BlakJak's blog

Surprised I didn't put this out there earlier...

Freeparking (a large domain name registrar in New Zealand) have been using Cyber Security for marketing purposes, pushing the .kiwi tld.

Today I got the following within (yet another) marketing plug from them:

"Cyber threats are on the rise in New Zealand and many small to medium business are leaving themselves vulnerable by not securing the core domains recognised in New Zealand. At Freeparking, we want to help you protect your brand which is why we had these domains put on hold for you - but time is running out, your .KIWI domains are expiring soon, so ensure you claim and renew your domains now!"

What they actually did was pre-emptively register the .kiwi variations of domain names registered by their customers, a year ago, and the annual renewal is coming due.

I finally put my finger on the change to vertical scrollbars in Ubuntu that I wasn't expecting.

It's described at this stackexchange post and also on a Mozilla page. I'm giving the settings.ini option a go.

Not that I don't think the 'warp' idea is a bad one. But they should've put it on the right click by default, I feel.. not the left.

So.. this is proving a bit of a peeve... advice appreciated:

- HP Laptop set up with BIOS Clock showing local time.
- Ubuntu Linux set up (17.10) and shows local time correctly.
- Windows 10 (OEM, albeit with less HDD assigned) keeps putting itself back in time by 13 hours! (We're in DST, so we're UTC +13. Coincidence?)

If I toggle Windows 10 auto-sync off-and-on again and it resync's via NTP, the clock goes back to normal.
I can't make sense of it. And Windows 10 seem to have stunted the ability to manually get the clock to sync.

I spend about half my time in Windows and the other half in Linux, so this is bloody annoying.

Editors Note: This page originally cited that Reddit was the source of the popup ads. Having closed Reddit down for a while it happened again - see amendment - and the only common factor was Memory Alpha (The Star Trek Wiki) - which rings true as I had suspected similar some time ago. I've been re-watching Star Trek via Netflix and following the production notes on Memory-Alpha as I go, so there's been a tab floating on one of their content pages for a while. :(

Mobile browser has been popping up with fake ads proporting to be flogging large-value Countdown supermarket vouchers (but only if you fill it in real fast, 2 minutes!)...

The content is hosted on cloudfront (AWS) and when I later reopened the URL to investigate it I got redirected to - a domain hosted by Cloudflare, and apparently registered to:

Domain Name:
Registry Domain ID: 1941599927_DOMAIN_COM-VRSN
Registrar WHOIS Server:
Registrar URL:
Updated Date: 2017-08-13T14:21:02Z
Creation Date: 2015-06-24T13:02:50Z
Registrar Registration Expiration Date: 2018-06-24T13:02:50Z
Registrar: PSI-USA, Inc. dba Domain Robot
Registrar IANA ID: 151
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +49.94159559482

Registrant Name: Jimmy Nguyen
Registrant Organization: AP Marketing Asia Pacific Pte Ltd
Registrant Street: Unit 706 7/F South Sea Centre Tower 2, 75 Mody Road
Registrant City: Hong Kong
Registrant State/Province: Kowloon
Registrant Postal Code: 852
Registrant Country: HK
Registrant Phone: +49.615185080
Registrant Phone Ext:
Registrant Fax: +49.61518508111
Registrant Fax Ext:
Registrant Email:

Registry Tech ID:
Tech Name: Department Systemadministration

Had a bit of a tinker with my daughters Chromebook today.
In particular wanted to see if I could make it boot from USB (to find a way of running an OS on it other than ChromeOS, and without actually hosing the ChromeOS instance in the process.

Managed to generally follow the instructions I found at to enable Developer mode.

Once done, you boot it up as usual (Ctrl-D to keep booting) and once started, tied to Wifi and logged in with your Google account, you can use Ctrl-Alt-T to run a ChromeOS Terminal, and from there type 'shell' to get a bash shell.
The trap is that you're then logged in as 'chronos' and to be able to act as root you need to be able to su upward... requiring the knowledge of the password for chronos. The instructions I then found on Reddit (Ctrl-Alt-RightArrowFunction) lets you open a rootshell using the previously set root password, and then set a password for the user chronos, which can then be used to fully interact without tasking out of the Window manager...

Unfortunately the instructions to let the thing boot of USB don't appear to work, and it appears, i'm not the only one to confront this. .

That's about as far as i've gotten, I don't particularly want to brick it, nor have to factory default it as such. Just be nice to have an alternative boot option occasionally. Sigh...

Today's fail was brought to you by Microsoft.

Above from - Click on the link to see the screenshot that makes it all very obvious.

See also

It appears only Firefox and Chrome appear to even validate this, but it means that numerous Microsoft systems including Office 365 (Sharepoint Online, Onedrive for Business, Azure and others) simply aren't letting Firefox users in (Because Firefox treats the error as Fatal). Apparently Chrome works-but-regards-as-insecure and IE still works without showing the user anything.

Unfortunately the workaround is to set the security.ssl.enable_ocsp_stapling. to false in about:config in Firefox (disabling the check).

I suppose the trick is getting all those users who implement the workaround to turn the check back on when Microsoft fix it?

Even one of the biggest technology companies in the world can fail at the basics.

Probably not the first time i've done it - renewing my Letsencrypt SSL certs without then actually bouncing daemons to load new certs.

Some tips for validating that your cert is actually working:

Firstly, show cert details:

blakjak@raven:~$ openssl s_client -connect localhost:25 -starttls smtp

Look for (in my case) something like:

issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

And then there's IMAP and POP, the below will quickly show the dates of your cert:

blakjak@raven:~$ openssl s_client -connect localhost:993 2>/dev/null | openssl x509 -noout -dates
notBefore=May 17 07:45:00 2017 GMT
notAfter=Aug 15 07:45:00 2017 GMT
blakjak@raven:~$ openssl s_client -connect localhost:995 2>/dev/null | openssl x509 -noout -dates
notBefore=May 17 07:45:00 2017 GMT
notAfter=Aug 15 07:45:00 2017 GMT

I got asked to write a blog for the ITP's Techblog.
You can read it on their site, of course (and I encourage this!), but I'm also reproducing it here for posterity (call it a backup copy, hah!).

Been a while since I wrote anything for external publication. I apologise in advance :)

NZNOG 2017 - working together for a better internet
Mark Foster, Guest post. 31 January 2017, 7:20 am

The New Zealand Network Operators Group has been holding a conference annually for the last 15 years, and the 2017 edition was held last week at the Trinity Wharf Hotel in Tauranga.

The NZNOG was, like many similar groups, originally established as a mailing list to enable collaboration and coordination between the operators of internet networks across New Zealand, and was the forum through which many of the peering relationships - that is, the links between various ISPs and network operators that today carry the vast majority of domestic internet traffic - were established. The mailing list itself continues to act as a forum for discussing issues of mutual interest, but the annual NZNOG conference is also a big drawcard. It remains one of the few community-led technical conferences in New Zealand, with a reputation for delivering high-grade technical content. Just as valuable. though, is the other kind of networking - the social kind. The network operations community in New Zealand is small, and this is their annual opportunity to establish and build on those all-important inter-personal relationships that help our data move from A to B without drama. services shifted to a new VPS in the last several hours.
Hopefully everything's still working. Do get in touch if you find something borked. :)

I've had some interesting exchanges with people who've been sending me connect requests of-late. My usual approach - that I will connect with people 'with whom I have done business, or who I know personally' - tends to result in me fending off unsolicited connection requests from a swathe of people who fit into neither category. Of those, one can usually classify the request as being:

  • A recruiter, looking to recruit me for a role
  • A recruiter, looking for a role for a candidate already on the books
  • A recruiter, looking to expand their network in order to potentially action either of the above at some point in the future
  • A jobseeker, looking to make connections in order to find a role for themselves - and these are often offshore candidates (plenty from India, Pakistan, Bangledesh, Sri Lanka and South East Asia in general)
  • A Sales Manager, Account Manager or Business Development Manager looking to draw attention to their latest innovation that they really want to sell you
  • One of the aforementioned three ultimately trying for the same outcome, but being more subtle about it (playing the long game).
  • Someone else from the Industry, engaging their LION (Linked-In Open Networker) - basically expanding their professional network for as-yet-unqualified reasons (but in my experience many LION types are also sales-and-marketing focused at some level.)

All of the above - except perhaps the job-seeker and maybe the LION type - are looking to ultimately make money from me. Thus all of them are, fundamentally, sales or revenue-driven networkers who are playing off the numbers - if even 1% of connections over the course of a day/month/year engage with me for business, it's worth the relatively small mechanical effort to click 'connect'.

Syndicate content