I’m on my way back from a few days in Milan, setting up a network for one of our customers. Standard equipment – a pair of Cat6504Es, some ASAs, a couple of ACE4710 load balancers.
As usual with anything I haven’t used before, problems occur. The biggest and most infuriating wasn’t the failed Sup32 (which was eventually replaced by Cisco after quite some work on our supplier’s behalf), but the fact I couldn’t get the Sup32 to boot from the image I’d downloaded.
Here’s what happened – each time I booted, the boot image loaded and spewed the following:
MAC based EOBC installed
Waiting (slot 1) for supervisor to come online in other slot. iteration
Next Retry will be done after 6 seconds
This repeated for what seemed like an eternity, then the Supervisor crashed and rebooted.
What fixed it? It turns out I had a modular image copied in to flash, not installed. That's not amazingly obvious, especially as the modular image has -mz in its name, and the image I wanted has -jz.
See this article on Cisco IOS Software Modularity on cisco.com for more information.
I found how to run Oracle 10g Express Edition on a 64-bit platform. It’s, er, remarkably straightforward. I expected to jump through more hoops…
This may kick me in to touch and force me to test NetHorus on a database backend other than MySQL…!
It seems a 64-bit desktop isn’t all it’s cracked up to be. Adobe Flash Player has difficulty, but I stumbled across a pre-release of Adobe Flash Player 10 for 64-bit Linux.
Download the file, unpack it and copy it to
/usr/share/ubufox/plugins/. Restart Firefox, and away you go.
As documented elsewhere, I needed a bit of shell hackery to get my Broadcom BCM4312 working under Ubuntu 9.10 Netbook Remix.
Not to worry – it’s not awfully scary. Now I can leave the flat, with three of my four machines upgraded to Ubuntu 9.10 within 24 hours of getting my hands on the ISO images.
Like many highly computer literate sons, my parents occasionally call on me to fix their computer. This can be anything from “I turned it off and it won’t boot up again” meaning “The hard disk has failed”, to “I can’t get my email, it comes up with a certificate error”, meaning I’ve forgotten to renew the SSL certificate on my mail server.
This week, my father send me a text message to say neither he nor my mother could receive email – but they could send it fine. I didn’t see any attempts from them to connect in my mail server’s log files, and they said they didn’t see any error messages.
This morning, I found some time to ask my mother to set up a reverse VNC connection to my desktop at home (I can’t remember what people did before VNC – maybe we installed pcAnywhere, or maybe we hopped on a car or train).
Here’s the key piece of information that was missing that I found out this morning – “We installed Kaspersky and email stopped”. D’oh! That piece of information is really important – I did something, and something else happened.
Further investigation showed that my parents installed Kaspersky as Barclays on-line banking suggested it, but then they uninstalled that, and installed AVG, but still couldn’t get email.
What caused the problem? It’s quite straightforward. POP3 doesn’t attempt any form of encryption at all, so I force people to use TLS when picking up mail from my server. It stops the very small risk of somebody finding out an email password by capturing packets, but it also encrypts all the messages being downloaded. I use SSL certificates from CACert which they provide free, and the whole system works better than self-signed certificates, but not quite as well as a full-bodied certificate from a widely-recognised CA.
AVG and Kaspersky intercept outgoing POP3 traffic, if asked, and scan it. They do this by proxying connections through their software, which can’t understand the TLS connections and so waits patiently rather than throwing up an error. The result is the mail client does nothing – no errors and no timeouts. A software stalemate.
This started me thinking – how long before encryption becomes a widespread way for malware starts to use SSL connections to bypass network-based antivirus services? You can’t disable encryption as it’s a form of security, but it’s also a form of stealth. One encrypted TCP connection looks just like the other, and there’s simply no efficient way to scan apart from right at the very edge.
I had a pair of 500Gb Seagate drives. They served me well for a couple of years, but they’ve been getting steadily closer to the dreaded 100% full mark over the last six months.
To celebrate the release of Ubuntu 9.10, I treated myself to a pair of shiny new Seagate ST31500341AS drives. Popped them in to my machine, fired up the 64-bit Ubuntu installer and… wow – my machine is much much faster.
Now I need to get to grips with all the little gotchas of running a 64-bit desktop, such as Google Gears and Flash requiring some fun and games to work properly.
I was lucky enough to be invited to the Royal Vauxhall Tavern tonight to see Scott Capurro with Vix and Alan.
Scott is hilarious – I think I’ve laughed myself hoarse.
I didn’t think I’d end up spending my Thursday evening in a sing-along with Heather Small, or listening to how Alan Davies bit a vagrant’s ear whilst insanely drunk after a wake.
Also, minor news – I have Ubuntu 9.10, but I’m going to reinstall my desktop machine on to a pair of 1Tb drives – I need the extra space.
I took the plunge and upgraded from Ubuntu 9.04 to Ubuntu 9.10 on my work laptop. The process was incredibly smooth, and there’s not much to it apart from that. I’m crossing my fingers and hoping the dbus problems with 3G dongle PPP connections have gone away.
I am waiting for some free time at the weekend and a pair of 1Tb hard drives before I take the plunge and install the 64-bit version on my desktop at home.
I am never one to fear something new – except perhaps a new release of a JVM.
Some weeks ago, I decided it would be a good idea to upgrade one of my home routers to IOS 15.0(1)M – seeing as I paid enough for a maintenance contract, I’m entitled. Ever since that day, I’ve been unable to ssh to the router with an access-class applied to the VTY lines. Every time, it refuses my connection, but allows it without an access-class.
This morning, I stumbled upon the answer – put ‘vrf-also’ at the end of the access-class line:
access-class 99 in vrf-also. This only matters if you’re running VRF Lite, as I am, because I have a separate firewall and ‘clean’ and ‘dirty’ VRFs.
Never fear something that’s new – expect breakage, and expect to learn.
TfL’s Countdown system for London Buses was a leap forward several years ago. I can now walk up to a bus stop and tell – with reasonable accuracy – how long before my bus arrives.
There is one problem with this – I have to be at the bus stop!
When National Rail introduced Live Departure Boards several years ago, it was a giant leap forward for rail travellers. TfL brought in Live Departure Boards for the Underground some years later, although this is less useful.
Wouldn’t it be absolutely fantastic to have a map of a bus route with the positions of the buses on it? Colour the map in with a deeper shade where the route is more congested, and let people have a visual representation of how long it’s likely to take for their bus to arrive. Before you leave home, have a look to see where the delays are on your route in to work, and re-plan your journey if it’s going to take too long.