|
encrypted root filesystems on servers
|
Aug. 11th, 2008 @ 07:33 am
|
|---|
|
The one problem I have with my server at home now seems to have a fix.
The server has a standard encrypted root, as configured by debian-installer. The issue with this is that after booting I need to go to the console and enter the LUKS password. As I do almost everything remotely this is a pain.
However C'T published a nice article a while ago on how to solve this. The short story is that you install a custom initrd plugin that starts dropbear and waits for the password on the console or via ssh.
Now to install and test this...Current Music: La Voglia Di Libertá, Jovanotti |
|
wireless in 2.6.26 considered bad for europeans
|
Aug. 1st, 2008 @ 09:36 am
|
|---|
|
After upgrading to 2.6.26 I could not associate with my AP anymore. After searching I noticed that the amount of channels reported by iwlist wlan0 channel had changed. And the channel that my AP was using (13) just disappeared.
I openeded a bug with the iwl people and the end result is: in 2.6.25 the card selected the region for the wireless, in 2.6.26 the cfg80211 system is doing so and the default is 'US'.
So if you are in Europe you need to add a file /etc/modprobe.d/cfg80211-region with as contents:
options cfg80211 ieee80211_regdom=EU
|
|
Holiday recap
|
Jul. 24th, 2008 @ 10:09 am
|
|---|
|
topo!
|
Jun. 25th, 2008 @ 08:53 pm
|
|---|
|
Yesterday we had a long meeting. At the end of which I had 6 voicemails.
Not all of them were form ![[info]](http://p-stat.livejournal.com/img/userinfo.gif) zoutke, but most of them. Turns out that her brother saw a mouse in our veranda.
When I come home several hours later I start searching and after a while find a mouse behind our washing machine. I poke it a bit and it escapes into the garden.
Later that night I see it again, jumping into a bush. Shortly followed by the arrival of Jerry, the cat of the neighbours, who starts looking "with interest" at that bush. So the likelihood it survived is low. That it wants to come back even lower :-)
Still, we're not taking chances. So I got mouse traps, poison bate and a window screen to keep insects and rodents out.
In other news we ordered a TV a week ago, it should arrive on Friday.. We selected a Sony KDL-32W4000. Let's hope it is a good as expected :-)
The dreambox is still dead. Dream promised that they would send the piece this week. Let's see...
|
|
a miracle!
|
Jun. 16th, 2008 @ 10:05 pm
|
|---|
|
Someone found our camera, brought it to school. There they identified the owner by the pictures on the card.
So Clara has her camera back! Joy!
|
| » google me: sendfile problems |
|---|
After upgrading an ubuntu LTS server at work proftpd (not my choice) would not transfer files anymore. It would die with:
error using sendfile(): [75] Value too large for defined data type
After searching a little I found the problem: sendfile does not work if the filesystem on which the files are stored is 'special'. Of course we are serving files from a CIFS directory... Sigh.
Jun. 11th, 2008 @ 08:58 am
|
| » went for a nice bike ride |
|---|
Yesterday I slightly overdid my "let's go for a ride". 22 KMs is a lot for me, but I feel better afterwards...
Jun. 10th, 2008 @ 08:41 am
|
| » what a cursed weekend |
|---|
Not only was I unable to do any studying at all, no I also manage to lose the camera of my wife. The camera which was her birthday gift two years ago. With the pictures of our son at the schoolparty still in the camera bag.
Words cannot describe how angry I am at myself.
Jun. 9th, 2008 @ 05:52 am
|
| » and poem |
|---|
Today at work I got a bad phone call from my wife: the dreambox doesn't boot anymore.
After some fiddling it did boot, but without the HD. So thinking: HD must have died I tried removing it. After I removed the HD the dreambox won't boot at all.
Some frantic searching later I found the reason I think: there is a known problem with the PSU and the front-end cpu cannot bring up the system. Bummer. I created a ticket with dream support and I hope that the 'order' email will be enough, otherwise I'll have to search through all our documents for the damn bill.
Let's hope they just send a replacement PSU soon...
Jun. 4th, 2008 @ 10:45 pm
|
| » the ugly truth |
|---|
This article in the Guardian about the problems in Naples and the Fist full of Euro "while Europe Napped" both give to my limited experience and knowledge an accurate view of the ugly problem that is Naples.
To be honest: I like Naples a lot, however some aspects are just plain wrong in the 20th century. For example the news that the government wants to create a rubbish dump in Chiaiano. To give you an idea how Chiaiano looks like: this is a google maps view. Quite urban and not the place to dump garbage...
And then to think that for foreigners at work think that Belgian politics is strange and outdated. Ha!
May. 26th, 2008 @ 05:13 am
|
| » busy week |
|---|
This was a busy week for me. I sort of volunteered to become one of the people responsible for the lab. At the same time I had a lot of fun torturing people, sorry, doing the assessment tests :-).
Being lab responsible will be very interesting as I will be forced to be 'hands-on' will all the stuff we support. Not to mention being able to automate as much of it as possible.
For the assessments we had to play out a scenario. It is fun to notice how people are almost on track to find the solution and then to disturb them. As an observer you can really see how people reason through the problem. Or not in some cases. Loads of fun (not at the expense on the candidate I haste to add, most of the jokes were on us)
May. 23rd, 2008 @ 05:52 pm
|
| » weekend redux |
|---|
Saturday was learning the care and maintenance of a caravan, followed by work in the garden.
Sunday was cutting the hedge, breaking the scissors, getting new scissors, breaking them too and finally in the end getting quality German indestructible scissors.
Monday was resting and going for a walk to Mechelen. Yesterday was a course and discovering a large (15cm across) infection on my leg. So I got a pack of instructions (if ... or ... or ... then go to the hospital immediately) and two packs of antibiotics.
So a quiet weekend :-S.
May. 13th, 2008 @ 04:43 pm
|
| » On the legality of hacking the iPhone |
|---|
The Belgian minister for Economy was seen with an iPhone recently. However Apple does not sell these things in Belgium.
So he got a little call from a journalist, according to him the only entity that could make him stop using a liberated iPhone is Apple and "until I get their summons to the court I'll continue using it" he then continued "and according to the people I spoke to, this is perfectly legal".
That was almost worth the 2 hours drive through the worst traffic ever...
May. 8th, 2008 @ 11:43 pm
|
| » long short weekend |
|---|
Most people in Belgium got the 2nd of May as an semi-official holiday (two official holidays fall on the same date today and the government delayed deciding what to do with the second day for too long), so we had a very long weekend. Cut short for me because I'm working on Sunday.
On Thursday I wanted to be early with our taxes, but we're still missing some forms. I thought "No problem, that data should be pre-filled in out declaration. I'll register for the on-line tax thingie". Well I could not: www.taxonweb.be has been down since at least Thursday. How confidence inspiring.
Friday we had a nice BBQ and yesterday we went shopping and kite-flying. The kite-flying was the more enjoyable event, even if I had to do most of the flying.
May. 4th, 2008 @ 07:38 am
|
| » Exam scheduled |
|---|
I scheduled my exam for the 18th of December. I'll have a month of intensive studying before that, but that's not enough time to do everything I need to do. So I'll start to study already a little.
Notice my mood.
Apr. 29th, 2008 @ 09:54 pm
|
| » passed the drake |
|---|
Today I passed the CCIE Security written exam.
Now the practical, but first I need to recover from studying hard for the first time in years...
Apr. 14th, 2008 @ 04:07 pm
|
| » ipv6 with a Cisco ADSL router a short howto |
|---|
For a long time I wanted to play with IPv6, but I never liked any of the tunnels I saw. This evening I started wondering if my Cisco 837 ADSL router cannot handle some form of tunnel.
A short time later and:
router#ping ipv6.google.com
Translating "ipv6.google.com"...domain server (195.238.2.21) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:4860:0:1001::68, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 276/278/284 ms
How to do it: I configured a 6to4 tunnel on the router:
ipv6 unicast-routing
ipv6 cef
! enable ipv6
ipv6 inspect name MyIPv6Inspection tcp
ipv6 inspect name MyIPv6Inspection udp
ipv6 inspect name MyIPv6Inspection ftp
ipv6 inspect name MyIPv6Inspection icmp
! let's have a firewall
interface Tunnel1
no ip address
no ip redirects
ipv6 address 2002:51F0:CCA5::1/128
ipv6 enable
ipv6 traffic-filter ipv6ip in
ipv6 inspect MyIPv6Inspection out
tunnel source Dialer1
tunnel mode ipv6ip 6to4
interface Ethernet0
ipv6 address 2002:51F0:CCA5:DEAD::1/128
ipv6 enable
ipv6 route 2002::/16 Tunnel1
ipv6 route ::/0 2002:C058:6301::
ipv6 access-list ipv6ip
deny ipv6 any any
Of course the 6to4 ip (the one on Tunnel0) is derived from my ipv4 ip. Which changes now and again. So I uploaded to the flash of my router the following file:
proc doconf { section setting} {
if { [ catch { ios_config $section $setting } errmsg ] } { error "configuration of $section $setting failed"; }
}
set ipaddr [exec "show ip interface Dialer1 | i Internet address"]
regexp {is ([0-9.]*)/} $ipaddr match ip
regexp {([0-9]*).([0-9]*).([0-9]*).([0-9]*)} $ip match a b c d
set newipv6 [format "2002:%2x%2x:%2x%2x::1" $a $b $c $d]
set newintipv6 [format "2002:%2x%2x:%2x%2x:dead::1" $a $b $c $d]
doconf "interface Dialer1" "no ipv6 address"
doconf "interface Dialer1" "ipv6 address $newipv6/128"
doconf "interface Ethernet0" "no ipv6 address"
doconf "interface Ethernet0" "ipv6 address $newintipv6/64"
This is a TCL script that will get the current external ip (from Dialer1) and give the correct IPv6 ips to the right interfaces.
And with alias exec updateipv6 tclsh flash:update-ipv6.tcl I can quickly login and adapt the addresses myself.
The router handles IPv6 autoconfiguration on the inside, so my machine now says: # ip addr show dev wlan0 scope global
4: wlan0: [ Error: Irreparable invalid markup ('<broadcast,multicast,up,lower_up>') in entry. Owner must fix manually. Raw contents below.] For a long time I wanted to play with IPv6, but I never liked any of the tunnels I saw. This evening I started wondering if my Cisco 837 ADSL router cannot handle some form of tunnel.<br /><br />A short time later and:<br /><tt><pre>router#ping ipv6.google.com<br />Translating "ipv6.google.com"...domain server (195.238.2.21) [OK]<br /><br />Type escape sequence to abort.<br />Sending 5, 100-byte ICMP Echos to 2001:4860:0:1001::68, timeout is 2 seconds:<br />!!!!!<br />Success rate is 100 percent (5/5), round-trip min/avg/max = 276/278/284 ms</pre></tt><br /><br />How to do it: I configured a 6to4 tunnel on the router:<br /><br /><pre><tt>ipv6 unicast-routing<br />ipv6 cef<br />! enable ipv6<br />ipv6 inspect name MyIPv6Inspection tcp<br />ipv6 inspect name MyIPv6Inspection udp<br />ipv6 inspect name MyIPv6Inspection ftp<br />ipv6 inspect name MyIPv6Inspection icmp<br />! let's have a firewall<br />interface Tunnel1<br />no ip address<br />no ip redirects<br />ipv6 address 2002:51F0:CCA5::1/128<br />ipv6 enable<br />ipv6 traffic-filter </tt><tt><tt>ipv6ip</tt></tt><tt> in<br />ipv6 inspect MyIPv6Inspection out<br />tunnel source Dialer1<br />tunnel mode ipv6ip 6to4<br /><br />interface Ethernet0<br />ipv6 address 2002:51F0:CCA5:DEAD::1/128<br />ipv6 enable<br /><br />ipv6 route 2002::/16 Tunnel1<br />ipv6 route ::/0 2002:C058:6301::<br /><br />ipv6 access-list ipv6ip<br /> deny ipv6 any any</tt></pre><tt></tt><br /><br />Of course the 6to4 ip (the one on <tt>Tunnel0</tt>) is derived from my ipv4 ip. Which changes now and again. So I uploaded to the flash of my router the following file:<br /><br /><tt><pre>proc doconf { section setting} {<br />if { [ catch { ios_config $section $setting } errmsg ] } { error "configuration of $section $setting failed"; }<br />}<br /><br />set ipaddr [exec "show ip interface Dialer1 | i Internet address"]<br />regexp {is ([0-9.]*)/} $ipaddr match ip<br />regexp {([0-9]*).([0-9]*).([0-9]*).([0-9]*)} $ip match a b c d<br />set newipv6 [format "2002:%2x%2x:%2x%2x::1" $a $b $c $d]<br />set newintipv6 [format "2002:%2x%2x:%2x%2x:dead::1" $a $b $c $d]<br />doconf "interface Dialer1" "no ipv6 address"<br />doconf "interface Dialer1" "ipv6 address $newipv6/128"<br />doconf "interface Ethernet0" "no ipv6 address"<br />doconf "interface Ethernet0" "ipv6 address $newintipv6/64"<br /></pre></tt><br /><br />This is a TCL script that will get the current external ip (from <tt>Dialer1</tt>) and give the correct IPv6 ips to the right interfaces.<br /><br />And with <tt>alias exec updateipv6 tclsh flash:update-ipv6.tcl</tt> I can quickly login and adapt the addresses myself.<br /><br />The router handles IPv6 autoconfiguration on the inside, so my machine now says: <tt><pre># ip addr show dev wlan0 scope global<br />4: wlan0: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast qlen 1000<br /> link/ether 00:19:d2:28:2c:a4 brd ff:ff:ff:ff:ff:ff<br /> inet 192.168.1.53/24 brd 192.168.1.255 scope global wlan0<br /> inet6 2002:51f0:cca5:dead:219:d2ff:fe28:2ca4/64 scope global dynamic<br /> valid_lft 2590061sec preferred_lft 602861sec</broadcast,multicast,up,lower_up></pre></tt><br />The one remaining problem is that when the external ip changes the autoconfig announcements change too, but the old ipv6 IPs remain on the interfaces.<br /><br />PS: for those not in the know: I work for Cisco but this was done after hours and using public information (of course)
Apr. 2nd, 2008 @ 08:40 pm
|
| » weekend redux |
|---|
This weekend I started studying for the CCIE written exam. Man is that hard already.
We also went out and ordered the new laptop for zoutke: an Acer TravelMate 6292 with 3 years of extended warranty and accidental damage.
She wanted it to replace the 5 (or 6) year old R50 and to try out Vista. That's what you get if you convince your wife to take up computer administration :-(.
Oh that and a colleague 'invited' me to facebook. I don't know yet if I like that thing...
Mar. 31st, 2008 @ 08:49 am
|
| » a per policy |
|---|
I just noticed Cisco has a blogging policy. So just to make it clear: "the views expressed on this blog are mine and do not necessarily reflect the views of Cisco".
As if anybody would get confused about this.
Anyway you'll notice that I will sometimes comment about Cisco related stuff, but only by quoting public documents. That way I'm certain I'm not leaking something confidential, as I'm surrounded by the sticky stuff.
Mar. 26th, 2008 @ 11:14 pm
|
| » Elements 6 demo gone? |
|---|
This morning I saw a 'download the 30 day demo' link for Adobe Photoshop Elements 6 for Macintosh. By the time I got into work (with the fat internet pipe) the link was gone and following the link that was there before gives me only windows versions to download.
Oh well.
Mar. 26th, 2008 @ 11:11 pm
|
|
|
|
