Skip navigation

Category Archives: Uncategorized

I’ve been looking for a way to find out how far the duplication of an image onto an SD card for my new Raspberry Pi has got…unfortunately DD doesn’t natively give you any idea of progress – therefore there’s no obvious way of checking whether the process has hung…

Fortunately it is possible to see how things are progressing by using the following:

#watch -n 10 killall -USR1 dd

This will display a status update every 10 seconds. Note that for BSD’s you should be able to replace USR1 with INFO (but I’ve not tested this, so feedback welcome :))

I usually reserve my blog for notes on problems solved so that I have something to refer back to in future when encountering the same technical issues. I try to avoid opinions on here as they are not relevant to the context of the blog, however the recent resurrection of the plans put forward by Labour under the last Government really deserve some commentary.

At present UK-based ISP’s are required by law to keep a record of contact – ie. If I browse to www.slashdot.org then my ISP keeps a record that I have been there. The police can request information on the sites that I have been to if they approach my ISP with a warrant. The extension that is proposed will extend this to social networking sites, and the broadly scoped “new media”, and this is where things start to get a little scary. It is almost functionally impossible to gather any kind of useful data from proxy logs other than the fact that I have visited Facebook and perhaps looked at some friends pages. Beyond that you need to analyse and log the traffic much deeper.

These proposals have either not passed any kind of technical review or the plans involve some VERY deep packet capturing and logging. This would be both expensive (a cost that would be pushed to the ISP and then ultimately the consumer) and hugely impractical (the content would need to be stored by the ISP – and would require a lot of physical storage space).

In addition to this, the proposals suggest that the authorities should be able to have real-time access to data transmitted – WITHOUT A WARRANT. The Government are acknowledging that strict policy and control would be required to make this work – but who would monitor this – who would decide whether the surveillance was lawful without the need for a court to sanction it? With measures in place to permit easy access to this data it could be subject to abuse by staff at the ISP, or worse yet, unauthorised users due to improperly secured systems. I find this all deeply disturbing and prone to abuse on a Orwellian scale.

So what is the motivation for this? Allegedly this is necessary in the fight against terrorism in the UK. Something I find questionable given the number of terror attacks or even attempts in the last 5 years – just ask Wikipedia. Is it worth spending Billions of pounds and infringing the basic right of privacy of millions law-abiding British citizens to prevent a threat that it might be suggested simply does not exist? I personally think not.

And would these measures actively prevent communication between terrorists – would they actually be able to intercept valuable intelligence about these mysterious terror cells based on their Facebook activity? Do Al-Qaeda plan operations by writing on each other’s “Walls”? Are training exercises covertly carried out via Farmville? If a terrorist threat to the British way of life actually exists and terrorists are currently planning operations I would imagine they are well resourced and have taken steps to avoid detection – they are probably encrypting their email using PGP or GPG and anonymizing their web traffic using Tor or i2P. Maybe I’m drawing too much from spy novels but surely laptops and mobile devices are using full disk encryption using CryptFS or Truecrypt . I think it’s deeply naive to assume that terrorists are as incompetent as the UK Government when handling sensitive information.

So – in light of this, what can people do if they do not want every internet conversation and transaction scrutinised, logged and monitored?

1) Look into the Tor project. Onion routing has helped people around the globe living under oppressive governments to get their message out. The beauty of Tor is the more people who use it in their day-to-day activities, the more anonymous it becomes.

https://www.torproject.org/

2) Encrypt your email – look into GnuPG as a free way of doing this. If you deal with sensitive information you really should be doing this anyway. Encrypt everything you send. The source and destination of mail (headers) will still be visible to prying eyes, but the content will not.

http://www.gnupg.org/

3) Sign a Petition https://secure.38degrees.org.uk/page/s/stop-government-snooping and write to your MP.

4) Find out how they are representing your views by signing up here: http://www.theyworkforyou.com/

5) Support ORG – the Open Rights Group. The work they do is important and there are many ways people can contribute: http://www.openrightsgroup.org/

If anyone asks I’ll happily put together detailed tutorials on how to keep your private information private (see 1 and 2 above) and how these measures work.

In case you should need the Messagelabs IP’s to permit inbound traffic in firewall rules, an up-to-date list is below:

 

Subnet IP Subnet mask Net mask IP Range
62.173.108.0 255.255.255.0 /24 62.173.108.0 – 62.173.108.255
62.231.128.0 255.255.224.0 /19 62.231.128.0 – 62.231.159.255
195.216.0.0 255.255.224.0 /19 195.216.0.0 – 195.216.31.255
212.125.64.0 255.255.224.0 /19 212.125.64.0 – 212.125.95.255
216.82.240.0 255.255.240.0 /20 216.82.240.0 – 216.82.255.255
67.219.240.0 255.255.240.0 /20 67.219.240.0 – 67.219.255.255
85.158.136.0 255.255.248.0 /21 85.158.136.0 – 85.158.143.255
95.131.104.0 255.255.248.0 /21 95.131.104.0 – 95.131.111.255
117.120.16.0 255.255.248.0 /21 117.120.16.0 – 117.120.23.255
193.109.254.0 255.255.254.0 /23 193.109.254.0 – 193.109.255.255
194.106.220.0 255.255.254.0 /23 194.106.220.0 – 194.106.221.255
195.245.230.0 255.255.254.0 /23 195.245.230.0 – 195.245.231.255

Hope this is useful to someone :)

It is now possible to connect to a Windows machine running Logmein from Linux using a Java browser plugin…..unfortunately if you are using a 64-bit kernel on Ubuntu Karmic, then the java version from the Ubuntu repos is incompatible with the plugin.

To work around this, download https://secure.logmein.com/activex/logmein-client-1.0.387-1.tar.gz, and extract to ~/.mozilla/plugins/ then download and install nspluginwrapper from the repos (sudo apt-get install nspluginwrapper).  Nspluginwrapper is a tool to create a layer of compatibility for non-native browser plugins.

You can then use nspluginwrapper by using:

sudo nspluginwrapper -i ~/.mozilla/plugins/libractrl.so

Restart firefox and navigate to the logmein website again and it should work…

We have some Polycom IP 330 SIP handsets connected to a Trixbox.  Unfortunately, when using the default SIP.cfg that is downloaded via TFTP to the handsets, if the phone was off the hook (ie. a dial tone was already audible) the handsets would appear to time-out and give the message “All Circuits are Busy Now”. On looking at the call in the CLI (asterisk -rvvvv) it was apparent that only the first 9 digits were being dialled.

The solution was to edit the the /tftpboot/sip.cfg and look for the line that says:

<digitmap dialplan.digitmap=”[2-9]11|0T|011xxx.T|[0-1][2-9]xxxxxxxxx|[2-9]xxxxxxxxx|[2-9]xxxT” dialplan.digitmap.timeOut=”3|3|3|3|3|3″/>

and replace with the correct number of digits for calls in your country…

<digitmap dialplan.digitmap=”[2-9]11|0T|011xxx.T|[0-1][2-9]xxxxxxxxxxx|[2-9]xxxxxxxxxxx|[2-9]xxxT” dialplan.digitmap.timeOut=”3|3|3|3|3|3″/>

You then need to restart the handsets in order for this to work.

Ok,  so I must have not been paying attention for the last few months…..but apparently the nice Mr Reznor has released a couple of albums under a CC licence….

http://creativecommons.org/weblog/entry/8267

This is a pretty bold step forward for the music industry…..
:D

Thanks go to Simon Butler for this (aka. Sembee on Experts-Exchange or http://www.amset.info).  His resources on this helped me iron out the problems and get this working beautifully!

I’d struggled getting RPC/HTTPS working for ages using a self -signed certificate, and while it’s still recommended using a purchased certificate, I needed to get a particular user working extremely quickly – within about 4 hours.  Waiting for appropriate DNS to propogate to get the cert approved wasn’t an option so the existing self signed cert I used for OWA was the only option…

NOTE:  THIS SOLUTION INVOLVES EDITING THE REGISTRY ON YOUR SBS SERVER – USE AT YOUR OWN RISK!

First things first, the certificate needed to be installed in the Root Certification Authorities store on the client machine.  Note that adding the cert to the default store WILL NOT work.

Then create split DNS by adding the corresponding external DNS zone to your internal DNS server, and a host record for the SBS server.  Remember, if your external web site is hosted externally you need to ensure that there is an A record that points to the web servers IP address.

Next, a couple of Registry keys needed to be added (I would have never have sussed this if it wasn’t for the resources on Amset!). A reg key needs to be created on the SBS server as follows:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters]
“NSPI Interface protocol sequences”=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00, 68,00,74,00,74,00,70,00,3a,00,36,00,30,00,30,00,34,00,00,00,00,00

Copy and paste the above into notepad and save with a .reg extension, then run.  This will create a key that looks like:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters Type REG_MULTI_SZ Name: NSPI Interface protocol sequences Value: ncacn_http:6004

Next on the Exchange server (this will be the same machine if using SBS) a different registry key needs to be created:

NOTE: THIS NEEDS TO BE ON A SINGLE LINE AND EDITED TO SHOW SERVER SETTINGS FOR YOUR SERVER

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcRpcProxy]
“ValidPorts”=”server:100-5000; server:6001-6002; server:6004;server.domain.local:6001-6002; server.domain.local:6004; mail.external.com:6001-6002; mail.external.com:6004;”

Save as a .reg file and run.

Then simply configure Outlook to use RPC over HTTPS and specify the FQDN of the server.  You can test the connection by holding CTRL and right-clicking the Outlook icon, then looking at the Connection Status in the taskbar.  If it is trying to resolve the external FQDN of the server then Outlook is configured correctly. Then just ensure that port 443 on your firewall is forwarded to the SBS server….

….sorted :)

I’ve been trialling Ubuntu Hardy and been loving it.  It just seems quicker and more responsive.  Maybe thats just wishful thinking, but the boot times seem to have decreased as well….

As an add-on, I’ve installed Gnome-Do, an application that finds other applications based on a few keystokes.  Just press the “windows” key and the space bar and then type part of the name of the app you wish to launch…..

Pure Genius! :)

To install:

sudo apt-get install gnome-do

Then add it as a session using the string gnome-do-quiet to get it to launch at startup :)

I’ve just been configuring an AXIS video server that monitors one of our sites, and had a thought……I wonder how many of these cameras are publicly visible on the web (ours is hidden behind a firewall and visible over a VPN from here), so I did a quick google search with some quite cool results:

intitle:”Live View / -AXIS” reveals…..

Axis Live View