jump to navigation

Sketch Plans October 30, 2006

Posted by jpayne in : Home , add a comment

I finally got the sketch plans for the house online.

More pictures coming

Yorkshire Puddings! October 23, 2006

Posted by jpayne in : Food , 5 comments

After introducing Melissa’s family to Real Mustard and Real Beer, I decided to get even more adventurous and make some Yorkshire Puddings.  Out of laziness (or just not wanting to screw an entire meal up), we opened some cans of beef stew to serve with the puddings.

After a momentary panic of “I can’t remember the ratios!” I found a recipe specifically for American ingredients .  Whilst I forgot to take pictures, the results were….

… not that bad.  I used a little too much oil in the preheating stage, I overfilled the batter, both combined to leave us with a smokey kitchen and yorkshire puddings that were a little heavier than I was hoping for.  I’m definately going to practise and also find some tins for making giant puddings!

Getting closer to buying a house!

Posted by jpayne in : Home , add a comment

Melissa and I have been house hunting for a while. After several failed offers (boo!) we went back to one of the first places we looked at… new construction in Norton (ArrowHead Village) With some haggling back and forth over the purchase and sale, the specifications and the floor plans, we’re getting very close to actually signing the purchase and sale agreement.  Yep - 20,000 sq ft of what Google still thinks is a sand pit off North Washington St in Norton will hopefully soon be ours!

Melissa’s parents have been of great assistance - they even agreed to build the kitchen for us.   Check out their franchise or go see them at the Boston Home Show

Back from the UK October 15, 2006

Posted by jpayne in : Home , add a comment

And a fun trip it was.  Photos are online.

Authenticating Wired Macs with Microsoft IAS and 802.1X August 21, 2006

Posted by jpayne in : 802.1X, OS/X, Security , add a comment

Lets say that you don’t really want users to login, just have a valid certificate.  All your Windows boxes do auto-enrollment and get certificates.   This works transparently.
Macs however…  well, lets just say it took a while to realise that the certificate common name should be the UPN, not the username and not the email address.  Now it works just fine :)   Needless to say, this was a problem with the certificate server’s templates, not with the mac itself.

If Microsoft can get it right…. August 2, 2006

Posted by jpayne in : 802.1X, Security , 2 comments

Why can’t Cisco?  3560, small stackable switch:

interface GigabitEthernet0/11
 switchport access vlan 803
 switchport mode access
 switchport voice vlan 801
 load-interval 30
 dot1x port-control auto
 dot1x timeout tx-period 10
 dot1x timeout reauth-period 60
 dot1x guest-vlan 1
 dot1x reauthentication
 spanning-tree portfast
end

6500 wiring closet switch:

switch(config)#int faste 1/22 
switch(config-if)#dot1x port-control auto 
Command rejected: One or more ports configured with voice vlan.
Dot1x can't be enabled on voice vlan configured ports.

So how is one supposed to enable 802.1X and use Cisco’s phones?  Double up on switchports and wall jacks.

Cisco claims IOS support on the 6500 for 802.1X and voice VLANs is coming early 2007.  CatOS is supposed to support it, but that’s a backwards step I’m not sure we want to take…

SackSummit comes to Boston July 30, 2006

Posted by jpayne in : Sackheads, Summit , add a comment

… and moves Cheesy.  Thanks everyone for coming and participating in sack-goodness.  Even the New England weather (almost) held off :)

Summit 6 wiki

Damn Microsoft for making it so easy… June 24, 2006

Posted by jpayne in : 802.1X, Security , 1 comment so far

On my campaign for multi-layer network security, we finally enabled 802.1X authentication for wired users in one of our remote offices as a pilot.
(Isn’t it funny how something you mention as an aside can get turned into a full blown project with “can we get this done by the next security meeting?”…)
We have a mix of company issued Windows “productivity” machines, developer Linux and Windows boxes and then the personal laptops (like my powerbook). Everything we do to protect the productivity network has to be Mac compatible because “we” are finally going to support (and provide) Macs!
So, Windows XP 802.1X authentication. By default it’s already configured to try authenticating with a client certificate. This is almost perfect… just one registry setting to be pushed out to tell the stack to use system certificates and authenticate as a machine account, and that meets the goal for the pilot.
Using Microsoft Internet Authentication Service on the domain controllers - very, very, very simple configuration… so simple that this router jockey documented the config.
The client cert comes from the Windows domain… it’s “non-exportable” (whatever that means).
Now the real work begins - trying to get similar functionality on the Mac platform. (Similar functionality here means as little user interaction as possible :) Yes, the Mac supports 802.1X, but it’s not on by default and is pretty well hidden and needs configuration to work. The client certs don’t appear automatically (why would they? The Macs don’t typically log in to the Windows domain), and so far I haven’t found such a thing as a machine certificate thats non-exportable.
I fully expect that we’ll get the Macs working just as we find the money and time to stop using the built in supplicants and use something that will let us do some security posture analysis (probably Funk’s Juniper’s Odyssey Access Client).

FRIST POST!!!!!! June 1, 2006

Posted by jpayne in : Hacks, OS/X , add a comment

Ran across the Smackbook hack a little while ago, and after mentioning it to my boss was inspired to modify it very slightly so instead of switching screens, it just screen locks.

Get up to leave your desk and smack your powerbook to turn on the screensaver. That just feels right.

Diff to smack.pl here. Note that this includes the PowerBook and iBook fix… you’ll need to “unfix” it for MacBook Pro.