Long Term Storage

I have this fantastic server which redirects console output to its serial port and I wanted to take advantage of it.  I went through the process of setting up inittab and grub to work and then I started testing the configuration.  In Windows using Putty, everything worked fine.  As soon as I moved the cable over to the serial port of an OSSIM box, I kept getting this error.

/dev/ttyS0 is not a tty

Googl’ing around returned nothing helpful which is why I am posting this here.

I have a habit of  disabling unused peripherals when I setup a new box.  Since I rarely use Serial Ports, I disable them.  Well.. that was the problem.  The disabled serial port isn’t going to work very well for a serial connection.

Hope this saves someone some time.

Lurking in the depths of the internet is a problem. A problem so large that it is going to cost billions to fix. It will effect every device connected to the internet without exception. Every cell phone, every game console, every computer, every router/modem, EVERYTHING. And it is a secret. Well, not really a secret, just not something anyone talks about.

The problem is the language that the internet speaks, is running out of unique names. Specifically, the IPv4 address space is running out of unassigned addresses. The simply version of why this is a problem is no new websites will be able to be online. It is a lot more complicated than that and will even impact users to a degree, but that is for a different article.

This is where the 600 days comes in. By the estimates of the people who are able to do estimates, the currently unused addresses will run out in about 600 days as of the beginning of 2010. As that day approaches, you can expect all sorts of shenanigans regarding pricing and allocation decisions. It will become much much more difficult and costly to setup your own website/service.

The good news is, there is a fix. The bad news is what I was saying in the beginning. It is going to be expensive as hell and it is going to impact a couple billion devices. The worst part is, you can’t even take steps to fix this yourself right now.

The answer is a new language. Internet Protocol Version 6 or IPv6. It solves the addressing problem for a VERY long time. The current version, IPv4, supports about 4.3 Billion addresses. This is represented by 32bits or 2^32nd. IPv6 supports 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses which is 128 bits or 2^128th. This post does a good job of expanding on what this means.

Because this is a new language, this means all of the devices have to be taught to speak it.  In the vast majority of cases, this is software and could be done for free.  The problem is if you are the manufacturer of such a device, why would you provide a free upgrade, when you could sell a new device?  This is further complicated, by the fact that essentially no one supports IPv6.  The deep insides of the internet do, but the majority of the pieces that are exposed on the internet, do not.  The biggest hurdle is most ISPs (Comcast, ATT, Verizon, Charter, Cable Vision, etc) don’t support IPv6 for their users.  Even if you could go buy replacement devices or upgrades to your equipment to support IPv6, you still don’t have access to the IPv6 Internet.

During the period of overlap when not everything speaks IPv6, we will run into problems of sites only being accessible from v4 or v6.  As time progresses that will go from overwhelmingly v4 to primarily v6 and this transition will take a very long time.  The general masses are going to learn more about networking than they wanted to know out of necessity.  Where did I put that number to tech support?

TL;DR; We have 600 days to make the Internet6 accessible.  After that, things start becoming REAL complicated, real quick.

Note:  This article is meant to build awareness not be complete or thurough.  There are large gloss-overs, simplifications and omissions to keep this from being a book.

So.. it has been a month and a half since my last post.  Did you miss me?  I am guessing you didn’t even know I was here.  Did you?  That’s Ok. I don’t hold it against you.

Where have I been I see you asking.  Well, I went to Asia for a 17 days.  Found out my grand mother had a stroke and has the beginnings of dementia.  Built a new PC cause my File server died.  Reorganized my entire network.  Moved this site to a new provider and moved my old provider to a new box.  Got pulled off base work for my primary contract and added as a part time admin on a new one.  Drank beer.  Played footbag and disk golf.  Hung out with friends and enjoyed loving my girlfriend.

Let me tell you.. it has been fun.  Ups, downs, lefts, and rights.  The Grand Mother and job thing were my favorites for adding stress.

Asia.  Asia was a blast.  Anna and I were gone for 17 days.  We visited Bangkok, Phnom Penh, Siem Reap, Ho Chi Minh City, and Tokyo.  Over 3200 pictures that we are still sorting through.  When I get the pictures put up, I will.. maybe.. go into more details.

Built a new PC.  AMD Phenom 9600 Quad core, 4GB Ram, 650G HDD, Gigabyte GA-MA78GM-S2H MoBo, new case, a few fans, and a lot of time figuring out how to transfer ensure I didn’t lose my MP3 collection.

Because the file server died and I subsequently decided to not replace it with the new PC and instead am using the new PC, I had to reorganize the network.  I repurpose  my laptop for the time being to be an internal DNS server.  I purchased a Linksys WRT54G-L which I will be putting openWRT on eventually.

I run the web servers for ClanBBF which formerly was supported by a non-profit web hosting service.  The owner officially killed the web hosting portion and moved the clan site to a new box hosted by Blue Razor with a few others.  My/This site used to be on that server as my compensation for maintaining it.  The new box is much too slow, so I ponied up for an Ubuntu VPS with RapidXen.  So far, I am very happy with them.  Root 4TW!! 

During this transition to the new box, my DNS got a bit hosed up.  Much to my dismay, my registrar 1and1, was to blame and the tech I spoke with really didn’t know WTF he was talking about.  I was very close to dealing with the PITA that is transferring registrars I was so irritated with them.

At this point, my network is together, all of the websites are up and running, DNS is correct (I think), and my PC is doing fine.  Cheers to that.

Company politics is something most of us are used to and expect.  The only thing that trumps politics is the bottom line.  When the two collide, you can rest assured that foolish decisions will be made.  In simplified form, one part of the company thought they could do the job cheaper so they are taking over the base work.  My team will still be around for projects, etc.  In this change though, I got pushed over to a government contract doing some Sun Access Manager support.  Let me tell you, I now know where our tax money is going.  Today makes 15 days since I started the process of getting a very low level clearance.  If I am inferring properly from the events that happened today, the paperwork JUST got into the database.  It will still be 1-2 more weeks before I have actual access. 

Soon I will be doing some corporate PKI support and that will be good.  Just got word that a project was finally approved so that will be taking up my time as well.  Speaking of.. I should be reviewing a 200 page document right now.

More later.. I have started a list of posts that I need to make.

A nice article over at Arstechnica talking about a project some Carnegie Mellon students have been working on called Perspective.

It is a SSL and SSH security enhancement which helps prevent Man In The Middle attacks by giving you a 3rd party “perspective” of the site you are visiting.  I know you are asking, what does that mean and how is that my problem?

As this article over at TechDirt describes, the little pad lock has been one of the best things for Internet security.  Users, for the most, recognize and trust it to indicate that the site and the data about the transaction is secure.  A MITM attack is where a cracker intercepts your requests to initiate a secure connection and places them selves in the chain.  If done correctly, you, your browser, and the 3rd party have no idea that someone is listening in.  If this attack succeeds, the cracker now has access to all of the information that is encrypted which could be credit card numbers and passwords.  For you Linux/Unix users out there, SSH is susceptible to this attack as well.

The perspectives project, as they describe it, “designed Perspectives to supplement [Trust-on-first-use] applications with spatial and temporal redundancy”.  It works like this…

You visit a site which has a self-signed certificate. (Nobody wants to spend the rediculous ammount of money required to get a 3rd party signed cert.)

With out Perspectives, Firefox will give you a big warning that most users promptly ignore and select to add the exception.

Perspectives places itself in that step instead.  When you receive the public certificate of the site, perspectives goes out and queries their servers.  Their servers will then connect to the site and send back what they received.  The plugin then compares the two.  If they match, then the certificate is accepted as being valid and Fx doesn’t prompt you with the warning.

There are some additional configuration choices that can be turned on to further enhance this by requiring the signature to have been valid for X number of days.  This acts as a further validation in case the attacker is able to intercept all requests to the site.

All in all, this is yet another tool in the arsenal to keep our computing safe.  I hope that Mozilla, OpenSSL, and OpenSSH take this project to heart and integrate it into their suites as well as some large companies step up and offer their services as a notary.

You can obtain the Firefox extenstion here and an OpenSSH client here.

A few weeks ago I purchased a new video card for my laptop.  It was originally configured with an ATI x1400 and due to piss poor drivers from AMD for Linux, I decided to see how the other half lived.

I found a decent deal on a NVidia GeForce 7300 Go for my laptop, got it, installed it, and was having some artifacting.  I ignored it for a while and then I tried to watch a movie.  It was not possible. So I contacted Doug Heihn, the proprietor of TXcess Surplus and explained the situation.  He was very professional, checked to see if he had any others in stock since I still wanted the card, he did not and said that he would issue an RMA by the end of the day.

A few hours later, much to my surprise, I received an email from UPS with a return shipping label.  I was fully expecting to pay shipping back and here was a label to cover that cost.

In short, I wanted to say thanks to Doug Heihn of TXcess Surplus for his superior service and professionalism.

Thanks Doug!

If I have the need in the future, I will do business with you again.