I created a WordPress blog at work for communication with my team.  It works fairly well.  I ran into an issue though, when uploading media in Office’s “new” format that it just opened as a bunch of code.  The version of Apache that came with Xampp (and I suspect on many hosts out there) needs the apache\conf updated to include the Mime types.  The line that should be added is:

After adding the line, clicking a link should prompt the browser to download the file instead of display it as a bunch of gibberish code.

To update this on Domain.com I had to:

1.  Click on control panel next to your hosting package.
2.  Click on Manage Webspace (if you have multiple spaces please make sure you have selected the correct one first.
3.  Click on Website Configuration and across the top tabs click on MIME Types.

The Mime Type is as it’s typed above.  When entering the extensions, however, you have to seperate them each on their own line or by commas (no spaces!)

Like any admin/tech support rep I don’t like to do tedious things over and over again.  I’ve been learning VBScript to automate a lot of things.  I’ve written a handful of scripts/scraps so far.  The one below is quite useful in gathering data about a list of remote computers.  It accepts input from a text file that is prompted for in the script.  It gathers the current logged on user, certain values in the registry that indicates it’s location (the values and where they are depend on where your company places them, if any), and any IP addresses that are assigned to any NICs in the machine.  It then outputs the data to a csv file, that the user can name in the beginning of the script.  It’s written so that the path to where the file is saved is hard coded and not selectable.  It uses the network roaming desktop path as the place to save it.

I’ll apologize in advance for the lack of “structure” in the code box below.  I’m just using a div to make it so the indentation doesn’t copy over 🙁  I’ll redo it later…

Hopefully all or part of this script can help any admins out there do some data gathering!

I’ve been wanting to develop a more secure and robust home network for a while and this past weekend I took my first step towards that.  A few months ago I replaced my WRT300N with a Linksys E4200.  My reasons for upgrading were I wanted something faster and had the 5GHz spectrum support.  For some reason in my area there is often interference throughout the 2.4 range.  I haven’t implemented the 5GHz for any of my devices but that will hopefully come soon.

So, my 300N has been sitting around collecting dust and I wanted to re-purpose it with dd-wrt.  I love the expanded capabilities and the open source nature of the software.  My chief reasons for choosing to flash dd-wrt instead of retaining the stock firmware were:  1) To see if I could do it 🙂  2)  A more secure system,  and 3)  VLAN support.  I did a little investigating and some of the recommended reading before starting the process.  It wasn’t clear as to whether the 300N actually supported VLANs and there were no confirmations.  But for me, having an additional router to add another layer in my network was worth it anyway.  So here is how I got it working with my 300N, along with successfully setting up a restricted VLAN.

The initial flashing process was as easy as it is described in the manual.  I used the Web-GUI method.  I’m not sure how important it is to go through the 30-30-30 reset method (I didn’t read the lengthy explanation) but it’s 90 seconds out of my life, done twice.  It’s not a big deal and well worth taking the time to avoid bricking the router.  So that’s what I did.

After flashing I set my secure password and dove in to figuring out how to setup my restricted VLAN.  To do that:

1. I chose to use telnet, so I connected to the router’s default gateway IP and logged in (when using telnet, the username is root and the password is the secure password you set when logging in)
2. I then passed the command:  nvram set boardflags=”0x0110″
1. The default value is 0x0010.  To know why I set it to what I did, see the links at the bottom of the post.
3. I then passed the command:  nvram commit   (this commits any changes you just made)
4. I then passed the command:  reboot

After the router boots back up (it might take around 30 seconds or so) it’s time to log back into the web gui.  Now, under the “Setup” option you’ll see an additonal tab for “VLAN.”  The two tabs we’ll be using are VLAN and Networking.

1. Go to the VLANS tab and check the box under which port number you want to be under which vlan.  I left “W” on vlan0, the default vlan.
1. The ports numbers in the GUI are backwards to what is labeled on the back of the router.  Port 1 in the GUI actually corresponds to the port labeled 4 on the back of the router.  2 in the GUI to port 3 on the router, etc.  If this bothers you, in the telnet session see what the order of the ports are by passing:  nvram show | grep vlan1ports    What you then want to do is pass the same value back into that setting but in reversed order.  So if it was vlan1ports=0 1 2 3 5* then you want to pass:  nvram set vlan1ports=”3 2 1 0 5*”   Note the use of quotes when setting the variable value.  Also note I left 5* at the end.  Port 5 isn’t a physically accessible port, it’s used internally so leave it at the end.
2. Next I went to the Networking tab and created a second bridge, br2.  I created another bridge because I’m controlling my restrictions that way.  I have more than one vlan I want to restrict, and if I add more in the future I just tell it to use bridge 2 and then I don’t have to setup the restrictions all over again for the new vlan.
3. To create the separation I assigned it a different subnet from the rest of my network.
1. For example, if my “main” network is under the 192.168 subnet, I would set my restricted to the 10.200.1.0 and give it the 255.255.255.0 subnet mask
4. I created another DHCP server for that second subnet (otherwise connected devices wouldn’t get an IP!).  That is at the bottom of the Networking page.  Give it the same subnet and mask as you set for the bridge.
5. Last, I created new bridge connection for the vlan’s I want to be on the second bridge.  I added eth2 to this network, which is the wireless controller.  So, I have one physical port and all wireless connections going through bridge 2.
1. If you plan on offering open wifi or making it available to guests, this is probably a good idea

The configuration of the port assignments and the separate is now done.  All that is left is create the restriction.  The one I opted for is, using my example subnets above, to have the 192.168 be able to access the 10.200 but not the other way around.  Before you commit any iptables or other rule changes to the router permanently (setting them to auto execute in a startup script) I suggest just passing them via a telnet connection to test them.  If you end up creating a rule that blocks you out of the router all you have to do is reset it and the configuration is gone.  One you know the rules you want, you’ll want to set them to a startup script so that you don’t have to set them again after each router reboot!

My restriction requires one rule, set to the rc_firewall startup script:  nvram set rc_firewall=”iptables -I FORWARD -i br2 -o br0 -j logdrop”

And that was it.  I just did a simple ping test to verify.  I could ping from one vlan to the other, but not the other way.  This is far from the final configuration of my router but this was the main goal.  I’ll also be looking into setting up PFSense on an old machine.  If you’re wondering why I want two manufactured routers in addition to an x86, the routers will eventually be more like switches, enabling a broader wireless range (in coverage and number of) and providing additional hardware ports.  The whole thing is an experiment chiefly for hands on learning.  The byproduct being a more secure home network in the end.

References and Resources (without whom my efforts may have been fruitless or taken much longer):

Here are the pages I used to assit me (in addition to the manual linked above):
Basic information for the family of chip in the WRT300N
IPTables configuration

Here’s another link to an article with an extensive write-up on separating your WLAN from your LAN.  I haven’t read it, though.

Over the weekend I transferred my domains from GoDaddy to Domain.com.  I wanted to leave GoDaddy because of their SOPA support (I don’t care if they retracted, they only did it for PR, not because of their actual beliefs).  Anywho, my initial opinion of Domain.com is that it is a bit unnecessarily difficult.

The transfer process was a breeze (of course) but once transferred it was a bit difficult to get things setup.  They have several things I ran into documented in their knowledge base but I don’t think I should have to go look up what are “normal” web hosting tasks.  I figured out the part to attach my domains to the hosting plan ok, but ran into issues with the DNS.  When I attached the domains to the hosting service I checked the “Enable DNS Configuration” box.  The reason being that all of their knowledge base articles tell you, you have to setup the DNS yourself.  Anyway, on the “Finish” screen it tells me my name servers are going to be domain.com’s.  This is perfect, this is what it should be.  Well, I gave it several hours and it wasn’t working.  My domains were still resolving to my old host.  All the mentioned configuration was done in the “Hosting & Services” section of the control panel.  Even when going back into the hosting and looking at the details of the domains I have hosted under that plan it tells me they have to be the domain.com nameservers.  So I emailed them and my response was that I had to set my domain name servers from the “Manage Domains” tab to ns1-3.nameserver.com.   The hosts I’ve had experience with have very generic nameserver names and I took this to be literal (I know, I know… but in my defense, the literal ‘nameserver.com’ has a working NS!).   So, should-have-known-better-me went and updated this.  It didn’t work, obviously.  So in the middle of my work day today I clue-in and change it the domain.com servers.  Like magic is started working.

After all of that, my two biggest gripes are this:

1. Why did I have to manually set the nameservers via the “Manage Domains” section of the control panel when, when I attached my domain to the hosting plan it told me what the nameservers were.  I assumed they were automatically setting them as well (and since it’s all domain.com’s product why wouldn’t it?)
2. When I emailed support, why didn’t the person responding actually look at my account and what I had purchased and tell me exactly what to do?  I got a generic template response they send out to everyone.  So in addition to that first question not actually getting answered, the other three I had in the ticket weren’t even acknowledged.

The WordPress setup wasn’t as easy either.  It installed OK (although it’s not the latest version that came out a week ago).  BUT it doesn’t tell you where it installed.  It’s not under the /wordpress/ folder you would normally be looking for.  That’s also the path it tells you to load it from yourdomain.com/wordpress.  It took me a while to figure out I had to go back into the control panel and into the “Site Applications” and back into the install for my domain and “unlock” the directory.  They warn you this isn’t a “good idea” and that you’ll be responsible for updating WP and they wont do it automatically anymore (because one click inside the dashboard is so difficult…).  BUT you still wont find the directory when you are in FTP!  It remains a hidden directory and it’s still not in the “wordpress” folder.  It’s in an obscure siteapps folder and then you have to type in the ID number into the remote site path of your FTP and load it manually.  For people like me who developed their own theme for wordpress we need this so we can upload our own theme!  I don’t share my theme with the rest of the WP community so it’s not available to search and download the usual way.  Because of all of this, it’s also extremely difficult to change my blog url to just the top level domain.  Again, you have to go through their control panel features and change the URL.

So, my biggest gripe there is that they try to manage things too much.  Your folder structure doesn’t reflect it’s ACTUAL structure when it comes to installed apps (if you install via their control panel).  I don’t want to be micro-managed in my hosting and I am entitled to access ALL of my site content.  I’m a web developer, I make and customize my own stuff.  In the case of WordPress, it’s it’s own application and many modifocations can be made via it’s own dashboard!  There is no need to create your own integration to the app.

My last gripe:  response time.  WP functions are laggy.

Hopefully things get better!

The first trailer has been released!  http://trailers.apple.com/trailers/wb/thehobbit/

Not sure I’m too keen on the dwarfs, they seem too gimmicky/cartoon-y.  Although criticism about gimmick from a guy who designed his blog around the Linux terminal may be a bit hypocritical 🙂  They don’t look as real as the characters did in the The Lord of the Rings.  Still, I’ve been following Ian McKellen’s tweets and a few blog posts about filming and I’ve been really excited.  It was great to sit and watch this trailer; the sense of adventure and epic I had when the LoTR movies were released came back.  The Hobbit is the book I’ve read the fastest out of any other books I’ve read.  I had actually seen the movies before I ever ready any of the books (never was required reading throughout HS or college).  When it comes to movies and books I have to do them in order, so after the last movie came out I read The Silmarillion, which took a little while.  Then The Hobbit which I blazed through.  I began the Lord of The Rings a while later but maybe got 70 pages in.  Then the gap between I next picked it up was too long so I started over.  That time I got to around 100 or a little more and stopped for a long time.  Finally after the third time of starting it I finished, but even that took several months.  Never was a big reader so I often go weeks or months in between reading.

I’m sure this movie wont fail to amaze me with the sets, costumes and special effects.  It’s going to be a total geek out!

I’ve been wanting to create this blog for a long time. It’s taken a long time because I didn’t have a design I was content with. The current one isn’t the greatest, but it’s clean, easy, and it looks nice. It’s the first one I’ve actually been satisfied with! Why I get hung up on a project over the design, I’m not sure, but that IS the reason why I couldn’t move forward.  It’s crazy, I know, but I just can’t “put it out there” for the world to see without it having a decent aesthetic value.  Even if the content is useful or entertaining, plenty of studies have been done on the internet that if a web page doesn’t look good, people most likely wont be back.  I would like people to come back if they stumble up on it!

Now that we have one of the eccentric quirks out of the way I want to explain what my purpose is for creating this blog.  I want to chronicle all of geeky endeavors; successes and failures.  From my experiences working in IT support, HAM radio, TV shows, nature, programming/scripting, Linux, astronomy, building machines, websites, gadgets, gaming, hacking, and any other thing that could fall under being a geek that I do in my day-to-day life.  It will revolve mostly around the items that fall under the “Technology” umbrella but will occasionally be dotted by the other items.  Those will most likely stay on my personal blog or Google+, though.

As the name states, I’m a curious geek.  I have an insatiable hunger to know how everything works and I’m often attempting to figure it out.  I like to tinker and tear things apart.  I’m not deterred by the method of trial and error and I love the experience of “seeing what happens.”  It’s what drives me and I’ll do it with practically anything.  I by no-means consider myself an expert on any subject, but I do some some about a lot of subjects.  I focus most of that energy to anything that falls under Technology or Science.  I’ve always had a natural aptitude for both, which should be no surprise since they go hand-in-hand.  I got my first computer about 16 years ago, back when they weren’t much more than word processors.  I think I may have had one or two games on 5.5″ floppies which I played on my black and orange monitor.  The curiosity of what more I could do happened immediately (and how could it not when that’s all I had to entertain me!) and I dabbled in a small amount of code.  It was really just scripting and learning how to modify some configuration.  About a year later we got a “real” computer with Windows 95 and it was on that machine that you could say I really got started.  With my AOL connection I was viewing source code and teaching myself HTML and building my own websites.  Not too long after came Windows 98 and things just kept rolling along from there.

Over the years I’ve learned the various windows operating systems (client and server), active directory, programming for desktops and the web (part of this blog project was learning WP and building it from scratch), scripting, some Linux, all sorts of applications, dns, some networking, how to build machines, a little bit of hacking, hundreds of software, many gadgets, etc.  Again, I’m not an expert in any of these areas and some of them I only have a little bit of knowledge (for instance I would not call myself a programmer even tho I’ve done some).  Still, I like to think I have useful knowledge to contribute.  I’ve relied on the internet quite a bit to get me through issues that come up both at home and at work.  I’d now like to direct some energy back into the internet and hopefully help some frustrated soul and maybe some of the folks that have helped me in the past.

So that’s my purpose.  To chronicle my adventures and experiences in technology and anything geek.  Comments are MORE than welcome as long as they are constructive.  I know I will post incorrect information or not do something the best way it could be done.  I would love to hear from those that have the correct information or alternative ways of accomplishing something.  Maybe I’ll post a few things that are awesome and correct, too 😉  Hopefully this blog can become a place to collaborate and grow from everyone that comes around.  Or maybe it will just be another dark corner in cyber space…