Eero surprise

I just had a surprising discovery about my Eero.  I made a mistake!

On Thursday evening, I installed it in my home.  First, I attached it to my cablemodem, as instructed by the iPhone app, then I attached two more units to my network in other parts of my home.  Everything has been working well since.

I remembered a day or two ago thinking about that main Eero unit.  I didn’t seem to remember attaching it to my primary ethernet switch.  But I must have, right?  It’s been working fine.

Tonight, I was in the living room where the main Eero is, and I looked at it, only to find that it had a single ethernet cable attached, which runs to my cablemodem.  It was not physically connected to my network at all!

As it turned out, at least one of the other Eero units has been connected back to the main Eero using the wifi mesh.  And my network has been working very well.  We’ve been streaming Netflix, stream shows on the AppleTV from the cloud, playing an MMO game, etc.

So, congratulations Eero – the fact that my entire network was connected to the Internet across your wifi mesh, and I didn’t notice… Well, that’s great!

I did correct this issue this evening by adding a cable from the main Eero to my primary ethernet switch.  I understand that some lag was introduced in an MMO game for about 20 seconds or so when I attached it, but it seemed to adjust to the network topology change and keep right on going.

July 24, 2016 at 8:49 pm Leave a comment

Eero arrives – First look

My three pack of Eero devices arrived today.  I attached them each to a ethernet switches around my home, so I’m not using the wireless mesh capabilities of these units.

Installation went very smoothly.  I performed a quick series of speed tests (using the Ookla speed test app).  Virtually everywhere inside my home, I’m now getting speeds in excess of 40 Mbps down.  Close to an Eero?  Closer to 85-95 Mbps.  Out around the pool, I got around 30 Mbps for the most part, with one exception around 10 Mbps..

The parental controls features of the Eero aren’t quite what I had hoped.  When I think Parental Controls, I think internet filtering.  In the Eero, at least in the current form, it appears that this only covers grouping devices to a person, and having the ability to set schedules for when those devices have Internet access, pausing the Internet, and that sort of thing.   A similar feature advertised by Luma appeared to do things like this, plus filtering. I understand they have been putting out multiple updates each month, so hopefully a future update will include filtering based on family profile settings.

I’ve experimented with multiple access points in my home before, and those experiments always seemed to not work out quite as well as I had hoped.  If you give them different SSIDs, you have to switch networks from time to time, depending on where you are.  If you name the SSID the same on multiple APs, I’ve found issues with wireless devices “sticking” to a given AP.  Say you are in one part of the house, connected to AP1, and you move to another part of the house, near AP2.  It seems that as long as AP1 is somewhat within range, your wireless device will stay connected to it, even though there is a better signal available.

I have not really seen this problem with the Eero.  If I walk around my home, it seems like my iPhone moves to whichever Eero I’m closest to, judging by the number of bars my iPhone shows.  So far, I’m pretty impressed with the coverage.  I’ve generally wired most devices, but that may change with the Eero system in my home…

Hopefully, I’ll have more news to report in the next few weeks or so.

Update:  I removed part of this entry related tosomething  I thought was not in Eero yet, but I found it the next morning.

July 21, 2016 at 10:54 pm Leave a comment

Wifi woes

I switched a few months ago to an AC router that’s sort of pro-sumer grade.  It was actually one I got on kickstarter that I was really excited about, as it dealt with home automation as well.  When I got it, I tried to use it, but it did not work very well.  After perhaps a year, I found that it was fairly usable.  I get decent coverage almost everywhere in the house.  Almost.  Also, sometimes my wife’s iPad has trouble (while I, a few feet away with my iPhone, don’t)…  The other day I ended up rebooted the router to get everything to recover, as my iPhone wasn’t working on wifi either.

Anyhow, a few months ago, I pre-ordered a Luma system to resolve my Wifi woes.  Around mid-May I believe, I got an email from Amazon saying my Luma would arrive by 7-20.  I’ve been watching the last few weeks with interest, but was very unhappy to find that it still had not shipped on Monday… Or Tuesday.  Today, I got an email from Amazon basically saying they don’t know when it will ship.  The word on Luma’s Facebook page is that Amazon pre-orders should be delivered by 8-26.

I’m guessing someone at Luma messed up, or perhaps the problem is Best Buy.  Back in June, I think, Luma announced that Best Buy would be selling their product in-store.   So, they are diverting some stock (they say 5%) which would otherwise be going to fulfill pre-orders to Best Buy.  I’m not so sure I believe them.

Today, I decided to vote with my wallet.  I cancelled my Luma pre-order, and ordered an Eero instead.  Yes, I’m paying a significant premium over the Luma, but it will be here tomorrow.  I know, I could have ordered a Luma from Best Buy, or possibly walked into a store and found one.  But…

From some reading I’ve done, the Luma doesn’t quite live up to their advertising.  It seems like the features aren’t all there as shown in their introductory video.  Will it get there?

Probably, eventually.  I imagine it will be months of growing pains, waiting for new firmware and such to be released to get everything fixed, and the missing features in place.  I’ve grown tired of that (with the other unnamed router I talk about in paragraph 3, above).

I was giving them a chance, waiting since the end of April for this product.  But the shipping date was missed, and Amazon isn’t saying when it would ship…   Social media says it’s over a month away.

I’m moving on to a more mature product, one that probably won’t give me trouble right out of the box.


July 20, 2016 at 7:14 pm Leave a comment

SageTV is now open source

SageTV is a great product that I used years ago as my DVR.  What made it such a great system was that they also sold network connected set-top boxes to place around your house to watch the content.  It had a great plug-in system and lots of developers making custom interfaces and all sorts of extensions.  Then Google bought them in 2011 and they stopped selling the hardware and software.

I’ve been using MythTV for a year and a half, perhaps longer.  For the front-end of MythTV, I’ve been using Kodi on a FireTV, or (more recently) MrMC (a Kodi fork) on an AppleTV.

It’s still not as good of an experience as we had with SageTV.  SageTV had commercial detection that worked very well.  It tracked the history of the shows you have watched, could automatically convert your recordings to other video formats to save space, and had a great interface (that is actively being developed further).  It has a web interface that lets you do tons of stuff.  You can do batch jobs with a plug-in.  There’s a plug-in if you like recording sporting events that will automatically extend the recordings if your events run over.  And tons more.  It was a product way ahead of it’s time.

Years went by, and while there were advances in other products, there’s still nothing as good as SageTV, in my opinion.

You might then be able to imagine my excitement then when late last year (2015), Google open-sourced SageTV.


Of course, they aren’t bringing the hardware back, but that’s where the community comes in.  One developer has created an Android application that effectively emulates the original set-top box hardware.  The SageTV server does all the interface work, so you get the advantage of this working with all the plug-ins that work with the set-top boxes too…

I’ve been testing with the Android app on a 1st Gen FireTV and it looks very good.  I do sometimes run into issues with it not wanting to play content, until I restart the application.  But if little issues like this can be worked out, this will be a great solution.  Forget the dedicated SageTV-only hardware, just run it on whatever android-based hardware you can find…

I imagine that, given a bit more time, this will be the direction I move back to.

May 1, 2016 at 9:18 pm Leave a comment

new YNAB – Availability issues and making production DNS changes

Earlier this week, nYNAB had some availability issues.  Being the up-front guys they are, which I highly respect, they admitted to having a DNS issue.  They cleared up the problem on their end, but some ISPs had bad data cached for quite a while.  I think it’s all been corrected by now.

Not being privy to exactly what problem the YNAB team had, I’m guessing it was a bad DNS record.

I don’t work at YNAB, but here’s a good method to make public DNS changes, based on my past experience managing publicly facing DNS servers for a large retail chain.

Normally, you have a long TTL (time-to-live) for your DNS records.  Having a TTL of 1 day is pretty common.  Having this value set so high means that the DNS servers at ISPs around the world will only have to update their cache (by querying your DNS servers) once a day.  This reduces traffic to your DNS servers, and allows your end customers to get faster service, since their ISP won’t have to make a round trip to query your DNS servers to figure out how to get to your web site.  If your service is used by that ISPs customers, they will most likely have your DNS records cached.

Whenever you get ready to change your DNS records, instead of just making the change, prep for it by setting your TTL to a very low value, say 5 – 15 minutes.  The important part here is once you’ve made that TTL change, you wait for your original TTL to pass.  So, in our 1 Day example, you wait 24 hours, then make the DNS change you want to.

Waiting until your original TTL expires means that all the ISPs in the world will now have your new, lower TTL.  So, they will be querying your DNS servers much more frequently.  Your change will happen all around the world much faster this way.  That’s good, even if you put bad DNS data in by accident.

After making the change to your DNS records, monitor things for the next several hours.  If you have a reasonably popular service, you should know very quickly if your DNS changes were correct or not.  Once you are sure that everything is operating as intended, you simply raise your TTL value back up to 1 day again.  Within 15 minutes or so, all the ISPs in the world should be caching your info for a full day again.

If you detect a problem during your “monitor phase”, just switch your DNS records back to the previous configuration (but leaving the TTL set to your short value).  Monitor again to ensure that everything is back to normal.  Once satisfied, you can set your TTL back to the 1 day level.  (Or, figure out what went wrong, and try the move again.)

If you want to be more flexible on your DNS changes, you might consider permanently having a mid-level TTL, like 8 hours.  By setting the permanent value to something in this realm, you can ensure that you can make changes more quickly (since you won’t have to wait 24 hours from the time you lower your TTL to the 5 – 15 minute level, only 8 hours).

March 30, 2016 at 5:50 am Leave a comment

Withdrawing Roth IRA contributions without tax or penalty – How to file it?

Yes, this is a networking blog, primarily. I do sometimes post about personal finance, mostly related to YNAB, so this post isn’t entirely without precedence. Plus there is a tiny networking tie-in later.

I’ve read in multiple places that AT ANY TIME you can withdraw your Roth IRA contributions without tax or penalty… In at least one place, they suggested instead of funding an emergency fund that goes to a bank account, instead you fund a Roth IRA (up to the max each year), because you can take out what you put in whenever you want without penalty.

Here’s the problem: Last January I opened a Roth IRA (with a different company.  I already had a Roth opened years earlier with E*Trade). Within about 8 months, I decided that I didn’t want to continue contributing to that Roth, but would put the money that had been going into the Roth into my 401K instead, lowering my taxable income.  Instead of keeping this small Roth IRA, I decided to withdraw virtually all of my contributions and invest it in a non-retirement account.

Today, I downloaded my 1099-R form associated with this Roth IRA distribution. It had a distribution code of J in box 7, which didn’t mean much to me. I was not prepared for what happened next.

When entering that 1099-R into Turbo Tax, my tax liability jumped by over $575!

I called the company I got the Roth through, but they were not much help, not being tax professionals.  Searching around google, I found this article by one of my favorite writers about money, Jonathan Ping. (Yes, his last name is Ping. There’s that tiny networking tie-in I mentioned.)

From reading Jonathan’s article, I gathered that Form 8606 was the key to declaring the contribution amount.

After filling out the 1099-R, Turbo Tax asked me a bunch of questions, but didn’t ask for the total amount of my contributions. Searching around a bit lead me to an answer, though.

In the upper part of the screen, go to the My Account menu, then select Tools. In the pop-up window that appears next, select Topic Search, then type in 8606. With that form selected, hit the Go button.

Now it will lead you through the right line of questions so you can declare how much you contributed to your Roth IRA. Once you’ve filled that out and gone through the rest of the questions, you should find that your tax burden is much lighter… In my case, all $575+ of taxes melted right away.

Anyhow, this caused me a significant amount of stress for about 3 hours, so I thought I’d post it here and hopefully save someone else some frustration.

March 2, 2016 at 10:35 pm Leave a comment

Meraki AP Syslog to Palo Alto firewall for User ID

I recently got a Meraki AP as a demo unit. Using Palo Alto’s Syslog listener, you can get user-id info from these units, if you are doing 802.1X authentication.

Just follow the instructions here, with some adjustments…

Navigate to the Device tab, User Identification menu item, then the User Mapping tab. There, select the gear icon, and on the following pop-up screen, select Syslog Filters.
Add a new filter, with these properties:
Profile Name: Meraki AP v1.0.0
Type: Regex Identifier
Event Regex: 8021x_eap_success
Username Regex: identity='([a-zA-Z0-9\\\._]+)
Address Regex: client_ip='([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})

Then, use your newly created filter for your Syslog Listener.

In my experience, it looks like the Meraki only logs authentication events every so often. Perhaps it is caching them? At any rate, set the Cache timeout value to something greater than the default 45 minutes. I set mine to 480, though this may need tuning, depending on the environment.

Also, be aware that the first time you authenticate after setting this up, you’ll probably show up in the ip-user-mapping with no IP address. That’s because when you initially authenticate, the first Syslog message from the Meraki shows an IP of Subsequent authentication attempts have your IP address in them. Not sure how this works out in the long term.

I wouldn’t say this is quite production ready, but it is definitely worth playing with, if you happen to have both a PA firewall and a Meraki AP.

March 2, 2016 at 7:04 pm Leave a comment

Older Posts


  • Blogroll

  • Feeds


    Get every new post delivered to your Inbox.