The Smell of Molten Projects in the Morning

Ed Nisley's Blog: Shop notes, electronics, firmware, machinery, 3D printing, laser cuttery, and curiosities. Contents: 100% human thinking, 0% AI slop.

Category: Home Ec

Things around the home & hearth

Pi-Hole with DNS-over-HTTPS
With none other than Troy Hunt recommending Pi-Hole, I got a Round Tuit:
```
unzip 2018-06-27-raspbian-stretch-lite.zip -d /tmp
sudo dcfldd status=progress bs=1M of=/dev/sde if=/tmp/2018-06-27-raspbian-stretch-lite.img
```
Raspbian now arrives with ssh disabled, so the first boot requires a keyboard and display:

Pi-Hole first boot wiring

Then do some configuration required to get a fresh Raspberry Pi ready for remote access:
```
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install screen iotop
sudo raspi-config   # enable ssh
ssh-keygen -t rsa
cd ~/.ssh
cp -a /my/public/key authorized_keys
chmod go-rwx authorized_keys
cd
sudo nano /etc/ssh/sshd_config  # unusual port, no root login, etc
sudo service ssh restart
```
As the good folks at Pi-Hole say, “Piping to bash is controversial, as it prevents you from reading code that is about to run on your system.” I took a look, it’s beyond my comprehension, so just get it done:
```
curl -sSL https://install.pi-hole.net | bash
```
Configure Pi-Hole:
- Static IP: 192.168.1.2/24
- DNS using, say, Cloudflare’s 1.1.1.1
- DHCP turned off, which is the default
Configure the router’s DHCP to hand out the Pi-Hole’s IP, with, say, 9.9.9.9 as a backup.

Boot a few random PCs and whatnot to verify it works as expected, which it did the second time around, thus this particular post.

Install the Cloudflare Argo Tunnel dæmon, approximately according to suggestions:
```
mkdir Downloads
cd Downloads/
wget https://bin.equinox.io/c/VdrWdbjqyF/cloudflared-stable-linux-arm.tgz
tar zxvf cloudflared-stable-linux-arm.tgz
sudo mkdir /opt/cloudflare
sudo cp cloudflared /opt/cloudflare/
```
Start the daemon from within a screen session, also as suggested:
```
sudo /opt/cloudflare/cloudflared proxy-dns --port 54 --upstream https://1.1.1.1/.well-known/dns-query --upstream https://1.0.0.1/.well-known/dns-query
INFO[0000] Adding DNS upstream                           url="https://1.1.1.1/.well-known/dns-query"
INFO[0000] Adding DNS upstream                           url="https://1.0.0.1/.well-known/dns-query"
INFO[0000] Starting metrics server                       addr="127.0.0.1:37777"
INFO[0000] Starting DNS over HTTPS proxy server          addr="dns://localhost:54"
```
Contrary to the suggestions, you can configure Pi-Hole to use the DoH tunnel (or whatever it’s called) by tweaking its upstream DNS configuration:

Pi-Hole – Cloudflare DNS config

Then set up systemd to start the daemon automagically:
```
sudo nano /etc/systemd/system/dnsproxy.service
```
Because I put the daemon in /opt/cloudflare, that file differs slightly from the suggestion:
```
[Unit]
Description=CloudFlare DNS over HTTPS Proxy
Wants=network-online.target
After=network.target network-online.target

[Service]
ExecStart=/opt/cloudflare/cloudflared proxy-dns --port 54 --upstream https://1.1.1.1/.well-known/dns-query --upstream https://1.0.0.1/.well-$
Restart=on-abort
 
[Install]
WantedBy=multi-user.target
```
And then It Just Worked.

Controversies over the ethics of ad and tracker blocking will go nowhere here, as I’ve cleaned out enough Windows machines to have absolutely no sympathy with the unholy spawn of adtech (not just the company, which I didn’t know existed until just now, but, yeah, them too).
2018-10-02
Monthly Science: Cheese Slicer Epoxy vs. Water, Continuing

The epoxy coating on our cheap aluminum (?) cheese slicer continues to corrode (clicky for more dots):

Cheese slicer – epoxy failure – front

The back side:

Cheese slicer – epoxy failure – rear

The epoxy coating remains intact, although I expect it’ll break through as the corrosion products swell underneath.

For whatever it’s worth, I applied the epoxy almost exactly one year ago.

2018-10-01
Maximum Strength Homeopathic HGH: Not
Spotted at an exhibition for Olde Fartes:

Somaderm homeopathic HGH

I think they just blew up the bottle label to human size, with no attention to the resulting pixelation.

One can find Somaderm on the Interwebs, which leads to the “Active Ingredients” list:

Somaderm homeopathic HGH – Active Ingredients

Looking up their NDC number helps translate the bullshit Latinesque nomenclature:
- Glandula Suprarenalis Suis = boar adrenal glands
- Thyroidinum = cow thyroid glands
- Somatropin = human growth hormone
They’re exceedingly proud of that NDC number, touting “SOMADERM Gel is the only transdermal, FDA registered product”. Indeed, it’s registered, about which the FDC has this to say:

Assigned NDC numbers are not in any way an indication of FDA approval of the product.

and

Marketing Category UNAPPROVED HOMEOPATHIC

With that in mind, consider the dilutions:
- Glandula Suprarenalis Suis = 1 part per million
- Thyroidinum = 10 part per billion
- Somatropin = 1×10^-30 = there are no words
Homeopathic “drugs” never list the starting concentration or amounts in the product, but diluting something by a factor of ten-to-the-thirty ensures not one single molecule of the original compound will make it into the bottle. This, of course, means the HGH is at “maximum strength”, in the homeopathic way of magical thinking.

You’ll surely find some molecules of pig brain and maybe even a few molecules of cow glands, but I suspect they’re not buying the “active” ingredients in shipping container lots. In round numbers, one pig adrenal, one cow thyroid, and one drop of actual HGH would supply their needs well into the future.

I would like to see how they dilute those ingredients, because I doubt they have legions of trained homeopaths succussing bottles against elastic surfaces.

Of course, such dilution requires careful attention to detail, lest a stray molecule make its way into the final product, which surely justifies the punch line:

Somaderm homeopathic HGH – Price

There is also a $150 “Membership Price”, suggesting a multi-level marketing scam running in parallel. Some rummaging on their website reveals cryptic phrases confirming the suspicion: “Be the change that will inspire others to follow” and “Information on how to become a distributor“.

Ya gotta admire ’em for not even blinking.

A note on commenting: there is zero evidence of efficacy¸ so don’t even try to advocate homeopathy. If it worked, it’d be medicine, not a MLM scam.
2018-09-28
Wyze Cam vs. Xiamoi-Dafang Hacks

The Wyze Cam is a surprisingly inexpensive camera firmly lashed to the Wyze app, with no provision for ordinary IP camera streaming. It seems to be a generic camera with custom firmware and, unsurprisingly, one can commandeer the bootloader with different firmware from a MicroSD card, thereby adding missing functions and suppressing undesired actions.

Oddly, buying a genuine Wyze Cam directly from Wyze isn’t significantly more expensive than a generic from the usual eBay / Amazon sellers. Bonus: the legit camera arrives next week rather than in a month or two.

I found one of my few remaining 2 GB MicroSD cards, formatted it with a 512 MB (!) FAT32 partition (per the suggestions), set up the “custom firmware” bootloader, and installed it with no issues.

Installing the new firmware requires copying a directory tree, configuring the WiFi SSID and password in the usual wpa_supplicant, and rebooting. Works fine and, yeah, the camera now runs Linux.

I told the router to assign a known IP address to the camera’s MAC address, set up port forwarding for port 8554 to that IP address, put the camera against the storm window in the kitchen, and rebooted everything to get it working:

Wyze Cam in kitchen window

Unfortunately, while it works more-or-less well with browsers on the local network, it’s apparently inaccessible from outside. The router manages a DDNS name-to-IP mapping to make itself findable, the port is open, the forwarding seems correct, no image data arrives to browsers outside, and they eventually time out.

Changing to port 8080 doesn’t help, nor does using MJPEG instead of H264 encoding.

Even more unfortunately, the router doesn’t do hairpin connections (inside to outside to inside), so I can’t debug this mess from the Comfy Chair.

This is a placeholder for what I’ve done while I accumulate more knowledge …

2018-09-27
Garden Hose Y-Valve Autopsy

One of the handles snapped off a Y valve at the garden and I finally got around to an autopsy:

Garden Y Valve – cross sectioned

That’s using a 24 tpi bandsaw blade, which doesn’t cut nearly as smoothly as a fancy diamond saw, but seems good enough for the purpose. Most of the ripply shading on the cut plane comes from specular reflections; it’s pot metal all the way through and cuts to a high shine.

A closeup shows more detail around the (now hemispheric) ball valve:

Garden Y Valve – thread detail

You can see faint straight lines just inside the hose threads, which gives a hint of what’s to come.

Pry out the sectioned ball and dislodge the O-ring from the now-obvious insert:

Garden Y Valve – O-rings

Gently squish the threads in the bench vise to pop out the insert:

Garden Y Valve – plug removed

If lives depended on it, one could dismantle and repair the valve without recourse to a bandsaw, but …

2018-09-26
Bathroom Drawer Knob: Whoopsie!

I managed to snag a cargo pocket on the under-sink drawer knob in the Black Bathroom:

Bathroom knob – bent screw

Did a job on the pocket, too, although after Mary was done with it, you’d never know.

With that much of a bend in the screw, the knob left a nasty divot in the drawer front requiring a layer of wood-filled epoxy:

Bathroom knob – filled divot

I sanded it more-or-less flush with the surface, taking great pains to not scuff the surrounding paint. A similar layer fills the corresponding divot under the screw head inside the front.

Despite appearances, only about 1/8 inch of the epoxy peeked around the knob, so I painted it black with a Sharpie, ran the knob onto the screw, and declared victory:

Bathroom knob – restored

I’ll (try to) (remember to) stand further back from the knob …

2018-09-23
Miniblind Roller Repair

The rod along the left side of our miniblinds turns a shaft spanning the length of the housing which pulls-and-releases three pairs of cords tilting the blades, with one roller for each pair. The cords loop over, pass under, and are secured to a tab on the roller with metal ferrules, thusly:

Miniblind roller – intact

One day, the middle section of all the blades on one miniblind stopped tilting, prompting this discovery:

Miniblind roller – broken tab

The correct solution is, of course, to replace the entire miniblind, but our 1955 window frames don’t match up well with contemporary miniblind hardware and I was unwilling to reinvent that particular wheel for this occasion.

So I laid the cords in place, put the broken tab atop them, and held the mess together with a strip of the obligatory Kapton tape:

Miniblind roller – repositioned tab

Easing some epoxy under the tab and soaking the cords atop the tape held everything together in approximately the original layout:

Miniblind roller – epoxy backfill

Two days after I reinstalled the miniblind, a second roller broke and was restored by a similar treatment. While I had the thing ~~on the bench~~ clamped in the bench vise, I preemptively slobbered epoxy on the intact roller in the hope of reinforcing it.

So far, so good!

2018-09-19