Older blog entries for wardv (starting at number 21)

7 Sep 2002 (updated 8 Sep 2002 at 21:07 UTC) »
IPSec

So now the IPSec tunnel I've been working on finally works. In the end we ditched the Symantec Firewall/VPN appliance 200, got a Cisco 1710, and it worked at once.

Frustrating. I am not happy with these Symantec things. They are really OEMs of a company called Nexland, and I suspect they are built on FreeSWAN - the log entries are identical, so...

But try to connect them to a Checkpoint FW/1 NG on the other side, and you can't even get the IKE to work properly. Connect them to a Cisco on the other side, and all seems to work (pinging through the tunnel works fine, etc), until you send some larger http packets, at which point the Symantec doesn't encrypt them properly anymore, the Cisco logs lots of errors when trying to decrypt them, and you get serious packet loss. Tunnel unuseable. Symantec posted a firmware update for the thing on August 26th, which has lots of bugfixes for things that sound rather serious. Even one to do with large packets. But it didn't fix this problem.

If this had been a GNU/Linux box with FreeSWAN, I wouldn't have lost as much time, I think. Hmmmm. I'll think twice before considering using these yellow boxes ever again.

Cisco

I must say I've refreshed my knowledge about Cisco a bit with all this IPSec stuff. One of the more curious things I found out is that Ciscos work with standard PC RAM. Or at least the (old-ish) 3620 that I was using works just fine with old 'Compaq' 72 pin RAM. Interesting.

Brighton

I'm leaving coming Monday, to spend some days in Oxford/London, and then move to Brighton with my alter ega. Can't wait! That same day I have an interview at the university - still looking at that MSc in Science and Technology Policy (STP). I hope I'll be accepted - if not I'll have to find something else to do!

1 million dollars

Someone donated 1 million dollars to Duke University to fight abusive copyrights. Now that's good news. The person is 'anonymous' - but if you add 1 and 1... Where is Duke University? Durham, North Carolina. Where is RedHat? Right, Raleigh, North Carolina. That's really close. Well maybe it is a coincidence...

Microsoft

Our good friends in Redmont are mystified about a mysterious wave of successful breakin attempts to Windows machines of all kinds that do not appear to be the result of a worm or virus. Backdoor, anyone?

26 Aug 2002 (updated 26 Aug 2002 at 22:51 UTC) »
IPSec

So I've been playing with IPSec lately. More specifically with a Symantec Firewall/VPN appliance 200.

The good
It boots blazingly fast (3 seconds).
It has a nice web interface.
I suspect it's built on Freeswan.

The bad
It doesn't interoperate well with other IPSec implementations. With FW/1 4.1 alledgedly it works, but I can assure you that with FW/1 NG it doesn't. A VPN between two of these beasts works just fine as well, of course. It also seems to work with a Cisco router on the other side.
It's a 'black box' - well technically a yellow one. The logs are not very extensive, and the web interface, however nice, gives me a limited feel. I guess I just want a prompt, I'm a bit oldfashioned.

Cisco

Setting up a VPN tunnel through a NAT device (in this case a Cisco 827) turns out to be slightly troublesome. The problem is the Port translation done by the NAT - IPSec doesn't really like that. But here's an article that tells you which line to add to your config to make it work. Beware, however, you might need to update your IOS....

Life, the universe,...

Last week at work. I'm getting my paperwork together for my application to the University of Sussex. It's complicated and involves translations of my diploma and transcript. I also need references - luckily I have built enough social capital to get a few of those.

22 Aug 2002 (updated 7 Sep 2002 at 08:43 UTC) »
Brighton

I'm going to move pretty soon now. I'm excited - most of all to see my alter ega again. I'm looking at studying now, there's an interesting MSc in Science and Technology Policy (STP) there that I am going to apply to.

Job

It's official now, I have resigned. It's a shame, I will miss my colleagues, the good atmosphere, and the cool job at ba.be. And the domain name, of course :) But the future lies before me, and the coming year, I will be in the UK!

Homewall

Homewall, our trustworthy home server, has been working wonderfully since December 4th 1999. It was a Redhat 6.2 box with some firewalling and the usual other things. A couple of weeks ago I have rebuilt the software from scratch - now it runs a nice Debian Woody. This box is a good example of cooperation between me and my dad - he built the electronics to have it switch on automatically as soon as there is traffic on the LAN, and I did all other software bits. And it works just perfectly and independantly.

Sysadmin interview

After reading an ask slashdot about how to interview a sysadmin candidate, I took the brainbench general linux administration test again. Scored somewhat higher than last time - now I am in the top 4 percentile :)

The comments on the ask slashdot piece were quite interesting - especially since I might be doing some interviews soon. Anyone remember corewars? Now that was a cool game! I haven't played with robocode yet, but it looks like corewars' modern day's equivalent....

11 Aug 2002 (updated 11 Aug 2002 at 15:46 UTC) »
Brighton

So now that we have found a place to live, all that is left is something to do. Life is very expensive in the UK - at least compared to our side of the channel - so I will need some source of income. The job I had been hoping to get fell through, so it's back to searching. Maybe I should go study again - there are excellent artificial intelligence masters at the University of Sussex.

Switzerland

Here I am, on a mountain above Montreux. The weather is terrible - we're in the clouds and it rains all day. Like it has for the most of the last two months, I have been told.

The little internet cafe I set up here still works like a charm. Next summer we'll actually hook it up to a broadband line which will be much better. I'll need to rewrite my software but that's ok.

Life

It's hard to be over 9000 km from the person you love. I can't wait until September.

Brighton

I spent this weekend in Brighton looking for a home. It was the hottest weekend of the year in the UK (and here in Belgium too I think), so I did loose a fair amount of sweat.

We've found a flat! It's on the seashore, expensive but considering the average price in Brighton not too bad. And it's a nice place with 2 big-ish rooms so we can have people stay over :)

Now all that needs to be sorted out is finding something to do ;)

Tip of the day

touch -- -i will create a file called '-i' in the current directory. This will cause rm to _always_ ask for confirmation when it is issued in this directory: '-i' is the first file it meets to delete, but it sees it starts with a - and hence assumes it is the option -i, for 'interactive'.

Excellent protection from the accidental rm -rf command. I just love unix...

A bit of an intensive day today. Did some paid work this morning (using WeSQL, of course :), and then I ventured off into UK-ifying my CV. Which turned out to be an all-afternoon project. But I'm happy with the result, it must be said.

Brighton

Called some more folks with flats for rent this evening. They are either taken, too small for two, or just not interested in letting them only from September. Sigh.

Advogato

Now how strange is it to wander about Advogato, randomly picking people and reading their stuff, rating them, and to meet a reference to my own diary on Stevey's page?

21 Jul 2002 (updated 4 Nov 2002 at 12:02 UTC) »

Well, 0.53 has seen the light. Of WeSQL, that is. It's a bugfix-only release, but it's an important bugfix if you run MySQL :)

Cool tools

Cronolog is the final solution for all log-rotation trouble. It doesn't rotate the logs, it just saves them properly in the first place.

If you need to build a (S)RPM, Thomas' excellent bitches is your friend - though the name is a bit.... well it's an acronym that didn't turn out very well.

Meatspace

July 21st is the Belgian national holiday. Also, the 'Gentse feesten', one of the biggest street festivals in Europe, have kicked off here yesterday, for the next 10 days. Neither of these two events mean much to me. I wish I was in LA.

Brighton

I'm still looking for a job and a place for 2 that doesn't cost an arm and a leg. My CV is coming along but it needs more work to UK-ify it.

16 Jul 2002 (updated 16 Jul 2002 at 22:05 UTC) »

Nothing much to say today. Ngrep is very cool - and Ettercap is even more amazing.

Also, an interesting discussion about ARP and what one can do with it is going on on Bugtraq.

My friend Thomas is flying to Boston tomorrow for the Gnome Boston Summit. Now how cool is that? Boston is a nice place - I've spent most of the last half year there and I really like it. With San Francisco, my favourite US city.

14 Jul 2002 (updated 14 Jul 2002 at 08:47 UTC) »

I've been having fun with hackerslab.org. It's a 'cracking contest', where you have to get through 17 or 18 levels. There's a tutorial here, in French (I hope that's not a problem for you ;) but only use it when you really don't know how to continue. It only goes up to level 8 anyway.

Time for some real work now.

If anybody has some information about living/working in and around Brighton,UK, I'd like to hear from you!

12 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!