Friday, 15 September 2017

Linux Game Server Manager

One of the teachers at school has declared that "eSports" will now be a Thing at school; his dream is that we thrash our arch-nemesis (more resourced  [top ten most expensive schools in the country] and bigger [more pupils]) school across the valley during the annual inter-school sports day. Indeed, he even talked to the Headmaster about it, who was initially confused, but eventually gave it his (tentative!) blessing.

This then means we need to facilitate such things as "gaming"...

Thursday, 14 September 2017

Goodbye, eth0 - Hello enp4s0?!

Today, I got a small shock whilst installing a few services on a new Ubuntu Server 16 LTS (16.04.3)  instance on an old HP Proliant server we had lying about not doing very much in order to do something more useful with it.

Whilst installing and configuring shorewall (my go-to iptables firewall management tool on Ubuntu), each time I started it, it just stopped all external connectivity, despite having it "correctly configured".

After a few moments, I thought to just check that I did indeed have an eth0 and ran ifconfig - lo and behold, the cryptically name enp4s0 was my Ethernet interface.
/etc/network/interfaces also had an entry for this cryptic new device and lo - but nothing else.
Wait. What happened to eth0?

Wednesday, 26 July 2017

Goodbye, YouTube Video Editor...?

It's rare that Google do something anti-awesome.

Sometime late last year, I discovered YouTube has a basic (but well-featured) video editor built into YouTube - which has been there for a decade... They've recently decided to discontinue it, as of the 20th of September 2017 - which is the anti-awesome part. I'm sad, because I'd mentally flagged it as a "killer feature" to introduce to teachers as we start to go beyond the very basic use of GSuite for Education features.

The real killer of this change is that it was one of the few ways K-12 schools could leverage across several platforms - notably Chromebooks - to edit video for free.

Indeed, it seems to be one of the only options to edit video on Chromebooks, so schools that have gone heavily in for Chromebooks will be particularly sad. Later generation models that support Android apps may have a few options, but the limited storage onboard Chromebooks will make it hard for budding videographers!

Google Connect has a thread calling for the retention of the feature. You may want to upvote it!

Google cites poor uptake, but this is probably primarily because it's an obscure feature, and many people quickly graduate onto "better" software (or don't edit at all). Of course, schools with small budgets, and especially those with Chromebook programmes, will really suffer from this change, as video is a popular medium to enrich teaching, learning and project work. Perhaps being Flash-based is the final "death knell", but it's a shame they don't consider HTML5 or some similar framework - which would also open it up to iPads.

Please Google/YouTube, reconsider!

Friday, 30 June 2017

Distributed Monitoring Projects - RIPE ATLAS & FlightAware FlightFeeder

I'm currently hosting nodes for two distributed monitoring networks - one for several years now (since perhaps 2010 or so), and the other one as of yesterday.

Distributed monitoring networks put small, low power, low bandwidth devices into your network to get a better view of various things of global scope.

The two I'm currently involved in are RIPE Atlas Probes and FlightAware's FlightFeeder.

Friday, 9 June 2017

Secure DNS Recursion with DNSSEC

As you're no doubt aware, the Internet basically runs on two things: TCP/IP and DNS.

Given that you usually hit DNS before you get anywhere near TCP/IP, it seems like a good idea that you can actually trust DNS records. Also, many of our security features require DNS - think about things like SPF and DMARC, and emerging protocol DANE.

It turns out, as with most Internet security, that this was an afterthought.

Read on to see how you can secure your DNS resolvers against DNS cracks...

Wednesday, 7 June 2017

Outgoing Email Security in 2017: SPF, DKIM and DMARC

In the IT trade, you are regularly exposed to the misery of others that are somewhat less tech-savvy.

Of late, I've been exposed to far too many people falling prey to 3rd party compromised accounts and spoofed email attacks - with quite significant financial losses. It has also happened to other schools. It's something sysadmins can help with, so let's do that!

As you no doubt know, the Internet is not secure by design - and that includes Email. Read on for how you can take some steps to help secure your school's outgoing email communications...

Thursday, 2 February 2017

When Microsoft DNS Broke YouTube...

School IT departments have an interesting life.

The Internet is simultaneously incredibly useful for education, but also carries significant risk - and it is often a regulatory or other legal requirement to filter content for minors (or just something you know parents want done, or you believe is ethically desirable in less "controlling" regions of the world).

Google (having deprecated header-based mechanisms, which didn't even work properly) offer a number of very useful DNS-based mechanisms for enforcing control of questionable content for your users, both on YouTube and for Google search.

Of course, this requires some DNS hacks.

And when Microsoft changes the way their DNS hacks work, things break...