorting any row with any column will produce a key from 'a' to 'z' from the LCD display. I might have been able to find some keypad, but I'd had a number of pushbuttons laying around. I soldered them onto a prototype board with 0.1" spaced stripes providing rows for the pushbuttons. By cutting the stripes and adding small pieces of wire, the columns were also soon ready. (This is pretty standard stuff, so you should be able to find descriptions on the web.)
Car Amplifier
The car amplifier is a standard 2 x 100 Watt amplifier ready for installation in a car. It includes an ignition connector, which is connected to the "delayed on" pin on the M1-ATX power supply. All other connections to the car amplifier are obvious: power goes directly to the battery (through fuses, of course), audio input comes from the motherboard's audio out, and the speaker outputs are wired to speaker connectors on the box.
Wiring It Together
I decided to organize the battery connections in a small plastic box so that the battery would only be connected in one place. From here, I drew wires to the amplifier, wires to the M1-ATX power supply, and wires to a car cigarette lighter socket useful for powering, say, an iPod charger or a cooler box.
I decided not to connect the car charger permanently to the battery until I've measured the leak current. It may be neglectible, but I prefer to rather be safe than sorry.
The computer (and hence the amplifier) are turned on via a pushbutton wired from the battery's anode to the ignition connector on the M1-ATX power supply.
The motherboard's power switch connector is wired to the motherboard power output connector on the M1-ATX power supply. This enables the M1-ATX to simulate a power button keypress for powering on and off the computer. The fan is connected to the motherboard's "system fan" connector, serving to cool the entire box once equipped with a power amplifier.
The Box
The box itself is light-weight but solid enough to sustain the weight of a heavy 70 Ah car battery. I constructed a wooden frame with reinforcement beneath the car battery. The wooden "rail" just below the top of the frame is intended to suspend the car amplifier above the other components in the box. Metal straps suffice to fasten the charger and the battery to the box:
The box was then covered with a metal mesh on one side, allowing airflow from the fan. The other sides were covered with a thin sheet of wood. I applied hinges to the top cover for easy maintenance. Computer, display, fan, and keypad have not been added yet, but there is sufficient room below the amplifier. There are loudspeaker connectors, line input connectors, and an ignition button on the side, enough to playback sound from an iPod:
Finally, with the remaining items added, the Wacken Death Box becomes a relatively uninteresting and clearly home made piece of electronic equipment of some sort. That's how it should be at a festival, although it may accumulate some festival stickers during its lifetime:Miscellaneous
The choice of loudspeakers was based on a financial shortage the week before we departed for Wacken in 2010, so they're probably a weak link. I settled with a low-cost set of car loudspeakers with no subwoofer. The MP3 player is intended for outdoor (albeit not all-weather) use where a subwoofer will require a disproportionate level of amplification and hence battery life to make any difference.
Future Work, or What You May Consider
Today I would have chosen an Intel Atom-based motherboard. The power consumption is comparable to that of the EN12000EG board but with higher processor speeds. In addition, I'm less than impressed with Via's Linux support where the current display driver doesn't allow movie playback using hardware MPEG decoding.
The movie playback option would require a small monitor, but that seems doable. I was able to locate a low-cost, low-power 7" VGA monitor for the original Wacken Death Box, but its warranty had expired before I realized it was broken. In the meantime a variety of USB monitors have emerged, and while I'm not certain whether they are capable of real-time movie playback, Linux drivers appear to exist. I haven't investigated whether these USB monitors are touch screens, but otherwise I recall seeing screen overlays providing touch feedback. This setup could eliminate the use of the display and the keypad, and with the Ubuntu Netbook edition that is tailored for small displays the user interface could be made as good as would be possible on any netbook.
I'm not too happy with irmp3. It's buggy and the browser could easily be improved: firstly, it should rely on a database of artists and albums rather than browsing a directory of files. Secondly, a 40x4 display allows a much better real estate than is provided by irmp3. Thirdly, keys on the keypad should have state-based functionality; for example, the "next" and "previous" keys used to skip songs could be doubled with the "leave" and "enter" keys on the browser, and the volume keys could be doubled with the "up" and "down" keys. MPD provides an excellent back-end for the sound server and comes with a variety of front ends. Unfortunately I haven't been able to locate a front-end based on lcdproc.
I may also want to experiment with a solar charger, but that's a rather expensive solution.
Emner
Do-It-Yourself, IT og Internet
Nedenstående blev oprindelig sendt som et brev til Naser Khader (K). Efterfølgende har jeg omformuleret brevet, så det handler om sagen frem for Naser Khader selv:
Det glæder mig, at det er opklaret, hvem der havde hacket Naser Khaders computer, og at der ikke var tale om politiske modstandere. Jeg kan vel undre mig over Khaders valg af bekendtskaber jævnfør hans pressemeddelelse angående hackerens identitet, men kan omvendt nikke genkendende til en vis konsistens blandt hans politiske samarbejdspartnere hvad det angår.
Jeg håber imidlertid, at sagen kan åbne øjnene for, hvorfor især dele af oppositionen ser IT-sikkerhed og privatliv fra et andet perspektiv, end de Konservative normalt er talspersoner for. Den stående formaning fra de Konservative omkring øget overvågning og kompromittering af privatlivets fred har hidtil været, at hvis ikke man har noget at skjule, har man ikke noget at være bange for.
Men man kan faktisk have helt private affærer, som ikke rager nogen andre. Måske diskuterer man sine løn- eller skatteforhold. Måske har man en affære udenom. Måske headhunter man en ven et til et job. Eller måske planlægger man sin ferie udenfor hjemmet. Uanset hvad det er, så er det dokumenter, som man ikke vil have, at alle andre skal læse, selv om det ikke er kriminelt. Der er ikke noget galt i at understrege, at man ønsker at diskutere privat. Det er ikke fordi man begår undergravende virksomhed, at man skjuler sine breve i lukkede konvolutter.
Hvis man kriminaliserer privatliv (eller tager det første skridt ved at mistænkeliggøre det), er det kun kriminelle, der har et privatliv, for nu at låne et velkendt ordsprog. Det er sikkert attraktivt at være den magtfaktor, der kan kontrollere overvågningen, men tider skifter, og magt skifter hænder, og man kan pludselig være den overvågede overfor en magt, man ikke er enig med. Den næste magthaver har ikke nødvendigvis samme velmenende interesser med overvågningen, som man selv mente at have.
Skulle man bruge Khaders eget partis hidtidige parole, måtte man formode, at han har noget at skjule, siden han kunne blive rystet over at få sine private oplysninger stjålet og potentielt brugt imod sig. Noget sådant vil jeg ikke antyde, ikke mindst fordi jeg ikke køber de Konservatives argument. I stedet har jeg faktisk fuld forståelse for, at Khader kan være rystet, for de fleste mennesker foretrækker at holde deres private liv privat.
Derfor håber jeg, at oplevelsen giver Khader og hans parti en vis forståelse for, at jeg og mange andre gerne vil kunne tale i telefon, surfe på nettet, skrive en mail, køre i vores biler, gå en tur i centrum, osv., uden at ukendte andre skal få indsigt i det og eventuelt bruge det mod os - uanset hvor uskyldige, vore forehavender måtte være. Sammenlignet med en sådan systematisk invasion af vore private gøremål er en tilfældig vens hacking af ens computer i småtingsafdelingen. Hvis det er nok til at gøre Khader rystet, så bør han tænke på, hvordan man retteligt bør opfatte den overvågningslovgivning, som hans eget parti er fortaler for. Det er nemlig langt værre.
Det glæder mig, at det er opklaret, hvem der havde hacket Naser Khaders computer, og at der ikke var tale om politiske modstandere. Jeg kan vel undre mig over Khaders valg af bekendtskaber jævnfør hans pressemeddelelse angående hackerens identitet, men kan omvendt nikke genkendende til en vis konsistens blandt hans politiske samarbejdspartnere hvad det angår.
Jeg håber imidlertid, at sagen kan åbne øjnene for, hvorfor især dele af oppositionen ser IT-sikkerhed og privatliv fra et andet perspektiv, end de Konservative normalt er talspersoner for. Den stående formaning fra de Konservative omkring øget overvågning og kompromittering af privatlivets fred har hidtil været, at hvis ikke man har noget at skjule, har man ikke noget at være bange for.
Men man kan faktisk have helt private affærer, som ikke rager nogen andre. Måske diskuterer man sine løn- eller skatteforhold. Måske har man en affære udenom. Måske headhunter man en ven et til et job. Eller måske planlægger man sin ferie udenfor hjemmet. Uanset hvad det er, så er det dokumenter, som man ikke vil have, at alle andre skal læse, selv om det ikke er kriminelt. Der er ikke noget galt i at understrege, at man ønsker at diskutere privat. Det er ikke fordi man begår undergravende virksomhed, at man skjuler sine breve i lukkede konvolutter.
Hvis man kriminaliserer privatliv (eller tager det første skridt ved at mistænkeliggøre det), er det kun kriminelle, der har et privatliv, for nu at låne et velkendt ordsprog. Det er sikkert attraktivt at være den magtfaktor, der kan kontrollere overvågningen, men tider skifter, og magt skifter hænder, og man kan pludselig være den overvågede overfor en magt, man ikke er enig med. Den næste magthaver har ikke nødvendigvis samme velmenende interesser med overvågningen, som man selv mente at have.
Skulle man bruge Khaders eget partis hidtidige parole, måtte man formode, at han har noget at skjule, siden han kunne blive rystet over at få sine private oplysninger stjålet og potentielt brugt imod sig. Noget sådant vil jeg ikke antyde, ikke mindst fordi jeg ikke køber de Konservatives argument. I stedet har jeg faktisk fuld forståelse for, at Khader kan være rystet, for de fleste mennesker foretrækker at holde deres private liv privat.
Derfor håber jeg, at oplevelsen giver Khader og hans parti en vis forståelse for, at jeg og mange andre gerne vil kunne tale i telefon, surfe på nettet, skrive en mail, køre i vores biler, gå en tur i centrum, osv., uden at ukendte andre skal få indsigt i det og eventuelt bruge det mod os - uanset hvor uskyldige, vore forehavender måtte være. Sammenlignet med en sådan systematisk invasion af vore private gøremål er en tilfældig vens hacking af ens computer i småtingsafdelingen. Hvis det er nok til at gøre Khader rystet, så bør han tænke på, hvordan man retteligt bør opfatte den overvågningslovgivning, som hans eget parti er fortaler for. Det er nemlig langt værre.
DanID gør endnu engang NemID svært
| Lix-tal: 54Svær: Debatlitteratur og populærvidenskabelige artikler
Link til indlægget | Kommentarer (2)
Det har ikke skortet på berettiget kritik mod DanID, hvis "NemID"-løsning absolut ikke er specielt nem, og helt grundlæggende er designet på en måde, der gør løsningen usikker.
Efter nogen forsinkelse gør DanID det nu også muligt at benytte sit NemID-login som reel digital signatur i den udstrækning, at man kan kryptere email, også på Linux. Eller rettere: Med unødigt møje og besvær vil man måske kunne få det til at fungere på én Linux-distribution, nemlig Ubuntu.
I følge DanIDs vejledning til Ubuntu-installationen skal man downloade det, der i udviklerverdenen er kendt som en "tarball", dvs. et komprimeret arkiv af filer. Den skal man selv pakke ud, og minsandten om man ikke ligefrem manuelt skal kopiere systemfiler ind i et systembibliotek. Det er usædvanligt brugerfjendtligt på et system, hvor almindelige brugere forlængst har vænnet sig til, at man får tilbudt et såkaldt "respository", hvorved både installation og løbende opdateringer går som en leg.
Og for at gøre ondt værre, forlyder det fra en kommentator på Version2, at når man manuelt kopierer systemfilerne, vil man overskrive de nyere og bedre versioner af disse systemfiler, som Linux-systemet er "født" med. Det betyder en forringelse af hele computerens sikkerhed, samt en meget høj risiko for, at installerede programmer ikke længere virker.
Jeg har derfor sendt følgende forespørgsel til DanIDs support:
Hej,
Angående applikationen til kryptering af email på Ubuntu.
1. Hvordan lever kravet om at installere en applikation op til DanIDs forsikring om, at man ikke skal installere applikationer for at benytte NemID?
2. Den aktuelle mulighed med "tarballs" og manuel(!) kopiering til systembibliotekerne er absolut ikke brugervenlig. Hvornår kommer der et repository til Ubuntu, sådan som almindelige brugere efterhånden er vant til på dette operativsystem?
Med venlig hilsen,
--Ole Wolf
Efter nogen forsinkelse gør DanID det nu også muligt at benytte sit NemID-login som reel digital signatur i den udstrækning, at man kan kryptere email, også på Linux. Eller rettere: Med unødigt møje og besvær vil man måske kunne få det til at fungere på én Linux-distribution, nemlig Ubuntu.
I følge DanIDs vejledning til Ubuntu-installationen skal man downloade det, der i udviklerverdenen er kendt som en "tarball", dvs. et komprimeret arkiv af filer. Den skal man selv pakke ud, og minsandten om man ikke ligefrem manuelt skal kopiere systemfiler ind i et systembibliotek. Det er usædvanligt brugerfjendtligt på et system, hvor almindelige brugere forlængst har vænnet sig til, at man får tilbudt et såkaldt "respository", hvorved både installation og løbende opdateringer går som en leg.
Og for at gøre ondt værre, forlyder det fra en kommentator på Version2, at når man manuelt kopierer systemfilerne, vil man overskrive de nyere og bedre versioner af disse systemfiler, som Linux-systemet er "født" med. Det betyder en forringelse af hele computerens sikkerhed, samt en meget høj risiko for, at installerede programmer ikke længere virker.
Jeg har derfor sendt følgende forespørgsel til DanIDs support:
Hej,
Angående applikationen til kryptering af email på Ubuntu.
1. Hvordan lever kravet om at installere en applikation op til DanIDs forsikring om, at man ikke skal installere applikationer for at benytte NemID?
2. Den aktuelle mulighed med "tarballs" og manuel(!) kopiering til systembibliotekerne er absolut ikke brugervenlig. Hvornår kommer der et repository til Ubuntu, sådan som almindelige brugere efterhånden er vant til på dette operativsystem?
Med venlig hilsen,
--Ole Wolf
Emner
IT og InternetAbonnement
Seneste kommentarer