stdout

Fri, 29 Mar 2013

Switched to nginx

Redid all the etla.org web stuff to be hosted on nginx. Let me know if you see any problems.

[20:58] | [/unix] | Switched to nginx

Fri, 21 Sep 2012

Accidental spamming

Looks like ceres.etla.org has been sending spam out for a few days. As far as I can tell someone cracked my SMTP AUTH password. Investigating.

[11:46] | [/unix] | Accidental spamming

Thu, 28 Jun 2012

DNS propagated

Now it works.

[21:21] | [/mail] | DNS propagated

Experimenting with SPF

Setting up SPF on a domain that doesn't normally do email (specifically this one, mstevens.org), for experimental purposes.

Found one problem so far - I specified my SPF record as v=spf1 mx -all. I then sent a test email to google, and it was rejected with:

Received-SPF: fail (google.com: domain of mstevens@mstevens.org does not designate 2001:ba8:1f1:f1ef::2 as permitted sender) client-ip=2001:ba8:1f1:f1ef::2;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of mstevens@mstevens.org does not designate 2001:ba8:1f1:f1ef::2 as permitted sender) smtp.mail=mstevens@mstevens.org; dkim=pass (test mode) header.i=@mstevens.org

The mx defined for the domain is on IPv4 and IPv6, and has A and AAAA records. I was expecting the SPF record above to mark both as valid, but google doesn't seem to interpret it as valid.

Looking at the discussion at a thread on the SPF mailing list I think it probably should be considered valid, although I'm not certain. Anyway, I've updated the SPF record with a ip6 entry for the specific IP address, hopefully that'll sort it. Possibly there's a bug in the google implementation, but I wouldn't know who to contact!

Waiting for the DNS to propagate and see if the change helps.

[20:18] | [/mail] | Experimenting with SPF

Tue, 29 May 2012

Culture of Distraction

We’re creating a culture of distraction

[17:38] | [/web] | Culture of Distraction

Fri, 18 May 2012

Domains

Just been inspired to renew etla.org for another 3 years.

[09:33] | [/web] | Domains

Mon, 23 Apr 2012

Filtering ports by user

You can filter ports on the local machine by user with iptables using something like this:

iptables -A OUTPUT -p tcp --dport 1234 -d localhost -m owner ! --uid-owner root -j REJECT

Will restrict port 1234 on localhost to only be accessible by root.

Found at Paranoid Penguin: Using iptables for Local Security.

[11:18] | [/unix] | Filtering ports by user

Thu, 05 Apr 2012

TG582n - more

gord on irc worked out how to see a list of supported devices:

Administrator}=>mobile device list
Name           : ZTE_MF627 (preconfigured)
	Storage id     : 19D2:2000
	Modem id       : 19D2:0031
	modeswitch     : 55534243123456782000000080000c85010101180101010101000000000000
	AT interface   : 1
	Data interface : 3
	Force USB 1.1  : yes

	Name           : ZTE_MF100 (preconfigured)
	Storage id     : 19D2:2000
	Modem id       : 19D2:0017
	modeswitch     : 55534243123456782000000080000c85010101180101010101000000000000
	AT interface   : 1
	Data interface : 2
	Force USB 1.1  : yes

	Name           : HUAWEI_E1690 (preconfigured)
	Storage id     : 12D1:1446
	Modem id       : 12D1:1001
	modeswitch     : 55534243000000000000000000000011060000000000000000000000000000
	AT interface   : 2
	Data interface : 0
	Force USB 1.1  : yes

	Name           : Zoom_4595 
	Storage id     : 1C9E:F000
	Modem id       : 1C9E:9603
	modeswitch     : 55534243123456788000000080000606f50402527000000000000000000000
	AT interface   : 1
	Data interface : 2
	Force USB 1.1  : yes

	Name           : H_E220 
	Storage id     : 0000:0000
	Modem id       : 12D1:1003
	modeswitch     : 
	AT interface   : 1
	Data interface : 0
	Force USB 1.1  : yes

	Name           : H_E1725Cu 
	Storage id     : 12D1:1446
	Modem id       : 12D1:1417
	modeswitch     : 55534243000000000000000000000011060000000000000000000000000000
	AT interface   : 3
	Data interface : 0
	Force USB 1.1  : yes

	Name           : H_E180 
	Storage id     : 0000:0000
	Modem id       : 12D1:1003
	modeswitch     : 
	AT interface   : 1
	Data interface : 0
	Force USB 1.1  : yes

	Name           : Alcatel 
	Storage id     : 1BBB:F000
	Modem id       : 1BBB:0000
	modeswitch     : 55534243123456788000000080000606f50402527000000000000000000000
	AT interface   : 1
	Data interface : 3
	Force USB 1.1  : yes

	Name           : Telsey 
	Storage id     : 1C9E:F000
	Modem id       : 1C9E:9603
	modeswitch     : 55534243123456788000000080000606f50402527000000000000000000000
	AT interface   : 1
	Data interface : 2
	Force USB 1.1  : yes

	Name           : ZTE_MF110 
	Storage id     : 19D2:2000
	Modem id       : 19D2:0016
	modeswitch     : 55534243123456782000000080000c85010101180101010101000000000000
	AT interface   : 1
	Data interface : 2
	Force USB 1.1  : yes

	Name           : H_E1762 
	Storage id     : 12D1:1446
	Modem id       : 12D1:140C
	modeswitch     : 55534243000000000000000000000011060000000000000000000000000000
	AT interface   : 3
	Data interface : 0
	Force USB 1.1  : yes

	Name           : H_E1752Cu 
	Storage id     : 12D1:1446
	Modem id       : 12D1:140C
	modeswitch     : 55534243000000000000000000000011060000000000000000000000000000
	AT interface   : 3
	Data interface : 0
	Force USB 1.1  : yes

	Name           : H_E1752Cu_OV 
	Storage id     : 12D1:1446
	Modem id       : 12D1:1417
	modeswitch     : 55534243000000000000000000000011060000000000000000000000000000
	AT interface   : 3
	Data interface : 0
	Force USB 1.1  : yes

	No device detected

[19:12] | [/aa] | TG582n - more

Technicolor TG582N and 3G

I just got the Technicolor TG582N router from A&A, after my previous router developed an annoying habit of dropping all my packets.

One of the things I wanted to try was getting the "3G backup" support working. This is not very well documented on the internet at the moment.

The best documentation I could find (with the help of #A&A on irc) was the Be user group Mobile internet document.

I tried this out with an old Vodafone dongle - labelled as a "Vodafone Mobile Connect Model K3565 - Rev 2", but which I believe is really a badged Huawei E220.

I backed up the configuration as recommended.

I logged in via telnet and tried to run the Be documented commands. I found I had to add an initial mobile ifadd as the umts interface did not exist:

{Administrator}=>mobile ifadd intf=umts
{Administrator}=>mobile ifconfig intf=umts apn=CHANGEME
{Administrator}=>ppp ifadd intf=mobilebroadband
{Administrator}=>ppp ifconfig intf=mobilebroadband dest=umts
{Administrator}=>nat ifconfig translation=enabled intf=mobilebroadband
{Administrator}=>ppp rtadd intf=mobilebroadband dst=0.0.0.0
{Administrator}=>exit

I then went to the web interface http://192.168.1.254/_pppom_cfg.lp?be=0&l0=2&l1=2&name=mobilebroadband - replace 192.168.1.254 with the IP address of your router, and entered the username, password, and APN. For my vodafone SIM, the username was web, the password was web, and the APN was pp.internet.

You should then be able to fiddle around with telling the interface to connect, and unplugging the DSL. The new connection should show up under "Broadband Connection - Internet Services".

I'm not sure how to make failover work, or if anything extra is required. Since I was using a vodafone dongle, and my machines are statically configured to use A&A's DNS servers, I lost working DNS.

Hopefully someone else can fill in the rest of the details to make things behave sensibly, and even try an A&A SIM.

I also tried with a Huawei E367 - doesn't seem to be recognised.

[18:55] | [/aa] | Technicolor TG582N and 3G

Thu, 01 Mar 2012

Playing with SSHFP

Playing with setting up sshfp on etla.org.

Should make things a little bit more secure, although I really need to do dnssec as well.

[22:12] | [/unix] | Playing with SSHFP

Tue, 10 Jan 2012

Gilbert U-238 Atomic Energy Lab

I want one of these.

[16:22] | [/web] | Gilbert U-238 Atomic Energy Lab

Fuloong continued

The fuloong experiments continue:

[16:21] | [/lemote] | Fuloong continued

Sun, 08 Jan 2012

Lemote Fuloong and Debian

I recently bought a new Lemote Fuloong with the intention of running Debian Linux on it.

I've been trying to install following the instructions at How to Install, although strictly speaking they are for the Yeeloong rather than the Fuloong I'm using.

Discoveries so far:

[20:54] | [/lemote] | Lemote Fuloong and Debian

Thu, 08 Sep 2011

I hear the cool kids call it railfanning these days

Some photos of the new new DLR stations

[18:17] | [/trainspotting] | I hear the cool kids call it railfanning these days

Sat, 03 Sep 2011

Autopilot...

On autopilot?

[13:13] | [/web] | Autopilot...

Mon, 15 Aug 2011

Regtools

                _              _
 _ __ ___  __ _| |_ ___   ___ | |___
| '__/ _ \/ _` | __/ _ \ / _ \| / __|
| | |  __/ (_| | || (_) | (_) | \__ \
|_|  \___|\__, |\__\___/ \___/|_|___/
          |___/

[16:34] | [/web] | Regtools

False Confessions

People have a strange and worrying tendency to admit to things they have not, in fact, done

[10:59] | [/web] | False Confessions

Fri, 05 Aug 2011

Internet addiction in Korea

South Korean clinic treats web addicts

[14:15] | [/web] | Internet addiction in Korea

Wed, 03 Aug 2011

Tweetage Wasteland

Tweetage Wasteland: The Action Movie Blog Post

This post is pretty good, as in fact is the entire blog.

[10:14] | [/web] | Tweetage Wasteland

Fri, 08 Jul 2011

Large datasets

So at the moment I'm interested in large datasets. Trying to collect some interesting links to what's out there:

There's obviously some duplication here in terms of sites linking to other sites, I'm highlighting stuff I thought was interesting. I'll probably update this post as I find new data that seems interesting.

[09:41] | [/web] | Large datasets

Mon, 20 Jun 2011

Internets rot your brain

Brain scans hint excessive time online is tied to stark physical changes in the brain

Rough Type: Nicholas Carr's Blog: More evidence of Net's effect on the brain

[10:55] | [/distraction] | Internets rot your brain

Fri, 18 Mar 2011

ep.io

ep.io are pretty cool automated python hosting.

[11:16] | [/python] | ep.io

Wed, 02 Feb 2011

Free public datasets

A couple more interesting links on free public datasets:

[12:21] | [/web] | Free public datasets

Mon, 31 Jan 2011

OTP Tokens

Recently discovered gooze and their interesting variety of cryptographic products.

I bought one of their OTP C100 one-time-password tokens to play with. They seem to implement the OATH standards, which works nicely with a variety of software.

I decided to try to get this working on debian with PAM as an authentication method.

So far the software I've tried to do this is oath-toolkit, which provides a convenient pam_oath PAM module to use. I've got this working on a home debian machine for testing, requiring a one-time-password from the dongle every time I login.

Rough steps to setup:

  1. Install oath-toolkit as usual. You probably want to install from source or download the supplied debs, the latest version seems to be the thing to get.
  2. Run ldconfig - this is one thing that's not mentioned in the instructions but was needed before my machine would see the new PAM module.
  3. Put this in /etc/pam.d/common-auth:
    # this bit restricts oath checking to the specified user                        
    # you could use a group or whatever if you had more than 1 token                
    auth [default=1 success=ignore] pam_succeed_if.so quiet user = useryouwanttoauth
    auth requisite pam_oath.so usersfile=/etc/users.oath window=20 digits=6
    
    You should have created the users.oath file in the normal course of installing oath-toolkit.
  4. sshd_config should have:
    ChallengeResponseAuthentication yes                                             
    PasswordAuthentication yes                                    
    

After that, things seem to work with at least sshd and su, but I'm still testing. Annoyingly, if there's a ssh authorized_key, it seems to override password authentication totally. Ideally I'd like to combine ssh keys and OTP, but I haven't worked that out yet.

I've also got one of the gooze OTP C200 tokens, which looks very nice, and uses time based passwords, which I'd really rather use, but it's not supported by oath-toolkit yet.

[21:23] | [/unix] | OTP Tokens

Keyrings

More of A&A's engraving work, I present keyrings.

Personally I think the wood one comes out much more nicely (and there's some fine detail you can't see because my camera isn't good at closeups).

[19:52] | [/aa] | Keyrings

A Round Tuit

After much popular demand from irc I am pleased to supply a photo of a round tuit. Well actually 4 of them.

An example of the fine Laser Engraving Services from Andrews & Arnold.

[19:47] | [/aa] | A Round Tuit

Thu, 20 Jan 2011

The Great IPv4 Countdown

There's not much IPv4 left, it should be an interesting transition.

[15:34] | [/unix] | The Great IPv4 Countdown

Mon, 15 Nov 2010

Cabell

Cabell de Marcellus

[17:23] | [/web] | Cabell

Sun, 22 Aug 2010

Is multi-tasking a myth?

Is multi-tasking a myth? (BBC News article)

[21:13] | [/web] | Is multi-tasking a myth?

Tue, 27 Jul 2010

Luddite news

[11:01] | [] | Luddite news

Sun, 11 Jul 2010

aasms 0.6

Released aasms 0.6 with a few bugs fixed, and support for the new iccid based direct-to-SIM stuff.

[22:15] | [/python] | aasms 0.6

Mon, 14 Jun 2010

aasms v0.4

More aasms hacking, v0.4 can now get the username and password from a config file, so you don't have to have them in the process name. (which is more or less why I started the whole exercise)

[21:45] | [/python] | aasms v0.4

aasms and nagios

Finally setup my aasms module with nagios, which was really the point of the whole exercise.

First, define some new notification commands more or less like this:

define command{
	        command_name    notify-host-by-sms
			command_line    send-aa-sms --file=/etc/nagios3/aasms.config -d $CONTACTEMAIL$ -m "***** Nagios *****Notification Type: $NOTIFICATIONTYPE$ Host: $HOSTNAME$ State: $HOSTSTATE$ Address: $HOSTADDRESS$ Info: $HOSTOUTPUT$ Date/Time: $LONGDATETIME$"
}

# 'notify-service-by-email' command definition
define command{
	        command_name    notify-service-by-sms
		    command_line    send-aa-sms --file=/etc/nagios3/aasms.config -d $CONTACTEMAIL$ -m "***** Nagios *****Notification Type: $NOTIFICATIONTYPE$ Service: $SERVICEDESC$ Host: $HOSTALIAS$ Address: $HOSTADDRESS$ State: $SERVICESTATE$ Date/Time: $LONGDATETIME$ Additional Info: $SERVICEOUTPUT$"
}

/etc/nagios3/aasms.config should be replaced with an appropriate config file for aasms readable only by nagios. Then define a new contact:

define contact{
		contact_name                    mstevens-sms
		alias                           Michael Stevens (SMS)
		service_notification_period     24x7
		host_notification_period        24x7
		service_notification_options    w,u,c,r
		host_notification_options       d,r
		host_notifications_enabled      1
		service_notifications_enabled   1
		service_notification_commands   notify-service-by-sms
		host_notification_commands      notify-host-by-sms
		email							your_mobile_here
}

Just add this contact to appropriate groups, and you should now get SMS notification of outages.

The key advantage of all this over the curl example on the A&A site is that you don't have to put your account details in the process name, and they can live privately in a nice config file instead.

[21:44] | [/python] | aasms and nagios

Sun, 13 Jun 2010

Proc::InvokeEditor v.103

Very minor tweaks to Proc::InvokeEditor, created a github repository for it, and uploaded the shiny new to CPAN.

While I was there, noticed some very old versions of some modules I had on CPAN, and deleted them.

[19:18] | [/perl] | Proc::InvokeEditor v.103

Mon, 07 Jun 2010

Distraction continued

Hooked on gadgets, and paying a mental price

(the cynic in me suggests the recent surge in articles on this topic is related to the forthcoming book from Nicholas Carr)

[12:15] | [/distraction] | Distraction continued

Thu, 27 May 2010

More on distraction

Author Nicholas Carr: The Web Shatters Focus, Rewires Brains

[15:17] | [/web] | More on distraction

Wed, 26 May 2010

aasms 0.2

Further SMS hacking, added a command line script, now available at aasms 0.2.

[19:23] | [/python] | aasms 0.2

Multitasking still considered bad

How (and Why) to Stop Multitasking

(Yes, I know I keep going on about this every 5 minutes to anyone who'll stand still long enough)

[10:11] | [/web] | Multitasking still considered bad

Tue, 25 May 2010

aasms

Hacking a bit on some Python code to talk to A&A's SMS service.

Doesn't really do much yet, but put up a github repo to play with at http://github.com/mstevens/aasms.

[22:01] | [/python] | aasms

Mon, 17 May 2010

Leaving Unite

After many years of membership, first of Amicus, then of Unite, I've now left and am no longer a union member.

I like the idea of union membership to some degree, but I thought, amongst other things, the phone call telling me to vote for Gordon Brown was the last straw.

[16:44] | [/union] | Leaving Unite

< March 2013
SuMoTuWeThFrSa
      1 2
3 4 5 6 7 8 9
10111213141516
17181920212223
24252627282930
31      

Contact: Michael Stevens <mstevens@etla.org>

RSS: RSS feed

Atom: Atom feed

Valid XHTML 1.0!

Valid CSS!