Tag: IT

Cox Claims to Be Unable to Revoke a DHCP Lease

I've always advocated being kind to tech support people. They have a tough job, it's not their fault you have a problem, and they spend all day dealing with abuse from people who act like it is their fault.

Well, yesterday, for the first time in my life, I cursed out a phone support rep. I'm not proud of it, but in my defense, I'd been talking to support for 90 minutes by that point, and the last 30 of that had been a conversation where this tier-2 rep talked in circles, blamed me for problems with their server, repeatedly said she couldn't help me, refused to listen to my explanations of the problem, and acted like a condescending ass.

Seriously, this is the worst tech support experience I have ever had. Beating out the previous record-holder, the guy who told me that my burned-out power supply wasn't really burned-out, I was probably experiencing a software issue. After I told him there were burn marks on the power connector.

At least that one was funny. The conversation I had with Cox yesterday wasn't funny, just infuriating.

Here's what happened: on Monday evening, when I tried to send an E-Mail, I started getting this error:

An error occurred while sending mail: The mail server sent an incorrect greeting:
fed1rmimpo306.cox.net cox connection refused from [my IP address].

I tried unplugging the modem to see if I'd get a new IP assigned. No luck. I tried turning the computer off and then on again. No luck. I tried sending mail from other devices. Same result.

So on Tuesday afternoon, I pulled up Cox's live support chat to ask for some help.

The rep eventually told me he'd escalate, and that the issue should be fixed within 24 hours.

Just shy of 27 hours later, I pulled up Cox's live support chat again, to ask what the problem was.

The rep -- a different one this time -- quoted me this feedback from the ticket:

Good afternoon, the log below shows the username can send on our servers. This may be a software, device or network issue. Please review the notes and contact the customer.

In other words, they'd tested the wrong thing. The mail server was rejecting my connection, based on my IP address, before my mail client sent my username and password. And Cox's solution to this was...to confirm that my username and password were working.

I explained this to the rep, over the course of 75 excruciating minutes. I demonstrated by disconnecting my phone from my wifi network and sending an E-Mail while connected to my wireless carrier. It worked when I connected to Cox's SMTP server over LTE; the same mail app on the same phone failed when connected to my wifi.

I explained that the mail server was blocking connections from my IP address, and that they needed to either make it stop blocking my IP address or assign me a different IP address.

The rep told me that was impossible, that residential accounts use DHCP, which assigns IP addresses at random.

I told him that I know what DHCP is, and that I wasn't asking for a static IP address, I was just asking for someone to revoke my DHCP lease and assign my modem a new IP address from the DHCP pool.

He told me that the only way to get a new IP address is to disconnect your modem for 24 hours.

I told him that was unacceptable, and I asked if there was anyone else I could talk to.

He gave me a number to call.

The person who answered the phone said she'd escalate to a tier-2 tech. I said, pointedly, that I did not understand why nobody had thought to do that in the preceding 75 minutes.

As it turns out, tier-2 techs are worse than tier-1 techs. Tier-1 techs at least know that they don't know everything, and are willing to ask for help from people who know more than they do. Tier-2 techs think they do know everything, will not ask for help from someone who knows more than they do, and certainly will not listen to a customer who knows more than they do.

Well, probably not all of them. But that was sure as hell my experience with the tier-2 tech I got stuck with.

First, she had the sheer gall to tell me my modem wasn't connected to the Internet.

I told her I could connect to websites, I could receive E-Mail, and that the error message on sending mail was not a timeout, it was a Connection Refused. I added that I was doing this from a computer that was connected to my router by a cable, that I had not accidentally jumped on somebody else's wifi.

She would have none of it. She insisted "We can't see your connection here, so you're not connected." Repeatedly. When I told her that I was clearly connected to the Internet, she just kept telling me that no, I wasn't.

Finally she told me to bypass my router and plug my desktop directly into my modem. I told her that this wouldn't fix anything, because this was happening from multiple devices that all had Internet access. She got huffy and standoffish and told me she couldn't help me if I wasn't willing to do what she asked.

So I did it. I climbed back behind my computer, traced the cable to the router, and swapped it with the one coming from the modem.

Absolutely nothing changed. Except that she said. "Oh. You're running a Linux computer? We don't support Linux."

I responded, "The operating system I am using is not relevant to whether your server is accepting connections from my IP address."

But some reps aren't interested in helping. They're only interested in finding an excuse for why they don't have to help you.

I asked her if there was any way she could determine why my IP was being blocked. I noted that it seemed to be on some sort of blacklist.

She asked if I'd checked whether it was on any public blacklist. I responded that I had, and that it had an expired listing on SORBS from 2013 -- well before it was my IP address; I've only lived in this house since 2014 --, that I hadn't found it in any other blacklist, and that a SORBS listing from over two years ago should not result in my suddenly losing the ability to connect to SMTP two days ago.

She said that if I was on a blacklist, those were handled by third parties and it was my responsibility to get de-listed. I explained that I did not see my IP on any currently-active blacklists, and asked if she could look up what was causing the rejection. She said she couldn't.

I asked if she could reset my IP. She said that the only way to do it would be to shut down my modem for 25 hours. (Already I had somehow lost another hour!)

I told her that was unacceptable, and asked how I could get it reset remotely.

She told me that was impossible, that residential accounts use DHCP, which assigns IP addresses at random, and that the only way to get a new DHCP address is to disconnect your modem for 25 hours.

I told her that it is not impossible, that the same router that provides DHCP leases is capable of revoking them, and that I needed somebody to do that for me.

We went round and round like this for awhile.

At one point, she said, "We can't do that; it's done automatically."

I responded that anything a computer does automatically can also be done manually, and that there is certainly someone in Cox who has the account access to log into the router that is assigning IP addresses and revoke a lease.

She started to explain DHCP to me again -- it was about the fifth time at this point -- and I snapped.

I shouted, "I know how DHCP works; I ran an ISP, for fuck's sake!"

I feel kinda bad about that.

I finally got pushed over to a supervisor -- another twenty minutes on hold -- who tried to tell me that Cox can't help me because they don't support third-party programs like what I'm using, and that if I could send messages from webmail, that's what I should do.

I said, "Are you seriously telling me that Cox does not support sending E-Mail from phones or tablets?"

The supervisor backed off that claim and said that she didn't really understand the technical stuff, that she could send me back to tier 2.

I responded that it had been two hours and I didn't think it was in anyone's best interest for me to continue this conversation, but that if I decided to call back tomorrow, what could I do to get some service?

She said to ask for tier 2 again, and this time ask for a manager.

I'm debating whether I really want to deal with that kind of aggravation, or if I'd be happier just abandoning the Cox E-Mail address that I've been using for fifteen fucking years.

Incidentally, Cox just jacked its prices up by $7 a month. Why is it that every time the cost goes up, the quality of service goes down? I remember the first time they hiked my bill, they dropped Usenet service.

That was in 2009. Since then my bill's gone up $27. My service sucks; several times a day my connection just stops working and I have to restart the modem.

And of course I can't switch to another ISP, because there isn't one available at my address. My "choices", such as they are, are as follows:

  • Pay $74 a month for Cox
  • Steal wifi from a neighbor who's paying for Cox
  • See how far I can get using only my phone's data plan for Internet access

I'm pretty much fucked, like most Americans are on broadband access.

And the hell of it is, even if there were another provider available, all the alternatives seem to be even worse.

I mean, Christ, at least I don't have Time Warner or Comcast.

E-Mails and Passwords

So the other day I decided it was past time to reset all my passwords.

I'm pretty good about password hygiene. I've been using a password locker for years, with a unique, randomly-generated* password for every account I use. But I'll admit that, like most of us, I don't do as good a job of password rotation as I might. That's probably because I've managed to amass over 150 different accounts across different sites, and resetting 150 different passwords is a giant pain in the ass.

(I'm thinking that, from here on in, I should pick a subset of passwords to reset every month, so I never wind up having to reset all 150 at once again. It would also help me to clear out the cruft and not keep logins for sites that no longer exist, or which I'm never going to use again, or where I can't even find the damn login page anymore.)

There was one more reason I decided now was a good time to do a mass update: I've got two E-Mail addresses that have turned into spam holes. As I've mentioned previously, I'm currently looking for work and getting inundated with job spam; unfortunately I went and put my primary E-Mail address at the top of my resume, which in hindsight was a mistake. Never post your personal E-Mail in any public place; always use a throwaway.

Which I do, most of the time -- and that's created a second problem: I've been signing up for websites with the same E-Mail address for 15 years, and also used to use it in my whois information. (I've since switched to dedicated E-Mail addresses that I use only for domain registration.) So now, that E-Mail has turned into a huge spam hole; it's currently got over 500 messages in its Junk folder, and that's with a filter that deletes anything that's been in there longer than a week. My spam filters are well-trained, but unfortunately they only run on the client side, not the server side, so any time Thunderbird isn't running on my desktop, my spam doesn't get filtered. (If I'm out of the house, I can tell if the network's gone down, because I start getting a bunch of spam in my inbox on my phone.)

So now I've gone and created two new E-Mail addresses: one that's just for E-Mails about jobs, and another as my new all-purpose signing-up-for-things address.

My hope is that the companies hammering my primary E-Mail address with job notifications will eventually switch to the new, jobs-only E-Mail address, and I'll get my personal E-Mail address back to normal. And that I can quit using the Spam Hole address entirely and switch all my accounts over to the new address. Which hopefully shouldn't get as spam-filled as the old one since I haven't published it in a publicly-accessible place like whois.

Anyway, some things to take into account with E-Mail and passwords:

  • Don't use your personal E-Mail address for anything but personal communication. Don't give it to anyone you don't know.
  • Keep at least one secondary E-Mail address that you can abandon if it gets compromised or filled up with spam. It's not necessarily a bad idea to have several -- in my case, I've got one for accounts at various sites, several that I use as contacts for web domains, and one that's just for communication about jobs.
  • Use a password locker. 1Password, Keepass, and Lastpass are all pretty highly-regarded, but they're just three of the many available options.
  • Remember all the different devices you'll be using these passwords on.
    • I'm using a Linux desktop, an OSX desktop, a Windows desktop, and an Android phone; that means I need to pick a password locker that will run on all those different OS's.
    • And have some way of keeping the data synced across them.
    • And don't forget that, even with a password locker, chances are that at some point you'll end up having to type some of these passwords manually, on a screen keyboard. Adding brackets and carets and other symbols to your password will make it more secure, but you're going to want to weigh that against the hassle of having to dive three levels deep into your screen keyboard just to type those symbols. It may be worth it if it's the password for, say, your bank account, but it's definitely not worth it for your Gmail login.
  • Of course, you need a master password to access all those other passwords, and you should choose a good one. There's no point in picking a bunch of unique, strong passwords if you protect them with a shitty unsecure password. There are ways to come up with a password that's secure but easy to remember:
    • The "correct horse battery staple" method of creating a passphrase of four random words is a good one, but there are caveats:
      • You have to make sure they're actually random words, words that don't have anything to do with each other. Edward Snowden's example, "MargaretThatcheris110%SEXY.", is not actually very secure; it follows correct English sentence structure, "MargaretThatcher" and "110%" are each effectively one word since they're commonly-used phrases, the word "SEXY" is common as fuck in passwords, and mixed case and punctuation don't really make your password significantly more secure if, for example, you capitalize the beginnings of words or entire words and end sentences with periods, question marks, or exclamation points. Basically, if you pick the words in your passphrase yourself, they're not random enough; use a computer to pick the words for you.
      • And this method unfortunately doesn't work very well on a screen keyboard. Unless you know of a screen keyboard that autocompletes words inside a password prompt but won't remember those words or their sequence. I think this would be a very good idea for screen keyboards to implement, but I don't know of any that do it.
    • There are programs and sites that generate pronounceable passwords -- something like "ahx2Boh8" or "ireeQuaico". Sequences of letters (and possibly numbers) that are gibberish but can be pronounced, which makes them easy to remember -- a little less secure than a password that doesn't follow such a rule, but a lot more secure than a dictionary word. But read reviews before you use one of these services -- you want to make sure that the passwords it generates are sufficiently random to be secure, and that it's reputable and can be trusted not to snoop on you and send that master password off to some third party. It's best to pick one that generates multiple passwords at once; if you pick one from a list it's harder for a third party to know which one you chose.
  • Of course, any password is memorable if you type it enough times.
  • And no password is going to protect you from a targeted attack by a sufficiently dedicated and resourceful attacker -- if somebody's after something you've got, he can probably find somebody in tech support for your ISP, or your registrar, or your hosting provider, or your phone company, or some company you've bought something from, somewhere, who can be tricked into giving him access to your account. Or maybe he'll exploit a zero-day vulnerability. Or maybe one of the sites you've got an account with will be compromised and they'll get everybody's account information. Password security isn't about protecting yourself against a targeted attack. It's about making yourself a bigger hassle to go after than the guy sitting next to you, like the old joke about "I don't have to outrun the tiger, I just have to outrun you." And it's about minimizing the amount of damage somebody can do if he does compromise one of your accounts.
  • And speaking of social engineering, security questions are deliberate vulnerabilities, and they are bullshit. Never answer a security question truthfully. If security questions are optional, do not fill them out. If they are not optional and a site forces you to add a security question, your best bet is to generate a pseudorandom answer (remember you may have to read it over the phone, so a pronounceable password or "correct horse battery staple"-style phrase would be a good idea here, though you could always just use letters and numbers too -- knowing the phonetic alphabet helps) and store it in your password locker alongside your username and password.
  • You know what else is stupid? Password strength indicators. I once used one (it was Plesk's) that rejected K"Nb\:uO`) as weak but accepted P@55w0rd as strong. You can generally ignore password strength indicators, unless they reject your password outright and make you come up with a new one.

* For the purposes of this discussion, I will be using the words "random" and "pseudorandom" interchangeably, because the difference between the two things is beyond the scope of this post.

What Now?

So today I got the old "Well, the project's almost over and we don't know what that means for you" talk.

As per usual, if it were up to the discretion of people I have actually met, I'd have the job. But, as per usual, I am at the mercy of west-coast bean counters.

The thing about that: when you complete a project weeks ahead of schedule, the people who have actually met you think, "Hey, maybe we should keep this guy around." But the bean counters tend to think, "Oh good, that means we can cut him loose that much sooner." Here's hoping the people who value me win the argument for a change.

Apparently I've got, at the very least, two weeks left. Which could mean I become unemployed just in time for my thirtieth birthday. I don't think it'll be that soon, but man that would be a fun little extra coincidence.

So it goes. I'm sanguine, I guess. I'd like to keep my job -- it's a good gig, it pays fairly, I'm settled and I like the people I'm working with -- but you know, if I'm forced into another change of scenery, I'll make the best of that too.

If nothing else, there are plenty of companies that could still use a guy who can handle a Windows 7 migration.

Never a Dull Moment

Today's adventure: trying to figure out how to get two rather large pallets of networking equipment from the curb to the NOC. Without a pallet jack.

But hey, at least it was only 99 degrees out.

Garbage

Dear everybody who has ever mailed me back a filthy keyboard,

I don't mail you my garbage for you to throw away.

Maybe someday I'll just mail a user a half-eaten sandwich. Here, have some disgusting trash.

Tags:

Not a Luddite, But...

Until recently, I used to tell people that, for a computer scientist, I'm something of a Luddite. I don't use Facebook or Twitter, I don't have a smartphone -- I don't even text.

More recently, it's occurred to me that it's not that I'm a Luddite, I'm just a guy with a different set of priorities. And actually my tech savvy is probably responsible for some of that.

I don't have a Facebook account because I want control of my privacy settings. It's not like I'm anonymous or anything; if you're reading this, then profoundly embarrassing things with my real name attached to them are just a couple of clicks away. A couple of clicks max.

But that's my call. That's not "third-party site suddenly changes its privacy policy without warning" territory. And whatever I may put on this site, it certainly doesn't constitute permission for advertisers to sell it to each other.

I understand the appeal of Facebook. I did the MySpace thing, back when that was a thing people were doing. It was cool to get back in touch with people I hadn't seen since high school. But ultmately it was a new place for them to send me all those damn chain E-Mails and personality tests I had asked them all to stop sending me; it was a time sink of the sort I'm not much interested in anymore, and if they really want to get in touch with me they can Google my name. I'm not hard to find.

As for Twitter -- well shit, if you read this blog you already know that even my off-the-cuff single-sentence posts won't fit in 140 characters. I am not at my best in short bursts; I am at my best telling long, rambling stories that set up an atmosphere. (Kazz once compared me to Garrison Keillor. I'm pretty sure that was after he kicked that beer can into the back of my head.)

On texting, well, my initial opinion of it is pretty much what Samuel L Jackson had to say about it on Boondocks (NSFW):

But that's because I have a simple, 12-button flip phone. I understand that texting's a lot quicker if you've got a touchscreen or a keyboard, and I understand its value for quick, asynchronous, precise communication. It's not a replacement for a phone call, it's a replacement for voicemail. And voicemail sucks.

As for why I don't have a smartphone: Well, to start with, I've always been a horsepower guy. I sit at a computer all day at work and then I go sit at another one at home. As such I've never really felt much need for a laptop (I got my first one for free maybe a year and a half ago and barely use it), let alone a smartphone.

On the other hand, I do like toys. And I can really see the appeal of a Hitchhiker's Guide to the Galaxy that fits in my pocket. Not to mention, you know, I am a computer scientist, and this is the future of computing.

So yeah, I've kinda hit a point where I want a smartphone.

But then you hit the predatory pricing.

I'm with Sprint. They've been good to me. But I will be goddamned if I'm going to enter into a two-year, $60-a-month-minimum contract with them.

I'm a temp. I don't know if I'll be employed come December. If I get hired, I'll probably buy a smartphone (just in time for all the Christmas sales!). But I'll also probably jump ship to Virgin or Cricket or one of the pay-as-you-go carriers.

Meantime, I've got this little Samsung flip phone I've had for some 5 years, that is serviceable as a phone and alarm clock and little else. For example, I discovered the other day that it doesn't even have a way to transfer the photos you take with it to a computer. Which I guess is okay, because I never use that camera anyway and it's scratched to fuck as it is.

(I discovered this after getting my picture with Phil LaMarr at Phoenix Comicon last month. That's not a very long story but it is a story for another day, I think.)

Bright Side of Life

You know, I spend a lot of time complaining about stupid users. So let me take a moment to thank the smart ones.

If you have ever packed something appropriately, so that it's properly cushioned and doesn't bounce around, thank you.

If you have gotten it in the mail as soon as it was ready to go so that I didn't have to call and remind you, thank you.

If you made sure that all your stuff was properly backed up so that I didn't have to dig your computer out of a stack weeks later, thank you!

If you haven't shipped a horrific, toxic-looking keyboard back for me to dispose of for you, seriously, thank you so much.

And if you've actually thought to wipe down your equipment before shipping it back, I could kiss you.

Really. I got an old computer back today that somebody actually took a minute to clean first and it legitimately made my day.

Tags:

Boxes are Hard.

It's vexed me for years and years that end users seem unable to comprehend very simple things like what a Web browser is, the difference between Windows and Office, and how to come up with effective search terms to type into Google.

In more recent years, I have come to understand that, for some of these people, simply putting a thing in a box and affixing a label to it is a nigh-impossible process.

Today I received a desktop computer that was just thrown into a box with no padding whatsoever -- a current model and redeployable (well, maybe not anymore) -- and an old, past-end-of-life laptop packed inside of multiple boxes and wrapped in layer after layer of bubble wrap with tape. The former shipped from out-of-state, while the latter came from an office two blocks away from mine. Would be nice if they could work out some sort of happy medium.

Two weeks ago I missed a day of work with a migraine. The day after that I scrambled and played catchup and shipped two days' worth of computers in one day. Turnaround time from shipping a new computer to receiving the old one is right about two weeks, so today I was hit with two days' worth of returns in one day.

And okay, I've spent enough of this post complaining about stupid users that I'll take a moment and acknowledge my own stupid fuckup of the day.

I had a giant pile of boxes in front of me and a small pile of outbound machines, and I started to stress out about it a little. And I made a mistake.

I took a break from processing returns to ship a machine out, and I got my wires crossed and started going through the return process. I deleted a user's old computer and its access group from ActiveDirectory, before shipping her replacement. And since I don't have access to fix that, I had to ask my coworker to take care of it.

It's about that time I decided I should probably take some deep breaths and try to relax before doing anything else -- not just for fear of more sloppy mistakes, but because if I'm not careful I'll give myself another migraine, and then I'll just be going through this same song and dance again in a couple weeks.

Still opted not to take a break right away -- because that just means more crap I gotta do tomorrow -- but I slowed down a bit. Got through maybe half the stack, finally got enough facefuls of dust from old Dells that I decided to call it quits for the day.

So, more to do tomorrow. But I guess that's the closest thing a temp ever gets to job security.

YUMI

Had a spot of trouble with a hard drive at work today and decided to see what thumb drive Linux is like these days. I found a program called YUMI (Your Universal Multiboot Installer) at pendrivelinux.com and discovered that it's pretty great.

YUMI is a simple Windows executable. It's got a long list of Linuxes -- Ubuntus, Fedoras, server OS's like CentOS, small OS's like Damn Small Linux and Puppy, and non-Linuxes like FreeDOS, as well as special-purpose diagnostic software like Ultimate Boot CD and various AV vendors' recovery discs.

Click on one of the supported OS's, point YUMI at an ISO, and it'll install it on your thumb drive -- as many as will fit, with GRUB to select which one you want at boot time. Better still, if you don't have an ISO, it's got a one-click download for every single one of them.

And while it's got dozens of supported OS's built in, it'll do arbitrary bootable ISO's, too; I tried two and found that one (the latest FreeDOS installer) worked while the other (Hitachi Drive Fitness Test) did not.

As for Puppy, it's definitely seen some progress in the years since I last used it but my gripes remain much the same: instead of programs being labeled by name, they have generic descriptions (hypothetically a good idea for neophyte users who don't know what Seamonkey is, but in practice I think "Web" would probably be a better name than "Browse"), and the package management system is less than entirely intuitive. Still, for coming in around 100MB it's a damned impressive, and a whole lot easier on the eyes than the last time I tried it.

Anyway, YUMI's made it easy enough to set up that you can easily spend a couple hours (or more) screwing around with various USB bootkits. It's an impressive piece of software and one I'll definitely be keeping in my admin toolkit.

(There appears to be a Linux equivalent called Multisystem LiveUSB Tool. I haven't tried it out yet so I can't vouch for it, but if you're looking for, you know, a Linux tool for Linux, that might be something to check out.)