Goals for 2015

First things first: Happy new year!

This year will be (almost the same goals as last years).

So lets see:

find some interesting IPv6 related projects too pay the bills
Yes there where some IPv6 projects but I mainly did DNSSEC (as IPv6 one of those brand new technologies nobody needs)
For 2015 there are a couple of very interesting projects on the horizon. Lets wait the next two weeks

Read The Elements of Computing Systems: Building a Modern Computer from First Principles and work through one chapter a month.
Still unfinished. Maybe this year.

Finish moving my old server to this new machine, complexity puppetise and automate new server setup, including firewalling and monitoring
Partly done. Most of the puppet part is still missing

learn more about libvirt / kvm, openvswitch and logstash
work on some Cisco and Juniper Certifications

Still valid for 2015

clean up some of the other item from my todo list
Done some but somehow todo lists tend to grow. Have to do some more

Write at least 100 blog posts in 2014
I’ll promise to do it this year

Work on some interesting talks about IPv6, libvirt, …
I have some ideas and plan on attending more conferences this year. I’ll keep you posted.

And in addition to that:

  • loose some weight
  • find a new bigger and quieter flat

IPv6 site-local

Dear authors of “Cisco ASA: All-in-one Next-Generation Firewall, IPS, and VPN Services, 3/e” (and many many others) please not that site-local addresses where deprecated with RFC3879. Note that RFC3879 was published in 2004. Your book was published in 2014. In your book also refer to RFC4291 which mentions RFC3879.

(I hope the rest of the book is better than the IPv6 intorduction)

Support

It’s this time of year again where you visit your parents to celebrate Christmas do IT support.

So right now I’m installing updates, removing toolbars and fixing other easy to fix things.

My Dad bought a RaspberryB+ and instead of downloading a current software version he bought an SD card with an older version already installed. Some online shops (even the big ones) are strange:

1. A normal SD card does not fit into a micro SD slot

2. The RaspberryB+ needs a current software version or USB (an probably some other tings) will not work.

Too all off you: Happy Holidays ;-)

Open Source …

sucks. Two weeks ago I asked about IPv6 support on the check_mk mailing list. So far no reaction from the developers. And it’s not the first time I asked and I’m not the only one to ask.

is great. A couple of weeks ago I encountered a problem with powerdns. After I asked on the powerdns IRC channel and had a fixed version about an hour later and I learned something about DNS while reading the discussion. Thanks!

quux.de and DNSSEC

After being payed for implementing DNS(SEC) for a customer it was time to implement DNSSEC for my own domains as well.
So quux.de and some of my other domains are DNSSEC signed for a about a week now. So far I haven’t heard of any problems.

If you are using Bind on Debian the following links will be quite helpful:

https://wiki.debian.org/DNSSEC

http://www.howtoforge.com/configuring-dnssec-on-bind9-9.7.3-on-debian-squeeze-ubuntu-11.10

DANE is next on the todo list

check_mk and IPv6

I really like using the check_mk agent. Problem is that I have several IPv6 only hosts and the check_mk developers are ignoring IPv6 for quite some time (see my mail form may 2012).

Recovering from a cold I played around and found a temporary (as in “untill the next update”) solution:

As the agent is run via xinetd this part is quite simple: just add flags = ipv6 to the xinetd config starting the agent and restart xinetd.

The part queering the agent is a little more complex. Stefan Neufeind published a patch on the check_mk mailing list. which still works.

The next problem is that check_mk calls check_icmp and check_icmp does not support IPv6.

As a quick and dirty soloution I replaced check_icmp check-mk-ping command inside check_mk_templates.cfg with check_ping:


define command {
command_name check-mk-ping
command_line /usr/lib/nagios/plugins/check_ping -H $HOSTADDRESS$ -w 120,90% -c 150,95%
}

The warning and critical values in the above example still require some tuning on my side.

“I’ve read your profile with great interest…”

“… and I’d like to talk to you about a very interesting project!”

Yes, you may have a very interesting project to offer
No, – you haven’t read my profile, or what is so hard to understand about “I’m currently not looking for any projects”?

Social networks. Sometimes it’s better to not use them.