Ungooglable Azure errors

I recently found myself in a situation I haven't experienced in a long time: I got an error message that no one on the internet has had before. Neither DuckDuckGo, Google, nor Bing could find a single hit about the problem, much less a solution. The root cause (spoilers!) ended up being rather boring: I tried to use some features of the Azure cloud platform that are apparently blocked by the IT department of my company.

I don't know exactly why these errors are impossible to find - either they were written by someone in my company's IT department or my employer is the only one who blocks the OAuth authentication flow. Either way, and as a service to the community, I am copying the error messages here.

The first one means that you are trying to use any type of authentication other than the allowed one:

AADSTS1000470: The protocol OAuth2DeviceAuth is blocked for tenant <tenant-id>. Please contact your administrator for assistance.

The second one means that you tried to create a resource that the internal rules don't allow. I know I hit this one when following an ML tutorial, but I can't remember the specifics right now. Hint: If you also got the string "RBAC restrictions" somewhere in the description, then you are seeing the same one:

At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.

code: RequestDisallowedByPolicy
message: Resource '<resource-id>' was disallowed by policy. Policy identifiers: <bunch of json with redacted information>

If you run into these error messages, feel free to get in touch with me and I'll share all of my poor Azure wisdom with you.

Brain dump

Here's a list of short thoughts that are too long for a tweet toot but too short for a post.

On old computer hardware

I spent the last month of my life fixing the computers of my family. That meant installing Roblox on a tablet with 1Gb of RAM, fixing antivirus on Windows 7, dealing with Alexa in Spanish, and trying to find cheap ink for printers with DRM. Fun fact: HP uses DRM to forbid you from importing ink, and then stopped delivering ink to my family's city.

Modern hardware can have a long, long life, but this won't happen if software developers don't start optimizing their code even a bit. Sure, Barry Collins may not have a problem with an OS that requires 4Gb of RAM, but I feel I speak for tens of thousands of users when I say that he doesn't know what he's talking about.

On new computer hardware

I know that everyone likes to dump on Mark Zuckerberg, and with good reason: the firm formerly known as Facebook is awful and you should stay away from everything and anything they touch. Having said that, there's a reasonable chance that the moment of VR is finally here. If you are a software developer, I encourage you to at least form an informed opinion before the VR train leaves the station.

On movies

I wasn't expecting to enjoy Ready or not as much as I did. I also wasn't expecting to enjoy a second watch of Inception almost as much as the first time, but those things happened anyway. I was however expecting to enjoy Your name, so no surprises there.

I also got on a discussion about Meat Grinder, a Thai film that is so boring and incoherent that it cured me of bad movies forever. No matter how bad a film is, my brain can always relax and say "sure, it's bad, but at least it's not Meat Grinder". I hold a similar opinion about Funny Games, a movies where even the actors on the poster seem to be ashamed of themselves. At least here I have the backing of cinema critic Mark Kermode, who called it "a really annoying experience". Take that, people from my old blog who said I was the one who didn't "get it".

On books

Michael Lewis' book Liar's Poker is not as good as The Big Short, but if you read the latter without the former you are doing yourself a disservice. I wasn't expecting to become the kind of person who shudders when reading that "the head of mortgage trading at First Boston who helped create the fist CMO, lists it (...) as the most important financial innovation of the 1980s", and yet here we are.

I really, really, really like Roger Zelazny's A night in the lonesome October, which is why I'm surprised at how little I liked his earlier, award-winning book This immortal. I mean, it's not bad, but I wouldn't have tied it with Dune as Hugo Award winner of 1966 for Best Novel. I think it will end up overtaking House of Leaves in the category of books that disappointed me the most.

And finally, I can't make any progress with Katie Hafner and Matthew Lyon's book Where wizards stay up late because every time I try to get back to it I get an irresistible urge to jump onto my computer and start programming. Looks like Masters of Doom will have to keep waiting.

On music

My favorite song that I discovered this year so far is Haunted by Poe. Looking for some music of her I learned about how thoroughly lawyers and the US music industry destroyed her career. This made me pretty angry until I read that her net worth is well into the millions of dollars, so I guess she came out fine after all. And since the album was written as a collaboration with her brother while he was writing "House of Leaves", I guess I did get something out of that book at the end.

Some thoughts on learning about computers

Here's a thought that has been rattling around in my head for the last 10 years or so.

My first word processor was WordStar, but I never got to use it fully. After all, what use does a 10 year old have for a word processor in 1994?

I then moved on to MicroCom's PC-Flow for several reasons. First and foremost, it was already installed on my PC. Either that or I pirated it early enough not to make a difference - in either case, it had the major advantage of already being there. Second, it was "graphical" - it may have been a program for flow charts, but that didn't stop me from writing some awful early attempts at writing music that are now lost to the sands of time and 5.25 floppy disks. And third, because it printed - not all of my programs played nice with my printer, but this one did. The end result being that I wrote plenty of silly texts using a program designed for flow charts.

The late 90s were a tumultuous time for my computer skills. At home I had both MS Office '97 and my all-time-favorite Ami Pro, while in high school I had to use a copy of Microsoft Works that was already old at the time. The aughts brought Linux and StarOffice, which would eventually morph into OpenOffice and LibreOffice. Shortly afterwards I also learned LaTeX, making me care about fonts and citations to a degree that I would never have imagined.

And finally, the '10s brought Google Docs and MS Office 365. But the least said about them, the better.

The point of this incomplete stroll through memory lane is to point out the following: if there's a way to mark a text as bold in a document, I've done it. Cryptic command? Check. Button in a status bar that changes places across versions? Check. Textual markers that a pre-processor will remove before generating the final file? Check. Nothing? Also check. If you ever need to figure out how some piece of software expects you to mark something in bold, I'm your man.

And precisely because this function kept jumping around and changing shape throughout my entire life, I have developed a mental model that differentiates between the objective and the way to get there. If I have a reasonable belief that a piece of software can generate bold text, I'll poke around until I find the magic incantation that achieves this objective. But my story is not everybody's story. Most regular people I know learned how to make bold text exactly once, and then they stuck to that one piece of software for as long as possible. For them, text being bold and that one single button in that one single place are indistinguishable, and if you move the button around they'll suddenly panic because someone has moved their cheese.

I have long wondered what's the long-term effect of this "quirk" in our education system. And forecasts are not looking good: according to The Verge, students nowadays are having trouble even understanding what a file is. Instead of teaching people to understand the relation between presentation and content, we have been abstracting the underlying system to the point of incomprehension. The fact that Windows 10 makes it so damn hard to select a folder makes me fear that this might be deliberate - I'm not one to think of shady men ruining entire generations in the name of profit, but it's hard to find a better explanation for this specific case.

Based on my experience learning Assembly, pointers, and debugging, I believe that the best cure to this specific disease is a top-down approach1 with pen and paper. If I were to teach an "Introduction to computers" class, I would split it in two stages: First, my students would write their intended content down, using their own hands on actual paper. They would then use highlighters to identify headers, text that should be emphasized, sections, and so on. At this stage we would only talk about content while completely ignoring presentation, in order to emphasize that...

  • ... yes, you might end up using bold text both to emphasize a word and for sub-sub headers, but they mean different things.
  • ... once you know what the affordances of a word processor are, all you need to figure out is where the interface has hidden them.

We would then move on to the practical part, using a word processor they have never seen. We would use this interface so the students get a rough idea of what the interface looks like in real life. And finally, my students would then go home and practice with whatever version of MS Office it's installed in their computer. If at least one of them tries to align text with multiple spaces only to feel dirty and re-do it the right way, I will consider my class a success.

Would this work? Pedagogically, I think it would. But I am painfully aware that my students would hate it. And good luck selling a computer course that doesn't interact with a computer. It occurs to me that perhaps it could be done in an interactive program, one that "unlocks" interface perks as you learn them. If I'm ever unemployed and with enough time in my hands, I'll give it a try and let you know.


[1] A top-down approach would be learning the concepts first and the implementation details later. Its counterpart would be bottom-up, in which you first learn how to do something and later on you learn what you did that for. Bottom-up gets your hands dirty earlier, similar to Mr. Miyagi's teaching style, while top-down keeps you from developing bad habits.

My WIP: unsignedch.ar

I have been too busy to blog the last month and a half, so I thought I'd take a bit of time to talk about my new project, unsignedch.ar.

Ever since I started taking care of this server I have been worried about the projects I host here - the more scripting languages I install, the higher the chances that someone will find a vulnerability and use my server for mining cryptocurrencies.

Therefore, I have started a new side-project: a new server where I will host all of my coding experiments, knowing full well that I can reinstall the whole thing whenever needed.

The server is currently under construction, but if you're interested in a sneak peak you can access my current draft of a git tutorial following this link. If you have comments on that draft, feel free to reach out to me.

How to recover your GMail account in four months

Last time I talked about GMail I mentioned that my account was blocked for sending about 100 e-mails despite following Google's best practices for doing so. On July 23 I got my access back, and I though I would update you all on how that happened since.

Note: This article is rather long because there's plenty of e-mail content. If you don't care about the details, you can jump to the end for a timeline and some final thoughts.


After getting my account blocked on March 27, I contacted Google support. Following an automated message receipt, I received this message:

Hello Google user,

Your account has been disabled due to unusual activity being detected. We take security seriously and want to make sure that only you have access to your account.


How do I regain access to my account?

Sign in to any Google product. If your password is accepted, you'll be asked a set of questions to verify that you are the owner of your account. Once the verification is complete, you can safely continue using your account.

What if my password doesn't work?

If your password is rejected, please visit the [Account support page] and answer all of the prompted questions as best as you can.

If you remember my previous post you might know that none of these suggestions is useful. I replied with a message saying exactly that, but I got no response.


Here's an interesting fact: while Google has no obligation to keep me as a customer (or, in this case, product), they are obligated by the General Data Protection Regulation (GDPR) to give me a copy of my personal data. And even though Google provides a tool for downloading a copy of your data, the tool is useless if you can't log in. With this in mind, and with the help of the My Data Done Right tool, I sent the following letter (yes, letter) to Google's Data Controller on April 28:

To Whom it may concern:

I am invoking my right to data portability as specified in Article 20 of the General Data Protection Regulation. In particular, I am requesting Google Ireland Limited ("Google") to either provide me with a copy of my e-mails and other personal data in a structured, commonly used and machine-readable format or to grant me access to existing tools such as Google Takeout so I can do it myself.

I am the owner of the GMail email address <redacted>@gmail.com. For the past two weeks Google has blocked my access to my account and refused all methods of verification. I have provided the correct password, the correct verification e-mail address and a valid telephone number, none of which worked. Both the "Google Takeout" tool and the "Data Access Request Form" mentioned here are unavailable to me for this reason.

I request that Google either restores my access so I can use Google's tools myself or that Google provides me with a copy of my data following the GDPR's Right to Data Portability. I can provide further means of verifying my identity if necessary.

Why a letter? Three reasons:

  • Because I knew a human would have to process it.
  • Because I wanted a paper trail in case I decided to hire a lawyer (I paid extra to send it via registered mail).
  • Because signing as "Dr. Martín Villalba" with blue pen sends the signal that I'm an annoying person and that we would all be better off if they simply fast-tracked my request.


On May 4 I got the following reply from Google's Data Protection Office:


Thank you for contacting us.

It sounds like you're having some problems with your account.

  • If you can't sign in to your account: Learn how to [recover your account]
  • If you're having trouble recovering your account: Try these tips to get [your account back].



After following the steps above (once again, they didn't work), I made a mistake. See:

  • What I should have replied is "this is not an account recovery request, but rather a data access request. While giving me my account back is one way of fulfilling that request, that's not the purpose of my letter".
  • What I did end up replying was telling them that I tried all of those options and none of them work.

Why was that a mistake? Because this is the reply I got on the same day:


Thank you for contacting us.

Please note that this team does not handle account recovery related questions. Please refer to our prior email for more information, as well as follow these steps to recover your account [g.co].

As we are not able to further assist you, we are closing this inquiry.

True to their word, they closed the inquiry and never replied again.


Having learned from my mistakes, on June 1st I sent a second letter to politely remind them that it's been more than 30 days since my request. Why? Because 30 days is the period granted by the GDPR to fulfill data access requests like mine.

To Whom it may concern,

I am the owner of the Gmail address <redacted>@gmail.com. I have contacted you on April 28th to request a copy of my personal data as it is my right under Article 20 of the General Data Protection Regulation. It has been more than 30 days since my original request (Internal Ref. <redacted>) and yet I have received neither a copy of said data nor access to a tool where I could download it myself.

I request once again that you provide a copy of all my data (including the content of my e-mails) in a structured, commonly used, and machine-readable format. As a reminder, I have no access to the "Google Takeout" tool and none of the options suggested in the following links grant me access to the data I request. Therefore, I cannot accept suggestions of using these websites as a valid response:

  • https://g.co/recover
  • https://support.google.com/accounts/answer/7682439
  • https://support.google.com/accounts/answer/7299973

To reiterate: this is not an account recovery request - it has been more than two months since Google revoked access to my account and I consider it deactivated for all practical purposes. Instead, I only request a copy of my personal data. For purposes of identification I am still in possession of the current password and the recovery e-mail address, but I would be willing to provide further proof of identity if necessary.

And then I went back to living my Google-free life.


On July 16th I opened my e-mail and found this:


Thank you for contacting us.

The information you seek may already be available to you via a number of secure online tools we provide to all users to access data. Sign in to your [Google Account] to get an overview of the ways you use Google’s services and access that data. Here are some other actions you can take:

(... long e-mail redacted ...)

To which I replied

Dear Sir or Madam,

thanks for your reply. As I explained before, Google has blocked access to my account. None of those tools work for me because I cannot sign in and no one replies to my account support emails.

Seeing as your office is in charge of data requests, I reiterate my request that my data be provided to me. Suggesting apps I cannot use are not a satisfactory response to my request.

On July 22nd, and coinciding with the anniversary of the most expensive hyphen in history, I finally got a step closer to my goal.


We understand that you can’t sign in to <redacted>@gmail.com. You can file a claim and start the process to get back into your account.

To recover your account:

File a claim with the [Google Internal Escalations link]. This is a special link, so please do not share it with anyone.

Important: This link creates a claim so the Google Accounts team can investigate, but doesn't guarantee you'll get your account back. However, please make sure we have the relevant information to investigate.

Here's what I told the Accounts team:


my case ID is <redacted>. As a reminder, this is a request for a copy of my personal data - while access to my Google account does fulfill this request, I am just looking for a copy of said data in any electronic format.

And guess what? On July 23 I finally got what I was asking for:


To recover access to <redacted>@gmail.com, reset your password.

          [RESET PASSWORD]

The link to reset your Google account password expires in 7 days. If your link already expired, reply to this email to get a new link.


  • March 27: my account is blocked. I fill an online form, but I only get a canned response.
  • April 28: I sent my first letter.
  • May 4: I receive an e-mail misunderstanding the problem. My ticket is closed.
  • June 1: I sent the second letter.
  • July 16: I receive an email suggesting I use Google Takeout. I reply that this doesn't help because I can't log in.
  • July 22: I receive a link to escalate my issue.
  • July 23: I regain control of my account.

Final thoughts

I'd like to once again thank the My Data Done Right people for providing letter templates that I could use and, more important, the mailing address of Google's Data Protection Office. If you are in the EU and you have data access problems, make sure you pay them a visit.

If you don't have as much time as I do, then a lawyer might help you speed up the process. I imagine a certified demand letter from a lawyer might have gotten me a quicker resolution, but now we will never know. Feel free to get your account banned and let me know afterwards how it goes.

And finally: take control of your data. Make sure that what happened to me can't happen to you. You don't have to administer your own e-mail, but you can definitely use a provider with reasonable customer support.

« Page 2 / 16 »