General « GeekLAN

Archive for the ‘General’ Category

Technology has created storage faster than we can use it

Friday, May 3rd, 2013

The Plan9 from Bell Labs paper discusses serving files and the central server used in their scenario:
“The central server in our installation has about 100 megabytes of memory buffer, 27 gigabytes of magnetic disks, and 350 gigabytes of bulk storage in a write-once-read-many (WORM) jukebox.”

The paper goes onto describe their use of this storage setup to demonstrate the ability to do dumps of file systems for backups & recovering or interacting with previous changes in Plan9, finishing with
“Our WORM has served a community of about 50 users for five years and has absorbed daily dumps, consuming a total of 65% of the storage in the jukebox. In that time, the manufacturer has improved the technology, doubling the capacity of the individual disks. If we were to upgrade to the new media, we would have more free space than in the original empty jukebox. Technology has created storage faster than we can use it”.

Tags: Plan9, storage
Posted in General | No Comments »

Book review : Kerberos, The definitive guide

Sunday, February 10th, 2013

Kerberos & AFS have been two technologies I’ve wanted to deploy for a long time but based on my experience with Kerberos in Windows 2000 & and studies for MCSE I had made myself believe that it would be a painful task, I purchased this book a couple of years back but never got around to reading it properly until the start of the new year. The book is divided into 10 chapters, the first 3 explain how Kerberos works conceptually, from there on the book covers the practical aspects, how to deploy Kerberos using the MIT, Heimdal & Windows implementation, how to troubleshoot common issues, improve security, integrate applications & services, implement cross realm authentication, windows & UNIX integration, finishing off with the future of Kerberos.
The book uses FreeBSD as the OS which the UNIX examples are demonstrated on though Kerberos is built from source. I also used FreeBSD to perform my test installation but instead opted to use the Heimdal implementation which comes bundled as standard in the base OS of the BSDs. Implementation was really simple, once the KDC was up & the necessary SRV records were in place, telnet authentication worked seamlessly and after I’d set GSSAPIAuthentication yes in my ssh(1) & sshd(8) config files, SSH also worked seamlessly. Only thing that caught me out was Heimdal in FreeBSD base uses DNS where as the book assumes that this is switched off (not sure if this feature was switched off by default at the time & has now changed or it’s just the FreeBSD bundled version which has it on by default). The information for troubleshooting & some of security is still relevant but other than that it is badly outdated, discussing DES encryption & the lack of support for RC4 encryption which was the default cipher used by Windows 2000. Setting up a slave KDC has also change since this book was published in Heimdal, you now need a hprop/hostname principal for each slave server where as the book recommends host/hostname principals which doesn’t work with Heimdal anymore.

Looking around, you will still see references to Windows 2000 when doing Kerberos implementation eg in the current Heimdal documentation, I’m not sure if this is still applicable to the latest version of Windows or it’s there for historical reference.
If I were looking to learn about Kerberos, specifically Heimdal, I would use the official documentation & the Kerberos5 article on the FreeBSD handbook instead of buying this book as there is too much outdated advice in this book that no longer applies.
Ignoring the outdated best practices, the initial implementation information has remained the same over the year & it’s amazingly easy to deploy in a lab scenario for testing.

Tags: Book, Kerberos, security
Posted in General | No Comments »

Skype uses nginx?

Saturday, February 9th, 2013

Or is it that box with the RFC1918 address that appears 3 hops away when I run a traceroute?

Tags: Error
Posted in General | No Comments »

Hetzner website doesn’t work

Wednesday, February 6th, 2013

Contrary to what the page says.

Posted in General | No Comments »

WordPress Plugin: Old Core Files

Sunday, January 27th, 2013

I saw the Old Core Files plugin advertised on my WordPress dashboard & I was curious to see what it’d report for this instance.
It listed 461 obsolete files which I was unable to delete but this may be due to my config rather than a plugin issue (fiddling with filesystem permissions did not help). After the tidy up I went to compose a post only to find that leaving the plugin active breaks the add new post section of WordPress, the following error message is logged

2013/01/27 21:46:36 [error] 49410#0: *511 FastCGI sent in stderr: "PHP Fatal error: Call to a member function abspath() on a non-object in /myblog/wp-content/plugins/old-core-files/old-core-files.php on line 237" while reading upstream, client: 10.10.10.10, server: http://www.myblog.foo, request: "GET /wp-admin/post-new.php HTTP/1.1", upstream: "fastcgi://unix:/tmp/php.socket:", host: "www.myblog.foo", referrer: "https://www.myblog.foo/wp-admin/"

If you have an instance of WordPress that’s been around for a while & has gone through several version updates then it’s well worth installing as a one off. Use the plugin to get a list of obsolete files & remove the plugin afterwards. The current version (v1.0) seems to cause issues if left enabled.

Update 28/1/2013
Version 1.1 has been released which removes the delete button.

Tags: blogging, wordpress
Posted in General | No Comments »

WordPress database error Illegal mix of collations

Monday, January 7th, 2013

Ignore the advice below, this error is still produced and tables are still in latin1 encoding, I will follow up once I’ve looked into it further
So the databases for my blogs were setup a long time ago when the mysql database used a latin1 character set and the latin1_swedish_ci collation. With the 2.1.3 release of WordPress this was changed to UTF-8 which applied to new installs. I was recently looking through my errors logs & noticed frequent errors like
"WordPress database error Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation '=' for query SELECT comment_ID FROM wp_comments WHERE comment_post_ID = '1' AND comment_parent = '0' AND comment_approved != 'trash' AND ( comment_author = 'Someone' OR comment_author_email = 'something@example.com' ) AND comment_content = 'Some comment' LIMIT 1 made by wp_new_comment, wp_allow_comment

As these errors were always generated by spammers I had alway assumed that these errors were cause by them using misconfigured scripts/tools? after all, every time you upgrade WordPress it performs a database update if it’s required!
I suspect I may have screwed things up by replacing the wp-config.php with a more recent copy. This blog started off on a very early zero dot release of WordPress so I was missing lots of things such as the variables for “Authentication Unique Keys” so I swapped files around.

The WordPress site has an article on converting database character sets which gives a brief history & lists several different approaches to solving this problem. I didn’t want to dump databases & restore so I took the longer way of converting tables manually, thought I was done & left it that. Earlier I drafted up a blog post on Acme and happened to scroll down the front page by accident where I noticed that one of my blog posts was incomplete, looking through the archive showed other posts which also had content missing.
Luckily I’d taken a backup before starting the conversion process.
I created a new database for each blog & re-imported each dump using
mysql -u root -p --default-character-set=utf8 mydbname <; mydbbackup.sql
as instructed in the WordPress article
Revisiting the site showed the incomplete posts were fixed.

Tags: myql, wordpress
Posted in General | No Comments »

Acme

Monday, January 7th, 2013

Back in late October of last year The Setup published an interview with Rob Pikes, in this interview he discussed the acme editor from Plan9 which he described as a editor-shell-IDE-oddball with a link to a screen cast by Plan9 from User Space maintainer Ross Cox demonstrating some of acmes features.
I decided to give it a try & downloaded the source code to build on Mac OS X & I was running acme in without any build issues.
As you’ll hear mentioned in the video, acme was designed with a three button mouse in mind, I was on single button old MacBook Pro with a trackpad. I found it difficult to follow the video as I couldn’t work out how what was what, using the keyboard to modify a single click behavior.
I dug out a three button mouse & things went much better using that, but now I was in a situation where I had several pointing devices on my desk which I didn’t fancy switching between depending on the application I happen to be running.
So I gave up on acme on Mac OS & tried it on my ThinkPad, I was unable to compile devel/plan9port on FreeBSD-CURRENT back then & revisiting last night it still appears to be broken in the release from the 5/1/2013, I switched to Windows & attempted to install inferno but didn’t have much luck with the build process there either, searching around I came across acme-sac which is a standalone bundle of the acme editor taken from inferno with pre-compiled binaries available. Only problem then was that as I do not work in windows normally I rarely got a chance to fire it up & eventually forgot about running it all together.

I’m currently in Moscow & enjoying the Russian new year holiday, as I have spare time I decided to revisit acme again & see if I could find out how to interact with acme using a single button mouse on an Apple pointing device.
On Mac OS, the button on your magic device or trackpad on your laptop = button 1, alt + click = a button 2, ctrl + click = button 3.
You can reproduce the display of labels shown in the video demo by declaring visibleclicks=1.
It seems that it’s not currently possible to address the issue of a 2-1 cord, which allows you to pass arguments to commands. This is where you hold button 2 & press button 1, it’s not a show stopper as you can work around the issue but merging the text you want to connect together before executing on a scratch area.
Now that I am not trying to perform actions which cannot be done with a single button, I’m at a level where I can copy/cut/paste, search, pipe text in & out of commands & save edited text.
So for example I’m able to write a basic hello world program, write it out to a file, pass the file to a compiler, execute the produced executable & display it all within acme.

Note: Plan9 from userspace comes with its own version of some common tools which depending on how you search path is declared in your shell, may override your existing tools that you’re familiar with eg diff, man & ls.

Tags: Application, Plan9
Posted in General | No Comments »

Plugins which improve the basic security of a WordPress instance

Tuesday, December 25th, 2012

I installed a couple of plugins on my instances of wordpress to offer some basic protection which is not available in a stock wordpress install.
First plugin is Simple Security, this plugin protects against brute force login attempts. (There seems to be an issue with the current 1.0.3 release of this plugin where browsing multipage section of the admin section eg posts, followed up with the developer for feedback).

Second plugin is Ban Hammer which allows you to block accounts from signing up using a listed domain or specific email address.

Tags: blogging, plugins, security, wordpress
Posted in General | No Comments »

Goodbye Alphastation

Friday, June 22nd, 2012

My second cool legacy UNIX workstation which got me started on FreeBSD & OpenBSD, I obtained this workstation back in the summer of 2002, I first tried Redhat Linux 7.2 which was available as a free download as a promotion to demonstrate the optimisation ability of the Compaq compiler suite for the Alpha. It was a terrible experience consistent with my previous attempts at running Linux up to that point ( I’d started off on Slackware in 96, moved onto Redhat 5.2 followed by Suse 6.2 ), I soon dropped it & moved onto Debian 3.0 (Woody) which was ok but the 7 cd set was a bit too much hassle for doing package installs, the performance wasn’t much better with the compared to the “optimised” Redhat so I moved onto NT 4.0 workstation & FX32! & ran that for a bit before getting bored. In the new year FreeBSD 5.0 release was announced & Alpha was a supported platform so I gave it try on this machine, armed with a copy of the handbook & the help of IRC I made a lot of progress, first by dropping 5.0 & going back to version 4.7 after being told either x was broken in 5 or y was a bug in 5 too many times. I was blown away by how much faster it was compared to the so-called “optimised” edition of Redhat.
Towards the end of 2003 I started thinking about trying OpenBSD as a firewall after hearing about PF & deployed it when 3.4 was released, the Alphastation served as my gateway connected to a 512k/128k cable modem connection but ended up dropping it & moving to i386 when 3.5 was released because php mysql extension was broken on alpha & I wanted to launch this blog.
After that the Alphastation was used less & less over the years so I passed it onto a fellow techie who would appreciate it.

Tags: Alpha, Alphastation, DEC, FreeBSD, linux, NT, OpenBSD
Posted in General | 2 Comments »

iPodLinux on iPod Classic

Wednesday, June 20th, 2012

I’ve kept an eye on the iPodLinux project since I got my 120GB iPod Classic back in 2007, I was never able to try out the fruits of the project as the last supported model was the one prior to the Classic & from the description of the site, the reason was the Classic & newer models used an encrypted firmware.
I was bored tonight & decided to revisit the project to see if any progress had been made & found the site no longer loaded, reading up on the wikipedia page revealed freemyipod which lists the device as supported, so I gave it a go.

Why would you want to do this?

Support for file formats not offered by Apple e.g FLAC & OGG

Not being tied to an instance of iTunes on a specific computer

Installation is only supported via Linux or Windows & is fairly straightforward, I went with the “no iTunes installed” path on Windows and was done in a few minutes. Only sightly annoying thing is that the device needs to be formatted as part of the install process.

Flashing iPod Classic

Why would you not want to do this?

Rockbox interface is clunkier than the Apple one

Losing the ability to use iTunes to sync music (device presents itself as just another drive to computer, you need to manage getting the music on the device yourself)

I think It was worth the effort to have gained some flexibility & if the interface is really an issue, it is an open source project, so just roll up the sleeves and get involved!

Tags: firmware, iPod, linux
Posted in General | No Comments »

Book Review: Pro DNS and BIND

Sunday, May 27th, 2012

So this is not a new book by any means, bought in 2007, published in 2005, covering BIND 9.x & now succeeded by Pro DNS and BIND 10, I’m on a mission to try & clear as much of my book shelf of books as I can, with ebooks & daily deals from publishers the digital shelf in ibooks is by no means shrinking while I’ve stopped buying books in print. My back is thankful for it & large reference books happily sit in digital format in reach when onsite. Anyway, back to the book this post is about, the book is a polished up version of the DNS for Rocket Scientists Guide which you most certainly would’ve come across if searching for answers to BIND & DNS related questions on the web, with a chapter on DNSSEC which is not on the website for added value.
The book is split into six parts:

Principles and Overview

Get Something Running

DNS Security

Reference

Programming

Appendixes

I read the first eleven of fifteen chapters which took me to the end of the DNS Security part, the last three part are all reference material such as BIND API, RFCs & configuration file parameter lists.
Like the online guide the book is full of useful information & a very easy read apart from the DNS Security part. The “Securing Zone Transfers” felt out of place and jumped into using the dnssec-keygen with no prior reference to it, I struggled with the DNSSEC chapter also but that may have been more to do with it being my first exposure to the topic. The only thing I found annoying was the repeated reference to the backslash representing the spanning to a new line for every paragraph proceeding a command snippet.

With reading this book and a review of deploying DNSSEC in the Intro to DNSSEC video from BSDCan 2012 I am looking forward to deploying DNSSEC via both DS & DLV as I have registrar support for some TLDs but not ccTLDs.

Tags: BIND, Book, DNS
Posted in General | No Comments »

Book Review: Implementing Cisco IOS Network Security (IINS)

Tuesday, March 20th, 2012

So I wrote up a review on the Cisco Press self-study guide for the 640-553 exam which I finished readuing this weekend & while double checking things I noticed that the 640-554 exam topics has already been announced last month with the self-study guide for 640-554 due to be published at the end of August, the new exams will follow on from the 1st of October.
The new book will again be authored by Catherine Paquet so I’m curious how much new content there will be in the new revision.

There are seven chapters in the current 640-553 book

Introduction to Network Security Principles

Perimeter Security

Network Security Using Cisco IOS Firewalls

Fundamentals of Cryptography

Site-to-Site VPNs

Network Security Using Cisco IOS IPS

LAN, SAN, Voice, and Endpoint Security Overview

Chapter 1, “Introduction to Network Security Principles” was the most tedious of the seven to read, a long drawn out chapter covering ethics, risk analysis, lots of charts, graphs & cost figures (I managed to get through the chapter by thinking of brass eye every time I came across one), marketing info on Ciscos “self-defending network” & buried amongst all that was some introductory info to different types of attack.

Chapter 2, “Perimeter Security” covers getting setup (ACS Server on Windows, logging, AAA, views) more product line info & navigating SDM.

Chapter 3, “Network Security Using Cisco IOS Firewalls” covers the fundamentals of firewalls, quiet a large portion of the chapter is on ACLs & configuring them which didn’t make sense as this is covered on ICND2, followed by a shorter section on configuring the zone based firewall via SDM & the firewall wizard.

Chapter 4, “Fundamentals of Cryptography” was a good but contained some mistakes, like “DES is considered trustworthy” & “Cryptography researchers have scrutinized DES for nearly 35 years and have found no significant flaws”. These statements are wrong, the DES Cracker proved it in the late 90′s or perhaps this is what they were refering to by “because DES is based on simple mathematical functions, it can easily be implemented and accelerated in hardware”.

Chapter 5, “Site-to-Site VPNs” was enjoyable & lead on from the foundation laid in the previous chapter, setup was also covered from the console this time.

Chapter 6, “Network Security Using Cisco IOS IPS” covers the fundamentals on the theory side, how to configure it via SDM & more product intro. This chapter is available as a free sample for download.

Chapter 7, “LAN, SAN, Voice, and Endpoint Security Overview” was 50/50, I enjoyed the SAN section because it was new to me, so there was new information to learn, the endpoint security section covered various attacks & vulnerabilities mixed up with product line info, the voice section was brief covering fundamentals, threats & defence, I didn’t find it very interesting. The chapter finished up with mitigating L2 attacks.

I didn’t particularly enjoy this book, the first three chapters were pretty tedious to read but it got better in the later ones, overall it lacked flow & felt thrown together.
It was also disappointing to see the use of TFTP being encouraged in a security book
“The system that you choose should support TFTP to make it easy to transfer any resulting configuration files to the router” &
“The added layer of MD5 protection is useful in environments in which the password crosses the network or is stored on a TFTP server”.
The book is a combination of marketing material on the product line, some technical theory & mainly instructions to navigate the SDM though the console is covered here & there (main focus is SDM but that looks to change for the new exam to CPP).
As self-study guides go I thought it was better than Stephen McQuerrys 2 books for the R&S CCNA. I’m looking forward to seeing how the CCNA Security book is, I really enjoyed reading Odoms CCNA books & though I’ve not read any of Kevin Wallaces books before, I found the video content he’s published on youtube very good so I’m looking forward to reading his book to prepare for the 640-553 exam.
If the exam certification guides are generally on parr with Odoms books then in the future I think I will skip the self-study guides & move straight on to the exam certification guides.

Tags: Book, CCNA Security, Certification, Cisco Press, IINS
Posted in General | No Comments »

Rearranging the keys on Apple keyboards to the Dvorak layout

Thursday, February 9th, 2012

I’ve been using the dvorak for just under 8 months now according to the date (17/6/2011) on the printout I have pinned on my wall of the US Dvorak keyboard layout from Wikipedia.
Its been ok-ish so far, I’m used to the layout now but still prone to making mistakes, my main gripe with it is the position of the W & V keys, one slip of the finger when pasting something & you lose what you’re doing because you’ve just closed the window instead, this has happened on several occasion, usually when working remotely via an SSH session. It’s ok apart from that, just need to focus on keeping my hands still on the correct keys & letting the fingers do the work rather than move my hands around the keyboard.
Scrolling through the Dvorak simplified keyboard article on wikipedia, I saw a pair photos in the Mac OS section of a cordless keyboard & iBook with rearranged keys in a Dvorak layout.
I had assumed it wasn’t do-able & not looked into it further but a quick search showed it was pretty easy as this video shows.
To remove the keys from your keyboard just pull the top of the key to unclip & slide down to release, within a couple a minutes my cordless keyboard looked like this

Putting the keys back was pretty straight forward & went seamlessly, sliding the keys up to place into position & pushing down to clip into place, within a couple of minutes my keyboard looked like this

As this was easy & quick to do, I assumed the keyboard on my Macbook Pro would also be the same, so began pulling the keys off, most of the keys on the centre 2 rows came off without any problems but then I reached the right hand side of the keyboard & found keys which took a bit more persuasion to unclip & it was downhill from there.

I managed to pull most of plastic clip out of the pin sockets which are used to levy them, this took a bit of fidding to get back in but I managed to do it without breaking anything which was good but as I was a little rough handed on couple of them, I managed to pull the rubber spring off the face plate

Fortunately, putting the keys back on again wasn’t too much hassle, the two keys which had their spring come off initially missed key strokes but seem ok now (the spring needs to reseat into a better position?)

I’d like to make this change on my ThinkPad keyboard too but the keys which fit around the TrackPoint have different shapes to the rest of the keys.

Tags: Apple, Dvorak, keyboard, Mac, mod
Posted in General | No Comments »

More on the ThinkPad X61s

Saturday, August 20th, 2011

I came across a couple of bits of information which are useful if your looking to improve performance on your ThinkPad.
First thing is though the X61s is specced as a system only capable of running 4GB of RAM, it can in fact take up to 8GB using 2x 4GB PC2-5300 or 6400 sodimms, Its can be quiet an expensive upgrade but very useful if you’re taking advantage of the VT extension on your CPU.
Second thing is the ICH8M chipset actually supports SATA II at 3Gbps but is soft locked in the bios to 1.5Gbps, this is a big difference in terms of performance, there is lots of information/rants/flames regarding the matter as it seems other vendors implemented the same restriction (completely missed this), it appears that there is a negotiation problem between the ICH8M chipset & marvel PATA to SATA bridges, this post provides a good summary of the situation & what changes are required to a bios image, but theres no need to get your hands dirty, there are modified bios images available from a couple of sources, I used the image available on the same forum, there are images available for other ThinkPads too, covering the X300, T61, T61p, R61 & R61e.

dmesg snippet from FreeBSD 9.0 before

ahci0: port 0x1c30-0x1c37,0x1c24-0x1c27,0x1c28-0x1c2f,0x1c20-0x1c23,0x1c00-0x1c1f mem 0xf8426000-0xf84267ff irq 16 at device 31.2 on pci0 ahci0: attempting to allocate 1 MSI vectors (4 supported) msi: routing MSI IRQ 258 to local APIC 0 vector 58 ahci0: using IRQ 258 for MSI ahci0: AHCI v1.10 with 3 1.5Gbps ports, Port Multiplier not supported ahci0: Caps: 64bit NCQ SNTF ALP AL CLO 1.5Gbps PMD SSC PSC 32cmd CCC 3ports ahci0: Caps2:

& after

ahci0: port 0x1c30-0x1c37,0x1c24-0x1c27,0x1c28-0x1c2f,0x1c20-0x1c23,0x1c00-0x1c1f mem 0xf8426000-0xf84267ff irq 16 at device 31.2 on pci0 ahci0: attempting to allocate 1 MSI vectors (4 supported) msi: routing MSI IRQ 258 to local APIC 0 vector 58 ahci0: using IRQ 258 for MSI ahci0: AHCI v1.10 with 3 3Gbps ports, Port Multiplier not supported ahci0: Caps: 64bit NCQ SNTF ALP AL CLO 3Gbps PMD SSC PSC 32cmd CCC 3ports ahci0: Caps2:

My MacBookPro3,1 is also locked to 1.5Gbps but there doesn’t seem to be any solution at the moment due to the signed firmware images.

Intel ICH8-M AHCI:

Vendor: Intel Product: ICH8-M AHCI Link Speed: 1.5 Gigabit Negotiated Link Speed: 1.5 Gigabit Description: AHCI Version 1.10 Supported

Tags: bios, tech, ThinkPad, toys
Posted in General | 4 Comments »

ThinkPad X61s

Wednesday, April 20th, 2011

I couldn’t justify spending £1400+ on a built to order MacBook Air with 4GB of RAM, I settled on what has turned out to be a mint condition X61s with 8 cell battery & still under warranty for £172.98.
I’m really pleased with it so far but it’s still no MacBook Air (I went into the Apple store to double check)
Though they’re both “ultraportable laptops” they both scratch a totally different itch for me, the macbook is a sleek, tightly integrated with Mac OS, the ThinkPad is an extendible machine which is far more accommodating to various operating systems.
The reason I was looking to move to an ultraportable was so I have something I can with me at all times (obviously) which was to replace my back breaking 17″ MacBook Pro with the ability to run multiple operating systems with ease.
I was able to successfully multi-boot MacOS, FreeBSD & OpenBSD on my MacBook Pro using the gtpsync tool from rEFIT but support for the hardware wasn’t great e.g as It had an nVidia graphics card there was no resume support on OpenBSD, power management didn’t really work under FreeBSD either If I remember right & having a single mouse button meant it was a pain to use X, having to use workarounds with the eject button on the keyboard to emulate right clicks.
The 11″ MacBook Air seemed like the perfect machine for me, but the whole sealed unit really grinds my gears, it’s not that I wanted to take a screw driver to it but I’d like to have the option to extend the system at a later date instead of having to decide on the system configuration which would be set in stone, requiring a new system if I wanted to expand, the ram being the most important thing, buy it with 4GB of ram or be stuck with 2GB. Though 2GB is fine for OS X alone, it really doesn’t cut it when you’re multi tasking with iChat, Terminal.app, iTunes, Thunderbird, Safari, Omniweb or Opera. These are the apps which are usually always open on my system & my 2007 Mac Mini really struggled with this work load with 2GB or RAM, grinding to a halt regularly as the system swapped furiously, moving to 3GB gave the machine a new lease of life & stopped this behaviour, I would hate to be in the same position with a new system so the BTO Air was the only option for me.
I would also be stuck with another nVidia based system if I went for the Macbook Air which means I would still have problems with sleep & X acceleration so the second hand Thinkpad X61s with the intel chipset was the way to go.
The machine is currently multi-booting OpenBSD-CURRENT, FreeBSD-CURRENT & OpenIndiana 148a development build quiet happily.
The system works a treat under OpenBSD, sleep support is still not there in FreeBSD 9.0-CURRENT but I suspect that may just be a bug in acpi_ibm(4). I was hoping to be running Schillix on this system but was unable to get the system to boot after install, I suspect a change in device paths between booting from the optical drive in the ultrabase & hard disk is the cause but didn’t look into it in-depth settling for OpenIndiana after trying Solaris 11 express (which freaked out after the rwn driver was installed) while I work through the DTrace book , though I’ve compiled in dtrace support for FreeBSD & it’s there out of the box on MacOS X most of the examples in the book don’t work as covered in the book on these platforms.

Hardware wise I ditched the supplied intel wireless card & installed a AzureWave AW-NE766 Ralink chipset wireless card. The ThinkPads check minipci-e & wireless usb devices against a device id whitelist in the bios & if not listed the system presents a “1802: Unauthorized network card is plugged in – Power off and remove the miniPCI card” error & refuses to boot. Reflashing the bios with a modified bios image by someone called Zender turns this off & allows the system to boot without any problems.

All in all a great system which is cheaper than a netbook, far superior in build & spec but inferior to a MacBook Air in some ways

OpenBSD 4.8 dmesg
FreeBSD 9.0-CURRENT dmesg

Tags: FreeBSD, OpenBSD, OpenIndiana, tech, ThinkPad, toys
Posted in General | 2 Comments »

BarCamp 3 slides from my talk

Saturday, September 6th, 2008

As a first time attendee of BarCamp Brighton I had to do a short presentation/talk about a topic of my choice, I decided to cover some basic pointers on how to avoid being flagged up on the radar of script kiddies, the talk was titled “Protecting your server against
script kiddie attacks”
You can grab a copy of the slides here
Cover image courtesy of linuxisforbitches.com
Thank you for the support Paul, Jim, Mike & the other people who attended.

Posted in General | No Comments »

Going IPv6

Monday, June 9th, 2008

Looking for something to do this weekend I remembered that a few years back after reading Secure Architectures with OpenBSD I’d signed up to freenet6, I retrieved my forgotten account details & logged in to the portal to get started, then remembered why I never got off the ground with this project, the client is a PITA to setup, a quick search of the ports tree showed up net/aiccu.
The description of the port:
AICCU makes it very easy for anybody to get IPv6 connectivity
everywhere they want. It uses the TIC (Tunnel Information & Control)
protocol to request the information needed to setup a tunnel through
which the connectivity is created.

AICCU supports the following tunneling protocols:
– 6in4 static (RFC 2893)
– 6in4 heartbeat (RFC 2893 + draft-massar-v6ops-heartbeat)
– tinc (http://www.tinc-vpn.org)
– AYIYA (draft-massar-v6ops-ayiya)

As AYIYA even works from behind NAT’s, thus unless there is a very
restrictive firewall in place, anybody should be able to get IPv6
connectivity without problems and everywhere they want.

One does need a SixXS account and at least a tunnel. These
can be freely & gratis requested from the SixXS website.

Before installing the port I headed over to the SixXS website to have a nose around, the FAQ is well worth a read, it lays down the basics of the signup process quiet well.
The only hold up between signing up & getting going with your 1st tunnel is the wait for approval by the project admins which though the site says it can be as long as a week took, it only a few hours for me (even on a saturday!:))
The project works on a credit basis (there is no money inolved), costs are broken down in the FAQ, basically you start off with 25 credits, which allows you to get a tunnel for a single host setup at the cost of 15 credits.
Once you’ve been able to demonstrate that you can keep the tunnel up for seven days you’ll be credited 5 credits, this will give you enough credits to apply for a subnet.
Fingers crossed, if it all goes well I’ll be migrating my home network to IPv6 sometime next week.

The setup of the aiccu client was pretty straightforward, I just needed to provide my username & password to the config file. You don’t actually have to use the aiccu client, you can create a gif(4) manually, this is covered in the faq aswell, but seeing as I’m a n00b at this I will ditch the client once I’m more comfortable. Before you fire up the client you need to configure your firewall rules so that ipv6 traffic is allowed, most importantly icmp6, details covered in the faq.

So, now I have a tunnel setup, the next step is to find a registrar to move my domains to whom supports IPv6 records, surprisingly the big boys, tucows, 1&1, go daddy don’t (well go daddy allows the creation of AAAA records but you can’t use them for your NS records).
The FAQ once again has this covered here
Once I’ve transfered my domains across, I’ll be ditching OpenBSD 4.3 & moving to -CURRENT temporarily as Apache supports IPv6 there.

RIP Jun-ichiro “itojun” Hagino

Tags: configuration, ipv6
Posted in General | No Comments »

1.5Ghz VIA C7 Mini-itx motherboard vs 8 Core MacPro

Saturday, November 24th, 2007

the results from md5 -t

Jetway J7F2WE1G5D-OC-PB Motherboard running OpenBSD
MD5 time trial. Processing 10000 10000-byte blocks... Digest = 52e5f9c9e6f656f3e1800dfa5579d089 Time = 1.087264 seconds Speed = 91973982.399859 bytes/second

8 Core MacPro running OS X 10.5
MD5 time trial. Digesting 100000 10000-byte blocks ... done Digest = 766a2bb5d24bddae466c572bcabca3ee Time = 2.261262 seconds Speed = 442230944.000000 bytes/second

Tags: benchmark, openssl
Posted in General | No Comments »

Another 15 Mins! :)

Thursday, October 5th, 2006

I was interviewed yesterday by Will Backman about Brighton Chilli on the BSD Talk Podcast

You can download a copy of the interview in ogg or MP3 format from here

Posted in General | No Comments »

New Toy!! Workpad Z50

Tuesday, August 1st, 2006

The postman delivered my Workpad Z50 today. Just gotta wait for a 1GB CF card to turn up now & then I can get cracking on with NetBSD.
Could have gone for a microdrive but the longer battery life is much more important.

Tags: NetBSD, tech, toys, wordpad
Posted in General | 4 Comments »

Archive for the ‘General’ Category

About Me

Archives

Tags

*BSD

BeOS / Zeta YellowTAB

Fellow Geeks

FreeBSD

iSCSI

Mac / OS X

Misc

Multi Platform / Independent

NetBSD

NeXT/OPEN/GNUSTEP

OpenBSD

OpenVMS

PocketPC / Windows Mobile

SPARC / Solaris / OpenSolaris

Tru64

Windows & All thing M$