Category: Gadgets

Tasmota firmware (pwn your IoT)

Long gone are the days where X10 rules the Smart Home devices space and with ubiquitous WiFi and cheap ESP hardware we’re seeing IoT devices that connect to WiFi. The problem is that almost all of them want to call home and talk to some service in the cloud. Sure you bought the device, but do you really own it?

When I needed a WiFi controlled outlet, I headed off to the Tasmota Supported Devices Repository to determine which one I should buy. Tasmota is one of the options for alternative firmware for ESP devices. This gives you control over the software running on the IoT device, and most importantly the ability to use it without any cloud server that you don’t control. This is still annoyingly difficult, we really need the tech industry to adopt a better way to give people easy to use devices and software without insisting they give up all control.

Buying from Amazon, I didn’t have to wait long to get a cheap WiFi outlet. It is thanks to Michael Steigerwald and his talk “Smart home – Smart hack”  that we have a way to over the air update some of the devices running the Tyua firmware. Unfortunately, to my dismay, I discovered that many of the Tuya based devices ship with a newer and more secure firmware preventing this hack from always working.

The tuya-convert project is pretty comprehensive, but still requires a fairly deep technical understanding to pull off. I tried a couple of ways to run the software before giving up and using a RaspberryPi. Once I decided to go with the Pi things were much easier.

I got lucky as the Moko YX-WS01A appears to ship with old firmware, my next purchase may be more carefully researched. I was very careful to not connect it to the recommended software (smartapp.tyua.com) as that was likely to cause a firmware update. I really didn’t want to have to crack this thing open and hook up to the ESP physically. Maybe the Moko outlets will continue to ship the older, exploitable, firmware – but buyer beware.

Once I had the very basic Tasmota firmware installed, a tasmota_XXXXXX-#### network access point was available (where XXXXXX is a string derived from the device’s MAC address and #### is a number). I can now connect to this access point and configure the device to one of my WiFi networks by opening a browser on 192.168.4.1. Take care, if you mess up the WiFi password you may have trouble recovering the device.

This screen is different than the Tasmota instructions, I suspect this is because the binary provided as part of tuya-convert is stripped down and does not have any specific hardware configured.

Once you configure a connection to a WiFi network, you’ll lose the access point connection, but you will be able to locate the device on the network you connected it to. It will appear with the device name tasmota_XXXXXX-####.

Before we go further, we’ll perform a reset 5 as advised on this page. It may not be needed, but it sounds like a good idea. This is easy to do with the Console provided on the web UI.

We can see that we’re back on version 9.2.0 – so next we’re going to update the firmware. Which firmware should we pick? This page provides a good overview of the various options. There are many ways to perform the upgrade – I’ve elected to download the .gz binary an provide that file to the web UI. I’ve also picked the default and recommended tasmota.bin.gz file. This will update me to version 10.0.0.

The performance of the web UI seemed quite slow, I have to keep reminding myself this is a very basic microcontroller that costs a few dollars. It’s pretty amazing it works. Post firmware upgrade the web performance does seem quite a bit better.

At this point I can hit the Toggle button and see the LED on the outlet turn off an on, but I don’t seem to be triggering the outlet itself. More configuration is needed.

From the web UI, choosing Configure then Configure Module I can see that this is setup as a generic device with only 4 GPIO pins. Using this template as a guide, I select Generic (18) and set the GPIO pins as indicated. This works great, and I can now toggle the outlet on an off via the Web UI.

A word of warning. Back when the device was acting as an access point – you can only attach one device to it, attempts to connect a second client will fail. I also had some weirdness configuring the module, but I think this was because I had multiple browsers / apps pointed at the one device. Go slow, and do one thing at a time.

As for app based control, there are several Android apps which will bypass the need for a MQTT setup and work directly against the HTTP endpoint. I tried several, but decided for my simple needs Tasmota HomeSwitch was a good match.

Using the app seems to mostly work, but has some latency at times depending where the device is at in terms of responding to the HTTP requests. I notice the same type of latency using the web app, but this represents itself more as slowness to load the page vs. waiting for a button press on the app to take effect.

Bonus – the device appears to persist it’s state (on/off) even if you unplug it from power. This is pretty useful as it means that if there a power failure, it will return to the previous state.

Sure it only supports up to 10A, but wifi control over power and I can keep it entirely on my own network is pretty slick.

A Tale of Two Macbooks

I like many have been, and continue to, work from home. You may have also heard of the chip shortage making things like laptops a bit more difficult to get your hands on, especially at the scale of a large company. This has delayed the usual upgrade cycle, and meant I was using a machine with no AppleCare warranty.

Up until recently I’ve been using a 2017 macbook pro – yes, the one with the bad butterfly key-switches – that is until recently.

Right from the start the keyboard had given me problems. In the first few weeks my W key was janky and needed extra presses to work. It sorted itself out after a little while and I discovered that if I was careful about dust/crumbs I could avoid problems. When problems happened, giving it a good shake upside-down would help remedy the issue.

In this case the F key started jamming, then broke off entirely. Normal typing would dislodge the key and was generally a pain. Apparently once one key busts off, others are not far behind. This was proved out by a coworker of mine in the same situation, but with 2 busted keys. I guess it was time for a replacement.

After the usual paperwork, I was back in business – sort of, as the first replacement had a busted microphone and that makes participating in emeetings sort of tough. The second replacement arrived, this was a 2019 with a bit of warranty left and everything works. So now you know why the lead picture has 3 macbooks in it.

The first replacement was a 2018 machine, a little faster than the 2017 but basically on par. I won’t mention much about this because I only had that a day give or take. This is why the post is a tale of 2 macbooks and not 3.

The 2017 was a great machine aside from the keyboard and the cursed touchbar. I don’t regret giving up my previous pre-touchbar macbook pro, because the 2017 was pretty slick and had USB-C charging.

The battery data from the 2017 does tell a longevity story

It had reasonable performance up to the day I stopped using it. Not bad for a 4+ year old machine. The Geekbench score was 867 single-core, 3363 multi-core. I also really liked the stickers I’d accumulated over time.

The 2019, while a previously used machine it has a noticeably better keyboard. The keys feel a bit more muted, and seem to have a little more travel. It’s sticker free still, just a boring space grey slab.

This was still a nice upgrade. Intel i7 -> i9. 4-core -> 8-core. Faster memory 2133 -> 2400. The Geekbench numbers are nicer too: 1059 single-core, 6074 multi-core, a pretty big numbers jump. It does seem a little faster but you get used to the modest speed increase pretty quickly.

Let’s look at the battery stats

There is a nice bump in Full Charge Capacity (+714 mAh).. but things get pretty mysterious when we talk about batteries. It seems the 2017 design capacity was 6669 mAh, and the 2019 design capacity was 8790 mAh.  I’m sure the cycle count factors in here (781 vs 168), as well as many other variables such as charge rates etc.

While I was sad to see the well stickered and travelled laptop go, having a fully working keyboard is a joy you quickly take for granted. I’m still looking forward to a real hardware upgrade to a non-touchbar machine, maybe with the M1X or whatever comes after it. Oh, and 32GB of RAM would be very nice.

Moving things along

I’m a terrible digital hoarder. I have email archives that reach back years. I have multiple copies of my digital photos. I even have at least partial copies of old machine installs going back years. Heck, it’s just bits and storage is cheap.

This translates a little bit into the physical world, but at least for this post I’ll focus on cool technology that I’ve bought and just can’t let go.

First up is the SLIM Devices Squeezebox. At the time this was a ~$400 device, and while I’d already digitized a lot of our music from CD to MP3 this opened up a novel way to explore our music collection.

The remote was useful, but where things really got neat was the web browser interface to the music server where you could queue up songs as you ‘discovered’ them. This was a neat audiophile device supporting digital out so you could connect this into your HiFi gear. There was even FLAC support if you wanted to go that path.

Sadly, two things made this device fail.

  1. The company was acquired by Logitech and there were multiple reshuffles of the software / ecosystem. Newer devices came out, and the legacy stuff was left in the dust.
  2. Streaming services became the new way to listen to music. The apps got really good and the friction between you and the music you wanted to hear was removed. Owning your music became less important to consuming music.

I can imagine a few futures where a device like this would survive if it had something like Plex supporting it. Today I still have my digital music collection, but it’s served up by Plex and we use the various Plex apps and supported devices to listen to it – including an Ikea Sonos speaker.

The second device is the Acer AspireOne. This was also around ~$400 when it came out, which was a ground breaking price point for a laptop. Sure this was a tiny 8.9″ screen, but it had everything we’ve come to assume a Chromebook can do. It was branded a Netbook, a category that died when Chromebooks came out.

For a while, this was used as Jenn’s primary device. It had access to email, could surf the web and even had a webcam and mic for recording video. (this was before we had ubiquitous video meeting software). It even supported local document editing via early versions of what we know as LibreOffice now.

It was replaced with a mac mini ages ago, which in turn was replaced.. I kept this little laptop around. The original software was a special Linux build that was really pretty horrible, but as this was just a standard intel based machine it would accept a lot of the usual Linux distros.

At one point I even managed to squeeze neverware onto this to make it into a very low end Chromebook. It worked, but was barely capable of doing some of the heavier web workloads that are pervasive on the modern web.

My primary use for this was a hackable Linux laptop that would let me do stuff like reconfigure routers. It’s built in ethernet jack was great for this and meant that I didn’t have to crawl behind my desktop machine to mess with the network.  Sadly the battery on this gave up and it needs to be wall powered, limiting it’s usefulness in terms of portability.

I’ll miss having it, but I’ve since gotten my hands on a 14″ HP Chromebook that I unlocked and installed Linux on, specifically GalluimOS. This has become my go-to portable Linux hack machine. The battery on this isn’t great, but it’ll still run an hour or so. Plenty of time for my needs.

Well, farewell to these devices. I’m glad that they didn’t hit the landfill as I was able to sell them on Kijiji for a couple of bucks. The squeezebox went for $20, very quickly I’ll add. The netbook for $10, which for a working laptop is some unbelievable price apparently. While that is horrible depreciation, at least someone is going to use them for something which has value to me.