Category Archives: Networking

Panasonic DMR-HWT260GN

Review: Panasonic DMR-HWT260

This is my review of the Panasonic DMR-HWT260.  When I went to buy one, there weren’t any reviews so I hope this might fill a gap if you’re looking to buy one. Keep in mind when reading this that I’ve already bought one, and people who own something are much less likely to point out flaws in something that they’ve made the decision to buy.

I must also point out that this is the New Zealand model, not the Australian one.  Features like FreeviewPlus and a number of other settings are New Zealand specific.  If you read the instructions you’ll get a feel for the differences, none of them are major.  Also I expect (but can’t confirm) that most of the features/comments here will apply to the Panasonic DMR-PWT560 as well, it’s the same looking device except with built-in Blu-Ray and a smaller (500Gb) recording capacity.


This is a great PVR.  I bought this to replace our MySky HDI box and the interface is very similar. It has a simple way to navigate around a grid of current and upcoming programs and it’s easy to select one and either record a single episode or “series-link” to record all the episodes.

It works well, is fast at all it’s primary functions (more on speed later) and the image quality is clear.

Overall Verdict: Excellent.


People who do “unboxings” are stupid and annoying.  If you really want to see someone taking an object out of a box you need to seriously examine your life choices. (Yes, I am nearly 40.)


  • Record two shows at once using its built in Tuners
  • Can record to an external HDD as well as the internal 1TB one.
  • Play back media from a local DLNA server, or USB drives.
  • Built in Wifi, with a Wired option as well
  • Selection of Internet Apps, including Netflix, Quikflix, TuneIn Radio, Youtube
  • Undocumented “Chromecast” abilities.

Review Details

This review was done with v1.00 of the firmware.  There haven’t been an updates or patches since we’ve had the box, but we’ve only had it 3 weeks.  I’m approaching this review from the point of view of comparing it to MySky HDi which we’ve had for a number of years – I suspect that’s why a lot of people will be looking at a PVR like this.

Good Things

  1. Records TV just fine.
  2. Nice clear picture, HD quality is excellent.
  3. User interface is pretty good!  It’s easy to see what’s coming up, easy to schedule something to be recorded and the “keyword” feature looks quite good, with the below caveat about how annoying not having a proper keyboard is.
  4. Built in WiFi works well, though I’ve since connected it to the wired network.  I’m a firm believer if something can be plugged in vs WiFi it should be!
  5. Lots of options to compress recordings (as they’re being recorded, or after the fact) to save Disc space.  Though a 1TB will probably take a little while to fill up!
  6. DLNA playback is great, we have a big media library on a server and the ability to play pretty much anything from it is handy.  Want to watch a movie? A few clicks (in fact a couple too many for my liking) and it’s on.
  7. It has built in “Chromecast” support for some apps.  I can be watching something on Youtube on my Android phone then “Cast it” to the Panasonic.  The Youtube app loads up and the video in question plays.  Very handy. Note: This is not screen mirroring, this is the Android phone telling the Panasonic “Load your Youtube app up and start playing this clip” – This seems to be an undocumented feature (it’s not the same as Miracast)
  8. The Netflix app works well.  Again as above you can select the movie on your Android phone and then “cast it” onto the Panasonic.  If you have an Apple TV or some other “better” dedicated Netflix box then I think you’ll find you use that rather than the Panasonic, but if you haven’t got a Netflix device already then this works fantastically.
  9. The remote control has the ability to also function as your TV’s remote control, so you can turn on/off the TV and change its inputs & volume using a single remote.
  10. It’s quite small and lightweight.

Bad Things

The followings things are things about the device that have annoyed me to some degree:

  1. Pausing or Rewinding Live TV takes a few seconds, during which time you think nothing is happening.  It’s very slow and is a very confusing thing!  And then when you’ve paused it, you’re now in this new “mode” where certain limitations apply.  This means you often get the message “You must return to Live TV to do X/Y/Z”.  Which is easy enough, you just press stop.  But compared to the seamlessness of SkyTV’s MySky box, it’s quite clunky.
  2. Entering text into fields to login (Like TVNZ’s Freeview service or the “keyword” PVR feature) is a pain in the butt.  It’d be nice if there was a way to pair a Bluetooth Keyboard with the device, or plug one in.  But it doesn’t support that (Note: I have not tried plugging a USB Keyboard in)
  3. You can’t keep watching something using the DLNA service when a program is being recorded.  This means it’ll “kick you out” of a DLNA session to start a timed recording.  Annoying when the kids are watching Peppa Pig but something I want recorded comes on.  Seeing as the box states “Watch Netflix while recording Live TV!” I find this limitation bizarre and hope it can be removed in a Firmware Update.
  4. The Internet/Net applications are pretty slow to start. You’ll press the TVNZ On Demand button and wait ~5 seconds or something to happen.  This is to be expected really, the box doesn’t sell itself majorly on its Internet features, apart from Netflix.  But some indication it’s received your input and is doing something would be nice.
  5. Freeview Plus pops up a slide out menu every time you change channel to one supported by Freeview Plus.  This is useful maybe the first 3 times and from then on just pisses you off.  No way to turn it off without disabling Freeview Plus (entirely) in the settings, which thankfully is a setting.  The Freeview Plus menu/guide is also confusing for people: Is this the same guide? What does “starring” something do, does that mean it records it (Answer: No).  It’s basically a second, differently laid out, guide.  Very confusing.  Apparently all Freeview Plus enabled boxes are like this though.
  6. Sometimes the “Exit” button is confusing.  Do you press Exit? Or the Return arrow? Or do you press stop?  Depending on what function you’re in, it can have different consequences.  To stop watching something in DLNA and return to the Media Menu, you have to press stop.  Otherwise you exit out of the DLNA service back to Tuner.
  7. No volume control on the Panasonic remote.  Yes, I know having separate volume controls is silly (people end up turning the sound RIGHT UP on the amp and then using the input box’s volume control) but it’s a handy feature, saving you having to have multiple remotes to control things.  This is especially annoying for us as we don’t use the TV’s volume for the sound, we have a dedicated amplifier.
  8. Occasional 1 second picture flicker (goes black then comes back), like a HDMI negotiation issue.  Sometimes happens a few times in a 10 minute interval, sometimes we can go all night and not see one.  2 other people who own this have reported it as well.  Only seems to happen when viewing Live TV, haven’t seen it with DLNA or when using menus etc.  Someone has suggested turning off the FreeviewPlus feature also fixes the issue, but I haven’t confirmed this yet.

Some of the items in “Bad Things” (especially point 8) could easily be addressed in future firmware updates and I hope they are.  It’s a great box with a few minor niggles, none of which really get in the way.

Final Thoughts

It has a hilarious little “app store” built in where you can download a tiny smattering of extra media applications, most of which look terrible.  It has a clunky web browser built in, given the feedback above about no keyboard you can imagine how fun it is to use.  That said, it does render things very well.  But why would you?

It’d be nice to have a way to quickly jump to the DLNA server folder that you use all the time, at the moment it’s ~7 button presses to get there every time.  A favourites menu would be god here.  There’s a lot of places where a little bit more thought could have been put into how people are really going to use this device.  Some settings are tucked away in the main settings, while some are accessed by pressing the “Option” button while watching TV. The core functions are great and are well thought out, it’s all the add-on bits that are a little bit rougher around the edges.

Overall a really good box that works well.  There’s certainly some areas for improvement, but none of them I’d consider defects, just things that can annoy you a bit.  There are cheaper boxes on the market that have the same capabilities (Especially the DishTV aerialBox T2200) but it they seem to be plagued with major firmware issues.

Pushbullet Logo

Debugging Issues with Pushbullet and Google Play Services


I’m posting this because every day there’s a new post on /r/pushbullet about people not getting their Pushbullet messages until they open the Pushbullet app.  There’s a number of reasons that this issue can arise, some of them are unrelated to Pushbullet itself, but will cause the symptoms, some are related to Pushbullet though no definitive answer has been found for this yet.  This article will help you to diagnose issues unrelated to Pushbullet – if following the steps and suggestions don’t help then escalating to Pushbullet’s support would be a good next step.

To kick off this article, I’ll explain briefly how push notifications work for most applications, but not all on Android.  Almost every Android phone out there has Google Play Services installed.  This “App” is pre-installed on your phone and is the support library that all Google Apps and many others rely on.  One of it’s many jobs is to provide the “Google Cloud Messaging” (GCM) service.

2019 update.  GCM is now FCM (Firebase Cloud Messaging) but I’m not going to update this blog post to change it all, it’s still the same basic thing.

This, very simply, allows a server/service hosted somewhere to send a message to Google, and Google will then, using GCM, push a message to the user’s phone.

The reason that GCM is so useful is that apps can register with it when they’re installed.  This means that each app doesn’t have to have it’s own network/infrastructure for pushing messages to your phone, but rather there is a single push service on your phone that all apps can use.  This helps with battery life and means that App developers can focus on writing apps, not having to also host and maintain a network dedicated to pushing messages to phones. It also means your phone only has to have one network connection open to get push messages, instead of each app having to keep a network connection open, which is a drain on resources and battery life.

The Problem

Now the problem comes about with Pushbullet when it doesn’t get messages from GCM.  These messages should “Wake it up” so that you instantly get the push on your phone.

But if Pushbullet doesn’t get the GCM notification, it has no idea that anything new has happened.  It only realises when you open the app and it Sets up it’s own connection to the Pushbullet Servers and gets the latest notifications.  In fact, that’s all a GCM message is, a message to say “Hey, wake up and check your server for the message waiting for you, Pushbullet”.

So if this isn’t working for you, there’s a few things you can do to debug (and hopefully resolve) the issues so that your Pushbullet app starts working as you expect.  Depending on the problem, you might find other apps you didn’t even realise were lagging seem to be a lot faster too!

Debugging Google Play Services

Thankfully, Google have included a way to find out the status of Google Play Services and whether or not it has an active connection to the GCM services.  Type the following code into your dialer and you’ll open up the Google Play Services status page:

Dialer Debug Code

You will open up a screen that looks like this:

GCM Connected

GCM Connected

Notice the following things about this image:

Device ID: The Device ID that Google has assigned your device.
Connected: This is the key we’re looking for! We want to see that it says connected and a lot of information about how it’s connected.

This is what a bad/broken/non-working GCM screen looks like:

GCM Disconnected

GCM Disconnected

What follows is a list of  reasons (and some workarounds/fixes) as to why Google Play Services might not have a connection…

Why doesn’t it work?

IPv6 is enabled. For me, IPv6 works fine. But for a lot if people, if their router/WiFi is giving them an IPv6 connection, but it’s not properly routed, then it won’t work. But for reasons unknown, Google will keep trying to use the IPv6 connection, even though it’s broken. Sadly on Android the only way to disable IPv6 is via root methods, there is no simple way for a non-rooted person to do it. The best option if you’re not rooted is to disable the router/WiFi you’re connected to from giving you an IPv6 address. Of course if you’re at work etc then getting the IT people to do this is probably an impossible task.

The GCM Ports are Firewalled. This is less likely, but certainly possible if your work environment only allows port 80/443 out.  GCM uses TCP Port 5228 (The standard Jabber Port!), but it can also sometimes use TCP Port 5229 and 5230.  If these ports are blocked, you won’t get a stable GCM connection.

Your Firewall has dumb sessions timeout. I’m not sure how valid this one is with later versions of GCM, but if you have a firewall that times out TCP sessions after 5 minutes, you could well have issues with GCM which only sends keepalives every ~29 minutes (This is not confirmed yet).

The Fixes

Use Mobile data (disable WiFi).

Annoying, but great as a quick workaround to see if it fixes the problem.

Run a VPN.

This is what I did at a place of employment where IPv6 was broken. The VPN gives your phone a IPv4 only address and Google Play Services will connect via it and work fine.

Is GCM not the issue?

If you’ve looked at the above but you’re finding that you’re still missing push messages, one “fix” is to uninstall and re-install Pushbullet.  Why this is required is still under investigated by the PB devs.  A way to test if only Pushbullet is affected is to get someone to send you a test Google Hangouts message, or to send yourself a Gmail (has to be Gmail, not an IMAP account).  These both notify your phone of a new message by using GCM.  If you’re getting Gmail/Hangouts notifications instantly with no delay, but getting delays with Pushbullet, then the issue isn’t GCM and something else is wrong.  Might be time to contact the PB Devs and see if there’s any information you can give them to help debug the issue.

Good luck!

Running Your Own Mailserver(s)

This post is now out of date! Running your own mailserver is even easier these days thanks to rspamd. You literally plug rspamd into your mailserver using a milter, it’s a single line in postfix, and rspamd rolls up everything below in the smtpd_recipient_restrictions section and then some more, plus it’s got a nice webGUI. 

Rspamd: Zero spam, Rapid delivery.

Running your own mailserver isn’t that hard.  I always have a chuckle when I read people say “Why would you do it yourself, there’s so much management?”  That’s crap, they just don’t know how to do it.

A mailserver basically runs itself, there’s plenty of online tools to verify that you’re not an open relay, that you’ve configured your TLS settings correctly etc.  Plenty of configuration guides (another is included below) to show you how to lock it down so that it’s not a spam wind-up-and-go machine.

I run 3 mailservers (1 primary, 2 backup).  They all talk a single Greylisting Daemon, set to allow mail through after 1 minute.  Should the greylisting daemon not be available, the servers are set to accept the mail.

Before greylisting takes place however, the mail gets a bunch of checks.  First of all, High Quality DNS Whitelists are checked, if a server is listed in here it can be Trusted to not be sending Spam.  Then Blacklists are checked.  Then remaining whitelists are checked, if a server is listed it is allowed to bypass Greylisting. NOTE: Don’t use SORBS! Their data is out of date and crap. Way too many false positives. Avoid at all costs. I made this mistake once.

Here’s the full logic that all my mail servers use.  You have to ensure you share the greylisting database correctly, otherwise you’ll end up delaying mail much longer than necessary.

  1. REJECT anyone who doesn’t say HELO
  2. REJECT invalid Hostnames in HELO
  3. REJECT senders not using <user@domain.domain> correctly as per RFC821.
  4. REJECT Unknown Recipients
  5. ALLOW from a list of Known IPs (Backup MX hosts, other trusted devices)
  6. ALLOW from Authenticated Senders (To send mail from anywhere, using username/password)
  7. ALLOW from a set of DNS Whitelists that state an entry in their list can be considered “Non-Spam”
  8. REJECT from a list of DNS Blacklists
  9. ALLOW from a second set of DNS Whitelists that are verified to be SMTP servers (skips the need to greylist)
  10. Send to Greylisting Daemon to ACCEPT/DELAY
  11. ACCEPT

Step 7 could be amalgamated with step 9, but I prefer to “trust” the lists of known, trusted  email senders before checking blacklists, as sometimes blacklists can be a bit “over zealous” in their flagging a server a spam, i.e. one that sends newsletters etc.  This way I get check of this logic:

  1. Verified quality sender – ACCEPT.
  2. Check for blacklists – DENY.
  3. Verified RFC compliant SMTP server, skip greylisting (because we know it’ll just retry anyway, no point delaying) – ACCEPT.
  4. Send to Greylisting for DELAY/ACCEPT decision.

With these rules in place, I get almost zero spam making it through, probably 2-3 spams per week.  However the amount of mail that is rejected via the Blacklists and the Greylisting is amazing, in the thousands per day.

Once I’ve finally accepted a mail, I send it to Spamassassin for checking, just to be sure.

The other thing that’s important that I’ve done fairly recently (in the last couple of years) is to ensure that Postfix is setup correctly to send and receive mail using encryption. SSLv2 and SSLv3 are disabled, weak ciphers are disabled, Perfect Forward Secrecy is enabled.

Here’s my for Postfix.

smtpd_banner = $myhostname ESMTP - SMTP BANNER GREETING
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Send a warning if mail is delayed after 1 hour
delay_warning_time = 1h
# If mail can't be delivered after 7 days, we give up
maximal_queue_lifetime = 7d

readme_directory = no
inet_protocols = ipv4

# Incoming Mail
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 604800
smtpd_tls_eecdh_grade = strong
smtpd_tls_security_level = may
smtpd_tls_ciphers = high
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_exclude_ciphers = aNULL, eNULL, RC4
#Don't offer Auth until STARTTLS has setup
smtpd_tls_auth_only = yes

#Ask for a Client Cert
smtpd_tls_ask_ccert = yes

# Outgoing Mail
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_session_cache_timeout = 604800
smtp_tls_security_level = may
smtp_tls_ciphers = high
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_exclude_ciphers = aNULL, eNULL, RC4

#TLS Params
tls_preempt_cipherlist = yes

myhostname = <my hostname>
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = <hostnames I accept mail for>
virtual_alias_domains = <other domains I host>
virtual_alias_maps = hash:/etc/postfix/virtual
relayhost =
mynetworks = [::ffff:]/104 [::1]/128 <backup MX1> <backup MX2>
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = no

# Procmail to deliver
mailbox_command = /usr/bin/procmail

# sasl! You want to eat it!
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_authenticated_header = yes

# Mailing Signing with OpenDKIM
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301 # Don't copy unless you have setup DKIM
non_smtpd_milters = inet:localhost:12301 # Don't copy unless you have setup DKIM

# Proper Mail Protocol Please
strict_rfc821_envelopes = yes

# Verify? No thanks!
disable_vrfy_command = yes

# Demand a polite conversation!
smtpd_helo_required = yes

# Delay before reject
smtpd_delay_reject = yes

smtpd_helo_restrictions = permit_mynetworks,

smtpd_recipient_restrictions =
 check_client_access cidr:/etc/postfix/rbl_override,
 check_policy_service inet:,

message_size_limit = 81920000

Once configured like that, it’s set and forget pretty much.  I occasionally check the logs to ensure that nothing is being greylisted due to the dumb policy some senders have of retrying each time from a DIFFERENT IP Address.  When I do see such stupidity I usually just add the sending /24 network to the Greylist Whitelist.

The final thing to note is that you should run your own caching DNS server.  If you’re using your ISPs, or a big public provider like Google etc, then the black/whitelists often won’t work as they implement rate-limiting against abuse, and the big public name-servers are almost always blocked.  Running your own small caching DNS server is easy and will give you a working RBL setup.


Update: 11/4/2017 – Turns out Protected Sky are just a bunch of rip-off merchants. Removed them from my list of checked RBLs.


To be clear – I’m not trying to pick on anyone here. It’s just an amazing example of the confusion around UFB.

[24/10 10:44] <USER> @NZ_ISP can you please tell me the CIR on 100/50 business fibre?
[24/10 11:10] <@NZ_ISP> @USER My understanding is that it’s 10Mbps down, 2.5Mbps up (that’s for your plan). ^CP
[24/10 11:12] <@USER> @NZ_ISP OK. I think the support team are using that as an excuse. Hitting a wall at 35mbit, but they’re saying that’s OK.
[24/10 11:19] <@NZ_ISP> @USER That’s obviously well above CIR, but we want to make sure you’re getting as fast a speed as possible too. ^CP
[24/10 11:20] <@USER> @NZ_ISP I can’t break 35mbit with multiple streams from multiple fast NZ servers. There’s definitely an issue there.
[24/10 11:26] <@NZ_ISP> @USER I’m only passing on what our engineers have checked out – like I said, I’m having them check it again. ^CP
[24/10 11:28] <@USER> @NZ_ISP Thanks. I’ve emailed prem support again with more pretty pictures.

[24/10 15:24] <@kiwibrew> @USER if multiple streams saturate a connection, it’s a TCP tuning / receive window issue, not the circuit @stevebiddle @NZ_ISP
[24/10 15:29] <@USER> @kiwibrew Tell me more. Anything I can adjust at my end to enhance this?
[24/10 15:29] <@USER> @kiwibrew Err, it’s upload that’s not going as fast as it should too, btw.
[24/10 15:33] <@NZ_ISP> @USER The ticket is in a closed state so yes, you’ll continue to get those messages if you keep sending emails. I’m having them check…
[24/10 15:33] <@NZ_ISP> @USER …into it again though. ^CP
[24/10 15:34] <@USER> @NZ_ISP I think we’re at a stalemate anyway. I maintain 70% of advertised speed isn’t good enough. You maintain that you only promised me 2.5
[24/10 15:34] <@USER> @NZ_ISP As a side note the ONLY speed mentioned on the contract I signed was the 100/50. Hope you’ve got proper UFB contracts by now?
[24/10 15:36] <@NZ_ISP> @USER So would you like me to leave this ticket closed then? ^CP
[24/10 15:37] <@USER> @NZ_ISP You’re aware your customer is unhappy with the service you’re providing. Up to you if you re-open or leave it.
[24/10 15:38] <@kiwibrew> @USER Perry has some good resources here: Also check for limiting factors
[24/10 15:42] <@NZ_ISP> @USER Just had a chat with the team and they’ve let me know that the speeds are at an acceptable level for us and Chorus. You’re more…
[24/10 15:42] <@NZ_ISP> @USER …than welcome to have a chat with your account manager if you have any more concerns. ^CP

Best Juniper PR

From the 10.4R10 release notes:

A service technician brushed against the front panel of a MX RE card, and the RE powered down. Resulted in outages of customer networks. [PR/703076: This issue has been resolved.]

Sadly they have updated the document.

My Thoughts on Fyx

Everyone’s got a comment about Fyx!
Here’s mine:

My analogy is that it’s like you all work in the pizza business. And you’re all discussing a rival pizza company because they’ve put a blinking LED on their pizza.

Sure, you can’t eat it. Or maybe you can? But maybe for a few weeks before everyone goes “You can’t eat LEDs, it’s not legal!!!”

So you all go on and on and on about the flashing LED on the pizza. Is it legal? Is it not? What happens if you EAT the LED? Will you have to be rushed to hospital? Will you be OK? OMFG!!!! OMG!?!?! Is it LEGAL to put an LED ON A PIZZA? PULL IT OFF!! But what if I can’t pull it off? Will I get sued? LOOK! LOOK AT IT FLASH!

They’re selling pizza. But you’re all OMFG about the flashing LED that may, or may not, come with the pizza. You’ve told all your family. Your friends. You’ve got just the best and smartest opinion about the legality of selling a flashing LED and you’ve told everyone you know about it.

And now, horror of horrors, you’ve found out the pizza DOES NOT come with a flashing LED. That’s it. They’ve officially called it. No more flashing LEDs.

Now you’re left with a normal, boring pizza. One you’ve not even tried but you know know you probably hate it.

Oh and there’s one marketing company behind it all that can’t stop laughing.