Category Archives: Entertainment

TalkTalk Super Router v3 (HG635) DDNS with Cloudflare

Hopefully you’ve reached this page through Google, otherwise it’s unlikely you’ll have reason to read the rest of this blog post.

I recently received a new TalkTalk Super Router v3, which is made by Huawei and has the model number HG635. I was interested in getting some kind of Dynamic DNS set up and was pleased to see that it had some settings under Internet->Internet Services.

The options available were DynDns.org, TZO and other. As DynDns had just gone down the paid router after many years of being free I was keen to see if I could do something myself with “Other”. From here were a collection of settings including Protocol set to GNUDip.http. After a while of Googling it looked possible to set up my own GNUDip running on Perl speaking to my own DNS server. Except I couldn’t be bother to install Perl and I no longer managed the DNS server but now used CloudFlare.

I already had some code through the CloudFlare API where I opened a webpage from my home wifi, it took the IP I was coming from and update a CloudFlare record, I just needed to get my router to do that bit for me.

So I read through the GNUDip spec, and worked out each stage and created a PHP script which would provide the seed information, verify a change request and then update CloudFlare for me.

The PHP code is below and can be used to not only update CloudFlare, but any DNS provider if they have an API you can call.

Step 1:

In CloudFlare create a new subdomain to be used for your DDNS record. You want to make sure that it’s Off Cloud.

cloudflare-dns-entry

Step 2:

Find your CloudFlare API key

cloudflare-api-key

Step 3:

Run this PHP code, it’s only needed once to find the record ID of the subdomain you are using:

<html>
<head>
<title>Zones</title>
<style>
table { font-family: sans-serif; }
tr:nth-child(odd) { background: #ddd; }
td, th { padding: 3px; }
tr.header { background: pink; }
</style>
</head>
<body>
<table>
<tr class="header">
<th>Record ID</th>
<th>Name</th>
<th>Content</th>
<th>Type</th>
<th>Cloudflare On</th>
</tr>
<?php
$file = file_get_contents(
'https://www.cloudflare.com/api_json.html' .
'?a=rec_load_all'.
'&tkn=cd9843940935390a03939e9302094b43529ab'.
'&email=[email protected]'.
'&z=artesea.co.uk'
);
$json = json_decode($file,1);
foreach($json['response']['recs']['objs'] as $host) {
?>
<tr>
<td><?=$host['rec_id']?></td>
<td><?=$host['name']?></td>
<td><?=$host['content']?></td>
<td><?=$host['type']?></td>
<td><?=($host['props']['cloud_on'])?'Yes':'No'?></td>
</tr>
<?php
}
?>
</table>
</body>
</html>

zone-list

Step 4:

Now you’ve found the Record ID (in this case 138325147) you can create this PHP file. This is the one your router will speak to, so it needs to be on a webserver outside of your home network. I’ve also called the file cfddns.php

<?php
$timeout = 60; //seconds
$remote_ip = $_SERVER['REMOTE_ADDR'];
$key = 'JKLDlfmmkgkweglrkegj4:fjksd489ikjklJS|Ld'; #random gibberish, I just keyboard smash
$username = 'myddnsuser';
$password = 'reallysafepassword';
$cloudflare_api_key = 'cd9843940935390a03939e9302094b43529ab';
$cloudflare_email = '[email protected]';
$cloudflare_domain = 'artesea.co.uk';
$cloudflare_subdomain = 'ddns';
$cloudflare_record_id = '138325147';
// have we been passed data?
if($_GET['user']) {
$salt = $_GET['salt'];
$time = $_GET['time'];
$sign = $_GET['sign'];
$domn = $_GET['domn'];
$user = $_GET['user'];
$pass = $_GET['pass'];
$reqc = (int)$_GET['reqc'];
$addr = $_GET['addr']; //IP address
log_good("REMOTE IP: " . $remote_ip . " QUERY STRING: " . $_SERVER['QUERY_STRING']);
if($salt && $time && $sign && $domn && $user && $pass) {
//check and update DNS
# validate the signature
if(md5($salt.$time.$key) != $sign) {
log_fail("Invalid signature for " . $user);
}
# check salt timeout
if(time() > $time + $timeout) {
log_fail("Salt value to old for " . $user);
}
#confirm request code
if($reqc < 0 || $reqc > 2) {
log_fail("Invalid client request code for " . $user);
}
# only one user so check
if($user != $username) {
log_fail("Unknown user " . $user);
}
# only one domain so check
if($domn != $cloudflare_subdomain.'.'.$cloudflare_domain) {
log_fail("Unknown domain " . $domn);
}
if($pass != md5(md5($password).'.'.$salt)) {
log_fail("Invalid password for " . $user);
}
if($addr == '0.0.0.0' && $reqc = 0) {
$reqc = 1;
}
if($addr == '' && $reqc = 2) {
$addr = $remote_ip;
}
if($reqc == 1) {
// GO OFFLINE
// No idea what to do with this request so just return back success
html_output(array("retc" => 2), 'Successful offline');
log_good("SUCCESS: Offline request made");
}
else {
//DO STUFF WITH CLOUDFLARE
$file = file_get_contents(
'https://www.cloudflare.com/api_json.html' .
'?a=rec_edit'.
'&type=A'.
'&id='.$cloudflare_record_id.
'&name='.$cloudflare_subdomain.
'&content='.$remote_ip.
'&ttl=1'.
'&service_mode=0'.
'&tkn='.$cloudflare_api_key.
'&email='.$cloudflare_email.
'&z='.$cloudflare_domain
);
$meta['retc'] = 0;
if($reqc == 2) {
$meta['addr'] = $addr;
}
html_output($meta, 'Successful update');
log_good("SUCCESS: IP updated to " . $addr);
}
}
else {
log_fail("Missing information");
}
}
else {
$chars = 'abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$len = strlen($chars) - 1;
$salt = '';
for($i=0; $i<10; $i++) {
$salt .= $chars[mt_rand(0, $len)];
}
$meta['time'] = time();
$meta['salt'] = $salt;
$meta['sign'] = md5($salt.$meta['time'].$key);
html_output($meta, 'Salt generated');
log_good("SALT SET: time=".$meta['time']." salt=".$meta['salt']." sign=".$meta['sign'] . " REMOTE IP: ".$remote_ip);
}
function html_output($meta, $body) {
header("Content-Type: text/html; charset=iso-8859-1");
$body .= "\n<pre>" . print_r($meta,1) . "</pre>";
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd\">
<html>
<head>
<title>GnuDIP Update Server</title>
<?php
foreach($meta as $name => $content) {
?>
<meta name="<?=$name?>" content="<?=$content?>">
<?php
}
?>
</head>
<body>
<h2>GnuDIP Update Server</h2>
<?=$body?>
</body>
</html>
<?php
}
function log_good($text) {
error_log(date("y/m/d H:i:s")." ".$text."\n", 3, "ddns.log");
}
function log_fail($text) {
error_log(date("y/m/d H:i:s")." ERROR: ".$text."\n", 3, "ddns.log");
html_output(array("retc" => 1), $text);
exit();
}

Step 5:

Get the router to speak to the script

superrouter-screenshot

Step 6:

Sit back, hopefully from now onwards your router will update the IP address every time it changes.

Automatically deleting old emails in Gmail

As a follow up to my post Deleting old emails in Gmail 3 years ago, I’ve now found a way to automatically delete old emails from Gmail.
This trick uses the rather unknown Google Scripts, a Javascript engine which runs on Googles servers.

  • Pop to Gmail and test some searches, eg label:webserver older_than:1m this will find all emails labelled webserver and are older than 1 month (full list of search options here.
  • Once you are happy that your search result has found the emails you don’t want, go to script.google.com.
  • Select Create script for GMail
  • Delete all the example code
  • Enter this code
    function deleteOldEmails() {
    var threads = GmailApp.search('label:webserver older_than:1m');
    GmailApp.moveThreadsToTrash(threads);
    }

    ensuring you replace label:webserver older_than:1m with your search phrase
  • Save you project
  • Press run
  • Once the notification at the top has gone, check back in Gmail to confirm your emails have been deleted.
  • To automate, click on the Clock icon, Add a new trigger. Select your function, you want it Time-driven, and for me I’ve selected Month timer, 1, Midnight to 1:00am

The result will be on the first of every month Gmail deletes all emails older than 1 month from my webserver folder.

o2 and the over zealous family filter?

So if you’ve been on social media this weekend you will have seen a number of tweets like this with people astounded that their site is being blocked by o2.


Did they discover this because they couldn’t access the site on their mobile? No because they followed a link someone else tweeted, entered their URL and saw the word BLOCKED.
So what exactly is “Parental Control”, this page on the o2 website explains:

Parental Control is a service we offer to help parents to protect their children while they’re online. It enables us to restrict children’s web access via their mobile to a limited number of sites which are suitable for children.

It’s opt-in, and mainly aimed for children under the age of 12 who for some reason have their own mobile. As such it’s a whitelist of sites known to be ok. Search for lego and you get this:
Lego.com
Parent control isn’t part of the government “think of the children”, nor “urgh nasty pictures on the internet, that grown adults might get pleasure from”, it’s a service that o2 have been offering for years, but have had very little take up.

The setting which stops naughty websites from appearing on your phone is “Default Safety“. If it’s anything like Vodafone’s “Content Control” this is the default every phone number is set to. You need to opt out of this if you want to view sites such as the one below:
o2 Pornography.
Proof of age in a store, or payment taken on a credit card was what we used to have to deal with and again it’s been like that for years. Mobile networks have had a list of pervy customers before David Cameron started his latest crusade.

Of course your site may be child friendly and even educational, but until you tell o2 that you believe it’s suitable, you’re not going to magically appear on a whitelist.

Notes

  • I notice that o2 have added the line (opt in u12 service) to the results page to attempt to clear things up since yesterday.
  • Of course mobile data blocking won’t do much help when most phones have access to WiFi and most public WiFi only restrict adult sites.

NowTV Entertainment Pack

So earlier this week Sky announced that their NowTV service offers the ability to live stream several of their channels, plus get on demand with some back catalogues.
It’s an additional monthly cost on top of the Movies or Sport, but at £4.99 a month with no contract it seemed like a worthwhile trial.

The current channels available are

  • Sky 1
  • Sky Living
  • Sky Atlantic
  • Gold
  • Comedy Central
  • Fox
  • MTV
  • Sky Arts 1
  • Discovery Channel
  • Disney Channel

Continue reading

In praise of Three

Working in mobiles for over 8 years I’ve seen the rise in coverage of 3G networks. I know how they work, unless you are in a major city you are going to have limited coverage. Trying to read Facebook in Toys-r-us in Lincoln? Better make sure your near the window. Going out in to the country? Tough.

So when I got myself a Samba SIM to use with my tablet for a laugh I though I would check the coverage of Three (who Samba use) around me. Samba Coverage I was surprised to see them claim that for almost my whole commute they would provide at least “outdoor” 3G coverage.

So I put it through a test. Continue reading

Last.fm vs Spotify

I’m not too fussy with my music and after a change of job I now have the chance to put the headphones on a listen whilst at my computer. My music collection is reasonable, but I find myself wanting a radio style mix of music, but without the radio presenters.

The two companies I’ve been playing with for the last couple of months are Last.fm and Spotify.

For nothing a month on Last.fm you get webstreaming and visual ads, with the music stopping if you don’t look at the site regularaly enough.
Spotify provide a web app, with Last.fm like radio stations, plus the ability to listen to albums or tracks at will. But at nothing a month you have limited playtime and the rather annoying Kia Cee’d adverts every third song.

In theory both services free offerings should provide me with what I need. Web access radio on Last.fm and the choice to listen to an album at will with Spotify.

However there is a firewall issue with Last.fm at work and the radio streams either fail completly, or if they do play leave 5 minute gaps between tracks.

Because of this I then have to look towards the premium services.
For £3 a month Last.fm provide non-stop, ad-free radio on both PC and mobile.
For £5 a month Spotify provide non-stop, ad-free radio and choose-your-own albums for the PC.
For £10 a month Spotify provide everything on your mobile as well, plus offline storage.

By selecting the £3 Last.fm pro account I can listen to the music on my phone* which gets around the firewall problem without putting a large dent in to my wallet. I also find that the Last.fm radio service is just “better” than Spotify. I’m not sure if this is because my Last.fm account dates back to October 2005 and that they have better data on me, or I’m just used to it.

That said if/when Google release All Access to the UK, maybe I’ll look at it all again.

* when I say listen on my phone my actual setup is slightly more awkward, I have my phone connected to the laptop to draw power, the phone bluetooth audio paired with the laptop, and my headphones connected to the laptop. This allows me to continue to listen to audio elsewhere (Spotify/YouTube) without having to broadcast it to the whole office, or having to unplug the headphones each time.

WTF? Instagram are selling my photos?

So the news all over twitter, the tech blogs, even the BBC is the change to the Instagram terms of use.
Mainly this bit:

Rights
1. Instagram does not claim ownership of any Content that you post on or through the Service. Instead, you hereby grant to Instagram a non-exclusive, fully paid and royalty-free, transferable, sub-licensable, worldwide license to use the Content that you post on or through the Service, except that you can control who can view certain of your Content and activities on the Service as described in the Service’s Privacy Policy, available here: http://instagram.com/legal/privacy/.
2. Some or all of the Service may be supported by advertising revenue. To help us deliver interesting paid or sponsored content or promotions, you agree that a business or other entity may pay us to display your username, likeness, photos (along with any associated metadata), and/or actions you take, in connection with paid or sponsored content or promotions, without any compensation to you. If you are under the age of eighteen (18), or under any other applicable age of majority, you represent that at least one of your parents or legal guardians has also agreed to this provision (and the use of your name, likeness, username, and/or photos (along with any associated metadata)) on your behalf.

Now I’m no insider, but what I read of this is:
Now we are part of Facebook, we are going to try to do those crap Facebook ads. You know the ones you all moaned about months ago, in which an advertiser who you liked can use your picture to tell your friends that you like their product.
So to allow the local coffee shop which you tagged the photo of your latte, to try to get your friends to also take photos of their lattes, Instagram need to change a couple of the terms.
Instagram / Starbucks Ad
Now in theory this also allows them to sell my photos for a huge billboard ad at every train station, but then the highest res photo stored on Instagram is 600×600 pixels. Not the greatest for print media.

The biggest PR problem for Instagram is the failure to explain.
People will leave, but like those who wandered off to app.net, without your friends all following, what’s the point of being part of something if it’s only you?

Raspberry Pi

Raspberry PiSo on Wednesday morning I was up at 6am, along with a large number of others trying to get their hands on one of the 10,000 Raspberry Pi which were currently finishing Quality Assurance in China.
Unlike what had been answered several times, they weren’t to be sold directly and we now being offered by third party companies RS and Farnells.
Straight away browser tabs were open to both sites.
Searching for “Raspberry” on RS loaded a “Register your interest” page, with no sign to buy I filled in my details and hit enter. However I ended up on the same page I was just at. So I tried again, hit enter and nothing, server errors, so through out the morning I was hitting refresh. Finally it submitted, but again taking me back to where I began.
Then on Twitter Liz running the @Raspberry_Pi account said:


Maybe if I had an RS account I might find this magic purchasing page, so I tried to sign up. Again server errors all over the place, but eventually I managed it. Then typing “Raspberry” in to the search box, just took me back to the Register page. So one final time I entered my details and this time was taken to a Thank You page. This was two hours later and clearly put me back to the end of the queue.
Whilst all this was going on, my luck with Farnells was even worse, pages just wouldn’t load at all, until they finally stuck up a “Maintenance” page. Then after 8am, it looked better, I could add a Raspberry Pi to a shopping basket, then the pages timed out as I tried to complete the order process. Finally at 8.24 I managed to complete the order.
I joked at the time that:


but a short while later I got an email with a delivery date of 26th March. Wow, that was fast, but the speed of the email still left me thinking May. Later in the day a second email arrived, this with a new delivery date of 26th April, a month later. As it’s not far off my expected date I wasn’t too upset.

So the morning was long, but I got an order placed, my Pi will arrive one day and I’m happy.

Some people however appear to be far from happy.
They were disappointed that RS and Farnells websites couldn’t cope with the pressure (these are companies who sell electrical components, I doubt they have ever had a rush to their sites, and have any of these people tried to buy tickets to gigs before?).
That shipping wasn’t available to their country (on the wrong country website).
That the price wasn’t $35 (mine cost £31.86, around $40 + vat + postage, giving Farnells some profit, shock!)
That they only heard it was on sale due to the news/twitter/facebook/friend, yet they were subscribed to the Announcement list (my email arrived the night before, but I had @raspberry_pi open in a tab on my phone for the last week and knew within an hour that 29th Feb 6am was the time, not only that but the blog and other sites had covered the annoucment. Relying on one email, which could end up in a spam folder is the worst way to be ahead of the game for a limited sales run).
That @Raspberry_Pi wouldn’t answer their questions directly on twitter (they were getting around 100 @replies every minute).

However I would say that comms were poor, it appears that Farnells and RS hadn’t made their plans clear to the Raspberry Pi team, and no one from either company appeared to be around at 6am to clear things up.

What could have been done differently? I’m not sure, whenever there is limited supply and hyped demand it’s going to result in a lot of unhappy people. Maybe a lottery, one day to register your interest, then the next day email people, one a minute for a week, with a unique code to purchase one Raspberry Pi.
This way the demand on the order day can be spread stopping people rushing at 6am DDOSing sites (although I’m sure they would still try), the emails would be manageable, avoiding most spam rules, and people clicking through to purchase wouldn’t reach a broken website.
However you still end up with a large number of unhappy people who didn’t get one.
But unlike tickets for the come back gig of Steps, more Raspberry Pi’s will be made, and the reason for using Farnells and RS is that they can now start making them to order, meaning there is no “second batch”, just lots more rolling of the production line.

Cheap Video Playing Android Device?

At some point I want to get my soon to be 2, daughter her own touch screen device. She often “borrows” my Samsung Galaxy SII or Heathers iPhone 4, and they are rather valuable.
It doesn’t need to be great spec, but should:

  • Play most video formats (MP4, DIVX) without a struggle, nor need for me to convert them first.
  • Play the BBC iPlayer
  • Play Youtube
  • Play MP3s (if it’s doing the above, it really should be doing this)
  • Have games like Angry Birds available
  • Not be massive (ie, not a tablet)
  • Cheap
  • and most importantly it must not be able to make phone calls

So far this leaves either an iPod Touch or one of the Samsung Galaxy S Wifi 5 / 3.6 models, all under £200 but not as close to the £100 mark I would prefer.

Now I’d rather have an Android device, but willing to accept that at the moment the iPod might just have the advantage, however I was wondering if I’ve missed anything else on the market, or you know of a cheap phone in which you can completely disable the phone part (even if it requires rooting and hacking) as I don’t want her calling anyone including 999 (which by law should be possible on any phone, even when flight mode is enabled and has no SIM card)?

Let me know in the comments if you’ve got any ideas.