The Network under the Bright-Bright Sky

It’s easy to use Linux to replace one SOHO router. It can be conclude with 6 commands:

dhclient3 … $WANIF # Get the IP on WAN side
ip addr add 192.168.0.0/24 broadcast + dev $LANIF # Get the IP on LAN side
dhcpd3 … $LANIF # Enable the DHCPD on LAN side
sys.net.ipv4.ip_forward = 1 # Enable forwarding
iptables -t nat -A POSTROUTING -o $WANIF -j MASQUERADE # Enable SNAT
dnsmasq # Enable DNS proxy

GOAL: Use one Linux box to replace N SOHO Routers. i.e. This box would multiple isolated NAT each running at the same but actually different private IP range.

One router takes 5 commands doesn’t mean 2 routers take 10 commands, the problems are:

1. How to get more than one IP for the WAN Interfaces?
2. How to MASQUERADE to different WAN IP, for each set of router?
   
3. N routers subnet will be defined as 192.168.0.0/24, but just like real router setup, THIS 192.168.0.0/24 is not THAT 192.168.0.0/24. Attaching 192.168.0.1/24 to $LANIF[1..n] confuses the kernel, or routing table to be exact, what can be done?
   
4. From LAN side to visit the Router box?
   
5. How about DMZ and Port Forwarding?
6. Can visiting the other NAT subnet from one NAT subnet be done?
7. How about Router visiting Client Side?

(more…)

Goal: Under Windows Domain environment, the Intranet user could authenticate oneself to a website hosted on Linux/Apache without password prompt, when browsed with IE or Firefox to browse, hence the Single Sign On (SSO). During the course of setup, the Linux box will join the Domain and have a Computer Account created.

Non Goal: Enable domain logon for Linux in General. Authorization is also not discussed.

Introduction

If the target is to accept domain’s credential, the question will actually be much easier. KB555092 is one of the way to achieve that, but basically that means the credential will be transmitted in clear text to the web server, then the server will test it with the domain controller. If such a website setup is browsed with IE, the prompt will state such problem in clear, and it won’t do SSO either. To the client, this is very insecure, even with SSL enabled, it means the web server could have the control of the credential. All in al, KB555092 is not what I want. I think there are other solutions like LDAP could achieve similar result.

The key in KB555092 is that KrbMethodNegotiate is Off, that denys the SSO from happening. However, to turn it on is not as simple as flagging it as on, there is quite some steps to need to be done in the background.

(more…)

Is it that hard for the refrigerator in the world to add a door-opened alarm? All it takes is a 555 Timer, or better yet, a few transistors. It supposes to be so simple but that my refrigerator doesn’t have this feature. End results? The moisture finds its way sneaking into the freezer component and forms the crappy ice.

jamie found links to a discriminating selection of Siggraph papers at waxy.org. Among the more captivating:

• automatically improving the attractiveness of faces in portraits;
• automatic substitution of similar faces into photographs
• using still photographs to enhance video of a static scene.

Can you trust any video now?

Link to the original from Slashdot: Some Eye-Popping Research From Siggraph

If the harddrive growing speed is strictly sticking with the Moore’s Law (so far that’s pretty much the case), and that my data is growing slower than what’s Moore’s Law has predicted, then my server could still hold my data at anytime in the future.

A big assumption: I have to keep forking out money in purchasing new harddrive.

In the Q1 of 2007, I spent a whole lot in buying a 500GB, and it was full for quite some time. I have to stop my data from growing for a while also. While the 1TB harddrive price dropped to HKD $1300 from HKD $3000 when it was released, it’s still pretty expensive. Besides, it looks like my data doesn’t grow as fast (because I watched less Anime recently? who knows-), so I bought a new one the day before and settled with a 640GB.

The old 500GB is then transferred to the backup server. The backup server now have 2*250GB+1*500GB=1TB space available. Comparing with my 100MB  installed in a 386 desktop 19 years ago, it is 10000 times bigger. (That’s about doubling for every 17.1 months, that’s not apple to apple comparison, but anyway). The 320GB from the backup is also offlined so I colud use it to backup my desktop now.

It took 1 day to re-sync the existing 4xxGB through the 100Mbps ethernet. Looks like I must upgrade it to GE next time.