jump to navigation

A Week in Reflection: Migraines, ED & AT’s LGOIMA and Blackout Mess-up 22/06/2014

Posted by Nigel in Life, Opinion.
Tags: , , , , , ,
add a comment

If you asked me at the end of last week how I expected this week to ‘go down’, I would have never described it like anywhere near like what reality brought down on me. My intentions for the week were pretty much to work on some electronic circuitry ideas for a DC power/UPS combo supply followed by the rather mundane usual weekly activities, and in the evenings work on an issue integrating JMRI with a model railroad layout. Ending the week off I was incorrectly expecting Auckland Transport’s LGOIMA response on Friday (not Thursday when it was in fact due and delivered), so I was looking forward to been comforted to the fact that all was well and it was just some delay for political reasons.

Oh how the best thought out week can be derailed!

The first hint that all wasn’t rosy should’ve been the announcement of AT’s fare review (and personally I did suspect something was up but didn’t want to say something at the time due to lack of documentation) as there was no inclusions of any mentions of Daily Passes in the review. But where it really started to go wrong was when my migraines that I’ve lived with for the last 12+ years were the worst of my life making me, at times want to scream in pain. it wasn’t until after a GPs visit on Tues, an extremely painful and sleepless night and circa 5 hours in ED the next morning (finding out my GP gave me some extremely bad advice in the process) – some 28+ hours later – that I started getting some relief, I was still suffering somewhat badly the next day when the e-mail notification came in that the FYI.org.nz request was updated by Auckland Transport, again, I was totally unprepared for this as I was expecting it a day later.

The first part of the response I had read was Colin Homan’s letter which summarized Auckland Transport’s position on the delays. Personally reading the sentences “due to technical issues identified … Our software provider has identified the cause of these issues” invoked the reaction: “This is Thales that broke right? Not again!” sure enough, several pages in, a Thales issue is confirmed as one of the delay reasons, a sub-thought that I never published crossed my mind was “how big of a mess would this have been if NZ Bus was allowed to integrate their Snapper readers with Thales-HOP?” after all, if a Thales only solution as we find out in this dump gets delayed 3+ times requires patching by Thales at unknown Taxpayer delay and expense (do we have to pay for the failure of a broken system?).

This lead me to my initial tweet about the response which seemed to pick up some attention and it wasn’t until Ben Ross’ reply that I realized the size of the scoop I had.

So there it was, Thursday afternoon, still unable to think straight trying to put together a cohesive thought on what Auckland Transport had sent me, composing my post and commentary on their 13 page response, normally it wouldn’t be so bad, but alas. Then ironically a situation after I published evolved, the automatic scripts on fyi.org.nz was able to remove the blackout performed by Auckland Transport on the documents that they had submitted, which meant that if people had selected the text option instead of the original PDFs (which I had downloaded) they effectively got the original documents. This meant I unexpectedly had to spend the evening chasing up FYI and AT to get the documents hidden, and notifications sent for replacements to be sent.

But what was odd, was that I had started to suspect that all wasn’t rosy back in late-May, when the reports for the Auckland Transport May 27 Board Report were published online (they now seem to be removed, hopefully a genuine mistake by Auckland Transport) as any reference to the Day Pass project was removed from the Chief Executive’s Business Report “Public Transport Key Strategic Priorities” section, as of today (Sunday 22 June 2014) it appears that the report to be presented on Tuesday 24 has the part re-added but now states a July/August timeframe:

Testing of an AT HOP Day Pass is progressing with target implementation in July / August 2014. This will replace the paper-based Discovery Day Pass and offer greater flexibility of zonal options and will include Inner Harbour ferries.

Here is the thing though, I actually never set out to do an expose on Auckland Transport, or to attack an organization that I have a lot of respect for, certain people in particular like Lester Levy and Mike Lee have track records through their DHB and ARTA involvements respectively at doing great jobs, and Auckland Transport, while let down in my opinion by issues with AT Hop and governance interference is continuing to do a great job, I had personally expected the reasons for delays to be political rather than technical such as a transport operator throwing a fit (this was my personal bet, and I had a sub-bet with myself on whom), or deciding to delay pending the fare review implementation this July (like come on, launching the Day Passes and ‘new fares’ at the same time would’ve been a great marketing move and saved money all round!).

The only motivation I had for originally filing my LGOIMA request was simply “Where are the truly integrated passes”, after living in Brisbane and enjoying zonal ticketing systems and transfers (which for the record, are technically open to some ‘gaming’ (a return trip during a lunch time excursion is free because it’s a ‘transfer’ and inclusive in the previous zones paid for, for instance)) and having enjoyed the limited equivalent reminders of integrated systems in Auckland over the past 9 years (Discovery Passes (extremely limited availability), Northern Passes (off market), etc.) which had suited me extremely well, especially for weekend excursions (I’m a bit of a movie buff, and also a bit of a foreign film fan, so a few trips to Newmarket (Rialto) for instance), now with “AT HOP Money” are far more expensive.

It’s just interesting how upside-down a week can turn, and I’ll tell you one thing, it’s one hell of a week I don’t want repeating any time soon!

Whatever Happened To Daily Passes, an LGOIMA Answer 19/06/2014

Posted by Nigel in Opinion.
Tags: , , , , , ,

For a few months buried in the Auckland Transport Monthly Board Reports (basically the monthly meeting where the business controlled by Auckland Council report to the publicly appointed people accountable for it’s actions), was the following statement in reference to replacing the now hard to purchase, but formerly very useful Discovery Day Pass (which allowed unlimited travel on most of Auckland’s Public Transport services) – personally, I used the D/P as a very cheap method of travel between Waimauku and Newmarket over multiple carriers.

Auckland Transport’s original statement to the AT Board, unedited, and in full was:

Testing of a new AT HOP Day Pass is underway for targeted
introduction by May 2014 across bus, rail and ferry. The pass will
offer greater flexibility through three separate geographic zones
compared with the existing and to be withdrawn paper Discovery Day
Pass. Existing Discovery Day Pass will remain in market until at
least 31st May, to ensure customers still have access to
multi-modal travel product.

(That particular version taken from Page 31, https://at.govt.nz/media/417390/8-Chief-Executives-report-April.pdf of the April Board Report)

Come late May, the silence was deafening, usually the AT PR machine is in full action broadcasting new products at least a week or two in advance and they had said “by May” so it did appear to be delayed as it was, I decided to send in an Official Information Act request to find out what had happened, today just before their 20 working day deadline (which was tomorrow) they finally responded, and what they returned with is very interesting.

You can read their LGOIMA dump on fyi.org.nz (as of 20/6/14 the link is back in order) but I’ll try and summarize the best I can.

While AT have pointed out in their response to myself that “there has been no publicly announced launch date for the AT HOP Day Pass” it has been well known by a lot of people that it was Auckland Transport’s intention to roll one out as soon as possible to replace the Discovery Pass because they did not want to code Thales based Ticket Machines (both on Bus, at Station, and other venue), we are at a point where it is now neigh-on impossible to buy a Discovery Pass as a regular commuter, and even tourists are limited in venues to purchase from – which WAS the target audience originally.

Helpfully in their response they have summarized that the key failure to deliver the Day Passes as originally indicated to the Board are due to technical issues waiting to be patched, described simply as, “Our software supplier has identified the cause of these issues and will provide a software patch when rectified.” the software supplier is identified as Thales (the primary supplier of the AT Hop system for Auckland) in the LGOIMA dump, but there is no indication of when such a patch is expected, and no Thales-AT communications were provided (I had requested ‘Internal communications’, so they likely decided they were classified ‘Supplier communications’).

But, there is something interesting at play here, while the project may have been delayed, there is an interesting timeline, in the April Board report, presented 29 April 2014, the AT Day Pass section read “by May 2014” as a layman, that means before May starts, if I say something is going to happen by May, I mean it’s going to happen before May, not before or during May. Which technically only would’ve given the team a day and a half.  What they really seemed to mean, was “during May 2014“, because through the supplied e-mail thread in the OIA dump “Status Update for AIFS Day Pass Implementation” we have the following interesting statements made which we can draw interesting observations:

Thursday May 1 at 6:16 PM, Someone working out of the Pitt St Office made the following comments:

  • The Target release date was to be 14 May 10 pm (Wednesday evening) due to a large go-live of timetable changes on the 16th (a Friday), But immediately acknowledged that there were many blockers including:
  • TOT devices (Ticket Office Terminal devices – thanks NCS in comments for the correction) seem to have trouble with reading some HOP cards – some taking up to 10 seconds to READ!!!  It is a NFC smart card, that is SLOW, it isn’t trying to read the bible.
  • It appears they are still having trouble apportioning revenue from AT Daily Pass use – an issue that dates back to Discovery Pass days, it seems many iterations of contracts and agreements still haven’t sorted this issue out and even apparently ‘smart systems’ can’t sort this mess out.
  • They also seem to be having trouble with purchasing different zone products on zone border, the ticket machine gets confused, and may not offer the correct Zone options – a MAJOR failing if you ask me – additionally this seems to be mimicked on this testing matrix also provided)
  • One of their solutions, and most concerning is to, and I quote:

    Delay Day Pass implementation (already done at least twice – potential reputational to AT)

There were some interesting points raised in a reply made by a staffer out of the Queen St office on Monday May 5 at 9:00 AM including:

  • That if the the only way to reduce the delays in reading HOP cards with TOT devices is to reduce the number of Day Pass options it should be done (My Note: This would of course mean that for people in inner areas that would’ve opted for single zone options would not use Day Passes and not be encouraged to use PT still, i.e. same ol’, same ol’)
  • The most concerning comment in this response, was to the adjacent zones purchasing issue:

    Aware of and accept this limitation, and will be reflected in the comms – just need confirmationfrom testing re. which combos are/are not possible

    Err, yeah, I’m going to purchase my Day Pass while I’m biking past the ticket machine in the other zone, or working in a different area the previous day, that shouldn’t be a problem. Feels like a classic case of the ‘too hard basket’.

  • Of course, given the date, at the very start of the e-mail, is the acknowlegement that the target date is very likely to be missed, said very plainly:

    Thanks for the update – given the target launch of 14th May is now only a week and a bit away, and the number of outstanding issues, is it safe to assume this date is highly unlikely to be achievable? Even if it was, one week is not enough time to notify operators, organise comms etc –however could potentially nominate a forward date (e.g. 1 June) if you thought a 14th May EOD drop was do-able? Otherwise I assume the next available date will be the June EOD drop (which I think is around 10th June?)

    Of course, all those dates are missed now, but it does and will bring up a very interesting point soon.

Lastly, the final e-mail in the dump (I think the same one as the first) seems to imply (my note: thanks to Ben for letting me run this by him and get his two cents) that, the passes won’t be able to go live by 14/5, and the software implementation date would generally be moved as well. BUT because they double-uped the schedule with the already published bus network changes on 16/5 it seems they couldn’t change the EOD so they were forced to push-live the backend code parts of the day pass systems.

What this means, is at the moment, sitting in the AT Hop/Thales system currently running live at the moment is hidden version of the Day Pass system that is limited to a select few people with special cards (similar to when the system was in limited trial/beta mode) that has a very limited scope, it certainly seems like the intention to deliver the originally planned 3-zone + ferry options system is gone (I believe Ben Ross will be posting further on this later I’ll link to this if/when) due to costs/the need to patch ticketing machines.

But who knows, I get a feeling we are still seeing only half the story, which brings me to my last point…

Finally, I feel that there a document missing and I’ve asked AT for clarification here, I find it odd at the very least that there was no internal communication to the people that prepare Auckland Transport Board Reports to at the very least remove the statement about AT Day Passes from the May report, where it conspicuously disappeared, and I get the feeling that the AT Board may not have been briefed on the project delay.  Keep in mind, the AT Board Reports are gleefully filled with boasts about their successes, their delays seem to go missing a bit which is a tad disappointing for what is meant to be an accountable organisation, especially in the words of the blacked out AT staffer:

Delay Day Pass implementation (already done at least twicepotential reputational to AT)

Alas, they seem to lost count of the number of delays, but they do admit it is embarrassing to Auckland Transport, something I’m sure we can agree on.

So the key questions really are:

  1. Do the AT “power players” such as Mike Lee (Auckland councilor/AT Board), Lester Levy (AT Chairman), Christine Fletcher (Auckland councilor/AT Board)know that this project that was meant to be deployed in May, was delayed.
  2. Do they know it was delayed at least 3 times?
  3. If other projects that are lagging behind have disappeared from the board reports, but have been noticed by observant members

I intend to try and get these answers, first by reaching out to the three “power players” as I do want to get their side of the story as I feel it is important, the Board Minutes are generally very short, so it is possible that they are under reported, the main thing is, this is hopefully just the start.

Acknowledgements: I’d like to thank Ben Ross (@BenRoss_AKL / Talking Auckland) for the help this afternoon/evening for assistance with acronyms (TOT really got me) and bouncing questions, and encouragement, it seems I unfortunately beat him to the scoop which he deserved, but his help is appreciated.  Additionally, Transport Blog and Campaign for Better Transport while I don’t agree with everything they say, I would never have got interested in keeping an eye on how money was spent on Public Transport and what AT were doing as far as these sorts of projects. So keep it up guys.  Lastly, most importantly, the people that run fyi.org.nz you rock!

Corrections: NCS has provided a correction to the abbreviation to TOT originally thought to a reference to Ticket & Top-up devices (self-service) it appears to be Ticket Office Terminal devices.  Thank you. – 23/6/14.

Thoughts on the censorship of books and other media 14/07/2013

Posted by Nigel in Opinion.
Tags: , , , , , , ,

Preface: This is my first post in a while, and certainly not a subject I’d normally post about, my interest in posting this, is as someone on the internet, and an Aucklander. Excerpts from specific IPT/OFLC decisions were found by searching their database for restricted/RC/NC content and looking at decisions at random.

This week I got caught up in an interesting discussion on Twitter regarding the book ‘Lost Girls’ (a book I’d never heard of before this week – and most likely will never read), the Tweet that started it all was:

Auckland Libraries’ reply was interesting to me, why are other books okay, but this one isn’t? For some strange reason I’m a big fan of censorship, as long as it’s just and fair, I disagree with Australia’s policies for censorship of games because they don’t have an R18 classification (oddly, they do for movies), and actively refuse classification of the more violent games, where New Zealand allows and issues R16/R18 ratings.

I find New Zealand’s censorship legislation to be very fair, very rarely have I seen something that I thought didn’t have the correct classification (i.e. too lax/too restrictive), the law that makes this possible is the Films, Videos, and Publications Classification Act 1993, which really pulls together what appears (from historical information) a dogs breakfast of legislation, and covers all types of media, including books.

So, should a book be censored? Maybe, it’s my opinion that it is fair to censor games, movies, and books. A book can be just as suggestive/explicit, perhaps even more so, as any other type of media, so I definitely understand & agree with the Government’s decisions in the past include books in the relevant censorship legislation.

Matthew Finch, a consultant who I understand is currently consulting with Auckland Libraries, made some great points, including:


Dylan Horrocks made some good points as well during the Twitter discussion, including but not limited to:

Personally, I understand their points of view, but, in my opinion, a library, as a publicly funded institution (if I’m doing my math right, based on the 2013 budget (source: Draft Annual Plan 2013/14, pages 65 & 66) this was around 86.2 million dollars from rates & conventional council funding (Regional library services & Local libraries) disclaimer: if someone in the know can correct/confirm this, let me know and I’ll update if I’m wrong) is to serve the public and promote freedom of access to books/information and other services (as pointed out on Twitter last week or so, one of the Chicago libraries even has a Maker lab), and I like that Auckland Libraries certainly aren’t ashamed of the more risqué side of their collection, but I don’t think it’s their place to risk prosecution by not submitting some of the ‘more risqué’ to clarify their position and to safeguard public funds.

Out of interest, I searched the OFLC Classifications database for R16+/R* (restricted to specific persons)/Banned books, 175 results were returned, most banned examples date back to the 70s/80s, but there are some interesting examples of restrictions, and reading some of the associated register/Gazette entries.

Some of these decisions are interesting, and show a different time of this country, for instance, in 1970 a book was banned (ref: IPT decision number 240~249/1970 (search keyword for OFLC site is: ‘IPT 70-243’)) for the following reason:

This is one more of too many books about wife-swapping. As usual it is set in an environment of idleness, affluence, and indulgence. Although the author contrived a romanticly happy ending between Connie, the likeable partner in the swaps, mostly uncongenial, and Dr Larry Crandall, her husband having been incinerated in a car crash, these considerations do not offset the repetitions and emphasised details of the swaps or of the
violence that enters into them. On these, the emphasis falls so heavily that the Tribunal is led to classify this book as indecent in terms of the Act.

Without knowing details of the contents of book itself (heck, it’d be illegal for me read a copy based on its ban, to find out), the above reason just sounds ludicrous, how many TV shows have now showed situations that sound potentially similar to the IPT’s description quoted above?

Some of the IPT (Indecent Publications Tribunal) decisions around the 90s before the OFLC refer to “The Penthouse Decision” which seems to acknowledge the simple fact that times change, in fact one quote (sourced from IPT decision 78/92 (IPT 92-78)):

Classification of those issues of the magazines in the Penthouse Decision as indecent in the hands of persons under the age of 18 years, although possibly violating this freedom of expression, was “a reasonable limitation prescribed by law and demonstrably justified in a free and democratic society”. Limitation of the freedom of expression was necessary only to the extent of protecting society from the injurious effects of allowing certain materials to be in the hands of persons under the age of 18 years. — pg 4

is relevant to this point, after all, can you imagine some of the R18 movies (or AO TV shows of ‘today’) getting screened/approved/rated 40 years ago? I’m thinking of the likes of some of the HBO / US Cable TV shows (such as Jenji Kohan’s Weeds – which features subjects such as drug growing (including around children), or Breaking Bad (which I’ve just been introduced to (Thanks LR & JB!) which in the first episode shows the apparent nasty murder of two people, and the manufacture of meth/P, DVDs of which appear to be classified R16 (OFTC Publication Number 0900343.000), unfortunately the OFLC decision documents don’t have a discussion of why R16 is applicable, when considering Section 3(3)(d) includes “promotes or encourages criminal acts or acts of terrorism”, something tells me that one of the ‘get-out-of-jails’ in 3(4) applied.

While on the subject of Breaking Bad, it’s interesting to point out that Auckland Libraries hold items such as Breaking Bad, which do have age restrictions in their catalogue, which indicates that they are okay stocking content that has been restricted (and obviously as a result willing and able to hold & issue items that were censored to some degree), so my resulting question from all this is: What is to fear from submitting books for classification?

Going back to ‘the Penthouse Decision’ while researching what it was all about, I stumbled on a Canterbury Law Review article by J. L. Caldwell, Pornography – An Argument For Censorship, discussing, in 1992, what was to become Films, Videos, and Publications Classification. An interesting quote from the article (page 1 of the PDF):

In the contemporary New Zealand context, there is, in my view, simply no realistic risk of a work with an artistic, literary intent, or with a socially serious purpose, being subject to censorship.

The article is well worth a read and applies today, and makes some interesting points (with citations) especially around the US model of ‘civil rights’ vs the current model of censorship. My perspective, is that both result in the same thing (with the US potentially a tad more permissive.

What I think Caldwell is trying to say, is that genuine works that serve as a book/story, rather than “porn without pictures”, under NZ Law shouldn’t/won’t be censored, in fact he goes further talking about what is now our legislation in section VII:

As discussed above, considerable discretion is inevitably reposed in the Classification Office under the new legislation. This means that the judgment and philosophical perspective of that Office will be the critical determinant in the effective implementation of the new censorship regime. Accordingly, the recent decisions of the Indecent Publications Tribunal, whose written decisions have been the most accessible of the previously existing censorship bodies are of considerable interest in revealing how an increasingly liberal approach to censorship resulted in a loosening of censorship restrictions under the relevant Act. In turn, it will be seen that this resulted in the Tribunal permitting, albeit subject to conditions, pornographic material which in my view would have been more appropriately prohibited. pg 196 (publication)/pg 26 (PDF)

Personally, I’m with the likes of Matt, Dylan & Auckland Libraries to an extent, if a book (or any media item) was to be banned for an unjust reason (or unjustly restricted), it is the public’s duty to defend the works, and to attempt to get the problem corrected, going as far as it takes – even as far as petitioning the Government of the day to fix legislation.

But, I think it’s important that libraries and people in general safeguard themselves (and in the case of libraries their councils and ratepayers), safeguard themselves by defensively submitting the potentially legally risqué publications and establishing a baseline and the opinion of the current censor. (Interestingly, upon a referral by the DIA, Fifty Shades (a book I have no intention of reading) was classified M, citing the Bill of Rights as the reason not to impose a restricted classification, ref: OFLC publication 1200609.000)

I concede though that libraries are right to think, that if a book was banned, due to their referral to the OFLC that the media and various people would portray the libraries in a bad light. This is why perhaps there is a need for a group of interested people to put forward private submissions of potentially risqué books to avoid potential issues for public institutions – I’d certainly put in money and time to help accomplish that.

It’s also important to note, that unlike the United States, free speech isn’t guaranteed in a constitution or common law, as Wikipedia does point out Freedom of Expression is granted, with the condition that it is restricted to protect morals, a reason in my opinion, that we need censorship legislation (my point would be null, if our laws were more permissive than restrictive).

I’m not proposing a solution outright, this is something that in my opinion requires deep discussion and thought from all interested parties (including the OFLC, and the current Government/politicians), certainly more than a bunch of Twitter/Facebook discussions and blog posts can provide, hopefully Dylan’s original request and Facebook post is just the start of this discussion.

As a last note, as mentioned earlier, morals & opinions of what is acceptable in society change, especially over 40+ years, it seems to me that we need provisions & a process to review and look back at past decisions and reevaluate if decisions still have merit (especially those that result in a ban), and re-examine items as needed and where interest exists. Such a list needs to be a living document, and needs to reflect that change happens, and there is a lot more independent, self-published books (mainly in the form of e-Books) that our law also impacts.

This isn’t just about what is acceptable in libraries, but also the internet.


I’d like to point out that the above post is my opinion and not influenced and may not reflect the opinions of employers past, present or future.

I’d also like to point out that I’m not a lawyer so don’t take any of my comments as any sort of advice on how the law actually stands.

Why DNS Spoofing is Bad (Real Example) 22/02/2012

Posted by Nigel in Technology.
Tags: , , , ,
add a comment

An interesting question was posed on IRC in a channel I frequent in the common form of “What do you get when you look up ‘this’ domain?”. He had complaints at work that it wasn’t working properly and couldn’t figure out why.

I pondered the issue, did some digging (pun intended) and had a look on Windows (as he was seeing the issues mainly on a Windows DNS server), the results were to say the least, intriguing.

(n.b. for this post, I have replaced the domain in question with ‘example.com’ as it’s no fault of them)

The background is, that the site in question, uses Google Apps (and the Google Apps website hosting), which asks the website administers to place CNAME records (and other DNS records (such as MX)) in many places pointing to various addresses ending in google.com. So I wasn’t overly concerned when my dig +short http://www.example.org returned:


Following the pointers I started querying one of the authoritative DNS servers for the domain (ns32b.ssggrp-wc.com) directly, and while it looked okay via dig, when I queried via nslookup I saw the following:

> www.example.com.
Server:  ns32b.ssggrp-wc.com
*** ns32b.ssggrp-wc.com can't find www.example.com.:
       Non-existent domain

Hold the phone, that can’t be right, dig was able to resolve it just fine! So on went set debug in which I saw the following (AAAA query omitted, as it’s basically identical):

> www.example.com.
Server:  ns32b.ssggrp-wc.com
Got answer:
 opcode = QUERY, id = 12, rcode = NXDOMAIN
 header flags:  response, auth. answer, want recursion
 questions = 1,  answers = 1,  authority records = 1,  additional = 0
 www.example.com, type = A, class = IN
 ->  www.example.com
   canonical name = ghs.l.google.com
   ttl = 3600 (1 hour)
 ->  google.com
   ttl = 86400 (1 day)
   primary name server = txn32.ssggrp-wc.com
   responsible mail addr = hostmaster.ssggrp-wc.com
   serial  = 2010100623
   refresh = 7200 (2 hours)
   retry   = 3600 (1 hour)
   expire  = 604800 (7 days)
   default TTL = 86400 (1 day)

Unfortunately it took a bit more digging to notice what stared me in the face there, but the issue is obviously there, a request for http://www.example.com. returned rcode = NXDOMAIN, but in the ANSWERS section returned canonical name = ghs.l.google.com, so the CNAME record exists, so why isn’t it returning correctly? The answer is directly below…

The DNS server is actually saying “I am authoritative for google.com, and I know everything about google.com, and ghs.l.google.com doesn’t exist”, the only logical explanation that I can come up with, is that the people who run ns32b.ssggrp-wc.com (and ns32a) which I believe from whois records, is Verigo/NTT Communications has prehaps had to poison records for google.com within their internal network for some reason. We can see this more obviously from the following dig output (shortened for brevity):

[njones@kaki ~]$ dig ghs.l.google.com @
; <<>> DiG 9.7.4b1-RedHat-9.7.4-0.2.b1.fc14 <<>> ghs.l.google.com @
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53829
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;ghs.l.google.com. IN A
google.com. 86400 IN SOA txn32.ssggrp-wc.com. hostmaster.ssggrp-wc.com. 2010100623 7200 3600 604800 86400
;; WHEN: Tue Feb 21 22:42:31 2012

Well isn’t this dandy, example.com’s DNS host, is actually returning a SOA (Authority) record for google.com, this should be classed as a recursion request and be REFUSED as can be seen with the DNS server I run below:

[njones@kaki ~]$ dig ghs.l.google.com @torea.jnet.net.nz
; <<>> DiG 9.7.4b1-RedHat-9.7.4-0.2.b1.fc14 <<>> ghs.l.google.com @torea.jnet.net.nz
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 16600
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;ghs.l.google.com. IN A
;; WHEN: Tue Feb 21 22:45:33 2012

It’s refused the query and returned 0 answer or authority responses back to the DNS client. This is correct behaviour.

The remaining issue remains, why is this DNS server having a poisoned DNS entry for Google so bad in this case (there are other bad reasons that can be searched for under subjects of “DNS Security”, “DNS Spoofing”, “DNS Hijacking”) but the particular case here, is that DNS servers like to help each other out, to save bandwidth and additional queries a remote DNS server will be nice when it handles a CNAME record, if it notices that it is authoritative for the canonical name, it will return the resolution of the CNAME as well.

In this case, it’s returned NXDOMAIN (non-existent domain) because the poisoned google.com zone, obviously doesn’t include records for ghs.l.google.com.

In addition, it seems that some DNS servers (I think mainly BIND) accept that the chances of DNS Spoofing, and is able to recognise that the SOA record for google.com wasn’t correct (I’m assuming from a cached copy) and was able to successfully ignore it, and provide the correct response regardless. I’m not quite sure if this is recommended behaviour against the RFCs at this stage, but I get the feeling that the implementation is part of trying to avoid DNS spoofing, while other DNS servers (such as Windows Server’s DNS Server) may implement the RFC to the letter and fall victim to the issue.

Spoofing DNS is a bad thing to do, sometimes it needs to be done to work around various issues, or for split DNS, but poisoned records should NEVER be able to get queried by the outside world. I can only assume (in best case) that someone when spoofing the records, forgot to implement an ACL to disable outside lookups.

Managing Power the Powershop Way Works 25/10/2011

Posted by Nigel in Life, Technology.
Tags: ,
1 comment so far

When I worked at Red Hat, there seemed like there was a lot of slogans to the effect of “Blank Works” (replace Blank with phrases like “Open Source” or other management-style buzz words), they never really had much effect on me, because… well it seemed canned and marketing speak.  So why have I used it in the title of this post?  Because, it’s not actually marketing speak, it does actually work, and better yet, saves money!

We used to be with Genesis Energy and we’d normally only take notice of the meter readings once a month, (one month would be an actual read, the next month would be an estimated, so we’d go out and read it ourselves).  Sometimes we’d make the effort and read it a bit more often and keep track manually, but it wouldn’t last for too long.  Earlier this year, we switched to Powershop (http://www.powershop.co.nz/) with the promise of cheaper electricity and the ability to manage our account and spending more vigorously than with Genesis (who also just announced a ~20% price rise).

Since the switch over, we have followed the super-hands on approach to managing our account, and taking notice of trends in our usage (like when we forget to switch the hot water cylinder on at night, or off in the morning), partly due to the fact that we read the meter every few days, and send the readings back via their website, or their smart phone application.

In turn for giving Powershop these frequent readings, they give us pretty usage graphs and statistics, like the day-night split in usage, and our average units/day usage (which normally sits between 19-21).

This brings me to how the ‘Powershop Way’ really does work, the other night we submitted our readings and the site came back saying that our usage had spiked about 2 units/day higher than it was from the previous readings, the next day it had shot up another unit/day, the simple fact that our usage had increased by a reasonable amount alerted us to the fact that something substantial had changed, thinking about it, it could have been only one thing.

I had plugged in a (reasonably recent) old computer to test a couple of networking/routing theories, and left it running with the intention of it carrying some permanent workload, the day that the reading that first showed the usage spike occurred.  So not believing that it would be the cause, I used our little Elto Mains Power Meter ($25 from DSE) & found that it was drawing ~250W of power (nearly double a new LCD TV) which assuming constant usage is 6 units (kWh) of power a day.

6 units of power, over a 30 day month is 180 units a month, and at ~22 cents/unit, can be anywhere up to $40/mo.

So, the simple act of managing our power buying via Powershop, and getting into the “Powershop Way” has saved a good $20-$40/mo from the simple awareness of what we are using and how much it is costing to run.

(Of course, it also helps that for us, since April, Powershop is 14.4% cheaper than Genesis’ current prices, even over Powershop’s ‘expensive’ Winter months)

But the morale, of my post, is that Powershop have really taught us, that managing our power buying (and hence usage) is a good thing, and that simple anecdotes like mine, definitely show that you can easily save money via the resulting awareness.  I would recommend Powershop to anybody.

n.b. If you can’t switch to Powershop where you live, they also run a second site called PowerSaver (https://saver.powershop.co.nz/) that opens up some of the usage tracking goodness that Customers get.

Review: My Sister’s Keeper 05/07/2011

Posted by Nigel in Entertainment.
Tags: ,
add a comment

Okay, I know this movie has been out for a while, but bad marketing when it was released in Australia meant I skipped the cinematic screenings (about the only screening listed was a mums & babies screening, and I didn’t want to sit through a screening looking like the black sheep & in a room of crying babies).

So anyway, I finally got round to requesting this on my Fatso queue, and managed to watch it, and what can I say?  This movie is brilliant.

It’s complicated to understand, it doesn’t follow a beginning->middle->end storyline, it does jump around in time, but compared to films such as 500 Days of Summer, this film is rather easy to understand.  One could also argue that the film takes too long to introduce everyone, and that it’s rather slow to begin with, even though I agree that 10 minutes could have easily been shaved off, I wouldn’t want to see it removed, it sets up the mood of the film just right.

The film certainly makes up for the slightly slow beginning with excellent cinematography & musical choices, which makes me disappointed that it wasn’t nominated for any OSCAR-type awards, I really think the production crew & actors really deserved it.

The only thing I didn’t like about the film was Cameron Diaz, I don’t know if it was her or her character that makes me dislike the performance in the film, it just didn’t seem to mesh right.  Someone like Julia Roberts (main character of Erin Brockovich) for instance, to be would have been a better match of similar actors.  Of course it could be that I’ve fallen for a trap that the Director wanted viewers to fall into, hating the big evil mum that only cares about what she wants.

But really, I think the critics & IMDb are wrong, it’s far better than 7.1/10 & a Metascore of 51, I’d say 9/10 and if you haven’t seen it rent it or buy it.

Why My Android Leaves a Sour Taste 18/03/2011

Posted by Nigel in Uncategorized.
add a comment

As an update to my earlier post Jumping on the Android Boat & Telecom Customer Service I must say, my opinion of the i5503T has changed considerably. mainly due to cons that I described originally.

The fact of the matter, is that what I have now found to be called ‘Phone Coma’ isn’t actually specific to me,  and seems to be happening to people worldwide that own the i5503T.  If the phone was just crashing & rebooting, I wouldn’t care that much, as long as the phone is able to accept calls, and be ready if I want to make calls (assuming I have given it enough juice of course) then I can’t complain.  But the phone coma issue, results in a completely unusable phone until the user: a) notices it, b) removes the back, and replaces the battery).  I even tried ringing the number when it was in this state, the phone still accepts the call from the tower, (the caller will get a ringing tone), but the user/owner gets no notification *ever*.

I wasn’t really that concerned, I’d heard reports that unofficial 2.2 firmware builds resolved the issue, but not wanting to void my warranty I decided to wait, a while (I’d heard a rumour than an update was forthcoming, shortly after I brought my phone). However, two things happened.

First, the Christchurch earthquake struck, that vary morning I was just about to book a trip to Christchurch for the week of the 8th March, only to decide to ‘think it over during lunch’, that plan was of course shelved, but in the aftermath, I got thinking, with a phone going into ‘coma’ continuously, with a hard to remove battery cover to ‘fix’ it, what if I was under the rubble and had to communicate to the outside?

Secondly, just prior, there was several discussions on Geekzone about the Consumer Guarantees Act, and eventually hypothesized that surely a phone that often goes into a coma, is not ‘fit for purpose’.

I decided as a result to give Samsung a call to ask them if it was a known problem, and what to do. Even though the issue occurred when it was new, they suggested a factory reset, and ‘if that doesn’t work, take it back for repair’.  Resetting the phone had both issues occur within a day (with no extra applications installed) so I decided to take it back.  Helpfully Samsung had told me that even though I purchased it at Dick Smith, I could return it directly to Telecom(!).

The phone is now in for repair, but the Telecom shop guys were as good as always.

I did say, ‘leaves a sour taste’ well, here it is.  Upon resetting my phone, and reproducing the problem, I decided to install some of the applications I had, that I really did want again. One of the applications, a CalDAV Sync Client (a feature which I call essential) was no longer available to my phone, even though, the application had not been updated and I had applied the Samsung update for my phone (which I later found, only fixed SMS issues, an update I wouldn’t have applied if I was able to see the changelog).  The Android Market will not tell me WHY I can no longer install it, so I’m lost for words, and without a fairly important application/feature that I used.

To top it off, this revelation happened, just as I did some reading into the Android development platform and started complimenting it after seeing how ‘good’ it was.

Review: Orcon, a few months in 31/01/2011

Posted by Nigel in Technology.
Tags: , , , ,

Back in October, we decided to switch from our old ISP (of ~3+ years – family stayed with them while I was in Australia) Actrix. We hadn’t had much reason in the past to switch away from Actrix (good customer service, reasonable prices, and at the time the big seller, Daily Caps instead of monthly). In the past, Actrix was even greater value for money than any of the other ISPs as they had a ‘double happy’ promotion which reset the daily cap twice (the usual 2am reset & a reset at 6pm) which effectively meant 1400MB/day at the time instead of 700MB/day.

However, circumstances changed, we had to move off the grandfathered plan that gave us the Double Happy promotion, and were eventually stuck after the second change, on a 800MB/day plan. This made watching catch-up On-Demand TV a major issue, there is nothing like getting speed limited half way through watching a Grey’s Anatomy episode, trust me. We started looking elsewhere and after a while settled with Orcon once they brought the new caps in after the GST rise.

Signing up was a bit of an issue, the Address Checker didn’t like our address or phone number, it could pick up the exchange we were connected to, but immediately returned “call Sales”, calling sales on a weekend for this turned into “well, I’d have to refer it to Provisioning, but I’m pretty sure they won’t be able to connect you as it’ll be really slow and not worth it, and they only work Mon-Fri”.

Calling back on the Monday got me another Sales guy, that listened, realised it was a churn of an existing Telecom Wholesale connection and said to the effect of “Yes, we should be able to connect you, I’ll create an account, I will have to speak to provisioning and there is a small chance we won’t be able to churn the connection, but it sounds good”. A completely different answer, and in fact the one I expected.

After not getting a confirmation or any phone calls after a few days, I started putting on the worried face, and called back to see the status, after a while and a call back I spoke to the original sales rep who advised me, that he was still getting on to the provisioning team to get the green light, but it’d be a little longer. Then the magic happened, they got the green light, and a couple of days later, Chorus rejected the order for lack of information, they required an ‘ASID’ (it’s just an ID number that you can get from your current provider), sending the ASID number the same day, resulted in my connection churned that night! Well under the 10 days quoted for time of order placed, to churn that I was quoted!

After a minor authentication glitch we were going. Now, this is what really surprised me, a day or so in I got a phone call from the Sales Rep that processed the order, checking that everything was going okay, and if I had any questions/minor issues that we could help me with. This is something I think a lot of companies forget about, a look at the connection and a follow up phone call to make sure everything is working as expected. It puts a human touch to the company and really reinforces the brand.

The only issue I’ve had since switching is occasional International Bandwidth issues, which resulted in extremely slow speeds, but in the recent month or two, Orcon seem to have down a lot to fix this, and I’m now enjoying zero-rated TVNZ On Demand & NZ On Screen (not keen on iSky unfortunately).

The thing I’d like to see Orcon do next, is to be a bit more open about their plans for IPv6. IPv6 to be is going to be the game changer over the next year/two years in my opinion, and I’m willing to support any ISP that is willing to show an interest in getting IPv6 out there (Inspire already seem to be doing a trial and it seems World Exchange is also doing a trial). My view is, even a tunnel broker style setup, to imitate how IPv6 is to be deployed natively to customers when the right CPE is available is a positive step for the future and will at least let backhaul and traffic accounting to be tested.

In summary, really glad I switched, a little less nay-saying in Sales would be a good thing, but the connection quality (including not having to bounce packets via Wellington from Auckland) is brilliant, especially now their International issues seem to be resolved.

Getting a MF626 GSM Modem (aka Telecom ‘T-Stick’ + others) to play nice with Fedora 16/01/2011

Posted by Nigel in Technology.
Tags: , , , , ,
add a comment

There are a lot of posts already out there about how to use the MF626 GSM Modem (also known as one of the many Telecom T-Sticks, & Telstra Next-G Modems).  Word to the wise, I have no idea what is needed to make the other ZTE devices (like the MF180/MF363) to work, the instructions may work, may need deviations or may not work at all.  (Ditto for other distros).

Basically, this is to get it working with NetworkManager directly, instead of wvdial, in a way that a lot of Mobile Broadband modems (and some phones that act as modems) work, if you don’t like/use/want NetworkManager then this article may not what you are looking for.

  1. Plug in your USB Modem, and make sure that device ID ’19d2:2000′ appears in your lsusb output (keep it plugged in)
    # lsusb
  2. Install (via yum or the package manager of choice) the ‘usb_modeswitch’ package
    # yum install usb_modeswitch
  3. Ensure that usb_modeswitch works, and verify that lsusb now shows device ID 19d2:0031.
    # usb_modeswitch -W -c /etc/usb_modeswitch.d/19d2\:2000
    # lsusb | grep 19d2
  4. As long as the above works, and the lsusb command shows the modem still, we can proceed to make it so the usb_modeswitch command will be run each time you plug the modem in.
    • Create the file /etc/udev/rules.d/90-zte.rules with the following contents:
      ACTION!="add", GOTO="ZTE_End"
      SUBSYSTEM=="usb", SYSFS{idProduct}=="2000", SYSFS{idVendor}=="19d2", GOTO="ZTE_ZeroCD"
      RUN+="/usr/sbin/usb_modeswitch -W -c /etc/usb_modeswitch.d/19d2:2000"
    • Create the file /etc/hal/fdi/information/20-zte-mf626.fdi with the following contents:
      <deviceinfo version="0.2">
      <!-- ZTE MF626 HSDPA USB Modem -->
      <match key="@info.parent:usb.vendor_id" int="0x19d2">
      <match key="@info.parent:usb.product_id" int="0x0031">
      <match key="@info.parent:usb.interface.number" int="3">
      <append key="modem.command_sets" type="strlist">GSM-07.07</append>
      <append key="modem.command_sets" type="strlist">GSM-07.05</append>
      <append key="info.capabilities" type="strlist">modem</append>
  5. Reboot the system
  6. Once rebooted and logged in, right-click on the NetworkManager icon followed by ‘Edit Connections’ , on the Mobile Broadband tab, click Add, it should automatically detect your modem as “ZTE CDMA Technologies MSM”, click forward.
  7. Select your Country/Provider (in my case New Zealand / Telecom NZ), after which you will be asked to select ‘your plan’, my understanding is both XT mobile Internet with Firewall (internet.telecom.co.nz) & XT mobile Direct Internet (direct.telecom.co.nz) are okay w/ the T-Stick, but I reckon you should go w/ internet.telecom.co.nz (Internet with Firewall) by default.
  8. Click through the forward’s and two screens where you need to ‘Apply’, after which on your NetworkManager connections dialog (left click NM icon) you should see Mobile Broadband, plus the option to connect to Telecom.

As a note, I’d like to point out, that it can take a good 20-30 seconds for the modem to be ready to connect, the light will typically go Blue, then go off for a second, and go Yellow->Blue a second time, after the second phase, it should be ready.

Have fun, and credit goes to a Ubuntu Forums thread, which is the basis of this post.

Jumping on the Android Boat & Telecom Customer Service 02/01/2011

Posted by Nigel in Technology.
Tags: , , ,
1 comment so far

So, it’s taken a while to convince me but I have finally jumped on the smart phone boat. On Boxing Day I headed down to DSE and purchased a Samsung i5503T (the 850MHz WCDMA (Telecom XT) version not the 900MHz 3G (Vodafone) version) for less than $200 (a pretty decent deal considering they are back up to $300.

Previously I’ve owned a Nokia 6121 (from Vodafone NZ) which I brought for when I moved to Australia (prior to Telecom’s XT network), it wasn’t a matter of choice switching to Vodafone, but a matter of having to, if I wanted to keep my old Telecom CDMA (027) number as Australia shut off their CDMA network a year previous.  The first & biggest problem I had was Vodafone NZ’s reception, however I moved to Australia, popped in a Optus SIM and had not a bad time.

In Australia though, I was captivated by the iPhone 3GS (and at several moments was about to buy one), however, the lack of contracted International Warranty didn’t add up for me compared to the price.  By the time I moved back to NZ I’d already decided that I would switch to the XT network and once again keep my 027 number (although it was back on CDMA and unusable in Australia due to Vodafone porting my number back to Telecom and never been able to tell me why), however iPhone 4 leaks and then ‘AntennaGate’ (although really I didn’t see it as much of an issue) etc delayed it, and as an interim I purchased a 2Degrees SIM for cheap outgoing calls, while retaining my CDMA phone for superior reception.

So here comes now, after purchasing my new phone, I went to the local Telecom shop (about 2 minutes from the DSE at Westgate) and got an XT SIM, requesting that my old number be switched over etc, and boy was I impressed.  It took a little while (mainly due to disconnecting the original connection from a OneBill arrangement – expected) but the service was professional and pretty good for that on a public holiday.  The biggest surprise was that I had my EFTpos card out at the start (as I’d originally been told it’d cost $30 for the SIM) ready to pay the guy, and after offering to pay getting told “oh no need to pay, the system has said here that it’s free”.  Come on, Telecom refusing money???  (Turns out that there is a free CDMA to XT upgrade offer that I got included in.)

So, by the time I got home, popped in the new SIM and turned on my phone, once again, I’ve seen the pesky provider graphics that are displayed at boot (and consequentially shutdown), although Telecom’s animation is far nicer to watch that Vodafone’s. Personally I’m impressed w/ the reception that I get under XT, seems far superior than Telecom’s CDMA network, and a lot better than reception from Vodafone & 2Degrees which for most of the house is next to zero.

The phone?  Well it’s nice compact small phone, but it seems to pack a bit of punch for low-ish spec/price.  It has always seemed snappy so far, WiFi connectivity is great (although I do have one WLAN issue which I’ll explain below), Data connectivity appears to be pretty snappy, and reception outdoors is fairly reasonable.  Don’t get me wrong however, the screen is fairly small and low resolution, but I like it, I don’t need to take photos via my phone very often, if I think I’m going somewhere that I want to take pictures, I’ll take my digital camera, and paying the extra money for a phone with a better camera just seemed silly.

The screen while low resolution, is large enough and clear enough to still display websites/applications/etc well, and the camera is good enough for the likes of QR Codes (which I had never tried in the past with my Nokia phone).  The virtual keyboard took a little getting used to, but I can type fairly well now and it doesn’t bother me anymore.

The biggest plus that convinced me to buy the phone, was that it came with Android 2.1 instead of the typical Android 1.6 which appears to be common place in NZ, that was the decisive factor for me to eat my own words and give an Android phone a go.

With anything, there is cons:

  1. For some reason when the phone goes into sleep, and I wake it, the Wireless reconnects, but is unusable, requiring cycling the Wireless/Airplane mode setting to fix
  2. Occasionally the phone will not wake, which for lack of finding a better way, and required taking the back off and removing the battery for a moment
  3. This build of the 2.1 OS appears to believe that a notification that it has completed charging should be the same as receiving a text message, to say the least I don’t really appreciate my phone waking me up with two really loud bursts of vibration against my bedside table at 4am….

However, it’s still a nice phone and I think it’s a keeper for a while, and I’m much more impressed with Telecom’s Customer Service than that of Vodafone.


Get every new post delivered to your Inbox.

Join 145 other followers