Been doing lots of VPN setup and configuration lately, especially inside of Amazon Web Service (AWS) Virtual Private Clouds (VPCs.) They have a built-in VPN capability using IPSec but it generally seems specifically focused on device-to-device (D2D) configurations. Depending on the need I have turned up StrongSwan and/or OpenVPN as a solution.
OpenVPN has an advantage of being able to do SSL VPN on 443 making it look exactly like HTTPS web traffic (effectively making it unbreakable by network administrators.) Things like proxy-servers don’t even know you are creating a VPN tunnel. However, on Windows OpenVPN client software has to be installed to use it.
StrongSwan is a IPSec VPN option that works well with existing P2P VPN systems. The native Windows VPN tools work out of the box with a standard StrongSwan configuration (as long as your certs have been signed by a trusted CA.) Performance is also very good.
So far, I really really like OpenVPN as once it is configured it works everywhere, regardless of network policy or ISP limitations. Linux Network Manager has built in support for it making is very very easy to configure clients to use it as well. That said, for IPSec configurations needing to connect to Windows Clients; StrongSwan has been my go-to solution.
Useful links follow:
Linux StrongSwan Server
Workstation StrongSwan Setup/Install Client
OpenVPN on Ubuntu
My home configuration has two Planar 20″ monitors as my primary display. They have worked fairly well with the exception that any sudden change in input signal seems to cause them to freak out and changed their sync levels to non-standard ranges. Resetting them is the fix but Planar is kind enough to NOT mention how to do that in any of their documentation. So, for the benifit of mankind here is the process for resetting a Planar PL2010MW to factory default>
Unplug the monitor. Counting from the left, there are five buttons on the bottom of the monitor (the right most being the power button.) Press the second and fourth buttons from the left and hold them down while plugging the monitor back in. Count to five, and release.
Other models of Planar use the second and third buttons with variations of releasing immediately after plugging in; or waiting until the main power light turns green. In addition, if you are using some versions of Linux you may have to restart X before you see the minor in your hardware setup.
I have a family member who recently said to me that if I posted pictures of them on Facebook, they would stop speaking to me. This, entirely understandable, concern stems from their conscious concern that personnel information collection by large companies has a tendency to be abused. Once you have surrender your privacy it is nearly impossible to get back.
What made the conversation stand out to me wasn’t their “fear” of business; but that this particular family member is one that inherently trusts government to solve this (and many other) issues. There seems to be a fundamental disconnect between the perceived danger from business and the real danger of government.
Coca-cola cannot force my soda consumption (or limit the size of my cup.) Google cannot regulate which sites I am allowed to visit, or what the content of those sites can be. Phillip-Morris is entirely unable to limit the extent of my free speech by defining who is, or is not, a “legitimate” reporter. And while Facebook may want to use your personnel information to sell you crap, or profile you activities; it doesn’t have the ability levy punitive damages, listen in on any phone conversation you have ever had, or target you with a drone strike.
One’s personnel privacy should certainly be protracted, but a healthy fear of the abuse of capitalism should always be tempered with a real fear of the only institution that has the ability to use force against us. An institution that has demonstrated time and time again that it abuses that force to the detriment of both our privacy and our liberty.
Once again my desktop has become to cluttered with links. Here are some of the ones I have been using the last couple weeks.
- Vim Cheet Sheet – A short list of useful Vim commands & short-cuts.
- Vim copy and past commands – Setting blocks, yank, paste, cut, etc.. in vim
- Vim word completion – Found this more useful after binding it the completion command to the tab key (aka bash mode.)
- Remove unwanted spaces – Because some “people” think using spaces instead of tabs is a good idea.
- Accessing the System clipboard in Vim – Because Vim registers do not necessarily map to the OS clipboard. The quick summary is that I would strongly recommend putting the following alias in your .bashrc if type “gvim” > /dev/null; then alias vim=”gvim -v”; fi then make sure you have gvim installed.
- Using Vim Registers – Actually using the registered mentioned above.
- Pasting in Visual mode – Using registers is great but not really useful if you keep having to switch back to command mode to use them.
- Singing with Sinatra Pt. 2 – Sinatra is a ultra simplified application server environment for Ruby. Think Rails only about 1/10th its size. This was the best of the tutorials I found for it.
- Thin Server Production and static files – This little blurb was something I caught on StackOverflow and knew I would need for later as our production system is running into the same issue.
- fpm (freggin package manager) – Tool for creating deb/rpm packages from lists of filesystem files. Particularly useful for gem files (it even has it as an option.) I am in the process of moving over my existing ruby build scripts over to fpm.
- Creating Meta Packages – Meta packages are simply empty deb packages that contain nothing but a list of dependancies. This way you can create a batch of files to be installed for a given purpose (like installing KDE Desktop.)
- equivs-control man page- Used in the creation of Meta packages
- Binary Package building tutorial for Debian – The deb build package environment basically builds itself around have source for all software. This is a problem for packaging non-open source programs that don’t provide a source. This is a tutorial for how to do it.
- Template Changes file – Debian apt repositories generally work with .changes files to actually publish their packages. This is an example of a changes file for the package dpkg-ruby.
- Create you own apt repository – Includes information on upload support (which uses changes files mentioned above.)
- Creating a basic Ruby application structure – How to create you base dependencies, directory structure, and file-system layout for a base Ruby project.
The dynamic device interface for Linux is called udev. Generally it works without complaint or frustration but it does have some interesting side effects if you are doing more involved system configuration. The one that tripped me up today is that udev keeps a record of every nic card that has been dynamically created during it’s lifetime. For example, if you are using wireless USB nic (see my post yesterday) and you plug in a different one than you used before; the new nic ID is going to be wlan1 instead of wlan0. Generally nobody would care; but in this case I did. Thankfully modifying these records is pretty easy. The device history is stored in /etc/udev/rules.d/70-persistent-net.rules and can be modified by hand. Just change the wlan1 to wlan0 and delete the other entry.
Once again, text file configuration is FREAKING AWESOME!
Wireless configuration on embedded Linux systems has been pretty well documented for a while now. If you are running a Desktop version of Linux then the probability of your wireless device being supported (either natively or through the WindowXP visualization layer NDIS) is likely to be transparent to you. The situation is slightly different when you enter the embedded side of Linux where non-native driver support is really not an option. That said, I have fallen in love with the Edimax Technology wireless USB nic (it uses the RealTek chipset) because they are smaller than my thumbnail, work with any Linux distribution you can think of (even Raspberry Pi), and cost about 10 bucks. Heck, they even support 802.11n. To get this thing enabled/working on Debian from the command-line has been pretty simple.
apt-get install firmware-realtek
ifconfig wlan0 up
Then iwlist wlan0 scan will show you a list of the available wireless networks. Basically apt-get download the drivers, modprobe installs the the drivers, ifconfig turns on the wireless device (otherwise you get a wlan0 Interface doesn’t support scanning : Network is down when you try to scan the. Not exactly the best error message, but anyway…
I found this stupidly useful shortcut inside of cron. Generally crontab entries look like this:
* * * * * username dosomething
With the * corresponding to minute, hour day of month, month, day of week. But cron also has a couple shortcuts that are useful for general system maintenance. Specifically @reboot which replaces ALL of the “*”‘s and will be run after each system reboot. There is also a system wide directory under /etc called cron.d which is wonderfully useful for package management because you can drop custom package cron jobs into the directory without directly editing the crontab file.
All of this information is well know among the Unix community as a whole and fairly well mentioned is about 10,000 different places. Here is something that isn’t quite as easy to find but still ends up being pretty important…
File entries in cron.d cannot have a period in their name…. no file extension… no period separator… NOTHING… otherwise cron simply doesn’t run the file!!!
I just about killed myself debugging this one over the last two days. </crying> Now if you will excuse me, I am going to drink my body weight in beer.
My first reading of the http 2.0 draft proposal left me with the feeling that they were trying to address issues that are not really problems. At least, not a problem unless you happen to be someone like Google or Cisco. Part of what has made the internet so ubiquitous is the easy ability for people to see and understand the basic underpinnings of how everything works. For example, I challenge you to find a developer who didn’t start their career by right-click -> View Source’ing a website. This is the very same reason that exceedingly popular web specifications are commonly NOT industry specifications. For example something like XML is so obnoxiously complex and excessive that it often seems like the only companies using (and making money) of such technologies are large institutional players like Oracle and IBM. Instead start-ups, innovation creators, and entrepreneur continually choose things like JSON because it is simple and easy to make robust. Honestly, I don’t know a single developer using AJAX that actually uses XML (the X in AJAX) because all it does is add size and complexity.
If you get the chance please read this great post by The Accidental Businessman. It does a good job of explaining some of the issues I see in http 2.0 and what we are loosing by making a more “computer focused” internet.
If you are a command line junkie, you really need to check out @climagic on twitter. Some days are better than others but I am constantly amazed at what is possible in bash/csh. That said, here are a couple commands I have needed recently, many will be worthless to anyone else but oh well:
- ar vx mypackage.deb – Unpackage a Debian binary install package. The result is actually three tar.gz files
- dpkg -l – List all installed Debian packges on a given system.
- dpkg -c mypacakge.deb – List all files provided by the named Debian package.
- hub pull-request -i 123 -b account/project:master -h account/project:branchtomerge – hub is a github utility that allows you to use some github functionality directly from the command line. The preceding command will issue a pull request for branchtomerge into master and even tie the request to a given issue number (in this case issue #123.)
- echo $(sha256sum $DEB | cut -f1 -d’ ‘) $(ls -l $DEB | cut -f5 -d’ ‘) $(basename $DEB) – This command creates the package hash structured named used INSIDE of Debian changes files. Using the same command with (sha1sum|md5sum|sha256sum) will provided all three needed package id’s. The reason this is useful is when you need to recreate a changes file without the original source package. The rest of the file is fairly straight-forward but the signed package section has to absolutely precise. Also check out this link for more information.
- asciiquarium – OK, you might have to install this one first, but it is a full aquarium in ascii characters, including sharks that eat the fish. Submarines, fishing hooks, and even the lock ness monster.
- grc tail -f /var/log/maillog – Note to self, I need to make an rpm for this package. grc is a generic colorizer for other command line programs that don’t use color by default (like tail, traceroute, syslog, etc…)
- isohybrid -h 64 -s 32 mycdimage.iso – Adds a simple filesystem layout to a standard iso image so it can be written to USB drive as well as an regular CD. Really useful for building custom Linux CD/USB images.