I greatly dislike using DSL modems as routers. They tend to be limited in almost every way imaginable. Unfortunately, getting a proper router with a DSL interface is very much not worth it for at home. They tend to be pricy. And then some.

So in the past I’ve set my DSL modems to get as far out of the way as possible. That has involved using my Alcatel Speedtouch Home for as long as I could (one would dial-in to that using PPTP), then getting a real Speedtouch 780wl and using Static IP Spoofing and finally getting a real Thomson TG789vn instead of the piece of shit KPN sends you and doing the exact same thing until VDSL2 came along.

For the Speedtouch 780wl (which is an ADSL2 modem) and the 789vn operating on an ADSL2 network with PPPoA, various pre-fab configs to get it out of the way are available, from Thomson no less. Just download the utility, pick a config and it’ll set-up the modem to do what you want. Works fine.

Now, I got this 789vn because I would soon be upgraded to VDSL2. Unlike ADSL2, KPN runs its VDSL2 network based on Ethernet rather than ATM. So to go with that, rather than having the modem do PPPoA, it does PPPoE. There are no pre-fab configs for the combination of VDSL + PPPoE + SIP_SPOOF. So I took the PPPoA spoof config and a VDSL config and mashed them up and a night of tinkering later I had a working config. Sort-of.

The config I landed on required setting the MAC-address of the router as a static entry in the modem’s ARP table, or otherwise the modem would point the public IP address at itself. It also required serious trickery on the router end. The OpenBSD box I used couldn’t really support this way of working it, so I had to use the modem’s rfc1918 addressing and have it NAT the secondary address with a static config even for locally generated packets. The shiny new Juniper router I use now either can’t do that or I haven’t figured out how, so instead I had to let it use DHCP and tell it the default route was somewhere random in the /8 (yes, it tells you your address is a /8 address and proxy-arps that entire subnet) the modem advertises. Before both of those, I used a Linux box that required yet another, completely different approach.

“Not ideal” doesn’t really cover it.

I have a Juniper SRX100 now to do my routing work that I bought second-hand recently. It made me revisit this entire situation and how non-ideal it was, exactly.

Before, I said that KPN’s VDSL-network is Ethernet-based, with PPPoE to do the actual link set-up. This is actually quite useful, because PPPoE can be done natively by most routers on their Ethernet interfaces. That includes the SRX100. Of course, the Thomson won’t let you by default.

Now, these Thomsons, while limited in many ways, are actually quite capable in a bunch of others. They’re just hard to configure, and good documentation is beyond sparse. But I found documentation on how to configure the important part of what I wanted to do here: its built-in ethernet bridge.

In this post I will demonstrate how the goal of using the Thomson TG789vn (though this should apply to other models too, at least so long as PPPoE is used) as if it were really just a modem can be achieved. Or, more accurately, how I achieved it. My sample-size here is one, so all I can do is write down what worked for me.

These modems all have an internal logical ethernet switch (bridge) to which multiple logical interfaces can be connected. The logical interfaces can then be connected (if so desired) to physical or virtual (internal) interfaces, they can be assigned VLANs (with tagging), priorities and all that jazz. It’s like the thing has a fully managed switch entirely contained within its ASICs.

This bridge is what we need to get a real bridged connection, so that the actual router can talk PPPoE to the ISP and the modem really is just that: a modem. The modem has 5 ethernet ports; 4 are Fast Ethernet and another Gigabit Ethernet port is unused by default, the idea being that the FE ports are for the LAN and the GigE port is a WAN port for non-DSL deployments.

We will turn that GigE port into the port we use to talk PPPoE to the ISP. The other ports can remain as-is; so we can continue to manage the modem through its usual IP address. The device supports VLAN tagging so it can technically all be done over a single ethernet connection, but I chose to use two connections instead.

First of all, the Thomson modems’ web interfaces are so useless it’s hard to describe. It can be likened to having to chop down a tree with only a butter knife to use as a tool. So we must use the telnet interface and log in as Administrator.

Before you do anything, you should back-up your current configuration so you can revert to it in case it all goes wrong. Surprisingly, this is something the web interface actually is useful for, offering an easy way to download the configuration to your computer and upload it again should the need arise. The option is under Thomson Gateway -> Configuration.

Second, it’s a good idea to delete the current PPPoE settings from the modem. I made the mistake of not doing this, and when I got to the point where the VDSL-interface worked again the modem actually set up its PPPoE connection again and left me wondering why my router wouldn’t negotiate an IP address.

Now, if your modem is doing PPPoE, it’ll already be set-up to use a virtual internal interface to connect. You will need some information, though, which you may get as follows:

{Administrator}=>:ppp iflist
Internet: dest  ETH_HSIA_vdsl [local disconnect]   [02:20:17]  retry : 10

Deleting the interface is done using the ppp ifdelete command:

:ppp ifdelete intf=Internet

The ETH_HSIA_vdsl interface is a virtual interface that exists only within the modem. It’ll likely be assigned to some VLAN:

{Administrator}=>:eth iflist
ETH_HSIA_vdsl   : Dest: bridge
                  Connection State: connected  Retry: 10
                  WAN: Enabled
                  Priority Tagging: Disabled
                  PortNr: 1
                  VLAN: HSIA_vdsl

Indeed, it is assigned to the vlan HSIA_vdsl. This, then, is the vlan we need to add the fifth ethernet port to, because that will make the PPPoE packets appear to the bridge in the same way as they did when the modem still did PPPoE itself. The virtual ethernet interface to the PPPoE process is conceptually the same as having a device that does PPPoE physically connected with an ethernet cable to this vlan, except it is handled entirely within the modem’s hard- and software.

We will now add our fifth, unused, ethernet interface to that VLAN. First, it must be added to the bridge. Then we can set a few options on it and lastly it much be attached to the physical interface.

:eth bridge ifadd brname=bridge intf=ethport5 dest=ethif5
:eth bridge ifconfig brname=bridge intf=ethport5 wan=disabled
:eth bridge ifattach brname=bridge intf=ethport5

Then, we can add it to the vlan we want it in, and remove it from the default vlan.

:eth bridge vlan ifdelete name=default intf=ethport5
:eth bridge vlan ifadd name=HSIA_vdsl intf=ethport5
:eth bridge ifconfig brname=bridge intf=ethport5 vlan=HSIA_vdsl

This should be enough to get our 5th ethernet port bridged with the VDSL. Save the config using saveall.

On the router side, you should now be able to connect an interface (typically labeled WAN) to the Thomson’s fifth Ethernet port (the red one on the TG789vn) and set it up to use PPPoE. For completeness, here’s how I make JunOS do that:

pp0 {
    unit 0 {
        point-to-point;
        ppp-options {
            pap {
                local-name "kpn@direct-adsl";
                local-password "$9$IW/crKvWXbsg"; ## SECRET-DATA
                passive;
            }
        }
        pppoe-options {
            underlying-interface fe-0/0/0.0;
            idle-timeout 0;
            auto-reconnect 5;
            client;
        }
        family inet {
            negotiate-address;
        }
    }
}

Or in commands:

set interfaces pp0 unit 0 point-to-point
set interfaces pp0 unit 0 ppp-options pap local-name "kpn@direct-adsl"
set interfaces pp0 unit 0 ppp-options pap local-password "$9$IW/crKvWXbsg"
set interfaces pp0 unit 0 ppp-options pap passive
set interfaces pp0 unit 0 pppoe-options underlying-interface fe-0/0/0.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 5
set interfaces pp0 unit 0 pppoe-options client
set interfaces pp0 unit 0 family inet negotiate-address

The password, of course, is the incredibly secret word “KPN”. I don’t think the details actually matter here as KPN figures out who you are by what physical interface you connect to on their end rather than a username/password combo.

If you happen to use the same combo, I found that I also needed to force the TCP Maximum Segment Size to 1452 (the maximum for a 1492 mtu connection), or I wouldn’t be able to talk to half the internet:

set security flow tcp-mss all-tcp mss 1452

All of the above was written down well after an entire night’s worth of tinkering, distilled down into the only changes that actually matter. In fact, mostly I wrote it down for myself because I couldn’t find anything already written down about it and I didn’t want to forget. I hope it is of some use to you.

Well, now that Internet Tethering works again on non-carrier iPhones (i.e., those that are unlocked and not in use on an iPhone-carrier network) I’ve finally been able to upgrade while still keeping tethering working. This has required an update of my Vodafone carrier bundle, so that is now available on-line in the same spot as before (here). I refer you to my earlier post, Updated Vodafone NL Carrier settings, for instructions on how to install it.

Happy tethering!

I knew pretty soon after it was released that I wanted an iPhone. Shiny and new, so it must be made mine. It had a few show-stopper problems, however:

• I detest SIM-locked phones.
• A two-year contract is even worse.
• T-Mobile is shit.

Luckily, all these problems could be solved thanks to the nice people just south of us. Except they’re completely out of stock. Italy to the rescue: Telecom Italia Mobile (TIM) has shitlots of them and are willing to sell you just the phone, without SIM-locks and without a contract. Excellent. Off we are. (In reality it’s just coincidence that I happened to be going there, but let’s pretend we’re decadent.)

In Italy, all was fine. I bought the phone, stuck my SIM-card in and activated it. It took a few seconds to recognise it wasn’t anywhere near my home network so it looked for other interesting ones. Vodafone happens to also have an Italian presence, so of course my SIM instructs the phone to use that network. ‘Voda IT’. Good. We’re all set.

And then we got back to the Netherlands. Vodafone doesn’t sell iPhones here, so my phone has no idea of this network, unlike in Italy. The carrier name here, therefore, is ‘Voda…’ most of the time. That I can live with, but due to the phone not having any settings for this network it would also pop up a notice every time I initiated a call: “Call-forwarding activated”.

This is because Vodafone will redirect any callers to Voicemail for you if they call while you’re on the phone. Even if you don’t have voicemail: in that case, they’ll get a recording saying you’re unavailable. Fine, but the popup is annoying.

There is only One Way to fix this: Carrier Bundles.

iPhone uses Carrier bundles to set carrier-specific information, such as the APNs for data services, whether or not to use the network for Time info, if you can edit the APNs, the carrier logos, etc., and among those settings is a ‘Display Call Forwarding’ setting. This we need to turn off. There are two ways:

• Edit the ‘Unknown Carrier’ bundle, which will apply the settings to all unknown networks, or
• Create a ‘Vodafone NL’ bundle.

The former will always fix the popup, but will also apply to other SIMs inserted into your phone which you may not want. And if you edit a logo here, it’ll always show up even if you’re on another country’s unknown network. Bad.

So instead I made a Vodafone NL bundle that contains logos in the same style as the other Vodafone carrier bundles (so it says ‘Voda NL’) and with the right internet settings and such.

I feel this may be useful to more people than just me, so here it is:

Download Vodafone NL carrier bundle.
Note: a newer version of this file exists, for iPhoneOS 3.0. Find it here.

Currently, you need a jailbroken phone and some SSH skills to get it installed. The process is as follows:

• Copy the bundle (it’s a directory, technically) to your phone’s “/System/Library/Carrier Bundles” directory. This can be done using scp -r or some other tool that is capable of transferring entire directories.
• Create a Symlink in the same directory, pointing to the bundle, called “20404″. This is the network identification number (204 for The Netherlands, 04 for Vodafone Libertel N.V.) This you can do by cd’ing into the directory and typing “ln -s Vodafone_nl.bundle 20404″).
• Reboot the phone. Killing Springboard does not appear to suffice.

As of now, you should have ‘Voda NL’ in your status bar, and not be bothered by the Call Forwarding popup.

Ignorant as I am of the IMAP protocol (though I’m a native speaker of SMTP), it appears that there’s a better way to tell your client to fetch new mail from the server: the IDLE command.

And Michael Rothwell was nice enough to add it to Mail.app by way of this plugin. Essentially what it does on supporting mail servers is open up a second connection, select your INBOX and then just ‘IDLE’. If new mail arrives in that mail box, the server will tell you about it.

Quite a bit less elaborate than my applescript version, but so much more reliable.

I’m sending in this post from FOSDEM, which means that my biggest complaint (actually, I think only complaint) for last year has been solved: the WiFi works! Bit of a weird implementation (lots of separate networks names instead of roaming) but I can see why they chose to do that: the broadcast traffic on a big roaming LAN with hundreds of laptops is enough to smother the average wifi connection. Of course last year’s FOSDEM was powered by a couple (my guesstimate is about 3 or 4) Linksys WRT54Gs and their built-in antennae. This year I’m seeing professional towers with omni-antennas and an unidentifiable grey box that houses the actual access point.

Anyway, thumbs up.

Over the past few days I’d noticed my PowerBook G6’s built-in iSight had crapped out. Whenever I wanted to use an app like PhotoBooth to check my hair (because say what you want, it is a nice mirror) I would get an error:

Photo Booth cannot open because no camera is attached or the camera is in use by another application.

Eh? I just booted! I knew it wasn’t a hardware error because of two reasons: a) it showed up fine in the System Profiler (whereas an actually broken iSight in a MacBook I had seen earlier did not show up properly) and more importantly: it worked perfectly fine a few minutes earlier, the only difference between the two times being that before, I had been using Leopard. And when I rebooted back into leopard, voila: it worked again.

So, I thought. Must be a software issue. So I did an archive and install of Tiger. No dice. But it had also kept some non-user settings so I figured some other crap must have been left behind. So I backed up all my stuff and did an Erase and Install, figuring it would then pretty much have to work. Nope. Not even during the OSX setup and registration screens.

Not a hardware problem, and not a software problem. What the hell?

I did some digging into how the iSight works, software-wise and eventually found my way to a forum topic on the Parallels forums about Parallels possibly supporting the iSight now that Bootcamp did. There, a post detailed the contents of the new Bootcamp installer, and there being an updated iSight driver that apparently also updated the iSight’s firmware:

System Profiler reports:
before Boot Camp 1.1: Built-in iSight Version 1.55
after Boot Camp 1.1: Built-in iSight Version 1.82

So, this mean Boot Camp 1.1 updates the iSight’s firmware to version 1.82 in order to bring support for the Windows iSight driver.

Ah. I had installed Bootcamp 1.1 to partition my internal drive for Leopard. I had a look at my System Profile and sure enough, Built-in iSight version 1.82. Apparently this newly firmware-updated iSight does not work with the pre-update drivers, as installed by MacOS X versions 10.4.7 and earlier. I didn’t need all of bootcamp again, so I opened up the bootcamp installer package, installed the iSight Driver.pkg package, rebooted and whammo, my photobooth hair checking mirror was fully functional again.

This will most likely not be so much trouble anymore once 10.4.8 gets released, but right now if you have installed Bootcamp 1.1 and then reinstall your mac, be sure to reinstall bootcamp again so your iSight will continue to work.

Update: Apparently I just did something very right when reinstalling in preparation of bringing Portia to the doctor (also known as Apple Centre) for an issue with the screen because not only did the iSight work during the install assistant, its firmware version is now back to 1.49. All I did was repartition and do a minimal (deselect everything there is to deselect) installation so I’m not sure what kind of dark magic is causing this…

I’ve been toying with leopard for a bit, and mostly I’m liking where OSX is going. Let’s touch on the “big” things a bit, first.

Spaces

Very nice. I’ve been waiting for a proper implementation of Virtual Desktops on OSX and this seems to be it. There are still a few quirks to work out (like the order of apps in the cmd-tab switcher, the app you selected in the cmd-tab switcher not necessarily coming out in front if you need to switch desktops, etc.) but I’m sure that’ll all be fine. I’m hooked already. And this wasn’t mentioned in the keynote, but exposé still works if you have the ’spaces-exposé’ (for lack of a better word) open: it’ll do exposé on all your virtual desktops at once. Oh, and for those wondering what happens with multiple monitors: nothing special. You just get a virtual desktop shaped like the combined desktops of your screens, like so:

Time Machine

Also nice. The restore-interface is the supreme of weird right now, and while it looks very flashy (and slightly sluggish on my 2GHz core duo!) I do hope they do something better with this. Lots of people have been coming up with lots of theories on how Time Machine works, but it appears to just be a periodic incremental backup that appears as a snapshot on disk. That is, you get an entire filesystem that you can restore, but it only takes up the space of a full backup + the changed data. Not sure how this is done yet, as leopard will only show me real files but I suppose some symlink-like trick is pulled.

Mail

The two big things here were Stationeries and Notes (and related, todos). I can’t get excited about stationeries at all. I don’t like HTML e-mail and I never will, and that is just what stationeries are. I suppose for corporate communication of companies that don’t mind bloaty HTML in their e-mail, this will make adding the company style to e-mail a lot easier though. Notes/Todos I do see becoming useful. However, the aesthetics need to be rethought. I’ve managed to change the font but not the background colour.

Help

Not mentioned but very nice in my opinion is the new Help system. The old Help menu was just that: a menu with some pointers to where you might find help. It got a bit of an overhaul. The new menu includes a search field that you type a term or phrase in. If that term or phrase happens to result in a menu, the help system will open that menu for you and point you at the relevant item. So we know what I’m talking about here, a screenshot:

Yes, it’s purple. I’m sure (well, I hope) that’ll change.

iChat

The photobooth effects were included but aren’t really anything new. Unfortunately, backdrops and iChat Theater weren’t included in this preview. Would’ve been fun but it can wait.
Update: iChat Theater is included, at least for sharing quicktime movies. It’s activated by choosing ‘Share with iChat’ in the quicktime player’s View menu, rather than doing something in iChat itself.

The Small Things

Apple improved on a lot of small things that aren’t really worth mentioning in any sort of keynote, but that do make life in OSX a lot easier. In no particular order, I’ve found so far:

• Safari has incorporated Taboo. That is, it’ll warn you if you try to close a window with multiple tabs. (Finally!)
• Safari has gained find-as-you-type. Gone is the search window, it has made place for something a bit more like the Firefox search bar.
• Sort of mentioned, but Spotlight no longer highlights ’show all’, instead opting for the Top Hit. Makes it much faster for app-launching.
• Mail’s address auto-complete now also works with the ‘Nickname’ field of Address Book contacts.
• For those who like it, Exposé (all windows) and Spotlight can be added to the dock with a launcher app, like dashboard in Tiger.
• Safari can now undo tab-closes. Closed a tab by accident? Cmd-z and it’s right back where it was.
• Preview now allows annotating (ovals and text) images and pdfs, as opposed to just pdfs.
• Mail now allows you to set the dock icon’s Unread badge to either just the inbox or all mailboxes.
• There is now a dedicated Guest account, the contents of which’s home directory get deleted on logging out.

Background technologies

Tiger set the road for some UI stuff that Leopard expands on. For one, the resolution-independent UI. While, at least in this preview, it isn’t finished yet, you can see progress being made. Some widgets will now scale up if you set the scaling factor (it can’t scale down anymore, it seems). The Dock immediately knows about this when you change it, and some icons (like Time Machine, iChat and Safari) will scale to insane sizes. Quartz 2D Extreme seems to have been renamed QuartzGL. It isn’t enabled by default yet, but Quartz Debug does allow you to turn it on and save that setting.

Daily use?

Is it ready for daily use yet? No. Well, not if you don’t mind losing whatever data you were working on a lot or saving every five sentences. Safari crashed twice as I wrote this post, and I’ve seen the crashreporter dialog pop up a few times in other apps, too. It’s still preview software, though, so I guess I can’t complain. If only I could port Spaces to Tiger…

I’ve never made a secret of not liking the ‘MacBook Pro’ name. PowerBook just had a better ring to it. It said ‘This is a powerful machine, in book form’. And the ‘Power’ part never had anything to do with the PowerPC: they were called PowerBooks even when motorola m68k chips still made them spin.

So now that I have one, how am I going to get around this? The answer is quite simple. You see, the G3, G4 and G5 don’t really exist. They’re just marketing-friendly names for the PowerPC 750, 74xx and 970 respectively. The G standing for ‘Generation’ and the number having an obvious use in that classification.

So I want you to meet Portia, my Macintosh PowerBook G6:

She has a 2.0GHz G6 (Also known as Intel Core Duo) processor, with 2 gigs of memory and an 80 gig hard drive. And so far she’s been wonderful.

Every day, I have 30 minutes of time to waste on a train, going from Haarlem to Amsterdam or vice versa, a 15-minute trip. Sometimes, I open up a laptop to write a few more lines of code or play some gridwars or whatever. Most of the times, I’ll also have a look at the wireless networks around. It always surprises me how many there are these days.

So the past few days I’ve been lugging a MacBook Pro around, and I’ve noticed it’s very good at sniffing out wireless beacons. My TiBook will usually only show only one or two networks where the macbook will pick up on 6 or 7.

I’ve described two dots. Now let’s connect them.

I figured it was time to run KisMAC on the macbook while on the train from Amsterdam to Haarlem. I’ve actually done this before when I was still using a PowerBook G3 with a PCMCIA wifi card, but didn’t really pick up on anything. I think I found about 5 networks that day. This time was a little different.

Some stats:
Between Amsterdam Central Station and Haarlem, there are at least 110 wireless networks, reachable from inside a moving train. Of those, 33 are on channel 1, and 38 are on channel 11. 17 are on channel 6, 8 are on channel 13, 7 on channel 7, 6 on channel 3 and one on channel 8. The other channels don’t see any action. 17 networks use WPA encryption. 37 use WEP. The remainder is unencrypted. 30 seem to be set to their defaults.

This was with an active scan, as KisMAC does not yet support passive scanning on intel macs. That means hidden networks do not show. I think I might repeat this experiment later with a non-pro MacBook. It has even better wifi reception thanks to its entirely non-metal case.

Scan results as a Netstumbler text file.

Update:

Tried it on a MacBook non-pro too. As I thought, it does slightly better: it comes up with 286 networks. Contrast that to my TiBook which picks up on a whopping 15 networks.

Or so far, at least. Apple has replaced their übercool iBook line of notebooks with something they call MacBook. As with any new product, a few good things have happened. For one, they’re finally widescreen. About time, too. They get audio in and dvi out, and will support screen spanning without an open firmware hack. Also the MagSafe thing is definitely good, I’ve also snagged my leg behind the power cord before, and they finally get Gigabit Ethernet. Nice as all that is, the list of disappointments weighs slightly heavier.

• The name. iBook versus MacBook. iBook definitely wins. (Of course this also goes for PowerBook versus MacBook Pro, but I suppose not wanting Power in the name for non-PowerPC machines makes some sense).
• The keyboard. Since the beginning of time, Mac keyboards (actually, all keyboards I’ve ever touched save a rubber one) have been slightly hollow. The MacBook does away with all that. I predict lots of typos for future MacBook-owners.
• The colour. Now, this doesn’t hold true for the white one of course but the black makes it look like a generic PC laptop. The white colour was the single most differentiating feature of the iBooks (until PC laptop manufactureres started making iBookalikes, anyway). And indeed: when the white colour is replaced, iBooks no longer look like iBooks. They look just like any other laptop, just done right (i.e., without two million lights and buttons and stickers and whatever).
• The processor. I still don’t like this Intel deal.
• The screen. Biggest letdown for me. Glossy screens are just unacceptable. If I wanted to buy a mirror, I’d visit IKEA. Not the Apple store. This is another reason the black one looks like a generic PC laptop: all those things come with piece-of-shit glossy screens, too. They’re unworkable as soon as you’re in any kind of light, at any angle that isn’t a dead-on 90º. Of course the good thing is you can tell immediately after opening your laptop that you forgot to do your hair in the morning.

So far, I’m not even so much as considering buying one until that final point gets fixed. No glossy screens for me, please, thankyouverymuch.