USB Wi-Fi dongles are super cheap these days but not very durable it seems. Recently the cap on one of mine broke off and revealed the antenna that is connected to the tiny PCB board which is part of the USB connector. Click on the picture to get an enlarged version that shows the meandering antenna in detail. Amazing technology!
I'm a bit nostalgic today because my ISDN telephony days are over. A few days ago, I was “upgraded” to an all-IP line at home because my network operator of choice wants to decommission its ISDN public telephone network, offer VDSL vectoring (instead of fiber connectivity, yeah, right…) and migrate everyone to Voice Over IP. For me an era comes to an end.
Back in the days at the end of the 1990's when 52 kbit/s modems for analog lines where the hype of the day I switched to an ISDN line at home so I could make phone calls and be connected to the Internet at the same time. Another plus was being able to bundle the two 64 kbit/s ISDN channels for a blazing Internet speed of 128 kbit/s. Back in the day that was not only considered ultra-fast but it actually also felt like it as web pages and stuff to download were tiny compared to the multi-megabyte downloads when accessing a single web page these days with all the adds included (if you don't have an add-blocker installed). Even when I switched from ISDN to DSL for Internet access I kept my ISDN line to benefit from several phone numbers, immediate call forwarding to other destinations on some of them and other 'digital' features that were not so easy to get on analog lines.
Now after almost 20 years, ISDN has gone. The picture on the left shows my decommissioned ISDN equipment: ISDN base phone with a DECT unit, a DECT cordless phone, DSL/ISDN splitter and an NTBA (ISDN network terminator). But to sweeten things up I got four very worthwhile things as part of the “upgrade”.
First, in anticipation of the switch, I bought a new fixed line cordless DECT (or CAT-iq as it's called today) phone a few months ago that can be connected to both ISDN and a VoIP core network which is HD-Voice capable. Not only will I have a much better voice quality to other VoIP fixed line phones in the country, but there's also an HD-Voice gateway between the VoIP fixed line network and my mobile network operator of choice's GSM and UMTS network that converts the 12.2 kbit/s WB-AMR codec used in mobile networks (G.722.2) into the 64 kbit/s wideband codec used in fixed line networks (G.722). Works great and the audio quality is much improved.
Second, my VDSL line was upgraded from 25 Mbit/s in the downlink direction and 5 Mbit/s in the uplink direction to 50 down and 10 up. I fail to be really impressed by that as my fiber line in Paris gives me 264 Mbit/s in the downlink and 48 Mbit/s in the uplink. But every bit/s counts and I did notice the increased speed immediately when I downloaded a Linux image the other day. Also, my VPN server and Owncloud server that I host at home very much benefit from the 10 Mbit/s in the uplink direction.
Third, my VDSL line is now IPv6 enabled so I will finally be able to connect to my servers over IPv6 while out and about, at least while I'm in my home country, as my mobile network operator of choice has introduced IPv4v6 connectivity this summer. Also, it will help me to better understand the IPv6 firewall features of the mobile network and my VDSL router at home. More about that in a future post.
And finally, the overall package now only costs about half of what I paid before. I'm the conservative type when it comes to connectivity so I hadn't changed my fixed line subscription in 6 years. Never change a running system…
Three and a half years ago I had a closer look at how a dual-SIM 3G mobile worked in practice and how both SIM cards can be used simultaneously, or not. Up to today, the two articles (see here and here) remain one of the most viewed ones so I'm not alone with my interest. These days, there are also dual-SIM LTE phones available, not only in the mid- and low-range market but also in the high-end sector. Time to have a look how these work in practice and if two networks can be used simultaneously.
By and large, the behavior of the dual-SIM LTE phone I had is pretty much identical to the Dual-SIM 3G phone from three and a half years back. The phone can receive (i.e. listen) to two networks simultaneously but can only be active (i.e. transmit and receive) in one at at a time. One can, for example, browse the Internet via one network (used with the first SIM card) while the device keeps listening for incoming voice calls and SMS messages on the other network (with the second SIM card). When a voice call comes in on the second SIM card, the mobile interrupts the communication with the first network during the phone call. In other words, it's not possible to access the Internet via one network and have a phone call over the other network at the same time. That means that, like three and a half years ago, it's still a dual-standby approach.
Also, like the device three and a half years ago, one transceiver chain is limited to GSM while the other chain is capable of GSM, UMTS and LTE. SIM cards can by assigned to one of those chains via the menu so its possible to switch SIM cards to and from the LTE chain for data transfers when necessary. This is useful, for example, when using one SIM card for Internet access in the home country and another SIM card for Internet access when traveling abroad. To get an idea of how that looks like in practice click on the links above. The user interface looks a bit different now but the steps to switch and select SIM cards are still the same.
I you haven’t seen my previous posts on the Nibbler, have a look here for what happened so far.
It’s a November evening which means it’s dark and cold outside and I’m looking out my windows to see a steady stream of car headlights. I’m glad I’m back home. Earlier today I’ve bought the missing chip for my Nibbler board and it’s time after all the effort put into understanding the concept and assembling the hardware if it will actually work. Adrenaline is flowing freely now, not only because my progress was slowed down by a pre-scheduled visit to the dentist. I was close to canceling it, I had a good enough ‘technical’ reason but it would have been that, just an excuse. So one dentist appointment later I finally sit at my desk and insert the remaining chip into the waiting socket on the Nibbler board. Once more I verify that all sockets contain the correct chip and come away satisfied.
Time for attaching the board to the power supply. If all goes well, “press any button” should show up on the display. I should have changed the text it into “hello world” but I decided to go ahead with a binary from the author rather than something written myself. More time for playing around with the software later, it’s a hardware thing today. I connect the board to my 5V battery I normally use for recharging my phone as I don’t even a regulated power supply. I intend to run it on a 5V USB mobile phone charger later but as I’m not quite sure the 5V delivered by a charger is flat enough for the Nibbler I decided on the battery instead.
I flip the master switch on the board and the green power supply LED turns on instantly – Apart from that – NOTHING happens on the display. What!?
Pressing the reset button a couple of times I refuse to believe that something could be seriously wrong. But the display remains dark. I then press the up/down/left/right keys and the piezo speaker starts making noises every time I press a button. Hope returns as the program I flashed into the ROM is supposed to do that. So the program must be running! Yay! But why is there nothing on the display, is the display or the output port chip broken? Then comes the flash of insight – I soldered a potentiometer onto the board to control the LCD module’s contrast. During the assembly phase I put it into a middle setting to ensure that I would at least see something when I first power-up the board. Perhaps a middle setting is not good enough? So I change the setting with a screwdriver first in one direction, resulting in nothing, then in the other direction and suddenly “press any button” shows up on the display. HURRAY – it’s only the contrast setting! As you can imagine, I’m overjoyed!
For the next half our I run a number of programs Steve Chamberlain has put together for the Nibbler, all in a single ROM and accessible via different jumper settings, a cool idea from William Bucholz, the creator of the PCB board. Everything works as it should. Wonderful! Now that the hardware is running I can further explore the hardware in ways that are just not possible with a simulator. But before that some sleep is in order to get the adrenaline from the dentist appointment and from those seconds between power-on and realizing that the contrast level has to be adjusted to see something on the display out of the system.
To be continued…
When I was a teenager it took me two years to convince my parents to buy me a computer. I would have taken anything, big small, TV output, LCD display, whatever, just programmable please. I finally got one but it took too long, mostly because even home computers were expensive at the time. Well, times have really changed, haven't they!?
Yesterday, Eben Upton, one of the creators of the Raspberry Pi, announced the $5 Raspberry Pi Zero. It's much smaller than a "normal" Raspberry Pi, has fewer connectors but is more powerful than the first Raspbery Pi and can act as a fully functional as a desktop computer as it has an HDMI (mini) out and old fashioned TV interface (for which a connector has to be soldered onto the board). Even better, to get one, just go around the corner to a newsstand (at least in the UK) and pick up the latest edition of the Magpi magazine for 6 pounds in which the Raspberry Pi Zero is included as a supplement. Wow, I just imagine myself as a boy having done that instead of having had to preach to my parents for years about the need for having a computer.
I wasn't quite sure when I started writing this article but while writing it, I found this video in which Eben confirms that the Pi Zero is the first "real" computer ever shipped as a magazine supplement! True, an SD card is needed as a mass storage device in addition to an HDMI cable to connect it to a TV as well as a mouse and keyboard which easily exceed the price of the Pi itself, but hey, compared to two years preaching that's a hurdle that can be overcome easily as all of these things are available in abundance and can probably be gotten second hand for next to nothing.
A "real" computer as a supplement in a computer magazine that can be bought at a news stand! I'm sure the late Steve J. would agree, this is insanely great!
When I was recently in China a number of my fellow travelers asked me if I could access the Google Play store. Over a Wi-Fi connection without a VPN I couldn't. I wasn't really all that much surprised, most Google services, Facebook, etc., etc, and most VPN services with servers outside of China are blocked as well, so why should the Play Store be accessible?
Well, for one thing I thought at first, because there are said to be 700 million Android based smartphones and tablets in China. As we are all taught how important it is to download software only from a carefully controlled App store these days, how are those 700 million devices getting software and updates? So I asked one of my local friends with a Chinese Android device if Chinese Android devices can access the Google Play store. As expected I got the answer that the Play store does not work in China and that people just search for Apps on Baidu (the local Google search equivalent) and install it right from a web page. Baidu offers and app store for Android as well but direct installation from web pages seems to be quite popular as well. So much for security screened apps and automatic updates.
Perhaps 700 million Android devices without access to the official store is one of the reasons why Android still makes it easy to download apps from, what is called, "unknown sources" in the user interface and allows to use alternative App stores (of which there seem to be quite many in China). If I were a cynic I would probably be thankful for the censorship so I have more freedom.
Which makes me wonder what kind of concessions Apple had to make as their app store can be accessed in China…
Incredible, I made my first video call only or already a decade ago, depending on how you look at it. At the time I was convinced it would become a mass market phenomenon once more people had 3G phones. It didn't really work out like that, however, and I have to admit that the service never really became popular, perhaps because most network operators massively overpriced the service and failed to continuously innovate and evolve the service.
Today, 3G video calling is still in the same state as it was 10 years ago. For today's devices the resolution and frame rate of the video is far too low and picture quality on the large screens of today's devices is far from what people expect. In the meantime some network operators have even given up on the service entirely and have begun blocking the service for new subscriptions.
But I'm glad that others haven't given up and have continued to innovate. Facetime on mobile has reached some popularity, e.g. see my post from New York from back in 2011. Personally, I use Skype for smartphone and tablet video telephony. Over LTE and even 3G, the video resolution and frame rates are fantastic. These days, I'm seeing more and more people engaged in video calling, especially at airports. Still a niche when compared to the billions of voice minutes generated every day, I agree, but nevertheless quite mature and useful today.
Optical DVD drives are getting out of fashion in notebooks these days. In theory, that's not a bad thing as it saves space and weight and one can always buy an external USB DVD drive for a few euros should one really need one. The problem is that those I tried in recent weeks are of such bad quality that they fail to read many of the DVDs and CDs I wanted to read.
Read issues often do not appear at first when inserting a CD or DVD but only later when I'm already halfway or two thirds through the content. Sometimes, a DVD that can't be fully read in one drive but works o.k. in another and vice versa. Sometimes a DVD fails in both but at different locations. Quite a mess.
But then I remembered that I have a 15 year old PC still standing around in the corner with 2 DVD drivers from back then, solidly built and quite expensive at the time. Despite their age, though, they've so far been able to read each and every DVD and CD that was partially unreadable on those crappy USB connected DVD drives for a couple of euros.
Perhaps it's time to convert my CDs and DVDs while that computer still works…
A couple of months ago, Chrome, Firefox and perhaps other browser have begun to 'pin' the HTTPS certificates used by Google, Twitter and others for their web pages. This significantly improves security for these web pages as their certificates can no longer be signed by any of the hundreds of Certificate Authorities (CAs) that are trusted by web browsers but only by one or a few select ones. So far, this functionality was part of the web browser's code. Recently, however, most desktop and mobile browsers have added support for the generic HTTPS Public Key Pinning (HPKP) method standardized in RFC 7469 that enables any HTTPS protected web site to do the same. Time for me to add it to my Owncloud and Selfoss servers too to protect myself from man-in-the-middle attacks.
HPKP works by adding a public key pin header string to the HTTP response header section that is returned to the web browser each time a web page is loaded. On first request, the web browser stores these and whenever the page from the same domain is loaded again afterward compares the hashes of the HTTPS certificate it receives with those previously stored. If they don't match the page load process is aborted and an error message is shown to the user that can't be overridden. For the details of how to generate the hashes and how to configure your webserver have a look here and here.
The first screenshot on the left (taken from Firefox'es Webdeveloper Network console) shows how the public key pin looks like in the HTTPS response header of my web server. In my case I set the validity of the pinning to 86400 seconds, i.e. to one day. This is long enough for me as I access my Owncloud and Selfoss servers several times a day. As I don't change my certificate very often I decided not to pin one of the CA certificates in the chain of trust but be even more restrictive and pin my own certificate at the end of the chain.
On the PC I successfully verified that Firefox stores the pin hashes and blocks access to my servers by first supplying a valid certificate and a corresponding public pin hash and then removing the pin header and supplying a different valid certificate. Even after closing and reopening the browser, access was still blocked and I could only access my Owncloud instance again after I reinstated the original certificate again. Beautiful.
On Android, I tried the same with Firefox Mobile and Opera Mobile. At first I was elated as both browsers block access when I used a valid certificate that was different from the one I pinned before. The second screenshot on the left shows how Opera Mobile blocks access. Unfortunately, however, both browsers only seem to store the pin hashes in memory. After restarting them, both allowed access to the server again. That's a real pity as Android frequently terminates my browser when I switch to other large apps. That's more than an unfortunate oversight, that's a real security issue!
I've opened bug reports for both Firefox and Opera mobile so let's see how long it takes them to implement the functionality properly.
News is inflationary… Back in August there was a big wave in the press when it was discovered that Android, through all versions, had a couple of pretty serious remote code execution and privilege escalation vulnerabilities in the libstragefright libraries which are called every time a video is shown or previewed. The wave was as big as it was as the vulnerabilities are easily exploitable from the outside by embedding videos in web pages or messages. Device companies promised to patch their devices in a timely fashion and promised to change they way security patching would be done in the future. For some devices this has even happened, but for many older devices (read 2+ years old) nothing was done. But since the news broke, things have calmed down again. Then, in early October, another batch of serious Stagefright issues was discovered that are as exploitable as the first ones. This time, however, the echo was quite faint.
It really makes me wonder why!? Perhaps this is a result of the vulnerabilities not having been exploited on a large scale so far? Which makes me wonder why not, black hats are usually quite quick to exploit things like that. Does nobody know what to do with smartphones under their control? Or perhaps the bad guys are not yet familiar with coding in assembly language on ARM and how to use the Google Android API? If so then the latest episode was perhaps one of the final warning shots before things get real. Let's hope the good guys use the time well to fortify the castle.
On the positive side, Google has patched the vulnerable code in the meantime and so did CyanogenMod, so my devices are patched.