[	Tags	|	bifest, birmingham, eve's house, identity activism, manchester, old skool daze, organisation	]
[	mood	|	rushed	]
[	music	|	The Sisters of Mercy - "Under the Gun"	]

Next week == Stupidly busy

Monday

Work as usual, followed by identity activism in the pub afterwards. I am meeting up with a bloke from bloody Real Fathers For Justice who wants to do an event with us. There are times when I like being part of a single-issue campaign which doesn't get involved with other issues.

Tuesday

Up on the early train to Stoke-on-Trent, working from home at greyeyedeve's. This is because my sister will be joining me at noon, for three estate agents' visits to get the property valued and on the market ASAP. I'll have to take my lunchbreak from work at about 4pm (must remember to stop off at the village pie shop so I can eat at my "desk"), when I'll jump in my sister's car and off to Birmingham.

After finishing my day at work from my sister's Internet connection, I'll fulfil my half of the bargain, by sorting out the transferral of her Windows desktops & Linux server from her shop (which is being refurbished) to her house, and networking them there. Not sure what time I'll finish, but I might be up for a pint in the King's Heath / Stirchley area - are you around, _tonylee_? Sadly, I'll be missing both Bisociality and the FAB Cafe 9th birthday party back in Manchester.

Wednesday

Up on the stupidly early train back to Manchester, straight into the office. Need to get some BiFest posters up in Afflecks' on lunch break. Meeting up after work with Morag to hand over some identity activism stuff for a gig she's organising, then off to the Town Hall Tavern for the identity activists' meeting.

Thursday

Work as usual. I might actually have a fairly chilled out day.

Friday

Work as usual. After which I'll probably be off to Bollox for the pre-BiFest clubbing antics.

Saturday

Manchester BiFest, where I'm running two workshops which I really need to lick into shape ASAP.

Next Sunday may well be spent in bed curled up in a little ball making wibbling noises.

I have a Debian GNU/Linux server in my sister's shop in Birmingham; it provides a Samba fileshare for the Windows desktops as well as an OpenVPN server for remote access from my sister's home laptop. Backups have been on an ad-hoc basis whenever we remember to get round to it, which is distinctly sub-optimal particularly in the face of the hard drive crash we suffered recently.

I have finally gotten round to writing a backup script for the shop - they have less than 4.4Gb of data, so can just dump onto a DVD-R every month or so. Pretty much all the existing backup options seemed overkill for this, and yet my script is not entirely trivial. I paste it here, licensed under the GNU GPL in case others find it useful or want to criticise my bash-fu:

( Source code, probably boring )

I've set this script to run every midnight, which gives me some confidence that a daily nagging via e-mail may eventually end up in fresh DVDs being put into the drive.

Anybody (know somebody) in Birmingham who wants to earn a little cash by setting up Apache and MySQL on a Zaurus before Friday? I doubt it'll be much work, but I'm not free until the weekend.

As some of you already know, my sister runs a website, The Ticket Sellers, which provides online ticket sales for gigs and clubs. When you buy a "ticket" online, you get a reference number. The promoter gets a list of names and reference numbers, and on the door you can say "I am Foo Jones and my reference number is Bar" and they'll let you in.

This solution works, but does not scale well to large venues where there are hundreds of sales through the site and multiple door queues. We are looking at implementing a solution as follows:

1. When online ticket sales close (normally about half an hour before doors open), the promoter downloads the door list to a "master" PDA and takes it to the venue (or the "master" PDA has GPRS / 3G access to the Internet).
2. The "master" PDA runs a server which allows it to be the canonical list for which reference numbers are valid, and which have already been checked.
3. Two or three "client" PDAs communicate with the "master" PDA via wifi (they will be close to each other so range is not a problem). They have an application (as does the "master") which allow reference numbers to be validated and crossed off.

My gut instinct (being what I'm familiar with) is to run some kind of web server on the master PDA and use web browssers on the clients. However, my PDA-fu is weak. I know there are DRM-style problems with some phones / PDAs and being able to run custom applications (such as a mini web server). These need to be on handhelds rather than laptops because they'll be used by door staff in busy queues.

Can anyone recommend me a PDA or phone which does / can have Internet access, supports wifi (preferably with WPA-type encryption; I can work around it but wouldn't put it past other wifi phone users to try and sniff a valid reference number out of the ether), and could run an application like this? If anybody knows an existing application (either commercial or freely available) which could be used for the software side of things, that'd be great too.

[	Tags	|	geek, hard drive recovery, old skool daze	]
[	mood	|	sleepy	]

Thanks for your recommendations and advice in my last post. By the time I went to bed on Monday night, I'd e-mailed four or five companies and people asking for quotes, done a little more research on drive recovery, and generally felt sufficiently in control of the situation to sleep soundly.

On Tuesday, my sister discussed the situation with her business partner, checked what they had backed up, and told me that it was worth up to £300 to have the hard drive recovered professionally by the end of the week. As the day went by, I had variou e-mails (though several of the companies either never got back to me or did so too late) and nothing matched this limit, so after work I went down to Birmingham and installed Debian on a brand new hard drive in the server. I managed to find a CD onto which I'd backed up the OpenVPN encryption keys, which made life a little easier.

Getting everything set up nicely is always time-consuming, and so I only had time to use dd_rescue to recover the data partition from the old drive onto the new drive, and not to analyse the contents. Even then, we didn't leave until gone midnight. I got round to logging in over SSH on Wednesday night after work and a No2ID meeting, and used xfs_repair on a copy of the partition image. I managed to loop-mount the image as a filesystem and it looked like most of the files were present. My sister has had a look today and it looks like she's got everything that was important.

So in future, I think she may be more mindful about performing backups... and I'll be looking at setting up some kind of overnight rsync to my home ADSL connection.

[	Tags	|	geek, hard drive recovery, old skool daze	]
[	mood	|	worried	]

Why is it that every time something goes wrong with the computers in my sister's shops, it's always a total fucking catastrophe?

( The Story So Far )

The situation is this: It's a 20Gb Maxtor 2B020H1 drive, with a 5Gb ext3 partition, a 10Gb xfs partition, some free space and a bit of swap. The xfs partition has about 5Gb of data on it, mostly Word documents, which need recovering. This information is very important for the business, and my sister's prepared to pay a fair amount to get it back pretty quickly. It looks like I have two options:

Data Recovery Firm

I have e-mailed the South Birmingham LUG (there is no North Birmingham LUG) to ask for recommendations for local data recovery firms. I need someone who can work with Linux and xfs, and who's not going to fuck things up. I'd welcome any suggestions from Brummies and Midlanders on my friends list also. I've also contacted Hard Drive Doctor, DataClinic UK and OnTrack asking for quotes.

If we can sort out an affordable, professional solution in time tomorrow, then we can get the data back on DVD or similar and get ourselves back up and running; I can install Debian on a new hard drive in the server, copy the data back and off we go. I can then also set up more automated nagging for backups, which should save us some hassle in future.

Do It Myself

I'm a little bit nervous about this because it's not something I've done before, but I'm aware of the general techniques and have been doing a little swotting up. If we can't find someone tomorrow, I'll go down after work anyway, set up a fresh Debian install on a new hard drive in the server, stick the other hard drive in on the other IDE channel, and use something like safecopy to get an image of the xfs partition. Once I have this, I can use the xfs repair tools on a copy of the disk image to try and recover the files.

If we can't get a professional firm organised tomorrow, this looks like being our best option. I'd welcome any additional suggestions on this though.

The good thing about this situation is that although the shop's office files aren't available, the two downstairs machines can still have Internet access (since they don't require the server as a wireless access point), and the day-to-day operation of the business doesn't require access to these files, so it's not like there's a huge immediate problem. However, losing this data would have major implications in the non-immediate term, so it's important to get things sorted.

Update: I ended up restoring the data myself.

So my sister ended up getting her system from PC World after all. Buying it online meant it was £280, and we could collect it from the store an hour later. Not a bad way to save £70 on the in-store price, and almost reasonable. An extra 256Mb of RAM (for 512Mb total) was another £30. Idiotically, I forgot to bring down my spare Gigabyte wireless card from Manchester, meaning that we had to go back and spend another £25 on a D-Link.

The hardware's not bad, though there was a noticable improvement in boot time with the extra RAM installed. WinXP uses more than 256Mb just logged in at the desktop! There's a stupidly noisy case fan in the box, which I'm hoping can be disconnected, but other than that the build quality's pretty solid. It comes with some software preinstalled, most of which is reasonable (once you've told it not to run at login). However, it comes with spam for AOL which will not go away. Clicking the "do not show this spam next login" tickybox doesn't work, it's not listed in the "Add/Remove Programs" dialogue, and doesn't have a manual uninstaller. I think I've deleted enough stuff and removed enough registry keys to nuke the bastard, but I pity anyone who doesn't know about regedit.

Actual setup was comparatively painless, though WinXP is still pretty horrible to deal with, even with the Tellytubbies UI turned off. I tried setting up the first account with the name "Administrator", but it kept telling me there was an account of that name even though it wasn't listed. So I set it up with my sister's name, thinking that there must be some hidden administrative account. But the first account got administrative privileges, so I renamed it to "Root" and set up a second account with my sister's name. This has led to WinXP getting pretty confused, since it thinks that Root's documents folder is the one with my sister's name. However, since the Root account shouldn't be used often, it'll probably be OK.

I will have to express my admiration again for the WinXP firewall. Apart from the fact that it defaults to allowing Remote Assistance through, it's pretty solid. Unfortunately it seems not to allow interface-specific exceptions - I'd love to only allow connections to VNC on the VPN tun adapter, for example. However, before installing VNC I had a system with no ports open, and VNC itself I'm fairly happy to trust to only accept connections from the relevant IP range. Windows-using friends tell me that the XP firewall breaks Active Directory among other things, but for most people's purposes it's actually pretty good.

This morning I've been double-checking everything, and writing an entry for Old Skool Daze on The Open Guide to Birmingham.

[	Tags	|	old skool daze	]
[	mood	|	pissed off	]
[	music	|	Leech Woman - "Knuckle Hate"	]

My sister wants to buy a PC, from a shop in Birmingham so she can get it dealt with quickly if there's a problem, without having to ship it back to a supplier. It doesn't need to do anything fancy, just be a bog-standard Windows (grrr) box running 2K or XP, capable of running Word, Firefox and Thunderbird. Her local computer shop in Selly Oak wants over £400 for a 2.8GHz Intel box with 512Mb RAM and an 80Gb hard drive, so that's just taking the piss. PC World don't seem to sell anything cheaper than £350 in store. I think somewhere between £200 and £300 is reasonable for this system. Can anyone recommend a shop in Birmingham that'd match that price range? Feel free to repost / link to this post in Brummie-oriented communities if you think it'll help.

I'm heading to Birmingham tomorrow to (a) reimage a computer that's had its hard drive replaced and (b) document the procedure so I don't have to do this in person in future. It shouldn't take too long, so if anybody's free for a lunchtime / early afternoon drink in Selly Oak, it'd be good to see people.

[	Tags	|	geek, old skool daze	]
[	mood	|	annoyed	]

You may recall my last entry about my sister's shop in which I mentioned using Win2K's "IP Filtering" firewall functionality to secure my VPN-endpoint desktops. Unfortunately, I'd reckoned without the fact that Win2K's IP Filtering is shit. I mean, really shit. It can only filter on ports, not on port/host or port/interface (or even more usefully port/type/host or port/type/interface). It is therefore completely useless for saying "Only allow connections to the VPN port on this interface, allow all connections on the other interface".

Please recommend to me some (preferably Free or at least free) Windows firewall software which doesn't have a friendly GUI (I don't want it to pop up and disturb my lusers), which can filter on interfaces, or failing that on hosts.

Right then, I've made more progress with the aforementioned VPN network. I've realised that I'll need to do some hefty firewalling on the Windows clients to get everything to be as secure as I want. Basically, the desktops and Linux server will all be part of a WEP-encrypted wireless network (192.168.20.0/24). We all know that WEP is shite, but the cards don't support anything better (under Windows at least) and it should act as a polite disincentive to connect to anybody we don't know. The Linux server will expose only its OpenVPN port (1194/udp) on its wireless interface. The Windows clients will be set up with static addresses in 192.168.20.0/24, with no DNS and no gateway, and will connect to the VPN server, which will instruct them to use the VPN as their gateway to the Internet, and for DNS. However, the Windows boxen will still talk to machines on the WEP-encrypted network (i.e. anyone who's taken ten minutes to crack WEP). All I need to do is tell the Windows boxen to only allow connections to 192.168.20.1 on port 1194/udp, or to the VPN IP range over the tunnel device. I may even set up fixed addressing on the VPN and restrict the desktop firewall rules to just their VPN endpoints. I'm pretty sure that Windows can handle this (though I'm not sure how good it is at IP filtering by interface as well as by IP) though my sister's desktop (the only one currently accessible over the Internet) appears to be turned off so I can't check.

Once that's all set up, the Windows desktops in the shop will have Internet access through the VPN, as well as access to the fileserver on the Linux server; this means we can use that server as the canonical document storage point and back it up with the DVD writer. I will also be able to connect to the server (via SSH over the public interface rather than the VPN, since VPN clients can't talk to each other) and use VNC to access each machine securely, which will make the next step quite easy.

The next step is to make e-mail accessible from any VPN client, by use of an IMAP server on the Linux box. Existing e-mail will be copied from the Outlook installations on the desktops to the new IMAP server, and new e-mail will be downloaded to the IMAP server using fetchmail. The one thing I need to know is which combinations of Windows e-mail clients, and Linux e-mail servers, work best with this setup. Ideally I'd like (say) the info@ e-mail address to be routed to a shared mailbox, and have multiple clients accessing that mailbox simultaneously and all being aware of meta-information like whether an e-mail has been replied to. I'm guessing that this will involve use of the same IMAP client on each system, or it will be impossible. Thoughts?

Other features I would like include the e-mail client being able to get a list of mailboxes from the server (rather than having to "subscribe" to them like Thunderbird), and preferably for filtering rules to be stored on the server rather than the client, so filtering is consistent.

[	Tags	|	geek, old skool daze	]
[	mood	|	bouncy	]
[	music	|	Faith No More - "The Gentle Art of Making Enemies"	]

The magic answer included pushing the VPN IP of the Samba server to the OpenVPN client as WINS, which was easy, and configuring Samba as a WINS Domain Master Browser, easy once you'd found the relevant documentation and realised that "Domain" in a WINS context doesn't mean the same thing as "Domain" in a Samba context, that assumption being why you'd skipped those chapters of the documentation in the first place.

So here's a screenshot of greyeyedeve's desktop accessing a network share from another machine. In Birmingham. Over an encrypted link. I know that many people reading this do this sort of thing and much more impressive stuff on a daily basis, but implementing new tech and getting it to work with relative ease always makes me happy.

[	Tags	|	geek, old skool daze	]
[	mood	|	relaxed	]
[	music	|	greyeyedeve making happy noises in her sleep	]

So today has been pretty productive. Not only have I been storming through GTA: San Andreas on the playstation trying to get 100% completion (currently: street races and the driving tournaments), but I've been working on the networking at my sister's shop. In an attempt to avoid the buggy combination of wireless networking and IPSec, I'm looking at replacing having a secure and trusted wireless network with having an less-trusted network over which I run VPN. The main advantage of this is that I can use the same software to handle connections from machines in the shop, and the computer down in Zen, the second shop. As well as my sister's home PC when she acquires one and an ADSL connection. This keeps things simple and elegant.

( Gory Details )

[	Tags	|	manchester, old skool daze, stoke	]
[	mood	|	sleepy	]

Well, I'm still alive. Things are happening. Life on the whole is pretty good. Still chasing benefits, still unemployed. However, everything seems to be proceeding fairly smoothly on all fronts. I've been working on the plans for my new business venture so I can present the Job Centre with plenty of detail. I've been working on my sister's IT setup in Birmingham, having finally purchased a refurbished Pentium III from CRS (as recommended by ex²-boss Martin over here) and stuck it in her shop with a fresh Debian installation.

Now, most of what I'm doing at the moment can be done equally well from Stoke or from Manchester, thanks to the wonder of the Internet. I've been spending most of my time in Stoke, because it means spending more time with greyeyedeve. However, I've been missing out on events in Manchester, club nights and gigs, and just the opportunity to have friends round for dinner or tea or to head down the pub. For someone who moved from Oxford to have more of a social life in a bigger city, I'm not doing a terribly good job of it by hanging around in a small Staffordshire village.

The trouble is of course that spending time with Eve is the best thing EVAR and I don't seem to ever get bored of it. But at the same time I feel like I should be spending more time in Manchester and seeing more people - other than flooks, I haven't spent much time with anyone in Manchester since moving there. I still haven't seen cavalorn and lucybond, and have only spent minimal time with afpmary and stuflyer. Ironically, over the next few weeks I have a number of non-Manchester friends coming up (but more on that in a later post).

So I think I need to work out some kind of schedule or rota to divide my time more equally between the two cities. Any suggestions?

[	Tags	|	benefits, mancgoff, old skool daze	]
[	mood	|	weird	]
[	music	|	Covenant - "No Man's Land"	]

I'm back in Manchester for the weekend. Having failed to interact much with MancGoff since moving back up here, other than the Lilith Vile and Skinny Puppy gigs, I'm happy to be here on a weekend which coincides with both ARA and Sin City and will attempt to make both. Tonight I will be sleeping in my own bed (rare), alone (even more rare). Nice to see that the cats have colonised my bedroom while I've been away though - one of them was snoozing on greyeyedeve's stuff in my wardrobe when I returned.

The last few days in Stoke have been good. evath came up to see us last night, and we fed him fajitas and drank lots of beer, played San Andreas and chatted, which was lovely. Must go out and see more people like this, which will be easier once I've gotten my benefits sorted. Still no word from the Housing Benefits / Council Tax people, so I'll call them again tomorrow for another rant. Am sorting out Unemployment Benefit too, which will involve more running around. At least I've got a free day tomorrow to get stuff done.

As for this evening, it will probably see more dicking around with getting a server box sorted for my sister's shop. This has been going on for Far Too Long now. I might also look into Windows Remote Desktop Stuff instead of using VNC over SSH, since it might be faster. Of course, I think I'll need to use VNC over SSH to get access to a Windows box to install the Remote Desktop stuff, I don't seem to have one handy any more ;)

[	Tags	|	geek, old skool daze	]
[	mood	|	disappointed	]

After a fortnight of fairly dedicated research and investigation into wireless networking, mostly laid out in this previous post, I have learned the following things:

1. Wireless networking without line-of-sight over about 50 metres is very iffy
2. The only real way to figure out if it'll work is to do it and see if it works
3. If it does work, it'll probably be illegal
4. If you manage to escape prosecution, it'll probably break every time it rains

As a result, I'm just going with an ADSL line in the second shop, over which I shall perform VPN magic. It'll be slower, but more reliable.

Further to my initial ponderings and after much research (particularly from the Linux Wireless LAN HOWTO and Freenode #wireless FAQ), I think I've got this wireless networking cracked, but I'd like to just run it past people for a last-minute sanity check.

( Cut for boringness )

So basically that's it - I need to look up the cards we're using and find out the decibel or watt strength of the transmitters, and sensitivity of the receivers, and do some calculations to work out whether this is feasible, and what gain I need on the antennas, but as far as I can tell, this is a sane plan. Hence the request for a sanity check - any thoughts? Anything I'm blatantly missing? Anything I can do to test things before I start spending money?

Update: Calculations

The card I'm planning on using in the access point at Old Skool Daze is a Prism-based Linksys WMP11. According to this chart of Prism2-based card specs, it has a transmit power of 16dBm. I'm planning on using aerials with 9dBi gain at each end. The reflective path between the shops is, at an overestimate, roughly 250 metres, giving a free space loss of 88dB. I'm going above martling's estimates and assuming 15dB loss for the reflection. There's another 3dB (estimated) loss in the cables between the machines and the aerials.

Putting this all together gives a received signal strength of 16 + 9 + 9 - 88 - 15 - 3 = -72dB. This means that I'm looking for a card with a receive sensitivity of -82dB, which according to this chart of Receive Sensitivities shouldn't be too hard to obtain. Sadly, I don't have any figures for the receive sensitivity of the WMP11 to do the calculation in reverse.

Update: I think this setup might be illegal - many things I've read suggest that the power of the transmitter plus the gain of the transmitting aerial (in my case 24dB, taking into account the local cable loss) needs to be less than 20dB to avoid violating the regulations. I don't think I could get away with significantly less gain on the transmitting aerial.

Other Links: Discussion on the manchesterwireless mailing list, the conclusion.

[	Tags	|	geek, old skool daze	]
[	mood	|	annoyed	]
[	music	|	James Ray - "Lowdown"	]

Weekend very good, clog burning party doubly so. I am currently nice and groggy, but the morning's rain seems to have turned into sunshine so I'm going to dash out on the bike to various dolescum-type places. This weel will be spent finalising benefits, looking into setting up my own company on New Deal, and geeking. Oh, and writing about three million blog and OGM entries.

Anyway, further to my ponderings on wireless, the optimal solution to my problem seems to involve running the Linux server in the shop as an access point, with a big external omnidirectional aerial which will be able to radiate down the Bristol Road to the other shop. This was all fine, especially since I had a spare PCI wifi card with an external aerial connector, and I was dead set on phoning up and ordering one of the CheepLinux servers. I had a very nice chat with the guy at CheepLinux, about wifi, Samba networking, IPSec, hostap and other things, and during this conversation it transpired that the PCI slot in the CheepLinux box is only half-height. I'd assumed that it was mounted horizontally with a riser, but apparently it's not. So I can't use the PCI card I had had in mind.

My options seem to be to find a half-height PCI wifi card with external aerial connector (which I've tried to do and failed), a USB wifi adapter with external aerial adapter (again failed) or get a Shuttle or similar system (which seems to be stupidly high-spec and far more expensive). Going to think about this and work out the best option.

Update: Possibly genius level of cleverness - Get a CheepLinux box as a desktop, install Win2K on it and give it a USB wifi dongle to talk to the other machines in the shop. Recycle one of the desktops (preferably the one that's already in the right position) as the server, with the full-height, externally-connectable wifi card.

As just posted to the consume-thenet mailing list of the Consume project, and possibly of interest to Brummies and/or wifi heads on my flist:

Any suggestions for other places to propogate this? martling? And can anybody recommend some wireless repeaters? I'm basically looking for something which will take my (IPSec encrypted) local network off an omnidirectional aerial, and bounce it down a second, directional aerial to the other shop (and vice-versa). I'm aware that they exist but have no idea about makes etc.