Sunday, August 01, 2021

Follow the Wire

I'll start by conceding that the problem I'll be discussing was MINE, not Xfinity's.

But we didn't know that for a long time.

Recently my 2 year contract with Xfinity lapsed and my bill jumped $50 per month. I called to renegotiate.

They responded with a new plan that had the same TV channels and bumped the Internet speed from 200Mbps to 800Mbps. While I didn't NEED that speed increase, faster is always better.

So after a couple of days, I tried a speedtest.

Hmmm. 250Mbps. What's up with that?

So I looked at my modem, a CISCO DPC3008. While it is DOCSIS 3.0, it only has 8 download channels. This limits it to 340Mbps.

Maybe that was the problem. Not.

But it was time for a new modem anyway so I got an Arris SB6190. It was still DOCSIS 3.0 but had 32 download channels for 1.4Gbps.

Maybe that would fix it. Not.

So I called Xfinity for support. I got a representative in Honduras who was very thorough. His thinking was that there was a cap still in place somewhere but he couldn't see it. So he dispatched a technician.

The technician showed up. His diagnosis was that I had a bad coupling on the coax going into the modem. Not.

I was still at 250Mbps.

I placed another service call. This time the technician didn't even show up. He just called.

He said that I needed a different bootfile. His attempts at downloading a new one didn't work. He said that was because I needed a DOCSIS 3.1 modem.

The SB6190 was listed on Xfinity's modem page for 800Mbps. But I bought a Netgear CM2000 to satisfy him.

No change.

And that's the end of the Xfinity lack of support story. Hours and hours of my time. Several hours of Internet down time while replacing/testing hardware. Hundreds of dollars spent. Two technicians dispatched neither of whom was capable of diagnosing a problem.

So I decided to take the advice I gave to one of my Unix admins when he was troubleshooting a dial-out modem on an HP 9000.


I took a laptop with a gigabit Ethernet port and plugged it directly into the Netgear CM2000.

Bingo! I got 650Mbps.

Then I plugged that laptop into the LAN port on my router.


That pointed directly at my Asus RT-AC68R router.

As Pogo said, "We have met the enemy, and he is us."

So off to Google I went.

What I FINALLY found was that the RT-AC68R defaults to using the CPU to perform NAT acceleration. But the RT-AC68R has dedicated hardware that it can use. When I dug down into the settings and switched "NAT Acceleration" to "Auto", all was well!

The download speed jumped to 950Mbps!

The switch point where you should use the dedicated hardware is 150-200Mbps so I hadn't stumbled on it earlier.

Then I switched back to the Arris SB6190 and returned the Netgear CM2000. I still got 850Mbps.

Lessons learned: 1) Fast home Internet is a challenge and 2) Xfinity is no help.

Sunday, July 25, 2021

There Is No Cloud

I post fairly regularly about the "cloud." I have mixed opinions depending on the size and capability of your organization.

But recently I was following a story of Google changing their desktop Drive solution, AGAIN.

As frustrating as that will be to Google Drive users, that's not the story I want to tell.

Often the comments on a tech story are as interesting and valuable as the story itself and this was no exception.

It's just another reminder that The Cloud is just someone else's computer. And if they decide to change the rules around using their computer, then you either have to suck it up and accept it, or to try and pull back in all your data yourself. Neither of which is usually an easy or pleasant experience...
Good advice.

Turns out, there's even a t-shirt for this!

Get yours now!

Sunday, July 18, 2021

I'm STUNed

My router (Asus RT-AC68R) has a nice traffic monitor screen. I check it regularly. One day I noticed that an iPhone had a large amount of traffic attributed to STUN.

Off I went to figure out what STUN was.

It turns out that STUN stands for Session Traversal Utilities for NAT. Interestingly, STUN messages are sent in the lower overhead User Datagram Protocol (UDP) packets, not Transmission Control Protocol (TCP).

Still, what on the iPhone was using STUN?

Here's Apple's chart of port usage that calls out STUN.

Check off that we've learned something today.

Sunday, July 11, 2021

Nearby Share

One iOS feature that I really like is AirDrop. A recent article ( in Winaero explained a similar Windows 10 feature called Nearby Share.
Nearby Share in Windows 10 allows transferring files between files within the same network. It is a great and somewhat underrated feature that will let you ditch third-party sharing apps and slow USB thumb drives. Being integrated into the OS, Nearby Share ensures the best compatibility with almost any Windows 10 device.
I would add that it is pretty much unknown, even by a geek like me.

You need relatively recent version of Windows 10, e.g. 1803 or later. You also need Bluetooth enabled and having the 2 PCs on the same Wi-Fi network increases the speed of transfer.

To use Nearby Share, on both systems go to Settings > System > Shared Experiences and turn on Nearby Sharing.

To share a file, right click on a file in Windows Explorer and chose "Share".

You'll get a dialog showing the receiving system. Click on it.

You'll get this notification on the sending system.

On the receiving system, you'll get this notification.


Sunday, July 04, 2021

Application Layer Gateways - Part III

In Part II, I discussed how certain applications are allowed to "tweak" the router so that traffic to different incoming ports is allowed.
This post is the final part of this discussion (at least for now).

Again, I will reference Steve Gibson's Security Now podcast, this time episode 804.

In this episode, Steve describes how a NAT slipstreaming attack allows a remote attacker to trick the NAT into creating NAT traversal mappings to ANY device on the internal network,

This isn't good.

Armis discovered that routers' Application Layer Gateways (ALGs) have even more issues.
WebRTC TURN (Traversal Using Relay around NAT) connections can be established by browsers over TCP to any destination port. The browsers restricted-ports list was not consulted by this logic, and was therefore bypassed.

These TURN connections are used by H.323, a VoIP protocol similar to SIP.

So what to do? I repeat the recommendation at the end of Part II. In your router, turn off as many of the ALG passthroughs that you can.

Good luck if you're using H.323.

Sunday, June 27, 2021

Windows 10 21H1 Enablement Package

I wrote about how I had forced the upgrade to Windows 10 21H1 in a previous post. I did it the hard way and suffered the consequences. That post described the cleanup I had to do.

Well, I came across another laptop that hadn't/wouldn't upgrade to 21H1. I didn't want to take the hard way again.

If a PC automatically offers 21H1, the installation is QUICK. So I set out to find how to force that laptop to upgrade in the same manner as if it were automatically offered.

And I found it.

It seems that 21H1's functions were actually delivered in previous months cumulative updates. The "Feature Upgrade" that is automatically offered just flips some registry switches and reboots.

That "Feature Upgrade" is simply KB5000736, an enablement package. This enablement package is only available for devices running versions 20H2 and 2004.

If you have a device that isn't offering 21H1, just download KB5000736 (64-bit) and run it. Incidentally, when I clicked on that link, nothing happened. I had to right click and choose "Copy link address" and then paste that link into another browser tab.


Sunday, June 20, 2021

Happy 40th Birthday 8086

June 8, 2021 was the 40th anniversary of the Intel 8086 microprocessor chip. Today it's usually called the x86 chip.

Here's an article on its history.

I worked in IT during those 40 years and have a few thoughts.

In the 1990s, there were several competing architectures in the enterprise realm. I especially recall DEC's Alpha and Sun's SPARC. The less said about IBM's PowerPC the better. It took me some Googling to even remember what HP's processor was. And nobody remembers Intel's Itanium. HP went all in on Itanium and look where that got them.

But these architectures locked an organization into a specific vendor. We went through a huge and expensive migration of our SAP systems from PowerPC to SPARC.

During that effort, my architect and I pushed the vendors to propose a mixed environment, i.e. proprietary processors for database servers and commodity processors (x86) for application servers.

None of the vendors would play. We ended up going with SPARC, but in the end, the battle was lost to Intel's x86 architecture.

Ironically, this success wasn't attributable to Intel but AMD.

One of the advantages that SPARC brought us was the ability to move to 64-bit architecture for our database servers. That made orders of magnitude improvements in our I/O response times.

At that time, Intel didn't support 64-bit on x86.

AMD came along and implemented a 64-bit architecture on top of Intel's x86 code. That is known as x64 and has conquered the world.

Intel played catch-up and eventually implemented x64 and, as they say, "The rest is history."

But the fat lady hasn't sung yet.