...the radio star. Yeah. Anyway, I have a linksys WVC54GCA Network/IP camera that I've been playing around with. This camera is convenient because it's wireless so I can put it almost anywhere I want... or I could if the fucking piece of shit didn't lose it's wireless connection every ~24 hours and require a reset to get back online. So I have to run cat5 to the fucker instead. And it doesn't support PoE. Annoying, but it seems to work OK with power and UTP stuck up it's ass. Whatever. Remind me not to buy linksys again.

I've also been playing around with ZoneMinder and trying to get it grabbing video from the camera. That worked fine at 320x240 (jpeg) but not at 640x480 (jpeg or mjpeg). I finally figured out that it was a memory allocation problem. Even though I had followed a tip I found somewhere on upping the limit to 134217728, apparently that wasn't enough to grab high res from the camera. Finally I found this tip and I raised the limit to 268424446. Now it works fine at 640x480.

The most difficult part of the process was finding the URL's for grabbing video/stills directly. Through googling and experimentation this is what I came up with:

Linksys WVC54GCA - firmware 1.00r24

320x240 jpeg:
http://camera_ip_address/img/snapshot.cgi

640x480 jpeg:
http://camera_ip_address/img/snapshot.cgi?a
(I first tried ?res=640x480, which worked, but then I discovered that passing any argument at all gives you the larger jpeg)

640x480 mjpeg:
http://camera_ip_address/img/mjpeg.jpg
http://camera_ip_address/img/mjpeg.cgi
http://camera_ip_address/img/video.mjpeg
(I don't know whether there is any difference between these. I didn't notice any.)

640x680 mpeg:
http://camera_ip_address/img/video.asf
(VLC 0.9.4 plays this perfectly, including audio)

Posted by ra at 00:38 | Comments (3) | Trackbacks (0)

Why is unannounced scheduled maintenance so ridiculously fucking common these days?

I tried to login to Citibank's website just now to pay my bill. No go. I get some random "General Error" with an even more vague definition of what is (or isn't) happening when I try to log in. Last time something like this happened I told them about it after the fact and they denied that there had been any problem, so this time I called them up right away. I'm told that they might be doing scheduled maintenance until 03:00, but they don't know whether they are doing maintenance tonight or not. OK...... They can however confirm that if they are indeed doing maintenance, I will not be able to login until it is complete. Hmmm... homepage says nothing about maintenance, neither does the error message. Finally, they suggest I try to reset my password. If there is a chance you're doing maintenance now, is this really an ideal time to fuck around with resetting my password?? Morons.

Dear Citibank: I made the following just for you. Please feel free to copy and paste it to the top of your website as appropriate:

------------
WE'RE BUSY DOING PREVENTATIVE DEVASTATION RIGHT NOW. FEEL FREE TO RESET YOUR PASSWORD IF YOU CAN'T LOGIN, BUT KEEP IN MIND THAT IT'S NOT GOING TO FUCKING WORK AT ALL UNTIL WE'RE DONE.

LOVE,
CITIBANK
------------

Posted by ra at 00:44 | Comments (0) | Trackbacks (0)

I've recently started using OpenVPN's subnet topology. This requires OpenVPN 2.1 on both ends of the tunnel, but allows for one IP per client instead of a /30 block and works on all platforms, unlike the old (and now depricated) p2p topology.

EDIT: I should note that while topology subnet works with all platforms and I have tested with Linux, Mac and Windows clients; I have only tested topology subnet and the routing solution below on OpenVPN servers running on Linux.

I quickly ran into a snag with the subnet topology, however. The routes in my server-side OpenVPN config file no longer got created when OpenVPN was started, so networks behind connecting clients were unrouteable. I checked the logs and found the following messages from when OpenVPN started:

OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
OpenVPN ROUTE: failed to parse/resolve route for host/network ...

If I changed back to topology net30, everything worked fine with the config as is, so the problem was definitely specific to the subnet topology. Googling led me to several unanswered queries and finally one solution:
http://openvpn.net/archive/openvpn-users/2007-08/msg00152.html

As the errors above indicate, you need to specify a gateway in the route command in the OpenVPN config file when using the subnet topology. But what should the gateway be? The person in the linked post chooses the obvious solution, the VPN IP of the client behind which the remote network resides. That works, but what if I don't have a specific IP set for that client? From the system routing table you really only have to get traffic destined for the remote network routed to the VPN adapter, because OpenVPN has it's own routing table and will take care of the rest. Therefore, simply using the VPN IP of the OpenVPN server as the gateway accomplishes this, and seems to me to be the best solution.

OpenVPN server config snippet:

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
server 10.0.8.0 255.255.255.0

# ...if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files and the route command to
# specify the specific IP(s) or connected networks.

# route used with net30 topology
route 10.0.55.0 255.255.255.0

# route used with subnet topology
route 10.0.55.0 255.255.255.0 10.0.8.1

More configuration detail after the break...

Continue reading "openvpn routing"

Posted by ra at 12:21 | Comments (2) | Trackbacks (0)

Although my personal exposure to Apple products has been somewhat limited (mostly an originally blueberry iMac running OS 10.3 that I play around with... seriously), I have plenty of experience helping other people with their Macs or Apple gear. The times I've spent with Apple desktops and laptops has been enjoyable, but as for Apple networking equipment (Airport express, Airport Extreme, etc) i would have to rate these experiences at the opposite end of the pleasure spectrum. Somewhere near "pound my bloody head on the desk over and over".

Specifically, I would like to know what fruit-loop at Apple decided that CLI and web-interfaces were too passé, so they needed a closed configuration interface that requires a binary application running on a Mac or Windows computer to do anything at all with the device*. If they were trying to say "Dear users of Linux and other lesser OS's: FUCK YOU", well I got the message. Thanks. The last general networked device I encountered that was so retarded that it's main configuration method was proprietary software running on another device was a stupid print server.... from NINETEEN FUCKING NINETY-FIVE. However, at least that device could still be mostly configured using Telnet!! Not so for POS Apple networking gear.

Yesterday I discovered that the Apple Airport Extreme wireless router does not support static routes. Seriously, even if this was a seldom used feature for most users, how fucking hard is it to include it when you're putting together a router anyway. Besides which I can't even remember the last time I encountered a POS off-the-shelf Linksys or whatever router that didn't have static routes. So again, Apple is apparently competing with low-end networking gear from the 1990's??

Here's another added bonus: changing anything as trivial as a firewall rule reboots the router. Again, all but the shittiest routers I can think of can apply firewall rules and many other config changes without rebooting the whole router. This is absolutely pathetic for hardware that costs as much as Apple's shit does.

Between the hell I went through trying to configure a couple of Airport Expresses using their awful software and the new knowledge that Apple routers can't even do static routes, you can bet I'll be recommending Apple networking gear precisely NEVER. I wouldn't want someone to buy one only to find out it also doesn't support... I don't know, DHCP? DNS? Who the fuck needs that anyway, right? We'll just all say Bonjour and Rendezvous over at .local.

Fuck you, Apple.

* Yes, I know there are some open-source tools painstakingly constructed by sniffing traffic from Apple's software, but they aren't fully-featured and don't work with all devices, and that only supports my point.

Posted by ra at 17:58 | Comments (0) | Trackbacks (0)

So Netflix and a clue went out on a date... and she won them over! Yea!

Yeah, profiles are staying and I resumed our subscription.

Posted by ra at 00:21 | Comments (0) | Trackbacks (0)

to: publicrelations@netflix.com
cc: lkilgore@netflix.com
cc: reed.hastings@netflix.com
subject: Netflix profiles feature

To whom it may concern:

As a direct result of the email I received from Netflix last night regarding the elimination of the profiles feature, I have just placed my Netflix account On Hold.

For us, profiles are the most important feature differentiating Netflix from its competitors like Blockbuster Online. Profiles are integral to our Netflix experience. We are not interested in trying to merge queues or manage reviews and recommendations for three different people on a single profile/account.

My subscription is currently set to resume on 07 September 2008, but rest assured that if profiles disappear on 01 September I will instead cancel my subscription outright.

Posted by ra in rants at 01:04 | Comments (0) | Trackbacks (0)

What a lovely evening.

First of all, around midnight tonight some fucker rings our doorbell and runs off.
Great. So now I get to wonder whether it was just punk kids, or someone checking to see if anybody was home so they could rob the place. I might not be as concerned if someone hadn't rang the bell earlier today as well. I didn't answer it then because I was busy and I wasn't expecting anyone. But I can't help but wonder if someone was canvassing the neighborhood looking for unoccupied houses to return to at night.

Then, when I come back inside I'm greeted by an email from Netflix that says they are removing profiles. WTF. Their profiles are in my opinion one of their best features. We have three profiles on our account. Their email tells me they are eliminating profiles to "help [them] continue to improve" their site. If this is a taste of "improvements" to come then I guess it's about time to "upgrade" my Netflix account... to the ZERO discs plan. I'm canning their asses to let them know what I think.

GRRRRR. FUCK. THAT IS ALL.

Posted by ra in rants at 02:33 | Comments (0) | Trackbacks (0)