All posts by Matthias Scheler

We Will Rock You

While thinking about possible presents for my wife birthday’s last december I had one of my better ideas: I bought tickets for the Queen musical We Will Rock You. We wanted to see it ever since we spotted the posters in London’s tube stations. But we never managed to settle a date and order tickets in advance.

Yesterday the day had come and we were both full of expecation because we are both big queen fans. We took the train to London in the morning, had lunch add the borrow market and finally took the tube to the Dominion Theatre. Reading the program we bought I realized that the remaining members of Queen will celebrate their sixtieth birthdays soon. I’m therefore very happy that we went to their concert with Paul Rodgers in the Hyde Park in 2005. It was probably our last chance to enjoy at least Brian May and Roger Taylor performing live.

But let’s get back to the musical:

  1. The music was of great. No big surprise here. Thanks to the diversity of the songs Queen recorded over the years they could find the right music for every part of the show.
  2. The performers were great. I was especially impressed by Jenna Lee James who played the main female character Scaramouche.
  3. Besides good music there was a lot of british humour in it including funny references to current events. They even poked fun at the members of Queen.
  4. There were also touching moments dedicated to the memory of rock stars who died young: legends like Elvis Presley, Jimmy Hendrix and of course Freddy Mercury.
  5. The simple but taking story is about a world ruled by a powerful coperationg called Globalsoft. They control everything including the music business which is dominated by cloned boy and girl bands. Rock ‘n’ Roll and music instruments are banned. And only a few rebels are trying to bring both back.

My wife and I really enjoyed the time and are considering to watch the show a second time. If you like Queen’s music you must see it!

Merry Christmas and would you please fix my computer?

Every family has a computer expert. His (or her) job is to help the rest of the family with all their computer problems. Everytime the family computer expert is visiting he (or she) needs to get through a list of things which need to be fixed.

You might have already guessed that I’m that expert in my family. When my wife and I visited our families in Germany for Christmas I had a considerable to-do list. Our first stop was at my parents -in-law’s house where my old Power Mac G4 required some upgrades:

  1. Install an external Firewire harddisk and backup the system.
  2. Update Mac OS X Tiger to version 10.4.8.
  3. Install new version of QuickTime and iTunes.
  4. Install the latest security patches.
  5. Install updates for iLife 06.
  6. Install the latest Xcode tools.
  7. Install up-to-date pkgsrc packages.
  8. Provide a GIMP icon to my father-in-law’s dock.
  9. Install new OpenOffice templates.
  10. Install Virtual PC and finally retire the old Windows 98 PC.

The preparations started at home:

  • I installed Virtual PC on my Power Mac G5, created and configured a virtual machine and installed Windows XP SP2 in it.
  • My wife updated all the OpenOffice templates and created a second set of templates for the new 19% VAT rate in Germany.
  • I found a somewhat outdated distribution of GIMP for Mac OS X on the web and combined the included Mac OS X application environment with the latest GIMP pkgsrc package.
  • Finally I copied all the necessary software and data on the external harddisk. Downloading all of it would have taken days because my parents-in-law don’t have broadband.

We arrived at the 23rd of December and I started the rollout on the next morning:

  1. I connected the external harddisk, installed Carbon Copy Cloner and cloned the internal disk before starting with the updates. You never know …
  2. Installing most of the updates worked without problems. Just double click on the disk image, launch the installer and reboot … quite frequently. Using the online update is much nicer because you get away with a single reboot.
  3. The updates for iLive 06 did not work. They are for newer versions of all the programs and unfortunately not cumulative. I tried the online update over the V.90 Internet connection which was a real pain. It took a few minutes just to figure out what updates were available. The online update offered patches for the old iLife 06 programs but it would have taken hours to download them. I therefore decided to give up on these updates. But the online update did at least confirm that all the security patches were installed.
  4. Installing most of the remaining software (e.g. GIMP) worked like a charm.
  5. Installing Virtual PC was all that still needed doing. Because Virtual PC 7 doesn’t work under Mac OS X Tiger properly until you apply the patch with the latest update. I already knew that from trying it out on my Mac and simply ignored the Restart your computer button, installed the patch immediatley and rebooted afterwards. Mac OS X complained about incorrect permission of /Library/StartupItems after the reboot because Microsoft’s installer screwed up (exactly like on my Mac). Mac OS X fixed the permissions and rebooted once more. I stopped the installer from creating a virtual machine using the bundled Windows XP Professional, installed the prepared virtual machine instead and fired up Virtual PC. I was relieved when Windows XP booted after a small change to Virtual PC’s configuration. Finally I taught my father-in-law how to start Windows XP now and he liked the new solution much more than accessing the old Windows 98 PC via TightVNC.

At the 25th we left my parents-in-law and drove to my older sister’s house. Much nastier problems were waiting for me there:

  1. Increase the size of drive C: because it is full and Windows complains about that fact all the time.
  2. Check that the all the several dozen Windows XP security patches are installed.
  3. Check that the virus scanner is working and up-to-date.
  4. Make sure that the friend who set up my sister’s A-DSL and WLAN did a proper job.
  5. Help my sister with her problems with iTunes.
  6. Try to get the game working that my nephew got as a christmas present.
  7. Check the harddisk of the old Windows 98 PC for data which needs to be preserved. Wipe the contents of the harddisk afterwards because the PC will be sold.

It took me most of the 26th to sort out all of these problems because Microsoft Windows was involved. I wish my sister would have listened to me when she bought a new computer and purchased an Apple PowerBook. But she could get a Windows notebook cheap via her job and took that offer. 🙁

  1. Resizing the harddisk partitions was easy. I booted the notebook of my Partition Magic 8.0 CD-ROM and it took only a few mouse clicks and a quarter of an hour before drive C: had 8GB of free diskspace.
  2. When I checked whether recent security patches were installed I was shocked to find out that no patches had been installed for several month. The reason was simple: the old Windows 98 PC had always reminded my sister to install patches when she connected to the Internet via ISDN. But Windows XP decided that automatic updates were good enough and scheduled them at a time when the notebook is never turned on. Thank you, Microsoft! Half an hour and several reboots later the system was somewhat safe again.
  3. The situation concerning the virus scanner was alarming, too. The expensive Enterprise virus scanner required a special update server to get new virus signatures. But that update server is only available at my sister’s workplace and she hadn’t taken the notebook there for half a year. Because my sister doesn’t use that notebook for work anyway I replaced the virus scanner with the free version of AVG 7.5. AVG only needs a plain Internet connection to get new virus signatures.
  4. The next thing I checked was the WLAN router’s setup. WLAN encryption was enabled fortunately but it only used the weak WEP algorithm. I tried to switch to WPA or WPA2 using the installed WLAN Quick Setup software. But despite mentioning that an insecure WLAN can cause legal trouble the software only offered WEP encryption. Using a browser to access the web interface of the router (a Zyxel product) I found out that it does support WPA. I connected our Apple PowerBook to the router via ethernet, enabled WPA, turned off WEP and tested the secure WLAN setup with the PowerBook. When I wanted to configure the Windows notebook to use WPA Windows XP’s Wireless Network manager was refusing to let me make any changes. It turned out that the WLAN Manager, another great piece of software distributed with the router, had taken control of the WLAN setup. And it did of course not support WPA. I removed all componets of that software and Windows XP’s Wireless Network manager worked again. After deleting the open WLAN network provided by a friendly neighbour from the list of preferred networks I could finally get the Windows notebook to connect to the WPA protected WLAN of my sister’s A-DSL router. It worked fine for five minutes until another friendly neighbour turned on his or her A-DSL router with another open WLAN using the same channel. After picking a (at that point of time) unoccupied channel the WLAN finally worked secure and stable.
  5. Looking at the information provided by Windows XP’s Device Manager we figured out why the game wouldn’t run. The chipset graphics had stolen 64MB of the main memory and the game wasn’t willing to start with the remaining 448MB. My wife switched off the notebook, opened it and found out that the second memory slot isn’t used at the moment. Upgrading the notebook to 1GB of main memory should therefore be straightforward.
  6. Dealing with the old Windows 98 PC wasn’t as easy as I had hoped, too. I wanted to copy my sister’s old e-mails to a USB stick but Windows 98 (Second Edition) doesn’t provide any drivers for such hardware. After getting the PC to use the DSL connection (the ethernet was connected to the router, but it still wanted to dial out via ISDN) I was able to find a driver via Google. The next problem was that Outlook Express refused to export the e-mails without a Microsoft Exchange Server. I therefore manually copied Outlook Express’ data directory to the USB stick.
    Now the fun began: I booted Linux using a Knoppix CD and ended the miserable existence of Windows 98 using the dd command. Because I definitely didn’t want to reinstall Windows 98 (my sister couldn’t find the CD anyway) and was too lazy to install NetBSD I tried out the Ubuntu DVD I received with the latest issue of the c’t and installed Linux on the machine. The Linux installation will probably be nuked by the future owner anyway but is good enough to prove that the machine is working.
    After importing the old e-mails on the Windows XP machine (which didn’t require an Microsoft Exchange server for a change) my work was finally finished.

That’s the end of my christmas family IT support story … for this year. What nice (or naughty) computer problems did Santa Claus bring you for christmas?

The Silence of the Packets

As part of my ongoing attempt to simplify my IT infrastructure at home I recently decided to replace my NetBSD firewall and the external DSL modem with a router appliance. The list of advantages was long:

  1. Less noise and power consumption, the firewall was a SPARCstation 20.
  2. One less UN*X system to look after.
  3. Less power bricks under my desk.
  4. No more MTU problems caused by PPPoA to PPPoE bridging.
  5. More reliable (than the Linksys DSL modem).

Unfortunately my requirement list for a DSL router was long:

  1. Normal routing for public IP address
  2. NAT for non-public IP address
  3. IPv6 support
  4. IPsec VPN support
  5. Flexible packet filter rules
  6. Proper administration interface
  7. SNMP support (for MRTG)
  8. Configuration file backup and restore
  9. ADSL 2+ support (for future use)

I searched the web for possible candidates and found exactly one: the Cisco 877W.

Cisco 877W

I was not to happy about this because my previous jobs taught me that Cisco equipment can cause a lot of trouble:

  1. The IOS version that is installed on your Cisco never supports all the features you need.
  2. The IOS version which supports all those features requires more memory and/or a larger flash card than your Cisco is equipped with.
  3. At least a part of the necessary configuration will be completely unobvious and you have to search the web or ask arround to figure it out.
  4. You will reach a point where it seems to work. Just when you enjoy your success it will break horribly.
  5. Cisco will not allow you to download a firmware update without a support contract even if it fixes a critical security hole.

I bought a Cisco 877W (with an extra 802.11g WLAN option) nevertheless. And of course things went wrong:

  1. Despite being advertised as supporting IPv6 it did not.
  2. The IOS version with IPv6 support required a larger flash card.
  3. The first flash card upgrade I received was broken. I didn’t realized that immediately of course but spent hours figuring out why format flash: wasn’t working.
  4. Configuring the DSL connection on the 877W is tricky. You can’t simply take the obvious approach and use the ATM interface. You need to create a Dialer interface (sounds archaic, doesn’t it?) and tell that to use the ATM interface for “dialing” out. Fortunately Google found a useful example configuration.
  5. When I finally got the Cisco working as a router (with the NetBSD firewall still providing packet filtering and NAT) I was pleased. But 10 minutes later the DSL connection went down. It happened again and again until I finally had to switch back to the Linksys DSL modem. Before I did that my Internet link wasn’t even stable enough to search the web for a solution. I posted a question to the Usenet and got a lot of unhelpful comments suggesting that my phone line was probably bad. Finally somebody pointed out to that Cisco is distributing firmware updates for the builtin DSL modem of the 877W on their public FTP server. I installed version 3.0.10 of the firmware,connect the phone line to the Cisco again and this time it really worked fine.

But getting basic routing functionality working was of course only half the story. I still needed to write Cisco IOS packet filter rules (for IPv4 and IPv6) and get NAT working. I had to postpone doing that several times mostly because of problems with the backup mail server for my domains. Last Friday I finally managed to write the IPv4 packet filter rules despite spending most of the day on maintenance of that backup mail server. On Saturday I found time to write the IPv6 rules, After a nice relaxing walk through the Botanic Garden I got NAT working on Sunday.

Now it was time to put the old firewall out of operation. My wife and I removed a stack of old hardware first:

SPARCstation 20, switch and DSL modem

The old Wireless Access Point had to stay because the IOS version currently installed on my Cisco 877W doesn’t support bridging IPv6 for some weird reason. There is a IOS version which does but who knows how to get it.

We set up the Cisco, connected all the cables and powered the router up. For some unknown reasons the universe showed mercy and everything just worked fine without further problems. It has worked fine ever since and I’m still enjoying The Silence of the Packets because the SPARCstation 20 is no longer making a lot of noise.