powering the Internet since 1995

Photography | Computing | Cooking | Contact |


May 1st, 2019


The dual frame z14, launched in July 2017, and the single frame z14, launched in April 2018, are based on the z14 chip, a 10-core processor running at 5.2 GHz. A z14 system can have a maximum of 240 Processing Unit (PU) cores, 170 of which can be configured to the customer’s specification to run applications and operating systems, and up to 32 TB usable redundant array of independent memory (RAIM), some of which can be configured as Virtual Flash Memory (VFM). Each PU can be characterized as a Central Processor (CP), Integrated Firmware Processor (IFP), Integrated Facility for Linux (IFL) processor, Integrated Information Processor (zIIP), Internal Coupling Facility (ICF) processor, additional System Assist Processor (SAP) or as a spare. The focus of the IBM Z systems are pervasive encryption as the z14 processor has plenty of hardware assisted cryptography features.

BladeCenter Extension (zBX)

The zEnterprise System supports an optional zEnterprise BladeCenter Extension (zBX). This add-on infrastructure supports redundant top-of-Rack switches, redundant power supplies, extra blowers, and IBM BladeCenter chassis. This add-on chassis allows POWER7 and x86 blade servers to be integrated with and managed from the mainframe. The Gameframe installation at Hoplon Infotainment is an example of a hybrid mainframe.
The zBX supports up to 112 blade modules. The zBX and the System Z server are connected by a redundant, secure 10 Gigabit Ethernet connection, providing a private data network. There is also a 1 Gigabit Ethernet connection for management.

Operating systems

The z14, z13, zEC12, zBC12, z114 and z196 support the IBM operating systems: z/OS, z/VM, z/VSE, and z/TPF. Other operating systems available include Linux on z Systems, such as Red Hat Enterprise Linux 6 and SUSE Linux Enterprise Server 11. In November, 2011, IBM introduced Microsoft Windows Server 2008 support via x86 processor-based blades that plug into IBM’s zEnterprise BladeCenter Extension (zBX). The zBX also supports the IBM WebSphere DataPower Integrated Appliance XI50 for zEnterprise (DataPower XI50z).

A trio of IBM zEnterprise mainframe computers. From left to right: EC12, BC12, Bladecenter Extension.

Image and Text (except italics) from https://en.wikipedia.org/wiki/IBM_zEnterprise_System
Earthquake tested, of course…

Check your domain or MX IP on spam blacklists

May 1st, 2019



Free Space Error – MacOS

May 1st, 2019

Every now and then I’ll move some huge file, a 40GB VM or something and various programs don’t show the space it was in as free.  Confusingly some do.  df -h shows the wrong free space while “About This Mac” is right.

Apparently, this is a TimeMachine problem!

This command fixed it for me as per the article below.

sudo tmutil thinLocalSnapshots / 10000000000 4

Thanks ? Digital Trauma ? https://apple.stackexchange.com/a/323455

Great Cheat Sheet add-on for any UNIX System!

April 22nd, 2019

Install the script with this line:
sudo curl https://cht.sh/:cht.sh > /usr/local/bin/cht.sh \
&& sudo chmod +x /usr/local/bin/cht.sh
Then try these for an example:
cht.sh tar
cht.sh perl/execute
curl cht.sh

It does what it says on the box!


OpenStack Concept Diagram

January 29th, 2019

I produced this a few years ago to simplify the explanation of how OpenStack does what it does.

Cloud Book

January 28th, 2019

I’ve written a book describing a system that replaces cloud services like Google with your own servers so your contacts, files, calendars and email etc can all be synced without letting them out of your private systems.  It was basically something I made for myself a few years ago that I’ve written up for anyone else to use.

It’s no best seller as the topics are pretty specialised but it has bought me a few tasty pizzas!  I hope it’s handy for anyone interested in OpenVPN, OpenSSL, NextCloud, Sentora, RoundCube WebMail, as well as hosting Mailservers and Websites.


Why are people so stubborn?

November 14th, 2018


I’m sure I’m not the only security expert to say this but WHY do people simply ignore the most basic advice!?  I was just talking to a friend over SMS and he asked me a couple of personal questions and some deep security questions, when I suggested he went on to Signal (and yeah he does understand IT privacy) he acted like I was suggesting he crash his car into a tree.

That’s why I’m writing my next book, a book of all the advice people just refuse to take – like decent passwords and screensaver locks.

It baffles me – people seem to enjoy fearing hackers and government surveillance but at the same time don’t want to do anything to limit their exposure.

Go figure!


Windows server time sync fix for vSphere guests

August 22nd, 2018

Configure a Windows NTP Client for Network Clock Synchronization
The clocks of all servers on the vSphere network must be synchronized. You can configure a Windows NTP client as a source for clock synchronization on Windows servers.

Use the registry editor on the Windows server to make the configuration changes.

1 Enable NTP mode.
a Go to the registry setting HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ W32Time\ Parameters
b Set the Type value to NTP.

2 Enable the NTP client.
a Go to the registry setting HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ W32Time\ Config
b Set the AnnounceFlags value to 5.

3 Enter the upstream NTP servers to synchronize from.
a Go to the registry setting HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ W32Time\ TimeProviders.
b Set the NtpServer value to a list of at least three NTP servers.

For example, you might set the value to 0x1 1.pool.ntp.org,0x1 2.pool.ntp.org,0x1 3.pool.ntp.org.

4 Specify a 150-minute update interval.
a Go to the registry setting HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\W32Time\ TimeProviders\ NtpClient,
b Set the SpecialPollInterval value to 900.

5 Restart the W32time service for the changes to take effect.

From VMware blog

MacBook Pro Camera on Fedora

March 16th, 2018

From Mark Knowles – mknowles.com.au – Thanks Mark!

Getting the Camera to Work in Fedora 25 on the Macbook Pro 13″Posted on January 19, 2017 by Mark KnowlesThe Macbook Pro 13″ (otherwise known by the codename MacbookPro12,1), has pretty good Linux support for a Macbook. The hardware is beautiful and everything works now that the camera is supported. Here are the steps needed to make it work.

The information for this article has primarily come from the FacetimeHD (Broadcom 1570) project instructions. This article focuses on Fedora, so if you want instructions for another distro, look on the project page.
First, check you have the correct hardware:
[email protected]:/usr/src/bcwc_pcie ★ dmidecode | grep -i “Product Name” Product Name: MacBookPro12,1 Product Name: Mac-E43C1C25D4880AD6

It should say MacbookPro12,1 above. If it says anything else, don’t continue (unless you know the laptop has the “FaceTime HD” camera.

1. Install kernel development package:dnf install kernel-devel

2. Download the driver source (safely) Note that we’re not doing this as root. It’s poor practice to git clone or build anything as root. It’s just unneccessary.
cd /usr/src sudo mkdir bcwc_pcie sudo chown $(whoami):$(whoami) bcwc_pcie git clone https://github.com/patjak/bcwc_pcie.git

3. Extract the firmwarecd bcwc_pcie/firmware make sudo make install

4. Build the driver sourcecd /usr/src/bcwc_pcie/ make The next command might generate some errors. These can be safely ignored as long as you don’t care about secure boot or driver signing. The errors are:
At main.c:158: – SSL error:02001002:system library:fopen:No such file or directory: bss_file.c:175 – SSL error:2006D080:BIO routines:BIO_new_file:no such file: bss_file.c:182 sign-file: certs/signing_key.pem: No such file or directory Keeping this in mind, install and initiate the drivers:
sudo make install sudo depmod sudo modprobe facetimehd

5. Test I like to use the application called “cheese” to test webcams:
dnf install cheese cheese

Swap Nautilus to Nemo as Ubuntu 14.04 File Manager

December 18th, 2014

Some people (like me) prefer the old school file manager look to the new Gnome/Ubuntu look. I like having a folder tree in the left pane rather than a bunch of Windows like “Libraries”
It’s a simple set of commands to achieve this.
First make sure you have nemo installed

sudo apt-get install nemo

Then change the defaults to nemo:

xdg-mime default nemo.desktop inode/directory application/x-gnome-saved-search
gsettings set org.gnome.desktop.background show-desktop-icons false
gsettings set org.nemo.desktop show-desktop-icons true

Test it with this, it should answer “nemo.desktop”

xdg-mime query default inode/directory


Missing Kernel Source?

November 1st, 2014

apt-get install linux-headers-`uname -r`

Steps to install VMware Tools on Kali Linux

August 8th, 2014

Just a quick post. You might have trouble installing VMware Tools on Kali but these steps should fix it all.

echo cups enabled >> /usr/sbin/update-rc.d
echo vmware-tools enabled >> /usr/sbin/update-rc.d
apt-get install gcc make linux-headers-$(uname -r)

ln -s /usr/src/linux-headers-$(uname -r)/include/generated/uapi/linux/version.h /usr/src/linux-headers-$(uname -r)/include/linux/

Setting up Epson Printers on Ubuntu 14.04

August 7th, 2014

It seems at the time of writing there is a problem with detecting some Epson printers on the new Ubuntu.

I found the best way to do it is to download the .deb file from the link below and install the driver using any one of Ubuntu’s installers. Then when you try and detect the printer it won’t go online searching for the driver it will already have it and all will be good.


It looked to me like there was a problem in converting an rpm version of the driver to .deb format. I’m not sure why the automatic programs try and do this though as Epson release .deb drivers!

HP Elitebook WWAN Gobi 1000 3G Modem with Ubuntu 12.04 Precise Pangolin

May 27th, 2012

This is about the standard 3g modem card – un2400 – for an Elitebook.  I found setting this up surprisingly simple, after I found the right information on the blogosphere of course!

  1. Install the package gobi-loader
  2. mkdir /lib/firmware/gobi
  3. copy these 2 files from the Windows 7 install of the modem software into the gobi directory above:
  4. give this command a go and hopefully you will get something in the network connections drop down:
    /lib/udev/gobi_loader /dev/ttyUSB0 /lib/firmware/gobi
  5. Whether that last command worked or not, reboot the machine and all should work.  The gobi drivers are picked up by udevd so are started automatically at bootup.
  6. You might need to run the Windows 7 connect utility, check that it’s not set to power off the device when the connect program terminates, so that it is switched on at boot, looks to me though that the Linux software handles this well enough.

How to create a Windows install USB

March 15th, 2012

This is very easy with the right commands, just use the diskpart tool to make a USB stick bootable, then copy the files right off the install DVD!  Later on I’ll post about imaging your own windows system with installed software to use as a OEM install.

1. Run the command “diskpart” from the command line (<windows key> + r)

2. Select the USB key you want

list disk
select disk <number of your USB>

3. Erase the USB and reformat it

create partition primary
format fs=ntfs quick

4. Now you have a USB ready to run!  Just copy all the files from a windows install DVD onto this USB and you should be able to boot from it, isn’t that unusually simple for a MS product!

Wii Remote as a bluetooth “mouse” for Ubuntu

December 7th, 2011

This is fun, and worked for me on Ubuntu 11.10.  Used my laptops inbuilt bluetooth, the bluetooth discovery tool (next to the clock) confirmed that the wiimote was talking to it, but connection with this gui failed to work.

1. Install software

sudo apt-get install wminput wmgui lswm

2. add the following line to /etc/modules


3. Reboot

4. Get the address of the wiimote, press the 1 and 2 buttons on the wiimote when asked.  I had to do this twice before getting a response.


5. Use the following command to discover the wiimote and start using it as a mouse.  NB: Press 1 +2 on the wiimote when it asks, and substitute your address from the command above.  Once the steps above have been completed once this will be the only command you will need.

sudo wminput xx:xx:xx:xx:xx:xx

That’s it! You should now have mouse control with your wiimote. Use tilt for left and right and up and down for, well, up and down.
The + pad will also act as scroll in web browsers etc.
Not terribly useful, but kind of fun to try.  The tilt for L+R isn’t great, I guess that’s what the bar on top of the TV is for.

Crazy Panorama Software

December 4th, 2011

Just tried Photaf on my Droid, awesome stuff, this was taken with absolutely no knowledge, you can see where they have been joined, but this is pretty much exactly what this part of the world looks like.  I’m sure some practice and tweaking, attention to the light etc would improve these heaps.  This shot was taken just before the sun went down, I’d say that sun overhead would help quite a bit with colour balance.  Still (no pun intended) if you want a quick and dirty panorama, for free this thing is awesome!

New method for resetting root password in RHEL / Centos 6

November 16th, 2011

They’ve changed it a little, still, press “a” at grub to get the append kernel parameters line, still add ” single” to the end of it.

BUT instead of using passwd (this really confused us) which just returns to the next line without asking for a password use:

passwd -d root

This blanks root’s password so when you reboot it doesn’t ask for a password!  Freaky stuff!

Aweseome Soviet Era Valve Display

November 14th, 2011


Google-Authenticator PAM on CENTOS 6

October 30th, 2011

Probably my favourite new thing in tech this year has been Google’s Authenticator.

It provides a one time passcode for logging into stuff, you enter as well as your normal password. This is extremely secure because it means no one can copy it. Every 30 seconds of every day it’s replaced with a brand new one.  Interestingly if it only uses the same number once in the cycle, it will take about a year to use them all and start again.

If you’ve been given an RSA Token, OATH Token, Gold Card etc. at work it’s the same kind of thing, but instead of being geek bling to hang around your neck or on your keyring, Google make it easy to carry in the form of an app for your Android, BlackBerry or iPhone. Interestingly midway through this yead RSA also introduced an app to replace their tokens. Anyone that has had to carry a bunch of those things around knows what a pain it is, and will warmly welcome the phone version. No doubt the corporate solution will continue to cost $100-$200 per person per year however. Google’s is free.

With this app installed on your phone you enable two step authentication on your Google accounts (gmail, apps etc)  This video from Google explains it all pretty well.

That’s awesome in itself, almost eliminates the concern that your email account might get hacked, but for Linux admins it gets much much better. Oh yeah, this is REALLY cool.

Google have also released a PAM (Pluggable Authenticaton Module) for Linux, so you can use this technology on any of your PAM enabled services (Login, SSH, VPN, Email, you name it).  This effectively brings two factor authenticaton out of the expensive corporate security world into the Linux Free as in Beer, Free as in Speech world. Google you ROCK.

How To Install It on CentOS 5.

There’s plenty of doco out there that made this look easy, I did not find it so easy. I think that many of the writers assume the reader is using the latest bleeding edge Ubuntu or Fedora, the conservative among us using RedHat, Centos or Ubuntu LTS are left out in the dark a bit. It took me a weekend, but here are my findings.

Getting the Code.

This was the weirdest thing for me, it seems the repo uses a combination of Subversion and Mercurial, so you’ll need both.

Install Subversion and Mercurial.

yum install subversion python-devel docutils

You must install the latest version of Mercurial, the one on the Centos repo is too old to work properly.  Download latest mercurial from http://mercurial.selenic.com/downloads/

untar it (tar -xvf <filename>), change into the directory tar creates and “make install”

Mercurial is a bunch of python scripts, so make install is all that’s needed to put it into place.

Now you should be OK to download the actual source code for this CompSci epic. One command is all that’s needed here. Took days to work out why this didn’t work (solution above). Let me know if you have any more issues with it.

hg clone https://code.google.com/p/google-authenticator/

As root change into the directory you get +/libpam and run

make install

For ssh logins edit /etc/pam.d/ssh and add the line

auth required pam_google_authenticator.so

as the first rule, just under the #%PAM-1.0 line and you’re ready to rock.

Restart sshd (not sure if this is needed, but might as well)

service sshd restart

Now login as your regular ssh user and run the command


You’ll get asked a few questions and get a link to a QR code that the app on your phone can scan to set you up in seconds. Copy all the output to a text file on your laptop for safefy. When you log in again you’ll be asked for a code, then your password and you’re in.

I’ll be looking into how this works, and any security concerns going forward, and will post anything else interesting here. Have fun securing your systems!

phpMyAdmin, Centos 6 and mcrypt

October 30th, 2011

If you use phpMyAdmin You know that annoying message that comes up all the time about mcrypt?  mcrypt, I beleive, is used my phpMyAdmin to encrypt it’s cookies so it’s a really good idea to have it switched on.

After searching high and low I finally realised I needed the EPEL repo to get it,  this is a repo by the Fedora team of all kinds of goodies RH in their wisdom don’t provide.

This is the RPM for Redhat / Centos 6:  http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm

And for Redhat Centos 5: http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

For anything else, and a better description check out their page. http://fedoraproject.org/wiki/EPEL

Install your repo rpm (up there), run “yum install php-mcrypt” and “service httpd restart” – you should be good to go.

Thanks Fedora Project!

Verisign Two Factor – USE THIS!

October 3rd, 2011

Verisign now have a two factor tool for mobile phones.  Use the Market or App Store and search for Verisign.  The app is called VIP Access.

Two factor is often seen in corporate environments by means of a random number generating keyfob, token or card.

This will quite simply give two factor authentication to your PayPal and eBay accounts.  In my opinion if you’re not using this on your PayPal account you *really* need to reconsider your financial security online.

Why does my web browser think www is a spelling mistake?

August 11th, 2011

Entering a web address in gmail or some other web form (and yes Firefox just flagged gmail too) Firefox (and most other browsers) tell me that the www in www.mikelindner.com is a spelling mistake.

I can understand that www isn’t really a word, but for a Web Browser to flag it as a non word is madness!

Humanity strikes again.


blog also comes up as a spelling mistake.


and firefox


Facial Recognition in Ubuntu

June 23rd, 2011

Just set this up on my laptop today, it works a treat, although I didn’t get GDM working.  In the end I decided that I’d rather enter a password than sway back and forth trying to get into the camera’s “zone” – you need your chin pretty much over your keyboard for it to see you.
It’s an awesome thing to set up and see running though.  I totally recommend it, it also works with su, sudo and screensaver.  Anything PAM authenticates.
I’ll try a super-paranoid mode for a while that needs face, fingerprint and password, just for kicks.
It’s a Google Summer of Code thing, so you know you’ll love it

Make your RedHat and CentOS servers consoles look awesome.

December 28th, 2010

Here’s a couple of quick tweaks to make your server’s console screen (run level 3 – text mode) look awesome.  We’re not talking about X terminals, just basic text mode.

First edit  /etc/sysconfig/i18n, change the SYSFONT line to: SYSFONT=”cybercafe”

Tip: Look in  /lib/kbd/consolefonts/ for more fonts.

Then edit /etc/grub.conf and add vga=788 to the kernel line (at the end)

To set colours in text files using vi, enter insert mode, hit ^v then escape to get a ^[ then add color codes with text [f;bm where f is foreground and b is background from the table below. eg ^[[30;47m for black on white.

More on this at this page.

Oh Yeah.

November 27th, 2010

Windows admins and DBAs get you down?  Their disregard for open standards and elegant code constantly annoying you?

Get in their face with the truth, you don’t care what they think!

You know you want to!

Bill gates and Linux

November 27th, 2010

Classic images, two entities that have done more for the advance of Information Technology than most others.

Coder Limerick

July 16th, 2010

An oldie but a goodie, if you can read code, otherwise it doesn’t rhyme – the ! reads as "not" and ++ is "plus plus" – meaning add one on to, one more sheep.

A Programmer started to cuss
Coz getting to sleep was a fuss
As he lay in his bed
Going round in his head
Was while (!asleep) {sheep++}

ZTE MF626 3G Mobile Broadband Modem with Ubuntu 10.04 (Lucid)

May 7th, 2010

This is much easier than it used to be.
firstly install the package usb-modeswitch then configure the settings for your ZTE modem in /etc/usb-modeswitch/19d2:2000:uPr=ZTE_CDMA and 19d2:2000:uPr=USB_ZTE

Just change all values for TargetProduct to TargetProduct=   0x0064  and comment out the TargetProductList.

In Network manager you’ll need to change "Edit Connections" and "Mobile Broadband" and tell the IPv4 section to be Automatic, instead of Automatic (addresses only)

That should be it – you’ll get some annoyance from the password box, I’m currently just entering anything in here – the letter ‘a’ seems to work sometimes, but it seems a bit random, maybe if you find the issue here you can let me know!

Reset an MD5 hashed password in a MySQL database

May 1st, 2010

To reset a MD5 hashed password in a MySQL database use this SQL – either in phpMyAdmin or command line MySQL. 

This example works exactly for Joomla, but you can change it to match your application’s tables and fields of course.


UPDATE example_users SET password=MD5(‘new password’) WHERE usertype = "Super Administrator";


Linux in Single User Mode and Setting Gnome Keyring

April 21st, 2010

Linux Single User Mode – or init 1

Great for resetting root passwords and editing config files that break normal startup
push e when grub comes up
e again on the the 2nd line of grub configs
add a 1 to the end of that line
Press Enter then b to boot

Changing the Gnome Keyring Password

This tool securely reduces the number of passwords you need to remember.
Open a terminal
run “seahorse” from the command line
under “Edit” select “Preferences”
click on “login” in the “Password Keyrings” box
click on “Change Unlock Passoword”
change your password and save…

Resizing Virtualbox Disk

April 18th, 2010

Virtualbox does not have the function to resize virtual disks.  Strange as it may seem in a virtualised environment, but there we are.

It’s pretty simple to “trade up” to a new virtual disk however – just follow Mike’s simple steps!

1. Create a new virtual disk with the Virtual Media Manager (on the File menu) to the size you’d like.

2. Use the Settings dialog to add the virtual disk to your virtual machine

3. Insert a Gparted LiveCD into your cd drive, and mount it with the virtual machine’s setting dialog.

4. Reboot into Gparted and check you have both disks.

5. Get a command line and enter the following command:

dd if=/dev/sda of=/dev/sdb

Please NOTE: You must check (use the Gparted program that starts when Gparted boots) that you are using the correct disk names, the ones above are the most likely in a simple WinXP virtual machine – you must know what you are doing here

6. When the dd command finishes – and it will take a long time  in the order of 30 mins for 4 Gb – you can now shut the machine down and, using the settings dialog, unmount the CD and the OLD hdd.

7. Boot up to make sure your new hdd is working.

8. Remount the cdrom and reboot into Gparted again.

9. Use the Gparted dialog to resize the disk.

10. Boot into your mew vdisk, your guest OS will probably want to do a file system check, but that’s it, you can now enjoy a larger virtual disk, with very little pain.


Using a Windows Virtual Machine in Linux to proxy corporate VPNs

April 18th, 2010

This is very handy for people that like to use Linux desktops, but are in a corporate environment with Windows-only VPN clients. It is perfectly secure, the VM can only talk to the Linux host – assuming the host has sane firewall rules of course.


Laptop running Ubuntu 10.x

VirtualBox running WindowsXP

AnalogX Proxy

Corporate VPN Client

Bridging tools

SSH ProxyConnect utility.

Firefox with FoxyProxy installed.


1. Install VirtualBox and WindowsXP

Firstly install Sunicle Virtualbox, I use Virtualbox 4.0 – check out their website for that.  Put Windows XP on it and of course anti-virus.  I like Avast, because it’s free and solid.  You can use whatever AV your company puts on you however, and this is a GOOD idea because it will make it more likely your strange connection techniques will be tolerated by IT 🙂

This VM needs to be networked with the type Bridged

Next install AnalogX Proxy – this is such a handy tool.  Good fun googling “proxy” these days, it’s all about anonymisers and getting past school firewalls.  We are not doing anything like that (dodgy) here, this proxy is designed to share internet connections amongst many computers, from the days before everyone had a router at home.  Here we are using it to share the VPN enabled connection from the VM back to the host.

Install your company’s VPN client into this winXP VM also.  Use Putty and IE to make sure you can connect into the corporate network, as you would normally do in Windows or at work.  REMEMBER we are only accessing resources we have access to, and shouldn’t be breaking any policies or laws.  One big NOTE however is that if your company has strict rules on what it’s SOE (standard operating envirionment – a special build of Windows) you’ll have to make sure you a) comply with installing all needed software b) try to get the SOE installed in the VM.  I would suggest finding a company that if not supports, at least allows Linux.  Or you might be stuck with Windows on your laptop like all the rest 🙁

Depending how much fun you had getting IT to approve this method the following section will seem hard (or easier)

This method refers to Ubuntu, coz I prefer it as a desktop (I’ve also loved RH/FC and Suse, but as a desktop I think Ubuntu has it these days)  You should be able to find the equivalent packages for your flavour.

2. Install Bridging Utilities

Install the utility to allow brctl, in my case it was uml-utilities.  Also you will need connect-proxy.  It took me a bit of googling to find the package name for my distro, in my case connect-proxy.  This is the command the ProxyCommand directive we’ll use later executes.  ProxyCommand just runs “something” in our case that something tells ssh to go though the VM.  the virtualbox guest utils and bridge-utils are also used here.

sudo apt-get install uml-utilities connect-proxy bridge-utils


If those were the right packages, lucky you!  If not a bit of looking around will find them.  If you are already lost, perhaps you should stick to your corporate SOE – note the emphasis here on not getting yourself into trouble!

3. Configure SSH

Now modify your ~/.ssh/config file and add some lines that describe your favorite server like so:

Host servername
HostName servername.internal.example.com
User myworkuid
ForwardAgent yes
ProxyCommand connect -R localhost -S %h %p
Host *.internal.example.com
User myworkuid
ForwardAgent yes
ProxyCommand connect -R localhost -S %h %p

The ProxyCommand directive is the real magic here, setting your work username here just makes life easier (you don’t need the [email protected] before the hostname)

The IP is the internal IP of your VM – that is run cmd -> ipconfig inside windows to find this one.  It might change and this will be a pain, but you get that when you work for a place with no Linux VPN clients.

Also the * as the hostname works too, but this is more tedious because you’ll have to type in the FQDN every time, better to set your fave hosts up as single name entities.

4. Create the Bridge

OK so we’re having fun now right!  One last thing to do is create the bridge – use these commands AS ROOT or add sudo as you please.

Try these commands one line at a time for testing then put them in a script that you must run as root.

brctl addbr br0
ifconfig eth0
brctl addif br0 eth0
dhclient br0
VBoxTunctl -b -u mylocaluid # this is the userid you log onto your ubuntu laptop with
ifconfig tap0 up
brctl addif br0 tap0
iptables -I INPUT -i br0 -j ACCEPT

I won’t go into much detail about what is going on here, other people already have.
Now if you’re a good howto follower and I’ve written this well (yeah, it’s crap) then you’re ready to ssh into your favorite work server.

To bring it all down simply reverse the process:

## Bring it Down
ifconfig tap0 down
VBoxTunctl -d tap0
ifconfig br0 down
brctl delbr br0
dhclient eth0

Good Luck!

Please feel free to comment on how this article went for you.  I’ll pass the comments on to the various people who have added to this technique over the years.

Next step is getting it to work with Firefox.  I use FoxyProxy – I’ll leave the rest to your skills.


This is one of the most handy tools I have in my kit, I hope you find it as helpful, and neat, as I do.

“It’s a way of life!”

November 24th, 2009

Tribute to the great Frank Zappa by his son.
This is Dweezil Zappa holding a “Telefunken U47” Zappa fans know the reference, in my humble opinion accompanied with the finest blues solo ever recorded.  A song that to a lesser artist would be a defining piece of work, but to the juggernaut genius that was Frank Zappa, just another phenomenal piece of musical art.
Looks just like a TeleFunken U-47
You’ll love it…”

Run Away Run About

November 7th, 2009

Working on a rescue boat the other day for a yacht race in the bay we came across this.  It’s a tender for one of the massive Division Zero boats (meaning this is what they use to taxi people out to the sailboat!)  They had anchored it while they were racing, but the anchor was the size of something you’d put in your fish tank for decoration so it dragged.

The Water Police asked me to take it, which I happily did, and got to fang around in it for about an hour between races.  They were literally minutes away from calling a full scale search for missing divers when they found the drifting boat!  A couple of police boats *and* a police chopper were circling already!  Luckily they found someone’s stuff on board and got in touch with the owner that way.

I could have played with her all day, but I had to keep working :-  Both boats are pretty similar though, speed and handling wise, so it wasn’t a great loss.  This one looks heaps cooler though 🙂

Arcade Emulator

November 4th, 2009

This is my arcade emulator. It’s an old case from the 80s, cleaned up, but with original finish, with a 64 bit Sempron running Ubuntu Linux.
The joystick is hacked into the electronics from inside an old keyboard, and the speaker is from an old hi fi dumped on the side of the road!

Lian Li 777

November 4th, 2009

People love them or hate them. This is mine, it’s a bit rice-burner, and I like that!