Huawei is facing more and more setbacks when it comes to its network infrastructure hardware. Australia earlier this year, and New Zealand more recently, have rejected Huawei’s bid to suply 5G network infrastructure hardware, stating national security as the main reason. A November Wall Street Journal report claimed that the US called upon its close allies to avoid purchasing and using network equipment from the Chinese manufacturer.
The latest hurdle Huawei is facing is in the UK, where BT Group Plc decided to remove all Huawei 4G network equipment within two years. The information was cited by Reuters after initially being published by the Financial Times.
Apparently there’s an “internal policy to keep the Chinese company’s equipment at the edge of telecoms infrastructure”, claims the report, and BT’s move is now in alignment with said policy. Additionally, Huawei was excluded by BT from bidding on future contracts regarding 5G network infrastructure, hardware, and equipment.
Neither BT nor Huawei have commented on the matter so far, but we expect the Chinese company to react, as it usually does before appealing or trying to revert such decisions.
The Black Armory, Destiny 2‘s first expansion of the post-Forsaken era, goes live today, along with a new update to the game that patches in a few minor changes. Bungie outlined what the expansion entails last month–instead of focusing on a new story campaign, it’s focusing on new locations and activities. That means a heap of new loot to get as players reignite three special Forges across the solar system, and a full new Raid on its way on December 7.
The big notable additions in The Black Armory, the Forges, sport a new horde mode-style activity that will include matchmaking and special rewards. The expansion brings five new Exotics, four of which Bungie has detailed so far, and new Pinnacle Weapons for players willing to put a lot of time and skill into Gambit, Strikes, and the Crucible. The Black Armory also increases the Power Level cap to 650, giving players a reason to jump back into the endgame grind–and with the Scourge of the Past Raid on its way on Friday, many players will want to be climbing that hill as quickly as they can.
The launch of The Black Armory accompanies Patch 184.108.40.206, which includes a host of small tweaks and balancing changes, as Bungie explained on its blog. It notably reduces Gambit’s Heavy ammo boxes for Linear Fusion Rifles from five rounds to three, which should reduce the effectiveness of the many, many folks using The Queenbreaker in those matches.
Players below Power Level 550 will get some help catching up to endgame players with the new patch, as Destiny 2 will now drop Prime Engrams and their Powerful gear more frequently for players rushing to catch up. And Raiders in Scourge of the Past and Last Wish will now have the option of deleting their checkpoints in those activities if they want to restart them.
There are also a host of changes and issue fixes throughout Update 220.127.116.11. Check out the full patch notes below.
Tuned Chaos Reach’s deactivation cost so that it consistently retains Super energy from deactivating early.
Previously, Chaos Reach allowed Players to save Super energy when deactivating the Super early by charging a flat Super energy cost upon deactivation (~65%). This meant that in order to save Super energy, you’d have to deactivate within the first second or so of the Super’s duration.
With this change, Chaos Reach’s deactivation will now always save you some Super energy. Deactivating the Super is no longer a flat energy cost but, rather, now works on a curve. The intention is to reward players for skillfully timing their deactivation.
Fixed an issue where the overshield granted upon respawning in Crucible would not negate damage right away
Increased damage required to destroy Nightstalker Tethers prior to their activation
Fixed an issue where the Biotic Enhancements buff would apply too much of a damage multiplier when standing in a Well of Radiance
Fixed an issue where Scavenger perks could be used to generate heavy ammo off of team mates who fell to self-inflicted misadventure
Fixed an issue where high impact scout rifles were not firing at 150 RPM
Fixed an issue where the impact stat bar for Fusion Rifles was not updating when upgrading a charge time masterwork for the weapon
Fixed an issue where kills were not required to extend Super uptime
Fixed an issue where Super was not extended after 10 or more kills
Fixed an issue where explosions were doing less damage than intended
Reduced the amount of ammo gained from the Machine Gun Scavenger perk to bring it in line with other Power weapon scavenger perks
Fixed an issue that caused the Black Armory weapons to sometimes roll two of the same perk
Duplicate perks have been replaced in each weapon’s talent grid
Fixed an issue that caused The Mountaintop to drop above appropriate power levels for players who do not own Forsaken, making it unequipped unless pulled from collections
Fixed an issue that caused Valor Ranks to display different values from what their rank actually was
This is strictly a visual fix, ranks have worked properly since Season of the Forge began
Fixed an issue where the wrong team would sometimes be credited for killing the Ascendant Servitor Primeval
Reduced the amount of ammo that Linear Fusion Rifles receive from the Power Ammo crate in Gambit to from 5 to 3 rounds
Sleeper Simulant still only receives 2 rounds
Players who die with fewer than 2 rounds of special ammo will now always respawn with 2 rounds, to help alleviate special ammo starvation
Fixed an issue where players would be held in a loading screen if another player was inspecting items in inventory
Fixed an issue where Protheon, the Modular Mind grew three times larger than intended in Update 2.1.0
This strike has been reintroduced to Matchmaking, and can be launched once again from the Director
Leviathan & Raid Lairs
Removed “Normal Mode Completion” requirement for launching Prestige Modes for Leviathan, Eater of Worlds, and Spire of Stars
Fixed an issue where Destiny 2 would crash during the Morgeth fight
Fixed an issue where the “Hawthorne’s Heroes” Clan Perk was not providing the proper rewards
Items & Economy
The “Hecuba-S” exotic Sparrow no longer requires Annual Pass ownership to reacquire from Collections
The “Mimesis Drive” Sparrow now properly requires Annual Pass ownership to reacquire from Collections
Shader reacquisition time reduced from 3 seconds to 1 second
Prime Engrams will now appear more frequently for players under 550 power, and provide larger power benefits when decrypted
Fixed an issue where the “Harbinger’s Echo” sparrow was locked out for players who destroyed dragon eggs across multiple characters.
We are currently developing a fix for an upcoming patch to address players who have already destroyed all eggs prior to this update. Update 2.1.3 is tentatively planned for December 18. 2018
Seed of Light added to the drop table of the Blind Well Heroic
The “Lest Ye Be Judged” Trophy/Achievement can be completed by visiting Xur
Fixed an issue where the “Riddle Me This” Triumph was not unlocking properly
Fixed an issue where Amanda Holliday had an improper notification waypoint
Fixed an issue where Festival of the Lost armor could not be masterworked
Fixed an issue where items could not be masterworked if players did not have Enhancement Cores in inventory, even if the masterwork cost did not require cores
Fixed an issue where Amanda Holliday’s inventory did not refresh at the proper times
When selecting a Last Wish or Scourge of the Past on the Director, players can now delete their current checkpoint before launching the activity
Fixed an issue where the Vanguard node on the top-level Director was not displaying active challenges
Congresswoman-elect Alexandria Ocasio-Cortez says the health insurance she will receive as a member of Congress will cost significantly less than the health insurance she paid for as a waitress. Read More
I’m cynical when it comes to video game remasters. What’s the point of taking the time to completely overhaul Crash Bandicoot’s visuals if he still controls like a bag of rocks? After four hours with Resident Evil 2, the sort-of-but-not remake of the 1998 survival horror masterpiece, I can happily say that it is so good to play, look at, and listen to that it feels like a completely new game.
My demo starts as Leon ascends a ladder into the car park of the Raccoon City Police Department. Memories of watching, terrified, as my older brother led Leon down those familiar cramped corridors almost 20 years ago come rushing back. Even though I’m playing in a brightly lit boardroom, the oppressive darkness and grimy, dank muck of Leon’s surroundings pull me into his world. Raccoon City has never looked so good.
Even though I’m playing in a brightly lit boardroom, the oppressive darkness and grimy, dank muck of Leon’s surroundings pull me into his world.
Leon emerges from a manhole cover and I see a familiar figure in a trench coat smoking a cigarette as she leans against the car park’s shutters. As I approach, Ada Wong tells me to “open the damn shutters” and I realise I’m not going to explore the iconic RPD building this time. At least not as Leon.
Resident Evil 2 keeps the two playable protagonists of the original and I was given time with both Leon and Claire Redfield, sister of Resident Evil’s Chris Redfield. While there are still plenty of Lickers to melt with acid rounds as Claire, the section I played was more reminiscent of classic Resident Evil survival horror with a focus on puzzles, while Leon’s embraced the grand set pieces and combat direction of later entries.
You can choose to play as either Leon or Claire from the start. While both explore the same basic areas they meet different characters, are pursued by different enemies, and get unique sequences and perspectives as they piece together what happened to the quiet, mountain town.
We’re Going Deeper Underground
Ada leads Leon into the rain and danger of Raccoon City’s streets. As they exit the relative safety of the car park, he raises his arm to shield either his eyes (or maybe his incredible early 90s middle part) from the rain. There’s such attention to detail in every part of Resident Evil 2. The road ahead is blocked by roadwork supported by scaffolding that’s lit moodily from below, casting ominous shadows across the red brick facades of shuttered businesses. As I swing the camera around to get a better look at a massive Umbrella Corporation Billboard I notice a familiar name in neon: Gun Shop Kendo.
Returning players will recognise this as the first location Leon and Claire stumble into in Resident Evil 2. But from what I can tell, I’m much further along in the story this time. Ada tells me to look around and I brace myself for what I know is coming: the owner is going to appear, shotgun in hand, and after a bit of exposition, he’ll be eaten by zombies crashing through the window. But that’s not what happens.
While he does appear, shotgun in hand, nothing goes the way I remember. Leon’s arms are raised above his head and he tells the man that he means him no harm. Leon sounds fresh from the academy and fights his instinct to look the man in the eyes, his words measured like they’re memorised from a book. The level of acting throughout the tense standoff is not what I expected from a Resident Evil game. As the situation wears on, the gun shop owner lashes out at Leon. He’s a cop, how can he not know anything? There’s desperation in his voice and an incredible amount of restraint in the performance. The few trope-y lines are delivered with a real sense of weight, and there’s no zombies smashing through windows – just three people trying to make sense of what the hell is going on.
The encounter with Robert Kendo isn’t how you remember.
It’s that level of restraint that helps build tension in Resident Evil 2. It was a good half an hour before I encountered any type of enemy and when I eventually did, it was one of the best set pieces in the series.
After leaving the gun shop and finding our way into the sewer, Resident Evil 2 went from 0-100 in about two seconds. Remember the first time you paddled across the lake in Resident Evil 4? What’s waiting for you in Raccoon City’s sewers is on the same level as that except with less warning and even less time to react. It’s so expertly foreshadowed and executed that as soon as it was over I had to put the controller down and take some deep breaths. It’s exactly the kind of thrilling, heart-pounding moment I want from a modern Resident Evil.
Out with the Old
One of the main criticisms levelled at Resident Evil 2 in ‘98 was against its puzzles. Some thought they were too easy, others felt it didn’t make sense for a police station to be so riddled with hidden mechanisms. The inventory system was also seen as flawed.
As Resident Evil 2 is built on the same engine as Resident Evil 7, there are a lot of quality of life improvements that make hunting for key items in the dense, cluttered settings just a little easier. Items now pop with an interaction symbol and some items, such as lockboxes, need to be manipulated in the inventory screen to reveal their usefulness. The inventory screen has been overhauled too and is closest to that of Resident Evil 7. Your space is represented by boxes with large items like shotguns taking up two spaces over smaller items’ one, and perusing your wares pauses the action.
While a little less clunky, I still found myself running out of space regularly or without the item I needed to progress, having stashed it across town so I could pick up more herbs. One particular puzzle that involved a large gear was particularly frustrating, as making room for it plus the weapons I needed to ward off enemies became a game of trial and error.
If you’ve played Resident Evil 2 to death and know how to solve every puzzle and the location of every key, you’re in for a treat. While it feels familiar, puzzles have been either updated or changed completely. The classic library shelf puzzle, for instance, now makes more sense within the world. As Claire, I was traipsing about on the top floor of the police station library, having a great time, when the floor gave way. Without the ability to jump the gap, I had to find another way across. And what better way then moving some Compactus library shelves to form a makeshift bridge? Elsewhere I was manipulating photo frames and hitting the unlock button on a set of car keys to trace the telltale “bloop bloop” of its owner to see what hidden items I might find.
In With the New
Capcom seems to be aware of the importance of updating the pacing of events too, as not long after the encounter in the sewers, control changed from Leon to Ada. Reminiscent of the Arkham games, Ada comes equipped with an EMF device that allows her to trace electrical circuits and activate electronic devices remotely.
The EMF device is a new way to solve puzzles.
The EMF device is only used in Ada’s section but the way it’s used to increase tension keeps it interesting. Shortly into my exploration of the sewers as Ada, Resident Evil 2’s Tyrant appeared. Just like in the original, the Tyrant is a towering bald figure in a trench coat who can’t be killed. The only option is to run away and hopefully put enough distance between you and him that he’ll lose your trail, allowing you to slow down and explore at your own pace.
But in the cramped hallways and pipes of the sewer, that’s not an option. Several times I audibly shrieked in terror as the Tyrant drew close to Ada as she waited for the progress bar of the hacking device to fill. The Tyrant feels like the Resident Evil version of the Xenomorph from Alien: Isolation – an invincible killing machine constantly on the hunt.
While Ada was able to squeeze through a small opening to escape the Tyrant, which brought that section to a close, Claire’s part of the demo showcased him in a different light. After finding my way past the smouldering wreckage of a crashed helicopter on the roof of the RPD building, the Tyrant was a constant threat throughout the two hours I spent solving puzzles and uncovering the dark secrets of the Raccoon City Police Chief.
The Tyrant’s footsteps are loud and he never breaks into a run, but exploring pitch black corridors stuffed with zombies, while also trying to figure out if you’re in danger of rounding a corner and bumping into Dick Tracy’s Matrix-cosplaying bodybuilder clone made for many tense, emergent moments. At one point I was struggling to move the shelves in the library when I heard his huge lumbering footsteps approaching. I swung the camera around just in time to see him throw a T-virus imbued haymaker and knock Claire out of existence.
Aside from his initial appearance, the Tyrant sequences are completely unscripted. And it was these interactions that led to the more frustrating moments of the Claire demo. His appearance as I searched for a way to progress would mean I’d run away with no regard to direction, only to find myself lost or stuck in a dead end. While this will be less of an issue when given the time to learn the layout of buildings, it’s still frustrating to have to abandon whatever you’re doing to run three rooms away through hordes of zombies, only to then use some of the precious ammo you have left just for the chance to run back the way you came.
But the few very minor frustrations are not enough to dampen my excitement for Resident Evil 2. In a time when it feels like classic games are given a fresh coat of paint and pushed out to market, it’s refreshing and exciting to see Capcom treat its back catalogue with respect here while also understanding games have evolved since 1998. I have a feeling Resident Evil 2 is going to have a whole new generation watching, terrified, as their older sibling explores the dark, creepy mysteries of Raccoon City.
Dan Crowd is a video producer at IGN’s Australian office. You can follow him on Twitter @ItsDanCrowd.
Razer is updating one of its most recognizable laptops, the 13.3-inch Blade Stealth, with a new chassis and specs. The updated Blade Stealth can be configured as a full HD, battery-conscious laptop or a 4K touchscreen machine with discrete graphics. Ultimately, this is going to be Razer’s most portable and affordable laptop, putting it in direct competition with machines from Apple and Dell.
The big deal with the Stealth’s fall refresh is its changing footprint. At first glance, I thought the new Blade Stealth was smaller than the previous generation, until I placed them side by side. In reality, the 2.82-pound laptop is actually four-tenths of an inch thicker, with thinner 4.9mm bezels flanking the screen (which are 60 percent thinner than the last gen’s) that make it appear to have a smaller footprint. It also has a smaller power brick for charging over USB-C.
Razer revamped the Stealth’s speaker setup, with four Dolby Atmos tuned speakers (two more than before) on both sides of the keyboard. There’s also a larger Windows Precision Touchpad than before, complete with native gesture support.
You might be getting slightly more for your money this year, too: the new Blade Stealth starts with a quad-core processor, but with the same $1,399 starting price. Previously, you’d only get two cores, and $1,499 would get you a quad-core chip.
The new Blade Stealth has an Intel Core i7-8565U quad-core processor clocked at 1.8GHz (Turbo Boost to 4.6GHz), Intel UHD 620 integrated graphics, 8GB RAM, a 1080p matte screen (with 100 percent sRGB coverage), and a slower 256GB SATA SSD.
If that’s not enough power, you can upgrade the Blade Stealth laptop to a 4K glossy touchscreen, a new 25-watt version of Nvidia’s MX150 discrete graphics chip that Razer claims is fast enough to play League or Fortnite (on lower settings)at 1080p or 4K, 16GB RAM, and a faster 512GB PCIe solid state drive. These upgrades push the Stealth’s price tag up to the $1,899 mark.
On its own, the Stealth isn’t a gaming laptop (even with the MX150 chip), but both models still have eGPU support. That’ll allow you to use an enclosure like Razer’s own Core dock to attach a desktop-class GPU over a Thunderbolt 3 connection, with four PCIe lanes capable of 40GBps data transfers.
Razer hasn’t retained the individual Chroma key backlighting we’ve seen in the advanced Blade 15 and the last-gen Stealth. Instead, Razer swapped it for the single-zone layout in the base Blade 15 in order to conserve battery life, which company reps claim is “up to 13 hours” on the base 1080p Stealth, or three hours more than previously claimed with the last-gen Stealth. We’ll see how that pans out when we review the new Stealth in the coming weeks.
Another new hardware addition is the IR camera mounted at the top of the display that allows you to log in to the Blade Stealth using Windows Hello facial recognition. It’s been a heavily requested feature of mine on previous Blade laptops, so it’s great to see facial recognition finally making an appearance in their lineup.
The new Razer Blade Stealth launches today, starting at $1,399 from Razer.com and select retailers in the US and Canada. It’s also coming soon to retailers in the United Kingdom, France, Germany, Sweden, Norway, Finland, Denmark, Iceland, China, Australia, Hong Kong, Japan, Singapore, and Taiwan.
As Ars security-meister Dan Goodin noted in his initial write-up back in October, the Helm Personal Server is a small-ish ARM-based email server that sits in your home and does for you what Gmail or Outlook.com or whomever your current email provider does for you. It’s a full-featured, single-domain (for now) MTA in a box that you can use with an unlimited number of email addresses and accounts, and it gives you 128GB of space to use as a mail store for those accounts. It also gives you CalDAV calendaring, notes, and CardDAV contacts, and it does it all with open-source applications that are chosen and configured in a way that demonstrates a solid bias toward individual security and privacy.
And I like it. I like it a lot. I didn’t think I would, but after spending a week with the device, I’m almost ready to spring for one—almost. And that’s high praise, coming from a paranoid email self-hoster like me.
Based on my short time with the Personal Server, the praise is properly earned. The Helm team based its product mostly around the same mail stack that I personally prefer and use—the holy trinity of Postfix for SMTP, Dovecot for IMAP, and SpamAssassin for keeping things clean. The device properly uses SPF, DKIM, and DMARC—and handles all the DNS stuff necessary to make those things work. End-user data is smartly encrypted at rest and in flight. Clever use of tunneling to AWS-based gateways transparently works around common ISP blocks on email service ports. And, perhaps most importantly, you don’t have to know what any of that stuff means to use the device securely—casual folks who maybe just want to lessen their reliance on Google or Microsoft will find the transition to Helm relatively painless, and there aren’t many ways to screw it up and make yourself less secure.
But technical users might balk at some of its shortcomings and annoyances—the underlying Postfix/Dovecot configuration (along with the constellation of smaller apps like OpenDKIM that are necessary to make it work) can’t be viewed, changed, or edited. If you’re bringing an existing domain to the Helm service, you currently need to transfer your domain’s authoritative DNS to Helm’s AWS-based DNS servers so that the service can manage the necessary MX and TXT records. The choice of AWS for DNS means Helm currently doesn’t offer DNSSEC support. And a few other minor issues might make experienced email sysadmins hesitant—though conversations with Helm’s support team during the review have me convinced of the company’s willingness to evolve the product in a direction more compatible with the (sometimes difficult) demands of power users like me.
All that being said, the tl;dr here is that I like Helm. I like what the company is doing, and I like the way it’s doing it. With a few minor changes (and some more exposed knobs and levers so I can tweak things a bit), I’d happily buy a device and transition my email hosting off of my current setup.
Now let’s dig a little deeper into what we’ve got here.
How Helm fits into the email-hosting dilemma
In early 2014, I penned a four-part series about how to host your own email for your own domain, based on my own adventures in self-hosting. Although the guides are at this point in dire need of updating, they’re among the most popular things I’ve written in my entire tenure at Ars (eclipsed only by the time I talked non-stop about farts for a whole week). Doing my own email hosting has on the whole been a rewarding and challenging endeavor that’s yielded tremendous amounts of knowledge, experience, and gray hair—and, after doing it for a bit more than five years, I have no plans to stop.
There are significant benefits to self-hosting your email, but they come with significant downsides, too—most notably, you’re on the hook for any mistakes or problems. “Email,” said Past Lee, “is like a puppy, and once you step up and own your own puppy, you’ve got to take care of it, clean up after it, and make sure evil people don’t infect it with horrible viruses and transform it into a zombie.” Looking after an email server does occasionally require work—a responsible sysadmin needs to keep up with updates, keep an eye on the log files, check regularly on RBLs, be mindful of deliverability and sender reputation, and other miscellaneous sysadmin-y tasks. It’s not overly onerous, but it’s not hands-off, either.
Helm aims to give you the best of both worlds—the assurance of having a device filled with sensitive information physically under your control, but with almost all of the heavy sysadmin lifting done for you.
The primary difficulty Helm will face here is the marketing message—who is this thing for? Most folks in the angry graybeard set (of which I count myself a member) are either already self-hosting or have dismissed self-hosting as far more trouble than it’s worth; the casual-user set doesn’t really think much about how email works or what “hosting” really means.
Helm therefore has decided in its marketing literature to lean heavily on the privacy aspects of self-hosting. Helm’s website leads with that message and plays up how switching to Helm is a way to take ownership of one’s online identity and divorce oneself from technological dependence on giant data-hungry corporations:
Your most critical data (like emails, search history, passwords, photos, and videos) is stored on a massive corporate server outside your home.
Increasingly, this leaves you vulnerable to hacks, companies profiting from your data and online behavior, and mass government surveillance.
It’s a marketing message not without some necessary caveats—as long as you’re exchanging emails with other people who use those big corporate services, you’re just as vulnerable to mass surveillance and data harvesting as before, since marketeers (along with any interested three-letter agency) will simply vacuum up your message on the receiving end rather than the sending end. And Helm’s usage of AWS for so much of its infrastructure—even with a responsible eye toward encryption and keeping sensitive data properly siloed—means you’re still depending heavily on one of the most data-hungry corporations of them all.
The message, however, isn’t wholly inaccurate—you’re better off self-hosting. It remains an open question, though, of whether the average consumer (or even the average tech-savvy Ars reader) would be willing to spend $499 and an additional $99 each year for a nebulous and difficult-to-fully-quantify increase in security. Convincing people to do so will be Helm’s greatest challenge—probably a great deal harder than actually designing the service in the first place.
The Helm service—or, “where does my $99 a year go?”
I want to talk just for a moment about exactly what that ongoing $99/year charge pays for. Obviously, Helm has employees, and they need to make payroll; the Helm service requires ongoing work behind the scenes for it to remain long-term functional. But the subscription fee also covers a fair amount of real AWS-based infrastructure costs that come with each Helm device sold.
Helm utilizes Amazon’s Route 53 DNS service on the back-end, which gives you a robust DNS setup with a large number of fast, geographically distributed resolvers. To work around ISP restrictions on ports and to do away with the Sisyphean task of trying to use a residential ISP IP addresses for email service, the company spins up Amazon EC2-based gateway machines that establish tunnels to the residential Helm devices. “All the gateway does is forward packets back and forth,” explained Helm CEO and co-founder Giri Sreenivas to Ars. “All TLS terminates on this device. All we’ve done is introduce an extra hop on the Internet. We’re funneling encrypted traffic.”
Helm also puts some care into the AWS IP addresses assigned to the Helm gateway, doing all the necessary legwork to vet those addresses against the ever-changing list of anti-spam IP address blacklists utilized by most email servers.
The AWS costs for Helm also include built-in cloud redundancy; the company uses Amazon’s US-West-2 region for its gateways and keeps machines in all three of the region’s availability zones. The company uses a separate region, US-East-1, for all of its data storage—that is, the place where your gigabytes of encrypted email back-ups live.
The mail flow
Those EC2-based gateways are one of the keys to making Helm work. When your local Helm server powers on, it establishes an IKEv2-based tunnel to an EC2 gateway. That EC2 instance is assigned the public IP address referenced in your domain’s MX records, and utilizes good ol’ iptables to forward select packets through the tunnel to your Helm server.
The path is the same whether you’re an IMAP client checking your inbox or another email server transmitting a message over SMTP—everything goes via the gateway.
Interestingly, this means that email clients on the same LAN as the Helm server still run their traffic across the Internet, through the tunnel by way of AWS. When you configure your client, you point it at “helm.yourdomain.com” for SMTP and IMAP and forward DNS lookups on that hostname will always return the AWS gateway’s Internet IP address.
I asked Helm support about bypassing the tunnel and addressing the Helm server’s mail ports directly on the LAN, which might be something a customer with split-horizon DNS would do. The response was reassuring: “This shouldn’t be a problem,” the support people said. “If the user sets up DNS to point directly to the local Helm IP address for local clients, those ports are currently open, and so it should work. This isn’t a configuration that we have tested, however, but technically we don’t see any issue with this.”
(While the SMTP and IMAP ports are locally addressable, there’s not much else you can actually do to the Helm server directly—there is no way to log into it. Configuration tasks are all done via an app, which we’ll get to shortly.)
The decision to wrap all server comms in a tunnel pleasantly sidesteps the two major issues that often come with trying to self-host an email server on a residential ISP connection. Namely, you don’t have to worry about your ISP blocking inbound connections on common email ports, and you don’t have to worry about the fact that most residential IP addresses are permanent residents on just about every blacklist ever. By shifting the connection point to Amazon’s cloud and being choosy with the IP address pool they have to work with, Helm saves you no shortage of headaches. (You also don’t have to worry about updating a DNS entry when/if your home IP address changes, but that’s mostly a solved problem at this point anyway.)
Unboxing and setup
The server comes packaged with a quickstart guide, a network cable, a good-quality branded AC adapter, a USB key for storing your backup encryption key(s), and a Helm sticker (our review device also came with a separate USB stick loaded with press assets and images).
Setup is pretty darn easy. You unbox the server, peel off the plastic protective film around it and its AC adapter, plug it in, and connect it to your LAN. The device has built-in 802.11ac and can be run wireless, but you need to set things up wired first before you can configure Wi-Fi. After you’ve plugged in the network cable, you turn the thing on, install the mobile app on your iOS or Android device, and follow the steps.
Those steps, pictured in a gallery below, will see you first pairing your Helm server with your smartphone via Bluetooth to kick off the setup. The Helm server and your smartphone perform a token exchange via Bluetooth that enables your phone to continue being used for admin tasks; configuring new smartphones to work with the Helm app requires physical proximity and another Bluetooth connection. (Configuring smartphones to send and receive email with Helm, though, does not—you only need to worry about the one-time Bluetooth connection for devices you’re going to use to administer the server.)
It’s important to pause and reiterate that, after the initial token exchange via Bluetooth, all communications between your management smartphone and the Helm server happens over the Internet via the AWS gateway. That’s the case even if your phone and the Helm server are on the same LAN segment. This is actually a relief for folks like me who are perhaps more than a little paranoid about putting a device we can’t manage or upgrade on a trusted LAN segment with other trusted devices—since there isn’t any direct communication between your management device and the Helm server, there’s no reason you can’t permanently plop the Helm server on your IoT VLAN if you have one or even onto its own isolated segment.
Per a note from Helm support, the only thing the box needs to be able to do is send outbound traffic on UDP ports 500 and 4500 and on TCP port 443. You don’t need any incoming port-forward rules.
The review units Helm sent out were preconfigured with test domains (I got “helmdomain21.com”), but if you’re an actual customer, you’ll either have purchased a domain from Helm when you bought the device or you’ll have switched your existing domain’s authoritative DNS over to Helm’s DNS servers when you bought the device.
Regardless of how you got there, the setup continues by showing you the domain assigned to you and asking you to enter an activation code Helm sends you at purchase. After that, you create your first mailbox for the domain, which is also your administrator account.
The setup assistant then prompts you to insert that flashy silver USB stick into one of the Helm’s ports. At this point, the server generates an encryption key pair and writes the private key to the stick. The encryption keys are used both for encrypting the Helm’s local filesystem and also for encrypting the server’s automated backups, which are automatically uploaded to AWS for you. If your Helm server dies or is stolen, you’ll need this physical key to restore your email backups and configuration to a replacement Helm device.
Finally—at least on iOS, which is what I use—the application generates a set of profiles containing your Helm account’s email, calendar, and contacts settings. Then the application installs all of that for you, though you have to hit OK a few times to shepherd the process along. This is a nice convenience that eliminates you potentially needing to copy-and-paste (or, worse, write down and manually enter) a bunch of server and account settings.
Once the profiles are installed, you’re immediately able to send and receive email from your new domain. After that, the app has a set of wizard-like tasks in the main window to show you how to import email from external accounts, create more email addresses, and set per-device passwords on your Helm account so it can be accessed on other devices like a laptop or tablet.