Software

There's some major changes and updates coming to Firewall/SOSDG 0.9.4.  I've been changing code and adding functions, trying to simplify how things are laid out.  I'm hoping over the next month or two to get the code up to production status (1.0 would be nice).

Just a quick note to everyone, version 0.9.3 of Firewall/SOSDG has been released.  This update features a new ability to create files with custom commands to inject at specific places during the file loading.  I've also tweaked the coloring of the output a bit prettier.

Recently on the NANOG list, there was discussion going on about IPv6 and e-mail, and it slightly diverged into SMTP TLS.  After some off-list discussion about SMTP level security and what a Debian system will do on a default install, I've made some observations I'd like to share.

• The default install of Debian unstable with EXIM4 will have TLS support enabled by default thanks to the options in /etc/exim4/conf.d/main - its not the most optimal setup, but it will work for basic TLS support.
• SMTP TLS security can't really easily be compared to HTTP SSL/TLS security.  When you browse to a HTTPS website, its an entirely interactive process, which gives you a chance to see the certificate in question and respond.  In an SMTP TLS session, its done entirely by the MTA in an automated matter
• Depending on TLS to give security, authentication, and reliability to SMTP is a long, and probably fruitless process.  Unless you are going to refuse connections to every server which you can't verify their certificate or which doesn't have a certificate, you aren't really solving anything.  In tests, I've yet to have a system refuse to talk to my SMTP server because its using a self signed certificate.
• TLS will provide wire level security when talking to another mail server - however, your message will most likely be stored plain text on the sending server, receiving server, and places in between, including the MUA, completely defeating the purpose of keeping the contents of the message secret.  PGP/GPG is the proper answer to the message security issue.

Given how easy its been for people in the past to get valid but fake certs from Verisign and similar companies, is dependng on TLS/SSL certificates to guarantee the identity of the person you are communicating with really such a great idea?

So, I've been thinking about this for a while...  I really would like a upnp option for cisco, but what about a workaround?

My idea is simple:

A daemon that sits on a linux box or something similar, pretends to be a upnp IGD, and sends console commands to create/delete ports on the actual Cisco device?

Yeah, kinda ugly, but I've seen worse.  Anyone got any ideas on how to do this, or how feasable this may be?

Found this great little how-to here (and the vista SP1 update here) on how to enable RDP in Windows Vista. 

Found this great little bit of information over here about how to enable concurrent users in XP SP3.

It's been 6+ months since I acquired a laptop with Windows Vista.  It's been a rather interesting journey, and anything but an easy one.

Hardware Issues

• Visioneer Onetouch 7100 and 8100 series scanners do not work - at all.  I have one of each, and Visioneer's solution to the problem is give them your old scanner and they'll give you a slight discount on a new one.  I ended up fixing this problem by loading up an old version of Windows in a VMware session and using USB pass-through.  The trick on this forum posting did not work.
• Nokia DKU-5 data cable does not work.  This makes it nearly impossible for me to sync my Nokia 6820 phone to my computer's address book.  Bluetooth is great...  If you have it built into your laptop (which I don't).
• Dell AIO 962 does not work properly when conntacted to a Windows XP box on the LAN and shared to the Vista machine.  I'm still not quite sure why, though I'm guessing it has something to do with the custom printer interface it uses. 
• Laptop can not run XP reliably.  The Nforce 630m / Geforce 7150m chipset is pretty much made for Vista, and throws a shit fit under XP.  Various things don't work right, from the built in ethernet to the display screen scaling.
• USB streaming from older Digital8 Sony Handycam does not work - at all.  Firewire/DV streaming does work however, and fairly well at that.
• USB internet tether on Blackberry Curve 8300 is flakey, and rarely works right.  Hangs at Verifying Username And Password...
• WiFi is a hit or miss sometimes.  There are times where I will go 3-4 weeks with no problems connecting to known good and working APs.  Then there are the days where I have to uninstall the WLAN card and redetect it before I can get connected.

Software Issues

• Games crash.  Constantly.  AirRivals is a perfect example of this.  Around 30% of the time, the game will hang during map loading.  PerfectWorld seems to work though, if not slightly sluggish.  I can't play Myst either, at all.
• On close, many apps crash.  It doesn't happen all the time, but it is kinda common (and annoying).
• Have to turn off UAC or everything that wasn't made strictly for Vista has permission problems.  This was a major problem early on with Cygwin, and it fouled up many builds of ClamAV/SOSDG.
• Quirks with simple and well programmed applications, such as XNews (which exhibits an annoying 'ding' noise on any clicking). 
• Yahoo Messenger somehow keeps turning on window animation even after I explicitly turn it off.
• Local search interface that is nothing short of annoying, with no way to revert it to XP style searching.  Locate32 is a good alternative.
• File copying is insanely slow, esp. over a network.  Terracopy is a great alternative and highly recommended.
• Slow startup and shutdown times.  I can sorta understand slow startup...  But why the hell would shutdown need to take 2-3 minutes?