Obihai working with Google Voice once again!

Obihai just sent out an email to all their users announcing that once again Google Voice is now officially supported on OBi VoIP devices.

Google had announced they were disabling XMPP support awhile back, causing Obihai and other VoIP device manufacturers who were piggybacking on Google Voice to scramble for a new free/cheap solution. XMPP access was suppose to be disabled back in May, but I don’t think Google has actually pulled the plug yet. Though that hasn’t stopped me from finding a new solution while we wait for the inevitable.

Yesterday, Google announced they’ve integrated Google Voice into Google Hangouts. Today, Obihai announces that they’re officially supporting Google Voice again. Not sure if that’s purely a coincidence or the integration has opened up some access point that Obihai can now connect to.

Setting up your Obihai device with Google Voice is simpler than before:

  1. Log into and go to your Dashboard
  2. Select your OBi device from the list
  3. Click on the new Google Voice Set-Up button above your service provider list
    Google Voice Set-Up
  4. If this is your first time setting up with new Google Voice, it should prompt you to update your firmware which should take 1-2 minutes
  5. Once the firmware update completes, enter your area code and link it up with your Google Voice account

Tada! That’s it! You’re no longer require to provide OBiTalk with your Google credentials. Instead, they’ve adopted OAuth (similar to how you can use Facebook or Twitter to log into random websites).

What to do with my OBiTalk device now that Google Voice is going away?

Chuck it in the trash. I kid. I kid.

For the past 5 years I’ve been enjoying free VoIP calling via Google Voice, starting back when they were known as GrandCentral. Back then, I was using a Linksys PAP2 instead of my current OBi110. But it looks like that party is coming to an end. Google Voice has announced they’ll be ending XMPP support on May 15th which basically prevents any of the current VoIP devices/services from using it.

That May 15th date is approaching and I’ve spent some time researching the alternatives. Since the main selling point of the OBiTalk devices was Google Voice being free, Obihai has recommended the following 2 VoIP services:

They all range from $35-40/year w/ unlimited incoming calls and ~300 minutes for outgoing calls. Not too expensive, but definitely far from free. If outgoing calls are a must, they’re worth considering.

However, I unlike (or maybe like) many others don’t care much about outgoing calls. Plus you can still use Google Voice’s web UI to make long distance calls. If you’re in this scenario, you’re in luck!

The easiest option is to forward Google Voice to your cell phone. You can either do this by installing the Google Voice app or configuring Google Voice to ring your cell phone. That way, people who currently have your Google Voice number will still be able to reach you.

However, I preferred to have Google Voice ring my home phone, so I began looking into options. Before OBiTalk, I had forwarded my GV# to IPKall. IPKall isn’t exactly a SIP provider, but they provide you with a real phone number which would forward to any SIP provider of your choice. Back then IPKall recommended FWD as the SIP provider, but it looks like they’re recommending Callcentric and CallWithUs now. After looking into them, I’ve discovered that Callcentric will provide you with a phone # for free, so you don’t even have to use IPKall.

Signing up with Callcentric was straight forward. After creating your account, they’ll send you an email to confirm your email address. What you want to do next is order a Free Phone Number on their products page. You’ll end up getting a NY phone number which you won’t be using besides telling Google Voice this is the number to forward your calls to. If you specify that you won’t be using this service inside the USA, you can avoid the E911 fee.

Next, it’s time to set up the Obihai device. Log into and select the device you want to configure. Delete your Google Voice service provider and set up a new service provider using Callcentric. You’ll have to select OBiTALK Compatible Service Providers halfway down the page.

The only 3 fields you’ll want to provide here is the area code, Callcentric Number, and Callcentric Password. The Callcentric # is different than your username. You can find your Callcentric # on the left column after logging into your account. Save and let your OBiTalk device reboot.

Next, log into Google Voice and go to Settings > Phones. Add another phone and provide it with the free phone # you just got from Callcentric. Google Voice will now ring your phone and ask you to verify the phone number. After verification, everything is set. You can now receiving incoming calls for free on your Google Voice #!

DynDNS ends free service after 15 years

I’ve been using DynDNS for over a decade, right when when we first got broadband at my house. Back then I’m not even sure we broke 1Mbps down. But with an always on connection, being able to get your IP address without remember the long string of #s was crucial.

About half a year ago, DynDNS sent out an email notifying that in order to keep the free service, we would have to log into our account every 30 days or else our account would expire. It was nice of them to send us reminders several days before the expiration or else I would never have remembered.

Anyway, they sent us an email this morning and posted on their blog: Why We Decided To Stop Offering Free Accounts

It’s hard to blame them when I’ve been leeching off this service for the past 15 years, but I don’t exactly need their pro features either.

So I’ve been looking for alternatives and found out that my ASUS router doesn’t support Here is the list of DDNS services that my ASUS router supports:


While going through that list, I found out that DNS-O-Matic are by the same folks who own OpenDNS and was even more excited to discover that DNS-O-Matic can relay my IP address to a whole lot more DDNS services than my ASUS router. In fact, with DNS-O-Matic, I can now use

Once you’ve created your DNS-O-Matic account and verified your email address, adding services is pretty straight forward. If you’re using, it’s going to prompt you to enter a key. The key is the string that follows update.php? in your update URL which you can find here.

If you’re using DNS-O-Matic with your ASUS router, here are the settings you should use:

  • Host Name:
  • User Name or E-mail Address: (use your username; email won’t work)
  • Password or DDNS Key: (just your DNS-O-Matic password)
  • Enable wildcard: No

Blank hostnames aren’t allowed and if you enter any other hostname, you get back the following error: Request error! Please try again.

According to DNS-O-Matic’s FAQ:

How do I update all my DNS-O-Matic services at once?

Leave the hostname parameter blank. Or, if your software client requires a hostname, send as the hostname.

Enabling 2-Step Verification on Google

Wow… it’s been a long time since I posted anything on my blog. My WordPress dashboard looks completely different.

What is 2-Step Verification?

For the longest time, I’ve been wanting to enable 2-factor authentication on my Google accounts. Google calls it 2-step verification, but it means the same thing. For those who don’t know what 2-factor auth is, it basically means besides knowing your password, you’ll also need a secondary credential. Banks like to ask you some security questions when you log on from a new computer. Google’s 2-step verification calls you or sends you a text message with a 6-digit code that you’ll also need to enter before logging in from a new computer.

Google 2-Step Verification

You can also install Google Authenticator onto a supported device, which will generate the similar 6-digit code, but w/o having Google to call or text you.

Why the switch?

I’m already using super long randomly generated passwords for any online account that I have, but I’ve been meaning enable 2-factor auth for some time. When you think about all your accounts on the internet, there’s usually some way to reset your password via your email. When someone compromises your email, they’ve basically compromised everything you have online, your online identity.

Recently someone was blackmailed into giving up their @N Twitter account. 2-factor auth wouldn’t have helped in this case, since this was done via social engineering, but it reminded me of all the other account compromising news I’ve read over the year.

Things to keep in mind

Enabling 2-step verification will inconvenience you, probably a lot if you have many devices and services that you use to log in with your Google account.

  • Every time you log into Google from a machine you haven’t before, you’ll be prompted with a 2nd screen to enter a 6-digit security code generated at that time.
  • Every machine/service you’re currently logged into will require you to log back in. That includes mail on your phone, mail on your desktop, messaging services, etc.
  • Certain apps won’t support 2-step verification. In those cases, you’ll have log into Google from browser and generate app-specific password for it.

If you’re willing to put yourself through all this, then continue reading.

Here’s how you do it

Log into and click on the Security tab. On the left hand side, you should see 2-step verification which should show Disabled. Go ahead and click to enable it.

2-step verification

Go through the setup process, where they’ll basically ask you to confirm your phone number. 2-step authentication is now enabled, but you’re far from done.

I don’t see 2-step verification

If your Google account is from a Google Apps for Business/Education/Hosted Domain, you’ll need to speak with your admin on enabling 2-step verification. I had a trouble following their instructions initially, but it turns out the security icon is hidden inside More Controls, which is hidden at the bottom of your browser if you’re not paying attention.

Once you’ve located the Security option, enabling 2-step verification is pretty straight forward.

Now as the user, you can follow the steps above to enable 2-step verification for your account.

Now what?

I highly recommend downloading Google Authenticator and using that instead of having Google call/text you the 6-digit code every time, especially if you’re stuck in a place with no cell reception (the horror!). Once you have the app installed, go ahead and set it up by following the instructions on the Verification Codes tab of your 2-Step Verification dashboard.

I would also recommend downloading/printing your backup codes in case you lose your phone or no longer have access to it. I have mine encrypted on my machine so I have easy access to it.

Now that you’ve enabled 2-step verification, your mail app has probably complained that your login credentials have been rejected. If it hasn’t yet, it will soon. You’ll need to now go generate app-specific passwords by clicking on that tab.

When generating an app-specific password, Google recommends providing a specific name (e.g. Gmail on iPhone) so you can easily remember which one to revoke in case your device gets stolen. Once generated, go to the app and update the password and things should start working again.

RSS Feed for Hacker News’ Top Links

Hacker News is one of the few news sources I follow daily. They’re a bit like Digg/Reddit where posts are user-submitted, but they focus more or tech and related news.

However, as it’s getting more and more popular, so has the number of submissions. I generally follow this type of news via RSS feeds and their RSS feed just has too much noise. They do have a Top Links list (highest voted recent links), but unfortunately no associated RSS feed.

I’ve been using Daily Hacker News, but I dislike the format where it only compiles a list of the top 10 once a day. I wanted something that would insert a new RSS entry when a new item hits the best of list.

That’s why I’m introducing Top Links | Hacker News RSS Feed:

Following in the same style of Hacker News’ RSS Feed, the item links directly to the news source and there’s a comments link in the body. With individual RSS entries, this makes it a lot easier to search for items just by looking at the title and now you can save/tag entries for later.


Direct Links to Apple’s iTunes App Store Categories

If you ever wanted to post a direct link that opens to an App Store category on iTunes, you’ve probably ran into a bit of trouble. If you right click and copy the link from an app’s category, you’d probably end up somewhere like:

No problem when you try opening it from a iOS device, but if you open that link on a computer browser, you’ll most definitely be disappointed.

You can change https:// to itmss:// and if the protocol is registered, it’ll open up on iTunes. But Facebook and Twitter don’t really treat itmss links correctly. Facebook redirects to http:// and Twitter doesn’t even linkify it.

I have gone on a quest to find the regular http links that’ll open App Store categories and I have found the following. Basically what you’ll need is the MZStore.woa API which calls viewGrouping and figure out what the group id is.

Unfortunately I didn’t look far enough to figure out some of the newer categories: Books, Catalogs, Food & Drink, Medical, Newsstands

So if you know the direct links to the newer categories, feel free to post it in the comments below and I’ll update my post.

Ruby-1.9.3-p429 hangs when calling OpenSSL

So I’ve been debugging a problem for a better part of today. We first noticed an issue when our test suite was taking forever to finish and it turns out that a certain server we integrated was timing out on every single test. We initially chalked it up to the server being slow, but when we have 10 tests each taking 60 seconds to timeout, it adds a big chunk of time to run our test suites.

To provide some more background, our Rails on Ruby app uses ActiveMerchant to connect to NMI to process transactions. We kept getting the following error: “The connection to the remote server timed out”

The weird thing was that it was only happening on our Macs running OSX 10.8.3 (Mountain Lion), but not on our production server which is running Ubuntu.

So I decided to spend some time debugging the issue. I found out if I switched back to ruby-1.9.3-p392, everything worked fine. I thought maybe my ruby was compiled incorrectly, so I recompiled ruby-1.9.3-p429, but that didn’t seem to fix the problem.

Tracing the code:

  • ssl_post
  • ssl_request
  • raw_ssl_request

which eventually generates an Net::HTTP connection and makes the SSL request.

So I wrote a little test to see what happens:
h ='', 443).tap do |http|
  http.use_ssl = true
end'/api/transact.php', '')

In p392, I would get:
#<Net::HTTPOK 200 OK readbody=true>

But in p429, I would get:
Errno::ECONNRESET: Connection reset by peer - SSL_connect

Searching for that error string, I eventually came upon openssl. I found out that in p429, it had switched to using homebrew’s version of openssl (version 1.0.1e) instead of the system’s version of openssl (version 0.9.8r).

Using openssl 0.9.8r, everything worked fine, but when using openssl 1.0.1e, the connection was timing out and getting the following error:
$ openssl s_client -connect

no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 322 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

I contacted the openssl users mailing list and got back the following response:

This is most likely another case of the frequently reported (and discussed) issue that 1.0.1 implements TLS1.2, which has more ciphersuites enabled by default and additional extensions, which together make the ClientHello bigger, and some server implementations apparently can’t cope. It appears in at least many cases the cutoff is 256 bytes, suggesting these servers don’t handle 2-byte length right.

It’s unlikely that this would be explicitly configured on a server, rather it would be an implementation flaw that previously did not cause a problem. It might occur in an older version of server software fixed in a newer version.

For many details see

Short answer is that restricting to TLS1(.0), and/or a smaller list of ciphersuites (but still enough to intersect with the server), likely works. Both do for me using 1.0.1e to your example host. You can use -msg in s_client to see exactly how much (and what) is sent for different options.

So I tried setting the ssl version to :TLSv1, but that didn’t seem to work. Setting it to ssl version to SSLv3 did though.
http.ssl_version = :SSLv3

Following the example from Forcing SSL TLSv1, I was able to override the ssl_version of the http connection that ssl_post creates:

class SSLv3Connection < ActiveMerchant::Connection   def configure_ssl(http)     super(http)     http.ssl_version = :SSLv3   end end def new_connection(endpoint) end