You can order an H20 SIM directly from H2O Wireless for $10, plus $10 for the first chunk of service. It looks like the shipping will be free until after you put in your credit card, then it’s crazy ($26 for the default shipping method and $15 for the cheapest/slowest, as I recall). You can also buy them locally, at Target, etc., and save the shipping charge. I was all ready to do that, when Cathy found you can order H20 SIMs from Amazon for $0.01 with free shipping. Really, one penny and no shipping!
I got it yesterday. It works. Here are the step-by-step instructions:
- When you get the SIM, go to the H2O wireless site, create an account (click on log in, then “not registered yet? click here”), then activate your SIM card. All you need for the activation is the ActFast code from the back of the SIM carrier card. That will assign you a phone number. Write it down from the bottom of the activation page, as I have found no way to look it up. That wouldn’t be an issue with an actual phone, but not knowing the phone number would present problems with OVMS.
- Install the SIM in the OVMS device.
- Confirm it works by sending it a text message, STAT for example. If your OVMS was previously set up for a different network, you’ll get back the usual response. If not, you’ll get a “permission denied” message. If that’s the case, go through the normal setup process.
That’s it! It was a little wonky right after I configured it until it did a self-reboot. Perhaps it had problems switching from the old AT&T configuration to the H2O setup. So, I’d recommend a power cycle after setting the network configuration. It seems very responsive, although I am seeing a fair number of broken pipe messages on the server, although I’d occasionally see clumps of those messages when on the AT&T plan.
Their web site security is horrifying. When I set up my account, I generated a cryptographically random 20-character password. It worked great until I tried to log in later. I couldn’t understand why the password I recorded wasn’t working, so I went through the “I forgot my password” process. They sent me a crazy-looking password in plain text email, and didn’t force me to reset it (security problem #1, force good security). I couldn’t see how to reset my password (security problem #2, don’t make good security hard). To change your password, go to “update information, ” then look for the “change password” button next to the submit button. When I went to record the random password they sent me, I noticed it was the first 10 characters of the password I gave them. So, they just silently truncate super secure passwords to weak passwords (security problem #3, don’t force poor security and terrible UI on your users). All of that is bad, but the implied security problem #4 is far worse: they store user passwords in plain text. That mistake is what gets you into the headlines when someone hacks your site and steals all of your users’ passwords.
Warning Do not give these idiots a password you use anywhere else. I’m also a little nervous about letting them store my credit card info.
We’ve been using it since May, 2014, and it’s working very well. The service has been reliable and it’s costing just $10 every 90 days, so just over $40/year. Each time I have renewed it at the 90-day mark, I’ve had a balance remaining which means I’ve had plenty of bandwidth left over for more data and text messages. As an experiment, I recharged it early and was pleased to see the new expiration date (2/19/2015) is 90 days after the old expiration date, not 90 days after the recharge. It’s good to know I don’t have to wait until the last minute to recharge.
