Sunday, October 23, 2016

Not UPnP

If you don't read Krebs on Security you should. Recently his website was attached by the largest Distributed Denial of Service (DDoS) attack ever seen. Investigation showed that it was powered by infected Internet of Things (IoT) devices, mostly media devices.

Subsequently he wrote a post on "Who Makes the IoT Things Under Attack?"

To me the key point in this post was:
...many IoT devices will use a technology called Universal Plug and Play (UPnP) that will automatically open specific virtual portholes or “ports,” essentially poking a hole in the router’s shield for that device that allows it to be communicated with from the wider Internet.
If you don't know what Universal Plug and Play (UPnP) is go read the wikipedia article here.

But that article is long and dry. The problem with UPnP is finally described here:
NAT traversal One solution for NAT traversal, called the Internet Gateway Device Protocol (IGD Protocol), is implemented via UPnP. Many routers and firewalls expose themselves as Internet Gateway Devices, allowing any local UPnP control point to perform a variety of actions, including retrieving the external IP address of the device, enumerate existing port mappings, and add or remove port mappings. By adding a port mapping, a UPnP controller behind the IGD can enable traversal of the IGD from an external address to an internal client.
Now read that again.
Many routers and firewalls ... allowing any local UPnP control point to ... add or remove port mappings.
Do you realize how BAD that is?

But the solution is easy. In your router just disable UPnP.

Do it NOW.

Update: Listen to Security Now 583

Sunday, October 16, 2016

How to Turn Off LTE

There is currently a situation involving BlackBerry PRIVs and various mobile networks. The symptom is that your phone displays "No Service" and you have to reboot to restore service.

Along the way, I came across a technique to disable LTE and leave HSPA enabled.

LTE is a notorious consumer of battery and HSPA typically yields around 10Mbps down so even without the "No Service" issue turning off LTE is probably worth considering.

First go to the Dialer. Enter *#*#4636#*#*.

As soon as you enter the final asterisk, your phone should display a "Testing" menu.

Tap on "Phone Info".

The 4G LTE Switch app in the Play Store will take you directly to this menu. Scroll down until you see "Set preferred network type:"

Just below that you'll see the current network type, probably "LTE/GSM auto (PRL)" and a little "twistie" over to the right. Remember what that value is so you can reset to that if needed.

Tap on that "twistie."

Scroll through the resulting menu.

Tap on "GSM auto (PRL)". Now tap on the back button until you exit this menu. Don't just tap the home button.

Here's the download speed I'm getting.

You may have to repeat this after you restart your phone.

Sunday, October 09, 2016

Insteon Smarthome

My daughter came up with an idea to have her outside lights turn on at sunset and turn off at bedtime. That sounded simple until I tried to actually do it.

I found switches that actually had an embedded processor that you told the latitude and longitude and the time and it calculated sunset/sunrise.

That seemed straightforward but it was not to be.

She added an additional requirement that she wanted to be able to turn them on from her bed. That complicated it tremendously. Now the switches had to be networked.

Well, this did simplify the timing. The clock/timing could be managed centrally and the switches could just be sent on and off commands.

What I found was's Insteon system.

The switches would fit in a regular plate.

They could be managed by a controller.

Let's just say "Don't do that." Smarthome replaced the Controller with their Hub.

Smarthome has an app that controls the Hub.

That seemed so simple. It wasn't.

Thankfully the 3 circuits involved were all single switched circuits. 3-way circuits are much harder.

So I removed the old switches and installed the Insteon switches. After lots of reading manuals and a couple of calls to Smarthome's support (actually pretty good) I got 2 of the 3 working.

To net it out, the switch that wasn't working was on a different leg of the breaker box. I had an electrician come out and move the breaker for the non-working circuit to the "right" place.

He didn't understand it either. He just moved it around in the breaker box and it was still on a different leg.

So I started looking for alternative ways to bridge the legs.

I found a Range Extender that bridges the legs.

Smarthome said you had to use the Range Extenders in pairs but I read the documentation closely and decided that the Hub would act as the other member of the pair. I moved from receptacle to receptacle around the house until the light turned green and I was done!

Total elapsed time - 18 months!

Then she moved. I inherited the parts and pieces and moved them to my house where they worked fine the first time.

I'm so satisfied that I have expanded my system with a lamp module.

Sunday, October 02, 2016

Disconnect Windows 10 From Microsoft Account

Ok, so I've done it TWICE. That is I have twice inadvertently associated my Microsoft ID with my Windows 10 instance. When (not if) you do this, here's how to unassociate your Microsoft ID.

The best instructions I have found are here. I have cleaned up the language a little. This is for Windows 10 1507 so the screens may be slightly different.
  1. Firstly, setup another admin account so that you have a way in if things go wrong.
  2. Next, save all your work because it may lock your mouse/screen and won't let you save your work at the end of this process.
  3. Then, go to your start button
  4. Go up to the top and click on your profile name/account
  5. Then click "change account settings"
  6. In the "your account" tab, just above your account picture there will be an option to select a button saying "log on using local account" or "change log on to local account" (something along these lines)
  7. Click this and it will give you an opportunity to (from now on) log onto your computer using a new password that IS NOT linked to your Hotmail or Microsoft account.
  8. Then when you use the admin as the account name, it will complain that the account is already in use. So use a different name, say tmp.
  9. It will ask you to save your work and logout (but may not give you a chance to save. Proceed to finish the process/logout.
  10. Now login to an admin account (either the new "tmp" account if it was administrator or the other one that you created). 
  11. Go to control panel, user accounts and eventually find the setting to rename an account.
  12. Rename the tmp account (now delinked from online account) back to the name it was.
  13. Logout and back in.
  14. You are set.
Worked for me, twice.

Sunday, September 25, 2016

ARM Server Chip - For Real

You heard it here 4 years ago - ARM Server Chip.

Now it comes to reality - Fujitsu: Why we chose 64-bit ARM over SPARC for our exascale super

And it displaces my beloved SPARC chip.

A few quotes from Fujitsu...
When was the last time you heard nice things about SPARC Linux?
Fujitsu chose 64-bit ARM CPU cores for its upcoming exascale supercomputer for two reasons: Linux and the ability to customize its own processors.
[Fujitsu] chose ARM over SPARC due to ARM's larger and healthier software ecosystem.
ARM has the best software ecosystem for us.
And you thought Intel and Sun ruled the world.

Sunday, September 18, 2016

Chromecast Data Usage

I love my new router.

When I was looking at the Traffic Monitor I noticed that my Chromecast was in my top 5 clients. This chart is only about 5 days into my using the Asus RT-AC68R.

I found this thread on reddit. In that thread there's a link to a earlier thread.
Bottom line is that a chromecast will use 8-20 MB per hour when turned on and idle no matter what. Disabling or changing backdrop settings does not disable the background images, it just customizes them. When backdrop is disabled, new images still appear at the same rate, just with a message about enabling backdrop in the lower right instead of information about the image. 
The workaround I found was to power the chromecast from the TV's USB port instead of using the wall adapter, so it's only on when the TV is on. This isn't perfect, because the chromecast is still on when watching regular TV. Additionally, the chromecast takes time to start up. Unfortunately, one of my TV's doesn't have a USB port so I can't do anything about that set.
My old TV didn't have a powered USB port. When I migrated to the new TV I just moved the Chromecast along with the wall adapter USB power. My new TV does have a powered USB port so I moved the Chromecast's USB cable to that and the problem is solved mitigated.

Sunday, September 11, 2016

Asus RT-AC68R First Look

Almost 3 years ago one of my former co-workers told me he had just upgraded to an Asus router and it really improved his throughput. He didn't remember which it was so I started shopping.

You'd know I'd come up with something cheap inexpensive. I got a refurbished Asus RT-N65R. It has performed very well for me.


We have been noticing some blips of the Internet but my EMCO Ping Monitor didn't complain. I finally realized that it was the radio in the router failing.

So my quest for a new router started.

I really liked the ASUSWRT firmware. But the firmware for the RT-N65R hadn't been updated since January 2015. Operationally it was fine but I was worried about security patches.

While Comcast has raised their bandwidth "trial" to 1 GB I still am interested in tracking my bandwidth usage. I wanted to maintain this ability and even expand it to tracking by device.

I looked at dd-wrt and Tomato. There are plugins for those firmwares to do this but it takes more command line skills than I was ready to tackle.

My son-in-law had the Asus RT-AC68R. It is dual-band 1900 Mbps so it is FAST. And its firmware is still being updated.

Not only does it have the same bandwidth reporting as the RT-N65R but it will break out bandwidth by client and application.


And there's so much more to play with. Like Merlin.