News archive February 2011 - Koos van den Hout

Archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020 | 2021

2011-02-28 (#) 10 years ago
Hmm.. lots of stuff in the configs for my asterisk systems seems to be 'organically grown' and isn't quite right anymore after upgrades on several of the systems.

Time for a cleanup, switch all trunks between asterisk servers to IAX (SIP trunks have limits when using 'known' phone user ids). And a dialplan cleanup, which script runs where and which handset can register where.

But not right now.

Tags: , ,
2011-02-28 (#) 10 years ago
Pfew.. most of the day lost to getting the Xen cluster at work working again. It's based on redhat cluster 2 and that part failed miserably. Both nodes were in a state which reminded me of a zombie cowboy: constantly shooting each other and rebooting. In the end I disabled one node physically (shutdown, removed power cables) and configured the other one to work alone. I think the cause of the problems was all virtual machines starting at once, all going intensive on their disk images via iscsi (all probably doing an fsck because of the unclean shutdown), causing delays and blocked processes, causing non-response to the cluster communications, causing the other node to fence the node, causing more problems, repeat.

Tags: , ,
2011-02-27 (#) 10 years ago
Ik heb duidelijk wat gemist: het openingsfeest van Hack42. Maargoed, ik heb andere lol gehad met een zoon die nieuwe dingen aan het leren is.

Erg gaaf dat het ze gelukt is in Arnhem om een hackerspace te krijgen met een enthousiaste groep mensen er om heen. Ik ken er een paar van en op de foto's zie ik ook de nodige bekende gezichten. Ik wens iedereen van Hack42 veel succes bij het project, veel kennis uitwisseling en heel veel toffe projecten.

Tags: ,
2011-02-25 (#) 10 years ago
Mooie visualisatie van zes maanden telecommunicatie gegevens van Malte Spitz, lid van de 'Bundesvorstand' (leiding) van partij BÜNDNIS 90/DIE GRÜNEN. Het heeft hem de nodige moeite gekost om de gegevens te verkrijgen. Een hele goede visualisatie van wat een telecom-bedrijf over je weet. En dus ook politie, veiligheidsdiensten en de boswachter.

Tags: , ,
2011-02-25 (#) 10 years ago
As part of the planned reboot on homeserver greenblatt to upgrade memory and upgrade the kernel I also disabled the last remains of my endpoint of the old IPv6 tunnel, which was my way of getting IPv6 at home from 27 September 2001 until 13 August 2010. I haven't disabled the tunnel at xs4all yet, so there is still some of that icmp6 ping traffic showing up:
tcpdump -pni ppp0 proto 41
13:54:43.835071 IP > mm.nn.oo.pp: IP6 2001:418:2007::c611:f352 > 2001:888:1011::694: ICMP6, echo request, seq 25869, length 64
13:54:46.401613 IP > mm.nn.oo.pp: IP6 2001:559:0:300::6011:9026 > 2001:888:1011::694: ICMP6, echo request, seq 31125, length 64
Let's see what happens now I don't respond anymore.

Tags: , ,
2011-02-22 Memory upgrade on the homeserver and waiting for boot afterwards 10 years ago
Memory upgrade on the homeserver greenblatt. The main reason was that the price of the right type of DIMM was slowly rising so I decided to max out the mainboard. No really good reason other than 'I may want to run multiple VirtualBox instances later'. With the reboot I also upgraded the kernel. Since the system had a high uptime things took a while: 5 minutes of actual opening the system, installing memory and closing the system and 40 minutes of watching fsck.

Tags: , ,
2011-02-22 (#) 10 years ago
Little sysadmin trick: you can prepare modules which are separate from the default modules and everything to be ready when you reboot into your new kernel so everything should be up and running right after the reboot. At least in the Debian / Ubuntu ecosystem.

I just upgraded to kernel version 2.6.24-28-server and before the upcoming reboot I did the following:

# module-assistant -l 2.6.24-28-server prepare

# module-assistant -l 2.6.24-28-server build zaptel

# dpkg -i /usr/src/zaptel-modules-2.6.24-28-server_1.4.10~dfsg-1+2.6.24-28.81_amd64.deb
So post-reboot asterisk will have everything available again. For mISDN I did:
$ make clean

$ KVERS=2.6.24-28-server make

$ sudo KVERS=2.6.24-28-server make install

# depmod modules-2.6.24-28-server -A
And everything is ready for the upcoming reboot. I hope (can't check without said reboot).
Update: Yes, it all worked.

Tags: , ,
2011-02-22 (#) 10 years ago
Found via Online Multiplayer Games On TI Calculators? - Slashdot, CALCnet Chat! v1.0: IM and IRC for Calculators. This reminded me of my own entry into the arena of chat programs: NetCB which was for MS-DOS systems with Novell IPX networking and allowed people to simply chat.

Back then there were two kinds of responses to NetCB: school networks were any use of NetCB was reason for revoking accounts and such. I have received e-mails from students have done yard-work and other cleaning for using NetCB and were proud in reporting that to me. One sample of this can be found from old discussions on how to 'police' the network in bit.listserv.novell. But I found those discussions in the academic-freedom discussion archives Electronic Frontier Foundation academic freedom discussions

On Thu, 30 Jun 1994, Gys Driessen wrote:

> Hi Netters!
> Our faculty has this year for the first time started to use our
> network for tution. Some common problems which has arisen was the
> following:

> 6 Playing of Netcb. (Chat program which runs on ipx. User does not
>   need to be logged in.)
I remember being at the Hogeschool Utrecht myself were it soon got noticed that in the lunch breaks there were people using the room with the old XT computers on the network when the room with the 16 MHz 386 power monsters was filled. The XT computers were fast enough for NetCB.

The other response was from companies and such were NetCB was welcomed. Or certain universities:
I administer several Novell Networks at The University of Alabama in
Huntsville (in the southern U.S.). NetCB use spread like wildfire. It's
easy to use. It's fun. It's helpful! Thank you for such a gem of a program.

Tags: , ,
2011-02-21 (#) 10 years ago
Causing a bit of a 'what the ?' reaction in me:
The BBC has been told that proposals to move Britain’s clocks forward to bring local time into line with most of the EC countries will be published by the Department of Culture, Media and Sport in the coming week.
I would rather have the Netherlands move to the more fitting timezone of the UK so our day is more balanced. And get rid of the insanity of 'daylight saving time' which makes it even worse.

Source: UK government to propose changing to WEu time - Media Network

Tags: , ,
2011-02-18 (#) 10 years ago
A bit of playing on a friday afternoon: getting the Nokia E71 and Asterisk to play with eachother. I needed the power of google to make it work, because you need to link a SIP profile with internetdialing before it actually works. So I used the walkthrough at Using a Nokia E71 with Asterisk (3G or WiFi) by Leif Madsen. And now the handset registers to the demo asterisk and I can play with it. Another way to drain the battery! And it allows for accessing cool asterisk tricks from my mobile phone.

Tags: , ,
2011-02-15 (#) 10 years ago
I followed a link to the Linux Call Router and found this gem on the page: which has some good descriptions of blueboxing as it was 'back then' from the European view. And the Linux call router offers the option of CCITT-5 handling. You can also download Beep-Beep on the site which is a nice software bluebox (CCITT-5 dialer) for Linux. One advantage over CAESAR which I tried before in 2008 is that it can set a sequence of multiple digits and play it at once. Which has at least one advantage: the result sounds a lot like I expect from 'phreaking' sounds. And Jolly Eversberg runs a CCITT #5 exchange which you can phreak. Indeed, "Phreaking never dies!".

Tags: , ,
2011-02-15 (#) 10 years ago
Nice article: Nine traits of the veteran Unix admin by Paul Venezia. Checking my own style:
  1. sudo versus su - .. I'm no fan of sudo command ; sudo command ; sudo command so I lean towards sudo -i which is functionally the same as su -.
  2. vim or vi. Yes. Preferably vim.
  3. greedy or non-greedy regular expressions? That is a yes.
  4. smart and robust scripts for repeating tasks are so much better. Yes.
  5. oh yes.
  6. sometimes .. although repeated questions about the system environment also mean it may be way too complicated or the communications with your users suck.
  7. oh yes. Not only in unix admin work, also in security work.
  8. not commenting on this matter. yes.. on certain windows admin work, not on user interface annoyances
  9. rebooting isn't problem solving, it's bringing a system to a known state.

Tags: , , ,
2011-02-11 (#) 10 years ago
Ik lees de laatste stunt rond de OV-chipkaart: Fout in OV-chipkaart legt NS-kaartverkoop plat - Als ik dat vergelijk met mijn experimenten met de Magna carta koffiekaart dan is de robuustheid en fraudepreventie van de koffiekaart beter dan van de OV-chipkaart.

Tags: , ,
2011-02-11 (#) 10 years ago
Interesting visual and clear IPv6 test at It makes clear how ready the infrastructure around a domain is for an Internet which prefers IPv6 or is even IPv6-only.
My domains such as test for don't score the top score because I have no secondary MX servers, which is a personal choice (to avoid spam and configuration problems).

Tags: ,
2011-02-11 (#) 10 years ago
Another bit of dhcp configuring. This time not to deny an entire subset of ethernet addresses such as the previous case of denying DHCP to an entire vendor range but this time to one specific ethernet address. Config snippets:
class "rogue-clients" {
    match hardware;

# rogue clients. Match hardware including type 1 (ethernet)
# internet connection sharing + v6 probleem
subclass "rogue-clients" 1:00:00:00:xx:aa:bb;

subnet .. {
    pool {
        range ..;

        deny members of "rogue-clients";
and the DHCPNAK and 'no free leases' messages show up as wished.

The correct notation of a 'hardware' class in dhcpd got me again on the first try: you need to include the hardware type (1 for Ethernet).

Sources: Deny DHCP Address by MAC Address? (with the WRONG notation for hardware + mac address and Problem using subclasses, getting no free leases with the right notation.

Tags: , ,
2011-02-11 (#) 10 years ago
Echte stukken BBS historie komen binnen: De Gecontroleerde BBSlijst van Nederland & Belgie, geldig: Augustus 1989 en De Gecontroleerde BBSlijst van Nederland & Belgie, geldig: Februari 1990. Mooi om te zien hoe de lijsten gegroeid zijn tussen 1989 en 1992. En ook nog uit de archieven van -.sOUNDGARDEn.- BBS.

Tags: , ,
2011-02-10 (#) 10 years ago
The Revolution Will Not Be Televised .. oh yes it will:
the revolution on Al Jazeera
Great work being done by AlJazeera

Tags: ,
2011-02-10 (#) 10 years ago
I've been mailing a few times with Varia store about parts I want to order for building project sundial, my weather station and ntp refclock. They are very good at helping me with the right case and configuration.

So one of these days I'll start ordering real hardware and this long running idea for a project may actually start to become real.

Tags: ,
2011-02-09 (#) 10 years ago
Op zoek naar een optie op de website van de politie zie ik verwijzingen naar het meldpunt cybercrime. Ik dacht even dat er eindelijk interesse voor en kennis van IT gerelateerde criminaliteit bij de politie aan het komen was maar dat valt zwaar tegen. Het 'meldpunt cybercrime' is alleen voor 3 heel specifieke gebieden van opsporing, waarvan volgens mij kinderporno gebruik maakt van IT voorzieningen en Internet, terrorisme soms ook en het verband tussen kindersekstoerisme en cybercrime zie ik helemaal niet. Hooguit dat bij een onderzoek naar kindersekstoerisme vast de computer van de verdachte onderzocht zal worden.

Maar een afdeling die snapt dat een webserver gehackt is via phpmyadmin en dat je een image getrokken hebt voor onderzoek, die is er nogsteeds niet in een voor het publiek aanspreekbare vorm.

Zolang de Nederlandse justitie zo weinig snapt van IT is er volgens mij ook het grote risico dat die onkunde doorzet in het omgaan met gegevens zoals uit het CIOT of uit de bewaarplicht komen. Waarmee niet alleen onze privacy geschonden wordt maar onkunde ook tot onterechte beschuldigingen zal leiden.

Tags: , , ,
2011-02-09 (#) 10 years ago
Always up to speed with the news, those Nigerians:
I am Mr Abdallah Kallel. former presidential adviser to the former Tunisia president ( Zine El Abidine Ben Ali) who was force out of power last month January 2011 after 23 years in Power.

I have a very sensitive and confidential request for your partnership in re-profiling funds $62.3 Million into your country for safe keeping as soon as possible.

The mail had some links to articles about the investigation into the missing millions of the former Tunesian president. Interesting term, re-profiling funds for embezzlement. Almost sounds like 'organisational restructuring' as a term for 'massive job cuts'.

Tags: ,
2011-02-09 (#) 10 years ago
I wanted a global option to deny access to any phpmyadmin url in an apache config. We are migrating long-existing websites with sometimes old content to new hardware and storage. And in the far past some people installed phpmyadmin. With good reasons back then but phpmyadmin has quite a list of security issues. They all get fixed, but we have to hunt down the old versions. So as a stopgap I want to disable all urls on all vhosts which include /phpmyadmin. Global config:
RewriteEngine On
RewriteRule /phpmyadmin - [F,NC,L]
But this isn't inherited by VirtualHosts immediately, as documented in mod_rewrite and vhosts - Apache HTTP server documentation. I need to configure each vhost to inherit the global rewriterules:
RewriteEngine On
RewriteOptions Inherit

Tags: , , ,
2011-02-09 (#) 10 years ago
Commented on A Hands On-Project - Jason Scott where I read this great comment:
Those hackerspaces look an aweful lot like the tech area of the computer store I used to work at.
by Chris M. My comment on that:
Hackerspaces are good, that is where you can go to learn about tech. And yes, they look like the back of a computer store because (in my opinion) donated old hardware is a good thing for running a hackerspace.
Yes, I was thinking of the old SGI hardware we donated from work to the future vintage computer hardware museum of hack42.

Tags: ,
2011-02-08 (#) 10 years ago
Just tested whether the Nokia E71 I use does IPv6. Yes, it acquires a global IPv6 address over wifi which can be pinged. And that is it. No application prefers IPv6, and in the first test a v6-only destination is unreachable. But.. this is an artifact of the connection manager I use (wuh?). The builtin browser can visit IPv6-only pages when I force it to use the home wifi. Normally I use a connection profile which includes 3G options and IPv6 makes the connection manager switch to 3G, with KPN not yet offering this. And dual-stack pages are still visited via IPv4. Same with putty for symbian: it only uses ipv6 when no A record is found and it can only reach the site when I force it to use wifi.

Tags: , ,
2011-02-05 Trying to understand fields in the Magna Carta mifare coffee card 10 years ago
For a while I dumped my work 'coffee card' Magna Carta mifare card every day and found where the 'last used' date is stored (record changes only once a day). But I can't think of the right encoding. So I'll post what I have at the moment, maybe someone else sees what I can't decode.
Read the rest of Trying to understand fields in the Magna Carta mifare coffee card

Tags: ,
2011-02-03 (#) 10 years ago
Ik ben blij dat ik geen """internet""" van Ziggo heb, want dat gedoe met IPv6 vinden ze daar maar overdreven:
Volgens Ziggo-woordvoerder Gradus Vos is het Ziggo-netwerk halverwege 2012 geschikt voor ipv6. Nieuwe klanten krijgen dan automatisch zowel een ipv4- als een ipv6-adres. Bij bestaande klanten gebeurt dat niet, zegt Vos. "Voor de meeste van onze klanten is het niet interessant welke versie van het ip-protocol zij gebruiken." Zakelijke klanten hebben al ipv6-routers; particulieren zijn daar zelf verantwoordelijk voor, stelt Vos. De woordvoerder geeft aan zich te ergeren aan de wijze waarop de media aandacht aan ipv6 besteden: die zou 'over the top en ongenuanceerd' zijn en onnodige onrust veroorzaken.
Bron: Laatste ipv4-blocks zijn toegewezen -

Gelukkig zit ik bij xs4all die alle klanten met xs4all-only nu al ipv6 beschikbaar heeft.

Tags: , ,
2011-02-02 (#) 10 years ago
Mocht een glasvezelaanbieder het ooit wel tot onze voordeur halen dan is een ding in ieder geval nu weer goed gekomen: BBC zenders per juni 2011 beschikbaar via glashart media en BBC zenders in 2011 beschikbaar via TV van KPN.

Tags: ,
2011-02-02 (#) 10 years ago
Usenet lives! I just saw a new posting in rec.humor.funny.

Tags: ,
2011-02-01 (#) 10 years ago
The real pain point of carrier-grade NAT isn't breaking the Internet for your customers...
Large-scale NAT could also make troubleshooting harder for the service provider and interfere with application acceleration or even targeted advertising, if an advertiser tried to build a profile based on a shared IP address.

"If the guy next to you is into hunting and fishing, and you're not, you might start seeing ads for hunting and fishing," Schiller said.
It's diluting the value of the eyeballs you are selling. Really classy, Verizon.

Source: As IPv4 disappears, transition poses hazards - Networkworld

Tags: , , ,

IPv6 check

Running test...
, reachable as PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: morenews.cgi,v 1.50 2020/12/31 15:36:31 koos Exp $ in 0.050267 seconds.