Hacker's ramblings

In my earlier entry about Azure PaaS billing, I was complaining about how to stop the billing.

This time I managed to do it. The solution was simple: delete the deployments, but leave the cloud service intact. Then Azure stops reserving any (stopped) compute units for the cloud service. Like this:

Here is the proof:

Zero billing. Nice!

My Acronis TI installation fucked up my laptop. Again. I was on customer's office with my laptop at the time a backup was scheduled to run. That should be no biggie, right?

Wrong.

2013 did that, I wrote about that earlier. Some update for 2013 fixed that. I stopped suffering about the issue at some point. When it did happen I mis-identified the problem about being related to windows update, later I found out that it was because of a stuck Acrnois backup job.

That shouldn't be too difficult to fix? Acronis? Anyone?

In Windows Azure stopping an IaaS virtual machine stops the billing, there is no need to delete the stopped instance. When you stop a PaaS cloud service, following happens:

Based on billing:

This is really true. On 26th and 27th I had a cloud service running on Azure, but I stopped it. On 28th and 29th there is billing for a service that has been stopped, and for which I got the warning about. I don't know why on 30th there is one core missing from the billing. Discount, perhaps?

My bottom line is:
Why? What possible idea could be, that your PaaS cloud service needs to be deleted in order to stop billing? Come on Microsoft! Equal rules for both cloud services!

Is it just me, or is Apple's new iOS 7 just bunch of hot air?

I got the released version immediately to my iPhone and iPad. My initial reaction: the new colors are disgusting. Perhaps person using the new user interface needs to be drunk or on drugs to like them.

After half an hour of browsing archived 1995 black and white webpages, I was able to start using the painter's color sheet ... erhm... iOS 7. There was nothing improved there. Calendar had been made worse, month view didn't display entries anymore. The top left "bar" indicator had been turned into weird dots. Now it's not possible to ask "how many bars do you have?".

In the spirit of trying to be positive I found a single thing I liked. iCloud supports notes now. That I've been really waiting for. Hopefully they finally fixed the iPad's losing APN-settings bug. I have to admit, that the new swipe-screen looks good, much better than the classic old one. But something funny happens when you swipe, too many colors burn trough my eyes.

The official list of new features is here, but I still cannot find anything with a "wow"-factor in it.

The error messages when Azure Table Storage data insert fails are far from being descriptive.

This is the complete list of supported datatypes (or Property Types as they call them):

• Binary: An array of bytes up to 64 KB in size.
• Bool: A Boolean value.
• DateTime: A 64-bit value expressed as UTC time. The supported range of values is 1/1/1601 to 12/31/9999.
• Double: A 64-bit floating point value.
• GUID: A 128-bit globally unique identifier.
• Int: A 32-bit integer.
• Int64: A 64-bit integer.
• String: A UTF-16-encoded value. String values can be up to 64 KB in size.

Really. Nothing more. You just have to get along with that one!
The list is taken from Windows Azure Table Storage and Windows Azure SQL Database - Compared and Contrasted.

Things you fail to notice:

• .Net DateTime Structure as range of 00:00:00 (midnight), January 1, 0001 Anno Domini (Common Era) through 11:59:59 P.M., December 31, 9999 A.D. (C.E.) in the Gregorian calendar. Not from January 1, 1601 AD.
• That shouldn't be an issue. My app had problems and it had recorded dates into year 201. This was a really nice way of finding that out.
  
• In intergers, there are no unsigned versions.
• In decimal numbers, there is no decimal, a 128-bit floating point number. You have to settle with Double, a IEC 60559:1989 (IEEE 754) compliant version.
• There is no reasonable way of storing money-type data which needs an exact number, no floating point conversions.
• The string really is UTF-16, a two byte -version. It stores up to 32768 characters.
• Which is Not much when compared to TEXT or varchar(max) which range from 2 GiB to anything you have
  

Hopefully this list helps somebody. I spent a nice while finding all these out.

Sorin was kind enough to comment my article about Telia's firmware. He found a firmware from 3 Denmark for B593. Naturally I had to try that as soon as I could.

My previous articles about B593 are:

• Telia firmware not having SMS-functionality in it, Saunalahti firmware link
  
• DMZ-setting
• Dropping to 2G EDGE occasionally
  

The download link for 3's firmware is: http://www.3.dk/Privat/Kundeservice/Hjaelp-til-mobilt-bredbaand/Routere/Huawei-B593/#Firmware_opgradering

You will find a .zip-file, which will contain the firmware file with name hi3g_r+m+h+s.tar.bz2 in it. The file is dated 20th Nov 2012. After the firmware upgrade, a software version of V100R001C26SP054 will be installed:

The previously used Saunalahti firmware has software version of V100R001C260SP055, so the difference is C26 SP054 vs. C260 SP055. It is a known fact that telcos get a firmware modification kit from Huawei and can enable/disable features and add their own skins (see previous posts).

For all of us not fluent in Danish, there is a language selection in the login-screen. Beware: after the upgrade was done, I didn't have any connectivity. See:

The lack of connectivity was for the reason, that during update the APN-settings were set for 3 Denmark. Naturally they didn't work for me. This firmware has the VoIP-functionality enabled, thus, there is need for 2 separate APNs. Finnish telco's don't have the VoIP, so I cannot test that. But that does make the APN-setting -screen quirky. You cannot edit/delete an APN which is in use, either as data connection or VoIP-connection. There is no visual feedback about that, so I had to investigate the setting screen -logic for a while.

I did confirm that SMS-send/receive functionality is there and works. No issues on my tests. Also I confirmed my DMZ-forwarding, it still works as expected.

One fact that Sorin mentioned in his comment was, that he experienced lot of dropped connections with Saunalahti-firmware. His experience is that this firmware is more robust.

I'll update here if something surprising appears.

Earlier I wrote about IPv6-connectivity with MS SQL server into Linux / PHP with FreeTDS.

This time my quest with FreeTDS continued, I put together the minimal possible CentOS 6.4 Linux with enough parts to produce a Nginx / PHP-FPM / Windows Azure SQL Database -based web application. The acronym could be not LAMP, but NPFWASD. No idea how to pronounce "npf-wasd", though.

I packaged a Hyper-V -based Linux .vhd into Azure virtual machine IaaS-image and created couple of load-balanced HTTP-ports into it. The problem was to lure PHP's PDO to connect into Azure SQL via FreeTDS dblib. I spent a good while banging my head and kicking it, before it stopped resisting and started to obey my commands.

Everything would have gone much better, if only I had the proper version of FreeTDS installed into the Linux. When I realized that the TDS-protocol version is hyper-important in Azure SQL, I realised that my FreeTDS-version was not the one it was supposed to be. My own-package would have been the correct one (see the earlier post). My tsql -C says:

Compile-time settings (established with the "configure" script)
                            Version: freetds v0.92.dev.20130721
             freetds.conf directory: /etc
     MS db-lib source compatibility: yes
        Sybase binary compatibility: yes
                      Thread safety: yes
                      iconv library: yes
                        TDS version: 7.1
                              iODBC: no
                           unixodbc: yes
              SSPI "trusted" logins: no
                           Kerberos: yes

The default TDS version of 7.1 is really, really important there. With that I can do:

tsql -H -my-designated-instance-in-Azure-.database.windows.net \
 -p 1433 \
 -U -the-application-SQL-user-without-admin-rights- \
 -D -my-own-database-in-the-SQL-box-

It simply works, displays the prompt and everything works as it should be. In my Zend Framework application configuration I say:

resources.db.adapter = "Pdo_Mssql"
resources.db.params.host = "-my-designated-instance-in-Azure-.database.windows.net"
resources.db.params.dbname = "-my-own-database-in-the-SQL-box-"
resources.db.params.username = "-the-application-SQL-user-without-admin-rights-"
resources.db.params.password = "-oh-the-top-secret-passwrod-"
resources.db.params.version = "7.1"
resources.db.params.charset = "utf8"
resources.db.params.pdoType = "dblib"

No issues there. Everything works.

I received couple of comments from other people when I announced that I would try such a feat. It appeared that most people are running their own SQL-instances of various kinds because of performance reasons. The Azure SQL -service is definitely not the fastest there is. But what if you're not in a hurry. The service is there, easily available, cheap and functional, even from Linux/PHP.

This has been in the rumors for a long time. The Finnish pride Nokia chose to exit their Devices & Services branch now that Lumia phones are finally getting popularity. It is kind of a sad day for Finnish ICT-industry as the biggest company divests roughly half of itself with a very cheap price. Lot of people, including me, were waiting for Microsoft to buy out entire corporation. Any business transactions of this size take months to prepare, if not years. So, most of the rumors from early 2013 appeared to be true. Our beloved (NOT!) "mole-man" or "Microsoft agent" Mr. E-flop managed to push the corporation's value down so that his seat for CEO of Microsoft could be granted with this move.

This is also a good day for Finnish ICT-industry, as lot of what-iffing can stop, and people can concentrate doing actually good things.

Bullshit floating around:

• Part of Finnish national identity was lost: Sure thing, Nokia was our own pride and joy, but things keep changing get used to it! After all Nokia did fuck up their own business with having too much pride for not to see what others were doing. Not to mention their horrible reorganizations that managed to completely kill their ability to innovate. I was proud what they did in the 90s and how they ruled the mobile world then, but not how they managed to get too cocky in the 00s.
  
• Nokia was about to go bankrupt: No, according to their Q2 2013 interim report, they had assets for 4,4 billion €, does not sound like bankrupcy to me
  
• Nokia was about to abandon Windows Phone and go to Android: I don't think so, Lumia was starting to sell like hotcakes
• Press is stating that "Microsoft bought Nokia": Idiots! No they did not! They purchased Devices & Services division. Lot of Nokia is still left. Neither did Google acquire Motorola, they just got Motorola Mobility division. There is a difference there.
  
• Nokia should have chosen platform X instead of Windows Phone:
• Apple iOS: really not available
• Blackberry: perhaps, ready platform, low on features, but Nokia guys could have done something with it, not as ready-to-go as they'd hope
  
• Palm / webOS: naah, too old crap, HP was ready to eject it, though. Price would have been cheap, but same story as Blackberry.
  
• Nokia's own MeeGo: Technically superior to anything, the trouble was that they put a lot of money into it, and due to their own organization's mis-management they could not produce anything real in time and decided to sink it. New platform is lacking developer community, though. Ex-Nokia people bought it and formed a new company Jolla.
• Android: Buggy, insecure, totally dominated by Asian companies like Samsung, LG and HTC. Really difficult to create something innovative with cheaper price. Totally out of the question.
  
• Windows Phone: History has proven that Nokia really managed to get it working. Trouble is that Microsoft has very slow development cycle. They're not accustomed working in mobile field at all. Perhaps Microsoft will now detach Windows Phone from Windows completely and allow them to move rapidly.
• Microsoft made a mistake when they did the acquisition: I don't think so. Their PC-business is fading and they really want to expand. Mr. Ballmer has set the vision to be a devices & services business and that's what they bought.
• Finland will lose lot of ICT-jobs: Why would Microsoft move the mobile phone development to Redmond? They have a proven track record of that not working. Also what many people are afraid of, is Microsoft scaling down the mobile business. Why would they do that? They just spent 5,4 billion € for it, why would they kill it after that? So, I don't think this will have a major impact on ICT-workforce.
• Nokia will have a grim future: Well, no. They divested the division not doing any profits. They kept their patent portfolio which is generating 1 billion € revenue each year. They have plenty of money, probably they'll just purhcase Jolla and start doing nice mobile phones again.
  

My 4G-router drops to 2G EDGE after running couple of weeks. It's a really weird thing, since it does not do it always. Also the total on-line time is really weird. I hardly think that the on-line time can be 9 years or so.

I could not find any other remedy to fix this, but to reboot. After that it does a scan for connections and finds 4G/3G/2G and chooses the fastest one like it should do.

This is just a nuisance. I'd expect the box to be a little bit more robust.

The on-line time calculator -thing is a really weird one. It seems to jump 200 days during 8 hours when it feels like doing it. Apparently the entire calculator is busted.

Is it just me, or has somebody at Microsoft really dropped the ball on network location setting? When a Windows computer detects a new network, which it has not be attached into earlier, it pops you the question and asks about how to profile the security in that particular case. If everything goes ok, there is no need to change anything. However, when you install your computer, you don't get to answer that. Also, there is commonly known that people make mistakes. What if you simply fumbled the question and clicked wrong.

In Windows 7 the setting is simple:

You go there, click the value and select a better one. In Windows 8, Windows 8.1, Windows Server 2012 and Windows Server 2012 R2 that is not the case. The setting cannot be changed. Period. Wtf?

There is a way to change the setting. I found this article with Google: How do I set my wireless network to be private instead of public? The "Easiest" and "Most direct" are crap, IMHO. The part with Local Security Policy seems to work:

That seems to be working from Windows 7 onwards. Whose bright idea it was to make the change that difficult?

I've had my issues with Acronis True Image. It fails running backup, restore or consolidate existing backups to reduce storage. See my earlier posts about that (1 and 2).

Then they send this automated e-mail about eligibility of an upgrade with reduced price. I need backup, that's given, but have been unable to find anything reasonable as replacement. After a short pros/cons-weighing type of thinking, I decided to go for the update and got an Acronis True Image 2014 Premium.

Pros:

• I know them and their product
• I'm "pot committed" to them already 
• When I know what not to do, I manage go produce restoreable backups
  

Cons:

• I know them and their product
• I'm "pot committed" to them already
• Consolidation does not work
• Stupid restore errors on raw disks
  

There were no real issues during the update. They still don't support HTTP-proxying and simply assume that everybody can connect to their servers anytime, all the time. I manage to get past that, increasing number of software vendors make that assumption. What about us who'd like to know what goes on in their networks. They completely forget us.

Anyway, my backups run fine after the upgrade. During my consolidation experiments I managed to delete some backup-files from my storage. Now TrueImage wants to see them. When I get rid of that problem, I should be running smoothly.

I'll report here if something nasty happens.

My previous post about my Huawei B593 4G-router has become quite popular, so I thought to tell more about my setup.

What I'd really need is a network bridge, so that my Linux-box would be the one getting a dynamically changing public IP via DHCP. Understandably it simply cannot be done with a mobile router. In UMTS-network, the mobile terminal will negotiate a data connection and get the IP-address associated with the connection. There literally is no chance for my router to do that via B593. Using an USB-based mobile terminal such a feat could be achieved, for example my Huawei E160 gets an IP-address directly to the Linux. No 4G LTE, though. So, I'll be sticking with my B593 for a while. See an example of a transfer speed measurement @ Ookla Speedtest.net. Not, bad huh?

I also did investigate if the box would be based on Linux. Huawei has some GPL-components in the firmware, but they don't release BusyBox nor Dropbear source. It is possible, that they are using something of their own make or simply don't have a prompt or are not using Linux at all. The reason I'd like to see them is that both BusyBox and Dropbear SSHd are very typically used in Linux-based hardware.

Doing a port-scan from LAN-side to B593 reveals, that it has something there:

Not shown: 995 closed ports
PORT    STATE    SERVICE
22/tcp  filtered ssh
23/tcp  filtered telnet
80/tcp  open     http
443/tcp open     https
631/tcp filtered ipp
MAC Address: F8:3D:FF:F8:3D:FF (Huawei Technologies Co.)

... but since all the nice stuff (SSH and telnet) are filtered, I don't know if there are actually any services listening to those ports.

To repeat: to my understanding, a bridging firmware cannot be done. However, something very similar can be achieved, it has a DMZ-setting. See:

It says "You can configure a computer as the DMZ host that is exposed to the Internet so that unlimited services and exchanges are provided between the host and Internet, for example, online games and meetings." in the page. That is pretty much same as bridge.

I had to test if it really would work. I took a hping-utility for crafting raw IP-packets and ran:

hping -c 1 -n <-da-IP-address-here> -e "AAAA" -0 --ipproto 41

That sent a single (-c 1) raw IP-packet (-0) and stamped the outgoing packet a IPv6-encapsulation protocol (--ipproto 41). If the Huawei would have a simple UDP & TDP forwarding, such a packet would never pass trough.

On my Linux it said:

16:15:50.115851 IP sending.host.com > receiving.host.net: [|ip6]
16:15:50.115920 IP receiving.host.net > sending.host.com: ICMP host receiving.host.net unreachable - admin prohibited, length 32

Goddamn! It works! The packet properly passes trough.

My conclusion is that the DMZ-function is actually usable. Apparently there is no need for SSH-prompt -based configuration tweaking. It would always be nice, though. All Linux-nerds like me simply love to go to the prompt and type cat /proc/version and cat /proc/cpuinfo and boast about their hacking abilities to anybody who cares (not) to listen.

This is a follow-up for my previous article about running IPv6 and WLAN access point. There I said "This was actually very easy to do into DD-WRT" and now I'd like to take that back.

It seemed to be easy, but ... Here are my settings in detail. Btw. I'm running DD-WRT v24-sp2 big
Release: 07/24/13 (SVN revision: 22118)

1. disable the autoconfiguration from the WLAN access-point and manually define a static IPv6-address

This is the part which I struggled the most. Sure it is easy to remove the manually assigned IPv6-address from an interface, just run:

ip -6 addr delete 2001::-da-IP-here-/64 dev br0

on a shell. It will drop the autoconfigured address and it will stay away. For a while. It surely won't survive a reboot.

To make this stick, go to web GUI Administration --> Commands and add a startup command:

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
echo 0 > /proc/sys/net/ipv6/conf/all/autoconf
echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra
echo 0 > /proc/sys/net/ipv6/conf/all/accept_ra_pinfo

/usr/sbin/ip -6 addr add 2001:-da-IP-here-/64 dev br0

That makes the settings stick. Autoconfiguration will be gone and a static address will be assigned instead. I attempted at least 20 different combinations while looking the sysctl-settings list, but that was the 1st one I found to be actually functional for deactivating the autoconfig.

2. use a static default route from the WLAN access-point and confirm that it has proper IPv6-connectivity

4. make sure, that any incoming traffic from the mobile clients is properly routed to the real IPv6-router, and confirm that traffic flows both ways

Yet again, go to web GUI Administration --> Commands and add a startup command:

/usr/sbin/ip -6 route add default via 2001:-da-router-IP-here-::1 metric 1

That creates a static route which will work and fulfill the 2). To achieve 4) make sure to have the metric 1 at the end.

3. run router advertisement daemon (RADVD) to advertise the WLAN access-point as a proper router for any wireless clients

In the DD-WRT IPv6 article it said that RADVD configuration should be like this:

interface br0 {
   AdvSendAdvert on;
   prefix 0:0:0:1::/64 {
    AdvOnLink on;
    AdvAutonomous off;
   };
};

Don't do that! DON'T! It will royally fuck up your LAN. Nothing in IPv6-land will work if you literally copy/paste that like they suggest. The problem is with the prefix of 0:0:0:1::/64, it will assume that your network has that /64-prefix and assign route and IP-address for any IPv6-host with that prefix. I can bet you $1.000.000 dollars, that it will not be your IPv6-prefix. ... and win.

Just put the exactly same prefix your real IPv6-router has. The WLAN access point's RADVD should be configured pretty much exactly alike. For the configuration directives see radvd.conf manual-page. It literally says:

• AdvSendAdvert: do send advertisements, default is off
• AdvOnLink: use the prefix for link determination (meaning: yes you can get to The Net via this), it is on by default, you really don't need this line at all
  
• AdvAutonomous: do distribute new the IP-addresses from this RADVD to your wireless (and wired) clients, yet again it is on by default and you really don't need this
  

With these settings I succeeded a reboot and still had my wireless and wired clients working using either of the two IPv6-routers. On Windows the setup will display two default routes, like this:

PS C:\Windows\system32> netsh interface ipv6 show route

Publish  Type      Met  Prefix                    Idx  Gatewa
-------  --------  ---  ------------------------  ---  ------
No       Manual    256  ::/0                       18  fe80::
No       Manual    256  ::/0                       18  fe80::

On Linux:

# ip -6 route show | fgrep default
default via fe80:: dev eth0 metric 1024  expires 0sec mtu 1280 hoplimit 64
default via fe80:: dev eth0 metric 1024  expires 0sec mtu 1280 hoplimit 64

That's ok. IPv6 will support that ok. Just be aware, that your traffic may route either way.

I've been using IPv6 on my own LAN for years. Most of the things I use on daily basis have IPv6 and it seems to work. For example a Sony television or iPhone 4S does not use IPv6, but iPad does.

On my router there is a Router Advertisement Damon to do stateless auto-configuration. On Windows 7 and 8 they have really weird things running out-of-the-box, but I'm in a habit of running (as admin):

netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
netsh interface teredo set state disabled

That way I'm using fixed IPv6-addresses and disable the unnecessary Teredo-tunnel.

I don't exactly know why or how, but on one of my computers (running Windows 7), the IPv6-sockects started to not work properly. The symptoms include lot of reconnections and for example in SSH-client, the connection would simply drop. I did everything I knew, but nothing helped. A failing SSH-connection would look like this on the wire:

After 31 seconds of connection, there is a sporadic retransmission. That is not dangrous and it happens sometimes. My Windows 7 would respond with a duplicate ACK into it, waits 3 seconds and goes ballistic. It simply starts re-transmitting the already transmitted data with 1, 3 and 5 second intervals before determining that the connection has died. WTF?! The connection is not bad! It works on all other computers. The issue can be easily repeated and it works the same way every time. Windows thinks it needs to start a burst of re-transmissions and disconnects when they seem to fail.

During one of the Google-session for the fix, I found netsh interface ipv6 reset command. I tried it:

PS C:\Windows\system32> .\netsh.exe interface ipv6 reset
Reseting Global, OK!
Reseting Interface, OK!
Reseting Subinterface, OK!
Restart the computer to complete this action.

Did the Windows restart, ran the above commands to disable privacy, randomization and teredo-tunnel. Everything started to work! Whooo-hoo! Now my SSH-connections don't drop anymore. How cool is that!

The fix is very microsoft-ish. Some counter ticked into illegal value and in their mind the correct fix is to reset everything to the post-installation state. On *nix-world network-stack -code would be of much better quality and the entire issue would never happen!

This is a classic question which I get to answer a lot. N00bs know the answer, but somebody outside the IT-business might ask something like that. This is also quite a popular question among young people trying to figure out if programming would be for them.

Anyway, here 5 Programming Languages Everyone Should Know from two people who actually have created some of the most popular languages currently used.

Nobody should call themselves a professional if they knew only one language.
- Bjarne Stroustrup

Larry Wall

See his interview: http://youtu.be/LR8fQiskYII

His list:

• JavaScript
• Java
• Haskell
• C
• Perl

Perl is not a surprise in his list. He created it in the 80s.

Bjarne Stroustrup

See his interview: http://youtu.be/NvWTnIoQZj4

His list:

• C++
• Java
• Python
• JavaScript
• C
• C#

Again, seeing C++ in his list is not a big surprise, he was one of the authors of the language in the 80s. The funny thing is that he mentions 6 languages.

Linus Torvalds

This two year old interview keeps popping up. In this video http://youtu.be/Aa55RKWZxxI mr. Linux mentions one programming language not to use.

The again, this person is well known from his more than colorful opinions about various issues. But anyway his work on Linux kernel and Git version management are well known, he is a fan of C.

me

Being a blog-author I have to express an opinion of my own. To solely copy/paste opinions of three very skilled persons is too much of a cheap thing. So, here goes:

• C
• Pretty much all languages created after 1970 owe something to C, it is imperative to know this.
• JavaScript
• When doing any kind of web-stuff, this is the only language being used in 100% of the cases. All browsers run this and it is the de-facto client-side language today.
• C#
• Very versatile compiled language by Microsoft, has lot of influence from C, C++, Java, PHP, Perl, etc. the list goes on. It is mainly used with .Net to create server-side stuff.
• PHP
• IMHO the most important web-server language there is. This is wildly popular and shares similarity with C, JavaScript, Perl, Visual Basic, etc.

In addition to learning programming languages, I encourage everybody to learn also following widely popular frameworks:

• Microsoft .Net
• Zend Framework

My reasoning between this is that if you understand how they work, you're pretty well covered and also going to Python/Django or Ruby on Rails is much easier task. I know that these are web-frameworks and people program a lot other stuff than web, but sticking to the topic of what languages to learn, these are the first ones to try. There are so many other frameworks, especially in PHP-land, but they don't have such an essential position as the framework made by people who created the PHP-language. In Microsoftland there are no other significiant frameworks to learn. Anyway, both are properly documented and lot of information can be found of them.