Installing CyanogenMod 12 (Lollipop) on My Samsung Galaxy S5

This was surprisingly easy to do:

1. Root the Phone

This was made simple thanks to Towel Root. Please see https://towelroot.com/ for this easy to use utility. Afterwards you can confirm that your phone is properly rooted using Root Checker.

2. Install a Custom Recovery

Once rooted this was too easy. Install TWRP Manager making sure to install BusyBox if required. TWRP Manager will manage everything so just follow the instructions and you’ll be good to go. If you get any BusyBox errors fret not, install the supported Stericson BusyBox.

3. Backups!

There’s no tool like Titanium Backup. Install it, buy the Pro key, and back up your user apps and data. Later in Restore Apps & Data you will be able to quickly restore your apps and their config data saving you countless hours of tedious effort. It will also back up and restore your Hangouts/SMS messages.

But possibly more important than backing up your apps & data is making a nandroid backup of your original system. This will allow you to restore your phone to its pre-CyanogenMod state, Samsung’s infamous KNOX warranty bit notwithstanding. Simply reboot to recovery by powering down your phone then powering it up by holding down the power button, home screen button, AND volume up at the same time until the Samsung logo appears. Then select Backup and select what you want to back up. I recommend Boot, System, Data, EFS, and Modem. Once the backup is complete, make sure you copy the files off your phone onto a PC.

Important: both of these backups should go to the SD card so they can be restored later if need be.

I also recommend connecting your phone to your PC and manually backing up photos, videos, etc. These are NOT captured in the above backups. Note that your external SD card will not be affected by the upcoming erase and flash operations unless you do something really goofy.

4. Download the Files

The latest CyanogenMod 12 files are located here. Select the latest Nightly build but understand the risks in doing so. As of this writing there is nothing more stable than Nightly builds but eventually there should be something better.

You will also need the Google Apps package which will allow you to use the Play Store etc.

These two ZIP files should be saved to your external SD card. I use a folder called ROMs for anything I might want to flash.

Flash the Phone

Now that you’re all backed up and no longer afraid to lose anything on your phone, it’s time to leave TouchWiz. Boot into recovery. From here you should do a Wipe/Factory Reset, then select Install. Navigate to your ZIP files and first add the CM12 file followed by the Google Apps file, then flash them. This shouldn’t take very long and once it’s finished, clear the Dalvik cache when you get the chance. Then reboot into CyanogenMod and configure your new phone.

Warning: make sure you have a fully charged battery. The last thing you want is for the battery to exhaust itself in the middle of a flash…

Restore Apps & Data

If you choose to allow it when initially setting up your new phone OS, CM12 will start re-installing your apps. If Titanium Backup was not installed then install it. After launching it you can select Restore and select which apps and/or data to restore. If your apps were automatically re-installed for you then you only need to restore their data.

This restore process works very nicely and allows you to quickly restore your applications’ states without having to manually reconfigure them one by one.

Private Internet Access and pfSense

I’ve long been interested in using a VPN to access out-of-country content as well as to secure whatever nefarious activities that I may be up to. Not that I have anything to hide but it’s no one’s business what I do.

I’d toyed with Tor back when I installed Google Voice. It works but is dog slow. My interest in this subject was recently rekindled when I read this article. I found myself drawn to Private Internet Access (PIA) and it’s promises of low cost and unlimited bandwidth coupled with no throttling. I signed up for a monthly plan with the intention of either canceling it if I didn’t like it or switching to a full-year subscription if I did.

Signing up with PIA was easy enough. You can download client software that runs on your individual machines if you wish, but since I have a pfSense firewall, I knew I should be able to channel all traffic through PIA over VPN so I wouldn’t have to install any additional software. Here are the config steps for pfSense 2.0.1.

To start with though, make note of your current IP address as evidenced by http://ipchicken.com. We want to confirm that your IP actually changes when we’re all done.

pfSense Config Files

SSH to your pfSense server and cd to /etc. Create a file “openvpn-password.txt” with two lines, one for your PIA userid, the other for your password.

You also need to download this file from PIA and extract its ca.crt to /etc.

Set 0600 permissions on both of these files e.g. “chmod 0600 /etc/ca.crt”. You can exit SSH at this point.

Certificates

In pfSense’s webConfigurator, go to System and select Cert Manager. Add a new CA, call it something like “Internal CA” using method “Create an internal Certificate Authority”. Fill in the Distinguished Name pieces below as you see fit.

Now click on Certificates and add a new certificate using “Create an internal certificate”. Call it something like “OpenVPN” and select type “Certificate Authority”.

OpenVPN Service

Go to VPN, select OpenVPN and click the Client tab. Add a new client. Leave all defaults except the following:

  • Server host or address: enter your desired PIA host e.g. us-texas.privateinternetaccess.com
  • Check “Infinitely resolve server”
  • Give it a meaningful name e.g. “Private Internet Access OpenVPN”
  • Clear “TLS Authentication” check box
  • Make sure the CA and Cert you created are selected
  • Select “BF-CBC (128-bit)” for the encryption algorithm
  • Check “Compress tunnel packets using the LZO algorithm”
  • Enter the following for Advanced at the bottom:
auth-user-pass /etc/openvpn-password.txt
ca /etc/ca.crt

Click Save to write your config and the OpenVPN service should start. You can click the blue “S” just under the Help menu to confirm that its status is “up”. Also check the log (blue “L”) to make sure there aren’t any errors.

Enable Interface

Go to Interfaces and select (assign). Click the add button. A new entry called OPTn should appear with “ovpnc1” as the port. Click Save. Now you can enable your new interface. Go to Interfaces and select OPTn. Simply click Enable and Save. Note that you can rename the interface if you want to something like “VPN” but it’s not necessary.

Restart the OpenVPN service so everything is in sync. Go to Status and select Services, then click the restart button beside the OpenVPN service. Ensure that the OPTn gateway has an IP. Go to System: Routing and make sure the Gateway has an IP address.

Firewall Config

At this point the OpenVPN service is running but you aren’t using it. You may not even be able to access the Internet in this state. While there’s a lot you can do to tailor your firewall access, here’s a quick way to route all your outgoing traffic through your new VPN connection.

Go to Firewall and select NAT, then click the Outbound tab. Select any existing rules and delete them. Select the “Automatic” option at the top and click Save, then select “Manual” and click Save. You should see a new set of rules which you can activate by clicking Apply Changes.

There’s lots more that could be done to pfSense to tighten up your security but this is a starting point.

Defining Exceptions

One client of mine requires me to log in to their Cisco VPN. Unfortunately this does not work through the VPN connection I just set up. It’s easy to force connections to their VPN server over the WAN interface, bypassing our VPN, by defining a new route as follows:

  • Go to System and select Routing. Click Routes and create a new route.
  • Enter the IP address of the remote host, in this case my client’s VPN IP address. Make sure the WAN gateway is selected and enter an appropriate name.
  • Click Save then Apply Changes.

Attempts to connect to this IP address from any device on your network will bypass the VPN and go directly to that IP address. Too easy!

Test

At this point you should have all your traffic going through the PIA VPN. You can confirm this by refreshing your ipchicken screen which should now show a different IP address.

Final Thoughts

The biggest concern I had with using a VPN like this was the performance penalty. I used http://speedtest.net before and after and there’s certainly a considerable penalty to be paid, but it’s not as bad as I had feared. I have 100-megabit service and without the VPN connection realize a max throughput of about 93 Mbps. Running the same test WITH the VPN enabled cut that in half. Fortunately, 40+ Mbps is still plenty fast for most of my needs. I have to wonder if the fact that my pfSense is running as a virtual machine plays much of a role here since there’s a whole lot of encryption going on. Perhaps I’d be better off using dedicated hardware, but that’s an experiment for another day.

I may give a few other services a try to see if they offer improved throughput. So far though I am impressed with Private Internet Access.

NOTE: These instructions are for pfSense 1.2.3. For 2.X versions, please see the additional requirements in this article, specifically relating to a bug in older versions of pfSense. Please see the first quote there for more information.

Using Google Voice in Canada

I’ve wanted to use Google Voice for a long time now. Being in Canada however it’s not available. While certainly not supported or as full-featured as using it in the USA, there are straightforward ways to get it working if you’re in Canada. Here’s how I did it.

Get a US-Based Phone Number

When you sign up with Google Voice in the next step, it verifies you in part by calling a phone number and having you enter a verification code. I used a Skype Online Number to do this which costs $20 for three months or $70 for an entire year. I signed up for a three-month plan which I may make use of  for an upcoming trip to the USA (or not!) In any case, I got the US-based phone number that I needed.

Note that it may be possible to get an Alberta 403 area code using an alternate service such as TellFi. While I have not verified or exploited this, there appears to be a loophole in Google’s US number verification service that allows a 403 number to be used.

Sign Up for Google Voice

Unless you happen to be in the US at the time or know how to set up a proxy service so you appear to be calling from the US, I suggest downloading and running the Tor Browser. This nifty little tool makes you appear to be browsing from the US. Once you have it running, navigate to http://google.com/voice and sign up. It’s straightforward enough. Make sure you enter your US-based phone number when prompted. Google Voice will automatically be set to forward calls to this number, but that’s not especially useful so you can uncheck it or even delete it altogether in Google Voice’s settings.

At this point you have a Google Voice phone number for the state/area that you selected. If you call it you’ll get sent to voice mail. Voice Mail messages will be transcribed and emailed to you for playback.

Install the Google Voice App

Receiving email is nice, but the Google Voice app provides a much nicer integration. Even when using a proxy, the Play Store will not allow you to install this app to your Canadian devices. No problem, simply browse to http://goo.gl/SUsuc and use a QR Code reader to download the latest version to your phone. Once it’s downloaded, go to your Downloads app and install the APK by clicking on it. There’s a quick setup procedure, then you’re in business. Now you have Visual Voice Mail on your Android phone!

Limitations

Based on my limited experience with Google Voice, it really doesn’t do much for us Canadians right now. There’s no integration with your existing phone numbers which sucks. What it does do is give you a US-based number at which you can be reached, though since you can’t forward THAT to a Canadian number, it’s of limited use. You can forward your existing phone to your Google Voice number (instead of to your carrier’s voice mail) to effectively give you Visual Voice Mail, but modern voice mail is pretty simple to use and in the case of Rogers (and possibly others) I’m quickly sent a transcribed version of my messages over SMS which usually precludes any need to call in to hear messages anyway. You can’t make or receive calls while you’re in Canada, but if you’re travelling in the US and have access to WiFi, it would probably work great.

If there’s anything I’ve missed that makes Google Voice can do, please let me know and I’ll update this guide.

Why Isn’t Google Voice Available in Canada?

This has bothered a lot of people for a long time now. What I don’t get is why a US-based company like TellFi can set up a similar service in Canada but a behemoth like Google can not. Surely it can’t have anything to do with Big Telecom trying to keep them out, could it? Imagine how things would change (for the better) if we didn’t have to pay for North American long distance because we used Google Voice…

Disclaimer

Follow this guide at your own risk. I’m not responsible for any charges that you may incur as a result of your experimentation.

Credits/References:

Instructions from other blogs: http://goo.gl/84Ho3, http://goo.gl/B1n1S

Tor Project Browser: http://goo.gl/ihTV

Skype Online Number: http://goo.gl/EPmC

TellFi: http://goo.gl/z25my

Phoenix 2011 Day 4

Spent the day checking out condo units at the north end of the city. Saw a total of 13 units between yesterday and today, and they are becoming a bit of a blur so I created a spreadsheet to record their details, including pros and cons. No clear winner has emerged…

Went for lupper at TGI Fridays around 4pm, then drove downtown to the US Airways Center to watch the Suns squeak one out over the evil Spurs. The row 10 seats right behind the goal (Suns’ end) were awesome! The two meth-heads (speculation) sitting to my right were the only downer. They screamed at the top of their lungs all games for the Spurs, but during halftime, everyone around us decided to make the second half miserable for them. This was a lot of fun actually, and they actually got into arguments with several fans. At one point the guy beside me freaked out because I was clapping those irritating noise sticks too close to his face or something. I almost felt bad for them because people were clapping them right over their heads (from behind), in their faces (from in front), and on either side. We’re just happy the Suns hung on. Very entertaining game nonetheless. Barb spied the two of us on the scoreboard cheering during one of those “make noise!” rallies, but I didn’t see it. I bought a game jersey which I wore proudly. I figure over 50% of fans has Suns jerseys on, and probably 90% of them were Steve Nash #13 like mine.

Plan to relax by the pool tomorrow and discuss the candidate condos. Still pretty sore today from golfing, so I will probably wait until Friday to play again.

Phoenix 2011 Day 3

I teed off at 6:30 this morning and was done just after 9am: incredible! The Legacy is a tough course, and I was lucky to scrap out a 48 on the front nine, but I tore up the back nine with a 41, scoring par on five holes. It’s not every day you can play 18 holes in 2.5h. I got back to the room and still had my whole day ahead of me.

We went shopping at Target and got some more supplies and some clothes.  We had a 2pm appointment with a realtor to check out some condos, and did some more shopping in Chandler at their giant shopping mall. The condos were neat, and we will be seeing more tomorrow.

When we got back, we headed to the pool to catch the last hour and a half of sun. It was pretty warm today, having reached 29C. Looking forward to tomorrow.

Phoenix 2011 Day 2

Woke up, ate leftover pizza for breakfast, then went to the golf course to hit some balls. We’re used to practicing at the Dome back home, and hitting off faux-grass mats. Switching to turf can be difficult because you can really chunk the club into the turn, whereas on the matt it will bounce back and keep moving, giving you a false sense of security. Need to practice more!

With a few of the cobwebs dusted off, we decided to golf this afternoon at a nice little 9-hole executive course called the Encanto 9. Encanto Park is a gorgeous facility, and this little course is adjacent to it. There were some longer 250+ yard par 4’s, which was nice because unlike most executive courses, I could actually hit my driver. I almost drove a couple of the greens too. Only a few pars and no birdies, but it was enjoyable nonetheless. Barb had fun too and made some great shots. I loved it so much that I booked a 6:30am tee time at Legacy on Tuesday. So far it looks like I may be going out alone.

After golf we hit the pool area. It got up to 28C so it was very pleasant. The pool was fairly warm, and the sun felt great. We lounged around for 45 minutes or so before heading back to the room.

Had dinner at Aunt Chilada’s (no kidding!) which was FANTASTIC. Pretty spicy though! There were mallard ducks walking all over the place like they owned the joint. Afterwards I spied a mammoth Fry’s Electronics store across the road and we walked around for about an hour, and there was still much that we did not see. This place had everything imaginable, and much that wasn’t. There were computer components, electronic components (resistors, circuit boards, IC chips), a vast number of computers, more TVs than I have ever seen in one place, AV components, dozens of metres of DVDs, gaming consoles galore, it was just insane.

Phoenix 2011 Begins

We arrived in Phoenix this morning just before 9:45 local time after a 3.25h flight. After a long walk to the baggage claim area, and a longer shuttle ride to the rental car area, we drove to the resort which was just a few minutes from the airport.

The Legacy Golf Resort is quite the place. The on-site course is quite a ewel apparently, and green fees are priced accordingly. That said, there are deals to be had if one is patient and waits for the afternoon to tee off. We will probably play this course once or twice and try some other local offerings, including a simple par-3 executive-style course that Barb would feel more comfortable at.

The weather when we landed was barely warmer than what we left in Winnipeg, but it quickly rose from 10C to almost 20C by late afternoon. We checked out the mammoth Phoenix outlet mall which is a nice, air-conditioned venue replete with a food court and movie theatre multiplex

The forecast promises scorching temperatures later in the week, culminating at 36C on Saturday when we will be at Chase Field watching the Diamondbacks play on my birthday, no less.

Thursday we will watch the Suns play the evil Spurs from San Antonio. We also plan to go hiking in the mountains and maybe check out the local real estate market.

VMware ESXi Corrupted iSCSI Datastore

Terrible scare yesterday. I rebooted my ESXi server, which hosts several critical systems, and ESXi didn’t recognize the iSCSI datastore. It could see the iSCSI LUN, but attempts to add it as a new datastore warned that all data would be destroyed. Backups were available but I’d rather have (a) found out what the problem was/why it occurred and (b) fixed the problem. So started my 12-hour learning process.

This all came about because I rebooted the host in an attempt to get new vNICs working under a VLAN. Yes, holidays are a great time to play and learn, it would seem. As a consultant, I should spend even more time doing this sort of thing.

So why couldn’t VMware mount the datastore? Did something happen to it? I tried all manner of fixes, including ultimately reconfiguring my host from scratch to wipe out any traces of the old datastore in the hope that some config was corrupted, but no go. The last resort, it would seem, would be to repartition the iSCSI LUN, which to me seemed a last-gasp effort. Since I was at that stage, I followed the following instructions:

esxcfg-scsidevs -c (take note of the disk device)
fdisk -l /dev/disks/t10.F405E46494C4540096D427739387D25525F4A5D245638787

Hmmm, this didn’t show “fb VMFS” like it should, but rather “SFS”. A quick search told me that this indicated a Windows dynamic disk. Uh oh… Rewinding a bit, a couple of weeks ago a Hyper-V Windows Server of mine had lost its iSCSI connection. The disk was there but it couldn’t access it. I saw that it was marked as, you guessed it, Dynamic! Does that mean everything is toast? I can only guess that ESXi saw the disk as VMFS since it was first created, and continued to access it as such even once Windows had marked it as dynamic. Since the Windows server didn’t really use it, odds are that the two didn’t interfere with each other except for the partition table.

Only one way to find out. I continued with the terrifying process of repartitioning the datastore:

fdisk /dev/disks/t10.F405E46494C4540096D427739387D25525F4A5D245638787
d (deletes the partition: gulp!)
n (create new partition)
p (make primary)
enter (accept default)
enter (accept default again)
t (change partition type)
fb (VMFS)
X (expert mode)
b (change beginning of partition)
1 (first partition)
128 (select secdtor)
W (write changes and exit: double gulp!)
vmkfstools -V (discover the VMFS)

At this point, in vShpere I did a Rescan on the Storage Adapters, and after clicking on Storage, to my amazement, my iSCSI datastore was there! I added my VMs to the inventory and started them up, and all was fine. Very cool.

To finish things off, I disconnected the LUN from that rogue Windows server and removed the LUN from OpenFiler so this can’t happen again. While it’s fine for different ESXi hsots to share a LUN, it’s clearly a bad idea for Windows and ESXi to try and play together…

Mexico: Day Eight

7:30 alarm was set but unnecessary. We had trouble falling asleep for some reason, but ended up with a great rest and were both awake and up by 7:20. We ordered room service and showered, then ate breakfast on the patio one more time before returning to brush our teeth and finish packing the remainder of our items. We called for the bellboy at 8:30 then went to the Preferred Club to check out and print our boarding passes. After a short wait in the lobby, our van arrived to take us to the airport.

Check-in went smoothly with a short line, and we naturally took the express line since we had out boarding passes already. This was pointless since they line for normal passengers emptied out faster than ours! But no matter. A quick run through the security gates and Barb went duty-free shopping while I waited around for her.

Once she was done, we decided to try for a quick bite at TGI Fridays, even though we only had 20 minutes until boarding was to begin. While waiting for our snack, we saw the schedule board change to show that our flight was boarding, so we asked them to please hurry, and within a minute we were shoveling back some excellent potato skins at a record pace. We scurried across the airport and arrived just as the last few passengers were boarding, so no problem. There were even a few that boarded after us. We left about 10 minutes ahead of schedule and took off. Once again, the plane was far from full so we got to sit with a space between us. This won’t happen when it’s January or February, but it makes the flight a lot more comfortable.

Mexico: Day Seven

Last day!

Woke up a little late, so we started with an excellent room-service breakfast. Barb went to get chairs by the ocean, while I grabbed towels. We baked in the sun for a bit, watch an argument between some Germans and Quebecois over reserving chairs with towels, then went for a long walk on the beach. The Mexican who showed us the condos for sale asked us half-jokingly as we walked by, “have you made a decision on my house?” As if he remembers us, that was almost a week ago!

We returned and went for lunch at the poolside patio where I had my staple, Tex-Mex nachos. Excellent as usual. Barb enjoyed her won-tons and steak. My arm got pooped on by a bird that was walking on the open-air roof over us, so we left before it found a better target.

We returned to the room for a break from the sun and to call home. Stephie and Sara said that Molly was doing a little better (she was acting sick, lying around and doing nothing, not even eating, so we suspected another bladder infection) so we were relieved. We called Lisa and Mike, but Mike and Amy were arguing so we had a quick chat with Emily. Then Barb called her parents who told us about the cruise ship incident and how her sister Betty went with her daughter and grandkids to Jamaica on a last-minute seat sale. How nice! Maybe now that Betty is retiring, she can accompany us on some trips.

We went back to the beach for the rest of the afternoon and grabbed what sun remained. Barb bought some jewelry from beach vendors, then we went upstairs to shower. Before dinner, Barb went and did some more shopping while I chilled in the room. We ordered room service for dinner instead of going to the Italian restaurant again. It was excellent. Room service is definitely underrated!

We spent the rest of the evening variously writing blogs and researching future trips! Oh and we started packing. Our bus comes at 9:30am tomorrow to take us to the airport for our 12:30 flight home.

It was an excellent vacation. With Stephanie, Eric sand Chloe living with us, and with me being crushed with work for the past many months, it was great for me and Barb to be able to spend some quiet time together. At the same time, we are missing our family and our puppies, and they are missing us, so it will be nice to go home.