SSH brute force attack prevention

The standard SSH server does not come with any usable form of SSH brute force attack prevention, but with a few firewall rules it’s possible to implement something that works quite well. I have set up the rules on 2 machines with great success. To make sure that I dont get locked out accidentally though I added an extra rule before these to allow access from my trusted network. If you only have remote access to the machine, it may be a good idea to do the same.

Useful information for Compaq T2400h UPS owners

Several years ago I bought a 2.4KVA UPS for the bargainous price of £90, and it’s still working nicely. It’s kept my computer running for about an hour in the past, and I’m glad I have it since power cuts used to be quite frequent around here.

Now I’m looking to get it hooked up to a computer so that it’s status can be monitored and systems can be safely shutdown if I’m not around. UPS serial connections don’t quite use standard RS232 pinouts and communications – it’s kind of a hybrid between RS232 and a more basic status-line implementation. The cables that connect UPSes to their monitoring machines generally require special wiring. In the case of the Compaq T2400h, this is what’s required (taken from a post by the guy who was the source of my UPS):

Male -> Female
1 -> 3
2 -> 2
4 -> 5
6 -> 7
and 4 <-> 6 on the female side are linked

Note that this pinout is unconfirmed, but I will be attempting to make one of these cables to test it, and hopefuly get it working with NUT.

Update: I found some information on using a T2400h with NUT, which includes a confirmation of the wiring of the serial cable.

Core 2 Duo vs Pentium 4

Recently I have upgraded from a P4 3Ghz (S775) to a Core 2 Duo E6550 (2x 2.33GHz with 4MB cache). The difference in performance is astounding. I’ve not managed to find anything yet that will slow it down to cause any noticable problems with performance.

The cores also run incredibly cool. Before the upgrade, my P4 ran at between 50 and 60 decrees C with quite a substantial heatpipe heatsink + fan. With the stock cooler, each core of the Duo runs at between 30 and 40 degrees. Couple this with a stock cooler that supports PWM (and a mobo that does the same) and I’ve ended up with a much quieter and cooler system than before.

I can’t compare to AMD’s offerings cos the only AMD machine I have is a Duron 800, but you currently have a P4 I highly recommend the upgrade. You may, as I had to, need to upgrade your motherboard too, but I needed to do that anyway.

Invisible menus in MythTV

When I installed Fedora 7 recently, I found that the menus in MythTV had disappeared. At first I thought it may be related to the OpenGL rendering of the menus, but it turned out to be the theme relied upon the Microsoft Core fonts. There’s a handy guide that allows you to install the MS core fonts on an rpm-based system without breaking the licensing (apparently).

If you’re planning on setting up MythTV, especially if you’re living in the UK, I suggest following the MythTV Installation Guide by Garry Parker. Although it is targeted at Ubuntu, it can easily be applied to rpm-based and other distributions with the right knowledge.

Simple VPN setup

I’ve tried to set up a VPN in the past, to create a secure permenant link between the server on which this site is hosted and my home network. I tried both PPTP in the form of Poptop and ipsec implementation FreeS/WAN. Today I succeeded in producing a nicely routed connection with reasonably low latency, using OpenVPN. I think I’d looked into this in the past but I dont think the documentation was as good back then. Now I’ve found that there’s a simple guide to setting up a basic connection with static keys. If you’re lazy (like me) there’s also a Webmin module for OpenVPN, which provides you with some more advanced options. It probably took me about half an hour to figure out and set up the connection.

The bonus thing is that there’s an OpenVPN client for Windows too! I’ve installed it on Vista without problems, but not got around to testing it yet. If I ever find a use for and get a laptop, and I make the mistake of running Windows, at least I’ll be able to connect into my home network.

Debian Sarge users may find this hint handy if receiving an error saying that the nodes under /dev don’t exist.