Vodafone R205: opening it up

I have posted about using an R205 without a Vodafone blessed network, and I wrote a quick software inspection of the device. This time I’m writing some notes about the hardware itself.

I have originally expected to just destroy the device to try to gain access to it, but it turns out it’s actually simpler than expected to open: the back of the device is fastened through four Torx T5 screws, and then just a bit of pressure to tear the back apart from the front. No screws behind the label under the battery. I have managed to open and re-close the device without it looking much different, just a bit weathered down.

Unfortunately the first thing that becomes obvious is that the device is not designed to turn on without the battery plugged in. If you try to turn it on with just the USB connected – I tried that before disassembly, of course – the device only displays “BATTERY ERROR” and refuses to boot. This appears to be one of the errors coming from the bootloader of the board, as I can find it next to “TEMP INVALID” in the firmware strings.

Keeping the battery connected while the device is open is not possible by design. Particularly when you consider that all the interesting-looking pads are underneath the battery itself. The answer is thus to just go and solder some cables on the board and connect them to the battery — I care about my life enough not to intend to solder on the battery, that one can be connected with physical placement and tape. This is the time I had to make a call and sacrifice the device. Luckily, the answer was easy: I already have a backup device, another Vodafone Pocket WiFi, this time a R208, that my sister dismissed. Plus if I really wanted, I could get myself a newer 4G version as that’s what my SIM card supports.

There are two sets of pads that appear promising, and so I took a look at them with a simple multimeter. The first group is a 5-pads group, in which one of them correspond to ground, two appear to idle around 3V, and one appears to idle around 4V. This is not exactly your usual configuration of a serial port, but I have not managed to get more details yet. The other group is a 10-pad group with two grounds, and a number of idling pads at 1.85V, which is significantly more consistent with JTAG, but again I have not managed to inspect it yet.

Annotated image of the E586 board.

So I decided to get myself some solid core wires, and try to solder them on the five-pad configuration I saw on the board. Unfortunately the end result has been destructive, and so I had to discard the idea of getting any useful data from that board. Bummer. But, then I thought to myself that this device has to be fairly common, since Vodafone sold it anywhere from Ireland, to Italy to Australia at least. And indeed a quick look at eBay showed me a seller having, not the R205, but the Huawei E586 available for cheap. Indeed, a lot of four devices was being sold for $10 (plus €20 for postage and customs, sigh!). These were fully Huawei-branded E586 devices, with a quite different chassis and a Wind logo on them. Despite coming from New York State, this particular Wind-branded company was Canadian (now goes by Freedom Mobile); I’m not sure on the compatibility of the GSM network, but the package looked promising: four devices, but only one “complete” (battery and back cover). I bought it and it arrived just the other day.

An aside, it’s fun to note that I found just recently that Wind was used as a brand in Canada. The original brand comes from Italy, and I have been a customer of theirs for a number of years there. Indeed, my current Italian phone number is subscribed with Wind. The whole structure of co-owned brands seems to be falling apart though, with the Canadian brand gone, and with the Italian original company having been merged with Tre (Three Italy). I’m not sure on who owns what of that, but they appear to still advertise the Veon app, which matches the new name of the Russian company who owned them until now so who knows.

Opening the Wind devices is also significantly easier as it does not require as much force and does not have as many moving parts. Indeed, the whole chassis is mostly one plastic block, while the front comes away entirely. So indeed after I got home with them I opened one and looked into it, comparing it with the one I had already broken:

//platform.twitter.com/widgets.js

If you compare the two boards, you can see that on the top-right (front-facing) there is a small RF connector, which could be a Hirose U.FL or an otherwise similar connector; on the R205, this connector is on the back, making it not reachable by the user. The pad for both RF connectors are visible on as not used in the opposite board.

Next to the connector there is also a switch that is not present in the R205, which on the chassis is marked as reset. On the R205 the reset switch is towards the bottom, and there is nothing on the top side. The lower switch is marked as WPS on the chassis on the Wind device, which makes me think these are programmable somehow. I guess if I look at this deeply enough I’ll find out that these are just GPIOs for the CPU and they are just mapped differently in the firmware.

I have not managed to turn them up yet, also because I do not trust them that much. They appear to have at least the same bootloader since the BATTERY ERROR message appears on them just the same. On the other hand this gives me at least a secondary objective I can look into: if I can figure out how to extract the firmware from the resources of the update binary provided by Vodafone, and how the firmware upgrade process works, I should be able to flash a copy of the Vodafone firmware onto the Wind device as well, since they have the same board. And that would be a good starting point for it.

Having already ruined one of the boards also allows me to open up the RF shielding that is omnipresent on those boards and is hiding every detail, and it would be an interesting thing to document, and would allow to figure out if there is any chance of using OpenWRT or LEDE on it. I guess I’ll follow up with more details of the pictures, and more details of the software.

Personal Infrastructure Services Security and Reliability

I started drafting this post just before I left Ireland for Enigma 2017. While at ENIGMA I realized how important it is to write about this because it is too damn easy to forget about it altogether.

How secure and reliable are our personal infrastructure services, such as our ISPs? My educated guess is, not much.

The start of this story I already talked about: my card got cloned and I had to get it replaced. Among the various services that I needed it replaced in, there were providers in both Italy and Ireland: Wind and Vodafone in Italy, 3 IE in Ireland. As to why I had to use an Irish credit card in Italy, it is because SEPA Direct Debit does not actually work, so my Italian services cannot debit my Irish account directly, as I would like, but they can charge (nearly) any VISA or MasterCard credit card.

Changing the card on Wind Italy was trivial, except that when (three weeks later) I went to restore to the original Tesco card, Chrome 56 reported the site as Not Secure because the login page is served on a non-secure connection by default (which means it can be hijacked by a MITM attack). I bookmarked the HTTPS copy (which load non-encrypted resources, which makes it still unsafe) and will keep using that for the near future.

Vodafone Italy proved more interesting in many ways. The main problem is that I could not actually set up the payment with the temporary card I intended to use (Ulster Bank Gold), the website would just error out on me providing a backend error message — after annoying Vodafone Italy over Twitter, I found out that the problem is in the BIN of the credit card, as the Tesco Bank one is whitelisted in their backend, but the Ulster Bank is not. But that is not all; all the pages of the “Do it yourself” have mixed-content requests, making it not completely secure. But this is not completely uncommon.

What was uncommon and scary was that while I was trying to force them into accepting the card I got to the point where Chrome would not auto-fill the form because not secure. Uh? Turned out that, unlike news outlets, Vodafone decided that their website with payment information, invoices, and call details does not need to be hardened against MITM, and instead allows stripping HTTPS just fine: non-secure cookies and all.

In particular what happened was that the left-side navigation link to “Payment methods” used an explicit http:// link, and the further “Edit payment method” link is a relative link… so it would bring up the form in a non-encrypted page. I brought it up on Twitter (together with the problems with changing the credit card on file), and they appear to have fixed that particular problem.

But almost a month later when I went out to replace the card with the new Tesco replacement card, I managed to find something else with a similar problem: when going through the “flow” to change the way I receive my bill (I wanted the PDF attached), the completion stage redirects me to an HTTP page. And from there, even though the iframes are then loaded over HTTPS, the security is lost.

Of course there are two other problems: the login pane is rendered on HTTP, which means that Chrome 56 and the latest Firefox consider it not secure, and since the downgrade from HTTPS to HTTP does not log me out, it means the cookies are not secure, and that makes it possible for an attacker to steal them with not much difficulty. Particularly as the site does not seem to send any HTTP headers to make the connection safe (Archive.is of Mozilla Observatory).

Okay so these two Italian providers have horrible security, but at least I have to say that they mostly worked fine when I was changing the credit cards — despite the very cryptic error that Vodafone decided to give me because my card was foreign. Let’s now see two other (related) providers: Three Ireland and UK — ironically enough, in-between me having to replace the card and writing this post, Wind Italy has completed the merge with Three Italy.

Both the Threes websites are actually fairly secure, as they have a SAML flow on a separate host for login, and then a separate host again for the account management. Even though they also get a bad grade on Mozilla Observatory.

What is more interesting with these two websites is their reliability, or lack thereof. For now almost a month, the Three Ireland website does not allow me to check my connected payment cards, or change them. Which means the automatic top-up does not work and I have to top-up manually. Whenever I try to get to the “Payment Cards” page, it starts loading and then decides to redirect me back to the homepage of the self-service area. It also appears to be using a way to do redirection that is not compatible with some Chrome policy as there is a complicated warning message on the console when that happens.

Three UK is slightly better but not by much. All of this frustrating experience happened just before I left for my trip to the USA for ENIGMA 2017. As I wrote previously I generally use 3 UK roaming there. To use the roaming I need to enable an add-on (after topping up the prepaid account of course), but the add-ons page kept throwing errors. And the documentation suggested to call the wrong number to enable the add-ons on the phone. They gave me the right one over Twitter, though.

Without going into more examples of failures from phone providers, the question for me would be, why is that all we hear about security and reliability comes from either big companies like Google and Facebook, or startups like Uber and AirBnb, but not from ISPs.

While ISPs stopped being the default provider of email for most people years and years ago, they are still the one conduit we need to connect to the rest of the Internet. And when they screw up, they screw up big. Why is it that they are not driving the reliability efforts?

Another obvious question would be whether the open source movement can actually improve the reliability of ISPs by building more tools for management and accounting, just as they used to be more useful to ISPs by building mail and news servers. Unfortunately, that would require admitting that some times you need to be able to restrict the “freedom” of your users, and that’s not something the open source movement has ever been able to accept.

Vodafone R205: prodding at the software

In my previous post on the matter I have talked about using a Vodafone-branded Huawei R205 (E586) mobile hotspot with another network operator without needing any firmware modification or special tool except for a browser and the developer tools in there. I also let it understood that I have decided to sacrifice the device, because I have another similar device that I can use, more powerful, and anyway I should get a newer generation, as this one does not have 4G support at all.

Before I venture into the gory details of yet another personal project that will most likely not get to its end, let me point you all at Juan Carlos Jimenez’s series of posts reverse engineering another Huawei device. In his case, that was a significantly friendlier Huawei ADSL modem. I still consider that almost a prerequisite reading.

In my case, the device is a Vodafone R205 “Pocket Wifi” adapter, and as I said before it is, or was, common in at least Ireland, Italy and Australia, although with different colours (the Australian version is black, while the Irish and Italian are white). As I’ll show later (but actually a bit of Googling would have showed already), this device is actually a rebranded E586 mobile hotspot, which other providers, such as Three UK, also distributed.

I was honestly afraid I would end up breaking the device once I opened it. It turned out not to be the case, but anyway before doing that I decided to snoop around what I could from the outside, or rather, while connected to it. As showed in the previous post, the device does come with a lot of non-minified JavaScript written by Huawei engineers, which makes it particularly interesting. Indeed some of the files come with a very short changelog at the top, too:

/*******************************************************************************
File Name   : vendorWifi.js
File Author : s00168237
Create time : 2011-09-27  05:49
Description : support Huawei API interface
Copyright   : Copyright (C) 2008-2010 Huawei Tech.Co.,Ltd
History     : 2011-09-27       1.0      create the file
version     : R205 firmware v1.0 and webUI v0.41
release date: 2011-11-18
version     : R205 firmware v2.0 and webUI v0.5
release date: 2011-12-19
version     : R205 firmware v2.3 and webUI v0.51
release date: 2012-12-21
version     : R205 firmware v2.6 and webUI v0.52
release date: 2012-01-06
version     : R205 firmware v2.7 and webUI v0.52
release date: 2012-01-13
version     : R205 firmware v3.0 and webUI v0.6
release date: 2012-01-16
date         version               author(No.)         description
2012.03.29   FWv4.0 UIv1.12.3389   tangyao t81004060   for vodafone fireware v4.0
2012.04.24   FWv4.1 UIv1.14.3559   tangyao t81004060   for vodafone fireware v4.1
2012.04.25   FWv4.2 UIv1.14.3559   tangyao t81004060   for vodafone fireware v4.2
*******************************************************************************/

Considering that the current Vodafone firmware (or should I say fireware) is 8.0, at least on the Australian website (the Irish one does not seem to have any), mine is significantly behind times. I have explicitly not updated it, afraid that they may have covered the hole that I have been using to configure the device.

There is also another interesting fact to note at this point: if you start Googling around you’ll find plenty of shady sites (Astalavista-shady I would say) that try to either sell to you or trick you into installing possible malware. What they promise is a way to de-brand the Vodafone R205 into a standard E586, which is indeed something nice to have, but as I said they are shady, so I have not bothered even considering them.

On the other hand it means that someone already managed to find a way to extract the firmware files from the Windows executable that Huawei provides, and reverse engineered the protocol that they use to flash the firmware onto the device. And they decided not to publish them, but rather make proprietary software bundled with Norton-knows-what. I find that extremely uncool, and on this, I’m definitely more aligned with the CCC crowd than what looks like your average mobile phone/broadband “hacker”.

Moving on, I decided to check for what may be open on the device. For instance if telnet or SSH were open it would make it easier to figure out ways around the device, but that didn’t help either. Indeed very few ports are open on the device: DNS, DHCP, HTTP and HTTPS (more in a second) and ports 1900 UDP and 50000 TCP for UPnP/IGD.

Nmap reports the following for the HTTPS configuration, which suggest a well expired certificate, since it is not valid after 2008, even though the firmware is clearly more recent (the changelog above reads 2012).

ssl-cert: Subject: commonName=ipwebs.interpeak.com/organizationName=Interpeak/stateOrProvinceName=Stockholm/countryName=SE
Issuer: commonName=Test CA/organizationName=Interpeak/stateOrProvinceName=Stockholm/countryName=SE
Public Key type: rsa
Public Key bits: 1024
Signature Algorithm: md5WithRSAEncryption
Not valid before: 2003-09-22T11:33:43
Not valid after:  2008-09-20T11:33:43
MD5:   2fcc e6cc bac8 8ea2 ca80 287f 2b8d 7d75
SHA-1: 7c6f 422e 37cb 83bf c3ef b004 f050 2c6f deba 6be2
ssl-date: 1970-01-01T00:20:18+00:00; -47y4d22h09m00s from scanner time.
sslv2:
  SSLv2 supported
  ciphers:
    SSL2_RC4_128_WITH_MD5
    SSL2_RC2_128_CBC_WITH_MD5
    SSL2_DES_192_EDE3_CBC_WITH_MD5
    SSL2_RC4_128_EXPORT40_WITH_MD5
    SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
    SSL2_DES_64_CBC_WITH_MD5

Both the HTTP and the HTTPS ports report themselves as IPWEBS/1.4.0 (nmap considers this “Huawei broadband router http admin”, so I suppose they use it for their non-mobile routers too), and that matches the commonName found in the certificate.

Port 50000 (which is used by UPnP but responds to obvious HTTP requests, thanks SOAP), seem to have a different server altogether, with all headers shouted (all-capitals) and reporting itself as:

SERVER: PACKAGE_VERSION  WIND version 2.8, UPnP/1.0, WindRiver SDK for UPnP devices/

Both servers actually point to the same owners: Interpeak appears to have been bought by Wind River Systems (as you can see if you go to interpeak.com), I assume some time between 2003 and 2009, as the certificate is still pointing at the Swedish company, and in 2009, Wind River itself was bought by Intel.

My first thought (which came before realizing Interpeak was bought by Wind River) was that maybe the Intel UPnP SDK was derived off Wind River’s, but said SDK was last released in 2007, so it appears the two are unrelated. What I did not realize until I checked the Wikipedia page I linked, is that Wind River is actually the company behind VxWorks, which points almost straight at this device using VxWorks internally.

Turns out that there is an easy way to confirm this. You can find the firmware update packages online, on various Vodafone websites (different versions for different countries); these are Windows executables that look like installers, but are rather flasher applications. You can also find the update packages for the E586 (which is the same device, just without the Vodafone branding.

Though I have not found a way to extract the firmware from those files yet, I knew it was not overly complicated. There are scammy-looking sites that provide tools to flash unbranded firmware onto branded device (which is very similar to what I’m trying to look for anyway), but I would not trust those to the point of running them on any of my systems. So I turned to what every bored person with a little bit of understanding of reverse engineering would: binwalk.

While it has not been able to clearly identify something like “start of VxWorks firmware at address 0xdeadbeef”, it did have a very long list of random things starting from copyright strings and finishing with a lot of HTML fragments. This looked promising so I decided to run strings on the same file. The results were very promising and interesting. Starting from figuring out that the E586 firmware updater is written using Qt, and you can even find an XPM cursor in it (XPM, in a binary file, really? Sigh!).

]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
     ]]]]]]]]]]]  ]]]]     ]]]]]]]]]]       ]]              ]]]]         (R)
]     ]]]]]]]]]  ]]]]]]     ]]]]]]]]       ]]               ]]]]            
]]     ]]]]]]]  ]]]]]]]]     ]]]]]] ]     ]]                ]]]]            
]]]     ]]]]] ]    ]]]  ]     ]]]] ]]]   ]]]]]]]]]  ]]]] ]] ]]]]  ]]   ]]]]]
]]]]     ]]]  ]]    ]  ]]]     ]] ]]]]] ]]]]]]   ]] ]]]]]]] ]]]] ]]   ]]]]  
]]]]]     ]  ]]]]     ]]]]]      ]]]]]]]] ]]]]   ]] ]]]]    ]]]]]]]    ]]]] 
]]]]]]      ]]]]]     ]]]]]]    ]  ]]]]]  ]]]]   ]] ]]]]    ]]]]]]]]    ]]]]
]]]]]]]    ]]]]]  ]    ]]]]]]  ]    ]]]   ]]]]   ]] ]]]]    ]]]] ]]]]    ]]]]
]]]]]]]]  ]]]]]  ]]]    ]]]]]]]      ]     ]]]]]]]  ]]]]    ]]]]  ]]]] ]]]]]
]]]]]]]]]]]]]]]]]]]]]]]]]]]]]       Development System
 %s%s %s
]]]]]]]]]]]]]]]]]]]]]]]]]]]       
]]]]]]]]]]]]]]]]]]]]]]]]]]       KERNEL: 
 %s%s
]]]]]]]]]]]]]]]]]]]]]]]]]       Copyright Wind River Systems, Inc., 1984-2005

Yes, I guess this firmware is based on VxWorks, if someone still had doubts. The strings are also quite telling, including the fact that the device comes with wpa_supplicant, and thus is likely able to operate as a Wireless client rather than just as an access point, which is going to be nice if I ever wanted to implement my proof of concept.

The firmware itself appears to have a lot of juicy information: in addition to the JavaScript (that does appear to be minified in the new firmware version) it provides a number of information on the webapp itself, and possible commands for the AT interface of the device. All of this is generally going to be more interesting if I can find out how to extract the actual firmware image from the device. I just need to find a working PE dumper tool and figure out which resource is exactly 32MiB in size.

Hopefully by the time I get to publish the next post in this series, I will have something more useful for everybody, either a way to flash the new firmware without the original tools, or access to the serial port on board of the device (spoilers!)

Using a Vodafone R205/R208 mobile hotspot on another network

Before I dig into background and story, let me provide technical information of what this post is about. The Vodafone R205 is a Huawei-manufactured mobile hotspot; the R208 is its bigger brother, using a similar if not identical firmware. Vodafone sells these devices as “mobile broadband” throughout the world: I got mine in Ireland, my sister got one in Italy, and a quick googling showed it to be extremely common in Australia, too.

The R205 appears to be just a branded E586 (as noted by the hardware model silkscreened on the PCB — I have opened up the device, I’ll write about that in the future) with a custom Vodafone-specific firmware. There are out there shady sites that tell you how to flash any random E586 firmware on it, but I’m not really interested in doing something like that.

I moved to Dublin almost four years ago, and a few months after I was here, my sister planned to come visit me with friends. Because of the timing of her flights, that left them with about a day during which I still had to work, and they would just go randomly shopping and touristing around. She knew Dublin already, but at the same time as I had gotten to experience it better, they wanted to have me “at hand” to contact — since the roaming fees from Italy were crazy at the time, I decided to just buy a mobile hotspot (Vodafone R205 by Huawei) for cheap and get a month (because I needed more than a weekend) data on it, it was significantly cheaper than the roaming fees, and I kept the hotspot afterwards. I asked before buying, the device was neither SIM- nor network-locked, which is why I went for Vodafone rather than the other slightly cheaper options.

After the month ran out, instead of keeping the original SIM on it, I put another Vodafone SIM, coming from work. The reason was to be found in a number of issues with the connectivity of hotspot mode on Android phones, and in my need for a backup Internet connection while oncall. This worked out fine because the APNs of the business account matched the public account ones, so I had nothing to reconfigure: just plug the SIM in and it works.

Then came the day I went to Zurich on a work trip, and I needed connectivity. Since Switzerland is not part of EU, the special roaming rules don’t apply and the Vodafone roaming charge was just crazy insane, so I ended up grabbing a local data-only SIM card (including an USB mobile broadband modem). Unfortunately I wanted it on the go to play Ingress, too, and that was slightly more complicated to do with a USB device (never mind security frowning upon me even considering plugging in the USB device to my work laptop and installing its drivers). So I put the SIM into the hotspot, and it failed to connect. Ouch.

My first guess was that they told me a lie regarding the device not being network locked: a different Vodafone SIM worked, a Swiss Orange didn’t. But when I started googling for unlocking the device, a few of the more honest unlock services would actually tell you upfront what error message you need an unlock for. And I didn’t have that particular error message. Instead the problem was a failure to connect to the IP network. Which turned out to be an APN problem.

Indeed the APN for Orange (now Salt) is different from Vodafone’s, so you have to go and change it, which is fairly easy: there is a “Mobile Broadband” section, and within that there is a form to configure the various APN and login settings. Except every time I filled it in, it would error out with a “missing field” error.

R205 error message, when trying to set umobile parameters

I forgot how I ended up trying this, but since it was telling me it marked the field as red, and no field was red, I opened the Developer Tools and tried again. And I got an error log in the console:

setAccountTypeCallback failed

Put a breakpoint on the log in the JavaScript (that thankfully Huawei didn’t actually minify!) and I can figure out what is being called when I try to save. The important part is in this function:

if (value === "Custom") {
    callbacksToChain = 0;
    $.each(['setCustomAccountTypeCallBack', 'setConnectionModeCallback', 'setAccountTypeCallback'], function() {
        callbacksToChain++;
        Util.addHookAfter(window, this, doConnectionIfAllIsWell);
    });
    setMobileBroadbandConnectionSettings();
}
else {
    callbacksToChain = 0;
    $.each(['setConnectionModeCallback', 'setAccountTypeCallback'], function() {
        callbacksToChain++;
        Util.addHookAfter(window, this, doConnectionIfAllIsWell);
    });
    saveConnectionDetails();
    setAccountType();
}

If the selected profile is ‘Custom’, then the form values are actually sent to the device. Otherwise only the profile name is sent over to be selected. This makes sense to a point, if the providers may have a long list of profiles with different configurations that may be updated via firmware update rather than asking the users to reconfigure it.

The problem is, of course, that there is no “Custom” profile in the interface of my R205 – but as I found out recently, there is on my sister’s R208 – and the only value for which the form gets enabled is selecting the empty row in the drop-down box. Which is then empty and causes the profile to be empty, and that explains the error message, and even the lack of red on the page: there is no CSS style for the drop-down box to be red.

Simply adding a “Custom” entry to the drop-down box is enough to make the device accept the parameters in the form, which is not horrible at all. Unfortunately doing so from a mobile phone is not easy, as you have to go and use the developer tools for it to work. At least it appears that as long as the last configuration was a Custom one, then the drop-down still lists Custom as an option, which allowed me to reconfigure the hotspot in Japan with just my mobile phone while sitting in a coffee shop in Fukuoka. The R208 I have from my sister is in Italian (since she got it in Italy) and has a “Custom” entry in the drop-down box, so it would be slightly handier to set up.

I have planned at some point to write a simple tool that can set the parameters without looking at the UI, but I have not done so yet. This should be fairly easy since it would just be a matter of sending a login request to get the admin cookie and then send the form with the right parameters. As a command-line thing on Linux it would make it easy to set up, but the useful part would be as a simple Android app that I can use to reconfigure the device without going crazy.

Expect another post in a few weeks about what I found inspecting the device a little bit in software and hardware, if nothing else because I was bored while waiting for some information and approvals to continue my other project.

My time abroad: Dublin tips

I’m actually writing this while “on vacation” in Italy (vacation being defined as in, I took days off work, but I’ve actually been writing thousands of words, between the blog, updates to Autotools Mythbuster and starting up a new project that will materialize in the future months), but I’ve been in Ireland for a few months already, and there are a few tips that I think might be useful for the next person moving to Dublin.

First of all, get a local SIM card. It’s easy and quick to get a prepay (top up) card. I actually ended up getting one from Three Ireland, for a very simple reason: their “Three like home” promotion allows me to use the card in Italy, the UK and a few more countries like if it was a local one. In particular, I’ve been using HSDPA connection with my Irish account while in Italy, without risking bankruptcy — the Three offer I got in Ireland is actually quite nice by itself: as long as I top up 20 euro per month, whether I spend it or keep it, they give me unlimited data (it shows up in my account as 2TB of data!). The same offer persists in Italy.

I’ve also found useful to get a pre-paid mobile hotspot device, for when guests happen to stop by: since it does not make sense for them to get an Irish SIM, I just hand them the small device and they connect their phone to that. When my sister came to visit, we were able to keep in touch via WhatsApp.. neither of us spent money with expensive international SMS, and she could use the maps even if I was not around. I decided to hedge my bets and I got a Vodafone hotspot; the device costed me €60, and came with a full month prepaid, I can then buy weekly packages when I get guests.

Technology-wise, I found that Dublin is surprisingly behind even compared to Italy: I could find no chainstores like Mediaworld or Mediamarkt, and I would suggest you avoid Maplin like a plague — I needed quickly two mickey-mouse cables with UK plugs, so I bought them there for a whopping €35 per cable… they are sold at €6 usually. I’ve been lucky at Peats (in Parnell Street) but it seems to be a very hit and miss on which employee is following you. Most of everything I ended up getting through Amazon — interestingly enough I got a mop (Mocio Vileda) through Amazon as well, because the local supermarkets in my area did no carry it, and the one I found it at (Dunnes in St Stephen Green) made it cumbersome to bring it back home; Amazon shipped it and I paid less for it.

Speaking of supermarkets, I got extremely lucky in my house hunting, and I live right in the middle of two EuroSpar — some of their prices are more similar to a convenience store than a supermarket, but they are not altogether too bad. I was able to find buckwheat flakes in their “healthy and gluten free” aisle, which I actually like (since I’m not a coeliac, I don’t usually try to eat gluten free — I just happen to dislike corn and rice flakes).

I also found out that ordering online at Tesco can actually save me money: it allows me to buy bigger boxes for things like detergents, as I don’t have to carry the heavy bags, and at the same time they tend to have enough offers to make up for the delivery charge of €4. Since they have a very neat mobile app (as well as website — they even ask you the level of JavaScript complexity you want to use, to switch to a more accessible website), I found that it’s convenient for me to prepare a basket over there, then drop by the EuroSpar to check for things that are cheaper over there (when I go there for coffee), and finally order it. For those who wonder why I still drop by the EuroSpar, as I said in a previous post they have an Insomnia coffee shop inside, which means I go there to have breakfast, or for a post-lunch coffee, whenever I’m not at work. Plus sometimes you need something right away and you don’t want to wait delivery, in which case I also go to there.

Anyway, more tips might follow at a later time, for the moment you have a few ideas of what I’m spending my time doing in Dublin…

Cell Phone wo sagashite(*)

if you missed the quote, it’s a misquote from Full Moon wo Sagashite anime.. should translate to “Searching for a cell phone”, if neither me nor Chris White are too drunk.

How much difficult can be to find a new cellphone? It’s not like I have the same string requirements that Ariya Hidayat has (by the way, if Ariya is reading, I think Nokia still produce a phone similar to the old 5110, that should what you need.. but it’s not that cheap either, €59 here it seems), and I’m happy with the phones that are currently in trend, if they have a price I can afford.

First of all, why should I be looking for a new phone? I bought the Motorola V180 I’m using just last year, and works perfectly fine, and I’m not going to archive it yet. The issue is completely different. First of all, that phonenumber is the one I use for my work (and for Gentoo too, being the one I gave to the rest of the council ;) ), and sometimes you really need to shut your job off; add to that that I forgot it in clear text in my curriculum vitæ, so it’s all but “private” right now.
Add to that the “issue” that my provider is Wind but almost all my friends use Vodafone instead, to the result that I’m almost never called when something is up (because it will costs too much to them), although I changed my plan to one that allows me to not spend that much.

The two only requirements I had for this new phone were: a) clamshell form factor, as I found myself quite comfortable with the V180 b) UMTS support (because if I hope hard enough, next time the idiots whom I pay for the DSL line take a month to fix a cable I’ll have UMTS around here at least to keep up with my mails).

Of course, my brand of preference was Motorola, as the V180 is the third Motorola phone I used, and I always had positive experiences, especially with regard to solidity. I removed from the “viable” list Nokia (because I hate T9, I prefer Motorola’s iTAP if I have to use an auto-composer), Samsung and LG (because both of those two are quite fragile, to my experience). The first thing I found on Motorola’s site was the V1075, a good UMTS phone, that was “exclusive Vodafone”.. but I couldn’t buy it from their own e-Shop. Today I was able to look for it in two shops and it’s totally sold out… such a phone at €150 was not bad at all.

Now, I can understand, if it’s sold out, it’s sold out. But you put on your site a model that is available only through Vodafone, and their site tells you that’s no more available? By the way, during the night between Sunday and Monday, the e-Shop actually reported the phone as available, but it couldn’t be bought anyway… not much professionalism from both Vodafone and Motorola, if they still list it in their list of phones with special discounts but it’s not available.

Now, my current choice would be the V3x, that is pretty interesting phone, but the €360 official price is way over what I can spend on it, even with the new job going to back me up; MediaWorld (the one that in Germany is called MediaMarkt) seems to have it at a 30% discount, €250, which is somehow acceptable to me, but they don’t allow me to buy it from the site, which means it’s unlikely they’ll have it available on site :( I’ll go looking for it in the next days, but I don’t count on that either, although the official price might go down a bit in the next months with the announce of the new KRZR.

I’m afraid that I’ll have to live with the same phone used for friends and work, which means my friend won’t be able to reach me when I’m going to take my total breaks :P (not like they try to reach me that much anyway…).

One of the other things I was tempted to do, was to help with the kdebluetooth package, especially knowing Marco “RockMan” Gulino is looking for help to release a new version, so that the new KMobileTools will work as intended, too, but without a bluetooth phone is difficult to do :P

Suggestions are accepted… I was looking at the models from NEC (because I remember a good old phone I had of them, pretty good indeed), but their site is not the best of the designs, I cannot see it plenty on Konqueror without Flash Player, I’ll see if I can look better at it with the Mac, but the images I’ve seen from Konqueror of their clamshell models aren’t really of a design I like :/