by R.I. Pienaar | Sep 4, 2004 | Uncategorized
I have been going through some of pbase‘s favorite galleries and came across one by someone who calls himself Knox. Of his photos there are two collections that really impressed me the one of Paris / London and one about City Cats.
It is not often that someone takes good photos of cats, they all tend to be a cliche or just a snap of a kitty, this guy though has a collection of absolutely stunning photos of cats in NYC. The collection is part of a book of which more can be read on its site http://alleycatphotos.com/. From this site is a short bio of Knox:
Always seeking the perfect and pure musical note, Knox can be found in both recording and photographic studios from NYC to Katmandu. Around age 5 he was amazed at “the feel” of the first 35mm camera he stole. The sound you hear in a New York City alley could very well be coming from the bottom of a dumpster – a man in black, coaxing a little kitty to “smile for the camera.” He is well maintained by Lukas, a Giant Schnauzer of disreputable character.
Knox can be reached by e-mail at <email removed>
and boasts numerous Web sites, including www.AvatarPhotoArt.com and www.ArcadiaRocks.com.
It does not look like their book is published, I would certainly buy a copy when it comes out.
by R.I. Pienaar | Sep 2, 2004 | Uncategorized
Most products have some quirks that you don’t like, some requires you to slightly amend the way you work and I am usually quite happy with that. The Cisco PIX has one major annoyance that I just can’t come to grips with.
When adding a VPN to the PIX you put one policy set on the interface that the traffic will leave. For each interface you define a crypto map with various sub groups of information associated with individual VPNs.
access-list 101 permit ip host y.y.y.y host z.z.z.z
crypto ipsec transform IPSECXFORM esp-des esp-sha-hmac
crypto map IPSECMAP 20 ipsec-isakmp
crypto map IPSECMAP 20 match address 101
crypto map IPSECMAP 20 set peer x.x.x.x
crypto map IPSECMAP 20 set transfrom-set IPSECXFORM
crypto map IPSECMAP 20 set security-association lifetime seconds 28800
crypto map IPSECMAP interface outside
These few commands will essentially set up the phase 2 of the IPSEC connection. Later on when you want to add a second VPN you just add a new numbered submap to the IPSECMAP since each interface can only ever have one MAP assigned to it.
When you type any of the above crypto map commands a new submap gets initialized with defaults:
# crypto map MAP 1 set peer 1.1.1.1
# sh crypto map
Crypto Map: “MAP” interfaces: { outside }
Crypto Map “MAP” 1 ipsec-isakmp
WARNING: This crypto map is in an incomplete state!
(missing peer or access-list definitions)
Peer = 1.1.1.1
No matching address list set.
Current peer: 1.1.1.1
Security association lifetime: 4608000 kilobytes/28800 seconds
PFS (Y/N): N
Transform sets={ }
The problem here is that if the IPSECMAP crypto map is active on the outside interface at the time, this incomplete crypto map will prevent all traffic from flowing. Only when you have both the peer and the match address specified will it have enough information to not try and crypt all the traffic on the interface.
The PIX CLI has no way to send a batch of commands to it, and there is no way to enable/disable just a sub crypto map. Cisco’s documentation has the following suggestion:
While a new crypto map instance is being added to the PIX Firewall, all clear and SSH traffic to the firewall interface stops because the crypto peer/ACL pair has not yet been defined. To workaround this, use PIX Device Manager (PDM) to add the new crypto map instance or, through the PIX Firewall CLI, remove the crypto map interface command from your configuration, add the new crypto map instance and fully configure the crypto peer/ACL pair, and then reapply the crypto map interface command back to the interface. In some conditions the CLI workaround is not acceptable as it temporarily stops VPN traffic also.
So you either use the GUI or you turn off ALL OTHER VPN’s while adding a new one!? That is insane, there are so many ways to elegantly fix this problem, they can have a simple addition to the crypto map command set, something like crypto map IPSECMAP 20 disable and make that the default state, only when you have configured the whole sub map would you enable it, however now I am stuck using the GUI!
UPDATE: This seems to only affect PIX Firewall Version 6.2, from 6.3 onwards the problem goes away, the bit of output from sh crypto map is from a 6.3 PIX and it knows the MAP is incomplete, 6.2 initialised it to 0.0.0.0 matching all traffic. Time to upgrade my lab PIX machines ๐
by R.I. Pienaar | Aug 31, 2004 | Usefull Things
Via RootPrompt I found a nice article titled Fine-Tuning SpamAssassin. It covers quite a bit of detail about SpamAssassin and is well worth a read.
Over time, however, many of the spammers have figured out how to fine tune their spam and bypass the default ruleset. I find the default setup still picks up at least half the spam, maybe two thirds on a good day, but too much leaks through. If the spammers are tuning their messages, I guess the only thing to do is to tune my scoring. There are at least 8 possible ways of improving SpamAssassin’s hit rate.
1. Blacklisting known offenders
2. DNS Blocklists
3. Enable Bayesian filtering
4. Reduce the point threshold for spam
5. Increase the scores on existing rulesets
6. Upgrade SpamAssassin to the latest version
7. Install more rulesets
8. Write your own rulesets
by R.I. Pienaar | Aug 30, 2004 | Photography
I have been looking for an opportunity to test out my new Nikon SB-800 Speedlight. The Funfair came to Blackheath again for the long weekend and this was the perfect opportunity to freeze some action on fast moving subjects.
The results of my outing can be seen in this collection of 8 photos, some cliche’d spinning wheels of color here and some nice shots of people having fun on the rides.
The SB-800 is a fantastic flash with full remote mode, can command a whole lot of other flashes and is very very powerful. It was designed for the D70, along with its smaller sister product the SB-600 it makes a very good addition to the D70.
by R.I. Pienaar | Aug 28, 2004 | Code
I have been using a bit of code I wrote for some of the small photo albums I uploaded here and decided I will polish it up a bit and make it available for download if anyone else is interested. This is not a big system for managing 100s of photos, it is designed to be ideal for showing up to 30 or so images in a nice clean manner.
You basically untar the distribution into the directory of your choice, copy your images into the img/ subdirectory. Create a list of files to display with something as simple as “cd img ; ls > list.txt” and add individual captions for photos by editing photo.jpg.txt. More info in the README file.
It supports themes and I think it is quite easy to create your own using the two provided in the tarball as a starting point. It can also work along with mod_rewrite to make nice looking URL’s but you can configure it to work without mod_rewrite as well.
Written in PHP and only needs your basic PHP, nothing fancy. Two samples exist of installations one using the provided black theme and one using the white theme both of these samples use mod_rewrite.
Version 1.0 is available for download: http://www.devco.net/code/spb/spb-1.0.tgz
