Coyote Blog

Apparently, despite the fact that I spend a high monthly fee to HBO to be able to stream all their content, I cannot get the content I paid for when in France.  I have an account with Express VPN and it has always served me well.  I was able to log in via this VPN and was able to stream the most recent Game of Thrones episode.  I could have probably waited until I got home but the Internet seems to be filled with like 6 million spoilers.

BTW, unlike much of the most vocal Internet, I was totally fine with how the major character deaths were handled in the last episode.  I thought they were symbolically consistent with how those characters got to where they are.

At home I almost always surf through a proxy server, even though that means I have to endure endless identity confirmation tests from websites as they don't recognize my IP.

@Elonmusk is facing real blowback for his management buyout by tweet the other day, in particular for two words:  "funding secured."  Many, including myself, doubt he really had tens of billions of dollars of funding secured at the time, particularly since all bankers and likely sources of funding as well as most large Tesla shareholders had never heard of any such transaction when contacted by the media.  The SEC is now looking into this and other Musk corporate communication practices.  If he lied in the tweet, perhaps to get revenge on the short-sellers he hates with an irrational passion, he could be in deep, deep legal poop, up to and including jail.

Let's play a game.  Let's assume he did NOT have funding secured at the time he tweeted this, and now is running scared.  What can he do?  One ace he has is that the board is in his pocket and (I hate to be so cynical about this) will likely lie their asses off to cover Musk.  We already saw the dubious letter the other day, from "members of the board" rather than officially from the board, attempting to provide cover for Musk's tweets.  This is not just a crony thing -- it is entirely rational for the company to defend Musk.  He is, in my opinion, a terrible executive but he is the avatar that drives the fan boys and the stock price.  The day that Musk leaves is the day that the company can really get its operational house in order but it is also the day the stock trades under $75.

So what can Musk do?  Well, the first defense might be to release a statement like "when I said funding secured, I was referring to recent conversations with ______ [fill in blank, maybe with Saudis or the Chinese, call them X] and they told me that if we ever were looking for funds they would have my back."  This is probably the best he could do, and Tesla would try to chalk it up to naivete of Mr. Musk to accept barroom conversation as a firm commitment.  Naivite, but not fraud.   I don't have any experience with the Feds on this kind of thing but my guess is that the SEC would expect that the CEO of a $50 billion public company should know the rules and legally wasn't allowed to be naive, but who knows, the defense worked for Hillary Clinton with her email servers.

But this defense is MUCH MUCH better if, in the next day or so, Tesla can announce a deal with X on paper with signatures.  Then Musk can use the same defense as above but it has much more weight because he can say, see, they promised funding and I believed them when they said they had my back and here they have delivered.

The problem with this is it would be really a deal being crafted for tens of billions of dollars on a very short timeframe and with limited negotiating leverage (X will know that Musk NEEDS this deal).  As a result, the deal is not likely to be a very good one.  X will demand all sorts of extraordinary provisions, perhaps, for example, a first lien on all Tesla IP and a high breakup fee.  I picture this more like the negotiation for bankruptcy financing, and in fact the IP lien was part of the financing deal Theranos made when it was going down the drain.  But put yourself in Musk's shoes -- jail or bad deal?

And likely his conscience would be clear because this deal would be killed quickly by shareholders.  That would be fine, because the purpose of the exercise would be to keep Musk out of jail, not to actually buy the company.  Tesla shareholders will still get hosed, probably having to pay some kind of break-up fee which any sane investor X would insert as the price for participating in this farce.  And we will go back to the starting point of all this, which is Tesla being public and focusing on operational improvement in what may be the most important operational quarter in its history.

Disclosure:  I have in the past been short Tesla but have no position in it now (I did short when trading reopened the other day after Musk's announcement but covered this afternoon).  I am not in any way, shape, or form giving any financial advice you should spend actual money backing.

For years I have been struggling with a variety of commercial home wifi products.  I have been plagued by issues -- either they had poor range or they had to be reset every day or so or they did not play well with various extenders I needed to cover my house.  I have a one story house that sort of sprawls all over the place and is hard to cover, particularly since our internet connection to Cox Cable is all the way at one end of the house and some of the house has a cinderblock core just to make signal transmission even harder.

So my company had a contractor wiring up a customer location we manage and they were using a commercial product from Ubiquiti Networks.  I wondered why a commercial product would not work just as well in my home.  This Ars Technica article discussed how much better he thought the commercial products from Ubiquiti were than most consumer grade products.  I figured maybe the problem would be cost, but perusing the Unifi product line on Amazon, it seemed priced a bit higher than consumer products but not unreasonably so (also compare the Amazon star ratings for the Unifi products to consumer alternatives -- you will not see ratings this high).

I was a little intimidated that the setup would be hard but it was manageable if you know even a little bit about network addresses and how they work. And this video is absolutely fabulous -- I can tell you that if you follow along with this guy your system will work at the end of it.  Once it was running, the software is way easier to navigate than my old consumer products.

So several months ago I installed a Unifi system in my house with 6 access points (including on my patio and in my garage), a security gateway (the router, I think), a main switch, a couple of satellite switches, and the cloudkey which helps manage the whole thing.  I paid extra for the PoE switches (power over ethernet) so I could run the access points without having to plug them into an outlet and so in the future I could add PoE video.

What I like:

• Reasonable cost
• Setup not difficult if you follow the video
• Rock-solid reliability
• It reaches everywhere, with a single SSID so it acts as one seamless large wifi zone.
• Ability to access the system remotely to check on status
• Access points work via PoE so they mount on the wall or ceiling really cleanly and look great
• Really good information about my network, not only every device and its IP and status, but also its bandwidth use and exactly how it is connected in the network tree (ie via such and such switch).

The only problem I have had so far is a moderately arcane one that took me a while to diagnose.  I use this system with my Sonos music system and I have a number of Sonos boxes around the house.  Most of these are wired, and so do not use the Sonos wired peer-to-peer mesh.  However, the Sonos boxes were trying to create wireless network amongst themselves that essentially created loops in my network where storms of traffic ran in circles.

This is where I had a learning opportunity.  Apparently network equipment has something called Spanning Tree Protocol (STP).  Basically through a priority and cost system, it allows you to specify preferred pathways and prevent data from looping.  But Sonos uses a really old version of this that does not play well with Unifi.  I will say that this is not just a Unifi problem as I had this exact same problem at another location with Sonos and the Google mesh wifi system.  At least with Unifi, there were STP settings I could play with (Google mesh wifi is a nice little plug and play product but forget it if you want to tweak anything at all).   As is usual nowadays for any known problem, the Internet has a bunch of articles on Unifi and Sonos compatibility issues.  Eventually by tweaking the STP priorities of the Unifi switches and simply turning off the wifi in Sonos units where I did not need the mesh wifi capability (a nearly undocumented feature that is revealed here) I got it all playing nice together.   I will add that though Sonos is a product I love (because my wife can actually reliably use it), their tech support never identified this problem -- they said they saw evidence of loops but would not admit that the Sonos peer-to-peer networking was helping to cause them.

I migrated my server and in the process lost a block of 10 dedicated IP addresses I had.  So I tried to sign up for the 10 addresses again, and got this:

Due to the global shortage of IPv4 addresses, we are now required to request justification for dedicated IP address requests. Each dedicated server comes with 4 dedicated IP addresses, in addition to the primary shared IP address. Additional IP addresses must be requested in blocks of 4 IPs ($16.00/month for each block of 4). Please be aware, at this time, the only acceptable justification for a dedicated IP address we can accept is for use with an SSL certificate. You will need to provide at a copy of the certificate(s) which will be installed, however, we do not need to install the certificate for you.

Obviously IPv6 is meant to relieve this but it is still a minority of Internet traffic.

I am a big fan of open source operating system dd-wrt for routers.  I have not bought a router in years that I did not immediately flash from the manufacturer's firmware to dd-wrt.  It is a bit of a headache, but once done I get a router that is a lot more stable (I am also told that it is more secure, but I have no way to judge that).  My router typically runs 6 months without rebooting with no issues, whereas with manufacturer firmware I sometimes have to reboot once a week to make it work.**

The FCC is considering new rules that may cause router manufacturers to lock out third party software like dd-wrt.  The FCC is claiming that "illegally modified equipment" has interfered with doppler radar at airports.  I find it very close to unbelievable that a hacked consumer router was interfering with doppler radar, and in fact the FCC did not specify what kind of equipment was illegally modified.  As is usual, my guess is an agency is using a minute, niche problem in area A as an excuse for blanket, anti-consumer regulation in unrelated area B.  You can sign an online petition to ask the FCC to rethink its approach here.

** To be fair I will add that dd-wrt, typical of a lot of third-party hacker products, is a lot less user friendly than a lot of modern router firmware.  For my streaming system to work at home I have to lock a couple of servers down to a fixed IP address and this is a surprisingly fiddly task on dd-wrt.

All of my websites have been a mess this weekend as there has a been a worldwide brute force attack occurring for several days on WordPress admin accounts.  I avoid most of the common mistakes (using the default user name, simple passwords, etc) so I don't think anyone has breached a site but the constant calls of the login function acts effectively like a DDOS attack, flattening my server.

I have put in place some extra code to detect brute force attacks and temporarily and even permanently ban IP's.  Since attackers don't just sit in a single IP in Russia any more but use shifting and spoofed IP's, you may at some point find yourself locked out.  Email me if that happens.

I have found home routers to be hugely problematic.  Typically, they do OK at basic wired network routing functions, but they often have awful reliability in their wireless connections.  Go to any review site, and find their top-rated routers.  Then go to Newegg or Amazon and read the reviews for even these best devices -- you will see a litany of unreliability, particularly with the wireless functionality.

Some of this can be chalked up to interference issues, but I possess moderately sophisticated tools for ferreting this out.  A bigger problem for me is with routers that have to be reboot every 2-3 days to keep them working.  My most recent router I purchased had some software issue where mobile devices like iphones could not access Google.com and a few large sites through the wireless, a problem I eventually decided was due to some issue with handling sites that have dual ipv4 and ipv6 functionality (which I could never fix).  My Cisco E3000, otherwise a fairly solid modem, had an awful setup program whose first time settings for things like the guest network could never be altered.

So I finally in desperation burned dd-wrt onto my pile of unsatisfactory routers.  DD-WRT is a third-party, free, presumably open-source firmware that works with many commercial routers.  So far, all of my old routers now work great, and the prior problems I saw are all gone.  DD-WRT lacks the friendly automated setup routines of commercial firmware, and a few things are harder than I would wish them to be (it would be nice to have one-click reservation of an IP address to a device, rather than having to retype its MAC address).  But the defaults tend to work fine and it is a huge relief to come home from work and not have to immediatley help diagnose some family network issue.  I have been able to re-purpose one of the old routers into a bridge so I can get wireless in my backyard now.

If you have reliability problems with your router or home wireless, this might be something to try.  For certain routers, like my Cisco E3000, the process of flashing to DD-WRT is a bit complex. There are lots of web sites and ebay retailers who will sell you modems with dd-wrt already installed, and I think that Buffalo is actually selling a dd-wrt version of one of their routers.

My VPS was migrated to new servers several weeks ago and my IP addresses changed.  I have had a series of down times over the last several weeks, most of which have been related to finding yet another spot where I did not change the IP addresses to the new ones and caused some sort of instability.  Having thought I had gotten them all, I found yesterday that I had not properly updated my records at Incapsula, a filtering and caching service I use for this blog and a few others.  Now that is fixed.  Hopefully, that is the end of it.

I found out more about why the WordPress Bad Behavior plugin was blocking updating of my Feedburner RSS feed -- apprently, Google got a bunch of its IP addresses blacklisted in project Honeypot, which Bad Behavior uses as one source of spam data.  Here is more:

This is caused by an architectural problem at Google, and will require Google to resolve the issue for the problem to go away permanently. The issue is that, in the case of FeedBurner, Google uses IP addresses which are shared by third parties using Google App Engine, some of which are spammers. The spammers quickly get Google’s IP address blacklisted all over the Internet, and suddenly FeedBurner stops working.

If you are impacted by this issue, you can whitelist the affected IP addresses or the FeedBurner user agent string, or disable Project Honey Pot. Be aware that doing any of these will increase the amount of spam you receive. You should also complain to Google, since this isn’t the first time this has happened, and they seem to have done absolutely nothing about it.

I have been using Amazon AWS servers for years to host large videos and to store backup files in their S3 service.  But apparently their servers have also become the home of a lot of spammers and bots.   I have been in the process of locking down the security of my climate blog, testing changes that I will then migrate here (Incapsula front end, Disqus comments, a package of improved wordpress security changes, and ZB Block to catch what still makes it through.  I am not naive enough to think that I am safe from hackers, but I can at least be safe from stupid, lazy, or automated ones.

Anyway, I probably don't see a lot of the bots any more because they hit either Disqus or Incapsula.  But a great number still get through, and if they are persistent they get banned.  What amazed me was that of the first 22 IP's banned, 9 were on the Amazon AWS servers.

My sense is that this is one of those classic tragedy of the commons issues, which happens when valuable resources are essentially free.  I had an idea years ago, that I still like, that charging a tenth of a cent to pass each sent email would shut spam down.   You and I might spend five cents a day, but spammers would be hit with a $10,000 charge to email their 10 million name lists, which would kill their margins.  Don't know if there is a similar approach one could take for bots.

This rental house has AT&T DSL.  Never had DSL before, always use cable for broadband, but I am amazed at the problems it has caused.  After a lot of investigations, it seems to shift my IP address frequently and near randomly, which tends to cause a frequent need to reboot the browser and drives services that try to increase security by tying one to an IP address absolutely bonkers.

What do corn farmers and Hollywood studios have in common?  They both have an uncanny ability to force self-serving legislation through Congress.  This week's bit of sucking up to Hollywood is the PROTECT IP act, currently under consideration in Congress:

An ideologically diverse group of 90 law professors has signed a letter opposing the PROTECT IP Act, the Hollywood-backed copyright enforcement/Internet blacklist legislation now working its way through Congress. The letter argues that its domain-blocking provisions amount to Internet censorship that is barred by the First Amendment.

Jointly authored by Mark Lemley, David Levine, and David Post, the letter is signed not only by prominent liberals like Larry Lessig and Yochai Benkler, but also by libertarians like Post and Glenn "Instapundit"Reynolds.

"The Act would allow courts to order any Internet service to stop recognizing [a] site even on a temporary restraining order... issued the same day the complaint is filed," they write. Such a restraining order, which they describe as "the equivalent of an Internet death penalty," raises serious constitutional questions.

The Supreme Court has held that it's unconstitutional to suppress speech without an "adversary proceeding." That is, a speaker must, at a minimum, be given the opportunity to tell his side of the story to a judge before his speech can be suppressed.

Yet under PIPA, a judge decides whether to block a domain after hearing only from the government. Overseas domain owners (and the speakers who might make use of their websites) aren't offered the opportunity to either participate in the legal process or appeal the decision after the fact. (Affected domain owners may file a separate lawsuit after the fact.) This, the professors say, "falls far short of what the Constitution requires before speech can be eliminated from public circulation."

 

Human ingenuity keeps finding more oil and gas but we are close to running out of IP addresses, at least in the old IPv4 system, which all of your are probably using right now.  This does not mean the world will shut down - already, for example, all the computers in your home probably share a single IP address to the outside world, and for many of you that IP address is dynamically assigned by your Internet provider to further save addresses.  Many web sites on the same server will share an IP address (which is actually a good reason not to used shared hosting, because if one of the other accounts on your server is a bad actor, your IP address can effectively get banned from sites and networks trying to ban that other person on your server).

However, a new system is in place, but as with many standards transitions the details are tricky.  It will be interesting to see how this mostly free-market transition goes in comparison to government enforced transitions (e.g. television broadcast standards).

The following will probably just demonstrate my total ignorance of networking protocols, but I am not sure why IPv6 couldn't be written in a way that the extra bytes would just be ignored by IPv4 systems.  It could be assumed that all IPv4 addresses of the form www.xxx.yyy.zzz map to www.xxx.yyy.zzz.000.000 in IPv6, but this may be wildly simplifying what is going on.

The reason I bring this us is because I have always thought the way black and white TV was transitioned to color was particularly clever.  They could have broadcast color with three signals of Red, Green, and Blue levels, and then black and white TVs would have to be thrown out - they wouldn't show anything meaningful with that signal.  Instead, though, they mapped color with a three part system of an absolute brightness signal for each pixel, plus two color signals.  If you are familiar with Photoshop, when you choose a color, you can enter the color as three numbers R-G-B for the intensity of each color or as Hue-Saturation-Brightness.  While not the same as the TV system, it is similar in that it has a pixel brightness component, plus to color components.  (my memory is that in the TV system, it is brightness plus two colors and the third color -- blue, I think -- is arrived at by subtraction from the total brightness minus the two other colors.)

Here is the trick - the signal which was just the pixel brightness component is essentially identical to the old black and white TV signal -- after all, a black and white signal is just the relative brightness of each pixel.  So they took a black and white signal and then added bandwidth so that there was more information if one had a color set.  Both technologies, old and new, worked from the same signal.

I suppose the problem with this is that I am thinking of routers like telephones.   Most folks know that if we dial more than 10 digits, the extras are just ignored.  My guess is that routers are more finicky and precise than this, and they can't just ignore the fact the IP address they are getting are too long.  But I still would imagine there could be a simple hardware hack to cheaply strip off the last part of a longer IP address so that older IPv4 infrastructure could still work in an IPv6 world.  Or is this hopelessly misinformed and naive?

From CBS News, Via Matt Welch:

In a case that raises questions about online journalism and privacy rights, the U.S. Department of Justice sent a formal request to an independent news site ordering it to provide details of all reader visits on a certain day.

The grand jury subpoena also required the Philadelphia-based Indymedia.us Web site "not to disclose the existence of this request" unless authorized by the Justice Department, a gag order that presents an unusual quandary for any news organization...

The subpoena (PDF) from U.S. Attorney Tim Morrison in Indianapolis demanded "all IP traffic to and from www.indymedia.us" on June 25, 2008. It instructed Clair to "include IP addresses, times, and any other identifying information," including e-mail addresses, physical addresses, registered accounts, and Indymedia readers' Social Security Numbers, bank account numbers, credit card numbers, and so on.

This is remeniscent of the indimidation subpoena and later arrests at the Phoenix New Times orchestrated to stop the paper from criticizing Sheriff Joe Arpaio.

Small Business Trends publishes weekly reviews of business-oriented web sites called "Power Blog Reviews".  This week, they have a very nice review of Coyote Blog:

The Power of the Coyote Blog
is the straight-shooting way its author comes right out and says what
he means, without dancing around subjects. And the real-life business
experiences he conveys are eminently helpful, providing information it
is hard to get elsewhere.

Thats really generous, thanks!

Update: I deeply resent the suggestion of several of my "friends" that some other blogger must have been spoofing my IP address the week I got reviewed.

Good roundup over at the Knowlege Problem on regulation of Voice over IP (VOIP - basically telephone calls over broadband Internet). 

The Federal Communications Commission declared today that a type of Internet telephony service offered by Vonage Holdings Corp. called DigitalVoice is not subject to traditional state public utility regulation.

The Commission also stated that other types of IP-enabled services, such as those offered by cable companies, that have basic characteristics similar to DigitalVoice would also not be subject to traditional state public utility regulation.

This may be good news.  If it keeps regulation low and lets this new technology continue to innovate and find its way in the market, great.  If it is just two bullies snarling over who gets to take my lunch money, then its not-so-good news.