Planet Ubuntu-Au

Tonight i was working on getting a client's Zimbra SSL configuration up to scratch, and found it somewhat difficult to get our server to make Qualys' SSL Labs scanner happy.  I was working from the following Zimbra wiki pages:

• http://wiki.zimbra.com/wiki/Weak_Cipher_Suites_Appear_in_Security_Scans
• http://wiki.zimbra.com/wiki/Postfix_PCI_Compliance_in_ZCS
• http://wiki.zimbra.com/wiki/Cipher_suites

It seems that as of Zimbra 8 (possibly before that?) there is no longer any need to configure jetty - everything seems to go through nginx as an SSL reverse proxy.I tried several different combinations and still kept getting insecure ciphers in the Qualys scan results until i stumbled across this nginx forum post and these certificate installation instructions.  Between them i managed to glean that:

• !aNULL is necessary to disable unauthenticated ciphers like TLS_DH_anon_WITH_AES_128_CBC_SHA and TLS_ECDH_anon_WITH_RC4_128_SHA (the latter is particularly infrequent in Google's search results).
• !eNULL is necessary to disable null encryption
• RC4 needs to be preferred over the other HIGH ciphers in order to mitigate the Beast attack (more at Qualys' page about it - although note their update about the status of RC4)

So the commands i ended up with for Zimbra were:zmprov modifyConfig zimbraReverseProxySSLCiphers '!ADH:!eNULL:!aNULL:!DHE-RSA-AES256-SHA:!SSLv2:!MD5:RC4:HIGH'zmmailboxdctl restartThis was enough to get us an "A" rating in Qualys' eyes.

The (second virtual) Ubuntu Developer Summit is being held this week. Of the many topics being discussed, I’ve come across a few that I find interesting.

Chromium as default browser

Great to see a session on this topic. I spend most of my time computing in a browser, so it’d be nice to see my favourite browser as the default. Although I have no objections to Firefox as the default, I usually download the .deb from Google on each install, mainly due to the chromium-browser package being fairly outdated. It will be interesting to see the outcome for 13.10 and 14.04 LTS.

Growing a strong translation community

I still find translations to be a core concept of the Ubuntu. No matter where you’re from, you should be able to download a copy of Ubuntu, ready in your native language.

Planning for documentation and positioning of the development release

The last cycle entailed a barrage of fireworks and cracking decisions. The standard release support cycle was halved and more effort was to be put to backporting important features and enhancements to the LTS. Although the development release, by nature, doesn’t directly affect end users, it is the test bed for what will become ubuntu+1. The quality of the development releases have been superb and I’d argue that they are much more ready for testing than where we were a few years ago.

Shaping a plan for the future of (the) Ubuntu Documentation Team

There’s a lot of computer users out there that still haven’t even tried Ubuntu. We have a more usable, sleek and fun desktop than what we did many moons ago, but the documentation of the Ubuntu Desktop is certainly an area that needs attention. We can’t just assume people know how to use the Dash, Scopes and find help. People come and go from the team and it’s time to reshape and recruit more Ubuntu Doc folks.

Desktop Unity Polish for 13.10

In most of the releases since Unity has been released (11.04!), there have been radical changes and controversial moves to the Ubuntu Desktop. It’s nice to see everything calming down and focus shifting to the little details. Probably not a thrilling session for the non-developers, but it would be nice to see what is coming up in Unity+1.

zxcvbn: realistic password strength estimation
https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

The tool:
https://dl.dropbox.com/u/209/zxcvbn/test/index.html

Another website (with added fancy CSS and colours!)

http://howsecureismypassword.net/

Typical boring Intel Password checker:

http://www.intel.com/content/www/us/en/security/passwordwin.html

Everybody knows correcthorsebatterystaple, Ironically(?) I’d hazard a guess to say that correcthorsebatterystaple has most been used so frequently recently that there’s a decent chance it has been added to a dictionary and can be brute forced.

The federal seat that I live in - Throsby - is by all accounts a very safe Labor seat. Since it was created in 1984 it has been held by Labor. The current encumbent, former union secretary Stephen Jones retained the seat at the last election with 62% of the vote after preferrences were distributed. If the expected votergeddon happens in September Throsby will be on of the few seats that Labor retains.

Which of course means that it is a treasure to be made safe against the on coming tide of voter dissent.

Or it means that it's a valuable prize in the ongoing battle between the Labor Left and Right factions.

Which do you think has happened?

Let me give you a clue. It's just on four months until polling day and the Liberal Party, National Party and the Greens have each selected their candidates for the seat. The Liberals have Larissa Mallinson, the Greens have Shellharbour Councillor Peter Moran and the Nationals have decided to field Gary "Angry" Anderson. (note no links to the others because I can't actually find any pages for them)

The Labor party?

They've only just decided whether they're going to have a rank and file vote or not.

Last friday Labor announced that the Throsby candidate would be decided by a vote between the incumbent (and left faction warrior) Stephen Jones and nurse (and right faction battler) John Rumble. No word as to when this vote is meant to occure but it had better happen soon, because frankly, if they leave it any later, they're gong to miss the election.

The infighting in Throsby has been going on for years. with member for Wollongong Noreen Hay leading the charge from the right. As with all family arguments things started nasty and have only gotten worse. Any article published by the local paper is immediately flooded with angry comments from both sides, with the occasional liberal or greens supporter deseperately trying to get a word in edge wise.

So where does that leave us, the voters in Throsby? Well, I've spoken to a number of people and frankly they are jack of the infighting. Watching the local Labor party tear itself apart isn't exactly confidence building, especially considering how Federal Labor is viewed in general. 

Who ever wins the pre-selection, they're gong to have a hell of a battle, not just against the other candidates, but the fall out from the internecine warfare that's consumed the local branches for the past few years.

Blog Catagories: Politics

Well it's been a busy week work wise and Angry Beanie wise, over all I'm pretty happy with how things are going.

I'm currently working on making some changes to the Angry Beanie site. I've already added the three latest episodes as blocks on the front page featuring HTML5 players, but I'm also looking at rebuilding the Show and Episode pages. I'm just not happy with the layouts, too busy and not exactly attractive to look at.

Aside from actually putting together the content, I have two focii for Angry Beanie. Getting more people to listen and putting together a fund raising plan that will allow me to expand what AB can do. 

On the getting more people to listen side of things, I've been playing around with how I promote each episode on twitter. I've noticed that if I include a direct link to the audio file I get a lot more downloads than if I just link to the show page. Some of those downloads seem to be bots, but a lot seem to be legitimate listeners.

On the other hand, and this has to be me doing it wrong, Facebook and Google+ just don't seem to be doing it for me. I have 23 likers for the Angry Beanie facebook page and 29 circlers of the Angry Beanie google+ page (along with 81 +1's) but I'm not really getting any interaction. I tend to suck as a community building guy I guess :)

That's it for the moment, never fear, there will be more political and technical posts coming. It's not just going to be all Angry Beanie all the time :)

Blog Catagories: angry beanie

This is more of a rambling thought flow that anything with a particular focus.

Firstly, I need to post here more often. I've gotten out of the habit of actually sitting down and putting my thoughts to paper (as it were). Mostly because I've tried to keep away from stuff that could be called recreationally enragening.

However over the past few weeks I've come to the conclusion that at times, it's actually perfectly valid to be pissed off about something that you see/hear in the media. Not over things like Tony Abbotts "women of a certain calibre" comment, honestly if I was going to get pissed off every time Abbott said something stupid then I'd have a heart attack before I was 36.

Instead it's things like the fact that the Government wants to strip away the already meager welfare provisions for for asylum seekers who have the temerity to appeal an adverse decision. Or the fact that our "progressive" Government is being made to look reactionary and right wing by the New Zealand conservative government.

Or its watching the "ER MER GERD ABC IS BIERSED!" crap that flies around. Both those who call themselves the left and those who call themselves the right claim the ABC is biased against them. 

"There are no conservative presenters on the ABC" is the cry from the right

"Why even is the IPA!" is the cry from the left.

Of course this all boiled up after the last time that Leigh Sales interviewed Tony Abbott. Because Sales didn't eviscerate Abbott and leave his bloody carcass on the floor for the forest wolves, people accused her of being the lapdog of the right (and that by no means was the worst of what she was accused of being or doing).

If you didn't like the interview, then fine, I personally thought that Abbott had been better trained for it, being able to keep repeating the same thing over again regardless of what question he was going to be asked. 

What was really incredibly galling was the stench of hypocrisy  (those in the know will recognise the phrase) over some of those who claimed to be on the left. Especially those who would take the opportunity to slam Abbott for being mysogynistic and then go on and being even bigger mysogynistic fuck knuckles by accusing Leigh Sales of orally servicing Abbott in no uncertain terms.

You don't get to do that. If you do that you lose, there is no winning and you just look like the monster browed idiot that you are.

Sigh.

As I said, this post was always going to be more a rambling thought thingy than anything else. I really do need to get back into practice.

 

Hence my unplanned optimism when I announced that LIUM 0.5 would be done by the end of last year.

I don’t know what it is that makes custom signals so complicated but it’s currently 5am and I’ve just done yet another sprint at trying to understand it, and I gather it’ll be a few more nights until I do.

Wow, just checked and it has been a while since I last posted here.

Time for another catchup.

Firstly, if you don't know already, I am now employed fulltime as a developer with Catalyst-AU (the Australian branch of New Zealand based CatalystIT). This means of course that Collaborynth is going into hibernation for now.

Secondly, Angry Beanie is putting along. With the move to full time employment, the amount of time I'm able to dedicate towards the cranky headwear is limited, however I'm starting to get on top of things I think so you should see more activity on this front with new Purser Explores The World and For Science! episodes over the next few weeks.

I'm also having another look at Radio Angry Beanie. I think there's value in the streaming format as well as the on-demand, especially when it comes to encouraging discussion around the show. It's about finding the right format to match it though.

Well that's it for now. Expect a few more posts over the next few days as I catch up with a backlog of rants and such.

Blog Catagories: angrybeaniecollaborynthwork

 

Disapointing that every single time I read an article on the NBN, the comment section is filled with people who are completely clueless, arrogantly stating facts that aren’t facts, technical ineptitude, polical bias and incompetence all around.

Source: http://simonhackett.com/2013/04/09/cd-syd-2013-problem-with-fttn/

Just to let you know I’m rearranging my github and how I code (so I can code from work) so I’ve temporarily taken down all downloads and links to github, and will hopefully be able to release the next version of lium soon.

I recently stumbled upon a couple of config options within the Zend Framework 2 Skeleton Application, in the ./config/application.config.php file that relate to config caching. The options are:

<?php return array( // These are various options for the listeners attached to the ModuleManager 'module_listener_options' => array( // Whether or not to enable a configuration cache. // If enabled, the merged configuration will be cached and used in // subsequent requests. 'config_cache_enabled' => $booleanValue, // The key used to create the configuration cache file name. 'config_cache_key' => $stringKey, // The path in which to cache merged configuration. 'cache_dir' => $stringPath, ), );

First, some background: ZF2 uses multiple config files which it merges together at run-time to build the application config. This allows you to keep your config broken up into different logical components, and provides an easy way to have environment-specific (local) config files. However, this also increases resource usage and lowers performance, since it needs to read multiple files and merge multiple complex arrays each time it runs the application.

Luckily, the options I stumbled upon are designed to help! Enabling the config caching options tells the application to save the merged config in a cache file. This replaces multiple file reads, and lots of processing, with a single file read. Enabling caching is a simple matter of setting config\_cache\_enabled to true, and specifying config\_cache\_key and cache_dir.

For example:

<?php return array( // These are various options for the listeners attached to the ModuleManager 'module_listener_options' => array( // Whether or not to enable a configuration cache. // If enabled, the merged configuration will be cached and used in // subsequent requests. 'config_cache_enabled' => true, // The key used to create the configuration cache file name. 'config_cache_key' => 'my_project', // The path in which to cache merged configuration. 'cache_dir' => __dir__ .'/../data/cache', ), );

However, there is a catch… Since it is caching the config files, any time you make changes to the config you need to remove the cache file before the application will notice it. During production this isn’t too much of a problem, since you can remember to clear the cache when you roll out a new version, but during development it’s quite annoying. Now, ZF2 comes with the facility to manage local and global config, but this doesn’t apply to the ./config/application.config.php file, which is global by default, and leaves with you with having to remember to edit the config file in production (or development)… Which is something a lazy/busy developer doesn’t really want to have to remember.

So, the problem we face is that we can enable config caching easily, but as an all-or-nothing option. Is there a way to automatically enable it for production (and clear the cache whenever we perform a code update), but leave it disabled in development?

With the help of our good friend Composer: YES!

Composer has a fantastic scripts option that can be set within your application’s composer.json file. We can use this, and a little sed magic, to automatically toggle caching on and off depending on us being in production and development mode. A basic example looks like this:

{ "scripts": { "post-install-cmd": [ "sed -i \"s/'config_cache_enabled' => false,/'config_cache_enabled' => true,/g\" ./config/application.config.php", "rm -f ./data/cache/module-config-cache.my_project.php" ], "post-update-cmd": [ "sed -i \"s/'config_cache_enabled' => true,/'config_cache_enabled' => false,/g\" ./config/application.config.php", "rm -f ./data/cache/module-config-cache.my_project.php" ] } }

Let’s break it down:

post-install-cmd tells composer what commands to run after a successful execution of composer.phar install. Since you generally run this command when you install, and update, a production application, it will trigger the two commands in production. The first command uses sed to replace 'config_cache_enabled' => false, with 'config_cache_enabled' => true, within the application config, which as you should be able to tell will enable caching. The second command will remove any existing config cache file, to ensure a fresh version of the config is cached on the next page load.

post-update-cmd tells composer what commands to run after a successful execution of composer.phar update. This command is generally run on a development installation, since you usually want the latest and greatest dependencies for testing and dev. This does the opposite of the post-install-cmd, i.e. it disables the cache setting and removes the cache file just in case one exists.

To get all this working together, I configure the cache options but leave it disabled in git and have the scripts configured in my composer.json. This means that any time it changes in development, a quick git status will let me know, and as each time I roll out updates in production I also run composer.phar install, it will automatically be enabled.

That’s basically it

With a very small amount of setup, you now have config caching automatically enabling and disabling in ZF2 via Composer.

 

Source: http://www.virtualshackles.com/99

I was quite surprised to see the recent announcement that Amazon is in the process of acquiring the social book review website Goodreads. Mainly because Amazon acquired Shelfari a couple of years ago, and it is one of the competitors to Goodreads. I’ve been using Shelfari for years, and I think it’s a fantastic website. It really helps me keep track of my books, which ones I want to read, how many I’ve read, and a number of other useful things. I’ve used Goodreads before, but I never really liked it, but since Amazon are acquiring them and they have such a massive user base I decided to take another look. Let’s face it, since it’s so popular, there must be some really good reasons to use it… right?

Note: This is purely my own opinion based on my trialing Goodreads for a short amount of time, compared with continual usage of Shelfari.

User Interface

When you log into Shelfari, you are presented with a lovely warm wood theme, with proper bookshelves, big friendly buttons, and uncluttered sections of information. Goodreads, on the other hand, feels cluttered and minimalistic, with really small fonts, and they present books in a list with lots of raw information by default. Shelfari appears to focus on your books, and tries to provide a wikipedia style page with lots of information about the book, the characters, etc. Goodreads focuses on reviews and has minimal information about each book.

Book Management

Both sites provide the ability to specify Read, Reading, and Want to Read, statuses for each book to help you categorise each of your books. Shelfari allows you to set as many as possible, so for example, you can have a book that you have Read, but also mark it as Want to Read, so you will remember to read it again. (I do this for my really favourite books, like LOTR). Goodreads however, limits you to selecting one of these options per book. So I cannot mark a book as Read, and Want to Read. I’ve either read the book, or I want to read it… but not both?? Shelfari also allows you to specify which editions of a book you own, and you can have multiples if you own multiple copies. I didn’t find a similar function in Goodreads… but it may exist?

Goals

One feature I use heavily in Shelfari are the goals. You can specify a target, such as the number of books (either total, or limit to an author/series), or number of pages read before a specific date. It then tells you if you are on pace, and you can view your progress and previous goals. The only equivalent feature in Goodreads I could find was a single function to track the number of books to read that year… it doesn’t really compare…

“What should I read next?”

This is my absolute favourite feature in Shelfari. It provides a couple of different suggestion types for books that you should read next, the categories are Friend Favorites, Recommendations, Next in Series, Favorite Authors, and Community Favorites. Although, the only two of these I really use are Next in Series, and Favourite Authors. Next in Series analyses the books you’ve read and checks the series’ that they are listed in for other books you haven’t read, and suggests them. As someone who reads a lot of series’, it provides a very easy way to see if the next book in a series I’ve been reading is available yet. I couldn’t find anything even close to this in Goodreads…

Summary

For my own personal requirements, I still prefer Shelfari. Goodreads is lacking too many of the features that I love in Shelfari, and their focus is on different things to what I’m interested in.

Background

Prompted by a request from staff at a client's head office, a couple of days ago i posed this question to a couple of the mailing lists i'm on: what is your size limit on individual email messages?

I was blown away by the speed, quantity, and quality of the responses i received from the AusNOG and SAGE-AU communities.  Within an hour i had some hard data and a useful recommendation to take to my client.

Results

I've published the statistics and the raw figures to separate sheetes in the same Google Docs workbook; a few explanatory comments about the results are necessary:

• A number of responses indicated two values, often broken down by receive/send or internal/external criteria (with the latter being the smaller).  This is indicated as "Tier 1" vs. "Tier 2" in the raw results.  I've used the "Tier 1" figure to calculate the results.
• Answers which were ambiguous or indicated no limit were not included in the calculations, nor was one answer of 5 GB, since it skewed the results unrealistically.

Statistics[1]

• Number of responses: 64
• Number of numerically quantifiable responses: 57
• Mean: 30.105 MB
• Median: 25 MB
• Mode: 20 MB
• Standard Deviation: 20.929 MB

Bottom line

I'd say that anyone using something in the range of 10 - 50 MB could consider themselves reasonably "normal"; both those figures are within one standard deviation of the mean.

Commentary

Here are some of the more interesting comments i received, along with the size they indicated.  In most cases, these are direct quotes, but i've edited them for spelling, clarity, and punctuation where necessary.  I've highlighted two responses that i found striking, given their closeness to the actual results.  (I also suggest reading the AusNOG discussion - both threads - some excellent points were made.)

Size(s) Comments 8 If people need to send more than that, email is the wrong answer. 15 We've found in the past increasing above 15 MB resulted in a large number of bounce backs for organizations rejecting messages that were too large being sent to them. The biggest issue we have is explaining this to our customers and them believing it. Mainly because they don't understand that a simple 8 MB JPEG can blow out to 20-25 MB because of mime encoding etc. We try our best to advise them of this, we do get quite a lot of arguing and feedback requesting we increase it anyway. However, slowly they're realizing: when their large messages start bouncing back they ask us to set the limit back to what it was before. 25 I imagine a general consensus will be 25 MB upper limit due to Google Apps. 25 Most of my clients have gone Google Apps. 30 Our general view is that if a limitation is lower than what a customer gets on gmail (which is currently 25 MB) and related free services, then you will need to support at least that limit. A limit of 30 MB doesn't have to be in place long before user actively notice that the limits are typically elsewhere, and start talking about how good their system is. Non-technical high-ups will struggle with paying for a business service that offers less than their personal accounts. 30 Microsoft did a risk assessment for us and noted that having large message sizes and large mailbox sizes (10G to 60G) is a high risk. 40 ... and we still get complaints. 50 People still run into [our limit.  We] had 'someone's IT guy' tell us the 'industry standard' was 10 MB. I expect you're getting a wide range of answers, and that there really isn't an 'industry standard'. 50 Unfortunately, I still get called every time an email bounces due to remote size limits. 100 We didn't see any notable impact because of this change [to 100 MB], no delays, additional load or problems caused by the larger emails. Note: These clients had 20, 50, 100meg or faster Internet pipes. 5? I’m actually looking at reducing email size limits to force users into using technologies designed for file sharing and governance – Sharepoint, Skydrive Pro, etc. Reducing limits to 5 MB has all sorts of flow on effects: not even talking about freeing up link bandwidth, Exchange store sizes, etc. I’ve found that email enables poor habits. Emailing a 10 MB doc to the user 2 rooms down via a hosted exchange? Floods the link twice, plus stores the attachment in your local OST, the recipients local OST, and two copies in the exchange store. Now, modify it, and send it back. Ouch. 20? If I had to pick a single size that's used, it would probably be 20 MB - but there's no end of variation. 10 MB is common, although mainly for historic reasons, and the number of people with such a low limit is dropping. 25 MB and even 50 MB aren't uncommon. 100 MB is rare, but out there - mainly in situations where mail is being sent to a specific recipient and they have also upped their [overall] limit. I've even seen one company who wanted their limit set to 1 GB... unlimited/10 I can not express enough the frustration in a customer saying they want to send a bigger email and wanting us to up our limit, explaining the internet is just too hard a task sometimes. In one specific case it was an 11 MB email, the customer response was "It's only an extra 1 MB can you just let it through this once", so I pointed him to an SMTP with no limit on it; next day he is forwarding a bounce back from the receiving end who blocked him based on size. Decision

For those who are interested in the decision: my client and myself were both previously part of the "10 MB is the industry standard" camp, but found the argument about gmail compatibility compelling, and have decided to increase to 25 MB, much to the delight of the staff member pushing for the change.

Notes

1. Disclaimer: I am not a statistician; this is not a scientifically- or statistically-valid survey; all online polls are inherently bogus due to the respondents self-selecting; i have no idea whether this sample is statistically significant or valid; i did not attempt to authenticate or validate the responses in any way; YMMV; no warranties expressed or implied, etc.

OpenShot Kickstarter:

Congratulations!
You are now an official backer of OpenShot Video Editor for Windows, Mac, and Linux. Time to tell the world about it!

http://www.kickstarter.com/projects/421164014/openshot-video-editor-for-windows-mac-and-linux

Dispelling FUD about Ubuntu:
http://www.datamation.com/open-source/dispelling-fud-about-ubuntu-1.html

TeamViewer v8:
http://www.teamviewer.com/en/download/linux.aspx

Internet Census 2012: Port scanning /0 using insecure embedded devices
http://internetcensus2012.bitbucket.org/paper.html

Putting Dell’s Ubuntu Ultrabook to the test
http://www.h-online.com/open/features/Putting-Dell-s-Ubuntu-Ultrabook-to-the-test-1824327.html

Smart Guy Productivity Pitfalls
http://bookofhook.blogspot.com.au/2013/03/smart-guy-productivity-pitfalls.html

 

Last night saw another episode of For Science! released.

We spoke about the child who appears to have been "functionally cured' of HIV, a new form of locomotion for robots, bacteria from Lake Vostok, Mars and cloning.

You can find the MP3 here: http://angrybeanie.com/sites/angrybeanie.com/files/media/For_Science_-_Episode_8.mp3

The RSS for the show can be found here: http://feeds.feedburner.com/angrybeanie/ForScienceMP3

For the next episode we're going to be doing a bit of a special How Things Work. This one's going to be looking at how science works.

 

Blog Catagories: angry beanieforscience!

This is a pretty easy fix as follows

# chmod u-w /usr/bin/kismet*
# chmod u+s,o-r /usr/bin/kismet_capture

Now you should be able to run kismet now under standard user accounts.

So if you haven't been following what I do over at Angry Beanie then you will have missed the bit where I blogged about raising funds to grow AB to something more than just me in front of a microphone.

Basically it boils down to this.

• I need to upgrade the gear I use to record
• I want to cover Angry Beanies running costs
• I want Angry Beanie to be a source of great content
• I want to be able to pay people to produce this content

The first step I've taken in this is adding a paypal subscription thing to the site. This gives people the option to setup a regular payment of $2.50, $5.00 or $10.00 per month depending on how nice they feel :)

In terms of funding targets I have two:

• Hosting and running costs ( Infrastructure and Skype for a year): $500.00
• Production Setup: $2034.00
  • Production specific laptop (MacBook Pro 13 Inch 2.9Ghz): $1689.00
  • 2 x Condenser Microphones (Behringer C-3 Condenser Mic): $180.00
  • Small 4 port USB Mixer (Behringer QX1202USB): $165.00 

I also want to setup a content fund, something that can be used to pay excellent people to generate excellent content, but that's for a seperate post.

So with the two goals in mind I'm now looking at going the crowd funding road. Something via indiegogo or kickstarter. This of course brings up the whole thing of planning such a campaign. What incentives can a podcasting site offer to potential contributers? How much should I ask for? And most importantly of all, will it actually achieve anything?

If you've been involved in a crowd funding campaign before I would love to hear from you, and if you simply want to support Angry Beanie, then visit the Support page and eaither donate or pick up some natty Angry Beanie merch.

Blog Catagories: angry beanie

Starting on Monday I'm going to be joining the team at Catalyst IT Australia as a Drupal developer. This is going to be a full time position so there are going to be a few changes.

Firstly, this means that I'm going to be in Sydney 5 days a week, so if anyone wants to catch up for lunch then feel free to ping me :)

Secondly, it means that Collaborynth is going to go on a hiatus. To be honest there hasn't exactly been a huge amount of work at the moment, so I won't be taking any new clients. However for those people I'm already working with, I see nothing that will conflict with my new employment circumstances so that should be fine.

I'm still going to forge ahead as much as possible with Angry Beanie. This means Purser Explores The World and For Science! will continue on as they are, and I'm still looking at developing new shows for the site.

I'm actually quite excited about working with Catalyst. They are a massively supportive company when it comes to Free and Open Source Software, and the people I know from the New Zealand office are both excellent developers and wonderful people.

Blog Catagories: workemploymentangry beanie

Below is a way to connect your clients like smartphone, laptop, etc to the Internets while you are out and about connecting to random WiFi networks etc like Mac Donalds, and to help protect yourself while on them unknown networks with unknown users

Install mppe kernel support

# modprobe ppp-compress-18

Install PPTPD

# apt-get install pptpd

Configure IP Address Range
Edit the file /etc/pptpd.conf for the IP address range

localip 172.16.100.1
remoteip 172.16.100.200-250

restart pptpd to activate changes

# invoke-rc.d pptpd restart

Adding users accounts
Edit the file /etc/ppp/chap-secrets

test_user * lamepassword *

The above will give you a working PPTPD where your able to connect to securely but you’ll most probably can’t connect to the outside network.

To allow you PPTP clients access to the big bad internet

Enable IPv4 forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

Finally configure your iptables

iptables -A INPUT -i ppp+ -j ACCEPT
iptables -A OUTPUT -o ppp+ -j ACCEPT
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE

If you want all traffic to go through the PPTP connection
Edit the file /etc/ppp/pptpd-options and change

# Debian: do not replace the default route
nodefaultroute

to

# Debian: do not replace the default route
#nodefaultroute

and don’t forget to restart pptpd

Reference
Debian pptpd HOWTO
IP Chicken