Sun, 28 Jul 2013

Virtual maildirs in mutt
I've been using mutt as my primary mail client for years, and it's lovely and fast. One of my persistent bugbears, though, is the lack of ability to dynamically filter and search mail, which most modern mail clients are pretty good at.

If you have an external search tool - like find or notmuch - you can easily produce a Maildir full of symlinks to real messages. But if you change message flags, or try and move or delete messages, the original message is unaffected; only the symlink changes.

Here's a simple script that, given a Maildir of symlinks (all in cur/, please), runs a program for you; after the program has run, it checks for any changes to the mails, corresponding to flag changes or deletion, and them applies them to the original messages.

I use this to view all the emails I have flagged, for example:


MAILDIR="$HOME/mail/"            # path to all your mail
FLAGGED="${MAILDIR}/flagged"     # path to your flagged maildir

set -e

mkdir -p $FLAGGED/{cur,new,tmp} || true
rm -f ${FLAGGED}/cur/* || true

find ${MAILDIR} -regextype posix-extended -regex '.*,[^,]*F[^,]*$' -print0 \
    | xargs -0 ln -s -t ${FLAGGED}/cur

echo -n "flagged messages: "
ls ${FLAGGED}/cur | wc -l

vmutt ${FLAGGED} "mutt -f ${FLAGGED}"
Now when I change a mail in this view and then quit Mutt, the original mail is affected correctly.

posted at: 11:25 | path: | permanent link to this entry

Wed, 03 Jul 2013

Japanese data SIM adventures
I've just arrived in Osaka, and so has my b-mobile Visitor SIM, which promises a prepaid data connection. Unfortunately, my phone doesn't even attempt a data connection, because the SIM won't let the phone register on the network at large - and it just gives up.

I was pretty grumpy at having a non-returnable $30 SIM I can't use. So I booted my phone into baseband mode (where the baseband IC presents itself directly on the phone's USB port, allowing me to send it AT commands). Checking the network registration with AT+CREG yields 3 - registration denied. But the GPRS registration, AT+CGREG, is valid! Evidently not a situation the phone's designers considered. But how do we use it?

The answer is to use the +CGDATA command, which opens a connection we can use for PPP. Now you just need to set up PPP... update: there is a super neat solution by Josua Dietze, check the bottom of this post for the link!

Setting up PPP on Android

To make this work, you need a rooted phone with direct access to your baseband's AT-style port. On my Droid 4 this is /dev/ttyUSB4. If you don't know what this means, stop reading here.

I had to build chat and ended up building my own pppd because the Android one logs to the Android logs (duh), so here they are as binaries for you: chat, and pppd. I put them in /system/xbin.

You then need to write the following files: /etc/ppp/options.mobile, changing ttyUSB4 for your tty:

holdoff 10
maxfail 0
You will probably want to remove nodetach and/or debug once you have it working, depending on how you run it.

/etc/ppp/peers/mobile, changing (or removing) the user/password lines:

file /etc/ppp/options.mobile
user "bmobile@fr"
password "bmobile"
connect "/system/xbin/chat -v -t15 -f /etc/ppp/chat.mobile"

Now for /etc/ppp/chat.mobile, where you must replace bmobile.ne.jp with your APN:

'AT+CGDCONT=1,"IP","bmobile.ne.jp"' OK

Finally, /etc/ppp/ip-up, which you must then chmod 755:


ip route add default via $4
setprop net.dns1 $DNS1
setprop net.dns2 $DNS2
You should now be able to run the whole shebang with:
/system/xbin/pppd call mobile
If it runs all the way to printing you some IP addresses and running the ip-up script, you are a winner. Note that it may not replace the default route if you already have one (if you're on wifi, for example).

Of course, apps which use the Android network manager to decide if they're connected will still refuse to work - Google Maps won't let you search, for example. Any suggestions for tricking the manager?

The right and obvious answer

The amazing Josua Dietze has already done all this, wrapped it into an app, and sorted out all the network manager issues. Amazing! Get it from the Play Store.

posted at: 11:30 | path: | permanent link to this entry

Mon, 25 Mar 2013

2013 appears
I've been working on lots of interesting stuff lately, but haven't been working on maintaining my site. I'll be replacing it with a slightly less Web 0.1 vibe in the near future.

I've taken over maintainership of Shairport again. Albert Zeyer has maintained it since my initial release in 2011, and I'm very grateful for his work. I'm aiming to slim down the codebase and release a stable, Perl-free 1.0 in the coming months.

Linux on GK802
I've recently wound up with a Zealz GK802 "HDMI dongle", which is a quad-core Freescale ARM SoC jammed into a little stick with USB port on one end and an HDMI output on the other. This is pretty small (and affordable), as powerful Linux PCs go, so I've been heavily involved in the efforts to port Linux to the thing.

So far I've managed to port u-boot, and together with the squad in #imx6-dongle on Freenode IRC, the kernel is looking very healthy too. For more information, check out the project's github page. Support for getting started can be found on IRC.

posted at: 22:34 | path: | permanent link to this entry

Tue, 04 Sep 2012

Drag'n'Derp gets its own site
Tags: cart hardware photos As release nears, the site emerges! Get your latest news from derpcart.com. An RSS feed is provided for your lazywatching pleasure.

posted at: 08:58 | path: /gameboy | permanent link to this entry

Sun, 08 Jul 2012

xfv-4-intel: an Intel .BIO extractor
I recently turned an Intel motherboard into a paperweight by nuking the BIOS ROM, and was disappointed to find that Intel's modern EFI-based BIOSes only support updates from an EFI capsule (the infamous .BIO file). Now, without a clean ROM image to program, the original BIOS is never coming back; but with a little reversing it might be possible to get Coreboot up and running and restore my board to useful status...

Anyway, I found Christoph Pfisterer's xfv tool, which unpacks EFI firmware volumes and capsules. It was missing a couple of features I needed, like decompression of Intel's "custom" compression mode (actually LZMA), so here is a version suitable for dumping Intel BIOS files:


This makes it trivial to recover irreplaceable pieces like the VGA BIOS, as well as useful information like the static ACPI tables.

posted at: 23:18 | path: /reversing | permanent link to this entry

Sun, 01 Apr 2012

Drag'n'Derp: coming soon to an internet near you!
With the first hand-built carts in the wild for some time now, large-scale release is approaching. There's still a couple of manufacturing issues to sort out, but I'm hoping to offer the first batch of 100 carts in mid-May. Stay tuned for details!

posted at: 06:22 | path: /gameboy | permanent link to this entry

Tue, 08 Nov 2011

Resetting middle-aged Volvo service lights
I recently had to fix my 1996 850's mechanical odometer, and have spent some time reverse engineering some bits and pieces to try and read the mileage out of the instrument cluster electronics. While I haven't managed to figure that out yet, I have picked up a bunch of other codes; and one thing that seems to be quite difficult for this era of Volvo is resetting the service light.

Here's how to do it with an ELM327 or compatible OBD-II interface. You will need a terminal emulator such as minicom (Mac/Linux) or HyperTerminal (Windows). Hit enter after each command. Connect to the port, turn your ignition to II, and make sure linefeeds are on:

> AT L1
Now set up your address as 0x13:
> AT RA 13
And since you are talking to the instrument cluster (0x51), set the message header and target address:
> AT SH 83 51 15
> AT IIA 51
You can now wake up the cluster controller:
You should see
If so, issue the reset command:
> B0 30
If you're not sure it's communicating properly, you can try a gauge test - all the needles are moved to full scale and back:
> B0 31
You can reissue
to restart communication at any time. Make sure you issue the reset within a couple of seconds of ATSI finishing, as the controller seems to go back to sleep pretty quickly. I'd be interested to hear from anyone who knows how to extract the odometer data from one of these - I've had no luck with commands A5, A7 or B9 (read data by offset/address, or read data block).

posted at: 02:24 | path: /reversing/volvo | permanent link to this entry

Mon, 26 Sep 2011

Motorola Atrix: Ubuntu Webtop Construction Kit
Tags: embedded linux android Motorola's Atrix phone has a dual-core Tegra 2 CPU and an HDMI output port, designed for some pretty expensive media and netbook dock accessories. The "lapdock" provides a locked-down browsing environment, based on an old-ish version of Ubuntu, full of crufty binaries. Now that the device is easily unlocked, and alternative Android firmwares are available - such as the excellent CyanogenMOD, in beta form - it's a good time to explore alternative things to run out that HDMI port.

I have built a chroot filesystem based on NVIDIA's last Linux for Tegra release. Unfortunately, LfT has two serious incompatibilities with Android: Xorg hangs, and most binaries (including ls and mount) segfault on startup. The former problem is fairly simple to solve - Xorg hangs after submitting a command buffer to the rendering manager, so it looks like the channel mutex system is incompatible between the Android and Xorg libraries. Cribbing the relevant libraries from the original Webtop filesystem fixes that. Crashing binaries is more puzzling. It turns out that recent Android kernels for Tegra (including that used in the CM7 beta) include a hardware bug workaround that needs corresponding workaround in userspace/libc, or else it crashes. This is worked around by downgrading libc to version 2.12.1, which is not affected. The issue is described in more detail here.

This tarball includes a complete root filesystem. It has no dependency on the original webtop files; you can install it to /osh, or to an SD card partition. It's pretty small (under 200MB), and you'll need to set up your own X environment. A 'go' script is included to mount the needful and chroot from an Android root shell. An advantage of the updated Tegra driver is that you no longer need a crufty binary to change res - use xrandr instead. You will need to issue

xrandr --display DSI-1 --off
to turn off the overlay on the phone screen when X starts up, though. This is not intended for end users. It is intended to help developers interested in building their own webtop replacements. It does not include the "android-in-window" binaries from the original webtop - all the headers you need are in /usr/include, so feel free to write your own! I'm not liable if it eats your cornflakes or puts gaffer tape on your cat, but here it is:
natty-base.tar.gz - 73MB

Update 26/9/11: I built eglibc 2.13 with

to work around the issue. Binaries here, updated tarball is base+glibc.tar.gz - 73MB.

posted at: 12:14 | path: /linux/atrix | permanent link to this entry

Sat, 30 Jul 2011

I'm Not Dead
and so neither is the cartridge project - I've just been really busy. I'm currently assembling resources for batch fabrication. The latest batch of PCBs is AWOL, and I'm waiting on various other things. Nonetheless, aiming to have a batch out around the end of October. Also, adding a firmware feature to support drag'n'drop firmware updates. Stay tuned!

posted at: 02:27 | path: /gameboy | permanent link to this entry

Wed, 11 May 2011

Drag and Drop?
Tags: cart hardware Just to clarify what "drag and drop" means, here's a video of writing a ROM (LSDJ with custom sample kit) and RAM (songs using the kit), at the same time.

posted at: 12:55 | path: /gameboy | permanent link to this entry

Mon, 09 May 2011

Cart Sneak Peek
Tags: cart hardware photos Microelectronic porn!

Yes, that is a micro USB jack on top, so unlike mini-USB carts, the connector actually fits into the case properly...

posted at: 13:59 | path: /gameboy | permanent link to this entry

Drag'n'Derp lives!
Tags: cart hardware So, no update on this for a while; real life has been keeping me busy. Nonetheless, I have found some time recently to get another tranche of work done on the cart design, to the point of having a couple of working prototypes now in testing.

What is it? I'm building a new Gameboy cartridge. Not GBA, not DS, original Gameboy. Why? Because a lot of people still use them, in particular for creating music with software like Johan Kotlinski's LSDj. And to do this, you need a flashable cartridge.

Why? Currently available carts need custom drivers to talk to a computer, and for many types, a cart reader device. This limits their compatibility, and the drivers tend to be poorly maintained after release, too.

Another issue is that all current carts use battery-backed RAM to save user data to - read: music that artists have spent many hours on. These batteries can last ten years in a well-designed system - from the date of manufacture, putting a lifespan on the cartridge and leading to scary reliability issues as they age.


  • 24MBit (3MByte) flash ROM
  • 1MBit (128KByte) Ferroelectric RAM
    Instead of battery-backed SRAM, the cart uses F-RAM, which maintains its contents in the absence of power, and has a data retention span on the order of a hundred years.
  • USB mass storage emulation
    The cart appears similar to a thumb drive, allowing ROM and RAM contents to be copied via drag and drop. No drivers are required, and supports all USB-capable platforms.
These features are provisional. This is not a multi-boot or multi-file cartridge.

So some prototypes are up, and being tested; this cart is real, and it is coming.
And here's a video of the fabrication of one of the prototypes, courtesy of Tom Gilmore!

posted at: 03:42 | path: /gameboy | permanent link to this entry

Thu, 07 Apr 2011

ShairPort 0.05 released
My girlfriend moved house, and her Airport Express no longer made it with her wireless access point. I figured it'd be easy to find an ApEx emulator - there are several open source apps out there to play to them. However, I was disappointed to find that Apple used a public-key crypto scheme, and there's a private key hiding inside the ApEx. So I took it apart (I still have scars from opening the glued case!), dumped the ROM, and reverse engineered the keys out of it.

So, here is ShairPort, an open-source (Perl/C) replacement.
13/4: Updated to 0.05 - cleaner, more informative error handling.
12/4: Updated to 0.04 - compile fixed on non-x86 platforms
11/4: Updated to 0.03 - bugfix release: broken with IPv6 (Mac troubles with iTunes). You must install IO::Socket::INET6 for Perl to fix this - Debian/Ubuntu users, this is lib-io-socket-inet6-perl.

Update: 2013
I'm now maintaining this again. Github repo is here.

posted at: 00:00 | path: /reversing | permanent link to this entry

Fri, 04 Mar 2011

WM8505 state of play - March 2011
The current state of Linux on the WM8505/VT8500 - as available for netbooks and tablets - is as follows:

General stuff

Hardware note

A number of WM8505 netbooks have a hardware bug where the sense line of the MMC/SD slot's write protect switch is reversed. These will sense unprotected SD cards as protected and vice versa. You will not be able to live-boot Bento Linux from a write-protected SD; it will hang when trying to mount the root filesystem, and consequently not load the framebuffer driver, and nothing will appear to happen.

Bento Linux

Bento was released with a kernel stolen from an Android device, as that was the only way to get Linux running initially on the 8505 devices. Now that the source has been released, we can change the shortcomings of this kernel, namely compiling in framebuffer console, and removing the Android security model code. Nobody has done this yet (and rereleased the bento fatpart).

Linux kernels

VIA's source release

VIA released some source code for these tablets. A slightly cleaned-up version of the VIA tree has been published by Angus Gratton here. This needs configuring to work properly. Key variable for video is GE_BUFFER_SIZE or similar. A working config is available here (for netbook).

Open source reimplementation

A completely open-source effort is underway to get a WM850x port into Linux mainline. This port is spearheaded by Alexey Charkov; its base is here. At this point, in addition to basic booting and serial, it supports video, RTC, keyboard. Tony Prisk has been working on MMC/SD patches, and there are also Ethernet support patches on the mailing list.

Development discussion takes place on a mailing list (here) - this group is for development discussion, not help requests, please!


The most active place for general help seems to be #easypc on irc.freenode.net.

posted at: 15:19 | path: /linux/wm8505 | permanent link to this entry

Sat, 29 Nov 1969


  • biomedical engineer
  • Sydney, Australia
  • spare time
  • certain person trying to get me to document my work

posted at: 14:00 | path: | permanent link to this entry

org.mafipulation@jhl:mailto index rss