Recently in techGeneral Category

Two days of work and a lot of stupid mistakes later, I finally set up a functioning "transparent" VPN between two facilities.  By transparent, I am referring to the fact that the VPN will start on-demand and is transparent to the end users on each network being connected by the VPNs (no one has to manually initiate the VPN).  Usually, my preference would be to simply use gear from the same manufacturer (i.e. SonicWall/SonicWall or Netgear/Netgear), but it made no sense to decommission two fully functioning routers because I was too blockheaded to get them to play nice with one another.

So, here is the setup:  On end A, we have a SonicWall running SonicOS 4.2.x (advanced) with SonicROM 3.1.x.  On end B, we have a Netgear FVS124G running  the latest firmware, 1.1.48.  Netgear has a great howto at VPN Between NETGEAR ProSafe VPN Firewalls and SonicWALL, but there are a few tiny gotchas that got me.  The two primary issues were related to the Local and Peer IKE IDs and the destination networks.  The screens on our SonicWall looked different.  Instead of:

Our VPN Policy screen looks like:

Make sure that your Local and Remote IKE IPs are swapped on the Netgear (or other box) you are trying to connect to.  (If your local IKE ID on the Netgear is 1.2.3.4, then the Remote (or Peer) ID on the SonicWall should be that number.  (In many VPN examples out there (especially with Netgear), the local and remote IKE IDs are in the form of a FDQN, fully qualified domain name, which actually doesn't have to be a real FDQN.  For example, thisismynetgearfdqn.com and thisismysonciwallfdqn.com will work respectively.

Then, the issue of how you define the local and remote networks on the SonicWall created a ton of problems.  To make issues worse, the error logs gave no real indication that the problem was the definition of those networks.  In my example, I wanted the SonicWall network of 10.1.1.0/24 (or 10.1.1.0/255.255.255.0) to be accessible by the people behind the Netgear network and vice versa.

At first, I defined the local network as Any Address.  This meant that any addresses on the local network would have access to this VPN.  Both of the Routers are dual-homed and in the case of the SonicWall, it is not only dual-homed, but it also manages two subnets.  One subnet is for an internal, administrative network and the other is for guests of the company (aka the open network) to surf at their leisure.  We don't want the open network clients to have access to anything but the internet.  So, besides this potentially causing errors with the remote network definitions on the Netgear:

It also would (potentially) give guests access to the remote subnet.  This is definitely not something we wanted.  So, suffice it to say, one needs to be very, very careful as to how the local and remote networks are defined on the SonicWall.  I defined a range of IP addresses for the remote network on the SonicWall, whereas on the Netgear, I had defined an entire subnet.  Even though they technically matched (i.e. 10.0.0.1-10.0.0.255), this is not the same as defining a subnet in the Phase 2 portion of the handshake.  So, if you define a subnet on the Netgear, then you must define the address range you wish to reach on the SonicWall as a subnet also.

The last gotcha came in the form of which interface the VPN was bound to.  Because both routers were dual-homed, I had to make sure that the traffic for the VPN went through the fastest interface.  On the Netgear, this was WAN2 and on the SonicWall this was interface X1.  Here is a screenshot of the SonicWall:

This is where things get complicated and this HowTo/notes page really won't do justice to your setup.  None of this matters if your routers are single-homed.  In my case, not only was the dual-homing a complication, but, in the case of the SonicWall, I thought I had to bind the VPN policy to the internal subnet with which we were playing.  That is wrong, you need to bind it to the external interface that is the endpoint of the VPN for the remote (in this case, the Netgear).

The last bit is just like in the Netgear KB article.  The SonicWall Proposals tab looks like:

There are a few things we should recap.  First, as the Netgear KB article implies, you really want to print this out and write in your own values.  Here is the IKE Policy page from the Netgear:

It is very easy to mistake one IP for another and make the subnet versus IP range mistake I made on the SonicWall.  The three gotchas are Local and Remote/Peer IKE IDs, defining the local and remote networks and, in the case of the SonicWall (and the complication of dual-homed devices), binding the VPN policy to the correct interface.

Hopefully some of my experiences have helped you with configuring something similar.

updated: 2010/07/14

I've been trying to get OpenBSD 4.4 up and running on an old'ish PowerBook I had to rebuild recently. This is one of the last 15" G4 series PowerBooks Apple made. The basic specs are the 1.0 GHz G4 PowerPC processor, 1GB of RAM, DVI, 1gbps Ethernet, 80GB drive, etc. (If you wish, you can stop reading the story part of this post here. Go to the last paragraph if you are simply checking how I got OpenBSD to work as a second OS on the PowerBook.) Running Leopard (OS X 10.5) was frustrating, as it was slow (especially compared to my newer Intel based MacBook Pro) and I really don't have a use for OS X unless it runs fast on a portable machine. At the end of the day, I am using this machine to check email, surf the net and muck around with OpenBSD related issues I have with a small server farm I'm responsible for managing. Considering the machine is in fantastic condition, it would be sad to let it sit on a desk somewhere and collect dust. The problem was that I have spent the last two days trying to get OpenBSD 4.4 running and while the installation went as smooth as would be expected (I rarely have problems with OpenBSD's install process), regardless of whether or not I left the drive formatted MBR or HFS style (i.e. using a boot map that is typical for Intel/AMD machines vs. using Apple's Open Firmware style boot sector), I just could not get OpenBSD to boot. That was, until I read the directions more closely...

Perhaps in some time, this will become more of a howto, but for now, I am trying to take public notes on how I finally got Action Streams working in the manner I had originally intended all the way back in May of this year. I called up my buddy, Aaron over at 601am.com and asked how I can do better at integrating some of my social network streams into my regular weblog. I've found Twitter amazingly handy, along with with a host of other social network services. I had originally hoped that my blog could be my own source of these "services," but that would be missing the social component, which I have come to enjoy (for example, trading or showing off photos on Flickr and sharing bookmarks on Delicious). Instead of linking everywhere outward, why not integrate the streams created by each of these services within my own blog stream? Action Streams allows you to essentially re-stream your created content within Movable Type. How it does it is still somewhat of a mystery (I just recently dove a bit into the code and am thoroughly confused), but here were my objectives: for every service I want to integrate, I want to publish it, either on my main blog page or in a concentrated form of my output in a blog and stream mixed page. For longer items, such as my blog entries, I need to start breaking them apart into multi-part entries like I had done in the beginning vis a vis extended entries. For the social networking items like those submitted to Delicious, Flickr, and twitter, there is really nothing more than publishing things as is because they are short by their very nature.

The easy part is installing Action Streams. Download, unzip, copy items to the correct location within your Movable Type installation directory. The difficult part follows, as the documentation is practically nonexistent. Here is what I did, though:

This morning, I was going through my twitter feed and came across a Chris Pirillo entry about getting 1TB of online storage for free. Now, that is very intriguing. In Amazon S3 terms (the best pricing for reliable online storage that I have yet to see), 1TB would cost $150/mo, plus transfer fees, which I calculated at around $54/mo. (especially if you are using the storage for continual backups). Amazon's S3 service has proven extremely reliable and safe for my needs (I'm backing up things like photo and iTunes/music libraries - not private documents) and the pricing tends to be reasonable when you calculate the cost of maintaining space for the backups on your own. Thus, it is hard to not take a second look when someone mentions you can pay $0 for something that costs over $150/mo at the most reasonable place you know of.

I cruised over to Oosah and started to take a look at their service. It looks very interesting, as they offer ways of creating image, video and music mashups. You can connect content from disparate services and upload your own content. It also looks like they support a multitude of codecs and file formats. All of this looks fantabulous, until you read between the lines:

9c. Ownership of Content: You retain all ownership rights in your Content. However, by posting Content to Oosah, you automatically grant, and you represent and warrant that you have the right to grant, to Oosah (and its successors) an irrevocable, perpetual, non-exclusive, assignable, royalty free, worldwide license to use, copy, perform, display, distribute and to prepare derivative works of such Content in connection with the Site and any current and future services offered by Oosah, and to grant and authorize sublicenses of the foregoing. (from Terms & Conditions)

As with many of these types of agreements, I understand why Oosah wants perpetual rights to your content - to do with it as they please forever - but it is not something I am interested in handing over to anyone; whether or not they are providing me of some type of compensation in return. This is the same type of verbiage that recently caused an uproar over Google's Chrome browser (i.e. in their first EULA, they received and retained ownership over any content created and/or uploaded via their browser). I'm not sure if the content I create will ever be worth something, but I do have enough foresight to know that by passing on perpetual rights to my copyrighted works, I give up the ability to control what happens to it. When I'm taking the time to create things on my own time, on my own dime, I at least wish to control what happens to it in the future. You never know what type of value your works may have as time goes on.

Perhaps you don't care whether or not you retain ownership of your creations. That is up to you. Before you sign up for a service, however, be sure to understand what you are giving up in return for what they are giving you. Good luck to Oosah. Sorry, though, its not a service for me.

This morning as I was making coffee, I grabbed one of the Sonos controllers and set out to find a radio station to listen to. There are a number of choices Steph and I usually choose from (if she's not home, the choices expand, as my taste in music usually irritates her) between Sirius over the internet, Rhapsody music channels and some radio stations from Germany that stream over the net (thank you!). I realized that other than in the car, I haven't listened to a normal radio in my house or apartment for close to eight years. Once streaming radio over the net became available, I stopped listening to normal (terrestrial) radio. In the car, I have Sirius (which I never thought I'd like) and/or an iPod. When I have to drive a vehicle that lacks either of those, the thought goes through my head, "damn... static, fade, constant commercials, crap content and never being able to find a station I like." Granted, there are a number of stations I listen to that stream over the net and are thus like their over-the-air counterpart, but the difference is that they don't fade and the content is that good that I don't mind the commercial interruptions. Either way, I realized how different the radio is today compared to yesterday and how differently our kids will look at radio "stations." Talk of using short-wave radios to get in a station for the west coast or even over-seas will fade and slowly go the way of tube based amps. No, they don't disappear, but there are a select few who actually know about them and will remember how they work.

...or, said another way: sitting on your Windows Vista machine, if you want to access an SMB/Windows share on a Mac running Leopard (aka 10.5), then following the instructions found on a MacTalk Forum solved my problem:

I couldn't get the Vista (Business) machine to access an SMB/Windows share on my Mac Pro. For some reason, it simply wouldn't accept my username and password combination. The answer is actually quite simple. In the Username field of the dialogue box on the Vista machine, you need to type in DOMAIN\yourusername instead of simply yourusername. Leave DOMAIN as just that. Worked like a charm. Click on the image above for a higher resolution view or simply click on the link to the MacTalk Form thread where I found the solution. Thank you to MacTalk Babysitter.

I am always disappointed and yet amazed that approximately six years after I try something, the real thing comes out that actually works. I saw the Cintiq 12WX mentioned on Moose News Blog and said that at that price, it just had to work. I tried my first tablet about six years ago. Actually, I used one with some odd cad software much further back, but I never really saw it as a way to draw - or get back to drawing; something I haven't done seriously since I was in grade school.* By golly, it just works. The hardest part about using a tablet (either the type you need to use a normal screen with or a screen-based tablet) is getting used to the tools you need to draw. Adobe Illustrator has some odd ways of defining brush strokes. Don't even get me started on the pen.

I'm loving it, though. It makes photo editing and simple drawing oh-so-easy. Like most things, I'll write a more detailed review when I've had much more one-on-one time. For now, if you're on the edge and aren't sure if it really is better than their normal tablets, it is. Hands down.

* No, not your doodle-because-you're-bored drawing, but real, landscape, animal, people drawing. I would love to think it is art, but it isn't... not yet. Maybe with practice.

Around Thanksgiving in 2007, I posted some thoughts on Amazon's ebook reader, the Kindle. When I originally ordered the device, I thought it would hit a sweet spot in the arena of reading-on-the-road despite reservations I and others had about the 'you are locked into our system' nature of the service. As we are finally beginning to see, DRM (digital rights management), the most glaring issue I have with the Kindle, is a subject not to be taken lightly. The music recording and distribution industry had steadfastly refused to allow consumers to purchase their products without being locked into a system of their approval. Besides the inherent issue of circumvention, DRM simply confused and frustrated people. I, myself, stopped buying DRM'ed digital downloads of music shortly after losing a good number of albums because a hard drive failed on me between the time I had purchased the tracks and albums and before I had scheduled my next backup. It simply wasn't worth the frustration and I went back to buying (primarily) used and new CDs.

I still have philosophical issues with the Amazon Kindle Terms of Service. In relation to the paper version of a book, my user rights are severely restricted with the Kindle. I can't rip, cut, copy, paste, modify, extend, remix, etc. much of anything. If Amazon ceases to exist or the Kindle becomes a defunct product, I lose access to the device and product I paid for. I feel I am personally taking a gamble with Amazon on a number of fronts. A) I believe they will eventually use their clout to rid the Kindle of DRM so that we can access purchased content on whatever device we wish as long as it is capable of reading the Kindle formatted text. B) I believe, especially with Amazon Web Services, that Amazon will be around for some time to come. They are not only a provider of discounted products (it is ironic; I purchase more electronic gadgets from Amazon than I do books), but also utility style computing/data services. C) There is nothing that I have the time to do that would void my agreement with Amazon's Kindle Terms of Service, so I am fairly secure in thinking that Amazon will not terminate its agreement with me (thereby disallowing use of the Kindle) because I have done anything against the Terms. Reason 'c' is pragmatic and leaves a bad taste in my mouth. I really shouldn't enter into agreements with which I have serious reservations. I often do so, however, because I want to have access to something that I otherwise could not live without (read: sarcasm). This is regrettable, but not entirely senseless.

All of the limitations are meaningless from where I sit today - i.e. I love device and use it almost every day. After a good six solid weeks of use, 16 downloaded books (six of which have been completely read and the others in process), and various trips, long and short, I can't live without it. I wish there were more books available because I would read that much more. I find myself reading more varied because I can easily carry so many topics with me. As I write this, I'm on a plane to Sacramento, CA. Throughout this trip, I've spent the better part of three hours reading two books and the Wall Street Journal. One is James Patterson novel and the other a book on Wikinomics. I'm also slowly moving through some old Hume writings. I didn't think I would find value in having the WSJ delivered to me on the Kindle, but it has turned out to be convenient and reminiscent of the way I used to read the Journal in its paper format. (I haven't had a paper subscription to the WSJ for over six years; only electronic.)

The most significant difference between the Kindle and my previous I'm going to use a laptop to read from now on is the simple fact that the device is light (enough) and very easy on the eyes. It reads like paper (as marketed) and does, indeed, come close to the feel of actually reading a book. The test that proves whether or not something is going to work in the long run for reading in all types of situations (i.e. office, plane, bed, couch, car, etc.) is how well the device sits in your hands. There were comments by people that the iPhone really represents the best of all worlds and would make a better book reader. This is simply not true. The iPhone, while amazing in every respect concerned with internet usage (other than AT&T's lamentable EDGE network - which performs horribly on so many levels I could write a book about it), does not really make a good book because it is actually too small. I've thought about whether or not my opinion is driven by the fact that I grew up with paper books and am simply unused to the manner of reading required when using an iPhone. In other words, does a newer generation of people who don't know books (a stretch statement) find the iPhone or like device an easy reading device? I think that just as in human interface design, there are simply good and bad designs that are decided by our biological functions/capabilities. It seems to me that the iPhone and like screens are simply too small to focus on for long periods of time (for the general population). The typical paperback book has met the needs of economics in not being too big to publish and distribute and not be too small that people don't like reading of its pages. So, in this respect, the Kindle (and Sony Portable Reader) really hit a sweet spot. I would heartily agree with other users that some buttons are misplaced and the design reminds me of an 80's style laptop. It really is a frumpy looking device. In use, however, it really performs well and it is for this reason only that I have found it so enjoyable to use.

Last night, as I was moving onto my seventh book, I thought a little more about the Kindle's design and what last words I would have. I know by now that this will be a gadget that will be a long-term companion. It just works for what it was designed for. There are a few items I hope will be dealt with over the long run:

- I hope Amazon rids this device of DRM. It is frustrating on so many levels because it prohibits me from using the content the way I am allowed in respect to a real book.

- I hope the e-ink technology advances enough to bring color and a light backlight to the device. I do not want to sacrifice battery life nor readability for this, but in thinking that some situations require a backlight and color would be nice for pictures, etc, it is a development I see happening over the long-run.

- I really hope they re-design the thing to not only look better but also fit even better into your hands. I think they've done a decent job. It could be better, though.

I hope I was able to answer questions that some may have had about real world usability. I know that I was concerned that it somehow would come up short in the areas where it matters most. It doesn't. In fact, it does better than anything else I've seen or used.

I remember when this was 10 times the size of my hard drive in a Tandy 1000 20 lbs personal computer/"laptop." I weighed four times that original machine when I received it (read stole) from my father. I have Photoshop files as large as this...

I love little applications that just work™. Back in my Windows days, I remember coming across an application for network throughput monitoring at analogx.com (NetStat Live) and thought, "how awesome! I don't need anything complicated, just a small app that shows network throughput on my system... and here it is!" The same thing occurred today. Now that OS X 10.5 (aka Leopard) supports bluetooth stereo audio via the A2DP BT profile, I purchased a BT dongle that I can hook my headphones up to so that I'm not tethered to my office desk. (See the IOGear Audio Transport.) Once I got the dongle paired up with my workstation, I couldn't seem to connect to the stereo side of the headset. I was getting monaural sound, but not stereo. (Which, by the way, worked previously in 10.4. You could connect to a bluetooth stereo headset, but it would only pass audio in mono to the headset, not stereo.) I'm very familiar with how OS X handles audio input and output vis a vis System Preferences, but for some reason, I couldn't get stereo output.

I did a quick search via Google of the A2DP profile in 10.5 and found mention of Rogue Amoeba's SoundSource in a forum (I can't find the forum right now). I downloaded the app and had my problem solved in 30 seconds - literally. SoundSource is very good at showing sources and outputs for audio (the headset I'm using doesn't show up as well on their menu as in the Sound menu in System Preferences, but it is more intuitive). Just select and change source or output on the fly. It is that simple. To top it off, since it is free, there isn't a reason not to try it.

Screenshot: