Lopez Workshop

An Elmer is a mentor and coach to new amateur radio operators. Since ham radio has a great tradition of knowledge share and support, I made this website sharing technical insights and tips in a variety of areas. The following links go directly to posts in the relevant areas:

Five most recent posts

• 01 Aug, 2022 Recognizing a NodeMCU in the Arduino IDE on Linux

  More obscure tech support. These posts are for people to fix weird problems...and for me to remember how I fixed it last time. This time, the trouble was with NodeMCUs being recognized in a Debian Linux distribution, like Ubuntu.

  By this time, you've found this posting, you have found all the website that tell you how to install the NodeMCU library into the Arduino IDE. You have also tried several different USB cables, updated Linux, tried to install drivers, but turns out they were for Windows, and tried to find drivers for Linux (only to find they are already installed).

  Problem

  The NodeMCU will not show up in the Arduino IDE as a device you can upload to. Specifically, the line that says "port" is shaded out and you can't select anything.

  Solution

  This is a two part solution. Maybe one part works, but I didn't both and then it worked so here are both.

  First, the port belongs to a user group called "dialout." If your user is not a member of "dialout," you probably won't have permission to write to the port, which uploads to the NodeMCU. Open a terminal window and type this:

  sudo usermod -a -G dialout $USER

  Reboot the machine. Try it out and it probably still won't work. What you might see if that when you plug in the NodeMCU, the port shows for a second and then it grays out again. This is because there is a program called BRLTTY running that interferes with the NodeMCU trying to establish a port. To overcome this, you need to remove BRLTTY. Do not worry, you won't need it unless you are blind. BRLTTY is a background process that pushes the linux terminal to a braille display. To uninstall BRLTTY, type this in a terminal window:

  sudo apt purge brltty

  Try the Arduino IDE again and I'll bet you can choose a port for the NodeMCU. Now that is obscure.

• 01 Aug, 2022 NodeMCU vs Arduino

  Which one should you use for your next project?

  I'm a big fan of the Arduino family of products. They are inexpensive, easy to program, simple to setup, and reliable. There is a gigantic community of support around them. Most problem you run into can be solved by simple Google searches.

  However, recently I wanted to gather some temperature data and save it on a website to read on my phone. While researching how to interface my Arduino with the web, I found this device called the NodeMCU. These tiny chips have WiFi, a faster processor, more RAM, can operate at lower power, and cost less. Check out the table below for all the other ways they are better. On top of that, you don't have to switch from the Arduino IDE ecosystem. Simply import the ESP866 library into the Arduino IDE and your Arduino programs will upload and run on the NodeMCU.

  Technical Specs for the NodeMCU ESP8266 and Arduino UNO R3

  Function	NodeMCU ESP8266	Arduino UNO
  Microcontroller	Tensilica 32-bit Xtensa LX106	ATmega328P
  Flash Memory	4 MB	32 KB (0.5 KB is used for Bootloader)
  SRAM	128 KB	2 KB
  EEPROM	Not Available (512 bytes Software)	1 KB
  CLOCK Speed	80 MHz or 160 MHz	16 MHz
  Operating Voltage	3.3V DC	5V DC
  Input Voltage	7-12 DC	6V-20V DC
  Current consumption	15 µA – 400 mA	45 mA – 80 mA
  DC Current per I/O Pin	12 mA	40 mA
  Digital IO Pins	17	14
  Analog Input Pins	1	6
  UARTs	2	1
  SPI	2	1
  I2C	1	1
  PWM	4	6
  WiFi	Yes	No
  Bluetooth	No	No

  COST

  You can also get these boards for much less than your typical Uno R3 clone. Current prices for Arduino clones run \$12-\$18, but you can buy six NodeMCUs for $19 right now.

  If you have a project where you'd like to interface sensors with online data logging, like sending weather data to Thingspeak (and who doesn't want to do that??), then check out the NodeMCU.

• 01 Aug, 2022 Obscure Tech Support: New install on Raspberry Pi has a blank screen

  Sometimes I'll have a problem that takes me forever to search for a solution. I find it, make the fix, then promptly forget the solution. Next time it happens, I perform the search all over again.

  Problem

  Recently, I installed Raspbian bullseye onto a Raspberry Pi 4. On bootup, the system would resize and then restart. After the restart, text would briefly flash across the screen with the logo. Then, the rainbow screen would turn on, and then nothing. The system would freeze with a line cursor at the top left of the screen.

  You are probably having this problem, too. A lot of people are and there are a bunch of websites with lists of 5, 10, 15 things you can do to fix the problem. None of them worked for me. I went through countless forums posts. None of them helped. Eventually, I fixed and it and here is the secret.

  Solution

  After the system has resized on the SD Card and the system is frozen, turn off the system and remove the SD Card from the Raspberry Pi. Insert it into a working computer and open the boot drive on the SD card. Open "config.txt" in a text editor.

  Scroll down to this section:

  # Enable DRM VC4 V3D driver
  dtoverlay=vc4-kms-v3d
  max_framebuffers=2

  Comment out the dtoverlay line, so that it looks like this:

  # Enable DRM VC4 V3D driver
  #dtoverlay=vc4-kms-v3d
  max_framebuffers=2

  Save and try it in the Raspberry Pi again. It should work. If it doesn't, happy searching.

• 27 Sep, 2020 Top 5 Cyber Security Concerns for Amateur Radio Operators

  There were 14 data breaches each day of 2018 and 19 each day in 2019. 15 billion records were lost last year. A few years ago, you could populate a good infographic with a year’s worth of high-profile hacks. Nowadays, all it takes is one day. If you got your hands on this document, you may have heard me talk about computer security. Thanks, I hope you enjoyed it and learned a few things. To help you put some of it into practice, I created this little guide with some of the most important tips from my talk. In order of importance, here are my top five cyber security tips for amateur radio operators.

  Tip 1: Protect Against Malicious Free Software

  Amateur radio operators use a lot of free and open source software. Much of this software comes from questionable sources. People you may not know and have never met. Some examples are executables downloaded from links on Groups.io, PDFs posted on eHam, or Word and Excel files exchanged via Google Drive boxes. More often than is comfortable, open source projects have been discovered to be vehicles for malware. From ransomware, crypto currency mining, to plain information stealing, free software sometimes comes with extra “features” that make it a bad deal.

  We all need to use free and open source software as amateur radio operators. We can’t avoid it, so my number one recommendation is to keep that stuff off your computers that have sensitive financial and personal data. Invest in a cheap second laptop or desktop that runs a modern operating system. Linux, Windows 10, and MacOS all fit the bill. Using a second system to run all your ham software will mitigate the damage if you accidently end up with malware.

  Another recommendation is to always double check that you’re downloading software from the author’s official website. A simple way to do this is to search for the software with your favorite search engine. I’ll usually check Wikipedia for the correct link and cross-reference that to other search results to make sure they’re all pointing to the same place. It is not foolproof, but offers more assurance than clicking a random link fed to you on a discussion board.

  If possible, double check the software hashes (MD5 or SHA1) to make sure that the software you are downloading matches what the author posted. MD5 and SHA1 hashes are mathematical calculations that the computer performs on the entire file to come up with a unique string of characters. Theoretically, no two programs should have the same hash. Authors post the hashes of their files so users can check that they have received an unaltered file. 

  Tip 2: Secure the Network That Connects Radios to the Web

  Connecting your radio to the Internet directly, through Teamviewer, or Remote Desktop Protocol opens your network to outside connections. Radios directly connected to the web are Internet of Things devices, similar to Alexa, Roku, or your web-enabled refrigerator. IoT devices have a bad reputation for being full of vulnerabilities that are left unpatched. Consider banishing them to their own untrusted network. If a hacker takes over an unpatched device on your home network, it is generally easy to pivot and invade your PC.

  A Y Router Configuration uses three routers to create two isolated networks. Put your sensitive computers on one and your untrusted IoT devices and ham radio computer on the other.

  Once you secure your home network, look at how you connect on the road. Free WiFi is convenient, but risky. Anyone could be listening to our data on these unsecured connections at coffee shops and hotels. When you have to do work in hotels, consider turning your cell phone into a hot spot instead of using the hotel’s insecure connection. Think of wireless security in three layers. The first layer is the connection to the device. When you go out, try to only connect to WiFi that requires a password and says “secured” when connected. The second layer is the type of web connection. Use HTTPS connections in the browser search bar. Anything with “http” is NOT encrypted. Missing both of these layers, your communications are easily intercepted and read. If you are really worried, the third layer is using a VPN service, which creates a secure tunnel back to a trusted network. However, take care in choosing a VPN provider. Do research to ensure the company you choose has a good reputation and can be trusted. The more paranoid may choose to use a solution like outline.org or create their own VPN. Services such as Outline allow you to host your own VPN server for $5/month.

  Tip 3: Limit the Use of Old Software and Hardware

  Amateur radio has a tradition or reusing old equipment. Reuse is great, but it is best to avoid reusing old computer equipment that will be connected to the internet. This includes computers, routers, and phones that no longer received security updates.

  Whether it is Microsoft Windows, Mac OSX, Apple iOS, or Android, turn on Automatic Updates and always download the most recent updates as soon as they come out. If you have Windows 7 or older, know that you have an insecure system. Only Windows 8.1 and 10 continue to receive security updates and are safer to connect to the Intenet. The nice thing about these new versions of Windows is that they include antivirus right out of the box. There are also free antivirus programs like Avira or AVG Free. I also recommend using a browser that automatically updates, like Firefox, or Edge. Chrome is off my list because it tends to use more memory than other browsers, causing the computer to get sluggish after a while. There have also been increasing privacy concerns with Chrome. Mac OSX does a decent job updating applications automatically, but Windows could do better.

  Mobile phones also need to be current with security updates. With easy access to your email, contact list, Facebook, text messages, PayPal, and maybe even your bank accounts, a crook could take over your life with your phone! Here are several things you can do to make your phone more secure.

  1. Most phones require at least a 4 digit code to open, but is that really enough to protect everything you hold dear? Increase it to 8 or more characters for better security.
  2. Turn on two-factor authentication for your Apple ID and Google IDs. These will make it more difficult for an attacker to take control of your mobile devices.
  3. Connect the phone to your computer and back it up.
  4. Install security updates immediately to ensure you are protected from the newest vulnerabilities. Remember that your phone’s usable lifetime ends when it stops receiving security updates. Once the updates stop, your device has a compromised immune system. Recently, Google made a change requiring all new Android phones to receive security updates for two years. That’s great if you are a new owner. Apple has set the standard though. The iPhone 5S received security updates from September 2013 to September 2019, a total of six years after it was released.
  5. Do not jailbreak your phone and only download apps from the Google Play store, Apple App Store, or Amazon App Store. Jailbreaking is talked up as a way to get extra features out of your phone, but you have to install untrusted software in order to do it. Once jailbroken, you have no idea how secure the phone is and you should not use it for anything you want to keep private, like email or banking.
  6. Tweak your privacy and security settings. Every few months, a new blog post comes out helping people ensure the newest version of their mobile operating system is secure. You can search for those posts for the full story, but here are some tips to get your started.
     1. When you download or update an app, look closely at the permissions it is asking for. Does the app really need those permissions? Consider that there are several flashlight apps in the Google Play store that ask for access to your pictures, GPS location, and full network access. What does any of that have to do with a flashlight? When an app asks you for permission to access information or phone functionality, be careful. Does Twitter need access to your contacts? Does Facebook need to know your location?
     1. Limit what is visible on you lock screen. If a stranger gets hold of your phone, is it a good idea for them to see emails and texts without knowing your code?
     1. Use a mobile ad blocker like Purity to limit ads.
     1. Don’t let your Android phone install apps from unknown sources.
     1. Use an Android antivirus program.

   

  Tip 4: Surf the Web Smart

  If you are going to surf the web, your best option is to use a Chromebook or tablet. They are less likely to get infected by viruses and do a better job isolating applications from each other. If you must use a computer or laptop, use a fully updated browser, preferably one that automatically updates like Firefox. Now that Mac and Windows also automatically update, Edge and Safari will work, too. I suggest adding an ad blocker to your web browser. Many of the year’s sneakiest attacks showed up as ads on websites! The uBlock Origin extension gets great reviews.

  Email links and attachments are some of the easiest ways to be compromised. If you get a link, hover over it to inspect it before clicking. Is it going where you thought or is the domain name misspelled or unrecognizable? You could be one click away from having a completely compromised computer. I usually copy the link and paste it into the browser to see where it is going BEFORE pressing enter to go there.

  If you get a call from a company or see a popup on your screen that says you have a virus on your computer and a phone number to call, it is fake. This is the common Tech Support Scam. While we’re on the subject, the IRS doesn’t call threatening to arrest you. They also don’t send emails. Do not give sensitive information to anyone who calls you. Find the company’s phone number and call them back yourself.

  Tip 5: Use strong passwords and two factor authentication

  Good passwords are long, can be remembered, and are only used on one website. The more often you reuse passwords, the more vulnerable your accounts become. A breach of any one site will compromise them all. Instead, use a password manager (with a really long master password) to store your unique passwords. Well known password managers are 1Password, Lastpass, and KeePass. A recent study showed that poetic passwords were easiest to remember. Consider that the following password is long, contains capitals and special characters, and is easy to remember: The RAIN in SPAIN falls MAIN-ly in the PLAIN. Recent guidance from the National Institutes of Standards & Technology (NIST) says that passwords should be longer phrases that contain different kinds of characters instead of just short and complex. NIST also says that you only need to reset your password when it is forgotten or compromised.

  Many websites can require two factors of authentication before giving you access to your account. The types of authentication factors are:

  1. something you know (password)
  2. something you have (cell phone, tablet), and
  3. something you are (retina scans, fingerprints).

  Typically, the sites use a password and send a text message code to your cell phone. Text message is better than nothing, but the latest advice is to use an authenticator application instead. Authenticator applications generate the codes within your phone, so you don’t need to receive a text at all. Google Auth and Authy are two well known ones. It is a really, really good idea to turn this feature on for every account that has it, especially banking and email. To see companies that offer two-factor authentication, go to twofactorauth.org.

• 27 Sep, 2020 Ham Study Resources

  For those of you who haven’t tested yet, there are many resources out there to help you study for the tests. One thing that is interesting to know is that all test questions are part of FCC published regulations. It is feasible to actually memorize the answers to everything, but I think that would be more work and certainly less educational than studying ham radio for understanding. Here are the study materials that worked for me. When I was studying for my Technician license, I used the Ham Radio License Manual to do all the studying. It gives a nice narrative explanation of all the laws, rules, and science around amateur radio. This book is available for around $25. You can also check out https://www.kb6nu.com/study-guides/ and you’ll find the no-nonsense ham radio study guides. These are short booklets that cover the bare minimum for each license. You can pay for physical copies or download the PDFs for free.

  It worked for me to read through the technician guide after reading through the manual, then take some practice tests. Free practice exams are available at https://hamexam.org. Remember that if you pass your exam, you can take the test for the next level. You might as well do this because there is no extra fee for taking the next level exam. I ended up taking the next exam and barely passed, so got my Tech and General license on the same day.

  The Amateur Extra exam covers a lot more material and I didn’t leave myself as much time to study, so I signed up for hamtestonline.com. This program costs money, but combines studying and practice testing together. As you learn, you’re constantly tested to check your retention. The system goes over your weak areas until you’ve mastered everything. After you can reliably pass practice tests on the site, you’re ready to take the real exam. I studied at least an hour a day for a few weeks before the exam.