Wednesday, January 26, 2011

Disable Guest Network On Cisco E3000

So I've just bought a Cisco E3000 to replace my previous malfunctioning router.
Many E3000 owners find the Guest Network feature annoying, and insecure for these reasons:
* network is unencrypted, so the password can be sniffed from an authentic guest login
* the additional web interface serves as a possible mean of vulnerability attack
* God knows if Cisco has any hardcoded routine that can be exploited there?

The guest network can be disabled from Cisco Connect, at the beginning of router setup. Unfortunately, many people aren't aware of that until they've changed the web settings to the point that Cisco Connect can't connect anymore. If you call Cisco support (or chat through webex), they'd tell you that the operation is only possible through Cisco Connect, and you may have to reset to default and try again.

That works, except that you have to backup & restore the configuration. If you are in my scenario (upgraded the firmware to 1.0.04), Cisco Connect would fail to configure your router at the very last process - setup your AP with funny names, but you can't login to the web admin interface.

Ok, BS aside. Here is what you E3000 owners want to know - how to disable the guest network, without all these hurdles. Since I did that on Mac, I'd provide the procedure for Mac (sorry Windows users):
1. Plug your computer to ethernet port 1 on the router
2. Login to the web interface, change the admin password to blank, and save
3. Control-Click on, select Show Package Contents
4. Select Contents -> MacOS
5. Run ConnectionCenter. Select Guest Network, and disable it. There you go.

What's More
Up to this point, I am dissatisfied with Cisco's decision of not putting Guest Network configuration in web interface. I hope they listen and aware that how terrible the "feature" is.

Sunday, January 11, 2009

Boot Intel Mac Mini From External USB DVD Drive

Okay, so my Mac Mini's internal DVD drive is dead (you know the slot loading drive's quality ;-) ). I had such a great pain discovering that, when my Mac Mini's file system needs repair.

I have long heard that the recent Macs would boot from external USB DVD drive. Since I have an external Plextor PX-708UF, I have the luxury to try it out now.

I spent a great deal of time on Thursday and Friday night, but I couldn't manage the Mac Mini to boot from the USB external drive. I resorted to rEFIt, but it wasn't successful either.

Turns out that I have to connect the USB to my Mac Mini's onboard port, rather than any external USB hub.

Sunday, October 12, 2008

Rescue Your JFS Partition With jfsrec

So, my 500GB deskstar (aka DeathStar) on my file server developed bad sectors. The original rescue plan was simple - use dd_rescue to clone the disk image. Normally, that should get a pretty good result for a drive going bad recently.

The problem was, I forgot my IDE2USB adapter does not support harddrive that big, and the adapter just bailed out on reading unrecoverable sector. So, I did it the other way - mounted the harddrive as read-only, and rsync directory by directory.

To speed up the file transfer and skip files that are publicly available, I remount the drive as read-write, without any backup copy (that I tell you, is a big mistake that I would probably not make in the workplace - but I get a bit lax on my private stuff). After an rm some_distro.iso, bang... the Kernel panicked!

I rebooted the machine, remounted the harddrive. Now, it's even worse - the mounted JFS volume is empty - zero file!

Since all my personal photos, music, documents, source codes, whatever-you-can-think-of, are all stored in that drive, losing all the data would be such a pain. I realized I have to proceed with caution on that point forward. So, here's what I do:

Step 1: Buy another drive (1TB baby!), mounted both drives to the machine (avoid the RAID card getting to clever and initialize both drives!); boot the box with Knoppix, and clone the drives (be careful of the drive order!)

Step 2: Make another copy of the cloned image (remember that the original drive already developed bad sectors, it is possible that I cannot make a disk image as good as this one.)

Step 3: Running fsck.jfs on the drive, and found the following error message:
Duplicate block references have been detected in
It means, fsck.jfs is not going to do it this time, and the corruption is down to the metadata... Oh snap!

Step 4: Google for JFS structure or any other recovery too (besides TCK/Sleuthkit... it is too much hassle), found a great tool called jfsrec

Step 5: Follow jfsrec's documentation, and run something like this:
./jfsrec --device /path/to/my/disk.image --output /path/to/recovery/directory --logdir /path/to/log.dir
According to the doc, the process could take days, but mine was pretty good - it just took me 24 hours.

Step 6: Now I have most files recovered in /path/to/recovery/directory. Even some files are corrupted, and some filenames are lost (they are named with the inode number), it is already much better than having it all gone. Still, here's another problem - jfsrec does not handle UTF-8 filenames properly yet (Announcing jfsrec - A JFS recovery tool: msg#00008), so I end up with a number of files with garbled names.

Step 7: Fortunately, there is another useful tool to fix this issue. That is... "drum roll please"... convmv. As I said in my last step, jfsrec does not handle UTF-8 filenames properly. So, the filenames are actually UTF-8 interpreted as ISO8859-1. The idea is to reverse the process, so I did the checking with:
cd path/to/garbled/filenames
convmv -f utf-8 -t iso8859-1 *
And the result looks pretty good, so I issue another command to do the work:
convmv -f utf-8 -t iso8859-1 * --notest
  1. Check the file integrity, and see which files are corrupted.
  2. Build a RAID-1 system, even if it is a soft-RAID (yes, mine is a software RAID controller card, due to tight budget).
  3. Backup... frequently; preferably offsite backup too (an easy way is to store the backup in my office. Make sure it is encrypted, because it is not nice to give other possibilities to see my bank statements, etc).
  4. and a few other steps...
Improvements & Things Learned
  1. Did I say "backup often"?
  2. Invest in redundancy solution (with regards to cost of data loss vs. price for redundancy configuration).
  3. Follow steps carefully, even if it is my home machine.
  4. Avoid making important decision, when I didn't have enough sleep (I had a heartbreak, and sleepless for days, when I managed to corrupt the JFS volume).
  5. Not to put too much trust on these cheap IDE2USB cables. Also, document and remember its limitation (e.g. maximum size supported).
  6. Offer improvements to the jfsrec project on utf-8 support (when my mood gets better, and I make up my mind).

Wednesday, October 1, 2008

Managing Windows Service / Reboot On Linux / *nix



  • samba-common
  • samba-client

例如要重啟Windows server,可以在Linux下:
net rpc shutdown -r -U <myusername> -I <WinServerIPAddr>

net rpc service start tomcat6 -U <myusername> -I <WinServerIPAddr>


Thursday, September 25, 2008