On July 4th, 2018, I reported a security/privacy problem to Apple regarding the
firmware on its
now-discontinued
AirPort wireless access points.
Per
Apple's website,
a "factory-default reset" of an AirPort should
"remove any saved configurations and profiles"
and should be sufficient for
"selling or giving away your base station".
On at least AirPort Extreme AP firmware 7.7.9 and AirPort Express firmware 7.6.9
(the newest available for each device at the time of reporting), a
"factory-default" reset just moves the configuration file to a new location on the
device, and the old file and up to two additional previous configurations remain
accessible on the device.
The Cidco MailStation is a series of dedicated e-mail terminals sold
in the 2000s as simple, standalone devices for people to use to send and receive
e-mail over dialup modem.
While their POP3 e-mail functionality is of little use today, the hardware is a
neat Z80 development platform that integrates a 320x128 LCD, full QWERTY keyboard,
and an internal modem.
After purchasing one (ok, four) on eBay some months ago, I've learned enough
about the platform to write my own software that allows it to be a terminal for
accessing BBSes via its modem or as a terminal for a Unix machine connected over
parallel cable.
posted on thursday, march 21st, 2019
with tags
networking and
openbsd
I upgraded to
AT&T's U-verse Gigabit
internet service in 2017 and it came with an Arris BGW-210 as the WiFi AP and
router.
The BGW-210 is not a terrible device, but I already had my own Airport Extreme
APs wired throughout my house and an OpenBSD router configured with various
things, so I had no use for this device.
It's also a
potentially-insecure
device that I can't upgrade or fully disable remote control over.
Fully removing the BGW-210 is not possible as we'll see later, but it is possible
to remove it from the routing path.
This is how I did it with OpenBSD.
posted on monday, november 12th, 2018
with tags
debugging,
laptops,
linux, and
openbsd
last updated on sunday, march 24th, 2019
I use a
Huawei Matebook X
as my primary OpenBSD laptop and one aspect of its
hardware support
has always been lacking: audio never played out of the right-side speaker.
The speaker did actually work, but only in Windows and only after the
Realtek Dolby Atmos audio driver from Huawei was installed.
Under OpenBSD and Linux, and even Windows with the default Intel sound driver,
audio only ever played out of the left speaker.
Now, after some extensive reverse engineering and debugging with the help of VFIO
on Linux, I finally have audio playing out of both speakers on OpenBSD.
For some reason I like small laptops and the constraints they place on
me (as long as they're still usable).
I used a Dell Mini 9 for a long time back in the netbook days and was recently
using an 11" MacBook Air as my primary development machine for many years.
Recently Microsoft announced a smaller, cheaper version of its
Surface tablets called
Surface Go
which piqued my interest.
Seven years ago, I
hacked together
some code to update my Ecobee WiFi thermostat temperature depending on whether I was
home.
While my newer Ecobee thermostat has room occupancy sensors that make this tracking
automatic, back then I had to poll my WiFi access point through SNMP to look for my
phone's MAC address in its table of associated clients.
Recently I needed to do something similar to pass to my Z-Wave controller but it
seems that Apple has removed SNMP support from its Airport Extreme firmware some
time ago.
The Dolch PAC 64 is a portable, rugged Pentium-powered PC from the mid 1990s.
It was usually used (and can usually be found on eBay) as a "portable network
sniffer" complete with multiple network cards supporting multiple media types.
I've been using an
OpenBSDlaptop
as my workstation a lot more lately, probably because most of my hardware just
works now and I don't have to think too much about it.
The touchpad
works
when I touch it, I can be confident that when I close the lid, the laptop
will fully suspend and then fully resume again when I open it,
WiFi works all throughout my house (although it's not terribly fast), and my
web browser
is fast and stable.
What amazing times we live in.
In the past, one thing that frequently kept me going back to my
Mac,
aside from
iOS and Android
development, was
1Password.
I have a ton of logins for websites and servers, and because my
browsers
are all configured to
clear cookies
for most websites after I close their tabs,
I need frequent access to passwords synced across my laptops and phones, and
1Password has great apps for all of those except OpenBSD.
ThinkPads have sort of a
cult following
among OpenBSD developers and users because the hardware is basic and well supported,
and the keyboards are great to type on.
While
no stranger
to ThinkPads myself, most of my OpenBSD laptops in recent years have been from
various vendors
with brand new hardware components that OpenBSD does not yet support.
As satisfying as it is to write new kernel drivers or extend existing ones to make
that hardware work, it usually leaves me with a laptop that doesn't work very well
for a period of months.
After exhausting efforts trying to debug the I2C touchpad interrupts
on the
Huawei MateBook X
(and other 100-Series Intel chipset laptops), I decided to take a break and use
something with better OpenBSD support out of the box: the fifth generation
Lenovo ThinkPad X1 Carbon.
The
Huawei MateBook X
is a high-quality 13" ultra-thin laptop with a fanless Core i5 processor.
It is obviously biting the design of the
Apple 12" MacBook,
but it does have some notable improvements such as a slightly larger screen, a
more usable keyboard with adequate key travel, and 2 USB-C ports.
It also uses more standard PC components than the MacBook, such as a
PS/2-connected keyboard, Intel WiFi card, etc., so its OpenBSD compatibility is
quite good.
posted on monday, july 10th, 2017
with tags
pushover and
rails
last updated on friday, july 7th, 2017
For the majority of the past five years,
Pushover
has run on one physical OpenBSD server.
It does have a hot spare hosted with another company in another part of the country,
but usually everything has been served from just one machine at a time.
Its MariaDB database is replicated in a master-master configuration over a secure
tunnel between the servers so that either node can become active at any time.
When I wanted to take the primary server down for upgrades or the server's
network provider was having routing troubles, I would update DNS for various
pushover.net entries to point at the other server's IPs where all of the
components were already running.
Within seconds, traffic would start hitting the secondary server and within a half
hour, everyone would be using it, allowing me to take the primary server offline
as long as I needed.
posted on friday, june 23rd, 2017
with tags
hardware,
mac, and
retrocomputing
last updated on sunday, august 16th, 2020
Back in 2015, I
created a BBS
for
Lobsters
that worked in a web browser via WebSockets.
After getting an old Mac earlier this year, I wanted a way to access the BBS from
the Mac as natively as I could.
Adding telnet and SSH frontends to the BBS was not too difficult, but being able
to login from my Mac took a bit of work.
In January I got a Macintosh 512Ke on eBay and spent some time fixing it up.
The screen would occasionally flicker and shut off, but banging on the side of
the case would sometimes bring it back.
Some research pointed me to the analog board needing some capacitors replaced,
which has completely solved the problem.
The
Xiaomi Mi Air 12.5"
is a basic fanless 12.5" Ultrabook with good build quality and decent hardware
specs, especially for the money;
while it can usually be
had
for about $600, I purchased mine for $489 shipped to the US during a sale.
posted on tuesday, february 14th, 2017
with tags
endless,
ios, and
privacy
last updated on thursday, february 9th, 2017
Introduced in iOS 9,
Universal Links
allow iOS developers to claim ownership of domain names (including wildcards) that
can be processed by that developer's iOS app.
When an iOS user taps on a link to a URL of that domain name in any app, such as
Safari or Mail, and the user has that 3rd party app installed, that 3rd party app is
immediately launched to service the URL.
For web browsing apps on iOS that route traffic through VPNs or Tor, this feature
can cause traffic to be sent outside of the VPN/Tor network without warning.
For instance, if one has the
eBay app
installed and taps on
this link
from within Safari or any other web browsing app on iOS, the eBay app will be opened
to load that auction page.
