Saturday, December 31, 2011

Farewell 2012

Fitting song for the occasion, taken from a post that I started 2 years ago but never finished.

No, that's not the worst thing. I have recently decided to use Evernote again. After logging into my old account I found a couple of todo lists I wrote back in March this year. Sadly, NOTHING on that list has been completed yet.

Seriously, 2011 went in a blur. I have sorted of managed to finish a degree and contemplating another but my life is not going anywhere as we speak. I hope 2012 will bring some much needed changes.

Friday, December 30, 2011


今 风にのって
遥か远い あなたのもとへ
渡っていける あなたのもとへ

Tuesday, October 25, 2011

Coping, just

 Too late to get upset over anything now, hang on

Monday, October 3, 2011

Site-Directed Mutagenesis Redux

My current research project involves introducing single-base mutations as well as in frame deletions to a human gene and study their effects on the protein product. My supervisor was kind enough to purchase a rather expensive commercial kit for the purpose.

So we went ahead with the kit. The positive controls worked brilliantly, so did the competent cells that came with the kit. However every experiment we did failed; not even a single colony formed.

The next two months were spent in frustration and confusion. We tried many suggestions from various websites as well as colleagues, none of which worked. The situation seemed especially bleak at one point when the kit ran out and we had to wait for weeks for more material to arrive while doing nothing since we don't have the right constructs to work with.

Jumping ahead to the present day, we were able to achieve the goal by doing it the hard way. Looking back at our past attempts, a lot of the "helpful hints" we got from the internet were wrong; senior lab members at my university, while more experienced, did not necessarily understand the mechanism of mutagenesis either so their advice were of little help (one technician simply suggested blasting through with large doses of every ingredient, seems like he got lucky with his way on every occasion). In addition there were too many other issues with our methodology and record-keeping that lead us into many dead ends; our sterile techniques were also less than perfect that we wasted much time and resource fooled by several cases of false positive results due to contamination, etc etc.

So what went wrong? Let's begin with a short summary of various historical and contemporary approaches to site-directed mutagenesis.


The first site-directed mutagenesis methoddescribed by Hutchison et al was published in 1978. In essence the method involves the synthesis of a short oligonucleotide primer containing the mutated sequence, which is hybridised with the wild type ssDNA and extended with DNA polymerase before transformation into E coli.

The protocol did not eliminate the template and hence less than 20% of progeny will retain the mutation, requiring tedious selection, a major pain back in the 1970s with DNA sequencing in its infancy and Kary Mullis a few trips away from inventing PCR. It is not surprising that some better funded and less patient labs resorted to have the mutant gene completely synthesised at great expense or in a less extreme version known as cassette mutagenesis, partially synthesised with suitable cloning sites and inserted into the vector by ligation.

Annotated diagram of found on the internet

Fortunately for the less privileged, many improved protocols soon emerged to increase mutant yield and reduce the burden of selection. One of the most significant advancement was developed by Kunkel et al., in which...Oh well I'd be lazy for once and quote wikipedia directly:

"The plasmid to be mutated is transformed into an E. coli strain deficient in two enzymes, UTPase and uracil deglycosidase. The UTPase deficiency prevents the breakdown of UTP, a nucleotide that normally replaces dTTP in RNA, resulting in an abundance of UTP; the uracil deglycosidase deficiency prevents the removal of UTP from newly-synthesized DNA. As the double-mutant E. coli replicates the transformed plasmid, its enzymatic machinery incorporates UTP, resulting in a distinguishable copy. This copy is extracted, and then incubated with the Klenow fragment, dNTPs, DNA ligase, and an oligonucleotide containing the desired mutation, which attaches by base pairing to the complementary wild type gene sequence. The ensuing reaction replicates the UTP-containing plasmid using the oligonucleotide as primer, thus incorporating the desired mutation. This forms a chimeric plasmid, with one strand unmutated and containing UTP, and the other strand mutated and containing dTTP. When this plasmid is transformed into an E. coli strain with normal UTPase and uracil deglycosidase, the UTP-containing strand is broken down, whereas the mutation-containing strand is replicated, forming a plasmid lacking UTP but containing the desired mutation on both strands."

This method is seldom used nowadays because there are easier and better ways out there, nevertheless the idea of template elimination took hold and contributed the basis of all mutagenesis strategies used today.

Probably through pure coincidence, dam methylation of E coli was also characterised in the 70s. The neat system provides a simple way to distinguish daughter strands following replication through the lack of methylation on certain adenine bases. The daughter strand is then selectively removed by a methylation sensitive enzyme such as endonuclease MutH. A restriction enzyme called DpnI also acts on the same site and specifically digest the unmethylated strand. It did not take much imagination to realise that DpnI is the perfect tool to selectively remove the template without affecting unmethylated DNA generated in vitro.

Yet the easiest way to synthesise DNA, namely PCR, is riddled with random errors that it was limited to small fragments. Yields with the more commonly used T4 DNA polymerase were poor and selection was still carried out via phenotype or special vectors for the next decade. Finally the hurdle was removed with discovery of proof-reading thermostable DNA polymerases, which allowed the direct use of any dsDNA with thermal cycling, greatly reducing the complexity of DNA amplification.

Thanks to technology, most commercial "fast" mutagenesis kits use thermal cycling followed by DpnI digestion to remove the template before transforming them to cells on the same day, yet their internal mechanism may be more different than you think.

The simplest implementation popularised by Stratagene is known as Quickchange. Two overlapping primers containing the desired mutation are used with a proof-reading DNA polymerase to generate nicked plasmids; DpnI is added to remove methylated/hemimethylated source DNA, leaving behind only the mutated strands to transform E coli where the nicks are repaired.

 Strategene's own (idealised) illustration

Theoretically the protocol is fast, easy and almost foolproof provided that your enzymes have not expired, yet in practice people (yours truly included) frequently run into all sorts to bizzare problems. The troubleshooting guide supplied with the kit point fingers in every possibly direction: Too much or too little template, bad plasmids, primer dimers, poorly controlled cycling, not enough respect for their super awesome competent cells (I am quoting verbatim) blah blah blah without a single mention of the biggest problem: excessive 5'->3' extension

In a normal PCR, extension requires little attention as long as there is enough time for the enzyme to finish building the new strand. Any initial overshoot will be corrected in the subsequent cycles by the other primer. However with a circular template and overlapping primers, the conditions of extension must be optimised to prevent the enzymes from displacing its own product and continuing to extend down the 3' end. The product will not form a nicked circle and hardly transforms into E coli if any. No polymerase is immune to the problem and the likelihood increases with each cycle as primers become used up, leaving the template free to anneal with the product. Unlike the nicked circles, over-extended ssDNA can act as DNA template further depleting primers otherwise available for correct binding. (Nicked circles cannot act as template for synthesis as the strand break is immediately downstream from the primer binding site)

Confusingly, many people report better results with longer extension and some versions of Stratagene's manual recommend 2min/kb extension instead of 1min/kb. Attempts to heed to these suggestions never worked, however the results did help identify the problem. I can't find the rather dramatic gel photo now but the 12-hour long amplification produced some extremely long ssDNA that would not even migrate in 0.7% agarose gel electrophoresis. Instead it formed a very bright halo around the wells that took a number of head-banging to figure out what is going on.

In the end we got it working like I said before. Instead of tinkering with the 9kb entry vector, the gene was shuttled into a smaller vector (3.5kb including the insert) which required a much shorter extension time and less room for error. Fortunately our gene of interest was maintained in a Gateway vector which made the process much less of an ordeal but others may not be so lucky.

If your insert is long or subcloning is difficult:
  • Optimise your PCR conditions: reduce cycle number, decrease extension time and temperature, try a gradient of annealing temperatures, change template/primer ratio, increase pH of the reaction buffer, use additives such as DMSO (I add 4% for every PCR involving GC-rich genes, some difficult template may require as high as 10%) or betaine.
  • Buy a specialised polymerase (variously referred to as "non-strand replacing" or "with DNA clamp") that is less likely to have issues with extension. PfuUltra seems to be a popular choice. A new product from Takara known as PrimeStar Max boasts an extension time of 5s/kb; a mutagenesis protocol tailored for the enzyme uses very small amount of template and skips DpnI digest entirely as it is easily outnumbered by products after an amazing 30 cycles.
  • Redesign your primer to be partially overlapping. These primers are less likely to anneal to each other and may allow you to get away with a lower template concentration. I get a small yet noticable increase in colony numbers after I redesigned my primers with a short 3' overhang. 
  • Buy 5' phosphorylated primers and do a ligation after DpnI digestion. This might help stablising the double strand for some long mutations that does not like to form nicked circles.
Invitrogen's GeneArt kit, on the other hand, is designed with the problem in mind: Recommended extension time is halved and an additional in vitro recombinase reaction is carried out to convert the inevitable linear product to circular DNA before transforming a special cell type that automatically degrades the template. I have not use this personally however it looks pretty neat; price is on par with the Stratagene kit but again, both are really, really overpriced.

A better system offered by Finnzyme known as Phusion uses an alternative strategy. Instead of using a pair of overlapping primers going in circles, it uses two "back to back" primers that amplifies away from the mutation site to form a linear strand which is subsequently phosphorylated and ligated before transformation.

Compared to Quickchange, it is much easier to use because
  1. The PCR product is linear and can be easily checked by gel electrophoresis; Quickchange usually ends with a smear leaving you wondering if it actually worked.
  2. Ligated DNA has better transformation efficiency
  3. No need for specialised enzymes and protocols, just follow the manual.
except two major drawbacks:
  1. The primers needs to be highly purified, e.g. HPLC or PAGE. The reason is that DNA oligos are synthesised from 3' to 5' and there are always some molecules with one or more bases missing from the business end and in our case, result in unwanted deletions. Extra purification and can cost a lot is the primers are long and negate the benefits of the method.
  2. Ligation of blunt-end strands usually requires overnight incubation, so one more day is needed before the DNA is ready for sequencing. 
On the other hand the system is rather fool-proof given you had good material to work with. For a detailed explanation go here

Dill's Refined Quickchange Mutagenesis Protocol

Before you start:
  1. Check your template by digesting it with DpnI and run a gel alongside the undigested plasmid. This step is not mentioned anywhere else but highly recommended because it establishes a few things that often go wrong: Your DpnI is active, your template is sufficiently pure, supercoiled and methylated. 
  2. If your plasmid is stored in TE buffer, consider ethanol precipitation and re-dissolve in water as EDTA can affect polymerase activity, unless your template is very concentrated and only added in small quantities. 
  3. Consult the documentations of your polymerase to work out the best reaction conditions. You often need more polymerase than normal to get the best yield. 100ng of template and 150ng of each primer appears to be a good starting point for point mutations on plasmids from 3kb to 6kb; outside these ranges you might need to experiment to find the best molar ratio.
  4. Design your primers. There are many way to do this and the best strategy is to use Takara's protocol as a starting point and apply common sense: Add a few more bases when in doubt, especially on the 5' end; try to end your primers on a C or G; avoid repetitive sequences that self-anneals. Strategene's recommendations and their web-based tool should be taken with a grain of salt. Melting temperature is not critical unless you are using some picky polymerase that you should not have bought in the first place; if you absolutely have to, use the nearest neighbor method on the non-mutagenic portions as a guide. Desalted or cartridge purified primers are fine in most cases, and the money is always better spent on a few extra bases on 5' end than more expensive purification steps.
  5. Get some competent cells with competency of 10^8 or higher. HsdR genotype is preferred since your DNA will be entirely unmethylated.
  1. Set up protocols according to the polymerase used.
  2. If there is a final extension step, don't include it.
  3. Do not exceed the extension time specified for your enzyme.
  4. 15-18 cycles should be enough, do not exceed 20 cycles.
Following that:
  1. Add excess amount of DpnI, usually 10U per 50uL reaction but feel free to add more if have a lot of template. Not to mention the PCR buffer is usually not optimal for DpnI activity
  2. Vortex and centrifuge the tube to ensure good mixing. Incubate at 37C for 1-2 hours in a PCR machine with heated lid or cover with mineral oil to prevent evaporation. Vortex/spin at least once during incubation. 
  3. (Optional) Add Proteinase K and incubate to stop the reaction. Do not heat inactivate since this might interfere with strand pairing.
  4. (Highly optional) Phosphorylate purified product and ligate with T4 DNA ligase. CSL recommends this step for all applications but I feel this is only for long mutations that you should not have used a Quickchange protocol to begin with. 
  5. (Electroporation only) Desalt the product if your apparatus is prone to arching; chemically competent cells are better for the purpose.
  6. Add ligation product to competent cells, heat shock/electroporate , add SOC and shake at 37C for 2 hours instead of the usual 1 hour to allow cells to repair the plasmid. This is more important if your selection antibiotic is bacteriocidal such as kanamycin or streptomycin. 
  7. Plate cells on appropriate selective plates. A good reaction should result in tens to hundreds of colonies. 
  8. Pick 3-4 well-spaced colonies, grow them up, miniprep plasmids and sequence.
Common Issues:
  1. For unknown reasons Quickchange sometimes results in random insertions. Nevertheless there should be at least one colony with the desired mutation and no other errors.
  2. If there is no colony at all, consider transforming with more products and plate a higher volume. I make my agar plates in advance and store them in the fridge without a bag. After one week they would have lost some of their water content and as a result up to 400ul can be spread easily. 
  3. If no clones can be found after you screen 5-8 colonies, it is very likely that you have had contamination or template carry-over and you should start over and be more careful.
  4. The efficiency of the reaction can be accessed by blue-while screening compatible cell strains and plasmids. Normally more than 90% of colonies should be mutants - if not there is likely some issues with amplification/digestion. 
Good luck, and let me know your sucesses/questions on twitter @DillADH

New Kindle for a New World

Yup, the new Kindles are here and the prices are better than I ever thought. For those in the US you can get a subsidised e-reader for as little as $79. For the same price you get your choice of the new namesake Kindle Touch or the same old Kindle 3. A steep discount up to $40 (already applied in the image above) are available for those who sold their souls agrees to receive and view paid advertising while they are not reading.

The new kindles reminds me strongly of their Sony counterparts with silver-ish covers and minimalistic design. Heck, the touch version does not even come with physical page turning buttons.

While the display quality of the first Kindle left plenty of things to desire for, it is possibly the most ergonomic Kindle to this day. The subsequent Kindles saw a gradual improvement to everything except to the buttons (not including K3's five way controller which I am fond of) with the keyboard on the two Kindle DX models bordering the realm of uselessness. Now with the touch version they completely did away with physical keyboard.

More virtual QWERTY keyboard, you must be kidding

If you ever tried to type anything longer than a short email on any modern tablet you will understand my frustrations: They are simply painful to type on. Qwerty keyboard was designed for physical keys, not glass surfaces with no tactile feedback.

I am already sick of touchscreens which seems to find its way into everything between the space shuttle and the common refrigerator. Before 2007 it would be outrageous to sell something without physical keys, now the reverse seems to be true. 

Rant is over, let's get back to the topic.

Preliminary teardowns suggest that the lowest priced Kindle came with a Cortex-A8 based SoC, beat that Nokia. However the RAM and battery capacity has all been sliced by a half to reduce the overall cost.

Do I have any desire to upgrade my current complement of reading devices(consisting of a Kindle DX International, a Kindle, er, Keyboard 3G not to mention smartphones and computers with Kindle clients)? Well not really. The hardware on the entry level model is rather limiting to be an upgrade; the CPU bump is a nice touch but the halved RAM killed it for me. The smaller battery, while drawing much criticism, should not be a serious issue in this day of age when we have already accustomed to charge our gadgets once per day. I don't see much point in a touch operated e-reader let alone a multimedia tablet. Egadget has summed my opinions rather eloquently in an earlier post that in essence, nobody apart from the tetraplegic really needs a tablet. The current craze for bigger screen size and touch gestures is nothing more than a invention like the bunch of merchants of Edinburgh who invented the myth of Highlander culture in the 18th century.


To its saving grace, Amazon had a sensible grasp on the best use for tablets: an advanced entertainment slate by stripping all the purported productivity features. In any case, everybody agrees that the Kindle Fire is the android twin of RIM's playbook soon to be forgotten.

Like it or not, Amazon is the internet's upcoming Wal-Mart and the more likely entity to change everything again about the way we read. I can already see Kindles being given for free in exchange of a certain amount of book purchases or Amazon Prime subscriptions, wait, I have seen something like this already....

Enters awkward opera, my favourite rendition of Der Hoelle Rache by the venerable Diana Damrau:

P.S. If you own a Kindle 2/DX like myself it is highly recommended that you flash  Yifan Lu's hacked 3.1 firmware. You lose a few unimportant functions such as active content and TTS but get greatly improved reading experience, so check it out. If you don't have access to a K3 to extract the files, tweet me @DillADH and I will help you.

Monday, August 22, 2011

One day I will gather enough will power and....

...anyway previews of upcoming content:

The wonderful world of site-directed mutagenesis with thermal cycling

 Pwnapple, why you should do it apart from getting cracked apps

Yashigani, the cabbage, and why outsourcing is killing the creative industry

And you never know, but I might start writing those unfinished series again. So, stay tuned, the next post will bring substance to this blog again.

Sunday, July 17, 2011

Carry on, carry on

This blog is not dead, not even close to that.

Friday, June 17, 2011

Canadians, Always on the Cutting Edge

In case you were not a huge follower of ice hockey (not that I know anything about it), Vancouver Canucks lost the Stanley Cup final at home, widespread rioting ensures.
Very considerate self-censorship 
Worthy of the Pulitzer Award (In case you did not get the joke, click here)
Note to myself: So this is how you set a car on fire

 Did you spot the ginge? Did you?

Duck and cover? Nah, a real anarchist throw them back 


Have not checked 4chan yet, but this feels like instant meme material, I offer my own image macro below:


Posting of serious content will resume in late June after my exams are done, I promise, yeah.

Tuesday, May 10, 2011

They need Italy to complete the Axis

BREAKING NEWS: German Scientists create Mind-Controlled Vehicle

Meanwhile in Japan

...there is nothing new under the sun

It amazes me how quickly people can forget things. Gevey and Rebel have been selling so-called "Unlocking SIM card" for a number of years and people reacted as if these named never existed before. If my memory serves right I bought my APDU kit from Rebel not long ago(before they became involved with i4, of course).

When Gevey broke the news that they have an working SIM interposer for i4, most people reacted in disbelief. Gevey themselves did not help when they released a (poorly) edited demo video and everybody was convinced that it was just another scam.

However, other reports soon emerged with some important details: First of all it seems to work, however it requires dialling 112 and data service only works if you enable Data Roaming. In hindsight it makes good sense why Gevey did not want us to know these things before they could ship the product: it can be copied very easily once the methodology has been figured out. In fact the same protocol/exploit has been found by other as early as November 2010 but nobody thought it could be made into a product.

They did come up with other interesting accessories such as this i4 dual-SIM device which can be reprogrammed to act like a gevey  

Gevey only made it with meticulous planning: While they have been dropping hints about their product a long time ago, announcement was only made after the Dev Team admitted that they have no baseband unlocks - back in 2009 Gevey and others almost went out of business when ultrasn0w came out and there are tens of thousands of old SIM interposers gathering dust in their warehouses. Mass production followed soon enough to saturate the market, price was initially high to make sure they get a fair scoop of profit before copycats and negative feedback could ever appear.

On the contrary, Rebel made a number of bold claims ("No need to use the illegal number[sic] 112", "World First", "Untethered unlock", btw do we even have a tethered unlock in the first place?) and failed to back them up with evidence. Release date were pushed back a few times, shipping charges are exonerate and the worst part: They don't even work, at least not as advertised.

Anyway let's get to the methods:

What you will need:

Programmable SIM Card - Preferably the newer types and of course it needs to be cut to fit in the SIM tray.
SIM Programmer - Those PL-2303 USB dongles are cheap and easy to find on ebay. The more expensive smartcard programmers often based on the R200 PC/SC chipset is an overkill and does not work well with 64-bit Windows. For cheapskates like myself, you can build a simple circuit that allows direct connection via serial port.
SIM Data - Three out of four parameters, namely IMSI, ICCID and SMSC are stored on the SIM unencrypted, however the main authentication key Ki is not. Best way to get it is to ask your mobile service provider to disclose these figures for your personal use, and I know some carriers in UK that allows you to have a back-up SIM. There are various "solutions" for sale over the internet to obtain your Ki by brute force however there are good reasons to avoid them:
A. The key is never transmitted directly, instead it is used within the SIM card to encrypt a random string sent from the network. Given enough time, a collision could be found to deduce the key, however most SIM cards have a built-in counter that disables the SIM after an unknown number of failed attempts so brute-force will never work. You have been warned and it is your fault if anything happens. BTW anybody that claims to be able to obtain Ki in mere minutes is probably fraud material since the speed is constrained by the very limited computation power of the SIM chip.
B. Cracking SIM cards, even your own SIM, is still illegal because the SIM is not the end user's property (it always belong to the provider) and most carriers have clauses in their Terms of Service that forbade any tampering with SIM cards. While they are unlikely to take anybody to court, you will have a lot of explanation to do after a few requests to replace your SIM card.

For those with legitimate access to their SIM data:

1. Write your SIM data to the blank SIM, leave ICCID, SMSC and Ki as is and replace the first eight digits of your IMSI with 08091010.
2. With your original SIM in your i4, dial 112 and immediately disconnect.
3. Toggle flight mode ON
4. Eject SIM tray.
5. Replace SIM with the one we programmed.
6. Toggle flight mode OFF, you should have reception in a few seconds.

My earlier comments and FAQ for Gevey applies for the method as well. Chances are you will retain the reception after reboot, however there might be issues with data and incoming calls. There is some room to optimise the outcome following a reboot but it is impossible to test on every single MNC/PLMN/VLR/MSC which could all have a different authentication protocol. This is why Gevey decided to play it safe by implementing an elaborate STK menu to require 112 dialing following every reboot; Rebel did away with the STK with the hope that it might allow some users to restart their phone without losing reception, yet they ended up with a disappointing and erratic product. 


I have tried to find a way to make the method work without having to dial 112 but so far it appears impossible unless the baseband FW is patched to handle TMSI like it used to prior to 05.11.07. Not mention if we were able to patch the baseband directly we would already have a software unlock.

So here you go folks, it's the "unlock" we have been talking about for the past two months. All's right if it works; don't lose any sleep if it doesn't work for you - after all it is just a phone and we have more important things to worry about in dear life.

P.S. And I must agree with @sherif_hashim that "money for unlock = bullshit"

Tuesday, April 19, 2011

So much to do, so little time

I had to delete several draft posts that I spent hours writing yet realising in the end that I will never finish any of them. Terrible waste of effort but much better than wasting more time on it later on.

I am not desperately short of time yet - such a crisis it will come much later; however my time is badly fragmented with various commitments everywhere. This is the type of situation I am not good with, and I am still jealous of people who are able to organise their life so well.

My first successful plasmid PCR experiment.

Things are alright-ish in the lab with me moving fairly fast according to plan. Finally I can appreciate the past toiling for for the undergraduate labs; if it was not for the experience I could never have done anything with nothing but a product manual. Gatecrashing another stage III genetics paper proved useful as well - I can actually understand the techniques I am using. Working in a small group headed by a laid-back supervisor has it's pros and cons, well, I like it that way.

The entire honours thing has been somewhat apprehensive until last week when I started working in the lab and found things much easier than anticipated: People are genuinely nice when you ask for help, but they would leave your alone when you need to; having access to copious quantity of pipette tips/glassware/reagents is a nicely self-inflating bonus too(one that makes you feel more important than you really are).On the contrary, people with their PostDipSci probably all had a hard time when they started their MSc because the former had little practical content.


Yeah, every damned morning I know. Nevertheless there is one that I remember vividly. The actual content was just as laughable and absurd as the example in the xkcd comic above(namely a mixture of The Graduate, recent Gantz chapters, drunken yarns with older friends and assorted current events including the tsunami), yet I remember every detail of it because I was, for a moment in the land of Oneiroi, truly happy and I have never been overloaded with joy ever in my life.

In nothing but a dream.

Monday, April 4, 2011

With Apologies to Rebecca Black

I am sorry for the awful comments I have made in public or private about your mis-understood masterpiece Friday as well as reporting your music video on YouTube for child abuse. I was fooled by assumptions and failed to see the connection at all until fate led me to listen to the song Baby by Justin Beiber three times in a row last night.

Please accept my most sincere apologies, I will queue outside my nearest music store when your new single/album comes out.

Unofficial Gevey FAQ

This post is not a statement on the legal/moral debates surrounding the use of Gevey SIM or similar means to pseudo-unlock the iPhone 4. It is purely to help those who are experiencing issues with these products and failed to get any support from the resellers:

Q: I get "No SIM" after I put my SIM card in the phone with Gevey.

A: Assuming both your SIM and Gevey are working, the underside of your MicroSIM may be touching the chip on the SIM interposer and shorting it. Cut away some more to give enough clearance between the SIM and the chip. 

Q: I had to enable "Data Roaming" in order to use mobile data, would this incur a lot of roaming charges?

A: No. Data roaming needs to be enabled because the way this exploit works, your network will always bill your call/SMS/Data correctly as before.

Q: My caller ID is not working and my SMS threads are fragmented, why?

A: The "unlock" causes the phone to use 001 as the default MNC, which has no matching country code and your phone fails to map caller ID to your country. There are many ways to get around it, e.g. manually adding the country code to every number in contacts, adding custom carrier bundles for 001/01 or a network reset/full reset. A more consistent method is to open /System/Library/Frameworks/UIKit.framework/PhoneFormats/UIMobileCountryCodes.plist and add the highlighted part:

Replace %Your Country Code% with ISO3611 alpha-2 country code for your locale: nz for New Zealand, jp for Japan etc.

Q: My data connection dropped out and I cannot get data on 2G or 3G, I have checked my APN settings and they are correct.

A: Use your SIM in any unlocked phone with GPRS functionality once to re-establish data session; expect to do this on a regular basis.

Q: I have full signal bars and I can call normally; but when other people call me it says number is not listed or goes directly to voice mail. 

A: I have explained earlier that you need to obtain a TMSI from the network to connect. Theoretically the TMSI will stay with your number as long as your phone remain connected, and when you move between cells it is passed to the next base station so you don't have to call 112 again.

Nevertheless the carriers usually configure their network to refresh TMSI periodically for security and administrative purposes. It has also known that some cells, particularly the ones serving train stations and major road intersections, require a TMSI refresh following a hand-off(Because users tend to move in and out of coverage very rapidly, TMSI reuse cause unnecessary delays).

Your phone will not recognise the refresh because it is for your original IMSI and your phone is still on the test IMSI starting with 80900101. You can call because your old TMSI did not really expire and is hence accepted, however the network is unable to locate you because it uses the new TMSI which has never been updated on your phone.

Out of all the issues with the Gevey this one stands out as the most deleterious, and there is nothing you can do to stop it from happening. In fact you cannot even tell because the signal bars will appear normal and you can dial out perfectly fine. The only way out is to restart the phone and start over to match the TMSI.

Q: Help, my SIM is stuck and I can't take it out!

A: Do not force your SIM tray if this happens, you are going to cause more damage. Push it all the way back in and tap the phone a few times, gently but firmly, against the palm of your other hand or any soft object e.g. a large pillow. If this had failed to free the SIM tray you will have to take your phone for repairs. (If you are feeling particularly adventurous, you can do it yourself by following this excellent guide created by iFixit; however do this at your own risk and be prepared to lose your warranty because one of the screws cannot be accessed without breaking the warranty seal)

Don't get me wrong and think I am scaring you; this can happen to anybody but it is more likely with the extra thickness provided by the interposer.

Update 1:

Q: My battery level seems to go down very quickly now...

A: Now there are two possibilities, one is that you are simply not used to the i4 acting more than an iPod. cellular transmission can use a lot of battery power, especially on 3G and whenever the reception is poor. However if your data usage listed under Settings/General/Usage seems to be too much AND you have hacktivated your i4 (activated using limera1n/redsn0w etc) then chances are your problems is real.

If you never used and does not need push notifications, you can simply delete /System/Library/LaunchDaemons/ and restart your phone. Any battery drain caused by hacktivation will cease however push service itself will also be gone. Alternatively use many of other solutions available (PushFix, PushDoctor, SAM) that all fix the problem to a varying degree.

Q: Which carrier bundle should I use?

Your default carrier settings is stored under CarrierLab.bundle, which is actually not that bad since it allows free editing of the APN settings. If you need to get VM or VVM working, Wortel's patch has to be installed first before you can edit the bundle.

Carrier Logos should go to your actual carrier's folder, not CarrierLabs since your phone will be "roaming" on your actual network.

Sunday, March 20, 2011

Review: Issis Pasta & Grill

The food selection at Sylvia Park exemplifies its core problem: because the mall is laid out in a long strip, the management decided it is a good idea to have duplicate outlets at both ends of the mall. This has led to the rather boring situation where the same mall houses two Subway franchises in ridiculous proximity (literally within the line of sight of each other), two West Coast café(they actually make good coffee), a couple of very similar Chinese buffet(Same price, same sized plates, same pile of deep fried mystery "stuff" and even showing the same sign saying that their food does not contain MSG, well that is scientifically impossible) and two identical sushi joints(where the management is mostly Australian, the workers are uniformly Korean, and their sushi is so consistently bland that they must have imported the ingredients from England, seems like sushi has nothing to do with Japan anymore). The food problem gets so bad that my co-worker often took unauthorised long breaks to have lunch at home, by the way he lives in Remuera 20 minutes drive away.

If we take out the duplicates, the major fast food chains, all the run of mill cafés and the Indian canteens (Seriously, they make exactly the same meals that is offered at Hare Krishna parties and it is not even free) we are left with a few eateries that all had a juice bar and pot of weed wheatgrass growing proudly by the cashier to prove their middle-class consciousness.

Issis is one of the few remaining non-ethnic place (I mean the food, it is still run by the, um, certain enterprising ethnicity) that does not display their yuppieness up in the air. Their menu include a few combinations of:
  • Pasta and sauce
  • Grilled/roast meat
  • Breakfast staples, i.e. bacon, eggs, buttered toast...
  • Garlic Bread
  • Salad with commercial vinegarette (in plain terms: acetic acid, corn starch and a bunch of E numbers)
While everything is made from fresh except the pasta, a spaghetti/fettuccine hybrid kept alive warm in an incubator, cooked well beyond al dente but at least it is not machine made; and the sauces which appears to have been simmering since Moses parted the water. The bacon & chicken carbonara I ordered for lunch is the said pasta with a scoop of thin sauce full of bacon scraps that did not make it to the slice and no trace of chicken at all, maybe mentions of "chicken" always imply "chicken salt". After all I can eat this without complains because it tastes just like my own cooking on a Wednesday night(not including the plastic cutlery and bottled drink). Familiarity conquers all.

The accompanying salad is much more impressive: Fresh, crispy and everything in just the right quantity. The dressing is disappointing just as expected but easy to ignore.

Thursday, March 17, 2011

[Updated]Unofficial Review: Gevey iPhone 4 SIM hack

Disclaimer: I am not associated in any way with the manufacturers and/or resellers of the products mentioned here. A lot of technical information has been (overly) simplified to facilitate understanding however I try to keep them as accurate as possible. The Gevey device in concern has just began shipping earlier this week, I have had very limited time with it so consider all information as preliminary and expect frequent updates/corrections. Your feedback and inputs are most appreciated, tweet @DillADH

For much of the last two years time, even the manufacturer of these SIM hack products acknowledge that their product is no longer needed; so it was quite a surprise when Gevey announced that they have something that will unlock the iPhone 4. Contrary to conspiracy theories, they withheld onto the product because:

  • Initial production cost is high, they risk losing a lot of their investment should the dev team come up with a software unlock that does the same job if not better, before they were able to recover their cost.
  • The exploit they used is not without serious problems, hence they were reluctant to produce it until there seems to be be no alternatives coming for a while.
  • The exploit they used is very simple, provided you have the tools and skill, details to follow...
I have made a mistake earlier by calling it TurboSIM and it is not. @MuscleNerd reminded me of the correct term "SIM interposer", since it sits electrically between the SIM card and baseband hardware to perform a classic Man-in-the-middle Attack.

How did It Work?

SIM card holds many different types of information, but the part most involved with carrier lock is the IMSI number, which is a unique code that corresponds to your account in the mobile carrier's database. 

A sample IMSI might look like this

310 150 987654321

The first two segments are known as Mobile Country Code (MCC) and Mobile Network Code (MNC) respectively, and in the example above the IMSI indicate the SIM is from USA (310) AT&T (150).

When the iPhone baseband is loaded into memory, it checks the MCC and MNC against its own network lock state stored in the seczone. If the combination is allowed, the cell radio is activated and vice versa.

The earliest iPhone baseband revisions only check IMSI twice following a restart, therefore it is very easy to spoof information in order to bypass the check. Nevertheless, the baseband was soon updated to validate SIM more aggressively and the method no longer works. 

The Long Con

To guard against eavesdropping that plagued pre-GSM cellular networks, the initial connection to a network does not only involve IMSI, but a 4-byte TMSI to identify each handset before IMSI is sent. The base station recognises the IMSI as one of their users and replies with a nonce (RAND) to the handset, where is signed with a 128bit key (Ki, stored encrypted on the SIM) and sent back. The network checks the string against their own result using the same RAND and Ki and allows the device to register if the two value matches.

You see, the IMSI is only sent once and never directly involved with authentication; as long as your key is valid, you will be able to get service. This is exactly what the various SIM hacks where a fake IMSI is sent along with the correct key. The IMSI is redirected to another network and lost, In our case, the IMSI is invalid but some network proceed to the next step anyway - I will explain this in detail later.


The result of SIM hacks has always been erratic since the outcome depends on the implementation of the hack as well as the policies of the network; and people were inundated with a long list of issues and makeshift solutions. e.g. Cellular data may and may not work depending on the chemistry; a common remedy is to periodically put the hacked SIM into an unlocked "nanny" phone to "keep the TMSI fresh".

The use of SIM hacks fell sharply after iOS 2.2.1 update where the new baseband were made aware of the method and reject dodgy exploitable IMSIs, even the better designed interposers suffered frequent failures. It is about the same time software unlocks were developed and it pushed SIM hacks further into disuse. However the technology has been kept alive since a number of GSM handsets, mainly those coming from Japan, remains vulnerable.

Partial Revival

Apparently somebody figured out that while the i4 baseband has been patched to prevent test IMSI from working, it is still possible to force activate the baseband using the emergency dialer.

After that, it is relatively the same trick all over again. Let's see what it does at each step.

You will need to use the SIM tray supplied and file your MicroSIM slightly to accommodate the EEPROM chip.

Installing the SIM + gevey. 

The phone will search for signal, comes up with no service and finally settling on this "one bar" icon. At this stage the sim interposer is passing the parameters from the SIM as is. Earlier hacks required the fake IMSI to be programmed manually however this device is obviously capable of rapidly cycling a list of IMSI until an accepted MCC/MNC combination is found. pre-programmed with an exploitable IMSI. It may also spoof ICCID since the iOS is known to occasionally check that.

Dial 112 and hang up after the call is connected. The emergency call overrides the network lock and activates the cell radio. The network issues a TMSI for your real IMSI.

Toggle flight mode On/Off. Once the interposer senses flight mode, it transiently blocks electrical connection between the phone  and the SIM (hence it will show "No SIM card installed") before sending spoofed IMSI. The BB allows the SIM and attempts to connect to network. What exactly happens is not too clear but apparently the interposer ROM block electrical connection to prevent the BB from detecting the fake IMSI.


 The signal bars appear, we are safe:-) The network is able to register you again because the TMSI you obtained earlier is still valid, and the IMSI is not checked again. That is after the network ignored the fake IMSI (which the phone has no knowledge of) but allowed the SIM onboard because it is able to validate that.

Why 112?

112 had a long history as an emergency number for practical reasons; back then when the GSM standard was being drafted in Europe, 112 was chosen to be the universal emergency number to call that can be called from any GSM phone, free of charge, with or without a SIM card on any compliant network.

However long before GSM service was established, 112 has been used to report landline faults in China; the coincidence made it unsuitable as a true emergency number. The network still connects 112 as an unbilled emergency call, only to play an automated message in both Chinese and English informing callers of the correct emergency numbers to dial; the call is never redirected. 

What does it mean to unlockers?
  1. It works if A.your network handles 112 calls properly according to the GSM standard; B.they are tolerant to TSMI spoofing lax on TMSI management and does not actively validate your IMSI again for incoming calls.
  2. Unlike its ancestors, the i4 SIM interposer is not a drop-in-and-forget device. The exact precedure must be followed everytime the device restart, lose reception for an extended period of time or move to another PLMN. In all situations the TMSI expires and has to be obtained again. Theoretically it is possible for a daemon to automate the process similar to ZeroG, but that only makes thing more convoluted. Theoretically it is possible to reproduce the same behavior by physically switching your SIM card while flight mode is on. 
  3. It is, without question, unethical or downright illegal to use the technique anywhere 112 is a legitmate emergency number. Use the exploit at your own risk/responsibility and tough luck if you get into trouble with the law.
  4. All firmware/baseband combinations for the i4 up to iOS 4.3 4.3.1 are vulnerable, however the exploit may be patched in any future software updates or via the carrier.
  5. SIM interposer should not harm your phone hardware, however your network could request IMEI and identify your device during the emergency call, leading to your handset getting banned. Your identity cannot be faked and it is possible that they will shut down your account. There is a reason why SIM cards remain legally the property of the service provider: you are not supposed to tamper with them without breaching contract.
  6. Notwithstanding all the problems, SIM interposer does not cause any battery drain since it is only active transiently (at least for the gevey, some clones may use less reliable components and cause issues), nor would it cause signal loss as long as you stay in the same cell - TMSI may be reused in the neighboring one since it is only 4 bytes.

    An overpriced (US$50 US$70, although clones are just starting to appear), unreliable and legally questionable mod; works for some but your mileage may vary; get it if you are desperate or wait for the 40-bit 56-bit NCK hack or the eventual SW unlock by the iPhone dev team.

    Tuesday, March 15, 2011

    A few words on the recent iOS 4.3 release

    1. Pre-A5 devices already have a tethered JB with redsn0w 0.96rc8 custom bundle in the latest versions of PwnageTool/Sn0wBreeze. A5 Devices will have to wait till another injection vector to be found in the bootrom or userland. 
    2. New kernel breaks MobileSubstrate, and as a result a large majority of Cydia packages that depend on the former. Saurik cannot be reached for comment but it is understood that a compatible revision could take some time. Saurik is working on a compatible build right now with a new and improved version of Cydia!
    3. APPL's server is no longer signing 4.2.1 firmware, it is simply too late.
    4. Downgrade to 4.2.1 using cached TSS blobs will result in a 1013 error due to a mismatch in baseband version. Simply jailbreak again with Greenpois0n RC5 or later to get going, notice that the "auto-reboot" command will no longer kick you out of recovery loop, TinyUmbrella uses the same command and hence no longer works. 
    5. Multi-touch gestures is said to have been taken away in the final 4.3 firmware however it could not have been simpler to have it re-enabled. In \Applications\\General.plist search for "Mutltitasking"[sic], replace them with the correctly spelling "Multitasking" and you are all set. Seems like the engineers got incredibly lazy that they did not even bother to remove the code...

    Update: Apparently jailbreak is not necessary, you can edit the said file in an iTunes backup and restore to get the same effect.

    Sunday, February 20, 2011

    Scientific Snippets

    • Bdelloidea, a class of tiny aquatic rotifers that have lost the entire male population somewhere in the evolution process. In addition to the bland asexual reproduction, Bdelloidea absorb and incorporate any DNA that is floating nearby.Sound's like a Lamarckist's wet dream.
    • In addition to stretch marks and permanently dilated pelvis, pregnancy is found to lower one's IQ and possibly cause permanent brain damage. Hiring a surrogate mother is worth more than vanity, perhaps. 

    Tuesday, February 8, 2011

    No More Procrastination

    Just somehow dig in and make a start, the rest should be easy.

    Alternative colour scheme can be found here.

    Sunday, February 6, 2011

    Tips for Greenpois0n RC5 Jailbreakers

    Okay, RC5 is finally out and working to provide untethered JB for 4.2.1 on all devices, what does this mean?

    • Although this had not been officially confirmed, the exploit used here is, more likely than not, the long awaited SHAtter. I am fairly sure because the JB comes with custom boot logo (and it is even animated) so it has to be an iboot/kernel level JB which is not exactly abundant.
    • Chronic Dev Team was going to hold onto SHAtter for as long as they can, however it has been patched in beta versions of iOS 4.3 therefore there is no longer any point to save it anymore. They were almost pushed to use it for 4.1 back in October; however limera1n was released just in time so it did not happen.
    • There is currently no usable exploit for 4.3 and up, however Redsnow's Monte mode should allow JB on all future versions as long as you have the shsh blobs for 4.2.1. (The essence of Monte is to insert a patched earlier kernel version at iBoot level, hence the blobs are needed by iTunes to sign the kernel and allow it to load untethered)
    As for the greenpois0n software itself, it is still barely usable at the time of writing. You might remember that it took four RC revisions to get greenpois0n working as it should for 4.1; well RC5 and the latest RC5_2 are still buggy like a roach-infested hobo shed. You think geohot is the irresponsible Maverick? Greenpois0n is so crudely assembled that it did not even bother to include activation bundles, you are pretty screwed if you restored a locked phone to default before trying GP. (Solutions are available, read on)

    There are plenty of tutorials out there, however I am going to provide my workflow that is least likely to have many hiccups that you might come across otherwise (mainly the issues with activation and the utterly broken Cydia loader in both versions) This also allows for offline operation in case you don't have access to data service or wifi.

    1. Turn on your iPhone, connect it to your computer, back up everything in iTunes just in case. (nothing sould be lost unless you screwed up massively)
    2. Close iTunes, shut down iPhone by holding the Sleep button and slide the red slider as it appears. 
    3. Run redsn0w 0.96rc8, choose the factory 4.21 firmware for your device, follow the instructions and choose "Install Cydia" when prompted. For 3Gs unlockers only: You can choose "install iPad baseband" at the same time to streamline the process.
    4. Run redsn0w again as in step 3 however choose "boot tethered". 
    5. You should enter a fully jailbroken state, run Cydia to initialize it, check other system applications like Safari and make sure everything is working before turning the phone off again. Don't bother downloading any packages yet, we can leave this for later. 
    6. Run greenpois0n RC5, follow the instructions. Note that there is a 5 second countdown at the start for "getting ready", this can be somewhat confusing if you become used to redsn0w's DFU routines. 
    7. Keep the Home button pressed the whole time even after it says "complete", your iPhone should boot up in verbose mode in a minute, simply watch and you should be able to see the boot animation pretty soon.
    8. The phone will turn off automatically when everything is done; simply turn on the phone again to enjoy the benefits of untethered JB.
    • Whenever errors come up or the phone gets stuck at any step for more than 5min in verbose mode, simply force power off by holding Sleep+Home for a few seconds and start over. It actually happens more often than thought so don't panic, just keep trying and it will work eventually. In the worst case you can always use trusty redsn0w to boot tethered and start over from step 6.
    • Unlike limera1n, RC5 does not contain any activation bundles. If you are having trouble getting past the activation screen, you will have to run redsn0w 0.97beta6 to hacktivate. The usual precautions of hactivating still apply and it is always better to activate using the right carrier's SIM.
    • RC5 is Mac-only and will fail within virtual machines or hackintosh. RC5_2 is said to work with VM at least however I still recommend getting hold of a Mac before wasting your own time due to pod2g's own impotency.

    Wednesday, February 2, 2011

    Positivity and Cold War Relics

    The more things change, the more they stay the same. What I really need to remind myself of:

    * The beginning is probably the most difficult part. Think how you struggle to get out of bed every morning thinking that you are about to die, only to sober up in a few minutes like it never happened.
    * Stop worrying that you are not doing good enough. The one who laughs last is not the best player but the one who made the least mistakes. It is always too early to give up.


    I was driving home yesterday when I saw an old acquaintance.

    The 1973 MiG-21 was imported in the 1980s through a third country to Australia with the intention of selling it to the RAAF for combat simulation, however the Cold War ended too soon for the jet to me put into real use. The sale fell through, and the aircraft somehow ended up in God's own country following some ambiguous circumstances.

    The last time I found it in a derelict hanger in Christchurch airport, I did not have the chance to take a photo however I remember it was already in a dire condition however intact. It also did not have the BOOB 8008 marking. I wonder if the number actually meant anything.

    It was put on auction last year without the flaps and some other small bits. Right now it is sitting in a makeshift pen in Penrose and missing her wingtips. I have no idea who bought it to Auckland and why, however I really suspect that it will eventually be scrapped and turned into cans and windows frames.

    The laws of nature never gets old.

    Wednesday, January 26, 2011

    Mobile Network 101 Finale

    Back to the question I asked at the beginning, why are the pre-4th generation iPhones no better off than a cheap Nokia in New Zealand?

    The answer is simple: When the iPhone was first sold in NZ, Vodafone was the only carrier with a GSM service so Apple had no alternatives. However, iPhone was designed for AT&T's 850MHz 3G frequency instead of the European 900MHz that Vodafone uses. While the older iPhone models are able to get 3G service in urban areas where 2100MHz masts are the mainstream, they are out of luck in less populated places as their phones will only get 2G/GSM signal. Ironically XT had the right frequency nationwide, however Telecom opted to offer iPhones through its subsidiary Gen-i only. 

    The same issue is not limited to one brand. Motorola A855 or Sholes came in several versions that are nearly identical except for the radio module. The GSM/WCDMA version is called the MILESTONE, which is further divided into European (900/2100), Commonwealth (850/900/2100) and North American (850/1900) flavours, causing much confusion when users move across national boundaries; and the DROID line is CDMA2000 only and without a card slot, making them effectively unusable outside the US, unless you have a friend of a friend to unofficially register your phone with a non-US carrier.

    Sometimes it is harder to determine if a certain phone is XT-compatible since 850 and 900 versions may be offered under the same model/part number. A friend working with parallel imported handsets often had to literally sail out, with his newly arrived stock, to a spot in Hauraki Gulf that he knew has only 850MHz coverage.It may sound ridiculous but there are no other ways to tell.

    Apple has certainly learned something and the iPhone 4 is given a pent-band 3G baseband; theoretically it should work in any place with some form of WCDMA service.(The FCC documents included a 800MHz band however Apple choose not advertise on this, probably because there are not many 800MHz networks out there) iPhone for CDMA2000 is also due to be released shortly. Motorola has also recently introduced a range of Global phones with both GSM, WCDMA and CDMA2000 hardware, however these phones are programmed with a new type of SIM lock not to work with GSM carriers in the USA while they work without restrictions elsewhere.

    Nevertheless, Blackberry has been selling truly global phones for many years so it must have never been a major technological hurdle to combine several radios in one device. The true motivation lies in the lucrative practice of carrier subsidy.

    My conclusions from the history of mobile telephony

    • Like all other forms of infrastructure such as electricity and railway, mobile networks are costly to deploy and convenience decisions often lead to many headaches later. Example: Telecom took the hard pill in giving up CDMA2000 altogether,however many telcos elsewhere are still spending billions of dollars every year to expand their present CDMA2000 network and upgrading them to EV-DO Ver.B for commercial reasons with the full knowledge that the system is minimally compatible with successor standards and in a way, already obsolete.
    • Homogeneity created through monopoly is bad, too much diversity is worse.
      • Conforming to the general patterns in industrialisation, latecomers often have considerable advantage since they are not already committed to maintain legacy support. There are many examples: Japan, once they got over the general ineptitude for much of the 2G era, successfully developed a global standard and currently has several of the best and most profitable 3G netoworks world-wide.
      • Theoretically superior technology does not always lead to better results. Example: Telecom's XT is definitely faster than Vodafone's older UMTS stations, however XT is still struggling to catch up with its own precedents in terms of coverage and reliability, the two essential criteria of any good mobile service that appears to have been overlooked in the last 10 years. 
      • Lysenko may have been dead for several decades, his spirit still lives on as purely scientific matters are often swayed by political and/or ideological influences. The same farce is ongoing with the entire WiMAX vs. LTE debate.
      • Tanenbaum noted that public interest (and investment) in scientific advancements usually arrive in waves, hence the evolution is more or less stochastic. Example: 3G was almost killed off following the .com bubble, and it is still struggling to return a profit amid the recent recession.
      A lot of poorly developed science remained alive and well through pure luck, while the most ingenious inventions may easily slip into oblivion if it was born around the wrong time.

      By the way, his book Computer Networks is an essential read for those with further interests in this area.

        Mobile Network 101 Part 3

        In the beginning, Mobiles networks acted just like the wired phone system however over the air. Yet because each base station had limited capacity, it is not practical to maintain dialup-esque uninterrupted data sessions over analogue lines as it uses frequencies badly needed by everybody else. 

        Soon it is found that some bands reserved to control messages can be re-used to send small packets of data, namely 160 latin characters of text. By setting up separate facilities called Short Message Service Centre (SMSC) to route packets, the service could be put into use with little overhead to the network.

        The design proved to be simple yet very efficient;similar protocols were developed for most rival standards such as D-AMPS and CDMA. However just as SMS went viral worldwide, US carriers were unwilling or uninterested in co-ordinating SMSCs that allow text messages to be transferred between different networks. Such handicap resulted in a persistent lack of reliable SMS service and consumer interest in north America, leading to third-party services such as BIS that works independently across all networks. Texting between carriers is no longer an issue in US(quirks do remain, such as non-latin messages routinely gets corrupted should they cross network barriers), SMS is often not a regular service for mobile services but a paid add-on.

        For a while, SMS was the only method of data transmission over GSM networks. People even wrote protocols to control remote devices via SMS. Fortunately, it did not take long before someone realised that a packet-based layer would be placed alongside voice in the digitised radio. By the time GPRS standard has stablised, it is capable of 80kbps download and 20bps upload, faster than dial-up on copper wire. However to achieve this speed, five concurrent TDMA timeslots must be used, hogging up a large portion of scarce network capacity. To furthur increase bandwidth, the need for new technology could not be any more obvious.

        Numerous submissions were made, and the winner turned out to be a surprise to everybody. NTT DoCoMo's W-CDMA, a hybrid protocol using a CDMA air interface for capacity, while preserving the GSM core network to minimise transition costs and allow handsets to move seamlessly between 2G to 3G. Bearing in mind that Japan never had any commercial GSM service, we could only assume that NTT designed W-CDMA (soon to be known as UMTS), to be a global standard.

        Legacy support was proven in its value such as in case of Vodafone NZ, which operates both WCDMA and GSM network. The latter is available in case the former fails. Whereas Telecom runs to incompatible standards (XT and CDMA2000), disruptions in XT service turned out to be a major flop.

        CDMA was designed to be data-compatible from ground up. It underwent its own evolution into CDMA2000, and became fully 3G with the EV-DO extension, which happened before any other standards were formed. While CDMA2000 uses a much smaller channel which means it hogs less frequency, the smaller bandwidth meant that there is little room for expansion, and voice call cannot exist simutaneously with an active data session. 

        3G was, shortly before the millennium, touted as the greatest thing that was ever invented since the lightbulb and sliced bread to "change the way we live forever". National authorities put 3G frequencies for auction and netted billions of dollars. However, the .com bubble promptly went burst thereafter and the hype suddenly died away. For many years, 3G was considered nothing more than combination of gimmicks like video calling; nobody took it seriously. 

        Some of the players like Nortel never recovered from the damage and went out of business in another bad cycle. With the rollout of 4G and 4G-ish networks imminent, most operators have so far failed to recover their cost from the entire 3G fiasco.

        One of the main reason was that few handsets were truly taking the advantage of 3G before 2007. Yes, I am talking about the iPhone. Before that, most phones are optimised for GPRS: messages were text only and browsers only return stripped down WAP pages. We all dislike iPhone for many reasons, but it is truly the game changer as everybody realised that how much rich media they could provide on people's everyday carry.

        The slow transition to 3G is accompanied by the decline of two 2G-era giants: RIM and Nokia. I will write more about them in another post.

        If it was not for the recession, three independent standards would have played out for 4G: LTE for the GSM/UMTS camp, UMB for CDMA2000 and WiMAX as an extended 802.11 protocol. Qualcomm, reacting to not-so-favourable financial conditions, decided to ditch UMB and concentrate on allowing present CDMA2000 networks to migrate to LTE.

        Right now, most 3G carriers are planning for LTE while brading their HSPA+ compatible networks as 4G in all advertising material to attract attention. WiMAX has been deployed in a few places, however it's future as a major standard remains unclear.

        Tuesday, January 25, 2011

        Gantz Live Action Movie

        Thanks to personal circumstances and endless piles of stuff from work, I have epically missed all the movies I was supposed to see since the start of the break. Well, I am not going to miss this one. The few pre-release reviews I have read has been generally positive. Although I have a few doubts about the cast, the trailers look pretty delish.

        Gantz is probably the most realistic manga I have read. Not only is it extremely graphic and blasphemous, but also for the lack of voyeuristic/philosophical nonsense that seems to be the norm today.

        Most people suffer more or less from the Pygmalion Syndrome where they fall in love with their creations and it becomes too hard for them to let go. Oku, however, has taken a rare kind of apathy in Gantz. I mean, his characters may not be very likable, but which other author kills 90% of the main cast in two chapters of a single story arc that is not even halfway into the plot?

        The anime adaptation shared a lot of similarities with Fullmetal Alchemist, with the weekly episodes progressing too fast on the storyline, eventually getting to a point that it runs out of material from the still ongoing manga. Both productions decided to supply original story to finish off the season. This is where the Gantz failed as the new segments were badly written and stripped of the realistic aura. Although FMA's divergence from the original was much better executed and received, a new anime had been made later to recreate the story as intended by the author.I seriously look forward to another Gantz anime; in the meantime the movie will help to fix my cravings.

        Sunday, January 23, 2011

        Tomorrow I will hold a bottle against the sun

        if the weather is good and the following is true:

        "Tonic water will fluoresce under ultraviolet light, owing to the presence of quinine. In fact, the sensitivity of quinine to ultraviolet light (UV) is such that it will visibly fluoresce in direct sunlight."

        Thursday, January 20, 2011

        My $0.02 on the CIE vs. NCEA debate

        I was in Year 10 when the government pulled the plug on Bursary and my school seniors back then were the first hatch of guinea pigs fed to the burgeoning monster called NCEA. The principal of the school I went to at the time was one of the chief architect of NCEA. The other high school in the area up the road reacted by offering Cambridge International Examinations, to which the chief architect (who unsurprisingly works for NZQA now) made some rather personal and unpleasant attacks in front of the entire school during an assembly. Although NCEA formally starts at Year 11, we were given plenty of mock assessments in order to prepare for the real deal.

        With a twist of fate, I ended up in the other school and took up CIE for the next three years. Hence I feel qualified to speak for the pros and cons of both.

        One persistent criticism of NCEA from parents is that it is "too easy" compared to other "tried and true" systems. This is more of a misconception. Well, every system has loopholes that can be exploited to make academic load as light as possible without compromising an UE. The curriculum is actually similar and CIE is hardly more advanced than NCEA in terms of content.

        Like this editorial have judged correctly, the consistency issues NCEA had has largely been fixed. Schools resent NCEA because of the sheer amount of internal assessments to manage and process. The issue is more acute in schools offering alternatives to NCEA since two details of staff must be maintained.(Initially teachers taught both, however it was soon found to be unpractical)

        A more serious problem is that once the student population start going to separate sets of classes, they effectively split into two cliques, with the NCEA kids accepting some baseless inferiority. Some subjects such as art or PE maybe taught in combined classes, where the division turned into open hostility as the two groups blame each other whenever something went wrong. The bipolar-ness even seems to take precedence over the usual socio-economic or lingo-ethnic lines.

        On the other hand, the real risk of taking CIE is the development of bad studying habits. Since everything that matters is this one big exam at the end of the year, it is not too hard to slack off for most of the time. Once at university, many papers have a significant proportion of marks allocated to in-course assessments, which took me almost two years to actually adjust to. 

        Putting things in context, the early- and mid-noughties were such a good time when the economies were soaring, the All Blacks seemed invincible and Sister Helen ruled the nation with a firm hand. Republicanism was also flying high. The shift to NCEA happened concurrently with the vote in Parliament to abolish rights to appeal to the Privy council, not a coincidence. Therefore, it is not difficult to understand why Auckland Grammar, the most reactionary of public schools out there, to ditch the blighted national standard, with many whitebread high schools rallying under the same banner.