Home-made deodorant
Tired of looking for my homemade deodorant recipe every few months, trying to remember which one I used, and how to modify it with the ingredients I have available.
This is from www.treehugger.com/homemade-…
- 1/4 cup shea butter
- 2 tablespoons coconut oil
- 3 tablespoons beeswax pellets
- 3 tablespoons baking soda
- 2 tablespoons arrowroot flour starch
- 20 drops lavender essential oil
- 10 drops tea tree essential oil
My measurements were all approximate. This was enough to fill two reusable containers, with a tiny bit left over to top up a commercial stick of natural deodorant in a paper tube.
Method
Melt everything except the oils in a double-boiler. The beeswax takes a while to melt.
While it is melting, prepare the containers
- wind the screw to the bottom
- remove the bottom plug
- put on the lid
- soften the remaining deodorant upside-down in the microwave (~30 s) so it drips into the lid
When the batch is melted, add the oils. Pour into the prepared containers. Put them in the fridge, or just leave them overnight to set.
Modifications
- choose whatever scents you prefer
- use different proportions
- leave out the beeswax
- substitute the arrowroot flour with cornflour
- add kaolin clay. I tried NZ glacial clay, but it makes the deodorant brownish coloured, and leaves the deodorant with a faint river-bed-dust smell after the oils have evaporated.
Device driver taxonomy
-
A controller is a piece of hardware that does something: a GPIO, a UART, an I2C controller, etc.
-
A naïve device (NDev) is one that just does what it has to when someone tells it to.
-
A shareable device (SDev) is a wrapper around a naïve device to allow it to be shared between different uses, but only for one purpose at a time.
Some use-cases for shareable devices
* A UART can be connected to two different external devices, with hardware to switch between the two. One of two different software modules will control the UART, depending on which external device it is connected to at the time
-
A bus device (BDev) is a driver that
-
- An external I2C device needs to be powered down; the I2C pins need to be controlled in a way that does not conform to the I2C specification. The I2C controller module will talk to the UART, but only one at a time, depending on which
-
-
users at different times.
There are two type of shareable device
-
Exclusive access shareable, where only one device can use it at at time. If another device is using it, any other device is refused access. Most hardware device can only be used by one thing at a time.
To use an exclusive access shareable device
-
for each naïve device that must be shareable, the system creates a shareable device and links it to the naïve device
-
each user registers with the shareable device it needs; this gives the user a virtual device
-
to use a virtual device, the user
- claims() the device; if the device is already in use, the claim is denied.
- accesses the device, using any of the the methods and attributes of the underlying naïve device. If the user has not successfully claimed the device, the access is denied.
- release() the device, to allow another use to use it. It it not an error to release a device that you have not claimed.
-
-
Bus shareable device, where any number of users can request access to the device. When no-one is using it, the device is ‘off’. Any number of users can request access and use it simulataneously. When the last user has finished, it turns ‘off’ again.
This type of device is often used for power-buses or network interfaces.
To use a bus shareable device
-
the system creates a bus shareable device
-
each user registers with the shareable device; this gives them each a virtual device
-
to use a bus shareable virtual device, the user
-
request() the bus shareable device; this will return the device status, which is one of
- ‘wait’ (if the device needs to turn on) or
- ‘on’ (if the device is already on and can be used immediately.)
-
if the bus shared device is off, it starts the turn-on process:
- notifies all registrants that it is ‘turning on’
- do whatever it needs
- when the device is finally on, it notifies registrants that it is ‘on’.
-
if the request() was to wait, the user can either
- request() again
- wait for the ‘on’ notification
- read the status
-
use the bus shareable device. If it is not ‘on’,
- do nothing
- block until on
- access denied
-
when the user has finished, it release() the device
-
when the last user has release() the bus shareable device, it starts the power-off process
- notify all registrants that it is ‘turning off’
- does whatever it needs
- when the device is off, it notifies registrants that it is ‘off’
-
every user should be prepared for the bus device to turn off unexpectedly; note that, the system will always do the power-off process
-
a user can use a device without request() it. However, if the device it not already on, or turns off, it will either do nothing, or block or deny access; the user must be prepared for this.
-
-
On-line weather data
I have one of those cheap (-ish) outside-the-house weather-stations that reports the weather data (windspeed, rainfall, etc) over a wireless link to an inside-the-house display unit. My inside-unit is a display only; there is no way to get the data into a PC or an online weather service.
For a long time, I have wanted to build a device that decodes the wireless data and can then forward that data to an online service.
A bit of reading showed that my system is a local re-brand of a common Chinese brand. The outside-unit transmit data over a 433 MHz link and it not encrypted or secured in any way.
One night, I realised that I am unlikely to be the first person in the world to have this idea. A bit more searching showed that there are a number of open-source software-defined radio projects, and, in fact, one, rtl_433 that can decode data from almost all 433 MHz transmitters: garage door openers, alarm systems, and … weather stations. I happened to have a suitable SDR dongle lying around from a previous project.
Welcome to rtl-weather.
Still, there is a long way between decoding the weather-station data and getting it to appear on a graph on a website.
It turns out that a single Linux pipeline can do it. It took a few hours with a bash-terminal to get each part to talk to the next, but we now have weather data
The pipeline consists of
rtl_433
, to sniff the 433 MHz band and decode any data it hears, reporting it in JSON formatjq
, to modify the JSON data into a format suitable for the online servicemosquitto_pub
, to connect to a remote MQTT broker that accepts the re-formatted JSON data
I already had access to a Thingsboard IoT system. It would not be very hard to modify the script to also report the data to a service that uses an HTTP API, such as MetOffice Weather Observation Website or OpenWeatherMap.
It turns out that I had to add two other things to get it to operate properly:
mosquitto_pub
does not recover if the remote MQTT broker disappears then re-appears. I had to add a ‘watchdog’ process that looks for output frommosquitto_pub
that it has actually sent data to the broker. If is does not see this message after a while, it kill the pipeline.- a system service (systemd, etc) to ensure that the weather-reporting service starts when the computer starts, and restarts it if it fails.
I also found that calculating average wind-direction is not the trivial averaging operation – if you naively average east-of-north with west-of-north, you get south. Most IoT service offer only this trivial averaging operation.
To calculate the average correctly, you need to decompose the direction into N- and E-vector components, average these components, then calculate the average direction from the averaged components.
One more stage in the pipeline solves this problem, at the expense of additional storage on the server (2 direction components rather than 1 direction angle) and complexity on the server (calculating the direction from the components when display a graph, table, etc).
On-hold to sort out an airline booking. They are playing terrible music, very loud. With the volume turned down to save my ears, it is hard to hear the voice that interrupts periodically to tell me that my call is important to them. Even turned down, the music is distorted – it must be distorting in their system, not my headphones.
I assume this is a passive-aggressive, plausibly deniable-attempt to make me give up.
Monthly computer system checklist
Well, that was a major update session.
It is easy to install something to test it. But after a few months, when the excitement has worn off, but the new ‘thing’ is part of your life, it becomes an effort to maintain it. It happens with everything: car, house, exciting new online service.
The way to keep up it to acknowledge that it is a chore, like vacuuming the carpets, and make a checklist to do every month.
Monthly checklist
- Update laptop system software (4 laptops)
- Update server system software (8 servers)
- Verify backups are still being made, and can be restored
- Update manually installed applications and services
- Thingsboard
- Matrix (synapse), and various bridges
- mautrix-whatsapp
- mautrix-facebook
- Verify that service providers are up-to-date for the next month
- Electricity and gas
- Phone and internet
- DNS service
- Email service
- Virtual-server provider
- Office-app provider
- Blog provider
- Wiki provider
- File and photo storage
Updating matrix-whatsapp bridge
The matrix-whatsapp bridge stopped transferring videos and images a few months ago, and stopped working completely a few weeks ago. It seems that Meta has changed things…
Assumptions
- Bridge
mautrix-whatsapp
is installed in it own directory as usersynapse
- System services are controlled using systemd
Preparation
Download the new version of mautrix-whatsapp from [https://github.com/mautrix/whatsapp/releases], using whatever method you can. The bridge is a single executable; I prefer to append the version number to the binary and use a symlink to select between different versions
cd <bridge_dir>
sudo -u synapse mv mautrix-whatsapp-amd64 mautrix-whatsapp-v0.8.6
sudo -u synapse chmod +x mautrix-whatsapp-v0.8.6
Steps
In one shell, start watching the log-output to check for problems during shutdown and restart
cd <bridge_dir>
sudo tail -n 1000 -F logs/bridge.log
In a different shell, watch the service status
watch -n1 systemctl status mautrix-whatsapp
In a third shell, do the open-heart surgery
cd <bridge_dir>
sudo systemctl stop mautrix-whatsapp
sudo -u synapse ln -fs mautrix-whatsapp-amd64-v0.8.6 mautrix-whatsapp
sudo systemctl stop mautrix-whatsapp
###Notes
- The log-files are not world-readable.
- The name of the log-file has changed. It might be different in the future.
Updating matrix server
The matrix server has been running for many months now. It is time to update. The process was seamless.
###Assumptions
- python package
matrix-synapse
is installed using pip, in a virtual environment owned by usersynapse
. See [link-tbd] for details of the installation. - services are controlled using systemd
###Steps
In one shell, start watching the log-output to check for problems during shutdown and restart
cd <synapse_dir>
tail -F homeserver.log
In a different shell, watch the service status
watch -n1 systemctl status matrix-synapse
In a third shell, do the open-heart surgery
sudo systemctl stop matrix-synapse
cd <synapse_dir>
sudo -u synapse .venv/bin/pip freeze | sudo -u synapse tee pip-requirements-2022-06-17-1.txt
sudo -u synapse .venv/bin/pip install -U --upgrade-strategy eager matrix-synapse
sudo -u synapse .venv/bin/pip freeze | sudo -u synapse tee pip-requirements-2022-06-17-2.txt
sudo systemctl start matrix-synapse
###Notes
- Keep a record of the pip-installed packages both before and after installation, to see what has changed.
Linux installed apps
Is it my imagination, or are ‘free’ phone apps and web apps much, much better than Open Source Linux installed apps?
- A spreadsheet is my favourite tool. Although I don’t like to support Google, I would rather use Google Sheets than Libre Office Calc, if only for the simple reason that I can refer to a column range from a specific top-most cell to the bottom of the column, whatever its row number is.
- A stick-and-box drawing tool is my second favourite tool. Visio was my favourite of these, but only on Windows, and I don’t have access to Visio any more. There is no native Linux app that is even close to the standard of Visio. Web-base draw.io is quite usable, and there is an installable Elektron version, so that it close.
- Words are an essential part of what I do; Libre Office Writer is ok, but is too complex, and tries to be bug-compatible with Microsoft Word. Once again, Google Docs does what I need, and can include diagrams from draw.io.
- Actually, I found NewDeal Office to be even better for its time, back in the 2000s or so. The word-processor and spreadsheet were completely interoperable: a table in a word-processor document was a genuine spreadsheet, and each cell in a spreadsheet had all of the formatting capabilities of a word-processor.
- I really don’t want to go back to LaTeX…
- Those tools are acceptable with tables and pictures, but don’t handle line-drawings, snippets of music scores and other picture-like objects properly – you can import an image, but they don’t adjust properly for differing views (on-screen vs. printed, etc).
- If I use a lIghtweight markup processor (Markdown, reStructuredText, AsciiDoc, NaturalDocs, etc, etc), it must handle those pcitueverything I want to put generally don’t a
- For photos, my phone has an adequate touch-up tool, for cropping, straightening the horizon, and adjusting exposure levels. Actually, there are some acceptable tools on Linux: shotwell and digiKam. I don’t often need to use the full GIMP experience, but sometimes want to remove unfortunate power-lines or expand the background to achieve a particular aspect ratio – Liquid Rescale to the rescue, probably available on my phone too by now.
- But there is no easy way to mark up a photo, screenshot or map: to circle a feature in red, to point something out with an arrow or map-pin, to draw a line or add text.
- For audio editing, I use either Audacity (for trimming rubbish off the start and end) or Ardour (for cuts and fades, filters, etc. Audacity is generally ok, but I don’t like that it overwrites the original. Ardour is a bit finicky to set up for casual use, but once going, and you are used to it, works well.
- I use one of three Linux programs for processing videos – shotcut, flowblade and pitivi. They are actually not too bad for the things I need to do: taking full-length videos of a performance from multiplle camera and assembling them with cuts and cross-fades into a sensible video, synced with audio from a separate audio recording. They all work, and at least they don’t crash the way they used to. None of them are any good for making up an export-workflow to export to a number of different formats; they all assume that you will export your video once and upload it to YouTube; not what I do.
- For music score editing, MuseScore is wonderful. There is nothing to compare with on the phone. I have not used the big-name score editors much (Sibelius and Finale), but Musescore seems up there with them.
I started out thinking that Open Source Linux apps are much worse than phone apps and web apps, and wanted to rant about them. It turns out that it is only the office tools that suck. The photo, audio and video editing tools are fine; the music score editing is first class.
I will have to re-write this post as an impartial assessment of these tools.
Photo tagging
Many years ago, I stopped tagging my photos with short (one-word) tags. Either the tools only allowed a limited number of tags, or they stored the tags in a separate database rather than in the photo file itself, or one of a number of other problems that I forget now.
This was the peak-tagging time: delic.io.us was the thing. Organisations were trying to standardise tag formats, and how to tag various types of data. Think IPTC, Dublin Core, XMP, Meta Content Framework, Resource Description Framework, etc.
Google was still a friendly startup that had revolutionised searching. I think everyone realised that tagging was limited, and full-text search was the real thing. Operating systems started scanning filesystems looking for tags, and indexing text, including descriptive text metadata within photos. Application were adding support for these search databases.
My idea was rather than adding a plethora of one-word tags, I would write a short text description in the format
- <who> is <where> doing <what> on <occasion>
To save time, I would usually add the same description to a groups of photos: a whole week of holiday pictures, all of the birthday-party snaps, etc.
Later, I might go back and rate the nicest photos 3, 4 or 5 stars, and add more detail to the description.
My assumption was that eventually the photo management tools would catch up and let me search; that assumption is now true, and my
However, I did not anticipate the growing and changing standards, and the way different tools implemented them.
There are mutliple ways of storing metadata within a photo file: Exif tag, XMP block, <something else that escapes me now>. Each of these has metadata items intended to describe the photo based on the ideas of ‘Title’, ‘Description’ and ‘Comment’, but with different names and slightly different meaning. Different tools can read some subset of these; they can write a smaller subset of those they can read. They use the descriptive text instead of file name.
I think the idea of ‘Title’, ‘Description’ and ‘Comment’ is valid
- ‘Title’ is an arbitrary name for the picture
- ‘Caption’
- ‘Subject’
- ‘Description’ is a text description of the content of the picture
- ‘Comment’
I now need a tool that can
- read tags from any of the metadata descriptive fields
- synchronise the content of equivalent tags from different standards, by offering to merge them, or selecting one and overwriting the others
- write the new content to my chosen subset of fields
Dance acro photos
Base Acro recently contracted a professional photographer to record what we have been up to. These are some of our favourites.
It is very different posing for photos compared with training, or dancing socially, or dancing competitively, or including aerials and lifts into your competitive dance. We could see how we looked, adjust things and try again. But it is hard to be satisfied once you start criticising yourself, and you get tired trying to hold a pose that normally would only last a few seconds.
Uses for ansible
Ansible seems like a useful tool to manage remote servers. Some things it might be useful for
-
regular OS updates
sudo apt update sudo apt upgrade sudo apt autoremove sudo reboot now
But there are a few problems to solve
- Some packages are ‘held back’; install them anyway.
- Something pops up a warning about ‘Recommending reboot’; ignore, because we do reboot
- Something pops up a warning about ‘Restaring services’; ignore, because we do a reboot.
- Sometimes, a configuration file has changed (by hand or by a script), and needs merging with a new version from the upgrade. There is no automatic way to handle this. In future, use the common ‘conf.d’ structure to override defaults, rather than editing the main configuration file.
-
ssh host- and user-certificate management, including
-
installing CA host-key signing certificates and CA user-key signing certificates
-
installing configuration snippets to use the certificates
-
regular certificate updates to ensure that they remain valid
It is fairly easy to write ansible playbooks to do this. On the other hand, it is also relatively easy to write ansible playbooks that retrieve all authorized_key files from each host and scan them for keys they should be remove.
-
Ubuntu 22.04: Use .deb version of firefox
-
Remove firefox snap
sudo snap remove --purge firefox
-
Add PPA from mozilla team
sudo add-apt-repository ppa:mozillateam/ppa
-
Ensure that the PPA is higher priority than the snap. Create the file
/etc/apt/preferences.d/99mozillateampp
with the following contentPackage: firefox* Pin: release o=LP-PPA-mozillateam Pin-Priority: 1001 Package: firefox* Pin: release o=Ubuntu Pin-Priority: -1 The first stanza marks the mozillateam PPA release as a very high priority; the second stanza marks the Ubuntu release as a very low priority.
-
Install the .deb version of firefox using apt
sudo apt update sudo apt install firefox Note: apt will warn that you are downgrading firefox. Ignore this, and go ahead with the installation. The warning happens because Ubuntu snap has a version number that includes an 'epoch' field, so that the snap version number is always greater than the .deb version number. This warning only happens when you first install the .deb version.
OpenSSH certficate renewal
Using ssh keys to login to remote servers provides a huge improvement in security over password login [1]. However, it creates a new problem – managing those keys. This becomes a real problem when a developer has installed a public key on a number of remote hosts, then leaves company. There is no easy way to find out which servers have that public key in any ‘authorized_keys’ file, so that it can be removed to revoke access.
OpenSSH certificates provide a partial solution to that problem.
A certificate consist of the public part of the key-pair signed by a certificate authority. The certificate is made available next to the ssh private key; the ssh client presents the certificate to the remote host instead of the public key; the remote host verifies the certificate against the certificate authority public key, then provides access.
The certificate can be restricted in certain ways: it can prevent logging in (used for tunneling only); can force the connection to run a fixed command; can restrict the validity of the certificate to a range of dates; and so on.
This ability to automatically expire the certificate means that a developer who leaves the company automatically has access revoked after a certain period. However, it does mean that the certificates have to be renewed periodically.
The problem has changed from one of revoking access in an exceptional case (someone leaves the company) to one of ensuring continued access over a period of time (every 6 months or year when the certificates expire).
It is possible to set up a remote-management task (using something like Ansible) to update certificates automatically. However, it would be just as easy to set up a remote-management task to remove no-longer-authorized keys from any authorized_keys files when it becomes necessary.
Cargo bike: frame preparation
Donor frame hacked up and mounted on a building jig to keep everything lined up. Main spine cut to fit the frame, and partly welded together, but not yet joined to the frame. The handle bars and front fork are just balanced there, not properly installed.