Companies

I had a simple task at hand, to draw a flowchart how information is exchanged in a distributed system. Since I din't have my Microsoft Visio installed in that machine and the task was rather simple, I chose to try the Google Drawings and learn it. Easy as pie, right? Nope.

As one of the first things I wanted in my flowchart was "regular Jane User" and I wanted shape of a laptop computer to represent her. Well, Google's shape library didn't have a laptop, so why not go google for it and ta-daa! Found a suitable in couple of mouse-clicks at http://www.flaticon.com/free-icon/apple-laptop-computer_22791. Vector version available in multiple formats, so I downloaded the SVG into my Google Drive and ...

An hour later I simply gave up. Nothing in G Suite knew how to use that. And I did attempt a lot of things. Including converted the things into a .wmf as suggested by StackExchange article Import SVG files to Google Docs as a drawing.

It. Simply. Does. Not. Work!

Given the vast amount of proof, there must have been a time when it did work, but doesn't do that anymore. However, after an another hour later I found article How to import SVG (or any vector) into GoogleDocs from Google Docs Help Forum, which claimed that .emf would work. And oh joy! It does!

So, this is my illustrated guide of importing SVG into Google Docs/Drive/Suite ... whatever they choose to be called today. I'm sure this information will eventually be as invalid as so many pages around The Web are at the time of writing this, but I'll leave my mark to The Net with this one.

In this guide I'm doing everything in Google Drive. In reality you have lots of options to do this and go with a completely another path and still end with the same result, but I try to keep this as simple as possible.

1. Upload all the required .svg-files into Google Drive
2. Right click a .svg-file and choose Open with > CloudConvert
   
3. (one-time-task) Accept CloudConvert OAuth request
   
4. (if returning from CloudConvert account creation), do 2. again and choose Open with > CloudConvert
5. At CloudConvert, select vector > emf, and make sure Save file to my Google Drive is checked. Then hit Start Conversion:
   
6. You can convert any number of files at one run, when conversion is done, close CloudConvert:
   
7. Return back to Google Drive. You will find the .emf version of your file in the same folder the original .svg conversion was started:
   
8. Right-click the .emf file, notice how you CAN open it in Google Drawings:
   
9. In Google Drawing, copy the file Ctrl-c in Windows or ⌘-c in Mac:
   
10. If needed, you can paste (Ctrl-v in Windows or ⌘-v in Mac) the converted symbol into any other type of Google document, for example presentation:
    
11. When looking at your Google Drive, there are three versions of the same file. To get rid of not-so-useful ones, which two to delete (from left to right: .emf, Google Drawings and .svg):
    
12. To make sure you're keeping the Google Drawings one, right click any file and select View Details:
    
13. Keep the one saying Google Drawings, delete rest:
    
14. Done!

I don't know why people at Google think this is a fun sequence to do for dozen or so symbols. They could easily do this conversion pretty much automatically for me.

Btw. The  above laptop icon needs to be attributed:
Icons made by Freepik from www.flaticon.com is licensed by CC 3.0 BY

Somebody has got new toys. I was just doing a casual Speedtest for my mobile subscription to see if it would have any oompf in it. This is the result:

Holy cow! Nearly 150 Mbit/s download. On an iPhone 7! Whaat?
I was just having a burger in Stockholm, my subscription is Finnish, so all the traffic will exit from a Finnish IP-address. That makes the ping bad, but the download speed is trough the roof.

Here are couple of other measurements from Finland (thanks guys for these!):

Similar style results on both cases.

I don't know what changed, but Finnish telcos have really amped it up. No complaints from me! Nice!

Ok, we've established earlier, that IPv6 isnt' getting traction. ISPs are simply to lazy and they don't care about their customers, only their profits matter. It's really bad for profit to do improvements on their systems and networks. Meanwhile IPv4-addresses ran out on IANA, but ISPs don't care about that either, they stockpiled addresses and have plenty to go with.

To get IPv6 on my systems, I've been using free-of-charge service SixXS for almost 10 years. They provide IPv6-on-IPv4 -tunnels using IP-protocol 41 or 6in4. The tunnels I've been using in Finland have been provided by local ISP, DNA, again free-of-charge. During those years of service, I managed to accumulate almost 7000 ISK, that's 5 ISK per week per tunnel, if the tunnel is running without any problems.

On IPv6 day (6th June) 2017 SixSX will shut down all services. See, sunset announcement for their rationale for doing this. They pretty much say, that they ran tunnels for 17 years and don't want to do that anymore, ISPs should provide native IPv6 to every single customer they have. I'm totally agreeing with them. I'd like to keep my tunnels running, still.

It is what it is, decisions have been made and it's not going to change. So, my sincere thanks go to SixXS and DNA, and especially to all the hard working people on those organizations. Thank you for your service!

Unlike last year, I didn't manage to get me an advent calendar this year. Unfortunately for me, Central European on-line stores won't do deliveries to Finland anymore.

This year I had to go for a much less elegant solution:

That's one for each of the 24 days.
Personally I'd prefer the real ones I had for the past couple years, but this will have to do.

I've been an active IPv6-user for many many years. Of course my ISP doesn't offer a native IPv6, so I'm using a tunnel from SixXS. They have been providing such tunnels free-of-charge for years, and for that I thank them and the ISPs volunteering their capacity for us nerds to have decent IPv6-connectivity. SixXS got tired for IPv6 not getting any traction, the ISPs have almost zero commitment for allowing people to use real, native IPv6. SixXS has a campaign called "Call Your ISP for IPv6!", but I don't think that's going to make much of an impact. When any ISP is actually asked about their IPv6 support, they'll stall by "we'll announce it later" or "but we do support IPv6" (by some unusable mechanism).

When looking what's happening on the ISP-side, Telia (or Sonera, as we call it here in Finland) has enabled 6rd for their connections. It combines DHCPv4 by returning enough parameters for an IPv6 setup with a 64-bitmask to be done. It kinda works, but ... still not the real thing I'm after. Also Elisa and DNA, two big mobile telcos in Finland, started offering IPv6 (DNA, Elisa) for their customers, but ... I'm not going to change my home fiber for a mobile connection. So something is happening at the telco-scene. I'm just waiting my ISP (Elisa) to act on the wired side too.

The other side of the chicken-egg -problem are the services. There is no real commitment on their side either. For example Amazon AWS (a really huge infrastructure provider) really doesn't support IPv6, they have nice IPv6 support for Internet-facing load-balancers, their S3 storage and their content delivery net Cloudfront, to mention few. But when it comes to running a server instance with real native IPv6, no dice. So, you can market your service to be IPv6-ready, all the critical Internet-facing services really do support IPv6, but your infra runs on IPv4 private addresses. Not cool.

And when it comes to services, this is a typical scenario:

That's what's been happening for LinkedIn for I-don't-know-how long. At least this week.

Me being the nerd I am, some background investigation:

# telnet www.linkedin.com 80
Trying 2620:109:c007:102::5be1:f881...
telnet: connect to address 2620:109:c007:102::5be1:f881:
Connection timed out Trying 91.225.248.129...
Connected to www.linkedin.com.
Escape character is '^]'.

A classic.
Their IPv6 is down and they don't know about it. This is their level of commitment:

On September 2014, they announce to have done a "Permanent launch of IPv6". But none of them are using it themselves to realize it has been down for a week! The really scary thing is, that they cannot afford $10 a month for a Pingdom check.

That's what I recommend for everybody to use for monitoring on-line services. Any reputable admin needs to know the second a service is out of reach by general public. IMHO that should include also admins at LinkedIn.

When it comes to lack of IPv6, I need to come clean. This blog isn't running on IPv6 either. Since most of you don't have it, it is impossible for you to know. My co-location host cannot offer me the IPv6, so no avail.

But why? Why is there no real commitment for IPv6? What's blocking all sensible people for going all-in IPv6? Everybody knows, that all possible IPv4 addresses were allocated by IANA to telcos and ISPs in January 2011. So, there is no more. Of course there are plenty of available addresses in RIRs to allocate for regional telcos, so we're not completely bankrupt with IPv4-addresses. But that day is eventually coming, it's just a waiting game. Notable efforts like World IPv6 Launch Day yield no mentionable results.

So what's holding us back? I don't know anything else except everybody going on the path-of-least-resistance. Since there are available IPv4-addresses, why risk a change. With change things can go broken or something may shift so that some people will lose some and others will win some. Not that much of a risk, if you ask me. But here we are, inching towards IPv6 very slowly. Speed it up, goddamnit!

I got a comment from Mr. Martin, that Google changed their SMTPd, so I'll have to revisit the article.

As suggested, new /etc/postfix/smtp_reply_filter would be:

#New 2016/09:
/^5(\d\d )5(.*. \S+ - gsmtp.*)/ 4${1}4$2

Above one is working perfectly on my box.

Again, thanks for Mr. Martin for bringing this topic to my attention.

I was about to do some testing with a cheap Elastic Compute Cloud Linux-instance, but ... AWS wouldn't allocate me one.

Here is the reason from Amazon EC2 Spot Instances Pricing:

Somebody really lost his marbles and is paying ludicrous price for a box.

Ok, in reality that has to be work of two (or more) automated systems competing with each other in a situation where capacity of i2.4xlarge instances is scarce. Any human would do what I did, just pick the bigger box and be happy about that. That instance type with normal pricing costs like $3.41 / hour, and with spot pricing it goes ~60 cents / hour, but not when automated bidding goes haywire.

I'll post something about not computers for a change. Its pretty close, but still, not about computers.

Any self-respecting nerd (such as me) loves video games. Doing first-person-shooter games IRL is always both fun and a lot more difficult than on a computer. 

We had a company activity and went to nearby Megazone for couple rounds of always fun laser tag. Since it was my first time ever doing that, it was like a slap in the face. I'm a 2nd lieutenant in FDF reserve, so I have basic understanding of tactics in a battle. Also I've played video games since early 80s and FPS games since first Wolfenstein. On top of that I've been paintballing enough to know that there is enough realism in video games and paintballing to match real military tactics. However, anything I knew about combat, tactics and fighting at that point was usless.

In the game there were three teams and you, so pretty much everybody you see is an enemy. Megazone is mostly about movement and speedy tags of any visible opponents. The worst thing that can happen to you there is that you're unable to fire your weapon for 8 seconds. During a 25 minute round that's not too dangrous. In paintball or war you're out on the first "tag", here you aren't, it's just a game of accumulating points.

Here are my stats from first round:

I sucked!

My handle in the game was Macro (in the Red team), so being 8th out of 14 wasn't that good. Tactically the maze was a nightmare! In the original Wolfenstein it was possible to be hit only from front, back or sides. In Megazone there were 2 floors, but it was a metal grid walkway making it possible to shoot trough. That made it 5th direction where getting hit was possible. At best I found couple locations where it was possible to get some cover and get hit only from two directions. The only even semi-functional tactic I found was to ignore any defence, cover and cautiousness. Just going recklessly forward and out-gunning everybody on a reaction seemed to work good. Also sniping people long-range was a really good tactic, sometimes I could do 4-5 people from a single position. They never saw me. I also did try attacking enemy bases and defending own base, but they were totally pointless exercises in futility, I spent too much time trying to figure out the value of those.

Here is my second round:

Quite an improvement in points and ranking. I was best in our team and 3rd in total!

Megazone was great fun, but with my background, it'll never be my favorite thing. I want to see my opponents suffering when I hit them, in laser tag that doesn't happen.

Every now and then I need a paper copy of something. In Finland, which to my observations is quite far advanced in the paperless processes (working environment or otherwise), that's rare. The obvious exception to the rule is bookkeeping and banks. They won't live without a hard-copy of something. For the purpose of producing a printout I have a Samsung color laser printer. When it was new, I even made a humorous note of it.

The general grievance about modern printers is, that they cost around € 200,- and almost immediately run out of [insert a name of expensive supply product here]. In my case, nothing else than all colors cost way above € 300,-. But that's not my rant-of-the-day, I knew all about that when I decided to have the unit shipped to my front door. Korean engineers @ Samsung made the actual process of changing a color cartridge a very simple one. I have to say, that hardest part in that is un-boxing the new ones. They are so tightly vacuum-sealed. So, no groaning about that one either.

What do you do with those darned expired things, when you're done!!

I had replaced the black cartridge earlier, it always runs out first. In this instance, I replaced only the colour ones (CMY). So, only 3 useless boxes to throw out of the house.

From The Web, I found somebody having the same problem. This article is in Finnish, but it's pretty much about Samsung color cartridge not having any kind of recycling info in it. Samsun's rep reponnds, that "oh yes, there are instructions". This is the only thing I found about the subject:

It says to go to www.samsung.com/printer/recycle for information. I did and landed at Samsung S.T.A.R Programme (Samsung’s Takeback And Recycle). It has following information about returning used cartridges at How to return your used cartridge -page:

1. Place your used cartridge in the bag and box which came with your new Samsung toner cartridge. In case you wish to send more than one cartridge for recycling, please put all cartridges in one big box, or tape the individual boxes together.
2. Close the box using clear tape;
3. Register yourself/your company on our STAR website. In case you have already registered yourself/your company, please log in using your user name and password. Chose the number of empty cartridges you would like to return and press the ‘get your label!’ button. Your order will be processed immediately. Only one (1) return label will be sent to your registered email address or will pop up at your screen;
4. Print the return label and place it on the large side of the box. If the return label contains a bar code, please keep this bar code visible;
5. Drop off your box at the nearest post office or include it in your usual mail collection.

Well, I guess I'll have to register to the site and get myself some clear packing tape. After doing that, it was possible to print following packing slip:

Looks like a valid customer return information required by postal services. Now the last thing is to go to a post office and leave the bundle there.

So, the information was there. Obviously the entire process is a bit more complex than just taking out the garbage, but I guess Samsung guys will properly handle all the troublesome waste there. That should save the Earth!

Like last year, I happened to get me an advent calendar this year too. The layout is a classic 24 x 0,5L containing 24 lids for the days in random order:

There seems to be .... erhm.... problems transporting alcohol to Finland, and many European vendors have pulled Finland off their available destinations. Amazon.de still delivers Lieferello goodies to us, so I got my Drinks & Fun Die Weihnachtsbrauerei Bier-Adventskalender. The same thing at Lieferello site would be here.

Now I'm just waiting for the 1st of December.

Update 17th and 28th Dec:

To squash a FAQ: The beers in the calendar are different. It wouldn't make any sense to buy a 24 pack of beers and call it an advent calendar. See:

1. Felsgold Premium Pilsener
2. Carl Theodor Lager
3. Felskrone Premium Pilsener
4. Pilsator Pilsener
5. Durlacher Hof Weissbier
6. Dominikaner Pils
7. Brauburger Premium Pilsener
8. Harboe Bear Beer Strong Stout 8%
9. Eichbaum Red Beer
10. Edel Bayer Urtyp Hell
11. Darguner Pilsener
12. Kress Bayrisch Zwickel
13. Barbarossa Premium Schwarzbier
14. 5.0 Original Pils
15. Durlacher Hof Weissbier (Hefeweissbier)
16. Frankenthaler Germania Premium Strong
17. Regenten Pilsener
18. Maisel St. Michaelsberg 1122 Premium Pilsener
19. König Wilhelm Hefeweissbier
20. Mecklenburger Pilsener
21. Dinkelacker CD-Pils
22. von Raven Pilsener
23. Eichbaum Pilsener
24. Barbarossa Brauerei Helles Hefeweizen

When it comes to unlimited supply of failures, one of my absolute favorites is YLE. Whatever they try, they seem to fail at it.

They have stumbled with their on-line service (Areena) a number of times. It took them years and years, but recently it has been at level, semi-decent service, no major failures, works even on iPad.

As they are having an uphill fight with piracy and people not obeying the country limitations they are forced by distribution agreements, they did the only sensible thing anybody can do: if you're using a HTTP proxy, then you're out! The only natural ruling can be that anybody using a proxy is accessing their service from abroad.

Like this:

The license of this radio show says that they will apply geo IP restrictions to it to limit audience in Finland only "( Kuunneltavissa vain Suomessa )". It will result in sorry-you're-not-in-Finland ("Ohjelma ei ole kuunneltavissa ulkomailla") and a refusal to play. However I am in Finland, I should be allowed access to that.

These guys are known for their inability to think smart. It is impossible to know if somebody abroad is using a Finnish proxy or not. The only possible detection method is checking for X-Forwarded-For HTTP-header.

That should be an easy fix. Let's see:

# host areena.yle.fi
areena.yle.fi has address 91.229.138.2
areena.yle.fi has address 91.229.138.6

Whois information for their IP-block is:

% Information related to '91.229.138.0/23AS57066'

route: 91.229.138.0/23
descr: Yleisradio Oy
origin: AS57066
mnt-by: DATANET-NOC
source: RIPE # Filtered

Adding this to /etc/squid/squid.conf:

# Forwarded-for -stuff off for YLE
acl yle_areena dst 91.229.138.0/23
request_header_access X-Forwarded-For deny yle_areena

... and restart will do the trick! Squid-proxy fully supports this kind of behavior with acl and request_header_access -directives. Now YLE-people are blissfully ignorant about you using a proxy or not.

Update 24th Mar 2015 and 1st Jan 2016:
Also MTV katsomo.fi has gone for this stupidity. The fix is obviously:

acl mtv_katsomo dst 23.54.11.0/24 # Katsomo.fi (Akamai)
acl akamai      dst 23.32.0.0/11  # Akamai

request_header_access X-Forwarded-For deny mtv_katsomo
request_header_access X-Forwarded-For deny akamai

Now they allow you to watch via proxy.

As I test different network equipment regularily, I need SIM-cards and data plans for them. All of these are generally available and affordable, just go to nearest R-Kioski and get one.

Elisa (Saunalahti)

Elisa is the biggest telco with number of customers and market share. Their consumer products are under Saunalahti brand, including their pre-paid data plans.

Pre-paid data plans:

• One day 4G (100 Mbit/s) 1.90 €
• One week (21 Mbit/s) 6.60 €
• One month (0,25 Mbit/s) 6.60 €
• One month (4 Mbit/s) 14.90 €
• One month (21 Mbit/s) 16.90 €
• One month 4G (50 Mbit/s) 19.90 €
• Six months (0,25 Mbit/s) 27.80 €

Incoming access:

None. All pre-paid and post-paid data plans are NATed. Post-paid 3G data plans have the possbility of changing into a non-NATed one, but that options is not available for 4G. This is total crap!

TeliaSonera

TeliaSonera is the 2nd biggest telco in Finland. As they operate also in Sweden, Norway and Estonia in general, it is the biggest corporation of these three.

Pre-paid data plans:

• One week 4G (50 Mbit/s) 12,90 €
• One month 4G (50 Mbit/s) 23,90 €

Incoming access:

None. All pre-paid and post-paid data plans are NATed. Post-paid data plans have possibility of subscribing a service (for small fee), to allow public IP-address. Having a fixed IP instead a dynamically allocated one costs extra.

DNA

DNA is the smallest player (excluding virtual operators). When it comes to telcos, size does not matter. Their coverage is equal to bigger players.

Pre-paid data plans:

• 1 GiB transfer, six months 4G (150 Mbit/s) 9,90 €
• 10 GiB transfer, six months 4G (150 Mbit/s) 19,90 €

Incoming access:

All data plans are allocated a dynamically changing public IP-address.

List of open TCP-ports (IP-protocol 6) found with Nmap scanning my own IPv4-address:

• 500/tcp
• 1024/tcp
• 1723/tcp
• 2222/tcp
• 4002/tcp
• 5001/tcp
• 5800/tcp
• 5900/tcp
• 6001/tcp
• 7001/tcp
• 8001/tcp
• 8081/tcp
• 8082/tcp
• 8083/tcp
• 8088/tcp
• 8090/tcp

I also tested other incoming IP protocols and they seem to pass without limitations. Running VPN or IPv6-tunnels is completely possible.

Conclusion

The obvious winner is DNA. It is affordable, no NAT, incoming access is possible, although limited. The only drawback is for people requiring lot of transfer, there is limit for amount of bytes. If you run out, just add another 6 month package, and you're good to go.

2nd place goes for TeliaSonera post-paid Opengate-connection. It is still affordable (17,- € / month, incl. incoming access 3G/4G), no transfer limits and allows full incoming traffic without filtered ports.

3rd place goes for Saunalahti one day pre-paid. It offers speed, no transfer limits, but I had trouble comprehending their system. As I already had a pre-paid SIM, all I had to do is to add credits to its account, but ... I somehow didn't manage to do it. I did do it before, but ...

I survived Slush 2014.

It takes a lot of energy, but is worth it. The event itself is quite an experiment. 5 stages full of talented people talking about their ideas and what they did wrong or right to deserve the right to be speaking to all of us. All the parties that are taking place, when the actual event is not will also consume a lot of energy.

Of all the events, speeches and pitches my personal picks are (I intentionally didn't include those, to whom I'm somehow affiliated with):

• Wooga's CEO Jens Begemann describing how they create hit games, aka. the hit-filter. This seems to be a working recipe from Supercell. The fact seems to be, that if there are 100.000 games in the App Store, only top-15 of them are making serious money. So, your game needs to be in top-15, not top-500.
  
• Dragonbox creator Jean-Baptiste Huynh telling how he wants to change the way kids are learning algebra with a completely new approach by playing a game. It seems that schooling everywhere in the world is sticking with 300 year old methods: to sit on your desk and in order to prepare yourself to work successfully by a conveyer belt of a factory, you must sit still and do as your teacher tells you to. Doesn't sound like 2010s to me. Huh!
  
• Kano founder Alex Klein wanting to turn kids into super-kids by freeing their thinking by introducing everybody into computers and programming. The apparent fact remains, that currently there exists over 8 billion computing devices in the world and only 50 million of us know how to program them (amateurs and professionals combined). His idea is to empower non-nerds to create nice things with computers too.
  

My thanks goes to Slush organizers, Tencent Games and Pocket Gamer.

For many many years I haven't waited the christmas that anxiously, that I would have an advent calendar. Not even a chocolate one. This year I chose to make an exception to that. I got a recommendation to get a proper one from Lieferello.de. Here it is:

This calendar contains 24 (as any advent calendar does) cans of beer. Nice! Finally a good reason to count days for the 1st of December.

If you want to order one, here is the direct link to Die Weihnachtsbrauerei Bier.

When I first saw an ad popping from my Windows 7 system tray I was pretty convinced, that my computer had been hijacked, keylogger installed, all my files sent to a Chinese server and police knocking down my door, because my machine is serving cp-pics in a torrent network. Then I realized, that the advertisement is about Nero. A software, that I bought and installed voluntarily. See:

As you can see from the dates on the pictures, that I've been waiting for this to happen again. This time I was ready and could confirm, that the culprit was indeed Nero. It is totally unclear to me, if I agreed to this in end user license agreement, but that's what they are doing. Perhaps I also gave the birth rights of my first born son like F-Secure did in London (see: Londoners give up eldest children in public Wi-Fi security horror show). Anyway, I'm not exactly happy, that they choose to do this. Nobody knows what else are they doing.

By googling, I found out, that I'm no alone with this problem. Nero's own discussion forum has a thread with topic Why do you think it's acceptable to spam people's PCs?, and there is actually removal instructions.

First go to Task Scheduler:

There is an own folder for Nero and in it, there is a NeroInfo running at install time every 2 days. It most certainly does not display ads every time it runs, but there is the master of this botnet somewhere giving instructions on when to run and what to display. Just delete the task:

And finish it off by deleting the files also:

Now it should stay off for a while! This is a fine specimen of paid software screwing you to the ass.