Cisco switch with 5 years uptime

Cisco switch with 5 years uptime

It is not often I come across this, but this Cisco switch in our computer room have for some reason never been booted. Given this uptime I guess the switch never have been powered on since we purchased it.

The Uptime Project does not support switches so I can't register it there.

Tags: Cisco, uptime

Extended Validation Certificates

EV SSL: An introduction

Extended Validation certificate is a new type of expensive SSL certificate coming to a browser 7 near you before the end of January 2007 if you are using Internet Explorer. When, if or how other browsers are going to support EV certificates are not known at this time. Microsoft, Opera, Mozilla and KDE(not a browser, but...) are all members of CA/Browser forum and will - eventually - provide web browsers that can highlight websites with EV certificates.

What is the difference between today's certificate and EV certificates?

This comparison chart shows the differences between the two types of certificates.

Feature	Today's cert	EV cert
Price	You can get certificates all in all price ranges.	Will cost more as this the new, hot and secure certificate.
Validity of certificate	From one to three years.	Max 27 months, but the specification recommends 12 months validity.
Verification of certificate owner	Not much. You just need to document that you own the domain you request a certificate for.	There is a common procedure all EV certificate authorities need to comply to before issuing a certificate. The procedure seems to be somewhat vague at this point so there is a chance that there will be different procedure for each issuer.
Browser compatibility	You can get 99%-99.99% compatibility from most issuers.	EV certificates will use existing root certificates. At this point no there is no way to tell what root certificate the various issuers will use and compatibility is therefore now known at this time. There are requirements to be met for the root certificate, and these requirements are defined in the guidelines from CA/Browser Forum.
Wildcard certificates	Supported by many issuers.	Not supported. This is a requirement from CA/Brower Forum.

Pictures of EV SSL sites

I found some pictures from Verisign with some pictures showing how IE will look on a site with a EV certificate. The pictures had to be sized down to display properly on this page, so you can click on the image to get it in full size.

And a site without EV certificate:

External links

• http://www.instantssl.com/ssl-certificate-products/addsupport/ssl-evssl-twoyearpromo.html

• CA/Browser Forum.
• InstantSSL - my favorite issuer.
• Offer on EV certificates from InstantSSL.
• Tags: SSL, encryption, IE7, security.

EDNS - DNS extension

EDNS - DNS extension

I recently became aware of an extension to DNS called EDNS. As I work a lot with DNS I not quite sure how I could have missed this extension until now.

EDNS is an extension of the DNS protocol which allows more flags, label types and return codes to be defined, and enhances the transport of DNS data in UDP packets. The version of EDNS specified by RFC 2671 is known as EDNS0.

Wikipedia

EDNS - why?

According to the specifications of DNS, UDP packets should be no longer than 512 bytes in length. There are not any space left for additional flags in the header. For normal use this is  no problem at all, but to implement new features in DNS, such as DNSSEC, changes were needed.

EDNS uses a pseudo resource record called OPT to identify this extension. More links are found in the links section below.

Our firewall, a Fortigate FG-500A from Fortinet, logs oversized packets as a potential vulnerability in the IPS module. At the same time, it only logs the packet as bad, but it does not drop the packet. So it can't be that bad :)

EDNS - what you should know!

This extension is almost invincible for system administrators. Windows 2003 supports this extension by default, but I have never seen any problems as a result of this until today.

• Legacy DNS servers that don't know anything about EDNS will just ignore the OPT resource sent from the other side.
• DNS clients (such as computers) usually never use this option as it do not need to send packets greater than 512 bytes. Most DNS packets are between 150 and 200 bytes.
• There is an hotfix available for Windows 2000 to solve issues related to EDNS queries.
• Window 2003 DNS server do not announce itself as an EDNS capable server to other servers. But it replies to other hosts as EDNS capable when asked to do so.
• Newer versions of BIND seems to advertise itself as EDNS capable.
• EDNS usually adds as little as 10-15 bytes extra data into an UDP packet. In most queries you are still way below the limit of 512 bytes. Some intrusion prevention systems, firewalls or DNS servers may drop packets because of invalid options in the packet. Except for old Windows 2000 implementations (see above) and some Cisco PIX I don't know of any issues related to this.
• Some Cisco PIX firewalls are reported to drop oversized packets. But I do not have any information about what versions do so or how to fix this.
• Before EDNS, DNS reverted to TCP based transactions if the query exceeded 512 bytes. The only consequence from this is some extra IP packets on the network, and somewhat slower DNS. If the client asks a question where the server needs to send more than a 512 bytes reply it answers back that the client need to revert to TCP.
• DNS tries to compress the packets. That is, everything between two dots are only sent one time in the packet. If you query for www.novell.no and get a reply back with lots of additional records, novell is only sent once in the packet. Additional records are records that you did not ask about, but  what the DNS server think that you probably want to ask about later.

EDNS - turn off in Windows 2003

You can't turn off EDNS in Windows 2003 - it will always reply as EDNS capable if the source includes EDNS in the original packet. To make sure you do not send out EDNS probes to all hosts on the Internet you can make the following change in registry. (By default this feature is disabled, and the registry key is not present.)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
EnableEDNSProbes=0x0

External links:

• Report from Fortiguard center.
• RFC2671 - the original specification.
• Article from Microsoft that talks about how to install the tool dnscmd.exe.
• How to change EDNS settings in Windows 2003.

• Tags: EDNS, DNS, EDNS0

Philips Digital Photo frame 9FF2CWO/00

Philips Digital Photo frame

I bought a digital photo frame the other day from Linuxbutikken in Norway. The unit arrived at home three working days after I placed the order. The photo frame is small and easy to work with. The navigation button can sometimes be tricky to work with, but was easy to learn. From what I can see I got three dead pixels on the screen, so now I get to try out a Philips service center. They are not easy to spot when viewing images though.

The contents of the package includes

• White power cord and adaptor.
• The picture frame, as seen below.
• USB cable.
• Documentation and CD with software.

First use

This screen is easy to use. It was very easy to learn how to navigate through the menus.

The easy way to start is to insert your memory card and turn it on. When you turn it on is starts a slideshow in less than 5 seconds. According to documentation the battery is supposed to live for about one hour with full brightness.

The first thing I did was to turn down the brightness a lot so the picture do not stand out and scream for attention.

Common slideshow settings include:

• Display time pr. picture.
• Picture fade effect. Random effect is also a choice.
• Background color outside the picture (when the picture is rescaled to fit).

Picture fading is slow, so I turned if off.

Features

Why this product?

• Solid design. I would not drop it on the floor but the case is heavy and solid. (Not cheap plastic that is glued together.)
• Support for external storage. CompactFlash type 1, Sony memory stick, multimedia card, secure digital and xD.
• Internal memory. From the specifications there is room for 110-150 pictures depending on how you resize them.
• Orientation. Physical that is. You can place the screen in landscape or portrait orientation. The screen will try to fit the pictures to the screen.
• Auto turn on/off.

How to transfer pictures to the screen

Philips ships with their own software on a CD called Photo Manager for Photo Frame. I have decided to use Breeze Systems BreezeBrowser Pro. I make proofs of the pictures I want with 800x480 pixels resolution. This way I don't have to install another product to my computer just to manipulate pictures.

There is no need to resize your pictures as the photo frame will resize the picture for display. This resizing does not take any time with my 2-3MB JPEG pictures. But you get more pictures when you do resize, so I have decided to do so.

Photo Manager for Photo Frame

This software can crop and resize your pictures to get the most out of the units internal (or external) storage capacity. It also makes it simple to transfer pictures to/from the picture frame.

Links

• Product homepage.
• Some specs and documentation.
• Tags: digital picture frame, Philips, 9FF2CWO/00, LCD.

tiq pedometer review

A short review of tiq® pedometer pedometer from Clas Ohlson, article number 34-6473.

This pedometer gets two tumbs down.

Why? Because of it shortcomings...

• Key lock. Or yet, lack of. When you place the pedometer in your belt and walk around you accidentally hit all buttons you're not supposed to hit. And there are four buttons on this device, doing all kinds of stuff.
• Size. To big and heavy. Even if it looks small when you buy it, you'll realize the size issue when you start to use it.

Is it anything good about this product then?

Sure it is. But they are not easy to spot ... There are a few, and I should mention them as well.

• Embedded radio. If you need a radio and a pedometer you're off with one instead of two devices.
• Assault alarm. Can be handy if you ever need it. Of course, with small kids nearby this will go off all the time.
• Adjustable sensitivity. You can adjust how small step should count as a step. For now I can't tell why you ever should need this. But it's there.

Tags: Pedometer, exercise, review, Clas Ohlson, 34-6473.