Passwords for Netgear Wireless Router error

June 12, 2010

I installed a new Netgear router yesterday and discovered that when I changed the default password I could no longer access the unit.

I’ve been like this before and I think that I may have dumped a D-link modem under similar circumstances, however I stray from the topic.

It dawned on me after a while that because I like strong passwords I frequently include special characters that it might be the special character that was the issue. So I experimented and confirmed my thoughts.

Using special characters like % sign will act as an escape character which means both it and the next character will be treated as special and effectively ignored.

Example:

New password = %password
Actual recorded password = assword

Now I did not test this in the middle of a password but I am guessing it will be the same.

Bottom line is that when doing password changes in a Netgear and including special characters be aware that it may escape the characters making it appear that you cannot login when all you need to do is remove the escape’d characters from the password.

Windows XP Taskbar tray clock show seconds

May 26, 2010

I am still using Windows XP on one of my main machines and I wanted to view the seconds in the task bar clock. I did not want a desktop clock as I did not want to switch around.

http://www.drive-software.com/windowsclock.html

Is a quick freebie install to do just that. Recommended.

Sony Vaio current model review is obsolete within 3 weeks!!

April 11, 2010

I went looking for a new notebook a month ago and while I did not rely on this review it helps to highlight the stupidity of the situation.

I trawled the Sony web site for hours comparing all the models and arrived at the Z series with the SSD drive and the quad core processor etc.

Sounds really good. So I ordered one. That was mid March 2010. Its not yet mid April and while initially I was told it would be ready now, I am now informed that the model is obsolete. No that is not a mis-print. OB-SO-F***g-LETE. For crying out loud according to the Sydney Morning Herald review on the 22nd March 2010 this model was the ‘latest of all Sony’s technology’.

How on earth can a model go from ‘Latest’ to ‘Obsolete’ in 21 days or less?

So I have a choice, wait until the new delivery date of the middle of May 2010 for a computer that is already obsolete, or cancel the order and wait for an as yet unannounced revised specification model that will possibly last a month or two longer.

As the advert goes, “Not happy, Jan!”

SME Server 7.4 and CA SSL Certificate

March 27, 2010

This topic kicked off as a simple ‘here’s how…’ but the more I worked the more I ending up revising the content and the topic name.

So the topic should be “SMEServer 7.4: Installing a CA authorised certificate for an external facing hostname that is not the same as the internal facing hostname!!”

I started by not finding any information in the SMEServer Wiki so I rolled my own.

Having now had the ability to reflect on the last day and a half of effort I wish I had searched harder on the Wiki yesterday. So I am writing this with the benefit of hind-sight and having already got this working the long way around.

Read all of this before starting!

I followed the SMEServer v6.0 instructions for a external certificate as distinct from the self-issued ones. I got my certificate from my preferred supplier at RapidSSL.

After doing apparently all the right things with setup I found that I could not get Apache to start after the changes.

The errors were many but mostly this every 2 seconds:

No space left on device: mod_rewrite: could not create rewrite_log_lock

This was related to using a passphrase with the private key. While I tried a number of options to get it working in the end it was pointless as the only method to have this working other than a manual launch of Apache after every reboot was to have a plain text file injecting the passphrase when Apache needed it. Makes the passphrase security redundant. So I removed the passphrase:

openssl rsa -in keyfilewithpassphrase.key keyfilenopassphrase.key

Backup your files as per normal risk management before doing this and then swap the nopassphrase key into the live file so that Apache is no longer needing a passphrase.

Once that was done Apache was loading ok, but I still had an error:

RSA server certificate CommonName (CN) `myexternalhostname’ does NOT match server name!?

On SMEServer this relates to the ServerName setting in the VirtualHosts. I also changed the default setting one first without success and then the VirtualHost with success.

To do this you need to create copies of the template scripts as follows:

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts

cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts

cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/02ServerName .

(Dont forget the ‘.’ at the end!)

and then edit the contents of 02ServerName

ServerName your.server.name
#ServerName {$virtualHost}

This will remark out the automated setting and configure it to use your certified ServerName

Prepare the resulting template with

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

and restart apache

apachectl restart

This should clear all the errors and leave you with a working SSL certificate for web access to the server and no issues with self-issued certificates.

And it Works ! But….. the secure imap and the pptp connections now fail. I had only covered the web server access with all the above.

Then I searched the SMEServer Wiki again and this time found a document on installing a CA signed certificate. The only issue with this is that it also assumes that your internal hostname and domain will also be the external hostname and domain.

So by the time I found this the only bits I really need were the last few instructions:

config setprop modSSL crt /home/e-smith/ssl.crt/{domain}.crt
config setprop modSSL key /home/e-smith/ssl.key/{domain}.key

And then restart

signal-event post-upgrade
signal-event reboot

And it’s all really working! At last!

So whats the correct / short way around ?

I think the sequence is to use this Custom CA Certificate instructions however if you want to have the certificate for a hostname.domainname combination that is not the same as the internal hostname.domainname then it needs some work.

I have not tested this but I think it needs to be like this:

Do the certificate request as a manual process on your server.

Get the certificate organised and copied to your server in the appropriate directories/home/e-smith/ssl.key, ssl.crt, etc

Make the changes for the Apache host stuff as per above

Make the config setprop changes and signal the events

This should address the use of an inconsistent external hostname and keep the IMAP and PPTP connections consistent with Apache.

Tonys Tech Blog

Just another day in the IT trenches