I have moved up the "smart/super phone" food chain, to what is arguably the top. I started this race with a Nokia N97, which was not even a "clever phone". I obtained a second hand Samsung Galaxy S to replace the N97. I actually quite liked the experience that it provided, though I couldn't "legally" update the OS on it. Now with the iPhone 5 in my hands for the last week, I'm impressed with some things, and not so much with others.
First off, the phone feels great in my hand. I originally thought the box shape would be uncomfortable, though it is quite nice. I have larger hands than some people, and my thumb not only reaches all the screen, but also the buttons on the opposite side. I admit I was a bit disappointed with the screen size only increasing to 4", also disappointed that it wasn't a standard 720p (1280x720) resolution opting for 1136x640 instead. I am slowly getting over these disappointments as I get used to the device.
iOS 6 preforms better on the iPhone than on the iPad 2, which is as promised with the increase in RAM and CPU power. Even with many apps "open", switching between them and opening more apps has been very seamless. The on screen keyboard in iOS is better than the one in Android 2.3 that my Galaxy S has, though neither match my work BlackBerry's hardware keyboard for accuracy with my particular thumbs. Coming from the Galaxy S, I find myself trying to push the back and menu buttons that were on either side of the "home" button in the hardware. Autocorrect has been an annoyance off and on, especially with slang terms or txt specific spellings. Just when I think I've trained it, the next time I type it autocorrects to something completely wrong.
I'm not sure if it is because in my area there is no LTE coverage yet, but Siri seems slow to respond, and every once in a while it feels like playing the telephone game with MicroSoft Bob. iMessage and FaceTime work very well, and the "HD" FaceTime camera looks great. I haven't fully explored the camera yet, but the few test shots, videos and panoramas I took are starting to rival the basic shots I take with my Canon T1i.
The GPS seems to be a bit off as well, showing me as across the street from where I am in most cases, and once showing me a good 5 minute drive across the river from where I was. My girl tells me that where she lives, the GPS is spot on, so I think this might have something to do with why people have issues with the Apple Maps program. I was hoping I could use the geofencing features to do things like turn the WiFi off and on when I leave/get home. To date I haven't found out how to do that.
What can I say about iTunes that hasn't already been complained about more eloquently somewhere else? I'm disappointed that in this "post PC era" I still have to connect to to the computer and use iTunes to transfer my non iTunes store bought music, audiobooks, etc to the device. (I know there are various iTunes alternatives out there, but that still defeats the "post PC era" rhetoric) There is supposed to be a new iTunes "in October", so Apple has 10 days left to release, and hopefully this will help.
The inability to mount the device as a USB mass storage and drag/drop things, not (as of yet) being able to go even to a gas station or dollar store and pick up a spare charge cord , and having to be in OS X to develop are my only major complaints.
Overall I'm very happy with the iPhone, granted I haven't had access to the major competition. There are enough things right with the phone that I am looking forward to the next 3 years or so with the device.
Sunday, October 21, 2012
Saturday, June 2, 2012
My #OpenBSD Adventure: Part 3
Life is very disrespectful of projects isn't it?
For those just joining the program, I currently have my OpenBSD machine with base PF rules (pass all) and a D-Link WiFi-N base station. I have two major points on the todo list, hoping to achieve at least one today.
1. Install Squid ( http://www.squid-cache.org ) and set up as a transparant proxy, with ad/spam blocking.
2. Install and enable third NIC to separate the WiFi segment.
Tackling the first point, I've downloaded the Squid source. I'm going to use
./configure --enable-pf-transparent
I have a feeling I'm going to need to use --enable-auth-helpers="(something)" in the future for the captive portal part of the project, but for now I will just try to get things running.
I forgot how long things take to compile from source. Even on a fairly hefty machine, Squid took about 20 minutes start to finish. There seems to be an issue on OpenBSD. The Squid user by default does not have write access to the var/log or var/cache directories.
Appending the lines
pass in on em0 proto tcp from any to any port 80 rdr-to 127.0.0.1 port 3128
pass in on em0 inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on xl0 inet proto tcp from any to any port www keep state
forced all the web traffic from my machines through Squid, which I was able to verify by way of an ACL in squid.conf that blocked reddit. It is worth noting here that in the newest PF, the syntax has changed quite a bit. The old way was to
rdr on $if ....
and the new way is
pass in on $if ....rules... rdr-to ....
This had me scratching my head for a while this afternoon, as every guide for exactly transparent Squid/PF was using the old syntax.
In squid.conf, I put these lines
acl badurls url_regex "/usr/local/squid/etc/block.txt"
http_access deny badurls
/usr/local/squid/etc/block.txt contained the single line of "reddit" for now, I will be filling this with ad/annoying web urls at a later time.
Right now, if the browser is set to use 10.0.0.1/3128 as the proxy, all works well. If browser has no proxy set, Squid returns an error about malformed URLs. For now, I have disabled the rdr line.
Well that was easy as reading a little bit. Adding "transparent" to the line in squid.conf got it up and running.
http_port 3128 transparent
Next up, tackling the authentication bits. Plan is to have the WiFi segment require authentication and have rules based on device/user, and the hard wired lan be open. (Only people I know will be plugging in)
For those just joining the program, I currently have my OpenBSD machine with base PF rules (pass all) and a D-Link WiFi-N base station. I have two major points on the todo list, hoping to achieve at least one today.
1. Install Squid ( http://www.squid-cache.org ) and set up as a transparant proxy, with ad/spam blocking.
2. Install and enable third NIC to separate the WiFi segment.
Tackling the first point, I've downloaded the Squid source. I'm going to use
./configure --enable-pf-transparent
I have a feeling I'm going to need to use --enable-auth-helpers="(something)" in the future for the captive portal part of the project, but for now I will just try to get things running.
I forgot how long things take to compile from source. Even on a fairly hefty machine, Squid took about 20 minutes start to finish. There seems to be an issue on OpenBSD. The Squid user by default does not have write access to the var/log or var/cache directories.
Appending the lines
pass in on em0 proto tcp from any to any port 80 rdr-to 127.0.0.1 port 3128
pass in on em0 inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on xl0 inet proto tcp from any to any port www keep state
forced all the web traffic from my machines through Squid, which I was able to verify by way of an ACL in squid.conf that blocked reddit. It is worth noting here that in the newest PF, the syntax has changed quite a bit. The old way was to
rdr on $if ....
and the new way is
pass in on $if ....rules... rdr-to ....
This had me scratching my head for a while this afternoon, as every guide for exactly transparent Squid/PF was using the old syntax.
In squid.conf, I put these lines
acl badurls url_regex "/usr/local/squid/etc/block.txt"
http_access deny badurls
/usr/local/squid/etc/block.txt contained the single line of "reddit" for now, I will be filling this with ad/annoying web urls at a later time.
Right now, if the browser is set to use 10.0.0.1/3128 as the proxy, all works well. If browser has no proxy set, Squid returns an error about malformed URLs. For now, I have disabled the rdr line.
Well that was easy as reading a little bit. Adding "transparent" to the line in squid.conf got it up and running.
http_port 3128 transparent
Next up, tackling the authentication bits. Plan is to have the WiFi segment require authentication and have rules based on device/user, and the hard wired lan be open. (Only people I know will be plugging in)
Wednesday, May 23, 2012
My #OpenBSD Adventure: Part 2
I woke up this morning to be greeted by
Write failed: Broken pipe
cvs [checkout aborted]: end of file from server (consult above messages if any)
Write failed: Broken pipe
cvs [checkout aborted]: end of file from server (consult above messages if any)
So like the true Windows admin I let myself become, I decided to download a -current iso, in the hopes that the patch for the Belkin USB would be applied.
5.1-current, 5/21/12, installed and Belkin recognized and available as urtwn0! Ah the joys of living on the edge. I apparently did not read quite well enough. In my excitement to see an actual USB device in my hand, I did not notice the lack of (AP) next to the urtw in http://www.openbsd.org/faq/faq6.html#Wireless so it is back to the store to exchange the USB for a low end WiFi router.
I now have a D-Link DIR-601 for about $12 less (tax in) than the Belkin, and will be using the Prosys/3Com 10/100 extra NIC to control wireless. I may have to write a review/rant on the oddities of consumer network hardware, as that wizard is a bit crazy.
Command to enable forwarding:
echo net.inet.ip.forwarding=1 >>/etc/sysctl.conf
My quick dhcpd.conf to just get it up and running
# $OpenBSD: dhcpd.conf,v 1.2 2008/10/03 11:41:21 sthen Exp $
#
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#
# Network: 192.168.1.0/255.255.255.0
# Domain name: my.domain
# Name servers: 192.168.1.3 and 192.168.1.5
# Default router: 192.168.1.1
# Addresses: 192.168.1.32 - 192.168.1.127
#
option domain-name "mynet";
option domain-name-servers 10.0.0.1;
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.1;
range 10.0.0.40 10.0.0.90;
host static-client {
hardware ethernet 22:33:44:55:66:77;
fixed-address 192.168.1.200;
}
host pxe-client {
hardware ethernet 02:03:04:05:06:07;
filename "pxeboot";
next-server 10.0.0.1;
}
}
Quick pf.conf to just get up and running
pass out on xl0 from em0:network to any nat-to (xl0)
(epic eh? ;) )
Well, this is it for tonight. I hope to move the DIR-601 to NIC #3 and set it on its own subnet tomorrow.
Tuesday, May 22, 2012
My #OpenBSD Adventure
My concept is to come out of this with an OpenBSD firewall with the following features:
1. Separate WiFi and hard wired segments
2. DNS Caching
3. SSH/VPN tunnel
4. DHCP with static entries for known hosts
5. "Guest" SSID with nocat/authpf captive portal and restricted rulesets
6. Known WiFi hosts have access to wired file shares and other services
7. Squid, preferably in a transparant configuration, to both WiFi and wired
8. Silent and low power (looking for a Mini-ITX solution, quite in the future)
9. IDS with alerting via email/txt
10. Shape traffic and QoS (give email/IM/web traffic priority over downloads)
I do not think I will have web/email services on the main firewall, as that can not be considered best practice. I am setting up this lovely bit of overkill on my home network as practice for doing a similar setup for clients. Unless there is a serious money issue for the client, and they require internal web/mail services, I would do for them what I will do for myself and have a separate box for web/mail/etc.
I'm going to start this on an old Dell PC salvaged from a pawn shop for about $100. This is going to be noisier and take more power than the final machine. This motherboard has an Intel Gigabit NIC onboard which will plug in to the 5 port Gigabit hub. I've added a 10/100Mbit 3Com I had laying around to connect to the ISP router.
My adventure begins tonight, May 22nd, after having purchased a Belkin N300 Micro WiFi-N USB adapter. I have verified the adapter is in working condition by booting an Ubuntu live USB.
Installing OpenBSD 5.1 to a 4GB USB stick (the former Ubuntu live USB) was trivial, as it was detected as sd0. I just let it autopartition from there.
My NIC setup is, xl0 (3Com 3c895C 10/100, "external"), em0 (Intel Pro 10/100/1000, "wired"), and either the Belkin N300 I purchased tonight, or if that proves a bit beyond my abilities, a 3Com 3C905C 10/100 salvaged from an old machine plugged in to an inexpensive WiFi-N "router".
As I turn in for the night, I'm running CVS checkout on -current, to rebuild the kernel and get the proper updated drivers (I hope).
An ambitious project, which I hope will lead to more knowledge and even crazier projects :)
**Edited because I remembered #10 :) **
1. Separate WiFi and hard wired segments
2. DNS Caching
3. SSH/VPN tunnel
4. DHCP with static entries for known hosts
5. "Guest" SSID with nocat/authpf captive portal and restricted rulesets
6. Known WiFi hosts have access to wired file shares and other services
7. Squid, preferably in a transparant configuration, to both WiFi and wired
8. Silent and low power (looking for a Mini-ITX solution, quite in the future)
9. IDS with alerting via email/txt
10. Shape traffic and QoS (give email/IM/web traffic priority over downloads)
I do not think I will have web/email services on the main firewall, as that can not be considered best practice. I am setting up this lovely bit of overkill on my home network as practice for doing a similar setup for clients. Unless there is a serious money issue for the client, and they require internal web/mail services, I would do for them what I will do for myself and have a separate box for web/mail/etc.
I'm going to start this on an old Dell PC salvaged from a pawn shop for about $100. This is going to be noisier and take more power than the final machine. This motherboard has an Intel Gigabit NIC onboard which will plug in to the 5 port Gigabit hub. I've added a 10/100Mbit 3Com I had laying around to connect to the ISP router.
My adventure begins tonight, May 22nd, after having purchased a Belkin N300 Micro WiFi-N USB adapter. I have verified the adapter is in working condition by booting an Ubuntu live USB.
Installing OpenBSD 5.1 to a 4GB USB stick (the former Ubuntu live USB) was trivial, as it was detected as sd0. I just let it autopartition from there.
My NIC setup is, xl0 (3Com 3c895C 10/100, "external"), em0 (Intel Pro 10/100/1000, "wired"), and either the Belkin N300 I purchased tonight, or if that proves a bit beyond my abilities, a 3Com 3C905C 10/100 salvaged from an old machine plugged in to an inexpensive WiFi-N "router".
As I turn in for the night, I'm running CVS checkout on -current, to rebuild the kernel and get the proper updated drivers (I hope).
An ambitious project, which I hope will lead to more knowledge and even crazier projects :)
**Edited because I remembered #10 :) **
Subscribe to:
Posts (Atom)