A history of cell phone ownership…

I wanted to make a historical list of phones that I’ve owned over the years and the reasons why I purchased them in particular. I generally buy phones on the ‘S’ year (tick-tock cycle) when the small improvements have been made to it over time versus the major redesign years!

2007: An important day to remember in the history books…

<=2009: A long long time ago, we used to have flip phones, and at this point I had a BlackBerry Pearl !

2010: One of the first affordable smart phones I owned was the HTC Desire which ran an early version of Android OS and it was very mod-able/customize-able at the time vs the first iPhones back in those days!

2011: After some time of using an Android phone I remember my main complaint being that the battery life barely got me through the day. I then received a hand-me-down phone called the Apple iPhone 4S which had a beautifully-solid-all-glass design, much better battery life, and my first intro to iOS which felt much more put together but more limited in terms of what it allowed me to do with it!

2012: I then switched back to vanilla Android with the Google Nexus 4 because it offered a bigger screen size, a clean OS / unlocked phone, and it was a very low price compared to the competitors. Battery life again was so-so but the back glass looked amazing and sparkly!

2013: I switched back again to the Apple side with the Apple iPhone 5S even though it had a smaller screen size compared to the Android phones. I liked the square edge design in the Gold color and mainly because it was the first phone in the whole market to offer a fingerprint unlock. I grew tired of entering in the long PIN codes by hand with the Nexus and I also got the good battery life back again!

2015: I kept the 5S for a bit and then upgraded to the Apple iPhone 6S for the same reasons as before except this time it offered the bigger screen size and greater battery life. However, it was still an LCD panel compared to the Android phones which were leading the way with their more advanced screen technology!

2017: I had been waiting since the 6S for Apple to release a bigger-sized-but-less-than-6-inches, edge-to-edge OLED screen and they never did for quite some time. So I purchased the Samsung Galaxy S8 which offered best quality screen on the market in addition to a headphone jack, a fingerprint reader, and a modern version of Android OS. My main issue with this phone was not so much the phone part but the Samsung-as-a-company part where they only provided us with 2 years worth of OS updates for a thousand dollar phone… We also couldn’t unlock the boot-loader very easily (to upgrade the OS manually) or remove their forced apps (press F in the chat for Bixby) and I was getting worried about the security of the device over time!

2020: After nearly 5 years of waiting, Apple finally released a phone that had a smaller-than-6-inches + edge-to-edge OLED display. It was called the iPhone 12 Mini and I immediately purchased it and retired my old Samsung phone. I really appreciated the form factor of this phone and what it had to offer. Even though I do miss the headphone jack and fingerprint unlocker, it is very hard to find a small-sized, full-screen phone these days for those of us with smaller hands!

2021: And now, back to today, with the Apple iPhone 13 Mini Blue — it’s the ‘S’ year again! 🙂

A history of cell phone ownership…

Trying to live a simpler life

Gear List:

So I have been waiting and saving up for the future-rumoured M1X Macbook Pro (while still hanging on to my 2017 Macbook Air, for nearly 5 years now). I also have been trying to support the sales of the iPhone Mini because it’s such a great form factor and size and the rumours are saying that Apple may not produce it next year with the iPhone 14! :/

– –

Since I have been working from home during this fall/winter season up north, in the woods, I also setup a mini-network here with a nice: UniFi tri-band-ac POE-UAP, Netgear gigabit-ethernet POE-SWITCH, and the famous TP-Link archer C7-V5 OpenWRT ROUTER+FIREWALL. These all make for a great, stable, and reliable home network configuration when used together! 🙂

Trying to live a simpler life

The last of the Intel Mac Mini is upon us!

So before Apple’s last event, I decided to buy a brand-new-yet-also-pre-out-dated Intel Mac Mini to use as a WiFi bridge / router / firewall in place of the Linksys WRT32X. It took me a little bit to re-figure out the BSD Packet Filter firewall again but I got some good routing speeds out of it (I had to use the NAT option in PF because without it I was only getting ~45MB/s vs the Linksys +80MB/s — I dunno why, maybe some sort of kernel level network driver bug going on?). Anyway, I chose to order the Intel version for the following reasons (as of writing this post):

  • Intel 6-Core i5 CPU
  • Optioned 16GB RAM
  • Upgraded to 10-GigE
  • 802.11ac-3×3 WiFi Radios
  • VirtualBox VMs with Debian Linux (Bridgeable Network Adapters)
  • 4x Thunderbolt-3 Ports (plus a Sonnet Solo10G Ethernet Adapter)
  • It signals the end of an x86-era which won’t exist much longer!

The last of the Intel Mac Mini is upon us!

Small Network Speed Testing Web Server

So I wanted to test the internal LAN speeds of our wireless bridge, switches, and cables in between – from one end of the network to the other. There’s an older iMac running on one side of the bridge and I didn’t want the speed test to slow down due to disk I/O reasons. I wrote a small python based web server which pre-initializes a memory buffer with random data and then sends random chunks inside of it throughout the fake “download” process (jumping around from index to index).
This is just a single stream test but there are other tools available if you want a more advance multi-stream performance testing (tools like iperf and what not). This will give you at least the real world output/speeds of your network setup (not just theoretical, I was able to get 111MB/s through a CAT-6 gigabit TP-Link Archer C7 V5 and nearly 75MB/s over a dedicated Linksys 802.11ac-3×3 WiFi bridge).

curl 'http://192.168.X.Y:8080/download' > /dev/null ; echo

Edit: Trying to maintain a stable and consistent WFH WiFi network setup! (the bridge is limiting clients to 13MBps ~ 104mbps via a iptables hashlimit rule set). It also has a good quality backchannel connection to carry all of the WiFi traffic:

import random,socket

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind(("", 8080))

rr = [chr(x) for x in range(0, 256)] * 2048
rs = "".join(rr)
rl = len(rs)
rb = (8 * 1024)
az = (rl - (rb + 1))
sz = (800 * 1024 * 1024)

while True:
	(conn, addr) = sock.accept()
	data = conn.recv(1024)
	if ("get / " in data.lower()):
		d = "HTTP/1.1 200 OK\r\ncontent-type: text/html\r\n\r\n hi : "+str(random.randint(0,az))+" : <a href='/download'>link</a>"
	if ("get /download " in data.lower()):
		d = "HTTP/1.1 200 OK\r\ncontent-type: application/octet-stream\r\n\r\n"
		sl = 0
		while (sl < sz):
			i = random.randint(0,az)
			d = rs[i:i+rb]
			sl += rb
Small Network Speed Testing Web Server

Running the UniFi Network Controller in a Docker Container

If you are needing a more generalized and containerized method to run the UniFi Network Controller and you don’t want it running on your main system, you can use a trusted app like Docker to achieve this task!

I made a new repo that has some Dockerfile supported scripts which will pull in the latest Debian container and customize a new image from scratch to run MongoDB + Java8. This is useful if you don’t particularly trust the pre-made, public Docker containers that are already out there!

git clone && cd dockerfi/ — The build and run commands are listed in the main script file (once the container has been started, just browse to https;// and restore from backup). The UI version is statically set to the previous stable release of 6.0.45!

Note: If you need to help layer 3 out: set-inform http;//192.168.X.Y:8080/inform


Edit: I made a small YouTube video running the script:

Running the UniFi Network Controller in a Docker Container

More 0’s For Easier Self-Signed SSL-Certificate Fingerprint ID’ing

So if you’re using a self-signed SSL cert which is for personal use but is public facing (similar to an SSH key upon first connect), you will get a scary warning about it of course! It is recommended to verify the cryptographic hash of that certificate to help ensure that there is no Person-In-The-Middle attack taking place. You can have some fun, at least, with self-signed certs because you can put almost anything in them so I wrote a little script to generate some leading 0’s in the fingerprint field. This helps to not only slow down an attacker trying to trick me (they need to generate something similar which takes a little more time) but it’s also easier to remember a more basic pattern (my laptop is a bit slow so I could only get 5 of them which is about 20-bits worth of nothing — The more 0s, The more secure! :):

$ openssl x509 -in crt.pem -noout -fingerprint
SHA1 Fingerprint=00:00:0F:D1:86:3F:A0:39:10:67:78:0A:13:DD:3B:55:BC:68:A4:3B

==> crt.pem <==

==> key.pem <==


import time, string, random, subprocess
from OpenSSL import crypto, SSL
#openssl genrsa -out key.pem 2048
b = subprocess.check_output('cat key.pem', shell=True)
k = crypto.load_privatekey(crypto.FILETYPE_PEM, b)
r = string.digits+string.ascii_uppercase
l = range(16)
t = (10*365*24*60*60)
s = 0
while True:
  c = crypto.X509()
  d = c.get_subject()
  d.C = "ZZ" ; d.L = "ZZ" ; d.O = "ZZ" ; d.ST = "ZZ"
  d.CN = "" ; d.OU = ''.join(random.choice(r) for _ in l)
  c.sign(k, 'sha1')
  f = c.digest('sha1')
  if f.startswith('00:00:'):
    print(crypto.dump_certificate(crypto.FILETYPE_PEM, c))
    if f.startswith('00:00:00:'):
More 0’s For Easier Self-Signed SSL-Certificate Fingerprint ID’ing

NGINX HTTPS Reverse Proxy With Basic Auth

Lets say you wanted to run a local area network controller web service that was made by a company that you didn’t completely trust, what would be your options? If you wanted proper authenticated+encrypted access to it, you could setup a trustworthy VPN service like OpenVPN and remote into the LAN or you can also setup a reverse https proxy service that handles the TLS channel + basic authentication first before forwarding on the traffic to the internal web service. For example, Nginx is a pretty powerful and amazingly simple service to achieve this setup (just make sure to note the SSL certificate fingerprint :):

# /etc/nginx/sites-available/default
# htpasswd -bc ssl.pwd user pass
# openssl req -x509 -newkey rsa:2048 -nodes -keyout ssl.key -days 3650 -out ssl.crt
# chown root:www-data ssl.* ; chmod 640 ssl.*
# openssl x509 -in ssl.crt -noout -fingerprint
server {
	listen 443 ssl;
	ssl_certificate /etc/nginx/sites-available/ssl.crt;
	ssl_certificate_key /etc/nginx/sites-available/ssl.key;
	ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
	ssl_ciphers HIGH:!aNULL:!MD5;
	location / {
		auth_basic "Admin Area";
		auth_basic_user_file /etc/nginx/sites-available/ssl.pwd;
NGINX HTTPS Reverse Proxy With Basic Auth

GO Programming – DNS Server – Blocker/Forwarder

Browser Extension: fossjon.wp.com/2020/09/15/…browser-extensions/

I haven’t posted much GO related code on this blog before as I am more of a fan of C, Python, Java/JS, etc. I initially found its syntax to be a bit harder to read due to the variable typing being placed after the variable name. It can make it harder to track and understand if the variable you’re looking at is a: mutable or immutable, pointer or constant, array or singular, referenced or dereferenced, local or global, etc.

It does combine a lot of power that you would typically find in a more structured language (like Java) along with being flexibile and relaxed (like Python).

Anyway, I’ve been trying to learn its syntax and capabilities recently and I created a basic GO program which runs on a DNS server framework (github dependency). It reads in a regex based domain blocklist text file and it also forwards the rest of the queries on for regular resolution.

Source Code: github.com/stoops/dnsrb/blob/main/dnsrb.go

$ go run dnsrb.go

Starting: 53053
Reading file [1616610565]...
[0]A-Query: facebook.com.
[0]A-Query: www.facebook.com.
[0]A-Query: blah.facebook.com.
[0]A-Query: fb.me.
[0]A-Query: amazon.ca.

$ echo ; for d in facebook.com www.facebook.com blah.facebook.com fb.me amazon.ca ; do echo "[$d] -> $(dig @ -p 53053 $d +short)" ; done ; echo

[facebook.com] ->
[www.facebook.com] ->
[blah.facebook.com] ->
[fb.me] ->
[amazon.ca] ->
GO Programming – DNS Server – Blocker/Forwarder


If you’re looking for the equivalent Netgear managed switch to the Cisco SG series posted below, I found this Netgear GS310TP model. It offers pretty similar networking features inside a nice wide metal case (even the underlying startup-config command-format is similar to the syntax of the Cisco IOS commands).

It seems to be running pretty stable so far in home testing! The 802.1q terminology is similar to OpenWRT in terms of declaring tagged & untagged VLAN interfaces. It’s a nice, reliable unit to run!


Another Piece For The Home Network Puzzle – A Return To Cisco IOS!

I’ve missed the good old days of configuring and setting up good quality switching hardware (like the big, huge Cisco switches and routers I used to experiment on with their IOS command line interface). I recently ordered this newer, smaller Cisco switch which can also provide power to a new “prosumer” WiFi AP (no power cables needed).

This unit is very stable and reliable and I bought it because it provides the following features:
[8 ports] [fanless quietness] [gigabit switching] [dot1q trunking vlans] [poe.af] and a return to using [IOS] management over SSH!
So our home network has the following hardware running our WiFi network:

Ubiquiti UAP-AC-PRO gen2 (multi SSID-VLANs)
Cisco Switch SG250-08HP poe (multi dot1q-trunks)
OpenWRT Router Linksys-WRT32X (one tagged-port, multi VLAN-interfaces)
TP-Link Archer C7-V5 (basement router, connected modem)
switch-sg250-08hp#show run
v2.5.5.47 / RTESLA2.5.5_930_364_286
CLI v1.0
file SSD indicator encrypted
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
vlan database
vlan 3-4
hostname switch-sg250-08hp
no logging on
aaa authentication dot1x default none
power inline limit-mode port
ip ssh server
interface vlan 1
 ip address
 no ip address dhcp
interface vlan 3
 name home
interface vlan 4
 name guest
interface GigabitEthernet1
 no eee enable
 spanning-tree disable
 no spanning-tree portfast
 spanning-tree link-type shared
 switchport mode trunk
 switchport trunk allowed vlan 1,3-5
 no eee lldp enable
 power inline limit 15400
interface GigabitEthernet2
 no eee enable
 spanning-tree disable
 no spanning-tree portfast
 spanning-tree link-type shared
 switchport mode trunk
 switchport trunk allowed vlan 1,3-5
 no eee lldp enable
 power inline limit 15400
interface GigabitEthernet7
 no eee enable
 spanning-tree disable
 no spanning-tree portfast
 spanning-tree link-type shared
 no eee lldp enable
 power inline limit 0
 power inline never
interface GigabitEthernet8
 no eee enable
 spanning-tree disable
 no spanning-tree portfast
 spanning-tree link-type shared
 switchport mode trunk
 switchport trunk allowed vlan 1,3-5
 no eee lldp enable
 power inline limit 0
 power inline never
macro auto disabled
no ip igmp snooping querier
Another Piece For The Home Network Puzzle – A Return To Cisco IOS!

Configuring an OpenWRT Switch to work with SSID VLANS on a UAP-AC-PRO

UniFi Post: fossjon.wp.com/2021/02/05/…unifi-uap-ac-pro-ufos/

On the OpenWRT Switch page, I have set LAN port 1 (along with a backup LAN port 2 but you can just use a single port) as the VLAN trunk port (tagged) to allow it to carry the traffic through to the VLAN access ports (untagged) [home = VLAN 3 && guest = VLAN 4]. This will create the sub-interfaces eth0.3 and eth0.4 which will contain the separated ethernet Layer 2 traffic from the WiFi clients (ARP, DHCP via dnsmasq, mDNS, etc).


OpenWRT Switch Setup:

Port 1 – Bridged with Untagged VLAN (Home)

Port 2 – Bridged with Untagged VLAN (Guest)

Port 3 & 4 – Trunked with Tagged VLANs & Bridged with Untagged LAN (Management)


UniFi Network Setup:

You can then go to the Networks section in the UniFi AP Site configuration and add a VLAN-Only Network (set the ID to 3 or 4) and then on the Wireless page create an SSID which uses that Network Name in the WiFi settings.

Note: To achieve a similar setup on a OpenWRT AP, you can use the WAN port tagged on those same VLAN numbers and then on the Interfaces page create an unmanaged interface type from the related VLAN sub-interface listed – this interface can then be assigned to the SSID network under the Wireless networks page.

Configuring an OpenWRT Switch to work with SSID VLANS on a UAP-AC-PRO