The 4K Video Enabler

Differences in resolution

The biggest thing during The Consumers Electronics Show in Vegas (CES) was the 4K televisions. 4K is a reference to the resolution. Current TV's (LCD/LED/OLED/Plasma) usually have a resolution of 1920*1080 pixels (1080p). The 4K versions have 4 times the resolution. Capable of displaying UltraHD content at an affordable price. These TV's sell for $1000 - $2000.

NaughtyAmerica offers 4K downloads

All very nice, but the average Joe has no real access to 4K content. Sure, there are some videos on YouTube in 4K, but most of the time it's just plain old 1080p (if you're lucky). The current HD media (BluRay) isn't officially certified for 4k content, so the only alternative at the moment is downloadable content. Guess which industry is on top of things? (pun intended).

As with almost everything in the past (VHS / Internet / DVD), the porn industry is one of the first to embrace the new technology. Now all we need is fiber to the home with a minimum of 100Mbps to enjoy the new format.

Posted on February 8, 2014 by Willem and filed under News, Personal, TV, Video and tagged 4k video.

Use Cisco ISE for RADIUS Authentication with Juniper Junos Devices

While preparing for some Juniper exams, I wanted to test RADIUS authentication for Junos device access. This way of authenticating is helpful in larger networks. Instead of providing all the devices with several usernames and passwords you can use a centralized RADIUS server for authenticating on all those devices. If that RADIUS server uses the Active Directory as a user database you can login on your network devices using your regular username and password.

The RADIUS server of choice (at the moment of writing this) is Cisco Identity Service Engine (ISE). Overkill for this specific blog post, but fun to do.

Read more …
Posted on January 22, 2014 by Willem and filed under Junos, Security, Tips'n Tricks and tagged Cisco ISE RADIUS Splunk.

Export Photos From Lightroom As Fine Art Prints

Usually, I export my photos from Adobe Lightroom for print or for online display. The exports for online use (SmugMug, Flickr, or several online forums contain a watermark in the bottom right corner. Something that can be done by using the export module in Adobe Lightroom.

I wrote an article a while back on how to do this using Photoshop actions, but this time I want to use a different approach. One without (or at least minimizing) the use of Adobe Photoshop, and using the power of Adobe Lightroom (plugins).

Read more …
Posted on January 17, 2014 by Willem and filed under Tips'n Tricks, Photography and tagged Adobe Lightroom fine art border mogrify.

Expired SSL Certificates

When I'm doing my thing on customer projects, and there's some SSL stuff involved, I always keep reminding them to make sure that they renew their certificates in time. Why, because they almost always forget it the renew them in time, and after the expire stuff stops working, and they call us.

Guess what? My certificates expired this evening, so I got numerous warnings and errors in several applications that use those SSL certificates. Thankfully I run my own CA (XCA), and I documented where I use them, and how to replace them, so I was back in business in 10 minutes.

Lesson(s) learned: make a notification in my calendar to replace them ahead of time.

Posted on January 5, 2014 by Willem and filed under Security, Tips'n Tricks and tagged xca ssl certificates expire.

Using EX Firewall Filters With UAC

Network Access Control (NAC) is hot in Enterprise environments. NAC offers an excellent mechanism to (safely) allow various devices network connectivity and staying in control as a network administrator. There are numerous ways to allow iOS devices, BYOD, CYOD, Corporate laptops onto your network without compromising valuable corporate resources.

In my line of work I deal with several vendors / solutions to create these NAC protected environments. The most popular at the moment are;

  • Identity Service Engine (ISE) from Cisco
  • Junos Pulse Access Control (UAC) Service from Juniper

Both solutions have their pro's and cons. Juniper has an excellent client for the desktop to safely connect to the network, and an integration with their SRX firewalls to (dynamically) enforce firewall policies on a per user basis. Cisco on the other hand has a more flexible way of creating access policies, and the use of so-called downloadable Access Lists (dACL). 

Read more …
Posted on December 20, 2013 by Willem and filed under Junos, Security, Tips'n Tricks and tagged Junos firewall filter Juniper dot1x RADIUS Pulse UAC NAC Network Access Control.

Creating Funny Money

is not as easy (of funny) as it might sound.

Last weekend we a dinner celebrating the 12.5 years of marriage of my sister-in-law. Our gift was a gazillion envelops filled with;

  1. useless paper
  2. 10 euro bill
  3. .....

This way they had something to do when they came home from the dinner. The fourth option was supposed to be funny money; scanned and severely altered euro billet.

The initial idea was to create a euro bill for 12.5 euro's, but that would take too much work, so I opted for a 55 euro bill (just clone the existing 5 on the 5 euro bill).

Read more …
Posted on December 4, 2013 by Willem and filed under Annoying, Personal, Security, Software and tagged counterfeit euro funny money CDS.

AirDrop Between iOS and OS X Maverick

I got my new AirDrop-capable phone today.  Not that AirDrop was the reason for getting it, but the feature itself is quite nice; being able to send files between devices. No need to use mail or other communication methods.

This evening I shot a video on my phone and I needed it on my MacBook (with OS X Maverick). Both devices are AirDrop capable, so ..... 

And there is I went wrong. After trying for about 30 minutes to get it to work I found the answer online.... Looks like that AirDrop between different OS is NOT supported by Apple. And not supported does mean that it won't work.  

OS X: Can I use AirDrop with my computer?
http://support.apple.com/kb/ht4783
iOS: Using AirDrop
http://support.apple.com/kb/HT5887 

That is one Epic Fail if you ask me.  

Posted on November 11, 2013 by Willem and filed under Annoying, Apple, iPhone, Operating Systems and tagged Epic iOS Maverick AirDrop fail.

Juniper SRX IDP Attack Log Investigation

Last week I fiddled with the IDP functionality on my SRX100H. I eventually installed a modified version of the so-called "Recommended" IDP policy. The full Recommended policy consumes to much memory on the SRX100H, so I had to remove some rules.

After installing the IDP policy I 'configured' Splunk to run reports on IDP Attack Events (IDP Attacks in the last 24 hours). This way I have a nice overview of the detected attacks.

Today I checked the logging, and to my surprise I found several IDP_ATTACK_LOG_EVENT entries in the log. This triggered my curiosity a bit.

Thankfully I use an NTP server for syncing all the devices around the house, so working backward shouldn't be too hard. 

The IDP event was triggered by my iMac which had the 192.168.1.109 IP address at the time (hurray for DHCP logging). The reported exploit (HTTP:XSS:HTML-SCRIPT-IN-URL-VAR) is basically website related, so I started to dig through the browser history. Turned out that I visited the Victorinox website at the time looking for winter coats. During my visit at the website I tried to find a local store where they sell these items, but for some reason the 'Store Locator' thingy on the website didn't work. Now the logging explained why it didn't work.

It looks like they use a map-service (hosted on the destination address 199.16.46.10) in combination with some cross-site-scripting to deliver the functionality.

I tested this again, and indeed, every time I go to that website and try to locate a store, the same IDP_ATTACK_LOG_EVENT occurs.

In this case the cross-site-scripting (XSS) is relatively harmless. The use it to display a map with possible stores based on your query. Unfortunately, there are numerous other scenario's where this (XSS) isn't harmless. 

Posted on November 11, 2013 by Willem and filed under Junos, Security and tagged idp Splunk Juniper.