Centroid.EU Blog

(this blog is mostly encrypted - adults only)

Previous Page

Random Hackepedia

August 28th, 2010

The RH for this week is manual.


Windows 95 turns 15

August 24th, 2010

This story was written August 25th, 1995. Windows 95 is now 15 years old. I never had Windows 95, 98, 2000 but skipped them all other than XP and Windows 7. Back in 1995 I chose another true 32 bit Operating System. It was called Linux and I got it in spite of Windows 95. I think I made the right decision even though I switched to FreeBSD half a year later. It took only 2 odd years after this feat that I got a System Administration position at an ISP. I don't think I would have been a UNIX sysadmin had I installed windows 95 back in 1995, it was a turning point.


Worry about IPv6?

August 22nd, 2010

Someone (tydel) made me aware of this article named Why you shouldn't worry about IPv6 just yet. I'd like to counter-argument this article somewhat. I'll focus on the highlights.

Cassidy says that "According to these networking experts, we're only a matter of months, or maybe weeks, from network Armageddon".

What you have to realize is that converting to IPv6 on the server side isn't the end of the migration. All your customers will have to move to IPv6 as well and some will be left behind because some owners of networks are probably a bit lazy to do a migration. So that means that if you want to run your business online, in order to get the full potential customer base you'll have to run IPv4 and IPv6 dual stacked so that you can satisfy both, until everyone is speaking IPv6. And since space is running out on IPv4 an IPv4 address may be a lot more expensive than an IPv6 address due to scarcity. Eventually there may not be any more IPv4 addresses to give out so this is the reason for dooms day calls.

Cassidy goes on to say "In fact, IPv6 starts to look a lot like IPv2 if you consider that the default v6 address for your machine finishes with its MAC address".

So I'm unsure what he means to say here. Perhaps he's worried that a MAC address is a secret thing and that if you know the MAC address you can use the MAC restricted access point? AFAIK an 802.11 packet encrypted or not still has 3 MAC addresses in its header (see /usr/src/sys/net80211/net80211.h) so these aren't secret to someone close to sniffing the radio. So he has no point really.

Cassidy goes to conclude in the second last paragraph: " Is there an IPv6 "killer app" yet for smaller networks? No. Is there any reason based on security or ease of management - unless you're running a 100.000-seat network or national-level ISP - for you to move up to it? No.".

I think he's wrong there. Sure there is no "killer app" unless you call facebook a killer ap (but facebook runs on IPv4 as well). But it's especially the small ISP's that could benefit from a migration to IPv6. National level ISP's have huge resources and are out to compete with small ISPs and steal their customers, and IPv6 means independence from these large networks. It means that small ISP's keep their customers from switching to large ISP's that have IPv6 enabled. This is a bonus. Plus, being on a small ISP means that they give you something that the large ones don't and not usually the opposite.


Stupid Nettricks

August 21st, 2010

On February 24th, 2009 I blogged about the traceroute tricks. Here is the link. I've updated this to include IPv6 now and I've written a small hackish program that does this as well. This took up 1.5 days of mine for a show such as this:

cordelia$ traceroute6 mimas.centroid.eu 
traceroute6 to mimas.centroid.eu (2001:a60:f074::20) from 2001:a60:f074::1, 64 hops max, 12 byte packets
 1  xxx.hello.xxx.centroid.eu  1.066 ms  0.269 ms  0.378 ms
 2  xxx.why.xxx.centroid.eu  0.464 ms  0.503 ms  0.358 ms
 3  xxx.are.xxx.centroid.eu  0.614 ms  0.658 ms  0.897 ms
 4  xxx.you.xxx.centroid.eu  0.556 ms  0.361 ms  0.338 ms
 5  xxx.tracerouting6.xxx.centroid.eu  0.472 ms  0.499 ms  0.411 ms
 6  mimas.centroid.eu  0.3 ms  0.478 ms  0.318 ms

It's just vanity. It's a net-trick. Well at least I didn't play civilizations and waste time. In the meantime I've learned about divert(4) sockets in OpenBSD and even submitted a documenatation fix for pf.conf(5).


Random Hackepedia

August 14th, 2010

The RH for this week is One Way Hash.


Cryologd fixes a memory leak

August 10th, 2010

The program in cryologd with the name of "cl" had a memory leak. It wasn't apparent when there was little data that it processed, but with lots of concatenated encrypted data which it decrypts to plaintext, the memory leak was apparent. 2 lines change, here is the source.


Random Hackepedia

August 6th, 2010

The RH for this week is Uid.


SSL_accept error from host: -1

August 2nd, 2010

My dad has a mac powerbook (or macbook or something) and I tried to make it work with my mail server. POP3 SSL worked but postfix SSL for SASL authenticated relay did not. I use a self-signed certificate and that was the problem. I couldn't paste the error message from the Apple Mail.app but it said something like the remote host did not accept SSL. I wasn't about to try it without SSL because the password is sent in the plain then. The postfix server gave this error message:

Aug  1 22:57:42 proteus postfix/smtpd[12251]: connect from p54AAB41C.dip.t-diali
Aug  1 22:57:42 proteus postfix/smtpd[12251]: SSL_accept error from p54AAB41C.di
p.t-dialin.net[]: -1
Aug  1 22:57:42 proteus postfix/smtpd[12251]: lost connection after STARTTLS fro
m p54AAB41C.dip.t-dialin.net[]

As a first diagnosis I tried the openssl s_client method to see if it can connect to my postfix server, and it could so it must have been in the Apple Mail. Also for self assurance it worked in Ubuntu and Windows 7 so why not in Mac OS X Leopard.

So I did a bit of googling and learned that Apple's mail program did not accept the certificate given to it because the hostname in the certificate was wrong and just gave up (in the process blaming the server for giving up!). There is a way to force it though. I downloaded the servers CA certificate file which has a .pem extension (this is not the private key!) and double clicked on it in Mac OS X.

smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
It then asks you if you want to import this certificate into the keychain manager and from there you can tell the system to trust and allow this certificate everywhere. Soon after that I had to set the outgoing mail server again in Mail.app but it worked this time and a few test e-mails made it out SSL encrypted.

I thought I'd write this down as I'm probably going to be faced with it again some time in the future.


Random Hackepedia

July 16th, 2010

The RH for this week is Pid.


Watching the ISS

July 9th, 2010

The past few days in Germany have been hot but the nights are cooler with mostly clear skies. This gave me an opportunity to see the ISS twice in the late evening (around 11PM). Once it was unexpected and we weren't sure what it was. The second time I got the data from the NASA sightings page, which is found here.

The space station looks like a flying jet but you'll notice that it doesn't blink nor does it have red and green lights. It's just a continuous and steady crossing of the sky mostly coming from the west towards the east. Without the moon and planets it's probably the brightest object in the sky as it zips at 28,000 Km/h's into the night. Anyhow it was a nice experience seeing this (it was my first time).


Next Page


RSS Feed

Click here for RSS

On this day in

Other links

Have feedback?

By clicking on the header of an article you will be served a cookie. If you do not agree to this do not click on the header. Thanks!

Using a text-based webbrowser?

... such as lynx? Welcome back it's working again for the time being.

Older Blog Entries

Powered by BCHS