This blog can and probably will contain items of a semi-adult nature. While I don't post graphic images or porn, I do talk about issues relating to being in the LGBT community, as well as frank discussions about my views on life. I also talk about subjects that offend the religious right - such as tolerance, understanding, atheism, and being true to yourself.
If you are under age 18 in the USA, then you probably shouldn't be here. The laws vary from country to country, but as a good rule of thumb, if you are not considered a consenting adult in your country, then you are probably too young to be here. A nice alternative would be Scarleteen, a highly recommended site for teens dealing with sex education
Sunday, January 25. 2015
NTP Not Working On Linux? Check your iptables/netfilter rules.
Time to time, it's easy to get a little overly aggressive with firewall rules and lock down a service that your system depends on to function. NTP is one of those services which can be a pain to get working right through an aggressive firewall.
There are a few options when it comes to allowing NTP traffic, depending on the type of setup you are running, and if you are using a stateful firewall (aka connection tracking).
If you are running the standard ntpd daemon or ntpdate and no connection tracking/stateful firewalling...
iptables -A INPUT -p udp --sport 123 --dport 123 <optional: -s IP_Addr_Of_NTP_Server> -j ACCEPT iptables -A OUTPUT -p udp --sport 123 --dport 123 <optional: -d IP_Addr_Of_NTP_Server> -j ACCEPT
(note that the above, without the -s flag on INPUT, will allow anyone to query your NTP server unless you specifically refused them in ntpd.conf)
If you are running the standard ntpd daemon or ntpdate with connection tracking/stateful firewalling...
iptables -A OUTPUT -p udp --dport 123 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p udp --sport 123 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
As you can see, when using conntrack, it is much easier to control access, as the firewall can keep track of packets in and out, and will allow the return packets as appropriate. If you want to allow incoming NTP connections from people, then add NEW to the ctstate.
Friday, June 14. 2013
Fixing Wifi Isses On Some Macs - 10.8.x (including 10.8.4)
Ever since 10.8.x came out, some people (including myself) have had major issues with Wifi on our Macs. The problem has existed since 10.8.0 and still exists in 10.8.4. Over time (sometimes within 10 mins), the Wifi transmission speed will gradually drop down to 2-4, and transfer speeds will drop accordingly, and not recover without a reboot.
The following conditions seem to cause this bug:
- 802.11n (either 2.4ghz or 5ghz) wifi connection (does not seem to affect 802.11a/b/g)
- Large transfers such as Time Machine backups, AFP/SMB file sharing
- Confirmed some models of MBP 2007 15" (MacBookPro3,1), and some late models of MBP Unibody 2011 15"
- Happens on Apple Airport Extreme (any generation) or 3rd party APs
Rebooting fixes the problem for a while, until the large file transfer happens again.
From 10.8.0 till 10.8.3, the fix was to take 10.6.8 or 10.7.3 IO80211Family.kext files and swap it in. The connection issue would go away and performance would be snappy and quick like it was in 10.6 and 10.7.
In 10.8.4, Apple made some changes for various reasons, which ended up breaking Wifi pretty badly if you tried the kext swap.
I needed to fix the problem since I couldn't back out to 10.8.3. I spent a few hours rummaging around through OS X's guts, swapping out files, changing settings, messing with permissions. I discovered that the problem was related to changes with /usr/libexec/airportd. Swapping the 10.8.4 airportd back to the one included in 10.8.3 restored Wifi.
I did a posting here on Apple's support forums detailing my part of the fix that makes the kext swap work again. Unfortunately, took a little while for people to realize what I was talking about. But, once they did, and tried my fix, I was getting positive feedback.
I've made a zip file of everything users who are suffering from Wifi problems need in order to get back up and working. You can get it here. It includes the 10.6.8 and 10.7.3 IO80211Family.kext files, as well as the kext utility you need to install them, and the 10.8.3 airportd binary that you can use to replace the 10.8.4 one.
Friday, January 11. 2013
A Thought On Blaming Gun Violence On Video Games
So, if people are willing to blame video games for causing violence, I have a great idea as well!
If you are going to claim that impressionable minds are going to imitate video games and go out and kill people, why aren't we putting forth a proposal to ban and burn the bible?
Thursday, December 27. 2012
Got the Ubiquiti EdgeRouter Lite Yesterday
Been a while since I last posted, but figured I'd share that I got our EdgeRouter Lite yesterday. Some high res pics for your enjoyment.
Friday, November 18. 2011
How not to request a whitelisting in the AHBL, part 2
Apparently, me berating Orange.fr/Orange.com last year about bulk mailing DNSbl maintainers fell on deaf ears.
Hint: this is a good way to piss me off, and have the exact opposite effect than desired.
Delivery-date: Fri, 18 Nov 2011 08:06:27 -0700 From: <mathieu.girol@orange.com> Date: Fri, 18 Nov 2011 16:05:56 +0100 Subject: New IP for SMTP transaction Message-ID: <14231_1321628758_4EC67455_14231_3310_1_FFFC8BE2ADAABA48B51B0C1C6E11EBBC264DCA5093@PMEXCB1D.intranet-paris.francetelecom.fr> To: undisclosed-recipients:; Hello, I am in charge of managing the France Telecom Email platform. I would like to inform you that we have some new IPs opening SMTP transaction. Here the list of the new IPs with there reverse DNS: IP Reverse 80.12.242.29 smtpout1.wanadoo.co.uk 80.12.242.42 smtpout2.wanadoo.co.uk 80.12.242.59 smtpout3.wanadoo.co.uk 80.12.242.68 smtpout4.wanadoo.co.uk 80.12.242.80 smtpout5.wanadoo.co.uk 80.12.242.81 smtpout6.wanadoo.co.uk 193.252.23.158 msa1.wanadoo.co.uk 193.252.23.159 msa2.wanadoo.co.uk 193.252.23.168 msa3.wanadoo.co.uk 193.252.23.169 msa4.wanadoo.co.uk 193.252.22.95 sout1.wanadoo.co.uk 193.252.22.102 sout2.wanadoo.co.uk 193.252.22.226 sout3.wanadoo.co.uk 193.252.22.253 sout4.wanadoo.co.uk 193.252.22.125 smtpout1.voila.fr 193.252.23.185 msa1.voila.fr 193.252.22.245 sout1.voila.fr 193.252.23.7 smtpout1.orange.ne 193.252.23.8 smtpout1.orange.co.ke 193.252.22.176 smtpout1.orange.jo 193.252.23.9 smtpout1.orangemail.cm 193.252.23.10 smtpout1.orangemail.co.bw 193.252.23.11 smtpout1.orangemail.ro 193.252.23.12 smtpout1.orange.ug 193.252.23.2 smtpout1.orangemail.ch 193.252.23.150 msa1.orange.ne 193.252.23.151 msa1.orange.co.ke 193.252.23.152 msa1.orange.jo 193.252.23.153 msa1.orangemail.cm 193.252.23.154 msa1.orangemail.co.bw 193.252.23.155 msa1.orangemail.ro 193.252.23.173 msa1.orange.ug 193.252.23.184 msa1.orangemail.ch 193.252.22.227 sout1.orange.ne 193.252.22.230 sout1.orange.co.ke 193.252.22.233 sout1.orange.jo 193.252.22.234 sout1.orangemail.cm 193.252.22.238 sout1.orangemail.co.bw 193.252.22.239 sout1.orangemail.ro 193.252.22.240 sout1.orange.ug 193.252.22.244 sout1.orangemail.ch Thank you to take into account these new IPs. Regards, Mathieu Girol Responsable s=E9curit=E9 de la messagerie =E9lectronique FT/OLNC/DPS/MSE/MIQ T=E9l : 01 57 36 09 94
