Fixing DVD/CD drive which won't open

I fixed my DVD drive in my PC today. It had not been used for a long time (3+ years) and was originally purchased in 2010, if I remember correctly.

Issue: DVD drive would not open using eject command or the eject button on the drive.
Behaviour: When using eject command or button, the drive makes a "thud" kind of sound and then tries other things to test what is loaded and the busy indicator LED stops blinking after several seconds. Physical ejection of the tray works fine.

TL;DR: Change drive tray eject pulley belt.

After searching various forums and trying out different flags with the eject command, I saw this post and I thought I might as well give it a shot as the software eject methods had failed. Also, it was an excuse to shutdown the PC and give a thorough spring cleaning.

While I forgot to take the pictures of the work done, it isn't that difficult to perform. The LG DVD drive just had 4 screws at the bottom and three locking wedges for the face place. Once the 4 screws were taken off, the bottom plate came out easily by lifting it from the back and the easily taking it off from the bottom wedge. Next was the face plate which I tried to take out by unlocking the 2 side-wedges but it was not coming out easily. Then, I thought to ejecting the try out manually first - I used a straightened paper clip to push in the "eject hole" of the drive. When I tried opening the face place with the tray out, it came out easily.

At this point I was thinking of disconnecting various connections to remove the large circuit board that I could see but I realized by chance that the whole mechanism could come out without disconnecting the mother board. Removing the drive mechanism and turning it around - top part on top, showed me the motor and pulley for the drive tray.

I touched the drive belt and it did not have the softness that one would expect from a rubber belt. When I tried to move the pulley, it did not reliable move the belt along with it. This indicated that the required tension was not there and also the friction between pulley plastic and belt had reduced due to aging.

I replaced the belt with a rubber band of slightly smaller size that the pulley itself. Tests by rotating the pulley were successful. So were the eject commands after reassembly of the DVD drive. The DVD drive is working normally now.

Mechanical Keyboards: daskeyboard & DURGOD backlit

Recently, a couple of my keyboard's keys died. I tried the normal cleaning but they wouldn't work. They keyboard was a heavy HP keyboard and lasted more than a decade. I was not the original owner, so can't say how old it was. So, I was on the lookout for a new keyboard which would give me a feeling of proper keyboard and also last long enough. A few searches later, I noticed the mechanical keyboards. They have a proper mechanical switch rather than the standard rubber dome type contacts.

Switches for mechanical keyboards come in many different specifications and are usually defined by a colour. The most common and well respected brand for switches is Cherry MX. There are some other brands which maybe equivalent or just cheap knock-offs of the Cherry MX switches. Personally, I don't have any experience for non-Cherry MX switches for now.

For details on different type of Cherry MX switches, a good place to start is An Introduction to Cherry MX mechanical switches. Also, to read more about the manufacturer, see Wikipedia article.

After a few days of research, I went with the following:

1. Home - DasKeyboard 4 Professional with Cherry MX Brown switches $150 USD
2. Work - DURGOD Mechanical Keyboard (backlit) with Cherry MX Blue switches $129 CAD

 The DasKeyboard's Cherry MX brown switches (non-clicky, tactile) are smooth and don't require too much force to actuate, hence making it easy on the fingers. The Cherry MX Browns are rated at 50 million actuation, so will definitely last a long time. The build quality of the DasKeyboard 4 Professional is high quality too. It is relatively heavy due to the aluminum plate it supports - also helps it being more stable. Although the USB cable is not removable, it does support USB3.0 pass-through with two ports available on the keyboard for easy access. Last but not the least, the keyboard worked out of the box with a Debian/Unstable box including all multimedia buttons available on it.

Trying to keep the budget lower and also to try out the Cherry MX Blue switches (clicky, tactile), I went with a Chinese brand, DURGOD, model K320G87BL-LED. The blue switches are definitely clickety in nature and produce quite a bit of clicking sound which may annoy your coworkers. Hence the reason that people suggest not to use those in a open work environment. They keyboard is on the heavier side but a little lighter than the DasKeyboard 4 Professional. Its USB cable is removable and the connection type is USB-C! Can be used with modern Android smartphones too.

One thing common in both they keyboards is the typing experience. If you touch-type without looking at the keyboard, you will either see lesser mistakes while typing or a slight increase in speed. With practice, you can improve on both easily with a mechanical speed. The NKRO feature helps when you are typing really fast or playing a game. A traditional keyboard will not register the keys in correct order in these situations.

There is a whole world around mechanical keyboards. You can build your own by buying parts (frame, plate, circuit board, switches, etc.), or change the key caps with a coloured set or better quality plastic e.g. PBT or ABS. A good place to start, https://www.reddit.com/r/MechanicalKeyboards/ There are ton of  reviews of mechanical keyboards, sounds the switches make, etc. on Youtube.

If you have questions or comments about these two keyboards, post below.

pfSense 2.4.3_1 upgrade might fail at first attempt

If you have not upgraded your pfSense to the latest version (read release announcement for details on what was fixed: 2.4.3_1 released 14 May 2018), just be aware that there might be a hiccup during the upgrade. The upgrade fails with the interface showing the following:

My pfSense instance gave the above message and also the following in the system log:
May 21 19:20:10     php-fpm     61392     /index.php: Successful login for user 'admin' from: 192.168.34.12
May 21 19:22:33     check_reload_status         Syncing firewall
May 21 19:22:35     pkg-static         pfSense-upgrade upgraded: 0.42 -> 0.45
May 21 19:22:48     check_reload_status         Reloading filter
May 21 19:22:48     check_reload_status         Starting packages
May 21 19:22:49     php-fpm     61392     /rc.start_packages: Restarting/Starting all packages. 

I opened another tab in the browser and checked the pfSense GUI, and it still showed the old version. As per the release announcement, run the following command to refresh repository configuration:

pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade

and attempt an upgrade again. The second attempt has been reported to be successful most of the times. The issue is logged as a bug already.

Note: As always, before upgrade, take a backup of your configuration. Also, in case you are running pfSense in a virtual environment, take a snapshot before upgrade so that you can easily revert in case something happens that cannot be fixed.

Install Wordpress on Debian "The Debian way"

There are quite a few websites with instructions on how to install the "LEMP" {Linux,(E)Nginx, MariaDB, PHP}. A simple search brings in a few on the first page of results, so I won't list any links here.

Installing nginx, mariadb and php on Linux is quite straight forward and nicely documented in several of those pages. However, they all end with the following to install Wordpress using something like:

$ wget https://wordpress.org/latest.tar.gz

i.e. downloading it directly from wordpress.org. I use Debian on my servers and prefer to install packages using Debian's native package manager, apt. This way, they get all security updates using a single command.

So, I thought why not try to install Wordpress "The Debian way". My attempt to do that showed that it requires apache2 and some other apache2 modules too! This was odd when nginx-full, which provides httpd, was already installed.

user1@debian$ sudo apt install wordpress
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following additional packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils javascript-common libao-common libao4
  libapache2-mod-php libapache2-mod-php7.0 libapr1 libaprutil1 libaprutil1-dbd-sqlite3
  libaprutil1-ldap libflac8 libjs-cropper libjs-prototype libjs-scriptaculous liblua5.2-0 libogg0
  libphp-phpmailer libspeex1 libvorbis0a libvorbisenc2 libvorbisfile3 php-gd php-getid3 php7.0-gd
  ssl-cert vorbis-tools wordpress-l10n wordpress-theme-twentyseventeen
Suggested packages:
  www-browser apache2-doc apache2-suexec-pristine | apache2-suexec-custom libasound2 libaudio2
  libesd0 | libesd-alsa0 libpulse0 libsndio6.1 php-pear php-league-oauth2-client
  php-league-oauth2-google speex openssl-blacklist php-ssh2
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils javascript-common libao-common libao4
  libapache2-mod-php libapache2-mod-php7.0 libapr1 libaprutil1 libaprutil1-dbd-sqlite3
  libaprutil1-ldap libflac8 libjs-cropper libjs-prototype libjs-scriptaculous liblua5.2-0 libogg0
  libphp-phpmailer libspeex1 libvorbis0a libvorbisenc2 libvorbisfile3 php-gd php-getid3 php7.0-gd
  ssl-cert vorbis-tools wordpress wordpress-l10n wordpress-theme-twentyseventeen
0 upgraded, 32 newly installed, 0 to remove and 0 not upgraded.
Need to get 14.3 MB of archives.
After this operation, 71.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort!

If you look at Wordpress package details (apt show wordpress), it depends on "libapache2-mod-php or libapach2-mod-php5 or php or php5". Also, when installing php, we installed packages specifically php-fpm and php-mysql, it didn't install the packages php or php5. As the dependency list has libapache2-mod-php listed first, it asks for other dependent packages which inturn recommend apache2. To fix this, install package php and then install wordpress, and no apache2 packages will be required.

user1@debian$ sudo apt-get install php wordpress       
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following additional packages will be installed:
  javascript-common libao-common libao4 libflac8 libjs-cropper libjs-prototype libjs-scriptaculous
  libogg0 libphp-phpmailer libspeex1 libvorbis0a libvorbisenc2 libvorbisfile3 php-gd php-getid3
  php7.0 php7.0-gd vorbis-tools wordpress-l10n wordpress-theme-twentyseventeen
Suggested packages:
  libasound2 libaudio2 libesd0 | libesd-alsa0 libpulse0 libsndio6.1 php-league-oauth2-client
  php-league-oauth2-google speex php-ssh2
The following NEW packages will be installed:
  javascript-common libao-common libao4 libflac8 libjs-cropper libjs-prototype libjs-scriptaculous
  libogg0 libphp-phpmailer libspeex1 libvorbis0a libvorbisenc2 libvorbisfile3 php php-gd
  php-getid3 php7.0 php7.0-gd vorbis-tools wordpress wordpress-l10n
  wordpress-theme-twentyseventeen
0 upgraded, 22 newly installed, 0 to remove and 0 not upgraded.
Need to get 11.0 MB of archives.
After this operation, 59.9 MB of additional disk space will be used.
Do you want to continue? [Y/n]

You can continue with the rest of the configuration of Wordpress with help from https://wiki.debian.org/WordPress (configuration steps to be posted). Oh, and don't forget to setup HTTPS using certbot to use the SSL certificates from Let's Encrypt.

* the investigation several searches on the web, but the only place where I got helpful information was the good old lists.debian.org.

Note: all this was on a Debian 8.0/Stretch VM

XCP-ng Center works!

After the transition to XCP-ng, the free/libre edition, of xenserver, I installed XCP-ng Center, the free version of XenCenter to manage the xenserver. However, it failed to load using either the portable version or the installer version.

It turns out that the VM (on my desktop) that I was using to run XenCenter 7.0 was too old and did not have the required .NET Framework version (installer never indicated that .NET install was missing). That Windows 7 VM was only used when I wanted to manage the xenserver and then just shut down. So it was not even getting any updates since it was installed in 2016.

By chance, I thought of trying on another Windows 7 VM which I use just for browsing and there the installer asked to install .NET Framework 4.0 and 4.5 (installed 4.7.2). After that, XCP-ng Center 7.4 is working as expected with all features enabled.

Install XCP-ng 7.4.1 without lossing VMs on local disk

Recently, my xenserver (v7.0) dom0 had been experiencing ballooning of the memory used and pFsense, which handles routing, runs in the virutal environment, my local networking stopped and so did access to Internet. I have also been following the XCP-ng project and waiting for their release. The XCP-ng 7.4.0 was the first release (out 31 March 2018) but as being the very first one, I had decided to wait.

With the recent memory issue rearing its head multiple times in the last month, I checked the XCP-ng project for update and was pleasently surprised to see that version 7.4.1 was out. I downloaded the iso and dumped it on a usb stick using:

dd if=XCP-ng_7.4.1.iso of=/dev/sdX bs=8M status=progress oflag=direct

At this stage the installer disk was ready. I wanted to do a clean install, but did not want to loose my VMs which were on a separate SSD in the VM host server. I searched the web and found an article which matched what I wanted. Link: https://support.citrix.com/article/CTX136342

Read warning in  step 3 in the above article. My case was upgrading from 7.0 from pre-6.5 partioning scheme of xenserver. So, in my case it would have destroyed my local storage repository (SR) but the local SR was on a seprate data disk and it was safe. Next important thing to note is to not choose any disk for Virtual Machine storage (step 4). Rest was smooth sailing for the install.

Post-install, I skipped step 9 as my local SR was not on the OS disk. Followed the rest of the steps without any issue except that the xe pbd-plug (step 15) failed:

[root@xen1 ~]# xe pbd-plug uuid=73b3a9f5-998e-bd19-3d0e-b1085cd114fc      
Error code: SR_BACKEND_FAILURE_47
Error parameters: , The SR is not available [opterr=no such volume group: VG_XenStorage-627ed824-d806-7533-aa72-044f31b918a6],

It took some time to search on the web but the problem came out to be something quite simple: step 11 command for xe sr-introduce should have contained the option "type=ext" instead of "type=lvm":

# xe sr-introduce uuid=39baf126-a535-549f-58d6-feeda55f7801 type=ext name-label=”Local storage” content-type=user
I performed the remaining steps to plug the PBD and then used the instructions to restore the metadata. The VMs were there as earlier (check with xe vm-list)

Now the system is running the free version of xenserver, XCP-ng with all features. Next on the list is to get XCP-ng Center working. For now it crashes upon start when run on a Windows 7 machine.

Mozilla Firefox sends user data

Mozilla  Firefox is one of the top 3 most popular browsers used by users all over the world. Mozilla is among the organizations that have influenced the WWW in the past two decades in the direction of open and accessible web. Their most popular product is the web browser Firefox, the browser which broke the dominance of Internet Explorer about 10 years ago. Firefox's user base might have declined in the last few years with Google Chrome taking the top spot, however, it still is a safe option to browsing the WWW while being of the the fastest and least resource hungry web browsers.

During the recent Facebook and CA revelations of leaking data of users, I went over my own browser settings to verify that the options were set as to keep me safe and let our minimum amount of user data. For those who want to keep their own data safe while browsing using Firefox, the best is to disable data collection done by Firefox by going to Preferences > Privacy & Security > Firefox Data Collection & Use - and uncheck the two options as shown below:

Mozilla should work for the "Opt-in" option to be implemented for data sharing rather that the ubiquitous default of data sharing enabled and users having to "opt-out" to stop the data sharing.

PS: default settings from Firefox 59.0.2 on LMDE 2, with default options similar in Windows and MacOS builds.

CloudAtCost - performance update

The sage continues regarding CloudAtCost VM. In the earlier post, I detailed the the DNS response sluggishness, VM console performance and dial-up-speed like feeling when downloading updates from a Debian mirror.

Fast forward a few months, and my VM has been unresponsive almost every day with the sole option of rebooting it from the console. I opened a ticket on 12th of Oct and no response whatsoever from them till now!

Buying a real Japanese knife

Recently, I was looking for a Japanese knife made of VG-10 carbon steel, santoku or gyuto, 7"-9", and preferably damascus steel. I had bought one a few years ago as a present from Paul's Finest website and it was a good purchase. This time I was looking around at different websites and as I'm not a chef, I didn't want to spend too much on a knife.

I found an interesting series of knives labeled Japanese knives. The prices were very attractive along with VG10 steel, multiple layers, and pakkawood handles. However, these knives are not "Made in Japan" by a master knife craftsman. The details indicate that they are made with Japanese top grade steel (imported from Japan)!

So, when choosing to buy a real Japanese knife, it is very important to do your research as a good knife made by a Japanese master craftsman will stay with you for life (provided you sharpen the edge regularly). A good knife is an investment, so budget accordingly. Good places to go and learn about Japanese knife for beginners: Reddit Cooking, Reddit knifes, GlobeandMail article, blade types, about steels, knife sharpening basics.

PS: I'm waiting for the Hattori san's Santoku or Gyuto to become available.

CloudAtCost - VM performance pathetic

I had bought a VM (with one-time billing) last year in October. The price was the main attraction, $28. Also, it was not really for any kind of serious work.

However, over time the conclusion has been that the performance in general is pathetic. SSH login prompt takes about a minute or so to ask for password. This could be due to other issues, e.g. DNS response, so I thought it might be a one-time think i.e. at login only. However, the minute you are logged in to the console, simple commands like ls, uname, hostname, etc. take a few 10s of seconds to provide any kind of output.

Today has been the worst though. An apt update command took several minutes to get the updates from a us.debian.org repository, and apt upgrade command downloaded files at almost "dial-up era" speeds.
Get:24 http://http.us.debian.org/debian/ stable/main libxapian22 amd64 1.2.19-1+deb8u1 [983 kB]
Get:25 http://http.us.debian.org/debian/ stable/main openssl amd64 1.0.1t-1+deb8u2 [664 kB]
Fetched 49.7 MB in 12min 9s (68.2 kB/s)
Reading changelogs... Done
Preconfiguring packages ...


To top it all, was the error message below:
Message from syslogd@cacVM at Jun 5 17:07:31 ...
kernel:[2320366.614749] BUG: soft lockup - CPU#1 stuck for 22s! [mandb:1286]

SSH connection started at: 16:08:36
APT update and upgrade staus now 17:37:00
Progress: [ 52%] [###########################.........................]

Update:
Here are three commands run on the clouldatcost(CAC) VM compared to the same commands run on a VM on a homebrew Xenserver host.

Command	CAC VM output	xen VM output
~$ time date	Sun Jun 5 23:06:11 EDT 2016 real 0m3.468s user 0m1.296s sys 0m2.136s	Sun Jun 5 23:12:15 EDT 2016 real 0m0.002s user 0m0.000s sys 0m0.000s
~$ time uname -a	Linux cacGuest 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-1 (2016-03-06) x86_64 GNU/Linux real 0m6.387s user 0m1.372s sys 0m4.360s	Linux xenGuest 4.5.0-2-amd64 #1 SMP Debian 4.5.5-1 (2016-05-29) x86_64 GNU/Linux real 0m0.002s user 0m0.004s sys 0m0.000s
~$ time host google.com	google.com has address 172.217.2.142 google.com has IPv6 address 2607:f8b0:400b:80b::200e google.com mail is handled by 40 alt3.aspmx.l.google.com. google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 10 aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com. real 2m9.744s user 0m8.400s sys 0m51.124s	google.com has address 172.217.3.142 google.com has IPv6 address 2607:f8b0:400b:806::200e google.com mail is handled by 10 aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 40 alt3.aspmx.l.google.com. real 0m0.550s user 0m0.024s sys 0m0.008s

Waiting for pfSense appliance

Can't wait for the in-development μFW appliance for pfSense. It is expected to be out in 2016 Q3 i.e. as early as July! Here is a image of the product that pfSense devs have been teasing with.

Highlights

• Runs pfSense on ARM
• Size 74mm x 43mm, smaller than a credit card
• 2 GbE ports (not on USB 2.0!)
• 4GB eMMC and microSD card support

 

For full details head on to the product page at ADI Engineering. Also, initial version of manual for the μFW.

Extending LVM volume

An LVM setup on a physical disk helps to increase the logical volume size in case it is almost full. Steps to be able to extend a logical volume, when there is free space on the physical volume:

1. Unmount the volume
2. Check if there is free space on physical volume (if no, need to add physical volume and extend group first)
3. Extend logical volume using $> sudo lvextend -L+10G /dev/gp02/virtual
4. Run fsck on logical volume: $> sudo e2fsck -f /dev/gp02/virtual
5. Extend the file system on the logical volume: $> sudo resize2fs /dev/gp02/virtual
6. Mount the logical volume: $> sudo mount -t auto /dev/gp02/virtual /virtual

Where:
/dev/gp02/virtual - is the logical volume
-L+10G - adds 10 GiB to the logical volume

In case there is no free space left on the physical volume, one needs to add a new physical volume to the group and then extend the logical volume.

References:
LVM HowTo [tldp.org]
Debian LVM [debian.org]
Working with LVM [debian-administration.org]

pfSense 2.3.1 available.....almost

Warning: Upgrade your firewall after having a proper plan and back out option. As a minimum a snapshot before starting work and backup of the firewall configuration is recommended.


Did a Xenserver setup in the last few days with a pfSense 2.3 instance running on it. After finishing another VM and configuring the setup, what appears on pfSense administration page?

All issues marked for the 2.3.1 release had been closed recently, but didn't know that the update will appear out of the blue without any announcement on the pfSense blog!

Update 1

Tried to upgrade pfSense to 2.3.1.....
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
>>> Upgrading pkg... failed.
Failed
Need to wait a bit I think...

Update 2

Seems things are not ready yet
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pkg: http://pkg.pfsense.org/pfSense_v2_3_0_amd64-core/meta.txz: Connection reset by peer
repository pfSense-core has no meta file, using default settings
pkg: http://pkg.pfsense.org/pfSense_v2_3_0_amd64-core/packagesite.txz: Connection reset by peer
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg: http://pkg.pfsense.org/pfSense_v2_3_0_amd64-pfSense_v2_3_0/meta.txz: Connection reset by peer
repository pfSense has no meta file, using default settings
pkg: http://pkg.pfsense.org/pfSense_v2_3_0_amd64-pfSense_v2_3_0/packagesite.txz: Connection reset by peer
Unable to update repository pfSense
Failed

Update 3

Still got the first error above when trying to upgrade via console. Blog has a detailed post about the release now.

Update 4

Went to pfSense forums and noticed others are having similar issues. Need to wait for mirrors to synchronize as one of the packages is not there yet!

root: pfSense-upgrade -d
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
>>> Upgrading pkg...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
New version of pkg detected; it needs to be installed first.
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
        pkg: 1.6.2 -> 1.7.2_2 [pfSense]

The process will require 91 KiB more space.
2 MiB to be downloaded.
pkg: http://pkg.pfsense.org/pfSense_v2_3_0_amd64-pfSense_v2_3_0/All/pkg-1.7.2_2.txz: Not Found

Final update

Apparently, pfSense was not looking in the right place and was looking in the 2.3.0 folders. Waited for another half an hour and tried again and it downloaded the correct information and was able to find all packages needed for upgrade. 2.3.1 is up and running. Verifying functionality before deleting snapshot.

pfSense upgrade - "can't find kernel" error

I had pfSense 2.2.4 running as a virtual machine and noticed that version 2.3 was finally released. Broadly, pfSense 2.3 has a complete redo of the webGUI using bootstrap, and the backend system is completed based on FreeBSD. The new web interface is clean, modern and "easier" on the eyes to say the least. Being based on FreeBSD, future upgrades will be much easier as individual packages can be upgraded. For more details about the new release: see the introductory video, or read the links in the release announcement.

In my virtual instance of pfSense, I have just 1 GB of disk space and was using 512MB RAM. On trying to do the upgrade via GUI, it ended up with an error:

Can't find 'kernel'
Error while including /boot/menu.rc. in the line:
Menu-display
\
Can't load 'kernel'

This happened primarily because of my choice of disk space. During the upgrade, the download of the new version was about 200 MB. After the downloaded ended the system was using close to 90% disk space and after reboot there seems to have been some data loss.

So, be careful, do a backup or a snapshot of the VM before attempting the upgrade (good practice for any upgrade). If your disk space is not enough, add some more before upgrading.

Happy firewalling.

Fido! Fix your loop

Log-in in to a Fido account and you will see links to do a private chat if you have questions. On clicking, it takes you to a page with options to contact them depending on your relationship with them (see partial screenshot below):

 When you click on the "Customers" section, you end up on a page with different ways to contact them. What does the option for Live Chat say? It tells you to go back and login to your "My Account" i.e. back from where you started?

If this was going on for my car's gas tank, it would be so much different! But Fido, stop this run around. This is not the way to keep your current customers when there are better options available in the market!

Debian/Apt and disk space

For a few days I was getting the following error when trying to do an apt-get update on my Debian/Stretch machine

~$ sudo apt-get update
Get:1 http://mirror.csclub.uwaterloo.ca stretch InRelease [200 kB]
Ign http://mirror.csclub.uwaterloo.ca stretch InRelease                       
Ign http://mirror.csclub.uwaterloo.ca stretch Release.gpg                     
Get:2 http://security.debian.org stretch/updates InRelease [62.8 kB]
Ign http://security.debian.org stretch/updates InRelease
Ign http://security.debian.org stretch/updates Release.gpg
Ign http://security.debian.org stretch/updates Release
Get:3 http://security.debian.org stretch/updates/main i386 Packages/DiffIndex [1,554 B]
Ign http://security.debian.org stretch/updates/main i386 Packages/DiffIndex
Get:4 http://security.debian.org stretch/updates/main Translation-en [14 B]
Get:5 http://security.debian.org stretch/updates/main i386 Packages [32 B]
Get:6 http://security.debian.org stretch/updates/main i386 Packages [32 B]
Ign http://security.debian.org stretch/updates/main Translation-en_CA
Ign http://security.debian.org stretch/updates/main Translation-en
Err http://security.debian.org stretch/updates/main i386 Packages
  404  Not Found [IP: 128.31.0.63 80]
Hit http://mirror.csclub.uwaterloo.ca stretch Release
Get:7 http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages/DiffIndex [16.6 kB]
Ign http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages/DiffIndex
Get:8 http://mirror.csclub.uwaterloo.ca stretch/main Translation-en [4,902 kB]
Get:9 http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages [7,440 kB]
Get:10 http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages [7,440 kB]
Err http://mirror.csclub.uwaterloo.ca stretch/main Translation-en_CA
  Bad header line [IP: 129.97.134.71 80]
Err http://mirror.csclub.uwaterloo.ca stretch/main Translation-en
  Bad header line [IP: 129.97.134.71 80]
Err http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages
  Bad header line [IP: 129.97.134.71 80]
W: Failed to fetch http://security.debian.org/dists/stretch/updates/main/binary-i386/Packages  404  Not Found [IP: 128.31.0.63 80]

W: Failed to fetch http://mirror.csclub.uwaterloo.ca/debian/dists/stretch/main/i18n/Translation-en_CA  Bad header line [IP: 129.97.134.71 80]

W: Failed to fetch http://mirror.csclub.uwaterloo.ca/debian/dists/stretch/main/i18n/Translation-en  Bad header line [IP: 129.97.134.71 80]

W: Failed to fetch http://mirror.csclub.uwaterloo.ca/debian/dists/stretch/main/binary-i386/Packages  Bad header line [IP: 129.97.134.71 80]

E: Some index files failed to download. They have been ignored, or old ones used instead.

Trying to rule out problems due to network, I verified the the URL giving the error 404 in the browser and it worked fine. Then I checked my disk space as it was usually the culprit before I rebuilt the OS on a 80GB HDD (earlier the OS was in 4GB!). The /var partition was indeed used 100%. Applying the usual trick of apt-get clean did release much space!

On closer investigation, I noticed the kern.log and syslog files in /var/log/ were huge (kern.log 3.6GB, syslog 248 MB). The kern.log and syslog had error/warning splattered repeatedly such as:
Dec  1 07:36:00 imlee kernel: [1155666.501321] nouveau E[  PGRAPH][0000:01:00.0]  NOTIFY nsource: STATE_INVALID nstatus: INVALID_STATE BAD_ARGUMENT

Reducing the size of kern.log/syslog to 0 fixed the apt-get issue!The Debian/Stretch machine is uptodate again.

Facebook & privacy

Facebook & privacy: something that comes up in the new often. Anyone who knows a little about how Facebook "makes" money, would say that these words are a perfect example of antonyms!
BBC reporting on another challenge Facebook is facing in Belgium due to its practices related to how they use cookies for users (even users who are not logged in to Facebook). A quote from the full article:

They conducted a series of tests including one where they did a Google search for the term facebook data policy. It led them to the Facebook data policy page which placed the datr cookie on their browser.

They then visited a Belgian website related to prostate cancer treatment which includes a Facebook like button and found that the datr cookie was sent to Facebook.

There was no formal notice regarding any cookie being stored.

Even without using cookies, a user's browsing habits can be tracked as web browsers can be identified by various ways to render each user's browser (and hence browsing trail) to be unique. To read more about this read Panopticlick.

To keep such sites from harnessing your data, here are some options:

1. Use Tor Browser when possible
2. Use Firefox with plugins*: Adblock Edge, Privacy Badger, HTTPS Everywhere, and NoScript.
3. Use Firefox with above plugins in a Linux VM

* - the list of plugins is not at all exhaustive, you are advised to do your research and choose which ones are required for your case

CloudATclost.com VM 60% off

Ordered a "one-time" billing VM from cloudatcost.com today. It was their Developer 2 setup. Currently the site shows 50% off i.e. $35 instead of $70. I just happened to view their member page and saw a post about 60% off using code CAC606060 valid for only 9 Oct 2015.

I tried it and the Dev 2 setup one-time fee came out to $28. Enjoy the extra 10% off while it works.

Enabling HTTPS for blog

Just noticed that https was available for blogger.com blogs. It has been enabled. Use url: https://ksvichaar.blogspot.com as there is no automatic redirect from http:// (yet).

Note: there might still be mixed content on the blog, it will be updated as time permits.

Firefox 37.0.1 - Is insecure content blocking new?

I got the upgrade notification for Firefox yesterday and as normal, I clicked on "Restart" to upgrade Firefox to 37.0.1. After the upgrade, I noticed a change: some CSS content was not showing on normal sites and hence had a lot of portions of the page (mainly background) as white!

I thought it could be something to do with my browser after upgrade, so I restarted it again. No change. After checking for new features, nothing was to be found. Then I noticed the "shield" icon on the left of the address bar and clicking it explained it all (see image below). The content was being blocked by Firefox as it was not using https:// on that secure page.

Is this is a new feature in Firefox? Ideally it would be more secure if every secure page had just securely linked components but this can be quite annoying to users if there is no clear warning to the user. Even though I'm familiar with a fair bit of Firefox technical details to be able to troubleshoot my issues, regular users will be stumped!