NBN: The Somewhat Expected Journey

In the beginning

About three and a half years ago I was planning on purchasing a house with my then-girlfriend and choose a location that was earmarked to get Fibre to the Premise (FttP) National Broadband Network (NBN)​ with a three year build date. Within a few months of settlement an election was called and my location was wiped off the NBN map completely.

Three years on and I receive an email from my ISP advising that HFC is going to be available. Then junkmail in the mailbox with offers from one random unknown and a couple of known much disliked Retail Service Providers (RSP) - in the NBN world, they are now referred to as Retail Service Providers (RSP) and formally known as Internet Service Provider (ISP). Yes there is a difference.

The only thing that I think our government may have managed to achieve with their three words slogan for NBN during their campaigning is simply "cheaper" They appear to failed on the "faster" and "sooner" parts.

Back on track with the story, I jumped at the RSP email and decided to 'pre-order' my NBN (which turned out to be a mistake) as I learned from an NBN representative that that a pre-order is actually a new order and would have created a whole new account not linked or related to my existing, long tenure one, which I want to keep at least until the day I decide to switch to a new RSP. But that's not all I learned, just not from my RSP.

Curse of the cabling

Not only did I not realise that there was an existing Telstra cable/Foxtel box out the front of the house from a previous owner/residents installation, but it was in an inconvenient location and I needed to remediate the coax cabling before the NBN appointment (to install the Network Termination Device (NTD) - otherwise known as an NBN "Connection Box".

So in preparation for the NBN appointment, I decide to cancel the NBN order (also under advise by the RSP), except I wasn't quick enough to cancel the router that was immediately sent out. No biggie. It only cost $10 to have it sent to me.

So that brings me to the next part. The cabling. I forgot about the existing Telstra cable box at the front of the house outside, but since there was also foxtel dish on the roof (I actually thought the foxtel dish was the source of the cabling point), so I decided to remove the foxtel dish, but not before a trip to Bunnings to get two blank wall plates so that I could make it appear as though nothing was cabled or points inside the house, whereby upon removing said dish, I discovered that the dishes cable didn't actually go to the wall point I expected, but I continued to remove it anyway, putting aside the dish, mounting bracket and cable once removed.

I then located the actual coax cable drop (after realising/remembering about the cable box out front. Derp) and proceeded to pull that across to the (new) location where I wanted it. At this point I realised I had to go to Bunnings again, this time for an electrical snake, electrical tape, 16mm masonry drill bit and a new coax f-type wall plate.

Thinking that I had everything I needed, I tidied up the wall plates from the previous coax cable points and started to painstaking pull the existing cable through the roof eves trying to keep minimal turns to maximise length only to find out that the cable still fell short of approximately three metres. Being the engineer that I am, I saved myself I some money by reusing the cable from the foxtel dish I removed earlier and joined the coax with a connector salvaged from a removed f-type wall plate. Brilliant!

So after wrapping the join with a generous amount of electrical tape, there was more than enough length for the cable to reach the new wall point, for which was not as straight forward as just drilling a forty five degree hole to the wall cavity as I managed to loose the coax connector after I managed to get the snake and cable wedged in the bend of the newly drilled hole thinking I could stupidly un-wedge it by pulling harder on the snake then on the actual cable (minus the connector) and then on the snake again - finally dislodging the snake (minus the connector - which now lives somewhere inside the cavity walls). All this only because I mistakenly taped the coax cable and it's connector to the top of the snake instead of the bottom to allow it to go around the the bend of the newly drilled hole for the wall plate. Lesson learned.

Once I had the coax pulled through, I went off to Jaycar this time to get the replacement F-type connector (including a spare in case I borked it), but quickly realised that they were for a coax cable with a smaller core, so after yet another trip to Bunnings for the correct F-type connector, I got the wall plates finished and titles put back on the roof. Lucky for me I didn't break any tiles during the walking about on the roof!

Order in the court!

After all the saga of cabling was completed, I contacted my RSP and requested a new NBN order, this time under my existing account. So far so good except I receive another email telling me a router is being delivered. Again.

The next day I contact my RSP via reply email for the hardware order asking to cancel it. No response. I call them the following day to cancel it. They tell me there is no evidence of any charge but by that time I already have an email telling me it's been dispatched and on its way (It arrived the next day shoved into the mailbox, whereas the previous one I had to sign for at the local post office).

At this point the NBN appointment to install the NTD had also been brought forward but in the meantime I decided to break open the HG659b since I had two of them, so one of them was doomed to become my sacrificial test unit (read on to find out how/why).

./hack

Hacking the sacrificial unit involved soldering header pins to the empty holes where a serial port has been identified thanks to an openwrt hardware wiki article on it. De-soldering the factory solder points to put the header pins took far longer than actually soldering on the header pins though.

Having access to the serial port it was easy to get into the Common Firmware Environment (CFE) by interrupting the boot sequence so that I could flash spark (NZ) firmware onto this unit as it was more likely to include the download configuration file exploit not available in the crippled TPG firmware.

After doing the configuration file download exploit on the sacrificial unit with alternative firmware, I decrypted the configuration file with the help of a whirlpool knowledge article, and then the root password from the modified unit, I was then able to successfully use those credentials to log into the unmodified unit with normal, unadulterated, uncripled access.

With noob access defeated, I quickly discovered that not only does the unit only allow static routes, on the WAN interfaces but it is very picky about its LAN management IP address and subnet mask. According to the admin UI, apparently 192.168.2.1/24 is invalid and the Command Line Interface (CLI) over telnet is cripled and you cannot get a shell whatsoever. By this stage you can probably imagine the eyetwitch starting.

By now, it was blindingly clear that the HG659b is complete rubbish (ESPECIALLY WITH TPGs CRIPLED FIRMWARE!) - even more so for a network engineer such as myself.

In between all this, the NBN contractors had attended the premises (at the very end of the appointment window no less) to install the NTD (yes, it took two of them) and found the existing Telstra cable to have no signal! Thinking that it was my fault, I simply explained that I "had the the wall point moved". They then opened up the telstra cable box out front and not only found two cables coming from it but one of them was not connected - which was obviously the one I had remediated. They switched the cabling and the line had signal and they where able to activate it. By now one of the NBN contractors - what looked like the junior of the two - had left. The NBN contractor then used the excuse that his phone battery was flat so that he didn't have to wait around for the half an hour for confirmation of the service being activated. I wonder where the other cable leads to then?

MOAR HARDWARE!

Knowing that the HG659 is completely useless to me for my requirements, I dug around for an OpenWRT compatible router (not an AP and ADSL and everything all-in-one-gateway-that-everyone-calls-a-damn-router!) and settled on a MikroTik RouterBoard RB750GL from WISP - these guys have a questionable website security wise (certificate is fine but pages may include a form(s) with a non-secure "action" attribute.) but they shipped this thing in record time!

With the new router in hand I took a quick look at the very ugly UI for RouterOS and promptly installed OpenWRT on it using a combination OpenWRT installation methods from both the device page and the general common procedures (the latter of which mentions the missing initrd).

Before I got it off the default IP address (and adding a static summary route for all my subnets), I realised was getting annoyed at this point having to deal with equipment which ships with IP addresses which conflict with my own network, so I decided to change my Local Area Network (LAN) subnet to something more sane, which took about three hours of solid uninterrupted work to migrate configuration to a previously unused Cisco 48 port PoE switch (some things are outstanding but I can defer those for another time).

Lastly, I added a new PPPoE connection to the the port already tagging on VLAN ID 2 and viola! I'm connected to the NBN with a device which I have much more trust and configuration options. Even the default firewall rules where reasonable.

Summary

I have learned a few things these last few weeks: how to save some money, how not chase a cable through a wall and not to necessarily jump onto something no matter how exiting it seems and could help with working from home and studying in the future but even more recently, how NBN HFC is delivered and more recently, how important security is with the NBN (more on this in a new post hopefully).

It has been an interesting journey and the thing I enjoyed the most about this was the hardware hacking (however futile it was) and the handyman type work (drilling holes chasing cables etc). What I least enjoyed was the level of service from my RSP and the fact that they managed to bork the username on the account, but all-in-all the actual throughput/bandwidth of the service seems reasonable for now and by the time you read this, I will probably have shut down my ADSL service.

The funniest thing about all this all is the fact that the wife hasn't noticed the improvement in speeds, since I told her (and she agreed) to the experiment of not telling her when it was actually done!

Oh and NBN sent a survey asking about how likely I was to recommend NBN, based on the "excellent" service I received with a scale of 1-10, only to tell me that I had to choose 4 or higher. Go figure.


If you have read this far, thanks for reading and feel free to share your experience with me by posting in the comments or via Google+ (link to post is best).

BIND (named) server remidiation [part 2]

Following up from my previous post (BIND (named) server remidiation), I spent a good couple hours further developing and testing the configuration but failing to get a bind9 reverse lookup zone to load only to find out that I had a slight typo in the reverse lookup zone definition

named-checkzone was returning OK, but named itself was failing to load the zone file with the error:

zone X.X.X.in.addr.arpa/IN: has 0 SOA records
zone X.X.X.in.addr.arpa/IN: has no NS records
zone X.X.X.in.addr.arpa/IN: not loaded due to errors.

It wasn't until I had a friend take a closer look at then the problem became clear:

I defined the zone as .in.addr.arpa instead of .in-addr.arpa in the named.conf include file which references the zone file.

Some things I have learned is:

• Check the logs (in my case, on a default debian/bind9 install this was /var/log/syslog) when things don't work.
• Always check your config with the bind DNS tools before reloading
• Always check your zones files with the bind DNS tools before reloading
• Keep zone files neat and group together similar resource record types.

Now that I have the dev domain DNS working, I just need to look at setting up DHCP and testing dynamic DNS.

I also considered moving different resource records for each zone into a separate file, but this is not necessary, due to the (current) size of the network.

Once this is all done, tested and implemented in 'production', I will also consider keeping a similar configuration in dev as a slave for all zones from the primary DNS or just as it is and just for testing.

Rasbpberri Pi Internet Connectivity Lab

I have successfully built a lab for testing internet connectivity to the Raspberry Pi 2, by using my phone in a USB tethering configuration.

I followed the majority of the configuration listed in the OpenWRT wiki, except I used the LuCI web configuration instead of the final manual step of using uci to use usb0 as the WAN connection

This will now allow me to test various scenarios including multiple default routes with different metrics as well as testing firewall configurations using OpenWRT running on the Rpi2.

The one gotcha is that I forgot to set the rout back to the internal network for which was previously miss-configured.

I am getting one step closer to having much more control of my internet as well as being able to NET/Route all of my subnets!

Google Plus killed the technology blog

This may be the final entry in this and my other blogs.

I managed to painstakingly avoid using Facebook for many years, and instead waited patiently for Google to create it's social networking site, Google Plus (If you have never heard of Google+, I strongly urge you to go back to the rock you have so obviously been living under and/or go read some other non-technical site).

Ever since I have been active on Google+ (since soon after it's initial Beta period), have found it to be absolutely brilliant, if not addictive, and a far better medium to which I can expose my technical knowledge and findings to the masses.

This means that there is little or no time for the blog and I am almost positively confident of using one or more Google+ page(s) to replace this and most probably all of my other blogs.

Thank you Blogger for your great blogging service, but thank you so much more Google plus for finally giveing me what I (and so many other Google fans) wanted.

mirgating to libata

Since IDE/MFM/RLL is now depreciated, I thought I'd share my experiences of migrating to the newer libsata (SATA prod) drivers in 2.6 kernel.

Since I only have 2 devices on IDE ports (WD 320Gb HDD and a cdrw), there was very little for me to do as I had just about everything spread across both ata and libsata, so I removed all instances of ata, set built-in ATA driver support (since the system boots from IDE - for now) under libsata and enabled what I needed as modules for my SATA JBOD's

The whole thing almost went perfectly as planned (and as documented), except for the following minor irritations:

1. Forgot to change the real_root option in grub.conf from /dev/hda3 to /dev/sda3 :-P
2. udev was naming my cdrom to cdrw1/cdrom1

Admittedly, it took my a while figure out that I forgot to change the bootloader for the change in device names, but I quickly worked out how to change the cdrom device name back to default, by editing "/etc/udev/rules.d/70-persistent-cd.rules"

Xbox 1 savegames on XBOX 360

Since discovered that Burnout 3 and other Xbox 1 titles are now available through XBOX Live! games on demand, I decided to do away with disc swapping and focus my attention on purchasing games for XBOX360 and Xbox Originals online through Live!

Then it dawned on me... What about all the long and painful hours I dedicated to all those Xbox 1 Originals? Do I have to play them all over again including unlocking everything and developing perfect saves etc?

The short answer (more or less from Microsoft) is: No

The Long(er) answer is: Yes, but only with specific hardware, software and some patience (as well as unsigned savegames).


Quite a bit of research later, I discovered that it is theoretically possible as the XBOX 360 has a directory on it's HDD (Partition 3/Compatibility/Xbox1/UDATA to be precise). Besides, how else would it save normally backwards compatible game data?

So after I borrowing a Datel XPort 360 HDD adapter from an awesome friend, I was able to connect the XBOX 360 HDD onto my PC, and read (and also write to) the HDD contents within minutes, all I needed was Xport 360 Software

Next up I deleted my Halo save that I created on the XBOX360 HDD and dragged the Xbox Original savegame folder (ID: 4d530004) onto the XBOX 360 HDD disconnected it and it worked!

I then repeated this with Burnout 3 and tested it, but it failed to load save and shows Unusable in the in-game load menu for the savegam(e). Apparently this is because the savegame(s) are signed with HDD key so it will probably never work for this game *sob*

I decided to proceed with copying all my Xbox Original save games (or at least he ones I care about anyway) onto the XBOX 360 HDD, so I will update this post if and when I have the Games available to test.

isp faithfulness

I just discovered today that I was being charged by my ISP for a broadband account in a place I used to live in...

I applied for broadband back in 2006 when I was living in Sorrento, but broadband was not available in that area until about 6 months after I left that suburb and cancelled my dial-up. My ISP has been charging me for it ever since!

Luckily for me, my ISP not only cancelled the old unused account, but have also refunded the last 6 months. At least my ISP seems to reward faithful customers...

vim + gnupg = password manager

After finding that there are very little native password managers for linux, I decided to see if I could find a way to open my encrypted password file using a console-based editor without putting any plain text onto the disk at all (ie. transparent editing of gnupg encrypted files).

I stumbled onto the vim website (by way a Google search) and found a nice little script (plugin) that does all this for me!

Initially, I had some issues with getting it working but that was mainly due to exporting $GPG_TTY incorrectly :-P

However, as I use screen to manage everthing I do from the one terminal window/ssh session (vim incuded), the plugin works fine but fails to decrypt files when vim is invoked as a new screen.

I suspect that it's attributed to the $GPG_TTY variable, but my knowledge of screen and some other aspects of Linux are limited.

I now use vim + gnupg for my encrypted password file.


UPDATE 21/08/2009 @ 13:15
There seems to be an issue where the the GPG_TTY variable needs to re-exported every time you change to a another screen/pts. I have made myself a workaround, whereby I run a simple script that first exports the variable and then opens vim with the encrypted pwd file, but then vim removes the standard UDLR keybord controlls and falls back to classic vi mode. *sigh*

10th Annual System Administrator Appreciation Day

Today marks the 10th Annual System Administrator Appreciation Day.

Treat some lonely, unforgiven and/or unloved sysadmin with a gift and/or note of appreciation today and show how much you appreciate the hard work and effort that they do (myself included).

They are usually the same people that make your internets work! so show us some love. Please.





Happy Sysadmin Day!

/respect

silence isn't golden

Not only did the internal speaker in my my old Nokia 6610i fail not long after I got it, but so too did my Openmoko Neo Freerunner (GTA-02v5) (or so it would seem)!

*Grrr*

I was testing someone else's microphone+earphone's hands-free kit on the 'moko earlier on in the day, which didn't seem to phase the device as it simply didn't work, but after putting my phone on silent a few hours later, the 'moko now has no audio output except from the headphone jack!?!

After re-installing koolu's Android (v1.0_beta7), the thing still refuses to output audio to anything but the external headphone jack and I suspect that it's either the switch pins inside the female jack are stuck or the internal speaker has broken. I am yet to boot it with 0m2008.12 via uSDHC to confirm that it's a hardware fault.

The 'moko certainly has been a very interesting device to toy around with, but it has proved to be quite troublesome, making me want an iPhone 3Gs. If I can't get the audio issue sorted out soon, I will most likely get one. Problem is trying to buy one outright as I fear that no providers will because they all seem to list plans, but fail to give full price or outright purchase details *sigh*.

UPDATE 13/07/2009 @ 15:12
The 'moko now intermittently rings, but the microphone is still muted making calls impossible.


UPDATE 14/07/2009 @ 12:38
I found out from a scumb^H^H^H^H^Hcustomer service person @ Allphones, that Apple are not allowing retailers and telcos to sell the iPhone outright because it's apparently not cost-effective for them to do so.

Lucky for me, I have a friend who is willing to sell me his 16Gb 3G one for the cost of his 3G-s upgrade.


UPDATE 21/07/2009 @ 09:42
I found the link to the Australian Apple store online and I will be using half of my tax return on buying an iPhone. *sniff* Good bye 'moko... You have served me... err... not so well... :P

internets anew

Thanks to this article I was able to transform my crappy dg632 router into a dumb modem so that I could get better control (including better security) on my internet link.

The only problems I encountered was that I found it difficult to set the router into bridged mode, but finally found the answer here. The documentation on the gentoo wiki differed slightly too, in that the iptables exported variable for the WAN interface should be ppp0 instead of eth1.

Other than that I can now enjoy a properly firewalled, dyndns capable and port-forwarding capable setup at no extra cost.

Now all I need to do is get bind, ldap and openvpn working... having all this free time without a job does have it's benefits...

kde4

KDE4 finally hit stable in gentoo's portage! *woohoo!* (as of about a month ago :P)

I had to wait a few weeks so that package blocks got sorted out in portage (well, at least now there is only 2 rather than the 4 from last week), which just goes to show that immediately trying to update to anything isn't always a good idea! :P

so now the dell xps is chugging away at building all the kde packages and dependencies (as well as updates from about 4 weeks ago) etc etc and hopefully when I wake up tomorrow I will be greeted with a shiny slick new KDM :)

I really should be updating my diary-blog but I wanted to keep a record of the fact that I have figured out that waiting for sane dependency handling by portage updates is a good thing!

moar storage

I acquired two more 1Tb HDD's effectively making my current total storage space about 4Tb.

I want to software raid my 1Tb disks, but I need a silent UPS before I can (this system sits in my room, so I don't it waking me or anyone else if the power drops during the night), so my server is going to have to stay JBOD for now *sigh*

I am also contemplating putting Vista (x64) onto my lappy to make it easier for work, but I can't bear to loose my Gentoo/KDE after all the hard work that I have done in getting it functional.

I need to make some hard decisions here...

Also, I will hopefully get around to implementing IPTABLES + bridged mode modem + pppoe on my fileserver soon :)

Be afraid. Be VERY afraid

Thanks to Senator Conroy, Australia may have to suffer not only internet censorship but very slow internet speeds, due to an old yet unfeasable policy that the government seems determined to force into our homes (and probably businesses too).

I now direct you to http://nocleanfeed.com/ which explains (better than I can at least) what this is, how it affects you and most importantly, what you can do to help prevent it.

No Clean Feed - Stop Internet Censorship in Australia

OPENMOKO

I have finally been able to purchase a neo freerunner from openmoko!

Due to the current market, the Australian dollar is really low compared to the US Dollar (1 USD = 1.62063 AUD). But I needed a phone real bad and I really, really really wanted this one because of it 99% open (as in open source) nature.

I'm preparing for the arrival of it by purchasing a 16Gb microSDHC card (as well as the fact that I have dfu-util installed from a gentoo overlay from some time ago).

I'm considering putting Debian onto an SD card for uBoot... maybe a little too nerdy but hey, I didn't buy this thing as a fashion accessory :P


UPDATE 13/11/2008 @ 16:01
Today I discovered a nifty hardware feature. The hone can operate without it's battery as long as it's plugged in via it's USB cable!!! See here

Also, I managed to get host USB working the other day too.

Due to the available distributions it's very hard to find one and stick with it as some have feature and/or bugs that other do/don't have. FDOM sounds like it's for me though.

There is nothing this phone can't do (that which I need it to) :D

bubs is dead

My server (named bubs after the homestarruner character of the same name) died today after a power spike/power outage.

I'm not sure if bubs actually caused the outage, but one thing is for sure: It ain't turning back on.

My initial thoughts are that the power supply was damaged in the surge, but until I can get a reliable unit to test it with, I won't know for sure.

I have an old PSU from a PII computer but I doubt that will work on an amd64-based motherboard.

I just prey that the motherboard is ok becase it's going to get expensive to rebuild with new parts...

Might need to overnight some parts (or at lease a PSU)...


UPDATE 06/09/2008 @ 14:36
Bubs is back online!
Seems that all I should have done is removed it from power for a few minutes, toggle the (PSU) switch, apply power and hit the machines power button.

Also a quick test proved that an old PII/PIII ATX PSU is capable of powering an ASUS A8V board. Who would have thought :P

Home Network Redesign

I think I may have the motivation to redesign my network for the following reasons:

• Increased Security: Better Firewall solution
  
• Increased Security: Segmented network design, allowing for More control with untrusted hosts such as:
  
  
  
  • internet (DMZ)
    
  • Wireless and
    
  • temp hosts (ie. LAN party ^_^).
    
  
  
• Manageability: Implementing a secure routing protocol (RIP? maybe) may assist with network growth/changes
  
• Gloating: Show off my 1337 net skillz to my friends :P
  

The most important aspect of this is the first point (increased security). It should also allow me to easily create a vpn endpoint onto my server for remote access (from outside the network) and for internet access from the wireless network... *hmmm* radius anyone?

This should help me un-lazy myself and develop (internal) dns zone(s) too...

Hopefully I can have the design done and implemented by the end of next UNI break!

openmoko freerunner units

Since one of my geek tech friend's has introduced me to the openmoko FreeRunner I have been wanting to purchase one, but unfortunately they sold out before I could place an order. They have been OUT OF STOCK since early July (7/8 July maybe... can't remember) and their webstore says that the "next batch of shipments are scheduled to arrive on July 25th", problem is it's 5-day past that initial notice and no word of any kind has surfaced as to the availability of these units...

I DON'T want an iTurd but I really need a new phone... I did read somewhere that the company is operating like an open source project, so perhaps they are emulating delays and lack of communication that is normally haunted by most open-source software projects? :P

2Tb of goodness

So I finally shelled out (about ~$400+) for some more storage capacity (2 x 1Tb WD HDD). I was planning on buying a brand new fileserver ($2.5K worth) and doing software raid across them, but due to the cost of recovering from the car incident, I decided to do this on the cheap (JBOB). So now I have about 2Tb of storage at my disposal until I can afford the 10Tb fileserver (RAID6) *grin*

VMPlayer Anoyances

Here's something that I discovered whilst trying to figure out why I could only start some VM's and not others on an ntfs3g volume.

# cat ntfs3g.txt
If you are running your Virtual Machine on an ntfs3g formatted volume and you encounter the following error:

VMware Player unrecoverable error: (vcpu-0)
Failed to allocate page for guest RAM!
A log file is available in "vmname.log".  Please request support and include the contents of the log file.  
To collect data to submit to VMware support, run "vm-support".
We will respond on the basis of your support entitlement.

Try adding the following line to your VMX (configuration file):

mainMem.useNamedFile=FALSE 

NOTE: replace vmname with the name of your Virtual Machine.

I found this out from the following VMware Communities forum thread here