blogs.bit10.net

Has your Hotmail and Live Messenger been hacked?

2008-07-21T18:27:41+00:00

I have in the past posted about my experience when I got my Hotmail account hacked and how I subsequently recovered it. To save everyone the hassle of wading through my blog for the answer (and earn me a few quid hopefully), I have now written a handy document that helps you understand:

1) Why and how your Hotmail/Live Messenger was compromised in the first place.
2) How to go about getting it back.
3) How to stop it happening again.

All for a mere $10… you can buy it here.

P.S. I appreciate the irony that if you have had your Hotmail account compromised you have probably lost your Paypal account as well, so can’t actually pay me! Unfortunately its a chicken and egg problem you will have to sort out, as I can’t be arsed to set up another payment mechanism - sorry!

Pizza Express Coventry - Food Fail 2

2008-07-04T08:38:58+00:00

After our first food fail and followup discussion with the Pizza Express operations manager, Debbie Phillips, I thought that maybe we had the issue resolved.

Last Tuesday evening we went back to test the theory.

The first failure came early in the day when Jake popped in to check what time they were shutting that evening (their website says 10.30pm), Jake was in fact told they were shutting at 10pm that evening.

7 of us turned up at 9.45pm (i.e. giving them a bit of slack), the conversation went like this (I have bolded the fails):

Me: ‘Good evening, please can we have a table for 7.’

Pizza Express Waitress 1: ‘Hold on I will just check.’ Fail 2 (The answer we were looking for was ‘Yes of course, I will see what we have available’).

Pizza Express Waitress 1 (who from now on will be known as ‘The Nice One’) runs off and has a chat with Pizza Express Waitress 2 (who from now on will be known as ‘Short Angry One’), there is obviously some debate as Short Angry One returns to talk to us.

Short Angry 1: Yes you can come and sit over here.

Me: Thanks, but that is only a table for 6 and its in the corridor, next to Kitchen, can we just go and sit upstairs.

Short Angry 1: Sorry, the upstairs restaurant is closed this evening. Fail 3 (The answer we were looking for is ‘Yes, no problem, please come this way’.

Me: I am sorry I don’t really want to sit in the corridor with one of us on the end of a table, please can we go upstairs.

Short Angry One: No, as I said upstairs is shut. Fail 4 (We gave you a second chance, you should have taken the hint).

Me: Do you mind if we have a quick chat in private… (we both move to one side).

Me: I wouldn’t normally argue any further, but your boss, Debbie Phillips assured me that we would always be able to be seated upstairs and it would never be closed, now please can we sit upstairs.

Short Angry One: I DON’T CARE, I SAID UPSTAIRS IS CLOSED, NOW PLEASE STOP INVADING MY SPACE. FAIL 5 (Don’t raise your voice to me or any other customer ever, plus you just passed up you third and final chance).

Me: Okay, as you wish.

We were shown to our table in the corridor. We then tried to shoot a video message (Tracy has blogged and posted it here), and Pizza Express Waitress 3 (Slightly taller angry but marginally concerned one) told us to stop filming! Incredible!

Anyway we ordered, and the food was good, so that was okay.

We decided then to keep drinking and stay as long as we could (just to see how long it would take them to kick us out), we asked when they would be shutting the bar, they said 11pm, so at 10.55 we did the right thing and ordered a round, this consisted of:

3 x Double Jack Daniels and Coke
1 x Double Vodka and Red Bull
2 x Peroni
1 x Coke (for the designated driver).

Now I am willing to bet there isn’t much change out of £25 at Pizza Express prices, however Short Angry One said ‘Sorry, I am not serving you anymore alcohol, you have had enough I think’. Which we hadn’t and was, IMHO, purely an act of bitterness.

Sigh… Another call to Debbie coming up.

New Mayflower Chinese Restaurant Coventry - FOOD FAIL

2008-07-01T08:34:25+00:00

Last night we decided to have a cheeky Chinese take away. Our usual take away, the Ruby House, is shut on Mondays so had to find another.

We decided on trying the ‘Net Mayflower Chinese Restaurant’ in Cheylesmore, it used to be okay a few years back, it isn’t anymore.

We ordered:

Crispy Chicken in Chilli
Barbeque Spare Ribs in Chilli and Salt
Beef Black Bean Sauce and Green Pepper
Egg Fried Rice

The first worrying sign was in the car driving home, when the smell was something that we can only describe as ‘rotten wet bread’.

When we got it home, the ribs were dry and tough, the chicken was dry, tough and tasteless, the egg fried rice looked very brown and manky like it had seen better days…

The icing on the cake (I wish it was), was the beef which appeared to be the source of noxious odour. I put the first piece of beef in my mouth I actually had to work hard not to be sick.

We disposed of the entire meal immediately.

Worsed take-away ever, a definite FOOD FAIL!

Berocca to the rescue of bloggers everywhere…

2008-06-30T17:55:56+00:00

So the other day I had a hangover, a bad one. So I twittered about how Beroccca came to my rescue.

Anyway Outside Line, the digital agency responsible for Beroccas online marketing contacted me, basically they have a special Berocca bloggers relief pack, which you can get yourself at this special microsite:

http://www.berocca.co.uk/bloggerrelief

Clever stuff Berocca/Outside Line, I like it!

And while we are at it Pizza Express Coventry…

2008-06-27T17:49:43+00:00

Wednesday Evening 10pm, 5 of us very hungry, so we decide to go for a quick Pizza Express.

We walk into Pizza Express, Coventry and its pretty full, all the staff are still on serving, and we ask for a table for 5, the girl serving us looked concerned and ran off upstairs to ask her manager.

She came downstairs and said ’sorry no we can’t serve you as we are closed’, we went to great pains to explain that we come in all the time, and that we will be quick, and could we talk to the manager. Nothing, in fact she blanked us and walked off!

This all makes no sense, its not like they had finished for the night, in fact we probably would probably have been in and out faster than some of the people having a more leisurely meal.

We would have spent well in excess of £100, been really happy that they served us, instead they have lost out on the revenue and 5 peoples goodwill.

We ended up going to the wonderful Thai Dusit, where they were more than happy to feed us, take our money and stay open as long as we wanted.

The Coventry Pizza Express constantly dissappoints in respect of customer service, I think that at least 25% of the time I go there one of the following occurs:

1) Sorry we aren’t serving anymore (despite the restaurant staff and other customers still being there).

2) Sorry we are full (despite the fact that we know they have an upstairs seating area with no-one in it).

Basically I am coming to the conclusion that Pizza Express just don’t want my money, which is a shame because I like eating there!

RGB Direct - yet another customer service failure…

2008-06-27T17:29:38+00:00

So two weeks ago I ordered a new Samsung LCD TV from RGB Direct (http://www.rgbdirect.co.uk).

I should have known better when the onerous ordering system forced me to supply home phone and mobile before continuing (My only home phone line is for ADSL and fax), but I ploughed on.

I selected the free delivery because although it said delivery would take 14 days, I didn’t really need it yet, so I could wait.

The next day I got a hassling call from their logistics trying to talk me into paying for delivery so I could get it quicker, and that I would have to wait for the tv to be delivered ‘directly from the manufacturer’.

I eventually convinced them, that I was happy with the free delivery option (though I sensed I would regret it).

Yesterday they phoned me to say that delivery would be today between 10 and 6, I ensured that there was someone at the house all day. They happened to turn up while I was out with the TV, and then demanded to see the credit card I paid with (despite it being delivered to the same address as the card). The card was of course with me, so they took the TV away again. In addition they revealed how they lied to me, it was their own people delivering the TV to me rather than ‘direct from the manufacturer’, so basically their free delivery option is them delivering it whenever they can be bothered.

I phoned up to rearrange delivery and they told me that redelivery would cost me £35 - more than if I had taken their 2 day delivery option in the first place.

I just went with the, fair enough I will cancel my order… and now they are T&Cing me… (see below).

Basically rubbish, my recommendation is DO NOT USE RGB DIRECT.

—–Original Message—–
From: RGB Customer Services [mailto:service@rgbdirect.co.uk]
Sent: 27 June 2008 17:28
To: Ben King
Subject: RE: Failed Delivery Charge apply

Dear Sir, Further to your email , please note that any failed delivery are subjectedto a charge of £35.00 for refund to process. With reference to the creditcard swipe , we always take manual verification swipe of Credit/debit cardon delivery this is completely for security reasons , we have also statedclearly on our terms and conditions www.rgbdirect.co.uk . As you have placed order on internet , you must have seen the terms andconditions of delivery . At this stage if you wish to cancel the order ,there will be £35.00 failed delivery charge apply to your account. Pleaseconfirm accordingly and we will process the refund as per your request. Thank you Kind regards Customer Services Tel: 0208 478 1444Mob:0796 696 8734Fax: 0208 924 0114Email:Service@rgbdirect.co.uk

Vyatta - Desert Deployment!

2008-04-20T11:34:17+00:00

I have deployed Vyatta to a lot of different locations, however the deployment I did last week was a little different…

Yas Island is a naturual island on the coast of the United Arab Emirates of about 2,500 hectares or which 1,700 hectares is being developed. It is to be a $40 billion playground of marinas, shops, theme park, water park, hotels and villas not to mention a Formula 1 track.

At the minute though it is little more than a lot of sand, some mounds of earth, a few roads and a lot of cranes, and I get the pleasure on behalf of my client Benoy (architects), of extending their existing Vyatta network to cover both their Abu Dhabi city office and their Yas Island site office.

There were a number of challenges with the deployment:

The connectivity; we had ordered a 2mbit/s leased line from Etisalat, the UAE telco, this was being delivered via a microwave link back to Abu Dhabi, at the point of landing in the country, we had no idea of the reliability, IP Scheme and weren’t even confident about the presentation!
Disruption; the users were using a shared network provided by the client, which was painfully slow, but worked to give them email and basic web access, we had to minimise downtime.
Reliability; we had to do everything we could to ensure reliability and remote maintainability of the network once we had left.

The Kit

V yatta was the natural choice not only because we were using it across the rest of the Benoy network, but also because of the cost effectiveness of the hardware required to deploy a resilient configuration.

At each site we deployed 1U Dell 860s, with:

Dual core Xeon processors
2GBs of Ram
Hardware mirrored Sata drives
Additional Intel Dual NIC card (giving 4 ethernet interfaces in total)
Vyatta 2.3.1

The Configuration

4 Subnets: Workstations, Servers, Internet 1 (leased line), Internet 2 (ADSL)
All subnets clustered across the two routers
DHCP for workstation subnets (split across the two routers)
Masquerade NAT for internal subnets
Incoming NAT for email and video conferencing
IPSec VPN tunnels back to the UK network and the other Abu Dhabi site
Internal and external firewalling

The Microwave Link

The microwave link was a V35 serial presentation that we passed through a Cisco 1841 before passing onto the Vyattas, the resulting connection performed remarkably well giving us about 14ms round trip on pings back to the main Abu Dhabi office.

The Result

The end result is fantastic, speed and response of performance at both sites far exceeded expectations. At the main site we were replacing a Firebox VPN tunnel back to London, which had proved to be a little unreliable and extremely slow, we were putting this down to the quality of the Etisalat connection, however once we replaced it with the Vyatta VPN the network response and reliability was far in excess of expectations and performs as well as the MPLS circuits we have connecting other sites.

Martin Neal, IT Director of Benoy, said ’I am really pleased with the speed and also the “feel” of the network.‘

Photos

The Yas Island site office…

The Benoy team at Yas Island…

Our Microwave Link…

Public transport is Virgin on disaster…

2008-04-20T09:55:44+00:00

<rant>

I live in Coventry, which is as near as damnit slap bang in the middle of the UK, and within spitting distance of our second city, Birmingham, given this fact why is it soo damn difficult to get to the UKs biggest airport (Heathrow) on public transport?!

Normally when I fly its always easier and quicker to get to go from Birmingham to Frankfurt, Schipol or Copenhagen than it is to Heathrow, but this time it just wasn’t possible so I committed to Heathrow.

The options to travel from Coventry to Heathrow are:

Drive, while you have to endure the M40, M25, and the extortionate parking fees at Heathrow, it is nethertheless the flexible option.
Train to London, underground to Heathrow/Paddington then Heathrow express. This always strikes me as a dog leg of a journey and you have to suffer the underground with luggage. At least though the wheels keep turning.
Train to Reading, bus to Heathrow.
Train to Watford, bus to Heathrow.

There really is no optimum choice, and despite knowing better I went for option 4, what really irks me is that I am sure there used to be a train from Watford to Heathrow.

This should be easy but alas… my journey was:

Cab to Coventry Train station (less than a mile, easily done).
Virgin Train to Watford, just like going to London no issues.
1.5 hours spent stood in the wrong place at Watford, the signs being in the wrong place for the bus. Rather than leaving from the bus terminal at the station, it leaves from over the road and down the street a bit, out of site from the station. There were about 10 of us all stood in the same wrong place, so I am confident it wasn’t just me being stupid. To add insult to injury the bus drivers actually drove past the station and obviously could see a load of people with suitcases stood at the wrong bus stop and drove on regardless with an empty bus. I asked 3 members of station staff, until I got one ansy woman who said testily ‘its obviously over the road’, this deteriorated into a full on argument and she was completely unuseful and totally jobs worth.
Finally I got a bus to Heathrow and once I was on it, it wasn’t too bad.

Coming home.

Land at Heathrow.
Go to designated bus stop, according to time table bus at 19:45, turns up 20:05 and departs with just 2 of us on it immediately, with no regard for the timetable.
Arrive Watford Junction (approx 20:40), train apparently at 20:55 to Coventry, wait on platform 20:55 completely fails to turn up, no warning, just vanished off display and a 21:05 to Preston (calling at Rugby) turns up instead… so I get on that.
£30 cab ride to Coventry from Rugby and I am home.

I may as well have driven, it would have been easy, and probably cheaper in the end.

Until this country gets public transport right, people will stay in their cars. Nuff said!

</rant>

The Number of the Beast of a Bill…

2008-04-20T09:46:59+00:00

Prego’s Italian Restaurant, Beach Rotana Hotel, Abu Dhabi, dinner and drinks for three… 666.00 UAD…

How scary is that?!

Vyatta - Glendale is coming… and I am excited!

2008-03-31T16:32:18+00:00

The next major release of Vyatta (VC4 - codename Glendale) is due for final release on 22nd April, and I am soo excited!

This release promises to deliver plethora of new features and functionality, including:

1) FusionCLI - A new CLI based around bash that gives simultaneous access to Vyatta configuration and the underlying Linux shell. Woohoo - no more exiting from xorpsh to do basic bash stuff.

2 ) Remote Access VPN - Remote vpn clients are now supported via both PPTP and L2TP/IPSec.

3) Tunnel Interfaces - GRE support means that we can now tunnel both non-ip tunnels (Appletalk, etc. - should you really want to), as well as more importantly ip in ip tunnels, which are somewhat more useful, not least for doing resilient routing via backup VPN links.

4) QOS - Although QOS via TC has long been available to the ‘hardcore’ under the hood via tc and the shell, this is the first time that Vyatta have exposed this functionality to masses via the CLI. The initial release notes suggest that it will just be SFQ (Stochastic Fair Queuing), and shaping around packet marking. As is always the case with Vyatta they start simple and grow from there, so you can expect to see HTB, etc. added later on. Personally I am hoping they have ticked the 2.6 kernal option to enable IFB (Intermediate Functional Block), to enable traffic shaping over multiple interfaces… we will see!

5) Redesign of Routing Protocols - Vyatta has in the past been criticised for its routing protocol performance particularly in terms of BGP convergence, I am guessing this is one of the many reasons they have completely revisited the router manager. And they are keen to shout about it, this Tolly report demonstrates $8000 of Vyatta running on an IBM server, giving $30,000+ of Cisco 7204 a complete and utter kicking.

6) VRRP interfaces by VIF - This one is worth special mention because it was my first Vyatta enhancement request that has made it through to release (given I have only ever submitted 2 thats not bad going!). Basically VRRP could only previously be deployed on real ethernet interfaces, great unless like me you subnet networks up and run a ‘router on a stick’ configuration, in which case you need to be able to deploy VRRP across VIFs, you now can! woohoo!

This is but the tip of the iceberg, there are many other great improvements.

I will be deploying a version of Glendale soon, in a test environment, and I will report back!

Shanghai - Life behind the great firewall of China…

2008-02-15T02:26:01+00:00

When you connect to the Internet in China you don’t get the real Internet you get a government controlled version, which limits access to sites that are offensive to/or go against the political views of the Chinese government. This is known as the Golden Shield Project or by its lovable nickname, ‘The Great Firewall of China’.

The Golden Shield Project is an estimated $800m project of the Chinese government to not only control online content but use modern technology to monitor the movements and activities of their people.

In simple terms as a visitor this means that they block a bunch of websites, for anything about human rights for example Amnesty International (www.amnesty.org), anything that mentions Tiananmen Square, the Dalai Lama and a whole bunch of other stuff, they particularly don’t like anything with user generated content that allows their people to express their views to the world or for their people to see what the rest of the world is up to.

In practical terms this was annoying for me because, it meant all the following are blocked

If you want to see a more thorough list (and you aren’t inside China), then there is a nice article on Wikipedia here.

In truth though the firewall represents little or no challenge to circumvent, not only due to the amount of proxying sites available, but also if you have access to machines outside of China you can easily VPN or SSH your traffic via them circumventing the problem.

The blocking isn’t just IP based either, they also do some nasty DNS poisoning, which causes you to be misdirected to another site rather than the one you intended, again this wasn’t a problem for me as I run my own DNS server on my laptop, but in general a little irritating.

You can’t help but feel then that the Chinese efforts to control Internet access are more than a little futile…

Shanghai - am I really in China??

2008-02-15T01:36:12+00:00

…is the question I am asking myself right now…

I am in Shanghai, a city of some 18 million people, the biggest city in China and in the top 5 largest in the world, the answer should be obvious.

However, here I am sat in Starbucks (one of two in this building alone, an one of five that I can think of within a couple of minutes walk), sipping on my ‘Venti Cappuccino’ reading the Wall Street Times (Asia edition), looking out across the shopping mall at a McDonalds full of Chinese eagerly stuffing their faces on whatever crap it is that McDonalds sell in the morning, I begin to wonder…

This one of the many many shopping centers along the Nanjing Road, Shanghai showcase shopping experience, it runs 5km East to West through the center of Shanghai. The array of shops is staggering with pretty much every brand (so many Rolex dealerships I have lost count) you care to mention and a string of car dealerships including Mercedes, Porsche, Maserati and Ferrari.

You would be forgiven for thinking that the prices would be cheaper, it being China and all, and to an extent it is, however my cappuccino has set me back 31RMB (about £2.20), and the nice new Samsung LCD screen I am about to buy for home is exactly the same price in the shops here as back in blighty.

So who is buying this stuff?? Westerners? I don’t think so, unlike Hong Kong, when you see another non-Asian here, its still a case ‘oh look someone white like me’, they are generally pretty easy to spot as well due to clearing the surrounding populace by a clear foot. The other day I took a walk the entire length of the Bund, a 1.5km river side walk, it being Chinese new year it was packed with tourists, 1000s of them, during the entire walk I never saw another non Asian, not one!

It is the Chinese, the door is open to western capitalism and they are embracing it as fast as they can, and best of luck to them.

I suspect however they are lining themselves up to a serious class divide issue, there are people paid a minimum amount to do every job, meanwhile people at the other end of the scale are getting very rich.

Shanghai for example is clean, really really clean, you never even the smallest bit of litter, cigarette butts, or even chewing gum, why not? Well thanks to having plenty of people and not being hindered by such idiocies as minimum wage, they throw manpower at everything, from street cleaners, to traffic assistants on every junction, and not just one, sometimes 3 or 4 people per road junction just to ensure you make it across the road!

There are lots of fine examples of throwing manpower at the problem, the hotel I am staying in for example, okay its 4* and its costing a mighty £48 per night, all week though I haven’t had to open the door to the hotel, 24/7 they have at least 4 people manning the doors! When you go into a restaurant its often the case that the staff outnumber the customers, the same in shops, this Starbucks has 5 staff on at the moment.

I am quite a fan of Shanghai, its lacks the outright outright debauchery and exuberance of Hong Kong, however in its place comes an air of refined proud elegance.

To answer my original question, I am physically in China, however I suspect this far from reflects the real China… I suspect if I travel even 1 hour from Shanghai the picture will be very different…

Kung Hei Fat Choi

2008-02-03T16:06:55+00:00

Or “Congratulations and be prosperous” as Chinese New Year is almost upon us. However it is also the day not to be buying new shoes as this is considered bad luck amongst some Chinese. The word “shoes” is a homophone for the word “rough” in Cantonese, or “evil” in Mandarin. So I will resist the urge to buy shoes on the 7th February!

Still, at least there is one good thing - it is bad luck to sweep the floor, so the housework will have to have been done by then (fortunately for me, my cleaner works on Wednesdays so my house will be sorted for Chinese New Year).

This will be the Year of the Rat who are leaders, pioneers and conquerors. They are charming, passionate, charismatic, practical and hardworking.

However, if like me, you were born under the Ox , then you are blessed with the sign of prosperity through fortitude and hard work. Apparently, this sign is a born leader, quite dependable and possesses an innate ability to achieve great things. As one might guess, such people are dependable, calm, and modest. Like their animal namesake, the Ox is unswervingly patient, tireless in their work, and capable of enduring any amount of hardship without complaint [Wikipedia].

Er - on second thoughts, maybe I was born in a different year…

Six black cocks and a little white kitten…

2008-02-02T12:02:35+00:00

On boys night, when we play cards and drink far too much, we tend to have the timeless classic ‘Lock, Stock and Two Smoking Barrels‘ on in the background.

A subject of much debate has been what are the endings to jokes they are telling each other in the car journey, that due to the editing, you never get to hear the punchline, well a bit of Googling I found a (possibly not real) answer to one of them (warning! - a little bit rude):

–

TOM: There’s six black cocks and a little white kitten sitting on the side of the road. How many beaks have they got between them?

SOAP: Six.

TOM: How many wings have they got between them?

SOAP: Twelve.

TOM: How many feet?

SOAP: Er, well, twelve.

TOM: That’s right. So how many whiskers has the little white kitten got?

SOAP: How the fuck should I know?

TOM: How come you know so much about black cocks and so little about white pussy?

–

If anyone knows the end of the following one, let me know!:

‘All right, there’s this brass standing on the corner.’

‘Dwarf walks up to her carrying a suitcase…’

Test Post

2008-01-31T15:55:29+00:00

Testing the new blog.

and pimping the volvo blog: http://loveforthevolvo.blogspot.com

World of Warcraft hits 10 million players

2008-01-23T12:23:35+00:00

So Blizzard must be delighted, WOW finally hits 10 million paying subscribers, is there no stopping it…

I find myself wondering why, after the initial excitement, the last expansion (The Burning Crusade) took a lot of shine off the game.

The unrelenting need to grind for rep and better items eventually takes its toll and to add to that our guild, Go Rin No Sho, (www.gorinnosho.co.uk), despite having arguably some of the best and most committed players on our server (Bronzebeard) , we still struggle with the higher level content. The curve is just too steep, other than for people who really have no life whatsoever.

With the next expansion (World of Warcraft: The Wrath of the Lich King Expansion Pack (PC)), still sometime away (Amazon are listing it as September 2008), it seems likely that some of us will get bored and fall away before then.

Having said that I still have 3 level 70 characters and another one on the way!

UGC at its best…

2008-01-22T11:15:44+00:00

Poor london www.london-eating.co.uk has got stung with an amusing bit of UGC, read it while its still there (warning marginally rude!):

http://www.london-eating.co.uk/review-comments/123446.htm

Jamie’s Fowl Dinners aka Jamie kills chickens!

2008-01-18T00:59:42+00:00

I finally got around to watching the much hyped ‘Jamie’s Fowl Dinners’ which seems to have caused a bit of a ruck as we see our once favourite TV chef trying to shock us into not buying caged chicken.

Before i go on lets get my personal buying habits out of the way, I strictly buy free range and where possible organic eggs and chickens, it tastes better and makes me feel better and frankly the for the small number of pennies different in price, why not?!

I applaud Jamie for trying to raise awareness, and I did watch it with a bit of an attitude of ‘its okay I buy organic already’, shocking facts to me were:

The price supermarkets pay to farmers for chicken, 2->3p per chicken, surely that can’t be right? I always apply a 30% rule to anything I buy in the supermarket, i.e. i pay £3 for a chicken, and the farmer is getting a £1… apparently i am way wrong, can anyone clarify?! The messaged seemed to be that if you spend a £1 more on a chicken for sunday dinner, that £1 mostly made its way back to the farmer making a huge difference.
Liquid eggs - makes sense I suppose, however the thought of it being in many products i buy is a bit sickening and I feel horribly powerless to do anything about it!

Taking a step back I am interested in why Jamie Oliver is doing this, killing chickens live on TV is bound to upset some people, and apparently the RSPCA are more than a little pissed at him. Although Jamie Oliver has fallen in popularity over the past few years, I am sure there is plenty of money left for him to coast along for a good few years to come… so I can only conclude that either he genuinely believes what he is doing now… or he is taking a high risk approach to taking his career to a new level.

PS Sainsburys - bad on you for not appearing in the show - slap! to punish you I will be defecting for precisely one shop - oh wait like you care!

DRM, Copyright, the saga goes on…

2008-01-11T10:02:19+00:00

Commenting on: http://www.theregister.co.uk/2008/01/11/att_want_to_block_copyrighted_material_at_network_level/

The solution to all this is very very simple.

I want the luxury of being able to download whatever material I want, when I want from where I want in whatever format I want. That as a customer is what I want, and the customer is always right.

The only question is what I am prepared to pay for it, and how. As I don’t want to be bound to any particular channel (iTunes for example), and I don’t want to be paying per use, there is only one option which is some form of Digital Download License, which we pay an amount of money per year (say £150), to do whatever we want online, bit like the TV license.

The question obviously is, how do the respective rights holders get their slice of the pie, well simply offer a discount on the license fee to anyone happy to run some form of software that monitors what copyright material you are downloading and reports that somewhere for statistical analysis for revenue distribution.

This won’t work however if I am required to buy more than one license or there is in anyway some restrictions, for example you can download everything except shows by NBC.

Vyatta - Clustering

2008-01-04T10:48:29+00:00

The latest subscription release of Vyatta, 2.3, has seen the addition of clustering capability, which has added greatly to the high availability features of the product.

Previously high availability was really limited to VRRP, which was great but had a couple of issues:

You couldn’t use VRRP across VIF interfaces, which made high availability for ‘router on a stick solutions’ tricky.
We experienced a few issues with interface bouncing, especially on gigabit interfaces.

VRRP is however a very nice solution, each virtual address is associated with a virtual MAC address that the currently actively router associates with the appropriate interface, the switchover is nearly instanteous.

The new clustering functionality in Vyatta is based upon the Linux HA project, which takes a slightly more simple but arguably more effective approach to the HA whereby when a failure is detected the virtual IP is reassigned to appropriate interface on the secondary router and a gratuitous arp sent out across the associated network segment to mitigate any arp cache issues.

The HA functionality also allows for failover of the ipsec vpn service, at the moment this works pretty simplistically by simply stopping or starting the service as needed, thus on the currently inactive server the VPN service and therefore tunnels simply aren’t up.

Lets take a look at a relatively simple multisite HA Vyatta solution and the associated configuration.

We have two sites, each with a pair of Vyattas configured as router, vpn, firewall, and nat. Behind them is a multi-segment internal network.

Interfaces

ldn-router1 interfaces:

interfaces { loopback lo { 

 address 10.1.1.251 { 

 	prefix-length: 24 

 } 

} 

ethernet eth0 { 

 description: "Internet" 

 address 98.76.54.31 

 	prefix-length: 28 

 } 

} 

ethernet eth1 { 

 description: "Servers" 

 address 10.1.10.251 { 

 	prefix-length: 24 

 } 

} 

ethernet eth2 { 

 description: "Workstations" 

 address 10.1.101.251 { 

 	prefix-length: 24 

 } 

}

ldn-router2 interfaces:

interfaces { loopback lo { 

 address 10.1.1.252 { 

 	prefix-length: 24 

 } 

} 

ethernet eth0 { 

 description: "Internet" 

 address 98.76.54.32 { 

 	prefix-length: 28 

 } 

} 

ethernet eth1 { 

 description: "Servers" 

 address 10.1.10.252 { 

 	prefix-length: 24 

 } 

} 

ethernet eth2 { 

 description: "Workstations" 

 address 10.1.101.252 { 

 	prefix-length: 24 

 } 

}

The important thing to notice here is that, the virtual ‘active’ addresses aren’t configured on the network interfaces themselves, instead they come later in the cluster configuration.

The New York site configuration is the same, except of course the IP addresses are changed accordingly.

Cluster

cluster { interface eth0 

 pre-shared-secret: "!secret!" 

 keepalive-interval: 2 

 dead-interval: 10 

 group "ldn-cluster1" { 

 	primary: "ldn-router1" 

 	secondary "ldn-router2" 

 	auto-failback: true 

 	monitor 12.34.56.73 

 	service "98.76.54.33" 

 	service ipsec 

 	service "10.1.10.1" 

 	service "10.1.101.1" 

 } 

}

The cluster configuration on each router is identical (unless you want to do certain clever things such as run a different routing configuration in failover!). The interface definition is just for the interface that you want to monitor via. You can have multiple monitors however a failover will occur if any monitor returns a failure, in some ways this is a help and some ways its a hindrance, personally I prefer to just monitor an outside address and if its not available then go to failover where hopefully it will be (especially if we use different external blocks by router).

When a router becomes the active member of the cluster, it scans the route table for matches to the service IP and assigns the service IP to the appropriate interface, it then sends a gratuitous arp out of that interface to avoid any arp cache issues.

Routes

One downside of the Vyatta downing the ipsec tunnel when that router is not active, is that you can then only address that router on its dedicated addresses, for example if I wanted to do some remote maintenance ldn-router2 from the New York site while it wasn’t active, the only way I would be able to do so is either to log onto a machine on the London subnet and go via that, or use the public external IP (which I probably don’t want publically accessible anyway).

The solution is very simple, due to the way that VPN route matching works. When making a packet routing decision Vyatta checks the VPN tunnels for a local/remote match first, then checks against the routing table, therefore if we add a static route to each router for the whole internal network to go via its partner, we get a really neat solution:

protocols { static { 

 	route 10.0.0.0/8 { 

 	next-hop: 10.1.10.252 

 	} 

 } 

}

Thus if a router has the VPN tunnel up (i.e. its active), it never checks the routing table and traffic goes direct, if the router has no VPN tunnel (i.e. its passive), it simply forwards the traffic to the active router.

VPN

The VPN configuration in a cluster is basically the same as a standard configuration, except the local and remote public IPs are the cluster addresses.

vpn { ipsec { 

 	ipsec-interfaces { 

 	interface eth0 

 } 

 ike-group "ike-ny" { 

 	proposal 1 { 

 		encryption: "aes256" 

 	} 

 	lifetime: 3600 

 } 

 esp-group "esp-ny" { 

 	proposal 1 { 

 		encryption: "aes256" 

 	} 

 	proposal 2 { 

 		encryption: "3des" 

 		hash: "md5" 

 	} 

 	lifetime: 1800 

 } 

 site-to-site { 

 	peer 12.34.56.73 { 

 		authentication { 

 		pre-shared-secret: "secret" 

 	} 

 	ike-group: "ike-ny" 

 	local-ip: 98.76.54.33 

 	tunnel 13 { 

 		local-subnet: 10.1.0.0/16 

 		remote-subnet: 10.3.0.0/16 

 		esp-group: "esp-ny" 

 	} 

 } 

}

NAT

An easy pitfall on the NAT configuration is to forget that Vyatta processes source NAT before checking vpn or routing table matches. The fix is simply to exclude your internal network as a destination in the NAT configuration.

nat { rule 101 { 

 	type: "source" 

 	outbound-interface: "eth0" 

 	source { 

 		network: "10.1.101.0/24" 

 		} 

 	destination { 

 		network: "!10.0.0.0/8" 

 	} 

 	outside-address { 

 		address: 98.76.54.31 

 	} 

 } 

}

VIFs

As i mentioned earlier, Vyattas implementation of VRRP doesn’t allow you to use VRRP on virtual VLAN interfaces, which is frankly a little annoying (although it will be fixed in the next release hopefully).

However under clustering it works perfectly, as the service IP can match and be assigned to any interface, real or virtual.

Conclusion

The clustering in Vyatta has added just enough simple HA clustering functionality that ‘just works’ to enable us to deploy far more complex and reliable solutions than was previously possible.

This is also just the tip of the iceberg, in future releases we can expect to see multiple cluster (allowing Active/Active configurations) and extra services added to the failover capability.