REDELIJKHEID
Today was one of those days with a typical dutch sky; blue with clouds (and the occasional raindrop). Perfect conditions for doing some (HDR) photography. Location: Papendorp, Utrecht.
This location has lots of really great buildings, and the funny part is that I go there (almost) every week on my way to work for the last three years......
Focussing manually has it's advantages. First, the number of potential lenses for your body sky-rockets. There are numerous old and new extraordinary good MANUAL FOCUS lenses available for the modern DSLR. Examples are lenses by Voigtlander, Carl Zeiss, and the old Nikon (Ai-S) lenses. The problem is that most of the modern cameras lack a decent (visual) indicator for when your object is in focus. My Nikon D300 has a small indicator (a dot) in the viewfinder which notifies you when you've got focus. But when you shoot with large apertures (e.g. f/2, f/1.8, f/1.4 or f/1.2) on MF lenses you have to keep track of your composition (through the viewfinder), and watch the 'in-focus' indicator. Something I find very hard to do. I allways seem to miss at least one of them. Missing composition is easy to fix in post-processing, but fixing focus can't be done.
Thankfully, there's a solution to this problem; Katz Eye Optics. These guys offer old-skool focusing screens for the modern digital SLR's. All you have to do is replace the focusing screen with theirs. You can do this yourself, or your camera brand service-center should be able to do it for you (at additional cost). I did it myself though, and ran into a problem (of course). But more on that later...
My mailbox receives e-mails from Google on a daily basis. All these e-mails are regarding the 'upgrade' of MY Google Apps account. The problem is, I don't have a Google Apps account. I have a Google Analytics account for some of my websites (this being one of them).
At first they say you have an account.
Google Apps Spam
And when you try to login to that account, they say that I don't have an account.
So explain this; why do I get upgrade e-mails for something I don't have?
A typical example of using existing database information for luring people into getting other services.
Since the Leica still lingers in my head, these videos aren't really helping. Thankfully, my bank account isn't cooperating at this moment.
Or so is this blogpost (by the same author).
;)
This Wednesday, Jamiroquai played @ the sold out Ahoy in Rotterdam (Netherlands). At first it was uncertain if he could perform, since they had to cancel their german performance due to Jay Kay's flu the evening before.
The earlier posts on my logging experiences didn't include the logrotation solution I used on my OS X Server.
When you create a new logfile (and have syslog fill that file up), you're gonna run into a lack of space sooner or later. This happens because the syslog server keeps writing data to that file, and the system doesn't 'recognize' (read: isn't configured) the file for logrotation. So, you need to tell the logrotation process to include the new logfile (and what to do with it).
Now that I have a SRX running at home and a syslog server powered by Splunk (free version) it's time to be able to understand the logging. The raw logging is pretty unreadable for the average Joe. Thankfully, Splunk can be used to make more sense of it.
Downside is that I haven't found any add-ons / plugins etc. for Splunk to analyze the logging of a Juniper SRX firewall. There is a post on the Splunk forum which offers two regular expression which can be used to define the RT_FLOW fields.
This post contains several useful Junos SRX commands for the CLI. Mainly for myself, because I don't use those command regularly....
This post will be updated over time... Here it goes:
View session information:
root@srx100> show security flow session summary
Clear sessions through the firewall:
root@srx100> clear security flow session all
Switch to other node in a cluster via CLI (over the HA-link):
root@srx100> request routing-engine login node 1
By default, the J-Web interface (GUI for the Juniper SRX firewalls) has SSL enabled. Like most devices with SSL out-of-the-box, the protection is based on a self-signed certificate. Self-signed certificates are easy (they come basically out-of-the-box), but they tend to nag you every time you connect to the GUI. So, it's time to install a proper certificate.
In this case, I use the XCA (1) software to create a new certificate. This certificate is signed by my own root CA, which I installed on all of my devices and Operating Systems. Basically, I trust myself.....
According to the Juniper support pages on SSL certificate usage, I found out that the certificates are to be in the PEM format. No problem for XCA.
The Fritzbox 7340 is the only real available VDSL modem/router in the Netherlands. Too bad, since it has some bugs (but what piece of software hasn't???). Fortunately, the router works well, just as long as you use it as the only networking device in your (small) network.
In the last couple of days I've been busy to add the Juniper SRX100 branch firewall to my local home network. The idea was the following: