Archive for December, 2009

The Lost Symbol

Posted: December 30, 2009 in reading
Tags: , ,

I’ve done it. I’ve managed to _actually_ read a non-IT book, this holiday. .pdf format on the laptop, 2 days. Wonderful book! And I say this because it really captivated me as well as because I’ve actually _read_ a book after so much time.

The book is written by the well-known author Dan Brown, and it is called The Lost Symbol. I must confess I haven’t read the DaVinci Code, but I have read the Angels&Daemons book, and this guy has talent in telling a story. It was really captivating and interesting; once I’ve got my hands on the book I wasn’t able to let it, until the story finished. What I liked the most about this story is that Dan Brown reads a lot, tries to learn as much as possible about the subject. I was happy to see references to old books that I have tried to find myself back in highschool, books like Zohar, books belonging to Rosecrucians, old Hebrew books or the Newton’s interpretation of the Bible.

I also liked to see that Albrecht Durer’s work was the center point of the book, not just mentioned somewhere on the fly. The book combines the mythology, the science, the history, combines references of the scientists works with the art and the alchemy and everything is so realistically linked and connected.

One of the ideas many may argue while reading this book is _how real is it_? Ok, the guy documented and did a lot of interesting and catchy connections. Still, are they real? I mean, did you visit the Capitol in Washington DC? Did you enter the basement of the Smithsonian Museum? I for sure, haven’t. Maybe mister Brown did…nevertheless.

One of the questions I was asking myself while reading the book was: is this real, was Dan Brown actually did the connections after investigating all of this stuff? Was he gathering all this amount of information for years, and finally he was able to do the connections and create the story? Or…he just imagined everything, combining pieces just to look real?

Now, I am not in the position of saying how much of the stories in the book are real or confirmed, though I had started this kind of quest when I had time, in highschool. As per my experience, I can only say this is very well documented and sounds veridic.

…And, why not? Aren’t we allowed to imagine that this stuff is real? That everything is connected? That this Mason people actually gather all those secrets, for the sake of human kind? That Bible and Zohar, and all of those books actually refer to us, Humans, as Gods and the purpose we have here, on Earth, is to re-gain our God-like consciousness?

My first post in English.

As requested by many of my friends and colleagues that don’t speak Romanian, my blog is going to be written in English, from now on. Unfortunately, my English is not that good anymore, but I count on you guys to let me know whenever I may make mistakes.

What better occasion, than the Christmas holiday?

Forcemeat rolls in cabbage leaves, boeuf salad, steak, a lot of sweets and cakes – homemade by out housewives mothers, mulled wine, seeing our families and friends, and lots and lots of love. Feeling so good and happy after a long time.

Besides the actual holiday, it is also our anniversary, Cristina, Cristian…And, this day alone, was the best Christmas day ever for me, maybe also the best day of my life.

How did you spend your Christmas holiday?


Posted: December 26, 2009 in personal
Tags: ,

Sarmale multe, salata boeuf, friptura la cuptor, multe-multe prajituri bune – facute in casa de mamele gospodare, vin fiert, revederea familiei si a prietenilor si multa-multa dragoste. O stare de bine pe care nu am mai simtit-o deja de multa vreme.

Pe langa sarbatoarea in sine, mai este si ziua noastra, a Cristinelor, Cristianilor…samd. Si, de data asta, pot sa spun ca a fost cel mai frumos Craciun ever, defapt, poate chiar cea mai frumoasa zi din viata mea 😡

Voi cum ati petrecut de Craciun?

no comment

Posted: December 23, 2009 in technical
Tags: , ,

Linux (a149::2 – mtu 2500) — (a149::1 – mtu 9216, vlan access 5 – mtu 2500) Cisco 6500 (2001::2 – mtu 9216, vlan access 3 – mtu2500)—(2001::1 – mtu 2500)Netscreen5200

ns5200-> ping
IP version [4/6]:6
Target IPv6 address:a149::2
Using Echo request [Y/n]Y
Repeat count [5]:
Datagram size [100]:
Timeout in seconds[1]:
Source interface:eth2/2
Type escape sequence to abort
Sending 5, 100-byte ICMP Echos to a149::2, timeout is 1 seconds
Success Rate is 100 percent (5/5), round-trip time min/avg/max=3/3/4 ms
ns5200->           ping
IP version [4/6]:6
Target IPv6 address:a149::2
Using Echo request [Y/n]Y
Repeat count [5]:
Datagram size [100]:1500
Timeout in seconds[1]:
Source interface:eth2/2
Type escape sequence to abort
Sending 5, 1500-byte ICMP Echos to a149::2, timeout is 1 seconds
Success Rate is 0 percent (0/5)

nobody is perfect

Posted: December 23, 2009 in technical
Tags: , ,

Tocmai ce mi se parea super cool ca Juniper is BSD-based ..sort of, cand dau de urmatoarea cheste pe un NetScreen:

ns5200-> get envar
run_image=default (ns5000.6.3.0-M2A.r1.0)
last_reset=2009-11-06 15:21:28 by netscreen
.hash-seg=6 (421751809)
ns5200-> set envar max-frame-size=2500
The system must be reboot for new setting to take effect!
WTF, man?

cisco – multiple phase 2 over phase 1

Posted: December 22, 2009 in technical

Recent m-am lovit de alte dileme ale Cisco, anume asa-numita implementare de “multiple phase 2 over phase 1”. Basically, Cisco face ca la RFC 2408 sau 2409…nu as putea sa zic sigur la ora asta, anume accepta ca TrafficSelectors (Proxy-ID cum le zice la Juniper) orice cu masca mai specifica decat cea definita in configuratie. Daca as gasi RFC-u’ cu pricina, as da citat exact. Practic, daca ai ca Traffic Selectors pentru peer un, RFC-u’ zice ca Responderul (peer-ul curent) trebe sa accepte orice face match mai specific (exprimarea in RFC era cu subset..smth) pe acest subnet. Si Cisco face asa, dar numai cand are el chef, si in conditiile de el stiute.

Anume, am incercat si eu, ca omul, cu 2 subnet-uri: si, cate 2 IP-uri din fiecare, avand ca TrafficSelectors pentru primul subnet, respectiv RFC-u’ zice ca IKEv1 Phase1 in site-to-site se face cu un singur SA, iar la phase 2, daca initiatorul (adica eu cu subnet-urile de mai sus) trimite ca TrafficSelectors,……, Cisco tre sa-mi creeze atatea SA-uri de Phase 2 cati TrafficSelectors din astia ii trimit eu.

Problema pe care o intalnesc eu apare cand folosesc certificate digitale pentru a autentifica aceste tunele: 10 pentru primul subnet, si 10 pentru al doilea subnet. Se pare ca el are impresia ca eu vreau sa fac mai multe tunele (de phase 1..?) cu acelasi certificat, sau, oricum, _ceva_ nu ii place la certificatele alea si are dileme in a gasi cheile RSA cu care sa-mi faca negocierea.

1w3d: %CRYPTO-3-IKMP_QUERY_KEY: Querying key pair failed.
1w3d: ISAKMP (72030): process_rsa_sig: Querying key pair failed.


tiranul la control

Posted: December 20, 2009 in personal

La controlul controllerului de XBOX, adica.

Pentru ca toata ziua sta si se joaca. Il rup cu greu si cu taraboi la masa sau la orice altceva. Dupa parerea mea de scurt participant (la Tekken, de care ma plictisesc repede, ca e cam sec si am luat bataie de la tiran 😛 ) si lung observator la bataliile cu personajele din Tekken sau aventurile din Assassin’s Creed, ze XBOX is ivil shit.

Ce e drept, Wolverine este super tare, grafica e de-a dreptul bestiala, iar schemele si fazele eroului, precum si ale adversarilor sai sunt super misto facute. Asa ca-l inteleg pe tiran ca sta cu ochii cat cepele in monitor, se muta de pe canapea pe pat si de pe pat pe canapea, se scarpina enervat in cap si mai trage cate-o injuratura-doua-trei… da alert in butoanele controllerului si dupa un timp mai inainteaza un nivel la Wolverine. Ce nu-mi convine e ca are jucarie noua, iar eu nu am parte de attenshun-ul pe care-l vreau.

Tiranul a devenit si mai tiranizant.

solutie rapida

Posted: December 15, 2009 in technical

Intrebare: ce-i faci unui Cisco atunci cand are o interfata down?

Raspunsuri eronate: no shut pe interfata, refacut vlan-ul de acces …alte metode soft

Raspuns corect: no power enable module X, power enable module X

…si eu care-l suspectam pe un biet NetScreen ca mi-a inchis interfata de ten-gig ca i-am facut DOS

LTE made humanly possible

Posted: December 8, 2009 in technical
Tags: , ,

Astazi am avut parte de cea mai cool prezentare – LTE ever, de la o colega de job. In sfarsit s-au mai lamurit si la mine in capshor diverse dileme legate de eNode, MME sau SGW.

Spre deosebire de UMTS, unde ai tzshpe mii de draci de echipamente in reteaua radio, aici ai doar UE-ul (User Equipment) si eNB (eNodeB) pe post de inlocuitor de RNC si NodeB. APN-ul este MULT simplificat. eNB-ul devine ceva mai complicat, if you ask me, pentru ca el de acum trebuie sa comunice direct cu echipamentul MME (Mobility Management Entity) – masina echivalenta (mai mult sau mai putin, dar suficient de echivalenta la mine in cap acum) SGSN-ului din UMTS. eNB-ul comunica cu MME-ul pe interfata S1-U, cum a fost numita de mesterii de la 3GPP. Mai departe, acest MME, cu rol de semnalizare pe reteaua LTE, are sarcina de a deschide un tunel eGTP (GTPv..almost 2) catre SGW (Serving Gateway) pe interfata S11, pentru ca mai apoi SGW-ul sa il intrebe pe PDN-GW (Packet Data Network Gateway) pe interfata S5/S8 daca politicile pentru acel user sunt ok si daca da, sa-i dea IP. PDN-GW-ul il intreaba mai departe pe PCRF (policy enforcement..something) ce QoS poate sa ofere bietului user, si asa se creeaza ceea ce numim “bearer” – un fel de “contexte” de la UMTS care au template-uri de trafic acceptat sau nu, si la ce QoS.

Interesant la chestia asta e ca un UE poate sa comunice cu mai multi PDN-GW-uri, astfel incat sa-si ia IP-uri de la fiecare, in functie de ce retea este in spatele fiecarui PDN-GW. Bine de stiut ca fiecare UE poate avea maxim 11 beareri; noroc ca PDN-GW-ul se poate trezi sa-i mai modifice TFT (Traffic Flow Template)-ul unui UE pe un anumite bearer, deci nu am ramas in pana de QoS si nici de beareri 😛

Acuma, eu nu m-am dumirit clar de ce folosesc ei UDP sub eGTP, dar probabil ca au avut un motiv bun. Se pare ca TCP-ul e prea solicitant pt device-uri..or smth, si au “inventat” un lightweight-TCP al carui nume l-am uitat, care sa faca doar stateful connection, dar fara negociere de window-size sau alte nebunii asemanatoare. Abia astept sa intru in paine ca lumea pe EPC.

— La cererea publicului, POZA:


[copyright Santosh Dornal –]

coerenta si uzabilitate

Posted: December 4, 2009 in technical
Tags: , ,

Este vorba despre CheckPoint, care se “lauda” ca suporta Aggressive Mode. Eh, cand dau in el cu aggressive mode, face cale intoarsa si anunta glorios ca aggressive mode nu e compatibil cu IKE – adica, una din modalitatile de a face IKEv1 (proasta, cu probleme mari de securitate, dar, totusi, prezentata de RFC2408) se pare ca nu suporta IKE =))

Come on, people!!! Si ma gandesc ca oamenii _chiar_ cumpara crap-urile astea.

1_ 2_