Currently I have an iPhone (ancient 2G), and have just bought a Dell Mini3i (600RMB with an 18month contract @ China Telecom), as I donated my 3G iPhone to one of the extended family back home.

The Mini3i runs an Android variant called OPhone.

The 3i is a little underwhelming software wise.

Its quite crap at the moment as its sitting on Android 1.0 (OPhone 1.0), but for all intents and purposes Android = Ophone its pretty much the same underneath.

There are a bunch of similar phones to this – the Lenovo O1, LG GW880, Motorola something or other (can’t be hassled to go look) etc.

While I haven’t rooted mine just yet, I have been playing around, and reading the Chinese forums.

Boot loader appears to be similar on all the devices – its made by BORQ’s in Beijing, and appears to be quite basic.

Motorola and O1 seem to have the best support for now, the main problem in the Chinese forums is people bitching about being stuck on older versions.

Some are running 1.6, most on 1.5, and the unlucky few 1.0 “Ophone”
2.0 and 2.1 has yet to hit the mainstream here.

There are people with N1/G5’s (Nexus 1 / HTC G5) on 2.1 though (yes, thats you in Beijing Tom!), pretty much any phone is available, although anything with wifi is essentially grey import from overseas (HK mostly)

Back to the phone -

Thankfully you can install any apps as apk’s, no need to hack for that – so its fairly easy to get info on the innards.

RootExplorer is your friend

RootExplorer also allows you to remount partitions r/w, so root access is fairly easy too. There are precompiled su binaries for 1.5 out there, although I’ve yet to do my phone.

The Dell mini3 is running on a Marvell Tabor. Fast chip, nice touchscreen, decent resolution, just crap on 1.0.

Firmware files for most of the “ophones” (except motorola) are mff files.

The mff files appear to just be compressed images with instructions for how to write the various partitions out.

eg the Lenovo O1 mff has this in the “mff” zip

2010/02/25 10:53 147,111,936 factory_CHERRY.fbf
2010/02/25 10:53 249 factory_CHERRY.mff.mlt
2010/02/25 10:53 364 JADE_EVB_RawNANDx16.ini
2010/02/25 10:53 327 magic_fbf.ini
2010/02/25 10:53 2,692 magic_fbf_inner.ini
2010/02/25 10:53 10,236,719 mfw.pac
2010/02/25 10:53 54,180 MHLV_NTDKB_h.bin
2010/02/25 10:53 176 MHLV_NTDKB_TIM.bin
2010/02/25 10:53 858 NTIM_td.ini

magic_fbf_inner.ini has the layout

[INTEL_FLASH_DEVICE_INPUT_FILE]
Number_of_Images=24

[IMAGE_HEADER_0]
Start_Address=0×240000
Image_Length=0×40000
EraseBlocks=1
WriteImage=0
VerifyWrite=0

[IMAGE_HEADER_1]
Start_Address=0×6900000
Image_Length=0xf00000
EraseBlocks=1
WriteImage=0
VerifyWrite=0

(etc)

Different phones have different firmware writing software, the Motorola’s are using RSDLite, LG – SML_OMS, CTHall, others something homegrown called Firebolt, which is written by BORQS. I have all the firmware tools already, despite the Ophone8 forums lack of courtesy in sharing, grrr.

Most firmware tools appear similar though functionality wise.
Haven’t played around inside the phone yet to see if its easy to get jtag access, although that was mostly because i couldn’t work out how to remove the top part without breaking it.

If anyone wants more info, or a firmware dump let me know.

Hopefully there is some interest out there in the English speaking world for these!

Occasionally even in a well maintained system, qmail has issues.

One semi-common issue I get to see, is when a server we send mail to doesn’t timeout. This ties up an outgoing mail slot. Over a period of time, this can lead to issues where the whole outgoing or incoming queue is sitting doing nothing, as every connection is tied up by ‘tarpitted’ connections.

Ideally Qmail should be able to cope with these.  There are settings in qmail to control how long a connection takes, and how long it should wait for.  These settings are covered in the following files (usually set in /var/qmail/control)

Read more »

Although most of my friends are using 3G/s now, I do get the odd 2G phone to play with.

Today I had another crack at enabling MMS on a 2G. For some reason not much documentation, and too much misinformation out there on the net.

Guaranteed working instructions for China Mobile users below:

Install 3.1.2
Jailbreak with usual steps.
Add cydia.ifoneguide.nl in Cydia / Sources
Wait a bazillion years for cydia to timeout with the various blocked in China repositories.
Click Search
Download Activate 2G MMS
Reboot

Normally we’d be done, however the MMS settings won’t let us save a diffferent MMS and GPRS name, so we need to install a specific IPCC (iPhone Carrier Setting file) for China Telecom.
As China Telecom is (at time of writing) not an official iPhone supplier, they don’t have an IPCC file, so we need to roll our own.

Here’s one I found earlier – ChinaMobileCarrierSettingsWithMMS.zip

Download that, unzip, and throw on the desktop.

We’ll need to tell iTunes that its ok to use the IPCC file first, so close iTunes.
Now head off to terminal (or a DOS window for those on Windows), then paste this in.

Mac users:
defaults write com.apple.iTunes carrier-testing -bool TRUE

Windows users:
(32 bit)
“C:\Program Files\iTunes\iTunes.exe” /setPrefInt carrier-testing 1

(64 bit)
“C:\Program Files (x86)\iTunes\iTunes.exe” /setPrefInt carrier-testing 1

Done?

Ok, now open iTunes again, connect the phone if its not connected, and..

Mac Users:

Press + hold down Alt(option), and Click “Update”

Windows Users:

Press + hold down shift, then Click “Update”

iTunes will prompt you for a file.
Choose the IPCC file you downloaded.

Sync the phone.

Finally… shut the phone off again.

Once you power up again, you should be able to send/ receive MMS!

If its not working for you, check that the settings are in there –

Settings / General / Network / Cellular Data Network

(anything not listed below should be empty)

Cellular Data
APN -> cmnet

MMS
APN -> cmwap
MMSC -> http://mmsc.monternet.com
MMS Proxy -> 10.0.0.172
MMS Max Message Size -> 300172

Tested, and working on 2 x 2g iPhones!

Noticed that our incoming TLS connection queue was a little high – running at 60 concurrent connections for an hour or so.

A check of the queue revealed that all the connections were coming from a single IP – and were tying up the queue, making it a denial of service attack. This one ip address was connecting and reconnecting multiple times, hogging up all the connections.
Read more »

One of my friends brought round a notebook for me to Hackintosh yesterday. Unlike the usual god no… kind of options I get given, this is actually a nice machine.
This one is almost as Mac friendly as my current Nano sized Hackintosh (aka Loz’s Hackbook Nano)

I present the next best thing in Mini Mac’s (until the will it? won’t it? Mac Tablet comes out!) – The Samsung N310

The Samsung is a generic Atom based Netbook with the following hardware:

CPU Intel Atom N270, 1600 Mhz
Chipset Intel 82945GSE Graphics Controller
Graphics Card Intel GMA 950
Audio Realtek ALC272
Wifi Atheros AR5007EG Wireless
Ethernet Marvell Yukon 88E8040 PCI-E Fast Ethernet
Bluetooth Adapter USB Based Generic
Webcam USB Based Namuga 1.3M

Installation is remarkably easy.
You’ll need the following things – an External USB DVD drive, and Snow Leopard.

Download the latest NetbookInstaller ISO from here – http://osx.mechdrew.com/downloads/
Burn to CD. Connect your USB drive to the N310, and boot off of the newly burned CD.

Follow the instructions to swap with your Snow Leopard DVD at the appropriate time, and boot into the installer.
Install as normal (in my case, I just wiped the existing partitions, set the boot type to GUID instead of MBR in Partition, Options, and did a full install)
Once the OS reboots, boot from the NetbookInstaller ISO again, but this time choose the HDD (as we still need to install a valid bootsector for the OS to run)

The OS should boot up ok, fill in the relevant bits and pieces, and get to the desktop screen.
Open up NetBookMaker from the CD, navigate to the Tools folder and open NetbookInstaller:

I did this using 0.8.3RC4, but newer versions should be similar.
Click Continue for the Unrecognized Hardware Prompt.

Choose the correct disk in the Volume Dropdown, and
Check Install Chameleon 2 RC3
Check Install General Extensions
Check Generate a System Specific DSDT.AML file.
Uncheck everything else.

Click Install.

It should trundle away for a few minutes, then recommend you reboot.

Remove the NetbookInstaller DVD, and make sure that you can reboot ok from the Hard Drive

Right now you should have working Webcam, Video, Bluetooth, and Trackpad will support 2 finger scroll (go to System / Preferences/ Trackpad to configure)

We’re still missing Wifi, Audio, and you’ll notice that sleep doesn’t quite work yet.
To install those, we’ll need to download some extra Kext’s, and replace the wifi card.

Wifi – the original card is a crap atheros. I couldn’t be buggered looking for drivers, and immediately swapped it out for a Dell1390 Broadcom card. Cheap, and the same as real Macbooks, so no driver issues.
The N310 is reasonably easy to disassemble, just remove all the plastic plugs underneath (including the larger feet ones), and remove the screws. Gently remove the case bottom, and replace the wifi card.
If you use the Dell1390 you won’t need to install any drivers, they’re built in, yay!

For the remaining drivers, see below:
Audio – As I’m a nice person, I’ve uploaded the working driver here – http://www.kexts.com/view/182-alc272_%28snow_leopard%29.html
Sleep – Go to http://www.superhai.com/darwin.html, and download the 2 Snow Leopard kexts (VoodooBattery.kext, VoodooPowerMini.kext).

Download those to the desktop, unzip the kexts.
Copy to /Extras/GeneralExtensions, then rebuild the Extension cache.

You can do that manually or use a tool. NetbookInstaller nicely places a program called UpdateExtra into the /Extra folder which can rebuild the Extension cache for you.

Thats pretty much it!

If you are having problems with the laptop waking from sleep:
I’ve uploaded a DSDT.aml for the n310 here – DSDT.aml. you’ll need to rename it so that the .N310 is removed, and copy into the root folder over the existing DSDT.aml that NetBookMaker may or may not have created. I’d appreciate comments as to whether this works for you or not.

Iain in the comments thread was nice enough to email his working sleep DSDT.aml file, can some people try both and see if either work for them? Also check the BIOS settings as per Iain’s comment: Enabled EDB. Disabled Legacy USB Support. Enabled USB S3 Wake-Up

Download his DSDT.aml here. To use, rename file to DSDT.aml, and copy to /Extra, then reboot.

Note: If you do mess around with DSDT.aml files, please have a working recovery method available that you can access the hard drive with (eg an OSX Install DVD + Boot132 CD). Apple’s install DVD can also be used for recovery.

If you find that you can’t boot after installing the DSDT.aml, boot from the Boot132 CD or USB, then boot into to the OSX install DVD. Go to terminal in the installer, and delete the offending file, then reboot.

Now you should have a fully working Samsung N310 running OSX Snow Leopard!

I haven’t bothered messing around with the brightness or volume stuff, but the volume on/off keyboard functions work, as do the trackpad on/off.

Good luck with yours!

Useful links:
http://www.kexts.com – kexts (drivers) for OSX
http://www.superhai.com/darwin.html – Power related drivers for OSX
http://osx.mechdrew.com/ – MechDrew from MyDellMini’s site on Hackintosh Installs
http://cid-8b65993ef55cf014.skydrive.live.com/browse.aspx/.Public/OSx86/Snow%20Leopard – some Czech site hosted on live.com full of goodies/ kexts

Seems that when it rains, it pours.

The gods were not content to give us only one issue today from an external provider, but two!

At approximately 7pm the network that includes our mail server was on got hit by a massive denial of service attack.
The nice people at Shanghai Telecom decided that they would simply shut off routing for the entire subnet as their optimal solution.

We have a nice graph of that happening here:

Note the sudden precipitous drop in network traffic starting at approximately 7pm, which lasted until approximately 8pm.

We also have images of the DoS attack [although not completely, as our network was null routed (shut off) for the brunt of the attack]

You can see the sudden increase in incoming traffic in this image below (which occurred before they killed the network completely).
The green line which indicates incoming packets suddenly goes sky high before the network people shut off the network.

Some of the other servers also got hit by this – notable our web servers, although they didn’t cut those off thankfully.
See below for a view of that traffic.

As the old curse goes – may you live in interesting times.
Some days are more interesting than others!

Setting up OpenVPN was a real PIA for a number of reasons DNS, crap documentation, and general issues with vpn clients.

My working notes are below:

Install OPENVPN from tar.gz or apt-get install…
Generate key’s etc (tons of other tutorials on that)

Prelim info
My vpn server has a static ip address, in the 66.xx range. Our local client machines use a 192.x range (typically).
I setup a tun address for 10.1.0.1 for the server.

As we don’t want to have routing issues, I set openvpn to use the 10.x range for any vpn connections.
(Essentially all clients connected to the openvpn ip will get a 10.1.0.x address).

I also force clients to use our DNS server (more on that later), as China does some DNS lookup interceptions which break stuff if you are using a tunnel. I also don’t use openvpn on the standard port 1194, as I was seeing mysterious tcp resets when using the common vpn ports. Amazing how that happens in China. Lastly, I’ve put in on port 8080 for our users, as this seems to work without issue.

To do all that, I created an openvpn.conf file with the following:

port 8080
#proto tcp
#dev tun
proto udp
dev tap
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
server 10.1.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
client-to-client
push "redirect-gateway"
push "dhcp-option DNS 10.1.0.1"
link-mtu 1456
mssfix 1412
cipher AES-256-CBC

(You can read the standard install stuff for your own key generation)

Next we need to tell our server to route stuff appropriately for vpn traffic

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -p udp --dport 8080 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A INPUT -i tap+ -j ACCEPT
iptables -A FORWARD -i tap+ -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.1.0.0/24 -o eth0 -j MASQUERADE

(You’ll need to change the 10.1.0.0 to your actual vpn user subnet if you change in the openvpn.conf)

OpenVPN should start, and be connectable.

My client config looks approximately something like this:

client
dev tap
proto udp
remote mysupersekritvpnserver.com 8080
comp-lzo
verb 3
mute 20
nobind
persist-key
persist-tun
cipher AES-256-CBC
ca ca.crt
cert my.crt
key my.key

my.crt, my.key, ca.crt should be copied / generated from the server, and copied over to the client machine.
mysupersekritvpnserver.com should be changed to your server name.
We use Mac’s mostly, so we use tunnelblick, copy that config in, check the “Set NameServer” box in Details.

You should be able to connect now and ping remotely with that.
Next, we need to setup DNS

For the longest time I couldn’t get this working, despite me reading and re-reading the doc’s.

We use dnscache for dns lookups on our servers. DNS Cache allegedly allows lookups from other ip addresses by sticking whats allowed into /etc/dnscache/root/ip

This wasn’t working at all.

Eventually I twigged that dnscache binds to one ip address, and ignores the others, which is why local lookups worked, but tunnel started ones didn’t.

Took me a while to see that though. Was only when I did an nmap 10.1.0.1 and saw port 53 was closed, that I realised, despite the misleading fscking documentation which says “just add the ip address for the computers allowed to connect” to the dnscachefolder/root/ip, you really need to bind it to all the ports you will want lookups to work for.

Which is not clearly mentioned in any documentation I saw on the net.

I ended up making another dnscache specifically for our tun address on 10.1.0.1, and telling it to allow queries from the actual server ip 66.x, and from 10.x, *then* it started working.

Hours of fun and joy.

Worth it though, I can now connect to bookface and toobyou, yay!

Unfortunately, its back to the techie stuff for a few posts!

Here are my crib notes on installing NGinx on one of our client servers.

Add spawn-fcgi (cos its split from litettpd now) http://redmine.lighttpd.net/projects/spawn-fcgi/wiki/SVN


cd /downloads
svn co svn://svn.lighttpd.net/spawn-fcgi/trunk spawn-fcgi


No svn..grrr


apt-get install subversion subversion-tools
svn co svn://svn.lighttpd.net/spawn-fcgi/trunk spawn-fcgi
cd spawn-fcgi
./autogen.sh
./configure
make
make install


spawn-fcgi should be happily installed in /usr/local/bin/spawn-fcgi now

make sure we have php5-cgi
apt-get install php5-cgi

Check spawn-fcgi runs -
In my case not, had to rebuild eAccelerator @#$@#$!, did that, and all ok


/bin/spawn-fcgi -f /usr/bin/php5-cgi -a 127.0.0.1 -p 53217 -P /var/run/fastcgi-php.pid


Note port 53217 can be any unused port from some high unused number though to 65535
We’re going to be installing NGinx from debian packages, but probably better from source long term…

apt-get install nginx

pico /etc/nginx/nginx.conf


change some default settings


user www-data;
worker_processes 1;

Now we add our virtual hosts in /etc/nginx/sites-available


pico /etc/nginx/sites-available

Lastly, we add our fast-cgi settings, using our port from above 53217


fastcgi stuff here


If anyone wants to mess around with the settings for the Huawei eHome router EchoLife HG522-c (typically the ones supplied with the “3M or 4M” connection), then here are the user / pass settings.

Site: http://192.168.1.1/
User: telecomadmin
Pass：nE7jA%5m

Useful if you want to rejig the QoS settings.

The other standard modem HG520S is easier – admin / admin

Might be useful for some folks. I’m mostly posting here for myself, as I’ll probably forget and need to google it later.

[Update 23/Oct/09: Hotmail has fixed this issue now]

Our logs were showing lots of repeated send failures from Hotmail.
A closer investigation of the issue has revealed that Hotmail has suddenly decided that the mail RFC’s are too good for them to follow.

RFC’s are the standards which define how things work. When people don’t follow the standards, this makes things break.

In this case, it meant that all mail from Hotmail was being rejected, this is a Hotmail is broken issue!
Getting Hotmail to change their broken setup is likely to be non-productive – there are already a few pages of complaints about it on their site, complete with the boilerplate totally useless replies from drones who don’t understand the issue, despite it being helpfully spelled out for them.

See here –
http://windowslivehelp.com/community/p/127432/474962.aspx
http://windowslivehelp.com/community/t/123986.aspx

Unfortunately, while bouncing invalid email content is correct from a technical perspective, our clients need to be able to receive mail from Hotmail.
As an interim solution, I’ve patched qmail to allow for bare linefeeds.

This was fairly easy – a small patch to qmail-smtpd.c, a recompile, then restart qmail-smtpd.

To patch, look for switch(state) in qmail-smtpd.c, and remove the straynewline(); calls, so that barelinefeeds are accepted.
Code to change below:

case 0:
if (ch == '\n') { state = 1; break; }
if (ch == '\r') { state = 4; continue; }
break;
case 1: /* \r\n */
if (ch == '.') { state = 2; continue; }
if (ch == '\r') { state = 4; continue; }
if (ch != '\n') state = 0;
break;
case 2: /* \r\n + . */
if (ch == '\n') return;
if (ch == '\r') { state = 3; continue; }
state = 0;
break;