The main motivation for this was that I made a video where I embedded a QR code generated with a “trustworthy” QR creator. It turned out that the URL they put into the QR code pointed to their domain and they tried to extort a premium subscription from me by making the code no longer work as intended.

So I used the anger about this obvious scam and that I was dumb enough to fall into their trap to write an app that does what I need while the new video was rendering.

Features

The app features are listed below:

Scan QR Codes

Of course the app is able to scan QR codes, you can either open URLs that are contained in the QR or copy their value to use in other apps.

Create QR codes

You can use the app to create QR codes too, you can set the content type, content value, foreground and background colors, the pixel shapes, and export the result as PNG or SVG.

Custom shapes

You can customize the shape of the QR code elements, for example you can make all pixels be circles instead of squares.

Custom colors (Added in v1.2.0)

In addition to being able to change the overall foreground and background color you can change the colors of the different QR code elements.

Custom logos (Added in v1.2.0)

You can add a custom logo from your photos to the QR code.

QR Code Validator (Added in v1.3.0)

The app will now warn you if the generated QR Code might not be scannable or might be decoded in a different way than intended.

“Single-Shape” Mode for Markers (Added in v1.3.0)

You can now select “single-shape” mode for the QR marker elements, for example the inner QR marker can either be made up of (for example) circles or be a single (large) circle; Same with the outer marker, it can be made up of (for example) rounded rectangles or be a large rounded rectangle surrounding the inner marker.

Planned Updates

If you want to help with testing the new features listed below, you can join the TestFlight Beta.

• Ability to set output size for PNG export
• Ability to scan and select between multiple codes (added in 1.0.0)
• More scanner actions
  • Import contacts from vCard codes
  • Save/Connect to WiFi from WiFi Codes

Download Link

The app is completely free to use, without tracking or ads, and can be downloaded on the AppStore.

I hope this app is useful, if not don’t hesitate to tell me the ways I can improve it.

Plus I get headaches as soon as I feel another endless loop of slop hallucinations appear, sometimes even just watching the thinking process is enough to make me restart the session and try refining the prompt, because it’s hard enough to read through the 80% blurb to get the 20% information you actually need from any useful response. At that point I could almost search the web myself, but of course this is also not really possible anymore, but I will get to that.

I used to view the code I built like an art project, now the “craft” is reduced to arguing with a machine. For example, I feel no personal connection to that Godot project besides the fact I wasted money for the subscription. I’d never say that about something I really made myself.

And it’s not just the personal connection, because the solutions to problems I had the AI research for me didn’t stick in my brain when I needed them again later. There is a study showing similar results.

Another thing that went bad is the joy of searching for solutions. Before AI turned search engines (or rather the results) into goop, researching a problem felt like conversing with ghosts of past legends to learn from their mistakes, now most of the top results are either ads, llm halluciantions, afiliate link spam, or any combination of those things. And while the engineers that would be in the position to fix the results are apparently busy doing something else, it’s probably also an endless burn pit resources to keep fighting this.

Because of that, the best option to search the web for programming problems is currently Bing(Chat) (I wish I was kidding) and the closest thing I get to joy when searching for solutions is the fake joy and overconfidence the language model has been forced to adapt. That is of course until the next “Here’s why that finally works ✨” slop response wastes not only another hour of my time but also the worlds finite resources. And those resources as well as the thermal/pollution capacity of our biosphere and the scales we can shrink technology to don’t scale infinitely, so while you can of course claim this is like Dial-Up internet, it doesn’t make much sense in my opinion.

Don’t get me wrong, I like computers, I LOVE to be able to bathe in the sounds of a full and busy server room, but I hate how all this is wasted for SLOP. Plain and simple. The level of usefulness is FAR below what it costs (us all), even if the product itself is “free of charge”.

All those cycles wasted…

At least I am not the only one having these kind of feelings:

• “We mourn our craft” - nolanlawson.com
  • I’m not the target audience, but I have a similar fear for the future. I don’t think I’d be laughing though…
• “(AI) Slop Terrifies Me” - ezhik.jp
  • After reading this I’m most terrified that the problem is not slop itself, but slop overload…
• “I Am Happier Writing Code by Hand” - abhinavomprakash.com
  • The approach explained in the end with copying only the relevant code from the prompt area is similar to how I used BingChat and ChatGPT.
• “AI fatigue is real and nobody talks about it” - siddhantkhare.com
  • Made by an AI engineer, I couldn’t read most paragraphs to their end because it felt like AI, does this even count?

I’m not sure how to get back the ability to search for solutions like back in the day, I’m currently exploring kiwix and yacy in that regard, but I fear that unleashing LLM technology was a one-way action, and now searching the web can never be properly/productively done by a single human ever again…

Welcome to the final post of 2025; Happy New Year!

In this post I will list the necessary steps and recommend some configuration options that might be helpful if you happen to be in a similar situation, or are considering, or currently in the process of switching your SSH keys to be TPM-backed.

One of the main benefits I hope to get from this change is peace of mind, as the private key will be kept in the TPM and can’t be (that easily) stolen by for example malware running as my user account (which would normally have read access to the private key). Additionally I hope to get more quality of life from using biometric authentication instead of passphrases when authenticating.

Managing TPM keys

This section describes the methods to manage private keys saved in the TPM.

Generating a private key

The private key will be created using the built-in tool sc_auth (you can view its manual page using man sc_auth):

sc_auth create-ctk-identity -l "<LABEL>" -k p-256-ne -t bio -N "<LABEL>" -E "<EMAIL>"

You will have to replace:

• <LABEL> with a label of your choice (I use user@host for ssh keys)
• <EMAIL> with an email address representing the key (it’s optional, see the explanation of the parameters below)

Here’s what the parameters mean:

• -l is the key label for the list of keys saved in the TPM
• -k is the key size, please note that only 256 and 384 are supported, but 384 is not supported by ssh; the -ne suffix means non-exportable, if you choose the key size without that suffix the private key can be exported from the TPM
• -t is the private key protection, allowed values are bio for biometric protection, or none
• -N is the common name attribute of the key, this is not used by ssh and only added for decorative purposes (similar to the label, so I used the same value)
• -E is the email address attribute of the key, same as the common name it’s not used by ssh and only set for decorative purposes

Listing and removing keys

To list keys saved in the TPM you can use:

sc_auth list-ctk-identities

To delete a certain key, you can note its ID in the output of the command above and run:

sc_auth delete-ctk-identity -h <ID>

You have to replace <ID> with the ID of the key you want to delete.

Exporting the keys for SSH

To export the public key and a reference to the credential stored in the TPM, you can run this command:

cd ~/.ssh
ssh-keygen -w /usr/lib/ssh-keychain.dylib -K -N ""

This will export the keys saved in your TPM into the current folder (which is ~/.ssh after the cd command).

Note that if the ~/.ssh folder doesn’t exist, the best way to create it is letting SSH handle it by running ssh-keygen -t rsa -b 1024 -C temp, then spam enter until the key is generated, followed by rm ~/.ssh/id_rsa* to delete the key and be left only with a working ssh dir.

Here’s what the parameters mean:

• -w sets the keychain library to use (the path points to a system library used to communicate with the TPM)
• -K tells ssh-keygen to load keys from “the first connected FIDO authenticator” (which is the TPM in most cases)
• -N sets the key passphrase, we use an empty string since the user presence is confirmed using biometrics (you could additionally use a passphrase)

Using the key by default for all hosts

Since I want to use this key as default for all hosts, the easiest way to set this is using my ~/.ssh/config file, which is also taken into account when using git, rsync, etc. I added this part:

Host *
	IdentityFile ~/.ssh/id_ecdsa_sk_rk
	IdentitiesOnly yes
	SecurityKeyProvider /usr/lib/ssh-keychain.dylib

What we’re telling ssh here is that for any host (*), we want to use the TPM library, the TPM key and that we don’t want to use any other key file than the one specified.

You can (and probably need to) change this to match your setup.

Deploying the public key on hosts

Deploying the public key on your hosts should work as normal (you can use a multitude of methods).

The one thing I thought was weird is that in the exported key the key comment is just ssh: and I was unable to get it set to something else using sc_auth. Fortunately you can simply change the comment of public keys in your hosts, it will not be validated when you try to connect.

Connecting to hosts

Now when you run ssh user@myhost with a valid user against one of your machines, you should be prompted to provide biometric authentication, similar to this:

And two new log messages in the SSH output:

Confirm user presence for key ECDSA-SK SHA256:<HASH>    # when the dialog appears
User presence confirmed                                 # after successful confirmation

I think this is an improvement compared to using passphrases (I don’t like to use ssh-agent, and passphrases get annoying over time), I’m not sure about how much of a hassle this will become once all my keys are hardware-backed and all hardware goes down, but once I get to that point I will surely®️™️ have a proper backup strategy for this case.

Regarding the experience of authenticating, I think there should be a better icon and description used in the authentication dialog, which better indicates where the authentication is coming from and what it’s for, apart from that I’m happy with how this currently works.

I hope this post was useful. If you have any comments, suggestions, or found errors please let me know!

It turns out the driver for the network card had a setting for throttling interrupts to the CPU, which was enabled by default. This reduces resource usage, but in my case it introduces problems, because incoming packets (for example me trying to move the mouse in a game) are not immediately sent to the CPU for processing, but rather collected over some amount of time or number of packets.

The way to disable it is:

1. Open device manager
2. Open the Properties window of the network card
3. Select the “Advanced” tab
4. Set “Interrupt throttling” to “disabled”
5. Click “Apply”

To be sure I rebooted the PC, but I immediately noticed a less laggy input when applying the setting.

If this applies to you, maybe your driver has a similar setting which is enabled by default.

The other way around might apply as well. If you notice FPS drop or similar issues in a busy network (and are not streaming your input via network), enabling this might give other parts of the system more breathing room. The driver for the card I use also had a setting for changing the “throttling amount”, but only for arbitrary values like “high”, “medium”, and “low”, instead of allowing me to set a time or a number of incoming packets.

I hope this post was useful. If you have any suggestions or found errors please let me know!

Instead of being able to quickly create a new project with the summary of the idea in the README using the GitLab Web UI, I now end up having to use some slop Microsoft product (the “GitLab WebIDE” is just a broken web-port of VSCode) that can’t even commit a simple README.md into an empty repository:

Correct me if I’m wrong, but I expected the default editor on a site built around hosting code with Git would let you commit to a Git repo.

Also, hey WebIDE, is this console with more information in the room with us right now? Because all the panels I can see are:

• Comments
  • Showing a “There are no comments in this workspace yet” placeholder text
• Terminal
  • Showing a “The terminal is not available in the Web IDE” placeholder text
• Output
  • Which is empty
• Problems
  • Showing a “No problems have been detected in this workspace” placeholder text

And of course in good Microsoft fashion, you can only copy some of the panel placeholder texts, who needs a consistent experience after all, just ask the AI to put more slop on top of it until you don’t notice it anymore.

I’m sad (apart from the anger I feel because using a previously useful tool now resulted in me having to look at yet another ugly and broken Microsoft UI) to see another default option being slop, what is happening to software QA?

And I wonder, same as when I see Microsoft employees holding presentations about their slop OS using MacBooks, if people really use the software they put out anymore.

UPDATE Nov 2025: You know what the world needs right now? - That’s right:

Yet another slop VSCode fork, of course with AI integrated

Imagine that, the company that (once) built the (once) best browser, the (once) best search engine, the (once) best AI*, the (once) best mobile operating system is now playing catch-up in wasting resources with the other big multicolored dystocorp.

VSCode is the new Chromium. Can’t wait for “Antigravity” to be mothballed in a year or so…

I have tried the Asahi Linux Fedora distribution a while ago and was surprised at how well it worked, the Asahi Contributors did an awesome job! However, I am more familiar with Debian, so I wanted to use that. Disk encryption is also required because the device is a laptop and I’m not sure yet where I might take it tomorrow.

Important

• First of all, ensure that there is enough free space on your macOS partition!
  • You will need enough space for your Debian installation (only you know how much you need), and a temporary second installation which will be used to encrypt the main one.
• It’s important to install/create the temporary Debian install after the primary one, so the space used for the temporary installation will able to be reintegrated into the macOS partition.
• To make it easy to differentiate between the primary and temporary installation, I’d suggest using a different GUI in the temporary installation.
• Doing things wrong can brick your device. You need a second Mac in order to reflash the one you modified in case you (for example) accidentally delete the macOS Recovery or something like that!
• Don’t run this on your primary machine unless you have backups and a way to recover (a second Mac)!

Sources

• There is an Article about installing Debian on M1 Hardware in the Debian Wiki which is very helpful for a basic overview of the installer and how it works.
• There is a very helpful post about encrypting an already existing Debian installation on which this post is based, with additional modifications for M1 Macs/Asahi I found while going through it!
• The Asahi Partitioning Cheat Sheet might be helpful as well.

Installation

Let’s start with the installation (all Linux commands are supposed to be run as root, all macOS commands as your primary macOS user unless otherwise noted)!

Installing the primary Debian

In macOS, open the terminal and run curl -L https://bananas.debian.net/install | sh, follow the instructions the script gives and read everything at least twice before pressing enter.

Initially, the script will only offer to shrink your macOS installation, select that, follow the instructions to set the desired partition sizes (without the temporary second installation for now, only the primary one), and after it is done you will be sent back to the partition overview where the free space will be shown alongside an additional option to install Debian into it. Start the installation, then wait until the script shows the instructions for the next steps.

Read the instructions carefully.

The script will have you reboot into the Startup Options then choose the newly installed Debian installation which will actually launch a macOS recovery where you have to authenticate three times using your macOS credentials (once for accessing the recovery, then once to disable SIP, and then once again along with your username to change the boot policy for the Debian installation), after which the install script will finally boot the new Debian installation. In there you could do some first-time setup tasks now, but I’d do most of that (except maybe updates and keyboard/locale settings) when the encryption is done.

Preparing for the encryption

There are some tasks that need to be done in order to prepare the installation for the encryption while it is booted:

1. Install required packages: apt install cryptsetup cryptsetup-initramfs
2. Add the line GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub
3. Run update-initramfs -u -k all && update-grub to update the initramfs and GRUB

After this is done, shut down the system and wait for the device to be fully off, then press and hold the power button to go into Startup Options, then select the macOS partition to boot back into macOS.

Installing the temporary Debian

If you (like me) selected to use all the available space for the Debian install, you might need to clean up more space by deleting more stuff (maybe clean the bin for once). Otherwise (if you read the guide and reserved the space beforehand) it’s time to run the installer (curl -L https://bananas.debian.net/install | sh) again, to shrink the macOS partition once more, the temporary installation doesn’t need much space, I ended up using 30GB because it was available.

After new free space is created, select to install Debian into the free space and give the installation a different name, so you can easily separate the two. Then it’s the same procedure as before, let the script run, then reboot, select the new temporary installation, authenticate in recovery in order to make it bootable, then let it reboot.

This time it will boot the wrong Debian instance, which can be detected by the first time setup not appearing. In that case you have to select the temporary installation once again in Startup Options, after which the first time setup for the temporary installation should appear.

Encrypting the primary Debian

In the temporary Debian, we can now encrypt the primary installation, but first of all it’s time to…

Install dependencies

Make sure the connection to the internet (or your mirror) is working, and install the required packages: apt install cryptsetup.

Find partitions

After that, run fdisk -l, and search through the output, we will need three partition paths for later from it (it’s easiest to do that in order):

1. The primary Debian installation root partition
   • This will probably be the largest “Linux filesystem” partition in the output
   • It might have a slightly smaller size than what you set in the installer
2. The boot partition of the primary Debian installation
   • This will be the smaller “Linux filesystem” partition right before the primary partition
3. The EFI partition of the primary Debian installation
   • This will be the “EFI System” partition right before or after the boot partition of the primary Debian installation

In my case, p10 was the primary Debian, p8 was the EFI partition and p9 the boot partition, but this might differ if you have customized your partition layout.

Ensure that you picked the right partitions! If you accidentally update the wrong boot partition you will have to erase both Debian installations from macOS and start from the beginning again.

Encrypt the partition

Create a script file (for example ~/encrypt.sh) and paste the following:

#!/bin/bash

set -euo pipefail

# DISCLAIMER: USE AT YOUR OWN RISK AND MAKE BACKUPS

# Based on instructions from:
# https://blog.williamdes.eu/Infrastructure/tutorials/encrypt-an-existing-debian-system-with-luks/
# Which is in turn based on instructions from:
# https://wiki.archlinux.org/index.php/dm-crypt/Device_encryption#Encrypt_an_existing_unencrypted_filesystem

# Save partition path as variable
DISK="${1:-}"

# Check if path exists
if [ -z "$DISK" ]; then
	echo "Usage: $0 /dev/nvmeXnXpX"
	exit 1
fi

# Run a filesystem check on the selected partition
e2fsck -f "$DISK"

# Make the filesystem slightly smaller to make space for the LUKS header
BLOCK_SIZE=`dumpe2fs -h $DISK | grep "Block size" | cut -d ':' -f 2 | tr -d ' '`
BLOCK_COUNT=`dumpe2fs -h $DISK | grep "Block count" | cut -d ':' -f 2 | tr -d ' '`
SPACE_TO_FREE=$((1024 * 1024 * 32)) # 16MB should be enough, but add a safety margin
NEW_BLOCK_COUNT=$(($BLOCK_COUNT - $SPACE_TO_FREE / $BLOCK_SIZE))
resize2fs -p "$DISK" "$NEW_BLOCK_COUNT"

# Run the encryption process
# MAN: https://man7.org/linux/man-pages/man8/cryptsetup-reencrypt.8.html
cryptsetup reencrypt --encrypt --reduce-device-size 16M "$DISK"

# Resize the filesystem to fill up the remaining space (i.e. remove the safety margin from earlier)
cryptsetup open "$DISK" recrypt
resize2fs /dev/mapper/recrypt
cryptsetup close recrypt
echo "Done!"

Then save and close the file. This script will first make the primary partition a bit smaller to fit the LUKS header, then encrypt the partition (and prompt you to enter YES and the password you want to use to decrypt the partition), and after that prompt for the same password again in order to open the encrypted partition to resize it to its original (or almost original) size. After the file is created, make it executable by running chmod +x ~/encrypt.sh, and then run it:

~/encrypt.sh

After everything is done, and Done! was logged to the terminal, the partition is encrypted, but there is still some work to do.

GRUB Compatibility

Unfortunately, GRUB doesn’t support the argon2id key derivation function (source 1, source 2) that cryptsetup uses by default, so the key has to be changed to PBKDF2 (replace <PARTITION_PATH> with the path of the primary (now encrypted) partition):

cryptsetup luksConvertKey --pbkdf pbkdf2 <PARTITION_PATH>

After that, it is a good idea to check if everything still works:

cryptsetup --verbose open --test-passphrase <PARTITION_PATH>

Making it bootable

The final step is to update the configuration files of the primary Debian installation so that it can successfully boot with the now very different setup.

Chrooting into the primary install

To do that we will mount the primary Debian installation into the currently running temporary one, and use the chroot tool in order to change some things before we can boot.

As I did in my post about remotely setting up an encrypted Debian server, I will use cryptroot as the encrypted root partition id, you might want to change it if your preferences differ.

Replace <ROOT_PARTITION_PATH> with the path of the (encrypted) primary partition, <BOOT_PARTITION_PATH> with the path to the boot “Linux filesystem” partition of the primary installation, and <EFI_PARTITION_PATH> with the path to the EFI system partition of the primary installation.

1. Unlock the encrypted partition:
   • cryptsetup luksOpen <ROOT_PARTITION_PATH> cryptroot
2. Mount the unlocked partition:
   • mount /dev/mapper/cryptroot /mnt
3. Mount the boot partition:
   • mount <BOOT_PARTITION_PATH> /mnt/boot
4. Mount the efi partition:
   • mount <EFI_PARTITION_PATH> /mnt/boot/efi
5. Mount some required things from the running temporary Debian:
   • mount --bind /dev /mnt/dev
   • mount --bind /sys /mnt/sys
   • mount --bind /proc /mnt/proc
   • mkdir -p /mnt/run/udev
   • mount --bind /run/udev /mnt/run/udev
6. Chroot into the primary installation:
   • LANG=C.UTF-8 chroot /mnt /bin/bash

It might appear that nothing has changed with the last command, but if there was no error, and you see a root prompt, you’ve successfully changed into the primary installation.

Configuring the primary system

Next, run blkid -o value -s UUID <ROOT_PARTITION_PATH> and copy/remember/write down the UUID (we will refer to this as <ROOT_PARTITION_UUID>).

1. Edit /etc/crypttab and add the following line:
   • cryptroot UUID=<ROOT_PARTITION_UUID> none luks
2. Edit /etc/fstab and change the line for the root device so that it uses /dev/mapper/cryptroot as device instead of what it currently uses (in my case a UUID).
3. Edit /etc/default/grub and add the following into the GRUB_CMDLINE_LINUX="" variable content:
   • cryptdevice=UUID=<ROOT_PARTITION_UUID>:cryptroot root=/dev/mapper/cryptroot
4. Update the initramfs and GRUB:
   • update-initramfs -u -k all && update-grub

It is at this point where the error I talked about earlier can happen, where you accidentally identified the boot and efi partitions of the temporary system and mounted them into the primary system, the primary system won’t be able to boot because it can’t handle decryption, and the temporary system won’t boot anymore wither since it then tries to but can’t find any encrypted drive!

Finishing up

Now it’s time to exit the chroot, and then unmount all the disks and reboot using:

umount /mnt/boot/efi /mnt/boot /mnt/proc /mnt/sys /mnt/dev /mnt/run/udev # sometimes I need to run this twice
umount /mnt # If this says "target is busy", run the previous umount again
sync
shutdown -h now

It’s important to use shutdown -h now because we don’t want to reboot the temporary installation, we want to turn the device off.

Booting the encrypted installation

When the device is fully off, press and hold the power button to boot into Startup Options, then select the primary Debian installation. Same as usual, it should boot the Asahi boot stage, then uBoot, followed by GRUB which loads the kernel, then you should get asked to unlock the primary partition, and after that the system should boot just as usual.

Troubleshooting

In case something doesn’t work, you can shut down the system, enter Startup Options to boot from the temporary Debian, then chroot into the primary system in order to double-check your configuration files, maybe it’s just some wrong UUID or value in the files that need to be configured in order for the system to properly find the newly encrypted root partition. If neither the temporary nor the primary installations will boot, it’s best to boot back into macOS, and then deleting the Linux partitions again in order to start from scratch.

Cleaning up

After the encrypted primary installation was confirmed to be working, the temporary installation can be deleted to reclaim the space back for macOS. In order to do that, boot back into macOS, then:

1. Open a terminal
2. Run diskutil list
   • You will get multiple “synthesized” disks as output, one of which will be the temp installation, and another the macOS installation
   • The name of the temp disk (without the path, for example disk5) will be <TEMP_DISK_NAME> in the next step
   • The name of the macOS disk (without the path, for example disk0) will be <MACOS_DISK_NAME> in the next step
3. Run diskutil apfs deleteContainer <TEMP_DISK_NAME> to delete the temp installation
4. Run diskutil apfs resizeContainer <MACOS_DISK_NAME> 0 to resize the macOS disk to use the free space from the temp installation

The final step is to shut down the machine once again and boot into Startup Options, because right now the (deleted) temp installation is still the primary booting os in EFI. To change this, select the primary Debian installation in Startup Options and hold down the alt key while you select it so it says “Always Use” on the button. This way, next time you reboot the Mac, Debian will boot automatically. If you decide to skip this step the MacBook will run into a bootloop a few times (I think it was three reboots), then it will default to boot macOS (at least it did in my case).

I hope this post was useful. If you have any suggestions or found errors please let me know!

Turns out the only thing that really has changed is that it’s now basically impossible to make it less ugly.

So many years have gone by, and still the trackpad feels as weird/glitchy as I remember, the sounds are annoying and on full blast by default, everything is HUGE with large paddings everywhere and animated in a way that makes it feel slippery like oil on linoleum; The first instinct I have is to change settings because everything feels awful, and there are three applications to configure the preferences, one of which is basically regedit.exe, why? No idea.

I wasted two hours in trying to get it to look at least a bit better, I only managed to change the title bar of the terminal application, everything else seems to use this new fixed design that is 99% padding (== wasted space) and only available in two weird colors, did I mention that you can’t even change the size of the dock (or maybe I didn’t look deep enough into the cursed config editor thing).

The resolution scaling is completely useless as well; because of the design not being configurable, I tried using the scaling to make it bearable, but I would need something like 132% to make it perfect and of course I can only choose between 125% (too small to read) or 150% (boomer mode), with a dropdown.

At least there are visible improvements. Lots of time seem to have been sunk in reimplementing all the things Apple keeps cramming into macOS for some weird reason (which made me check out going back to Linux in the first place, oh well) but without the (nowadays really lacking) love and care (aka. QA) that MADE macOS feel special.

Sad to see the primary/first option listed in the Debian installer being this bad.

It’s not (yet) the time of the Linux Desktop (imo).

The main motivation for this was a new cable I got. It has USB-C with a DAC on one end and a guitar jack on the other (after using it for a while I wouldn’t recommend this specific model as it generates lots of noise). Initially I used this cable to connect my guitar to my laptop and then use either Logic or MainStage to have a virtual amplifier, but then I had to think of the cute little Marshall MS-2 pocket amplifier I had as a child, and wanted to build an app with this (and more) functionality for iOS (which is possible now that the iPhone supports USB-C, and with that generic USB audio devices).

Features

The app features are listed below:

Freely choose input and output

You can change the input and output device you want to use, for example you could amplify your voice using the built-in microphone out to a bluetooth speaker (keep in mind that bluetooth will add latency) to make an announcement, or use a multi port adapter with an additional audio adapter to route the generated audio back to a mixer if you forgot to bring your amp or pedalboard to band practice.

Dual Gain Stages

There is pre- and post-gain, which lets you adjust the signal level in exactly the way you want/need. Pre gain is applied right after the input, post gain right before the output.

Output Meter

The application shows a waveform of the current output signal, a level meter, and a clip indicator which flashes red if the output signal is above 100% level.

Since v1.1.0 the update interval of the output meter can be configured in order to match your preference or requirements.

Distortion, Reverb, and Delay

The app has configurable distortion, reverb, and delay plugins with built-in presets to choose from and properties to configure.

Equalizer

There is also a 6-band EQ with additional settings for each equalizer band.

Configurable Plugin Chain

You can enable/disable plugins, and change their order (distortion, reverb, delay, noise gate, eq) within the mixing chain.

(Added in v1.1.0) Noise Gate

The Noise Gate plugin allows for muting the input if the level falls below a configurable threshold.

(Added in v1.1.0) Metronome

Use the metronome to practice your beat keeping, it can be used even when no input is selected.

(Added in v1.1.0) Tuner

The app features a tuner which can be used to tune instruments or measure frequencies.

Planned Updates

If you want to help with testing the new features listed below, you can join the TestFlight Beta.

• Pitch Shift effect/plugin
• Configurable EQ Frequency Bands
  • Ability to add/remove bands
  • Ability to change EQ band center frequency

Download Link

The app is completely free to use, without tracking or ads, and can be downloaded on the AppStore.

I hope this app is useful, if not don’t hesitate to tell me the ways I can improve it.

I would expect that they test the paint they use for a wearable product for chipping when worn. But I guess that’s too much to ask for nowadays, what happened to QA…

Update 02/26: I stopped wearing the watch because the software got too annoying and suddenly realized that my lower arm doesn’t hurt anymore (I wasn’t aware it was hurting before), the watch mark is still there though, four days after last wearing it.

Initial Plans

Luckily, the doorbell is powered using a 9V battery and only two cables for the trigger are connected to the actual doorbell module on our wall, using screw terminal blocks.

Judging from this, it should be possible to remove those cables and put them onto custom hardware which then does some magic to notify me using my phone.

My first thought was to write an iOS app, which can receive push notifications from the hardware, and initially I planned to build this using an ESP32 (because I already have some of those) but it turns out this wasn’t a good plan for multiple reasons:

• The ESP32 is way too underpowered to send Apple push notifications which uses modern encryption with HTTP/2
• The iOS app I would build to receive notifications will either have to be published to the AppStore (publicly) or rebuilt every few days when the developer certificate expires
• The notification won’t arrive if there are problems with the internet connection, since the notification goes through Apple Servers

So I decided to do more research, luckily I found HAP-NodeJS which is a HomeKit library for Node.js which is made by the Homebridge developers. This needs a Node.js environment though, so the ESP32 would not work.

Setting up the hardware

The next best piece of hardware (that I know of) is a RaspberryPi Zero W which is running Raspbian (Debian).

For a how-to on configuring (and securing) the operating system on the Pi, you can use the post installation steps of my Debian server setup post, as well as the official documentation provided by RaspberryPi.

It’s important to ensure that you install the pigpiod package by running: apt install pigpiod as root on the Pi.

Getting Node.js

There was another pitfall though, the Raspberry Pi Zero W is 32-bit (armv6l) only. The current Node.js LTS (v22) is not built for this anymore, I tried cross compiling it myself using a Debian aarch64 Docker image on my MacBook but that didn’t work because some tools during build would call armv6l executables which of course don’t run on aarch64. Next, I tried emulating a Raspberry Pi using qemu in UTM, but that would only let me use the actual specs of the Raspberry Pi (single CPU core, 512MB RAM), which would run slower than the actual hardware. So I tried compiling Node.js 22 directly on the Pi Zero, but the Pi lost WiFi connection after two days of uninterrupted compilation and I had to restart it because it wouldn’t reconnect, after which I would have to start the process all over again.

So in the end I settled with the latest available Node.js prebuilt for armv6l, which turns out to be Node.js v20.19.3.

Building the Service

Now that we have the Node.js environment, we can start developing the service which will run on the Pi.

Package.json

I created an initial package.json with the data I wanted and added two dependencies:

{
  "dependencies": {
    "@homebridge/hap-nodejs": "^2.0.0",
    "pigpio-client": "^1.5.2"
  }
}

Here’s a short explanation of the dependencies:

• HAP-NodeJS is the HomeKit library which lets us communicate with HomeKit
• onoff is a GPIO library which lets us control the GPIO pins of the Pi Zero

Main.js

Now it’s time to add the actual code (you have the luxury of being able t copy it, but remember to change the id and metadata values to fit your setup):

import {Accessory, Categories, Characteristic, Service, uuid} from "@homebridge/hap-nodejs";
import pkg from '../package.json' with { type: 'json' };
import PigpioClient from 'pigpio-client';

console.log("Initializing…");
const accessoryUuid = uuid.generate("com.example.doorbell"); // this should stay the same for the entire lifetime of the accessory
const accessory = new Accessory("Doorbell", accessoryUuid); // the name can be anything you want, can also be changed later


console.log("Registering doorbell service…");
const doorbellService = new Service.Doorbell("Doorbell"); // the service name can be anything you want 
const triggerCharacteristic = doorbellService
    .getCharacteristic(Characteristic.ProgrammableSwitchEvent)
    .setProps({
        validValues: [Characteristic.ProgrammableSwitchEvent.SINGLE_PRESS]
    });
accessory.addService(doorbellService);


console.log("Registering info service…");
const infoService = accessory.getService(Service.AccessoryInformation)
infoService
    .setCharacteristic(Characteristic.Manufacturer, 'Your Name') // add your name here
    .setCharacteristic(Characteristic.Model, 'Doorbell') // The model can be whatever you want
    .setCharacteristic(Characteristic.SerialNumber, '42') // You can also decide the serial number
    .setCharacteristic(Characteristic.FirmwareRevision, 'bookworm') // I used the os version of the Pi zero here, feel free to use whatever you want
    .setCharacteristic(Characteristic.HardwareRevision, 'Mk1') // This can be also whatever you want
    .setCharacteristic(Characteristic.SoftwareRevision, pkg.version) // I used the "version" property of the package.json here for clarity


console.log("Registering indentify service…");
accessory.on('identify', (paired, callback) => {
    console.warn('Identify is not yet implemented in hardware!');
    // If you add an LED or something similar to help with identification you can toggle it in this handler.
    callback()
})


console.log("Initializing GPIO…");
const client = new PigpioClient.pigpio({ host: '::1', port: 8888 });
client.on('error', err => {
    console.error('GPIO Error:', err);
    process.exit(1);
});
client.on('connected', () => {
    console.log('Connected to pigpiod…');
    const button = client.gpio(23); // GPIO 23 has ID 535 internally and is directly next to a GND, 
                                    // see the output of "cat /sys/kernel/debug/gpio" for more information
                                    // on the numbering scheme.
    button.modeSet('input');
    button.pullUpDown(2);
    let lastTick = 0;
    button.notify((level, tick) => {
        if (level === 0 && tick - lastTick > 200_000) {
            console.log('Doorbell pressed!');
            triggerCharacteristic.updateValue(Characteristic.ProgrammableSwitchEvent.SINGLE_PRESS);
            lastTick = tick;
        }
    });
    console.log('GPIO Initialized!');


    console.log("Publishing HomeKit service…");
    accessory.publish({ // Publish should always be the last step!
        username: "FE:ED:BE:EF:42:42", // this value should be customized and unique on your network in case you build multiple accessories (you could run them on the same host)
        pincode: "123-32-123", // you can change this to whatever value you want, this needs to be entered during setup in the Home app
        port: 47128, // remember to open this port if you use a firewall on the Pi Zero
        category: Categories.DOOR, // this is used for UI icons only, door fits best in my opinion
    }).then(() => {
        console.log("Accessory ready!");
    });
});

In the code, GPIO 23 is used as sensing pin listening for the falling edge, it is debounced for 200ms before it triggers (you could also increase this to prevent spam) and then sends the HomeKit event.

Doorbell.service

And finally, a SystemD service file so the HomeKit service starts when you boot the Pi:

[Unit]
Description=Doorbell HomeKit Service
After=syslog.target
After=network.target
# Add the targets below if you use WiFi with dhcp…
#After=wpa_supplicant.service
#After=dhclient.service

[Service]
LimitMEMLOCK=infinity
LimitNOFILE=65535
RestartSec=2s
Type=simple
User=doorbell
Group=doorbell
WorkingDirectory=/home/doorbell/doorbell/
ExecStart=/usr/local/bin/node src/main.js
Restart=always
Environment=USER=doorbell

[Install]
WantedBy=multi-user.target

As you can see in the SystemD file, I am running the service as the “doorbell” user. This user of course has to be created first (adduser doorbell), remember to follow best practices and set a strong password.

Deployment

Of course, you also need to transfer the code to the Pi zero somehow, for example you could either develop directly on there (code will be lost if the system breaks), or you develop using Git and then use the Pi as a remote you push to in order to deploy new code.

I have a GitLab instance running in the network the Pi will run in, so I decided to do automated deployment using GitLab CI. First of all, I have to generate a new SSH Key pair, the public key of which I then add to the authorized_keys files of the root and doorbell user (root is needed to restart the service and configure the GPIO pin), and then I saved the private key in base64 encoded form as a masked and protected secret variable in GitLab CI. Finally, I added this CI file to the Git Repo (you will have to change doorbell.local to the DNS entry of the Pi):

image: debian:latest

stages:
  - deploy

variables:
  JEKYLL_ENV: production
  LC_ALL: C.UTF-8

before_script:
  - apt -yqqqqqqqqq update
  - apt -yqqqqqqqqq upgrade
  - apt -yqqqqqqqqq install rsync openssh-client
  - mkdir -p ~/.ssh
  - echo "$DEPLOY_KEY" | base64 -d > ~/.ssh/id_ed25519
  - chmod 600 ~/.ssh/id_ed25519
  - ssh-keyscan -H doorbell.local >> ~/.ssh/known_hosts

deploy-prod:
  stage: deploy
  script:
    - ssh -tn root@doorbell.local "systemctl enable --now pigpiod.service"
    - ssh -tn root@doorbell.local "systemctl stop doorbell.service"
    - ssh -tn doorbell@doorbell.local "mkdir -p /home/doorbell/doorbell/"
    - rsync -avz --delete ./ doorbell@doorbell.local:/home/doorbell/doorbell/
    - ssh -tn doorbell@doorbell.local "bash -lc 'cd ~/doorbell && npm i'"
    - ssh -tn root@doorbell.local "mv /home/doorbell/doorbell/doorbell.service /lib/systemd/system/doorbell.service"
    - ssh -tn root@doorbell.local "systemctl daemon-reload"
    - ssh -tn root@doorbell.local "systemctl restart doorbell.service"
    - ssh -tn root@doorbell.local "systemctl enable doorbell.service"
  rules:
    - if: '$CI_COMMIT_TAG'
      when: always
    - when: never

This CI file copies files to the Pi, installs dependencies, and restarts the service. Plus it only runs on tagged commits.

So now I am able to work on the code, push every commit, and when I want to update the code running on the doorbell, I just bump the version, add a tag, push it and everything will be done automatically. I even added a way to notified via Grafana Alerts when the service fails, if this sounds interesting for your case too, check out my post about monitoring servers.

HomeKit Setup

I already have an existing HomeKit setup using my AppleTV as a Home Hub, so I only needed to go to the “Add Accessory” screen, then (when the QR scanner view is shown) you have to select “more options”, and the Pi should be already visible there (the QR setup is only really needed when the accessory is not yet connected to the local network), and you can set it up using the pincode property set in the Node.js code. After a short waiting time, the accessory appears in the home view (alongside a notice that it’s not supported, since as a sad single developer I don’t have the resources required to join the MFi program) and is usable.

It works

When I now connect the GPIO I used in the code to a GND pin, (for example by using the doorbell button) I receive a notification on my iPhone:

I hope this post was useful. If you have any suggestions or found errors please let me know!

I don’t always use Linux GUI tools, but when I do, I most likely forward them to macOS using XQuartz and ssh -YC or ssh -XC (X11 forwarding and compression).

Killing X11 will break my workflow, and I can only hope people will at least keep X11 (and XQuartz) alive in some state that allows continued usage in the places where wayland isn’t yet usable.

If you have any suggestions (especially if you know how to do the X11<->XQuartz equivalent with wayland) please let me know!

Update

I found a way of doing the forwarding from within a wayland session using XWayland, so the problem I see seems solvable, or at least circumventable, although it’s still not clear to me if this also applies to an otherwise completely GUI-less system and if I need to do any extra configuration on my servers in order to get the forwarding work as conveniently as it currently is. And while there is an Objective-C wayland client on GitHub, the last commit was four years ago, the README states it’s still in early development, and I only know Swift, so I’d have to learn Objective-C again before being able to try to work on anything in that direction.

To be honest, I think I will leave this work for future Lerk in a time when X11 forwarding doesn’t work anymore and the changes have to be made anyway (and maybe the forwarding is properly included by then, which would be a perfect outcome and solve the reason for this rant, a (in my opinion) core feature missing in the replacement of something considered legacy).

Requirements

• A Debian server/VM
  • See my post about remotely setting up an encrypted Debian server
  • This guide might work with Ubuntu as well, although I don’t use it and didn’t test this guide with it.
• About ~750GB of HDD space (more if you want to host multiple architectures and/or more repositories)

Installation

Installing the system itself is outside the scope of this post, you can refer to the post linked above for a guide on installing Debian remotely, you can use a different method if you prefer, as long as you have a functioning system in the end.

Setting up apt-mirror

After you installed Debian and did the initial hardening/configuration according to your needs, you can start with installing the dependencies.

1. Install apt-mirror: apt install apt-mirror apt-transport-https ca-certificates
2. Configure apt-mirror:
   1. Open the configuration file /etc/apt/mirror.list using your favorite editor and paste the following:

      ############# config ##################
              
       ## This option sets the base path for apt-mirror to use.
       set base_path    /var/apt-mirror
              
       ## The options below allow you to change the locations
       ## that are usually located in the base_path.
       # set mirror_path  $base_path/mirror
       # set skel_path    $base_path/skel
       # set var_path     $base_path/var
       # set cleanscript $var_path/clean.sh
              
       ## You can change the default architecture using this option.
       # set defaultarch  <running host architecture>
              
       ## You can use the options below to run a script
       ## after the mirroring finished.
       # set postmirror_script $var_path/postmirror.sh
       # set run_postmirror 0
              
       ## The number of threads to use for downloading packages. 
       set nthreads 8
              
       ## Packages with a tilde (~) in their version are pre-release,
       ## we don't want them in the mirror.
       set _tilde 0
              
       ############# end config ##############
              
       ##
       # Debian v12 Bookworm
       ##
              
       # Debian Bookworm
       deb https://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
       deb-src https://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
       deb-amd64 https://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
       # deb-arm64 https://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
              
       # Debian Bookworm Updates
       deb https://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
       deb-src https://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
       deb-amd64 https://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
       # deb-arm64 https://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
              
       # Debian Bookworm Backports
       deb https://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
       deb-src https://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
       deb-amd64 https://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
       # deb-arm64 https://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
              
       # Debian Bookworm Security
       deb https://deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
       deb-src https://deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
       deb-amd64 https://deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
       # deb-arm64 https://deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
              
       ##
       # Other Stuff
       ##
              
       # Clean Scripts
       clean https://deb.debian.org/debian-security
      

   2. Make sure to update the configuration according to your needs, especially the base_path and nthreads options, in case you want/need to use a different storage path or more threads to sync the mirror.
   3. In case you want to also mirror arm64 packages, you can uncomment the deb-arm64 statements in the repo list.
3. Add a CRON Job for the mirroring:
   1. Use crontab -e to open the crontab editor using your favorite editor
   2. Add: 0 1 * * * /usr/bin/apt-mirror > /var/log/apt-mirror.log
   3. This will run every day at 1:00, you can of course change this as you want.
4. Run the first mirroring (manually)
   1. I’d recommend using screen for this (or any other similar tool you prefer): screen -S first-mirror
   2. Run apt-mirror and wait until the execution finishes

Regarding HTTPS

There are ongoing discussions on various websites about whether APT should use HTTPS/TLS by default (currently, it does not). I used HTTPS URLs for the mirror in this guide to provide a secure default, but the webserver of the mirror itself (which is assumed to run in the local network) is running with HTTP in order to keep the guide simple. You can find some examples of configuring NGINX for TLS on this blog (for example you could search for 443 to find config examples).

Setting up NGINX

Now that the mirror content is synced, you need a way to fetch the mirrored content from your server. NGINX will be used in this guide together with the fancyindex module in order to render nice looking indexes.

1. Install NGINX: apt install nginx libnginx-mod-http-fancyindex
2. Configure NGINX
   1. Open the default config at /etc/nginx/sites-enabled/default using your favorite editor
   2. Paste the following:

      server {
       listen 80 default_server;
       server_name _;
      
       access_log /var/log/nginx/mirror.access.log;
       error_log  /var/log/nginx/mirror.error.log;
      
       server_name_in_redirect off;
      
       autoindex off;
       server_tokens off;
      
       root /var/www/html;
      
       location /debian {
           alias /var/apt-mirror/mirror/deb.debian.org/debian;
      
           fancyindex on;
           fancyindex_exact_size off;
           fancyindex_header /head.html;
           fancyindex_footer /foot.html;
       }
      
       location /debian-security {
           alias /var/apt-mirror/mirror/deb.debian.org/debian-security;
      
           fancyindex on;
           fancyindex_exact_size off;
           fancyindex_header /head.html;
           fancyindex_footer /foot.html;
       }
      
       error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html;
      
       location /error.html {
           root /var/www/html;
           internal;
       }
      }
      

   3. Don’t forget to update the paths of the alias params in case you changed the path in the apt-mirror config
3. Add the HTML files (I’ll provide unstyled examples):
   1. Add /var/www/html/index.html (replace MIRROR_DOMAIN with the actual DNS name (or IP(?)) of the mirror:

        <!DOCTYPE html>
        <html lang="en">
        <head>
            <title>APT Mirror</title>
        </head>
        <body>
        <h1>APT Mirror</h1>
        <p>This is an APT mirror.</p>
        <h2>Currently hosting:</h2>
        <ul>
            <li>
                <a href="/debian">/debian</a>
                <ul>
                    <li>bookworm</li>
                    <li>bookworm-updates</li>
                    <li>bookworm-backports</li>
                </ul>
            </li>
            <li>
                <a href="/debian-security">/debian-security</a>
                <ul>
                    <li>bookworm-security</li>
                </ul>
            </li>
        </ul>
        <h2>Usage</h2>
        <p>Select the repos you need and add them to your <code>/etc/apt/sources.list</code>:</p>
        <details>
            <summary>Debian v12 (bookworm)</summary>
            <pre>
        # Debian Bookworm
        deb http://MIRROR_DOMAIN/debian bookworm main contrib non-free non-free-firmware
        deb-src http://MIRROR_DOMAIN/debian bookworm main contrib non-free non-free-firmware
              
        # Debian Bookworm Updates
        deb http://MIRROR_DOMAIN/debian bookworm-updates main contrib non-free non-free-firmware
        deb-src http://MIRROR_DOMAIN/debian bookworm-updates main contrib non-free non-free-firmware
              
        # Debian Bookworm Security
        deb http://MIRROR_DOMAIN/debian-security bookworm-security main contrib non-free non-free-firmware
        deb-src http://MIRROR_DOMAIN/debian-security bookworm-security main contrib non-free non-free-firmware
              
        # Debian Bookworm Backports
        deb http://MIRROR_DOMAIN/debian bookworm-backports main
        deb-src http://MIRROR_DOMAIN/debian bookworm-backports main
                </pre>
        </details>
        </body>
        </html>
      

   2. Add /var/www/html/error.html:

        <!DOCTYPE html>
        <html lang="en">
        <head>
            <title>APT Mirror</title>
        </head>
        <body>
        <h1>Error!</h1>
        <p class="lead">An error occurred.</p>
        <p><a href="/">Main Page</a>
        </body>
        </html>
      

   3. Add /var/www/html/head.html:

        <html lang="en">
        <head>
            <title>APT Mirror</title>
        </head>
        <body>
        <h1>APT Mirror</h1>
        <p>Welcome to the APT Mirror.</p>
        <h1>
      

      • This gets cut off at the open <h1> because the fancyindex module will render the title of the folder it’s showing after that and close it.
   4. Add /var/www/html/foot.html:

        <hr />
        <p>Thanks for using the APT Mirror.</p>
        </body>
        </html>
      

   5. Remove /var/www/html/index.nginx-debian.html in case it exists
   6. Ensure the files are not world-writable and belong to either root or www-data
4. Confirm that the NGINX config is valid by running: nginx -t
5. Restart NGINX: systemctl restart nginx

You should now be able to open http://MIRROR_DOMAIN/ (changed to your actual DNS name) in a browser and also view the repo contents. I added example usage instructions into the example index.html, so you can copy the example sources.list contents from there.

The next step would be adding styles to the mirror pages so it looks better, and of course add more/different repos/architectures in case you need them.

I hope this post was useful. If you have any suggestions or found errors please let me know!

🙃

The main motivation for this was the fact that in the default app, three of the four tabs are useless unless you use cloud music, which makes the (previously “preferred”) local library feel like a dropped potato.

Features

Please note that I glance over the main feature which is playing music.

No Ads or Tracking

All with all of my apps, there are no ads, and it doesn’t contain any tracking functionality. The only things collected are the crash logs and installation count that apple automatically collects (there is no way to turn that off as far as I know; If there is a way, as always, let me know please). No screen space is wasted on annoying things and the app does not care whether you’re connected to the internet.

Customizability

You can choose a theme color in the app settings, so the app appears how you like it.

Search

Views like the artists, album, and song lists are searchable.

Library

The “Library” tab currently shows the following:

• The top ten most listened to songs
  • The underlying queue is your Top 100, so if you play the top most played song, you will have 100 of your top songs in your queue.
• Three random songs you’ve never listened to (if songs like that exist) (added in v1.1.0)
  • Same as with the Top 100 you will have up to 100 songs in the queue, but they are randomized each time the library refreshes.
• The ten most recently added albums

(Added in v1.1.0) Queue Management

You can modify the queue and manage what is played later on.

(Added in v1.2.0) Customizable Library

The library tab now has the following sections:

• Best Rated
  • This tab shows the ten highest rated songs in your library and playing a song adds up to 100 songs with a rating over 0 (no rating) sorted by rating to the queue.
• Last Played
  • This tab shows the last played songs in your library sorted by last played date, it also adds 100 of the last played songs to the queue if you play one of the songs.
• Most Played
  • This tab shows the ten most played items in your library sorted by the play count. It also adds the top 100 most played songs to the queue.
• Most Skipped
  • This tab shows the ten most skipped songs in your library sorted by skip count. It also adds the top 100 most skipped songs to your queue.
• Never Listened To
  • This tab shows three random songs you have never listened to. It adds up to 100 songs without any plays in the same random order as shown in the library tab to the queue.
• Recently Added
  • This tab shows the ten most recently added albums.

You can set the visibility and order for each section in the newly added library customization settings.

(Added in v1.2.0) Configurable Song List Sort

Since v1.2.0 the default and current sort order of the song list can be changed in the settings and using the sort order control in the song list navbar.

Depending on the chosen sort order, additional information is shown in the list, for example sorting by rating shows the rating, etc.

(Added in v1.3.0) New Search Experience

The search unifies the previously separate list views into a single tab, and the other lists are now sortable as well.

(Added in v1.3.1) Mini Player Gesture Support

The mini player now supports swipe left/right gestures for next/previous track and swipe up (and/or tap) to open the main player view.

Planned Updates

If you want to help with testing the new features listed below, you can join the TestFlight Beta.

(Currently, there are no features planned, if you need something please send in a request)

Download Link

The app is completely free to use, and can be downloaded on the AppStore.

I hope this app is useful, if not don’t hesitate to tell me the ways I can improve it.

I mean imagine your network is down, you just want to quickly check stuff while restoring it, and then half the screen is taken up by some ad that might not even load in case you’re offline so you’re just looking at a blank screen with a tiny speck of information, if you’re lucky enough that it’s not fully blocked, or you get a “subscription required” screen. Super annoying, to the point where you almost loose interest in fixing your issue, since you must code an app for that first.

Features

No Ads or Tracking

The app shows no ads and doesn’t contain any tracking functionality. The only thing collected are the crash logs and installation count that apple automatically collects (there is no way to turn that off as far as I know; If there is a way let me know please). No screen space is wasted on annoying things and the app does not care whether you’re connected to the internet.

Network information

The app can show network information like the state of the current connection, and the properties of the different interfaces configured on the device.

Since v1.2 the app also can resolve the public IP of your device, although this feature is opt-in since a request has to be sent to a third party to do that.

Ping

You can ping target hosts and view result metrics like round trip time, and responding hostname/address.

Traceroute

You can run an ICMP-based traceroute to visualize the path(s) packets take to a target, with metrics like round trip time, and name resolution of responding hosts.

DNS

You can run DNS lookups for various (or any/all) record types for any domain using either a default (currently 1.1.1.1) or custom name server.

Port Scan (Added in 1.2)

You can run port scans for any domain/ip using TCP, UDP or both with a custom port range, or all ports.

Network Calculators (Added in 1.3)

You can calculate various things like CIDR from a subnet mask, subnet ranges, and wildcard mask. Currently, the calculator can do IPv4 only.

Result Export (Added in 1.4)

The app now has an additional toolbar button that allows to export results as either JSON or “CSV” (separated with semicolon instead of comma) for the port scan and dns lookup.

Planned Features

If you want to help with testing the planned updates listed below, feel free to join the TestFlight Beta.

I currently plan to add or improve the following things:

• Improve DNS results
  • With some DNS responses, the values are formatted weirdly after parsing
  • Some SOA results seem to be duplicated or should be organized differently
• Allow UDP/TCP “Pings”
• Add History/Result Recorder
• Add Result Export (Added in 1.4)
• Add port scanning functionality (Added in 1.2)
• Add network calculators (Added in 1.3)

Download Link

The app is completely free to use, and can be downloaded on the AppStore.

I hope this app is useful, if not don’t hesitate to tell me the ways I can improve it.

You might have noticed that this won’t work the way you probably tried it the first time. I tried something like this:

.my-element {
    width: 100px - 50vw;
}

For me this was completely logical. The width of my element is half the viewport width (50vw) subtracted by 100 pixels. But any browser ignores the second unit (vh in this case) and just sticks with pixels. So the width of my element was 50 always pixels.

TL;DR: There is a calc() function in CSS which does that for you. Just do it like this:

.my-element {
    width: calc(100px - 50vw);
}

Please note that this guide is written primarily for macOS, you might need to adapt some parts on Linux. Disk Utility, for example, is not available on Linux, but you can replace it with gparted or a command line tool to achive the same effect.

Prerequisites

You’ll have to have the following:

• A .iso file of the version of Windows you want to install
• A USB drive, 8GB should be enough
• wimlib
  • Debian package
  • Homebrew package
• rsync
  • Debian package
  • Homebrew package

Creating the USB drive

You can create the USB drive by using the following steps:

1. Open Disk Utility and Erase the USB drive
   • You might need to use “View > Show All Devices” in order to see the target drive itself instead of the volume
   • Use FAT as partition format, and MBR instead of GUID
2. Mount the iso using the following command:
   • hdiutil mount /path/to/windows.iso
   • Replace /path/to/windows.iso with the actual path of the .iso file
3. Copy the iso contents to the drive:
   • rsync -vha --exclude=sources/install.wim /Volumes/NAME_OF_ISO/* /Volumes/TARGET_DRIVE
   • Replace NAME_OF_ISO with the name of the mounted volume (visible in Finder or Disk Utility)
   • Replace TARGET_DRIVE with the name of the target drive volume (also visible in Finder or Disk Utility)
4. Rebuild/split the install.wim archive:
   • wimlib-imagex split /Volumes/NAME_OF_ISO/sources/install.wim /Volumes/TARGET_DRIVE/sources/install.swm 3800
   • Replace NAME_OF_ISO with the name of the mounted volume (visible in Finder or Disk Utility)
   • Replace TARGET_DRIVE with the name of the target drive volume (also visible in Finder or Disk Utility)
5. Unmount the target drive and use it to boot the Windows installer

If you have any improvements or comments, please let me know!

Prerequisites

Let’s get a few things out of the way first:

• I don’t know if and how this applies to an Azure AD setup, I’m talking about a locally hosted Active Directory server
• The account pictures need to be in JPEG format, 96x96px and not larger than 100kb in size
• This apparently doesn’t work on Windows 11 (yet)

Please keep the above points in mind.

Create the group policy

The following steps are necessary to create the required group policy and add the necessary permissions:

1. Connect to your domain controller and open the group policy manager, in there create a new group policy (use a descriptive name)
2. Open/edit the policy and create the required registry key:
   1. Navigate to Computer Configuration/Policies/Windows Settings/Security Settings/Registry using the tree view
   2. Right click into the registry list and create a new key with the path MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users
   3. In the next window grant Full Access to the <DOMAIN>\Users group so that each user can set their account picture
   4. In the “Add Object” window, select Replace existing permission on all subkeys with inheritable permissions
3. Next, navigate to Computer Configuration/Administrative Templates/System/Group Policy and set Configure user Group Policy Loopback Processing mode to Merge
4. You can now close the group policy for now (or leave it open, it’s a multi window os y’know)

Create the updater script

The following PowerShell script should be saved on some accessible path on your domain controller, in my case its located at \\<DOMAIN>\sysvol\<DOMAIN>\scripts\SetAccountPictureFromAD.ps1:

 Function ResizeImage {
    Param (
        [Parameter(Mandatory = $True, HelpMessage = "The image as bytes")]
        [ValidateNotNull()]
        $imageSource,
        
        [Parameter(Mandatory = $true, HelpMessage = "The canvas size can be between 16px and 1000px")]
        [ValidateRange(16, 1000)]
        $canvasSize,
        
        [Parameter(Mandatory = $true, HelpMessage = "The image quality can be between 1 and 100")]
        [ValidateRange(1, 100)]
        $ImgQuality = 100
    )
    
    [void][System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
    $imageBytes = [byte[]]$imageSource
    $ms = New-Object IO.MemoryStream($imageBytes, 0, $imageBytes.Length)
    $ms.Write($imageBytes, 0, $imageBytes.Length);
    $bmp = [System.Drawing.Image]::FromStream($ms, $true)
    
    # Image size after conversion
    $canvasWidth = $canvasSize
    $canvasHeight = $canvasSize
    
    # Set picture quality
    $myEncoder = [System.Drawing.Imaging.Encoder]::Quality
    $encoderParams = New-Object System.Drawing.Imaging.EncoderParameters(1)
    $encoderParams.Param[0] = New-Object System.Drawing.Imaging.EncoderParameter($myEncoder, $ImgQuality)
    
    # Get image type
    $myImageCodecInfo = [System.Drawing.Imaging.ImageCodecInfo]::GetImageEncoders() | Where-Object { $_.MimeType -eq 'image/jpeg' }
    
    # Get aspect ratio
    $ratioX = $canvasWidth / $bmp.Width;
    $ratioY = $canvasHeight / $bmp.Height;
    $ratio = $ratioY
    if ($ratioX -le $ratioY) {
        $ratio = $ratioX
    }
    
    # Create an empty picture
    $newWidth = [int] ($bmp.Width * $ratio)
    $newHeight = [int] ($bmp.Height * $ratio)
    $bmpResized = New-Object System.Drawing.Bitmap($newWidth, $newHeight)
    $graph = [System.Drawing.Graphics]::FromImage($bmpResized)
    $graph.Clear([System.Drawing.Color]::White)
    $graph.DrawImage($bmp, 0, 0 , $newWidth, $newHeight)
    
    # Create an empty stream
    $ms = New-Object IO.MemoryStream
    $bmpResized.Save($ms, $myImageCodecInfo, $($encoderParams))
    
    # cleanup
    $bmpResized.Dispose()
    $bmp.Dispose()
    return $ms.ToArray()
}

$ADUserInfo = ([ADSISearcher]"(&(objectCategory=User)(SAMAccountName=$env:username))").FindOne().Properties
$ADUserInfo_sid = [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value

If ($ADUserInfo.thumbnailphoto) {
    $img_sizes = @(32, 40, 48, 96, 192, 200, 240, 448)
    $img_base = "C:\Users\Public\AccountPictures"
    $reg_key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users\$ADUserInfo_sid"

    If ((Test-Path -Path $reg_key) -eq $false) { New-Item -Path $reg_key } { write-verbose "Registry key exists: [$reg_key]" }

    Try {
        ForEach ($size in $img_sizes) {
            $dir = $img_base + "\" + $ADUserInfo_sid
            If ((Test-Path -Path $dir) -eq $false) { $(New-Item -ItemType directory -Path $dir).Attributes = "Hidden" }
            $file_name = "Image$($size).jpg"
            $path = $dir + "\" + $file_name
            Write-Verbose " Create file: [$file_name]"
            
            try {
                ResizeImage -imageSource $($ADUserInfo.thumbnailphoto) -canvasSize $size -ImgQuality 100 | Set-Content -Path $path -Encoding Byte -Force -ErrorAction Stop
                Write-Verbose " File saved: [$file_name]"
            }
            catch {
                If (Test-Path -Path $path) {
                    Write-Warning "File exists: [$path]"
                }
                else {
                    Write-Warning "File doesn't exist: [$path]"
                }
            }
            
            $name = "Image$size"
            try {
                $null = New-ItemProperty -Path $reg_key -Name $name -Value $path -Force -ErrorAction Stop
            }
            catch {
                Write-Warning "Registry key edit error [$reg_key] [$name]"
            }
        }
    }
    Catch {
        Write-Error "Check the permissions to files or registry!"
    }
} 

Make sure that the permissions of the script allow authenticated users to execute it!

Adding the script to the group policy

The following steps are necessary to add the script to the group policy:

1. Open up the group policy again, or return to the editor window
2. Navigate to User Configuration/Policies/Windows Settings/Scripts (Logon/Logoff) and double click Logoff
3. In the new window, change to the PowerShell Scripts tab and add the path to the script
   • In my case it’s located at \\<DOMAIN>\sysvol\<DOMAIN>\scripts\SetAccountPictureFromAD.ps1
   • If you add the script to the wrong tab, the clients will “freeze”/take ages when logging out!
4. Close the policy editor

Activating the group policy

To activate the group policy and start syncing pictures, you should drag/link the policy to an organisational unit that contains your client devices (not users).

Adding pictures to Active Directory

There are multiple ways to add the profile pictures to the Active Directory user accounts:

• You could open the properties of the account and add an image to the thumbnailphoto property using the UI (never tried that)
• You could use PowerShell:
  1. Put all the images in the correct size and format into some folder
  2. Open PowerShell
  3. Use the following command to load the image into a variable:
     • $ADphoto = [byte[]](Get-Content "<path to file>" -Encoding byte)
  4. Use the following command to put the variable contents into the AD account:
     • Set-ADUser "<username>" -Replace @{thumbnailPhoto=$ADphoto}
  5. You can repeat step 3 followed by 4 for all the users, the variable will be overwritten each time

Testing

To quickly test if everything works, you can login to any connected client that is in the organisational unit where the group policy applies. Run gpupdate in the PowerShell and then log out and back in again. The profile picture should be synced correctly.

Troubleshooting

• If the logoff takes a really long time, make sure that you added the script to the PowerShell Scripts Tab, not the Scripts tab
• If nothing happens, double check the permissions of the script on disk or the registry key in the group policy
• Make sure that Windows is activated, as a non activated windows will not show account pictures

If you have any improvements or comments, please let me know!

I bought my first DJ Controller in 2015 and in 2022 upgraded to a set of two SC6000 players and one X1850 mixer. I have been trying to get around the fenced-in software and customize the units to the best of my abilities ever since, and now finally have reached a milestone that I want to share today.

How we got there

But first things first: How does all that stuff work?

The mixer has a LAN hub (or switch, docs are inconclusive) with four ports reserved for players and one port for an external network or a computer. The mixer uses this to get the current BPM value and maybe other stuff from the players and in addition the players can use the connection to access their connected libraries.

The SC6000 has one feature that I really like: The ability to insert a SATA hard drive so you don’t have to insert your USB stick every time. When using that internal hard drive to sync, you have to reboot the player into what is called “computer mode”. This shares access to the internal drive to the host computer as a mass storage device which is then used by EngineDJ to sync the library to it.

This library consists of the track databases for local and streaming tracks, an optional SoundSwitch project and a “user profile” that contains preset settings for the player, for example which color each layer has.

The choices you have there are more than limited:

Luckily, the EngineLibrary/user.profile file contains the player and layer colors as hex values, better yet: EngineOS actually respects that. Even the X1850 firmware shows whatever color you throw at it!

The user profile

The user.profile file is a JSON file and as such can be edited with any text editor. Here is the color section for player one:

{
  "PlayerColor1": {
    "color": "#ff9000ff",
    "type": 16
  },
  "PlayerColor1A": {
    "color": "#ff9000ff",
    "type": 16
  },
  "PlayerColor1B": {
    "color": "#ff00ffe2",
    "type": 16
  }
}

As you can see, every player has a “base(?)” color and a color for each layer. You can’t change the “base” player color in EngineDJ, only the layer colors. As far as I can tell, the base color is used before anything is selected after bootup and is saved when selecting a user profile (so the first time you start the player with the changed profile the default color will be used, but after selecting the profile, the custom color will reappear after rebooting).

Color codes

The color codes work a bit like reversed Android Hex color codes, where the first two chars are for transparency (and are ff/255 by default) and the other six for colors, in the same rrggbb format that is also used in CSS.

So for example the red color in CSS is #ff0000 (so the red channel is at max, the green and blue at min). Add the transparency values to get #ffff0000, where the fist two characters are the transparency (no transparency/maximum opacity) followed by the six color chars.

Now we can get to changing stuff and seeing what we get from it!

Possibilities

I have recorded a few videos showing what’s possible.

For example, here is a purple and teal color combination:

But you are not limited to colorful colors, here’s proper purple and black (watch the layer ui, it gets a black border):

And of course you can set the transparency chars to 00 to make the color transparent.

Although this has a caveat: It only works in the UI, the jog wheel and layer button will ignore the transparency setting.

To get proper transparent layers, you can set the color to transparent black (the ui won’t get a black border):

Hope this is useful for some 🙂

ps: Huge thanks to YouTube for trying to be like TikTok and putting their damn watermark over the videos, even if you download them as uploader.

If you have any improvements or comments, please let me know!

Prerequisites

I’m assuming that the default remote in these examples is origin and a foreign remote is called remote. As example remote URL I will either use pseudo local paths, random urls or linux because it has infinite collaborators.

The default branch is master and any other branch is mostly called branch. The example tag in these examples is in most cases v1.0.0.

Git Subcommands

git lfs

Git-LFS (Large File Storage) is a git plugin/subcommand that lets you save binary files outside of the git object storage. This saves some space when cloning and works faster. To install it, follow the instructions on the website.

Repository setup

Assuming you want to track .bin files with Git-LFS:

1. Change into project directory
2. Initialize Git-LFS:

   git lfs install
   

3. Tell Git-LFS which files to track:

   git lfs track "*.bin" 
   

4. Add the .gitattributes file and commit:

   git add .gitattributes && git commit 
   

Alternatively, you can skip/speed up step three by putting the following in the .gitattributes file (create it if it’s not there):

*.bin filter=lfs diff=lfs merge=lfs -text

git log

When run with no arguments, git log shows a vi/less style commit history output. But it can also be used for more specific stuff.

Show log for specific remote/branch/tag

The following command can be used to show the history of a specific tag or remote and/or branch:

git log remote/master

Show log for specific subdirectories

You can use the following command if you’re in a subdirectory of a repository and only want to see the local history:

git log -- ./

The -- delimiter is used to make a clear separation between refs and paths. This can also be seen in some git error messages.

git tag

A tag is like a bookmark on a specific commit. Mostly it’s a good practice to tag the version bump commits (if those are made).

Listing tags

While git tags can be seen as an appendage next to the commit id in git log, it’s also possible to show all available tags.

Local tags

I think the command below is self-explanatory:

git tag -l

Remote tags

Listing remote tags can either be done for the default remote:

git ls-remote --tags

Or a specific remote:

git ls-remote --tags remote

Creating tags

A tag can be created like this:

git tag v1.0.0

The tag will now show up in the git history as v1.0.0 which is an often used scheme. Btw have you heard of semver?

Pushing tags

Since git push doesn’t submit patches by default, a flag is needed:

git push --tags

Deleting tags

Deleting tags can be necessary when doing debug stuff (like CI that should build on every tag but there’s a bug in a script of a dependency that only runs on CI so you end up with something like v1.0.0.a.a.a.a.a.a.a.a.a.a.h.e.l.p).

Local tags

Local tags can be deleted quite easily:

git tag -d v1.0.0

Remote tags

When removing remote tags, it’s required to to a push:

git push remote :v1.0.0

You can see more info on this syntax in the section about git push below.

Update: Since git 1.8.0, you can also use the following which is a bit more readable:

git push --delete remote v1.0.0

git push

The push command allows to submit changes to a remote. When used without arguments in a properly set up repository, it will push all new (for the remote) commits on the current branch (or it’s remote counterpart) to the default remote.

Setting a default remote

A default (upstream) remote can be set by running the following:

git push -u remote branch

This sets the foreign remote called remote as upstream that will be used by default when running push or pull. The -u flag can be extended to --set-upstream.

git remote

A remote is in most cases a collaboration server like GitLab, GitHub or Gitea, but it can in general be any local (or local-ish mounted) or remotely (ssh/http(s)) available .git folder.

Showing available remotes

All available remotes can be printed out by running:

git remote -v

Adding a remote

Adding a remote can be done by running the following:

git remote add remote /path/to/repo/.git

When adding a remote remote (haha), a protocol and/or authentication might be required:

git remote add remote ssh://git@example.com:foo/bar.git

Deleting a remote

Deleting a remote can be done like this:

git remote remove remote

Changing a remote’s URL

When a repository was moved or there is some other stuff going on, a remote url can be changed by running the following:

git remote set-url remote /path/to/new/repo/.git

Note that by default, only the fetch url is updated by this command. It’s also default for git to use only the fetch url when a push url is not explicitly set.
In case of local mirrors (see section about git clone below) it might be required to set the push url to the original remote. This can be done by appending the --push flag after set-url (and before the url).

git clone

Cloning means downloading/synchronizing a remote repository to/with your machine. It’s used to get an initial copy of the repository (updating is done with git pull instead).

Cloning in general

Most Git platforms mentioned above support cloning by passing the URL of the repository’s web frontend like the following:

git clone https://github.com/torvalds/linux

This will result in the repository being cloned into the current folder as linux. On some platforms, the URL might look more like https://github.com/torvalds/linux.git. In this case, git will omit the .git extension for the local folder.

Changing the output directory

To clone a remote repository into a folder other than the repository name, you can simply append it. If it does not exist, git will create it automatically. Example:

git clone /path/to/repo/.git ../otherName

The command above will result in the repository being cloned into the parent of the current folder as otherName. You can also specify an absolute path.

Cloning as mirror

In some cases it might be wise to store an exact copy of a remote repository on another place. For instance when the connection to a remote repository is pretty slow or the network has a limited transmission rate.

It can be a good idea to clone a very remote repository onto a more local server and let local clients pull from there.
The remote repository can be cloned as mirror by appending the --mirror flag:

git clone --mirror ssh://user@host:repo.git

The mirror can be kept up to date by running git remote update. This can be intervalled by using something like the following crontab which will update the mirror every fifteen minutes:

*/15 * * * * cd /path/to/mirror && git remote update >/dev/null 2>&1

Advanced Stuff

Below is more advanced stuff. Some of it requires additional software.

Cleaning up messy contributor stats

We all probably had to deal with this at some point: The committer you use in your git hoster is not the same you use locally and suddenly you appear as three different people because you made commits on your local machine, the web ui and maybe some dev system.

You can clean this up by rewriting the git history and changing the duplicated committers to use your desired data. Note that this requires a force push and will open a whole new can of worms when lots of people use the repo!

First install git-filter-repo, and then modify the following command to suit your setup (the callback is python code):

The bytearray("".encode()) at the new_name variable is needed in case the committer name you want to use contains special characters. You could also supply a plain string if your name doesn’t contain special chars.

git filter-repo --commit-callback '                                                                       ⬡ 16.15.0
old_email = b"duplicated_committer@example.com"
new_email = b"real_committer@example.com"
new_name =  bytearray("New Committer Name".encode())

if commit.author_email == old_email:
    commit.author_email = new_email
    commit.author_name = new_name

if commit.committer_email == old_email:
    commit.committer_email = new_email
    commit.committer_name = new_name
'

Note: git-filter-repo will complain when not run on a fresh clone, and will delete your remotes, so you don’t accidentally do weird stuff. You’ll need to re-add them in order to force push after the correction.

If you have any improvements or comments, please let me know!

I got the printer from a friend, so the thing was already fully assembled, used and modified a few times with a few broken cables and loose screws. It still was on some version of the stock firmware and called itself “Omni A8” when booting, hinting to the firmware being quite old.

After watching a lot of different videos and reading probably all of the available blog posts I could find, I settled on a mashup of the methods that were presented because this was the most comfortable way of doing this for me.

Requirements

There are a few things we’ll need to do before the flashing can begin.

Programmer

From the hardware point of view, the A8 alone won’t be enough.

You’ll also need the USBasp flasher. Either for flashing a bootloader that allows you to flash a firmware using the USB port on the printer board or for flashing the firmware directly.

I ordered this one mainly because it was relatively cheap and came in a two pack, which might be important later if you get the cheap ones.

VS Code

Yes, I know it’s garbageware by garbagecorp but I had this installed already for ESP32 stuff before I switched to PlatformIO in CLion and there is a VSC plugin that provides one-click builds of Marlin.

You can download that thing here.

Plugins

Once downloaded and started for the first time, click on the “Plugins” tab (the four cubes where the top right cube is offset) and install the PlatformIO IDE plugin.

After PlatformIO has finished installing (you’ll need to reload the webpage that is the editor) you’ll need to install the Auto Build Marlin plugin.

AVRDUDE

Another required software is AVRDUDE. On macOS this can be installed with Homebrew, on Linux you might have it in your distributions package repository.

Preparations

This section will mostly prevent you from running into problems later.

Updating the USBasp

The first issue I had with all the available guides was that the firmware on the USBasp was too old. This issue will make any upload attempts fail with some sort of sync error.

That’s why it’s good that the flasher I bought came in a two pack, because to update the firmware you’ll need a second one.

If you think that this is already a bit ridiculous, keep in mind that the latest firmware for this thing was released in 2011! 🙈

To allow the firmware upgrade, you’ll need to find two contacts on the USBasp you want to update labeled J2 and bridge them. If you’re lucky those contacts might have pins soldered on them, in my case there were just the contacts so I bridged them with a bit of solder.

Additionally, the jumpers on both flashers must be set to 5V for both of them.

If the all the jumpers are set to the required positions, plug in the cable into both flashers (feels obvious but align the notches, don’t force it the other way) and plug the flasher where J2 is not bridged into your computers USB port.

You can find the latest version of the firmware on this page as of the time this post is written the file to download is called usbasp.2011-05-28.tar.gz.

Extract the contents of this file, then create a new folder somewhere and copy the file /bin/firmware/usbasp.atmega8.<VERSION>.hex from the extracted files into the new folder. Replace <VERSION> with the version of the firmware you downloaded.

Now open a terminal, change into the previously created folder and execute the following command to create a backup of the current firmware on your USBasp:

avrdude -c usbasp -p atmega8 -U flash:r:usbasp-backup.bin:r

This will create a file called usbasp-backup.bin in the current folder.

The next step is to upload the new firmware, again replace <VERSION> with the version you downloaded:

avrdude -c usbasp -p atmega8 -U flash:w:usbasp.atmega8.<VERSION>.hex

This will upload the new firmware and then verify that the written data is correct.

If everything went well you can remove the flashers from your computer, remove the cable from the updated unit and then remove the J2 bridge to disable update mode.

Downloading Marlin

Now we can finally start with the actual printer firmware. First of all you’ll need the firmware code itself.

You can find the latest version on the GitHub releases page. In my case the current version was 2.0.9.1 (this will be important later).

At the end of each release is a list of files, we’ll need the archive of the source code. You can extract it you want, but you need to extract it.

You’ll also need the configuration files, which are stored in a separate repo.
You can find an overview of the available branches on this page, if you downloaded the latest version you can probably find the correct branch in the “Active branches” box.

When clicking on the branch name (which should be release-<VERSION>, where <VERSION> is the version of Marlin you downloaded), you can use the “Code” dropdown to download a ZIP of the corresponding branch.

Extract the configurations anywhere you want, then navigate to /config/examples/Anet/A8 and copy all the files into the Marlin folder inside the extracted Marlin source code (there should be file called Version.h in the same directory), replace any conflicting files!

Configuring the firmware

Now that all the necessary files are downloaded, extracted and put in the right place, we can start configuring the firmware.

To do this, open the Marlin root folder (where the README.md is in) with VS Code using the “Open Folder” button.
You might also need to confirm that you trust the project for all the features to work properly.

Then open /Marlin/Configuration.h.

Thermal Runaway Protection

The first feature that you should enable is thermal runaway protection. This will make the firmware make sure that the temperature measured is rising when a heater is active.
So in case of a faulty, not connected or fallen off sensor the heating stops (instead of getting hotter until everything starts burning).

With the Configuration.h opened, press cmd+f or ctrl+f to open the search box and search for THERMAL_PROTECTION.

As of version 2.0.9.1, there are four lines starting with #define, enabling the protection for HOTENDS, BED, CHAMBER and COOLER. All of these should be enabled (VS Code will color the defines pink and the names blue instead of coloring everything green and the line starts with #define, not with //#define.

Mesh Bed Leveling

Another useful feature is mesh bed leveling which allows you to manually configure zero points (or more precisely their offsets) for nine points on the bed. The printer will then use the resulting offsets to nicely print on a not perfectly leveled bed.

To enable this, search for MESH_BED_LEVELING and make sure the feature is defined.

Leveling Menu Items

To have a menu available in the firmware that will let you level manually, you need to enable the define LEVEL_BED_CORNERS. A few lines below that you can also enable LEVEL_CENTER_TOO if you want a more precise leveling.

Stepper Inverts

Since the printer I got came with a customized extruder, the direction happened to be reversed. The first time I tried to extrude, the filament came out at the top.

This can be fixed by searching for INVERT_E0_DIR and setting this to true to make the firmware change directions.

This might not be needed if you have the stock A8 extruder!

And in case you have other modified motors you can find the corresponding defines for all the motors in the same area of the file.

Building the firmware

Now that all the needed configuration is done the firmware needs to be built. This can be done by opening the “Auto Build Marlin” Tab (the one with the m).

In the opened side menu, click the hammer symbol at the top:

This will open the build tab where you can click the build button for the sanguino1284p environment to start the firmware build:

When the build is finished successfully, the terminal will show output like the following:

Building in release mode
Checking size .pio/build/sanguino1284p/firmware.elf
Advanced Memory Usage is available via "PlatformIO Home > Project Inspect"
RAM:   [===       ]  26.3% (used 4307 bytes from 16384 bytes)
Flash: [========= ]  93.2% (used 118336 bytes from 126976 bytes)
================================================= [SUCCESS] Took 2.95 seconds =================================================

Environment    Status    Duration
-------------  --------  ------------
sanguino1284p  SUCCESS   00:00:02.950
================================================= 1 succeeded in 00:00:02.950 =================================================

You can see the amount of flash that is left over is pretty small. If we start enabling more features we might run out of space.

That is why I decided to not flash any bootloader and simply flash the firmware directly everytime I need to flash a new one.

A successful build will also show a success message:

You can click the folder icon to open the output folder. A file called firmware.hex should be selected as well.

Copy this file somewhere where you’ll find it again and maybe give it a more descriptive name (I like to add the features I enabled and the date to the name).

Flashing the firmware

Now it’s time to flash the compiled firmware to the printer.
To do this, first find the USBasp that has the current firmware on it and make sure that J2 is not bridged and that the power is set to 5V.

Connect the cable to the USBasp and the included 6 pin female adapter (see picture below) to the other side of the cable.

IMPORTANT: Before continuing disconnect the power supply from the printer. Make sure the printer is powered off and not plugged in.

The 6 pin adapter needs to be connected to the middle pins of the JTAG connector on the printer board. The side with the RST pin must face the notch in the socket on the printer board. See the diagram below for reference:

This picture is licensed CC-BY-SA by 3dprint.wiki.

If everything is connected, plug the USBasp into your computer. DO NOT turn the printer on! Leave it disconnected! The printer board will receive power from the USBasp (or more precisely your computer).

Now navigate to the folder with the compiled firmware and start by pulling a backup from the printer:

avrdude -c usbasp -p atmega1284p -U flash:r:flashbackup-anet-a8.bin:r

This will create a file called flashbackup-anet-a8.bin containing the original firmware on the printer.

Now we can flash the Marlin version that was compiled earlier, replace firmware.hex with the name you chose for the compiled firmware:

avrdude -c usbasp -p atmega1284p -U flash:w:firmware.hex

This will flash the firmware to the printer and then read it to verify that the data written to the printer is correct.

If the flashing is complete, unplug the USBasp from your computer and then remove it from the printer board, afterwards you can plug in the printer again and test if everything works.

Final thoughts

After the first boot, you’ll probably see an EEPROM error, this is because the memory gets cleared by avrdude everytime a new firmware is written. You can select reset and press the middle button to initialize the memory.

I know that connecting the USBasp every time you make a change in the firmware configuration is not as comfortable as just plugging in the USB cable but I’d rather have as much space as possible available to the firmware in case I add more stuff to the printer later on.

I hope this guide was useful to you, if you have any problems or additions feel free to contact me.

For completing the guide you’ll need to know your way around a linux shell and its editors. I’ll install vim-nox during this tutorial but of course you can use the already installed nano editor or install a different editor of your choice.

ODROID GO Advance

The ODROID GO Advance is a handheld console shaped similar to a GameBoy Advance.
The device comes with a quad-core Cortex-A35 CPU, 1GB DDR3 RAM and a 320×480 LCD screen. ODROID also provides an Ubuntu based operating system which I’ll be using for this guide.

The initial setup

This part of the guide will probably be completely different if you use a different device. I’d recommend reading it as well, maybe there are still some helpful bits.

Creating the microSD card

The first step in setting up the ODROID GO Advance is to flash the microSD card.
Regarding the SD card, I have tested two cards I had around but some games were slower than the device specs would suggested so I bought a more expensive card with a higher speed class and some games now work a lot better.

When booting the ODROID for the first time after flashing the microSD card, the device will expand the flashed file system to use all the available space, therefore the boot might take a bit longer. You’ll also probably see the pink Ubuntu splash screen which we’ll disable later on so booting and switching applications looks more consistent.

Setting up WiFI

After the device booted the first thing to do is to connect to a wireless network. The ODROID Go Advance has an ESP32 soldered to the board that acts as the network module. It’s not the fastest and doesn’t support modern (5GHz, WPA3) networks so you might have to fiddle with your AP settings if you can’t find your network.

Connecting to a new network can be done by pressing the A button while the “configuration” menu item is selected, then using the D-Pad to select “WiFi” and A to open the network management application.

There might already be a primary network defined which will be selected. Changing selection to the + button can be done by pressing the (outer) shoulder buttons. Selecting is still done with A.

There should now be a list with available networks. Select the network you want to connect to and a dialog box asking for the password should show up. There is a bit of a bug in this dialog because aborting with the x at the bottom left corner will still add the network which has to be deleted manually.

After putting in the password and confirming with the checkmark button, there should be a “play icon” next to the network name to show that it’s connected. To go back to the main menu, the x button has to be selected using the shoulder buttons.

Connecting using SSH

To easily find the IP of the device, open the “network info” application from the configuration menu. Then connect to the device using the username and password odroid (replace <deviceIP> with the IP address):

ssh odroid@<deviceIP>

Installing utilities

To finish the initial setup, let’s update the system and install some useful utilities:

sudo apt update && sudo apt -y upgrade && sudo apt -y install vim-nox htop git

Securing the device

Now let’s continue with securing the device, starting with the most obvious thing.

Changing the password(s)

To prevent other people from connecting to your device, change the password for the odroid user:

passwd

Remember that this user also has sudo capabilities so the root account is basically just as secure as the odroid account!

Securing SSH

To make remote login even harder, SSH can be configured to only allow login for non-root users and only with key based authentication. This can be done by editing /etc/ssh/sshd_config to make it contain the following values:

PermitRootLogin no
PasswordAuthentication no

fail2ban

Although it might be a bit overkill on smaller networks, when you take your device with you and connect to some sort of large or open(ly connected to the internet) network, some people (or bots) might try to brute force your SSH.

To make their life harder, you can install fail2ban:

sudo apt install -y fail2ban

A description on how to configure fail2ban can be found in my post about setting up servers

Installing a firewall

Installing a firewall is a good idea if you don’t plan on using the “Playertoo” feature of the ODROID and plan to use the device in non-trusted networks and/or with non-trusted software. Of course the probability of some software opening unwanted ports on the ODROID is pretty low, but it’s never zero and the firewall doesn’t use that much energy.

UFW is a pretty easy to use IPTables based firewall script, it can be installed by executing:

sudo apt -y install ufw

Before activating the firewall, we’ll need to make sure to allow SSH access to not lock ourselves out:

sudo ufw allow ssh

Then the firewall can be activated:

sudo ufw enable

This command will warn about possible disruption of SSH connections which has to be confirmed by entering y. After this, the command should finish with Firewall is active and enabled on system startup.

Now let’s check the firewall status:

sudo ufw status

You’ll see that currently only SSH (port 22) is allowed for IPv4 and v6. More rules can be added by executing ufw allow followed by the port number or service name.

For my setup, SSH is enough.

Logwatch

If you want to go really overboard, you can also install logwatch to receive periodic log analytics via email. This requires that you save the credentials to the mail account on the unencrypted SD card “anyone” could access easily so this also opens other holes.

You can find the instructions in my server setup post. The only thing that should not be followed in those instructions is creating the cronjobs for reasons I describe below. The deletion of the cronjob installed by APT should still be done!

The problem with the cronjobs is that they won’t be executed if the ODROID is not running. Since I want the log analytics only once a week, the probability of the system not being turned on during the cronjob trigger is very high. To mitigate this, I start the cronjob using anacron which will execute the cronjob on system boot if an execution was due while the system was off.

This can be done by adding the following content to the /etc/anacrontab file:

# days	delay	identifier	command
  7	    2	    logwatch	/usr/sbin/logwatch

The delay in the config will give the device (2 minutes) time to connect to a wireless network after boot.

SMB

By default there is also an SMB service running (which will be blocked by the firewall in case it it active). I don’t consider SMB as secure so I disabled it using:

sudo systemctl stop smbd && sudo systemctl disable smbd

Final tweaks

The next few things are not really focused on security, more on the convenience of using the device.

Removing Ubuntu Advantage

Ubuntu Advantage is some Enterprise management software which doesn’t makes sense on a handheld device. It can be removed by running:

sudo apt purge ubuntu-advantage-tools

Disabling the ubuntu spash screen

When booting or shutting down the system and when changing emulators, there is a purple Ubuntu splash screen shown.

It can be turned off by changing the arguments given to the kernel at boot time. For this, we’ll first need mount the boot partition:

sudo mount /dev/mmcblk0p1 /mnt

Now the file /mnt/boot.ini can be edited. In this file, in the line starting with setenv bootargs, there are the arguments quiet splash.

When splash is removed from that line, the purple splash screen is hidden. When quiet is removed, the system will show log messages at boot.

After the changes are made, the boot partition can be unmounted and synced:

sudo umount /mnt && sync

After a reboot, the splash and/or the messages will be shown depending on the changes you’ve made.

Transferring ROMs

While transferring roms can be done using SCP or SMB, I would recommend to do this using a microSD Adapter (and a Linux host that can read extFS) or inserting (and mounting) a USB Stick into the ODROID because the WiFi Adapter (an ESP32) is pretty slow.

Transferring using a microSD Adapter on my ThinkPad resulted in a 5x faster transfer compared to using WiFi.

Backups

Since ODROID releases any updates as a new .img file rather than simply using the package manager already present on the system, I’d recommend only backing up the /roms and the /home/odroid folder.

This of course means that this guide has to be walked through again after each update. In my opinion it’s still worth it because you never know what got changed with the update. And yes, you could look, but (from my point of view) walking through this guide again is faster than inspecting the new .img and comparing it to the current version on the SD card.

Finishing the setup

Now that the device is fully configured, the last step missing is to reboot:

sudo shutdown -r now

That’s all for now. If you have any more suggestions to make or experience problems, don’t hesitate to write me, I’ll update this port accordingly!

I hope this was useful, have a nice day!

If you have any improvements or comments, please let me know!