Comments for Technical Intercourse

Comment on Freeradius, OpenLDAP, DD-WRT by Shawn Tan

Shawn Tan — Tue, 21 Feb 2012 02:54:59 +0000

Yes, you need to configure FreeRadius to talk to OpenLDAP. I’ve already shared the relevant sections for FreeRadius. You need to have a working LDAP configuration before hand.

TTLS-PAP merely runs PAP over a TLS connection. So, you can possibly use 2-factor authentication though I’ve only used one. I may add certificate authentication after this.

Comment on Freeradius, OpenLDAP, DD-WRT by Sebastian Plattner

Sebastian Plattner — Mon, 20 Feb 2012 14:51:10 +0000

Hey. would you mind sharing all the configuration files necessary to achieve this? That would be awsome. Did you change anything else in freeradius configuration? How does it work with TTLS-PAP? I have OpenLDAP and FreeRadius on ubuntu and dd-wrt

Comment on Ubuntu VPN by Shawn Tan

Shawn Tan — Thu, 22 Dec 2011 18:06:41 +0000

I’m afraid I don’t know what you’re talking about.

Comment on Ubuntu VPN by hon ru sheng

hon ru sheng — Thu, 22 Dec 2011 17:13:15 +0000

pls

Comment on Ubuntu VPN by hon ru sheng

hon ru sheng — Thu, 22 Dec 2011 17:12:51 +0000

pls help me see my speed

Comment on Unifi Speed Test by Shawn Tan

Shawn Tan — Wed, 23 Nov 2011 03:59:01 +0000

Yes, it’s only a single fibre and a single fibre can carry a number of channels of communication using different wave-lengths.

Comment on Unifi Speed Test by Band Cheng

Band Cheng — Wed, 23 Nov 2011 03:54:31 +0000

Hi Shawn

Just a couple of question on Unifi, do they install a single core fiber or 2 core fiber? I heard its a single core for two way communication. Its is possible for a single fiber for two way communication?

Comment on Weird TLD in China by Shawn Tan

Shawn Tan — Tue, 11 Jan 2011 15:22:15 +0000

@Vincent Good comment - only trouble is that if ICANN decides to approve the TLD, then things might get screwed up. Not a good idea to use private networks with private TLDs.

Comment on Weird TLD in China by Vincent

Vincent — Mon, 10 Jan 2011 21:18:35 +0000

This is nothing unusual and does not indicate anything about China using it’s own root servers.

What you must realize is that many ISPs use PTR records for a very different purpose than it was designed in the first place. There is no glue between the PTR and the actual A record (if there is any for that particular IP address).

To verify this claim, you need to do something like this :

1- Find the authority record for the reverse domain :

Asking dns1.chinaunicom.com.hk about 125.45.96.89 returns that information :

AUTHORITY RECORDS:
-> 45.125.in-addr.arpa
type = NS, class = IN, dlen = 19
nameserver = ns.halyptt.net.cn
ttl = 86400 (1 day)

This means that the server that holds the rights to provide authorized information about that request is ns.halyptt.net.cn.

2- Ask that server about the same IP address :

Name : hn.kd.ny.adsl
Address: 125.45.96.89

3- Try that same server with what it just gave as a PTR :

> hn.kd.ny.adsl
*** ns.halyptt.net.cn : Query refused

This means that this server is made to only accept PTR requests. Other ISPs do the same thing, sometimes with custom TLDs, sometime not. For example, tracing to aol.com returns one of the following hop from my location :

te0-1-0-1.ccr21.ymq02.atlas.cogentco.com

However, when trying to forward-request the IP of that PTR, cogentco’s own DNS system refuses the query.

Why do they remove the glue? I don’t know, but I also don’t know why they would provide it. For ISPs, the PTR records are a way to enable more verbose traceroutes. On the other hand, public A records would not provide any benefit. Most (if not all) ISPs have their own internal management infrastructure that is not only inaccessible from the Internet itself, but also relies on private DNS and IP networks.

Comment on Multi-core Parallelism by 24 Core Server Performance

24 Core Server Performance — Fri, 26 Nov 2010 03:24:26 +0000

[...] need to be careful about how those cores are socketed and how the tasks spawn across them. I had a server go from fast 6-core to slow 8-core in a 12-core (2-socket) system. So, just having lots of cores [...]