Author: Barry O'Donovan

Useful RIPE Database Links

Some very useful RIPE database links that I was recently shown include:

Making a Console Cable for Soekris Boxes

Connecting to a Soekris box from your computer via a console cable is a DTE to DTE connection and so you need to purchase or make up a null modem cable. This page on RS232 serial null modem cable wiring proved invaluable.

With the documentation above, I created a null modem with loop back handshaking cable using two wire-able female DB9-to-RJ45 converters and a standard straight-through network cable following the pin positions in the above link.

To locally connect and loop back  pins  1+4+6 and 7+8, I snipped those wires, striped the ends and just twisted together and covered with electrical tape. Pin 5 is connected to its opposite number and you only then need to ensure that pins 2 and 3 are crossed over.

This worked a charm with my USB serial port. After I tried about a dozen various unlabeled console cables I have lying around that is…

Reflections on the Result of the Seanad Abolition Referendum

I’m surprised. Pleasantly so; actually, exuberantly so. I thought the battle was lost and that democracy here in Ireland would have taken a hit today. But, in the words of a friend, every time I lose faith in the Irish electorate, they suck me back in.

In a – if you were to look at recent opinion polls – shock result, the Irish electorate voted by 51.7% to retain our second house, Seanad Éireann.

I have some reflections on this:

  • Firstly, it’s a fantastic result for all the reasons I mentioned here.
  • Without repeating the points I already made in the above link, it’s a great result for democracy. It’s not enough that we’re a democratic country by name but we should be a great democracy. Particularly with our executive-cum-parliamentary system, we need a second house. But not the one we have, a reformed second house:
  • Let’s be clear - no one, not a single person, argued to keep the Seanad in it’s current form. Rather, we argued to keep it and reform it. The Government now have a clear mandate to reform this dysfunctional but necessary house and they need to follow through on that. Particularly, Fine Gael got elected on a wave of the promise of reform and have done little in that respect since. They now have a clear public mandate to do something concrete in this respect with the Seanad. And, God knows, we have enough reports and proposed bills to help it happen fast.
  • The turnout was higher than expected (while disappointingly low at 39.2%). This high(ish) turnout means that one cannot argue that the pro-side were apathetic and the no-side were motivated and turned up. Rather – and I suspect deeper analysis will prove this – the undecideds fell to the no-side.
  • Enda Kenny. Disaster. This was his baby. In a cynical political stunt at a Fine Gael dinner in 2009, Kenny announced that he would abolish the Seanad in Government. Only months after lauding it. This may very well be one of the most expensive after dinner speeches in Irish history – whatever abolishing the Seanad may have saved, what of the cost of the failed referendum? But, back to today and this campaign. Kenny did not tog out. He didn’t even come to watch the match. Whoever his handlers are, they should be outed and fired. A 1.7% margin could easily have been closed had the leader of the country stood over his own idea. This, more than anything else, was the biggest failure of the campaign. If there aren’t knives out for Kenny within his party, there should be.
  • Naturally the blame game started early. Some Government TDs were spinning early that the no vote was a result of people’s desire to give the Governnment a bloody nose. This is an insult to the voting public. The Government gets a bloody nose in by-elections – especially when Dáil numbers are not in the balance. But the Irish electorate is too intelligent to change our most valued and core law on petty party politics. TDs suggesting this should not get your vote in future elections.
  • More depressingly, Kevin Humphreys TD (Lab, Dublin South East) suggested the people in his affluent area (i.e. the suggestion is college educated) voted to protect their franchise (i.e. their university Seanad votes). Are you fucking kidding me? Seriously?
  • A number of muppets called for a ‘no’ vote but to also write REFORM on the ballet paper to enforce  the intention was a save but reform. Intelligent people called for this. People I had credited with more cop on. These people are muppets – and, if you spoiled your vote like this, so too were you. Yes, returning officers have discretion where the voting intention in clear but it’s not guaranteed they’ll use it or that their perception of clear matches yours. The spolied percentage in this election was 1.16% versus 0.43% and 0.39% in the previous two referendums. Given the tightness of the result and the fair assumption that the difference were mainly no votes, these could have been critical.
  • A question for Fine Gael is where were the heavy hitters of cabinet? Noonan in particular who is a very trusted political figure. The campaign was left to Bruton and a rag tag bunch of back benchers such as Simon Harris TD and Sen. Regina Doherty (both, if I’m not mistaken, are first termers). There was also very few of the Labour heavy hitters batting in public for this.
  • Sinn Féin made an unusual decision to back the Government. They usually put themselves on the minority side of a referendum to maximise airtime. I don’t know if it’ll hurt them in the short or long term but it won’t help them. It also grated with me to listen to Pearse Doherty calling for the abolition of a house where he served the last term and provided him the platform to run successfully for the Dáil.
  • Fine Gael made a lot (well, was it a six page document?) of promises about reform of how legislation is made. These rang hollow and rushed so I fully expect them to find their way to the shredder.
  • The media seem to be playing up a city / country divide. Roughly, it’s 45% ‘no’ outside the cities and 55% in the cities. That’s not a big divide. It’s two people in every twenty. Or a swing of one in every twenty to tip the balance. One most also bear in mind that most of the Fine Gael loyalists are outside the cities and would follow their leader, like lemmings, over a cliff.
  • Fine Gael seem to be hell bent on the Americanisation of Irish politics; in this case contesting a referendum on two populist and, in the case of costs, complete bullshit, points. I’m delighted to see these tactics which we deride from the outside when looking at America have failed miserably here this time around.

Anyway, it’s a great result and the right result. I look forward to reform.

Pastebin Alternatives

Update 2019: we now use PrivateBin a lot. It is a self-hosted, minimalist, open source online pastebin where the server has zero knowledge of pasted data.

Pastebin has been a valuable tool for years – to the extent that pastebin it has entered the common lexicon of sysadmins, network engineers and developers.

There are, however, a few notable alternatives:

  • GitHub Gists – what’s particularly cool about these is that each Gist (which is just pasted text) is also a fully fledged Git repository with versioning and the ability for fork. There’s also syntax highlighting and a nice UI. If you’re a GitHub user, your own Gists are also linked to your account.
  • p.ip.fi – this scores big points for its pure simplicity. You’d argue that a pastebin doesn’t really need a complex UI and p.ip.fi is laudable in its complete lack of a UI. Just paste and hit Ctrl-S and you’re done. Very nice. (Credit to Nick for pointing this out).
  • sprunge.us – this is a command line pastebin which should appeal directly to sysadmins and network engineers. (Credit to dnolan for leading me to this one). This is best demonstrated via an epic traceroute:
$ traceroute -m 60 216.81.59.173 | curl -F 'sprunge=<-' http://sprunge.us
http://sprunge.us/THie

Check out the result at http://sprunge.us/THie.

On the Referendum to Establish a Court of Appeal

Because I was asked, I will be voting YES in the referendum to establish a Court of Appeal. Primarily because there is now a four year waiting list for appeals to the Supreme Court and justice delayed is justice denied.

What’s it all about? Succinctly: There are two main streams of law in Ireland – criminal and civil. We already have a Court of Criminal Appeal but we have no court of civil appeal. Because of this, all civil law appeals go directly to the Supreme Court resulting in a backlog of 4 years. There are only eight judges on the Supreme Court and they generally sit in minimum groups of three. As you might imagine, the waiting list is not shrinking but growing considerably. This referendum seeks to establish a Court of Appeal for civil cases (and also allowing the Supreme Court to reassign existing cases on the waiting list to this new court as it sees fit). This new court will sit between the High Court and the Supreme Court.

Allow me to elaborate on some of the reasons why I am in favor of this referendum as well dispel some myths and untruths:

  • Justice delayed is justice denied. Four years is an agonisingly long time for anyone seeking justice. Especially if they are at the wrong end of a bad ruling. This waiting period is also growing and not shrinking. For this reason alone, I’d vote in favor of this referendum.
  • Similarly, there are commercial and human rights issues. Long waiting lists are a commercial issue for businesses seeking remedies which (a) may work against us by businesses evaluating locations for foreign direct investment; and (b) may cause businesses to close down while waiting for a judgement. In terms of human rights, Ireland has already lost or settled a number of cases before the European Court of Human Rights due to the inordinate delay of getting decisions in our existing system.
  • At least it’s a solution. Perhaps it’s neither the best nor the cheapest, but it is a solution. Personally, I think it’s a good one. Others are arguing that we can battle the waiting list with additional Supreme Court judges and more efficiencies. Perhaps; but these were and / or could have been tackled last year, the year before or even the year before that. If wishes were horses and all that… But they aren’t and these other options were either not tried or were sufficiently ineffective and we now have a four year waiting list. So, let’s take our collective heads out of the imaginary world of what ifs and give this solution a chance.
  • It’s not just about the waiting list. Ireland is quite unusual in that it doesn’t have a court of civil appeal. Supreme Court’s should tackle issues of national importance and constitutionality. These should be tackled in front of multiple judges (typically 3, 5 and 7 in Ireland) in a very considered and unrushed manner – because these are issues of national importance. Promoting more judges to the Supreme Court so that it can handle the increased demand of appeals of lost preliminary High Court motions is quite ridiculous and it undervalues its purpose.
  • Isn’t it right that we have a Court of Criminal Appeal? We have one. All you ‘no’ campaigners realise that, right? If you wish to appeal a criminal case, you goto the Court of Criminal Appeal (which is made up on one Supreme Court judge and two High Court judges). The Supreme Court hears at most a handful of appeals from the Court of Criminal Appeal – and those that it does are deemed of national or constitutional importance (i.e. it hears the right cases from this court). But, in a strange anomaly, some seem to think we don’t need the equivalent for civil cases. It’s also important to note that this or a future Government can, through legislation, incorporate the Court of Criminal Appeal into the new Court of Appeal (a good idea in my opinion).
  • Yes, it is going to cost money and, yes, it will create about ten new judges. But, you know what, doing things the right way isn’t cheap or free.
  • On bullshit comparisons: (pardon my French) but some people keep banging on about equivalent numbers in the same court system in the UK versus population sizes. Beware of the Internet, and beware of so called facts. Every comparison I have read so far has compared the number of judges in the respective Supreme and High Courts – completely excluding the UK’s Crown Court – which is a function our High Court incorporates (i.e. the Criminal Courts, Central Criminal Court and Special Criminal Court). I’m not going to offer any numbers here – because, quite frankly, who cares? That’s Another Country. And they can run their court systems as they please in accordance with the demands on those courts and the level of litigation in that country. We, likewise, need to run (and, as it happens, establish) our own courts for our own circumstances.

For these, any many other reasons, I will be voting YES in the referendum to establish a Court of Appeal. I hope you do likewise.

–

The contents of this posting may be used freely in whole, part or edited without attribution. Get the message out!

Save Seanad Éireann

There’s very little good about the Seanad in its current form; it’s been broken for a long long time. So, why save it? Here’s why:

  • It can be fixed. A lot of trees have given their life for report after report on how to reform the Seanad. We just haven’t had a Government willing to get their hands dirty and fix it. Prof. and Senator John Crown had also published a laudable Seanad Reform Bill.
  • Once it’s gone, it’s gone. No, this isn’t a Home Store and More ad. Do you realise the changes required to the constitution to effect abolition of the Seanad? Twenty three articles will be changed – some of them substantially. It’s easy to just abolish the Seanad but can you imagine ever reintroducing it? With this many changes? It would never happen.
  • This is a political stunt. Yes, it is. Enda Kenny announced his plan to abolish the Seanad in a pre-election publicity stunt. Somehow forgetting that only months previous to this, he had put forth a strong argument for retention and reform. I truly believe that if he and many of his cohort of Ministers were in opposition, they’d be railing against abolition.
  • It’s bad for democracy. I had an interesting talk with a friend who works for a NGO recently and she, if I may paraphrase her, explained that democracy itself is not the real goal but rather good democracy is. The Seanad does, or at least should, offer a different voice to the legislative process than the Dáil does. It has a different membership pulled from different panels with, generally speaking, more diverse experience than the typical group of TDs. It provides checks and balances on the legislative process. Granted, the selection of many of these panels is undemocratic – but then that’s what reform is for.
  • All power will be concentrated on a government controlled Dáil. Ireland has no clear distinction between the executive branch of Government and the legislative branch. This, I believe, is a deficit in our democracy as the decisions of executive (the TDs that are members of the cabinet / Ministers) are often made with one eye on the next election. The Taoiseach and his Ministers make up the cabinet and they also control the Dáil thorough the Government majority. Thus, they have and wield complete control of these two branches – and, as we saw in this term – have also clashed with the judicial branch on a number of occasions including a referendum to cut their salaries. This is way too much power and plainly undemocratic. You may not worry about this during a Fine Gael / Labour coalition but what, through whatever circumstances, it was Sinn Fein wielding that power? Or a vast coalition of the loony left? Or the conservative right? A reformed Seanad can and should provide a counter balance to this. Preferably with the possibility of an opposition controlled Seanad.
  • We deserve a better debate. If the Seanad is to be abolished, we at least deserve a better debate on the real issues rather than the cynical and, frankly, pathetic campaign that Fine Gael is currently running (Save Money – Reduce Politicians). We also deserve to see Enda Kenny stand over his position in a live debate rather than running away from it.
  • We deserve to hear minority and opposition voices. Even in its current form, the Seanad has always allowed minority, opposition and differing voices on a range of social, political and other issues. This is a good thing – think of the likes of Senators David Norris, Eoin Harris, John Crown, Rónán Mullen, Joe O’Toole and Feargal Quinn. I mightn’t (and certainly don’t in Mullen’s case) agree with them on various issues but the point is that the Seanad is a platform for these issues. Which is a sign of a healthy democracy. Look also at how the Government has used it position of power to silence the so called rebel TDs through the removal of speaking times.

For these, any many other reasons, I will be voting NO in the referendum to abolish Seanad Éireann. I hope you do likewise.

The contents of this posting may be used freely in whole, part or edited without attribution. Get the message out!

Popular Science Shuts Down Online Comments

Because they’re realised that the internet is full of trolls, idiots and spambots. And, seriously, who could blame them. It seems that science fact is something that can be debated with references to debunked or pseudo-scientific research (or even the Bible) in areas such as evolution and climate change.

Quite worryingly, they talk about recent research in which a fractious minority wields enough power to skew a reader’s perception of a story though the comments that follow it – and, with this, came to the decision to switch off the nut jobs:

If you carry out those results to their logical end–commenters shape public opinion; public opinion shapes public policy; public policy shapes how and whether and what research gets funded–you start to see why we feel compelled to hit the “off” switch.

Bird / Quagga with MD5 Support for IPv4/6 on FreeBSD & Linux

Over in INEX we run a route server cluster which alleviates the burden of setting up bilateral peering sessions for the more than 80% of the members that use them. The current hardware is now about six years old and we have a forklift upgrade in the works.

BGP allows for MD5 authentication between clients (using the TCP MD5 signature option, see RFC 2385) and – while recently obsoleted in RFC 5925 – it is still widely used in shared LAN mediums such as IXPs; primarily to prevent packet spoofing and session hijacking via recycled IP addresses.

Our current route server implementation runs on FreeBSD which does not support TCP MD5 in its stock kernel (you are required to compile a custom kernel – see below for details). Additionally, specifying the session MD5 is not done in the BGP daemon configuration but separately in the IPsec configuration. Lastly, our current FreeBSD version has no support for TCP MD5  over IPv6. These have all led to unnecessarily complex configurations and a degree of confusion.

Because of this, we decided to test up to date Linux and FreeBSD versions for native IPv4 and IPv6 TCP MD5 support with Bird and Quagga (our route server daemons of choice).

In each case, BGP sessions were tested for:

  • no MD5 on each end (expected to work);
  • same MD5 on each end (expected to work);
  • different MD5 on each end (expected not to work); and
  • MD5 on one end with no MD5 on the other end (expected not to work).

For Linux, the platform chosen was Ubuntu 12.04 LTS with the stock 3.2.0-40-generic kernel.

  • Sessions were tested for Quagga to Quagga and Quagga to Bird;
  • Sessions were tested over both IPv4 and IPv6;
  • The presence of valid MD5 signatures were confirmed using tcpdump -M xxx;
  • Stock Quagga and Bird from the 12.04 apt repositories were used.

The results - everything worked and worked as expected:

  • BGP sessions only established when expected (no MD5 configured, same MD5 configured);
  • This held for both IPv4 and IPv6.

Summary: Linux will support TCP MD5 nativily for IPv4 and IPv6 when using Quagga or Bird.

For FreeBSD, we used the latest production release of 9.1. TCP MD5 support is not compiled in by default so a custom kernel must be built with the additional options of:

options   TCP_SIGNATURE
options   IPSEC
device    crypto
device    cryptodev

In addition to this, the MD5 shared secrets need to be added to the IPsec SA/SD database via the setkey utility or, preferably, via the /etc/ipsec.conf file which, for example, would contain entries for IPv4 and IPv6 addresses such as:

add 192.0.2.1 192.0.2.2 tcp 0x1000 -A tcp-md5 "supersecret1";
add 2001:db8::1 2001:db8::2 tcp 0x1000 -A tcp-md5 "supersecret2";

where the addresses ending in .1/:1 are local and .2/:2 are the BGP neighbor addresses. This file can be processed by setting ipsec_enable="YES" in /etc/rc.conf and executing /etc/rc.d/ipsec reload.

  • Sessions were tested for Quagga/Linux to Quagga/FreeBSD and  from Quagga/Linux to Bird/FreeBSD;
  • Sessions were tested over both IPv4 and IPv6;
  • The presence of valid MD5 signatures were confirmed using tcpdump -M xxx;
  • Stock Quagga from the 12.04 apt repositories and stock Quagga and Bird from FreeBSD ports were used.

The results – almost everything worked and worked as expected:

  • BGP sessions only established when expected (no MD5 configured, same MD5 configured);
  • This held for both IPv4 and IPv6;
  • one odd but expected behavior – you only need to set the MD5 via setkey / ipsec.conf – setting it (or not) in the Quagga and Bird config has no effect so long as it is set via setkey (but is useful for documentation purposes). However, trying to set it in Quagga without having rebuilt the kernel will result in an error.

Summary: FreeBSD will support TCP MD5 via a custom kernel and setkey / ipsec.conf for IPv4 and IPv6. Note that there is an additional complexity when changing or removing MD5 passwords as these need to be amended / deleted via setkey which can put an extra burden on automatic route server configuration generators.