Thursday, December 1. 2016
Unlike last year, I didn't manage to get me an advent calendar this year. Unfortunately for me, Central European on-line stores won't do deliveries to Finland anymore.
That's one for each of the 24 days.
Saturday, October 29. 2016
I've been an active IPv6-user for many many years. Of course my ISP doesn't offer a native IPv6, so I'm using a tunnel from SixXS. They have been providing such tunnels free-of-charge for years, and for that I thank them and the ISPs volunteering their capacity for us nerds to have decent IPv6-connectivity. SixXS got tired for IPv6 not getting any traction, the ISPs have almost zero commitment for allowing people to use real, native IPv6. SixXS has a campaign called "Call Your ISP for IPv6!", but I don't think that's going to make much of an impact. When any ISP is actually asked about their IPv6 support, they'll stall by "we'll announce it later" or "but we do support IPv6" (by some unusable mechanism).
When looking what's happening on the ISP-side, Telia (or Sonera, as we call it here in Finland) has enabled 6rd for their connections. It combines DHCPv4 by returning enough parameters for an IPv6 setup with a 64-bitmask to be done. It kinda works, but ... still not the real thing I'm after. Also Elisa and DNA, two big mobile telcos in Finland, started offering IPv6 (DNA, Elisa) for their customers, but ... I'm not going to change my home fiber for a mobile connection. So something is happening at the telco-scene. I'm just waiting my ISP (Elisa) to act on the wired side too.
The other side of the chicken-egg -problem are the services. There is no real commitment on their side either. For example Amazon AWS (a really huge infrastructure provider) really doesn't support IPv6, they have nice IPv6 support for Internet-facing load-balancers, their S3 storage and their content delivery net Cloudfront, to mention few. But when it comes to running a server instance with real native IPv6, no dice. So, you can market your service to be IPv6-ready, all the critical Internet-facing services really do support IPv6, but your infra runs on IPv4 private addresses. Not cool.
That's what's been happening for LinkedIn for I-don't-know-how long. At least this week.
Me being the nerd I am, some background investigation:
On September 2014, they announce to have done a "Permanent launch of IPv6". But none of them are using it themselves to realize it has been down for a week! The really scary thing is, that they cannot afford $10 a month for a Pingdom check.
That's what I recommend for everybody to use for monitoring on-line services. Any reputable admin needs to know the second a service is out of reach by general public. IMHO that should include also admins at LinkedIn.
When it comes to lack of IPv6, I need to come clean. This blog isn't running on IPv6 either. Since most of you don't have it, it is impossible for you to know. My co-location host cannot offer me the IPv6, so no avail.
But why? Why is there no real commitment for IPv6? What's blocking all sensible people for going all-in IPv6? Everybody knows, that all possible IPv4 addresses were allocated by IANA to telcos and ISPs in January 2011. So, there is no more. Of course there are plenty of available addresses in RIRs to allocate for regional telcos, so we're not completely bankrupt with IPv4-addresses. But that day is eventually coming, it's just a waiting game. Notable efforts like World IPv6 Launch Day yield no mentionable results.
So what's holding us back? I don't know anything else except everybody going on the path-of-least-resistance. Since there are available IPv4-addresses, why risk a change. With change things can go broken or something may shift so that some people will lose some and others will win some. Not that much of a risk, if you ask me. But here we are, inching towards IPv6 very slowly. Speed it up, goddamnit!
Wednesday, September 14. 2016
I got a comment from Mr. Martin, that Google changed their SMTPd, so I'll have to revisit the article.
As suggested, new
Above one is working perfectly on my box.
Again, thanks for Mr. Martin for bringing this topic to my attention.
Friday, August 26. 2016
I was about to do some testing with a cheap Elastic Compute Cloud Linux-instance, but ... AWS wouldn't allocate me one.
Here is the reason from Amazon EC2 Spot Instances Pricing:
Somebody really lost his marbles and is paying ludicrous price for a box.
Ok, in reality that has to be work of two (or more) automated systems competing with each other in a situation where capacity of i2.4xlarge instances is scarce. Any human would do what I did, just pick the bigger box and be happy about that. That instance type with normal pricing costs like $3.41 / hour, and with spot pricing it goes ~60 cents / hour, but not when automated bidding goes haywire.
Wednesday, June 29. 2016
I'll post something about not computers for a change. Its pretty close, but still, not about computers.
Any self-respecting nerd (such as me) loves video games. Doing first-person-shooter games IRL is always both fun and a lot more difficult than on a computer.
We had a company activity and went to nearby Megazone for couple rounds of always fun laser tag. Since it was my first time ever doing that, it was like a slap in the face. I'm a 2nd lieutenant in FDF reserve, so I have basic understanding of tactics in a battle. Also I've played video games since early 80s and FPS games since first Wolfenstein. On top of that I've been paintballing enough to know that there is enough realism in video games and paintballing to match real military tactics. However, anything I knew about combat, tactics and fighting at that point was usless.
In the game there were three teams and you, so pretty much everybody you see is an enemy. Megazone is mostly about movement and speedy tags of any visible opponents. The worst thing that can happen to you there is that you're unable to fire your weapon for 8 seconds. During a 25 minute round that's not too dangrous. In paintball or war you're out on the first "tag", here you aren't, it's just a game of accumulating points.
My handle in the game was Macro (in the Red team), so being 8th out of 14 wasn't that good. Tactically the maze was a nightmare! In the original Wolfenstein it was possible to be hit only from front, back or sides. In Megazone there were 2 floors, but it was a metal grid walkway making it possible to shoot trough. That made it 5th direction where getting hit was possible. At best I found couple locations where it was possible to get some cover and get hit only from two directions. The only even semi-functional tactic I found was to ignore any defence, cover and cautiousness. Just going recklessly forward and out-gunning everybody on a reaction seemed to work good. Also sniping people long-range was a really good tactic, sometimes I could do 4-5 people from a single position. They never saw me. I also did try attacking enemy bases and defending own base, but they were totally pointless exercises in futility, I spent too much time trying to figure out the value of those.
Quite an improvement in points and ranking. I was best in our team and 3rd in total!
Megazone was great fun, but with my background, it'll never be my favorite thing. I want to see my opponents suffering when I hit them, in laser tag that doesn't happen.
Wednesday, January 6. 2016
Every now and then I need a paper copy of something. In Finland, which to my observations is quite far advanced in the paperless processes (working environment or otherwise), that's rare. The obvious exception to the rule is bookkeeping and banks. They won't live without a hard-copy of something. For the purpose of producing a printout I have a Samsung color laser printer. When it was new, I even made a humorous note of it.
The general grievance about modern printers is, that they cost around € 200,- and almost immediately run out of [insert a name of expensive supply product here]. In my case, nothing else than all colors cost way above € 300,-. But that's not my rant-of-the-day, I knew all about that when I decided to have the unit shipped to my front door. Korean engineers @ Samsung made the actual process of changing a color cartridge a very simple one. I have to say, that hardest part in that is un-boxing the new ones. They are so tightly vacuum-sealed. So, no groaning about that one either.
I had replaced the black cartridge earlier, it always runs out first. In this instance, I replaced only the colour ones (CMY). So, only 3 useless boxes to throw out of the house.
From The Web, I found somebody having the same problem. This article is in Finnish, but it's pretty much about Samsung color cartridge not having any kind of recycling info in it. Samsun's rep reponnds, that "oh yes, there are instructions". This is the only thing I found about the subject:
It says to go to www.samsung.com/printer/recycle for information. I did and landed at Samsung S.T.A.R Programme (Samsung’s Takeback And Recycle). It has following information about returning used cartridges at How to return your used cartridge -page:
Looks like a valid customer return information required by postal services. Now the last thing is to go to a post office and leave the bundle there.
So, the information was there. Obviously the entire process is a bit more complex than just taking out the garbage, but I guess Samsung guys will properly handle all the troublesome waste there. That should save the Earth!
Sunday, November 15. 2015
Like last year, I happened to get me an advent calendar this year too. The layout is a classic 24 x 0,5L containing 24 lids for the days in random order:
There seems to be .... erhm.... problems transporting alcohol to Finland, and many European vendors have pulled Finland off their available destinations. Amazon.de still delivers Lieferello goodies to us, so I got my Drinks & Fun Die Weihnachtsbrauerei Bier-Adventskalender. The same thing at Lieferello site would be here.
Now I'm just waiting for the 1st of December.
Update 17th and 28th Dec:
Monday, March 23. 2015
When it comes to unlimited supply of failures, one of my absolute favorites is YLE. Whatever they try, they seem to fail at it.
They have stumbled with their on-line service (Areena) a number of times. It took them years and years, but recently it has been at level, semi-decent service, no major failures, works even on iPad.
As they are having an uphill fight with piracy and people not obeying the country limitations they are forced by distribution agreements, they did the only sensible thing anybody can do: if you're using a HTTP proxy, then you're out! The only natural ruling can be that anybody using a proxy is accessing their service from abroad.
The license of this radio show says that they will apply geo IP restrictions to it to limit audience in Finland only "( Kuunneltavissa vain Suomessa )". It will result in sorry-you're-not-in-Finland ("Ohjelma ei ole kuunneltavissa ulkomailla") and a refusal to play. However I am in Finland, I should be allowed access to that.
These guys are known for their inability to think smart. It is impossible to know if somebody abroad is using a Finnish proxy or not. The only possible detection method is checking for X-Forwarded-For HTTP-header.
That should be an easy fix. Let's see:
Whois information for their IP-block is:
Adding this to
... and restart will do the trick! Squid-proxy fully supports this kind of behavior with
Update 24th Mar 2015 and 1st Jan 2016:
Now they allow you to watch via proxy.
Saturday, March 7. 2015
Elisa is the biggest telco with number of customers and market share. Their consumer products are under Saunalahti brand, including their pre-paid data plans.
Pre-paid data plans:
None. All pre-paid and post-paid data plans are NATed. Post-paid 3G data plans have the possbility of changing into a non-NATed one, but that options is not available for 4G. This is total crap!
TeliaSonera is the 2nd biggest telco in Finland. As they operate also in Sweden, Norway and Estonia in general, it is the biggest corporation of these three.
Pre-paid data plans:
None. All pre-paid and post-paid data plans are NATed. Post-paid data plans have possibility of subscribing a service (for small fee), to allow public IP-address. Having a fixed IP instead a dynamically allocated one costs extra.
Pre-paid data plans:
All data plans are allocated a dynamically changing public IP-address.
List of open TCP-ports (IP-protocol 6) found with Nmap scanning my own IPv4-address:
I also tested other incoming IP protocols and they seem to pass without limitations. Running VPN or IPv6-tunnels is completely possible.
The obvious winner is DNA. It is affordable, no NAT, incoming access is possible, although limited. The only drawback is for people requiring lot of transfer, there is limit for amount of bytes. If you run out, just add another 6 month package, and you're good to go.
2nd place goes for TeliaSonera post-paid Opengate-connection. It is still affordable (17,- € / month, incl. incoming access 3G/4G), no transfer limits and allows full incoming traffic without filtered ports.
3rd place goes for Saunalahti one day pre-paid. It offers speed, no transfer limits, but I had trouble comprehending their system. As I already had a pre-paid SIM, all I had to do is to add credits to its account, but ... I somehow didn't manage to do it. I did do it before, but ...
Thursday, November 20. 2014
I survived Slush 2014.
It takes a lot of energy, but is worth it. The event itself is quite an experiment. 5 stages full of talented people talking about their ideas and what they did wrong or right to deserve the right to be speaking to all of us. All the parties that are taking place, when the actual event is not will also consume a lot of energy.
Of all the events, speeches and pitches my personal picks are (I intentionally didn't include those, to whom I'm somehow affiliated with):
Sunday, November 16. 2014
For many many years I haven't waited the christmas that anxiously, that I would have an advent calendar. Not even a chocolate one. This year I chose to make an exception to that. I got a recommendation to get a proper one from Lieferello.de. Here it is:
This calendar contains 24 (as any advent calendar does) cans of beer. Nice! Finally a good reason to count days for the 1st of December.
If you want to order one, here is the direct link to Die Weihnachtsbrauerei Bier.
Thursday, October 2. 2014
When I first saw an ad popping from my Windows 7 system tray I was pretty convinced, that my computer had been hijacked, keylogger installed, all my files sent to a Chinese server and police knocking down my door, because my machine is serving cp-pics in a torrent network. Then I realized, that the advertisement is about Nero. A software, that I bought and installed voluntarily. See:
As you can see from the dates on the pictures, that I've been waiting for this to happen again. This time I was ready and could confirm, that the culprit was indeed Nero. It is totally unclear to me, if I agreed to this in end user license agreement, but that's what they are doing. Perhaps I also gave the birth rights of my first born son like F-Secure did in London (see: Londoners give up eldest children in public Wi-Fi security horror show). Anyway, I'm not exactly happy, that they choose to do this. Nobody knows what else are they doing.
By googling, I found out, that I'm no alone with this problem. Nero's own discussion forum has a thread with topic Why do you think it's acceptable to spam people's PCs?, and there is actually removal instructions.
There is an own folder for Nero and in it, there is a NeroInfo running at install time every 2 days. It most certainly does not display ads every time it runs, but there is the master of this botnet somewhere giving instructions on when to run and what to display. Just delete the task:
Now it should stay off for a while! This is a fine specimen of paid software screwing you to the ass.
Wednesday, July 23. 2014
One day I got an e-mail from Google+ saying: "HQ Code Shop Oy hasn't shared anything on this page with you". I was more than puzzled. Sure I haven't shared anything with myself on Google+.
All it said was: "We are sorry, but you do not have access to this service. Please contact your domain administrator for access". Aow come on! Why did you have to create a page for something that you don't own and don't let the owner to control!
Yes, I have Google+ enabled for myself. However, that didn't change anything. I still was not able to manage my own company's page.
It says "Add or edit your local business listing on Google Maps" next to Google Places -service, which I hadn't subscribed. I enabled that and hey presto! Suddenly I was able to manage the page. Naturally I had to pass the automated phone call test from Google, but I finally got control of my own property.
This is yet another shame-on-you-Google -thing they do while going towards world domination.
Friday, May 2. 2014
My blog has been on a low maintenance mode, due to the fact that I had other engagements. I was moving to a new house which has an FTTH or Fiber to the Home -connection.
The incoming connection is a 1000BASE-BX Ethernet and the connection carries also a IPTV streams in it. Of the given 1 Gbit/s I'm currently purchasing 250 Mbit/s downlink and 50 Mbit/s uplink. This costs me ~60 € per month. Not very expensive for such a quality bit, huh? There is a one-time building cost for 1800+ € for the connection, but that is not slowing me down.
In detail the connection is implemented with an Ethernet fiber to copper media converter and a CATV-module doing IPTV to DVB-C (SD-channels) and DVB-C2 (HD channels) media conversion. During the setup, the fiber-guy first built couple of meters of indoors cabling connected to the thick ground fiber. Indoor fiber connects to a Swedish made Inteno FG500 box. It looks like this:
In the first picture, there are 4 gigabit Ethernet (copper) connectors and a power connector to the CATV-module. Ethernet ports 1 to 3 are routed with a firewall and NAT, but luckily the port 4 is a bridged one and that's the one I'm using. From that I can get a public IP-address directly from ISP's DHCP-server.
The box splits into two halves, CATV and the "regular" Ethernet part. Parts are connected via power and fiber connectors:
The router has internal IP-address of 192.168.1.1 and it contains very typical web-interface for managing the box. Management looks like this:
WAN-parts are configured to copper Ethernet-ports with interface grouping:
It took me a while to figure all this out. It really matters to which LAN-port the cable is connected to. The WLAN-part can be deactivated and I did just that. I dislike those integrated crappy boxes very much, they are unreliable, insecure and what else ... Being a Linux-man I want to use my favorite Linksys and DD-WRT for any wireless needs.
This has got to be the best part of having a FTTH. The speed! Oh my god! Here are some sample results:
When analysing the results, two things come to my mind. First, Speedtest.net and the measuring servers it has don't go beyond 100 Mbit/s in any conditions (the software displays a maximum of 100 Mbit/s in it). Second, when measuring really fast speeds like I have here, the measurements are very unreliable and the results vary quite a lot when running number of tests in a sequence. In all cases, the downlink measurement is never 100 Mbit/s or even near it. 88 Mbit/s is pretty far from 100, or from the 250 Mbit/s what I'm paying. The uplink measurements are even worse. Those servers don't expect to be hit that hard (perhaps they see a DoS-burst?). Finally, ping 0 ms does not sound very reliable either. I'd assume 2-3 ms to be a best reading in the optimal conditions.
I've been running with this connection for a couple days only, but the assumption is that the uptimes it can keep are amazing. An ADSL-connection is pretty stable, but a fiber should be the rock-solid way to go, that's what I'm expecting from it.
Update Oct 2014:
Speedtest.net indeed goes beyond 100 Mbit/s:
Thursday, February 20. 2014
I was renewing a SSL-certificate for a customer. They had been using GeoTrust earlier, so I went there. It was the first and most likely the last time I do business with them.
The order process was pretty similar to the competition. A CSR was submitted and all the necessary information was given. After submission there was a thank you -page and they sent an automated e-mail with information that the order is pending, and will be processed after 5 to 7 business days.
After that, nothing. After waiting for 12 days out of with 8 were business days, my patience ran out. I contacted them and requested to expedite the process. Yet another business day passed, and then they called me after 7 in the night and informed, that there was a mistake in the information I had gave them. I corrected the info, got automated e-mail about it and went into yet another wait.
Two more days later they sent an e-mail that the verification call to customer failed. Their mail had the number in it and it was obvious, that they assumed that the customer was located in USA. Even though, the information stated Finland as the country. I got an e-mail about that too.
At the point, when they issued the new certificate, I was surprised. Against all the odds, they managed to verify the customer in less than three weeks. The real suprise was, that at that point their e-mail replies started pouring in. The lag in their e-mail processing was huge. Last of the replies came 6 days after the certificate was issued. It's beyond stupid, that none of the communication I had with them were actually recorded for the purchase process. Apparely all of them went to a distant support site, which has nothing to do with any of their other actions or operations.
Is it just me, or does GeoTrust's way of doing business suck?
(Page 1 of 2, totaling 29 entries) » next page
RSS feeds of this Blog