Part 4 (Take 2): Endian (Revisited) - Search for the perfect home router/firewall (revisited)

Endian in VirtualBox was so promising that I decided to give it another go by buying a cheap SATA CD/DVD drive. I went for the LG Electronics GH22NS50 22X SATA Super Multi DVD+/-RW Internal Drive - Bulk with Software (Black)
from Amazon for around $24.

I was extremely pleased when the Endian 2.3 CD I burned booted right up and the install process began. I got to the network setup where you're asked to enter the IP Address and subnet for the "Green" (LAN) network interface. That's when the troubles began. I went through a half-dozen installs using different ports, different NICs (Realtek and Via) and different IP addresses but the network setup always failed.

I actually think that the setup itself didn't complete because I couldn't login as admin or root and it appears that the users were not actually created. It looks like a bug has been logged about the issue but no resolution.

The General Support Forum at the Endian site only has around 1600 posts in the almost 4 years it's been up. That's not really a good sign. Having a solid community makes a very big difference when it comes to non-commercial products. I haven't been able to find any solutions to my problems on the Endian forums.

Although my experience with pfSense wasn't perfect either the activity on the pfSense forum, the responses to my questions and the sheer number of posts is very comforting. Of all of the products I've tried pfSense is the only one I would give another try.

In any case, on with my story... not one to give up I was able to change the grub menu to boot in single user mode and setup a root password (type 'e' to edit the line with kernel and add 'single' to the end of it and then boot. Once logged in type 'passwd' and enter a new root password).

What I really want to do is to re-run the network setup. So now that I can log in as root. I start Endian up again. Login as root and run dhclient. I get an IP address and I can ping the gateway. So looks like hardware is working. I try to connect to the web gui but that's not working so I guess the Endian web server isn't up and running.

At this point I've run out of patience. This is a firewall after all. It's supposed to be fast, stable, and rock-solid. Based on my experience so far Endian is not going to be any of those things. Bye bye Endian. Hello Mikrotik... that's for next week!

Part 5: ClearOS - Search for the Perfect Home Router

ClearOS used to be ClarkConnect. Not sure what's changed but the purpose of this post is to share some of my experiences installed ClearOS. The main issue I ran into with the install is that CD-ROM or FTP are the only supported media.

What this means is that whether you use PXE or a USB Memory stick that's really just the bootstrap part. The rest of it has to happen via FTP or CD-ROM. Since I didn't have an CD-ROM drive I chose the FTP option and the default ClearOS FTP server. It took forever. I mean I started it in the evening and checked it once in a while and it had finished sometime at night. Clearly painful. And my first install didn't even work. Second one took even longer and I gave up. So I setup an FTP Server on my workstation and shared the ClearOS ISO. Googling led me to a useful post in the ClearOS forum with the info I needed about the user id and password that was being used by the installer ("enterprise-51" / "clearos"). That did the trick and the install was much faster than before.

What ultimately led me to give up on ClearOS was performance. It was sluggish and a little bit unresponsive from the web UI and the Console. And that was with almost all features turned off (not even a DHCP server running). It was clearly overkill for what I needed and way to much for my Atom N270 with 2 GB RAM to handle.

I'm also not much of a "read the manual" kind of person. I had no trouble configuring pfSense or Endian but I really couldn't make sense of how to define my interfaces/zones with ClearOS and how to setup a captive portal, etc.

So I passed on it.... next up Endian revisitied (I got a CD-ROM drive) and a new contender: Mikrotik RouterOS.

Part 4: Endian - Search for the perfect home router/firewall (revisited)

Endian is the next product I tried. There's a commercial edition and a community edition. Biggest difference I noticed was that hotspot support is a commercial product. No big deal. I can live without a captive portal feature.

I decided to try Endian out in a VM and the setup was quick and performance was fantastic. It's based on Smoothwall.

I created a USB installer using unetbootin and I was looking forward to a painless install based on my VM experience.

It was not to be. For whatever reason I kept getting an blue screen and when I switched to the console the error was: "Fatal: module usbhid not found." I googled, dug through the forums with no luck. I ended up trying a PXE boot of the ISO using syslinix. Same error. Make sure you use the latest version of syslinux which contains memdisk that supports ISO PXE boot. I found this post to be very useful:

Setting up a server for PXE Network booting

My next choice is ClearOS. I'll write about that later.

Part 3: pfSense - Search for the perfect home router/firewall (revisited)

pfSense 1.2.3 was my top choice. I made this decision based on features, reputation, activity on the forums, and the availability of a book on Amazon.

I ran into some installation problems. Remember that I needed to install from USB. I tried a bunch of things that didn't work until I found this great post on the pfSense forums. Remember what I said about activity on forums? Very important for non-commercial products!

Once I got past this hurdle the installation was simple and flawless. What took pfSense out of contention was a little known but unsolved issue involving the FreeBSD (which pfSense is based on) DHCP Client. After wasting a few days on this I gave up. In a nutshell the problem is that pfSense can't get and keep an IP address from the DOCSIS modem. I tried two different DOCSIS 3 modems (Ubee and Motorola) but evidently it's not related to the modem.

Too bad. I really like pfSense.

Part 2: Hardware - Search for the perfect home router/firewall (revisited)

It took me a while to come up with what I consider to be the ultimate hardware for my home router/firewall. I looked at Soekris and PC-Engines Alix and although they have great reputations and are commonly used for firewalls I felt that their products were just too underpowered and expensive. So I decided to put something together myself. My requirements:

- relatively low power
- 4-5 Gigabit NICs. Preferable Intel or Via (Realtek seems to get a bad rap on some forums)
- small form factor
- Flash IDE Disk
- 2+ GB RAM
- fanless and quiet

Here's what I put together:

- Atom N270 Intel D945GSEJT mini-ITX. Not as powerful as the 330 but with a low power mobile chipset. Bought it from Logic Supply. $99
- One advantage of the Intel D945GSEJT is you just need an AC/DC adapter. No additional power supply necessary. I picked up this 12V/5A from Logic Supply for $21. Probably didn't need 5A but we'll see.
- RouterBOARD IN/G44V PCI 4-port Gigabit VIA. Bought it from QuickLink Wireless. $90
- Transcend JM800QSU-2G 2GB DDR2 800 SO-DIMM. $42.99 from Amazon
- M350 Enclosure and riser from mini-box. $39.95 for the case and $9.95 for the riser. The riser is a critical part of the setup because it lets me fit a rather large PCI card into the case.
- 8GB 44 pin Embedded Disk Card 4000. Also from mini-box. $89.99 Definitely some cheaper ones out there and I didn't really need 8GB but I figured it would help with wear leveling and the extra space could be useful if I re-purposed the box. Also this one has higher MTBF than some of the cheaper products I saw.

Part 1: Search for the perfect home router/firewall (revisited)

A little more than three years ago I started writing about my search for the perfect home firewall. Well, I'm still looking. I gave up on consumer routers/firewalls since they really didn't offer the kinds of features I was looking for.

So the plan is to setup a low power mini-itx box and try out some open-source or commercial firewall products that have free versions.

My requirements are pretty straightforward:

- SPI
- Squid
- Snort
- WAN, DMZ, multiple LAN, Wireless interfaces
- Suitable for embedded or low-power systems
- User friendly GUI
- Captive Portal
- Load balancing
- VPN Support

Here's the short list:

Astaro
ClearOS
eBox
Endian
IPCop
IPFire
Monowall
PfSense
Smoothwall
Untangle
Vyatta
ZeroShell

I found this comparison to be very helpful: Feature overview of Linux and BSD firewall and router distributions.

NameScavenger.com - Finding Expired Domain Names

So this post isn't quite in line with my idea of a 'gadget' blog but I thought I'd give NameScavenger.com a plug.

I've been playing around with different ways to find domain names that might be worth registering. I've been building tools for my own use but since I have a full-time job I figured that it might be more fun and rewarding to share some of these tools rather than keep them all to myself.

One idea I've had for the few years is to register expired domain names that are still indexed by search engines. Rather than just go through some list that someone else had put together I decided to generate the list myself by searching for specific terms using a search engine of my choice.

I've taken the server-side code that I've been using for a few years and slapped web front-end on it.. I've just launched it at NameScavenger.com. Basically you just enter a search term, choose your search engine (Google, Bing, Yahoo), the number of levels you want to crawl (i.e. level 0 is just the search result urls, level 1 is links from there etc) and the number of search results you care about. NameScavenger takes care of the rest by looking for domain names in the links on each of the pages and checking to see if they are available for registration or not.

Enjoy.

Roku and Amazon - Finally

Yesterday, Amazon finally announced that Amazon Video on Demand was available on the Roku Digital Video Player. I've been waiting for this for a long time and I'm going to sign up as soon as I can. On-Demand Movies on DirecTV have been getting way to expensive and I'm on the cheapest Netflix plan that will allow unlimited streaming (streaming only plans coming soon!). Stay tuned for more!

Roku!

I've always been a huge fan of Roku and their products. I have 3 Roku SoundBridge Network Music Systems at home and a Roku Digital Video Player as well. The great news is that the Netflix Player is now going to support Amazon as well. The link on Roku's page isn't working yet but I hope it will be soon! It might just be time to get rid of Cable and Satellite!

The Roku Player is under $100 and comes with a remote. The picture quality is near-DVD (depends on your network connection of course) and the only complaint I have is that subtitles are not supported. Otherwise it's been a fantastic experience despite the limited Netflix catalog that's been available until now. What's really impressed me is that despite not having a hard-drive for storage I have never experienced any dropped frames or hiccups of any kind!

Mozy - Online Backups

I've always been careful about making backups and I was just recently talking to a friend about how our memories, records and purchases are now in digital format: photos, music, home videos, movies, tax records, accounting records, etc. I believe that a good backup strategy is essential and, in addition to making local and off-site hard disk and DVD-based backups I've been happily using Mozy to make online backups. I get to manage my own encryption key and I've been a happy customer for more than 2 years. I started with the Free Mozy just to try it out and now I have almost 500GB backed-up. Once in a while I'll try some restores just to make sure it's working and I've never had a problem. Backing up 500GB can be pretty slow but they don't seem to throttle my backups and with my Comcast internet I seem to get about 1 Mbs up which is pretty good! I highly recommend them: Mozy Unlimited Backup - $4.95/Month

SyncBack

A while ago I wrote about some of the tools that I use for backups. Making copies from one drive to another, whether locally or across the network is part of my backup strategy. I really needed an app that would compare the contents of two folders and then update one to match the other. For the longest time I used FolderMatch and I even paid for a license since I found it to be so useful.

I've found something even more useful and the basic version is free. There's a standard edition, SyncBackSE and a Pro edition, SyncBackPro that offer even more features. This incredible useful and solid utility does exactly what I want and gives me options to save each Profile that I use (for example Backup drive e to z, or sync e and z, etc) and to run them at the click of a button. The profiles can also be customized to some degree. I highly recommend you check it out.

Netgear ReadyNAS Duo

I've got 2 PCs, an XBOX 360, a couple of iPhones, 3 Roku Soundbridges and who knows what else in the house. I was really getting sick of finding ways to distribute my data and my Windows XP machines were just not stable enough to use as servers. So I finally bit the bullet and bought a NAS. Specifically, the Netgear RND2150 ReadyNAS Duo 500 GB Desktop Network Attached Storage.

I bought the 500GB version because it was the cheapest of the Duos. The only difference is in how much storage is included. It was a lot cheaper to go out and buy a couple of 1 TB drives than to buy the more expensive Netgear RND2110 ReadyNAS Duo 1 TB Desktop Network Attached Storage.

That was 4 months ago and I'm just absolutely thrilled with my purchase. I didn't purchase or try any other NAS devices so I can't do a comparative review. What I can do though is describe my experiences.

Reliability
I purchase a NAS for one main reason: reliable primary storage. I have all of my media and data sitting on the NAS. I have it running in RAID 1 mode and I'm using an external USB drive to backup the NAS itself. My current system status shows an uptime of 30+ days and the only reason it isn't longer is because I've rebooted it a few times to perform upgrades. It communicates directly with my APC UPS.

Flexibility
This is an extremely flexible little linux box. It supports UPnp AV streaming, SqueezeCenter (for those of you with Squeezeboxes) and Firefly (which is what I'm using to stream to my Roku Soundbridges). It also supports a whole range of protocols for file sharing: CIFS, NFS, AFP, FTP, HTTP, HTTPS, and RSYNC. Of course it supports gigabit ethernet and jumbo frames.

You can easily configure security to meet your needs and if you attach a USB printer it can also serve as a Printer Queue.

Performance
I have had absolutely no performance issues when streaming music or video but I have had some slowdowns while performing backups or very disk intensive operations. For this reason I don't think the ReadyNas is good as a primary repository for working video or code.

Expandability
With two drives in there that's the limit for expansion and it also means that only RAID 0 or RAID 1 (using Netgear's X-RAID) are supported. So my plan is to throw in some 1.5TB drives when I run out of space.

Some of the popular add-ons include a BitTorrent Service and Debian Package management utility and Root Access. Once you've enabled Root SSH you can install a whole bunch of other things. One of the most popular ones seems to be Subversion.

In my opinion, adding additional software and services just increases the chance of a failure of some kind. I want a nice, simple, reliable, and secure place to store all of my data and to use it (i.e. stream the video, audio, photos) without duplicating it on a PC.

So in a nutshell, I'm thrilled with my Duo. I get access to the same data from all of the computers, media extenders, etc that are on my network and I feel more secure knowing that the disks are in RAID 1 configuration.

Many folks have their financial records, music libraries, video libraries and personal memories sitting on their computers. A catastrophic failure might mean that these will be lost forever. If you're like me then you've already found that DVDs and CDs just don't have the storage capacity needed for backing up 500+ GB of stuff. A NAS, combined with local and off-site backups is a perfect solution for the modern, wired home.

Time to start bloggin again... update on the Shure e2c

After a long hiatus I think I'm going to start writing again. My trusty and reliably Shure E2c Sound Isolating earphones are coming to the end of their life. After a little more than two years of use I'm getting static and dropouts. There must be a loose connection somewhere. The warranty is only two years so it's not much help but it looks like there is a newer version Shure SE110 Sound Isolating Earphone with Balanced Armature Driver (Black).

But times have changed and now I have an iPhone so being able to use earphones to take a call and listen to music is quite important and, unfortunately, the Shure's don't offer that without a clunky attachment of some kind. So I've had my eye on these very sweet looking: Etymotic Research HF2 Earphones / Headset (iPhone Compatible) - Black.

They're supposed to be just like the Etymotic ER-4P Portable In-Ear Earphonesbut with a microphone. I've heard that they kept the price the same by reducing some of their build tolerances on the HF2.

As soon as I scrounge some dollars up I'll be ordering these and trying them out!

Thermapen - Good Machine and Good Eats (Sorry Alton)

Once in a while I find a tool or a gadget that's a little more expensive than comparable products but that I get a lot of pleasure out of using. These are well-designed products that look good, feel right, and perform a relatively simple function very, very well.

The ThermoWorks Thermapen is one of those products. At $85 it's not cheap for a food thermometer but it's worth every penny. I've gone through almost a dozen thermometers in the last few years: digital thermometers, analog thermometers, thermometers with probes, remote thermometers. They've ranged in price from under $10 to $50 and they all had one thing in common: they sucked.

The thermometers with probes (you leave the probe in the oven or grill so you can constantly monitor the temperature of your food as it cooks) don't stand up to temperatures over 350 degrees fahrenheit and that makes them pretty useless. I've been through a half-dozen probes to prove it. They're also not very accurate. In side-by-side tests the temperature varied by 10-20 degrees. That's the difference between medium-rare and overcooked.

Almost all of the thermometers take too long to read the temperature (sometimes up to 30 seconds) and are not accurate. So you depend on the thermometer to tell you when your steaks are done and they end up being overcooked or undercooked. They also have big massive probes that must make every piece of pork, chicken, or beef feel like Cartman. Not good because the juices leak out and whatever you're cooking dries up.

The Thermapen is fast - it reads temperatures in a matter of seconds and it's accurate. It's got a thin, sharp probe tip (with a sensor at the very tip) so you can measure the temperature of very thin items.

Sure you can probably get by with a cheaper thermometer or you can cut open whatever it is you're cooking and take a peek every few minutes but for a thermometer that you can trust, that's satisfying to use, and that guarantees good results - the Thermapen can't be beat.

[Disclaimer: No one paid me to write this, I didn't get any free products in exchange, and I don't get any revenue from any links in this post. I just like the Thermapen - plain and simple.]

Pantech PN-820 Clamshell Smartphone for Verizon - Not so Good Machine

I've been waiting for the Pantech PN-820 Clamshell Smartphone from Verizon Wireless since it was announced last year and I'm sorry to say that it was a big disappointment. In fact it was on its way back to Verizon the day after I received it!


What attracted me to this phone was the form factor. I like flip phones for two reasons: the main screen is well protected while in my pocket with keys and loose change and I find it easier to answer or hang-up by opening or closing the flip. Plus it makes it tough to call someone by accident (Garry - you keep calling me every couple of weeks).

It's got a clear main screen and good voice quality.

The good stuff ends there. Battery life is horrible (I made it through one day but couldn't have made it through a second day without recharging and this was with minimal usage), it's a Windows Mobile 5 device, the Bluetooth implementation doesn't support Voice Command, the front display is basically useless, the keypad is so-so and it's easy to hit the wrong button. Oh, and did I mention that it's pretty ugly? When I told a friend I'd gotten a brand new Smartphone he took one look and said "That? I thought that was your old phone." (My old phone is an Audiovox CDM-8900).
Based on the phone's profile it does look like it would be pretty easy to add an extended battery without getting any protrusions.


To top it all off you need to add a data plan which is at least another $40/mo. I really didn't think I would miss the QWERTY keyboard but I realize that I really do. It's a pain to enter URLs, e-mail addresses, user IDs, passwords, etc. Without being able to take advantage of the browser then data plan is a total rip-off (and it doesn't even let you tether it - that's extra).


My recommendation? If you want something small and more functional. Just get a Motorola Q. It's got a keyboard, the battery life is probably about the same, it looks better, and it supports Voice Command via Bluetooth.

Sound Investment - Shure E2c

Speakers are the most important part of your sound system and earphones should be the most important element of your portable MP3 Player or iPod. But even the best players come with lousy earphones. The first thing you should do is run out and buy the Shure E2c Sound Isolating Earphones.

I tried lots of earphones at all kinds of different price ranges and after trying these I couldn't justify spending more. At a little under $100 they're not cheap but if you're like me and spend 3-4 hours a day listening to music while you're commuting or when you're at work then consider it an investment - and an excellent one at that. They're solidly built and have a thick cord that should last a long time. You also don't hear anything when the cord rubs against something - not like those cheap earphones.

The key to making these earphones work is the fit. They go into your ear canal and block out extraneous sounds. You get to choose from 3 different kinds of earpieces in three different sizes. I find the foam earpieces to be the best because they work just like earplugs. They block outside noise which means that you can keep the volume low and avoid damaging your hearing. They're great on buses and airplanes and work so much better than noise cancelling earphones. They stay in and won't fall out regardless of what you're doing - even running.

I like the sound better than my Sennheiser HD580 Stereo HiFi Professional Headphonesand even my stereo system.

Crush, gobble and mangle your old DVDs, CDs, and Floppy Disks

Anyone who's ever suffered the pain and anguish of a complete hard drive failure knows about the importance of making backups. Nowadays, you can easily have your entire "life" (digital that is - photos, movies, finances, diary...) on your hard drive. There is almost nothing easier, faster, and cheaper than burning backup CDs and DVDs. The big question is... do you save (possibly) hundreds of CDs and DVDs or do you start getting rid of the older ones? How do you safely dispose of them and protect your privacy at the same time?

Sure you can try to encrypt and password protect them but it's a hassle and it can make recovery harder. I've tried to cut-up, crush, and mangle old CDs and DVDs by hand and I can tell you that it's a real pain. I've even cut myself after a session of enthusiastically breaking DVDs with my bare hands.

Enter the Royal Media Destroyer - MD100. It turns a DVD, CD, or Floppy Disk into a mangled mess. I bought mine at jr.com through Amazon but it doesn't seem to be in stock right now.

Gadget of the Moment - "StressEraser"

Most of us have many sources of stress in our lives: work, kids, family, money, love - you name it! Some of us have ways of coping with that stress: eating, drinking, sex, exercise, and meditation (to name just a few). Well since those don't involve batteries or gadgets (wait - that's not exactly true but never mind you get the idea) they're not exactly what I was looking for. But the StressEraser is.

It's a slick, well-designed biofeedback device the size of a deck of cards. There's a lot of info on the company's web site about the science behind and I'm not going to repeat it. Here's how it works: you stick your index finger on top of a sensor and then you follow instructions on the display about when to breathe in and when to breathe out. That's it! And it actually works. After 5 or 10 minutes I actually find myself getting drowsy.

There's a catch though... you can't do anything else while you're using the StressEraser. No listening to music, no reading, no watching television, no speaking with someone. If you start getting distracted, even if it's only by a thought, you'll get immediate feedback about how it's affecting you.

The hardest part about using the StressEraser is making the time to use it.

Gadget of the Moment - "Kill A Watt"

Let's just say, and this is purely hypothetical because it's never happened to me, that one day you open your mailbox and you get a $300 bill from your local utility for gas and electricity for the last month. After the shock wears off you start to get a little pissed off and you vow to reduce your power consumption. Well, how do you go about doing that?

You've heard about turning the lights off, lowering your thermostat, getting a new refrigerator, turning your computer off, plugging all these little gadgets you rarely use into a power strip since they use a little power whether they're off or not, etc, etc, etc. But how do you know it's really going to make a difference? Do you have a clue how much power your TV, Playstation, Computer, Refrigerator use?

If you're like most of us you really don't know. Well here's a smart $30 purchase: the P3 International Kill-a-Watt Electricity Usage Monitor.

This cool little gadget lets you know exactly how much power your device is using. It displays volts, amps, and wattage.

Now, every "Gadget of the Moment" is something that I have personally used and recommend. One feature of the Kill A Watt really has me puzzled. It's the ability to display Power Factor. So I've noticed something really weird - I have four outlets in my house (old Knob and Tube with some ground wires added by an electrician) where the Kill A Watt displays a Power Factor of almost 0 even though nothing is plugged into it! I've talked to PG&E (my local utility), an electrician, and P3 International (the manufacturer of Kill A Watt) and no one's been able to come up with a good explanation. What's even stranger is that my surge arrester/power strip: APC PF11VT3 11-outlet SurgeArrest with Tel2/Splitter and Coax Protection (a very cool device in it's own right) shows an overload warning on those outlets.

This has been an intermittent problem and I finally got a clue - it only seems to happen when it rains pretty hard. Weird. Anyway, the outlets work fine otherwise but this is really bugging me so if someone has a clue - post a comment and let us know. We'll be eternally grateful.

Compact Fluorescent Lighting Update

I finally got around to installing some new light fixtures and trying out all of the different compact fluorescent lamps I ordered. I am a little disappointed and here's why:

1. Enclosures: Most compact fluorescents are marked as not suitable for use in fully enclosed fixtures. That seems straightforward but it isn't. Some manufacturers claim that it's a fire hazard because the lamps can overheat. Others claim that it shortens the life of the lamp but is not a fire hazard. There's some confusion as whether or not there's a difference between fully enclosed or fully enclosed and recessed. Some manufactures state one thing on the bulb and another on the packaging. To top it all off they usually state on the packaging that for outdoor use the lamps need to be enclosed.

2. Flickering: On lamp I tried, the TCP Deco Torpedo 14W Medium Base, flickered no matter which fixture I tried it in.

3. Problems with Dimming: Only some lamps are approved for use in dimmers. What they don't tell you is that the performance varies quite a bit by dimmer and that CF dimmables don't match the dimming range/performance of incandescents. I tried the Greenlite 23W Dimmable in three different fixtures with three different dimmers. Performance with one was completely unacceptable - it buzzed and flickered. Performance with the second fixture/dimmer was OK but it wouldn't dim very well and buzzed until the light was warmed up. Performance with the third fixture/dimmer was much better: minimal buzzing but it takes a second for the lights to go on once the switch is turned on and dimming performance is poor.

4. Brightness: One great advantage of CFLs is that you can use a much brighter light than you could otherwise. For example, if you have a sconce that uses candelabras and the maximum wattage for the fixture is 40W you can always use a 14W CFL that gives you the equivalent of 60W Incandescent.