Snobby newspaper book reviewers.

faggingBananas is not a great newspaper reader, however once a week i do read the book reviews.  I don’t actually read most of it as i scan it as for most weeks there is usually nothing worth reading*.

I now seem to find most of the books i review here are from elsewhere.  Many of those are given a chance.  A week prior to this i was reading about a book and an author i had never heard of, it sounded interesting and i reserved it.   One week later and its in the newspaper.

Somehow either i can spot a zeitgeist or perhaps a mainstream reviewers too are spoon fed this ‘featured’ stuff.  It does make me wonder about it.

* imho

Going ‘green’ in networking and also ddwrt

are you shrek ?

are you shrek ?

The monkey house network stuff here is gradually being updated, poe has been swapped out (my blog), a router died which required a new one when it died one day for good and i got one with ddwrt as standard, and so i will be saying good bye to Linksys when the other dies [we have a public internet and a private lan].  I still have one linksys router – with non standard ddwrt, and here is the thing the model that replaces it from Belkin [the new owners] of linksys is apparently $ 300 usd – i can get a eco friendly non linksys unit with ddwrt for $50.   I don’t think an extra $250 is worth it and i will justify that later on.

New Linksys routers reviews [no i do not write then] are a terrible state of affairs with more bad ones than good ones and reports them turning into bricks within two days.  It depends on the experience of the user and that seems to be at the wrong end.  Not that i liked the stock firmware on the linksys routers which although work can be clunky.

ddwrt (my blog) is seen as non professional by some, but when a linksys unit costs more than a ‘professional’ sme Ubiquity router then i do wonder about the logic at Belkin.  The new bricks that power these new things are less hot so i assume not as wasteful and have eco features that seem to work, turning off wireless, and lights on a schedule.

The downside to the less waste heat is the room we keep this stuff in is very cold in the winter.

The trap in ddwrt is not the software but the idea that you need to spend large amounts of money to get a thing that it works on. A downside to ddwrt is no ipv6 support yet but as i cant get an ipv6* range with my good supplier – it is not a real concern although i would like to be able to**.   The progress might seem slow but it is happening fast and i am sure it is possible.

* rsn ** and a 6to4 translator

Arthur Schnitzer, dream story

is a book sans isbn, a newspaper giveaway and short at 98 pages, a third of those an introduction** and easily skipped. It became a film* which was more miss than hit.  I decided to have a go with the book that i could obtain from a library.

I can see how one led to another 2/5 bananas.

* i wont mention it though ** yawn

kde network manager goes ‘android’ ish

netmanI run debian testing and normally dont have many issues. It is a good barometer of how things usually end as in stable and so is worth the hassle.   It makes one think so i had a plan for this disaster (my blog) in stable when it hit.

Network manager in kde is a cause for concern. With a recent upgrade mobile networking and airplane mode means i manually have to click things to even write these, so it is a step back.  It seems that /etc/network/interfaces is a bit broken although i do have a huge load of bad udev messages with the latest kernel.

There are other network managers with a gui, which i don’t use on debian stable (my blog) but with a mobile look it might be time to think about something else to replace it.

Firefox client security sucks.

Arthur Scherbius

Arthur Scherbius

I bought cheap ssl (my blog) but was only getting 50% so i decide to delve into the innards of the security of firefox 28.  Which supports tls 1,2 if apparently configured to do so.

The beginnings of this can be traced to this (my blog) and i had little luck with firefox plugins.  So your on your own in about:config  Yes it does have a nice interface.  with ssl and tls searches.

The tls settings i think i know what it does – how that works in reality is a guess a site works in chrome, not in firefox.

In firefox i grep ssl and ‘false’ all 128 ciphers opposite of true and got 256 versions instead including at wordpress.  So the defaults are horridly accommodating to low standards.  It not been that long in the change so i might have to eat my words on this when interacting with the real world.

Should i have to do that than ssl and tls are truly fucked, fraked and beyond redemption as it is extremely unfriendly in the real world.

This is not a criticism of firefox, or ssl and the 128 bit ciphers of which some may have limitations,

Ciphers are interesting and who says secure is secure as time marches forward.

 

 

The inspire a sucide bomber tv channel

MohammadTurbanBombBananas was looking at some of the more lesser used features on a digital television receiver [essentially a a mux] that picks up the freeview* signal via an aerial  now i was able to finally ‘easily’ network it (my blog) without wds (my blog) and access the data channels whatever they be .

One of those is hilariously called ‘peace tv’ that only implies one thing (my blog). It has a ‘foreign’ feel to it for sure.

I also note that many of the other options simply don’t seem to work, and many that once where broadcasting have left the data bit.

I wonder who really pays the bills for peace tv, and how did the content get approved to be broadcast via televisions via freeview which implies some sort regulation.

The interface is slow and most of the content appears to be low rent subjects.

* free to air not is approved of by rupert murdoch (my blog) or your oligopoly cable provider [insert soviet russian joke about no choice here]

Your not supposed to use it

funOur zoo professsor’s replacement run about Renault (my blog) got a flat tyre* one day juts after a car service when it was raining as is the way.  So the next day when it did not rain it was time for him to use the spare unit that hangs on the bottom of the car at the back.

Being a not very simple job professsor explained to us over a banana that the parcel shelf, and two bits of carpet first had to be removed along with putting the back seats down to get that second bit of carpet out. That then gave access to the metal bit of the car and where the tools and the tyre release clip from the inside.

Then the release gave a good five minutes of fun as screws also had to be undone  and things turned and clicked.  Eventually gravity was defeated but the wire to the release clip remained took a bit head scratching but that was also figured out and the spare unit was free of obstructions.

The jack took time to place and locate (this is not a job to do in the rain) and the car was free of gravity.

Security bolts (a special tool) was needed, and then the four bolts that connect the tyre to the axle could be accessed.

Then the job was plain sailing, until the clip at the back was required to set back into the car.

A lot of mats where used and the only conclusion professor came to was that while the thing works it is certainly not a job that is easy or quick to do.  Mind you the wheel has still to be fixed, then replaced and the spare wheel put back from where it came before the carpet and shelves can be put back.

* the roads are in an awful condition, another tyre wheel had to be replaced as well between the schedule date.

Configuring ssl is not fun – even before heartbleed

frustratingBefore i start i have cheap ssl (my blog) which may or may not compromised to the nsa – of which they say ‘no’ by the ssl provider*  So much of the subsequent may be pointless.  The quays test on first install gave me a b several months ago , some work got me to a. and additional work months later got extra high scores in ‘failing’areas.

early issues i had with TLS-RSA-WITH-RC4-128-SHA**

Leading to a natural RC4 NOT DESIRABLE so its not all bad as beast is mitigated with tls. but its a vague field and while we all hear of perfect configs finding out how is a bit of a headache inducer.  Like i say i got an A but the config lines in ssl are not 100% my thing.  I am sure there is a way and i would like to have it.

I will nail it one day. After heartbleed patching I got an a+.  Which i like but you might think is grade inflation for doing nothing i did nnot have before.

ssl configuration is near voodoo, while i get good cipher strength getting a perfect 100% over four areas appears impossible for if you disable part that reflects upon others which is a conundrum – I need a newer apache version as well for some of those so it seems a compile is in order for fips and ocsp, assuming that is no compromises and the certificate in use can do stuff .  I use failtoban (my blog) and it appears while not a configuration means it might solve some of the possible issues like beast and rc4 issues.

ev1I see that others have issues to, an example is the extended certificates on wordpress looks good**** but it reports as 50% of the cert strength. See

ev2

Security might be great but how it is configured might mean that costly thing is not really doing much except security theater.

Proprietary also gets in on the act with spdy*** so the perfect config will be apples and oranges to another’s banana smoothie (my blog),

So does ssl mean security ? yes – well there is ssl and ssl configs and that is a an area when ssl means maybe it is and maybe it is not.  You experience might vary and as internet explorer**** is not being catered to with my chrome/firefox bias might mean no security at all for some.

checkIts a rabbit hole this one.  Buying expensive ssl certs is no measure of secuirty when the config it runs on gets an F.

I need ssl reconfigured and compiled to get ocsp and other features working, pfs seems to be a thing a few who actually figured out what to do – i am assuming i missing dns records but that is a guess.  I cannot disable tls 1.0  even though its thought to be compromised so perfect security is hard to achieve.

Then when you have a good config heartbeat (not my blog) comes along (test) and the fun begins again.

It is interesting although we all get the probers seeking the holes.

*  being patriots, or targeted data collection with or without others knowledge. ** something which Microsoft seems guilty of liking. *** eg google, i tried spdy and had no success with ssl until i removed spdy from the web server.. Chrome [open source] i liked ****

Bob Parsons who shot an elephant in Zimbabwe

Bob Parsons who shot an elephant in Zimbabwe

I am sure Bob Parsons (my blog) would willingly give the master password and oral sex to the nsa after all he is a ‘patriot’.  So the merits of using godaddy as a supplier seems a discussion worth having. **** It has weakened security