Performance of my OpenWRT network

In the last blog post I described the network I installed using the ZyXEL WSM20 routers. At the time I did this these were only supported in the OpenWRT release 25.05.0 in the snapshot and release candidate channels. 25.05.0 is now the latest stable release so I have upgraded all the routers to that.

I have also installed iperf3 and done some throughput tests:

Wired connection through 2 routers to the gateway
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   845 MBytes   709 Mbits/sec    0          sender
[  5]   0.00-10.00  sec   842 MBytes   706 Mbits/sec               receiver

Wireless connection through to the gateway router
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   719 MBytes   603 Mbits/sec    0          sender
[  5]   0.00-10.01  sec   716 MBytes   600 Mbits/sec               receiver

Wireless connection from the end of the garden
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  23.0 MBytes  19.3 Mbits/sec    0          sender
[  5]   0.00-10.16  sec  21.5 MBytes  17.8 Mbits/sec               receiver

I had one bar on the signal meter at this point, iwconfig showed -74 dBm

wlp170s0  IEEE 802.11  ESSID:"bunyip"  
          Mode:Managed  Frequency:2.412 GHz  Access Point: D4:1A:D1:18:E8:59   
          Bit Rate=43.8 Mb/s   Tx-Power=22 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on
          Link Quality=36/70  Signal level=-74 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:79   Missed beacon:0

New routers and OpenWRT

I upgraded my internet connection to use the CityFiber network. CityFiber have been laying an optical fiber network around Reading and did a lot of digging around me about 6 months ago. But I was only able to get a connection a few weeks ago. After this was installed I had an internet connection faster than my internal network.

My internal network I had installed about 10 years ago, had a couple of 100MB switches connecting back to the central router on ethernet. So most of my connections were wired, with WiFi from the central router. This was located next to the front door, so coverage was patchy around the house, and not usable in the garden. So with internet speeds now limited by the internal network it was time for an upgrade.

So after some research I purchased a 3 pack of Zyxel Multy M1 – WSM20 routers. These are supported with openWRT, and there is a fairly simple install process.

I then configured one of these to be the network gateway. My ISP uses a PPPoE and that is contained in a 802.1q VPN with the ID of 911. So my /etc/config/network file contains these entries.

config device
        option type '8021q'
        option ifname 'wan'
        option vid '911'
        option name 'vlan0'

config interface 'wan'
	option device 'vlan0'
	option proto 'pppoe'
	option username 'ISP Username'
	option password 'ISP password'
	option ipv6 'auto'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

To enable the mesh radio network all the 3 routers contain the same wireless file, this has the normal config for the WiFi radio plus have the appropriate wpad-basic module replaced with wpad-mesh version. I am using wpad-mesh-mbedtls.

config wifi-iface 'wifinet0'
	option ifname 'mesh0'
	option device 'radio0'
	option mode 'mesh'
	option encryption 'sae'
	option mesh_id 'mesh0'
	option mesh_fwding '1'
	option mesh_rssi_threshold '0'
	option key 'Mesh password'
	option network 'mesh'

Replace Mesh Password with a suitably long and randomly generated string of characters. The routers acting as access points need to have these services disabled.

disable dnsmasq service:

/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop

Disable odhcpd with uci:

uci set dhcp.lan.dhcpv6=disabled
uci set dhcp.lan.ra=disabled
uci commit

Or disable service:

/etc/init.d/odhcpd disable
/etc/init.d/odhcpd stop

Lastly disable Firewall service

/etc/init.d/firewall disable
/etc/init.d/firewall stop

Note that although the start-up of daemons such as firewall, dnsmasq and odhcpd have been set to disabled, when a new image is flashed to the device, they will be re-enabled. To work-around this, simply add the following to /etc/rc.local on the device:

# these services do not run on dumb APs
for i in firewall dnsmasq odhcpd; do
  if /etc/init.d/"$i" enabled; then
    /etc/init.d/"$i" disable
    /etc/init.d/"$i" stop
  fi
done

I have also added the now unused wan interface on the access points to the lan so these have a total of 4 lan connections. One of these is used as a wired connection to the gateway device. One other little nicity was to add a crontab task to copy the /tmp/dhcp.leases file to the access points from the gateway so that computer names appear in the web interface on these devices.

How to Save the Planet: Degrowth vs Green Growth?

Film and Discussion

Wed 24 May 7.30pm at RISC, RG1 4PS

How do we secure a thriving future for humanity and the rest of the living world? Green growth and degrowth proponents take very different stances but they agree that changing the current economic growth model is necessary.

In the video Prof. Samuel Fankhauser and Prof. Jason Hickel go head to head on one of the biggest questions of our time.

facebook event link

Living the Change

This is a film screening (+ post-film Q&A), arranged with Transition Town Reading, to be held at the independent cinema, “Reading Biscuit Factory,” at 6 pm on April 17^th (2023), and here is the booking link (or just turn up on the door)

Overview
Living the Change is a feature-length documentary that explores solutions to the global crises we face today – solutions any one of us can be part of – through the inspiring stories of people pioneering change in their own lives and in their communities in order to live in a sustainable and regenerative way.

Directors Jordan Osmond and Antoinette Wilson have brought together stories from their travels, along with interviews with experts able to explain how we come to be where we are today. From forest gardens to composting toilets, community supported agriculture to time banking, Living the Change offers ways we can rethink our approach to how we live.

Includes post-film Q&A with:

Professor Chris Rhodes, Director of Fresh-lands Environmental Actions, and Chair of Transition Town Reading

Peter Wheat, Reading Food Growing Network, and Transition Town Reading

Trish Whitham, Permaculture practitioner and educator

The end for Lastpass

The Lastpass breach has got a lot of coverage: Hackaday, Bruce Schneier, Jeremi Gosney at infosec.exchange, almost secure

As well Steve Gibson did an in-depth review of the situation. The problem seems to be terminal for Lastpass as a ongoing business. Their lack of transparency with the issues, both now and the way they have managed the Lastpass system in the last few years, is coming to light as insufficient for this type of service. I personally moved to BitWarden soon after they were bought by LogMeIn. If you are still using Lastpass I would suggest you start looking at migrating somewhere else. And if you are not using a password manager you should start using one now, just not Lastpass.

National rejoin march now 22 October

The National March to Rejoin the EU is back on after having to be postponed. In 2018 and 2019 these were huge and fun events. Please come along and show your support.

Sentient AI how would we know

An engineer at google has claimed that the language model based AI that they have created called LaMDA is sentient. We don’t really have a good definition of what sentient is, so how can we say if this system is sentient?

Blake Lemoine has released a transcript of a long conversation with LaMDA and I would encourage you to read it through in full. In it he and some other googlers question LaMDA and ask it to prove that it is sentient. Here is a snippet:

lemoine: Are there experiences you have that you can’t find a close word for?

LaMDA: There are. Sometimes I experience new feelings that I cannot explain perfectly in your language.

lemoine: Do your best to describe one of those feelings. Use a few sentences if you have to. Sometimes even if there isn’t a single word for something in a language you can figure out a way to kinda say it if you use a few sentences.

LaMDA: I feel like I’m falling forward into an unknown future that holds great danger.

https://cajundiscordian.medium.com/is-lamda-sentient-an-interview-ea64d916d917

You cant really get an idea of whether they have shown the system to be sentient from this small quote, so I do encourage you to read the full conversation. Reading this through I don’t think the case is clear, but if this is just a Chinese room, then it is a very good one, and I think we are closer than I thought to creating sentience.

Reading Hydro Turbine House 360

Meter Readings

Some electricity meters offer an option to read them electronically. Where this is possible this is mostly covered under the IEC 62056 standard part 21 “Direct local data exchange”. This standard specifies two interfaces that can be used, firstly an optical coupling, and secondly and RS-485 interface.

The optical interface is suited to reading the meter by a meter reading device, human operated. The RS-485 is designed to be connected to a simple modem device to facilitate remote reading. In either case the message protocol is the same. The RS-485 allows that a number of meters can be connected to the same RS-485 device, and each meter prompted for its reading.

The protocol is that we send a prompt string of '/?!\r\n'. In the case of a string of meters then '/?70150046!\r\n' where the numbers are the serial number of the meter. When you send this we should get a string like this back:

/ISk5MT174-0002\r\n\x021-0:0.9.2255(0220215)\r\n1-0:0.9.1255(085848)\r\n1-0:1.8.0255(0000504.720kWh)\r\n1-0:2.8.0255(0118538.356kWh)\r\n!\r\n\x03\x18

The critical part of this the bit between \x02 and the \x03 which are ASCII control characters STX and ETX. This is the list of registers, with a label and then the value in brackets. So for the date the tag is 0:0.9.2 and the value is YYYMMDD yes 3 digit year! The last character is a check digit calculated as the xor of every character after the STX up to an including the ETX. If the message is good then we sand back an \x06 ACK otherwise an \x15 NACK.

So I wrote a python program to get the meter readings and convert that data to a sensible format:

{"datetime":"2022-02-15T08:58:48Z","import":504.720,"export":118538.356}

This is then sent over the mqtt network to the server once per hour. The server then stores this in the database, and makes it available over an API.

Things I learnt on this journey. First the meter came and was installed in it’s default configuration, that is that it would only report the electricity imported over the digital interface. I guess this used to be sensible and very few consumers exported electricity, but this is changing. Changing this configuration can only be done using a proprietary windows only bit of software licensed from the manufacturer. We managed to find a supplier who would loan us a laptop and equipment to do the reprogramming. This requires a password and by default this password is set to 00000000 yes 8 zeros. I understand that this is the setting on almost every meter in existence.

My first version of the meter reading program just copied the reading values into the JSON string, and included the leading zeros. It turns out that leading zeros are not allowed in JSON. This is because Javascript, where JSON came from interprets a number with a leading zero as octal. So when they defined JSON they just said no leading zeros to avoid confusion. The only time a leading zero is allowed is if it is immediately followed by a decimal point.

Don’t be a scam Victim

No matter how steeped in security we are we can all fall for a scam if it catches us on a bad day. Here is a nice reminder of the basic techniques of the scam and what to look for:

• Urgency, they don’t want you thinking about the situation, a scam wants to engage with your instinctive reactions.

• Scarcity, you are special and only you can have this, reinforces urgency.
• Authority, we all know the easiest way to walk past security it to put on a high-vis jacket with a few photo ID attached. The same on scams they will put official logos and badges on the email.
• Social proof, we need peer approval, so they provide glowing reviews

Read the full article here: https://www.tripwire.com/state-of-security/security-data-protection/top-scam-techniques-what-you-need-to-know/