Dirk-Jan’s blog

It took me some time to figure out how to get the wireless device of my Amilo Li 2727 working with Windows 7. For the ones who stumble across the same problem I have describe how to solve it.

1. Download the Windows XP Drivers For Amilo Li 2727 here
2. Extract the contents of the compressed file
3. Open ‘Control Panel’, click on ‘System’ and choose ‘Device Manager’
4. Open the ‘Action’ menu item and click on ‘Add legacy hardware’
5. Next -> Next -> Next and pick ‘Network Adapters’
6. Choose ‘Have disk’ and Navigate into the ‘04 WLAN’ directory
7. Select ‘Atheros AR5007EG Wireless Network Adapter’
8. Install the FSC Launchmanager from the ‘05 FSC_LaunchManager’ directory by executing the setup.exe
9. Reboot

Once you have rebooted you should have a working wireless device. To active the wireless device, you need to press the Fn+F1 button combination and choose WLAN. I can confirm this driver works on Windows 7.

Good luck!

This howto describes how to configure vsftpd to enable SSL using so called intermediate/ chaining certificates.

Edit vsftpd.conf so that SSL is enabled:

It is very important to construct the certificate file /usr/share/ssl/certs/vsftpd.pem with the correct certificate order. The fist Your certificate file has to be a .pem file. If you also received an Intermediate Certificate then you have to concatenate this with the Domain Certificate and your Private Key file into one single .pem file. Make sure all the information is included, without any spaces or blanks, see below.

This is how to check a SSL enabled FTP service (FTP Secure). See the result below:

This website was served by an old timer PC running on an Intel N440BX Server Board codename Nightshade. Despite being a rock solid system, it housed a dual Intel Pentium III 600Mhz processor configuration which did not meet today’s performance demands and energy consumption.
So I decided to build a new computer system that was a little bit faster and more energy efficient than it’s predecessor and thus environmentally friendly.

After doing some research I decided to go for the following setup:

• Antec NSK3480 MicroTower, EarthWatts 380 Watt PSU
• Intel Desktop board D945GCLF2, Atom 330
• Kingston ValueRam 2GB DDR2 533MHz C4
• 2 Western Digital AV-GP Green 1TB, 5400~7200rpm, 8MB, SATA2
• 2 Serial ATA II Cable, 0.75m
• Scythe Mini Kaze Ultra 40mm x 20mm

The Antec casing comes with an energy efficient PSU. It’s 80 PLUS® certified and is equipped with a built-in active PFC to make the PSU reduce electrical waste and protect the environment.

As some reviews at silentpcreview.com stated, the stock cooler on the chipset is not that quite as you would expect. I decided to replace the 40mm x 10mm stock cooler with the Scythe Mini Kaze Ultra 40mm x 20mm. Because the motherboard sits inside a MicroTower there was space enough to put the Mini Kaze Ultra on top of the heatsink as you can see on the pictures below.

As expected there’s nearly no noise coming from the system. The case itself is designed to do noise cancellation with it’s dual chamber structure, and the new cooler only whispers silently. Besides doing a nice quite job it also makes a difference at it’s cooling task. That’s because it’s 10mm higher then the stock cooler.

Temperatures with the stock cooler:

1. Chip Temp: +33.0°C
2. CPU Temp: +43.0°C
3. Sys Temp: +38.0°C

Temperatures with the Scythe Mini Kaze Ultra cooler:

1. Chip Temp: +31.0°C
2. CPU Temp: +41.0°C
3. Sys Temp: +36.0°C

I’ve planned to do an energy consumption test in the coming days.

Last weekend I installed the upgraded version of Leopard on my Mac mini. The installation went successfully but took a long time to complete. At first nothing seemed to be broken, but soon I discovered the loss of my NFS shares. So I started to look for the Directory Utility, because that was the tool I used for auto mounting my NFS shares in Leopard. After a little digging, I found out that I needed to re-add them using Disk Utility.

- Inside Disk Utility, click File then NFS Mounts..

So if you’re looking for your lost NFS shares you now know what to do.

Recently I have a personal certificate also known as a Digital ID on a smart card (Aladdin eToken) to access a secure web service. While installing the certificate I noticed it is also possible to use it to digitally sign and encrypt email with the same certificate, so I fired up Thunderbird and added the PCKS#11 security device to configure signing using S/MIME. See the steps below.

“PKCS#11 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules (HSM) and smart cards.” (Source: http://en.wikipedia.org/wiki/PKCS11)

I assume you already have installed the eToken software. In case you haven’t, take a look at this article I wrote earlier.

Open Thunderbird and go to Preferences -> Advanced -> Encryption -> Security Devices

Click on “Load” and enter a Module name or choose the default like I did, which is “New PKCS#11 Module” and browse for the ‘libeTPkcs11.so’ library. This file probably sits in ‘/usr/lib’ or ‘/usr/lib64′. Be sure to pick the right one, because you need the 64bit version if you’re using 64bit Firefox.

Open Account Settings -> Security

Select the certificate on your smart card you like to use.

Thunderbird and Firefox are not bundled with the needed CA’s to support GlobalSign PersonalSign Class 2 out-of-the-box. You have to Import the GlobalSign Primary Class 2 CA (http://secure.globalsign.net/cacert/PrimClass2.crt) and GlobalSign PersonalSign Class 2 CA (http://secure.globalsign.net/cacert/PersonalSignClass2.crt) to make it work in Thunderbird, otherwise you’ll notice you’re not able to send digitally signed email.

Using the wireless functionality of the Cisco 877W router I discovered that the wireless connection being disconnected en reconnected intermittently. At fist I thought it might be my Linux notebook doing wierd things, but as other wireless clients acting the same I suspected my new broadband router. Looking at the router log it appears that Cisco IOS reports “CCKM authentication failed”, in which CCKM stands for Cisco Centralized Key Management.

So I started searching the web for this particular error message. As I found out more people have reported it and some were suggesting raising the broadcast key change interval, but that didn’t work for me. Also downgrading the IOS software was mentioned, but hey I don’t like to downgrade so I upgraded to a more up to date IOS version and the problem seems to be fixed! The last two days since the upgrade there are no more annoying dis- and reconnects. It starting to look like Cisco has done a good job!

I did the upgrade from IOS version c870-advipservicesk9-mz.124-22.T.bin to c870-advipservicesk9-mz.124-24.T1.bin.

Beware of IOS version c870-advipservicesk9-mz.124-24.T.bin, this one seems to be unstable.

This will most certainly apply to the complete Cisco 870 series.

Lately I stumbled upon a extension for the well known media server Firefly called Fireplay. It’s a easy to use flash based music player interface for Firefly which uses RSP (Roku Server Protocol). The player is able to list playlists, artists, albums, genres and play selections. Because it’s a flash based player, you can use it everywhere you like.

It has features like download tracks, cover art, generate XSPF-playlists and more. The included documentation states that future features include playlist generation/editing, shuffle mode, and faster browsing.

The following section describes how to install Fireplay.

1. Download Fireplay mirror.

2. Copy the zip file to the admin-root directory of Firefly and extract the zip file which contains (four files). The example shows the path for Debian Linux.

3. Open the usual Firefly URL in your browser followed by the Fireplay page

It is necessary to enter the Firefly admin password, set in the FireFly configuration file (mt-daapd.conf).

It is also possible to serve FirePlay using a webserver like Apache.

Have fun playing songs!

Version 3 of the Simple Network Management Protocol (SNMP) is developed with as main purpose securing the insecure SNMP protocol. Since I needed to setup SNMP for a monitoring tool I decided to do it the secure way, which is SNMP v3. This article will describe how to configure SNMPv3 on a Cisco device using Cisco IOS, in my case a broadband router.

The first task is to login at the console as a privileged user and switch to configuration mode.

The next task is to define a view. To keep it simple, we’ll create a view that allows access to the entire internet subtree:

Next, create a group that uses the just created view. This command creates a group called readonly and v3 means that SNMPv3 should be used. The auth keyword specifies that the entity should authenticate packets without encrypting them. The read readview says that the view named readview should be used whenever members of the readonly group access the router.

The following command creates a user called snmpro, who belongs to the readonly group. auth md5 specifies that the router should use MD5 to authenticate the user (sha is also possible). The next item is the user’s password or passphrase, which is limited to 64 characters. The last item priv des56 specifies the encryption of the SNMP packets.

This configuration uses encryption to prevent passwords from being transferred in clear text and also encrypts the SNMP packets themselves, which may contain information that you don’t want available to the public.

End config mode with CNTL/Z or simple type ‘end’. And issue ‘write mem’ to save the current configuration to non-volatile memory to make this change permanent.

To verify if it’s working you can use snmpwalk. In the example below I use a Linux system to execute the snmpwalk command to request the system description (sysDescr.0) from a host called router.

As you can see the system description is returned successfully.