Tuesday, May 28, 2013

Old New England Homes

[Veering off my normal technical-only discussion today due to impending hot weather forecast for my part of the world later this week.]

My home in New Hampshire was built around 1850 to replace the run-down old garrison just to the north. The story is that some salvaged materials (bricks, timbers, boards?) from the old garrison were used in the construction of the "new" farmhouse. The garrisons were fortified to repel Indian attacks and abductions in the area into the mid-1700s. My family roots in this area run deep, and numerous ancestors were killed or abducted, especially around the time of the Dover, NH Massacre of 1689. Abductees were typically taken north to Quebec and held for ransom. One of my ancestors was a "heroine" of the Dover Massacre; another declined to return to her abusive husband after abduction to Quebec. There's a lot of history here. Of course, documented historical roots don't run as deep here in the New World as in Eurasia. I recall staying at an old, old inn in Wales in 2006 where one corner of the room was obviously several inches higher than the other.

Like many old New England homes, my home has a borning room. This is a small room just off the kitchen/hearth where mothers would give birth, infants would be tended, and the sick and elderly would be provided solace. The hearth was the living center of the old New England homestead. This makes special sense given the history of the Little Ice Age in North America. My home, although not especially large for the time, has a vaulted brick arch in the basement to support the dutch oven and fireplaces on the first floor. My paternal grandparents acquired this home in a somewhat run-down and unimproved state (no electricity, plumbing) in the early 1940s. My 3rd great grandfather had lived in this same home when it was relatively new. Homes "in town" during the same period would have had better amenities, higher ceilings, grander staircases, etc. compared to rural farmhouses. On the plus side, I have almost 500 acres of conservation land in my back yard.

For the past couple years I've been sleeping in the small borning room off the long, farm-style kitchen. This room has space for a small bed against three walls, a nightstand and dresser. It also happens to be cold in the winter and hot in the summer due to a southeast location and little insulation. Many new homes aren't built to last, but at least they're using a sensible layout and insulation. Surviving old homes were built with quality materials, yet impose compromises for modern living. With a warm weather forecast for later this week, I've decided to change to the upstairs bedroom. I've ordered a small window air conditioner to hopefully arrive and be installed before hot weather strikes on Thursday.

When my grandparents acquired the house, the upstairs was largely unfinished. My grandmother had most of the upstairs built out as a separate apartment some years after my grandfather passed away. The current tenant has been there for almost 30 years. I retain one bedroom at the top of the (steep) front stairs with no upstairs bathroom access. This certainly isn't the house as I want it to be. That said, I have a great tenant and will be gradually making practical improvements. For now, I need to figure what should be moved to the upstairs bedroom to make it habitable. I have a bed, lamp, and nice closet but desperately need a bedside stand and dresser. Longer term, I'd love to figure out either a fix to the steepness of the stairs or a separate upstairs bathroom situation. It's all possible, but starts to run into real money. At some point, I run the cost-benefit analysis as to whether it's better to buy/build the home I want and force renters to deal with the quirks of the old farmhouse.

Sunday, May 26, 2013

Cutting the Cable?

In this installment, I'll discuss the gradual progression that's been driving my brand of AV enthusiast away from the cable TV monopolies and onto the Internet. I'll also focus on Aereo's local broadcast DVR service in both a mini-review and in the larger landscape.

The more you tighten your grip, the more star systems will slip through your fingers.
- Princess Leia

This quote often springs to my (admittedly twisted) mind when discussing the lengths to which media distributors and cable monopolies such as Comcast, Time Warner, etc. will go to maintain control in a world of cheap recordable media and broadband Internet service. On the Internet, everything is just (potentially encrypted, unrecognizable) data. The media genie has long escaped the bottle. Somehow the RIAA and music distributors (MB/song) got the message, but the MPAA and cable companies (GB/video) are still refusing to give ground. I recall being young and poor and not wanting to pay for intellectual property I couldn't afford anyway; this is still the third world argument for rampant IP piracy. It's not a terrible argument. If duplication/distribution costs are negligible and legal distributors won't operate in your region, why should distributors be able to restrict your access to information and entertainment? Is infotainment for the producers or the audience? It takes both!

I now have the money to legally access the media I desire and the value system to resent overly restrictive controls and obsolete business models propped up by bad laws. Here is my manifesto.
  1. I will pay for the content I want if the terms are at all reasonable. I have bought (sometimes rebought) much of my digital music on iTunes and Amazon. I pay for Netflix and Amazon streaming.
  2. I am reluctant to pay a one-time fee to "own" or stream a piece of DRM restricted content.
  3. If the content owner will not sell into a region, I do not believe piracy in that region is wrong. Information wants to be free.
  4. I will not pay dozens of monthly fees to get the content I want. There is absolutely a place for content aggregators and streaming services.
  5. Whenever one distributor/studio "takes their toys and goes home" by establishing a separate service for their content, I will boycott that distributor. You chose to be difficult; there are other fish in the sea.
  6. I will not step back from the functionality of a TiVo to skip commercials or replay content. I will not pay money for locked-down content.
Wouldn't it be great if the industry could just work out a reasonable plan for both DRM-free video downloads and cross-platform video streaming? Kudos to Apple for absolutely forcing this on the music distributors back in the day and actually saving their revenue streams in a changing world.

Then there's the broadcast networks and cable companies still trying to eek out an existence from advertising, cable transmission fees, and monopolies and legal bullying. Since there's apparently no reasoning with all the broadcast networks at once unless you're a cable monopoly, we now have companies like Aereo. In case you haven't followed the drama, Aereo is trying to work within the law to provide each subscriber with their own tiny TV antenna and DVR streaming service in their local broadcast area. Cloud-based DVR streaming already has legal precedent behind it. Aereo's service is especially useful for those viewers on the outskirts of the metro broadcast area (like me) or with physical obstacles in the signal path (like me) or with intractable landlords. Aereo is specifically not for people who wish to receive extended or pay cable channels; it's for cable cutters for whom a physical antenna is difficult or impossible. You're paying Aereo a monthly fee to host your antenna and DVR. There's some interesting technology behind this, but the legality seems fairly straightforward. The lawsuits are flying and Aereo has generally been prevailing. Fox and CBS have threatened to pull their broadcast stations if Aereo ultimately prevails.

If Aereo is able to grow quickly enough to establish a significant subscriber base, they may be able to negotiate with the networks just as the cable monopolies do now. This is certainly my hope. This would also allow Aereo to reduce their resource requirements by storing a single (replicated for redundancy and performance) stream for each provider with whom they have an agreement. It's almost a given that broadcast TV will go away in the next decade, freeing up the spectrum for other uses. The FCC will need to change the regulatory landscape to provide some degree of free access to public news and alerts on TVoIP.

If I haven't mentioned much about the Aereo service itself, it's because it pretty much works as advertised. I'm on the $12/mo plan that provides two simultaneous channels and 60GB of DVR space. I'd love to know more of the technical details behind how they make their system work. There's apparently some serious transcoding going on at recording/viewing time. They're almost certainly not doing data deduplication for video storage; this would add a legal gray area, and they're absolutely trying to stay legal. I've tried viewing both on a laptop screen and across a room on a TV. Close viewing shows very obvious macroblocking artifacts, visible interlacing on some content, and horizontal line artifacts where 1080i content is being naively downscaled to 720p. At TV viewing distances, most issues become "good enough" for this non-videophile. Lack of macroblock dithering/blending for large areas of a similar colors are still visible. It may be possible to eliminate much of this by properly calibrating display brightness levels. I have not observed frame skipping or lengthy buffering problems.

Aereo is presenting a somewhat specialized solution. If you're tied to cable Internet, bundled basic cable may be a better deal. If you want cable/satellite-only channels, you'll need cable or satellite. I'm no longer willing to put a locked-down, slow, and awful cable box on each of my displays. The cable company has tightened their grip with encrypted digital content and threatened removal of unencrypted broadcast content (ClearQAM) formerly mandated by the FCC. The cable companies are trying to drag us back to the bad old days of the phone company ("Ma Bell") when everyone had to lease each and every phone from the monopoly provider. Grasping behavior like that has me slipping through their fingers.

Sunday, May 19, 2013

Overthinking Your Network

[In this installment, I discuss the overwhelming tyranny of choice faced by the home networking power user who is starting to consider enterprise approaches (VLANs, routing protocols, multi-WAN, redundancy, and failure bypass options) for what is fundamentally a home network.]

Most home Internet users have a DSL or cable modem and a Wi-Fi firewall/router. Power users may run thirdparty router firmware or a dedicated PC firewall/router alongside dynamic DNS registration and port forwarding for a few services. Many power users want to be able to securely connect to services on their home network from the outside. This may be the age of cloud computing, yet it's also the age of increased home automation. There are turnkey home automation systems that use cloud servers for control via mobile apps and browsers, there are DIY automation systems, and there probably won't be standards for home control, monitoring, and security via the Internet for years to come. Secure outside connection to one's home network is pretty much the hallmark of the power user.

I'm currently on a two year Comcast Business Class contract. This gives me five public static IP addresses, not including the Comcast gateway box itself. Mo' IPs, mo' problems. Having these separate external IPs gives me dreams of putting my outgoing home traffic on one, my VoIP PBX on another, a wireless guest network on a third, incoming services on a fourth, and admin/automation on a fifth. It's not like I need all these addresses, but I sure like the idea of them...

Then there's the issue of VLANs. All my network switches are "smart(ish)" and support VLANs:

  • 8 port GigE PoE switch
  • 8 port GigE smart switch
  • 24 port GigE smart switch #1
  • 24 port GigE smart switch #2
VoIP phone jacks will obviously be patched to the PoE switch. These ports will default to the "home networking" VLAN and can recognize phones to put them on a separate VoIP VLAN. I want secure Wi-Fi access to my home networking VLAN and separate unprotected guest Wi-Fi with captive portal. Guests would have to VPN in to the secure home network if necessary. I want some Internet services to be provided from server(s) in a DMZ, which could end up as one or more VLANs.

None of this really gets me to a network architecture yet, but I'm starting to converge on a set of rules or guiding principles:

  1. Expose as few boxes as possible on the public Internet and secure the hell out of those boxes. I'll probably end up with a single firewall/router handling all my public IPs. Providing multiple external points of intrusion to internal networks seems like a bad idea.
  2. Secure administrative access to all your equipment. Imagine the following scenario: An attacker gains access to a DMZ server, scans every possible IP in the local network, identifies switch hardware by MAC address, connects to admin interface of said hardware via default user/password or reconfigures local interface to same network as default admin IP and connects. Security by VLAN: gone.
  3. Use 1:1 NAT and/or PAT and private addressing for everything behind the Internet point of entry. This seems more flexible than a transparent/bridging firewall and could accommodate an external transition to IPv6 while continuing to support legacy IPv4 devices internally.
  4. Prefer VLAN separation to a single DMZ network to prevent one server acting as a point of intrusion from which to launch attacks on other servers. Some switch vendors have features that can provide this isolation without the hassle of VLANs; sadly, I'm not paying for Cisco.
  5. Don't NAT between internal networks. This destroys the audit trail and security of knowing exactly which internal client is connecting to your internal services.
  6. Keep internal and external equipment separate. Let's say your external firewall/router fails. Internal networking and VoIP calls should continue to function. Let's say an internal network switch fails. Guest Wi-Fi access to the Internet should continue to function.
  7. Carefully identify single points of failure and their importance. Have a plan for manual network reconfiguration in degraded mode and/or spare equipment or virtual machine instances to swap in.
  8. Prefer enterprise equipment at reliability choke points. A consumer Wi-Fi router might not be your best choice for your core or sole external firewall/router. Don't let your wired network go down when your Wi-Fi overheats and power cycles.
A home network usually doesn't have the same luxuries as an enterprise network. We're not generally going to keep spare equipment lying around and we don't have rapid response service contracts. Still, there are approaches to ease the pain. Consider buying two smaller switches over a single large one; how many ports do you really need at one time? Consider building virtual machine instances for critical services and be able to spin up and patch networking into VMs when hardware fails.

As always, I welcome criticism and suggestions from real experts. I'm kind of trying to have a dialog with myself about how to build out my own network, but a dialog with others is even better!