15 April 2016

pfSense upgrade - "can't find kernel" error

I had pfSense 2.2.4 running as a virtual machine and noticed that version 2.3 was finally released. Broadly, pfSense 2.3 has a complete redo of the webGUI using bootstrap, and the backend system is completed based on FreeBSD. The new web interface is clean, modern and "easier" on the eyes to say the least. Being based on FreeBSD, future upgrades will be much easier as individual packages can be upgraded. For more details about the new release: see the introductory video, or read the links in the release announcement.

In my virtual instance of pfSense, I have just 1 GB of disk space and was using 512MB RAM. On trying to do the upgrade via GUI, it ended up with an error:

Can't find 'kernel'
Error while including /boot/menu.rc. in the line:
Can't load 'kernel'

This happened primarily because of my choice of disk space. During the upgrade, the download of the new version was about 200 MB. After the downloaded ended the system was using close to 90% disk space and after reboot there seems to have been some data loss.

So, be careful, do a backup or a snapshot of the VM before attempting the upgrade (good practice for any upgrade). If your disk space is not enough, add some more before upgrading.

Happy firewalling.

6 January 2016

Fido! Fix your loop

Log-in in to a Fido account and you will see links to do a private chat if you have questions. On clicking, it takes you to a page with options to contact them depending on your relationship with them (see partial screenshot below):
 When you click on the "Customers" section, you end up on a page with different ways to contact them. What does the option for Live Chat say? It tells you to go back and login to your "My Account" i.e. back from where you started?
If this was going on for my car's gas tank, it would be so much different! But Fido, stop this run around. This is not the way to keep your current customers when there are better options available in the market!

21 December 2015

Debian/Apt and disk space

For a few days I was getting the following error when trying to do an apt-get update on my Debian/Stretch machine

~$ sudo apt-get update
Get:1 http://mirror.csclub.uwaterloo.ca stretch InRelease [200 kB]
Ign http://mirror.csclub.uwaterloo.ca stretch InRelease                       
Ign http://mirror.csclub.uwaterloo.ca stretch Release.gpg                     
Get:2 http://security.debian.org stretch/updates InRelease [62.8 kB]
Ign http://security.debian.org stretch/updates InRelease
Ign http://security.debian.org stretch/updates Release.gpg
Ign http://security.debian.org stretch/updates Release
Get:3 http://security.debian.org stretch/updates/main i386 Packages/DiffIndex [1,554 B]
Ign http://security.debian.org stretch/updates/main i386 Packages/DiffIndex
Get:4 http://security.debian.org stretch/updates/main Translation-en [14 B]
Get:5 http://security.debian.org stretch/updates/main i386 Packages [32 B]
Get:6 http://security.debian.org stretch/updates/main i386 Packages [32 B]
Ign http://security.debian.org stretch/updates/main Translation-en_CA
Ign http://security.debian.org stretch/updates/main Translation-en
Err http://security.debian.org stretch/updates/main i386 Packages
  404  Not Found [IP: 80]
Hit http://mirror.csclub.uwaterloo.ca stretch Release
Get:7 http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages/DiffIndex [16.6 kB]
Ign http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages/DiffIndex
Get:8 http://mirror.csclub.uwaterloo.ca stretch/main Translation-en [4,902 kB]
Get:9 http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages [7,440 kB]
Get:10 http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages [7,440 kB]
Err http://mirror.csclub.uwaterloo.ca stretch/main Translation-en_CA
  Bad header line [IP: 80]
Err http://mirror.csclub.uwaterloo.ca stretch/main Translation-en
  Bad header line [IP: 80]
Err http://mirror.csclub.uwaterloo.ca stretch/main i386 Packages
  Bad header line [IP: 80]
W: Failed to fetch http://security.debian.org/dists/stretch/updates/main/binary-i386/Packages  404  Not Found [IP: 80]

W: Failed to fetch http://mirror.csclub.uwaterloo.ca/debian/dists/stretch/main/i18n/Translation-en_CA  Bad header line [IP: 80]

W: Failed to fetch http://mirror.csclub.uwaterloo.ca/debian/dists/stretch/main/i18n/Translation-en  Bad header line [IP: 80]

W: Failed to fetch http://mirror.csclub.uwaterloo.ca/debian/dists/stretch/main/binary-i386/Packages  Bad header line [IP: 80]

E: Some index files failed to download. They have been ignored, or old ones used instead.

Trying to rule out problems due to network, I verified the the URL giving the error 404 in the browser and it worked fine. Then I checked my disk space as it was usually the culprit before I rebuilt the OS on a 80GB HDD (earlier the OS was in 4GB!). The /var partition was indeed used 100%. Applying the usual trick of apt-get clean did release much space!

On closer investigation, I noticed the kern.log and syslog files in /var/log/ were huge (kern.log 3.6GB, syslog 248 MB). The kern.log and syslog had error/warning splattered repeatedly such as:
Dec  1 07:36:00 imlee kernel: [1155666.501321] nouveau E[  PGRAPH][0000:01:00.0]  NOTIFY nsource: STATE_INVALID nstatus: INVALID_STATE BAD_ARGUMENT

Reducing the size of kern.log/syslog to 0 fixed the apt-get issue!The Debian/Stretch machine is uptodate again.

10 November 2015

Facebook & privacy

Facebook & privacy: something that comes up in the new often. Anyone who knows a little about how Facebook "makes" money, would say that these words are a perfect example of antonyms!
BBC reporting on another challenge Facebook is facing in Belgium due to its practices related to how they use cookies for users (even users who are not logged in to Facebook). A quote from the full article:

They conducted a series of tests including one where they did a Google search for the term facebook data policy. It led them to the Facebook data policy page which placed the datr cookie on their browser.

They then visited a Belgian website related to prostate cancer treatment which includes a Facebook like button and found that the datr cookie was sent to Facebook.

There was no formal notice regarding any cookie being stored.

Even without using cookies, a user's browsing habits can be tracked as web browsers can be identified by various ways to render each user's browser (and hence browsing trail) to be unique. To read more about this read Panopticlick.

To keep such sites from harnessing your data, here are some options:
  1. Use Tor Browser when possible
  2. Use Firefox with plugins*: Adblock Edge, Privacy Badger, HTTPS Everywhere, and NoScript.
  3. Use Firefox with above plugins in a Linux VM

* - the list of plugins is not at all exhaustive, you are advised to do your research and choose which ones are required for your case

14 October 2015

CloudATclost.com VM 60% off

Ordered a "one-time" billing VM from cloudatcost.com today. It was their Developer 2 setup. Currently the site shows 50% off i.e. $35 instead of $70. I just happened to view their member page and saw a post about 60% off using code CAC606060 valid for only 9 Oct 2015.

I tried it and the Dev 2 setup one-time fee came out to $28. Enjoy the extra 10% off while it works.

Enabling HTTPS for blog

Just noticed that https was available for blogger.com blogs. It has been enabled. Use url: https://ksvichaar.blogspot.com as there is no automatic redirect from http:// (yet).

Note: there might still be mixed content on the blog, it will be updated as time permits.

8 April 2015

Firefox 37.0.1 - Is insecure content blocking new?

I got the upgrade notification for Firefox yesterday and as normal, I clicked on "Restart" to upgrade Firefox to 37.0.1. After the upgrade, I noticed a change: some CSS content was not showing on normal sites and hence had a lot of portions of the page (mainly background) as white!

I thought it could be something to do with my browser after upgrade, so I restarted it again. No change. After checking for new features, nothing was to be found. Then I noticed the "shield" icon on the left of the address bar and clicking it explained it all (see image below). The content was being blocked by Firefox as it was not using https:// on that secure page.

Is this is a new feature in Firefox? Ideally it would be more secure if every secure page had just securely linked components but this can be quite annoying to users if there is no clear warning to the user. Even though I'm familiar with a fair bit of Firefox technical details to be able to troubleshoot my issues, regular users will be stumped!

24 March 2015

Intel 530 Series SSD trumps Kingston V300

I have two SSDs in my Debian GNU/Linux box. One is an Intel 530 series SSD and second is the Kingston V300 SSD (both are 240GB). The experience with Intel 530 series has been great while Kingston V300 has been flaky at best.

On the Intel, I have been able to update the firmware without any issues as they provide a bootable ISO file for all operating systems [
Intel SSD Solid-State Firmware update tool page]. While Kingston is only provides an .exe file for upgrades. On reading their upgrade instructions, the details include supported operating systems as Windows 8.1, Windows 7/Vista, Windows XP only! Does Kingston think that users only use Windows operating system or are they targeting their SSDs to only Windows users?

Even though my drive came with the 520 firmware version as opposed to 506/521, I will neither buy a Kingston SSD or recommend anyone to purchase it either. It does not matter if they are switching between synchronous and asynchronous NAND, not supporting non-Windows users is just not acceptable in the times of Android/Chrome OS.

PS: I have the Kingston V300 240GB SSD was only because it was purchased for someone else (Windows user) and he didn't want it in the end.