Hackviking He killed Chuck Norris, he ruled dancing so he took up a new hobby…


H2testw – Test SD-cards

SD-cards ware out over time. So every now and then you need to check them. One of my Kodi media players, running on a Raspberry Pi, just died on me and refused to start at all. Flashed a new SD-card and it booted right away. Since I use a centralized database for my media players the time to fix this was minimum. Then I put the faulty card away with my other cards and of course mixed them up....

So I had to test them to figure out which one was broken. The easy way to do this is with H2testw that writes data to the whole card and then verifies it. But there are an additional step, at least if your main use of SD-card is for singel board computers like me. You need to clear them and make sure there is only one partition. I have mentioned my favorite tool for this in the past, SDformater. That is the official tool from SD Association so it would be safe to say that it's the industry standard of doing this. Keep in mind that you need to use the "format size adjustment" option to clear all the partitions on the card. I've made a tool tip about SDformater before so please reference that for more information.

Then go ahead and download H2testw. It's very easy to use, it starts out in Dutch (the small sub sea country in Europe) but have a toggle for English. Then just select the "target" (your SD-card drive letter) and select "write + verify". The test takes a while depending on the speed and size of the card, it will fill the whole card with data and read it back again. This also gives you a good performance indicator for your SD-card.


Pi: BtSync satellite – spin down hard drive

My BitTorrent satellite has finally synced my 6tb of data over the local network. The initial sync took several days but so far it seems to pretty quick picking up new files and syncing them. Before I move it to my office I want to make sure I get some peace and quite in the office. I need it to spin down the hard drive when not syncing data. I had the same issue with the BitTorrent Sync server in my apartment always spinning up my NAS but this was actually a bit different.

Since this node uses a USB-disk instead of the network shares on a NAS it can actually do some basic stuff, like indexing, without spinning up the drive. I don't know if it's due to the utilization of Truecrypt or if it's built in but there is some cache which allows the btsync daemon to list the files on disk without the disk spinning up. So I don't have to reconfigure the indexing intervall like I had to on the node uses the NAS. That is communicating over the network to the NFS shares of the NAS and it will spin up it's disk every time someone access it. So there I had to reset the sync intervall to 12 hours. But for my backup solution that will be just fine.

The second thing I was sure I had to change was my script for the LCD display. Since it's reads a JSON file with user credentials from the encrypted disk every 45 seconds I thought it would spin up the drive. No it also ended up cached somewhere and everything is working great at the moment. Have tested throwing new files in there and it synconices just fine! The disk spins up, writes the data and goes back to sleep again after 30 minutes.

To achieve this we need to use hdparm, if your on a Raspberry you need sudo before these commands:

apt-get install hdparm

Then we can run it from the command line:

hdparm - S120 /dev/sda1
setting standby to 120 (10 minutes)

To make it persistant after reboot just nano /etc/hdparm.conf, and add this at the end of the file:

/dev/sda1 {
spindown_time = 120

So this is the last step before I can move it to my office and really test out the GEO-location backup. Here is a list of the other posts about this:


Pi: Python script for BtSync status LCD

Adding and LCD display to a Pi project can make it so much easier to use. Displaying current IP address and status of some task that you only have to interact with when something went wrong. In this example we have the 20x4 (20 characters x 4 lines) LCD status display of my BtSync Satellite that I built a while back. Since this box is going to sit on a DHCP network I wanted to display the IP-address so I know what to SSH against. I also wanted to display some status metrics about disk mounts, services and application specific performance counters.

In this scenario the box is running BtSync to keep an offsite encrypted backup off my NAS. For security reasons I have to SSH to the box after a power cycle or failure to enter the encryption key for the disk. That's why I want it to display it's current IP-address on the display. I also want to see the current status of the encryption mount, BtSync service and the upload/downloads going on. That way I know when I have to SSH into the box to sort something out.

So what does this script actually do? It runs an infinit loop until you kill the process. Every 45 seconds it checks the stuff that doesn't need updating all that often and every 3 seconds it checks the current status of the BtSync operations.

Every 45 seconds:

  • Check the current IP-address
  • Check if the Truecrypt volume is actually mounted
  • Check if the BtSync daemon is running

Every 3 seconds:

  • Checks number of files synced
  • Checks number of files to be synced
  • Checks the current download speed
  • Checks the current upload speed


First you need to wire up the LCD, it differs a bit from model to model but there are ton of descriptions on pinouts if you Google your specific model. Then go ahead and run raspi-config or what ever equivalent your brand of Pi uses. Go under Advanced and enable I2C. Then we download some tools that we need:

sudo apt-get install i2c-tools python-dev libxml2-dev libxslt1-dev zlib1g-dev python-smbus

This will install all the things you need to communicate over the GPIO header to your LCD and also libraries needed for the features in the script. Then you can go ahead and download the script:

 wget -O https://raw.githubusercontent.com/kallsbo/PiBtSyncLCD/master/lcd_info.py


There are a few configs you can do in the script, just use nano to edit the script file.

# Configuration - LCD
LCD_BUS = 2 # The bus that the LCD is connected to. (Raspberry Pi usually 1, Banana Pi usually 2 - can be checked with i2cdetect)
LCD_I2C_ADDR = 0x27 # I2C device address of the LCD, use i2cdetect to find your displays address
LCD_WIDTH = 20 # Number of characters that each line can handle
#LCD_BACKLIGHT = 0x00 # Off

# Enviorment config
NETWORK_NIC = "eth0" # Network card used
TRUECRYPT_MOUNT_PATH = "/mnt/tc_disk" # path where the truecrypt disk is mounted
BTSYNC_SRV_NAME = "btsync" # name of the btsync service
BTSYNC_URL = "https://localhost:8888/gui/" # Web GUI address for btsync
BTSYNC_CRED_FILE = "/mnt/tc_disk/btsync_cred.json" # JSON file with btsync credentials

Script functions

If we first look at the main method it is simple enough. We run the lcd_init() function to initialize the LCD. All the LCD functions was forked from a script written by Matt Hawkins @ Raspberry Pi Spy. Then we set a simple update counter that keeps track of if the 45 second mark has been hit and if we should check the IP, mount and daemon status. It's initially set to 16 so it will run the first loop and the counter is reset. Then it pluses one for every 3 second run so whenever it's larger then 15 the 45 seconds has elapsed.

get_ip_address() - Simple function that takes the adapter name (eth0) as a parameter and then grabs the current IP-address of that adapter.

is_trucrypt_mounted() - Uses the os.path.ismount() function to check if the mount point is actually utilized by the Truecrypt drive.

get_btsync_cred() - Checks for the json file on the encrypted volume containing the UI username and password for BitTorrent Sync. I used this approach to keep the credentials safe. This function is executed every 45 seconds to make sure that the script get's the credentials when the disk get's mounted.

get_btsync_token() - Sends the initial request to the BitTorrent Sync UI (api) to get the token needed for all the requests to the API. This will also run every 45 seconds to make sure the token never times out and to counter any recycles of the web service.

Every three seconds the script checks if it has the credentials and token needed for the requests and if so runs the get_btsync_info().

get_btsync_info() - This function takes two parameters LLforSpeed and LLforFiles which stands for LCD Line. This value is used to display the information on the LCD panel row you like. It simply builds an url with the GLOBAL credentials and token and get the same json that the UI uses. Then parses it and get the total file count for downloaded files as well for files that are in the download queue. It also grabs the current upload and download speed and converts it to Mb/s and displays it on the LCD.

Credentials JSON file

This is just a plain JSON file containing the credentials. You can modify the script to hard code the credentials in the script but that will impact the security of the script. Here is an example of the credential files:

"BTSYNC_USR": "btuser",
"BTSYNC_PSW": ":wDHz56L.blDgM,3Jm"

Cred and final thoughts

This is a simple setup for keeping track of your BitTorrent Sync daemon. It can be modified to just display the current info about btsync and not care about Truecrypt and the other extras I implemented for the "satellite" build.

I want to give cred to, as mentioned before, Matt Hawkins for the LCD example scripts that my LCD code is based upon. Also want to thank all bloggers and forum users for the posts I have read to be able to do this. This was my first time ever to use the GPIO header on the Pi for anything else then pre-built stuff like touch displays.

Any questions or suggestions? Please comment! And please follow me on a social media of your choice for updates...


Comcast Xfinity: Disable XfinityWiFi

Never liked the additional SSID xfinitywifi that my Comcast router broadcasts. What ever Comcast writes on their site of course it effects my bandwidth and my overall wifi performance. If you login to your customer pages at xfinity.com there is an option to disable it (outlined here). I also disabled my own wifi since the 2.4Ghz band is way to crowded where I live but still the wifi radio is running in the router and quite frankly I don't trust Comcast on this issue. So why not just disable it all together and especially if your not using it? If you are still using any $50 wifi router will give you much better performance so just use that instead!
Continue reading...


Pi: Geo-location backup with BtSync

Building a geo-location backup for your NAS is a good idea! To spread the risk over two or more locations increases your backup value a lot. Most people confuse redundancy and backup. If you only have a USB-disk backup of your NAS it only protects you against hardware failure. If there is a fire or a break in you will still lose your data. A lot of people take a USB-disk to a second location, like their office, to mitigate this problem. But to be honest how often will that backup be done if you have to remember to bring the disk back and forth? We want automatic backups to our offsite location, in this case my office. So we are going to build a BitTorrent Sync "satellite"
Continue reading...


OpenVPN performance on the Pi

Setting up an OpenVPN router on the Pi is pretty straight forward but what about performance? How much performance do we lose by using the Raspberry Pi or the Banana Pi? I have been testing a few different models to see what the overall performance difference is. I also wanted to compare them against each other. OpenVPN is heavy on the CPU due to it's encryption, there are a lot of guides out there about turning the encryption of but why even use a VPN then? It all depends on what you use your VPN tunnel for and what kind of through put you actually need. In this test I have used all three main versions of the Raspberry Pi and a Banana Pi.

Continue reading...


Pi: Make a VPN gateway with UPnP port forwarding

Tunneling your traffic over an encrypted VPN can be good for both privacy concerns and circumventing geoblocking. If a service is only offered in a specific country or blocked at your current location. My use case is a bit of both. Currently living in the USA which is the biggest surveillance state on earth I want my traffic to originate from my home country, Sweden, where I know the law and whats allowed and not allowed. Avoiding the mighty force of the NSA completely can only be done by unplugging but at least it's a little bit better. Also several services I want to use is only offered in Sweden, like local Swedish news as an example. Both of these can be solved by setting up a VPN tunnel back Sweden!
Continue reading...


Banana Pi: First run

Banana Pi was created to fill the need for more powerful hardware than the Raspberry Pi supplied. There are a lot of single board computers spinning of the Raspberry Pi success. Even though Raspberry Pi got the throne much thanks to it's simplicity and relatively ease of use, compared to for example the Odroid, it has been lacking hardware vice for some applications. Raspberry has maintained it's position thanks to it's growing community and further development. With the release of the Raspberry Pi 3 they have at least done a good catch up in terms of performance but are still lacking in other hardware areas.

The Banana Pi I used for the first time today is the very first Banana Pi. This particular one is a bit of a globe-trotter!  I ordered it from Chine over a year ago, while I was still living in Sweden. Un-boxed it, put it in it's case and put it away in a drawer. When a moved to California last year it got stuffed in one of the moving boxes and I finally had time to use it. Even though it's first generation and old it still leaves the Raspberry Pi behind in some ways. Back in the day the dual core 1Ghz processor was a step up from the Raspberry Pi so was the 1Gb memory that was twice the size of what the Raspberry offered at the time.

Putting the Banana Pi along side the Raspberry Pi 3 we see that Raspberry is back on the throne when it comes to performance. It has also added on board wifi and bluetooth which makes wonders for my bedroom Kodi install but the Banana Pi isn't beaten yet if you ask me. It still have a 1Gbit ethernet port while the Raspberry still only supplies you with 100Mbit. Why would this matter? When I started testing BitTorrent Syncing for my geo-location backup I ended up not using a Raspberry Pi for just that reason. Since my data was on a NAS the indexing of files over a 100Mbit connection was just to slow. In the end the 1Gbit ethernet connection on a Odroid-C1 performed so much better then the Raspberry Pi.

Another feature that I really like with the Banana Pi is the SATA port and SATA power connector included on the board. The ability to connect a SATA hard drive directly to the board without using USB opens up for some interesting implementations. In the end I really like Raspberry Pi and Odroid and Banana Pi.... They all share a great base to stand on and are good for different applications. The Raspberry Pi is my first choice for "mainstream" applications like Kodi, OpenVpn servers or Transmission bittorrent servers. But when it comes to building the little more specialized stuff there are other, and some times better, options out there.

When I did the first run of the Odroid (also over a year after I bought it!) I realized it was a bit more complicated then the Raspberry Pi. No sleek easy config tools already on the image. Not as much safety nets to prevent you from messing up your kernel etcetera. So taking out my Banana Pi I expected the same! First I realized that Raspbian is available for the Banana Pi as well! And the sleek easy, step by step setup and configuration was available as well!


If you have ever used the CLI config tool on the Raspberry Pi you will feel right at home! One addition that I really liked is that it forces you to change the root password, in my opinion that should be implemented on the Raspberry Pi as well! You would be amazed how many unsecure Raspberry Pi's there are connected to the internet with SSH ports available. When I first started looking into that I was actually surprised since this isn't something that the regular consumer buys and plugs in to there network.

The tool will also let you configure the following:

  • set your timezone
  • set your locale
  • set your hostname
  • set which hardware your on, Banana Pi - Banana Pro etc...
  • expand your root file system

Then just reboot the system and make sure that everything is up to date!

apt-get update
apt-get upgrade

From what I have read so far, and tested my self, you can more or less run anything on the Banana as you can do on the Raspberry. I'm really looking forward to setting up some implementation utilizing the SATA port. What are your thoughts on this feel free to comment either here or on Google+.


SSL Error: Cannot verify server identity

Phone browsers have less trusted root and intermediate certificates than many desktop browsers. This can make your https site look good on the web but fail on mobile devices. Errors like "unable to verify the identity of the server" and others along those lines can show up. This is because the certification chain  can not be verified. Doesn't matter what supplier of SSL certificates you use they all end up in a few root certificates that are shipped with browsers and operating system as trusted certificates.

Many certificate re-sellers have their root certificates further down that chain than others. If the chain can't be traced back to a trusted certificate the warnings will show up. That will not effect the actual encryption of your website, self signed certificates for example still encrypts the traffic, but it will look bad. People can interpret that as a security risk, like a man in the middle attack, or as just low quality.

In this example I have setup a website on a Apache server with a certificate bought from GoDaddy. I haven't installed the intermediate  certificate. Any desktop browser can follow the chain, since it has a different set of trusted certificates, but the iPhone or Android devices can not since they don't have this certificate. There is a hole in the chain between our website certificate and the trusted one that the device have. By plugging that hole with a valid certificate that our certificate references and in turn references the trusted certificate that the device have we can complete the chain and get rid of the problem.

As mentioned above this example uses a Apache web server running on Linux and a GoDaddy certificate. The procedure will be different with other web servers and certificate suppliers but the principal is the same. When your certificate is delivered always check if there is intermediate certificates included.

So in the zip file that your GoDaddy certificate comes in there is a file named dg_bundle-g2-g1.crt, this is the certificate that your web site certificate is derived from and sits between that and the trusted certificate higher up in the chain.

So on my Apache server I bring up the file /etc/httpd/conf.d/vhost.conf

    ServerAdmin webmaster@somesite.com
    DocumentRoot /var/www/html/somesite.com
    ServerName www.somesite.com
    ServerAlias somesite.com
    ErrorLog logs/somesite.com-error_log
    CustomLog logs/somesite.com-access_log common
    ServerAdmin webmaster@somesite.com
    DocumentRoot /var/www/html/somesite.com
    ServerName www.somesite.com
    ServerAlias somesite.com
    ErrorLog logs/somesite.com_ssl-error_log
    CustomLog logs/somesite.com_ssl-access_log common
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/somesite.com.pem
    SSLCertificateKeyFile /etc/pki/tls/certs/somesite.com.key

As you can see we have two ports open, standard port 80 for http and https on port 443. The 443 have certificate along with it's private key configured. Upload the intermediate certificate to the server and copy it into the same folder (/etc/pki/tls/certs) as the other certificate files. Make sure that the apache server have access to it.

sudo chown -R root:www /var/www

Then add the bundle file in the ssl config in vhost.conf by adding this line just below the SSLCertificateKeyFile line.

SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt

Restart Apache

sudo service httpd restart

Now the certificate chain can be completed on the other devices as well and the error/warning will be gone!


BtSync: Let my NAS sleep

BitTorrent Sync (btsync) will re-index all files every 10 minutes to look for new files to sync. After installing btsync on Raspberry Pi initially and then ending up running it on an Odroid-C1 my WD NAS never sleeps. The first 48 hours it was expected since it took all that time to index all the files. But now my NAS never sleeps. Since this is a backup solution I don't have the need for it to actually re-index every 10 minutes. If the Western Digital LiveBook Duo is left alone for 20 minutes it will spin down it's hard drives. So here is a quick guide on how to configure the re-index interval for btsync installed on an arm system. This is done on the system initially installed with the Raspberry Pi: BitTorrent Sync guide.

Continue reading...