Friday, 25. July 2014 Week 30

Native IPv6

Yesterday I switched our DSL Link to green.ch. Now we not only have a higher bandwidth (thanks to VDSL) but also native IPv6 connectivity!
Especially nice is that it all works out of the box. After plugging in the pre-configured FritzBox, it automatically gets an IPv6 prefix via Prefix Delegation and announces it to the clients in the LAN.

08:05 [ aj @ actuarius : ~ ] % mtr -rc5 www.open.ch
Start: Fri Jul 25 08:06:42 2014
HOST: actuarius.fritz.box         Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- fritz.box                  0.0%     5    0.8   0.8   0.7   0.8   0.0
  2.|-- 2a01:2a8::121              0.0%     5    8.6   8.7   8.5   9.2   0.0
  3.|-- 2a01:2a8:0:5a::1           0.0%     5    8.4   8.2   8.0   8.4   0.0
  4.|-- 2a01:2a8:1:7::4            0.0%     5    8.1   8.6   8.1   9.6   0.0
  5.|-- 2a00:db0:9:a06::5          0.0%     5    8.8   8.6   8.3   8.8   0.0
  6.|-- www.open.ch                0.0%     5    8.9   8.7   8.6   8.9   0.0
Tuesday, 3. June 2014 Week 23

12 Years

12 years ago I started this weblog with a link to www.2advanced.com.
It's now 555 posts later and I think what is most unexpected (besides that this weblog is still existing 12 years later), is that this first link from my first post is still valid (and still pointing to some Flash-only website...).

So far this weblog has survived 2 different domains, 3 different servers, multiple versions of a self-made blogging-engine, about 6 different layout designs, a database-crash, recovery via archive.org and a migration to Jekyll.

No guarantee that it will last another 12 years, but for the meantime: Cheers, and enjoy the ride!

12 years, Cheers!

Wednesday, 28. May 2014 Week 22

It's alive!

Wandtelefon Modell 50 with SIP ATA

Wandtelefon Modell 50 from January 1970 now talks SIP (and it only took two converters, a bit of cable-fiddling and some luck :-)

Thursday, 22. May 2014 Week 21
Friday, 18. April 2014 Week 16

Load PKCS#8 SSH key files in Mac OS X 10.9

There is currently a bug in Mac OS X 10.9 which causes that ssh-add is no longer able to read SSH key files in PKCS#8 format.

Fortunately ssh-add still reads PKCS#8 keys when provided through STDIN and openssl is able to decrypt PKCS#8 keys.

Thus the following workaround so that PKCS#8 SSH keys can be loaded again:

openssl pkcs8 -in ~/.ssh/id_rsa | ssh-add -
Sunday, 23. March 2014 Week 12
Thursday, 13. February 2014 Week 7

Moving a KVM guest to another machine

  1. Properly shutdown the guest: 
    guest# poweroff
  2. Create an LVM volume of the same size on the new machine: 
    newmachine# lvcreate -L 120G -n myguest myvolgroup
  3. Copy the disk from the old machine over to the new one: 
    oldmachine# dd if=/dev/vg_foo/lv_bar | ssh newmachine dd of=/dev/volgroup/myguest
  4. Wait for the transfer to complete (on a 100Mbit/s connection it took about 3.5 hours to transfer the 120GB).
  5. Copy /etc/libvirt/qemu/myguest.xml from the old machine over to the new machine and adapt the LVM path for the disk.
  6. Reload the libvirt configuration: 
    newmachine# /etc/init.d/libvirt-bin reload
  7. Start up the guest on the new machine: 
    newmachine# virsh start myguest

Shrinking a LVM root partition

  1. Boot from a helper system and get a root shell (I used the rescue mode of the Debian installer)
  2. Check the filesystem of the partition to resize: 
    e2fsck -f /dev/vg_foo/lv_bar
  3. Resize the filesystem (make it a bit smaller than the target size, to have a safety margin when resizing the logical volume): 
    resize2fs /dev/vg_foo/lv_bar 180G
  4. Reduce size of the logical volume: 
    lvreduce -L 190G /dev/vg_foo/lv_bar
  5. Grow the filesystem to the new size of the logical volume: 
    resize2fs /dev/vg_foo/lv_bar
  6. For good measure run another filesystem check: 
    e2fsck -f /dev/vg_foo/lv_bar
Sunday, 19. January 2014 Week 3

Verify that an SSL certificate matches the private key

When renewing certificates it is a good idea to verify that the newly installed SSL certificate matches the newly installed private key (eg. to make sure no mixup between the new and old files occurred).
This can be done by comparing the modulus of the two files:

openssl x509 -in <certificatefile> -noout -modulus|sha1sum
openssl rsa -in <privatekeyfile> -noout -modulus|sha1sum
Sunday, 12. January 2014 Week 2

Sipura/Linksys/Cisco SPA901 Provisioning and Upgrade

Loading the configuration from http://config.server/configfile.xml (provisioning has to be enabled on the phone):

http://<PHONEIP>/admin/resync?http://config.server/configfile.xml

Upgrading the firmware with the image from http://upgrade.server/firmware.bin:

http://<PHONEIP>/upgrade?http://upgrade.server/firmware.bin