Related
Well been doing alot of study lately and it seems ALOT of apps on the market that are full versions and are "free" seem to have ad sponsored elements in them. Sending your GPS data to whoever or other various things. Now while if the dev mentions on the description that their "Paid" version is ad free. Least its up front and honest about it. However alot of Apps I found out hide this info it seems. Is this going to be the new "Kazaa" on the G1? Back when Kazaa came out, is when the influx of "Spyware" was increasing. Im worried is this happening to the G1 now? While I can understand devs choosing this to make their app free and gain from it a lil. Whats to say other devs wont use this for other intentions that may have some negative impact?
Just wondering tho.. for modded G1s. Is there some sorta firewall app or so yet that might be useful? Anyways just thought I would post for discussion case I am worried over nothing.
Install AdFree from the Market.
Cool ill try that. Still tho some discussion would be good. Cause I don't know if this should be something to start getting concerned on. Apps running in background draining battery, and reporting info possibly and so. Or am I getting concerned over nothing?
Mysticales said:
Cool ill try that. Still tho some discussion would be good. Cause I don't know if this should be something to start getting concerned on. Apps running in background draining battery, and reporting info possibly and so. Or am I getting concerned over nothing?
Click to expand...
Click to collapse
A little paranoia is a healthy thing, too much is bad, but these ads collect all sorts of location information to profile you and provide relevent advertising, but who knows what else happens with the data etc etc etc
PS you need root access on your phone to use AdFree
Yea Im fully rooted, No worries there. =) Thanks for this heads up. I use host files as well on my PC.. since then never had a issue with spyware again. Any news on if he would let us update the host file ourselves? Id love to use the file I have on my PC. Heh.
Anyways as for discussion goes. Can these ads know your G1 email, or linked email account? Next off, is there a ability that these ads could read your personal data as text msgs, contacts (to spam phone calls) or anything like that? Android being a new OS.. not sure what devs and ads can do with access to a phone. Its like a new gateway has been opened.
Kinda wish a dev could comment if the G1 would even have this ability and if it could be a bad thing.
Edit: Good question, this Ad Free, is it like if you add a hosts file in a router? Like if I use the G1 to tether, is it blocking the ad banners even on tethered connections? Would be interesting to know for sure since imagine a built in firewall that protects tethered PCs too.
Mysticales said:
Yea Im fully rooted, No worries there. =) Thanks for this heads up. I use host files as well on my PC.. since then never had a issue with spyware again. Any news on if he would let us update the host file ourselves? Id love to use the file I have on my PC. Heh.
Click to expand...
Click to collapse
You can use your own hosts file on your own phone, AdFree just automates the process, if you look at this thread it started off describing how to do things manually.
Anyways as for discussion goes. Can these ads know your G1 email, or linked email account?
Click to expand...
Click to collapse
Possibly, I haven't looked into accessing the google credentials from the android APIs so I don't know for certain, might be a private API google only shares with it's own apps, that doesn't mean someone won't figure out how to access them however.
Next off, is there a ability that these ads could read your personal data as text msgs, contacts (to spam phone calls) or anything like that? Android being a new OS..
Click to expand...
Click to collapse
When you install an app there is a screen displayed of the permissions the apps ask for, read/write contacts, calendars etc will all be displayed, you should be able to see the permissions an app will have access to after it's installed as well from memory.
not sure what devs and ads can do with access to a phone. Its like a new gateway has been opened.
Click to expand...
Click to collapse
You should be more worried what google will do with all the info it collects to be honest, but that's another issue altogether.
Kinda wish a dev could comment if the G1 would even have this ability and if it could be a bad thing.
Click to expand...
Click to collapse
You are prompted during install as to what the app will be able to access, google leaves it up to you to accept it or not.
Edit: Good question, this Ad Free, is it like if you add a hosts file in a router? Like if I use the G1 to tether, is it blocking the ad banners even on tethered connections? Would be interesting to know for sure since imagine a built in firewall that protects tethered PCs too.
Click to expand...
Click to collapse
Depends how the tethered setup gets DNS info, if it uses the information from the hosts file then yes, but this is dependent on what the tether setup does.
Mysticales said:
Its like a new gateway has been opened.
Click to expand...
Click to collapse
Only if you never bothered reading the permissions requests when installing an app. They clearly describe what permissions an app wants to use and you can cancel the installation if you feel you don't want to give an app the right to access your personal info. So if you install a game that says it wants access to your Google Account info (which would include your email and thus all your associated google services) then you have only yourself to blame if the dev sends you a ton of spam or sells your email address.
Bottom line is read the permissions requested carefully and decide whether you trust the company/entity that created the app before installing it. Also, i'd be very wary installing any root apps, since root apps by their very nature can operate outside of dalvik sandbox and do practically anything they want to your system. I'm only running two root apps right now: Market Enabler and Wifi Tether. They are both open source.
Well of course I read the permissions thing. However still I would still wonder about things.
Mysticales said:
Well of course I read the permissions thing. However still I would still wonder about things.
Click to expand...
Click to collapse
Google actually closed up some of the loop holes that apps were using on Android 1.0/1.1 to enable wifi etc.
jashsu said:
They are both open source.
Click to expand...
Click to collapse
Unless you audit the code and compile it yourself, you have no idea what the binary is actually doing.
Location data is only used for serving the right banners and calculate the profits the banner view/click has depending on the location (country) of the viewer.
Its not anything malicious and you can easily see the permissions when installing.
People all like free apps instead of paying a few dollars, but when an ad is added people try to get rid of it... Havent you all ever wondered why the ads are there? Just like on a forum as the one you are on right now? Right they generate at least a little bit of money for a dev that doesnt want to charge the users directly by letting them pay, but spends almost all his free time to keep apps updated, write new once and answering questions.
As soon as there is virtually no way too make money on a market, the market will die as developers/companies will move over to an other platform of development.
delta_foxtrot2 said:
Unless you audit the code and compile it yourself, you have no idea what the binary is actually doing.
Click to expand...
Click to collapse
It's not difficult to get the code from svn and compile it. Pretty effortless.
rogro82 said:
As soon as there is virtually no way too make money on a market, the market will die as developers/companies will move over to an other platform of development.
Click to expand...
Click to collapse
Many people don't like to view ads on their computers, let alone their mobile phone. Thus if people can block the ads easily, they will. Content producers and software developers will simply have to find a new business model to pursue. Maybe that's a free/premium differentiation model or maybe its microtransactions. That or they will have to deal with a percentage of their userbase blocking ads.
Well I am sure most devs Block ads too, either on their mobile or pc.. no one wants any type of issue.
Now again, I said I understand why they are there for free apps. Its just that as a user myself.. I like to know Im protected from potential hazards. Also alot of devs like to make something hot to use on later resumes and projects. Ive worked with alot of devs in my time start with nothing and grow to get bigger jobs in RL cause of the project. =)
jashsu said:
It's not difficult to get the code from svn and compile it. Pretty effortless.
Click to expand...
Click to collapse
I didn't say it was hard to get or compile it, but auditing the code to make sure nothing malicious is going on can be very difficult at times. There is a code obfustication competition each year and it's extrodinary what some can do and you'd never know unless it was pointed out to you.
Mysticales said:
Well I am sure most devs Block ads too, either on their mobile or pc.. no one wants any type of issue.
Click to expand...
Click to collapse
It's not just "issues" too many ads tick a certain segment of the population off to the point that they go to these lengths to get rid of them.
This is of course before you factor in this segment of the population are usually the least to click on ads, usually for ethical/moral reasons, so them getting rid of ads is usually no big loss.
Last time I checked AdFree was downloaded less than 5,000 times, now compare this to a speedometer app I made which anyone can run and it's been downloaded over 10,000 times I highly doubt any dev relying on ads will actually loose out by the people that can and are blocking them.
rogro82 said:
Location data is only used for serving the right banners and calculate the profits the banner view/click has depending on the location (country) of the viewer.
Click to expand...
Click to collapse
The meta data that can be gleened from this sort of advertising can have all sorts of flow on effects and unintended consequences.
I see the world and potential pitfalls in things differently than others, I don't know why, but the more data collected the worst things can be.
If you are interested in what country they are from/in just pull the country code from the SIM card, why narrow it down to within a few metres?
Well since I have been using Adfree. Let me say this. My G1 seems to be running faster! I dont get as many force close/wait errors. Certain apps like atrackdog for one RUN faster. I mean without the ads running, it seems my apps speed through their task and do what they are supposed to. Kinda interesting note oddly.
Also lets say a app you know would be using GPS to locate you on a map. Thus triggering "Give app permission to use your GPS" which you know why it needs it. But does the app also tell you that it uses the GPS for Ads? So I dont always trust what it says when it comes to permissions as it doesnt mean in the underline that its not using the same permission to do other things. Would be nice if the G1 had a notice that the app uses Ad support.
Linux is a wonderful and powerful operating system that can do just about anything you can possibly dream of.
First, the hosts file hack is a piece of crap since all it does is it points potentially malicious domain names back to self. It doesn't take into account connections that are ip address based... those will still go through and there is nothing that can be put in the hosts file to stop that.
iptables on the other hand.... included in 1.0 and 1.1, and several custom 1.5's, can do many strong things; block by ip address (including if it tries to lookup by dns), block by port, *BLOCK BY USER ID*.
The latter is particularly interesting since each program installed on android is assigned its own userid. That means that with the correct iptables rule, you can block all network traffic for THAT PARTICULAR PROGRAM. Or you can blacklist/whitelist servers for that program, etc.
http://www.cyberciti.biz/tips/block...ingle-user-from-my-server-using-iptables.html
http://www.cyberciti.biz/tips/linux...ng-access-to-selectedspecific-ip-address.html
For example, when I issue this command:
iptables -A OUTPUT -o tiwlan0 -m owner --uid-owner 10017 -j DROP
My browser is no longer able to connect (since it is uid=10017) using wifi (tiwlan0 is wifi). Note: leave out the entire "-o tiwlan0" argument and it should block all outgoing on all devices for that userid.
To find the userid for a particular program, do "ls -l /data/data/program'sdatadirectory"
So on JF 1.51 is this ability already there? Yea I know Linux is great for iptables. Always is, even in routers hehe.
If its not in there already, Debian, how well does that work on the G1?
There is an iPhone 3G app called VOiPover3G that tricks other iPhone apps into thinking that they are on Wi-Fi even though they are on 3G/EDGE/GPRS.
Is anything like this being looked at/developed for Android phones??
Please post questions about apps in the correct subforum. This will probably get locked...
This probably is the right subforum. Apps forum is for apps that have been compiled and released. This forum is for dev including apps dev.
Anyway, what would be the point in a program like that? What programs could benefit from it?
JaboJG said:
This probably is the right subforum. Apps forum is for apps that have been compiled and released. This forum is for dev including apps dev.
Anyway, what would be the point in a program like that? What programs could benefit from it?
Click to expand...
Click to collapse
It would allow programs like sipdroid (the market version) to think it was on wifi and when we finally get something like Fring for Android that would also be able to use the data package to make voip calls, even "real" skype calls.
It is in the wrong part of the forum, but I might as well answer it...
While the iPhone doesn't allow certain services over 3G (e.g. VoIP stuff), the current Android handsets + apps don't do such a thing.
e.g. Sipdroid works fine over edge/umts/wifi (as good as those networks can support VoIP).
It's really kind of a strange question to be honest. If there isn't a problem, don't ask questions about it
JaboJG said:
This probably is the right subforum. Apps forum is for apps that have been compiled and released. This forum is for dev including apps dev.
Anyway, what would be the point in a program like that? What programs could benefit from it?
Click to expand...
Click to collapse
Not to harp on the point made by Diceman4, but it really isn't the correct sub-forum. If you look at the Stickies in the Apps/Games sub-forum, you will see that one of them is regarding request/ideas for applications.
JaboJG said:
This forum is for dev including apps dev.
Click to expand...
Click to collapse
I don't see any development going on in the first post though. This seems more like a post for the "ideas for apps" thread in app subforum. Although if the op came back with a chunk of code that needed debugging, that would be a different story.
MOD EDIT
Moved to Applications & games forum
The main reason for asking was because of problems with Tmob in the UK blocking sipdroid (port 5060) and preventing it using 3G etc.
If we had an app like VOiPover3G it may very well allow us to bypass that problem, I don't know
robiom said:
The main reason for asking was because of problems with Tmob in the UK blocking sipdroid (port 5060) and preventing it using 3G etc.
If we had an app like VOiPover3G it may very well allow us to bypass that problem, I don't know
Click to expand...
Click to collapse
Why? a better bet would be to ask the sipdroid creator to include a user configurable port setting. The point of android is that the workarounds don't need to be workarounds on the phone, but rather workrounds for interfacing with the network.
robiom said:
The main reason for asking was because of problems with Tmob in the UK blocking sipdroid (port 5060) and preventing it using 3G etc.
If we had an app like VOiPover3G it may very well allow us to bypass that problem, I don't know
Click to expand...
Click to collapse
The technique described by the op routes traffic internally from the wifi interface to the cellular interface. That will have no effect on the protocol or port used. In other words, it will only be of use if the app is hardcoded to use wifi only and you want to work around that. If the cellular carrier is blocking the data, this method will not get around that.
As for sipdroid, you can manually configure the port used.
jashsu said:
The technique described by the op routes traffic internally from the wifi interface to the cellular interface. That will have no effect on the protocol or port used. In other words, it will only be of use if the app is hardcoded to use wifi only and you want to work around that. If the cellular carrier is blocking the data, this method will not get around that.
As for sipdroid, you can manually configure the port used.
Click to expand...
Click to collapse
If you use pbxes there are a handful of different ports that will work but I haven't been able to get any to work. Saying that, up till recently I was using Gizmo5 but pbxes have blocked it's use after they (Gizmo5) allegedly stole/used sipdroid code and renamed it as if it was there own.
If any one has had success with sipdroid on 3g etc on t-mob UK please post the sip provider and the settings used.
Have you guys tried using the FULL version of sipdroid.. the one on the market didnt allow for 3g calls but this one does http://code.google.com/p/sipdroid/
turboyo said:
Have you guys tried using the FULL version of sipdroid.. the one on the market didnt allow for 3g calls but this one does http://code.google.com/p/sipdroid/
Click to expand...
Click to collapse
Been there, done that, even got the T-shirt.
The problem is T-mob in the UK are a pain in the neck and are blocking the port 5060.
As someone has already mentioned in this thread, what is needed is a user configurable port so that T-mob UK can't block.
Let's hope sipdroid developers can do something along those lines.
I don't get it... have you tried all the alternative ports listed in pbxes website?
53, 69, 80, 135, 161, 443, 500, 1433, 1701, 1812, 3389, 4500, 5061, 5900, 16999, 26999 and
36999 (recommended)
Note:
Because of the DNS entries for pbxes.org your device may be selecting port 5060 automatically. If you want to use an alternative port enter 188.40.65.148 as SIP server.
Click to expand...
Click to collapse
Both of them work as UDP or TCP.
TCP is recommended as it will help with battery life.
If none of these ports work, then It has to be that T-mobile has a Layer 7 filter in place looking for the SIP signaling traffic, and there should be no workaround possible unless you can wrap your sip traffic in a VPN. Nothing can be done to stop that, unless they filter the whole L2TP,PPTP,IPSEC or OpenVPN protocols.
I have tried most if not all of the ports specified and still no joy BUT I'll give it another go. What SIP provider do you use?
If T-mob are killing all SIP traffic how is it possible to use sipdriod over VPN?? Surely that is a major undertaking?
If it was done though, it would be the most robust and bulletproof VOIP app and would never be stopped Brilliant
I have just tried every single one of the alternative ports and every time I had a registration failure (timeout) so I guess T-mob are filtering for SIP traffic.
That leaves only the VPN route OR change providers OR change phones.
robiom said:
I have just tried every single one of the alternative ports and every time I had a registration failure (timeout) so I guess T-mob are filtering for SIP traffic.
That leaves only the VPN route OR change providers OR change phones.
Click to expand...
Click to collapse
Changing phones WILL NOT work since it isn't the phone that is causing the problem, it is the provider.
VPN should be fine, but you'll need a VPN server somewhere to connect through, i.e., your home computer.
There is nothing a carrier can do to block SIP over VPN. Everything is tunneled over the VPN connection so they can't know what goes in there.
As soon as we have a reliable VPN service (Donut seems to have PPTP or L2TP, although I'd love to see OpenVPN there) , you'll ve able to set-up your own voip and vpn server and pipe all the voice through it.
There is a couple of VoIP providers who can do that for you. One that comes to mind is callwithus.
On the connection issue with t-mobile, I suggest you try this:
If you have a DMZ linux/cygwin (altough a windows box might make it) host or a shell anywhere you can test if your provider is locking those ports, the pbxes ip or maybe even the SIP traffic.
Listen in a port using netcat:
netcat -n -l -vvvv 5060
Click to expand...
Click to collapse
Launch the Terminal Emulator in your android phone and test if you can connect to your host:
nc <your_hostname> 5060
Click to expand...
Click to collapse
Type something... if you can see the text, they have a L7 filter in place.
If you can't see anything, they are blocking the port.
Now change the listening port to 36999 for instance.
Try to connect again. It should work.
Now in Sipdroid, add your hostname, give it any username, any password, use the 36999 port and select TCP connection and keep the netcat running on your listening host.
If you see a connection in your listening host and some signalling traffic, pbxes should work for you.
If you don't, then there's a really advance L7 filter between you and the internet and they can block anything they want to.
In this case, the only solution (and there's nothing they can do unless they also block it), is to use a VPN.
Thanks guys for all your suggestions. I'll try and go through all the procedures you've suggested stickman and I'll post the results
anyone heard of a tor (http://www.torproject.org/index.html.it) porting to android? do you know about such similar project for the android platform?
thx
fl3xo said:
anyone heard of a tor (http://www.torproject.org/index.html.it) porting to android? do you know about such similar project for the android platform?
thx
Click to expand...
Click to collapse
I suspect something malicious seeing as how that link ends in .html.it
xsnipuhx said:
I suspect something malicious seeing as how that link ends in .html.it
Click to expand...
Click to collapse
its just a language thing.
Just go here: http://www.torproject.org/index.html
.it prolly stands for Italian.
xsnipuhx said:
I suspect something malicious seeing as how that link ends in .html.it
Click to expand...
Click to collapse
sorry, i'm of italian language.
fl3xo said:
anyone heard of a tor (http://www.torproject.org/index.html.it) porting to android? do you know about such similar project for the android platform?
thx
Click to expand...
Click to collapse
There's nothing to "port". You download the source, compile it for ARM, run it, and configure your system to use it. Should work fine.
Note: You don't actually need to run tor locally on your phone if you don't want to... you can actually forward a port over SSH to some tor server (i.e., your home computer).
U're absolutely in right. Tor and provoxy, cross compiled for armv6, really works. It's really really slow, but i can't expect nothing more (i compiled various linux application for android, clamav for example, and they are all very slow).
The real problem is another. The default browser and other browsers found on the market, do not support SOCKS so i'm forced to set an HTTP proxy with provoxy.
Read https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS can discover that's a real nonsense: compile tor, install it, but you're not anonimazed at 100% against a clever attacker.
any idea!?
Right... the problem is that in using HTTP proxy, it uses the system-configured DNS server, which means that there is the potential to trace your activities (at least partially) based on the DNS servers you look up.
Using tor-dns-proxy.py (not torDNS since it is a windonkey-only prog) as your DNS server should do the trick... two issues there though; 1) you need a python interpreter to run this -- either compiler fun, debian, or ssh tunnel, 2) Networking is a little funny on 'droid -- I'm not sure that replacing the 4.2.2.2->4.2.2.4's from the resolv.conf would actually do it. Probably not. There is a property (getprop/setprop) for DNS which will probably work. Alternative is you rewrite tor-dns-proxy.py in C and that should definitely work.
This is actually quite strange... 4.2.2.2->4.2.2.4 are public DNS servers owned by level 3 communications. The DNS server set in the system properties is the one set by DHCP.... can't quite understand the use of the L3C servers except maybe as a fallback? Or commandline programs bypass the 'droid systems and use the L3C servers whereas the 'droid apps use the DHCP provided servers, i.e. put something in there so that terminal apps aren't broken by unavailability of 'droid system DNS server...
About your performance issues.... I've always found the tor network to be brutally slow, are you sure it is a hardware performance issue and not simply the network?
fl3xo said:
U're absolutely in right. Tor and provoxy, cross compiled for armv6, really works. It's really really slow, but i can't expect nothing more (i compiled various linux application for android, clamav for example, and they are all very slow).
The real problem is another. The default browser and other browsers found on the market, do not support SOCKS so i'm forced to set an HTTP proxy with provoxy.
Read https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS can discover that's a real nonsense: compile tor, install it, but you're not anonimazed at 100% against a clever attacker.
any idea!?
Click to expand...
Click to collapse
lbcoder said:
This is actually quite strange... 4.2.2.2->4.2.2.4 are public DNS servers owned by level 3 communications. The DNS server set in the system properties is the one set by DHCP.... can't quite understand the use of the L3C servers except maybe as a fallback? Or commandline programs bypass the 'droid systems and use the L3C servers whereas the 'droid apps use the DHCP provided servers, i.e. put something in there so that terminal apps aren't broken by unavailability of 'droid system DNS server...
Click to expand...
Click to collapse
I've confirmed that.... terminal apps use L3C servers from resolv.conf, 'droid apps use DHCP provided server, so if you run a tor DNS proxy locally, you can "setprop net.dns1 127.0.0.1", "setprop net.dns2 127.0.0.1", "echo "nameserver 127.0.0.1>/etc/resolv.conf"" ... etc.
lbcoder said:
About your performance issues.... I've always found the tor network to be brutally slow, are you sure it is a hardware performance issue and not simply the network?
Click to expand...
Click to collapse
I think because of static linking used for compiling libevent, openssl and tor source. I'm lack of free time to learn about ndk and android shared library, but probably this can be the first step to increase performance of a lot of application not specifically written for android.
With tor in background is quite impossible doing anything else.
I often use torpark for surfing (both win and linux version) and i think the incredible slowness on the phone is not justified by transit of streams on the onion network.
fl3xo said:
With tor in background is quite impossible doing anything else.
I often use torpark for surfing (both win and linux version) and i think the incredible slowness on the phone is not justified by transit of streams on the onion network.
Click to expand...
Click to collapse
Use a performance analyzer like top to see how much cpu your tor process is eating. Probably significant.
Using top, the tor load remains over 90%, even not actively surfing. What the mess?
Useful app, and it did speed up my browsing and market downloads, a lot!
https://market.android.com/details?id=uk.co.mytechie.setDNS&rdid=uk.co.mytechie.setDNS&rdot=1
okantomi said:
Useful app, and it did speed up my browsing and market downloads, a lot!
https://market.android.com/details?id=uk.co.mytechie.setDNS&rdid=uk.co.mytechie.setDNS&rdot=1
Click to expand...
Click to collapse
I have tried this - however, I use OpenDNS at home and saw improvement
Im going out on a limb here and guessing the app will only work if ou have DNS set up on the network in which you are connected to.
tincbtrar said:
I have tried this - however, I use OpenDNS at home and saw improvement
Im going out on a limb here and guessing the app will only work if ou have DNS set up on the network in which you are connected to.
Click to expand...
Click to collapse
Hmmm...seems to really work with several different networks, including my Clear Wimax MiFi. Placebo effect? I don't care, if it works. Especially for those never ending market updates...
Hah that's funny! I actually just went about changing up my DNS servers again for my home network. I actually have my wireless router and all other devices set up with a great DNS server setup. The primary DNS is Google's main public server, which is 8.8.8.8, meanwhile my secondary is the server that is closest to my actual location, which is good. Just in case the main server fails I will still have a close server connection, which means an overall good connection to fall back on.
Best tool to use all around to find out if your primary and secondary DNS servers are really fast and reliable? Google's own tool called namebench. It can be found here: http://code.google.com/p/namebench/
It will recommend to you the fastest server as the main, showing the percentage of how much better it is compared to your current, and it will also show the closest server based on your location for the secondary. Works like a charm every single time.
Actually, I have been using Google's DNS for like 2 years now as my main, but my secondary is what has recently changed. No complaints here at all. It chugs along like it should without so much as a hiccup.
Anyone reading this: Once you find the best DNS servers for yourself, you should go about applying them to all of your internet enabled devices as I have done myself. For example: wireless router, computer, phone, tablet, Wii, PS3, and any other device you can think of! You shan't regret it!
StrifeSoldierVII said:
Hah that's funny! I actually just went about changing up my DNS servers again for my home network. I actually have my wireless router and all other devices set up with a great DNS server setup. The primary DNS is Google's main public server, which is 8.8.8.8, meanwhile my secondary is the server that is closest to my actual location, which is good. Just in case the main server fails I will still have a close server connection, which means an overall good connection to fall back on.
Best tool to use all around to find out if your primary and secondary DNS servers are really fast and reliable? Google's own tool called namebench. It can be found here: http://code.google.com/p/namebench/
It will recommend to you the fastest server as the main, showing the percentage of how much better it is compared to your current, and it will also show the closest server based on your location for the secondary. Works like a charm every single time.
Actually, I have been using Google's DNS for like 2 years now as my main, but my secondary is what has recently changed. No complaints here at all. It chugs along like it should without so much as a hiccup.
Anyone reading this: Once you find the best DNS servers for yourself, you should go about applying them to all of your internet enabled devices as I have done myself. For example: wireless router, computer, phone, tablet, Wii, PS3, and any other device you can think of! You shan't regret it!
Click to expand...
Click to collapse
Yes, I chose Google DNS for my main when on the go (using MiFi usually) and will set to whatever works best at home (haven't checked yet but will use that namebench app you recommend). I have seen a real improvement so far.
TL;DR
My ChromeCast was happily using Unblock US for Netflix for months. It stopped working on Friday. Is it a general problem, or is it just with my setup?
The long version:
I got my ChromeCast before Christmas, and I've been happily using it with multiple Netflix regions using Unblock US. On Friday I started getting the "We're having trouble playing this title" error on some titles, and it looks like my ChromeCast can no longer access non-UK titles.
It worries me that this coincides (sortof) with the official availability of ChromeCast in the UK, and I'm wondering if they've released a new build or service which prevents the use of services like Unblock US.
My ChromeCast is using build 16278 (with a worrying 'Country code GB' that I never noticed before). I'm intercepting access to Google's DNS on my router using the following iptables commands:
iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination 208.122.23.22
iptables -t nat -A PREROUTING -d 8.8.4.4 -j DNAT --to-destination 208.122.23.23
And as I said, these have been working fine for months. I'm also fairly confident that they're still OK, because I've set my tablet to use 8.8.8.8 as the DNS and it can access Netflix US content just fine.
So, my questions:
1. Is there anyone else in the UK using Unblock US to access Netflix using official ChromeCast build 16278? Is it still working for you? (If you want a particular title to try, Supernatural season 6 episode 13 is the one that I first noticed the problem with, although many titles refuse to play.)
2. If it's not working for you either, do you know why?
3. If it is working for you, what should I try next? (I've already done a factory reset, and that didn't make a difference.)
I've been happy with Unblock US but I'm equally happy to move to a different provider if there's a better one.
(I hope this is the right forum - it's where ChromeCast region settings and use of iptables have been discussed in the past. I'm a bit worried that the forum says I'm breaking the rules by asking a question, so if there's a better place for this post please don't be offended by my ignorance and please do let me know!)
Many thanks.
Uh oh. You say you have build 16278? That's new. My U.S. Netflix access still works, but I'm still on build 16041.
Maybe there's no cause for concern yet. The new Country Code was there in build 16041, and in any case I would think it's the Netflix app that would have to change to cause a problem rather than the Chromecast build. But obviously there should be some re-testing with build 16278 as it rolls out. Netflix could have already changed their app, but made it dependent on build 16278 or higher since everyone is going to get that sooner or later.
Regardless of the current situation, long term this Country Code is clearly going to be a problem. It can probably be solved by the DNS proxy services eventually, but until then I wouldn't be buying a Chromecast to use from outside the U.S..
DJames1 said:
Uh oh. You say you have build 16278? That's new. My U.S. Netflix access still works, but I'm still on build 16041.
Maybe there's no cause for concern yet. The new Country Code was there in build 16041, and in any case I would think it's the Netflix app that would have to change to cause a problem rather than the Chromecast build. But obviously there should be some re-testing with build 16278 as it rolls out. Netflix could have already changed their app, but made it dependent on build 16278 or higher since everyone is going to get that sooner or later.
Regardless of the current situation, long term this Country Code is clearly going to be a problem. It can probably be solved by the DNS proxy services eventually, but until then I wouldn't be buying a Chromecast to use from outside the U.S..
Click to expand...
Click to collapse
I expect we had better get used to this breakage with things like Netflix due to the fact that Google does a tiered rollout of updates and the Apps must also be updated to work with those new updates from time to time.
Netflix I think may be particularly susceptible because I suspect the Netflix Player app may actually be embedded in the device. It's the only app that does not have a LINK in the App list CCast uses to retrieve players.
Perhaps someone from Team Eureka can comment and confirm if that is true or not.
But what seems to be a pattern is Google releases an update, Something breaks and then you see a flood of CCast compat app updates a week or so later. Hopefully once the CCast OS is more mature this breakage will happen less frequently.
Just wanted to point out, sometimes if you change settings on your router or the connection is disrupted randomly, the iptables may get reset and stop intercepting Chromecast DNS requests. Rebooting the router to start the script again helps.
Sent from my Nexus 5 using Tapatalk
Asphyx said:
Netflix I think may be particularly susceptible because I suspect the Netflix Player app may actually be embedded in the device. It's the only app that does not have a LINK in the App list CCast uses to retrieve players.
Perhaps someone from Team Eureka can comment and confirm if that is true or not.
Click to expand...
Click to collapse
One of them said that Netflix was a separate binary and the only exception to running in a Chrome sandbox, so seems that is the case. It could still be cleverly coded so it wouldn't require a full update unless there was a low level or architecture change.
Asphyx said:
But what seems to be a pattern is Google releases an update, Something breaks and then you see a flood of CCast compat app updates a week or so later. Hopefully once the CCast OS is more mature this breakage will happen less frequently.
Click to expand...
Click to collapse
Yup... even with the forced updates there's still a period of time when there are units on both old and new versions, DNS caches haven't been updated, etc.
RandomUser6 said:
TL;DR
1. Is there anyone else in the UK using Unblock US to access Netflix using official ChromeCast build 16278? Is it still working for you? (If you want a particular title to try, Supernatural season 6 episode 13 is the one that I first noticed the problem with, although many titles refuse to play.)
Click to expand...
Click to collapse
Yes - though my CC still says country code US.Tried the Supernatural episode as well and that worked too.
RandomUser6 said:
3. If it is working for you, what should I try next? (I've already done a factory reset, and that didn't make a difference.)
Click to expand...
Click to collapse
I'm sure you probably already done this but have you checked your current external IP Address is active on the unblock-us website?
Some updates
Hi all,
Many thanks for all your responses. Some updates:
I checked the external IP address was active on Unblock US, and it was.
I restarted the router, the ChromeCast and the tablet. It made no difference.
I did another factory reset on the ChromeCast. It made no difference.
I managed to change the Country Code to US. It made no difference.
So I still have the problem and I’m not sure what the differences between my setup and Pully’s are.
The Country Code change is worth a bit more explanation. You all may already know this, or know how this mechanism works, but I didn’t.
* After a factory reset, I couldn’t see the ChromeCast on my tablet to set it up. I could see it with my phone. (My tablet is set to use Google’s DNS - intercepted and redirected to Unblock US’s DNS - rather than my ISP’s, location services are off, and ChromeCast has access to location services turned off in App Ops. My phone just uses regular DNS and has location services turned on.)
* I set the ChromeCast up using my phone, and it set the location (automatically) to GB. I’m not certain of this but I’ve no recollection of choosing the location at this point.
* I couldn’t get things to work and posted here. (Just so you know the timeline.)
* I did a factory reset again, and tried to set ChromeCast up using the tablet again. It still couldn’t see the reset ChromeCast. Then I changed App Ops on the tablet to allow access to location services, and it could suddenly see the ChromeCast to set it up. Location services were still turned off on the tablet, but it seems turning it off in App Ops interfered with it seeing the reset ChromeCast.
* When I tried to set it up with the tablet - now that it could see it - as part of the setup process it gave me a drop down to choose the location. I chose US. (I’ve also set it to EST/New York time and language to English (United States).
So the upshot is: I believe you can set the Country Code in build 16278 if you set it up using a device that has location services turned off, but not blocked by App Ops.
Unfortunately I’m still no further on with my Netflix problem and I’m running out of things to try.
How long does the US Country Code stick? Does it reset to GB when you power-cycle the Chromecast?
Maybe it's time to broaden your experiments to identify where the problem lies.
Instead of relying on the iptables commands you could try the static-route-to-nowhere method to block Google DNS and put the DNS addresses in your router fields for the moment. See if that makes a difference.
For an alternative DNS you could sign up for a 1-week trial with one of the others like Unotelly, or else try the free DNS services currently offered by SmartDNSProxy or Tunnelto.us. I have confirmed that they work with Netflix on the Chromecast.
If neither of those things work, at least you have eliminated some possibilities.
Right now tunnelto.us is working for me, whereas unlocater broke some time ago. SmartDNSProxy also not working for me.
Sent from my Nexus 5 using Tapatalk
It works now!
Hi folks,
I have it working now (thanks!) and have a bit more information. Some of this is just my supposition of what’s going on.
First of all, Country Code sticks between power-cycles without any problems. Time zone and language don’t seem to have any impact either. Also, I honestly have no idea whether Country Code has any effect at the minute. It might still be a red herring, or a problem for the future.
The fix was related to an idea DJames1 had. I changed my iptables to use tunnelto.us and it didn’t work either. So I tried setting the router to use Unblock US as the main DNS as well as in iptables, and it worked.
As I said before, this worked fine for months up until Friday. I don’t know if it’s the new build or something else, but I believe that something is now verifying(?) DNS using the DHCP-supplied DNS as well as Google’s hard-coded DNS.
I don’t want all machines on my home network using Unblock US’s DNS, so I updated my router config to supply Unblock US DNS entries via DHCP just to the ChromeCast. This works fine. If you want to do the same, and you’re using DD-WRT, just add this to your Additional DNSMasq Options:
dhcp-option=altdns,6,208.122.23.23,208.122.23.22
dhcp-host=#ChromeCast MAC Address#,net:altdns
Obviously you need to change #ChromeCast MAC Address# to the MAC address of your own ChromeCast. And if you want to use other DNS entries instead of Unblock US, just change the two IP addresses in the first line.
I’m sure there are other ways of achieving the same ends, but this worked for me. And the easiest option is just to use Unblock US as the DNS for your router/DHCP as well as the iptables entries.
I hope this helps anyone else who has the same problem. Many thanks for your help and advice.
RandomUser6 said:
I hope this helps anyone else who has the same problem. Many thanks for your help and advice.
Click to expand...
Click to collapse
Is there any chance that the CC is now using the DHCP given DNS addresses and is NOT hardcoding to 8.8.8.8 any more?
generationgav said:
Is there any chance that the CC is now using the DHCP given DNS addresses and is NOT hardcoding to 8.8.8.8 any more?
Click to expand...
Click to collapse
I can't say but it would make some sense that the DNS used will change depending on the Country Code of the device.
So a CCast in the UK might use a hardcoded DNS for GoogleUK server as opposed to a US server....
You're right!
generationgav said:
Is there any chance that the CC is now using the DHCP given DNS addresses and is NOT hardcoding to 8.8.8.8 any more?
Click to expand...
Click to collapse
Well now that's an incredibly good question! I'm embarrassed that that didn't occur to me and I didn't check it.
So, I deleted my iptables setup, set my tablet to use Unblock US DNS's directly (instead of using 8.8.8.8 and having that translated), and it still works.
It seems you're right. My router is providing Unblock US DNS to the ChromeCast via DHCP, and (I think) that's it. That's the only non-standard bit.
So, yes, it looks to me like it's now just taking the DHCP DNS and using that instead of Google's hardcoded DNS.
Thanks for figuring this out! (I'm still a bit embarrassed I didn't notice it.)
RandomUser6 said:
Well now that's an incredibly good question! I'm embarrassed that that didn't occur to me and I didn't check it.
So, I deleted my iptables setup, set my tablet to use Unblock US DNS's directly (instead of using 8.8.8.8 and having that translated), and it still works.
It seems you're right. My router is providing Unblock US DNS to the ChromeCast via DHCP, and (I think) that's it. That's the only non-standard bit.
So, yes, it looks to me like it's now just taking the DHCP DNS and using that instead of Google's hardcoded DNS.
Thanks for figuring this out! (I'm still a bit embarrassed I didn't notice it.)
Click to expand...
Click to collapse
Interesting. My Chromecast in Canada definitely is still using Google's hard coded DNS, but the firmware version still isn't the newer one you've reported.
Sent from my Nexus 5 using Tapatalk
RandomUser6 said:
So, yes, it looks to me like it's now just taking the DHCP DNS and using that instead of Google's hardcoded DNS.
Click to expand...
Click to collapse
That’s not the case with my chromecast (spanish, not imported, with up-to-date firmware, 16041 IIRC) :
Code:
[email protected]:~# tcpdump -nli br-lan host 10.12.30.1 and port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-lan, link-type EN10MB (Ethernet), capture size 65535 bytes
18:01:05.016228 IP 10.12.30.1.37745 > 8.8.8.8.53: 35107+ A? lh3.googleusercontent.com. (43)
18:01:05.061083 IP 8.8.8.8.53 > 10.12.30.1.37745: 35107 4/0/0 CNAME googlehosted.l.googleusercontent.com., A 173.194.34.235, A 173.194.34.236, A 173.194.34.234 (120)
18:02:12.584606 IP 10.12.30.1.42801 > 8.8.8.8.53: 49188+ A? clients3.google.com. (37)
18:02:12.626840 IP 8.8.8.8.53 > 10.12.30.1.42801: 49188 12/0/0 CNAME clients.l.google.com., A 173.194.41.9, A 173.194.41.0, A 173.194.41.5, A 173.194.41.1, A 173.194.41.4, A 173.194.41.6, A 173.194.41.7, A 173.194.41.2, A 173.194.41.14, A 173.194.41.8, A 173.194.41.3 (237)
18:03:06.852570 IP 10.12.30.1.54056 > 8.8.8.8.53: 18326+ A? lh4.googleusercontent.com. (43)
18:03:06.898487 IP 8.8.8.8.53 > 10.12.30.1.54056: 18326 4/0/0 CNAME googlehosted.l.googleusercontent.com., A 173.194.41.10, A 173.194.41.11, A 173.194.41.12 (120)
18:05:09.640580 IP 10.12.30.1.53769 > 8.8.8.8.53: 61549+ A? clients3.google.com. (37)
18:05:09.687719 IP 8.8.8.8.53 > 10.12.30.1.53769: 61549 12/0/0 CNAME clients.l.google.com., A 173.194.41.224, A 173.194.41.233, A 173.194.41.230, A 173.194.41.229, A 173.194.41.228, A 173.194.41.227, A 173.194.41.238, A 173.194.41.231, A 173.194.41.232, A 173.194.41.225, A 173.194.41.226 (237)
18:05:09.913235 IP 10.12.30.1.43963 > 8.8.8.8.53: 14131+ A? lh5.googleusercontent.com. (43)
18:05:09.954725 IP 8.8.8.8.53 > 10.12.30.1.43963: 14131 4/0/0 CNAME googlehosted.l.googleusercontent.com., A 173.194.41.10, A 173.194.41.12, A 173.194.41.11 (120)
My router’s dhcp server tells the clients on my network (including my chromecast) that they should use 10.12.0.1 as their dns server.
As you can see in tcpdump output above, the chromecast (10.12.30.1) is ignoring that and using 8.8.8.8.
New build?
kpiris said:
That’s not the case with my chromecast (spanish, not imported, with up-to-date firmware, 16041 IIRC) :
Click to expand...
Click to collapse
Interesting. My problems started last Friday, and mine is reporting (stock) build 16278.
Make sure you reboot router and Chromecast at the start of each test for clean results as DNS queries can be cached.
It seems that firmware 16278 has only been reported in the UK. Anyone seeing that outside of the UK?
Restart, restart, restart...
bhiga said:
Make sure you reboot router and Chromecast at the start of each test for clean results as DNS queries can be cached.
Click to expand...
Click to collapse
Yeah, today was a bit of a restart frenzy for me. Both the router and the ChromeCast have been powered off and back on again since the config changes and they continue to work.
cmstlist said:
It seems that firmware 16278 has only been reported in the UK. Anyone seeing that outside of the UK?
Click to expand...
Click to collapse
Yes here in Denmark, my cc has 16278