Is it really that long?

It seems like only a few months ago since I signed up to use an online service, but it was years before “the internet” as we know it today. CIX predates the lot! In fact, the first widely accessible “public” internet access available to UK consumers, a dial-up service offered by Demon Systems, was conceived and planned in part in discussion groups on CIX, and was set in motion only after a working number of potential customers had been recruited mostly amongst the CIX userbase.

This week, CIX has a new owner! I’m not going into details cos Wendy Grossman has already waxed lyrical – follow this link to her article.

If you want to ask me why I’ve stayed so long and why I still think it represents one of the best resources on the modern internet despite being a little antiquated (though I daresay this will now change) ask me here..

The tube in detail.

If you’re even remotely geeky about trains and railway networks, this is worth a look. It’s a “geographical” map of the London tube network, it includes all current lines and stations, but also all historical lines, stations, part-built stations, etc., and it shows sidings and train yards, etc.  It’s geographically accurate, it shows where the lines actually run, including where they cross each other (e.g. the diving pass the Victoria line makes just south of Warren Street), the turning loop at Kennington, the way the platforms are staggered at Picadilly…

Just as much a work of art as the “traditional” tube map is often regarded.


Bank website security starts with the banks!

Copy of an email I just sent…

Dear Barnsley Building Society.

I received an email (see below). Clearly a phishing attempt, I thought, as it contains a clickable link. No sensible email from a bank or building society would contain a clickable link.

Trouble is, it looks like a real link.
Tell me you’re not sending out emails with clickable links in. Have you heard of “phishing”?

Oh noes! We’re all going to glow in the dark. Or not…

Perhaps not, actually.  What’s really going on in those Japanese nuclear power stations?


Here is a post with actual *facts* instead of just scare-mongering paper-selling headlines.

Exchange Server FQDN setting

As ISP servers are having to be made harder and harder to reject spam, more and more people are finding that badly configured systems start to have their mail rejected.

A very common fault is failing to set the name that a Microsoft Exchange Server uses when it initiates an SMTP conversation across the internet. The HELO parameter of a conversation used to be logged and ignored but these days it’s very common indeed for servers to check the parameter makes sense.  One of the things they will do is check that the name can be looked up on DNS.

If you don’t tell your Exchange Server what name to use, it’ll make one up using it’s own name and your local network name. Commonly, this will be something like mailserver.fredbloggs.local . Microsoft have long recommended using a .local domain name for internal networks and this is one of the results. Sadly, a .local name means nothing to the rest of the internet (that’s why you use it) but this means you have to provide the “Glue” by which external (i.e. anyone outside your network) servers use to confirm you are you.

It’s a simple configuration change you should only ever need to make once, and it won’t affect how your server behaves within your local network. It just changes how your server introduces itself to other people’s servers when it connects to them to try to send emails.

  • Start ESM
  • Go to Servers -> Protocols
  • Select Default SMTP Virtual Server Properties
  • Go to Delivery tab
  • Click Advanced Button
  • Fully Qualified Domain Name – put what the outside DNS hostname is here – e.g.
  • Restart SMTP Service.

NOTE that you should try to ensure that the “reverseDNS” for the public IP address of your mail server matches this too. At the moment its common to check that there IS an IP address for the name given, in future it will be more common to check that this IP address is the SAME as the IP address from which the connection is originating. SO if you can’t get your ISP to change your ReverseDNS entry to match, then it may be necessary to find what they DO give as your ReverseDNS (e.g. and make your FQDN match that.

A message from the Harriers

A flypast of #10 by a flight of  Harriers to commemorate the passing of the marque.

OK, I don’t believe a word of it but hey, stranger stuff happens at sea. Esp when you don’t have fighter cover…

LoveFilm meets Load Balancing

Having recently aquired a TV capable of accessing on-line resources, we thought we’d have a go at using it to watch a film from LoveFilm’s service. We already subscribe to rent DVDs and BluRays from them so a large portion of their library is available to us online as well. We’ve never bothered in the past, as watching a film on the laptop isn’t my idea of fun.  But now it’s a few clicks to watch it on our main telly…

It was easy enough to register the TV against our account so that we can pick a film from the on-screen list which is propagated from the ones our account entitles us to access! That required a laptop connection to LoveFilm’s site of course but now that’s done, we can do the rest from the telly.

So we quickly settled on a film to watch and within seconds,  we were watching a ten second “test” film which just demonstrates the conneciton is working OK. Then it  loads the film and off we go…

… for about half an hour, then it stops and says “Network Down”.  It isn’t. Suspecting an online backup running on the office computer might be causing an issue, I go and stop that, whilst Liz re-starts the film and finds where we’d got to. And it’s fine for ten minutes then…

… off it goes again.

Now we live in the sticks and will never get 24mbits broadband which your average council house dweller deems essential and insists should only cost a fiver a month. But we get a pretty good 2mbits, and it almost never goes down. I checked the router recently and it had been online for over a year. And, in fact, we have two such connections to the house with different networks behind them, as it’s essential for the business. So I know we’re not short of bandwidth and that the connection is not dropping.

After twenty minutes more of re-starting the film I finally set the sniffers on it to see what was going on. The “help” on LoveFilm’s website is all aimed at a very low level and the information to solve the problem just isn’t available.

But solve it I did. So lest you find yourself in the same predicament, read on.

As I mentioned, we have a dual WAN connection. We use a Sonicwall firewall which has dual WAN connections, and one DSL link is connected to each port. The system can be st up in a number of ways but we have it set to share the workload out evenly across the two links.  Should either link fail, the other will take up the entire load until the first is fixed.

Some services are not happy being “split” like this and the Sonicwall has tools to cope. It also has connection monitoring tools so I was able to work out WHAT the LF service was doing.

LF doesn’t stream the film. Rather, every three or four minutes, it connects to a server and downloads the next segment of the film. I say “a” server because it doesn’t use just one. Each time it connects, it picks one presumably via round-robin DNS or similar. So each “chunk” of the film can, and clearly does, come from a different server.  The port used is 443, so there’s no way for the firewall to recognise this access as other than an HTTPS connection.  And when the film fails, I see zero bytes returned from the server. So my assumption is that the LF system doesn’t like the request for the next film chunk coming from a different IP address. Rather than logging in each time and confirming I’m still entitled to be accessing the server and asking for a section of the film, it’s just remembering the IP address I came from for the previous segment, and if I appear from a different IP address, it just ignores me. The time taken between the requests, and the fact that the requests are sent to *different* LF servers each time, means that the Sonicwall doesn’t recognise them as part of the same “service”, if it did, it would’ve automatically tried to keep each request on the same WAN port.

So I set the Sonicwall up to allow the TV to use just the first WAN connection, and never to “split” the traffic from the TV over the two networks. Since then, the film has run smoothly!!

I note this operating method doesn’t apply to all services. BBC’s “iPlayer” opens to channels to a server and holds them open whilst the program plays. This would’ve worked fine, as once open the IP connection stays on the same WAN port!

So – in summary – if you have a dual-WAN network and you want to watch films using LoveFilm’s on-line service, you will need to set your load balance system up to connect you via just ONE fixed WAN port. If you don’t know how, speak to the supplier of your load balance equipment.  And if you’re trying to watch on your laptop or office computer, you may find your company IT dept are not interested!

Sprouts on!

Look, it’s WAY too late to be making the Christmas Pudding for Christmas 2010. Seriously. My recipe takes 12 months minimum to mature, 18 to 24 for best results.

SO if you’re bored this weekend, it’s a good time to make next year’s puddings.

Details on Mac’s most excellent Nibblous site, click here.


Domain scam

Another company has started playing the game of sending you a “renewal” invoice for your domain when your domain is NOT registered with them. This one comes by email to the domain admin and the hyperlink it gives you for payment is “”. Don’t give these people any money. Contact the company through which you HAVE registered the domain and check it’s being renewed OK.

The good news for Wizards customrs is we lock your domain to prevent it being hijacked so your domain won’t move, but you might still be out $75.


OMG I’m rich!

I have an account with a certain building society, who have merged with this, bought that, and shagged the other, and are now standardising their Ts and Cs.

And so I have here an email saying that there is “good news” about my account.

Colour me sceptical but I didn’t rush to spend the riches.

Reading carefully, I now find that the reaosn they are emailing me is to tell me that whereas previously, had I made a withdrawel from the account, I would have been credited with interest up to the daybefore, I will in future be credit with interest on the funds up to the day of the transaction.

So until the day I can afford to stash a couple of billion quid with them, that makes a difference of… oh, let’s say (taps calculator) less than the money I could’ve earned in the time it took me to read their flippin’ email!!