Cox Gigablast Install

Around November 2015 I got a letter in the mail from Cox Communications, my ISP. “Gigablast is coming soon!” it said, along with a warning that service might be interrupted from time to time over the next few weeks as they install infrastructure.

Gigablast is Cox’s Fiber To The Home (FTTH) gigabit internet offering.

Needless to say, I was excited. I was already on their highest-tier plan (300Mbps down, 30Mbps up), but faster always seems better. Why? Because why not?

I was also very interested in the rollout because I wasn’t familiar with much of the technology of optical networks. This was a chance to observe up-close how it all works. And since a lot of the technology was going underground, there would be a limited window of opportunity to observe it, ever.

With that in mind I did my best to take photos, talk to workers, and document as much of the process as I could. I’ve documented the process here in roughly chronological order, and I’ve done my best to gather the details necessary to get a good grip on how the Cox Fiber network is physically setup in neighborhoods with Gigablast.

If you know details that I don’t, or have corrections, I’d love to know.

Step 1: Digging the holes for the POSs and Digging some trenches for new conduit.

The first sign of activity in the neighborhood was the digging of holes to install the POSs. A Passive Optical Splitter is the point in an optical network where the incoming “Main” fiber line is split up into a single line for each house.

Workers dig a hole for an POS
A utility box is prepared to be placed into the hole previous dug. The POS will sit on this utility box, fed by the Fiber in conduit beneath it.

Step 2: Pulling Conduit and Pulling Fiber to the Pedestals

While the POSs are being prepared, workers are pulling conduit through the existing coaxial conduit. Yes, that's right, they're pulling conduit through existing conduit. You can see the new, bright orange conduit being pulled within the existing gray conduit. Once that has been pulled, the fiber is pulled within the orange conduit. I presume this is because the stresses that the orange flexible conduit can endure far exceed what they are willing to put the fiber through.

New conduit (orange) being pulled near the existing coaxial amplifier, and the new utility box that the POS will be placed on.
Closeup view of new conduit (orange) near existing amplifier and the new POS container.
New conduit (orange) being pulled to the pedestal in front of a house. Once the new conduit is in place, fiber was pulled through the new (orange) conduit.
Inside of the underground utility box where the POS will be placed.

Step 3: Installation of the POS

Once the conduit is in place the POS is installed adopt the utility box that was placed in the ground. So far all of these are right next to existing amplifiers in the coaxial network. This seems like a logical way to structure the network, but by no means would it be mandatory.

Once the POS is installed, the fiber was pulled into the cabinet and terminated.

POS atop its utility box. Fiber is fed from beneath.
Closer view of Cox POS.

Step 4: Termination of the Fiber at the Pedestals

This was one of the most confusing parts to me before I watched the install take place. I couldn't figure out how the fibers were routed through the pedestals. Were there optical switches in each pedestal, linking the fibers to main network? Were there splices everywhere?

Turns out the answer is super simple.

The cable that's pulled from the POS is then looped through each pedestal, with about 12 or 15 feet of coiled slack left in each pedestal.

The trick is that this cable actually has 96 glass fibers in it, enough for 96 houses.

Example of multi-fiber cable.

Here's how they do this at each pedestal:

  1. Pull off the out layer(s) of insulation, exposing the "tubes". (Each "tube" contains 12 optical fibers, each in its own protective jacket).
  2. Pull off the out layer(s) of the tube(s) that need to be access at this pedestal.
  3. Now the individual fibers are visible, in their protective jackets.
  4. Cut the fibers that need to be terminated at this pedestal.
  5. Terminate the fibers with standard SC or LC (etc) style connectors and install in place in the pedestal.
  6. Carefully coil the cable back into its harness and close up the pedestal.

So the trick I failed to see is that, the fibers that are terminated at this pedestal remain in the cable bundle, they're just unusable beyond this point.

Here's a diagram representing this:

The path of the fibers in the main cable bundle, from pedestal to pedestal.

Step 5: Home Install

The Home install is very straighforward. There are only a few steps:

  1. Pull Fiber and a new piece of Coax from the Pedestal to the Home through the existing conduit.
  2. Terminate the Fiber inside the home and connect to an ONT, installed in the home.
  3. Terminate the Fiber at the pedestal and connect to incoming Fiber.
  4. Provision the ONT (Mine is an Alcatel-Lucent G-010G-A).
  5. Do a speed test.
Pulling new Fiber and RG-6 from the pedestal to my house.
This box, on the wall in my garage, splices the rigid fiber from the conduit (black) to the flexible cable that was run to the ONT in my house (beige).
Closeup of the flexible fiber.
Terminating the flexible fiber.
Terminating the flexible fiber.
The tool used to splice the connectors onto the ends of the fiber, a Swift F1.
Some of the many layers of a fiber optic cable.

Final Notes

  • A new piece of Coax was pulled at the same time. At least in my neighborhood TV isn't going to be on Fiber any time soon. The old Coax was used to do the pull of the new cables.
  • A box was installed in my garage were the rigid fiber from the conduit was spliced to much more flexible fiber that was then run to the ONT.
  • The ONT was required to be indoors. The garage was not sufficient.
  • I was able to keep using my existing router (TP-Link Archer C7). The techs recognized it and gave me no trouble leaving it in place.
  • The techs noted that Gigablast is not overclocked the way the rest of their internet products are. If you get 950Mbps, be happy. Don't expect over 1000. Also, good luck finding a switch or router that'll go over 1Gbps for any consumer price at this point, so you wouldn't notice anyway.
  • The connectors were spliced onto the ends of the fiber, the fiber wasn't hand-fed and terminated through the connectors.
  • The installation was 2 hours from the time the first tech showed up until I was back online.
  • The installation process was supposed to take multiple days (pull fiber one day, come back and install ONT another), but the tech offered to pull the fiber and do it all in one go. Of course I took him up on the offer.
One of the many speed tests I have run since the install. The max speed I've seen is about 960Mbps. I'm satisfied.

If you know details that I don’t, or have corrections, I’d love to know.

Corrections

  1. An earlier version of this article mistakenly referred to the POS as an OLT. The OLT exists in the CO or PoP, not in the neighborhood.
  2. An earlier version of this article mistakenly referred to the coax being pulled as "RG-8". It is, in fact, RG-6.
  3. An earlier version of this article referred to coaxial "Nodes". These are, in fact, Amplifiers.

Colorado River At Hoover Dam

The Best Parts from Apple's Motion To Vacate

This afternoon Apple posted a motion in response to the order brought by the court on behalf of the FBI:

APPLE INC’S MOTION TO VACATE ORDER COMPELLING APPLE INC. TO ASSIST AGENTS IN SEARCH, AND OPPOSITION TO GOVERNMENT’S MOTION TO COMPEL ASSISTANCE

You can read the entire document if you're interested.

What I find brilliant about this particular motion is that it's clearly written in a manner meant to be quoted from. Some sections almost read as a collection of sound bites more than a legal argument. That said, make no mistake, this is a thorough dressing-down of the FBI's request.

Below you'll find my favorite quotes from the document.

In fact, no court has ever authorized what the government now seeks, no law supports such unlimited and sweeping use of the judicial process, and the Constitution forbids it.

In short, the government wants to compel Apple to create a crippled and insecure product.

Finally, given the government’s boundless interpretation of the All Writs Act, it is hard to conceive of any limits on the orders the government could obtain in the future. For example, if Apple can be forced to write code in this case to bypass security features and create new accessibility, what is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone’s user? Nothing.

Moreover, this is the only case in counsel’s memory in which an FBI Director has blogged in real-time about pending litigation, suggesting that the government does not believe the data on the phone will yield critical evidence about other suspects.

A. The All Writs Act Does Not Provide A Basis To Conscript Apple To Create Software Enabling The Government To Hack Into iPhones.

Moreover, federal courts themselves have never recognized an inherent authority to order non-parties to become de facto government agents in ongoing criminal investigations. Because the Order is not grounded in any duly enacted rule or statute, and goes well beyond the very limited powers afforded by Article III of the Constitution and the All Writs Act, it must be vacated.

If the government can invoke the All Writs Act to compel Apple to create a special operating system that undermines important security measures on the iPhone, it could argue in future cases that the courts should compel Apple to create a version to track the location of suspects, or secretly use the iPhone’s microphone and camera to record sound and video. And if it succeeds here against Apple, there is no reason why the government could not deploy its new authority to compel other innocent and unrelated third-parties to do its bidding in the name of law enforcement.

While these sweeping powers might be nice to have from the government’s perspective, they simply are not authorized by law and would violate the Constitution.

Moreover, responding to these demands would effectively require Apple to create full-time positions in a new “hacking” department to service government requests and to develop new versions of the back door software every time iOS changes, and it would require Apple engineers to testify about this back door as government witnesses at trial.

Moreover, the government has not made any showing that it sought or received technical assistance from other federal agencies with expertise in digital forensics, which assistance might obviate the need to conscript Apple to create the back door it now seeks.

Under well-settled law, computer code is treated as speech within the meaning of the First Amendment.

The government disagrees with this position and asks this Court to compel Apple to write new software that advances its contrary views. This is, in every sense of the term, viewpoint discrimination that violates the First Amendment.

If the government did have any leads on additional suspects, it is inconceivable that it would have filed pleadings on the public record, blogged, and issued press releases discussing the details of the situation, thereby thwarting its own efforts to apprehend the criminals. See Douglas Oil Co. of Cal. v. Petrol Stops Nw., 441 U.S. 211, 218-19 (1979) (“We consistently have recognized that the proper functioning of our grand jury system depends upon the secrecy of grand jury proceedings. . . . [I]f preindictment proceedings were made public, many prospective witnesses would be hesitant to come forward voluntarily, knowing that those against whom they testify would be aware of that testimony. . . . There also would be the risk that those about to be indicted would flee, or would try to influence individual grand jurors to vote against indictment.”).

In addition to violating the First Amendment, the government’s requested order, by conscripting a private party with an extraordinarily attenuated connection to the crime to do the government’s bidding in a way that is statutorily unauthorized, highly burdensome, and contrary to the party’s core principles, violates Apple’s substantive due process right to be free from “‘arbitrary deprivation of [its] liberty by government.’”

For example, society does not tolerate violations of the Fifth Amendment privilege against self-incrimination, even though more criminals would be convicted if the government could compel their confessions. Nor does society tolerate violations of the Fourth Amendment, even though the government could more easily obtain critical evidence if given free rein to conduct warrantless searches and seizures. At every level of our legal system—from the Constitution,28 to our statutes,29 common law,30 rules,31 and even the Department of Justice’s own policies32—society has acted to preserve certain rights at the expense of burdening law enforcement’s interest in investigating crimes and bringing criminals to justice.

Photo Posts

I’ve wanted to add photography to my site for a long time, but never had a good way to add photo posts. It was always a chore to copy the file, resize it into multiple sizes, find the filenames and copy them where they needed to go, then create the post and add the image tags, link it all up, and finally push the update.

So I finally wrote a script to do it all for me.

For the impatient you can download the script here.

Prerequisites:

  • Jekyll
  • Image Magic: brew install imagemagick

Install image magick, and if you’d like, create a folder action to automatically run the script every time a new file is dropped into it. This way you can just export photos to this “magic” folder, and you’ll instantly have a new photo post ready to go.

Install the script somewhere in your PATH. I put mine in /usr/local/bin.

Now, export a photo from Photos or Lightroom or wherever you’d like; just be sure you have a title and description set in your exif data.

The script runs and resizes the photo, copies the resized images into your _assets folder, and then creates a new post for the photo.

I’m using a this post template for my photo posts. Customize it to your liking, of course.

Updating your feed.xml and adding your own photography landing page are left as exercises for the reader.

Calderwood Butte

Early Morning Cholla

Sunset Behind The White Tanks

The Nightmare Scenario

Apple announced today via an open letter to their customers that they would not be complying with a court order to "assist in the enabling of the search of a cellular telephone". This particular phone was owned by one of the San Bernardino shooters.

Part of Apple's letter states:

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

It would be reasonable at this point to ask the question, "What's the big deal, Apple?" Especially when Apple says in the previous paragraph, "We have great respect for the professionals at the FBI, and we believe their intentions are good."

Here's why this is a Big Deal, and why Apple giving in and creating such a piece of software truly is a Nightmare Scenario:

1. Apple can't Just Decrypt This Phone

The FBI has already asked Apple to do this, and they said it's not possible. Since iOS 8 was released, all iOS devices encrypt their contents with a combination of data that's only on the device. Apple doesn't have this data, and they can't retrieve it, even if they wanted to. The only way to decrypt the phone is by entering the passcode.

2. The FBI can't Guess the Passcode

The phone only allows 10 wrong guesses before it will erase its contents, and entering the code requires physically tapping on the screen, a process which takes several seconds per attempt. Even if there was not a 10 try limit, it would take years for the FBI to try every combination.

3. What the FBI Wants from Apple

The court order demands apple do 3 things:

  1. Turn off the Auto-Erase function.
  2. Allow passcodes to be entered electronically.
  3. Ensure that passcodes can be entered as quickly as possible by the software (no added delay).

4. How Apple Could Comply

Because the security features are a built-in part of iOS, the only way they could be bypassed would be for Apple to build a custom version of iOS that removed these security measures. Then, this custom version would have to be installed on the phone in question, where it would then allow the FBI to run their own software to attempt to guess the passcode. It is not clear if the FBI would be successful in this endeavor even given the opportunity.

5. Why Compliance Would be a Nightmare Scenario

If Apple were to create a version of iOS that could remove these security features when installed, then you can rest assured that it would only be a matter of months before:

  1. Other law enforcement agencies would demand access to this software to attempt to unlock phones for all sorts of petty crimes.
  2. Those same law enforcement agencies would immediately lose possession of the software to malicious parties.
  3. Exploits would appear online, tricking users into "upgrading" their phones to use this insecure software, making it instantly accessible to malicious hackers the world over.

The bottom line is that this is pandora's box. If Apple creates a piece of software to turn off all these features, then the features might as well not exist for anyone, and that software will absolutely be used for evil in short time.


None of this addresses what is arguably a bigger issue: Whether or not government should be able to force companies to create new products with the purpose of rendering old products insecure and/or for the explicit purpose of acquiring their customers' private data.

Control A ZWay Server From The Command Line

Who doesn't want to automate their house via cron?

I have a Razberry module hooked up to a RaspberryPi, along with about a dozen or so Z-Wave devices (switches, sensors, etc.) throughout my house. The ZWay server still has an awful scheduling UI (you have to add an app for each schedule rule you want). Even X-10 had a scheduling UI, in the 90s. (Sadly, I couldn't find any good pictures of this old interface; perhaps I'm forgetting the proper name of the device.)

Well, cron has been executing the world's scheduled jobs since 1979. Whenever I can utilize a simple *nix tool to get a job done, I jump at the chance.

The only problem is that there isn't a basic command line interface to the ZWay server. So, I wrote one.

zway-cli is a simple Ruby gem that gives you basic command line access to your ZWay server. You can query device status, and turn things on and off. It's super basic, and super simple, which is exactly what I wanted for an application like this.

Things like this make me happy: $ zway kitchen_lights on

If you're running ZWay and want a simple way to control it via the command line you ought to give it a try.

How to 3D Print a Copy of your House Key

What You'll Need

Preparation

First, figure out if your house key is a Kwikset or Schlage. If it's made by another manufacturer then you'll need to find someone who's made parametric or similar files for your brand of lock.

Next, download the appropriate OpenSCAD file from the bottom of this article.

Measure Your Key

Now, get out your calipers and measure the depth of each of the "Valleys" of the cut, beginning with the valley closest to the shoulder of the key (the end you hold with your fingers when using the key).

The depth is the distance from the flat side of the blade to the bottom of the valley. Write down the values, as we'll use them in the next step.

Note: If you have an original key already, it may be printed with the 5-digit cut code right on the key already. In that case, skip ahead to the section on Setting up the OpenSCAD model.

Figure out the Cut Code

Keys are cut from the factory with "Codes". Each "Code" value corresponds to a cut depth. What we need to do is work back from the cut depth to the code.

To do this, go to this chart of key code cut depths and scroll down to the section with the values for your lock.

Now, match up the depths you measured with the closest Root Depth value. Write the code (0-9) next to the measurements from before, again working from the shoulder out.

Setting up the OpenSCAD Model

Now that you have the codes, open up the OpenSCAD model for your key type, and scroll to the bottom. Replace the codes with the code for your key, render, and export as an STL file.

Printing The Key

I printed my key on the highest quality setting my printer would allow. I recommend you do the same. Being such a small part the print was very quick.

Using The Key

The first time you go to use your key you may find it difficult to get into the lock. My print lacked the precision in the profile cuts that would allow it to move smoothly at first. With a little bit of scraping or chiseling, you should be able to get it into the lock without too much force, and it should turn freely.

Note: Do not force the key! You do not want to break the key (or any parts) off in your lock, as this could render it unusable!

What if it Doesn't Fit?

Recheck your pin depth measurements and print again, if necessary. Now that you have a printed copy it should be easier to see where things went wrong. Measure your key vs. the printed key to find any codes that are mismatched, then update them in the model and reprint.

Parting Thoughts

I would recommend that you not use this key on a daily basis. A 3D printed key, especially if you're printing with PLA (a very soft material), is going to lose material into the lock each time you use it. Over time you're likely to accidentally introduce plastic fragments that jam your lock or break your key off in the lock.

However, a printed key can make a great emergency key. Key it on hand in a drawer or at a friend's house in case you need an extra key in a hurry.

If you really need a permanent key, try Key.me, or your local hardware store.

3D Printing

I got my first 3D Printer on January 6, 2016. I ordered a Maker Architect 3D Printer from Monoprice for $299. It turns out that the Maker Architect 3D is basically a Flashforge Creator, with a single extruder and no heated bed. It came with 1kg of white PLA filament.

Unboxing

The unboxing experience of this printer was pretty poor. I had already read the reviews and knew that the instructions were limited at best, so it wasn't surprising. As poor as the experience was, it was pretty easy to get going. Just a matter of bolting the extruder to the rails, attaching the filament holder, then booting it up and running the startup script.

Leveling the Bed

As I was reading up on 3D printing before my printer arrived I kept reading over and over how important it is to have a perfectly level print bed to get good prints. So when it came time to walk through the bed leveling process I went very slowly, following the instructions as closely as possible.

One problem I've run into is that, during the leveling process, the printer moves the head to the back-center position and asks me to slide a piece of paper for measurment between the bed and the extrusion head. The problem is that the head is actually beyond the bed at this point, so there's no great way to measure. I haven't figured out how to fix this yet.

First Print

My 3D printer came with an SD card that included some test prints available for you right away. I started printing the 42mm test cube, but pretty quickly aborted the process. It was going to take forever to print this cube.

Instead, I downloaded a 22mm test cube from thingiverse to print. This is where I first ran into confusion in dealing with software, which at least at this time was very convoluted.

Software

In order to print on my printer, I need to give it files in x3g format. X3G is a kind of GCode format that's common among Makerbot and compatitble printers. However, the object files you download are in STL format. So, what do you do?

Go download and install Makerbot Desktop. Then, drag your STL file into Makerbot. From there, click Settings, and configure your print settings. For your first test print, try just going with the standard quality preset. The only things to look for would be bed temperature (set to 0° if you don't have a heated bed) and max movement speeds. In my case the manual listed those out, and all of the standard template values were within range, so I just stuck with the defaults. Then, it was time to export the X3G file, copy it to the SD card, take the SD card over to the printer, and try to print.

First Print, Actually Printing

This time, the print moved along at the speed I was expecting. It took about 15 minutes to print the 20mm cube on top of a raft.

Getting the Print off the Bed

My printer came with a sheet of 3M material that I stuck to the top of the acrylic bed before leveling. For me, getting the prints off has been pretty easy with my knife. Just stick the edge of the knife under the edge of the raft or part, and start prying gently. I haven't had a problem with a part sticking to the board (parts sticking to the raft is another story). For the cube, it popped right off, and the raft also peeled right off for me. First print success!

Next

I've printed about a dozen items since then. I'll cover the more interesting ones in other articles. For those looking for objects to print, there's a reason everyone goes to Thingiverse.

Building a (Siri Controllable) Raspberry Pi Thermostat

When it first came out, I was really enamoured with the nest thermostat. The idea of a remotely-accessible, app-controlled thermostat appealed to the gadgeteer in me, but the price and lack of flexibility (it really wanted to be left alone to learn and do its own thing, as opposed to being controlled by a fixed schedule), plus my propensity to tinker, led me to build my own.

For a long while I had an Arduino-based thermostat running in my house, but I wasn't very happy with it. Writing code for the Arduino isn't always very fun (for me), especially when you want it to be web-accessible.

Then came the Raspberry Pi.

This is what I had always wanted: a little full-blown computer with a bunch of GPIO pins. It runs Linux, which means you can leverage all the great software you're already using elsewhere, and you're free to use your programming language and web technologies of choice when building the software.

Overview

The basic idea of the PiThermostat is this: The Raspberry Pi reads the current temperature from a Dallas 18B20 temperature sensor, and then turns on/off the relevant relays on a linked Relay Board. That relay board can either control the direct wires from your existing thermostat, or can control the A/C power to an outlet, etc. This gives you full flexibility to replace an existing central HVAC thermostat, or just control a window A/C unit. I have two thermostats running, one in each of those configurations.

Parts List

This is the current parts list:

Setting Up the Raspberry Pi

  1. Download the latest version of Raspbian from raspberrypi.org.
  2. Install the image to your SD card.
  3. Connect your Raspberry Pi to the network, wait for it to boot, then SSH to it.
  4. Run raspi-config and configure your Pi as desired, changing passwords, etc.
  5. Turn your Pi off.
  6. Wire up your temperature sensor. I used GPIO pin GPIO04 (hardware pin #7). See the pinout here
  7. Wire up your relay board. I used GPIOGEN0 - GPIOGEN3 to control relays 1-4, respectively.
  8. Install the software to run the PiThermostat code as explained under 'Setting up the Pi' over on the project Github site

Controlling the Thermostat From the Web

By default, the rails app powering the thermostat runs on the web. Just point your browser to that IP Address / URL and you can set the temperature, set schedules, override schedules, etc. Just make sure you setup the thermostat on the rails console first.

Controlling the Thermostat From An App

The rails server has a full REST API for handling a native app. I've hacked together a few UIs to manage my thermostats, but none are polished enough to be worth releasing. If you write one I'd love to know.

Controlling the Thermostat From Siri

This is where things get even cooler. First, go install Homebridge, which basically involves installing node.js and editing a single config file.

Once Homebridge is installed, go get the accessory file for the PiThermostat, and install it into your accessories folder. Then edit your config, restart Homebridge, and boom, you should be able to tell Siri to "Make the thermostat colder." If you have an Apple Watch, you can even do it from your wrist, Dick Tracy style.