2014/11/17

802.11u, Passpoint and Hotspot 2.0

上星期有幸會見 WiFi Alliance CEO Mr Edgar Figuerora, 終於搞清楚 802.11u, Passpoint 同 Hotspot 2.0 三套技術的相関配合。802.11u 是將無線連線介面轉接至不同網絡,如 3G / 4G 跳至 WiFi , 可達至流動數據卸載 ( cellular offloading)。而Passpoint 則是替支援 802.11u 的器材進行互相兼容的驗證計劃。至於 Hotspot 2.0, 則是一套龐大的基礎設施規格,涉及認證,保密,計費,漫遊協議等。以小弟意見,在可見將來,各網絡商都會投資在 Hotspot 2.0 基建,固網商可提供高效能的 WiFi平台,進軍流動服務,亦可將 Hotspot 2.0 基建租予給流動網絡商。當然,那些同時經營固網及流動網的服務商更加會掌握 Hotspot 2.0,以援衝頻譜需求。WiFi 面世經已超過15年,到了今天,還不停地改良和增加功能,這要多謝 IEEE 的網絡專家多年來所付出的努力。

2014/11/09

HKTV 開台壓力測試

已準備好今晚10點至11點 HKTV 開台壓力測試,我所有用得嘅資源,包括手提電腦,小米盒子,平板,手机,3G, 4G, 1000Mbps 寬頻,802.11n/ac 路由器傾巢盡出。王維基,我幫到你盡了。

2014/11/06

protecting .hk ccTLD systems

Yesterday, when doing a half-yearly clean up of my authoritative name servers, I found the measures of  protecting ".hk" ccTLD systems from DDoS attacks as a result of malicious querying "popvote.hk" still in place.  I purposely  attached a screen dump for easy recall of my memory.

















The solution was to tell clients that popvote.hk was hosted here and there was no need to go through “.hk”.  HKCERT and HKISPA jointly appealed to all ISPs to do this in order to protect all kinds of service using .hk domains.   Up to now, I am still not sure how many of them agreed to implement the interim measures.

On this related matter, attacks of popvote.hk brought some good development to the local ISP industry.  Some ISPs have used resolvers and authoritative name servers in the same machines.  During the attack period, larger volume of queries flooded their resolvers which made the authoritative name severs not workable.  How could they explain to their customers the situation.  If I were one of the customers, I would definitely ask popvote.hk was none of my business, why attacks on "popvote.hk" made all my name records vanished.  In the light of increasing DNS attacks, ISPs in Hong Kong should have realised that they could not bundle a resolver and an authoritative name server in  the same machine.

 

2014/11/05

Opendkim

I had used dkim-milter for over a year.  This milter was pretty good but due to its phasing out, I had to switch to opendkim.  To do the configuration was pretty easy as I had gained some experience in dkim-milter.  Up to now, I still have no idea the percentage of my dkim-signed outgoing emails being permitted as reputable sender and not treated as suspicious spam.  The fact is do it. If Facebook, Gmail, Yahoo all do it, why hesitate not to follow suit. 

2014/11/02

rsync + ssh and scp

Something I could have misunderstood for a long time.  I always think scp is powerful for retrieving files by a local host from a remote server but all the files obtained will have permissions and access rights set to the one who invoke the scp command.

#scp -P 1234 -R user@xyz.com:/remote/path/ /local/path/

This is not desirable for restoration purpose  as the original attributes have been lost.  I turn to use rsync like the one below:

#rsync -chavzP --stats --rsh='ssh -p1234' user@xyz.com:/remote/path/ /local/path/

As I have always said, rsync is one of the most powerful backup tools ever existed in the world.  The more you learn, the more you love it.