Love technology toys? Check. Read a lot? Check. Often would read if had remembered or had space to bring book? Checkitycheck.

I am absolutely in the prime target audience for a Kindle. Amazon having just launched their latest and greatest (by all accounts) Kindle 3, I was on the very brink of buying it. The concept has me completely won over. Having many books available in a easy to read, use and carry form is just what I want. Here in France Amazon have not yet opened up a localised Kindle store, but the international version would suffice for now.

Before plonking down the cash, I look to see how much it would cost to buy the last few books I bought, plus a few others I already have but would like to have on the Kindle. Now I know that there is also quite a lot of free Kindle content available  – mainly out-of-copyright “classics” – that appeals greatly. But looking at the paid-for content, I was actually quite shocked at the prices. It’s going to be an imperfect comparison: the paper-version of a book has different attributes and drawbacks compared with the Kindle version. But ultimately the content is the key thing.

Shocked. I was shocked. Shocked was I. Was I shocked? Yes.

Continue reading Kindle-gouging

In praise of VirtualBox

VirtualBox. What a splendid piece of software.

Just a quick post to flag up this software, which deserves recognition. It’s a VMware lookalike, but entirely Free (as in beer and as in GNU GPL)

Digiblue boo

As owner of a Digital Blue QX5 microscope (one of the cheapest, greatest,  “serious educational toys” you can lay your hands on – and it’s not even clear if they still make it) my daughter wanted to use it the other day. It’s been unused for a while and during that period my only Windows machine has moved to Windows 7 64-bit. And the QX5 driver software supplied is, of course, Windows XP 32-bit. Off to the Digiblue web-site and relieved to see that they assure me that they have Windows 7 64-bit drivers available. Turns out to be a big fat lie. They have them available for a slightly revised model of the QX5. Not the original (different USB ids, etc.)


Thoughts turn to Linux WINE. Hmmmm. Nope. USB drivers and WINE are one area that still doesn’t really do what it needs to do.

I need XP

OK – I realise that to get the thing working I need a Windows XP machine. Simple. Yet I can’t be arsed to set up a dual-boot or anything like that. So remember how neat VMware was all those years ago when I used to use it. I even bought a license for some early version! But I don’t fancy buying a new license which would cost about €130.

I have the dimmiest recollection of some sort of freebie workstation VM called virtual-something. Google around a bit and quickly find VirtualBox. And it’s just like the VMware I remember, but without the credit card requirement.

Now I’ve only used it in the simplest of manners: running an XP 32-bit VM on a Windows 7 64-bit host. Not tried any other permutation of host/VM, of which there are all sorts claimed. (Linux hosts, MAC, different Windows – and even more VMs, extending to the BSD and so on) But for what I wanted it’s absolutely spot on. Really neat.

Oracle, not a company I’ve ever been a fanatical supporter of, earns a few brownie points from me.

OpenVPN over IPv6

Previous articles have detailed various aspects of getting IPv6 running on a home-gateway router. The aim is to migrate as much as possible towards an IPv6-only situation.

Here I cover the steps required to implement a simple point-to-point OpenVPN (SSL) VPN tunnel using PSK over IPv6 infrastructure.

One key element for me is to migrate my VPN connection to a remote host I own off IPv4 and entirely onto IPv6. This was not entirely straightforward! In fact it took hours and hours of research and experimentation to get this working. The eventual config required is not so mind-boggling. But getting there was tricky. As I’ve found out so many times before with regard to IPv6, the building bricks are lying around, but there are very few sources of information to help you stack them up. Once the steps are laid out, as you’ll see below, it’s actually pretty easy.

Migrating from what to OpenVPN IPv6?

We’re going to migrate an IPv4 OpenVPN point-to-point PSK VPN tunnel on Linux to an equivalent on native IPv6 infrastructure. We’re not trying to have an IPv4 tunnel over IPv6, nor an IPv6 tunnel over IPv4 (both of which are possible and useful in different situations). Here I aim to have an IPv6 OpenVPN SSL tunnel over pure IPv6 infrastructure.

My current VPN set up is:

  • Home gateway running Ubuntu 10.04 (Lucid)
  • Remote host running the same
  • Fixed public IPv4 and IPv6 (global) addresses on each.
  • OpenVPN point-to-point tunnel between them.
  • Simple PSK authentication.
  • Shorewall config as appropriate to OpenVPN.

To put some detail on it, there is a standard build of OpenVPN installed, with a config file such as /etc/openvpn/otherhost.conf:

Continue reading OpenVPN over IPv6

Netgear EVA9150

My much-loved Pinnacle Showcenter (written about previously here, for example)  finally packed up. Not sure what killed it – did the obligatory open-it-up-and-buzz-it-a-bit routine. PSU  seemed OK, but when the main board was connected up, something was dragging the PSU down big-time. No obviously failed components, so you are left with the likelihood that some chip somewhere has gone bad in a big way. So after shedding a tear, one quickly cheers up and realises that it’s a perfect excuse to replace it with something new!

Not self-build?

I wanted a device with similar functionality, to play my large collection of videos stored on a server and also allow occasional photo browsing. I didn’t have many hard and fast requirements, but as far as they went they were:

  • support a wide range of media formats, particularly DivX variants and MKV hi-def.
  • support a wide range of output (today we still have a large but rather old normal-def TV – I am sure in the lifetime of a new device our TV will get replaced with something HDMI-ish)
  • smart networking: my house is a mixture of Ethernet-over-power and wi-fi, with little cabled Ethernet)
  • Open. Very important. No proprietary crap, either in terms of what it can play or what I am allowed to do with it.

Given this and my propensity for building my own kit, a self-build seemed like an obvious idea. I toyed with the obvious mini-ITX options, with appropriately funky video cards and one of the Linux TV-based distros. But when I did a rough calculation of both the cost and the work required I couldn’t help but check if there was anything ready-built which would also do the job. I didn’t expect to find anything, to be honest. It was almost a “Due Diligence” exercise which I had to perform so that when I then spent day after day getting my self-build working OK I could mentally justify the effort. However the formality of proving there was nothing which met my needs turned out to have a surprise ending. Continue reading Netgear EVA9150

Evil secularists

Interesting appeal court decision in the UK yesterday. A certain Gary McFarlane, a “ Christian relationship counsellor” lost his appeal over a refusal to offer sex therapy to a gay couple.

The story seems fairly well covered here, here and here (lefties, right-wing and The BBC!) with similar reporting.

First off one cannot but wonder what a “Christian relationship counsellor” actually is. Is it like a “Christian car mechanic”, who we wonder is a car mechanic who goes to church, or a car mechanic who only works on Christian cars? And given, as we soon discover, that Mr McFarlane objects, in at least some form or another, to homosexuality, you have to wonder just who would choose to become a sex therapist when you have a hang up about a common sexual orientation.

But that is not the main issue here – the real issue is whether Mr McFarlane can claim supernatural beliefs permit him to discriminate against people in his working life. And the English courts have emphatically said “No”. In essence the court says that your beliefs are your own business, not anyone else’s. And if you choose to apply them to others you may find that they contradict the laws of the country. And at that point you have a problem.

Continue reading Evil secularists

IPv6 and DNS

IPv6 DNS – It works for me….. but it shouldn’t.

When in my IPv6 environment I perform a test ping to, say, Google, it seems to work great:

PING 56 data bytes
64 bytes from 2a00:1450:8006::6a: icmp_seq=1 ttl=55 time=49.3 ms
64 bytes from 2a00:1450:8006::6a: icmp_seq=2 ttl=55 time=44.6 ms

Which is lovely. But I then ask myself how the ping6 command actually gets to know that name lives at IPv6 global address 2a00:1450:8006::6a. How is the domain name being resolved? And I find that I actually don’t know. I’m perfectly familiar with IPv4 DNS. So what’s going on here?

I’m cheating

I discover, upon investigation, that in fact I’m “cheating”. By that I mean that my attempt to set up a “pure” IPv6 environment (albeit in parallel with IPv4) that does not rely upon or touch IPv4 in any way has not been achieved – It turns out that my DNS is currently entirely dependent upon the existing IPv4 infrastructure! And before going ahead and trying to rectify that, it’s actually rather educational to understand how it is actually working at all.

Continue reading IPv6 and DNS

IPv6 – Proxy the neighbors (or come back ARP – we loved you really)

After three articles, where am I with my venture in to IPv6? What have we really achieved so far? Well, in functional terms, not so very much yet!!

To recap:

  • Here I covered a lot of ground, getting basic IPv6 running on a Linux gateway box connected to an ISP providing native IPv6, while remembering stuff like the need to set up a firewall.
  • Here I looked at the issue of IPv6 firewall logging
  • And here I looked at the need to set up a default route out of the gateway device pointing back towards the internet.

And what can I now actually do? Well……. from the gateway box I can ping out successfully to any IPv6 device on the Internet. In other words, logged in to the device in green on this diagram, I can ping out of eth0 over the Internet. And from an IPv6 device on the Internet I can successfully ping towards my green box, using the address of eth0. So I can ping from the Internet to (these are of course made-up addresses!) 123::456.

Continue reading IPv6 – Proxy the neighbors (or come back ARP – we loved you really)

IPv6 and default routes

Following on from my first tutorial, we have a box set up which has basic IPv6 connectivity. There’s a firewall in place with a simple but sufficient configuration. And we can ping6 from this box to remote IPv6 destinations.

All of this has, so far, made use only of one network interface (in my case eth0) to set things up. However looking ahead to the next step I am aware that I will want devices inside my network (i.e. my workstations, etc.) to have IPv6 connectivity through this device I am setting up. In other words, this device must, as it does today for IPv4, act as a router.

With IPv4 this is, at a basic level (so forgetting about firewalling and so on) very easy: enable IPv4 forwarding and away you go.

For IPv6? A little more complicated…

Continue reading IPv6 and default routes

IPv6 – logging and shorewall6

Following on from my early success at get IPv6 running, I soon hit a significant issue: firewall logging.


Now this need not be a “blocker” for everyone, but I take my firewall logging duties quite seriously…!

shorewall IPv4 logging

Currently I have IPv4 shorewall configured to log not using the standard syslog mechanism, but instead to use ulogd. This allows me to easily log firewall activity to an entirely separate set of log files very easily. It is absolutely not mandatory, but it’s neat and tidy. I then have fwlogwatch to nightly analyse the logs and automatically email the interesting bits to me for occasional checking.

To enable this I have appropriate pointers to use of ULOG in shorewall’s policy and rules files as follows:

IPv6 at home – a guide to getting started

With IPv6 slowly becoming more visible, it was time to get to grips with it. While absolutely not essential (yet!) it seemed like a fun idea: my ADSL provider offers native IPv6 in parallel with IPv4, and my hosting provider is running an IPv6 beta. So I can do native IPv6 end to end between my home and a remote host. “Home” in this case consists of a Linux firewall running iptables, fronted by shorewall. Two ethernet ports: one to the ADSL modem (my “external” interface) and one to the house infrastructure (“internal”)

The Ubuntu server distribution in use is, like most Linux distros, fully IPv6 ready. For example, do an ifconfig and we see

Link encap:Ethernet  HWaddr 00:40:63:f5:f9:3c
inet addr:88.XXX.XX.XXX  Bcast:88.XXX.XXX.255  Mask:
inet6 addr: fe80::240:63ff:fef5:XXX/64 Scope:Link
RX packets:14086899 errors:0 dropped:0 overruns:0 frame:0
TX packets:15607323 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1837525573 (1.8 GB)  TX bytes:666354591 (666.3 MB)
Interrupt:16 Base address:0x8000

Now I may not know much about IPv6 on Linux yet, but I can see that I’ve got a line beginning “inet addr” which looks kinda IPv6-ish. Good start. Let’s go…

Continue reading IPv6 at home – a guide to getting started