Huawei Nexus 6P Battery Upgrade

I’ve had my Huawei Nexus 6P for about two years now. The combination of a great camera, an excellent screen, good performance and decent battery life has made this my best smartphone ever.

However, a couple of months ago something happened as the battery capacity appeared to have collapsed dramatically. Sometimes the phone would shut down only 5 hours after I had disconnected it from the AC charger when I left home, starting off supposedly fully charged! I had to always carry a USB battery and cable with me to not risk losing the use of my phone in the middle of the day.

Attempts to recalibrate the capacity indicator helped only insofar as the phone would shut down at 14% charge instead of say 55% charge, so there was slightly more warning, but the number of hours was still too short. This actually seems to be a common problem with the Nexus 6P, which otherwise is still a great phone.

It’s not uncommon for Li-ion batteries to significantly lose capacity after about about three years, but if it happens after less than two years as in my case, that’s not very good. Fortunately, replacement batteries are available and any competent phone repair shop will be happy to do the necessary surgery to replace a battery that is on its way out. Unfortunately the days when you could simply pop open the phone case without any tools and swap the battery yourself are long gone. This is a trend started by Apple and almost every other phone maker has since followed suit. I think it’s meant to get people to buy a new phone sooner, which is good for Apple and its competitors, but bad for consumers and for the planet.

There are Youtube videos that will show you how you how to open the Nexus 6P case and disassemble the phone to swap the battery. This involves the use of a hairdryer or heat gun to soften the glue that holds it all together as well as a plastic card and a small screw driver. As I did not feel adventurous enough to attempt this myself, I contacted several phone repair shops here in Tokyo. Repair King Japan replied. Though they they didn’t have the Nexus 6P battery in stock they were happy to order one for me. Once they got it, I dropped the phone off and two hours later I could have it back with a new battery. So far it’s looking good: It’s been 40 hours since the last full charge (with battery saver mode inactive) and it’s still showing 64% with about 3 days of power left 🙂

Hopefully with the new battery my Nexus 6P will be a great phone again for a few more years!

Adding Free SSL Certificates for HTTPS To Your Websites

I recently received a warning email from Google:

“Starting October 2017, Chrome (version 62) will show a ‘NOT SECURE’ warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.

The recommended solution was to migrate the affected website(s) to HTTPS. This requires an SSL certificate. There are many companies selling those for hundreds of dollars. I didn’t really want to spend that money.

It turns out there is a free alternative: The Let’s Encrypt project (https://letsencrypt.org/) provides free SSL certificates with just enough functionality to run SSL with current browsers. It also provides automated tools that greatly assist you in obtaining and installing those certificates.

I had a default SSL host configured on my Apache 2.4 installation (inherited from a different server running Ubuntu) that I had to manually remove.

Then, when all virtual hosts only had port 80 (HTTP) enabled, I could run the certbot tool as root:

# certbot --apache

It enumerates all host names supported by your Apache installation. I ran it repeatedly, for each domain and the corresponding www. host name (e.g. joewein.net, www.joewein.net) in my installation and verified the results, one at a time. It will create a new virtual host file in /etc/httpd/hosts-enabled for those hosts for port 443 (HTTPS). I appended the content of that file to my existing port 80 (HTTP) virtual host file in /etc/httpd/hosts-available for that host name and deleted the new file created by certbot. That way I can track all configuration details for each website for both HTTP and HTTPS in a single file, but this purely a personal choice.

All it takes is an Apache restart to enable the new configuration.

You can test if SSL is working as expected by accessing the website with a browser using https:// instead of http:// at the start of the URI.

If you have iptables rules for port 80, you may want to replicate those for port 443 or the certificate generation / renewal may fail. Also, you want to make sure that SSLv3 is turned off on your Apache installation, to protect against the POODLE vulnerability. This required the following setting in ssl.conf:

/etc/httpd/conf.d/ssl.conf:SSLProtocol all -SSLv2 -SSLv3

The free certificates will expire in 90 days, but it’s recommended to add a daily cron job that requests renewals so that an updated key will be downloaded after 60 days, long before the old key expires. Once that is in place, maintenance of SSL keys will be totally automatic.

UPDATE (2017-11-01): If you’re using WordPress on your website, you should change the WordPress base URI to HTTPS too. To do that, log into the WordPress Dashboard. In there select Settings > General. Change the “http://” in the WordPress Address (URI) and Site Address (URI) fields to “https://” and click the Save Changes button. This ensures that any messages from WordPress to you will include secure URIs.

Nexus 6P Flashing Charge Icon

Recently the USB-C quick charger that came with my Huawei Nexus 6P appeared to stop working. I normally leave the phone charging over night, but one morning I found its battery charge was low and it hadn’t been charging. When I disconnected and reconnected it to the cable (which is reversible with USB-C connectors on both ends), the lightning bolt inside the battery charge indicator kept blinking (flashing on and off), rather than being solid on as it normally would while the device is charging.

Disconnecting and reconnecting the device or unplugging and reconnecting the charger to the wall socket made no difference whatsoever. Reversing the cable direction did not help either.

My only way to still charge the phone was to use a USB-A to USB-C cable that draws power from a PC USB socket, which is a much slower way to charge the phone. So I decided that the charger must have failed after less than a year of use. I already started looking for USB-C quick chargers on Amazon (they exist but are much more pricey than USB-A chargers), but didn’t order one yet.

Today I decided to Google for the problem and found others who had the exact same issue. It turned out that simply powering down the phone and powering it up again will fix the problem: Yepp, it will charge again!

I’m not sure what the fundamental issue is, but it seems I won’t have to rush out and buy a new charger (which wouldn’t have helped anyway!), as the issue is on the phone side.

If a simple phone reboot fixes it and it doesn’t happen too often, I guess I can live with that. The Nexus 6P has worked great for me so far.

Porting iptables to ip6tables

A couple of days ago I received an email notification by the Berkeley Security Notifications Team that a Linux server of mine had less restrictive firewall rules for IPv6 than it had for IPv4. This prompted me to update my ip6tables settings on that host to make it is as secure via IPv6 as it was for IPv4.

If you have a dual stack server with IPv4 A records and IPv6 AAAA records published in DNS, you should have it protected with firewall rules on both protocols. Even if you only publish A records and not AAAA ones, you should secure IPv6 access because its address may leak to potential attackers in other ways.

The ip6tables tool is installed as part of iptables on recent distributions, but you need to set up one set of rules for each protocol. They’re independent of each other. A (not very secure) default ip6tables configuration might look like this:

# Generated by ip6tables-save v1.4.21 on Thu Sep 24 11:17:56 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1456:118498]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp6-adm-prohibited
-A FORWARD -j REJECT –reject-with icmp6-adm-prohibited
COMMIT
# Completed on Thu Sep 24 11:17:56 2015

It’s relatively easy to port additional settings from iptables to ip6tables (e.g. in /etc/sysconfig/iptables and /etc/sysconfig/ip6tables for CentOS).

Below are some of the changes needed when porting common entries. As you can see, some names are replaced with those of IPv6 equivalents. Any IP addresses and CIDRs for ip6tables need to be written in IPv6 notation.

To easily port over IPv4 addresses, simply prefix them with “::ffff:”. If they’re followed by a bit count such as /24 (the routing prefix size), add 96 to that number (IPv6 addresses are 128 bits each versus 32 bits for IPv4). Add equivalent rules for the corresponding native IPv6 addresses as needed.

  1. Accept ping from any source:

    IPv4:

    -A INPUT -p icmp -j ACCEPT

    IPv6:

    -A INPUT -p ipv6-icmp -j ACCEPT

  2. Accept connection from white-listed address:

    IPv4:

    -A SSH-IN -s 123.45.67.89/32 -j ACCEPT

    IPv6:

    -A SSH-IN -s ::ffff:123.45.67.89/128 -j ACCEPT
    -A SSH-IN -s 2345:abcd:678:42::/64 -j ACCEPT

  3. Rule to block access (after all the exceptions):

    IPv4:

    -A INPUT -j REJECT –reject-with icmp-host-prohibited
    -A FORWARD -j REJECT –reject-with icmp-host-prohibited

    IPV6:

    -A INPUT -j REJECT –reject-with icmp6-adm-prohibited
    -A FORWARD -j REJECT –reject-with icmp6-adm-prohibited

Filco Majestouch-2 [FKBN104M/EB2]

Recently, the space bar of the keyboard on my main machine developed a problem, so I ordered a Filco Majestouch-2 (US layout, USB version with PS/2 adapter). It uses brown Cherry MX switches.

I have always liked the feel and feedback of the original IBM PC and IBM PC/AT keyboards (which I first used in 1981). If you’re a fan of the original IBM keyboards, you’ll love this one. The Filco keyboards are not cheap, but you get what you pay for.

There are various models from Filco, some with the blue or black Cherry switches. The brown switches are recommended for general use, including office work and programming. I am very happy with mine and will probably order another one for another of my machines.

Acer One D260 system restore

The hard disk in my wife’s Acer One D260 netbook got damaged. A new hard disk is about a quarter the price of a new netbook, so I wanted to install a new drive. Like with most PCs these days there aren’t any Windows install DVDs included.

The netbook came with Windows 7 Starter, which we needed to somehow install on the new hard disk. Fortunately, the damaged hard disk was still limping along enough to use the Acer eRecovery system to create two Recovery DVDs. These should allow restoring the initial system state to a hard disk in the machine, wiping all the data on the drive.

To replace the hard disk, I had to undo seven clips around the edge of the keyboard, lift off the keyboard and disconnect the keyboard ribbon cable to the motherboard connector. Then I needed to undo 4 screws underneath and push through, to pop out the cover on the bottom of the machine. This opened access to the single memory slot and drive cage.

The 1 GB memory module on the motherboard can be replaced with a 2 GB PC3-8500 1066MHZ DDR3 module available for about $20. This is a wortwhile investment and I already have the module on order.

I replaced the damaged 250 GB WD Scorpio Blue drive with a spare 500 GB drive (available new for about $60-$80). Then I closed the cover and reinstalled the screws and then the keyboard.

With the new drive it was possible to boot off the first Recovery DVD using a USB DVD drive. The eRecovery software copied data from both DVDs to the hard disks and then rebooted. However, that reboot failed because the new drive did not yet have a Windows Master Boot record (MBR) on it. You can install an MBR from within Windows, but not from the bootable eRecovery DVD. So I had a chicken and egg problem.

I overcame this hurdle by booting off a Ubuntu Live DVD (32 bit), installing the ‘lilo’ package and telling it to install the Linux equivalent of Microsoft’s MBR code:

sudo apt-get install lilo
sudo lilo -M /dev/sda mbr

At the next attempt to boot off the hard disk, Windows started installing its components and drivers and launched into its initial configuration, just like the first time we had unboxed the machine more than two years ago. So we are back to a working Winmdows 7 machine!

Thank you, Linux — you saved my day again! 🙂

Western Digital 4 KB sector drive alignment for Windows XP and 2003 server

If your existing Windows XP or Windows 2003 Server machine needs a new C: drive, there are ways of upgrading to one of the latest drives without a complete software reinstall, but you may encounter some stumbling blocks due to the new Advanced Format technology, which uses 4 KB sectors.

When one of my PCs developed hard disk problems and I had to upgrade one of its drives, I also checked out my other machines. I found the C: drive of a Windows 2003 Server machine was about to fail. Windows 2003 is basically the server version of Windows XP, with which it shares most components. I opted for a 1 TB WD Red drive (WD10EFRX) by Western Digital, since these drives are designed for 24/7 operation, primarily for use in Network Attached Storage (NAS) appliances (desktop drives are only designed for an 8 hours on, 16 hours off use pattern).

I did not want to reinstall everything from scratch on that machine, so I used a Linux boot DVD and the GNU dd utility to mirror the failing drive onto the new WD Red drive (“sudo dd if=/dev/sda of=/dev/sdb”). As a result, all the partitions were in the same place and the same size as on the old drive, a Seagate Barracuda 7200.11 320 GB. The partitions on the old drive had not been aligned on 4 KB boundaries as is recommended to get decent performance on modern Advanced Format drives, so I needed to run an align tool to move the partition to the proper place. Western Digital offers one free to its customers, so that should be easy then, right?

No quite. I encountered all the troubles described by others in this thread: Basically, the download link for the WD Align tool (AcronisAlignTool_s_e_2_0_111.exe) takes you back to the same page, over and over, without error message. It turns out that you need to be registered and logged in to the WD site for the download link to do anything. You need to register both your contact details (name, e-mail address, postal address, phone number) and your hard disk’s serial number. For the latter I had to shut down the machine again and take out the drive once more to take a look, because the number is not printed on the cardboard box, only on the drive itself.

Once I registered my new drive, a download link did appear next to the registered product, but from it I found I could only download Acronis True Image and not the Acronis Align Tool (Advanced Format Software, WD Align). The WD Red series drives are all Advanced Format Drives, as is pretty much every drive made since 2011, but WD say it is designed for NAS use and hence don’t see the need for a fix for what they see as a Windows XP problem.

Various people online recommended a download site in Ukraine that apparently offers a copy of that program, but if you’re downloading from sites like that you risk installing malware on your computer. Beware!

There is a safer solution. I had to register another Western Digital drive, an old WD10EARS to get a usable download link for Advanced Format Software. If you don’t happen to have one lying around, a Google image search for WD10EARS will show you many photographs of disk drives with clearly readable serial numbers on the label. And apparently, these serial numbers will do the trick! 😉

After I downloaded the software, I ran it to make a bootable CD (it also seems to be Linux-based), booted and ran it and 1 hour and 30 minutes later my C: partition was showing up as properly aligned.

I can understand that Western Digital wants to restrict the use of licensed Acronis software to its own customers, denying other brands a free ride. However, the hoops it is making people jump through to be able to use one of their new drives as an upgrade to an existing Windows XP machine is just ridiculous. If a login is required to do the download, it should clearly say so. And if a drive uses 4 KB sectors (Advanced Format), its serial number should qualify you for the download. There are millions of existing XP users out there still and many will need new hard disks before they need a new computer.

A hilly 200 km brevet in scenic Izu peninsula

Yesterday I cycled 200 km across the mountains of west Izu (Shizuoka prefecture, Japan) on my Bike Friday folding bike. I had resolved do at least one century ride (160+ km) every calendar month of this year, some of them organised events, but most personal rides. BRM309 200 km by AJ NishiTokyo was my first official brevet of the year. I completed it in an official time of 12:58, i.e. just over half an hour under the 13 1/2 hour time limit.

The scenery was beautiful and the weather perfect but the course tough. With a highest point of 450 m, I first found it hard to believe that this course should really have more climbing (3159 m total) than the 300 km Fuji brevet I did last May (2800 m total), but except for the first and last 10% and some short stretches through the towns on the coast, this was a pedal-powered roller coaster! On the smaller roads grades of 8-11 percent were not uncommon.

I loaded the Bike Friday into the Prius the night before (no need to fold the bike or take off the wheels), went to bed at midnight and got up at 04:00. A little after 06:00 I got off Tomei expressway at Numazu and drove near Mishima station, where I found a 1000 yen ($10.50) a day car park. One couple dressed like randonneurs was already setting up their bikes in there.

An hour from home on the expressway it had suddenly struck me I had left my reflective vest at home. No vest, no brevet! But it was already too late to turn back. Fortunately the organisers had some stock and sold me one for 1600 yen ($17). To start with I was wearing new bib shorts and new jerseys (two layers for the morning and evening chill). GS Astuto’s HauteRoute shorts proved exceptionally comfortable, like wearing your best pair of pajamas at home. I sweated a lot, in fact my cheeks were white with salt afterwards, but the shorts and jersey kept me comfortable. The deep pockets safely stored wallet, camera, keys and some food.

There were 60 riders in two blocks of 30, starting at 7:30 and 8:00. They started us in smaller groups. I was wearing my heart rate belt and wanted to aim for a consistent workout throughout the day, but I worked much harder during the first 50 km than I had intended and less hard later on. When you have some other fast guys to follow (which would save you having to navigate) it is tempting to hang on at whatever cost. We headed through town and along a river to the south. After 20 km the route started climbing, peaking at a tunnel about 450 m above sea level, then down to the coast. We made the first 50 km in 2 1/2 hours, putting me more than half an hour ahead of the pace needed for completing in time, and that is what I also finished with.

I glimpsed Mt Fuji across the bay from near Toi.

The coastal road went to Matsuzaki through many tunnels and a couple of climbs. After Matsuzaki we climbed the second highest pass on a small mountain road and it was very pretty. Plum trees (ume) were in bloom everywhere.

PC1 (point de contrôle 1) was at 95 km, almost at the half way point, but there had also been a safety check at the first tunnel (lights!). We were given pastries baked in the shape of bicycle cranks.

From the control point we headed west to the coast, which we mostly stayed on. As mentioned before, the coastal road goes mostly up and down. It only becomes level again at the north west corner of Izu. The top third of the west coast was the hardest part. There were few villages, no shops and it was gradually getting dark. I had somehow expected the second half of the ride to be easier than the first because the maximum elevations were much lower, but it was actually harder. Between Toi and the north coast there were no flat portions in towns between descents and climbs, because there were no towns (or more appropriately, there were no towns there because there was no flat land).

The following was a sign we had to spot and then write down the Kanji characters, as part of a quiz question. As a Kanji-challenged foreigner, I got dispensation to bring back a picture instead:

Izu used to have a lot of terraced rice fields built into the hills because there wasn’t much flat land. Much of these fields now lie fallow or have been turned into sugi tree plantations contributing to the hay fever epidemic in Tokyo.

Mt Fuji at dusk:

I completed!

Having my brevet card checked at the finish:

Garmin Edge 500 on long rides

Since January I’ve been using a Garmin Edge 500 with heart rate monitor strap for logging bike rides. Garmin quotes a battery life of “up to 18 hours”. After this 13 hour bike ride, it showed a remaining battery capacity of 21%. Extrapolating from this, the battery would have lasted about 16 hours in total.

I was not just logging the ride (GPS data) but also using the heart rate strap and had the Garmin track a course with turn-by-turn instructions, which probably draws a bit more power. I had created the course as a TCX file in RideWithGPS while looking at the course as published on http://latlonglab.yahoo.co.jp.

In any case, 16 hours is enough for a 200 km brevet with its 13 1/2 hour time limit, but not enough for a 300 km brevet with its 20 hour limit, unless you are a really fast cyclist and/or the course is extremely flat. For my 300 km brevet I am planning to use my Garmin Edge 500 power hack, a special USB cable that allows me to charge the device while logging and navigating.

Garmin Edge USB power hack

I use a Garmin Edge 500 for recording most of my bicycle rides (I do at least one ride of 160 km or more per month on my Bike Friday Pocket Rocket). One problem with the Garmin is that some of my rides will take longer than the Garmin’s battery will last, but if you try to use an external power source to top up the charge, it will instantly end the recording. Here is my working solution:

Garmin quotes “up to 18 hours” of battery life, but last May I did a 300 km brevet with a 20 hour time limit. There are also 400 and 600 km brevets with 27 and 40 hour time limits (I am not thinking about 1200 km events yet!). While the Garmin has a USB port that it can be charged from using a cable, it won’t normally operate as a GPS unit while connected to a USB power source. Any GPS recording under way will instantly be terminated when you plug in the cable. So what can you do about that?

I searched a bit on Google and found that when you plug a USB cable into the socket at the back of the Garmin, it tests pin X on the USB mini connector. On normal cables (including the one that comes bundled with the Garmin Edge 500) that pin is left disconnected. Unless it finds it tied to ground (GND) as you supply external power to the Garmin, it will switch into a passive storage device mode. In that mode it provides read/write access to a PC via the USB port with all GPS functionality and user interface disabled. The screen will display only the brand name and it won’t respond to any buttons being pressed. If pin X is tied to GND, it will operate normally.

This behaviour mirrors the way pin X works on smart phones that support the USB “On The Go” (OTG) specification. USB OTG allows smart phones to drive certain peripherals such as memory card readers, in the same way a PC can drive those peripherals. Normally when a smart phone is connected to a USB port, it acts as a passive storage device to which a PC can upload MP3 files or from which it can download photographs (JPEG files). With an OTG cable, the phone remains the active end. Pin X is the magic key that tells the phone which way to behave, active or passive. It all depends on whether the USB plug is an OTG plug or a regular one.

My cheap low-tech solution was to buy a USB mini OTG adapter (480 yen – about US$5) on Amazon. This has a USB mini plug with pin X wired to GND on one end and a female USB-A connector (like a USB socket on a PC) on the other. To get power into this I cut the USB A plugs off two old peripherals (such as an old USB mouse), stripped off the ends of the wires in the cable and connected black to black (GND), red to red (+5V). This was not too hard even for my soldering skills. A bit of insulating tape and voila! We have a new male-to-male cable that can draw power from any USB power source and feed it into the female end of the OTG adapter. When I plugged it all together, I could run the Garmin in GPS mode while running on external power from my USB battery.

Lawyer Note: Do not use a male-to-male cable or OTG adapter for any other purpose. Do NOT connect the male-to-male cable to two PCs. Do NOT connect the OTG adapter between a phone and a power source. Only ever connect the cable to the OTG adapter. Only ever connect the OTG adapter to the Garmin. I won’t be responsible for bad wiring mistakes or other stupid mistakes. Don’t sue me if your Garmin or house goes up in smoke!

Here is the photographic evidence that it all works for me:

You can find USB Mini OTG adapters and USB Mini OTG cables on DealExtreme (dx.com). They also have USB-A male-to-male cables and adapters, so you don’t have to make your own as I did (though it’s not difficult if you have at least very basic soldering skills). Any combination of a USB Mini OTG cable or adapter and a USB-A male-to-male cable or adapter should work.

Upgrading to a Western Digital WD20EFRX hard disk

All hard disks will die, sooner or later. They only way to avoid that is to retire a drive early enough. Often I upgrade drives because I run out of disk space, and migrate the data to a bigger drive. However, this times it looks like one of my drives is about to die.

Over the last couple of months, one of my PCs that is processing data 24/7 has been seizing up periodically, so I was starting to get suspicious about its hard drives (it has two of them). This week the Windows 7 event viewer reported that NTFS had encountered write errors on the secondary drive. It’s a Samsung SpinPoint F2 EG (Samsung HD154UI, 1.5 TB) which basically has been busy non stop for over three years.

I installed smartmontools for Windows and it showed errors:

ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
1 Raw_Read_Error_Rate 0x000f 099 065 051 Pre-fail Always - 5230
(...)
13 Read_Soft_Error_Rate 0x000e 099 065 000 Old_age Always - 5223
(...)
187 Reported_Uncorrect 0x0032 100 100 000 Old_age Always - 12379
(...)
197 Current_Pending_Sector 0x0012 099 099 000 Old_age Always - 24

“Reported_Uncorrect” are fatal errors and “Current_Pending_Sector” are bad sectors the drive wants to replace with spare sectors as soon as it can. Neither is a good sign. So I have ordered a new drive, started a backup to another machine and will replace the drive with a new disk that I have ordered from Amazon.

The new drive is a 2 TB Western Digital WD20EFRX, which is part of WD’s “Red” series. These drives are specifically designed for 24/7 operation (as opposed for 8/5 office computers). The drive is 0.5 GB bigger, which is just as well as the old drive was getting close to filling up. Gradually I will be moving my processing to an Ubuntu server, which I already use as my main archive machine with a RAID6 drive array.