Tuesday 21 April 2020

Router fun (again)

Until yesterday, our internet has been holding up well. Apart from a strange glitch most mornings between 0730 and 0800 when it would go away for a minute or two, it's been really good.

And the glitch is probably the result of some traffic management on the part of our isp.

Yesterday was different - while the raw network speed was fine the service during the daytime was not as good and the internet radio kept buffering and dropping out - a sure sign of network congestion.

Yesterday, of course was the first Monday of school in Victoria, and given that the schools are still closed due to Covid-19, that meant the first day of the mass experiment in online learning by the school system, which of course will inevitably impact our network performance, with all the kids logging on from home and doing whatever they do.

So, no internet radio yesterday, but performance was good enough in the evening to watch an episode of Unorthdox on Netflix.

We were up late this morning so it wasn't until just before nine when I tried the internet radio for the news.

I wasn't too worried when I woke it up out of standby the internet radio said 'network disconnected'. Occasionally it does that anyway, and telling it to rescan and connect fixes the problem. Very rarely I have to power cycle the box, and do a network reconfigure, and after that it's fine.

Well this morning, I might as well have waved a rubber chicken over it - nothing would make it connect, however briefly.

So I went up to the study to log onto the network router to see if there was a problem, and I noticed that our multifunction Epson was complaining about not having an IP address, and the FujiXerox laser printer on my desk was saying it was offline.

So I logged into the router and looked at the connected devices, and  guess what, a lot of them, the less used mainly, had no ip addresses including the FujiXerox printer and the Epson printer.

I suspected a DHCP problem, but all the DHCP settings looked fine. So, being an engineer at heart I reset the box to wipe all the configuration information in the box and return it to the factory defaults.

This actually is more of a hassle than it seems, as our network is named after our previous Telstra ADSL connection, as when they installed our solar panels, the installers hard coded the SSID and network password of our then network connection into the power system's diagnostics module.

So, no matter how much I might like to name our network 'purpledishwasher', TelstraE730FB is what it has to be.

Resetting is a hassle. The admin password is ridiculously long and in an almost impossible to read minature font on the underside of the router, and the default network password makes those autosuggested by chrome look almost simple.

So much so that the first time around I stuffed up the admin password so many times (I'd actually written it down wrongly sometime previously in my network configuration notes) that I locked myself out of the router and had to start over.

The second time I was more successful, logged in, and changed the passwords to the Telstra ones and everything sprung back into life - well except for the internet radio which was still choppy and buffering, but which at least this time could see the network.

I'm guessing that whatever process in the router that responds to DHCP requests had just given up and died for reasons unknown, but I don't really know. It's been about nine months since I last did a reset, so I guess it just got tired of servicing requests.

And it's not just the internet radio - J was trying to watch some artwork videos on pastel techniques on her iPad this morning and they were equally choppy ....

... and later this afternoon after school was finished for the day, I tried the internet radio again, and guess what? - it worked perfectly, suggesting that the buffering and choppiness earlier today was due to network congestion.

[update 22/04/2020]

... and today the internet radio worked perfectly for well into the school day. QoS ? traffic shaping? Or? I'm guessing that the people who manage traffic etc for the NBN have tweaked things just a bit to cope with the extra school traffic ...

Monday 20 April 2020

Track'n'trace

There's as stoush going on at the moment about the (Australian) government's proposed contact tracing app, which I'll call Track'n'Trace or TnT for short.

Now, I've been retired for four years so I don't normally comment on technical stuff any more, except on rare occasions, as I'm out of the loop.

When the app was first announced my original thought was 'bugger that'.

Having worked in Canberra I don't have a high opinion of some of the government's IT initiatives - over specified and under resourced, and at the mercy of the electoral cycle.

My objections are twofold - one as the Annika Smethurst case has shown, there are parts of the government that want to increase snooping on citizens, and two, access to the data and the abuse by some of the police of the special powers granted under the lockdown regulations.

As J falls into the 'at risk' category due to a chronic health problem I have absolutely zero intention of breaching the lockdown regulations, and if anything we've been more careful than necessary with me usually doing the mailbox and supermarket run alone. However what I do not want to do is be dobbed in by my phone if I inadvertently get too close while queuing.

I've now changed my mind on this.

The government has said that they'll now put the code out there for public review and publish their own security audit. This of course doesn't stop them misusing the data, but if they publish their protocols around the data and its use that's probably good enough.

The other thing is that as Scott McNeally is once said "You have zero privacy anyway. Get over it."

Apple and Google to name but two, routinely capture location data - how else do you think applications such as Google Timeline work - and this data has been used to show the reduced amount of commuting going on. 


Shopping centres, department stores with their free wi-fi, all know about you and when you visit.


Phone companies can find your approximate location on the basis of which cellphone tower you're using, and can, in busy areas use triangulation to work out a rough location. 


Now the government has said that the application won't have a geolocation capability, but it does record your phone number.


I'm sure that geolocation or no geolocation capability these clever people at the Signals Directorate can match up the data if they really want to, and to be honest, unless you're suspected of nefarious activities they probably don't want to and don't have the time or inclination. 


A degree of paranoia and mistrust is sensible, but if you use any location based service you can be tracked anyway, what's the difference?


So I've swung 180 degrees on this. Yes, with appropriate safeguards I'll use the TnT app, and yes, the moment the lockdown restrictions are ended I'll delete it.


I don't totally trust the government over it, but balancing the risks versus the benefits, the benefits probably come out a little bit ahead on this one ...


[update]

There's two relevant articles on the web this afternoon, one (unfortunately paywalled) from New Scientist on the Oxford TnT adoption study, and one from the Irish Times on the French app and their controversy around its rollout

Wednesday 15 April 2020

Banks, phone calls, and security (again)

Nine years ago, I blogged about the scenario where someone calls you purporting to be from a bank and asks you for some security information before they'll tell you why they are calling.

Well, I had the same scenario again last night.

A very nicely spoken person, probably Indian by his accent, called me and said he was from a bank I no longer have an account with.

My phone did show that he was calling from a Melbourne number, but phone numbers can be spoofed, as we know, and with so many people  working from home at the moment, someone isn't necessarily calling from their office.

So when he asked me for the month of my birth to prove I was who I said I was I asked him to first of all prove that he was from XYZ bank.

(I wasn't particularly concerned about giving out my date of birth - it's out there in the public domain, along with my full name, in fact both are pretty useless as identity verification questions - my driver's licence number, or passport number would be much more secure.)

So I asked him to tell me what the last three digits of my customer number was - this is different to my account number, and is something that only the bank and I should know.

He of course, said he wasn't allowed to tell me this, but he did offer to send me a text with a number to call him back on.

Well this didn't really address the security problem, numbers can be spoofed, and nowhere in the process would he have told me a secret that only he and I could know.

So I declined and hung up.

I suspect he was probably genuine, and calling to ask me why I had closed my account, but nowhere did he, or could he, tell me anything to prove he was genuine ...