To avoid the timeconsuming manual configuration of a proxy server on all computers, phones and tablets, the proxy configuration can be provided automatically via DHCP by using WPAD.

For this setup, the following components are needed:

1. A DHCP server which announces DHCP option 252 with the URL of the PAC file (wpad.dat).
2. A webserver which serves the wpad.dat file
3. A wpad.dat PAC file where the Proxy IP is defined

On a MikroTik system, the DHCP server configuration looks like this:

/ip dhcp-server option
add code=252 name=local-pac-server value="http://192.168.0.2:80/wpad.dat\?"
/ip dhcp-server network
add address=192.168.0.0/24 dhcp-option=local-pac-server dns-server=192.168.0.1 gateway=192.168.0.1 netmask=24

Please note the trailing questionmark in the URL for the PAC file. This is a workaround for yet another occurrence of RFC nitpicking where some implementations might misinterpret the DHCP option and add an encoded NULL-byte character to the end of the URL when requesting the PAC file from the webserver.
With the questinmark at the end of the URL, any additional trailing NULL-byte character will be ignored by the webserver and the PAC file will be loaded just fine.

Following the example above, on the machine 192.168.0.2, we serve the following wpad.dat file:

function FindProxyForURL ( url, host ) {
	return "PROXY 1.2.3.4:8080; DIRECT";
}

With this setup, all systems will use the proxy at 1.2.3.4 and if the proxy is not available try to connect directly to the Internet.
While this is fine for a home network where the proxy is mostly used for adblocking, you probably want to remove the DIRECT part in an enterprise setup.

Thanks to the ngx_echo module, it is trivially easy to build a clone of the icanhazip.com service with nginx:

server {
	listen 80; 
	listen [::]:80;

	location / { 
		echo $remote_addr;
	}   
}

The Cisco WAP121 runs a Linux based firmware. This is how you get a Rootshell on it:

1. Login to the Web GUI of the WAP121 and enable the SSH management access
2. Login with SSH and enter this command: sh

This probably works with the Cisco WAP321 as well (I only tested with the WAP121).
Also when having still only the one 'cisco' user account configured you can directly get a Rootshell via SSH like this: ssh -l root@<WAP121 IP>

After the summer festivals of Sydney, now also the festivals in Switzerland start again.
First one this year: Artiphys 2012

While playing around with my Puppet configuration I discovered that the 'system facts' returned by the Facter helper tool were not consistent on my Debian boxes.

On some machines Facter properly reported all LSB related facts of the system, while on other machines it did not report any such information.
The problem occurred on about 50% of the hosts, so I excluded a bug introduced by manual over-tuning of the system configuration.

Further investigation showed that Facter uses the lsb_release command to collect the LSB information of the system.
On Debian this command is provided by the lsb-release package which was only installed on half of my systems...

Now my Puppet manifests include the following configuration directive which should prevent this problem in the future :-)

package { 'lsb-release':
	ensure => installed,
}

One advantage of being in Australia during the swiss winter is that you can go to music festivals in January! And so I did :-)

Last thursday I went to the Big Day Out festival in Sydney.
What is interesting compared to festivals in Europe is that in Australia the festival starts at 11 in the morning and ends at 11:45 in the evening, whereas in Switzerland festivals start around 5 in the afternoon and end around 5-6 in the morning.

I really liked the performances of Parkway Drive, Miss Kittin, Röyksopp, Bassnectar, Kasabian, Soundgarden and Regurgitator.
Also it was nice to catch a glimpse of The Jezabels, Hilltop Hoods, Kitty, Daisy & Lewis and the show of Kayne West.
A bit disapointing was the performance of Cavalera Conspiracy. They even had to fallback to popular Sepultura songs (Refuse/Resist, Roots Bloody Roots) in order to get the crowd moving. On the other hand it was lucky for me, so I got to see a live concert of Sepultura (performed by the founders of Sepultura!), something I didn't think I would ever see after Max Cavalera had left the band.
Unfortunately the last train back was before the end of the festival and so I did miss Nero.

Listening to Keren Ann is just perfect when you have to work on a rainy Sunday.
Thank you Metropop for showing me her music.

Yesterday after work we had some beers at The Local Taphouse (including some fine porter from BrewDog to increase my shareholder value) and then we went on to go out in some clubs, in shorts and flip-flops.
Astonishingly we had no problems getting inside, anywhere else in the world this would not be possible!

This morning then up again for some early surfing at Bondi before all the tourists arrive.
And now chilling in my Kammok under the trees in the frontyard :-)