zaterdag 28 november 2009

IPv6 anytime

Having IPv6 connectivity is really sweet, at times. The preferred way would be a native connection, but since there are hardly any ISP offering IPv6 on their networks, one needs to tunnel.

Tunneling is basically accepting IPv6 traffic on a local interface, putting it into an IPv4 packet, sending it to a host in the Internet that does have IPv6 connectivity, unpacking the IPv6 packet out of the IPv4 container, and letting it go via the IPv6 network. Tunnel brokers like SiXXs & HE are really good for this. They offer free connectivity, clients, instructions and what have you not, to setup a nice Any to Any tunnel.

But when you are in a network that is somehow blocking tunneled IPv6, easily detectable by firewalls because it is marked as a protocol 41, you will not be able to setup your elegant tunnel. Public WiFi, hotels, companies, all sorts block protocol 41.

Luckily there are more options. One of the more stealthy methods is implemented in the Teredo tunnel. It is specifically designed to work behind NAT'ed devices, something the ISATAP router does not handle since it needs public IP connectivity. "Nice' thing about ISATAP is that Vista, 7 and windows 2008 machines will automatically configure an ISATAP interface when the name isatap is resolvable in the local domain [hint]. So if the record isatap.example.com IN A 1.1.1.100 exists, you're in business. But I digress.

Teredo is also implemented for free and automagically on your windows machines... IF they are not member of an Active Directory [hint]. It is also available for linux & BSD and there is a [old] implementation that runs on OSX [including Snow Leopard] too.

The name is not an incident either. As on WikiPedia: "The initial nickname of the Teredo tunneling protocol was shipworm. The idea was that the protocol would pierce holes through NAT devices, much like the shipworms bore tunnels through wood. Shipworms are responsible for the loss of very many wooden hulls, but Christian Huitema in the original draft noted that "the animal only survives in relatively clean and unpolluted water; its recent comeback in several Northern American harbors is a testimony to their newly retrieved cleanliness. Similarly, by piercing holes through NAT, the service would contribute to a newly retrieved transparency of the Internet."
Christian Huitema quickly changed the name to Teredo to avoid confusion with computer worms[2]. Teredo navalis is the Latin name of one of the best known species of shipworm."

The 'self healing capabilities' of 'the Internet' and the features in IPv6 especially, called Neighbor Discovery, open a whole class of challenges themselves. Initially for the network designers and operators but soon for malware writers too. Luckily the part of the RFC for IPv6's Type 0 Routing Header has already been depreciated. It made possible the good ol' source routing but then 88-fold amplification. It has been demonstrated at CanSecWest07 by Philippe Biondi & Arnaud Ebalard, they are the developers of 'scapy' a powerful interactive packet manipulation program.

Have fun and good luck getting packets flowing the way you like it.

dinsdag 17 november 2009

Treasure hunting ;)

With the 'holiday season' coming up, buying presents is on it's all time high. I like buying presents. As a matter of fact, giving presents becomes more fun with age then receiving. I guess that dates me :)

With marktplaats in Holland & ebay as a global fleemarket, hunting for cheap stuff is easier then ever. But there is an angle to make it more fun, because paying too much is for tourists. So lets employ some good old SE on the matter.

A good lesson to start with is to get to know the subject. As an example let's use Steam Engines. The top of the world market is being served by the long standing traditional firm Wilesco. They've been in the steam engine market since [or slightly before] James Watt improved the concept of steam power to a useable level, and even have a Wiki page, in three languages, including Japanees [someone say market?] :)

Reading fan pages is a treasure trove of 'unwritten' useable information, mostly you will be looking for hobbyists and other self proclaimed experts.

Then it's time to scrunch the Internets. Hit graigslist, Marktplaats, Ricardo and other 'local' fleemarkets and compair the offers and prices with the 'global' ebay prices.

Of course, the Wilesco D32 is the all time classic, with prices ranging between 1.000 and 1.500 euroos. A super collectors item is the Wilesco R200 atomkraftwerk, rare & expensive. The top spots will be a rough market and not something we amateurs want to burn our fingers on with a first try.

Since the example of the Wilesco repairman deals with a D24, I propose we start hunting for a nicely priced D24. The D24 is a powerhouse. It is the steam engine with the largest cattle volume of the whole Wilesco range.

One of the cool features of the D32 is the controle panel, the D24 has that [smaller and less] too. See here:


Google "Wilesco D24" for starters and see what you come up with. Then do the same but on your local flee market and repeat it on the International ebay. There are some pretty astounding price differences to be observed. Certainly some of them can be explained based on quality and age but the local culture is a big factor too. Try to leverage that. Dealing with people from other countries used to be hard and painful. With the coming of the Internet and the disappearing of the borders in our global villages, things are getting easier by the day. Often sellers will even state if they will post items international and if they do not, a couple of words in their own language is a good starting point. I like to use google's translate for that purpose.

Very good [for you] deals can be made with people who do not know what they're dealing with. Tell tail signs are misspelled items, incorrectly labeled items [not mentioning the type in the description is sweet], lousy pictures [too much mess around the object, dark, unsharp] and people who are clearly selling stuff that is not theirs [from past away family members, NOT stolen stuff!].

A deadly sin and pit fall in the process is... making a bit.

Never ever make a bid. Do not even think about it. People are lemmings, once they see -you- making your bid, they will not hesitate to over bid. With most online flee markets I have seen it is easy to start an email or skype conversation that is out of sight of your fellow hunters. In case of ebay that is all nice and good but most sellers there do want you to bid. If it has to be, we will comply, but on our terms.

AuctionSniper is one such 'turn the table' tools. It allows for automatic & scheduled bidding. This is good for multiple reasons:
- it allows you to bid at the last second [no one can over bid]
- you do not have to sit behind your screen at odd times when specific auctions end
- most important: it takes the emotion out of your bidding

The emotion thing is where we are suckered into spending way too much on far too little. I will not even start giving examples ;) The cool feature of a scheduled bid is that it allows you to check your information sources, make up a price and forget about it. You will not get suckered into over bidding the guy who hunts for the same items and over bids you by 2 Euroos every time. No, you've set your price and either get it or do not.

I picked up a very decent D24 for <100 Euro. Sinterklaas will be proud to see the smile on the receivers face.

Happy hunting.

zondag 15 november 2009

IPv6 work...ed!

Apple owners where responsible for a surprisingly large number [0.238 percent ] of IPv6 enabled google users. Thanks to the wizards at Cupertino, who decided on Infinite wisdom Loop to meddle with mDNSResponder so now it cancels the queries and shuts down the socket after the first responses are in. Big change these are A responses so the AAAA replies will be /dev/null'ed leaving the end user [application] with no option but to access the resource via... IPv4.

Mistakes happen, but with 10.6.2 the issue is still here.

The DHCPv6 client is not available for MAC users either, that does not help since it's basically required to play nice with ISP's and other large network operators [large[r] companies come to mind]. Neither is there a lot of documentation on the IPv6 implementation.

Finally improving the Apple Airports with [more complete] IPv6 support is a good thing... unfortunately: it is a New Feature and as such, will NOT be available for us loyal Apple hardware buyers. Only the currently for sale AirPort Extreme & Time Capsule are lucky enough to have this 'New Feature' so you're out of luck if you thought you could snatch up a 'cheap' AirPort Express: they do not have it.

So IPv6 on my beloved Apple setup is basically broken and the future looks dim. Microsoft is miles ahead with working IPv6 since Vista. Thank G*d not to many people read this since otherwise the street credibility of OSX would be down yet another point. Microsoft's DirectAccess could develop into the first IPv6 'killer app' and that both makes me happy [IPv6 FTW!] and sad: why my BSD based OS is not leader of the pack is beyond me, except that maybe, just maybe, IPv6 is really not as much in demand as I -think- hoped it was.

As a desert, I offer you a link that I missed before, but certainly love as much as a lot of the other work of the author.

maandag 9 november 2009

Mod'ing for fun and pleasure

The PSP's the PS the Wii: all can be moded to allow for 'distributed backups' of your [owned OFC] games to be run. One of my daughters participated and won a contest last weekend and came home with a fresh Wii. Our first Wii we got from Austria via friends when it was just released 3 years ago and unobtainable here in Holland. The kids liked it alright, but after a couple of weeks the novelty was off and the Wii turned into a dust collector. We made someone very happy by selling it complete with the controllers, accessories & games right before new years eve.

So now, 3 years later we are the happy owners of a Wii again. It came with the usual Wii Sports game, but nothing more. Blast: the box comes with only one controller, and what is more exciting then beating someone in a heads on? So lets run out and get a second controller FAST.

Configuring & connecting the device is a brease although it is a pity there is no HDMI connectivity. After entering the 'WEP' password [riiiight] a whole Wii world opened up like a deja vu: the Wii shop & Wii credits! How could I have forgotten? Let's open the box of pandora and soft mod it first to be able to test drive some of these distributed backups first.

It takes the better part of an hour to finally get to the source of the homebrew scene. Just like most moding software, be it for the iPhone or Wii or any other device, there is people who are scamming their arses off and want to make you pay for download links and instructions. Somehow these dudes are such experts on SOE that they manage to basically p0wn the first page of google and make you navigate through all sorts of blogs, affiliation links and what not. After glancing over a page or 10 you get the idea of the gist of the basic requirements & tools like BannerBomb BootMii WiiKey and what have you not.

All pieces fall together when you find instructions in simple documents called README-HBC.txt and the like. The process is fairly simple:
Have & format your SD card, download and copy a couple of files, start the Wii, install the HomeBrew channel: done!

All in all it took longer to find the 'I accept all legal mumbo jumbo' agreement in the Wii menu to be able to access the online content of the original Wii channels then it took to mod the box. Now that Linux is running on the box, the kids can relax and spend their time breaking records & battling out competitions with friends for bragging rights.