On July 4th, 2018, I reported a security/privacy problem to Apple regarding the firmware on its now-discontinued AirPort wireless access points.

Per Apple's website, a "factory-default reset" of an AirPort should "remove any saved configurations and profiles" and should be sufficient for "selling or giving away your base station".

On at least AirPort Extreme AP firmware 7.7.9 and AirPort Express firmware 7.6.9 (the newest available for each device at the time of reporting), a "factory-default" reset just moves the configuration file to a new location on the device, and the old file and up to two additional previous configurations remain accessible on the device.

Continue reading 1,272 words...

The Cidco MailStation is a series of dedicated e-mail terminals sold in the 2000s as simple, standalone devices for people to use to send and receive e-mail over dialup modem. While their POP3 e-mail functionality is of little use today, the hardware is a neat Z80 development platform that integrates a 320x128 LCD, full QWERTY keyboard, and an internal modem.

After purchasing one (ok, four) on eBay some months ago, I've learned enough about the platform to write my own software that allows it to be a terminal for accessing BBSes via its modem or as a terminal for a Unix machine connected over parallel cable.

Continue reading 2,346 words...

I upgraded to AT&T's U-verse Gigabit internet service in 2017 and it came with an Arris BGW-210 as the WiFi AP and router. The BGW-210 is not a terrible device, but I already had my own Airport Extreme APs wired throughout my house and an OpenBSD router configured with various things, so I had no use for this device. It's also a potentially-insecure device that I can't upgrade or fully disable remote control over.

Fully removing the BGW-210 is not possible as we'll see later, but it is possible to remove it from the routing path. This is how I did it with OpenBSD.

Continue reading 1,772 words...

I use a Huawei Matebook X as my primary OpenBSD laptop and one aspect of its hardware support has always been lacking: audio never played out of the right-side speaker. The speaker did actually work, but only in Windows and only after the Realtek Dolby Atmos audio driver from Huawei was installed. Under OpenBSD and Linux, and even Windows with the default Intel sound driver, audio only ever played out of the left speaker.

Now, after some extensive reverse engineering and debugging with the help of VFIO on Linux, I finally have audio playing out of both speakers on OpenBSD.

Continue reading 2,059 words...

For some reason I like small laptops and the constraints they place on me (as long as they're still usable). I used a Dell Mini 9 for a long time back in the netbook days and was recently using an 11" MacBook Air as my primary development machine for many years. Recently Microsoft announced a smaller, cheaper version of its Surface tablets called Surface Go which piqued my interest.

Continue reading 3,019 words...

In the past couple weeks I contributed to a bunch of different open source projects in different ways and I thought I'd write about some of them.

I switched from Dropbox to Syncthing a while ago and so far it's been pretty great. I run it on my macOS server in the basement which mirrors everything on its large disks, and also on my various laptops where I selectively sync certain directories that I need.

Continue reading 1,507 words...

Seven years ago, I hacked together some code to update my Ecobee WiFi thermostat temperature depending on whether I was home. While my newer Ecobee thermostat has room occupancy sensors that make this tracking automatic, back then I had to poll my WiFi access point through SNMP to look for my phone's MAC address in its table of associated clients.

Recently I needed to do something similar to pass to my Z-Wave controller but it seems that Apple has removed SNMP support from its Airport Extreme firmware some time ago.

Continue reading 599 words...

The Dolch PAC 64 is a portable, rugged Pentium-powered PC from the mid 1990s. It was usually used (and can usually be found on eBay) as a "portable network sniffer" complete with multiple network cards supporting multiple media types.

Continue reading 1,222 words...

I've been using an OpenBSD laptop as my workstation a lot more lately, probably because most of my hardware just works now and I don't have to think too much about it. The touchpad works when I touch it, I can be confident that when I close the lid, the laptop will fully suspend and then fully resume again when I open it, WiFi works all throughout my house (although it's not terribly fast), and my web browser is fast and stable. What amazing times we live in.

In the past, one thing that frequently kept me going back to my Mac, aside from iOS and Android development, was 1Password. I have a ton of logins for websites and servers, and because my browsers are all configured to clear cookies for most websites after I close their tabs, I need frequent access to passwords synced across my laptops and phones, and 1Password has great apps for all of those except OpenBSD.

Continue reading 1,534 words...

ThinkPads have sort of a cult following among OpenBSD developers and users because the hardware is basic and well supported, and the keyboards are great to type on. While no stranger to ThinkPads myself, most of my OpenBSD laptops in recent years have been from various vendors with brand new hardware components that OpenBSD does not yet support. As satisfying as it is to write new kernel drivers or extend existing ones to make that hardware work, it usually leaves me with a laptop that doesn't work very well for a period of months.

After exhausting efforts trying to debug the I2C touchpad interrupts on the Huawei MateBook X (and other 100-Series Intel chipset laptops), I decided to take a break and use something with better OpenBSD support out of the box: the fifth generation Lenovo ThinkPad X1 Carbon.

Continue reading 1,557 words...

The Huawei MateBook X is a high-quality 13" ultra-thin laptop with a fanless Core i5 processor. It is obviously biting the design of the Apple 12" MacBook, but it does have some notable improvements such as a slightly larger screen, a more usable keyboard with adequate key travel, and 2 USB-C ports.

It also uses more standard PC components than the MacBook, such as a PS/2-connected keyboard, Intel WiFi card, etc., so its OpenBSD compatibility is quite good.

Continue reading 1,265 words...

For the majority of the past five years, Pushover has run on one physical OpenBSD server. It does have a hot spare hosted with another company in another part of the country, but usually everything has been served from just one machine at a time. Its MariaDB database is replicated in a master-master configuration over a secure tunnel between the servers so that either node can become active at any time.

Continue reading 2,310 words...

Back in 2015, I created a BBS for Lobsters that worked in a web browser via WebSockets. After getting an old Mac earlier this year, I wanted a way to access the BBS from the Mac as natively as I could. Adding telnet and SSH frontends to the BBS was not too difficult, but being able to login from my Mac took a bit of work.

Continue reading 1,413 words...

The Xiaomi Mi Air 12.5" is a basic fanless 12.5" Ultrabook with good build quality and decent hardware specs, especially for the money; while it can usually be had for about $600, I purchased mine for $489 shipped to the US during a sale.

Note that the current models being sold have a 7th generation (Kaby Lake) processor, so OpenBSD compatibility will be different.

Continue reading 1,836 words...

Introduced in iOS 9, Universal Links allow iOS developers to claim ownership of domain names (including wildcards) that can be processed by that developer's iOS app. When an iOS user taps on a link to a URL of that domain name in any app, such as Safari or Mail, and the user has that 3rd party app installed, that 3rd party app is immediately launched to service the URL.

For web browsing apps on iOS that route traffic through VPNs or Tor, this feature can cause traffic to be sent outside of the VPN/Tor network without warning. For instance, if one has the eBay app installed and taps on this link from within Safari or any other web browsing app on iOS, the eBay app will be opened to load that auction page.

Continue reading 987 words...