I have a couple of Open Mesh Indoor Access Points that I’ve used for various projects, the most recent of which being the provision of WiFi for our Teenage Subnet.
These devices have a very cool history. Originally created under the banner of Meraki(since sold to Cisco and thenceforth diverging from its open source roots), the Open Mesh has a really strong community behind it both in the development and the after-market support camps.
Long story short, one of the nodes decided to pack a sad and nothing I could do from the control panel would get the dang thing to talk to the network again.. so that’s when I rolled out the big guns.
It was to these guys that I turned my web browser, and true to form was soon rewarded with this very good HOWTO explaining the step by step of reflashing an open mesh device.
While I have archived a copy of the article in case the original gets moved, I would caution the visiting reader to seek their fortunes in the community forums updated documentation should you stumble across this page at any great length time after it is initially published.
The one edit I would make would be to ensure that, in Windows, you open the command prompt as an Administrator. For me, the flash program would not detect any interfaces until I did this.
So, a friend* of mine asked me yesterday, (following my posting of an article), what I thought of a particular password manager – I obviously wanted to answer her question. I then decided that since I was in for a penny, I might as well be in for a pound and here we are, (hopefully) fixing my response, and posting it in a more readable format.
TLDR; No. I don’t especially like the look of it. You have to trust a company who is making money out of (hoping) their product is secure. I personally like KeePass ( http://keepass.info ) which works on all my devices and, coupled with a internet sync service (that also leaves you comfortable with the level of security offered), works on all my devices.
While the GIMP (the GNU Image Manipulation Program, not the one from Pulp Fiction) is a marvelously capable (and freely available) graphics tool, it has a complete meltdown when asked to perform a simple task like saving a multi-page PDF.
GIMP will import a multi-page PDF fine:
One of the concerning requests of Xbox Live connectivity, is to enable UPnP or ‘Universal Plug and Play’ on your home router.
The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network. In the past, I have advocated for this to be switched off by default in consumer grade routers and I explain the UPnP threat in another post.
Getting back on track, my security conscious view for our home network does nothing for a teenage boy who received an Xbox Live subscription for his birthday and, while some aspects of the Live subscription work, others – such as game sharing will fail. With this in mind, we need to setup port forwarding, rather than implement UPnP, to connect said teenager to his gaming buddies and keep our network free of the risks introduced by enabling UPnP.
The UPnP protocol has a long standing history of security problems, not the least of which being that it allows unauthenticated devices to connect to and through your home network.
TLDR; UPnP is a flawed protocol which has been leveraged numerous times to conduct widespread attacks via large numbers of insecure devices. Do not enable UPnP on your network. Or do, but understand the potential consequences of your decision.
The rest of what follows is a rant/opinion/soapbox based on a number of years of experience in the real world of IT Security and Risk Analysis, and the cumulative research on the subject that goes with such. Continue reading →
Koha is a fully featured, scalable library management system.
So, I thought I’d set up Koha on a virtual machine to have a bit of a play, and maybe use it to manage our library at home.
Create the virtual machine
I’m using VirtualBox as my VM manager, so – first off we create a new machine, give it a name and set the type to ‘Linux, Debian (64-bit)’ as Koha is most often deployed on Debian servers.
The default settings (512MB RAM, 1 Processor, 8GB HDD) are fine, and we will set the network card to be a bridged adapter (which will give it its own IP address on our local network). For now so all that remains is to point the CD to the latest Debian installation image. I am using the network install as this machine will only be built with what Koha needs and thus I don’t need to pull down local copies of a bunch of things we won’t install. So, let’s start the VM and get on with the installation.
Now that pfSense is connecting through your home LAN and serving addresses to the ‘Teenage Subnet’, we need to do some further tweaking to make sure we can keep our semi-hostile network safe as well as keeping an eye on our network traffic usage and what our users are accessing.
So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.
It’s anyone’s guess as to how long this breach will remain in the news cycle, so I thought I’d throw out an article quickly as New Zealand is currently in the throws of pre-election posturing and I imagine some political hopeful will say something controversial and the media will swing away to cover that within the next day.
For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.
In the previous article, we set up (at least) two network interfaces. The first, facing the Internet (the WAN) and the second facing the internal network (the LAN).
In our instance, our WAN interface will simply pass traffic onto our existing internal network, where it is subject to existing rules and management, while the LAN interface will become the first node of our new ‘Teenage Subnet’ through which our older boys (and possibly their friends) will access the network resources (including access to the Internet).
So, anyway, we have a machine happily whirring away running pfSense and two interfaces configured, the WAN and the LAN. Now we need to connect up and get things configured.