Slightly updated. Originally posted 2013-05-17 14:58.
When I tried to implement
Better-than-nothing Security I
chose to work with OpenBSD's new IKEv2 daemon, iked. When Reyk and
Mike ported iked to Apple's OS X and created the portabled version,
Openiked, it seemed only natural that I would
try to port it to FreeBSD and Linux.
To afford to spend time on porting, I applied for funds from
.SE's Internet Fund.
However, before I even started with the project, someone, probably
Mike and/or Reyk, ported Openiked to FreeBSD and Linux! This was in
late 2012.
I lost a bit of steam there, but I decided that I could at least make
a software package for FreeBSD of Openiked (in the FreeBSD ports
system) and try to implement NAT-traversal configuration when iked
runs on FreeBSD and Linux.
Openiked is submitted to FreeBSD ports as security/openiked. You can
follow its progress here:
Please note: There hasn't been any official releases of Openiked
yet, so my port is based on the Git version as it was on 2013-03-12.
When any official releases is made, I will update the port.
On
my Openiked project web page
there's also a patch available to configure the IPsec stack on both
FreeBSD and Linux to encapsulate the ESP packets in UDP for traversing
a NAT. However, something seems to be missing. The IKEv2 dialogue
detects a NAT, the configuration works and outgoing ESP is duly
encapsulated in UDP. Traffic comes through to the other end... and is
immediately thrown away!
I don't know why this happens. I've been staring at the code and going
through kernel code for what seems like ages. I have to admit that I'm
stuck. If someone can find out what's wrong I would appreciate it if
you contacted me.
I have done a sort of brain dump about the problem and what I've
already tried on the project page. Perhaps it will be of some help if
someone else (even myself, at a later date), tries to figure out
what's wrong. For more, see:
Reyk recently presented
Openiked at BSDCan 2013.
I wish him luck and I hope that the project will get the interest it
deserves.
I will continue to follow the Openiked project, updating the FreeBSD
port security/openiked as needed. If there's any new development on
the NAT-T front, I will also update my patch, but from now on I won't
spend much time on it.
I spent the Easter weekend in the UK with Biological Expirement #1
and #2. #3 and her mom spent the weekend visiting grandparents on Gotland.
We were mostly in London, visited
British Musuem, went to the
HMS Belfast and, of
course, had some nice vegan meals. One restaurant in particular gets a
mention: the wonderful south Indian
Sagar. Not the best service but great
food.
We had some incidents that might have turned rather difficult. I
realized only two days before flying from Copenhagen that we might
need passports! It turns out that, although a member of the European
Union, the UK hasn't signed the
Schengen Agreement
allowing free travel. I didn't know. I was lucky that I checked.
Imagine being sent back on a return flight!
I had to shell out to have three emergency passports made. Later, #2
forgot his bag in a restaurant with the passport in it! Luckily, we
got the bag back.
However, what probably interests the readers of my blog more is that
we also visited Bletchley Park, the
home of the Government Code & Cypher School during World War II.
Co-located within Bletchley Park is
The National History of Computing Museum,
also well worth a visit.
It was really easy to get to Bletchley Park. There are direct trains
to Bletchley from London Euston. Not all trains stop at the Bletchley
train station but you can also go to nearby Milton Keynes and go back
by bus. From Bletchley station it's very easy to find your way to
Bletchley Park.
This seems to be the right way:
And here's the gate to the park:
Bletchley Park was much bigger than I thought. During WWII ~9000
people worked here! In the literature I've read about an ugly mansion
and some “huts”, but it's seldom mentioned that these huts were later
replaced by brick buildings several storeys high! The different
departments kept their “hut” designation even after the move.
We took a tour around the premises. Highly recommended. We also got to
see a working Bombe replica actually operating!
Here's Ludvig in front of the Bombe replica:
Then we were off to the real excitement: Colossus! Depending on the
day you visit there will be a presentation of Colossus and it will
actually be running.
Colossus during the presentation:
Inside Colossus:
In early reports on the Colossus, it was explained that it was an
early computer. After having read two books on the development of
Colossus I'm not so sure I agree. For example, Colossus lacks
conditional branching. Still, it's definitely a great step forward
into using electronics.
The Colossus replica is shared with
The National History of Computing Museum. If
you want to see the entire collection, and not just the (Heath)
Robinson replica and the Colossus, you will have to pay for an extra
ticket, but it's well worth it!
There are guided tours on Tuesdays and Sundays but as we were there on
a Saturday we missed that. It would have been nice to know a little
more about where some of the computers had been used.
A lot of the machines were in running condition and some of them were
turned on. One of the biggest was an entire ICL 2966 mainframe,
complete with a huge disk farm! However, the most impressive was the
1951 vintage Harwell Dekatron, also known as WITCH, here with Ludvig:
With the exception of the classroom full of BBC Micros with plenty of
books and mostly BASIC programs there was very little software on
display. They had a large poster describing programming language
history, but not much in the form of hands-on experience. The software
gallery on the TNMOC web pages is also mostly empty:
I tried to have a closer look at the Perq, an early windowed
workstation, but the boys wanted to move on.
Here's a picture of the ICL/Three Rivers Perq and, surprisingly, a
Norsk Data ND-100 Satellite:
I was a bit surprised to note that TNMoC didn't have a PDP-10. Several
PDP-11s were present and two of them were running, displaying radar
reflections on two large radar screens (labelled “Ericsson”!). There
was also at least one Prime, a 750, but it wasn't running and there
was no information displayed about it. I had thought Prime computers
were pretty common in the UK and expected more, perhaps even a
possibility to play with PRIMOS.
Before leaving I bought three books from the Bletchley Park bookshop:
Colossus: The Secrets of Bletchley Park's Codebreaking Computers by
B. Jack Copeland et al, Paul Gannon's Colossus: Bletchley Park's
Greatest Secret and Andrew Hodges' biography Alan Turing: The
Enigma.
As I'm writing this I've read Paul Gannon's great book on the Colossus
development and, really, a rather general history of
telecommunications and the work at Bletchley Park and I'm halfway
through the really good Turing biography. Highly recommended!
Statue of Turing at Bletchley Park:
On our way back to the hotel from Euston station we happened to notice
that we we're right beside where BBC's Sherlock placed 221B Baker
Stret: 187 North Gower Street. I couldn't resist taking a photo, so I
leave you with the photo of the mock Baker Street:
Central Malmö, southern Sweden. Sweetmorn, the 11 day of Chaos in the
YOLD 3179.
Hail Eris!
We have arrived at the Year 3179 of Our Lady of Discord.
New Year's Eve was a calm event with just me, Petra and Ylva. Come
midnight we turned off the lights and looked out through the large
windows overlooking the square and saw some marvellous fireworks. Yes,
even a three-year-old could stay awake, but she cheated a little by
taking an afternoon nap. She was still a little sleepy after the nap
when I was preparing the dinner:
After slightly more than my fair share of disease that made December a
less than productive month we moved to a new flat just before
Newtonmass. It was chaotic. 147 boxes are now emptied but the new flat
is still a mess and there's a huge heap of junk in the middle of our
living room.
I'm in the process of giving away things, including some old computers
that have been standing unattended in a closet for much too long. This
is what one of my old Suns said when I booted it:
3130 days since I booted it? Time to get rid of this junk!
The chaos is also present on my desk in the new flat.
If you look closely on the desk you can see that Newtonmass brought a
new toy, a
Snom 300 SIP phone.
I haven't done any real work for many weeks, but I hope I'll be back
at it soon, Goddess allowing.
I presented an idea of a hacker school on the Internet discovery day
(IDD) at
the Stockholm Waterfront congress centre
last Monday. IDD is a chance for entrepreneurs to meet financers and
to network with likeminded people. I was supposedly one of the
entrepreneurs.
I traveled to IDD with nothing but an idea and was given a piece of
brown paper (180x96 cm) stuck to the wall and some felt pens. Then I
was expected to present my idea to some 800(!) visitors from 13:00 to
17:00!
I was, of course, ridiculously nervous. Therapists call these things
exposures for good reason.
Anyway, I have this idea that, to be a good programmer, you don't
necessarily need to know calculus. Instead, you might need to know how
to, I don't know, program a computer? Many university programmes
seems to take the reverse position. Many vocational schools in Sweden
seems to focus on turning you into a web designer rather than a
programmer. Meanwhile, the industry is screaming for real programmers:
C, networks, sockets, Python, Perl, cross compilers, embedded
programming, et cetera, et cetera.
I made some drafts about a new curriculum and presented an idea about
a hacker school (in Swedish) at IDD to
see what kind of response I would get.
The basic idea is to issue a call for proposals to companies already
using free and open source software (FOSS). The companies are asked to
suggest student projects. The students work on real projects, using
real code and real tools together with a few very experienced lead
programmers/mentors from the school shared by all student groups.
Every company that gets a project accepted will also have to give
something like 20% of one of their programmer's time as a project
leader and to do integration of code back into their platform.
All new code is free software and given back to the community and, of
course, back to the company proposing the project. Think
Google Summer of Code. But backwards.
Also, compare Hackerschool, but consider
longer and/or more projects and resulting in a real degree.
All this would be free for the students and free for the involved
companies, except the 20% of someone's time per chosen project.
Most of the work would be done remotely. We would use the net quite a
bit: chat, VoIP, mailing lists, distributed VCS, remote pair
programming (or troika when one of the lead programmers looks over
their virtual shoulders). Everyone will be expected on a (voice) roll
call each morning where we go through what was done yesterday and what
is to be done today. Hacking! Not slacking.
We would get together for physical
hackathons at the beginning
and at the end of a project. To keep costs down we could perhaps use
one of the inolved companies for space during these hackathons.
We would earn money by becoming a state-financed vocational school
(every student comes with a bag of the state's money) and by doing
active recruitment of the students. We, the teachers/lead programmers,
would be in a unique position to place the right hacker at the right
place.
That's it. That's what I presented at the IDD. I stirred up at least a
little bit of interest with that provocative “hacker” name.
Unlike most of the projects at IDD I wasn't looking for money. I was
looking for contacts in existing educational organisations and other
likeminded hackers that would be willing to spend time as lead
programmers/mentors/co-founders. I may have found a few. If you feel
you may be one more, get in touch!
Last weekend I had the good fortune to visit the amazing
Museum Gustavianum in Uppsala, a
science museum with a focus on the 16th and 17th centuries, placed in
what at the time was the main university building. They have simply
amazing stuff in their collections and one of the world's finest
examples of an anatomical theatre.
The real reason for my visit to Gustavianum, however, was that
the Update Computer Club had placed some
of their more rare computers on display, including my old friend AIDA,
a DEC 2065 that used to run TOPS-20, no less than twoKOM conference systems
and a copy of the original
Essex MUD. Here's a picture of
me hugging AIDA like some hunchback haunting the science museum:
Bad photo, I'm afraid. Taken without flash with my mobile phone.
Here are some much better photos taken by an Update member during the
inauguration of their displays at Gustavianum:
RAM, CPU and PDP-11 frontend in the grey/terracotta casing to the
right. Hard disks in front. Tape drive to the left.
I was a bit disappointed that none of the terminals present were
hooked up to anything. It would have been a nice way to present
TOPS-20 to people if a real terminal would have been hooked into a
small PC running a PDP-10 emulator with TOPS-20 on it.
Update has two similar projects running already: TINA (TINA Is Not
AIDA) which is a copy of AIDA running on an emulator and UP, an ITS
instance running on a PDP-10 emulator. UP
is actually hosting its own HTTP server writting in MacLisp!
After visiting Uppsala I went to Stockholm for the Internet discovery
day (see separate post) and the
Internetdagarna conference. I was struck
down by a temperature on the first day and didn't really recover until
days later. I spent a few lonely nights shivering in a hotel room in
central Stockholm. In case you knew I was coming to Stockholm and
didn't hear from me, that's why.
Local newspaper Sydsvenskan writes about the hacker culture in a
recent article
(in Swedish). I was interviewed over a cup of coffee for the article.
It's a nice change that, for once, the difference between hacker and
crackers is highlighted. My only gripe about the article is that the
journalist exaggerates quite a bit when he says that I have more than
30 years of experience with the hacker culture!
I mentioned to him that I first programmed a computer in 1981 and I
guess he took 1981 as the starting point of my hacker career. I
wouldn't say that a nine-year-old typing BASIC into his cousin's
Sinclair ZX81 is a member of the hacker culture just like that, but
there you go.
I'm glad to announce that I will be speaking about how to make IPsec
scale at this year's FSCONS on 9, 10 & 11
November, in Göteborg, Sweden.
The schedule says my slot is on
Sunday at 11.
