Its been a long, long time since I blogged. Lots changed and lots to update on.
One major thing is I finally bit the bullet and dropped Windows Mobile 10. I was a long time user of W10M/8.1 Phone/8 Phone but I accepted fate and realised I am missing out on functionality, security, apps and tools. Whilst I still think Windows 10 is brilliant, I do use occasionally an Android tablet. The flexability and app store is very impressive, plus there s no way i’m ever going back to Apple.
So having done some research a while back and nearly going for a Samsung Galaxy 8 (v v expensive) then being curious by OnePlus, I preordered a OnePlus Five.
If you don’t know about them, check them out at https://oneplus.net/uk/5. Its bloody brilliant.
The OS is bang up to date, is fast and fluid. No crapware on there and the camera is great. Battery is brilliant, screen clear and nice and light. Well designed and I must say I’m seriously impressed. Ignore the crap about the ‘jelly effect’ as most of it comes from the fanboy sites and is hype over nothing.
Cisco have now released a BETA AnyConnect client for Windows Phone 8.1 availible here at the Windows Phone store
I havn’t tested the latest builds but the initial version had a few showstoppers that look like to have been fixed. Remember this uses SSL/TLS encryption only and your local security policy may mandate the use of IPsec, along with all its issues !
Also they dont appear to have fixed the session timeout bug so that may cause a few headaches with disconnects.
I have a fairly old car. Its a 2005 Land Rover Discovery 3 that I purchased back in 2009. Its a base model which meant it come without any of the frills and flash in car entertainment that the high spec HSE models come with.
It has its advantages. It means I can upgrade what I like without meaning causing issues with other features of the car.
In turn I have now replaced the head unit (for a Pioneer DAB, Bluetooth device) and then about three years ago fitted an in car PC. Ill detail this in another post but effectively its a ruggedised PC, with a 12v vehicle PSU (handles power cycle, starting cycle and power on/off) and allows attachments such as GPS, Bluetooth, Video Capture, Touch Screen, A/D Input/Output module etc and can be used for many things. Navigation, Media/Video, Camera recording and many other things. You can run Linux or Windows. I now have Windows 8.1 and run a custom front end called Centrafuse which controls everything and acts as the skin to control everything.
I guess they are not as popular now cheap tablets can be had for as little as £100 with GPS, SD cards and Bluetooth to be had.
Its been a bit of a labour of love and very testing at times. I have been meaning to document it for ages and this post has made me remember this. So I shall begin….
Like most folks who work in the tech/IT field, people are always asking for my opinion about kit, especailly PC’s.
My reply was usually ‘how much do you want to spend ?’ Today, this got me thinking……. is there any such thing as a ‘crap’ PC any longer ?
With the advent of cheap tablets (some are just piles of shite that will end up in landfill) the PC makers seem to be giving PC’s away that have better, and better spec. For instance i3, 4GB RAM, 1TB hard disks on budget £350 laptops.
Whist the screen will be a crap 1366 x 768 resolution screen and the battery will probably last 3 hours (mainly due to all of the OEM junkware thats installed) you can still do far more than you ever will on a tablet computer device. Perhaps peoples habbits are changing and if all they do is use email and FaceTwatterBook then good riddance, It means I dont have to fix the bloody thing.
However people who actually need a PC for Media, iTunes, Photo/Video editing then its still the best for the job. They are eminantly flexible and can still be customised to do what you like. Depite what the press may say, Windows 8.1 (with the new Update 1) makes switching between the Metro/Modern Start Screen apps and traditional desktop a breeze. If you are still suffering the $5 spent on Start8 will soon sort you out.
Remove all of the cack the thing comes with. Whatever you do dont buy or run McAfee or Norton AV. Remove it and Microsoft Defender will be activated which is fine for most users. Dont waste your cash….. seriously…
They arent the same as the crap that was pushed when the whole Netbook craze came around. Bit like 3D TV’s really, it was just a fad. Luckilly the Atom seems to be have relegated to small headless kit, tablets and even phones. Its even now pretty good 🙂
So thats my opinion as of today, even thought I have just dropped the best part of £1800 on an awsome Lenovo T440S fully loaded !
The ASA also uses Group Policy (not AD group policy!) configuration. In here you set useful things such as DNS, domain and other properties. Its also the area to configure specifics for the IPSEC Phase 2 connection. I normally use a GP per connection as its allows some flexibility when making changes later on. You can also set some values within the default group policy that will be standard over the whole of your ASA, which depending on if inherit is turned on or not get set.
For Apple iOS devices IP Compression and PFS have to be turned on. On Android, these are not. You get a strange symptom (if set) where the Android handset claims its connected (and the ASA even issues an IP address) but the device never shows connected in ASDM. It was only with use of various debugs that I managed to find this out.
That should complete all of the configuration requried to allow iOS and Android devices to connect to a Cisco ASA using the inbuilt native IPSEC client using x509 certificates. You really arn’t using Pre Shared Keys in this day and age are you ?
This allow the device to at least connect to the ASA to authenticate.
There is an assumption that your ASA already has installed and trust’s the CA’s that the client device certificates are issued by. This is out of scope for here however its imperative that this is in place. Its also crazy if you havent got CRL processing in place but you should know that as well.
From a ASA profile perspective its simple. As stated before both Andoid and IOS only support IKE v1 so you have to create IKEv1 profiles for these connections. The strange part of defining an IKEv1 profile is that is has to have a AAA entry set. In my case I normally define a new AAA group that has no authentication.
aaa-server NO_USER_AUTH protocol http-form
This can then be applied to a new profile. Its not used for authentication (remember – you are using Cerificates only) thus
tunnel-group IOSandAND type remote-access
tunnel-group IOSandAND general-attributes
! Clients will use addressing from the named pool shown
! Dont use any client authentication (other than Certificate)
! Group policy applied for connection
tunnel-group IOSandAND ipsec-attributes
! Define CA that client connections will be signed by
ikev1 trust-point MyCA.key
! Define no user authentication
ikev1 user-authentication none
Depending on if you use DAP etc (and you really should) you will have to add basic policy to allow Andoid and IOS devices to connect. There are no posture checks availible for native clients due to what the clients expose. If you want to do this then the client will need to use the AnyConnect client (free), will need a AnyConnect Mobility licence for the ASA (circa £500) and you can then use IKEv2 which negates a lot of this configuration.
I have been thinking about just putting some thoughts down for a while. I’d also like to say I don’t have a favourite vendor or affinity with a manufacturer. I work with Microsoft, Google and other companies stuff all the time. The right tool for the job is my ethos.
Recently I have got a real hump with Apple in general. We have had (in total) in our house:
2 x iPod touch
So you can’t say I can’t talk about their stuff as they have certainly taken my money.
My main problem is how quickly they seem to abandon products and stop releasing upgrades/patches. My old first gen iPod Touch is stuck on iOS 3 something which has known security vulnerabilities and at the time they could of fixed. In the end it helped as I could use the PDF flaw to install Cydia but that’s another story. My iPhone 4 and iPad 2 are more than capable of running Siri but no you need to upgrade. ( Turns out its crap anyway but that’s not the point ). iOS 6 maps are a joke and don’t get me started on there ‘Enterprise’ features such as VPN that I’m currently fighting with.
Their lock in also annoys me. The only method of playing stuff purchased on iTunes’s is to use a MacBook with iTunes and let that download purchased tunes so you can extract MP3’s from its file system. So iCloud won’t let you access anything of use using a browser. Not even my bloody photos taken with iDevices. Even my MacBook running OSX Lion can’t unless I pay £10 for an iPhoto upgrade. And iTunes is still a spreadsheet smothered in excrement.
Don’t get me wrong. The industrial design is mostly beautiful and has helped inspire/ kick the industry into making decent products. However they also make some stupid decisions like the new lightning connectors on the new kit. 1000’s of aftermarket devices just going to end up in landfill or lots of £20 adapters being sold……
I’m astounded that normal folks will pay a lot of their hard earned money to buy their devices. Perhaps they don’t care about some of the things I have said but its very difficult to explain to them that no I can’t get your pictures off easily or no you music can’t be played anywhere else
Me. Well the iPad and macbook are going soon. The iPhone went a while back so I have nearly purged my life of their stuff. Not good riddance but more ‘go away, get your sh1t together and don’t bother me for a while’
Yay. I’m finally free of my iPhone 4 as of a couple of days ago. They may be fairly decent portable computers but IMHO are second rate phones. Also once you are outside of the standard apps most of the others are pretty crummy
I’m now the proud owner of a Nokia Lumia 900 running Windows Phone 7. If you want to see something really well thought out with beautiful hardware then check one out. The integration the OS has with Twitter and Facebook is really good and sets a standard iOS really needs to catch up to
Plus im not an iSheep (well apart from the iPad, Mac and old iPod Touch) but im working on that!
I have been a loyal (?) customer of Oranges for over 15 years but am at the end of my tether with their network
I have an iPhone 4 and yes I know it’s a crap phone but why is there 3g network so bad. I am working in a ‘new’ town so would expect decent coverage but no. 3G lies like a cheap watch and is slower than manually setting GPRS, calls continually drop even when the phones showing 3 bars. The place I’m working for even uses Orange as a supplier for 3G and I’m not sure how they put it with the shoddyness.
I have the same issue at home but made even worse by continually swapping between Orange/T Mobile. Supposedly the result of their ‘everything everywhere’ initiative that feels like ‘nothing nowhere’
Take my advice. Leave or avoid Orange at all costs!!!!!