tag:blogger.com,1999:blog-57484022391508547222024-03-13T00:51:03.152+01:00Packet ParkingLife, the Universe and networking.Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.comBlogger65125tag:blogger.com,1999:blog-5748402239150854722.post-75991074240523216062016-03-13T03:01:00.000+01:002016-03-13T03:01:06.782+01:00Fiverr - The Ugly, the Bad and the GoodSo, news is, after being active on some freelancer sites for a while, I've ended up on Fiverr as well. I won't just moan about their features, but try to go through the experiences with the site as an IT/networking guy.<br />
<br />
The primary concern that people have with the site is the fee they charge: 20% from the freelancer, and another ~10% from the client, which is less publicized. Now, it doesn't quite add up to 30%, as folks like to quote it, as strictly speaking they charge the client $5.5 for the job (gig), and you get $4, so they keep $1.5. Now, calculator says, $1.5 is 27.27% of $5.5, but details. Anyway, it's a fair bit higher as the 10% on Upwork or the 8.some% of Elance (soon to be gone). As Upwork charges flat fees for taking your money out, I expected Fiverr to be at least free on that part, which it is not, but at least it's cheaper.<br />
<br />
Fiverr was designed with two things in mind: tiny ($5) jobs and creative professions. This is proving to be a major restraint on their growth to other sectors, and they're adding exceptions to the $5 base price as well.<br />
<br />
Designing a -<a href="http://www.thelogofactory.com/fiverr-continues-to-be-awful-doubles-down/" target="_blank">not necessarily good, original or legally safe</a>- logo for a fiver seems like a reasonable job (I've used it, I've received an okay logo, which I don't think is a copyright timebomb), but for IT it's kinda hard to come up with a unit of work for this amount. With my average freelance rate, that's about 12 minutes of my time. And it's not timed, paid after-the-fact, like Upwork, but you have to give an offer for a final value. So you'd either tell the client that 'This will take 2 hours, please but 10 of my gigs as 12 mins is the timing unit', which sounds a bit funny, and you can't refund if you ended up doing it quicker, or you try to give a quote for the full work and hope it'll cover it. Trouble is, most clients don't even know exactly what they want (not news to us), so you can only hope you won't work a lot more for the agreed price, or overcharge them, or just give a too high offer and they bail.<br />
<br />
Also, during the offer phase, there's potentially a lot of back-and-forth, typically consulting-level discussion while scoping out the project. Now, <a href="http://blog.fiverr.com/quit-day-job-pick-right-side-hustle/" target="_blank">lots of messages/emails are nothing new</a>, but it can be hard not to start asking for money for the level of support provided before even an offer is made, let alone accepted.<br />
<br />
Extras can increase the price to a point, but in some parts it can feel like you're taking the client as a hostage during the upsell process: "Sure, you've paid $5 for the logo design. Oh, you actually want to receive it (in vector format)? That's another $10 please!" It was written in the terms of the guy, but still feels a bit weird.<br />
<br />
Communication: Fiverr explicitly forbids direct communication between client and freelancer, and the messaging system displays a red warning on words like 'phone', 'mail', 'skype' or the @ symbol. Okay, we got it, revenue protection. For creatives, this may work, but I simply can't work on the device of the client without some communication tool like skype, teamviewer, remote desktop or anything. Basically it's impossible to do these tasks with this constraint, so it just gets disregarded.<br />
<br />
To sum it up so far, I've worked a fair number of hours for a fairly low amount of $, due to unforeseen issues with projects, client jumping the gun and ordering the base gig and wanting me to save the world, but we live and learn.<br />
<br />
The good: okay, so why am I still on the site? For a ridiculously simple thing, that's not even a feature, but the basic concept of the site: <i>the clients are looking for a gig to buy</i>. Yes, that is a big difference. Consider the daily routine on Upwork: check new job postings, filter interesting ones, filter out jokers, filter out too low priced ones, filter out cheap buyers, research remaining jobs, write an original proposal to each. Massive time-sink. Potentially worth it if you find good, stable, paying clients, but still. On Fiverr, the buyer will contact you if he/she wants something. You might not get contacted, but no time wasted. The buyer might buy from somebody else still, but at least you have a foot in the door, and so far it was fairly rare that somebody requested an offer and bought from someone else. And you don't need shiny 'cover letters', just to stand out, you can immediately concentrate on the actual details of the gig, give an offer and see if it works for the buyer.<br />
<br />
I don't think the 'Gig economy changed his life and bought a yacht from Fiverr money' will apply to me, I work for a lot less than usual on the platform, but at least it's not wasting too much of my time, for which I'll stay for a while.<br />
<br />Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-79321963472322447332015-05-09T16:11:00.000+02:002015-05-17T14:36:22.120+02:00iStock keywording rant<div class="separator" style="clear: both; text-align: center;">
<a href="http://i.istockimg.com/file_thumbview_approve/30309856/2/stock-photo-30309856-server-network-panel.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://i.istockimg.com/file_thumbview_approve/30309856/2/stock-photo-30309856-server-network-panel.jpg" height="213" width="320" /></a></div>
A few months ago I've decided to start contributing to iStock. I'm not much of a photographer, but the thinking was: I can get to some places which might be interesting for others.<br />
<br />
So I've started uploading pics of pretty datacenters, 10Gig switches and the likes. And keywording these accurately for what they are, being as specific as I can.<br />
<br />
One thing I've noticed from the most downloaded photos is that they have all the keywords in the world, which have nothing to do with the photo, kinda like websites in the early 2000's having everything up to and including 'sex' and 'mp3', because they were popular search term.<br />
<br />
The title pic is a very nice patchpanel, from the Signature collection of iStock.<br />
Now let's check out its keywords:<br />
<br />
Computer Network, Node, Cable, Fiber Optic, Router, Computer Cable, Communication, <span style="color: red;">Wireless Technology</span>, <span style="color: red;">Business</span>, Telecommunications Equipment, LED, Network Connection Plug, <span style="color: #cc0000;">CPU</span>, Control Panel, rj45, Control Room, isp, <span style="color: red;">Power Line</span>, Internet, data center, Computer Part, <span style="color: red;">access point</span>, Equipment, Light - Natural Phenomenon, Close-up, Wired, Network Security, Network Server, <span style="color: #cc0000;">Modem</span>, Rack, Midsection, Number, Connection, <span style="color: red;">Support</span>, <span style="color: red;">Concepts</span>, White, Blue, Black Color, <span style="color: red;">Ideas</span>, Technology, Macro, <span style="color: red;">Computer</span><br />
<br />
Most of them are far fetches, the weirdest are in highlight. Is this any use to anybody at all, from the buyers side? Buyers really never search for specific terms and they never know anything about the brands/devices they're looking for? I'm not that convinced, but I'm a novice on the platform, so maybe so. Comments are most welcome.<br />
<br />
In the meantime, I've started to collect brand-specific lightboxes, maybe they'll be some use to some folks:<br />
<br />
<a href="http://www.istockphoto.com/search/lightbox/17585065" target="_blank">Cisco switches lightbox</a><br />
<a href="http://www.istockphoto.com/search/lightbox/17585595" target="_blank">HP switches lightbox</a><br />
<br />Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-54459905500785593392015-03-04T17:10:00.000+01:002015-03-04T17:10:55.038+01:00How to deny Postfix SMTP authentication from non-US clientsAs the war on spam continues, one of my clients wanted to only provide SMTP AUTH capabilities to IP addresses in the states, as their employees are only located there anyway.<br />
<br />
Postfix has a facility for this, called <span style="font-family: Courier New, Courier, monospace; font-size: x-small;">smtpd_sasl_exceptions_networks</span>. It basically denies SASL auth to IP's from the specified ranges. Disregarding IPv6 for now, here's a list of IP ranges from IANA that are non-US (ARIN) allocations:<br />
<br />
<pre>smtpd_sasl_exceptions_networks = 0.0.0.0/7
2.0.0.0/8
5.0.0.0/8
10.0.0.0/8
14.0.0.0/8
25.0.0.0/8
27.0.0.0/8
31.0.0.0/8
36.0.0.0/8
37.0.0.0/8
39.0.0.0/8
41.0.0.0/8
42.0.0.0/7
46.0.0.0/8
49.0.0.0/8
51.0.0.0/8
53.0.0.0/8
57.0.0.0/8
58.0.0.0/7
60.0.0.0/7
62.0.0.0/8
77.0.0.0/8
78.0.0.0/7
80.0.0.0/4
101.0.0.0/8
102.0.0.0/7
105.0.0.0/8
106.0.0.0/8
109.0.0.0/8
110.0.0.0/7
112.0.0.0/4
133.0.0.0/8
141.0.0.0/8
145.0.0.0/8
150.0.0.0/7
153.0.0.0/8
154.0.0.0/8
163.0.0.0/8
171.0.0.0/8
175.0.0.0/8
176.0.0.0/4
193.0.0.0/8
194.0.0.0/7
196.0.0.0/7
200.0.0.0/6
210.0.0.0/7
212.0.0.0/7
217.0.0.0/8
218.0.0.0/7
220.0.0.0/6
</pre>
Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-35021598207188238482014-12-30T21:48:00.002+01:002014-12-30T21:48:19.841+01:00ARCH Linux on a WM8850-based mini laptopOne of my purchases earlier this year was a mini laptop, powered by a Wondermedia WM8850 chip.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-dcmB01o50SU/VKMOdeHQ-QI/AAAAAAAACM4/dnv_hCg45Fc/s1600/npc702_black_wm8850_android_4.0_with_camera_mini_netbook_e.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-dcmB01o50SU/VKMOdeHQ-QI/AAAAAAAACM4/dnv_hCg45Fc/s1600/npc702_black_wm8850_android_4.0_with_camera_mini_netbook_e.jpg" height="320" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-8wWNO_5PERQ/VKMNsEx2n9I/AAAAAAAACMo/h5nL0lLqVo0/s1600/wm8850_bottom.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-8wWNO_5PERQ/VKMNsEx2n9I/AAAAAAAACMo/h5nL0lLqVo0/s1600/wm8850_bottom.jpg" height="240" width="320" /></a></div>
<br />
<br />
It's kinda handy: runs Android/Linux selectively, has a HDMI interface, wired Ethernet and fullsize USB 2.0 ports. Also, it can be charged from USB, tablet style.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-cqeEWhIc8Lk/VKMNyEHe2wI/AAAAAAAACMs/s_5ZZYQWBOo/s1600/wm8850_usb.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-cqeEWhIc8Lk/VKMNyEHe2wI/AAAAAAAACMs/s_5ZZYQWBOo/s1600/wm8850_usb.jpg" height="240" width="320" /></a></div>
<br />
Quirks include no HDMI on Linux (yet), and it takes a bit of effort to turn on the wireless. Missing the gpio binary, you can get there by using the sysfs interface:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">echo 6 > /sys/class/gpio/export<br />echo out > /sys/class/gpio/gpio6/direction<br />echo 1 > /sys/class/gpio/gpio6/value</span><br />
<br />
Just echo 0 there to turn it off again.<br />
<br />
Compiling a kernel needed some scraping on the web, but can be done like this:<br />
<br />
<span style="font-family: "Courier New",Courier,monospace;">cd linux-3.16<br />nice make ARCH=arm menuconfig<br />nice make ARCH=arm zImage<br />cat arch/arm/boot/zImage arch/arm/boot/dts/wm8850-w70v2.dtb > arch/arm/boot/zImage_w_dtb<br />mkimage -A arm -O linux -T kernel -C none -a 0x8000 -e 0x8000 -n "My Linux" -d arch/arm/boot/zImage_w_dtb ~/uzImage.bin<br />make ARCH=arm modules<br />sudo make ARCH=arm modules_install</span><br />
<br />
The kernel config is online <a href="http://pastebin.com/fHYh4TM1" target="_blank">here</a>.<br />
<br />
It works happy with a 8GB SD card and adding a bit of swap can't hurt as the 512MB of RAM is not that much.<br />
<br />
Thanks for the <a href="git://github.com/linux-wmt/linux-vtwm" target="_blank">vt8500 developers</a>!<br />
<br />Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com2tag:blogger.com,1999:blog-5748402239150854722.post-22266338188095271752014-12-29T19:00:00.001+01:002014-12-29T19:00:21.642+01:00HTML5 video live streaming with ffmpeg and mediaelement.js, Round 2Follow-up from this summer to the <a href="http://packetparking.blogspot.ie/2013/02/html5-video-live-streaming-with-ffmpeg.html" target="_blank">original post</a>.<br />
<br />
So, after not rolling out our HTML5 player last year, we've decided to give it a go again this year.<br />
What we've learned: things have changed in Internet-land.<br />
<br />
IE no longer requests or supports WMV anymore, which is weird but actually correct. It takes mp4 now as default.<br />
<br />
Chrome was still ticking along happy.<br />
<br />
Firefox was a big surprise: between version 19 and 20 they've reworked the HTTP engine, so it's a bit quirky now:<br />
<ul>
<li>It fetches the first 8k for metadata in a request</li>
<li>It uses HTTP 206 Partial content requests now</li>
<li>If it doesn't get an X-Content-Duration, it'll send a new partial request for the end of the file. As it's transcoded on the fly, this is bad for us.</li>
</ul>
So, we need to give it:<br />
<ul>
<li>HTTP 206 headers</li>
<li>Range headers</li>
<li>X-Content-Duration headers (in seconds)</li>
</ul>
This can be done with something like this:<br />
<br />
<pre>$ua=$_SERVER['HTTP_USER_AGENT'];
$useragent='generic';
# match Firefox 1-19
if ( preg_match('/Gecko.20.*Firefox.(1){0,1}[0-9]\./', $ua) ) {
$firefox19=true;
}
# match all Firefox
if ( preg_match('/Gecko\/.*Firefox.[1-9]/', $ua) ) {
$firefox=true;
}
# if Firefox 20-
if ($firefox && !$firefox19) {
$useragent='ff20';
}
# generic headers
if ($useragent=='generic') {
#header("HTTP/1.1 200 OK");
#header('Content-Disposition: attachment; filename=' . basename($file));
}
# firefox 20+ headers
# firefox 20 wants partial content with code 206, and likes X-Content-Duration
if ($useragent=='ff20') {
header("HTTP/1.1 206 Partial Content");
header("Range: bytes=0-");
header("X-Content-Duration: $totduration");
}
</pre>
<br />
I couldn't get the Flash fallback of mediaelement.js working and Silverlight was killed by Microsoft, so mediaelement.js was taken out from our setup, with a manual Flash fallback link.<br />
We've also noticed A-V sync issues with ffmpeg, so deployment was pulled again, but we're making progress.<br />
<br />
Thanks to <a href="http://www.browserstack.com/" target="_blank">Browserstack</a>, for making life easier while testing.Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-27880880092997054472014-12-28T22:27:00.000+01:002016-06-18T01:08:51.611+02:00Linux, Network and Datacenter contractor/freelance engineer in DublinNew year, new-old adventures:<br />
<div>
<br /></div>
<div>
I'm moving back to the contract/freelance market, this time in Ireland. I'll be available as a Linux, networking and datacenter engineer in Dublin and Shannon (as necessary).</div>
<div>
<br /></div>
<div>
Certified to work on the following kit (the list is not exhaustive):</div>
<div>
- Cisco</div>
<div>
- Juniper</div>
<div>
- Brocade</div>
<div>
- HP</div>
<div>
- D-Link</div>
<div>
- Zyxel</div>
<div>
<br /></div>
<div>
For the full list and to <a href="http://ie.linkedin.com/pub/tamas-csillag/7/727/121" target="_blank">contact</a>, please check out my <a href="http://ie.linkedin.com/pub/tamas-csillag/7/727/121" target="_blank">LinkedIn profile</a>.</div>
<div>
I'm happy to work through <a href="http://tcsillag.elance.com/" target="_blank">Elance</a>, as it provides protection to all parties.</div>
<div>
I have a nice <a href="http://www.experts-exchange.com/members/TimotiSt.html" target="_blank">Experts-Exchange profile</a> as well.<br />
<br />
Edit:<br />
<br />
Now we do <a href="https://www.facebook.com/pages/Hands-and-Eyes-Dublin/1506751389642000" target="_blank">Facebook</a> as well!<br />
<br />
Edit2:<br />
<br />
The <a href="http://d8ns.com/" target="_blank">website is live: d8ns.com</a>.</div>
Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-88229009202111100382014-03-28T22:39:00.001+01:002014-03-28T22:39:32.989+01:00JavaScript hype, code ninjas and why does it hurtAfter watching some young IT guys in the office, spending the last weeks in jQuery hell, and reading Lincoln Baxter III's <a href="http://ocpsoft.org/opensource/javascript-is-the-new-perl/" target="_blank">article on JS vs Perl</a> and talking to some similar-aged guys, I think I'm starting to understand that this is a generational thing really. Mind you, I'll only turn 31 in a few weeks...<br />
<br />
The problem is, JavaScript ain't bad, it's just not good. And it fully supports making it worse. It's been almost 20 years that it popped up us a good idea, needing a lot of refinement, but it managed to stick around. It would be okay to write some small functions in it, but writing full-blown applications like Google Docs or Facebook in a high-level script language? There's a reason we never did that in .bat files either...<br />
<br />
On the other hand, as Lincoln points out, JavaScript is superior to any other clientside languages by the virtue of existence. There's nothing else out there: VBScript died, Flash is going away fast, the new things are in development. Normally, high level languages don't really survive 20+ years, or at least not without major refactoring.<br />
<br />
It doesn't really help that our new startup-hype culture now worships programmers as code ninjas and other ridiculous names: it's getting into the heads of these cool kids. It seems like a good idea to name their function a dollar sign, or their method an underscore, because it's short and cool. I'm kinda thankful that the full UTF32 set or Wingdings is not permitted for use...<br />
<br />
Why might this be a problem? I'm a sysadmin and as such, I'm trying my best to make things work: debug stuff, help developers deploy their apps, the works. I need to debug all kinds of languages, which isn't really a problem, as there's a few control structures and functions to any language, mostly in English. Debug PHP, Perl, Python, even Ruby? Sure, can do, worst case I read the manual a bit. Enter JavaScript: with vanilla, it's actually pretty okay:<br />
<pre style="white-space: pre-wrap; word-wrap: break-word;">
</pre>
<pre style="white-space: pre-wrap; word-wrap: break-word;">var myElement = getElementById("navdiv");</pre>
<br />
I expect that it'll <u>get</u>, an <u>element</u>, by its <u>ID</u>. See, I know this, a bit of html: things will be fine.<br />
Cool kid notation:<br />
<pre style="white-space: pre-wrap; word-wrap: break-word;">
</pre>
<pre style="white-space: pre-wrap; word-wrap: break-word;">tmpl: _.template($('a').html()),</pre>
<br />
Say what...? There's more special characters in there than letters... I'm used to that if I read kernel C code, or a Perl regex, but not on some little validation function or something. If I don't have a fairly intimate knowledge about underscore.js and jQuery, which I won't necessarily have, don't expect me to help you out there if it breaks during deployment...<br />
<br />
Or declaring a function inside a function call, that in turn calls a function, just because we can:<br />
<br />
<pre style="white-space: pre-wrap; word-wrap: break-word;">Todos.each(function (todo) { todo.save({'done': done}); })</pre>
<br />
Sure, we've saved 2-4 newlines. Who's going to maintain this code 5 years later? Or startup-land really only thinks in the first 3 years and 2 whiz-kids and they don't believe in this enterprise scale thing? If you really are the next Zuckerberg: he needs to maintain stuff after the IPO too.<br />
<br />
The moral of the story? No such thing this time, we'll see what'll happen with the new tech bubble, the code ninjas and JavaScript. I still don't really like them and possibly never will.Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-89064323982851890252014-03-05T01:32:00.001+01:002014-03-05T01:32:35.623+01:00Using an Android tablet as a desktop workstation - the diary of a dayI'm considering to replace my 10" work netbook with a tablet, to increase portability and decrease weight. Normally I'm using my netbook with a 21" TFT, keyboard and mouse, with wired networking.<div>
<br /></div>
<div>
After ordering all the necessary gadgets for my 7" Nextbook tablet, today I tested a full day with it:</div>
<div>
<br /></div>
<div>
The tab has a mini-HDMI output, in the office we only have DVI monitors. The ordered miniHDMI-HDMI and HDMI-DVI cables didn't work with my usual Dell monitor, but did with a Samsung I borrowed. USB OTG connectivity to a USB-PS2 adapter to my keyboard/mouse works perfect. Happy so far, let's start the day. Output is actually 720p, and not perfectly full screen on the Samsung. Displays are cloned, so I pretty much waste the 7" extra realestate there, but that's okay for now.</div>
<div>
<br /></div>
<div>
The stock Android email client could be better, I might install K9 on the tablet too. Still, an issue: not sure if I can move emails between my 3 accounts. As I receive ebay/paypal stuff for company purchases in my Gmail, this is a problem for me, but we'll see.</div>
<div>
<br /></div>
<div>
Chrome and Firefox work as expected, OTRS and the UniFi controller interface are just fine, with the exception of Flash parts. LinkedIn doesn't want to present me the desktop site, even if I request it.</div>
<div>
<br /></div>
<div>
Linux commandline: I'm spoiled with options. Connectbot works okay, I still prefer the Android terminal emulator. SSH would work okay, but it lags on the public wifi, so I set up a temporary wifi for it. Few character issues with a remote MC session, but nothing I can't live with. Trying to SCP a file locally is a problem: SCP segfaults and dies with permission issues. No root on the tab, no fixing that for now. Workaround with some SSH tricks, but this could be a problem.</div>
<div>
<br /></div>
<div>
Remote desktop: official Microsoft RDP client, connects to 2003 and 2008 fine, but can't set the resolution. I get some 1400x1200 desktop, zoomed down so I can barely make out the fonts. Took me 5 mins to find the zoom button, which blows it up to 200%, so the scrolling game begins. This'll need some work, possibly another client.</div>
<div>
<br /></div>
<div>
Just as I was trying to size up the internal storage (5GB free, okay for now), the next package from China arrives: the powered USB hub. This would be for connectivity with pendrives and HDDs. Plug, plug, no joy: nothing's working through the hub. Tested the hub with a Linux PC, works perfect. Tested 2 unpowered hubs with the tablet, same thing: no support at all.</div>
<div>
<br /></div>
<div>
Next up: I'll need to print an Excel sheet. Let's not even go there, 15 minutes with the netbook as a break...</div>
<div>
<br /></div>
<div>
Editing an XLS from Dropbox with Quickoffice has some issues, it can't save transparently back to Dropbox, I'll need to download-edit-upload. It would be seemless with Google Drive. Copy-pasting from a Word dock in Quickoffice into Google Drive fails bad: copy-paste doesn't work and I can't go back to the docx, I'll have to open it again every time.</div>
<div>
<br /></div>
<div>
Wrapping up the day with emails and light browsing works fine, no issues.</div>
<div>
<br /></div>
<div>
Verdict: I won't be taking the laptop to holiday in the future, but Android is not desktop ready just yet. Emails are kinda okay, the hub is a problem, rooting might make things better, printing might be a brave adventure, window switching can be painful. I might actually try a Win8 tablet if I have a chance.</div>
Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-85969157189186645072014-02-24T01:26:00.002+01:002014-02-24T01:26:34.029+01:00Privacy and service: Dropbox vs. your NAS (OwnCloud)Just some rambling after reading through the comments on the <a href="https://blog.dropbox.com/2014/02/updating-our-terms-of-service/" target="_blank">Dropbox blog</a>, after the change in the Terms of service:<div>
<br /></div>
<div>
I don't really like the idea of the NSA/CIA/ABC peeking at my family photos, but I decided that I can live with it. A good point in the posts was that it's everybody's own decision if this is something they can live with, or it's too much for them, in which case they should just stop using the service.</div>
<div>
<br /></div>
<div>
But I think two things were mixed together in the conversation, which are actually separate: the 'important' and the 'private' part. Both of these are up for individual choice, but they might (based on decision, again) get different treatment.</div>
<div>
Example: my family photos are important to me; those moments can't be re-created. I want them to be safe. But they aren't really private (no nude shots of me, etc.), so no need to encrypt them, Uncle Sam can watch them for all I care. On the other hand, my bank/tax statements: they are decidedly less important to me, on a nice-to-have level, but I do consider them private: I encrypt them before storing them in the cloud.</div>
<div>
Classifying every piece of your data is up to you: everything can be important and everything can be considered private. It's up to you how you deal with these cases technologically.</div>
<div>
<br /></div>
<div>
One of the arguments is that instead of using Dropbox/Google Drive/SkyDrive, people fire up their own NAS at home (there's this nice new product called OwnCloud, or you can go with good ol' FreeNAS). That's perfectly fine, we've loved NAS systems for the past 20 years, just 2 tiny issues:</div>
<div>
- Just because it's your own computer on the Net, it's not a 100% secure. If Big Brother wants to, they'll find a way to break it;</div>
<div>
- A NAS at home is not cloud. You are doing apples and oranges here, when you compare the services provided by them.</div>
<div>
<br /></div>
<div>
A bit detail on the second one:</div>
<div>
If you go with the actual meaning of Cloud computing, not just calling everything cloud that's connected to the Net, you have a few important <a href="http://en.wikipedia.org/wiki/Cloud_computing#Characteristics" target="_blank">characteristics</a>:</div>
<div>
- Reliability: If it's your NAS box in your home with a one or two ISP uplinks, with or without a UPS to power it, it might not provide 99.999% uptime. Also, do you have an enterprise grade point-in-time backup system for it? Harddrives will fail, be ready. Somebody might break into your house (not a conspiracy, just a regular Joe) and take it.</div>
<div>
- Maintenance: Don't forget to keep the firmware up to date, keep it dust free, replace harddrives as they fail.</div>
<div>
- Security: let's not even go there.</div>
<div>
- Scalability: you'll have a nice up front cost, and you might have to pay up to replace the harddrives with bigger ones again.</div>
<div>
- Cost: economy of scale. Although storage is the worst use for cloud in this sense. With European energy prices, it costs a conservative $5 a month to run 30W of electric load. If harddrives fail every 5 years and they cost $120, that's $2.4 a month. I assume your NAS has at least 2 of them (you really don't want to run without RAID mirroring at least), that's $4.8. That's $9.8 a month total, with very basic maths, not calculating with time-value of money, ISP costs, etc.</div>
<div>
- Device and location independence: with the new generation NAS software on the market, this is doable.</div>
<div>
- Performance: minor issue, you might not want to host your NAS on a dialup or DSL connection, but otherwise it's okay.</div>
<div>
- Agility: you most likely won't ever reprovision your NAS, so it's okay.</div>
<div>
<br /></div>
<div>
Bottom line: your data should be yours, classify it as you wish, choose the technology accordingly, but know what you're getting in each case.</div>
<div>
<br /></div>
Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-27999684226550738732014-02-08T15:17:00.001+01:002014-02-08T15:17:20.722+01:00Contacts from Android to Nokia SymbianAfter getting a bit fed up with Android again on my secondary phone, I decided to move back to my trusty old Nokia 3110c, as it just f--_finely works. So I had to copy my contacts back.<br />
<div>
The online <a href="http://www.google.com/contacts%E2%80%8E" target="_blank">Google Contacts</a> page lets you export in CSV or vCard. CSV doesn't work with Nokia PC Suite (it might with some Excel magic), so I went with vCard. Problem is, PC Suite only imports 1 vCard/file, and Google exports all-in-one. After a quick unhappy Google, I came up with the following PHP commandline script to chop it up. It's ugly, but works... It takes the input from STDIN, and outputs to the folder specified in the code.</div>
<div>
<br /></div>
<pre>
#!/usr/bin/php
<?php
$filenum=1;
while ($SOR=fgets(STDIN)) {
if (strstr($SOR,"BEGIN:VCARD")) {
$filep=fopen("/home/tamas/temp/".$filenum.".vcf","w");
echo $filenum."\n";
}
fwrite($filep,$SOR);
if (strstr($SOR,"END:VCARD")) {
fclose($filep);
$filenum++;
}
}
?>
</pre>
Usage:
<pre>
$ cat downloaded.csv | php vcardchop.php
</pre>
Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-76614959683246165772014-01-29T23:53:00.000+01:002014-03-15T14:13:00.548+01:00Installing a new Windows 2000 box in 2014Sometimes, you just have to do it. You know that upstanding citizens would frown upon you. Your friends tell you it's not worth the risk. Your spouse looks at you in horror. But you still can't escape, you have to do it. You have to do a fresh install of Windows 2000, even in 2014.<br />
<div>
<br /></div>
<div>
In my case, it was a legacy printing system which doesn't even play ball with XP. The SP4 installation went fine onto a HP dc5100 SFF, drivers loaded okay, the printers and the print software installed without problems. Test pages were printed, but Windows 7 clients couldn't access the box. My guess was the lack of NTLMv2 support, or possibly outdated CA certs. No problem, Windows Update to the rescue.</div>
<div>
<br /></div>
<div>
Or not, as Windows Update does not work on a fresh install of Windows 2000, which comes with IE 5.0. Explorer 5 only supports DES encryption, which is kinda obsolete, I'm not sure if you can even access the Windows Update website with it anymore. The order of the day was the following:</div>
<div>
<br /></div>
<div>
Google for a full installer of IE 6.0 (not SP1); I found one on oldapps.com:</div>
<div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">-rw-r--r-- 1 user staff 77M 2014-01-15 11:25 ie60.exe</span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span></div>
</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-l6FKJUup2qY/UyRRwfmRYEI/AAAAAAAAAEI/uE8to9gF9Nc/s1600/lol1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-l6FKJUup2qY/UyRRwfmRYEI/AAAAAAAAAEI/uE8to9gF9Nc/s1600/lol1.png" height="245" width="320" /></a></div>
<br /></div>
<div>
<br /></div>
<div>
The small web installer on the MS download site will fail, so you'll need the full installer. It should install fine, reboot.</div>
<div>
The downloads from now on mostly came from download.microsoft.com. First off a root CA pack from 2009:</div>
<div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">-rw-r--r-- 1 user staff 312K 2014-01-15 11:25 rootsupd.exe</span></div>
</div>
<div>
<br /></div>
<div>
Next off was an update rollup, just to cut back on the downloads:</div>
<div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">-rw-r--r-- 1 user staff 32M 2014-01-15 11:25 Windows2000-KB891861-v2-x86-ENU.EXE</span></div>
</div>
<div>
<br /></div>
<div>
And finally the Windows Update client 3.0 update:</div>
<div>
<div>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;">-rw-r--r-- 1 user staff 5.9M 2014-01-15 11:25 Windowsupdateagent30-x86.exe</span></div>
</div>
<div>
<br /></div>
<div>
A few reboots later you should be able to access the Windows Update site and download about a 100 updates, more if you installed .net and/or Office.</div>
<div>
<br /></div>
<div>
As for modern browsers: IE6 SP1 is the max, forget Chrome, and Firefox can go up to version 12.</div>
<div>
On the bright side: Windows 2000 is seriously fast on modern hardware...</div>
Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-6235489637916846462013-08-16T23:21:00.000+02:002013-08-16T23:21:26.784+02:00Web page screenshot with Javascript, based on html2canvasLast week I had to do some screenshots in javascript. I don't really know javascript, so I went with Google. It really can't be that hard... After an hour of copy-pasting non-working examples, I finally managed to come up with the following, that actually works in Firefox and Chrome, and it should work in Explorer 9 or newer.<br />
<br />
Note: this is not my original work, just the result of an hour of Google. Most parts from <a href="http://html2canvas.hertzen.com/" target="_blank">html2canvas</a>.<br />
<br />
Full page html:<br />
<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"><html><br /><head><br /><title><br>ScreenShot<br></title></head><br /><body><br /><br /><script language="javascript" src="http://html2canvas.hertzen.com/build/html2canvas.js"></script><br /><script language="javascript"><br>function ScreenShot() {<br><br>html2canvas(document.body, {<br> onrendered: function(canvas) {<br> var img = canvas.toDataURL()<br> window.open(img);<br> }<br>});<br><br>}<br></script><br /><br /><input onclick="ScreenShot();" type="submit" value="ScreenShot" /><br /></body><br /></html></span></span><br />
<br />
<br />
The important stuff (that worked in a Moodle HTML block):<br />
<br />
<span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"><script language="javascript" src="http://html2canvas.hertzen.com/build/html2canvas.js"></script><br /><script language="javascript"><br>function ScreenShot() {<br><br>html2canvas(document.body, {<br> onrendered: function(canvas) {<br> var img = canvas.toDataURL()<br> window.open(img);<br> }<br>});<br><br>}<br></script><br /><br /><input onclick="ScreenShot();" type="submit" value="ScreenShot" /></span></span><br />
<br />
<br />
<br />Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com1tag:blogger.com,1999:blog-5748402239150854722.post-12475854762266042142013-05-25T20:12:00.000+02:002013-05-25T20:12:02.625+02:00 Ubiquiti Unifi POE (update for UAP-AC)As Ubiquiti released the UAP-AC, here is a quick update to the <a href="http://packetparking.blogspot.ie/2012/12/ubiquiti-unifi-poe.html" target="_blank">older post</a>:<br />
<ul>
<li>The UAP-Pro does support standard 802.3af POE;</li>
<li>The UAP-AC supports 802.3at POE+. According to the datasheet, this AP uses 22W of power, and since standard POE can only supply 15.4W (at best), this baby really needs the max. 30W from POE+.</li>
</ul>
While the POE+ requirement might be a show-stopper for us, standard POE implementations are definitely the way to go for Ubiquiti.Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-47737729110184502752013-05-21T20:57:00.000+02:002013-05-21T20:57:21.444+02:00Fun factsheet for HP Procurve 2524 and 2512 switchesTo celebrate the release of the 5.77 software and our undying love for the Procurve 2500 series, here is a handy factsheet for the 2512 and 2524 switches:<br />
<br />
<ul>
<li></li>
<li>These are layer 2 switches;</li>
<li>So they don't have DHCP snooping capabilities;</li>
<li>Nor any ARP inspection (DAI).</li>
<li>They can't do IP routing, or NAT.</li>
<li>Only 1 trunk interface is supported.</li>
<li>LACP is supported.</li>
<li>Traffic distribution over a trunk is based on MAC addresses.</li>
<li>No layer3 ACLs for switching. (Just for the control plane).</li>
<li>They have 2 hardware priority queues.</li>
<li>They only support L2 COS, not DSCP or TOS.</li>
<li>They support voice vlans, but only for QoS purposes, not signaled in LLDP/CDP.</li>
<li>They support RSTP, not MSTP.</li>
<li>They do support LLDP, but no LLDP-MED.</li>
<li>They support CDP in receive-only mode.</li>
<li>They support GVRP.</li>
<li>They do not support POE.</li>
<li>They use the same software as the unmanaged 2300 series.</li>
<li>They use the same expansion modules as the 2300 series.</li>
<li>There is a proprietary gigabit stacking module for these switches.</li>
<li>They can be "stacked" in a master-member fashion, but don't expect much.</li>
</ul>
The next possible feature of the series might be the 2600 series, which also received new software in December.Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-19837964860154382582013-05-19T20:20:00.000+02:002013-05-20T17:54:48.853+02:00Cheap certifications to help start your IT career - episode 1Okay, I know the title sounds dodgy, but I'm not going to sell you anything. Not cheap exam PDFs, not braindumps, nothing.<br />
<br />
Getting a BSc or MSc takes years (and money), and sitting exams for major certificaions (MCSE, CCNP, etc.) also takes time and also costs decent money.<br />
<br />
The following is a list of fairly easy and cheap entry-level IT certificaions, to get you started. The list is not comprehensive, so look out for follow-ups.<br />
<br />
Microsoft<br />
If you want an MS certification, the MCSA is not your only option. Gettign a single MCTS (Technology Specialist) is better than nothing, and the new <a href="http://www.microsoft.com/learning/en/us/mta-certification.aspx" target="_blank">MTA (Technology Associate) </a>certifications -while aimed mostly for students- ain't too bad either. They are around $120 in developed countries, and around $75 in developing countries (including East-Europe). MTA topics include server OS, networking, security, .net development, etc.<br />
<br />
Servers: HP<br />
HP offers free web-based training and non-free exams for its servers and networking tracks. Look for the ATA and ATP levels, where "HP2-" exams are needed on <a href="http://h10120.www1.hp.com/expertone/" target="_blank">ExpertOne</a>. One exam costs around $20, but this information is a bit old.<br />
<br />
Networking:<br />
Brocade<br />
I do admit, I'm a bit biased towards Brocade at the moment, as I'm getting ready for my BCLP. Still,they offer free training material and $20 exams for their accreditations, which is nice. For details, see <a href="http://packetparking.blogspot.com/2013/04/network-certifications-for-budget.html" target="_blank">this previous post</a>.<br />
<br />
Zyxel<br />
While not the most recognized networking vendor in Europe, they do some serious stuff, and you can get several ZCNP certifications (training+exams) for free at <a href="http://education.zyxel.com/" target="_blank">their education website</a>. Certification tracks include switching, security, FTTx, xDSL, VoIP, WiMax, etc., so it's fairly diverse.<br />
<br />
Juniper<br />
Now Juniper is a recognized player in the networking field, and with their <a href="http://www.juniper.net/us/en/training/fasttrack/" target="_blank">fast-track program</a>, they offer free web-based training and 50% vouchers for some exams, so they are below $100.<br />
<br />
So even if you're coming from the east, with not a lot of cash to spare for exams, you can still make do. Also, look out for offers from anybody, so check their facebook, linkedin, website and whatever else they have.<br />
If you have more recommendations or recent experience with these, comments are always welcome.Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-26300542953946417342013-05-09T17:57:00.001+02:002013-05-09T17:57:35.950+02:00Brocade BCLE and BCLP newsTo celebrate my achievement of getting the BCLE, Brocade decided to retire the certification and also refresh the BCLP 2010 to BCLP 2013. The BCLE will be incorporated into the BCLP 2013 and the Internetworking Track will be re-designed a bit with a possible new certification.<br />
<br />
If you're interested in getting BCLP certified, be sure to visit the <a href="http://community.brocade.com/docs/DOC-3137" target="_blank">Brocade communities</a> in the near future.<br />
<br />
Recommended study materials include:<br />
<br />
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ServerIron ADX 12.5 Administration Guide 53-1002682-01</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ServerIron ADX 12.5 Advanced Server Load Balancing Guide</strong><strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"> 53-1002683-01</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ServerIron ADX 12.5 Firewall Load Balancing Guide</strong><strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"> 53-1002684-01</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ServerIron ADX 12.5 Global Server Load Balancing Guide</strong><strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;"> </strong><strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">53-1002685-01</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ServerIron ADX 12.5 Multitenancy Guide 53-1002693-01</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ServerIron ADX 12.5 NAT64 Configuration Guide 53-1002690-01</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ServerIron ADX 12.5 Security Guide 53-1002686-01</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ServerIron ADX 12.5 Server Load Balancing Guide 53-1002687-01</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ServerIron ADX v2.0 ARB Admin Guide 53-1002509-01</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ServerIron ADX OpenScript Programmer's Guide 53-1002691-01</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">Best Practices for High Availability Deployment for the Brocade ADX Switch GA-BP-453-00</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">CLE 202 Course</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">CLP 240 Course</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<strong style="border: 0px; font-family: inherit; font-style: inherit; margin: 0px; outline: 0px; padding: 0px; vertical-align: baseline;">ADX-TS 300 Course</strong></div>
<div style="background-color: white; border: 0px; color: #575757; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px; line-height: 19px; outline: 0px; padding: 0px; vertical-align: baseline;">
<br /></div>
Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-19397571339103933562013-04-23T01:46:00.000+02:002013-05-02T23:32:16.761+02:00Brocade certifications, with spotlight on the BCNE and BCNPIf you are coming from the wild east, chances are you have problems with paying loads for certification exams: a CCNP can easily cost 3 times $150. And if your company doesn't pay for it, but instead it comes out of your lunch money, this can hurt. Been there, done that, wasn't funny.<br />
<br />
Good news is, more networking vendors are starting on the "fast-track" course, providing you with short and cheap options to migrate your CCNA to their gear. Brocade is no exception, and they are still running the course, where you get <a href="http://www.brocade.com/education/CNE_250.page" target="_blank">BCNE training+exam for $100</a>. I even <a href="http://packetparking.blogspot.com/2010/08/bcne-for-cheap-maybe-free.html" target="_blank">blogged about this</a> a while back.<br />
<br />
Brocade has two levels of certifications: <a href="http://www.brocade.com/education/certification-accreditation/accreditation-exam-information/index.page" target="_blank">Accreditation</a> and <a href="http://www.brocade.com/education/certification-accreditation/exam-information/index.page" target="_blank">Certification</a>.<br />
Accreditation exams include the IP Specialis (BAIS), the Campus Networking Specialist (BACNS), WLAN Specialist and my new favorite, the Physical Security Specialist, which I consider a fresh, new and actually useful thing. These are basically web-based exams for $20. Fair enough.<br />
<br />
Certification exams are the usual drill: <a href="http://www.pearsonvue.com/brocade/" target="_blank">proctored by Pearson VUE</a>, multiple choice and they cost $150. Here comes the good part again: once you have a few of accreditations, you could join the various Brocade certification groups on LinkedIn; I assume you're already a member and all. Now this is where things happen: sometimes you can get deals on certification exams. So far I managed to get all 3 of my certs for free (with 4th possibly on the way), which I consider fairly cheap. Also, the guys are fairly helpful if you need help with your exams.<br />
<br />
Training material: <a href="https://my.brocade.com/" target="_blank">Brocade University</a> runs some free web courses, and free assessment tests for the certification exams. Other goodies include "Nutshell" study guide PDFs and documents on the MyBrocade pages. Also recommended is the old <a href="http://puck.nether.net/mailman/listinfo/foundry-nsp" target="_blank">Foundry mailing list</a>, and possibly picking up an old FWS24 on eBay, as they are dirt cheap and decent boxes.<br />
<br />
Disclaimer: yes, this has been a partially sponsored post, but it's good for you, so it's okay.Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com2tag:blogger.com,1999:blog-5748402239150854722.post-55230760169933729762013-04-14T13:20:00.000+02:002013-09-15T15:49:18.766+02:00Resilient backbone with stacked 3Com 4050 and D-Link DGS-3324SRAs part of our network resiliency project, we decided to deploy a redundant trunk connection between the main and secondary server rooms. The main room houses our core 3Com 4050 cluster, and the secondary has a pair of D-Link DGS-3324SR boxes. Both of them support multi-chassis trunking, which is very nice of them.<br />
<br />
3Com 4050 clustering<br />
<br />
The 40x0 series supports the 3Com XRN stack technology, which can be implemented for long-distance on a GBIC, or short-distance with an XRN fabric module (which we use). Here comes the XRN fabric FAQ:<br />
<br />
<ul>
<li>The fabric bandwidth is 8Gbps;</li>
<li>Link aggregation (trunking) uses IP-based hashing, or falls back to MAC-based hashing. It's not configurable;</li>
<li>Distributed link aggregation has "Intelligent Local Forwarding": it tries to avoid using the fabric link if possible. If a frame was received on switch1, it'll use a link aggregation member link on switch1, not on switch2. This can lead to some asymmetric traffic flows.</li>
</ul>
When building the stack, you're best off with the new member reset to factory defaults. I actually had to reset both members, as I had some issues when entering the Bridge/Vlan menu, and it crashed both CLI and GUI. I had the same issue with some 3Com 4400 stacks.<br />
<br />
D-Link DGS-3324SR cluster<br />
<br />
This platform supports clustering more than 2 switches, using HDMI-like stacking cables. You can use linear or loop topology. Stack bandwidth is 10Gbps.<br />
Multi-chassis aggregation is supported, I just had some issues with the 'traffic segmentation' feature. The GUI only reported "error", the CLI was more helpful. Traffic distribution can be configured system-wide for a combination of MAC/IP, source/destination/source+destination. No such thing as the 'ILF' on the 3Com, traffic will leave the ports based on the hash.<br />
<br />
Plugging in the wires<br />
<br />
Both switches support LACP and static, I went with static. <a href="http://packetparking.blogspot.com/2012/11/3com-4050-and-d-link-dgs-3324sr.html">I had some RSTP issues earlier</a> between them, so vlan1 untagged on both sides is a must, even if you use something else as the management vlan. I even managed to achieve extra redundancy by not using the same 8 core fiber for both connections, but routed one of them through another building.<br />
<br />
Monitoring<br />
<br />
The 3Com provides an SNMP object for the XRN fabric interfaces, so you can monitor the bandwidth of the stack link (no such thing on the DGS), but it won't provide an SNMP object for the aggregated AL1-13 interfaces. MRTG can be configured to do basic arithmetic, so you can measure the bandwidth of multiple aggregated links together.Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-86432976424050644922013-02-10T16:33:00.001+01:002013-02-10T16:33:29.501+01:00HP MASE (and ASE) Networking practice examsWhile still working on my ASE and MASE certifications, HP sent some good news into my inbox a few weeks ago: online practice exams!<div>
<br /></div>
<div>
Not free, but not too expensive: $50 for "developed markets" and $20 for "emerging markets", based on your login IP; you can take them 5 times within 1 year.</div>
<div>
<br /></div>
<div>
At the moment they only have 2 exams for the MASE level, but I'd guess if you ace your MASE practice, chances are you'll manage your real ASE exam just fine.</div>
<div>
<br /></div>
<div>
The official HP page is: <a href="http://h10120.www1.hp.com/certification/practice_exams.html">http://h10120.www1.hp.com/certification/practice_exams.html</a></div>
<div>
<br /></div>
Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-35063620619432056202013-02-10T16:01:00.000+01:002013-02-10T16:11:31.448+01:00HTML5 video live streaming with ffmpeg and mediaelement.js, Round 1In the era of HD home-videos on YouTube, our current delivery method for online classes in low quality Flash videos is getting kinda unacceptable, especially for maths-type subjects, where it would be nice to actually all those numbers and figures on the whiteboard.<br />
So, enter HTML5 video, H.264, mpeg4 and possibly a new encoding server... Our main problem is that we want to print some custom stuff on the videos, so we need to encode them in realtime.<br />
<br />
The player of choice is mediaelement.js, because it comes with the promise on the tin that it just works. Just how we like it.<br />
So, after checking out the samples, the player code looks like this:<br />
<br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><br /></span>
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"><video controls="controls" height="360" id="player2" width="480"></span><br />
<span style="font-family: Courier New, Courier, monospace; font-size: x-small;"> <source src="relay_video.php?quality=0&id=1469&format=mp4" title="mp4" type="video/mp4"></source><br />
<source src="relay_video.php?quality=0&id=1469&format=ogg" title="ogg" type="video/ogg"></source><br />
<source src="relay_video.php?quality=0&id=1469&format=wmv" title="wmv" type="video/wmv"></source><br />
<object data="flashmediaelement.swf" height="360" type="application/x-shockwave-flash" width="480"><br />
<param name="movie" value="flashmediaelement.swf" /><br />
<param name="flashvars" value="controls=true&file=relay_video.php?quality=0&id=1469&format=flv" /><br />
<!-- Image as a last resort --><br />
<img src="noflash.jpg" width="480" height="360" title="No video playback capabilities" /><br />
</object><br />
</video></span><br />
<br />
So far so good, let's give it some video files. Transcoding happens on-the-fly either with mencoder or ffmpeg. As we prefer ffmpeg, let's try to do everything with that.<br />
Large parts are from John's ffmpeg post here:<br />
<a href="http://johndyer.name/ffmpeg-settings-for-html5-codecs-h264mp4-theoraogg-vp8webm/">http://johndyer.name/ffmpeg-settings-for-html5-codecs-h264mp4-theoraogg-vp8webm/</a><br />
<br />
Problem 1: we don't have libvpx support compiled in; for the time we'll try to live without it.<br />
Problem 2: old IE versions. They should at least have native support for WMV, either with Silverstripe or otherwise. FFmpeg supports WMV, so this might actually work.<br />
Problem 3: This is a hard one: ffmpeg can't mux into mp4 on a non-seekable output (ie. socket). Wikipedia tells me that WebM is actually based on Matroska. FFmpeg loves Matroska, we can do this.<br />
<br />
So, our current format - container - vcodec - acodec groups are as follows:<br />
<span style="font-family: Courier New, Courier, monospace;">mp4 - matroska - libx264 - libfaac</span><br />
<span style="font-family: Courier New, Courier, monospace;">ogg - ogg - libtheora - libvorbis</span><br />
<span style="font-family: Courier New, Courier, monospace;">wmv - asf - wmv2 - wmav2</span><br />
<span style="font-family: Courier New, Courier, monospace;">flv - flv - flv - libmp3lame</span><br />
<br />
And: it works so far! The Mozilla guys are open source believers, so Firefox automatically selects ogg. Chromium uses mp4, or in absence of that, falls back to ogg. A few things to try: iPhones might possibly not like the Matroska container, but supposedly they can do mpegts. Problem with that is that Chromium does not work with that, but doesn't fall back to ogg either.<br />
So for that, I'll try:<br />
<span style="font-family: Courier New, Courier, monospace;">mp4 - mpegts - libx264 - libfaac</span><br />
<span style="font-family: Courier New, Courier, monospace;">webm - matroska - libx264 - libfaac</span><br />
<br />
Other problems might arise while finding ancient IE version to test with, and maybe on OS X. If I find more out, there'll be a round 2 of this post.Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com1tag:blogger.com,1999:blog-5748402239150854722.post-9402488364152151532013-01-26T14:51:00.000+01:002013-01-26T14:51:18.838+01:00Linux filesystem overhead comparison<div style="text-align: justify;">
I needed some temporary data storage for a few days for a migration project, so I wanted to know which filesystem to use, that would give me the most available space.</div>
<div style="text-align: justify;">
I'm not considering security, journals or anything here, I just need the maximum amount of space possible. Tests were done on a 2TB SAS disk in a Dell MD1000 array, configured as a one disk RAID0 on a PERC5e controller. The tested ones are the most basic Linux compatible filesystems, by no means is this test academic or universal. The results did surprise me a bit:</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-wp1NiatPpuI/UQPdpUQTMnI/AAAAAAAAACU/yUbrJlbx7ko/s1600/fs-overhead-table.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="151" src="http://1.bp.blogspot.com/-wp1NiatPpuI/UQPdpUQTMnI/AAAAAAAAACU/yUbrJlbx7ko/s320/fs-overhead-table.png" width="320" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I expected FAT to be among the top ones, as it's not a very sophisticated fs, and didn't expect much from ext2/3. I'm also a bit biased towards XFS, so I kind of expected better results.</div>
<div style="text-align: justify;">
Tests were done with default <span style="font-family: Courier New, Courier, monospace;">mkfs.*</span> settings, only exception is root reserved blocks on ext2/3, which were set to 0. The above output is from <span style="font-family: Courier New, Courier, monospace;">df -m</span>. I didn't always pay attention in Operating systems class, so the results of minix surprised me a bit.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-HifCs1xN3M8/UQPeqbhzpQI/AAAAAAAAACg/TsEblkbarzM/s1600/fs-overhead-chart.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="221" src="http://1.bp.blogspot.com/-HifCs1xN3M8/UQPeqbhzpQI/AAAAAAAAACg/TsEblkbarzM/s320/fs-overhead-chart.png" width="320" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I have a sort of love-hate relationship with reiserfs, but for today, it earned itself a job.</div>
Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-10360836348019180782012-12-14T10:40:00.000+01:002012-12-14T10:40:06.224+01:00Ubiquiti Unifi POEThe Ubiquiti Unifi is a fairly cheap and straightforward managed WiFi solution if you are happy with a L2 bridging architecture with not too much additional stuff.<br />
My biggest issue with the hardware is the non-standard POE implementation, which uses 24V "Ubiquiti POE".<br />
<br />
Based on the <a href="http://www.ubnt.com/downloads/datasheets/unifi/UniFi_AP_Datasheet.pdf">datasheet</a> and experience (<a href="http://www.ubnt.com/8023af">http://www.ubnt.com/downloads/datasheets/unifi/UniFi_AP_Datasheet.pdf</a>), our base UAP devices can't directly use 802.3af POE, only the Pro UAP-Pro models can do that. Luckily, an <a href="http://www.ubnt.com/8023af">official POE-adapter</a> is sold by Ubiquiti (<a href="http://www.ubnt.com/8023af">http://www.ubnt.com/8023af</a>), and it's pretty cheap.<br />
<br />
The 802.3af POE is 48V, but fear not: standard POE uses a detection mechanism before sending out the juice, so it won't fry your Unifi AP if you connect it directly to a POE switch, it just won't start up.<br />
<br />
If you want to go with long cable runs, as higher voltage is better suited for longer runs, I'd suggest to use standard 48V POE to drive the cable, and use the Unifi adapter near the AP to convert it to 24V.Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-35685660765086781872012-12-06T23:49:00.000+01:002013-05-18T17:37:10.476+02:00Fun factsheet for Cisco 3500XL and 2900XL switchesIt still seems like a popular topic, and these switches never really die, so here are some fun facts about them that I found to be useful (both from my experience and from the documentation):<br />
<div>
<ul>
<li>These are layer 2 switches;</li>
<li>So they don't have DHCP snooping capabilities;</li>
<li>Nor any ARP inspection (DAI).</li>
<li>They can't do IP routing, or NAT.</li>
<li>Traffic distribution over an etherchannel can be based on source or destination MAC addresses, but not both. Distribution can be configured per etherchannel, not just system-wide. You can't distribute based on layer3-4 (IP,TCP/UDP) info.</li>
<li>No layer3 ACLs for switching. (Just for the control plane).</li>
<li>They have 2 hardware priority queues.</li>
<li>They only support L2 COS, not DSCP or TOS.</li>
<li>For IP phones, you have to go with a switchport trunk, encapsulation dot1q, nonegotiate, native vlan <data>, allowed vlan <data>,<voip>, swichport voice vlan <voip> type of setup.</voip></voip></data></data></li>
<li>The 3500XL and 2900XL use the same software, you can run 2900XL images on a 3500XL box.</li>
<li>The only members of the 2900XL family with Gigabit ports are the modular, 2U high chassis.</li>
<li>They do not support MSTP and GVRP.</li>
<li>They do not support LLDP.</li>
<li>The 2900 series does not support POE; but some 3500 series models do: look for the -PWR in the model name.</li>
</ul>
So far that's it, I might extend the list if something comes to mind.</div>
Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-17289275630803996312012-11-30T15:54:00.000+01:002013-02-19T21:02:34.166+01:00Ethernet filtering fun in hexa with D-Link DES-3250Most network admins in education know that the source of the most evil is the dormitory. Mostly ignorance with just a touch of malice for the flavor. Rogue DHCP servers, IPv6 router advertisements, IP collisions and the occasional ARP spoofing.<br />
<br />
The D-Link DES-3250 series is our choice of switch for our dormitory, as it's cheap and fairly reliable. It can't perform proper DHCP snooping, dymanic-ARP-inspection or even the ARP protection the DES-3526 can, but it can do some filtering, based on IP, MAC or raw ethernet packets.<br />
<br />
Credits for the first two go to Gavin McCullagh, not me.<br />
<br />
You can filter DHCP replies easily:<br />
<br />
<br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">create access_profile ip udp src_port_mask 0xFFFF port 1-48 profile_id 1 </span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">config access_profile profile_id 1 add access_id 1 ip udp src_port 67 deny </span><br />
<div>
<br /></div>
<br />
Now this one is a thing of beauty: filtering IPv6 Router advertisements:<br />
<br />
<br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">create access_profile packet_content_mask offset_0-15 0x0 0x0 0x0 0xFFFF0000 offset_16-31 0x0 0xFF000000 0x0 0x0 offset_48-63 0x0 0xFF00 0x0 0x0 port 1-48 profile_id 2 </span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">config access_profile profile_id 2 add access_id 1 packet_content offset_0-15 0x0 0x0 0x0 0x86DD0000 offset_16-31 0x0 0x3A000000 0x0 0x0 offset_48-63 0x0 0x8600 0x0 0x0 deny </span><br />
<div>
<br /></div>
<br />
IPv6 uses ethertype 0x86dd, and the type for RA in ICMPv6 is 0x86<br />
<br />
Yesterday I had 4 TP-Link APs configured as 192.168.1.254. This wouldn't be a big issue normally, but these ones were dead-set on sending gratuitous ARPs against each other at speeds of 10Mpps...<br />
The DES-3250 has broadcast control, which was set at 8pps, but something went wrong, as the switches still forwarded around 4kpps of ARPs on all ports.<br />
So next up is IPv4 ARP filtering for anything with the source 192.168.0.0/16:<br />
<br />
<br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">create access_profile packet_content_mask offset_0-15 0x0 0x0 0x0 0xFFFF0000 offset_16-31 0x0 0x0 0x0 0xFFFF0000 port 1-48 profile_id 3 </span><br />
<span style="font-family: 'Courier New', Courier, monospace; font-size: x-small;">config access_profile profile_id 3 add access_id 1 packet_content offset_0-15 0x0 0x0 0x0 0x08060000 offset_16-31 0x0 0x0 0x0 0xC0A80000 deny </span><br />
<div>
<br /></div>
<div>
The ethertype for ARP is 0x8060, and 192.168 is 0xc0a8.</div>
<div>
<br /></div>
<div>
ARP spoofing of the gateway is not that popular on this subnet, but next time it happens, I'll do an entry with that.<br />
<br />
<span style="font-size: x-small;">Edit: 19/02/2013 - fixed ethertype value in ARP filter</span></div>
Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0tag:blogger.com,1999:blog-5748402239150854722.post-15729145334011950782012-11-25T20:07:00.000+01:002012-11-25T20:07:51.583+01:003Com 4050 and D-Link DGS-3324SR spanning tree native vlanMy new place uses a 3Com 4050 as a layer2 core/distribution switch. It's linked to DES-3526, DGS-3324SR and DGS-3100 switches. Protocol of choice is RSTP. Without native/untagged vlan on the links, the following happens:<br />
<br />
<ul>
<li>3Com 4050 - DES-3526 - RSTP works okay</li>
<li>3Com 4050 - DGS-3100 - RSTP breaks, needs vlan1 untagged</li>
<li>3Com 4050 - DGS-3224SR - RSTP breaks, needs vlan1 untagged</li>
<li>3Com 4050 - DES-3052P - RSTP breaks, needs vlan1 untagged</li>
<li>DGS-3224SR - DES3250 - RSTP works okay</li>
<li>DES-3526 - DES-3052P - RSTP breaks, needs vlan1 untagged</li>
<li>DGS-3324SR - 3Com 4400 - RSTP works okay</li>
</ul>
Bottom line: you've gotta love standard implementations of STP...Timotihttp://www.blogger.com/profile/05410752704128337658noreply@blogger.com0