32-bit AS numbers introduce a new BGP flaw.
imported Tech · Geek · ISP · Cisco · BGP · JunOSLast Friday, Andy Davidson, Jonathan Oddy, and I pushed out some research that has some quite worrying repercussions. Whilst I’ve heard from a lot of people privately about this matter, there’s a big flaw here, and as Andy posted on his blog (which is much more informative than mine, I think!), this is a big problem.
The reason, I think, that we’re getting limited public discussion of this exploit (I hesitate to call it an exploit, it’s a flaw really, because it’s actually a result of the RFC that the problem exists), is because the implementations of 4-byte AS support that are out there already are generally not standards compliant. Let’s run down the list:
More Di2 Stuff
imported Geek · Cycling · rob.shFollowing getting my roadbike back out for the first time in a while (been really busy since moving to Ealing!) I figured I’d look at if there’s anything more about Di2 floating around. It seems the more I see of this system, the more I want it. Perhaps Orca with Di2 is something for 2009?
I've also started tracking my rides (mostly fixed, mostly to and from work at the moment) on this site, if there's any interest, I was pondering publishing the code/a webapp to upload other people's rides. I find that MotionBased is really tedious! Comments/emails welcome on this subject.
Handy vim tip
imported Geek · WorkI’ve been working on a number of bits of code recently, and have found that it’s not entirely practical to check into RCS or SVN for every change that I’ve made. I really like to work by committing when I’ve finished adding a feature to a script, or a project. Hence, I’ve been using the vim “set backup” option. However, this has some limitations, and hence I decided to have a look at what .vimrc could do for me.
Django
imported Code · Tech · Geek · WorkSince I’ve got a few moments, and I’ve decided to actually write down some rants rather than deciding that I can’t be bothered to - I’m going to use some space to single the praises of Django.
I’ve been using Django for a couple of years now - since around the autumn of 2005, and as such, feel that I’ve got a pretty good grasp of how the framework works. I haven’t really hacked around that much with the innards of Django (although I did propose a patch), however, what I really like about this framework isn’t particularly the internals, but just the whole philosophy that there seems to be in terms of building a web application.
crontab hacks
imported Tech · Geek30 23 28-31 * * [ "`date +%m`" != "`date +%m --date=tomorrow`" ] && /Users/rjs/bin/monthEnd.py 2>&1 >/dev/null
Pretty handy for running on the last day of the month - and should work on Linux.
RFID Presentation
imported ic.ac.uk · Tech · Geek · RFIDFor anyone interested, the slides for my RFID presentation are here.
RFID Basics!
imported ic.ac.uk · Tech · Geek · RFIDSo, at the moment, I’m writing a presentation about the operation and the security implications of RFID. During the course of the random searches around the internet, I’ve found that there’s a lot of really, really cool work going with respect to RFID. Even more great than the output on the subject is who is studying it. Lots of really cool observations are coming out of the open source friendly community - some of the best presentations on the subject are from presentations at CCC. Along with projects like OpenPCD, this output is pretty cool!
However, that’s not really the point of this post. During the course of reading around, I’ve found that whilst there’s a lot of information around - there’s also a lot of FUD that surrounds that information. My presentation is trying to give people (with some physics background) a simple idea of what RFID is, and particularly how it works. Given that I’ve already done a quick summary of how RFID works, I figured I’d blog about it, so that I can add to the mush of material that you just can’t reference online.
I’ll discuss a high frequency system - since cards such as MIFARE (which e.g. Oyster uses) work at around 13.56MHz. The RFID system consists of two elements - the reader, and the tag. Tags come in a number shapes - active, passive, and semi-passive. Really, it’s the passive tags that I’m interested in. The image below shows the anatomy of a (simple) passive tag. It’s composed of an antenna - running around the card, an IC, and a substrate that they’re both attached to.
Asterisk on OS X
imported GeekLast time I tried to run Asterisk on OS X it was on Panther (10.3), and it really failed to work. It seems since I last looked, things have come a long way. When rearranging how my personal VoIP was configured, I was looking for a simple SIP proxy - however, the only one I could find immediately was Java based, and lacking on a few features that I wanted. Hence, I decided to check out if there were any better Asterisk packages available. I found the packages over at mezzo.net, and wow. Not only does their Asterisk build work properly (Voicemail, IAX2, and SIP-wise at least), it comes with some really nice modules. For example, the res_bonjour module announces your Asterisk server out over your local LAN as a Bonjour service - definitely useful if you’re trying to work out whether there’s a facility for VoIP outgoing calls for something like calling out straight from Address Book. However, the best thing here is app_notify.
iPhone SDK
imported Tech · Apple · GeekI finally got myself an iPhone - and am loving it. It’s great how I can now sync my calendars, and address book to my phone without having to worry at all about having six clones of each event on my calendar (which of course, makes it rather difficult to tell what I’m actually meant to be doing that day). However, a topic that has come up a couple of times in discussion with a few friends is that of the iPhone SDK. I feel that the big question here is, “Do Apple have enough incentive to make a fully featured iPhone SDK?”.
With a friend moving to work at a VoIP start-up that deals with having a client on mobiles that allows SIP calls to be made, the big discussion we have been having is whether the iPhone SDK will allow a VoIP client to be implemented on it. My initial feeling on this is, no - not initially. It’s been documented in a number of places that Apple are taking call revenue from the networks on each iPhone that is sold. If this is true, then it would be against Apple’s interest to actually allow a functional SIP implementation make it onto non-hacked iPhones - since they’re going to lose money if users start making their calls via SIP rather than via the cell networks (this assumes that Apple get revenue based on all calls - not just based on the actual contract worth).
However, I can’t say that I’m sure of this - Apple may only be taking their cut from the revenue that is generated from the subscription fee on each iPhone - rather than the additional calls, and in this case, they might feel that allowing users to utilise VoIP when they’re in a hotspot area would be another cool feature that the iPhone can offer. They might also feel that a lot of the iPhone users aren’t savvy enough to be using SIP very often - I guess something like Skype from hotspots (or iChat for voice, or Google Talk…) might be more popular with the less tech-savvy userbase. It’s hard to call really.
Alternatively, Apple might just wait until the networks stop paying them revenue, and roll the SDK with better network support then, increasing sales on a device that they’re no longer making such revenue on.
Either way, the iPhone really just slots in where a phone should, it works with wireless and a mobile-data mechanism without having to think about it at all (although I’d like an 802.1X implementation). Calendar data syncs, Mail accounts sync, my Music syncs, my contacts sync - it integrates with my (primarily Apple based) digital life very well.
I’m impressed with my iPhone - roll on the SDK so that I can start making it do even funkier things!