Retrocomputing

And so, dusting off my knowledge of Novell Netware from years ago, I started to install NetWare 4.11 in VirtualBox.
Apparently this doesn’t work, but with some hackery thus, it’s fine:
1. Copy all the files off the installation CD in to a directory
2. Download updated NetWare ATA drivers with UDMA support
3. Assuming you unpacked the ZIP file above to /tmp/a, and the contents of the installation CD are in the current directory, do:
cp /tmp/a/NW3X-4X/NBI.NLM ./products/nw411/_/411/syspre/nbi.nlm
cp /tmp/a/NW3X-4X/NBI.NLM ./products/nw411/_/411/boot/nbi.nlm
cp /tmp/a/NW3X-4X/NWPALOAD.NLM ./products/nw411/ibm/411/diskdrv/nwpaload.nlm
cp /tmp/a/NW3X-4X/NWPA.NLM ./products/nw411/ibm/411/diskdrv/nwpa.nlm
cp /tmp/a/IDEATA.HAM ./products/nw411/ibm/411/diskdrv/ideata.ham
cp /tmp/a/IDEATA.DDI ./products/nw411/ibm/411/diskdrv/ideata.ddi
cp /tmp/a/IDECD.CDM ./products/nw411/ibm/411/diskdrv/idecd.cdm
cp /tmp/a/IDECD.DDI ./products/nw411/ibm/411/diskdrv/idecd.ddi
cp /tmp/a/IDEHD.CDM ./products/nw411/ibm/411/diskdrv/idehd.cdm
cp /tmp/a/IDEHD.DDI ./products/nw411/ibm/411/diskdrv/idehd.ddi
This will update the drivers on the installation CD with those supporting UDMA.
4. Create an ISO image of these files using “mkisofs -D -l . > ../netware411-patched.iso”
5. Install the server. INSTALL.NLM will throw up some errors, and you will need to enter slot 10002 for the IDEATA Disk Driver, but other than that, it’s fine.
Now if you’ll excuse me, I’m off to install Word 6 🙂

A mixed bag of 3ware

Right after I upgraded the firmware on a 3ware 9650SE RAID controller in my desktop, the card failed. ‘lspci’ would recognise it, but nothing else.
I RMA’d it with 3ware, and within a week and a half – bearing in mind there was New Year in the middle – I had a new card couriered to me. Superb service.
My desktop machine has been reformatted and reinstalled, and it’s running much faster than before. The only downside is 3ware seem to insist I download 57Mb of JVM and InstallShield to install 3dm2 and tw_cli… why? Why can’t I just have the files and install them myself? Why do I have to run a JVM as root? That scares me a little.

3ware and NTP

For some years, I’ve been paranoid enough to run RAID-1 on my desktop machine to protect against a single hard drive failure. Backups are to another drive on a separate controller.
A couple of weeks ago, I flashed the firmware on my 3ware 9650SE, rebooted, and the BIOS wouldn’t see the controller at all. ‘lspci’ under Linux showed the card, but nothing else – the 3w-9xxx driver in the kernel didn’t recognise it, nor did 3dm2 nor tw_cli. Strange – although it’s within the year’s warranty, so I’m RMAing it on Monday.
On a separate, slightly strange matter, I’ve had an Asus P5WDG2 WS Professional motherboard with some DDR2-667 RAM for a couple of years now. Sometimes the machine boots and it recognises the RAM as DDR2-667, and sometimes as DDR2-533. Why, I don’t know. Anyway, fiddling around in the BIOS to determine whether I had a dead PCI Express slot, I managed to turn on some automatic overclocking functions – things that I don’t usually touch.
The results were strange – over the course of 24 hours, my machine gained a whole hour. Naturally, this was going to be down to something I’d fiddled with, so I turned overclocking off and in the past couple of hours, the clock keeps the correct time.
Here’s a lesson for you – change one thing at a time and check it works 🙂

Getting home in 2009

I can sit in a club and decide I want to go home. I can pull out my mobile phone from my pocket, visit a certain website and book a taxi home. I receive a text message when my taxi is near, then stand outside and hop in. This clever use of basic-for-2009 technologies impresses me somewhat. This is what technology should be about!
It may cost a bit more than trying to hail a black cab, but I really appreciate the freedom of paying a couple of quid more for a near-enough chauffeur service. And of course, it avoids having to take a night bus.

Catalyst 6500 Supervisor 32 modular software

I’m on my way back from a few days in Milan, setting up a network for one of our customers. Standard equipment – a pair of Cat6504Es, some ASAs, a couple of ACE4710 load balancers.
As usual with anything I haven’t used before, problems occur. The biggest and most infuriating wasn’t the failed Sup32 (which was eventually replaced by Cisco after quite some work on our supplier’s behalf), but the fact I couldn’t get the Sup32 to boot from the image I’d downloaded.
Here’s what happened – each time I booted, the boot image loaded and spewed the following:
MAC based EOBC installed
Waiting (slot 1) for supervisor to come online in other slot. iteration
= 0

Next Retry will be done after 6 seconds
This repeated for what seemed like an eternity, then the Supervisor crashed and rebooted.
What fixed it? It turns out I had a modular image copied in to flash, not installed. That's not amazingly obvious, especially as the modular image has -mz in its name, and the image I wanted has -jz.
See this article on Cisco IOS Software Modularity on cisco.com for more information.

Antivirus and Encryption

Like many highly computer literate sons, my parents occasionally call on me to fix their computer.  This can be anything from “I turned it off and it won’t boot up again” meaning “The hard disk has failed”, to “I can’t get my email, it comes up with a certificate error”, meaning I’ve forgotten to renew the SSL certificate on my mail server.
This week, my father send me a text message to say neither he nor my mother could receive email – but they could send it fine.  I didn’t see any attempts from them to connect in my mail server’s log files, and they said they didn’t see any error messages.
This morning, I found some time to ask my mother to set up a reverse VNC connection to my desktop at home (I can’t remember what people did before VNC – maybe we installed pcAnywhere, or maybe we hopped on a car or train).
Here’s the key piece of information that was missing that I found out this morning – “We installed Kaspersky and email stopped”. D’oh! That piece of information is really important – I did something, and something else happened.
Further investigation showed that my parents installed Kaspersky as Barclays on-line banking suggested it, but then they uninstalled that, and installed AVG, but still couldn’t get email.
What caused the problem? It’s quite straightforward. POP3 doesn’t attempt any form of encryption at all, so I force people to use TLS when picking up mail from my server. It stops the very small risk of somebody finding out an email password by capturing packets, but it also encrypts all the messages being downloaded. I use SSL certificates from CACert which they provide free, and the whole system works better than self-signed certificates, but not quite as well as a full-bodied certificate from a widely-recognised CA.
AVG and Kaspersky intercept outgoing POP3 traffic, if asked, and scan it. They do this by proxying connections through their software, which can’t understand the TLS connections and so waits patiently rather than throwing up an error. The result is the mail client does nothing – no errors and no timeouts. A software stalemate.
This started me thinking – how long before encryption becomes a widespread way for malware starts to use SSL connections to bypass network-based antivirus services? You can’t disable encryption as it’s a form of security, but it’s also a form of stealth. One encrypted TCP connection looks just like the other, and there’s simply no efficient way to scan apart from right at the very edge.