Thread: Kindle 3 wifi keeps deleting Developer Keystore every time wifi is turned on.
View Single Post
Old 04-18-2013, 12:23 PM   #4
fireether
Junior Member
fireether began at the beginning.
 
Posts: 3
Karma: 10
Join Date: Apr 2013
Device: Kindle 3 Wifi
Quote:
Originally Posted by knc1 View Post
That is a normal part of the registration process.
Just register the device, **THEN** re-install the key store.

The diverting by domain name is a poor idea - it only takes the address owner a few minutes to change and/or add a new name. Rendering your solution suddenly useless.

Blocking by address range is harder (and much more expensive) for the address owner to avoid.
That is the method used in the BBB (Block Big Brother) filter of the KUAL.firewall, you might want to try that instead of your own solution.

PS: Your command example presumes that **ONLY** your re-direction should be present in /etc/hosts. The removal of the other entries in /etc/hosts will probably break a few things on your machine.
So better to use the append ">>" rather than replace ">" operator.
I was going for append, but accidentally did replace. In my defense, that was after two hours of going through java code. I was trying to see if perhaps the java app was checking for a setting before checking the developer keys.

As for diverting by domain name - you have a good point. However, looking at packet captures by wireshark (mirrored my wireless router on my managed switch and captured everything going from/to the kindle) shows that when wireless is turned on, it immediately does DNS look ups for a few names.

dogvgb9ujhybx.cloudfront.net
dns.kindle.com
ntp-g7g.amazon.com
todo-g7g.amazon.com
firs-g7g.amazon.com

No idea what dog is for, but the rest are used. Also looking in other configuration files, it has todo and firs explicitly defined. So doing the redirection works - I should also add todo because it does a https connection ONLY to todo and firs - in case they can update through that route.

My question was, which takes more CPU - simply putting 2 lines into hosts in which the servers for amazon (namely firs and todo, don't want to touch NTP because that keeps my clock correct) - or blocking by ip range? I'd assume the latter. And thank you for referencing me to the KUAL firewall - I didn't know it had a BBB filter.

Quote:
Originally Posted by knc1 View Post
Blocking by address range is harder (and much more expensive) for the address owner to avoid.
What do you mean by this? I understand the "harder" part - i.e. they would have to write code that would be called infrequently to check and modify ipchains/iptables/hosts - but don't understand the expensive part. Mainly because they can easily update their code or write a shell script that runs via cron. MD5 checksums is one way to verify that stuff has been changed, and can revert it back to original.

I did not know that registering stops the checks. I have not investigated the behavior of the java app while the kindle is registered - I assumed it would be like the Xbox - i.e. if you modify it and you login to xbox live, you can be banned.

Last but not least, does anybody have the original /etc/hosts file for a 3.4 k3w? That way if I have to update the OS, the checksum will be correct.

Thanks.
fireether is offline   Reply With Quote