pppd + precompiled-active-filter
OpenWRT has long had some patches against pppd 2.4.4 for what’s called ‘Precompiled Active Filter’. This is a file, which contains the libpcap compiled filter on what should be considered ‘active’ or ‘interesting’ traffic. In the Cisco world, it’s the access-list you reference with dialer-list and dialer-group commands.
The default file that’s shipped tends to ignore icmp requests and a few other odds and ends, and is either never used, or works for everyone else. Sadly, I needed to change it.
Finding #1) tcpdump -ddd not icmp and not udp 123 and …. generates a precompiled file nicely
Finding #2) After several hours - this is not the right way to generate it. Files generated do not do what you think they do.
Finding #3) Included in the buildroot is a tool from http://www.fli4l.de/en/home/news/ called pfc.c which will build the correct filters. That’s the Floppy Linux ISDN… Floppies and ISDN - something I haven’t run into for several years.
Building it (gcc -o pfc -lpcap pfc.c) gives you a nice little tool to generate them using command line libpcap filter syntax - and guess what - they work!
Dan’s DNS Talk from Blackhat
If you’re at all into security, Web 2.0, systems administration, you need to check it out here. Yes, it’s a Powerpoint, but it’s worth opening.
It covers not just the recent DNS attacks, but use and abuse of DNS to disrupt Email, SSL, ‘Forgot your password’ systems. Also explains attack vectors for Internal systems, so your firewall won’t protect you - patch your DNS servers!
My favorite quote from the presentation - ‘Never assume an API is smarter than it had to be to ship’
Ubuntu 8 on Parallels 3 (and some other VM packages)
You’ll see
This kernel requires the following features not present on the CPU: 0:6 Unable to boot - please use a kernel appropriate for your CPU.
You need to go here and it’ll fix you right up.
Day 1 of Inbox Zero
I finally got around to watching Merlin Mann of 43folders.com’s talk at Google about Inbox Zero late last night. I figured as it was the 1st of the month, a perfect time to start something like this - so I’ve done just that.
I basically declared Inbox bankruptcy, and renamed my current Inbox, and started with 0 messages. Throughout the day, I checked email less, but when I did, I processed every one until the my Inbox was back to Zero. Dick Kuslika over @ DailyDoseofExcel has written some VBA macros to help with this, known as OutlookTags (look for the link at the bottom of his post), which let you ‘Tag’ messages, which in this case means move them to a subfolder - in my case, Delegated, Replied, Defer or Done.
I certainly felt more productive, but then again, not looking at an Inbox with 1500 emails will lighten anyone’s spirits 
I’m going to continue this experiment for 2 weeks, and see how well I hold up.
Expanding Xen Filesystems in 5 simple steps
Frequently, I find I need to increase the size of my XenU virtual disks. Luckily, this is dead simple - while it can’t be done while the XenU is booted, it only takes 30 seconds.
Given you want to expand a virtual disk called filesystem.image by 1024MB (1G), do the following:
1. Shutdown the XenU
2. dd if=/dev/zero bs=1M count=1024 >> filesystem.image
3. e2fsck -f filesystem.image
4. resize2fs filesystem.image
5. e2fsck -f filesystem.image
CVS commit logging with Activitymail
We’d been using SyncMail from SourceForge to email out diffs from all the Openswan commits. When we upgraded to CVS 1.12, all this broke. We waited for syncmail to get updated, but that never happened.
Instead, I found ActivityMail which is written in Perl instead of Python, and supported the new log format. However, the docs are less than clear on dealing with CVS 1.12, and the examples are wrong. Here’s what I’m using:
^openswan /usr/local/bin/activitymail -q -d -P "%p" -f "%{sVv}" -t cvs@lists.openswan.org
We use -q, since any stdout messages confused some of the CVS clients. The key was the “’s, as they are required in CVS 1.12 and higher. With this in place, we’re back to flooding our inboxes with CVS commit logs
Flickr Photos
