I finally did it!
The unit has been non-functional for over a year now. See details in my previous post. But I got it back.

First, I'd like to clarify the myth of "equipment mode". Yes, that does exist. You'll know that your box is bricked and the reason for that is because you're in equipment mode, as your RS-232 -console output will say following during boot-up:

now in wifi mfg
g_Equip_Mode_value = 1

What needs to be done, is getting that Equip_Mode flag off. On "normal" mode bootup, two distinct differences appear at the output:

now in wifi release
normal mode, no need to load RF wifi
and
g_Equip_Mode_value = 0

My sincere thanks goes to Mr. Jevgenij for telling me a magical NVRAM-location to look at.

The brick

My bricked B592 s-22 (in equipment mode) looked like this on a boot sequence:

(Sorry about the signal LED glowing, that was my failure when lighting the box for video. I didn't realize that on my footage it looks like being lit, while in reality it isn't. A bricked box won't show any signal there.)

At power-on, the Power-LED gets lit all the others are off. Then the boot-sequence handles lot of hardware and gets a Linux to boot. They call it the "early init". There are no differences between modes at that point.

Next, what happens is the Linux-side taking control and starting to spin up services. One of the first things it does is kicking all the LEDs lit. When enough services are on, and Linux wants to fiddle with LTE-side all the LEDs go off. Now that the device is configured not to offer all hardware services to Linux-side, rest of the boot sequence goes haywire. There is no Wi-Fi, there is no Ethernet-bridge and lot of stuff fail during boot. Your best clue about this dreaded equipment mode is the Tel LED blinking on/off forever. Actually the box is not doing much at that point. It has given up all hope on getting a handle of the LTE-side or the Ethernet bridge.

Luckily, the box is sane enough to allow a SSH-login. In equipment mode, it will bypass the ATP Cli completely and land at the BusyBox-prompt. There your friend is lteat-command. Go back to my older stuff, for details about that.

The fix

The prerequisite for the fix is, that you are logged into your B593 s-22 via SSH and are able to run lteat and get sensible response out of it. Example (the blank lines happen on my SSH, I don't know why):

# lteat
AT>ati

i

Model: B593s-22

Revision: V200R001B180D20SP05C260

IMEI: 860091028600910

+GCAP: +CGSM,+DS,+ES

OK
AT>

Then you're good to go.

First confirm, that you are in the equipment mode:

AT>at ^nvrd=52110
^NVRD: 12,31 00 00 00 00 00 00 00 00 00 00 00
OK

That's a ReaD-command for NVRAM address location 52110. To change the mode back to normal, a WRite needs to be issued:

AT>at ^nvwr=52110,1,0
OK

Confirm the result:

AT>at ^nvrd=52110
^NVRD: 12,00 00 00 00 00 00 00 00 00 00 00 00
OK

Notice how the hex value 0x31 is changed to 0x00. Btw. if you look at the ASCII-table, you may notice, that 0x31 stands for number 1. That's would be similar to the (1) in g_Equip_Mode_value = 1.

Now all you have to do is power-off your box and kick it back on.

Finally

I don't have a clue why/how/when my box went into this "stupidity"-mode. I was fiddling with the LTE-side at lteat-prompt when it happened. I did try dozens of different commands, any of those may have caused that.

Also, if you're unable to SSH into your box, you may need to read my or somebody else's articles. It's all explained there.

It took a lot of time and effort to rent an apartment, Sweden (especially Stockholm are) is notoriously difficult with that. And the first thing any new apartment needs is an Internet-connection. Mobile data in Sweden sucks royally, its expensive and horribly capped with transfer limits. So, something with a wire for me thanks. In this apartment, the options for wired net were highly limited. It's either Comhem or nothing. I chose Comhem.

Back in the 90s, Swedish government subsidied building optical fiber connections to literally every house. They ended up paying roughly 50% of the building costs of proper connections to entire country. Not a bad investment, I have to say. Some businessmen threw rest of the required money and as the result of that, Swedes even today enjoy faster Internet connections than nobody else.

The wall box

Here in Stockholm area this is a very common thing to see:

There is something coming into the box from a hole in a wall. I don't know what that could be, possibly fiber, or possibly something with copper in it. If you know, drop a comment! The output is FM-radio, cable-TV and Internet. Radio and TV are regular 75Ω RF-connectors, something you'd generally expect. Data is an F-connector, also very typical for cable-TV Internet connectivity.

The router

Sorry, the pics are really crappy. I don't have my proper camera here in Sweden, so I have to use whatever mobile junk happens to be at hand. The router looks like this:

In the back there are your expected set of connectors:

• RJ-11: no idea what this is for, my guess is for a landline phone connection (who needs that!?)
• 4 x RJ-45: Your standard 1 Gbit/s ethernet switch
• Reset pin: do a factory reset with a small pointy thingie
• F-connector: for incoming cable-TV signal
• O/I switch: For on-off needs
• Barrel jack: for 12 VDC power connector, 2,5 amps
• (bonus): 2,4 GHz / 5 GHz Wi-Fi router

Bottom:

Yes, this is one of those French-made Sagemcom boxes.Spec is at: F@ST 3686 AC. Sagemcom is quite big in manufacturing consumer boxes for TV/IPTV/cable internet.

There is nothing special nor surprising there in the router. It's your basic free giveaway box the ISPs throw at you when you sign a subscription. Most people love the fact that this one packs a modern Wi-Fi access point. Personally, I hate integrated crap and want to tinker with my access point more than these integrated things allow me to do.

The admin

As you could expect, there is a web-based GUI admin interface at 192.168.0.1:

Logging in gives you more details for the router status:

Wi-Fi settings:

My IP-address, Wi-Fi SSIDs and serial numbers have been redacted, so those of you with evil plans, note that you'll be targeting somebody else.

The speed

I'm subscribing to a Bredband100. The promise is 100 Mbit/s download (actually they say 50-100) and 10 Mbit/s up (range 7-10).

Speedtest, ethernet cable, 1 Gbit/s:

Speedtest, iPhone 6, 802.11ac, 5 GHz:

Speedtest, Asus Nexus 7, 802.11n, 2.4 GHz:

Not bad! They keep the promise.

If you stumble on the Wi-Fi specs, check the article about Wireless N & Wireless G @ Flashrouters blog about those.

The nominal speed of 802.11n is much higher than 63 Mbit/s, but 2.4 GHz is always very saturated. I haven't counted how many wireless access points are visible here to my apartment, but its easily 50+. Also the throughput of a 2.4 GHz Wi-Fi will drop, if any of my neighbours are using a microwave. Cisco claims, that microwave oven interference can reach 25 feet / 7.5 meters, see the article about that. Unfortunately all my toys will support 5 GHz, so I'll have to run both for the time being.

The result

Generally people love hating big corporations, especially ISPs and telcos. I know I do. A good example of that is: Comhem stumbled on my router delivery as their logistics partner started bouncing the shipment back and forth in the same terminal. Eventually I got the router, plugged it in and it worked. Their customer support is good, I called them at least 4 times to get a subscription and for the delivery issues.

After running this box for a week, I have to say it does the job. On a negative side, the router in router/NAT-mode, the router drops your TCP-connections super fast. This mostly affect SSH and as a remedy I have this in my .ssh/config:

Host *
  ServerAliveInterval 25

25 seconds is very fast. Never seen anything like that before. My obvious plan is not disable the wireless AP and switch this baby into a bridge mode and build a real Linux-router to do the NAT. But I'll have to post about that someday.

Ultimately I'm quite happy with this ISP and the router they provided. Out-of-the box it works enough for all people, but provides enough flexibility for me to do some advanced network stuff.

As I mentioned in my post about Swedish ISP, that I like to run Linux on my stuff. My weapon of choice for wireless networking has been DD-WRT for many years (I'm not sure how many exactly, 15+ or so). Any appliance I purchase must be supported by that.

I've been running a lot of Linksys in the past, but this time I chose to go with a Taiwanese TRENDnet TEW-818DRU. The spec is huge and it contains really good 802.11 radios, USB3-port, decent CPU and enough RAM to run it all. And finally: The manufacturer is really keen on supporting Linux.

This is what it looks like. It won't win any design awards, as obviously some software engineer designed the plastic case:

Linux /proc/cpuinfo for Cortex-A17:

model name : ARMv7 Processor rev 0 (v7l)
processor : 0
BogoMIPS : 1594.16
Features : half fastmult edsp tls
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x3
CPU part : 0xc09
CPU revision : 0

Memory, physical is 128 MiB, but some is needed for hardware:

             total   used    free shared  buffers  cached
Mem:        124536  38296   86240      0   4108     12212
-/+ buffers/cache:  21976  102560

Ports at the back:

• USB3
• USB2
• WPS-button for those who don't care much for security
• 4 x RJ-45 for LAN
• RJ-45 for WAN
• O/I for power
• Barrel connector for 12 VDC, 2 amps power input

Bottom:

It really doesn't get much simpler than that, which is perfect for engineering type persons. Like me!
You'll get a reliable box with ton on features and possibility of tweaking it to do whatever you need.

In next part I'll put a DD-WRT into it.

My employer was kind enough to issue me new toys. Any proper nerd loves new toys, I know I do!

So, I got an upgrade for my old(ish) iPhone 6. To a rather big surprise, they're exactly the same thing. Here is a quiz for you iPhone-fans. Tell me which one is 6 and which one is 7:

And the easy one:

For the first three pics, I honestly don't know which one is which. The fourth one is an easy one, in iPhone 6 there is a white line right below the camera lens, also the lens is bigger on 7. Fifth one is a no-brainer, no 3.5 mm headphone jack exists in the new one.

Other than the missing jack, there isn't much to tell. Upgrade is almost a no-upgrade. Everything is the same, except I had to spend couple hours of restoring the backup. Actually, there was a quirk, my new phone had latest iOS, but the un-boxed one didn't, so I first had to go through the out-of-box-experience and then upgrade it to latest firmware. Then it was possible to do the restore and after restore the thing could start installing my apps.

List of things that didn't transfer:

• Touch ID fingerprints
  • Apple support HT204136 says that it should, but ...
• Apps from my employer's app store
• Keyboard dictionary
• Ringtone selections
  • I have a dozen or so own-made ringtones for incoming callers.
  • The ringtones did transfer ok, but the selection of which one is used didn't survive the transfer.
• Google Authenticator keys
  • Read the article "Is there an easy way to transfer Google Authenticator codes to a new device?" for reasoning.
• ... maybe something else I forgot to mention here

Ultimately I have to say, this wasn't worth it. I got the same phone without headphone jack, and I had to spend couple hours of work to get a 32 GiB thing to the point I started with a 64 GiB one. It's a shame there is no 64 GiB iPhone 7. They didn't let me get the 128 GiB, because it's too expensive. The new A10 CPU should be more energy efficient, but in reality it doesn't show. Only after upgrading to iOS 10.3.2, there was some improvement on battery usage. Before that, I had to charge the phone more often that my old one.

The only positive thing is, that now I have a fresh battery to my iPhone. I guess I should find some positive things with the new and improved "best ever" camera, but I simply cannot.

In my network setup, it's almost done: we have 1) an Internet-connection, 2) a wireless access-point to pass some mobile device traffic trought it, but something is missing: a router to tie it all together. In my post about my Swedish ISP, it became evident, that running a router they threw at me for free wasn't an option. Second completely viable option would be to run my new Wi-Fi AP with DD-WRT as a router. Totally doable. It has all the suitable ports, DD-WRT is fully equipped to act as an internet router and all that.

Me being a total nerd, of course I wanted to build a real router. The suitable hardware for it would be something tiny having enough ports and packing suitable CPU/RAM/SSD to run a real Linux in it. So, my choice for this is:
Qotom Barebone Mini PC Linux Ubuntu Wintel Nano ITX Celeron j1800/1900 Mini Computer Desktop PC Fanless x86 pc Industrial PC Computer. The marketing people at Qotom chose an appropriate name for their product, huh! If I'd choose the name, I'd go anthing with less than 19 words, removed "Ubuntu", "Wintel", double "mini", double "PC" and then start cutting the words into something like: Barebone Fanless Mini ITX PC j1800/1900, or so. But that's only me.

So, at Aliexpress.com it looks like this:

As said, the form-factor is mini-ITX making it a tiny box on the desk. In real life, it looks the same than above marketing material (sorry, pics aren't too good, no DSLR available):

I have no idea who would need 3 x D9 RS-232 -ports, but there they are. My own spec was only to have at least two RJ-45 for Ethernet. This puppy has them with 1Gbit/s speed, adding HDMI and USB-3 on top of that, which are really handy.

Inside the box:

As you can see, there isn't much space around the 17x17 cm mini-ITX -board. The biggest one in the pic is the black cooling block on top of Celeron® J1900 CPU. Close up from the internals:

From left to right:

• Broadcom BCM943224HMP Wi-Fi adapter
• 64 GiB HoodiskmSATA SSD
• Realtek RTL8168evl dual Ethernet connectors

There is some airspace for cooling inside the box:

For PSU there is an external transformer pushing in 12 VDC at 3 amps:

There is a commonly used IEC C13 on the other end of the transformer to make it easier to plug the thing into your country's choice of wallsocket.

I've been running the box for almost a month now, and I'm very pleased with it. The green power-on LED is way too bright. On a dark room, it illuminates everything with green, but other than that I got the perfect box for a router. As these low-budget boxes are easily available, it's mostly about choosing the most suitable one. Apart from having more than one Ethernet RJ-45, one of my selection criteria for this one was, that the manufacturer didn't take any second guesses about the CPU-cooling. It's easily the biggest block I could find among the competition. On top of that, the manufacturer did deliver the unit from UK-storage quite rapidly. What I missed from seller's page was the fact, that deliveries were made from tax-free -zone. I had to pay Swedish VAT for DHL on top of the purchase price.

Looks like I've been nice, as Santa Claus brought me a nice present. A Mini Arcade Machine!

By the looks of it, it must be some sort of Android device placed into an arcade cabinet.

There are 240 games to play, but none of them are well-known titles. Obviously, they didn't want to pay any royalties for using the names. However, all the games are classic ones which I've played couple decades ago.

What I was expecting to see is a HDMI-output, but there is none. All the gaming needs to be done on a tiny screen.

As usual, I got an e-mail from my NAS-box stating, that it has a new firmware upgrade QTS 4.3.3.0404 build 20171213.

It had the usual release notes telling the changes. What really caught my attention was:

QTS 4.3.3 is the final available firmware update for the following models: TS-419U II

WHAAT! Just out of the blue, my model was obsoleted piece of junk!

The actual full list of models is: TS-112P, TS-212P, TS-212-E, HS-210, TS-112, TS-212, TS-121, TS-221, TS-421 TS-120, TS-220, TS-420, TS-420U, TS-421U TS-412, TS-412U, TS-419U, TS-419U+, TS-419U II, TS-119P II, TS-219P II, TS-419P II, TS-119P+, TS-219P+, TS-419P+, TS-119P, TS-219P, TS-419P, TS-119, TS-219, TS-419

So, only the recent QNAP boxes were maintained from this point on. Darn! My take on their decision to stop maintaining all the old models is, that initially they barely maintained them at all. In fact, QNAP got burned seriously on not acting: 0-day: QNAP NAS Devices suffer of heap overflow. In less than two years they managed to get that one fixed. They received information on 1st Feb 2016, stalled on the fix and after 12 months somebody else stumbled into the same flaw and after QNAP failed to receive the information about it, he released into public. QNAP managed to the fix out at 14th Feb 2017.

To me that action (read: lack of it) means, that they did not have a protocol in place for a situation where a security flaw would be found in one of (read: all of) their main products sold to general public. While spewing out unfounded allegations here, I'm pretty confident, that it wouldn't have made any difference if the security flaw was in their internal systems. Also, I'm sure, they did not act on the initial report as the author was well-behaving and extended his grace period on QNAP's request. Unfortunately to QNAP, their security reporting system wasn't maintained and it didn't work at the time of second finding, so the information leaked quite soon.

After all this commotion, they chose to create processes, assign personnel to it and start maintaining their products, they suddenly realized, that IT'S HARD WORK! Oh really! Rest of the world knows it already. But that's what you need to do when you are in device manufacturing business. World is full of non-maintained IoT-junk, as this Twitter-feed points out.

Ok, enough rant. Now I have a decision to make. What to do with a perfectly good NAS-box. Suggestions are welcome.

I've never disassembled an Apple laptop. A while back I got a chance to peek into one, as I was summoned to add more SSD-capacity into an Air. As you can see from the spec, it is a rather early model of Air. But hey, Apple hardware is quite robust and the value you get for your money is huge. So, after 7 years of usage, it is still worth replacing the SSD with a bigger one.

The instructions for this can be found from EveryMac.com, but I'll describe my experiences here. Also having video instructions only is not something I'd like to see. A high quality picture has its value too.

Prepare job

• Make sure there is a restorable Time Machine backup of the laptop.
  • If you don't care for the data on the machine, this is not necessary.
• Make sure you can boot the device from an USB-stick:
  • You can restore entire SSD content from Time Machine.
  • You can do a fresh install to the new SSD

Part job

A new SSD is needed. Given the availability and low price, a Transcend 240GB JetDrive 500 SATAIII 6Gb/s Solid State Drive Upgrade Kit for Select MacBook Air Models (TS240GJDM500) was selected.

Getting one from Amazon.de was a painless and fast operation. Initially, I was wondering why would be selling an "external" replacement part, because the SSD I wanted to replace is surely inside the Mac. It surely has to do something with making an Apple spare part available. Normally parts are not available for general public.

To pop open an MacBook Air, you will need a pentalobe TS4 screwdriver, and to disconnect the SSD from the motherboard, a Torx T5 screwdriver is needed. Both of which are known to hardware hackers, but not commonly owned by general public. Luckily somebody knows this, and in the box with the new SSD both are there:

Replacement job

Popping the hood of a mac is almost a no-operation. There are 10 pentalobes there, remove them and the lid will open easily. After all the years of usage, there was some dust in the CPU-fan, so I carefully removed all that before proceeding.

When the guts are seen, first task is to remove the battery connector. This ensures, that the motherboard and SSD are shut down during the operation. The connector can be disconnected quite easily without any tools:

Target-of-the-day, SSD, can be located right next to CPU:

The arrow points to the Torx T5. That is the only screw holding the SSD in place. Since I had a cool aluminium external case for the SSD, of course I placed the old SSD there:

The new Transcent SSD looks like this. Exactly what the original Samsung:

After that it's just to flip the lid back on and tighten 10 pentalobes.

Entire hardware job was completed in 15 minutes. That part was designed to be replaced!

macOS job

Now we have a laptop with a completely blank SSD in it. Of course I had to test it, but it really doesn't do much on boot. The only real option was to insert an USB-stick and press the Option-key to get the boot menu, select the USB-stick and then get to the Install/Upgrade -menu. Select Disk Utility from that:

As expected, the new drive is unitialized and you cannot select a device with that status as macOS install destination.

Since Apple engineers are quite smart, to convert an uninitialized drive to an intialized one, the operation needed is to erase it. WHAT! Yes. To repeat, the operation is to erase the drive. The drive is completely empty, it does not have a partition table, file system or data in it, but in their infinite wisdom Apple engineers have decided, the only way I  can initialize the new SSD is by making double-sure there is nothing on it.

The erase will take a lot of time. Most if it, the installer tries to do something erase-related to it, but keeps failing miserably mainly due to lack of partition table. After the erase completes, there is a file system and regular macOS install can proceed. I chose to restore the machine from a TM-backup:

That really took couple hours and I didn't want to eyeball that through.

Job well done!

First boot from newly installed SSD, from restored machine image was success. First login indicated no changes at all. It was just like this machine was running as-is.

Ultimately a great success (like Borat would say)!

If you're lucky enough to get to go to a really cool event, it may be handing out a Xyloband to everybody attending it.

For those who've never heard of a Xyloband, go see their website at http://xylobands.com/. It has some sample videos, which this screenshot was taken from:

See those colourful dots in the above pic? Every dot is a person having a Xyloband in their wrist.

The thing looks like this:

As you can see, mine is from King's Kingfomarket, Barcelona 2017. There is an YouTube video from the event, including some clips from the party at https://youtu.be/lnp6KjMRKW4. In the video, for example at 5:18, there is our CEO having the Xyloband in his right wrist and 5:20 one of my female colleagues with a flashing Xyloband. Because the thing in your wrist can be somehow remote controlled, it will create an extremely cool effect to have it flashing to the beat of music, or creating colourful effects in the crowd. So, ultimately you get to participate in the lighting of the venue.

After the party, nobody wanted those bands back, so of course I wanted to pop the cork of one. I had never even heard of such a thing and definitely wanted to see what makes it tick. Back of a Xyloband has bunch of phillips-head screws:

Given the size of the circular bottom, a guess that there would be a CR2032 battery in it is correct:

After removing the remaining 4 screws, I found two more CR2016 batteries:

The pic has only two batteries visible, but the white tray indeed has two cells in it. Given the spec of a button cell (https://en.wikipedia.org/wiki/Button_cell), for a CR-battery it says: diameter 20 mm, height 3.2 mm. So, if you need 6 VDC voltage instead of the 3 VDC a single cell can produce, just put two CR2016 instead of one CR2032. They will take exactly the same space than a CR2032, but will provide double the voltage. Handy, huh! My thinking is, that 9 VDC is bit high for a such a system. But having a part with 6 volts and another part with 3 volts would make more sense to me.

Plastic cover removed, the board of a Xyloband will look like this:

Nylon wristband removed, there is a flexing 4-wire cable having 8 RBG LEDs in it:

The circuits driving the thing are:

Upper one is an Atmel PLCC-32 chip with text Atmel XB-RBG-02 in it. If I read the last line correctly, it says ADPW8B. Very likely a 8-bit MicrocontrollerAtmel tailored for Xylobands to drive RBG-leds.

The radiochip at the bottom is a Silicon Labs Si4362. The spec is at https://www.silabs.com/documents/public/data-sheets/Si4362.pdf. A quote from the spec says:

Silicon Labs Si4362 devices are high-performance, low-current receivers  covering the sub-GHz frequency bands from 142 to 1050 MHz. The radios are part of the EZRadioPRO® family, which includes a complete line of transmitters, receivers, and transceivers covering a wide range of applications.

Given this, they're just using Silicon Labs off-the-shelf RF-modules to transmit data to individual devices. This data can be fed into the Microcontroller making the RBG LEDs work how DJ of the party wants them to be lit.

While investigating this, I found a YouTube video by Mr. Breukink. It is at https://youtu.be/DdGHo7BWIvo?t=1m33s. He manages to "reactivate" a different model of Xylobands in his video. Of course he doesn't hack the RF-protocol (which would be very very cool, btw.), but he makes the LEDs lit with a color of your choosing. Of course on a real life situation when driven by the Atmel chip, the RBG leds can produce any color. Still, nice hack.

Roughly 4 years ago, I blogged about a battery change to my UPS. The post is at APC Smart-UPS battery change. My unit eats APC Replacement Battery Cartridge #7 as replacment, and they are generally available in the net. The price point is there, such a replacement costs 250,- € easily. Much more, if you're not careful.

Couple years after publication Mr. Oliver commented my post (https://blog.hqcodeshop.fi/archives/195-APC-Smart-UPS-battery-change.html#c2000) about getting a pair of Yasa NP7-12 batteries. In his comment, he posted a PDF-spec http://www.yuasabatteries.com/pdfs/NP_7_12_DataSheet.pdf. Just by eyeballing the details, it became obvious, that there is no way in freezing hell, to be able to use that particular battery unit as replacment.

While I dismissed the suggestion quickly, Mr. Oliver succesfully incepted the idea (if somebody hasn't seen Inception, you missed my point there). In life, there are situations where the plan is a crappy one to begin with. On the other hand, sometimes the plan is rock solid, but implementation falls short. For best results, a good plan and good implementation is needed. So, I decided to investigate this battery replacement thingie and come up with a good plan. Initially it was more like a wish, I had no way of knowing how my chips would fall out.

The Investigation

So, when yanked out of the UPS, a APC Replacement Battery Cartridge #7 looks like this:

During the 4 years of running, it gathered some amount of dust. If I would care, I would have cleaned the worn out unit before taking the pics, but ... naah. And if you want to know how to actually yank it out, see my previous post.

In a glance, the #7 doesn't have any moving parts in it. There is nothing to remove, nothing to un-screw. But a closer inspection reveals some plastic covers just attached to the battery with a two-sided tape:

Yes! I'm, getting somewhere here. A close-up on the battery connectors:

The battery connectors have holes in them and there is a M6-screw running trough them. A 10mm wrench and a PH2 screwdriver will do magic there.

Finally I had all the parts separated:

There was some adhesive tape to make the two batteries stick together. As all the connector bits were removed, I just applied brute force to separate the lead acid batteries from each other.

The Plan

Battery used by APC:

A Hitachi Chemical Energy Technology Co. Ltd, GP12170. Spec is at: http://www.csb-battery.com/english/01_product/02_detail.php?fid=5&pid=13

My simple plan was to:

1. Find out if a suitable replacement battery was available. Mr. Oliver suggested that the price range would be £30,-
2. Get the replacement batteries
3. Apply some adhesive tape and screw the APC-connector bits and their plastic covers back
4. Plug the refurbished unit back to my UPS and admire the results (success of failure)

The Implementation

Finding and getting the replacment units

Nope. Just by googling, I didn't find that particular GP 12170 battery anywhere where the shipping costs wouldn't kill me. Lead acid batteries are heavy, as in expensive to ship, remember, the lead-part there.

• Since asking doesn't hurt, I just popped by my local battery-guy at Akku-Arkka Oy.
• His first question was: "Which lawnmower did your take that from?"
• I was in luck! He had suitable units in stock. For some reason, they are sold as a twin-box:
  
• Obviously, a twin-box is exactly what I needed for this purpose!

Assembly

At this point, my plan was coming together.

1. I just got some two-sided tape, stuck some of that on the side of the battery and stuck the other battery to the tape to form a single unit.
2. I screwed the APC-bits back to the connectors. Even the holes were precisely the same size.
3. More two-sided tape to the top and battery connectors were nicely covered.

I didn't bother taking any pics of this. My final result looked un-surprisingly like the original APC-unit.

Plugging it in & testing

Since these quality UPS-things have hot-swappable batteries, the UPS-unit was running my computers all the time since the batteries failed, I removed the old battery-pack and finally was about to test the new battery-pack. The obvious risk at this point was if I made a mistake and my UPS would completely fry because of that.

But no, it didn't happen. Everything worked perfectly! My APC utilities on Linux indicated following:

# apcaccess
APC      : 001,043,1009
DATE     : 2018-05-20 13:03:11 +0300
VERSION  : 3.14.14 (31 May 2016) redhat
CABLE    : USB Cable
DRIVER   : USB UPS Driver
UPSMODE  : Stand Alone
STARTTIME: 2018-05-20 13:03:07 +0300
MODEL    : Smart-UPS 1500
STATUS   : ONLINE
LINEV    : 234.7 Volts
LOADPCT  : 13.6 Percent
BCHARGE  : 100.0 Percent
TIMELEFT : 91.0 Minutes

Finally

Looks like all the lead-acid batteries in world come from Vietnam. See article Is Vietnam the new China for lead-acid battery manufacturers? about that.

I saved ~150,- € by doing this instead of going for the official unit. Nice!

Today, I'm combining to previous post into a new one. I've written earlier about going fully Let's Encrypt and the problems I have with them. Now that I'm using them, and those certs have ridiculously short life-span, I need to keep automating all possible updates. That would include the IPMI 2.0 interface on my Supermicro SuperServer.

Since Aten, the manufacturer of the IPMI-chip chose not to make the upload of a new certificate automateable (is that a word?), I had to improvise something. I chose to emulate web browser in a simple Python-script doing first the user login via HTTP-interface, and then upload the new X.509 certificate and the appropriate private key for it. Finally the IPMI BMC will be rebooted. Now its automated!

So, the resulting script is at https://gist.github.com/HQJaTu/963db9af49d789d074ab63f52061a951. Go get it!

This is a weird one. Beginning of this year Qnap made a choice to EOL my NAS-box. I posted about that at the time. Well, that happens. Its just that my current box works for me and all, I don't necessarily need a new one.

Without announcing anything, I got a firmware upgrade for it! Actually, I got two. Initially I assumed to be hallucinating or something. On a 2nd time I had to confirm my original blog post, that EOL really did happen.

Today on their EOL-page (or Product Support Status) https://www.qnap.com/en/product/eol.php they state:

Model: TS-419U II
Hardware Repair or Replacement: Full
OS and Firmware Updates and Maintenance: 2017-12 (QTS 4.3.3)
Technical Support and Security Updates: 2020-12

What the ... happened? Now they're announcing (or NOT announcing, informing) to provide full support until end of year 2020. Well, maybe I should go purchase a new one anyway.

Now that my new PC is done (see my previoius post and Larpdog's Twitch https://www.twitch.tv/videos/319110553):

It's finally time to make some space to my old junk storage. I found two of my previus PCs there, which finally need to go to SER.

When reading this, please understand that I do own other PCs too. Also, I have owned more PCs than I currently run and these two heading out, its just that I don't have those ones anymore to write a blog post about.

New PC - 2018 - Reference

Just to get the difference, I'll post couple bad still images from my new PC:

Both pictures are actually crappy for a number of reasons. First, a Noctua NH-D15 CPU-cooler is huge. It weighs 1.3 kg and is 16 cm tall measured from top of CPU to top of Noctua's fans. It takes 16 x 15 x 15 cm space from the PC case, just to make sure there is proper air flow for the heatpipes coming from the CPU. For photography, it means everything else is hidden by it. Ufffff!

Then Asus motherboard has an aluminium shielding covering everything. That's most likely for EMC protection and heat management. In a properly cooled PC-case, black aluminium transfers heat out of the motherboard faster. Also, a Fractal Design PC-case is pitch black. What I have here is a black picture of blackess on black.

Finally, also the graphics card is quite a beast. It takes 30 cm in lenght and is over 5 cm thick. Yet again covering everything inside the PC, that would be worth looking at. So, this 2018 PC is visually quite boring. Maybe that's why people love having some sort of light show inside their transparent case. Ufffff! My case doesn't have any transparent parts in it, no PC-disco for me, thanks.

PC 1 - DualCore from years 2002-2008

This one I used in couple of hardware configurations for many many years. Mostly with Windows XP.

After serving me well, I decommissioned this around end of year 2008. There are changed files in early 2009, but it looks like I haven't used this PC since. It has been mostly gathering dust in storage.

CPU

Spec:

• Intel® Core™2 Duo Processor E8500, S775 Dual Core, 3.16GHz, 6MB, 1333MHz
• Launch: 2001/08
• Cores: 2
• 6M Cache
• 3.16 GHz
• 1333 MHz FSB
• Socket 775

Details are at Ark Intel.com https://ark.intel.com/products/33911/Intel-Core-2-Duo-Processor-E8500-6M-Cache-3-16-GHz-1333-MHz-FSB-

It was my 2nd PC running 64-bit AMD64-instruction set. Mighty powerful at the time, still less powerful than my iPhone 8 today. It looks like this with Intel's boxed CPU-cooler:

Board

The motherboard for this project is an Asus P5Q3 Deluxe/WIFI-AP:

More details are at Asus' website: https://www.asus.com/Motherboards/P5Q3/specifications/

This board was my first ever desktop to have embedded Wi-Fi in it. Not that I needed it, nor ever used it.

Graphics card

Given the fact, that I never like putting enormous amounts of money into GPU's, so this one has a Club-3D Radeon 9800 PRO 128MB DDR GDDR:

The manufacturer's fan on top of the GPU was a piece of junk. I had to replace it in a year or so. Also, note the S-Video output between standard VGA D15 and DVI-D. Before HDMI, hooking up a PC to an everyday TV was tricky. S-Video was one of the supported connectors in TVs having multiple SCART-connectors.

Also looking at the pics of the CPU-cooler and the graphics card make me laugh. There is almost no cooling at all in neither. Also the simpliness of graphics card is something that really sticks out. Modern cooling, especially in graphics cards, looks HUGE!

One notable thing to mention, is that this graphics card connected to the MoBo via PCI-express 2.0 x16 and having DirectX 9.0 hardware acceleration making it pretty fast. Given, that 10 years newer PC has PCIe 3.0 x16, the bus speeds really haven't improved that much during those year. For curious ones, I googled up some specs for it: https://icecat.biz/en-in/p/club3d/cga-p988tvd/graphics-cards-RADEON+9800+PRO+128MB+DDR-113233.html

PC 2 - Pentium from years 1994-1998

Ok, this baby is an old one! To make it really ancient, it even runs IBM OS/2 as operating system. Those padawans who don't know what an OS/2 is, just hit to Wikipedia for https://en.wikipedia.org/wiki/OS/2. During the active years in servie, I recall upgrading the CPU once, doubling the RAM once and swapping the GPU-card to a faster one. This is the oldest hardware I have, and didn't create any records at the time. For anything newer, I have proper records of the history in my wiki.

CPU

Spec:

• Intel® Pentium® Processor 150 MHz, 60 MHz FSB
• Launch: 1996/01
• Cores: 1
• 8 + 8 KiB Cache
• 150 MHz
• 60 MHz FSB
• Socket 7

Details are at Ark Intel.com https://ark.intel.com/products/49958/Intel-Pentium-Processor-150-MHz-60-MHz-FSB

This old puppy has one distinguishing feature: it is Spectre/Meltdown-proof! As it doesn't have any kind of prediction or jump analysis in it, it cannot be fooled. Actually, there is nothing in it to make it run faster. It is a product of an era when everything was made faster by adding megaherz (note: not gigaherz) to base frequency.

The installed CPU with Intel's boxed cooler looks like this:

Please, notice how a heatsink and a fan on top of it are almost 20 mm high!

Also, don't confuse this Pentium to any of the modern day CPUs Intel calls Pentium. This one was really one of the first ever manufactured Pentiums. Initially this had a slower Pentium in it (I think 90 MHz), just getting an upgrade was inexpensive at the time.

Board

Motherboard is a Asus P/I-P55T2P4. Some specs of it can be found from: https://www.asus.com/supportonly/PI-P55T2P4/HelpDesk_CPU

Layout of the board is:

Note how this is clearly a PCI-era board, but it still has three ISA-slots in it. And please, don't confuse PCI for a modern PCI-express. That's probably why, the word "conventional" is used in Wikipedia article of PCI: https://en.wikipedia.org/wiki/Conventional_PCI

GPU-card

Oh, this is a trip to memory lane. Card is a S3 Trio64V+. Some information about this relic is at https://en.wikipedia.org/wiki/S3_Trio and http://www.vgamuseum.info/index.php/cpu/item/359-s3-trio64v.

The card looks like this:

Note how I have Scotch Tape on two holes of the mounting bracket. Reason is simple, back in the 1990s we didn't know how air in a PC case should flow and we had it wrong. Sucking air trough graphics cards (or any other necessary components) is not smart and that's why its done differently today.

This particular card first appeared in 1995 and I've been using it for couple of years around that time. S3 was a really successful graphics company and their products were really good at the time. Also, at the time companies did design and manufacture their own cards. Today manufacturers just release specs and reference designs for the actual manufacturers to do the heavy lifting.

For brief history of GPUs in the 90s, read something like From Voodoo to GeForce: The Awesome History of 3D Graphics @ PC Gamer. Just like CPUs, also GPUs have gone giant leaps during past 20 years.

If you've never heard of company called S3 Graphics, go educate your self at https://en.wikipedia.org/wiki/S3_Graphics. Brief highlights are January 1989, founding of the company, November 2000 at point where S3 had officially been outran by competition, they changed their name to SONICBlue. And finally March 2003, when filed for Chapter 11 bankruptcy. They had their moment, but given the fierce competition by Nvidia and Ati and Matrox and many others, they just couldn't keep up with the technological advances fast enough to be able to offer interesting products to customers. Today, what remains of S3 is part of HTC, the Chinese cellphone manufacturer.

Ok, the junk's gone - What then?

Yes, it cleaing up doesn't end here. I still have ~1000 floppy discs in storage. Now that PCs having a 5.25" or 3.5" drive are gone, I'll keep cleaning some more. Maybe I should take a peek into some of those floppies to see if there is anything valuable in them.

Also, I have the images of the OS/2 hard drives. Next I need to figure how to read them.

Whenever there are new toys, I'm excited! Now that I have new iPhone 8, there is no other way to phrase it: it IS same as 7, which was same as 6. The observation Woz pointed out when X and 8 came out:

I’m happy with my iPhone 8 — which is the same as the iPhone 7, which is the same as the iPhone 6, to me.

Here are the comparison pics:

Last year around this time, I wasn't especially impressed when I got my 7. See and/or read it at /archives/345-New-toys-iPhone-7.html. This year, I'm kinda hoping to still have my 6. The good part is, that I won't have to pay for these toys myself. If I would, I would be really really disappointed.

The other day I realized, that my mobile subscription has a voicemail. Since its a corporate one, I really cannot control it much, it just ... well ... is.

This existence of voicemail became evident for a simple reason. Somebody left me a message there. Ufff! Why! Personally I hate those 70s relics. If you cannot get a hold of me, just send a SMS or an email! ... People... They just don't get it.

So. I had an easy task, go listen the message. In an iPhone, there is a Voicemail menu:

Tapping the "Call Voicemail" does absolutely nothing. Eventually I did find the voicemail number from my subscription paperworks. That is, if I really was interested in the message, but I wasn't. Being a geek, I wanted to get my iPhone to do what the button caption says. To Call Voicemail.

Apparently that is something my Telco should fix. Or, that's how its done in the Big World. No such joy for me. After a good while of googling around, I found bunch of codes, which actually didn't either work, or do anything useful on an iPhone. Finally, I bumped into an ancient Apple community discussion with topic Q: iphone 5 change/add voicemail number? This user had been instructed the following:

I have just been in contact with Orange regarding this they advised to dial:
*5005*86*123#

This will set the voicemail number to 123 (orange) so hopefully (i've not tested) you can just put your voicemail number inplace of 123!

Yes! Doing a *5005*86*<my voicemail number here># does the trick for my iPhone 8 running iOS 12.1.

While at it, I googled more and found article iPhone codes from the same era.

For a complete list of generic mobile phone Unstructured Supplementary Service Data (USSD), or "Quick Codes" or "Feature codes" see Wikipedia article https://en.wikipedia.org/wiki/Unstructured_Supplementary_Service_Data#Code_table.

This is where an angle grinder meets aluminium.

Angle grinding through a 3.5" hard drive case, spinning platter and controller electronic circuitry will produce enough heat and metal scraps to produce an absolutely unrecoverable hard drive. The magnetic coating containing the actual data doesn't like any kind of dirt, metal chips nor rapid heating.

Funny thing: One of the IBM drives was from era of glass platters. I had no idea about that at the time. Ear protection and noise made sure of that. Afterwards the glass platter was shattered into small pieces making the hard drive sound like a jingle bell. There was a small time slot when glass was used in drives to improve data density. Later manufacturers learned to smooth the aluminum platters beyond glass ones and abandoned the brittle materials.

Electronic equipment recycling - expect me to show up with couple pieces of dismantled electronics.

Most of us have a credit card (or debit) for payment purposes. As I love tech, technically speaking, it is laminated polyvinyl chloride acetate (PVCA) piece of plastic conforming to ISO/IEC 7810 ID-1.
What's in a card is:

• The standard-compliant plastic frame
• ISO/IEC 7816 smart card with 8-pin connector
• ISO/IEC 14443 RFID chip and antenna for contactless payments
• (optional, deprected as insecure) ISO/IEC 7811, 7812 and 7813 compliant magnetic strip

The reason I got interested about this begun when I got a new debit card. Anybody having one of these cards know, that they do expire eventually. My bank sends me new one roughly one month before expiry, at which point I tend to destroy the old one into very small pieces to avoid some garbage digging person to be able to exploit my information.

This time, I took couple of pictures of it first (then I destroyed it) to publish in the Internet.
Waitaminute!
You're not supposed to post an image of your credit card! See https://cheezburger.com/8193250816 for a my-new-credit-card fail.

No, I'm not going to do that, instead:

Notice how couple years of usage made the card crack and laminated back and top parts of the card started peeling off. The lamination process failed somehow. Maybe the superglue wasn't super enough, or something similar. I've never seen such a thing happen before.

Here goes: I publicly posted pictures of my old debit card! Obviously, before doing that, I redacted my card number. Also, I'm not going to publish image of the back side having the CVC validation number and my signature. For those curious why I din't redact all 16 digits, the first four are not that important, because its kinda obvious the card is a Visa (first digit 4) and in Finland all Visa cards are issued by Nets Oy (formerly Luottokunta). For card numbers, see https://stevemorse.org/ssn/List_of_Bank_Identification_Numbers.html, a page rejected by Wikipedia, but resurrected from Archive.org

Points of interest in card images:

1. ISO/IEC 7816 smart card
   • All of the chip in the top slice of the card.
   • The chip is bit thicker then the top slice of the card. There is a shallow dent in the back slice to make room for the smart card chip.
2. RFID antenna for contactless payment.
   • It's EVERYWHERE! I never realized how much antenna is required to power the RFID chip.
   • If you would follow the silver antenna, it would make a very long track around the card. It will never cross. This is required to form a long loop. For those not familiar with physics and electricity, it forms a solenoid which will produce current when moving in a magnetic field (payment reader).
   • There is antenna both sides of the back-slice. Sides are connected in two points, 2 and 3.
   • Most of the antenna is around the 7816 smart card chip. That's why people are instructed to put the smart card into contactless payment terminal.
   • I think (please correct me, if I think wrong) the RFID-chip is very near the smart card chip.
3. I think (please correct me, if I think wrong) there are ten capacitors to first absorb electric current from the payment terminal magnetic field via solenoid and store it into the capacitors for the chip to do it's magic of EMV-payment. The transaction will last less then a second, so not much is needed.
4. The back-side antenna
   • Connected to front-side antenna in 2.

Bonus

If you really, really want to, you can tear your card apart and make a ring out of it:

Read all about that Man dissolves credit card to make contactless ring.

A while back I got my hands on a nice PCIe 2.0 network interface card.

The thing looks like this:

In theory, that's an extremely cool piece to run in one of my Linuxes. Two 10 gig ethernet ports! Whoa!

Emphasis on phrase "in theory". In practice it's just a piece of junk. That's not because it wouldn't work. It does kinda work. I have to scale down the DDR3 RAM speed into 800 MHz just to make the hardware boot. Doing that will get 12 GiB RAM out of 16 available. Something there eats my PCIe lanes and forces them to work at unacceptable low speeds.

This is a serious piece of hardware, for example in Amazon.com the going price for such item is $340 USD. Given the non-functional state of this, I got this with a fraction of it. Given my personal interest in such toys, I had to go for it. This time it didn't pan out.

Maybe HPE support site phrase for this at https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03663929 explains it all: "PCIe 2.0 compliant form factor designed for HPE ProLiant servers". I'm not running it on a HP ProLiant.

On a Linux, it does work ok. Kernel driver bnx2x detects and runs the NIC instantly. Linux lspci info:

# lspci -s 02:00.0 -vv -n
02:00.0 0200: 14e4:168e (rev 10)
  Subsystem: 103c:18d3
  Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
  Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR-   Latency: 0, Cache Line Size: 64 bytes
  Interrupt: pin A routed to IRQ 17
  Region 0: Memory at f4000000 (64-bit, prefetchable) [size=8M]
  Region 2: Memory at f3800000 (64-bit, prefetchable) [size=8M]
  Region 4: Memory at f4810000 (64-bit, prefetchable) [size=64K]
  Expansion ROM at f7580000 [disabled] [size=512K]
  Capabilities: [48] Power Management version 3
    Flags: PMEClk- DSI- D1- D2- AuxCurrent=0mA PME(D0+,D1-,D2-,D3hot+,D3cold-)
    Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=1 PME-
  Capabilities: [50] Vital Product Data
    Product Name: HPE Ethernet 10Gb 2P 530T Adptr
    Read-only fields:
      [PN] Part number: 656594-001
      [EC] Engineering changes: A-5727
      [MN] Manufacture ID: 103C
      [V0] Vendor specific: 12W PCIeGen2
      [V1] Vendor specific: 7.15.16
      [V3] Vendor specific: 7.14.38
      [V5] Vendor specific: 0A
      [V6] Vendor specific: 7.14.10
      [V7] Vendor specific: 530T
      [V2] Vendor specific: 5748
      [V4] Vendor specific: D06726B36C98
      [SN] Serial number: MY12---456
      [RV] Reserved: checksum good, 197 byte(s) reserved
    End
  Capabilities: [a0] MSI-X: Enable+ Count=32 Masked-
    Vector table: BAR=4 offset=00000000
    PBA: BAR=4 offset=00001000
  Capabilities: [ac] Express (v2) Endpoint, MSI 00
    DevCap: MaxPayload 512 bytes, PhantFunc 0, Latency L0s <4us, L1 <64us
        ExtTag+ AttnBtn- AttnInd- PwrInd- RBE+ FLReset+ SlotPowerLimit 75.000W
    DevCtl: CorrErr+ NonFatalErr+ FatalErr+ UnsupReq+
        RlxdOrd- ExtTag+ PhantFunc- AuxPwr+ NoSnoop+ FLReset-
        MaxPayload 128 bytes, MaxReadReq 512 bytes
    DevSta: CorrErr+ NonFatalErr- FatalErr- UnsupReq+ AuxPwr- TransPend-
    LnkCap: Port #0, Speed 5GT/s, Width x8, ASPM L0s L1, Exit Latency L0s <1us, L1 <2us
        ClockPM+ Surprise- LLActRep- BwNot- ASPMOptComp+
    LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+
        ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
    LnkSta: Speed 5GT/s (ok), Width x8 (ok)
        TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
    DevCap2: Completion Timeout: Range ABCD, TimeoutDis+, LTR-, OBFF Not Supported
         AtomicOpsCap: 32bit- 64bit- 128bitCAS-
    DevCtl2: Completion Timeout: 50us to 50ms, TimeoutDis-, LTR-, OBFF Disabled
         AtomicOpsCtl: ReqEn-
    LnkCtl2: Target Link Speed: 2.5GT/s, EnterCompliance- SpeedDis-
         Transmit Margin: Normal Operating Range, EnterModifiedCompliance- ComplianceSOS-
         Compliance De-emphasis: -6dB
    LnkSta2: Current De-emphasis Level: -3.5dB, EqualizationComplete-, EqualizationPhase1-
         EqualizationPhase2-, EqualizationPhase3-, LinkEqualizationRequest-
  Capabilities: [100 v1] Advanced Error Reporting
    UESta: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
    UEMsk: DLP- SDES- TLP- FCP- CmpltTO- CmpltAbrt- UnxCmplt- RxOF- MalfTLP- ECRC- UnsupReq- ACSViol-
    UESvrt: DLP+ SDES+ TLP- FCP+ CmpltTO- CmpltAbrt- UnxCmplt- RxOF+ MalfTLP+ ECRC- UnsupReq- ACSViol-
    CESta: RxErr- BadTLP- BadDLLP- Rollover- Timeout- AdvNonFatalErr+
    CEMsk: RxErr- BadTLP+ BadDLLP+ Rollover+ Timeout+ AdvNonFatalErr+
    AERCap: First Error Pointer: 00, ECRCGenCap+ ECRCGenEn- ECRCChkCap+ ECRCChkEn-
        MultHdrRecCap- MultHdrRecEn- TLPPfxPres- HdrLogCap-
    HeaderLog: 00000000 00000000 00000000 00000000
  Capabilities: [13c v1] Device Serial Number d0-67-26---------------
  Capabilities: [150 v1] Power Budgeting
  Capabilities: [160 v1] Virtual Channel
    Caps: LPEVC=0 RefClk=100ns PATEntryBits=1
    Arb: Fixed- WRR32- WRR64- WRR128-
    Ctrl: ArbSelect=Fixed
    Status: InProgress-
    VC0: Caps: PATOffset=00 MaxTimeSlots=1 RejSnoopTrans-
        Arb: Fixed- WRR32- WRR64- WRR128- TWRR128- WRR256-
        Ctrl: Enable+ ID=0 ArbSelect=Fixed TC/VC=01
        Status: NegoPending- InProgress-
  Capabilities: [1b8 v1] Alternative Routing-ID Interpretation (ARI)
    ARICap: MFVC- ACS-, Next Function: 1
    ARICtl: MFVC- ACS-, Function Group: 0
  Capabilities: [1c0 v1] Single Root I/O Virtualization (SR-IOV)
    IOVCap: Migration-, Interrupt Message Number: 000
    IOVCtl: Enable- Migration- Interrupt- MSE- ARIHierarchy-
    IOVSta: Migration-
    Initial VFs: 16, Total VFs: 16, Number of VFs: 0, Function Dependency Link: 00
    VF offset: 8, stride: 1, Device ID: 16af
    Supported Page Size: 000005ff, System Page Size: 00000001
    Region 0: Memory at 00000000f4820000 (64-bit, prefetchable)
    Region 4: Memory at 00000000f48a0000 (64-bit, prefetchable)
    VF Migration: offset: 00000000, BIR: 0
  Capabilities: [220 v1] Resizable BAR
  Capabilities: [300 v1] Secondary PCI Express
  Kernel driver in use: bnx2x
  Kernel modules: bnx2x

If anybody has any suggestions/ideas what to try, I'll be happy to test any of them. Also, my suggestion for anybody planning to get one is to NOT pay any money for it.

Every one of use will eventually end up in a situation where old mobile device is upgraded to a new one. Most of us can manage getting the new one working without problems. There are backups somewhere in the cloud and the new device will have the intial setup done from the backup and everything in the out-of-the-box experience will go smoothly.

But what about the old one? You might want to sell or give or donate the perfectly functioning piece of hardware to somebody who wants it more. But not without your data, accounts and passwords!

Apple support has this HT201351 article What to do before you sell, give away, or trade in your iPhone, iPad, or iPod touch. It instructs you to do a full erase of the device, but doesn't go too much into the details.

Personally, I've struggled with this one a number of times. So, I decided to record the full sequence for me and anybody else needing it. Here goes!

Start with Settings, General. In the bottom of General-menu, there is Reset. That's your choice. For curious ones, you can go see the menus and choices without anything dangerous happening. You WILL get plenty of warning before all your precious data is gone.

In Reset, there are number of levels of reseting to choose from. You want to go all the way. To erase every single bit of your personal data from the device. To get that, go for Erase All Content and Settings.

You will have two separate warnings about your intent to destroy your data. Even if you pass that gateway, there is more. Nothing will be erased until a final blow.

The final thing to do is to inform Apple, that this device won't be associated to your Apple ID anymore. For that, your password will be needed. This is the final call. When you successfully punch in your password,  then the big ball starts rolling.

When you see this, you're past point-of-no-return.

It takes a while to erase all data. Wait patiently.

When all the erasing is done, the device will restart and it will go for the out-of-the-box dialog. This is where new user needs to choose the user interface language, network and associate the device with their own Apple ID.

Randomness in computers

You don't need to know much about computers to understand, that computers cannot do random things. Yes, all programming languages and libraries do offer you a rand()-function to emulate randomness. However, the resulting output will follow the carefully crafted programming implementing this "randomness". The most trivial pseudo-random functions will merely provide a sequence of numbers appearing random, but this sequence can be reset to start from beginning making the "randomness" predicatable. That's not really very random, huh!

Improved randomness in computers

To be fair, there does exist improved pseudo-random algorithms which take their initial seed-values from something volatile (time is one such volatile parameter) making the quality of randomness better. Still, even high-quality pseudo-random algorithm is just complex sequence of operations, which will produce duplicate results on same input values. Sometimes its just very tricky to craft a situation where all of the input values would match.

If somebody is capable of doing that, your randomness changes into predictability. Read the story of Dual_EC_DRBG on Wikipedia https://en.wikipedia.org/wiki/Dual_EC_DRBG. When you're generating your precious private keys, you don't want anybody (including NSA) to be able to guess what you have there.

Random source in Linux

Since a proper random source is something every single user, developer and sysadmin would love to have, the problem has been approached on your Linux by authors of the operating system. An excellent description can be found from Wikipedia article https://en.wikipedia.org/wiki//dev/random#Linux. Briefly put, your Linux will collect environmental entropy from number of sources (including human interaction with keyboard and mouse) to a pool, which can then be used to produce naturally random numbers. It actually works very well, the quality of randomness is top-notch.

Obvious problem with this approach is, that you cannot pull too many random numbers out of this source without exhausting it. The fix is to keep typing something while moving your mouse (not a joke!) to generate entropy for the random source. This will eventually help fill the entropy pool and /dev/random will spit couple bytes more.

Those users who have exhausted their /dev/random on an idling rack server without a console keyboard, mouse and video know that it takes painfully long for the entropy pool to fill. A busy server doing something will be able to fill the pool much faster.

A real random source

If you need a real proper random source, which works without human intervention and can provide really good randomness as a stream, there are possibilities on hardware. I know of two good ones, Simtec Electronics Entropy Key and ubld.it TrueRNG Hardware Random Number Generator.

Note: if you consider getting one, get the TrueRNG version 3 (http://ubld.it/truerng_v3). Its just that I have the 1st gen version at hand and haven't found the reason to upgrade.

My TrueRNG looks like this:

It is essentially an USB-stick.

Linux lsusb info essentially identifies it as a Microchip (vendor ID 0x04d8) manufactured USB-device (with ID 0xf5fe) providing RS-232 communications:

Bus 002 Device 009: ID 04d8:f5fe Microchip Technology, Inc.
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            2 Communications
  bDeviceSubClass         0
  bDeviceProtocol         0
  bMaxPacketSize0         8
  idVendor           0x04d8 Microchip Technology, Inc.
  idProduct          0xf5fe
  bcdDevice            1.00
  iManufacturer           1 ubld.it
  iProduct                2 TrueRNG
  iSerial                 0
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength       0x0043
    bNumInterfaces          2
    bConfigurationValue     1
    iConfiguration          0
    bmAttributes         0x80
      (Bus Powered)
    MaxPower              100mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           1
      bInterfaceClass         2 Communications
      bInterfaceSubClass      2 Abstract (modem)
      bInterfaceProtocol      1 AT-commands (v.25ter)
      iInterface              0
      CDC Header:
        bcdCDC               1.10
      CDC ACM:
        bmCapabilities       0x02
          line coding and serial state
      CDC Union:
        bMasterInterface        0
        bSlaveInterface         1
      CDC Call Management:
        bmCapabilities       0x00
        bDataInterface          1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x000a  1x 10 bytes
        bInterval               1
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       0
      bNumEndpoints           2
      bInterfaceClass        10 CDC Data
      bInterfaceSubClass      0
      bInterfaceProtocol      0
      iInterface              0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x02  EP 2 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
Device Status:     0x0001
  Self Powered

And by looking at /dev/, there is a /dev/ttyACM0. That's how udevd will populate a CDC-device when it sees one.

How is this a "true" random source?

Oh, that's easy. The device will produce a random 0 or 1 bit constantly when its on. Or to be precise, there is an internal algorithm producing those based on a constant flow of electrons on a transistor PN-surface. The exact phenomenon is called avalance effect or avalance breakdown. For those who can do electronics, there is a good explanation about this in Difference Between Avalanche Breakdown and Zener Breakdown (I borrowed the visualisation pic from above link).

To (over)simplify that, in a carefully constructed electronic circuit, inside a transistor an electron may or may not be emitted on the other side of a semiconducting surface. The occurrence is as random as it can be in nature. Other circuitry will detect this random flow of electrons (or lack of flow) to produce ones and zeros.

What makes this a really good for randomness, as it is well established that this avalance of electrons will happen. Also, it will happen often enough to produce a stream of events. It's just that we don't know exactly WHEN the avalance of electrons will happen. If you time-slice this to slots, a slot can be empty (no avalance) or full (electrons avalanching).

Linux tweaking:

udev

Anybody having multiple devices in their Linuxes knows, that you really cannot control which device name some specific device will get on reboot. To overcome that, udevd can be instructed to do things when it sees a device. My rules for TrueRNG include setting it to highest possible speed and creating a symlink-device so, that I can point to a known source of random. Also, I'm loosening access to that source of randomness to any users belonging to dialout-group. If I wouldn't do that, only root would have access to this fine random-source.

My /etc/udev/rules.d/99-TrueRNG.rules contains:

SUBSYSTEM=="tty", ATTRS{product}=="TrueRNG", SYMLINK+="TrueRNG", RUN+="/bin/stty raw -echo -ixoff -F /dev/%k speed 3000000"
ATTRS{idVendor}=="04d8", ATTRS{idProduct}=="f5fe", ENV{ID_MM_DEVICE_IGNORE}="1", GROUP="dialout", MODE="0664"

If you want to take your random-device for a spin, you can do something like:

dd if=/dev/TrueRNG of=random.bytes bs=64 count=1024

That would create a file of 64 KiB containing very very random bytes. In theory you can just cp data out of the character device, but since it has an infite flow, you'll need to cut it at one point.

rngd

Remember the part I said earlier about Linux using your keypresses and mouse movements as entropy source for randomness. Even with the USB-stick popped into a PC, that still remains the case. What needs to be done next is to offer a helping hand to the Linux kernel and make sure the entropy pool is always full.

My Fedora has package called rng-tools. It is packaged from Mr. Horman's https://github.com/nhorman/rng-tools. What's in there are the tools for pumping those precious truly random bits out of the USB-source to Linux kernel's entropy pool. As default, rngd will use /dev/hwrng as the source for randomness. Some Linuxes don't have that device at all, some Linuxes point that into CPU's random source. What's guaranteed, it will not point to your USB-stick! We need to change that.

Btw. you might be horrified by the fact, that something is fidding with your randomness. The exact bits transferred from USB to entropy pool won't be the actual bits getting out of /dev/random. Your keypresses and many other events are still a factor. Its still a good idea to not run randomness-monitoring malware or spyware in your Linux.

Systemd works so, that I did create a copy of /usr/lib/systemd/system/rngd.service into /etc/systemd/system/rngd.service. The contents of the copy in /etc/systemd/system/ can be freely modified and it has priority over the /usr/lib/systemd/system/ one. The only change I made was to have the ExecStart-line say as:

ExecStart=/sbin/rngd -f --rng-device=/dev/TrueRNG --fill-watermark=4000

When rngd-service would be started, it will use the USB-stick as source and make sure, there are at least 4000 bits of entropy in the pool.

Making sure rngd setup works

At any given point, you can query how many bits are available in the Linux entropy-pool:

cat /proc/sys/kernel/random/entropy_avail

Since my setup is working correctly, it will display a number greater than 4000 and smaller than 4096. The upper limit comes from /proc/sys/kernel/random/poolsize, which is a hard-coded number from Linux kernel source.

Hint: If you do the stupid thing like I did and set the /proc/sys/kernel/random/write_wakeup_threshold (using --fill-watermark) into 4096 (or above), your rngd will keep hogging CPU like there is no tomorrow. It is impossible for the pool to contain maximum number of bits at any given time. Give your system a break and set the threshold bit lower than max.

Finally

It's always nice to know for a fact, that random numbers are random. This fact can be verified and has been verified by number of other people.

Enjoy!