Search
Linkdump
» Belkin WeMo
This kind of looks like the future of home automation.
Belkin WeMo
Nice feature overview
here.
X10 is cool but complicated; whereas this looks cool and simple.
» Bookcrossing
A friend pointed me at
Bookcrossing.
Seems like a great way to redistribute your old books and having some fun doing it.
The basic idea - label your old books with a unique identifier, then drop them off wherever you like. Log the 'drop' on the
Bookcrossing website for someone to pick up. If they log the collection you can track who and where the book goes. Obviously there are the usual anonymity options and if a non-
Bookcrossing person picks up the book they may choose not to join-up (its free, they make money selling accessories like custom labels and bookplates).
Pretty cool.
» Mailorder Beer
A plug and a bit of a bookmark for myself -
Beerstore in NZ does a great job of distributing beer of all kinds delivered to your door.
I've used them a few times now and they're quick and efficient - I even had one delivery with broken bottles which the couriers obviously screwed up and within a couple of days
Beerstore had another order on my doorstep no questions asked. Now thats service !
» What is a karonkka?
A friend of mine recently returned from Finland where he was examining a PhD defence - the process is called a
Karonkka.
As well as getting decked out in a full-on tux & tails they actually had ceremonial swords to boot. How cool is that ?
Be sure to read Shauns other posts on the nature of research, patents, science and technology in New Zealand.
» TED Talks
A friend of mine (cheers Eddie!) pointed me at the excellent
TED Talk series.
Subscribe to their RSS feed now.
Theres always something you can set aside 15 minutes of your time to learn about or dump to your mp3 player to listen/watch while you commute.
Recent favourites of mine have included -
'Build a brain in a supercomputer',
'Our buggy moral code',
'What brain damage can point out about our mind',
'Why are babies cute? Why is cake sweet?'
» Useful Ways to be Persuasive
I realised my Linkdump category hadn't been updated in a looong time so I'll kick start it with this link to some common-sense
ways to be persuasive.
As per the link comments in the preamble, its a bit pop-psych but theres some useful stuff to help get your head around how you can get your point of view across to other people.
» Because you need to know - Tracking the $700 Billion Bailout
It'll be interesting to see if the New York Times keeps this table up to date -
Tracking the $700 Billion Bailout.
See which financial institutions receive money and how much they get.
» Good Music - Le Pop by Katzenjammer
Discovered while reading
Popmatters list of Also-rans for 2008 -
Katzenjammers 'Le Pop' is one of those joyful albums by a band determined to put a stupid grin on your face at all costs or die trying (cf early Violent Femmes, Crowded House, Pogues).
Check out a couple of videos on YouTube - '
A bar in Amsterdam' and '
Aint no thang'
» Good Books - The Shock Doctrine
Another excellent read from
Naomi Klein -
The Shock Doctrine. I have to admit I'm only halfway through this book - mans inhumanity to man makes for tough going - however its pretty much compulsory reading for anyone that wonders how the worlds free market economy's were lead down the track they're currently on.
Essentially what Klein does is posit the idea that free market economies and reforms can only be forced through on the back of an external crisis (sometimes real and sometimes engineered). As a result those people best placed to take advantage of the reforms do extraordinarily well and the vast majority of us end up worse off - with globalisation these disparities keep getting worse as multi-nationals cease to be bound by georgraphy.
As the recent recession and American bank / finance / auto bail-outs have shown - the free market has failed to a certain extent - their own calls for deregulation have bit them on the ass and now they're going cap in hand to the very regulatory bodies they once reviled for assistance.
So even when things go wrong for the wheelers and dealers of the world - they still come out on top.
» Good Books - Killing Rommel by Stephen Pressfield
Another quick summer read -
Killing Rommel is a return to form for Stephen Pressfield - his 'Gates of Fire' was a masterpiece but after that I found 'Tides of War' and 'Last of the Amazons' to be a little dry.
His latest novel tells the tale of the
Long Range Desert Group (LRDG) and their various exploits in the North African campaign, culminating in a mission to track down and kill
Rommel.
Wednesday 07 January 2009 at 4:55 pm
Lots of stuff in the news about the shenanigans in Australia about their dinky new
firewall.
Before Kiwis get to complacent, ponder this - theres been SFA in the NZ media about
Section 92 of the Copyright Amendment Act in New Zealand itself.
Essentially - The proposed Section 92 of the Copyright Amendment Act assumes Guilt Upon Accusation and forces the termination of internet connections and websites without evidence, without a fair trial, and without punishment for any false accusations of copyright infringement.
ie no one needs to prove you have downloaded copyright content they can just accuse you and cut off your internet connection (albiet after a warning or two).
Like Australia (or China) anyone with any technical savvy is just going to use TOR or a VPN terminating overseas to bypass this type of monitoring but if the accusation doesn't require evidence then it makes no odds as to how you try and protect your browsing habits.
Its just one of those pointless laws that has enormous nuisance value.
So sign up and lets hope this doesn't get passed into law!
Wednesday 17 December 2008 at 08:37 am
Another interesting link via
HackThePlanet is this
A Policymaker's Guide to Network Management.
I found the interesting stuff towards the end (pg 29 onwards) of the linked
presentation - essentially arguing that QoS still has an important part to play in delivering services even in a bandwidth rich environment.
Monday 19 November 2007 at 6:22 pm
Via the ever interesting
Hack the Planet -
Google’s Secret 10GbE Switch.
Nice bit of detective work if its true!
Thursday 09 August 2007 at 12:24 pm
We spent the weekend shifting our Service Centre - it all went surprisingly well - all our pre-arranged call plans to cut over data & voice circuits actually worked. Our only minor problem was that the fax line was cut over a day early - not that big a deal in the grand scheme of things.
Our Service Centre will act as a hub for regional mail, 0800 numbers and general enquiries - as such its pretty important that we get a handle on how the calls are handled. As part of the shift we implemented the MiTel
Contact Center Management Business Edition - or the '6100' for short. Its pretty darn awesome - its designed to handle 100's of 1000's of ACD agents and we've only got about 30 but the statistics it provides on call queues, abandoned calls, number of calls, time to answer, agent status etc is pretty darn amazing.
It can be integrated with a CRM solution to pop up caller details too - however I believe this involves a fair degree of customisation calling custom API's. Probably not cheap but if you're running a multi-million $$ call center its worth doing.
Friday 13 July 2007 at 07:01 am
We put in two key
MiTel servers this week -
Mobile Extension and
Teleworker.
Mobex lets you 'twin' your internal phone extension to any other phone number (usually a mobile phone but it could be an analog phone) - its like a fancy phone forward. Essentially the Mobex server creates a conference call between the two phones so at any time you can transfer or pickup the call on the other twinned phone. Very useful for traveling staff - it also means you can publish a single number on your business card that will get you where-ever you are. The other alternative is to ditch landlines entirely (I'm sure Vodafone or Telecom would love that) but people really don't like to pay for a mobile call - Mobex gives you this flexibility to redirect the phone wherever you like.
Teleworker lets you remote boot a VoIP phone from anywhere on the internet - ideal for people working from home or colocated working through a broadband connection. The phone itself does the QoS (your PC connects via the phone) so it will always prioritise the voice traffic over data if you're in a call. Your phone works exactly the same as an internal extension, you can associate it with any PABX controller and you can even get a local analog breakout module to allow local calls. The sound quality is actually pretty good and the phones boot very quickly - about the only problem is if you are in a phone call any big network file-copies will slow right down.
Interestingly both Mobex and Teleworker are based on CentOS (RedHat derivative) and act as appliances - most configuration is done via a web interface. A bit of a departure from MiTels other add-on application servers which are primarily Windows based.
Friday 26 January 2007 at 3:02 pm
We're lucky that our Telco provides a unified corporate WAN solution that encompasses everything from plain old POTS to high-speed fibre interconnects. They're also a mobile carrier - when you combine their mobile 3G with their WAN solution and delegated Radius administration it means you can offer your clients seamless LAN access at 3G speeds from their laptops (which they love because they find VPN complicated).
With these two gizmo's setting up ad-hoc offsite LAN's is going to be a whole lot easier (although your wallet may feel the pain depending on your 3G data-plan) -
*
LinkSys Wireless 3G Router
*
D-Link Wireless 3G Router
Friday 01 December 2006 at 4:27 pm
More and more people are using Voice Over IP (VoIP) - it seems to work well and removes the hassle involved in leasing a PABX or having contractors come in and make updates to the phone system.
From an admin standpoint it means almost anyone can manage basic PABX admin (eg directory management). You also get the joys of being able to plug 'n play your phone (no more repatching every time someone moves desk) and reset voicemail pins along with a wealth of other functionality previously hidden away in the heads of PABX admins. Most VoIP vendors also have cool stuff in terms of messaging integration (eg with Outlook or Notes) and software phones.
We use a
MiTel 3300 which is been ticking along quite happily for a few years now with about 340 users (it'll easily handle twice that) - admin is primarily web based and pretty straightforward although it helps to have some basic PABX familiarity before you go poking around with some of the more esoteric options. As its all software based you can just upgrade your PABX to support new generation phones - stick in the MAC address of the phone and it'll boot up with the appropriate software image.
What you need to utilise all of this VoIP goodness is a solid LAN with Quality of Service (QoS) capable switches and VLAN's to isolate your VoIP traffic. We use Cisco kit and its interesting to note that not all of their gear is created equal - implementing QoS on a Catalyst 3550 is much simpler than the 3500XL (slightly older model).
Another essential to save on cabling is Power over Ethernet (PoE) capability in your switches. Some will transparently power your phones and other devices (the newer 3550's and 3560's) while others will require dongles on your phones (the 3500XL's). For older switches (like the 3500XL's) you can also use a PoE 'booster' like a
PowerDSine unit and not have to use a dongle.
In terms of basic troubleshooting be very wary of putting your phones through cheap switches and watch the quality of your patch leads. Most VoIP phones share your PC LAN connection - your patch lead goes from the wall into the phone and then from the phone into your PC. The phone itself acts as a QoS switch controlling what your PC does such that it doesn't adversely affect your voice communications - probably not something you'd notice unless you have some other real-time type apps running on your PC (eg intensive Citrix sessions).
Be careful implementing VoIP across a WAN - it can be done but if you don't have the expertise in-house you *really* need to be able to trust that your comms provider will allocate appropriate bandwidth (we allow about 80kb per call so if you have 10 people in a remote office set aside about 1Mb) for a real-time queue and properly honour the QoS
DSCP tagging (44 - 46 seems common in NZ).
If you run into choppy voice calls while copying data across the WAN or when more than one or two people use their phone simultaneously then the circuit/routers haven't been properly provisioned and/or your switches aren't properly handling the QoS tagging (your comms provider will point the finger back at your LAN config so you need to be able to show end to end QoS so you can point the finger right back at them
Still - its all worth the pain - being able to plonk a phone down anywhere and use it as an extension of your primary office is a truly great thing.
Friday 03 November 2006 at 4:30 pm
These guys make some small but really useful tools -
Kiwi Enterprises.
Probably their best known and most useful is their freeware
KiwiSyslogd. Its a nice Windows tool for capturing and logging syslog data from a variety of devices.
Note that Unix distributions have syslog capabilities out of the box - you just need to set it up.
Friday 03 November 2006 at 10:13 am
Some things to ponder
Security is always a trade off between client side ease of use versus protecting an organisations information assets.
So someone needs to step up and make a call - what happens if security is compromised ? If no one is prepared to take the fall for a breach of security due to ease of use then you need to lock things down and deal with client complaints.
With regards to security there are really only three reasonable options -
Connect your Wireless system to your internal LAN and use MAC filtering and a WPA2PSK - definitely the path of least resistance. Be sure to change your WPA2PSK regularly and insure theres a safe mechanism to distribute updates. In terms of risk its pretty easy to fake a MAC and difficult to crack the PSK - then again if you update the PSK regularly it is only as secure as the update mechanism. Unfortunately apart from sending and archiving syslog files the auditing and accountability aspect of this option is pretty poor because the authentication is tied to the asset not the person.
Connect your Wireless system to your internal LAN, use MAC filtering and Radius authentication. A step up in terms of security and it provides for auditing and accountability. The Microsoft Radius solution even allows for a client side certificate for extra security. Again the MAC address can be faked and login/password combinations can be cracked by dictionary attack - possibly less secure than a PSK but using a certificate infrastructure does improve security.
Connect your Wireless system to your firewall, use MAC filtering and a WPA2PSK and allow access via VPN. Probably the most secure option but it may drive your clients insane unless they're used to using VPN. You get security, auditing and accountability - plus if someone hacks your WLAN they still need to get through the firewall.
Ideally you would use a Wireless LAN Controller to coordinate your AP's and do basic IDS. On top of that a dedicated Wireless IDS with sensors is also recommended (some WLAN Controllers have AP's that can access as sensors for third party IDS products - its worth investigating as you can save some money). If possible separate out your wireless traffic via VLAN - it makes tracking, auditing and isolation easier.
Friday 03 November 2006 at 10:13 am
Some things to ponder
Security is always a trade off between client side ease of use versus protecting an organisations information assets.
So someone needs to step up and make a call - what happens if security is compromised ? If no one is prepared to take the fall for a breach of security due to ease of use then you need to lock things down and deal with client complaints.
With regards to security there are really only three reasonable options -
Connect your Wireless system to your internal LAN and use MAC filtering and a WPA2PSK - definitely the path of least resistance. Be sure to change your WPA2PSK regularly and insure theres a safe mechanism to distribute updates. In terms of risk its pretty easy to fake a MAC and difficult to crack the PSK - then again if you update the PSK regularly it is only as secure as the update mechanism. Unfortunately apart from sending and archiving syslog files the auditing and accountability aspect of this option is pretty poor because the authentication is tied to the asset not the person.
Connect your Wireless system to your internal LAN, use MAC filtering and Radius authentication. A step up in terms of security and it provides for auditing and accountability. The Microsoft Radius solution even allows for a client side certificate for extra security. Again the MAC address can be faked and login/password combinations can be cracked by dictionary attack - possibly less secure than a PSK but using a certificate infrastructure does improve security.
Connect your Wireless system to your firewall, use MAC filtering, a WPA2PSK and allow access via VPN. Probably the most secure option but it may drive your clients insane unless they're used to using VPN. You get security, auditing and accountability - plus if someone hacks your WLAN they still need to get through the firewall/vpn gateway.
There is probably a fourth option - if you are in an urban area you may be able to use free wireless or an ISP's wireless service in conjunction with VPN. Not a good idea unless you have good laptop firewalls and well educated clients.
In fact if you use Active Directory you may want to restrict which SSID's you want clients to connect to and wether or not they can work in Adhoc mode or not. To be safe you should lock both down.
If you do use VPN be sure to pipe all traffic through it and not just an organisations data.
Ideally you would use a Wireless LAN Controller to coordinate your AP's and do basic IDS. On top of that a dedicated Wireless IDS with sensors is also recommended (some WLAN Controllers have AP's that can access as sensors for third party IDS products - its worth investigating as you can save some money). If possible separate out your wireless traffic via VLAN - it makes tracking, auditing and isolation easier.
Useful references
*
SANS Wireless Publications
*
AD Wireless Group Policy
*
Technet Article on Wireless Security
*
Cisco Wireless Security Guide
