Azure Information Protection - Broken "by design" according to Microsoft

As of this writing, it's been 3 years since Microsoft announced their Azure Information Protection (AIP) product. As recently as March of this year, they were touting ominously "When you use Azure Information Protection with Exchange Online, you get an additional benefit: The ability to send protected emails to any user, with the assurance that they can read it on any device." What they don't mention is that Outlook Web App (a.k.a. OWA) completely bypasses AIP security. Can this be possible?

Long story short - yes... according to Microsoft... "Azure Information Protection does not work in OWA and it is by design". (click below to enlarge). And when they say "does not work" they don't mean that you can't read the protected information - "does not work" according to Microsoft means that all protection is removed.

In fact, I am told that if I'm not happy with this protection feature, I can join other unhappy Microsoft customers and vote for this broken functionality to be fixed. The link they gave me, humorously, is one that I originally created. If you are reading this and reckon that AIP should actually protect your cloud information, feel free to "vote" for my suggestion. Sadly, the odds of this being a successful approach are nil when the top features that Microsoft is working on are really important things like animated 3D hearts in Excel.

For those technically minded of you, I have a bit more detail below. For everyone else, don't waste your time on Azure Information Protection (or your money on the expensive Enterprise licenses that are required for it), after 3 years, it's still not ready.

The way that AIP works is by setting up what are called Labels. Here is an example label that causes  items to expire after 3 days. I have confirmed with Microsoft that this is the correct way to configure the feature.

This label called "Secure Inbox" is listed along with other labels available in our tenancy.
To invoke this label, you can create a rule in Exchange to apply the label under certain conditions. In this example, mail coming into Test AU will get the "Secure Inbox" treatment as defined above.
Microsoft have confirmed that this is the correct way to implement a policy to make messages no longer visible after 3 days. Indeed, if you send an e-mail to a mailbox and wait 3 days, you get the following in both Mac and Windows versions of Outlook:

This is perfect... exactly as advertised.

But... what if you log in to OWA and read your mail there? The exact same message, which was meant to expire after 3 days is displayed freely without any restriction. Indeed, even the attachment can be downloaded. In the older OWA interface, you get a message saying "This message will expire on: Friday, 15 March 2019 8:04:00 PM" which is when it expired on the desktop version... but despite it being already mid-April, a month old message is still plainly visible.

What about the New OWA interface (click "Try the new Outlook" on the top right)... well, that's even worse!
In the new interface, not only is the message and the attachment fully accessible, but they don't even bother to tell you that you are past the expiration date.

What about on the phone? You guessed it... plainly visible well past the "expiration" date.

After over a month of back and forth with Microsoft support (who have been able to reproduce this problem - and initially agreed that it doesn't feel like a secure way to secure things), they have given up with a flippant "this is by design"...

Thanks for nothing...

Hacking an IKEA MOLGAN Light - Part 2

Over a year has passed since my previous MOLGAN Hack to improve battery life, (see I have modified several MOLGANs and the battery endurance in the modified lights is great (several months on rechargeable AAA batteries). Under the default timing, the lights come on for about 30 seconds which is fine for all of them except one which I'd like to stay on for a little longer.

As mentioned in my previous post, these lights are driven by a very common BISS0001 motion detector IC. Pins 3 and 4 are connected to resistors and capacitors whose values define the "Output Pulse Width" which is the fancy way to say the number of seconds that the light stays on once it is triggered.

Refer my previous post to see how to disassemble the light. Once you are inside you will see what is pictured here (ignore the extra RED and BLACK wires in this photo). I have drawn on my board so you can see which are the relevant resistors and capacitors to adjust the timing. I've also drawn a black trace line to show how they are connected to each other and via a pad labeled B.

The pulse width is defined by a function that is the product of the resistor and capacitor value. If you increase them, the time increases and if you decrease them the time decreases. In my case, I wanted to increase the time and the easiest way to do this was to remove the old resistor at position R11 and replace it with a bigger value. In my case I went for a 1.5 MΩ resistor which gives me about 80 seconds of ON time. If you want to reduce the on time from the default then simply put a resistor in parallel (piggyback) with the one that is already there.

Hacking an IKEA MOLGAN light

The IKEA MOLGAN is a great little product to provide motion-detected path lighting in the house at night.

TL;DR version: To save battery life, you can make the MOLGAN more sensitive to light by adding 140KOhms of resistance in parallel to the light sensor. This will cause the MOLGAN to only trigger when it's much darker than the stock setting.

I have a bunch of these mounted on the ceiling outside the bedrooms and in the bathrooms so that at night they just come on automatically with a dim enough light not to get your brain out of sleep mode but bright enough that you can see. Because they are battery-powered you can mount them anywhere and they are cheap enough that you can buy a few of them.

My biggest complaint with them is that they take 3 AAA batteries which don't provide much longevity. I use rechargeable batteries and they need to be recharged about every 3-4 weeks. They are light and motion activated which means that they only run when there is motion detected AND it's dark (see below re: IKEA's definition of "dark").

Increasing the longevity (time between recharges) could be accomplished either by
  1. Increasing the capacity of the batteries
  2. Reducing the time the light is running (draws about 80mA when running)
  3. Reducing the brightness of the light (so that it draws less than 80mA when lit)
  4. Decreasing the minimum ambient light trigger (currently triggers when not totally dark)
Increasing battery capacity is difficult to do without basically creating a new case for it. Using 3 AA batteries or even a single 16850 Li+ battery would require heavy physical modification of the case.

Reducing the run time with each trigger wouldn't gain much since the light runs for about 30 seconds per trigger and making it much shorter than that would be annoying.

Reducing the brightness could be an option, and it would be quite simple to remove one or more of the 5 LEDs on the circuit board. 

I opted to try to solve the "darkness" problem. IKEA's design means that it does not need to be absolutely pitch dark for the light to come on. This means that it often comes on unnecessarily when it's actually quite light inside (i.e. early morning, late afternoon). 
Opening up the MOLGAN is quite simple. You just pry the face (the part where the light comes out) off. It's lightly glued in and it's easy to put it back. You can pry it off with a flat-head screwdriver without even leaving a mark. When you do so, it looks something like this on the left.

What you are looking at are the 5 SMT LEDs around the edge of the board, the motion sensor in the middle and on the right edge there is a clear component that looks like a LED which is the light sensor.

If you remove two screws and unsolder the battery contacts you can remove the board and it looks like this on the other side.

Here you can see the BISS0001 which is the chip in the middle of the board. It's a very common controller for battery-powered PIR controlled devices.

Importantly, the two pins next to the R2 label are the pins of the light sensor. The light sensor works like a variable resistor that varies by light. The more light, the less the resistance, the less light, the more the resistance. 

The trick is to change the range of the resistance of the light sensor so that "darkness" is triggered at a lower ambient light level.

If you remember from high school physics/electronics (or just find out by Googling around), it's very easy to reduce the resistance of a resistor by adding another resistor in parallel. 

The correct resistor size can be figured out in several ways - one is to mathematically solve it by using the BISS0001 data sheet. Another one is to measure the light sensor resistance at the critical level of darkness and back-solve the correct resistor.

For me, the simplest was to just use trial-and-error with some resistors I had lying around.

To make it as simple as possible to find the correct resistance by trial-and-error I soldered some DuPont wire with female ends to the light sensor pins so that any resistor I add is in parallel.

With a very slight bit of case modding (just cutting back some plastic) you can fully re-mount the board and solder back the battery connectors. The next photo shows the MOLGAN back to fully functioning condition but with the addition of a "breakout" area to add additional resistors in parallel to the light sensor.

Playing around with some resistors I had lying around I quickly found that 130KOhm was about the lowest I could go where it would still trigger in total darkness. I went up to 140KOhm and that was quite reliable even in a room that wasn't pitch dark. Because I was just using parts that were lying around, to do 140KOhm I had 3 resistors (100K+20K+20K) Going up to 168KOhm was also quite acceptable and allowed me to use 2 resistors that I had lying around (100K+68K)

I then re-mounted the MOLGAN with the additional resistors on the ceiling to do a bit of testing and see that it was behaving as expected.

After a couple of days of testing, I was really happy with the new calibration for the darkness trigger and modified the rest of my MOLGANs with a more permanent mod.

And there you have it, with a 100KOhm and 68KOhm resistor in series added in parallel to the light sensor. By not triggering when still pretty light in the room, I'm hoping that the batteries will last longer before requiring a recharge.

For a particular room where I wanted the MOLGAN to come on only when it was very dark (since it got tons of false triggers from people walking past the open door) I went with the 140KOhm option which really cut down on the false triggers. With 140KOhm, the MOLGAN only comes on if you've entered the room and almost completely shut the door.

Repairing a Boogie Board WT13087 (a.k.a. Jot 4.5 eWriter)

During a recent trip to Costco I bought my daughter a Boogie Board WT13087 (Jot 4.5) by a company called Kent Displays as a bit of an impulse buy. The way they are packaged, you can test them out in the store and the one my daughter picked was working fine.
Within about a half hour of arriving home; however, the "erase" function stopped working. This is a fatal problem because it's the only way to erase the screen. The whole point of this device is that it can be re-erased many time.

I did a bit of hunting around the internet and clearly this is a problem that others have experienced. I figured that since you could use it in the store, the battery might have died from overuse by other customers playing with it and testing it out.

It's also very clear from Googling around that the battery is definitely not replaceable. The closest I could get to a successful YouTube video on this was here: - but alas this guy managed to ruin his Boogie Board in the process. The good news was that from the video, at least I could find out where the battery was. Instead of doing a full disassembly, I thought I would just target the battery.

I used a box cutter and snipper to expose the battery and I figured this would be an easy fix to replace. 

Lo and behold, the battery was fine, showing a full 3V... argh! Incidentally, it's a CR1620H. They definitely don't make it easily replaceable, but if it were just a battery issue, it's doable.
As it wasn't the battery, I continued opening it up to expose the circuit board. Maybe something was wrong there.

It actually wasn't too hard to expose the rest of the circuit board. The trick is not to let the plastic peel off the screen.
As you can see, the board is pretty simple with the power going in from the battery to an unidentified controller and a button to activate it all. The output of this board goes via two wires to another board at the bottom of the screen. I stuck my scope on the output wires to see what was going on when the button was pressed. 

As you can see, all the button does is to cause the circuit to produce 3 pulses. First a 36V pulse for ~150ms and then two ~150ms ~19V pulses with 250ms gaps in between each pulse. 

So that didn't get me any closer to solving the problem, but at least I knew the top board was doing something in response to a button press.
Using the box cutter, I went to expose the bottom board. This is where I made a stupid mistake. In the process of cutting open the plastic on the bottom, I cut the connection between the bottom circuit board and the screen. The bottom circuit board is completely passive, all it does is it connects the two layers of the screen to the positive and negative of the pulses from the top circuit board.

If that's all that it does, I figured that I could erase the board by sending 35V to the screen in a short burst followed by two more pulses.

Unfortunately, my power supply only goes up to 30V so I gave it a shot. I connected the power supply output to the two sections of the screen (there is a clear section that takes the negative and a black section that takes the positive).

Sure enough, it worked! Sending 30V to the screen erased it. See the video below for the full show. It turns out, you just need to send it 30V and it's not very sensitive to how long you do it for. Also, it doesn't really care about the 2 additional 19V pulses either.

So, in the end it had nothing to do with replacing the battery (although if that's what your problem is, then it's pretty easy to do). It's likely that due to some manufacturing defect, the connection between the screen and the bottom circuit board was flakey. I checked that the whole rest of the device (from the battery to the bottom circuit board) was fine. The screen itself is fine.

Now that I've "fixed" it, I have a slightly less portable version. The big lesson here is that if you are one of the many people who find that their display no longer erases, it might not be the battery. You might need to check for a good connection to the screen. This is located at the bottom (the side without the button). You could try pressing on various sections of the case to see if you can correct the bad connection.

Epilogue: I contacted Kent Displays and after a proving that I have a defective product (receipt and some photos) they sent me a new one free of charge. The new one they sent is a model WT13087B (note the B at the end). It's otherwise looks identical and after a few days it still works! See photo below of the old (right) and replacement one (left).

A bit of "found music" from the 1960s

I recently found this box of my Dad's old reel-to-reel audio tapes from the late 1950s to mid 1960s. They hadn't been stored particularly well and I doubted that I could yield anything interesting from them... I was wrong! The quality is actually amazing considering the circumstances. Some of it is incredibly precious commentary by relatives who are long gone, but there is also some music which I am posting here in case there is some interest in such recordings. These tapes are from Hungary so unsurprisingly the music is Hungarian. The tapes are predominantly popular music of the era. Click on on each clipping below to get the full audio of the tape associated with it. Enjoy!

The QR Fortune Clock Concept

QR clocks are funny in their banal use of technology - but ever since I built my first one I was wondering if there could be a better use for them. This video shows my QR Fortune Clock concept which is like a fortune cookie (you need to "unwrap" the QR code with a QR reader to find the fortune inside).
You basically fill an SD card with a text file that contains the quotes you are interested in and then every second it will randomly display the quote as a QR code. Using a cheap 128x64 OLED screen, the version 10 QR code is easily readable while providing space for a 395 character message as well as a human-readable time/date. The underlying code is running on an Arduino Mega (simply because I couldn't squeeze the code to fit onto something smaller and also because I had a spare one lying around).

If there is interest, I can provide more details about the hardware and software but essentially the clock is made from:

  • Arduino Mega 2560 - I needed the extra on-board SRAM to fit the code. Writing software is not my day job so I'm sure some smart people out there could shrink it down to fit on an Uno.
  • 1.3 inch 128x64 pixel white OLED module (this one uses an SH1106 / SSD1306 driver)
  • MicroSD module using the SPI bus.
  • MicroSD card (I had a 16gb one lying around, but this is way overkill)
  • KY-040 rotary encoder (to control the functions like time setting, file selection)
  • 10K pull-up resistor (for the pushbutton feature on the KY-040)
  • DS3231 high accuracy TCXO RTC module for timing
Apart from the standard built-in libraries, the sketch uses the following additional libraries:
  • U8glib to run the OLED display
  • DS3231 to drive the RTC module
I also use a heavily modified version of the code I found here to actually convert the text to a bitmap of a QR code.

This concept can be expanded to use a larger screen and the nice thing about it is that compared to having actual text scrolling past every second, this clock just sits on the desk quite inconspicuously until you want a bit of inspiration. I have created versions that use all sorts of different texts as the base. Some particularly interesting ones are a Unix Fortune File,  books from Project Gutenberg such as The Art of War, Walden, the Shakespearean Sonnets, the Analects of Confucius and Dante's Inferno. Of course your favourite translation of the bible or other religious text also works particularly well. Basically anything that neatly breaks down into < 400 character segments. 

Installing a Pumpkin Android Car Stereo Head Unit Radio in my 2010 Audi A3

When I bought my 2010 Audi A3 (8P body style, also known as "2010 face lift") it came with the standard Audi Concert II head unit (Audi part # 8P0 035 186 S) and a dealer-installed Kufatec FISCON 36429 "Basic" Bluetooth adapter. From the outset I wasn't happy with this setup because the Bluetooth never worked properly throughout multiple phone changes (iPhone 3GS, 4, 4S, 5, etc.) and firmware updates. The volume was too loud and there seemed to be no way to lower it. Moreover, playing music over the Bluetooth sounded lousy - as if through an old crystal radio. (This is despite going back to the dealer numerous times, playing with the internal settings of the Kufatec and even using VCDS to try some internal Audi settings). When we recently moved house, our new driveway was extremely narrow, full of blind spots and required reversing in so I thought it would be time to replace the head unit with one that had a display for a reversing camera.

After doing some research on options, I decided to get a Pumpkin head unit to meet the following requirements:
  • Have a stock "look and feel" that would not ruin the aesthetics of the dashboard
  • Integrate with the steering wheel volume/channel/telephone controls
  • Provide improved Bluetooth compared to the Kufatec unit
  • Provide a screen for a reversing camera
  • Be installable without lots of cutting / soldering / drilling - basically "plug and play"
The TL;DR version of this post is that I am happy with the end result and the Pumpkin head unit meets all my requirements. It was a bit of a journey to get there, so for all the gory detail, read the full post.

1. Buying the initial parts
I bought this Pumpkin item on eBay which came with a free camera and free Australian maps for the GPS. While it came with a free camera, the camera wouldn't look "stock" so I bought this camera instead which was billed as a plug-in replacement for the number plate light. According to some back and forth e-mails with the vendor, the specific camera I needed was the Model 603 which would be an exact replacement for my number plate light. I based my decision partially on an installation video on YouTube that showed how easy it was to install this camera. I also bought some CT22AU01 radio removal keys to help remove the old head unit.

Now on to the installation and some of the issues I had to resolve...

2. Installation - Head Unit
The physical installation of the head unit was a relative breeze. With the radio removal key, you just remove the old head unit, unplug the Quadlock connector and basically plug it into the harness of the Pumpkin unit. 

Now you can turn it on and try it out... but not the radio yet.

2.1 Head Unit - Radio Antenna Fix
The first problem you will encounter is that the radio won't work because the Pumpkin antenna connector is DIN but the Audi uses a "Twin Fakra" connector. You will need to buy one of these adapters to interface the Audi antenna to the Pumpkin. This is pretty easy, but I wish that Pumpkin included one in the box. The Pumpkin has an unterminated wire called "ANT" (see below) which you need to connect to the +12V wire on the Fakra connector. It's puzzling that Pumpkin didn't pre-make the harness with this wire connected since they clearly have provision for it.

Now the radio will work through the front speakers, but there will be no audio at the rear speakers...

2.2 Head Unit - Rear Speaker Fix
My car came from the factory with an amplified set of rear speakers. The wiring needs to send +12V down to the amp that is located in the rear of the vehicle. The stock Pumpkin harness does not wire up this connection. It will need to be wired up yourself. Like the antenna power wire (mentioned above) there is a remote amp power wire that is unterminated on the Pumpkin. This wire is labeled "AMP-CON" per the photo above. Essentially, you need to connect it to Pin 13 of the Quadlock connector per this diagram. Once this is done, you will have audio coming out of the rear speakers. I don't understand why Pumpkin did not wire this into the harness in the first place.

2.3 Head Unit - Battery Consumption Fix
Everything was working fine with the head unit at this point but I noticed that it would not fully power off when I pulled the ignition key out. I put the Pumpkin to "sleep" (but not OFF) by pressing the power button and by the end of the week my car battery was flat. I sent a complaint e-mail to Pumpkin and they immediately responded with a note telling me to cut this red wire. Cutting that red wire makes the Pumpkin power down when the ignition key is switched off. This fixed the battery problem. 

At this point, the Pumpkin was installed and everything I needed was working reasonably well, although there are a few bugs to note:
  1. The 3G dongle that I bought from Pumpkin doesn't work very well. It connects to 3G but then after a few minutes of driving disconnects. Googling around, I discovered that the radio is manufactured by HuiFei and there is a forum that discusses issues with it. This is a known problem. Lots of interesting stuff to read about it here. 3G connectivity is not a key requirement for me, I mostly use the radio tethered to the WiFi personal hotspot of my phone.
  2. The software can be a bit "crashy" ... The core functions work fine (radio, DVD, reversing camera, etc.) but if you play around with some Android Apps you will find that they sometimes don't work as expected. Also, sometimes various apps crash for no reason. Again, this is a mild annoyance since these apps are not a key requirement but more for fun. 
  3. Since applying the "Battery Consumption Fix" (mentioned in point 2.3 above) the Pumpkin powers down every time I remove the key. This means that each new car trip requires the Pumpkin to boot up from scratch (unlike a car radio which is always instant-on). This can be annoying if you are making frequent small trips. I have wired up a switch to undo the "Battery Consumption Fix" (essentially a switch that can reconnect that cut wire) and when I am doing short trips I just leave that connected. It means that the radio only goes to sleep, but doesn't switch off. Hopefully I won't forget to leave this switch off at the end of the day or I'll have another dead battery.
  4. The radio doesn't quite fit in as flush as the factory radio does. The bottom bezel sticks out a bit despite my repeated attempts to "force it in" for the last mm or so. It's flush at the top and sides so I'll just live with it.
Now on to the reversing camera which was a bit more of an adventure than I bargained for. This is not Pumpkin's fault since I could have just used the free camera they supplied and not faced these problems.

3. Installation - Reversing Camera
I basically followed the instructions provided in this YouTube video. I made a small change to the installation by drilling a much smaller hole in the back of the light holder. This meant that I had to cut the cable (since the RCA jack wouldn't fit through the smaller hole) and then I reattached it after I fed the cable through. I ran the cable to the front of the car and plugged it into the Pumpkin and it worked straight away by just switching the ignition ON and putting the car in reverse. But I did have some problems.

3.1 Reversing Camera - Engine Running Fix 
The first problem I ran into is that the camera would work fine with the ignition switch in the ON position, but once I started the car it wouldn't work anymore. This reminded me of some old car stereo buzzing problems I used to have years ago which was fixed by a noise isolator. So I bought one of these and wired it in. This worked perfectly and now the camera worked exactly as intended. As a side note, this Response brand of noise isolator has lousy instructions. Their web instructions don't match with the paper instructions that they provided. Follow the wiring diagram above with the green wire going to the +12V of the car and the red wire going to the power input on the camera.

3.2 Reversing Camera - LED Light Polarity Fix
At this point the camera was working great, but the license plate light that it was integrated with did not light up! The LED light, unlike the incandescent light that it was replacing, cannot be put in any-which-way. There is a + and a - side and they need to be hooked up correctly. This picture shows the light working fine when providing +12V to the left contact. But it wouldn't work in the car which provided +12V on the right contact. I could prove this by crossing the wires like in this picture. I contacted the vendor on eBay and after showing them these pictures they went back into their inventory and found a camera module where the LED was wired the other way and sent it to me for free. This was good customer service, but I wonder if Audi wires their cars differently in Australia? Because Audi uses incandescent lights the polarity of this wiring doesn't matter, but it does with LEDs.

3.3 Reversing Camera - Light Bulb Warning / CANBUS Error Fix
Now that the LED was working with the replacement camera module the car would give a Light Bulb Failure Warning (a.k.a. CANBUS Error). Because the LED draws so much less power than the incandescent bulb, the engine computer thinks the bulb is burned out. This meant a very annoying beep every time the lights came on. The next goal was to fix the light bulb warning. After some Googling around, I found this product which basically puts a load on the line to fool the engine computer into thinking that the bulb is there. You can easily do this yourself by wiring a resistor in parallel with the LED, but this solution was nice in that it was plug-and-play with the correct connections at either end. I also replaced the bulb on the other side of the license plate with one of these so that the lighting would be even and to avoid drawing too much load with the resistor packs.

And here is how the final installation looks of the camera with fully working LED lights as well!

Overall I am happy with the result, but it was a bit more involved than I had hoped. It took several months of elapsed time to sort out all these problems so I hope this little blog post can fast-track a solution to these problems for others in the same situation.

Here is the final installation with the camera working and my daughter helping me to test it.