Skip to content

By Askarel in Uncategorized

I’ve been running my own private matrix server for quite a while now, and so far it has been running smoothly, despite the warning in the documentation that you should not run it with the sqlite3 database in production.

With the release of Debian Bookworm, i decided it was time to upgrade the server.

Naturally, during such big upgrade, something has to go south: matrix-synapse is not starting anymore !

In the logs, i had this gem:

2023-06-22 12:54:08,333 - synapse.app._base - 215 - ERROR - main - Exception during startup
Traceback (most recent call last):
  File "/opt/venvs/matrix-synapse/lib/python3.11/site-packages/synapse/app/homeserver.py", line 352, in setup
    hs.setup()
  File "/opt/venvs/matrix-synapse/lib/python3.11/site-packages/synapse/server.py", line 339, in setup
    self.datastores = Databases(self.DATASTORE_CLASS, self)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/venvs/matrix-synapse/lib/python3.11/site-packages/synapse/storage/databases/__init__.py", line 74, in __init__
    prepare_database(
  File "/opt/venvs/matrix-synapse/lib/python3.11/site-packages/synapse/storage/prepare_database.py", line 141, in prepare_database
    _upgrade_existing_database(
  File "/opt/venvs/matrix-synapse/lib/python3.11/site-packages/synapse/storage/prepare_database.py", line 514, in _upgrade_existing_database
    module.run_upgrade(cur, database_engine, config=config)
  File "/opt/venvs/matrix-synapse/lib/python3.11/site-packages/synapse/storage/schema/main/delta/78/02_validate_and_update_user_filters.py", line 85, in run_upgrade
    cur.execute(copy_sql, (f"{hostname}",))
  File "/opt/venvs/matrix-synapse/lib/python3.11/site-packages/synapse/storage/database.py", line 417, in execute
    self._do_execute(self.txn.execute, sql, parameters)
  File "/opt/venvs/matrix-synapse/lib/python3.11/site-packages/synapse/storage/database.py", line 469, in _do_execute
    return func(sql, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
sqlite3.IntegrityError: UNIQUE constraint failed: temp_user_filters.user_id

Naturally, googling around yielded no result. So i tried to convert my sqlite3 setup to a postgresql one using the synapse_port_db tool:

# synapse_port_db --sqlite-database homeserver.db --postgres-config homeserver.yaml
2023-06-22 12:39:58,104 - synapse.config.key - 153 - WARNING - This server is configured to use 'matrix.org' as its trusted key server via the
'trusted_key_servers' config option. 'matrix.org' is a good choice for a key
server since it is long-lived, stable and trusted. However, some admins may
wish to use another server for this purpose.

To suppress this warning and continue using 'matrix.org', admins should set
'suppress_key_server_warning' to 'true' in homeserver.yaml.
--------------------------------------------------------------------------------
Preparing sqlite3...
2023-06-22 12:39:58,220 - synapse.storage.prepare_database - 120 - INFO - ('main', 'state'): Checking existing schema version
2023-06-22 12:39:58,236 - synapse.storage.prepare_database - 128 - INFO - ('main', 'state'): Existing schema is 77 (+4 deltas)
2023-06-22 12:39:58,236 - synapse.storage.databases.main - 288 - INFO - Checking database for consistency with configuration...
2023-06-22 12:39:58,237 - synapse.storage.prepare_database - 418 - INFO - Applying schema deltas for v77
2023-06-22 12:39:58,239 - synapse.storage.prepare_database - 526 - INFO - Applying schema 77/14bg_indices_event_stream_ordering.sql
2023-06-22 12:39:58,319 - synapse.storage.prepare_database - 418 - INFO - Applying schema deltas for v78
2023-06-22 12:39:58,320 - synapse.storage.prepare_database - 513 - INFO - Running 78/01_validate_and_update_profiles.py:run_upgrade
2023-06-22 12:39:58,342 - synapse.storage.prepare_database - 513 - INFO - Running 78/02_validate_and_update_user_filters.py:run_upgrade
2023-06-22 12:39:58,344 - synapse_port_db - 849 - ERROR - 
Traceback (most recent call last):
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/_scripts/synapse_port_db.py", line 682, in run
    allow_outdated_version=True,
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/_scripts/synapse_port_db.py", line 626, in build_db_store
    prepare_database(db_conn, engine, config=self.hs_config)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/prepare_database.py", line 146, in prepare_database
    databases=databases,
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/prepare_database.py", line 514, in _upgrade_existing_database
    module.run_upgrade(cur, database_engine, config=config)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/schema/main/delta/78/02_validate_and_update_user_filters.py", line 85, in run_upgrade
    cur.execute(copy_sql, (f"{hostname}",))
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/database.py", line 417, in execute
    self._do_execute(self.txn.execute, sql, parameters)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/database.py", line 469, in _do_execute
    return func(sql, *args, **kwargs)
sqlite3.IntegrityError: UNIQUE constraint failed: temp_user_filters.user_id
Traceback (most recent call last):
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/_scripts/synapse_port_db.py", line 682, in run
    allow_outdated_version=True,
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/_scripts/synapse_port_db.py", line 626, in build_db_store
    prepare_database(db_conn, engine, config=self.hs_config)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/prepare_database.py", line 146, in prepare_database
    databases=databases,
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/prepare_database.py", line 514, in _upgrade_existing_database
    module.run_upgrade(cur, database_engine, config=config)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/schema/main/delta/78/02_validate_and_update_user_filters.py", line 85, in run_upgrade
    cur.execute(copy_sql, (f"{hostname}",))
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/database.py", line 417, in execute
    self._do_execute(self.txn.execute, sql, parameters)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/database.py", line 469, in _do_execute
    return func(sql, *args, **kwargs)
sqlite3.IntegrityError: UNIQUE constraint failed: temp_user_filters.user_id
UNIQUE constraint failed: temp_user_filters.user_id

Ok, so the latest version did not work. I fired up a distinct VM on Buster and installed the corresponding matrix-synapse-py3 package, upload the homeserver.db and homeserver.yaml files to it and ran the same command.

No dice. Database seems corrupted somehow.

I ended up moving the homeserver.db file out of the way, and a new one has been created, matrix-synapse is now starting up !

That’s nice and workable, but how about my history ? Is it forever lost ?

I ended up attempting to re-use the synapse_port_db tool on this new database, and import was successful ! There must be something inconsistent in that « corrupted » DB, because it is fully workable by the sqlite3 commandline tool.

I re-ran the synapse_port_db tool again in verbose mode, and this part of the log gave a hint of where to look:

2023-06-22 14:23:23,195 - synapse.storage.SQL - 449 - DEBUG - [SQL] {prepare_database} INSERT INTO temp_user_filters ( user_id, filter_id, filter_json, full_user_id) SELECT user_id, filter_id, filter_json, '@' || user_id || ':' || ? FROM user_filters
2023-06-22 14:23:23,195 - synapse.storage.SQL - 454 - DEBUG - [SQL values] {prepare_database} ('askarel.be',)
2023-06-22 14:23:23,195 - synapse.storage.SQL - 471 - DEBUG - [SQL FAIL] {prepare_database} UNIQUE constraint failed: temp_user_filters.user_id
2023-06-22 14:23:23,196 - synapse.storage.SQL - 475 - DEBUG - [SQL time] {prepare_database} 0.000266 sec
2023-06-22 14:23:23,196 - synapse_port_db - 849 - ERROR - 
Traceback (most recent call last):
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/_scripts/synapse_port_db.py", line 682, in run
    allow_outdated_version=True,
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/_scripts/synapse_port_db.py", line 626, in build_db_store
    prepare_database(db_conn, engine, config=self.hs_config)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/prepare_database.py", line 146, in prepare_database
    databases=databases,
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/prepare_database.py", line 514, in _upgrade_existing_database
    module.run_upgrade(cur, database_engine, config=config)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/schema/main/delta/78/02_validate_and_update_user_filters.py", line 85, in run_upgrade
    cur.execute(copy_sql, (f"{hostname}",))
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/database.py", line 417, in execute
    self._do_execute(self.txn.execute, sql, parameters)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/database.py", line 469, in _do_execute
    return func(sql, *args, **kwargs)
sqlite3.IntegrityError: UNIQUE constraint failed: temp_user_filters.user_id
Traceback (most recent call last):
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/_scripts/synapse_port_db.py", line 682, in run
    allow_outdated_version=True,
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/_scripts/synapse_port_db.py", line 626, in build_db_store
    prepare_database(db_conn, engine, config=self.hs_config)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/prepare_database.py", line 146, in prepare_database
    databases=databases,
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/prepare_database.py", line 514, in _upgrade_existing_database
    module.run_upgrade(cur, database_engine, config=config)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/schema/main/delta/78/02_validate_and_update_user_filters.py", line 85, in run_upgrade
    cur.execute(copy_sql, (f"{hostname}",))
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/database.py", line 417, in execute
    self._do_execute(self.txn.execute, sql, parameters)
  File "/opt/venvs/matrix-synapse/lib/python3.7/site-packages/synapse/storage/database.py", line 469, in _do_execute
    return func(sql, *args, **kwargs)
sqlite3.IntegrityError: UNIQUE constraint failed: temp_user_filters.user_id
UNIQUE constraint failed: temp_user_filters.user_id

So i need to look into the user_filters table:

# sqlite3 homeserver.db 
SQLite version 3.27.2 2019-02-25 16:06:06
Enter ".help" for usage hints.
sqlite> select * from user_filters;
frederic|0|{"room":{"state":{"lazy_load_members":true},"timeline":{"limit":20}}}|
anita|0|{"room":{"state":{"lazy_load_members":true},"timeline":{"limit":20}}}|
frederic|1|{"room":{"state":{"lazy_load_members":true},"timeline":{}}}|
frederic|2|{"room":{"state":{"lazy_load_members":true}}}|
frederic|3|{"room":{"state":{"lazy_load_members":true},"timeline":{"unread_thread_notifications":true}}}|

There are 3 extra filters in that table. Could it be that those filters are making the homeserver freak out ? I have a backup of the file, so let’s go and delete those entries:

sqlite> delete  from user_filters where filter_id=3;
sqlite> delete  from user_filters where filter_id=2;
sqlite> delete  from user_filters where filter_id=1;
sqlite> select * from user_filters;
frederic|0|{"room":{"state":{"lazy_load_members":true},"timeline":{"limit":20}}}|
anita|0|{"room":{"state":{"lazy_load_members":true},"timeline":{"limit":20}}}|
sqlite>   

Everything looks fine, let’s try importing this into our postgres database:

# synapse_port_db --sqlite-database homeserver.db --postgres-config homeserver.yaml -v
2023-06-22 14:56:51,757 - synapse.config.key - 153 - WARNING - This server is configured to use 'matrix.org' as its trusted key server via the
'trusted_key_servers' config option. 'matrix.org' is a good choice for a key
server since it is long-lived, stable and trusted. However, some admins may
wish to use another server for this purpose.

To suppress this warning and continue using 'matrix.org', admins should set
'suppress_key_server_warning' to 'true' in homeserver.yaml.
--------------------------------------------------------------------------------
Preparing sqlite3...
2023-06-22 14:56:51,811 - synapse.storage.SQL - 449 - DEBUG - [SQL] {prepare_database} BEGIN TRANSACTION
2023-06-22 14:56:51,811 - synapse.storage.SQL - 454 - DEBUG - [SQL values] {prepare_database} ()
2023-06-22 14:56:51,811 - synapse.storage.SQL - 475 - DEBUG - [SQL time] {prepare_database} 0.000029 sec
2023-06-22 14:56:51,811 - synapse.storage.prepare_database - 120 - INFO - ('main', 'state'): Checking existing schema version
2023-06-22 14:56:51,812 - synapse.storage.SQL - 449 - DEBUG - [SQL] {prepare_database} BEGIN TRANSACTION; /* Copyright 2015, 2016 OpenMarket Ltd * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * *    http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ CREATE TABLE IF NOT EXISTS schema_version( Lock CHAR(1) NOT NULL DEFAULT 'X' UNIQUE,  -- Makes sure this table only has one row. version INTEGER NOT NULL, upgraded BOOL NOT NULL,  -- Whether we reached this version from an upgrade or an initial schema. CHECK (Lock='X') ); CREATE TABLE IF NOT EXISTS schema_compat_version( Lock CHAR(1) NOT NULL DEFAULT 'X' UNIQUE,  -- Makes sure this table only has one row. -- The SCHEMA_VERSION of the oldest synapse this database can be used with compat_version INTEGER NOT NULL, CHECK (Lock='X') ); CREATE TABLE IF NOT EXISTS applied_schema_deltas( version INTEGER NOT NULL, file TEXT NOT NULL, UNIQUE(version, file) ); -- a list of schema files we have loaded on behalf of dynamic modules CREATE TABLE IF NOT EXISTS applied_module_schemas( module_name TEXT NOT NULL, file TEXT NOT NULL, UNIQUE(module_name, file) );
...
2023-06-22 14:57:13,179 - synapse.storage.txn - 738 - DEBUG - [TXN START] {has_completed_background_updates-2}
2023-06-22 14:57:13,179 - synapse.storage.SQL - 449 - DEBUG - [SQL] {has_completed_background_updates-2} SELECT 1 FROM background_updates
2023-06-22 14:57:13,179 - synapse.storage.SQL - 454 - DEBUG - [SQL values] {has_completed_background_updates-2} ()
2023-06-22 14:57:13,180 - synapse.storage.SQL - 475 - DEBUG - [SQL time] {has_completed_background_updates-2} 0.000084 sec
2023-06-22 14:57:13,180 - synapse.storage.txn - 842 - DEBUG - [TXN END] {has_completed_background_updates-2} 0.001567 sec
Pending background updates exist in the SQLite3 database. Please start Synapse again and wait until every update has finished before running this script.

Looks like importing works. Let’s stop the homeserver and insert our doctored database in place:

// Insert text here

Holy shit ! It works ! The previously corrupted homeserver database is now working again !

By Askarel in en
Smart phones, despite their popularity, are overrated pieces of shit. They are unfit for normal everyday use and will let you down at the worst moment you can imagine, regardless of how careful you are with them.

3 phones – all dead

Nokia E51

The first smartphone i had. Bought in 2009 and running Symbian S60, the OS was utterly obsolete when i unpacked the phone. The SSL implementation is broken and forced me to switch from Exim (GnuTLS) to Postfix (OpenSSL) on my mail server so i can be able to send e-mails. Typing text on a numeric keypad is just painful. The web browser is unusable. Updating the phone requires a computer running Windows XP and the Nokia software suite. The battery gave way end of 2011, leaving me with only one short phone call of autonomy. Totally useless nowadays.

Samsung Galaxy Nexus

First foray in the Google ecosystem in mid-2012. I had the Apple iPhone in hand at that time, but the apple walled garden just did not convince me with it’s closedness, so i settled for a more open platform. The software was OK, but the hardware is total shit: the wifi died 9 months after purchase, it was like the wifi chip has been pulled from the phone. Beginning of 2014, i cracked the screen with my belt buckle, but it was still usable. Then, in july 2014, during my holidays, the baseband died: impossible to send or receive phone calls, data, and SMSes. The only radio left working was Bluetooth. Oh, and i received only one system update beginning of 2013, making it totally unsecure nowadays if it was working properly. Utterly useless.

Jolla

Since i was out of phone, i needed a replacement one. The Edward Snowden revelations about mass surveillance made me reconsider which OS my phone would be running. I settled on the Jolla, mainly for being developed and hosted in the European union, despite being manufactured in China. The phone is running SailfishOS, with the DalvikVM to run Android applications. The phone feels cluncky, but is useable. The hardware gave me a lot of issues:

  • The speaker stopped working at random: the only fix was to whack it on the table
  • Bad contact with the battery: The phone rebooted with a battery fully charged
  • The baseband is crashing at random, especially when there is poor coverage. Reboot required to get 3G signal back
  • Bad contact with the USB charging connector: the phone just won’t charge anymore
  • not-so-great camera
  • Very bad android support and the web browser is slow as hell
The aftermath

I was thinking about starting to develop some software for those platforms, turns out they are not worth wasting any time on, except if it can be something simple like a shell script. They are totally insecure by design (in software, in UI design, in hardware, and in general concept), and should not be relied on for anything.

The ideal phone for me has not been invented yet. here are the features i’m looking for in a phone:

  • can survive a 1m drop
  • Can cross 4 countries the same day without requiring a reboot
  • Regular software updates
  • Fully encrypted mass storage
  • Root access and no dependency on third parties, especially the ones in the US (Facebook, Microsoft, Google, Apple)
  • A speaker loud enough so i can hear the ringtone one meter below my ears
  • Dual or triple profile that can be triggered by passcode entry alone (duress mode: a real profile and one or two with fake data, like a TrueCrypt hidden container), so you don’t expose all your data at once to a third party, even under torture.
  • Call filtering: depending on the last profile activated, it will ignore selected calls and/or messages, but will give you everything if you open the « trusted » profile
  • A battery that can last two days on a single charge
  • A decent and well debugged 3G baseband (Yes, 3G: i don’t care about fancy 4G or 5G, give me something stable that works)
  • Fully sandboxed applications (Stop that non-sense of applications that freely access all your data and data from other applications)

For now, i will live without phone. I’m available on several channels (e-mail, IRC, but not facebook). My SIM card will happily live in a 3G dongle, so i can still receive SMS in a limited fashion. Fuck phones, they are a disturbance anyway…

My new phone.

 

Tags: , , , ,

By Askarel in en
This is one thing among many others i have to say against Telenet: once the modem reboots (and it can be quite often, always requested by Telenet), the port of the switch just shuts down and block all access to the modem. Very embarrassing…

Let’s see what’s going on in the switch via the serial console:

Switch>enable
Switch#show interface status err-disabled

Port Name Status Reason Err-disabled Vlans
Fa0/23 err-disabled loopback
Switch#

Something you need to know about the Cisco is that the switch send keepalive packets down all active ports. When the modem reboots, it’s echoing the keepalive packet back to the switch. The switch freaks out and disable the port, cutting you off the internet.

The solution is pretty easy: all you need to do to is to turn off keepalives for that interface:

Switch#config t
Switch(config)#Interface fa0/23
Switch(config-if)#no keepalive
Switch(config-if)#end 
Switch# copy running-config startup-config
Switch#

Now that we disabled the keepalive,it’s time to re-enable the port. You have to manually shut it down and re-enable it to clear the err-disable state:

Switch#config t
Switch(config)#Interface fa0/23
Switch(config-if)#shutdown
Switch(config-if)#no shutdown
Switch(config-if)#end 
Switch#

Enjoy your recovered internet. 🙂

 

Tags: , ,

By Askarel in en
I started to play with the Juniper SRX platform a few month ago. I got a SRX 220 on loan from Rafael and i bought a SRX100 for my experimentations. The JunOS operating system installed on the boxes is heavily based on FreeBSD, so we’re in familar Unix-land. This is going to be fun. 🙂

I have access to lab documentation, but i will not exactly reproduce the setup from the books: there will be some adaptations (mainly about port numbering) that will fit my lab setup, since I will work on those devices from a remote location and i will not enjoy 100% physical access during my exercises. To make matters even more interesting, i still have my old ADSL connection that will be used as a separate internet access.

The default configuration is a simple NATing firewall/router, similar to the one you might expect from a stock OpenWRT installation. There is a web interface, but i will just ignore it, so let’s dig out the Cisco serial cable and connect to the console port.

Configuring the SRXes over serial port is nice, but they are available only in limited quantity on my Terminator server, so we will start by setting up the devices for a more convenient ssh access from my home network. The config statements allow for comments: they start with the character ‘#’ and the commands will be peppered with them, so you can copy-paste huge blocks of text at once.

We will start with the SRX100: the management port is connected to port 7 on the firewall

# Set system root password (REQUIRED)
set system root-authentication plain-text-password 

# Check if config passes
commit check 

# Remove interface from bridge
delete interfaces fe-0/0/7 unit 0 

# Add ssh pubkey
set system root-authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC98TAUD9PPuzRj5uyHWlxZiXGLm1JI7T2hPNwmW9pU5V/guoJ90VTNQ7lugEoX8HYxB7JC0/RA5ogJBkhcQHIAMIGT6yM7F2zzVv9LadbiMU0KrB2dZVmPKKxi49uqqj+d8zIWTbm4tLf7xdF42kr7c2AUl1kYzaD1ymlAXSavvHTg7y/h2/mZ36F7WZmVwa7Q6iI5Vuca66lauwGgl1ETS2lwneQn+CWDZFMSFDT9TmphR8mpISi8063oTwvvHa/t0bpeQnKltg1iqM2YGTlIGTgXuEWsiAARfF96zhOUAXseA9WHeCTDUITmycFau4+ILxVH47Z6oC11W52BtwIf frederic@pekko"

# Set IP address
set interfaces fe-0/0/7 unit 0 family inet address 192.168.4.60/26

# Put interface into mgmt zone and activate services
set security zones security-zone mgmt interfaces fe-0/0/7.0 host-inbound-traffic system-services http
set security zones security-zone mgmt interfaces fe-0/0/7.0 host-inbound-traffic system-services https
set security zones security-zone mgmt interfaces fe-0/0/7.0 host-inbound-traffic system-services ssh
set security zones security-zone mgmt interfaces fe-0/0/7.0 host-inbound-traffic system-services ping

# save changes
commit

# From now, ssh is available and we can disconnect the serial interface. It won’t be used for the rest of the experimentations unless we need to move the management interface to another port. Now, let’s set up PPPoE…

set interfaces fe-0/0/0 unit 0 encapsulation ppp-over-ether
set interfaces pp0 unit 0 ppp-options chap local-name <YOUR_USERNAME>
set interfaces pp0 unit 0 ppp-options chap default-chap-secret <YOUR_PASSWORD>
set interfaces pp0 unit 0 pppoe-options underlying-interface fe-0/0/0.0
set interfaces pp0 unit 0 pppoe-options client
# When using PPPoE, always set MTU to 1492
set interfaces pp0 unit 0 family inet mtu 1492
set interfaces pp0 unit 0 family inet negotiate-address
# Explicitly tell to use the PPPoE interface as default route
set routing-options static route 0.0.0.0/0 next-hop pp0.0 metric 0
commit

At that point, the PPPoE session is established. Let’s check it:

run show interfaces terse

<snip>
...
</snip>
pimd up up 
pime up up 
pp0 up up
pp0.0 up up inet 62.235.222.80 --> 62.235.222.1
ppd0 up up
ppe0 up up
st0 up up
tap up up
vlan up up
vlan.0 up up inet 192.168.1.1/24

This looks good ! We have an IP address from our ISP ! Let’s attack the SRX220…

 

Tags: , ,

By Askarel in en
My girlfriend bought a huge candle holder some time ago. Unfortunately, she has a carpet on the whole floor and the candles tend to drip their wax on it, which makes a terrible mess that stick like hell and is a real bitch to clean up.

We could not find any suitable protection in any shop around, until I went to Ikea and I found this.

Carpet protection for desk chair

Okay, I would have preferred something circular instead of a rectangle, but the shortest side length was exactly what i needed. Given the price, i bought two of them and used one under my desk chair, the other was left to be butchered. 🙂

Finishing the cut

Finishing the cut

I marked the center of the sheet and made a hole small enough to snugly fit a small nail. Then the whole thing has been nailed to the side of my table because i lacked some clamps. Of course you will ruin your table doing so, but it was the most reliable way for me to have the roundest shape possible. You should use a piece of scrap wood and extra clamps if you value your table. 🙂

Dremel tool

This is not a drill bit

 

The cutting rig: detail of the "rail"

Detail of the « rail »

Detail of the cutting rig

Detail of the cutting rig: Yes, Dremel, Club Mate and Gaston Lagaffe mix quite well 🙂

The leftovers of the cutting

The leftovers of the cutting

After that treatment, the resulting disc had the edge sanded down to remove plastic shavings and it now look like it was coming straight from the shop.

The finished product in action

Discrete yet effective

This is an old hack that was done 4 years ago. It still look fine today.

Tags: , , , ,

By Askarel in en
Today marks the tenth year of this domain, but my website existed already a year ago under a different name.

Lots of things happened, and the infrastructure evolved with the knowledge gained, while fooling around and screwing up things, here is a timeline of events:

  • 2003: started operating from a small ADSL line at home
  • 2004: Domain askarel.be entered my possession, Zoneedit was handling the DNS zone and the mail reception
  • 2006: First IPv6 experiments, starting with my girlfriend’s home, using a SixXS tunnel
  • 2007: Playing around with a virtual machine running on somebody else server, no great result, service got shut down
  • 2008: First dedicated server at OVH
  • 2009: Dedicated server replaced by something beefier, IPv6 appeared, Partial SSL appeared with a CACert certificate
  • 2011: Joined the DN42 project to learn more about BGP routing
  • 2013: Due to Zoneedit failing to provide IPv6 on their name servers, their US-centric approach, and the Snowden case, i am now handling my own DNS and Email became self hosted.
  • 2014: In the process of replacing the current server, after 5 years of operation, it is time to move on to fresher hardware

The future:

There are many plans in the boxes for the future. The most immediate one will be to replace the SSL certificate by a paid one and go full SSL by default, then i plan to make the infrastructure much more resilient by distributing it: i don’t like the idea of having everything in the same place, even if i have backups. Downtime will hurt.

Mid-term project will be having my own personal cloud, and the long term one will involve AS numbers. 🙂

A puzzle solved. [en]

4 juillet 2012
By Askarel in en
Vasco Digipass 810

Vasco Digipass 810

Do you remember when i opened my bank calculator ? Beside replacing dead batteries, i wanted to see what made it tick and eventually replace it by an ordinary smartcard reader and some code running on a computer.

Turns out that other people had the same idea, but they beat me by having put more time and energy into that project and ended up producing something usable.

It’s just a Python script to talk to the card. The usage is very straightforward, here are some examples:

To authenticate with the M1 key and the 23543696 challenge, type the following command:

$ ./EMV-CAP -m 1 23543696
***************************************************************************
Using this software for real financial operations can lead to some risks.
Indeed advantage of using a standalone reader is is to isolate your banking
card from big bad malwares.
Using it in a non-secured reader is taking risk that a keylogger intercepts
your PIN, a malware accesses to your card informations, or even intercepts
your transaction to modify it or operates its own transactions.
***************************************************************************
Are you sure you want to continue?
If so, type 'YES', or anything else to quit:YES
Enter PIN (enter to abort) :
Response: 45108749
$

To sign a transaction the same way than the M2 key with the challenges 09356196 and 345, use the following command:

$ ./EMV-CAP -m 2 09356196 345
***************************************************************************
Using this software for real financial operations can lead to some risks.
Indeed advantage of using a standalone reader is is to isolate your banking
card from big bad malwares.
Using it in a non-secured reader is taking risk that a keylogger intercepts
your PIN, a malware accesses to your card informations, or even intercepts
your transaction to modify it or operates its own transactions.
***************************************************************************
Are you sure you want to continue?
If so, type 'YES', or anything else to quit:YES
Enter PIN (enter to abort) :
Response: 45201783
$

Thank you Jean-Pierre Szicora and Philippe Teuwen, nice work !! 🙂

Tags: , , ,

By Askarel in en
There was some evolution since that article.

Velleman PSIN30012 with some desk clutter

The Power supply: a Velleman PSIN30012

power supply with brackets

I can has brackets ?

I finally decided to make the brackets and installed the power supply in my apartment.

The power supply can output 25A under 12V, should be enough for my applications at the moment.

I pulled some 6 mm² wires through my apartment, inside the same conduits as the network cables. There is one supply going to the datenklo (the toilet host my network, like at the Chaos Communication Camp) and two independent supplies are going to my desk. They only meet at the terminal blocks.

The power supply has been installed in the cupboard near the fuse box and is protected by a 6A breaker at the primary, sharing the circuit with the doorbell.

power supply in place

Installed and wired

6 mm² wires on the power supply

6 mm² wires on the power supply

temporary cable with XLR 4 pin female connector for the wireless router

Temporary cable with XLR 4 pin female connector

The connectors i use for the 12V power sockets are Neutrik XLR 4 pins, they are much more resilient and safer than cigarette lighter plugs (will be part of a rant in a separate article)

Problems

None so far, the power supply is running smooth and cool, but the fan is noisy like hell !!

My wireless router is running from that power supply and seems very happy about it.

The future

  • I will have to move the power supply to the datenklo: i have a noisy 24/7 ventilation in there. 🙂
  • Still need a way to integrate the XLR sockets with my light switches in such a way that it look like it’s coming straight from the manufacturer. Will be part of a separate article. 🙂
  • Rebuild my media-PC to work straight from a 12V DC source.
  • Connect LED strips to it: my bar and my kitchen will receive a bunch of LED strips.
  • Figure out how to work with pictures in WordPress, this article is a mess !!

Tags: , ,

Wall wart hunting [en]

17 janvier 2012
By Askarel in en
I found in my apartment about 10 wall warts and two linear power supplies that give the same (or similar) voltage for my equipment.

Spools of red and black wire with a power supply

Let the hunt begin

I would like to get rid of those power bricks and have a more consistent and centralized setup. I hope to make some savings in the process by using a more efficient oversized switch mode power supply. Another advantage is that if i want an UPS on that line, i just need to connect a SLA battery.

My apartment will be wired with 6 mm² wires carrying 12VDC: one branch go to the networking area, the other two go to my desk.

Let’s lay down some wires !!

Tags: , ,

By Askarel in en
Package content

Package content

Today i received the GSM shield for Arduino from Open Electronics. I rushed to get a pre-paid SIM card to start playing with the new toy.

I just realised that i don’t have an arduino board yet in my personal toolbox, but i can borrow one from the hackerspace to start experimenting.

I have two projects in mind:

  • mailbox watcher: Since the mailbox is far from my apartment and not within my regular walking path, (and i am a lazy person ;-)), i want the board to send me an SMS when a letter is landing in the mailbox. This is also a nice opportunity to experiment aggressive power saving and see how long can a set of fresh batteries last.
  • Hackerspace door opener: I am also building a motorized lock for the local hackerspace. I don’t know yet what kind of remote control we can use, but it has to be democratic enough. This is not the most original project: the Ghent hackerspace already did it.

Assembly

GSM shield assembled

GSM shield assembled

The shield come as a kit, some soldering is required, but nothing too serious (only through hole components, 2,54 mm pin spacing). In my case, only the switch SW1 was tricky to install.

That’s all for the moment, time to write code.

Tags: , , ,