Upgrading to the Pixel 6 Pro

Posted on 2022-01-13 by Joe Wein

After several Nexus phones, a Pixel 3 and a Pixel 3a, the new Google Pixel 6 was an easy upgrade choice. I’ve been very happy with both the Pixel 3 and Pixel 3a, especially the image quality, so much so that I virtually stopped using my cameras. Just about the only thing the DSLR still did better was the optical zoom. The new Pixel 6 Pro has one dedicated telephoto lens that should help narrow the gap. I ordered it in December and it arrived in the new year.

I chose to migrate the contents of my Pixel 3 to the Pixel 6 Pro, since that was my main camera phone before. The new phone has 512 GB of flash memory vs. 256 GB in the old one so there are no storage issues. Copying files across using the upgrade tool and a USB-C cable was relatively straightforward. I wish the migration did not default to Japanese (my old phone was set to English), but that was no major obstacle and I could change the language afterwards.

Moving Line and WhatsApp chats across via a Google account was not difficult either, I just had to do some searches to get the backup and restore steps right. I moved the data-only SIM card from the old phone to the new one before I started. With the data-only SIM card I use a Google Voice account for SMS-verification but I will soon swap the SIM card for a voice-enabled SIM that directly handles SMS with a new phone number.

On my Pixel 3a I am using Pasmo/Suica for contactless payments and train fares since it has the Mobile FeliCa chip needed for “osaifu ketai” (wallet mobile phones). My US sourced Pixel 3 does not have this functionality. I wasn’t sure if the Pixel 6 purchased from the Japanese Google online shop would have the chip or not, since I could not find any explicit reference to it. However, it seems to work.

First I tried to directly charge the phone with cash at a machine at train station but the phone wasn’t recognized when I placed it into the charging cradle.

Then I tried to install and setup the Mobile Suica app, a truly horrible piece of software that must have roots in the pre-smartphone era. No joy! It turns out there is also a Pasmo app in the Google Play store. Uusally I treat Pasmo and Suica as synonymous since they’re different brand names for the same technology but in this case they’re not the same thing. The Pasmo app was really easy to install and set up. I selected the configuration without personal details (i.e. not linked to a bank account or credit card) and everything went smoothly. Charging it at the train station worked and so did a payment at a convenience store.

So how about the camera, the main reason I bought the phone? I tested it on Monday, which was a public holiday (Coming of Age Day), on a 162 km bicycle ride in west Izu. The weather was perfect for the numerous Mt Fuji views. I took shots from morning to after sunset, many of them telephoto shots zooming into Mt Fuji (see image above and below).

I will be able to make good use of this on my bike rides.

wget: “Issued certificate has expired” after September 30, 2021

Posted on 2021-10-07 by Joe Wein

Two websites that I download data from using automated processes stopped giving me new data from October 1. When I investigated the problem, I could see an error message from the wget program in Linux:

Connecting to SOME.HOSTNAME (SOME.HOSTNAME)|1.2.3.4|:443… connected.
ERROR: cannot verify SOME.HOSTNAME’s certificate, issued by ‘/C=US/O=Let’s Encrypt/CN=R3’:
Issued certificate has expired.
To connect to SOME.HOSTNAME insecurely, use `–no-check-certificate’.

The quick fix, obviously, was to add the –no-check-certificat to the command line, which allows the download to go ahead, but what’s the root cause? My assumption was that the site owner had let an SSL certificate expire, but after it happened with a second site from the same date, I got suspicious. It turns out, Let’s Encrypt which is used by many websites for free encryption certificates previously had a certificate that expired on September 30 and which has been replaced by a new certificate but many pieces of software don’t retrieve the new certificate. That’s because it’s signed with a new root certificate that a lot of older software don’t trust yet. They need an updated of the root certificate store.
In my case, running

sudo yum update

would update the ca-certificates package and that allowed wget to trust the new certificate.
Please see these links for more information:

Sept. 30, 2021: Will we see trouble with old Let’s Encrypt certificates? (Born’s Tech and Windows World)
Certificate Compatibility (Let’s Encrypt)

Will Japan be Vaccinated by November?

Posted on 2021-06-10 by Joe Wein

“I want vaccines to have been given to all residents who want to receive them by the October-November period,” Japanese prime minister Suga Yoshihide said in a parliamentary debate on Wednesday, June 9, 2021. He also estimated, the grand total of doses could “exceed at least 40 million by the end of this month.”

As of June 8 the count on the Prime Minister’s Office (Kantei) website stood at 19.4 million doses, so to hit 40 million doses by the end of June requires a little more than 900,000 a day (20.6 m doses in 22 days). From the published numbers it looks like we may already be in that vicinity for the daily rate.

Even though the number of doses per day for residents age 65 and above (“koreisha”) for the most recent date added is still coming in at under 500,000 the day it’s released, but many of the local counts arrive delayed. The daily counts will later increase through daily retroactive updates. By the time all numbers for a given date have trickled in over the course of several weeks, the total often doubles. For example, the May 30 “koreisha” total was originally released as 200,187 but within 10 days it had grown to 405,165.

Let’s do a quick back of the envelope calculation to see if the projection for vaccinating all adult residents of Japan who want to get vaccinated by the end of November is realistic.

If they hit 40 million doses by end of June (which as I mentioned above requires an average of 900,000 doses a day until then) and we take a figure of 110 million adults of a a population of 126 million: assuming 80 percent of them would opt to get vaccinated, we end up with 88 million people times two doses per person, i.e. 176 million doses. Subtracting 40 million done by the end of June leaves 136 million doses to be injected between July and November (5 months). Divide the total by the roughly 150 days and it becomes clear that if they maintain about 900,000 a day for the next half a year they will indeed be done by the end of November.

However this ignores that the vaccinations are proceeding at vastly different speeds in different cities and prefectures. All things staying the way they are, once the most efficient places are done (which would happen before November) and only the laggards remain in the race, the 900,000 a day average would no longer be sustained. So the key will be to speed up the places that are lagging behind others right now.

How realistic is the 900,000 a day goal if daily vaccine counts still pop up on the Kantei website at less than 500,000? What’s the real number right now?

We can make a rough guess of what percentage of the actual daily vaccinations are represented in the initial count that gets published for a given date by looking at past data.

For example, the count for June 9 published today (June 10) for 65+ is 474,484. The actual number is likely to be over a million, as I’ll explain below. The published number is a partial count, as only about 50 percent of the vaccinations are reported via VRS (Vaccine Recording System) within one day. The rest arrives later. Another 10 percent or so arrive the next day, then another 5 percent, etc, etc until we get to over 99 percent of the total after a month or so.

I looked at the 28 days ending on June 8 and how they had changed on June 10 vs. June 9 in the Excel spreadsheets. They increased by factors of 1.0015 to 1.1845. Multiplying all these increases by each other to get the cumulative 28 day growth yields a factor of 2.27.

I repeated the same exercise for one day earlier, i.e. 28 days ending on June 7 and their change between June 9 vs. June 8. The daily increases range from 1.0058 to 1.1885. Multiplying 4 weeks’ worth of increases gives a factor of 2.47.

If we apply the lower of these factor values to today’s addition, on the assumption that the spread of what percentage of reports comes in after how many days is consistent, that would suggest an actual figure of 1.08 million vaccinations of residents 65+ done yesterday whose total count will be known by July 7 (after 28 days of reports still arriving). That’s on top of another 160,000 or so vaccinations of healthcare workers, by the way.

While it’s disgraceful that we have to figure out the state of the campaign so indirectly (because of a broken IT system built using 385 million yen of our taxes), this exercise at least gives us a good guess of how things are really going.

On that basis I’d say the government’s outline is plausible: Japan is likely to reach a goal of 40 million doses deployed by the end of June and full vaccination of willing adults by the end of November.

Vaccination Progress in Japan

Posted on 2021-06-01 by Joe Wein

Hydrangea in bloom in Setagaya, Tokyo

The City of Setagaya (東京都世田谷区) has announced the dates when vaccination will be expanded beyond the current group 2 (residents aged 65 and above). Between June 15-19, coupons will be mailed to group 3 which includes:

people with existing medical conditions
people aged 60-64 (anyone born no later than March 31, 1962)
people working in elderly care

Group 1 were the health care workers, if you are wondering!

Currently about half a million vaccinations are happening in Japan per day, about 2/3 of them aged 65 and above, 1/3 health care workers. As of Friday, 2021-05-28, over 92 percent of healthcare workers had received at least one shot and over 60 percent had received both. That leaves them only about 350,000 shots short of full coverage for first shots. About 1.55 million healthcare workers have only received one shot, so fully vaccinating them with a second shot in the next three weeks will be the bulk of the remaining vaccinations for this group.
Of the people aged 65 and above, 12.46 percent have received at least one shot and 0.86 percent have received both. Meanwhile the Olympics start in 52 days…

Setagaya also announced that more reservation slots would be opened at mass vaccination sites for people aged 65 and above, recommending people in that group who currently have dates in August to move them to July (i.e. cancel in August, make new reservation in July). This will then free up those slots for the next group.
This means there’s a good chance that both my wife and I (who were born before the March 1962 deadline for age 60-64) will get vaccinated in August.

In my last post I had pointed out that daily vaccination totals for healthcare workers and people above 65 was being handled differently. One set was being updated retroactively, the other set only once per listed date.

Basically, for healthcare workers the government publishes daily numbers (on weekdays, excluding public holidays) of the number of total shots given since the previous published total. That’s why numbers only get added for the final date, once a day. It is also why no vaccinations are listed on Saturday, Sundays and holidays — not because no healthcare workers were vaccinated on those days, but because no results are published on those days. Consequently, healthcare worker stats do not show how many healthcare workers were actually vaccinated on a particular day.

For people aged 65 and over, they precisely track the totals by the date the doses are used. So there are entries for Saturdays and Sundays, even though it may take until Tuesday for them to be listed on the website. Furthermore, unpublished counts of shots already given weeks ago are still finding their way to the Prime Minister’s Office and are then added. Here’s the total given for April 14, as listed on the day the numbers for a given recent date were also added:

May 18: 2,533
May 20: 2,666
May 27: 2,793
May 30: 3,078

A near 20 percent increase for vaccinations that already took place over a month ago is quite surprising, considering that vaccinations are tracked with Android tablets with software specifically developed for the purpose. How can a computer-based system be so slow? It actually makes fax machines look good by comparison (yes, they are still widely used here in Japan)!

4 m tall straw sandals in Chichibu
Sandal to virus: 'Covid, drop dead!'

Tracking Vaccination Numbers in Japan

Posted on 2021-05-19 by Joe Wein

The website of the Prime Minister’s Office in Japan (Kantei) is providing a daily update of vaccination progress in two categories: medical staff (doctors and nurses) and senior residents (age 65 and above).

To track these vaccinations, the government has issued tablet computers running software known as the Vaccine Recording System (ワクチン接種記録システム, VRS). It was developed by Milabo, a small privately held company founded in 2013. It describes itself as:

A start-up that provides child-rearing support services such as DX, immunization, health checkup, checkup scheduler, electronic maternal and child notebook, health center reservation system, mainly for local governments.

It had previously worked with the cabinet secretariat on the “MyNumber” personal ID system that assigns a personal identification number to every resident of the country. The budget for developing VRS was 385 million yen (about US$3.5 million).

The software in the tablets is used to scan bar codes and forms when people receive their vaccine doses. Theoretically this should allow the government to accurately track the progress being made.

However, the numbers published on the website keep changing even after they are published. For example, on Monday, May 17 the Kantei website listed a total of 69,526 doses (first and second doses) given to seniors on Monday, May 10 and 57,172 on Saturday, May 15. Two days later, on Wednesday, May 19 the numbers for those two days had been revised to 71,543 and 83,311 doses, respectively. That is an increase of 2.9 percent and 45.7 percent several days after publication.

What this suggests is that the software does not track the numbers and automatically uploads them to a government server at the end of the day (say, via a mobile data connection with a SIM card). Instead, there must be manual steps involved. Comparing the results published two days apart and looking back across 4 weeks worth of data, it turns out that daily totals still change after a whole month, for example by 46 doses from 2,533 to 2,579 for Wednesday, April 14 between May 17 and 19. I mean, really?

In rare cases the numbers have also decreased by 2 or 3 doses from the previously reported totals, which would be hard to explain by late reporting: the numbers should go up but not down! This could be cases were mistakes were made that made vaccination unreliable and so the cases were purged from the total.

The good news is that currently about 77 percent of healthcare workers have received at least one dose while 42 percent have received both doses. At the current pace of second doses it should take less than two weeks for all remaining healthcare workers to have received their first shots and three weeks after that anyone willing to get the first shot will have had their second shot too. For some strange reason, the healthcare worker counts seem unaffected by the late count updates and I don’t understand why.

One thing to look forward to is for the Moderna vaccine (mRNA-1273) to receive approval in Japan at the end end of this week. It is very similar to the Pfizer/BioNTech vaccine in terms of safety and efficacy. It has already been imported into Japan since the end of last month.

There are about 7 times more senior citizens than there are health care workers, so the number will have to increase much more. There should be enough vaccine by the end of June/early July to vaccinate about 36 million of them, but will the local governments be able to keep up with setting up vaccination sites? Each prefecture and city has been left to figure it out on its own. There is no national vaccination reservation system, each local government was left to build its own system. If the bottleneck is not vaccine supplies but organisation then the Moderna vaccine will not help all that much.

If Japan manages to vaccinate all its doctors and nurses by early June and most of its people aged 65 and above by the end of July, that still leaves about 70 million people to be vaccinated after that, with no date yet when this is expected to start and how long it is expected to take. It looks like a long road ahead to herd immunity and for life to return to normal.

Rescuing DVD-RAM Recordings from Obsolescence

Posted on 2021-02-02 by Joe Wein

I bought my first video camera more than 30 years ago. I went for Hi8, a higher resolution version of Video8, as opposed to VHS or VHS-C which was also popular at the time. Since then I have switched device and formats several times. There was always the worry that I would lose access to my recordings as devices able to read the old media become obsolete or die or the recording media themselves fail from old age. Losing irreplaceable videos of our kids when they were little is something I really didn’t want to experience. Here is a short summary of how I have been dealing with these challenges.

Hi8 (PAL) – early 1990s
I bough my first camcorder when I still lived in Germany so naturally it used the PAL standard (625 scan lines, 50 Hz). I did a lot of analog video editing using an S-VHS VCR, which could interface to the camcorder using S-Video cables. Even after I moved to Japan which uses the NTSC standard (525 scan lines, 60 Hz) I kept recording in PAL. A Samsung multi-standard recorder allowed me to record from the camcorder to NTSC VHS tapes. I also bought a multi-standard analog TV that could display PAL, SECAM and NTSC. However, for many years I just collected the Hi8 PAL master tapes in a cardboard box.
Along came Digital8, a successor to Hi8 that as the name indicates used digital recording but was backwards compatible with Hi8 and could play the old tapes. So eventually, as Hi8 camcorders were already becoming obsolete, I bought a second hand one off eBay when I was visiting Germany. It had an IEEE 1394 (Fireware) connector that made it possible to copy digital video to a computer equipped with that interface. I experimented with PCs with plug-in IEEE 1394 cards, but ultimately it was a Mac mini that allowed me to copy the old Hi8 PAL tapes to a hard disc using the German Digital8 camcorder, a Firewire cable and iMovie which was bundled with macOS. The output files were “.dv” files. Some tapes were difficult to load and took many tries before the camcorder would even play them, but I was largely successful.

Hi8 (NTSC) – late 1990s
When my kids started going to kindergarten I finally switched to a Japanese camcorder, still a Hi8 model but for the NTSC standard (US/Japan). Like with the PAL camcorder I saved all the tapes in a box. The Samsung multi-standard VCR developed issues and we bought a new S-VHS VCR equipped with a DVD drive. It supported DVD-R, DVD-RW and DVD-RAM, the latter with caddies (cartridges). It also supported S-Video. It was relatively easy to use the S-Video interface to copy from the Hi8 (NTSC) camcorder to double sided DVD-RAM media. About 2 hours of video would become one 4.2 GB file on DVD-RAM. I chose DVD RAM because it supposedly was more robust than DVD-RW (especially with the protective case), but as Blu-ray came along DVD-RAM became less and less common, with many DVD multi drives not supporting it any more. In 2008 and 2010 I made a stack of 6 double sided DVD RAM media that held video from 21 Hi8 NTSC tapes, but when the DVD section of the VCR died, I no longer had anywhere to play them.
This year I finally bought a USB 3.1 DVD drive that also supports DVD-RAM, though without support for caddies. I went for the BUFFALO DVSM-PTV8U3-BK/N (2180 yen, about US$21). It worked very well once I removed the DVD-RAM disks from their protective caddy. I hooked it up to a Windows 10 machine, plugging the two USB cables into different USB ports (USB 2.0 for power, USB 3.1 for data). I copied the entire folder structure on each side of the media to a separate new folder on the server hard disk. The actual video information on a DVD RAM disk is in a file called VR_MOVIE.VRO which is found inside a folder called DVD_RTAV. The open source VLC player will play this .vro file, as well as the .dv file captured on the Mac mini from the Hi8 recorder.

MPEG (NTSC) hard disc recorder – 2000s
After the various Hi8 recorders I moved from tape to a hard disk based camcorder, a Toshiba Gigashot GSC-R30. This used a Toshiba-made 1.8″ notebook hard disk. It also had a USB 2.0 interface and could be connected to any PC. The MPEG files would play on any MPEG player with support for its audio codec, including VLC. Therefore backing up and preserving these videos was pretty painless.

Smartphones – 2010s and beyond
The Toshiba GSC-R30 was the last camcorder I ever bought. Occasionally I still shot video on my Nikon D3300 DSLR camera, but mostly I moved on to mobile phones which may not have had an optical zoom or as much recording capacity, but they were always in your pocket and so easy to use and the quality improved with each generation.

Don’t lose your media!
If you value the images and videos you recorded over the years, make sure to migrate them to recording media that you can access for years to come and keep doing that. Also make sure you have backups. Tapes, DVDs, hard disks and SSDs will all become unreadable at some point. Don’t keep irreplaceable files on one laptop and hope that it will work forever because it won’t. At the very least, buy a USB drive and make a backup copy. Even better, buy another USB drive, make another backup copy and give it to someone else in your family. It’s better to have your valuable data saved in more than one place.
I am a great fan of the VideoLAN VLC media player. You can throw just about any video or audio format at it and it will be able to play it. I highly recommend it! 🙂

Rakuten Mobile and Google Pixel 3 / Pixel 3a

Posted on 2020-10-20 by Joe Wein

In mid-2019 the time came to change my mobile phone contract. For some reason mobile phone carriers in Japan do not want to reward your loyalty if you stick with them beyond the initial contract period and instead stiff you through higher prices or reduced discounts once the contract renews after 24 or 25 months. To me that’s just stupid, but anyway that’s how I had ended up with a Softbank Mobile contract and a new Google Pixel 3a after two years with UQ Mobile.

Now Rakuten Mobile had entered the ring to challenge the big three operators (docomo, au and Softbank), offering their “Rakuten UN-LIMIT V” which is free for 12 months for the first 3 million customers and has no penalty for cancelling after that. On paper it’s an offer with which you can’t loose. Rakuten’s network is still being built up from scratch, but the company has a roaming deal with au to give sufficient coverage until then. The plan includes 5 GB of data per month in the roaming area as well as 2 GB per month in 66 countries abroad (most of the destinations for international business travelers). I was willing to give it a try, even though they did not explicitly guarantee an unlocked Google Pixel 3a would work with their network. But we’re talking about Google, right? This is a trillion dollar company making some of the best phones outside of Apple and responsible for the operating system running on 3 out of 4 smartphones worldwide.

So I took the leap of faith and applied for MNP (mobile number portability) from my old carrier. Then I applied for “Rakuten UN-LIMIT V”. A few days later an envelope arrived from Rakuten Mobile with a new SIM card. When I activated the new SIM, the old Softbank SIM was disabled and the phone lost network access. I followed the printed instructions for swapping the SIM card but no joy: The new SIM card didn’t start working. Even after I manually selected the new APN (it wasn’t activated by default), the phone did not receive a phone number and there was no mobile data access, only WiFi. I googled the problem and found some blog posts with work-arounds that only work on Rakuten’s own network, not the roaming areas. Even so, I couldn’t make it work. My Pixel 3a didn’t even see any Rakuten network in the area where I live, densely populated Setagaya in Tokyo. I even tried the Rakuten SIM in my other phone, a Pixel 3 purchased off Amazon in the US. Same problem, no data. I called support and they told me what I already knew, that the Google Pixel 3 and Google Pixel 3a are not on their supported list. The list of supported devices for the Rakuten UN-LIMIT V service mentions the Google Pixel 4, Pixel 4 XL and Pixel 4a but no Pixel 3 or 3a. For Rakuten with Docomo lines or au lines they list the Docomo Pixel 3a as the only compatible device from Google.

Rakuten Mobile support told me I could either buy a different phone or transfer the number to another provider or give up the number altogether.

So I requested an MNP number from Rakuten Mobile (3000 yen + tax) to move on and applied for a voice + data SIM from a Mobile Virtual Network Operator (MVNO). Three days later I had that SIM in my mailbox. I plugged it in, followed the phone-based activation procedure and 10 minutes later had a working phone again, with voice, SMS and 3 GB of data for 1600 yen a month + tax.

I really hope Rakuten will get its act together. The Japanese oligopoly of docomo, au and Softbank with difficult to understand but ultimately overpriced plans needs some real competition. But if they are serious, how can they not support Google’s flagship phones? Rakuten blew a one time chance to gain a loyal customer. Meanwhile I’m happy with IIJmio, the service I signed up for.

Archiving/Exporting Skype Chats

Posted on 2019-09-14 by Joe Wein

Many long time Skype users have been unhappy how the service has changed over the years, especially after the company was acquired by Microsoft. I am one of them.

Starting out as a fairly powerful, secure and private peer-to-peer network, Skype gradually mutated into a client-server product with limited privacy and significantly reduced functionality and performance.

Every now and then I used to make backups of important Skype chats, so I would have the information available for future reference. This used to be doable with copy and paste, but that no longer works. Skype then offered a function to export the chats to a file, for viewing with a viewer.

In late 2017 that chat export functionality was removed from the macOS client in the upgrade from version 7 to version 8. Everything typed in chats after that upgrade no longer gets tracked on the client side but ends up on the server, where of course it is no longer private. According to Microsoft, the chat archives going back as far as April 2017 will be maintained until you delete them.

Skype chat archives after April 2017

To download chat archives, log into your Skype account from a browser using this link:

https://go.skype.com/export

Select what you want to download and click “Submit request”. You will be notified once an archive of the chats is ready for download. Alternatively, you can go back to above export link to check manually. Once you download and extract the archive, there’s a Javascript viewer for it.

Skype chat archive until 2017

For older chats, the macOS Skype client has an option to export the locally saved chats. Go to:

Setting / Messaging / Export chat history from Skype 7.x

Pixel 3a: “Analogue audio accessory detected. The attached device is not compatible with this phone”

Posted on 2019-09-05 by Joe Wein

Three months ago my wife and I both changed our local smartphone plans and changed to a Google Pixel 3a.

Within a week she had a problem where her phone would suddenly shut down when the battery still had 50-60% charge left, while doing nothing. This even happened after the phone had been factory reset, with no third party apps installed. It took a few weeks before Softbank Mobile replaced the phone under warranty.

Now it’s my turn it seems. Recently I would find the phone with less than 50% of battery left in the morning when I had left it hooked up to the charger (so it should have been at 100%). I would reconnect the phone but it would not show the charging symbol. I then tried different cables and chargers and also rebooted the phone. Eventually it would charge again.

Today it showed the following error:

Analogue audio accessory detected. The attached device is not compatible with this phone

Nothing was plugged into its headphone socket or into the USB C port. There was no analog audio device connected. I googled the problem and most results suggested it was a problem with the USB C port. That makes sense, since it would explain both the charging issues and the audio warning, as one can plug an analog device into the USB C port via an adapter.

Other results suggested a factory reset may get it working again, but that did not work for me. After the factory reset I could charge the phone with the charger from my earlier Nexus 6P and a USB C cable when powered off. However, after I powered it up and started the system restore, it no longer charged from either that charger or from the Pixel 3a charger or a Pixel 3 charger. The problem was back.

Time to take it back to the Softbank Mobile shop, I guess 🙁

Needless to say, I am not impressed with a 2/2 failure rate for our Pixel 3a phones so far. The Pixel 3a was great while it worked. The picture quality seems as good as for its more powerful sibling, the more expensive Pixel 3 and battery life was decent too. But that is all meaningless if it randomly shuts down or you can no longer charge it.

UPDATE: Softbank Mobile sent the two months old Pixel 3a in for testing and repair. A couple of days later they quoted almost 20,000 yen (US$190) for the repair of the unspecified damage, which they said would not be covered under warranty 🙁

Outlook Express Error 0x800CCC0B and the End of TLS 1.0 (Deprecated SSL Protocol)

Posted on 2018-07-04 by Joe Wein

Microsoft Outlook Express (OE) is an obsolete mail client that was available in Microsoft Windows XP, Windows 2003 Server and older Microsoft operating systems. It was no longer available on Windows Vista and later, though Windows Live Mail is relatively close in user interface and appearance.

Despite being obsolete and only working on operating systems no longer supported or updated by Microsoft, it still has some users who prefer its simple but powerful user interface. Some of those users will have had a frustrating experience recently, when various mail servers stopped working for outbound mail in OE. Specifically, these are mail servers that use SSL on submission port 465 or 587 for SMTP.

Secure Socket Layer (SSL) is a mechanism for encrypting data between a client and a server. You may know it from website URIs starting with “https:” and web sessions displaying a padlock symbol next to the URI. There are various protocol versions that can implement this encryption layer. One of these, TLS 1.0 which was conceived in 1999, has now been officially deprecated (made officially obsolete) as of the end of June 2018. Software now has to use more recent protocols, such as TLS 1.1, TLS 1.2 or the recently defined TLS 1.3.

Unfortunately, TLS 1.0 is all that OE will speak. It does not understand TLS 1.1 or later. Therefore it can not pick up mail from a POP server using SSL on port 995 or an IMAP server on port 993 or send mail to an SMTP server on port 465 (or 587) with SSL enabled.

Workaround
The only workaround I am aware of (other than switching to a more modern mail client) is to use Stunnel, a tool for Windows or Linux that acts as a proxy. You can configure it to establish an SSL connection to a given host and port when a connection to a given local port is made. Thus you could configure OE to connect to port 9465 on the machine running Stunnel, which might then connect via SSL to smtp.example.com:465 using a more modern TLS version supported by Stunnel (but not directly by OE).

Example
Let’s say Outlook Express was configured to submit outbound mail to smtp.outboundmailserver.com, port 587 via SSL/TLS. This is our SMTP server. Once this server refuses to allow TLS 1.0 connections, Outlook Express will no longer work. Let’s say we also have a simple Linux server mylinuxserver.com. This could even be something like a Raspberry Pi single board computer booting off flash memory. It can run on a local IP in our LAN, if you don’t need to have access from outside your building (OE running on a desktop). On this server we install the stunnel package:

sudo yum install stunnel

Please read the documentation on how to enable the service and have it auto-start when the Linux server reboots.

Next we configure stunnel to act as a client on our behalf and configure it to accept TLS 1.0 connections from us and forward them to the real POP3, SMTP or IMAP server using the latest TLS on our behalf. We will create lines like these in /etc/stunnel/stunnel.conf:

client = yes

;cert = /etc/pki/tls/certs/stunnel.pem
;sslVersion = TLSv1
;chroot = /var/run/stunnel
;setuid = nobody
;setgid = nobody
;pid = /stunnel.pid
;socket = l:TCP_NODELAY=1
;socket = r:TCP_NODELAY=1

[smtp-outboundmailserver]
accept = 1587
connect = smtp.outboundmailserver.com:587

Create other entries for the services that you need TLS support for and restart the stunnel service. Then reconfigure Outlook Express to access the Linux host and the port number listed with “accept = ” in place of the original server that refused your Outlook Express TLS 1.0 connection. You should be good to go!

Long term you will still need to migrate to another mail client such as Thunderbird, Windows Mail or OE Classic, but this workaround will buy you some time for that.

Joe Wein's blog

Comments from Tokyo, Japan

Category Archives: software