The OS Quest Trail Log #5

It was a big weekend here at the OS Quest Data Center so I figured I’d wait for the long weekend (made even longer with a vacation day on Friday) to end.

With my switch to Comcast I have a little time with both DSL and Comcast since the DSL will run for another couple of weeks. A co-worker suggested I keep the DSL as a backup or to increase my bandwidth. Being a router guy he happened to have a Xincom XC-DPG502 router that he sent me. Since it didn’t cost me anything (except time) I figured I’d check it out. Once I packed the Xincom back up I pulled out my new Apple Airport Extreme Base Station and set that up.

Xincom DPG502 Router

While not the typical home router the Xincom is a relatively low cost router ($180) that has two WAN ports that can be set up to load balance or to operate as a fail-over backup. Even ignoring costs I decided keeping DSL and using the Xincom wasn’t for me. Many secure connections (such as https websites or my Mozy backups) can’t bounce between ports so they stay on the WAN port they first get. I found many times my connections were using the slower DSL connection and it was processing 50% of the traffic even though the load balancing said it should use only 10%. I also had a problem accessing some websites through the Xincom although they were accessible through a different router. It took awhile to get there but I eventually narrowed it down to the Xincom even though it didn’t make much sense.

The fail over feature seemed to work well although the connection has to be down hard. You can also set the router up to connect to a server on the Internet and consider the link down if it’s not accessible. The router can also be set up to connect to a server on the Internet and mark the wan port as down when it’s not accessible.

Apple Airport Extreme Base Station

Once I had enough fun playing with the Xincom I packed it up to send back and pulled out my new Apple Airport Extreme base station. I wanted to set up a 802.11n network for my Apple TV, my Macbook and once I get a USB 802.11n USB adapter my Mac Mini. In addition to the extra speed I’m hoping to avoid the interference I always run into since I live in an apartment complex. It also give me gigabit ethernet and the ability to attach a USB drive.

The installation is a bit different in that I had to install the Airport Utility (which required a reboot) on my iMac and then update it through software update before I could install the Airport Base Station. Then I had to update the firmware on the base station once the Airport Utility connected to it. I’m used to accessing the routers through a web browser but in this case it’s done through the Airport Utility.

It took longer than I expected but ended up being problem free.

Linksys Won’t Bridge – 2Wire Will

In order to keep only 802.11n devices on my Airport to avoid degrading the speed I needed to set up a second wireless access point for my 802.11 devices (Tivo, old Windows laptop, occasional work laptop). I figured I could just use my Linksys but that was no go. There’s no Bridge mode and when I found a third party firmware that could do it I ended up not being able to flash the firmware. I then found I could bridge my 2Wire gateway so I was able to set that up.

So now my network consists of the Airport Extreme connected to the cable modem and providing the 802.11n network. It also provides the ethernet cable connection to my iMac and the DHCP addresses for everything on the network. The Airport is connected via ethernet to my 2Wire 2701-HG gateway. The 2701 just provides the 802.11g wireless network and it’s in bridged mode. It’s own wan connection is unused and DHCP to its wireless devices is provided by the Airport.

Comcast

I’m liking the speed of Comcast. But all is not perfect. I’ve had some problems where the connection just drops and I have to power cycle the cable modem. It usually happens overnight so I don’t notice until morning. Since I’ve been in vampire mode this weekend I’ve been on the computer when the connection goes away and power cycling the cable modem always fixes it. Jumping to another PC also fails to connect to the internet so it’s not an iMac problem. Even though cycling the modem seems to fix it, it does show activity.

New Business

With my move to cable for internet I’m looking into dropping my phone land line completely. Anyone who I want to talk to already has my cell phone number. The only ones who call my land line phone are telemarketers. I want another phone number that I can give to people who I can’t trust with my cell phone (potential telemarketers) so I’m looking into Skype and some other options. I also just came across an offering from AOL which seems like it might fit the bill.

I finally got motivated to head out and take some pictures. My latest camera, Panasonic DSC-LZ8. It’s a SLR-looking point and shoot with a 12X zoom that also shoots RAW. The downside is that OS X doesn’t have a RAW converter for it so iPhoto and Aperture won’t read them. Adobe Lightroom will read them so I installed the 30-day evaluation. When shooting RAW the LZ8 also saves a JPG so I did a quick comparison. I imported a couple of RAW photos and exported without any processing. The corresponding JPG was slightly better (so it was processed by the camera) and of good quality in my opinion. What I didn’t expect was how much I’d like Lightroom. It just seemed more intuitive than Aperture for importing, organization and quick processing.

Links & News

NeoOffice 2.2.1 is now available. NeoOffice is an OS X port of OpenOffice.org. At one time NeoOffice required the installation of X11 but that’s no longer the case. While it’s been awhile, and several versions, since I used it my previous experience was that it was to big, slow and cumbersome for my limited needs (same complaint about OpenOffice.org at the time).

Lifehacker brought a link to a series of cheat sheets for every character key on a Mac.

BuiltWith is a website that tells you what tools are used on a website.

Switching to Comcast

This post is obsolete and screenshots have been removed.

After much angst and with great trepidation I decided to switch my broadband over to Comcast.

I called AT&T again to see if faster DSL was available and it’s not. I also checked Broadband Reports to see what other broadband providers are available to me. There really isn’t an alternative to give me higher speeds than my current DSL other than Comcast. So my choice came down to staying with my current 1.5Mbps/364Kbps DSL connection or switching to Comcast. With no DSL upgrade in sight and more and more annoyances with my current speed I decided to upgrade. I’d been with Comcast before and still had the cable modem and router from back then so at least there wouldn’t be any hardware costs. Plus I still get Cable TV through them so there’s an active connection. I chose speed over price and customer service.

So late Friday night I placed the order online for Comcast while working late at the office. They’re running what now seems a typical 6 month discount on the packages. I went with the “Premium” plan mainly because of the higher upload speed. The “up to” speeds are 8Mbps down and 768Kbps up. Even though I had everything I was still required to spend $10 for the self-install kit. Much to my surprise I was also required to have an online chat session to confirm the order. The rep initiated the session almost immediately. I spent most of the time waiting for the rep to “enter the work order” which was a bit of a concern. I had visions of everything being re-typed. I’d never had a good experience with Comcast customer service and was hoping an online order would avoid human errors.

On Sunday I decided to hook up the cable modem to see what would happen since my online account showed the billing had gone through. Sure enough when I started my browser the Comcast sign-on form came up. They pretty much required I install their software so I canceled out on my Mac and fired up my old Windows XP laptop I use for testing. I figured I’d use the old laptop and use their software, this way if I had any speed complaints I’d be “100% official”. Plus it was the path of least resistance. I ran the install and configuration wizard and went through the setup. It set up my account and email address but also installed their “Desktop Doctor” software and “Configured Internet Explorer”. Then it rebooted the modem.

I did a speed test at Broadband Reports and ran some speed tests with the laptop connected directly to the modem and doing nothing else. The results are below.

Once I knew everything was working I pulled out my Linksys WRT54G router and set it up. It needed a firmware update but other than that the installation was easy. I did need to replicate the Mac address of the PC I ran the setup on. I wired my iMac up to the Linksys and have been using it for a couple of hours.

Here’s the speed results from my first test directly from the laptop to the cable modem so there’s nothing else on the line. Considerably lower than the “up to” speed for downloads. This was done right after the setup.

 

Then I rebooted everything and waited 15 minutes or so for things to settle down and ran another test. The download is above the “up to” speed while the upload is pretty close.

Generally speaking I found the Flash test to have higher results than the Java results (which questions the accuracy of both). I also found the New Jersey server to have slower results than other servers when the tests were done back to back. So after setting things up on the iMac I did a Flash test to the New York server with these results.

A series of tests done with various servers were in the same ballpark except for a couple extreme variations. Click on any of the test results to go to the Broadband reports speed tests page to run your own test. (Broadband Reports and DSL Reports are the same website.)

Browsing is of course noticeably faster which would be expected even if Comcast gave me 1/4 the rated speed. What I really wanted was the uploaded speed. I started a backup to Amazon S3 using some software I’ve been testing and that showed an average upload speed of over 700Kbps while copying 21MB.

I have to say I’m happy with the results. I’m getting the upload speed I’m told is the “up to” speed. The download speed is more than I need for now but it’ll be nice to have. When I left Comcast the first time I was getting about 50% of the “up to” speed they advertised. It remains to be seen what the future will bring. My broadband bill will jump 50% during the 6 month promotion and a total of 250% once the promotion ends. In return I get a 500% increase in download speed (assuming they meet the “up to”) and a 200% increase in upload speed.

Wireless Returns

My replacement DSL Modem/Router/WAP arrived yesterday. Actually it arrived Friday but I wasn’t home so I didn’t get it until Saturday. I received the 2Wire 2701HG-B Gateway and ordered it directly from AT&T (my DSL provider). It contains the ADSL2+ broadband interface, four 10/100 Ethernet ports and 801.11b/g wireless support. My previous post discusses why I needed a new gateway.

Setup was a breeze even though I kept waiting for a problem to pop up. I had expected to just go to a web interface and be able to configure it but it doesn’t work that way. Going to the standard 192.168.1.1 IP address or the URL I used on my previous 2Wire didn’t result in any page display.

Finally I decided to follow the directions to the letter and instead of using Firefox I used Safari (which is listed as supported along with IE). I fired up Safari and instead of trying to get to the router I just clicked the bookmark to go to Apple (I clicked the bookmark because it appeared the instructions assumed the homepage was set to an Internet page unlike mine which is set to be blank). Lo-and-behold I was redirected by the router to a setup routine. A compressed disk image was downloaded to my Mac and the message was to run the contents. So I did that and from that point on it was fairly simple.

Running setup in the download begins a wizard. The first thing it does is prompt me to enter a admin password and pick a lost password hint. I like the fact that there’s no standard admin password for the 2Wire gateways. Then have to agree with a member agreement.

At this point the install asks if I already have a existing account or if I need to create one. Existing accounts are limited to their domains. Since I already have one I enter it and the setup branches and treats me like a returning user. Then I’m asked to enter the phone number I have DSL on. The rest of the install is fairly straightforward requests for information. In my case the info is pre-filled since it was already provided in the past.

Once the setup was finished I had to customize and secure the gateway for my use.

Configuration and Security

Because I had an existing wireless network it’s easier for me to change the WAP so it appears as the old network and I don’t have to change my PCs and Tivo.

Network Name: Vendors vary, but if you’re using 2Wire the wireless settings are under Home Network -> Wireless Settings. (All wireless settings I mention are on this page.) I change the network name to match what my old network name was. 2Wire’s default to a name of 2WIREXXX where XXX is the last 3 digits of the gateway’s serial number. It can be changed to anything.

Turn off SSID Broadcast: It’s not really a security setting but I don’t see any reason to broadcast the network name.

Wireless Network Security: The gateway arrived with WEP enabled and a unique WEP encryption key printed on the serial number label. WEP has always had security issues and was recently shown to be crackable within a minute or two. It’s pretty much like padlocking a screen door. It tells people you want them to stay away but anyone who wants to get in can do so with minimal effort. I change the configuration to use WPA-PSK and enter in my encryption key. WPA2-PSK has more security features but not all my devices support it.

One the subject of encryption keys I use a 64 character key generated at the Perfect Password Generator at GRC.COM. I generated a set of keys and saved them to a file. I can then carry the file from PC to PC via USB thumb drive and paste it in. Keeping it in a file isn’t a huge risk. Someone already has to be on my network to get it plus there’s no indication in the file what it’s used for.

Misc Settings: I set the mode to 802.11g only and bump the power level to 10 (one of my Macs is far away and through several walls).

Stealth Mode: Technically stealth mode violates some RFC’s that state devices should respond to all requests. Stealth mode tells the router not to respond to any unsolicited requests and is recommended for security reasons. If the router is scanned it won’t respond. If it was to respond and the query was from a hacker it might allow the hacker to exploit a vulnerability on that port. At the very least it lets them know there’s a device there and they may dig deeper looking for an exploit. On the 2Wire this is available through Firewall -> Advanced Settings. I enable “Stealth Mode” and “Block Ping“.

To check the stealth of your router you can head back to grc.com and scroll down and click the the Shields Up page. This will scan your IP and let you know if it’s visible on the Internet.

Getting Connected

Then it was time to connect my Mac Mini and other devices. My Tivo established a connection on it’s own and I didn’t need to do anything. By the time I checked, it had already downloaded an programming update. My Mac Mini didn’t connect even though it says it saw the wireless network. I went into “troubleshoot” and several screens in, just before it wanted to change settings, the network popped up and I connected.

Summary

As much as I hate to say nice things about AT&T I have to in this case. Charging $13.50 for shipping brought the price up a little higher than if I had bought a similar item locally. The product price of $80 was comparable to what’s available from local brick and mortar stores. I consider it a small price to pay to be able to lay any connectivity problems at AT&T’s doorstep without them being able to point to a third party gateway. I ordered late Wednesday night and it arrived Friday. The kit included everything needed including cables, a DSL/phone splitter and four phone filters. My only complaint is that unlike most online stores these days there wasn’t any shipment notification email so I didn’t know to expect delivery or have a tracking number.

The intelligent setup wizard makes me nervous. In this case it worked fine and shows why they are good choices in many cases. But if something goes wrong (and nothing did go wrong here) my experience has been that they’re harder to recover from.

The web interface for the gateway seems to have lost the option to view the traffic over the WAN (DSL) connection and I’m not happy to see it go. I’ll have to do some research to see if the option is moved, hidden or really gone. It’s an option I frequently used.

It’s been well over two years since I’ve setup a new gateway/router from another vendor so they may have updated their defaults. But my experience is that 2Wire was the first gateway/router I’ve seen that tries to default to some security. This was true with my first 2Wire over a year ago. They don’t use a default admin password and they do implement WEP with a unique encryption key (although WEP is not the best choice there are devices which may not be compatible with WPA).