2024-03-18

How I do passwords

(tldr: use BitWarden and OnlyKey)

"If you can memorize and type your clever password, it's already broken".

People often don't hear me when I give them that warning, because it confuses and frightens them. Too many people think passwords like "secret42!EyeLoveMyWif3" are clever and secure. Such passwords very much are not. It might as well be "password", "secret", or no password at all.

On the other side, the approaches used by supersmart infosec aware programmers are not useful for normal people. Normal people cannot memorize 63 random strings on demand, they cannot run one-way hash functions in their heads, they will not use something like DiceWare, they will not run Python scripts on personal trusted Linux laptops, and they will not keep a GPG-encrypted text file of passwords in their Desktop folder, and they will not run a Tails instance on a liveUSB drive. If you are the kind of person who can do that, good for you, you are very smart, you win. Now try to teach a normie friend to use your system.

Something is needed that will work for ordinary people who just want to get work done. It has to be something that will work for small business owners, project managers, academics, professionals, nurses, doctors, corporate executives, lawyers, authors, activists, and even will work for journalists and politicians. And will work on public terminals in libraries and schools. And will work on employer-issued locked down laptops. And will work on school-issued edu ChromeBooks. And it needs to be something that can be taught to and used by kids about the time they turn 13. IMO, this should be in the public school curriculum.

Here is that "something", here is how I do login: I use the BitWarden password vault, and I have an OnlyKey device.

I login to a desktop like this: I plug in and unlock the OnlyKey using its PIN that I have memorized, then I type on the keyboard a short password prefix, and then I play the rest of the password out of the OnlyKey macro storage. That logs me into that desktop. Then I unlock the BitWarden browser plugin the same way.

If you search my physical desks, or my everydaycarry, you will find what looks like the the unlock PIN for the OnlyKey. If you grab it from me and try to use it, you will be sad. Bwa ha ha.

The passwords stored on the OnlyKey are for my logins into my personal Linux boxes, and are my iCloud, Microsoft, Bitwarden, and employer LDAP/AD passwords. They are 30+ truly random characters.

I use offsets into irrational numbers for the prefixes, but they could just be actually randomly generated with some dice. They are 4 to 6 digits in length. For example (I don't use this anymore), the prefixes were 100, 200, and 300 digits into the decimal expansion of Pi. This could be done without the prefix trick, and I don't include that part when teaching this to most people, and then the only thing they have to memorize is the PIN to their OnlyKey.

The OnlyKey device is also a U2F token, and BitWarden is a passkey provider and is a TOTP code generator. I have passkey turned on everywhere I can (so far Google, Github, Gitlab, and Amazon Retail). I have U2F enabled everywhere I can. I have OATH TOTP enabled everywhere I can. Every place I have U2F or TOTP enabled, I also generated the "get me back in" lockout codes, and have those stored in the notes field of the BitWarden entry for that account.

If I lose my OnlyKey and if I lose my phone, I do have other slower more annoying ways back into everything. The final fallback is I keep several copies of the BitWarden password in unmarked sealed envelopes hidden in my bookshelves and also at least two other trusted locations not at my house. My user story was "I lost my OnlyKey, and I lost my phone, and my house burned down. How do I get back in?".

Before any of my coworkers get all excited, there is some added complexity related to how I login to my work laptops and into intranet resources that I will not explain more deeply here, because my employer provides their own custom FIDO2 tokens, that have their own unlock PINs, that interface to a bespoke ZT system. I've memorized those work-related PINs.

If you are hardware pentest infosec person, yes you have ways to break this system. Good for you, you win. Not a class break.


In summary, and my immediate recommendation: your clever password is not good. Go buy an OnlyKey and use a good password vault such as BitWarden. Ordinary people who just want to get work done can be taught how to use them, and they will have a workable theory of operation for how it works, instead of just "trust me its magic".


Also, I am not getting any kickbacks from the OnlyKey company or from the BitWarden company for this advice. If anyone from OnlyKey or BitWarden wants to contact me, please do. I love your device and your service. You two should co-market each other.

2023-11-28

Home automation at Murasakijou: Controlling the Lighting

Bulbs vs Switches

When it comes to smart lighting, you face two main choices: smart bulbs or smart switches. Smart bulbs are a good starting point if you're renting or just beginning to explore smart home technology. However, they come with drawbacks. First, the 'smart' part, which isn't cheap, is embedded in a consumable item. And let's be frank, those claims of 100,000-hour lifespans are often overstated. Secondly, a smart bulb in a fixture with a standard switch becomes unreachable if the switch is turned off. You might find yourself needing to block the regular switch and add a separate, smart switch, which can be a bit awkward. And if something goes wrong, you lose manual control unless you uncover the original switches. Even then, it might not work as expected. Sure, there are workarounds, but they can be more trouble than they're worth.

If you own your home, I suggest opting for smart switches. They let you use any bulbs or fixtures, including the ones you already have. Most smart switches, especially those that look like regular light switches, default to manual control. They operate just as you're accustomed to, turning the electricity on or off to your fixtures. Installing smart switches does mean dealing with some house wiring, but it's manageable. You can learn a lot from YouTube tutorials, get the right tools, and follow instructions carefully. Alternatively, enlist a friend who's handy with basic wiring, or in the worst case, hire a handyman skilled in basic electrical work.

Just because I usually recommend and use smart switches doesn't mean I don't find value in smart bulbs and smart fixtures. They do have their perks. For instance, smart fixtures are great for remote dimming, and RGBW bulbs and fixtures add a fun, colorful flair. I've kept some smart bulbs from my experiments with SmartThings and found creative uses for them. Typically, I use them for decorative and accent lighting, not primary light sources, to circumvent issues associated with smart bulbs.

A small lesson on color temperature

So, why mention "RGBW" and not just "RGB"? These smart bulbs often allow you to adjust the 'whiteness' of the light, varying from a cozy 2700K to a bright 5000K. It's useful to understand the concept of color temperature in lighting. Despite seeming counterintuitive, in terms of color temperature, 'cooler' (bluer) light has a higher Kelvin number, while 'warmer' (redder) light has a lower one. Think of heating iron: it starts red and goes to blazing white as it gets hotter. A 2700K bulb mimics the reddish-white glow of iron at 2700K, and a 5000K bulb resembles the brilliant white of iron at a higher temperature. This analogy works well for most home lighting devices, though it's not exact for LEDs. For reference, noon sunlight is around 5500K. Outside of a lab or photography, you won't encounter much beyond this range.

Color temperature is also measured in 'mired', a term more common in professional photography and stage lighting, and used by Philips Hue bulbs. It's a bit more intuitive but not yet widely used in home automation or on bulb packaging, so I'll set it aside for now. But knowing about color temperature is important, even outside of smart homes. It helps you choose the right light for the right space. In my home, I prefer 2700K lights for general ambiance but opt for 5000K in specific areas like over the kitchen counter, bathroom mirrors, my reading lamp, and workshops.

Picking the switches, and Z-wave

Let's get into specifics. I did a little bit of research, and then picked Zooz switches, which I bought directly from [https://www.thesmartesthouse.com/]. Zooz devices use the Z-wave protocol, a well-established wireless protocol controlled by Silicon Labs. Despite being under one company's control, or maybe because it is, it's reliable and interoperable. The Z-wave Alliance, a group of hundreds of companies producing thousands of compatible products, ensures interoperability, thanks to Silicon Labs' conformance testing rules. Z-wave is mature enough that you can find devices at places like Home Depot. The Z-wave tech has evolved from the "300" series to "500" (best to avoid, old and slow) and now "700" and "800" series. I went with the "700" series as the "800" wasn't available at the time. I'm hoping the 700s and 800s work well together, but I haven't tested that.

I bought a  Zooz equivalent for every existing switch in my house. Where there was a dimmer switch, I chose Zooz's ZEN77 dimmer variant. Otherwise I just got the ZEN76 on/off variant. I considered getting dimmers everywhere, but then I would have to make sure that every fixture and bulb in the house was dimmable.  I probably should have, but I don’t want to go back and replace so many right now.  Maybe later.

In my bathrooms and laundry room, where switches controlled vent fans, I used Zooz's ZEN30 light and fan combo switch - a neat solution since it replaces two switches with one. This is key because most smart switches use a triac, fine for lights but not for inductive loads like motors. Zooz smartly pairs a triac for the light (even dimmable) and a mechanical relay for the fan.

However, I ended up with extra switches. I didn't account for 'N-way' light circuits and 'traveler lines'. Zooz switches have a feature here that other brands don't, but I'll delve into that in the next installment.

There's one room in my house designed for floor lamps plugged into wall outlets, controlled by a wall switch. I found strong advice against using a triac for switching wall outlets, so I opted for a GE “Embrighten” Z-wave smart switch with a relay not a triac from Home Depot.



So, how did the install go? And, what about this 'traveler' feature? More on that in the next installment.


In our next installment: actually wiring, and travelers

2023-11-27

Home automation at Murasakijou: Welcome

Introduction

Growing up with iconic shows like Star Trek and Battlestar Galactica, I was mesmerized by the futuristic technology they showcased—computers that could track people, control environments, and help solve whatever mystery of the day that the plot demanded. The seamless integration of technology in these shows always captivated me. Interestingly, the lack of consistency in these fictional universes often meant that the technology was conveniently forgotten in one episode, only to become crucial in another. Imagine if Lt. Worf's console had buzzed every time an uninvited guest beamed onto the ship!

Fast forward to today, and the sci-fi of my childhood is no longer just fiction. The automation seen in newly built office buildings, with their computerized lighting, HVAC systems, presence detection, and security, all monitored and controlled remotely, mirrors those once-futuristic ideas. Even in my work at Amazon, I've seen how this technology can integrate with modern cloud solutions like AWS CloudWatch, an improvement on the proprietary databases typical for “enterprise solutions”.

​​Home automation, once the domain of tinkerers who could build their own hardware and write their own firmware from scratch, has now become mainstream, with a plethora of “Internet of Things” (IoT) products promising ease of use. However, there's a twist. The industry is still evolving, and companies often change course or shut down, rendering their products obsolete and orphaned—ironically making the 'T' in IoT all too often stand for 'trash'.

My personal foray into home automation began modestly, evolving from stand-alone motion-activated lights to more sophisticated systems like SmartThings and Alexa-powered devices. Yet, these early experiments were limited by the technology's siloed nature and lack of interoperability.

Then, three pivotal things happened: the technology matured, I bought a house, and the Home Assistant project emerged. Home Assistant is exactly what I wanted in smart home technology, emphasizing user control, interoperability, and a vibrant open-source community.

Since purchasing my home in the summer of 2020, I've embarked on a journey to retrofit and upgrade its 20-year-old tech. This blog series will chronicle my adventures in home automation – the successes, the failures, the choices, and the lessons learned. I’ll share insights on the technologies and products I've used, all without any corporate sponsorship.

Why "Murasakijou"? It's a nod to my love for Japanese culture and language, meaning "the fortress of purple," and it's the name I've given my home.

This will be fun. Let’s get started.

First, we start with Home Assistant

Home Assistant, or Hassio, is a practical choice in my home automation journey. It's open-source, which means it's free and customizable – a significant advantage for someone like me who enjoys personalizing technology. Its major appeal lies in its compatibility with a wide range of devices. I'm not restricted to products from a single company; it can manage gadgets from various manufacturers, even those that typically don't cooperate with their competitors.

The community surrounding Home Assistant is invaluable. Filled with users and developers constantly refining the system, it consistently provides frequent updates and new functionalities. This community-driven development keeps the platform both relevant and evolving.

Privacy is a crucial aspect of Home Assistant. It operates locally, keeping my data secure in my home, away from external cloud servers. This also means my smart home system remains functional, even when my internet connection is down.

Where Home Assistant truly excels is in its customization capabilities. It allows me to tailor my smart home setup exactly to my preferences, from basic operations to intricate automations. This level of flexibility is perfect for aligning the system with my desires.

Home Assistant provides a flexible and user-focused approach to managing my home automation. It's not some corporate product; it's a tool that puts me in charge of how my home operates.

Next, some requirements

I'm not the only one in my house; my family's here too. So, the smart home setup needs to work for them too, not just me. If the internet cuts out, most things should still work. If the Home Assistant computer or any crucial device goes down, the house should work in manual mode, not just shut down. In case of a power outage, and when power returns (be it from the generator or utility), everything must return to normal. I've got to be able to control and to fix things remotely, and anyone in the house should manage basic smart tasks. The property's big, over 5 acres, remote, and full of trees. I want the automation to cover everything - from the mailbox at one end to the well at the other, including the house, gardens, shop, and garage.

I aim for most parts to be retail-bought, from reliable companies, with warranties and UL certification, and meeting building and electrical codes. I prefer to avoid devices that need a constant internet connection, but I'm open to some flexibility, provided I can take manual control during internet outages. I am unwilling to pay annual subscription fees without good reason. While I'm up for reprogramming devices and creating custom solutions with things like ESP32 microcomputers, anything I custom build must not be critical to using and enjoying the house.

In our next installment: light switches

2022-10-05

Operation Snip & Drip, killing Blackberry

 My operation "snip and drip" for invasive blackberry abatement is underway. I do about 4 dozen blackberry growths a day on weekends, and about a dozen every few days during workweek. Right now is when this has to be done, as the plants are drawing water and nutrient back to the underground rhizomes, and getting ready to abandon the canes for the winter.

I cut each cane about an inch from the soil, and then drip a single drop of 85% concentrate glyphosate onto it, using a microdrip squeeze bottle.

I've noticed that about 30 seconds after cutting, an impermeable glue layer forms over the cut. Blackberry has evolved countermeasures. So, I have to move fast: cut, drip. clear, and then move to the next. This has to be done carefully. By hand. It's probably not possible to pay someone to do the work with the necessary level of care.

This is the first and only use of chemical herbicide I've used on the property. Nothing else works on invasive blackberry, other than just digging out the soil and sieving out the roots and rhizomes. Which I've already done. Twice. And can't do around the fruit tree and in the forest. And I'm not going to widely spray this glyphosate. Just very focused snip and drip, one plant at a time, until I've killed them all. Next season I will also start doing the damn Scotch Broom and the English Ivy.

2022-09-14

Replacing the The Phone Company, for my parents

I replaced my parents' wireline telephone service with a VoIP service, got rid of the telemarketers who were constantly pestering them, and cut the bill from over $70/month to less than $3/month, which I am now paying myself. My parents will never see or pay a landline phone bill again. Here is how I did it, for the curious, and for anyone who wants to do something like it themselves.

We did not want to lose the phone number. We have had that number since 1982. Everyone in the extended family knows that number, many of us have memorized it, it is in multiple directories in my parents religious congregations records, it’s in the service accounts for many medical, financial, and social services, and we did not want to confuse elderly extended family members. And I especially did not want to confuse my parents.


The thing that made this doable is my parents house has pretty good cable internet. If their internet came via DSL from The Phone Company, this would have to be done a bit differently.

The VoIP Provider

First, the VoIP provider. I use VoIP.ms [ https://voip.ms/ ] because they are a good value, they are mostly It Just Works, and they have a useful set of composable telephony services I can configure via their web console. If I had had to write code, or mess around with some integrated “business solution provider”, or a raw SIP trunking service, this would not have been nearly as easy. And using an off-the-shelf “easy to use” consumer grade VoIP gadget would have cost more, and not given me the features I wanted.


I already had a VoIP.ms account, billed to my credit card. Of course, I have 2FA turned on for it.


A VoIP.ms main account id is a six digit number. For the sake of example I will say mine is “100000”.


There are docs and examples at [ https://wiki.voip.ms/ ].

Service and Gadgets Used

The VoIP.ms telephony services I need are a SIP subaccount, a voicemail, a set of forwards, a ported DID, and an IVR.

SIP subaccount

First, I created a SIP subaccount. I named it “parents”. A subaccount is a SIP endpoint that a SIP client can login to. This will be the interface to the SIP gadget, called an “ATA”, and which is in turn the connection to the classic antique POTS phones in the house.


A subaccount has a POP Point of Presence, the name of a city. All sorts of things don’t work correctly if this is not the same everywhere in a configuration. For the sake of example, I will say I am using the POP at metropolis2.voip.ms


From all this VoIP.ms creates a URI of [ sip:100000_parents@metropolis2.voip.ms ]. If someone had a SIP URI enabled voip client or good enough VTC client, they could connect to that URI, and ring my parents’ house phones. I think Zoom and Chime can do that, but I’ve not tried it.


I then created a random long (at least 16 random characters) password. People who pick passwords like “password”, “secret”, or “letmein”, or someone’s birthday, are idiots, and deserve all the misery they are about to experience. Random. Passwords. I used my Bitwarden password vault to generate and store that password. I will need it later when configuring the ATA.

Voicemail

Next, a voicemail. Again I named it “parents”. I created it, and then set a PIN code on it. I literally rolled a d10 4 times to generate the random PIN.


VoIP.ms has a feature where voicemails get transcribed to text, and also a feature to email the audio file and the text transcription to someone. I turned that on, with the email going to my parents. The transcription service costs a little bit per minute, but I think it’s well worth it.


The VoIP.ms voicemail service is exactly like every other telephone company voicemail service. The access code is *97. When this is all set up, my parents can call the DID from their mobile and then enter that code, or pick up a house handset and dial that code when they hear dialtone, then dial the PIN, and be in the voicemail service.

Forwards

Next, the forwards. I want to be able to forward calls to my parents' mobile phones, and also to my own. VoIP.ms requires that I predeclare forwarding destinations. I already had a forward declared for my own personal mobile. I added ones for each of my parents' mobiles, plus ones for each of my siblings’ mobiles.

Ported DID

Next, the ported DID. A “port” is telling the origin phone company “I’m leaving you, give control of my phone number to my next phone company”. A “DID” is a “direct inward dial”. What that really means is it’s a phone number, plus all the hidden glue so that the public telephone network knows what to do with it when someone dials it. VoIP.ms manages the port process for gratis, and then charges less than a dollar per month for a US DID, which is what the telephone network itself charges them.


To port a number, I needed permission from the account holder, and a bunch of information that is on the phone bill, and a scan/copy of the most recent phone bill. So, I called up my parents, had them find their most recent paper bill, had the account holder write “Port Approved” and a signature near the service address, and then they postal mailed it all to me. In theory they could have just scanned it themselves, but it was just easier if I did that myself.


The VoIP.ms porting team needs the telephone number, the account number, and a bunch of other information off the bill, and the scan of the bill. It takes a week or so for the port to process. It can take longer if the origin phone company is obstinate, but that’s pretty rare now.  VoIP.ms sends an email as each stage happens, and when it’s done.


Soon after the port process started, VoIP.ms created the DID entry for it in their web UI. It won’t work until the port is completed, but in the meantime, it is there to connect the other services to.


I then linked the DID and the SIP subaccount to the voicemail. This is so if someone calls the DID and then dials *97, they will go into the voicemail service into the correct voicemail box. And if there is a busy, timeout, or network failure, the call can go to the correct voicemail box.


I enabled 911 service on the DID. This costs $1.50/month, which is what the 911 system charges VoIP.ms. When setting up 911 service, I had to provide the physical address of where the service endpoint is, e.g. my parents’ home address. Do not be funny here and do not skip this step, this is how the PSAP emergency operator knows where to send an ambulance or the fire department.

IVR greeting, made with Amazon Polly

Next, I created the IVR greeting recording. I used the Amazon Polly Text-to-Speech service, in part because I work for Amazon, and in part because I could use a console to play around with it. Technically, Amazon Polly costs money, but it provides several hundred minutes for gratis on initial use, which is all I needed.


To use Amazon Polly, I logged into my AWS console, and enabled Polly. And then went to the Polly console, and played around a bunch, reading docs, and learning SSML (Speech Synthesis Markup Language) markup, and listening to the various voices available.


I finally picked “Joanna, Female, Standard, English” as the voice, and the following text as SSML markup text to turn into speech:


<speak>

<prosody volume="loud">

You have reached <say-as interpret-as="telephone">3165550199</say-as>.

The Kent residence in Smallville.

<prosody rate="fast">If you are a telemarketer, hang up put this on Do Not Call.</prosody>

If you can, please hang up and call Jonathan’s or Martha's personal mobile directly.

Otherwise,

<prosody rate="slow">

press 1 to leave a message,

press 2 to ring the house phone,

press 3 to forward to Martha's mobile,

press 4 to forward to Jonathan's mobile.

</prosody>

Thank you.

</prosody>

</speak>


I had Amazon Polly render that marked up text to a MP3 file, which can be used by VoIP.ms. Otherwise I would have had to mess around with ulaw pcm settings, and I didn’t want to. Voice grade MP3 is good enough.

IVR Interactive Voice Response

Then I created the IVR. IVR means “Interactive Voice Response”, and is the phone tree thing we are now all used to dealing with when calling a corporation. Again, I named the IVR “parents”.


I was expecting configuring the IVR to be harder than it actually turned out to be. First I uploaded the mp3 greeting file, then I configured the mappings from DTMF digit strings to VoIP.ms services. So I mapped “1” to the voicemail, “2” to the SIP subaccount, “3” to forward to my mother’s mobile, “4” to forward to my father’s mobile. As an undocumented feature, “51” forwards to my mobile, and “52”, “53”, “54”, and “55” each forward to each of my sibling’s mobiles.


Then I connected the DID to the IVR. So when someone dials the number, it picks up, the greeting audio gets played to the caller, then the caller can press DTMF digits. Well actually, the IVR has “early interrupt”. Someone who knows about it can call in, and when the recording starts, they just immediately press “2”, and immediately ring the house phones.

Bypassing the IVR, depending on who is calling

A neat feature that the IVR has is “caller id bypass”. An incoming call that has a specific CID can bypass the IVR, and be connected directly to some other VoIP.ms service. I have the bypassed numbers just directly ring the house phone. For example, my mother’s sister regularly calls to talk to my mother, and does not need to be confused by the IVR. My parents have given me a list of numbers that need the bypass, and I add them as they request them.


Some of them are for elderly relatives, and some of them are for the notification robots from their medical providers.

Making the existing house phones still work, using an ATA

My parents have several classic Bell System Western Electric Trimline handsets [ https://en.wikipedia.org/wiki/Trimline_telephone ] , and have had them since 1982 when they moved into the house. They probably don’t even realize those handsets are now antiques, somewhat in demand. I want them to keep working just as they always have.


I bought a “Grandstream HT801 Single-Port Analog Telephone Adapter” [ https://www.amazon.com/dp/B06XW1BQHC ], for $35. As near as I can tell, someone at Grandstream sat down and said “Let’s make a residential grade ATA that Just Works and Does Not Suck, and then sell it for cheap”, and created the HT801. Good on you, Grandstream, thank you.


An ATA is a device that interfaces a classic handset to the internet. It has an RJ11 port that provides dial tone, ring tones, ringer voltage, and understands when you press the DTMF buttons on the handset. And it has an RJ45 ethernet port, that really wants to connect to a home router, and then connect out to a voip provider, such as to VoIP.ms.


I bought that ATA, and then set it up on my own workbench to program it. It was pretty easy. I configured it to connect to the SIP subaccount “parents”, and to generate the necessary powered ringer voltage and ringer frequency. Then I reshipped it to my parents, with careful installation instructions.


Usually, you connect a single classic handset directly to an ATA. But I wanted as few changes as possible for my parents, and the HT801 is mighty enough to provide sufficient dialtone power and ringer voltage to an entire house telephone wiring network and several classic “dumb” handsets, so I did something more awesome. I’m told that the HT801’s bigger brother the HT802 cannot do this, so, be warned.


We disconnected the house entirely from the old wireline company! My brother and my father went outside, found and opened the demarc where the phone line came to the house, brushed away decades of cobwebs and dust, and physically disconnected the little RJ11 bridge cable, and put a piece of tape over the demarc RJ11 jack. And with that, all the phones in the house went dead.


They then took the configured ATA, plugged it to wall power, to an open RJ45 ethernet port on the home router, and to an open nearby RJ11 walljack. And with that, all the phones in the house were again alive, and had light and dialtone when picked up. If there had been any “smarts” or filters inside the house phone wiring, we would have had to go chase that down and remove them, but there were not, so we did not.


If the ATA didn’t have enough power to light up the house wiring and all the phone ringers, I would have had to buy a “Ring Booster”device. But it was able to drive them, so I didn’t have to. 

Details on programming the ATA:

Here is the guidance from VoIP.ms to programming a Grandstream HT80X ATA: https://wiki.voip.ms/article/Grandstream_HandyTone_802_-_HT802


Here is the administration and programming manual for the HT80X:

http://www.grandstream.com/sites/default/files/Resources/ht80x_administration_guide.pdf


Configure the local networking stuff, DHCP, etc for the local internet router. The defaults are fine.


Configure the SIP/VOIP settings as follows:


Primary SIP Server: metropolis2.voip.ms

Failover SIP Server: <blank>

Outbound Proxy: <blank>

NAT Traversal: Keep-Alive

SIP User ID: 100000_parents

Authenticate ID: 100000_parents

Authenticate Password: <SIP PASSWORD>

Name: KENT

DNS Mode: A Record

SIP Registration: Yes

Unregister On Reboot: No

Outgoing Call Without Registration: Yes

Register Expiration: 5

Preferred DTMF method: In-audio, RFC2833

Use P-Access-Network-Info Header: No

Use P-Emergency-info Header: No

Enable Call Features: No

Dial Plan: {[x*]+}

Preferred Vocoder: PCMU, PCMA, G729

Check SIP User ID for incoming INVITE: Yes

Allow Incoming SIP Messages from SIP Proxy Only: Yes


Here is the bit to make it able to drive the house wiring instead of just one handset:


Ring Frequency: 20

Enable High Ring Power: Yes

Recording and Transcribing calls, make sure that is off

VoIP.ms can record and transcribe incoming and outgoing calls, on a per subaccount basis and on a per DID basis. I turned that on while I was programming and debugging, and turned it off after I verified that everything was working. Listening in on people’s phone calls is creepy. Especially your parents. Make sure that is turned off for that DID and for that subaccount.

If no answer, busy, timeout, or fail: fallback to voicemail

I’ve configured both the DID and the subaccount so that if it rings for 15 seconds with no answer, it falls back to voicemail.


VoIP.ms also has “failure handling”. If the ATA says the house phone is busy or off-hook, or if the internet links fail, or even if large portions of VoIP.ms own infrastructure fail, or if “too many” people try to call in all at the same time, the call will get routed to the voicemail, for later handling.

Telemarketers, begone!

Telemarketers. Scum. My parents said they got several a day. As I reviewed the CDR Call Detail Records, I was able to confirm they were getting at least half dozen a day, most of them from forged CIDs. Those calls from those scammers are still coming in, but now they no longer interrupt my parents.


Some of the scammy ones hang up immediately when they hear the robot voice. The legally compliant ones hang up when they hear “Do Not Call”. Some wait for “press 1 to leave a message”, and leave their message, where they are much less of an interruption. The stupid ones just listen to the IVR message loop three times, then it hangs up on them. But so far, none of them have rung the house phone to bother my parents.


I considered setting up an integration with the Jolly Roger Telephone Company telemarketer trap [ https://jollyrogertelephone.com/ ] [ https://wiki.voip.ms/article/Using_ring_groups_with_a_third-party_spamfilter_service ], to time waste the scammers, but I’ve not yet bothered, and it might confuse my parents. 

Firing the old phone company, easier than I expected

Now, at last to fire the old phone company. When I initially tried to cancel the original wireline ILEC account, I got a runaround that I had to call the account termination services between certain business hours. I tried again a few weeks later, only to discover that the phone company had already closed the account and were sending my parents a final statement. I guess they decided that a successful port-out meant that it was not worth it to them to pay a salesman CSR to try to talk me out of it.

Some ideas for the future:

I can receive a notification if someone dials 911 from the house phone. I think I will set something up so that I and my siblings all get an SMS when that happens.


I can install SIP clients on my parent’s mobiles and tablets, and create additional SIP subaccounts for them to connect to. Then my parents can make outgoing calls from their mobiles, especially on wifi, and it will look like they are calling from the house phone.


I can gift them a wifi cordless phone (Grandstream makes some nice ones, such as the WP810), preconfigure it to yet another SIP subaccount, and they would have a nice cordless phone that works within the house’s wifi.


I can enable SMS on that DID, and then with a little more programming on my part, they can send and receive SMSs on that number.


I may get around to adding the Jolly Roger Telephone Company telemarketer trap.


If I ever set up smarthome home automation stuff in their house, I can link it together, so that the house can call 911 if the fire alarms go off, or the house can call someone in the family if there is some minor emergency, or my parents can dial a magic code on the IVR to remotely turn on the house porch lights or open the garage door.

Finale

In conclusion, an incumbent wireline telephone company charging an elderly couple over $70/month for phone service is corporate elder abuse. I cut the bill to $3/month, gifted to my parents paying it myself, got rid of the telemarketer scum who were disturbing them multiple times a day, learned how to set up IVRs, and learned how to use Amazon Polly and Speech Synthesis Markup Language.


2021-10-11

How to "break into" writing comic books, today


While the big 2 US comic publishers are zombies of ghosts of what they were, *right now* is the Golden Age of the "boxes of drawings with word balloons telling a story" long form narrative art.

If you were the 16yo reincarnation of Todd McFarlane today, you don't go showing your drawings to your idols in the hallway of a some comiccon and then go camping in the lobbies of the NYC based publishers begging for starvation wages clean-up inking gigs.

You take a couple of online courses "how to layout comic pages", after first having spent 10 years self-teaching learning to doodle with an iPad and then a wacom. Then you start sharing your work on Tumblr / Twitter / Instagram / etc, until you feel ready, then you do a Kickstarter, and fail. Then another Kickstarter, and fail better. Then do another Kickstarter... and succeed.

Then you start a Patreon to fund volume 2, 3, ..., N ...

Eventually Marvel or someone invites you to draw or write for them. And if you are smart, you look at their contract, and the pay rates, and the "community" of the people you would have to work with, and then you tell them to get lost.

2020-04-19

The CTO of Visa, after listening to my presentation

Some years ago, I was asked to travel to the corporate meeting center to present at a presentation-fest to the CxO staff of Visa. Yes, the one with the logo on the cards in your wallet. The CEO of Visa was there. My CEO was there. (It was the only time I ever met her.)

The fest in general was a disaster. Except for my part, if I may say so myself.

During the discussion after the presentations, the CTO of Visa stood up and said "This was the most useless pile of nothing I've had to sit through for a long time! Nobody actually said anything! Nobody actually proposed anything! Nobody actually listened to what my problems are! Nobody expressed any opinion at all! Well, except for this guy!"

And he pointed at me. "He actually read my memo about what my problems are! He believes that open source is a good idea, and that cloud computing is a good idea! And I think he's right!"

The meeting broke up soon after, and all my coworkers left, kind of glum. Except for me, I had a spring in my step for weeks after.

I have no idea if there was any impact on how Visa did business from my presentation, but it was nice to be recognized.