Sunday, 29 December 2013

Nelson Mandela Funeral Plane Spotting

During the recent funeral of our best leader ever Nelson Mandela, I managed to spot a few aircraft as they entered South African air space, including:

USAF Air Force 1
USAF Air Force 2
USAF Military Airlift Command - C17

Very cool indeed!

How has the NSA changed the world?

The Internet has been abuzz since Snowden leaked some really precious information about the way the NSA has infiltrated the world. To be honest I never suspected the level of spying to be quite as bad as it's turned out to be... being a non-US citizen it concerns me even more as they seem to have no limit and do this all in the name of keeping the US safe while we now know it goes far beyond this...

The economic impact must be huge for the US overall, some of the additional security steps we've taken as "foreigners" and I'm sure many other's also have:

1. Secure only access to our site - all unencrypted traffic is automatically redirected to SSL
2. Additional web application security and code reviews
3. Making mainly use of a non-US approved open source cipher or open source ciphers regarded as highly secure for all communications
4. Moved all hosting away from US companies
5. Replaced PPTP VPN links for all sensitive VPN traffic
6. Secured e-mail transfer by enabling and encouraging encryption
7. Secured webmail and changed all e-mail passwords
8. Discountinued use of Dropbox, Twitter and many Google applications like gmail, google+ and chrome
9. Replaced all Cisco devices suspected of backdoors
10. No closed source software allowed, everything must be open source.
11. Android phones changed to Cyanogenmod and firewalled
12. Many additional changes planned...

How has your ways of communicating changed, leave me a comment?

Thursday, 26 December 2013

$2.36 SSL certificate ranking on Qualys SSL Labs test



I spotted a holiday sale on SSL certificates for $2.36 and dashed to grab three for $7.09, ironically even less than what I've paid GoDaddy in the past for a single certificate. My next task was to see what ranking I could get on the Qualys SSL Labs test (thank you Qualys for the test, it's great), the result shows what can be done with a low cost certificate:







Saturday, 21 December 2013

Old CCTV camera revamped with a Raspberry Pi - Version 1

A couple of months back our CCTV IP camera got smacked by lightning, shopping around for a new one never reached the point of buying as I couldn't find anything in South Africa that really matched what I wanted to do...

Recently I started thinking of using my Raspberry Pi to replace the CCTV camera and finally got some time this weekend to play around with version 1. So my journey started... I painted the old exterior of the camera housing for a shiny new look, added an old Cisco 1700 series router fan into the mix for some cooling, added a heatsink and Real Time Clock (DS1307) to the Pi. The network cable provides the 5 volt to power the fan and the Pi while connecting it back down to the router.

I plugged in an old webcam I have lying around (Lifecam NX-3000) and got motion up and running on Raspbian 7 to send all motion files to a remote server using sshfs, so far the setup is working like a charm!

Version 2 will include a GPS (for use as a stratum 1 time server), Arduino board for all sorts of sensors (temperature, humidity etc), additional webcams, 3G dongle for backup connectivity, SDR for ADS-B and a USB hub so stay tuned for the next CCTV version post...

Moday 23rd December 2013 Update - Added a second webcam to the Pi, the Logitech C270 3MP, both are working great and the C270 has a great image quality, will post some photos in my next blog update.








Wednesday, 11 December 2013

Updating GoDaddy and other CA certificates on Linux Mint

Linux root CA certificates sometimes require an update, especially if your getting untrusted issuer errors while using wget etc...I tend to get them for my GoDaddy certificates, to update certs on Linux Mint:

wget http://curl.haxx.se/ca/cacert.pem -O /etc/ssl/certs/cacert.pem && c_rehash

Drones Drones Everywhere!


Meanwhile in the marketing departments:

Dominos Pizza: We have a pizza delivery drone as a marketing stunt
Amazon: Hey we should also do some "dominos like" drone marketing
DHL: Hey amazon give us some of that drone publicity too...


Are drones truly the future of the corporate product delivery? I'm convinced it's not a real solution to making delivery faster/easier etc although so many people have immediately swooped up the idea as being true and become part of this marketing stunt without questioning it at all...

Drones (especially like the one's shown by the companies) have a few problems, namely my list of why-this-is-purely-a-stunt:

1. Drones carry one item at a time, a delivery truck carries many along a preplanned route, therefore say Amazon, would need a huge amount of drones delivering in parallel - simply not feasible, imagine the maintenance and charging issues.

2. Battery power - most drones, especially the one's sported by the companies listed only have a few minutes of battery power, most between 9-18 minutes, excluding the weight of large parcels - not exactly great for long distance delivery...

3. Heavy products - most products are heavy, you wouldn't need much for a small drone to not be able to fly, perhaps only a book or two?

4. Weather Conditions - controlling the drone's directions especially with wind/snow/rain, and then landing it safely at what you hope it the correct address - pretty hard to replace the human factor here.

5. Laws - It'll take years and buckets of money to get drones to be compliant with laws around the world for this type of delivery.

6. Hacking/"Stoners" - many drones are reliant on line-of-sight communication, this can be overcome but imagine how many people will try to hack the signal to/from these drones and as many have stated why not simply knock it out of the air with a stone...

7. Last but not least - Why? currently it's easy to outsource the problem to a delivery company, after you give them the package it's their responsibility, seems much easier than starting a drone logistics/maintenance/etc department.


Thursday, 5 September 2013

Debian and Ubuntu guide to KVM and virsh commands

Before I continue, just noticed my one servers drive is 60737 hours old today - 6.92 years (SAMSUNG SpinPoint P80 SD) and power cycled 12 times, incredible! Back to KVM...

Install the required packages using (all commands assume root user access):

apt-get install qemu-kvm libvirt-bin virtinst virt-viewer virt-manager

Then create your image file, this will become the virtual guest's "hard drive", you can adjust the size, it won't reserve the space on your host's hard drive:

qemu-img create -f qcow2 /var/lib/libvirt/images/myserver.qcow2 25G

You can use the command below to install from an ISO image, you may want to tweak -r as it specifies how much memory to assign to the instance in MB and the vcpus depending on how many CPU cores you would like to assign to your instance. Before running the command you may want to login with ssh -X if your doing this remotely on a server:

virt-install -r 4096 --vcpus=8 --accelerate -n MyServer -f /var/lib/libvirt/images/myserver.qcow2 --cdrom /tmp/debian-7.1.0-amd64-netinst.iso --vnc

Need to attach a second drive to your instance? No problem, create a new image with the above qemu-img command then:

virsh attach-disk --driver qemu --subdriver qcow2 MyServer /var/lib/libvirt/images/mysever_disk2.qcow2 sdb

To clone a virtual instance (domain), create a new image file eg. yourserver.qcow2 then:

virt-clone --original MyServer --name YourServer --file /var/lib/libvirt/images/yourserver.qcow2

To see a list of all your KVM's: virsh list --all
You can open the virt-viewer show the display of your domain by: virt-viewer MyServer
To remove a domain from your host system: virsh undefine MyServer
To poweroff the domain: virsh destroy MyServer
To shutdown the domain: virsh shutdown MyServer
To reboot the domain: virsh reboot MyServer

More to come soon...


Thursday, 18 July 2013

OpenVZ Debian 7 - 64 bit


The quick and dirty command guide to running Debian 7 using OpenVZ, I'm using a server running Debian on 64 bit.

Check for Virtualization, anything more than 0 will do:

cat /proc/cpuinfo | grep vmx | wc -l

Install the Kernel Required: apt-get install linux-image-openvz-amd64
Install the required packages: apt-get install vzctl vzquota vzdump debootstrap

Depending on your distro you may have OpenVZ's directories in /var/lib/vz or /vz, once you know which change directory:

cd /vz/template/cache/ -or- cd /var/lib/vz/template/cache/

Download the Debian 7 64 bit template (more on the openvz.org website):

wget http://download.openvz.org/template/precreated/beta/debian-7.0-x86_64.tar.gz

Create the container using the template (filename less the .tar.gz):

vzctl create 101 --ostemplate debian-7.0-x86_64

Why 101? Basically it's the ID of the container, OpenVZ reserves ID 1 to 100 so be sure to user an ID larger than 100, I simply opted for 101.

Command Cheatsheet:

Values containing a colon are in the format -> softlimit:hardlimit, eg. 10G:25GB for the disk space below:

Start container on boot: vzctl set 101 --onboot yes --save
Set Hostname: vzctl set 101 --hostname onms.net --save
Add an IP: vzctl set 101 --ipadd 192.168.1.2 --save
Remove an IP: vzctl set 101 --ipdel 192.168.1.2 --save
Set the nameserver: vzctl set 101 --nameserver 8.8.8.8 --save
Set the memory limits: vzctl set 101 --privvmpages 1024M:2048M --save
Set the CPU usage limit (eg. 200% or 2 CPU's): vzctl set 101 --cpulimit 200 --save
Set the CPU count limit, eg. 2 CPU's: vzctl set 101 --cpus 2 --save
Set the disk space limits: vzctl set 101 --diskspace 10G:25G --save
Set the CPU units limit: vzctl set 101 –cpuunits 1000 –save

More detail on the CPU units limit:
3 containers with 1000 limit each, ie. 3000 in total will result in each container getting 1000/3000, ie. 1/3rd of the CPU's time.

To start a container: vzctl start 101
To enter the container: vzctl enter 101
To execute commands without entering container: vzctl exec 101 your_command
To change the password: vzctl exec 101 passwd
To start ssh on the Debian 7 container: vzctl exec 101 /etc/init.d/ssh start
To remove the container: vzctl destroy 101

Backing up a container with suspend: vzdump --compress --dumpdir /home/backup --suspend 101
Restoring a container: vzrestore /home/vzdump-101.tgz 101

To enable fuse, execute these on the host:
1. modprobe fuse
2. vzctl set 101 --devnodes fuse:rw --save

You can also build your own template, to do this for Debian Wheezy with:
debootstrap --arch amd64 wheezy /vz/private/101 http://ftp.us.debian.org/debian/

Hope you have great fun with OpenVZ, I know I am, if you have any questions or would like to add to this post, please comment!

Tuesday, 9 July 2013

Wikipedia Technical Details

If your like me and have wondered how Wikimedia glues together, below are a few interesting links that provide insight into their setup:

Wikimedia Grid Report:
http://ganglia.wikimedia.org

Wikimedia Server Details:
http://meta.wikimedia.org/wiki/Wikimedia_servers

Wikimedia Server Config Files:
http://noc.wikimedia.org/conf/


Thursday, 6 June 2013

Connecting to 3G using wvdial in Linux

I always keep losing my config files for wvdial and have to go through everything to figure out how to get it working again... Below is my config file tested on the South African Cell C and Vodacom networks (you'll probably need to change the Modem device though to match yours):


[Dialer Defaults]
New PPPD = yes
Phone = *99#
Username = usually
Password = ignored
Stupid Mode = 1
Dial Command = ATDT
Modem = /dev/ttyACM0
Baud = 460800
Init2 = ATZ
Init3 = AT+CGDCONT=1,"IP","Internet"
ISDN = 0
Modem Type = Analog Modem

If your sim card requires a pin before use, you can try adding the line:

Init4 = AT+CPIN=replace_with_your_pin

To do a modeswitch if your device appears as a stupid compact disc device:

1. lsusb and find the device
   Mine for eg:  Bus 001 Device 010: ID 12d1:1436 Huawei Technologies Co., Ltd. 
2. Your vendor/product ID's should be the ones before the name, eg in mine. 12d1:1436
    usb_modeswitch -v 12d1 -p 1436

If all looks good a simple of wvdial should work or let you know if you need to tweak a bit more...


Sunday, 2 June 2013

Need Linux login e-mail notifications?


Need a fast way to receive notifications of logins to your Linux server?

Append the following to: /etc/profile

/usr/local/login

Create a file /usr/local/login and change the permissions: chmod 755 /usr/local/login

You will need to install mutt, apt-get install mutt on Debian/Ubuntu should work fine, once done paste the following in the /usr/local/login file (change the e-mail address):


#!/bin/bash
#
# Login script, append full script path to /etc/profile, requires mutt            
# By ONMS.Net


email_to="support@drakepeak.net"

report_date=$(date -R)
server_ip=$(ifconfig eth0 | grep inet | head -n 1 | sed 's/:/ /g' | awk '{ print $3 }')
whoisloggedin=$(who)
message="Login Date: $report_date - Users currently logged in: $whoisloggedin"
echo $message | mutt -s "Login detected to server $server_ip" $email_to

I'll be adding a script soon to allow for login data reporting to onms.net, this should allow for easier e-mails and sms notifications of server logins.

Apache compile fails due to OpenSSL

I love (and sometimes hate) source compiling packages, it's like driving a manual car versus cruising along in an automatic, the control is truly awesome! While busy compiling Apache I got the following nasty error:

libssl.a(s2_srvr.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC

It seems to happen when your running a 64 bit Linux distro, to solve this horrid message you need to unfortunately recompile openssl, in my case openssl-1.0.1e using the following command (change your prefix if need be):

./config --prefix=/usr/local/openssl -fPIC no-gost no-shared no-zlib

After that the Apache compile works without any issues, hope it helps someone else!

Saturday, 25 May 2013

Roku 3 running Netflix in South Africa!



My uncle special ordered a Roku 3 online and anxiously waited for it to be delivered, the moment finally arrived and I was privileged to enjoy the initial setup with him!

The Roku 3 uses an ARM Cortex-A9 dual-core processor which is a huge improvement from the 600 MHz processor in previous models, full details available here

The Roku 3 boots out of the box without all the US based apps installed, after registering on the Roku website using a US IP we were able to get the Roku to download 19 updates which made Netflix feature as the first channel available.

Overall I was amazed with the size of the device and how well everything worked together, the remote is pure genius and after pairing I was able to walk around with headphones plugged in - felt pretty weird!


I tried converting HDMI to VGA but be warned the Roku 3 uses HDCP for video which results in the image below being displayed while the audio works fine...



Tuesday, 21 May 2013

Finding rouge DHCP servers on a network in Linux

Need a way to debug DHCP server traffic on your network, no problem! After going through a list of sites to find an easy way to debug DHCP traffic I finally found dhcpdump:

apt-get install dhcpdump (assuming your running an apt distro)

To dump the traffic: dhcpdump -i eth1
To generate some DHCP traffic: dhclient -n eth0

Sample output when a server replies (server IP and many other details included):

TIME: 2013-05-21 12:59:07.452
IP: 172.18.2.254 (0:4:ed:11:e3:a6) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
 HLEN: 6
 HOPS: 0
  XID: f4bf0761
 SECS: 0
 FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 172.18.2.103
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: 00:18:4d:f0:b7:f4:00:00:00:00:00:00:00:00:00:00
 SNAME: .
 FNAME: .
OPTION:  53 (  1) DHCP message type         5 (DHCPACK)
OPTION:  54 (  4) Server identifier         172.18.2.254
OPTION:  51 (  4) IP address leasetime      259200 (3d)
OPTION:   1 (  4) Subnet mask               255.255.255.0
OPTION:   3 (  4) Routers                   172.18.2.254
OPTION:   6 (  4) DNS server                172.18.2.254

Wednesday, 24 April 2013

AARTO Website Hacked


Imagine visiting your website only to find someone you've never met and probably never will took the time to deface it. This is definitely one of the top 10 things an IT administrator never wants to see but exactly what happened to the website of the Administrative Adjudication of Road Traffic Offences in South Africa.

Googling for "rEd X was here" clearly shows many sites with similar carnage, results count here was well over 161 000 on Google and the seemed to be mostly wordpress based sites. With such a high count the chances are very good that this is some script being run which checks if a site is vulnerable to a specific wordpress bug or flaw.

Additionally the website is accompanied by the following song on youtube, loaded in the background and played automagically to the user: http://www.youtube.com/watch?v=ptZ1wo3JsPc

Additionally the code contained some interesting javascript to disable the context menu, key down, and mouse down actions on the page:

<body oncontextmenu="return false" onkeydown="return false" onmousedown="return false">

Interestingly enough the name used for some of the files included within the page contain the name "ondhokarer_rajputra" which seems to point to 1 user on google (which has listened to the song above recently), and 1 facebook user, both seem to be based in Bangladesh. Could this be the hacker?







Sunday, 21 April 2013

Compiling GCC 4.8.0 on Linux

Ever wondered how to compile gcc? I recently required a feature in a version of gcc that wasn't readily available as a package on my distribution, so as I love source compiling in Linux, the recipe is below:

wget http://www.onmsfiles.com/gcc/gcc-4.8.0/gcc-4.8.0.tar.gz
tar xvzf gcc-4.8.0.tar.gz
cd gcc-4.8.0
./contrib/download_prerequisites
./configure --prefix=/opt/gcc480
make
make install

You can limit the languages by gcc by adding the --enable-languages flag to the configure command eg. --enable-languages=c,c++

Additionally it's quite a beast to compile, so if you have a more than one processor available you may want to add flags to your make to speed up the process.

Thursday, 11 April 2013

What, I need "premium" support?

I notice more and more start-up companies that I do business with are offering various levels of support, ie. the more your willing to pay the faster they may answer. I find this to be such a flawed concept... you purchase their paid service (open source is clearly different) at a profit to the company, I feel it's their duty to provide free decent support - after all it's their service!

Think about it, how often do you really call on support? I mostly do when things go wrong and depending on how good the service is this might be less than once a year, I've had services run for more than 3 years without having to call on a support team once! The majority of places offering a service to you offer free support, some of the support is absolutely excellent at helping you out and do so with a smile, one major example being hosting companies like Burst, Softlayer, Leaseweb, etc

Waiting for days for a "free" support (if even available) reply not only turns frustration into anger it makes customers want to find an alternative, a company who cares about them and will even pay more for the product if it means supports readily available. Truth be told I've worked in support, yes it becomes busy but their is simply no reason not to assist people in a timely manner (if you can't - get more staff or check why your getting so many requests) or at the very least provide proper communication for them to know whats happening behind the scene's.

As I write this I'm waiting on a support ticket answer, one part of my site is down and it's been days, why purchase a support plan when it'll just make them rich when I don't use it for the majority of the time... almost feels like they stretch it out to entice you to purchase support, it feels like time to find an alternative! *update* I found an alternative (sms messaging API with free "premium" support) and implemented their API in less time than the 4 days support took to respond with what was a question leading to another 4 day wait... they (and a popular cloud based security provider) have lost all my feature revenue, might not be much but combined with all the clients they lose in a competitive environment due to this, pretty sure it'll hurt in the long run!

Thursday, 28 March 2013

Google Street view in Fukushima ghost town!

Google Street View has announce the addition of new images within the exclusion zone in Japan. You can easily view the official Google site here. The images are truly revealing and show the insane impact the Earthquake and Tsunami had on the area.

I found some interesting technology while looking at the new images, it looks like a solar powered sensor system of some kind. I suspect it's a Geiger Counter with a nice display on it with the value it reading, would love to hear from anyone with more insight into what it could be?



Friday, 8 March 2013

Technology in South Africa

In Africa we get to deal with all sorts of natural events that really don't work to well with IT equipment, personally lightning damage has cost me the most over the years even with protection devices often in place...

I opened up an outdoor router that stopped working a while back last week, the router itself was in a water proof outdoor enclosure to keep it safe. I was amazed to find that a wasp's had used the board to build a nest and the family had luckly moved on before I stuck my hand into the enclosure, definitely a new find for me on a circuit board.

Upon closer inspection I found a small network cable hole no longer in use which must have been how the wasp got in.

Raspberry Pi and Real Time Clock DS1307


The Raspberry Pi doesn't have a real-time clock (RTC) buit-in, the reason seems to be to keep it as affordable as possible. In most cases this won't make a difference, once the Pi can reach the Internet it simply updates the time from one of the time servers in the pool (perhaps mine ;-)

The problem comes in with being offline for whatever reason but still requiring the time to always be accurate (or very close) for certain applications, such as business transaction handling etc

The easiest answer being to add a RTC to the Pi using the GPIO pins, I used the Adafruit kit (soldering required) for the Arduino boards as a local retailer had stock of it by some miracle.

Basically if you have the kit from Adafruit or something similar the below may help you (at your own risk, ;-), the circuit isn't very complicated but you need to remember not to add the the two 2.2KΩ  resistors in this kit for it to work on the Pi. 

Additionally you can insert the capacitor and crystal any direction you want, the chip half moon needs to match with the board (see my board and RTC in the picture above)

Pins:
1. VCC output needs to be connected to the 5.0V pin number 2 of the Pi
2. GND
output needs to be connected to the GND pin number 6 of the Pi
3. SDA
output needs to be connected to the SDA0 pin number 3 of the Pi
4. SCL
output needs to be connected to the SCL0 pin number 5 of the Pi

You can view the pin layout on the Pi on hobbytronics.co.uk

Notes:
1. You can skip the SQW (square-wave output) as it won't be used in this configuration.
2. Will keep time for 5 years but may gain or lose as much as 2 seconds per day
3. accurate and temperature compensated chip - DS3231 or NXP PCF2127AT

I use Raspbian 2013-02-09-wheezy-raspbian.img on my Pi so these instructions may differ on your setup or version of Raspbian, all the commands assume root user, remember sudo before the command if required:

Install the required tools to do testing:

1. apt-get update
2. apt-get install i2ctools

Testing your RTC from Linux:

1. Run the command: modprobe i2c-dev; modprobe i2c-bcm2708; modprobe rtc-ds1307
2. Run: echo ds1307 0x68 > /sys/class/i2c-adapter/i2c-1/new_device 
3. Run: i2cdetect -y 1
4. You should see a 68 appear under row 8 column 60, if not the RTC may not be connected properly or something may be wrong on the RTC/Pi  board.
5. The hwclock command should output a date (may be very inaccurate)

Ensure your Pi's time is correct and set it if need be, then you need to sync the time to your RTC by running: hwclock -w

hwclock -r should now return the correct time from your RTC

Add the following to your /etc/rc.local to sync your systems software time to the time your RTC has:

modprobe i2c-dev
modprobe i2c-bcm2708
modprobe rtc-ds1307
echo ds1307 0x68 > /sys/class/i2c-adapter/i2c-1/new_device
hwclock -s


Once the Pi goes online the time sync will simply update this for you to the most accurate time.

Good Luck and Enjoy!

Thursday, 7 March 2013

Yubico YubiKey Review

I recently received the YubiKey I ordered and couldn't wait to try it out!

Basically the YubiKey is used in two-factor authentication and generates a one-time password when you touch the gold disc.

The device is physically sturdy (I tried to bend it but it didn't budge at all) and appears to the OS as a normal keyboard it can easily be used on pretty much any system.

The only problem being you can easily insert it the wrong way up into a USB port (I did, you usually only get this right once and there's no damage except the bit of lost ego), you should see the gold disc after inserting the device and a green light should shine from the hole in the gold disc.

Using a service like LastPass.com allows you to secure your password database with the YubiKey, additionally many other sites allow you to use the YubiKey with standard authentication methods. This effectively ensures your account remains secure even if the username and password has fallen into the wrong hands.

I added support for the YubiKey into my project at ONMS.Net, basically Yubico provides you with code to access their API, the code has multiple Yubico servers defined which it uses to check the one-time passwords using their servers. The first 12 characters of the one-time password remain the same as the tokens public ID, more information on the technical side is available here >>

Some companies already using YubiKey >>


SABERTOOTH Z77

Once again I was privilege to the unboxing of another great product, this time round the ASUS SABERTOOTH Z77.

Through the years I have encountered many different motherboards but none compared to this one...  just holding the board in your hands you quickly feel a difference, it feels rock solid and almost like something you would like to find running a tank for the USA on some foreign desolate piece of ground.

With graphical BIOS, an easy way to upgrade the BIOS (even without the CPU or DRAM installed), advanced electrostatic discharge protection (they even have a chip for that), advanced thermal features, and even military grade component testing - this board is ready for the future!

The 36 awards ASUS received for the Z77 indicates a truly warm reception into the global market. Personally I would love to see the nice features of the Z77 spread and become a standard for all motherboard manufacturers.

For details on the board take a look on the Asus website >>




Saturday, 2 March 2013

CloudFlare you disappoint me...

I found CloudFlare.com a while ago and was temped to give it a try as it really looked like an awesome service to have for my visitors.

So last night I paid my $20 for a pro account and changed the DNS over, what followed was pure disappointment instead of what I though would be a smooth transition... Failed SSL and a site that loaded slower than usual:

My site uses SSL as many others do, after changing the DNS to cloudflare and waiting for hours the domains SSL certificate remains untrusted and not only untrusted but the details show show shared with a bunch of porn sites (bet my Google ranking loves that connection, same cert and IP as cerdaxxx.com)

Accepting the untrusted certificate did allow my site to load, except on the first load half of the images didn't load, with two refreshes they finally were all there. In addition to that the site was much slower than usual and not faster.

For a service claiming to work out of the box I hit a brick wall, one which caused my site to be unavailable for hours and hours with a support request simply stating "Awaiting assignment to a support agent"


Update: After waiting two days for support on the pro account I received a reply from their support. Claiming "The SSL does work although possibly not as immediate as anticipated." and it takes a few minutes.

Sorry to say but more than 6 hours after the change the certificate was still not correct, really not great if your aim is too keep your domain online... Additionally taking 2 days per message for support to respond is pretty bad in an online world. 

How do I explain to a customer their site is down, it's a CloudFlare setup issue, I'm waiting for support which may take days depending on how many higher paying customers flood the few support people available for a request... simply not a viable option.

Friday, 15 February 2013

ONMS Session Manager Finished

I just finished the session manager for onms.net, take a look at the screenshot above!

Some features:
1. Terminate a session
2. Logout from your session
3. View the last 10 sessions and there details
4. Display includes OTP logged in sessions, ie. any Yubikey/Google Authenticator

Thursday, 24 January 2013

Heart Rate Monitoring

I saw the Neptune Pine making headlines today, I was waiting for smart watch to surface! The Neptune Pine runs Leaf OS (derived from Android) and has a heart rate monitor built-in which is great news!

Recently two athletes lost their lives during a local endurance race... I was pondering the idea of a 3G device to send heart rate updates to www.onms.net which will allow for instant alerts to be generated in case something goes wrong... I'll add a heart rate monitoring feature to the Android app client for this soon!

Essentially a nice spec smart phone can now be on your wrist, check the specs out at: http://www.neptunepine.com/tech-specs.html




Tuesday, 22 January 2013

Unboxing Intel Extreme Board DZ77RE-75K

Hidden inside a plain brown paper box we discovered the beautiful Intel Extreme Desktop Board DZ77RE-75K. John (my uncle) ordered the board after doing a lot of research into the perfect board for his new gaming PC. Truth be told I was impressed with the amount of features Intel has included in this board, some are included below:

1. 1 x LGA1155 CPU Socket
2. 4 DIMM slots with max 32GB DDR3
3. Onboard graphics with HDMI out

Additional details of this board are on the Intel Ark, click here to view them...

Included in the box was all the usual, ie. backplates and specifications sticker however this board also comes with a very slick looking mouse pad and a module which provides bluetooth and  wifi!

Sunday, 20 January 2013

Yubico YubiKey

I ordered a YubiKey last night to play with, while waiting for shipping etc I started looking for details on the API and images to use on my site I was interested in how much I found by just surfing... Nothing of immediate concern but for a company who's business is security one would expect them to be extremely security conscious, yet so far:


 1 version behind on Apache release and display version details, server OS details etc


The wiki server is also a few versions behind. In addition the MediaWiki version used is 1.12.0 while version 1.20.2 is the latest... quite a few versions ago...


Have a directory listing enabled on another server:
 

The static content sync script contents with nice details in... Hi Jas?

The servers mentioned above and the main site also have ssh open to the world:



Makes me wonder what other things are open, behind in versions and how secure the "YubiKey OTP Validation server" really is?

I'll post more when I received the key, looks like a very cool device with amazing possibilities, they might just need a new sys admin!

Friday, 18 January 2013

bwm-ng csv fields

Needed to check bandwidth usage on a server today using a script, thought of running bwm-ng, it might be time for them to change the ng to nng - new next generation as it does need some work...

To generate csv: bwm-ng -I wlan0 -o csv -c 1 -T rate

The fields it produces are hidden in some "README" not readily available as it's with the source code, anyhow the details of the fields:

Unix Timestamp
Interface Name
Bytes Out
Bytes In
Bytes Total
Packets Out
Packets In
Packets Total
Errors Out
Errors In

Fields are split by ; character but this can be changed using the -C option...

Thursday, 17 January 2013

Receipt printer udev rules


We use the Epson and DigiPOS line of receipt printers for most of our retail customers as both use similar lingo and could possibly be the most reliable printers I've ever encountered (Epson being the best in my opinion but more expensive).

The printers work perfectly in Linux except for when they are plugged out and back in, often due to the permissions changing and not allowing direct access to the device from a normal user access, a chmod 666 /dev/usb/lp0 usually fixes this for the time being.

To add a udev rule to always have a eg. 666 mode on the device:

lsusb <- run lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 006: ID 0525:a700 Netchip Technology, Inc.  << The printer in my case
Bus 001 Device 004: ID 04f2:b272 Chicony Electronics Co., Ltd Lenovo EasyCamera
Bus 002 Device 003: ID 0489:e00d Foxconn / Hon Hai
Bus 002 Device 004: ID 0bda:0139 Realtek Semiconductor Corp.

Open /etc/udev/rules.d/15-printers.rules and add the line:
SUBSYSTEM=="usb",ATTR{idVendor}=="0525",ATTR{idProduct}=="a700",SYMLINK+="printer",MODE="0666"

Make sure to change the idVendor and idProduct to the lsusb values eg. 0525:a700 in my case, ie. 0525 being vendor ID and a700 being product ID.

Reload the rules (you can also: restart udev):

udevadm control --reload-rules

Wednesday, 16 January 2013

Amazing e-mail sending rates...


We sent out over 10,000 e-mail's recently and pushed to get the maximum amount out in the shortest amount of time, we managed to push 35.79 Mbps or 4.47MB/s in bandwidth usage, not to bad, effectively delivering 9 mails every second to a remote server even with all the different SPAM (not that this was) filtering techniques found in the wild!

Thursday, 3 January 2013

Why Linux simply rules!

I often encounter Windows users than love to spew hate toward Linux although they themselves often think it's an application you can install, isn't graphical at all, is dead for the desktop, can't run more than one CPU at a time, is only used for servers, or doesn't follow standards - what a joke!

So to all those people, here is a blog entry just for you... Linux powers 850K new Android devices per day, most of 700K new televisions purchased per day, 8 out of every 10 financial trade, 9 out 10 world's supercomputers, the $10B CERN large Large Hadron Collider, Lockheed Martin's Nuclear Submarine, Japanese high speed train, and the US air traffic control system.

Most website are powered by servers running Linux and opensource, these sites include Google, Twitter, Facebook, Wikipedia, Travelocity and Amazon. In actual fact in recent years 8000 developers from 800 companies have contributed to the Linux Kernel. Red Hat (a billion dollar company) just focuses on Linux for business, both server and desktop, same goes for Novell with SuSE.

Linux has a few full GUI desktops to choose from and thousands of applications, including the ability to run many windows applications. So who uses Linux as a desktop? Google has 10K, City of Munich 14K, IC bank of China changing to Linux in 20K branches, Czech Post 12K, France's police dept to have 90K by 2015, Macedonia Education has 180K, Germany students with 550K, Novell 5.5K+, Peugeot 20K, DreamWorks has 1K, FNB Bank (the most innovative Bank in 2012) run 12K, to name but a few...

In 2009 Microsoft CEO Steve Ballmer indicated that Linux had a greater desktop market share than Mac, stating that in recent years Linux had "certainly increased its share somewhat". Just under a third of all Dell netbook sales in 2009 had Linux installed.

That is an insane amount of business powered by Linux, at the end of the day using what works and being able to change with technology will highlight those IT people worth their weight in gold!

Linux developers also follow international standards like the RFC documents, if this was not the case Linux would have been an isolated and limited operating system, something it definitely isn't. Linux often has to even adapted to accept non-standard methods simply enforced by other companies.

Some other devices which run Linux you might be using/interact with: ATM machines, Kiosks, Slot machines, ADSL/Cable modems, Traffic Lights, Carrier Class Network Equipment, VoIP Phones, IP CCTV cameras, car computers/radios, fridges, and many many more! 

All stats are from places like wikipedia and other trusted sources, if you find a wrong figure or want something added to the above please let me know...



Wednesday, 2 January 2013

Water Damage Indicator

It took a device or two being sent in to a local service provider only to be told they wouldn't repair it due to the phone being water damaged... this was quite unfair though as phone we took in had a software related bug and required new firmware, the water damage just got them out of any obligation.

With all the years in IT the chances are that you've washed or wet something electronic, left it to dry and found it to be working perfectly!

We were lucky enough to find out with the last visit they disclosed how they knew it came in contact with water, the answer being a seemingly insignificant tiny white dot. When it comes in contact with water it quickly changes, I found one on my 3G dongle and decided to peel it off and feed it some water (pictures below).  It may very well be worth your time to check for the dot before taking your device in for a service...


Raspberry Pi - New 512MB memory model B revision 2

After months of waiting for my Rasperry Pi to arrive I was pleasantly surprised to find it waiting at the post office today...

I ordered a model B but with all the waiting it was upgraded to the 512 MB version (model B revision 2), which is great news as it was one of the low points I experienced with the original model B.

The 512MB memory upgrade allows for easier running of Android ICS (I'll give it a try and report back soon).

The CPU however is still lacking and also requires an upgrade, combined with how easily the IO saturation point is reached and the often I was able to crash the Pi doing mundane tasks makes me continue to look for alternatives like the Hackberry A10.

The size of the board is also exactly the same and fits nicely into the official Raspberry Pi case. The case itself looks very nice and finishes the Pi off perfectly while also making it a much easier to handle!