Journal from Kotnik

We have our #Renault Twingo E-Tech electric for almost a year now. We are using almost daily for chores around the town, and sometimes to drive on a highway to nearby city. Here are my impressions.

• This car is very small, but not uncomfortable inside. I can park anywhere, or do a quick u-turn even in smaller streets.
• Regardless of its size, it can quickly accelerate and I found that very useful for quick overtakes or just for plain fun. It's not super powerful, but very noticeable if you come from a gas powered vehicle. But it's not very fast, and it burns a lot of energy on highways because it's not aerodynamic. It's okay for me since I don't need to go faster than 100 km/h anyway.
• Trunk space is ridiculously small. I can fit in the groceries, or kids' school bags, but that's it. It doesn't have a frunk, there is simply no space for it.
• It's equipped with a digital radio, and I've been enjoying that immensely. The type of music I like is not very popular so radio stations playing it are not saturated with ads, and the radio is on most of the times. I can't stand the sound of FM anymore, as a side effect.
• Most of controls are physical buttons and dials. Even turning on the engine is done by turning the key! I really appreciate this and my brain was quickly trained to automatically do stuff without looking. Gear stick is also sensor-less and follows standard P-R-N-D system.
• The car is connected, it has a SIM card built-in and sends a ton of metrics to Renault. We can not access any of it. Yes, you can remotely turn on the climate control, or see the battery level, but that is it. I worry about privacy aspect since that data will most probably be sold, or end up leaking.
• Mainly due to its size, the car is very energy efficient. Judging by its own stats it spends 11.3 kWh per 100 km. That is really, really low. My gas powered vehicle spends 10 times more than that, mostly by sending the heat and pollution in the atmosphere.
• I was surprised by the price of electricity. I was expecting that using EV vehicle would be more affordable, but it really isn't that much. We spend around 60€ per month for electricity.
• Cruise controls and speed limiter are really awful, they are my biggest issue with this car. I use them frequently, especially the speed limiter for urban zones, and hate it every time. To turn it on you use seesaw switch next to the gear stick, but the rest of controls are on the wheel itself: on the left side are +/– and the right of the wheel pause and resume buttons. Just next to them is voice-assistant one, and I frequently hit it by accident. It's a usability nightmare.
• There are no front or side proximity sensors. Cars in these pay-range usually don't have them, but I would really appreciate the side ones. It does have a high quality parking camera and it is very helpful.
• Battery capacity is very small. I knew this before purchase but I still hate to have to recharge the car twice a week. It is designed to be plugged in during the night at home, but we can not do that. Also, forget about advertised autonomy, it's a complete fairy tale. During the summer one can go about 160 km until battery drops below 10%, but during the winter, when you have to have heating turned on, we can count on only 90 km of autonomy. It's a small city car, I understand that, and I happily recharge it frequently, but I would really appreciate battery upgrade option.
• I don't like automatic wipers, it works well if it's really raining, but where we live it usually drizzles and I have to nudge it manually all the time.
• I can control regenerative braking in three levels, and it is great when going downhill. I use the maximum level for deceleration generally, since it is very powerful and I like the feeling of regenerating energy, but a lot of times I worry about cars behind me since the maximum level does not turn on the stop lights even though it can bring a car to almost a halt fairly quickly.

Regardless of all the criticism above we are very happy with our little Twingo and use it all the time. Would we purchase it again? Definitely yes! I am sorry I didn't consider this option before.

I would love the option to upgrade the battery, maybe even after the purchase. I hope that will be possible with newest developments in battery tech. But, I strongly advise having a plug at home, even 220 V one works and car can be fully recharged over night using it. In the meantime we will continue using charging stations on the street and driving our car around the town.

In case you followed my previous posts you already know that ARM architecture should be avoided. It's in early development, things barely work. But, if you are like me: that is exactly what brought you here! So we can continue in the next episode of setting up my #PinebookPro.

But first, #opsec. You really want to fully encrypt your laptop storage, swap included. I think Pine64 is making big mistake by not having an option to do that easily. This post is all about that, if there was an option to secure system then I would happily continue using default Manjaro install.

These are the steps to install Armbian with full-disk (or in this case eMMC) encryption based on very helpful Armbian forum post. Installer does not support this, so you have to do it manually, so let's go.

1) Download Armbian for Pinebook Pro and dd it on microSD. Boot from it using Tow-Boot. I chose Desktop version, but do use CLI option if you want something else than Cinnamon desktop environment.

2) Once in Armbian set up cache directory:

export WORKDIR=/mnt

3) Update your system and install dependencies:

apt update && apt upgrade
apt install cryptsetup-bin gdisk

4) Start installer, when asked choose booting from eMMC and ext4 filesystem (or something else, of course), then exit at the end. Ideally, all this work should be part of installer itself, and eventually it will:

armbian-install || true

5) Now, we want to move installed files and replace the disk with encrypted volume. So, we need to take a copy of data:

mkdir -p ${WORKDIR}/emmcdata
mount /dev/mmcblk2p1 ${WORKDIR}/emmcdata
rsync -a --info=progress2 ${WORKDIR}/emmcdata/. ${WORKDIR}/backup
sync
umount /dev/mmcblk2p1
rmdir ${WORKDIR}/emmcdata

6) Create partition layout. We need two partitions: unencrypted /boot and the rest for encrypted data:

sgdisk -og /dev/mmcblk2
sgdisk -n 1:32768:+512M -t 0:8300 /dev/mmcblk2
sgdisk -n 0:0:0 -t 0:8300 /dev/mmcblk2

7) Create partitions. Simple /boot and encrypted rootfs volume. Notice how we use temporary key for encryption. Don't worry, we'll set up passphrase later. Again, I chose ext4, but you don't have to:

mkfs.ext4 -F -L bootfs /dev/mmcblk2p1
dd if=/dev/zero bs=$((512/8)) count=1 of=/dev/shm/keyfile
cryptsetup luksFormat --batch-mode --cipher=aes-xts-plain64 --key-size=512 --hash=sha512 /dev/mmcblk2p2 /dev/shm/keyfile
cryptsetup open /dev/mmcblk2p2 rootfs --key-file=/dev/shm/keyfile
mkfs.ext4 -L rootfs /dev/mapper/rootfs

8) Mount partitions for sync:

mkdir -p ${WORKDIR}/restore
mount /dev/mapper/rootfs ${WORKDIR}/restore
mkdir -p ${WORKDIR}/restore/boot
mount /dev/mmcblk2p1 ${WORKDIR}/restore/boot

9) Restore installer files from backup at step 5:

rsync -a --info=progress2 ${WORKDIR}/backup/. ${WORKDIR}/restore
sync

10) Tell Armbian not to try to be smart and attempt partition resizing at the first boot, or it will mess up your encrypted volume:

touch ${WORKDIR}/restore/root/.no_rootfs_resize

11) Prepare your new environment:

cd ${WORKDIR}/restore
mount -o rbind /dev dev
mount -t proc proc proc
mount -t sysfs sys sys
cat /etc/resolv.conf > etc/resolv.conf
cat /etc/hosts > etc/hosts
cat /etc/apt/sources.list > etc/apt/sources.list
cat /etc/apt/sources.list.d/armbian.list > etc/apt/sources.list.d/armbian.list

12) Make it aware of proper root filesystem volume:

sed -i '/^bootlogo=/s,=.*,=false,;/^rootdev=/s,=.*,=/dev/mapper/rootfs,' boot/armbianEnv.txt

13) Add active modules to initramfs:

lsmod | cut -d ' ' -f1 | tail -n+2 > etc/initramfs-tools/modules

14) Create crypttab:

echo "rootfs UUID=$(lsblk /dev/mmcblk2p2 --nodeps --noheadings -o UUID) none initramfs,luks" > etc/crypttab

15) Create fstab:

echo "/dev/mapper/rootfs / ext4 defaults,noatime,nodiratime,commit=600,errors=remount-ro 0 1" > etc/fstab
echo "UUID=$(lsblk /dev/mmcblk2p1 --noheadings -o UUID) /boot ext4 defaults,noatime,nodiratime,commit=600,errors=remount-ro 0 2" >> etc/fstab
echo "tmpfs /tmp tmpfs defaults,nosuid 0 0" >> etc/fstab

16) Chroot into your new system and do what installer should be doing in the first place (don't forget, you should be in ${WORKDIR}/restore in case you went to explore around in the meantime):

cat << EOF > config
#!/bin/sh -vx
apt update
echo 'force-confdef' > /root/.dpkg.cfg
apt --yes install cryptsetup-initramfs
rm /root/.dpkg.cfg
lsinitramfs /boot/initrd.img* | grep 'usr.*cryptsetup'
exit
EOF
chmod +x config
chroot . ./config
rm config

17) Set up your final passphrase that will make temporary key obsolete. Use something strong here:

cryptsetup luksChangeKey --key-file=/dev/shm/keyfile --cipher=aes-xts-plain64 --hash=sha512 /dev/mmcblk2p2

18) Umount all filesystems:

umount | awk '/restore/{print $3}' | sort -r | xargs umount 

19) And finally, power-off and remove Armbian installer's microSD card, then start your system. Your data is now protected at rest and you can finally start properly using your Pinebook Pro.

---

Posts in #PinebookPro series:

• My Pinebook Pro
• Installing Tow-Boot on Pinebook Pro
• Armbian on Pinebook Pro

This is the second post in my #PinebookPro series. I plan to document all the steps of making it usable.

The first step is installing an operating system. Your Pinebook will arrive with #Manjaro pre-installed on eMMC. It's a fine operating system, but the system is not encrypted and there is no way to do it post-install. Yes, you can do tricks to have encrypted /home directory, but my #opsec requires full disk encryption.

Pinebook does not support booting off an USB drive, and you can't just insert microSD card with operating system and expect it to work. Boot order is hard-coded: SPI chip, then eMMC, and finally microSD.

Side note: I still didn't figure out what does SPI mean, but basically it's a 16MB disk on chip. It's some ARM relic. It arrives empty, and you can flash it with custom bootloader, which is exactly what we will do here.

But first, you need to make sure pre-installed Manaro isn't booting up the first. In order to do that you need to open your Pinebook and disable the eMMC chip. It's easy, there's an on/off switch on the motherboard just next to it :) And opening your laptop is also very simple since it is designed to be opened and modified.

The chip is on the top right corner, between ARM SoC (CPU, GPU, etc) and the battery. Next to it is a little on/off switch, and I had to peel off a small protection cover in order to turn it off. So, it's off, put back the bottom cover and prepare the boot loader on microSD card.

There are other options, but I chose Tow-Boot. Get the latest release for Pinebook Pro, extract it, flash spi.installer.img onto microSD card, and boot your laptop with it. Select Flash firmware to SPI on the mini-menu, reboot, remove microSD card and you are done. Now you can switch your eMMC to on, and firmly assemble your laptop.

That's it. Now, when you boot your computer, you will be able to press Escape key and select the boot device. Even USB is supported! This will be essential to the next blog post: installing Armbian. But, more about that the next time.

PS. I really enjoy the hacking involved in making all this possible. Working directly with devices, sending commands and watching the verbose output during laptop initialization. Nowdays Linux on x86 just works, and I didn't know I was missing the excitement of doing things myself.

---

Posts in #PinebookPro series:

• My Pinebook Pro
• Installing Tow-Boot on Pinebook Pro
• Armbian on Pinebook Pro

Recently I have been searching to replace my laptop after spending many years with #Thinkpad X1. It's still an okay machine, I will not throw it away, but it has an issue where screen would turn off without any way to turn it off except leaving computer off for a while.

I use this laptop for reading and researching, occasionally for light retro programming. And that's it. So I revised features I need:

• It should be #ARM based, as this is the architecture I want to experiment with.
• It must be without active cooling. My phone is without a fan and it can do a lot, so why should I accept noisy fans in my laptop?
• It shouldn't be expensive.

There are not many options out there. There are some Acer Aspire ones. MNT Reform sure looks great, but it's very expensive. Apple Air with their own CPU is also an option, but it is also expensive. And then there's Pinebook Pro from PINE64. Price is around $200, so very affordable, and I am already successfully using their PineBuds Pro headphones. So that's what I chose.

On the order page PINE64 is not joking: they clearly state that this computer is not for casual users and it is built for people who want to work on ARM architecture. And my, aren't they right. But let's see.

First of all, let's quickly go over the main issues with the ARM architecture itself. While being very advanced and powerful, it is completely driven by companies that are not playing with each other, or with open source developers for that matter. X86 architecture, mainly due clones and clone wars, has a reasonable design: there's a bus where devices are discoverable. ARM, on the other hand, are massive chips that integrate a lot of peripherals which talk to each other in proprietary and custom ways. This is best witnessed if you follow up significant but slow work in Asahi Linux; it's mainly reverse engineering with a lot of trial and error type of work. This is a bit simplified view, of course.

At this point, I am writing from the Pinebook. 😊

I want to focus on the good stuff, so let's note what I like so far (I will revise this list as the time goes by, of course):

• Aluminum case feels so good, in compared to Thinkpad's plastic one.
• Keyboard is nice, and it feels high quality. Firmware itself is open source, so that is a big plus.
• I had to open my Pinebook (more about that later) and many parts are replaceable. Most notably the battery. The thing is designed to be opened and it shows.
• Passive cooling! No fan, no noise, and practically no heat as well.

Now, these are the things I didn't like:

• Suspending is not working. I got used to this too much under Linux.
• Keyboard is not backlit.
• Screen can not be tilted back much, my estimation is 100°. That is not enough.
• Software support is basic and in development. So far I tried three distributions: Manjaro, postmarkOS and Armbian. You really need to know what you are doing and have to have a lot of experience in order to install and set up your software.
• There is one known issue with speakers, and this is potential deal-breaker. From time to time it clicks and emits really annoying sound that is somehow related to the level of screen brightness.

All in all, after spending a lot of time to achieve basic things, or at least what has been basic in Linux for more than a decade, I am a bit disappointed. And what I mean by basic is really basic, like installing operating system, achieving working WiFi, encrypted disk, etc.

I will keep and use #PinebookPro, there are a few issues still, but it is usable now. My search for good ARM based laptop is continuing.

---

Posts in #PinebookPro series:

• My Pinebook Pro
• Installing Tow-Boot on Pinebook Pro
• Armbian on Pinebook Pro

An interesting thing happened in #China a few weeks ago:

An influencer who posts videos teaching people how to cook has gotten himself banned for posting a video in November about how to make egg fried rice. The reason this is controversial is because some early memoirs by PLA veterans about the North Korean war describe that Mao Zedong’s son died in Korea when he made himself some egg-fried rice and the smoke from cooking drew in American planes who bombed him to death. And this all took place on the 25th of November. The CCP has since declared that all of this is rumours made up to slander a war hero, and that he was in the base instead of the air bunker where everyone else is in order to protect vital documents. Nonetheless, among Chinese people who are anti-CCP, a lot of them keep a tradition of celebrating “Chinese Thanksgiving”, where they eat egg fried rice on the 25th of November—to give thanks and celebrate the fact that this foolish decision ensured Mao didn’t have a legitimate heir, which they think is the only reason China didn’t turn into a family dynasty like North Korea.

The influencer was banned because this was the third year in a row now that he’s posted a video about egg fried rice some time in the month of November, and the censors think that he’s dogwhistling anti-CCP sentiments. The influencer defends himself by saying that he barely even graduated middle school, he has no idea about this history until now, and that he posts daily videos, and just about every month, he does an episode about egg fried rice. So yeah, he posted about egg fried rice on three Novembers in a row, but he posts about it in June and December and March too.

Emphasis mine.

Last night I uninstalled Counter Strike 2.

After spending more than 800 hours of play time in Counter Strike Global Offensive (the previous version) I have decided to give up, and here is why. Not that I am complaining, I really had good time playing CS:GO, I don't regret it. The game was popular and well balanced and it run well at high quality setting on my gaming laptop.

And then came Counter Strike 2. Valve decided to force push update, and it removed CS:GO from my computer, even though I payed for it.

Core of the issue is that it is completely different game. It's all in pastel colours, a bit cartoonish, with different mechanics in every respect. All the muscle memory of the buy menu is going to be stuck in my brain for no reason, and that's just one example.

Then, the performance. The same gaming laptop that run CS:GO at high details now can't run Counter Strike 2 at lowest. I had to enable shadows, it's core part of the game, and it brings FPS down to 20 at times, and especially during duels. It's really annoying to die during glitch, only to find out after few seconds after the screen unfreezes. And it happened to me around 20% of times.

Finally, as the last drop in the bucket, I figured out that I might spend money for new hardware to continue playing, spend another 800 hours in the game, only for it to be removed from my computer because someone in Valve decided so. And I can't do that anymore. There are so many good games I want to play, and I don't want to wait for CS2 to become stable, life is too short to spend it on stupid ideas of some person in Valve.

Good bye Counter Strike, it was a good run.

Those few RSS subscribers are much more engaged and valuable than the many social media users who don’t read or click links.

From Why your blog still needs RSS by Paolo Amoroso (hat tip to Frank Meeuwsen).

We moved from France and brought our mobile phone numbers with us. Here's a blog post of how we are keeping them alive.

Of course, too much of on-line and off-line life is tied to that number in a SIM card. We just have to keep it active due to various services and people who could contact us.

Since I am automation geek you can already see the direction this post is going to... The first things first, we need a cheap mobile plan. We will not be actively using them for calls or messages but it has to be active and have an option to call from and to abroad. We chose Free.fr provider and their 2€ plan. So, for 2 phone numbers that totals for 4€. We have been living here in Germany for more than a year and they seem not to care we are constantly in a roaming mode. Good so far.

Next issue is actual mobile device. We needed something cheap and reliable. After some on-line research I chose Xiaomi Redmi Note 9, a device that offers free bootloader unlocking, good performance and 2 SIM slots for less than 100€ refurbished. After having created obligatory Xiaomi account and waiting for few days I unlocked its bootloader and installed LineageOS.

Still, good so far.

Finally, the last question remain, how to make this phone on all the time? Home Assistant to the rescue! Cheap Zigbee enabled socket (of which I have a few laying around at any time) made it possible to create automation to turn on charging when battery level drops below 20%, and to stop it once over 80%. Here is how it looks like:

Ideally, I wouldn't even have to deal with all this stuff in physical world just to receive digital information, but I am happy I had another opportunity to play with all of this.

I work fully remote and so does my wife. We share our home office which means at any moment one of us can be on a call. This is how we share that information.

I purchased cheap On-air light and glued it on the top of our printer which is conveniently located between our desks.

Of course, I control it via Home Assistant. It has On/Off switch which I positioned in permanent On and plugged it into Sonoff power socket controlled via Zigbee protocol. And then I created an automation with Aqara switch to toggle the power socket state.

Finally, to make things a bit easier for me, I wrote this short program and mapped it to Start+m (m for meeting) keyboard shortcut.

#!/usr/bin/env python
import os

from requests import post


if __name__ == '__main__':
    url = 'http://HA/api/services/switch/toggle'
    token = os.getenv('HA_TOKEN', '')
    data = {'entity_id': 'switch.on_air_switch_switch'}

    headers = {
        "Authorization": "Bearer {}".format(token),
        "content-type": "application/json",
    }
    response = post(url, headers=headers, json=data)
    print(response.text)

Of course, it's possible to further automate this to turn on time of meetings based on calendar, or when webcam is turned on, etc. As with every rabbit hole, it's up to you to decide how deep you want to go.

Inspired by jlelse.blog here is a list of my default apps and services. I hope it might inspire you to share yours as well.

Here's the list:

• 📨 Mail Client: 💻 Claws Mail / 📱 K9-Mail
• 📮 Mail Server: Zoho and Gmail
• 📝 Notes: Nextcloud Notes
• 🟦 Photo Management: Google Photos
• 📆 Calendar: Google Calender
• 📁 Cloud File Storage: Nextcloud
• 📖 RSS: Inoreader
• 🙍🏻‍♂️ Contacts: Google Contacts
• 🌐 Browser: Firefox
• 💬 Chat: Signal, Viber, WhatsApp
• 🔖 Bookmarks: Shaarli
• 📑 Read It Later: Firefox Pocket
• 📜 Word Processing: Google Docs
• 📈 Spreadsheets: Google Docs
• 📊 Presentations: Google Docs
• 🛒 Shopping Lists: OurGrocieries
• 💰 Personal Finance: YNAB, Google Sheets
• 📰 News: France24, Google News
• 🎵 Music: Deezer
• 🎤 Podcasts: AntennaPod
• 🔐 Password Management: Bitwarden with Vaultwarden
• 🧑‍💻 Code Editor: Sublime Text
• 🔑 VPN: WireGuard
• 👥 Social Media: Mastodon