How to use Ping to test your network latency

If bandwidth is the quantity of your connection, then latency must be a measure of the quality of it. Latency is the time it takes for the smallest amount of information to go back and forth between you and a host. If you see packet loss on your trip to your ISP then your line is the issue.

People often talk about the internet connection speed - the bandwidth as measured in megabits - but for certain realtime applications like telephony, gaming, and remote shells - the data quality is more important. Dropped packets in telephony and audio streams leads to static and lost sound.

After installing Fibre Optic at my new place I compare a ping to Google Public DNS (, and we see packet loss disappear, and the average time drop from a whopping and hard to believe 57 seconds down to just 31 milliseconds, with a minimum of 28 ms.

An example of a good ping time

13inch:~ tom$ ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=59 time=32.911 ms
64 bytes from icmp_seq=1 ttl=59 time=31.874 ms
64 bytes from icmp_seq=2 ttl=59 time=30.760 ms
64 bytes from icmp_seq=3 ttl=59 time=29.730 ms
64 bytes from icmp_seq=4 ttl=59 time=31.490 ms
64 bytes from icmp_seq=5 ttl=59 time=29.063 ms
64 bytes from icmp_seq=6 ttl=59 time=32.466 ms
64 bytes from icmp_seq=7 ttl=59 time=31.149 ms
64 bytes from icmp_seq=8 ttl=59 time=32.787 ms
64 bytes from icmp_seq=9 ttl=59 time=40.585 ms
64 bytes from icmp_seq=10 ttl=59 time=32.434 ms
64 bytes from icmp_seq=11 ttl=59 time=29.902 ms
64 bytes from icmp_seq=12 ttl=59 time=29.264 ms
64 bytes from icmp_seq=13 ttl=59 time=31.894 ms
64 bytes from icmp_seq=14 ttl=59 time=32.299 ms
64 bytes from icmp_seq=15 ttl=59 time=30.051 ms
64 bytes from icmp_seq=16 ttl=59 time=32.315 ms
64 bytes from icmp_seq=17 ttl=59 time=28.942 ms
64 bytes from icmp_seq=18 ttl=59 time=31.891 ms
64 bytes from icmp_seq=19 ttl=59 time=30.485 ms
64 bytes from icmp_seq=20 ttl=59 time=29.383 ms
--- ping statistics ---
21 packets transmitted, 21 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 28.942/31.508/40.585/2.402 ms
13inch:~ tom$

Official worst internet connection ever.

Since I was on dialup at my mums place in Coromandel.

Laptop connected to my Wifi router which is getting its net itself via Wifi tethering from my iPhone 5S which is barely able to make a call or send txt let alone the internet!

491 packets transmitted, 137 packets received, 72.1% packet loss
round-trip min/avg/max/stddev = 4911.674/57951.524/100173.596/21656.897 ms
13inch:pay2c.Xyz tom$

64 bytes from icmp_seq=177 ttl=54 time=52771.304 ms
64 bytes from icmp_seq=178 ttl=54 time=51795.556 ms
64 bytes from icmp_seq=179 ttl=54 time=50792.636 ms
64 bytes from icmp_seq=180 ttl=54 time=49790.734 ms
64 bytes from icmp_seq=181 ttl=54 time=48787.671 ms
64 bytes from icmp_seq=182 ttl=54 time=47787.012 ms
64 bytes from icmp_seq=183 ttl=54 time=46782.079 ms
64 bytes from icmp_seq=184 ttl=54 time=45778.752 ms
64 bytes from icmp_seq=185 ttl=54 time=44782.822 ms
64 bytes from icmp_seq=186 ttl=54 time=43778.280 ms
64 bytes from icmp_seq=187 ttl=54 time=42774.619 ms
64 bytes from icmp_seq=188 ttl=54 time=41773.082 ms
64 bytes from icmp_seq=189 ttl=54 time=40785.548 ms
64 bytes from icmp_seq=190 ttl=54 time=39820.873 ms
64 bytes from icmp_seq=191 ttl=54 time=38818.465 ms
64 bytes from icmp_seq=195 ttl=54 time=35601.609 ms
64 bytes from icmp_seq=196 ttl=54 time=35405.563 ms
64 bytes from icmp_seq=197 ttl=54 time=34595.935 ms
64 bytes from icmp_seq=198 ttl=54 time=34440.231 ms
64 bytes from icmp_seq=199 ttl=54 time=34118.466 ms
64 bytes from icmp_seq=200 ttl=54 time=37025.789 ms
64 bytes from icmp_seq=205 ttl=54 time=33701.815 ms
64 bytes from icmp_seq=232 ttl=54 time=14587.327 ms
Request timeout for icmp_seq 252
Request timeout for icmp_seq 253
Request timeout for icmp_seq 254
64 bytes from icmp_seq=247 ttl=54 time=8570.665 ms
64 bytes from icmp_seq=248 ttl=54 time=7776.425 ms
64 bytes from icmp_seq=249 ttl=54 time=6920.444 ms
64 bytes from icmp_seq=250 ttl=54 time=6515.482 ms
64 bytes from icmp_seq=251 ttl=54 time=5631.024 ms
64 bytes from icmp_seq=252 ttl=54 time=5052.276 ms
64 bytes from icmp_seq=253 ttl=54 time=5014.476 ms
64 bytes from icmp_seq=254 ttl=54 time=5749.126 ms
64 bytes from icmp_seq=255 ttl=54 time=4911.674 ms
Request timeout for icmp_seq 264
Request timeout for icmp_seq 265
Request timeout for icmp_seq 266
Request timeout for icmp_seq 267
Request timeout for icmp_seq 268
Request timeout for icmp_seq 269
64 bytes from icmp_seq=256 ttl=54 time=14185.624 ms
Request timeout for icmp_seq 271
Request timeout for icmp_seq 272
Request timeout for icmp_seq 273
Request timeout for icmp_seq 274
Request timeout for icmp_seq 275
Request timeout for icmp_seq 276
Request timeout for icmp_seq 277
Request timeout for icmp_seq 278
Request timeout for icmp_seq 279
Request timeout for icmp_seq 280
Request timeout for icmp_seq 281
Request timeout for icmp_seq 282
Request timeout for icmp_seq 283
Request timeout for icmp_seq 284
Request timeout for icmp_seq 285
Request timeout for icmp_seq 286
Request timeout for icmp_seq 287
64 bytes from icmp_seq=257 ttl=54 time=31445.453 ms
Request timeout for icmp_seq 289
64 bytes from icmp_seq=258 ttl=54 time=32457.728 ms
Request timeout for icmp_seq 291
Request timeout for icmp_seq 292
Request timeout for icmp_seq 293
Request timeout for icmp_seq 294
64 bytes from icmp_seq=259 ttl=54 time=36411.157 ms
Request timeout for icmp_seq 296
Request timeout for icmp_seq 297
Request timeout for icmp_seq 298
64 bytes from icmp_seq=260 ttl=54 time=39733.101 ms
Request timeout for icmp_seq 300
Request timeout for icmp_seq 301
Request timeout for icmp_seq 302
64 bytes from icmp_seq=261 ttl=54 time=42477.703 ms
Request timeout for icmp_seq 304
64 bytes from icmp_seq=262 ttl=54 time=43441.612 ms
64 bytes from icmp_seq=263 ttl=54 time=43432.266 ms
Request timeout for icmp_seq 307
64 bytes from icmp_seq=264 ttl=54 time=45050.706 ms
Request timeout for icmp_seq 309
64 bytes from icmp_seq=265 ttl=54 time=45137.945 ms
64 bytes from icmp_seq=266 ttl=54 time=45173.820 ms
64 bytes from icmp_seq=267 ttl=54 time=44506.264 ms
Request timeout for icmp_seq 313
Request timeout for icmp_seq 314
Request timeout for icmp_seq 315
Request timeout for icmp_seq 316
Request timeout for icmp_seq 317
Request timeout for icmp_seq 318
Request timeout for icmp_seq 319
Request timeout for icmp_seq 320
Request timeout for icmp_seq 321
Request timeout for icmp_seq 322
Request timeout for icmp_seq 323
Request timeout for icmp_seq 324
64 bytes from icmp_seq=268 ttl=54 time=57362.380 ms
Request timeout for icmp_seq 326
Request timeout for icmp_seq 327
Request timeout for icmp_seq 328
Request timeout for icmp_seq 329
64 bytes from icmp_seq=269 ttl=54 time=61603.631 ms
64 bytes from icmp_seq=270 ttl=54 time=61590.294 ms
Request timeout for icmp_seq 332
64 bytes from icmp_seq=271 ttl=54 time=62326.436 ms
Request timeout for icmp_seq 334
Request timeout for icmp_seq 335
64 bytes from icmp_seq=272 ttl=54 time=65071.367 ms
Request timeout for icmp_seq 337
Request timeout for icmp_seq 338
64 bytes from icmp_seq=273 ttl=54 time=66941.069 ms
Request timeout for icmp_seq 340
64 bytes from icmp_seq=274 ttl=54 time=67932.502 ms
Request timeout for icmp_seq 342
Request timeout for icmp_seq 343
64 bytes from icmp_seq=275 ttl=54 time=69433.195 ms
64 bytes from icmp_seq=276 ttl=54 time=69818.324 ms
64 bytes from icmp_seq=278 ttl=54 time=68618.593 ms
64 bytes from icmp_seq=279 ttl=54 time=68027.879 ms
64 bytes from icmp_seq=280 ttl=54 time=67154.395 ms
Request timeout for icmp_seq 349
Request timeout for icmp_seq 350
Request timeout for icmp_seq 351
Request timeout for icmp_seq 352
Request timeout for icmp_seq 353
64 bytes from icmp_seq=281 ttl=54 time=74049.322 ms
Request timeout for icmp_seq 355
Request timeout for icmp_seq 356
64 bytes from icmp_seq=282 ttl=54 time=76036.362 ms
Request timeout for icmp_seq 358
Request timeout for icmp_seq 359
Request timeout for icmp_seq 360
Request timeout for icmp_seq 361
Request timeout for icmp_seq 362
64 bytes from icmp_seq=283 ttl=54 time=81122.351 ms
64 bytes from icmp_seq=284 ttl=54 time=80909.673 ms
Request timeout for icmp_seq 365
64 bytes from icmp_seq=285 ttl=54 time=82186.723 ms
Request timeout for icmp_seq 367
64 bytes from icmp_seq=286 ttl=54 time=82619.370 ms
Request timeout for icmp_seq 369
Request timeout for icmp_seq 370
Request timeout for icmp_seq 371
Request timeout for icmp_seq 372
Request timeout for icmp_seq 373
Request timeout for icmp_seq 374
Request timeout for icmp_seq 375
Request timeout for icmp_seq 376
Request timeout for icmp_seq 377
Request timeout for icmp_seq 378
64 bytes from icmp_seq=287 ttl=54 time=93182.677 ms
Request timeout for icmp_seq 380
Request timeout for icmp_seq 381
64 bytes from icmp_seq=317 ttl=54 time=65322.352 ms
Request timeout for icmp_seq 383
Request timeout for icmp_seq 384
Request timeout for icmp_seq 385
Request timeout for icmp_seq 386
64 bytes from icmp_seq=318 ttl=54 time=69428.438 ms
64 bytes from icmp_seq=319 ttl=54 time=69204.778 ms
64 bytes from icmp_seq=320 ttl=54 time=68604.710 ms
64 bytes from icmp_seq=321 ttl=54 time=69250.154 ms
64 bytes from icmp_seq=322 ttl=54 time=69024.922 ms
64 bytes from icmp_seq=323 ttl=54 time=68852.795 ms
64 bytes from icmp_seq=324 ttl=54 time=68381.716 ms
64 bytes from icmp_seq=325 ttl=54 time=68460.245 ms
64 bytes from icmp_seq=326 ttl=54 time=67890.598 ms
Request timeout for icmp_seq 396
Request timeout for icmp_seq 397
Request timeout for icmp_seq 398
64 bytes from icmp_seq=327 ttl=54 time=72224.042 ms
Request timeout for icmp_seq 400
Request timeout for icmp_seq 401
Request timeout for icmp_seq 402
Request timeout for icmp_seq 403
64 bytes from icmp_seq=348 ttl=54 time=56707.034 ms
Request timeout for icmp_seq 405
Request timeout for icmp_seq 406
64 bytes from icmp_seq=351 ttl=54 time=56621.675 ms
64 bytes from icmp_seq=352 ttl=54 time=55620.525 ms
64 bytes from icmp_seq=353 ttl=54 time=54887.953 ms
64 bytes from icmp_seq=354 ttl=54 time=54205.236 ms
64 bytes from icmp_seq=355 ttl=54 time=53624.076 ms
Request timeout for icmp_seq 412
Request timeout for icmp_seq 413
Request timeout for icmp_seq 414
Request timeout for icmp_seq 415
Request timeout for icmp_seq 416
Request timeout for icmp_seq 417
Request timeout for icmp_seq 418
Request timeout for icmp_seq 419
Request timeout for icmp_seq 420
Request timeout for icmp_seq 421
64 bytes from icmp_seq=357 ttl=54 time=65797.155 ms
Request timeout for icmp_seq 423
Request timeout for icmp_seq 424
Request timeout for icmp_seq 425
Request timeout for icmp_seq 426
Request timeout for icmp_seq 427
Request timeout for icmp_seq 428
Request timeout for icmp_seq 429
Request timeout for icmp_seq 430
Request timeout for icmp_seq 431
Request timeout for icmp_seq 432
Request timeout for icmp_seq 433
Request timeout for icmp_seq 434
Request timeout for icmp_seq 435
Request timeout for icmp_seq 436
Request timeout for icmp_seq 437
Request timeout for icmp_seq 438
Request timeout for icmp_seq 439
Request timeout for icmp_seq 440
Request timeout for icmp_seq 441
Request timeout for icmp_seq 442
Request timeout for icmp_seq 443
Request timeout for icmp_seq 444
Request timeout for icmp_seq 445
Request timeout for icmp_seq 446
Request timeout for icmp_seq 447
64 bytes from icmp_seq=389 ttl=54 time=59933.766 ms
64 bytes from icmp_seq=390 ttl=54 time=59740.642 ms
64 bytes from icmp_seq=391 ttl=54 time=59882.162 ms
Request timeout for icmp_seq 451
Request timeout for icmp_seq 452
Request timeout for icmp_seq 453
Request timeout for icmp_seq 454
Request timeout for icmp_seq 455
Request timeout for icmp_seq 456
Request timeout for icmp_seq 457
64 bytes from icmp_seq=392 ttl=54 time=66705.322 ms
64 bytes from icmp_seq=393 ttl=54 time=66187.189 ms
64 bytes from icmp_seq=394 ttl=54 time=65313.387 ms
64 bytes from icmp_seq=395 ttl=54 time=65274.663 ms
64 bytes from icmp_seq=396 ttl=54 time=65201.259 ms
64 bytes from icmp_seq=397 ttl=54 time=65043.247 ms
64 bytes from icmp_seq=398 ttl=54 time=64591.833 ms
Request timeout for icmp_seq 465
Request timeout for icmp_seq 466
Request timeout for icmp_seq 467
Request timeout for icmp_seq 468
Request timeout for icmp_seq 469
Request timeout for icmp_seq 470
64 bytes from icmp_seq=399 ttl=54 time=72608.465 ms
64 bytes from icmp_seq=400 ttl=54 time=71606.695 ms
64 bytes from icmp_seq=401 ttl=54 time=70603.331 ms
64 bytes from icmp_seq=402 ttl=54 time=69610.261 ms
64 bytes from icmp_seq=403 ttl=54 time=68606.763 ms
64 bytes from icmp_seq=404 ttl=54 time=67607.793 ms
64 bytes from icmp_seq=405 ttl=54 time=66610.263 ms
64 bytes from icmp_seq=406 ttl=54 time=66066.892 ms
64 bytes from icmp_seq=409 ttl=54 time=65526.582 ms
64 bytes from icmp_seq=410 ttl=54 time=64708.668 ms
64 bytes from icmp_seq=411 ttl=54 time=63938.379 ms
64 bytes from icmp_seq=412 ttl=54 time=62978.977 ms
64 bytes from icmp_seq=413 ttl=54 time=62329.996 ms
64 bytes from icmp_seq=414 ttl=54 time=61685.132 ms
64 bytes from icmp_seq=415 ttl=54 time=60885.822 ms
64 bytes from icmp_seq=416 ttl=54 time=60366.599 ms
64 bytes from icmp_seq=417 ttl=54 time=60080.570 ms
64 bytes from icmp_seq=418 ttl=54 time=59211.712 ms
64 bytes from icmp_seq=419 ttl=54 time=58520.336 ms
64 bytes from icmp_seq=420 ttl=54 time=57832.112 ms
--- ping statistics ---
491 packets transmitted, 137 packets received, 72.1% packet loss
round-trip min/avg/max/stddev = 4911.674/57951.524/100173.596/21656.897 ms
13inch:pay2c.Xyz tom$

SHA1 Collision detected on Github

About 9 days ago something incredibly unlikely happened... something so rare that

If you had five million programmers each generating one commit per second, your chances of generating a single accidental collision before the Sun turns into a red giant and engulfs the Earth is about 50%.

A few weeks ago, researchers announced SHAttered, the first collision of the SHA-1 hash function, at Github. Similar to how a Bitcoin is a series of zeroes in a long row discovered by gradually adding static noise to the signal, this collission is likely a big chunk of random characters and noise.

Amazingly this event now has it's own website, and Y2K style frenzied rush to swap out sha1 for sha256/512. Never fear though because as they say:

Today, many applications still rely on SHA-1, even though theoretical attacks have been known since 2005, and SHA-1 was officially deprecated by NIST in 2011. We hope our practical attack on SHA-1 will increase awareness and convince the industry to quickly move to safer alteratives, such as SHA-256.

Try This At Home?

This attack required over 9,223,372,036,854,775,808 SHA1 computations. This took the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations. So give it a go yourself (hehe) the source code is available.

What about SHA256 any chances there of a collision?

The hash input space of SHA256, which to be honest is not something I think I understand because I thought all hash functions have infinite input space, is something like this many terabytes:


By my calculations, to get even a slim 0.0000001% chance of a collision with SHA256 you'd need to run through 4.8×10 to 29 of hash runs, or this many:


That's just for a 0.0000001% chance of collision.


Raven Arts Ltd

Raven was to be, and can still be, as described in the mission statement:

  1. Creative Mission Statement and Declaration
    • We propose to create in this agreement a private arts and democratic business society that is the body corporate set to manage the offices and non-exclusive sales teams for a cutting edge full service new media creative agency and production house in Auckland. Our directors and partners have coalesced their equipment and skills into a large production studio consisting of multiple photo and audio recording suites, integrated events and promotion capabilities, a technology marketplace, timeshare CBD offices in Wyndham street, an artistic internship scheme, and yearly high-technology conference.
    • We shall officially call it Raven Arts Limited, also known as Raven Arts NZ,, or just “The Raven”. Complaints and suggestions can go to [email protected]
    • The industry categories and types of work we expect to be doing are broad and can include but are not limited to:
      1. Audio, Video, Events, Games, Augmented Reality, Animation & CGI, Home Automation, Still Photography, Network Security, Business Mentoring, Artistic Consulting, Network Marketing, Equipment Hire & Sales, Talent, Website Design Build, Mobile App Dev, Interactive Installations, and generally speaking, stuff that is super awesome fun stuff.
      2. Excludes anything involving victimisation, violence, etc. We can do a documentary about violence, but we can’t use the fund to set-up forced labour camps along the Mekong.
    • Directors may use the space for what-ever purpose they wish within reason.
    • As well as being a group of creative capitalist professionals wanting to save costs and share an office, we are hoping to set something in motion to become a creative lead referral service and matching agency that links artists with businesses.
    • Participation in The Raven is always 100% voluntary. Incentives for positive action are championed over penalties for inaction generally, and this agreement contains very little restrictions and liability on you.
    • The Raven’s individual companies and sole traders, as well as The Raven’s own business ecosystems depend upon information about existing and potential clients, and our ability to accurately and fairly communicate the value of our sales propositions and previously done work articles and deliverables to them in order to satisfy demand and therefore source new and continued patronage. Since information is the lifeblood of so many parts of our sales and support pipelines, good information security practices but also importantly lead declaration and financial participation shall be incentivised by the automatic allocation of company shares the disclosure of information on security, declaration, quotes, invoice payment, deliverables, ethics and honesty.
    • Signing this agreement and declaration of intent in no way possible causes any increased liability than those in Schedule A namely your equal share of the costs of the first year of operation.


See the full text by clicking "Request Access" at 

An Issue With The Lease at 26 Wyndham St

My business pals and I created the ultimate creative community; half signed a lease and fully paid a deposit; and then just two days after officially moving in they give 20 hours notice to me to move out! with no basis! As I say in this clip, I spent 18 years at my previous accommodation in Ponsonby, building up a collection of whacky and funky audio and art objects - the best of which have come here and to my new home at a top secret location - and since we couldn't move in right away, I actually bounced all of this stuff out via three or four other locations: St Luke, then Waterview via my amazing friend Shane and his moving trck! One day to get out, and one day to get all the way up those 4 flights of stairs! The truck did two trips on the first day, but we got up to Wyndham with one truck-load I believe.


and it's on Wyndham St a very steep street in central mid-town Auckland, just a marble-balls roll down the hill from Sky Tower badness my main man.

So the manager Barfoot steps in frustratingly..... and somehow they pulled out with only one signature on the lease.

an-offer-of-resolution - Tom's offer to solve the issue.

combined-docs-for-26-wyndham-t-atkinson The Lease agreement, the floor plan, the bank statement showing deposits.

Rachel Beer from Barfoot can be heard on this audio file apparently giving me extra notice of eviction via verbal.

Tom's discussions with the landlords

I hope all have had a chance to read over my offer of resolution (attached).

In the offer I put forward two solutions to this conundrum we face:
1) EITHER we move to sign and place deposit as per normal. My preferred option. Can pay three months deposit every month for three months if agreeable. OR
2) a very short period where I pay full rent in order to find time to move out at a more regular pace. Suggest somewhere between TWO WEEKS and 3 MONTHS.
I would think that it is in everyones bests interests - but mostly yours - to accept some payment from me and allow me an orderly pack down.
  • Consider the following benefits to yourselves by accepting this resolution:
  • I really like the space. Paul first showed it to me on 7 September - a long time ago. It's very good to have tenants that appreciate the space because they will be very well behaved and look after it and always pay the rent on time. My last tenancy lasted 18 years and I never once missed a rent payment, in total putting through over $390,000 over the 18 year period from 1998.
  • Having a tenant that is often in the office during the evenings is good for security and reduces fire risk
  • The location synergises with my interests
  • Considerable sound pollution already exists in the area such as Ding Dong bar in the basement, but more importantly, the other bar right underneath us at level 1. These are fairly noisy things - with drunken bar goers often sitting on the steps to the office. When I come at night I scare them away and deter burglers.
  • I plan to upgrade security. I have my own fully wireless GSM alarm system + motion sensors + distributed webcam software etc.
  • I run a web consultancy: - this business use is in line with the business use on the lease agreement i have
Failing to do so - such as that course that seems to be going down - would put you at risk of this lawsuit / private prosecution and evidence PDF as I am about to file in the Auckland District Court. The downsides of this for you are:
  • I've already contacted fair go and have a massive community of friends and supporters - I am a musician we have friends
  • Artists and Musicians are already at the bottom rung of society even though everybody from the poorest to the richest person loves to listen to it. Music forms such as important part in so many lives. Unless we perform live and sell merchandise though, it is very difficult to make a living just from recorded music. If you are curious, check out my CV at I have over 70 compositions registered with APRA, have 7 albums out, played big day out 5 times and done 4 international tours (Vanuatu, Australia, UK, Ireland). I think you should show some Mana and be kind.
  • I'm planning to contact the body corporate and true owners of the building shortly if you do not comply or if any of my equipment is damaged
  • Your job positions are now at risk since you have not filled the space I know for sure since 7 September. Pitiful work guys.
  • The building is not great - you should cut losses and accept my offer.
  • I have some covert audio recordings featuring Rachel Beer and sample is also attached. I have also placed the sample only at:
  • Today at 12:25pm I called emergency services on 111 and spoke with them for 6 minutes, claiming I had a vigilante landlord trying to break the law, we had a nice chat about what I can and can't do. Very informative. Maybe will be seeing you and them later in fact.
  • Maybe if I get angry I will launch a bad publicity campaign against Barfoot and co. Send it to the building investors.

Later on Thursday...

Tom got arrested trying to get his gear back, that's why he doesn't have the crash stands in this video:

So starting at the start. Check out this Stock Options contract that I wrote. Basically 90% of. I stayed up a bit late though you can hear how tired I am:

Rachel Beer - Barfoot & Thompson

Rachel Beer - Barfoot & Thompson

Rachel Beer from Barfoot can be heard on this audio file apparently giving me extra notice of this baseless eviction via verbal.


Learn To Code Hands-on Computer Tuition

Tom Atkinson - Director, Tomachi Corp.

Tom Atkinson - Director, Tomachi Corp.

Six Week and One-day Classes with Tom

Tomachi Corporation has developed a series of hands-on six week online courses with weekly webinar and 20 minute catch-up phone call:

Week 1 - The Smorgasbord: Intro to programming, Making cool graphics and animations with code, Database-driven websites with Linux, Boost My Business Quick, and Launch Your Own Central Bank and Mint Your Own ERC20 Compliant Ethereum Coin.

    • Small class sizes run via Google Hangouts
    • Content tailored to your knowledge level
    • Requires only macOS Windows or Linux and internet access
    • Step by step class walk throughs
    • To enrol complete the survey below...

Create your own user feedback survey


For enrolments please fill in the form above ^^^, if it does not display then try this SurveyMonkey link

Once that survey is complete grab yourself a slot (only 80 available!) on the next available webinar

Reserve Webinar Seat RSVP

Bring Your Own Laptop - Short 6 week Computer Courses
Tomachi Corp needs to do some basic market research… which course would you prefer?

Router Hardening & Lockdown

The following guidelines are distilled from Apple's handy page for it's customers on how to secure their Wifi routers. I've shrunk it down to the minimum:

  • Up to date Wi–Fi router firmware
  • Hope that all Wi–Fi devices you want to use support the settings (WPA2)
  • Back up your Wi–Fi router settings
  • After changing Wifi password, do a Forget or Remove the Wi-Fi settings from all devices
  • You can configure an AirPort Base Station with AirPort Utility. If you have a different router, refer to the manual or to the manufacturer's website to learn how to change the settings.

Use the settings below for best performance, security, and reliability.


The SSID, or network name, identifies your Wi-Fi network to users and other Wi-Fi devices.

Best: Hidden network
Better: Any unique name
Default: SSID name (eg "Vodafone") may be shared by others (not good)

Choose a name that's unique to your network and isn't shared by other nearby networks or other networks you are likely to encounter. If your router came with a default SSID (network name), it's especially important that you change it to a different, unique name. Some common default SSID names to avoid are "linksys", "netgear", "NETGEAR", "dlink", "wireless", "2wire", and "default".

If your SSID isn't unique, Wi-Fi devices will have trouble identifying your network. This could cause them to fail to automatically connect to your network, or to connect to other networks sharing the same SSID. Also, it might prevent Wi-Fi devices from using all routers in your network (if you have more than one Wi-Fi router), or prevent them from using all available bands (if you have a dual-band Wi-Fi router).

Hidden network

Hidden networks don't broadcast their SSID over Wi-Fi. This option might also be incorrectly referred to as a "closed" network, and the corresponding non-hidden state might be referred to as "broadcast" or "open".

Set to: Disabled

Details: Because hidden networks don't broadcast their SSID, it's harder for devices to find them, which can result in increased connection time and can reduce the reliability of auto-connection. Hiding a network doesn't secure your Wi-Fi network, because the SSID is still available through other mechanisms. Security is enforced by a different setting (see Security below).

MAC address authentication or filtering

Restricts access to a Wi-Fi router to devices with specific MAC (Media Access Control) addresses.

Set to: Disabled

Details: When enabled, this feature allows a user to configure a list of MAC addresses for the Wi-Fi router, and restrict access to devices with addresses that are on the list. Devices with MAC addresses not on the list will fail to associate to the Wi-Fi network. Unfortunately, device MAC addresses can be easily changed, so this can't be relied upon to prevent unauthorised access to the network. Security should be enforced by a different setting (see Security below).

iOS 8 and later uses a randomised Media Access Control (MAC) address when running Wi-Fi scans. The scans are conducted when a device isn't associated with a Wi-Fi network and its processor is asleep. A device’s processor goes to sleep shortly after the screen is turned off. Wi-Fi scans are run to determine if a user can connect to a preferred Wi-Fi network. Enhanced Wi-Fi scans are run when a device uses Location Services for apps that use geofences, like location-based reminders, which determine if the device is near a specific location.


The security setting controls the type of authentication and encryption used by your Wi-Fi router. This setting allows you to control access to your wireless network, as well as to specify the level of privacy you'd like to have for data you send over the air.

Set to: WPA2 Personal (AES)

Details: WPA2 Personal (AES) is currently the strongest form of security offered by Wi-Fi products, and is recommended for all uses. When enabling WPA2, be sure to select a strong password, one that cannot be guessed by third parties.

If you have older Wi-Fi devices on your network that don't support WPA2 Personal (AES), a good second choice is WPA/WPA2 Mode (often referred to as WPA Mixed Mode). This mode will allow newer devices to use the stronger WPA2 AES encryption, while still allowing older devices to connect with older WPA TKIP-level encryption. If your Wi-Fi router doesn't support WPA/WPA2 Mode, WPA Personal (TKIP) mode is the next best choice.

Using WEP isn't recommended for compatibility, reliability, performance, and security reasons. WEP is insecure and functionally obsolete. Use TKIP if you must choose between it and WEP.

For reference, "None" or unsecured mode, provides no authentication or encryption. If you use this security mode, anyone will be able to join your Wi-Fi network, use your Internet connection, or access any shared resource on your network. Also, anyone will be able to read any traffic you send over the network. For these reasons, this security mode isn't recommended.

Due to serious security weaknesses, the WEP and WPA TKIP encryption methods are deprecated and strongly discouraged. These modes should  be used only if it is necessary to support legacy Wi-Fi devices that don't support WPA2 AES and cannot be upgraded to support WPA2 AES. Devices using these deprecated encryption methods won't be able to take full advantage of 802.11n performance and other features. Due to these issues the Wi-Fi Alliance has directed the Wi-Fi industry to phase out WEP and WPA TKIP.

2.4 GHz Radio Mode

This setting controls which versions of the 802.11a/b/g/n standard the network uses for wireless communication on the 2.4 GHz band. Newer standards (802.11n) support faster transfer rates, and older standards provide compatibility with older devices and additional range.

Set to: 802.11b/g/n

Details: Routers that support 802.11n should be configured for 802.11b/g/n for maximum speed and compatibility. Routers that only support 802.11g should be put in 802.11b/g mode, while those that support only 802.11b can be left in 802.11b mode. Different Wi-Fi routers support different radio modes, so the exact setting will vary depending on the Wi-Fi router in use. In general, enable support for all modes. Devices will then automatically select the fastest commonly supported mode to communicate. Note that choosing a subset of the available modes will prevent some devices from connecting (for example, 802.11b/g devices will be unable to connect to a Wi-Fi router in 802.11n-only mode). Also, choosing a subset of the available modes might cause interference with nearby legacy networks, and might cause nearby legacy devices to interfere with your network.

5 GHz Radio Mode

This setting controls which versions of the 802.11a/b/g/n standard the network uses for wireless communication on the 5 GHz band. Newer standards support faster transfer rates, and older standards provide compatibility with older devices and additional range.

Set to: 802.11a/n

Details: Routers that support 802.11n should be configured for 802.11a/n mode for maximum speed and compatibility. Routers that only support 802.11a can be left in 802.11a mode. Different Wi-Fi routers support different radio modes, so the exact setting will vary depending on the Wi-Fi router in use. In general, enable support for all modes. Devices will then automatically select the fastest commonly supported mode to communicate. Note that choosing a subset of the available modes will prevent older devices from connecting (for example, 802.11a devices will be unable to connect to a Wi-Fi router in 802.11n-only mode). In addition, choosing a subset of the available modes might cause interference with nearby legacy networks, and might cause nearby legacy devices to interfere with your network.


This setting controls which channel your Wi-Fi router will use to communicate. "Auto" allows the Wi-Fi router to select the best channel automatically. You can also manually select a channel.

Set to: Auto

Details: For best performance, choose "Auto" mode and let the Wi-Fi router select the best channel. If this mode isn't supported by your Wi-Fi router, you'll need to manually select a channel. You should pick a channel that's free from other Wi-Fi routers and other sources of interference. Read about possible sources of interference.

2.4 GHz channel width

Channel width controls how large a "pipe" is available to transfer data. However, larger channels are more subject to interference and more prone to interfere with other devices. A 40 MHz channel is sometimes referred to as a wide channel, with 20 MHz channels referred to as narrow channels.

Set to: 20 MHz

Details: Use 20 MHz channels in the 2.4 GHz band. Using 40 MHz channels in the 2.4 GHz band can cause performance and reliability issues with your network, especially in the presence of other Wi-Fi networks and other 2.4 GHz devices. 40 MHz channels might also cause interference and issues with other devices that use this band, such as Bluetooth devices, cordless phones, neighbouring Wi-Fi networks, and so on. Note that not all routers support 40 MHz channels, especially in the 2.4 GHz band. If they are not supported, the router will use 20 MHz channels.

5 GHz channel width

Channel width controls how large a "pipe" is available to transfer data. Larger channels are more prone to interference, and more likely to interfere with other devices. Interference is less of an issue in the 5 GHz band than in the 2.4 GHz band. A 40 MHz channel is sometimes referred to as a wide channel, with 20 MHz channels referred to as narrow channels.

Set to: For 802.11n access points, set the 5GHz band to 20 MHz and 40 MHz. For 802.11ac access points, set the 5GHz band to 20 MHz, 40 MHz, and 80 MHz.

Details: For best performance and reliability, enable support for all channel widths. This allows devices to use the largest width they support, which results in optimal performance and compatibility. Not all client devices support 40 MHz channels, so don't enable 40 MHz-only mode. Devices that support only 20 MHz channels won't be able to connect to a Wi-Fi router in 40 MHz-only mode. Similarly, don't enable 80 MHz-only mode, or only clients capable of 802.11ac will be able to connect. Also, not all routers support 40 MHz and 80 MHz channels. A router that doesn't will use 20 MHz channels.


The Dynamic Host Configuration Protocol (DHCP) assigns addresses that identify devices on your network. Once assigned, devices use these addresses to communicate with each other and with computers on the Internet. The functionality of a DHCP server can be thought of as similar to a phone company handing out phone numbers, which customers then use to call other people.

Set to: Only one DHCP server per network

Details: There should be only one DHCP server on your network. This DHCP server might be built in to your DSL or cable modem, a standalone router, or integrated with your Wi-Fi router. In any case, only one device should act as a DHCP server on your network. If more than one device has it enabled, you will likely see address conflicts and will have issues accessing the Internet or other resources on your network.


Network address translation (NAT) translates between addresses on the Internet and those on a local network. The functionality of a NAT provider is like that of a worker in an office mail room who takes a business address and an employee name on incoming letters and replaces them with the destination office number in a building. This allows people outside the business to send information to a specific person in the building.

Set to: Enabled only on your router; only one device at most should provide NAT services on the network.

Details: Generally, NAT should only be enabled on the device acting as a router for your network. This is usually either your DSL or cable modem, or a standalone router, which might also act as your Wi-Fi router. If NAT is enabled on more than one device—"double NAT"—you'll likely have trouble accessing certain Internet services, such as games, Voice Over IP (VoIP), and Virtual Private Network (VPN), and communicating across the different levels of NAT on the local network.

WMM (Wi-Fi Multimedia)

WMM prioritises network traffic according to four access categories: voice, video, best effort, and background.

Set to: Enabled

Details: All 802.11n and 802.11ac access points should have WMM enabled in their default configuration. Disabling WMM can cause issues for the entire network, not just Apple products on the network.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Local Band or Artist Website Financing Deal

We are offering 2 years financing for bands, local artists, and other self employed people to spend a day with us setting up your website.

Half Day Intensive Hands On Website Setup

$10/month for 2 years

Normally, 3 to 4 hours with Tom in Auckland onsite at your premises would cost $240-$320, which would be enough to cover setting up the site, picking a theme, publishing of the initial pages.

Paid over 2 years this is only $10/month. The after 3.3 years or so, you qualify for forever free hosting and it can drop to $0.

Direct Debit Terms

Being on retainer has it's benefits

  • No surprise charges - All increases to billing requires express consent
  • Unlimited phone support time for chat about the site
  • It's like an insurance policy against info-tech surprises
  • You provide your bank account number, we handle the rest
  • As many screen sharing / one on one training sessions as you wish
  • Cancellation is with three cycles notice to cover wind downs
  • Most projects take around 12 weeks see our method
  • Unused time accrues as time-credit / Bursts of work can be done using time-debt
  • Forever Free Website Hosting
  • Free ad campaigns:
    • Auckland Music Update blog-letter sent to 550 email subscribers
    • On WEFUNK Radio internet and LPFM station (coming soon to the airwaves near K Rd)

Our Ethos = It's about the relationship

All direct debit clients receive forever free website hosting, so long as account is active or has paid the minimum to qualify. We use open source technology and try to always ensure you have the ultimate control over your own domain. Therefore we usually ask our clients to pay for their own domain names on their own accounts, but to add [email protected] as an admin so we can make changes if needed quickly. Having said that, we are happy to pay for your domain name if you prefer!

Typical Project Agreement Terms

For new clients, we suggest a weekly cycle, with entire project delivery taking not more than 12 weeks.

Choose a payment period based on long or short term projects:

Monthly for more economic long term projects and hosting
Weekly for short sprint projects where you need something urgently and to be very high build quality

- Fixed agreed payments are set to auto debit from your bank account
- Termination is with two cycles notice and will result in two full payments and one part payment
- Decreases in retainer amount are automatically applied to your account next cycle
- Increases in retainer amount are only permitted by email notice and must either involve:
a) the expressed agreement of both parties (if to be applied immediately); or
b) if no agreement reached then via normal termination of two full payments and one part payment.

Long term, it ensures we work together efficiently:

  • over utilisation of my time by you will generate warnings and begin to accrue as real debit your account with TCorp
  • under utilisation of my time accrues as virtual time credit you have with TCorp
  • since the time credit evaporates immediately at termination unlike the real debt this encourages us to ensure the relationship is fully win/win
  • ensures I do not rack up overly large time debt as it may endanger the relationship
  • if you terminate with account debts I still only get the last three payments after notice
  • if you terminate with time credit it lasts two cycles then evaporates

The following applies to clients who pay via direct debit.

Tomachi Corporation Ezypay account

Account reference number
Account type
Account administrator
Ezypay Online
Tom Atkinson
Customer load fee (incl. GST) $10.00 $10 (one time setup fee)
Charged to Customer
 Transaction fees (incl. GST) Bank account 3.5% of the debit amount
Visa / MasterCard 4.5% of the debit amount
Charged to Tomachi Corporation
Customer failed payment fee (incl. GST)  $5.78
Charged to Customer

Instruction options:

  • Recurring
  • Recurring with a different first amount
  • Once-off

The Fine Print

1. Retainers are usually calculated using a 6 month rolling average that may include time analysis if: a) 3 to 6 months of past activity; b) up to 6 months of future work estimation; and c) arrears from previous work. 2. Retainer hours are invoiced on 1st of each month yet no invoice will be issued. 3. Un-used hours from your payments for work that was not done will accrue as a time credit to the lifetime hours on your account with us, yet aren’t refundable as cash only work done; Accrued hours can be applied to future work as a form of credit, and overused / overtime / unscheduled / unquoted emergency work can borrow retainer and quoted hours from the rolling future hours or future quote and invoice hours. The intention of this is to ensure a long lasting relationship built on respect and trust.  4. Tomachi Corporation indicates a preference to ask for acceptance rather than permission in regards to the pre-emptive use of account time without approval. We hope our judgement is satisfactory and promise to endeavour to keep you informed of our use of your time and seek sign-off first when the specific urgent work is deemed either a possible efficient use of time, is simply practical, is required by law, or just purely and sensible and prudent. 5. Only quotes and changes to retainer are notified / invoiced, automated retainer months will occur with an email from our provider EzyPay to confirm. 6. Both hours and invoiced amount totals will be recorded, to allow us to analyse your retainer settings and client profitability overall, and to allow us to charge varied rates depending on the work for example $80/hr small business, $100/hr corporate rate, $300/hr network security; see 7. Present and future work is only carried out when a live retainer contract is in operation or a full quote has been accepted and signed for; Minimum retainer is either is either 20 minutes/month or 24 minutes/year whichever is smaller. Forever Free Hosting is provided when lifetime spend is over the amount set according to terms at: site-hosting/ 8. Urgent work may require agreed extra time sign-off in writing, however deadlines and timeliness of work is never guaranteed but backed by the good faith of our motivation to continue our relationship with you and continue as contractor ongoing. 9. Payments are processed 1st of each month, failed payments auto re-bill on 24th. 10. Direct debit account fees: setup $10; a/p failed payment fee $5.68; transaction fees are paid by TCorp but credited to your account less 3.5% or 4.5% for credit cards. 11. These terms are also available online at