Verizon's 4620L, a great device for the technically inclined

My family recently moved to a fairly remote area, the question of internet access has been a major one for the couple of months leading to the move. Besides satellite & dial-up, our only option was Verizon’s MiFi (3G or 4g if you’re lucky) in the form of a hotspot device: the 4620L.

I was afraid that the 4620L would try to be too smart and not let you tinker with it very much, very few decent reviews are available online and the official documentation is seriously lacking. Fortunately this couldn’t be further from the truth, it is a great little device that performs well and lets you turn all its knobs.

When using “USB tethered mode” I was afraid I’d need specific drivers and a software suite running but lo and behold, it actually just pretends to be an ethernet device over USB. Absolutely perfect to put a Linux router in front of it!

One thing that did not get properly QA’d is the “Enable DCHP Server” checkbox which simply doesn’t work. But guess what, I want to do my own routing and I’d like to avoid NATing from the 4620L to the Linux router. One way to circumvent this is to use the “Config File Download” and “Config File Upload” options which are meant as a way to backup & restore configuration but since the file is all intuitively labeled XML it’s easy to disable the DHCP server from there.

While you’re in there, you can also override the maximum number of “Available Wi-fi Connections” (5 when using 3G). They probably have this restriction so regular Joe user doesn’t hook a gazillion device and complain about speed over 3G. Reaching this limit is very easy nowadays.

A new mission

Verizon’s plan is pretty pricy and very metered… All we get is 5GB per month, each additional 1GB will cost us $10. Ouch… I need to configure the network to consume as few bytes as possible. Netflix is out, AdBlock is in, automatic updates of various types are out. Above all, my home server will now be doing some serious routing, the goal of which is to allow devices to be on the home intranet while minimizing their use of the internet.

No inbound connection

That’s right, the IP you get from Verizon is in the private range (RFC 1918), this means they are doing some NATing of their own. You can forward ports all you want on your 4620L this will have no effect. Your only option is some cumbersome hole punching.

We’ll be talking routing in a next post, I would have liked to find this information about the device & Verizon’s setup so I wanted to put it out there sooner rather than later.

Change default home Unity lens

Because we don’t necessarily want the home lens to be the default one in Unity, and unlike other lenses it is hardcoded left & right. Here’s a little trick that will let you pick a different lens as the default for when you click on Dash.

edit the file: /usr/share/unity-2d/shell/dash/Dash.qml

replace line 79 “onDashActivateHome: activateHome()” by “onDashActivateHome: activateLens(X)” where X is the index of the lens you want to load (count from left to right starting from 0).

You’ll want to restart Unity for this to take effect.

Done!

Loopback & crypt: a filesystem, within an encrypted partition, within a file

So here we are, 2012 and physical media are going away really fast. We won’t even talk about CDs which have been relegated to the role of plastic dust collectors; hard drives even are being abstracted by a myriad of cloud based solutions. Their purpose is shifting towards a container for the OS and nothing else. Filesystems & their hierarchies become hidden in a bid to remove any need to organize files, rather, you are supposed to throw it all up in the cloud and search on metadata.

While moving away from physical media is convenient and inevitable, I like the hierarchical organization that directories provide. What’s more intuitive than a labeled container with stuff in it?

How can we detach our hard drives from their physical shells, move them around in an omnipresent cloud and keep them secure?

By creating a file, attaching it to loopback & creating an encrypted partition in it!

Here’s how to do it
  • Create a file that will be your soft hard drive with:
dd if=/dev/zero of=/tmp/ffs bs=1024 count=524288

This will create a 512MB file (524288/1024).

  • Make sure that the loopback device #0 is free:
losetup /dev/loop0

You should see something telling you that there is “No such device or address”.

  • Attach the soft hard drive to the loopback device:
sudo losetup /dev/loop0 /tmp/ffs
  • And then make sure it was indeed attached by re-running:
losetup /dev/loop0
  • Create an encrypted partition on your attached soft hard drive:
sudo cryptsetup --verify-passphrase luksFormat /dev/loop0 -c aes -s 256 -h sha256
  • Open your encrypted partition:
sudo cryptsetup luksOpen /dev/loop0 ffs
  • Create a filesystem in it:
sudo mkfs.ext3 -m 1 /dev/mapper/ffs
  • And mount it like a regular disk:
sudo mount /dev/mapper/ffs /mnt
  • When you are done using your encrypted soft hard drive you will want to umount it:
sudo umount /mnt
  • Close it:
sudo cryptsetup luksClose ffs
  • Detach it from loopback:
losetup -d /dev/loop0

These steps can be automated of course. As a quick reminder, using the drive goes “loopback attach -> crypt open -> mount” and when you’re done it’s “umount -> crypt close -> loopback detach”.

That’s it! media-less & secure storage.

Tested on: Ubuntu 12.04 64b