CiscoVPN Error 51 Annoyance

The CiscoVPN client (v4.9.01.0100) for Apple OSX throws an error every once in a while. Mainly when I just rebooted, or when I was forced to quit some hanging application (which also occurs on Macs). The error is:

Error 51: Unable to communicate with the VPN subsystem

Somehow, the VPN software looses contact with the network adapter (wired AND wireless). After this there are two things you can do;

Reboot
or restart the Cisco VPN Service manually.

The first is kinda obvious (it's almost a MS Windows strategy :)). The second one is done via the Terminal (Finder -> Applications -> Utilities -> Terminal). Just type the following command (followed by your password);

sudo /System/Library/StartupItems/CiscoVPN/CiscoVPN restart

The thing I don't understand is; Why hasn't Cisco incorporated this in the VPN client?

IF (Error 51 == TRUE)
DO CiscoVPN.restart

It seems that this 'bug' is present since the release of the Mac OSX version of the software.

Posted on May 20, 2008 by Willem and filed under Annoying, Apple, Security, Software, Tips'n Tricks and tagged Cisco Error 51 VPN.

OpenSSH Vulnerabilities

It seems that public key authentication isn't as save as you might have thought. That is if you're using a Debian based OpenSSH solution. This package can be found in many Linux distributions like;

Debian (duh ;) )
Ubuntu
Kubuntu
etc.

The problem is that the random number generator (which is of vital importance in generating key-pairs) isn't as random as you might think. It seems that there are only about 30.000 combinations in this specific generator. This leaves the door wide open for brute-force attacks.

So, the first you must do is update your OpenSSH software, and generate new keypairs for all devices / users which might have keys which were generated with the vulnerable OpenSSH software. Softwarepackages depending on OpenSSH are;

OpenVPN
DNSSEC
OpenSSH
Certificates used in TLS connections
etc.

More info on the subject can be found here [1, 2, 3].

Posted on May 20, 2008 by Willem and filed under Linux, News, Security, Software and tagged Debian OpenSSH PKI vulnerability.

Adobe Coldfusion MX on Ubuntu Server

Ever since I went 'Apple', the urge of moving away from Microsoft Windows operating systems is getting bigger and bigger. A couple of weeks ago I installed a two Ubuntu servers (v7.x) at work. Mainly for testing , and educational purposes.
The installation went extremely smooth on old Compaq ML370 server hardware. So, as a test I tried to install Adobe Coldfusion MX (Coldfusion 8 ) on the Ubuntu server (with Apache, and MySQL).

There are several postings on the Internet suggesting that it should be possible. Even though Ubuntu isn't on the supported platforms list for Adobe Coldfusion MX.

Posted on May 10, 2008 by Willem and filed under Linux, Operating Systems, Software, Tips'n Tricks and tagged Adobe Apache2 Coldfusion Linux ubuntu.

Ubuntu 'Hardy Heron' Released

As of yesterday, the latest Ubuntu release 'Hardy Heron' is available for download (both client and server). Every time a major Linux distri(bution) hits 'the shelves', the Linux community roars. With each release (Ubuntu or whatever flavor) the Linux community gets closer, and closer to Windows.

Even though the OS itself is getting better and better. It still lacks the support of decent major software like Adobe Creative Suite, etc. It's missing the software people use in every day (business)life.
Sure, there a million different ways of running Microsoft Office or Adobe Photoshop on a Linux OS, but these require a commercial piece of software (CrossOver) , or in depth knowledge of the OS to make it work (Wine in some cases). Two things that shouldn't be required. Not if you're used to Windows (or Apple's OSX). And even if you find a 'substitute' it's most likely to have an awful user experience.

The average housewife won't use Linux, because her friends all use Windows. All those nice little Windows programs, which makes life easier (or a living hell with all the mal/spyware out there). So if the Linux community wants to make a difference they need to create some sort of critical mass (by their selves, or by Microsoft screwing up) to get the attention of the 'normal' user. But in a community where there's no real (commercial) business model, it's gonna be damn hard.

Microsoft created this critical mass by playing (probably) the best marketing trick in the world; Release Windows 95, and turn a blind eye to those who use a pirated copy at home. The home users create demand on the workfloor, so businesses start to use it on their workstations. Soon everyone was addicted. And now it's damn hard to beat the addiction.

B.t.w., Apple is doing it a lot better. They created a nice and stable OS (just like the average Linux desktop distribution), BUT the OS has ALL the relevant drivers for the hardware used. ALSO they have a complete (and cheap) software suite (iLife and iWork), which is more than enough for the average family. No need to search the caverns of the Internet for software, and they look and feel the same as the OS.

So, I guess that my conclusion is that the OS is nearing perfection, but it (Linux in general) lacks good and decent third party software (and a good marketing machine :) )

In the mean time; I'm gonna upgrade my Linux (mail, web, and ssh) servers at work to 'Hardy Heron'.

Posted on April 25, 2008 by Willem and filed under Apple, Linux, Microsoft, News, Operating Systems, Personal, Software and tagged Apple Hardy Heron Linux Microsoft OSX Windows iLife iWork ubuntu software.

VMWare and Firewall / VPN Clients

Well, that was another morning well spent....

A couple off weeks ago I started experimenting with FreeRADIUS on Ubuntu server (v6.06.2 TLS). Mainly because I needed to test some things for work. So I used VMWare to experiment. The networking part was set-up as Bridged.

Today, I wanted to test with iperf (a tool for network performance testing). So I launched the virtual machine, but there was no network connectivity. ifconfig showed that eth1 didn't received an IP adres.
So I ran every possible test there was;

restarted the interfaces (/etc/init.d/networking restart)

This resulted in the following;

Listening on LPF/eth1/00:0c:29:68:e3:eb
Sending on LPF/eth1/00:0c:29:68:e3:eb
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12

The "DHCPDISCOVER" messages continue about 4 times, then the message:

No DHCPOFFERS received.
No working leases in persistent database - sleeping.

restarted the DHCP server
rebooted the virtual machine
changes the networking to NAT instead of Bridged (this way, connectivity was restored, but not the way I wanted. I needed Bridge-mode)
Tried to run the virtual machine on OSX (VMWare Fusion), which worked surprisingly.

After this I ran Wireshark on my server to see if DHCP request were coming in.... And you might have guessed; No DHCP request were reaching the DHCP server. So the problem was work PC related.... As a matter of fact, I had the Cisco VPN client running..... Which didn't allow the DHCP request broadcast.

Shutting the VPN client down solved the DHCP problem. After the virtual machine worked I could reinitiate the VPN.

Mental note to myself: do NOT boot/restart the virtual machines when the VPN is up.

Posted on April 8, 2008 by Willem and filed under Annoying, Operating Systems, Software and tagged Cisco VPN client DHCPDISCOVER FreeRADIUS dhcp firewall iperf ubuntu vmware.

OSX Update Galore

There are lot's of people who complain about the updates on the Windows platform, but Apple tries to compete I guess. In the last 3 days there was a big security update, Safari 3.1 (both Windows and OSX), Time machine and Airport Updates, and now a Camera RAW update for OSX 10.5.2. Thankfully no problems on my side with the updates. Looking for other updates from Apple? Just go here.

Posted on March 20, 2008 by Willem and filed under Apple, Operating Systems, Photography, Security, Software.

Nokia E61i Firmware Update

Early this week, I found a new firmware for my Nokia E61i (out since October 2007). The version I had was v1.x, and this one was v2.0633.65.01 (press *#000# on your E61 to see the current firmaware version). Updating goes through a separate application, but it should also be possible through download over the mobile network (I haven't tried this). All you need to know is explained on the Nokia website, but there are some thing you don't want to forget;

Use the Nokia Datasuite to create a FULL backup of the phone, because during the upgrade the phone goes back to factory defaults.
Have lot's of patience (and some deodorant handy)
Make sure the PC isn't doing anything else that might interfere with the update.

The first attempt failed for me. Even with all the warnings (DO NOT INTERRUPT THE UPDATING PROCESS OR DISCONNECT THE PHONE!!!) I rebooted the PC and disconnected the phone. Result, the phone didn't respond (this is where my deodorant came in). After this I restarted the upgrade process, and the phone got recognized (thankfully). After 10 minutes, the phone rebooted with the new firmware version. First action was to restore all data and settings on the phone. Since I had some issues with my network connectivity I decided to remove the Access Points and reconfigure them.... Well, don't. First of all, I wasn't able to receive the configuration parameters from the mobile operator (SMS 'ja' to 1300), so I had to reconfigure them manually. Their website has a step-by-step manual on configuring the E61i, but this didn't help either. MMS functionality remained absent, and none of the applications was able to connect to the Internet by itself. I had to initiate the connection manually before browsing the web. E-mail was even worse. Every time I had 'Packet Authentication' errors. So after a day I decided to restore the Access Points from my backup, and guess what... Everything worked again. And now for the thing that have changed (at least the ones that I've noticed);

the e-mail application seems more stable
camera and video are still crappy (the time between the snapshot sound and the actual capture is still multiple seconds)
Idle connections are terminated. This is a bad thing (for me at least), because I had my UMTS connection open all the time, and this way I received mail throughout the day. Now I have to connect each time I want to check my e-mail.

I haven't tried VoIP yet, but will try to do so soon (that's what happens when you don't pay for your own bills :-) ) Conclusion is that the phone didn't get better. There are some improvements, and there are some new annoyances. But my e-mail is stable at this moment.

Posted on March 15, 2008 by Willem and filed under Annoying, Gadgets, Software, Symbian and tagged Nokia E61.

Awesome Screensaver

I listened to the latest 'This Week in Tech' podcast today. They mentioned a screensaver called FlickrFan. This screensaver can connect to flickr account and images to use in the screensaver. But it also downloads current Associated Press images in high quality and more. This results in awesome pictures from around the world covering the news in HIGH-RES. B.t.w. it's much more than just a screensaver, but I liked the screensaver-part best.

Posted on March 6, 2008 by Willem and filed under Apple, News, Photography, Software, Tips'n Tricks.

TrueCrypt Cross-Platform??

Since I have an iMac with OSX 10.5 (Leopard), I use TimeMachine for my backups. This works great actually. But I also need an off-site backup of some sort. Just in case the house burns down or that some f*cker decides to steal my hardware. So I bought an external Freecom 160GB USB2 drive (USB powered) for my off-site backups. I encrypted the entire harddisk with TrueCrypt 5.0 on my iMac, and copied the data I needed to preserve. After that I wanted to access the data from my work laptop (Windows XP SP2 with TrueCrypt v5.0)..... This didn't work. TrueCrypt didn't recognize the password, or the encrypted disk (AES / SHA-256 full disk encryption). I tried to access the data on my Mac and everything worked, so there's no data corruption of some sort. Eventually, I recreated the encrypted drive on my Windows XP laptop (lost the backup in the process). This time the disk would mount, and could also be read/mounted by my Mac. So, I guess that TrueCrypt is Cross-platform, but with the current version (v5.0a) you need to make sure to create the volume on Windows if you also want to mount it on OSX. I reported this through their bug-reporting tool to the developers. No idea if there are similar problems with Linux. UPDATE: Pretty soon they released v5.0a, and today v5.1 was released. So development goes on :-)

Posted on March 3, 2008 by Willem and filed under Annoying, Apple, Microsoft, Security, Software.

GPS Logger Put to the Test

We went to the Hoge Veluwe in Gelderland last weekend for some 'serious' photography. This would be the first real trail for my GPS Logger (Qstarz BT1000).

At the 'start' I switched the logger to 'Log', and forgot about it completely during the day. The device did its work during the day. The real challenge came at home. Linking the GPS info to the photo's.....

The software for adding the GPS data to the photo's was 'GPSPhotoLinker' (remember that I use a Mac). Unfortunately, the software kept crashing when I tried to combine GPS data and the images. Possible reason could be the large NEF (Nikon RAW) files, because the crash happened every third image.
So the search for an alternative started, and I quickly found 'PhotoGPSEditor' (also DonationWare). This tool could also manipulate NEF files.

Adding the GPS info was relatively easy with this software (GPSPhotoLinker is more intuitive IMO). After that I imported the photo's in Adobe Lightroom, which showed the GPS data in the Metadata section of Lightroom (you can see the map location when you click on the arrow behind the GPS coordinates.

Just click on the following picture, to see when and where it was taken.

The complete set can be seen here.

Posted on February 18, 2008 by Willem and filed under Gadgets, Photography, Software.