Sign Up!
Login
Welcome to The Gray Matter
Thursday, August 28 2014 @ 12:59 AM EST
Share View Printable Version

My brush with Decompression Sickness (DCS)

Diving

An event that any SCUBA diver tries their best to avoid.  A condition every diver trains to prevent, practises skills to avoid and plans their dives to render the risks of it happening almost nil.  Nonetheless, it happened to me; a fully qualified, experienced, Rescue Diver.  This is my account of DCS and I hope it serves as a warning and an opportunity to learn for other divers.

Share View Printable Version

Paypal - the new Grinch!

General News

Have you heard the news? PayPal has decided that donating gifts and money to needy children and families is wrong. So wrong that they’ll take their cut of the donations, then require that the organizer refund all the money (that PayPal took their cut of); then allow the organizer to sell the (already purchased) gifts (and take a cut of the sales); then decide that because it’s not a charity for cats, but for kids, all of the sales have to be refunded (giving PayPal another transaction cut); and then, to add insult to injury, freezing the personal account of the organizer.

http://www.regretsy.com/2011/12/05/cats-1-kids-0/

Share View Printable Version

DShield and a Cisco 837

Technology

I’ve been a contributor to the global DShield project for quite some time and recently replaced a long-serving, faithful router with a Cisco 837.  This introduced an interesting problem for me - the log format of the new router was completely different to the old one and as a result, my DShield script completely exploded.  Not a huge problem, time to indulge my Perl regex geekiness and fix it!  First of all there are a few prerequisites:

  1. Configure the Cisco 837 to log failed access to my syslog server (running syslog-ng) (or download the full IOS config here)
  2. Make sure syslog-ng adds the year to the log line (DShield needs this field)
  3. Download and Configure the log-parser to get the info for DShield (see below for instructions)

To make this article easier, I’ll simply stick to these three sections.

1 - Configure CIsco IOS to Log Correctly

Don't panic - IOS isn't the boogey-man and I'll walk you through this :)  Assuming you have a syslog server that is configured to listen for network connections (in my case syslog-ng) this is a straight-forward process.  If you have a "virgin" router and have the luxury of applying a brand new configuration, I have provided the full IOS configuration for a Cisco 837 - just edit in a text editor and hunt for the "CHANGE-ME" and "x.x.x.x" bits. If you're editing an existing/working IOS configuration, log into your router, go to enable mode and “configure terminal” then enter the following:

service timestamps debug datetime msec
service timestamps log datetime localtime
no logging console
no logging monitor
logging facility local1
logging 10.0.0.5

 

Change 10.0.0.5 to whatever the IP of your syslog server it.  Of course you then need to define an access list (mines called “INTERNET-IN”) and apply it to your interface (in my case “Dialer1”), just make sure the last few lines in the access list looks like this:

ip access-list extended INTERNET-IN
 permit tcp any any eq www
 permit tcp any any eq 443
 ...
 deny   tcp any any range 0 65535 log
deny   udp any any range 0 65535 log
deny   udp any any log

 

And the dialer interface with this access list looks like this:

interface Dialer1
description Internet Interface
ip address negotiated
ip access-group INTERNET-IN in
...

Ok, that’s the Cisco stuff done, you should now be seeing log lines appear for blocked incoming connections in your logs.  If not, make sure your logging setup is correct and review both the router and the syslog server.

2 - Setting up syslog-ng

I run an Ubuntu syslog server, but these instructions should work for pretty much any *nix-based system running syslog-ng.  By default, messages sent to syslog-ng are not recorded with the year, however DShield requires it (at least as far I know it does).  This isn’t a big deal, as you can simply add a template to the log destination.  In my setup I filter everything from my Cisco 837 to its own file.  The router’s hostname is “router” and here are the relevant lines from /etc/syslog-ng/syslog-ng.conf:

destination df_router {
file("/var/log/router.log"
template("$DATE $YEAR $HOST $MSG\n")
template_escape(no));
};

filter f_router {
host(router);
};

log {
source(s_all);
filter(f_router);
destination(df_router);
}; 

 

That’s about it.  By this stage, you should be seeing messages in /var/log/router.log like this:

Jun  8 18:47:17 2011 router Jun  8 18:47:16: %SEC-6-IPACCESSLOGP: list INTERNET-IN denied tcp 115.134.81.123(4250) -> 123.123.123.123(23), 1 packet

Yay!  The last bit is a piece of cake (because I’ve already written the script for you).

3 - Log parser installation

This is simple for you.  Just download the script bundle and untar from the root (/) directory.  It will put a handful of files in /etc, and the script into /usr/local/dshield (along with a test harness).  If you have any concerns, unpack in /tmp and move the files around appropriately.

MAKE SURE you put your DShield user details into /etc/dshield.cnf - failure to follow this step will cause all your hard work to be completely wasted ;)

Lastly, once you know the script is working with your logs (see the test harness for how to do this), just add the following entry to /etc/crontab:

10 4,16 * * *   root    cd /usr/local/dshield && ./cisco837.pl -config=/etc/dshield.cnf > debug.txt

Now twice a day, you should get a notification saying you have contributed to the greater good and you can feel all warm and fuzzy.

Share View Printable Version Subscribe to 'Humor'

You know you're Australian if...

Funny Anecdotes
  • You believe that stubbies can be either drunk or worn.
  • You waddle when you walk due to the 53 expired petrol discount vouchers stuffed in your wallet or purse.
  • You've made a bong out of your garden hose rather than use it for something illegal such as watering the garden.
  • You think it's normal to have a leader called Julia.
  • You believe it is appropriate to put a rubber in your son's pencil case when he first attends school.
  • You're liable to burst out laughing whenever you hear of Americans "rooting" for something.
  • You understand that the phrase 'a group of women wearing black thongs' refers to footwear and may be less alluring than it sounds.
  • You pronounce Melbourne as 'Mel-bn'.
  • You believe the 'l' in the word ' Australia' is optional.
  • You know that some people pronounce Australia like "Strayla" and that's ok.
  • You can translate: 'Dazza and Shazza played Acca Dacca on the way to Maccas.'
  • You believe it makes perfect sense for a nation to decorate its highways with large fibreglass bananas, prawns and sheep.
  • You call your best friend 'a total bastard' but someone you really, truly despise is just 'a bit of a bastard'.
  • You think 'Woolloomooloo' is a perfectly reasonable name for a place.
  • You're secretly proud of our killer wildlife.
  • You believe it makes sense for a country to have a $1 coin that's twice as big as its $2 coin.
  • You understand that 'Wagga Wagga' can be abbreviated to 'Wagga' but 'Woy Woy' can't be called 'Woy'.
  • You believe that cooked-down axle grease makes a good breakfast spread.  You've also squeezed it through Vita Wheat biscuits to make little Vegemite worms.
  • You believe all famous Kiwis are actually Australian, until they stuff up, at which point they become Kiwis again.
  • Hamburger with Beetroot? Of course!
  • You know that certain words must, by law, be shouted out during any rendition of the Angels' song 'Am I Ever Gonna See Your Face Again'.
  • You believe that the confectionery known as the Wagon Wheel has become smaller with every passing year.
  • You wear ugh boots outside the house.
  • You believe that every important discovery in the world was made by an Australian but then sold off to the Yanks for a pittance.
  • You believe that the more you shorten someone's name the more you like them.
  • Whatever your linguistic skills, you find yourself able to order takeaway fluently in every Asian language.
  • You understand that 'excuse me' can sound rude, while 'scuse me' is always polite.
  • You know what it's like to swallow a fly.
  • You know it's not summer until the steering wheel is too hot to handle and a seat belt buckle becomes a pretty good branding iron.
  • Your biggest family argument over the summer concerned the rules for beach cricket.
  • You shake your head in horror when companies try to market what they call 'Anzac cookies'.
  • You still think of Kylie as 'that girl off Neighbours'.
  • You understand that all train timetables are works of fiction.
  • When working in a bar, you understand male customers will feel the need to offer an excuse whenever they order low-alcohol beer.
  • You know how to abbreviate every word, all of which usually end in -o: arvo, combo, garbo, kero, lezzo, metho, milko, muso, rego, servo, smoko, speedo, righto etc.
  • You know that there is a universal place called "woop woop" located in the middle of nowhere...no matter where  you actually are.
  • You know that none of us actually drink Fosters beer, because it tastes like *censored*. But we let the world think we do. Because we can.
  • You have some time in your life slept with Aeroguard on in the summer. Maybe even as perfume.
  • You've only ever used the words - tops, ripper, sick, mad, rad, and sweet - to mean good. And then you place 'bloody' in front of it when you REALLY mean it.
  • You know that the barbeque is a political arena; the person holding the tongs is always the boss and usually a man... and the women make the salad.
  • You say 'no worries' quite often, whether you realise it or not.
  • You've drank your tea/coffee/milo through a Tim Tam.
  • You own a Bond's chesty. In several different colours.
  • You've ordered a steak the size of your head and only paid $5 at yourlocal RSL.
  • You know that roo meat tastes pretty good, but not as good as barra. Or a meat pie.
  • And you will immediately forward this list to other Australians, here and overseas, realising that only they will understand.
Share View Printable Version

Do you reuse your passwords? DONT!

Technology

I came across this article today and found it well written, soundly reasoned and very practical. I have a personally gone through the process the author describes and can verify that securing your passwords is easy, cheap and definitely worth it. If you use a computer, you really should read this article!

Share View Printable Version

The Apple App Store versus the Vendor

Technology

 First of all, let's get something straight: I LIKE the Apple App Store for OSX.  It provides a great virus/malware-free repository of quality software that's an absolute breeze to install and maintain.  However, the pricing of the applications is somewhat disappointing to put it mildly.

Some software titles are great value.  For instance if you want iPhoto but not the entire "iLife" suite, then being able to pay peanuts for just that one component is a great offer!  Then there's the antithesis of this pricing where despite the Australian dollar flirting with parity against the US dollar, we are being charged ridiculous prices begging the question, "why bother"?

Here's a case at hand.  I've been wanting to increase the quality and frequency of the articles I publish on this site and using the built-in tools, whilst good, limits me to only writing when I'm online :( Bummer.  So I went hunting and found a great piece of software called MarsEdit.  After downloading the 30 day trial I'm satisfied it meets my needs and is worth paying for.  So I went to the OSX App Store, and found this:

MarsEdit from the Australian OSX App StoreListed in Australian dollars, so on the current exchange rate is USD$47.35

This seemed a little steep for an application that does little more than turn WYSIWYG into HTML and pump it into an API provided by my CMS.  So I went directly to the vendor and found this:

MarsEdit direct from the vendor

Now given that the OSX App Store in USD is $47.35 and direct from the vendor is $39.95, that's a price hike of 18.5% for the privilege of using the Apple App Store!  This then raises an interesting question; how much overhead should Apple be charging for the consumer for the convenience of the App Store.  Lets not forget the vendor though; is this grossly inflated price passed on to them?  Who pockets the difference?

I've worked for a company that was in the business of distributing other vendor's software and the consumer often paid a small premium for fixed-price software as the distributor took the risk on the exchange rate and locked in prices for an arbitrary period.  The longer the lock-in, the higher the premium.  However, with the Australian economy one of the strongest in the developed world, despite recent natural disasters, it makes me wonder how long Apple are locking in prices with vendors...years? decades? glacial ages? heat death of the universe??

Needless to say, I spent my money directly with the vendor in this instance.  The 18.5% premium just isn't worth the overhead for such a simple application.

Share View Printable Version

Apple Mail RSS to Google Reader

Technology

 I have been using Apple Mail to read my RSS feeds for a few years now and for the most part, I like it.  However, with an iMac,  Macbook Pro, iPhone and work machine all hitting the same feeds, synchronising everything to find the NEW articles has been a royal pain.  So I've give up hacking my own RSS/Dropbox/argh(!) solution and I'll let Google manage it all and hang my privacy.  Read on for the magic three step process.

Share View Printable Version

Support Autism

General News

You may notice the new block on the right hand side.  (Update: Block removed, but link below still works - JG 22/1/2011) On November 1st, I am going offline to support and raise awareness of autism (in all it's forms).  This is a condition that is very close to my heart and I'd encourage everyone to check out the web site Communication Shutdown to see what this is about.  Obviously it would be great if you wanted to throw some coin towards support services for people with this largely misunderstood condition.

Here's a few bits of info about Autism:

  • You can't "acquire" Autism - you're born with it.*
  • There is no cure (although with the right support and intervention, many with Autism can, and do, make significant contributions to society).
  • Autism is a spectrum - some people are severely impacted, others seem almost normal
  • Without Autism, NASA, Silicon Valley, MIT and other highly technical institutions probably wouldn't exist! (This is an attempt at humour obviously, but oddly, contains a lot of truth!)

* I have seen some research showing Autistic tendencies in some people after various forms of brain trauma, but the jury is still out on whether this is actually "Autism" or some other form of behavioural change.

 

Share View Printable Version

When good intentions turn bad

Technology

 If anyone is wondering what the heck happened to the weather graphs recently I can explain.  I have been a busy boy and moved all my email hosting to Google Apps.  This is a good thing and has NOTHING to do with the gaps in the graphs.  However, the mail hosting move triggered a chain reaction of me shooting myself in the foot.  The sequence of events went something like this:

  1. Migrate mail hosting - w00t!  Everything went well :)
  2. Users can't get their mail clients configured.  Bummer, time to do some remote take-over-their-desktop type wrangling.  All fixed...good!
  3. Remove old mail server packages from my server at home.  This went well in fact - bye Zimbra and Mailscanner, you've been good friends.
  4. Decide that with the smaller task-footprint on the server, I might as well upgrade it from Ubuntu 8.04 to 10.04.
  5. Here ends my weekend! Gah!!
  6. What broke: database, monitoring, backups, mail relay, web proxy, DNS, DHCP, UPnP media server, weather station duties.
  7. Fixing #6 has taken me all day Monday!!  Grr.

The good news is that I'm pretty sure everything is back to normal albeit with a few gaps in the trend monitoring for the weather station.  Sorry.

Update: Wednesday 6th October @ 13:53

Spoke too soon.  After "fixing" the system it turns out the term "fix" was more like "neuter"!  I got this great idea to lock down some files on the server that contain sensitive info, like username and passwords to databases.  The problem is the code that does all the graph generation magic couldn't READ the damned files after I "fixed" them (I'm an idiot...should've seen THAT coming!).  Alas, the permissions are now fixed properly and the result is about a 24hr gap in the trend monitoring.  Moral to the story: when locking down your system, decide if you're doing for anality or for a real reason.  In my case, it was the former, and I paid :(

Share View Printable Version

Synchronising iPhoto

Technology

 As many people who know me are aware, I use Macs.  I also use iPhoto, a lot!  I have an iMac on my desk at home and I roam around with my Macbook Pro.  Both of these have iPhoto installed and I often need to make sure both systems' iPhoto libraries are in sync.  There is no free GUI tool for this (that I'm aware of at least) but that is not a show stopper.  Many Mac/OSX users aren't aware of the fact OSX is a full-blown, card carrying member of the Unix(tm) family!  What this means is that it has a complete command line interface that allows you to do all sorts of phunky things.  In my case, I need to synchronise two iPhoto installations.  However, my needs are fairly simple:

  1. I only change one iPhoto library at a time (either I'm working at home, or remotely).  So this mean I will only ever need to merge changes from one iPhoto to the other.
  2. My account on both systems can login to the other via SSH without requiring a password.  I used key-based auth.

With these two considerations I simply went about knocking up a shell script to do what I need using rsync.  I offer you the following:

 

#!/bin/bash

CUR_DIR=$(pwd)
DIRS="$HOME/Library/Caches/com.apple.iPhoto\n$HOME/Pictures/iPhoto Library"
RSYNCOPT="-rlptSzhPE --del"
RHOST=iceman

# Assume first command line argument is the remote host
if [ ! -z $1 ]; then
	RHOST="$1"
fi

echo -e $DIRS | while read DIR
do
	cd "$DIR"
	if [ $? -eq 0 ]; then
		DIR=`pwd | tr \  \?`
		echo "Corrected Directory on remote host: $DIR"
		rsync $RSYNCOPT $RHOST:$DIR/ ./
	else
		echo "Oops - couldn't change to directory "$DIR""
	fi
done

cd $HOME/Library/Preferences
rsync $RSYNCOPT $RHOST:$HOME/Library/Preferences/com.apple.iPhoto.LSSharedFileList.plist ./
rsync $RSYNCOPT $RHOST:$HOME/Library/Preferences/com.apple.iPhoto.plist ./
rsync $RSYNCOPT $RHOST:$HOME/Library/Preferences/com.apple.iphotomosaic.plist ./

cd $CUR_DIR

 

Some important notes about this script:

  • Save this script as: sync-iphoto.sh
  • Execute the following command to make it executable: chmod 775 /path/to/sync-iphoto.sh
  • It MUST be run on the DESTINATION machine.
  • You username on both machines MUST be the same.
  • Edit the RHOST variable to point to your OTHER Mac (ie, the source).  Alternatively, you can over ride the hard-coded RHOST by specifying one on the command line.
  • This script will COMPLETELY over-write the iPhoto library on the destination Mac, ie, this script will NOT "merge" two iPhoto libraries into one!! YOU HAVE BEEN WARNED!

Now whenever you modify your OTHER iPhoto library, run this script on the Mac that needs updating :)  Voila!

First | Previous | 1 2 3 4 5 6 7 8 9 10 | Next | Last

Who's Online

Guest Users: 165

My Account





Sign up as a New User
Lost your password?

Sections

Older Stories

Wednesday 21-Jul


Saturday 02-Jan


Thursday 31-Dec


Monday 14-Dec


Monday 12-Oct


Wednesday 07-Oct


Thursday 01-Oct


Friday 25-Sep


Tuesday 25-Aug


Saturday 30-May

Random Image

Emily at about 22 hours old. She has a little more colour now and is starting to "fill out" a bit.
Browse Album
?

License

Creative Commons License

All work on this site is licensed under a Creative Commons Attribution, Noncommercial, Share Alike 2.5 Australia License" unless otherwise stated by the repective copyright holders.

What's New

No New Items