Speaking of defaults

Friday, 11th October 2013

I just recently noticed that I set up the page layout ( a heap of years ago ) on this site so it could fit full screen on a browser running 800x600.

I hope no poor sod still browses the web in 800x600 anymore, but if they do I expect they are doing it on a phone or other such limited platform that deals with that okay.

I put in a few quick adjustments to the css so it is at least set up for 1024 pixels wide less a margin of safety and did a new logo backing png. I guess if I really felt like doing some work I would do something that scales nicely with screen size. I really can't be bothered though and I reckon it is always going to look dorky maximised on a 2560x1440 desktop unless there is a heap of horizontal stuff that all scales nicely too.

Getting manufacture dates from cisco serial numbers

Tuesday, 8th October 2013

I've just added a javascript utility that gets the manufacture dates from a Cisco serial number and prints it out.

It turns out that it is in plain view other than the offset in the year value. The format is described in the text above the decoder, so you can write your own or do it in your head if you like to remember trivia like that.

Brute force for the win

Friday, 4th October 2013

If you are going to try an brute force passwords over ssh you should probably try better usernames than ferlac and gyurushop.

I wish I had logs of what sort of password ferlac and gyurushop would have.

Oct 4 14:56:15 wombat sshd[12240]: input_userauth_request: invalid user ferlac [preauth]
Oct 4 14:56:15 wombat sshd[12240]: pam_unix(sshd:auth): check pass; user unknown
Oct 4 14:56:15 wombat sshd[12240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.75.32.6
Oct 4 14:56:17 wombat sshd[12240]: Failed password for invalid user ferlac from 134.75.32.6 port 38348 ssh2
Oct 4 14:56:17 wombat sshd[12240]: Received disconnect from 134.75.32.6: 11: Bye Bye [preauth]
Oct 4 14:59:19 wombat sshd[12271]: Invalid user gyurushop from 222.36.0.48
Oct 4 14:59:19 wombat sshd[12271]: input_userauth_request: invalid user gyurushop [preauth]
Oct 4 14:59:19 wombat sshd[12271]: pam_unix(sshd:auth): check pass; user unknown
Oct 4 14:59:19 wombat sshd[12271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.36.0.48
Oct 4 14:59:21 wombat sshd[12271]: Failed password for invalid user gyurushop from 222.36.0.48 port 58955 ssh2

Defaults chosen for another era

Tuesday, 1st October 2013

I had to set up squid last week for a reverse proxy type arrangement and I was pretty amazed to see that the default config file that comes with ubuntu still has the same example memory and disk cache entries that were probably around when I first set it up in the late 90's on Slackware.

eg.

cache_mem 100 MB

cache_dir ufs /var/spool/squid3 100 16 256

100mb may have been a lot of memory way back when, but for the box I was using last week 28GB was a bit more like it. As a practical issue I was left wondering if the cache_dir entry was actually in GB and had to look it up.

Makes me wonder if everyone uses varnish or some other such new shiny these days and if there is some kind of beautiful symmetry around dinosaurs such as me using old dinosaur software like squid.

Google Adsense over SSL

Wednesday, 18th September 2013

It looks like Google have started offering adsense ads over an SSL transport in the last few days, so I've made the relatively minor change to take advantage of it.

With the scary warnings and other messages taken care of plus me finding the smaller wide format text ads I think I'm happy enough to leave them on the site.

What has happened here?

Tuesday, 17th September 2013

Some poor misguided firewall / router / voodoo packet forwarding aparatus has decided to let this packet out:

*mangle DROP: IN=eth0 OUT= MAC=00:14:85:17:09:8e:00:23:5e:7c:ba:1b:08:00 SRC=0.0.0.0 DST=202.21.137.10 LEN=76 TOS=0x00 PREC=0x00 TTL=251 ID=19777 PROTO=UDP SPT=65535 DPT=123 LEN=56

Theres a heap of drops in the logs for rfc1918 addresses, but 0.0.0.0 is a new one.

Trying to route on a Cisco ASA

Thursday, 12th September 2013

NAT, NAT sausage egg and NAT, that's not got much NAT in it.

Come back, all is forgiven

Thursday, 12th September 2013

Well Google has decided to un-disable my ads now which I suppose is better than a kick in the head.

I can't be totally sure that it was the link to the torrent site that did it because the process is very vague, they essentially give you a link to their terms and conditions and state that the violation is in there somewhere.

I'm not actually sure I want the ads anymore anyway because it is all a bit tacky looking and changing the site to https has made some browsers output scary looking messages for combining the http content of the ads in a page served up with https.