Non-secure network connections in Carnival Cruise’s app

This past summer my family took a cruise on Carnival Cruise Lines to the Eastern Caribbean. There were a total of 17 of us and we had a good time. One of the suggested ways for everyone to stay in touch was to use the Carnival Hub App which is basically their goto app for up to date information on the ship which has a messaging component. For $5 per device for the cruise, it didn’t seem all that unreasonable except that just about everything on the cruise costs extra!

The chat app, like most chat apps, has push notifications. In iOS, there are 2 types of push notifications, local and remote. The remote ones require a persistent connection to Apple’s Push Notification Service (APNS). I suspected that the app used local notifications and stayed open in the background as having several thousand devices connected to either Apple or Google’s push servers over a satellite link would not make much sense. So I pulled out my trusty copy of Charles Proxy and decided to see what traffic was being sent. What I saw just about shocked me.

Connections using the app were NOT using SSL! Since the WiFi was unprotected (it would be cumbersome to give out the WiFI password to so many users), anyone with rudimentary hardware/software could sniff all the traffic. SSL certificates are cheap and easy to deploy, so there is no excuse for every service not to be using them (I use them internally on all services running at my house).

Is it so bad that the app isn’t using SSL as no credit card data is flowing through the app? Absolutely! People could be chatting about which rooms they are in and when they are going to meet giving criminals information about when to go into their rooms. People could also tell their friends/family what they have in their rooms making them targets for criminals (“I put the laptop/camera under the bed”, for example). Not only was chat not SSL protected, all other aspects of the app’s communication were sent in clear text.

Example requests and responses

This request has my Folio number and name; those 2 pieces of information could allow anyone to charge to my room. While they should look at the ship ID (you are given basically a name badge that is your room key and used for purchases), I don’t know if the staff always looked at them. My cabin number was also in the request.

GET /FHMA-leviathan/api/Guest?isKiosk=false HTTP/1.1

{
    "ChatPassword": "efabb219324c47dfbfef469523b495d0",
    "Nickname": "SCOTT GRUBY",
    "DiningRoom": "Northern Lights Upr",
    "DiningTime": "E",
    "DiningTable": "494",
    "MusterStation": "B4",
    "LoyaltyNumber": "XXXXXXX",
    "LoyaltyLevel": "BLUE",
    "NumCruises": "1",
    "DateOfBirth": "",
    "Age": "45",
    "BookingNumber": "XXXXX",
    "BookingSequenceNumber": "18",
    "FolioNumber": "8540",
    "FolioActiveIndicator": "A",
    "FolioType": "G",
    "FolioAccountNum": "8829",
    "ResponsibleParty": "Y",
    "AlcoholRestricted": "N",
    "AtRisk": "",
    "CashBalance": "85.25",
    "AccountType": "MIXED",
    "FolioLimit": "",
    "TotalCharges": "43.66",
    "CabinNumber": "2309",
    "CrewInfoNumber": "",
    "VoyageStartDate": "2018-08-04T10:01:55",
    "VoyageEndDate": "2018-08-11T10:01:55",
    "Duration": "7",
    "FacebookId": null,
    "InitialLogin": "2018-08-04T14:08:02.963",
    "ChatPurchased": "2018-08-04T14:10:15.9",
    "InitialUserAgent": "funhub/2587 CFNetwork/902.2 Darwin/17.7.0",
    "IsResponsibleParty": true,
    "IsFolioCancelled": false,
    "IsFolioDeactivated": false,
    "FirstName": "SCOTT",
    "LastName": "GRUBY",
    "VoyageId": "MC20180804007",
    "AvatarUrl": "http://leviathan.cclfunhub.com/FHMA-leviathan/Avatars/2811.jpg?636690028868502174",
    "IsChatProvisioned": true,
    "IsChatPurchased": true,
    "AcceptedPixelsTerms": false,
    "ChatId": 2811,
    "SelfieUrl": null,
    "DecurtisGuestId": "445911",
    "DismissedPixelsSurvey": null,
    "CompletedPixelsSurvey": true
}

Want to know who I have on my chat list? Bingo! (Names were removed.)

GET /FHMA-leviathan/api/contacts HTTP/1.1

[{
    "Relationship": "Chat contact request",
    "IsMinor": false,
    "FirstName": "XXXXXXX",
    "LastName": "XXXXXXX",
    "VoyageId": "MC20180804007",
    "AvatarUrl": "http://leviathan.cclfunhub.com/FHMA-leviathan/Avatars/1248.jpg?636690701830901659",
    "IsChatProvisioned": true,
    "IsChatPurchased": true,
    "AcceptedPixelsTerms": null,
    "ChatId": 1248,
    "SelfieUrl": null,
    "DecurtisGuestId": null,
    "DismissedPixelsSurvey": null,
    "CompletedPixelsSurvey": null
}, {
    "Relationship": "Chat contact request",
    "IsMinor": false,
    "FirstName": "XXXXXXX",
    "LastName": "XXXXXXX",
    "VoyageId": "MC20180804007",
    "AvatarUrl": "http://leviathan.cclfunhub.com/FHMA-leviathan/Avatars/2074.jpg?636690009457720910",
    "IsChatProvisioned": true,
    "IsChatPurchased": true,
    "AcceptedPixelsTerms": null,
    "ChatId": 2074,
    "SelfieUrl": null,
    "DecurtisGuestId": null,
    "DismissedPixelsSurvey": null,
    "CompletedPixelsSurvey": null
}, {
    "Relationship": "Chat contact request",
    "IsMinor": false,
    "FirstName": "XXXXXXX",
    "LastName": "XXXXXXX",
    "VoyageId": "MC20180804007",
    "AvatarUrl": "http://leviathan.cclfunhub.com/FHMA-leviathan/Avatars/2075.jpg?636690046360212793",
    "IsChatProvisioned": true,
    "IsChatPurchased": true,
    "AcceptedPixelsTerms": null,
    "ChatId": 2075,
    "SelfieUrl": null,
    "DecurtisGuestId": null,
    "DismissedPixelsSurvey": null,
    "CompletedPixelsSurvey": null
}, {
    "Relationship": "Chat contact request",
    "IsMinor": false,
    "FirstName": "XXXXXXX",
    "LastName": "XXXXXXX",
    "VoyageId": "MC20180804007",
    "AvatarUrl": null,
    "IsChatProvisioned": true,
    "IsChatPurchased": true,
    "AcceptedPixelsTerms": null,
    "ChatId": 2396,
    "SelfieUrl": null,
    "DecurtisGuestId": null,
    "DismissedPixelsSurvey": null,
    "CompletedPixelsSurvey": null
}]

Want to know what my room charges were?

GET /FHMA-leviathan/api/guest/AccountSummary HTTP/1.1

{
    "TotalCharges": "346.17",
    "TotalCash": "0",
    "TotalCredits": "60.92",
    "BalanceDue": "0",
    "AvailableCash": "0",
    "AvailableCashAtFolio": "0",
    "MaxCashForDeposit": "9999",
    "CashBalance": "85.25",
    "AccountType": "MIXED",
    "GuestList": [{
        "GuestCharges": "134.31",
        "GuestChargesLessGrats": "43.66",
        "LastName": "GRUBY",
        "FirstName": "SCOTT",
        "MiddleName": "ALLEN",
        "FolioNumber": "8540",
        "VoyageNumber": "MC20180804007",
        "BookingNumber": "8GM8F5",
        "PaxSeqNumber": "18"
    }, {
        "GuestCharges": "91.65",
        "GuestChargesLessGrats": "1",
        "LastName": "GRUBY",
        "FirstName": "XXXXXX",
        "MiddleName": "XXXXXX",
        "FolioNumber": "8538",
        "VoyageNumber": "MC20180804007",
        "BookingNumber": "8GM8F5",
        "PaxSeqNumber": "20"
    }, {
        "GuestCharges": "120.21",
        "GuestChargesLessGrats": "29.56",
        "LastName": "GRUBY",
        "FirstName": "XXXXXXX",
        "MiddleName": "XXXXX",
        "FolioNumber": "8539",
        "VoyageNumber": "MC20180804007",
        "BookingNumber": "8GM8F5",
        "PaxSeqNumber": "19"
    }],
    "FolioCharges": [{
        "LastName": "GRUBY",
        "FirstName": "SCOTT",
        "MiddleName": "ALLEN",
        "ChargeDate": "8/4/2018",
        "ChargeTime": "11:28:17AM",
        "ChargeLocation": "INTERNET ACCESS",
        "ReceiptNumber": "379101",
        "ChargedAmount": "0",
        "IsReceiptAvailable": "Y"
    }, {
        "LastName": "GRUBY",
        "FirstName": "SCOTT",
        "MiddleName": "ALLEN",
        "ChargeDate": "8/4/2018",
        "ChargeTime": "11:40:45AM",
        "ChargeLocation": "NON-REFUNDABLE ONBOARD CREDITS",
        "ReceiptNumber": "020620",
        "ChargedAmount": "-25",
        "IsReceiptAvailable": "N"
    }, {
        "LastName": "GRUBY",
        "FirstName": "SCOTT",
        "MiddleName": "ALLEN",
        "ChargeDate": "8/4/2018",
        "ChargeTime": "11:40:46AM",
        "ChargeLocation": "REFUNDABLE ONBOARD CREDITS",
        "ReceiptNumber": "020620",
        "ChargedAmount": "-3.64",
        "IsReceiptAvailable": "N"
    }, {
        "LastName": "GRUBY",
        "FirstName": "SCOTT",
        "MiddleName": "ALLEN",
        "ChargeDate": "8/4/2018",
        "ChargeTime": "2:14:49PM",
        "ChargeLocation": "CHAT PLAN",
        "ReceiptNumber": "381964",
        "ChargedAmount": "5",
        "IsReceiptAvailable": "Y"
    }, {
        "LastName": "GRUBY",
        "FirstName": "SCOTT",
        "MiddleName": "ALLEN",
        "ChargeDate": "8/4/2018",
        "ChargeTime": "2:51:38PM",
        "ChargeLocation": "BLUE IGUANA BAR",
        "ReceiptNumber": "382739",
        "ChargedAmount": "10.07",
        "IsReceiptAvailable": "Y"
    }, {
        "LastName": "GRUBY",
        "FirstName": "SCOTT",
        "MiddleName": "ALLEN",
        "ChargeDate": "8/6/2018",
        "ChargeTime": "6:18:33PM",
        "ChargeLocation": "NORTHRN LS UPPER SVC served in Main Dining Room",
        "ReceiptNumber": "419829",
        "ChargedAmount": "10.64",
        "IsReceiptAvailable": "Y"
    }, {
        "LastName": "GRUBY",
        "FirstName": "SCOTT",
        "MiddleName": "ALLEN",
        "ChargeDate": "8/7/2018",
        "ChargeTime": "8:37:19AM",
        "ChargeLocation": "LAUNDRY SELF-SERVICE",
        "ReceiptNumber": "429017",
        "ChargedAmount": "3",
        "IsReceiptAvailable": "Y"
    }, {
        "LastName": "GRUBY",
        "FirstName": "SCOTT",
        "MiddleName": "ALLEN",
        "ChargeDate": "8/7/2018",
        "ChargeTime": "11:31:37AM",
        "ChargeLocation": "TOWELS,ROBES&BOOKS",
        "ReceiptNumber": "430321",
        "ChargedAmount": "14.95",
        "IsReceiptAvailable": "Y"
    }, {
        "LastName": "GRUBY",
        "FirstName": "SCOTT",
        "MiddleName": "ALLEN",
        "ChargeDate": "8/9/2018",
        "ChargeTime": "2:04:26PM",
        "ChargeLocation": "SERVICE GRATUITY",
        "ReceiptNumber": "876839",
        "ChargedAmount": "90.65",
        "IsReceiptAvailable": "Y"
    }]
}

It appears that the chat application was using the Jabber protocol (XMPP) running on port 5222 (non SSL port). I only grabbed a little of the traffic, but the XMPP protocol would have all the chat conversations appearing in it.

<stream:stream xmlns:stream='http://etherx.jabber.org/streams'
xmlns='jabber:client' xml:lang='en-US.UTF-8' id='1B9C3F49DB9F71'
from='chat.cclfunhub.com'
version='1.0'><stream:features><mechanisms
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</
mechanism><mechanism>CISCO-VTG-TOKEN</mechanism></mechanisms></
stream:features><success
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/><stream:stream
xmlns:stream='http://etherx.jabber.org/streams'
xmlns='jabber:client' xml:lang='en-US.UTF-8' id='1B9C3F49DB9F71'
from='chat.cclfunhub.com' version='1.0'><stream:features><bind
xmlns='urn:ietf:params:xml:ns:xmpp-bind'/><session
xmlns='urn:ietf:params:xml:ns:xmpp-session'/></stream:features><
iq id='0E579D08-88CC-4A8E-8A80-C730BA9B0505' type='result'><bind
xmlns='urn:ietf:params:xml:ns:xmpp-bind'><jid>2811@chat.
cclfunhub.com/FA8CEBAF-6EDF-4B10-8D1E-7E6AF213F07C</jid></bind><
/iq><iq id='63D67AE8-2A53-4047-A9BE-A3E429953B7E'
type='result'/><presence
from='505c1c79-24c3-41d6-89c3-31e687ad3ab4@conference-2-
standalonecluster61f84.chat.cclfunhub.com/3940#ad29759f-2e4d-
4428-bbd2-23f953c285d2' id='tlDWA-7797'
to='2811@chat.cclfunhub.com/FA8CEBAF-6EDF-4B10-8D1E-7E6AF213F07C
'><x xmlns='http://jabber.org/protocol/muc#user'><item
affiliation='owner'
jid='3940@chat.cclfunhub.com/8f1c3bd92d91ad29'
role='moderator'/></x><c hash='sha-1'
node='http://www.igniterealtime.org/projects/smack'
ver='A1TcJY4mFaFrO9M5ctJsIPdHhsU='
xmlns='http://jabber.org/protocol/caps'/><delay
stamp='2018-08-10T04:05:07.36362Z' xmlns='urn:xmpp:delay'/><x
stamp='20180810T04:05:07.36362'
xmlns='jabber:x:delay'/></presence><presence
from='505c1c79-24c3-41d6-89c3-31e687ad3ab4@conference-2-
standalonecluster61f84.chat.cclfunhub.com/2508#4faf58be-ee9d-
4d80-8ee2-2ee662f6629a' id='vj32Z-86255'
to='2811@chat.cclfunhub.com/FA8CEBAF-6EDF-4B10-8D1E-7E6AF213F07C
'><x xmlns='http://jabber.org/protocol/muc#user'><item
affiliation='owner'
jid='2508@chat.cclfunhub.com/887e88d21b5f8201'
role='moderator'/></x><c hash='sha-1'
node='http://www.igniterealtime.org/projects/smack'
ver='A1TcJY4mFaFrO9M5ctJsIPdHhsU='
xmlns='http://jabber.org/protocol/caps'/><delay
stamp='2018-08-10T03:02:13.862187Z' xmlns='urn:xmpp:delay'/><x
stamp='20180810T03:02:13.862187'
xmlns='jabber:x:delay'/></presence><presence
from='505c1c79-24c3-41d6-89c3-31e687ad3ab4@conference-2-
standalonecluster61f84.chat.cclfunhub.com/1248#-iOS-00689BAE-
CC73-43A3-A258-4E9F8BA160A2'
to='2811@chat.cclfunhub.com/FA8CEBAF-6EDF-4B10-8D1E-7E6AF213F07C
'><x xmlns='http://jabber.org/protocol/muc#user'><history
maxchars='0'/><item affiliation='owner'
jid='1248@chat.cclfunhub.com/E22C11CA-B399-4D9B-A3D9-
BE9C35B5A1DD' role='moderator'/></x><delay
stamp='2018-08-10T03:57:54.660208Z' xmlns='urn:xmpp:delay'/><x
stamp='20180810T03:57:54.660208'
xmlns='jabber:x:delay'/></presence>

WiFi Issues

The security of the app wasn’t the only issue in using it. I suspect that the WiFi was also overloaded; with something like 6000 people on the ship, there were several thousand devices connected at all times even if they weren’t communicating at the same time. This made using the app very frustrating; messages didn’t get through and notifications were delayed, if they were received at all. Imagine all the people annoyed that his or her significant other wouldn’t respond even though he or she actually did. I stopped relying on the app in the first few hours of using it!

Recommendations to Carnival

  • Deploy a wildcard SSL certificate that is issued by a major SSL vendor (no self-signed certificates) to each internal server on each ship.
  • Add more WiFi capacity to every ship.
  • Perform load testing of the apps (iOS and Android).
  • Perform load testing of the WiFi network.

I’m not sure if the app has been updated, but here was the information about the version:

System Name: iOS
System Version: 11.4.1
Application Version: 2.2.3 (Build 0)
Ship Name: Magic
Hostname: http://leviathan.cclfunhub.com/FHMA-leviathan
Voyage ID: MC20180804007

Conclusion

While the concept of being able to communicate with others on a cruise especially if you have a large party is great, Carnival’s implementation needs work. In the future, I’m inclined to bring FRS radios; they definitely won’t work everywhere, but could be more reliable in certain situations. Also, meeting your group each morning and going over plans even if people go their separate ways (like people did before technology!) might also be in the cards.

If Carnival wants to get in touch with me about these issues or wants help with the app, I’m available!

HDMI ARC and HDMI CEC

Several years ago, I purchased a Vizio 5.1 soundbar system. At the time, the way to get the best audio from it was to use the optical input. This worked fine, but required me to use 3 remotes for watching TV; 1 for the TV, 1 for the soundbar, and 1 more for the Roku I had at the time. When the Apple TV 4 came out, I learned about HDMI CEC which is basically a protocol that lets devices talk to each other and have some control. The Apple TV remote then let me turn on the TV and put it in standby without touching the TV remote. That brought me down to 2 remotes. The Apple TV remote could also control the soundbar using IR which brought me down to 1 remote.

This setup worked fine for years, but had a few slight problems. The first is that when I powered on the Apple TV and TV using the remote, I’d have to hit the volume up button a few times to wake up the soundbar and then would have to lower the volume. Second is that putting the Apple TV and TV in standby did nothing for the soundbar; it went into low power mode after awhile, however. The last complaint, albeit minor is that I couldn’t use my iPhone or iPad to control the volume.

I’d read about HDMI Audio Return Channel (ARC) where instead of using optical audio out, an HDMI cable could be used which would give better audio. My soundbar didn’t have this option (the TV which was older than the soundbar did have it) so I was stuck with the optical audio. In addition, if the devices supported HDMI CEC, the volume could be controlled using another device’s remote.

A few weeks ago, I finally decided to upgrade my soundbar to one that supports Dolby Atmos and purchased the Vizio SB36512-F6 which was on sale at Costco. While I have no idea if I’ll be able to hear the Dolby Atmos (I need content to support it), I’m pretty pleased with the purchase. This soundbar is connected via HDMI and allows me to use the Apple TV remote (and my iPhone/iPad) to completely control my entertainment devices. In addition, the sound on the bar seems crisper and can now hear the rear speakers much better. It may be that HDMI ARC works better than optical or maybe makes it easier to configure. I am excited to be able to try out Atmos and see if that lives up to the hype in the room I watch TV (it may not as the ceiling isn’t that high and due to the layout, it is just part of a larger room).

I love when devices work together and with this new soundbar, I may have found the perfect combination for my viewing experience.

One last thing, the iPhone app for the soundbar is a piece of garbage. I used it to upgrade the firmware on the soundbar and promptly deleted it. Why is is so hard to make a basic app for controlling the settings of a device?

Review: Anker PowerCore 26800 Power Bank

On a recent camping trip, I brought along a few small power banks to charge phones and watches (we weren’t completely out in the wilderness and having a phone for pictures and emergencies is quite important). It was kind of awkward to charge the devices using 3 separate batteries. I decided to look for larger power banks that could charge multiple devices at once. Originally I was looking for one that could also power my laptop for a little bit, but decided that the number of times I’ve had to power it have been few and far between. Since I had good results with Anker products, I purchased the Anker PowerCore 26800 Portable Charger.

This charger is close to the largest battery that you can legally bring on an airplane, but weighs just over a pound. In addition to the 3 USB ports (many power banks just have 2), it has 2 micro USB ports for input to charge it faster. With a battery this large, faster charging is nice to have. The power bank is pretty basic; charge it up with the micro USB inputs (it doesn’t come with a wall adapter, so I just use the Anker 6-Port USB Charger to charge it) and then plug devices into the USB ports.

We used the power bank a number of times this past summer during another trip. I put it in my backpack with a few cables and during the day charged up our phones (even with new batteries, our iPhones suck down batteries when using GPS). Being able to plug in 2 devices at once was quite convenient. Also since the battery is so large, I think I only had to charge it once on a 2 week trip.

This battery has performed well and I anticipate using it on camping trips, family vacations, and having it around in case of emergencies. As I’ve switched to USB charging for as many devices as possible including flashlights, this battery can also be quite helpful in an emergency or a disaster.

Pros

  • Largest battery you can take on a plane.
  • 3 USB ports for charging devices.
  • Faster charging with 2 USB inputs.
  • Not too heavy.

Cons

  • Some may consider it a bit expensive for a battery.

Summary

This power bank has allowed me to consolidate power banks on trips. While it may not be the smallest, I don’t have to worry about it running out of power even if I charge a number of devices. It just works and the 3 USB ports make it more useful to me than other power banks I could have purchased. If you’re in the market for a power bank, I’d definitely consider this one.

Never enough charging ports

This past summer my family went on a vacation to the Grand Canyon and a few other destinations in Arizona (yes, it was hot!). For the driving trip we packed a lot of devices. Between the 3 of us, we had 3 iPads, 3 iPhones (my son just uses one for its camera), 2 Apple Watches, AirPods, a mobile hotspot, and an Anker PowerCore 26800 Power Bank. After I bought and reviewed the Anker 5-Port USB charger several years ago, I realized that the Anker 6-Port USB Charger was a better device as it didn’t add much bulk to the 5 port and gave me an extra port. Since then I’ve bought a few of the chargers and put one along with cables in a small bag I take when I travel. While I don’t need to charge everything at once, 6 ports just isn’t enough to keep everything charged especially since the power bank uses 2 ports to charge faster. After we got back from the trip, I ordered another charger.

With 2 6-port chargers, I think that I’m all set for awhile. If I plug in everything at once (which I’ll rarely do), all the devices will use 12 ports! That’s kind of sad and amazing at the same time that we travel with some much technology. I just have to remember to bring enough cables to charge what needs to be charged. In my opinion, there is no reason to ever travel with smaller chargers even if they are a little more compact. I travel alone, I’m going to have 6 devices with me. Yes, I’m addicted to my gadgets.

Porting an iOS app to macOS

About six weeks ago (2 weeks or so before WWDC), my client asked me to port an enterprise app I wrote for iOS to macOS. I haven’t done macOS work for a long time, but how hard could it be? In the last few years, a number of iOS-like technologies have come to macOS; while they aren’t named the same, many things function similarly like NSViewController (UIViewController), NSTableView (UITableView), NSTableCellView (UITableViewCell), etc. All of my iOS apps for this client are written in Swift, so it made a lot of sense to use Swift for this macOS app.

Getting started with the project took about a week to get familiar with macOS again, but then things started moving. The first thing I did after the app ran was to make a version of my framework that I use across 5 iOS apps (models, networking, methods, etc.) over to the Mac which wasn’t difficult; I only had to do a few platform specific defines for the files I moved over (I didn’t move the UI pieces over). Once the basic app was running, I started the UI and had real data showing up within a few weeks from start. I took a number of pieces of the iOS app, copied the code and pasted it into the Mac app. The number of changes for these pieces were minimal (.stringValue instead of .text on the NSTextField vs UILabel), but I was quite pleased how I was able to reuse the code.

From start to basically feature parity with iOS took about 5 weeks. I’m sure that there are things that I’d change such as doing extensions on classes instead of copying/pasting code as I’ll have to maintain both apps going forward, but that could obscure how things work. I am extremely pleased with how well this project is going (it hasn’t been deployed, yet).

At WWDC Marzipan was revealed and it looks like it will allow many iOS apps to run on macOS. This, of course, would have helped me get my app up and running, but would it feel like a Mac app? While not every app is as straight forward as the one I ported, developers that want to move their apps to macOS today have nothing stopping them.

Experimenting with Home Assistant

Last week I read that Ubiquiti Networks had hired the main author of the Home Assistant home automation project. I looked at the project and at first I couldn’t understand what the project would do, but after poking at it, I realized that it is the glue that connects disparate automation systems. I wrote about putting together various pieces together and thought that maybe Home Assistant could put all the pieces together in one little box.

Over the course of a few hours last weekend, I installed Home Assistant on a Raspberry Pi 2, configured it to connect with my Vera and set it up for HomeKit and Amazon Echo. Right away Home Assistant removed Homebridge and HA Bridge from my system; fewer parts means it is easier to maintain.

Looking at the list of available components, it is clear that Home Assistant could replace my Vera and could control everything without me having to put together all the little parts. It has components for Envisalink, my Russound audio distribution units, my Squeezebox devices and everything else I could throw at it. If I put a Z-Wave stick on the Pi, Home Assistant could also natively handle Z-Wave. In order to replace my Vera, I’d have to convert my schedules and my PLEG actions over to Home Assistant which is not an insignificant task.

While I’m not ready to say that Home Assistant is the clear winner in the home automation game as configuring it is quite painful (most of it has to be configured via specifically formatted YAML files), it is very intriguing. If the author does what he has said he’s going to do to bring more of the configuration to the GUI, but leave advanced features to the YAML files, I’ll be quite happy. It isn’t for the faint of heart, but well worth a look for any home automation enthusiast.

Rebooting the Subaru Impreza 2017 Infotainment System

A few months ago in my post about a year with my 2017 Subaru Impreza, I mentioned that sometimes CarPlay doesn’t start. This is annoying and I thought the problems were gone with the recents updates. However, last Saturday it didn’t start again and I actually needed the navigation to get somewhere. I had read that opening and closing the door 3 times would reboot the car, but it didn’t work. I could wait 10 minutes, but I had to leave. That left me without navigation but luckily my son was able to use an iPad connected to my hotspot to navigate.

After this episode, I started looking for the real answer to rebooting the infotainment system. I searched and searched and found on a forum (can’t find the reference right now) that if you press and hold the power button for the radio until it shuts off and then for another 10 seconds, the unit restarts. I found this hard to believe, but went out to my car and tried it out. It actually worked! Now I had a potential workaround the next time I had a problem.

Yesterday I plugged in my phone as normal and CarPlay didn’t start. I pushed and held the power button to reset the unit. Once it was up again, I reconnected my phone and presto, it worked! This definitely should be documented somewhere as it is extremely convenient. Let’s hope that a software update doesn’t remove this functionality.

One week with the ICOM IC-7100

After deciding on a ham radio to purchase, I bought an ICOM IC-7100 from GigaParts. I could have purchased it locally by going into Ham Radio Outlet, but I didn’t want to leave the house and my first interaction with the store wasn’t very helpful. In addition to purchasing the radio, I knew that I also had to purchase a power supply. I went with a TekPower TP30SWV as it got decent reviews and looked like it would meet my needs.

Last Friday the radio arrived, I opened it up and put it on my desk. Unfortunately Amazon hadn’t delivered the power supply making the radio a nice looking paperweight for awhile! Looking at the connectors on the radio, I knew there was another piece I needed to solve and that was how to connect the radio power cable to the power supply. I went to Home Depot and bought some crimp connectors. Once the power supply arrived and I was able to determine the size of the posts on the back of it, I went ahead and crimped on some lugs.

Power Supply Connectors

Radio and Power Supply

I hooked up my antenna (I have it mounted outside on the deck and fed into the house), turned on the radio (I had already gone through the manual a few times), tuned it to a repeater frequency and waited. Later that evening, I decided to dive into programming some repeater frequencies using the RTSystems software I purchased to go along with the radio (I’m definitely not a Windows fan, but the choices are limited in programming the radio using a computer). After playing around with the radio for awhile, I happened to tune to the national 2m simplex calling frequency and had a nice chat with someone about 10 miles away. While this wasn’t a huge distance, I was pretty impressed as the handheld I had made it hard to basically reach anyone.

Controller

The built in speaker is pretty clear and others have said that I’m clear (depending on the repeater I hit). The controls feel solid and the screen is quite readable. I really like that the controller is small and can sit just behind my keyboard; it doesn’t clutter up my desk and lets me play with it while I’m working.

The radio has far too many controls to understand all of them right now, but I’m trying to learn bit by bit. It is no wonder that a company makes a simplified manual which I’ve put on my “to buy” list.

So far I’ve been playing with 2m and 70cm on both FM and D-Star. I’ve made a few contacts and done a bunch of listening.

Desk and Radio

Pros

  • The separate controller and radio makes it easy to have the controls sit right on my desk without cluttering it.
  • Touchscreen interface with context sensitive buttons helps navigate the large number of features.
  • Microphone feels quite sturdy. Much more of a quality product than the microphone I have for my Baofeng.
  • Ability to change transmit power makes it easy to reach repeaters. Some have said that where I live is a difficult RF area due to the hills.
  • Pre-amplifier helps to bring in somewhat weak signals.
  • Ability to add a name to each memory location is extremely convenient. The Baofeng lets me display a name or the frequency, but not both.
  • Programming repeaters on the radio is straightforward; not as easy as using the programming software, but not really difficult.
  • Ability to easily tune to weather channels.
  • Can adjust various filters, though I’m not quite sure how much use those are in UHF/VHF and repeater use.

Cons

  • D-Star interface (or maybe it is just D-Star) is not very intuitive. I’ll write about this separately.
  • The programming software is a “clone” in that it completely overwrites the radio. So I have to read from the radio, modify it and then write it back otherwise I lose anything I’ve done on the radio.

Summary

I think I’ve made the right choice with this radio. It seems to have everything I need and is performing well. We’ll see what happens when I start getting into HF, but for UHF/VHF I don’t know what else I need or would want. The touchscreen interface is easy to use and while my only other ham radio experience has been a Baofeng, I can see how the interface is more convenient than conventional interfaces that require repeatedly pushing buttons to cycle through options. Seasoned operators might be used to other rigs and could probably tell me the limitations of the IC-7100, but as a starter radio this fits the bill.

There is no comparison between this radio and the cheap Baofeng I have. The Baofeng is almost painful to use while this is fun and easy to use. I’m looking forward to getting a handheld radio and based on my initial impressions of this ICOM radio, the ICOM ID-51A PLUS2 will be the ready for me.

IPv6 on USG

Recently Ubiquiti released version 5.7.20 of its controller software. One of the features it added was GUI control of IPv6 for the UniFi Security Gateway. IPv6 was already available if you were willing to muck with a JSON file and configure it; I already had it setup, but my goal is to keep removing my custom configurations and use the GUI for setup. This will give me a better view of the configuration.

While some tech folks have been pushing for IPv6 support everywhere due to the lack of IPv4 addresses, IPv4 still hasn’t gone away. My provider, Spectrum (formerly Time Warner Cable), has IPv6 on its network and just for learning about it, I had everything setup and working pretty well. Yesterday I upgraded my controller and started looking at how to setup IPv6 via the GUI. It is actually quite straightforward. I am NOT an IPv6 expert, so please send me corrections.

  1. Find your USG in the devices tab of the controller and click on it.
  2. Click on Config.
  3. Under IPv6, select Using DHCPv6 and set the Prefix Delegation Size according to whatever your ISP uses. Mine is 56.
    USG Configuration
  4. Queue Changes and then wait for the USG to be completely provisioned.
  5. Go into settings, click on Network, and then click Edit next to your LAN.
  6. Locate the Configure IPv6 Network section.
  7. Click on Prefix Delegation next to IPv6 Interface Type (this may differ depending on your ISP).
    LAN IPv6 Configuration
  8. The rest of the defaults seem to work fine.
  9. Under DHCPv6/RDNSS DNS Control, I set it to Manual so that I can override the IPv6 DNS servers that my ISP advertises. This allows me to use Pi-Hole and the USG as DNS servers.
  10. Enter the IPv6 addresses of DNS servers you want to use under DHCPv6/RDNSS Name Server. This can be tricky as the IPv6 address could change (though not likely), I entered the link local prefix of fe80:: instead of the first four groups of hex digits in the hopes that if my IPv6 address changes, I don’t have to reconfigure. This appears to work, but I am not 100% sure it is correct.
  11. Click Save and wait for the USG to provision.
  12. Restart any devices or just wait for them to pick up the IPv6 address. You can goto IPv6 Test and see if everything works.

Why use IPv6 now? I have no idea, but figure I’d learn a little and prepare for the future. I hope this helps someone configure IPv6.

A layered approach to backups

[Update: 08 Mar 2018 – Style updates (thanks, Richard!) and added information about source code backups.]

For the last 20 years I’ve been pretty paranoid about backups. While my approach has changed over the years, one constant is that losing data is disastrous. I started with manual backups to floppy disks, then to Jaz disks where I’d rotate disks and store one at my parents’ house, then moved to burning DVDs that I’d put in a safe deposit box.

These days my routine is more refined: I use a modified 3-2-1 strategy to protect my data. If you’re not familiar with the 3-2-1 strategy, it is to have 3 copies of your data, on 2 different media, with 1 off-site backup.

Hardware

  • 2017 MacBook Pro as my main machine
  • 2012 MacBook Pro for my wife’s machine
  • 2013 Mac Pro
  • Akitio Thunder2 Quad attached to the Mac Pro with four 6 TB drives; 2 are dedicated to backups. The drives are arranged in JBOD.
  • 9 1 TB bare drives
  • Newer Tech Voyager S3 connected to my MacBook Pro for doing backups to the bare drives
  • HighPoint Dual-Bay Thunderbolt Dock that I move between the Mac Pro and my wife’s MacBook Pro for backing up to the bare drives.
  • Carbon Copy Cloner. I used SuperDuper! for many years, but switched last fall because CCC has more features that work in my current strategy. SuperDuper! is a great product for cloning drives and has some features that CCC doesn’t have.

Procedure

  1. My wife and I each have iCloud accounts with extra storage mainly to keep copies of our photos. Not only are the photos in iCloud, but they are synced to our MacBook Pros which are then backed up.
  2. Each of the machines in my house backs up to Time Machine. My MacBook Pro and my wife’s MacBook Pro do this over the network to my Mac Pro acting as a server. The Mac Pro does a local Time Machine backup to the Akitio. I don’t consider a network Time Machine backup to be a primary backup as the disc image that Time Machine creates seems to get corrupted far too often. I have no idea why, but it is a thorn in my side. Time Machine, however, has saved data on more than one occasion.
  3. Every day both of the laptops are set to backup their home directories using Carbon Copy Cloner to a disc image residing on the Mac Pro. The disc image is temporary storage, but an extra copy just in case.
  4. Every day the disc images from the home directories are backed up to a folder on a different drive on the Mac Pro. This takes the files out of the disc image.
  5. Every day my accounting data and my Paperless libraries are copied to iCloud Drive on my MacBook Pro. Since my Mac Pro is also connected to iCloud, this has the advantage of copying the data to the Mac Pro and keeping extra backups.
  6. A full backup of the Mac Pro is done daily using Carbon Copy Cloner to a partition on one of the Akitio’s drives.
  7. Each week I use a bare hard drive and the hard drive dock to make a full copy of each computer. This is a manual process, but easy to do. Carbon Copy Cloner is set to backup on connect.
  8. Each week I take a set of the bare drives to my safe deposit box. I have 3 sets of bare drives and rotate them weekly. The 2 sets that aren’t in the safe deposit box are stored in a First Alert 2037F Fire Safe.
  9. My source code for work and some of my projects is stored on github.com or bitbucket.org.

While my setup isn’t the simplest or least expensive, I don’t worry about losing data. Of course there are failure points in this setup but in general most of my data will be preserved in case of some type of data disaster.