Attention comment spammers! I screen every comment on this blog before publication. Please apply your skills to do something better for our world.

Posted on by Don | Leave a comment

OpenVPN on Tomato with Android and Linux Clients

I’ve been wanting to do this for a very long time. When away from home I sometimes need access to the systems (or data residing on those systems) back at home. I wanted to set up a secure means to access the machines behind my router’s firewall and one of the most versatile and secure ways to do that is with a Virtual Private Network (VPN). The problem was that this stuff is pretty complicated and even though the open source firmware we run on our router has had a VPN-enabled version available, I’ve been loathe to try implementing it.

Well, the garage control system project I was recently working on had a hardware failure such that I could not implement it in the original way intended (until I replace the CAI WebControl board central to it). The board failed in such a way that it would not accept PLC programming but would still respond through the default web interface – which unfortunately is not sufficiently secure to expose to the internet directly. However, we were going away for an extended period and I needed to be able to access it while away. A perfect application for VPN technology, I could keep the “vulnerable” system firewalled behind the router and poke a secure hole through it using the VPN to control it from afar when needed. Just the shove I needed to get going on the VPN!

Curiously enough, in googling, I was able to find various basic tutorials about setting up a Tomato VPN-enabled router (which is Linux based) as a VPN server with Windows clients and creating the certificates and keys on Windows but pretty much nothing simple about doing so with other platforms like mine – Android (again Linux based), Linux and Mac. The ones about setting up a VPN with Linux all seemed to want you doing everything down in the weeds of config files and installing VPN packages on your own server (not a router). Not what I wanted.

The good news for you and me is that I figured out how to get this done with minimal effort and it pretty much worked perfectly on the first try, so I’m writing it up here for future reference and to share with any others following this path. Looking back, it wasn’t that hard but the lack of clear guidance made it all confusing. All that said, here’s some clarity on how to get it done:

Creating Certificates and Keys

On Linux Mint LMDE (Debian Linux) workstation, using Synaptic or another package manager install:

This will install the easy-rsa scripts into

Taking note of the instructions at, I did the following:

Copy the easy-rsa files to another location that will persist after package upgrades (note, this location already existed as a result of the openvpn installation and contained the single file update-resolv-conf, so maybe that claim is misleading?) and cd into that directory:
sudo cp -R /usr/share/easy-rsa/* /etc/openvpn/
cd /etc/openvpn

Edited the vars file using vi to set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, and KEY_EMAIL parameters. These were at the bottom of the file for me. From what I can tell, the two email entries are identical but for the quote symbols. I presume the quoted one is meant to be the “real life name”, but nothing I could easily find via google confirmed or contradicted this – so I just set them both to the same address.

export KEY_CITY="MyCity"
export KEY_ORG="My ORG Name"
export KEY_EMAIL=""

I then completed the rest of the steps at the above link using root/sudo priviledges, creating the certificate authority, server certificate and key and then the client certificates and keys. What I found online was not very informative on this point, but the Commmon Name (CN) must be entered each time you build these items and should be varied so as to be descriptive. So, for each command:

For this I specified my own name as the Common Name (I’m my own certificate authority) and it generated two files, ca.crt and ca.key (note, these are not named after the Common Name given, unlike the following).

./build-key-server ServerName
I gave my intended VPN server name as the ServerName which it then used as the Common Name and generated ServerName.crt, ServerName.csr, ServerName.key plus a 01.pem file and changed the index.txt and serial files in the keys directory.
NOTE: I also here encountered something different than that laid out at the above URL, for each key it asked me for:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
which I simply clicked Enter through (I presume to set as blank, as no password was later asked for).

./build-key ClientNameHere
I gave unique descriptive names for each client and it created similar files to the server ones above, named per the client names I gave, created sequentially numbered pem files and updated the index.txt and serial files.

Returned Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
(But it didn’t – it was less than 5 seconds on my main Linux 64 bit workstation)

In the Arch Linux wiki entry for EasyRSA it stated that there was a need to convert the server certificate to an encrypted .p12 format for use on Android. I found this to not be needed, using the OpenVPN for Android client from the Google Play Store.

In order to provide additional TLS security and to protect against potential denial of service attacks against my router/VPN server I also set up an HMAC signature:
openvpn --genkey --secret ta.key

Setting the server and clients up…

As I created all the certificates, keys, etc. on my main Debian workstation, I needed to transfer those files to the associated machines. First I used my browser and the Tomato-powered router (VPN server) web interface to set up the VPN server following the info here *except* for using TUN instead of TAP. Installing Tomato is covered in my other blog post. Here’s screenshots of my settings (click on them to enlarge):

Connecting with a Linux machine. I then set up the test client on my Mint LMDE/Debian laptop following the leads at , which dragged along a bunch of other required packages including openvpn, easy-rsa, etc. I imported the certificates and keys when setting up the VPN connection using NetworkManager. Trying to connect via this initially failed. I thought this might be because I was on my home network at the time, so I proceeded to set up my phone as a client to see if I could use the cellular network to test outside access.

Connecting via Android. I installed OpenVPN for Android from the Google Play store onto my cell phone. Copied over the certs and keys to my phone using USB cable and set up the connection in the app. Took a bit of twiddling to figure out where everything went and which boxes to check, but it connected quickly once set up. Could access private resources behind the router firewall now! I went on to set up my Android tablet with the same app.

Connecting from an Outside Network. Brought my phone, Linux laptop and Android tablet for a drive to find an available Xfinity Wi-Fi connection. Tried each client to access the VPN once connected to some poor folks’ wireless access point (why folks stand for Comcast doing this, I don’t know), and they all connected quickly and could access my Garage Control System web interface on my home network… success!

Note that in none of these set-ups did I need to edit or create any configuration files manually on the clients or server, despite lots of other tutorials making great points of this! It appears each of the OpenVPN server and client implementations I used took care of this for me.

The only bit of weirdness is that I cannot figure how to directly disconnect from the VPN using NetworkManager under MATE desktop on my Linux laptop. I can disconnect the VPN by dropping the wireless connection overall. There should be a “Disconnect VPN” option within NetworkManager but I don’t see it on my laptop when I’m connected (it is there when I’m not!). But that’s a (minor) problem for another day.

I’ve found the disconnect option in the VPN menu under NetworkManager and that can be used to drop the VPN connection. The Android clients have a connection status entry in the notifications list which provides a disconnect option once clicked on. All good to go now!

Posted in Computer, Debian, DIY, Linux, Mint, Windows | Tagged , , , , | Leave a comment

Spicing Up Your Dance Collection with Pepperplate

In this post I will lay out some history of how I have managed my dance collection and what I am currently exploring as a way to greatly simplify the work of building and maintaining that collection and making it available whenever and wherever I am.

I’ve been calling (leading/prompting) contra dances for several years now. One of the things you need to figure out pretty quickly when you decide to become a caller is how you’re going to record and organize your dances.

Like most beginning callers, at first I recorded dances by hand on index cards (or all too frequently, any spare sheet of paper I could find at a dance). As my collection grew (and I started actually having to use these compositions to lead others through the dances) my requirements for standardization and legibility grew. (In all fairness, my background includes quite a bit of business process work – so I’m a bit of a process wonk.)

So for a couple of years now I’ve been working with a system which typically involves too much work. Why? Because I chose to standardize on using 3×5 inch index cards, which turns out to be pretty darn small. The 3x5s have enabled me to carry my core card collection easily in my dance bag if I want. But the small size means I need to really work on re-writing a lot of the material I gather to abbreviate or summarize and reduce to a standardized shorthand format I record on my cards. The real estate has been very constraining (but in fairness has made me really good at slimming down language clearly). And when someone else wants to see my card or I post a dance to a discussion group there’s sometimes questions about the notation.

I have been creating these cards using a template I had set up in Open Office Writer (now Libre Office) which then I would laser print 4-up on card stock as I added new ones or a given card wore out/was revised and then cut them with a paper trimmer to size. I could also export the cards to a large PDF file containing my whole collection. I kept both the pdf and original files backed up and synchronized across several computers via Spider Oak so I would never fear losing my collection. An example card:
A dance card format example.
My workflow for finding dances and transforming them into a usable card was essentially:

  1. Find a dance I liked. This could be from dancing or seeing one danced or based on something in email from a group/forum, etc.
  2. If got in person, I originally would scribble it down. Sometimes a caller would offer to email it to me. My latest trick has been to either take a cell phone picture of a caller’s card or quickly get the dance name and/or moves entered into Google Keep on my phone.
  3. If via email, I tag the email with a “Dance to Collect” tag in GMail which becomes a queue to transcribe from.
  4. Discover my dances in queue (Keep, email or photos) and review them for quality/suitability. Was I just in a dance trance and got carried away or is it really a good one? Will I actually call it? If all good, continue on. If not, delete or recycle the paper.
  5. Process worthy dances into standard format, adding them to the master Writer file. Queue them in the “dances to review” section and when there’s a suitable chunk, print on recycled regular sheets of paper to try out.
  6. Kitchen Validate. Try dancing my transcribed card in our kitchen. If needed, cajole other family members to run through it with me. Apply my now standard set of QA checks to the dance (progresses? work for both roles? etc.) and create teaching notes as required for when I’d call it.
  7. Dance Validate. When a suitable opportunity presents, call the dance. Note any key learnings on the card and mark it as validated as applicable. Factor in any dancer or musician feedback (often noting the tune chosen, if I’m sharp enough to ask).
  8. Update Cards. When I’d think of it, I would drag out my cards and scan them for ones with handwriting on them and record that information back into the electronic copy. If significant, I’d reprint the card(s).

As you can likely tell, that’s a lot of work. However, my cards enabled me to do a pretty good job calling even material that was new to me. I often got positive comments from musicians I worked with about the cards being very usable.

If you’re a caller, you might ask why I wasn’t using one of the existing caller tools to capture my cards, like Caller’s Companion or Dance Organizer? Well the answer is that I don’t have any iThings or WinThings. I run Linux on all my computers plus my cell phone and tablet are using Android currently. Sadly both of the established caller solutions don’t support any of what I’ve got.

So in a fit of frustration the other day I launched into yet another of my ~yearly reviews of the caller/leader software out there and found the dedicated applications landscape to have essentially remained unchanged. I thought briefly of setting up something on my own domain,, to do this as a database application but that would be limited to where I could get on a network. So, as an open source enthusiast, I started thinking creatively (we often need to do this, as popular “local app” tools are frequently omitted for Linux in particular). My breakthrough was thinking “what is a dance card?” and my answer was “it’s effectively a recipe for a dance.” With that insight, I started researching the recipe management software solutions out there. Again, I found a lot of stuff for OS X and Windows, even Android and a bit for linux. As I looked into it I realized my criteria basically boiled down to:

  1. Being able to add or edit dances anywhere I was on any device
  2. Being able to print them to hard copy if needed
  3. Being able to organize them into a program for an evening.

These were the core requirements, several ancillary ones flowed from there. These included the ability to classify dances in standard ways for filtering, searching to quickly find one, and managing my work queue. Also important was the ability to work offline when a web connection was not available (and sync that work when connected again).

The end result of my search was finding the Pepperplate recipe suite. It supports all my electronic devices, either through local apps or website tools. It supports tagging, filtering and search. The dance and meal analogy gets extended via treating a dance as a dish, a program as a menu and a booked event as a planned meal. It supports sections (parts) of a recipe, like sauce (A1), ingredients and instructions (moves and calls/teaching points). Pepperplate provides for adding dishes to a menu, and menus to a meal. I find that the analogy fits pretty well and I can use this tool to do most of what I want for my dance collection seamlessly. It also supports sharing recipes (dances) in a couple of easy ways.

The biggest difference from what I’ve otherwise found in the caller tools space is that this will work with pretty much all popular (and even unpopular) devices and that it automatically syncs across them. And not that it really matters given the relatively low cost of the existing dance leader applications, but it is also free.

I’m in the early stages with Pepperplate and tried calling from it for the first time just this past weekend. I only have a limited set of dances in the tool so far but it has been doing pretty well. I’m no longer severely space constrained! I do have some criticisms and have discovered some workarounds (mostly Android settings) to get around them. And BTW, there’s a big plus for me: the Android app includes a timer for each dish (dance) in a menu (program), so I can set it for how long I want to run the dance and a “can’t miss” message pops up to keep me on track.

In fairness, there are some risks and glitches with using Pepperplate for a dance collection beyond the obvious. These include a dependence upon a business with a not entirely clear how they make money business model. They might also not be happy with it being used this way (though from a quick review of their Terms of Service it appears to not be in violation and doing so just provides more eyeballs for their ads served). However, the data is stored locally on the device for off-line use and (at least on Android) is in a format that can be backed up and extracted/manipulated should go belly up.

Is it ideal? No, but it’s ~85-90% of the way IMO. Until something better comes along, I think I’ll be using Pepperplate to manage my dance collection going forward.

In a later post I’ll cover my experiences and tips with using the tool for this application: limitations I’ve found as a dance organizer (and even as a straight recipe) app, how I’ve set things up for ease of use/applicability and how I’ve fit Pepperplate into the dance collection workflow I lay out above. A quick preview: it has made things much easier!

Posted in Computer, Contra, Dance, DIY, Frugal Living, Linux, Recipes, Windows | Tagged , , , , | 2 Comments

gLabels Avery 5167 Template Problem

Was having trouble printing some 5167 Return Address labels using gLabels. The alignment was significantly off in my set-up using the default predefined template installed with gLabels on my Linux Mint LMDE netbook.

In comparing the template definition file with the stock measurements I found several things to be off slightly. In addition, my Samsung ML-2851ND laser printer appeared to be shifting the page image a bit also.

I created a custom template, adjusted for what I was experiencing, and now I can print consistent cleanly formatted labels within the stock outlines. Should you be experiencing similar issues, you could use my custom 5167 template. Just save into a file named as your_filename_here.template in the location set by your distribution (for Linux Mint LMDE, I discovered that was in ~/.confg/libglabels/templates).

BTW, should you need to customize the template further, see this documentation.

Good luck!

Posted in Computer, Debian, Linux, Mint | Tagged , , , | Leave a comment

Google Voice Greeting Playback Problem with Firefox and Flashblock

Just debugged a problem which for which there seemed to be no solutions posted on the web already. So in case you (or I, should I forget :) ) run into this, here it is:

Was trying to play back Google Voice greetings on my Linux Mint LMDE system today. I selected the proper greeting and pressed the play button, but nothing happened.

Thinking this was some sound complication with my recent LMDE update pack 8, I spent some time poking around my alsamixer and pulseaudio settings and nothing seemed amiss. Tried googling the web for others with the problem but nothing direct came up… but something triggered me to think about what they used to accomplish this playback within a browser window and I thought… “flash!”.

I had recently installed the Firefox extension Flashblock, which disables and replaces flash entities with a little symbol you can click on to enable them selectively (no more annoying ads playing on web pages and slowing down page loads!). The problem was that the GV greetings page was using flash, but the indication of it being blocked was not showing – there was no symbol to click on.

So I went into the Firefox extensions settings dialog for Flashblock and whitelisted and then went back to try playing the greeting – presto! we have sound!

Posted in Computer, Firefox | Tagged , , , | 1 Comment

Better Than a Rooftop Box – Take 2

After a bit of a delay I finally got around to finish painting the trailer begun some time ago. I think it has turned out really well but is eggregiously over-engineered – hence it has a new acronym-derived nickname: MOET (Massively Over Engineered Trailer). At least it should last for a good long time!

Here’s some shots of the (mostly) finished product, which is painted with Interlux Brightsides marine paint using the “Roll and Tip” method. There’s just two things outstanding for this right now – I have the vinyl to sew up a matching yellow spare tire cover and I’m in the process of designing a new LED-illuminated license plate holder to mount on the back center of the box (you can see the power connector for this is already installed in position). Yes, I’m not satisfied with any pre-made ones on the market currently. :)

Click on any of the images below to enlarge the picture.

Front3-4Front View – Note the shiny paint!

Rear_3-4Rear View – Showing changes from the original version including illuminated guide posts and high signal lights

Rear-OpenHatch Lid Open – With revised integral wiring channel for compartment lighting

Ear-FrontFront View of Added “Ear” – I needed a way to mount the guide lights which would allow them to clear the lid rim

Ear-RearRear View of “Ear” – Additional turn/stop signal light and guide light wiring is routed through here into box. Note the quick disconnect to allow removal of the guide posts for storage.

Driver-Rear-WiringChannelDriver Side Wiring Channel – Including protective cover for wiring junctions and switch for lid LED light

Pass-Rear-WiringChannelPassenger Side Wiring Channel – All wiring is routed inside dry fitted 1/2″ PVC pipe to protect it from cargo damage

Posted in Frugal Living, Trailer, Travel | Tagged , , , | Leave a comment

Autumn Olive – Crab Apple Jam

jarI’ve become a little bit crazy about foraging for unloved natural foods available nearby. For a little over a year following a class given by Russ Cohen, we tried to find Autumn Olive (AO) in our area, checking out just about every bush with red berries nearby but coming up empty.

One day we tried a “story walk” with our toddler daughter in a nearby conservation area and bam! we happened on autumn olive bushes! Once we knew what the real plants looked like (they were talked about but not shown in Russ’ class), I came to see them everywhere. They’re very distinctive once you’ve found one.AO-berries

So, with the fruit everywhere and so easily gathered, the next challenge was to make something with it! At first, I tried the fruit leather mentioned in Russ’ book. Several gallons of berries became three quart baggies full of deep rich red fruit leather. Sadly, my wife isn’t fond of it – although our daughter shares my fondness for the tart fruity taste.

The same conservation area has a crab apple tree whose fruit was made freely available. One day we went picking and turned them into a very flavorful jelly that my wife is very fond of.

A friend heard of my fondness for AO and gave me a recipe for AO tart from Northern Woodlands magazine, which I made for a potluck at a contra dance and found wifey liked that (contained sugar where the fruit leather hadn’t).

I’d found another small crab apple tree while gathering the latest batch of AO for the tart, so I had some of those and a bunch of extra AO left over and was looking for something to use them up. There are very few unique AO recipes out on the web and even fewer for AO jam or jelly. I did come across one jam recipe that used commercial pectin, but I didn’t want to go that route and remembered how easily the crab apple jelly had naturally set. Seeing that I had several cups full of crab apples on hand, I thought I’d take a shot at coming up with my own combined Autumn Olive – Crab Apple jam recipe (despite this being my first time making jam, but hoping that combination might become a hit with all three members of our little family).
To my delight, it turned out great! Good flavor and a firm natural set with wonderful color. So here it is…

Autumn Olive – Crab Apple Jam


6 cups crab apples (firm, ripe)
8 cups autumn olive
3 & 2/3 cups sugar
1 tablespoon concentrated lemon juice
1 tsp coconut oil (optional, for foam control)


Cut crab apples in half from top to bottom, remove blossom end and stems. Clean autumn olive berries to remove all stems, leaves and unsound fruit. Process 2 cups of autumn olive berries through a food mill to remove seeds and skins, yielding a cold puree (I had this left over from preparing the tart above, and decided to use it in place of adding water to the pot for boiling the fruit). Add the puree, the prepared crab apples and remaining clean autumn olive berries to a large pot. Bring the mixture to a boil, reduce to a simmer and cook for 20 minutes.

Empty the pot’s contents into a food mill and process to yield a cooked puree free of seeds and skins. To me, the appearance and texture was much like a good tomato sauce with slightly brighter color. (The crab apples I’d found were late season and grainy when raw, and some of that carried through into the puree.)



Put the puree into a clean pot with the sugar and bring to a rolling boil. (This being my first time with this recipe, I tried adding the lemon juice to help the set and added the sugar gradually until it seemed right.) Adding the coconut oil will help suppress the foam formed during the boil and save time later (some canning recipes use butter but that didn’t seem right to me, so I substituted the coconut oil successfully in both the crab apple jelly and this jam). Keep boiling until the mixture starts to “candy coat” the back of a metal spoon. The mixture is somewhat firm but still liquid at this stage.

Transfer the cooked jam to prepared canning jars and process normally (I used a quarter inch or so of head space processed in boiling water for 15 minutes), cool and store. Yield was almost exactly 12*4oz jelly jars and one pint jar of rich red firm set jam.

My daughter and I enjoy this jam a lot. My wife likes it less than the crab apple jelly (she seems to taste a “bitter” note in autumn olive fruit which we don’t). The grainy nature of the late season crab apples seemed to reduce with the further cooking, but there’s still a hint of it in the final jam. I look forward to trying to refine the recipe next year with earlier fruit, just hope the existing stock lasts that long!

Posted in Foraging, Recipes | Tagged , , , , , , , , , | 4 Comments

Recovery of Files from a Unbootable VirtualBox VDI

I do most everything computer-wise with open source software, but the one hold out remaining that requires the use of a proprietary OS is TurboTax. As a result, TT ran in a Windows XP virtual machine under VirtualBox on my Linux desktop. Unfortunately, after completing our most recent return, I got a little excited to do some basic housekeeping and tried to merge snapshots from the VM in order to save some disk space. Unfortunately, as the attempt at merging snapshots resulted in an error being reported by VirtualBox that basically amounted to “you’re really screwed, buddy” but put in much geekier terms with a bits and bytes error code. A later attempt to re-merge or boot the VM again did not work. The virtual machine claimed that key windows files (like the kernel) were not available. Argh!

OK, so I’m usually pretty careful and save off critical files from the Windows VM to the Linux host. I sadly did not do that for the very-last-as-filed TurboTax working file (I had an interim copy from several hours earlier but I know we made changes later). Had the pdf copies of our returns but not the final version of the .tax2011 file, which normally copies over key details to our next year’s return. And of course, hadn’t yet set up SpiderOak to backup the files from within the VM to the cloud. Double argh!

As the VM would not boot, I tried various alternative boot scenarios to get at the files but none of them worked, using either a Windows install CD or a Linux live CD image within the VM. Furious Googling finally turned up a useful working solution to allow access the files on the Virtual Disk Image (VDI) associated with the VM. Was then able to copy out the files needed from within the virtual Windows environment to native Linux file storage. Phew, dodged that bullet! Here’s what I did under Linux Mint LMDE 64-bit to get access and then clean up afterwards:

Install Required Packages
Using Synaptic, installed the qemu-utils package, which dragged along a bunch of dependency packages.
bridge-utils (1.5-6)
ipxe-qemu (1.0.0+git-20120202.f6840ba-3)
libaio1 (0.3.109-4)
libiscsi1 (1.4.0-3)
libspice-server1 (0.12.4-0nocelt1)
libusbredirparser0 (0.4.3-2)
libvdeplug2 (2.3.2-4)
qemu-keymaps (1.1.2+dfsg-6a)
qemu-kvm (1.1.2+dfsg-6)
qemu-utils (1.1.2+dfsg-6a)
seabios (1.7.3-1)
sharutils (1:4.11.1-2)
vgabios (0.7a-3)

Gain Access to the Disk Image
Within a terminal window, executed the following commands:
lsmod | grep -i nbd
Nothing was returned, so the nbd module was not loaded already. Loaded it:
sudo modprobe nbd max_part=16
Run qemu-nbd to expose the entire unbootable image as a block device named /dev/nbd0, and the partitions within it as subdevices.
sudo qemu-nbd -c /dev/nbd0 WinXP_VirtualBox.vdi
The referenced blog posting/commentary said to issue a partprobe command, but I got an error about it not being available and didn’t seem to need it as the partitions were visible without it. Could see this by:
ls -l /dev/nbd*
To determine partition details:
sudo fdisk /dev/nbd0
and press p
This revealed the desired Windows NTFS partition from the virtual disk:
Disk /dev/nbd0: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders, total 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xdc94dc94

Device Boot Start End Blocks Id System
/dev/nbd0p1 * 63 20948759 10474348+ 7 HPFS/NTFS/exFAT

Access and Copy Off Files
OK, so create a mount point for the virtual disk and mount it READ ONLY:
cd /
sudo mkdir RECOVER
sudo mount -t ntfs -r /dev/nbd0p1 /RECOVER

Finally I could look at that mount point and recover the files:
cp -p /final/linux/resting/place/

Cleaning Up
Once I got all that I needed off the VDI, unmounted the image and shut down the qemu-nbd service:
sudo umount /RECOVER
sudo qemu-nbd -d /dev/nbd0

Then used Synaptic to remove all the qemu packages I’d just installed, to prevent the accretion of bloat hopefully never needed again. I’m trying to keep this Mint LMDE install tidy and avoid an OS reinstall for a good long time!

Posted in Computer, Debian, Linux, Mint, Windows | Tagged , , , , , , , , , , | 2 Comments

Unlimited Home Phone Service for Under $3/Month

UPDATE OCT 2014: Well, it appears Google has changed their mind and what I describe below continues to remain available via Google Voice and the Obi device. I took their word for it and moved my solution over to Anveo (including porting my number to them), which has been pretty robust and much more flexible, but does cost a bit more a month (peanuts, really). However, had I known then that GV would stay available on the Obi, I would have stayed with the solution documented below.

UPDATE OCT 2013: Google has announced that the interface that the Obi device uses to connect with Google Voice will stop working on May 15, 2014. This means that the days of free voice calls using the Obi/GV solution detailed below will be coming to a close at that time. The Obi will still provide VOIP access to other low cost services (like Anveo, as detailed below) going forward.

I’ve been using VOIP (voice over internet protocol) phone service since 2006. I was previously using a small local company, Galaxy Voice, with pretty much zero problems from the start (just an occasional need to reboot my Grandstream ATA or network gear periodically after a power outage, etc.). I was very happy with their plan I had – which cost basically $5 or less monthly (usage-based). Unfortunately, I got a notification email that they were effectively going out of business (due to the failure of their supplier) at the end of June 2013. So the hunt was on for a replacement carrier!

I knew about the possibility of using Asterisk PBX software on a local linux machine to be able to make low/no cost calls using Google Voice (hereafter referred to as “GV”), but setting up an Asterisk server with dialplans, etc. is not for the faint of heart. So I was really looking for a traditional VOIP provider that would replace Galaxy Voice at the cost level we had been used to. The basic consumer-oriented VOIP companies (e.g.: Vonage {which I’d used before for my work-from-home business line} or VoIPo, etc.) all seem to have decided that the ~$10-15 price point is their target, unless you pay for two years in advance. Paying in advance for a long term commitment to something I had no experience with was a bit of a leap and their long term pricing was still on the high side of my target (given that both my wife and I use our cell phones for much of our calling, so the home phone has been mostly just for accounts contacts, etc. and not daily use). So another solution was desired.

Google Voice

I’ve had GV in place for several applications up to now and was very pleased with the service and features. For instance, I set up the New England Folk Festival Association (NEFFA), a purely volunteer-run organization, to use a GV account as their main number which then sends to select board members an email transcription and vmail link for follow up action. Also my wife and I have GV numbers which we give out so folks have “one number” access to us on both our cell phones and home phone. Additionally, GV offers SPAM filtering for calls much like their well known email filtering! So going with GV was a great idea from my perspective. Now, just how to do it without major complications…

Obihai ObiTalk Devices

My research ultimately accidentally uncovered the Obihai tech ObiTalk devices, which promised easy GV configuration right out of the box. As I sometimes subscribe to the “pay just a little more to get disproportionately more” school of tech purchasing, I went with their model 110 device (~$50) instead of a 100 (~$40). This way, if I ever found a need to connect my new Obi110 with my old Grandstream HT-386, I’d have the analog phone port available.

Porting Fun

The biggest difficulty in the whole process was working through porting our old home phone number from the rapidly dying Galaxyvoice through to Google Voice. Because Google only supports porting in mobile numbers, I had to port the number twice: from Galaxy to a cell phone provider (I used Tracfone as I already had an old phone for them sitting around) and then from Tracfone to Google Voice. Long story short, this process cost ~$40 total and took a little over a week including the shipment of a new SIM card.

Setting Things Up with the Obi110 and GV

As the first stage of the porting process was under way, I created a new Google account to use solely for the home phone service. I did this standalone account as a security mechanism so, even if the account got hacked, there would be no additional risk of my primary account’s other personal information (email addresses, etc.) being leaked. This let me pick a new local phone number to use as a GV number in the interim. I then used that account’s details to set up and test the Obi110 device. It worked great, no issues with call quality and NO bill. The one major limitation I discovered is that GV doesn’t support 911 calls.

E911 Support and Other Feature Needs – Anveo

So to cover the 911 need (we have a small child at home and working 911 is always a great idea), I opted to sign up for inbound and outbound service through and use that as the second VOIP service registered on the Obi110. This worked out for several reasons… for one, I needed to provide a number in my parents’ area code ($2 per month with unlimited incoming minutes) so they could call me from the facility they are now living in (which only allows local calls) and Google Voice did not currently have any local numbers available – so GV was not an option. Secondly, they provide E911 service for a very low monthly fee ($0.80/month) plus the outgoing call rate (low, and we hope to never have to dial 911). As a bonus, Anveo supports both FAX receipt (free) and sending (very low rate) using that same number. Third, as Google Voice does not allow for one GV number to forward to another GV number [*I later discovered a unique workaround for this, see below], we’d need a new number for my wife’s and my GV “one number” numbers to forward to. Fourthly, Anveo allows you to set the outgoing caller ID to be any number you can prove you own (by answering a call at that number), so any call we place via either GV or Anveo will always show our home phone number as the caller ID.

Setting up the Anveo service on the Obi110 was really easy through their portal and worked straight away. Anveo provides a ‘933’ number you can call to test 911 without bothering your local emergency center, which showed all was set up properly. BTW, Anveo’s payment scheme is pre-paid, much like filling a gas tank: you use some payment mechanism (PayPal is preferred) to put funds on account with them and they bill against (deduct from) that balance automatically for the service used. They’ll alert you when your account balance gets low so you can top it up. So far I am very happy with Anveo – they responded to (by implementing!) a couple of feature requests/fixes I submitted to their feedback form in under 24 hours! When did you ever see that from the likes of AT&T or Comcast?

Buttoning Up

Once the Tracfone port completed (which required much hand holding/follow-up on my part due to the Galaxyvoice situation), the GV porting was submitted and finished in just a couple of days. When done, the old home phone number now rang straight through to the phones attached to the Obi110. Success! The interim GV phone number will go away in a short while (but if I wanted to keep it as a second number they offer to do so for a one time fee of $20, before that expiration date). As with any VOIP solution, the Obi110 is subject to power outage downtime, so I added it to the set of machines powered through our UPS for battery back up. And we can always call on one of our mobiles during an extended or widespread outage.

Bottom Line

We now have a full phone solution fielding more features than we were looking for, paying just $2.80/month (even lower once I take advantage of Anveo’s 1 year prepay service discount).

Regular calls come in and go out through Google Voice. Calls from my parents (and FAXes) come in through Anveo and should we ever call 911 it will go through them (as can outbound FAXes via their web portal). We don’t have to do anything special for calls, just dial (or answer) the home phone and the Obi110 routes it all correctly. We’ve been using this solution for over a month and nobody has said a thing about the GV call quality or not being able to reach us – so all is well. The one downside is caller ID. Unfortunately GV has very limited caller ID – all calls processed via GV show only the phone number (not name) passed through (both in- and outgoing) to any phones involved (there’s a lot of folks clamoring for caller ID with name to be added, which I hope they do). Google does offer somewhat better caller ID via the voicemail and contacts system – so long as you tag a contact to a given phone number, the GV web portal shows the contact name you set (for instance, on a voicemail transcription).

The biggest chore with the transition was researching the possible solutions (which I hope you benefit from here :)). Should you value this info and sign up for Anveo service, I hope you will provide my referral code 3018755 at the time of sign up so I can get a small service credit, you enter it here in the signup form:Anveo-Referral

Google Voice to Google Voice Forwarding Discovery

As has been widely lamented on the web, GV does not allow for one GV number to forward to another. This is a significant limitation for many hoping to use GV as their primary carrier, and I anticipated running into it once we ported our home phone number over to GV. I expected that my wife and I would need to change our personal GV “one number” numbers to point to the new Anveo number we provisioned above (which is why I went for the Anveo $2/month unlimited incoming service vs. the $1/month + usage minutes service – our monthly total cost could be as low as $1+0.80/month as a result of my GV internal forwarding discovery).

Remember, we had already had our separate GV numbers set up with the home number as a forwarding phone (whilst provisioned via the old VOIP supplier). To my happy discovery, our separate GV numbers continued to ring through to our home phone number after it was ported to GV! So it appears that the GV system is perfectly capable of forwarding from one GV number to another, they just preclude it when you set up a forwarding number. The key is to already have the forwarding set up while the target number is outside the GV system and then to port the number in, which will bypass the apparent step of checking for GV internal forwarding.

Again, I hope you find this information helpful and I definitely recommend implementing this solution if it meets your needs. Please do consider using my Anveo referral code 3018755 if you follow our path and use them. Happy calling!

Posted in Computer, Frugal Living, Web Architecture | Tagged , , , , , | 4 Comments

Train Firefox mailto: to use Google Apps – Take 2

In a prior post I’d detailed the method of using a javascript entry to add an external mail resource to allow clicking on mailto: links to use the Google Apps version of gmail. Unfortunately, when I tried to repeat that method on my newly reloaded Netbook running Linux Mint LMDE with the default Firefox 20, it didn’t work. I’d enter the javascript string in the browser URL bar but nothing happened this time. I wonder if it had something to do with copying the text from my prior blog post and it not containing a proper html entity for the ampersand (‘&’) character, but I found another way to fix it anyway that’s a little more geeky but actually easier to do, as there’s no about:config action required.

My solution was to track down where these options are set and then manually edit the mimetypes.rdf file in the user’s firefox profile folder with all instances of Firefox closed. Enabling the Google Apps selection required adding both a
NC:possibleApplication RDF:resource= and a
RDF:Description RDF:about="urn:handler:web:
entry. Once completed, the agent was selectable in the preference Applications setting and worked properly for me.

Here’s the entries I made (NOTE: replace in the below with your own Google Apps domain):

<RDF:Description RDF:about="urn:scheme:handler:mailto"
and add above the other similar entries below there the following:
<NC:possibleApplication RDF:resource="urn:handler:web:"/>

Find <RDF:Description RDF:about="urn:handler:web:"
and add below that entry the following:
<RDF:Description RDF:about="urn:handler:web:"
NC:prettyName=" email thru Gmail"
NC:uriTemplate="" />

Restart Firefox and change your application preferences for mailto: links to use the new agent and you’re all set.

Posted in Computer, Debian, Firefox, Linux, Mint | Tagged , | 2 Comments

Arch Linux and 1-Wire on a Seagate DockStar

Outline for now. This is currently improcess, but I’ve made much more progress than shown below – I now have all but the data logging/graphing set up and everything autostarts with new systemd service files. Yay!

Reinstall latest Arch following instructions.

Modifications to that installation process:

  • Create the system partition as ext3 instead using mke2fs -j /dev/sda1 and make sure the boot loader knows to use ext3:/usr/sbin/fw_setenv usb_rootfstype ext3
  • Perform the fw_setenv mods for rootdelay and an additional stop/start on usb drive/bus (figured this out the last time, required to ensure the usb drive will come ready before the DockStar tries to boot from it) /usr/sbin/fw_setenv usb_rootdelay 10 (should experiment to see if this can be reduced with the next item in place) and /usr/sbin/fw_setenv bootcmd 'usb start; usb stop; usb start; run force_rescue_bootcmd; run ubifs_bootcmd; run usb_bootcmd; usb stop; run rescue_bootcmd; run pogo_bootcmd; reset'. Otherwise the DockStar may boot into the original PogoPlug OS instead.

Change root password. Update hostname and locale per instruction at Arch Beginner’s Guide (HW reboot required for hostname to take effect)

update system: pacman -Syu

Install owfs, lighttpd, FastCGI and PHP: pacman -S owfs lighttpd fcgi php php-cgi (digitemp not available as a package yet, see AUR)

Set up lighttpd (including PHP and fcgi support, but DO NOT make the first set of mods shown right under the FastCGI heading, this is to enable Ruby on Rails but is incomplete and will bork the server start-up)

Set up passwordless login via key:

On your local machine, copy over your local public key to the new server using
user@localmachine ~ $ ssh-copy-id root@remotemachine
root@remotemachine's password:
Now try logging into the machine, with "ssh 'root@remotemachine'", and check in:


to make sure we haven't added extra keys that you weren't expecting.

Modify /etc/ssh/sshd_config to disable password authentication (without this, the passwordless authentication will work, but others could still try to log in with the root password):
PasswordAuthentication no
ChallengeResponseAuthentication no
PubkeyAuthentication yes

and restart the sshd service:
systemctl restart sshd


  • Get owfs suite working and create the proper config and daemon files to have it autostart and keep running [DONE, details to be added here – but all the magic happens via /etc/systemd/system].
  • Create web page(s) to autodisplay the local 1-wire sensors data as well as interesting data from a chosen wunderground feed [DONE, using the json API for wunderground, details to be added here].
  • Automate the data collection and graphing for sensors. [PENDING]
Posted in 1-Wire, Arch Linux ARM, Computer, Linux | Tagged , , , , | Leave a comment