Thanks, but not helpful

Jan 18, 2008 / 0 comments

The UK mirror service is great. They run a whole bunch of mirrors that mean I don't have to use transatlantic bandwidth to get stuff. Like, say, the latest Linux kernel. However they have a really annoying way of displaying indexes over HTTP, where they won't put everything on the same page and instead break it up. Which I find really annoying. To the point that I'm favouring over when I want to browse for the right file rather than manually typing it in. Is it just me annoyed by this?

onak: not dead, just resting

Jan 1, 2008 / 0 comments

I finally found some time over Christmas to solve the onak issue with dynamic backends (#413762). It took a lot longer than it should have to get something new out. And TBH that's pretty much the way onak has been. It gets spurts of development activity when I find some free time, and then nothing happens for months (or years) on end. However, as I've been asked if it's a dead project, it's not. I know that SKS is a perfectly acceptable keyserver and probably the one that's most used out there, but I still have a soft spot for onak and various ideas about things that need done for it. And I'm always happy to receive comments, suggestions or (even better) patches.

Die, AIX, die.

Dec 11, 2007 / 0 comments

The mail client that made me realise there were worse options than Outlook was Notes. The operating system that's making me realise there are worse options than Windows is AIX. What are IBM on?

In particular, please tell me how I can list all the SCSI devices connected to an AIX box, including those that AIX is refusing to talk to. Or, ideally, tell me how to get AIX to bitch about SCSI devices it finds but can't talk to. Solaris manages a useful (if cryptic) error message. Windows manages to have a way to list devices, once you realise it can't cope with luns beyond 254. Linux has the lovely sg interface. AIX just has bloody silence.

A year passes

Dec 5, 2007 / 0 comments

Katherine and I celebrated our first wedding anniversary over the weekend. We still don't think marriage has changed us or our relationship that much; having lived together for many years beforehand was really a much bigger step.

A number of fairly major other events have happened to me in the past year, which I don't think either of us could have predicated.

  • We moved house to Castlerock. We knew this was likely for Katherine (she spent her first year at UU living in Portstewart and had been looking for somewhere new), but I didn't think I'd be moving back to NI just yet. Unfortunately we're still trying to sell the house in Norwich. :(
  • Simon and I sold Black Cat. Really couldn't have predicted that this time last year.
  • I got a new job with 3PAR in Belfast. I suppose that relates to the BCN sale, but if you'd asked me last year if I'd be looking for a new job, let alone have one, this year I'd have said no!

All in all I think I'm in a better place than I was last year. 5:30 starts are painful (it's 2 hours door to door with trains at 6am or 8am and nothing in between), but at least I get to come home to Katherine rather than an empty house, and it's nice to be working in an office again rather than on my own. We will eventually get the Castlerock house sorted (there are still lots of things in boxes, the TV isn't even hooked up, the wireless coverage is patchy in the study, the kitchen isn't quite finished yet, the living room is barely started yet, need I go on?). And I'm sure it'll stop raining for at least one day during the year. Please?

Getting Linux talking to a Nortel VPN

Nov 22, 2007 / 0 comments

At work we're currently in a managed office, which means we don't control the network in any way. As a result we're all individually VPNing back to the lab network in the US. Not a great situation, but it does the job while we work out what's happening with our own building and a local lab.

The HQ end is running on a Nortel Contivity. This causes a bit of a problem; I need a working VPN setup in order to work, but the Nortel stuff is non standard. How to get it going under Linux so I can switch from XP to Debian?

I found 3 options, in order of preference:


There's a Nortel branch of vpnc, though it's from an old release (0.3.2). There are some reports of it working ok, and quite a few of problems. vpnc gains points for being entirely Free software. has some further details.

Novell VPN client

Novell have a hacked up version of ipsec-tools that adds, a framework for different types of IKE. They have a novell-nortelplugins package that has a binary plugin supposedly supporting Nortel VPN access. Not quite as nice as vpnc, but it's still userland and does use the kernel's IPSEC stack.

Apani Nortel client

Apani do a commerical Nortel VPN client for Linux, as well as Windows CE/MacOS and Solaris. It's not that up to date (supports up to kernel 2.6.18, though there are patches that get it working on 2.6.22) and involves a binary blob kernel driver, but they do claim to offer support for it and it's where Nortel will point you for single client licenses.

I have, of course, ended up with the (paid for) Apani client. I tried vpnc and the Novell client but couldn't get any degree of success from them. VPN remote ends don't really provide a lot of feedback (which is understandable - it hardly wants to tell me if I'm failing on a username, password, or something entirely different) and I don't have any access to the Contivity device to read its logs. I think the main issue is that my connection has no IPSEC group id or password, and both vpnc and the Novell stuff ask for that. The Apani client is happy with just my username and password, which I think is used for some corruption of xauth.

At some point I'll try fighting vpnc again, but for the moment I have my VPN connection working under Debian and thus I'm back to Debian at work. As an added bonus the reaction of my coworkers has been good - instead of "Why would you want to?" I've had comments like "I wish I'd installed Linux when I started." and "Actually, I might do that myself after Christmas."

subscribe via RSS