Ghost Like Sun – Human Satellite (CD + MP3)

A while ago, I wrote an article about the IUMA demos from Ghost Like Sun. In that post, I mentioned that I’d be interested in hearing from any of the Ghost Like Sun members, particularly with information about the second album.

In early September of 2015, Leigh Newsome found that article and emailed me. We’ve been corresponding about the second album, which was titled Human Satellite and was distributed at live shows and via some online CD sales (I’m not sure how I missed it!).

Human Satellite - Cover

He sent me the album as individual .wav files and also graciously allowed me to make it available to readers of this blog. I have created a CD image which you can download here (370MB Zip file containing .bin/.cue suitable for use with burning utilities like ImgBurn). I have also encoded the tracks to VBR MP3 files if you’d prefer that format here (54MB Zip file containing 9 .mp3 files).

Here is the track listing:

1. Underneath      4:35
2. Everyday        4:22
3. Friend?         3:36
4. Golden Blue     3:39
5. Static In Here  3:57
6. One Connection  3:50
7. White Bird      4:42
8. Negative Girl   4:43
9. Human Satellite 6:01
-----------------------
Total Time: 39:28

Leigh reminisces:

“The CD was recorded over two months in California in early 2000 at two studios: GLS studio & Moody Studio. The GLS studio being our recording studio which was basically a 1 bedroom cottage I rented in Willow Glen (San Jose). I was fortunate to have a bunch of recording gear, so tracked most of the guitar and vocals. Moody Studio was my friend’s studio in Pacifica where we tracked the drums, bass, and live guitar parts.

The band for this album was: Ed Havel (vocals), Tami Plescher (vocals), myself (guitar), Peter Dosanjh (bass), & Scott Landucci (drums)

All the songs were written by myself and Ed Havel, except for WhiteBird (which is a cover song from the 1960’s band It’s Beautiful Day).

Our engineer was Paul Moody who now works at Dolby Laboratories in San Francisco.”

Here is all of the CD artwork (each of the images is clickable to reveal a larger version). Like the previous album, the artwork is quite complex and these scans don’t do it justice. If you prefer, you can download all of the images in a single PDF file here.

Human Satellite - Cover


Human Satellite - Booklet P2


Human Satellite - Booklet P3


Human Satellite - Booklet P4


Human Satellite - Booklet P5


Human Satellite - Booklet P6


Human Satellite - Back


Human Satellite - CD

I’m glad to report that this album maintains the classic Ghost Like Sun sound while expanding their musical horizons at the same time. I’ll close with a quote from the original IUMA blurb: “GhostLikeSun blends male and female vocals with translucent sound to produce the aural equivalent of your finest shimmering visions.”

Enjoy this “lost” album!

De-bloating the Dell Server Update Utility – Continued

Dell has released the 2014.12 SUU, and it continues the tradition of expanding:

12/18/2014 07:13 AM 10,589,175,808 SUU_14.12.200.69.ISO

It is no longer sufficient to simply delete all the .exe files in the \repository directory if you still want it to fit on a single-layer DVD. You should delete all of the files in \bin\Windows and \java\Windows as well. This will leave you with 4,467,253,896 bytes, which is small enough to fit on a single layer DVD.

At some point in the future, unless Dell deals with the SUU bloat by splitting the Windows and Linux discs, you will need to use a double layer DVD, even with the Windows executables removed.

Dell OptiPlex 9020 mini-review

I previously reviewed the OptiPlex 755 here, along with entries about upgrading them and installing Windows 7. Click here for those entries.

Since then, I upgraded to OptiPlex 960 systems, but I didn’t feel that it would be fair to review them since I had built them from spare parts (starting with “barebones” chassis from eBay, which are scratch & dent discards from Dell Manufacturing, and adding the necessary parts) and this wouldn’t paint a true picture of the 960. I will say that the OptiPlex 960 is the first Dell business tower system that I would consider truly attractive – they obviously spent a lot of time on the case aesthetics.

My 960’s are getting a bit long in the tooth, since I have been using them since late 2010. Windows has been getting twitchier over time, with things like Virtual PC not wanting to start, “Internet Explorer has crashed”, and so on. This is a still a record for a Windows install, since earlier versions tended to die from “bit rot” and need a wipe and reinstall every few years.

I decided to try the newest OptiPlex model, the 9020 Mini Tower, as on paper its specs looked quite good. It eliminated the floppy disk / multi-card reader bay (which I don’t use, anyway) and was rearranged internally to provide a more useful layout and selection of expansion card slots. I had hoped that this would avoid some of the hassles I’d had in the past with getting a video card to fit into the system. With two PCI Express x16 slots (one of which is only wired x4), I hoped I would be able to experiment with my Intel X540 10 Gigabit Ethernet cards.

Unfortunately, when I went to the Dell business site to configure and purchase a 9020, it seems that they only have pre-configured models available. You can’t specify which processor you want, or even if you want extra memory installed! None of the pre-configured systems were available with a set of options I felt comfortable starting with, so I ordered the 730-8285 configuration from an authorized reseller. This system’s specs are:

  • OptiPlex 9020 Mini Tower
  • Intel® Core™ i7-4770 Processor (Quad Core, 3.4GHz Turbo, 8MB, w/ HD Graphics 4600)
  • Operating System: Windows 7 Pro 64-bit (includes Windows 8.1 Pro License and Installation Disk)
  • Graphics Card: AMD Radeon HD 8570, 1GB DDR3, 1DP 1DVI
  • 8 GB 1600MHz DDR3 Memory (2 x 4 GB)
  • Keyboard: Dell KB212-B QuietKey
  • Mouse: Dell USB Optical Mouse MS111
  • Hard Drive: 1 Terabyte 7,200 RPM
  • Internal Audio Speaker
  • Intel vPro Technology Enabled
  • Resource DVD contains Diagnostics and Drivers
  • 16X DVD+/-RW Drive
  • Chassis Intrusion Switch
  • Dell 3-Year NBD Warranty

At the same time, I ordered a Samsung 840 EVO SSD (250GB) and a pair of 4GB memory modules (to upgrade the system to 16GB total). I planned on using a BDR-206BK Blu-ray burner and HIS R9 270 video card, along with an ASUS Xonar D2X (for digital audio output) from inventory to round out the system.

Upon opening the chassis, I discovered that Dell is using a new, 12V-only power supply. This is based on a concept by Fujitsu (PDF whitepaper here). Unfortunately, despite that paper ending with “The 12 V Only System is not an industry standard yet but a proprietary solution, which is currently implemented by all Tier 1 Systembuilders like e.g. Dell, HP, Fujitsu!”, each of those manufacturers seems to use a slightly different implementation. Thus, there don’t seem to be any 3rd-party manufacturers building compatible power supplies. A search for supplies only turned up people complaining about the problem, not any replacements.

The theory behind the 12V-only power supply is that most of the power requirements on the motherboard are for 12V (newer systems have had 12V rails dedicated to the processor for some time), and the remaining voltages can be more efficiently generated on the motherboard.

So, I’m stuck with the somewhat-anemic stock 290W power supply, and don’t have a good way to power the HIS video card I was planning on using. It might be possible to do something using a reverse SATA power adapter to convert the 2nd HDD SATA power connector into a pair of Molex 4-pin connectors, then use a PCI Express power adapter to convert the HIS card’s connector to a pair of mating Molex 4-pin connectors. However, this may lead to overloading something, as the HDD power connectors are supplied via a single pin from the motherboard. It doesn’t seem to be worth risking damage to the motherboard to try to make this work.

So I am now looking for an attractive case (attractive in the sense of the OptiPlex 960, not in the “Fast and the Furious” sense with neon lighting, see-through panels, etc.) and will buy a generic motherboard (probably from SuperMicro) and components to build a system from scratch. At least I won’t be limited to half-length single-slot video cards.

In summary, I would classify the OptiPlex 9020 as “Not Recommended” due to the inability to configure the system as needed. The power supply issue is probably not relevant for most business users (the primary target market for OptiPlex users). Dell originally designed the OptiPlex line “for customers who are traumatized by change” (actual quote from a Dell Marketing VP many years ago), with a guarantee that the same system configuration would continue to be orderable for a year. The limited number of packaged configurations available means that the customer may wind up with multiple versions of the 9020 if ordered in separate batches.

Bear in mind that this reviewer represents the “traditionalist” view. Articles in the trade press keep telling us that “the next generation of things (be they desktops, notebooks, or tablets) will be the last big update” because the world will have moved on to something else by the time they are due for replacement. If you take that viewpoint, the smaller form-factor OptiPlex 9020 models (which can be treated as non-upgradable) may be an appropriate fit for the business environment. But selling a “classic” mini tower form factor system with limited options and where add-in cards are limited by lack of power just doesn’t make a lot of sense.

De-bloating the Dell Server Update Utility (SUU) DVD Image

Dell issues a quarterly Server Update Utility (SUU) image which is used to update most firmware on PowerEdge servers (and some other Dell devices). As I use FreeBSD on my servers (which is not supported by Dell) I have to boot the Dell CDU CD to get a standalone Linux system suitable for launching SUU. Unfortunately, the SUU ISO image has become increasingly bloated over time, and is now too big to either burn to a double-layer DVD or upload to the 8GB vFlash card in the iDRAC. I suppose there’s some method for dealing with this if you’re running a Dell-supported operating system, but us FreeBSD users are left out. Here is a list of the last 4 quarters of SUU images, showing their sizes:

01/03/2014 08:08 AM 7,986,208,768 SUU_740_Q42013_A00.ISO
04/13/2014 08:00 AM 8,434,493,440 SUU_14.03.00_A00.iso
07/26/2014 06:36 AM 9,057,501,184 SUU_14.07.00_A00.ISO
10/21/2014 03:23 AM 9,922,859,008 SUU_14.10.200.117.iso

The main part of the bloat is that the disc contains two versions of every update utility, one for Linux systems and one for Windows systems. Since the CDU provides a Linux system, we can delete all of the Windows files with no impact. I found it easiest to copy the entire SUU DVD to a scratch directory and then delete all the .exe files from the \repository directory. There’s quite a few of them:

F:\repository>dir *.exe
Volume in drive F is SUU743_117
Volume Serial Number is 442E-5D5D

Directory of F:\repository

[snip]

400 File(s) 5,490,684,272 bytes
0 Dir(s) 0 bytes free

Once I deleted these un-necessary files, I burned the remaining files (preserving the directory structure) to a DVD (a single layer DVD is now sufficient) with ImgBurn. There are more Windows files in other directories (for example, a Java runtime) but it isn’t necessary to delete those to get the size below the limit of a single layer DVD. Booting CDU and then switching to my modified SUU disc worked fine, and installed the few updates I was missing on my PowerEdge R710.

I don’t know why Dell doesn’t create separate SUU ISO images for Windows and Linux – it would cut people’s download times in half. Until they decide to do something, the above method should give you a usable SUU DVD.

Troubleshooting Catalyst 4948-10GE red status LED and no console output

This is not intended as a complete DIY. It requires equipment most of my readers won’t have, such as a hot air PCB rework station with magnifier. I am posting it to give you an idea of what is involved in the repair of these devices, and to provide info to any readers who do have the necessary equipment and just need to know the repair procedure.

I have been encountering more and more dead Catalyst 4948-10GE switches lately. These usually have a solid red Status LED and do not display any messages on the console when power is applied. This means that the switch did not make any progress at all in booting (one of the first steps in the boot process is to change the Status LED from red to orange). Catalyst 4948-10GE switches with this type of fault are frequently listed on eBay in the $250-$350 price range (usually marked “For parts or not working”). When troubleshooting these, the problem is often defective memory. Unfortunately, this memory is soldered to the circuit board in the switch, so it isn’t simply a matter of removing a faulty memory module and replacing it with a known good one. The old memory needs to be de-soldered and new memory soldered in, and you need to have a source for the obsolete memory chips needed for replacements.

These switches have 256MB of ECC memory, implemented via 5 32MB x 16-bit memory chips such as the Micron MT46V32M16-6T F. Three of the chips are located on the top side of the motherboard next to the power supply, and another two are located on the underside of the board (all images in this post can be clicked for a larger version):

Top side of board

Top side of board

Bottom side of board

Bottom side of board

In each of the boards I have repaired, the fault has always been in one of the bottom two chips. This makes sense as there is no airflow across the bottom of the board, so those chips are more likely to overheat than the ones on the top of the board. Cisco has announced an issue with an unspecified memory supplier (often rumored to be Micron), and the Catalyst 49xx family is on that list. However, the switches that I am seeing failures on are not on a Cisco support contract, and I haven’t read anything about Cisco fixing equipment not on a support contract for free, so I’ve been repairing them myself.

The first step is to remove the two existing memory chips from the underside of the board and clean and prepare the board for the new chips:

Memory removed

The next step is to solder the replacement chips into place:

New memory installed

Of course, you need to ensure that the chips are installed in the correct orientation (of course!) and that all pins are soldered to their respective pads (66 pins per chip) and that there are no shorts between pins. You also need to avoid damaging any of the neighboring components or the circuit board itself while doing this.

If all goes well, when you reinstall the board in the chassis and apply power, you will be greeted with the appropriate console messages and the switch will boot up normally. If not, remove the board and examine the area around the replaced chips under a magnifier to double check for bad connections or solder bridges.

2.5″ enterprise hard drives and power savings

I admit it – I used to have an unwarranted prejudice against 2.5″ enterprise hard drives, considering them “toy” drives, or at best suited for notebook use, or non-critical use in enterprise systems. I used WD Velociraptor drives on my Dell desktops (before I upgraded to SSDs), but that particular model was discontinued, and the WD web site has this discouraging note about the current models: “Models WD1000CHTZ, WD5000BHTZ and WD2500BHTZ are available on a build to order basis, contact your WD Sales representative for more information.” which I interpreted as “people aren’t buying these, but if you want a bazillion of ’em, we’ll restart the production line”. I also used WD 2.5″ drives as the operating system volume on my RAIDzilla II file servers, but the actual data volumes were built with 16 x 2TB 3.5″ drives.

However, in an attempt to reduce power consumption here, I decided to test 2.5″ enterprise drives as a replacement for identical-capacity 3.5″ drives, and the results were surprising (to me, at least). I upgraded one of my Dell PowerEdge R710 systems (gate.glaver.org, the system that is serving this web page that you’re reading) from 6 x 146GB 15K RPM 3.5″ SAS drives (ST3300657SS-H*) to 6 x 146GB 15K RPM 2.5″ SAS drives (ST9146852SS). All other components remained the same*. The drives are in a 5-drive RAID5 array controlled by a Dell PERC H700 controller, with the 6th drive being a dedicated hot spare.

Power consumption on this busy system dropped from 237W to 204W and became much more even (apparently, seeking on the 3.5″ drives consumes much more power than on the 2.5″ drives):

gate.glaver.org power consumption

Click the picture for a larger view

The PowerEdge R710 is already a pretty efficient system – this particular box has 2 x X5680 6-core Xeon CPUs, 48GB of registered ECC RAM, hardware RAID controller, etc.

Even more surprising was the discovery that disk I/O was still very fast, at well over 600MByte/sec:

(0:1) gate:~terry# dd if=/dev/mfid0 of=/dev/null bs=1m count=102400
102400+0 records in
102400+0 records out
107374182400 bytes transferred in 171.422439 secs (626371804 bytes/sec)

Based on this, I will certainly give serious consideration to using 2.5″ drives in future builds.

Seagate has announced 2.5″ enterprise drives with up to 2TB capacity (in both SAS and SATA variants). While that is lagging behind the announced capacity for 3.5″ drives (8TB at this time), you can fit a lot more 2.5″ drives in a given chassis. I expect to use one or two additional drive generations in my existing RAIDzilla II chassis (upgrading to 4TB drives at some point, and then in the future to 8TB or 10TB drives). After that, it will be time to design the RAIDzilla III.

* Yes, I know this is normally a 300GB drive. Seagate didn’t make a native 146GB drive in the Cheetah 15K.7 family, and the -H suffix indicates a half-capacity drive for OEMs who needed to match existing drive capacities.

* This is not a particularly easy conversion, as the Dell chassis for the R710 is not modular. However, various sellers on eBay are selling new or used 2.5″ chassis (part number 33P6Y). You can move just about all of the old components from the 3.5″ chassis over – the only item you will need (other than the actual 2.5″ drives and trays) are the appropriate cables from the drive backplane to the RAID controller. For a PERC H700, that is 2 x R145M mini-SAS cables.

A few more words of advice for used equipment sellers

Today I’m going to expand on the advice I provided in my earlier post, “A few words of advice for used equipment sellers“. Today I’m going to address the issues with “As-Is / Not Working / For Parts Only” listing types. These are terms used by eBay, but this advice also applies to anyone else selling equipment in this category.

In general, this type of item is offered by sellers at a lower price in the hope of recovering some money from a piece of equipment that is either not operating properly or is not able to be tested by the seller. Some sellers are very scrupulous about describing the equipment, providing lots of pictures and as much information as they know about the item. At the other end are sellers who use a stock photograph and product description, perhaps with some words like “Couldn’t power on – didn’t test.”

Any buyer who purchases items in this category is hoping to find a bargain by ending up with a piece of working equipment after performing minimal repairs. [There are probably people who buy this material for other purposes, such as scrap metal recovery, components for artwork, and so on, but I’ll leave those out of this discussion.] As such, you (as the seller) want to provide as much information as possible to potential buyers so you both end up with a good experience.

There are quite a few categories of “untested / not working”, and I’ll go through these from best to worst:

  • Unable to test / Not tested – this means that the seller lacks the ability to test the item, either because it is a sub-component of a larger device the seller does not have, lack of necessary cabling to connect it, or due to it requiring specialized test / calibration equipment. Items in this category are truly untested and may or may not work. This category should NOT be used for items that the seller did test, but were found to be non-operational. It should also NOT be used for equipment with obvious physical defects which would make the unit not fit for use.
  • Tested to power on only – this means the seller was able to apply power to the unit and it did something. Perhaps the seller lacked cabling or test equipment to perform further tests. Any observed behavior (patterns and colors of indicator lights, fans turning / not turning, unusual beeps or other noises, etc.) should be described in detail. Like the above category, it should not have any of the defects noted by NOT.
  • Tested, found defective – this means that the seller was able to perform further testing and determined that there was indeed a problem with the unit. The seller should clearly state the nature of the defect (to whatever extent they investigated), such as “no console output”, “Status light solid red”, “displays fatal error message”, and so forth. Again, any physical defects would bump this to a lower category.
  • Tested, found defective, investigated in depth – in this category, the seller has somewhat more knowledge of the device and has done further investigation. There might be concealed damage or the seller might have disassembled the unit to investigate further. Essential components may have been found to be missing. Any results of the investigation should be included in the listing, and the seller should return the unit to the condition as found (re-installing all components, including case screws, etc.) or note in the listing why this was not done.
  • Physical damage, repairable – the device has some sort of physical damage which renders it partially or completely unusable, such as damaged connectors, bent or broken components, etc. The damage should be described as completely as possible, preferably with good quality photographs of the damaged areas. Buyers should evaluate the usability of the device without using the damaged areas or their ability to repair the damage. Note that modern electronic equipment often uses surface-mount components on multi-layer circuit boards, meaning that the skills and equipment needed to perform the repairs are beyond the reach of most users.
  • Physical damage, non-repairable – the device has obvious physical damage which would prevent it from being repaired or being usable as a complete unit. Sometimes it may be possible to salvage components from the device (power supplies, faceplate, memory, etc.). The damage should be described as completely as possible, preferably with good quality photographs of the damaged and un-damaged components.

Now, I’d like to provide a few examples of actual listings that I’ve purchased, and what I’ve found. I am not naming any sellers here, since it is possible that they received the item from somewhere “up the food chain” and did not investigate it completely.

  1. Catalyst WS-C4948-10GE switch – Listing simply said “Being sold AS IS for Parts or Not working. Power on but no console. No return, No refunds. AS IS!!!“. The listing also included pictures of the device, including one which showed the status LED being red.

    When I received this unit, the first thing I did was open it up to make sure there were no loose parts inside. During this inspection I discovered that 12 of the 14 screws that hold the cover on were missing and that the memory battery backup battery had been ripped off the main board (and was nowhere to be found inside the chassis). I also found that all of the screws holding the main board to the chassis were loose (but at least they were all present). Based on this, I determined that someone had been inside the unit already and had diagnosed it at least as far as removing the main board.

    I contacted the seller and they said they received it that way from the company that was using it, and the company ripped the battery off to erase the config because they were “security conscious”.

    Soldering in a new battery was not sufficient to get the switch working. I suspected the problem might be due to defective memory components soldered onto the main board, as described in this Cisco Field Notice. I ordered a tray of memory chips from a specialist in obsolete components (they are long-discontinued DDR333 parts) and replaced the two chips on the underside of the board. Since the ones on the bottom were made by Micron and the 3 on the top were from Samsung, I guessed (correctly, as it turned out) that the fault was in the Micron ones.

    After reinstalling the main board in the chassis and powering the switch up, I was greeted with the normal startup messages on the console*. After enabling priv mode in ROMMON, I tested the memory for an hour or so and it passed without errors. I then updated the ROMMON and IOS to the latest versions and gave the switch a 72-hour burn-in test, which it passed. Not bad for $255 plus another $10 in replacement memory chips and an hour or so’s work.

    * To my amusement, it appears that the battery on this switch is only used to maintain the date/time, not power the configuration memory. When the switch booted up after I repaired it, it put up a full-page banner with dire warnings about accessing the network without authorization, part of the saved config file that it had retained the whole while.

  2. More items to be added as I purchase them.

Ghost Like Sun – The IUMA Demos (CD)

Update: The second Ghost Like Sun album, Human Satellite, is now available right here, on this blog.

A long time ago, at the very dawn of the web, the Internet Underground Music Archive (IUMA) was born. It was designed to allow unsigned artists to post their music for listening, downloading, and comments. Rather like soundcloud.com is today. As time went on, IUMA was purchased by a succession of companies, eventually vanishing in 2006.

I happened to click on a random artist while browsing that early web on a VAXstation 3100 using NCSA Mosaic and happened to like what I heard. That band was Ghost Like Sun (Internet Archive copy). I ended up having an extended correspondence with the guitarist, Leigh Newsome, and bought their first (and only) album, Loud as Light. There was going to be a second album, but as far as I know, it was never released. Eventually the Ghost Like Sun web site followed IUMA into the digital dustbin. The domain is now parked in Japan.

When listiening to Loud as Light in the car this past weekend, I said to myself “I wonder what ever happened to the IUMA demos I downloaded all those years ago”. Well, this is what happened to them:

Z:\Terry\Music>dir *.mp2
Volume in drive Z is data
Volume Serial Number is 10B3-C748

Directory of Z:\Terry\Music

10/30/1997 06:13 AM 7,105,100 victoria.mp2
05/03/1997 12:42 AM 5,229,924 Sign_Of_One.mp2
05/03/1997 12:53 AM 3,353,952 Sorrow.mp2
05/03/1997 12:50 AM 9,309,920 The_Wheel.mp2
4 File(s) 24,998,896 bytes
0 Dir(s) 6,679,371,872,256 bytes free

They’re in MP2 format, which is as ancient as the web itself. I visited the Internet Archive’s IUMA collection, but the songs had been converted to low-resolution MP3 files and “Sorrow” was missing completely. I decided to convert my copies into a modern format, and via a number of conversion programs they were re-sampled, gain-adjusted, and burned to an audio CD, which I am making available for your listening pleasure here (150MB Zip file containing .bin/.cue suitable for use with burning utilities like ImgBurn).

Of course, if you don’t care about having these on high-quality CD, you can get 3 of the 4 songs from the Internet Archive (link above).

Note: As these are simply converted versions of material freely available at the Internet Archive, I don’t see any issues with making them available here. If anyone from Ghost Like Sun objects, simply drop me a line (see the “Contact Info” in the “LINKS” section to the right of this post). Of course, that means I’m going to ask you where the second album went, etc.

IPv4Scan.com – scan or scam?

One of my occasional consulting customers called me in a panic because all of their HP printers printed out the same page at the same time:

GET http://ipv4scan.com/hello/check.txt HTTP/1.1
Host: ipv4scan.com
Accept-Encoding: gzip, deflate, compress
Accept: */*
User-Agent: IPv4Scan (+http://ipv4scan.com)

Now, I have nothing against most network measurement bots. Most are useful, and the rest are usually well-intentioned, even if they are counterproductive. The one thing these have in common is that they have a page that tells you what they’re doing, why they’re doing it, and who to contact if you have further questions.

The http://IPv4Scan.com page does none of those:

Screen capture

There is no contact information provided on the page, there is no statement of how the data is being used (other than that it is “not for sale, rental or release”). The web page source does not contain any useful contact information, either. So they’re collecting this data for their own, unspecified, purposes.

Ok, maybe it is legit, just with a spectacularly bad public relations campaign. Let’s look and see who is behind this:

(0:115) host:~terry# jwhois ipv4scan.com
[whois.internet.bs]
Domain Name: IPV4SCAN.COM
Registry Domain ID: 1824307886_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.internet.bs
Registrar URL: http://www.internetbs.net
Updated Date: 2013-08-30T10:37:11Z
Creation Date: 2013-08-30T10:21:44Z
Registrar Registration Expiration Date: 2014-08-30T10:21:44Z
Registrar: Internet.bs Corp.
Registrar IANA ID: 814
Registrar Abuse Contact Email: abuse@internet.bs
Registrar Abuse Contact Phone:
Reseller:
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Domain Administrator
Registrant Organization: Fundacion Private Whois
Registrant Street: Attn: ipv4scan.com, Aptds. 0850-00056
Registrant City: Panama
Registrant State/Province:
Registrant Postal Code: Zona 15
Registrant Country: PA
Registrant Phone: +507.65967959
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 5230a6158jiing35@5225b4d0pi3627q9.privatewhois.net
Registry Admin ID:
Admin Name: Domain Administrator
Admin Organization: Fundacion Private Whois
Admin Street: Attn: ipv4scan.com, Aptds. 0850-00056
Admin City: Panama
Admin State/Province:
Admin Postal Code: Zona 15
Admin Country: PA
Admin Phone: +507.65967959
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 5230a6157t3qutyb@5225b4d0pi3627q9.privatewhois.net
Registry Tech ID:
Tech Name: Domain Administrator
Tech Organization: Fundacion Private Whois
Tech Street: Attn: ipv4scan.com, Aptds. 0850-00056
Tech City: Panama
Tech State/Province:
Tech Postal Code: Zona 15
Tech Country: PA
Tech Phone: +507.65967959
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 5230a615n285uy95@5225b4d0pi3627q9.privatewhois.net
Name Server: ns-canada.topdns.com
Name Server: ns-usa.topdns.com
Name Server: ns-uk.topdns.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2014-04-29T05:00:41Z <<<

Ok, so they're hiding behind a privacy service, but seem to be located in Panama. Let's see if the IP address they're using matches:

(0:116) host:~terry# host ipv4scan.com
ipv4scan.com has address 93.174.93.51
ipv4scan.com mail is handled by 5 smtp09.topdns.com.
ipv4scan.com mail is handled by 5 smtp01.topdns.com.
(0:117) host:~terry# jwhois 93.174.93.51
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '93.174.93.0 - 93.174.93.255'

% Abuse contact for '93.174.93.0 - 93.174.93.255' is 'admin@ecatel.net'

inetnum: 93.174.93.0 - 93.174.93.255
netname: NL-ECATEL
descr: ECATEL LTD
descr: Dedicated servers
descr: http://www.ecatel.net/
country: NL
admin-c: EL25-RIPE
tech-c: EL25-RIPE
status: ASSIGNED PA
mnt-by: ECATEL-MNT
mnt-lower: ECATEL-MNT
mnt-routes: ECATEL-MNT
source: RIPE # Filtered

role: Ecatel LTD
address: P.O.Box 19533
address: 2521 CA The Hague
address: Netherlands
abuse-mailbox: abuse@ecatel.info
remarks: ----------------------------------------------------
remarks: ECATEL LTD
remarks: Dedicated and Co-location hosting services
remarks: ----------------------------------------------------
remarks: for abuse complaints : abuse@ecatel.info
remarks: for any other questions : info@ecatel.info
remarks: ----------------------------------------------------
admin-c: EL25-RIPE
tech-c: EL25-RIPE
nic-hdl: EL25-RIPE
mnt-by: ECATEL-MNT
source: RIPE # Filtered

% Information related to '93.174.88.0/21AS29073'

route: 93.174.88.0/21
descr: AS29073, Route object
origin: AS29073
mnt-by: ECATEL-MNT
source: RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.72 (DBC-WHOIS3)

So, they're using an IP address allocated to Ecatel in the Netherlands. Not exactly close to Panama, is it? Let's see if that address is actually in the Netherlands:

(0:118) host:~terry# traceroute ipv4scan.com
traceroute to ipv4scan.com (93.174.93.51), 64 hops max, 52 byte packets
[snip]
8 be2094.ccr21.bos01.atlas.cogentco.com (154.54.30.14) 20.530 ms
be2097.ccr22.bos01.atlas.cogentco.com (154.54.30.118) 19.664 ms
be2095.ccr21.bos01.atlas.cogentco.com (154.54.30.38) 20.657 ms
9 be2387.ccr22.lpl01.atlas.cogentco.com (154.54.44.166) 85.582 ms 85.667 ms
be2386.ccr21.lpl01.atlas.cogentco.com (154.54.44.162) 85.388 ms
10 be2183.ccr42.ams03.atlas.cogentco.com (154.54.58.70) 95.882 ms
be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245) 95.035 ms
be2183.ccr42.ams03.atlas.cogentco.com (154.54.58.70) 97.517 ms
11 be2311.ccr21.ams04.atlas.cogentco.com (154.54.74.90) 130.510 ms
be2312.ccr21.ams04.atlas.cogentco.com (154.54.74.94) 94.574 ms
be2311.ccr21.ams04.atlas.cogentco.com (154.54.74.90) 101.849 ms
12 149.11.38.179 (149.11.38.179) 101.548 ms 118.302 ms 102.141 ms
13 server.anonymous-hosting-service.com (93.174.93.51) 98.234 ms 97.335 ms 96.958 ms

Ok, the server is in Amsterdam, Netherlands. But hiding behind anonymous-hosting-service.com seems suspicious. Let's see where they are:

(0:119) host:~terry# jwhois anonymous-hosting-service.com
[Querying whois.verisign-grs.com]
[Redirected to whois.onlinenic.com]
[Querying whois.onlinenic.com]
[whois.onlinenic.com]

Domain Name: anonymous-hosting-service.com
Registry Domain ID:
Registrar WHOIS Server: whois.onlinenic.com
Registrar URL: http://www.onlinenic.com
Updated Date: 2014-04-06 03:14:38
Creation Date: 2009-09-08
Registrar Registration Expiration Date: 2015-09-08
Registrar: Onlinenic Inc
Registrar IANA ID: 82
Registrar Abuse Contact Email: onlinenic-enduser@onlinenic.com
Registrar Abuse Contact Phone: +1.5107698492
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Laura Yun
Registrant Organization: Vindo International Ltd.
Registrant Street: Oliaji TradeCenter - 1st floor
Registrant City: Victoria
Registrant State/Province: Mahe
Registrant Postal Code: 5567
Registrant Country: SC
Registrant Phone: +248.6629012
Registrant Phone Ext:
Registrant Fax: +248.24822575500
Registrant Fax Ext:
Registrant Email: anonymous.client@vindohosting.com
Registry Admin ID:
Admin Name: Laura Yun
Admin Organization: Vindo International Ltd.
Admin Street: Oliaji TradeCenter - 1st floor
Admin City: Victoria
Admin State/Province: Mahe
Admin Postal Code: 5567
Admin Country: SC
Admin Phone: +248.6629012
Admin Phone Ext:
Admin Fax: +248.24822575500
Admin Fax Ext:
Admin Email: anonymous.client@vindohosting.com
Registry Tech ID:
Tech Name: Laura Yun
Tech Organization: Vindo International Ltd.
Tech Street: Oliaji TradeCenter - 1st floor
Tech City: Victoria
Tech State/Province: Mahe
Tech Postal Code: 5567
Tech Country: SC
Tech Phone: +248.6629012
Tech Phone Ext:
Tech Fax: +248.24822575500
Tech Fax Ext:
Tech Email: anonymous.client@vindohosting.com
Name Server: ns1.anonymous-hosting-service.com
Name Server: ns2.anonymous-hosting-service.com
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2014-04-06 03:14:38 <<<

Well, this is definitely fishy. No legitimate survey would be hiding behind so many levels of indirection.

I used the site's form to "opt out" 0.0.0.0/1 with an email address requesting they contact me about their project. I've also sent email to the abuse contacts shown above, pointing them to this blog entry, in the hope that they can get some sort of explanation from their customer.

In the meantime, you may want to fine-tune your firewall rules to prevent this type of probe. That would (at a minimum) include blocking all outside connection attempts on ports 80 (http) and 443 (https) to anything on your network that is not intended to be a public web server. I cannot recommend using their opt-out form as there is no indication of what they do with the information. For all I know, it has the same effect as sending "unsubscribe" in response to a spam email - it just targets you for more spam.

If I receive any information from my inquiries, I'll update this blog entry accordingly.

Does your bank care about online security? Mine (Citibank) doesn’t…

Updated July 16th to document further idiocy – see the bottom of this post.

Today provided yet another indication that Citibank (and by extension, MasterCard) have absolutely no clue about online security, and past events have shown that they simply don’t care.

As background, I’m sure you remember all the warnings your bank / credit card company gave you about never giving out information to unknown entities, to always make sure that the name of the bank / credit card company is in the URL, and so forth. It sure would be nice if they’d take their own advice…

Today’s experience was triggered by an order on newegg.com. After clicking on the “confirm order” button, I was told that I might be redirected to my bank’s web site to confirm the order. So far so good – I’ve had experiences in the past where every single Newegg order caused my card to be flagged for fraud. But then I was greeted with a web page claiming to be “MasterCard SecureCode”, but with a URL showing “securesuite.net”, which demanded a bunch of sensitive info, including the last 4 digits of my SSN and my billing Zip Code. What the heck? Looks like an obvious phishing site. I let the page sit there while I contacted Citibank MasterCard. The agent said that it was obviously a fake and that I should never enter any info into an online form like that (a statement I strongly agree with). I clicked the “cancel” button and figured that I’d just place my order somewhere else. However, Newegg told me my order had been placed successfully and subsequently sent me an email letting me know that my credit card had been charged.

I then decided to investigate what this “securesuite.net” site was. There aren’t many useful search engine hits, but there is history going back at least seven years, all of which points out the confusing nature of that site. For example:

For an actual scholarly paper about this problem, I suggest reading “Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication“.

If you browse to https://www.securesuite.net, you get (as of this writing) a blank page – it doesn’t even return any HTML headers. If by some chance you happen to find https://www.securesuite.net/csi/docs/contact_support.jsp, you’ll find a singularly uninformative page which contains such gems as “Call us at your Financial Institution’s support phone.” To be fair, that may just be a generic page not intended to be shown to users.

The main point is that after telling us to never trust unknown web sites, the banks and credit card companies are sending people to just those sorts of sites. Talk about mixed messages!

Compounding this, if you do get a call from the Citibank Fraud Department, it will show up as “Unavailable” or “Private” in Caller ID. While it’s true that Caller ID is easily faked, I’d be more inclined to answer the phone if it didn’t look like a random telemarketing call. For added security, that automated call could simply say “This is a fraud warning about your Citi MasterCard ending in 1234. Please call the number on the back of your card immediately.”

This is not a new problem – I’ve been reporting Citibank’s own email to their anti-phishing department becase my mail server (correctly) flags it as fraudulent due to forged headers. In particular, they like to send out email with the subject “Important information regarding your statement”. It is actually just a canned solicitation to switch to online billing, not “Important information”. But Citibank doesn’t send it themselves – instead, they use companies called bigfootinteractive.com and epsiloninteractive.com. As I said in my unacknowledged complaints to Citibank, “Imagine you got an email claiming to be from the IRS entitled “Important information about your tax return”, where the email was sent from a Yahoo account through a GMail account to you. Wouldn’t you be suspicious? You’re doing the exact same thing with the mail you send out.”

These companies should require the use of their own domains and SSL certificates rather than apparently-unassociated third parties, or at least correct information when users call them and ask if the third-party site is legitimate.

It’s a sad day when I have to admit that PayPal does a much better job with this sort of thing than Citibank does.

This total disregard for security isn’t just in their online communications, either. Citibank started sending me unsolicited “balance transfer” checks in the mail, despite my having gotten them to stop some years ago. I had to call yet again and have my account flagged to not receive them. I said to the phone rep “Who in this day and age thinks sending blank checks in the mail is a good idea?” and she agreed with me. She apparently gets lots of calls about this.

Update as of July 16th:

As I wrote yesterday, I canceled the “MasterCard SecureCode” window and Newegg apparently processed my order, notifying me that they’d received the order and later that it had been successfully charged to my credit card. That’s where things were at the time I wrote the above post.

Last night I received email from Newegg telling me that my order had shipped and tracking information was available, and that I could expect to receive the order on the 17th. That’s excellent service, considering that I had used the “free 4-5 day shipping” option. I figured everything was all set. Little did I know…

Today at 6:37 PM (note that this is at least 12 hours after my Newegg order shipped – talk about “locking the barn door…”) I get the usual “Unavailable” Caller ID phone call from the Citibank Fraud “Early” Warning Department, telling me that my card has been frozen and asking me to confirm that my Newegg purchase was legitimate (oddly, they had no problem with my Amazon purchase later that same day). I told the agent it was, and explained that I’d received the phony-looking SecureCode page and after contacting the same department she was calling me from, who told me it was bogus and to never provide information on that sort of suspicious page, I clicked “cancel”.

The agent proceeded to tell me how important the SecureCode was. She was unable or unwilling (perhaps due to the “script” they’re required to work from) to understand that her department was the one who told me to never provide that information. We went around in circles for about 10 minutes as I tried to get her to understand that, and also to get the point across that they are the ones who say to never provide information to an untrusted 3rd party.

It’s easy enough to dismiss this as “somebody else’s problem”, but the banks, card companies and merchants are covering the losses they incur due to their own stupidity by charging everybody a little more. So it’s everybody’s problem – I just wish the bank could see that it is a problem entirely of their own making.