cisco router spotted in the wild with over 20 years uptime

On this thread on reddit, bhoskins has just posted screen shots of a cisco 2514 featuring 2 10mbit Ethernet ports, and 2 2Mbit Serial ports, and just over 20 years of uptime.

cisco 3000 router with 20 years of uptime

cisco 2514 router with 20 years of uptime

As bhoskins mentions later on in the thread:

I think i probably agree especially considering that’s monthly generator exercises that include transitions from commercial -> battery -> generator power and back.

However…The config… This routers goal in life is to provide management connectivity to some equally ancient SONET equipment that doesn’t even speak IP; it only knows CLNS. That’s right kiddos, it’s a hold over from a time long ago when dinosaurs roamed the earth and there was a competing protocol to IP.

So it runs CLNS and routes it with ISIS between the core and SONET ring. The level-2 database is close to 500 LSP and there are probably on the order of 800 CLNS routes. Oh yeah and it runs IP too so the router itself can be managed. All that with it’s little 608030 CPU and 16MB of memory. That fact that none of those processes have crapped on themselves in 20 years in a router with such limited resources is impressive to say the least.

Pretty amazing stuff.  And of course there was also that Netware server with 16 and a half years of uptime.  It’s amazing on one hand how this older stuff can keep on going, and how dangerous it is security wise to run such dated stuff.

16 and a half years of uptime

The old school analog TV pack

Pixel perfect

AKA emulating vintage displays on modern machines.  I know i’m super late to the party, but that is life as they say.  As you may be aware, when it comes to emulation, sometimes it simply is too perfect.

Mame 0.144 Galaxy Force II

Just look at how utterly pixel perfect it is.  The thing is back in the 1980’s LCD screens were amber only with 4 shades of amber at best.  Everyone else had CRT’s, and arcade machines sure were all about the CRT.  But now we live in a future where CRT’s are not only expensive and rare, but it’s easier to emulate the look and feel, although today I’m looking at shaders, I’m sure at some point there will be a Physics emulation of a CRT, but not yet.

Retro Arch & CRT Shaders

So I’m using RetroArch, as it supports a vast number of both video and audio plugins, and shaders, but more importantly you can stack them to get a more intracte look to take a pixel perfect version like above, and then translate it onto how it may have looked on an aging black & white TV set:

Black and White

Or evena colour CRT look and feel:

Custom CRT

While reading on the libretro forum, I found this great package that includes the following easy presets:

  • 480p: Nice shader suitable for 480p content like Dreamcast games
  • Component: High-quality signal look but not overly sharp like RGB
  • B&W TV: Pretty self explanatory
  • Vintage TV: This looks really good with low-res pixel games on systems like the Atari 2600
  • Vintage LCD: Looks like an early gen LCD screen complete with ghosting
  • Composite: Simulating a typical cheap CRT using composite cables
  • S-video: Much the same but better quality video signal
  • RGB-Shadowmask: This is more akin to a high quality CRT with RGB/SCART cables
  • RGB-Scanlines: Like the previous but with thick bold scanlines like you’d find on a Sony PVM or other broadcast quality monitor, nice and bright :slight_smile:

I would HIGHLY advise using the nightly builds of RetroArch, as I had really poor performance when using some of these stacked shaders that may go as many  as 12 deep, however nightly had no issues at all.  It does without saying that you’ll really want a powerful machine to do this kind of thing with a real GPU.  This flies in the face of the ARM stuff, but as they say that’s life.

I don’t have the youtube privleges to upload super high video, so this ended up looking like a smudgy mess, and I captured it with that Windows 10 “Game DVR”, which really isn’t that great, it clipped the bottom, and captured the menu bar.

But it got the basic job done.

If you have the CPU/GPU power, and want a more all around better looking emulation experence, I’d HIGHLY recommend it.  If anything it’ll remind you why CRT’s certainly may have had awesome refresh rates, but really terrible resolutions.

You can download the shader from either mega.nz here:

https://mega.nz/#!Qk1RVCJC!KAC127iD5wNw9GvLqKtnzJRcixDDzgb7UcjBQVIlDrY

or on my site (read the 404 page!):

Analog Shader Pack 1-23-16.zip

Gravity Rush 2 promo video for Hong Kong/Japan

Robert Heinlein?

Well probably not. While looking online for something I eventually fell through to youtube, and got this commercial for some new PS4 game. I thought it was kind of interesting. I guess there is something to be said of Asia for cats, tall buildings, and breaking the laws of physics, and bending gravity and all that.

While I do have a PS4 I really haven’t had time to really use it. And the Xbox ONE I do have ends up getting used to play… You Tube videos.

Firefly-Host-6.0-CloudSDK fun in “modern” times

Getting started

Ugh. nothing like ancient crypto, major security vulnerabilities, and ancient crap.  So first I’m going to use Juniper’s SDK (get it while you can, if you care).  Note that the product is long since EOL’d, and all support is GONE.  I’m using Debian 7 to perform this query, although I probably should be using something like 4 or 5.  Anyways first off is that the python examples require “Ft.Xml.Domlette” which doesn’t seem to have a 4Suite-XML package.  SO let’s build it the old fashioned way:

 apt-get install build-essential python-dev
wget http://pypi.python.org/packages/source/4/4Suite-XML/4Suite-XML-1.0.2.tar.bz2
tar -xvvf 4Suite-XML-1.0.2.tar.bz2
cd 4Suite-XML-1.0.2
./setup.py install

Well (for now) and in my case I could reconfigure tomcat to be slightly more secure. Otherwise running the examples gives this fun filled error:

ssl.SSLError: [Errno 1] _ssl.c:504: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

Naturally as time goes on this will not work anymore, and I’ll need a stale machine to query this stale service. Using ssl shopper’s Tomcat guide, I made changes to the server.xml file on the vGW SD VM. (Don’t forget to enable SSH in the settings WebUI, and then login as admin/<whatever password you gave> then do a ‘sudo bash’ to run as root, screw being nice!


# diff -ruN server.xml-old server.xml
--- server.xml-old 2017-01-14 18:20:07.000000000 +0800
+++ server.xml 2017-01-14 19:31:36.000000000 +0800
@@ -98,7 +98,7 @@
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"
- ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
+ ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, ECDH-RSA-AES128-SHA"
keystoreFile="/var/lib/altor/cert/public_keystore" keystorePass="altoraltor"/&gt;

Naturally don’t forget to restart Tomcat, which does take forever:

bash-3.2# /etc/init.d/tomcat restart
Stopping tomcat: [ OK ]
Starting tomcat: [ OK ]

And now I’m FINALLY able to run  one of the sample scripts

# ./policyToXML.py –grp 1
<?xml version=”1.0″ encoding=”UTF-8″?>
<policy xmlns=”urn:altor:center:policy”>
<revision>340</revision>
<name>Global Policy</name>
<id>1</id>
<rev>1</rev>
<type>G</type>
<groupId>-1</groupId>
<machineId>-1</machineId>
<Inbound>

And you get the idea.  Certainly on the one hand it’s nice to get some data out of the vGW without using screen captures or anything else equally useless, and it sure beats trying to read stuff like this:

vGW VM effective policy for a VM

What on earth was Altor/Juniper thinking?  Who thought making the screen damned near impossible to read was a “good thing”™

I just wish I’d known about the SDK download on the now defunct firefly page a few years ago as it’d have saved me a LOT of pain, but as they say, not time like the present.

Naturally someone here is going to say, upgrade to the last version it’ll fix these errors, and sure it may, but are you going to bet a production environment that is already running obsolete software on changing versions?  Or migrate to a new platform? Sure, the first step I’d want of course is a machine formatted rule export of the existing rules.  And here we are.

Need Windows XP with IE 6?

Of course you do!

For a while Microsoft was offering VM’s configured for various platforms for download, but they have cut out both XP and IE7.  However the links have been collected, and can be downloaded here:

https://gist.github.com/zmwangx/e728c56f428bc703c6f6

The VMWare VM’s run fine on Windows even though they are named for OSX, although I did have to add in a NIC to the VMX.  It’s a great way to use a quick & disposable Windows XP/Vista/7/8/8.1/10 machines.  Although there isn’t a IE 7 for Windows XP, it’s trivial to upgrade XP / IE 6 to IE 7.

 

Nested VMWare ESXi

Virtual datacenter

My physical ESXi box, a lowly AMD FX 8320

One of the more cooler features of VMWare 5 is that it is capable of running itself.  While it

may seem silly at first, this is a great way to build a virtual environment where you can test scripts for provisioning (and destroying) stuff, along with testing API level calls without having to worry about screwing up production, begging for a ‘lab’ environment, or even better snapshotting the whole thing so you can revert whatever it is you are doing at a block level.  In short virtual datacenters really rock, especially for people like me who like to play in a really destructive manner.

So the first thing is that for this test I’m going to use a ‘freebie’ ESXi that I’ve been using for quite some time.  Naturally this should work for version 6, but since the stuff that I’m testing is all in 5.0 and 5.5 (the majority being 5.5) I wan to build a 5.5 environment.  In my insane scenario I have deployment access to a 2003 R2 x64 server with .net 2.0, and the majority of the environment I care about is VMWare ESX 5.5 along with vCenter. 5.5 on Windows 2008 servers.  So trying to mirror this a bit, that means that I’m going to skip the new fangled appliance, I don’t know if it really matters for what I want, but for the sake of trying to keep things the same I’m going to match what I can.

Creating the VMWare ESXi VM

I setup a generic ‘Other 2.6.x Linux (64-bit)’ VM, with a single socket, dual core processor, 4GB of RAM, a LSI SAS controller, with a 32GB disk, and 3 NIC’s with the VMXNET3 driver.  For some reason I had to change the CPU to explicitly allow for hardware MMU emulation.

Hardware MMU emulation

It’s also worth mentioning that when you are going to run ESXi on ESXi that any physical adapters that you want your virtual ESXi host to be able to lauch VMs and have them communicate onto you will need to enable the ‘Forged Transmits’ setting in the vSwitch properties.

vSwitch properties

With that in place, I was able to use my ESXi 5.5 ISO, and install into the VM.  There isn’t much to really say the installer will install ESXi, and reboot and you get the console.

ESXi running on ESXi

I went ahead and gave this ESXi server a static address, and that was pretty much it for the server.

Installing vCenter

I went ahead and used an eval copy of 2008 R2 that is available at Microsoft here.  The installation is really simple, not much to say but for my needs I gave the VM a static address, HOWEVER I did NOT install Active Directory as you cannot install vCenter onto a DC, and I really was not in the mood to have a DC along with a vCenter 2008 VMs as I’m only interested in doing API testing I don’t care about authentication plugins I’m only concerned with other aspects.  Obviously if you do care, then you’ll want to install 2 2008 servers.  I gave my 2008 server a static address of 192.168.1.12 so that I could easily find it on the network post-install.

Since I have no imagination, I renamed the server “vcenter” which of course will factor into the login credentials later on.

My ‘client’ gave me the ISO for vCenter “VMware-VIMSetup-all-5.5.0-3254792-20151201-update03.iso” which of course needs to be installed onto the 2008 server.

install vSphere vCenter

I did the easy install, as again I’m not building a real enterprise.  However I should point out that the easy install has a habit of popping alerts and prompts UNDER the current window so you could be waiting for quite a long long time for this to install when it really shouldn’t take all that long.  I also kept the option for the 2008 Express edition as I’m not going to try to stress the count of VMs 50 is far more than I require as again I’m only interested in limited stuff at this point.

vCenter ‘simple install’ ports

Again I just selected the defaults for the install as I’m not all that worried.  Phew with all of that done, it’s now ready to use!

Logging in

Now I went ahead and hit the following site:

https://192.168.1.12:9443/vsphere-client/#

I went ahead and installed the pluggin for a more ‘full’ experience with the web client.  The link is on the bottom of the page.

download this!

With all of that in place, I finally could use the web/flash site to login, using the local administrator account.  However upon logging in the domain was barren, no vcenters no data centers, nothing.

Empty data-center!

Obviously I must have screwed something up!  Even worse using the ‘fat’ C#/J# client (that I still love…) I would simply get this fun error:

You do not have permission to login to the server!

What? I don’t have permission?

A little digging around, and I found out of course, that it is because I don’t have an Active Directory, and that for ‘workgroup’ installs like this, you need to simply login as administrator@machine.local or ‘administrator@vsphere.local’ in my case, using the password that had to be set during the SSO installation.

Login

And now I was prompted to create my data-center, and add in the ESXi server into the virtual data-center.

vCenter is now operational

So now I have a virtual vCenter, along with an ESXi host to deploy stuff onto, and destroy all I want.  Even better VMWare Player & VMWare Fusion can also run ESXi nested, so you can take your virtual data-center with you on a laptop!  You can boot 2008 with vCenter in 2GB of RAM, although it really should have 4GB if not more, and with 4GB for an ESXi server that would be 8GB+ on any laptop or desktop.  However I’m lucky my ESXi server has 32GB of RAM, and my laptop has 16.  So it’s also a great excuse to upgrade!

Shout out to Json.NET

Nothing to do with virtual or legacy, well maybe it is.  I’m targeting .net 2.0 with the new and exciting world of JSON objects.

http://www.newtonsoft.com/json

So this library makes it super easy to pass it a long JSON string, and return a .net DataSet.

At the least it makes it easy to dump data out from one of those ‘hip new trendy’ web services, and stuff it into SQL so us old people can look at it.