TV Analysis Paralysis

When I started to see rumors about the 4K Apple TV, I decided that I wanted to jump on the 4K/HDR bandwagon. While there is nothing wrong with my 4 year old Vizio TV and 5.1 soundbar system, I enjoy watching TV and wanted better picture quality (yes, I know I need content and will pay an additional $2/month for Netflix 4K). Since I have been generally pleased with my Vizio M Series TV, I was looking at getting the new M Series that did 4K and HDR. With that decided, I wanted to move to a slight annoyance I have with my current setup.

This annoyance is minor and has to do with controlling sound. Since the Apple TV and my TV support HDMI CEC (consumer electronics control), I can turn the TV on and off with the Apple TV remote. Furthermore, the Apple TV remote can control the volume on the soundbar via IR. This setup works, but requires that I aim the remote at the soundbar to control the sound and sometimes takes a few tries because something is in the way. I had heard about HDMI ARC (audio return channel) which would let me plug a soundbar into the TV via HDMI and route all the audio that way. In addition to just routing the audio, this would give me CEC for the soundbar bringing my dream of one remote to control everything. Off I went to look for a soundbar that met this criteria. I picked up the Vizio SB4051-D5 at Costco and it appeared to meet my needs. I was able to control everything from one remote and was even able to change the volume using the Apple TV remote app on my phone or iPad.

My joy faded fast when I started looking at putting 4K/HDR into the mix. The Vizio M Series TV has 4 HDMI ports, put only HDMI 1 supports HDMI 2.0 which supports the latest 4K/HDR standards. In addition, only HDMI 1 supports ARC for audio. OK, no problem I thought; plug the Apple TV into the soundbar and the soundbar into the TV, all via HDMI. This works fine for HD, but once I got down into the specs, I realized that the soundbar would have to pass the 4K/HDR video signal to the TV. None of the Vizio soundbars do this today. Soundbar goes back to Costco.

Now I’ve resigned myself to waiting for better options. However, in the meantime, I started looking at a company I’d never heard of, TCL and their P series TV. With 3 HDMI ports that support HDMI 2.0 and 1 of those supporting HDMI ARC, it looks like I still may well be able to realize my goal of 1 remote; the Apple TV would plug into HDMI 2 and a soundbar into HDMI 1. In addition, the TCL has Roku built in; I used Roku prior to the Apple TV and was generally pleased with it, so that’s a bonus.

Where do I stand? Well, I’m going to take a closer look at the TCL TVs and just sit tight for awhile before I make a purchase. I am still going to look at a new soundbar after I get a new TV.

Any advice on new, budget 4K/HDR TVs?

Writing Enterprise Software

Up until a few years ago, I spent most of my career writing software that was used by consumers. This was very satisfying as it was easy to explain to others what I did and in many cases, they’ve heard of the software such as Eudora, PayPal, or eBay. With the rise of the smartphone, everyone and his dog is learning to write software and hopes to strike it rich on the App Store. Many developers, it seem, think that the exciting software to write is this type of software where the developer can earn a name for herself or himself.

Through a few changes in my positions at a company, I started working on retail software that would be used by store associates and would never be seen by consumers. At first this seemed pretty boring as enterprise software is typically very utilitarian and doesn’t get to use many features of modern smartphones. Now that I am fully immersed in enterprise software, there are some key advantages to it over writing consumer software.

  • All devices running the software get the same app version using MDM (mobile device management); no worrying about people running old software.
  • Limited number of users makes it easier to train people to use the software.
  • Bugs can be fixed and features added very quickly without App Store approval process.
  • No one writes reviews of the software that hurt your feelings!
  • You don’t have to worry about marketing a $0.99 app and the race to the bottom in pricing.

With more and more iOS devices being used in enterprise, there are huge opportunities for development. It may not get me fame or fortune, but it is currently my path to a decent living!

Credit Card Fraud

I’ve had a credit card since I was in college; when I first got one, my dad instilled in me that a credit card is basically cash and that I should never spend more than I have. Credit cards, to me, have two main advantages over cash; first, I don’t have to carry much cash and second, there is a little consumer protection in that I can dispute a charge if there is something wrong with the goods or services. Given that, I use my credit card for almost every transaction I can both online and in stores (it doesn’t hurt that my current card gives me cash back and has extended warranty protection).

With the amount that I use my credit card, it really didn’t surprise me the first time a fraudulent charge appeared on my statement. Throughout my career, I’ve had the opportunity to be on the merchant side of credit card processing and have seen how credit card numbers are mishandled.

In the last few years, I’ve learned a lot about credit card processing from my work at PayPal and now my work on retail systems. As part of my work, I had to create test credit cards to run on the processing equipment; I used numbers that passed the Luhn algorithm and wrote the numbers to mag stripes on blank white cards (they couldn’t be mistaken for real cards). This process taught me how easy it is to take a real credit card number and burn it onto a card so that it could be used in a store. The chip technology now in cards is designed to prevent this type of fraud.

The most recent time my card number was compromised was last month when I got an alert about several charges in New York at a restaurant and a hair salon. These charges were done in-person where the card number was written to another card. The merchants did a manual swipe and didn’t bother looking at the card to verify the last 4 digits matched the imprinted digits.

The only way to put more of a dent in in-person credit card fraud is to completely stop processing swipes; the problem with this is certain cards such as prepaid cards don’t use the chip. This, of course, doesn’t help online fraud. Banks have gotten much better at detecting fraud early but unfortunately by that time the damage has already been done.

Cellular Data Speeds

When I worked at QUALCOMM over 20 years ago, I was introduced to cellular data. Everyone was excited about being able to get stock quotes on the 4 line display of the phone; remember Unwired Planet? Data speeds were a whopping 9.6 Kbps on the digital network. This speed was enough to stream Real Audio, get email, and do basic tasks. I was even able to hookup a laptop and “browse the web”.

Fast forward to today where the mobile hotspot I use is able to get 20 Mbps down and 10 Mbps up! These speeds are significantly faster than the 5 Mbps down I had on my cable modem when I worked at QUALCOMM. I know that I shouldn’t be surprised at the advances, but trying to explain to my son about what we could do back then makes me think how far technology has come in that time. Today’s cellular data speeds are at least 2000 times faster than what I used 20 years ago and there is no end in sight to how fast the connections will get. Of course, there will be a limiting factor that the connections to the other parts of the Internet won’t match the air link, but the speeds still amaze me.

6 months after fixing Internet woes

About 6 months ago, I wrote about how I replaced all of my dad’s networking gear with Ubiquiti products including the USG, Cloud Key, and a pair of UAP-AC-LRs. While it didn’t completely cure his Internet issues, we were at least sure that the router and access points weren’t the problem. His cable provider kept doing work on the connection and eventually he replaced the cable modem with an ARRIS 6183. I don’t believe that the cable modem was the problem, but I wasn’t going to argue with it working (we had already swapped out the cable modem with a different SB 6141).

The gear has been rock solid; one of the access points wasn’t touched since the day we installed it; the USG was rebooted when the cable modem was replaced and my dad had to reset the other AP when he did some wiring changes in a closet.

Screen Shot 2017 08 02 at 9 24 14 AM

Ubiquiti has been putting out regular updates to the equipment, but I decided to just leave it on older versions as everything was running. Yesterday I went ahead and performed the upgrade remotely which was quite scary as any firmware upgrade could render a device useless. Luckily upgrading all components went smoothly; the Cloud Key took a little longer than expected and I almost panicked when it didn’t come back online.

I asked my dad if he’s had any problems with the Internet and he said no; this was news to my ears. Prior to installing the Ubiquiti equipment, the family’s solution for any time they had a problem was to reboot the cable modem and router. This no longer happens and everything just works.

As much as I’d like to recommend this type of setup for the average household, the separate components make it intimidating. For anyone with a little networking knowledge that has to handle an Internet connection for someone else like a family member or a small business, I’m not sure that you can beat Ubiquiti for the features at the price point.

Yes, I know I sound like an advertisement, but the more I use their hardware, the more I keep looking at reasons to get more and see what it can do.

Dongles everywhere!

In the last few revisions of the MacBook and MacBook Pro, Apple has replaced the legacy ports with USB-C ports which some think is forward thinking and others complain that their devices don’t connect. Last fall, when the last MacBook Pros were announced, I was eyeing one, but ultimately decided against buying one. However, when Apple had a sale on the dongles to placate people, I thought about what I would need for my next computer. I bought a USB-C to Thunderbolt 2 adapter and a USB-C to USB-A adapter.

Fast forward to last month when Apple announced the 2017 MacBook Pros and I decided that it was time to replace my almost 5 year old MacBook Pro. I again, had the option to purchase dongles, but decided the 2 I had were all that I would need. My current setup is 2 27″ Thunderbolt displays that each have 3 USB-A ports, FireWire 800 and a Thunderbolt port. With only the USB-C to Thunderbolt 2 adapter, I’m able to hook up my MacBook Pro to 1 display (second display is daisy chained) and all my devices work. When I travel, I can bring the USB-C to USB-A adapter in case I need to use a card reader.

While I may not be typical in my setup, basically 2 dongles are all I need to make my new computer hook up to all my legacy devices; this is really no big deal. Next year, however, when/if Apple releases its own displays again, they will unlikely have legacy ports. At that time, I’ll get a few USB-C to USB-B cables for my scanner and hard drive dock and a few USB-C to USB-A adapters to hook my Lightning cables; total cost for all this will be maybe $30 and the cables/dongles will always be plugged into the display. Nothing to lose and a minor cost to move forward.

I’m not sure why there was so much uproar in the Mac community about getting rid of legacy ports; to me this is a much smaller deal (if any) than moving from 30 pin to Lightning because of the shear number of devices and cables I have lying around the house.

Review: ZTE Mobley

Several years ago, I worked for a company that sold Sprint service. As part of my job, a “perk” was a company issued phone and then when the MiFi mobile hotspot was released, I got one of them for experimentation and use. (I use perk lightly because having a company issued phone or device is more of a tether keeping you connected all the time.) When I left the company in 2010, my boss said that I could use the company discount to purchase a device and plan; I purchased a MiFi and had a $45/month plan for 5 GB of data. After about a year, I realized that I wasn’t using the device much and cancelled the plan.

For the most part, I haven’t had a need or desire for a mobile hotspot and my iPhone’s mobile hotspot has worked fine when I needed it. Over the last year or so, I’ve heard advertisement after advertisement about “built in 4G/LTE” in cars which seemed like a way just to keep the kids in the back quiet and I ignored the ads. Earlier this year, I saw that AT&T was dropping the price of their “Connected Car” plans to $20/month for unlimited data (22 GB, in reality and then de-prioritization). Now things were starting to get interesting in pricing.

AT&T offered this plan on cars that had built in cellular, as well as with the ZTE Mobley which plugs into a car’s OBD-II port. The only problem with this, for me, is that I have an Automatic plugged into the port and only being able to use the device in the car had limited utility. Luckily, I read on forums that people were buying adapters to plug it into USB or AC. Since the cables looked like someone hand made them, I decided to make my own so that I could choose the parts. I picked up an OBDII Connector Cable Pigtail and a 5v to Dc 12v USB Converter (I picked this one because any heat generated from the electronics wouldn’t be right at the end of the cable). I soldered the pieces together and had a USB to OBD-II power cable.

I purchased the Mobley outright ($99) with no activation fee. When it arrived, I plugged it into my cable and into USB and it powered right up without problems. My first few uses of it were when I went to the car dealer and had to wait around; I plugged it into a USB battery (at peak power consumption, it uses something like 700 mW). It performed quite well and I got acceptable speeds without having to worry about jumping on an unknown WiFi network and dealing with my VPN.

The next test was when we drove about an hour to go camping; my wife was in the passenger seat and my son was in the back seat. My son had an iPad and was entertained for the trip. My wife started out the drive just saying that she would use her phone, but about 10 minutes down the road, she asked my son to hand up her iPad. From that point on, I think the hotspot gained a permanent place in our longer car rides! This past week we went on a driving vacation and covered about 1500 miles. The hotspot powered up when the car started (it was plugged into one of the USB ports; my car has 2 USB ports, but I bought a 2 port cigarette lighter to USB adapter, so I had a total of 4 ports) and was available wherever we had AT&T coverage which turned out to be maybe 75% of the total time in the car.

In one of the hotels we were staying, I was able to get over 20 Mbps down which to me is amazing considering my first cable modem was 5 Mbps down and the first cellular data links I worked with at QUALCOMM were 9.6 Kbps.

Screen Shot 2017 07 19 at 8 49 03 PM

While $20/month seems like an unnecessary expense for times that I won’t use it, I can justify the expense.

Pros

  • Easy to use (just plug it in and connect to WiFi).
  • Coverage wherever AT&T has coverage.
  • Hard to use up 22 GB a month in normal usage (we used about 17 GB on our last trip and that was using it in the car and hotel).
  • Device is reasonably priced ($99).
  • Monthly fee is reasonable ($20/month).
  • Automatically turns on when power is applied.

Cons

  • Have to buy or make a cable to use outside of the car.
  • Limited to 5 devices at a time. This seems like a lot of devices, but we had a total of 6 and some devices always stay connected to WiFi causing me to have to block/unblock a device).
  • Doesn’t support carrier aggregation which would support higher data rates.

Summary

As much as I didn’t want to think that a mobile hotspot would fit into my usage, it has proven to be an excellent device. I’m sure that my review (except for the auto power on) would be the same with any mobile hotspot, but the price of the device and the price of this plan make the ZTE Mobley a keeper. Even though you can turn your phone into a hotspot, it doesn’t stay on all the time and uses data from your plan. By having a separate device, you don’t have to worry about going over your usage and being throttled and don’t have to worry about turning on the hotspot.

I would be interested in trying out the other mobile hotspots that AT&T has to offer as they would look neater than my soldered set of cables and be more compact, but I have to check the terms and conditions to see if there is a problem moving my SIM to a different device and keeping the same plan.

Cleaning up a mess

Over the course of the last few years, my closet of networking equipment has grown and while everything works, it wasn’t the prettiest sight. I had originally tried to color code all the cables and arrange things as neatly as possible, but it didn’t quite work out. I finally got tired of looking at it (after viewing pictures of other people’s clean networking racks), purchased a 48 port patch panel that had RJ45 connectors on the front and the back and a bunch of white cables of various sizes (color coding was a waste for me as it really didn’t matter what went where). My original plan when I setup the rack was to use patch panels, but at the time, I was looking at patch panels that I had to terminate in the back; this would have meant a bunch of wires coming from the wall that I’d terminate in the panel. I opted to put all the RJ45 jacks in the wall and have patch cords going from the wall to the equipment.

This is the before picture (yes, I know it is blurry; didn’t notice it until after I had already cleaned everything up. My son is a Michael Jackson fan and thus the song on the Squeezebox!)

Before

By rearranging the cables such that the only cables coming out the front go from the patch panel to the switches, I was able to take the clutter and move it to the back. The back doesn’t look half bad as I used shorter cables and wire tied them together.

After

These changes, of course, don’t change the functionality of my setup, but I like how clean this looks.

Fragmented World Of Payments

Last Saturday we ran a number of errands and at the end of the day something dawned on me: I had used several different payment systems and the payment process remains awkward for most of them.

Our first stop was Walmart where the payment terminal said to swipe my card, so I did and then was told to insert the card (called a dip). Since I don’t shop at Walmart all that often, I didn’t realize or remember that they now do chip. It is also hard to remember or know which merchants can take NFC payments; the terminal may look like it works, but when you try it, it fails.

Our next step was the ATM; this particular ATM was a Bank of America ATM that did NFC (NFC is the mechanism by which the iPhone talks to payment terminals). I had loaded my ATM card on my iPhone to give it a try. Unfortunately it didn’t work probably because I’m not a BofA customer and it didn’t like the card from my phone. So I reverted back to inserting the card.

After the ATM, we went to PETCO where I was able to use my Apple Watch to buy some crickets.

Then it was Costco for gas. While Costco does chip cards in the store, it is an insert (swipe) at the gas pump. I got a few hours break after that part of the journey because my credit card needed a rest!

For dinner, we went to BJ’s Restuarant. The selection is wide and my son likes it. We go there often enough that this time I decided to sign up for their rewards program. I downloaded the app and signed up. There was an option for mobile payment which was interesting. At the end of the meal, I pulled out the app, tapped on mobile payment, entered our check number, selected the tip and was presented with the option to pay with Apple Pay. That was pretty cool; I used TouchID to pay and we left (kind of felt weird not interacting with the server to pay).

After dinner, we headed to Best Buy to buy an iPad for my mother-in-law. Best Buy does NFC payments and used my Apple Watch (it took 2 transactions because the terminal froze when it came time to sign).

Recapping, in the course of the day, I used the following ways to pay, all with my credit card:

  • Dip (insert)
  • Insert (swipe)
  • Apple Pay (on Apple Watch)
  • Apple Pay in an app

I’m a huge fan of Apple Pay because of the security (merchants don’t see my real credit card number) and while I don’t choose places to shop based on payment option, I kind of smile every time I use it because it still feels like magic. Hopefuly in the near future, all merchants will take NFC payments.

Fun with Packet Filtering

About 6 months ago, I wrote about blocking my security cameras from talking to the Internet by moving them to a separate VLAN. Things have been working well, but after getting a USG, I decided to reduce the load on the router (using a VLAN required all traffic from my cameras to my Mac Pro to go through the router). My Mac Pro has 2 Ethernet ports, so I plugged the second port into another switch port that was set to the same VLAN as the cameras and give it an IP address on that VLAN. This would allow the cameras to talk directly to the Mac Pro without going through the router.

Perfect, I thought as everything was working well. However, when watching the logs on the router, I saw that the cameras were trying to talk to the Mac Pro’s primary IP address which was on a different VLAN. The router dropped the packets which was good, but it took me awhile to figure out what the cameras were doing. Basically the cameras were sending out UPnP packets to UDP port 1900 on the multicast address of their subnet and waited for replies. I had turned all UPnP off on the cameras, but they still kept sending packets. Why was the Mac Pro replying? I have the excellent BWS Systems HA Bridge installed on the Mac Pro to add Amazon Echo control to my Vera; in order to do this, HA Bridge listens for UPnP packets and then replies with the web address for device discovery. The bridge is configured to listen on all interfaces, but in its reply, it gives the primary IP address. While I’d like the bridge to only listen on the primary interface, most services listen on all interfaces.

Having learned and realized that the cameras could talk to any service on my Mac Pro, I kind of became concerned and looked for a way to block this. While I could go back to the router method, I decided to look at Mac OS X’s Packet Filter. I read a few articles and came up with the adding the following to /etc/pf.conf,

    anchor "com.gruby"
    load anchor "com.gruby" from "/etc/pf.anchors/com.gruby"

I don’t know if pf loads by default on all OS X systems, but it does on OS X Server. Then for my /etc/pf.anchors/com.gruby, I have:

    # Don't alert source about dropped packets
    set block-policy drop

    # Allow all on local loopback
    set skip on lo0

    # Allow all on en0
    set skip on en0

    # Normalize and defragment
    scrub in all

    pass in quick on en0 all

    # Default deny policy
    block in all

    # Block in on en1
    block in quick on en1 all
    block out quick from 10.0.2.100/32 to 224.0.0.0/4
    block out quick from 10.0.2.100/32 to 10.0.2.255/32
    pass out quick on en1 inet proto tcp from any to any port 554
    pass out quick on en1 inet proto tcp from any to any port 80
    pass out quick on en1 inet proto tcp from any to any port 85
    pass out quick on en1 inet proto icmp
    block out quick on en1 all

    # Allow all outbound on en0
    pass out on en0 all keep state

I’m sure that this could be cleaned up and some rules are redundant or unnecessary, but in my testing, these rules block all inbound and outbound traffic on my secondary Ethernet port except for the security software connecting to 3 specific TCP ports. Now when the cameras do the UPnP broadcast, they won’t get back any replies and no matter what, the cameras can’t make connections to the Mac Pro.

If I had to do my camera system over again (or had cameras drop in my lap), I’d go with UniFi cameras and install their NVR software in a VM. Ubiquiti updates their products frequently and listens to feedback, it appears. The cameras I got are made by a company that doesn’t care, doesn’t release updates, and doesn’t make a quality product. While the picture quality is adequate and they’ve held up for 4 years, I wouldn’t recommend them.

My concerns over the cameras doing things they shouldn’t kind of goes back to my post about keeping devices updated. Once a device is no longer supported, should it be trusted? New vulnerabilities are being discovered all the time? Should maintenance plans be offered to keep software updated?