WiFi Analyzer: issue with Android Pie (9.0)

Hi guys,

Update (2018.10.21):

The new Android 9  (Pie) compatible version has been released, currently with a staged rollout (not all devices receive it just a few percentage). That means you may receive it via the next update (you can check the app version, if it is 3.0, then you got it).
If there is no any error, it will be fully released next week.

(Note: this update affects only devices running Android 9)

Currently there is an issue if you are using Android Pie.

As I mentioned it earlier, to access some network information, on new Android, the app must hold location (GPS) permission, and location service (GPS) must be turned on.
I don’t need your location, and it worked perfectly without location in the last 5 years, but unfortunately Google changed it (more info).

The problem is, that based on my experience, 90% of user reject apps and give negative ratings that need location permission without good reason. And there is no selective permission on Android, that means I have two possible choices:

  • a, ask location permission from everyone, everywhere regardless of the version of OS.
  • b, do not ask location, and it won’t work properly on Android Pie.

As you can see, there is no good choice just bad and worst.

Because Pie just has been released recently and not really popular (yet), temporarily I chose the last one (b).  So sorry from Android Pie users, but currently my app won’t work properly on Android Pie.
But if you were happy with my app earlier, you don’t need to uninstall it, because I will fix it soon (so currently “b” works, but later it will go to “a”)

I don’t have any other choice because Pie will go more popular, so this is a temporary situation, I just try to balance between adapting the new change forced by Google and not hurting so many people.

So if you like my app and

  • you are using Android Pie: you should just wait the fix that will be released soon
  • you are using other versions (like Oreo): it works perfectly before and after the fix, but if you don’t want to give location permission, you can use my classic apps, that never ever will ask location:

https://play.google.com/store/apps/details?id=com.pzolee.wifiinfoclassic
https://play.google.com/store/apps/details?id=com.pzolee.wifianalyzer.classicpro

Again, so sorry for the inconvenience, this is a bad situation, but it was decided by Google and not by me and I really don’t have chance to solve it painless.

Advertisements

WiFi Analyzer: Important changes related the location permission after November 2018

Hi guys,

Starting with November 2018, all wifi analyzer apps need location permission (and enabled location service) to detect wifi networks, otherwise the developer won’t be able to update or change anything (like bug fixes) in the app.

This is a new change required by Google due to security reason.

My wifi analyzer applications do not ask location yet, but as you can see, I cannot delay it forever, because I won’t be able to update them after November 2018.

If you are worrying about location, as an alternative, I’ve created two copies of my existing wifi analyzer apps, that will NEVER ask location permission :

WiFi Analyzer Classic (no location, free with ads):

https://play.google.com/store/apps/details?id=com.pzolee.wifiinfoclassic

WiFi Analyzer Classic Pro (no location, paid, no ads):

https://play.google.com/store/apps/details?id=com.pzolee.wifianalyzer.classicpro

These apps do not ask location and never will, but won’t be updated after November 2018 and may not work on Android versions released after this date (Last tested version: Android Oreo 8)

More info about the changes:

https://developer.android.com/preview/behavior-changes

https://android-developers.googleblog.com/2017/12/improving-app-security-and-performance.html

https://developer.android.com/reference/android/net/wifi/WifiManager.html#getScanResults()

https://developer.android.com/about/versions/marshmallow/android-6.0-changes

 

WiFi Analyzer promo video

Hi guys,

I just created a new promotional video for my WiFi Analyzer and WiFi Analyzer Pro, and I thought I share it with you.

Huawei Mate 10 Pro performance (WiFi, internal storage)

Hi guys,

I just created a few WiFi and internal storage performance tests on Huawei Mate 10 Pro (this is my new phone) using my apps.

First of all, here is the WiFi performance. I used my WiFi Speed Test app to measure it. The phone uses 2x MIMO (802.11ac) with 80 MHz bandwidth, with link speed at 866 Mbps.

The performance (the real speed) was 384 Mbps (48 MB/s), it’s absolute fine. (the router was a TP-Link Archer C5, and the server was running on a laptop connected to the router via gigabit LAN).

 

And I also executed an internal storage performance test using my SD Card Test app.

The write speed was around 202 MB/s, the read was 619 MB/sec, when reading and writing a 16 GB of single file. It’s  UFS 2.1 performance.

 

Here you can find more screenshots about the details, including the graphs:

 

Everday syslog-ng: How to configure syslog-ng Kafka destination to use Kerberos

Hello guys,

Now I just want to write something interesting about my favorite logging application called syslog-ng.

Prerequisites

  • Active Kerberos server
  • Active Apache Kafka server configured to use Kerberos
  • The Kerberos client libs (krb5-user krb5-config) are installed and configured on the host where syslog-ng is running
  • syslog-ng OSE 3.12 or newer
  • or syslog-ng Premium Edition 7.0.5 or newer
  • Java Cryptography Extension (JCE): To use Kerberos, syslog-ng needs this Java extension. You should download and install it to your computer where syslog-ng runs.

In the first scenario, I will configure syslog-ng to use Kerberos with SASL_PLAINTEXT authentication, in the second part, Kerberos with SSL.

Syslog-ng configuration

First of all we need a syslog-ng configuration. Here is mine (the embedded configs are detailed below):

@version: 3.12
@module “mod-java”
@include “scl.conf”
options {
jvm_options(“-Djava.security.auth.login.config=/home/pzolee/install/configs/kafkakerberos/client.jaas -Djava.security.krb5.conf=/etc/krb5.conf -Dlog4j.configuration=file:/home/pzolee/install/configs/kafkakerberos/log4.properties”);
};

source s_network_5acd1de3c3494308820dd80525d0a1aa {
network(ip(“127.0.0.1”)
port(10001));
};

destination d_kafka_e0fb1bbb06d345f4ba3770b4eecc4a8a {
kafka(
client_lib_dir(/home/pzolee/install/kafka_2.11-0.11.0.1/libs)
kafka-bootstrap-servers(“kafkabrokers.mydomain:9092”)
topic(“test_topic”)
properties-file(“/home/pzolee/install/configs/kafkakerberos/producer.properties”)
);

};

log {
source(s_network_5acd1de3c3494308820dd80525d0a1aa);
destination(d_kafka_e0fb1bbb06d345f4ba3770b4eecc4a8a);
flags(flow-control);
};

It just contains a simple network (tcp) source where the logs are coming, and a Kafka destination where the logs are forwarded. For the options of Kafka destination, read the documentation.

The client.jaas file contains the required parts for Kerberos:

cat client.jaas
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required refreshKrb5Config=true useKeyTab=true keyTab=”/home/pzolee/install/configs/kafkakerberos/client.keytab” storeKey=true principal=”client/thor.mydomain@SYSLOG-NG.MYDOMAIN”;};

Keytab file

Because syslog-ng runs as a daemon without interactive user login, we want to use keytab file instead of manually initialize Kerberos and typing the password.

So generate a Kerberos keytab file for syslog-ng. Here is the example of my keytab file:

klist -kte /home/pzolee/install/configs/kafkakerberos/client.keytab
Keytab name: FILE:/home/pzolee/install/configs/kafkakerberos/client.keytab
KVNO Timestamp           Principal

—- ——————- ——————————————————

1 2017-09-26 15:18:23 client/thor.mydomain@SYSLOG-NG.MYDOMAIN(aes256-cts-hmac-sha1-96)

Don’t forget, Kerberos checks the FQDN in the principal, so the hostname should be correct.
Properties files

We need a Kafka producer properties files for syslog-ng with the following content:

cat /home/pzolee/install/configs/kafkakerberos/producer.properties
bootstrap.servers=kafkabrokers.mydomain:9092
compression.type=none
security.protocol=SASL_PLAINTEXT
sasl.mechanism=GSSAPI
sasl.kerberos.service.name=kafka

For bootstrap.servers you should use your Kafka server and for sasl.kerberos.service.name the same name that is configured in the server.properties file in the Kafka server.

And another one for log4j to see some debug messages

cat /home/pzolee/install/configs/kafkakerberos/log4.properties
log4j.rootLogger=INFO

Now start syslog-ng:

sbin/syslog-ng -Fevd

[2017-09-28T10:24:08.306159] syslog-ng starting up; version=’3.11.1′
[2017-09-28T10:24:08.341826] ProducerConfig values: \x0a acks = 1\x0a batch.size = 16384\x0a bootstrap.servers = [thor.mydomain:9092]\x0a buffer.memory = 33554432\x0a client.id = \x0a compression.type = none\x0a connections.max.idle.ms = 540000\x0a enable.idempotence = false\x0a interceptor.classes = null\x0a key.serializer = class org.apache.kafka.common.serialization.StringSerializer\x0a linger.ms = 0\x0a max.block.ms = 60000\x0a max.in.flight.requests.per.connection = 5\x0a max.request.size = 1048576\x0a metadata.max.age.ms = 300000\x0a metric.reporters = []\x0a metrics.num.samples = 2\x0a metrics.recording.level = INFO\x0a metrics.sample.window.ms = 30000\x0a partitioner.class = class org.apache.kafka.clients.producer.internals.DefaultPartitioner\x0a receive.buffer.bytes = 32768\x0a reconnect.backoff.max.ms = 1000\x0a reconnect.backoff.ms = 50\x0a request.timeout.ms = 30000\x0a retries = 0\x0a retry.backoff.ms = 100\x0a sasl.jaas.config = null\x0a sasl.kerberos.kinit.cmd = /usr/bin/kinit\x0a sasl.kerberos.min.time.before.relogin = 60000\x0a sasl.kerberos.service.name = kafka\x0a sasl.kerberos.ticket.renew.jitter = 0.05\x0a sasl.kerberos.ticket.renew.window.factor = 0.8\x0a sasl.mechanism = GSSAPI\x0a security.protocol = SASL_PLAINTEXT\x0a send.buffer.bytes = 131072\x0a ssl.cipher.suites = null\x0a ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]\x0a ssl.endpoint.identification.algorithm = null\x0a ssl.key.password = null\x0a ssl.keymanager.algorithm = SunX509\x0a ssl.keystore.location = null\x0a ssl.keystore.password = null\x0a ssl.keystore.type = JKS\x0a ssl.protocol = TLS\x0a ssl.provider = null\x0a ssl.secure.random.implementation = null\x0a ssl.trustmanager.algorithm = PKIX\x0a ssl.truststore.location = null\x0a ssl.truststore.password = null\x0a ssl.truststore.type = JKS\x0a transaction.timeout.ms = 60000\x0a transactional.id = null\x0a value.serializer = class org.apache.kafka.common.serialization.StringSerializer\x0a;
[2017-09-28T10:24:08.713300] Successfully logged in.;
[2017-09-28T10:24:08.716513] [Principal=client/thor.mydomain@SYSLOG-NG.MYDOMAIN]: TGT refresh thread started.;
[2017-09-28T10:24:08.719814] [Principal=client/thor.mydomain@SYSLOG-NG.MYDOMAIN]: TGT valid starting at: Thu Sep 28 10:24:21 CEST 2017;
[2017-09-28T10:24:08.720000] [Principal=client/thor.mydomain@SYSLOG-NG.MYDOMAIN]: TGT expires: Thu Sep 28 20:24:21 CEST 2017;
[2017-09-28T10:24:08.720146] [Principal=client/thor.mydomain@SYSLOG-NG.MYDOMAIN]: TGT refresh sleeping until: Thu Sep 28 18:29:04 CEST 2017;

As you can see, syslog-ng could log in to Kafka using kerberos.

Configuring syslog-ng Kafka destination with Kerberos and SSL

Prerequisites

  • Kafka broker is configured to use Kerberos with SSL

You only need a few minor changes in producer.properties file:

cat /home/pzolee/install/configs/kafkakerberos/producer.properties
sasl.mechanism=GSSAPI
sasl.kerberos.service.name=kafka
security.protocol=SASL_SSL
ssl.keystore.location=/home/pzolee/install/configs/kafkakerberos/servicestore.jks
ssl.keystore.password=some_keystore_pass
ssl.key.password=some_key_pass
ssl.truststore.location=/home/pzolee/install/configs/kafkakerberos/truststore.jks
ssl.truststore.password=some_truststore_pass

You only have to change the security.protocol from SASL_PLAINTEXT to SASL_SSL and provide the keystore and truststore paths and passwords.

If you want to see the ssl logs, add “-Djavax.net.debug=all” to the jvm_options.

How to test your NAS speed

This is just something personal.

Recently I installed a Synology NAS (DS216j) to my home and wanted to test the speed of this NAS. Of course you can test it via file copy but I wanted to know several values:

  • the maximum available raw speed when my computer is connected to the NAS
  • the maximum available raw speed when my mobile is connected to the NAS
  • and the samba speed when my mobile using the NAS

So first of all, I enabled ssh connection to my NAS, then copied my wifi-speed-test-server.py file to the NAS. This Synology NAS already contains python support, so I could start it easily:

pzolee@pzoleenas:/volume1/$ python wifi_speed_test_server.py

Then just downloaded and started the java version of wifi speed test app, set the IP address of the NAS and started the test:

Wow, it was impressive 316 Mbps (~40 MB/s). My laptop is using AC wifi.

Then I tested the same on my mobile (LG G4) with my WiFi Speed Test app:

 

It was very similar, 33 MB/s.

And finally I tested the samba speed:

Using my laptop, I could reach the 40 MB/s transfer rate via samba, but my phone could only transfer with 7 MB/s.

What you have to know about SD card speed

Hi guys,

I just want to discuss something related to my SD Card Test app. Sometimes I got negative feedback (low rating) with the following content:

“this app is wrong because it reports slow sd card speed (only 20 MB/s) and I have a Class 10 sd card subtitled up to 100 MB/s”

In fact, the app is good and the sd card is slow, that’s the reality.

Class 10 means the minimum sequential write speed is 10 MB/s. That’s all and nothing more. Anything above this value is just “up to”, and in fact that means nothing.

Let me tell you an example:

I have an Samsung EVO 64 GB Sd card, the type is Class 10/U1/XC1.  The spec mentions “up to” 48 MB/s.

But is this true? The trick is the next: the highlighted value is the read speed and not the write.

The reality is the next:

  • write speed:  23 MB/s
  • read speed: 45 MB/s

I tested it with my app, and with my computer too, the result is the same.

My app will assign the class type based on the write speed and you can compare the read and write speed.

 

 

 

 

 

 

 

 

 

The specification is the next:

  • class 10/UHS-1: the minimum sequential write speed is 10 MB/s
  • UHS-3/V30: the minimum sequential write speed is 30 MB/s
  • V60: the minimum sequential write speed is 60 MB/s
  • V90: the minimum sequential write speed is 90 MB/s

So when you find the measured speed too slow, don’t think my app is wrong, just check the class type and don’t believe for the marketing texts (“up to”).