Archives 2018

Google Wifi vs Apple Airport Extreme/Express

I recently upgraded my home wireless network to Google Wifi wireless mesh devices (Amazon $259) from our aging Apple Airport Extreme router and collection of Apple Airport Express wireless extenders to support about 40 devices sharing a 200/20 mbps internet connection.

While I have been extremely pleased with the performance and reliability of the Apple wireless devices, I desired more monitoring (e.g. device bandwidth usage) and configuration options (e.g. prioritization, family access controls). I began looking into other wireless options when Apple officially discontinued their Airport Extreme/Express products in 04/2018.

Competition – I previously considered the Meraki cloud-managed wireless devices, but decided against their annual per-device subscription costs for my home installation. The Ubiquity UniFi Pro HD devices also look fantastic from a sys-admin perspective, but seem unnecessarily complex for my basic home needs. In the end, I was comparing the Google Wifi mesh devices and the Netgear Orbi mesh wireless system. I preferred the Google Wifi devices because they are all identical and interchangeable and are managed from anywhere, whereas the Netgear Orbi system uses separate primary and satellite devices and can only be managed when you are at home. If my primary Google Wifi device fails, I can use one of my other mesh devices as the primary device. I also expect Google would be more likely to innovate/upgrade the existing product.

Initial Setup – Configuration of the primary AP and two satellite APs through the Google Wifi mobile app was extremely fast and simple. Configure the satellites as wireless mesh nodes, even if you intend to hardwire them to your network! The most time consuming part was a typical sys-admin dilemma– contemplating new network names and passwords, although I could have easily used the existing network names/passwords. I was concerned that the satellite APs would not take advantage of existing network wiring, but the app visually confirmed satellite nodes were using wired connection to network after I plugged them into my existing wiring. No issues connecting a WIDE variety of devices to the wired or wireless network (e.g. TVs, game consoles, phones, tablets, computers, sensors, etc).

Wireless Speeds – Google Wifi (N300/AC1200) wireless speeds are slower than Airport Extreme (N450/AC1300) but same/better than Airport Express (N300 only). Not an issue for our day to day use since devices still have plenty of bandwidth for streaming 4K and occasionally transferring large updates/games/media, but something to be aware of if you frequently copy large files or media wirelessly to a local network server. Also note that Google Wifi has gigabit ports, while Airport Express only has a 10/100 ethernet port. When extending our wireless network with Airport Express devices, wireless clients on the Express access points were limited to the 100mbps speed of the connection back to the Airport Extreme. Some of our devices are actually seeing better wireless speeds on Google Wifi because of this issue.

Wireless Coverage – Google Wifi wireless signal is weaker than my existing Airport Extreme and Airport Express. While indoor coverage seems sufficient, I am experiencing weak signals and dropouts in outdoor areas that previously had coverage (e.g. downloading updates to vehicle in front driveway, listening to music in back yard). Extending the network with two more mesh devices will likely resolve these outdoor coverage issues for much less than I would spend on a high-end system.

Likes – Very fast and simple setup. Reasonable default settings. Ability to schedule/disable internet for individual/group of devices on primary or guest networks (e.g. kid bedtime, home concert). Allowing Guest Network to cast to specific devices on Private Network (e.g. streaming from guest mobile to home TV). Total price (less than $250 for 3 node setup on sale, no recurring charges). Extremely small form factor. Nodes are identical and interchangeable (e.g. Can easily replace failed primary AP with a satellite. Can easily expand system by adding one or more of the same devices. Can split 3 pack with family/friends who may only need 1 or 2 devices.). Satellite APs can provide ethernet bridge on two ethernet ports. Can easily monitor and manage from anywhere, including viewing real-time usage and past day/week/month usage per device.

Dislikes – Limited monitoring, configuration, integration options. Typical at this price point. Specifically interested in app and/or email notifications of new devices connecting, existing devices reconnecting, significant device bandwidth usage, etc. No web-based management. No bandwidth graphs/trends.

Dislike Note: IFTTT appears to support triggers for new devices and returning devices? Will check into setting up notifications using IFTTT and post update here.

Network Data Collection – Obviously, cloud-managed network devices have to send data to the cloud, but how is the data used? I tried to determine how much data was being collected and shared when considering products. I appreciate that Google is sensitive to this issue and has published an article entitled “Google Wifi and your privacy” that explicitly states “the Google Wifi app and your Wifi points do not track the websites you visit or collect the content of any traffic on your network“. Data that is not collected cannot be used. Google Wifi privacy policy also mentions that device MAC addresses are not collected/stored and only retrieved from your home network when requested by your Google Wifi management app.

DNS Data Collection – If you are interested in data collection, you should also think about which DNS provider you are using. Every time you visit a website, your device has to send the hostname to a DNS provider to request the website’s IP address. By default, your network will use your ISP DNS, which likely logs all requests. Some people choose to use OpenDNS and similar providers as an additional layer of protection for their network, but those providers likely log all requests as well. Be aware that Google Wifi configures your entire network to use Google DNS by default. Google DNS has a separate Privacy Statement stating they only retain usage logs for 24-48 hours and do not keep permanent usage history for your IP. If you feel that you are sharing too much information with Google, consider using Cloudflare privacy-focused DNS instead. If you want to ensure your DNS requests are not monitored or manipulated by your ISP or other man-in-the-middle, Cloudflare even supports secure/encrypted DNS queries for certain devices.

Summary – Based on my initial impressions, I am extremely pleased with the Google Wifi mesh network for the price. Overall coverage and performance is reasonable and I am very excited to have the additional monitoring and management features that were absent in my Apple wireless network. While I hesitate to send even more personal  information to the cloud, I am comfortable with Google’s current Privacy Policy.

In the end, I bet on Google over the similar-priced competition because I anticipate that Google will continue to innovate this product line by adding more monitoring/configuration/integration options as well as faster hardware that can interoperate with the current network. We’ll see if that holds true!

Research: Gigabit and Fiber Options in Springfield Missouri (April 2018)

Update 08/13/2019: City Utilities of Springfield Missouri announces a public-private partnership that will enable commercial ISP partners to deliver Gigabit Fiber to Springfield-area businesses and residents by Summer 2020. CenturyLink is the first Internet Service Provider (ISP) to partner with City Utilities of Springfield as an anchor tenant on the SpringNet fiber network. Learn More


Gigabit Fiber (1Gx1G) options are available to most Springfield Missouri businesses and multi-unit buildings, but residential customers are generally limited to Gigabit (e.g. 1Gx50M) via coax cable service (e.g. DOCSIS 3.0/3.1 modem).

Availability depends on if your address is residential or business, single-unit or multi-unit, inside/outside Springfield city limits. All of these are major factors regarding Fiber service in Springfield. If you primarily need to be able to stream 4K video (15-25mbps per stream) to your home, 100-200mbps Cable (instead of Gigabit Fiber) is probably your best choice at this time, when considering price versus performance.

I have been tracking Springfield and Missouri gigabit fiber progress for a while. For everyone’s benefit, here are current Gigabit/Fiber options for residential and business addresses in and around Springfield MO…

  • SpringNet offers Gigabit Fiber throughout the City of Springfield. They have a Small Business Program that starts at $150/mo. My understanding is that they can install fiber anywhere in town for the right price, but this “lower cost” small business option is intended for businesses located in multi-unit buildings in the downtown area. Initial 2015 coverage was inside the area of Chestnut to Elm, National to Grant. I have heard that SpringNet provides Gigabit Fiber service to multi-unit residential (apartments), but I am not aware of any single-unit residential fiber offerings.
  • AT&T just launched Fiber in Springfield MO. Plans start at $80/mo. Try to Check Availability here. You likely need to be in a multi-unit residential/apartment or office building shown on the AT&T Fiber Network Map OR very close to one of the existing installs on that detailed map.
  • Mediacom announced Springfield MO as their 1000th Gigabit city in 2017. They offer Gigabit over coaxial (1Gx50M $140/m) to residential customers (Check Availability here). I believe their Fiber Gigabit offering (1Gx1G) is limited to business customers (or residential customers at a business rate). Contact business sales for Gigabit Fiber availability.

Other potential options near Springfield. The last few are primarily for businesses or very rural customers…

  • Suddenlink offers Gigabit south of Springfield MO (e.g. Nixa/Ozark). See GigCity Map. Cost for residential coaxial service is $106/mo for 1Gx50M with unlimited data transfer. When Suddenlink announced/launched this service during a City of Nixa press conference in 2015, they also said that they were investing $250K in infrastructure so that any business in the Nixa industrial park had access to Gigabit Fiber. I expect Gigabit Fiber is available to many business locations throughout Nixa/Ozark (and possibly even residential customers near commercial areas for the right price).  New Customer Pricing 09/2019: 100Mx10M $38/mo, 400Mx40M $58/mo (personal Speed Test), 1G/50M $88/mo. These plans currently include unlimited data and lifetime price guarantee.
  • Total Highspeed offers Residential Fiber and Business Fiber in Rural Greene County and Highlandville Missouri.
  • Wide Open Networks connects homes and businesses to their fiber network using fixed-wireless devices.
  • Bluebird Network offers Business Fiber outside/near Springfield MO. See Network Map.
  • Sho-Me Technologies offers Business Fiber outside/near Springfield MO. See Network Map

Local carrier-grade fiber internet options are listed on this HCOMM carrier services page.

For people in other Missouri regions, these companies also offer Gigabit Fiber: Aire Internet (Joplin/Monett), Big River (Cape Girardeau), BOLT Fiber (NE OK), Callabyte Fiber (Fulton), CenturyLink, CLGW Fiber (Kennett), Co-Mo (Central MO), Elite Fiber (STL), Fidelity Internet (Buffalo/Nevada/Rolla/West Plains), GoBec Fiber (Cassville), Google Fiber (KC), GTC (Granby), GRM FTTH (NW MO), Kingdom Telco (Callaway and Montgomery counties), LinkCity (North KC), Marshall Municipal Fiber (Marshall), Mid-States Fiber (Trenton), Missouri Telecom (SW MO), MOREnet (Statewide), NEMR Telecom (NE MO), New Dawn Fiber (Excelsior Springs), Optic Communications (Loma Linda), Phynx Fiber (Callaway County), Rayfield (Marshfield/Conway), SEMO Electric Coop (SE MO), Socket (Columbia/JC/KC/STL), United Fiber (Cameron/Maryville/Savannah), West Plains Municipal Fiber (West Plains).

DISCLAIMER: I rely on Suddenlink at home (400Mx40M w/ Unlimited). SpeedTest Results. Cost $63/mo. Updated 09/2019. I rely on SpringNet at work (1Gx1G w/ Unlimited). Included in office lease. Very pleased with the speed and reliability of both services.

Cross Posted to /r/Springfield MO

Other Broadband Resources: Current national broadband access maps (fcc.gov), Historical Missouri broadband access maps (mo.gov). See example maps below.



How to Update a Fork from Head in Github

I frequently fork repositories for internal use so that the code we are using does not change. I manually update my fork to match the latest upstream code, and then test the updated code with our system.

I had previously been using git on my local machine to perform this merge and push the updates to my fork on GitHub. I now follow these steps to update my fork with any changes from the upstream/base repository. Thank you to Rick Cogley for posting these steps!

How to Update a Fork in Github

  1. Browse to your forked repository on Github.
  2. Click the “Pull request” link on the right of “This branch is N commits behind”
  3. Click the “switching the base” link to change your fork to the base, and the original to the head fork. Now you should see all of the head commits that need to be pushed to your fork. By default, Github will compare the base fork with your fork, and will show the changes you have made to your fork OR will not find any changes if you made no changes to your fork.
  4. Click the green “Create Pull Request” button, enter a Title for your pull request (e.g. “Merge upstream changes”), then click the green “Create Pull Request” button.
  5. Click the green “Merge pull request” button, then click the green “Confirm Merge” button.

Assuming you had not made changes to your fork, the upstream changes will be merged automatically.

NSIS ReadCustomerData without invalidating SignTool Digital Signature

Introduction

Are you using NSIS (Nullsoft Scriptable Install System) to create Windows Installer executables? Do you send custom versions of your .exe installer file to each user (e.g. embedded user token or username/password)? Would you like to have NSIS build one master installer file and easily embed the user data into the installer without having to rebuild or resign the installer? Then this article is for you!

I will demonstrate how to implement the NSIS ReadCustomerData function to customize your master installer file for each user.

I will share my custom version of the AppendPayload program originally written by Aymeric Barthe and shared in his blog post Changing a Signed Executable Without Altering Windows Digital Signature. I will also demonstrate Linux and macOS (OSX) compilation/usage.

Our users can login to our website to download a custom installer that includes their account details. The Linux program reads the original signed NSIS installer, reads a data file that contains the user data, and writes a new installer file with the embedded customer data. Windows recognizes the original digital signature since we are just adding arbitrary data and did not modify the code.

Background

We provide a Windows application for our users. When I researched moving this particular Windows application to NSIS, I was very interested in the NSIS ReadCustomerData function that read arbitrary data appended to the end of the executable (.exe) file. This would allow us to customize our signed installer file with user data (e.g. user token or username/password) without generating and signing a separate installer for each user.

NSIS ReadCustomerData

The NSIS ReadCustomerData documentation was a little slim, so I will discuss a few nontrivial steps.

  • Decide which “ReadCustomerData” function you will use. Both functions should provide the same results, though the second function seems faster. Save the function to a file named “ReadCustomerData.nsi”.
  • Add the following code near the top of your primary .nsi file to import the function you saved in the previous step.
; Include ReadCustomerData function
!include ReadCustomerData.nsi
  • Add the following code to your main Section to verify that you can (or cannot) read your custom data.
; Read Customer Data (e.g. "username;password")
Push "CUSTDATA:"
Call ReadCustomerData
Pop $1
StrCmp $1 "" 0 +3
MessageBox MB_OK "No data found"
Abort
MessageBox MB_OK "Customer data: [$1]"
  • Create (and sign, if applicable) your NSIS installer executable file.

Now you are ready to append data to the end of your installer! When you run your installer, it will display a message box that says “No data found”. Continue reading to learn how to add a custom payload.

If you have a complex payload with multiple values, I highly recommend that you go back to the NSIS ReadCustomerData function page and use their functions to parse the data.

Embed User Data Method #1 – INVALID DIGITAL SIGNATURE

I initially attempted the following method as discussed in this Stack Overflow article. While NSIS does seem to be able to read the custom user data appended to the end of the .exe file using this method, Windows 10 no longer recognizes the digital signature of the NSIS installer file.

REM DO NOT USE THIS METHOD IF YOU SIGNED YOUR EXECUTABLE!
copy setup.exe user123.exe
echo "USERDATA:username;password" >> user123.exe

To clarify, the Digital Signature tab on the file properties page is no longer present when data is appended to a signed executable in this way. Windows 10 does not throw an error warning that the signature is invalid. Rather, Windows treats the executable as unsigned.

Embed User Data Method #2 – VALID DIGITAL SIGNATURE

I was able to successfully embed custom user data into the signed NSIS installer .exe file by using the method described in Aymeric Barthe‘s blog post Changing a Signed Executable Without Altering Windows Digital Signature.

We compile and sign our installers on Windows, but we would like to customize and distribute the installer from our Linux servers (e.g. generate custom installer on the fly when requested by user). I was able to make a few minor changes to Aymeric’s code so that it would compile and run correctly on Linux and macOS (OSX).

Download my port to Linux/macOS in my “Signed NSIS exe Append Payload” GitHub repository.

How to Stream User Group Meetings to YouTube

Would you like to learn how User Groups in Springfield Missouri are LIVE streaming our meetings to YouTube? You’ve come to the right place! Several similar streaming configurations are being used locally…

Springfield Web Devs (YouTube), Springfield .NET, Springfield Python, Springfield Women in Technology

Myke Bates (The Alchemedia Project, Eagle Speak) pioneered this original setup that is used by multiple groups. Jason Arend designed the original template for Web Devs and adapted the graphics for each group.

Springfield Amazon Web Services (YouTube)

Jason Klein (Logic Forte) adapted Myke’s setup above to broadcast SGF AWS meetings.


Initial Setup

I will describe my experience setting up OSB for use with live streaming of the SGF AWS meetings. This should be similar to Myke’s experience. My MacBook Pro (Quad i7 2.2Ghz) uses about 9% CPU while streaming with the following settings.

  1. Connect your devices (webcam, microphone, and HDMI capture) to your computer. Install device drivers if necessary.
  2. Create a YouTube Channel
    1. Tip: Be sure to create your channel under a “Brand” account so you can assign multiple people access to manage and stream to the channel. You create a “Brand” account while logged into your existing Google account. A “Brand” account does NOT have a separate username/password.
    2. Configure Live Streaming and setup your Live Streaming keys
    3. Tip: If you are streaming 720p, you can usually enable the low delay option in YouTube live stream buffer settings. This allows remote viewers to see audio/video of the presentation and submit questions in near real time (e.g. 15-30 second delay). If you are streaming 1080p or 4k, you need to make sure you have fast and consistent upstream bandwidth to support this option. The standard buffer setting seems to delay audio/video around 40-60 seconds.
  3. Install and Configure OSB
    1. General Configuration
      1. Automatically Record When Streaming (YES)
      2. Keep Recording when Streaming Stops (NO)
    2. Configure Streaming
      1. Type: Streaming Services
      2. Service: YouTube / YouTube Gaming
      3. Server: Primary YouTube Ingest Server
      4. Stream Key: (configure in YouTube)
    3. Configure Output
      1. Mode: Simple
      2. Video Bitrate: 2500
      3. Encoder: Software x264
      4. Audo Bitrate: 160
      5. Recording Quality: Same as Stream — Recommended on laptops and other low power computers. You can choose higher option if your computer has enough CPU to handle it.
      6. Recording Format: FLV
    4. Video Output
      1. Base Canvas Resolution: 1920×1080
      2. Output Scaled Resolution: 1280×720
      3. Downscale Filter: Bicubic
      4. Common FPS Values: 30
  4. Setup Scenes in OSB — You switch to different scenes during your meeting to control how inputs are used/streamed. Contact Jason Arend or Jason Klein for current templates.
    1. Opening Scene — Usually a backdrop with User Group logo, NO audio, NO video
      1. Color Source: Solid Background Color
      2. Image: User Group Logo
      3. Text: User Group Name, Meeting Title, Meeting Date, Other Info
    2. Large Webcam with Small Capture — Great for beginning/end of presentation. Resize the HDMI Capture so that it appears in the lower righthand corner of the screen.
      1. Audio: Blue Snowball
      2. Video Capture Device: Logitech Webcam
      3. Video Capture Device: Elgato or Magwell HDMI
      4. Color Source: Solid Background Color
      5. Image: User Group Logo
      6. Text: User Group Name, Meeting Title, Meeting Date, Other Info
    3. Large Capture with Small Webcam — Great for majority of presentation. Resize the Webcam so that it appears in the lower righthand corner of the screen.
      1. Audio: Blue Snowball
      2. Video Capture Device: Logitech Webcam
      3. Video Capture Device: Elgato or Magwell HDMI
      4. Color Source: Solid Background Color
      5. Image: User Group Logo
      6. Text: User Group Name, Meeting Title, Meeting Date, Other Info
    4. Closing Scene
      1. Color Source: Solid Background Color
      2. Image: User Group Logo
      3. Text: User Group Name, Meeting Title, Meeting Date, Other Info

Streaming During Meeting

  1. Anytime prior to meeting:
    1. Update text in any scenes that display Meeting Title, Meeting Date, or other meeting specifics.
  2. After setup at meeting, but before you start your live stream:
    1. Confirm Webcam and HDMI captures are appearing correctly. Click on each stream and verify webcam or HDMI capture video is present. If OSB shows a black/blank area for either device, double-click on the source and make sure the correct USB device is chosen from dropdown menu. This is a common issue if you plug a USB device into a different port and the OS configures the device as a new device (e.g. Logitech Webcam #2)
    2. Perform a live streaming sound check. Start on your opening scene, begin broadcast, and talk while switching to your other scenes and finally switch to closing scene. Watch/listen to your very short (10-15 second) test stream on YouTube and make sure there is NO audio during opening/closing scenes. Make sure audio level is reasonable during your presentation scenes. If audio sounds strange or has an echo, make sure you are not capturing audio from Blue Snowball microphone AND internal laptop microphone at the same time. If no audio, double click on the source and make sure correct USB device is selected in the dropdown list. Delete sound check recording.
  3. Several minutes before meeting begins:
    1. Select your Opening Scene (e.g. background w/ logo, meeting details, start time, no audio)
    2. Start Streaming
    3. Go to YouTube and confirm:
      1. Stream appears in correct channel
      2. Stream is public
      3. Stream details are correct (e.g. title, description)
    4. Copy YouTube live stream URL and announce live stream with URL on Slack, Meetup, Facebook, etc.
  4. During meeting:
    1. If you only use one scene, change to that scene. No other interaction required during meeting.
    2. If you use multiple scenes, have someone who can switch between scenes as appropriate during meeting (e.g. large video of webcam w/ small video of presentation, large video of presentation, small video of webcam). They can use up/down arrow keys to switch between two scenes or they can use mouse/trackpad to click on different scenes.
  5. Immediately after meeting:
    1. Change to Closing Scene (e.g. background w/ logo, meeting details, speaker contact info, where to find more details, no audio)
    2. Wait 30 seconds or so
    3. Click Stop Streaming (and Stop Recording)
  6. Anytime after meeting:
    1. Go to YouTube and edit recording
      1. Review meeting details. Add meeting outline to description if available.
      2. Trim opening scene and closing scene so that only a few second appear before/after actual presentation.
      3. Save changes.
      4. (This final step can be done anytime after meeting. Sooner is better than later though.)

Background

Our local User Groups have been working to find an inexpensive way to live stream meetings for several years. We have experimented with a variety of video configurations (Mevo, Mevo Plus, Periscope on iPad, Facebook Live on iPad, etc) coupled with a variety of audio configurations (built-in, venue sound systems w/ XLR adapters, iRig microphones, etc). We considered several different screen capture software packages that we could use to capture each presentation.

Myke found the Elgato Capture device and OSB combination allowed them to capture any presentation in real time. Be aware that the Elgato is listed as macOS compatible, but is NOT compatible with OSB on macOS, so you MUST use OSB on Windows with this device. I went with the Magwell device (for $200 more) instead of buying a Windows laptop. Both capture devices are completely passthrough and transparent to the presenter’s computer. When they connect their HDMI cable to the capture device, their computer believes it is connecting directly to the projector. Myke and I had great luck using both the Elgato and Magwell devices to capture HDMI from various laptops and forward the HDMI signal to various projectors.