Finally on the third day of the LCA (or the first day of the conference proper) depending on how you look at it, I’ve had a chance to sit down and catch up on a few things .

I managed to take on the task of running the network for the conference, and as we all know, the geeks need their network access. We’ve had some issues getting the network up and running which has been interesting. Most of the problems were caused by issues with incorrectly configured rate shaping on our upstream link which was limiting our outgoing capacity to about half of what it should have been. Once that got sorted out we discovered that the fibre tranceiver was not playing nicely with the NIC in the linux router we had been lent use of for the conference. This led to 20% of packets being dropped, and severely hampered usage of the network! When we swapped the dodgy NIC out for a new Soekris box it was immediately obvious that the connection “felt” better and the usage immediately spiked up over 3Mbps.

By far the most prominent form of access at the conference is via wireless, we have 25 APs around the conference, built using Soekris net4526 biscuit computers and Atheros 802.11a/b/g wireless cards. We’re managed the network using the CRCnet Configuration System, which I also plan to introduce to the world during my talk tommorrow.

We were a bit worried that we had overprovisioned the wireless, however the usage stats that we’re seeing seem to suggest that it’s about right. Earlier this morning we peaked with just over 210 concurrent clients on the APs and almost 5Mbps (our limit) of traffic coming in / out of the network.

We’ve implemented some interesting protection strategies on the APs to try and prevent ARP spoofing attacks, although writing software like this in the week right before the conference and then trying to debug it as you build the network turns out to be not such a great idea!

Currently sitting in listening to a talk by Brendan O’Dea about the high volume l2tpns software that they’re written at Optus. Very interesting.

Haven’t posted for a while. At LCA06 in Dunedin since Thursday, network is finally up and running. Still lots to do!

Happy new year

One of my Christmas presents was a brand spanking new USB key. For quite a while I’d been planning to put my SSH / GPG keys off onto something like this for some extra security.

I’ll write up the exact steps of how I achieved my setup in the sometime next week, but it was all fairly easy.

As part of the transition I followed Adrian von Bidder’s guide to multiple subkeys such that I have now a signing key (0×4054AB08) which I keep separately from the private key material of my primary key. My new key fingerprint is below

pub 1024D/59B2D9A0 2005-02-03
Key fingerprint = 6583 A11F 1428 FCDD 65FC C7B5 E0CD 3CDC 59B2 D9A0
uid Matthew G L Brown (Default Key)
uid Matt Brown (Debian Packages)
uid Matt Brown (WLUG Key)
uid Matt Brown (CRCnet Key)
uid [jpeg image of size 4390]
uid Matt Brown (MediaLab Key)
sub 1024g/DF8A0504 2005-02-03
sub 1024D/4054AB08 2006-01-04 [expires: 2008-01-04]

I’ve uploaded the new key to the keyservers, or you can grab it from my key information page.

All in all I’m quite liking the new setup, plug usb key in, password dialog pops up for SSH key, enter password, password dialog pops up for GPG signing key, enter password. I then have both keys stored in the relevant agents easily accessible for signing email / logging into machines. Meanwhile my GPG private key is sitting securely somewhere else. I plan to sign all outgoing email from now on.

Next step is to investigate libpam-ssh for local authentication so that I don’t have to type 3 passwords whenever I login.

Moving House
We’re moving house tommorrow, this means that my DSL connection will be down for a few days while Telecom and my ISP get everything sorted out. Hopefully it will go smoothly and I’ll be back online sometime mid next week.