Two-hop SSH tunnels with Putty

So this is pretty basic stuff, but I find myself looking up the exact procedure a few times a year because I forget some minor detail somewhere. The basic premise is that I want to connect to a host, but that host can only be connected to by another host. So the whole chain looks like this:


The client can connect to Host 1 as long as he has the private key matching the public key on Host 1 (along with the password for the private key). Host 1 can connect to host 2, again using a key. Host 2 can connect to the local address (Host 2 has a wan and a lan address) of the Target Server with a username and password (a Windows Box in this case). Of course, you can do all this with just password authentication, but I wanted to have the added security of “something I have” (the key) and “something I know” (passwords). The main goal is to allow the Client to connect to the Target Server via RDP (TCP 3389), using SSH tunnels all the way. I will affix Wireshark and tcpdump captures from the different points to show the traffic.

Client to Host 1

First we will establish an SSH Tunnel between Client and Host 1. To do this from our Windows Client machine, we open up putty, and perform the following configurations:

putty1Under “Source port” I added 8080. You can obviously use any convenient port that doesn’t overlap with something that’s listening on your local (the Client machine) machine. Under “Destination”, type in localhost:8080. This is so that the end of the tunnel on Host 1 will be localhost:8080. Save your configuration for easy access later. We will further connect through this to Host 2, and on to the Target Server.

Host 1 to Host 2 and on to Target Server

From the putty connection to Host 1, I can now create a tunnel between Host 1 (port 8080) and Host 2, and make the other end of the tunnel Target Server port 3389 (for RDP). The command used for this is:

ssh -L host2username@host2ip

The man-page for ssh, under -L says:

-L [bind address:]port:host:hostport.

Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine.

In this case it’s our end of the first tunnel, port 8080 on “localhost” (i.e. Host 1)

Client to Target Server

Now when all is done, we can start a Remote Desktop connection from Client all the way to Target Server. The connection parameters in my example is like so:

rdp1Now you will connect to yourself, port 8080, which is one end of the chain of SSH tunnels. It’ll then proceed to Host 1, port 8080, and from there to Host 2, and on to Target Server, port 3389.

Traffic captures

First we have a Wireshark capture from Client to the tunnel which terminates at Target Server. Of course, Client doesn’t know this, so from it’s point of view, it’s making an ssh connection to Host 1.


All nice and neat and SSH.

Next up, we have the view from Host 1, capturing for traffic coming from Client, and going to Host 2:



Nothing human readable. Arguments for tcpdump were: tcpdump -i eth0 -n -X -vv host ip.address.of.host2

The penultimate capture! Host 2’s prespective:


Internal addresses all the way here, from Host 2’s internal address to Target Server’s internal address

Finally, Wireshark capture from Target Server, traffic is seen as coming from Host 2:


So here we have it. A two-hop SSH tunnel that allows you to use RDP from a client somewhere, to a machine inside a private network that can’t be otherwise reached.

Disclaimer: I’m not responsible for any misconfigurations or anything, really, that causes you to end up on the front page of newspapers everywhere, lose data, face, or other features you hold dear. Also, I recognize there are about a gazillion ways to do this; This one is mine.

P.S. I also know RDP already has a lot of built in security and encryption, but I’m still not comfortable opening up a direct path to my home machine, or any other machine for that matter from all of the interwebs. Also, this was fun to do and a nice thing to learn about.


My humble Nintendo 2DS review

Note: This won’t be a proper review in any sense, just a gathering of opinions and facts in no particular order.

About two years back, I found a Gameboy Color at a flea market for 7 €. Since then I’ve been stricken by a sort of portable gaming ‘thing’. After that, I bought a DSi, which had both DS and GBA slots (primarily because I happened to have some GBA games (other flea market finds). Then because I wanted to run newer DS games, I eventually got a Red/White 2DS Pokémon Omega Ruby bundle. I just wanted to get on that Pokémon train again. I started way back, maybe late 90’s early 00’s with Pokémon Red (back when there was only 150 pokemans. Get off my lawn!), but have not really played since.

The Nintendo 2DS isn’t available in all regions of the world. For me though, it represented a good price point at ~109-129€ for the device alone, or 139-149€ for a bundle (like the one I got). The 3DS is currently priced at 139€, ~169-189€ for the original 3DS XL, and 189€ for the just-released New 3DS, and finally (phew!) the New 3DS XL at 229€ (without charger?).

You might argue that the original 3DS would have been the better choice. You might be right. It was priced higher when I got my 2DS in December of 2014, because the New-series wasn’t out yet. If I was buying right now, I would most probably go for the original 3DS.

3D isn’t the appeal for me. The games are. The 2DS has basically the same innards as the 3DS, but without the 3D functionality, and sans stereo speakers. Both screens are exactly the same size as in the original 3DS. All 3DS games (correct me if I am wrong) are compatible with 2DS, but will obviously lack the 3D visuals. There are double rear cameras to allow for 3D photographs, and, I suppose, compatibility with certain 3D titles, like “Spirit Camera – The Cursed Memoir” (and other AR games).

The selection available in Europe is slightly confusing to say the least. Things ought to clear up once the original 3DS and 3DS XL are phased out in favor of the “New” series. I haven’t heard of any plans to kill the 2DS, but if I were Nintendo, I’d probably do that. It feels like an outlier, though an attractively priced one.

Here’s a pdf from Nintendo, detailing the differences between the 2DS, 3DS and 3DS XL (original models, New-models not included).

The Device

The device is different from all other current portable Nintendo devices in that it’s not foldable. What you see is what you get. It’s noticeably bigger than the 3DS, for that very reason. Second, the construction is fairly sturdy, but the plastic creaks and feels a bit cheap, to be honest.

The screen is an obvious (possible) issue, as it is always exposed. You drop it wrong, or your child uses it as a hammer (why is he doing that?), and it’s toast. Any other feature is obviously also suspect to the same kind of damage, like the buttons. But, being the adult that I am, I keep it in a case at all times when not playing. I do worry about dropping it sometimes when I’m playing, though.

Some features are: the 3.5 mm headphone jack (which outputs stereo, unlike the device, which outputs mono to one speaker), sleep button (imitates closing the lid on a 3DS, I suppose), volume slider, SD card slot (a 4GB was included, upgradable to SDXC 128 GB according to the Wikipedias), DS card slot, and the proprietary charger jack. A charger was included.

More on the hardware here:

..and here is a good chart on the entire current *DS family lineup (including the “New”-models):

TL;DR on the “New” 3DS’s: Better CPU(s) and GPU, more RAM, C-Pad (in addition to the Circle- and D-pad). Possibly some exclusive games. SD card is now Micro.

Using the device

A push-button powers on the device if it is off, or sliding the sleep switch if the device is sleeping (and has power). It boots fairly quickly; in a quick non-scientific test, it took roughly 10 seconds. After that, you are at the “home” screen, where you can select your application / game, see battery status, date and time, possible internet connectivity status, and so on.

For the uninitiated, the top screen is what you view, while the bottom screen is what you touch. You can touch using your favorite appendage (I like the index finger), or using the included stylus. The screen is fairly precise, and I’ve found that the stylus is seldom needed, though it may be preferable. Poking the screen with a finger will mean your lower screen will become a smudge-fest very quickly.

You can also control some functions using the D-pad and A/B buttons if touching isn’t your thing. This may vary game by game, but at least in the ones I’ve played.


So far, I’ve tried:

  • New Super Mario Bros. 2
  • Zelda – A Link Between Worlds
  • Pokémon Omega Ruby
  • Spirit Camera – The Cursed Memoir

The first two are downloaded games, from the Nintendo eShop. They can be installed on the SD card. Downloads from the eShop are not exactly fast (the 2DS has b/g wifi), but it gets the job done. They could have included n or ac or whatever for even faster wifi, but I doubt that’s the bottleneck.

The second two games are bought physical games. Pokémon is obvious, and the other game is an AR game, which utilizes the “Cursed Memoir”, which is a booklet with AR images that are viewed using the two stereoscopic cameras on the back of the 2DS.


There are tons of applications for the *DS platform. Ranging from music applications to YouTube to the recently released Nintendo Anime  Channel. The latter has three shows available right now: Inazuma Eleven, Kirby and Pokémon. I think it’s a cool way to view anime. Granted, the screen isn’t big, but there’s an obvious tie-in to some of the games that you can play on the same platform. The negative side is that you can only get dubbed audio. I prefer original audio + subtitles. But this is outside the scope of this “review”.

There are other apps like ‘Face Raiders’ (no idea), some simple AR games (AR cards were included with the 2DS), various Mii applications (same as on the Wii), camera, audio player (plays mp3’s at least), plus a web browser.

The Bad

  • Build quality. Granted, the device is cheap, but build quality feels like it belongs on a toy. Time will tell how long it’ll last.
  • No stereo sound. Then again, I won’t listen to many concertos using the build in speaker, but…
  • No 3D
  • Form factor makes is susceptible to damage
  • Battery life still isn’t good (I gather it’s not good on any of the *DS devices)

The Good

  • Cheap-ish
  • No 3D (if you really don’t want to pay for it. Granted, you can disable it on the 3DS with a switch)
  • Feels comfortable to use, if you don’t mind that it doesn’t fold
  • Plays all 3DS games (though some games will be exclusive to the New 3DS, I’ve heard)


A good cheap intro to the portable gaming world. An easy choice for me, and so far I’ve been very pleased. I am a bit worried about the future fragmentation of the platform. Will “New” be the future, obsoleting the entire older lineup of 2DS and 3DS’s.

While getting my portable gaming binge on, I found the Tiny Cartridge podcast/website. If you’re into portable gaming, please give them a listen. They are Patreon supported, so if you do like it, throw a few bucks their way. I know I do!

Veeam 8 backup copies over WAN to a Cloud Connect repository

Veeam 8 has been out now for a while, and has received it’s first patch, too. I’ve been running some tests using the new/improved Cloud Connect functionality, which allows you to send backups or backup copies to a repository located at a service provider. To reduce network traffic between sites, I’m using WAN Accelerators at both sides. The basic setup is, that I’m running backups to a VBR server at the remote site, and then a backup copy of that to the Cloud Connect repository over a WAN. You can run straight backups to the Cloud Connect repository (it acts as any other repository), but then you can’t leverage WAN Accelerator (only available for Backup Copies and Replication (and only with an Enterprise Plus license).

Having run the first full backups to the remote VBR server’s local repository, I set up the Backup Copy job. The way it works is, it looks for the latest restore points in the defined repository / job, and when it finds them, it starts moving them over to your specified destination (while adhering to the schedule you set). After that, if you’ve set it to ‘Continuous’ mode, it’ll go idle, and wait for new restore points to appear, and then move those, and so on.

What I had not taken into account, is that I had defined multiple backup jobs, which I thought were identical, and then added those to the backup copy job. After a while, I noticed that some of the jobs were not being processed by the copy job. The VM’s in those jobs were listed as “Pending” in the backup copy job. After a short investigation, the reason was that one of the jobs had a storage optimization setting of “Local”, while the rest had “LAN”. This setting affects the block size of the backups (ranging from Local (8192 KB) to WAN (256KB).

I wasn’t cognizant of this limitation in Backup Copy jobs. All VM’s being processed have to have identical storage optimization settings. You can’t mix Local and LAN, or LAN and WAN.

The easiest fix for me (though maybe not the most optimal) was to create another backup copy job, add the jobs with “LAN” optimization to that job, leaving the one Local job to the original backup copy job. Or, as suggested in one of the posts in the Sources section, you could delete appropriate backups, change the settings in the backup jobs, and then allow the backup copy job to work its magic.

After the second job was enabled, it immediately started copying over the latest restore points to the Cloud Connect repository.

TL;DR: When creating Backup Copy jobs, make sure all the jobs included are using the same storage optimization settings (while creating the job, on the storage page -> advanced -> storage tab).


Lessons learned – P2V Exchange 2007

I did a physical to virtual conversion of some Exchange 2007 servers, running on Server 2008 last weekend. While everything went fine in general, there were a few lessons to be learned. There’s a lot of forum threads and blog posts written about this topic, but I figured I’d put up some of my experiences anyway.

I will start by describing the environment. The old servers were running on physical Dell hardware, at a remote location. The connection to the new site was 1Gbps end-to-end. The new environment is a fresh vSphere 5.5 cluster. I used VMware Converter Standalone version 5.5.2 for the conversion. Due to the nature of the tool, and the source being a physical server, the conversion was done “hot”, with the source servers on.

The prep

I started out by doing an inventory of the source servers. Checked disk sizes, memory usage, cpu usage. Made note of each service running, and whether they were automatically started or not. One of the first things you notice after a conversion is that your event log isn’t a pretty sight. Certain hardware is always left over after a P2V, which will have to be removed. So I also made a note of any “special” hardware that might be running, that has to be removed after conversion. Things like usb devices, display adapters, disk controllers (SCSI), HBA’s, network cards etc.

Anything as intensive as Exchange (such as SQL, sharepoint, active directory), needs to shut up before doing something like a P2V. Otherwise you will end up with either a non-functional virtual machine, or inconsistencies or the like.

I started by unmounting the Mail DB’s, and DB’s for public folders. Just to be on the safe side. They will be unmounted when you shut down the services anyway, but I guess I’m just pedantic that way. Some guides suggest that you could just unmount the databases and then start the conversion. I wanted to be safe so…

The services I stopped on a 2007 machine with the CAS, Hub, and Mailbox roles were:

– Microsoft exchange active directory topology service
– Microsoft exchange transport log search
– Microsoft exchange transport
– Microsoft exchange service host
– Microsoft exchange search indexer
– Microsoft exchange replication service
– Microsoft exchange mail submission
– Microsoft exchange mailbox assistants
– Microsoft exchange file distribution
– Microsoft exchange anti-spam update
– Microsoft exchange information store
– Microsoft exchange system attendant
– Microsoft search (exchange)
– IIS admin service
– World wide web publishing service

I also stopped services for Backup Exec, and for the AV-product. I’ve noticed AV-products tend to mess with VMWare Converter, at least in some cases.

On the Edge-server I stopped the following services (in addition to BE and the AV-stuff):

– Microsoft exchange ADAM
– Microsoft exchange transport log search
– Microsoft exchange transport
– Microsoft exchange anti-spam update
– Microsoft exchange credential service

The conversion

Conversion ran on the machines itself, using the “Powered-on machine”-option, and selecting “This local machine”. Pretty much default settings. Finalize synchronization after conversion. Converted the hard drives to thin. No changes to running services or anything like that. I usually don’t install VMWare Tools automatically, and I don’t uninstall VMware Converter components automatically either. I don’t trust automatics, and I usually take care of those post-conversion by hand.

Conversion ran at a comfortable 20-40MB/s and was done in a reasonable time. Considering it’s VMWare Converter.


Every P2V conversion guide says: After conversion, shut down the old physical machine and disconnect it from the network to make sure it never comes online again. There is a reason for this. Due to the environment, and lack of OOB management (no iDRAC, ILO or the like) there was no way to shut down or remove it from the network completely, without losing the ability to rollback. You always kind of want the option to go back to the old server, in case your conversion really goes tits up.

Anyway, the original machine was renamed, dropped from the domain and dropped from all networks except one. And in that network, I changed the IP. This way I still had a way in if I needed, but nothing to point back to the old server. Right? Wrong.

Here’s where service principal names come in. SPN’s can mess things up very quickly unless you are careful. In this case, even though the old server was renamed, and removed / changed in all networks, there were still things referring to the old server, namely SPNs. There are a number of uses for them, for instance Kerberos authentication. An exchange server has a number of SPN records, not just the regular HOST/ ones. There were also records like SMTP/ and MAIL/ and EXCHANGE/. Even though I had rebooted the server, the old SPNs had not disappeared. New ones were simply added. I didn’t want to start Exchange to see if the records would be removed/changed at that point, so I simply deleted all the SPNs that still referenced the old server name. I left the ones pointing to the new name, as they would not conflict with anything.

I had records pointing to the old server name for all of the following records: One pointing to the current name (call it server_old) and the other pointing to server (the original pre-virtualization name):

Actual server names removed to protect the innocent


Prior to removing the records, the new converted virtual server would not log into the domain. The error I received upon login was: “Error: The security database on the server does not have a computer account for this workstation trust relationship.”

I was able to login using the local account, so I knew I wasn’t completely hosed. The error message led me on a wild goose chase, though. The server had a computer account under the correct name in the domain (on all domain controllers). I tried resetting the computer account, I tried removing it, dropping the server out of the domain and then back. No help.

Eventually I started looking at SPN records using ADSIedit on one of the DCs. Under the domain context, find the computer account for the old account, and look under serviceprincipalname. Remove the SPNs from the old physical server compunter account that are pointing to the new virtualized server. Reboot the new virtual machine. There should be no conflicting names anywhere in the domain, and the login should now work. As it did!

Flow of things

A very long time has passed since I last posted anything. In that time, I’ve done an ass ton (metric, in imperial that’d be approximately 45/64th’s of one quarter cup liquid ounce of.. inches?)  of work, been to Switzerland and back, had my son start elementary school, and various other bits and bobs. Maybe that’s why? Anyway, I’ll start rambling off things that come to mind.

So I went to Switzerland, Geneva to be more exact. And to be even more exact, I visited CERN! The inner geek in me is still excited. That place is, to put it bluntly, amazing. We started by checking in at the visitor center, where we got our badges. I took the opportunity (at the recommendation of one of our hosts), to visit the gift shop and pick up a t-shirt and coffee mug. The mug has the four component formulas for, well, everything important, i.e. the Standard Model Lagrangian. Don’t ask me to explain it, because I’m pretty sure I couldn’t. The t-shirt I can explain. Not only was it made somewhere in Asia, but it also has on it the original Tim Berners Lee proposal for the world wide web. The back has his boss’s comment “Vague, but exciting”, on it. Both items are in frequent use.

At CERN, I visited the control room for ATLAS, one of the experiments using the large hadron collider. The LHC itself was being upgraded to allow for higher energy level collisions in the future. Pity we couldn’t visit the actual detector, or see the actual uhm.. tube where the particles travel in a circle before hitting each other every once in a while. We also visited the computer center.  As a computer guy, I was pretty darn impressed. The amount of hardware that’s in there is staggering, and the connections to the outside world are even more impressive. I was told there wasn’t “much” science going on, and still the aggregate bandwidth of connections to and from the facility and to research facilities around the world was at over 7 GiB, with over 200 000 running jobs. They told us it gets to around 13-15 GiB when there’s a real buzz. There was a nifty touch screen in the lobby of the computer center, built around google earth, that you could spin around to see the different connections around the globe. Finland’s share? A meager 0,3% of the computing being done. Meh. The lobby also had some display cases with various old hardware: old modems, fiber optics, hard drives and so on.

Geneva was a nice place in general. The climate was nice, the views spectacular and the people generally very nice. I had that same nagging feeling that I had in Paris in 07, where the French speaking people were just acting.. weird. We had a waiter that was muttering something under his breath the whole time he was serving us. There was that same air of arrogance and displeasure at having to speak English. The hotel was a refreshing exception (as it was in Paris), and I can easily recommend it for anyone looking for a reasonably priced hotel in Geneva. We stayed at, *drumroll* the Hotel de Geneve! Located at 1, pl. Isaac Mercier, Geneva 1201, Switzerland, it seemed to be a fairly central location. It was a short 10 minute walk from the train station, and not far from the river for instance.

On our second day, we took the train to Lausanne. I had perch. Nice expensive looking place by the shores of Lac Léman (Lake Geneva). The train ride was maybe an hour, or a little less and very smooth. Saw an Aston Martin Vanquish drive by. The whole place seemed to be in a perpetual slow motion, and somehow at ease or at rest. Didn’t really see much of the city, we just had lunch, but what little I saw was nice.

The journey back was eventless, if it wasn’t for the small incident at the airfield in Geneva. We were taken to our plane (an Embraer 190) by bus, and had to wait outside the plane for a considerable amount of time as the idiots piled into the plane (how hard is it to just find your place, and stow your luggage?). While waiting, I figured I’d take a few pictures. I took a picture of one of my traveling companions, with the plane in the background, and then turned around to take a picture of the scenic mountains that basically surround the whole place. At this point, one of the yellow vested… whatever she was, told me to put the phone away. No pictures! Put it your bag! I told her there were no signs posted anywhere that I couldn’t take a picture, but she would have none of it, and I yielded, putting my phone in my pocket.

Now, I am aware that standing on the tarmac, there is in theory a risk that something will happen that requires my attention. On the other hand, if a plan lands on us, I doubt I would have time to do some kind of Die Hard-type jump to safety, phone or no phone. There were also no spinning propellers that I could accidentally walk into. I think there was even a small roped fence thing preventing us from wandering onto the runway or other areas around the plane.

I was not given any reason for why I couldn’t take a picture. This always irks me. If there is no sign prohibiting photography, or an announcement, and I have used my common sense to assess that taking a picture does not pose a risk to my or anyone elses health, I’m going to take pictures. I have no reason to fight with airport people. They are doing their job. I still fail to see how my photography could cause any harm. Also note, the queue into the plane was *not* moving, so I was not holding up the plane, telling everyone “hold on, I need to tweet this shit!”.

“Is this not a reasonable place to park?”

Enough about travel again! Seems I can’t get enough of it. Later this year, though, I’m flying over to Edinburgh, which might be the place to be now that they are voting for independence! I might get a chance to visit the newest independent country in the world. Or maybe not, in case the No-vote is the winner.  The vote might be today?

On the hardware side of life, I’ve been doing some upgrades for my backup and storage infrastructure. For local onsite backups, I now have an Iomega IX2-200 (cloud edition), with twin 3TB Western Digital Red drives, in RAID1. It’s not the newest or the fastest NAS out there, but it works. On my main workstation I have replaced the previous 2x1TB RAID1 set with a 2x2TB RAID1 set. Just added one terabyte. I now have a bunch of spare 1TB disks, which will probably be incorporated into a FreeNAS build I’m working on. I had some issues trying it out earlier this month, but I think it was just Samba misbehaving. It would disconnect in the middle of a file transfer, and tell me the path is not accessible. According to FreeNAS, things were a-ok. It’s not like I’m a FreeNAS guru or anything, so I’ll have to put in more hours to that build to get it working. It might end up being up to 8x1TB. Currently I have only 8GB of RAM (ECC, though), but I’ll probably want to upgrade that to at least 16, maybe even 32. The thing is, that means I have to get a different motherboard, processor and.. Oh well.


Airline travel, again

This year I flew to Las Vegas for EMC World 2014. Same as last year. The trip was less gruesome, as we had only one layover in Heathrow, both ways. The trip still takes nearly a day, including time spent waiting at airports, sitting in cabs etc. Not something I’d like to do multiple times a year.

Anyways. Travel. In Finland, things were as “easy” as they have been. No hassles at security. When you leave, you step into this booth (self service), get your picture taken and stored (for..some amount of time?). When you come back, the same process is repeated. I suppose they can track people and say “this person left, and came back”. Plus they have images of the people who are not in the country, and who are in the country. Handy if you need to track someone down.

At London Heathrow, there was a small kind of security screening thing. Get you and your bags scanned, again, and your passport looked at. Nothing too intensive.

The flight to vegas and back was on a British Airways 747-400. Personal entertainment system at each seat. Complementary crappy headphones, but on the other hand, they have used standard 3.5mm stereo plugs, so you can use your own headphones. Which is a nice change from the weird two-pronged airline fuckeries, deployed by most airlines. But, BA has no inflight internet. Blows. 10.5 hours between London and Las Vegas means.. well, being offline these days, even in the air, is a pain. Granted, you can use more gadgets in-flight than you previously could. Most devices can be on even during take off, but for some reason, phones can’t. Even if they are in airplane mode. Airplane mode means: no signals going in or out. Other than EM field generated by the various components of the device itself. But then, why would an e-book reader be any different? It has an airplane mode, and some of them even have 3G functionality, making them essentially big phones. So why can they stay on during the entire flight, including take off and landing? Mysterious.

Security at Las Vegas was about the same as usual. We were the only flight in at that time, so we only waited for about.. 15 minutes going through immigrations. Not a whole lot of questions this time around.

CBP person – “So, why are you here?”

Me: “A conference”

CBP person – “What conference?”

Me: “EMC World, at the Venetian”

CBP person – “Welcome to the United States”

That was about the extent of our conversation. Fastest entry of any of my trips to the States.

What eats me alive is that stupid “Welcome to America!”-video that plays, apparently, at all airfields when you are waiting in line for the Customs and Border Protection.

Leaving Las Vegas, there were people who were put through the Rapiscan thing (nudie-scanner), and some, like me, who were put through a standard metal detector. There was a lady in the line next to me who opted out of the rapiscan, and that wasn’t an issue for the TSA guys. No hassle, as far as I could tell.

Not once were any of my bags opened, and I wasn’t subject to any intense scruitny or questioning. Then again, why should I? I’ve never been selected for ‘random screening’, where as I have heard that some people are almost always subjected to the completely unbiased non-discriminatory ‘random screening’. I guess I’m just lucky.

Then again, few countries have any issues with Finland or  Finnish people. We’re not a threat to anyone, and we’re not interesting to most people. Most don’t even know where we are. That makes it pretty easy for us to get around the world.

That is, except for airline personel. We actually managed to drink all the gin that was on that plane (though, I do believe first- and business class has their own stash). Note, it’s a British airline, so they are bound to have a metric (or imperial?) fuckton of gin onboard. But when you get a group of Finns, that order not one, or two, but three drinks every time that unlucky flight attendant passes us..

At one point the stewardess that mostly took care of our piece of the plane started to suggest that some in our party maybe order one drink at a time, instead of two or three. And when we were above the continental US, she started pretty much ignoring some people in our group. “Hey xxxxx!” (they started calling her by name), and she’d be all like “Just a moment!”, and then never coming back. I hate traveling with that certain type of Finnish people, who need four galons of beer and booze to survive a flight. Not saying we’re all like that! Just 98% of us…


Lenovo Thinkpad T440s – 6 months in

I’ve now had the Lenovo Thinkpad T440s as a work machine for the past 6 or 7 months. Here are some short observations, things I like, things I don’t like, things the broke, etc.

Things I do not like:

  • The gorram touchpad. Get it out of here! Horrible the way there is like a single button (the size of the entire touchpad), and a certain area for the right mouse button etc. Just unusable in my opinion
  • The keyboard used to be better… now it resembles something that comes from Cupertino, and is not as comfortable to use as the previous thinkpad-y keyboards
  • No more nipple buttons! How am I supposed to use the trackpoint (a.k.a. the nipple) without the two buttons below the keyboard? I’m not, that’s how! External mouse is basically an absolute necessity
  • They’ve slimmed it down so much the keyboard leaves marks on the screen when you have the lid closed. It’ll only get worse, and I hope it doesn’t permanently damage the screen. I do have a screen-filter in between so hopefully that protects the LCD slightly.

Things I like:

  • Screen is great. 14″, FullHD (yes, It’s not 1440p or whatever). You could get it with either a touchscreen or not. Obviously mine isn’t a touchscreen, as I was buying a laptop, not a tablet
  • 256GB SSD. Not the fastest out there, but I like
  • Connectivity. With the docking station, I have enough ports to fill my needs. USB 3.0, 2x Display Port (which I have connected to my two external Dell screens), etc. etc. I’ve missed the optical drive a few times. But not enough to get an external drive to lug around
  • The overall form factor, size and weight

Things that have broken or failed more than once, or annoyed me

This list is longer that I would like. Compared to previous Thinkpads that I have used or owned, this is unusual

  • SSD. Started failing when I was saving files (for instance), and eventually stopped being detected at boot. Replacement was sent by Lenovo, and I swapped it out. In hindsight, do not do this on your own. The case is a bitch to open. Get their onsite tech to do it.
  • Keyboard. Broke a button while fiddling with it. A piece of plastic came off and the button was forever broken. My fault entirely. Ordered a replacement keyboard, swapped it out. Easier than the SSD. A bit harder than some Thinkpad models in the past.
  • The piece of metal that keeps the ethernet cable in place! This is incredibly annoying. For some reason, the ethernet cable doesn’t *click* into place anymore. Something is missing. Not sure this is a warranty thing. I’ll just survive, I think. I use it in the dock about 70% of the time anyway
  • Issues with the external screens, when docked. I have two Dell U2713HM screens attached via Display Port cables to the dock. Randomly, the screens will go blank, even when the laptop is securely seated (and locked) into the dock. Sometimes resolutions get messed up, so that one screen has a lower resolution. This might be a Windows 8.1 issue too, but still, annoying. Issues waking up from sleep, or power save
  • Serviceability. I wish it was easier to open the case. Granted, I don’t have to do it. I can get their onsite or whatever to do it. But I liked how you could open the slot for memory, or the hard drive, or whatever, and not have to rip the entire case to bits. Screws are also not enough, there are plastic clips that *will* break if you are not careful when opening the case. I wish it was more like my T410s, where everything, more or less, was behind it’s own hatch and/or easily replaceable
  • Not available with more then 12 GB memory. Why? Why the I7 processor, but then limit the memory to 12GB? Doesn’t make sense in 2014…

Not sure I can recommend this laptop. There are a lot of annoying things with this machine. When docked, it works mostly great, and with the 256GB SSD, I7 processor, and with it’s dual DP ports supporting large external screens, it is a powerful rig. But a lot of annoying issues. Not sure what I would get, if I didn’t get this one. Apple is out, never liked HP.. what other business type machines are there that I would like? Dell? Always thought they were a bit clunky.. I dunno.

Observations from an ebook noob

I’ve been the owner of an ebook reader (see the previous post) for all of two weeks now. I have used my kindle nearly daily, and it’s a handy thing to have around. So far, I’ve mostly been reading issues of Linux Journal (who moved to a digital format two years (?) back), the scifi book by MK Wren that I mentioned, and then various tests.

But about the medium. Surprisingly, I fucking hate that there are format restrictions, DRM and all that jazz. Why have two formats that do essentially the same thing on different devices? Profits, probably. Businessy stuff that I don’t understand. There are of course, ways around things like this. I read somewhere that you can root a Kindle, which then enables functionality not found on the retail device. There are various converters for formats, such as Calibre, which enables management and conversion between formats. I have read that the Kindle (un-rooted?) will not eat stuff that has been un-DRM-ified using a converter, or that it will read books that have been converted at all. I haven’t tried the software yet, so I’ll have to get back to you.

The issue of DRM is a difficult one. I do not believe in crippling content and/or software. Your product should be good enough so that people want to pay for it. And I will. The amount of money I spend on software, movies and music in a given year is not a small one. We own several shelves of music, several gigabytes of digital music, and probably in the neighborhood of 500 DVDs and Blurays. I prefer FLOSS, but if it doesn’t do what I need it to do, I’ll probably buy something. I own my copies of Windows, on all of my hardware. And so on. Ok, disclaimers aside, the point I was trying to make is: If your content is good and there is a need for it, people will pay for it. DRM will never be an effective solution, ever. People will always find a way around it.

Okay, done venting!

I’m still miffed that I can’t read my technical manuals or whitepapers, which are in PDF format, on my Kindle. I would really find it useful if I could carry that with me when I go on consulting gigs, so I could pull up any number of manuals when I’m in a server room somewhere doing an install. Yeah, I can use a laptop, but that will run out of battery on most install gigs, and it’s not comfortable to have when you’re behind a rack for instance. Printing them is also out of the question, as they might be hundreds of pages. This is really a use case I can get behind, though, I do admit it is a comfort thing, more than a necessity for me.

I ran into that pesky “out of memory” message, trying to read a tiny 15 MB pdf. I don’t get it. Surely the device has more than 15 megs of RAM, and I hope it doesn’t cache the entire document when you read it. Maybe a slight read-ahead and read-back? Conversion might be the answer here, but, as I said, I will have to get back when I’ve tried it.

As for the content: I have not bought anything from Amazon yet. I have bought The Book of PF (3rd edition) from No Starch (really like their stuff!), some indie content, and then the scifi books through.. whatever it was. Paid by paypal or credit card, then transfered them through the USB to the Kindle. Works fine.

There is in-device buying. I’ve seen ads for $1.99 books on the Kindle, and sooner or later, I’ll click on one. It will be interesting to see if there are regional restrictions on that. I bought the Kindle in the States, sure, but can I buy books from Amazon when I’m in Finland? tells me to go to (eerily similar to my first tries of buying a Kindle). I simply don’t understand this. I get it that they need to like.. pay distributors and what not, but.. Just let me pay you for your stuff! I have the money! You have the stuff! Let’s transact!

You can also move content by sending an email to your “Kindle email address”, which was created when you first registered your Kindle. Also, you can probably use Wifi (haven’t tried it). USB is fine for me.

Even if I have to live without content from Amazon’s stores, there’s still plenty for me to read, and plenty of good publishers that provide me with cheap, compatible books.

Compatible books. What a laugh-riot.


My look at the Kindle Paperwhite 2 (2013)

So I’ll start out by saying that there wasn’t a real.. flaming need to get an ebook reader. I just wanted one. And I am at a point in my life where I can get things that I want.

It’s also painfully difficult to get ebook readers in Finland. They have this mantra here. “There’s no point in publishing/selling ebooks, because nobody clearly buys them!”, which leads to “Nobody buys ebooks because there are no ebooks/readers to buy”, which leads to..

There are a few readers that you can get in Finland. Sony has had a few models available at for a while now. There are also some less known brands (to me, at least), like Bookeen. No idea about their product. But try to find a non-secondhand Kindle, or Nook or Kobo or some such device. You can’t! Or if you can, I stand corrected. The Sony products have not been attractive to me. Perhaps just because of the brand, or the format support (they do support epub, more on these later), and have things like a MicroSD slot and so on. The Bookeen models apparently su pport both epub and mobi, which sounds great! If anyone has experience with the Bookeen brand devices, please comment. They are cheap as dirt (54,90€ at Verkkokauppa), which makes me slightly suspicious, but the format support is intriguing.

A great segue! The formats. There are two big formats. Epub and mobi. Epub is used by a lot of vendors. Mobi is used primarily by Amazon on their Kindle-series devices. PDF is almost universally supported (though, there are limitations), as are some image formats and common text formats. Some support doc, and docx, even xml-type formats.

So what format should you go for? I went for mobi, and the Kindle ecosystem. Why? Well, mostly because of reviews. Amazon seems to have a fair selection with reasonable prices. There are probably the same amount of mobi-formated books, so that’s probably not the main reason.. The Kindle doesn’t even have expandable memory. But the screen is great. It has received near-universal praise, and looking at it in the store kind of sealed the deal.

So why did I buy it in the US? Well because of the price. I paid $99 plus Nevada sales tax, (108 dollars was the total, I think. Don’t get me started on the stupid tax-free pricetags in the states..). I tried ordering one online. I went to It told me I can’t order this product to my country (Finland, for those who are not regular readers). Why? Who knows. I didn’t find a solid reason. The price would have been about right (plus shipping of course), but I just couldn’t buy it. We’re all in the EU, so I wouldn’t even have to pay VAT or customs!

So directed me to They, quite obviously, have the Kindles for sale. But if I order it from the States, I have to pay the price (around what I paid at Best Buy, where I got it), + shipping + 3.5% customs fees, + 24% VAT on the product + shipping. Which makes the price.. well not so attractive.

I knew I was going to the US sooner or later, so I decided to wait. Like Chuck Norris.

Because of reviews, I ended up with two finalists: The Barnes & Noble Nook Simple Touch with GlowLight, and the Amazon Kindle Paperwhite 2 (released in 2013). Basically both have impressive batteries (they promise ~8 weeks with 30 minutes of daily reading, and some wifi-use). The Nook supports the epub format. The Kindle supports the mobi format. The Kindle is said to have a slightly better screen. The Nook, on the other hand, has a MicroSD card slot (supporting cards up to 32GB).

In the end it was the screen, and the physical appearance of the Kindle that sealed the deal. It’s simple, minimalistic, and not so plasticky and round as the Nook. I bet I would have been equally pleased with the Nook, had I not compared them side by side, and read all those reviews; most of them giving the Kindle a very slight edge against the Nook.

So once I had traveled the 20 + hours (door to door) to Vegas, I set out to find a Kindle. I weighed different options, looking up stores that were near to The Venetian where I was staying. It was either a Frys, or a Best Buy. Both had the product in stock, with the same price (or close). It was Sunday, so Best Buy won by being open (and closer). I waked 2.3 miles (according to Google Maps) to get to the Best Buy on S. Maryland Parkway. After stopping by the Starbucks on Flamingo, which I had to do to prevent accute dying (it was nearly 40 degrees celsius!), I finally got to the store. But I’m getting ahead of myself.

I ordered it online, and selected store pickup. All this worked fairly well. I did have one issue. Best Buy offers two options for us foreign devils: 1) Order it to a US address (not sure if I could have ordered it to the hotel?), 2) Pick it up from a store. Another caveat was, that if you wanted to pay by credit card, you had to use a specific billing address provided by Best Buy in their handy “international customers” guide. I did run into a problem. I couldn’t type a telephone number that it would accept. It just told me “Please enter a valid phone number in the format (555-555-5555) or something to that effect. I tried all manner of combinations, fake and real, but nothing would pass the mechanical devilry that was their online store.

On the left hand side there was an option to “chat with a best buy customer support agent”. I considered my options. I could have just walked over, called the store.. .But being the antisocial prick that I am, I decided to give the chat a whirl. After a short wait (maybe 2 minutes max?), Jennifer came online, and within a few minutes, I had a working solution. Apparently the dashes were not needed (despite the instructions), and the number she gave me was.. something other than my own. I don’t care. It worked. I thanked Jennifer, and waited for the confirmation that the Kindle was waiting for me at the store.

All this happened on time, within a few minutes of the store opening at 11 AM.

At the store, I had one last look at the models, confirming my selection. I went to the online pickup counter, where I presented my ID and credit card, and was handed my Kindle. All in all very smooth! I can recommend this method to anyone visiting the states.

I did want a cover for my precious device. I opted for an “official” leather Kindle case, at a slightly salty $39,90 + tax. It does look great, so there is that. And closing the lid also puts the device to sleep, so I’m okay with this.

Initial impressions of the device are as expected. Charged it, which took a while. Turned it on, and it wanted a wi-fi connection to register the device, whatever that means. I logged on using my existing Amazon account (to maximize my surveilance footprint), set the time, and I was pretty much done.

I had previously purchased the VODO Otherworlds Indie Bundle, which included a number of ebooks in various formats. Conclusions: mobi format works fine, as it’s the native format. Comic-book formats (cbz and whatnot) do not (at least without conversion), PDF’s work… partially. I started reading a PDF course book that I had, and it crashed the Kindle at page .. 65 or something. Out of memory. The file was.. 15 megs maybe? Surely it can’t really be out of memory??

I googled around, and found that PDFs sometimes do that, because they have various scaling issues for the 6″ screen. The fonts might be screwy, the zooming so on might not work. So PDFs work.. with some limitations. Why I was able to load the file, and get to page 65 (maybe it had some specific content on it?), eludes me. The solutions to this were mostly to use some software to convert the PDF to mobi or something. Haven’t tried that yet.

That’s kind of a big minus for the Kindle. PDFs are everywhere. Most of the technical documents I read are in PDF format. If I can’t have a decent solution to reading them, that’ll be a bummer.

Ok, this is really long. I’ll conclude by saying: The screen is great. I have not recharged it, after the initial charge, and I read daily. During the evening, I can read without disturbing my SO, since the screen is slightly illuminated. I can use a very low brightness setting while reading at night. Something like  4-7. The 8-week battery promise is with brightness 10, and some Wifi, so I ought to get a good battery life like this.

The screen is very easy to read at any brightness level, and it is very fast to refresh (none of that full page blank and reload of the first ebook readers), and it responds to touch nearly instatly (to turn the page; there are no physical buttons)

All in all a nice product, with a minus in regards to PDFs. I just bought some scifi that BoingBoing had recommended, and I’m in the middle of one of those. In native mobi format. I also pre-ordered “The Book of PF” 3rd, edition, which was available in mobi-format as well. Looking forward to reading that!

Kindle Paperwhite 2, in lockscreen
Note the ad. The ads are only displayed on the “lockscreen”. Not in the books, between pages or anywhere else. The ad-free version was I think 30-40 bucks more expesive.
Kindle Paperwhite 2 - Reading a book
Pictures taken in fairly poor lighting, and the brightness on the screen was set to 5 (then again the camera automatics lenghten the exposure time). The book being read is “Sword of the Lamb” by MK Wren, all rights reserved, I don’t own any copyrights, etc. etc.





Loads of stuffs

So between February and now, the period of time which will be known as the big lazy, is now over.

*golf clap*

A lot has happened. I went to Las Vegas for EMC World 2014. Came back. Have loads of new gadgets and things to talk about. I’ll list a few just to get started:

  • An Amazon Kindle Paperwhite 2 e-book reader
  • E-books in general
  • Some notes and observations about my work laptop (a Lenovo Thinkpad T440s)
  • Gameboy DS Lite
  • GoPro Hero 3 White Edition
  • Some book reviews
  • Observations on airline travel (again)

And I’ll post pics of the TV mount, which is this model, for those interested.

EDIT: Also a curious observation. The four latest posts that I’ve made, have all happened on the 14th.