Capacities up to 56TB and speeds up to 1527MB/s
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$1398 $998
SAVE $400

$1798 $1198
SAVE $600

$2299 $2069
SAVE $230

$240 $175
SAVE $65

$240 $175
SAVE $65

$1399 $799
SAVE $600

$2198 $1998
SAVE $200

$2299 $1799
SAVE $500

$2000 $1500
SAVE $500

$898 $798
SAVE $100

$1799 $1699
SAVE $100

$1699 $1499
SAVE $200

$999 $799
SAVE $200

$1798 $1198
SAVE $600

$1997 $1797
SAVE $200

$3399 $2799
SAVE $600

$400 $300
SAVE $100

$1699 $949
SAVE $750

$1199 $1099
SAVE $100

$1199 $1099
SAVE $100

$999 $949
SAVE $50

$1699 $949
SAVE $750

Apple M2 Macs: What Pros Need to Know in a Nutshell

Your computer is getting along in years, and maybe with performance that is less than satisfying—when’s the right time to buy a new Mac, given that the next-generation Apple M2 Macs are on the distant horizon? In a nutshell:

  • MacBook Pro 14 and 16-inch models are due for an update late this year. Probably with the M2 chip. Odd are 50/50 of a delay into early 2022.
  • Mac Pro with high-core-count M2 CPU—my guess is Jan-March 2022.
  • iMac with high-core-count M2 CPU—same guess of Jan-March 2022.

Apple is tight-lipped about all this.

If you need a high-powered Mac now, the best best is the 2020 iMac 5K. See With the Delay of Apple M1/M2 Pro Macs, What to Do Now?

Future compatibility with peripherals

The key thing for those with Thunderbolt 2 Macs is to wait on everything until you have a Thunderbolt 3/4 Mac. But for those with Thunderbolt 3 Macs, have no fear of buying needed peripherals now. You can buy now with confidence of compatibility with an M2 Mac.

OWC has a wide range of Thunderbolt 3/4 products for your current or future Mac.

Don H writes:

I know the Apple guessing game can lead to madness, but I offer two tidbits:

1) Some rumors indicate that Apple might release one more iteration of the current Mac Pro with updated Intel processors (maybe just a speed bump, but no new features otherwise). If true, that could put off M2 Mac Pros until the tail end of 2022, which would still meet their 'two year' transition window. That makes a certain amount of sense from the point of view of add-in card support. It would also allow them to announce new M2 Mac Pros at the June '22 WWDC to give hardware developers some more concrete details of the future specs.

2) Meanwhile, Intel might be working on a new version of Thunderbolt (TB-5) that would increase the throughput to 80 Gbps: https://www.anandtech.com/show/16858/intel-executive-posts-thunderbolt-5-photo-80-gbps-and-pam3-then-deletes-it

That shouldn't change anyone's plans in terms of Thunderbolt purchases, as long as they acquire TB-3 and later peripherals. It is good news if true, although the timeline for this is up in the air. That shouldn't change anyone's plans in terms of Thunderbolt purchases, as long as they acquire TB-3 and later peripherals. It is good news if true, although the timeline for this is up in the air.

MPG: agreed, but IMO, neither point has any bearing on a decision to be made in the next year.

A CPU speed bump in the current Mac Pro would likely be all but immaterial in clock speed terms, but maybe you could get 2 or 4 more cores for the same price and a faster GPU. I’d rather go for an M2 iMac than a Mac Pro anyway, assuming we finally got 4 Thunderbolt ports on the iMac.

As for a Thunderbolt 5, have we ever seen a fast rollout of a new Thunderbolt spec? If it were finalized today, two years seems like a minimum for products with it to appear (beyond token ones).

OWC Envoy Pro Elektron

Ultra-high performance across entire capacity, outperforms the competition.

Tiny, bus-powered, rugged, compact!


√ No more slow and noisy hard drives!

How to Make Web Sites Work Properly with Apple Safari Web Browser —  Disable 'Enable content blockers'

It’s crazy that I have to write this post. But so many web sites fail to work properly with Apple Safari now that I had better.

For a feature to have value it can’t break things frequently! But Safari does.

Many sites like the one below will do some things properly, while other things won’t work. So far, it seems like this feature, ostensibly for security/privacy, is more of a PITA than useful all too often.

The most common problem is the content blocking feature of Apple Safari, namely, the Enable content blockers setting. Other times it is the lack of support for WebGL. Or sometimes the web site itself is poorly designed and never tested with Safari.

It’s easy to check for a fix; uncheck the following, then refresh the page.

BareBones Software BBEdit
View all handpicked deals...

Sony Alpha a7R II Mirrorless Digital Camera (Body Only)
$1798 $1198
SAVE $600

BBEdit Still My Plain Text Editor of Choice For Source Code, HTML, etc

BareBones Software BBEdit (now at version 14) is one of those indispensible applications that everyday users do not need, but anyone who uses it as I do would go crazy without it. Hence the “professional’s choice” description is apt.

Heck, even everday users would do well to learn a plain-text editor for all sorts of formatting tasks. But that’s another topic.

Highly recommended.

And unlike Apple software, it never sucks and never has and presumably never will.

I edit a lot of plain text in the course of my work: source code, HTML, etc. I also regularly use regular expressions to massage plain text and HTML into shape, search/replace, etc. And sometimes dealing with Microsoft Excel, Apple Mail or other programs demands converting to plain text in a way those programs can’t handle. And then there is high speed performance both while editing and for search and replace stuff.

Thus a good plain text editor is essential for what I do.

BBEdit ranks up their in my top-3 most-used tools, every day, day in and day out, #1 when working with source code and html. And for real geeks, the BBEdit folks even have optional command line tools in addition to the superbly useful app.

BareBones Software BBEdit
OWC ROVER PRO wheels for Mac Pro

No tools or hassle… just place your Mac Pro’s factory feet into the Rover Pro’s polished stainless-steel housings and secure with a few hand twists.

When you’re done moving your Mac Pro around, the Rover Pro makes it just as quick and easy to convert back to the factory feet for stationary use.

Separate Your Data from System and Applications on the Boot Drive Using an APFS Volume

Separating your data from system/applications was a good idea back in 2010, remained a good idea, and is still a good idea here in 2021

MPG recommends NOT moving mail and similar things off the boot drive, due to maintainance headaches across system software updates.

Prior to Apple’s APFS file system, creating a separate volume for your data meant true partitioning, a space waster because you had to decide how much space to allocate to each volume in advance.

Here in 2021 and when working with SSDs, MPG recommends a much better alternative: APFS volumes, such as on the internal SSD. These do not waste space as with true partitioning and are very fast to create, as they do not impact existing volumes.

Creating an APFS volume, and why

Recommended only for SSDs (not hard drives because hard drives perform poorly with APFS).

Shown below, the internal 8TB Apple SSD on my Mac Pro has its two default volumes named Boot (read-only boot volume), and Macintosh HD - Data (anachronistic Apple naming for read/write data on the boot volume pair).

You can store everything in your home folder. Why not, if you have simple needs.

But I store just about everything of my own data on an additional volume named Master (as in “master copy of my stuff”. I do this for multiple reasons:

  • It insulates me (somewhat) from the increasingly annoying changes Apple makes to the boot drive and its security.
  • I don’t want all my data buried down in my home folder.
  • I can backup my critical stuff by backing up just Master.
  • I want one volume that I can backup without concern for new changes in macOS security on the boot volume.
  • It’s a real volume, so /Volumes/Master works in paths.
  • Separate file system not comingled with millions of macOS files.

Shown below is Apple Disk Utility.

Internal SSD “Apple SSD” with container volumes

To create an APFS volume, click the + icon over “Volume”, at top. Choose your preferred name, click Add, and you’re done.

Don’t forget to backup the new volume(s) that you create.

Creating an additional volume “MoreStuff”

Brain-Dead Spotlight Search for Source Code Files

This behavior changed in macOS Big Sur AFAIK. It drives me crazy. I have not found a way to make it work as it used to.

I write code (java mostly, but other stuff too). To open a source file I frequently rely on Spotlight to open a file.

A beautiful thing—if I want to open LensParser.java, I’d start typing “LensP...” and up pops LensParser.java, I hit ENTER, and I’m now looking at the file in my text editor BBEdit.

So far so good. But for various reasons, I sometimes have the full source file name. Using that, Spotlight figures that I want to do a useless web page search for lensparser.java, which does not exist—it’s just some useless web search link.

I sometimes wonder how many people Apple hires whose jobs it is to figureout how to degrade usability.

Internal SSD “Apple SSD” with container volumes

Up to 1527MB/s sustained performance

Backing up With Carbon Copy Cloner For Years Now, Latest Update As Good As Ever in Functionality, but Confusing Visuals

I’ve been backing up with Carbon Copy Cloner for years now. Great functionality that I rely on every day for my backups. An alternative is SuperDuper.

CCC has done a great job of keeping up with the ever-changing macOS landscape with its increasing security restrictions,.

But it cannot unbreak some Apple-imposed changes, like the need now with macOS Big Sur to do an entire backup from scratch to bring a bootable drive up to date.

Visual

While the functionality is excellent, the latest version is disturbingly visually distracting. Two things I find very bothersome:

  • Icons are now placed on the destination for status that to my eyes look like errors or problems. Even after weeks of usage with this new version, all I “see” at a glance is “something is wrong”. When nothing is wrong. Very poor visual design IMO.
  • The color-ified task lists end up being a distracting mess. For solid reasons I often have tasks that now show up with those big red X's on them. And I don't need the messy green check marks either.

Two thumbs down on this visual overhaul. I much prefer the visuals of the previous version.

Carbon Copy Cloner

Up to 1527MB/s sustained performance

How To Quickly Email a Link to a Web Page

It can be annoying to get an email for a web page—27 pages of junk and missing images, etc—when all you want is the link to the page. Just try an Amazon page—what a mess.

Two ways to send a link to a web page.

Copy/Paste

Works everywhere: copy the URL from the web browser and paste it into a mail message. Works great, but a time-waster.

One step

In Apple Safari, cmd-shift-I and bingo. Or for those with time on their hands, holddown the Option key and choose File => Share => Email Link to This Page.

Same shortcut in Google Chrome or File => Share => Email Link.

In Firefox, File => Email Link.

Apple Safari: Email Link to This Page

Up to 1527MB/s sustained performance

Batch Renaming Files for Photography using 'A Better Finder Rename'

See also: Quick Look: Batch Renaming Files with 'A Better Finder Rename'.

Still photos can sometimes benefit from renaming to add useful information, instead of the idiotically uninformative names a camera gives files (e.g., “DGLY00459.ARW” or “IMG0123.jpg”, etc)—obtuse, to say the least.

Simple example: Tags feature to add the aperture number to the filename

Different workflows vary a lot, but one thing that matters most to me is the shooting aperture, particularly for aperture series. I don’t care to do much more than that to the file name, but some photographers might want to add date, time, location, a label for the shoot, etc.

Kudos to 'A Better Finder Rename' for being smart enough to rename the XMP sidecar files along with the corresponding image files!

On minor gripe is that I cannot see any way to reference the original file name itself, or its sequence number, so I could build a full name with prefix and the original name embedded in one step. In other words, I’d like to be able to do:

<my-prefix>-<original-fname>-f<aperture>
eg:
SonyFE50f1_2GM-TwentyLakesBasin-DGL2934 -f5.6.ARW

Shown below, the dialog is set up to rename files by appending "-f" then the aperture number.

A Better Finder Rename.app: appending the aperture to the file name

Anon writes:

I'm writing in response to your latest article, to share a tip/trick for ABFR. You can indeed do multiple different rename actions in a single step; click "Show Advanced Sidebar" in the bottom left and then use the plus button to add additional steps. This way you can add a prefix, and then add your aperture setting. I've done a dozen rename steps, which is very powerful since you can see the final output before renaming (and you can use Command + R to initiate renaming from the main window, and then again to confirm all renames in the processing window.)

You can also change a preference in the preferences window to autoclear the queue when renaming is complete; this allows for rapid renaming (especially if you leave multiple steps in the sidebar window, they can be toggled on and off, so you can keep several different rename workflows on standby.)

Of course, if adding your camera name and aperture to the filename is a common workflow, you can save it as a droplet, so that all you need to do is drop the files onto the droplet and they're automatically processed. Perhaps one for each camera type?

MPG: agreed that you can string together multiple actions into one action. But that isn’t a single step. It also raises the potential problem of subsequent steps operating on a now-modified name, which might have undesirable matching.. It is rarely a good idea to “pipe” output when a single substitution can be done at once. But it does address the issue with a solution.

IMO a templatized approach is already 95% there and could be improved, just be adding a few more tags. It’s a lot of “friction” to have to create and name multiple actions—great when they’re all reusable/generic, not so great if you have to start going camera or lens specific.

All the software would have to do is add another tab “Original” or some such, and offer <basename>, <extension>, <sequence-number>. Then you could write something like this:

myPrefix-<sequence-number><lens-name>-f<aperture>.ARW
===>
TwentyLakesBasin-2934-FE 50mm fF1.2 GM-f5.6.ARW

I’d want a different form of the lens name though (including brand), but that’s a tougher nut to crack—in that case I’d have to create an additional action to map the name to the normalized name (including brand) that I want.

Maybe there are tricks I am unaware of to sidestep these issues.

Sebastian B writes:

Perhaps have a look into ExifRenamer, it might be able to do what you're trying to do:

https://www.qdev.de/?location=mac/exifrenamer

You can set up a preset with prefix and let it ask for a prefix on runtime (leaving the field empty if you don't want one). The interface is not the sleekest in the world, but once set up, it usually does what you want it to. (F-number is errantly called "Focal number" in the tag list, but "%8E" should do the trick for aperture.)

MPG: exiftool has some capabilities as well; see https://exiftool.org/filename.html.


Upgrade the memory of your 2020 iMac up to 128GB

Quick Look: 'A Better Finder Rename' for Batch Renaming Files

See also: Batch Renaming Files for Photography using 'A Better Finder Rename'.

I just downloaded A Better Finder Rename by publicspace.net.

There are way too many features to list here. In a nutshell:

  • 15 different ways to change file names including support for image EXIF tags and music files.
  • General purpose regex support.
  • The Subfolders and their contents feature is super handy—just operate on the top-level folder instead of having to select files.
  • Changes are previewed, which makes it easy to avoid mistakes.
A Better Finder Rename.app: 15 ways to rename

Example: simple text replacement

Simple text replacement can save you headaches over the Finder’s method by being smarter—ignoring case, one or all occurences, ignoring file extension etc. Basically you can avoid a big “ooops” a lot easier.

A Better Finder Rename.app: simple text replacement

Example: date/time

Prettyu well sorted out here, but I have a couple of minor grips: things like Add a trailing space after the date should allow a character choice (eg "-" instead of a space). As such, it would require another replace operation (replace first space with a dash).

And I’d rather enter the format by typing it in, like “YYYY-MMDD-". But all in all it’s very well done.

A Better Finder Rename.app: simple text replacement

Up to 1527MB/s sustained performance

OWC Introduces Envoy Pro SX Thunderbolt Bus-Powered Portable SSD

OWC keeps bumping things up on the SSD front in terms of performance and build quality.

Hitting speeds that max-out the Thunderbolt 3/4 bus, anyone who bought a Mac with a too-small SSD has a simple and convenient fix. And if you’re buying a new Mac, you can rest easy knowing that you can easily expand your storage.

MPG has not yet tested this new OWC Envoy Pro variant, but all previous versions were excellent. Get the OWC Envoy Pro SX at macsales.com.

OWC Introduces Envoy Pro SX Thunderbolt Bus-Powered Portable SSD

Super-fast, Super-durable workflow superhero easily handles all storage and backup challenges

OWC®,the premier zero-emissions Mac and PC technology company,and a respected provider of Memory, External Drives, SSDs, Mac & PC docking solutions, and performance upgrade kitsannounces the new OWC Envoy Pro SX, the Thunderbolt portable SSD that can withstand any condition. The mild-mannered exterior of the OWC Envoy Pro SX hides its true nature. It's super-fast. Super-versatile. Super-portable. And rugged enough to endure the most challenging work and play settings.

OWC Envoy Pro SX

This little beast of an SSD handles all data storage and backup challenges like a real superhero when put to the test. The OWC Envoy Pro SX is versatile enough to be used as a bus-powered drive for daily storage and backup tasks. It can handle workflows easily handle the speed demands of production-level audio, design, and photography workflows. And it serves up real-world performance speeds up to 2847MB/sec with modern Thunderbolt and USB4 equipped Macs and PCs. Built along the OWC Envoy Pro EX's award-winning lineage, this tiny but mighty ½ pound portable drive is 1/3 smaller. It features a removable Thunderbolt cable and is test certified to handle the nastiest environments. From managing obstacles in the field to crushing deadlines at home, the OWC Envoy Pro SX lets you unleash your productivity power without needing a cape or mask.

The grooved fins on the OWC Envoy Pro SX's matte black aluminum chassis transform it into a highly effective heat sink. Even after a diabolically long file transfer, the stealthy and silent OWC Envoy Pro SX stays reliably fast. The OWC Envoy Pro SX is fully compatible with macOS and Windows built-in encryption, so you can add peace of mind password security to your data whenever you need it. Whatever your data journey, the OWC Envoy Pro SX stands ready to deliver a crushing blow to time-robbing work and play challenges in the blink of an eye.

OWC Envoy Pro SX Highlights

  • Lightning Fast: Advanced OWC Aura Pro SSD storage technology with TRIM support works with Thunderbolt to deliver the fastest and most reliable performance available in a portable drive
  • Super Versatile: Perfect for audio, video, photography, graphics, gaming, and general data storage/backup uses
  • Xtremely Portable: Bus-powered and smaller than most compact smartphones
  • Xtremely Rugged: Certified dustproof, drop-proof and waterproof 2
  • Silently Cool: Fan-less, heat dissipating aluminum housing for distraction free operation
  • Secure: Non-skid rubber feet keep the OWC Envoy Pro SX in place
  • Informative: LED for at-a-glance confirmation of power and activity status
  • Connected: Included Thunderbolt cable plugs into Thunderbolt and USB4 Macs and PCs
  • Worry-Free Reliability: 5 Year OWC Limited Warranty

"For OWC Envoy Pro SX, we wanted to make a drive that's truly unique," said Larry O'Connor, CEO and Founder of OWC. "Listening to our customer's suggestions from the Envoy Pro EX model, we made sure to add a detachable Thunderbolt 4 / USB4 cable, and while we were at it, we made it a smaller form factor and even more rugged by adding IP67."

Pricing & Availability

The OWC Envoy Pro SX 240GB to 2TB models are available now, starting at $199 on MacSales.com.

How to Batch-Rename files in the macOS Finder

Built into the macOS Finder is a handy tool for renaming files. I use it just about every day for something or another.

For example, the Sony A1 generates “.HIF” files that won’t open in Photoshop without renaming them to “.HEIF”.

How to Batch-Rename files in the macOS Finder

  1. Select files. Edit => Select All works great, since non-matching files are unaffected.
  2. Right click (control click) on a file and choose Rename... or use File => Rename... to bring up the file renaming dialog.
  3. Enter the text to replace and the text to replace it with.
  4. Click Rename.

If more files got renamed than you intended perhaps from a too-liberal matching text, then Undo and try again.

Renaming all selected “.HIF” files to be “.HEIF”

The Rename dialog can do more than simple text substitution, but there is no regex support and it is brain dead about formatting. But it’s still useful for some quick jobs.

Renaming all selected “.HIF” files to be “.HEIF”
Renaming files to include date and time

Don H writes:

If you don’t already use it, I highly recommend ‘A Better Finder Rename’:

https://www.publicspace.net/ABetterFinderRename/version10.html

It’s stand-alone. I think including the word ‘Finder’ in the app name makes it sound like it’s some sort of extension. It’s a fantastically-capable batch processor. I have used it for normalizing many filenames (thousands at a time) from disparate sources, along with folder names. It’s great for OCD file organization.(After using it in trial mode I was impressed enough to buy the ‘Forever Upgrade’ a number of years ago, and have benefitted ever since.)

The ‘Big Mean Folder Machine’ is also a good app when managing large hierarchical libraries:

https://www.publicspace.net/BigMeanFolderMachine/index.html

They’re not free like the Finder feature, but are vastly more capable.

MPG: I have not looked into these products, but a quick look suggests they are vastly superior to the macOS Finder.

UPDATE: see Quick Look: A Better Finder Rename.

I’ve generally avoided add-ons as I try to keep things as vanilla as possible to forestall problems. I weight the issues of cost/complexity/frequency of use before I take on new software.


Upgrade the memory of your 2020 iMac up to 128GB

Phishing Scams: “urgent favor please, traveling and need help buying gift card”

Below is an example of a social engineering financial scam that I received this morning, a variant of phishing. It makes use of compromised email accounts, counting on the fact that for some people, they will recognize the email and be willing to help. With a compromised computer, a hacker can know target all the emails in a contacts list, greatly raising the odds of a favorable response.

The scam starts with the probe of “urgent favor needed”. It seemed sketchy at best, but in this age of brevity on phones, and the email apparently being from a subscriber of mine, I responded with “Yes?”, thinking there was an outside chance that it was about needing advice on cameras/lenses or similar.

TIP: check your own emails and any suspicious ones at https://haveibeenpwned.com. However, emails compromised by individuals (not mass compromises) might fail to show up as pwned.

The next step after my “yes?” was for the scammer to use a well-known social engineering manipulation tactic, the “fake because”, proven to be highly effective in social interactions.

As should be obvious, the resulting response is ridiculous on multiple fronts.

The next step, should you be suckered into it, is to be led down the garden path until you cough up a credit card, mail the gift card, or whatever.

Are you and I too dumb to fall for this? Sure. But the elderly and some naive people do fall for this, some lose their life savings, and all it takes is 1 in 10000 to make it highly profitable for the crooks doing it.

More: phishing and security.

Social engineering scam: “urgent favor please buy gift card”

Upgrade the memory of your 2020 iMac up to 128GB

OWC U2 SHUTTLEONE: Build Your Own Affordable High-Performance U.2 SSD

OWC U2 ShuttleOne

Macs can’t really make direct use of a U2 PCIe SSD, but maybe a new Apple M2 Mac Pro will offer some bays.

A U.2 SSD is a standardized form factor that slots into a U.2 interface. The enclosure contains an SSD (in theory custom solutions could contain several banks of SSD storage). At present, enclosures like the OWC U2 ShuttleOne allow installation of a single NVMe M.2 SSD into the enclosure. The encosure can then be swapped easily between computers, multiple enclosures can go into computers or other devices with U.2 bays.

However, you can put a U2 enclosure into an OWC ThunderBay Flex 8 or  OWC Mercury Helios 3S or U.2 NVMe Interchange System. But for my usage, I’d prefer to use the OWC Thunderblade—no muss, no fuss.

OWC U2 SHUTTLEONE: BUILD YOUR OWN AFFORDABLE HIGH-PERFORMANCE U.2 SSD

This innovative “build your own” heat dissipating full metal adapter brings U.2 SSD performance and capacity to the mainstream in a flexible, easy-to-use design. Performance enthusiasts, IT admins, M&E pros, gamers, and more can now use a readily available and affordable NVMe M.2 “blade” style SSD in a 2.5-inch U.2 bay. Whether you have a U.2 bay equipped server, workstation, gaming rig, or external drive, the OWC U2 ShuttleOne gives you access to a new world of storage possibilities.

The OWC U2 ShuttleOne offers a full-metal housing that solidly protects your drive and data while providing cooling that’s superior to adapters made with other materials. The OWC U2 ShuttleOne delivers complete drive reliability and takes your workflow beyond the limits. Small form factor NVMe M.2 SSDs can pack a powerful performance but swapping them can damage the connector and make the drive unreadable. The OWC U2 ShuttleOne lets you change your NVMe M.2 SSD at will in any 2.5-inch U.2 drive bay with the peace of mind that your drive will stay protected. This innovative adapter is fully certified and rated up to PCIe Gen 4, meaning the OWC U2 ShuttleOne supports your drive’s fastest performance up to 8,000MB/s. The OWC U2 ShuttleOne can make your dream of mind-blowingly fast speeds a reality.

...

MPG: Read more at macsales.com.

OWC U2 ShuttleOne

Upgrade the memory of your 2020 iMac up to 128GB

Comcast Cable Modems Are Flaky In General, Cannot do Port Forwarding or Port Mapping

Maybe this will help someone out there who needs to do what I do. At least to avoid the expectation of having port forwarding work properly.eave the only solution to be using another router/firewall with NAT as the DMZ machine.

Background

Comcast business internet is a premium service, with 24-hour call support (of varying quality) and 1-2 day on-site response. Overall, it has performed well for me for 10 years or so, but with the advent of COVID-10, service quality has gone to crap with an overloaded “node” serving my neighborhood. Once overloaded (2 PM to 11 PM is pretty bad), the router just drops packets like crazy and all sorts of things slow down or just won’t work. It’s a nightmare scenario with no good alternatives in my area.

Making matters worse, I run a mail server and a git server in my local LAN, behind the Comcast cable modem. All I need the modem to do is to forward incoming requests to my servers

The aging Comcast/Netgear modem I am using has done this job well for years now, but when the node gets overloaded, the router degrades my entire LAN (even just internal stuff), via rampant packet loss. Why WAN problems should degrade the LAN also, dunno—maybe the modem has its CPU pegged-out.

Port forwarding is a well-established and very simple technology that forwards incoming packets from outside the firewall to servers inside the firewall, based on the port number. Properly done, incoming packet on port X can be sent to internal server on port Y. Brain-dead implementations such as on newer Comcast cable modems can only send X to X but better ones like Netgear can send X to Y which is far superior for security purposes eg not having to run on a privileged port on the server. For examples:

<WAN IP>:<WAN port> to <LAN IP>:<AN port>
100.100.100.100:22 to 10.0.0.5:22
100.100.100.100:22222 to 10.0.0.5:22
100.100.100.100:3333 to 10.0.0.5:4444
100.100.100.100:587 to 10.0.0.6:587

What port forwarding looks like on the discontinued Comcast/Netgear cable modem:

Port forwarding summary in Comcast Business Gateway (Netgear)

ALL the newer “better” Comcast modems fail at port forwarding — both configuration and operationally

I submitted a technical support request at Comcast. No response so far. Most likely, if Comcast ever responds the response will be a patently false claim that port forwarding is a customer IT issue. But my issue is not how to configure, it’s that configuration doesn’t work due to bugs in the modems.

Comcast has discontinued the Netgear cable modem, and is actively replacing it at customer sites (according to a Comcast technician). Customers are supposed to use the newer “better” Technicolor cable modems.

Thing is, neither the mid-level or the gigabit models Comcast Technicolor cable modems can do port forwarding at all, making it impossible to run servers.

The approved Comcast Technicolor cable modems have (on paper) the port forwarding feature, but it doesn’t work, either for configuring it, or operationally.

I'm flummoxed—the only cable modem that works at all is the discontinued 5-year-old NetGear one. I cannot use non-Comcast modems, because servers require a static IP. And a static IP requires only a Comcast supplied cable modem.

I have tried and retried Comcast modems for over 3 years now. All fail to work properly for port forwarding, usually starting with outright failures for the most basic configuration. All have the same configuration bugs—yesterday I saw the same bugs I saw 3 years ago, and 2 years ago, and a year ago. 

Hours wasted, no luck

The Comcast technician spent two hours at my place yesterday. All of what follows was witnessed firsthand by him.

We tried two of the mid-range Technicolor cable modems (for up to 300 Mbps). The first one was grotesquely flaky. We watched it take 10 minutes to boot (several times), 20-second delays for admin interface, and it would start dropping all packets regularly (LAN and WAN). Port forwarding functions were unusable, with even the simplest attempt to configure it failing—never got past configuration. A second sample of the same modem seemed better, but it could not be configured either.

Then we moved on to the high-end gigabit model. This one was twice as fast to boot up (still very slow at 4-5 minutes), but its admin interface was instantaneous. We were able to configure port forwarding. Not only that, but it actually functioned properly—hooray! I was satisfied after testing my servers, and the technician left.

Then just 45 minutes later, the modem crapped out, and port forwarding ceased functioning. Rebooting it did nothing useful. Attempts to configure it again were met with the same error messages as in the mid-grade Technicolor modems. It never worked for port forwarding again.

This port forwarding issue is NOT an "internal network issue".   It is BROKEN MODEM FIRMARE. This point matters, because any attempt to raise it results in Comcast say that it is “an internal network issue, contact your IT department”. This is total bullshit; it is broken modem firmware.

I then spent 90 minutes in generic Comcast Support Hell, transferred multiple times and cut-off once after 25 minutes (start over!) and finally had to walk a trainee technician through the correct gateway and netmask settings. OMFG.

What port mapping should look like

A good modem should allow mapping the incoming port to an outgoing port. The aging Comcast/Netgear modem does that, as shown (eg port 22222 maps to port 22 in this example).

The brain-dead Comcast/Technicolor modems can only send port X to port X—pure forwarding with no port mapping (X to Y). This is both a security problem (privileged ports) and a server configuration headache (no means to use the different incoming ports to the same ports on multiple internal servers). For example, the ability to ssh to two different internal servers:

100.100.100.100:2001 to 10.0.0.5:22 # cannot be done on Comcast Technicolor modems
100.100.100.100:2002 to 10.0.0.6:22 # cannot be done on Comcast Technicolor modems

Fail

Once and only once by pure luck, we were able to configured the Comcast/Technicolor gigabit model for port forwarding (no such luck with two of the 300 megabit models). It worked correctly at first, then crapped out 45 minutes later and never worked again even after rebooting it. All subsequent attempts to edit or add configuration were met with errors like the examples that follow.

Comcast Business Gateway (Technicolor): failed to add

The Comcast Technicolor modems (either) are so broken that it is usually not even possible to configure port forwarding. Most of the time it just posts an error:

Comcast Business Gateway (Technicolor): failed to add

If you do get lucky enough to have configuration 'take' (this happened once and only once on the Comcast Technicolor gigabit modem), editing an entry will invariably fail.

Comcast Business Gateway (Technicolor): failed to edit

Workarounds?

Thanks to reader Jack B for some ideas, but they don’t apply to my situation (Comcast Business Class modems cannot use Bridge Mode). Namely, he is able to configure his Comcast modem into Bridge Mode, thus passing all traffic thru to his own Netgear router, which can do the NAT/DHCP/Port Forwarding. That is equivalent tow hat I might be able to do using the DMZ feature on the Comcast modem I have available to me.

Here is a good summary of securing networks with firewalls/NAT.

In my situation, Port Forwarding is non-functional on all the Comcast-supplied routers, as discussed above. And to run servers, a static IP is necessary and that means only Comcast-supplied mode/router can be used. Furthermore, Bridge Mode for the Comcast router/modem is not an option.

With Port Forwarding non-functional and Bridge Mode not an option, as far as I can tell my only option is to make use of a DMZ router/firewall, essentially having the Comcast modem/router forward all traffic to that DMZ IP address, a Netgear router/firewall, which itself will do the Port Forwarding to machines on the local LAN, and with both NAT and DHCP for everything on the local LAN*.

* I’m not going to worry about putting the servers on yet another subnet behind yet another firewall, because I have other locked-down security measures in place and have seen no security breaches in 15 years (ever).


Upgrade the memory of your 2020 iMac up to 128GB

Deals Updated Daily at B&H Photo

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__