Jae's Blog Creatures and blogs.

First, some context.
ANFR is France’s equivalent to the OFCOM (in the UK), BNetzA (in Germany) or Traficom (in Finland). They regulate allocations on the radio spectrum and everything related to it.

Last year, they did a public consultation in relation to raising the threshold for “atypical points” from 6V/m to 9V/m. As with anything concerning radio waves, they had a slew of responses from conspiracy theorists, self-proclaimed “hyperelectrosenstive” people (the term coming back fairly often), but also approval from some entities such as SNCF (the national rail system).

All those responses are published on their website: https://www.anfr.fr/REPONSES/
Given that URL is publicly accessible, PII such as names, family names, phone numbers and addresses were redacted via black boxes on the documents.

While reading the responses in my web browser, Firefox, I noticed that I could click on some of those boxes, switch to edition mode, press DEL and completely de-obfuscate the PII.
I’m not a security expert by any means, and even I can say that’s pretty bad for an agency supposed to regulate frequencies.

So, what to do in this situation? I discovered this on Thursday 25 of December 2025.
On Friday 26 of December 2025, I decided to give them a call, as their website stated they would be open. Of course, no response at this point.

On Monday 29 of December 2025, I called once again, and this time, got someone over the phone. After explaining the issue, I was just told, “that sounds bad, I’m going to transfer you to someone else” (paraphrased).
After waiting for a bit, I ended up on someone who sounded confused and just thanked me for the report before quickly ending the call.

At this point, I wasn’t sure the issue would be even resolved from this phone call, so I waited for a bit, checking on the website now and then.

As of today, Friday 09 of January 2026, the issue has finally been fixed. While in a browser, the redaction boxes can’t be moved or deleted. When loading the PDF into Inkscape, you can move and remove the redaction boxes, but what’s under it is gone.

I’m also shooting a message to the CNIL (governmental data privacy agency) as ANFR didn’t publicly disclose that there was a possible leak of PII from their website, even if as simple as this.
In my opinion, this does reach the threshold to be a personal data breach, and as the European Commission themselves says, ANFR would have had to disclose it within 72 hours.

A quick blog post to announced that I archived a bunch of Yealink-related software on Archive.org, including firmware, manuals, and configuration tools.
This is due to Yealink’s support just removing things after updating their website.

You can find the files at:

• Yealink Configuration Generator Tool 2.0.0.16 V 83
• Yealink phone firmware & resources collection
• Yealink Logo Converter
• Collection of firmwares for the Yealink T42s

Happy hacking :)

---

Small update: I was curious about the firmware 3CX published on their website, being T4XS-66.86.0.180. This firmware not appearing on any official Yealink documentation, I sent them the following email:

Hey, I see that you are offering a T4XS-66.86.0.180 firmware for the Yealink T42s.
I wonder, what are the changes from the official one?
For instance, does the firmware lock the phone into 3cx or is it just bug fixes?
Thanks,
// jae

Today, I received the following response from 3CX:

Hello Jae,
Thank you for your message, The firmware versions you see on the 3CX website are official Yealink firmware build which are simply Tested, certified, and recommended by 3CX for use with 3CX systems
3CX does not modify or “custom-code” Yealink firmware. 
​For further information or comparisons of the firmwares, please contact Yealink directly. 
​Let me know if you require further assistance from our end. 

This firmware has therefore been added to the archive.

Happy new year again dear reader, hopefully you had wonderful holidays.
Me? I spent my holidays getting increasingly frustrated by a small software named FreePBX.

FreePBX, as its name suggest, is… a PBX… manager, PBX meaning Private Branch Exchange, or to do simple, your very own VoIP and telephony server.
As mentioned, FreePBX is only a front-end for another software called Asterisk, which does the real phone stuff in the background.

While both software are Open-Source, FreePBX being under (A)GPL v3 (for the most part, more on that later), and Asterisk GPLv2, there is a giant gap in quality between the two.
While Asterisk generally works like you would expect it to, FreePBX has been a hassle at all level, all the more exacerbated by the current documentation, being one of the worst I’ve seen in recent times.

More than that, the default FreePBX installation script installs a plethora of proprietary “commercial” modules, which has the tendency to show you ads on login.
It’s because of that poor documentation that I’m starting this small series of tutorial on how to make your own phone system using FreePBX.

“But Jae”, some might say, “why don’t you just contribute to the project instead”? The answer is simple: I’m not signing no damn SLA.

The installation

Of course, we have to start somewhere, and I actually think installing FreePBX is a good one.
There are two ways to install FreePBX:

• The distribution version, which is a modified Debian 12 ISO that ships FreePBX by default
• The automated installation script hosted on GitHub

In this tutorial, we’re gonna focus on the script version, as I have no idea how you’re getting servers, been provisioning them via a public cloud or having a spare machine.
So we’re going to make a few assumptions:

• You have a running Debian 12 server, freshly installed
• You know how to follow instructions
• The domain we’ll use is example.com (of course, replace with your domain)
• Your server is equivalent or above of a Hetzner CPX22 (4Gb RAM, 80Gb disk 2vCPU)
  

So SSH into your server, and let’s start the installation by:

# Get the actual script
$ wget https://github.com/FreePBX/sng_freepbx_debian_install/raw/master/sng_freepbx_debian_install.sh -O /tmp/sng_freepbx_debian_install.sh

# Don't forget to audit it :)
$ less /tmp/sng_freepbx_debian_install.sh

# And start the install
$ bash /tmp/sng_freepbx_debian_install.shCode language: Bash (bash)

This will take a while, go fill your bottle of water and get hydrated properly in the meanwhile.

Once this is done, our first step will be getting rid of most of the proprietary modules; sadly, some provide functionality that is needed to not have the worst experience in the world.
This step will throw errors, but don’t worry, in the FreePBX world, that’s normal.

# First, we get rid of everything
$ for x in $( fwconsole ma list | grep Commercial | awk '{print $2}' ); do fwconsole ma delete $x; done

# Install some dependencies
$ apt install build-essential

# Now we re-add the admin tools add-on
$ fwconsole ma install sysadmin

# Upgrade the rest
$ fwconsole ma upgradeall

# Double check for any remaining commercial modules
$ fwconsole ma list

# Small note: do NOT uninstall the sysadmin module since it's one of the essentials. The following is also an example.
$ fwconsole ma remove endpointCode language: Bash (bash)

Now, let’s head to the web interface using the IP displayed after the installation. There, you will have to set up basics such as the admin user and password.

Congrats, you now have a FreePBX instance! Beware, you’ll need to skip a few ads.

Once you have done this step, log into the FreePBX dashboard.
Make sure to enable the smart firewall when prompted, this is critical as bots will instantly hammer your server.

This will have the side effect of terminating your SSH connection, get your IP address (or even better, prefix), on the navigation bar, go in “Connectivity” then “Firewall”.
There, in the “Networks” tab, add your prefixes by clicking the small green “+”, hit “Save” in the bottom right and finally, hit “Apply config” in the top right.

You’ll see that “Apply config” button a lot, as most actions will require you to press it.

Configuring the basics

Now, we’re going to give the only concession we’ll ever give to FreePBX. Find some temporary email address and mailbox, it’ll be important in a few lines.

In the navigation bar, head to “Admin”, then “System Admin” near the bottom. On this page, click “Activate” (on the bottom right), and follow the prompts on screen, giving the add-on your fake email.
Don’t forget to put fake phone numbers as well.

Once you have an installation ID on screen, copy it, it’s faster to activate through the command line interface like so:

$ fwconsole sysadmin activate <deployment ID>
Code language: Bash (bash)

Thereafter, refresh the page, and you’ll see new options on the right.
In those new options, click on “HTTPS Setup” and open the “Here” hyperlink in a new tab.

On this new page, hit “New certificate”, then “Generate Let’s Encrypt Certificate”, and fill in the info with what you have. When you’re done, hit “Generate certificate” in the bottom-right corner.

You can now close this tab and come back to the one we left open. Refresh the page, then head into “Settings”, select your certificate in the dropdown and hit “Install”.
Congrats, now you can access your PBX admin panel via HTTPS.

---

… and that’s it for today.

Don’t miss the next tutorial, in which we’ll start adding extensions and configure emails.

Last post of the year, I hope everybody will have a wonderful 2026, even within those troubled times.

I was playing with my Yealink T42s IP phone last night, wanting to make some API endpoint that automatically generates a remote phone book for the phone.
The remote phone book uses XML formatted with custom elements that are described within their official “documentation” PDF, graciously archived here.

The PDF shows the following example (from “Yealink SIP Phones XML Browser Developer’s Guide”, page 49):

<?xml version="1.0" encoding="ISO-8859-1"?>
<YealinkIPPhoneDirectory
defaultIndex = "integer"
next = "URI"
previous = "URI"
Beep = "yes/no"
cancelAction="URI"
Timeout = "integer"
refresh=“refresh time“ url=“url“
LockIn = "yes/no">
    <Title wrap = "yes/no">Directory Title</Title>
    <URL>URL</URL>
    <InputField>
        <Parameter>name</Parameter>
        <preKey>key words of the contacts</preKey>
    </InputField>
    <MenuItem>
        <Prompt>Contact Name</Prompt>
        <URI>number</URI>
    </MenuItem>
    <!--Additional Menu Items may be added -->
    <!--Additional soft key items may be added -->
</YealinkIPPhoneDirectory>Code language: HTML, XML (xml)

However, if you try it yourself, you’ll find that when updating the phone book, no entries will show up.
This is because Yealink’s own documentation is faulty.

In reality, the phone book needs to look like this:

<?xml version="1.0" encoding="UTF-8"?>
<YealinkIPPhoneDirectory>
    <Title>PurplePBX</Title>
    <DirectoryEntry>
        <Name>Jae (desk)</Name>
        <Telephone>1911</Telephone>
    </DirectoryEntry>
</YealinkIPPhoneDirectory>Code language: HTML, XML (xml)

Replace the MenuItem by DirectoryEntry, Prompt by Name and URI by Telephone and you get a working directory.

Thank you, Yealink, for making confusing documentation, while completely removing old (and new) firmware downloads from your support site.

I promised it a few months ago, and here it is: ARM support for the Resonite Headless Server Software is now generally available.
So, what took so long in doing the port? FrooxEngine itself runs perfectly on ARM CPUs, the issue arising when trying to hit native libraries.
Resonite itself relies on about 250 external dependencies, most of which being Open-Source, some of them even shipping ARM support natively.

The issue remained in the 12 libraries left not shipping or supporting ARM, namely, FreeImage, Opus, crunch, Assimp, MSDFGen, Rnnoise, Brotli, Compressonator, SoundPipe, FreeType, SteamAudio and SteamWorks.NET.

Most of those libraries were trivial to build to ARM, and with a streak of luck, GitHub made ARM runners available right about the time I started working on this issue.
Before that, you needed to cross-compile everything or spin up some kind of QEMU VM for it. With the new runners, it became as easy as defining an OS array and using it like so (partial snippets):

# Define matrix of OS versions to use
strategy:
      matrix:
        osver: [ubuntu-latest, ubuntu-24.04-arm]

# Use it
runs-on: ${{ matrix.osver }}

# Set artifact name depending on platform
      - name: Set dist name
        run: |
          if ${{ matrix.osver == 'ubuntu-24.04-arm' }}; then
            echo "distname=arm-dist" >> "$GITHUB_ENV"
          else
            echo "distname=linux-dist" >> "$GITHUB_ENV"
          fi

# Upload artifact with right name
      - uses: actions/upload-artifact@v4
        with:
          path: Dist/
          name: ${{ env.distname }}Code language: PHP (php)

Yup, it’s that easy. Most of the libraries were trivial, building a C or C++ program for ARM on GitHub Actions basically equates to running the same commands on the ARM runner.

All this work was also the opportunity to clean up some files shipped in the FrooxEngine repository by bundling libraries directly into NuGet packages instead. Usually, those native libraries end up in runtimes/linux-arm64/native.

Now, why did it take so long to put this together, since it sounds so trivial? Well, that question can be answered with a single name: Steamworks.
We use Steam integrations (as Resonite is published on Steam), so of course, we do need to ship the Steam library, which at the time had no support for ARM64, completely crashing the type computing mechanism in FrooxEngine.

Fast-forward to November, Valve announces their headset, the Steam Frame. I didn’t care much for the headset itself, only that with it being ARM, it meant that we would finally get official ARM support for a bunch of stuff from Valve. A week or two later, they finally delivered, updating the Steamworks API library to support officially ARM.
At first updating the library itself proved difficult as for some reason, Steamworks.NET builds every single architecture separately. Luckily, a PR opened on the official repository made quick work of it, and provided proper ARM builds.

Early testing of the headless was done on the Oracle Cloud Free tier ARM machine. With Steamworks patched, I finally watched the headless run flawlessly on that machine, the only error remaining being the Discord social SDK complaining about the architecture. Luckily, Discord isn’t as critical and can be ignored.

All in all, this was a fun issue to tackle, and it opens the door for more ARM stuff in the future. Maybe a native ARM build for the Steam Frame, or a mobile build? Who knows?

In any case, time for you all to finally put that Raspberry Pi you’ve had on your shelf for the past 5 years to good use again.

A small reminder that you need at least the Discoverer plan to get access to the Headless Server Software; however, any support of Resonite is greatly appreciated.
If you wish to support us, you can subscribe within the account website.

Special thanks to the people & creatures that made this possible through research, direct contributions, or testing:

• Cyro
• AdamK2003
• Orion Moonclaw
• Gamethecupdog

To all the non-furry readers of this humble blog, brace yourselves.
I’m very tired from the end of the year, and couldn’t get myself writing more technical stuff, so a socks review is what you get.

Recently, I was looking to replace my old socks, bought on SocksDreams years ago, those started to really show their age, as well as not being really that soft to start with.
To this end, a friend recommended me Angy Paws, a company basically by furries, for furries which offers a ton of designs.

Sadly, when I ordered, tons of designs were out of stock, so I ended up buying the classic striped purple and black ones.

First, the shipping, Angy Paws being based in Australia, I was expecting the socks to take some time to arrive, the site even estimating them to arrive around December 25th. Well, to my surprise, shipping was extremely fast, doing the trip from Australia to Finland in just 10 days. Shipping itself was around €20 which isn’t the worst I’ve paid.

So, what’s in the box? Upon receiving your socks, you’ll be greeted with of course your items, but also a business card to exchange for a business card, and a small (and a bit corny) care card on how to wash the socks and remove the tags.
Overall, bonus points on the packaging for being entirely customized. I saw an option to have more discreet shipping as well, but not it’s not for me.

So now, the most important thing: how are the socks?
Being straightforward, those are probably the most comfortable socks I’ve ever worn. The previous socks had the issue of being too large for me, meaning those would slide off with some time.
Those are tight enough that they don’t slide, but also not too tight that they are uncomfortable. Same with the arm warmers, they fit correctly, not much else on that front.

Overall, I’m giving the whole experience a nice 10/10, which means I’ll 100% be back once more designs are back in stock.
And if you’re looking to invest in socks, look no further and give Angy Paws a try.

A few months ago, I announced some changes related to comments on this blog following an influx of spam comments.
Back then, I chose FriendlyCaptcha as the solution, however, the plugin required some extensive modifications to work with ActivityPub, my custom theme, and custom server, which isn’t really practical on the long run (as it adds to the burden of maintenance).

As of today, FriendlyCaptcha is no more on this blog and has been replaced with ALTCHA.

ALTCHA has a few advantages over the previous solution:

• No external calls
• Easier to integrate with my custom theme (EG, it just works)
• I can whitelist ActivityPub endpoints really easily

For instance, to let ActivityPub through, it’s as easy as setting the paths setting to:

*
!/.well-known/*
!/wp-json/*Code language: JavaScript (javascript)

All in all, from the short testing I’ve done, ALTCHA is probably the best option I’ve stumbled upon so far.

For the first time in a really long while, I have good news to report from the frozen wasteland also called Finland.

As of today, November 24th 2025, the Finnish Red Cross Blood Donation Service will give the same questionnaire, regardless of the gender of the person wanting to donate blood.
The question about gender will also be removed altogether. Doing that is a pretty good step in including everybody, and a welcome change in today’s environment.

You can read more about this on their official website. Also donate blood if you can, you’ll literally save lives.

To give a more complete timeline, the restriction of blood donation for gay couples was removed back in December 2023, which the blood donation service requested in 2022.

I recently got a Yealink T42S IP phone to play around with.

To get that question out of the way first, “why”? Because it’s fun to have a proper phone on my desk.

Right now, I have a few PBXes configured on it, in two categories.
Proper PBXes where I get a proper phone number:

• Callcentric, which you can reach me at +1 (438) 500-2694 from; offers really cheap DIDs through a promotion, though the numbers are North American
• VoIP.ms, which you can reach me at +358942459241; offers really low costs in general, DID is a bit more expensive, but has free inbound for residential (I also have a referral code if you’re interested)

Now, most of the PBXes I’m on are hobby projects, those that aren’t routed publicly, but free to join:

• HamPY, which is a network running for radio hams in Finland; you can reach me via 17228
• Hams Over IP, which is a more global network for radio hams; you can reach me via 200564, my callsign or DMR ID
• LiteNet, which is a hobbyist community project; you can reach me via 1059
• Another private one by a friend, my extension is 1911, but I doubt any of you is on it

Configuring the phone is generally really easy, it has a web interface from which you can enter all the info (also don’t forget to turn on IPv6!).

Over the past half year, I’ve had the pleasure of Collaborating with Bellingcat as a contributor to their OSINT (Open-Source Intelligence) challenge platform.

For those who aren’t aware, Bellingcat is an independent investigative journalism group based in the Netherlands that publishes investigations using OSINT about war, human rights abuses and the criminal underground (this description is shamelessly stolen from the Wikipedia article as they describe it well).

This all started back in March 2025, when I published this challenge in their Discord community. The premises are simple: find where that scan was taken.
Just a few minutes later, already three people managed to find the location; a few days later even more. This challenge seemed well-received, and I was contacted by the Producer of Bellingcat to create a few more challenges for their Open-Source Challenges Platform.

All the challenges took half a year to collect, design; and over 6000 km of travel was needed within Europe.
Though I’m a bit sad some scans didn’t make the final cut (some of the ones I originally planned turned out worse than I imagined), the challenges turned good overall.

I want to thank Bellingcat for this opportunity to collaborate, and I encourage anyone to check out the Open-Source Challenge platform, and even donate to them. The challenge scans will be made available within Resonite in 6 months time from now.