Directory: /home/lincoln Shell: /bin/bash
Last login Fri May 17 12:03 (NZST) on pts/1 from mad-dog.staff.acsdata.co.nz
Monday, 16 of July 2007
If you have mucked about a little in second life, sat around with a bunch of people in some place and talked and pulled mad dance moves etc and then got bored, search around for one of the sandboxes scattered around the place.
Rather than just being a place where people not willing to commit to owning land can have a go at building stuff, you get all sorts turning out trying every crazy thing they can think of.
A typical sandbox includes a giant glass head, a couple of half attempts at wooden cottages, a rideable motor-penis, an absolutely huge klingon bird of prey, a fountain of bouncing mario bros and a single seater space ship making 'launch preperation' notification anouncements in a utilitarian female voice.
Even with all that sort of fun going on, I got a bit bored at one point and was about to fly off when I noticed a little block off in the sky. It turned out to be a big four poster bed way the hell up in the sky. I sat on it for a bit and watched the chaos going on down below as someone had written a script which took the bouncing mario image and caused them to explode out of control all over the sandbox, something like a hundred thousand of them.
As I was sitting there a witch complete with green face, flowing robes and pointy hat drove past in a flying delorean that looked suspiciously like the one in the back to the future movies.
It's a bit like a dream gone wrong, much more fun than sitting around scripting dance moves.
Sunday, 7 of January 2006
2 tblspn paprika
1 tblspn onion salt
1 tspn celery salt
1 tspn rubbed sage
1 tspn garlic powder
1 tspn ground allspice
1 tspn ground oregano
1 tspn chili powder
1 tspn black pepper
1 tspn crushed basil leaves
1 tspn finely crushed marjoram leaves
Combine and mix with a few cups of flour, dip chicken into beaten egg, coat with mixture and deep fry.
Saturday, 30 of March 2005
About the second point that the Telstra representative makes in this interview is that Telstra has not withdrawn from the peering exchanges.
I have a different view.
As best I can tell I am the first person from Wellington to fill out the 'application form' to establish paid peering with Telstra over Citylink in Wellington. The RFS date ( The date they claim service will be established ) came and went, and eventually after much harrasment they have come back to us with a fairly straight up and honest explaination for why they had not put up a BGP session with us.
An excerpt from the explanation we recieved:
"Citylink is a shared network, which means that we don't see individual
customers, but an aggregate of customers. If we try and rate-limit one
customer, we end up rate-limiting all customers. There are various technical
solutions we're looking into that might fix this situation, but for the time
being we're stuck with being unable to rate-limit the tail circuit."
The end result is that they will not put up a peering session with us over Citylink until they can rate limit it to the bandwidth we are prepared to pay for. I see that the Telstra representative in this interview was careful not to point out that ( at the time of this interview ) they had not established a single peering session across Citylink in Wellington, nor had they even put any thought to how they might do it if anyone did ask.
Before Telstra de-peered at WIX the traffic used to cross from our network directly to Telstra across Citylink, about 4 hops all up and with a nice 10-15ms latency. We would save money by not having to transit the traffic to Auckland and Telstra would save money by not having to pay to transit the traffic from Auckland to Wellington.
Heres a practical example of a traceroute between two _Telstra_ cable modems, physically about 0.5km apart in Lower Hutt. One cable modem is routed by us, and the other end routed by Telstra.
[ ~ ]$ traceroute 22.214.171.124
traceroute to 126.96.36.199 (188.8.131.52), 30 hops max, 38 byte packets
1 gw.cable4.linuxnet.co.nz (184.108.40.206) 12.628 ms 17.647 ms 19.260 ms
2 v4core0.citylink.linuxnet.co.nz (220.127.116.11) 16.447 ms 9.375 ms 12.979 ms
3 203-118-147-1.ihug.net (18.104.22.168) 14.158 ms 13.311 ms 13.116 ms
4 203-118-147-249.ihug.net (22.214.171.124) 34.679 ms 28.716 ms 27.988 ms
5 203-109-156-225.ihug.net (126.96.36.199) 21.921 ms 20.597 ms 23.141 ms
6 g1-0-1642.u12.telstraclear.net (188.8.131.52) 27.055 ms 25.553 ms 24.340 ms
7 g1-0-1043.u12.brh.telstraclear.net (184.108.40.206) 21.601 ms 23.277 ms 29.583 ms
8 10.65.32.1 (10.65.32.1) 23.285 ms 22.639 ms 23.568 ms
9 10.65.32.250 (10.65.32.250) 30.656 ms 32.414 ms 37.072 ms
10 10.69.0.2 (10.69.0.2) 34.500 ms 29.589 ms 37.861 ms
11 a12-3-23.u21.tar.telstraclear.net (220.127.116.11) 33.659 ms 36.030 ms 46.302 ms
12 fa7-4-1042.bertha.tce.telstraclear.net (18.104.22.168) 35.320 ms 34.269 ms 34.117 ms
13 203-79-83-200.cable.paradise.net.nz (22.214.171.124) 58.400 ms 46.904 ms 53.262 ms
We pay for the traffic to go to auckland to where our domestic transit provider peers with Telstra and then Telstra pays for the traffic to come back to Wellington for it to be routed to our customer.
It is very frustrating to see stupid political games by telephone companies impacting on operational matters.
Thursday, 28 of March 2005
I happened to be logged into a little router that is connected to a wireless network that we run in Lower Hutt today and noticed that the wireless facing interface on it had been assigned ( autoconfigured ) an ipv6 address:
inet6 addr: 2002:9f63:7204:4:250:fcff:fee3:4e2a/64 Scope:Global
Well thats odd I thought, I hadn't got around to adding ipv6 connectivity to that particular network, and in any case the address was in 2002 space. Dusting off the cobwebs in my head, 2002::/16 is allocated for 6to4 prefixes, which is space allocated to anyone with an ipv4 address to tack on 2002 at the beginning, their ipv4 address in hex in the middle, and the remaining 80 bits are theirs to use however they wish ( 65535 /64's if they so desire ).
As the box was set to use ipv6 autoconfiguration, pretty much anyone with a wireless adapter and a smallish antenna could connect and start making their subnet broadcasts, so the only interesting bit was who on earth would expend time and effort to assign addresses to random people.
As this was a 6to4 address, you can work out the original ipv4 prefix by converting the 32 bits after the 2002: into decimal and putting it back into a dotted quad:
2002:9f63:7204:4:250:fcff:fee3:4e2a/64 gives us:
9f63:7204 so the following results:
9f = 159
63 = 99
72 = 114
04 = 4
So the original ipv4 address was 126.96.36.199.
Looking this up in the arin whois database gives us:
OrgName: Honeywell Ltd Australia
Address: 2801 4th Ave So
NetRange: 188.8.131.52 - 184.108.40.206
NetType: Direct Assignment
TechName: Honeywell Inc.
This network still appears to be originated by AS1221 and in use by honeywell, so what are these guys doing connecting to random wireless networks around the place?
Friday, 11 of March 2005
Instead of saying how long its been since I posted something here I'm
just going to pretend it was less than two years, in a feeble attempt to
encourage audience participation in blogs, you have to pretend along
My real reason for posting something is that I have just put a link to
this on my website so I thought I would make it a link to something
that had been updated recently.
Reading through the old .plan entries here is odd, it seems I have
neglected to mention that I have been working ( in a technical
capacity ) on building up an ISP called LinuxNet or ACSOnline
for the last 6 years. We've got like proper gear and everything now =)
Hey well gnu has been up for a while thats always good .plan fodder:
[ firstname.lastname@example.org | Fri Mar 11 11:11:41 | /dev/pts/5 ]
[ ~ ]$ uptime
11:11pm up 488 days, 22:47, 5 users, load average: 0.00, 0.00, 0.00
Thats its second time round the uptime counter, so thats like er 985
days or 2.6 years. I guess after 3 years you can call it stable or
something, then it should be time to buy a new one.
My car loan will be paid off in May, I've got lots of great ideas of what
to do with another few hundred dollars a fortnight, new socks here we come!
They have started running ads on TV on how bad binge drinking is, its
almost got me inspired me to get totally smashed. Gee it seems like
alot of effort, maybe tomorrow.
Saturday, 03 of May 2003
Why freeswan pisses me off.
I use freeswan about the place for implementing various VPNs and even
just encrypting extruded subnets in transit. It is not that hard to
implement, is very quick to reconnect when a site has become
unreachable and is generally quite reliable.
When you establish a tunnel with ipsec, you can specify a subnet on
either or both ends of the connection, lets say it looks like this:
You are asking freeswan, to make an ipsec tunnel for encrypting
communications bettween hosts on 220.127.116.11/29 and hosts on
18.104.22.168/29. As a part of putting up this tunnel, freeswan on each
of the routers adds some routing entries, Router A gets a routing entry
that says packets destined for 22.214.171.124/29 should go out the local
ipsec interface. Likewise Router B in this scenario gets a routing entry
that says packets destined for 126.96.36.199/29 should go out the ipsec
interface. At first glance this does not seem entirely unreasonable.
The issue is caused by behaviour of the "sec" part of ipsec, a tunnel is
always established with a fixed set of filters on it. In the example
above, any packet that strays into the ipsec interface on Router B must
be originating from an ip within 188.8.131.52/28 and also be destined
for an ip address in 184.108.40.206/29. Anything else will be filtered by
Router B and even if Router B did conspire to forward the packets
anyway, Router A would drop them as soon as they arrived at the other
end of the tunnel.
The routing entries that freeswan has added simply dont reflect this
behaviour at all. If Router A tries to ping 220.127.116.11 it will
default to using a source address of 18.104.22.168 and so a packet
with a source of 22.214.171.124 and a destination address of
126.96.36.199 will never reach its destination. What has gone wrong?
We don't have a tunnel definition for 188.8.131.52 to talk to
184.108.40.206 via the tunnel. Packets with a source address of
220.127.116.11 ( or any other source address outside 18.104.22.168/29
) should never have arrived at the ipsec interface in the first place.
Instead the routing entries that freeswan initially added should read
Router A should send packets with a source address of 22.214.171.124/20
and a destination address of 126.96.36.199/29 to the ipsec tunnel.
Router B should send packets with a source address of 188.8.131.52/29
and a destination address of 184.108.40.206/29 into the ipsec tunnel.
This is called policy routing, a regular garden variety router or PC
makes routing decisions based on a routing table that contains
information on the next hop to reach a given destination subnet. A
policy router can also make routing decisions based on the source
address that is trying to reach a given destination.
Luckily Linux has supported policy routing for quite some time, so why
doesn't freeswan install policy routes for each tunnel definition?
Wednesday, 02 of January EEEEE
New years resolution:
Make reasonable effort to not get maimed.
Monday, 29 of October 0001
Since my last .plan update gnu has been moved from one server room to another
and just recently had its UPS replaced, it however has not been rebooted.
Saturday, 28 of July 01
Some OSOAL search engine http referrers:
+animal +lolita +sheep
+free +nude +sleep +drunk +girl
+"Sailor Moon" or "SailorMoon" and "mush" or "mux" or "mud" or "muse" or "muck"
+armageddon +ftp +divx
+attack +llama +pictures
+free +eyore +icons
Much kudos to the guy who put "Worlds stupidest person" in and got my .plan
The ip addresses for any of the above go to the highest bidder.
Saturday, 27 of April 1901
ssh: SSH-1.99-2.0.11 (non-commercial)
released 17 November 1998
released July 6 1998
http: PHP/3.0.8 PHP/3.0.8
released May 22 1999
Hmm, stuck in the previous millenium.
I would appreciate it if the government would stay the hell off the internet
until they can ensure bored 12 year olds are unable to own their web servers
at a whim.
Tuesday, 20 of February 1