Archive for category personal IT

IPv6 – now from COX (San Diego)!

As you recall, I’ve been lamenting the lack of direct IPv6 via my local ISP (COX) since 2013.

It seems that some time in the past 3 months, they silently enabled IPv6 in my area! I was preparing to reconfigure my tunnel from tunnelbroker and decided to “just check”. Cox is now correctly(!) serving IPv6.

I had to turn off my Hurricane Electric tunnel a few months ago, as Netflix began blocking as many tunnel services as they could, over geo-location “issues”.

I was able to set my Apple Airport Extreme to “auto configure” for IPv6, and I’ve got proper addresses, routers and even DNS over IPv6.

Thanks Cox!

 

 

Leave a comment

Register4Less now supports IPv6 DNS!

I got a great followup from my domain registrar Register4less today. A few weeks ago, I had asked about when their DNS would fully support IPv6.

They’ve allowed AAAA records in their hosted DNS for years, but they only accepted queries over IPv4 until this week.

This is just another reason that I love R4l’s support. When I had asked them about IPv6 DNS before, they said it was coming “soon”, but couldn’t give a for-sure date, but would let me know.

When they turned up IPV6 DNS this week, they proactively sent me an email letting me know that the service was available, answered a few questions (within literally 5 minutes!).

Register4less.com is the official DNS provider of UserFriendly.org. If you work IT, you should know this long-running webcomic.

 

Leave a comment

Recovering a compromised WordPress site – Part 4 (import into wordpress.com)

In parts 1, 2 and 3 the focus was on getting the blog data out of the old system, cleaning it up, and converting it to a modern format that can be imported into a modern WordPress site. At this step, you can either spin up your own WordPress install, or just put it into hosted WordPress.

One of my goals was to never have to admin WordPress again. I’m tired of constantly having to patch it, or deal with security issues in plug-ins. So I’m putting everything into WordPress.com.

After part 3. we’ve got a WordPress WXR (WordPress eXtended RSS) export/import file. We just need a place to import it into.

Create a wordpress.com account and empty site

Start here. Follow the instructions to create an account and create an empty wordpress.com blog.  Don’t worry about the theme, you can set that later.

Load your WXR file

Log in to the control panel for your blog. Go to “Tools -> Import” to get to the Importer Screen.  Select “WordPress” and follow the directions to upload your WXR file.

View your new blog

In the left menu panel, select “My Sites -> View Site” to see your new blog, with (hopefully) all your old content. Check the older entries, check embedded links. They *should* all be there. If they aren’t, you may have to go all the way back to Step 2, and re-do the editing, then Step 3 and Step 4! I got pretty lucky, or was thorough enough with my initial editing, that everything I needed was recovered completely.

Enjoy a Frosty Beverage to Celebrate

May I suggest a great California IPA?

 

Leave a comment

Recovering a compromised WordPress site – Part 3 (AWS, Bitnami)

At this point we’ve got a good MySQL dump of the compromised WordPress site. Now what?

To the cloud!

As I alluded to in the earlier parts, I’m going to load the MySQL dump from the ancient (compromised) site, then re-dump it out as WXR (WordPress backup) so that I can import the whole thing into WordPress.com.

I’ve got the database dump, now I need a WordPress instance to load it into.

In the olden days, I would have grabbed some hardware, loaded Linux, then mySQL, then Apache, then WordPress. I only need this for a few hours, so why spend a half day doing the basic installation? It turns out there’s a great alternative.

Bitnami has a pre-configured LAMP+WordPress image available from the Amazon Marketplace. I can use their image for only US$0.13/hour on a c1.medium AWS instance. or US$0.02/hour on a t1.tiny instance. I figure I need at least two-three hours of run time, and I don’t want to run into any size/space limitations of the t1.tiny instance. So I’ll gamble and use the c1.medium. That means I might spend up to a little over US$0.50 (c1.medium) if I need 4 hours instead of only US$0.08 for 4 hours if I use the t1.tiny. I’ll take that gamble 🙂

1. Spin up a WordPress instance using the Bitnami image

This was pretty easy. Just start from the Bitnami pre-configured image in the Marketplace, and then proceed to the launch area. You’ll see that there’s a m1.small instance type already selected. This is where you can decide to use a c1.medium, or take the m1.small default. Just proceed and spin up the instance. Then proceed to the AWS Console to get the DNS hostname.

2. Configure WordPress on the instance

At the bottom of the AWS console you’ll see a section labelled “AWS Marketplace Usage Instructions”.  This will lead you to the username and the password (which will be in the instance’s boot log file). From there you can log into the WordPress instance over SSH with the username “bitnami” and your AWS private key.

3. Load and check the database

Log into the WordPress instance and use the control panel to load your MySQL dump into WordPress. Switch to the site view, and start scrolling through the blog posts and other links.

In my case, I found about a dozen posts that were still broken. This sent me back to the raw database edit (see Part 2) to re-edit the database text file dump. I edited out the broken records, re-dumped the database, and started again at step 1 above.

Once you have a valid WordPress site in your AWS instance, it’s time to get that WXR file we need for the import into WordPress.com.

4. Export the valid WordPress blog

Jump into the WordPress control panel, and use “Tools -> Export” to create a WXR file and download it to your computer. Once you’ve done this, you can spin down the AWS instance using the AWS console. Use “Terminate” so the EBS volume will be released as well.

We’re almost done. Next time, creating and loading the site into WordPress.com.

 

 

1 Comment

USA! USA! (unless you want affordable high-speed Internet service)

“In comparison with the rest of the developed world, the US has slower broadband speeds and higher broadband prices than just about anybody.”

No surprises here.  US ISPs and cable companies (among many other industries) continue to rock record profits, and instead of investing, just buy back their stock, or sit on the cash.

On the technology front, this means that instead of upgrading backbones, or delivering native IPv6, or a higher quality of service, they are deploying stopgap measures. Some examples of this are Carrier Grade NAT (CGN) instead of native IPv6. “Dumb” DVRs that are less programmable, and less usable than some home grown solutions. No investment in technical support.  Man-in-the-middle ad networks, DNS hijacking, abusive legislation, and other interference with their customers’ data.

As long as the last mile is a de-facto monopoly, that’s just what we’re stuck with.

, , , , ,

Leave a comment

chip and pin! Finally! (maybe)

Since my first trip to Europe 5 years ago, I’ve been trying to get a chip-and-pin credit/debit card. As far as I have been able to find out, other than a single credit union in DC, there is no way to get a chip-and-pin card in the US. American Express and others have chip-and-signature, but that’s not the same, even if they try to tell you that it is. For example, you can’t use chip-and-signature at unattended gas stations, vending machines or many other places in Europe.

It looks like, finally, the American card industry is willing to truly join the EMV card world, and issue chip-and-pin by 2015. It only took 10s of millions of credit cards numbers being stolen within a single month or so, to get them to move.

Almost all of our credit and debit cards were re-issued to us in January, by several credit unions and other financial institutions. That had to be expensive for all of them, and there is talk of the banks suing Target over their breach.

While this won’t end credit card fraud completely, it will definitely make it more difficult.

Just one more thing to think about as I work on my personal privacy…

, ,

2 Comments

Upgrading my personal privacy one small step at a time

I got my start in computer security from the personal privacy side of the equation. Revelations over the past year have made me realize that I have become complacent, and it is time to upgrade some aspects of my personal digital privacy.

My first “paper” on security was an essay that warned that “someday, the government and large corporations will be able to search and manipulate hundred of millions of bytes of information, giving them improper leverage over individuals, who won’t have the same access to computing power or storage”. I got a B. My high school English teacher said the writing was very good, but she couldn’t accept the premise 😦 That was in the late 1970’s.

I’ve had, but rarely used PGP/GPG keys for email since the early 1990’s. I have friends who probably encrypt about 10-25% of their email, and sign almost 100%. Others encrypt and sign more, or less. Some are more consistent about this, some less. I felt that this wasn’t necessary for me, as I was a small enough needle in a large enough haystack, that “computational privacy” probably wasn’t needed in my particular case.

I’ve run my own email servers on my own hardware, off and on, for years. I’ve done the same for personal web servers, photo galleries, and other personal storage. Over the past few years, I’ve made much more use of hosted services, like Gmail, and WordPress.com (for this blog) instead of building, maintaining and securing them myself on my own hardware under my own physical control. I’m going to have to re-think some of those decisions, I guess.

The Snowden revelations, coupled with high-profile cases of seizures of data and equipment from hosting providers, and the inability of those service providers to stand against the abuse of certain government powers has led me to believe that it’s time to step things up a bit.

I want to upgrade my personal privacy stance over the next few months. I’m going to have to re-learn lots of the details of encryption, look at products that didn’t exist a few years ago, look into newer encryption algorithms and key search technologies. I expect I’ll need to make changes in the way I use email and the web and in general communicate. There are a lot of good resources out there; I’ll share what I find.

I don’t plan to wear a tinfoil hat, become a crypto-anarchist, bury guns and ammunition in the desert, or buy gold. This isn’t going to be a knee-jerk reaction, just some slow steady Kaizen  to improve my digital privacy.

, , , ,

1 Comment

IPv6 – Is it ready for you? Are you ready for it?

Last week I made a presentation to the San Diego LOPSA group.  About IPv6, of all things 🙂

From these most recent stats, you can see that IPv6 continues to gain momentum.

IPv6 support has entered the mainstream from all the “usual vendors”, which has reduced adoption risk over the past few years. It has been deployed by some of the busiest and largest sites and they’re continuing to move ahead. IPv6 is ready for prime time.

At this point, anyone with a some dedication and a little tech savvy can dual-stack a home network, and companies should definitely be exploring and learning IPv6, if they aren’t already deploying. (IT) People are becoming ready for IPv6.

Based on my experiences and discussions at the North American IPv6 Summit, I’m even more convinced that dual-stack is the right transition strategy, and this presentation reflects that.

(EDIT: Thanks to @TeamARIN for tweeting this.  If you’re interested in IPv6, you might want to check out the rest of my IPv6 posts.)

(It looks like Google docs doesn’t exactly import Powerpoint properly…)

1 Comment

catching up

It’s been a busy few months, what with travel (visiting 5 studios in three cities in 4 days), some new projects and some extra excitement around the office.

I’m also looking at moving this blog, or finding a way to load balance or proxy in front of it, to provide IPv6 access.  More than half the content here is about IPv6, and it’s not accessible over IPv6.  Come one WordPress.com, let’s get that fixed, please?

Otherwise it may be AWS ELB, or even a proxy running on my home (dual-stacked) server, which would be an interesting project, but way too kludgy.

In the next few days, I’ll be posting info and impressions from the North American IPv6 Summit and recent experience as we roll out IPv6 in the office.

E3 is coming, and that will be keeping us busy, too.  It’s a great time to be in the industry. This will be my fourth game console launch, and the one I’m most excited about.

Or maybe I’ll just start to write about the craftbrewing scene in San Diego?

Leave a comment

IPv6 – Airport Extreme update 7.6.3 breaks existing IPv6 tunnels

A few days ago I had an unexpected network problem.  An IPv6 tunnel to tunnelbroker.net that had been up for months went down and wouldn’t restart. My tunnel endpoint is an Apple Airport Extreme base station (AEBS) that was originally running 7.6.1.

This all started when my ‘net connection died, IPv4 and IPv6 both just stopped working. I tracked it down to the AEBS. For some reason it just completely stopped passing any traffic at all. It’s done this twice before; it looks like the problem is uptime related. The AEBS seems to want a full power cycle about every 120-150 days of uptime.

Unfortunately, I also decided take the downtime as an opportunity to do the pending firmware update, to 7.6.3.

Which breaks existing IPv6 tunnels.

Fortunately, this was already figured out by others. Hurricane Electric support quickly referred me to this post in their support forums, which references this Ars Technica article, which leads to the root cause, as determined by users at SIXXS.

Apple changed the firmware to now require a valid IPv6 prefix in the “IPv6 Delegated Prefix” field in order to handle 6in4 tunnels. This field did not exist in earlier versions of the firmware, and was only added to the firmware around version 7.6 or so. At that time, existing configurations would still work, with no value in that field.

The 7.6.3 update requires a valid prefix, or the router will discard protocol-41 (6in4) packets from the other end of the tunnel.

If it wasn’t for the pretty good support for IPv6 in MacOS, I’d have guessed that Apple hates IPv6, as they keep breaking it on the AEBS product family.

Leave a comment

%d bloggers like this: