GeoTrust service sucks!
Thursday, February 20. 2014
I was renewing a SSL-certificate for a customer. They had been using GeoTrust earlier, so I went there. It was the first and most likely the last time I do business with them.
The order process was pretty similar to the competition. A CSR was submitted and all the necessary information was given. After submission there was a thank you -page and they sent an automated e-mail with information that the order is pending, and will be processed after 5 to 7 business days.
After that, nothing. After waiting for 12 days out of with 8 were business days, my patience ran out. I contacted them and requested to expedite the process. Yet another business day passed, and then they called me after 7 in the night and informed, that there was a mistake in the information I had gave them. I corrected the info, got automated e-mail about it and went into yet another wait.
Two more days later they sent an e-mail that the verification call to customer failed. Their mail had the number in it and it was obvious, that they assumed that the customer was located in USA. Even though, the information stated Finland as the country. I got an e-mail about that too.
At the point, when they issued the new certificate, I was surprised. Against all the odds, they managed to verify the customer in less than three weeks. The real suprise was, that at that point their e-mail replies started pouring in. The lag in their e-mail processing was huge. Last of the replies came 6 days after the certificate was issued. It's beyond stupid, that none of the communication I had with them were actually recorded for the purchase process. Apparely all of them went to a distant support site, which has nothing to do with any of their other actions or operations.
Is it just me, or does GeoTrust's way of doing business suck?
Led Lenser K2 vs. MagLite Solitaire LED
Saturday, February 8. 2014
A while ago I a friend send a link to Jamie and Adam Tested -YouTube channel. I'm a fan of Mythbusters, so he knew that I'd love their stuff. One of the videos they have there is Inside Adam Savage's Cave: Hacking a Flashlight for Adam's EDC. So, I felt that I should blog about flashlights too.
Last year my old and trustworthy MagLite Solitaire broke down after serving me well for 18 years and I had to get a replacement. My old Solitare became un-fixable due to some sort of stress in the inside plastic parts. They broke down to a number of new pieces that didn't fit anymore. Apparently my key chain with number of keys in it cause stress to a flashlight's guts.
In the above video Adam is doing a hack to his JETBeam. Me as a Leatherman man I went for a Led Lenser (apprently they are owned by same company). Model K2 to be specific. However it turned to be a mistake. The LED is bright, it really is, and the flashlight is really tiny, but its aluminum body is not built to be hung in a key chain and stuffed into a pocket over and over again. It broke after 8 months of "usage". Actually I didn't use the lamp that much, but ... It broke. Aow come on! My previous lamp lasted for 18 years!
Here is a pic of the broken Led Lenser K2 (the short one) next to my new flashlight:
Thankfully my favorite flashlight company is back! I don't know what MagLite did for 15 years or so, but they certainly lost the market leader position by not releasing any new products for a very, very long time. So... after failing with Led Lenser I went back to MagLite. Their new LED-products are really good and I got one of their new releases a Solitaire LED. I'm hoping it lasts a minimum of 18 years!
Change iCloud account in iOS 7 - Is it possible?
Sunday, February 2. 2014
The way Apple chose to implement changing iCloud-account is far from making any sense at all. The phrase "Delete Account" puts every users' imagination into high gear. By clicking this red button what could possibly go wrong! Does it implode your entire iCloud-account with all the data in it so that everything is gone permanently and forever? Or does it simply disconnect that particular iOS device from the Apple's cloud?
Image courtesy of http://assets.ilounge.com/images/articles_jdh/ask-20121114-1.jpg
Apparently it is the latter one. The user interface is really poorly designed, no matter what. I think the idea was to scare users from testing what happens if they click it.
The discussion-thread in Apple's forums (HT4895 How do I change my iCloud account to my new apple ID?) is one of the sources for confirmation, that it does not wipe your account. It just detaches that particular device from your cloud-account.
To actually change the device to use a new iCloud account is much more tricky, as the article points out. And on top of that, iMessage, Facetime and AppStore still need to re-connect separately. Luckily that's not a big deal at that point.
However, if you combine changing the account with taking a new iPad into use, then you see a flood of e-mail from Apple. The e-mails come from different systems at Apple, but it certainly made me laugh a for a while. There are e-mails from Find My iPhone (my device was iPad), then there are security notifications about Apple ID being used in a new device and when all is set up, there is the welcome to a new device -mail. It would sound like a better idea to switch the account into some sort of changing-devices -mode, but they don't have that yet.
The good thing is that it is possible to change accounts. The bad thing is that they implemented the bare minimum of it.
Worst mobile app ever? Danske Bank's mobile pay
Monday, December 16. 2013
Danske has a huge ad campaign here in Finland about the new mobile payment system. You can send and receive money simply by using a phone number. I'm not going to dwell into the security issues of such a system today, because what could possibly go wrong! Ok, I'll give them that they have limited the damage by built in a cap of the amount you can transfer, 250,- € per day and 15.000,- € per year. So, in any unfortunate event people are not going to much (if 250,- € is all you have, then ... it's another story).
Anyway. I got the app from the App Store and started their registration process. It's long. It's tedious. It'll drive you crazy. Looks like they don't want your business.
The information they ask during registration:
- First name, last name
- E-mail address
- Phone number
- Credit card number
- IBAN-number of your bank account
Not a problem. I have all of those. But guess who has all the information in the same phone, you're supposed to enter the data. Typically that's not a problem. A simple task switch to password vault software, copy the numbers and back to registration.
Now the idiots who designed and wrote the app expect everybody to know and type long series of input data. Nobody ever does that! That's what the mobile computers are for: they store data and make it possible to copy and paste it between apps. But these design geniuses chose not to use anything standard. If you switch apps between registration, the entire process needs to be started over. Nice! Really nice thinking. The paste won't work anyway, so ...
Definitely this is a good example of now not to write apps.
How not to process bug reports - The Red Hat way
Wednesday, November 27. 2013
Over 5 years ago I filed a bug report about GCC crashing during ImageMagick compilation on RHEL 5. Nobody at Red Hat cared about that until couple days ago. Funny thing. At the time I had the issue, I simply kept the old ImageMagick and completed the project with that one. It would have been nice to have a more recent version, but since the new one would not compile, I just forgot about it.
Now the Red Hat guy Jeff is just being stupid. Why would anybody care anymore? Why did he have to do the obligatory works-for-me / need-more-information -routine. Now, at this point its just insulting, since they ignored the issue when it was actually present. Who would use RHEL 5 anymore. Not me.
Fixing Google's new IPv6 mail policy with Postfix
Friday, October 18. 2013
I covered Google's new & ridiculous e-mail policy in my previous post.
The author of my favorite MTA, Postfix, Mr. Wietse Venema offered a piece of advice to another poor postmaster like me in the official Postfix User's Mailing list "disable ipv6 when sending to gmail?"
The idea is to use Postfix's SMTP reply-filter feature. With that, postmaster can re-write something the remote server said into something useful to alter Postfix's behavior. In this case, I'd prefer a retry using IPv4 instead of IPv6. Luckily the ability of dropping down to IPv4 is already built in, the only issue is to convince Postfix that what Google said is not true. For the IPv6-issue they state that the e-mail in question cannot be delivered due to a permanent error. A status code of 5.5.0 is given in this case. What Wietse suggest is to re-write the 5.5.0 into a 4.5.0 which indicates a temporary failure. This triggers the mechanism to do an IPv4 attempt immediately after failure.
I added following into /etc/postfix/main.cf:
# Gmail IPv6 retry:
smtp_reply_filter = pcre:/etc/postfix/smtp_reply_filter
Then I created the file of /etc/postfix/smtp_reply_filter and made it contain:
# Convert Google Mail IPv6 complaint permanent error into a temporary error.
# This way Postfix will attempt to deliver this e-mail using another MX
# (via IPv4).
/^5(\d\d )5(.*information. \S+ - gsmtp.*)/ 4${1}4$2
Reload Postfix just to make sure the main.cf change is in effect, no need to postmap the PCRE-file.
Effectively the last line of Google error message:
550-5.7.1 [2001:-my-IPv6-address-here- 16] Our system has detected
550-5.7.1 that this message does not meet IPv6 sending guidelines regarding PTR
550-5.7.1 records and authentication. Please review
550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more
550 5.7.1 information. dj7si12191118bkc.191 - gsmtp (in reply to end of DATA command))
will be transformed into:
450 4.7.1 information. dj7si12191118bkc.191 - gsmtp (in reply to end of DATA command))
And my mail gets delivered! Nice. Thanks Wietse! Shame on you Google!
Thanks Google for your new IPv6 mail policy
Wednesday, October 16. 2013
The short version is: Fucking idiots!
Long version:
Google Mail introduced a new policy somewhere in August 2013 for receiving e-mail via IPv6. Earlier the policy was same for IPv4 and IPv6, but they decided to make Internet a better place by employing a much tighter policy for e-mail senders. Details can be found from their support pages.
For e-mail Authentication & Identification they state:
- Use a consistent IP address to send bulk mail.
- Keep valid reverse DNS records for the IP address(es) from which you send mail, pointing to your domain.
- Use the same address in the 'From:' header on every bulk mail you send.
- We also recommend publishing an SPF record
- We also recommend signing with DKIM. We do not authenticate DKIM using less than a 1024-bit key.
- The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR record. Otherwise, mail will be marked as spam or possibly rejected.
- The sending domain should pass either SPF check or DKIM check. Otherwise, mail might be marked as spam.
First: My server does not send bulk mail. It sends mail now an then. If the idiots label my box as a "bulk sender" (whatever that means), there is nothing I can do to help it.
Second: I already have done all of the above. I even checked my PTR-record twice. Yes, it is in the above list two times using different words.
Still, after jumping all the hoops, crossing all the Ts and dotting all the Is: they don't accept email from my box anymore. They dominate the universe, they set new policies, start to enforce them without notice and fail to provide any kind of support. At minimum a web page to fill in couple of fields to a form to test how they perceive your server and give a result what to fix. But no. They don't do that, they just stop to accept any email.
To provide matching words for their search engine, I post a log entry (wrapped to multiple lines) from my Postfix:
postfix/smtp[6803]: A82C94E6CE:
to=<my@sending.address.fi>,
orig_to=<the@recipient's.address.net>,
relay=aspmx.l.google.com[2a00:1450:4008:c01::1b]:25,
delay=0.76,
delays=0.04/0/0.35/0.37,
dsn=5.7.1,
status=bounced (host aspmx.l.google.com[2a00:1450:4008:c01::1b] said:
550-5.7.1 [2001:-my-IPv6-address- 16]
Our system has detected 550-5.7.1 that this message does not meet IPv6 sending guidelines regarding
PTR 550-5.7.1 records and authentication.
Please review 550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more 550 5.7.1 information.
qc2si10501687bkb.307 - gsmtp (in reply to end of DATA command))
I'm not alone with my problem. Easily a number of people complaining about the same issue can be found: Gmail, why are you doing this to me? and Google, your IPv6-related email restrictions suck. Most people simply stop using IPv6 to deliver mail to Google. My choice is to fight to the bitter end.
While complaining the un-justified attitude I get from Google, I got a piece of advice: "Why don't you check what Google's DNS thinks of your setup?". I was like "WHAAT? What Google DNS?"
In fact there is a public DNS offered by Google. It is described in article Using Google Public DNS. I did use that to confirm that my DNS and reverse-DNS were set up correctly. I typed this into a BASH-shell:
# dig -x 2001:-my-IPv6-address- @2001:4860:4860::8888
It yielded correct results. There was nothing I could do to fix this issue more. As it turned out, I did not change anything but after a couple of days, they just seemed to like my DNS more and allowed my email to pass. Perhaps one of these days I'll write something similar to my open recursive DNS tester.
Idiots!
Microsoft buying Nokia's mobile phone business
Tuesday, September 3. 2013
This has been in the rumors for a long time. The Finnish pride Nokia chose to exit their Devices & Services branch now that Lumia phones are finally getting popularity. It is kind of a sad day for Finnish ICT-industry as the biggest company divests roughly half of itself with a very cheap price. Lot of people, including me, were waiting for Microsoft to buy out entire corporation. Any business transactions of this size take months to prepare, if not years. So, most of the rumors from early 2013 appeared to be true. Our beloved (NOT!) "mole-man" or "Microsoft agent" Mr. E-flop managed to push the corporation's value down so that his seat for CEO of Microsoft could be granted with this move.
This is also a good day for Finnish ICT-industry, as lot of what-iffing can stop, and people can concentrate doing actually good things.
Bullshit floating around:
- Part of Finnish national identity was lost: Sure thing, Nokia was our own pride and joy, but things keep changing get used to it! After all Nokia did fuck up their own business with having too much pride for not to see what others were doing. Not to mention their horrible reorganizations that managed to completely kill their ability to innovate. I was proud what they did in the 90s and how they ruled the mobile world then, but not how they managed to get too cocky in the 00s.
- Nokia was about to go bankrupt: No, according to their Q2 2013 interim report, they had assets for 4,4 billion €, does not sound like bankrupcy to me
- Nokia was about to abandon Windows Phone and go to Android: I don't think so, Lumia was starting to sell like hotcakes
- Press is stating that "Microsoft bought Nokia": Idiots! No they did not! They purchased Devices & Services division. Lot of Nokia is still left. Neither did Google acquire Motorola, they just got Motorola Mobility division. There is a difference there.
- Nokia should have chosen platform X instead of Windows Phone:
- Apple iOS: really not available
- Blackberry: perhaps, ready platform, low on features, but Nokia guys could have done something with it, not as ready-to-go as they'd hope
- Palm / webOS: naah, too old crap, HP was ready to eject it, though. Price would have been cheap, but same story as Blackberry.
- Nokia's own MeeGo: Technically superior to anything, the trouble was that they put a lot of money into it, and due to their own organization's mis-management they could not produce anything real in time and decided to sink it. New platform is lacking developer community, though. Ex-Nokia people bought it and formed a new company Jolla.
- Android: Buggy, insecure, totally dominated by Asian companies like Samsung, LG and HTC. Really difficult to create something innovative with cheaper price. Totally out of the question.
- Windows Phone: History has proven that Nokia really managed to get it working. Trouble is that Microsoft has very slow development cycle. They're not accustomed working in mobile field at all. Perhaps Microsoft will now detach Windows Phone from Windows completely and allow them to move rapidly.
- Microsoft made a mistake when they did the acquisition: I don't think so. Their PC-business is fading and they really want to expand. Mr. Ballmer has set the vision to be a devices & services business and that's what they bought.
- Finland will lose lot of ICT-jobs: Why would Microsoft move the mobile phone development to Redmond? They have a proven track record of that not working. Also what many people are afraid of, is Microsoft scaling down the mobile business. Why would they do that? They just spent 5,4 billion € for it, why would they kill it after that? So, I don't think this will have a major impact on ICT-workforce.
- Nokia will have a grim future: Well, no. They divested the division not doing any profits. They kept their patent portfolio which is generating 1 billion € revenue each year. They have plenty of money, probably they'll just purhcase Jolla and start doing nice mobile phones again.
Windows Azure web sites in West Europe data center
Tuesday, July 2. 2013
Well ... you cannot create one. They're just saying that there are "capacity issues" and due to that "West Europe was turned off for new subscriptions a short while back".
Is the old M$ is back? They very conveniently forget to tell you that when you're setting up your storage and servers, you cannot have a web site on top of them. Nice. Wouldn't it be great to know that during setup-phase?
They must be really doing well in Microsoft to treat users that badly.
I'm sure that popularity of their service wasn't a surprise to them
either. Yet another nice example of bad communication from a big corporation.
Windows Azure trial purchase on IE10
Wednesday, June 26. 2013
This was pretty funny one. I was about to start a Windows Azure 30-day trial on Windows 8 with Internet Explorer 10, but it failed on payment options.
I waited for 10 minutes, but no avail. It was pretty obvious that a failure was imminent after 30 seconds of nothingness. The payment just hangs forever without doing anything. They simply never tested it on IE10. On any other browser I tried it works just ok.
Syncro Soft <oXygen/> XML Editor - Avoid! Avoid! Avoid!
Tuesday, June 11. 2013
When doing XML-editing, I always use a suitable editor for that. Recently I've been using oXygen XML editor. It has all the features I need, I like it and naturally I bought a license. On a minus side, it is Java-software, and lately I've been disliking Java very much.
A while ago, they released a new version of 15.0. They appropriately informed me about the new version and said to check the upgrade availability. They have a nice reminder -form to check what you purchased from them the last time.
There is one thing they fail to mention. If you purchase today, and don't want to pay extra $100 for software upgrade service, and they release a new version tomorrow, you won't be eligible for a free upgrade. That's how they perceive you, a paying customer, a stupid lamb not to have paid them for a service they don't tell any details about.
There is a huge number of software companies operating on different basis. First you purchase their software. At that point they give you (typically) 12 month upgrade-period free-of-charge. Then at that point, they ask if you'd like their product that much to start paying for a service. You can agree or decline. If you agree, you'll be hoping that they release often enough to get your money's worth. On the other hand, you can choose to purchase updates whenever you feel like doing it. The software company respects you and operates on a honest basis.
I'll be taking my business elsewhere. Any recommendations for a XML-editor?
Wuala (LaCie): Stop using the Java!
Wednesday, April 17. 2013
My cloud storage choice has been LaCie's (the hard drive company) Wuala. The main reason why I did choose Wuala is in their Privacy Policy:
2. Stored Content
Wuala encrypts all your files before they leave your computer. They are encrypted such that only you and those you have authorized can decrypt them. Even LaCie cannot decrypt them unless you have made them public or share them by secret weblink and access them with your web browser. In the latter case, the encryption key is temporarily sent to our web server as part of the URL for the purpose of serving the requested data.
They do exactly like Kim's MEGA. They encrypt everything so that even they can not access it (or at least that's what they claim to do, nobody has yet proven that wrong, though). That is: unless you choose not to encrypt the data, or publish the decryption key, but then it is an another story.
The sad thing is that they use Java on client-side to do the access. Java Runtime has been described as a disease in an article in the Forbes magazine. They're right. It is a disease. In Wuala's own discussion forum there are a number of happy customers pleading to stop using Java.
What really pisses me off is that on my 64-bit Windows 7, the only reason to have a 32-bit JRE is Wuala. All my other software utilizes the 64-bit version I also have installed. Whenever a new JRE version comes out, I need to update both versions. Also I simply cannot use Wuala on all of my computers. For security reasons, I refuse to install Java Runtime into them.
Wuala: Stop using Java now! Please.
Sonera changed DNS-names for broadband pool dynamic IPs
Saturday, February 23. 2013
I've been having Sonera (or TeliaSonera) Internet connection for ages. Occasionally I refer to my own IP with the DNS-name and now they chose to change them. It looks like they chose to change the subscriber identifier part of FQDN to indicate IPv4 address instead of some sort of internal identifier.
Typical Sonera broadband dynamic IP-address' reverse-DNS FQDN has format:
- Connection type: (fixed: dsl or cable)
- City identifier: always 3 characters
- Gateway identifier: (example: brasgw1)
- Subscriber identifier: hex-decimal -combo
- Dynamic broadband pool identifier: (fixed: dhcp.inet.fi)
A regexp would be:
^(dsl|cable)-([a-z]{3})([a-z0-9]+)-([0-9a-f]{6,}-\d{1,3})\.dhcp\.inet\.fi$
The old subscriber identifier had 8 hex digits, a dash and 1-3 decimal digits. For example: fe82eb00-56
The new subscriber identifier has 6 hex digits to represent the first 3 bytes of IPv4 address, a dash and 1-3 decimal digits for the last byte of IPv4 address. For example IPv4 address of 21.32.43.54 would be: 15202b-54
Wishful thinking: Are they finally preparing to offer IPv6?
Google shaving off 1% on AdSense payments?
Saturday, February 23. 2013
On my Google AdSense payment history: Jan 28 2013: Invalid Traffic - AdSense for Content
They reduced my monthly payment with about 1% of the total sum. No explanations, no nothing. They're just claiming that I'm not following the mutual agreement made about AdSense usage policy and provide no proof of that. Quite literally they're saying is that I'm abusing the system to gain extra payments out of Google and if not abusing the system, I'm a liar because I don't admit doing that. Nice!
There is a discussion thread Help to identify Invalid Traffic Source in the Google AdSense in English support forums. Lot of people having this issue since December 2012, and no possibility of tracking who clicked what to cause the alleged invalid clicks.
This is not about the 1% of lost revenue, it's about me being called a liar and not introducing any kind of evidence what I did. The AdSense payments fluctuate a lot anyway, they somewhat correlate with visitor flow, but sometimes Google issues more expensive ads which yield more cost-per-click. Then again they issue cheaper ads with lower CPC. Since they get to control who gets what, in the end it is a zero-sum-game and on a monthly payment differences equal out resulting something that correlates the site visitor flow. But this 100% control is not enough for them, they don't want to pay out what they're agreed to do and get 101% of control.
It is needless to say this, but I'm doing it anyway: This sucks like a Kirby vacuum cleaner scam!
ISP rebooting cable
Monday, January 7. 2013
Looks like my ISP (Sonera) loves to boot my cable modem on first monday of each month at noon(ish). Must be something regarding deactivating those boxes who did not pay the bills.
Sonera: Not cool, guys!