|
| News | Profile | Code | Photography | Looking Glass | Projects | System Statistics | Uncategorized |
Blog |
It's been awhile since I've written anything here, so this will be a somewhat combined post.
For three days last week I attended an IPv6 training course at the Microsoft campus in Charlotte. The course was primarily for systems engineers from my department, but I sat in with the hopes that I might pick up a thing or two that will help keep our teams on the same page regarding IPv6 deployment.
The course went over IPv6 basics, transition technologies, deployment considerations, and touched a little bit on security. There were a few labs, which involved setting up various IPv6-related scenarios on Windows Server 2008 R2 (via Hyper-V on laptops, shocker there).
The content of the course was fairly decent, except for three major errors that I pointed out during the instruction:
(1) It was initially stated that clients send one DNS request to their local cache. The cache decides if it should return an A or AAAA record, based on some fictious variables. This was corrected (DNS clients send both A and AAAA queries to the cache, then themselves determine which should be used based on the presence of a GUA address and default route).
(2) When discussing 6to4 tunneling, it was stated that local relays should be used, with no mention of 192.88.99.1. Oddly, the course material stated that 6to4.ipv6.microsoft.com should be used as the relay, which has an A record of 192.88.99.1.
(3) It was stated that router-to-router links must use /64s. I cited that many major ISPs in the United States currently use /126s and /127s for such links, backing it up with some text from RFC 6164 (section 5, specifically).
The course also introduced some strong recommendations I vehemently disagreed with, one of which is the use of RAs and DHCPv6 in the enterprise data center. The instructor stated over and over again that it's hard to type in IPv6 addresses compared to IPv4 addresses for every single server, when using static assignments. So, of course, the solution is the use of RAs (with the M and O flags set), DHCPv6, and DDNS.
I think this is a horrible idea because of the added complexity and dependence on not one, or two, but three external services: router advertisements, DHCPv6 services, and dynamic DNS. The failure of any of these can possibly lead to servers becoming unreachable after a reboot or other network-related interruption. To get even more basic, I object to the use of router advertisements (RAs) in the enterprise data center, to begin with. Sure, in greenfield deployments this might be fine, but turning up RAs cause all IPv6-aware hosts to add a default route, if nothing else (assume the A flag is disabled). This is all some operating systems need to cause the network stacks to start resolving AAAA records and attempt to connect to IPv6 addresses before they're really ready. So, then, in order to selectively turn up IPv6 on some servers, all the other servers must be configured to not accept RAs - a monumental task for most enterprises where there are many platforms involved.
It was also mentioned that the DHCPv6 server on Windows Server 2008 R2 doesn't support static reservations for clients, so there's no way to ensure that clients receive the same address each time, other than the almost infinitely large address space in a /64. For this reason, it appears that it might not be possible to definitively predetermine the IPv6 address of a server before it hits the wire in the data center. To add some icing on the cake, it was suggested that firewall policies be based on the DNS, not addresses or prefixes!
Really, is manually typing an IPv6 and IPv4 address really that difficult to do during the server provisioning process? It only needs to be done once, and can easily be scripted. I asked the instructor for the reasoning behind this DHCPv6 recommendation, and got nothing more than "typing IPv6 addresses is hard." Flummoxed, I started up a thread on the IPv6 operations mailing list, bug got back less than definitive results.
Anyway, the course was fairly well-received by the systems engineers, and I think it'll help speed up deployment in our data centers (erm, it's been there for awhile, but no RAs!). However, I have a feeling I'll be fighting folks on the DHCPv6 issue in the future, if Microsoft sticks with their current recommendation. I got to pass by the Microsoft company store as part of the trip, and picked up some software on the cheap and a Microsoft shirt I'll be sure to wear to the office (to confuse everyone, obviously).
In unrelated news, there's a bill floating around in the House of Representatives that could possibly do some decent damage to the Internet in the United States: SOPA. The Stop Online Piracy Act (SOPA, H.R. 3261) is a bill introduced in the House with the goal to fight copyright infringement and counterfeitting on the Internet. Unfortunately, this bill is so broad that it threatens some open source projects and opens the door for federally-mandated DNS filtering (ie, censorship), something that should send shivers down your spine. Read more about it at the EFF. Feel free to call or write to your congressmen and state representatives about it. Really, this bill needs to be done away with.
Oh, I finally got a real SSL certificate for *.prolixium.com from GoDaddy, recently. If you hit the SSL version of my site, you shouldn't get any certificate errors. I also transferred prolixium.com and prolixium.net from Register.com to GoDaddy, too. It was fairly painless, but took a week for Register.com to get me the EPP codes and authorize the transfer. Other than Register.com's prices being highway robbery, I transferred because of this response to my question about DNSSEC support:
Discussion Thread
---------------------------------------------------------------
Response Via Email(David B.) - 11/03/2011 01:14 PM
Dear Mark.
Thank you for contacting Register.com.
We currently do not support the DNSSEC provision in the registry and at this time there is no indication that this will be added for our customers.
If you have any further questions, please reply to this email or contact a Web Services Consultant 24 hours a day, 7 days a week, at the numbers below.
Thank you for choosing Register.com.
Customer Support
Register.com, Inc.
Toll free within the U.S. and Canada: (877) 731-4441
Outside the U.S. and Canada: (902) 749-5918
Well, now that I'm with GoDaddy for almost all of my domains, and they support DNSSEC now, I should probably set it up, right? Yeah, I'll get to it later!
I'm really sick of UIs going through constant changes. Why do new versions of operating systems feel the need to alter the user interface, when the original one works fine?
Windows 8, ICS, Mac OS X, and even Ubuntu are all forcing users to learn a new user interface. Why? The old one works fine! Sure, Windows 7 and Android 2.3 (and 3.x) may have some bugs and quirks.. but do they need a different UI? I don't think so. iOS, strangely enough, has stayed mostly the same over the years. Go Apple! Alright, I said something nice about Apple, but I'll bash them later (read on).
This isn't limited to operating systems, either. Microsoft Office 2007 radically changed the user interface for almost all of their office applications (Visio didn't see the change until 2010). As a long time Microsoft Office user (Outlook, Visio, and Word), the change cost me some time to get used to. Annoying!
Again, why?
Steve, a coworker and friend of mine, has a good answer:
So people see a "difference". "Oh, it's upgraded, it looks different"
I think he hit the nail on the head. Most consumers don't care about kernel scheduler optimizations, filesystem tweaks, API fixes, or support for the latest and greatest protocols. If the UI looks the same, they will whine that there isn't much of an upgrade. Heck, if the UI changes, most software companies can claim that they've got a new operating system, even though most of the APIs, kernel code, etc. hasn't been touched.
Alright, let's ask why.. again.
Well, I think a part of this is due to Apple. Over the last decade, people have gone from knowing a little bit about the inner workings of their computers and operating systems to not caring one bit. I hear so often "I use Apple because it just works" and "I don't care how it works." Sure, that's fine, but now because people don't know or care about such things, they don't put any thought to the changes that happen at this level. So, moving from 2.4 to 2.6 of the Linux kernel isn't seen at all by the user, if all they are basing the upgrade on is the user interface. If Apple swapped out the *BSD core of OS X and replaced it with the Linux kernel but kept the UI the same.. would most consumers care? Probably not.
Let's think about this from another perspective. If Juniper Networks decided to throw out the CLI for its flagship Junos network operating system (say, for version 12.0) and come up with something completely different, network service providers (NSPs) and enterprises would have a cow! There'd be an "Occupy Juniper" movement almost instantly. Sure, it might work out over the next year, but then if they did the same thing in 14.0, they'd probably start losing large customers.
Sure, it's comparing apples and oranges, but it's interesting to think about.
For now, I guess we're left with changing UIs every year or two for consumer electronics. Maybe it'll settle down in the future, but I don't see that happening any time soon.
What do you think? Am I off my rocker? Yes, probably..
I recently returned from a trip to the Galápagos Islands. It was a fantrastic and eye-opening week and a half in Ecuador, which I'll try to recount the highlights.
First, a quick technical note about the photos and videos...
I took my Canon 60D with the 18-135 mm zoom and 60 mm macro lenses, but I only ended up using the 18-135 mm one. There were some shots that would have looked fantastic with the macro, but I probably would have been scolded since we were supposed to stay at least eight feet away from all the wildlife. Anyway, I took a few photos and videos. The video clips (720p@60, H.264) amounted to 21 GiB and the photos (5184 x 3456 pixels, JPEG) to 9.7 GiB with a grand total of roughly 30.7 GiB. I was using a 16 GiB SD card, so I got in the habit of swapping it out every day. I took most of the shots in manual mode with the aperture wide open, only varying the shutter speed, focal length, and ISO settings. Automatic mode just wasn't producing very good shots, for some reason. I used UV and circular polarizer filters for some of the days. Also, I bought a mini-tripod but never really used it.
If you don't care to read the highlights below, and want to jump straight to the photos, here you go:
The above is more or less in order, except for the Quito (some photos were taken during the second visit) and miscellaneous galleries. A very small percentage of the photos aren't mine, and they should be obvious (because they might be of me!). If they're not, just look at the EXIF data at the bottom of the image - pictures that aren't mine aren't shot with a Canon 60D (or Nexus One). Below is a timeline of the trip followed by some details on the wildlife and miscellaneous observations. I've interleaved some smaller and/or cropped variations of the above photos, too.
The itinerary we took was dictated by Celebrity Cruises, since this was in fact a river cruise (probably just to distinguish it from a Caribbean or Meditteranean-type trip). We flew to Quito, Ecuador via Houston, TX and arrived in the early morning on September 30th, staying at the JW Marriott Quito. We spent two days there; one by ourselves and one with the Celebrity tour group (90 people who accompanied us on the ship, too, and some tour guides). And, shocker.. I got a sunburn the first day since I'm a bit stupid and like to learn the hard way every year.
The tour group exposed us to some of the highlights of the area: government buildings, old churches, the local cuisine (love the blackberry juice!), and a trip that took us north of the city to a location that was supposedly at a latitude of 0°0'0" (it actully wasn't, since the original inhabitants didn't have GPS receivers at the time, but it was close enough). Here's a screenshot of the GPS receiver information on my phone:
Since Quito is located in the mountains, the temperature was fairly cool for being so close to the equator. When we were there it got up to around 25°C during the day but got down to 12°C during the evening and part of the morning.
From Quito we took a roughly two hour flight to the Galápagos Islands, specifically Baltra Island, since that's the only one with an air strip. The airline was called AeroGal, and appeared specific to trips between the Galápagos Islands and the South American mainland. Upon arriving in a tiny airport, we took a bus to the bay and traveled to our ship, the Celebrity Xpedition, via Zodiac (a name-brand dinghy), since it wasn't anchored in the bay. In fact, all of our excursions were via Zodiac, which made things interesting when the sea was choppy.
The Celebrity Xpedition is a small boat built in 2001. It's registered in Guayaquil and carries a maximum of 100 passengers and 65 crew. As a result it moves quite a bit more than other typical larger cruise ships. I saw quite a few passengers with the sea sickness patches behind their ears. Since there were three of us, we got a suite with a verandah, which was a nice touch.
The Xpedition took us around to eight of the islands, crossing the equator twice along the route:
The weather in the Galápagos was probably around 22 to 24°C most of the time and partly cloudy during the day. It was sunny sometimes, but certainly not the majority of the time.
Our first excursion was on Sunday, which took us around and onto North Seymour Island via Zodiac. The first thing I noticed about the island is that it was very dry and desolate with lots of cacti and some little green bushes strewn about. This description pretty much sums up all of the Galápagos Islands (except some of the highlands) at this time of year. The rainy season between December and February is when it gets very green.. and overrun with bugs and inclement weather.
We saw sea lions, blue-footed boobies, frigatebirds, yellow wurblers, and marine iguanas. The majority of the rocks we saw the wildlife sitting on are volcanic in origin, which were very dark and sharp.
For the first excursion, I thought we saw quite a bit of wildlife, but it was nothing compared to the next several days. We were instructed to remain at least eight feet away from the wildlife, and to not touch or otherwise disturb them (no flash photography, no yelling at them, feeding, etc.). Surprisingly, most of the wildlife wasn't scared of humans, at all. I walked right past a blue-footed boobie next to its young and it didn't give me the time of day.
On Monday we visited San Cristóbal Island in the morning, which has a small population. After visiting a small museum with the history of the Galápagos (violent and unfortunate, I might say) we shopped a little bit and then headed back to the ship. In the afternoon we visited Española Island, where we were greeted by tons of iguanas and barking sea lions. This was the first island that presented us with a large amount and variety of wildlife.
The marine iguanas that we saw looked pretty menacing, but really are no danger to humans or really anything else on the islands. They're slow-moving, eat algae from the shore, and mostly just sit out in the sun during the day:
The sea lions were loud and active, except when they weren't. Apparently it takes some effort to move on land, so we would routinely see them hopping along at a quick pace and then fall flat on their face and seem to take a nap for a minute or two.
Española Island also presented us with lots of lava lizards, two variants of boobies (Nazca and Blue-footed), and some interesting Galápagos crabs.
On Tuesday we had our first snorkeling experience in the Galápagos. We took the advanced deep sea snorkeling around Champion Island, and used wetsuits since the water was 20°C. It was still cold even with the wetsuit. We saw lots of fish and a sea turtle, but nothing really all that interesting, except for the sea lion swimming around with some of us during the tail end. It probably would have been better if the sun was out to provide more illumination of the reef.
On Tuesday afternoon we visited Floreana Island where we saw some Galápagos Penguins on the rocks near the shore. While in the Zodiac we also got a chance to see some sea turtles poking their heads out of the water to breathe. Getting a good shot was a little difficult.
We took a hike up to the Baroness Lookout (our tour guide gave us the abridged story about this), which gave us a few photo opportunities:
The next day (Wednesday) we went to Bachas beach on Santa Cruz Island and did a short walk and snorkeling. We spotted our first flamingo on the walk. The snorkeling wasn't all that good due to cloudy water (and the sun wasn't out once again).
In the afternoon we went to Bartolomé Island and hiked up 114 meters where we saw some interesting vegetation, lizards, cacti, and a nice view of the island:
In hindsight, this was the day I should have used the circular polarizer filter. We also saw some penguins close to the shore before snorkeling again:
On Thursday we landed in Urbina Bay at Isabela Island and took a 2.0 mile hike across part of the island, which included some rocky turtain and dense vegetation. I was honestly surprised that all of the people in our tour group managed it without issue, since there was quite a bit of balancing involved. The landing part was interesting because we saw a fierce shark fight (for food) right near the beach. We ended up seeing some different wildlife, including two giant tortoises and a couple land iguanas.
We saw a Galápagos Hawk sitting on one of the national park stop signs:
On Thursday afternoon we took an excursion to Fernandina Island where we saw the most iguanas on the trip, so far:
I also snagged a short clip of some of them fighting (not mating: listen to the tour guide):
We also spotted a couple oystercatchers, which have a distinctive head and beak:
Friday brought us to Santiago Island where we saw some fur seals. I kept forgetting the subtle differences between seals and sea lions and eventually just learned to identify them by their colors: seals are black and sea lions are gold. The seals were the first species of wildlife we encountered in the Galápagos that seemed genuinely scared of humans.
We managed to spot a few orcas a mile or two from the island, and did some whale watching for a little bit. I took a few photos, but wasn't able see much detail. The best shot I got that showed the distinguishing white area near the eye is this one:
Snorkeling at Santiago Island was great. I was literally inches away from some sea lions swimming by and we saw one constantly diving down into a crevice looking for food. I spotted a jellyfish, sea turtle, and stingray (I think it was a stingray, it was under a bunch of sand), too. It's too bad I don't own an underwater camera.
In the afternoon we went on a longish hike to Dragon Hill on Santa Cruz (yep, we returned!). The terrain looked a bit like Mars:
Our last day brought us to Puerto Ayora on Santa Cruz. It's one of the heavily populated ports with an urban area and lots of farmland. We took a trip to the Charles Darwin Research Station where we saw some giant tortoises in captivity. One of them was Lonesome George, a 90 year-old tortoise who can't seem to find a compatible mate. He's the last one of his subspecies (categoried as EW: extinct in the wild). They apparently breed giant tortoises at the CDRS, too:
In the afternoon we traveled to the highlands (see map here) and visited a lava tube. We also saw lots of the giant tortoises in their natural habitat:
The highlands were overcast, humid, and very green. Apparently it mists there all the time, so all sorts of plants grow. It was in stark contrast to the rest of the Galápagos islands we'd visted earlier in the week.
The next day we flew back to Quito via AeroGal and departed for home the next day.
Here's a list of everything we saw on or from land:
And a list of things we saw while snorkeling (incomplete, since it was hard to identify most of the fish):
The two animals that were the most visible during the tours are the sea lions and marine iguanas. The sea lions were fun to watch, since they would play with each other or just walk right in front of us, barking. We saw quite a few young sea lions, too. Their vocal cords apparently aren't very developed so their bark sounds a bit different (and cute). Here's a video:
The marine iguanas were everywhere. Sometimes it would be hard to walk since they were scattered all over the trail. For food, they swim into the ocean and eat algae, but have to expunge the sea water from their system when they get back on land. As a result they were constantly doing what one might identify as sneezing. But, instead of a sneeze it was really just the iguana blowing out the salt water from their system. I almost got sprayed by one as it was doing this, too! Also, they smell really bad, especially when there are 20 or 30 of them piled on top of each other.
The giant tortoises are big and slow moving. Shocker, really. They can grow up to 300 kg and have no ears, so they can't hear a thing. They can detect vibrations in the ground, though, so they can tell someone is approaching. When we were walking too near to some of them, they would omit a hiss that sounded like Darth Vader, and pull their head into their shell.
Lots of the birds that we saw on land we also saw from the ship.. even when we were traveling between islands! The Blue-footed Boobies and Frigates apparently travel far out to sea to hunt for fish. We watched several of them nose-diving in the water right near the ship. I got a lucky shot, here:
There were quite a few symbiotic and mutualistic relationships we witnessed among the wildlife. The lava lizards crawl on the sea lions and eat the flies (that apparently get really annoying for the sea lions). Some of the finches pick off ectoparasites from the tortoises, too. There were a few others I don't recall, unfortunately.
About half of the 90 passengers on the cruise were from the United States, I think. The others were either from Canada, England, Hong Kong, or elsewhere. I think only two or three of the passengers were younger than me.
Since my Nexus One works throughout most of the world, I picked up an international data plan for $50 from AT&T that gave me 125 MiB per month. So, without fear of overage charges, data on my phone worked in Quito, the Galápagos Islands, and on the ship. In Quito I had a choice between two Ecudaorian GSM providers: PORTAGSM and MOVISTAR, both of which seemed to use 850/1900 for UMTS and provided HSPA for data. On the Galápagos Islands I picked up both of the same Ecuadorian cellular providers but with wildly high (but usable) latency. Apparently in 2002 the Galápagos Islands obtained a satellite connection back to mainland Ecuador, which is used for the cellular backhaul, too. On the ship, there was a similar cellular site (only supported GPRS) backended by a satellite, but the performance was horrible. And when I mean horrible, it was completely unusable at times:
Request timeout for icmp_seq 311 Request timeout for icmp_seq 312 64 bytes from 69.9.189.182: icmp_seq=163 ttl=46 time=150991.762 ms 64 bytes from 69.9.189.182: icmp_seq=164 ttl=46 time=150401.031 ms
On Wednesday we took a tour of the bridge of the Celebrity Xpedition. It was a fairly modern-looking bridge with no wheel and most components were computer-controlled. I spotted a networking rack that housed a few Linksys-branded devices and a satellite router. Expensive shipboard Wi-Fi was provided by a Cisco WLC (yay 1.1.1.1!) that was apparently centrally-located on the mainland. It was better than the cellular connection, but not by much:
HOST: orion Loss% Snt Last Avg Best Wrst StDev 1.|-- 192.168.172.1 0.0% 32 1.8 2.3 1.1 9.1 2.1 2.|-- 192.168.15.1 3.1% 32 2.5 2.9 1.7 12.7 2.0 3.|-- 10.224.7.49 3.1% 32 7.2 5.0 3.4 11.7 1.8 4.|-- 10.102.33.53 3.1% 32 671.7 635.1 594.5 693.9 27.3 5.|-- 10.102.33.1 3.1% 32 710.9 638.2 592.1 710.9 27.3 6.|-- 10.102.1.5 3.1% 32 648.1 628.4 589.0 688.0 26.4 7.|-- mci.gwa.vizada-net.net 3.1% 32 681.0 640.5 595.9 743.5 34.5 8.|-- serial3-3.gw4.bos4.alter. 43.8% 32 609.4 636.4 601.9 766.7 37.4 9.|-- 0.ge-3-3-3.xl3.bos4.alter 43.8% 32 646.4 642.8 597.9 714.1 31.3 10.|-- 0.xe-6-1-2.xt1.nyc4.alter 43.8% 32 664.7 650.8 610.3 709.3 29.4 11.|-- gigabitethernet6-0-0.gw1. 45.2% 31 681.1 654.2 602.3 687.6 23.8 12.|-- teliasonera-gw.customer.a 45.2% 31 718.1 654.3 598.6 718.1 37.7 13.|-- nyk-b6-link.telia.net 45.2% 31 656.2 650.5 620.2 709.5 22.5 14.|-- 0.te1-4.tsr1.lga5.us.voxe 6.5% 31 746.9 647.7 608.3 746.9 30.1 15.|-- 0.ae57.csr2.lga6.us.voxel 6.5% 31 684.3 659.7 605.0 817.1 47.0 16.|-- dax.prolixium.com 25.8% 31 646.9 649.7 599.6 716.5 33.9
There was some crazy ICMP error throttling that caused the erroneous packet-loss. Anyway, our stateroom suite status gave us three hours of free use for the week.
Lots of the Galápagos species seemed to be just slightly different than those found in the rest of the world. To distinguish them, it seems that "Galápagos" was added to the title. I kept wondering if we were going to see a Galápagos squirrel.
Some of the tour guides gave us pieces of history about the islands. Apparently the early settlers on the islands brought donkies, dogs, birds, hogs, etc. that disrupted the wildlife on the islands. Some of these animals died off since they couldn't handle the harsh climate and some of the others apparently were slaughtered by ecological societies in order to preserve the balance. One tour guide specifically said that one of the societies is currently investigating the use of painball-like guns to kill a certain species of black bird that is doing damage to the ecology on the island. Sometimes I get confused about what's natural and what isn't, but maybe that's just me.
On an unrelated note, the airport security in Quito (UIO) was very strange compared to airports in the United States. There are two security checkpoints passengers pass through on their way to the plane. The first one is at ticketing, which is similar to a pre-9/11 checkpoint at a United States airport. The second one is at the gate itself, and involves airport employees going through passengers' carry-ons. Afterwards while the passengers wait at the gate, a dog is sent loose and sniffs all of the passenger's carry-on bags. Another security oddity (a good one, I might add) is the checking of baggage claim tickets upon pickup. I don't think I've ever been at an airport in the United States that cares about baggage claim tickets. Ashame.
Not sure what else to say here, but it was an awesome almost two weeks away from the office. Although it's not the cheapest vacation, I'd definitely recommend it!
It started as another impulse buy of mine. Shocker.
While browsing eBay I spotted a new Google Cr-48 Chromebook. I snagged it for a decent price and had it a day or so later (the seller lives in Charleston, SC). Actually, I got it right before I left for New Jersey to participate in my college roommate's wedding.
The Google Cr-48 is a prototype piece of hardware running Chrome OS, a specialized distribution of GNU/Linux that runs only one application: Google Chrome. It was shipped out to 60,000 beta testers (at no cost) starting in December of 2010 and ending in March of 2011.
No, I didn't get one. And, at the time, after trying a few of Hexxeh's builds Chromium OS in VMware, I was glad I didn't - the OS seemed like a pile of garbage. My opinion has changed slightly, so read on.
After the Cr-48s had run their course, two new Chromebooks surfaced in the summer of 2011, boasting almost idential specifications to the Cr-48 except for different processor models (Atom N570 vs. Atom N455 in the Cr-48).
The Cr-48 that I obtained is apparently one of two models that beta testers received. Mine is labeled "IEC MARIO FISH 2330" and apparnetly there's another one out there labeled "IEC MARIO PONY 6101" (see this page for more details). It seems that they're idential, for all intents and purposes.
The hardware itself is fairly small and light, but huge and bulky compared to the MacBook Air. It's got a 12.1" screen (1280 by 800 pixels), 2GiB SSD, 802.11abgn Wi-Fi, webcam (I haven't tried this), and SD card slot. There's a USB port, too, but I've heard only HID-related and mass storage devices work correctly. The battery is fairly large, but thin, and sometimes feels like it doesn't sit very securely when installed. I suspect this is the result of corners being cut in the manufacturing or design process, since the laptop was originally intended for testing and not meant to be sold.
The keyboard has no F-keys and the would-be caps-lock key is a "search" button that opens a new tab. An oversized Alt key takes the place of a Windows key. There's no trackpoint-like device, just a touchpad that supports multi-touch, which seems to be coming out of the case, slightly. Again, this is probably due to corners cut in the manufacturing process.
The case itself has a soft rubbery feel and unfortunately visibly shows fingerprints and other grease marks, which sucks for those of us who suffer from OCD. That being said, one of the great things about the Cr-48's case is that it's completely free of branding. In fact, nobody really knows (with certainty) who manufactured the Cr-48s for Google. Anyway, the case looks like it might be a black MacBook at first glance.. but the white Apple logo on the screen is notably absent. I've seen one or two double-takes by people passing me by while hanging out at Panera Bread, and one person struck up a conversation with me about it. I dislike excessive branding, so this makes the Cr-48 a little bit more fun.
The Cr-48 also has another little hidden gem: a Qualcomm EvDO (rev. A) modem that operates on Verizon Wireless's network. Upon activation, there's two years worth of free data (up to 100MiB per month) included with the Cr-48. Data over 100MiB is charged to a credit card.
Oh, also, the battery lasts around a solid eight (8) hours with Wi-Fi enabled. The Atom processor's clock frequency is throttled by usage with cpufreq's "ondemand" scheduler.
Chrome OS is a pretty lean Linux distribution. No boot messages, no windows, just a logon screen and the Google Chrome browser.
The first boot presents the user with a list of languages, connectivity options (I chose Wi-Fi initially), and sign-on options (Google accounts only). Chrome OS then updates itself and reboots. I'll talk about the Google Chrome browser experience later, but other than items on the logon screen (language, connectivity options), all configuration and operation is done through browser tabs. This results in configuration feeling a little bit laggy, for some reason.
The Wi-Fi configuration is interesting, since it allows networks to be defined and saved on a per-user basis. This means that I can define a network, save the PSK (or whatever) for it, and only have the configuration accessible when my user is logged into Chrome OS. This doesn't really help me, but I suppose it can can be appropriate for some situations. The one weird thing about the network configuration is that proxy server settings must be done on a per-connection basis. I always run my browsing through a proxy (accessed via a VPN or SSH tunnel), so this is a little odd.
In reality, Chrome OS doesn't completely force the user to use a web browser for everything, a limited command-line environment (crosh) can be invoked by pressing Ctrl+Alt+t. Switching between Chrome browser windows (add more by hitting Ctrl+n, duh) is done with Alt+Tab, just like Windows. In fact, the whole thing runs on X11 but has a customized window manager that forces all applications to run in full-screen. Anyway, crosh lets one perform some diagnostics (traceroute, PING, etc.) and invoke an SSH client. The SSH client is troublesome because the terminal that crosh is started in (urxvt) somehow doesn't support UTF-8 properly, possibly due to the font selection. It's also annoying when connectivity drops, as there's no way to kill the SSH session (enter-~-. does not work).
Surprisingly, things like Netflix are supported due to Trusted Computing and Chrome OS's link with the built-in TPM. Basically, this gives content providers an assurance that their media won't be copied, stolen, or otherwise "hijacked" from users. If the Chrome OS bootup process is altered, I suspect the TPM will raise and error and prevent DRM-ish things from working.
In fact, speaking of preventing DRM-ish things from working.. there's a hidden developer button in the battery compartment that enables the "shell" command in crosh. I flipped this switch and it wiped all information on the Cr-48 and disabled the TPM (boot verification). I now have to hit Ctrl+d to bypass the frowny-face screen, but now I have access to the shell from crosh, and mostly everything works the same way. I say mostly everything.. because Netflix and other applications and pages that rely on the TPM won't work. No big deal, for me.
I've put some information I got from the shell here. One thing I just noticed while looking at the mount(8) output is that the stateful partition on the SSD is encrypted. I guess this is to prevent someone stealing the laptop, pulling the SSD out of it, and mounting it on another machine.
One nice thing about the developer switch is that Chrome synchronization with Google can be completely disabled. I don't care to synchronize things with Google, I'm weird like that, but unfortunately under normal operation you can't actually disable this (you can disable all but one category to synchronize, which is stupid).
Another nice thing about the developer switch is I can fire up an SSH tunnel from the shell (ssh -L etc..) and get access to a proxy server of mine, so I don't have to surf the Internet at coffee shops in the clear. I noticed OpenVPN binaries are installed, too, but I haven't bothered to setup anything to use it.
I've used Google Chrome before obtaining the Cr-48, but never liked it enough to switch from Iceweasel (a non-branded Firefox). I'm getting used to it a bit more on the Cr-48, since I don't really have a choice of browsers, but some things still bug me a bit.
Instead of using some bookmark synchronization tool or service, I have a personal "start" page of mine that lists all my bookmarks and sorts them by use. It's backed by a MySQL database, and I set this as my home page on all of my systems. I rely on Firefox's (and previously, Epiphany's) type-ahead find feature so I don't have to move my hand to the mouse in order to select a link. If I want to load a link, I hit Ctrl+t, type a unique subset of the link (shdot - Slashdot, for example) and it's logged to MySQL and loaded in my browser. Nice and fast.
Unfortunately, Google Chrome doesn't support the two features that allow me to take advantage of this: loading the home page for each new tab and type-ahead find. What's even worse is that they won't even add the type-ahead find as an option (see here). I've found two extensions that emulate this behavior:
Unfortunately, the Type-ahead-find extension is a little laggy, but it's better than nothing.
It's possible to download and install applications in Google Chrome using the Chrome Web Store. However, compared to the App Store in iOS or Mac OS X, most of the applications aren't really downloaded or installed, links for them are just added to the New Tab Page. Some applications seem to be able to request offline storage, like the Amazon Cloud Reader that allows the reading of Kindle books.
Although probably just limited by the Cr-48's CPU, 720p (or higher) Flash Video on YouTube barely plays. HTML5-based video runs fine, though (can we kill Flash now, please?).
Although I had severe reservations about a browser-only laptop, the Cr-48 seems to have softened my opinion of Chrome OS quite a bit. The funny thing is I'd probably recommend a Chromebook for my grandmother over any Apple product, at this point.
For techie or hacker-types, it's still a bit rough around the edges, but does show promise.
Up until about a week ago, I was one of the few Time Warner Cable subscribers in Charlotte, NC who was unable to order what's marketed as Wideband Internet. The service has been generally available for subscribers since around September or October of 2010. Anyway, I finally haz it! Below is a tiny review.
Back in 2005 when I moved to Charlotte, the fastest high speed data (HSD) service I could get was 5 Mbps downstream and 384 Kbps upstream from Time Warner Cable. Boy, that seems slow. Over the years the service improved and up until recently my cable modem was configured for 15 Mbps down and 1Mbps up. The downstream included PowerBoost, which is essentially a fancy name for bursting, a feature of the existing rate-limiting technology (a policer) that has been used in cable modems since the dawn of DOCSIS. In the case of PowerBoost, the burst size limit of the policer is much larger, allowing for downstream throughput to exceed 20 or even 30 Mbps for a short duration of time until the tokens in the policer run out. This is usually a few seconds, which is good enough to make a page with several images load much faster.
Anyway, everything before the so-called wideband was implemented with DOCSIS 1.1, which has a limit of roughly 42 Mbps downstream and 10 Mbps upstream shared between all subscribers off a particular node (typically a housing development or part of one). The Wideband Internet is based on DOCSIS 3.0, which among other things allows for channel bonding, therefore providing more physical bandwidth, resulting in a sharp speed increase. The 42 Mbps downstream is multiplied by the number of channels as is the now 30 Mbps upstream (added in DOCSIS 2.0). Other technologies like SDV have been implemented over time to free up more bandwidth, so DOCSIS 3.0 can be configured to channel bond to its heart's delight. Time Warner Cable currently has two wideband offerings implemented with DOCSIS 3.0: 30 Mbps down / 5 Mbps up and 50 Mbps down / 5 Mbps up. I ended up getting the latter.
Alright, down to the specifics.
I scheduled my install between 17:00 and 19:00 EDT on a Friday, so I would have the weekend to play with things and not have to worry about getting up early the next day for work. Er, not really. Turns out it was the only slot available at the time. The technician came, removed my old Ambit modem, and put in a Ubee Interactive DDW3611 cable modem. I let him do his thing, knowing full well I was going to reconfigure things after he left, which I did. So, just to test, I only plugged the new modem into MacBook Air, in order to test the speed. After a few calls back to the office, the technician got everything provisioned right and the on-net speed test indicated I was getting slightly more than 50 Mbps down and 5 Mbps up.
By the way, Ambit changed its name to Ubee Interactive (get it? you be interactive.. don't worry, I didn't get it at first) back in 2009.
Since the Ubee DDW3611 is a router with wireless, both features that I don't need or want (no double NAT, thanks!), I ended up using instructions here (keeping in mind the | is actually an l) to turn the modem back into bridged mode. If you're going to do this, disable the wireless first, otherwise you will need to put the modem back into NAT/router mode to do so.
After a few more speed tests, it was apparent that my downstream and upstream were slightly higher than advertised. And indeed.. they were! The operational configuration from the Ubee cable modem showed me configured for roughly 54 Mbps down and 5.4 Mbps up:
In addition to the speed increase, the latency of my connection to the first hop (the CMTS at the hub site) decreased slightly:
Although the installation was fairly easy, I initially lost my elevated CPE limit, which is the number of MAC addresses the cable modem will learn on its Ethernet interface. I had a CPE limit of three prior to the wideband installation, and one afterwards. A call on Monday fixed this, and both of my Juniper firewalls and Linux router were all back online.
Overall, I'm happy with the service, and it has been rock-solid since the installation!
Update: Contrary to what one of my coworkers told me, it looks like there's absolutely no way to completely disable the wireless radio(s) in the DDW3611. Even in NAT mode there is no drop down to disable it. The best I've been able to do is disconnect the antennas and enable MAC filtering and don't list any allowed addresses.
I upgraded one of my Apple computers (a Macmini3,1) to MacOS 10.7, the other day. Due to other things, I'm only now starting to play with it. I'm only a few minutes in, but there are a few miscellaneous things that bother me, already:
Nothing above is a big deal, but it all bothers me. Sometimes it seems like MacOS is dumbing down the population with an overly simplistic computing environment and in the process shunning the adept users. Or, are they just sacrificing flexibility in order to open computing for a broader audience?
What do you think?
For the record, hearing IT or engineering types say they use a Mac "because it just works" is like nails on a chalkboard, to me (mostly because it's proceeded by "I don't care how it works").
Update 2011/08/20: Apparently "sudo sysctl -w net.inet6.ip6.use_tempaddr=0" does indeed shut off RFC 3041 in MacOS 10.7.1 (it didn't work for me in 10.7.0!). Also, to clarify my last statement, I'm not dissing Apple users, it's more of a commentary on society in general. And, lots and lots of things sound like nails on a chalkboard, to me!
Update 2011/08/21: I'm liking 10.7 less and less the more as I use it. The feature that restores the last state of applications is infuriating! I'm now having to take extra steps to close down all tabs in various applications I use to make sure they don't come up again (or even POST again in a web browser, eck!) on restart. The worst thing about this is some state is remembered incorrectly. My terminal is typically 160x64, but it's always restored with two additional columns. If I keep restarting it, the columns count keeps increasing! Also, 10.7 changed the behavior of display sleep, passwords are now required when the screen turns back on whereas before they were only required when the whole machine went to sleep (standby). Additionally, my mouse pointer randomly disappears when I unlock the system after waking up the monitor, requiring a reboot. Boy, I'm glad I only upgraded one of my machines!
This is the second part of my LTE adventures blog series. Don't worry, this is the last part. Read part one here.
LG VL-600 (yes, again)
After playing with the Pantech UML290 until I was blue in the face, I decided that I wasn't going to get anywhere with IPv6. I needed to backtrack.
Rather than getting rid of the UML290 (and probably paying some restocking fee among other things), I managed to snag a used LG VL600 from eBay for essentially peanuts, and threw in my SIM card. Surprisingly, moving the SIM card actually worked. Shocker, since this is Verizon we're talking about. Just for the heck of it I checked my account, and it showed a picture of the VL600:
I suspect the presence of a different ESN or IMEI automatically updated the device on my account. Anyway, no hassle.
As expected, IPv6 worked again on OS X and Windows with the VZAM software. So, giving up on IPv6 for a little bit, I turned my focus back to integrating the VL600 into my home network.
I picked up an ALIX.2D13 board and case to be used exclusively for the LTE connection in my condo. After installing Debian (ok, not really installing, I cheated and dd'ed an existing install from one of my Soekris boxes onto the new CF card), I turned up routing and terminated a VPN on the LTE interface, providing a [fast] backup to my existing cable modem connection. With a few tweaks, I was able to seamlessly move Internet and VPN traffic between my cable modem and the LTE connections.
Since I'm using Quagga and run BGP on my network, swinging VPN traffic is as easy as just swapping out a route map with a more appropriate one. Moving IPv4 Internet traffic is more bumpy, since the source IP will change (double NAT, woot!), but is as simple as reloading the iptables script on my core router to policy route all traffic toward the ALIX box. I still routinely hit the spoofing bug, since iptables will "leak" sometimes and spill a packet with an untranslated source out the LTE interface. This is probably something I'll have to look into eventually, but for now I was happy.
I also put together a wrapper script to graph the signal strength from the VL600. Other than the breaks, which are caused by me taking the modem on adventures to Panera Bread and other places, it seems to remain fairly constant:
View the live graph here.
Fixing IPv6
Recently, I was getting annoyed with the lack of IPv6 on Linux with the VL600, and a bug cropped up in kernel 2.6.39 that nuked the VL600's functionality. I sent an e-mail to Andrew Zaborowski, the original author of the VL600 Linux driver, and asked what he thought of the two problems. Unfortunately, as his blog indicated, he was only in the United States on a trip, and wasn't able to continue development of the driver in Europe, where the VL600 serves only as a nice paperweight.
I managed to resolve the 2.6.39 problem fairly easily, as it was a one-line fix.
The lack of IPv6 support took some more thought, and lots of debugging, but I managed to figure it out. The key ended up being a problem with the ethertype of the Ethernet frames containing IPv6 packets. From Andrew's comments in the driver, I was well aware that the VL600 didn't follow the 3GPP specifications very well, but apparently this was just the tip of the iceberg.
I first changed the initial interface flags to enable multicast (IFF_MULTICAST), which can also be done at runtime:
ip link set dev wwan0 multicast on
After doing this, I immediately started seeing more packets in the tcpdump output:
22:31:50.840001 IP6 , wrong link-layer encapsulationbad-hlen 0 0x0000: 6000 0000 0030 3aff fe80 0000 0000 0000 `....0:......... 0x0010: 0000 0034 9471 d840 ff02 0000 0000 0000 ...4.q.@........ 0x0020: 0000 0000 0000 0001 8600 ed45 ff40 ffff ...........E.@.. 0x0030: 0000 0000 0000 0000 0304 4040 ffff ffff ..........@@.... 0x0040: ffff ffff 0000 0000 2600 1004 b008 f951 ........&......Q 0x0050: 0000 0000 0000 0000 ........
However, they were broken. The ethertype is 0x800 (IPv4) but the frame contains an IPv6 packet. The ethertype should obviously have been 0x86dd, but it wasn't. Wireshark was nice enough to ignore the ethertype, and provide a clean decode of the ICMPv6 router advertisement from Verizon:
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0xed45 [correct]
Cur hop limit: 255
Flags: 0x40
0... .... = Managed address configuration: Not set
.1.. .... = Other configuration: Set
..0. .... = Home Agent: Not set
...0 0... = Prf (Default Router Preference): Medium (0)
.... .0.. = Proxy: Not set
.... ..0. = Reserved: 0
Router lifetime (s): 65535
Reachable time (ms): 0
Retrans timer (ms): 0
ICMPv6 Option (Prefix information : 2600:1004:b008:f951::/64)
Type: Prefix information (3)
Length: 4 (32 bytes)
Prefix Length: 64
Flag: 0x40
0... .... = On-link flag(L): Not set
.1.. .... = Autonomous address-configuration flag(A): Set
..00 0000 = Reserved: 0
Valid Lifetime: 4294967295 (Infinity)
Preferred Lifetime: 4294967295 (Infinity)
Reserved
Prefix: 2600:1004:b008:f951:: (2600:1004:b008:f951::)
I was curious. How could this work? I ran a tcpdump on the VL600 when plugged into OS X, and it showed valid ethertypes for IPv6. So, I connected the VL600 to a VM I have running Windows Vista, installed the VZAM software, and captured the USB traffic from the host OS (Linux):
21:23:05.494245 BULK SUBMIT to 1:29:2
0x0000: 7800 0000 5d00 0000 0100 0000 0000 0000 x...]...........
0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0020: 5000 0000 0800 6000 0000 0028 3a80 2600 P.....`....(:.&.
0x0030: 1004 b005 726c 6699 5dff fef7 c054 2001 ....rlf.]....T..
0x0040: 1998 2001 0301 0000 0000 0000 1002 8000 ................
0x0050: 8bfe 0001 0001 6162 6364 6566 6768 696a ......abcdefghij
0x0060: 6b6c 6d6e 6f70 7172 7374 7576 7761 6263 klmnopqrstuvwabc
0x0070: 6465 6667 6869 0000 defghi..
21:23:05.494345 BULK COMPLETE from 1:29:2
21:23:05.563225 BULK COMPLETE from 1:29:3
0x0000: 7800 0000 1b00 0000 0100 0000 0000 0000 x...............
0x0010: 0000 0000 5354 4448 0000 0000 0000 0000 ....STDH........
0x0020: 5000 0000 0800 6000 0000 0028 3a2f 2001 P.....`....(:/..
0x0030: 1998 2001 0301 0000 0000 0000 1002 2600 ..............&.
0x0040: 1004 b005 726c 6699 5dff fef7 c054 8100 ....rlf.]....T..
0x0050: 8afe 0001 0001 6162 6364 6566 6768 696a ......abcdefghij
0x0060: 6b6c 6d6e 6f70 7172 7374 7576 7761 6263 klmnopqrstuvwabc
0x0070: 6465 6667 6869 7333 defghis3
(BTW, the Linux usbmon module and libpcap 1.1.x make it easy as pie to capture USB traffic - I just used tcpdump -i usbmon1)
Anyway, the above output was the result of me running a PING to an IPv6 host on the Internet from the VM. Bytes 37 and 38 clearly show 0x800 as the ethertype. Looks invalid to me, but the OS itself sees the right ethertypes. I figured the driver must be peeking in the L3 header and changing frames containing IPv6 packets to have an ethertype of 0x86dd. Why the heck is LG doing this? It seems retarded, but after some trial & error, I got lg-vl600.c to perform the necessary conversions, as well, and it only took a few lines of code.
Things now seem to work properly, although I can't seem to get autoconfiguration to work on the wwan0 interface, but I can just statically assign the host ID for now:
(evolution:21:06)% sudo rdisc6 wwan0 Soliciting ff02::2 (ff02::2) on wwan0... Hop limit : 255 ( 0xff) Stateful address conf. : No Stateful other conf. : Yes Router preference : medium Router lifetime : 65535 (0x0000ffff) seconds Reachable time : unspecified (0x00000000) Retransmit time : unspecified (0x00000000) Prefix : 2600:1004:b005:6a25::/64 Valid time : infinite (0xffffffff) Pref. time : infinite (0xffffffff) from fe80::2f:82cc:ed40 (evolution:21:07)% sudo ip -6 addr add 2600:1004:b005:6a25::1000/64 dev wwan0 (evolution:21:07)% sudo ip -6 route add default dev wwan0 (evolution:21:08)% ping6 -c4 ipv6.google.com. PING ipv6.google.com.(qy-in-x6a.1e100.net) 56 data bytes 64 bytes from qy-in-x6a.1e100.net: icmp_seq=1 ttl=50 time=88.1 ms 64 bytes from qy-in-x6a.1e100.net: icmp_seq=2 ttl=50 time=88.5 ms 64 bytes from qy-in-x6a.1e100.net: icmp_seq=3 ttl=50 time=83.8 ms 64 bytes from qy-in-x6a.1e100.net: icmp_seq=4 ttl=50 time=83.4 ms --- ipv6.google.com. ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 83.480/86.024/88.579/2.375 ms
So, success! I'll probably try to fix the autoconfiguration problem a little later, but I have a feeling it's something Linux sysctl-related rather than driver or network-related.
You can grab the patch here, for now. I'll be opening up another kernel bugzilla ticket to get this into mainline in the next day or so, too.
WARNING: Tin foil hat content below! May not be suitable for minors.
If you know me at all, you know that I'm not a big proponent of so-called cloud computing, and prefer to do things the hard way by storing all of my personal and non-personal information on machines I own or manage. This includes avoiding things like Gmail, AWS, Dropbox, Google Docs, and others.
Why? Well, first off, I hate the term cloud computing. It's just a new buzzword that's used to describe the same types of services that have been around for several years. The underlying technology is not new! Secondly, I've got some grave concerns about privacy and security. In fact, I agree with most of Richard Stallman's views on cloud computing (and many other things, but that's a separate discussion). News stories like this, where Amazon pulled Orwell's 1984 and Animal Farm from people's own devices scare me to death. Also, that whole situation drips in a deluge of irony.
Google's Chrome OS freaks me out, too, since it's designed from the gound up to not store anything locally and rely on Google's servers for everything. It's amazing how much trust the general population will put in big companies to hold onto their personal data. Most of the individuals who I talk to about such things always just tell me: "oh, I don't put anything sensitive in the cloud." Suure..
Building on the above, if all your information is stored in the cloud how do you know it hasn't been modified? It could be deleted without your knowledge, too! Sometimes I feel like one of those weirdos at the dawn of the digital age who continued to keep hard copies of documents when the same information was stored on magnetic tape or disk. I think they were doing it for other reasons (reliability, lack of search capabilities, etc.), though.
Contradicting myself like most Americans, every once and awhile I'll relax my principles and buy into certain cloud-based things like the Amazon Kindle store (recall: bookmarks and notes are all stored on Amazon's servers) and Netflix.
Netflix is a no-brainer for most folks. Unlimited streaming of Netflix content for $8/month! Sure, that doesn't include all of the content on Netflix, but most of it (the other stuff you can get via mail on the cheap). I bought into this early in 2011 and have been happily streaming things like The Office and Babylon 5 on my Mac mini HTPC.
I was just thinking this past week that Netflix and other cloud-based streaming services are going to eventually cause Blu-ray and DVDs to be completely phased out over the next couple of years, when Netflix pulled a fast one and removed Babylon 5's streaming capability. Yep, I had just watched The Coming of Shadows (2x09) on Thursday and last night tried to watch Gropos (2x10) and received a nasty message on the screen:
I suspect this is just due to some bickering between Netflix and Warner Home Video, but it exemplifies my original concerns about cloud services. The cloud can change on a daily basis, and so can the data stored there!
Let's think about this in a scarier way, for a second. A country is generally on its way out when it starts burning books, right? What's the modern day equivalent of books from a few decades ago? E-books, you might say, but I'd say it encompasses a little more than that. It includes blogs and articles on the Internet, too, which are searchable by engines like Yahoo!, Bing, and Google. Well, if this information is stored in the cloud and the search engines index the cloud, modern day book burning doesn't need 451°F at all. Remove the index and delete the content. If everybody's running Chrome OS or relies completely on the cloud, it's gone for good.
In the past, Google hasn't hesitated to turn over personal data to the United States government. What if the government doesn't like the lyrics of a new track by an up and coming band, and to cut costs that artist only made it available electronically by Google Music and iTunes in the Cloud? Just food for thought!
Anyway, moral of the story? I'm not going to get hooked on a TV show via Netflix ever again!
Thoughts?
Displaying page 11 of 121 of 965 results
     |
This HTML for this page was generated in 0.006 seconds. |