Bad packet length 1144391034. ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: Connection corrupted

In the last few days, I've started getting this message when connecting with SSH from Ubuntu 22.04 to Oracle Linux 8 systems.  

Fix:    ssh -c aes256-gcm@openssh.com user@host

Presumably either Ubuntu or Oracle Linux (and possibly RedHat) has messed up a patch for the default cipher (apparently chacha20-poly1305@openssh.com) for that combination of operating systems.  But selecting aes256-gcm works around the problem.

This probably relates to early fixes for the Terrapin vulnerabilities.

UPDATE... If I merely disable cipher chacha20-poly1305@openssh.com then the two ends negotiate cipher: aes128-ctr with MAC: umac-128-etm@openssh.com , and I get a different error:

Corrupted MAC on input. 
ssh_dispatch_run_fatal: Connection to x.x.x.x port 22: message authentication code incorrect

So for now perhaps the easiest thing is to enable just cipher aes256-gcm@openssh.com in /etc/ssh/ssh_config whilst we wait for more mature fixes for Terrapin.  I'm reluctant to go forcing just one cipher on the server side, in case I lock myself out of a box.

HOWTO: Stop "Finish your Chromebook Setup" pop-up from displaying

I recently added a new sign-in account to our Chromebooks for the kids. They had been using "Browse As Guest", but I've disabled now, that so that I can deploy the Chrome browser extension "BlockSite" to block an addictive game page (Nightfall) on the BBC website without blocking the rest of that website.

Normally I'd use a GMail account for signing into a Chromebook. That's  really easy (even setting up a brand-new Chomebook from scratch only takes 1 minute) but this time around, the kids already had an iCloud account, so I used that rather than giving them Gmail access - as I don't think 5-year-olds need email accounts.

It was nice to see that the Chromebook allows non-Google email accounts to be used for signing in.  As ever with Chromebooks, it was very quick to set up.  But there was one annoyance! Each time a new browser tab was opened, a small pop-up appeared:

          Finish your Chromebook Setup: [Try This] [Don't Try This]

Clicking [Try This] just goes to a pointless marketing page containing no functionality whatsoever.  Clicking [Don't Try This] makes the dialog box go away only to reappear next time you open a tab.

The fix as noted at https://support.google.com/chromebook/thread/10029131?hl=en is :-

Go to your Google Account.

Select 'Data & Personalisation' from the left hand side list.

Scroll down to 'General preferences for the web'.

Complete the 'Language', 'Input Tools', 'Accessibility' and 'Search Settings' 

I'm not sure how much you need to put in those fields, but anyway it makes the nag prompt go away.

One remaining annoyance is that user profiles can be deleted accidentally from the Chromebook login page without giving a password!  Only the owner's account is immune from this.

FIXED: Ford Focus engine won't stop when switched off - and loud clicks from one loudspeaker

In case it helps anyone else... Here's how I fixed two weird faults that had appeared at the same time on my wife's 2013 Ford Focus Mk3, which is a 1.0 EcoBoost UK version.

The faults were:-

1. The engine didn't stop when the ignition key was switched off. It kept on running smoothly (not like the rough "dieseling" you sometimes get when you switch off an old car with a messed up carburettor). The rev counter stopped working, and I could hear a component shut off (probably the fuel pump), but the engine kept running, and responding to the throttle.

2. A loud clicking noise was coming from the driver's door loudspeaker (even though the stereo was switched off).

Automatic Patch And Reboot on CentOS Server 6 7 or 8

CentOS seems to lack easy commands for automatically patching a server and then rebooting it if anything needs restarting.

Basically I want to run a script via /etc/cronttab at regular intervals to patch a system and reboot if necessary.  Obviously this might cause an outage (very rarely, some service won't restart), so we do it early in the morning, and we don't patch paired systems at the same time.

My script for Centos 6, 7 or 8 is attached below but it's a bit scrappy!   Does anyone have a better way?

(UPDATED 19.6.20: Added 2>&1 stderr redirection to fix issue seen when running from /etc/cronttab on CentOS 8.)

HOWTO upload a Centos8 image to Digital Ocean

So you'd like to run Centos 8 on Digital Ocean... But the Cloud version of Centos 8 has not been released yet, so therefore Digital Ocean does not offer Centos 8 as an option...

No problem, just create a VM on your own workstation and then upload it as a Custom Image.

This HOWTO assumes you have a desktop running a Linux OS, with a copy of the free VMware Player installed.

Fixed: Saeco Intuita coffee machine - water coming from steam wand only

At the weekend I decided it was time to decalcify my coffee machine - a Saeco Intuita bean to cup machine that's served us well for 5 years.    I hadn't decalcified it for ages, and hadn't used the steam wand for months either.

After the cleaning cycle, I found the machine could not make coffee any more.  The brew unit seemed to be doing the rights things... Coffee beans were ground, and the little pucks of ground coffee were put into the waste hopper.  But water came out of the steam wand, and no coffee from the coffee spout.

The fix was to run some more cleaning cycles, and to use the hot water mode (press the tea cup button) to run lots of hot water through the steam wand.

I think the issue was that the decalcifying cycle must have disturbed some crud in the boiler, which then got stuck in the solenoid valve that controls the steam wand.  With that valve blocked open by the crud, the water was taking the easy route and coming out of the steam wand rather than going through the brew unit.

So.. if you get no coffee - just lots of water from the steam wand - your first step should be to set the machine to send hot water to the steam wand, and/or try one or two decalcifying cycles with or without decalcifying chemicals.

Fix: Windows 10 update stuck at 0% via HTTP Proxy

My new network requires my Windows 10 PC to sit behind an HTTP Proxy.  Normally this is no problem - the proxy settings configured in the browser just work - but sometimes the Windows Update process gets stuck at 0%.  Maybe there's a race condition.

Fix: 
      netsh winhttp set proxy proxy-server="1.2.3.4:3128"
from an elevated command prompt, where 1.2.3.4 is your Proxy server IP

FIXED! MacOS 10.14.4 Update Breaks Gmail in Apple Mail

Like many Mac users, after taking an automatic update to 10.14.4 in early April 2019, my dad found that Apple Mail could no longer send or receive mail on a Google Mail account. 

The messsage "Google requires completing authentication in Safari" kept popping up when Mail was opened.  That took you to a Safari GMail login session - but that failed to work, even with the right password, so it went round and round in an endless loop...

I managed to fix it via the following steps:

Fix for SSH login takes 90 seconds!

So...  We type:

ssh user@host.example.com

and it hangs for ages before it lets you log in.

On older distros, you got a delay of around 30 seconds unless you set UseDNS=No in /etc/ssh/sshd_config but that's the default on recent OS installs e.g. Ubuntu Server 18.04.

I had a different problem... The DNS for host.example.com had both A and AAAA records, and somehow IPv6 was taking precedence over IPv4 - despite my machine having no working IPv6 route.  This led to a login delay of around 90 seconds before it finally fell back to IPv4.

Fix: 

ssh -4 user@host.example.com

Duh'oh!

SCP the config from a Cisco ASA

The syntax you're looking for is:

scp user@myfirewall.myfqdn.com:system:running-config myfirewall.txt

Or indeed:

scp user@myfirewall.myfqdn.com:system:startup-config myfirewall.txt

Ubuntu 18.04 - how to lose 127.0.0.53

I dislike this automatic 127.0.0.53 DNS server you see by default in /etc/resolv.conf.  Whilst it works most of the time, it makes it hard to tell which upstream DNS servers are really in use. Fortunately I found a fix...

Linux script to cleanse unwanted MP3 tags

After making a copy of my CD collection converted from FLAC to MP3, I found it failed to play in a 5-year-old car stereo on a USB stick... My Ford Focus SYNC car stereo said "Indexing USB" for about an hour, then eventually said "Bad USB Media".  (Sync is "powered by microsoft" which probably explains its general crapiness).

From web searches, apparently some MP3 taggers include cover art and other crazy tags, which can confuse the Ford car stereos. Maybe my FLAC-to-MP3 script pulled in some such tags (as it seemed to go to internet to pull tag data).

So here's a quick and dirty Ubuntu script to iterate over my entire MP3 collection and rip out any dicey looking tags.

strip_unwanted_id3_tags.sh

for TAG in TCOP APIC PRIV TXXX TCOP MCDI POPM TCON TDAT TENC TLEN TPUB TSSE WXXX
do
   echo Stripping tag $TAG from all MP3 files below current folder...
   find . -name *.mp3 -exec id3v2 -r $TAG  '{}' \; >/dev/null
done

The list of tags to remove came by using 'id3v2' to examine the entire collection, removing the more rarely used tags plus the album art ones.

This seems to make my Ford Focus accept the 128GB FAT32 USB stick. In early testing however it has failed to play tracks in correct order - grrr....

By contrast a VW car stereo of a similar age (their RNS 315 unit) accepted the original unaltered MP3 files on a 128GB FAT32 SD card and just worked!  Much more impressive...

Linux script to convert FLAC to MP3

Found this somewhere on the net but have lost the source - apologies if you are the author!

Nice clean script to convert FLAC to MP3. Nice thing is that it leaves it alone if you've already done it... So you can run it again if you've added a few FLACs.  Also, for those albums that I have as MP3 rather than FLAC anyway (e.g. Amazon autorip CDs) the script copies the MP3 across to the copy directory tree, which is just what I want.

Works very nicely on Ubuntu 17.10. Idea is to convert my CD collection (stored as FLAC) into MP3 format for playing in the car on a USB stick.

IPTABLES refresher

Needed to activate iptables on an Ubuntu server on DigitalOcean.  Found some excellent write-ups on the DO site, to solve an initial problem running 'iptables -L' and to summarise the basic stuff - including the use of "conntrack" to make the rules properly stateful rather than just noddy.

TL;DR: if "iptables -L" mutters something about "no such file or directory", you need to

• sudo apt-get install linux-image-$(uname -r)
• More info in the links below... 
  
  PS: You should run "iptables -L -n -v" not just "iptables -L".  The "-n" prevents rDNS lookups. The "-v" says that the interface names for each rule will be listed, without which you can't meaningfully review the ruleset!
  
  

Win7 clean installs - fixing Windows Update breakage

For the second time in recent months, I did a clean install of Win7 x64
Enterprise and got a solid hang in Windows Update.

FIXED: VMware Workstation Shared Folders don't work

The current release of VMware Tools fails to compile its Shared Folders (HGFS) module on Ubuntu 14.04 guest VMs.

It seems that VMware has failed to keep their code up-to-date with routine updates to the Linux kernel for some months.

Solution:
1. Take a snapshot of your VM guest in case step 2 goes wrong...
2. Patch the VMware Tools source code in your VM guest...

Installing & Recovering Ubuntu Server 14.04 using BTRFS

Our new servers are all running Ubuntu Server 14.04 LTS.  This was chosen because it's free, it's fairly mainstream, and it's supported for security updates for 5 years between major releases (after which you can update in-place to a new major release).

An unexpected benefit of this system is that it supports BTRFS.  This was something new to me, but it turns out to offer a simple way to recover a system in the event of a disastrous update, and to recover lost files in the event of the user deleting them by mistake. 

FIX: Ubuntu 14.04 Software Updater hangs with message "Querying Software Sources"

Had this problem today. Fixed after some head scratching ....

UK OS Paper Maps are safe!

Contrary to press reports, there seem to be no plans to stop printing the Ordnance Survey core paper map products.  https://www.ordnancesurvey.co.uk/blog/2014/03/maintaining-national-coverage-of-paper-maps-in-great-britain-commitment-from-ordnance-survey/

FIX: Airport Utility does not find any devices - Mac OS X Yosemite (10.10.1)

Apple appears to have changed the way the Airport Utility admin application finds Airport and Time Capsule devices.  This may also apply to the Time Machine tools for backing up and restoring Mac files.  There is a simple fix...

Fix for "openssl s_client -connect" cert verification errors

For Ubuntu 14.04, the correct syntax is:
openssl s_client -CApath /etc/ssl/certs -connect www.example.com:443

HOWTO: Tag music files automatically, based on folder and file name

Pasted at the bottom of this article is a Bash script I ran last night to tag my audio collection.  I was hoping this would enable Google Play Music to recognize the metadata in the tags, so that I could browse and stream music by genre, album, artist, etc. But as noted below, the tagging process worked, but Google Play Music ignored it :-(

HOWTO: Dual-SIM Cisco 819 Router Config

In the hope that it helps others, here is a working config from a dual-SIM Cisco 819 router.  Not clever, just a basic working config to get you started.

Mounting Apple Time Capsule share from Ubuntu 14.04

Older Apple Time Capsule NAS devices don't support NTLMv2: only NTLM.  So when mounting an SMB share from such a device, you need to manually select NTLM as your security mode. Otherwise the CIFS Client fails to mount the share, and reports a permission error.

FIXED: Ubuntu Server cron error message: invoke-rc.d: initscript php5-fpm, action "reopen-logs" failed in logrotate

Found a simple fix for this error in my Ubuntu Server 14.04 cron logs arising from one of the logrotate scripts:-

pfSense: Auto reboot if Internet connection lost

I use pfSense as both my router and my firewall.  If the ADSL line drops, normally it will come back up a minute later with no problem. But a few times per year, the ADSL line comes back up in a funny state, and I end up having to reboot the pfSense box manually to recover.  So, we can run a script from cron to fix that...

Fix for 100% CPU use in Apple Mail - Mavericks 10.9.3

Migrated to 10.9.3 today. Fired up Mail. 100% CPU, loud fan, hot laptop, slow system... Happens every time.  Happily there's a quick and trivial fix.

Fix for "None of the selected updates could be saved" on Mac OS X software update

Saw this error today when running the Apple Software Update process on an old MacBook running 10.6.5.   The text of the message indicated that the digital signatures on the downloaded packages were invalid.  Manually downloading the 10.6.8 combo updater didn't fix it.

Turns out the date was set to the year 2001.  Fixing the date & time on the Mac cured the problem.

Presumably the digital signatures have "valid from" and "valid to" dates: common practice, well intentioned, but unhelpful for software updates.

Multiple displays on Ubuntu 12.04

Finally got this working on my Dell Precision M4600 laptop with its ATI video chipset...

Aperture Vaults, and Backup speed to Apple TIme Capsule

Today I wanted to backup my Aperture photo library.  Easy, but not entirely obvious how best to do it quickly...

Fix for Cisco AnyConnect VPN Client hanging on Ubuntu 12.04

Recently my Cisco AnyConnect VPN client stopped connecting on my Ubuntu 12.04 box.  It would authenticate successfully (or reject an incorrect password), then hang on checking for Profile Updates, and checking for Product Updates...

Fix for "packages cannot be authenticated" warning on Ubuntu

Sometimes when installing packages on Ubuntu Linux, you'll get a warning like this:

sudo apt-get install foo bar
    ...
    WARNING: The following packages cannot be authenticated!
    foo bar
Install these packages without verification [y/N]?

The fix is trivial...

VMware 9.0 on Linux: Closing ports 443 and 902

On a Linux host, VMware Workstation 9.0.1 has TCP ports 443 and 902 open by default, listening on all interfaces.  This creates a small but unnecessary potential attack surface.
Here's how to close those open TCP ports...

Apple Airport Express is not limited to 10 users

Just wanted to counter the myth that the old-style Apple Airport Express is limited to 10 users.  I'm sure I've had more than that in the past.  Today I've had 16 devices connected to one of the older 801.11 B/G Airport Express units.

SOLVED: Issues with 2012 Airport Express

Apple has updated their entry-level wireless access point, the Airport Express.  The new version is a nice little square white box, supporting simultaneous dual-band operation (2.4 GHz and 5 GHz frequencies) plus the new 802.11n (high speed) mode.

The first time I installed this device, using the default factory settings, there was a problem with backward compatibility for non-"n" wireless devices.   I found I had to disable "n" support in order for any non-"n" devices to be able to find the wireless network.   Even then, performance was slow: the device had trouble sustaining 1 Megabit of throughput.  Yet the 5 GHz channel worked fine.

In the end, this turned out to be due to a strong local interference source (probably some dodgy imported consumer gadget) that was interfering with channel 7.  Switching to channel 1 solved the problem.  I never did find out what was interfering with the middle channels.

Metasploit tutorial

http://www.offensive-security.com/metasploit-unleashed - looks good

Ubuntu 12.04 LTS - quick notes

Generally very impressive.  Good clear fonts, quick response on my old Dell Latitude D620 laptop.

Just a few tweaks to make. I'll add to this page as I use it more...

Fix for Time Machine after Mountain Lion upgrade

After upgrading from Lion to Mountain Lion on two machines, the Time Machine backup application announced that it couldn't find the Time Capsule backup - even though that volume could be mounted and inspected manually.  There's a simple fix...

Fix for Firefox not opening PDF's on Mac

On Mac Mountain Lion, Firefox 14.0 runs in 64-bit mode by default.  This breaks the latest Adobe PDF reader.  The fix is simple: make Firefox start in 32-bit mode...

New arrival

My technical work ("geeking" as SWMBO calls it) may have to wait a while, as my first child Elena has just arrived.  Mother and baby doing well. Dad having trouble with the poppers on Elena's sleep suits.

Formatting a USB stick for UNETBOOTIN

I spent ages trying to create a bootable USB stick with UNETBOOTIN for BackTrack.  Turns out that the trick is to format the USB stick correctly before you start...

Fix for unwanted subtitles on Humax FreeSat HD recorder

The otherwise brilliant Humax FreeSat HD recorder - the FoxSat-HDR - sometimes starts displaying subtitles that can't be turned off with the Subtitle button on the remote control.  To turn off those annoying subtitles, press the OK button twice.  I have no idea why that works, but it does.

UPDATE: you might want to try pressing EXIT first (see comments below), as pressing "OK OK" sometimes advances you to the current time, if you're watching live TV in delayed mode - which is generally when the subtitles seem to appear for no obvious reason.

Cisco bug: object-group ACL fails after reboot

It seems that object-group definitions are ridiculously buggy in router ACL's on IOS 12.4(24)T2.  Here's a simple example from my Cisco 877 router config.

How to burn a big file to DVD

If you want to write a big (> 4 GB) file to DVD, you must use a burning program that allows you to choose UDF as the format...  Otherwise, the burn process will fail, and you will end up with a useless coaster!

Apple Airport Utility: UPDATED

Airport Utility v6.0 looks very shiny, but has lost lots of features since the old version.  It no longer supports IPV6, syslog, connection monitoring graphs, or WDS (extending a network wirelessly).  Happily there is an easy fix...

FIXED: Ubuntu 11.10 hangs after upgrade from 11.04: "Waiting for network configuration" then black X screen

Here's a fix for this problem, which I saw after upgrading a VMware Fusion 4.1.1 machine from Ubuntu 11.04 to 11.10.

Preparing a new Ubuntu VM Server

Here is my crib sheet on setting up a new Ubuntu server, including notes on enabling Virtualisation.  These notes include discussion of Kimsufi / OVH dedicated hosting, but the principles apply to all dedicated servers.  I use Kimsufi because they are the only dedicated hosting provider that I can afford for non-profit purposes...

Multi-WAN + Multi-LAN + No-NAT routing with pfSense 2.0.1

This notes summarise how to run multiple No-NAT LAN and WAN connections using version 2.0.1 of pfSense (an excellent open-source routing/firewalling appliance operating system).   My setup didn't work out of the box initially, so I thought it was worth writing up a summary of the settings that are now working here.

HOWTO: Disable touchpad when mouse is plugged in

My Dell M4400 laptop runs Ubuntu Linux 10.04.  When writing reports, I kept making mistakes due to hitting the trackpad during typing.  To solve this problem, I'm using this script to disable the touchpad when my favourite mouse is plugged in.  When the mouse is unplugged, the script restarts the touchpad.  Very nice.

Mac OS X Lion: Saved Versions considered harmful

Lion has a new feature designed to take safety copies of files you are editing.   But this isn't a good idea if you edit confidential documents, as it will result in copies of your sensitive documents spreading beyond the folder you put them in.  There's no easy way to disable it..

Gmail Contact Sync: Mac, iPhone, iPad... [UPDATED]

How to keep your address book synchronized across an iMac, MacBook, iPhone and iPad...

Accessing an Ubuntu desktop from Mac OS X Lion [UPDATED]

I've got this working now, but it's more complicated than it ought to be...

Booting Acronis True Image from a USB stick

Today I needed to restore a netbook PC from a backup image taken with Acronis True Image Home 9.0 (which is excellent). The backup image was stored on an external USB hard drive. The problem was how to boot the Acronis recovery image, as the netbook has no CD drive.

AWSTATS on Apache with Ubuntu Server 10.04 LTS

Got this working today.   Nice guide here covers most of it.  Another good guide is here.

UK SIM cards with static IP addresses

Should you have a need for 3G Data SIMs with "real" fixed public IP addresses (rather than the usual dynamic NATted private IPs), I have found three options...

How to disable GMail's spam filter

GMail's spam filtering is usually excellent, but sometimes it can get over-zealous.  The first thing to know is that mail from people in your GMail Contacts list is never flagged as spam. So regular correspondents should be added to to your GMail Contacts.

If you want to turn off GMail spam filtering altogether, here's how...

More thoughts on Sandboxing for security

From a security perspective, perhaps today's desktop operating systems are missing the point. With the increase in carefully-targeted spear-phishing attacks, we need to change our approach if we are to stop our computers being compromised.  Firewalls, content-checkers, anti-virus programs, whole-disk encryption: these are all necessary, but they are not enough.

We must assume the worst and plan accordingly.  From time to time, you or a colleague will receive malware-infected files that will get past the virus scanner.  How can we remain secure?

Given the security threats from the Internet today, I believe that all web pages, images and documents need to be be opened inside a sandbox container by default.

Accessing a VM image from a QEMU host

Just a quick note of the commands needed to mount a VM disk image from the QEMU host server...

VMware on Linux: Promiscuous Mode

When VMware Workstation is hosted under Linux, by default it doesn't allow VM Guests to access the network in Promiscuous mode.  There's an easy fix for this...

Fixed: Ubuntu Server shows outdated update info

Just updated some Ubuntu 10.04.2 servers using 'apt-get update; apt-get dist-upgrade', then rebooted to find stale information displayed in the login banner, still showing lots of updates pending.  There's a simple fix for this...

  rm /etc/motd.tail

  /usr/lib/update-notifier/update-motd-updates-available --force
The system would catch up eventually anyway.  These commands just speed it up.

Easy sandboxing for Windows apps

Sandboxie looks very interesting....  Yet to try it, but have heard good things about it.  Without the cost of firing up different VMs, it is able to launch programs inside wrappers, to isolate different programs from each other (or to isolate different web pages from each other) - and to protect your Windows machine from the sandboxed program.

Disabling/enabling services in Ubuntu (UPDATED)

Recent versions of Ubuntu have changed the way that system services start up.  Presumably this reflects a policy change in Linux systems.
There are now THREE different ways for Linux services to start automatically at boot...

New Cycling website launch

http://www.ComeCyclingLedbury.com - finally got it finished.  :-)

Security Websites

Herewith, just some bookmarks to websites covering network security topics. 

Installing Windows on Dell Inspiron 1545

If you're trying to install a clean copy of Windows XP or Windows 7 on a Dell Inspiron 1545 laptop, these notes might help...

Gmail Push: instant notification of new email

Just a quick note about setting up 'push' email delivery on Gmail accounts.  This feature gives you instant notification of incoming emails, without the need to poll frequently via POP or IMAP.  There are two different ways to set it up, depending on the mail client you use...

VOIP QoS on Dual-WAN ADSL Cisco 1841

Just now I'm messing about with a Cisco 1841 router with two ADSL cards in it (as outlined in an earlier post to this blog). I'll write in more detail about the IOS settings later, but meanwhile I'd appreciate some pointers if anyone has a suitable IOS config to share...

Dual-WAN ADSL with Cisco 1841

I've got a second ADSL line now, so I've just started playing with bonding my two AAISP.net.uk lines together using a Cisco 1841 router with two ADSL cards.  It works pretty nicely out of the box, but as ever, some small lurking matters have emerged...

Updating FreeBSD 7.3 to 8.1 on Soekris NET5501

Just a quick heads-up if you're updating a FreeBSD server with a serial console.

Ubuntu 10.10 First Impressions

Tried out clean installs of Ubuntu 10.10 (Maverick Meerkat) on two Dell Latitude D620 systems yesterday.

Apple iPad first impressions

I finally got an iPad a few days ago.  Generally, it's a very impressive device - as it should be for the price.  Just some initial observations:

Ubuntu Server virtualisation on Kimsufi hosting

After yesterday's false start with Citrix XenServer, today I'm switching to Ubuntu Server as my VM hosting platform.

Virtualizing my Internet server

I'm about to start work on a new non-profit website using a content management system so that other people can help to edit the content.  I'm hoping that a VMware-type approach will make this easier...

IPV6 on Ubuntu 8.04 server

In case anyone else is wondering why /etc/network/interfaces fails to configure a static IPV6 address on Ubuntu 8.04, here's the solution...

IPV6 + Cisco 1841 ADSL + Monowall

Got this combination working today after a bit of a struggle...

Wake-on-LAN workaround for Mac Snow Leopard

This article discusses Wake-on-Demand versus "classic" Wake-on-LAN on Mac Snow Leopard.

Stopping random cut-and-paste errors

Recently I've kept finding random bits of text pasted in at random places in the documents I've been editing under Ubuntu Linux.  Today I realised that my new laptop has a middle mouse button, which pastes the contents of the cut-and-paste buffer.  Time to disable that middle mouse button...

Herefordshire in the sunshine

Took some photos at the weekend, on a short walk around Marcle Ridge in Herefordshire.  I don't know why this part of the country is so empty, as it's lovely countryside to walk in.   Photos below...  Click for full-size images...

Ubuntu Netbook Edition: Consumer-Friendly Linux

Just a quick note in praise of Ubuntu Linux 10.04 "Lucid Lynx" - more specifically their excellent Netbook edition - with a HOWTO for installing it on the problematic Dell C400 laptop.

iPhone 4 Frustrations on T-Mobile UK

Finally got my iPhone 4 (unlocked from Apple). Having sold my iPhone 3G to my sister (who is now using it on T-Mobile), I'd been reduced to using an appalling old Motorola, so I was keen to get going with the new phone, mainly because texting on the Motorola is pretty tedious. Only problem being lack of a Micro SIM....

Ubuntu 10.04 LTS - First Impressions

I've been testing this release ("Lucid Lynx") on a Dell Precision M4400 laptop. Initial impressions very favourable. It boots quickly, even with full-disk encryption (via the Alternate Install CD): around 30 seconds to the login screen. Much quicker than MS Windows on the same hardware.

Traverse Viking PCI ADSL card + MONOWALL

I now have one of these cards in a Soekris net5501, in a nice case supplied by Wim at kd85.com ...

Askozia PBX 2.0: Fix for IAX trunk not working

I'm running a free Asterisk appliance image on a Soekris NET5501 low-power embedded computer.  So far so good: it's simplicity itself to set up (just copy the image to a Compact Flash card and boot).

HOWTO: Install Ubuntu Linux via PXE Boot

Here's how to do a network-based installation of Ubuntu Linux, for machines without CDROM drives.  It is very simple.

HOWTO: Install a Soekris server with PXE Boot

The Soekris NETxxxx boards can't boot from CDROM or USB, so installing an operating system requires PXE booting from the network, unless you want to prepare the hard disk or CF card in another machine first.  Another challenge is that the Soekris boards only have a serial console, so you can't use an operating system that assumes a video display and keyboard.  This article outlines your options.

You can use PXE Boot for a wide variety of purposes. My motivation on this occasion was to write a new image the CF card that my Soekris NET5501 AskoziaPBX Asterisk server boots from, without having to unbolt the server from the rack.

No-NAT Firewalling with Monowall

Just a heads up for anyone tearing their hair out over this one.

Full Disk Encryption & PGP email for the Mac

As a security specialist, my own systems need to be secure, so it's my policy that most of my systems should employ full-disk encryption (FDE).  The only exceptions are servers - since these won't restart after a power failure in they use FDE.   I also want to be able to send PGP-encrypted emails, for example for business correspondence, or for bike club membership administration.

FDE provides protection in two ways.  Firstly, if someone steals your computer, they don't get all your files (unless it was up and running with no screen lock password when they stole it).  Secondly, if someone temporarily gains physical access to your computer, it's harder - although by no means impossible - for them to install a trojan to steal passwords or give them a remote shell.

Apple Time Capsule steals IP addresses, but that's OK really

Found one minor oddity with my new Apple Time Capsule.  If you have an ARP monitoring program running (such as arpwatch, or any FreeBSD server) you may notice that the Time Capsule's MAC address periodically appears to steal the IP address of one or more Mac Snow Leopard clients.  Odd as it may seem, this is by design.

HOWTO: Fix dig & nslookup on Mac OS X

If ping works but dig & nslookup are broken, there's a simple fix.

HOWTO: Make smaller PDF files on the Mac

On the Mac, printing a document to a PDF sometimes results in a very big file, for example when the original document has lots and lots of pictures in it. To make a smaller PDF :-

Using PPP over UK ADSL using pfSense

Most home broadband connections use an ADSL router with a built-in NAT firewall. For more complex networks, the next step is to place a dedicated firewall behind your ADSL router. But there's a third way: put your ADSL device into Bridge mode. Then it's just a dumb modem, so your firewall can run the PPP session to your ISP....

HOWTO: Native IPV6 dialup on the Mac

The world is running out of IPV4 addresses, so the transition from IPV4 to IPV6 is getting closer. Here's how to kick the tyres, if you want to try web surfing with IPV6.  Dialup is just for testing of course, ADSL is next ...

HOWTO: Send SYSLOG messages to FreeBSD

When you try to send SYSLOG messages for storage on a FreeBSD 7 server, the odds are that your messages won't appear in your log file on the first attempt.  You need to get several things right...

GMail's SSL Certificate Updated: Fixing STUNNEL

Today it appeared that Google Mail had updated the SSL certificate they use to secure access to the SMTPS service on smtp.gmail.com:587.   The change stopped me from sending personal email through a corporate HTTP proxy today, and I couldn't immediately remember how to load fresh certificates in my Stunnel server again...

Garmin GPSmap 60CSx -update

I've now had the opportunity to leave the GPS logging on a long car journey. Very impressive...

Garmin GPSmap 60CSx - first impressions

Just got one of these handheld GPS units for hiking and cycling. First impressions excellent...

EZMLM Log File Viewer

DJB's EZMLM mailing list software keeps a log showing subscriber additions and deletions, but the date and time are in a non-human-readable format.  Here's a script to view those logs...

Leopard 10.5.7: MacBook WiFi connects, then drops

My old MacBook's built-in Wi-Fi was rock-solid until recently, but just lately it had problems. Disabling RealPlayer Downloader Agent seemed to fix this....

iPhone: Fix for "Can't Connect To YouTube"

I saw this error on an unlocked & jailbroken iPhone 2G running the iPhone 3.0 software. Setting the date and time correctly fixed it. Seems like poor design though: why should the YouTube app need to know what time it is?