Monday, September 18, 2017

I must be missing something

Seems like the world is following in the footsteps of a Rube Goldberg comic.
For instance I've seen posted, multiple times now, people putting Echo Dots in their cars to stream music despite the fact it need to use their phone's data to stream. Why not just use the phone?
Another example is one going around of people BUYING the OLD (no longer made) IR to X10 interfaces and a Harmony hub to control X10 devices from their Alexa! I mean you can get a version 2 SmartThings hub for $50 and Z-wave switches as cheap as $25 for a single or $37 for a double outlet so why buy a Harmony hub for $75+ (more if you want it with the remote) PLUS for another $30-$50 to control up to 16 devices max? Not only more cost, unless you have many devices to control, the extra hops make it more error prone, X10 itself has serious issues with many modern things interfering with it's power line signals and if anything breaks you are probably going to have to dig up a used replacement on Ebay and hope it works.
Let me be clear, I used X10 for decades generally working fine till around 2010 when it started driving me nuts being generally being flaky. And automation is my thing so I have all the test equipment and such. I'd often spend a day back then running around with test equipment, plugging and unplugging stuff while monitoring signal levels, tracking down what device was messing my signal that day. In the end I had noise filters on almost as many devices as I controlled. Insteon tried to keep things going by adding RF connections into the X10 mix but it did not help my set up stability at all. Either because of legacy X10 stuff in the mix or something else I could not see. In 2014 I finally decided to try one of the new hubs and never looked back. So it boggles my mind people are still trying to work with X10. It is like someone trying to explain how a PDA and a flip phone are better than a cheap smart phone. BTW a nice write up on the diffs between Insteon, Z-Wave and ZigBee can be found here. Note the chart at the bottom showing what the top 10 security company support. You really want to keep what devices are going to work with your next hub since odds are you will be upgrading at some point.
I can even see stuff like this Google Home built from a Raspberry Pi as a learning project but don't tell me it is a cheap Google Home. $54 for the kit is cheaper than a Google Home but assumes you have a Pi 3 you do not need for anything else or you need to add another $50 to that and what you end up with is not near as easy to use as the $100 - $129 Google Home. Rumor is there a Dot like Home in the works that will be as cheap as the $35-$50 Dot. So if you want a Home instead of an Echo but have an issue with the cost, you might want to just wait for that.

Friday, September 15, 2017

Arris cable modem issue / securing your home network

If you have an Arris cable modem, especially if you have AT&T internet you should read this. It shows why you ALWAYS want a router between you and your cable modem.BTW TWC uses Arris too but unclear at this time is have same bugs.

To check to see if your modem is exposed even it not an Arris

The easiest way to check is to go to Steve Gibson's ShieldsUP and see if any ports are responding on your cable modem.
Check "All service ports" then a custom port scan on port 49955 61001 49152 8080

You want to see all green

Stuff to fix / check

Lastly if you have never changed your routers password or see ports open in the above tests from a browser go to the Arris web interface
Change the password if still using the default. (Basic settings -> login settings). Make it something random and at least 12 characters.

On LAN Settings Enable UPnP should be unchecked. (Allows stuff to open holes in your firewall.)

I would turn off the WiFi on the modem if you have any other access points. All WiFi should be encrypted no matter what provides it or be ahead of any router you use to protect your devices.

If you have something you need to access outside the home like a webcam first find and add your router to the reserved IP list so its address will not change.

Add a port forward at the modem to the router the cam (or device / PC) is on

If you have multiple cams / devices / ports you can forward a range like this.
You will then need to forward each port to the correct cam / device on your router. That is diff depending on brand and even version so you will need to goggle that bit if it is not obvious from the router's interface. Look for something that says port forwarding. For instance on a Unifi router the instructions look like this.

One last thing

You actually want to have a couple routers. One for your PCs and phones and one for all the rest of your stuff like Blu-ray players, cams, TiVos, home automation hubs .... All the things that might not be all that secure. As an added measure you set that router's firewall to only allow those things you KNOW need to call out to the internet to do so. There have been a lot of reports lately for instance of webcams being shipped with malware on them. If they can not call home or be connected to directly from outside they can not be used in bot nets or as platforms to attack your other devices.

Saturday, September 9, 2017