23 Aug

Randy the Transistor Radio

01 - Outside Front Cover

Found this booklet up in the attic at Mom and Dad’s House.  I don’t know to which of my brothers it belonged, but the publish date is 1963.  Wouldn’t it be great if American children were still excited about truly technical things?  This book depicts the circuit board (Chet the Circuit Board) admonishing the reader to not take him apart–you’ll learn how I work when you get older.

We’ve lost something along the way.

Read More

07 Mar

VPN Active

Awesome.  I can VPN to my home network now.

My work’s corporate network does not allow out-of-spec SSL traffic…so that was the majority of my problem.  Just goes to show that consistent troubleshooting processess are required to make things work. 

I had tested other networks in the past, but it didn’t work because I didn’t have my server certificate file created properly.  So, after I realized that I needed to redo my certificate, I hadn’t checked any network other than the corporate.  Which uses Websense.  Which sits on top of ISA 2004.  Neither of which really likes SSL over the normal port 443, let alone unrecognizeable traffic over port 1194 (which is the OpenVPN default).  Just shows to go ya.

w00t.

I’m going to be moving my blog to a different server.  We’ll see how this works out.

22 Feb

I Hear You Now

openvpn01

And now…well…wish I knew.  OpenVPN has a GUI addon of which I would have been aware, had I only read all of the documentation for Endian.  I think I almost have it.  I think I need to create a new server certificate and actually use the “Download Certificate” button rather than cutting-and-pasting.

20 Feb

Astronomy 161 and Endian Update

Please please please, do your brain a favor and listen to the Astonomy 161 lectures by Richard Pogge (Ohio State).

saturn_icon

Astronomy 161 – An Introduction to Solar System Astronomy

gal_icon

Astronomy 162 – Introduction to Stars, Galaxies, & the Universe

Great stuff!

In other news, Endian remains the bomb-diggity.  Three minor-ish criticisms:

  1. The out-going firewall interface needs the ability to create rulesets with a range of ports, rather then just by one at a time.  This was somewhat mitigated by the discovery that I can acually put an FQDN into a rule…Stupid Microsoft Streaming Media Services (SM SMS).
  2. Ident, port 113 is enabled, but closed, by default.  What?  So, I’m in stealth on all the well-known ports…except 113?  I mean, come on! Let me open it up if I need it.
  3. Why, oh, why does it reply to ICMP (ping) on the external interface!?!??!  What in the world!? Oh, and how do you turn it off?  What?  No one knows??!?!?  Give me a break, here, guys. 🙂

I need to do some more testing with OpenVPN to see if I hate it as badly as I think I do…

These are relatively minor complaints.  As far as a firewall goes, and a proxy, it’s running REALLY well.  50-billion or so times more secure than my little Belkin.

Point three above though, is the most troubling.  I’ll probably have to do some M4D ipchains hax0ring to fix it.

07 Feb

TANK! Endian Update 3

Well, adding another 128MB of RAM really…uh…lowered the used swap space.

SWAPON!  (for all you slackware guys out there)

Anyway, I’m going to see how well the DynDNS agent works.  If that part is successful, I’ll enable the VPN services and test it. 

So far, I’m pretty impressed.

03 Feb

Endian Issues and Fixes

Ok, really quick:

The proxy service wouldn’t start.  Which was really irritating, as that is what seems to drive the anti-virus and content filtering.  So, I went searching.  On the mail lists, I found this:

Roger Grant wrote:
>
> I had the same problem, it looks like squid is failling if the blue
> interface is not defined.
> Here is the output from squid (on a vanilla install with 3 interface
> red,green,orange)
>
> FATAL: Bungled squid.conf line 74: http_access deny EFW_src_orange
> EFW_dst_blue
>
> I resolved this by enabling “Allow Access from ORANGE to BLUE:” in the
> “Nework based access control” of the proxy configuration page.
>
>
> Impetus wrote:
>>
>> hello comunity, happy new year……
>> i am running endian 2.1 now, with no problems exept i am unable to start
>> the proxy.
>> i ticked proxy on green and transparent proxy on green, then all acsess
>> to the net is blocked.
>> allso on status – Services Web proxy is stopped (brown). i restarted the
>> systen several times, no
>> difference….
>>
>> any ideas? please help
>>
>> regards urs

And sure enough, ticking the checkbox started the proxy service right up.  I’m thankful for the GUI, but abstracting control can sometimes cause these little issues.  Oh well.

Now I can comment better on sizing.  A PIII level machines seems to work fine, however, I only put in 128MB of RAM (for some reason).  I am using tons of swap space according to the system stats and 99% of physical memory.  In other words, I need to at least double the RAM.  The problem is that PC100 is old enough that it’s hard to find.  But I think I have a source.

So far, Endian seems to be running great.

31 Jan

World’s Fastest Endian

endian

Ok.  Here’s a key note for Endian Community Firewall 2.1:  It blows up without any particular error information unless you have everything just so.  It gives you a “Error:  Could not install packages.”

And then prompts for a reboot.

Packages?  What packages?  Give me a hint, willya?  BTW, it happens on both the 2.1 and 2.0 respin editions, and maybe others.  Here’s what I was able to determine:

I had turned off the Serial and Parallel ports in the CMOS setup.  Evidently, it will not load without these.  Further, it won’t even load with them unless you use the command nousborpcmcia (No USB or PCMCIA) at the Endian CD boot screen.  If you forget that little item, it will crash with memory registers splattered all across the screen in 80 column mode.

Ugly.

But I have the measure now.  We’ll see what happens next.

30 Jan

Firewalls and Old Stuff

Check out http://www.endian.it

I will be testing this firewall distro over the next few months.  It appears to be feature rich and able to replace my widdle belkin router at home, now that my WatchGuard 700 has died the death.  I’m hoping that WatchGuard will send me an old motherboard or an EEPROM (which is what I think is the problem), but there will be no breath-holding. 

Inside the Firebox is simply a small format custom PC board with a socket 7.  Mine has a 233MHz AMD K6-2 proc and a a 64MB SODIMM (like a laptop) that appears to be PC100.  We have another Firebox 700 at the office that is out-of-warranty, so I swapped all the parts I could, including the power supply, to no avail.  Has to be the motherboard or the software image. 

In other word, unless WatchGuard takes pity on poor me, it’s dead, Jim.

So, I’ll build an Endian FW from spare parts.  From what I can gather…or at least as far as I care , the group that started Smoothwall on SourceForge splintered in to several parts, from whence arose m0n0wall and IPCop.  And then (maybe?) the IPCop group split and started Endian.

In any case, my primary need is a true deep-packet inspection firewall, not a silly NAT-based obfuscation (like a Belkin or Linksys consumer router).  Endian seems to provide that, along with some IDS, some filtering, and proxy services.  I’ll let ya know.

Oh, and I posted three music files I found on the downloads page.  Talk about a blast from the past.  One of them, at least, been hanging around various hard drives and backup CDs for almost 10 years!

Ask a Ninja!

10 Jan

Pop-Filters on the Cheap

Well, I’m loving getting back into sound.  However, not being a single kid any more, I can’t just go out and blow my paycheck like I once did.  My family is in the habit of eating.   Therefore, in the building of my studio, I have to cut corners…for now.  SO, I made my own pop-filters for about $1.50 money-wise and 5 minutes of time.
They are permanent enough not to be a hassle, but can be replaced
whenever I am able to do better.

For the uninitiated, a pop-filter is just a screen of some sort between a vocalist and a microphone.  It slows down the air leaving the lungs just enough to cut down or eliminate plosives (“p-pops”) and excess sibilance (“s” sounds) in a recording.  Most dynamic microphones have a minimal filter built in, but a condenser mike, such as would be used to capture high-quality, high-definition vocals in a studio does not.  Get it? 🙂

I have a couple of pretty good microphones now, but didn’t have the money to purchase some cool professional pop-filters from a retailer like this:

pf_00

It is simple enough–I won’t bother doing a huge guide on it.  Get a needle-point hoop from a sewing supply store or Walmart or what-have-you.  I went to Joann’s Fabrics and paid $1.42 each.  Grab some plyers, some ladies’ stockings, a few zip ties, and a short length of 10 (ish, your choice) gauge copper wire.  For the wire, I had some left over from building the house.

pf_01

Take apart the hoop.

pf_02

And put the smaller ring all the way to the toe of the stocking.  Take a moment to get the seam straight on the side of the ring (so it doesn’t show–you don’t want this to look STUPID, do you!?!?!?)

pf_03

Tie a knot and pull it tight.

pf_04

Cut off the excess.

pf_05

And place the top ring over it, putting the knot in the split.  Don’t tighten it down just yet.

pf_06

Bend a hook in the end of the copper wire.

pf_07

Place it around the tightening screw and smash the hook as closed as possible…not crazy, just a bit.  Now tighten down the screw.  Since we used 10-gauge wire, it clamps it in there nicely.  A higher gauge might not be thick enough.

pf_08

Model it to the mic stand, but put a “U” shaped bend in the end.  That way it will be easier to hold in place with the zips.

pf_09

And literally, two or three zip ties will be all it takes.

pf_10

Best part, I can replace the stocking if needed, or nip the ties completely and throw the whole thing away when the time comes.  If you look around a bit with Google you can find some more elaborate plans for this kind of thing–it certainly isn’t original from me.  HOWEVER, I think this is about as simple as it gets (without employing a wire hanger and duct tape).

w00t!

OH yeah, check out www.wcsaga.com, I will probably be posting about it in more detail.  Later.