newspaint

Documenting Problems That Were Difficult To Find The Answer To

Monthly Archives: August 2014

Why Negative Equity Is A Bad Thing

What Is Negative Equity

Wikipedia defines negative equity as

Negative equity occurs when the value of an asset used to secure a loan is less than the outstanding balance on the loan.

Let’s say you buy your first home. It is worth €50,000 (I could use pounds or dollars or any other currency interchangeably). You put in a deposit of €10,000 which is 20% of the value of the property. The bank lends you €40,000. Your equity is the value of the home minus the value of the loan (€50,000home value – €40,000loan = €10,000equity).

Most people focus on how great it would be if the value of the property increases. Let’s say the property value increases to €60,000 (that’s what somebody would pay if you sold the property). Assuming you hadn’t paid off any of the loan (the loan is still €40,000) then your equity would be (€60,000home value – €40,000loan) €20,000. If you sold your home you would be €10,000 richer than when you started – and the bank would get all their money back.

But perhaps the market corrects a little because you bought in the peak (probably you bought in the peak, that’s when most people feel pressure to buy). Your home goes down from €50,000 to €45,000. When you come to sell you give back the €40,000 you owe to the bank for the loan and you are left with €5,000 (half your deposit). You lost €5,000. That’s harsh but you still had positive equity (€45,000home value – €40,000loan = €5,000equity).

Now the worst case scenario: the market crashes. Your home value goes from €50,000 to €35,000. Your equity now stands at (€35,000home value – €40,000loan) minus €5,000. That’s right, €-5,000. This is negative equity (because the equity is below zero).

What’s So Bad About Negative Equity

You cannot sell when you cannot repay the loan to the bank! It’s that simple. You’re stuck.

Your choices are limited to staying where you are and paying off the mortgage (which might have another 25 years to go). Or you declare bankruptcy.

Well, is this so bad, you think, if you can just continue repaying the loan – at least you have a home! You’re right, it’s not so bad, but you’re denied options.

You cannot sell and move to another town or city where there are higher paying jobs. This may make it nearly impossible to improve your situation in the event that your town has had problems with lower employment and lower property values.

If you had some positive equity you could at least sell (make a loss) and move on. But when you’re in negative equity you simply cannot sell. You either continue paying your mortgage or you declare bankruptcy.

Okay I Can’t Sell, What’s So Bad About That

Your mortgage is probably fixed for 2-5 years. At the end of that fixed rate period your mortgage will go to the floating rate – which, in a bad year, could go anything up to 20%! Just because interest rates have been low in recent years doesn’t mean it can’t go high. The future is unpredictable. You won’t be able to remortgage at a lower, fixed, rate because banks will not lend when you’re in negative equity.

If the value of your home is going down that might indicate other serious problems in the economy. Perhaps the area is less desirable – increased crime. Perhaps there are fewer jobs – and less demand for property. Less demand for rent. So even if you wanted to get a good job somewhere else you wouldn’t be able to rent out your home to cover the costs of renting in your desired town.

You may be okay if the downturn is temporary – in which case just continuing to pay the mortgage payments will get you through that bad time. But do you know it is just a temporary blip and not a more permanent situation?

The Moral Of The Story

Always have as large a deposit as you can when buying a home. Don’t ever think about buying a first home with less than 10% equity (deposit). Try and have 20% equity (deposit). That way – if things do go wrong you hopefully have some time to consider your options while you have them (i.e. sell and move somewhere else).

Getting â Instead Of Quote Marks In GCC Output In Linux Using Putty

So you run gcc in your Linux terminal (through Putty) and instead of printing the single quote mark you get a funny-looking “a” character with a caret (upside-down V) on top:

gcc -c -Wall -O0 -g expand.c -o expand.o
expand.c: In function âfind_variableâ:
expand.c:1751:68: error: expected â)â before âSIZE_T_FMTâ
expand.c: In function âcompute_nhashâ:
expand.c:1423:3: warning: format â%dâ expects argument of type âintâ, but argument 2 has type âlong unsigned intâ [-Wformat]

How to fix this? You can either (but it will cause trouble trying to view man pages later):

myuser@myhost:~# export TERM=uxterm

Or you go Settings -> Window -> Translation in Putty and configure it for UTF-8. See this forum post.

Session Settings For UTF-8 in Putty

Session Settings For UTF-8 in Putty

Now you get:

gcc -c -Wall -O0 -g expand.c -o expand.o
expand.c: In function 'find_variable':
expand.c:1751:68: error: expected ')' before 'SIZE_T_FMT'
expand.c: In function 'compute_nhash':
expand.c:1423:3: warning: format '%d' expects argument of type 'int', but argument 2 has type 'long unsigned int' [-Wformat]

Testing a New Exim Configuration File Before Deployment

Crafting an Exim (open-source SMTP mail server) configuration or even making minor changes is no subtle feat!

Given how critical e-mail is to your business or organisation there is no question that you want to thoroughly test your configuration before deploying to production.

This article makes heavy use of the https://github.com/Exim/exim/wiki/TestingExim page. Note that http://bradthemad.org/tech/notes/exim_cheatsheet.php is a great resource, too. The Exim official command line documentation is invaluable.

Verify Configuration

With a very basic introductory configuration:

CONFDIR = /etc/exim4
daemon_smtp_port = 25 : 465
tls_on_connect_ports = 465
disable_ipv6

Let’s ensure that it parses:

root@myhost:/tmp/exim# exim -C test.conf -bV
Exim version 4.76 #1 built 28-Dec-2012 16:46:04
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 5.1.25: (January 28, 2011)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
2014-08-22 14:32:26 Exim configuration file test.conf has the wrong owner, group, or mode

Ah, looks like we have to change the mode of the file:

root@myhost:/tmp/exim# chmod 600 test.conf
root@myhost:/tmp/exim# exim -C test.conf -bV
Configuration file is test.conf

If you were to make a spelling error:

CONFDIR = /etc/exim4
daemon_smtp_port = 25 : 465
tls_on_connect_ports = 465
isable_ipv6

then…

root@myhost:/tmp/exim# exim -C test.conf -bV
2014-08-22 14:37:20 Exim configuration error in line 4 of test.conf:
  main option "isable_ipv6" unknown

Test Access Control Lists

The -bh <ip_address> option runs a fake SMTP session as if it were from the given IP address.

This is crucial in differentiating between behaviour of your mailer to connections from locally (and presumably allowed to send mail anywhere out into the Internet) and from remotely (and presumably subject to tight controls such as no relaying or bans depending on IP address).

The following test configuration will be used in the following examples:

CONFDIR = /etc/exim4
daemon_smtp_port = 25 : 465
tls_on_connect_ports = 465
disable_ipv6
exim_path = /usr/sbin/exim4
hostlist hl_localhost = @ : 127.0.0.1 : ::::1
domainlist dl_local = @ : localhost
hostlist hl_relay_from = +hl_localhost
local_interfaces = 127.0.0.1 : ::::1
gecos_pattern = ^([^,:]*)
gecos_name = $1
smtp_banner = newspaint blog test ESMTP
acl_smtp_connect = acl_check_connect
acl_smtp_helo = acl_check_helo
acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_data = acl_check_data

##############################################################################
# ACL CONFIGURATION
##############################################################################
begin acl

acl_check_connect:
  # accept from local hosts
  accept
    hosts = +hl_localhost

  # accept from all others after a connection delay
  # some spammers will not wait for a connection
  accept
    delay = 1s

acl_check_helo:
  # accept from local hosts
  accept
    hosts = +hl_localhost

  # prevent remote site claiming to be local site
  deny
    message = invalid HELO host
    condition = ${if \
      match_domain {${lc:$sender_helo_name}}{+dl_local} \
      {true}{false} \
    }

  accept

acl_check_mail:
  # deny if no HELO command given
  deny
    condition = ${if def:sender_helo_name {no}{yes}}
    delay = 10s
    message = no HELO given before MAIL command

  accept

acl_check_rcpt:
  # accept if the source is local SMTP (not TCP/IP)
  accept
    hosts = :

  deny
    domains = +dl_local
    local_parts = ^[.] : ^.*[@%!/|`\#&?]
    message = restricted characters in address

  deny
    domains = !+dl_local
    local_parts = ^[./|] : ^.*[@%!`\#&?] : ^.*/\\.\\./
    message = restricted characters in address from non-local connection

  # accept for relay hosts
  accept
    hosts = +hl_relay_from
    control = submission/sender_retain

  # allow relaying for authenticated connection
  accept
    authenticated = *
    control = submission/sender_retain

  deny
    !domains = +dl_local
    message = relay not permitted

  deny
    !verify = recipient

acl_check_data:
  accept

##############################################################################
# ROUTERS CONFIGURATION
##############################################################################
begin routers

dnslookup:
  debug_print = "R: dnslookup for $local_part@$domain"
  driver = dnslookup
  domains = !+dl_local
  transport = remote_smtp
  same_domain_copy_routing = yes
  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16 :\
			255.255.255.255
  no_more

  # The "no_more" above means that all later routers are for
  # domains in the local_domains list, i.e. just like Exim 3 directors.

localuser:
  debug_print = "R: localuser for $local_part@$domain"
  driver = accept
  domains = +dl_local
  check_local_user
  transport = maildir_home

##############################################################################
# TRANSPORTS CONFIGURATION
##############################################################################
begin transports

remote_smtp:
  debug_print = "T: remote_smtp for $local_part@$domain"
  driver = smtp

maildir_home:
  debug_print = "T: maildir_home for $local_part@$domain"
  driver = appendfile
  directory = $home/Maildir
  #create_directory
  delivery_date_add
  envelope_to_add
  return_path_add
  maildir_format
  directory_mode = 0770
  mode = 0660

So the acl_check_helo access control list (ACL) should permit local connections to give any name they like with the HELO command but external connections should reject a HELO with localhost as the name.

To test this simulate a connection from the Internet (let’s use the fictional address 1.2.3.4):

root@myhost:/tmp/exim# exim -C test.conf -bh 1.2.3.4
**** SMTP testing session as if from host 1.2.3.4
>>> using ACL "acl_check_connect"
>>> processing "accept"
>>> check hosts = +hl_localhost
>>> gethostbyname2 looked up these IP addresses:
>>>   name=myhost address=127.0.0.1
>>>   name=myhost address=127.0.1.1
>>> host in "@ : 127.0.0.1 : ::::1"? no (end of list)
>>> host in "+hl_localhost"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check delay = 1s
>>> delay modifier requests 1-second delay
>>> delay skipped in -bh checking mode
>>> accept: condition test succeeded
220 newspaint blog test ESMTP
HELO localhost
>>> localhost in helo_lookup_domains? no (end of list)
>>> using ACL "acl_check_helo"
>>> processing "accept"
>>> check hosts = +hl_localhost
>>> host in "+hl_localhost"? no (end of list)
>>> accept: condition test failed
>>> processing "deny"
>>> localhost in "@ : localhost"? yes (matched "localhost")
>>> localhost in "+dl_local"? yes (matched "+dl_local")
>>> check condition = ${if match_domain {${lc:$sender_helo_name}}{+dl_local} {true}{false} }
>>>                 = true
>>> deny: condition test succeeded
550 invalid HELO host
QUIT
root@myhost:/tmp/exim#

Success! We were denied when trying to give the HELO localhost command when connecting from the outside Internet.

Let’s check that we can HELO as a different host:

root@myhost:/tmp/exim# exim -C test.conf -bh 1.2.3.4
  ...
220 newspaint blog test ESMTP
HELO test.com
  ...
>>> accept: condition test succeeded
250 myhost Hello test.com [1.2.3.4]
QUIT
root@myhost:/tmp/exim#

Success! Okay, now can we connect from localhost and issue the HELO localhost command?

root@myhost:/tmp/exim# exim -C test.conf -bh 127.0.0.1
  ...
220 newspaint blog test ESMTP
HELO localhost
  ...
>>> accept: condition test succeeded
250 myhost Hello localhost [127.0.0.1]
QUIT
root@myhost:/tmp/exim#

Success again! You should go through each access control list and test all combinations of expected results as an external and as a local IP address – verifying expected behaviour.

Test Routing

Test of routing as a local root user can be performed using the -bt <recipient_address> command-line option.

e.g. let’s test the above configuration mailing to the local root user:

root@myhost:/tmp/exim# exim -C test.conf -bt root@localhost
R: localuser for root@localhost
root@localhost
  router = localuser, transport = maildir_home

Looks good. How about trying to mail to a non-existent local user account?

root@myhost:/tmp/exim# exim -C test.conf -bt fictional@localhost
fictional@localhost is undeliverable: Unrouteable address

Good, we expected that. Now let’s try routing a message to the Internet:

root@myhost:/tmp/exim# exim -C test.conf -bt test@gmail.com
R: dnslookup for test@gmail.com
test@gmail.com
  router = dnslookup, transport = remote_smtp
  host gmail-smtp-in.l.google.com      [173.194.66.27] MX=5
  host alt1.gmail-smtp-in.l.google.com [64.233.164.27] MX=10
  host alt2.gmail-smtp-in.l.google.com [74.125.130.27] MX=20
  host alt3.gmail-smtp-in.l.google.com [74.125.203.27] MX=30
  host alt4.gmail-smtp-in.l.google.com [173.194.72.27] MX=40

Okay well let’s try e-mailing to a domain that doesn’t exist:

root@myhost:/tmp/exim# exim -C test.conf -bt test@zzzfailzzz.com
test@zzzfailzzz.com is undeliverable: Unrouteable address

Just as we expected – cannot route to that domain.

Mysterious Reasons Why Router Conditions Silently Fail

Exim will sometimes just ignore errors in router condition syntax and silently fail. See Exim bug #1518.

If you have too many reverse curly braces the condition will be ignored with no error (i.e. the router will not fail the condition ever):

begin routers

dnslookup:
  debug_print = "R: dnslookup for $local_part@$domain"
  driver = dnslookup
  domains = !+dl_local
  condition = ${if eq {${lc:$domain}} {google.com}} {yes} {no}}
  transport = remote_smtp
  no_more

If you try running:

root@myhost:/tmp/exim# exim -C test.conf -d -bt test@googb.com
Exim version 4.76 uid=0 gid=0 pid=28972 D=fbb95cfd
...
routing test@googb.com
--------> dnslookup router <--------
R: dnslookup for test@googb.com
checking "condition"
calling dnslookup router
set transport remote_smtp
queued for remote_smtp transport: local_part = test

This is bad. The condition succeeds where it should fail and, even worse, there’s absolutely no warning message from Exim to tell you the condition is not being processed.

The fix in this example is simple, remove the extra reverse brace after google.com:

condition = ${if eq {${lc:$domain}} {google.com} {yes} {no}}

Now the condition correctly fails and the router does not run (whereas previously, with the syntax error that wasn’t detected, the condition would be ignored and the router would incorrectly run).

Testing Local Deliveries

Local deliveries often require Exim to change user permissions and privileges. If you attempt to test a custom configuration local delivery you might get the following errors:

root@myhost:/tmp/exim# exim -C test.conf testuser@mydomain.com <message.txt
...
LOG: MAIN PANIC
  exim user lost privilege for using -C option
...
LOG: MAIN PANIC DIE
  unable to set gid=8 or uid=125 (euid=125): local delivery to testuser  transport=mylocaltransport

The top two reasons on the Internet for this message are:

  • You have forgotten to make the exim binary setuid to root. This means that it can never change uid/gid in any situation. Also, the setuid binary must reside on a disk partition that does not have the nosuid mount option set.
  • The exim binary is setuid, but you have configured Exim so that, while trying to verify an address at SMTP time, it runs a router that needs to change uid/gid. Because Exim runs as exim and not root while receiving messages, the router is unable to change uid and therefore it cannot operate. The usual example of this is a redirect router for users’ filter files.

But if you check for suid on the Exim binary and it is okay:

root@myhost:/tmp/exim# ls -al /usr/sbin/exim4
-rwsr-xr-x 1 root root 1073912 Dec 28  2012 /usr/sbin/exim4

… and your routers are not setting uid or gid then there’s a third possibility: the -C <file>:

When this option is used by a caller other than root, and the list is different from the compiled-in
list, Exim gives up its root privilege immediately, and runs with the real and effective uid and gid
set to those of the caller. However, if a TRUSTED_CONFIG_LIST file is defined in
Local/Makefile, that file contains a list of full pathnames, one per line, for configuration files which
are trusted. Root privilege is retained for any configuration file so listed, as long as the caller is the
Exim user (or the user specified in the CONFIGURE_OWNER option, if any), and as long as the
configuration file is not writeable by inappropriate users or groups.

If ALT_CONFIG_PREFIX is defined in Local/Makefile, it specifies a prefix string with which any
file named in a -C command line option must start. In addition, the file name must not contain the
sequence /../. However, if the value of the -C option is identical to the value of CONFIGURE_
FILE in Local/Makefile, Exim ignores -C and proceeds as usual. There is no default setting for
ALT_CONFIG_PREFIX; when it is unset, any file name can be used with -C.

ALT_CONFIG_PREFIX can be used to confine alternative configuration files to a directory to
which only root has access. This prevents someone who has broken into the Exim account from
running a privileged Exim with an arbitrary configuration file.

I checked my Operating System:

root@myhost:/tmp/exim# lsb_release -a
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.5 LTS
Release:        12.04
Codename:       precise

There is a file for Ubuntu named /etc/exim4/trusted_configs. In there I put the full path to my test Exim configuration.

/tmp/exim/test.conf

Then I had to run my delivery test with the full path to the test configuration:

root@myhost:/tmp/exim# exim -C /tmp/exim/test.conf testuser@mydomain.com <message.txt
  ...

Filtering EasyList For Hosts-File Style Adblock

If you have an Android (rooted CyanogenMod) phone you may be wondering how to block advertising from your web browser.

You may have heard of the hosts file trick that makes the phone assume certain (advertising) domains are hosted at the localhost (127.0.0.1) – which is the phone itself and not running its own web server and thus will instantly respond to any such requests with a “cannot connect” type response – quickly and simply filtering out advertisement domains.

We can make use of Adblock filtering lists such as EasyList by looking for any whole-domain rules, extracting the domain name, and putting into the hosts file.

The script is as follows:

#!/usr/bin/perl -w

use strict;

my %hosts = ();
while ( <> ) {
    if ( $_ =~ m/^\|\|([a-z][a-z0-9-_.]+\.([a-z]{2,3}))\^\s*$/ ) {
        $hosts{$1} = 1;
    }
}

foreach my $host ( sort keys %hosts ) {
    print( "127.0.0.1\t$host\n" );
}

We can use this by downloading the EasyList (as, say, easylist.txt). Then:

user@host:~> perl filter-easylist-to-hosts.pl easylist.txt >easylist.hosts

As of 2014-08-18 there were 5029 such hosts in the list. You can add them to a hosts.new file. This file should look something like (all domains except localhost are fictionalised in this example):

127.0.0.1	localhost

127.0.0.1	an.advertising.net
127.0.0.1	be.advertised.to
127.0.0.1	more.commercialism.com
...
127.0.0.1	zzz.adverts.biz

You must ensure that your hosts file always has a localhost entry in it.

Next, connect your phone via USB and shell to it. The steps are:

  • push the new hosts file to the SD card (temporary location)
  • shell to the phone, become super user
  • find the /system mount path, remount /system as rw (read-write)
  • copy the old /etc/hosts file (backup)
  • copy the new /sdcard/hosts.new file to /etc/hosts
  • remount /system as ro (read-only)
user@host:~> adb push hosts.new /sdcard/
1572 KB/s (236687 bytes in 0.147s)

user@host:~> adb shell
shell@p880:/ $ su
root@p880:/ # mount |grep system
/dev/block/platform/sdhci-tegra.3/by-name/APP \
  /system \
  ext4 \
  ro,seclabel,noatime,nodiratime,user_xattr,acl,barrier=0,data=ordered,noauto_da_alloc \
  0 0
root@p880:/ # mount -o rw,remount \
  /dev/block/platform/sdhci-tegra.3/by-name/APP \
  /system
root@p880:/ # cd /etc
root@p880:/etc # cp hosts hosts.old
root@p880:/etc # cp /sdcard/hosts.new ./hosts
root@p880:/etc # mount -o ro,remount \
  /dev/block/platform/sdhci-tegra.3/by-name/APP \
  /system
root@p880:/etc # exit
shell@p880:/ $ exit
user@host:~>

What Speed Is My Ethernet Interface or Link?

Operating System Command
Linux (mii-tool)
root@host:~# mii-tool eth0
eth0: negotiated 1000baseT-HD flow-control, link ok
      
Linux (ethtool)
root@host:~# ethtool eth0
Settings for eth0:
        Supported ports: [ TP ]
        Supported link modes:   10baseT/Half 10baseT/Full 
                                100baseT/Half 100baseT/Full 
                                1000baseT/Half 1000baseT/Full 
        Supported pause frame use: No
        Supports auto-negotiation: Yes
        Advertised link modes:  10baseT/Half 10baseT/Full 
                                100baseT/Half 100baseT/Full 
                                1000baseT/Half 1000baseT/Full 
        Advertised pause frame use: Symmetric
        Advertised auto-negotiation: Yes
        Speed: 1000Mb/s
        Duplex: Full
        Port: Twisted Pair
        PHYAD: 1
        Transceiver: internal
        Auto-negotiation: on
        MDI-X: Unknown
        Supports Wake-on: g
        Wake-on: g
        Current message level: 0x000000ff (255)
                               drv probe link timer ifdown ifup rx_err tx_err
        Link detected: yes
      
Linux (dmesg)
root@host:~# dmesg |grep eth0 |grep -i link
[524281.831899] tg3 0000:02:00.0: eth0: Link is down
[524286.847555] ADDRCONF(NETDEV_UP): eth0: link is not ready
[524292.981252] tg3 0000:02:00.0: eth0: Link is up at 1000 Mbps, full duplex
[524292.983015] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
      
OpenWRT Switch
root@host:~# swconfig list
Found: switch0 - ag71xx-mdio.0
root@host:~# swconfig dev switch0 show
Global attributes:
        enable_vlan: 0
        enable_mirror_rx: 0
        enable_mirror_tx: 0
        mirror_monitor_port: 0
        mirror_source_port: 0
Port 0:
        mib: Port 0 MIB counters
  ...
        pvid: 0
        link: port:0 link:up speed:1000baseT full-duplex txflow rxflow 

Port 1:
        mib: Port 1 MIB counters
  ...
        pvid: 0
        link: port:1 link:down

Port 2:
  ...
        pvid: 0
        link: port:2 link:down

Port 3:
  ...
        pvid: 0
        link: port:3 link:up speed:100baseT full-duplex auto

Port 4:
  ...
        pvid: 0
        link: port:4 link:up speed:1000baseT full-duplex auto
      
Windows 7
C:\> wmic NIC where NetEnabled=true get Name, Speed
Name                                Speed
Realtek PCIe GBE Family Controller  1000000000
      
Solaris
ndd -set /dev/hme instance 0
ndd -get /dev/hme link_status
ndd -get /dev/hme link_mode
ndd -get /dev/hme link_speed
      


See Also

Problems With IIS Express Files When Opening Project In Visual Studio

Problem

When attempting to open a Solution (with Projects) in Visual Studio you may see the following message:

One or more projects could not be loaded.

On clicking Reload on the Solution you see a message saying that IIS Express could not open a file due to corruption.

Solution

First close Visual Studio!

Rename the My Documents > IIS Express > config folder to something else (e.g. old_config).

Next time Visual Studio is opened it will create a new configuration folder and be able to load the project.

Upgrading OpenWRT to Barrier Breaker 14.07-rc2

On my Buffalo WZR-HP-AG300H I thought it was time to upgrade from Attitude Adjustment to Barrier Breaker. (See below for upgrading to 14.07-rc3).

So I downloaded image openwrt-ar71xx-generic-wzr-hp-ag300h-squashfs-sysupgrade.bin and uploaded that to the router using the LuCI web interface on the router (System -> Backup/Flash Firmware -> Flash new firmware image).

Well the router rebooted. But there was a problem. No web server. No LuCI web configuration application. The latest OpenWRT firmware wiki page states that:

Prebuilt trunk images do not come with any web interface or GUI. You will need to be comfortable using a command line and remote shell to install one yourself: LuCI Essentials

Fortunately the Ethernet networking was still functioning. So I had to install LuCI. But it wasn’t so simple.

user@home# ssh root@192.168.176.1

BusyBox v1.22.1 (2014-07-21 23:44:00 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 BARRIER BREAKER (14.07-rc2, r41815)
 -----------------------------------------------------
  * 1/2 oz Galliano         Pour all ingredients into
  * 4 oz cold Coffee        an irish coffee mug filled
  * 1 1/2 oz Dark Rum       with crushed ice. Stir.
  * 2 tsp. Creme de Cacao
 -----------------------------------------------------

root@myrouter:~# opkg update
Downloading http://downloads.openwrt.org/barrier_breaker/14.07-rc2/ar71xx/generic/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/barrier_breaker.

root@myrouter:~# opkg install luci-ssl # should but doesn't get all we need
root@myrouter:~# opkg install luci-base
root@myrouter:~# opkg install luci-i18n-english
root@myrouter:~# opkg install luci-lib-httpclient # needed for CGI to work
root@myrouter:~# opkg install luci-lib-proto-ppp # needed for PPPoE to my ISP in LuCI
root@myrouter:~# opkg install luci-app-firewall # needed for port forwards in LuCI
root@myrouter:~# /etc/init.d/uhttpd enable # needed to auto-start webserver on boot
root@myrouter:~# reboot # restart router to take new packages

Now if I haven’t skipped any steps you should be able to use your web browser to configure the router.

If you want to know what packages are available from the command line type:

opkg update; opkg list

If you want to know what packages are installed on the router type:

opkg list-installed

It seems that, at the moment, Barrier Breaker comes with a limited set of packages on default install.


Ethernet Switch Disabled by Default

Ticket #11143 documents a very real problem when upgrading to Barrier Breaker. The 4-port Gigabit Ethernet switch on the back of the router will pass traffic between router and ports, but not between ports.

The fix is to edit your /etc/config/network file and ensure the switch and switch_vlan sections are as follows:

config switch
        option name 'switch0'
        option enable_vlan '1'
        option reset '1'

config switch_vlan
        option vlan '3'
        option device 'switch0'
        option ports '0 1 2 3 4'

You can set vlan to any number from 1 to 15 (not zero). If you specify the ports string wrong the switch will silently fail (I was mistakenly trying to set it to 0 1 2 3 4 5 but that was one too many digits and the switch simply didn’t configure.

What this does: is turn on VLAN functionality in the switch. However we specify each port to be untagged (i.e. normal) and all the ports share the same VLAN (in this case I chose number 3 but any number except zero would do).

You can confirm that the switch is named switch0 by ssh’ing into the router and typing:

root@myrouter:~# swconfig list
Found: switch0 - ag71xx-mdio.0

Warning: if you can only access your router via wired Ethernet (and not radio) then you may disable access to your router – and have to TFTP flash it all over from scratch. So back up your configuration first!

When you are confident enter the command /etc/init.d/network restart – disconnect from the router and re-connect (or just reboot the router).

The LuCI GUI has a helpful page on the switch that lets you see which switch ports have been connected to (and what link speeds):

Barrier Breaker LuCI Switch Page

Barrier Breaker LuCI Switch Page


Upgrading to Release Candidate 3

2014-08-17: I upgraded my router to rc3 by downloading the firmware image openwrt-ar71xx-generic-wzr-hp-ag300h-squashfs-sysupgrade.bin.

I had to install LuCI again:

root@myrouter:~# opkg install luci-ssl
Installing luci-ssl (svn-r10471-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07-rc3/ar71xx/generic/packages/luci-ssl_svn-r10471-1_ar71xx.ipk.
Installing libustream-polarssl (2014-03-25-fc0b5ec804ee43c532978dd04ab0509c34baefb0) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07-rc3/ar71xx/generic/packages/libustream-polarssl_2014-03-25-fc0b5ec804ee43c532978dd04ab0509c34baefb0_ar71xx.ipk.
Installing libpolarssl (1.3.7-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07-rc3/ar71xx/generic/packages/libpolarssl_1.3.7-1_ar71xx.ipk.
Installing px5g (1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07-rc3/ar71xx/generic/packages/px5g_1_ar71xx.ipk.
Configuring libpolarssl.
Configuring libustream-polarssl.
Configuring px5g.
Configuring luci-ssl.

root@myrouter:~# opkg install luci-i18n-english
Installing luci-i18n-english (svn-r10471-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07-rc3/ar71xx/generic/packages/luci-i18n-english_svn-r10471-1_ar71xx.ipk.
Configuring luci-i18n-english.

root@myrouter:~# opkg install luci-lib-httpclient
Installing luci-lib-httpclient (svn-r10471-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07-rc3/ar71xx/generic/packages/luci-lib-httpclient_svn-r10471-1_ar71xx.ipk.
Configuring luci-lib-httpclient.

root@myrouter:~# opkg install luci-proto-ppp
Upgrading luci-proto-ppp on root from svn-r10467-1 to svn-r10471-1...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07-rc3/ar71xx/generic/packages/luci-proto-ppp_svn-r10471-1_ar71xx.ipk.
Configuring luci-proto-ppp.

root@myrouter:~# opkg install luci-app-firewall
Upgrading luci-app-firewall on root from svn-r10467-1 to svn-r10471-1...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07-rc3/ar71xx/generic/packages/luci-app-firewall_svn-r10471-1_ar71xx.ipk.
Configuring luci-app-firewall.

root@myrouter:~# /etc/init.d/uhttpd enable
root@myrouter:~# reboot

First observation: the LuCI GUI has a completely different style. Not sure if I like it, yet; the layout is less compact than previously.