You'll have to wait for the Apes to happen
They keep some noise
The evening has no eyes
Nothing undoing the drawers in the middle of this s*** shoe box
I think that, somewhere on the Internet, a microcontroller is crying.
Sunday, October 21, 2012
Google Voice Poetry
The coolest feature about the Android is its excellent voice recognition capabilities. I like to send it difficult or unintelligible syntax, and I appreciate how the software seems to understand part-of-speech and grammar so well that it makes complete sentences out of what I dictate:
I think that, somewhere on the Internet, a microcontroller is crying.
I think that, somewhere on the Internet, a microcontroller is crying.
Product review: Republic Wireless Defy XT 557
I admit: I'm a luddite. Although I worked as a mobile software developer for several years, I'm one of the last to acquire a smart phone. But now, I am the owner of a Motorola Defy XT, thanks to Republic Wireless. I guess that it's about time that I joined 2010 (my previous phone is a Verizon Samsung SCH-U620).
I can do everything that I can do on the smartphone better on my netbook computer. As I've attempted to let the smartphone take over my life, I've noticed that it takes me a lot longer to communicate with others. I suppose that the smartphone thing is pretty cool for people who don't regularly touch type, but the lack of a physical keyboard is a serious drawback.
However, the ubiquitous 3G data roaming onto Sprint's network within the greater Los Angeles area has been superb. I'm very impressed with how easy it is for me to do simple email communications and web browsing on the small platform. That stated, if I amortize the cost of the device out over one year, the device costs me $43 per month. At that price, it is extremely competitive with any existing Verizon wireless plan, and I have all of the features that I could possibly want. Plus, any dead zones that I regularly encounter on USC's campus are filled in with Republic Wireless' ability to roam onto wireless networks.
Overall, I'm really impressed with the product. My only quibble is that I cannot unlock / root the phone, because the SPC / MSL numbers don't seem to be readily accessible, although it's probably just a matter of time.
I can do everything that I can do on the smartphone better on my netbook computer. As I've attempted to let the smartphone take over my life, I've noticed that it takes me a lot longer to communicate with others. I suppose that the smartphone thing is pretty cool for people who don't regularly touch type, but the lack of a physical keyboard is a serious drawback.
However, the ubiquitous 3G data roaming onto Sprint's network within the greater Los Angeles area has been superb. I'm very impressed with how easy it is for me to do simple email communications and web browsing on the small platform. That stated, if I amortize the cost of the device out over one year, the device costs me $43 per month. At that price, it is extremely competitive with any existing Verizon wireless plan, and I have all of the features that I could possibly want. Plus, any dead zones that I regularly encounter on USC's campus are filled in with Republic Wireless' ability to roam onto wireless networks.
Overall, I'm really impressed with the product. My only quibble is that I cannot unlock / root the phone, because the SPC / MSL numbers don't seem to be readily accessible, although it's probably just a matter of time.
Monday, October 15, 2012
Setting up OpenVPN on FreeBSD
I've found a few tricks to help improve OpenVPN setup on FreeBSD.
First off, there's a reasonably good PERL script that makes the process a bit easier. Install security/ssl-admin.
Next, set up your /usr/local/etc/openvpn/server.conf file:
Edit /usr/local/etc/ssl-admin/ssl-admin.conf.default and save as ssl-admin.conf in the same directory. Examples for the United States are shown below:
Once these certificates have been generated, you'll want to copy them into your OpenVPN configuration directory:
Edit /etc/rc.conf and add the lines:
Configure your firewall to allow traffic into OpenVPN. If you use ipfilter, add the following lines to your /etc/ipf.rules file and then restart the ipfilter service:
Server configuration is complete! Now you can create certificates for clients. I suggest creating /usr/local/etc/openvpn/client.conf:
Make a symlink so this configuration is included in the client configuration archive:
Using the ssl-admin tool, choose option (4) to create certificates for a client. The script will prompt you for another owner name -- choose something that is descriptive of the remote host so that you can figure out what certificate is for what host.
When the script asks you "Can I move signing request (xxxx.csr) to the csr directory for archiving?", choose Yes. After the script creates the certificate for the remote host, choose option (z).
Although this blog post will get you started, some of the methods used are dated. Apparently Ubuntu 10.10 now allows import of pkcs12 .p12 files. Essentially, these files replace the archive created by ssl-admin's option (z).
Next, set up your /usr/local/etc/openvpn/server.conf file:
proto udp
port 1194
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 172.17.2.0 255.255.255.0
# Makes a local area network available to other clients
# This could be the IP block of your home network
push "route 192.168.1.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
comp-lzo
client-to-client
duplicate-cn
user nobody
group nobody
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
verb 4
crl-verify /usr/local/etc/openvpn/crl.pem
Edit /usr/local/etc/ssl-admin/ssl-admin.conf.default and save as ssl-admin.conf in the same directory. Examples for the United States are shown below:
Next, use the ssl-admin tool to create server certificates. Launch ssl-admin. You're presented with a "user-friendly" menu, but the menu requires knowledge about ssl certificate exchange. This knowledge isn't really necessary in order to set up a server. When the program initially executes, it will automatically ask you to create a certificate authority (CA) identity. Make sure you encrypt this certificate with a password. Next, choose options dh, and option S. Option S will prompt you for an "owner name." To make things less confusing, type "server" as the owner name.
$ENV{'KEY_COUNTRY'} = "US";
$ENV{'KEY_PROVINCE'} = "CA";
$ENV{'KEY_CITY'} = "PASADENA";
$ENV{'KEY_ORG'} = "FOOBAR.NET";
$ENV{'KEY_EMAIL'} = 'CATS@FELINEHA.US';
Once these certificates have been generated, you'll want to copy them into your OpenVPN configuration directory:
cd /usr/local/etc/ssl-admin/active
sudo cp server.crt server.key ca.crt ../prog/crl.pem ../dh2048.pem /usr/local/etc/openvpn/
Edit /etc/rc.conf and add the lines:
# OpenVPN Server openvpn_enable="YES" openvpn_configfile="/usr/local/etc/openvpn/server.conf"
Configure your firewall to allow traffic into OpenVPN. If you use ipfilter, add the following lines to your /etc/ipf.rules file and then restart the ipfilter service:
# OpenVPNNow you should be able to start the OpenVPN server.
pass in quick on XXXX proto udp from any to any port = 1194 keep frags
/usr/local/etc/rc.d/openvpn start
Server configuration is complete! Now you can create certificates for clients. I suggest creating /usr/local/etc/openvpn/client.conf:
client
dev tun
proto udp
remote server.felineha.us
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
ca ca.crt
cert client.crt
key client.key
verb 3
Make a symlink so this configuration is included in the client configuration archive:
ln -s /usr/local/etc/openvpn/client.conf /usr/local/etc/ssl-admin/packages/client.ovpn
Using the ssl-admin tool, choose option (4) to create certificates for a client. The script will prompt you for another owner name -- choose something that is descriptive of the remote host so that you can figure out what certificate is for what host.
When the script asks you "Can I move signing request (xxxx.csr) to the csr directory for archiving?", choose Yes. After the script creates the certificate for the remote host, choose option (z).
Although this blog post will get you started, some of the methods used are dated. Apparently Ubuntu 10.10 now allows import of pkcs12 .p12 files. Essentially, these files replace the archive created by ssl-admin's option (z).
Subscribe to:
Posts (Atom)