Category Archives: Technology

Used up the coupon codes

Since nobody wanted my coupon codes, I ended up getting the following for a whopping 1.17€ (incuding VAT)


The first three are obviously for my Dynamic DNS service.  Want a subdomain one one of these (or  Give me a sign.

The one was just because I tried so many .eu and nothing interesting was free, so I typed that and it was available.  No idea what I’m going to do with that.  Dynamic DNS service is also ok, I think.

Now, came on a whim.  These .me domains work best with a verb, like “help”, “instruct”, etc… Obviously, “” came up in my mind and even more obviously, it was taken.  But, was free.  Too good to let it slide.
I might setup email forwarding for it, so I can give LuxTrust an email like “”.  I’ve got 1000 free forwards, so I might even give them away to anyone who wants. *grin*

The attentive reader will notice that the .com at 50% off is not listed.  That’s the only one I managed to give away.

Free .xyz domain logo, downloaded from the Gandi Image Library

As I mentioned in my .lu 3-letter domain analysis, I got a few codes at Gandi to get certain TLDs for free or at discount for one year. In all fairness, I have not much use for them and the cool ones seem to be long gone. After the free first year, I’ll have to pay for them any way. I have 9 domain names (ignoring those where I’m marked “technical contact” only and ignoring, owned by my father), which totals to 202.50€ per year. For a private person and just for a hobby, that’s do-able, but not exactly cheap. Okay, hobbies cost money. C’est la vie.

I also, offer Dynamic DNS services to friends and family. I have two domains dedicated to this, namely and The former is for nerdy friends over the world, who want their home connection to be accessible. The latter, I mainly use for family so I can support them using RDP over SSH or VLC over SSH. You can’t ask me to get one under that domain, I decide that for you.

Basically, you could have something like pointing to your home connection, and all through the magic of some scripts and two VPSes I rent (one in the US, one in the EU, for redundancy). I can, however, understand that the doesn’t appeal to many non-Luxembourgish nerds.

So, if there would be any interest, I could get a few extra domains for the Dynamic DNS service. The codes at Gandi, I have are:

  • 3× .xyz for free
  • 1× .me for free
  • 1× .eu for 1€
  • 1× 50% off for a .com

I checked, stuff like “”, “home-connection.xzy” and “” are still available. Personally, I have trouble finding anything with .me that makes sense and is available and the rest are for-pay. Now, of course, if you have a great idea for either of the ones listed above, you can tell me.

Now, if you think my Dynamic DNS service is good as-is and really, really, really need that the coupon for your own usage, just ask nicely. I might even be in a good mood and just give it to you. The coupons expire the 1st May 2015.

Three letter ccTLD domains

The Ring of ccTLDs #3

The Ring of ccTLDs #3 by Grey Hargreaves.
Creative commons license, found on Flickr.

My registrar of choice, Gandi, had its 15th anniversary this month. Apparently, I’ve been a customer for 15 years too. Has it been that long? Anyway, they gave away prizes and I’ve got codes for three free .xyz, one free .me, a .com at 50% and a .eu at 1€. To be entirely frank, I have no idea what to do with any of those codes1, but as you do when you get something for free, you tend to look what’s up for grabs. As the shortest, non-grandfathered, domain names you seem to be able to get are three letters long, I tried a few for .xyz and to my surprise I saw that the corresponding .lu was free.

That was a surprise. I’d have expected that most, if not all, three letter .lu domains would be taken. So I decided to investigate. A quick one-liner pounded the whois servers, and, well, I got banned quite quickly at my work IP address. I should have foreseen that. You might have seen a Facebook status about it, and someone suggested to first look whether there are DNS records2 and, then, and only then do the whois checks3. I decided to do exactly that and I ended up with 14291 three letter domains that have no valid DNS entries. That’s an amazingly a small amount. There are 26×26×26 = 17576 possibilites4, which means only 19% of all three letter .lu domain names have DNS entries.

Now, what? That’s way too much for bulk querying the whois servers and I had no desire to get my home IP blacklisted. My plan was to do one whois every 20 minutes, but that would make nearly 200 days. I decided to go manually over the list and pick the ones that caught my eye. I’m human, I get bored, so that’s probably why I selected more at the beginning of the alphabet. Anyway, I selected 87 domains for investigation and it turned out that 71 of those were not registered. Some examples (but really, just a few):

  • : “ado” is French for teenager.
  • : Advanced Encryption Standard. Neat to have as nerd.
  • : Nobody in the demo scene got this? Seriously?
  •,, and : Yes, you can still have the full metasyntactic-variable sequence. That “” is isn’t taken, is simply amazing.
  • : I am so tempted to get this one.
  • : For an auction site?
  • : In French “la fac” is pretty much the colloquial equivalent of university.
  • : The Germans will understand.
  • : All hail Richard Stallmann!
  • : If you don’t know why, you need to have your perversion levels adjusted.
  • : Ok, this one only means something to me. Online I get referred to as JTS. I don’t know when people started to do that, but I guess it’s because “jawtheshark” is too long.
  • : Not a number. Another nerdy one.
  • : Neeeeerd! You should also take, which is also available.
  • : The cake is a lie, but the pie isn’t.
  • : Optical character recognition. I could see value in this if you’re in document management.
  • : Calling the photography nerds… or for weird porn.
  • : Again, I’m so tempted to take this one.
  • : I should get this one, just for when I need to go freelance and want to offer virtualization services.
  • : Because I really got sleepy after going through so many domain names.

You can get the full list of the ones I verified as “not registerd”. (List without DNS entries) A .lu is free to register for everyone, worldwide and costs about 25€ per year.

Apparently, while creating this post, I opened up the wrong list, namely the DNS verified one. My mistake. A few listed here are not free and haven’t been for a while. Those are and No metasyntactic-variables for you. Sorry.

1I could add a few to my “free-for-friends” dynamic DNS. For now you can only get a subdomain of
2 Script used: for domain in `echo {a..z}{a..z}{a..z}`; do if [[ -n `host $ | grep NXDOMAIN` ]]; then echo $; fi; done > threeletters.txt
3 Script used: for domain in `cat selected-domains.txt` ; do QUERY=`whois ${domain} | grep "% No such domain"` ; if [[ -n "${QUERY}" ]]; then echo ${domain} is free ; fi ; sleep 1200 ; done > available-threeletter.txt
4 Ignoring numbers, which would expand the search space a bit more.

Update on the Debian kernel bug.

It might not be caused by the kernel, but by the Xen hypervisor.  What I did up to know:

  • I installed the problematic kernel in a virtual machine (DomU) while the host (Dom0) was running Jessie and a thus different kernel.  Within that environment, no problem occurred.
  • I reinstalled Wheezy on the machine, but this time, I did not install Xen and did exactly the same dd command.  The problem did not arise.  (I also simplified the disk setup and upgraded my BIOS to the latest version, for good measure.  It shouldn’t make much of a difference, I was surprised there was a new BIOS in the first place)
  • Being confident, it might perhaps be caused by the disk setup (Originally I had 4 disk raid6 with one spare, and now I simply have a 2-disk raid1, with no spares), I installed Xen and rebooted.  When I tried the dd command, I got my Oops.

Conclusion:  the error only seems to occur on a Dom0 while using Xen.  It can be avoided by upgrading to Jessie.

While that is good news for the new setup, it still implies that under no circumstances, I can reboot hammerhead before mako is ready.  It might of course be linked to AMD specific code, but I’m really not willing to take that risk.

I wonder if I should file a bug with the Debian kernel team.

Recently, I decided to reinstall my old self-built rack server (AMD A6-3650, 16GB RAM, Asus F1A75-V PRO)  It wasn’t really being used and since I want to reconfigure my Dell R210-II, I decided the AMD should, at least temporary, take over the Dells tasks.  Yes, I know it’s not real server hardware, and yes, I think of buying another R2xx when I’ve got a bit money to waste, which is not now.

So, I installed Debian Wheezy and the Xen Hypervisor on it, as always using PXE, which means you end up with an installation that is fully up-to-date, unlike my other machines who tend to have older kernels because I rarely see a reason to reboot.

Then, one of the first things I tried was to clone a disk over network ( dd if=”/dev/vg0/vm-root” | ssh root@mako “dd if=/dev/vg0/vm-root”).  I have done these things before, and I know they work.  It’s not the quickest way, but I had my reasons to do as such.  Thing is: I got a kernel oops.  While only a “oops”, it does make the system unstable so a reboot is truly recommended.

I thought it would perhaps be a fluke, so I tried again… Same thing, so I removed the networking component and tried a simple dd if=/dev/zero of=/dev/vg0/big-lv bs=1073741824 and, yes again a kernel oops.  It looks something like this:

Feb 11 23:00:08 mako kernel: [ 8450.177200] BUG: unable to handle kernel paging request at ffff88013f800000
Feb 11 23:00:08 mako kernel: [ 8450.177222] IP: [<ffffffff811b3e27>] clear_page_c+0x7/0x10
Feb 11 23:00:08 mako kernel: [ 8450.177237] PGD 1606067 PUD bdd89067 PMD bdf86067 PTE 0
Feb 11 23:00:08 mako kernel: [ 8450.177256] Oops: 0002 [#1] SMP 
Feb 11 23:00:08 mako kernel: [ 8450.177268] CPU 2 
Feb 11 23:00:08 mako kernel: [ 8450.177272] Modules linked in: fuse btrfs crc32c libcrc32c zlib_deflate ufs qnx4 hfsplus hfs minix ntfs vfat msdos fat jfs xfs reiserfs ext3 jbd ext2 efivars xen_gntdev xen_evtchn xenfs nfsd nfs nfs_acl auth_rpcgss fscache lockd sunrpc bridge stp loop radeon ttm drm_kms_helper eeepc_wmi snd_hda_codec_hdmi psmouse asus_wmi sparse_keymap snd_hda_intel snd_hda_codec rfkill drm snd_hwdep snd_pcm powernow_k8 mperf pl2303 snd_page_alloc power_supply serio_raw pcspkr i2c_piix4 evdev snd_timer k10temp wmi snd usbserial soundcore button processor thermal_sys ext4 crc16 jbd2 mbcache dm_mod raid456 async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq md_mod usbhid hid sg sd_mod crc_t10dif r8169 mii ohci_hcd ahci libahci xhci_hcd ehci_hcd libata igb i2c_algo_bit i2c_core dca scsi_mod usbcore usb_common [last unloaded: scsi_wait_scan]
Feb 11 23:00:08 mako kernel: [ 8450.177604] 
Feb 11 23:00:08 mako kernel: [ 8450.177610] Pid: 4221, comm: sshd Not tainted 3.2.0-4-amd64 #1 Debian 3.2.65-1+deb7u1 System manufacturer System Product Name/F1A75-V PRO
Feb 11 23:00:08 mako kernel: [ 8450.177630] RIP: e030:[<ffffffff811b3e27>]  [<ffffffff811b3e27>] clear_page_c+0x7/0x10
Feb 11 23:00:08 mako kernel: [ 8450.177647] RSP: e02b:ffff8801f1f17b30  EFLAGS: 00010246
Feb 11 23:00:08 mako kernel: [ 8450.177658] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200
Feb 11 23:00:08 mako kernel: [ 8450.177669] RDX: ffffea00045e4000 RSI: 0000000000000000 RDI: ffff88013f800000
Feb 11 23:00:08 mako kernel: [ 8450.177681] RBP: ffffea00045e4000 R08: 0000000000000000 R09: 00000000000401d7
Feb 11 23:00:08 mako kernel: [ 8450.177693] R10: 0000000000000002 R11: 0000000000000fc4 R12: 0000000000000000
Feb 11 23:00:08 mako kernel: [ 8450.177704] R13: 0000000000000000 R14: 0000000000000000 R15: ffff8801f1f16000
Feb 11 23:00:08 mako kernel: [ 8450.177718] FS:  00007f7904fce7c0(0000) GS:ffff8803cb500000(0000) knlGS:0000000000000000
Feb 11 23:00:08 mako kernel: [ 8450.177734] CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
Feb 11 23:00:08 mako kernel: [ 8450.177745] CR2: ffff88013f800000 CR3: 000000014239e000 CR4: 0000000000000660
Feb 11 23:00:08 mako kernel: [ 8450.177757] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Feb 11 23:00:08 mako kernel: [ 8450.177769] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Feb 11 23:00:08 mako kernel: [ 8450.177781] Process sshd (pid: 4221, threadinfo ffff8801f1f16000, task ffff8803b356e100)
Feb 11 23:00:08 mako kernel: [ 8450.177796] Stack:
Feb 11 23:00:08 mako kernel: [ 8450.177804]  ffffffff810bb8cd ffff8803cb515628 ffffea00045e4000 0000000000000000
Feb 11 23:00:08 mako kernel: [ 8450.177830]  00000001000280da ffffffff00000041 00000003caf73025 ffff8803cb72ac08
Feb 11 23:00:08 mako kernel: [ 8450.177856]  ffff8803cb72ac00 0000000081004f2f 0000000000000030 ffff8803cb72ac08
Feb 11 23:00:08 mako kernel: [ 8450.177882] Call Trace:
Feb 11 23:00:08 mako kernel: [ 8450.177894]  [<ffffffff810bb8cd>] ? get_page_from_freelist+0x57a/0x665
Feb 11 23:00:08 mako kernel: [ 8450.177907]  [<ffffffff810bbb3e>] ? __alloc_pages_nodemask+0x186/0x7ab
Feb 11 23:00:08 mako kernel: [ 8450.177921]  [<ffffffff810d1a97>] ? handle_pte_fault+0x298/0x79f
Feb 11 23:00:08 mako kernel: [ 8450.177933]  [<ffffffff81004e44>] ? pte_pfn_to_mfn+0x26/0x77
Feb 11 23:00:08 mako kernel: [ 8450.177945]  [<ffffffff8100569f>] ? __xen_set_pte+0x11/0x51
Feb 11 23:00:08 mako kernel: [ 8450.177957]  [<ffffffff810e6ee9>] ? alloc_pages_vma+0x12d/0x136
Feb 11 23:00:08 mako kernel: [ 8450.177969]  [<ffffffff810d1964>] ? handle_pte_fault+0x165/0x79f
Feb 11 23:00:08 mako kernel: [ 8450.177981]  [<ffffffff810cefaf>] ? pmd_val+0x7/0x8
Feb 11 23:00:08 mako kernel: [ 8450.177992]  [<ffffffff810cf02d>] ? pte_offset_kernel+0x16/0x35
Feb 11 23:00:08 mako kernel: [ 8450.178005]  [<ffffffff81353e74>] ? do_page_fault+0x320/0x345
Feb 11 23:00:08 mako kernel: [ 8450.178018]  [<ffffffff81095461>] ? arch_local_irq_save+0x11/0x15
Feb 11 23:00:08 mako kernel: [ 8450.178029]  [<ffffffff81095e17>] ? __call_rcu+0x21/0x12c
Feb 11 23:00:08 mako kernel: [ 8450.178041]  [<ffffffff8110b26f>] ? dput+0x27/0xee
Feb 11 23:00:08 mako kernel: [ 8450.178052]  [<ffffffff810fc21e>] ? fput+0x17a/0x1a1
Feb 11 23:00:08 mako kernel: [ 8450.178063]  [<ffffffff810eb3fb>] ? arch_local_irq_restore+0x7/0x8
Feb 11 23:00:08 mako kernel: [ 8450.178074]  [<ffffffff81351415>] ? page_fault+0x25/0x30
Feb 11 23:00:08 mako kernel: [ 8450.178084] Code: 20 4c 89 4c 24 48 c7 44 24 08 10 00 00 00 48 89 44 24 18 e8 8c f9 ff ff 48 83 c4 58 c3 90 90 90 90 90 90 90 b9 00 02 00 00 31 c0 <f3> 48 ab c3 0f 1f 44 00 00 b9 00 10 00 00 31 c0 f3 aa c3 66 0f 
Feb 11 23:00:08 mako kernel: [ 8450.178270] RIP  [<ffffffff811b3e27>] clear_page_c+0x7/0x10
Feb 11 23:00:08 mako kernel: [ 8450.178283]  RSP <ffff8801f1f17b30>
Feb 11 23:00:08 mako kernel: [ 8450.178291] CR2: ffff88013f800000
Feb 11 23:00:08 mako kernel: [ 8450.178436] ---[ end trace c0e1c75d9283be10 ]---
Feb 11 23:00:08 mako kernel: [ 8450.178466] note: sshd[4221] exited with preempt_count 1
Feb 11 23:00:08 mako kernel: [ 8450.178971] BUG: scheduling while atomic: sshd/4221/0x10000001
Feb 11 23:00:08 mako kernel: [ 8450.179002] Modules linked in: fuse btrfs crc32c libcrc32c zlib_deflate ufs qnx4 hfsplus hfs minix ntfs vfat msdos fat jfs xfs reiserfs ext3 jbd ext2 efivars xen_gntdev xen_evtchn xenfs nfsd nfs nfs_acl auth_rpcgss fscache lockd sunrpc bridge stp loop radeon ttm drm_kms_helper eeepc_wmi snd_hda_codec_hdmi psmouse asus_wmi sparse_keymap snd_hda_intel snd_hda_codec rfkill drm snd_hwdep snd_pcm powernow_k8 mperf pl2303 snd_page_alloc power_supply serio_raw pcspkr i2c_piix4 evdev snd_timer k10temp wmi snd usbserial soundcore button processor thermal_sys ext4 crc16 jbd2 mbcache dm_mod raid456 async_raid6_recov async_memcpy async_pq async_xor xor async_tx raid6_pq md_mod usbhid hid sg sd_mod crc_t10dif r8169 mii ohci_hcd ahci libahci xhci_hcd ehci_hcd libata igb i2c_algo_bit i2c_core dca scsi_mod usbcore usb_common [last unloaded: scsi_wait_scan]
Feb 11 23:00:08 mako kernel: [ 8450.181496] Pid: 4221, comm: sshd Tainted: G      D      3.2.0-4-amd64 #1 Debian 3.2.65-1+deb7u1
Feb 11 23:00:08 mako kernel: [ 8450.181530] Call Trace:
Feb 11 23:00:08 mako kernel: [ 8450.181560]  [<ffffffff8134a2be>] ? __schedule_bug+0x3e/0x52
Feb 11 23:00:08 mako kernel: [ 8450.181591]  [<ffffffff8134f4a5>] ? __schedule+0x85/0x610
Feb 11 23:00:08 mako kernel: [ 8450.181621]  [<ffffffff8110b26f>] ? dput+0x27/0xee
Feb 11 23:00:08 mako kernel: [ 8450.181652]  [<ffffffff81042090>] ? __cond_resched+0x1d/0x26
Feb 11 23:00:08 mako kernel: [ 8450.181682]  [<ffffffff8134fa7f>] ? _cond_resched+0x12/0x1c
Feb 11 23:00:08 mako kernel: [ 8450.181713]  [<ffffffff81049a2a>] ? put_files_struct+0x65/0xad
Feb 11 23:00:08 mako kernel: [ 8450.181743]  [<ffffffff8104a02c>] ? do_exit+0x292/0x713
Feb 11 23:00:08 mako kernel: [ 8450.181774]  [<ffffffff8107130f>] ? arch_local_irq_disable+0x7/0x8
Feb 11 23:00:08 mako kernel: [ 8450.184239]  [<ffffffff81071307>] ? arch_local_irq_restore+0x7/0x8
Feb 11 23:00:08 mako kernel: [ 8450.184271]  [<ffffffff81350e3f>] ? _raw_spin_unlock_irqrestore+0xe/0xf
Feb 11 23:00:08 mako kernel: [ 8450.184304]  [<ffffffff81048345>] ? kmsg_dump+0x52/0xdd
Feb 11 23:00:08 mako kernel: [ 8450.184336]  [<ffffffff81350e3f>] ? _raw_spin_unlock_irqrestore+0xe/0xf
Feb 11 23:00:08 mako kernel: [ 8450.184368]  [<ffffffff81351d14>] ? oops_end+0xb1/0xb6
Feb 11 23:00:08 mako kernel: [ 8450.184399]  [<ffffffff81349d8b>] ? no_context+0x1ff/0x20e
Feb 11 23:00:08 mako kernel: [ 8450.184430]  [<ffffffff81349619>] ? pmd_val+0x7/0x8
Feb 11 23:00:08 mako kernel: [ 8450.184460]  [<ffffffff81349638>] ? pte_offset_kernel+0x16/0x35
Feb 11 23:00:08 mako kernel: [ 8450.184491]  [<ffffffff81353d0a>] ? do_page_fault+0x1b6/0x345
Feb 11 23:00:08 mako kernel: [ 8450.184522]  [<ffffffff81004e44>] ? pte_pfn_to_mfn+0x26/0x77
Feb 11 23:00:08 mako kernel: [ 8450.184553]  [<ffffffff81004375>] ? __raw_callee_save_xen_make_pte+0x11/0x1e
Feb 11 23:00:08 mako kernel: [ 8450.184584]  [<ffffffff81351415>] ? page_fault+0x25/0x30
Feb 11 23:00:08 mako kernel: [ 8450.184615]  [<ffffffff811b3e27>] ? clear_page_c+0x7/0x10
Feb 11 23:00:08 mako kernel: [ 8450.184646]  [<ffffffff810bb8cd>] ? get_page_from_freelist+0x57a/0x665
Feb 11 23:00:08 mako kernel: [ 8450.184677]  [<ffffffff810bbb3e>] ? __alloc_pages_nodemask+0x186/0x7ab
Feb 11 23:00:08 mako kernel: [ 8450.184709]  [<ffffffff810d1a97>] ? handle_pte_fault+0x298/0x79f
Feb 11 23:00:08 mako kernel: [ 8450.184739]  [<ffffffff81004e44>] ? pte_pfn_to_mfn+0x26/0x77
Feb 11 23:00:08 mako kernel: [ 8450.184770]  [<ffffffff8100569f>] ? __xen_set_pte+0x11/0x51
Feb 11 23:00:08 mako kernel: [ 8450.184800]  [<ffffffff810e6ee9>] ? alloc_pages_vma+0x12d/0x136
Feb 11 23:00:08 mako kernel: [ 8450.184831]  [<ffffffff810d1964>] ? handle_pte_fault+0x165/0x79f
Feb 11 23:00:08 mako kernel: [ 8450.184862]  [<ffffffff810cefaf>] ? pmd_val+0x7/0x8
Feb 11 23:00:08 mako kernel: [ 8450.184892]  [<ffffffff810cf02d>] ? pte_offset_kernel+0x16/0x35
Feb 11 23:00:08 mako kernel: [ 8450.184922]  [<ffffffff81353e74>] ? do_page_fault+0x320/0x345
Feb 11 23:00:08 mako kernel: [ 8450.184954]  [<ffffffff81095461>] ? arch_local_irq_save+0x11/0x15
Feb 11 23:00:08 mako kernel: [ 8450.184984]  [<ffffffff81095e17>] ? __call_rcu+0x21/0x12c
Feb 11 23:00:08 mako kernel: [ 8450.185014]  [<ffffffff8110b26f>] ? dput+0x27/0xee
Feb 11 23:00:08 mako kernel: [ 8450.185044]  [<ffffffff810fc21e>] ? fput+0x17a/0x1a1
Feb 11 23:00:08 mako kernel: [ 8450.185074]  [<ffffffff810eb3fb>] ? arch_local_irq_restore+0x7/0x8
Feb 11 23:00:08 mako kernel: [ 8450.185105]  [<ffffffff81351415>] ? page_fault+0x25/0x30

Okay, a Debian stable kernel causing kernel oopses?  Nah, can’t be…  Damn, probably the memory is broken.  As such, an overnight memtestx86+ is scheduled and in the morning, it tells me everything is just fine.

At this point, I worry that it truly is a kernel bug.  I verify my other machines and none of them run 3.2.65-1+deb7u1, but all of them have it installed already.  Unlike Ubuntu, Debian doesn’t seem to amass old kernels in /boot.  I would have tried using an older kernel, but somehow I didn’t find the magic apt invocation to do so.

I still wanted to verify whether it’s the kernel causing this, so I upgraded the AMD machine to Jessie.  After I did so, I tried the same tests as on the original install and it works exactly as expected.  No more oops.

I also realize that my other machines are a reboot away from instability!  Scary thought.  Now, I’ll probably just trash the system, try wheezy again and see whether the problem comes back.  If so, it must be kernel bug.  The question is whether I should report it to the Debian kernel team.  I’m not sure I can really help them, also I could just ignore it and go Jessie (getting rid of systemd isn’t all that hard on a server as I found out today).

“Sex Tape” is implicity condoning piracy

FBI Anti-Piracy Warning

FBI Anti-Piracy Warning by bizmac
Creative commons license, found on Flickr

A while ago, I went to see “Sex Tape” with my wife. It’s a moderately entertaining movie that’s got its moments and is good enough for an evening of light entertainment. The story itself and the associated technological premise is ludicrous, but I’m willing to suspend disbelief on that. There is however, one thing that stuck me: the movie is basically condoning piracy, even though they don’t seem to really realise it. From a movie coming from Sony, I’d expect a bit more paranoia.
Now, if you want to go to see the movie, stop here, as I’ll have to explain the plot in order to follow my argumentation.

Basically, the story is as such: Couple makes sex tape to spice up their sex life using an iPad. The movie gets accidentally uploaded to “The Cloud” and is automatically distributed to all (Apple) devices ever owned by the couple. Incidentally, they gave away some “old” iPads to friends and acquaintances (and the mail man). Now, why these iPads were not wiped by the previous owner, is explained as following: The owner, the man in the couple, working in the music industry (!), explains that the iPads are just a “container” for the real present, namely the “playlists” he makes.

Whoa! Stop right there! They are trying to tell us that giving away iPads fully, associated with your user account (because that’s what’s required to get connected to his part of the cloud) and all the music the guy owns on his iPad, is totally okay?. I mean, the guy is sharing playlists, but for these playlists to work, you actually have to have access to the music itself. I mean, sure, I can give you a playlist of my favourite Pink Floyd songs, but that wouldn’t help you at all to listen to them legally, provided you already own all Pink Floyd albums. Logically follows, that the guy in the movie is simply aiding unauthorized distribution of music, which is affectively called “piracy”. Sure it’s under his account, but that doesn’t make it right. Ok, fine, your normal Joe Sixpack surely doesn’t know he’s doing something wrong, but a guy working for the music industry? You want me to swallow he doesn’t know what’s right or wrong regarding music distribution? You want me to think he doesn’t know anything about the legal status of distributing music? No, I can’t really see how that is possible whatsoever, and I am ignoring all computer-related problems the movie has.

Of course, this I’m supposed to do the whole suspension of disbelief thingy, but really, I expect better from an industry that claims billions of lost sales due to so-called piracy.

What is your Facebook “username” any way?

My previous rant is wrong.  Well, not in the sense that I’m going to admit that “email-as-username” is the greatest idea on earth.  I still think it’s dumb, and some people I respect a lot disagree.  I’m still not convinced.

No, a little bird tweeted me the following:

@jawtheshark changing the email for facebook won’t help … you can use your actuall username to login, no need for email adress

— Pit Wenkin (@PitWenkin) August 13, 2014

Wait?!?  What?  That vanity URL, I took back in the day also counts as my username?  Hands up, who knew that?  I most certainly didn’t.  I tested it from within a Private Browser session, all the following worked:

  • My “jawtheshark” gmail.
  • My “jorg.willekens” gmail.
  • My work cellphone
  • My private cellphone
  • My facebook vanity url nickname and by extension my facebook email.

Basically, pretty much anything that could identify me can now be used as a username to be logged into Facebook.  I am not really sure if that is a good idea.  So, I didn’t fix Flirty’s problem, since her “attacker” could use any of the above if he knows about the existence of them and they’re pretty much public.

The username/email conundrum

Email icon / Hand Drawn Web Icon Set by Pawel Kadysz

Hand Drawn Web Icon Set by Pawel Kadysz. Free for commercial use

Flirty, our Executive Assistant, looked rather down and tired today. Sure, she is a ranty German chick as we know and love them. She mostly on a friendly-flirt basis with me in the sense she calls me “honey” and I call her “sweetheart”. All in good natured humour, naturally. She looked stressed out.
While working with executive divas is straining, it was clearly something else. It came out rather quickly: Her Facebook had been hacked or at least someone was attempting to hack it.
Now of course, we all are familiar with the occasional “Your account has been accessed from Bumfuck, Elbonia, was that you?“.  Usually, it just means some silly hacker got hold of a username and tried a few attempts.  Nothing much to worry about.  This, however, was so much more worrying.  The login-attempts came from the city she lives in. First of all, kudos to Facebook detecting that.  It sure as hell isn’t only geolocation that’s used for detection.

It does mean, however, that most likely someone she knows is trying to hack her Facebook.  Why?  Who knows, it’s none of my business.  What it also means, is that changing her password was not enough.  These messages and attempts would continue, since the person trying this knows her username,

I told her to see whether her email provider allowed aliases for her current email (I was astounded: it did!  Yay, for that provider!), and told her to use the new alias as her Facebook login instead of her normal email address.  (Note: you do need to delete the original one, because you can use all your registered emails to log in!  Try it.  I wasn’t aware of that.)  I’m pretty sure this will fix the issues.  I’d have loved to set up two factor authentication, but it requires to install the Facebook Application for her phone, and she didn’t want that.  Fair enough.

I think that will fix her issue, but it does highlight a problem, that has annoyed me more than once: the insistence of using email addresses as login credentials.  I have no idea who came up with that, but he needs to  be stomped in the balls.  Along with those people who thought it was a great idea and adopted it.  That’s a lot of stomped balls.
You, see, most “normal” people have at most two email addresses: a private one and a work one.  Yes, yes, I have half a gazillion, and so do you, but my mom doesn’t, neither does my wife or in this case Flirty.

It means that, by definition, anyone knowing such a person will know the “username” you have to use on so many sites.  Now, I do realize usernames are not secret, and they never have been, but this “email-as-a-username” system servers the “username” to wannabe hackers on a silver platter.

Now, sure, they still have to guess your password.  They’re not going to come in, unless your password is very weak. The situation indicates that “someone she knows” tried this, which puts the odds of a correctly guessed password much higher.  To less technical users, those notifications of someone attempting a login, especially from the city where you live, are very scary.  I’m glad Facebook does this, but it makes non-techs freak out.

Never mind that in the bigger picture, spam lists can now be used to try to authenticate against a plethora of services, like iTunes, Facebook, etc…  Sure, the odds are low, I do realize that, but once someone starts using a list where you are on, you might be annoyed quickly.

There is another problem with this, by the way, which is unrelated to Flirty’s problem.  I had this particular misunderstanding with my mother in law.  Given so many services rely on the “email-as-a-username” system, she started to be totally unable to differentiate between accounts.  To the point she thought she had an account on a website she never registered with, but tried to login with her email address using her (real) email addresses password.  Imagine someone was logging that!
This is complicated even further by the fact that different services have different requirements for passwords making it impossible to give all accounts the same password.  Yes, I know this is a very bad security practice[1], but hey, I don’t want her to call me every time a password is required.  So it is good that her iTunes and email password aren’t identical, but it is very bad for her as she doesn’t have a clue what is going on.  Yes, yes, “education” and “informed users”… blah, blah… Can you tell I’m jaded?

Basically: “email-as-a-username” is flawed.  The only positive things I can see about is that it’s easy to remember and a password reset is easy…. provided the email is still active and it didn’t get compromised itself.

Perhaps I’m missing something? If so, feel free to inform me.

Footnote [1]
I realise that someone is going to say “use a password manager”, which is a wonderful technical solution.  Except of course, for normal users this complicates the whole thing even more.  I’m not even a fan of password managers, because I don’t want the data stored on a server that is not under my control and I want the information still globally available.  Best I’ve found is to use pass, on a machine to which you have ssh access.  Covers my requirements, but definitely isn’t for Joe Sixpack.



iMess with your messages

iMessage chatI want to start off with the Hanlon’s razor:

Never attribute to malice that which is adequately explained by stupidity.

I’m going to talk about iMessage and about what I perceive as technologists making myopic decisions about how something should work. If you’re reading this you are most likely in IT, and perhaps even a programmer: we are trained to look for edge cases, trying to imagine the worst case and still having the damned thing work. Also, if you are in IT, you are aware about the hub-hub going around that Android switchers are penalised for the switch as text messages sent from iPhone users never arrive. I am, by now, convinced it is totally caused by the developers of iMessage living in a tech ivory tower. However, this is not what I’m going to talk about: I’m going to talk about iPhone users being unable to communicate in certain edge cases.

Some background:
An iPhone can send SMS, the “speech bubbles” in such a conversation are green. The way they are sent are through your cellular network: it works even if you have no data connection at all, not even GPRS. SMS is part of the GSM specification and is considered “best effort”. Despite that, it is incredibly reliable.
Contrast to iMessage, the blue “speech bubbles”, where a data connection is needed to send and receive messages. It doesn’t matter how you connect to the Internet, GRPS, 3G, Wifi Avian Carriers, as long as there is Internet. At first, you do think this is a rather reasonable condition, after all iPhone users are tech-savvy always-connected people who can’t live without their precious Internet. Right? Right?
How do I compose that sarcasm sign again?

The trouble is that iMessage, presents itself as a SMS (“Text Message”) replacement, without a way to revert back. Now first, I’ll tell you why it works so well in most settings. We, even the non-tech users, are pretty much connected 24/7 to the Internet in our daily lives. At home you have your wireless setup, at your workplace probably too, the Wireless of your preferred junk-food and junk-beverage places are configured and working. Even if that’s not the case, at least where I live, iPhones are sold with a reasonable data plan. You simply don’t care, anywhere in the country you are connected, which makes the difference between iMessage and SMS totally oblivious to the end-user and this is the typical “It just works” mentality that Apple is famous for. For iPhone users iMessage and SMS are the same thing.

First, to iMessages defence, I don’t know how it gets activated. Perhaps I did that myself, perhaps I clicked away an annoying dialog and accepted it one day. I don’t remember. Fact is, my wife, my mother in law and myself all use iMessage and I sure as hell didn’t “install” or “configure” it in the traditional sense. It was there, one day, and it worked. It might be my fault it has been activated.

So, here is how I found that iMessage has an unfixable problem, at least one I can’t fix, or I haven’t found the appropriate fix. The story involves three iPhone users, two of which are non-tech and yours truly.

My wife has been in Switzerland for surgery the last four weeks, and I made sure she could go on the hospitals wireless (Those Swiss sure know how to do wireless: the whole campus is flawlessly covered!). I even made sure she has my Ultrabook so she could waste all her time, trying to ignore pain. Well, that was of no use, as it seems that she basically uses her phone exclusively and she seems to use text messages all the time. I’m not big brother, but I know that at least her mother and me are those whom she communicates most with using SMS, of course, in reality that’s iMessage.

This works as, I’m always online and my mother in law has the “fuck-yeah-all-the-data-you-want” plan. Messages always arrive, life is sweet, the Internet is a blessing. Last weekend (I visit her every weekend), my wife tells me that her Mom can send her “texts”, but the texts she makes to her Mom never arrive.
This makes me look into the issue, and I realise: Mother in law is not in Luxembourg. She’s on vacation somewhere in Austria. That means roaming, and the default setting on iPhones is to disallow data roaming, which is a good thing. This means that my mother in law, does not have Internet connectivity. Knowing her, she will be unable to connect to public wireless hotspots.

To mother in law, everything looks normal. She is doing the same as always: sending “SMS” to her daugher and they arrive. The phone probably has the “Send as SMS” option activated, which falls back to SMS when no Internet connectivity is present. That is good. On my wifes side, however, her iPhone decides: “This is an iPhone, it can receive iMessage, so let’s send iMessage”. This is, I stress, not configurable. Not per number, not any where. So, my wifes messages to her mother disappear somewhere in a message queue somewhere on an Apple server to be delivered to her mother when her mother gets on the Internet, which will be in a week or two. Brilliant, just brilliant!

I have tried everything, deleting all Mother/Daughter threads on my wifes iPhone, deleting her moms contact entry in order to make it forget that it’s an iPhone and tell it that it’s a “mobile”. Nothing helped. There was no way to convince her iPhone to send SMS instead of iMessage to my mother in law. None.
I gave up in frustration and explained it to my wife, who was very patient and understanding, that we would have to disable iMessage and revert to SMS pure. It would be more expensive, as she is roaming too, but it at least she would be able to communicate with her mother and the problem would be gone. I did so, and indeed it worked.

Now think about this twice: at that point I did a major thinking error. Let me explain. That night I go to the hotel and about around midnight I get a text message from my wife whether I’m still awake. I was and I replied. To my surprise, I didn’t get a reply to my text. My logic error manifested itself, but I didn’t realise it yet. I only understood the next day: We shifted the problem. My phone was now insisting on sending iMessages to my wifes iPhone, but I totally disabled iMessage on her phone. Yup, my messages were now the ones being held somewhere on an Apple server. Of course, I could disable iMessage on my phone, but I have people at work using iPhones who write me iMessages, which I then would then not be able to get. I can’t do that, it is my work phone after all.

So, in the end, I had to put my wife before a choice: Be able to communicate instantly with me or with her mother. She chose me, which is flattering of course. I reactivated iMessage on her phone, which then caused a re-authentication and an SMS to a UK phone number, which will cost us money. Okay, not much, but I know it will.

This all boils down to the developers of iMessage being totally confident that people will have Internet connectivity on their iPhones at all times and not providing a fall-back method. This is provably not the case, especially to people who go to foreign countries. Apple employees do seem to know about this, after all the default setting for roaming is reasonable.
What should happen is that after a timeout period, the iMessage should be sent per SMS. This can be done, by relaying the “not able to send” information back to the phone and perhaps even asking for permission (or just do the damned thing transparently, you’re Apple for crying out loud). This would also fix the issue that Android switchers have. Alternatively, they could use a SMS gateway of their own. This does shift the cost to Apple, so it is understandable that they don’t want this.
Sure, it would delay the message a bit, but that seems totally acceptable. Delayed transmission is preferable over undelivery.
Also, let the user choose per contact whether to send SMS or iMessage. The information is there in the “contact” entry. If the number is specified as “mobile”, send SMS, if it is specified as “iPhone” it is send as iMessage and then use the fall-back mechanism to avoid situations like the one I described. At least, with such a system, I could have fixed it.

Now, I may have overseen something, or have misunderstood an option or setting somewhere. I am confident enough to tell you: If I did something wrong, this rant is totally irrelevant. If it is, I sincerely apologise to the iMessage developers. If not: please, get your act together, you are developing for non-tech users. Keep that in mind.

Call for ideas

A few months ago, an uncle of my wife asked me to help them modernize their IT.  Well, “modernize” means: Install a computer in the first place, with Internet.  So, given the best price/performance they could get was getting fibre, i told them which plan was most interesting for them with their preferred provider, built them a Ubuntu machine, set them up a domain name with associated info@ and called it a day.

I just – falsely – assumed that moving over to VoIP would be no big deal because you can attach your old handset to the FritzBox (the ISP provided router, which includes VoIP functionality.  I don’t like FritzBoxen much, but they do have a lot of functionality for the classic home user.  Anyway… The providers goons come on-site and it turns out that their telephone system is “not conform”, and that’s the nice way to put it.

Basically, what he didn’t tell me is that years yonder when he was just a mere apprentice and his father was the ruler of the company, the telephone company (monopoly, back in the day) did some hacks so a bell would sound in the workshop.  You know, that was kinda possible with 5V on the lines.  I admit, it was my mistake for not asking.  I kinda, should have suspected that a carpenter isn’t in his office all the time.  On the other hand, he might have told me about these things beforehand.  My suggestions would most likely have been different.
There are some other really bad hacks on their installation, but I told them to fix that with the phone company and it is mostly to do with sharing the line between a habitation and the workshop.  You gotta separate those two, if only because it’s a pain for customers calling you and Grandma picking up the phone.

Of course, the damage is done.  the interwebs work, but their phone system doesn’t any more.  The normal handset doesn’t ring any more, and the bells in the workshop, make a rattling noise at best.
My best bet is to replace their handset with a SIP Phone (I have snom 710 myself and they’re rather decent and interoperate perfectly with the FritzBox)

However, I have no idea what to do about the workshop ringer. Commercial SIP ringer exists, they just cost 250EUR++, which is, frankly, highway robbery. Ideally, I’d just put decent voltage on the existing wires, when there is an incoming SIP call. Detecting an incoming call could be done with a Raspberry Pi.  Up to  there, I’m good.

However, that’s the thing: I’m not a hardware guy.  Yes, I assemble computers and can do small things, but I have no idea how to tackle this.  What I understand is that I’d need to control a relay, somehow.  GPIO, or USB.  I simply don’t know and Googling seems to yield stuff from people who know what they’re doing.  Not very helpful to me.

Alternatively, could get one of those USB gizomos.  Put a CAT5 into the workshop, attach RPi to CAT5, attach gizmo to to RPi.  Activate upon incoming SIP call.  Something like that.

Really, this goes beyond my expertise, so perhaps any of you have better ideas or product recommendations?