I originally setup IPv6 on my home network using Hurricane Electric’s tunnelbroker.net service. This worked okay for some time, until late summer of 2013 when my provider, AT&T, decided to rollout a firmware update to their 2Wire/Pace residential gateway devices which broke the ability to forward the 6in4 tunnel encapsulated traffic. That is another long story in itself. So, needless to say, I was unable to run IPv6 publicly for quite some time, due to this issue.

I upgraded my service to the new AT&T U-verse Power Tier back in October which replaced my old 2Wire 3801 residential gateway with the brand new Motorola NVG589 unit. This unit was deployed with AT&T’s IPv6 6rd tunnel solution enabled out of the box. This provided IPv6 access to the segment directly attached to my residential gateway with a /60 netblock assignment. It’s a pretty generous assignment, aside from the fact that it only assigned a single /64 to the local LAN and there was no obvious way to delegate the 15 other /64 networks to a downstream router.

Well, that appears to have finally changed. You are now able to use Read More…

What it’s like to be a network engineer, translated into normal people speak:

User: I think we are having a major road issue.

Me: What? No, I just checked, the roads are fine. I was actually just on the roads.

User: No I’m pretty sure the roads are down because I’m not getting Pizzas.

Me: Everything else on the roads is fine. What do you mean you aren’t getting Pizzas?

User: I used to get Pizzas when I ordered them, now I’m not getting them. It has to be a road issue.

Me: As I said, the roads are fine. Where are you getting pizzas from?

User:…I’m not really sure. Can you check all places that deliver pizzas?

Me: No I’m not even sure all the places that deliver pizza. You need to narrow it down.

User: I think it’s Subway.

Me: Ok I’ll check…No I just looked and Subway doesn’t deliver pizzas.

User: I’m pretty sure it is Subway. Can you just allow all food from Subway and we can see if Pizza shows up? Read More…

Scott Adams just hits the nail right square on the head. This reminds me of many a requirements gathering discussion. Where talent and teamwork collide to make the fundamental tenets of the meeting seem completely ridiculous and unclear. As I read each statement, I could identify different engineers I’d worked with that fit each of those perfectly. 🙂

This Venn Diagram pretty much speaks for itself. No matter what my kids may think, I’m really not socially inept.

To most people, *this* is how they perceive the world of networking. This should help to remind others how much people really need geeks.

Remember, geeks make the world go around and deserve respect. This is another example to help remind those ubiquitous non-geeks how special we are.

This is for those who have dealt with unending customer asking such stupid questions that they can rip a hole in the space-time continuum.

When you have a pool, one of the many fun jobs is tracking the quality of the pool water to insure the pH is in the right range and the chlorine isn’t too high or too low. However, these are the basic, superficial measurements. Beyond these typical measurements, though, it is just as important to know that your water won’t scale or eat away at the pool’s surface over time. When I was a teenager, it was my job to track the pH and chlorine in our pool. Back then, I never realized or fully appreciated the importance of the overall chemistry of the water. The calcium hardness and alkalinity and temperature play a big part in that equation, in conjunction with the pH. Now that I am much older and have a lot more invested in my own pool, I want to be sure that I am monitoring the right indicators and have a history of it so I can see the effects over time and how particular treatments impact the water.

I have created a Pool Water Quality History Google spreadsheet (save your own copy of this spreadsheet to edit; requests to edit will be ignored and deleted) as a template that anyone can use to record and graph their own water quality over time. One of the key indicators I wanted to capture automatically was the Read More…

I encountered a situation yesterday that both puzzled and scared me at the same time. I was sitting in line yesterday afternoon waiting to pick up my daughters from their school. The school had not let out yet, so I had 5-10 minutes to kill. So, I pull out my phone to check my email and I get a strange prompt for a new SSL certificate. I use GMail and have it set to use SSL for the IMAP connection to send and receive mail. So, I click the details button on the certificate to try to figure out what the deal is. As I scroll through the certificate info, I discover that it is signed by a Fortinet Root CA. This raises a big red flag. This is not a valid certificate from Google. There is no way Google is using Fortinet to sign their certificates as it is not a generally trusted Root CA. Then I realize my phone is using WiFi and not the 3G cellular service. So, I go look at my wireless settings and see that my phone is connected to the school’s public WiFi. I must have set it up at some point when we were there. I disabled wireless and the certificate prompt goes away and my mail updates.

So, I am pretty shocked that the school district has  Read More…

As the IT industry continues to transform itself more and more towards a cloud based model, the walls of our organizations separating inside from outside or trusted from untrusted are slowly disappearing. With the desire to save money by leveraging cloud based solutions and the demand of business users to gain mobile access to their applications, it is presenting a big breakdown in the traditional security model. Even the existing approaches are a disjointed collection of distributed capabilities within individual applications and a wide variety of endpoint flavors. This leads to non-uniform user experiences across platforms and a complex and costly operational support problem for IT organizations.

Generally, anyone who works in Information Security will agree, to a large extent, that the more distributed security controls are and the more entry and exit points to and from untrusted environments, the less effectively they are managed and maintained. Thus, this approach diminishes the overall security posture. It is similar to the principals relative to physical security. There is a reason why secure companies have only one or maybe two entrances into a facility, depending on the size. I see this distributed security paradigm as a big problem for the IT industry in that companies are really interested in

Read More…

I’ve had this USB Serial adapter for many years which I use to attach to network equipment consoles for initial configuration and setup. I have never had an issue using it with Windows machines. However, I had tried using it on my Macbook running OSX Lion and noticed that it did not show up in my device list in ZTerm. I had a VM running Windows XP and I was not able to get it to work properly in that environment either. So, I was determined to figure out how to get it to work, as I no longer have any physical machines running Windows or with serial ports. It took me a few weeks of trial and error and searching around to finally resolve the issue. So, I thought I would add a post here covering the details. Read More…

Using passwords for authentication is inherently a fairly weak mechanism for security. Remembering complicated userID and password combinations for an average of 30 or 40 different applications and websites is darn near impossible for any normal person. So, we tend to use one combination that we can drill into our head and we don’t like to change it if we don’t have to. The problem is that passwords can be lifted by key-loggers, shoulder surfers or, if not sufficiently strong enough, they can be brute force cracked from the secret hash that is stored on a system for when a credential is validated for an access request. There are other super stealth methods but the point of this post isn’t to cover all of the remote possibilities of attack. The point is that Read More…