dhcp – Jupiter Broadcasting

Just Enough VPN | LINUX Unplugged 322

Wes Payne — Tue, 08 Oct 2019 19:32:22 +0000

Show Notes: linuxunplugged.com/322

The post Just Enough VPN | LINUX Unplugged 322 first appeared on Jupiter Broadcasting.

Keeping Systems Simple | TechSNAP 403

Wes Payne — Fri, 10 May 2019 21:00:15 +0000

Show Notes: techsnap.systems/403

The post Keeping Systems Simple | TechSNAP 403 first appeared on Jupiter Broadcasting.

Clean up After Yourself | LINUX Unplugged 287

Angela Fisher — Tue, 05 Feb 2019 20:19:20 +0000

Show Notes/Links: linuxunplugged.com/287

The post Clean up After Yourself | LINUX Unplugged 287 first appeared on Jupiter Broadcasting.

Level Up Your LAN | LAS 377

chris — Sun, 09 Aug 2015 10:01:02 +0000

To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

We take a deep dive into the basics of getting a home network up and running. It you’ve lived with whatever the ISP has given you have no fear, not only are we going to show you how to do it, it’s going to be all done from Linux!

Plus Firefox has a major flaw that impacts Linux users, an update on the Jolla tablet, we discuss our big format experiment & more!

Thanks to:

Get Paid to Write for DigitalOcean

Direct Download:

RSS Feeds:

Become a supporter on Patreon:

— Show Notes: —

Brought to you by: System76

Overview

Default configurations are less secure and limited
Ability to setup VPN
Ability to setup DNS
Most consumer equipment is a modem/router/switch/access point all in one (Spork Syndrome)

Default Settings on Mikrotik

IP 192.168.88.1
username: admin
no password

Default Settings on (most) Linksys

IP 192.168.0.1
username: admin
password: admin

DHCP – Dynamic Host Configuration Protocol

Useful to push information to the clients about the network.
Can be setup on most routers
Comes setup by default
Linksys limits you to /24 meaning a maximum of 254 clients.

DNS – Domain Name Service

Phonebook of the internet
Useful to point non-registered hostnames to IP addresses
Can be used (somewhat) to block access to websites.

Firewall

Used to block traffic
Can be used on enterprise routers to separate switchports

Static IP (If your ISP allows it)

What is and Setting static IP
What is and Setting net mask
What is and Setting Default Gateway

Setting up an Access Point

Enable wireless on Mikrotik or Linksys
Purchase separate access point and use WebUI
Proper Channeling
Proper Power
POE

Easy Linux Networking

IPFire

From a technical point of view, IPFire is a minimalistic, hardened firewall system which comes with an integrated package manager called Pakfire. The primary task of Pakfire is to update the system with only a single click.

It is very easy to install security patches, bugfixes and feature enhancements, which make IPFire safer and faster – or simply, better.

Another task of Pakfire is to install additional software that adds new functionality to the IPFire system.
Some useful of them are:

File sharing services such as Samba and vsftpd
Communications server using Asterisk
Various command-line tools as tcpdump, nmap, traceroute & many more.

Smoothwall.org

The goals of the project can be summed up as:

Be simple enough to be installed by home users with no knowledge of Linux
Support a wide variety of network cards, modems and other hardware
Work with many different connection methods and ISPs from across the world
Manage and configure the software using a web browser
Run efficiently on older, cheaper hardware
Develop a supportive user community
Use sponsorship from Smoothwall Limited to further these goals

The Smoothwall Open Source Project is funded and supported by Smoothwall Limited.

Smoothwall Express Download

— PICKS —

Runs Linux

School Bell in the UK – Runs Linux!

Fantastic show, keep up the good work.
I wanted to share my own small runs Linux with you. I’m an IT Tech working in a secondary school in the UK. I got fed-up of our old outdated lesson change bell system from the 70’s so i made a pi powered one. It uses cron to run a python script that turns the relay on for a set amount of time. The cron file is edited via the UI that runs on php, MySQL on top of Apache. Photos of the UI and the project build attached.
its been in production since feb and still going strong.

Hope you like it

Thanks

Sent in by Robin T.

Desktop App Pick

Zoiper

Our VoIP softphone will look everywhere for your contacts and will display them in a combined list for easy access. Outlook, windows/mac, LDAP, XMPP, XCAP, android, iOs. You name it, we got it and we will lookup incoming calls as well so you know who calls before you answer.

Weekly Spotlight

SeaFile

Organize files into libraries. A library can be selectively synced into any device. Reliable and efficient file syncing improves your productivity.

A library can be encrypted by a password chosen by you. Files are encrypted before syncing to the server. Even the system admin can’t view the files.

Sharing into groups and collaboration around files. Permission control, versioning and activity notification make collaboration easy and reliable.

The core of Seafile server is written in C programming language. It is small and has a fantastic performance.

Upgrade can be done via running a simple script within a few seconds. Seafile records very few items in database. No huge database upgrade is needed.

AD/LDAP integration, group syncing, fine-grained permission control make the tool easily applied to your enterprise environment.

Celebrate BSD Now’s 2 year Anniversary!

BONUS SPOTLIGHT

Privacy Badger, an Addon That Algorithmically Blocks Online Trackers

Online tracking has become a pervasive invisible reality of the modern web. Most sites you load are likely to be full of ads, tracking pixels, social media share buttons, and other invisible trackers all harvesting data about your web browsing. These trackers use cookies and other methods to read unique IDs associated with your browser, the result being that they record all the sites you visit as you browse around the internet. This sort of tracking is invisible to most web users, meaning they never get the option to agree to or opt-out of it. Today the EFF has launched the 1.0 version of Privacy Badger, an extension designed to prevent these trackers from accessing unique info about you and your browsing.

— NEWS —

Firefox exploit found in the wild | Mozilla Security Blog

Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1.

LibreOffice 5.0 Released!

It is also the first version to come in 64 bits for Windows. As such LibreOffice 5 serves as the foundation of our current developments and is a great platform to extend, innovate and collaborate with!

LibreOffice 5.0 ships an impressive number of new features for its spreadsheet module, Calc: complex formulae image cropping, new functions, more powerful conditional formatting, table addressing and much more. Calc’s blend of performance and features makes it an enterprise-ready, heavy duty spreadsheet application capable of handling all kinds of workload for an impressive range of use cases.

New icons, major improvements to menus and sidebar : no other LibreOffice version has looked that good and helped you be creative and get things done the right way. In addition, style management is now more intuitive thanks to the visualization of styles right in the interface.

LibreOffice 5 ships with numerous improvements to document import and export filters for MS Office, PDF, RTF, and more. You can now timestamp PDF documents generated with LibreOffice and enjoy enhanced document conversion fidelity all around.

LibreOffice 5 combines innovative features and long term efforts towards enhanced stability. As a result, expect both improvements in performance and in stability over the lifetime of the 5.0.x series.

LibreOffice under the hood: progress to 5.0

Gtk3 backend: Wayland

An very rough, initial gtk3 port was hacked together long ago by yours truly to prototype LibreOffice online via gdk-broadway.
However thanks to Caolán McNamara (RedHat) who has done the 80% of the hard work to finish this, giving us a polished and complete VCL backend for gtk3.
His blog entry focuses on the importance of this for running LibreOffice natively under wayland – the previous gtk2 backend was heavily tied to raw X11 rendering, while the new gtk3 backend uses CPU rendering via the VCL headless backend, of which more below.

OpenGL rendering improvements

The OpenGL rendering backend also significantly matured in this version, allowing us to talk directly to the hardware to accelerate
much of our rendering, with large numbers of bug fixes and improvements.
Many thanks to Louis-Francis Ratté-Boulianne (Collabora), Markus Mohrhard, Luboš Luňák (Collabora), Tomaž Vajngerl (Collabora), Jan Holesovsky (Collabora), Tor Lillqvist (Collabora), Chris Sherlock & others.
It is hoped that with the ongoing bug-fixing here, that this can be enabled by default as a late feature, after suitable review, for LibreOffice 5.0.1 or at the outside 5.0.2.

LibreOffice 5.0 Is a Milestone Release for Ubuntu Touch

LibreOffice will land on Ubuntu Touch

The developers from The Document Foundation haven’t gone into much detail about their plans, but they have said that the office suite is coming to Android. Coupled with the things we already know about Ubuntu Touch, we can safely say that LibreOffice 5.0 will bring some very interesting changes to the mobile platform from Canonical.

“A new version for new endeavours: LibreOffice 5.0 is the cornerstone of the mobile clients on Android and Ubuntu Touch, as well as the upcoming cloud version. As such, LibreOffice 5.0 serves as the foundation of current developments and is a great platform to extend, innovate and collaborate!” reads the announcement from The Document Foundation.

Jolla Tablet – First Batch out of Factory

Last week was very busy for Jolla, but few issues delaying the process by couple of days were catch up during the weekend by hard working Sailors. The first batch of Jolla Tablets is now complete and is told to look great! This batch is pre-production batch delivered to selected developers and internal test personnel

July 27th all the components were ready to be mounted on the circuit boards in China. All that was missing was the circuit boards themselves, as the flight delivering them was delayed by couple of hours. This delay was short, and assembling the boards was started as planned without major issues.

Earlier delays with material preparation and board delivery forced Jolla to agree on a new schedule with the assembly factory. July 30th, circuit boards were tested and the batch was sent to factory to be assembled on the next day. Surprise came with a glue machine, display assembly wasn’t possible

Jolla Tablet

White House Petition to use FOSS whenever possible

We believe that the federal government, for the security of the information it manages and the efficient allocation of the public’s funds, should divest itself of costly proprietary software contracts wherever possible.

Healthcare.gov’s initial failings had much to do with the old, proprietary infrastructure that government contracting details required the application be built on. The US Navy recently spent considerable amounts of taxpayer money to extend support for Windows XP and Office 2003, both inherently obsolete and insecure.

Use of proprietary software costs our taxpayers needless money. It’s become clear that governments such as those of the UK and much of the European Union can adopt open source software and be better off for it. We should join them.

Feedback:

https://slexy.org/view/s21WAMBD7L
https://slexy.org/view/s2FgS2pShD
https://slexy.org/view/s25ZrXOyoO
Some crazy LAS idea
Support Jupiter Broadcasting on Patreon

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

— CHRIS’ STASH —

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Google+

Find us on Twitter

Follow us on Facebook

Catch the show LIVE Sunday 10am Pacific / 1pm Eastern / 6pm UTC:

The post Level Up Your LAN | LAS 377 first appeared on Jupiter Broadcasting.

Server Room Fire | TechSNAP 44

chris — Thu, 09 Feb 2012 19:08:08 +0000

It’s a worst case scenario, when a server room catches fire in this week’s war story!

Plus: We’ll share a story that might make you re-think taking advantage of your hard drive warranty, the secrets to reliable SQL replication.

All that and more, in this episode of TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Super special savings for TechSNAP viewers only. Get a .co domain for only $7.99 (regular $29.99, previously $17.99). Use the GoDaddy Promo Code cofeb8 before February 29, 2012 to secure your own .co domain name for the same price as a .com.

Pick your code and save:
cofeb8: .co domain for $7.99
techsnap7: $7.99 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans
Deluxe Hosting for the Price of Economy (12+ mo plans)
Code: hostfeb8
Dates: Feb 1-29

Direct Download Links:

Subscribe via RSS and iTunes:

Fill out my Wufoo form!

Show Notes:

Crypto crack makes satellite phones vulnerable to eavesdropping

Researchers at the Ruhr University Bochum in Germany have reverse engineered the GMR–1 and GMR–2 encryption systems used by satellite phones and found serious weaknesses
Both algorithms rely on security by obscurity, but by downloading and disassembling the firmware, researchers were able to isolate the cryptographic algorithms
“Unlike standard algorithms such as AES and Blowfish—which have been subjected to decades of scrutiny from some of the world’s foremost cryptographers—these secret encryption schemes often rely more on obscurity than mathematical soundness and peer review to rebuff attacks”
The GMR–1 encryption system uses an algorithm that closely resembles the proprietary A5/2 encryption system that former protected GSM phone networks, before it was phased out in 2006 due to weaknesses that allowed attackers to decrypt calls in real time
The attack against GMR–1 allows anyone with a modest PC and some open source software to decrypt a call in less than an hour. With a cluster of more powerful machines, it is possible to decrypt a call in real time
GMR–2 phones are also vulnerable to cracking when there is known plaintext. This is a particularly glaring issue because the datagrams contains predictable headers and other content that can be known by the attacker, making such attacks possible
Researchers have not yet reverse engineered the audio codec that is used for voice calls, so a call can be decrypted, but not played back (yet). However other data types that do not use the audio codec (fax, SMS, data), have successfully been intercepted
Researchers are only able to intercept communications between the satellite and the user, not communications in the other direction, so only one side of the call can be eavesdropped. This is likely a limitation of the way satellite signals work, to intercept the signal from the phone to the satellite, you would need line of sight, usually requiring an EL-INT aircraft or satellite.

Customer buys refurbished drive from newegg, finds existing partitions and data

This story raises a number of questions about used and refurbished drives
Everyone knows that they should securely erase their drive before they resell it, we covered some of the techniques on TechSNAP 31 – How Malware Makes Money
However, how do you securely erase a drive when it has failed in some way?
You send the drive back to the store or the manufacturer in order to receive a replacement drive, however, you must trust to them to securely erase your data, since the drive was not usable when it left you
In this case it would seem that the drives we repaired, turned around and sold to another customer, without the data being properly erased
It would seem the only option that customers have is to not return the failed drive, which means not taking advantage of their warranty and having to pay full price for the replacement drive

Feedback:

Nehemiah sends in a story related to last weeks war story about DHCP

Q: chocamo from the chatroom asks about MySQL Replication

A: MySQL has a few different replication modes built in, the main one being asynchronous replication, where a slave server constantly reads from the binary log of all changes made to the database. So you start with your two servers in a converged state (meaning they have exactly the same data), then then each time an UPDATE or INSERT command is run on the master, the slave runs the same commands, in the same order, and should continue to have the same data.

However, the slave is read only. If you want to do load balancing of more than just reads, you need to do what is called ‘multi-master replication’, In this setup, you have 2 or more servers that are all masters, and each is also the slave of the server in front of it. Something like: A -> B -> C -> A. So when an INSERT is done on server B, server C then executes that same INSERT statement, and then A, and when the query gets back to B, B notices that the query originated at B, and so skips it, preventing a loop. If you attempt an approach such as this, you will also need to adjust the auto_increment settings in MySQL, you will want the auto_increment_increment to be at least as many servers as you have, and then each server should have a different auto_increment_offset. This is to prevent primary key collisions, so that if an INSERT is done on each of the three servers at the same time, each row ends up with a unique key, otherwise replications stops until you solve the primary key collision. In the ScaleEngine setup, we also have 2 real-only slaves, one from server A and one from server C, the first offers read-only access to customers, to be used by applications that support using a read-only slave, and the other is used for taking backups (we pause replication to get a perfectly consistent copy of the entire database, then resume replication to catch back up to real-time data)

MySQL 5.5 also introduces ‘semi-synchronous replication’. In this mode, the MySQL client does not return from the query until the data has been written to not only the master, but at least X of the N slaves. This allows you to ensure that the data has actually been replicated and is safe from the failure of the master server. Normal replication in MySQL is asynchronous, meaning that when you make a change, the client returns a successful result as soon as the data has been written to the server you are connected to, and then replications happens later, this is normally the desired behaviour because it provides the greatest speed, however if the server you wrote to fails before any other servers replicate the change, that change could be lost. Semi-Synchronous replication attempts to solve this issue by allowing you to wait until there is at least 1 or more additional replicas of the data before returning a successful write. Fully synchronous replication is normally undesirable due to the performance impact.

If a table is too large, you can use ‘partitioning’ to break it in to smaller tables. You can also use the MySQL ‘Federation’ feature, to make databases from more than one server appear to be local to a single server, allowing you to move different databases to different physical machines.

War Story:

This week’s features another war story from our good friend Irish_Darkshadow (the other other Alan)

Setting:
IBM has essentially two “faces”, one is the commercial side that deals with all of the clients and the other is a completely internal organisation called the IGA (IBM Global Account) that provides IT infrastructure and support to all parts of IBM engaged with commercial business.

The IBM email system uses Lotus Domino as the server component and Lotus Notes as the client side application. The Domino servers handle the email for the company but also serve as database hosts and applications hosts. At the point in time when this war story took place, each country had their own server farm for these email / database / application servers. Each individual EMEA (Europe / Middle East / Africa) country then routed email from their in-country servers to the two “hubs”, those being Portsmouth (North Harbour) in the UK and Ehningen in Germany.

The events described below took place in the summer of 2004.

War Story:

Well, there I was once more with the 24×7 on-call phone and bouncing through my weekend without a care in the world. Well, sort of I suppose, if you don’t count a German girlfriend with shopping addiction and two kids with the inability to be quiet and give daddy some quality time with his computers. It was a Sunday afternoon and we were at the cinema which I figured was a safer option than what I chose to do for my last was story (getting very drunk).

The on-call phone started to ring almost immediately after we got out of the movie and it was the duty manager telling me that she had been “summoned” to the office to some of the higher ups for the EMEA geography. My first instinct was “and this is my problem, why?” but I resisted the urge to expose my inner bastard and played nice instead. I suspected that she had simply guessed that being called in to the office without any details was likely not a good sign and it might be useful to have some insurance (or a scape goat) beside her for the upcoming call. Apparently as I was the Crit Sit Manager for that week, I was the aforementioned insurance.

Being the devious little git that I am, I decided to bring the kids with me to the office. That would then allow me to counter any requirements on my time there with a need to get the kids home to feed them / wash them / imprison them…whatever fitted best. Essentially they would be my passport to get out of the office and buy myself some time if I needed it.

The Duty Manager that day was one of those people who had graduated to the position despite having absolutely no technical skill or capability but had an uncanny knack of lunching with the right people and “networking” with the right higher ups. Upon arrival in the office I sat in her office with her to chat about any details she had left out during her call to me. I had the kids running up and down the aisles of the call centre with one of the agents I trusted keeping an eye on them.

Nothing new was divulged prior to the big conference call kicking off and even when they started to expain the purpose of the call, details were being kept very very vague. The driver on the call was a guy from Italian Service Management which completely threw me as I had never seen a high level call originate from that part of the organisation.

The key part of the call went something like this :

Italian Guy: We are, eh, here today to eh, discuss a situation in the Vimercate (vim err kaa tay) site. Eh, perhaps we should proceed on that basis.

Duty Manager: Hello there, xxx here. I’m the duty manager for the EMEA CSC this weekend. I’m not sure what the Vimercate site is. Could you please explain ?

Me : *presses mute on the phone
Vimercate is the server farm location for Italy, all of the email and Lotus Notes database / applications for the country are run from there. If that site is down then IBM Italy will be unable to do ANY business for the duration of the outage.
*unmutes the phone

Italian Guy: It is one of our locations here in Italy that is responsible for some servers.

Duty Manager: Ah ok, thanks for the explanation.

Italian Guy: Well about two hours ago eh….we a, received a call from the cleaning contractors that there was a, some cigarette coming out of the server room. We immediately alerted the rest of Service Management and started dealing with the crisis as a critical situation.

Me: ** rolls about laughing then thinks to telnet to some email servers in that site and nothing was connecting…….the urgency of the call started to dawn on me at this point.

Duty Manager: I’m sorry but I don’t understand what you mean when you say that there was a cigarette coming out of the server room. Did I mishear you?

Italian Guy: Sorry, not cigarette, I mean to say smoke. There was smoke coming out of the server room.

Duty Manager: Oh lord, has anyone been hurt? Is there any emergency service personnel at the site?

Italian Guy: Yes, the fire service were alerted almost immediately and nobody other than the cleaning staff was in the site when the alarm was raised. The fire has spread to other parts of the building and the firemen have been unable to get to the server room yet.

Me: Hi, I’m the crit sit manager here today. Could you please give me a current status on the server room itself? If those servers are not recoverable then we will need to activate the business continuity location and get the backup tapes couriered there. We could be up and running within 12 hours that way.

Italian Guy: Yes, yes, we know all of that. We are service management. We have already started to deal with those things. We invited you onto this call so that you are aware of the issue and can place voice messages on your incoming call lines and have your agents prepared to explain things to our users if they call your help desk. Nothing more.

Me: I have no doubt that you are on top of the situation but in such circumstances the in-country Service Management report in to the EMEA Critical Situations team who then coordinate all actions until there is a satisfactory resolution as per the EOP (Enterprise Operating Procedures). I will be taking point on this for you and liaising with EMEA Service Management for the duration of this situation.

**lots of back and forward, territorial pissing contest arguing took place until it was agree to have a followup call every hour. The second call went something like this :

Me: Good evening folks, how are things progressing on the site now?

Italian Guy: The emergency services are having difficulty due to the age of the building and they have not been able to get to the server room yet. There is nothing else new to say.

Duty Manager: So does that mean the servers are destroyed now or is there still some chance?

Italian Guy: The fire suppression system in the server room activated, that is all that we know right now.

** we adjourned the call and the next two were more of the same until the fifth call :

Italian Guy: The firemen have made it to the server room and have reported that the fire suppression system has not worked correctly. The servers themselves have been fire damaged.

Duty Manager: That’s very unfortunate, how are your efforts to get the backup tapes to the secondary site going?

Italian Guy: Eh, there is a problem with that too. The tape libraries are in the same room as the servers in an enclosure. The firemen have not retrieved them for us yet.

Me: Whoa, hold on a minute. The tapes that we’ve been trying to get into play for the last four hours are actually in the same room with the fire? Why didn’t you tell us that earlier ? If both the servers AND the backup tapes are destroyed then IBM Italy will be offline for days while a secondary site is configured. This completely changes the severity of this situation.

Italian Guy: yes, we believe that both the servers and the tapes have been damaged at this time.

**at this point I resisted the urge to reach my arm through the phone line and throttle this guy.

Duty Manager: So what can we do at this point?

Me: We need to get EMEA Service Management to start prepping a completely fresh site to take over for the ruined server farm. The problem is now that we’ve lost four hours waiting for tapes that were never going to arrive, we could have had the new servers being readied all that time.

So this all continued for a few more calls, I had my girlfriend pick up the kids between the calls and take them home and I just dived in and tried to maintain some momentum in the resolution efforts. Rather than drag it out and bore you to tears, here were the remaining revelations :
Servers were burnt to a crisp.
Backup tapes (which were in the same room) were partially burned but all were smoke damaged.
The fire suppression system simply failed to work
The firemen had to use water due to the composition of the building…WATER…on a room full of electronics.
It took 2 full days to build the new server environment which essentially meant that IBM Italy were unable to do business electronically for that duration.
Nobody ever explained why the tapes were in the server room other than to say – it was an oversight by the IT Manager. Really? an oversight?!?!!
The only bright spot in the entire debacle was that some of the data on the tapes was salvaged and shortened the duration of the outage significantly for some people.

I’m not sure there is a moral to the story or a catchy tag line like “patch your shit” but I suppose that my overriding memory of the whole situation was when I wondered how anyone thought it would be a good idea to put backup tapes in the same physical location as the servers and then neglected to do regular maintenance on an old building that was clearly a fire trap.

Round-Up:

The post Server Room Fire | TechSNAP 44 first appeared on Jupiter Broadcasting.