- 2022
- Oct
- 9
The SwitchBOARd, a general purpose I/O device using the ESP-03.
When I was spinning up a number of ESP-01 devices, and before I found out how much RF noise they put out, I started exploring some of the other devices that were available in the ESP family. Specifically, the ESP-02 (A SMT version of the ESP-01, hard to get) and the ESP-03.
This board was designed to be a general purpose I/O board where you could read or write three individual bits and monitor those bits for control or notification purposes. Specifically, this was designed as a door open/closed device for garages. The ESP-03 was chosen because it was small, had a built-in ceramic antenna, and had the required number of I/O pins. It also looks kind of cool.
The board featured an onboard programming port and switch, a regulated power supply with a temperature monitor for the regulator, and indicators for all of the I/O. If desired, a passthru for the power supply could be placed, as to provide power for another board of this series without needing a regulator and extra supply.
Ultimately, I never could get the ESP-03 to take a program properly, and had just started to investigate why when I found out how bad these devices were at 320MHz. This board is one of two prototypes I built, the other having been sacrificed to the prototype gods during troubleshooting. Some other WiFi devices have shown up on the market, so this board may live again someday.
The boar outline found it’s way on to other projects, including this blog - and this is where the main page gets it’s name: Red Boar Design.
- 2022
- Oct
- 5
Re-opened my github account.
Some time ago, I had a github account with a few projects on it. That was closed due to various reasons, but I’ve decided to open it again and replace some of the material that was there originally.
The repository is here, if you’d like to check it out.
- 2022
- Oct
- 4
The Fort Wayne (Indiana) Hamfest
The last one in the area that I usually attend, the Ft. Wayne show is indoors and doesn’t get rained out. It’s usually a good portion of the day show, and I’ve never regretted the drive.
http://www.acarts.com/hfmain.htm
The 50th Annual Fort Wayne Hamfest
November 19th and 20th, 2022
9A-4P Saturday, 9A-2P Sunday
Admission $8, Parking $8
Allen County War Memorial Coliseum
4000 Parnell Ave
Fort Wayne, IN 46805.
This one can’t get rained out! See you there.
- 2022
- Sep
- 25
Didn’t make it to the Findlay radio show…
The day wasn’t looking promising. While it didn’t rain up there, the overall mood of the show was somewhat depressed as the threat of weather kept people away. I was told by a person that did attend that the show was still decent. So perhaps next year.
I did manage to make it to an antique engine show the day before, and will post those pictures soon. The next, and probably last radio show that I’ll try and attend this year is in Fort Wayne. Stay tuned for that information!
- 2022
- Sep
- 22
Allow access to a webpage only if inside the LAN?
Recently, I found that I’d like to set up some kind of internal dashboard for systems running inside the LAN. I wanted it to have easy access, and not require you to remember a new address or have to use a special port - it should just automatically resolve with the main website address while inside the LAN and deny you access outside the LAN. Sounds easy, and it is - sort of.
I’m using the Apache webserver, and it has the ability to deny service to you based on the calling IP address. It’s as simple as telling the server what directory you’d like to use, and requiring an IP. I came up with this:
<Virtualhost *:443> (the external website materials) Alias /inside "/var/www/inside" <Directory /var/www/inside ErrorDocument 403 /var/www/errordocs/denied.html Require ip 192.168.1 </Directory> ... </Virtualhost>
Note that you only need to provide the portion of the IP address that you wish to match exactly. In my case, providing 192.168.1 indicates that I’d like to match the entire /24 subnet. (192.168.1.1 - 192.168.1.254)
That worked - sort of. I was able to hit the website from inside the LAN with no issue. Outside the LAN, it denied me access but threw this error:
Forbidden
You don’t have permission to access this resource.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
That’s not what I wanted.The error document was (in the interests of obfusticating the issue) the same as the 404 page (with a slight modification that hopefully wouldn’t be noticed unless you looked for it) to hide the issue from outside parties that may be hitting the website looking for entry points. I know that’s bad practice, but this is a limited access site whose users know what to look for. The error message I received tells the world what the problem is, and even though I turn identification of the server off, probably tells you what I’m running. That won’t work.
The problem here is the Require ip 192.168.1 acts like a “Deny All” when the condition is not met - it even denies the error document regardless of it’s location. I wasn’t really sure how to get over this issue, but doing research revealed that .htaccess files are parsed as soon as the directory is hit, regardless of what else is set in the main configuration file. This isn’t necessarily bad practice, but it’s not best practices. You should strive to keep everything in the main config.
So what is an .htaccess file? Simply put, it’s requirements for the local directory. If you have a directory on your webserver that has a particular access requirement that the rest of the server doesn’t need, you put it here. My case, I was simply going to use it for error documents.
What’s the first thing you do? Find a guide. Someone already answered this question: https://stackoverflo … -use-an-errordocumen. So, following this guide, I did this:
Create .htaccess files in both my webserver root directory and the errordocs directory. In the root directory file goes the error handlers for the webserver:
ErrorDocument 404 /errordocs/nopage.html ErrorDocument 403 /errordocs/denied.html
Nothing else. In the errordocs file goes a simple directive:
allow from all
This does exactly what it says, and allows from all without restriction. This can be dangerous, so don’t put anything in this directory that you don’t want the world to see!
Some permissions need to be set now:
/var/www/errordocs => 755 /var/www/errordocs/.htaccess => 640 /var/www/errordocs/nopage.html => 644 /var/www/errordocs/denied.html => 644
These permissions are pretty loose, so again: be careful. Put only the things necessary for the error handlers into these directories and files. One last step is to tell the server that you want to use these .htaccess files, otherwise it ignores them. This is part of the rewrite module https://httpd.apache … mod/mod_rewrite.html built in to Apache, so enable that and restart the server.
sudo a2enmod rewrite sudo systemctl restart apache2
With the server restarted, you should be able to hit your webpage in /var/www/inside with a local IP address, and get an error message when you’re outside the LAN. Alternately, you could redirect, but that’s an entirely different game since you’ve already denied access.
I suspect this is probably obvious to those reading this, but I’ll point it out anyway. This only works if you’re serving pages from inside your own personal LAN. It’s not going to work if you’re using a remote hosting service or if the server is somewhere that can’t see your local IP. Of course, you can always set a particular address as a requirement, but in this case it’s best to make sure you’re not going to get locked out of your own services by a dynamic address change…
- 2022
- Aug
- 31
Blonder-Tongue Audio Baton (BT B-9) Schematics
A few months ago, I posted about some Blonder-Tongue Audio Baton (Blonder-Tongue B-9) units that I’d rebuilt some years ago. Those units, unfortunately, are long gone but I knew I still had the Sams Photofacts schematic laying around somewhere, and I thought that if I could find it, I’d scan and post it for anyone else who has an interest in these devices.
I was able to locate that documentation, and you can download a copy of it as a zip file or a 7z file. The 7z is a little smaller than the zip file, the zip being about 58MB. The schematics are 600DPI .bmp files for maximum clarity.
I’m pretty sure I had a scan of the original manual as well, if I can locate that I’ll post it as well.
If you happen to know where the units in the pictures are, I’d love to know.
- 2022
- Aug
- 27
email misadventures - security is important!
What happened?
About a year ago, I swapped my domains over to a new registrar. The old one had become stale and was gaining a weird reputation, and they had cut their extremely attractive email plans down to crap Outlook plans. The final straw was when the free-with-reg email they provided was stopped. They charged for things like domain privacy, and it was just becoming more expensive than it was worth.
The new registrar had a better email plan using a non-Outlook service, offered free domain privacy and relatively inexpensive website SSL, so the choice was clear. However, the email plans didn’t auto-config as well as they claimed.
I knew there was something screwy with my email. Gmail, the great Satan of services (but if Google likes you, everyone does) would sometimes tell me that it couldn’t verify my email was sent by pygg.xyz. That TLD is somewhat suspect due to it’s use by spammers, but that wouldn’t cause a warning to happen, it would just bounce as spam. Something else was wrong. It finally came to a head when I tried to send a mail to a particularly tight system and it bounced as blocked.
I learned three new things: SPF, DMARC, and DKIM.
In the examples below, some personally identifying or secure information has been blurred, so do not use these as your own records.
SPF
SPF is a term that stands for “Sender Policy Framework.” It looks something like this:
This record is not one of the main named types used in Internet routing, so it simply gets a type of “TXT,” or as you probably guessed, text. The 1200 is the TTL (Time to live) which I simply left at the default.
What this record means, is that for my mail service of privateemail.com, mail coming from my domain of pygg.xyz is allowed to send mail. It’s simple “match this” mechanism, and it generally works as it’s a yes/no thing. Other mail is quarantined for inspection, which is what the ‘~all’ means. It’s called a softfail. The other option here is “-all” which means that any non-matching sender is rejected. This is called a hardfail. This can be dangerous if you’re not set up correctly, so I’ve left it as soft.
The vendor’s SPF record was orginally set up with a number of IPV4 addresses hard-coded in, which can be dangerous if the vendor’s address changes (such as adding new servers.) I found it better to match the mailserver’s name as opposed to it’s address. In this case, even if an address changes, you still match the name. I’m not sure, but it seems that the vendor may have had more mailservers than the record allowed. This fixed the SPF errors recorded by various testing services online.
DMARC
DMARC is a term that stands for “Domain-based Message Authentication, Reporting, and Conformance.” It looks like this:
This record is also not one of the named types, so it also gets a record type of TXT.
What this record means is simple. If someone tries to send email as you (i.e. spoofing,) the mailserver will take this action and send any suspicious mails to the addresses specifies. It works in conjunction with SPF and DKIM records. This record didn’t exist on my domain, so receiving servers looked at my email with a suspicious eye since they had no idea what my mail service did with spoofed. This record is one purely of self-policing trust. If I can’t take care of my affairs, it makes you less likely to deal with me. It was probably the most heavily weighted reason as to why I was being bounced.
To create this record, instead of wandering through what all of the options mean, I used a helper service. In particular, a site called dmarcian, located here: https://dmarcian.com … dmarc-record-wizard/. This leads you through all the things you need to fill out and automagically creates the record. It’s up to you to create the host and type, but you can follow mine or many other examples online.
One thing of note: You can either QUARANTINE or REJECT mail that doesn’t match your sending policy. There’s also another thing you can do, NONE - this means don’t do anything, just collect data. This is usually seen by receiving systems as a failure and is not suggested - it’s essentially the same as having no record at all.
DKIM
DKIM is the last thing that was messed up on my mail server, and part of it was my fault, part of it was the vendor’s fault. My fault was that, unless you’ve done this before, you have to trust that the vendor is giving you the correct information. As I had not done this before, I simply grabbed what was presented to me and pasted it in. That was wrong. The vendor didn’t clearly say that only a portion of what they presented was needed, and didn’t really mention that you had to append extra fields to use the long strings they generated.
DKIM is a term that stands for “DomainKeys Identified Mail”. It’s a public-private key pair that’s used to “sign” your emails and encode them, and if the receiving server can decode the mail with your public key, it’s assumed that you sent it since only you should have your key. It looks like this:
This record is an object that tells the receiving server what it is, what method to use during decoding, and what the actual key is. It’s (again) a TXT record, but this one has a single characteristic that is quite important. If you look at the first field, you’ll see “default._” - this is the object’s actual name, and MUST be used. In my case, the vendor used “default” as the object name when generating the key, although yours may be different. “s1”, “server1”, “bob” - whatever your vendor’s key generator uses MUST be used here as well. I didn’t understand that and used a name I found others mentioning, that of “s1”. This had the effect of the receiving server failing to find my key, as it was looking for “s1” and the server was using “default”. Changing the object’s name to “default” immediately fixed that and the remote server found the key and decrypted it.
My vendor also presented the key wrapped in a description that they created. That’s what really threw me off - when I pasted that in, remote sites still complained about a bad key, so I needed to determine the actual requirements of the key itself. The only parts of the key you need start at “v=DKIM” (the type of key) and end at the end of the actual key itself (the long string of characters.) Some sites suggested ending the record with a semicolon, so I did. I’m not sure if that’s needed, but it didn’t complain.
DKIM is a two-part thing on your end. You must have DKIM, and it must be valid. A receiver gives you a rating based on both. You can have a key, but if it’s invalid, that may still make your mail pass. Having both a key and a good key is imperative.
After that, I used some email test services that I found online. You send an email, and it analyzes the mail for proper construction. There are a number of those online. The only thing I can say about them is they are usually used for people who are sending newsletters, so they often analyze the content of the message and look for unsubscribe links. You can safely ignore those suggestions if you’re just setting up a personal email.
So what did I learn?
Modern email systems have a lot of security features that must be in place for other email systems to trust you. SPF, DMARC, and DKIM are all required, and even that may not save you.
For example, I’ve found out that my domain, which uses a TLD of .xyz, loses trust points simply for being an .xyz domain. Apparently, that’s used a lot for spammers, but there’s not much I can do about that. I can set my security up, and if you still don’t want to trust me then that’s your business, not mine.
What should you walk away with here?
This wasn’t meant to be a tutorial on how to set this stuff up, every email vendor has different ways of doing it and using my vendor’s system as an example is going to be useless for you. I mostly wanted to tell you about what you should look for when manually setting up your email system. It’s going to be up to you to learn how to implement those practices on your service.
Did the “tight” system accept your email afterwards?
No. It blocks .xyz wholesale, as best I can tell.
Gmail, on the other hand, now loves it and happily accepts it without error.
- 2022
- Aug
- 24
The Hallicrafters S-41G: Found the Sams folder.
While the Riders schematics are useful and have the proper alignment information, the Sams set simple excels in the parts listings for a device. This folder came from a well-known auction site, and is in remarkable shape for something from 1946. I probably paid a bit too much for it, but having this information is simply invaluable.
If you’d like to download the high-res scans of this set, along with the Riders images I posted earlier, you can do so with this link: https://app.box.com/ … 7cuc70d70xnay5dmusuq. This will open a box.com window, and you can either download the entire folder by clicking the “Download” button in the upper right corner, or go through the folders and pick and choose. It’s about 116MB, and contains BMP and PNG images.
You can download a .7z version of the archive here: https://privateemail … 43a07/1/8/NjQ/NjQvMw. This archive is smaller than the .zip version, if you’re trying to save bandwidth and space.
These images are reduced in size and quality so I could fit them without using up my server space. If you’d like the full resolution scans, be sure to use the box.com url above.
Now that I have an accurate parts list, I’m going to make a list of capacitors and resistors. I’ll probably just get them all and replace as needed.
- 2022
- Aug
- 11
The Findlay Radio Club Hamfest - September 11 2022.
This is always an excellent show, and is a “Dayton without the Dayton prices.” If you’re looking for something and it’s not here, chances are you didn’t need it!
Tickets, as always, are $10, and can be bought in advance (print it yourself) online. This year, it falls on Sunday, September 11th, and is usually a hot day. See you there!
Where:
Hancock County Fairgrounds
1017 E. Sandusky St., Findlay, OH 45840
When:
September 11th, 2022. 8AM to late afternoonish.
Tickets and location https://www.ticketta … layradioclub/712150#
- 2022
- Aug
- 11
The Hallicrafters S-41G: Found a schematic.
While I didn’t expect this to be difficult to find, I was pleasantly surprised to find the Rider’s available on Antique Electronic Supply’s website. AES has a nice selection of components for the radio enthusiast, I highly recommend them for restoration components.
Antique Electronic Supply’s website https://www.tubesandmore.com/
Now to start identifying what I need to make this thing sing again.
