Documentation

Volvo S60: Headlight Unit Replacement

My 2003 S60 had a chip in the headlight lens, which over time, expectedly, developed into a crack.

This documentation details how to replace a headlight unit on Volvo S60's up to 2003 (there are some slightly different mountings on models from 2004 onwards). The procedure is more or less the same for both sides

The entire process doesn't take long, at most it should take a couple of hours

Read more ...

OpenVPN, Network-Manager and max-routes

Network-manager, simply, sucks. But sometimes you have little choice but to use it.

Unfortunately, despite a bug being sat idle for some time, Network-manager-openvpn doesn't support various OpenVPN client options such as max-routes. Unfortunately, if your OpenVPN server is pushing more than 100 routes, this is sufficient to prevent you from connecting at all.

This documentation details a way to work around that limitation. It's dirty and hacky, but so far, is the only solution I've found

Read more ...

Configuring LetsEncrypt on a CentOS 6 NGinx Reverse Proxy

For those who haven't come across it, LetsEncrypt allows you to obtain free DV SSL Certificates but requires a server side script to be run periodically in order to renew the certificates (for better or worse, a 90 day expiration period has been used).

Although the provided script has plugins to allow support for automatically generating SSL certs based on NGinx and Apache configurations, the script assumes that the server is the origin and that the relevant docroot is available for writing to.

In the case of a reverse proxy - this won't be the case. We want the certificate on the Reverse Proxy (being the endpoint the client connects to) but the websites files are hosted on another server.

This documentation details a simple way to work around that on a NGinx reverse proxy (it should be possible to adjust the config for Apache's mod_proxy if needed).

Read more ...

Volvo S60: Overrun Alternator Pulley

I had an issue recently on my S60 - when the car was first started from cold, there'd be a rhythmic thumping noise from under the bonnet.

Lifting the bonnet, the auxilary belt tensioner was jumping backwards and forwards as slack came into the belt and then was taken up.

Further investigation showed that the Alternator Pulley had started to fail - modern alternator's no longer use a solid flywheel, instead using a clutch-based pulley called an Overrun Alternator Pulley (or OAP). The pulley manufacturer (INA) recommend that it be changed whenever the aux belt is changed.

My aux belt had been changed at the result of an emergency cambelt change (following a water pump collapse). Unfortunately, in VIDA, Volvo list the pulley as a separate service item, rather than listing it as being part of an aux belt change, so the garage missed it.

Because of the time it took to track down and obtain a suitable pulley, the belt was pretty badly chewed by the time I was able to swap the pulley, so I opted to change that as well.

This documentation details the steps required to change the alternator belt and pulley on a Volvo S60 (D5 engine). All images should be clickable.

Read more ...

A Practical Demonstration of what IPB will allow

There have been numerous write-ups of the threat that the Draft Investigatory Powers Bill poses to our privacy and security.

The intention of this post is not simply to repeat those, but to provide a practical demonstration of exactly the kind of information that the proposed powers would compel your Internet Service Provider (ISP) to record.

As well as demonstrating what an ISP would soon be collecting (and how simple it is to extract), we'll look at the issues the IPB presents in the context of the information we've extracted.

As the IPB isn't exactly explicit about exactly what it allows, especially in terms of techniques, I've made some assumptions (though I believe their fair and reasonable).

Most of the results were exactly what I expected, but I think describing them explicitly is probably more helpful than not - to that end, I've tried to keep the language as accessible as possible, as those who understand how tech works at the network level are unlikely to find much of surprise here.

Read more ...