Things I’ve Learned Buying an iPhone 6 Plus, Unlocked, Contract-Free, Pre-paid

Be very careful when buying a Sprint, Verizon, AT&T, or some other “carrier branded” iPhone.

I did some research to make sure that when spending over $1000 on a phone, that investment would not come back to bite me with a lock-in (of carrier, network type, and plan).

What I’ve found is:

1. Only Verizon’s iPhone 6 has both CMDA and GSM radios enabled. Most of the other carriers only have the GSM radio enabled.

If you want an iPhone that can work with all the carrier networks, Verizon’s is the one you must get.

2. All Verizon 4G LTE capable phones (e.g., the iPhone 6) must come factory unlocked due to FCC requirements that were made on Verizon’s last LTE-band purchase. Most of the other carriers do not have such an agreement with or requirement from the FCC, and may sell you a factory locked iPhone.

If you want an iPhone that is not locked to a specific carrier from the start, Verizon’s is the one you should get.

3. Half of the carriers (Verizon, Sprint, and some others) will not activate a plan/service on an unlocked phone that was not purchased through them (by checking for its serial number in their database). In example, to activate Verizon plans/services for your iPhone, you’d need to use a Verizon branded iPhone. You can usually get around this by activating the plan/service on some other phone of the carrier, and then moving that SIM card from it and into your new another-carrier-branded phone.

4. The only way to purchase a full price iPhone 6 without a contract though Verizon Wireless’s online store is to purchase one with a somewhat hidden month-to-month post-paid $60 1GB plan.

Afterwards, when you receive the phone, this plan is never activated, or is canceled by you. You won’t get billed for it, and there is no cancellation fee (as it’s not a contract).

Update: Verizon Wireless is pulling some type of a scam here. The unwanted plan will be automatically activated “for your convenience” (and at the earliest possible moment), billed with the full set of non-refundable charges, fees, and taxes (on top of the $60), and out of the surprise $110 bill that you will get one to two weeks after receiving your iPhone, if you act quickly, they will refund $50 from it as credit for the remaining unused time… Surprising you with another bill coming in the mail for $60 that you can’t get out of (read my comment in the comments section).

On the “Customize Your Plan & Add Accessories” step, where they want you to select an option in the “The MORE Everything Plan”, click the “View Single Line Plans” link…



5. To get Verizon’s $45 / month pre-paid plan, with no overages (e.g., the minutes and data just stop), buy Verizon’s “4G LTE SIM Activation Kit“. It costs $49.95 and comes with the first month included. And if you select to auto-pay, they double the data from 500MB to 1GB.


6. Don’t buy any of the cases, chargers, or other extra devices from the carrier. Their prices are double Amazon’s. And the selection of iPhone cases and accessories on Amazon is much nicer.

7. I recommend you get the Space Grey iPhone 6 Plus if you are indecisive on the color scheme. While the “Gold” (Champagne) colored iPhone looks nice on the back, the white bezel on the front, around the black screen, does not have the same continuity with the black screen, breaking your thought process. In addition, that white color kind of reminds me of the floor of a school’s cafeteria.

I hope this saves you the 4 days I spent (a.k.a. wasted) trying to navigate through the minefield of rules, plan prices, and incompatibilities, the phone companies enjoy putting people through to get the most money out of them.

Strange TOR Traffic To Get IP

Is this evidence of another TOR and Firefox exploit to get your IP address, or something completely mundane?

I just checked the logs of a service that I provide that returns your IP address –

It was put up to be used under WampDeveloper Pro (to let the user know the server’s public IP address; usually the router’s IP) so as to not depend on any external services, and for anyone else that wanted to use it for whatever reason (no restrictions).

The logs had a large amount (relatively speaking to WampDeveloper’s use) of requests that started in May, different IPs, all with the same user-agent string (the string that identifies the make and build of the Browser you are using).
From doing a “resolveip” (attempts to turn the IP address into a potentially readable host name containing useful information) on some of the IPs, a lot of them are being reported as coming from –

  1. TOR exit nodes and routers
  2. Freedom and Privacy type hosting servers
  3. Some residential/home addresses (not WampDeveloper Pro related, it uses it’s own user-agent string)

Google returns no external results for query “”, except for the few times I mentioned it on HackerNews.

If these requests are coming from users of the Tor Bundle, the usage of appears to be under-the-radar, probably being used from within the Browser, like in a JS file that attempts to get your IP address (via a de-anonymized / local request).
The reason I say that (under-the-radar), is because the “reported” user-agent string of these requests is Chrome, not Firefox (Browser of the Tor Bundle). But the JS can set whatever user-agent string it wants, and those requests also don’t hit the favicon.ico URL (standard procedure for most browsers on first request to a website) – so it’s definitely not coming from the users going to (or being redirected to) the myip page, but rather coming from a script.
This is kind of really strange and unexpected, but hopefully is not related to all this –
Attackers wield Firefox exploit to uncloak anonymous Tor users
Tor security advisory: Old Tor Browser Bundles vulnerable
Torsploit takedown: analysis, reverse engineering, forensic

…But is rather just some other TOR based product/service using as part of a list of URLs it rotates through – a list of whats-my-ip services; or someone using this for their own needs.
The benefit of the above myip service is that it returns nothing but the IP, no HTML, no XML, etc. Just a few bytes of data via TCP/IP. Probably all within 1 packet.

Microsoft Responds to Horrified Developers on Future of Windows 8

A few weeks ago Microsoft released a preview video of Windows 8. Almost immediately developers all over the internet became enraged that Microsoft (with Windows 8) was leaving behind the platform and framework that they have been working with for a decade … all having hedged their bets on: win32 or .NET Framework + C# (language).

Except that Microsoft made no such moves. And no real developers were “horrified”, because a real developer knows that HTML is just a markup language and JavaScript is not a replacement for the CLR + .NET Framework.

At least that was what I thought!

Microsoft has now released a video demonstrating what Windows 8 is about.

The simple truth is that Windows 8 is a re-imagination of the desktop … geared towards the mass market which primarily uses their systems to browse the internet, post on facebook, check their email.

Windows 8 can run tailored apps where HTML and JavaScript widgets replace the traditional desktop window for the benefit of the user.

The underlining platform does not change. We simply get a new fancy UI option that uses a DLL shared with IE 10.

Apache Conference Videos and Slides

The ASF (Apache Software Foundation) organizes and hosts talks every year.

I’ve gathered links to keynotes from this year’s conference and videos from 2009 and 2008.

Start with the videos if you are mostly interested in the Apache Web Server. It seems to be a very small part of the 2010 slides.

ApacheCon US 2009 Videos: Hadoop Track, Apache HTTPD Track, Lucene Track.
ApacheCon US 2008 Videos: Apache HTTPD System Administration, Security, Administration.

2010 ApacheCon Slides and the schedule of the talks.

Google Toolbar Is a Resource Hog

I installed Google Toolbar in IE8 on Windows Vista.

It took up an entire cpu on a 4 core processor, ballooned IE load time from 1 second to 15 seconds, caused tabs to crash, and just made the entire system sluggish.

And that was after I turned all the toolbar’s options off.

It’s too high of a price to pay for seeing the PR of websites. Thanks, but no thanks Google. It’s now disabled.

Google Toolbar Performance

Google Took A Principled Stand On China.

Google Took A Principled Stand On China.

I doubt it.

Ask yourself this… What is it that has changed since Google entered the Chinese market in 2006?

Google knew what they were getting themselves into: dealing with censored results, government interference, corporate espionage (sanctioned by the state), and much much more. Not to mention having the entire deck stacked from the onset against all foreign companies (in China, you get used, striped, and then disgarded in favor of the home-grown competitor).

So a dozen Gmail accounts get compromised and the finger points to China. A few networks get breached.

So what?

How many Gmail accounts where compromised by government interest in the rest of the world? How many times did a corporate network get compromised by a competitor or a foreign interest? This is standard-operating-procedure in big business and politics.

Let’s try this on for size…

1. Google enters the Chinese market.

2. Chinese market/government favors own state side

3. Google breaks even or loses money on investment. Marketshare does not come.

4. Google realizes how difficult things are in China for “outside” companies.

5. Google, not being able to hack it here, to save face and score some points, uses its PR machine to a) start the process of pulling out of the market, b) make themselves look good doing it, and c) take advantage of a whole lot of people in the process.

And what do you know, it fits!

I’ll concede this could be a bluff to get something they want or there is much more going on that we have not been made aware of.