One Weird Trick to Make Your Air-Conditioner Better

Those of you who read my last post know that I find summers a bit… hot. Ever since my first summer in Germany I’ve considered my trusty air cooler essential for my survival. Well, this week, with temperatures soaring to 35 degrees celsius, I had to get an upgrade.

Except that I didn’t buy the Commando 8 with 12.000 BTUs of raw cooling power, but the Comfee MPPH-07CRN7, a portable air conditioner with only 7.000 BTUs (roughly 0,5 Refrigeration Tons) of raw cooling power, for the princely sum of 199 EUR from Media Markt. It was a decent deal, exept that I thought I could carry home myself, before I saw the size and weight of that thing and had to pay more for a taxi to come and pick me up and drive the both of us home.

Setting it up just enough to get it to run was not incredibly difficult. The unit comes with a small plastic pipe to drain condensate water, and a big white flexible plastic air duct that you’re supposed to use to blow the hot exhaust air straight outside your house. I put a big bowl beside the unit where the condensate could drain out to, but the exhaust hose was a bit more tricky.

The unit comes with two ways to mount the exhaust hose: a wall mount for the ducting pipe, to use which you literally drill a 15cm diameter hole through your exterior wall and connect the duct there, and a window adapter, which you can fit into the frame of a sliding window and connect the duct to that, for a less violent solution to your exhaust woes. Unfortunately, I have a casement window (ones that swing open), so neither was going to work for me.

The first couple of nights, I used the window mount panels to cover up just enough of the window so that I could jam the exhaust pipe between the panels and the window frame, closed the window shutters above it, and stuffed a bedsheet to cover up the remaining gaps. I did however, order this: a casement window sealing kit. It’s basically a sheet of polyester that attaches to the frame and casement of your window using velcro, and then has a zipper down the middle which you can open to let the exhaust pipe through. Once that arrived, I attached it to my window, and I was ready to go.

Except not quite.

Unfortunately, there’s one giant problem with this setup - it’s grossly inefficient. And I absolutely hate inefficiencies. And because I know something’s not quite right, I can’t rest until I’ve fixed it.

Without going into too much detail about how air conditioners work - there’s an excellent video on that - there’s an important detail. Air conditioners have a hot side and a cold side. In a window AC, the hot side sits outside your window, drawing in air from the outside atmosphere, running it through the radiator to draw away the heat, and then dumping that hot air into the outside atmosphere, again. In a split AC, the hot side is a separate unit that sits somewhere outside your house, and connects to a cassette or indoor circulator through sealed coolant pipes.

The cold side, importantly, simply recirculates air inside the room, passing it through the cooling fins to take away heat from the air and thus cool it down. The cold air inside the room does not leave the room.

Except in a single-duct portable air conditioner.

Now portable air conditioners necessarily have to have both the hot and cold side in the same unit, and keep them both indoors. This is fine, as long as the unit is well insulated, and you’re using outside air to cool the hot side. Unfortunately, that last bit doesn’t quite work out with a single-duct portable air conditioner.

In a single-duct portable air conditioner, there only is one single duct, and it throws the hot exhaust from the hot side outside the room. But where does the air come from, you ask? Well, it’s using the air inside the room, which it just spent so much energy cooling down. Also, because it’s throwing cold air outside the room, it creates negative pressure inside the room, and this vaccuum gets replaced by warm air rushing into the room from every single crack and crevice that allows air to get into the room.

It’s so catastrophic, single-duct portable air conditioners should just be illegal, especially when the solution is so damn simple: dual ducts.

So I set about converting this unit into a dual-duct unit - one duct to take in fresh outside air, run it through the hot side of the unit, and then the second duct to throw the hot exhaust out.

And this Comfee unit makes it really easy. The hot side has only one air intake, a 26cm square grille right at the bottom of the unit. So I bought another ducting pipe from Amazon, fashioned an airbox out of some cardboard and, well, duct tape, and insulated the inside with some cotton wool padding covered with aluminium foil:

The Cardboard Airbox

Then I used more duct tape, along with some foam padding that came with the unit to tape the airbox to the hot side intake grille, and ran the pipe to the outside using the same window:

The Airbox Attached to the Unit

As you know, hot air rises, so I’ve kept the intake pipe on the bottom, pointing slightly downwards. Also the intake pipe is just plastic and not insulated, so it really won’t be nice if it manages to take back any of the hot air that’s going out. The exhaust pipe, the one that I bought additionally isn’t exactly insulated, but it is double layer, with a reflective aluminium inner layer covered by a PVC outer layer, so it shouldn’t get too hot and radiate the heat back into the room.

The Unit, Positioned Correctly

The Ducts

And that’s it. Now I can stay cool, knowing that I’m not damaging the environment nearly as much as I would have been if I didn’t make the dual-duct conversion.

Until next time!

An Air Cooler For The 21st Century

I’m going to start this post with a giant warning and disclaimer. Do not, under any circumstances, attempt to reproduce what I’m about to describe in this post unless you independently know exactly what you are doing. This post describes wiring up things to work with mains electricity, which will kill you if you make even one miswiring, or accidentally scrape an exposed metal surface that you’re supposed to stay away from. Publishing this post does not constitute an instruction on my part for you to go reproduce this, and if you choose to do so out of your own free will, I do not take responsibility for any results, short-term or long-term, including any personal injury, death, or loss of property that may occur as a result.

With that out of the way, let’s begin. In the summer of 2017, my first summer in Germany, I was forced to make a rather big purchase: an evaporative air cooler. Temperatures had spiked to over 30 degrees celsius on occasion, and I was actually managing to get sick from the heat. An evaporative cooler was both a practical and an economical solution to the problem. I could wheel it around, it didn’t take too much power, and I could put some frozen salt ice bags or orthopaedic gel packs into the water tank to cool the water down on those extra hot days.

For two summers, this worked great. On the third summer, the pump broke down.

Pretty much everywhere in Germany, the water is very hard. Calcification in the water tank, which I had neglected for the most part, had finally destroyed the submersible aquarium pump inside that pumped water into the evaporation mesh. So not only did I have to clean the water tank and flush out the piping with descaling fluid, I also had to replace the pump. So for the first time, I opened up the cooler, took out the pump and cleaned up whatever I could.

The first shock I had was when I looked at the label on the pump to find its ratings so that I could order a replacement. The pump ran directly off a 220V mains supply and was submerged in the water tank, where I had dipped my hand into on multiple occasions to check the water temperature while the pump was running. This was never going to do, so I ordered a 12V DC pump this time, with the same flow ratings, and something I found on Amazon called a 12V LED Transformer, which looked like it had what I wanted: a 220V AC input, a 12V DC output and rated for about 680mA of current. I double-sided taped the power adapter inside the dry section of the cooler, connected the new pump, and stayed cool for the most part of that summer.

But towards the end of that summer, this arrangement also failed. The pump was basically always running, even with the main unit switched off, which meant that the main control electronics had failed somehow. Additionally, when I took apart the unit again and inspected the “LED Driver”, it turned out it was using a capacitor divider to step down the AC voltage and then using a single diode to rectify it, plus an additional filter capacitor on the output. The voltage divider capacitors were leaking, and the pump was again calcified all the way through, so it would again need to be replaced.

So I had to consider: throw this one away and buy a better cooler, or try to replace the control electronics and get this unit running again? I briefly considered the first option, but my unit had adequate performance, it was the right size and the main fan worked. I also didn’t want to add more waste to a landfill somewhere. Also, I’m an electrical engineer by education (sort of anyway, my degree is in Computer Science & Engineering), so I should be able to fix this, right?

Anyway, the challenge was on.

The Teardown

The cooler was made somewhere in China, branded and sold as an in-house product by Conrad Electronics here in Germany, and I couldn’t just go out and order a new logic board from somewhere. I’d have to build my own control electronics, so the task I had on hand wasn’t particularly easy.

So I began by tearing down the whole cooler. The first thing that I started inspecting was the main fan motor. Now I know that wiring up AC motors isn’t easy (you need starter capacitors and special drive electronics to create enough torque to get the motor spinning in the right direction), and I assumed that the motor would be an AC induction motor and I’d need to buy a variable frequency drive to control the fan speed. What I found out was that the motor had 4 wires coming out of it, and it already had a capacitor built in, so none of those four wires needed to be wired to a capacitor.

My first instinct was that this was a 3-phase motor and one of the wires was for grounding the metal body. That assumption was quickly proven wrong when I realised that the whole unit just had a 2-pin plug for the mains supply. None of this was grounded.

Then I looked at the label on the motor. The wire colours were marked as L, M and H, and the black wire was COM. Could it really be that simple?

The Wiring Diagram for the Main Fan Motor

Turns out, it was. Apparently these motors are 3-speed AC motors of some sort, and these types of motors are pretty common in air conditioners and coolers, and even table fans which only have 3 speed settings. I should have guessed, since the control panel on the top of the cooler only had 3 options for “wind speed” - low, medium and high. And what’s more, wiring them up is dead simple: you just plug the COM (common) wire into the mains neutral, and then connect the mains hot line to whichever speed you want. I wouldn’t be able to control the speed of the fan on a continuous range, but I would definitely be able to change the speed easily.

The Starter Capacitor on the Main Fan Motor

The next bit was the swing motor - a small motor attached to the vent slats in the front of the unit that swung the air direction from side to side. This was also a 220V AC motor, and about the size of a hockey puck. It had just two wires, so you’d only need to plug it in to mains the usual way.

The Swing Control Motor

The third component was of course the pump. I’d be buying a new one anyway, and I had the freedom to choose what voltage I wanted. I left that decision for later. Also in the water tank was what looked like a floating switch, which was mounted deep inside the tank, right at the bottom. This was the tank empty sensor, and with some multimeter testing, I figured out that this was normally open, and closed when floating. So wiring this up would just be a matter of connecting one side to the microcontroller voltage, one side to the input pin, and pulling the input down.

With all of this out of the way, I could finally turn my attention to the logic board itself. And this is where I got my second shock: apart from a tiny buck converter that supplied the tiny microcontroller on the board, the entire board was 220V AC. Not only that, there was no isolation, no grounding, and the switching elements were MAC97A6 triacs. Yes, that’s a triac in a TO-92 package (the same package you’d find BC547s in) switching mains electricity into a pretty hefty fan motor. No wonder this thing failed.

The Tiny Triacs Switching Mains Power

I’d do much better.

Shopping For Parts

I was never going to use triacs, especially such tiny ones, for switching mains power. From the very beginning, I planned to use relays. So the first item I went shopping for was a relay board. I needed at least 5 channels (3 for the different fan speeds, one for the swing motor and one for the pump), so I found a 8-relay board that I quite liked on Amazon. While it’s not mentioned in this product page, there’s a bunch of similar products (they all come from China and are likely made from the same design), and they had some nice properties that I loved: the inputs to the relays were opto-isolated (so you won’t kill your microcontroller with rush currents when actuating the solenoids), and while the relays required 5V DC for the switching, because the inputs were isolated they also worked with 3.3V logic inputs (just remove the jumper between the VCC and JDVCC pins on the bottom right of the board and supply 5V straight from a power supply to JDVCC). It’s also worth mentioning that the inputs are active low (if you’re using the normally open side of the relays, they’re active high if you’re using the normally closed side).

The next item on my list was the compute element. Now most sane people would use an Arduino or some sort of microcontroller. I needed something a bit more versatile. For what its worth, I have a few smart home accessories at home, and I’m more or less a full-time Apple user at this point. All my smart home devices are HomeKit compatible, and I wanted to be able to yell at Siri to control my cooler. So I needed something that would be comparitively easier to program, would have enough oomph to run a server to respond to HomeKit Accessory Protocol - which, by the way, is now a fully open protocol so anyone can create non-certified accessories and even create control apps for non-Apple platforms - requests and had WiFi. So of course, the only logical choice was a Raspberry Pi. I chose a Raspberry Pi 3 A+ - it’s smaller than the regular models but still has the full GPIO array, has only 512MB RAM (which seems enough, I mean, do I really need a 4GB air cooler), and is, most importantly, really cheap - at just 27 EUR.

Now that the Raspberry Pi dictated the DC voltage in the system (5V), I went ahead and ordered a 5V pump, and this time I ordered a rather hefty power supply (rated for 10A), because I’d be supplying the pump, powering the relays and of course powering the Pi from this supply, without any additional filtering.

To round up the shopping, I ordered some jumper cables, a new power cable with a grounding wire, a plastic project case (there wasn’t enough space inside the cooler housing to fit all the additional electronics and wiring, so I decided to put everything in a separate box and fix it to the side of the cooler), and some 3M VHB Tape. If you’ve never heard of, or used VHB tape before, let me tell you a few things about it. VHB tape is your foam based double-sided tape, but it’s no run of the mill double sided tape. This thing is actually aerospace grade, and is used in aircraft and spacecraft to hold things together. Once attached, none of this is coming off, except when you actually want it to come off, at which point you can remove it without leaving any residue behind. Your locally store-bought “extra strength” double-sided tape is nothing compared to VHB tape, and you really shouldn’t have an engineering toolbox at home without some VHB tape in it.

Most of the construction is held together with VHB tape, including suspending the heavy power supply from the underside of the enclosure lid, attaching the electronics box to the side of the enclosure, and the submerged pump. The submerged pump is really why I had to use VHB tape - while I could have used the cheaper Tesa extra-strength stuff for the other things, I only trust real VHB tape to hold its strength underwater.

Wiring And Programming

I’m not going to go into too much detail about wiring except talking about the principles I followed. I also won’t go into too much detail about the programming for the simple reason that all the code is available for you to see on my GitLab account, but again I’ll talk about principles.

Let’s start with the wiring. The Raspberry Pi’s GPIO is 3.3V, and wiring up 5V relays to it is going to let out the magic smoke pretty quick. For this reason, having isolated inputs to the relay board comes in quite useful. I can wire up JDVCC to the 5V from my power supply, and wire up the GPIO directly to the inputs on the board, supplying VCC from the 3.3V pins on the Raspberry Pi itself. I don’t even need a separate 3.3V power supply.

Wiring up the tank empty sensor / switch also doesn’t actually need a pull-down resistor, because the pin can be pulled down in software. So again, just connect one end to a 3.3V pin on the GPIO, and the other end to your designated input pin.

I used the normally open side of the relays of course, and wired each speed of the fan to a separate relay (taking care in software that only one of these relays is activatable at any given time). These relays can switch both 5V DC and 220V AC (like all normal mechanical relays), so even the pump is switched with one of the relays.

On the software side of things, I initially started by using Python, with the built-in (to Raspbian) RPi.GPIO package to control my GPIO pins. I built a JSON API, and then a web app to work with this JSON API and turn individual elements on and off. I used Homebridge to bridge between the API and HomeKit. This never really worked well, and this multi-service architecture was needlessly complicated and I was never fully confident that there were no bugs, given that Python code was never statically analysed during compile-time (there is no compile-time).

The Web UI, Work In Progress (TM)

So I learnt Go.

Re-writing the control software in Go was probably the most fun I had while working on this whole project. Go is so incredibly easy and fun to write (once you stop being annoyed at the enforced gofmt code-styling rules - which for some people I can see taking years). I went from not knowing Go at all to having a reimplimentation of my driver in 4 hours, the complete API in 24 hours, and it took me another day to implement the HomeKit bits, hooking directly into the driver and not bothering with the API. So now I have a Web UI, HomeKit integration, and a statically checked daemon that controls everything.

I used go-rpio to be able to control the GPIO pins. You can theoretically control your GPIO with just echo and cat by writing into and reading from the correct files under your /sys/class/gpio - and here’s an article in German explaining how to do that - but go-rpio memory-maps the /dev/gpiomem file and uses that to write directly into the bits of the CPU address space that control the GPIO pins, which also means that you don’t need to be root to run the driver and daemon, you only need to be part of the gpio group.

The Home App on macOS

I used hc to be able to expose a HomeKit interface. HomeKit is conceptually a really simple protocol - an accessory has one or more services which it exposes, and every service is composed of different characteristics. If you want your device to be controllable by the Home app on iOS and macOS (and by yelling at Siri), you need to choose from a few Apple-defined combinations of accessories, services and characteristics. I decided to expose the cooler as an Air Conditioner, implementing the Heater-Cooler service, and implementing most of the optional characteristics. hc‘s built-in accessory and service classes only implement the mandatory characteristics, so most of my code in hapservice.go is defining and building up my own service and accessory class.

The Home App on iOS

The finaly bit of Go magic that I used was Goroutines. Goroutines are lightweight threads that are incredibly easy to implement (you just write a normal function with the go keyword preceeding it), and it took me about 5-10 lines of code to write a Goroutine that checks the water tank status every second and shut down the pump if it is running while the tank runs dry.

And finally, there’s the toolchain. Programming on a Mac and building for 64-bit ARM/Linux is simply a matter of setting the correct environment variables. I also strip the binaries and UPX-compress them (Go does produce some gigantic statically-linked binaries by default). My build command-line is something like:

$: GOOS=linux GOARCH=arm64 go build -ldflags="-s -w" && upx binaryname

Of course, this is only for test builds. I have GitLab CI set up on my repo, so every time I make a commit, it builds a new version of the binary within a minute and offers it up for download.

In Conclusion

I’m currently really happy with the way the cooler now works, and I find myself exclusively using HomeKit to control it. The Web UI definitely needs some work, and I might end up adding scheduling features to it, or automatic control based on the weather outside. I will definitely add a few temperature sensors - one for the water temperature, one for ambient temperature, and one probe right in front of the fan to measure effective wind temperature.

Because Go produces statically linked binaries and I need no operating system dependencies to run them, I was finally able to move to an Aarch64 (ARMv8) distribution, currently running Ubuntu Server 20.04. Yes, my cooler runs Ubuntu and I don’t know how I feel about it. Amongst other things (like having a more recent kernel and packages than Raspbian and being 64-bit), I also found it really easy to set up the network for first boot so that I never needed a monitor and keyboard and could just SSH in right after plugging the SD card in and turning on the machine. I also set up systemd-resolved to expose Multicast DNS so that even with a dynamic IP I can address my cooler with its hostname. The only thing I currently don’t like about Ubuntu Server is its forced use of Netplan, but I don’t know if I’m bothered enough to replace it with NetworkManager yet.

The Cooler, with the Electronics Box

I hope you enjoyed reading about what I did during my ‘Rona lockdown, and remember kids, mains electricity is dangerous. Do NOT try this at home.

My Days in Munich Are Numbered

I moved to Munich in January 2017, fresh out of university. Actually, I was still in university when I moved - I did my final semester abroad, a 6-month internship at eGym GmbH, where I made software running on smart fitness equipment. It’s been a year and nine months since, and as I write this, this chapter of my life will come to a close in another fifteen days.

I’m leaving Munich, and I can’t wait.

It was a cold, snowy night in January - I actually remember the exact date and time; 23:27 on the 14th of January, 2017 - when I stepped off the TGV from Paris at München Hbf, and immediately felt a chill wrap around my heart. A very different chill from the negative temperatures. A chill that I now know is of a city that doesn’t care. Extremely prosperous, terrifyingly efficient, but the furthest away from a warm, caring place I could call home.

I tried really hard though. I ignored this feeling for the better part of a year, chalking it down to loneliness, culture shock, and telling myself I’ll be able to survive here once I’ve adjusted to this, and as the days went by, my ability to shut it out and deal with it did get better. But did I want this? I’m 23, young, free and armed with a degree and specialised knowledge that I can (I hope) make world-changing developments with. I really didn’t want to waste my 20s changing myself into the cynical, uncaring monster I’d need to become to be able to live in this city. I came here an optimist, an aggressive dreamer who could do anything he set his sights on, and above all, a passionate carer who put people above all else, and I was well on my way to changing and becoming the complete opposite. Once I’d come to that realisation, however, I decided this was enough. I’d be damned if I was going to let where I live change the very person I am.

Munich doesn’t deserve me. There are better places in this world where I can put myself to good use.

So once I could look past the false attraction of city that only worsened my own identity crisis, and muster the courage to write off the sunk investment, I started looking for a new job outside this city. And I found one, in the best place I could hope for: Heidelberg.

When I visited Heidelberg for my interview, the city spoke to me. It’s about as big as the town in India where my university is located, and is home to just 150,000 people, just enough to feel like I’m part of a close-knit community. A quarter of the city’s populace are students; indeed the city houses Germany’s oldest and one of its best universities, one that has produced no less than 56 Nobel laureates since its founding during the Roman Empire. And just under half of the populace have an immigration background.

The city is also drop-dead gorgeous. Heidelberg is a long town, situated on both banks of the Neckar, which in turn is surrounded by hills. The Baroque architecture in the old town gives the city a distinct character, and oh, there’s a giant castle, right in the city center.

But what really makes this city stand out is the people. It too was a cold, snowy day when I came to the city to interview for my job. But the smile and the curiosity of the shopkeeper at the bakery where I bought my breakfast wasn’t the standard fake hospitality industry expression. The friend who took it upon himself to give me a car ride from the station and make sure I was calm and in the best state of mind for the upcoming interview, and for that matter the prospective landlord who actually picked me up from Mannhiem and drove me to Heidelberg to show me the apartment, and then drove me around the city to show me around afterwards, simply taking pleasure in helping someone out - this is the kind of person I strive to be, and these are the kinds of people I want to be surrounded by. And in Munich, neither could I be this person, nor could I find someone like this to hang out with - in fact, I was actively discouraged from being this person.

A big reason for the move to Germany was because of specific experiences with German people that I personally had. People in KDE who first helped me hone my technical skills and then my social skills. People who came up to me in San Francisco - where I was at a developer conference - and said “Hey, you’re Indian right? Happy Diwali!” People who knew nothing about me whatsoever, heard that I was moving to Germany, took me aside for two whole hours and told me about life in their country, things I should be careful about, things I should do and things I should not. After all of that, the experience I had in Munich was nothing short of shocking. I often wondered, where the people who made me want to move here were. Because they definitely weren’t where I was.

I’ve finally found out.

And in fifteen days, I’m finally going to be in the Germany that I came here for.

Ramen

Like every other person who lives in India, eating Maggi was a constant in my life. Maggi is a brand of instant noodles that didn’t come from India - it came from Switzerland and the brand was acquired by Nestlé in 1947 - but Maggi might as well be India’s national food. They say India is a collection of 36 different and very diverse groups of people, united by one foreign language. I submit to you that they’re also united by one foreign brand of instant noodles.

In India, Maggi is not just food, is an emotion. It is an established part of our culture, even the national identity. In a country that doesn’t have a lot of rich people, it feeds a lot of hungry kids after they get home from an exhausting session of football or cricket or what have you with their neighbourhood gang in the evening, and it is the staple diet in every single university dorm in the country - in fact, universities which do not allow cooking equipment inside the residence buildings for students for safety reasons will still have a few microwaves here and there, so that the students can make Maggi when they can’t cook anything else. Even street food vendors sell Maggi in some form or another.

At its core, Maggi is just instant noodles and a sachet of seasonings (the Tastemaker, as it’s called). Back in my childhood days you’d only have two varieties of Maggi, Chicken and Masala (the vegan variety), and at some point they added a third one (Tomato). Now there’s more varieties of Maggi than years I’ve existed on this planet, but there’s not much basic difference - boil noodles in water, add the seasonings, and you have a bowl of noodle soup. So you soon learn to add toppings, spices, and even change the way you prepare the noodles, and there is a very real prestige of being the mom who makes the best Maggi in the neighbourhood, measured by whose house the whole gang heads to for their food after their evening playtime.

In India, there’s Maggi. In the rest of the world, there’s Ramen.

You might know of Ramen as a Japanese noodle soup, but the Ramen is the noodle itself. Ramen is springy and bouncy, and it turns out that way because the noodle is made by making the dough with something called kansui - lye water, or alkaline salts. As long as you use Ramen noodles to make your soup, and stick to some very basic rules, you can call almost any soup you make out of it Ramen. And so just like Indian moms have their own Maggi recipe, within a few standard classes of Ramen soups, every Japanese person has their own Ramen recipe.

I love a good bowl of Ramen. For when you’re hungry and don’t have a lot of money to eat, a moderately good bowl of Ramen will set you back 3-4 Euros (here in Germany; in India that cost is probably closer to 50 Euro cents) in ingredients and leave you with a very full tummy. And Ramen is the ultimate soul food. You can make it as elaborate as you want to, throw in almost anything you wish as long the flavours go together, and after a hard day at work and not much energy left to cook, I just love slurping on a bowl of Ramen watching clips from my favourite late night talk show (mostly Conan and Colbert) on TV.

Here’s what I’ve learnt from eating and making Ramen so far:

  • Noodles: This is what makes it a bowl of Ramen, not just some other noodle soup. I start with instant noodles (not Maggi, that’s not Ramen). You can try Top Ramen - or whatever Nissin sells in your local market - and I hear Maruchan is pretty good in the US. Heat up some water with the seasonings, and just as it starts to boil, add in the noodles. The moment the big block of noodle disintegrates into strands, count 20 seconds and then take it off the heat and throw away the water. Undercooked is good, cooked fully is still okay but not great, and even a little bit overcooked is bad. That’s because now we’re going to re-fry the noodles in sesame oil, with a generous helping of sriracha sauce and soy sauce. I learnt this trick from a video on YouTube and this is the best trick that I’ve managed to collect in my bag of instant noodle innovations.
  • Broth: The broth doesn’t need to be fancier than chicken stock that you buy from your local supermarket. Here in Germany, Lidl sells glass jars of chicken broth powder from Knorr, and that stuff is amazing. I start by chopping up some ginger (finely) and garlic (into big slices), frying them along with chilli flakes in sesame oil, and then I add in the water and the broth powder, and let it boil.
  • Chicken: This one isn’t hard, but it actually takes a bit of time to make. You need tiny strips of boneless chicken, and you need to marinade it with generous helpings of sesame oil, soy sauce, egg and flour for 45 mins to an hour. Fry it on low heat in a frying pan, again in sesame oil - frying on low heat makes it soft and juicy, although it takes longer to cook. When it looks like its almost done, add in a little bit of sweet chilli sauce and give it all a good toss.
  • Eggs: Ramen is usually topped with a boiled egg split in two, the egg being boiled just long enough for the white to have become solid but the yolk still being runny, but I actually like to make my egg sunny side up.
  • Fresh Vegetables: Honestly, you don’t need much more than some freshly chopped scallions. You can of course add more stuff, but at some point you’ll need special ingredients from an Asian store - what you find at your local supermarket usually won’t do. I don’t think more vegetables add much to the soup, anyway.

The soup does have to be assembled in the right order. Here’s how you do it:

  1. First, put equal amounts of sesame oil and soy sauce at the bottom of the bowl. 2-3 tablespoons of each should suffice.
  2. Now put the noodles in the bowl.
  3. Fill up the bowl with the broth.
  4. Divide the bowl into radial thirds, and put the chicken in one of the thirds, the egg in another and finally the chopped scallions into the last third.

And that’s it, a big hearty bowl of Ramen.

Guten Appetit!

My Little Facemash Moment

Of the many movies that were released in 2010, one in particular stuck with me. It was about a socially inept college student, who failed miserably at love - very possibly because of his social ineptitude - and then decided to compensate for it by doing something from his dorm room that would stick it to the establishment and gain him some notoriety. The movie was called The Social Network.

At that time, I was socially inept, and I had also failed miserably at love, although I now know it wasn’t down to social ineptitude. And being the immature child I was, I also wanted to compensate for my romantic failures by causing a little revolution that would make me famous. I just didn’t know how to.

It took another 3 years. It was in late 2013, just as I was being battered by the harsh Rajasthan winter as I was about to finish my first semester at university, that I found out I could no longer read BBC News on the campus network. I’ve always been a rebel, not caring much for authority, and definitely not caring for authority that blocks me from doing things I want to. The time for my little Facemash moment had come.

Content Control

For a network administrator, internet pornography is a nightmare to handle. The average network administrator couldn’t care less about the societal norms surrounding pornography; it’s the sheer volume of traffic involved, and the sketchiness of the websites and their potential to infect entire networks of computer with insiduous malware, that keep them awake at night.

The internet is for porn. This is a fact. Depending on whom you ask, anywhere from 4% to 30% of the internet’s websites are related to pornography.

Now 30% might be a small number, until you consider the nature of traffic. While Wikpedia or Google is mostly text, and Facebook is a mixture of text, images and video, most pornography is video. It’s not just video, these days it’s high-definition video, which means one person watching porn on the internet can easily blow through gigabytes of data in minutes.

So depending on whom you ask, an average of 17% of the world’s websites are for porn, but a whopping 75% of the traffic volume is pornographic video.

In fact, lurk around enough on the internet and you’ll find that some pornography websites are at the forefront of content delivery network technology - there’s just so much data transfer capacity and so much high-speed bandwidth that you need to run a streaming video website - a popular one at that, because let’s face it, people watch porn - that pornography websites are actually the driving force in development in distributed content delivery networks.

YouTube is the worlds single most popular video streaming website. PornHub is the second. The next non-porn video streaming website - Vimeo - comes far down the list. YouTube operates at Google scale, with networks of servers in almost every country in the world to deliver content to viewers as efficiently as possible. Given PornHub’s popularity, you would guesstimate that they have at least two-thirds the server capacity of YouTube.

And India loves to watch porn. A couple of years ago, Indian Railways started a pilot project to equip large stations in India with free WiFi in collaboration with Google. In return, Google got to collect data on what the users of the free WiFi service were looking at. In the city of Patna, the capital of the state of Bihar, we got news headlines like this: Patna Is The Top User Of Google’s Free Wi-Fi At Railway Stations, Mostly For Porn: Report.

My university started with the best of intentions. It happens to be connected directly to the National Internet Backbone through a 10 Gigabit network link and in the first few years of the university’s existence, the campus WiFi was unfiltered. Of course, fewer than 100 students and faculty managed to saturate that link every single night and bring down the network down to a crawl. And then there was a campus-wide computer virus outbreak that was presumed to come from a careless porn viewer.

So the network administrators decided to block internet pornography. And this is where things started going wrong.

They started by blocking pornographic websites, and then blocked torrents. The speeds improved, but they were still not the blazing fast speeds that we should have had been having. So they decieded to block access to more categories of websites. Gaming went away. For a little while, so did YouTube, although it was brought back because of “the availability of educational content”. And then they blocked news.

The rationale behind this was, in my opinion, absolute insanity. We had televisions in the common rooms, and their stance was - if you want to be updated on the world’s current affairs, watch the news on the telly, or come down to the library for a newspaper. Apparently, the few videos embedded into news websites was too much for the network to handle.

I tried to submit requests to the IT department to get BBC and Reuters unblocked. It didn’t work. My alternatives were to go to the university administration, or do something about it myself.

In hindsight, I could have gone to the administration. They’re nice people, and completely reasonable. But the IT department had pissed me off, and I no longer had a much of a high opinion of them. I really wanted to “stick it to the man.” And so I did.

DNS Blocking

The university used (and still uses) DNS to block websites. DNS, or the Domain Name System, translates domain names to IP addresses.

You see, every single website on the internet has a numeric address, called an IP address, or Internet Protocol Address. But these addresses can be as large as 12 digit numbers (or 32 digit hexadecimal numbers - numbers using the numerals 0-9 and the letters a-f - nowadays), and they’re mighty hard to remember. What would you rather type in to your browser - www.google.com, or 167.182.123.89?

So our university ran its own DNS server, which would, for unblocked websites, translate the domain name to the real IP address, but for blocked websites, it would translate the domain name to an IP address that pointed to some other website that just said “The website you are trying to access is blocked on our network”.

This was effective, but for an university which taught courses in computer engineering, exceedingly easy to break - just tell your laptop or computer to use a different DNS server, not the one provided by the university. Google runs one such public DNS server service, and we just en-masse pointed all our laptops to Google’s DNS servers, completely unblocking everything.

It took a while for IT to figure out what was going on, but they retaliated by making sure DNS traffic never left the university’s premises. We were thus limited to using DNS servers located inside the campus network, which now happened to be the university’s own services that blocked websites.

Proxying DNS

This put a stop to all but the most enterprising of the students. Most resorted to using VPNs - Virtual Private Networks, a techniqe to route all internet traffic via a “private” network, bouncing it off other servers outside the campus network before releasing it to the internet. Unfortunately, VPNs are either free or fast. You can’t have both.

I decided to poke around their network to see how they were actually blocking DNS traffic from exiting the campus.

This is where things get technical.

There are usually two protocols - a set of rules that computers follow to communicate with each other - that are widely used on the Internet. They’re called TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).

Then there’s the concept of ports. You see, one physical computer may serve multipe services. It might serve websites, and simultaneously run a database that you can connect to from the outside world. If you want to connect to www.google.com, how do you say if you want to connect to the website running on the server, or the database?

Every computer therefore has 65,536 “ports”, numbered from 0 to 65,535. A particular service - say the website, or the databse - “listens” on a particular port. When we connect to the website, we have to specify its IP address or domain name, and the port we want to connect to.

The IANA - Internet Assigned Numbers Authority - assigns some “well-known ports”. They say that websites must listen on port 80, and websites that are secured and encrypted must listen on port 443. That’s why, when you type in www.google.com into a web browser, you don’t specify port 80 or port 443, because the browser assumes that you want to see the website and automatically connects to port 80. If the website was, by any chance, listening on port 1234, a nonstandard port, you’d have to write the address like this: www.google.com:1234.

Here’s how the university was blocking DNS access - the well known port for DNS is port 53, and the university created a rule in their network firewall that said if any computer inside the network wants to connect to any computer outside the network on port 53, block that connection.

Simple, right?

Well, this is where things start getting fun. Just because the IANA says that DNS servers have to listen on port 53 doesn’t mean DNS doesn’t work if it listens on port 1234. It just means we have to explicitly specify port 1234 when we point our operating system to a particular DNS server.

I ran some tests on our network. It turned out, we were only allowed to connect to servers outside the network using TCP on ports 80 and 443. We were theoretically only allowed to browse websites.

And guess what, there are quite a few DNS servers on the internet that listen on port 443. We could just use one of those, right?

Almost.

There’s another angle to the story - the protocol (TCP, or UDP). Websites can only be browsed using TCP, but DNS traffic can use both TCP and UDP. And since UDP is faster for small amounts of data (typical of DNS requests), DNS defaults to using UDP for traffic.

So DNS servers listen on port 53, expecting to hold conversations with the client using the UDP rules. And now you can probably guess what the problem was - since websites only work using TCP, our network administrators set up the firewall so that only TCP traffic went out on ports 80 and 443. Simply pointing my system to DNS servers listening on port 443 wouldn’t work, since the system would try to make a DNS request using UDP, and fail.

So I came up with a little idea. What if I wrote a tiny prograam that ran on my own computer, which listened on port 53, listening to UDP traffic, and forwarded whatever it recieved to the real DNS servers outside the network using TCP over port 443? It would then wait for the reply, recieve it via the TCP connection, and relay it back to the program requesting the translation (such as Google Chrome) using UDP again.

And that’s what I did, and it worked perfectly.

Dennis

Because I was feeling so cocky, I decided to put up the code on GitHub for everyone to see - if they could find it. I called it Dennis, a phonetic play on DNS, named after the character Dennis the Menace, because it was also supposed to be a menace to the university’s IT department.

I used it for three and a half years. The university’s IT department never noticed I was accessing websites that were supposed to be blocked, even though nothing was encrypted. I let a friend of mine, whom I trusted to be responsible with this kind of power, use it. No one noticed him downloading games from Steam once in a while.

After I graduated, I finally let everyone in the university (including the administration) know what I did. After I already had my degree.

At an university that boasts that it produces the engineers of tomorrow, and at an university that inculcates an entrepreneureal spirit right in the course curriculum, you can’t reasonably expect that absolutely no one will manage to innovate around a real problem that they face every day. This was a sign that the university worked. In spirit, at least.

If you want to find out which school I attended and what I studied there, I invite you to stalk me on the internet. That information is not hard to find. But if you’re in India, trying to choose an university to attend, and planning to study computer engineering, take a look at the one I went to. It’s a brilliant little place, and you might like it. For what it’s worth, I had the flexibility to choose my own study path that I designed myself, and as a result of this path I moved to Germany during my last semester of college, where I still live and work.

Dennis is available here: https://gitlab.com/BaloneyGeek/dennis