In Other Words

iPhone 3GS

Well kids, it’s that time of the year again.  iPhone season.  Last week, Apple announced their latest move in the iPhone marketplace – the iPhone 3GS.  The new member of the iPhone family is a small upgrade from the existing iPhone 3G that’s been beating the street for the past year.

What’s the new kid bring to the table relative to the existing 3G?

• HSDPA 7.2
• 3 MP auto-focus Camera
• Video Recording w/editing on the device
• Voice Control
• Slightly better battery life

Obviously, anyone would be happy with more battery life – though the additional capacity doesn’t amount to all that much.  Video recording is a nice addition as well.  Voice control is a neat toy, but isn’t used too much in general.  Phones that run S60 have had voice control features for years now.  Same goes for many other manufacturers as well.  Is the feature a killer app that’s used all the time?  Nope.

E71 HSDPA Speed

HSDPA 7.2 is a nice addition, vs. HSDPA 3.6 on the 3G.  However, consider that most AT&T HSDPA customers never see 3.6 Mbps download speed, does 7.2 Mbps really matter?  Check out the screenshot on the right from my Nokia E71, which also supports HSDPA 3.6.  This is fairly representative of the mobile speed tests I’ve done on the device.  In the past, I have seen as high as 1 Mbps, but have never come anywhere near close to 3.6 mbps.

Upgrades from the 3G?  Certainly, but marginal, at best.  All of the other iPhone 3.0 OS features are also present on the iPhone 3G as well.

Has this stopped a torrent of iPhone 3G customers who seemingly cannot go on living without the shiny new iPhone 3GS?  Nope.  There’s a gaggle of people signing a Twitter petition in what will be a vain attempt to get AT&T to repeat last year’s exception to AT&T’s standard policy regarding pre-term upgrades for existing users under contract.  Kids, think about this.  Last year, with the move from the iPhone to the iPhone 3G, AT&T changed the game.  The original iPhone used a $20/month data plan that also gave 200 texts.  Contrast that with the iPhone 3G, which carried a $30/month data plan and included no texts at all.  If you wanted to add those 200 texts back, that’s another $5/month.  Effectively, the customer had to cough up an extra $180 a year to maintain the same level of service when they moved from iPhone to iPhone 3G.  This increased revenue level allowed AT&T to make an exception to the upgrade policy, allowing users that were only half way through their contract to upgrade with no additional cost above what a new customer would pay.

Still don’t get it?  When you buy a phone from a carrier, you’re getting it at a lower price because of your commitment to a contract term of 1, 2, or sometimes even 3 years, though 3 year deals aren’t common in the US.  The carrier is partially subsidizing the cost of the device because you’re locking yourself in for a period of time.  For original iPhone customers, only being a half way through the contract, AT&T had not fully recouped the subsidy provided on the iPhone.  However, since allowing those original iPhone customers would result in an additional $360 above and beyond current revenue levels, it was financially feasible to allow the early upgrades.  It was even in the best interest of AT&T Wireless.  The fact that customers benefitted from the move was secondary – don’t confuse it with good will from AT&T.

So here we are, another year later.  The iPhone 3GS comes at an even lower price tag than before, but uses the exact same plans as the current 3G models.  This time around, there is no benefit to AT&T in allowing early upgrades at no additional costs, so they’re not.  This year, there are 3 levels of iPhone cost:

• Fully Subsidized – $99 for the 8GB 3G, $199 for the 16GB 3GS, $299 for the 32GB 3GS, comes with a 2-year contract.
• Partly Subsidized – Early Upgraders (12-18 months into contract) are eligible to upgrade for a $200 premium above the fully subsidized cost.
• No Subsidy – If you’re less than 12 months into your contract, you can upgrade, but face a $400 premium above the fully subsidized cost.

Herein lay the source of angst for the twittioners.  Kids, get this through your heads.  Your phone company is not your friend, and you’re their friend either.  You’re their customer – who sends them money in return for services.  You’ve agreed to be bound by the terms of a contract.  You cannot alter the terms of the deal just because you want the new, shiny toy.

IDS Install with Tap

I wanted to install a small network ids on my home network using Snort.  I wanted to stick the nids outside of my firewall, so it would be able to examine all Internet traffic coming in & out of the network.  Of course, putting a device online outside my firewall without any protection isn’t terribly attractive, so I decided to install using a tap.  Ignoring the fact that this is really the only possible configuration, given my home ISP (FiOS), it allows me to do a completely stealthed deployment of a nids.  Unfortunately, this type of deployment also precludes the ability to interact with any traffic seen on the wire, so flexresp is out of the question.

Construction of a passive tap

The other bad part about using a tap is that simply by the nature of the tap, you need to have 2 Ethernet ports to sniff on.  Why?  Check out the Snort docs on the subject.  When you setup a tap, you can only push one direction’s worth of traffic onto a single port.  This means you have to combine the traffic on the sniffing device.  Since you can only receive traffic and can’t send on these ports, you must have a third Ethernet port to connect to your internal network, or if you’ve got a larger network, a management LAN.

So, building your tap is pretty simple, when you’ve got the picture here on the right to work from.  Need the parts?  Head over to Home Depot and grab yourself the following parts:

1. A plastic electric box (get one marked for “Old Work”).  An 8 cubic inch box will probably not be deep enough, so go for the one of the 14 cubic inch ones.  Unscrew the little anchor flaps and toss them in the trash.
2. A 4-jack faceplate.  Whatever color you like.  I used white.
3. 4 Cat 5e Ethernet jacks.  I got 2 white and 2 blue.  The white jacks are the Host jacks, and the blue ones are Tap A & B, as shown in the figure at the right.
4. About 6 inches of Ethernet cable.

Strip off the jacket and remove the 8 wires.  Wire up the jacks as shown in the figure.  I found it easiest to wire up one of the host jacks, then run the wires through the tap jacks and finally up to the other host jack.  Try to keep the twists in the wire as much as possible, to prevent NEXT (Near End Crosstalk).  Cap off the jacks and screw the thing into the electric box.

I made two, one to use for the NIDS, and another to carry around for work if I need a tap.

I’m not going to go into how to install Snort, ACID, or any of that stuff.  There are already enough guides out there on that topic.  I will, however, address the need to join the two sniffing interfaces into a single full-duplex interface for Snort to sniff on.  You’ll be using the Linux kernel’s bonding module for this.  I’m going to assume Debian or Ubuntu here.  Add the bonding module to your /etc/modules file, then execute the command modprobe bonding.  In the /etc/network/interfaces file, you’ll need something like this:

auto bond0
iface bond0 inet manual
  up ifconfig $IFACE 0.0.0.0 up
  down ifconfig $IFACE down
  post-up ifenslave bond0 eth0 eth1
  pre-down ifenslave -d bond0 eth0 eth1

Obviously, you’ll need to configure Snort to sniff on the bond0 interface.  Don’t forget to install the ifenslave package.  It’s not installed by default on Ubuntu.

The biggest concern lots of tap novices have is accidentally introducing traffic onto the wire via the tap.  Let’s be clear.  This is simply impossible.  Can’t happen.  At all.  Why?  The only pins that are live on the tap ports are 3 and 6.  Guess what happens on those pins?  It’s only RX, not TX, so you can’t transmit on the tap ports.

So, I’m in Virginia until tomorrow for training.  Alex thought it would be fun to send his stuffed Curious George with me, and so I’ve been sending pictures.

After a big day with me, Monkey decided to relax a bit.

Monkey, relaxing in a chair.

After getting a bit of rest, Monkey decided to send off a few emails.

Monkey sending out some emails

Next, Monkey finally figure out he was hungry, so he cooked some dinner.

Monkey got hungry.

After dinner, Monkey was thirsty, so he had a drink too.

And he's thirsty too.

At the end of such a big day, Monkey went off to bed.

Monkey, hitting the sack.

Thanks to Matt Ralph for pointing this one out.

Bookmarklets

Bookmarklets rock.  They’re great timesavers, and a worthy addition to your browser’s bookmark bar.

So, what’s a bookmarklet?  In short, a bookmark, typically constructed with JavaScript that does a specific task.  For example, emailing some data via your favorite webmail provider, or checking Bugmenot for a login to a site you don’t really want to register for, or generating a shorter URL for a site.  Here are the ones I keep around.  Hopefully you’ll use some of them.  To grab them, mouse over the link and drag to your browser’s bookmark bar.  I recommend you make a folder on your bookmark bar and toss your bookmarklets in that folder (that’s what I do).

Here’s the breakdown of my favorite bookmarklets…

Google Services

Google This: Select some text on a page, click the bookmarlet, blammo – you’ve got a Google search for the selected text.

Google Images: Select some text on a page, click the bookmarlet and you’ve got a Google Image search for the selected text.

GAppMail This: Send the selected text via Google Apps for Your Domain Mail. You’ll need to edit this one to change out yourdomain.com for what your domain name actually is.

Gmail This: Send the selected text via Gmail.

Google Cache: Pull up the Google Cache version of the currently loaded page.

Google Map This: Select an address, get a Google map of it.

Geocode: Get the Latitude & Longitude for the center of a Google map.

Google Translate: Translate the currently loaded page into English

Web Development

Show Divs: Show the <div> areas on the currently loaded page.

ReCSS: Reload CSS for the currently loaded page.

W3C HTML Validator: Run the currently loaded page through the W3C’s HTML Validator.

W3C CSS Validator: Run the currently loaded page’s CSS through the W3C’s CSS Validator.

References

Acronym Lookup: Lookup an acronym in the Internet Acronym Database

Urban Dictionary Lookup: Lookup a selected word in the Urban Dictionary.

Social Networking

Del.icio.us Linkbacks: Show del.icio.us links to the current page.

Compulsory Login Bypass

BugMeNot: Lookup usernames & passwords for various sites.

URL Shorteners

DiggBar: Uses the new DiggBar for URL shortening.

Cli.gs: Uses the Cli.gs shortening service.

It’s MacHeist time again.  Big bundle of Mac apps, low price, lots of charitable contributions from the guys running the thing.

Go have a peek.  It’s definitely worth a look.  If you use 2 of the apps, it’s a worthwhile deal.

For years now, I’ve been kidding myself, hiding behind my secret envy of Steve Ballmer and Bill Gates, opting to use Macs & Linux at home, as well as Symbian-based mobile phones.  I just can’t stand living the lie any longer.

I am a PC!

I’m reformatting our Macs at home, and they will henceforth run nothing but Windows Vista.  Ultimate 64-bit, of course.  No Boot Camp, VMware Fusion or Parallels.  Just Windows Vista.  The sheer beauty of the Vista desktop, laden with all of those oh-so-cool gadgets, the Aero Glass look, and the Control Panel, oh, the sheer bliss of it all!  So what if I’ll need to run full-time anti-virus and anti-spyware apps to protect us and our data?  Honey, I’m home.

And the server, what a colossal mistake it was running Ubuntu’s Intrepid Ibex 64-bit release on there.  What on earth was I thinking???  All of that idle CPU time just going to waste doing nothing.  Why, by installing Windows Server 2008 on the system, I can give that CPU an actual workout.  You know what they say about muscles that go unused..  I figure the same thing applies to the CPU’s power starting to atrophy from lack of use.  So what if I run my phone system out of Asterisk, and have a VPN server that runs in a VMware Server instance?  Again, I’ll have the blissful joy of Windows at my disposal.

And the phones.  We’ve suffered for too many years with S60 devices.  Back when I worked at Nokia, I didn’t have an excuse, but now I can finally break free after all these years!  By moving to Windows Mobile devices, I can now take the nirvana that one can only experience with that stunningly gorgeous Blue Screen of Death out and about with me, right in my pocket.  That BSOD is so invigorating, I think we should change it to the BSOL, Blue Screen of Life!

˙looɟ lıɹdɐ  ¡ʇɥƃıɹ ɥɐǝʎ

We’re spending a quiet evening at home tonight, watching stuff on the Science Channel.  During a commercial break from a very interesting show about the ice hotel that gets built annually in Sweden, we saw a commercial for a new show coming to Animal Planet entitled “River Monsters”.  The gist?  It’s a guy who’s dubbed as “an extreme angler”, which I think roughly translates as “fishes with a harpoon gun nearby”, who goes after really big, nasty fish.  Sort of like Bassmasters, but with the chance of the host being ripped to shreds by some sort of ferocious water creature.

As time marches on, it seems that viewers require more & more shocking content in order to hold their interest.  What will be required in 5 or 10 years to draw in viewers?  How about ice hockey, but where the players have nitroglycerin strapped to their bodies?  How far are we away from The Running Man?

I’ve lost count of how many trips I’ve taken on the Acela Express.  99% of the time, it’s been heading south to DC.  But on those rare occasions that I take it to head north, it’s always incredibly frustrating.

The state of Connecticut seems to be the land of a thousand dead spots.  I’m forever dropping calls, my laptop’s 3G connection doesn’t stay up for the whole trip either.  Going south, the only spot I lose signal totally is the tunnel you pass through at Baltimore.  Being underground, this is not unexpected.

But on a clear, sunny day, riding the rails through Connecticut, it is a big ball of suck.

If you haven’t heard about the global credit crisis, you’ve probably spent the better part of the past year under a rock.  Watch these videos from Jon Jarvis.  They explain in pretty simple terms, plain english even, how we got to where we are.  He really knocks it out of the park here.