Author 33 Posts

Igor

VPN (mobile and desktop): the good and the bad

If you want the best privacy protection as well as great ad tracking prevention on iOS, VPNs are your best bet, although without some caveats.

VPN-on-iOS

First off, let's start with what a VPN means. VPN is a Virtual Private Network which means connecting your remote devices into a single private but virtual network since the devices may not actually be connected directly to each other.

Usually when your device makes a connection to any service, the data you're sending and retrieving travels through dozens of nodes until it reaches the server on the other end. And you can't be sure none of the nodes in between aren't compromised and for example aren't storing your data without your consent. The main advantage of using VPNs is that all of your Internet traffic travels encrypted and is available only to you and the server and no one in between. Of course it's not a bullet-proof solution but it's the best and easiest way to make your data as much unusable as possible to non authorized middleman parties. Especially if you're controlling your VPN, since paid or public VPNs which provide transparency and security might not actually do it and do the exact opposite - log all of your data for their own benefit.

For most of the people, and even for advanced users using a VPN might be overwhelming and hard, especially if you decided to set it up yourself and not to use a public one. And without specific knowledge such setup may be leaking your data even more than no VPN at all. But the manuals like this cover the security basics quite well, as well as some of the public VPN providers hold many years of trust without being revealed in scandals of (un)intentional data leaks.

So using a VPN generally is a good idea - you get your traffic encrypted which keeps your private data safe and as a side effect you get even some ad tracking prevention since even your basic data stops being available to the advertisers who keep their trackers on many websites and services you visit. And if you're using your device to access sensitive data by using public wifi or in countries with regulated Internet access - VPNs are a must for you. Also if you want to access country specific/restricted resources, there is not much choice except using a VPN at all, which in this case would make you have an external IP address that belongs to that country and you will appear like you're browsing from within that region - that's another advantage of using VPNs.

If you plan on using VPNs, secure the most important devices first. But if you can - use VPNs on all of your devices. I tried going this route, but here are some downsides that made me stop using them:

  • Using VPNs on any of the device will make the Internet feel slower. The reason for it is that instead of your packets going directly to the server you're trying to reach they go a longer route through your secure server first, and that adds up delay to each of your web request and as a result everything loads noticeably slower.
  • Also your max speeds might take a hit. With my 250/20 Mbit speeds at home I was getting about 20/10 Mbit using a public VPN since they are often sharing their channels within many users. Setting up your own VPN somewhere with high speed Internet access should make it better, but the delays mentioned before still won't improve much and will also cripple your speeds.
  • The speed hit affects mobile devices connected via cellular the most since those already have a pretty high delay of transferring data through the air. So on mobile the speed slowdown is noticeable the most.
  • The other problem (at least with iOS) is that the device might disconnect from the VPN in the background and leave portions of your background traffic unsecured as well as some traffic before it reconnects after unlocking the phone. From what I understand the VPN disconnects to preserve battery which it uses 10-15% more of than without having an active VPN connection - this in my opinion is also a significant problem with VPNs on the go.

That said, if you need your connections to be secure and untraceable - you still have the option even though it would cost you Internet speed and some battery life, but if you need it in certain circumstations, that's a fair tradeoff.

In my tests I was using Tunnelbear (loved its cuteness and service, until it was purchased with a not very trust McAffee recently), SurfEasy and my new favorite PIA because of their high long standing reputation. And you should care about the reputation of the company that keeps your traffic private πŸ™‚ As for setting up your own VPN - I used DigitalOcean's manual from the link above but with Ubuntu 16.04 instead of 18.04.

If you don't need that level of security and just want to browse the Internet without ads, here's my breakdown on the best iOS and Android adblockers as well as a post on what privacy concerns you should consider while using and adblocker in the first place.

But if you want something better for filtering ads outside of Mobile Safari on iOS and on other devices, you can switch your DNS server on them to have better filtration all the time without any penalty on the battery. And if you want to have custom DNS servers for your iOS device not only in your local Wi-Fi area, you can setup DNSCrypt and have ads filtering on the DNS level everywhere you go!

Custom DNS Servers

In my summary of iOS adblockers I brought up a topic of using custom DNS servers as a better way of limiting ads and tracking and here's why. On iOS this method allows to limit them even outside Safari, which is very good news, since there are no actually working ways of keeping other apps and services from tracking you unless you jailbreak your device.

DNS

I'll be getting into details of setting custom DNS Servers and DNSCrypt on iOS since it's the most limited platform in terms of options. All of the steps below are available on Windows, Mac and Android as well, which makes it the most versatile option for the most devices possible.

So what is a DNS? DNS is abbreviated from Domain Name System - it's a special network of servers which purpose is just to resolve domains. What that means is that when you enter any address in your browser, or any app or service that you're using connects to its service via a domain, your device which allows that connection connects to its DNS server and asks for the IP address of the domain you're connecting to. If you open google.com, your computer or mobile phone asks the IP address of the domain, receives 216.58.215.78 and connects your browser to it. But if for some reason the DNS server doesn't resolve your DNS request, your browser won't know where to connect and as a result you won't see anything. This is exactly what can be used not to see ads.

DNS is a hierarchical network with few root servers at the top. The system is built to be fail safe with backup servers in each node, but from its nature there were times when a portion of them went down making parts of the Internet inaccessible to some users. For that reason ISPs (Internet service providers) have their own copies of the main DNS servers in case they might temporary fail. They keep those copies up to date with the main servers so when there's an outage the IPSs' users won't feel anything since their DNS queries will still resolve on the ISP servers. Also potentially resolving your DNS queries in place speeds up your loading speeds comparing to the situation when your DNS query would go further than your ISP servers which would just take longer to do.

Usually when you connect your device to any router, it will give you static IP addresses of the DNS servers the router is set up to share. The routers of your ISP are pre-set with their DNS servers, the same happens when your phone gets cellular connection - phone's DNS servers are also set for you. And most ISPs in order to keep users away from messing up with their Internet keep those DNS IP addresses hidden from change.

But why would you want to change your DNS servers? Well there are few reasons for that:

  1. Your DNS provider (most often your ISP) has his own non-objective interests in mind. If it's a governmental ISP in Russia, they might wanna block their subjectively harmful websites, and not resolving the DNS query for those domains is an easy way of doing it. Your browser would just tell you that it 'couldn't resolve host name'. Or if your ISP provides additional services, they might just block their online competitors that way, leaving you out only with the options they want you to have. These examples are a bit extreme, but worth mentioning since all of the scenarios are easily possible. Even though when blocking, ISPs do a bit further and just block all the traffic to specific resources and not just DNS queries. And in that case only VPNs are your only option to get around the limitations.
  2. Your DNS provider has less incentive than you on blocking ads and trackers since it sometimes might break the website you're watching or maybe your ISP shareholders are also partial owners of an advertising group, etc. And this is where your custom DNS server might help you out when your ISP won't, by setting up few rules not to resolve the domains which usually serve ads or track your online behavior and identity and afterwards sell that information again to advertisers.

As mentioned before the DNS system consists of root and other big servers that resolve people's queries from all over the world. But not only your ISP has a copy of the domain names and their IP addresses. Any private company or even regular people can set up their own DNS server. The only difference is that the root servers are operating mostly independently, following objective rules and are considered safe to be used by everyone, unlike some Joe's public DNS server. Big companies also have their own DNS servers, in particular Google with its 8.8.8.8 and CloudFare (cloud service provider) with 1.1.1.1. And even though Google is a trusted company, I wouldn't trust them to resolve my DNS queries, even though they probably filter out malicious ones for good reasons, but their core business is about ads, so they may be doing that for competitive reasons, filtering competition out, and leaving only their own domains responsible for tracking πŸ™‚

That's why after CloudFare revealed their DNS few months ago I started using them right away, since their core business relies on making the Internet faster and safer not as a byproduct of serving ads. I couldn't switch my router to serve their DNS to all my home devices since my ISP hid the option, so I had to setup all my devices manually.

DNS-Mac

It's very easy doing it on Mac OS: you go to Settings.app -> Network, push 'Advanced' on your connection of choice (Wi-Fi, Ethernet, etc.) and on the 'DNS' tab add 1.1.1.1 and confirm the changes - that easy! You can repeat it on all of your Macs and PCs and this setting will stay even while connecting to other wireless or wired networks, neat!

On Android and iOS the DNS setting is per each wireless network. So if you use few on a constant basis - unfortunately you will have to repeat this process for each of the networks: open Settings.app -> Wi-Fi, tap on the 'i' icon next to your connected network and then on 'Configure DNS' at the bottom, select 'Manual' and enter 1.1.1.1 as well. Save changes, enjoy your faster and more secure Internet πŸ™‚

DNS-iOS

The setup on Android is almost identical and I'm sure you will find it after going through the same sequence.

iOS adblocking options (August 2018)

After getting into a deep dive with Android adblockers I started wondering whether anything changed on iOS (my daily platform of choice) since the last time I researched this topic.

Adblock-ios

iOS adblockers were first approached by Apple with the release of iOS 9 when they introduced an adblocking API for Mobile Safari. The API was so simple and limiting at the same time that few developers pushed out a couple of adblockers literally within days after the iOS 9 worldwide rollout. And the reason was that anyone could build an adblocker for iOS in a matter of few days - it was (and is) that simple. The differentiating part is just the list of hosts (filters) to block was slightly different between the adblockers but the main idea was the same: the user had to open Settings.app -> Safari -> Content blockers and enable his adblocker of choice, thus allowing the system block the hosts included in that app. So in order to launch an adblocking app you could just scrape few filters, maybe some opensource ones and you're done πŸ™‚

The problem was with the limited amount of filters per one app. Even though 50 000 hosts sounds like a lot, in practice it wasn't enough to block ads efficiently. I started my journey of finding the best iOS adblocker right after the new iOS release with Purify, then with Peace (which was live only for two days), Crystal and ended up using 1Blocker (which is now 'Legacy'). I decided on 1Blocker since it has a Mac app with iCloud sync of your custom filters, whitelists, settings etc.

After a year of using 1Blocker I started noticing more and more ads in Safari. It felt like the developer abandoned the app which later was proven by him releasing 1Blocker X - an updated version of the adblocker the developer supposedly was working on. Not willing to support the developer's new version which might be abandoned someday with his next work, I started searching Reddit in order to find a replacement. Some people suggested using AdGuard, others replied not to trust an adblocker made in Russia with your browsing info which made sense. People were recommending many adblockers I already tried, including 1Blocker, mostly because of its strong word of mouth. Then in the end I saw few comments recommending Wipr and seeing it's 4.8 star rating helped me to decide in its favor.

Adblock-ios2

Wipr goes around the limitation of 50k hosts by setting itself up as three content blockers all of which you should enable in the Settings.app which is quite clever. But the most important thing besides the app's clean simple interface is that it actually does the job - now I'm seeing less ads, pages are loading fast again.

Even though I now had a new working adblocker I was still unsatisfied. I couldn't believe that having only an adblocker only in Safari is the only option in fighting ads and tracking on iOS. But then I recalled that in addition to an adblocker on macOS I'm using custom DNS servers, two of them to be exact.

So if you want basic working adblocking on iOS - you now have few choices. As for additional protection you can read my followup on custom DNS servers on iOS and in general.

And if you're into complete and best possible privacy options, you can read my take on using VPNs on your devices with some specifics about iOS.

Facebook's misleading ads

I was scrolling my timeline in Facebook's iOS app the other day when I got this bizarre ad:

Facebook-ads1

As a drone owner myself I actually recognized my DJI Mavic Air in the video. And what got my attention was the episode where some guy threw a water balloon at the drone. That's where I first thought it's an ad for some sort of water protection glue or skin which allows you to make your drone resist water since most of them are afraid of it.

I naturally clicked the ad since it resonated well with me (praise Facebook's targeting!) and the idea I can preserve my drone from water damage. But when the ad's landing page finished loading I saw they are not selling any protection but the drone itself! The images again displayed the Mavic Air with the initial price of twice as much as you would pay for a new one and a discount of 95% of that price or about 88% discount of the Air's real price! And of course at the end of the page you would find a countdown urging you to purchase.

Facebook-ads2

Facebook claims they are reviewing each ad. But in the next few days I was getting all sorts of gadget ads displayed in my timeline and every time with a huge discount. And each of the ads had tons of commends with the word 'scam' in them. So the reach of those ads was big and such ad should have gotten even more Facebook's attention but it didn't. I assume the clicks pay off nicely for both the social network ad revenue and for the scammer as well.

MacBook Pro 2018 thermal throttling explained

Macbook-Pro-2018

Last week Apple unexpectedly updated their whole Macbook Pro line except the entry 13" model without the Touch Bar.

This release like all previous ones were accompanied by a lot of controversies. That Apple might not have fixed the faulty butterfly keyboard regarding which they are facing now three class action lawsuits. The keyboard scandal also resulted in a keyboard service program which brings free defective keyboards replacements in all MacBooks and MacBook Pros produced since 2015. And if you have one of these laptops you'll be covered by this program for the next four years!

People also blamed Apple for only now allowing to opt-in for 32GB of DDR4 ram, previously supposedly unavailable due to higher energy consumption and leaving everyone with one option of having only 16GB of energy efficient LPDDR3 memory when competitors offered 32GB DD4 ram even before 2016.

Besides that Apple is under fire for taking up so long to bring the 8-th gen Intel CPUs, high prices, no chassis changes, #donglelife was brought up, etc.

I personally think this is a good update. Yes, from the outside everything looks the same (except probably the screen is now enabled with True Tone) but on the inside is the real deal. Or at least it should have been.

The new MacBook Pros are carrying even faster than their already pretty fast nVME SSDs with read and write speeds now up to 3GB/s which is the fastest on the market. I wish their Radeon 555X and 560X GPUs where that advanced, when the portable PC market has Nvidia's GTX 1060, 1070 and sometimes even 1080s onboard. The same is for screen resolution - Apple ships the same 2880x1800px since 2012 when at that time it definitely was a blast and on which it's still hard to recognize individual pixels on a 15" diagonal. But in the meantime the competing devices in the high-end market like the Surface Book 2 from Microsoft caught up with screens as dense as 3000x2000px on a 13" area!

So besides the fastest storage and irreplaceable MacOS limited to Apple's hardware the only real advantage of MacBook Pros was the CPU.

I'm the owner of a 2016 top of the line Macbook Pro 15". Maybe I'm lucky or because I use it in clamshell mode most of the time, I got only one stuck key in the 16 months of owning this device. But oh I couldn't escape the issues with dongles and expensive USB-C cables which in real life is far from mass adoption and except being able to charge my laptop from both sides was mostly a pain to use.

But the main reason I chose the laptop at that time was to have a more powerful machine then my previous 2015 MacBook Pro 13" which wasn't a slouch either but when it comes to compiling (which I do most of the time) the more horsepower you have - the better. And moving from 2 cores of the 13" to 4 cores in the 15" resulted in 3-4x faster compiling times.

At that time I was more than satisfied with my 15", using it daily at home and on the go. Among all possible options it was the most CPU power you could have in a small light chassis, period. I'm still not considering a desktop because I don't want to manage project files sync between a desktop and mobile computer so I wanted as much performance in as little footprint I can have - and the MacBook Pro is the best candidate for that role. Especially when you don't consider much Windows as your primary work OS πŸ™‚

During my use of the laptop I ignored few messages on Twitter about thermal throttling in the 2016-2017 MacBook Pros. For example when you connect it to a HiDPI screen, the integrated Intel GPU switches to the discrete Radeon GPU and that automatically increases the baseline heat the laptop has to deal with. And you can beat heat in two ways: increasing fan speed and cooling the system more, or decreasing CPU clock speed, make it less efficient in heat production but also in it's own performance.

In the last few years that's where CPU design generally was heading. In order to achieve longer battery life and potential high performance, Intel, the main CPU supplier was making CPUs more efficient when idle to preserve battery on light tasks and to give performance bursts on more demanding ones. That's why CPU clock speeds are no more static like they were before. Now instead of '3.1 Ghz' clock speed, you would see '2.6-4.3 Ghz' on the box, which means 2.6 Ghz as base clock with bursts up to 4.3Ghz. And when a CPU generates heat, it can't sustain being in the high (called 'Boost') levels for long and has to lower the clock speed not to overheat. That's what Thermal Throttling means

My laptop was also thermal throttling, I just didn't know how much. I knew it did, but I wasn't giving it much attention. But this week I did.

The thing is the new MacBook Pros introduced new 6 core CPUs in the 15" line and bumped the core count from 2 to 4 in 13" and I was really excited about the increased core counts recalling how much performance I gained last time after switching from 2 to 4 cores. I was thinking whether to switch to a smaller lighter 13" from my 15" and keep my current 4 cores or upgrade to 6 cores and achieve ultimate mobile power. Usually preferring more power I was leaning more towards the latter. And by latter I mean I was looking again into the top of the line option of the 15" MacBook Pro with an Core i9 CPU.

And this is when thermal throttling concerns came back:

Under short load, to finish benchmarks, the i9 CPU shows excellent results. In the mobile CPU chart the specific Intel Core i9-8950HK as of now holds #7 in overall mobile CPU rating in terms of performance which is huge. In coincidence the i9 MacBook Pro scores #7 in all-time Geekbench multi-core results loosing only to the 10-18 core beast iMac Pro desktop.

But when it comes to this CPU being under load for a long time, it's results are not so promising. Being hot for a long time, combined with Apple's love to spin down the fans to reduce noice and making the laptops unnecessary thin with sacrifices to cooling, this results in CPU thermal throttling when its clock speed is not only not capable of Boosting up to 4.8Ghz but sometimes drops even lower it's 2.9Ghz baseline! This way the CPU and thus the whole laptop at high loads works only on a fraction of it's potential. And a last year's less powerful CPU with less cores throttling less blows the new 6 core i9 chip out of the water!

What does this mean for a regular customer? That it's not worth paying extra for the high tier model since at peaks it may be slower than the low tier model within the same line. And for a non-regular user that means Apple tries selling you more expensive laptop that performs worse than cheaper models. And all of that on top of the already increased prices introduced along the new USB-C only design in 2016.

One of the reasonable theories of putting a hot CPU in the chassis that wasn't really designed for it that I've heard is that Apple while designing the chassis long before 2016 was relying on Intel's promises to reduce their technology process in timely manner which would help building and using less hot CPUs in 2018 and onwards. And when Intel couldn't keep up with their promises, it was too late for Apple to design new chassis for that. But the main question remains: if Apple knew they won't get more efficient and cooler CPUs, why they even put the severely throttling i9 version in their Stores in the first place? I surely hope it was a mistake rather than trying to earn on top models despite knowing their limitations upfront.

Update Jul 24
Apple released a software fix for throttling in the whole 2018 Macbook Pro line. They claim they fixed an issue with power management and didn't address the supposedly VRM throttling problem that was revealed in one of the Reddit threads. In any case that is good news, the CPU frequency spikes aren't there anymore according to users with the i9 MacBook Pro. Unfortunately the fix won't change the state of the case not being able to handle higher thermals and limiting the i9 from boosting. But at least the frequency now shouldn't fall below it's baseline which is better than nothing πŸ™‚

The PowerPod Case Review

PowerPod-1

After backing up in around March, today I got my PowerPod Case in about a week after getting an email of it being shipped. Everything happened according to schedule, with shipping aimed at July, and I'm really happy with that.

In short PowerPod is a silicon case for your AirPods that not only protects their case but enables them with wireless charging from any Qi-enabled charger.

PowerPod-2

The PowerPod fits the AirPods really nicely. The case doesn't flop around and the headphone's case sits there nice and firm.

PowerPod-3

In my tests the PowerPod added about 18% to the AirPod's case battery within 15 minutes of charging. The case got a bit warm though, while using with my standing Samsung Wireless Charger.

PowerPod-4

One thing I got puzzled about was that the charging case wasn't reaching the middle of the charger. A quick 180 degree turn later and it started charging nicely. That's not what Apple would approve but since their AirPower is delayed almost for a year now it's better than nothing. And by the way, even Apple can't handle their own design each time right πŸ™‚

You probably already noticed the single con of the PowerPod - the rubber that it's built of collects all the lint in all of your pockets. But on the flip side it keeps your AirPods safe from falls (mine are chipped a bit after a year of use) and scratches and even helps opening the lid easier with that additional grip.

Overall I can highly recommend the PowerPod Case for those who wants to secure and charge his AirPods wirelessly along with their other Qi-enabled devices.

Let’s Encrypt certificate for different domains in different folders

Lets-Encrypt

If you're struggling setting up Let's Encrypt on some custom server setup of yours - look no more.

When it comes to tech I'm the kind of guy who likes something to be just the way I want it. Of course I might stop with some intermediate decision, but it will bug me until in days or months I still do it just the way I see it.

I have a home server running few VMs with few services and websites on them. Recently in order to simplify my setup that grew over the last few years I started consolidating all the domains I have been using and moving them onto the subdomains of one of them.

I like having SSL everywhere I can. Either it's the lock icon in the address bar what makes it special, or just the basics of Internet security I try being part of. In any case, if you're hosting any kind of web service yourself, not really depending on your setup you can get SSL for free from a trusted Certificate Authority like Let's Encrypt. And with the help of CertBot it's really easy. Unless you're like me and don't look for the easy way πŸ™‚

There are many 1st and 3rd party manuals online on how to install Let's Encrypt or a SSL certificate from another issuer. The problem is that they are usually written for people who has their domain in question handled by Apache on the 80-th port. Which probably matches 95% of the use cases, but not mine. Except using not the standard 80 port I run multiple domains and subdomains on one server in multiple server blocks and configurations.

I was getting problems with using regular CertBot's commands for a Nginx+Ubuntu 16.04 setup. I didn't need the bot to setup my configurations since I did that myself, so I used
sudo certbot --nginx certonly
or even
sudo certbot certonly
But that didn't help, I was getting 404 errors on the ACME challenge. I thought my custom port was to blame as probably CertBot is setup to work only with the 80-th port so it couldn't find needed files there since I am using another port. As it turned out the port wasn't to blame.

The real issue was that CertBot was looking for files in a wrong folder on my VM's drive. Turns out if you don't specify it explicitly, the bot looks for the files in predefined paths, which in my case also were custom πŸ™‚

That's where a handy --webroot option comes in:
certbot certonly --webroot -w /var/www/example.com/test/ -d test.example.com

And that's how I got a shiny lock icon on one of my new subdomains.

For more info on the --webroot (and other) options you can read in the official Certbot user guide.

UITableView automatic cell height change with animation

UITableView-cell-resize

Today I had to update cell's height in UITableView while typing into a UITextView in that cell. After going through several approaches without any luck I stumbled on this interesting solution.
Objective-c:

[tableView beginUpdates];
[tableView endUpdates];

Swift:

tableView.beginUpdates()
tableView.endUpdates()

You call these two methods whenever you need to update the cell's height, whether you use tableView heightForRowAtIndexPath (tableView heightForRowAt)
with predefined cell height or AutoLayout with automatic

estimatedRowHeight,
rowHeight

In both cases UITableView will reload only the cell which height needs to be updated and not the whole table. And also as a nice bonus it will do that with a smooth built-in animation.

Even after few radars to include this behavior into their official documentation Apple didn't add this side-effect to the method's description, despite actually recommending such use in their WWDC 2010 'Mastering Table View' session 😊

So if you want to just change your the height of the rows in your table view, it's an easy way to do it.
You can do that in conjunction with a change of the rows in your table view.
You can also actually just do a simple Empty Update Block.
You can call it beginUpdates immediately followed by endUpdates with no actual changes to your table view.
We'll go through all the same steps here.