iPad and the Apple Wireless Keyboard

Today I got my Apple Wireless Keyboard (US edition) to use with my iPad (and iPhone/PS3/MacBook Pro as needed). Good points are easy pairing and a good, portable keyboard that won’t give you RSI. Bad points are that, unlike the iPad dock Keyboard, you have no Home button (how hard could it be to map this to the ESC?) and various other intuitive keys and key combinations don’t work. Example being the cursor keys that only work in a few apps… lucky me that the WordPress app is one of them Having to use an emulated CTRL key in pTerm, not so much fun.

Hopefully the release of iOS 4.2 in a month or two will turn my tiny little iMac wannabe into something even more useful… without the huge battery drain and stuttering that my iPhone 3Gs suffered with 4.0 :I

Oh, and the Griffin A-Frame is great, wish we had nice wooden iPad cases I keep seeing on Engadget easily available here!

iLO2 automation with expect

I wrote a nice little script in expect to log in to HP’s iLO2 via the local serial.

Forgot to add this into the pastie though…

The target machine needs the below added to /etc/inittab:

7:2345:respawn:/sbin/mingetty ttyS1

And re-initialise with “telinit q”

Only tested against RedHat systems.

Code @ pastie.org

OpenVPN for (almost) dummies

I had the fun of learning and implementing an OpenVPN solution recently and it was much simpler than you would have probably guessed. Since I was using SuSE 10 as my remote server I followed the fairly comprehensive OpenVPN on SuSE 10.0 guide. I modified the OpenVPN config files from the examples given to use the ones (tls-office.conf and tls-home.conf) from the OpenVPN distribution with my own tweaks.

Here are the options I changed in tls-office.conf:

local your.interface.ip.here ; The IP of the interface that you will be accepting OpenVPN connection on

ifconfig 192.168.0.1 192.168.0.2 ; You can define your own range, I just chose this private one
server 192.168.0.0 255.255.255.0 ; Use a pool of IPs so you can connect with multiple clients

push “redirect-gateway def1″ ; Handy if you need to keep access to your local network, splits the default route definition

push “dhcp-option DNS dns.server1.ip.here” ; Define these unless your local system can already reach working DNS servers
push “dhcp-option DNS dns.server2.ip.here”
comp-lzo ; Add compression

link-mtu 1542 ; Lower the MTU for the encapsulation overhead
And the changes made to tls-home.conf (renamed to tls-home.ovpn for the OpenVPN for Windows client):

remote openvpn.server.ip.here ; The same IP as you defined in tls-office.conf as local

nobind ; Use this unless you need a specific outbound port

proto udp ; Default, if you need to use tcp then define proto tcp-client instead

pull ; A mistake I made, those push commands don’t work without it.

comp lzo ; Has to be defined on both sides

ping 15 ; And these since you can’t rely on your connection
ping-restart 45
ping-timer-rem
persist-tun
persist-key

Following the guide and the modifications above you can connect to your OpenVPN server easily, now we have to add some masquerading to our remote server. I took most of the details from the Masquerading Made Simple HOWTO. The configuration below is for a system with two ethernet interfaces, one on a private network and the other on a public network.

modprobe ipt_MASQUERADE # If the module isn’t already loaded
iptables -F; iptables -t nat -F; iptables -t mangle -F # flush the tables and prep NAT support

echo 1 > /proc/sys/net/ipv4/ip_forward ; To switch ip forwarding on

iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE ; substitute the IP and interface as needed for your situation, only MASQ packets from your OpenVPN virtual network IPs.
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT ; They should be packets we already know about

Similarly you can do this on a system with a single public interface:

iptables -A INPUT –protocol tcp –dport 22 -j ACCEPT
iptables -A INPUT –protocol tcp –dport 443 -j ACCEPT

; Only allowing SSH and my OpenVPN port, using the HTTPS tcp port in this configuration

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

; Same as previous configuration above

iptables -A INPUT -m state –state NEW -i ! eth1 -j ACCEPT
iptables -P INPUT DROP
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

; We don’t forward packets coming in from eth1, all our masquerading packets only come from tun0

Please feel free to point out any extra precautions or missing rules.

Buyshifting your TV…

I just read two great articles on Engadget about how everyone (not just the tech crowd) is moving towards buyshifting their TV watching… go read about what it is and how much its going to cost you with price comparison tables for cable, VOD, iTunes and DVD.

The Broadcast Flag on Steroids?

I could write a long article on how treating your customers like criminals is a bad idea, but I won’t. Instead I’ll link to a better written set of articles first by Wil Wheaton (yes, that Wil Wheaton, he has a cool blog, go read it) called “omg pirates” and the second by the EFF called “Who Controls Your Television?”.

Having just watched V for Vendetta I think we need to express our distaste at being bullied into accepting that we aren’t to be trusted with the simple activity of watching television…

Using USB Storage on your WRT54G with DD-WRT v23 SP2 firmware

After having to search for half-complete guides I thought I’d consolidate the information and correct/adapt where necessary.

You will need to enable JFFS2 on your router to enable you to install packages.

ipkg install kmod-usb-core
ipkg install kmod-usb2
ipkg install kmod-usb-storage
ipkg install kmod-ext2

vi /jffs/etc/startup.sh and enter the code below

#!/bin/sh

for I in `/bin/ls -1 /jffs/etc/modules.d/*`

do

  for J in `cat $I`

  do

    /sbin/insmod /jffs/lib/modules/2.4.30/$J.o

  done

done

I chose to format the device as an ext2 filesystem, you may want to choose the kmod-vfat module for mounting FAT filesystems.

mke2fs /dev/scsi/host0/bus0/target0/lun0/part1

mkdir /opt

mount /dev/scsi/host0/bus0/target0/lun0/part1 /opt

mkdir /opt/tmp
mkdir /opt/tmp/ipkg
ln -s /opt /jffs/opt
rm -rf /jffs/tmp
ln -s /opt/tmp /jffs/tmp
mkdir /opt/etc

vi /opt/etc/ipkg.conf and enter the code below

src unslung http://ipkg.nslu2-linux.org/feeds/optware/ddwrt/cross/stable

dest root /jffs

export IPKG_CONF_DIR=/opt/etc

ipkg update

ipkg install uclibc

The install may fail but will give you the updated URL to use for the wget below…

cd /tmp
wget http://ipkg.nslu2-linux.org/feeds/optware/ddwrt/cross/stable/uclibc_0.9.28-5_mipsel.ipk
ipkg install uclibc_0.9.28-5_mipsel.ipk

Success!

ipkg install ipkg

export PATH=/opt/bin:/opt/sbin:$PATH

Now you can install the Optware packages onto your USB Storage.

Encrypted Backups using Acronis True Image Home 9.0 and TrueCrypt 4.2 for Windows 2000/XP

You will need Acronis True Image Home 9.0 ($49.99 for the downloadable version, $59.99 for a boxed version), TrueCrypt 4.2, an external storage device with enough space to hold the backup image x 2 (you can use internal or other storage but I’m not documenting that scenario) and a Windows 2000 or XP machine, with admin rights, you want to backup. You will also need access to a second machine with the same, also with admin rights, to copy the image from the encrypted virtual disk to the unencrypted area.

- The storage device should be formatted with NTFS so you can create images larger than 4Gig.
- You will need (at a minimum) 2x the space of the backup image so you can have the TrueCrypt virtual disk and enough space to copy the image onto an unencrypted area when you need to restore.
- Create an NTFS TrueCrypt virtual disk on your storage.
- Make your removable storage into a Traveller Disk using the TrueCrypt “Tools” menu option, set it to automount the virtual disk on T: (pick a drive letter that won’t conflict with any other drive mappings).
- Create a scheduled backup job for your entire disk, creating the backup image on the T: where your TrueCrypt virtual disk is mounted (yes, you have to mount it BEFORE you run the backup).

When you need to restore the image you will need to plug your removable storage into another Windows 2000/XP system to mount the TrueCrypt virtual disk and copy the backup image into the unencrypted area on the removable storage, you can then attach your removable storage to the machine you want to restore and boot from the Acronis Rescue Media, select the image (which is now in the unencrypted area of the removable storage) and restore. Once you have restored the image you should delete the image from the unencrypted area again.

If you want an extra layer of security you can also password protect the Acronis True Image backup so that the data is never completely in the clear on the removable storage.

Reality in Multiplayer

I’m a big fan of gaming, whether it be on an arcade machine, console or my usual stomping ground, the versatile x86 PC platform… When the move from 2D games to 3D happened something bothered me a lot, I saw all these amazing games with HUGE jagged aliased edges all over the place. I didn’t understand the complexity of anti-aliasing but it seemed something that would logically have been added to the first 3D accelerators which appeared a few years later. And it wasn’t.

We got wonderful fast moving (unless you were a chump and backed the wrong tech, everyone remember the poor sods with the S3 Virge 3D graphics decelerator?) 3D games, in low res, still with the jaggies all over the place. Only in the last 2 or 3 generations of 3D accelerators (now going by a better suited moniker, the Graphics Processing Unit aka GPU) have we been allowed anti-aliasing combined with anisotropic filtering to counter the jaggies from hell. And only if you can afford one of the higher end cards… 10 years and its still not a basic standard feature for the masses!

On to something for the future (the present maybe, I haven’t kept up with the latest games for a while), why do we have voice comms in virtually all multiplayer team games but nobody has implemented a simple “if I’m close to team B player while he talks, I can hear what he says (and hears on his team radio), even though I’m in team A”? Having been a Counter-Strike addict for a year or so a while back I’d have loved to have this feature in the games, it’d add to the reality and the stealth factor. It can’t be that hard to add, it’d just be using the same code as the other sound propagation routines. Players could even switch their comms off to make sure they’re silent… Even the players who don’t have headsets rigged for voice can use the standard comms presets!

My only conundrum facing the implementation is text based chat, get rid of it and you lose the hearing impaired gamers (who are already disadvantaged by the current implementation of voice chat). Personally though I found it next to impossible to play a fast team based game and find time to type messages without rapidly being gunned down. Maybe we’ll see it happen in Half-Life 3 or Team Fortress 2? Come on Valve and id, we’re pointing the finger at you!

A year later and the world of TV catches up…

Last year I wrote about how broadcasters hadn’t realised the potential of selling their shows without adverts and giving them away with the adverts included… And now they are putting the final parts of both in place. If you are lucky(?) you can buy (with oh-so-friendly DRM) episodes of your favourite show for $2 each on Apple’s iTunes shop (you have to own a G5 iPod, aka iPod with Video, to be able to watch at 320×240 and only if you’re in the USA). I’m trying to figure out where the user friendly part appears there. Today ABC has announced that they will be putting shows up on their website (Flash 8 encoded) with the adverts embedded for free the day after they are broadcast. I can’t wait until episodes are appearing in HD for download (even if we have to live with some platform dependent DRM) via BitTorrent (hint for ABC, your bandwidth will NEVER be enough without some form of P2P technology in your distribution system) so we can all enjoy our favourite programs.

Now all we have to do is wait another 2-3 years for the EU to get the same content, insert localised adverts and do the same. Unless the producers and broadcasters finally give up on this artificial segmentation of viewing markets… you can include subtitles in the same stream as the show. One hurdle down, another few to go!

Depeche Mode – Touring the Angel

On Sunday I went to the Depeche Mode “Touring the Angel” concert at Ahoy! in Rotterdam with a friend. We got there in plenty of time (after getting only a little bit confused with the directions at the end of the trip) and even had time to go for a toilet break before entering the stadium. As is fairly typical of concerts or other large events they wouldn’t let us take a bottle of water into the building…

The support band was The Bravery, can’t say if they were good or not because the sound of the guitar & drums drowned out the vocals almost completely (if you are one of the sound engineers responsible, shame on you), they did however seem to put a great deal of enthusiasm into their act.

Depeche Mode took their time to appear (they weren’t late, the support act just finished quite a while before they were due on stage) and the crowd whipped itself into a frenzy every time a roadie wandered onto the stage. I should mention that when I looked out over the crowd below (we bought seats, the idea of standing the whole time doesn’t appeal) I realised that the majority of the fans are in their 30′s and 40′s! The band walked on stage to a huge roar from the crowd, no chance that they’ve lost any of the popularity they’ve enjoyed for the last decades.

I can’t say for sure which set list they played but it included pretty much all of their hits old and new as well as a fair selection from the new album (Playing the Angel), you could tell which were the new ones because most of the fans didn’t know all the words yet *8) As soon as any of the older songs started the crowd would erupt in song (Dave didn’t have to encourage them much). It was great to see Dave whirling around like a dervish on the stage (and I’m sure the women were impressed by his toned shirtless torso too) and Martin seems to have developed a crowd pleasing stage presence which he used to lack (and the black wings & strange headgear).

The whole concert wound down with Goodnight Lovers and it looks (at least on stage) that any hint of the band breaking up (due to solo projects and Dave wanting to pen some of the songs) has vanished and they really are enjoying being out in front of an adoring crowd again. If you get a chance to see them on their tour GO! If you want to get an idea of the performance, go look in the Depeche Mode archive of live footage from 9 Dec 2005 in Washington, DC and 25 Nov in Las Vegas.

On a slight side note… I was reading Wil Wheaton’s blog and noticed that he is a Depeche Mode fan too… way to go Wil!