Known Element Enterprises Corporate Blog

I notice when adding a vlan you do get some packet loss:

I presume this is due to the filters being reloaded by PF.
From 10.10.4.1 icmp_seq=2268 Destination Host Unreachable
From 10.10.4.1 icmp_seq=2269 Destination Host Unreachable
From 10.10.4.1 icmp_seq=2270 Destination Host Unreachable
From 10.10.4.1 icmp_seq=2271 Destination Host Unreachable
From 10.10.4.1 icmp_seq=2272 Destination Host Unreachable
From 10.10.4.1 icmp_seq=2273 Destination Host Unreachable
From 10.10.4.1 icmp_seq=2274 Destination Host Unreachable
From 10.10.4.1 icmp_seq=2275 Destination Host Unreachable
From 151.164.186.33 icmp_seq=2276 Packet filtered
From 151.164.186.33 icmp_seq=2277 Packet filtered

64 bytes from 4.2.2.1: icmp_seq=2278 ttl=57 time=42.7 ms
64 bytes from 4.2.2.1: icmp_seq=2279 ttl=57 time=43.3 ms
64 bytes from 4.2.2.1: icmp_seq=2280 ttl=57 time=43.8 ms

Now that I am consulting I have a much more flexible schedule. I’m using this new schedule to build out socalwifi.net. I’m starting by making a number of optimizations to my production network. A lot of what I am doing will be utilized by socalwifi.net and layer8 (my R&D network). This includes things like monitoring, backups, security etc. Essentially I’m building a shared services infrastructure. I’m in the process of providing detailed documentation for this infrastructure (production network/server/vm/services setup)  at  http://wiki.knownelement.com/index.php/Data_Ownership

1. Host my own DNS server for my various domains. Currently using domainsite.com as registrar and DNS, want to control my own DNS. (Thursday Sep 2nd)

2. automated local and offsite backups working with drive rotation, encryption, retention and reporting. Using s3 for off site storage and rotating 1tb drives for local storage. (Thursday Sep 2nd)

Here are the steps I have to build an open source one time password system.

1. Setup everything on my network that takes a password (workstations/network gear/wpa/www apps etc) to talk to Active Directory. This way I will have a centralized auth store with policy control etc.

What do I have that is capable of talking to AD?

All Linux boxes (use AD for login)

Web apps (most support it directly, some I just used the kerberos module and pam auth (can’t remember exact details. will link when I find them again)

Cisco gear

Wireless access (wpa2 enterprise)

I realize Active Directory isn’t open source. At a later time I’ll figure out how to do this with LDAP/Kerberos/FreeRADIUS. One howto for FreeRADIUS/LDAP and cisco gear is at

http://jenniferhuber.blogspot.com/2010/07/using-open-source-radius-server-in-your.html

2. Setup a one time password system. This needs to support blackberry/android/apple devices.

So far I’ve discovered http://en.wikipedia.org/wiki/HOTP which seems to be a near universal requirement.

I’ve found http://wikid.com/ and http://www.rcdevs.com/products/openotp/ so far.

3. Deploy WPA enterprise utilizing one time passwords.

4. Deploy an IPSEC VPN with one time passwords.

Feel free to comment on any cool solutions you know about.

Moved to http://wiki.knownelement.com/index.php/Network_Stuff#WAN_Plan

Moved to http://wiki.knownelement.com/index.php/Data_Ownership#Step_3:_Assemble_the_infrastructure_for_hosting

As my readers know I’ve been working on data ownership for some time. I have reduced that concept to practice with great success. You can peruse my data ownership wiki page for infrastructure and software details.

I have moved a substantial portion of my data to a server under my control. This includes e-mails, wiki, documents, pictures etc.

I access my server via

1. Laptop running Ubuntu 10.04 with an NFS mount to my server. This allows for easy access to all of my data. My laptop is the single computer that I use. I use it for extensive content creation. Everything from writing code  and managing systems to mindmapping and knowledge management.
2. Blackberry (I pretty much live in my e-mail). I also use the blackberry browser for quick browsing sessions. It’s not as good as the laptop or Ipod touch browser but it works anywhere I have cell coverage. I also use my Blackberry to tether my laptop which allows me to access my data pretty much anywhere. The overwhelming majority of my data manipulation activities are via firefox on my laptop.
3. Jailbroken Ipod Touch (love using the browser for quickly consuming content and not needing to fire up my laptop). I also use this to consume music, videos and documents. (AirSharing is an awesome app).

So 3 devices, each with their own usage profile, all consuming data from my central server.  The laptop/blackberry is where I spend 85% to 90% of my time. The Ipod Touch is used while in transit. It’s awesome for the daily commute.

I’m very happy having the vast majority of my data under my full control. I hope others join me on this journey.

Recently I’ve decided to tackle a project in the parallel programming space, as a result of a conversation I had after the SGVLUG meeting this last Thursday.

It’s in the early stages yet. I am seeking subject matter experts in the following areas:

1. Seeking experts in llvm, grand central, protocol buffers, ptherads, boinc/gearman/<pick a distributed router type system>
2. Oh also need people who have implemented domain specific languages.
3. Also looking for people who have experience accelerating extract transform load workloads with parellel programming methods.

4. Oh yes, if you have 100 or mor hours working experience with opencl, I’m most interested in hearing from you.

5. Bonus points to folks who have educated guesses about what I’m trying to do. please reply privately.

6. By expert I mean you enjoy writing parsers by hand in ir. (If you have to google ir, don’t bother applying).

7. Do you consider stuff like porting pthreads from UNIX to Windows fun?
   

So that’s about it for now. More as it develops.

Last Saturday (February 27th 2010) I was out with my good friends @MikeFedyk and @k1059. We were seeking thermal paste so @MikeFedyk could rebuild his laptop.

We hit up three local computer stores and came up empty.There is actually 4, but we decided to not go to the one located at Santa Anita and the 10 freeway across from the 711. They had already been ruled out, as they didn’t even know what a micro sd card was. They wanted to sell @k1059 a regular SD card. Even BestBuy sales folks know the difference (of course there are certain stand out experts like my good friend @goodguymafia). I mean come on really?

Discovery 1:

We were surprised that El Monte had 3 computer stores. Before Saturday, I was only aware of two (the previously mentioned one that was full of fail, and the one near the Metrolink station).The third one is near the Valley Mall. Don’t recall exact location at the moment.  They are all essentially holes in the wall that do basic repair and light sales. We got the paste from the local radioshack.

Discovery 2:

The AT&T CO in town is two buildings. A single story structure that shares a lot with the Metrolink station, and a multi story structure across from the Chase branch. The multi story structure has doors on each floor and a bar that comes out from the side of the building. 5,000 lbs capacity.

Discovery 3:

We found fiber at Tyler and Amador ST. Right near a Service Area Interface box.

More details later, including pictures and details on a fiber deployment in town.

I use a combination of 4 tools to manage my life:

1) Redmine (numerous projects. every desired action item is captured here)

2) iTouch notes. I have a todo for this week note and todo next week note. The touch is always with me, and I capture things there before moving them to redmine if I’m not on a wifi connection. I also capture things like grocery list, errands etc. Things that don’t need to be tracked beyond doing them.

I also have a note title hot sheet, and I take random notes here.

3)Blog posts. I post high level thoughts about what I want to get done that month.

4)@ai folder in my e-mail. Things that come in via e-mail that need a response via e-mail. I have two @ai folders. One off my main inbox and one off my jobs folder.

That’s about it. Pretty simple and straight forward. It works for me.