Outlook Express Error 0x800CCC0B and the End of TLS 1.0 (Deprecated SSL Protocol)

Microsoft Outlook Express (OE) is an obsolete mail client that was available in Microsoft Windows XP, Windows 2003 Server and older Microsoft operating systems. It was no longer available on Windows Vista and later, though Windows Live Mail is relatively close in user interface and appearance.

Despite being obsolete and only working on operating systems no longer supported or updated by Microsoft, it still has some users who prefer its simple but powerful user interface. Some of those users will have had a frustrating experience recently, when various mail servers stopped working for outbound mail in OE. Specifically, these are mail servers that use SSL on submission port 465 or 587 for SMTP.

Secure Socket Layer (SSL) is a mechanism for encrypting data between a client and a server. You may know it from website URIs starting with “https:” and web sessions displaying a padlock symbol next to the URI. There are various protocol versions that can implement this encryption layer. One of these, TLS 1.0 which was conceived in 1999, has now been officially deprecated (made officially obsolete) as of the end of June 2018. Software now has to use more recent protocols, such as TLS 1.1, TLS 1.2 or the recently defined TLS 1.3.

Unfortunately, TLS 1.0 is all that OE will speak. It does not understand TLS 1.1 or later. Therefore it can not pick up mail from a POP server using SSL on port 995 or an IMAP server on port 993 or send mail to an SMTP server on port 465 (or 587) with SSL enabled.

The only workaround I am aware of (other than switching to a more modern mail client) is to use Stunnel, a tool for Windows or Linux that acts as a proxy. You can configure it to establish an SSL connection to a given host and port when a connection to a given local port is made. Thus you could configure OE to connect to port 9465 on the machine running Stunnel, which might then connect via SSL to smtp.example.com:465 using a more modern TLS version supported by Stunnel (but not directly by OE).

Let’s say Outlook Express was configured to submit outbound mail to smtp.outboundmailserver.com, port 587 via SSL/TLS. This is our SMTP server. Once this server refuses to allow TLS 1.0 connections, Outlook Express will no longer work. Let’s say we also have a simple Linux server mylinuxserver.com. This could even be something like a Raspberry Pi single board computer booting off flash memory. It can run on a local IP in our LAN, if you don’t need to have access from outside your building (OE running on a desktop). On this server we install the stunnel package:

sudo yum install stunnel

Please read the documentation on how to enable the service and have it auto-start when the Linux server reboots.

Next we configure stunnel to act as a client on our behalf and configure it to accept TLS 1.0 connections from us and forward them to the real POP3, SMTP or IMAP server using the latest TLS on our behalf. We will create lines like these in /etc/stunnel/stunnel.conf:

client = yes

;cert = /etc/pki/tls/certs/stunnel.pem
;sslVersion = TLSv1
;chroot = /var/run/stunnel
;setuid = nobody
;setgid = nobody
;pid = /stunnel.pid
;socket = l:TCP_NODELAY=1
;socket = r:TCP_NODELAY=1

accept = 1587
connect = smtp.outboundmailserver.com:587

Create other entries for the services that you need TLS support for and restart the stunnel service. Then reconfigure Outlook Express to access the Linux host and the port number listed with “accept = ” in place of the original server that refused your Outlook Express TLS 1.0 connection. You should be good to go!

Long term you will still need to migrate to another mail client such as Thunderbird, Windows Mail or OE Classic, but this workaround will buy you some time for that.

Acer One D260 system restore

The hard disk in my wife’s Acer One D260 netbook got damaged. A new hard disk is about a quarter the price of a new netbook, so I wanted to install a new drive. Like with most PCs these days there aren’t any Windows install DVDs included.

The netbook came with Windows 7 Starter, which we needed to somehow install on the new hard disk. Fortunately, the damaged hard disk was still limping along enough to use the Acer eRecovery system to create two Recovery DVDs. These should allow restoring the initial system state to a hard disk in the machine, wiping all the data on the drive.

To replace the hard disk, I had to undo seven clips around the edge of the keyboard, lift off the keyboard and disconnect the keyboard ribbon cable to the motherboard connector. Then I needed to undo 4 screws underneath and push through, to pop out the cover on the bottom of the machine. This opened access to the single memory slot and drive cage.

The 1 GB memory module on the motherboard can be replaced with a 2 GB PC3-8500 1066MHZ DDR3 module available for about $20. This is a wortwhile investment and I already have the module on order.

I replaced the damaged 250 GB WD Scorpio Blue drive with a spare 500 GB drive (available new for about $60-$80). Then I closed the cover and reinstalled the screws and then the keyboard.

With the new drive it was possible to boot off the first Recovery DVD using a USB DVD drive. The eRecovery software copied data from both DVDs to the hard disks and then rebooted. However, that reboot failed because the new drive did not yet have a Windows Master Boot record (MBR) on it. You can install an MBR from within Windows, but not from the bootable eRecovery DVD. So I had a chicken and egg problem.

I overcame this hurdle by booting off a Ubuntu Live DVD (32 bit), installing the ‘lilo’ package and telling it to install the Linux equivalent of Microsoft’s MBR code:

sudo apt-get install lilo
sudo lilo -M /dev/sda mbr

At the next attempt to boot off the hard disk, Windows started installing its components and drivers and launched into its initial configuration, just like the first time we had unboxed the machine more than two years ago. So we are back to a working Winmdows 7 machine!

Thank you, Linux — you saved my day again! 🙂

Upgrading to a Western Digital WD20EFRX hard disk

All hard disks will die, sooner or later. They only way to avoid that is to retire a drive early enough. Often I upgrade drives because I run out of disk space, and migrate the data to a bigger drive. However, this times it looks like one of my drives is about to die.

Over the last couple of months, one of my PCs that is processing data 24/7 has been seizing up periodically, so I was starting to get suspicious about its hard drives (it has two of them). This week the Windows 7 event viewer reported that NTFS had encountered write errors on the secondary drive. It’s a Samsung SpinPoint F2 EG (Samsung HD154UI, 1.5 TB) which basically has been busy non stop for over three years.

I installed smartmontools for Windows and it showed errors:

1 Raw_Read_Error_Rate 0x000f 099 065 051 Pre-fail Always - 5230
13 Read_Soft_Error_Rate 0x000e 099 065 000 Old_age Always - 5223
187 Reported_Uncorrect 0x0032 100 100 000 Old_age Always - 12379
197 Current_Pending_Sector 0x0012 099 099 000 Old_age Always - 24

“Reported_Uncorrect” are fatal errors and “Current_Pending_Sector” are bad sectors the drive wants to replace with spare sectors as soon as it can. Neither is a good sign. So I have ordered a new drive, started a backup to another machine and will replace the drive with a new disk that I have ordered from Amazon.

The new drive is a 2 TB Western Digital WD20EFRX, which is part of WD’s “Red” series. These drives are specifically designed for 24/7 operation (as opposed for 8/5 office computers). The drive is 0.5 GB bigger, which is just as well as the old drive was getting close to filling up. Gradually I will be moving my processing to an Ubuntu server, which I already use as my main archive machine with a RAID6 drive array.

VIA PC3500 board revives old eMachines PC

Last September one of my desktop machines died and I bought a new Windows 7 machine to replace it. Today I brought it back to life again by transplanting a motherboard from an old case that I had been using as my previous Linux server. The replacement board is a VIA MM3500 (also known as VIA PC3500), with a 1.5 GHz VIA C7 CPU, 2 GB of DDR2 RAM and on-board video. It still has two IDE connectors as well as two SATA connectors, allowing me to use both my old DVD and parallel ATA HD drives, as well as newer high capacity SATA drives.

After the motherboard swap I had to reactivate Windows XP because it detected a major change in hardware. Most of the hardware of the new board worked immediately, I could boot and had Internet access without any reconfiguration. When I started with the new machine. I just had to increase video resolution from the default 640×480 to get some dialogs working.

I then downloaded drivers for the mother board and video from the VIA website. I now have the proper CN896 (Chrome IGP9) video driver working too.

When I tested the board as a server with dual 1 TB drives (RAID1), it was drawing 41W at idle. Running in my eMachines T6212 case with a single PATA hard drive it draws 38W at idle.

Before removing the old motherboard I made a note of all the cable connections on both motherboards. The front-mounted USB ports and card reader have corresponding internal cables, which connected to spare on-board USB connectors. The analog sound connectors connect to the motherboard too. The only port at the front left unconnected was the IEEE-1394 (FireWire / iLink) port, which has no counterpart on the VIA board.

It feels great to have my old, fully configured machine with all its data and applications back thanks to a cheap motherboard that works flawlessly.

Epson PM-A950 under Windows 7 64bit

Earlier this month, an old eMachines T6212 bought in April 2005, a humble single core 1.6 GHz Athlon64 that had served me faithfully for more than 5 years, finally died. So two weeks ago I bought an Acer Aspire ASM3910-N54E, a Core i5-650 machine with 4 GB of RAM (max. 8 GB) and a 640 GB hard disk. It came with Windows 7 Home 64bit.

I replaced the C: drive with a 1 TB drive and added another 1.5 TB drive that I previously used in a USB-enclosure. I am using the on-board video with dual 1280×1024 monitors (Dell 1905FP), hooked up via an analog VGA cable and a digital HDMI-to-DVI cable.

The best thing I can say about Windows 7 is that it’s not as bad as Vista. I wish I could have stuck with Windows XP, but at least Windows 7 doesn’t get in the way as much as Vista did. It feels a bit more like Mac OS X, if that is what you like. It’s going to get more and more difficult to get drivers for new hardware that still support XP, but on the other hand older hardware may have problems working with Windows 7, for example my old Logitech QuickCam Zoom is not supported by Windows 7.

Epson PM-A950 printer driver

Today I tried to print from the new machine for the first time and found I needed a new printer driver for my almost 4 year old Epson PM-A950 USB printer/scanner. Though Microsoft’s documentation states that the printer is supported by Windows 7 out of the box, it will do so only using a generic Epson printer definition which probably will not support all the functionality. So I searched the Epson Japan website and found these two drivers (the 64bit version worked fine for my version of Windows 7):

  • Windows 7 32bit / Windows Vista 32bit / Windows XP / Windows 2000:
  • Windows 7 64bit / Windows Vista 64bit / Windows XP x64 Edition:

Energy efficiency

So far I’m very happy with the new machine. The machine draws about 40W when idle, considerably less than its less powerful predecessor (69W). The lastest Core i3 and Core i5 machines are very energy efficient. My i5 actually did better than a VIA MM3500 (1.5 GHz single core VIA C7). The only x86-compatible machines I have that beat the i5 on power usage at idle are either notebooks or are desktops built using notebook chipsets (i.e. the Mac Mini).

RsyncServer not started because pid file rsyncd.pid exists

I had a scary experience today because one of my Windows PCs “blue screened”, i.e. it crashed. While the “Blue Screen of Death” was fairly common in Windows 95 and 98, it is unusual to see it on any healthy machine running Windows 2000, XP, 2003 or 2008 Server, Vista or Windows 7.

Since the CPU fan of the machine had been running faster than normal recently, I had already suspected it of dust buildup in the CPU heat sink and when I opened up the machine, my suspicion was confirmed. I pulled out some dust and vacuumed the machine before starting it up again.

The machine booted normally and the fan was quiet, but I got alerts from another machine that it could not connect to the Rsync server of the restarted machine. I use an Rsync service for Windows to synchronize data updates between various machines. The service was shown with startup mode “Automatic”, which means it should start whenever Windows is booted, but it was not showing as “Started”. Looking into the log file at “C:\Program Files\ICW\rsyncd.log” I found several of these error messages, one each for every restart I had performed after the crash:

2010/05/08 15:37:45 [2128] rsync: failed to create pid file rsyncd.pid: File exists (17)
2010/05/08 15:37:45 [2128] rsync error: error in file IO (code 11) at clientserver.c(985) [receiver=3.0.6]
2010/05/08 15:52:32 [2120] rsync: failed to create pid file rsyncd.pid: File exists (17)
2010/05/08 15:52:32 [2120] rsync error: error in file IO (code 11) at clientserver.c(985) [receiver=3.0.6]
2010/05/08 16:11:13 [2644] rsync: failed to create pid file rsyncd.pid: File exists (17)
2010/05/08 16:11:13 [2644] rsync error: error in file IO (code 11) at clientserver.c(985) [receiver=3.0.6]

Probably the sudden crash had prevented the Rsync service from deleting its pid (process ID) file, as it normally does when it is shut down orderly.

After I deleted “C:\Program Files\ICW\rsyncd.pid” I was able to start the service and the other machine could connect to it and synchronize with it properly.

Hopefully the machine will keep running reliably again now that the heat sink is clean again. I will keep checking it for dust buildup at least monthly now that the summer months are approaching.

Acer Revo R3600 and other dual core Atom 330 NVidia Ion nettops

The new Acer AspireRevo R3600 (Acer AspireRevo R3610-U9012) that combines a dual core Atom 330 processor with the Nvidia Ion platform was introduced at the IFA consumer electronics fair in Berlin in September. It is just one of several interesting new nettops coming out now that will offer significantly more processing power, especially for video decoding, while still using little electricity.

Low cost, low power Atom CPUs in small desktop cases (nettops) such as the Asus EeeBox 202 first became popular about a year ago, following in the footsteps of their mobile cousins, netbooks such as the Asus Eee PC range. The latest generation of machines are adding new features and more performance, which will expand the market for low end machines.

Other machines with similar specs to the AspireRevo (dual core Atom 330, NVIDIA Ion chip set and 2 to 4 GB of RAM) include the Asus EeeBox EB1012, the ASUS EeeBox EB1501, the ASRock Ion 330 / Valore ION 330 and the Zotac MAG HD-ND01. In addition, people are building their own low power Atom 330 NVIDIA ION desktops based on mini ITX motherboards such as the ZOTAC ION ITX A Series or the ASUS AT3N7A Atom 330 motherboard and small cases such as the M350.

So what makes this latest bunch of machines so interesting?

First, they use the dual core version of the Atom, the 330 which will speed up multi-tasking as well as single applications that are multi-threaded (click here for a table comparing performance of the N330 to other CPUs).

Second, they abandon the rather pedestrian Intel 945GC chip set (which is basically a four year old design by now) and replaced it with the NVidia GeForce 9400 chip set (Intel Atom + NVidia 9400 = NVidia Ion). The new chip set not only supports DirectX 10 for Windows Vista and Windows 7 but also hardware decoding of digital video. This dramatically reduces the CPU load in software video players that take advantage of it, so that even a humble Atom CPU can keep up with high definition 1080p video streams.

Video performance may have been less of an issue on small netbooks with tiny 1024×600 pixel screens and lacking optical drives, but nettops and other desktops are more likely to use 20 inch screens and bigger that lend themselves well to watching video clips and movies.

Still, NVidia Ion is not a perfect solution for video yet. Amongst others, high definition Adobe Flash videos currently may still have problems because Adobe does not yet take advantage of decoding hardware even if present. For now, only Core 2 and other faster CPUs can cope with all video formats with all software, but Adobe has announced support for hardware decoding for Flash video before the end of the year, at least for the Windows version of Adobe.

NVidia Ion is also much more energy efficient than the Intel 945 GC Express chipset that was used in some earlier Atom nettops. While the Mobile 945 chipset used with single core Atom N270 netbooks (945GSE) is reasonably efficient, the desktop version of the 945 chip set used with the single core Atom N230 and dual core Atom 330 burns more than 20 Watt, over 5 times as much as the modest 4 Watt of the Atom 230 itself and 2 1/2 times as much as the 8 W of the 330. In fact the 945GCE is so inefficient that the cooling fan on the first Intel Atom desktop board had to be mounted on the 945 chip, not the N230 CPU which could be cooled with a passive heat sink alone. Less power than a conventional desktop means not only a lower electricity bill and a smaller carbon footprint, it also means less fan noise and heat.

A dual core Atom with the Ion chip set will actually consume less power than a single core N230 with the 945GC chip set (see GeForce 9400M Versus 945GC – Review Tom’s Hardware : Nvidia’s Ion: Lending Atom Some Wings for a full comparison of the two chip sets).

Another major benefit of the NVidia chipset is that it supports up to 4 GB of RAM while the 945GC and 945GSE are limited to 2 GB even though the Atom was capable of more. This limitation didn’t get much attention before because most Atom machines were shipped with Windows XP, which Microsoft did not allow to be bundled with machines that had more than a single GB of RAM, even though most of these machines could be upgraded to 2 GB by the user. However, if you add a 2 GB DIMM to a 945GSE board that already has 512 MB installed and one free slot, you will still only have 2 GB available, not 2.5 GB. The Ion removes this artificial barrier. Also, Ion boards typically have two DIMM slots while many 945 boards have only one. More memory is welcome because it often means less disk swapping, with a direct boost to performance. Ion offers better memory bandwidth too, which does help when both the CPU and the video chip have to share access to the main memory.

Most Ion boards have 3 internal SATA connectors and also one eSATA connector, while 945GC boards tend to have only two SATA and no eSATA ports. Having an eSATA port is great for using an external drive such as a Blue-Ray disk player or a an external hard disk subsystem such as the Guardian MAXimus external RAID-1 solution to provide robust Network Attached Storage (NAS) via a network-connected Ion machine. Ion nettops also tend to offer HDMI (a digital video link to digital TVs and monitors) and S/PDIF (digital multi-channel audio). Most have 6 or 8 USB ports and draft-N WiFi (802.11b/g/n). On top of that both 945GC and Ion support Gigabit Ethernet.

I’ve been checking online retailers for actual availability of the dual core Ion machines, but things have been moving slowly. I wonder if manufacturers have been holding back until after the Windows 7 release date on Oct 22, to avoid upgrade hassles. Who knows? For example, newegg.com stocks the ASRock ION 330 NVIDIA ION (which comes without any operating system) and the single core AspireRevo AR1600-U910H (which comes with XP), but any of the 2 GB or 4 GB dual core machines that for now are supposed to ship with Windows Vista, are not available yet. Likewise, Amazon sells a 2 GB single core version of the AspireRevo with Linux or a 1 GB single core version with XP, but no dual core version of it at all yet. Whatever the reason, for now you still have to be patient.

Hopefully more machines will gradually start hitting the stores by November and I certainly expect them in volume before Christmas. With a dual core CPU and the superior NVidia chip set, these carbon-saving small desktop machines are becoming viable for many new purposes, whether running Windows XP, Windows 7 or Linux.

Memory upgrades for Lenovo S10e, Aspire M5201, eMachines T6212

Last month my Gateway GT4014j suddenly died and I replaced it with an Acer Aspire M5201, which came with 2 GB of memory installed. That was less than the 3 GB I had in the Gateway and it affected some very memory hungry apps I use. So three weeks later I did a memory upgrade – a series of upgrades to be more precise. I bought two sets of memory upgrades and upgraded three machines.

In my experience, most computers don’t become obsolete because of CPU clock speeds that are too slow but because either there is too little main memory (RAM) for newer, more demanding (i.e. more bloated) applications or because the machine runs out of disk space. The latter used to be more of a problem than it is now, because of the availability of external USB drives, but lack of RAM is still a problem.

Giving your computer enough memory usually is the best way to give it a performance boost because insufficient memory will result in disk swapping. Without enough memory your applications will spend more time waiting for data to get swapped to and from disk, which slows even the fastest CPU down to a crawl such that even a medium or low end CPU with sufficient RAM could run circles around it.

When Vista came out, many manufacturers still sold 512 MB configurations with Vista Home Basic, while advertising mainly the processor speed. Buyers would have been far better off picking a somewhat slower CPU but equipped with a whole GB of RAM. The same is basically still true today for 1 GB machines (usually with Vista Home Premium) vs. 2 GB machines: More main memory almost always beats more Gigahertz!

Back to my Aspire M5201: It has four DIMM sockets (2 banks) for up to 8 GB of memory (2GBx4), but unless you run a 64-bit operating system such as a 64-bit Linux, Vista 64-bit or (from 22 Oct 2009) Windows 7 64-bit, you can’t actually make use of more than 4 GB. Therefore I opted to go as far as 4 GB only for two 1 GB DDR2 PC2-6400 DIMMs from Crucial Technology (CT12864AA800, from Tsukumo.co.jp). They were 1,980 yen each (about US$22) including sales tax.

I also ordered one 2 GB DDR2 PC2-5300 SODIMM (CT25664AC667) for 3,800 yen (about US$42) for a Lenovo IdeaPad S10e. The S10e is a typical Atom N270 netbook with 1 GB of RAM. One 512 MB SODIMM base memory is soldered in while the other can be replaced with either a 1 GB or 2 GB SODIMM. You end up with 1.5 GB or with 2 GB (not 2.5 GB because the 945 GSE chip set is not capable of addressing more than 2 GB of total memory). The Intel Atom itself supports up to 4 GB, which is why nettops with the NVIDIA Ion chip set such as the Acer Revo 3600 can handle up to 4 GB of RAM. The memory upgrade went very smoothly, especially the netbook. The Acer Aspire M5201 (AMD 780G chip set) now shows 3.75 GB of RAM in Windows while the Lenovo shows 1.99 GB.

Encouraged by that I removed the 1.5 GB of DDR DIMMs from my 2005-vintage eMachines T6212 and transplanted the 3 GB of DDR DIMMs (1 GB x 2 and 512 MB x 2) from the dead Gateway GT4014j to it. DDR memory was superseded by DDR2 3 years ago, but now that old machine that originally came with 512 MB shows 2.75 GB of memory in Windows.

If you’re not sure what memory is right for your machine or how much memory you can fit, Crucial have a convenient Memory Finder application that will figure it out for you.

IPv6 with DD-WRT router and Hurricane Electric

Last weekend I got IPv6 working on my US$60 router, allowing all my machines here to talk IPv6 to the outside world. That includes an Ubuntu Linux server, 4 PCs and one Mac.

The biggest incentive for upgrading to IPv6 is the fact that at the current pace we’ll run out of (IPv4) IP addresses in about two years. These are the unique host addresses (usually written in dotted decimal format like that identify client and server computers on the Internet. The newer IPv6 standard that replaces 32-bit addresses with 128-bit addresses will forever take care of this shortage. It will also do away with the primary need for Network Address Translation (NAT) which has been a big headache for voice over IP (VoIP) and other peer to peer applications.

However, over a decade after the introduction of the newer standard (in 1997), uptake is still slow. Many ISPs still don’t support IPv6 and neither does a lot of the equipment used at homes and offices. This is gradually starting to change. IPv6 is an integral part of modern operating systems such as Linux, Mac OS X, Windows 7, Windows 2008 Server, Windows Vista, Windows 2003 Server and Windows XP (where it’s optional).

If your ISP does not support IPv6, you can still use it by employing the services of a tunnel broker, which gives you IPv6 connectivity over an IPv4 tunnel. This lets you test your software with the new APIs, though you won’t gain native IPv6 performance. If you have a static IP you can use tunnelbroker.net by Hurricane Electric, Inc. Their service is professionally run and free. Another option is SixXS, but I have not tried them.

My router is a Buffalo WHR-HP-G54, which is compatible with the Linux based open source DD-WRT firmware. Recent versions of DD-WRT have IPv6 support. My first attempt with the v24 sp1 std build which is supposed to include IPv6 was unsuccessful, but I had more luck after trying the v24 10070 crushedhat version (dd-wrt.v24-10070_crushedhat_4MB.bin). Here’s what you do:

  • The following instructions assume that your WHR-HP-G54 router is running open source DD-WRT firmware. If your router is still running the default firmware, install DD-WRT v24 sp1 mini generic (SVN build 10020, 27-July-2008) on it. See my blog post on the WHR-HP-G54 with DD-WRT for detailed instructions. The WHR-HP-G54DD is a version of this router that comes with DD-WRT preinstalled.
  • Go to Security / Firewall on your DD-WRT and remove the check mark on Block anonymous WAN requests (ping) so that Hurricane Electric can verify your router exists by pinging it.
  • Go to www.tunnelbroker.net and sign up for an account. Then log in and go to Create a Regular tunnel. You’ll need to enter your static IP, which will be conveniently displayed. You have a choice of tunnel endpoints. Pick one that has a short ping time from where you are. Make a note of all the details of the tunnel that is created. You will need to enter some of these details on your router, in particular these:
    • Server IPv4 address
    • Server IPv6 address
    • Routed /64
  • Read crushedhat’s description of how to configure the router with his firmware, which should work with most Broadcom-based DD-WRT-compatible routers.
  • I’m assuming you have updated the firmware of your router before and know the usual caveats about “bricking” your router if anything goes wrong. I won’t be responsible for that. 😉 I went from the factory Buffalo firmware to v24 sp1 mini to v24 sp1 std to v24 sp1 mini to v24 crushedhat 10070, with no problems, but your mileage may vary. I downgraded from v24 sp1 std (4 MB) to v24 sp1 mini (2 MB) “just in case” before flashing crushedhat’s std (4 MB) build. I did not opt to reset the NVRAM to factory defaults.
  • Download a copy of the v24 crushedhat 10070 build and save it on your hard disk. Use a computer with a wired connection to the router, not WLAN for the firmware upgrade. Go to Administration / Firmware Upgrade and select the dd-wrt.v24-10070_crushedhat_4MB.bin file. Click the upgrade button. Don’t touch anything until after the router has reset and is running the new firmware.
  • Go to Administration / Management and check Enable for IPv6 and Radvd enabled. Then paste the following into the Radvd config box:

    interface br0
    AdvSendAdvert on;
    prefix 2001:470:YYYY:YY::/64
    AdvOnLink on;
    AdvAutonomous on;

    where 2001:470:YYYY:YY::/64 matches the value of “Routed /64” in the created tunnel given to you by Tunnelbroker.net:

    Server IPv4 address:
    Server IPv6 address: 2001:470:XXXX:XX::1/64
    Client IPv4 address:
    Client IPv6 address: 2001:470:YYYY:YY::2/64
    Routed /48: 2001:470:ZZZZ::/48
    Routed /64: 2001:470:YYYY:YY::/64

  • Go to Administration / Commands and enter these commands, then click Save Startup:

    ip tunnel add he-ipv6 mode sit remote ttl 64
    ip link set he-ipv6 up
    ip addr add 2001:470:XXXX:XX::2/64 dev he-ipv6
    ip route add ::/0 dev he-ipv6
    ip addr add 2001:470:YYYY:YY:200:00ff:fe00:0000/64 dev br0

    Replace with Server IPv4 address from your tunnel settings, 2001:470:XXXX:XX:: with the Server IPv6 address value and 2001:470:YYYY:YY:: with the Routed /64 value.

  • Go to Administration / Commands and enter these commands, then click Save Firewall:

    insmod ip6t_REJECT
    ip6tables -F
    ip6tables -A FORWARD -p tcp -i he-ipv6 –syn -m multiport –dports ftp-data,ftp,ssh,smtp,http,https,ntp,domain -j ACCEPT
    ip6tables -A FORWARD -p tcp -i he-ipv6 –syn -j REJECT –reject-with adm-prohibited
    ip6tables -A FORWARD -p udp -i he-ipv6 -m multiport –dports ntp,domain -j ACCEPT
    ip6tables -A FORWARD -p udp -i he-ipv6 -j REJECT –reject-with adm-prohibited

  • Now it’s time to check if everything works. It may take a few minutes or one reboot for your client to obtain an IPv6 address. Here is what things should look like after that:


    Windows IP Configuration

    Ethernet adapter Motherboard Network Connection:

    Connection-specific DNS Suffix . :
    IP Address. . . . . . . . . . . . :
    Subnet Mask . . . . . . . . . . . :
    IP Address. . . . . . . . . . . . : 2001:470:YYYY:YY:290:feff:fe66:e237
    IP Address. . . . . . . . . . . . : fe80::290:feff:fe66:e237%6
    Default Gateway . . . . . . . . . :

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
    Default Gateway . . . . . . . . . :

    Tunnel adapter Automatic Tunneling Pseudo-Interface:

    Connection-specific DNS Suffix . :
    IP Address. . . . . . . . . . . . : fe80::5efe:
    Default Gateway . . . . . . . . . :

    You can ping Google’s IPv6 servers:

    C:\>ping ipv6.google.com

    Pinging ipv6.l.google.com [2001:4860:c004::68] from 2001:470:YYYY:YY:290:feff:fe66:e237 with 32 bytes of data:

    Reply from 2001:4860:c004::68: time=307ms
    Reply from 2001:4860:c004::68: time=307ms
    Reply from 2001:4860:c004::68: time=331ms
    Reply from 2001:4860:c004::68: time=318ms

    Ping statistics for 2001:4860:c004::68:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 307ms, Maximum = 331ms, Average = 315ms

    Fire up FireFox 3 or the browser of your choice and go to http://www.kame.net/ – if the image of the turtle is dancing then you have IPv6 working. Go to http://whatismyv6.com/ to see your IPv6 address.

Good luck! 🙂

Windows 7 versus Linux on netbooks

“Does Linux stand a chance now that Windows 7 will run on netbooks?”, Shane O’Neill asks in an article in ComputerWorld on 15 January 2009 that overall sounds fairly optimistic on Microsoft’s prospects. However it largely avoids one crucial subject that matters for Microsoft in the struggle over market share in the booming nettop market: Money.

In 1985 Jack Tramiel, head of Atari Corporation came to visit Digital Research Inc. (DRI) to license its GEM graphical desktop environment for the new Atari 520ST. It was going to be a low-cost machine based on the same Motoroloa 68K CPU as Apple’s much more expensive Macintosh, which itself was a low-cost derivative of the Apple Lisa (that was long before Microsoft Windows became a viable product). Tramiel had a reputation as a fierce negotiator, so his counterpart at DRI, then the main competitor of Microsoft and Apple, was only half joking when he said to Tramiel: “Jack, I know you’ll probably start off by offering us a dollar per copy.” – “No,” replied Tramiel dryly. “50 cents.”

Tramiel knew that by coming out with a fully-functional product at rock-bottom prices he could grow the PC market. In the segment he envisaged there simply was no margin for a $50 operating system license. What was true when an Atari machine cost around $1000 is even more true today with $250-$450 netbooks, and future netbooks will be even cheaper than that. Soon we will also see netbooks based on the same low-power, low-cost ARM processors that power virtually all mobile phones.

Commentators cited by Computerworld on Windows 7 don’t really talk about money:

Analyst Rob Enderle, president of technology research firm The Enderle Group, agrees that Microsoft doesn’t see Linux as much of a threat and that refocusing on the netbook market is more about “Microsoft addressing the problem of having to keep shipping Windows XP long after its expiration date.”

Enderle says that getting XP on netbooks was clearly a response to Linux gaining traction, but that Microsoft is not afraid of consumers or OEMs having a preference for Linux.

“The problem was that Linux could run on a netbook and Vista couldn’t, not any consumer or OEM love for Linux,” he adds.

But Microsoft’s real problem wasn’t just that Vista was too big to fit on a 4 GB flash drive and too slow and bulky to run on an Intel Atom with 512 MB of RAM. It was also too expensive. So Microsoft could save face by charging next to nothing for its 5 year old Windows XP, but it didn’t make any real money on it. So what’s going to happen when Windows Vista 1.1 aka Windows 7 hits the streets in volume maybe a year from now?

Does it really matter to Microsoft shareholders and employees if the 21 million or so netbooks expected to be sold this year (and the even bigger numbers in 2010) will be running some version of Windows or a version of Linux (which is free), if previously those buyers would have picked up a more powerful machine that netted Microsoft $40-$100 per license?

Whether Windows 7 will run with decent performance on low-cost machines is really only half the question. The other is, how much Asus, Acer and the other netbook OEMs will offer to pay Steve Ballmer of Microsoft. Is it going to be $1 or 50c per copy? That is no way to sustain a business with a market capitalization of $150 billion and almost 90,000 employees worldwide (Jan 2009 numbers), as Microsoft is realizing to its horror.