Mobile Computing - The New Paradigm
By Gerry Patterson
There's no doubt about the fact that mobile computing is becoming the new paradigm. I have resisted the shift to mobile computing mainly due to concerns about "security". But lately I feel rather like King Canute ... It seems resistance is useless. But I would still like to pay attention to "security".
The Android Handset.
My first real smart phone was a Samsung Galaxy S II. I had waited several years before rushing out and getting on the smartphone bandwagon. And even though the iPhone looks like a very well-designed and reliable product, there are several trends in Apple's system architecture which appear to be rather totalitarian. And the Samsung Galaxy S II seemed to be a very good product.
One of my gripes about using the mobile phone interface is the speed of data entry. I had found this earlier with (not so smart) phone keypads as I tried to enter text messages. I am used to using a full QWERTY keyboard and I can type at a moderate speed, so I find the phone keypad quite restrictive. Even though the Samsung has a relatively large QWERTY keyboard ... And it can be made even larger by tilting it to landscape orientation, I still found the interface cramped and tedious. However with a little practice it becomes easier to use a one finger tapping style of data entry. When I started using the Galaxy S II, the predictive typing and spell correction was switched off. This is a good setting to begin with. However, once you become more confident the word completion algorithm can make life a lot easier. Provided of course you can find it ... It's called XT9 ... And you'll find it in the Settings.
The best features of the Galaxy S II are the integration with Google services. If you have a Gmail account the Samsung phone will quickly discover your contacts, documents, picassa images, emails etc.
If you choose to store your contacts in Gmail and then start calling or texting any of those people, you can match phone numbers with existing contacts. The interface is seamless and unobtrusive.
I found that after becoming more familiar with the device I could enter text by tilting it to landscape mode and using both thumbs to tap on the mini QWERTY keyboard. It was still way slower than a real keyboard.
Although the interface is mostly intuitive there are some actions that aren't obvious and must be discovered by trial and error or by a well constructed Google search. For example, I easily discovered the bookmarks bar in the default browser (tap the star at the top of the page in the mobile version of Chrome -- make sure that you are at the top by scrolling up). And it was easy to find out how to add bookmarks and change the order (it's in the options menu). But I struggled to discover the delete option ... Eventually I worked out that if I held a bookmark (rather than tapping it) another menu popped up which gave me the options of editing or deleting the item.
Of course experienced smart phone users already know that there is considerable difference between tapping and holding items on smart phone GUI, but I had to discover this for myself.
The memo app (presumably supplied by Samsung?) seemed a handy little application which offered an option to sync with "Google Docs". However, although the synchronisation from Google Docs is excellent, sometimes the synchronisation to Google Docs seemed to be patchy (perhaps this was some weird sort of time-zone thing?). Also the Samsung memo app seems to forget your Google login after a while.
Connecting to the Phone
There several things I wanted to do. Of course the first was to use a local Internet connection and the second was to connect the phone to a computer. I soon came to the conclusion that the easiest way to connect to the phone was via a wireless connection. You can use a wired connection to utilise the phone as a storage device. But more comprehensive PC Studio type software is a little more difficult to install on a Linux workstation ... This will have to be a future project.
Up until recently I have avoided wireless. My main concerns are security Most laptops include an ethernet port and all the workstations use ethernet. There has been a few niggling things that have been difficult for domestic purposes ... Hand-held devices such as the PSP, or Nintendo DS have been built for wireless.
The Samsung S II like other mobile devices, assumes that there will be a wireless access point. So I decided to get a wireless router. I was rather wary of purchasing a device. Because I have found that getting devices (such as modems) to work with Linux can be difficult ... I decided to choose a that that had a reputation of working well with open source software. NetGear have just such a reputation. Many of their products use Linux kernels and they usually include open interfaces with them. There is a wide range of NetGear wireless modems ... I chose the N150 as the best compromise between price and performance. Although, after using it for a while, I regret that I did not one of the better models. The N150 does seem to struggle if there are several mobile devices connected to it.
Setting Up The N150 Wireless Router
I wanted to setup the router behind my existing firewall ... And I did note that the setup manual recommended that I should not do this. (see Page 12 of the N150 Manual) ... I ignored this advice.
The biggest challenge I faced was getting the router to a stage where I could connect to it with Firefox. The setup disk that ships with the router only works with Microsoft Windows. If you want to configure the router manually, it must have a route to the Internet. The router had one Internet port and four local ports. I connected the Internet to my LAN and made a note of the address that it obtained from the DHCP server and setup the rules in the firewall for the address it obtained. I then tried connecting a laptop to the router ... Sadly, I did not write down the exact sequence of steps involved in this. But it was difficult! I had to disconnect and reconnect various cables ... Eventually I was able to connect to the router with Firefox with the default admin login admin/password at http://10.0.0.1/. I configured the router to use a static address (on the Internet side) and I enabled Remote Management.
Of course, since the router was behind a firewall, remote management of the router could only be carried out from workstations on the LAN. As an extra precaution, I restricted remote access to a range of known workstations. I then restarted the router.
Once I was able to connect to the router from a workstation I fine-tuned the settings and configured to it automatically obtain its network settings (apart from IP address) from the network DHCP server.
Connecting up with wireless
The first thing I wanted to do was connect my Samsung mobile phone to the Internet. However, in light of the many well-publicised vulnerabilities in wireless network protocols, I decided to concentrate my initial efforts on security. The NetGear router includes the option of a push button wireless PIN. This requires a button to pushed on both the access point and the device. This certainly seemed easy, however the drawback is that devices that do not support the push-button method can slip through the cracks. I decided to use the wireless access list option (which can be found in the Advanced Wireless Settings option. This option was simple and direct. It would restrict access to a nominated table of Mac Addresses. As long as the access list is enabled the wireless will only talk to devices that have an entry on the table.
In order to build the access list, I followed this procedure for each device.
Uncheck the box that says Turn Access Control On (in the Wireless Card Access List).
Connect the new device to router.
Get the Mac address of the new device from the Attached Devices list in the Maintenance group.
Add the Mac address Wireless Card Access List, along with a description of the device.
Check the box that says Turn Access Control On.
Compared to the relatively easy method of pressing a button on both devices, this does seem to involve considerably more effort. However for a small site, there are probably only a dozen wireless devices. And as new devices come along it is quite easy to add them using the above procedure. Also not all wireless devices support the push button method of access. The Access list method is secure and easy to understand.
In order to make sure that I did not forget to enable the Access List and just to monitor the process I scheduled an hourly email (click on the Email option in Content Filtering) to an email address inside my domain that I reserved for receiving only those emails. A perl script watch this inbox and parses the emails. These emails have the following form
From firstname.lastname@example.org Thu Nov 17 08:00:33 2011 Return-Path: <email@example.com> X-Original-To: firstname.lastname@example.org Delivered-To: email@example.com Received: from 192.168.1.1 (host-w01.domain.com.au [192.168.1.18]) by host.domain.com.au (Postfix) with SMTP id 004D23E00AF for <firstname.lastname@example.org>; Thu, 17 Nov 2011 08:00:32 +1100 (EST) DATE: Wed Nov 16 09:01:01 PM FROM: <email@example.com> To: <firstname.lastname@example.org> Subject: NETGEAR WNR1000v3 Log [6D:40:99] MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:58:56 [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:54:56 [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:52:56 [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:46:56 [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:41:56 [DHCP IP: (10.0.0.11)] to MAC address 98:0C:82:21:34:C0, Wednesday, Nov 16,2011 20:36:34 [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:34:55 [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:30:55 [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:28:55 [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:22:54 [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:17:54 [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:15:54 [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:10:54 [DHCP IP: (10.0.0.2)] to MAC address 00:36:44:29:1F:2F, Wednesday, Nov 16,2011 20:04:54 [DHCP IP: (10.0.0.6)] to MAC address 00:22:BB:BF:87:16, Wednesday, Nov 16,2011 20:04:05 [DHCP IP: (10.0.0.11)] to MAC address 98:0C:62:21:34:C0, Wednesday, Nov 16,2011 20:03:45 [email sent to: email@example.com] Wednesday, Nov 16,2011 20:01:01
The perl script has a copy of the access list (basically just Mac address and description) separated by tabs. It turns the emails into a human readable log (substituting device name for Mac address) and adjusts the time to local time (the NetGear N150 uses GMT by default).
Whenever a Mac address turns up in the log, or an event that the script does not recognise shows up, the watcher scripts sends an alert to my mobile phone. This basically closes the loop and means that I can feel confident that only authorised devices have access to the wireless router.
Wireless Router Setup
The NetGear N150 is capable of running two networks simultaneously. There is the primary network and a "guest" network. This allows you to use different security settings for the two networks. I set up the primary network as WEP and the secondary (guest) network as WPA2-PSK [AES]. This was because earlier Nintendo DS devices (such as the DS lite and the DSi) seem to only work with WEP. The more recent Nintendo 3DS does recognise WPA2, however I setup it up with WEP because all the other Nintendo DS devices were already working with WEP.
The wireless network is setup as 10.0.0/24. The office LAN uses 192.168.1/24. The Wireless Network has to access the Internet via the firewall (which connects the LAN to the Universe).
I have tested many devices with the current setup including DS, DSi, 3DS, PSP, Samsung Galaxy, Iconia Tablet, Acer Laptop (Ubuntu), HP Laptop (Ubuntu), iPhone, iPod, iPad, and two Windows Laptops. All of them have worked well except one of the Windows Laptops. This particular laptop caused network problems and raised the following errors in the firewall logs:
Oct 22 11:06:53 host kernel: [52152.723981] Neighbour table overflow.
A little reading revealed that this is usually caused by too many
addresses in the originating network ... This seemed to suggest that the
Windows laptop might be sending Martian packets ... (Eek!) I removed the
laptop Mac address from the authorised list and told the owner that I
regretted that I could not allow them access to my networks with that device
... Of course, I could say with all due humility, that if a Windows computer
is sending Martian packets, I am ninety-nine point nine nine nine nine
percent confident about what might be
causing the problem. If you encounter similar problems with your Linux
firewall you might also be able to work out what the problem is but you might
have to explain it slowly.