Signed boot & recovery? HTC out of the running for phone purchases

An update to my The state of Android phones in relation to hackability post the other day. I guess I have to take back my views on HTC!

HTC has decided to start locking down their boot loaders with signed images with the release of the HTC Incredible S. This is garbage, and goes against the very spirit of Android. What happens when HTC decides to stop releasing updates for the phone, does this mean I am out of luck and have to be stuck with an old version of Android only 6 months after buying the phone? (As was the case with my HTC Legend if CyanogenMod hadn't released an updated Android.)

I don't know what Android phone I should be buying next time I get a phone? Looks like I'll be stuck buying the stock Google experience phones like the Nexus One and the Nexus S.

Disabling menu bar, navigation transparency in Firefox 4 on Windows 7, Vista

Why?

Firefox 4 which was released on March 22nd, 2011 is a very fast and featured browser with tons of improvements over previous versions. But like always, Mozilla has changed something in the browser that I don't like, and this time it is the transparency of the new title bar. It is quite distracting, and infact it was so distracting that I needed to figure out how to disable the transparency.

I heard some suggestions to disable Windows Aero, but this isn't really an option since it's disabled on a system basis and what if I only don't like the transparency in Firefox? I found a simple fix by using the features available in userChrome.css to modify the layout of the Firefox.

userChrome.css

@namespace url(http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul);
#TabsToolbar, #PersonalToolbar, window, page, dialog, wizard, prefwindow {
 background-color: -moz-dialog !important;
}

How do I edit userChrome.css?

This tutorial assumes that you have Hide Extensions for known file types unchecked in Windows Explorer Folder Options.

  1. Open Windows Explorer and enter %APPDATA%\Mozilla\Firefox\Profiles into the Address Bar,
  2. On screen you will see a folder with a random name (eg. 7q4fse53.default,) select the folder,
  3. Select the chrome folder in your profile for Mozilla Firefox,
  4. If a file named userChrome.css does not exist: create it by right clicking and selecting "New Text Document" under the New context menu, and rename the newly created file to userChrome.css,
  5. Open the file userChrome.css in Notepad or a text editor of your choice, and paste the content from the userChrome.css section (from above) into the file,
  6. Save the changes you have made to userChrome.css in your text editor,
  7. Restart Mozilla Firefox to see the changes you have made to your userChrome.css file.

It would be helpful if Mozilla made some of these layout changes configurable, this reminds me of the AwesomeBar (TM) feature which not everyone thinks is so awesome. But at least we have userChrome.css, and addons for layout changes.

The state of Android phones in relation to hackability

What happens when the manufacturer of your newly purchased Android phone decides to stop providing updates? If you're a Motorola customer, you will probably be out of luck (except with the newly released Xoom.) Motorola locks the boot loaders on their phones preventing 3rd parties from providing updates (eg. CyanogenMod) for devices that they have released.

Which got me thinking, what are the really "friendly" device manufactures out there? Not Motorola for sure, which leaves some other players in the market:

  • HTC which doesn't try all that hard to lock their phones down (except if say, T-Mobile requests it)
  • Samsung isn't exactly friendly to hackers, makes it relatively easy to brick your phone if you aren't super careful
  • Acer, and LG clunky and poor quality hardware and I find it hard to see the appeal, not a very large userbase of "hackers" for the hardware
  • Huawei, poor build quality and a new player in the market
  • Google, which sources their phones from various manufacturers (to date: HTC and Samsung)

There are some other smaller manufactures, but none that really make a "dent" in the market at present. Now, based on quality what do you select? You could go with Samsung, but you might have to deal with a faulty boot loader which will cause your phone to become bricked if you mess up while doing a firmware flash.

Seems like HTC is one of the only decent Android smartphone manufactures out there! I know that many people are going to disagree with me, but they are consistently cranking out new hardware that is well supported by CyanogenMod and isn't totally-locked-down.

VLAN tag un-NATed WAN connection on DD-WRT

This is a followup to my Netgear WNR3500L, DD-WRT and TELUS IPTV post.

I am using 802.1q VLAN on my Netgear switch and NAT device running DD-WRT, my whole network is behind a NAT with a separate VLAN for my IPTV. I wanted to have the ability to give unfiltered (un-NATed) network access to certain devices in my household, without having to change any wires.

The solution? 802.1q VLAN tag the WAN VLAN on DD-WRT. It was really very simple, on the Netgear WNR3500L DD-WRT uses VLAN2 as the WAN VLAN (because of the way the internals of this particular Broadcom device work.)

I simply logged into the DD-WRT interface of the device, selected VLANS tab (from the Setup tab) and checked Port 4 (which is really Port 1 on my device, which I have plugged into my 24 port switch) as Tagged, then I restarted the device. Now when I want unfettered internet access to a virtual machine, or desktop I simply add the port (either on my Netgear NAT device or my switch as tagged) to VLAN 2 and it works!

Netgear WNR3500L, DD-WRT and TELUS IPTV

Why?

TELUS is shipping an Actiontec V1000H VDSL modem, wireless and NAT combination with HPNA support to customers now. I am with TELUS and have the Optik TV and Turbo 25 internet bundle. I found that the device has a number of issues such as broken UPnP support, wireless coverage is weak, and no USB support. I set out to replace the TELUS supplied solution with my own more flexible solution.

Remember, none of this is supported by TELUS so you are on your own if things break and you need support!

How?

I found a standalone Alcatel Cellpipe 7130 VDSL2 modem that works with TELUS VDSL2 service, and combined it with a Netgear WNR3500L running DD-WRT (svn15943-snow build.) This guide assumes that you generally know the inner workings of DD-WRT, and have already installed DD-WRT on your device.

Problems & Solutions

I ran into a number of issues, all which had easy fixes. The issues were both caused by how TELUS IPTV operates and flaws in the Netgear hardware:

  • DD-WRT would lock up when too many TVs were on in the household
  • If multicast traffic is disabled, TV will play for 30 seconds and then display the connection error on your STB (set top box)
  • Multicast traffic would be broadcasted over wireless, causing wireless to be unusable when TV was being watched
  • Netgear WNR3500L ports are backwards on the switch (Eg, Port 1 is Port 4 in DD-WRT)
  • The VLAN configuration screen in DD-WRT doesn't actually setup the device correctly

I will attempt to describe how I resolved the issues in this article.

Disable SPI Firewall on the Device

The Netgear WNR3500L (herein refered to as device), at 453Mhz in DD-WRT is simply not fast enough to handle the amount of IPTV (multicast, and otherwise) traffic that TELUS TV requires. To fix this issue, simply navigate to the Firewall tab (located under the Security tab) and select Disable for SPI Firewall.

Enable VLANs to limit multicast traffic to IPTV devices

First, you need to enable SSH or Telnet on your device. This can be accomplished under Services tab. Once you have enabled SSH, you may need to Reboot Router to have SSH access enabled. You can simply SSH to the device and setup the VLAN.

This guide assumes that you will use Ports 2 – 4 on the device for IPTV and no other purpose, and Port 1 for your computer (or switch.) We will setup IPTV on VLAN3 on the device. Keep in mind that the ports on the router are device backwards (eg. Port 1 on the back of the device is Port 4 in DD-WRT) as illustrated below.

Physical 1 2 3 4
Virtual 4 3 2 1

In SSH on the device, enter the following commands

nvram set vlan3ports="1 2 3 8*"
nvram set vlan1ports="4 8*"
nvram commit

Once you have completed these steps, you can navigate to the VLANs tab (located under the Setup tab) and setup your VLAN as follows:

Check the Tagged marks for 1-3 at the bottom of the selection and uncheck ports 1-3 on VLAN1 and check them on VLAN3. Your VLAN configuration screen should look somewhat similar to the one shown below after completion.

Ports are listed backwards; Port 4 on VLAN1 is really Port 1 on your device.

Once you have completed the VLANs configuration as listed above (or similar) select the Save button and navigate to the Networking tab (located under Setup tab.) You are now ready to assign an IP address for the device to this new VLAN you have configured.

On the Network Configuration vlan3 select the Unbridged radio button, enable Multicast Forwarding and Masquerade / NAT options for the VLAN. Enter IP address 192.168.3.1 and Subnet mask 255.255.255.0, once you have completed these steps select the Save button.

Now it is time to setup your DHCP server for the new VLAN you have created. This enables devices to get an IP address on the VLAN, and to communicate with the rest of the network. Simply select the Add button under the DHCPD subheading. Select VLAN3 from the newly created DHCP 0 instance. Then select the Save button to complete the DHCP creation.

Now you are ready to restart your device, navigate over to the Administration tab and select Reboot Router at the bottom of the screen. Once your device has rebooted, if you have followed all the steps listed you should have a separate VLAN on Port 2-4 for your IPTV devices and Port 1 for your computer.

At this point, it would probably be advisable to restart all your IPTV devices in your household by unplugging them from the power and plugging them back in. You may want to test the IPTV ports on your device by plugging a computer into them, and making sure that they are allocated an IP address from 192.168.3.0/24.