donder.co.uk

There was good news and bad news this week.

The bad news was that I won’t receive any funding support for the CISSP exam/course that I did which covered networks and telecoms, datacentre security, disaster recovery, software development and similar.

The good news was that yesterday I passed the smaller Comptia Security+ exam, which cuts a year off the endorsement time period required for the CISSP. It’s only a minor achievement in light of the larger CISSP exam being a superset of the Securty+ exams content (although it’s from a different vendor). A friend summed it up in a text message as “well done. It would have been HILARIOUS if a CISSP failed the Security+”.

Today I followed up on an invite to visit ECMWF, which is essentially a well funded EU wide organisation with a ~300 person branch facility in Reading, using supercomputing facilities for medium range weather forecasts.

The server rooms are restricted photography areas but the watercooled supercomputers are quite impressive in terms of heavy machined piping and reinforced floor to handle the weight. The operations monitoring room (again, photography restricted) looks like a miniature version of the military nuclear control facility in the 1980s movie ‘Wargames’. The photograph below is from the public video wall near the reception.

There’s obviously a lot of funding going on – there’s two datacentres of duplicated infrastructure equipment, large individual offices for staff (although office sharing is now coming in) but there’s also some tactful funding decisions evident such as not specifying the most expensive switch vendors for edge switches.

In the networking and security section I met my old work college, Oliver, and his co-worker Ahmed who is a CISSP and we had food at the local pub.

I enjoyed talking to Ahmed about his life experiences as he’d emigrated to the UK and I was interested in hearing what it had been like as I’d similar concerns about a potential move abroad. He’d also taken the CISSP for similar reasons to myself so it was easy to relate to his work experiences. Oliver was doing well and it was interesting to see what new technologies he’d been looking at as ECMWF appears to use quite a range of vendors. They’ve made different key choices about key business software (Zimbra based rather than MS Exchange for mail) and also have a quite different network architecture. I’m not going to go into depth on what the setup is as it’s not my network and the culture on openness might be slightly different – we tend to openly publicise network design/service setup at the university more than not educational institutions would (if someone wants to argue that this is good or bad I could probably write a whole article on the ethics and reasoning either way and what I’d chose in each situation) .

In case anyone is wondering, I passed the exam in the previous post. I finished in 3 hours 15 minutes which is a bit too fast – I think three people finished before me and I don’t think they passed – I only saw one of them and he was quite glum/stern looking after picking up his results so I left him alone and didn’t ask. The instructor had warned us that most people that finish earlier than 3 hours don’t pass so I did try to take my time to read the questions and to apply structure to answering the questions (for instance, is this a confidentiality, integrity, reliability or trivia question?) I took breaks roughly every 40-50 minutes. I found it pretty hard to concentrate for that long. I tried to use visualisation techniques to help concentrate – whenever I found myself daydreaming about a scenario that the exam question reminded me of, I imagined a box and put the thought in it to be opened after the exam. There were two questions out of 250 that I didn’t recognise as being from the ten domains, otherwise I was generally happy. I was pretty tense as I waited to collect the result, it was a big relief when I was handed it with a murmur of “congratulations”.

I had self funded the course as I had thought our training budget was used up (I had heard it was 19k split between 29 people) but this seems to be incorrect – with the merger of three IT related units at the university our requests for training funding are being handled differently and I’ve heard that at least two people are attending overseas conferences. Hence I’ve put in for retrospective partial funding for the course.

What next?

I’ve booked the Security+ exam for 11th April, which might seem odd having taken the CISSP which could be seen as a superset of the Security+ exam, but the CISSP endorsement process is going to take about 6 weeks, whereas the Security+ result is immediate and can be used as part of the CISSP endorsement process to prove you have the required experience. It’s a different vendors exam and smaller/cheaper. I’m currently scoring in the 85% area, I hope to have it up higher by the actual exam.

After that I’ll work on the LPI201 and LPI 202 exams which make up the Linux Professional Institute LPIC-2 qualification. There was a special offer on for existing LPIC-1 certified candidates to receive exam vouchers with a practise exam which I took so I’ve the vouchers to use before the end of the year.

If I get the training costs partially or fully refunded for the CISSP course then I’ll probably spend part of the money on a small development network built from Raspberry Pi computers which I can then use for revision – they cost about £35 each and are about the size of an old audio cassette, and consume about 4-15 watts with no moving parts so they’re girlfriend friendly – you can have an entire network server infrastructure in a carry case without the house being full of whirring noises and without breaking the bank.

What are you aiming for?

Career wise there’s four main paths that I see

• system administration, marked by certifications like the LPIC-2, RHCSA and RHSE
• networking, marked by the Comptia Network+ and Cisco CCNA
• security, which is a little less certification prone but the Certified Ethical Hacker (CEH) course looks interesting for good all round white hat training.
• junior management/team leadership, such as the ITIL Service Operation or Prince 2 courses

The Cisco skills are something I’ve beaten myself up over far too much – essentially I’ve worked with other people who are highly talented in the area but I feel I’ve neglected areas I’m strong in (system administration, general security) whilst trying to pursue areas I’m weak in (Cisco topics over CCENT level). I’ve felt quite frustrated with my progress when perhaps what I should have done is avoided the topic and worked on my core skills first to avoid the constant confidence knock. I need to give it another go but take it slow and methodically, mixing it in with personal development in the other areas.

All this talk of computer certifications is boring!

I will make the next post not about computer certifications, I promise

For the last week I’ve been on a training course for the CISSP, and I revised by self-study beforehand. The exam is tomorrow and I’ve been doing my last bits of revision, going over weaker areas.

I’m not going to stay up late or stress myself doing last minute cramming so will stop now – it’s a long exam and it’s best to be as calm as possible, I’ll be in bed early tonight.

I hit about 81.6% on the half size (125 questions) mock yesterday, when reviewing I can see I dropped 5 questions simply by rushing, 13 were mistakes I needed to brush up on. Today when we were going back over areas, the instructor reminded the class not to rush, staring straight at me to remind me. The statistics show that most candidates that leave before 3 hours is up, fail. For a slightly odd reason, one person has to take the test today (they can’t move the appointment). At the time of writing they’ve been in there answering questions for 4.5 hours. I didn’t want to hang around outside for them to finish, just in case it was bad news.

The course has had a lot of people from different backgrounds. There’s a large mobile network/telecoms providers security team here, lots of Ministry of Defence IT security army members, one person from a large financial firms security team and a member of Interpol. I’m not top of the class (I believe someone is hitting 90%) and I haven’t been as obnoxious as to demand everyones scores but I think I might be somewhere in the top. I feel some empathy for the people without networking backgrounds as I can see how things like the network OSI model might be difficult to grasp if you haven’t studied it before or applied it in troubleshooting and planning.

Everyone has been quite friendly, I hope we meet up again. The bar is about to open so I’m going to have one drink with my fellow coursemates (not more than that) and then it’s our last evening meal.

If I pass tomorrow the score wont be given – only failing results in a points out of 1000 message, and even then it’s not broken down by domain. I think everyone’s in the mood that we’re ready for the exam right now, and we just want to take it to get the moment of truth out of the way, but we have to wait for the booked slot tomorrow.

We’ve had a snowfall, there’s a layer of snow over everything and it’s still coming down in a light fashion, everything’s pretty peaceful outside.

I’m currently attending a CISSP training course and exam, The exam is on Sunday 24th. The training is 12 hours a day with evening self-study and accommodation on site.

“Wait, certification? Certifications suck!”

So in the IT industry there’s a (never ending) experience versus certification argument that certifications are worthless and that experience is better. I think experience is better however I don’t think it has to be one or the other. Certifications are good in certain scenarios:

• When applying for a position, the HR team filtering resumes might not know the subject area well enough to equate your stated experience to the checklist of skills they’ve asked for. You might say this is an issue with the hiring mechanism, which is true, however during a downturn in the employment market you still need to pay the bills. Another example might be discovering that your dream employer also has an imperfect hiring process that filters in a similar way. My own experience of this near the start of my IT career was nearly overnight going from having no interview requests, to having two invitations (for two applications) , after having passed the A+ and LPIC-1. This probably isn’t an issue for you later in your career if you’ve published papers or worked at a number of employments, but it might be an issue at the start or mid-career.
• If you self learn a subject via experience, sometimes a certification training syllabus forces you to learn related areas that you would otherwise not encounter, and these new skills might come in handy when you least expect it – they force you out of your comfort zone. I’ve learnt a lot doing the ISEB Software Testing Foundation and the ITIL Foundation, both of which resulted in major changes (for the better) to how I think about things.
• If you’re trying to slightly shift careers, the certification in the adjacent career path helps show the new employer that you do have knowledge in that subject area, to a roughly calculable minimum standard (for instance, a CCNA should be able to configure a vlan, a etherchannel – fairly predictable minimal skills)
• It’s part of seeking to improve yourself, it shows Continual Professional Development and evidence of some kind of drive, such as a desire to learn.
• When you feel like you’re doing nothing but firefighting at work, some measurable self development can be great for the moral/soul. Sometimes it really feels like progress.

Whilst it is possible to encounter mindless/obnoxious certification chasers they are, in my experience, fairly rare. If you’re sane about it I think you can fit certification study with your experience in a complementary way to improve your knowledge and the set of mental tools you have for dealing with issues.

“But commercial training is pointless, grab a book!”

As long as you do some self study first and use the course to fill in gaps in your understanding (to finish off your revision as it were) then I’d hope most modern professionals recognise the value (I’ve only encountered one exception) in instructor led training. Just in case, I’d briefly suggest that the forced coverage of areas that you’d otherwise struggle with or misunderstand by someone experienced in the topic pays off and additionally the lack of interruptions and focused revision makes it easy to learn.

If you self study to a good level, then attend a training course, then I think it’ll help you become (at the least) better than average in that area, and motivation to use your new skills gives you the resulting experience.

Hmm, tell me about the CISSP then?

The Certified Information Systems Security Professional (CISSP) is a security related certification aimed at (as examples  either junior managers heading up the career ladder towards corporate security managerial related posts, or security consultants. To explain the later, companies hiring in a consultant normally want someone someone certified to a given standard (or famous for their work – demonstrating experience). As an example, if my existing employment hired in a consultant to assist the switch based networking side of our team, we’d probably request that they be a CCNA or above. Someone experienced and not certified would be capable but holding the CCNA immediately certifies them to a known minimum standard. Obviously this is a generalisation but it reduces the risk when hiring a contractor in to ensure they are certified.

Why are you doing it? Aren’t you in networking rather than security?

Firstly, the exam has 10 domains and I’ve covered quite a lot of the aspects of each domain over my various employments (I’ve been a jack of all trades in three positions now), I’ve also had an enthusiast interest outside of work in a number of them. As evidence, I’m doing quite well. Here’s my mock exam results last week (only 100 questions, but similar questions) before attending the course.

So not perfect, but a potential pass, before seven days of commercial training.

Secondly, I’m looking at overseas employment. For an IT industry job application to Canada there is a route in that requires a job offer and a Labour Market Opinion (LMO) that states I’m not taking a position that a qualified Canadian has applied for. So what this means is either finding a specialist niche with a shortage of applicants, or finding a position in the absolute middle of nowhere (think, head north  that consequently has no Canadian applicants.

So I was looking for a specialist skill to market, the CISSP is one certification you see advertised by some of the security related consulting firms. For instance, stating that they have CISSP trained consultants for hire. There’s one such company that I’m actively tailoring an approach to.

So, you’re doing like a boot camp and then you’ll forget everything?

No, I really have done a lot of this before.

• The software development domain I covered on my ISEB Software Testing Foundation
• Security Operations domain I would call the day to day normal activites encountered in our team in our support and service deployment/development roles
• Access Control I’ve covered some of when revising for the Comptia Security+  although I haven’t taken that exam yet. It covers access models but also detective/reactive controls like IDS/IPS which I deployed during my time at the computer studies network at Gloscat.
• Telecoms and Network Security I’d like to think is covered by my current position, but also the Cisco ICND1 and Comptia Security+ covered aspects of this
• Cryptography – lightly covered by the Security+ revision and my mild facination with a RSA cryptography book some years ago which I read to death.

although I’ve completed our first qualitative risk analysis for one of our services, I think my weaker areas are

• Security Architecture and Design
• Business Continuity and Disaster Recovery Planning
• Corporate Governance/risk management
• Legal, Regulations, Investigations and Compliance

for each one I know some detail, but need to improve. An automated analysis of my mock suggested the following priorities for revision:

“What is the exam like? I’ve heard of people doing the Comptia Network+ in less than 15 minutes, is this one easy?”

You’re allowed six hours for the exam, and the instructor states that if you leave in under 3 hours 30 minutes then you’ve probably not read the questions well enough. There are 250 questions, and yes they are multiple choice but they use metrics to pick questions that have previously been incorrectly answered by at least 1/4 of candidates.

“Whoa. That’s quite a while to sit still. Sounds interesting”

Yes, the advice we’ve had so far is

• (try to) Get good sleep beforehand – staying up all night revising means you wont be able to think straight for the length of the exam
• Finish all the questions – leaving in a huff halfway through because you’ve ‘obviously failed’ led to one candidate, who was better than their self opinion, missing passing by a narrow margin. It’s thought that if they’d answered all the questions they would have confidently passed.
• There’s four variations of the exam, some focus on certain areas more than others
• 360 minutes and 250 questions means that you have to aim for a question per minute, a question every two minutes will be too long
• Be very careful about going back and changing answers. 92% of people change doing this exam apparently change an existing right answer to a wrong answer or existing wrong answer to another wrong answer.

So they’re just teaching you to beat the exam and not teaching you the subject area?

No, I’ve just finished my second days training and we’ve really gone into good depth on each topic. The instructor is insisting on us learning the principals/theories behind subjects and keeps repeating that we are not to try to mindlessly memorise comparison tables and similar (such as a table comparing two technologies).

Who is the trainer? Some random person?

We’ve got an instructor who’s employment history includes security consultancy for some massive companies and some national intelligence agencies. He comes with a buckload of knowledge and a confident/engaging teaching style.  I think he’s rather perceptive too as any time I’ve started to daydream I’ve swiftly found myself asked to read out a section of the book for the section being discussed.

I bet the students are are certification chasers?

No, there’s some amazing credentials – some Msc level electrical engineers with 10+ years in IT, some lecturers with Phd level qualifications, some experienced armed forces IT security staff.

So you’ll pass this exam and then forget everything?

You have to earn Continuing Professional Education points each year after passing, which can be for attending industry events, passing exams, teaching classes and lots of other possibilities. There’s also a professional code of ethics to follow, which I’ve been making an effort to think about at work prior to the exam.

So the idea isn’t to pass the exam and then let it rot – you’re required to keep your skills in the area up to date.

I bet it’s teaching really simple stuff though?

No. I’m really glad I attended the training now. When I got the high mock exam score I wondered if I’d done the right thing (I had a nagging doubt that perhaps I could have self-trained and passed) but there’s so many background theories (or ways that various implementation models interrelate) that I wasn’t aware of. That is, there’s a lot of knowledge gaps being filled. I think it will be the difference between scraping a pass and know the subject area well.

I’d much rather know a subject area well than scrape a pass – depending on how self-critical you are, I think you risk low confidence in your skills, or otherwise feeling like a fraud if you scrape through an exam. I think I fit into the self-critical group, so I’m aiming for a good pass.

Was it expensive?

Yes. It includes all accommodation and food however, and the trainer is good.

And the taxpayer is paying via your workplace?

No, I’m paying. In the trainers own words “I don’t need to normally worry about the self-funded ones. They normally pay good attention”

You haven’t passed yet?

Exam is on Sunday!

Training day

The first day of the conference was a 8am registration start with the classes starting at 8:30am

I arrived a little too early, but when the course registration opened we all queued up. I noticed all the Canadians had gone for suit trousers, smart shirt tucked in but no tie, so I quietly took off and hid my tie in order to fit in better.

I took track 3 which was the Network Traffic Analysis route. The fist class was Introduction to Network Traffic Analysis Using Flow by Ron McLeod from Select Technology Corp. Ron was slightly apologetic that he’d be doing a 3 day course in half a day, so it was necessarily condensed. It started off fairly slowly covering the basics but livened up in the second half with a practical session involving booting from a USB stick on your laptop that had a Linux distro on it and working through some of the example captures from actual issues on a customers network (released with their permission after some degree of sanitising). I love doing log analysis and I’m fairly familiar with port numbers so I really enjoyed it.

not the conference venue, but only about 400m from it.

The second half of the day was supposed to be “SANS SEC503: Intrusion Detection In-Depth (Workshop)” but I was told at the registration desk that Rons talk was the only one on the track for the day, so I assume it was cancelled. The other two classes were still running but were the second half of the mornings corresponding classes. The other class members seemed to disperse fairly rapidly so I wandered out, and went and had a meal at the Lower Deck which is a pub serving food on the floor above on the Privateers Warehouse section of the waterfront.

I was feeling a bit doubtful about making contacts as people had dispersed pretty rapidly and was having the odd self doubt about the trip but the meal helped and I’d been able to answer lots of the questions in the speakers talk, I had been expecting the other people in the room to know a lot more than me.

I walked back along a different route, accidentally going through an area that looked quite rough. There were a lot of homeless and later a group of people shouted to me when I glanced over as I walked up the street. I was concious of the laptop bag and after walking a fair way I headed directly towards the sea and picked up the safer route to the house from there. I always took the harbour/sea route to the city and back after this.

Conference day

The second day suits and ties were the default appearance which I’d expected and matched. I took my A3 portfolio with me instead of the laptop, but in hindsight I should have just taken a small A4 resume or two in a easy to carry bag. I only showed the A3 portfolio to one person and even then it was not the right moment and disorganised and rushed.

The day started off with Ron coming on stage – I hadn’t realised he was the one of the main organisers and felt bad that I hadn’t researched or noticed this before attending as it was written on the agenda and site.

The first main speaker was Howard Schmidt from the US government. I had expected the talk to be fairly rhetorical and swayed towards the ‘war on terror’ and similar but I was happily surprised that Howard seemed to have a good grasp on things. Some of the notes I made from the talk include that he recognised the governments push for a “internet kill switch” was misguided and he’d try to advise them against it and that “cyberterrorism” was generally an unhelpful term that they tried to avoid since it was a poor phrase that seemed to tie terrorism to criminal acts on the internet, which isn’t generally the case. He noted that they weren’t seeing terrorists using the internet to attack infrastructure (that’s not to say other people wont).

The next talk I attended was from an employee of McInnes Cooper, David Fraser. He spoke about the legalities of protecting users data and of responding to data breaches. He spoke about the leaking organisations responsibilities and the differences in laws between sections of Canada relating to accidental data exposure and response.

I attended a talk by Ajay Stood next. He spoke about malware trends that they were seeing in the wild. The biggest point (and later echoed by other unrelated speakers) was that android phones and other devices were a large compromised device base, the suspicion was that this was due to the lack of vetting in the android app market. The number of compromised devices is massive and getting larger each day but the malware is designed to sit silent. This was another point, that modern malware typically isn’t there to wipe someones machine or to deface a website – it’s there as a business resource for the attacks, who sell or rent the botnet for various purposes (such as sending spam, or harvesting credit card data).

During lunch we had some time to approach the vendors stalls. I was pretty nervous and asking the vendor about their product in general terms seemed to end up with a confused or suspicious vendor. I got a much better response by just coming out and stating that I was interested in talking to a potential Canadian employer, but this was only useful on small to medium companies. I knew I couldn’t do that at the HP or IBM stands where recruitment would be quite a separate process to the sales and product promotion. I wasn’t very good at this in my opinion but I did exit with a business card or two.

Over food I sat and spoke to a couple of guys from a local company where they worked in the IT department. They were operations (as in more front line) but I thought it was a good opportunity to get some insight into normal Nova Scotia IT life and chatted to them for a bit.

Over food Dean Turner spoke about current threats in a talk that was similar in content to that given by Ajay Stood since they were addressing the same topic. I could maybe have planned my talks a little better, and should have spent the evening before looking at which companies each speaker was from since one of the alternatives in the morning sessions was a talk by a potential employing company.

The first afternoon talk I attended was by Tony Esposito about security hardening via what I’d describe as good configuration control. I’m not sure anyone picked up on it but a lot of the themes in the talk were similar to the development idea that you write tests for your code before you write the code, in that I believe he advocated having tests and checks for your servers configuration (above and beyond the simple “is the service up?” typical nagios style checks). This talk was moved ahead a slot compared to the online published schedule due to flights the speakers had to catch.

The last choosable talk I attended was by Henry Stern from Cisco. I’d actually quietly identified Henry earlier in the day after seeing there was someone from Cisco on the talk list. I kind of saw a Cisco employee as a potentially friendly face in the large group of strangers since there only appeared to be one in attendance, my employer is a large Cisco customer and their competitor Juniper was attending with a stall. I’m not sure anyone else thinks like me however.

Henry introduced himself as we waited for the talk slot. He was interested in some of the things we do at he university, which I don’t have permission to publicise yet sadly. I much prefer being fully open about how services are handled rather than secretive as I think you get more customer respect which outweighs the disadvantages. Henry was also interested in my Canada plans and I was surprised to hear that he lived out in Nova Scotia without physically reporting in to a local Cisco office at regular intervals. When I’d submitted a remote working application to my employer they’d said this was an impossible way for a company to work but I’d been fairly certain that Cisco did it already (I was told I was wrong, but already had regular IRC contact with someone at Cisco who remote worked) and I’d also previously worked for some months for a company that I never physically met. I was quite heartened that someone was doing it already and encouraged by the fact that he seemed to see nothing odd or special about the arrangement.

Henry spoke at length about malware behaviour and the new features in Bind9.8 for RPZ – so you could misdirect/intercept malware in your network calling out. He seemed to enjoy working out what the malware was up to, and later shared that he’d helped prevent an attack from an external source against a well known third party. I’ve spent a lot of the past couple of years firefighting (fixing daily problems) but when I get the chance I enjoy log analysis and finding the reason behind certain patterns on the network from misconfigured devices or similar. Fighting genuine ‘bad people’ on the internet is something I rarely get much involvement with but it’s a good rush when it happens and I recognised a bit of the pride when Henry recounted the story.

One of the takeaway points was that lots of companies have data/analysis on attackers, and that sharing that data was a good thing since the combined data could give the full picture. I know Henry had done some work with Ironport (an anti spam system) and I know Cisco have some involvement with spamcop (a spam reporting and blacklisting system, that might be thought of as community shared data) as I’ve had some correspondence with them in that role (we’ve a spamtrap we feed to them which I won’t describe in detail) but I didn’t think to ask at the time if he’d had involvement with the later project which would have been interesting.

After the talk the main hall wasn’t finished from the corresponding talk at that location so I waited around. I saw Ron and said thanks to him for the talk yesterday. He started apologising for it being a short talk and rushed in his opinion but I told him I really enjoyed the examples and practical session, which I had. Then he and Henry chatted and I made an idiot out of myself by being too disorganised to find a business card and rather socially awkward… I don’t go many events and it had been a long day.

The last talk was in the main hall. A British counter terrorism officer spoke on his subject. It started off quite slow and I thought the talk would go wrong however it started to pick up a lot as he gave examples. The key point was that everyone planned out how to prevent attacks when they thought of anti-terrorism but in fact the attack is only a tiny part of the activities a terrorist organisation takes. For example the recruiting, fundraising, resource gathering and training are much bigger time consuming activities. Canada was singled out as having one of the highest levels of terrorist activity, yet there were no attacks, because the main activities were fund raising and similar. Examples were given of companies being blackmailed, or discovering their shipments being used to transport identification papers. The main organisations mentioned weren’t ones that you’d typically see in the news this past 10 years, which has almost entirely been discussion of Al Quaeda.

I didn’t attend the evening reception – I think I was a bit worn out and stressed out. I felt I’d done enough for the day and headed back to the house.

I’ve got back about a couple of days ago, here’s a write up of the first two days:

Getting there

I grabbed a taxi at 6am, was on the bus which left for Heathrow at 6:30am. Because the roads are so quiet at that time the 90 minute trip was a lot shorter (45-50 minutes). I ended up sat around for a fair while, boarding at 10:20, flight leaving at 11:05. Bags were 4.5kg and 11kg, allowance is 10 + 23 so lots of leeway. Aircraft was a 767-300 and I had a mid-wing window seat which was great.

The lady sat next to me worked for the UN organising disaster and refugee responses, which she described as ‘lots of people arguing’ and persuading governments to let disaster victims be housed within their borders. It sounded pretty cool, I liked the idea of a solidly ethical job. Air Canada had loads of new film releases to watch on the seat screens and the roughly 6.5 hours didn’t seem so bad.

On arrival the Canadians emigration officer raised an eyebrow and asked me why I hadn’t handed in my 30 day ‘please leave the country’ notice attached to my passport 2 trips ago. I pointed out that noone in Halifax had wanted it back, I could have also mentioned that I’d written to the agency about it after they’d refused to take it back and they’d said to ignore it and that I’d been to NS since receiving it… but I didn’t need to. He asked if I had a return ticket, which I gave weary “yes” to and he let me through.

Caught a taxi to the place I’m staying at, roughly $53 in taxi fare. It’s a pretty little wooden house like the sort I’d like to move into one day (or build maybe). The temperature between getting on the plane and getting off didn’t seem any different, it was about 13 degrees Celsius in both countries.

Halifax in the morning

First day out

Got a fairly good sleep, clocks are 4 hours different which isn’t so bad. I walked into Halifax which took about 40-50 minutes from the house, arriving at the casino and walking along the harbour which I was familiar with from a previous visit.

I walked up the harbour to the farmers market where two great big cruise ships were offloading Americans and did a tour around the market, buying a few little items. I then popped in the microbrewery there and had a drink, before buying 6 bottles and fitting them into my bag.

I decided to do the tourist thing and visited HMCS Sackville and paid to go on her, which was fun. They’ve done a great job of making it explorable. On my way off I visited the stern where I was greeted by a older gentleman in ships crew uniform. He asked where I was from and we chatted for a bit, it turned out he had attended the university I work at for some years and knew a few of the staff. I gave him a card and said if he needed to get in touch with anyone at the university again I could help out.

sausage dog

I walked up to the citadel, a fortification on a hill above the city but I hadn’t realised how heavy the bottles in the bag were and my shoulder was hurting. It wasn’t much fun and I was tired from the previous day so I went home fairly early said hello to the house owner (plus sausage dog!) and then went to sleep.

[...more photos...]

The final week before leaving for my Canada trip I was pretty worked up. I’d taken the ITIL Foundation course but not had the results of the exam yet and had pushed the LPI102 exam that finished the renewal of my LPIC-1 back to the final week before I left and wasn’t happy with the amount of revision I’d done.  My presentation portfolio for the Canada trip wasn’t done, and I’d had no responses to any Canada contact, so I was starting to fear that the trip over to Halifax would be a big expensive waste of time.

I spent the weekend sulking and ignoring the phone while I worried. No I didn’t pick up the phone and put it down on anyone – the phone is upstairs and I wasn’t angry with anyone, just myself – the weird ring behaviour on my land line is just my BT phoneline being rubbish at intervals.

I went to Milton Keynes to do the LPI102, cramming last minute revision on the bus. The exam went ok, there were a couple of questions about xdm configuration and preventing users from using cron, which I wasn’t familiar with but I scored a good confident pass.

I worked half day Tuesday in the morning as I knew work needed some help. Then I took the afternoon off and spent the time working on my portfolio and made some progress. Later I bumped into a neighbour  who caught me to tell me a delivery for me had come to their address, it was my ITIL Foundation certification results, which were a good pass.

Then I got a response from one of my Canada contacts. I’d asked if I could buy one of the IT social groups some beer the week I was over and offered to do a minor talk about the univeristy.

By Friday I was hence in good spirits and was also happy with my A3 portfolio. I had to stay up late packing but got everything done in time.

I spent a little money preparing for the trip, I purchased three new workshirts, another pair of smart trousers to go along with my suit and a pair of shoes.

We had a second bike theft attempt – I opened my curtains at 1am to see a pair of bike thieves who had just finished cutting through the locking point my bike was locked to. I jumped out the ground floor window and chased them, they had to abandon the bike, but they got away (I had one sock on, the other fell off as I jumped out the window and then the driveway is gravel, so I wasn’t as quick).

It was in the week after this that I was lying in bed feeling a little paranoid at the slightest noise and heard lots of rustling so I quickly opened the upstairs window to take a look out.

Instead of bike thieves the small ankle-high bushes opposite my house were moving in the darkness, something was making its way through them, as I kept watching a snout appeared and a hedgehog broke cover. I went downstairs to watch as he completed a patrol along the hedge and walls of our little cull de sac. It was quite timid and ran away when I gently threw some chicken scraps to it.

hedge that the hog likes

It came back again the next night and as I had done a little google research on what food they eat I got a can of chicken flavoured dog food from the supermarket which I put out on a little saucer. Eventually the bushes rustled and from our ground floor window with all the lights out we could watch it come out to eat.

It seems to have a nest of some sort in the hedge and during the day it’s sometimes possible to hear it scratching, although hedgehogs are nocturnal so don’t tend to come out during the day. We tended to see it from about 8:30-9:30 pm onwards (September in the UK, about sunset). If it gets to freaked out by noises or sound it disappears back the to the nest it has deep in the hedge. The hedge is actually growing up a old wooden fence which causes some problems for hedgehogs (how do you get from garden to garden with modern fences?) but this is quite an old fence and I suspect from where the noises seem to come from that it’s dug a tunnel into the neighbours garden under the fence .

So seeing as it was coming back for repeat visits I did some reading up and some research. Some of the key points that I found from a little googling about were

• don’t feed hedgehogs milk and bread, it can make them ill
• chicken flavoured dog food is good, wet or dry, kitten food is also good, or dried insects form pet shops
• hedgehog fleas are species specific and although they might bite you if you handle an infested hedgehog, they wont live on you, nor on your cat/dog or in your house – hedgehog fleas aren’t adapted to those conditions and and will drop off and wait for something hedgehog-like
• don’t spray hedgehogs with Frontline unless you want a dead hedgehog – instead use the dry powder used for de-miting birds. Note that it seems a lot of vets don’t know this.
• hedgehogs are protected / endangered in the UK
• If you see a hedgehog out during the day it’s probably in pain for some reason (if there’s no visible cause it could be worms) – best to take it to a vets for a check if you can

Ok so I felt quite privileged to have a hedgehog visit us so I ordered a little hedgehog house, built from untreated wood with two compartments, which should offer protection from predators.I made sure the model I got had the opening on the side of the hedgehogs preferred patrol route, so that it would find it. I put some towel-like bedding in there from my local petshop and asked permission from my landlord to cut back part of the hedge so I could put the box deep into the hedge (the hedgehog is more likely to use it if feels the location is more secluded. I also went to the local charity shop and got a fleece blanket which I cut into squares to fit into the box.

Hedgehog house

After this we didn’t see it at all for 3-4 days, I started to think it must have been run over on the busy main road (I’ve no idea how the thing got this far into the city and survived, but at least we have hardly any foxes). Luckily it came back and we left out a bowl of the dry dog buscuits, some wet dog food and some water, next to the cover of the hedge where it seemed to have some kind of refuge.

Eventually it came out and I was crouched down watching it with my girlfriend in the dark outside our house when one of our neighbours came out to bring in their washing and I had to hastily make them aware that we were there so as not to scare them to death. The neighbour joined us as we watched in silence in the dark as the hedgehog come out and crunched it’s way through the biscuits, drank the water and ate the wet food. It felt pretty exciting at the time – we don’t get too much wildlife in the city centre.

That’s a hedgehog drinking from a saucer, honest

I haven’t worked out how to get a picture of the hedgehog from the other side of the patio without trailing a wire across (I live in a rented house so can’t make permanent changes) as the infra red lights have limited range – I can modify the rented house so cant put in an external light and it’s too far to light with a unit from behind the downstairs window double glazing (or at least, I suspect not without getting a lot of issues from light reflected back to the camera from the two layers of glass as it would have to be quite bright.)

With the permission of my two neighbours I put a (very cheap) dlink 930L wireless camera in my downstairs window – it doesn’t overlook a public area but does overlook the approach to my two neighbours houses. I quickly discovered that of course is has no nightime capability so it’s dependent on good lighting. It does email me when it sees movement however so it has managed to captured some pictures of the local wildlife outside my house whilst I’m at work with the odd false positive when there’s heavy wind and the bushes are moving a lot (you can adjust the sensitivity to reduce the chaces of this happening). In the photo below the subject is wearing the same bottoms as when I chased him off the last time. I’ve passed the pictures on to the local burglary unit. I came home from work early after getting these pictures but the house was locked up with nothing outside worth taking, I didn’t see any damage so it could be he spotted the camera and left. The camera seems to have a brief ‘rearm’ period of some description so I don’t actually have pictures of him leaving, which worried me when I was at work.

local wildlife taking interest in my house

Anyhow, it’s been quite fun feeding the hedgehog. The dry food is much easier to store – my girlfriend hates the smell of the wet food and the dry food keeps longer. With some experimentation last night I realised the hedgehog hates covering the open ground across the patio and wont venture across it while the outside light is on. For this reason I got a couple of cardboard shoe boxs and cut roughly 3 to 4inch square holes in them then placed them upside down so as to create a mini cave, then put some dry dog food at the back. I arranged these near the hedge and it was great fun to watch the hedgehog exploring and tracking down the food.

This got me thinking and this morning I went out to the local shoe shop to get spare boxes. I made holes in the sides of these and I put arrows on the top to show where the exits are and lines to show where the exit sides are, so it’s easy to line up holes between boxes. With these boxes I can then create a different fake tunnel system each night into which I can hide some food for the hedgehog to explore and find and at the same time it’s not going to upset the landlord as after the hedgehog has been I can pick up the boxes and put them away.

I thought you had the map?

Using these I can also rearrange them each night to provide a little challenge and variety. In the photos the boxes have lids on the bottom and an elastic band round them but I decided to remove both the bands and the lids, just in case the hedgehog got stuck so that the structure was more escapable/movable in the event of hedgehog stress.

Other than this I popped in at my local vet who gave me a small syringe of de-worming solution that they normally give to kittens via squirting it into their mouths. The idea is to treat the hedgehogs food for 5 nights and the treatment should be weak enough not to harm the hedgehog. It might not be as effective as perhaps an injection but I think it’ll be a lot more traumatic for the hedgehog if I pick it up, put it in a box and take it to the vets. I’m sure the hedgehog might survive just fine without being dewormed but I’d like to give it the best chance possible for this winter.

Instead of staring out the window for the hedgehog I’ve started moving one of my infra red battery operated movement sensors, which I’ve been using to trigger a doorbell-like chime inside the house when they are triggered, and pointing it across the patch at the hedgehogs feeding area. This was we get an alert if a person comes down the path or if the hedgehog comes out to feed.

I don’t think there’s much more that can be done – I have an idea on how to view the hedgehog feeding area with an Infra Red camera however I don’t think I can get a view into the box itself with a spy cam. I also need to be careful with finances for a month or two so can’t spend much more assisting the hedgehog – I should have enough dried food for up until November which is when I suspect it will hibernate.

sadly this maze does not feature David Bowie

Once in your life you should attempt to build mythtv, just to help you remember that once something complicated is working, never to touch it ever again. For some reason I’m doing my build on Centos 64bit (that has hardly any codecs prepackaged) as opposed to Debian that all the sane people are using. Warning In terms of my methodology, it’s best not to copy anything I’m about to do on anything other than a home system you just want to work as I’m not building rpms, I’m installing from source and even using cpan for the Perl dependencies. This is my first draft and I’m mainly putting it online so I can keep a log of what I’ve done and to reference it when asking people annoying questions about errors I’ve had.

If someone does take the work I’ve done here and writes a better guide (building rpms as you go – don’t just use some random repo) then let me know in the comments.

First install some libs and tools we’ll need at various stages


yum install gnutls-devel mysql mysql-devel perl-DBD-MySQL perl-ExtUtils-MakeMaker perl-IO-Socket-INET6 perl-IO-Socket-SSL libxml2 libxml2-devel python-lxml MySQL-python pulseaudio-libs-devel fftw-devel alsa-lib-devel avahi-compat-libdns_sd-devel gdb gsm gsm-devel opencv opencv-devel openjpeg openjpeg-devel speex speex-devel libtheora libtheora-devel libv4l-devel libv4l libvorbis libvorbis-devel bzip2-devel texi2html SDL SDL-devel taglib taglib-devel flac flac-devel perl-XML-Simple perl-XML-XPath perl-Image-Size perl-SOAP-Lite perl-JSON perl-DateTime perl-Test-Pod lsof -y


Lets build yasm first


wget http://www.tortall.net/projects/yasm/releases/yasm-1.2.0.tar.gz
tar -zxf yasm-1.2.0.tar.gz
cd yasm-1.2.0
./configure --prefix=/usr/local
make -j3 && make install
cd ..


Then lets build faac


wget http://downloads.sourceforge.net/faac/faac-1.28.tar.gz
tar -zxf faac-1.28.tar.gz
cd ../faac-1.28
./configure --prefix=/usr/local
vim ./common/mp4v2/mpeg4ip.h
# comment out line 126 with /* */
make -j3 && make install
cd ..


Now lets build lame


wget http://downloads.sourceforge.net/project/lame/lame/3.99/lame-3.99.5.tar.gz
tar -zxf lame-3.99.5.tar.gz
cd ../lame-3.99.5
./configure --prefix=/usr/local
make -j3 && make install
cd ..


And then x264


git clone git://git.libav.org/libav.git
cd x264
# dont forget --enabled-shared on the next bit
./configure --prefix=/usr/local --enable-shared
make -j3 && make install
cd ..


And we need qt, the normal centos version doesn’t have QTWebKit


wget http://releases.qt-project.org/qt4/source/qt-everywhere-opensource-src-4.8.2.tar.gz
tar -zxf qt-everywhere-opensource-src-4.8.2.tar.gz
cd qt-everywhere-opensource-src-4.8.2
./configure -fast -no-accessibility -qt-sql-mysql -no-sql-sqlite -no-sql-odbc -no-libtiff -no-libmng -nomake examples -nomake demos -no-nis -no-cups -no-phonon -no-svg
# this make takes a long time on the HP Microserver I'm using, best to leave it running and come back much later
make -j3 && make install
cd ..


Libvpx


wget http://webm.googlecode.com/files/libvpx-v1.1.0.tar.bz2
tar -jxf libvpx-v1.1.0.tar.bz2
cd libvpx-v1.1.0
./configure --enable-vp8 --enable-shared --prefix=/usr/local
make -j3 && make install
cd ..


xvid


wget http://downloads.xvid.org/downloads/xvidcore-1.3.2.tar.bz2
tar -jxf xvidcore-1.3.2.tar.bz2
cd xvidcore/build/generic
./configure --prefix=/usr/local
make -j3 && make install
cd ..


FIXME: Subtitle support


# EDIT libass wont compile so I had to disable it in ffmpeg
# wget http://fribidi.org/download/fribidi-0.10.9.tar.gz && tar -zxf fribidi-0.10.9.tar.gz && cd fribidi-0.10.9
# ./configure --prefix=/usr/local && make -j3 && make install
# cd ..
# wget http://libass.googlecode.com/files/libass-0.10.0.tar.gz
# tar -zxf libass-0.10.0.tar.gz
# cd libass-0.10.0
# ./configure --prefix=/usr/local && make -j3 && make install
#
# [...]
# In file included from ass_font.c:35:
# ass_shaper.h:33: error: expected declaration specifiers or ‘...’ before ‘FriBidiParType’
# ass_shaper.h:39: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘resolve_base_direction’
# [...]


FIXME: Libcelt audio codec support


# yum install celt051 celt051-devel
# more fail, despite this ffmpeg could never find it
# ERROR: libcelt not found


At this point I confess that I had been sat at the computer a long time and was starting to become a little tired with trying to compile dependencies for ffmpeg and fighting with obscure error messages so decided to build ffmpeg without libcelt and without anything else that complained form this point on, the aim being just to get the damn thing working. So at this point the following aren’t working in the ffmpeg build


libdxva2 enabled no [windows only]
libva enabled no
libvdpau enabled no
AVISynth enabled no [windows only]
frei0r enabled no
libaacplus enabled no
libass enabled no
libcaca enabled no
libcdio support no
libcelt enabled no
libdc1394 support no
libfdk-aac enabled no
libiec61883 support no
libilbc enabled no
libmodplug enabled no
libnut enabled no
libopencore-amrnb support no
libopencore-amrwb support no
libopus enabled no
librtmp enabled no
libschroedinger enabled no
libstagefright-h264 enabled no
libtwolame enabled no
libutvideo enabled no
libvo-aacenc support no
libvo-amrwbenc support no
libxavs enabled no
openal enabled no
makeinfo enabled no


So, FFmpeg next


git clone git://source.ffmpeg.org/ffmpeg.git ffmpeg
cd ffmpeg
./configure --disable-w32threads \
--enable-gpl \
--enable-version3 \
--enable-nonfree \
--enable-shared \
--enable-gray \
--enable-avresample \
--enable-vda \
--enable-vdpau \
--enable-bzlib \
--enable-fontconfig \
--enable-gnutls \
--enable-libfaac \
--enable-libfreetype \
--enable-libgsm \
--enable-libmp3lame \
--enable-libopencv \
--enable-libopenjpeg \
--enable-libpulse \
--enable-libspeex \
--enable-libtheora \
--enable-libv4l2 \
--enable-libvorbis \
--enable-libvpx \
--enable-libx264 \
--enable-libxvid \
--enable-openssl \
--enable-zlib \
--enable-pic \
--enable-sram
make -j3
# at this point if it doesn't fail after 30 seconds with some cryptic messages then you deserve a drink
# it will take a few minutes, about time to make a cup of tea
make install


And then finally I crossed that other line of bad practise and messed around with cpan outside of my package managers control. If you’re doing this on your own home server then it’s your choice but best not to do this anywhere that matters if you can avoid it.


yum install perl-CPAN -y
cpan
cpan> install YAML
cpan> install HTTP::Request
cpan> install LWP::UserAgent
cpan> install Date::Manip
cpan> install Net::UPnP::QueryResponse
# this last one should be done by the above
# cpan> install Net::UPnP::ControlPoint
cpan> quit


FIXME: And then finally mythtv. ignore CEC and ASI support. I have some issues to fix here


wget http://www.mythtv.org/download/mythtv/0.25.2
tar -jxf mythtv-0.25.2.tar.bz2
cd mythtv-0.25.2
# I had to give up with --enable-libx264 --enable-libmp3lame --enable-libfaac which all caused errors when making
#
# ./libavutil/libm.h:62: error: static declaration of ‘lrint’ follows non-static declaration
# ./libavutil/libm.h:76: error: static declaration of ‘round’ follows non-static declaration
#
# So sadly I just ended up with
./configure --prefix=/opt/mythtv --enable-nonfree --qmake=/usr/local/Trolltech/Qt-4.8.2/bin/qmake
make -j3 && make install
cd ..


If everything had gone right, this would have ended up with a mythtv install that’s only missing the following options, let me know if you can improve the steps in this guide to add more


libCEC device support no [/usr/include]
FireWire support no
ASI support no

# External Codec Options
xvid no
vpx no


After this it’s a case of

make -j3 && make install


And then the plugins


wget http://www.mythtv.org/download/plugins/0.25.2
tar -jxf mythplugins-0.25.2.tar.bz2
cd mythplugins-0.25.2
cpan
cpan> install DateTime::Format::ISO8601
cpan> quit
./configure --enable-all --prefix=/opt/mythtv --qmake=/usr/local/Trolltech/Qt-4.8.2/bin/qmake


Which leaves we with


MythNetvision requires the Python OAuth library (oauth)
Disabling MythNetvision due to missing dependencies.

MythArchive plugin will be built
MythBrowser plugin will be built
MythGallery plugin will be built
MythGame plugin will be built
MythMusic plugin will be built
MythNetvision plugin will not be built
MythNews plugin will be built
MythWeather plugin will be built
MythZoneMinder plugin will be built
OpenGL support will not be included in MythGallery
EXIF support will not be included in MythGallery
Dcraw support will not be included in MythGallery
libcdio support will not be included in MythMusic
FFTW v.3 support will be included in MythMusic


we then


make -j3 && make install


From this point onwards I’m borrowing heavily from http://www.mythtv.org/wiki/Installing_MythTV_on_Fedora with the odd change for Centos


adduser mythtv
passwd mythtv


Edit the firewall to allow traffic on port 80 and 443 from our network


vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -tcp -s 129.168.1.0/24 --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -tcp -s 129.168.1.0/24 --dport 443 -j ACCEPT
service iptables restart


Setup mysql


yum install mysql-server
chkconfig --level 345 mysqld on
service mysqld start
# observe the dire warnings
/usr/bin/mysql_secure_installation
# when asked: set a mysql root password
# when asked: remove the anonymous user
# when asked: limit root user login to localhost
# when asked: remove test database
# when asked: reload tables
mysql -u root -p < mythtv-0.25.2/database/mc.sql
vim /etc/mysql.cnf
# recommended settings for mysql from http://www.mythtv.org/wiki/Installing_MythTV_on_Fedora
key_buffer = 16M
table_cache = 128
sort_buffer_size = 2M
myisam_sort_buffer_size = 8M
query_cache_size = 16M


The setup program is a X application but I'm only interested in mythweb. I need a Linux workstation area for at home anyway, so I'll install KDE and I'll use nomachine to run the remote desktop instead of tunnelling X.


yum groupinstall "X Window System" "KDE Desktop"
wget http://64.34.173.142/download/3.5.0/Linux/nxnode-3.5.0-9.x86_64.rpm
wget http://64.34.173.142/download/3.5.0/Linux/FE/nxserver-3.5.0-11.x86_64.rpm
rpm -i nxserver-3.5.0-11.x86_64.rpm nxnode-3.5.0-9.x86_64.rpm nxclient-3.5.0-7.x86_64.rpm


Sadly at this point things come to a halt


$ /opt/mythtv/bin/mythtv-setup
/opt/mythtv/bin/mythtv-setup: error while loading shared libraries: libmythtv-0.25.so.0: cannot open shared object file: No such file or directory
$ ls /opt/mythtv/lib/libmythtv-0.25.so.0.25.0
/opt/mythtv/lib/libmythtv-0.25.so.0.25.0


It's probably obvious to someone who does more compiling and linking than I do (I do just about none normally). I decided to take a break from the computer at this point and go out for food, figured I'd hit publish so my mythtv using friends can have a giggle.

I managed to purchase one of the HP Microservers during the final few days of the £100 cashback offer. It cost about £216 delivered so the eventual cost will be £116 for a brand new HP Microserver, which is a great deal for a low wattage small form factor PC and although apparently some other people haven’t been so lucky, mine is one of the quiet ones.

I’ve put Centos6 on it, as HP support RedHat on the hardware which is essentially the same distribution minus branding. I took the stock hard drive out and mounted a oldish SSD in the top CD compartment of the box (I could have used a USB drive but I was going to sell the SSD otherwise), running a SATA cable up from the spare port on the motherboard. I used the 64bit 6.3 netinstall media to do a bare bones base install and it all went fine, with no hiccups at all.

I’m not doing anything unique or new here, but it may help someone so I’ll aim to expand this article as I get time, with the DNS, DHCP and Squid and similar config.

Firstly I added noatime and discard mount options to the SSD hard disk mount to turn on trim support and reduce disk access, then I added tmpfs ram disk mounts for the most written to areas of disk. For my home server I’m not too bothered about log retention so it doesn’t matter if /var/log contents are lost on reboot.


vim /etc/fstab
# add noatime and discard mount options to SSD mount, then add in
# ram based tmpfs partitions:
tmpfs /var/log tmpfs size=128M,mode=0755 0 0
tmpfs /tmp tmpfs size=128M,mode=0777 0 0
tmpfs /var/tmp tmpfs size=128M,mode=0777 0 0


Next I want to check the system is patched and up to date, and I want to automate security updates. I don’t have to manually do security updates for my home network and as long as I only use the official repo I perceive from personal experience that the risks of disruption are low.


yum update
yum install yum-cron
chkconfig --levels 345 yum-cron on
service yum-cron start


Next I set the initial system time, we’ll configure ntpd to keep the clock in sync later. I actually sync to my workplaces server because if that is inaccessible I need to find out why, but normally for everyday home use it’s best to pick a pool to spread your queries over rather than someone individual locations server and so I’ve used a pool instead in the given example.


yum install ntpdate
ntpdate uk.pool.ntp.org


Then lets sort out temperature detection and similar, with reference to a blog post where someone worked out the workaround for an issue in the ipmi config
http://bodgitandscarper.co.uk/centos/hp-microserver-remote-management-card/


echo "options ipmi_si type=kcs ports=0xca2" > /etc/modprobe.d/ipmi.conf
yum install ipmitool lm_sensors OpenIPMI
service ipmi start
chkconfig --levels 345 ipmi on
sensors-detect


I don’t have the remote management card so don’t believe I can do anything further with the above currently. Running ‘sensors’ now shows the temperature at least:

k10temp-pci-00c3
Adapter: PCI adapter
temp1: +37.2°C (high = +70.0°C, crit = +100.0°C)


Next I sort out basic tools, a compiler and editor settings all of which I’ll need later when setting up various network services.


# some tools we'll need
yum install vim man wget bind-utils mlocate -y

# set logrotate to rotate daily, expire logs after 2 weeks instead of 4, and to compress
vim /etc/logrotate.conf


For the home environment it would be nice if the power button turned off the box, so lets get that working


yum install -y acpid
/etc/init.d/acpid start
chkconfig --level 345 apcid on


Next we want to fix up some network services on the box. SSH is sane by default except I disable root login and create a unprivileged account out of good practise. Replace $localusername with your chosen username.


vim /etc/ssh/sshd_config
# disable root ssh login
adduser $localusername
passwd $localusername
service sshd reload


Turn on ntpd to keep the clock permanently in sync. ntp.conf by default has 3 ntp pools setup


yum install ntp
chkconfig --levels 345 ntpd on
service ntp start


It’s worth just tweaking /etc/hosts to add your servers name and domain in case there’s an issue with name resolution and you still want services to work, for example:


127.0.0.1 localhost localhost.localdomain
192.168.3.3 myservername myservername.mydomain


I also switch selinux to be permissive rather than the default of enforcing whilst I’m building, it can be tested and the config adjusted and eventually switched to enforcing later.


vim /etc/selinux/config
# once done
setenforce 0
sestatus


I haven’t yet done any of:

• Upgraded the RAM to 8GB
• Added a large capacity disk
• Carried down the popular fan mod that makes the stock fan quieter
• Fitted the almost as popular silent PSU mod
• Fitted some sort of vfd/ldc in the 5/14 inch drive bay
• Fitted the remote management card

I have a few services to configure, some of which are complete and I’ll upload the configuration for in case it saves anyone some time. I’m replacing a fair few services provided by my ISP/my ISPS supplied router and also putting in services to practise coping with a higher latency, lower bandwidth and/or capped/per traffic charged connection, just as practise.

• Setup a DNS caching resolver for my local network, that uses forwarders that aren’t my ISP’s (or googles).
  The former due to reliability issues on the weekends/evenings and the later due to privacy concerns.
• Setup NTP for my local network
• Setup DHCP for my local network (that instructs my machines to use my DNS and NTP services)
• [todo] a Squid 3.2 webcache
• [todo] a mythweb front end for playing music and similar
• [todo] a TFTP server for Cisco revision (uploading/downloading switch images and configs)

As stated, I’ll modify this post to add service details as I get time.