April 2025 - Patch Now! Critical CVE, Speed Boosting your Mesh & Solar Nodes Galore!

Howdy.

It's Jon, and you're tuned in to the April edition of Voice of the Mesh,

the podcast where we untangle everything.

Meshtastic.

On the docket this month,

a critical CVE that makes upgrading to the latest firmware a must do.

Why ditching long fast for snap?

Your presets can free up precious airtime and a wave of new hardware

from battery Bank to seed's solar powered

P1 Pro with built in GPS.

All of the links live in your show notes, video description or on our website.

So let's tune up the radios and dive in.

First, in Headline news, we have that critical vulnerability that I mentioned.

It is ranked 9.4 out of ten.

So this is a very critical security issue.

And it is titled incorrect handling of malformed packets

leads to controlled buffer overflow.

And for the technical of you out there, this vulnerability

does allow for the possibility of a remote code execution.

So it is very dangerous for you non-technical users.

The short version is that anyone on the same channel

as you can send you bad data, and in the best case scenario

that crashes your radio and at the worst case scenario,

it could possibly allow them to execute malicious code on your phone.

I don't think we've heard of any cases of that happening.

We're not entirely sure if that is possible, but

that is the level of criticality that we're talking about.

And I'm going to quote the bug report here.

This attack does not require authentication or user interaction.

Again, you don't have to click anything as long as your radio

is on and receiving from a public mesh.

Someone can send bad data that could do bad things to your radio.

Again, either crash it or potentially execute malicious code.

You will want to upgrade to at least 2.6.2.

You might as well upgrade to the latest beta whatever's out by the time

you listen to this, but all previous versions of the firmware

below 2.6.2 are impacted by this vulnerability.

It's really important that if you take nothing away from this podcast,

please upgrade your firmware.

Moving away from the doom and gloom, there was a meshtastic

blog post titled is long, Fast holding back

your Mesh better Lora presets for bigger, meshtastic networks.

Let's look at the highlight problem long fast,

which is the default setting for all meshtastic radios is slow.

A maximum length message is about 230 characters,

and sending that on long fast, which is one kilobits

per second, takes about two seconds to send.

Each speed preset roughly doubles the speed.

Here in the San Francisco Bay area mesh,

we utilize medium slow, which is twice as fast

as long fast, and it operates at two kilobits per second.

Now that message only takes one second to send

if you jump up a couple more notches to something like short fast,

which the Puget Mesh is testing this month, which is May 2025.

Short fast operates at ten kilobits per second.

Now, that same lengthy message that took two seconds to send on

long fast takes under a quarter of a second to send.

If you're listening to this in May 2025 and you're in Western Washington,

you should join the Puget Mesh Short Fast test.

With that problem being said, why is faster better

the longer time your radio spends on the air,

the more chance there is for something to go wrong.

That might be interference.

It might be collisions with other radios that are sending data as well.

Or your message may simply be incomplete or fragmented,

especially if you are in a situation where you are moving,

whether your radio is in hand and you're just walking around

or you're in a car, think about where your radio is

and what's around you for two full seconds 1001 1002.

You could pass in front of something.

Something could pass in front of you and your message gets cut off halfway.

If that message now takes a quarter of a second.

There's a lot less of a chance that something is going to interfere

with that message.

Of course, while you are sending your message

and other people around you are listening politely.

No one else can talk in a bigger mesh.

That air time is a critical resource that must be protected.

You just have to look at the UK and their problems,

which are exacerbated by in their radio usage.

A lot of the mesh has to.

Changes recently that have slipped into the firmware

quietly have helped remove things that are taking up more air time,

because air time is critical in these larger meshes and also remember

that when we're talking about message speed, it's not just text messages.

There's all the other background data that's being sent, whether it's

the telemetry of environmental data or location information,

or simply node info packets and all the other radios re sending it.

Your two second message, which might need to be re sent a few times

to be seen by another radio, could take two, four, six seconds to send

and then someone else has to send it out with a new another two seconds.

You can see how very quickly just a few hops, one message

could take 10 or 15 or 20s to be broadcast across a larger mesh.

I'm not going to read the entire blog entry.

If you are in a community mesh, you really should sit down and read this.

The blog entry does cover some real world examples, which includes

more details from the San Francisco from the San Francisco Bay area

on medium swell, along with a New Zealand

mesh user group that is operating on a short, fast.

All right.

And now from the headline news, we go off to the hardware.

And it actually starts with something that came out last month.

But I missed it, which is the rack wireless with mesh WiFi gateway.

And unlike all other rack

with blocks that you've seen in every other rack wireless space node,

which is NRF 52 based in order to be WiFi because NRF 52 does not support WiFi,

the rack one one 200 core module

that is in this Wiz mesh Wi-Fi gateway is Esp32 based.

It's going to chew up a little bit more battery,

but again, this is designed for somewhere where you already have

Wi-Fi to be a gateway, so why would you use it on solar?

It does include a waterproof case, though.

That case does not have any sort of solar.

Being Esp32 based, it's obviously not designed to be battery operated.

At $70, it's a pretty good deal if you need something

quick and easy to be your uplink to mQTT

or other Wi-Fi based mQTT,

this is a great quick option for that.

Moving along to what is probably going to be the node

I am most looking forward to playing with in the hopefully near future,

is the Haltech mesh pocket,

which is a key to power bank node, supporting up

to 15W of wireless charging and also being able to charge via usb-C.

So yes, it's a power bank that also includes a Meshtastic radio.

It comes in 5 or 10,000 milliamp hour sizes.

It has an e-ink display and NRF and a 1262 chip.

That's very standard stuff.

And while it's not documented and I haven't seen any reviews,

I would have to guess that it's probably based around the similar concept

as their T1 one, for there is an integrated antenna.

Unfortunately, it does not look like there's

any sort of external antenna hookups, and there is no GPS either.

But again, this is a power bank that's designed clearly to be used with a phone.

The one oddity is, while it has usb-C,

I think those are just used for

wired connectivity to the battery charging and discharging the battery bank,

because it also has pogo pins for quote unquote firmware.

I have to be honest, I saw a prototype picture of this node

at least six months ago, maybe longer, and I have been excitedly

waiting for its release because for a very long time, my everyday

carry was a taco

with a MagSafe ring glued to the back so that I could slap it to the back

of my phone and have an easy way to carry both the radio and my phone.

This is obviously in a little power bank form factor.

I'm much better option than what I have done previously.

In something slightly different,

we have a I'll call it a community project, the Hermes.

It is titled as an affordable and flexible external solar node enclosure.

It's a flexible 3D printed case that's long or short of it.

You have the options for SMA and N-type antennas.

There's a bunch of different options around how you mount it.

Be it to poles or walls or other things,

and it supports up to four, 18, 650 batteries.

Now for 67 USD.

It's a little bit pricey for a case, especially since you must

provide your own rack with block batteries and solar panel.

But if you're looking for something that's super flexible

and supports different antenna types, this may be a very good option.

Another one in the line of solar nodes.

Actually, last month we talked about the rack wireless

with mesh solar repeater, and this month is the solar repeater mini.

It looks to me very similar to the previous rack

wireless enclosure which had a solar panel on the enclosure.

Just this node is basically that enclosure prebuilt

with a wiz block and a 3200 milliamp hour battery.

It's nothing new or earth shattering, but at $100,

it's a good deal for someone who just needs a small solar node.

That's already done.

Ip65 case can just take it outside, slap it up, and be ready to go.

Rockland lists this as targeted towards portable

and quick deploy use cases, as opposed to the full repeater,

which is targeted towards more long term serious infrastructure usage.

And finally, in new hardware for this month, we have yet another solar node.

It's the Seed Studio Sense cap,

solar node P1 and P1 Pro, both of these variations are based

on their tiny Zhao and RF 52 controller, and the Pro Edition includes

GPS and 13,000 milliamp hours of battery, which is super nice.

Seed says that the battery alone should run the unit for two months,

which makes sense because on an NRF 52 it does not take that much power.

I think this is the first solar node I have run across.

That includes GPS.

Typically that's an option that is cut

in the name of battery savings, which makes a lot of sense.

It's also something that you don't necessarily need

for an infrastructure node, but I really like that

it is an option that seed has and includes on the Pro model.

You can always turn off the GPS,

but being able to get a reliable time signal

and keep it for your critical infrastructure is very handy.

To be clear, this node does ship with a five watt solar panel.

The base model is $70 and does not

include GPS or batteries.

The Pro is $90

and it does include that GPS and battery.

Either way, this is a super excellent price.

I just said that the $100

Wireless Repeater mini was a good deal at $100, but seed is doing even better

because you have a lot of battery

and a lot of solar panel and GPS

for even less money.

Obviously with a five watt solar panel, or maybe not obviously to some people,

but that solar panel is going to be decently sized.

It's not going to be something that you hide somewhere.

If you are looking for a stealthy deployment,

the repeater mini is still your better bet between these two.

But if you're looking for an infrastructure node that is not expensive

but will run even in the dark winters for many months

in the Northern Territory's, the P1 Pro looks like a great option.

Oh, and as a cherry on top and includes a grove port

so you can plug in modular sensors like temperature and whatnot.

Basically anything that you might need to add on to it.

And finally, today we move on to the interesting

findings from the social media.

First and foremost, this podcast is being recorded on Saturday, May 3rd.

The biggest thing in tech news right now

is the recent power outages of Portugal, Spain and France.

And if you were under a rock, basically the entire countries

of Portugal and Spain, as far as I understand it, lost power.

The National Grid's went out and I think parts of France.

This is clearly a big deal and a big issue for a lot of people.

Unfortunately, it seemed like it wasn't too serious

and that power was restored fairly quickly.

All things considered.

But unfortunately, when all of the power is out,

the cell service goes with it fairly quickly.

There are a number of posts about users, including some people visiting

and staying in Airbnbs, being able to pass around news and get some idea of

what's going on, and real time reports of power restoration.

This is yet another great example of sometimes, even if you are somewhere

where you have great cell service, it could go away for any sort of reason.

On the next item is something I found in the mesh

testing discord, which is RF index.com.

It's a kind of interesting central repository

site, allowing you to compare all sorts of different mesh tested devices

and antennas to, if you're curious, or looking around

trying to find a specific radio to fit a specific need,

this might be a useful site for you to do some compare and contrast.

From Reddit, we have node on university

and quote by ancient grab 1106

and it appears to be an engineering student going to university in Belgium

who got approval to put Meshtastic on the university of Buildings.

And this is just a fun little example of

sometimes you just got to ask the right people

and have the right purpose, and you can get things

like Meshtastic, deployed and be able to use it all around college.

Another very interesting and unusual use is I renovated

an old shopping mall using Meshtastic by evening extension 69 on Reddit,

and basically this user highlights that they took.

They took on the renovation of a approximately 30 or so year

old shopping mall that was in desperate need of smart controls

and did not have the money for major infrastructure changes.

In a case of smart defying a house, you can use Zigbee or Z-Wave.

Unfortunately, that does not work in a very large scale environment,

and even things like 4G service was not reliable.

LoRaWAN didn't have the coverage.

This user stumbled across Meshtastic and used it as a way to pass around

control data to various systems, collecting data and allowing a raspberry

Pi to control the entire network and send data.

And they basically implemented their own data packet

to control various industrial systems.

It's a great use case for Meshtastic.

It's something that the system can do, and hopefully

the author of this gets the reliability they need out of it.

And for those of you living in a cold area,

there is an article titled Cold Weather charging of Lithium

Ion Batteries Real World Lessons from the Meshtastic community,

and it was originally posted on Reddit by K Box Labs,

and it looks to be from

the Southern Alberta Mesh in Canada.

And basically, this is a very detailed article

about their uses of batteries, especially lithium ion

batteries, down to -40 degrees and before you ask

whether that's Celsius or Fahrenheit, the answer is yes.

And if you don't get that joke, look it up.

They do recommend lithium titanium oxide batteries for mission

critical deployments, but noted that they basically didn't have

any major problems with lithium ion batteries, in large part

due to the fact that there is so low drain and such low charging need.

If you're living in a cold climate somewhere fairly north.

This is probably an interesting read to you.

Where I am.

My biggest problem is do I want to put lithium ion batteries in a box

that will hit 130°F easily in the summer?

Different problems for different people unlinked from a number of places

which I lost track of, was an article on K'Nex

software about a solar powered alarm

over Meshtastic and includes a GitHub repository

about how you can connect a large language model.

Okay, I two Meshtastic and run it over a solar setup.

You probably need a reasonably large sized solar setup with a decent sized panel

and a lot of battery to do that, because even at a small

LM connected to an Esp32, it's going to be fairly battery hungry.

I thought that this was fun and interesting.

The article talks about how this could provide life

saving instructions during disasters and emergencies,

but I'm going to be honest, any lamb that can fit on a solar node,

which is using a model of 500 million parameters, which is just absolutely tiny.

I don't know if I would trust that with getting life saving information.

You're probably better off having some sort of automated.

Here is basics that you need to know, because that tiny lamp

is not going to provide you good medical or life

saving information unless it's extremely well programed.

Fun? Cool?

Yes, but please do not use ChatGPT for life saving instructions.

That's just never trust.

I like that right now.

Another item from the Meshtastic discord

is the Meshtastic Prometheus exporter.

It collects just an absolute ton of metrics

from an mQTT server and dumps them into Prometheus.

And Prometheus is a metric system that's popular with Kubernetes.

Crowd and open source stuff.

If Prometheus means nothing to you, then don't worry about this.

It's, you know, extremely complicated.

But if you are someone who loves the data and analytics

and running a Big Mac, this is probably interesting.

I've seen that the Ukraine mash runs

something like this for the public portions of their mash.

You can of course, once you dump it into Prometheus,

there are Grafana dashboards, so you can actually have

real time dashboards of your meshes health, as it were.

But as we wind down here, I have two last entries

which are more just fun informational about local groups.

Dave I six weeks gave a presentation

for the Ventura County Amateur Radio Club.

There is a linked PDF in the show.

Notes about the presentation he gave as a standard intro.

What is mash tastic, who uses it, how it works, etc.

I love to call these out

as if you are looking to present to other amateur radio groups.

Here is a PDF presentation already done, made by someone else.

There's a bunch of these floating around.

I've done some and posted them from the Bay area.

I know other people in the Bay area have done the same.

I've talked about some other ones in the past.

Just look around and you will find more of these presentations.

It allows us to spread the word on a more personal level,

because amateur radio clubs love to have these sort of things.

They love to learn about new technology, and similarly was finding

a bunch of information from the Tulsa, mass static working Group.

They have calls on a regular basis that include zoom recordings.

If you're interested in how a working group goes about setting up

Meshtastic in a more formal manner, and it even seems

like they might have some official City of Tulsa approved nodes.

This is, a little Google Group and zoom recordings that might be worth.

Listen, thanks for getting all the way

to the end of this April episode of voice of the mesh.

A quick reminder if you haven't already, please patch your nodes

firmware to at least 2.6.2 or newer to close that critical CV.

That is the most important thing to take away today.

Update your firmware as if you haven't already got news, hacks or shout outs.

Drop a comment on YouTube. Tag me on blue Sky.

Ping me a Meshtastic discord.

Anything mesh related is fair game.

While you're there, hit subscribe and leave a rating so that other mesh

heads can find us until next month. Keep the packets flying.