Wow!
I received my FritzBox 7170 today, as a present from XS4ALL for renewing my ADSL subscription for another year (cheap deal — I would have done that anyway). And it totally blows away my Thompson Speedtouch!
Archive for the ‘linux’ Category
FritzBox!
Tuesday, June 23rd, 2009Obfuscate your numbers!
Sunday, June 7th, 2009Time for some silliness.
In a little over a month, I will be
years old.
What’s that, you didn’t get it? Here, I’ll repeat it for you in terms you may understand more easily:
At work, it has become a bit of a tradition that when people announce their birthday, they do so in an at least somewhat obfuscated format. Hexadecimal, binary and more obscure number formats are always popular, of course, as are silly descriptions of the form “my age is the ninth distinct biprime“. But last year I decided to take it to the next level, and write a little generator in Ruby for expressions such as the ones you see above. As you can probably guess, the expressions are generated using TeX.
You can play with it for yourself, if you want to, and also download the latest version of the code. But please be gentle with my server, as you can probably guess it’s a rather heavy application and I’m running this site on a little home PC..
Why ‘.local’ is a bad choice for an internal domain
Friday, May 15th, 2009I installed Ubuntu 9.04 on a machine at work this week, and that went quite flawlessly except for one weird little problem. I could access machines on the local network by their short name (e.g. ‘einstein’) but not by their fully-qualified domain name (’einstein.intra.local’).
Now, if it had been the other way around, the explanation would have been obvious: a missing ‘search intra.local‘ entry in /etc/resolv.conf. But being able to resolve short names but not long ones, that was a new problem for me. I used nslookup to verify that the local name server was responding correctly to both forms, and it was. But any other application, from ping to Mozilla Firefox, failed to resolve the long form.
A colleague put me on the path to the solution, however. In the zeroconf protocol, which is implemented in Linux as Avahi and on the Mac as Bonjour, the .local domain is magic and is considered a reserved name. Hence, when Avahi is running, any address resolution queries for a machine name ending in .local, are intercepted and the DNS server never gets to see them (nslookup bypasses the usual resolver API, however).
This is apparently a known issue, but it was new and quite surprising to me. I didn’t bother to investigate who is at fault here: did the zeroconf people blatantly highjack a perfectly valid namespace, or has .local always been reserved and everybody but me knew about it? Anyway, it’s fair to assume that zeroconf is here to stay now, so network administrators take note: better call your local domain something else.
Once you know what it is, the solution is easy. In my case I wasn’t interested in the functionality offered by Avahi, so I just uninstalled it (sudo apt-get remove avahi-daemon). Alternatively, here is a receipt for disabling the special treatment of .local, but keeping the rest of the daemon running.
Getting VOIP plus IP forwarding to work on the Speedtouch
Sunday, June 22nd, 2008With my subscription to XS4ALL, I received a Thomson Speedtouch 716 ADSL/Wifi router, currently running software release 6.1.9.6. Behind that router, I have a Linux server which serves as the webserver for the blog you’re reading right now, as well as my mailserver and a few other things. The Linux server also acts as a firewall for the rest of my network:
As you can see, the ADSL router and anything connected to it through the WiFi is considered untrusted: the real access point to my internal network is the Linux machine.
Among other things, the Speedtouch has the ability to support Voice-Over-IP by attaching an analog phone. Unfortunately, this functionality does not work in combination with the “assign public IP to a machine on the local network” setting. Which is a pity, because behind the router is my Linux server, running a web- and mailserver among other things, and I really want that server to have my public IP address. Partly because having the server NATted could cause problems with mail, in particular, in the sense that when I send out mail to another server, some suspicious spamblocker software may take offense if the address reported in the headers of my outgoing mail does not match my actual IP. But mostly because having a web/mail/FTP/whatever server hidden behind a NAT, just feels wrong.
Cool toy of the day: Nokia N810
Sunday, February 24th, 2008My shiny new Nokia N810 Internet Tablet arrived this week, and I like it!
(Bias alert: my friend Dirk-Jan works for Nokia in Finland as a project manager on the N810, so that made me a little more interested in this gadget than I would otherwise have been.)
Note to mail server admins: spammers lie!
Tuesday, December 4th, 2007This post is not going to contain any original insights into the spam problem, but I need to vent a bit. And, as the title suggests, apparently the news still hasn’t reached all the people it needs to reach, so maybe it won’t hurt to repeat it again.
So yesterday, as happens every couple of months, a spammer somewhere in Pakistan decided to randomly pick the mwolf.net domain as the fake ‘from’ address for his various unsavoury commercial offerings. Which means, of course, that I get a few hundred bounces from well-meaning but naive mailservers, configured by well-meaning but naive admins. (more…)
Firewall improvements from R. Scott Smith
Sunday, March 25th, 2007In response to my article about using the recent IPTables module to fight brute-force password attacks, based on an idea from Andrew Pollock, a reader worked out the idea into a complete firewall script, with configurable whitelisting, the ability to block multiple ports, and several other enhancements. Read his post for the details.
You can download his firewall script here. You can contact the author at the address meetscott at the domain netscape.net.
XS4ALL UMTS card under Linux
Saturday, February 24th, 2007It took me a while, but I got my XS4ALL UMTS subscription through their “mobile connect card”, working under Linux.
I started out, of course, with the procedure described here. That worked to the point that I was succesfully authenticated and connected to the network, but then PPPD immediately complained that the modem hung up.