• Non-secure network connections in Carnival Cruise's app

    This past summer my family took a cruise on Carnival Cruise Lines to the Eastern Caribbean. There were a total of 17 of us and we had a good time. One of the suggested ways for everyone to stay in touch was to use the Carnival Hub App which is basically their goto app for up to date information on the ship which has a messaging component. For $5 per device for the cruise, it didn't seem all that unreasonable except that just about everything on the cruise costs extra!

    The chat app, like most chat apps, has push notifications. In iOS, there are 2 types of push notifications, local and remote. The remote ones require a persistent connection to Apple's Push Notification Service (APNS). I suspected that the app used local notifications and stayed open in the background as having several thousand devices connected to either Apple or Google's push servers over a satellite link would not make much sense. So I pulled out my trusty copy of Charles Proxy and decided to see what traffic was being sent. What I saw just about shocked me.

    Connections using the app were NOT using SSL! Since the WiFi was unprotected (it would be cumbersome to give out the WiFI password to so many users), anyone with rudimentary hardware/software could sniff all the traffic. SSL certificates are cheap and easy to deploy, so there is no excuse for every service not to be using them (I use them internally on all services running at my house).

    Is it so bad that the app isn't using SSL as no credit card data is flowing through the app? Absolutely! People could be chatting about which rooms they are in and when they are going to meet giving criminals information about when to go into their rooms. People could also tell their friends/family what they have in their rooms making them targets for criminals ("I put the laptop/camera under the bed", for example). Not only was chat not SSL protected, all other aspects of the app's communication were sent in clear text.

    Example requests and responses

    This request has my Folio number and name; those 2 pieces of information could allow anyone to charge to my room. While they should look at the ship ID (you are given basically a name badge that is your room key and used for purchases), I don't know if the staff always looked at them. My cabin number was also in the request.

    GET /FHMA-leviathan/api/Guest?isKiosk=false HTTP/1.1
  • HDMI ARC and HDMI CEC

    Several years ago, I purchased a Vizio 5.1 soundbar system. At the time, the way to get the best audio from it was to use the optical input. This worked fine, but required me to use 3 remotes for watching TV; 1 for the TV, 1 for the soundbar, and 1 more for the Roku I had at the time. When the Apple TV 4 came out, I learned about HDMI CEC which is basically a protocol that lets devices talk to each other and have some control. The Apple TV remote then let me turn on the TV and put it in standby without touching the TV remote. That brought me down to 2 remotes. The Apple TV remote could also control the soundbar using IR which brought me down to 1 remote.

    This setup worked fine for years, but had a few slight problems. The first is that when I powered on the Apple TV and TV using the remote, I'd have to hit the volume up button a few times to wake up the soundbar and then would have to lower the volume. Second is that putting the Apple TV and TV in standby did nothing for the soundbar; it went into low power mode after awhile, however. The last complaint, albeit minor is that I couldn't use my iPhone or iPad to control the volume.

    I'd read about HDMI Audio Return Channel (ARC) where instead of using optical audio out, an HDMI cable could be used which would give better audio. My soundbar didn't have this option (the TV which was older than the soundbar did have it) so I was stuck with the optical audio. In addition, if the devices supported HDMI CEC, the volume could be controlled using another device's remote.

    A few weeks ago, I finally decided to upgrade my soundbar to one that supports Dolby Atmos and purchased the Vizio SB36512-F6 which was on sale at Costco. While I have no idea if I'll be able to hear the Dolby Atmos (I need content to support it), I'm pretty pleased with the purchase. This soundbar is connected via HDMI and allows me to use the Apple TV remote (and my iPhone/iPad) to completely control my entertainment devices. In addition, the sound on the bar seems crisper and can now hear the rear speakers much better. It may be that HDMI ARC works better than optical or maybe makes it easier to configure. I am excited to be able to try out Atmos and see if that lives up to the hype in the room I watch TV (it may not as the ceiling isn't that high and due to the layout, it is just part of a larger room).

    I love when devices work together and with this new soundbar, I may have found the perfect combination for my viewing experience.

    One last thing, the iPhone app for the soundbar is a piece of garbage. I used it to upgrade the firmware on the soundbar and promptly deleted it. Why is is so hard to make a basic app for controlling the settings of a device?

  • Honey Mustard Kebab Recipe

    I'm not a great cook, but in order to help out my wife I've been cooking at least 2 days a week for the last year or so. I've found a few recipes that work and pretty much stick to them. Yes, this is quite boring but it works for us. However, when I ask my wife if she likes it, she says she likes not cooking those nights which isn't a big encouragement! Last week I got the idea that I was going to make kebabs and when I went to the store to get ingredients, a bottle of brown mustard called my name.

    I went searching for a recipe that had brown mustard in it that met my dietary needs and didn't require me to go back to the store. Unfortunately there wasn't an easy way to take an inventory of what we had and get a recipe, so my searching came up with a recipe that was kind of in the ballpark of what I wanted. I don't experiment in the kitchen and tend to follow recipes, but I decided to go out on a limb and make some modifications. When I cooked the chicken the following night, my wife said it was excellent which was a huge relief to me! I guess I'm starting to understand what ingredients make what flavors and what we like. Who knows, I might take a cooking class one day!

    In any case, for my own records here is the recipe I ended up using:

    Ingredients

    • 1/4 cup honey
    • 4 tablespoons sweet brown mustard (no added sugar)
    • 1 tablespoon coconut aminos
    • 1 tablespoon coconut sugar
    • 1 tsp parsley flakes
    • 1 tsp paprika
    • 1 tsp salt
    • 1 tsp minced garlic (we have a big container from Costco)
    • 1/4 teaspoon black pepper
    • 1/8 teaspoon cayenne pepper
    • 3 tablespoons olive oil
    • 1/2 green bell pepper
    • 1/2 red bell pepper
    • Other vegetables to grill
    • 1 to 1.5 lbs chicken

    Directions

    1. Combine all ingredients (except for the vegetables and chicken) in a small metal bowl.
    2. Whisk ingredients.
    3. Cut chicken into chunks.
    4. Cut peppers and other vegetables into chunks
    5. Put chicken and peppers in quick marinator (not sure this really does anything, but I did it anyway).
    6. Pour marinade over chicken and peppers.
    7. Completely cover everything with marinade.
    8. Refrigerate for 24 hours.
    9. Place chunks on metal skewers.
    10. Grill to perfection!

    Enjoy!

  • Review: Anker PowerCore 26800 Power Bank

    On a recent camping trip, I brought along a few small power banks to charge phones and watches (we weren't completely out in the wilderness and having a phone for pictures and emergencies is quite important). It was kind of awkward to charge the devices using 3 separate batteries. I decided to look for larger power banks that could charge multiple devices at once. Originally I was looking for one that could also power my laptop for a little bit, but decided that the number of times I've had to power it have been few and far between. Since I had good results with Anker products, I purchased the Anker PowerCore 26800 Portable Charger.

    This charger is close to the largest battery that you can legally bring on an airplane, but weighs just over a pound. In addition to the 3 USB ports (many power banks just have 2), it has 2 micro USB ports for input to charge it faster. With a battery this large, faster charging is nice to have. The power bank is pretty basic; charge it up with the micro USB inputs (it doesn't come with a wall adapter, so I just use the Anker 6-Port USB Charger to charge it) and then plug devices into the USB ports.

    We used the power bank a number of times this past summer during another trip. I put it in my backpack with a few cables and during the day charged up our phones (even with new batteries, our iPhones suck down batteries when using GPS). Being able to plug in 2 devices at once was quite convenient. Also since the battery is so large, I think I only had to charge it once on a 2 week trip.

    This battery has performed well and I anticipate using it on camping trips, family vacations, and having it around in case of emergencies. As I've switched to USB charging for as many devices as possible including flashlights, this battery can also be quite helpful in an emergency or a disaster.

    Pros

    • Largest battery you can take on a plane.
    • 3 USB ports for charging devices.
    • Faster charging with 2 USB inputs.
    • Not too heavy.

    Cons

    • Some may consider it a bit expensive for a battery.

    Summary

    This power bank has allowed me to consolidate power banks on trips. While it may not be the smallest, I don't have to worry about it running out of power even if I charge a number of devices. It just works and the 3 USB ports make it more useful to me than other power banks I could have purchased. If you're in the market for a power bank, I'd definitely consider this one.