Verizon Motorola Razr MAXX

My Verizon based Motorola Razr MAXX phone has slowed down substantially over the years and is currently at a point where it will take 30 seconds or more to respond to user inputs.  I chose to clean off most of the applications I had accumulated over the years which had a positive effect but was not fully restorative.  I also removed 1000s of images held on the camera and synced to Dropbox which further improved the phone but still did not bring the phone back to original form.

Last night, I chose to perform a factory reset on my Razr MAXX to bring the phone back to its original performance.  After the factory restore, I was faced with a large list of bloatware and applications I didn’t necessarily want re-installed immediately.  I use two Google accounts with the phone so they each come with their own applications.

Here is a list of the applications I chose to freeze or disable:

  • Android Live Wallpapers
  • Stop & Clear Data & Clear Cache on Backup Assistant Plus, Backup Assistant+ Contacts Client, Backup Assistant+ Media
  • com.motorola.huxvmm.setting
  • Face Unlock
  • Forest Wallpaper
  • Help Center
  • How to Videos
  • Home Screen Tips
  • Let’s Golf 2
  • Magic Smoke Wallpapers
  • Movie Studio
  • My Verizon Mobile
  • Music Visualization Wallpapers
  • newbayservice (runs backup assistant)
  • NFL Mobile
  • Rescue Security
  • Setup Wizard
  • Slacker Radio
  • Swype
  • Verizon Login
  • Verizon Tones
  • Video Calling
  • VZ Navigator

A fantastic list of applications you can freeze or disable is here:

http://www.droidrzr.com/index.php/topic/6181-safely-frozen-apps-jelly-bean-98728/

The summary is that the phone is now far better than it was and is much closer to original condition.  I still have many Apps installed such as Dropbox, Facebook, two email accounts, etc that keep the phone from performing like the first day I owned it.  I tried a MotoX with Republic Wireless for a brief period and while the phone was fantastic, the service was not.  I am happier

Allworx Security Vulnerability

For the first time, our Allworx 6x system was hacked and made to initiate fraudulent calls internationally.  Our SIP trunk provider, bandwidth.com, caught the error and shut down the calls which were initiated early on a Saturday.  I happened to be in the office working on Saturday and Sunday worked on the issue when I saw the service was clamped on Sunday.

The very short version of the story is that the hacker spoofed one of our generic sip phones and remotely initiated a large number of international calls.

We are on the most current Allworx firmware (7.5.11.7) as I write this article and we have used this Allworx 6x system for many years at this point.

We use a Polycom 6000 and 5000 respectively for two conference rooms.  We don’t believe the hackers gained access to the phones directly or to the Allworx 6x directly.  It appears that they were able to remotely initiate calls to the Allworx using the Polycom 6000′s login username and password.  We created more robust usernames and passwords for all of our generic sip phones.  The login usernames changed from the SIP registration data such as 5111 to a longer, descriptive name.  The passwords went from a few digits to many digits.  This doesn’t have any effect on the use of the phone so there is no reason to choose a simple password here.  The passwords were changed on the Polycom speakerphones and similar devices and the Allworx 6x password was changed.

After emailing with our rep regarding the issue, a very simple question came up.  Can’t we just block external calls for these generic sip phones? If we were able to associate the SIP registration with an IP, MAC address or even just to say the call must be initiated from within the local network the problem would be immediately solved.  In fact, this is so simplistic, one has to ask why isn’t this security step 2 right after the username and password? Such an omission seems negligent unless I am missing something.

From what I currently understand, it appears that the Allworx box is set up to accept remote calls for a generic sip phone given the proper credentials with no concern for the validity of the source.  This means that any hacker can sit and hammer away at your Allworx box using brute force methods to gain access to calling abilities on your call system.  Some INVITES were rejected based on our logs but clearly the hackers were able to work around the infrequent rejections.

 

For reference, here is the current list of Security Recommendations from Allworx:

Suggested Security Best Practices

Overview

One of the primary advantages of the Allworx family of products is its flexibility in configuration and settings in a way that is easy to understand. Security is an important consideration, and we are constantly striving to improve our systems to protect our partners and their customers. It is also equally imperative that you never knowingly put your customer in a situation where it is easy for fraudulent attacks to compromise their Allworx systems.

We are investigating reported instances and have seen fraudulent SIP registration attacks that search public IP addresses and gain access to either an Allworx server or, most recently, to remote Allworx handsets not installed behind a firewall. We have also received reports of recent toll fraud incidents in which fraudulent attacks take over the SIP registration of an Allworx handset attached to a public network. This document summarizes the security best practices to prevent security compromises.

What You Should Do

When installing an Allworx system, it is imperative to use the proper security settings so that hostile, unauthorized attempts to access the system do not result in situations where either remote access or the spoofing of handsets can occur. Most often, the result is unauthorized calling and toll fraud. Compromises usually start with port scans to determine if a host is a candidate for unauthorized access. Disabling the use of ports often discourages a fraudulent attack, and the attacker will move on to another IP.

Please implement the following practices when installing any Allworx system:

Server

  • Update every server to the most recent patch level of either the 7.3 or 7.4 software release. For example, releases 7.3.14.8 and higher, or 7.4.10.2 and higher. These patches change each Allworx phone SIP registration passwords during the phone reboot.
  • Install the server behind a firewall or connect it to the public internet using the WAN port. DO NOT connect the Allworx LAN port directly onto the public internet.
  • Disable Allworx WAN services (ports) not in use.
  • Change voicemail ports (SMTP and IMAP) to non-standard port numbers.
  • Change all server admin, phone admin, and user passwords from the default values.
  • Use strong passwords for server and phone administration pages. DO NOT use simple passwords such as “1234″ or “Allworx”.
  • Verify that there is no exposure of the Admin Page (Port 8080) to the Public network. DO NOT port forward directly to the LAN port of an Allworx server from the customer’s router. For remote maintenance, use the Allworx VPN. Navigate to Home > Network > VPN > modify to configure the VPN settings.

When configuring WAN interface to connect to the public internet:

  • Enable the server in NAT Firewall mode, preferably with Stealth DMZ. In stealth mode, the WAN interface does not respond to “pings” from other devices.

Remote phones

Password protection is very important to avoid fraudulent attacks on remote phones. Implement the following practices when installing an Allworx remote phone:

  • Use a strong password for the phone administration password. DO NOT use simple passwords such as “1234″ or “Allworx”, (Home > Servers > VoIP > modify > Phone Administration Password).
  • Use a strong password for the Plug ‘n’ Play Secret Key. DO NOT use simple passwords such as “1234″ or “Allworx”. (Home > Servers > VoIP > modify > Plug ‘n’ Play Secret Key).
  • Use proper firewall protection to connect remote Allworx phones to the public Internet. Allworx handsets provide web access to important information, including its login credentials and SIP Registration password. Phones with weak Phone Administration Passwords can easily have the SIP Registration passwords stolen.
  • Disable Phone Creates via LAN and WAN Plug and Play except during phone installation.

Px Expander

  • Change the Px admin password from the default value.
  • Use a strong password for the Px admin password. DO NOT use a simple password such as “1234″ or “Allworx”.
  • Use proper firewall protection to connect remote Allworx Px Expanders to the public Internet. The Px Expander provides web access to important information, including its login credentials and SIP Registration password.
  • Disable Phone Creates via LAN and WAN Plug and Play except during phone installation.

Other Considerations

Evidence from recent security incidents does not show attackers penetrating firewalls to access customer LANs or the servers/phones on customer LANs. Nonetheless, because aggressive malware/botnet/spyware attacks are known to compromise many desktop PCs, encourage customers to deploy LAN security solutions including:

  • Maintaining up-to-date anti-virus/anti-malware protection on LAN systems.
  • Deploying phones on VLANs to reduce opportunities to sniff SIP phone network traffic. This also improves network Quality of Service for phone traffic.
  • Reporting any observed activity to Allworx Technical support immediately so we can investigate and stay in front of these malicious attempts.

Trying out Republic Wireless and how I evaluated other options

I have a Motorola Droid Razr Maxx on Verizon Wireless sharing a plan with another person which costs me about $75 / month.  While the service is good, the plans have only increased in price for even the most basic level of service.  Adding to  the increases are many new services available from no contract providers following the International model of phone use.

To put it simply, we pay more here in the USA on contract plans with the likes of AT&T and Verizon compared to service in other Countries.  A lot more.  T-Mobile is breaking that system currently, offering excellent no contract plans and finally improving the pricing model for all.  AT&T and Verizon are reacting with new plans that are still off-target in my view.

After doing some research, I’ll put forward the options I found and explain why I went the way I did.

#5 No contract plan from AT&T or Verizon.  Expensive ($60) with phones I did no like. ~$120 yearly savings.

#4 T-Mobile no contract plan.  Better pricing based on usage, can bring your own phone.  Still $50 – 60 per month + a new phone in my situation.  T-Mobile coverage is poor compared to Verizon in the areas I travel in (Southwest & Central Virginia). ~$120 – 240 yearly savings.

#3 Ting Wireless.  Wonderful plan in which you use exactly what you need.  I should end up right around $44 per month + phone cost.  Phones are expensive directly but you can bring your own CDMA device.  What stopped me is the network methodology.  The primary network is Sprint on which data is available.  The secondary is network is Verizon on which data is NOT available.  Spring coverage is very poor at home, work and where I travel and I use mobile data often. ~$320 yearly savings.

#2 Straight Talk Wireless.  $45 per month + phone cost.  Pick your network (Verizon, AT&T, T-Mobile).  Traditional plan, straightforward. Data is tapered around 2 – 2.5GB leading to some complaints.  I usually end up near 500MB and was unconcerned about this limitation.  This seems like a great option if not for #1.  ~$320 yearly savings.

#1 Republic Wireless.  $25 on 3G ($40 on 4G) + phone cost.  EXPERIMENTAL.  We use SIP trunks at work rather than traditional copper lines through Bandwidth.com.  These are the same people that run Republic Wireless and the model is the same.  They put you on wireless and initiate a SIP based call when and if available.  They seamlessly hop between wireless and actual cell.  They only offer a couple of phones but I happen to like their choice (MotoX) which they offer at $299 which is an excellent price.  This system uses Sprint as a primary provider and Verizon as a secondary provider with data available on both.  ~$550 yearly savings.

I am in the trial period and have not switched over my Verizon number yet.  If Republic fails to meet my expectations, I will simply go with Straight Talk and select Verizon as the carrier and use my existing phone or the Republic MotoX.  Either way, the savings will be significant and I will not be bound to a wireless contract.  I am happy with these new options and glad to see this market finally take hold in the USA.

My observations so far with Republic:

  • The wireless to cell handoff is quite good.  I have tested this on calls many times now with excellent results thus far.
  • Wifi calls lead to high levels of buffering such that you can expect 500ms or more before you receive a response from the person you are talking to.  This delay makes conversation slightly more akward.
  • The system favors being on Wifi which may encourage you to hop onto less secure locations when travelling.
  • I have experienced jitter and garbled communication due to two problems.  Wireless latency and a problematic service provider (Comcast).  Comcast service in my area is poor with excessive jitter, excessive downtime, random connection losses, etc.  This means that with my ISP so goes my voice service now that they are tied.  In a total disconnect, the phone will hop to a cell tower. (I think, I am not made fully aware while talking)
  • It so happens that I am in a zone with a weak Sprint tower and an excellent Verizon tower.  As this system heavily favors the Sprint network, my situation is a worst case scenario when Comcast starts to fail.  My phone call has to bounce to Sprint then hopefully Verizon.  The phone will sometimes hold onto a poor Sprint tower before successfully moving to a Verizon tower.  (I think, I am not made fully aware while talking)
  • From experience with our office phones, I can say that Bandwidth.com SIP trunking has it’s own periodic issues.  With this system you are reliant on your ISP and Bandwith/Republic or your traditional cell carrier depending on whether you are on Wifi or not.
  • I plan to move my verizon number and if this doesn’t work just unlock the MotoX or use my older Razr MAXX with Straight Talk on Verizon.
  • Here is a complete list of Caveats for this system: http://republic-wireless.wikia.com/wiki/The_Complete_List_of_Caveats

I plan to update this Republic Wireless review as I use the service going forward.

Update:  I had garbled calls and calls I had to abandon on my work and home Wifi networks.  I also had several times where I was in a full coverage Verizon area and Republic would hold onto the Sprint tower AT ALL COSTS.  So, if I just wanted to look something up or check my email I would have to wait through several minutes of connection failures before the service would hop to the Verizon tower if at all.  If not for these two significant issues, I would have kept Republic.  As it is, I sent the phone back for a refund.  I also did not like the ~1 second buffer that made it hard to hold a flowing conversation with someone when on Wifi.  I should also note that the MotoX is a wonderful phone and it was only the service which posed a problem.

Dominion Power in Mechanicsville, VA

Well, our office’s power has been unreliable despite the absence of any major storms or weather.  I came in today, I found several short power failures and one that lasted over an hour.  Some equipment had shut down, mission critical items were buffered against such an event.  Still, the lack of reliability is surprising given our location in Mechanicsville, VA.

 
2013-12-19 09:47:29 -0500  Power failure.
2013-12-19 09:47:29 -0500  Power is back. UPS running on mains.
2013-12-19 16:47:29 -0500  Power failure.
2013-12-19 16:47:30 -0500  Power is back. UPS running on mains.
2013-12-20 15:04:06 -0500  UPS Self Test switch to battery.
2013-12-20 15:04:33 -0500  UPS Self Test completed: Battery OK
2013-12-22 11:37:31 -0500  Power failure.
2013-12-22 11:37:32 -0500  Power is back. UPS running on mains.
2013-12-22 11:37:52 -0500  Power failure.
2013-12-22 11:37:52 -0500  Power is back. UPS running on mains.
2013-12-22 11:38:27 -0500  Power failure.
2013-12-22 11:38:28 -0500  Power is back. UPS running on mains.
2013-12-22 11:38:29 -0500  Power failure.
2013-12-22 11:38:35 -0500  Running on UPS batteries.
2013-12-22 13:01:50 -0500  Mains returned. No longer on UPS batteries.
2013-12-22 13:01:50 -0500  Power is back. UPS running on mains.
2013-12-23 09:01:32 -0500  Power failure.
2013-12-23 09:01:32 -0500  Power is back. UPS running on mains.
2013-12-23 09:02:24 -0500  Power failure.
2013-12-23 09:02:25 -0500  Power is back. UPS running on mains.
2013-12-23 09:03:03 -0500  Power failure.
2013-12-23 09:03:04 -0500  Power is back. UPS running on mains.
2013-12-23 09:03:05 -0500  Power failure.
2013-12-23 09:03:06 -0500  Power is back. UPS running on mains.
2013-12-24 07:01:11 -0500  Power failure.
2013-12-24 07:01:11 -0500  Power is back. UPS running on mains.
2013-12-25 03:04:24 -0500  Power failure.
2013-12-25 03:04:25 -0500  Power is back. UPS running on mains.
2013-12-25 16:34:15 -0500  Power failure.
2013-12-25 16:34:15 -0500  Power is back. UPS running on mains.
2013-12-26 03:20:53 -0500  Power failure.
2013-12-26 03:20:54 -0500  Power is back. UPS running on mains.

Sighthound Video

Several years ago, I looked for an ip camera system that would help reduce noise (false positives), install simply and work with a wide variety of cameras and encoding formats.  I wanted a software package that I could install on flexible computer hardware without any specialized camera needs acting as a central recording hub.  Vitamin D Video fit the bill and we used this system with various cameras from Panasonic, Axis, & Sharx.

In dealing with Vitamin D Video, I felt that we were one of their fringe customers using a higher number of cameras than typical. I scaled our hardware with a high end processor and respectable raid array for the job.  This system worked well for years until moving to a larger facility this year with some new cameras.  The HD video revolution has pushed resolutions higher quickly and at low cost.  Mid-tier cameras in 2013 ($350) are dramatically better than some expensive ones in 2008 ($1500).

The new cameras came with new Codecs and some new requirements. Sadly Vitamin D Video was not continuing development.  I got everything working using some older codecs and using reduced resolution.  After contacting Vitamin D for news about development, I found that Sighthound Video was picking up the project where Vitamin D left off.  Initially I thought this might be a rag-tag group of former developers until they really started to push the platform development at an unexpectedly rapid pace.

Now I have most of the features necessary for our multi camera environment with an excellent platform that is seeing active development again.  I highly recommend this platform as it takes a lot of the work out of similar options (even the free ones and the more expensive ones).  http://sighthoundlabs.com

I installed a Microsoft update today, Microsoft .NET Framework 4.5.1 for Windows 7 x64-based Systems (KB2858725).  After a reboot and some other updates I ran into a problem with Quickbooks Enterprise v11 (we haven’t upgraded due to issues in 12 & 13).  I received an error message whose exact text I did not copy but it went something like Error: QuickBooks has a problem in reading this registration file: qbregistration.dat .

Basically, Quickbooks could not open because it had lost my registration information.  I was directed to some help files by a Quickbooks popup message.  I validated that the file was in the proper location and intact.  I went to http://www.microsoft.com/en-us/download/details.aspx?id=15697#filelist and downloaded, then installed msxml.msi .  Once this package was installed, the issue was resolved.

This help article was useful though I picked a specific part of one method to a resolution shortcut:
http://support.quickbooks.intuit.com/support/Articles/SLN41019

I did not need to re-create the qbregistration.dat file but here is a relevant article:
http://support.quickbooks.intuit.com/support/Articles/HOW12495

Google Music Idiosyncrasies

I have an android phone.  I have lot’s of local music (~17,500 songs) on a music server.  I’d like that music to be more portable and to keep my collection more up to date.  I use Pandora often as an automatic DJ but Pandora often plays what it has available which doesn’t always overlap with what I want to hear.  I’ve tried Amazon MP3 and though it is convenient, there are too many limitations with a large music collection.

Enter Google Music.  They will handle 20,000 songs for free.  You can easily purchase songs and download to your devices and in my case my music server.  Content I buy elsewhere can also be placed on my music server and synced with my Google Music using their Music Manager software.  This sounds ideal for my situation.

So far I’ve uploaded my collection and made some attempts at using the service.  Uploading took several days on a 10mbps upstream connection.  The first issue is the playlist system, what is playing and how to control this is not particularly intuitive.  I hope this will improve.  More concerning is some new Music I purchased.  It shows up in my music server after a download.  It shows up on the Google Music website.  However, when I use the Google Play Music App, I am seeing some failures.  One song in particular is missing while all others are fine.  Google had me go through a series of corrective actions which I performed.  Their steps culminated in flushing the data and cache which did not resolve the issue.  Will other music go missing?

I’ve also noticed search results on my phone differ from those on the website.  I’ve clicked the “keep” button in the Google Play Music App to store some songs on my phone locally.  Apparently wiping your data also removes these songs unlike Amazon MP3 which does a hard download to a general music directory.

Overall, Google Music meets my needs by specification but the execution and some small issues leave me without full confidence and nagging use complications.

Allworx 6x Review

My company has been actively using an Allworx 6x since 2008, during which time we have always been using a SIP trunk for calling and have been with bandwidth.com as our primary provider.  There are so many problems we have encountered over the years with so many caveats that it won’t help to review the old information except to say we have burned too much time working with Allworx idiosyncrosies over the years.

Pros:

  1. A solid, local hardware solution with programmability to work with hard lines, SIP trunks and a great deal of programmability on the phones.
  2. The phones have programmable buttons with multiple colors such that you can see messages, other lines busy or a variety of other functions.
  3. Many improvements over the years have led to a mature architecture that does 95% of what we want to do.
  4. The handset call quality is generally good and the basic phone function allows for an efficient workflow with call staff and regular staff.

Cons:

  1. Redundancy is an afterthought and support is little help.  I want to buy a solution using a SIP trunk that can failover from one connection to another easily with a high quality, multi-wan router sitting in front of the Allworx. Due to the way the Allworx is programmed and it’s SIP packets are handled, a solid solution does not exist.  The result is unreliable phone service if you have an unreliable connection.  If this one issue were dealt with, my happiness with this system would improve greatly.
  2. The phones are outlandishly expensive for the quality you get.  Many phone models are not duplex despite marketing claims.  I spent more money adding phones for several offices this year than some entire systems cost with more phones in total.
  3. Poor documentation for various features.
  4. When we bought this system in 2008, we were using ringcentral with many issues.  As cloud services have matured, the need for a local PBX has diminished.  The benefits of a local PBX do still exist but they come at greater cost that must be weighed more carefully now.

Conclusion:

The Allworx system is generally competent and worth a solid look.  Were I starting my company today and faced with the same decision I was faced with in 2008, I believe I would choose a cloud based service.  The lack of redundancy, difficult to navigate or unhelpful support and high cost (once phones and features are included) prevent the Allworx 6x from competing with now mature cloud based phone systems.  During this same time, the cloud services have themselves matured and now offer similar or better reliability and features at a lower price point.

With traditional hard lines instead of a SIP trunk, the Allworx 6x would gain reliability but lose flexibility at which point my conclusion remains the same.

Cradlepoint False Outage

Yesterday, one of my sites went down while using a Cradlepoint MBR1400.  This was especially odd given that the area did not have an internet outage and because this site has a Comcast primary and 4G secondary connection.

cradlepoint-false-outage

I was not on site and the local staff chose to reboot the router which resolved the issue short term.  The question remained, why did the connection fail with primary and secondary connections that were up?

The answer came from the the failure check settings in the MBR1400.  Both the primary and secondary connections were set to check 8.8.8.8 for failure testing and failback was based on time.  8.8.8.8 (google dns) went down causing the primary connection test to fail so the cradlepoint switched to the secondary connection.  The secondary connection test to 8.8.8.8 also failed causing the MBR1400 to re-try primary.  Essentially at this point the system entered a logical loop in which it stayed stuck until a reboot.  The total downtime was approximately 25 minutes (unacceptably poor).

There are two parts to the resolution here.  The settings need to be altered as they were programmed poorly (though the documentation on this is lacking).  After some testing and communication with Cradlepoint I will update which settings we found to be effective.  The second part to the resolution requires a fundamental change from Cradlepoint.  Simply put, you cannot test a single ip otherwise you may end up with a false outage as we did.  Even if that ip has Google reliability.  The failure check testing should be using 2 to 4 ip addresses with programmability for how quickly a positive result is active upon.

So, please improve your failure check Cradlepoint to easily prevent false outages for the market you serve.

Update: Per recommendations from Cradlepoint, I changed the settings per the images below.  The results were much improved.  45 seconds and several lost packets to failover on a primary line disconnect. ~5 seconds and one lost packet on primary modem power failure. Failback in both cases lost only one packet and didn’t come up until the cable modem was ready.  We also worked with comcast to improve the modem cycle time.

While these improvements are a huge, there are still issues.  The Cradlepoint problem of testing only one destination for our primary wired connection is a clearly identifiable point of failure that largely negates the redundancy benefits.  The failover event could be improved on our primary line disconnect test case, bringing the time down from 45 seconds and many lost packets which we know competing hardware can achieve.

Primary, wired connection.cradlepoint-failback-primary

Secondary, 4G connection.cradlepoint-failback-secondary

Newegg account suspended due to Microsoft Windows 8 Pro Pack

We purchased these upgrade packs with a poor description on the Newegg website.  Basically they only upgrade from Win8 to Win8 pro and are not an upgrade from a prior OS to Win8 pro.  When we caught the error, we wanted to send the parts back.  The MS policy on this is simply to go $&^! yourself and Newegg backs them up on this.  There are a lot of people similarly effected due to the way the product is described.  We did a chargeback to Newegg who automatically canceled our account.  The net result is that American Express gave us a refund at their cost as we pump tens of thousands of dollars through the card per month.

In the end, we were left with a sour taste.  We restored our account with Newegg but after a few similar parts failures that ended up costing us time and money, we avoid Newegg.  Now we use Newegg for research, then buy on Amazon or some vendor who stands by their products so we don’t burn time.  We don’t return parts often (far below 1%) but when we do, we don’t want to burn time and effort on the process needlessly.

If you look at reviews for these same items on various websites, the ratings are extremely poor.

http://www.amazon.com/Microsoft-Windows-Pro-Pack-Upgrade/dp/B0093H8W4W

Microsoft Windows 8 Pro Pack (Win 8 to Win 8 Pro Upgrade)

Upgrade your Windows 8 device to Windows 8 Pro with Pro Pack

http://www.newegg.com/Product/Product.aspx?Item=N82E16832416563