Since about half a year I’m struggling with a very annoying bug in Synology’s “Cloud Sync” package I’m running on my expensive Synology DiskStation DS415+ NAS. It is still present as of today’s DSM 6.0.2-8451 Update 2.
I would like to backup my photos to my Amazon Drive/CloudDrive. As an Amazon Prime customer I can store an unlimited number of images, and only images — other files, like *.xmp sidecar files, will count against my general 5 GB limit.
The problem is that Synology’s Cloud Sync will upload the sidecar files, even though I explicitly only select “Images” to be backed up (and *.xmp is not part of Images, as I will show you!).
A couple of days ago while I was working from home my trusted TP-Link TL-WDR4300 seemed to have died suddenly (just a couple of days after the two year warranty had expired!) — at least this was the result of my initial investigations.
The symptom I had is that suddenly my internet connection seemed to be down — which was surprising enough, as since I upgraded to VDSL2 vectoring my line was rock-solid, and it normally dropped only once a month or even once every couple of months. When I tried to find out what happened I noticed that my router was inaccessible, I couldn’t even ping it. I thought it had crashed, so I power-cycled it to reboot it, but it didn’t come up…
So my conclusion was that it had died.
I quickly reconfigured a Linksys WRT1200AC which I bought a couple of months ago as a spare device, meant to replace the current router “one day”, and put it into operation…
Today I spent some time investigating what actually happened. I wanted to use the serial console of my rev. 1.7 device (the PCB is rev. 1.3), but found that there was no connector in place for the UART, just the holes in the PCB.
So I quickly soldered in the pins, and connected the router to a laptop.
To my surprise the router booted without any issue at all. I played around with it until I was sure that there was absolutely no problem — I thought the file system in the flash memory might have been corrupted, but everything was ok.
So now that I had opened the device and connected a laptop to the serial console, I thought it would be a good occasion to update the U-Boot boot loader to a modified one by “pepe2k” that adds a lot of very useful features.
I used the instructions pepe2k provided on Github, specifically the part where he describes how to install via TFTP from the serial console. The “biggest challenge” was to find where to download the actual boot loader binary. Finally I found it here.
A lot of people use Bitlocker for full-disk encryption of their hard drives. For extra security you might want to be prompted for a PIN when you unlock your hard drive, because allowing attackers to boot your system without authentication might open up extra attack vectors. Setting a PIN can be easily accomplised if you know how… 🙂
The below instructions are exact for Windows 10, but they are very similar in Windows 7, too.
Launch the Local Group Policy Editor by typing gpedit.msc into your Windows search, then when it has been found right-click on it and select Run as administrator from the pop-up menu. Then maneuver to the following path in the left “folder” pane:
Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives.
This is what it looks like if you did it correctly:
Then double-click on the setting Require additional authentication at startup, and you see the following dialog:
Now change option Configure TPM startup PIN to read:
Require startup PIN with TPM
Then reboot. Now you can right-click on your system drive and select Set Bitlocker PIN or Change Bitlocker PIN (I forgot to take a screenshot of this last step, so I’m not 100% how exactly this looked like, but it should be obvious) from the pop-up menu.
If your laptop has been set up to use Bitlocker, by your company or yourself, you should be very cautious when playing with your BIOS settings.
Bitlocker considers BIOS settings changes a potential security breach, as somebody could e. g. change boot order to boot from an external media to try to fiddle with the boot mechanism set up on your hard drive or SSD. This is why when you change something in the BIOS or just boot from an external drive, such as a thumb stick, Bitlocker will prompt you for your recovery code.
The Solution
To prevent this you just have to disable the so-called “protector” for your boot drive. Only then should you change BIOS settings or boot from a drive other than your normal boot drive.
You do so using the manage-bde tool which is part of Windows:
manage-bde –protectors –disable <Drive>
Don’t forget to re-enable the protector after you’re done:
manage-bde –protectors –enable <Drive>
If this helped, I’d appreciate a comment from you here on my blog.
We just returned from a one month vacation trip to Florida. In order to be able to use the internet when on the go, and also to be able to make and receive phone calls we decided to use a prepay card from VerizonWireless (VZW), as they seem to have the best 4G (LTE) coverage. The SIM is normally $45 for a month, including unlimited texts and calls and 1 GB of data, but we got it from Walmart for about $37, plus we received a free one-time bonus of 1 GB data when we activated the SIM via phone.
Our customer experience was pretty bad, and I want to share with you what kind of problems we had so that you can avoid those if possible.
The phone I intended to use was an iPhone 6 Plus. This cell phone is among the cell phones that have the most LTE bands available in the world, and I explicitly checked to make sure that VZW’s bands are covered. But when I tried to use the phone it couldn’t attach to the network. I got in touch with VZW, and it turned out that they only let phones use their network (with their own VZW prepay SIMs, that is!) that have been sold by or for VZW. But after talking to them for a while and letting them know about my disappointment (because in Europe this doesn’t seem to be common) they agreed to make an exception and have my iPhone authorized to use the network.
Even after four days (they said it should take 48 hours max), more than 3.5 hours talking to or chatting with their support, and even changing the SIM in a nearby VZW store, my iPhone still didn’t work, so I looked into other options. It turned out that you can buy simply 4G cell phones here real dirt cheap, so I bought a Motorola Moto E (2nd Gen) for less than $50. This phone immediately worked with the SIM I had.
I logged onto their MyVerizon prepay Desktop Home page to check and update some settings. This portal was another really bad experience, something which you really cannot ask your customers to use. The issues I encountered were the following:
After I had entered my address here in Florida (we lived in the house of relatives), there was trailing characters in the street address which I didn’t enter, and which I could not remove by any means.
Furthermore I couldn’t change my device from the original iPhone 6 Plus to the new Motorola Moto E — all changes (including IMEI which was verified to be “valid” and “known” to VZW) seemed to the accepted, and change of device was confirmed, but when I went into the main menu and back to “Device” the iPhone was still listed.
In addition I couldn’t change my Voice Mail PIN, probably the reason why voice mail was not available for my SIM during the whole month of our stay.
As an alternative to the bad web portal I installed the “My Verizon Mobile” Android app, but that was disappointing, too. There was absolutely no way to tell the app not to ask for the password again — a bad thing as I normally use “strong” passwords which I cannot easily remember, so how to use the app when on the go?! More issues encountered were
“Usage” details permanently give me “An error occurred while processing your request;”
in “My Features” I couldn’t activate the “Block Premium Messaging” option (even though changing the switch produced a confirmation that said the change was successful); every time I return to this menu item the setting is back to allow premium messaging;
in “Settings” > “Contact Info” I couldn’t make any changes, as the app declared my email address invalid (as it contains a “+” in the so-called “local-part,” which is the part left of the “@”). That was of course nonsense, as RFC-2822 allows such email addresses, I constantly receive mail on such addresses and VZW’s web portal allowed it as “valid;”
changing my Voice Mail Password (PIN) was also impossible in the Android app. I always got an error message saying “We are sorry, but we are not able to process your request at this time. Please try again later.”
What I must admit, though, their staff were always very friendly and tried to help — but what can you do if your IT systems let you down?!
The main reason I write this blog post is to let people from Europe know about the limitations they might encounter when trying to use their own phone with a local prepay SIM. But I also want to let VZW know my frustration with their bad self-service tools. This is not how you treat your valuable customers!!!
In my previous article I described the key components the Genexis FiberTwist-P2410 is comprised of. One of these components is the serial console connector, and its presence was so tempting that I simply had to play with it…
Layout of Serial Console Connector
So I connected a UART-to-USB converter and watched the console output while the device boots… Communications parameters were easy to guess: 115,200 bps, 8N1, no handshake (neither HW, nor SW)…
By chance I got an early hands-on on a fiber network terminator (NT)/broadband gateway (such a device will soon be installed for my FTTH line provided by “Deutsche Glasfaser.”) I don’t know how it happened, but it suddenly fell apart, so I had a brief look under the hood… 😀
Genexis FiberTwist-P2410 inside view
The SoC is a Lantiq PXB 4369 EL V2.1 (GRX300), which is a Gigabit Ethernet Router/Gateway SoC with int. 2×2 WiFi. There aren’t any antennas, though, and it seems you can’t add any either. The device is from the GRX 300 series, which is a “CPE Network Processor with integrated WiFi.”
A Russian web site states that its actually the GRX369 series, and that the SoC is clocked with 600 MHz. (Update: The CPU is a MIPS 34Kc V5.6 clocked at 600 MHz, 397.82 BogoMIPS.)
The device can be simply twisted on the wall junction box which is the provider’s fiber hand-over point (“fiber management unit,” FMU.)
On the WAN side we have a Mentech FGE20-N9C-35S as the optical transceiver module (2×5 form factor) for single-mode fiber in passive optical networks (PON). Optical wavelength division multiplexing (WDM) is used so a single fiber can be used for both downstream and upstream data. The maximum data rate this transceiver can handle is 1.25 Gbit/s (which suggests we’re talking EPON, 802.3ah-2004 here…). The reach without intermediate amplification is 20 km(!). Wavelengths of 1,310 nm (upstream)/1,490 nm (downstream) are used.
For LAN connectivity the gateway has 4 Gigabit Ethernet ports, driven by two FPE LG48204DH 2-port LAN transformer modules in a DIP-48 package.
The transceiver is a Marvell 88E1512-NNp2 out of the “Alaska” series, 10/100/1000 BASE-T single-port PHY (so it seems that all fiber/Ethernet ports are on the same switch), supporting Energy Efficient Ethernet (EEE) and Advanced Virtual Cable Tester functionality.
Update: The switch seems to be a Lantiq VRX318 (or compatible).
Firmware is stored in a Elite Semiconductor (ESMT) F59L1G81LA-25T single-level serial (SPI) NAND flash chip in a TSOP48 package. It operates with 3.3V at a clock of 25 ns and has a flash density of 1 Gbit and a bus width of 8 bits. The total memory size is 128 MByte.
RAM is provided by a Winbond W971GG6SB-25 chip, which is a DDR2-800 (5-5-5) SDRAM chip with a size of 128 MByte, operating at transfer rates of 800 Mbit/s per pin with a power supply of 1.8 V. (Update: The RAM is actually clocked at 300 MHz.)
It seems that the broadband gateway is equipped with a serial-console connector.
Here’s another photo that shows where the key components are located:
Genexis FiberTwist-P2410 with key components
Please let me know if this in any way helps you, or you can contribute to this post.
To secure access to my router I wanted to use SSL encryption to access LuCi, so I obtained a certificate issued by a well-known CA. The server certificate was not issued directly off the CA, but there was a certificate chain in between.
Using a certificate chain with OpenWrt’s uhttpd is really easy, although as of today this is not yet even documented to be possible on the OpenWrt web site.
I’m using uhttpd_2015-11-08 from a trunk build (r48648) of “Designated Driver”, and certificate chains can be used here without problems.
I didn’t even have to convert from PEM to DER, I just concatenated the server cert and intermediate certs into a single file:
Seit einigen Tagen habe ich einen “IP-only”-Telefonanschluss, so dass ich nicht mehr wie bisher mit meinem Brother MFC-7840w-Multifunktionsgerät über einen a/b-Terminaladapter an einem ISDN-Anschluss faxen kann.
Beim Suchen nach Alternativen stieß ich auf dieses Wiki im IP-Phone-Forum, welches mir sehr weiter geholfen hat.
Zunächst musste ich ein Firmware-Update für mein Faxgerät flashen, was die benötigte Internet-Fax-Funktionalität (T.37-Protokoll) implementiert.
Weiterhin musste ein Anbieter gefunden werden, der dieses Protokoll unterstützt. DUS.net, welches auch im obigen Wiki erwähnt wird, war mir ohnehin schon bekannt, weil ich auf der Suche nach einem guten SIP-Provider bin. Also wollte ich gerne DUS.net als Fax-Provider nutzen, jedoch gibt es da ein prinzipielles Problem:
Um das Dus.net mail2fax Gateway anzusprechen, müssen Zugangsdaten > 50 Zeichen im Betreff-Feld übertragen werden. Die Brother-Firmware (4.0) speichert aber nur 41 Zeichen ab.
Update 2019-09-10: Sven Brinkmann teilt mit, dass der STUN-Server nicht mehr benutzt werden muss. Das erklärt dann wahrscheinlich auch, warum der Hostname nicht mehr existiert. 😉
Update 2018-12-27: Meine Leserin “DANi” teilte mir mit (vielen Dank!), dass sich zwischenzeitlich die Hostnamen geändert haben, so dass z. B. stun.arcor.com nicht mehr existiert (stimmt, habe ich überprüft). Diese Anleitung ist daher nicht mehr anwendbar! Falls jemand die korrekten Daten kennt, dann werde ich sie nach einem entsprechenden Hinweis gerne hier ergänzen.
Wer nicht die Standard-Hardware der Provider verwenden will sondern “eigene”, der steht oft vor dem unlösbaren Problem der manuellen Konfiguration der einzelnen Geräte.
Bei Vodafone als Anbieter kann in diesem Fall der Modem-Installations-Code (MIC) nicht benutzt werden. Stattdessen müssen folgende Daten in das jeweilige SIP-Gateway eingetragen werden:
Authentication name: VorwahlRufnummer, also z. B. 021199999999.
Authentication password: Das Sprachpaßwort
Username: der selbe Wert wie für Authentication name
Display name: Falls der verwendete SIP-Client oder das eigene SIP-Gateway diesen Parameter unterstützt, kann dort der eigene Name eingetragen werden, also z. B. “Michael Mustermann”.
Domain: 02182.sip.arcor.de:5060 (statt 02182 müsst Ihr Eure eigene Vorwahl eintragen!
STUN server: stun.arcor.com:3478 Scheint nunmehr obsolet zu sein!
Das so genannte “Sprachpaßwort” erhält man (hoffentlich) auf Anfrage von Vodafone. Früher scheint das ein Problem gewesen zu sein, heute sollte sich der Anbieter nicht mehr querstellen. In Zukunft — Stichwort “Abschaffung Routerzwang” — ist Vodafone ohnehin von Getzes wegen gezwungen, diese Information heraus zu geben.
Mit den oben genannten Einstellungen sollte die Einrichtung “fremder” VoIP-Hardware oder eines Software-Clients kein Problem sein. Ich betreibe erfolgreich ein Gigaset S850A GO damit. Dort sieht das dann so aus:
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
