How to register a Kindle DX in 2018

I recently repaired a Kindle DX for a friend. As part of that, I reset it to factory defaults. When I went to register it so it would connect to his Amazon Account, I received the following error:

Your Kindle is unable to connect at this time. Please try again later. If the problem persists, please restart your Kindle from the menu in Settings and try again.

I confirmed the Kindle was running the latest software. Some chatter on the Internet suggested Amazon had disabled (re)registration for older Kindles, but that turned out to be a bug that Amazon had already fixed.

Restarting didn’t fix the problem. Turning wireless on and off didn’t fix the problem. Downloading a free book didn’t fix the problem. Wireless was definitely working — I could browse the Kindle store.

I called Amazon support. They suggested changing the password. That didn’t work. The rep tried deregistering the Kindle and then manually re-adding it to my friend’s account. That didn’t work.

He promised a callback three days later (today). The callback never came.

I called Amazon support again. I explained the situation and asked for an update. The support representatives were anti-helpful. They suggested a factory reset (that’s what got me in to this situation in the first place). I asked for a manager. Twice. Neither supervisor was helpful. One offered me 15% off a new Kindle, which I did not want. The reps would not divulge a case number or ticket number. I eventually was told by “Dorothy” that “Murray” was the person I spoke to on Sunday and he’d call me back.

During the 45-minute call, I did some additional research. It turns out that in addition to updating the Kindle to 2.5.8, you need to install the Kindle Services Update. (See Kindle DX Software Updates.) You can do so via USB from your Mac or PC. (See Transfer & Install Software Updates Manually.)

  1. Download the Kindle Services Update
  2. Copy the update-caupdate-05.bin to the root level of your Kindle
  3. Disconnect your Mac from the Kindle
  4. From Home, press the Menu button, and then select Settings.
  5. Press the Menu button, and then select Update Your Kindle.
  6. Select OK.
  7. Wait for your Kindle to update and restart.

Assuming it’s listed in your Amazon account, your Kindle will automatically reregister itself. If not, register the device manually.

So what is this additional update? A new set of security certificates.

Problems

  • The Kindle gives a generic “unable to connect” error. Nothing about the error message indicates it was problem with certificates. The corrective action it suggested (wait, restart) will fail 100% of the time.
  • Instead of releasing a 2.5.9 update, Amazon released this as a supplemental update. This makes it hard for users to know if the update is installed.
  • Amazon support staff are exceptionally poorly trained and didn’t think to check if I had installed the CA Update.

Using a Dell DRAC5 with a modern browser and OS

The DRAC5 is a remote access card, letting you control a server such as the PowerEdge 300. With it, you can simulate physical access to the machine, viewing the screen on boot, entering commands and cycling power.

Unfortunately, Dell has neglected this aging product. Trying to use it today will lead to errors in modern browsers and Java implementations. Fortunately, they can be worked around.

Clear space on the DRAC5

Before getting started, we want to ensure there is sufficient free space on the remote access card. If there is not sufficient space, the card will fail in strange ways (such as the web interface not loading).

Log in to the remote access card using SSH. Clear the logs:

racadm clrraclog

Restart the device:

racadm racreset

Update the DRAC5 firmware

Download version 1.65 of the firmware. Get the “hard drive” update package. If you’re on a Mac or Linux, you can decompress the .exe with the unzip command:

unzip f_drac5v165_A00.exe

You’ll get one file: firmimg.d5.

  1. Go to the web interface for your DRAC5.
  2. Enter your username and password. Click OK.
  3. On the left-hand side menu, click Remote Access.
  4. Click Choose File. Select firmimg.d5.
  5. Click Update.
  6. Wait for the update to complete and the DRAC card to reboot.

Install a TLS (SSL) certificate

Before you can install a certificate, you need to create a Certificate Signing Request (CSR). By default the Dell DRAC5 uses short, less secure keys for its certificates. This can be fixed with a CLI command.

Log in to the DRAC5 using SSH. Run the following:

racadm config -g cfgRacSecurity -o cfgRacSecCsrKeySize 2048

You should see:

Object value modified successfully

Now, let’s generate CSR and obtain and install the certificate:

  1. Go to the web interface for your DRAC5.
  2. Enter your username and password.Click OK
  3. On the left-hand side menu, click Remote Access.
  4. Click the Configuration tab
  5. Click SSL.
  6. “Generate a New Certificate Signing Request (CSR)” will be selected. Click Next.
  7. Fill out the form and click Generate.
  8. A file named csr.txt will download. Open it up. It will start with -----BEGIN CERTIFICATE REQUEST-----. Ensure the next line starts with MIIC, indicating a 2048-bit key. (If it starts with MIIB, you have a 1024-bit key, and need to run the racadm config command again.)
  9. Go to sslforfree.com. This will let you get a certificate using Let’s Encrypt without having to run your own website.
  10. Enter the hostname of your DRAC5 card. Click Create Free SSL Certificate.
  11. Click Manual Verification (DNS).
  12. Click Manually Verify Domain.
  13. Add the TXT record they specify.
  14. Verify the TXT record.
  15. Check the “I Have My Own CSR” box.
  16. Read the warning and click OK.
  17. Paste the contents of csr.txt in to the text field.
  18. Click “Download SSL Certificate.”
  19. Click “Download All SSL Certificate Files.” A file named sslforfree.zip will be downloaded.
  20. Create an account to get reminded by SSLForFree when the certificate expires (in 90 days).
  21. Unzip sslfofree.zip. You’ll see three files:

    private.key
    ca_bundle.crt
    certificate.crt

  22. Repeat steps 1-5 above.
  23. Click Upload Server Certificate. Click Next.
  24. Click Choose File. Select certificate.crt.
  25. Click Apply. You should see:

    The certificate was uploaded successfully. The DRAC will now reset and the browser will close. Wait for a few minutes before logging back into the DRAC

  26. Click OK.
  27. Wait for DRAC card to reboot.

Downgrade Java security to allow remote access

Modern Java implementations disable older encryption algorithms. Unfortunately, because the DRAC5 does not support modern encryption, you need to manually enable these older method to use the DRAC5 remote console.

To do this, you need to edit the java.security text file. Its location will vary depending on which version of Java you have installed.

On macOS, you will find it in Internet Plug-Ins:

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/java.security
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/conf/security/java.security

The path will vary depending on your version of Java. Java 9.0.4+11 uses conf/security/java.security.

Edit this file. Comment out two lines (add a # at the beginning)

Change:

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, DES40_CBC, RC4_40

To:

#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
# EC keySize < 224, DES40_CBC, RC4_40

Change:

jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

To:

#jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
# RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

Remember to uncomment those lines when you’re done with the DRAC5 remote console.

Access remote console

  1. Go to the web interface for your DRAC5.
  2. Enter your username and password. Click OK.
  3. Click the Console tab.
  4. Click Connect. A file named vkvm.jnlp will download.
  5. In Terminal, type javaws vkvm.jnlp.

HOWTO register for a Verizon online account for your business land line

TLDR: Be sure to enter only the first 13 digits of your 16-digit account number. Use hyphens when entering the phone number.

I recently had to register for a verizon.com account for the Verizon account for our landline. This process was more difficult and took way longer than it should have, due to:

  • poor website usability
  • poor staff training

Registration process overview

You go Verizon’s website. You confirm your email is valid. You show ownership of the account by entering the account’s phone number, account number and zip code.

  1. Go to verizon.com/mybusiness, which redirects you to https://business.verizon.com/MyBusinessAccount/?CMP=DMC-SMP_S_ZZ_ZZ_E_BM_N_X00007:
  2. Click Register. You’ll see the following:
  3. Enter your phone number and zip code, using the format 718-555-1212. Click Continue.

    If you use 718 555 1212, it gets rejected with a misleading error (“The information you entered does not match the information we have on file”), and both the phone number and zip code are erased:

  4. Once that’s done, you’re prompted to enter your account number.

    At the top of your bill, you’ll see your phone number (718-555-1212) and your account number (718 555 1212 678 90 1). You may be tempted to enter the entire 16-digit account number. The text field will let you do so (it lacks a maxlength attribute). If you do that, registration will fail with a generic “information does not match” error.

After trying and failing to register multiple times with different browsers (using standard and incognito windows) and failing, I reached out to Verizon for help.

I tried:

  • DMing @VZWSupport on Twitter. Turns out that is Verizon wireless support.
  • DMing @VerizonSupport. They bounced me to chat support.
  • Chat support. Gets my account number. Doesn’t mention the length issue. Asks many irrelevant questions.
  • Phone support. Called. Spoke to a rep who solved the problem in three minutes. Thanked her. Thanked her to her manager. Had a nice conversation with her manager about how broken this process is.

Verzion: if you’re reading this: follow Postel’s law: (“Be liberal in what you accept, and conservative in what you send”). Writing 10 lines of code to allow phone numbers (regardless of formatting) and account numbers (regardless of length) will save you hundreds of thousands a year in support costs.

FiveThirtyEight podcasts are now embeddable

Sample code:

<iframe frameborder="0" width="100%" height="300"
style="margin:20px auto 25px;max-width:600px;" scrolling="no" 
src="https://fivethirtyeight.com/player/politics/19439447/"></iframe>

Sample embed:

Fixing git-svn on OS X El Capitan

When you install a new version of Mac OS X, git svn breaks. This happened with Mountain Lion and Mavericks, it happened with Yosemite. It happens again with El Capitan.

Unfortunately, the old solutions no longer work due to El Capitan’s System Integrity Protection:

$ sudo ln -s /Applications/Xcode.app/Contents/Developer/Library/Perl/5.18/darwin-thread-multi-2level/SVN /System/Library/Perl/Extras/5.18/SVN
ln: /System/Library/Perl/Extras/5.18/SVN: Operation not permitted

While you can disable SIP, that’s unnecessary in this case.

Here’s how you get git-svn working:

sudo mkdir /Library/Perl/5.18/auto
sudo ln -s /Applications/Xcode.app/Contents/Developer/Library/Perl/5.18/darwin-thread-multi-2level/SVN /Library/Perl/5.18/darwin-thread-multi-2level
sudo ln -s /Applications/Xcode.app/Contents/Developer/Library/Perl/5.18/darwin-thread-multi-2level/auto/SVN /Library/Perl/5.18/auto/

You can’t write to /System, but you can still write to /Library.

Talking to the MTA is like talking to a brick wall

Last week, I was on a cold train. A really cold train.

I sent the MTA a note about it. To make this complaint actionable, I gave them the train line, approximate time and car number.

It is way too cold on trains. Please turn off the AC.

I was on a southbound 2/3 train. I got off at Borough Hall around 7:20. I was in car 1383.

They sent me an automated reply:

Your email has been received. You will receive a response as soon as possible; however, some responses can take up to 15 business days.

Please do not reply to this email, as it will go to an unattended email box.

15 business days? That’s crazy. Fortunately, I didn’t have to wait that long. After 48 long hours, I received this thoughtful and detailed reply:

This is to acknowledge your e-mail to MTA New York City Transit.

The MTA is committed to providing safe, courteous, reliable, and accessible service. Please be assured that all comments, suggestions, compliments and complaints we receive from our customers are forwarded to the appropriate managerial personnel for review and any necessary action.

We encourage you to continue to e-mail us at www.mta.info , via the “Customer Self Service” link, with your comments and concerns. We look forward to serving you better now and in the future. Please note your reference number above.

Thank you for contacting us.

Sharon Adams
Customer Services

I tried to follow up — both to the general purpose mailbox, and to Sharon Adams herself (fortunately, her email and phone number are public):

Screenshot 2015-09-29 22.58.31

Turns out they don’t do email:

This mailbox is not monitored.

If you wish to respond to a previous e-mail, please create a new email using the customer service link http://mta-nyc.custhelp.com/app/ask and include your incident number in the subject line.

Thank you.

Sharon didn’t write me back, either.

Save the San Francisco Bicycle Coalition

The San Francisco Bicycle Coalition is under attack — from within.

The board is trying to shut members out from having a voice — forever. Please read the important note above, follow @savesfbike and vote no in the referendum.

HOWTO make readline and history work with irb and rails console on OS X Yosemite

Here’s how to make readline (including control-R reverse search) and command history work with both irb and the Rails console with rbenv and OS X Yosemite (10.10.4).

You need to install Readline first, as OS X ships with libedit instead. You also need to make sure rbenv knows where you put readline.

1. Install rbenv and the ruby-build plugin.

2. Download GNU Readline. Install it:

tar zxf readline-6.3.tar.gz && rm readline-6.3.tar.gz cd readline-6.3 configure && make && sudo make install cd .. rm -rf readline-6.3

3. Install Ruby using rbenv:

RUBY_CONFIGURE_OPTS="--with-readline-dir=/usr/local" rbenv install 2.2.2

3. Add these lines to your ~/.irbrc file:

require 'irb/completion' require 'irb/ext/save-history' IRB.conf[:SAVE_HISTORY] = 10000 IRB.conf[:HISTORY_FILE] = "#{ENV['HOME']}/.irb-history"

This gets everything working in irb. To make things work in Rails, you need to:

4. Install the rails and rb-readline gems:

gem install rails rb-readline

5. Add rb-readline to your Rails’ app’s Gemfile:

group :development, :test do gem 'rb-readline' end

and run bundle install.

fixing dlopen “no suitable image found” errors with node, sass and grunt

I ran in to this error today:

$ grunt css
Loading “sass.js” tasks…ERROR
>> Error: dlopen(/path/to/project/node_modules/grunt-sass/node_modules/node-sass/vendor/darwin-x64-node-0.12/binding.node, 1): no suitable image found. Did find:
>> /path/to/project/node_modules/grunt-sass/node_modules/node-sass/vendor/darwin-x64-node-0.12/binding.node: truncated mach-o error: segment __LINKEDIT extends to 1765408 which is past end of file 1765309

Running “sass:theme” (sass) task
OptionParser::InvalidOption: invalid option: –image-path=assets/img
Use –trace for backtrace.
OptionParser::InvalidOption: invalid option: –image-path=assets/img
Use –trace for backtrace.
OptionParser::InvalidOption: invalid option: –image-path=assets/img
Use –trace for backtrace.
Warning: Exited with error code 1 Use –force to continue.

Aborted due to warnings.

For those curious, this is dyld failing to open a shared library. (See man dlopen.)

I checked and the file exists:

$ file /path/to/project/node_modules/grunt-sass/node_modules/node-sass/vendor/darwin-x64-node-0.12/binding.node
/path/to/project/node_modules/grunt-sass/node_modules/node-sass/vendor/darwin-x64-node-0.12/binding.node: Mach-O 64-bit bundle x86_64

Reinstalling fixed things:

$ rm -rf node_modules/grunt-sass
$ npm install
/
> node-sass@2.1.1 install /path/to/project/node_modules/grunt-sass/node_modules/node-sass
> node scripts/install.js

> node-sass@2.1.1 postinstall /path/to/project/node_modules/grunt-sass/node_modules/node-sass
> node scripts/build.js

`darwin-x64-node-0.12` exists; testing
Binary is fine; exiting
grunt-sass@0.18.1 node_modules/grunt-sass
├── object-assign@2.1.1
├── each-async@1.1.1 (set-immediate-shim@1.0.1, onetime@1.0.0)
└── node-sass@2.1.1 (get-stdin@4.0.1, replace-ext@0.0.1, nan@1.8.4, semver@4.3.6, shelljs@0.3.0, cross-spawn@0.2.9, chalk@0.5.1, mkdirp@0.5.1, npmconf@2.1.2, meow@3.3.0, gaze@0.5.1, mocha@2.2.5, sass-graph@1.3.0, request@2.58.0, pangyp@2.2.1)

Quick Cruz and Paul updates

Good news: Ted Cruz’s https homepage no longer 404s:

$ curl -I https://tedcruz.org/

HTTP/1.1 301 Moved Permanently
Server: cloudflare-nginx
Date: Wed, 15 Apr 2015 02:03:46 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: __cfduid=d738dec08ca404d83f8aa2b5baafa66821429063426; expires=Thu, 14-Apr-16 02:03:46 GMT; path=/; domain=.tedcruz.org; HttpOnly
Location: http://www.tedcruz.org/
Set-Cookie: X-Mapping-fjhppofk=FDCC6397B2B0DC55E6AEB95E4FAB3D36; path=/
CF-RAY: 1d74136e3b2b076d-EWR

I noted Rand Paul is running PHP 5.5.9. That’s true, but there’s more to it. He’s actually running PHP 5.5.9-1ubuntu4.6. Since Ubuntu backports security fixes, he’s only a two months behind, not fourteen. (PHP 5.5.9-1ubuntu4.7 was released in March.)