Developing software is hard work – especially when you target several operating systems. One task that you have to perform quite often would be to deploy a new installation of an operating system as fast as possible on a test machine.

Doing this with Windows is easy – you can use the Windows Deployment Services to bootstrap Windows onto almost every machine which can boot over ethernet using PXE. Everything needed to make WDS work on a Windows Boot-Image is located on that image. Since it’s that easy I won’t dive into more detail here.

What I want to show in greater detail is how you can use WDS to deploy even Linux over your network.

Step 1: Get PXELINUX

What’s needed to boot Linux over a network is a dedicated PXE Boot Loader. This one is called PXELINUX and can be downloaded here.

“PXELINUX is a SYSLINUX derivative, for booting Linux off a network server, using a network ROM conforming to the Intel PXE (Pre-Execution Environment) specification.”

On the homepage of PXELINUX is also a short tutorial which files you need and where to copy them.

Step 2: Setup WDS with PXELINUX

I suppose you got your WDS Installation up and running and you are able to deploy Windows. If that’s the case you can go to your WDS Server Management Tool and right-click on the server name – in my case “fileserver.sones”. If you select “Properties” in the context menu you would see the properties windows like in the screenshot below:

You have to change the Boot-Loader from the standard Windows BootMgr to the newly downloaded PXELINUX bootloader. Since this bootloader comes with it’s own set of config files you can edit this config file to allow booting into Windows.

Step 3: Edit PXELINUX configuration file 

The first entry I made into the boot menu of the PXELINUX boot loader is the “Install Windows…” entry. Since the first thing the users will see after booting is the PXELINUX loader menu they need to be able to continue to their Windows Installation. Since this Windows Installation cannot be handled by the PXELINUX loader you have to define a boot menu entry which looks a lot like this:

LABEL wds
MENU LABEL Install Windows…
KERNEL pxeboot.0

To add OpenSuSE to the menu you would add an entry looking like this:

LABEL opensuse
MENU LABEL Install OpenSuSE 11.x
kernel /Linux/opensuse/linux
append initrd=/Linux/opensuse/initrd splash=silent showopts

The paths given in the above entry should be altered according to the paths you’re using in your installation. I took the /Linux/opensuse/ files from the network install dvd images of OpenSuSE.

That’s basically everything there is about the installation of Linux (Debian works accordingly) over PXE and WDS.

And finally this is what it should look like if everything worked great:

 

Source 1: http://en.wikipedia.org/wiki/Preboot_Execution_Environment
Source 2: http://syslinux.zytor.com/wiki/index.php/PXELINUX

Today was Linux-Distribution-ISO-Install-Day. And it turned out that the only existing external DVD drive was fubar.

So what to do? We had a spare USB stick and it turns out that you can quite easily convert that USB stick into a bootable Linux-Distribution-Install-USB-Stick. Awesome!

Just download the tool called “UNetbootin”, start it and you can turn virtually any ISO Distribution Image into an USB Stick that boots and installs that ISO:

 

Source: http://unetbootin.sourceforge.net/

So here we are on a new blog engine. It took me the better part of two days to do the Migration of 2,869 posts and 2,732 comments, a lot of pictures and movie files.

I will write an article on this but for now only two captures images from the migration:

yeah PHP rocks!

 
had to do some regex action to do the url rewrites

Obviously this Linux System is quite amazed by it’s own uptime of 118 Days (!!!!!)

Does anyone know why there’s this (!) behind the days?

Aufgrund neuester Entwicklungen im Speichermedien-Segment wird ab dem nächsten Release des sones Speichersystems auch das angesagteste Speichermedium der Stunde unterstützt: die Speichergurke.

Durch die sensationelle Speicherdichte und unerreichte Zuverlässigkeit ist die Speichergurke das perfekte Speichermedium für den Datenhunger von gestern, heute und morgen.

Source 1: http://www.sones.de
Source 2: http://www.speichergurke.de

“Mono 2.0 is a portable and open source implementation of the .NET framework for Unix, Windows, MacOS and other operating systems.”

• Compiler
• C# 3.0 compiler implementation, with full support for LINQ.
• Visual Basic 8 compiler.
• IL assembler and disassembler and the development toolchain required to create libraries and applications.
• API
• ADO.NET 2.0 API for accessing databases.
• ASP.NET 2.0 API for developing Web-based applications.
• Windows.Forms 2.0 API to create desktop applications.
• System.XML 2.0: An API to manipulate XML documents.
• System.Core: Provides support for the Language Integrated Query (LINQ).
• System.Xml.Linq: Provides a LINQ provider for XML.
• System.Drawing 2.0 API: A portable graphics rendering API.

Source: http://www.mono-project.com/Main_Page

Turns out that a new snapshot (unofficial) version of my favourite DVD to iPod Converter is available. With the new version came new features like the one that allows me now to convert almost anything to wonderful iPod compatible movie files.

“HandBrake is an open-source, GPL-licensed, multiplatform, multithreaded DVD to MPEG-4 converter, available for MacOS X, Linux and Windows.”

I tried anything in my library, including some matroska movie files. Just everything worked – amazing!

Source: http://handbrake.fr/?article=snapshot

I found the almost complete “Computer Chronicles” recordings on archive.org – and boy this is fun!

I picked some episodes and found very interesting things – like this particular episode from 1985. It’s about Unix and obviously one of the presenters has his very own opinion about Unix.

Source: Computer Chronicles 1985 “Unix”

From the wiki about section:

“In Widelands, you are the regent of a small tribe. You start out with nothing but your headquarters, a kind of castle in which all your resources are stored. In the course of the game, you will build an ever growing settlement. Every member of your tribe will do his or her part to produce more resources – wood, food, iron, gold and more – to further this growth. But you are not alone in the world, and you will meet other tribes sooner or later. Some of them may be friendly and trade with you. However, if you want to rule the world, you will have to train soldiers and fight.

Widelands offers a unique style of play. For example, a system of roads plays the central role of your economy: all the goods that are harvested and processed by the tribe must be transported from one building to the next. This is done by carriers, and those carriers always walk along the roads. It is your job to lay out the roads as efficiently as possible.

Another refreshing aspect of the game is the way you command your tribe. There is no need to tell every single one of your subjects what to do – that would be impossible, because there can be thousands of them! Instead, all you’ve got to do is order them to build a building somewhere, and the builders will come. Similarly, whenever you want to attack an enemy, just place an order to attack one of their barracks, and your soldiers will march to fight. You’re really a ruler: You delegate in times of war and in times of peace!

Widelands offers single-player mode with different campaigns; the campaigns all tell storys of tribes or Empires and their struggle in the Widelands universe! However, settling really starts when you unite with friends over the Internet or LAN to build up new empires together – or to crush each other in the dusts of war. Widelands also offers an Artifical Intelligence to challenge you.

In the end, Widelands will be extensible, so that you can create your own type of tribe with their own sets of buildings. You can create new worlds to play in, and you could even create new types of worlds (who says you can’t build a settlement on the moon?). ”

Source: http://xoops.widelands.org/

I wrote about Levelhead and it’s stunning concept not long ago. Now you can play with it’s code and try it for youself:

“First thing’s first, this is a developer release and needs to be compiled. It has many third-party dependencies from the renderer to the video capture context. As yet there is no lovely statically linked binary of levelHead or automagical build script for a folder of dependencies. Nonetheless, I’ve installed levelHead on many (Ubuntu) systems now and what’s listed below should work fine for you.
levelHead is known to build on Ubuntu 7.10/7.04 and Debian Etch systems against the following external dependencies. It’s adviseable you adhere to these versions if you want to avoid going spontaneously mad”

The site goes on:

“Code and assets are provided under two differing licenses: the code is governed by the GPLv3 and the art is covered by the GPLv3 compatible CC-BY_SA 3.0. Make sure you understand what that implied before downloading this project. For the rationale as to why I chose this configuration, please read the comments in the top of the levelHead.cpp file itself. Both art and code are available in a subversion repository, aquired with the following command:

svn co http://www.inclusiva-net.es/svn/levelhead "

Since I will try it myself (installing Ubuntu now) – I will give a detailed tutorial about it in the future…at least I hope so.

Source: http://julianoliver.com/levelhead

If you’re using Windows and if you want to access those filesystems that are used by Linux you can use FUSE on Windows now.

“Filesystem in Userspace (FUSE) is a loadable kernel module for Unix-like computer operating systems, that allows non-privileged users to create their own file systems without editing the kernel code. This is achieved by running the file system code in user space, while the FUSE module only provides a “bridge” to the actual kernel interfaces. FUSE was officially merged into the mainstream Linux kernel tree in kernel version 2.6.14.

FUSE is particularly useful for writing virtual file systems. Unlike traditional filesystems, which essentially save data to and retrieve data from disk, virtual filesystems do not actually store data themselves. They act as a view or translation of an existing filesystem or storage device. In principle, any resource available to FUSE implementation can be exported as a file system. See Examples for some of the possible applications.” (Wikipedia)

There is a version of FUSE for Mac and of course for linux and now with coLinux there’s a chance to get the FUSE world onto the Windows machines.

“For our task we will use coLinux. coLinux is a modified linux kernel that can be executed as an application or a service in the Windows environment. The web page of the project is http://www.colinux.org/.”

You’ll find a very detailed how-to there.

Source 1: http://en.wikipedia.org/wiki/Filesystem_in_Userspace
Source 2: http://polishlinux.org/linux/ext3-reiserfs-xfs-in-windows-thanks-to-colinux/
Source 3: http://www.colinux.org/

Ever since we started writing a complete and cutting edge filesystem in C# and only managed code we are confronted with questions like

“Why C#? Why .NET? Why not in a more low-level language? Why a filesystem after all?”

I don’t want to talk just yet about our reasons but we can’t be that wrong if even Microsoft Research is trying to get their .NET Operating System research project Singularity ready for customers:

“Midori is an offshoot of Microsoft Research’s Singularity operating system, the tools and libraries of which are completely managed code. Midori is designed to run directly on native hardware (x86, x64 and ARM), be hosted on the Windows Hyper-V hypervisor, or even be hosted by a Windows process.”

This would be an Operating System 100% in managed code – hey Microsoft – maybe you want to talk with us about our 100% managed code filesystem?!

To prevent rumors: no – we are not working on anything Microsoft related, yet.

Source 1: Microsoft Research – Singularity
Source 2: Codename Midori

Another linux related IBM article:

“The Linux® kernel is the core of a large and complex operating system, and while it’s huge, it is well organized in terms of subsystems and layers. In this article, you explore the general structure of the Linux kernel and get to know its major subsystems and core interfaces. Where possible, you get links to other IBM articles to help you dig deeper.”

Source: http://www.ibm.com/developerworks/linux/library/l-linux-kernel/index.html?S_TACT=105AGX03&S_CMP=ART

Since Filesystems are another technology we are currently working on I want to point everyone to an article by IBM:

“When it comes to file systems, Linux® is the Swiss Army knife of operating systems. Linux supports a large number of file systems, from journaling to clustering to cryptographic. Linux is a wonderful platform for using standard and more exotic file systems and also for developing file systems. This article explores the virtual file system (VFS)—sometimes called the virtual filesystem switch—in the Linux kernel and then reviews some of the major structures that tie file systems together.”

Source: http://www.ibm.com/developerworks/linux/library/l-linux-filesystem/index.html?S_TACT=105AGX03&S_CMP=ART

You may have heard about Levelhead – an augmented reality game made by Julian Oliver – if you did not hear about it? No problem:

“Augmented reality (AR) is a field of computer research which deals with the combination of real-world and computer-generated data. At present, most AR research is concerned with the use of live video imagery which is digitally processed and “augmented” by the addition of computer-generated graphics. Advanced research includes the use of motion-tracking data, fiducial marker recognition using machine vision, and the construction of controlled environments containing any number of sensors and actuators.”

So – Augmented reality mixes the reality and the computer graphics and creates a new reality for you. That’s a lot of theoretical…so let’s talk about Levelhead:

It’s a game where you have to move plastic cubes with printed-on patterns in front of a camera – the computer now renders a new world inside of the plastic cubes – when you move the cube, the world inside the cube moves too… it looks like this:

“levelHead uses a hand-held solid-plastic cube as its only interface. On-screen it appears each face of the cube contains a little room, each of which are logically connected by doors.
In one of these rooms is a character. By tilting the cube the player directs this character from room to room in an effort to find the exit.

Some doors lead nowhere and will send the character back to the room they started in, a trick designed to challenge the player’s spatial memory. Which doors belong to which rooms?

There are three cubes (levels) in total, each of which are connected by a single door. Players have the goal of moving the character from room to room, cube to cube in an attempt to find the final exit door of all three cubes. If this door is found the character will appear to leave the cube, walk across the table surface and vanish.. The game then begins again.
Someone once said levelHead may have something to do with a story from Borges.. For a description of the conceptual basis of this project, see below. “

If you are not amazed now? You should watch this:

The thing is – this cool game and technology will be available at the end of this month as full open-source. I suggest to check Julians site back at the end of the month at last.

Source 1: Augmented Reality @ Wikipedia
Source 2: Levelhead homepage

“I am pleased to announce that Mono C# compiler (gmcs) has now full C# 3.0 support. Most of the features has been available since Mono 1.2.6 release. However, with the upcoming Mono 2.0 release we will also support complex LINQ expressions and mainly expression trees which is fairly overlooked new feature with a lot of potential.”

Source: http://mareksafar.blogspot.com/2008/07/mono-c-compiler-gets-full-c-30-support.html

It’s not as many of those fance company-blogs like gizmodo have written: not the Xbox Media Center project (which makes XBMC for Windows, Linux, Xbox 1 and OSX) renamed itself – infact only the fork of OSXBMC renamed itself to PLEX.

“The one name that stuck was Plex. I like it because it evokes “cineplex” and the suffix means “comprising a number of parts” which the application certain does. In mathematics, you use the suffix to mean “ten to the power of the number” (e.g. oneplex = 10).

Because there are no four-letter domain names left (seriously, try to find one!) we decided to square the plex, so to speak. Think of either plex^2 or plex squared (the beta logo below tries to connote the word “plex” inside a square that might represent a TV screen). The domain names are plex2.com, plexsquared.com, and plexsquare.com for good measure. They are not active yet.

In the coming days, we’ll be working on the rebranding process, including the application packaging, logo, web domains, etc. In the longer term, we have some exciting things in the skin department as well. Stay tuned, and thanks for all your support; we really are lucky to have such an great community.”

Along with the new name comes a new logo:

Source: http://www.osxbmc.com/
Source 2: http://www.plex2.com

The standard nerd knows: physics is fun. Even better: When you play with gravity and friction and water an what-not in a sandbox. Now there are several tools available that allow you to do just that: Play with physics.

The first tool is called “phun” and is Windows and Linux only. It’s a small tool that allows you to draw circles, boxes, springs,… and when you finished: press the “play” button to start the simulation. You can interact all the time with the objects and the simulation by draging and manipulating everything.

 

There’s even a video available of phun in action:

It’s serious fun…that phun tool… yeah I had to write that, you know?!

The second tool I want to write about is called “Chipmunk” and is available for OS X only. To be fair: this is not a real drawing tool like phun – it’s more or less a game physics engine that cames with several samples in sourcecode that you can play with if you can… You need XCode and some Objective C knowledge.

So now go and play!

Source 1: http://www.acc.umu.se/~emilk/index.html
Source 2: http://wiki.slembcke.net/main/published/Chipmunk

Finally someone started to port the Windows Communication Foundation to Mono. That’s great news because the only thing that keeps some of my newest works from running under anything different Windows is the WCF.

“Implementing peer-to-peer (P2P) communication was the main objective. WCF ships, by default, with predefined bits for making P2P connections in an easy way, being possible to build services which hosts a mesh of nodes (a node represents a potential client), taking care of everything related to registration of new nodes, message flow over the mesh, etc.”

You can get the plan as pdf here.

Source: Mono Olive

This post is more of a reminder for myself. I need to remember that obviously great multi-track audio application that just became available.

“Ardour is a digital audio workstation. You can use it to record, edit and mix multi-track audio. You can produce your own CDs, mix video soundtracks, or just experiment with new ideas about music and sound.

Ardour capabilities include: multichannel recording, non-destructive editing with unlimited undo/redo, full automation support, a powerful mixer, unlimited tracks/busses/plugins, timecode synchronization, and hardware control from surfaces like the Mackie Control Universal. If you’ve been looking for a tool similar to ProTools, Nuendo, Pyramix, or Sequoia, you might have found it.

Above all, Ardour strives to meet the needs of professional users. This means implementing all the “hard stuff” that other DAWs ( even some leading commercial apps ) handle incorrectly or not at all. Ardour has a completely flexible “anything to anywhere” routing system, and will allow as many physical I/O ports as your system allows. Ardour supports a wide range of audio-for-video features such as video-synced playback and pullup/pulldown sample rates. You will also find powerful features such as “persistent undo”, multi-language support, and destructive track punching modes that aren’t available on other platforms.”

Source: http://www.ardour.org/

There’s a free fan made Battlestar Galactica game available…

“Beyond the Red Line is a stand-alone total conversion for the award-winning Freespace 2 released by Volition and Interplay for the PC. It is based on the popular new tv-show Battlestar Galactica. No, not the one from the 70s.”

It’s free and available for Windows, OS X and Linux.

Source: http://www.game-warden.com/bsg/

You are a fan of SIM* games? You want something light to take on your travels and play from time to time? I got good news for you: Open Transport Tycoon Deluxe is available in it’s final version 0.5.

It’s running on Windows, Linux and MacOS and you will need the original Transport Tycoon Deluxe files because OpenTTD just reuses the graphics of the old version.

But when you got all that you get a very very great game that doesn’t need much resources and is insane fun.

Source: http://www.openttd.org/index.php

Even I can now control the world outside my computer. With the USB interface board K8055 from Velleman, Belgium, you can access to the board via DLL. It´s easy to use i.g. in VisualBasic Express. (I did so last night – faszinating!) That reminds me on old Commodore Plus/4 times!

I tested it on a Windows XP system, but it also should work on Linux. Now let´s see, what cases I´m going to resolve.

Manufacturer: http://www.vellemanusa.com/us/enu/product/view/?id=500349

medienfloh

Hear, hear!

“What Windows has really lacked, besides pervasive and effective security controls, of course, is an emotional attachment with users. Unlike rival computing platforms such as Linux and the Mac, there aren’t fanatical groups of Windows enthusiasts roaming the Internet and striking down non-believers with unnecessary religious zeal and bias. In fact, if you think about it, the closest we have to that scenario in the Windows world are guys like me, and I couldn’t care less if you choose not to run Windows. Instead, Windows guys tend to be more pragmatic than Linux and Mac fanatics. First, we’re not fanatics, and while I can’t speak for the rest of the community, I completely understand why someone might want to run Mac OS X, and I’d never ridicule them for making that choice.”

Source: http://www.winsupersite.com/reviews/winvista_04.asp

Who said that:

“Ahoy!

She’s good to go, hoist anchor! Here’s some real booty for all you land-lubbers.

There’s not too many changes, with t’bulk of the patch bein’ defconfig updates, but the shortlog at the aft of this here email describes the details if you care, you scurvy dogs.”

Yeah, you’re right… it’s teh linus…well… go here and take a look … it’s the guy in the middle..

Source: http://kerneltrap.org/node/7144

Well nice description what this could do:

“They may not work. They may not even install. They may make your monitor explode in a shower of glass. EVEN LCDs! They may make your children grow horns, and cause the people in your neighborhood to explode spontaneously while doing the Macarena. They will rip out your eyeballs, and eat your soul with a really dull spoon, laughing and cackling while forcing Cheerios up your nose. They will make your intestines explode in a rain of confetti, while evil clowns bite your feet.”

But what it really will do is slightly different:

Source: http://ranger.users.finkproject.org/kde/#about

Thinstuff released it’s RDP Server version 1.0 recently. Some of the features:

• RDP server for Linux
• RLE compression
• RDP protocol compression
• Data encryption
• Client selected resolutions and bits per pixel
• Fullscreen mode
• RDP Bitmap Cache
• RDP Orders
• Compatible Clients: RDP 5.0, 5.1, 5.2, Windows CE, rdesktop
• Optimized for many kinds of X11 applications for optimal performance
• Change resolution while clients are connected
• Very low bandwidth consumption
• Shadowing support to view a session multiple times
• Terminal Server
• Database or passwd/shadow user management
• Passwd/shadow or PAM authentication
• Management through Java Client
• Authentication by specifying username and password in the RDP client or at a login window within the RDP session

Obviously the RDP server is a X Server on the linux side with a RDP interface to the rest of the world…very cool indeed. As soon as I have some time I’ll give it a try…

Source: http://www.thinstuff.com/company/news/

The Mono team (well, Novell) created a mono-development-environment-in-a-box as an VMware Image. You can grab it at the source.

“The image is a SUSE Linux Enterprise Desktop 10, and it includes the latest version of Mono, the development tools, documentation and samples for Windows.Forms and ASP.NET.

The MonoDevelop IDE is included in the image for developers, and Postgress and MySQL are installed to test your application with a database.”

I’ve made some screenshots:

explore the WinForms implementation of mono

Source: Mono VMware Image

The iRex iLiad e-ink e-book reader is such a fantastic device, a friend of mine is willing to put the >600 euro down to get one. And if he reads this, he’ll be even more motivated to bite the bullet:

“From the factory, the Iliad only uses and maintains Internet connectivity for a very short time and for one specific purpose; to connect to the Rex site. Some enterprising device owners put a little hack together with a PDF file and some http for an address bar and they’re now surfing the web as long they like on the Iliad.”

Source: http://www.irextechnologies.com/products/iliad/specs

SanaSecurity created these two graphics:

Apache syscall graph

IIS6 syscal graph

What’s this? You may ask…it’s an API dependency graph of the current Apache webserver and the current IIS webserver.

As some people try to interpret those graphics to the favor of their loved one. I cannot see anything discussable about these graphics, so I leave it to you to just enjoy them as they look quite nice

Source: http://www.sanasecurity.com/

This article is in german, but I am going to make a translated english version available soon. Thanks to Volker -cosrahn- Henze for writing this great how-to.

Für Feedback und/oder Fragen bitte die Kommentarfunktion verwenden.

---

VORWORT

Dieses Howto ist ein bischen anders als andere. Es ist ein “Monolitisches” Howto. Wir haben sozusagen einen Snapshot des, bis dato, aktuellen OpenWRT auf unseren Server gezogen und werden damit das gesamte System aufbauen. Es wird keine Updates geben. Das ist natürlich nicht gut aber wir haben diesen Ansatz gewählt um ein Howto zu realisieren bei dem keine Fragen offen bleiben. Also wenn Du es GENAU so machst wie wir hier, solltest Du danach einen wunderschönen Linksys haben der dir einen sicheren und komfortablen Weg bietet dein WLAN vor Unbefugten zu schützen aber trotzdem schnell und einfach Freunden, Bekannten und Nachbarn den Zugriff zu gewähren oder wieder zu enziehen. Warum kein Customized-Image? Wir müssten es testen und dazu felht einfach die Zeit und die Hardware. Aber ich denke das wir demnächst evtl. solch ein Image bauen werden. Allerdings hat solch ein Howto auch den Vorteil das ihr wisst was in eurem Linksys steckt und nicht einfach sagt “Ich glaub der Klumpen da in der Ecke macht das…” Gut dann viel Spass!

VORRAUSSETZUNGEN

• 
  
  Linksys WRT54GS Revision 4
  
  
• Ein Rechner mit telnet und SSH (SSH für Windowser gibt es hier)
  
• 
  
  Möglichkeiten Dateien per scp zu übertragen (mit scp, WinSCP usw.)
  
  
• Grundkenntnisse mit dem Umgang mit Maus und Tastatur

HARDWARE

Linksys auspacken. Die Warnung “Zuerst CD laufen lassen, dann die Kabel anschließen.” kann man getrost überlesen. Und steckt nun das beiliegende Kabel an den Port 1 und an einen beliebigen Rechner. Nun bekommt man eine IP (192.168.1.100), die IP des Linksys ist die 192.168.1.1 also mit http://192.168.1.1 in deinem Browser kommst Du auf das Webinterface. Login: admin und Passwort: admin

Die Logindaten sollten auch auf der beiliegenden
Dokumentations-CD zu finden sein.

So sieht das Webfrontend von Linksys aus. Nach dem Flashen wir der Linksys kein
Webfrontend haben. Man kann allerdings eines Nachinstallieren.
Aber dies ist ein anderes Howto…

FIRMWARE UPDATE

Die entsprechende Firmware erhält man hier: openwrt-wrt54gs_v4-jffs2.zip (1,61 MB) – Dies ist ein Mirror des openwrt.org-Downloads.

!!!!!!!!!! ACHTUNG nun wirds heiß !!!!!!!!!!
Überprüfe unbedingt noch einmal ob nicht doch ein Stromausfall angekündigt wurde oder der Nachbar versucht mit dem Föhn baden zu gehen. Ein Stromausfall wäre fatal für den Linksys.

Klick auf Administration->Firmware Upgrade

Die Datei openwrt-wrt54gs_v4-jffs2.bin angeben

laufendes Update

DAS ERSTE LOGIN

Nun ist es soweit. Wenn alles geklappt hat kannst du dich per telnet einloggen.

Das erste Telnet

root@OpenWrt:~# telnet 192.168.1.1

Trying 192.168.1.1…

Connected to 192.168.1.1.

Escape character is ‘^]’.

 === IMPORTANT ============================

  Use ‘passwd’ to set your login password

  this will disable telnet and enable SSH

 ——————————————

BusyBox v1.00 (2006.03.27-00:00+0000) Built-in shell (ash)

Enter ‘help’ for a list of built-in commands.
  _______                     ________        __

 |       |.—–.—–.—–.|  |  |  |.—-.|  |_

 |   –   ||  _  |  -__|     ||  |  |  ||   _||   _|

 |_______||   __|_____|__|__||________||__|  |____|

          |__| W I R E L E S S   F R E E D O M

 WHITE RUSSIAN (RC5) ——————————-

  * 2 oz Vodka   Mix the Vodka and Kahlua together

  * 1 oz Kahlua  over ice, then float the cream or

  * 1/2oz cream  milk on the top.

 —————————————————

root@OpenWrt:/#

Nach dem einloggen erstmal ein Reset da die Dateisysteme noch read-only sind:

root@OpenWrt:~# reboot

Nach diesem Reboot kann man sich wieder einloggen. Als erstes muss ein neues Passwort gesetzt werden:

root@OpenWrt:~# telnet 192.168.1.1

root@OpenWrt:~# passwd

Changing password for root

Enter the new password (minimum of 5 characters)

Please use a combination of upper and lower case letters and numbers.

Enter new password:

Re-enter new password:

Password changed.

Nun loggen wir uns wieder aus, da Telnet nicht besonders sicher ist
und jeder mitlesen könnte was wir eingeben.

root@OpenWrt:~# exit

volker@buran ~ $ ssh root@192.168.1.1

root@192.168.1.1’s password:

BusyBox v1.00 (2005.07.18-21:49+0000) Built-in shell (ash)

Enter ‘help’ for a list of built-in commands.
  _______                     ________        __

 |       |.—–.—–.—–.|  |  |  |.—-.|  |_

 |   –   ||  _  |  -__|     ||  |  |  ||   _||   _|

 |_______||   __|_____|__|__||________||__|  |____|

          |__| W I R E L E S S   F R E E D O M

 WHITE RUSSIAN (RC2) ——————————-

  * 2 oz Vodka   Mix the Vodka and Kahlua together

  * 1 oz Kahlua  over ice, then float the cream or

  * 1/2oz cream  milk on the top.

 —————————————————

root@OpenWrt:~#

INTERNET

Nun sollte man sich um Internet kümmern. Dies ist aber nicht Teil dieses How-To da es da einfach sehr viele Möglichkeiten gibt einen Linksys mit dem Internet zu verbinden. Deshalb die, meiner Meinung nach, zwei gängigsten hier und noch mehr Infos dazu gibt es hier.

FeM-Net oder andere größere LANs

Hier die Vorgehensweise wenn ihr das Gerät an einem größeren LAN wie dem FeM-Net betreiben wollt. Bitte achtet darauf das der Internet-Port(das ist der der ein Stückchen weiter weg ist on den anderen) des Linksys mit dem LAN verbunden ist. ACHTUNG wenn ihr einen anderen Port mit dem FeM-Net verbindet wird euer FeM-Net-Port deaktiviert.

Jetzt braucht ihr die MAC-Adresse des Linksys um ihn im FeM-Net freizuschalten. Das ist ganz einfach.

root@OpenWrt:~# ifconfig vlan1

vlan1     Link encap:Ethernet  HWaddr 00:14:BF:CA:FE:01

          inet6 addr: fe80::214:bfff:feca:fe01/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:0 (0.0 MiB)  TX bytes:0 (0.0 MiB)

root@OpenWrt:~#

Bei unserem Gerät wäre die MAC-Adresse “00:14:BF:CA:FE:01″.

DSL und ISP

Das ist leicht. Einfach ein paar NVRAM Variablen setzen und das DSL-Modem an den WAN-Port des Linksys stecken.

nvram set wan_ifname=ppp0

nvram set wan_proto=pppoe

nvram set ppp_idletime=10

nvram set ppp_mtu=1492

nvram set ppp_passwd=

nvram set ppp_redialperiod=15

nvram set ppp_username=

nvram set pppoe_ifname=vlan1

nvram commit

Wenn du fertig bist schalte das WAN-Interface ein mit:

ifup wan

SOFTWAREPAKETE NACHINSTALLIEREN

Jetzt machen wir erstmal ein Update der Softwarepakete. Wir stellen eine Packet-Sammlung bereit um sicherzustellen das alles genauso funktioniert wie wir es beschrieben haben. Das heißt aber nicht das diese Howto auch nicht mit späteren Versionen funktionieren wird.

root@OpenWrt:~# cp /etc/ipkg.conf /etc/ipkg.conf.old

root@OpenWrt:~# vi /etc/ipkg.conf

* Taste “i” drücken (Insert-Modus)

* nun die folgenden Einträge ändern

von

src whiterussian http://downloads.openwrt.org/whiterussian/packages

src non-free http://downloads.openwrt.org/whiterussian/packages/non-free

nach

src whiterussian http://www.technology-ninja.com/whiterussian/packages

src non-free http://www.technology-ninja.com/whiterussian/packages/non-free

den Rest lassen wir einfach so

* Taste “Esc” drücken (Kommando-Modus)

:wq

root@OpenWrt:~# 

Jetzt kann man mit einem ipkg update die Paket-Informationen holen.

root@OpenWrt:~# ipkg update

Downloading

http://www.technology-ninja.com/whiterussian/packages/Packages …

Connecting to www.technology-ninja.com[141.24.190.9]:80

Packages             100% |******************************************|

   121 KB    00:00 ETA

Done.

Updated list of available packages in /usr/lib/ipkg/lists/whiterussian

Downloading

http://www.technology-ninja.com/whiterussian/packages/non-free/Packages …

Connecting to www.technology-ninja.com[141.24.190.9]:80

Packages             100% |******************************************|

   568       00:00 ETA

Done.

Updated list of available packages in /usr/lib/ipkg/lists/non-free

INSTALLIEREN DES NTP-CLIENT

Dieser Schritt ist wichtig da ihr mit diesem Tool den Linksys mit der Zeit im Internet syncronisieren müsst. Der Linksys besitzt keine Pufferbatterie und kann seine Zeit nicht zwischenspeichern. Die Zeit wird aber unbediengt gebraucht damit die PKI(das mit OpenSSL erstellte Zeug) funktioniert.

root@OpenWrt:~# ipkg install ntpclient

Downloading http://www.technology-ninja.com/whiterussian/packages/
ntpclient_2003_194-2_mipsel.ipk …

Connecting to www.technology-ninja.com[141.24.190.9]:80

ntpclient_2003_194-2 100% |*******************************************|
  9555       00:00 ETA

Done.

Unpacking ntpclient…Done.

Configuring ntpclient…Done.

root@OpenWrt:~#

Nun schnell die Zeit syncen.

root@OpenWrt:~# ntpclient -h timesrv1.tu-ilmenau.de -s

Ggf. kann hier statt timesrv1.tu-ilmenau.de ein beliebig anderer Zeitserver verwendet werden.

Und ein Startscript welches beim einschalten des Linksys die aktuelle Zeit aus dem Internet holt.

root@OpenWrt:~# echo “#!/bin/ash” >/etc/init.d/S70ntp

root@OpenWrt:~# echo “ntpclient -h timesrv1.tu-ilmenau.de -s” >>/etc/init.d/S70ntp

root@OpenWrt:~# chmod a+x /etc/init.d/S70ntp

Geschaft, nun haben wir, so Gott will, immer die richtige Uhrzeit auf unserem Linksys.

DIE PROPRIETÄREN TOOLS

Installation der propritären Tools. Auch wenn es nicht schön ist, diesen Schritt kannst Du nicht überspringen. Der propritäre NAS und die WL-tools müssen nachinstalliert werden.

root@OpenWrt:~# ipkg install nas

Downloading http://www.technology-ninja.com/whiterussian/packages/non-free/
nas_3.90.37-16_mipsel.ipk …

Connecting to www.technology-ninja.com[141.24.190.9]:80

nas_3.90.37-16_mipse 100% |******************************************|
 75771       00:00 ETA

Done.

Unpacking nas…Done.

Configuring nas…Done.

root@OpenWrt:~# ipkg install wl
Downloading http://www.technology-ninja.com/whiterussian/packages/non-free/
wl_3.90.37-1_mipsel.ipk …

Connecting to www.technology-ninja.com[141.24.190.9]:80

wl_3.90.37-1_mipsel. 100% |******************************************|
 40906       00:00 ETA

Done.

Unpacking wl…Done.

Configuring wl…Done.

root@OpenWrt:~#

Der NAS wird benötigt um die Kommunikation zwischen WLAN-Device des Linksys und dem Radius-Server. Die WL-Tools werden benötigt um alle Funktionen des propritären WLAN-Treibers zu nutzen.

OPENSSL

Mit OpenSSL wird nun eine Root-CA erstellt. Dies bietet die Möglichkeit dynamisch Zertifikate an beliebige Personen zu verteilen ohne das ihr euch kompliziert Pre-Shared-Keys zuflüstern müsst. Außerdem kann man Zertifikate zurückziehen wenn man jemanden nicht mehr leiden kann. Das ist besonders in größeren Infrastrukturen sehr sinnvoll. Installiert euch openssl-utils auf eurem, mittlerweile liebgewonnen, Linksys. Im übrigen ist es ratsam die Root-CA auf einem anderen PC zu erstellen. Hier der Einfachheit-wegen direkt auf dem Linksys.

root@OpenWrt:~# ipkg install openssl-util

Legt euch ein Verzeichnis an in dem die Root-CA gespeichert wird.

root@OpenWrt:~# cd /usr/share/

root@OpenWrt:/usr/share/CA# mkdir CA

root@OpenWrt:/usr/share/CA# cd CA

OpenSSL brauch ein paar Verzeichnisse, in dem es seinen sinnlosen Mist ablegen kann.

root@OpenWrt:/usr/share/CA# mkdir certs crl newcerts private users

Erstelle die Seriennummer und die Indexdatei für die Root-CA.

root@OpenWrt:/usr/share/CA# echo “01″ > serial

root@OpenWrt:/usr/share/CA# cp /dev/null index.txt

root@OpenWrt:/usr/share/CA# cp /etc/ssl/openssl.cnf .

Mach eine Kopie der Orginal OpenSSL-Konfig-Datei und ändere es wie Du es benötigst.

root@OpenWrt:/usr/share/CA# vi openssl.cnf

* Taste “i” drücken (Insert-Mode)

* mit den Pfeiltasten nach unten scrollen bis zum Feld [ CA_default ]

* den Parameter

dir = ./demoCA

* tauschen gegen

dir = ./

* Dann die beliebigen Anpassungen machen

* Taste “ESC” drücken (Kommando-Modus)

:wq

root@OpenWrt:/usr/share/CA# 

Für die Client Zertifikate benötigt man spezielle Windows XP Extensions. Dazu legen wir eine neue Datei mit dem Namen xpextensions an.

root@OpenWrt:/usr/share/CA# vi xpextensions

* Taste “i” drücken (Insert-Mode)

Die Zeilen hinzufügen

[ xpclient_ext ]

extendedKeyUsage = 1.3.6.1.5.5.7.3.2

[ xpserver_ext ]

extendedKeyUsage = 1.3.6.1.5.5.7.3.1

* Taste “ESC” drücken (Kommando-Modus)

:wq

root@OpenWrt:/usr/share/CA#

GENERIEREN DES ROOT-CA-ZERTIFIKATS

Sie ist 1095 Tage gültig. Das kann natürlich nach belieben angepasst werden in dem man die Zahl nach der Option -days verändert.

root@OpenWrt:/usr/share/CA# openssl req -new -x509 \

-keyout private/cakey.pem -out cacert.pem -days 1095 -config openssl.cnf

Generating a 1024 bit RSA private key

………………………………………………..++++++

…………++++++

writing new private key to ‘private/cakey.pem’

Enter PEM pass phrase: “Das_Root-CA_Passwort”

Verifying – Enter PEM pass phrase: “Das_Root-CA_Passwort”

—–

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [AU]:DE

State or Province Name (full name) [Some-State]:Thueringen

Locality Name (eg, city) []:Ilmenau

Organization Name (eg, company) [Internet Widgits Pty Ltd]:FeM e.V.

Organizational Unit Name (eg, section) []:Technik

Common Name (eg, YOUR name) []:Cosrahn

Email Address []:somemailadress

root@OpenWrt:/usr/share/CA#

Tipp: Merkt euch das Passwort. Und dieses sollte niemals in falsche Hände geraten.

root@OpenWrt:/usr/share/CA# openssl pkcs12 -export -in cacert.pem -inkey private/cakey.pem \
-out caroot.p12  -cacerts -descert

Enter pass phrase for private/cakey.pem: “Das_Root-CA_Passwort”

Enter Export Password: “caroot_p12_Passwort” (kann auch leer sein)

Verifying – Enter Export Password: “caroot_p12_Passwort” (kann auch leer sein)

root@OpenWrt:/usr/share/CA# openssl pkcs12 -in caroot.p12 -out caroot.pem

Enter Import Password: “caroot_p12_Passwort”

MAC verified OK

Enter PEM pass phrase: “caroot_pem_Passwort”

Verifying – Enter PEM pass phrase: “caroot_pem_Passwort”

root@OpenWrt:/usr/share/CA#

Und für Windows.

root@OpenWrt:/usr/share/CA# openssl x509 -in cacert.pem \

-inform PEM -out cacert.der -outform DER

RADIUS SERVER ZERTIFIKAT REQUEST

root@OpenWrt:/usr/share/CA# openssl req -nodes -new -x509 -keyout radius-req.pem \
-out radius-req.pem -days 730 -config openssl.cnf

Generating a 1024 bit RSA private key

…++++++

…++++++

writing new private key to ‘radius-req.pem’

—–

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [AU]:DE

State or Province Name (full name) [Some-State]:Thueringen

Locality Name (eg, city) []:Ilmenau

Organization Name (eg, company) [Internet Widgits Pty Ltd]:FeM e.V.

Organizational Unit Name (eg, section) []:Technik

Common Name (eg, YOUR name) []:Cosrahn

Email Address []:somemailaddress

root@OpenWrt:/usr/share/CA# openssl x509 -x509toreq \

-in radius-req.pem -signkey radius-req.pem -out radius-tmp.pem

Getting request Private Key

Generating certificate request

root@OpenWrt:/usr/share/CA#

Zertifizieren des Request Bitte achte hier auf die Reihenfolge “-infiles radius-tmp.pem” ist die letzte Option in der Kommandozeile.

root@OpenWrt:/usr/share/CA# openssl ca -config openssl.cnf \

-policy policy_anything -out radius-cert.pem -extensions xpserver_ext \

-extfile xpextensions -infiles radius-tmp.pem

Using configuration from openssl.cnf

Enter pass phrase for /usr/share/CA/private/cakey.pem: “Das_Root-CA_Passwort”

Check that the request matches the signature

Signature ok

Certificate Details:

        Serial Number: 1 (0×1)

        Validity

            Not Before: Jan  1 05:15:35 2000 GMT

            Not After : Dec 31 05:15:35 2000 GMT

        Subject:

            countryName               = DE

            stateOrProvinceName       = Thueringen

            localityName              = Ilmenau

            organizationName          = FeM e.V.

            organizationalUnitName    = Technik

            commonName                = Cosrahn

            emailAddress              = somemailaddress

        X509v3 extensions:

            X509v3 Extended Key Usage:

                TLS Web Server Authentication

Certificate is to be certified until Dec 31 05:15:35 2000 GMT (365 days)

Sign the certificate? [y/n]:y 

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

root@OpenWrt:/usr/share/CA#

Konvertieren des Zertifikats in PKCS12-Datei damit es lesbar für Outlook; MSIE; Mozilla wird. (dieser Schritt ist nicht unbedingt nötig, da unser Radius kein PKCS12 benötigt).

openssl pkcs12 -export -in radius-cert.pem -out radius-cert.p12\-inkey radius-req.pem -descert

CLIENT ZERTIFIKAT REQUEST

Dieser Schritt muss für jeden Client wiederholt werden.

root@OpenWrt:/usr/share/CA# openssl req -nodes -new -x509\

-keyout client-req.pem -out client-req.pem -days 730 -config openssl.cnf

Generating a 1024 bit RSA private key

…….++++++

…………++++++

writing new private key to ‘client-req.pem’

—–

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [AU]:DE

State or Province Name (full name) [Some-State]:Thueringen

Locality Name (eg, city) []:Ilmenau

Organization Name (eg, company) [Internet Widgits Pty Ltd]:FeM e.V.

Organizational Unit Name (eg, section) []:Technik

Common Name (eg, YOUR name) []:Cosrahn

Email Address []:somemailAddress

root@OpenWrt:/usr/share/CA# openssl x509 -x509toreq -in client-req.pem \

-signkey client-req.pem -out client-tmp.pem

Getting request Private Key

Generating certificate request

root@OpenWrt:/usr/share/CA#

Zertifizieren der Request – Bitte achte auf die richtige Reihenfolge “-infiles client-tmp.pem” ist die letzte Option auf der Kommandozeile.

root@OpenWrt:/usr/share/CA# openssl ca -config openssl.cnf -policy policy_anything \

-out client-cert.pem -extensions xpclient_ext -extfile xpextensions \

-infiles client-tmp.pem

Using configuration from openssl.cnf

Enter pass phrase for /usr/share/CA/private/cakey.pem:

DEBUG[load_index]: unique_subject = “yes”

Check that the request matches the signature

Signature ok

Certificate Details:

        Serial Number: 2 (0×2)

        Validity

            Not Before: Jan  1 05:37:37 2000 GMT

            Not After : Dec 31 05:37:37 2000 GMT

        Subject:

            countryName               = DE

            stateOrProvinceName       = Thueringen

            localityName              = Ilmenau

            organizationName          = FeM e.V.

            organizationalUnitName    = Technik

            commonName                = Cosrahn

            emailAddress              = somemailAddress

        X509v3 extensions:

            X509v3 Extended Key Usage:

                TLS Web Client Authentication

Certificate is to be certified until Dec 31 05:37:37 2000 GMT (365 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

root@OpenWrt:/usr/share/CA#

Konvertieren des Zertifikat in PKCS12-Datei (Outlook; MSIE; Mozilla).

openssl pkcs12 -export -in client-cert.pem -out client-cert.p12 \

-inkey client-req.pem -descert

Um grössere Sauerein zu vermeiden hab ich den obigen Teil zu einem kleinen Script zusammen gefasst. Dieses kleine Script hilft beim erstellen eines neuen Clients. Man findet die erstellten Zertifikate in /usr/share/CA/users/[clientname].

Hier das Skript: mkclient.sh.zip (,43 KB)

Man kann nun zB. einfach mit:

root@OpenWrt:/usr/share/CA# ./mkclient.sh Paul

ein Zertifikat für den User “Paul” erstellen.

SONSTIGE DATEIEN

Um den Verschlüsselungsspass komplett zu machen brauchen wir noch eine random-Datei und eine Diffi-Hellmann-Parameter Datei. Dazu gehen wir wie folgt vor.

root@OpenWrt:/usr/share/CA# openssl dhparam -out dh1024.pem 1024

Generating DH parameters, 1024 bit long safe prime, generator 2

This is going to take a long time

…………………………………………..

…………..+……………………………..

+………………………………….+……..

……….+…………….+………………….

…………..+……………………………..

…………………………………………..

…………………………………………..

+….+………….+………………………++*

++*++*

root@OpenWrt:/usr/share/CA# dd if=/dev/urandom of=random bs=1k count=1

WAS HABEN WIR JETZT ALLES?

Wir haben jetzt viele Dateien generiert aber welche ist jetzt wozu da? Also werden wir das jetzt mal aufdröseln.

radius-req.pem – der Key
radius-cert.pem – das Zertifikat
cacert.pem und cacert.der – das CA-Zertifikat
dh1024.pem – das DH Parameter
random – beinhaltet einfach nur zufällige Daten

WELCHE DATEI GEHÖRT WOHIN?

Der Client:

Linux
/usr/share/CA/client-cert.pem
/usr/share/CA/client-req.pem
/usr/share/CA/cacert.pem
Windows
/usr/share/CA/client.p12
/usr/share/CA/cacert.der
diese Dateien müssen auf den Rechner der sich in das WLAN einloggen will.

Die Dateien für den Radius behandeln wir später.

RADIUS SERVER

Nach dem wir das geschaft haben, können wir mit dem Radius-Server weiter machen. Wenn Du schon einen funktionierenden Radius-Server in deinem Netz benutzt, kannst Du diesen Schritt überspringen. Um den FreeRadius-Server zu installieren geht man wie folgt vor:

root@OpenWrt:~# ipkg install freeradius

…

root@OpenWrt:~# ipkg install freeradius-utils

…

root@OpenWrt:~# ipkg install freeradius-mod-eap

…

root@OpenWrt:~# ipkg install freeradius-mod-eap-md5

…

root@OpenWrt:~# ipkg install freeradius-mod-eap-peap

…

root@OpenWrt:~# ipkg install freeradius-mod-eap-tls

…

root@OpenWrt:~# ipkg install freeradius-mod-eap-ttls

…

root@OpenWrt:~# ipkg install freeradius-mod-files

…

root@OpenWrt:~# ipkg install freeradius-mod-pap

…

root@OpenWrt:~#

Bitte achte darauf dass du kein Paket vergesst.

Damit der RADIUS auch nach einem reboot zur richtigen Zeit startet, muss das Startscript noch umbenannt werden.

mv /etc/init.d/radiusd /etc/init.d/S41radiusd

Dann die erstellten OpenSSL-Zertifikate kopieren.

mkdir /etc/freeradius/ca

cp /usr/share/CA/cacert.pem /etc/freeradius/ca

cp /usr/share/CA/radius-req.pem  /etc/freeradius/ca

cp /usr/share/CA/radius-cert.pem /etc/freeradius/ca

cp /usr/share/CA/dh1024.pem /etc/freeradius/ca/

cp /usr/share/CA/random /etc/freeradius/ca/

Die wichtigen Dateien für die Radius Konfiguration sind

• clients.conf
  
• eap.conf
  
• radiusd.conf
  
• users

CLIENT.CONF

client 127.0.0.1 {

       secret          = Das_RADIUS_Passwort

       shortname       = localhost

       nastype         = other

}

EAP.CONF

Download

802.1x AKTIVIEREN

Nun wollen wir einfach mal unsere 802.1X Umgebung aktivieren.

root@OpenWrt:~# nvram set wl0_akm=wpa wpa2

root@OpenWrt:~# nvram set wl0_auth_mode=radius

root@OpenWrt:~# nvram set wl0_crypto=aes+tkip

root@OpenWrt:~# nvram set wl0_radius_ipaddr=127.0.0.1

root@OpenWrt:~# nvram set wl0_radius_key=Das_RADIUS_Passwort

root@OpenWrt:~# nvram set wl0_radius_port=1812

root@OpenWrt:~# nvram set wl0_ssid=My_8021X_Network

root@OpenWrt:~# nvram set wan_hostname=My_8021X_Gateway

root@OpenWrt:~# nvram set wl0_wep=aes+tkip

root@OpenWrt:~# nvram commit

Nun sollte nach einem Reboot der Zauber beginnen. Viel Spass!

MEHR SOFTWARE

ipkg install wireless-tools

ipkg install webif

LINKS

WPA2 Enterprise-Howto http://wiki.openwrt.org/OpenWrtDocs/Wpa2Enterprise
NAS-Howto http://wiki.openwrt.org/OpenWrtDocs/nas
OpenWRT Konfig Hilfen http://wiki.openwrt.org/OpenWrtDocs/Configuration
OpenSSL PKCS12 http://www.openssl.org/docs/apps/pkcs12.html
OpenSSL X509 http://www.openssl.org/docs/apps/x509.html
FeM-Wiki https://info.fem.tu-ilmenau.de/wiki/index.php/Sicheres_WLAN_mit_einem_Linksys

After Chris recommended the kororaa live cd for my XGL testing questions I downloaded kororaa today and tried it.

This is EXACTLY what I hoped to see. A flawlessly booting live cd and a hyper performant graphical user interface that really really works.

All those graphical gimmicks and gadgets are eye candy – but not only. I think that just because you don’t have to stare at the screen to see how your windows are drawn is a giant leap in comfort and usability.

click on the picture to see it moving…

So far it’s a nice technology demonstration that worked just out of the box. Great!

Oh one question to the linux knowing guys: Can anyone tell me how to capture movies off the screen? Is there a tool that can do that?

Source 1: recommendation
Source 2: http://kororaa.org/

There is this XGL stuff which hardware accelerates the linux desktop – but since there are many movies that show the magnificence of this there is actually no real way to try it for ourselves – except when we would compile it ourselves… and that’s,…. well no solution at all.

So – I am searching for a not-too-much-pain bringing way of trying this XGL stuff…

Source: http://en.wikipedia.org/wiki/Xgl

Since there is the free VMware Player that allows you to run virtual machines for free on Windows and Linux there is now a ready-to-go Browser Appliance Virtual Machine based on Ubuntu Linux and Firefox:

“The Browser Appliance is a free virtual machine that allows users to securely browse the Internet using Mozilla Firefox.”

The most interesting thing about that is not the pre-installed Linux or Firefox – it’s the idea of making pre-installed available and usable for free. What if we just had something like that for Virtual PC and Windows… what would the impact of that be: giving thousands and thousands of software developers the opportunity to show and demo their products in the wild…

Source: VMware Browser Applicance Virtual Machine

Since I am quite frequently working on my Mac via ssh I was in desperate need for a tool to monitor the input/output network traffic. I normally don’t need something like ethereal or tcpdump – I just need something that displays a graph and simple traffic statistics and last but not least updates itself frequently. So netstat is not usable for that purpose because it’s not the most concise tool I know. So ethereal and tcpdump are usually used for different purposes like traffic sniffing and dumping – So ahzf gave me the hint to look for something called “darkstat” – And yes: it’s a really useful tool.

Darkstat runs on the host system and monitors the network interfaces. It also incorporates a webserver which allows you to take a look at the statistics.

Darkstats main start-page looks like this:

It’s a great tool that displays more detailed information when you click on the links in the menu bar. If you’re searching for a great network tool for your unix/mac – go for darkstat!

I have to mention that darkstat is no longer under active development – sad but true.

Source: http://dmr.ath.cx/net/darkstat/

Well – Silence was around the guys who made Winamp after they played a bit with AOL. But here they are – back with another media player: Songbird will face the light in a first preview version in december.

I think that these guys will face serious threat from apple. From my standpoint it’s clearly an iTunes clone…wether the guys are telling different…

Source: http://www.songbirdnest.com/

The linux guys are making progress in porting Linux to the current HTC devices. Apparently they mark their current version of linux for the Blueangel as “not ready for the user” – but it runs and it does make progress.

My experience with linux on such PocketPC / Windows Mobile devices is that you can do all the neat things you can do with your linux pc – when enough space is available – but you can’t do all the neat things you normally do with such a devices like managing appointments, send/receive SMS, place calls… and so on.

At the moment you simply render your device into a brick with linux on it – but time will tell if and when that will change.

Source: http://www.handhelds.org/moin/moin.cgi/BlueAngel

Florian is working on a XEN setup for our new web hosting machine. It’s a Dell PowerEdge 1850 machine with enough RAM for the four instances…more on that when it’s running productive…

Source: http://www.xensource.com

This time we got a Software RAID6 Volume with 6 drives which made a volume size of 1953584325 sectors = 953899 Megabyte. This Volume is exported with the iSCSI Enterprise Target Software for Linux.

Aparently it’s a bit faster than the Software RAID5 – which is quite interesting because we expected it to be much slower (more work for the CPU).

Interface-Transferrate with a blocksize of 128 sectors at 0.0 percent of the capacity:

sequential read rate medium (unthrottled): 63045 Kilobyte/s
sequential read rate Read-Ahead (Latency 1.15 ms): 66480 Kilobyte/s
repeatedly sequential read (“coretest”): 54418 Kilobyte/s

permanent transfer rate: (blocksize: 128 sectors):
read:

• Average: 51447.9 Kilobyte/s
  
• Minimum: 49329.7 Kilobyte/s
  
• Maximum: 71003.1 Kilobyte/s

write:

• Average: 11671.8 Kilobyte/s
  
• Minimum: 10575.1 Kilobyte/s
  
• Maximum: 12278.3 Kilobyte/s

access time read:

• Average: 14.47 ms
  
• Minimum: 0.21 ms
  
• Maximum: 28.01 ms

access time write:

• Average: 37.96 ms
  
• Minimum: 9.89 ms
  
• Maximum: 100.16 ms

access time read (<504 MByte):

• Average: 6.21 ms
  
• Minimum: 0.12 ms
  
• Maximum: 19.65 ms

access time write (<504 MByte):

• Average: 15.16 ms
  
• Minimum: 0.38 ms
  
• Maximum: 33.09 ms

we also don’t know what the peaks are…they just show up even after several tests…

If you don’t know who Eric S. Raymond is then inform youself dude! If you know already then continue reading:

So some days ago there was a little…let’s call it “incident”. Some recruiting guy – Mike Walters, CST Senior Recruiter to be precise – sent a mail to Eric S. Raymond. A mail in which he tried to recruit Eric S. Raymond as a potential contributer at Microsoft.

So, despite the fact that Eric S. Raymond tries hard to be “Craig Mundies worst nightmage” he is maybe one of the topmost active opensource maintainers in the world. That’s one guy that takes this whole opensource-thingie serious! What might Mike Walters have thought when he got Eric S. Raymonds answer:

“On the day *I* go to work for Microsoft, faint oinking sounds will be heard from far overhead, the moon will not merely turn blue but develop polkadots, and hell will freeze over so solid the brimstone will go superconductive.”

Maybe he thought: DOH! I need a new job. Actually he said mea culpa.

BTW: Eric S. Raymond DOES look a bit scary, doesn’t he?

Source 1: Who’s this Eric S. Raymond?
Source 2: We He wanted to recruit him. Doh!
Source 3: mea culpa