Uncategorized

Only the best will do for my readers

Qualys SSL Labs: A+, 100% rating

Securityheaders.io: A+ rating

Update (2020-11-22):

I just switched this blog to use Amazon’s Cloudfront CDN to speed up things (the old server was in Mt Prospect, Illinois near Chicago O’Hare airport, and particularly painful to access from London due to the latency). Unfortunately that also means the perfect A+ is gone, as AWS has more lenient compatibility settings for its SSL gateways.

Avoiding counterfeit goods on Amazon: mission impossible?

I mentioned previously that I seldom shop for electronics on Amazon.com any more, preferring B&H Photo whenever possible. I now have another reason: avoiding counterfeit goods.

My company boardroom is in an electromagnetic war zone—dozens of competing WiFi access points combined with electronic interference from the US-101 highway just outside make WiFi reception tenuous at best, and unusable more often than not. To work around this, we set up a wired Ethernet switch, and since most of our staff use MacBook Airs, Apple USB Ethernet adapters purchased from Amazon. When I side-graded from my 15″ Retina MacBook Pro to a much more portable 12″ Retina MacBook, I wasn’t able to connect using the dongle, and the name of the device was interspersed with Chinese characters. At first I thought it was an issue with my Satechi USB-C hub, but I experienced the same problems via a genuine Apple USB-C multiport adapter as well.

Eventually I figured out the Ethernet dongles were counterfeit. The packaging, while very similar to Apple’s, was just a tiny bit off, like amateurish margins between the Apple logo and the edges of the card. On the dongles themselves, the side regulatory disclosures sticker was inset, not flush with the body of the adapter.

Counterfeiting is a major problem. By some accounts, one third of all Sandisk memory cards worldwide are counterfeits. In some cases like chargers or batteries, your equipment could be at risk, or even your very life. The counterfeit adapters we purchased from Amazon did not come from Amazon themselves but from a third-party merchant participating in the Amazon marketplace. To Amazon’s credit, we returned them for a prompt, no questions asked refund even though we bought them over six months ago, but it is hard to believe Amazon is unaware of the problem rather than willfully turning a blind eye to it.

My first reaction was to tell our Office Manager to make sure to buy only from Amazon rather than third-party merchants (pro tip: including “amazon” in your Amazon search terms will do that in most cases). Unfortunately, that may not be enough. Amazon has a “fulfilled by Amazon” program for merchants where you ship your goods to them, and they handle warehousing and fulfillment. These “fulfilled by Amazon” items are also more attractive to Prime members. One option Amazon offers is Stickerless, commingled inventory where the items you send are put into a common bin. Amazon still has the ability to trace the provenance of the item through its inventory management, but for purposes of order fulfillment they will be handled just like Amazon’s own stock. Some categories like groceries and beauty products are excluded, but electronics are not.

The implications are huge: even if the vendor is Amazon itself, you cannot be sure that the item is not counterfeit. All the more reason to buy only from trustworthy, single-vendor sites like B&H, even if shipping is a bit slower.

Sent messages folder considered harmful

I use Dovecot as my mail server, with maildir format mailboxes. It is very easy to make the Sent folder be the same as the Inbox: just symlink the Sent messages folder’s cur subdirectory to be the same as the Maildir’s top-level new directory. This ensures any email placed in the Sent messages folder is magically a whisked off to the inbox.

starvald ~>ll Maildir/.Sent\ Messages/
total 85
drwxr-xr-x 5 majid engineers 11 Apr 20 13:01 ./
drwxr-xr-x 268 majid engineers 278 Apr 20 13:26 ../
drwxr-xr-x 2 majid engineers 2 Oct 14 2007 courierimapkeywords/
lrwxrwxrwx 1 majid engineers 6 Oct 30 2010 cur -> ../new/
-rw-r--r-- 1 majid engineers 33 Jun 15 2011 dovecot-keywords
-rw-r--r-- 1 majid engineers 54 Apr 20 13:01 dovecot-uidlist
-rw-r--r-- 1 majid engineers 400 Apr 20 08:38 dovecot.index
-rw-r--r-- 1 majid engineers 24K Apr 20 08:39 dovecot.index.cache
-rw-r--r-- 1 majid engineers 26K Apr 20 13:01 dovecot.index.log
drwxr-xr-x 2 majid engineers 2 Apr 19 09:43 new/
drwxr-xr-x 2 majid engineers 2 Apr 20 08:38 tmp/

Vancouver vacation tips

  • Swan Laundry will pick up your laundry at your hotel, wash and fold it, and return it the same day for a $50 flat fee.
  • Wind Mobile has an unlimited 3G hotspot plan for $35 per month (they will throttle you if you exceed 10GB in a month), a better deal than any US carrier offers. They sold me a refurbished Huawei hotspot for $45 (why should the NSA have all the fun listening in?)
  • Urban Fare is an excellent place for breakfast and fancy groceries, specially the Shangri-La location.
  • The Blue Water Cafe is my favorite restaurant in town.

Slava Rostropovich, 1927-2007

Legendary cellist and all-around good guy Mstislav “Slava” Rostropovich passed away in Moscow today. He was a friend and supporter of Shostakovich, Prokofiev, Britten and many others like Dutilleux, and many of the greatest works for cello of the 20th century, indeed of all time, were dedicated to him.

Rostropovich

I had the opportunity to hear him conduct Shostakovich’s “Babi Yar” a year ago (when I took this photo) and a few years earlier as a cellist the Dvořák Cello Concerto (sadly in replacement of the far superior Shostakovich First Cello Concerto that was dedicated to him).

The world of music has suffered a grievous loss. None of the current generation of cellists (Ma, Gastinel) is of the same caliber. As a conductor, his legacy is more mixed, as his Shostakovich interpretations often lack fire, but his Prokofiev cycle with Erato is marvelous, specially the Fourth in its original version.