Tuesday, December 29, 2009

[books] ragamuffin

I'd heard about Tobias Buckell when he showed up on Dead Robots Society to do a podcast episode, and from the interview he sounded like exactly the kind of creative little monkey that makes stuff I like reading about. He'd mentioned a couple of his books, but the one that stuck out in my mind was "Ragamuffin".

As a result, that was the first I ended up snagging after I got my Kindle online.

It turns out that this is book two in a series that has 3 entries so far ("Crystal Rain" being the first, and "Sly Mongoose" being third) which means I've once again been introduced to a universe in the middle of the story. But the way the book is structured, you're eased into the history of the universe while being started off with some pretty brutal action in the story. I also really enjoyed the pace of the story and found it to be pretty well crafted overall.

I'd highly recommend this book, and have already snagged the other two in the series.

now with 20% more kindle flavor

I scored a Kindle for Christmas, and have been busy catching up on a bunch of reading that I have neglected. Most of it is sci-fi stuff so far, but I'm also planning on ganking stuff from Project Gutenberg (as in "printing press", not "Police Academy") and some other interesting/educational texts.

The big hassle is that the Kindle's PDF reader is kind of limited. Specifically, it can't resize fonts at all, which makes reading some of the books I've got rather difficult. I've snagged Mobikit's Creator Publisher version and managed to convert both The US Army Ranger Handbook and all 24 of the NEETS modules into kindle format. Conversion seems to do great for text, but messes up formatting of stuff like tables and the placement of artwork.

Pretty slick stuff so far. Amazon did a good job of integrating their store with it and making it easy to acquire content.

Tuesday, December 15, 2009


Ok, so mentioned it briefly in another vanity tool that allows self-promotion 140 characters at a time, but I didn't get around to writing up anything on it here. Time to fix that.

At my orc place, we recently had a few folks move to Windows Vista (now 7) desktops at home. This was ok, until they attempted to connect to the VPN only to discover that it no longer worked. The problem is that Microsoft removed support for the MS-CHAPv1 protocol and only MS-CHAPv2 is available, but the VPN appliance we were using doesn't speak MS-CHAPv2. One option was to setup L2TP on the appliance, but that ended up being all kinds of fail due to some funky routing stuff that had to be preserved and was beyond my capabilities (the best I can do is smash the device with a hammer and swear a blood oath to track down all those responsible for producing it).

So. Fsck it all to hell. We started looking at Linux based solutions that could handle L2TP, and that's when I stumbled across OpenVPN (which supports Mac/Win/Lin). Easy enough to setup, but at the last minute got the added constraint that the solution should be generic enough that someone else could manage it (ie, the company could find a networking monkey to come in and make sense of it).

While getting ready to install it on an Ubuntu box, I noticed that they had "ebox-openvpn" and did some digging on that.

It turns out the eBox is one of those "appliance distros". It's based on ubuntu, and comes with a web config utility which seemed to satisfy the "normal people can use it" requirement. We ended up just downloading the distro that eBox offers up on their website and installing that without any major hassles.

eBox is actually a pretty cool little distro you should check out if you need a small intranet server for a hub office or a small, decentralized startup. It comes with not only a well laid out iptables system and OpenVPN, but also includes stuff like a mail virus/spam filter, file server, and ability to do the BC thing for active directory with samba/kerberos/ldap. Handiest of all, though, is that it's got a certificate management system that lets you setup your CA, and issue X.509 certs pretty easily.

There are some rough edges, though. Because it's an appliance distro, it's guilty of the same thing stuff like Plesk is guilty of. It considers its own internal database to be authoritative for all configurations on the system: if you hack a config file by hand, prepare for the changes to get blown away when the service or server is next restarted. That wouldn't be a problem, except for the fact that the web interface is by no means comprehensive when it comes to configuring the services. For example, we needed to add in some extra options to OpenVPN to tell it to force the client to set default route to the VPN, who the WINS and DNS servers, etc... fairly straightforward to do in the openvpn.conf, but there wasn't anyway to set those in eBox. Finally, my last gripe is that you have to "save" all changes before you can exit a config screen. This makes mass tweaking of the interface kind of tedious and slow going.

There was also a problem with the client openvpn package that ebox generated for us. The zip file had the right certificate, but the client didn't work. We ended up having to replace it with the .exe directly from openvpn's site.

As for solving the original problem, I'd suggest just nutting it up and learning how to deal with openvpn through it's config file. The config is actually pretty straightforward (and short). The main reason we decided to keep eBox installed and in place, however, was because of the certificate management feature and because we didn't want to spend anymore time re-installing a distro onto the server.

I'm not sure I'd recommend eBox for a large, more established network, but it definitely seems like the way to go if you need to get a small shop up and online in a couple of hours.