I have a problem which is probably unusual in most home networks, which is that I have multiple subnets coming off one of my LAN interfaces on my router. For most IP-routed things, this is obviously not a problem, but there is seemingly one exception to this rule, and that is multicast packets.
Author Archives: Gary Hawkins
Non-domain MIT Kerberos logins on Windows 10
Note: The article here requires features that don’t appear to come with the Home edition of Windows 10, such as the Group Policy Editor. These steps may well work on previous versions of Windows, but I haven’t tried it out on them. This article assumes you’re familiar with setting up and administrating an MIT Kerberos KDC and password server.
Blast from the Past: Usborne Computer Books from the 1980s
For those of you who grew up in the 1980s, you might remember the series of titles published by Usborne Books about what would be considered quite esoteric subjects today, from how to program in BASIC on your favourite home computer, to writing adventure games, and even how to write Z80 and 6502 assembler (and yes, I had a copy of the last two books!)
As various parts of the computer press have stated this week, Usborne have made PDFs available of these books for free download, which you can find here. There is also a blog posting on how the books came about here. (Even now, I’m still amazed they even published the book on assembler programming back then!)
Perhaps one day I should port the adventure game that’s described in “Write your own Adventure Programs for your Microcomputer” to something like Inform…
DNSSEC zone re-sign today
I’ve signed or re-signed all my domains with new more secure RSA/SHA-256 keys today (and adding some domains that weren’t previously signed). I’m going to leave my old signing keys in for a while so you shouldn’t notice the changeover, and remove them in a few days when the new DS and DNSKEY records have had a chance to propagate to the wider Internet.
(For those of you unfamiliar with the concept of DNSSEC, it is a way of using encryption to verify that DNS lookups on the Internet, which convert names such as www.garyhawkins.me.uk to IP addresses and vice-versa, are genuine and are not being spoofed from an unauthorised server.)
Update: Old keys now gone from the server.
Let’s Encrypt
Let’s Encrypt has now reached public beta, and so I have put one of their certificates on this web site. So you can now access https://www.garyhawkins.me.uk and read this web site using encryption.
Update: Had to temporarily replace this with a StartSSL certificate because I managed to trip the “too many certificates in one day” limit whilst testing the generation script …
Yet another certificate disaster
I was dismayed to read this article on The Register today which suggests that yet another large manufacturer has shipped a security nightmare with its laptops. You’d have thought these people would have learned after the Lenovo “Superfish” debacle, but apparently not.
It would appear that Dell ships a self-signed root CA certificate by the name of “eDellRoot” which is automatically installed by Dell software into the Windows trusted root certificate store. This would normally be not too much of a problem, but this time they’ve managed to install the private key as well, which means (assuming the private key is the same on every machine with this certificate on) that it’s trivially easy to take the private key, sign certificates with it and then any Dell machine will blindly accept this certificate which can be used for nefarious purposes such as impersonating web sites, man-in-the-middle attacks, malware, etc, etc, etc.
What on earth were Dell thinking?!
Review: Whole (“blue top”) milk
The other day, I went to the supermarket to do the weekly shop as usual, but they’d run out of semi-skimmed milk (“green top”) which is about 2% fat), so I had to buy whole milk (“blue top”) which is 3.5%-4% fat, and I hadn’t bought for ages.
And so, the following morning, I got up as usual, reached for a bowl and put a handful of corn flakes in it, poured some milk into the bowl and sprinkled a bit of sugar on them, and started to eat them. I’d forgotten just how nice corn flakes tasted with “unskimmed” milk! (OK, not quite as nice as when the milkman delivered the milk bottles and you got a bit of the “cream” on the top, but still pretty nice. If you want that you can still buy 8% fat “gold top” milk still at the supermarket.)
So the question is … do I buy whole milk next week, or go back to the decidely-inferior-on-corn-flakes semi-skimmed? Decisions, decisions…
Likes: Tastes great. Also nice in coffee.
Dislikes: Makes you fat(ter)
Rating: 9 out of 10
(Corn flakes with “gold top” milk would be rated at least 11 out of 10, if I had any in the fridge)
VoIP is wonderful
Aside
VoIP is wonderful. Except when someone tries to DDoS your ISP and cause massive packet loss.
Review: Snom D765 VoIP phone
So I thought it was time I replaced my existing Snom 370 telephones, after 7 years, with a new model. After much waiting, eventually the phone I was after came on the market, and so I bought two of the Snom D765 phones. The Snom D765 is an updated version of the Snom 760, with better hardware inside. The new design is considerably different to the Snom 370, and looks a lot more modern. The new phone is taller and not as wide. It also has a colour screen, but you’d hardly notice because not much of the screen is in colour except for the green box to show the phone has been registered. (I suspect the colour screen works a lot better when you start including photographs of your contacts)
The Web interface is largely similar to previous Snom models with a few extra features. However, I think they’ve got some bugs to fix on the 8.7.5.28 firmware because pushing certain buttons on the Web UI causes the wrong thing to happen, especially when you push red crosses to delete lists of missed calls etc. The really irritating thing is that the IPv6 support works, but I cannot understand for the life of me why on earth it will not resolve AAAA records. The only way I can get it to work is to put IPv6 address literals in instead! (And yes, I have reported the bug.) Once I did that, it connected to my IPv6-capable FreeSWITCH installation perfectly.
What can I say about this phone? Well, it’s a Snom. If you’re used to previous versions of the Snoms it’s pretty much more of the same. However, they’ve got some stupid bugs to fix in the firmware but otherwise the phone works fine. Still no Opus support yet which is a shame. Also new (relative to the 370s) are Bluetooth and USB sound card support so you can plug in a USB headset, and multicolour (red/green/yellow) LEDs, unlike the 370 which only had yellow. Lots of possibilities with that, I’m sure once I’ve worked out how to control them.
Likes: New modern design, IPv6 support, USB headset support, colour screen
Dislikes: Firmware still full of stupid bugs, lack of Opus support, can’t resolve AAAA records.
Rating: 8 out of 10. Nice phone, needs some work on the firmware
ARIN Watched: 24 September 2015
The day has finally arrived.
It's official. ARIN's #IPv4 address pool reaches ZERO #get6 pic.twitter.com/ef3Yq6cQDG
— ARIN (@TeamARIN) September 24, 2015
ARIN announced today that their free pool has reached zero. Unlike all of the other declared exhaustions, this actually means that there are no IPv4 addresses at all left in the ARIN region, covering the North Americas.
ARIN’s press release can be found here. Note that this is potentially not the end for waiting list users, as it is possible IANA may make further redistributions of returned addresses every few months or so, but these are likely to be immediately gobbled up by the waiting list applicants.