## Manually setting firewall rules for the Synology DSM openvpn interfaces

April 23, 2016 Uncategorized No comments

I keep forgetting how to do this so I’m finally gonna write it down. Synology DSM does not allow you to define arbitrary firewall rules. I especially want to define more paranoid firewall rules attached to openvpn connections. Sadly the GUI does not know about selective firewall rules for these so I had to do it myself. Synologys openvpn client calls

/usr/syno/etc.defaults/synovpnclient/scripts/ovpn-up

once the connection is established and

/usr/syno/etc.defaults/synovpnclient/scripts/ip-down

on disconnect. To define my own firewall rules I figured I would have to add to these two scripts. Unfortunately synology only sets its firewall rules some time after the scripts have run. So when I just add my own firewall rules to the two scripts, they are overwritten seconds later by synologys firewall. My solution is the following: at the end of the synology scripts

ovpn-up

and

ovpn-down

I add my own firewall setup script via:

# above here is synologys original code
# save the return code of the synology ip-up/down logic
returncode=$? # call my script and send it to the background nohup /opt/bin/iptables.sh & # pass the original return code to the calling process exit$returncode


In my own firewall script I begin with:

sleep 10


before I proceed to remove the synology firewall rules and replace them with my own.

WARNING: DSM Updates may overwrite your custom settings. Whenever you update DSM make sure that your settings are preserved.

## Vectorized vortex clock

October 7, 2015 Uncategorized 2 comments

SVG (click to enlarge)

The Doctor Who intro features a vortex clock. Find it on youtube here (left of the two clips). I went through some pain to vectorize it in halfway decent quality in preparation of building a Doctor Who themed wall clock. In case anyone else wants an SVG version here is my amateur attempt. I know a lot could be done to make the SVG way smaller (probably the image could easily fit into 1/10 the size). My main goal was to get something that prints decently with a laser printer to iron on an aluminum plate, and this SVG is sufficient for that purpose.

## Dynamic pdfs with pdflatex and ocg-p

April 21, 2015 Uncategorized No comments

Ever since I saw the microtype manual, I wanted to have something similar. The amazing thing about it is that you can switch on and off different microtype options and observe the resulting PDF output,

I now found the package ocg-p which allows to generate pdfs with dynamically switchable layers similar to the above. I built a demonstration which switches between a greek epigraph and its translation by clicking.

The code I used is the following, you can find the resulting PDF output here. The dynamic features only work in dedicated PDF readers (try opening with Acrobat):

\tikzset{external/export next=false}

\begin{tikzpicture}[node distance=3cm,every state/.style={fill=green!20},auto]
\begin{ocg}{edges}{ocedgesid}{1}
\draw[opacity=0] (-5,4)--(0,0);
\end{ocg}
\begin{ocg}{english}{german}{0}
\node[anchor=south east] at (0,0) { \toggleocgs{greek german}{I know that I know nothing}};
\node[anchor=north east] at (0,-0.2) { \toggleocgs{greek german}{\textit{Socrates}}};
\draw (-2,-0.1)--(0,-0.1);
\end{ocg}
\begin{ocg}{greek}{greek}{1}
\node[anchor=south east,font=\selectlanguage{polutonikogreek}] at (0,0) { \toggleocgs{greek german}{Οἶδα οὐκ εἰδώς.}};
\node[anchor=north east,font=\selectlanguage{polutonikogreek}] at (0,-0.2) { \toggleocgs{greek german}{\textit{Σωκράτης}}};
\draw (-2,-0.1)--(0,-0.1);
\end{ocg}



## Running an open WIFI hotspot in Germany

March 9, 2015 Uncategorized No comments

German legislation makes it difficult to run an open WIFI hotspot: Not only will the police possibly search your house if somebody decides to commit criminal acts using your connection, you will also be liable via Störerhaftung for copyright-“crime” committed using your connection.

Despite the difficulties I am a big fan of offering open WIFI, and there is a large Café right across the street from my house which does not offer free WIFI on their own. Recently it hit me: Why not just make it a TOR hotspot? TOR is a free, strong anonymizing network run by volunteers like me. Data is redirected over three encrypted computers, making it impossible to trace data back to the users computer. If the Internet connection from the open WIFI passes through TOR nobody’s gonna ring my doorbell if somebody misbehaves.

Said was nearly done: used a Raspberry PI 2 I had so far no use for and combined it with a high power usb-wifi-adapter from amazon. After that it was only a matter of following the onion pi tutorial (but opting to run hostapd without encryption).

If you decide to do the same please consider doing it like I do: run a middle relay or a bridge on your pi in parallel to the access point (unless you pay per traffic) to give back to the TOR network that you use. Middle relays and bridges do not allow others to access the web from your connection, so they are quite safe to run even on a home connection.

## Reduce minimum brightness on Sony Xperia z1 compact stock.

August 4, 2014 Uncategorized 1 comment

Quick note: the minimum brightness of the Xperia z1 compact is quite high. With root it can easily be set lower even on the stock ROM:
The command

echo 25>/sys/class/leds/wled\:backlight/brightness


allows arbitrary brightness settings (replace 25 by a number between 1 and 255). Entering it on the console is a bit cumbersome so I made a tasker profile for it. You can download it as an app. In the app, brightness is fixed at 25, my optimum value for using the screen in the darkness. here, Source code for the task (in case you want to use it in your own tasker) here:

Backlight Low (3)
A1: Run Shell [
Command:echo >/sys/class/leds/wled\:backlight/brightness
Timeout (Seconds):0
Use Root:On
Store Output In:
Store Errors In:
Store Result In:
]


brightness only stays low until set from another source overwrites it, so if you set it to zero (I know somebody will) switching the device off and on again should fix it. Using in changing light conditions needs more thought to prevent auto brightness from overwriting the value.

Disclaimer: if you accidentally harm your device using materials from here it is your own responsibility.

## Raspberry Pi – Ultrasonic Distance Sensor part II

July 29, 2014 Uncategorized 2 comments

Using python for the ultrasonic distance sensor from part one of this post in a project I realized: It is still too slow. In my project I record high queality video using the raspberry pi camera at high resolution. That puts quite some load on the IO. As a result, the timing needed for the distance measurement becomes unreliable. Results vary by more than a meter shot-to shot (without changing the distance to the first obstacle). For higher timing accuracy I decided to do the distance measurement in C or C++. I stole some interrupt based c++ code from here. I modified it to have it measure continuously. The code does one measuerement every 25miliseconds and outputs the result as a binary float to stdout. The result looks like this (download here):

// code based on
// http://stackoverflow.com/questions/22580242/raspberrypi-g-ultrasonic-sensor-not-working
#include<iostream>
#include<wiringPi.h>
#include<errno.h>
#include<string.h>
#include<stdio.h>
#include<stdint.h>       //for uint32_t
using namespace std;
uint32_t time1=0,time2=0;
uint32_t time_diff=0;
float Range_cm=0;
volatile int flag=0;
void show_distance(void);

void myInterrupt(void) // Interrupt routine
{                     // Called whenever the input pin toggles
uint32_t timeTemp=micros();
if(flag==0) // first toggle? note the time
{
time1=timeTemp;
flag=1;

}
else // second toggle? compute the distance
{
time2=timeTemp;
flag=0;
time_diff=time2-time1;
Range_cm=time_diff/58.;
}
}
void show_distance()// writes the distance as a
{                 // binary float to stdout.
fwrite(&Range_cm,sizeof(float),1,stdout);
cout.flush();
}

int main(void)
{
if(wiringPiSetup()<0)
{
cout<<"wiringPiSetup failed !!\n";
}
pinMode(4,OUTPUT);
pinMode(5,INPUT);
pullUpDnControl(5,PUD_DOWN);
if(wiringPiISR(5,INT_EDGE_BOTH,&myInterrupt) < 0)
{
cerr<<"interrupt error ["<<strerror (errno)<< "]:"<<errno<<endl;
return 1;
}

while(1) // this loop starts a new measurement
{        // every 2500 miliseconds
time1=0;
time2=0;
flag=0;
digitalWrite(4,0);
delayMicroseconds(1);
digitalWrite(4,1);
delayMicroseconds(10);
digitalWrite(4,0);
delayMicroseconds(25000);
show_distance();
}
return 0;
}


Now we just need to modify our python class to read the regularly arriving distance from the c-code instead of measuring it itsself. To do so I use the following code (download distanceMeter1.py):

# License GPL
import gps
import subprocess
import time
import numpy
import os
# culd be beefed up with code from here http://www.danmandle.com/blog/getting-gpsd-to-work-with-python/
#GPS
# the init routine starts the compiled c-code
# at high priority and initializes variables
def __init__(self):
self.distanceProcess = subprocess.Popen(['./distance'],stdout=subprocess.PIPE, bufsize=500,preexec_fn=lambda : os.nice(-19))
self.running = True
self.currentdistance=0.0
self.lastFive=numpy.zeros(5)
self.lastFiveValid=numpy.zeros(5)
self.current=0
self.currentValid=0
print "created"
# the run method of the thread is an infinite loop:
#   whenever a distance measurement arrives
#   the result is checked for validity (changes by more
#   than 5 cm in 25msec are rejected as implausible for
#   my means). Then mean and standard deviation of last
#   five samples is computed.
def run(self):
print "starting loop"
while self.running:
# whenever new binary data comes in
# put it into a numpy float and
# process it.
tmp=numpy.fromstring(rawdata,dtype="<f4")[-1]
if (numpy.abs(self.lastFive-tmp)<5).any():
self.currentdistance=tmp
self.lastFiveValid[self.currentValid%5]=tmp
self.currentValid+=1
self.lastFive[self.current%5]=tmp
self.current+=1
def stopController(self):
self.running = False
self.distanceProcess.send_signal(2)
self.distanceProcess.kill()
@property
def distance(self):
return numpy.mean(self.lastFiveValid)
@property
def deviation(self):
return numpy.std(self.lastFiveValid)
# This is just to show how to use the the class above
if __name__ == '__main__':
test.start()
for i in numpy.arange(1000):
try:
print test.distance
time.sleep(.1)
# you can put as much code as you like here,
# test.distance will always contain the current
# distance measurement, updated every 25msec.
except KeyboardInterrupt:
test.stopController()
test.join()
break


With this I get reasonable distance measurements even while recording high resolution high quality video using the camera.

## Raspberry Pi – Ultrasonic distance sensor

July 28, 2014 Code, Raspberry Pi No comments

For a current hobby project I need an ultrasonic distance sensor. They work by sending a short pulse of ultrasound and measuring the time it needs to get reflected back from the first obstacle. A nice introduction can be found here. The distance traveled by the sound can then be calculated from a measurement of : multiply the speed of sound by . Divide by two to get the distance between the emitter and the reflecting object (the sound had to travel the distance twice to get there and back again).

I want to measure distances with an accuracy of a few centimeters so the time measurement needs to be accurate by

For one centimeter this amounts to about 60 . This timing accuracy would be easy to achieve on a microcontroller where you can use hardware interrupts and have cycle-by-cycle accuracy of your timing (so at 1MHz you can get an accuracy of 1 microsecond). On a linux system your timing accuracy suffers from the fact that your measurement competes with other software for the CPU. Especially for an interpreted language like python, timing might get far worse than 60 . The first solution I tried was this python code. No problem on an idle system. But as soon as you start recording HD video in parallel, your distance measurement starts to get quite noisy. It will be jumping by as much as half a meter from measurement to measurement).

For better timing accuracy one has to minimize delays between the incoming signal on the hardware pin and the recording of the time. With this goal I tried to modify the script to get an interrupt-based version. (An interrupt is a way of telling your machine, that when something happens it should automatically run a piece of code, allowing for decent timing in the presence of foreground processes.)

The result you can find here. It is object oriented and built such that you initialize the distance sensor and from then on it automatically updates the current distance regularly. It even calculates the standard deviation for you as an estimate of whether the measurement was noisy. (When the timing gets garbled up due to high load, you get a noisy measurement result). An example of how it can be used can be found in the main loop of the script.

You use the class like this:

import distanceMeter
distanceSensor=distanceMeter.distanceMeter()
distanceSensor.start()
#whenever you need the current distance you get it from the object
print "current distance is %0.3f, deviation %0.3f" % (distanceSensor.distance,distanceSensro.deviation)

#as the sensor runs in a thread you should tear it down properly:
distanceSensor.stopController()
distanceSensor.join()


Still this is not the end of it, even with the interrupt method I continue to get noisy distance data when the measurement code competes with other IO-heavy software on the PI, so stay tuned for an update with a C-based measurement module.

Update The post about the c-based module is here

## Revisions of Latex documents

April 23, 2014 Uncategorized No comments

latexdiff example output used on lebowski ipsum.

Like lots of other people I have come to like latexdiff to highlight changes between versions of latex documents. It takes two latex files as input and outputs a new latex file, in which changes are highlighted. I use a lot of pgf/tikz for graphics and latexdiff will destroy tikzpicture code. To avoid that I call latexdiff as (the hint how to do this came from stackexchange):

latexdiff -c PICTUREENV='(?:picture|tikzpicture|DIFnomarkup)[\\w\\d*@]*' VersionBefore.tex VersionAfter.tex > Diff.tex

## Pyorbit and numpy

April 11, 2014 Uncategorized No comments

On Wednesday I started looking into py-orbit (the orbit tracking code for python). In order to quickly see what happens with the particles I wanted to be able to directly access the particle coordinates as a numpy array. The builtin c functions will only give you a pointer to the particle array and the builtin python functions give single particle coordinates. Accessing those for turn-by-turn diagnostics would give you a huge overhead of python code. This is not a flaw as everything time-critical in py-orbit is written on the C++ level. Nevertheless as a beginner and cython/python lover I would like to be able to use numpy for a fast view on the particle coordinates. For the direct access on a c array pointer via numpy I found help on a gist by Gael Varoquaux.

Unfortunately it turns out that py-orbit allocates memory in chunks of 10 particles. So the two dimensional array of particles is not a continuous chunk of memory and therefore there is, as I see it no easy way to access it as a numpy array. Nevertheless I think it is worthwhile to post this here so others do not waste time of this.

If you want it really badly I think the way to go is to modify py-orbit to allocate the memory for all particles at once in the beginning, but instead you can also just access the arrays in cython directly so I decided it was not worth the effort.

## PDF-OCR: Sorting documents into searchable PDFs

March 12, 2014 Code, Raspberry Pi 3 comments

I’v gotten rid of paper at home by installing an automatic scanner/OCR/document sorting system on based on an all-in-one printer-scanner and a raspberry pi.

For years I’ve been struggling to keep up with bureaucracy. I do really dislike everything to do with official papers. In most years that meant that I would just briefly read official letters and documents before putting them in a box. That summarizes my sorting system pretty well. Come the end of the year I would take a day or two to sort them into folders by category. I’ll never understand why, at least for those letters, we have not yet gone digital. In Germany the laws would have permitted that for more than 10 years.

Since I started my PhD I have been making an effort be more careful about my bureaucracy. I began to use the printer/scanner combination at work to archive a digital version of the most important documents in order to be able to find them quickly. But for most documents they still lived at home in a box. The main reason was: I was reluctant to bring a box of personal documents to work and scan them, even off-hours it seemed inappropriate.

Then my father told me that his all-in-one printer supposedly does OCR (optical character recognition) on documents he scans (unlike the machine at the office). OCR means that your PDF is not made of of images, as it is with most scanners. The computer also reconstructs the text from the images and allows you to search through the PDF and jump to a page as you can in PDFs that you generate from, say, Word documents. Searchable PDFs of course have the important quality of being searchable. In theory you don’t have to sort them at all.

In practice you may want some presorting, say by the company that sent you a letter. But that is something you can do easily once you have searchable PDFs.

When I bought the printer/scanner I paid attention that it offers the possibility to scan to a network drive without having a computer attached. This way it can directly deposit scanned documents on the hard disk of our network attached storage system (we’ve got a synology DS213 but really any NAS would be fine).

For the scanning I thought I’d use the other computer constantly running in our home, a Raspberry Pi whose tasks so far include logging of the temperature in different rooms and remote control of power outlets. At first I thought I’d have to do everything myself but soon found that somebody had already done the work: pypdfocr, a great python software by Virantha Ekanayake takes multipage-image-only PDFs as an input, disassembles them, runs them trough the open source tesseract OCR engine and puts them back together as conveniently searchable PDFs. Then it puts the PDFs into folders depending on configurable keywords (think “Invoice”, “Insurance”, “Tax”)

More than that, it can conveniently be installed from the python package index (PyPI) using the command

pip install pypdfocr

The first time running it on the Raspberry Pi though the output was unfortunately not searchable PDFs. In my case the reason was that the tesseract-version on the Raspberry Pi package repositories was either outdated or a modified version. The fix in my case was downloading tesseract from Google (they develop it) at google code and compiling it myself. The necessary steps are:

2. run the setup and compilation from main folder of the source:
./configure
make && sudo make install


If your raspberry pi complains during the configuration/compilation that software or libraries are missing install them using the package manger. Pay attention that you might need the -dev version of the libraries.

On top of that I wanted to make sure that pypdfocr automatically scans all PDFs that go into the incoming folder on the NAS. To do that did the following:

1. I mounted the documents directory from the nas on

/nfs/documents

1. I instructed the scanner to scan into the documents directory, subfolder

paul

on the NAS

1. I wrote a short shell script that regularly checks for new PDFs and if it finds any runs

pypdfocr

#!/bin/sh
while sleep 60 #every minute
do
for i in /nfs/documents/paul/*.pdf #for all pdfs in the folder
do
echo "found file " $i #output name sleep 20 # wait for 20 seconds to make sure it is there pypdfocr$i -f -v -c config.yaml # run pypdfocr.
done
done


In theory, pypdfocr can do the last step itself (heck it can even upload the stuff to evernote if you’re into that). However depending on your system of network shares you can not always be sure that a file is correctly locked. Then it can happen that you start the conversion process on a file that is currently being written by the scanner. In my case the scanner usually takes less than 10 seconds to write a file. Therefore I wait for 20 seconds after I notice a new file. This way I am sure the file is fully on the NAS before starting the conversion.

The file config.yaml contains a dictionary of disk folders and corresponding keywords. If a the text in a scanned document matches a keyword, it automatically gets sorted into the folder on the disk.