May 31, 2014

The Only Game in Town - Part 2

As I have mentioned before, I am a Comcast/Xfinity customer at home, not from choice, but from lack of it.  While I complain a lot about their video offering and craptasic DVR, overall their Internet bandwidth and latency are amazing and their phone service is quite clear and is virtually  indistinguishable from a standard POTS line (and I can send SuperG3 33.6Kbps faxes to boot.. try that on any VOIP carrier...).  

I originally started this blog post a few months ago, only to have life pop up and give me more important things to deal with.  Since then, my bill has creeped up by around $20 USD per month since my initial install.

A few weeks ago I went back and checked with all the other broadband players in my ZIP code to see what they are offering.  I was surprised to hear that AT&T has rolled out 6Mbps service in my neighborhood.  That would be exciting if it were 2001 again, but I guess it was much better than their 3Mbps service they were promoting.  Since DSLextreme and (two of my favorite small ISPs) use AT&T cable plant, you are stuck at 6 megs as well.   

Without any real options for switching, I called Comcast and gave the whole faux argument that I might switch and I was looking at lower cost providers.  They backed down pretty quick and gave me $50 off my bill every month to go into a 24 month contract.  As much as I hate contracts, I can't imaging AT&T rolling out Uverse TV and high speed internet in my neighborhood in the next two years.  

It is nice to save money, but it is an empty feeling to know that there are no other viable (i.e. fast and affordable) options where I live.   There are whole geographic regions in Africa that share a single VSAT internet connection, so I should really shut up and be thankful.  Note to self: Evaluate Internet options in 2016.


April 02, 2014

Incoming SMTP on a budget AKA Keep on rollin'

Sometimes you need to run a service on your home computer(s), but due to previous patterns of abuse by other customers, your broadband provider blocks certain inbound services.  I totally understand that need.  Normally you have the option to use a non-privileged and non-standard port, and as long as you don't serve up too much traffic the ISP won't try to convert you to a business account.  

The broadband provider that I have at home blocks a bunch of different ports, including Port 25, which is what I needed to run a SMTP server at home.  For a normal user, this would be silly, but I still need to receive mail on an old sub-domain that I have assigned to me, but I do not control the primary domain or the MX servers for it. 

I had access to a friend's business class service that had a spare static IP, which allowed me do a few experiments.  There are several pieces of software for Windows that will do port translation, but none that are free, and if I was willing to spend the money in the first place, I would have sprung for business class service at home that had static IP addresses and unblocked ports. 

It is more fun to tinker and try to come up solutions, even if you expend more time and effort.

I tried a few different cobbled together a few Linux solutions that worked to some extent.  

The first was an experiment using Netcat.  Basically, using Netcat you can create (as root) two different Netcat processes connected via a pipe.  One Netcat listens to the default interface on Port 25.  The other Netcat creates a connection to the server at home on a different port.  The nice thing about this solution is that it is pretty simple and also works for http and a few other protocols.  Netcat will resolve a DNS name for the output, so if you were to use a dynamic DNS service you could have a flexible solution.  The things that is terrible is that you have to run it as root and after a period of time (at the end of the connection on the incoming, or a time out on the outgoing), Netcat dies and you have to respawn the process.  The other awful thing is that this uses an incredible amount of CPU time.  

I came up with another solution that was a bit better since it was in user space.  I sat a Linux machine behind a junk pile firewall and did the simple NAT to take the public IP address and port 25 and map it to the Linux machine sitting in an RFC 1918 address range on a non-privileged port.  This allowed me to use ssh tunnels to accept traffic on that Linux machine and send it to the mail server directly over the ssh link.  The performance on this was somewhat spotty, but it performed ok.  The advantage of this is that you can connect to a Dynamic DNS host for the ssh tunnel and automate the logins if you use session keys.

That was still a bit clunky, so Googled a bit on iptables.  Most examples I would find on the web used port forwarding to do what I wanted to do, but by using a NAT table to map it from a public to private ip space.  What I was looking to do was basically to take traffic on an untrusted interface and shoot it back out that same untrusted interface on a different TCP port so it could hit my home server.  I had used the open source version of Smoothwall in the past at home and knew that used iptables, so I downloaded an ISO and spun up a system on the Public IP address that was available to me.  Bingo.  Using the port forwarding rules allow you to take inbound traffic on your red interface and forward it back out that same interface.  Most other firewalls of that grade (i.e. free or open source) limit your port forwarding to an address behind your trusted interface of on a RFC 1918 address that you are NATting to.  The beauty of this solution is that it is completely transparent and is only limited by the bandwidth constraints of the network that feeds your public ip address.  The downside is that it only works properly with a fixed ip address.  You could write a script to do an nslookup of the A record attached to your dynamic DNS and then write that into a script that would program your iptables configuration.  In the end it would take a bit more work to make things work smoothly.  

While that was a fun experiment, the best free solution I found was to use a mail redirection service from a company called Rollernet.  They accept mail for you on their mail SMTP server, run the mail against a list of domains that you own, run it through a SPAM filter, check against a valid recipient list, and finally send it off to a valid server and port combination that you own.  Right now they give you 10Mb of free mail transfer a day, and give you the option to defer mail that is beyond that cap until the next day.   You can't beat the price, as long as you are able to give up a little bit of control.  In my case that was an acceptable risk to be able to keep a mail domain that has long gone dormant, but still gets valid emails from time to time.


Continue reading "Incoming SMTP on a budget AKA Keep on rollin'" »

March 26, 2014

We Started Nothing

So, after a decade or so of working in jobs that provided cell phones with personal use policies, I am now at a place that doesn't provide a cell phone.  That's not a huge deal, as it is nice to be off the night time and weekend on-call list. 

With a growing family, I need to be connected when I'm out and about, as well as keeping costs under control.  I looked into the major carriers, and while a basic phone wasn't bad, to go up to a smartphone was cost prohibitive for something that is used sparingly.  

After doing some research I found that a bunch of MVNOs that run carriers on Sprint's network and had decent pricing, but I decided to go with Ting, the wireless brand of TuCows.  I looked into using Glyde to buy a phone to bring over, but didn't find what I wanted for the price I wanted to pay, so I bought a phone on eBay.  It is a little riskier, but it turned out fine.  Fifteen minutes after I received my phone through the mail, I had my new iPhone up and running with voice, text and data on Ting's network.

On the bad side there are a few things.  There are limits on which handsets that you can bring over.  I was able to bring an iPhone 4s onto Ting during their beta program, but you can't just use a CDMA handset that is meant for Sprint and bring it online.  That is a risk if you buy on eBay or any other service, as if the phone doesn't have a "Clean ESN", you might not be able to use it on the network.  The other issue is coverage.  Sprint has terrible coverage.  I'm not the first to say this and I'm not complaining.  The voice and text portion of the service roams seamlessly onto Verizon's infrastructure in my area and I have had no problems with that portion of the service.

What doesn't roam is the data plan.  This is why the service is less expensive and could be a deal killer for some people.  In my case all the places that I need data indoors, I also have WiFi and fast Internet, so I never even use up my data plan.  When I am outside, Sprint's data service is pretty decent, but nothing to write home about.

In my first month of service, my iPhone bill was $18.20.  $17.00 in usage plus $1.20 in taxes and regulatory fees.  So, for below the price of any of the other carrier's minimal data plan, I was able to get voice, text and data service.  Hard to beat.

It goes without saying, but I will say it again, any public post that I make is a personal opinion and not the views of my employer and should not be seen as an official endorsement by any organization. 'Nuff said. 

And yes, the title is an obligatory reference to The Ting Tings, better known to the parental crowd as "the people who sing that birthday song on Yo Gabba Gabba"

February 17, 2014

Feature Wishlist for Chromecast

It is official.  I'm sold on Chromecast.  The whole KISS (Keep It Simple Stupid!) concept seems to work out well.  Things are smooth with all the officially supported clients.  I have a 95% success rate with the Casting extensions running on the x86 release of Chromium on Linux.  For software that isn't officially supported, it really isn't that bad.

I hate to whine about something so simple, but this is the Internet and that is how we do things here.

Things that I would like added to the Chromecast in order of importance.

  • Ethernet Jack.  I know, I know, the future is wireless.  Tell that to my neighbor with a 2.4Ghz phone from a decade ago.  Things are streaming great and then *splat*.  Regular Youtube content just buffers, but it breaks the DRM on the content streaming from the Google Play Store.  Which brings us to...
  • Dual Band WiFi.  Actually this is probably cheaper than adding wired Ethernet.  In my neighborhood that 5GHz band is wide open and the 2.4GHz band is heavily utilized.  I can imagine in a high density housing situation like an apartment complex, dormitory or condo that it would be much worse.  
  • Ability to use local (network) media.  This is probably the most requested feature and I can see why you aren't giving it up easily.  The dongle is a loss leader for folks to use your services.   Even if you limited something like this to Google controlled hardware like Chromebook, I'd probably buy your hardware just to allow me the convenience.  I know you can cast a whole screen including the audio (which is in beta), but I'd rather have an experience similar to what Songza provides for the Chromecast, but with my local media. 
  • Application Partners that don't require a login.  I get it, Netflix, HBO to Go, Hulu Plus and the like are subscription services.  Pandora does both subscription and free models, but why should I have to authenticate with their site to cast their service to the Chromecast.  Songza has it right. has it right.  
  • Application Wrappers for Interested third parties.  An example would be a streaming audio site like SomaFM, which I enjoy.  If an API wrapper were to be created that would allow anyone who is a Google Adsense vendor to cast various application from their site, with Adsense taking 1/2 or 1/3 of the screen real estate for ads and the rest for the customer, it would be a win-win situation.  They would get revenue from the advertising, you (Google) wouldn't have to host the service or pay for the bandwidth and the content can be governed by the current rules of Adsense that doesn't allow it to be used for the purposes of explicit content. 
  • A bit more security.  You know that these things are going to be used to connect large projectors to laptops at conferences and conventions, right?  You made such a neat little product and people won't be able to help themselves.  God help the Hello Kitty convention that has some pervert blasting Goatse images or renaming the units with the iPhone client to objectionable words that get displayed on the idle screen. 
  • Digital Audio Out.  A minor thing.  Not all of us have upgraded our HiFi systems to do HDMI switching.  I take an optical output from my tv and run it into my surround sound setup.  Either a coax or toslink/fiber SPDIF output would be great, but you guys are probably saving that for some sort of set top box that will make us forget GoogleTV.

Most likely your marketing guys have already figured out this stuff, but if not feel free to bring Google Fiber to my street as compensation.

February 02, 2014

Chromecast on Linux

I was recently pondering purchasing a Google Chromecast unit to mess around with at home.  The price is so low that they are almost giving them away.  I assume that is so Google can harvest your viewing habits and resell them, but that is another story.  Originally I was thinking about using a Raspberry Pi unit with XMBC to do media streaming, but as cool as it is, I don't have the time to install, configure and train my family... even if it is way cooler and would give me way more geek cred.  While Minimum System Requirements for using the Chromecast includes most of the normal equipment to be found on my home network, it doesn't support Linux.  Now, thanks to the best (and in depth protocol) explanation from Paul Donahue on the AskUbuntu forum, I know that I'm covered with my Linux devices at home.  Now all is right with the world again.  Thanks again Paul, you made my day a little better.  Now if Google would officially support it as a product and not a beta, that would be cool.

Screen Capture Edit/Addition: I actually wrote this a few weeks ago but never ended up publishing it.  Since then I've bought two Chromecast units to hook up to various TVs around the house.  I would rather have a direct Ethernet connection to them, but they never skip and you really can't beat the price.  I mainly use Ubuntu 13.10 with Chromium to cast content to the Chromecast units, but my kids use the iPad client and it is seamless.  Sometimes less is more.







Continue reading "Chromecast on Linux" »

January 20, 2014

Shady Unsubscribe

Recently I was going through my SPAM filter and looking to see if there was anything that I legitimately signed up for and could unsubscribe to.  I found about twenty different vendors that I was getting newsletters or random marketing pieces from, that at one time I was interested in, but ended up getting classified as SPAM over the years without my notice due to disinterest in their message. 

The bulk of the unsubscribe mechanisms were pretty straightforward and I applaud that.  A few of them were somewhat sneaky, making you read the verbiage twice to make sure that you really took the course of action that you intended.  Then there is Unilever.  At one point they had my e-mail address for some marketing or coupon campaign that I have since forgotten about.  To unsubscribe from their SPAM, here is what is required:

unilever.. oh boy 

So originally they had my e-mail address, now they want everything by my SSN to unsubscribe.  No thanks!


November 28, 2013

Splunk Revisited

A few years ago I was evaluating a cool log analysis package called Splunk for a project at work.  I had a few instances running on a development machine at work and on a server at home.  I found that I was able to drill down to very specific events to debug what was happening so I could correlate problems among various devices and software packages.  When I upgraded my home server a year ago I didn't spend the time to reinstall Splunk, as I was busy with moving into a new house and having children, so it went to the back burner. 

Recently I was having a conversation on system monitoring architecture and Splunk came up.  I decided to take a look and see what a few years of maturity has done.  First of all, the basic software is now free for individual use.  While there is a reduction in enterprise features and there is no password/account authentication, the core functionality is all there. There is a 500Mb limit on the amount of data you can processes, but if you have half a gig of syslog/logfiles/etc to parse a day, then you shouldn't be so cheap and just buy a full license.   If you were paranoid, it would be very easy to use this software and to only share the management port to localhost, so you would have to use a SSH tunnel to get into the box to be able to view any of the data.  I know that is pretty hokey, but it does work as far as anyone with account access to the box gets to see your data.  Beyond that you could always run Splunk within a virtual machine. 

Beyond the cool factor of being able to drill down into your data, it runs well on pretty anaemic hardware.  The server I installed this software on is cobbled together from remnants of several dead computers that are at least six years old, yet the response time from the database with around half a million events is surprisingly fast.  

Add to My Yahoo!

Powered by
Movable Type 3.2ysb5-20051201

Technology Blogs - BlogCatalog Blog Directory

Add to Technorati Favorites