Wednesday, 8 April 2020

HOWTO: Stop "Finish your Chromebook Setup" pop-up from displaying

I recently added a new sign-in account to our Chromebooks for the kids. They had been using "Browse As Guest", but I've disabled now, that so that I can deploy the Chrome browser extension "BlockSite" to block an addictive game page (Nightfall) on the BBC website without blocking the rest of that website.

Normally I'd use a GMail account for signing into a Chromebook. That's  really easy (even setting up a brand-new Chomebook from scratch only takes 1 minute) but this time around, the kids already had an iCloud account, so I used that rather than giving them Gmail access - as I don't think 5-year-olds need email accounts.

It was nice to see that the Chromebook allows non-Google email accounts to be used for signing in.  As ever with Chromebooks, it was very quick to set up.  But there was one annoyance! Each time a new browser tab was opened, a small pop-up appeared:

          Finish your Chromebook Setup: [Try This] [Don't Try This]

Clicking [Try This] just goes to a pointless marketing page containing no functionality whatsoever.  Clicking [Don't Try This] makes the dialog box go away only to reappear next time you open a tab.

The fix as noted at https://support.google.com/chromebook/thread/10029131?hl=en is :-


  • Go to your Google Account.
  • Select 'Data & Personalisation' from the left hand side list.
  • Scroll down to 'General preferences for the web'.
  • Complete the 'Language', 'Input Tools', 'Accessibility' and 'Search Settings' 

  • I'm not sure how much you need to put in those fields, but anyway it makes the nag prompt go away.

    One remaining annoyance is that user profiles can be deleted accidentally from the Chromebook login page without giving a password!  Only the owner's account is immune from this.

    Sunday, 9 February 2020

    FIXED: Ford Focus engine won't stop when switched off - and loud clicks from one loudspeaker

    In case it helps anyone else... Here's how I fixed two weird faults that had appeared at the same time on my wife's 2013 Ford Focus Mk3, which is a 1.0 EcoBoost UK version.

    The faults were:-

    1. The engine didn't stop when the ignition key was switched off. It kept on running smoothly (not like the rough "dieseling" you sometimes get when you switch off an old car with a messed up carburettor). The rev counter stopped working, and I could hear a component shut off (probably the fuel pump), but the engine kept running, and responding to the throttle.

    2. A loud clicking noise was coming from the driver's door loudspeaker (even though the stereo was switched off).

    Thursday, 14 November 2019

    Automatic Patch And Reboot on CentOS Server 6 7 or 8

    CentOS seems to lack easy commands for automatically patching a server and then rebooting it if anything needs restarting.

    Basically I want to run a script via /etc/cronttab at regular intervals to patch a system and reboot if necessary.  Obviously this might cause an outage (very rarely, some service won't restart), so we do it early in the morning, and we don't patch paired systems at the same time.

    My script for Centos 6, 7 or 8 is attached below but it's a bit scrappy!   Does anyone have a better way?

    (UPDATED 19.6.20: Added 2>&1 stderr redirection to fix issue seen when running from /etc/cronttab on CentOS 8.)

    Wednesday, 13 November 2019

    HOWTO upload a Centos8 image to Digital Ocean


    So you'd like to run Centos 8 on Digital Ocean... But the Cloud version of Centos 8 has not been released yet, so therefore Digital Ocean does not offer Centos 8 as an option...

    No problem, just create a VM on your own workstation and then upload it as a Custom Image.

    This HOWTO assumes you have a desktop running a Linux OS, with a copy of the free VMware Player installed.

    Monday, 30 September 2019

    Fixed: Saeco Intuita coffee machine - water coming from steam wand only

    At the weekend I decided it was time to decalcify my coffee machine - a Saeco Intuita bean to cup machine that's served us well for 5 years.    I hadn't decalcified it for ages, and hadn't used the steam wand for months either.

    After the cleaning cycle, I found the machine could not make coffee any more.  The brew unit seemed to be doing the rights things... Coffee beans were ground, and the little pucks of ground coffee were put into the waste hopper.  But water came out of the steam wand, and no coffee from the coffee spout.

    The fix was to run some more cleaning cycles, and to use the hot water mode (press the tea cup button) to run lots of hot water through the steam wand.

    I think the issue was that the decalcifying cycle must have disturbed some crud in the boiler, which then got stuck in the solenoid valve that controls the steam wand.  With that valve blocked open by the crud, the water was taking the easy route and coming out of the steam wand rather than going through the brew unit.

    So.. if you get no coffee - just lots of water from the steam wand - your first step should be to set the machine to send hot water to the steam wand, and/or try one or two decalcifying cycles with or without decalcifying chemicals.

    Tuesday, 30 April 2019

    Fix: Windows 10 update stuck at 0% via HTTP Proxy

    My new network requires my Windows 10 PC to sit behind an HTTP Proxy.  Normally this is no problem - the proxy settings configured in the browser just work - but sometimes the Windows Update process gets stuck at 0%.  Maybe there's a race condition.

    Fix: 
          netsh winhttp set proxy proxy-server="1.2.3.4:3128"
    from an elevated command prompt, where 1.2.3.4 is your Proxy server IP

    Sunday, 14 April 2019

    FIXED! MacOS 10.14.4 Update Breaks Gmail in Apple Mail

    Like many Mac users, after taking an automatic update to 10.14.4 in early April 2019, my dad found that Apple Mail could no longer send or receive mail on a Google Mail account. 

    The messsage "Google requires completing authentication in Safari" kept popping up when Mail was opened.  That took you to a Safari GMail login session - but that failed to work, even with the right password, so it went round and round in an endless loop...

    I managed to fix it via the following steps:

    Thursday, 14 February 2019

    Fix for SSH login takes 90 seconds!

    So...  We type:

    ssh user@host.example.com

    and it hangs for ages before it lets you log in.

    On older distros, you got a delay of around 30 seconds unless you set UseDNS=No in /etc/ssh/sshd_config but that's the default on recent OS installs e.g. Ubuntu Server 18.04.

    I had a different problem... The DNS for host.example.com had both A and AAAA records, and somehow IPv6 was taking precedence over IPv4 - despite my machine having no working IPv6 route.  This led to a login delay of around 90 seconds before it finally fell back to IPv4.

    Fix: 

    ssh -4 user@host.example.com

    Duh'oh!

    SCP the config from a Cisco ASA

    The syntax you're looking for is:

    scp user@myfirewall.myfqdn.com:system:running-config myfirewall.txt

    Or indeed:

    scp user@myfirewall.myfqdn.com:system:startup-config myfirewall.txt

    Sunday, 26 August 2018

    Ubuntu 18.04 - how to lose 127.0.0.53

    I dislike this automatic 127.0.0.53 DNS server you see by default in /etc/resolv.conf.  Whilst it works most of the time, it makes it hard to tell which upstream DNS servers are really in use. Fortunately I found a fix...

    Tuesday, 26 December 2017

    Linux script to cleanse unwanted MP3 tags

    After making a copy of my CD collection converted from FLAC to MP3, I found it failed to play in a 5-year-old car stereo on a USB stick... My Ford Focus SYNC car stereo said "Indexing USB" for about an hour, then eventually said "Bad USB Media".  (Sync is "powered by microsoft" which probably explains its general crapiness).

    From web searches, apparently some MP3 taggers include cover art and other crazy tags, which can confuse the Ford car stereos. Maybe my FLAC-to-MP3 script pulled in some such tags (as it seemed to go to internet to pull tag data).

    So here's a quick and dirty Ubuntu script to iterate over my entire MP3 collection and rip out any dicey looking tags.

    strip_unwanted_id3_tags.sh

    for TAG in TCOP APIC PRIV TXXX TCOP MCDI POPM TCON TDAT TENC TLEN TPUB TSSE WXXX
    do
       echo Stripping tag $TAG from all MP3 files below current folder...
       find . -name *.mp3 -exec id3v2 -r $TAG  '{}' \; >/dev/null
    done
    
    
    The list of tags to remove came by using 'id3v2' to examine the entire collection, removing the more rarely used tags plus the album art ones.   

    This seems to make my Ford Focus accept the 128GB FAT32 USB stick. In early testing however it has failed to play tracks in correct order - grrr....

    By contrast a VW car stereo of a similar age (their RNS 315 unit) accepted the original unaltered MP3 files on a 128GB FAT32 SD card and just worked!  Much more impressive...

    Linux script to convert FLAC to MP3

    Found this somewhere on the net but have lost the source - apologies if you are the author!

    Nice clean script to convert FLAC to MP3. Nice thing is that it leaves it alone if you've already done it... So you can run it again if you've added a few FLACs.  Also, for those albums that I have as MP3 rather than FLAC anyway (e.g. Amazon autorip CDs) the script copies the MP3 across to the copy directory tree, which is just what I want.

    Works very nicely on Ubuntu 17.10. Idea is to convert my CD collection (stored as FLAC) into MP3 format for playing in the car on a USB stick.

    Friday, 30 December 2016

    IPTABLES refresher

    Needed to activate iptables on an Ubuntu server on DigitalOcean.  Found some excellent write-ups on the DO site, to solve an initial problem running 'iptables -L' and to summarise the basic stuff - including the use of "conntrack" to make the rules properly stateful rather than just noddy.

    TL;DR: if "iptables -L" mutters something about "no such file or directory", you need to
    • sudo apt-get install linux-image-$(uname -r)
    • More info in the links below... 

      PS: You should run "iptables -L -n -v" not just "iptables -L".  The "-n" prevents rDNS lookups. The "-v" says that the interface names for each rule will be listed, without which you can't meaningfully review the ruleset!

    Thursday, 17 March 2016

    Win7 clean installs - fixing Windows Update breakage

    For the second time in recent months, I did a clean install of Win7 x64
    Enterprise and got a solid hang in Windows Update.

    Tuesday, 16 June 2015

    FIXED: VMware Workstation Shared Folders don't work

    The current release of VMware Tools fails to compile its Shared Folders (HGFS) module on Ubuntu 14.04 guest VMs.

    It seems that VMware has failed to keep their code up-to-date with routine updates to the Linux kernel for some months.

    Solution:
    1. Take a snapshot of your VM guest in case step 2 goes wrong...
    2. Patch the VMware Tools source code in your VM guest...

    Monday, 11 May 2015

    Installing & Recovering Ubuntu Server 14.04 using BTRFS

    Our new servers are all running Ubuntu Server 14.04 LTS.  This was chosen because it's free, it's fairly mainstream, and it's supported for security updates for 5 years between major releases (after which you can update in-place to a new major release).

    An unexpected benefit of this system is that it supports BTRFS.  This was something new to me, but it turns out to offer a simple way to recover a system in the event of a disastrous update, and to recover lost files in the event of the user deleting them by mistake. 

    Thursday, 15 January 2015

    FIX: Ubuntu 14.04 Software Updater hangs with message "Querying Software Sources"

    Had this problem today. Fixed after some head scratching ....

    Saturday, 27 December 2014

    UK OS Paper Maps are safe!

    Contrary to press reports, there seem to be no plans to stop printing the Ordnance Survey core paper map products.  https://www.ordnancesurvey.co.uk/blog/2014/03/maintaining-national-coverage-of-paper-maps-in-great-britain-commitment-from-ordnance-survey/

    Friday, 12 December 2014

    FIX: Airport Utility does not find any devices - Mac OS X Yosemite (10.10.1)

    Apple appears to have changed the way the Airport Utility admin application finds Airport and Time Capsule devices.  This may also apply to the Time Machine tools for backing up and restoring Mac files.  There is a simple fix...

    Tuesday, 2 December 2014

    Fix for "openssl s_client -connect" cert verification errors

    For Ubuntu 14.04, the correct syntax is:
    openssl s_client -CApath /etc/ssl/certs -connect www.example.com:443

    Friday, 19 September 2014

    HOWTO: Tag music files automatically, based on folder and file name

    Pasted at the bottom of this article is a Bash script I ran last night to tag my audio collection.  I was hoping this would enable Google Play Music to recognize the metadata in the tags, so that I could browse and stream music by genre, album, artist, etc. But as noted below, the tagging process worked, but Google Play Music ignored it :-(

    Friday, 12 September 2014

    HOWTO: Dual-SIM Cisco 819 Router Config

    In the hope that it helps others, here is a working config from a dual-SIM Cisco 819 router.  Not clever, just a basic working config to get you started.

    Sunday, 7 September 2014

    Mounting Apple Time Capsule share from Ubuntu 14.04

    Older Apple Time Capsule NAS devices don't support NTLMv2: only NTLM.  So when mounting an SMB share from such a device, you need to manually select NTLM as your security mode. Otherwise the CIFS Client fails to mount the share, and reports a permission error.

    Sunday, 24 August 2014

    FIXED: Ubuntu Server cron error message: invoke-rc.d: initscript php5-fpm, action "reopen-logs" failed in logrotate

    Found a simple fix for this error in my Ubuntu Server 14.04 cron logs arising from one of the logrotate scripts:-

    Wednesday, 11 June 2014

    pfSense: Auto reboot if Internet connection lost

    I use pfSense as both my router and my firewall.  If the ADSL line drops, normally it will come back up a minute later with no problem. But a few times per year, the ADSL line comes back up in a funny state, and I end up having to reboot the pfSense box manually to recover.  So, we can run a script from cron to fix that...

    Saturday, 7 June 2014

    Fix for 100% CPU use in Apple Mail - Mavericks 10.9.3

    Migrated to 10.9.3 today. Fired up Mail. 100% CPU, loud fan, hot laptop, slow system... Happens every time.  Happily there's a quick and trivial fix.

    Wednesday, 26 February 2014

    Fix for "None of the selected updates could be saved" on Mac OS X software update

    Saw this error today when running the Apple Software Update process on an old MacBook running 10.6.5.   The text of the message indicated that the digital signatures on the downloaded packages were invalid.  Manually downloading the 10.6.8 combo updater didn't fix it.

    Turns out the date was set to the year 2001.  Fixing the date & time on the Mac cured the problem.

    Presumably the digital signatures have "valid from" and "valid to" dates: common practice, well intentioned, but unhelpful for software updates.

    Saturday, 11 January 2014

    Multiple displays on Ubuntu 12.04

    Finally got this working on my Dell Precision M4600 laptop with its ATI video chipset...

    Saturday, 26 October 2013

    Aperture Vaults, and Backup speed to Apple TIme Capsule

    Today I wanted to backup my Aperture photo library.  Easy, but not entirely obvious how best to do it quickly...

    Monday, 8 April 2013

    Fix for Cisco AnyConnect VPN Client hanging on Ubuntu 12.04

    Recently my Cisco AnyConnect VPN client stopped connecting on my Ubuntu 12.04 box.  It would authenticate successfully (or reject an incorrect password), then hang on checking for Profile Updates, and checking for Product Updates...

    Wednesday, 5 December 2012

    Fix for "packages cannot be authenticated" warning on Ubuntu

    Sometimes when installing packages on Ubuntu Linux, you'll get a warning like this:

    sudo apt-get install foo bar
        ...
        WARNING: The following packages cannot be authenticated!

        foo bar
    Install these packages without verification [y/N]?


    The fix is trivial...

    Thursday, 15 November 2012

    VMware 9.0 on Linux: Closing ports 443 and 902

    On a Linux host, VMware Workstation 9.0.1 has TCP ports 443 and 902 open by default, listening on all interfaces.  This creates a small but unnecessary potential attack surface.
    Here's how to close those open TCP ports...

    Friday, 26 October 2012

    Apple Airport Express is not limited to 10 users

    Just wanted to counter the myth that the old-style Apple Airport Express is limited to 10 users.  I'm sure I've had more than that in the past.  Today I've had 16 devices connected to one of the older 801.11 B/G Airport Express units.

    Friday, 5 October 2012

    SOLVED: Issues with 2012 Airport Express

    Apple has updated their entry-level wireless access point, the Airport Express.  The new version is a nice little square white box, supporting simultaneous dual-band operation (2.4 GHz and 5 GHz frequencies) plus the new 802.11n (high speed) mode.

    The first time I installed this device, using the default factory settings, there was a problem with backward compatibility for non-"n" wireless devices.   I found I had to disable "n" support in order for any non-"n" devices to be able to find the wireless network.   Even then, performance was slow: the device had trouble sustaining 1 Megabit of throughput.  Yet the 5 GHz channel worked fine.

    In the end, this turned out to be due to a strong local interference source (probably some dodgy imported consumer gadget) that was interfering with channel 7.  Switching to channel 1 solved the problem.  I never did find out what was interfering with the middle channels.

    Wednesday, 19 September 2012

    Thursday, 6 September 2012

    Ubuntu 12.04 LTS - quick notes

    Generally very impressive.  Good clear fonts, quick response on my old Dell Latitude D620 laptop.

    Just a few tweaks to make. I'll add to this page as I use it more...

    Tuesday, 4 September 2012

    Fix for Time Machine after Mountain Lion upgrade

    After upgrading from Lion to Mountain Lion on two machines, the Time Machine backup application announced that it couldn't find the Time Capsule backup - even though that volume could be mounted and inspected manually.  There's a simple fix...

    Fix for Firefox not opening PDF's on Mac

    On Mac Mountain Lion, Firefox 14.0 runs in 64-bit mode by default.  This breaks the latest Adobe PDF reader.  The fix is simple: make Firefox start in 32-bit mode...

    Friday, 3 August 2012

    New arrival

    My technical work ("geeking" as SWMBO calls it) may have to wait a while, as my first child Elena has just arrived.  Mother and baby doing well. Dad having trouble with the poppers on Elena's sleep suits.

    Monday, 16 July 2012

    Formatting a USB stick for UNETBOOTIN

    I spent ages trying to create a bootable USB stick with UNETBOOTIN for BackTrack.  Turns out that the trick is to format the USB stick correctly before you start...

    Tuesday, 22 May 2012

    Fix for unwanted subtitles on Humax FreeSat HD recorder

    The otherwise brilliant Humax FreeSat HD recorder - the FoxSat-HDR - sometimes starts displaying subtitles that can't be turned off with the Subtitle button on the remote control.  To turn off those annoying subtitles, press the OK button twice.  I have no idea why that works, but it does.

    UPDATE: you might want to try pressing EXIT first (see comments below), as pressing "OK OK" sometimes advances you to the current time, if you're watching live TV in delayed mode - which is generally when the subtitles seem to appear for no obvious reason.

    Thursday, 19 April 2012

    Cisco bug: object-group ACL fails after reboot

    It seems that object-group definitions are ridiculously buggy in router ACL's on IOS 12.4(24)T2.  Here's a simple example from my Cisco 877 router config.

    Thursday, 15 March 2012

    How to burn a big file to DVD

    If you want to write a big (> 4 GB) file to DVD, you must use a burning program that allows you to choose UDF as the format...  Otherwise, the burn process will fail, and you will end up with a useless coaster!

    Thursday, 8 March 2012

    Apple Airport Utility: UPDATED

    Airport Utility v6.0 looks very shiny, but has lost lots of features since the old version.  It no longer supports IPV6, syslog, connection monitoring graphs, or WDS (extending a network wirelessly).  Happily there is an easy fix...

    Monday, 6 February 2012

    FIXED: Ubuntu 11.10 hangs after upgrade from 11.04: "Waiting for network configuration" then black X screen

    Here's a fix for this problem, which I saw after upgrading a VMware Fusion 4.1.1 machine from Ubuntu 11.04 to 11.10.

    Wednesday, 4 January 2012

    Preparing a new Ubuntu VM Server

    Here is my crib sheet on setting up a new Ubuntu server, including notes on enabling Virtualisation.  These notes include discussion of Kimsufi / OVH dedicated hosting, but the principles apply to all dedicated servers.  I use Kimsufi because they are the only dedicated hosting provider that I can afford for non-profit purposes...

    Monday, 2 January 2012

    Multi-WAN + Multi-LAN + No-NAT routing with pfSense 2.0.1

    This notes summarise how to run multiple No-NAT LAN and WAN connections using version 2.0.1 of pfSense (an excellent open-source routing/firewalling appliance operating system).   My setup didn't work out of the box initially, so I thought it was worth writing up a summary of the settings that are now working here.

    Saturday, 3 December 2011

    HOWTO: Disable touchpad when mouse is plugged in

    My Dell M4400 laptop runs Ubuntu Linux 10.04.  When writing reports, I kept making mistakes due to hitting the trackpad during typing.  To solve this problem, I'm using this script to disable the touchpad when my favourite mouse is plugged in.  When the mouse is unplugged, the script restarts the touchpad.  Very nice.

    Monday, 28 November 2011

    Mac OS X Lion: Saved Versions considered harmful

    Lion has a new feature designed to take safety copies of files you are editing.   But this isn't a good idea if you edit confidential documents, as it will result in copies of your sensitive documents spreading beyond the folder you put them in.  There's no easy way to disable it..

    Saturday, 15 October 2011

    Gmail Contact Sync: Mac, iPhone, iPad... [UPDATED]

    How to keep your address book synchronized across an iMac, MacBook, iPhone and iPad...

    Friday, 7 October 2011

    Accessing an Ubuntu desktop from Mac OS X Lion [UPDATED]

    I've got this working now, but it's more complicated than it ought to be...

    Monday, 11 July 2011

    Booting Acronis True Image from a USB stick

    Today I needed to restore a netbook PC from a backup image taken with Acronis True Image Home 9.0 (which is excellent). The backup image was stored on an external USB hard drive. The problem was how to boot the Acronis recovery image, as the netbook has no CD drive.

    Tuesday, 21 June 2011

    AWSTATS on Apache with Ubuntu Server 10.04 LTS

    Got this working today.   Nice guide here covers most of it.  Another good guide is here.

    Thursday, 16 June 2011

    UK SIM cards with static IP addresses

    Should you have a need for 3G Data SIMs with "real" fixed public IP addresses (rather than the usual dynamic NATted private IPs), I have found three options...

    Friday, 10 June 2011

    How to disable GMail's spam filter

    GMail's spam filtering is usually excellent, but sometimes it can get over-zealous.  The first thing to know is that mail from people in your GMail Contacts list is never flagged as spam. So regular correspondents should be added to to your GMail Contacts.

    If you want to turn off GMail spam filtering altogether, here's how...

    Friday, 3 June 2011

    More thoughts on Sandboxing for security

    From a security perspective, perhaps today's desktop operating systems are missing the point. With the increase in carefully-targeted spear-phishing attacks, we need to change our approach if we are to stop our computers being compromised.  Firewalls, content-checkers, anti-virus programs, whole-disk encryption: these are all necessary, but they are not enough.

    We must assume the worst and plan accordingly.  From time to time, you or a colleague will receive malware-infected files that will get past the virus scanner.  How can we remain secure?

    Given the security threats from the Internet today, I believe that all web pages, images and documents need to be be opened inside a sandbox container by default.

    Wednesday, 1 June 2011

    Accessing a VM image from a QEMU host

    Just a quick note of the commands needed to mount a VM disk image from the QEMU host server...

    Tuesday, 31 May 2011

    VMware on Linux: Promiscuous Mode

    When VMware Workstation is hosted under Linux, by default it doesn't allow VM Guests to access the network in Promiscuous mode.  There's an easy fix for this...

    Fixed: Ubuntu Server shows outdated update info

    Just updated some Ubuntu 10.04.2 servers using 'apt-get update; apt-get dist-upgrade', then rebooted to find stale information displayed in the login banner, still showing lots of updates pending.  There's a simple fix for this...
      rm /etc/motd.tail
      /usr/lib/update-notifier/update-motd-updates-available --force
    The system would catch up eventually anyway.  These commands just speed it up.

    Thursday, 26 May 2011

    Easy sandboxing for Windows apps

    Sandboxie looks very interesting....  Yet to try it, but have heard good things about it.  Without the cost of firing up different VMs, it is able to launch programs inside wrappers, to isolate different programs from each other (or to isolate different web pages from each other) - and to protect your Windows machine from the sandboxed program.

    Disabling/enabling services in Ubuntu (UPDATED)

    Recent versions of Ubuntu have changed the way that system services start up.  Presumably this reflects a policy change in Linux systems.
    There are now THREE different ways for Linux services to start automatically at boot...

    Sunday, 3 April 2011

    New Cycling website launch

    http://www.ComeCyclingLedbury.com - finally got it finished.  :-)

    Thursday, 17 February 2011

    Security Websites

    Herewith, just some bookmarks to websites covering network security topics. 

    Wednesday, 26 January 2011

    Installing Windows on Dell Inspiron 1545

    If you're trying to install a clean copy of Windows XP or Windows 7 on a Dell Inspiron 1545 laptop, these notes might help...

    Tuesday, 18 January 2011

    Gmail Push: instant notification of new email

    Just a quick note about setting up 'push' email delivery on Gmail accounts.  This feature gives you instant notification of incoming emails, without the need to poll frequently via POP or IMAP.  There are two different ways to set it up, depending on the mail client you use...

    Sunday, 19 December 2010

    VOIP QoS on Dual-WAN ADSL Cisco 1841

    Just now I'm messing about with a Cisco 1841 router with two ADSL cards in it (as outlined in an earlier post to this blog). I'll write in more detail about the IOS settings later, but meanwhile I'd appreciate some pointers if anyone has a suitable IOS config to share...

    Monday, 6 December 2010

    Dual-WAN ADSL with Cisco 1841

    I've got a second ADSL line now, so I've just started playing with bonding my two AAISP.net.uk lines together using a Cisco 1841 router with two ADSL cards.  It works pretty nicely out of the box, but as ever, some small lurking matters have emerged...

    Wednesday, 17 November 2010

    Updating FreeBSD 7.3 to 8.1 on Soekris NET5501

    Just a quick heads-up if you're updating a FreeBSD server with a serial console.

    Thursday, 21 October 2010

    Ubuntu 10.10 First Impressions

    Tried out clean installs of Ubuntu 10.10 (Maverick Meerkat) on two Dell Latitude D620 systems yesterday.

    Saturday, 16 October 2010

    Apple iPad first impressions

    I finally got an iPad a few days ago.  Generally, it's a very impressive device - as it should be for the price.  Just some initial observations:

    Saturday, 9 October 2010

    Ubuntu Server virtualisation on Kimsufi hosting

    After yesterday's false start with Citrix XenServer, today I'm switching to Ubuntu Server as my VM hosting platform.

    Virtualizing my Internet server

    I'm about to start work on a new non-profit website using a content management system so that other people can help to edit the content.  I'm hoping that a VMware-type approach will make this easier...

    Friday, 8 October 2010

    IPV6 on Ubuntu 8.04 server

    In case anyone else is wondering why /etc/network/interfaces fails to configure a static IPV6 address on Ubuntu 8.04, here's the solution...

    Sunday, 19 September 2010

    IPV6 + Cisco 1841 ADSL + Monowall

    Got this combination working today after a bit of a struggle...

    Saturday, 18 September 2010

    Wake-on-LAN workaround for Mac Snow Leopard

    This article discusses Wake-on-Demand versus "classic" Wake-on-LAN on Mac Snow Leopard.

    Saturday, 21 August 2010

    Stopping random cut-and-paste errors

    Recently I've kept finding random bits of text pasted in at random places in the documents I've been editing under Ubuntu Linux.  Today I realised that my new laptop has a middle mouse button, which pastes the contents of the cut-and-paste buffer.  Time to disable that middle mouse button...

    Wednesday, 18 August 2010

    Herefordshire in the sunshine

    Took some photos at the weekend, on a short walk around Marcle Ridge in Herefordshire.  I don't know why this part of the country is so empty, as it's lovely countryside to walk in.   Photos below...  Click for full-size images...

    Ubuntu Netbook Edition: Consumer-Friendly Linux

    Just a quick note in praise of Ubuntu Linux 10.04 "Lucid Lynx" - more specifically their excellent Netbook edition - with a HOWTO for installing it on the problematic Dell C400 laptop.

    Friday, 9 July 2010

    iPhone 4 Frustrations on T-Mobile UK

    Finally got my iPhone 4 (unlocked from Apple). Having sold my iPhone 3G to my sister (who is now using it on T-Mobile), I'd been reduced to using an appalling old Motorola, so I was keen to get going with the new phone, mainly because texting on the Motorola is pretty tedious. Only problem being lack of a Micro SIM....

    Thursday, 3 June 2010

    Ubuntu 10.04 LTS - First Impressions

    I've been testing this release ("Lucid Lynx") on a Dell Precision M4400 laptop. Initial impressions very favourable. It boots quickly, even with full-disk encryption (via the Alternate Install CD): around 30 seconds to the login screen. Much quicker than MS Windows on the same hardware.

    Saturday, 15 May 2010

    Traverse Viking PCI ADSL card + MONOWALL

    I now have one of these cards in a Soekris net5501, in a nice case supplied by Wim at kd85.com ...

    Thursday, 13 May 2010

    Askozia PBX 2.0: Fix for IAX trunk not working

    I'm running a free Asterisk appliance image on a Soekris NET5501 low-power embedded computer.  So far so good: it's simplicity itself to set up (just copy the image to a Compact Flash card and boot).

    Wednesday, 12 May 2010

    HOWTO: Install Ubuntu Linux via PXE Boot

    Here's how to do a network-based installation of Ubuntu Linux, for machines without CDROM drives.  It is very simple.

    Tuesday, 11 May 2010

    HOWTO: Install a Soekris server with PXE Boot

    The Soekris NETxxxx boards can't boot from CDROM or USB, so installing an operating system requires PXE booting from the network, unless you want to prepare the hard disk or CF card in another machine first.  Another challenge is that the Soekris boards only have a serial console, so you can't use an operating system that assumes a video display and keyboard.  This article outlines your options.

    You can use PXE Boot for a wide variety of purposes. My motivation on this occasion was to write a new image the CF card that my Soekris NET5501 AskoziaPBX Asterisk server boots from, without having to unbolt the server from the rack.

    Monday, 3 May 2010

    No-NAT Firewalling with Monowall

    Just a heads up for anyone tearing their hair out over this one.

    Wednesday, 7 April 2010

    Full Disk Encryption & PGP email for the Mac

    As a security specialist, my own systems need to be secure, so it's my policy that most of my systems should employ full-disk encryption (FDE).  The only exceptions are servers - since these won't restart after a power failure in they use FDE.   I also want to be able to send PGP-encrypted emails, for example for business correspondence, or for bike club membership administration.

    FDE provides protection in two ways.  Firstly, if someone steals your computer, they don't get all your files (unless it was up and running with no screen lock password when they stole it).  Secondly, if someone temporarily gains physical access to your computer, it's harder - although by no means impossible - for them to install a trojan to steal passwords or give them a remote shell.

    Tuesday, 17 November 2009

    Apple Time Capsule steals IP addresses, but that's OK really

    Found one minor oddity with my new Apple Time Capsule.  If you have an ARP monitoring program running (such as arpwatch, or any FreeBSD server) you may notice that the Time Capsule's MAC address periodically appears to steal the IP address of one or more Mac Snow Leopard clients.  Odd as it may seem, this is by design.

    HOWTO: Fix dig & nslookup on Mac OS X

    If ping works but dig & nslookup are broken, there's a simple fix.

    Friday, 13 November 2009

    HOWTO: Make smaller PDF files on the Mac

    On the Mac, printing a document to a PDF sometimes results in a very big file, for example when the original document has lots and lots of pictures in it. To make a smaller PDF :-

    Sunday, 27 September 2009

    Using PPP over UK ADSL using pfSense

    Most home broadband connections use an ADSL router with a built-in NAT firewall. For more complex networks, the next step is to place a dedicated firewall behind your ADSL router. But there's a third way: put your ADSL device into Bridge mode. Then it's just a dumb modem, so your firewall can run the PPP session to your ISP....

    HOWTO: Native IPV6 dialup on the Mac

    The world is running out of IPV4 addresses, so the transition from IPV4 to IPV6 is getting closer. Here's how to kick the tyres, if you want to try web surfing with IPV6.  Dialup is just for testing of course, ADSL is next ...

    Saturday, 26 September 2009

    HOWTO: Send SYSLOG messages to FreeBSD

    When you try to send SYSLOG messages for storage on a FreeBSD 7 server, the odds are that your messages won't appear in your log file on the first attempt.  You need to get several things right...

    Thursday, 20 August 2009

    GMail's SSL Certificate Updated: Fixing STUNNEL

    Today it appeared that Google Mail had updated the SSL certificate they use to secure access to the SMTPS service on smtp.gmail.com:587.   The change stopped me from sending personal email through a corporate HTTP proxy today, and I couldn't immediately remember how to load fresh certificates in my Stunnel server again...

    Saturday, 15 August 2009

    Garmin GPSmap 60CSx -update

    I've now had the opportunity to leave the GPS logging on a long car journey. Very impressive...

    Saturday, 8 August 2009

    Garmin GPSmap 60CSx - first impressions

    Just got one of these handheld GPS units for hiking and cycling. First impressions excellent...

    Tuesday, 4 August 2009

    EZMLM Log File Viewer

    DJB's EZMLM mailing list software keeps a log showing subscriber additions and deletions, but the date and time are in a non-human-readable format.  Here's a script to view those logs...

    Tuesday, 7 July 2009

    Leopard 10.5.7: MacBook WiFi connects, then drops

    My old MacBook's built-in Wi-Fi was rock-solid until recently, but just lately it had problems. Disabling RealPlayer Downloader Agent seemed to fix this....

    iPhone: Fix for "Can't Connect To YouTube"

    I saw this error on an unlocked & jailbroken iPhone 2G running the iPhone 3.0 software. Setting the date and time correctly fixed it. Seems like poor design though: why should the YouTube app need to know what time it is?

    Wednesday, 20 May 2009

    Linux on Dell C400 laptop: Ubuntu Jaunty Jackalope

    Ubuntu Linux just gets better and better, and the new Jaunty release is no exception. Very easy to use, and to add and remove software packages, keep up with the security updates, etc.  It doesn't need shiny new hardware: it will run quite happily on old slow laptops....