Archive for the 'Technology' Category

HOWTO: Properly install native VMware Tools in pfSense 2.0.3 (FreeBSD 8.1)

Tags: , , ,

pfSense logoIf you’re anything like me, you take security seriously. With all the recent news about the NSA and Prism and over-reach of surveillance, you’ll take this very seriously. I run several layers of nested firewalls, VPNs and other layers of security at my office.

One of the things I run in a virtualized environment (VMware ESXi), is pfSense. pfSense ibs an Open Source firewall distribution based on FreeBSD. It’s very full-featured, has a web-management console, and lots of add-on packages to enhance it’s capabilities.

“pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a single computer to large corporations, universities and other organizations protecting thousands of network devices.”

pfSense is currently using FreeBSD 8.1, which has been EOL’d by the BSD team last July. The pfSense team is diligently working on new versions, but they’re not out yet. For now, you can continue to use FreeBSD 8.1.

If you run pfSense inside a VM, you’ll want and need to get the base VMware tools installed within it, but that process isn’t straightforward. You want to make sure you install the VMware Tools dependencies and core modules before installing anything else, so you don’t get into package conflicts and other troubles.

I’ve been writing a lot of posts about VMware lately, because I’m finding myself using it more and more, and I’m teaching myself how to use it in a higher-volume capacity.

Here’s how to install pfSense and immedaitely get the correct version of VMware Tools (from VMware itself, not the Open Source ‘open-vm-toolbox‘ or ‘vmfs-tools’) installed within it.

Let’s get started (click any images below to view them full-size):

  1. First, create a new VM and attach your pfSense ISO to it, using whatever mechanism your hypervisor of choice provides. Boot it, and install pfSense into your VM. This part is easy and straightforward.
  2. Once fully installed, shut down (power off) your VM, and detach the CD, so it no longer boots, but keep the CD/DVD device configured for your VM, you’ll use that again in a moment.
  3. Boot your pfSense VM back up, configure networking (in my case the NIC was em0), and you’ll get to a screen that looks something like this:
    (click image to view full size)

    pfSense-2.0.3-main-screen

  4. From here, the first thing you want to do, is change your root password! Hit (8) to drop to a shell, and use the standard passwd(1) utility. Once changed, hit ^D (Control-D) to exit and return to the pfSense main menu.
  5. Next, we’re going to start SSHD, so we can log into the VM remotely, and manage it using a normal Windows, Mac or Linux terminal, vs. interacting with it using the VMware ESXi console (as in this example). Hit (14) to enable the SSH shell.
  6. In the previous screenshot, directly to the left of the (DHCP) part, was the IP of the pfSense server. SSH over to that now, as the root user, using whatever native terminal you prefer.
    $ ssh root@192.168.1.50
  7. Once SSH’d into pfSense remotely, you’ll need to set the PACKAGESITE environment variable, to make sure all core packging tools refer to the 8.1-release tag from the FreeBSD archive site, and not the 8.1-release-p13 that it will try to use by default from the primary site, which will fail, because FreeBSD 8.1 is EOL as I write this.
  8. [2.0.3-RELEASE][root@pfSense.localdomain]/root(1): setenv \
    PACKAGESITE \
    http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-8.1-release/Latest/

    Here’s what will happen if you do not set this variable:

    [2.0.3-RELEASE][root@pfSense.localdomain]/root(3): pkg_add -rv wget
    looking up ftp.freebsd.org
    connecting to ftp.freebsd.org:21
    Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/wget.tbz: 
    File unavailable (e.g., file not found, no access)
    pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.1-release/Latest/wget.tbz' by URL
    pkg_add: 1 package addition(s) failed

    Once you set the variable to refer to the archive site, you’ll have success here:

    [2.0.3-RELEASE][root@pfSense.localdomain]/root(5): pkg_add -rv wget
    looking up ftp-archive.freebsd.org
    connecting to ftp-archive.freebsd.org:80
    requesting http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-8.1-release/Latest/wget.tbz
    Fetching http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-8.1-release/Latest/wget.tbz...x +CONTENTS
    x +COMMENT
    x +DESC
    x +MTREE_DIRS
    x man/man1/wget.1.gz
    x bin/wget
    ...
  9. Now we know we can get to the backup/archive site that holds the 8.1 RELEASE packages, let’s get the ones we need to get VMware Tools up and running. We’re going to need two core packages: compat6x-amd64 and perl to be able to run the script and dynamically load the VMware modules at kernel boot.
    [2.0.3-RELEASE][root@pfSense.localdomain]/root(6): pkg_add -r compat6x-amd64 perl 
    Fetching http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-8.1-release/Latest/compat6x-amd64.tbz... Done.
    
    *******************************************************************************
    *                                                                             *
    * Do not forget to add COMPAT_FREEBSD6 into                                   *
    * your kernel configuration (enabled by default).                             *
    *                                                                             *
    * To configure and recompile your kernel see:                                 *
    * http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html *
    *                                                                             *
    *******************************************************************************
    
    Fetching http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-8.1-release/Latest/perl.tbz... Done.
    Removing stale symlinks from /usr/bin...
        Skipping /usr/bin/perl
        Skipping /usr/bin/perl5
    Done.
    Creating various symlinks in /usr/bin...
        Symlinking /usr/local/bin/perl5.10.1 to /usr/bin/perl
        Symlinking /usr/local/bin/perl5.10.1 to /usr/bin/perl5
    Done.
    cd: can't cd to /usr/include
    Cleaning up /etc/make.conf... Done.
    Spamming /etc/make.conf... Done.
    Cleaning up /etc/manpath.config... Done.
    Spamming /etc/manpath.config... Done.
    
  10. Now we need to mount the CD ISO for VMware Tools for FreeBSD. This is the step I mentioned earlier and why we needed to keep the CD/DVD device configured for this VM. In ESXi, you’ll need to do that from the console, by right-clicking on the VM, go to Guest and then to “Install VMware Tools”, as shown here:
    Installing VMware tools in pfSense 2.0.3

    Installing VMware tools in pfSense 2.0.3

  11. Now the drive is mapped to the VM, we need to mount it and access the vmware tarball within:
    [2.0.3-RELEASE][root@pfSense.localdomain]/root(8): mkdir /tmp/cdrom/
    [2.0.3-RELEASE][root@pfSense.localdomain]/root(9): mount_cd9660 /dev/acd0 /tmp/cdrom/
    [2.0.3-RELEASE][root@pfSense.localdomain]/root(10): cd /tmp/cdrom/
    [2.0.3-RELEASE][root@pfSense.localdomain]/tmp/cdrom(11): ls -l
    total 15030
    -r--r--r--  1 root  wheel        29 Mar 23 15:02 manifest.txt
    -r--r--r--  1 root  wheel  15390306 Mar 23 15:02 vmware-freebsd-tools.tar.gz
    [2.0.3-RELEASE][root@pfSense.localdomain]/tmp/cdrom(12): tar zxvf vmware-freebsd-tools.tar.gz -C /tmp/ 
    
  12. Now we can go into /tmp/vmware-tools-distrib and build the required interfaces for FreeBSD. For the most part, you’ll just accept the defaults to most of the questions. Read them carefully if you think you want something custom for your needs.
    [2.0.3-RELEASE][root@pfSense.localdomain]/tmp/vmware-tools-distrib(14): ./vmware-install.pl --clobber-kernel-modules=vmci    \
                      --clobber-kernel-modules=vsock   \
                      --clobber-kernel-modules=vmxnet3 \
                      --clobber-kernel-modules=pvscsi  \
                      --clobber-kernel-modules=vmmemctl
    Creating a new VMware Tools installer database using the tar4 format.
    
    Installing VMware Tools.
    
    In which directory do you want to install the binary files? 
    [/usr/local/bin] 
    
    In which directory do you want to install the startup script? 
    [/usr/local/etc/rc.d] 
    
    In which directory do you want to install the daemon files? 
    [/usr/local/sbin] 
    
    In which directory do you want to install the library files? 
    [/usr/local/lib/vmware-tools] 
    
    The path "/usr/local/lib/vmware-tools" does not exist currently. This program 
    is going to create it, including needed parent directories. Is this what you 
    want? [yes] 
    
    In which directory do you want to install the documentation files? 
    [/usr/local/share/doc/vmware-tools] 
    
    The path "/usr/local/share/doc/vmware-tools" does not exist currently. This 
    program is going to create it, including needed parent directories. Is this 
    what you want? [yes] 
    
    The installation of VMware Tools 9.0.5 build-1065307 for FreeBSD completed 
    successfully. You can decide to remove this software from your system at any 
    time by invoking the following command: 
    "/usr/local/bin/vmware-uninstall-tools.pl".
    
    Before running VMware Tools for the first time, you need to configure it by 
    invoking the following command: "/usr/local/bin/vmware-config-tools.pl". Do you
    want this program to invoke the command for you now? [yes] 
    
    Initializing...
    
    
    Making sure services for VMware Tools are stopped.
    
    Stopping VMware Tools services in the virtual machine:
       Guest operating system daemon:                                      done
    
    
    The vmblock enables dragging or copying files between host and guest in a 
    Fusion or Workstation virtual environment.  Do you wish to enable this feature?
    [no] 
    
    No X install found.
    
    Starting VMware Tools services in the virtual machine:
       Switching to guest configuration:                                   done
       Guest memory manager:                                               done
       Guest operating system daemon:                                      done
    The configuration of VMware Tools 9.0.5 build-1065307 for FreeBSD for this 
    running kernel completed successfully.
    
    You must restart your X session before any mouse or graphics changes take 
    effect.
    
    You can now run VMware Tools by invoking "/usr/local/bin/vmware-toolbox-cmd" 
    from the command line.
    
    Please remember to configure your network by adding:
    ifconfig_vxn0="dhcp"
    to the /etc/rc.conf file and start the network with:
    /etc/netstart
    to use the vmxnet interface using DHCP.
    
    Enjoy,
    
    --the VMware team

That’s it. You’ve now got a working VMware Tools install using the native, VMware-provided kit, inside your VM. If you’re running ESXi, you’ll now notice that it correctly reports its version, status and IP back to the console, which was missing before we started.

VMware ESXi pfSense tools installed

Good luck!

Using fdupes to Solve the Data Duplication Problem: I’ve got some dupes!

Well, 11.6 hours later after scanning the NAS with fdupes, I noticed that I’ve got some dupes across my system backups.

# time ./fdupes -R -Sm "/nas/Backups/System Backups/"
2153352 duplicate files (in 717685 sets), occupying 102224.5 megabytes


real	698m15.606s
user	38m20.758s
sys	92m17.217s

That’s 2.1 million duplicate files occupying about 100GB of storage capacity in my backups folder on the NAS. DOH!

Now the real work begins, making sense of what needs to stay and what needs to get tossed in here.

UPDATE: I may give up on fsdupes altogether, and jump to rmlint instead. rmlint is significantly faster, and has more features and functions. Here’s a sample of the output:

# rmlint -t12 -v6 -KY -o "/nas/Backups/System Backups/"
Now scanning "/nas/Backups/System Backups/".. done.
Now in total 3716761 useable file(s) in cache.
Now mergesorting list based on filesize... done.
Now finding easy lint...
Now attempting to find duplicates. This may take a while...
Now removing files with unique sizes from list...109783 item(s) less in list.
Now removing 3917500 empty files / bad links / junk names from list...
Now sorting groups based on their location on the drive... done.
Now doing fingerprints and full checksums..
Now calculation finished.. now writing end of log...
=> In total 3716761 files, whereof 1664491 are duplicate(s)
=> In total  77.66 GB  [83382805000 Bytes] can be removed without dataloss.

SOLVED: VMware Tools __devexit_p Error on Linux Kernel 3.8 and Earlier

If you run a current version of VMware Workstation, VMware Server, ESXi or VMware Fusion with a recent Linux kernel as a guest, you’ve most-likely run into this already.

UPDATE: If you’re using Linux kernel 3.11.0, see my updated blog post for the patch and fix for that revision.

 
Using 2.6.x kernel build system.
make: Entering directory `/tmp/modconfig-N9AMbf/vmci-only'
/usr/bin/make -C /lib/modules/3.8.0-19-generic/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
	  MODULEBUILDDIR= modules
make[1]: Entering directory `/usr/src/linux-headers-3.8.0-19-generic'
  CC [M]  /tmp/modconfig-N9AMbf/vmci-only/linux/vmciKernelIf.o
  CC [M]  /tmp/modconfig-N9AMbf/vmci-only/linux/driver.o
/tmp/modconfig-N9AMbf/vmci-only/linux/driver.c:127:4: error: implicit declaration of function ‘__devexit_p’ [-Werror=implicit-function-declaration]
/tmp/modconfig-N9AMbf/vmci-only/linux/driver.c:127:4: error: initializer element is not constant
/tmp/modconfig-N9AMbf/vmci-only/linux/driver.c:127:4: error: (near initialization for ‘vmci_driver.remove’)
/tmp/modconfig-N9AMbf/vmci-only/linux/driver.c:1754:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘vmci_probe_device’
/tmp/modconfig-N9AMbf/vmci-only/linux/driver.c:1982:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘vmci_remove_device’
/tmp/modconfig-N9AMbf/vmci-only/linux/driver.c:119:12: warning: ‘vmci_probe_device’ used but never defined [enabled by default]
/tmp/modconfig-N9AMbf/vmci-only/linux/driver.c:121:13: warning: ‘vmci_remove_device’ used but never defined [enabled by default]
/tmp/modconfig-N9AMbf/vmci-only/linux/driver.c:2063:1: warning: ‘vmci_interrupt’ defined but not used [-Wunused-function]
/tmp/modconfig-N9AMbf/vmci-only/linux/driver.c:2137:1: warning: ‘vmci_interrupt_bm’ defined but not used [-Wunused-function]
/tmp/modconfig-N9AMbf/vmci-only/linux/driver.c:1717:1: warning: ‘vmci_enable_msix’ defined but not used [-Wunused-function]
cc1: some warnings being treated as errors
make[2]: *** [/tmp/modconfig-N9AMbf/vmci-only/linux/driver.o] Error 1
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [_module_/tmp/modconfig-N9AMbf/vmci-only] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-3.8.0-19-generic'
make: *** [vmci.ko] Error 2
make: Leaving directory `/tmp/modconfig-N9AMbf/vmci-only'

Here’s the patch to fix it. Either cut-and-paste the code snippet below and save it to a file, or you can download it here.

--- vmci-only/linux/driver.c	2012-11-01 16:22:03.000000000 +0900
+++ vmci-only/linux/driver.c.patched	2013-03-01 04:21:08.402942111 +0900
@@ -124,7 +124,11 @@ static struct pci_driver vmci_driver = {
    .name     = "vmci",
    .id_table = vmci_ids,
    .probe = vmci_probe_device,
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3,8,0)
    .remove = __devexit_p(vmci_remove_device),
+#else
+   .remove = vmci_remove_device,
+#endif
 };
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 19)
@@ -1750,7 +1754,11 @@ vmci_enable_msix(struct pci_dev *pdev) /
  *-----------------------------------------------------------------------------
  */
 
-static int __devinit
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3,8,0)
+ static int __devinit
+#else
+ static int 
+#endif
 vmci_probe_device(struct pci_dev *pdev,           // IN: vmci PCI device
                   const struct pci_device_id *id) // IN: matching device ID
 {
@@ -1978,7 +1986,11 @@ vmci_probe_device(struct pci_dev *pdev,
  *-----------------------------------------------------------------------------
  */
 
-static void __devexit
+#if LINUX_VERSION_CODE < KERNEL_VERSION(3,8,0)
+ static void __devexit
+#else
+ static void
+#endif
 vmci_remove_device(struct pci_dev* pdev)
 {
    struct vmci_device *dev = pci_get_drvdata(pdev);

And here's how to apply it and fix the problem:

  1. Mount your VMware Tools ISO somewhere
    # mkdir /tmp/cdrom
    # mount /dev/sr0 /tmp/cdrom
  2. Extract the tarball to /tmp/
    # cd /tmp/cdrom
    # tar zxvf VMwareTools-9.0.5-1065307.tar.gz -C /tmp/
  3. Change into the VMware Tools directory that was just created
    # cd /tmp/vmware-tools-distrib/
  4. Patch the tree with the above patch
    # cd lib/modules/source/
    # tar -xvf vmci.tar
    # patch -p0 < /tmp/vmware-tools-linux-kernel-3.8_vmci_pci_hotplug_struct.patch
  5. Tar up the patched source so we can rebuild using the new tarball
    # tar -cf vmci.tar vmci-only/
  6. Now let's rebuild it!
    # cd /tmp/vmware-tools-distrib/
    # ./vmware-install.pl

If you've done it right, it will build cleanly:

Using 2.6.x kernel build system.
make: Entering directory `/tmp/modconfig-qs1htj/vmci-only'
/usr/bin/make -C /lib/modules/3.8.0-19-generic/build/include/.. SUBDIRS=$PWD SRCROOT=$PWD/. \
	  MODULEBUILDDIR= modules
make[1]: Entering directory `/usr/src/linux-headers-3.8.0-19-generic'
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/linux/driver.o
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/linux/vmciKernelIf.o
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/common/vmciContext.o
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/common/vmciDatagram.o
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/common/vmciDoorbell.o
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/common/vmciDriver.o
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/common/vmciEvent.o
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/common/vmciHashtable.o
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/common/vmciQPair.o
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/common/vmciQueuePair.o
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/common/vmciResource.o
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/common/vmciRoute.o
  CC [M]  /tmp/modconfig-qs1htj/vmci-only/driverLog.o
  LD [M]  /tmp/modconfig-qs1htj/vmci-only/vmci.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /tmp/modconfig-qs1htj/vmci-only/vmci.mod.o
  LD [M]  /tmp/modconfig-qs1htj/vmci-only/vmci.ko
make[1]: Leaving directory `/usr/src/linux-headers-3.8.0-19-generic'
/usr/bin/make -C $PWD SRCROOT=$PWD/. \
	  MODULEBUILDDIR= postbuild
make[1]: Entering directory `/tmp/modconfig-qs1htj/vmci-only'
make[1]: `postbuild' is up to date.
make[1]: Leaving directory `/tmp/modconfig-qs1htj/vmci-only'
cp -f vmci.ko ./../vmci.o
make: Leaving directory `/tmp/modconfig-qs1htj/vmci-only'

That's it! This same patch will work with all previous kernels, as well as those up to the most current 3.8 kernels.

If you're rebuilding your kernel modules using the command vmware-install.pl from the VMware Tools package, remember to use the following, to force a module rebuild:

vmware-install.pl --clobber-kernel-modules=vmci    \
                  --clobber-kernel-modules=vsock   \
                  --clobber-kernel-modules=vmxnet3 \
                  --clobber-kernel-modules=pvscsi  \
                  --clobber-kernel-modules=vmmemctl

Note: I haven't tested Linux kernel 3.10.9 or later yet, but I will shortly and update this post to reflect those results (see here for the fix for the 3.11.0 kernel).

Good luck!

HOWTO: Search and Destroy “Unlabeled” mail in Google Gmail

Tags: , ,

I have over 14 years of email stored in Google Gmail now, all sorted, organized and tagged. It’s a huge archive going back through several jobs, plenty of experiences personal and professional. Some day it might make a good bit of data mining for an autobiography, but I digress..

One thing about Google Gmail has been bugging me for years! Google “folds” mail away in your Inbox, out of view, hidden, but not in any folder (what Google calls “Labels”, but they’re really individual IMAP folders).

There doesn’t seem to be any sort of reason for this, no algorithm and no obvious method to why they decide to take email out of your Inbox and hide it away from you. A bug? A feature? Who knows, but it’s annoying.

Here’s an example of what this looks like:

Searching Gmail Hidden mail

Notice that my search for “pinbot@pinterest.com” (Pinterest‘s mail robot) returns several hits, but only one of which is in my “Inbox”. Those others appear nowhere. They’re not in any folder anywhere in my entire IMAP or Gmail heirarchy.

They’re completely hidden, invisible, and only show up when you do a specific search for those terms. In other words, you can’t clean that junk out, delete it, unless you search for it first. Chicken-and-Egg problem, because you can’t search for what you don’t know exists.

There have been hundreds and hundreds of posts trying to come up with solutions to this problem, including using the “-label:” syntax to exclude labels from the search, leaving only “unlabeled” email.

That works great, if you have a handful of labels, maybe a dozen or two, but I have hundreds of IMAP folders (erm, “labels”), and they’re nested pretty deep in some cases. Trying to append all of my labels into one big long search string, does not work, because of a string limit in the search field. Fail.

So then I tried the somewhat magical “-label:*” search, but it returns mail with labels too, for some randomly odd reason. Another fail.

Then I tripped on someone who has a more elegant solution to the problem, rolled up into a Greasemonkey extension. Enter “gmailUnlabelled“!

Once you install the extension, you’ll find a new “Unlabelled” link on the left side, in your labels group. Clicking that will reveal email with no labels, the “hidden” email that Gmail ferrets away from you, away from your searches, away from your folders.

gmailUnlabelled installed

Find it, label it, or as in my case, kill it off. I have 10,543 emails in my “All Mail” folder, and I’m sure a few hundred to a few thousand are going to fall into the Unlabeled category.

big Gmail All-Mail folder

Now I can begin the process of pruning that out and cleaning out my mail even further. I hope this helps others who may be facing the same problems.

AT&T Locks Horns with Hurricane Sandy and my data-only MiFi

Tags: ,

AT&T DeathstarWe were hit pretty hard by Hurricane Sandy out here in New London, CT. Lots of property was damaged, wiped out boats tossed onto shore and crashed into other property.

We also lost power, thousands of homes without power for days, as trees came crashing through wires, telephone poles were pulled to the ground by falling branches and lots of other damage knocked out power transformers and substations.

Where I live, we lost power for 7 days, and that power loss means no Internet, no micro-cell, no DSL. Darkness.

I use a Novatel 2372 MiFi device when I’m on the road to get onto the live Internet, over 3G speeds. This is the only way I could get Internet access when the power went out. Unfortunately, this device also only has 1-3 hours of battery life, depending on how much I’m pulling across it. To keep it charged, I had to plug it into the inverter in my truck, and hope that it would stay online long enough to get through my work day.

Since I don’t do “streaming” or “downloads” across this device, I never came close to hitting any data usage limitations. My data plan on this specific device (data-only SIM provisioning) was “Unlimited” from AT&T. I’ve been using this since ~2008 as an “Unlimited” data device.

5 days into my use of the MiFi as my only Internet gateway, I received an email from AT&T stating:

As a valued customer, we are sending you this email to assist you in avoiding possible service interruption and minimizing your bill. Our systems have detected that you are using a substantial amount of data.

Your May 2012 bill contained a notice that your DataConnect plan has expired and that you will be billed $10/GB for any usage that exceeds 5GB in any billing period.

If you use 5GB in a billing period, we will temporarily suspend your service. This is to give you an opportunity to contact us to discuss your options, including changing your plan to one that is $50 per month plus $10/GB for any usage that exceeds 5 GB. You also have the option to terminate service without penalty.

To avoid a possible suspension of service, please contact us now at 800-331-0500 or 611 from your wireless phone, so that we may assist you in selecting a plan which meets your needs.

I called them to inquire why I received this email, obviously an error on their part, since my plan was “Unlimited”.

The woman I spoke with on the phone claimed that these “Unlimited” plans had been phased out in 2008; 4+ years ago, and I should have received an automated email in 2010 alerting me to this fact. Since I’d never reached the 3.5GB “soft cap” before, I never received the warning email.

While on the phone, I asked her if she could make sure my plan was truly “Unlimited” and remove any blocks, email alerts or other things preventing me from using the device as originally purchased and intended.

She proceeded to tell me that AT&T no longer offers any unlimited plans, and that my only option is to “bump up” to a 5GB (5 gigabyte/month) plan. I’m already paying $59/month for the (pseudo)-Unlimited plan I thought I already had.

It turns out that when you reach the 5GB limit, email-alerted or otherwise, your service is suspended, but AT&T will continue to bill you at the full rate even though you are unable to use the service any longer. You cannot “un-suspend” your service, you can only stop using the current plan, and subscribe to a new/different plan. This is to “encourage” you to call them and subscribe to one of their other plans, the only plan available; the 5GB/month plan.

There are no 10GB plans, no 20GB plans, no Unlimited plans. You get 5GB/month, and every 1GB over that capacity, you pay $10/GB for that.

Then I asked her if I could simply terminate the “data only” SIM account, and add the “Tethering” package to one of my BlackBerry phones (I have two activated, both with truly “Unlimited” data), and avoid the need for a dedicated SIM/device for data. She said “No, we cannot do that, because Tethering isn’t permitted on Unlimited data plans.” AT&T closed this hole about a year ago, when you could use tethering, for no charge.

So I had her “fix” the problem, by subscribing to the proper 2012 “data only” 5GB/month plan, terminating my older plan, which would have locked me out, should I have reached that 5GB/month limit, intentionally or otherwise.

The operator helpfully re-provisioned my MiFi device with the correct “data” plan, and said I should see no other issues with the service or plans, other than the charge was now $10/month cheaper than my original plan from 2008.

What frustrates me, is that they never said they were cutting off the older plans, nor was there any warning or grace period before you’re shut off, and shut off for good.

Good going, AT&T. I was just trying to use the hardware I have, under the terms I’ve been paying for since 2008, so I can get my day-job work done.

The other oddity, is that my data-only MiFi device is subject to the E-911 Surcharge, even though the device can’t possibly allow me to dial 9-1-1 from it, in the case of an emergency. In fact, even if I were to pop the SIM out and put it into a phone, I still cannot dial 9-1-1. So why the charge? I asked, and received this as a response:

“The Federal Government passes this charge onto us, so we in-turn pass it directly onto you.”

Yes, that’s right, I pay monthly, for the “right” to dial 9-1-1 from a device that literally cannot dial 9-1-1 at all, ever. Neat!

Sprint and Verizon’s data plans and options are sure looking attractive these days, when weighed against the heavy hand of AT&T.

tl;dr: AT&T silently caps, then retires my “Unlimited” MiFi data plan 4 years ago, replaces it with a 5GB plan with no other alternative choices; 5GB or no GB.

Bad Behavior has blocked 517 access attempts in the last 7 days.