niels / Software / #linux

enlightenment?

Inspired by David’s urge to maximize eye candy on his newly installed Linux machine and old memories of a cutting edge Enlightenment DR16 I decided to check out its latest version.

Although still beta, the latest version is called E17. It’s a complete rewrite and has been in development for quite some time now. Based on Shadoi’s i386
repository I built some amd64 packages for debian unstable. Building and installing Shadoi’s packages went very smoothly.

E17 is running a small 12 hours now, but so far it feels quite stable. The file manager wasn’t included in the packages and the media player feels a little basic, but as a window manager and basic desktop environment I might actually decide to stick with it. I wont throw screenshots and a lengthy description of the eye candy at you; there are many out there already and it’s a much better idea to
just try yourself anyway 🙂

For those who fear destroying their beloved setup there is a live-cd available with both version 16.8 and 17 called elivecd.

niels / Hardware / #voip

Unlocking Pilmo Voicefinder

A while ago I posted a small HOWTO on how to use Pilmo and the Pilmo Voicefinder with Asterisk. In response to that I got some requests on how to unlock the Voicefinder. Although there is no need to unlock it when using my instructions, here’s how:

Download an original Addpac firmware from http://www.addpac.com/addpac_eng/customer.html

Just type AP200 in the download box and you’ll get a list of available firmwares.

  • Connect the voicefinder using a DTE serial cable.
  • When the system boots press Ctrl-C and Ctrl-X alternately until you see BOOT_login:
  • Login as guest using password guest.
  • Set a new password for the root user using the password command: password newpw newpw
  • Do a show interfaces.
  • Configure your PC to be in the same IP range (or reconfigure the voicefinder IP).
  • FTP to the voicefinder IP address and upload the downloaded firmware. (Login using root and the newly set password.)
  • When the upload is complete the Voicefinder will report the version of the firmware you uploaded an start writing it to flash.
  • Once writing and verifying is completed type reboot.

The voicefinder will reboot using the newly uploaded original firmware. It will ask your DHCP server for an IP address. Go there with your favorite web browser and behold.. a full Addpac webinterface 🙂

niels / Software /

Personal Livestream

Two weeks ago XS4ALL introduced ‘Personal Livestream‘, allowing their customers to share their own audio/video stream with an unlimited number of viewers within XS4ALL and a handful on the rest of the Internet. Sounds good?

Unfortunatly their website tells you the service will only work with Windows as the service requires Windows Media Encoder. Sound bad!

Fortunatly it’s easy to prove them wrong using vlc:

vlc input_stream --sout '#transcode{vcodec=DIV3,vb=256,scale=1,acodec=mp3,ab=32,channels=2}:std{access=mmsh,mux=asfh,url=:7007}'

Replace input_stream with your favorite audio/video files or devices, register your stream with XS4ALL and enjoy!

niels / Software / #voip

Pilmo and Asterisk

The last few years I’ve been using Pilmo as my voip provider and am quite pleased with it. The good thing about them is that they supply me with a regular Dutch phone number including a normal area code and not some weird number in one of the dedicated voip number ranges. The bad thing about them is that prices at other providers have been dropping and they are slow to follow.

What I wanted was to keep Pilmo for my incoming calls and use other providers for my outgoing calls. Unfortunately the ATA they supply is more or less locked. I decided to install Asterisk and tweak its config to proxy between their ATA and the Pilmo servers. I can now receive calls on my Pilmo phone number and call everyone I know, even abroad, for free using an IAX channel to voipbuster.com.

I posted my config to: voip-info.org

niels / Blog / #vpn

Super Freeswan and Windows XP

Wanted to throw out WPA for several reasons, I switched to IPSEC for my wireless network which includes a Windows XP machine…
This is just a quick reference for myself so I don’t have to figure it out all over again when I add a Windows machine to the network.

On the Freeswan box

  • Edit openssl config to increase number of bits and expiry time.
  • Use CA.sh to create a root certificate. (by default in ./demoCA)
  • Lower expiry time back down a bit in openssl config.
  • Create a new client (and also one for the server) certificate: CA.sh -newreq (use a pass phrase)
  • Sign this certificate: CA.sh -sign
  • Rename newcert.pem to something client specific (clientcert.pem in this example). (You might also want to keep newreq.pem..)
  • Create a PKCS12 file for Windows: openssl pkcs12 -export -in clientcert.pem -inkey newreq.pem -certfile demoCA/cacert.pem -out client.p12
  • Extract the subject, you’ll need it for ipsec.conf: openssl x509 -in clientcert.pem -inform pem -noout -subject

Put stuff in ipsec.conf:

config setup
    interfaces="ipsec0=eth1″
    klipsdebug=none
    plutodebug=control
    plutoload=%search
    plutostart=%search
    uniqueids=yes

conn %default
    keylife=70m
    keyingtries=3
    disablearrivalcheck=no
    authby=rsasig
    ike=aes-md5,aes-sha,3des-md5,3des-sha
    esp=aes128-md5,aes128-sha1,3des-md5,3des-sha1
    dpddelay=120
    dpdtimeout=370
    dpdaction=clear
    compress=yes
    leftrsasigkey=%cert
    rightrsasigkey=%cert

conn client
    right=192.168.1.12
    rightid="C=NL, ST=NH, L=PURMEREND, O=NiElS, OU=CLIENT, CN=Niels Peen, E=ni
    [email protected]”
    rightca="/C=NL/ST=NH/L=PURMEREND/O=NiElS/CN=Niels Peen/[email protected]”
    left=192.168.1.9
    leftsubnet=0.0.0.0/0
    leftcert=/etc/ipsec.d/certs/servercert.pem
    leftca=%same
    pfs=yes

You will notice that in the subject emailAddress has been replace with E.

On the Windows box

  • (Win)SCP the P12 file to the Windows machine.
  • Start “MMC”
  • You begin with an empty console. Now add some plugins: (names may vary as I translate them from the Dutch Windows version)
  • Certificates -> Computer Account -> Local machine
  • Certificates -> User Account
  • IP Security Monitor
  • IP Policy Management -> This Computer

You now have a useful MMC profile. Save it.

  • Go to Certificates (Local machine), right click -> All tasks -> Import
  • Now import the P12 file, it will ask you for the password. Turn on the exportable option and set the archive to “automatic”. Your certificate should now be imported.
  • Now we’ll create a security policy.
  • Give it a name, like “ipsec all traffic”.
  • Disable the default rule and the the properties dialog pop-up.

We now have a rules Window.

  • Disable the Wizard.

We’ll be adding two rules. One for client to server and one for server to client.
I’ll describe one procedure. The differences are only the Source an Destination address and the Tunnel endpoint. This will make sense once you run into them 🙂

  • Add a rule. (assuming client to server).
  • In filter tab, add a filter.
  • Disable wizard.
  • Name it “client to server”.
  • Hit “add”.
  • Set Source to “My address”, set Destination to “Any address” and disable mirroring.
  • In the description type “client to server”, and close the filter properties dialog and the rule properties dialog. Select the just made filter.
  • Go to filter action tab. Disable Wizard and hit “Add”. We only do this one once, you can use it in both the “client to server” and the “server to client” rules.
  • Select “Negotiate” and hit Add.
  • Select “Custom” and configure it for SHA1, 3DES. Turn off AH. Turn on the session key settings. Defaults are fine. Close dialogs until we’re back in filter properties. Turn off non-secure traffic and enable PFS.
  • In the general tab, name this “ipsec crypto”. Close dialog.
  • Back in the filter action tab select the just made “ipsec crypto”.
  • Go to verification methods. Add one using our imported certificate. Remove kerberos.
  • Set type of connection to “All”.
  • Set tunnel endpoint to the servers address.

Now do the same for a server to client rule.
Back in first dialog, go to the common tab and enable PFS using the Advanced button.

Back in MMC enable the ipsec all traffic policy. Encryption should now take place!

niels / Blog /

Resume

Link to outdated resume has been removed.

Since I had to dig up my resume anyway, I’ve put it [online].

niels / Blog / #email

E-mail replies

Outdated links to lists removed.

Not getting reply to your email? Make sure to check my [blacklist] and [ignorelist].

niels / Hardware / #acer,#laptop

Acer Travelmate 634LC

For those of you buying an Acer Travelmate 634LC I’ve put online some info on having it run Debian GNU Linux. Not as fast as my Medion laptop but it’s more power efficient and has a bigger screen (15.1" 1400×1050).

##Quickspecs

  • Mobile Pentium IV 1.8GHz
  • ALI Chipset
  • 15.1" TFT
  • 32MB videocard with TV-Out
  • 512MB DDR RAM
  • 30GB HDD
  • DVD/CDRW
  • 3 hour battery
  • 56K modem
  • 10/100Mbit Ethernet
  • Firewire
  • SmartCard
  • CardBus/PCMCIA
  • Acer port replicator
  • Infared

The longer specs, and how to get stuff working (Using Debian GNU/Linux and Kernel 2.4.19):

Audio:
The normal kernel driver complains about interrupts. The ALSA driver however works great. Load snd-ali5451, snd-mixer-oss, snd-pcm-oss.

Modem:
Haven’t tried the modem yet, but it’s supposed to be a Lucent Winmodem if you want to try.

Network:
Works great with the standard 8139too driver in de 2.4.19 kernel.

Firewire:
Use the OHCI kernel driver and it seems to work. I have no actual firewire equipment to test it though.

USB: (v1.1)
Also use OHCI driver to get this running. Works fine.

IDE Controller:
Use the ALI15xx IDE driver. Works ok. Needed hdparm to turn on 32-bit mode; DMA mode is on by default. I run:

hdparm -c 1 -u 1 /dev/hda

on boot.

PCMCIA/CardBus/SmartCard:
The CardBus/PCMCIA part works fine with the standard CardBus driver. The laptop also has a smartcard reader. O2 Micro however stopped their Linux support for the smartcard reader. Make sure to send them a friendly email to complain about that. They did supply me with (useless to me) binary drivers for RedHat 6.2. (Read this.)

Video:
I downloaded the AGP and XFree driver from the nVidia site. They work great, including OpenGL and TV-Out. Keep in mind that the nVidia X driver is called ‘nvidia’ and not ‘nv’ like the original X driver. 1400×1050 sure is a lot more useful than 1024×768 🙂

IRDA:
Worked using the SIR drivers (loading irtty, ircomm-tty and ircomm). Could not get the ALI FIR driver to work.

ACPI:
The ACPI in kernel 2.4.19 has problems shutting the machine down. I used a patch for 2.4.19 from http://sourceforge.net/projects/acpi. (Make sure to reconfigure the kernel.)

APM:
Suppose it could work. I prefer using ACPI.

Touchpad:
I used the synaptics driver from mobilix.org. Works great.

DVD/CDRW:
IDE DVD-player and CD (Re)Writer. Configure kernel for SCSI emulation to use the writing features. Also put append="hdc=ide-scsi" in your lilo.conf.

Some output for those interested:

00:00.0 Host bridge: Acer Laboratories Inc. [ALi] M1671 Northbridge
[Aladdin-P4] (rev 02)
00:01.0 PCI bridge: Acer Laboratories Inc. [ALi] PCI to AGP Controller
00:06.0 Multimedia audio controller: Acer Laboratories Inc. [ALi] M5451 PCI
AC-Link Controller Audio Device (rev 02)
00:07.0 ISA bridge: Acer Laboratories Inc. [ALi] M1533 PCI to ISA Bridge
[Aladdin IV]
00:08.0 Modem: Acer Laboratories Inc. [ALi] M5457 AC-Link Modem Interface
Controller
00:0a.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C
(rev 10)
00:0b.0 FireWire (IEEE 1394): VIA Technologies, Inc. IEEE 1394 Host
Controller (rev 46)
00:0f.0 USB Controller: Acer Laboratories Inc. [ALi] USB 1.1 Controller (rev
03)
00:10.0 IDE interface: Acer Laboratories Inc. [ALi] M5229 IDE (rev c4)
00:11.0 Bridge: Acer Laboratories Inc. [ALi] M7101 PMU
00:13.0 CardBus bridge: O2 Micro, Inc. OZ6933 Cardbus Controller (rev 02)
00:13.1 CardBus bridge: O2 Micro, Inc. OZ6933 Cardbus Controller (rev 02)
00:14.0 USB Controller: Acer Laboratories Inc. [ALi] USB 1.1 Controller (rev
03)
01:00.0 VGA compatible controller: nVidia Corporation NV11 [GeForce2 Go]
(rev b2)
niels / Blog /

Guestbook

Outdated links to guestbook removed.

The almost antique [Guestbook Service] has been
slightly updated and moved to the [BroZus] server.