iptables flush and ssh

Fun lesson from today: don’t blindly clear/flush your iptables.

If you are remotely managing a system, then make sure you run this:

sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT

before you run this:

sudo iptables -F

It turns out there are people who will write default block (“policy DROP”) style rules (instead of the using a default “policy ACCEPT” and ending with REJECTs/DROPs at the end that match everything). If the default policy is not ACCEPT, then clearing the rules will immediately remove your ssh access to the machine.

The lack of a default “policy REJECT” is one reason you will see more “policy ACCEPT” – because then, at the end, you can choose between REJECT or DROP. If you write your rules “in the other direction”, you loose the flexibility to choose – you must DROP. There are numerous posts on why DROP is not necessarily better than REJECT. (“Attackers don’t really feel any pain with DROP, but your legitimate users sure do”.)

Posted in Software Engineering, Ubuntu | Comments Off on iptables flush and ssh

Kids Game Build

The goal of this machine was to replace the highly unreliable kids computer (Portable Power Build). First the GPU went, then the HDD started showing errors. Finally the MB voltage started to act up. The net result was that the computer was very unreliable and would just freeze, awaiting a hard reboot.

The goal was to be “reasonable yet not extravagant”.

Some facts on the CPU: the i5-6500 is currently #261 on PassMark [7,042] cpubenchmark.net. At a price of $204, it has a “value” rating of 34.3. It is the first 4-core not 8-core machine in a long time – for a gaming machine, the 4 extra cores don’t pay off. This is the first LGA 1151 CPU build. And along with it, the first DDR4 machine as well. Also a first is the USB-C connector on the motherboard.

All product links are from the actual vendor. Not all pieces were purchased in 2016.

Item Product Cost
CPU Intel Boxed Core I5-6500 FC-LGA14C 3.20 Ghz 6M Processor Cache LGA 1151 BX80662I56500 $204
RAM Corsair Vengeance LPX 16GB (2x8GB) DDR4 DRAM 3000MHz (PC4-24000) C15 Memory Kit – Black $74
Motherboard GIGABYTE GA-Z170XP-SLI LGA 1151 Z170 2-Way SLI UEFI DualBIOS ATX DDR4 ATX DDR4 $126
Power Supply Corsair CX Series, CX500 500 Watt (500W) Power Supply, 80+ Bronze Certified $53
Video Gigabyte GTX 750Ti GV-N75TOC2-2GI GTX 750 Ti GDDR5-2GB 2xHDMI OC Graphics Cards $105
Case Corsair Carbide Series 200R Compact ATX Case $58
SSD Drive Samsung 850 EVO 250GB 2.5-Inch SATA III Internal SSD (MZ-75E250B/AM) $117
HD Drive None
DVD/CD Samsung DVD Burner 24x SATA DVD+RW DVD-Writer Internal Optical Drive (SH-224FB/BSBE) $17
OS Microsoft Windows 10 Pro 64 Bit System Builder OEM | PC Disc $125
Total $879
Posted in Computer Builds, Core-i5 | Comments Off on Kids Game Build

Ubuntu 16.04 Vnc and VirtualBox Resolution

As posted for 14.04, here are the steps to getting a larger VNC connection to your Ubuntu 16.04 virtual machine:

Desktop Sharing

Desktop Sharing is back as an item in 16.04 desktop. Just bring up the search, type “Desktop Sharing”.

If for some reason you do not see it, type:
$ vino-preferences

Desktop Sharing Security

When your VNC client fails to connect with an error like “No matching security types” or “No security type suitable for RFB 3.3 supported” (or if you see a log line from vino-server like “Advertising security type 18”) then type:

$ gsettings set org.gnome.Vino require-encryption false

Then connect again with your VNC viewer. No restart or logout required.

Higher Resolution – a little

To get to a decent 1024×768, you can run xdiagnose:
$ sudo xdiagnose
In the dialog box, check all of the options under “Debug” : “Extra graphics debug messages”, “Display boot messages”, and “Enable automatic crash bug reporting”. Push “Apply” then “Close”.
Then, reboot
$ sudo /sbin/shutdown -r now
You can now choose 1024×768 under “Displays”

Higher Resolution – a lot

To get to higher resolutions (e.g. 1600×1200):
1) Insert the VBOX additions (from VirtualBox)
2) cd /media/$(id -nu)/VBOXADDITIONS*
3) sudo ./VBoxLinuxAdditions.run
4) sudo apt-get install virtualbox-guest-x11
and reboot again.
Now, the “Displays” settings window should allow choices from 2560×1600 to 800×600 for the VBX 0″ display.

Posted in Ubuntu | Comments Off on Ubuntu 16.04 Vnc and VirtualBox Resolution

Brother HL-2170W wifi

Having upgraded the wifi device, and changing the SSID and passphrase, the Brother HL-2170W printer needed to be updated.

First, the “easy button” just failed. Never worked. Which I recall happened the last time I set up this printer.

Next was the factory reset to get the wired interface to listen again – turn off power, hold “Go” button, turn on power, press “Go” button 7 times.

Then press “Go” 3 times to print the connection information – see page 3, “Network Configuration”, “IP Settings” – mine said “ (via DHCP)”.

Then, browse to that address, press “Network Configuration”, (default credentials are user/access and admin/access).

This is where the fun begins…

On the screen find the “* Configure Wireless” link. Press that.
Key Setting: Communication Mode = “1) Infastructure Mode” (do not use ad-hoc)
Setting: Authentication Method = “WPA/WPA2-PSK”
Key Setting: Encryption Mode = “AES”
Skip all the of WEP Key fields.
Setting: Passphrase = “<< enter your SSID password here >>”

Push submit. It says “data submitted”, then says “if ethernet cable plugged in, unplug it”. Unplug ethernet. Wait.

Finally, the printer will print 1 page of “NETWORK CONFIGURATION”.
Check the IP Address and make sure the “Link Status” says “Link OK”.

Browse to the wifi IP address. Confirm everything is working.

Posted in Uncategorized | Comments Off on Brother HL-2170W wifi

Ubuntu Compute and Storage Build

The goal of this machine was to replace the oldest active computer in the house. This old computer predates – by over three years – the first recorded entry on this blog for computer builds. (First build: core i7). This old computer was a combined “compute and storage” build – before I moved to dedicated compute and storage machines.

It’s main claim-to-fame is its case: a SuperMicro SC-743 4U case (now numbered as CSE-743T-665B) which sells for $320 today. Fifteen years ago it was around $200. It contains a row of 4 hot-swap high-speed fans in the middle of the case. This was the case right after my infamous “Just because a case has space for 6 hard drives, that doesn’t mean it has adequate cooling for 6 hard drives” coming of wisdom. Unfortunately, those fans howl like a jet engine, and it was time to replace it.

Some facts on the CPU: the i5-4690 is currently #191 on PassMark [7,623] cpubenchmark.net. At a price of $224, it has a “value” rating of 34.0. The Core i5-4590 has PassMark [7,224], for $180 and a “value” rating of 40.3, the highest “value” of all the i5s. Note that my “on sale” i5 was only $210. It is the 3rd fastest i5, the fastest is the #165, $320, i5-5675C@3.10GHz [8,106].

All product links are from the actual vendor.

Item Product Cost
CPU Intel Core i5-4690 Haswell Quad-Core 3.5Ghz Socket 1150 84W Intel Graphics 4600 $210
RAM G.SKILL Ripjaws X 16GB (2 x 8GB) 240-Pin DDR3 SDRAM PC3 1600 Desktop Memory Model F3-1600C9D-16GXM $80
Motherboard GIGABYTE GA-Z97N0D3G LGA 1150 Intel Z97 HDMI SATA 6Gb/s USB 3.0 Micro ATX $109
Power Supply Corsair CX750 750W 80 Plus Bronze certified, Haswell Ready $60
Video Intel HD Graphics, built in
Case Antec Three Hundred Two Gaming Case, Black $58
SSD Drive Samsung 840 Pro 256GB SATA III MZ-7PD256BW $170
HD Drive WD Black 1TB WD1003FZEX 7200 RPM 64MB cache SATA 6.0Gb/s $80
BD/DVD/CD Samsung DVD Burner 24x SATA Model SH-224BEBE $20
OS Ubuntu 14.04 64bit $0
Total $787
Posted in Computer Builds | Comments Off on Ubuntu Compute and Storage Build

Secret Share 1.4.2 on Maven Central

Secret Share in Java on Maven Central

Just completed a release of the Secret Share in Java project to Maven Central.

Search for it using search.maven.org.

GroupId: com.tiemens
ArtifactId: secretshare
Version: 1.4.2

This release features a “simplex” matrix solver implementation (Thanks to Pat J) that greatly speeds up the “combine” operation, and greatly increases the number of shares that can be handled.

Sonatype Notes:

First, run the “uploadArchives” target. Make sure all of the uploads report no error (e.g. “Transferring nnnK” matches “Uploaded nnnK”.

Second, go to the sonatype console at https://oss.sonatype.org/#stagingRepositories
The Sonatype web interface continues to be “less than optimal”. First, if that link does not display the menu item “Build Promotion” on the left hand side, you must switch browsers (to IE).

Once you can see those menu items, select “Staging Repositories”, then enter the search string. If the result line does not have a “select check box” on the left hand side of the line, then you will need to find yet another browser (or you have entered your search in the wrong mode – you must be in “Staging Repositories”, not the generic search). Once you can see that check box, select it, and details will appear in the window below. In addition, the button row, starting with “Refresh”, will now show a “Close” button. Push it. Wait a minute, navigate away from the page and then back, and when you select it it will show a “Release” button. Push that.

Posted in Software Project | Comments Off on Secret Share 1.4.2 on Maven Central

Stealth Updates and Unstable LSI Drivers

(Just FYI to everyone out there, since this is not easy to find right now.)

If you’re seeing this message:

mpt2sas0: log_info (0x31080000): original (PL), code (0x08), sub_code (0x0000)

Then you need to visit http://mycusthelp.info/LSI/_cs/AnswerDetail.aspx?&inc=8484

The short answer: Avago Tech (which acquired LSI in 2014) performed a stealth update to the P20 driver .zip artifacts on 21-MAY-2015. Re-download the P20 .zip that contains the firmware (the xxxx_P20_IR_IT_Firmware_BIOS_for_MSDOS_Windows downloads contain the firmware .bin file), and upgrade your LSI firmware to the version. Sadly, neither the .zip nor the .bin are named that way.

As related to the third item from , this is clearly a failure in dependency resolution, and why correctly labeling artifacts with versions is critical.

Posted in Ubuntu | Comments Off on Stealth Updates and Unstable LSI Drivers

Ubuntu 14.04 Unity 3D RAM

My AMD Server seemed to be running out of RAM this morning. Checking the processes, it appeared that Unity 3D was using approximately 18G/32G (i.e. with no virtual machines running, the OS was still using 18G). Why? I don’t know why Unity 3D freaked out, but ‘compiz’ was chewing up 1.5G all by itself. A quick check showed that Unity 2D is no longer available in Ubuntu 14.04.

So, I installed gnome-flashback-session.

After it was installed, and after the logout and login under Metacity, the baseline RAM footprint dropped to 1.5G total.

Posted in Ubuntu | Comments Off on Ubuntu 14.04 Unity 3D RAM

Freenas Backup Machine

The goal of this machine was to be a “small, inexpensive, bring your own HDs, standalone backup solution”.

For these purposes, that meant using a small case that still had at least 2 internal 3.5″ bays.

For Freenas, was the latest version where the .img file was available. 9.3 is available, but only as an .iso file. Another item of note when using the .img on a USB drive: booting the first time, it will appear to hang after showing “waiting up to 5 seconds for ixdiagnose to finish”. It isn’t stuck – it is just resizing your filesystem on the USB. It took mine about 9 minutes to finish this step. After the first boot completes this step, it does not stall there ever again.

Some facts on the CPU: it is currently #471 on PassMark [3,777] cpubenchmark.net. It has a “value” rating of 58.7. Intel is producing so many clones of the Xeon E5, at so many different clock speeds, that the first sub-$1000 CPU is #28 (core-i7 5930K@3.50GHz, $580). The only core-i7 that is sub-$300 is the $299 i7 4790@3.6GHz at #58 with a score of 10,105, and a “value” of 32.4. It used to be fun to get a CPU in the top 50, but it looks like that will never happen again.

All product links are from the actual vendor.

Item Product Cost
CPU Intel Pentium G3450 Haswell Dual-Core 3.4Ghz Socket 1150 53W $90
RAM Corsair Vengeance 4GB (1 x 4GB) 240-Pin DDR3 SDRAM DDR3 1600 Desktop Memory Model CMZ4GX3M1A1600C9 $44
Motherboard GIGABYTE GA-B85M-HD3 LGA 1150 Intel B85 HDMI SATA 6Gb/s USB 3.0 Micro ATX $71
Power Supply TFX 275W Power Supply, with case
Video Intel HD Graphics, built in
Case APEX DM-387 Black Steel Micro ATX Media Center / Slim HTPC Computer Case w/ ATX12V TFX 275W Power Supply $57
USB Drive Kingston Digital 8GB DataTraveler Micro USB 2.0 (DTMCK/8 GB) $6
HD Drive BYOD $50-$400
OS Freenas 64bit $0
Total $268 + drives
Posted in Computer Builds | Comments Off on Freenas Backup Machine

What is AngularJS – the key is client-side

After working with AngularJS for a couple of months now, I can finally express a concise answer to “What is AngularJS?”

It is:

  1. MVC where the model is on the client side
  2. MVC where the view is a template based in the .html, and is rendered on the client side
  3. MVC where the controller is “live” – changes to the model reflect in the template immediately

The key: “on the client side”. No more complicated mappings inside your .jsp from fields to Java objects, no more complicated mappings from “post actions” to specialized controllers that track the application state. No more painting the initial page one way with .jsp and then updates with AJAX. It replaces your .jsp template with more more natural .html with embedded template variables and controls, and keeps everything straight.

AngularJS throws in a couple of “neat tricks” – dependency injection, testability, separation of client-server, scope. But AngularJS’s two tag lines: “HTML enhanced for web apps” and “AngularJS — Superheroic JavaScript MVW Framework” — don’t provide much neither of which is very helpful.

AngularJS (or some other library that does MVC-client-side better, now that the secret is out of the bag) is the wave of the future. The productivity gains are incredible. It is literally easier to re-write your .jsp and implement that one new feature than it is just to extend your .jsp.

Posted in Software Engineering | Comments Off on What is AngularJS – the key is client-side