db.osoal.org.nz

Subscribe to this feed

How to defeat timeshift on a mint upgrade

Wednesday, 24th April 2019


If you are trying to do a mint upgrade and don't want to mess with a backup application like timeshift, it turns out that the mint 18.3 to 19 mintupgrade only checks for the presence of a config file for timeshift, so you can do the following to get around the check:

sudo touch /etc/timeshift.json

When your scripts don't work from cron

Wednesday, 12th September 2018


If you've ever had a script that runs fine when you execute it from your regular login shell but won't work from your crontab you may be running into differences between the environment variables that are setup by cron and the environment that a full login shell gets.

If you want to debug this it might be handy to be able to execute a shell with the same environment that cron uses.

You can dump the cron environment to a file by adding a crontab entry to execute env:

So, crontab -e and add this:

* * * * * /usr/bin/env > ~/cronenvironment

Once ~/cronenvironment is populated you can execute a shell using it:

env - `cat ~/cronenvironment` /bin/sh

Then debug away.

HTML5 and dinosaur perl modules

Tuesday, 29th March 2016


I was trying to get this site to validate with the w3 HTML validator and it spits out some errors over the google adsense async ad template over some HTML5 specific attributes.So, I decided hey why not change the page declaration to HTML5 and see what needs fixing.

Well that was a dumb idea, looks like the ancient CGI.pm that I seem to have used a bunch of years ago is not going to be sorted out for HTML5 and more likely is going to get binned from perl totally.

So I'm on the lookout for a new module that does the barest minimum of HTTP environment variable fiddling and sets the character encoding to something like utf-8.

Yay me.

How to source a 2m directional antenna in NZ

Sunday, 20th March 2016


The first thing on my list is a directional antenna.

It's traditional with amateur radio to make your own antennas. After figuring out there is no local options and importing something is a pain, I did have a pretty good look at building something. The plan was to get an old VHF TV aerial to use the boom and the elements, chopping it down to the right dimensions and then customising the driven element. Despite VHF TV antennas still being screwed onto every second house around here, finding someone I know with one of those that wasn't nearly destroyed turned into it's own saga.

So in a moment of weakness I ordered an Arrow 146/437 antenna from Gigaparts. It's a really nice unit, alot better made than I could be bothered making, easy to either build as a 70cm or 2m antenna or both cross polarised, and easy to break down to move about.

For connecting to the ISS I only need the 146MHz / 2m elements, so that's all I've got built up currently, But I've got the option of dual band with a diplexer to connect to a single radio or being able to use the two antennas with different radios for other satellites that receive and transmit on different bands.

Here little space station...

Saturday, 19th March 2016


I've been collecting up appropriate junk to attempt an contact with the packet radio installation on the ISS.

I haven't pulled it off yet, but as far as I can tell you need:

A compass also might help for figuring out which direction to expect the satellite to be coming from.

I'll go over the gear I've collected in a later post, some of these items are a heap more difficult to come across in NZ than it seems to be in the USA.

The story of the purple frog.

Thursday, 15th October 2015

A bunch of crypto geeks were on a week long bender and were chilled out from smoking copious amounts of weed. One of them suggested that instead of hashing the password and transmitting it that they should hash the username and the password. Everyone said cool and after thinking about that for a good while they fell asleep in their chairs.

Later that day they laid into some shrooms and someone else said that the purple frog on that giant toadstool just invited me to his realm so how about we hash the username, the password and the realm and transmit that. Everyone thought that was cool, so the purple frog drafted the digest md5 rfc and now we have an ambiguous screwed up standard that makes you wish they hadn't done that.

The end.

Warning of impending peril to your waves

Saturday, 26th September 2015

I passed my general amateur operators certificate exam on Thursday night, so I have a certificate that claims that I'm competent to operate a radio in the amateur bands. Heh.

The equivalent qualification in the USA has about three different exams, so in contrast it is amazingly easy to get in NZ.

I Can't decide if it's good to eliminate all the pointless red tape or dangerous to let folks who barely know which direction the antenna fires the radio waves loose in the bands. I guess it is the Kiwi way.

WTF is up with the ntp defaults on Cisco?

Thursday, 27th February 2014

So, it turns out that configuring an ntp peer on a Cisco router enables an ntp server that is open on every interface that that router has.

The only valid excuse I can come up with for this is that the defaults were chosen so long ago that the internet was a much nicer place.

So how do we fix this up?

There isn't a nice knob that says 'Don't serve client requests to anyone' ( which is screaming out to be the default ). So excluding ACL's applied directly to interfaces, we have to fake it with what there is.

There is the ability to appy ACL's on the ntp service for three classes of ntp packets; peers, querys and servers. This isn't as useful as it sounds, when you apply an ACL to a query class it triggers a default drop in all of the other classes, so if you apply a default deny to the query class, then you have to put in an ACL to permit the NTP servers that you have configured to talk to you.

Depending on what version of IOS you have, you may only be able to configure numbered access lists on your ntp service. The configuration that should work on anything running an old version of IOS as long as you are only doing IPv4 is the following:

ip access-list standard 99
permit 202.21.137.10
permit 202.21.136.66
permit 202.21.136.67

ntp access-group peer 99

If you have IOS 15.3 or newer and IPv6 configured you want something like the following:

ip access-list standard v4-ntp-servers
permit 202.21.137.10
permit 202.21.136.66
permit 202.21.136.67

ipv6 access-list v6-ntp-servers
permit 2001:4428:0:13::10
permit 2001:4428:0:6::66
permit 2001:4428:0:6::67

ntp access-group ipv4 peer v4-ntp-servers
ntp access-group ipv6 peer v6-ntp-servers

Next

© 2009 Lincoln Reid <lincoln@osoal.org.nz>