• 
  

• Categories

  • + Blogging(7)
    • Abstruse Goose Comics
    • Blogging again
    • Markdown, Textmate and Wordpress
    • Wordpress installation tips
    • Update: My first Digg submission
    • RSA SecurID 7.1 on Red Hat Enterprise 4
    • Wet Floor
  • + Security(1)
    • TextMate Blog Bundle behind a proxy
  • + Geek(3)
    • iPhone 3G in Belgium: 11-7-2008
    • Blogging from my iPhone
    • TextMate Blog Bundle behind a proxy
  • + Philosophy(2)
    • Brains and Humanity
    • Too busy? Sure...
  • + Movies(2)
    • The new Hulk movie
    • Update: The Dark Knight coming to an Belgium IMAX screen?
  • + Food(2)
    • + Bad restaurants (1)
      • Kanodou Brussels
    • + Recipes (1)
      • Awesome Garlic Butter
  • + Technology(8)
    • + Mac (2)
      • iTunes Syncing with TuneRanger
      • TextMate Blog Bundle behind a proxy
    • + Networking (3)
      • iTunes Syncing with TuneRanger
      • Mac OS X Leopard and VLAN (dot1q) trunking
      • TextMate Blog Bundle behind a proxy
    • iPhone 3G in Belgium: 11-7-2008
    • Blogging from my iPhone
  • + Politics(1)
    • Fox Propaganda

• Archives

  • July 2008
  • June 2008

• Meta

  • Register
  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

• Recent Posts

  • Wet Floor
  • TextMate Blog Bundle behind a proxy
  • Blogging from my iPhone
  • RSA SecurID 7.1 on Red Hat Enterprise 4
  • Update: The Dark Knight coming to an Belgium IMAX screen?

• Blogroll

  • Abstruse Goose
  • Copy and Paste
  • Littlebighuman on Digg.com

• wordpress mobistar belgium recipe apple Food brussel belgie iphone garlic koppelverkoop butter

Today I had to go to a clients office in Brussels. Outside they had the following Wet Floor sign:

At some of my clients sites I use a SSH port forward to a Squid proxy running on my own server (which is connected to the Net). This way applications can use this proxy by connecting to localhost on TCP port 3128. The Squid proxy supports a bunch of protocols like http, https and ftp.

On my Mac I then use Locations to configure Proxy settings per, well, location

I use the excellent TextMate Blogging Bundle to blog, but TextMate isn’t aware of the global proxy settings in OS X, nor does it seem to pickup on the http_proxy and https_proxy variables I’ve but in my bash profile. So after some googling I’ve found the following:

• Go to TextMate, Preference, Advanced, Shell Variables.
• Now add the following variable: TM_HTTP_PROXY with the value PROXY:PORT, so for me that’s localhost:3128.

By the way, using SSH also protects against someone eavesdropping for your blogs password. I’m currently setting up HTTPS for my blog in cases where I cannot use SSH for some reason (since my SSH daemon listens on port 443, this doesn’t often happen). I’ll test if we can use something like TM_HTTPS_PROXY.

Sooo, my first post from my iPhone (1st gen, jailbraked/unlocked, 2.0 OS). I’m officially a douchebag now

I’ve been working on a remote access (SSL) project where I am going to use RSA SecurID and RSA hardware tokens for strong authentication. Pretty standard stuff, except for the fact that these new 7.x SecurID releases are totally different from the previous versions I worked with (5.x, 6.x). I’m going to list some stuff I came across that might be helpful for anyone thinking about implementing it or currently working on it.

My OS is Red Hat Enterprise 4, 64-bit

• If you are using a 64-bit install, you can’t use the built-in RADIUS-server. I guess they don’t have a 64-bit binary
• You can’t edit sdconf.rec anymore. You can only generate a new one for which you can specify retries and timeouts, and indirectly listening ports, but not IP-addresses
• You can’t really use two network interfaces to separate traffic to the web-based authentication manager (TCP 7002) and the authentication agent (UDP 5500). The authentication manager will bind to the IP-address/hostname the SecurID server is installed on, and the authentication agent will listen on all IP-addresses. The authentication agent will always “answer” connections to the IP-address the server is running on and on any sub-IP that can be configured in the authentication manager. I know… it sounds a bit confusing, but it comes down to that the authentication manager and the authentication agent will always listen (and answer) on the one IP the server is running on. I couldn’t find a way to install both daemons on a different IP. The problem as well is that although you can specify sub-IP’s which might be a workable solution in certain scenario’s, the original IP is configured as the first IP in sdconf.rec, meaning that you will have to wait for a timeout before the sub-IP is tried by the client trying to authenticate against the SecurID server. If anyone has any idea’s how to pull this off let me know
• You can use the tool rsautil with the option update-instance-node to change the SecurID’s IP and hostname if you change any of these on the server. However I had mixed results with this tool. For instance, tt seems to have a bug if your domain-names contain a “-”. When I tried to change name.server.com into name-eth0.server.com, after a number of times I ended up with name-eth0-eth0-eth-eth0.server.com. Furthermore it seems that the tool does some simple find and replace of value’s in the RSA config-files, which is a pain sometimes, because you always have to supply the “old” value first.

I’ll post more information online while I’m working on this. I’m also working on a guide for setting up a Juniper SA (2000 and up) version 6.2 with RSA SecurID 7.1.

Update:

I send a email to www.kinepolis.be, asking if they were going to show Batman in IMAX. Their answer (translated from Dutch):

Sorry, we haven’t been showing movies in our IMAX screen.

Damn, so they actually have a IMAX screen, but they stopped using it. How sad is that? I replied to them that this might be a great opportunity to promote IMAX. I realize that it is probably too late, but still, no harm in trying Looks like I really have to travel to Amsterdam to watch it in IMAX. Who’s up for it?

Update 2:

Talked to a friend and it looks like we are going to London to watch The Dark Knight. Sweet!

Update 3:

Check it out this short Youtube clip showing The Dark Knight IMAX featurette. I didn’t embed it on purpose btw.

The new Batman movie, The Dark Knight (official site, IMDB.com) is released in theaters this month.

The cool thing is that it’s shot in the IMAX format. Know I’ve been really waiting for this movie to come out and I definitly want to watch it in IMAX, but I’m not sure it’s showing in IMAX in Belgium.

I think Kinepolis Brussels has IMAX capabilities, but I’m not sure. I loved watching Beowulf 3D in Kinepolis Leuven btw and I’m generally very satifisfied with the Kinepolis movie experience. Which is generally a lot better then the Dutch Pathe theaters.

Does anyone know?

There is a US/CANADA list of IMAX theaters that show the movie.

I might just have to watch it in Amsterdam at the Pathe theater.

Amazing to see an actual real life propaganda machine at work in the States; the Fox “news” Network

I got an email from Mobistar, which announces the iPhone for Belgium Unfortunately they don’t mention a date in the mail yet. They actually seem to use not-mentioning-a-date as a marketing strategy. Brilliant stuff.

On the site that comes with the mail they finally give you the actual date 11-7-2007. Sweet.

I’m probably going to get one. But the price is a bit steep at 525 euro (update: this is for the 8GB version). You have to understand that phone companies can’t subsidize your phone in Belgium. Well they can, but they cannot put a SIM-lock on it. Long story about some ancient law trying to protect customers for bundles sales. I’ll get into that in a future post.

Anyway I registred for the introduction party. I’m such a fanboy, yuck.

Now, who wants to buy my iPhone EDGE?

== Update

So the black one is 8 GB and costs 525 euro The white one is 16 GB and costs 615 euro

Damn, the data-plans aren’t really impressive are BAD:

Read more

Update:

Someone else posted the same comic and got 1500+ Diggs, while I was stuck at 3. I guess I don’t have enough Digg buddies. http://digg.com/comedy/WereScientists

Check it out: http://digg.com/comicsanimation/AbstruseGooseComicScienceJehovahs

The problem is that I don’t know anyone that actually has a Digg account, besides myself. I have fake geek friends

Anyway, the comic is funny as hell

A lot of people are really busy, some seem always busy. I noticed I get annoyed sometimes when I try to plan something with a person, but can’t get a date and/or dates get cancelled because he or she is busy repeatedly. I have a very busy life myself, but me and my wife always seem to be more flexible then others. I guess that’s mostly because my point of view

We have two kids, I’m a freelance IT contractor doing <strike>seventy</strike>60+ hours a week, and all are relatives life in another country. It’s true that you never know what is going on in someone’s life and shouldn’t compare. But then again over a period of a couple of years you start to see trends in peoples behavior.

I gave this problem a little thought while I was taking a shower. Basically I came up with:

Too busy means: I'm investing my time in something else that (to me) has a higher priority then you.

Nothing wrong with that. Makes sense. If we continue with this then:

Too busy, a lot of times means: a lot of stuff in my life has a higher priority then you.

Since it’s not unusual for people to actually be busy with stuff that has legitimately a higher priority in their life then me (go figure), I wouldn’t suggest to dramatically cut too busy people out of your life or start a emotionally argument with them regarding the subject . However I do think that when a person is too busy, a lot of times and nothing really serious is going on in their life (sickness, etc), they are not that interested in you (or your family). The whole too busy stuff is just a symptom.

So my approach now is that I basically leave them alone. I’ll be friendly to to them. Life is too short and such. You can’t really maintain hundreds of relationships anyway and everybody is different. Their will be plenty of other opportunities in the future, which might not be taken advantage of, which is sad and beautiful because it’s just the way life is isn’t it?

This recipe is partly based on a herb-butter recipe in a Steak House that me and my friends regularly visited when we were 16 - 20 year old. Not just for the food, but also for the company of the owner who was a friend of hours. The Steak House was called Torado and it was located in a town called Emmen in The Netherlands. The owner also sponsered our Dojo and the first cage fight ever in The Netherlands. Those were the days . The main thing I took from their recipe was the use of lemon juice.

This will taste great on most kinds of bread and toast. It’s awesome on a slice of grilled French bread or on steak. Eat it with big shrimps or rub a whole chicken in with this stuff and oven roast it.

The big secret is not so much the butter, although I advise to use real (unsalted) butter, but the use of fresh herbs combined with lemon and the freshly ground pepper. Using store-bought pre-ground pepper and/or dried parsley/celery and/or bottled lemon/lime juice will kill this recipe. So don’t use them. If you plan to… well it’s just bad karma, that’s all

Read more

I find these really funny: http://abstrusegoose.com/. Check out this one about dual-booting Ubuntu.

So I went to see the new Hulk movie last monday called The Incredible Hulk.. Based on the imdb.com ratings, it should be a lot better then the “other” Hulk movie made by Ang Lee a couple of years ago. For you who don’t know, the two movies are not related at all.

Although Ang Lee’s movies certainly has his weak spots and is far from perfect (mutant dogs anyone?) , I liked the whole idea of the movie and I actually loved many parts of it. Without wanting to sound like a movie snob, it does have many layers. The new Hulk movie, the Incredible Hulk, is just an action movie. Period. It’s not bad, but it’s not good either. It’s a popcorn flick.

Since many reviews of both movies and even a bunch of “versus” articles can already be found I only wanted to focus on two things that I want to point out: CGI and Comic Hulk versus TV Hulk.

Read more

Very interesting vid from www.ted.com:

Last week a colleague took us out to dinner to a restaurant in Brussels called Kanodou. He’s a great guy, it’s not his fault he is from South Africa . Anyway, the restaurant is decorated beautifully and has nice terraces at the back, which was great considering the sunny weather. The toilets were very basic and didn’t look all that clean though.

They have a small menu with about average prices for their location. Nothing wrong with that, actually I usually consider it a good sign. Big complicated menu’s with a bunch of different cuisine’s are usually a sign of mediocrity at best.

Unfortunately I noticed something else as well.

Read more

In my house we have one iPod, one iPhone, an AppleTV and two Macs with iTunes libraries. I have been using Rsync and Unison in the past to sync these libraries. Although I scripted parts of the process, it was still very vulnerable to things like syncing the iPod with the wrong Mac. The biggest problem is the “iTunes Music Library.xml” for which I didn’t have any intelligent merging solution. There is enough said about this on the Internetz, so I won’t go into that now. Anyway managing my families ~40 gig music collection was taking too much time so I looked for a new solution and I found something called [TuneRanger][].

You can download a trial version, which let’s you register for a trial license. It has a bunch of features like:

• syncing from any disk enabled iPod (which means no iPhone support btw) to your Mac
• syncing from Mac to and from Windows (which requires a Mac and a second Windows license, which can be bought for a discount)
• has some nice music Library tools
• etc.

I was more interested in syncing over the network between my Macbook Pro and my wife’s iMac. The TuneRanger.app is basically a hybrid client/server program. So you install it on both machines, which both can act as a client or server. You can select any of the machines that has TuneRanger installed to start the sync. TuneRanger autodiscovers any other TuneRanger.apps running on the subnet (it probably uses Bonjour for this). Btw, you can change the server listening port from it’s default TCP:10564.

Read more

So I had to configure a bunch of Cisco switches, routers, Juniper firewalls, a Juniper, SSL-gateways and some Unix servers running Radius and RSA SecurID. Pretty hands-on stuff which I don’t get to do much anymore (at work), but it was a nice change of pace. But I’m digressing.

Anyway, I was getting tired of re-configuring my Macbooks network settings everytime I had to be in a different subnet. I secured everything pretty tight, nicely separated in separate Juniper FW security zones, VLAN’s, hardened configurations etc., but of course this also makes hard to configure and test the stuff.

Although location based network profiles helps a lot, I still missed a second interface. To solve this I bought the Macbook Airs USB Ethernet adapter, which btw works perfectly on my Macbook Pro, but I’ll post about that tomorrow.

So I run my SSH -p 443 -L port-forwarding scripts plus NAT-ing (for my mail-servers) via the USB-interface so I have full Internet through my clients Firewall via my own Squid proxy. This way I can still google and download updates. This keeps my built-in ethernet interface free for configuring the rack.

The best thing however is that you can use VLAN 802.1q trunking or tagging, whatever you want to call it, on my built-in ethernet-port! So I just configured all the VLANs I needed, configured the correct subnets on it and of you go.

Please note however that you will need to make sure your routing is setup correctly. The easiest thing to do is to only configure a default gateway on the Internet facing interface and setup static routing for the VLAN interfaces.

See below for how to configure the VLANs (quite simple really)

Read more

I had a hard time (google time) to figure out how to use Markdown with Textmate to post to my Wordpress blog. Turns out you have to install the Markdown plugin for Wordpress.

FM

So I just went through the quick 5 min installation steps on the Wordpress site. Some of the stuff I did concerning file permissions might help you, so I listed them below. Most of it is pretty obvious

1. Wget Wordpress directly to my server.
2. Unzip in the dir I want Wordpress to be.
3. From the root of the install dir do: chown -R whateveruser:whatevergroup
4. From the root of the install dir do: chmod -R 644 *
5. And then fix the rights on the directories with: find . -type d -exec chmod 755 {} \;

So, for about the I-don’t-know-how-many times in a couple of years, I installed Wordpress to start blogging again. My last attempt at blogging was semi-successful. But after a broken down Powerbook I stopped and didn’t start again. This was last year.

Now I find myself having figured out how to do some stuff and not having a place to put this information. So that’s probably going to be the main content. It’s likely that the content won’t be of high editorial quality (does that sentence make sense? It’s not my native language you know). I have to write too many user manuals and the like during my day job

Anyway I discovered blogging through Textmate, which seems to be awesome and will likely increase my no. of posts per.. uhm month.

Hope someone out there can use some of the stuff I put on here.