Thursday, 11 November 2021

Mirabella Genio Power Plugs - Teardown / Open



This range of plugs can be sourced from Kmart or BigW for about $25-$30 AUD.

Mirabella Genio Wi-Fi Power Plug with Energy Monitoring (I002931) Kmart $25 Mirabella

Mirabella Genio Wi-Fi Double Power Plug with USB Ports (I002932) Kmart $29 Mirabella

New design

The new variety of Mirabella Genio Power Plugs lack screws and are now glued. With a bit of persistence, you can open these with a box cutter and small spatula or similar opening tool.

Mirabella are still using the TYWE2S is this design which is compatible with Tasmota.




Unfortunately these devices run the new Tuya firmware, which prevents using OTA tuya-convert to flash Tasmota or ESPHome.


WARNING - DISCLAIMER
Proceed at your own risk. This information is provided as a guide and you take full responsibility for any harm or damage that may result. Opening any mains powered device should only be done by a professional. I accept no responsibility for any malfunctioning devices as a result of this tutorial. This process will void warranty of the device. Proceed at your own risk.

Opening


Run the boxcutter around the outside, then use the spatula to carefully break the glue.

Once you have separated the sides, insert a the spatula just under the step a lift up. The corners can be a bit stubborn. Release both sides before trying to separate fully.

My favourite is the iSesamo from mymagmat.com, but you can find similar on ebay for half the price.



ISesamo - Ebay













Flashing

Only method available is serial. The TYWE2S IO can be accessed after unscrewing the PCB and separating the backplate. There is sufficient cable length to gain access.


Please see the other blog posts for flashing process.

Tuesday, 18 May 2021

We are sorry, but you do not have access to Please contact your organization administrator for access.

We are sorry, but you do not have access to <service Name>. Please contact  your organization administrator for access.

If you are a Google Workspace user and you see this message, it means your Google Workspace admin has turned off the a Google service for your account .

To resolve the issue, contact you Google Workspace admin or where you are the admin, please consult this article 

https://support.google.com/a/answer/182442?hl=en

Click a service name below for instructions (requires an administrator account).



Google Workspace


Additional Google Services


Google Workspace Marketplace Apps
Calendar
Google Chat
Cloud Search
Directory
Drive
Gmail
Currents
Groups for Business
Jamboard
Keep
Google Meet
Google Voice
Google Sites
Classic Sites
Tasks
Classic Hangouts
Vault

Blogger
Brand Accounts
Google Ads
Google Analytics
Google Cloud
Google Domains
Google Earth
Google Maps
Google My Maps
Google Payments
Google Photos
Google Play
Search and Assistant
Search Console
Web & App Activity
YouTube
Other...

Any Google Workspace Marketplace app



We are sorry, but you do not have access to google maps. Please contact your organization administrator for access.



We are sorry, but you do not have access to google maps. Please contact  your organization administrator for access.

We are sorry, but you do not have access to google maps.



If you are a Google Workspace user and you see this message, it means your Google Workspace admin has turned off the Google Maps service for your account.

Google recently made a change in Workspace admin:


"When the Google Maps service control is set to off, users are prevented from using Google Maps when signed into their Workspace account."


To resolve the issue, contact you Google Workspace admin or where you are the admin, please consult this article https://support.google.com/a/answer/6304830?hl=en





 

Saturday, 27 March 2021

How to Flash Tasmota onto a Arlec Grid Connect Smart Plug-In Socket PC190HA from Bunnings

 

About

The Arlec PC190HA is a cost effective smart socket that is Tasmota compatible. The socket uses the TYWE2S module based upon the ESP8266.

This socket can be purchased from Bunnings individually for $17.50 or in a 4 pack for $60.

Downside of this unit, is Arlec have introduced Tri-Groove Security screws, which is rather uncommon and does make opening this unit a little more difficult, but not impossible. More about this later.


Tri-Groove Security Screw


Replacing the firmware

Arlec like many other manufactures have updated the Tuya firmware. Frustratingly this means the OTA update method via Tuya-Convert is no longer an option. Efforts are still ongoing to fix this, but there is no ETA.

The alternative is to flash via serial using a USB to TTL Serial Converter and Tasmotizer (Windows).



HW-417 USB to TTL Serial Converter

Opening the PC190HA

To get access the TYWES2 requires opening the socket. At this point I remind readers;

WARNING - DISCLAIMER
Proceed at your own risk. This information is provided as a guide and you take full responsibility for any harm or damage that may result. Opening any mains powered device should only be done by a professional. I accept no responsibility for any malfunctioning devices as a result for this tutorial. This process will void warranty of the device. Proceed at your own risk.

With that out of the way opening the PC190HA will require a Tri-Groove screwdriver or similar.

Make your own Tri-groove screwdriver

As I couldn't find a local supplier, I opted to fashion my own from a spare Allen key (~4mm or 1/8") and a common triangular file.

Process isn't as difficult as it seems and even a rough tool will be sufficient to remove the screws. Below was my first attempt and I was successful in removing the screws. 



To fashion the Tri-Groove tool, place the Allen key into a vice and simply file a V from the middle of every second flat side. Position the file at a ~45 degree angle.

With any luck the tool will be sufficient to remove the screws. The top case is secured by three lugs which can be overcome by hand.



Flashing

The PC190HA uses the common TYWE2S module and is relatively easy to get access to the serial port pads. The rear cover will need to be removed to expose the IO0 pad on the TYWE2S. Remove the single Philips screw in the centre of the PCB.


Solder on jumper wires.





To successfully flash the TYWE2S the USB TTL converter needs to be connected supplying 3.3v. Also  IO0 needs to be pulled to ground, at initial power on only.

Make sure your USB TTL converter is set to supply 3.3v, not 5v.


The approach I used was to split off an additional ground wire and hold it on the IO0 pad, while connecting the USB TTL converter.

Open Tasmotizer, Select the USB port.


Select Release and optionally backup original firmware.
Note: you can preload the WiFi and other configuration detail if you so choose.

Click Tasmotize!



If flashing was successful, unsolder the jumper wires and reassemble. I opted to keep the Tri-Groove screws, but you can replace with similar Philips head screws if needed.

Setup

By Default Tasmota will present as an AP. My preferred option is to use a phone to connect and configure the WiFi. Once it is connected to your WiFi use Fing (Android app) to locate the device IP and connect to the web interface at http://192.168.4.1

Arlec PC190HA Tasmota configuration

Refer to the Tasmota Devices database at https://templates.blakadder.com/arlec_PC190HA.html

Template: {"NAME":"Arlec-PC190HA","GPIO":[0,0,0,0,320,0,0,0,224,576,32,0,0,0],"FLAG":0,"BASE":18}




Sunday, 14 July 2019

Google Vault: Are shared files discoverable?




Google Vault: Are off domain shared files discoverable in Vault?


Recently a question about Google Vault was put to me in the G Suite product forums where I contribute under Google's Product Experts Program.


We are setting up Google Vault for our organization. Using me as an example, say my wife, who not a part of our organization but who has a personal Google account, shares a Google Doc for a household grocery list with me at my work address. Are you saying that that document would be then searchable by Vault administrators, since it was shared to my work account? [link]

Normally Google's Help Center is the place to go for most answers, but I was unable to find an article that covers this specific question. This article goes close but does specifically talk about the drive content owned by an off domain user.

So how does Vault handle this?

Testing

Test #1: Discover shared Drive content by off domain owner.


  1. Login as a consumer gmail account.
  2. Create a Google Doc
  3. Share it directly with a G Suite user in a domain with Vault enabled.
  4. Login as G Suite user and confirm I can view the shared file.
  5. Login in as an Admin to Vault and search for the Google Doc.

Test #1 Result: Files shared by off domain user (owned) are discoverable in Vault.

Test #2: Discover unshared content by off domain owner.


  1. Login as a consumer gmail account.
  2. unshare the above Google Doc
  3. Login as G Suite user and confirm I cannot view the shared file.
  4. Login in as an Admin to Vault and search for the Google Doc.

Test #2 Result: Files unshared by off domain user (owned) are no longer discoverable in Vault.

Test #3: Discover publicly shared Drive content by off domain owner.

  1. Login as a consumer gmail account.
  2. Create a Google Doc
  3. Share it publicly (link).
  4. Login as G Suite user and use the link to confirm I can view the shared file.
  5. Login in as an Admin to Vault and search for the Google Doc.

Test #3 Result: Files shared publicly (by link) by an off domain user (owned) are not discoverable in Vault.

Test #4: Discover publicly shared Drive content by off domain owner and "Add to My Drive..."


  1. Login as a consumer gmail account.
  2. Create a Google Doc
  3. Share it publicly (link).
  4. Login as G Suite user and use the link to confirm I can view the shared file.
  5. Add the Doc to "My Drive" via the "Add to My Drive..." Option
  6. Login in as an Admin to Vault and search for the Google Doc.

Test #4 Result: Files shared publicly (by link) by an off domain user (owned) are discoverable in Vault, if the G Suite user adds the file to their Drive .

Test #5: Discover publicly unshared content by off domain owner after it's removed from My Drive.

  1. Login as G Suite user, select the Doc and "Remove from my Drive".
  2. Login in as an Admin to Vault and search for the Google Doc.

Test #5 Result: Files are not discoverable in Vault.



Summary

Key findings:

  • Files owned by users outside the domain and shared directly with G Suite users are discoverable.
  • Discovery is only possible while sharing remains enabled.
  • If the owner revokes the sharing, discovery is no longer possible.
  • Files publicly shared, must be added via "Add to My Drive" for discovery to work.
  • Removing the file from "My Drive", will stop discovery.

Considerations:

  1. Vault will not provide visibility to data leakage via files owned by off domain users.

    Potentially a malicious actor could establish a Google consumer account, create and share a file with an G Suite user. Then dump data into that file and unshare, without Vault showing a record of that.
  2.  External parties sharing Drive files or Google Docs with G Suite users must be aware G Suite admins can access via Vault. 

Wednesday, 5 July 2017

Office 365 Exchange online Outbound email blocked by Spamhaus (CBL)

Seems MS can't give a straight answer, but users on some trials are reporting difficulties with sending email (internal and external) due to transport restrictions enforced by MS.

MS uses the Spamhaus CBL to match IP in the header of the sending device. X-Originating-IP

Generally block lists are used for abusive SMTP/email servers, but MS are using it against Exchange clients (Outlook / Active Sync and OWA). Presumably to kerb spammers abusing the trial.

Error

Resulting in a NDR

Remote Server returned '550 5.7.501 Service unavailable, Client host blocked using Spamhaus. To request removal from this list see http://www.spamhaus.org/lookup.lasso (AS16042849)'

The NDR will contain the IP of the actual device where the message was generated, not the Exchnage server IP, as it the case with some other platforms.

X-Originating-IP: [1.125.48.104]



The Fix:

Modify the default connection filter to allow these IP's

  • Use the EAC to edit the default connection filter policy - detailed here
  • Use powershell to add multiple (max 1273) subnets (max subnet size /24)
PS> $UserCredential = Get-Credential

PS> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection


PS> $sn=@{Add="1.124.0.0/24",
"1.124.1.0/24",
"1.124.2.0/24",
...<snip>...
"1.127.255.0/24"}

PS> Set-HostedConnectionFilterPolicy “Default” –IPAllowList $null
PS> Set-HostedConnectionFilterPolicy “Default” –IPAllowList $sn

Links

Telstra Mobile IP's - http://wq.apnic.net/apnic-bin/whois....AINTERNET49-AU
Powershell command ref above - https://technet.microsoft.com/en-us/...xchg.160).aspx
EAC - IPAllowList Limits - https://technet.microsoft.com/en-us/...or=-2147217396

Monday, 24 April 2017

Goodbye Map Maker Hello Local Guides

Map maker maybe gone...

but here is Google Maps - Local Guides


Anyone can be a Local Guide. Bring friends when you enjoy a meal, go on a hike or explore your neighbourhood. Don't forget to take pictures and review exciting new finds.

Spread the love, get some back

As a Local Guide, you’ll help others explore the world and get great benefits in return. It’s a win-win. Every place you improve on Google Maps earns you points toward unlocking something new.

Get started Now