2013/06/29

Secure automatic remote backup

Secure automatic remote backup is easy. Just consider “crond + script + rsync + ssh + ssh key”. I am sure you will be addicted.
Posted by at No comments:

2013/06/26

Noise Floor

Some engineers in the mobile industry have no basic knowledge of noise floor. I repeat below:

Noise Power N = kTb

k = Boltzman Constant
T = Absolute Temperature (Kelvin)
b = Channel Bandwidth

 For LTE system occupying 10 MHz bandwidth, the noise floor is - 104 dBm. 
Posted by at No comments:

2013/06/22

My tests on IRC blocking in 6in4 tunnel

I was helping to test goIPv6 tunnel (6in4 tunnel) which will be officially launched on 11 July 2013.  There are two security precautions imposed by the tunnel provider, namely blocking of SMTP and IRC connections.  This is quite understandable as malware infected PCs can send out spam and communicate with botnet command control centre through IRC port 6667 to launch malicious attacks.  Wait, I did not have IRC daemon.  How could I test it. I recalled that I could make use of netcat (nc) as follows:

Server side (listening mode ) : #nc -6 2401:300:0:1::8080 -l 6667
Win 7 Client side (transmit mode): c:\nc6 2401:300:0:1::8080 6667 –n –v

In the client side, nc6 for Windows 7 should be used which supports IPv6.  If connection could be put through, key inputs from the client side will be echoed in the server side.

Hopefully, the blocking test was conducted successfully. 


Posted by at No comments:

2013/06/21

DNSv6

Trust me, there is no such new technology or protocol named as DNSv6. All authoritative DNS servers, whether riding on IPv4 or IPv6 backbone, can support AAAA record and ip6.arpa for reverse lookup !
Posted by at No comments:

2013/05/26

樂蜀浮雕

慘極!具3500 年的樂蜀浮雕,已被「丁錦昊到此一遊」7個中文字摧毁了歴史文物價值,除了強國人外,外國遊客絕不會做出這種野蠻行為。













http://news.now.com/home/international/player?newsId=68895
Posted by at No comments:

2013/04/24

No privacy protection if you are using Gmail account

Gmail scans content of my incoming emails. I can not do anything to stop such privacy intrusion.

----- Transcript of session follows ----- 
... while talking to gmail-smtp-in.l.google.com.: 
>>> DATA 
<<< 550-5.7.1 [2401:300:0:1::8080 7] Our system has detected that this message
<<< 550-5.7.1 is likely unsolicited mail. To reduce the amount of spam sent to
<<< 550-5.7.1 Gmail, this message has been blocked. Please visit
<<< 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for
<<< 550 5.7.1 more information. ps11si2916950pab.141 - gsmtp
554 5.0.0 Service unavailable
Posted by at No comments:

2013/03/14

Always leave office on time

ALWAYS LEAVE OFFICE ON TIME

1.            Work is never ending process. It can never be completed.
2.            Interest of a client is important, so is your family.
3.            If you fall in life, neither your boss or client will offer you a helping hand; your friends and family will.
4.            Life is not only about work, office and client.  There is more to life. You need to socialize, entertain, relax and exercise. Don't let life be meaningless.
5.            A person who stays late the office is not a hard-working person.  Instead he/she may be a fool who does not know how to manage work within the stipulated time.  He/She is a loser who does not have a personal or social life.  He/She is inefficient and incompetent in his/her worrk.
6.            You did not study hard and struggle to become a machine.
7.            If your boss forces you to work late, he/she may be ineffective and have a meaninngless life too; so forward this to him or her.

Leaving office on time = efficient, good social life, quality family life.
Leaving office late = inefficient and incompetent, no social life, less family time. 
Posted by at No comments:

2013/03/02

Gmail is now fully dual-stack

Gmail has finally enabled IPv6 channel in the outgoing path, not just the incoming path alone. That’s say, Gmail is now fully dual-stack. I have been waiting for this moment since World IPv6 Launch (6 June 2012). Thanks to Google.


Posted by at No comments:

2013/02/18

Blog CAPTCHA

I have recently received a lot of blog spam, most of which deal with medicine.  Presumably, the messages are generated by some automatic scripts and these spam messages disturb a lot of bloggers.  This leaves me no choice but to activate CAPTCHA verification.  I hate deleting spam messages manually one by one and I hope that with the use of CAPTCHA,  the number of blog spam can be reduced to a minimum.


Posted by at No comments:

2013/02/05

ssh client on a tablet

So finally I have SSH terminal on a tablet.  I can do some less keyboard-intensive tasks such as checking logs and minor config changes.  It is Juice SSH client.  No need to root the tablet.


Posted by at No comments:

2013/02/04

Change of IP address in Root Server D

Root Server D has changed its IP address on 3 Jan 2013. I have done my job to align with the change.  The file to change is "/var/named/chroot/var/named/named.ca".

 The old IP address will retire in the next 6 months. Just wonder how many ISPs and network administrators have done their work diligently?

 http://d.root-servers.org/
Posted by at 3 comments:

2013/02/03

Google map offline

When I was in Dubai 2 months ago, I relied on Google Map to guide me from various Metro-stations and main streets to shopping malls and hotels.  This was done in online mode and sometimes the responses were slow if the connected 3G network was congested, not to mention the data usage charges.

I just discovered that Google Map offers offline cache though the  area is restricted to 10 miles x 10 miles for each cache map.  That would save me a lot of time and cost next time if I travel in another city.  Without delay, I have downloaded cached maps of Shenzhen, Macau, Zhuhai and Beijing.  It would be better to view  the offline maps in a 7-inch Android tablet than a small smartphone .  Google is very thoughtful.  Thanks.
Posted by at No comments:

2013/02/01

Google public DNS can support DNSSEC

Google has completed a marvelous job. Its four public resolvers at "8.8.8.8", "8.8.4.4", "2001:4860:4860::8888" and "2001:4860:4860::8844" can now support DNSSEC and perform signature validation.

 [warren@dnssec ~]# dig +dnssec ds icann.org @2001:4860:4860::8844 | grep ad
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
[warren@dnssec ~]# dig +dnssec ds icann.org @2001:4860:4860::8888 | grep ad
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
[warren@dnssec ~]# dig +dnssec ds icann.org @8.8.8.8 | grep ad
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
[warren@dnssec ~]# dig +dnssec ds icann.org @8.8.4.4 | grep ad
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

My double thumb up to Google.
Posted by at No comments:

2013/01/31

Full house of network devices

This is the picture of my home full house of network devices. They are : two 802.11n routers, four 802.11n client devices, a pair of Powerline Ethernet adpators, two 3G USB dongles and other. I am a TP-LINK super fan.  


Posted by at No comments:

2013/01/30

Dibbler for Windows XP

For those who are using Windows XP, they know that there is not yet a DHCPv6 client even IPv6 stack is manually installed.  The good news is Dibbler DHCPv6 portable client is available free of charge at http://klub.com.pl/dhcpv6/dibbler/.  I don't have the chance to experience this add-on DHCPv6 client as all my desktop and notebook PCs are running Windows 7.  Have fun.



Posted by at No comments:

2013/01/27

China generated 32 % of global network attack traffic

China generated 32 % of global network attack traffic, according to Akamai's State of the Internet 3Q 2012 Report.  It is really a champion and a shame.


 The second worst country is US, responsible for 13 % of the total.  Some nice pictures of the situation can be seen from:

 http://www.akamai.com/dl/akamai/q3_2012_soti_infographic.pdf
Posted by at No comments:

2013/01/25

Fake HKCERT email

By now, it has been widely reported in the media that there was a fake HKCERT email advising recipients to patch the recent Adobe Flash vulnerability and a fake patch was attached.  I tried to look at what HKCERT has been taking in order to protect its email domain.  Unfortunately, HKCERT does not use Sender Policy Framework to specify what IP addresses and domains can use "hkcert.org" as the sender domain in the email header.    HKCERT has learnt a lesson in hard way.




Posted by at 2 comments:

2013/01/17

Gmail over IPv6

An overseas network administrator contacted me to discuss the problem when conducting IPv6 email tests with Gmail.  Understandably, some administrators think that Google Gmail can help to test IPv6 email setup.   The fact is Gmail receives incoming emails from dual-stack mail servers based on the rule that v6 channel has priority over v4, but in sending out emails to dual-stack mail server, Gmail always selects the v4 path.  I also doubt if Gmail can send out to IPv6 only mail servers. In the past, my IT colleagues thought our dual-stack mail server was wrongly configured after testing with Gmail and  spent many hours of trouble-shooting with no clue of what happened.  In the end, it was Gmail that used its own means of v4/v6 path selection without adhering to the dual-stack rule.  I think this fact is now well-known to the IPv6 technical community. 
Posted by at 2 comments:

2013/01/14

Reverse lookup of a /64 prefix

Reverse lookup is necessary for IPv6 address assigned to SMTP Server otherwise the emails sent out will be treated as spam by other SMTP servers.  To this end, I have asked my serving ISP to dedicate the reverse lookup of  the prefix 2401:300:0:1::/64 to me.  The configuration at my side is tested ok and perfect.

[localhost ~]# dig -x 2401:300:0:1::8080

; <<>> DiG 9.5.2-RedHat-9.5.2-1.fc10 <<>> -x 2401:300:0:1::8080
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- 36584="36584" font="font" id:="id:" noerror="noerror" opcode:="opcode:" query="query" status:="status:">
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;0.8.0.8.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.0.0.0.0.0.3.0.1.0.4.2.ip6.arpa. IN PTR

;; ANSWER SECTION:
0.8.0.8.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.0.0.0.0.0.0.3.0.1.0.4.2.ip6.arpa. 86400IN PTR v6-mail.com.

;; AUTHORITY SECTION:
1.0.0.0.0.0.0.0.0.0.3.0.1.0.4.2.ip6.arpa. 86400 IN NS ns2.i3way.net.
1.0.0.0.0.0.0.0.0.0.3.0.1.0.4.2.ip6.arpa. 86400 IN NS ns1.i3way.net.

;; ADDITIONAL SECTION:
ns1.i3way.net.          3600    IN      A       202.81.252.116
ns1.i3way.net.          3600    IN      AAAA    2401:300:0:1::8080
ns2.i3way.net.          3600    IN      A       202.81.252.117
ns2.i3way.net.          3600    IN      AAAA    2001:470:18:16c::2

;; Query time: 1 msec
;; SERVER: 202.81.252.116#53(202.81.252.116)
;; WHEN: Mon Jan 14 09:07:46 2013
;; MSG SIZE  rcvd: 248

Posted by at No comments:

2013/01/12

Bank's e-statement should not be attached with email

Shame on Citibank.  It violated the security practice promulgated by the banking authority in HK.  Over the past 12 months, I found that Citibank attached a monthly e-statement pdf to me via email though the attached pdf was password protected.  Fraudsters can disguise themselves as a bank and attach malicious code in pdf.  The chance of success is high as e-statements are so important that target recipients will open and read them to see how much they need to pay.  As far as I know, other banks just alert their users that e-statements are ready online without providing any clickable links in the email.  Until today, Citibank notified me about a new arrangement of no more e-statement attachment.  Unfortunately, Citibank did not offer apology to its customers for ignoring this important security matter previously.
Posted by at 3 comments:
Subscribe to: Comments (Atom)