Centroid.EU Blog(this blog is mostly encrypted - adults only)
August 24th, 2010
This story was written August 25th, 1995. Windows 95 is now 15 years old.
I never had Windows 95, 98, 2000 but skipped them all other than XP and
Windows 7. Back in 1995 I chose another true 32 bit Operating System. It
was called Linux and I got it in spite of Windows 95. I think I made the
right decision even though I switched to FreeBSD half a year later. It took
only 2 odd years after this feat that I got a System Administration position
at an ISP. I don't think I would have been a UNIX sysadmin had I installed
windows 95 back in 1995, it was a turning point.
August 22nd, 2010
Someone (tydel) made me aware of this article named
Why you shouldn't worry about IPv6 just yet. I'd like to counter-argument
this article somewhat. I'll focus on the highlights.
Cassidy says that "According to these networking experts, we're only a
matter of months, or maybe weeks, from network Armageddon".
What you have to realize
is that converting to IPv6 on the server side isn't the end of the migration.
All your customers will have to move to IPv6 as well and some will be left
behind because some owners of networks are probably a bit lazy to do a migration.
So that means that if you want to run your business online, in order to get
the full potential customer base you'll have to run IPv4 and IPv6 dual stacked
so that you can satisfy both, until everyone is speaking IPv6. And since
space is running out on IPv4 an IPv4 address may be a lot more expensive than
an IPv6 address due to scarcity. Eventually there may not be any more IPv4
addresses to give out so this is the reason for dooms day calls.
Cassidy goes on to say "In fact, IPv6 starts to look a lot like
IPv2 if you consider that the default v6 address for your machine finishes
with its MAC address".
So I'm unsure what he means to say here. Perhaps he's worried that a
MAC address is a secret thing and that if you know the MAC address you can
use the MAC restricted access point? AFAIK an 802.11 packet encrypted or not
still has 3 MAC addresses in its header (see /usr/src/sys/net80211/net80211.h)
so these aren't secret to someone close to sniffing the radio. So he has no
Cassidy goes to conclude in the second last paragraph: " Is there an IPv6
"killer app" yet for smaller networks? No. Is there any reason based on
security or ease of management - unless you're running a 100.000-seat network
or national-level ISP - for you to move up to it? No.".
I think he's wrong there. Sure there is no "killer app" unless you call
facebook a killer ap (but facebook runs on IPv4 as well). But it's especially
the small ISP's that could benefit from a migration to IPv6. National level
ISP's have huge resources and are out to compete with small ISPs and steal
their customers, and IPv6 means independence from these large networks. It
means that small ISP's keep their customers from switching to large ISP's that
have IPv6 enabled. This is a bonus. Plus, being on a small ISP means that
they give you something that the large ones don't and not usually the opposite.
August 21st, 2010
On February 24th, 2009 I blogged about the traceroute tricks. Here is the
link. I've updated
this to include IPv6 now and I've written a small hackish program that does
this as well. This took up 1.5 days of mine for a show such as this:
cordelia$ traceroute6 mimas.centroid.eu
traceroute6 to mimas.centroid.eu (2001:a60:f074::20) from 2001:a60:f074::1, 64 hops max, 12 byte packets
1 xxx.hello.xxx.centroid.eu 1.066 ms 0.269 ms 0.378 ms
2 xxx.why.xxx.centroid.eu 0.464 ms 0.503 ms 0.358 ms
3 xxx.are.xxx.centroid.eu 0.614 ms 0.658 ms 0.897 ms
4 xxx.you.xxx.centroid.eu 0.556 ms 0.361 ms 0.338 ms
5 xxx.tracerouting6.xxx.centroid.eu 0.472 ms 0.499 ms 0.411 ms
6 mimas.centroid.eu 0.3 ms 0.478 ms 0.318 ms
It's just vanity. It's a net-trick. Well at least I didn't play civilizations
and waste time. In the meantime I've learned about divert(4) sockets in OpenBSD
and even submitted a documenatation fix for pf.conf(5).
August 14th, 2010
The RH for this week is One Way Hash.
August 10th, 2010
The program in cryologd with the name of "cl" had a memory leak. It wasn't
apparent when there was little data that it processed, but with lots of
concatenated encrypted data which it decrypts to plaintext, the memory leak
was apparent. 2 lines change, here is the
August 6th, 2010
The RH for this week is Uid.
August 2nd, 2010
My dad has a mac powerbook (or macbook or something) and I tried to make it
work with my mail server. POP3 SSL worked but postfix SSL for SASL
authenticated relay did not. I use a self-signed certificate and that was
the problem. I couldn't paste the error message from the Apple Mail.app
but it said something like the remote host did not accept SSL. I wasn't
about to try it without SSL because the password is sent in the plain then.
The postfix server gave this error message:
Aug 1 22:57:42 proteus postfix/smtpd: connect from p54AAB41C.dip.t-diali
Aug 1 22:57:42 proteus postfix/smtpd: SSL_accept error from p54AAB41C.di
Aug 1 22:57:42 proteus postfix/smtpd: lost connection after STARTTLS fro
As a first diagnosis I tried the openssl s_client method to see if it can
connect to my postfix server, and it could so it must have been in the Apple
Mail. Also for self assurance it worked in Ubuntu and Windows 7 so why not
in Mac OS X Leopard.
So I did a bit of googling and learned that Apple's mail program did not accept
the certificate given to it because the hostname in the certificate was wrong
and just gave up (in the process blaming the server for giving up!). There is
a way to force it though. I downloaded the servers CA certificate file which
has a .pem extension (this is not the private key!) and double clicked on it
in Mac OS X.
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
It then asks you if you want to import this
certificate into the keychain manager and from there you can tell the system
to trust and allow this certificate everywhere. Soon after that I had to
set the outgoing mail server again in Mail.app but it worked this time and
a few test e-mails made it out SSL encrypted.
I thought I'd write this down as I'm probably going to be faced with it again
some time in the future.
July 16th, 2010
The RH for this week is Pid.
July 9th, 2010
The past few days in Germany have been hot but the nights are cooler with
mostly clear skies. This gave me an opportunity to see the ISS twice in the
late evening (around 11PM). Once it was unexpected and we weren't sure what it
was. The second time I got the data from the NASA sightings page, which
The space station looks like a flying jet but you'll notice that it doesn't
blink nor does it have red and green lights. It's just a continuous and
steady crossing of the sky mostly coming from the west towards the east.
Without the moon and planets it's probably the brightest object in the sky
as it zips at 28,000 Km/h's into the night. Anyhow it was a nice experience
seeing this (it was my first time).
July 7th, 2010
Believe it or not I have made an IRC client. It's called fire and I've
coded SSL support into it yesterday and today. The SSL functionality
seems to be stable, you can download the source code
Click here for RSS
On this day in
By clicking on the header of an article you will be
served a cookie. If you do not agree to this do not
click on the header. Thanks!
Using a text-based webbrowser?
... such as lynx? Welcome back it's working again for the time being.
Older Blog Entries
Powered by BCHS