Kevsters Blog

My little part of the Internet

Page 2 of 6

In Car Entertainment and Car PC’s

I have a fairly old car.  Its a 2005 Land Rover Discovery 3 that I purchased back in 2009.  Its a base model which meant it come without any of the frills and flash in car entertainment that the high spec HSE models come with.
It has its advantages.  It means I can upgrade what I like without meaning causing issues with other features of the car.
In turn I have now replaced the head unit (for a Pioneer DAB, Bluetooth device) and then about three years ago fitted an in car PC.  Ill detail this in another post but effectively its a ruggedised PC, with a 12v vehicle PSU (handles power cycle, starting cycle and power on/off) and allows attachments such as GPS, Bluetooth, Video Capture, Touch Screen, A/D Input/Output module etc and can be used for many things.   Navigation, Media/Video, Camera recording and many other things.  You can run Linux or Windows.  I now have Windows 8.1 and run a custom front end called Centrafuse which controls everything and acts as the skin to control everything.

WP_20140716_22_05_43_Raw

D4 wheel with Centrafuse display


WP_20140812_22_13_20_Raw

The PC


The PC innards

The PC innards


I guess they are not as popular now cheap tablets can be had for as little as £100 with GPS, SD cards and Bluetooth to be had.
Its been a bit of a labour of love and very testing at times.  I have been meaning to document it for ages and this post has made me remember this. So I shall begin….

Tip: Produce an easy readable file system tree on Linux

You have a number of nested folders and want to see a view in a tree style format.  Try this alias (BASH only)


$ alias filetree="ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^/]*//--/g' -e 's/^/ /' -e 's/-/|/'"
$ filetree

Hope it helps at least one of you !

IT Contract Recruitment in the UK

I have now been working in IT since 1989 and been an IT contractor since 2000.  I am still amazed how much the market hasn’t changed and how contractors get treated by IT agencies.
In the UK they are a necessary evil.  Large companies wont hire direct and can’t be doing with the hassle of searching, filtering as well as paying non employee staff so I can understand that part.  The agencies handle this (and to be fair other things) and yet most seem to lose all sense of manners sometimes.  My best experiences have been working direct but that requires a special relationship with the company for it to work.
Back in the day my contacting peers used to use the same agent who would look after them and get them work.  They used to wine and dine them and treat them as valued assets.  That seems to have changed since then and not got any better.

  • You fire off a CV, there is sometimes not even acknowledgement of receipt.  How hard is this be in 2014 ?
  • They call you – you have a long chat, say that “will submit CV” and then you never get any form of communication post that.  Again its not hard is it ?
  • They advertise jobs when blatantly there is no job.  They are just fishing for CV’s to then send companies
  • Ask you call premium rate numbers to speak to them
  • Hide behind filtered email addresses

Don’t get me wrong – I’m not bitter about the process.   I realise there is a lot of poor CV’s and yet worse staff in the market.  I pride my CV on being accurate and true. I also have worked for some very, very good agencies (my current is brilliant) and some really bad (one didn’t pay me until the end of the third month)
I have done well over the years and am sure they have too (don’t start me on margins!) but a bit of common courtesy wouldn’t go a miss.  It takes 1/2 minute to type an email or leave a message.  Otherwise they live up to there reputation as ‘pimps’ and in the same pigeon hole as ‘estate agents’ for most people.
 

Virtual Machines and Home Lab’s. Why do the vendors make it so hard ?

I am a big fan of running everything virtually.  There used to be day when I had a ton of kit but now all I have is a small HP Microserver, an i7 Lenovo desktop PC, Lenovo T440S i7 Laptop and an i3 Surface Pro 3. I use VMware Workstation 10 as much as I can.   I used to use Virtual Box back in the day but found it just too troublesome with converting VM’s from manufacturers.
Most of the time it is very easy to download a virtual machine from a manufacturer and it will just run.  Juniper, Microsoft and some others are good.  Some will be in VMware appliance formats.  Others use the open OVA format.  Others such as Cisco, F5 and Fortinet will only support OVA’s that you can only import into ESX.  Workstations fails with various errors even though  – in theory – OVA is an open, portable format  …….
My fix is do this:

1) Download VMware ESX evaluation

2) Install as a VM within VMware Workstation

3) Navigate to the ESX Managment address via a browser.   Either use the Web GUI or vCentre GUI

4) Import the OVA into ESX

5) Once imported.   Navigate to the Data Store Browser.

6) Copy out the whole folder for the imported VM

7) Open the VMX in VMware Workstation.

8) Edit the NIC’s etc as nessiary

9) Start the VM

That seems to always work for me !
 

New Standards – HTTP2

A great article I came accross explaining how HTTP2 works is availible at http://daniel.haxx.se/http2/http2-v1.6.pdf
It has some intresting challenges for adoption and implications for Network Security and vendors of the associated devices used to secure them.  One of the main challenges being that the format moves from an easy to read text form, to a binary blob.  This means Deep Packet Inspection (DPI) of these frames becomes a lot more intensive.
It will also be interesting how this gets adopted for the ‘average’ site.   I can see the Goog, Facebook and Microsoft adopting it but how long did it take for HTTP 1.1 to become adopted ?
One to monitor……
 

So that went well…… The pains of multi factor Authentication

First day in my ‘post a day’ challenge for November went well with me missing a post…so I shall indevor to catch back up 🙂  ..
There is a few reasons for this but one of the reasons is that I can’t just post from any device.  I took the plunge a good while back and protect the site using the fantasic Duo Security two factor authentication system which means I have to have my phone to hand when logging into my Blog.

Yes, multi factor authentication is a  pain in the ass but thats security.  Its about balancing security with usability.  I’d rather have the pain than allowing someone else to blog as me.
I also recomend using two factor authentication for all of your ‘primary’ accounts such as Microsoft (Technet, Outlook, Office 365), Google (+, gMail, Webmaster Tools), Apple  (iTunes, iCloud), Twitter and Facebook.   Using Windows Phone, I use the Microsoft Authenticator app which can be used for all of the sites listed here.
Logging on can be a pain, but I’d rather have the extra security.

Post a Day Challenge

Listening to one of my goto Podcasts i regularly download from PacketPushers.net, the Priority Queue feed at http://packetpushers.net/network-break-18/ Greg Ferro (@etherealmind) mentioned and initiative about making an effort to post a blog post each day for a month.
I like the challenge so for the month of November I’m going to give it at go.
Lets see what random mutterings I come up with !

Is there such thing as a ‘crap’ PC anymore ?

Like most folks who work in the tech/IT field, people are always asking for my opinion about kit, especailly PC’s.
My reply was usually ‘how much do you want to spend ?’     Today, this got me thinking……. is there any such thing as a ‘crap’ PC any longer ?
With the advent of cheap tablets  (some are just piles of shite that will end up in landfill) the PC makers seem to be giving PC’s away that have better, and better spec.    For instance i3, 4GB RAM, 1TB hard disks on budget £350 laptops.
Whist the screen will be a crap 1366 x 768 resolution screen and the battery will probably last 3 hours (mainly due to all of the OEM junkware thats installed) you can still do far more than you ever will on a tablet computer device.  Perhaps peoples habbits are changing and if all they do is use email and FaceTwatterBook then good riddance, It means I dont have to fix the bloody thing.
However people who actually need a PC for Media, iTunes, Photo/Video editing then its still the best for the job.   They are eminantly flexible and can still be customised to do what you like.   Depite what the press may say, Windows 8.1 (with the new Update 1) makes switching between the Metro/Modern Start Screen apps and traditional desktop a breeze.  If you are still suffering the $5 spent on Start8 will soon sort you out.
Remove all of the cack the thing comes with.  Whatever you do dont buy or run McAfee or Norton AV.  Remove it and Microsoft Defender will be activated which is fine for most users.  Dont waste your cash….. seriously…
They arent the same as the crap that was pushed when the whole Netbook craze came around.  Bit like 3D TV’s really, it was just a fad.  Luckilly the Atom seems to be have relegated to small headless kit, tablets and even phones.  Its even now pretty good 🙂
So thats my opinion as of today, even thought I have just dropped the best part of £1800 on an awsome Lenovo T440S fully loaded !

Native Apple iOS Client and Android Client to Cisco ASA VPN using Certificate Authentication Part 4 – More ASA Side

Some parts I forgot from the last few posts.
The ASA also uses Group Policy (not AD group policy!) configuration.  In here you set useful things such as DNS, domain and other properties.  Its also the area to configure specifics for the IPSEC Phase 2 connection.   I normally use a GP per connection as its allows some flexibility when making changes later on.  You can also set some values within the default group policy that will be standard over the whole of your ASA, which depending on if inherit is turned on or not get set.
For Apple iOS devices IP Compression and PFS have to be turned on.  On Android, these are not.  You get a strange symptom (if set) where the Android handset claims its connected (and the ASA even issues an IP address) but the device never shows connected in ASDM.  It was only with use of various debugs that I managed to find this out.
Group policies therefore are:

!Apple iOS
group-policy GP_iOS internal
group-policy GP_iOS attributes
 dns-server value 10.100.200.10 10.100.202.10
 vpn-session-timeout none
 vpn-tunnel-protocol ikev1
 ip-comp enable
 pfs enable
 default-domain value mydomain.local
!Android
 group-policy GP_ANDR internal
 group-policy GP_ANDR attributes
  dns-server value 10.100.202.10 10.100.200.10
  vpn-session-timeout none
  vpn-tunnel-protocol ikev1
  default-domain value mydomain.local

That should complete all of the configuration requried to allow iOS and Android devices to connect to a Cisco ASA using the inbuilt native IPSEC client using x509 certificates.   You really arn’t using Pre Shared Keys in this day and age are you ?

Putty – Session Logs

A useful feature when you are working on multiple devices is to keep as session log for every session.  You can then easilly see what you have typed or provide evidence.
To configure this for every session:
1) Open Putty
2) Select the Default Settings and press Load

3) Navigate to Session > Logging
4) Set the Log file name in a format that makes sence to you.  You can see mine

5) Navigate back to the sessions, making sure Default Settings is still highlighted and then press Save
Test !

« Older posts Newer posts »

© 2018 Kevsters Blog

Theme by Anders NorenUp ↑