0:03

I have been exploring the secrets

0:06

of the TPM. Is that anything

0:08

like the TPS report from

0:10

Office Space? Almost exactly as

0:12

useless. No, no, no. I jest, of course. So

0:15

TPM stands for Trusted Platform

0:18

Module,

0:19

which is not a terribly useful

0:21

descriptive name. It's basically

0:24

a bit of hardware on your computer

0:26

that can do things like encrypting,

0:30

decrypting and storing small

0:32

amounts of data. But it also looks

0:35

at your machine and tries to understand

0:37

what state various bits of it are

0:39

in. And it can use

0:41

those states to make decisions about whether

0:44

or not it should decrypt the data that

0:46

you're asking it for.

0:47

Are the states things like, has

0:50

the computer been taken apart and is it

0:52

currently in a laboratory in some

0:54

foreign actor or something? Or is it simpler than

0:56

that?

0:57

Not necessarily that specific, but that

0:59

sort of thing. It tries to essentially

1:01

tell if someone has tampered with the

1:04

known state of the computer, like have

1:06

they turned secure boot off or

1:09

has the boot loader changed? Has the firmware

1:11

been changed? Things like that. And there's other things

1:13

that the operating system can hook into, I

1:15

think, as well.

1:17

Now, the reason that I got interested in this is

1:19

because I use

1:21

full disk encryption on my work

1:24

laptop and I

1:27

find it a bit of a pain when

1:29

I have to reboot. For

1:32

example, recently Ubuntu

1:34

started requiring you to reboot to install

1:37

some software updates.

1:39

And the workflow for that became reboot,

1:42

enter your decryption password, let it run

1:44

the updater, and then it reboots

1:46

again. And then you have to enter your encryption password again,

1:49

and then it boots back into your system. And

1:51

that was a right pain having to do

1:53

that. And other times that I might, I

1:56

haven't actually taken my laptop anywhere, so I'm not worried

1:58

about anyone.

2:00

I've not left it side, so it's not like

2:02

it's someone else trying to do anything. It's just me

2:04

pressing reboot from my logged in system.

2:07

And it would be nice if I didn't always

2:09

have to enter the encryption password. So I got

2:11

wondering whether using the TPM

2:14

might be a way around this. So

2:17

I found some useful and some less

2:19

useful guides to this on the internet.

2:22

One went into quite a bit of detail about how to set

2:24

up a script that ran boot and

2:27

ran some commands against the TPM and got

2:29

it to give

2:30

you the encryption key, which

2:32

all seemed to run okay except that it

2:35

didn't actually get an encryption key out for

2:37

some reason. When I ran the commands in a logged

2:39

in system, it worked. And when it tried

2:41

to do it at boot, it just didn't get anything. So I was obviously

2:44

doing something wrong there.

2:45

And then I found

2:47

another tool called System

2:50

D with TPM2, which completely bricked my

2:52

system. I should say I was doing this on a VM.

2:55

That's fine. In fact, I was using QuickMU

2:57

with the TPM equals on option

2:59

to test this out, because I didn't want to actually

3:01

be doing this on a real system. But

3:04

while I was doing this, I ended up reading some

3:07

man pages,

3:08

as you do, and found

3:11

in the man page for crypt tab that

3:13

you can configure crypt tab to

3:16

point to your TPM directly

3:18

without any additional tools or

3:20

utilities or scripts that you have to write yourself.

3:23

And I imagine crypt tab is

3:25

something that works alongside FS

3:27

tab to say these file systems

3:29

are encrypted. And here are the strategies

3:32

to provide decryption keys.

3:35

That's exactly what it does. Yes. So you have

3:37

a list of here are your encrypted devices and here

3:39

are what they're called. And then one of those

3:41

names maps to the thing that you're mounting in FS

3:43

tab.

3:45

Finding this, I managed to do

3:47

quite a bit of digging and find that there's a

3:50

command called system D dash crypt

3:52

enroll.

3:53

And what this does is generates

3:56

a decryption key adds

3:58

it to your luck. encrypted

4:01

volume because you can have multiple

4:03

keys associated with the volume

4:06

and then it stores that in the TPM

4:09

and does some other wizardry in the background

4:11

to connect things up. Then you edit

4:14

your crypt tab, you add an option there

4:16

to say which device it is. If

4:18

you've only got one TPM you just say auto and

4:20

it finds it and then you rebuild your

4:23

init RAMFS which is the system that runs

4:25

at boot to bootstrap everything and

4:28

then that will include the bits it

4:30

needs to read the stuff out of the TPM.

4:33

This was all going very well except

4:35

I was trying to do it on Ubuntu. For

4:40

some reason when you try and rebuild

4:42

init RAMFS on Ubuntu with this option

4:44

it doesn't recognize it and I tried a few

4:46

different versions with different versions of

4:49

crypt setup

4:51

but it just wasn't having any of it despite

4:53

other people saying they were successful doing this on

4:55

other distributions. So I

4:57

thought well someone said this works on Fedora

5:00

I'll give that a go and

5:01

I've read exactly the same thing on Fedora except

5:04

they use a utility called dracut

5:07

or something

5:08

of that effect to rebuild init RAMFS

5:11

and it worked so I ended up with a system

5:13

that I could boot into and

5:15

when I rebooted it would

5:18

decrypt the disk without me having to do anything.

5:21

Can I just clarify you're doing this all in a

5:23

VM that's talking to the fake

5:25

TPM module and you're doing

5:27

it with Fedora in a VM right?

5:30

In a VM yes and that's right isn't it Martin

5:32

it's actually it's a software TPM.

5:34

Yeah yeah so what Mark's using

5:37

here is my quickemu project which is

5:39

a wrapper around QEMU and

5:42

one of the things that I added to that project

5:44

was to enable

5:46

a software TPM emulator.

5:49

So this was the result I was looking for

5:51

except I didn't have the option

5:54

to if I shut down the

5:56

computer completely have it then ask

5:58

me for the password when I

5:59

logged in. So the way that the TPM

6:02

works is it has a number of things called

6:04

platform configuration registers, which

6:06

is basically where it stores like a signature

6:09

of the various things that it's

6:11

looking at. And you can tell

6:13

it when you're running system decrypting role,

6:15

which of the registers it should look at

6:17

to decide whether it should give up the encryption

6:20

key. But I went looking at what happens

6:22

to these registers when you reboot

6:24

versus when you power down and there's

6:27

no difference. So there's no way of saying

6:29

decrypt it for me when you reboot.

6:32

But if I do a cold boot, ask

6:34

me for the password. Okay, that has clarified

6:37

the scary thing I was thinking is surely

6:40

it could just unlock like at any point, like

6:43

when someone steals out of your bag. Exactly.

6:45

But this in theory should work. So

6:48

this has kind of got me thinking,

6:51

what's the actual use case for doing this? Because,

6:54

yes, it would stop the case where someone

6:56

takes the hard drive out of your computer

6:59

and then tries to decrypt it because the

7:01

encryption key only lives in that

7:03

TPM. And once they've

7:06

started messing around with the hardware, it's not going to give it back.

7:08

They can't boot from a USB drive

7:10

and get it out. It's not going to accept that.

7:13

But it doesn't stop the case where,

7:15

you know, I'm getting off the train and someone

7:17

steals my bag and then they turn the computer on.

7:20

It boots, decrypts. And

7:22

yes, they're at the login screen and they can't actually log

7:24

in without my password. But

7:27

unless I'm wrong, my data is not completely secure

7:29

at that point. It is decrypted

7:32

or accessible decrypted on the

7:34

computer somehow if they could find

7:37

some other exploit if there was a bug

7:39

in the lock screen that meant if they mashed the keyboard

7:41

a lot, it crashed something

7:44

like that. They don't even need to do that. They

7:46

could just change the in its shell

7:48

to bim bash.

7:49

They could decrypt the disk and have it

7:52

boot straight to the root prompt running

7:54

bash. So there is other things

7:57

which you can do like locking down

7:59

grub. and locking down your

8:02

EFI config so that things can't

8:04

be edited like that. Oh, okay.

8:06

Well, the only editing would be at the point when

8:08

you press F10 or

8:10

whatever button triggers your grub, press

8:13

down arrow, edit the line. And if you

8:15

can stop them being able to edit the line

8:18

at boot time, I don't know

8:20

if grub does that. Right.

8:21

I'm pretty sure it's possible that you can lock

8:23

down things like that as well, which

8:26

would stop them being able to do that. But I still don't

8:28

feel comfortable with the idea that I've

8:30

enabled full disk encryption, but whenever

8:32

you boot the laptop, it just decrypts

8:35

anyway.

8:36

So I'm sort of wondering, yeah, am I missing

8:38

something here? Maybe one of our

8:40

security-minded listeners might be able to enlighten

8:43

me as to this. Or I wondered if one

8:45

of you two might understand this better than

8:47

I do, but it seems like an odd

8:50

setup to me. So I'd be

8:52

interested to hear anyone's input on this.

8:54

So to be clear, you haven't enabled it on your host.

8:57

You were fiddling with this entirely in a VM

8:59

to get it working and understand the technology, but

9:02

it didn't seem to fit as you want. And so

9:05

help. Yes.

9:06

Yeah. I can't offer any assistance

9:08

with this because I've never used TPM

9:11

for disk encryption. So

9:13

I have zero experience. Have

9:15

you used it for something else? The only time

9:18

I used it was when I integrated

9:20

it into QuickMU in order

9:22

to get Windows 11 images to

9:25

boot. That was the reason that I

9:27

tampered with it. So it was purely

9:29

just to satisfy the system requirement for

9:31

Windows 11. And that is where my

9:34

TPM knowledge starts and ends.

9:38

Linux Matters is part of the Late Night Linux

9:40

family. If you enjoy the show, please

9:42

consider supporting us and the rest of the Late

9:44

Night Linux team using the PayPal or

9:47

Patreon links at linuxmatters.sh

9:49

slash support.

9:50

For $5 a month on Patreon, you can

9:53

enjoy an ad-free feed of our show

9:55

or for $10 get access to all the Late

9:57

Night Linux shows ad-free.

9:59

You can get in touch with us via email, show

10:02

at linuxmatters.sh, or chat

10:04

with other listeners in our Telegram group.

10:06

All the details are at linuxmatters.sh

10:09

slash contact.

10:13

I've migrated to a dual GPU

10:15

system in two of my workstations,

10:18

so I have Radion and Nvidia

10:21

sitting in my PCs, K-I-S-S-I-N-G.

10:24

I do hope they're not touching. That could lead to all

10:27

kinds of electrical failure. Well,

10:29

maybe they're not touching physically, but they're definitely

10:32

interacting digitally. So

10:34

is this, you've got two graphics cards with

10:36

separate outputs plugged in, or are they doing some

10:39

sort of combined processy

10:41

output thing to a single

10:43

screen? They are

10:45

not both driving displays.

10:47

Let me explain. So this

10:50

all started when I used to have

10:52

an RTX 3090 in

10:55

my main workstation.

10:57

And it's a fantastic GPU, but

10:59

it has one considerable drawback

11:02

in that it has 24 gigabytes

11:05

of video memory, and half

11:07

of that video memory is on the rear

11:09

of the card. And the heat that

11:12

that memory creates

11:14

is dissipated by a metal backplate.

11:17

And that metal backplate was 99

11:21

degrees Celsius at

11:24

all times. Wow. And

11:26

that backplate is also

11:29

adjacent to the fan

11:32

in the case that pushes air

11:35

out of the case.

11:36

But what it's actually doing is it's blowing

11:39

superheated air at

11:41

the radiator for the CPU

11:44

water cooling. And it was turning

11:47

that water radiator

11:50

into a space heater. And

11:52

the direction of air that is exhaust

11:55

from the case was at me. So what that

11:57

meant was is that it was permanent.

11:59

permanently being blasted

12:02

with not just warm but

12:04

considerably hot air and

12:07

during the summer months that was just intolerable.

12:10

So as much as I liked the GPU

12:12

I thought I've got to

12:14

find a better way of doing things and

12:17

amazingly using two

12:19

GPUs is actually the solution.

12:23

So what I've done is I took the 3090 out

12:26

which is an over triple slot card

12:28

so it takes up half of

12:29

the available space in the

12:32

cut. Physically it's huge. So I took

12:34

that out and I replaced that with

12:36

a Radian RX 6700 XT

12:39

which is a dual slot card

12:41

and it's what you'd call a mid-range

12:44

GPU I imagine.

12:45

And then with the space that

12:48

made in the case I was able to reorder

12:50

the other cards on

12:52

the motherboard and free up a

12:54

single slot space

12:57

on the motherboard and in there

12:59

I added an Nvidia

13:02

T1000 GPU

13:04

and these are rather dinky. In

13:06

fact it's a single slot GPU

13:08

and it only takes power from the

13:11

bus which means technically

13:13

it can only pull 75 watts. That's

13:16

the maximum that the PCI slot can deliver

13:18

and actually the card uses way way less than

13:21

that. So by doing this

13:23

the RX 3090 at idle

13:26

would use about 40 watts of power

13:28

which is not too bad for a GPU but

13:30

under load it would get up to like 365

13:34

watts. It's an absolute power pig

13:36

you know in that regard but it doesn't

13:38

matter whether it's idle or going

13:40

full bore that back plate is 99 degrees

13:44

all the time. That

13:46

was the main problem. Was it not possible

13:48

to just like turn the case 90 degrees

13:51

and face the other way and blow the hot

13:53

air out

13:53

the door or something you had you had to

13:55

go. When it did have to go it didn't really matter

13:57

that it was blowing it at me that heat had

13:59

go into this room in some way

14:02

or other. It would find you, yes.

14:04

Using the Radion 6700 alongside the NVIDIA

14:09

T1000 has brought the power consumption down considerably.

14:12

The two together under idle

14:15

conditions, the Radion uses

14:17

about 30 watts of power when it's

14:19

just moving the desktop around, and

14:23

as best as I can tell the NVIDIA T1000 uses between 4

14:25

to 5 watts when idle, because it's really

14:29

not doing anything. I only have the

14:31

displays plugged into the Radion GPU.

14:34

This

14:34

NVIDIA GPU is purely

14:37

for compute and I'll get to

14:39

how I use it in just a moment.

14:41

And when the system is under load, let's

14:43

imagine I am game streaming, so

14:46

playing games and streaming that all

14:48

with OBS. The

14:50

Radion is using about 190 watts

14:53

to basically composite OBS

14:55

and play the game, and

14:58

then the NVIDIA GPU is

15:00

just being used for the compute

15:02

to do the encoding of the video

15:04

stream that gets sent to Twitch or

15:06

wherever. I've seen other people suggest

15:09

having two GPUs, and in fact I've

15:11

seen some people online who profess

15:13

to be expert at OBS

15:16

suggesting that this was actually not a good

15:18

thing and you should absolutely not put two GPUs

15:21

in a machine, but you should just throw one big

15:23

GPU at it. And so it's interesting

15:25

to hear your experience of it

15:27

being

15:28

good and performant and not

15:30

hot. Yes, so it works very

15:32

well in as much that now I'm

15:35

getting considerable power savings, so

15:37

under load this new configuration is

15:39

using about 150 watts less than the 3090, and the

15:42

temperatures are

15:48

way down. Both those GPUs

15:50

sit around 50 to 60 degrees

15:52

depending on the load that they're under, so

15:54

it isn't generating that same

15:57

volume of heat

15:58

into the case. the room around

16:00

me. And are there any complications with

16:03

installing the, I assume

16:05

that you're using the vendor

16:07

supplied drivers for both of these or

16:10

are you using the open source drivers

16:12

for AMD? And yeah, what's it

16:15

like having both of those installed and managing

16:17

that? That's an excellent question because that's actually

16:19

sort of the secret source in making this

16:22

all work. And kind of goes

16:24

to Alan's point about like people

16:26

recommend not doing this. I imagine

16:28

maybe those people aren't running

16:29

Linux where this, where

16:32

Linux kind of shines at this

16:34

particular sort of use case.

16:36

So I'm just using the regular

16:39

drivers to run the radian

16:41

stuff. So I don't use the AMD

16:44

GPU pro drivers or whatever they're called.

16:46

I'm just using the open source

16:48

drivers plus the firmware that you

16:50

get with the Linux firmware bundle. And

16:53

that means that Wayland and all

16:55

of that stuff works, including

16:58

video acceleration, hardware,

16:59

encoding and what have you is

17:02

available on the radian GPU,

17:04

but I'm choosing not to use it.

17:06

On the Nvidia side, just using

17:09

the Nvidia proprietary drivers.

17:11

But the important step here is on

17:13

Ubuntu, there's a meta package for the Nvidia

17:16

drivers, which has dash headless in

17:18

the name. And effectively, that

17:21

includes all of the Nvidia drivers,

17:24

except the display

17:26

server drivers, so no XOR

17:28

drivers. And so that

17:31

enables things like CUDA and NVENC

17:33

and all the compute capabilities, but

17:36

it has no facility to drive displays

17:38

at all. So when you run those

17:40

two side by side, you now

17:43

get the full compute capability

17:45

of an Nvidia GPU,

17:47

but none of the display output. And that's

17:49

also what helps keep the power

17:51

draw of that Nvidia GPU down because actually

17:54

driving the displays is what actually pumps

17:56

a load of voltage through the GPU

17:59

in order to drive the

17:59

those displays.

18:01

And I was talking about temperatures

18:04

and power consumption earlier.

18:07

I'm able to measure that with NV top.

18:09

So it's a little command line love for you here.

18:11

NV top's been around for ages. The NV

18:14

is a clue that it was an Nvidia tool, but

18:17

it recently added support for multi GPUs.

18:19

So when I run NV top now, it's a stacked

18:22

display and I can see all of the metrics

18:24

for both GPUs, what's running

18:26

on them and all the rest of it. So with

18:29

this configured and I've run this

18:31

configuration

18:31

on Ubuntu and I'm now running

18:33

it on Nix OS. On

18:36

Nix OS, it's a slightly different configuration

18:38

in

18:39

that you just tell your Nix OS configuration

18:41

that you're using what's called reverse sync.

18:44

Because traditionally when you have

18:46

an Nvidia GPU, it wants to be the

18:48

primary and the other things it's

18:51

subordinates. And what we're doing is we're tipping

18:53

that on its head. I want the Radian

18:55

GPU to be the primary and I just

18:57

want the Nvidia GPU to be the sibling,

19:00

the dumb thing that we just

19:02

do compute with. And it works as

19:05

well on both. It's been really

19:07

stable. I've been running this for like nine months

19:09

now. It's been really great. But

19:11

this means I have all the benefits of running a Radian

19:14

driver on the desktop. So Wayland,

19:17

if you care about those things, will work just

19:19

fine. But most importantly,

19:22

all of those workloads were an Nvidia GPU

19:24

is required. For example, DaVinci

19:27

Resolve. DaVinci Resolve will work

19:29

even though the display driver is using Radian

19:32

and it has a requirement for CUDA.

19:35

It finds the CUDA being

19:38

satisfied by this other GPU, which

19:40

means you can do your effects

19:42

composition on the Nvidia GPU

19:45

and the video encoding on the Nvidia

19:48

GPU all seamlessly. And

19:50

the same is true on OBS Studio.

19:53

Everything's composited with the Radian, but

19:55

then the Nvidia GPU is used

19:57

for all of the hardware encoding, but you can turn it on.

19:59

and all of the quality settings up to 11

20:03

on the NVIDIA GPU because all it's

20:05

doing is that encoding piece. So you get

20:07

no penalty of your game performance

20:10

where the NVIDIA GPU can sometimes take

20:12

too much when it's doing the video

20:14

encoding away from the game. It's interesting,

20:17

I have a not quite as complicated but

20:19

similar setup of multi GPUs in the

20:21

NUC that is on

20:23

my desk here, which has an

20:25

inbuilt Intel CPU, an AMD GPU

20:28

and externally an eGPU,

20:31

which is an NVIDIA card. But

20:33

I'm using them the other way around the traditional way. The NVIDIA

20:36

is driving the displays and the AMD is for

20:38

whatever else I can use it for. Yeah,

20:41

it's interesting that you can actually use both

20:44

the GPUs at the same time with both drivers

20:47

loaded and it works fine on

20:49

Linux and on Windows. Right, so you've used

20:51

it with Windows and Linux quite happily.

20:53

Yeah, yeah. I mean, maybe

20:55

some people haven't experimented with this in other

20:58

parts of the world because they live in places

20:59

where air conditioning is ubiquitous

21:03

and they wouldn't run into this particular,

21:06

you know, climate issue. Or they live in Norway

21:08

where it's just naturally cold.

21:10

Yeah, exactly. And I also

21:13

have an Intel Arc GPU. And

21:16

what I'm going to be looking at next is how

21:18

I can potentially use the Intel Arc

21:20

GPU in a similar configuration.

21:22

So maybe use Intel Arc as the primary

21:25

with NVIDIA alongside it. Or

21:27

maybe in my test workstation,

21:30

all three GPUs at the same time

21:32

and see what madness we can cook up there.

21:35

But yeah, it's been a great configuration.

21:37

So if you have got mixed workloads,

21:40

dual GPU setups on Linux, work

21:42

a treat, and these T

21:45

series cards from NVIDIA, single

21:47

slot, bus powered, not tons

21:50

of CUDA performance, something around

21:52

the sort of 1050 Ti sort of region. But

21:58

in terms of their video encoding... performance

22:00

exactly the same as a 3090, so pretty great.

22:06

I

22:06

have a further update to what I

22:08

talked about in episode 10. And

22:11

a small reminder is that last time I downloaded

22:14

some historical EV data,

22:17

charging data from BMW, the

22:19

manufacturer of the car. And I

22:22

uploaded it to Axiom, my employer,

22:24

to build a dashboard so I could see some

22:27

detail about the different types of places

22:29

where I've charged and how frequently

22:32

I use my home charger and other

22:34

charges. So that's what I talked about

22:36

in the last episode, go back for a refresher to

22:38

listen to episode 10 for that. But

22:41

the problem with that is I only had the historical data

22:43

and I've had the car for 18 months and I could download

22:45

a snapshot of that 18 months, but

22:48

I couldn't use that to get ongoing

22:50

data because I'm still on the car and I'm still charging

22:52

the car every day or so. And

22:55

so I wanted to get ongoing

22:57

data and BMW has

22:59

an API for getting that car

23:01

data and I tried to

23:03

register. They have a service called AOS,

23:06

which is after sales online system

23:09

and I got rejected.

23:12

I applied for access and

23:14

they said nine. So

23:16

I said, please, it's my

23:19

car and I would like access to the

23:21

data around my car and I got redirected

23:23

to another department who also

23:26

said no, because and

23:28

I quote, I do not fit to

23:30

be a publisher of technical information.

23:33

So what I think it is, is it's designed

23:35

for app developers or people

23:38

who work in the automotive industry who want to

23:40

integrate with the car

23:42

system in some way.

23:44

And I kind of moaned a little bit on Mastodon

23:47

and then I did a bit of

23:49

Googling and actually found

23:52

a tool that helped me and

23:54

it's called Bimmer Connect.

23:57

Bimmer being the colloquial

23:59

name.

23:59

for BMW manufactured motor

24:02

vehicles. I went down a little bit of a rabbit

24:04

warren in the UK.

24:06

We tend to call them Beamer's, but actually Beamer

24:08

is generally the term for the motorcycles made

24:11

by BMW and Beamer is the

24:13

term for the cars apparently. And

24:15

there's a different name they use in China that

24:17

sounds very much like a boamer,

24:20

which sounds a bit like a cow or something.

24:23

It's very strange. Anyway, there's a whole article on the BMW's

24:25

website about Beamer, Beamer, and

24:28

so on.

24:29

Anyway, there's this piece of software called Beamer

24:31

Connected and it's open source. And

24:34

it's a library to query the

24:36

status of your BMW or your Mini using

24:38

the connected drive portal. And the connected drive portal

24:40

is a thing that I have a sign on for, because

24:43

it's the thing that the official app uses

24:46

to link you as a person to your

24:48

car. And this thing is a Python library.

24:50

So you could use it to query the API using

24:53

your existing username and password that you already

24:55

have and the VIN of your

24:57

car, the VIN being the vehicle

24:59

identification number or VIN number.

25:02

And it also has a command line

25:04

tool

25:05

you can use to get the data. And the command line

25:07

tool is called Beamer Connected.

25:10

And all you do is run Beamer Connected and you pass

25:12

it your username and password and the

25:15

region that you're in, because I think they've got multiple

25:17

endpoints for USA, China

25:19

and rest of the world. And then

25:21

it produces a JSON

25:23

dump of data about the car. And

25:26

what data about the car you ask? Well,

25:29

but this is different kind of data because

25:31

before you did like a data checkout,

25:34

it was all of your data

25:35

for all time. So yeah,

25:37

what is this? Is this everything again

25:39

or is this something else? No, this is just

25:42

a snapshot. And

25:44

the snapshot is like real time.

25:47

So if you query it multiple times over

25:49

a period of time, the data will change.

25:52

Well, some of the data will change. There's some of

25:54

it, which is stuff

25:55

that doesn't change, physical attributes of

25:57

the car, like the make and the model, the drive track.

25:59

whatever enabled capabilities

26:02

that the car has like electric windows and so

26:04

on. And there's some stuff that doesn't change

26:06

very often like software versions

26:08

that's reported in there as well. It's just

26:11

one big big JSON file. What

26:14

else is in there? The charge schedule.

26:16

So if you set it to charge at certain times that's

26:18

in there. The status of the doors

26:20

and the windows and the sunroof whether they're closed or

26:23

open which is good from

26:25

a security point of view. But the stuff I actually

26:27

wanted is also in there and the

26:29

stuff I wanted was the mileage, the

26:31

charge level, the range

26:34

and the latitude longitude and heading

26:36

of the car. So I can tell where it

26:38

is, what the charge level is and how many miles I've

26:41

done. And which way it's pointing. And which way

26:43

it's pointing yes which is very helpful. I

26:45

think the reason why they put that in there is

26:48

in the app it shows a little picture of your car and

26:50

it actually does show it which way the car

26:52

is pointing on a map which is yeah quite cute.

26:55

I don't know why that's useful but it is. So

26:58

I wrote a five line shell script

27:00

which calls BIMA connected with all

27:02

my credentials which dumps

27:05

out the JSON and then I just throw that at

27:07

Axiom using curl using our API.

27:10

And I do that, I was doing it every

27:12

minute but then realized

27:14

that was a little bit excessive to keep poking

27:16

it going where's my car where's my car where's my car every 60

27:19

seconds. Especially given when

27:22

I looked at the data I zoomed in on the

27:24

dashboard that I built in Axiom and I

27:26

could see that even if I poke the API every 60

27:28

seconds it only actually updates every five minutes.

27:31

So I think my car only reports status

27:34

every five minutes and so I dialed

27:36

back my script so that it goes

27:38

to sleep for five minutes and then pokes the API

27:40

again. And so now I have

27:43

the historical data and

27:45

I have ongoing data showing charge

27:47

level. It doesn't quite have all

27:50

the information that

27:51

I could get from the data dump. It doesn't

27:53

have like the street address of the charger where

27:55

it's currently sat but it does have latitude

27:58

and longitude and I can calculate.

27:59

If the car

28:02

was at a certain spot and the amount

28:04

of charge went up, then I could

28:06

log that somehow. So I can use

28:08

this information. It's just

28:10

not quite as nicely formatted. But

28:13

I could also once a month do

28:15

a takeout and get that historical

28:17

data again. And I'll put all of this

28:19

in a follow-up blog post to

28:22

the last one, and that one will be in the show notes. But I just thought

28:24

I'd mention that I've managed to wrap

28:26

this whole thing together with the takeout

28:29

and BIMR Connected.

28:29

And thank you to all the wonderful

28:32

people who've written and maintained

28:34

that BIMR Connected bit of Python. Well,

28:36

open source will find a way.

28:38

Yeah, it certainly does. As will a dodgy

28:40

shell script running on a server in my house.