December 07, 2014

Amazon Firestick - Part 2

After singing the praises of the Firestick in my last blog post, I've had some more experience playing with the unit.  Last night was the first time I've had some network delay issues with 1080P content, but nothing really terrible.

The big thing for me was looking at apps to do local streaming.  After doing a few google searches, I found that while XBMC is not an option from the Amazon store, you can "Side Load" the application.  While not seamless, running XBMC on the firestick is pretty amazing.  Streaming local 1080P content over my local network works like a charm.  If you are looking to do this, read these links.  As of the next release XBMC will be officially known as Kodi.

Using this method, you can load a lot of other APK file packaged applications beyond what I've mentioned.

December 05, 2014

Amazon Firestick

When I came home from running errands the day before Thanksgiving, there it was on my doorstep, the Amazon Firestick.  As you may have read, I've been playing with the Google Chromecast units and have had lots of fun messing with them.  When the Firestick was announced a few weeks ago at $19.99 USD I couldn't pass it up, since my wife has an Amazon Prime addiction.  As I type this I'm watching an Amazon Prime HD movie and it has yet to hiccup.  Here are some of my thoughts:

  • The UI is fast compared to the Amazon Prime app on my Panasonic BluRay player
  • The same BluRay player above has network stutters, so I assume the Firestick has more buffer memory
  • The unit was preconfigured at the factory to hook into my wife's account.  Sorta cool or sorta creepy depending on if you were buying it for yourself or for a gift.
  • The Wi-Fi also does 5.8Ghz, which is pretty awesome.
  • It has Miracast built in.  That's cool to have, but I never use it.

We've been playing with this thing for a little over a week now and it is pretty awesome.  It doesn't seem to stutter on 1080P content, which is pretty awesome.  If you have Amazon prime, this thing is something that you want to have, but if you are buying your content from random sources, a Roku might be a better choice.

November 15, 2014


I guess blogging has sort of gone out of style.  There isn't really much to say right now, but I can leave you with these nuggets of information. 

  • While I don't use it, my wife is enamoured with Etsy.  On the surface it is all artsy, but it is pretty much the best place to buy trademark infringing custom Disney apparel.  Sort of like a game of whack-a-mole with vendors from what I understand.
  • Maybe I don't hang in the right crowds, but I personally don't find the appeal of Pinterest.  The whole concept of using "curate" as a verb and spending time organizing content that has already generated feels like a waste of time.  I'd be terrible at making investment decisions for internet companies, because it seems that every mother at my son's school uses it for anything that is arts and crafts related.
  • Please do not use an iPad or tablet as a camcorder.
  • That is all.


July 05, 2014

RAND Cybersecurity Workforce Study

I read this RAND study last weekend and had a chance to share this with several people in the workplace last week.  In regards to my experience this has been one of the most on target papers in regards to hiring, training, and retaining talent in the "cyber security" space for government work. 

Anyways, here is the link:


While overall I think this is a great piece of writing, there are some problems.  First of which, if you ask three people what "cyber security" entails, you'll get three different answers.  One of the other fairly minute issue, is that the researchers make the assumption that USG employees that do jobs within the "cyber security" realm in the civilian space are 2210's.  In the real world we all know that depending on what flavor of work, different GSA categories such as 0132, 0391, 0801, 0850, 0854, 0855, 0856, 1540, 1541, 1550 or even a secondary role as a 1801 or 1811.

May 31, 2014

The Only Game in Town - Part 2

As I have mentioned before, I am a Comcast/Xfinity customer at home, not from choice, but from lack of it.  While I complain a lot about their video offering and craptasic DVR, overall their Internet bandwidth and latency are amazing and their phone service is quite clear and is virtually  indistinguishable from a standard POTS line (and I can send SuperG3 33.6Kbps faxes to boot.. try that on any VOIP carrier...).  

I originally started this blog post a few months ago, only to have life pop up and give me more important things to deal with.  Since then, my bill has creeped up by around $20 USD per month since my initial install.

A few weeks ago I went back and checked with all the other broadband players in my ZIP code to see what they are offering.  I was surprised to hear that AT&T has rolled out 6Mbps service in my neighborhood.  That would be exciting if it were 2001 again, but I guess it was much better than their 3Mbps service they were promoting.  Since DSLextreme and (two of my favorite small ISPs) use AT&T cable plant, you are stuck at 6 megs as well.   

Without any real options for switching, I called Comcast and gave the whole faux argument that I might switch and I was looking at lower cost providers.  They backed down pretty quick and gave me $50 off my bill every month to go into a 24 month contract.  As much as I hate contracts, I can't imaging AT&T rolling out Uverse TV and high speed internet in my neighborhood in the next two years.  

It is nice to save money, but it is an empty feeling to know that there are no other viable (i.e. fast and affordable) options where I live.   There are whole geographic regions in Africa that share a single VSAT internet connection, so I should really shut up and be thankful.  Note to self: Evaluate Internet options in 2016.


April 02, 2014

Incoming SMTP on a budget AKA Keep on rollin'

Sometimes you need to run a service on your home computer(s), but due to previous patterns of abuse by other customers, your broadband provider blocks certain inbound services.  I totally understand that need.  Normally you have the option to use a non-privileged and non-standard port, and as long as you don't serve up too much traffic the ISP won't try to convert you to a business account.  

The broadband provider that I have at home blocks a bunch of different ports, including Port 25, which is what I needed to run a SMTP server at home.  For a normal user, this would be silly, but I still need to receive mail on an old sub-domain that I have assigned to me, but I do not control the primary domain or the MX servers for it. 

I had access to a friend's business class service that had a spare static IP, which allowed me do a few experiments.  There are several pieces of software for Windows that will do port translation, but none that are free, and if I was willing to spend the money in the first place, I would have sprung for business class service at home that had static IP addresses and unblocked ports. 

It is more fun to tinker and try to come up solutions, even if you expend more time and effort.

I tried a few different cobbled together a few Linux solutions that worked to some extent.  

The first was an experiment using Netcat.  Basically, using Netcat you can create (as root) two different Netcat processes connected via a pipe.  One Netcat listens to the default interface on Port 25.  The other Netcat creates a connection to the server at home on a different port.  The nice thing about this solution is that it is pretty simple and also works for http and a few other protocols.  Netcat will resolve a DNS name for the output, so if you were to use a dynamic DNS service you could have a flexible solution.  The things that is terrible is that you have to run it as root and after a period of time (at the end of the connection on the incoming, or a time out on the outgoing), Netcat dies and you have to respawn the process.  The other awful thing is that this uses an incredible amount of CPU time.  

I came up with another solution that was a bit better since it was in user space.  I sat a Linux machine behind a junk pile firewall and did the simple NAT to take the public IP address and port 25 and map it to the Linux machine sitting in an RFC 1918 address range on a non-privileged port.  This allowed me to use ssh tunnels to accept traffic on that Linux machine and send it to the mail server directly over the ssh link.  The performance on this was somewhat spotty, but it performed ok.  The advantage of this is that you can connect to a Dynamic DNS host for the ssh tunnel and automate the logins if you use session keys.

That was still a bit clunky, so Googled a bit on iptables.  Most examples I would find on the web used port forwarding to do what I wanted to do, but by using a NAT table to map it from a public to private ip space.  What I was looking to do was basically to take traffic on an untrusted interface and shoot it back out that same untrusted interface on a different TCP port so it could hit my home server.  I had used the open source version of Smoothwall in the past at home and knew that used iptables, so I downloaded an ISO and spun up a system on the Public IP address that was available to me.  Bingo.  Using the port forwarding rules allow you to take inbound traffic on your red interface and forward it back out that same interface.  Most other firewalls of that grade (i.e. free or open source) limit your port forwarding to an address behind your trusted interface of on a RFC 1918 address that you are NATting to.  The beauty of this solution is that it is completely transparent and is only limited by the bandwidth constraints of the network that feeds your public ip address.  The downside is that it only works properly with a fixed ip address.  You could write a script to do an nslookup of the A record attached to your dynamic DNS and then write that into a script that would program your iptables configuration.  In the end it would take a bit more work to make things work smoothly.  

While that was a fun experiment, the best free solution I found was to use a mail redirection service from a company called Rollernet.  They accept mail for you on their mail SMTP server, run the mail against a list of domains that you own, run it through a SPAM filter, check against a valid recipient list, and finally send it off to a valid server and port combination that you own.  Right now they give you 10Mb of free mail transfer a day, and give you the option to defer mail that is beyond that cap until the next day.   You can't beat the price, as long as you are able to give up a little bit of control.  In my case that was an acceptable risk to be able to keep a mail domain that has long gone dormant, but still gets valid emails from time to time.


Continue reading "Incoming SMTP on a budget AKA Keep on rollin'" »

March 26, 2014

We Started Nothing

So, after a decade or so of working in jobs that provided cell phones with personal use policies, I am now at a place that doesn't provide a cell phone.  That's not a huge deal, as it is nice to be off the night time and weekend on-call list. 

With a growing family, I need to be connected when I'm out and about, as well as keeping costs under control.  I looked into the major carriers, and while a basic phone wasn't bad, to go up to a smartphone was cost prohibitive for something that is used sparingly.  

After doing some research I found that a bunch of MVNOs that run carriers on Sprint's network and had decent pricing, but I decided to go with Ting, the wireless brand of TuCows.  I looked into using Glyde to buy a phone to bring over, but didn't find what I wanted for the price I wanted to pay, so I bought a phone on eBay.  It is a little riskier, but it turned out fine.  Fifteen minutes after I received my phone through the mail, I had my new iPhone up and running with voice, text and data on Ting's network.

On the bad side there are a few things.  There are limits on which handsets that you can bring over.  I was able to bring an iPhone 4s onto Ting during their beta program, but you can't just use a CDMA handset that is meant for Sprint and bring it online.  That is a risk if you buy on eBay or any other service, as if the phone doesn't have a "Clean ESN", you might not be able to use it on the network.  The other issue is coverage.  Sprint has terrible coverage.  I'm not the first to say this and I'm not complaining.  The voice and text portion of the service roams seamlessly onto Verizon's infrastructure in my area and I have had no problems with that portion of the service.

What doesn't roam is the data plan.  This is why the service is less expensive and could be a deal killer for some people.  In my case all the places that I need data indoors, I also have WiFi and fast Internet, so I never even use up my data plan.  When I am outside, Sprint's data service is pretty decent, but nothing to write home about.

In my first month of service, my iPhone bill was $18.20.  $17.00 in usage plus $1.20 in taxes and regulatory fees.  So, for below the price of any of the other carrier's minimal data plan, I was able to get voice, text and data service.  Hard to beat.

It goes without saying, but I will say it again, any public post that I make is a personal opinion and not the views of my employer and should not be seen as an official endorsement by any organization. 'Nuff said. 

And yes, the title is an obligatory reference to The Ting Tings, better known to the parental crowd as "the people who sing that birthday song on Yo Gabba Gabba"

Add to My Yahoo!

Powered by
Movable Type 3.2ysb5-20051201

Technology Blogs - BlogCatalog Blog Directory

Add to Technorati Favorites