Surf the Web — even when your ISP is down

Topic

New Reply

PUBLIC DEFENDER Surf the Web — even when your ISP is down By Brian Livingston It’s a well-known subset of Murphy’s Law: Your Internet service provider
[See the full post at: Surf the Web — even when your ISP is down]

7 users thanked author for this post.

Wheel_D, rddavistoronto, areader, JCpharm, SueW, Chris Greaves, Slowpoke47

Reply | Quote

Replies

Free Newsletter links right now ( 2021-02-08 12:20AM PST ) for Surf the Web and for Security re Ransomeware in Windows10 are inopeeative … go nowhere or go to a not-found place

Please repair the links,

thank you

Reply | Quote

PUBLIC DEFENDER: Surf the Web — even when your ISP is down and its 19 links all seem to work fine in the free newsletter.

LANGALIST: More on Win10’s Ransomware protection is not in the free newsletter, only the PLUS edition.

Reply | Quote

My ISP (VDSL) has been exceptionally unreliable for the time I’ve had it. Unfortunately, in my neck of the woods, there are no better options. No cable out here. Some of the outages have lasted several days, and when they finally get fixed, it doesn’t stay fixed for long.

I looked through my emails (I save them all) for the “we’re coming out to fix your service” messages, and they’ve been out here dozens of times (maybe forty) in the less than ten years I have had their service. I’ve had them out three times in a week on three separate repair tickets (and that’s happened several times).

I think (hope!) that the last time they fixed it, they actually fixed it for good. In between repair visits before, there were always the odd retrains listed in the modem stats, and sometimes the signal to noise ratio would dip down to half of what it normally would be while I was watching on at least one of the two bonded lines. When it was “good,” I never noticed the retrains in my own use… if I did, that’s when it became “bad,” and generally it would quickly devolve to retraining constantly (several times per hour or more), and it was time for another repair visit.

Ever since the last time they were out, though, it’s been really good (knock on the woodgrained panel on the right!). The SNR is always where it should be on both lines, and NO retrains since the date of the last repair (by now a couple of months). It’s never been like that before.

I do, though, have a backup plan (now). That smartphone I just got not long ago came about as a result of that plan, which initially was to have a modern flip phone that had wifi hotspot tethering. The problem was that the carrier disabled that feature on the phone, and it doesn’t have bluetooth tethering either, so the only option left is USB, which means having to carry the cord around. I am often out with my Swift laptop, and the phone is there as a given, so it seemed a great fit to simply be able to turn on the mobile hotspot and have full internet.

That didn’t work, and it was after that when I began to consider a degoogled smartphone instead (the only way I would accept one).

The plan that I have is inexpensive and has a pretty nice data allowance per month, all if it available for tethering. If I dial back on my video streaming, it’s enough to get by for an entire month if need be, though even my unreliable telco has not been bad enough for that to happen.

Come to think of it, my home internet did see this big improvement at about the same time that I finally had a plan B. Just like how washing the car guarantees rain!

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

1 user thanked author for this post.

Wheel_D

Reply | Quote

I’ve been having issues with my home connection too… ever since the wired connection got pulled (yes, telephone poles pulled out of the ground too).

Well, at the moment I have a load-balanced setup between two LTE mobile broadband connections from different ISP/telcos. Auto failover and all that, along with the dynamic load balancing. Total cost of routers something like 250 € one-time expense, and unmetered mobile data is common and fairly cheap over here.

Reply | Quote

Another router to consider is the Synology RT2600ac. It includes a feature they call “Smart WAN” which can provide either “Failover” or Load Balancing+Failover”.  When enabled, the physical connections are to the WAN Port and LAN Port 1.

Reply | Quote

I prefer the solution with SIM card. Telephone is available all over the world, at least GPRS is available nearly everywhere. I have a router that can use SIM card (TP-Link Archer).

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

I was ready to buy until I read the “Downsides” paragraphs in the linked Horowitz item.

Sure does not sound like they are using those fees to the users’ benefit!  I mean, perpetually screwed up firmware updates?  And way too many other issues too.

I will stay with the devil I know, thank you!

Reply | Quote

For our home network we are using a router supplied by our ISP, Verizon.  Since we started with them a few years ago, they updated the original, model unknown, with this one- Actiontec M1424WR Rev. 1- without a specific request from us.  We have never had any trouble with our Internet connection, but we do have concerns re privacy.  Should we buy a different router?

Reply | Quote

Slowpoke47 wrote:

we do have concerns re privacy.  Should we buy a different router?

Privacy is not something your router generally has control over. There are some hacks that could potentially send you to a “man in the middle” attack, but that is why we use 2FA and take care connecting to important web sites.

cheers, Paul

1 user thanked author for this post.

Wheel_D

Reply | Quote

The router sees the MAC address of all your devices, so it can learn something about the devices in your home from this. Also, any ISP in the US is allowed to spy on your activities regardless of the router being used. The solution to that is a VPN either run on individual devices or run on a router not supplied by the ISP.

Then too, some routers phone home with all sorts of network activity information. If the router supplied by your ISP did this, they could learn quite a bit about you.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

mapletrail, Kirsty

Reply | Quote

Hi,
I read the article about router security and found it scary.

Do you have any suggestions for what ordinary home users can do to mitigate this risk? I have Verizon FIOS and the MI424WR router manufacturer does not support updates.

Reply | Quote

Test your router by going to the GRC ShieldsUp! page.
Click on “Proceed”.
On the next page click on “All Service Ports”. Wait for the test to complete.
You should see lots of green – this is good.

Next, return to the ShieldsUp! page and click on the “GRS’s Instant UPnP Exposure Test”.
You will see some red bars and then, hopefully, the green OK.

Let us know the results.

cheers, Paul

Reply | Quote

Thanks, Paul. Will do this and get back to you, but I am currently traveling and will not be back there for a month or so.

Reply | Quote

ShieldsUP!, while the best of its kind, is extremely limited.

For one thing, it only tests TCP, not UDP. Then too, there are over 65,000 ports and it tests very few of them. Finally, the ports it does test are from another generation. As the threats have changed, the ports being tested have not. Then too, the mass testing of ports can return a false positive when the router being tested raises its own shields in response. Its better than nothing, but realize the limitations.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

Wheel_D

Reply | Quote

Good news – all ports green (stealth) and passed the UPNP test. I think I may still get the peplink soho router to install on my side of the Verizon router.

Reply | Quote

Rather than spend $200 on a peplink, by a TP-Link C7 and load DD-WRT on it. $70 and you can play all you like.

cheers, Paul

Reply | Quote

Thanks, Paul. I think I’d be more comfortable with the availability of manufacturer’s support that the SOHO provides; DD-WRT being a one-man-band from what I read. A good friend installed the Draytek and has spent countless hours getting it configured. I don’t need the highest possible bandwidth so I think the SOHO will be fine for my needs (streaming 1 video at a time is about my highest bandwidth requirement)

PS – I asked, and Verizon FIOS was not willing to provide me with a new router free of charge even though the one I have is discontinued and no longer supported with firmware updates by the manufacturer.

Cheers!

Reply | Quote

The main developer is one person but there is plenty of support as the users are mainly tinkerers.

My C7 works really well with DD-WRT, but you do need to know your networking stuff – as you would if you wanted to configure the peplink in a non standard way.

cheers, Paul

Reply | Quote

I am pretty sure that Verizon FIOS routers leave open ports on purpose. Chances are that a newer router from Verizon would do the same thing. Still, check with them. In my opinion, the best solution would be add your own router behind the Verizon one and connect all your devices to your router. Consider this your model
https://www.michaelhorowitz.com/second.router.for.wfh.php

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

Hi!

I’ve switched to Ubiquiti gear years ago and I am not looking back. I got an EDGErouter Lite with a UniFi AP (AC), and since I converted friends, family and small businesses to Ubiquiti. The gear is inexpensive, the community of users is large and varied, updates are frequent and the remote management software works well!

The EDGErouter line is aimed at technical-minded people like IT staff and ISPs so the initial setup can be scary for some users (a wizard is available for initial setup). However, the flexibility is maximum and you have access to the “guts” of the router with command-line access and an equivalent UI if desired. You can remote-manage the EDGE fleet with UNMS software, self-hosted or Cloud.

The UniFi line is aimed at consumers or businesses and as such is easier to configure I hear. I can’t comment on this as I only use UniFi APs and those are configured from an app or command-line to connect to a UniFi management server where the configuration is done. Configuration from the management server is easy, has lots of features for business use (stadium deployment anyone?). For simple setups, the server isn’t needed after the APs have been provisioned. Note that Ubiquiti sells “Cloud keys” micro servers for those that don’t want  to dedicate hardware or a virtual machine to the UniFi management server.

I use a VM for both UNMS and UniFi management servers on a spare low-end low power business machine. One of the pluses is having notifications when there are disconnections or Wi-Fi interference at a site. I also get performance and activity data to troubleshoot issues among other benefits. I also could kick/block Wi-Fi devices or disable internet service to someone who doesn’t pay my bills 😉

2 users thanked author for this post.

doriel, AlexEiffel

Reply | Quote

Can you use the UniFi line or the Edge line without it phoning home and reporting on you to Ubiquiti?

FYI: Unifi live demo:  https://demo.ui.com/manage/site/default/dashboard

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

Yes, you can. Ubiquiti has asked permission to ENABLE telemetry for a while after customer back-pressure for default-ON hard to disable telemetry.

Previously, a command had to be used in console mode to disable it. Now, a popup appears in EDGErouter UI asking you for the permission to enable telemetry (default OFF).

Similarly, a toggle is present in the UniFi controller software. Ubiquiti learned!

UniFi FAQ: https://help.ui.com/hc/en-us/articles/360042384093)

Edge FAQ: https://help.ui.com/hc/en-us/articles/360051176734-EdgeRouter-Privacy

Note that the UniFi live demo is version 5.11.39 and the current version is 6.0.45

I, for my context, enabled the telemetry as I don’t see value in the information transmitted. Again, this is in the context of my personal network usage. I value bug fixes and improvements over the content of the logs sent.

Martin

1 user thanked author for this post.

AlexEiffel

Reply | Quote

[Michael432]

thanks for the response. What scares me about telemetry is we never know exactly what it consists of.

The Analytics Data Collection FAQ says “You can enable the feature in the Device Settings of your UniFi Portal (https://unifi.ui.com/) or . . . ”  Is this a Ubiquiti website, or is it an auto-forwarded URL that points to your UniFi router? Looks to me like it is a Ubiquiti website. One way to test is to try it while off-line.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

• This reply was modified 4 years ago by Michael432.

Reply | Quote

The UniFi system is based on a controller to which your devices are associated, either online (Cloud) from Ubiquiti  (the website you mentioned) or a local install. If you use a local install (I do, in an Ubuntu VM) you have to connect to it and not the Cloud link (it is a separate thing).

The cloud controller has some benefits like automatic “safe” software updates and maintenance on the underlying servers, so it can be useful to some. The self-hosted version gives you control of the updates at the price of using your own hardware and maintaining it.

There’s a Port FAQ on their website, maybe they list the port used for telemetry? I know my controller talks to them as I get software and firmware update notices. I did accept to send the telemetry, maybe it’s a benefit from that.

The settings are not configured on the devices but on the controller and the controller then provisions the devices. I am only using the access points, so I can only describe my experience with them and no other UniFi device. The devices can be connected to with SSH for initial connection to the controller and troubleshooting purposes if needed.

1 user thanked author for this post.

doriel

Reply | Quote

[doriel]

Hello.
Do you allow automatic channel switching for your Ubiquity?
I abbandonned Ubiquity after few months, because for me they were simply unreliable.

The only think I liked was the controller, which I used to manage devices and backup configs. But automatich channel switching in default is just wrong. Also firmware update killed few of them. The price is OK, but.. I recommend them for home use.
With this topology, I left ubiquity and went to eXtreme APs.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

• This reply was modified 4 years ago by doriel.
• This reply was modified 4 years ago by doriel.

Reply | Quote

Hi Doriel,

I do use automatic channel switching, but the setups I have are very simple with only one or two APs, usually wired. They are nothing like the image you attached.

For such a complex setup, I would manage the channels manually! I know the controller has gotten new smarts a few updates ago, but my setup is too small to really know how much improved it is.

As far as bricking an AP, it never happened to me. I usually reboot them before updating them as this way, they return to a known internal state. Computers sometimes have memory leaks, temporary files and bugs that have an impact with longer uptimes and rebooting gets them in a “fresh” state. Maybe it’s just computer tech superstition 😉

Ubiquiti will sometimes obsolete a device with a somewhat limited time warning, this is annoying sometimes. There is no way to know when you will have to replace your deployment. It would be easier if they published a statement about EOL not being before a certain year! Instead, they publish in the controller release notes that models will stop being supported in a year. This hasn’t affected me yet, but I buy new series instead of older ones because of that :-/

Martin

1 user thanked author for this post.

doriel

Reply | Quote

Thank you for your reply. I think Ubiquity is good for small networks, there is no doubt about it and Ubiquity offers very nice tools for managing the network. But anyway I would disable automatic channel switching, if you live in a neighbourhood, that has more wifis, because you can unintentionally interfere with others. I would suggest to set your channel manually to 1, 6 or 11 (if you use 2,4GHz wifi. If you use 5GHz frequency wifi, you shoud be OK with automatic channel switching).

The golden rule of technician is: “Dont mess with the setting, if it works.” 🙂

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

Hi.  Re: the Peplink SoHo router and connectivity, backups etc…

I’m in the UK now but have been living in rural France for 6 years.  Power cuts and slow internet….!  I used to have an old Netgear  router with fallover backup back around 2001 but in France there was no need of any such thing as the mobile phones didn’t work as we lived in a dip.  I considered satellite internet – the download speeds were excellent, but there were data capping levels which increased costs plus, there’s the issue of the time lag for 2-way live chats, so I never took it on.  The ISP supplied the router-gateway but doesn’t allow you to choose your own DNS so I daisy chain from it and then star out like a dandelion clock.

Two years ago I got the Pepwave Soho based on the recommendations of Horowitz.  It was a fine piece of kit and had a boost for the signal strength which was good to punch through the thick stone walls in the 200 years old house we were living in.  Firewall etc was great (we ran a small guest house) for splitting guests from us.

I thought I had everything sorted.  I had a hardwire across the house to an old router plus some ethernet over the mains electricity (Netgear) to another old router or two which covered all the spots of the house (It was a very solid house….!)    I had two APC UPSs for power outages and mains smoothing.  It all worked fine until we were hit by lightning….

WE had nice twinkling LED lights along the guttering – these blew.  A fridge blew up. The phone blew up as well as its transmitter (it was Sagem).  The Orange box (the ISP connection to the web) – that blew, as well as the Pepwave router, one old router, three surge protected distribution boards, both UPSs, a lighting relay for the hall (the French use these a lot for 2 or 3-way switching), it blew a DVI input on one of my twin Iilama monitors as well as the graphics card in my main (home-made) big box PC and a network card in a PCI-e slot.

Weirdly, the Gigabyte black edition mainboard survived along with the Devil’s Canyon CPU and Ballistix memory.  All the PCI-e slots still worked.  Two USB sockets became a bit iffy.   Fortunately, my home backup using 2x4Tb mirrored discs in a QNAP 251+ NAS also survived.   All of this still works, about 18 months on.  The NAS is essential as internet speed and cost precluded using cloud backups…

I got two new UPSs.  This time I reverted to Eaton which I consider better than APC.

For my connectivity, a new network card worked in the slot (relief there I can tell you!)  and co-incidentally, the week before the strike, I had bought a travel router, a GL-inet AR750.  I’d just bought it to play with and take on journeys.  I still had some old routers which I then cascaded off it getting the home network up and running again as I usually do.  I now use it as my main router, and it does DHCP work and pushes the signals to some old routers yet again.

I am pretty impressed with the little thing, it’s about as big as a cook’s box of matches.  Despite being Chinese I was a bit wary but read the reviews) …….It runs Luci OpenWrt so can be updated just like any open source router.  For such a little thing it has much to commend it and can do lots of things.  It is currently set up at my daughter’s where I am living for a while, as a kind-of wifi repeater.  I piggy-back onto her Google Nest system and keep it as a router with my old passwords and routing (I use 10.10.10.10 as it’s easy to type and remember c.f. the usual 192.168…).  I like to use OpenDNS and set it up on the router – all the fanned out routers I mentioned are used purely for connecting a printer, wifi repeating, the TV and everyone’s mobile devices and laptops.  They don’t route or update so are kept well behind the firewall. They just repeat.  The AR750 comes with three slide in plug things into the power brick so it can be used in the EU, UK and USA (I think).  Obviously it can’t push lots of traffic through it.  But there again, the Pepwave only recommends 20 or so concurrent device connections.  It does 2 & 5 wifi bands as well as guests on each band which can be set up totally independently or to use the same pwd.

The reviews of the AR750 are still a mixed bunch.  I think a lot of MTBF is at the new end of the scale……essentially, it either works very well or not at all.  Mine has worked flawlessly.  I left the original in France and now have another in the UK.  It too works flawlessly.

CONCLUSION

The AR750 was and is a lifesaver.  I have not replaced the Pepwave but may do so at a later date.  It was an amazing bit of kit.  I had it when it went from firmware 6 to 7.  It’s on 8 now. It was updated every few months.

The AR750 after one auto update needs updating manually from the OpenWrt site.  But it’s open source with lots of eyes checking the code.  For me, as everyone on Woody, this is good.

My other conclusion, Gigabyte Black Edition mainboards are worth the money.  I got mine in 2014, it still works and has had the lightning close shave.  Even the onboard graphics, networking and sound survived the strike, though I like to use a dedicated card for the first two.  I’ve considered getting newer gear and don’t have a need for a big box any longer with zillions of hard drive slots.  I just use a couple of SSDs now, held in place with zip ties!  The CPU hardly ever goes over 5%.  The only time I maxxed it out was last year doing some work to help the fight against Covid-19 with the Folding @Home project (a bit like SETI @Home if you know what that is).

I hope this helps somebody.  I’ve been a subscriber in one way or another for several decades now to Woody but this is my first input.  To give an idea how long – well, back in M$ Office 95-97, Woody made a MS-Word addin that showed what the font looked like on the font drop-down.  Before that, there were just names, Garamond, Times New Roman etc. so you had to click it, see if you liked the font and if you didn’t, rinse and repeat.  It was a pain.

I bought that addin!!!  I recall (I think) that M$ incorporated into Word maybe at Woody’s suggestion or because it was so popular.

4 users thanked author for this post.

doriel, Wheel_D, Kirsty, b

Reply | Quote

I too have heard good things about the GL-inet AR750 but have no first hand experience with it. Like the Surf SOHO, it can use a nearby WiFi network as its Internet source which is one thing that makes it a good fit as a travel router. Do you know if it phones home to the manufacturer at all (other than looking for firmware updates)?

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

As far as I can tell the AR750 just sits there doing it’s thing, Michael.  I used Wireshark as I have it chained wirelessly off my daughter’s Google Nest.  Plugged into one of the ethernet ports I see repetitive pings out from my wifi Epson printer so the traffic log is small.  So far I have not seen anything else of note.
The software updates are set for automatic, the last one was in Dec 2020.  These only do the front-end GUI from GL.iNet.  The core hasn’t been updated and is open source.  I should manually update it to v19 but I’m a bit scared in case I brick it – although their website comes with un-bricking instructions!!  (yes really..).  The software version on mine is OpenWrt 18.06.1 r7258-5eb055306f / LuCI openwrt-18.06 branch (git-18.228.31946-f64b152)
This is the latest software on their website, however openwrt have a custom download for the AR750 that is v19.  This is why I’m scared – openwrt say it will work but the AR750 website just has the latest v18, as seen above.

The AR750 router actually works fine.  In wired mode it has a bit more flexibility. As it is, once tethered, the IP settings are pretty much set so I’ve found I can set ip up in reverse order for my custom settings to take.

I don’t use the VPN, though it works.  The reason is that my NordVPN has a multitude of servers to connect to, which allows immense flexibility, so just use the appropriate app on mobile or windows machine..  The AR750 just allows one configuration.  It can be a server or a client, so with two you can easily set up a home-office or home-holiday setup.

In use, it’s warm to the touch.  The Pepwave was hotter and the old Orange ISP router in France was hotter still.

In “advanced” mode, in the screenshot, you can see the AR750 current status.

 

Reply | Quote

[Michael432]

If monitoring the WAN port of a router, I would expect to see relatively frequent calls for the time of day. NTP using UDP making outbound requests to port 123. If you don’t see that, I wonder which Ethernet port you are monitoring.

Can the AR750 block the Pings from the printer? More specifically, does it have outbound firewall rules? After all, the printer does not really need to know if its connected to the Internet. But, that’s just one example.

I completely agree with your being scared to install firmware updates. I feel the same way and this is a great thing about Peplink/Pepwave, that they have two internal copies of the firmware. I have updated many Peplink routers to new firmware over the years and twice the new firmware failed to install. Rather than a disaster, the router simply booted into the previous working firmware.

I am surprised your Peplink router feels warm, that has not been my experience. But, I keep mine in a place that allows air circulation underneath the thing.

Playing with one of the GL.Inet routers is on my short list of things to do.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

• This reply was modified 4 years ago by Michael432.

Reply | Quote

I cannot comment on this router, but if its NTP client is properly configured and used, you shouldn’t see NTP traffic except at boot and every 48h+. Otherwise, this is bad practice just for time keeping.

Of course, this would be different for an NTP server as this timing would be dynamically adjusted to the on-board clock quality by the NTP daemon.

A client only needs to be accurate to a few hundred milliseconds while a server wants to be as accurate as it can. The client likely runs as a Cron job while a NTP server runs as a daemon. I don’t believe routers commonly act as NTP servers unless it is specified as a feature.

Good practices for devices are to call a dedicated, pre-registered group on the NTP pool servers. This way, a broken device can be quickly isolated from the pool. Think something like “ubiquiti1.pool.ntp.org”. There have been past (and possibly current) occurences of badly configured routers hammering official, non-pool time servers multiple times per hour! I would give them the Kiss-of-death… @Michael432 might know about this!

Martin, caretaker of a Raspberry Pi NTP time server for his home network

Reply | Quote

[Michael432]

Martin: I have only monitored routers from two different companies, but in each case, they were pretty darn chatty in terms of outgoing NTP requests. Same for a Synology NAS. And they were only NTP clients. FYI: Peplink *just* added the ability for the router to be an NTP server for the devices on the LAN.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

• This reply was modified 4 years ago by Michael432.

Reply | Quote

Brilliant! Even I managed to get this working (following your instructions) on the first try.

In theory, when my ISP “goes down” in an Atlantic gale, I can still check email.

In practice, when my ISP “goes down” in an Atlantic gale, so will my Telecom, highways, food supplies, etc etc. Everything except my supply of rain water for drinking.

Still and all the local real world conditions do not detract from your article, which has equipped me with a Way Out when things start to collapse.

Thanks Brian!

Chris

Unless you're in a hurry, just wait.

Reply | Quote

ASUS has been very good about security updates for even its older routers.  There is also Eric in Canada (AKA “rmerlin’) who deeply studies the ASUS firmware and adds both features and security, many of which are picked up up by ASUS and incorporated into their public updates.

ASUS shares it source code with Eric and considers his work to be so secure and stable that they still honor the factory warranty when his firmware is installed.

BTW ASUS also has dual-WAN models with acousmatic fallback.

Asuswrt-Merlin | SmallNetBuilder Forums

 

 

 

Reply | Quote

You can serf the web when your ISP is down using you smartphone in tethering mode.

1 user thanked author for this post.

WSDKS01

Reply | Quote

… which is mentioned in the penultimate paragraph of the newsletter article:

Practically every phone can act as a Wi-Fi hotspot these days. However, a phone’s speed is typically much slower than an ISP’s. Also, your cellular carrier may charge an extra fee for tethering. For a complete how-to, see Brian Nadel’s Computerworld tethering article.

Reply | Quote

Again, the general statement may not be accurate. Bell, Telus and Rogers in Canada have no issues with smartphone tethering. The last phone I have which charged a penalty for tethering was with Bell and over a decade ago. In fact tethering is even encouraged today. You don’t want to watch Netflix however, as there are monthly caps and then speed limitations in place after 10-20 GB/mo, depending on your plan.

 

Tethering is much faster here than DSL. We use tethering on our iPhones at our cottage We get 50/20 or better on LTE (depending on how many neighbours are on line) while DSL is 10/.9. We expect this will change in rural Ontario as schooling has moved on line during the pandemic and has been found to be totally inadequate because of internet limitations.

Reply | Quote

… assuming your phone’s data connection isn’t going through the same carrier/ISP, anyway.

Reply | Quote

[bratkinson]

I used to travel on Amtrak extensively pre-Covid, and found a solution that works well on the western trains where Wifi is not provided account long, no cell phone signal periods while out in the middle of nowhere.  I’m sure I could do the same at home when my ISP decides to drop out.  As Alex5723 indicated, using my cell phone to connect to my laptop works wonders along reasonably densely populated corridors and near cities.

I experimented with a couple of Android-compatible products and settled on Fox-fi that allows me to connect via blue tooth, USB, or private Wifi.  Although I never tried it, I suspect I could set up the phone as a Wifi hotspot to make it available to others with tablet or laptop computers that don’t have cell phone access.  However, I’d expect band width to become noticeably problematic with each added device.

As an alternative, I know that some vendors like Verizon used to sell prepaid cell phone USB devices to be connected into older laptop computers that have no cell phone access.  Maybe they’re still available.

• This reply was modified 4 years, 1 month ago by bratkinson.

Reply | Quote

bratkinson wrote:

As an alternative, I know that some vendors like Verizon used to sell prepaid cell phone USB devices to be connected into older laptop computers that have no cell phone access. Maybe they’re still available.

Well, you could always get a carrier-unlocked Huawei E3372 or D-Link DWM-222 or … one of those others, and separately a SIM with a data plan, prepaid or otherwise?

ISTR that the Huawei one had connectors for external antennas at least, for rural area use.

Reply | Quote

I got lucky after Tropical Storm Isaias in August knocked down a tree that took cable out for a couple of weeks. I used my ATT networked on a MVNO to tether for 2 weeks. When I tried again I was told by the MVNO that ATT does not allow tethering by MVNO customers. Bought a pre paid phone that does but $10 a GIG extra.

@ Ascaris I learned that there are techs and then there are TECHS the former mumble and run the latter do the most they can and usually know more. We have had a Jerry-rigged cable from a distribution box to our campus box since August waiting for an new cable to be pulled below ground. In the fall our speed suffered from the cold, other techs had come and said the problem needed to be solved by pulling a new cable and there was nothing they could do AND that temperature would not adversely affect service. I caught a TECH working on another call caused by the cable and he said he had tuned the circuit for lower temps and sure enough things were sorta OK for a while then of course came freezing winter temps and I am getting 1/3 of my paid for service speed, sometimes …

My plan C is fiber 1 Gbs with tv and phone for $80 bucks less. Big ugly white tower of router but is only really needed for the TV guide and on demand video.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

I’ve had similar experience with Cisco Small Business gear, specifically RV345 for the router (it features Dual WAN including cellular) and the CBW240AC for the WAP. They also have a version of Cisco Business Dashboard for centralized management. Rock-solid performance, and with the service contracts, I get the automatic firmware updates and 24/7 support. Also supports Umbrella.

Nathan Parker

Reply | Quote

If someone was generously providing a free WiFi hot spot, as suggested by others here, and something went wrong and someone else ended up losing valuable data or with a device infected with some nasty bug, wouldn’t the someone who offered the hot spot be risking some law suits, at best?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

[Alex5723]

OscarCP wrote:

something went wrong and someone else ended up losing valuable data or with a device infected with some nasty bug, wouldn’t the someone who offered the hot spot be risking some law suits, at best?

No.

But, if that someone else will download some pedophile videos/pictures..or hack a site, then the someone who offered the hot spot will be in a very hot spot as his IP will be registered as the offender.

Many “free” wi-fi hot spots in train, air terminals are being used to hack into laptops and smartphones.

• This reply was modified 4 years, 1 month ago by Alex5723.

Reply | Quote

[cmar6]

Excellent article from Brian Livingston. “Router firmware patches are not completely automated but are free and easily available on Peplink’s downloads page. ”

I bought Soho Surfer router based on a prior Ask Woody article and also Michael Horowitz’ superb (but out of date) advice on that router. One big problem with all the Peplink routers is how to update the firmware. Brian quotes Keith Chau of Peplink: ” Chau says users of the company’s InControl management software (for the Surf SOHO) can install the latest firmware with a couple of clicks.” Problem is most individuals don’t use the complicated and very insecure InControl software. So it is unclear how to update firmware version. 1) How to check current firmware? 2) How to use downloaded firmware to update? Process is opaque and risky.

• This reply was modified 4 years, 1 month ago by cmar6.

Reply | Quote

There are screen shots of updating a Peplink router here
https://routersecurity.org/firmware.updates.php

The procedure on a Surf SOHO as of firmware version 8 is: System tab -> Firmware -> Check for Firmware button. If there is new firmware it will be downloaded to the router, installed and the router will reboot into it.

The manual firmware Upgrade is on the same System tab -> Firmware -> page.  This requires first downloading the firmware to your computer. Then, click the Browse button to find and upload the firmware from your computer to the router.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

Perq, cmar6

Reply | Quote

Michael,  Thanks for complete answer. I tried the manual procedure but got error “not .img file” since it was a .bin file. Fortunately the first (automatic) procedure worked. I believe that you have warned against quickly updating firmware but so far, I’m not having an issue with Soho Surfer firmware 8.1.1

 

Reply | Quote

[Michael432]

I tried the manual procedure but got error “not .img file” since it was a .bin file.

That is not what should have happened. The file type is indeed dot bin. The router does a sanity check on the uploaded firmware file and my guess is that, in your case, the sanity check failed. Perhaps a transmission error either on the upload or download. Or maybe the file was for a different hardware version of the router. Just guessing.

I believe that you have warned against quickly updating firmware but so far, I’m not having an issue with Soho Surfer firmware 8.1.1

I would avoid the first version of a major software update, yes. That applies to all software. However, the minor point releases are different as they are mostly bug fixes so should be installed fairly soon. Not immediately, never immediately, but soon. In this case, firmware 8.1 had a fair number of new features. Same for firmware 8.1.1. All that said, firmware 8.1.1 is the way to go at the moment.

 

 

 

 

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

• This reply was modified 4 years ago by Michael432.

Reply | Quote

To Michael Horowitz and all the router/wifi experts:

One issue that I haven’t seen covered is the speed of the Soho Surf router based on channel chosen for 2.4Hgz or 5 Ghz. In AP/Settings Channel is set to auto.

How would one check one’s current speed and how determine if there was improvement by manually picking a channel?

How to boost wifi speed by choosing right channel?https://www.extremetech.com/computing/179344-how-to-boost-your-wifi-speed-by-choosing-the-right-channel

“probably faster to just switch between channels 1, 6, and 11 until you find one that works well.”

 

Reply | Quote

You can use a third-party app to see which channel is less busy. I use InSSIDer, but there are many such programs.

In my experience, 5GHz is faster if you have a good signal (close to the Router). If you machine is farther from the Router, the 2.4GHz seems to do better with a lower signal. But you will probably find the 5G less crowded.

Reply | Quote

cmar6: speedtest.net

PKCano: yes, shown many times 5GHz is faster but 2.4GHz has longer range

Reply | Quote

You stumbled on another benefit of the Surf SOHO router. In the list of devices currently connected to the router, it shows the signal strength of each wireless device. And, it can be set to automatically adjust the channel but only pick between 1, 6 and 11. Many other routers pick the other channels which is just stewpid.

And while 5GHz is faster as a rule, in any one location, you may get better performance on the 2.4GHz frequency band. Many many factors go into this, so you just have to experiment. Then too, there is question of how fast do you need? I had a problem with my modem once that cut my WiFi speeds in half and I didn’t notice it for a long time because even half was good enough for my needs … till I started transferring a very big file.

Two things go into performance: good signal strength and a channel not being used by your neighbors. inSSIDer is rare software that shows in real time how busy each wireless channel is. Most Wifi scanning apps will tell you how many SSIDs are assigned to each wireless channel, but this means nothing.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

Hi Michael, I just bought a Peplink SOHO and am reading about how to configure it. In your monologue, in the printers section, you recommend preventing network printers from phoning home. I have an HP printer with the monthly ink program – for something like $4/month, I get 50 pages which is enough for me. It sends me new cartridges before I need them, which is great IMHO. So, for me, I think if I take your recommendation the ink program will not work properly. Thoughts?

Reply | Quote

You are correct, the ink program will not work.

cheers, Paul

Reply | Quote

[cmar6]

” list of devices currently connected to the router, it shows the signal strength of each wireless device.” I think you are referring to Status/Client list? If so, I see three wireless devices connected with Signal strength of -54, -59, -64 though it’s not clear which is best.

Also, how does one know what the router is currently using–2.4 GHz or 5 GHz? and how change to the other? I assume you mean go to AP/Settings and manually try channels 1, 6, and 11 for both 2.4 Ghz and 5 GHz or even do it by some automated method (“it can be set to automatically adjust the channel but only pick between 1, 6 and 11”)??

I went to download Inssider but my firewall blocked site as “known malware.”

• This reply was modified 4 years ago by cmar6.

Reply | Quote

[Michael432]

Yes, I was referring to the Client List on the Status tab.

The best signal strength is in the minus 40s. the minus 50s is also excellent. The minus 60s is middle and the minus 70s is borderline usable. Devices in the same room as my Surf SOHO all show in the minus 40s and minus 50s.

AP tab -> Settings shows which radio frequency band(s) is/are assigned to each SSID.

In AP tab -> settings if the channel is set to “auto” the edit button can be used to limit the available channel choices. Another nice feature of the Surf SOHO. Channels 1, 6 and 11 are only on the 2.4GHz band. The 5GHz band has different channels.

inSSIDer is available at metageek.com. If your firewall blocks it, turn off your firewall.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

• This reply was modified 4 years ago by Michael432.

1 user thanked author for this post.

cmar6

Reply | Quote

[cmar6]

Michael:

I am guessing what some of your terms mean. By “SSID”, I assume you mean the one wifi LAN I created when setting up Soho Surfer?

“Radio frequency bands”–I don’t see that term on the Settings page. And what is the reason to run a program like Inssider?

My Channel is set to Auto. I clicked Edit and checked 1, 6, 11.  Is that what you mean? Before that, it was scanning only 11, which seems equivalent to being set to 11.

Since you are getting an excellent wifi signal, would you share with us your Settings for both 2.4 GHz and 5 GHz?

• This reply was modified 4 years ago by cmar6.
• This reply was modified 4 years ago by cmar6.

Reply | Quote

SSID is the name of a Wi-Fi network. A Peplink router can create 16 different SSIDs (I think, maybe 8? not sure).

2.4GHz and 5GHz are the radio frequency bands used by WiFi.

You understood the instructions for limiting the available channels on the 2.4GHz frequency band correctly.

The settings for 2.4GHz and 5GHz are just on/off. There are some advanced settings, I have never changed them. Devices in the same room as the router should have a signal strength in the minus 40s or minus 50s. Once you leave the room, all bets are off.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

1 user thanked author for this post.

cmar6

Reply | Quote

So by default, both 2.4 GHz and 5 GHz are on?

Reply | Quote

Don’t recall. It doesn’t matter. Configure it as you please.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

Michael432 wrote:

I am pretty sure that Verizon FIOS routers leave open ports on purpose. Chances are that a newer router from Verizon would do the same thing. Still, check with them. In my opinion, the best solution would be add your own router behind the Verizon one and connect all your devices to your router. Consider this your model
https://www.michaelhorowitz.com/second.router.for.wfh.php

Get up to speed on router security at RouterSecurity.org
Rep

Or put your router as first in line from ONT and primary. The Fios router then can be connected to a Lan port on your router and then by Coax and internet MOCA connection to a set top box for TV guide and on demand.
Read up a bit there is a pitfall or 2 that I managed to stumble around re DHCP releasing.

https://www.dslreports.com/faq/verizonfios

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

I don’t have Verizon FIOS, so I am no expert. However, I have seen that their routers have open ports in the firewall. So, if you put your router first, you would have to do the same thing.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

Michael432 wrote:

So, if you put your router first, you would have to do the same thing.

Only if that provides a wanted service. I am not sure yet if there is any reason to do that. I am wondering if putting the Fios router first in line is a security risk. I would turn off wifi as I did before setting up my network.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Open ports are not a security risk in themselves, but it does advertise your presence to the script kiddies and flaws in the router may allow access through the open ports.
That said, even apparently closed ports may allow access via a flaw in the router.

Connect the Verizon router and if you want more security / separate networks, add a second router to the Verizon.

Note: you can set up a DMZ on the Verizon and have your router as the DMZ device, effectively isolating the networks completely while still using the Verizon connection.

cheers, Paul

1 user thanked author for this post.

wavy

Reply | Quote

I was really asking which router should be first. The DMZ is an idea I had not thought of.

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

As I said, Verizon, then your own.

cheers, Paul

1 user thanked author for this post.

wavy

Reply | Quote

cmar6 wrote:

How would one check one’s current speed

You can only do this with two internal devices, e.g. a PC and laptop.
This site has a number of free utilities: https://www.geckoandfly.com/33225/lan-network-benchmark-test-speed/

cmar6 wrote:

I went to download Inssider but my firewall blocked site as “known malware.”

It is clear for me on Chrome at this site: https://www.metageek.com/products/inssider/

cheers, Paul

1 user thanked author for this post.

cmar6

Reply | Quote

[Michael432]

Michael432 wrote:

Yes, I was referring to the Client List on the Status tab.

The best signal strength is in the minus 40s. the minus 50s is also excellent. The minus 60s is middle and the minus 70s is borderline usable. Devices in the same room as my Surf SOHO all show in the minus 40s and minus 50s.

AP tab -> Settings shows which radio frequency band(s) is/are assigned to each SSID.

In AP tab -> settings if the channel is set to “auto” the edit button can be used to limit the available channel choices. Another nice feature of the Surf SOHO. Channels 1, 6 and 11 are only on the 2.4GHz band. The 5GHz band has different channels.

inSSIDer is available at metageek.com. If your firewall blocks it, turn off your firewall.

• This reply was modified 4 years ago by Michael432.

There are also decent apps for Android phones, like the screen clip from WiFi Analyzer.

Reply | Quote

There are at least two Android apps called WiFi Analyzer, from different sources. I really hate Google for allowing that.  The two that I have seen simply show the number of SSIDs on a channel and their signal strength, which is what we see in your screen shot. They do not show actual usage; the actual number of bits traveling on a channel. Thats what inSSIDer can do.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

2 users thanked author for this post.

Wheel_D, wavy

Reply | Quote

[Dan in St. Louis]

You are correct, there are at least two apps with the same name. I have tried several similar apps and prefer this one.

I have been using inSSIDer for a few years, and it does present a strong range of options, but for a quick site survey the Android apps work just as well.

inSSIDer does not show “the actual number of bits traveling on a channel,” it is telling us what the connection rate is (limited by the protocol used). It is common that the actual maximum transfer rate is about half of that, and of course the actual rate may be zero at any given time if no data has been requested.

 

• This reply was modified 4 years ago by Dan in St. Louis.
• This reply was modified 4 years ago by Dan in St. Louis.

Reply | Quote

Dan – I was not aware of that WiFi Analyzer Android app. So, there at least 3 with the same name. Ugh.

I agree that a quick site survey may be all that someone needs. But those of us that live in very crowded WiFi neighborhoods, where every channel has a ton of SSIDs assigned to it, need real bandwidth info.

InSSIDer, technically, does not show the number of bits transmitted on each channel, but that is the concept. More accurately stated, it shows how busy each channel is, in real time. See attached screen shot.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

Yes, the “percent busy” can be useful, but is only valid at the time it is measured. For reasons you can imagine, different loads will exist at different times.

I know about busy neighborhoods. I receive over 50 SSIDs from my office window.

Reply | Quote

I have a similar image. This is after only ~15 seconds, at my home (a single family house, not an apartment or something like that). If I let it scan for several minutes, the AP/SSID gets into the seventies.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

[Michael432]

Granted: “percent busy” is only valid at the time it is measured. Sure would be nice to have a system that showed percent busy for wifi channels over time. Peplink just rolled out something like this in their routers, but I have yet to kick the tires on it.

Misery seems to love company as they say. WiFiInfoView from Nirsoft.net shows 160 SSIDs in my apartment after a few minutes of scanning. Does that mean I win? Or, that I lose 🙂

I would not have expected over 70 SSIDs in a single family home. Ugh.

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

• This reply was modified 4 years ago by Michael432.

1 user thanked author for this post.

doriel

Reply | Quote

160? You won! It must be world record 😉 Im worried about your health now, that could not be standard to have so many. Whats the catch?

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

[Dan in St. Louis]

Michael432 said:

“InSSIDer, technically, does not show the number of bits transmitted on each channel, but that is the concept. More accurately stated, it shows how busy each channel is, in real time. See attached screen shot.”

Nirsoft’s “WiFiInfoView” also does a good job of that same reporting. It can be mesmerizing to watch the usage rates of 170 radios in real time. Easy to sort on the “Channel Utilization” column to put the busiest ones at the top. As luck would have it, the busiest signals here are weak, -75dB or less.

The bad news is that traffic in my neighborhood is up. We have 56 houses on a 1700-foot single-family residential street, and yesterday WiFiInfoView showed me over 170 signals.

 

• This reply was modified 4 years ago by Dan in St. Louis.

1 user thanked author for this post.

doriel

Reply | Quote

Thanks for the tip fr WifiInfoView. I use InSSIDer too, but the old non-payed version. Its good to know, that there are alternatives to that.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

[Michael432]

Michael432 wrote:

Granted: “percent busy” is only valid at the time it is measured. Sure would be nice to have a system that showed percent busy for wifi channels over time. Peplink just rolled out something like this in their routers, but I have yet to kick the tires on it.

Misery seems to love company as they say. WiFiInfoView from Nirsoft.net shows 160 SSIDs in my apartment after a few minutes of scanning. Does that mean I win? Or, that I lose 🙂

I would not have expected over 70 SSIDs in a single family home. Ugh.

• This reply was modified 4 years ago by Michael432.

The winners in this game will be those who make the best use of the hardware available, configured via tested principles, to get the most stable communications; as opposed to those who rely on hearsay, advertising, and sometimes illegal hardware, and must bear the resulting frustration.

Reply | Quote

I have just survived 5 days of no internet, intermittent power and minimal cell service during the winter weather that hit Texas last week.  Suddenlink is the only broadband provider to Sun City Texas (a community approaching 10,000 homes).  Cell service in my house without Wifi is limited to voice and text and sending text is iffy.

I was amazed by the amount of “emergency communication” that was by email (could not get it) and/or included links to websites!!!  For details, go to our website!

We need to wake up everyone from Emergency Coordination people to TV stations that the people who need emergency information the most probably do not have access to the internet!

5 users thanked author for this post.

wavy, Michael432, ve2mrx, doriel, Ascaris

Reply | Quote

That’s why ham radio operators are part of emergency scenarios. Backup to the backup.

At least that was how it was done a decade or two ago! I don’t know if this is the case down there today though. Maybe they responded?

Martin

1 user thanked author for this post.

wavy

Reply | Quote

Hello –

There’s at least one security-minded alternative to the Pepwave Surf, a Raspberry Pi-based router from security expert Rob Braxman. Braxman simply calls it the “BraxRouter,” but it does seem to have a few interesting features. @Michael432, perhaps you could test it?

Reply | Quote

The Pepwave and BraxRouter are about the same price but the Pepwave has loads of ports, good support, warranty etc. The Brax has wifi, but as it’s a single device wifi  may not work well in an office environment. I think the Pep is a better choice for pretty much everyone and if you want to experiment, spend half as much on a DD-WRT compatible wifi router and load DD-WRT.

cheers, Paul

Reply | Quote

Never heard of the Brax router. There are many other routers that can be VPN clients and/or Tor clients – a list is on the Resources page of RouterSecurity.org.

In general, when it comes to software, I am a fan of a one man operation. Programming is more art than science and when a single person is involved, we can judge how good they are. Think Steve Gibson and SpinRite. On another thread in the Forum some people recommended image backup software that also is created by a single person. But, routers require years of ongoing bug fixes and whether any single person will stick with it in the future is a gamble.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

Michael432,

I understand. Still, Rob Braxman seems highly experienced and well respected. It might be worth adding the BraxRouter to your list.

Reply | Quote