So I've just bought a Cisco E3000 to replace my previous malfunctioning router.
Many E3000 owners find the Guest Network feature annoying, and insecure for these reasons:
* network is unencrypted, so the password can be sniffed from an authentic guest login
* the additional web interface serves as a possible mean of vulnerability attack
* God knows if Cisco has any hardcoded routine that can be exploited there?
The guest network can be disabled from Cisco Connect, at the beginning of router setup. Unfortunately, many people aren't aware of that until they've changed the web settings to the point that Cisco Connect can't connect anymore. If you call Cisco support (or chat through webex), they'd tell you that the operation is only possible through Cisco Connect, and you may have to reset to default and try again.
That works, except that you have to backup & restore the configuration. If you are in my scenario (upgraded the firmware to 1.0.04), Cisco Connect would fail to configure your router at the very last process - setup your AP with funny names, but you can't login to the web admin interface.
Ok, BS aside. Here is what you E3000 owners want to know - how to disable the guest network, without all these hurdles. Since I did that on Mac, I'd provide the procedure for Mac (sorry Windows users):
1. Plug your computer to ethernet port 1 on the router
2. Login to the web interface, change the admin password to blank, and save
3. Control-Click on Setup.app, select Show Package Contents
4. Select Contents -> MacOS
5. Run ConnectionCenter. Select Guest Network, and disable it. There you go.
What's More
Up to this point, I am dissatisfied with Cisco's decision of not putting Guest Network configuration in web interface. I hope they listen and aware that how terrible the "feature" is.
Wednesday, January 26, 2011
Sunday, January 11, 2009
Boot Intel Mac Mini From External USB DVD Drive
Okay, so my Mac Mini's internal DVD drive is dead (you know the slot loading drive's quality ;-) ). I had such a great pain discovering that, when my Mac Mini's file system needs repair.
I have long heard that the recent Macs would boot from external USB DVD drive. Since I have an external Plextor PX-708UF, I have the luxury to try it out now.
I spent a great deal of time on Thursday and Friday night, but I couldn't manage the Mac Mini to boot from the USB external drive. I resorted to rEFIt, but it wasn't successful either.
Turns out that I have to connect the USB to my Mac Mini's onboard port, rather than any external USB hub.
Sunday, October 12, 2008
Rescue Your JFS Partition With jfsrec
So, my 500GB deskstar (aka DeathStar) on my file server developed bad sectors. The original rescue plan was simple - use dd_rescue to clone the disk image. Normally, that should get a pretty good result for a drive going bad recently.
The problem was, I forgot my IDE2USB adapter does not support harddrive that big, and the adapter just bailed out on reading unrecoverable sector. So, I did it the other way - mounted the harddrive as read-only, and rsync directory by directory.
To speed up the file transfer and skip files that are publicly available, I remount the drive as read-write, without any backup copy (that I tell you, is a big mistake that I would probably not make in the workplace - but I get a bit lax on my private stuff). After an rm some_distro.iso, bang... the Kernel panicked!
I rebooted the machine, remounted the harddrive. Now, it's even worse - the mounted JFS volume is empty - zero file!
Since all my personal photos, music, documents, source codes, whatever-you-can-think-of, are all stored in that drive, losing all the data would be such a pain. I realized I have to proceed with caution on that point forward. So, here's what I do:
Step 1: Buy another drive (1TB baby!), mounted both drives to the machine (avoid the RAID card getting to clever and initialize both drives!); boot the box with Knoppix, and clone the drives (be careful of the drive order!)
Step 2: Make another copy of the cloned image (remember that the original drive already developed bad sectors, it is possible that I cannot make a disk image as good as this one.)
Step 3: Running fsck.jfs on the drive, and found the following error message:
Step 4: Google for JFS structure or any other recovery too (besides TCK/Sleuthkit... it is too much hassle), found a great tool called jfsrec
Step 5: Follow jfsrec's documentation, and run something like this:
Step 6: Now I have most files recovered in /path/to/recovery/directory. Even some files are corrupted, and some filenames are lost (they are named with the inode number), it is already much better than having it all gone. Still, here's another problem - jfsrec does not handle UTF-8 filenames properly yet (Announcing jfsrec - A JFS recovery tool: msg#00008), so I end up with a number of files with garbled names.
Step 7: Fortunately, there is another useful tool to fix this issue. That is... "drum roll please"... convmv. As I said in my last step, jfsrec does not handle UTF-8 filenames properly. So, the filenames are actually UTF-8 interpreted as ISO8859-1. The idea is to reverse the process, so I did the checking with:
The problem was, I forgot my IDE2USB adapter does not support harddrive that big, and the adapter just bailed out on reading unrecoverable sector. So, I did it the other way - mounted the harddrive as read-only, and rsync directory by directory.
To speed up the file transfer and skip files that are publicly available, I remount the drive as read-write, without any backup copy (that I tell you, is a big mistake that I would probably not make in the workplace - but I get a bit lax on my private stuff). After an rm some_distro.iso, bang... the Kernel panicked!
I rebooted the machine, remounted the harddrive. Now, it's even worse - the mounted JFS volume is empty - zero file!
Since all my personal photos, music, documents, source codes, whatever-you-can-think-of, are all stored in that drive, losing all the data would be such a pain. I realized I have to proceed with caution on that point forward. So, here's what I do:
Step 1: Buy another drive (1TB baby!), mounted both drives to the machine (avoid the RAID card getting to clever and initialize both drives!); boot the box with Knoppix, and clone the drives (be careful of the drive order!)
Step 2: Make another copy of the cloned image (remember that the original drive already developed bad sectors, it is possible that I cannot make a disk image as good as this one.)
Step 3: Running fsck.jfs on the drive, and found the following error message:
Duplicate block references have been detected inIt means, fsck.jfs is not going to do it this time, and the corruption is down to the metadata... Oh snap!
Metadata. CANNOT CONTINUE.
Step 4: Google for JFS structure or any other recovery too (besides TCK/Sleuthkit... it is too much hassle), found a great tool called jfsrec
Step 5: Follow jfsrec's documentation, and run something like this:
./jfsrec --device /path/to/my/disk.image --output /path/to/recovery/directory --logdir /path/to/log.dirAccording to the doc, the process could take days, but mine was pretty good - it just took me 24 hours.
Step 6: Now I have most files recovered in /path/to/recovery/directory. Even some files are corrupted, and some filenames are lost (they are named with the inode number), it is already much better than having it all gone. Still, here's another problem - jfsrec does not handle UTF-8 filenames properly yet (Announcing jfsrec - A JFS recovery tool: msg#00008), so I end up with a number of files with garbled names.
Step 7: Fortunately, there is another useful tool to fix this issue. That is... "drum roll please"... convmv. As I said in my last step, jfsrec does not handle UTF-8 filenames properly. So, the filenames are actually UTF-8 interpreted as ISO8859-1. The idea is to reverse the process, so I did the checking with:
cd path/to/garbled/filenamesAnd the result looks pretty good, so I issue another command to do the work:
convmv -f utf-8 -t iso8859-1 *
convmv -f utf-8 -t iso8859-1 * --notestFollowup...
- Check the file integrity, and see which files are corrupted.
- Build a RAID-1 system, even if it is a soft-RAID (yes, mine is a software RAID controller card, due to tight budget).
- Backup... frequently; preferably offsite backup too (an easy way is to store the backup in my office. Make sure it is encrypted, because it is not nice to give other possibilities to see my bank statements, etc).
- and a few other steps...
- Did I say "backup often"?
- Invest in redundancy solution (with regards to cost of data loss vs. price for redundancy configuration).
- Follow steps carefully, even if it is my home machine.
- Avoid making important decision, when I didn't have enough sleep (I had a heartbreak, and sleepless for days, when I managed to corrupt the JFS volume).
- Not to put too much trust on these cheap IDE2USB cables. Also, document and remember its limitation (e.g. maximum size supported).
- Offer improvements to the jfsrec project on utf-8 support (when my mood gets better, and I make up my mind).
Wednesday, October 1, 2008
Managing Windows Service / Reboot On Linux / *nix
相信有管理Linux一定經驗的朋友,都對Linux或Unix下的遙距系統管理不陌生了。就算沒有開啟其他服務,單靠ssh己經可以做到很多系統自動化的工作。
至於Linux對Windows的管理,很多人都知道循Samba來做檔案交換管理,但就是少提到用Samba附帶的net工具管理Windows上的service。
要使用samba管理Windows,系統需要安裝:
例如要重啟Windows server,可以在Linux下:
net rpc shutdown -r -U <myusername> -I <WinServerIPAddr>
如果只要關機的話,可以把-r參數拿掉
又例如要開啟Windows上的系統服務,可以用:
net rpc service start tomcat6 -U <myusername> -I <WinServerIPAddr>
其他還有很多技巧,自己看documentation吧,我也不在此重覆了。
至於Linux對Windows的管理,很多人都知道循Samba來做檔案交換管理,但就是少提到用Samba附帶的net工具管理Windows上的service。
要使用samba管理Windows,系統需要安裝:
- samba-common
- samba-client
例如要重啟Windows server,可以在Linux下:
net rpc shutdown -r -U <myusername> -I <WinServerIPAddr>
如果只要關機的話,可以把-r參數拿掉
又例如要開啟Windows上的系統服務,可以用:
net rpc service start tomcat6 -U <myusername> -I <WinServerIPAddr>
其他還有很多技巧,自己看documentation吧,我也不在此重覆了。
Thursday, September 25, 2008
New Blog Site
Just opened this new blog site on September 25, to celebrate the successful launch of Shenzhou 7 Spacecraft.
Subscribe to:
Posts (Atom)