Ubiquiti’s mPower ships with ancient Dropbear 0.51 and no forced command support

Bane of all hardware products — software updates.

The exciting mPower and mPower PRO power strips that I am otherwise happy with are, even in the latest firmware version, sadly shipping with an ancient version of Dropbear. This means no command restriction in authorized_keys file.


In hopes that their firmware release engineering processes are such that swapping one Dropbear version for another will not take too much effort, I’ve opted to file a support request, upon which I was directed to post a request on the forums.

Sadly, I don’t think I could even work around this with multiuser support and putting together a .profile, given that this device is not really built for multiuser use. (That is, it seems to have one user, root, which may or may not be renamed. For example, in /etc/passwd, uid 0 on my devices is called ivucica.)

If they do, hopefully they opt for the latest release, as apparently 0.52 and later had security vulnerabilities exactly with command= restriction.

Stopping Gajim from autostarting OTR end-to-end encryption

Is Gajim auto-negotiating OTR? Does that annoy you by preventing server-side message archival and message carbons being delivered to other clients you use?

  • Go to Preferences (hit ctrl+p).
  • Go to Advanced tab
  • Under Advanced Configuration Editor click Open.
  • Use search to find ‘autonegotiate_esessions’ and ‘enable_esessions’ options
  • For each account, click on value ‘Activated’ to toggle it into ‘Deactivated’.

I definitely want the option to initiate crypto via GPG and OTR. I don’t want it started automatically and preventing other useful archival that I do on my self-hosted hardware.

Streaming to YouTube Live with VLC and FFMPEG

Let’s say you’re on OS X. (If you’re not, substitute the path to VLC executable with /usr/bin/vlc or just vlc; you could even use cvlc).

if [ ! -e "${VLC}" ] ; then
"${VLC}" "${PATHTOFILE}" --sout '#transcode{vcodec=FLV1,acodec=mp3,samplerate=44100}:std{access=rtmp,mux=ffmpeg{mux=flv},dst=rtmp://a.rtmp.youtube.com/live2/'${STREAMID}

I’ve seen a variant where vcodec is h264, acodec is aac and also vb is set to 1000.

If you want to use FFMPEG instead:

./ffmpeg -re -i "${PATHTOFILE}" -vcodec libx264 -preset veryfast -maxrate 1984k -bufsize 3968k -vf "format=yuv420p" -g 60 -acodec libmp3lame -b:a 96k -ar 44100 -f flv -s 1920x1080 rtmp://a.rtmp.youtube.com/live2/${STREAMID}

Where do you get the STREAMID from? Create a YouTube Live event in the Creator Studio, then create a ‘custom ingestion’, then read the settings:

YouTube Live stream id

Let’s say you haven’t been running your stream for months. I’m only guessing about what is actually happening, but the logical explanation is that something is garbage-collecting the ingestion settings without telling the UI about it. Error as follows may happen:

VLC media player 2.2.1 Terry Pratchett (Weatherwax) (revision 2.2.1-0-ga425c42)
[0000000100302968] core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
[000000010038a3f8] avcodec access out error: Failed to open rtmp://a.rtmp.youtube.com/live2/ivucica.aaaa-bbbb-cccc-dddd
[0000000100389aa8] stream_out_standard stream out error: no suitable sout access module for `rtmp/ffmpeg{mux=flv}://rtmp://a.rtmp.youtube.com/live2/ivucica.aaaa-bbbb-cccc-dddd'
[0000000100389838] core stream output error: stream chain failed for `transcode{vcodec=FLV1,acodec=mp3,samplerate=44100}:std{access=rtmp,mux=ffmpeg{mux=flv},dst=rtmp://a.rtmp.youtube.com/live2/ivucica.aaaa-bbbb-cccc-dddd}'
[000000010050f648] core input error: cannot start stream output instance, aborting

If that is the case, go and create a new custom ingestion. Or create a whole new stream. Then use the new ID where appropriate.

n.b. As of August 2015, if you’re just playing with streaming, Ustream seems to start streaming (and thus provide useful feedback) far faster than YT Live.

Gajim causing kernel lockup on startup

Specifically, Gajim’s use of python-crypto (or something similar) has been causing the kernel to lock up for me, months ago. 100% repro rate: I would launch Gajim, and kernel would lock up on the relevant core even before Gajim showed the first window.

Trying to pinpoint it using strace, it was actually an attempt to read /proc/brcm_monitor0. I have no idea why it would try to read it, but once it did, kernel would lock up on one CPU core (seen by examining dmesg), and slowly other CPU cores would follow.

Given that I don’t actually need the Broadcom wireless card on my desktop machine (at least ever since I wired up my room), I’ve just blacklisted the wl module:

$ cat /etc/modprobe.d/blacklist-IVUCICA.conf
blacklist wl

Ubiquiti mPower PRO (EU): First steps after unpacking

I’ve been happy enough with my mid-range mPower (EU edition) that I bought an mPower PRO (again, EU edition). I finally got around to unpacking it and setting it up.

mPower mini, mPower and mPower PRO are Ubiquiti Networks’ IP power outlet product. They run Linux on them. There’s web UI, and it’s also easy to SSH into the device out of the box (username is ubnt and password is ubnt). This makes the device easy to script for: all power use statistics and remote control are exposed as files in /proc/power. An app for Android exists as well.

I purchased the mPower PRO simply because I needed a few more plugs to control. Difference between mPower and mPower PRO is that the latter has six instead of three plugs, and it has both WiFi and an ethernet port (all smaller models have just WiFi).

Since my previous post was originally written in August 2014, I discovered that a newer firmware has a nicer web UI, and changing the default username and password is not really a problem anymore either. So I ended up flashing the device, then factory-resetting it. Given how nicer web UI is important to me, this means this will be the first step with my today’s setup of mPower’s “bigger brother”.

Unboxing and connecting

The box contains the device, a wall-mount and a small manual. I’m interested in just the device, of course.

First difference is that mPower PRO will not bring up a wireless network you use to set it up. Instead, you must connect it via the ethernet port. This is fine; I’m happy that I lucked out and had an extra ethernet cable lying around.

mPower PRO picked up an IP address over DHCP immediately. To find out what to punch into the browser, I just looked at my router’s DHCP leases and saw what device is outside the statically-assigned range (I hand out IP addresses based on known devices’ MAC addresses). I then added the new MAC address to the list of known ones, and assigned a new static IP to it. (By the time I am writing these lines, the original lease expired and the device already has the new IP address.)

Upgrading firmware

This mPower PRO shipped with v1.2.6 firmware, which means I have to use the manual upgrade method. So I’ve downloaded the 2.11.1 firmware and:

scp firmware.bin ubnt@  # RFC-5737 example IP range \o/
ssh ubnt@ -t /sbin/syswrapper.sh upgrade2

Password is, as previously mentioned, ubnt. This will take a while. Don’t unplug the device while it’s being flashed. After a few minutes you’ll probably get something like Write failed: Broken pipe. This is fine.

In future, you can use web UI to flash an upgraded firmware.

Logging in and changing password

If your device is at, then just visit and log in with username ubnt and password ubnt. You probably don’t want others to be able to log in with the same credentials, so change them as soon as feasible.

On the System tab, next to the field ‘Administrator Username’ and its value ubnt, there should be a small icon of a key. Click on it. Then, change the administrator username, enter the old password ubnt, then enter the new password twice. Then click the ‘Change’ button which is above the ‘Management’ section and below the ‘NTP’ section. You’ll get asked whether to apply the changes. Do apply them.

Hooray! mPower PRO is sufficiently ready for basic use. At some point I’ll go ahead and assign port names which doesn’t seem to be doable through web UI.