MiguelitoNet

I started a short reply to a comment on the blog entry at Robert Scoble’s site I referred to in my last entry.. after it grew in length, I decided to cut and paste it here as well.

Re: Post by Adam Lasnik

==
– Aesthetics… my goodness, why is this so important? Maybe it’s a teen thing and I’m just
feeling like an old fogey now, but I couldn’t care less how my music player looks or how ‘cool’
it seems or how stylish it is. Does it play my music? Does it sound decent? Is it reasonably
easy to use? Great. Then it just comes down to cost, plus a few other issues like reliability
and so on.
==

You know, I used to think the exact same thing. I just couldn’t understand why Mac lovers were so loyal to Apple…

(more…)

Posted in: Comments on other blog entries by Miguelito /
No Comments

Here’s an interesting blog entry from MS’ own Robert Scoble, their “technical evangelist” for Longhorn (next version of windows). His whole argument seems to boil down to “Pick our proprietary music codec (with DRM lockin) over theirs.” Other then that, he really doesn’t give any decent reason to pick a WMA capable player over an iPod.

Oh, and his mention of the windows media center stuff on your TV… bah! Barely anyone has actually bought those, while Tivo’s ReplayTVs and even the linux free-software MythTV are being used by far more people everyday.

Me? I’m doing my best to ignore both DRM formats (bought 2 albums off iTunes store and already am somewhat disappointed as I can’t play on my home stereo via my audiotrons). I’ll stick to mp3, which is supported by EVERY digital music player, thank you.

Posted in: Comments on other blog entries by Miguelito /
No Comments

Note: I’ve done several entries on goofy online quizes I’ve taken and my results, so I’ve created a category for them, and moved the other posts under it.

So after reading Tess’ side of MonkeyGumbo and seeing her results/link to an 80’s lyrics test.. I had to do it. My sister did it at the same time, and she kicked my butt.

Anyway, here’s my result:

Give it a shot.. this one was actually kind of fun, and I can’t tell you how many songs I could hear in my head and either just didn’t know the specific words being asked for, or never could understand what those particular words were. I did miss a few that made me feel pretty stupid when I saw the answers though.

Posted in: Silly Online Quizzes by Miguelito /
1 Comment

I’ve been running mrtg on my host for awhile now to keep an eye on usage of the networks. I’ve got seperate data for my cable modem connection, my internal wired network, and my internal wireless network.

Sometimes it’s interesting to see the charts and relate the patterns to what I (or someone else) is doing. Here’s the last 24 hours of my internal net:

The plateaus (well, this detailed they’re spikey, but the fairly level outbound/blue bits) show when I’m streaming music to my audiotron. I had the one in my bedroom streaming all night while I was sleeping. The smaller one earlier in the day is when I had music playing while getting ready for work on Friday morning.

Here’s a weekly chart:

The spike you see on Sunday was during the fires. The data rate is so high because I was doing an emergency backup of my really important data (everyone’s email, my website stuff, databases) to my laptop just in case we had to evacuate this area and I didn’t have time to pull my server to take it with me.

If you look at the charts you’ll note that the cablemodem connection (top left, labeled www.miguelito.org) always has a constant input rate. That input rate is the massive amount of arp traffic that’s always visible on the cable modem connection. If you click on the chart and look at the yearly one, you’ll see that it really ramped up around Aug… I think the arp traffic has increased due to the newer windows worms out there that started this summer, and are causing hosts to scan for open relays, exploits, etc like crazy.

Posted in: Misc by Miguelito /
No Comments

So I spent some time this weekend and setup my new wireless security system.

I rid my setup of WEP.. everyone knows that WEP is basically a joke, it’s trivial to crack into a system that only uses WEP. My WAP is now setup with a crossover cable to it’s own NIC in my server/gateway and is on it’s own secured subnet. Plus, 802.11b/g are faster when WEP is disabled too.

First off, I setup default IPtables rules that only allow ssh, web (for authentication.. otherwise you’re screwed) and dns lookups (otherwise browser hangs). There’s also a rule that rewrites any attempts from wireless hosts (on 10.0.1.0/24 net for me) to port 8888 on my webserver on 10.0.1.1. The basic rules that block all the forwarded traffic as well as traffic to the gateway itself are here.

Then, using a simple rewrite rule in apache, we send requests to port 8888 to the auth form:
RewriteCond %{SERVER_PORT} ^8888$
RewriteRule ^/(.*) https://10.0.1.1/wireless_auth [L,R]
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} ^/wireless_auth
RewriteRule ^/(.*) https://www.miguelito.org/wireless_auth

This rule also makes sure the SSL is used (we’re going to be using usernames/passwords over unencrypted wireless afterall).

Next we have the simple form that asks for username/password, and the script that does the webserver side of the auth and lets the user know if the authentication was ok or not. I also wrote a daemon in perl that looks for expected files, verifies that hosts are still online, and either starts or revokes the network access by calling this script.

I use authentication against an exising imap server running on localhost as I didn’t feel like setting up database stuff, or more intense scripting. I also use files in /tmp which aren’t the most secure of things to do, but I do a few checks on uid/gid of files to make sure users can’t drop files in to spoof the system, plus this is written for my setup… where I’m the only one that actually shells into the system. Most of my family have email on my host, but they all use the Horde’s IMP system to read email. Feel free to play with my stuff to make it more secure (no /tmp stuff) or authenticate against sql/pam/ldap/whatever.

I also put in some syslog bits so that stuff is logged to syslog for admin troubleshooting, and/or also to know when ip/mac pairs are given access or when the access is revoked:
wireless_auth_daemon.pl[26673]: [info] Granted internet access to 10.0.1.252 00:A5:F8:0A:D8:17_
wireless_auth_daemon.pl[26673]: [info] revoked internet access from 10.0.1.252 00:A5:F8:0A:D8:17_
wireless_auth_daemon.pl[27052]: [info] saw file with improper uid/gid: uid: 0 gid: 0_

The last line there is an example of my quasi-security (testing uid/gid) showing a problem and not authenticating the user’s net connection.

Anyway, the setup seems to work really well, I’ve been stress testing it all weekend, and it does exactly what I expect. The time from authentication to net access is only about 10 seconds (I have a sleep 10 in the daemon script) and if a host goes offline, it only takes about 17 seconds max before it’s access is revoked, so the chances of someone spoofing my ip and mac pair to jump on right after I power off a wireless device are nearly nil.

Quick readme/requirements.. the perl modules listed in each script (duh).. simple cpan commands will install them. You’ll also need a dhcp server setup that’s handing out IPs on the wireless subnet. The scripts are partly coded to my setup (subnet 10.0.1.0 netmask 255.255.255.0, gateway is 10.0.1.1) and of course, an apache server on the gateway box. I’m going to redo the scripts a bit to remove the parts that are hard coded to the subnet, and the interface name (mine’s eth2).

If anyone tries this out, and especially if you change/improve it, please let me know. Always interested to see what happens.

Update: Hmm.. just noticed when reading the post that the syslog bits don’t include the timestamp. I’ll need to figure that out.

Ok, so I already wrote a quick date addition to the syslog bits for the daemon.. that was easy:
Oct 20 00:30:54 [wireless_auth_daemon.pl] info: Daemon started up_
I have no idea why all the log entries have a _ after them.

Posted in: My l337 skillz by Miguelito /
1 Comment

I just love Apple sometimes, they do some great ads from time to time.

This, on their current homepage, is just classic:

Posted in: Misc by Miguelito /
No Comments

How dumb are you?

How DUMB are you?
Brought to you by the good folks at sacwriters.com.

Which less known Simpsons character are you?

What lesser-known Simpsons character are you?
Brought to you by the good folks at sacwriters.com.

Yeah, I can see that.

Posted in: Silly Online Quizzes by Miguelito /
No Comments

Yet another “Which character/OS/whatever are you…” test.. This one was Fantasy/SciFi Character..

I’m Wesley Crusher. heh

Kind of ironic considering I read ol’ Wil’s blog fairly regularly…

Update: Duh, I forgot the text of what being Wesley means…
A brilliant learner with a knack for almost everything, you choose to spend your efforts in the pursuit of travels that extend your own potential.

Posted in: Silly Online Quizzes by Miguelito /
1 Comment

So my little upgrade/maintenance plan for this weekend turned into almost the entire weekend. Aftering putting my new drives into my server, and getting serveral hours into working on it, I found that one of the two new drives I just purchased is bad. I was even seeing issues with my bios settings being reset constantly (if I wanted to boot from CD, I had to go into the bios settings and change it every time) but after replacing the bum drive, the settings now stay.

I’m such the geek… I did most of the work using my mac laptop from my living room, but at one point I wanted to see the system while it rebooted to see if anything made it hang, so I setup my webcam:

It worked really well, I was able to see what was going on and while it’s not clear enough to read everything, it was plenty to tell if the boot was going well or not.

Anyway, it’s good to finally have all the data that matters (everything but the OS bits) on mirrored filesystems for safety.

Posted in: Uncategorized by Miguelito /
No Comments

Anyone that knows me, knows that I think Microsoft writes the worst OS in major use today. It’s not user friendly (contrary to what they claim), it’s nowhere near as stable as any unix system I’ve used, and they abuse their monopoly status to overcharge for it.

There’s been a lot of discussion about their new licensing/activation scheme since it debuted in Office and Windows XP. So far, it hadn’t been much more then a nuisance to me, as “activation” over the net was pretty simple. Well, yesterday, I learned what a huge inconvenience it can be, and it became clear to me that they put very little thought into how one would activate when changing hardware.

This all started when I replaced the failing motherboad in my grandparent’s computer with a new cpu/mobo combo with onboard video, lan, etc. First boot into windows resulted in it complainig that the hardware had changed, and that a reactivation was required; this was, of course, expected. What I didn’t expect was that windows wouldn’t even allow me to login before reactivating. “What’s the big deal?” you might ask? Well, you can’t use the network to activate until you’ve installed a driver for the NIC, and you can’t install a driver until after you log in. It won’t even let you boot into single user until reactivated.

So I ended up having to call the stupid 1-888 number and walk through that manual process to activate. While it did work pretty well, in fact, I was impressed with the computer voice recognition (not a single repeat required) it took a good 10-15 minutes to get through it all. Activation over the net takes all of 2 seconds.

Wakeup call to MS: You need to allow a grace period for one to get onto the box and install drivers to activate, you morons… at least new installs give a 30 day grace period.. even a few minutes would’ve been enough in this case.

I guess my main problem with this whole activation scheme is the fact that it seems to assume that we’re all criminals, and that we have to prove ourselves as valid customers to use their products. I already had bought, installed, and activated this copy of XP on the computer for my grandparents a couple years ago, I shouldn’t have to prove to them it’s valid just because I upgrade the hardware.. something that plenty of us do quite often.

Since I bought myself a 17″ Powerbook with Mac OS X a few months back, windows has been relegated to a game platform for me. I’m thinking that in the future, I’m going to push Macs on my family members more and more.. it’s just more stable, easier to use, and doesn’t treat me like a pirate anytime I make a change to my hardware.

If it weren’t for the lack of games on OSX, I’d have removed windows from my home already.

Posted in: Uncategorized by Miguelito /
No Comments