Category Archives: Misc

Cigarette butts and trash

Cisco SRP547W router – first impressions and VPN support

I’ve recently acquired a Cisco SRP547W router to evaluate as a replacement for the Cisco WRVS4400N. The SRP547W sports a similar feature set to the WRVS4400N, with the added bonus of a built-in ADSL2+ WAN interface. Because the WRVS4400N only features an Ethernet WAN port, I had to use the Draytek Vigor 120 as a PPPoA to PPPoE bridge (in New Zealand broadband is delivered over PPPoA). This worked great, but at the end of the day if I can reduce the number of links in the chain it can only be a good thing.

Connecting the SRP547W to Orcon’s ADSL2+ network was straightforward and painless. The device features a very nice first-run wizard, a cut above what you’d find in a vanilla router (as you’d expect given the price difference).

Cisco SRP547W setup wizard.

All of the security goodies of the WRVS4400N are present, with one difference being much-improved VPN support. The SRP547W features a built-in “Cisco VPN Server”. Although Cisco market this as being intended for use with their non-free Cisco VPN Client product (which is end of life incidentally), it’s actually just a standard IPSec VPN and works with a variety of other clients. I had no problem creating a VPN tunnel on Windows 7 using Shrew Soft’s excellent (and free) VPN client. The stock Android VPN client also worked right out of the box, as did Ubuntu Linux using vpnc (I’ve yet to try Mac OS X). A maximum of ten VPN users are supported, and the experience is generally much better than using Cisco’s poorly supported QuickVPN product as marketed with the WRVS4400N.

Price-wise the SRP547W isn’t too bad, not being too much more than the original cost of the WRVS4400N + Draytek Vigor combo – plus you also get analog phone support, a full SIP stack and more. I’ll be sharing some feedback on these other features in the near future.

About these ads

Configuring URL blocking policy on the Cisco WRVS4400N

This is a weird one and doesn’t really make a lot of sense – but posted here all the same if it helps someone. Part of the Cisco WRVS4400N‘s feature set is a configurable internet access policy, allowing the administrator to schedule internet access hours and permitted sites for discrete LAN clients. The latter is managed by updating a domain blacklist in the admin BUI.

The manual makes out that this is as simple as creating a new policy, adding clients, specifying whether it’s for blocking or allowing access, and adding URLs to the blacklist – but in practice it doesn’t work like this at all. In my case, configuring an “Allow” policy for a single client and adding entries to the blacklist resulted in all internet access being shut off entirely for all machines including the client in question. Looking at the Cisco Small Business support forums, there seems to be equal confusion on this from both customers and Cisco support personnel alike. One Cisco technician mentioned for example in a forum thread on the issue that any clients not defined in an “Allow” rule would be denied by default – but this nugget of information doesn’t seem to have been included in the reference manual.

Anyway, to get a simple website blocking policy in place for one LAN client, here’s what I had to do.

1) Configure an “Allow” policy for the client

In this policy we are allowing the client 24/7 internet access, but not permitting her to access the domain apple.com:

Configuring a internet access policy rule.

You’d think this would do the trick, but no. If your experience is the same as mine, this will shut off internet access entirely – so we move onto step 2.

2) Configure a second “Allow” policy for every other device

In this policy we are specifying an IP address range – which also covers the address of the machine above. Like the above policy, it’s for 24/7 internet access:

Configuring another internet access policy rule.

On saving this rule (you don’t need to reboot the router), you should have full access to all websites except for apple.com for the client defined in the first rule. All other LAN clients should have normal full access.

 

The WRVS4400N is now end-of-life. In my time with it it’s generally been a useful device, but marred by a number of issues which created the impression of a somewhat half-baked or half-heartedly-supported product (possibly due to its Linksys lineage which Cisco are selling off to Belkin). Counter-intuitive interfaces like the one described above, wireless performance which was pretty slow all around (really not living up to the advertised 802.11n), Cisco QuickVPN software which was great if you were only on Windows (with Cisco not interested in versions say for Mac OS), IPS signature files which failed to block Skype (counter to the advertised feature set), and so on. I have a Cisco SRP547W being made available soon hopefully to replace this unit which I will post some impressions on.

Be Explicit.

Something I see time and time again when observing technical support in action. Don’t ever assume that because you know where a certain feature resides in a certain application that the customer will also know what you’re referring to. If for example the location where you need a customer to modify a setting is at “Edit -> Preferences -> Options -> Formatting, in the desktop variant of application ‘x’, then that is precisely what you must communicate to her. Not, “go to the the formatting settings in application ‘x’, without any indication of what edition of the software you’re referring to.

And not just customers either – it’s a rule that should be adhered to just as rigorously when communicating with colleagues, no matter what their technical level.

2012 in review

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

19,000 people fit into the new Barclays Center to see Jay-Z perform. This blog was viewed about 94,000 times in 2012. If it were a concert at the Barclays Center, it would take about 5 sold-out performances for that many people to see it.

Click here to see the complete report.

Sibelius and the risk of proprietary software

Before doing what I do now, I used to do music. It’s not an environment I’m involved in to any great extent any more, although I certainly wouldn’t rule out taking it up again at some point in the future.

So it was interesting after reading about recent customer upset involving much-loved proprietary software vendors being acquired to learn that users of the Sibelius music notation product are similarly getting burned by recent moves by parent company Avid Technology.

In this case, it looks like Avid have shuttered the UK office where Sibelius was originally developed (along with many other products in their portfolio) in what looks like a considerable cost-cutting drive. Reading the general outpouring of concern from Sibelius customers online, I was struck by just how eerily familiar the whole thing sounded to someone who’d gone through the whole rigmarole before – in this case, my experience with Oracle.

For example, the creation of online user concern groups (also on Facebook), the inevitable petitioning of Avid (and publishing of contact information for its senior management team), and representatives from Avid being trotted out to reassure customers of their “commitment” to the product – even though it looks like a large chunk of the core development team have already walked the plank.

Do I think that petitions and corporate assurances are going to make any difference to the likely future of Sibelius whatsoever? Not a chance. This is business, and it’s the risk any customer takes when investing in a product based on non-standard, proprietary technology. You can’t successfully shame nor persuade a corporation (especially a giant like Avid) into rethinking whatever decisions they’ve already made, planned probably months before the announcement. Been there, done that, doesn’t work. Avid management are probably really not too concerned with Sibelius users’ feelings, nor their user community: like many other major technology vendors, they’ll do whatever it takes to satisfy their shareholders, if it means killing or reducing development in a few niche products along the way. Put it this way, this is not the first time a major technology vendor has screwed their professional users, and it sure won’t be the last.

The best scenarios I think Sibelius users can hope for are:

1) Sibelius development continues just fine in whatever office the product moves to
2) The original Sibelius development team sets up privately, launches a competing product
3) Sibelius eventually gets sold to another company that dicks around with it or the pricing, or just lets it languish
4) Competitors start offering extremely attractive crossgrades. Sure enough – check this out.

Scenario 1) would appear to be the least likely scenario, by far. And it would appear Avid have already somewhat indicated their intent on the immediate likelyhood of scenario 3).

It’ll probably take a few months to see where current events lead to with Sibelius the product, but I suspect a lot of customers may start to look at option 4) – until such time that the alternative also hits the rocks, screws its customers, or sells out. And the glorious cycle continues – joy!

The only true peace of mind for me in investing time and resources into any critical application is when it’s based on open source code and open standards. I’d like to think that some of the energy being expended by Sibelius users here would be spent looking at open source notation alternatives, but sadly I don’t see this happening – much the same way in which the vast majority of office apps users can’t handle anything without the Microsoft brand on it.

Still, I do hope I’m being premature, and at least I would hope to see Avid prove any comparisons to Oracle wrong.

Das Keyboard Model S Professional Mechanical Keyboard – a short review

I find that simply having different keyboard layouts, or even the same layout from different keyboard manufacturers can really become a hindrance when rapidly switching amongst multiple computers across disparate locations. I figured why not purchase a set of identical make and model keyboards as a solution, but then got to thinking: I spend most of my time at a computer keyboard, so why not look around for something a bit more deluxe?

In terms of mechanical keyboards, I’ve hitherto been using on and off an old Silicon Graphics AT-101 keyboard which I rescued from the waste skip at work during a clear-out of old equipment a few years back. Even though the keyboard response is a bit soft, each key is mechnically switched – and a definite improvement over the cheap Dell keyboards which I typically use most of the time.

After a considerable amount of reading and research, I’ve gone for a mechanical keyboard in the form of the Model S Professional keyboard from Texas company Das Keyboard:

http://www.daskeyboard.com/model-s-professional/

As can be seen at the above link, each key has its own mechanical switch, in this case, the Cherry MX Blue switch from German company Cherry.

Some impressions: it’s a no-frills piece. Just 104 keys, and a built-in USB hub. No backlighting, programmable macros, media controls or shortcut keys. This kind of simplicity, coupled with the excellent build quality and the weight of the device (it’s not light for a keyboard!) leaves the impression it’s designed to do one thing very well.

The keyboard symbols are laser-etched: no cheap printing here. An extra-long length USB cable pair is a very considerate touch – perfect for reaching down the back of a desk to a computer on the floor. No third party drivers are required, as there is no enhanced functionality of any kind. Simply plug it in, and go.

Of the mechanical keyboards I was looking at, the Model S Professional is the sleekest and most stylish design available, in my opinion. The glossy piano black finish is a nice touch, too:

Das Keyboard Model S Professional

So what’s it like to use? In a word, awesome. The “clickyness” in the key action is delightful, and true to the advertising, less force is required to make a successful keystroke compared to a cheap keyboard by virtue of the mechanical switches. Quite simply, after an hour of using the Model S Professional, my Dell keyboard by comparison feels like total mush – really awful. If there is one tiny complaint I have, it’s that the backspace key is a tad squeaky. I have a second unit arriving in the next few days (to accompany the first, not to replace it), so it will be interesting to see if it’s the same. (Update: the second unit has arrived and it has no such squeaks. Nothing a little bit of DIY couldn’t fix, and sure enough it’s the plastic hooks on the stabilizer bar which just needed a little bit of synthetic grease.)

If you haven’t used a mechanical keyboard before and you perform a moderate to heavy amount of typing during the day and/or night, then definitely check one out. I can certainly recommend Das Keyboard’s products.

Add a single video to the XBMC video library

In the latest (version 11) release of XBMC, the ability to add single videos manually to the XBMC library has been removed. In version 10, all one had to do was right-click on a video file in the XBMC user interface, and from the contextual menu that appeared select “Manually add to library”. This is no longer the case in version 11, but rather than go into the potential reasons for the removal of the feature, let’s simply describe how to add a single video file manually.

This is obviously most useful for media files which aren’t detected automatically by XBMC’s media scrapers. In the example I’m using, it’s a technical presentation made by the Nuxeo ECM developers.

First, one has to create an NFO file for each video that needs to be added to the XBMC library. Ensure that both the video file and NFO file are both placed in a directory which is already an XBMC media source. Use your favourite text editor to create the file, give it an .nfo extension, and name it after the same name as your source video file:

Create an NFO file

The contents of the NFO file are very simple – the “title” value should match the name of the video file, for example:

<movie>
  <title>Digital_Asset_Management_with_Nuxeo</title>
</movie>

 

Finally, firing up XBMC and running a media scan (or not, if you’ve set it up to do it automatically) will result in the video being available for playback from your XBMC library:

Single video file detected by XBMC

blog.davekoelmeyer.co.nz is now WordAds-enabled

Some changes to the site which you may have noticed – my blog is now displaying embedded advertising as part of WordPress’ WordAds programme. Part of the change involved choosing a new WordAds-compatible theme, which meant that my previous Premium theme had to go – but the new theme is a rather nice replacement.

The new Gmail sucks (especially for IMAP users)

As part of the great Apple MobileMe/iCloud migration plan, I’ve been shifting my mail data into a Gmail account backed by Google Apps Business edition. And boy, I must congratulate Google on taking what should have been an entirely predictable exercise and turning it into a right pain in the arse. Especially if you (shock, horror) want to access it from an IMAP client, which I do.

 

First, let’s start with “Labels”. I guess the temptation for Google to resist inventing another cute term with slightly different functionality for a very old concept was too great to resist. Never mind that “Labels” are to all practical purposes the same as mail folders, let’s call them something different and confuse the shit out of people. I now have “Labels” in the Gmail web client, which are presented as standard IMAP folders in my Thunderbird client. Great – two different sets of terminology to have to deal with and explain to clients.

So you can apply “Labels” to more than one conversation – big deal. Why can’t we just stick to folders and search folders? (And talking about “conversation” (i.e. threaded) view mode, let’s make that the default mail view and stick the setting deep into the preferences just to really annoy anyone who’d like to turn it off).

Even worse, Gmail now has “System Labels”, and these get pulled into your IMAP client, sitting under their own curious “Gmail” subfolder:

Gmail system labels in Thunderbird

This is where the whole label/folder distinction really breaks down. At least you can disable these from appearing in your IMAP client via Gmail preferences:

Disable system labels for IMAP users

Moving on to mail rules – whoops, sorry, I mean “Filters” as they are known in Gmail. So I set up a mail sorting “Filter” to sort mail addressed to one of the many mailing lists I subscribe to into a “Label”. Seemed straightforward enough, but for some reason I still received a copy as well in my inbox. Well, you have to make a manual setting for that too – and confusingly it’s a setting called “Skip the Inbox (Archive it)”

Gmail filter settings

I can understand the “Skip the Inbox…” bit, but why the reference to archiving it? I just want to move the fucking thing to another folder and that’s all.

 

So assuming you’ve jumped through these hoops just to get your IMAP client in order, you now have to deal with Gmail’s most perplexing “feature” – the “All Mail” folder. I have absolutely no idea why this is present, nor what function it is even supposed to serve. Straight from the documentation:

“Gmail/All Mail contains all of your messages in Gmail, including your sent and archived messages. Any messages that you see in your inbox will also appear in the Gmail/All Mail folder.”

Um, why?

Anyway, worst of all let’s assume you have some 20,000 mail items (like I do) spread across several “Labels”, or “Folders”, or whatever Google are calling it this year. Assuming you haven’t used the above IMAP settings in Gmail to prevent the “All Mail” label from appearing in your IMAP client, you can expect all 20,000 of those items to be pulled down in duplicate into your IMAP “All Mail” folder. Sheer genius!

 

So in summary, not a fan at all. I’m using Google Apps mail basically just for the capacity and uptime SLA, but otherwise it’s confusing if you aren’t using the Gmail web interface, it looks like it was thought out by a bunch of computer science undergrads for a project of some sort, and in general the whole thing just stinks of an effort to make it as frustrating as possible for IMAP users short of having the whole thing not work at all. Read: “Use our browser, and the native web interface, and you won’t have any problems at all!”. Mmm, I love the smell of lock-in in the morning.

On that last note:

Gmail desktop notifications unavailable

This sort of thing makes Google absolutely no different to Microsoft in this regard.