Sunday, August 24, 2014

My first raspberry Pi and dabble into crypto currency ASICs

This will be a combination of a few things.

I bought my first Pi to play with.  It now does mail for our home domain, DNS and a nice gui for the dabble into crypto currency.

I bought a nice combo that had a B+ board, power supply, case, heatsinks and on top of that a wireless dongle as I want it to run in the garage which has no cabling.

Unpacked it and put it in it's case and put the heatsinks on.  Easy.  Plugged into the TV and booted NOOBs.  Told it to install raspian and it was away. All nice and easy.

Raspian boots up with LXDE but you can, in theory, install just about anything.  Set up the wifi network and a few test reboots all looked good. I played with overclocking but it just made it less stable. We'll revisit that one.

Things to do on a new RPi I now know: firmware update (sudo rpi-update) and full dist upgrade(sudo apt-get dist-upgrade) of raspian. Both seemed to help stability as I had some USB issues to start with. Go through the raspi-config settings carefully and go to advanced update rapi-config before anything else. I've dropped the GPU memory to 16MB as it'll barely ever use the display. I had to turn off overscan as well to see the whole desktop.  Seems odd that's on by default.

I have a mail server running postfix, dovecot and roundcube.  All these just installed on the RPi and worked.  Copied the config files from the old server and merged them.  Copy certs from the old server to RPi.

The next step was to test a Gridseed (scrypt hasher) and it picked it up fine.  Install a system named minera ( which can be a full SD image or install on a running system.

The surprising thing is the RPi just keeps taking this. It seems to have more than enough grunt to handle all this.  It didn't do so well when I tried a minecraft server as well.  Might need another one for that :-)

So it sits in the garage with 6 gridseeds hashing away (it'll never make money but it's fun) and doing DNS for the home network and our mail server all over a wireless link.  Seems plenty stable.  I like it a lot! The idea was to stop leaving a full computer on 24/7 when something tiny and way less power hungry will do the job. So that's my bit to saving the environment :-)

My list of gripes are small and not really RPi related. The Gridseeds won't do SHA256d on the Pi, I have to go to a special windows build to do that but looking at it the gridseeds should be restricted to scrypt.  They use 6 to 8 watts (4 apparently if you chop the fan) each and hash about as much as a reasonable graphics card (360 to 390 kH/s currently similar to R9 270). If you so SHA256d they use 5 or 10 times as much power.

Thursday, April 17, 2014

Gentoo Linux and 802.11ac

I have an Intel 7260ac PCI card that never seem to go all that fast under Linux.

The NetworkManager widget said it was on channel 149 and doing about 130Mb but in Windows it gets 650 to 780 Mb in ac mode.

Turns out the NM widget was lying it was on 2.4 (so not channel 149) and was capped about 130Mb. I tried forcing it to 5GHz but it just roamed back to 2.4.

Hmm.. found a simple solution block the MAC on the 2.4GHz radio. Now it connects at the same speed as Windows on 5GHz.  Simple really and not an issue if you have separate SSIDs.

Saturday, January 25, 2014

30 second guide to setting up an interface mode VPN on Cisco IOS

This is like one of those recipe book type 1 page cheat sheets. This relies on you knowing IOS well enough to just need a jog.

So to set up an interface mode (Virtual tunnel interface in Cisco speak) vpn you need these commands:

crypto isakmp policy
crypto isakmp key
crypto ipsec transform set
crypto ipsec profile

policy-map maybe
class class-default
shape average 128000

int tun
ip address maybe or ip unnumbered vlan1 to tie to vlan1
tun source outsideIP
tun destin otherend
tunnel mode ipsec ipv4
tunnel protection ipsec profile
service-policy maybe?

ip route tun0 perm?
or use Ip and dynamic routing rip v2?

If you're switching from proxy style VPN then remove the crypto map unless you still have dynamic client vpns and remove the IPSec policy for the connection.

The tunnel ones are just so much nicer.  No NAT hassles, easy policy QoS etc. 

Also help diag commands:

sh crypto session detail 

Thursday, January 16, 2014

Certificates on Windows, AD CA etc

This relates mainly to older servers since CAs now require 2048 bit keys and I kept running into a default of 1024 I couldn't change.

This is ripped from another blog (thanks


cretate a file called c:\cert.inf with the following content:

Subject = ", O=MyCompany, OU=IT, L=London, S=SE1, C=GB"
KeyLength = 2048

Now run the following:

certreq -new cert.inf outfile.req

Now just cut and paste the contents of outfile.req into the geotrust QuickSSL Premium Enrollment page and away you go.


But that only goes half way.

To complete things for me loading a certificate into IIS I had to change the cert.inf file..

Subject = ", O=MyCompany, OU=IT, L=London, S=SE1, C=GB"
KeyLength = 2048

Exportable = TRUE

The certificate is created under the current user and you need to export it and import to the machine account to access it in IIS.

Import the cert from the provider into your current user. Now you should be able to export it with it's private key and import it into the local machine account where IIS etc can see it.

Sunday, November 17, 2013

Windows 8.1 update notes

Just some notes from my experience of Windows 8.1 upgrade.

1. It's slow to install.  Like I'm sure it took longer than the initial install of Windows 8!

2. Start button is a have.  Just goes to Metro.  It's Metro I'm not a fan of, which is odd given I spend most of my time in Gnome 3 and I use metro in the same way.  Press windows key and start typing. Metro is just to busy.

3. App problems.  I was going to say none but VMWare player had to be repaired as the networking bridging sopped worked. I showed the interface as down and the bridge interface list was empty.  After being repaired it was fine..

Tuesday, September 10, 2013

Cisco IOS certificate handling

This is primarily for sslvpn type stuff first off.

I use for certs etc. They great, they're free for the common stuff and browsers recognise them.  All in all they rock.  Thanks

Importing the cert so I can use it on the router.  Seems simple but there are some gotchas.

StartSSL give you a private key..

Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,32C45D65DFE1A50C983B5F75F341764D



and a public key


First gotcha all they guides i've seen are old and say

crypto ca import

Most new IOS use instead

crypto pki

Second big gotcha is the IOS doesn't do AES.  So see in the private key, 3rd line it has AES we need to convert that.

It's easy if you have a Mac or a Linux box.  With windows you need to install openssl.

Save your private key on your Desktop as oldkey.pem, open the terminal and type

openssl rsa -in Desktop\oldkey.pem -out Desktop\newkey.pem -des3

Open the newkey.pem file and your public key and download the  CA certificate for your provider. They'll have a link in FAQs etc.

Log into the router, enable etc and go to config t.

To be continued

Friday, June 21, 2013

unix utils translation

I've been jumping back and forth between a few OSes lately and I keep typing the wrong thing at the prompts for day to day admin.  So I'm putting it here so I don't forget :-)

This is the commands for general update current packages, install new packages etc type stuff

Gentoo Linux:

update: emerge --sync && emerge -DuN --keep-going world
install:  emerge --sync && emerge packagename
search:  emerge --sync && emerge -s name
or emerge --sync && emerge --searchdesc

FreeBSD (9.1 if it makes a difference)

packages (pre-compiled)

update: freebsd-update --

and for ports (from source)

update: portsnap fetch update && portupgrade -a
install: cd /usr/ports/catagory/package && make WITH_LDAP="YES" install clean

Centos 6.3

update: yum check-update && yum update
install: yum install packagename
search: yum search 

More to come..