Life in the trenches

[crfriend]

I've lost the entire weekend to this e-mail problem and am officially giving up. Dark. No outbound e-mail.

If anybody wants to communicate with me they can do so via telephone (until I pull the plug on that, too) or via post.

Screw the past 30 years.

[Tor]

Bummer. I hate it when I try to do something and have to conclude it is impossible or infeasible despite seeming like it ought to be possible. From what you said you've got other problems as well that would break it ahead of time, and it certainly doesn't fit in with all your old iron, but have you considered running a Raspberry Pi as an email server?

If I have too much trouble with getting a new email host I might contemplate going that direction, since I've always kind of liked the idea of having a static IP at home. What I did to get around that when I wanted to get in from outside was to run a cron job on my OpenWRT router (wireless off, these days antennas removed) to check its IP address and email me the new one when it changed. Lately I'm practically never out and about with internet access, much less needing to get in, so I've let the script lapse.

[crfriend]

[...] have you considered running a Raspberry Pi as an email server?

What I'm probably going to do is code something in C that'll talk to my $%$ing I"SP"'s e-mail "server" and mimic what I've put in manually, and which has worked. The idiotic part of this saga is that I can use telnet (remember that?) to either port 25 or 587, and issue the required stuff and have it work. I've spent the entire weekend (and gotten no real rest) trying to get either Sendmail or Postfix to work -- on three different systems.

The next step is to take a couple of days away from the problem and then code a custom shim to talk to my mail I"SP"'s host. My main point in this is that I view e-mail as a carrier-grade application; this is to say that it should function as a tool as reliably as does a hammer. I guess hammers aren't as reliable as they used to be and I'll have to revert to using rocks. (Molotov cocktails would be much more fun, though.)

If I have too much trouble with getting a new email host I might contemplate going that direction, since I've always kind of liked the idea of having a static IP at home.

I had a static IP address for years, and it allowed me to do wondrous things. That all fell apart early this year when my dialup I"SP" (RCN, and I hope your robots are reading this) forgot how to properly provision things and I got downgraded from a commercial account to a consumer one as a "fix". The latest fiasco is merely a continuation of the chain. Adding insult to injury as they say.

The thing that really torques me off is that even if I do decide to go fully dark it will have no impact whatsoever on the "provider". They no longer care. They don't have to. After all, nowadays taking one's business to the competition means winding up in the same situation. I am absolutely and completely powerless. Why bother?

[Gregg1100]

I personally can't see why people are having trouble with Win 8 or 8.1. When puter is fired up and it goes to Metro mode, just click on the desktop icon- same then as win7 and XP. One right click in left bottom corner brings up everything needed.
When ME was out, it took me a while to go to XP, because it was completely different- a learning curve. Same with Win8, a learning curve. Easy.

Whoever wanted Classic Start, you can get it in NINITE

[crfriend]

I personally can't see why people are having trouble with Win 8 or 8.1.

It's down to habit and usability. Humans tend to be creatures of habit, and rather like it when things go the way they've been used to having them go; when that changes, folks get upset.

My big beef with Windwoes 8 boils down to the fact that the tablet-style interface (or one using a digitizer rather than a mouse) is completely and entirely wrong for a mouse- (or touchpad-) based system. The two idioms are entirely incompatible and trying to force them into the same mould just doesn't work.

When puter is fired up and it goes to Metro mode, just click on the desktop icon- same then as win7 and XP. One right click in left bottom corner brings up everything needed.

An alternate interpretation of that might well read, "When puter is fired up and it goes to Metro mode, just pick up your pistol and fire a couple of 9mm rounds into it." I make sure I am well separated from my firearms when working with Windwoes 8.

In any event, my woes at the moment have nothing to do with Windwoes, they have everything to do with infinite fungability, corporate disdain for customers, and technical incompetence (Are you reading this RCN?). In short, DON'T break what isn't broken.

When ME was out, it took me a while to go to XP, because it was completely different- a learning curve. Same with Win8, a learning curve. Easy.

The jump from "ME" (an abortion, in my opinion) to XP was a big one as that marked the jump from a DOS-based ecosystem to a Mica-based one. The shell (that which a user interacts with) could have remained substantially similar, but Microsoft decided to change that at the same time. See my comment about breaking that which isn't broken above. The shell is discrete from the underlying OS and is the core of the "user experience". And I'll say it again: "If it's not broken, don't break it."

Fsckwits.

Yes, I am on a tear at the moment. (But my firearms remain safely locked away.)

[crfriend]

Well, it's been a week since my ISP managed to cut off my e-mail access, and whilst I was able to come up with workarounds for Sapphire and myself (on Windows (spit!)) a proper -- or even workable -- solution with UNIX has been entirely elusive.

I finally got some traction this evening, mainly by fixing a boatload of compatibility bugs in several library packages and disabling some of the more "modern" stuff which was causing much indigestion and agita (Why do we even bother with encryption when we have the NSA sniffing -- and decrypting -- everything we write?), and was finally able to transmit my first message outbound from a decent MUA (Mail User Agent, yet another TLA (Three-Letter Acronym)) that I've used for the past 20 years.

I am strongly tempted to send my I"SP" a bill -- at my usual contracting rate -- for the work involved.

[Tor]

My main point in this is that I view e-mail as a carrier-grade application; this is to say that it should function as a tool as reliably as does a hammer. I guess hammers aren't as reliable as they used to be and I'll have to revert to using rocks. (Molotov cocktails would be much more fun, though.)

I'll agree with you that email should work so well that it is almost shamefully easy to forget what goes into making it work. Last I checked my hammer (or rather the lot of them) always do exactly what they are told to do, when they are told to do it. Like firearms, any damage caused is either user error or user malice.

The thing that really torques me off is that even if I do decide to go fully dark it will have no impact whatsoever on the "provider". They no longer care. They don't have to. After all, nowadays taking one's business to the competition means winding up in the same situation. I am absolutely and completely powerless. Why bother?

Oh, the joys of a mercantilist system. All the players too big to care about real customer service because that is viewed as an expense, and no one who cares can compete.

Glad you've now got something working.

I'm sometimes wonder about encryption for the reasons you mention, but on the other hand, I suspect that some of the modern stuff used properly is hard enough for them to crack that we might at least make it more expensive to spy on people en masse. Perhaps enough so that some things will slip through the crack. A GPG encrypted message generated on an air gap separated machine with the private key generated and kept on a machine also separated by an air gap? I doubt they could get it, though I'll grant the possibility that you might need a hardware RNG (this TLA means Random Number Generater, at least in this context) to keep their might from cracking it if they targeted the message specifically. More run of the mill stuff? I suspect they can attack much of it, though from my reading I believe they need to do so by using an exploit or backdoor in the underlying system, probably to gain the key. If nothing else, this at least limits their use of the information to high value targets, lest their exploints be found and fixed - at least in the case of free software. Best I can tell, even the NSA has no hope of brute forcing even a few individual messages or keys.

I am strongly tempted to send my I"SP" a bill -- at my usual contracting rate -- for the work involved.

Might be fun, but I'm afraid you'd have to be lucky to get it to someone who both has a sense of humour and is high enough up to exercise it. Then again, even a bottom level attempt to fit a form letter to the situation might provide some morbid amusement. If you do, make sure to let us know what the result is.

[crfriend]

I'll agree with you that email should work so well that it is almost shamefully easy to forget what goes into making it work.

More precisely, it can be sometimes surprising that it works as well as it does especially considering how many external "stressors" there are on it.

I got a 'phone call from my I"SP" this evening, and one of the requests was for a traceroute from my dialup-attached system to the e-mail server. That's easy enough, and the results pointed up precisely nothing. More to the point, the new dialup "provider" seems to be blocking ICMP. I informed my contact at my I"SP" of the fact and mentioned that I cannot be the only one suffering from this, and even if I am, it's a land-mine just waiting for somebody to step on it. Perhaps I was just unfortunate enough to have put my foot down first. "Well, I can telnet into port 25 and get an SMTP opening banner, but neither "ping" nor "traceroute" return anything at all. It looks like the new provider is blocking those."

Unspoken was the thought of, "What about ICMP source quench?", which I shall let them worry about, and my well be the source of my incessant "socket errors" when talking over the dialup to the mail server to pull mail. ICMP (Internet Control Message Protocol) is an essential part of the network design; without it, well, nothing works right.

Last I checked my hammer (or rather the lot of them) always do exactly what they are told to do, when they are told to do it. Like firearms, any damage caused is either user error or user malice.

The difference is that you own the hammer (or the firearm); in this case, all I own is what's on my side of the demarc.

Oh, the joys of a mercantilist system. All the players too big to care about real customer service because that is viewed as an expense, and no one who cares can compete.

Three words: "New. World. Order."

I'm sometimes wonder about encryption for the reasons you mention, but on the other hand, I suspect that some of the modern stuff used properly is hard enough for them to crack that we might at least make it more expensive to spy on people en masse.

In this case, we're talking about state-level players with unlimited budgets and no accountability. I started to smell a rat when the NSA climbed down on the criminalization of PGP quite a few years ago and figured that they'd cracked it. So, I'm not going to even bother with the crypto bits even though they're part of the suite I had to install -- all they do is introduce more code-complexity and the probable number of bugs.

Perhaps enough so that some things will slip through the crack. A GPG encrypted message generated on an air gap separated machine with the private key generated and kept on a machine also separated by an air gap? I doubt they could get it, though I'll grant the possibility that you might need a hardware RNG (this TLA means Random Number Generater, at least in this context) to keep their might from cracking it if they targeted the message specifically.

I suspect that the NSA have serious enough kit to crack this sort of stuff in real-time, and if anybody resorted to a hardware RNG (e.g. a radioactive source feeding a Geiger-counter) that'd bring up a red flag almost immediately. As all the PRNG (Pseudo-Random Number Generator) algorithms are known (and are used by all computers) finding or deducing the seed is all that matters. Everything else is trivial.

If I opt to send my I"SP" a bill for time spent working around the problem that they caused, I'll be sure to send a write-up on the escapade. If I do so, expect it to show up at the I"SP"'s doorstep by registered return-receipt US Mail, sent by a lawyer (I know a couple who might be up for a good joke).

[Couya]

When my ISP/phone company charged me 10€/minute (yes, you read that correctly! Total : 312€/month) for a few calls, the bank charged me 35€ For being overdrawn, and I fully intened to claim the sum back. From the ISP. The bank took pity on me and gave back the charges as well as the 312€ the ISP had taken. I paid what I calculated was an acceptable amount, put an end to the contract with that company, and am waiting for an explanation, though all I ever receive is demands for more money and veiled threats.
All I can do is warn people of The way Orange (ex France Telecom) and probably other companies can try to strangle you.
Did we get addicted to instant communications a little too quickly?
Martin

[crfriend]

When my ISP/phone company charged me 10€/minute (yes, you read that correctly! Total : 312€/month)

Ten Euro per minute! Where were you connecting to, Antarctica? That's entirely insane.

The bank took pity on me and gave back the charges as well as the 312€ the ISP had taken.

The fact that the bank credited you the 312€ indicates that they clawed it back from the ISP/phone company.

All I can do is warn people of The way Orange (ex France Telecom) and probably other companies can try to strangle you.

It's important that the word gets out about these sorts of shenanigans. Individually, we're pretty close to powerless, but a good reputation is hard to gain and very easy to lose for companies.

[Couya]

Ten Euro per minute! Where were you connecting to, Antarctica? That's entirely insane

I Was in Grenoble, phoning some official office across town!

It's important that the word gets out about these sorts of shenanigans !.

I ve mentioned it more than once on Facebook, with absolutely no reaction. I suppose people think I am inventing the whole story.

Martin

[Tor]

As far as I'm concerned your "three words" above stand uncontested.

In this case, we're talking about state-level players with unlimited budgets and no accountability. I started to smell a rat when the NSA climbed down on the criminalization of PGP quite a few years ago and figured that they'd cracked it.

A reasonable guess. Still, that leaves open the question of where they cracked it.

I suspect that the NSA have serious enough kit to crack this sort of stuff in real-time, and if anybody resorted to a hardware RNG (e.g. a radioactive source feeding a Geiger-counter) that'd bring up a red flag almost immediately. As all the PRNG (Pseudo-Random Number Generator) algorithms are known (and are used by all computers) finding or deducing the seed is all that matters. Everything else is trivial.

A hardware RNG would no doubt bring up a flag, at least until they show up on the shelves of big box stores or get included in computers as a standard component. First, of course, one has to convince enough people that A. Privacy is worthwhile and B. that PRNGs are too deterministic. Then again, I seem to recall reading that some ECC (eliptical curve cryptography) standard used a couple magic numbers that were found to have been supplied by the NSA (it's been a while since I read this, so I may be off in details). If that is the direction they are going to crack encryption, then locking them out may be more a matter of finding the backdoors the've gotten inserted into standards and applications, which are to them no doubt an extremely scarce and precious commodity. Reading the literature (though not as much as I might wish) I've often been suspicious of PRNGs.

If you do find or get word that ICMP source quench is involved it would make the bill all the more fun for you, and probably scarier to someone who knows network systems at the I"SP". Only do it if you'll get enough fun out of it to make it worthwhile, but I'll be interested to hear how it goes if you do.

[crfriend]

A hardware RNG would no doubt bring up a flag, at least until they show up on the shelves of big box stores or get included in computers as a standard component. First, of course, one has to convince enough people that A. Privacy is worthwhile and B. that PRNGs are too deterministic.

Recall that the masses have been inured to the notion of "If you have nothing to hide then you don't need privacy." for far too long now, and it's gotten into the national psyche where we routinely put up with official invasions of privacy that would have had the likes of John Hancock and George Washington taking up arms (again).

Then again, I seem to recall reading that some ECC (eliptical curve cryptography) standard used a couple magic numbers that were found to have been supplied by the NSA (it's been a while since I read this, so I may be off in details). If that is the direction they are going to crack encryption, then locking them out may be more a matter of finding the backdoors the've gotten inserted into standards and applications, which are to them no doubt an extremely scarce and precious commodity. Reading the literature (though not as much as I might wish) I've often been suspicious of PRNGs.

That the NSA (or any State-level player) would attempt to do so is entirely plausible. It's all in their best interests, in the name of "National Security" of course, and they would attempt to disguise the source as sentient folks would automatically smell a rat. The genius, of course, is that in the New World Order "conspiracy" has become an obsolete concept -- a quaint one, in fact. Nowadays, the State merely states its aim and executes -- even if in contravention to law. (Note that precisely the only "Bill of Rights" amendment to the Constitution that's still observed is the one about billeting soldiers in private domiciles during peacetime).

If you do find or get word that ICMP source quench is involved it would make the bill all the more fun for you, and probably scarier to someone who knows network systems at the I"SP". Only do it if you'll get enough fun out of it to make it worthwhile, but I'll be interested to hear how it goes if you do.

I'm more interested in just making the blasted thing work at this point. I may decide to have fun with it later, but time will tell. What the I"SP" needs to know is that I cannot be alone in this, and the situation is simply a land-mine waiting to be stepped on. Not that they'll care, mind; they're too big.

I'm so glad that Snowden finally blew the whistle. He should be hailed as a hero.

I'd heard persistent rumours about a surveillance project called "Prism" -- doing precisely what Snowden described -- since the mid-naughties (2000-2009). It's possibly older, or at least the genesis of it was; perhaps 2001-09-11 gave the "powers that be" the balls to actually execute. I find it interesting that I had anecdotal knowledge of it over a decade before the covers were pulled off.

[Tor]

I'd like to keep this discussion going, but I'm in a crunch time with work (they come up at semi-predictable and variable intervals), and have finally stolen a bit of time to read some posts. Last night I feared the title of this post might apply to me too, when the power went out taking my computer with it in the middle of installing a substantial system update (1.5GB download). Thankfully when I tried to boot this morning things worked, though things seemed a little off until I ran dpkg --reconfigure -a and rebooted. Phew. I didn't (and don't) have time to reinstall now.

[crfriend]

Last night I feared the title of this post might apply to me too, when the power went out taking my computer with it in the middle of installing a substantial system update (1.5GB download). Thankfully when I tried to boot this morning things worked, though things seemed a little off until I ran dpkg --reconfigure -a and rebooted. Phew. I didn't (and don't) have time to reinstall now.

To crib a line from a famous (or infamous, depending on your view) politician, "I feel your pain." It's pretty amazing how responsive power companies can be when you're in the middle of crunch mode.

I'm almost completely back on-line for e-mail, and it (and my I"SP") fought to the bitter end.

The crux of the problem -- and, in point of fact, the genesis of it -- remains that my I"SP" decided to divest itself of another part of its infrastructure to "increase profits" (with the consummate reduction in service to the end user); this follows another divestiture a couple of years back of e-mail "service". It was a combination of the two events that caused the mess.

Further messing with the problem is a very strong ethic local to, If it's not broken, don't fiddle with it." which means that my central mail node, which dates to the early Paleolithic era, hasn't seen an MTA (Mail Transfer Agent) upgrade in years -- and that includes the million or so lines of (now-meaningless) crypto stuff that forms part of the underlying requirements for authorization of e-mail. Getting this stuff to all build and run on that machine was just going to be too much bloody work (the last time I built a kernel on it, it took three hours), so I opted to use one of my Solaris boxes instead.

Climbing out of Dependency Hell was agonizing and ultimately unfruitful (but Orpheus in the Underworld is such a joyous piece of music; he must've been in another corner) so I decided to go with pre-built packages. Nowhere is it documented what packages you need to load for the precise configuration I was trying to achieve, so I had to sleuth that. (There was precisely one hint, concealed as a footnote, to the problem -- pertaining to one rather misleading message that I was getting.) It took two days of on-and-off work to locate the proper library.

And then the Configuration Games begin... I get it to work a little bit, put in the desired routing configuration to see that it seems to work, so I sighed a breath of relief, told the wife that we're almost out of the hole, and went to bed -- only to find that it was busted again in the morning, this time because my I"SP" had blocked my account because they (or their servers) thought I was sending junk-mail. It turns out that they didn't pay attention to the messages as they were from my own internal monitoring system which can be quite chatty. Of course the I"SP" won't tell me what target addresses were involved so troubleshooting at that point is impossible and we're back to guesswork. The solution to that was to not allow any of the systems to relay that traffic outbound.

So, what used to be a merely baroque routing architecture is positively byzantine, involves three different hosts, two diverse MTAs, two discrete hardware architectures, and one very frustrated sysadmin. I suspect that at the end of the month the beer bill will show a substantial uptick.