Adding Storage To Lenovo Laptop

Before purchasing anything, I would usually do a lot of research about reliability, pricing, and support. Another factor is upgradability.

I wanted to buy an IdeaPad laptop directly from Lenovo, but it was not as customizable as I would like it to be.

The laptop has multiple configuration options, there are models with an SSD and HDD, and some models with only SSD. I wanted to buy one with only a single 512 GB M.2 2242 SSD and upgrade in the future. When I contacted Lenovo sales via chat, they told me that it is impossible to add a new drive, that it would void the warranty.

I decided to buy one with a single M.2 SSD anyway.

The interesting this is that a disk caddy (including cables) is included indicating that we are allowed to add a disk on our own.

I haven’t tried to open the bottom panel yet, but I guess it’s normal these days to be able to add a disk into the disk bay.

There you go, I should be able to add a drive when needed 👍🏼

DD-WRT: OpenVPN Server Using Certificates

GUI confuses me sometimes, so I prefer to make configurations in text files. For DD-WRT, OpenVPN server is available in OpenVPN, OpenVPN Small, Big, Mega, and Giga builds: K2.6 Build Features. Since I have never used any router with USB storage capabilities, I can’t be sure but I think OpenVPN can be installed using ipkg as well.

For this post I am going to assume you’re an OS X user, but Windows procedures shouldn’t be too different.

1. Generating certificates and keys

  1. Get Easy-RSA. You can either clone the git repository or download the package as zip. Navigate to the folder where you downloaded/cloned Easy-RSA and get into the directory easy-rsa/2.0.
  2. Edit the file vars. I’m showing the variables that you might want to change. Take note of the KEY_SIZE variable. If you’re paranoid like me, leave it at 2048. It takes longer to generate DH parms but not that long.
    # Increase this to 2048 if you
    # are paranoid.  This will slow
    # down TLS negotiation performance
    # as well as the one-time DH parms
    # generation process.
    export KEY_SIZE=2048
     
    # In how many days should the root CA key expire?
    export CA_EXPIRE=3650
     
    # In how many days should certificates expire?
    export KEY_EXPIRE=3650
     
    # These are the default values for fields
    # which will be placed in the certificate.
    # Don't leave any of these fields blank.
    export KEY_COUNTRY="MY"
    export KEY_PROVINCE="SELANGOR"
    export KEY_CITY="Puchong"
    export KEY_ORG="AdyRomantika"
    export KEY_EMAIL="[email protected]"
    export KEY_OU="RomantikaName"
     
    # X509 Subject Field
    export KEY_NAME="MYKEY1"
  3. Import the variables into the current shell:
    $ source vars
  4. Clean existing keys if any (WARNING: This deletes all existing certificates and keys)
    $ ./clean-all
  5. Generate server certificates. The script will still ask for parameters you entered in vars so just press ENTER if you’re satisfied
    • This will produce 2 files: ca.key and ca.crt
    $ ./build-ca
  6. Generate Diffie Hellman parameters
    • This will produce the file: dh{n}.pem where {n} is the key size specified in the vars file.
    $ ./build-dh
  7. Generate key for the server.
    • When asked for a password, just press ENTER otherwise the key password will be asked each time service is being brought up.
    • When asked whether to sign the certificate, say Yes.
    • This will produce 3 files: server.crt, server.csr, server.key
    $ ./build-key-server server1
  8. Generate key for the clients. This step can be repeated in the future for more clients as needed.
    • When asked for a password, you can enter a password so that when connecting to the service, the key password will be asked. I recommend this to make it more secure.
    • When asked whether to sign the certificate, say Yes.
    • This will produce 3 files: client1.crt, client1.csr, client1.key
    $ ./build-key client1

Continue reading DD-WRT: OpenVPN Server Using Certificates

DD-WRT as Wireless Client

There is something very wrong with the wireless module on the DELL Precision M4300 I am currently using – after a while files begin to get corrupted and Windows will fail to write the event log. I have just had the motherboard changed by DELL last Monday. In the office I did not have any problem for the whole week since I was using a wired connection. At home, I mainly use wireless because my access point is in the family hall.

Bummer! I can’t be wired at home, it’s simply not practical and I have no suitable surface to work on near the access point. It’s a Huawei E960, property of Maxis. It’s a HSDPA modem so where I place it is very important.

I have an antique Linksys WRT54G v2.2 with DD-WRT v24 on it so I decided to convert it to a wireless client. It acts as a wireless client to the main wireless router, and provides LAN connection via the wired ports. Perfect for a busted wireless module.

Steps on the WRT54G:

  1. Do a hard reset
  2. Connect to the router via wired port
  3. Open the Wireless » Basic Settings tab
    • Wireless Mode: Client Bridge
    • Wireless Network Mode: Match Primary Router
    • Wireless Network Name(SSID): Match Primary Router
    • Wireless Channel: Match Primary Router
    • Wireless SSID Broadcast: Enable
    • Network Configuration: Bridged
    • Save Settings
  4. Open the Wireless » Wireless Security tab
    • Set Encryption to match the primary router. I use WPA2 with TKIP+AES and it works fine.
    • Enter encryption key to match the Primary router
    • Save Settings
  5. Open the Setup » Basic Setup tab
    • Connection Type will show: Disabled
    • Set STP to Disabled
    • IP Address: 192.168.1.2 (Primary Router IP is 192.168.1.1)
    • Mask: Match Primary Router (mine is 255.255.255.248)
    • Gateway: 192.168.1.1 (Primary Router IP is 192.168.1.1)
    • DHCP Server: Disable
    • Save Settings
  6. Open the Setup » Advanced Routing tab
    • Change Type to: Router
    • Save Settings
  7. Open the Security » Firewall tab
    • Uncheck all boxes except “Filter Multicast” in “Block WAN Requests”
    • Disable SPI firewall
    • Save Settings
  8. Open the Administration tab
    • APPLY Settings
    • Click “Reboot” button

On the primary router I only had to add the MAC Address of the WRT54G to it so that it allows connection (I have MAC filtering enabled). To look for the MAC address I simply use the Administration » Commands tab to run ifconfig (or of course via SSH). I am not sure on how other hardware would work but I use my eth1 address.

This is good enough for now, although I am hoping that the notebook gets fixed. I am not going to pack the WRT54G along to Starbucks or any cafe just to get wireless connection.

When Security Is Not Secure

I was going after a moron who was disturbing my wife’s blog and reached an IP number. Utilizing nmap, I found out that port 80 on the IP is open.

-(~:#)-> nmap -A -T4 XXX.XXX.XXX.XXX
 
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2009-02-09 23:52 MYT
Warning: Giving up on port early because retransmission cap hit.
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
WARNING:  RST from port 80 -- is this port really open?
Insufficient responses for TCP sequencing (0), OS detection may be less accurate
Interesting ports on XXX.XXX.in-addr.arpa (XXX.XXX.XXX.XXX):
Not shown: 1673 closed ports
PORT     STATE    SERVICE        VERSION
25/tcp   filtered smtp
80/tcp   open     http            (GoAhead-Webs embedded httpd)
443/tcp  open     ssl/unknown
1720/tcp filtered H.323/Q.931
5000/tcp open     UPnP?
5001/tcp open     commplex-link?
5100/tcp open     admd?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port443-TCP:V=4.11%T=SSL%I=7%D=2/9%Time=499051AA%P=i686-pc-linux-gnu%r(
SF:GetRequest,18A,"HTTP/1\.0\x20501\x20Not\x20Implemented\r\nContent-type:
SF:\x20text/html\r\nPragma:\x20no-cache\r\nDate:\x20Mon,\x2009\x20Feb\x202
SF:009\x2015:54:17\x20GMT\r\nLast-modified:\x20Mon,\x2009\x20Feb\x202009\x
SF:2015:54:17\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20close\r\
SF:n\r\n\r\n<html>\n<head>\n\x20\x20<title>501\x20Not\x20Implemented\n</title></head>\n<body \x20bgcolor=\"ffffff\">\n\x20\x20<h2>501\x20Not\x20Im
SF:plemented</h2><h2>\n\x20\x20<p>\n\x20\x20The\x20requested\x20method\x20is\x2
SF:0not\x20implemented\x20by\x20this\x20server\.\n</p></h2></body>\n</html>\n")%r(G
SF:enericLines,18A,"HTTP/1\.0\x20400\x20Bad\x20Request\r\nContent-type:\x2
SF:0text/html\r\nPragma:\x20no-cache\r\nDate:\x20Mon,\x2009\x20Feb\x202009
SF:\x2015:54:17\x20GMT\r\nLast-modified:\x20Mon,\x2009\x20Feb\x202009\x201
SF:5:54:17\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20close\r\n\r
SF:\n\r\n<html>\n<head>\n\x20\x20<title>400\x20Bad\x20Request</title>\n\n<body \x20bgcolor=\"ffffff\">\n\x20\x20<h2>400\x20Bad\x20Request<h SF:2>\n\x20\x20<p>\n\x20\x20Your\x20request\x20has\x20bad\x20syntax\x20or\
SF:x20is\x20inherently\x20impossible\x20to\x20satisfy\.\n</p></h></h2></body>\n</head></html>\
SF:n")%r(HTTPOptions,18A,"HTTP/1\.0\x20501\x20Not\x20Implemented\r\nConten
SF:t-type:\x20text/html\r\nPragma:\x20no-cache\r\nDate:\x20Mon,\x2009\x20F
SF:eb\x202009\x2015:54:18\x20GMT\r\nLast-modified:\x20Mon,\x2009\x20Feb\x2
SF:02009\x2015:54:18\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20c
SF:lose\r\n\r\n\r\n<html>\n<head>\n\x20\x20<title>501\x20Not\x20Implemente
SF:d</title>\n</head>\n<body \x20bgcolor=\"ffffff\">\n\x20\x20<h2>501\x20No
SF:t\x20Implemented</h2><h2>\n\x20\x20<p>\n\x20\x20The\x20requested\x20method\x
SF:20is\x20not\x20implemented\x20by\x20this\x20server\.\n</p></h2></body>\n</html>\
SF:n")%r(RTSPRequest,18A,"HTTP/1\.1\x20501\x20Not\x20Implemented\r\nConten
SF:t-type:\x20text/html\r\nPragma:\x20no-cache\r\nDate:\x20Mon,\x2009\x20F
SF:eb\x202009\x2015:54:18\x20GMT\r\nLast-modified:\x20Mon,\x2009\x20Feb\x2
SF:02009\x2015:54:18\x20GMT\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20c
SF:lose\r\n\r\n\r\n<html>\n<head>\n\x20\x20<title>501\x20Not\x20Implemente
SF:d</title>\n</head>\n<body \x20bgcolor=\"ffffff\">\n\x20\x20<h2>501\x20No
SF:t\x20Implemented</h2><h2>\n\x20\x20<p>\n\x20\x20The\x20requested\x20method\x
SF:20is\x20not\x20implemented\x20by\x20this\x20server\.\n</p></h2></body>\n</html>\
SF:n");
Device type: general purpose
Running: Microsoft Windows Longhorn
OS details: Microsoft Windows Longhorn Preview
 
Nmap finished: 1 IP address (1 host up) scanned in 122.444 seconds

And so I went to look at what the HTTP server offers. It’s a D-Link DCS-950 camera, most probably port-forwarded using a router since the browsing IP from the computers are also the same.

I went to the D-Link website to look for the product manual and as I suspected it is using the default password, admin/admin. Here’s what i saw:

[singlepic=21,600,600]

Anyone recognize this place?

The point here is that a device that is intended to serve as a security tool, can also be used against you. The dumbest thing you can do it leaving your devices on default passwords.

Ha… I can see someone changing tab to open their router configuration panel which have the default password. 😉

But hey, this camera is cool. I would not hesitate to install one or two at home. It can also be a PPPoE dialer (ADSL) so it can connect directly to a modem and dial the Internet. One bad thing I noticed is that to login and browse the images you need to use IE as it utilizes ActiveX.

World of Microprocessors

I have been terribly busy lately and my energy seems to be drained out completely once I reach home. It’s time to write something.

Penryn Die

For no apparent reason I was browsing the Internet when my eyes caught on the words Intel and Penryn. I was curious. Really curious so I Googled the words.

The results of my search was a bit surprising. Not long after Intel® introduced Core™2 processors (a year plus ago), based on 65 nanometer process, Intel is planning to release Penryn in the second half of 2007. Penryn is the next generation Intel® Core™2 family processors which is built using 45 nanometer transistors.

After Penryn, in 2008 Intel is planning to release Nehalem which will have a brand new micro architecture and after that, they will go for 30 nanometer transistors.

Penryn basically introduces SSE4 (with 47 new SSE instructions) and should run faster than the current processors clocked at the same speed. It is much smaller so that a silicon wafer can produce more chips which in turn translates to lower cost and better profit for Intel. I wish I have some share in that company. Penryn also supports 6MB of L2 cache per two core, meaning that the quad-core version can have up to 12MB L2 cache. Everything is built with 410 million transistors. Amazing.

The race for smaller transistors have long begun, and Intel has been succeeding as a leader compared to the rival – AMD®. While Intel introduced the 65 nanometer processor in late 2005, AMD was only able to release the same technology roughly a year after. To outrun Intel, AMD has vowed to try to release its 45 nanometer processors within 18 months after the release of its 65 nanometer processor, and that roughly translates to mid 2008. It looks like Intel is not allowing that to happen.

As a long time Intel user, I am of course biased towards Intel. But I still remember my 80386DX was made by AMD 😉

What is happening is indeed a proof of Moore’s_law being valid. It states that the number of transistors on an integrated circuit for minimum component cost doubles every 24 months. Mr Moore is still alive and kicking and he was the co-founder of Intel.

If you’re a college student, avoid doing a project to research about all processors that were ever made unless you are really into it. When I was in college I was so into microprocessors and that is what I did. However back then it was still possible as the latest processor available were Pentium II. Nowadays, I am all confused with so many code names and numerical conventions. The latest processor that I have in my household is a Celeron D, while my torrent box is running on a 9 year old Pentium III 600MHz.

Read more:

45nm Hi-k Next Generation Intel® Core™ Microarchitecture
A review at AnandTech

How current is your PC?

Imation Disk Manager II

A funny story. I just bought myself a 4GB flash drive to substitute my old 128MB Imation flash drive. So I was trying to format the Imation drive when I found a big loophole to the software.

The Imation flash drive comes with a firmware that automatically creates an executable to run the Imation Disk Manager II software. You can make the whole disk public, separate the disk to 2 partitions (public & secured), and the whole disk secured.

imation1.jpg

For the secure partition you’ll need to run the software and enter a password if you want to access the files in it. I am not in the hacking business so I have no idea how secure it actually is. But this is another story, not about the secure partition.

After I have copied the files to the new location, I simply execute the software and it let me reformat the entire disk without asking for a password. Easy, but dangerous. If the drive falls into the hands of somebody clueless (say your 4 year old brother) or someone with bad intentions, you can say goodbye to your data 😉

imation2.jpg

I was actually looking for looking for the Imation Swivel Pro flash drive but no shop in Low Yat have the 4GB version. They only have the 2GB version. I surely don’t think that the Imation Clip Flash Drive is available over there!

In the end I got myself a Sandisk Cruzer Micro 4GB drive which is a U3 compatible drive. Now I have Portable Apps and U3 in one drive 🙂

Storage Emergency

My 17-days old Seagate Barracuda 7200.9 300GB disk was giving a lot of error two days ago. There were a bunch of errors in my syslog:

ata1: translated ATA stat/err 0x51/40 to SCSI SK/ASC/ASCQ 0x3/11/04
ata1: status=0x51 { DriveReady SeekComplete Error }
ata1: error=0x40 { UncorrectableError }
ata1: translated ATA stat/err 0x51/40 to SCSI SK/ASC/ASCQ 0x3/11/04
ata1: status=0x51 { DriveReady SeekComplete Error }
ata1: error=0x40 { UncorrectableError }
sd 2:0:0:0: SCSI error: return code = 0x8000002
sda: Current: sense key: Medium Error
Additional sense: Unrecovered read error - auto reallocate failed
end_request: I/O error, dev sda, sector 212833665
Buffer I/O error on device sda1, logical block 106416801
ata1: translated ATA stat/err 0x51/40 to SCSI SK/ASC/ASCQ 0x3/11/04
ata1: status=0x51 { DriveReady SeekComplete Error }
ata1: error=0x40 { UncorrectableError }
ata1: translated ATA stat/err 0x51/40 to SCSI SK/ASC/ASCQ 0x3/11/04

Yes, that’s right. After 17 days so I can’t get a one-to-one replacement from the shop.

SMARTD Logs:

Error 6892 occurred at disk power-on lifetime: 427 hours (17 days + 19 hours)
When the command that caused the error occurred, the device was active or idle.
 
After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
40 51 00 b4 95 af e0  Error: UNC at LBA = 0x00af95b4 = 11507124
 
Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
-- -- -- -- -- -- -- --  ----------------  --------------------
25 00 d0 b0 95 af e0 00      01:47:04.861  READ DMA EXT
25 00 d0 b0 95 af e0 00      01:47:03.048  READ DMA EXT
25 00 d0 b0 95 af e0 00      01:47:01.243  READ DMA EXT
25 00 d0 b0 95 af e0 00      01:46:59.447  READ DMA EXT
25 00 d8 a8 95 af e0 00      01:46:57.650  READ DMA EXT
 
Error 6891 occurred at disk power-on lifetime: 427 hours (17 days + 19 hours)
When the command that caused the error occurred, the device was active or idle.
 
After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
40 51 00 b4 95 af e0  Error: UNC at LBA = 0x00af95b4 = 11507124
 
Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
-- -- -- -- -- -- -- --  ----------------  --------------------
25 00 d0 b0 95 af e0 00      01:47:04.861  READ DMA EXT
25 00 d0 b0 95 af e0 00      01:47:03.048  READ DMA EXT
25 00 d0 b0 95 af e0 00      01:47:01.243  READ DMA EXT
25 00 d8 a8 95 af e0 00      01:46:59.447  READ DMA EXT
25 00 d8 a8 95 af e0 00      01:46:57.650  READ DMA EXT
 
Error 6890 occurred at disk power-on lifetime: 427 hours (17 days + 19 hours)
When the command that caused the error occurred, the device was active or idle.
 
After command completion occurred, registers were:
ER ST SC SN CL CH DH
-- -- -- -- -- -- --
40 51 00 b4 95 af e0  Error: UNC at LBA = 0x00af95b4 = 11507124
 
Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
-- -- -- -- -- -- -- --  ----------------  --------------------
25 00 d0 b0 95 af e0 00      01:47:04.861  READ DMA EXT
25 00 d0 b0 95 af e0 00      01:47:03.048  READ DMA EXT
25 00 d8 a8 95 af e0 00      01:47:01.243  READ DMA EXT
25 00 d8 a8 95 af e0 00      01:46:59.447  READ DMA EXT
25 00 d8 a8 95 af e0 00      01:46:57.650  READ DMA EXT

Here’s the disk label:

Seagate Disk 300GB

I blamed the disk. My friend Azidin had a different idea. He said that it might be the SATA controller card that I installed on my computer that’s causing the errors. I didn’t believe him.

That night I tested the disk with Azidin. There were a lot of bad sectors!!!!! But still, I refused to blame the SATA controller card.

Seatools

After work on 23 June, I immediately rushed to the shop, hoping that they would give me some help, or keep my disk for checking during the weekend but they (C-Zone) rejected me saying that their service center is closed and asked me to come the next day. I was disappointed. But I didn’t leave Low Yat plaza before buying a 200GB Maxtor disk from Startec, just in case if it’ll take months to get my disk repaired.

Maxtor 200GB

Back home, I installed the disk onto the same SATA controller card. The next day, I received these from my syslog:

end_request: I/O error, dev sda, sector 132826840
Buffer I/O error on device sda2, logical block 8210
lost page write due to I/O error on sda2
ATA: abnormal status 0xD0 on port 0x9807
ATA: abnormal status 0xD0 on port 0x9807
ATA: abnormal status 0xD0 on port 0x9807
ReiserFS: sda2: warning: journal-837: IO error during journal replay
REISERFS: abort (device sda2): Write error while updating journal header in flush_journal_list
REISERFS: Aborting journal for filesystem on sda2
ata1: command 0x25 timeout, stat 0xd0 host_stat 0x1
ata1: translated ATA stat/err 0xd0/00 to SCSI SK/ASC/ASCQ 0xb/47/00
ata1: status=0xd0 { Busy }
sd 0:0:0:0: SCSI error: return code = 0x8000002
sda: Current: sense key: Aborted Command
Additional sense: Scsi parity error
end_request: I/O error, dev sda, sector 133810704

I started to believe that the controller card might be causing the problems. What are the odds that all my disks end up producing errors like these? I decided to buy a new motherboard with a built-in SATA controller, without spending too much. Also, I have an unused socket 478 Celeron, so after some research, I decided to get an ASUS P4P800-MX that’s still available in Cycom. The very same night, I ran Seagate Desktop on my older disk – low-level format (zero fill). It took hours but totally worth it. This morning when the process finished I ran another surface scan of the 300GB disk and all bad sectors are gone. Pheww! I decided not to send it to the shop, but continue using it with caution. It carries a 5-year warranty anyway.

Seatools 2 all ok

So today I went and bought a P4P800-MX from Cycom, with two sticks of 512MB DDR (to utilize dual-channel memory bus). I have just finished installing the 300GB Seagate disk plus the 200GB Maxtor disk on the new motherboard. Everything looks good.

The cuplrit? Here it is:

Sata controller

I don’t think it’s the chip. Maybe the card is defective. I bought it at Sri, in a plastic package (they hang such packages on a wall like in a supermarket). I thought of returning it, but I’m too tired to argue with the shop.

Oh well. I am all happy now. Thanks to Azidin for his help, and of course to my dear wife for her understanding of this matter.

3G Data Card

I am so frustrated by 3G providers, Malaysian and abroad. I have a Merlin U530 from Novatel Wireless with me now (not mine), and tried to use it for Maxis. Of course, it wouldn’t work as the card was bought in Hong Kong. The provider is Hong Kong Three :-(.

The problem is the data card is LOCKED by the provider. I heard that the Huawei‘s E600 data card is also locked by Celcom. I don’t have to guess that Maxis locked their version of the Merlin U530.

What happened to this world? Can’t anything be open anymore… *sigh*.

And people actually pay more than a thousand Ringgit to BUY such data card! If it’s rented, I can understand. But in this case, people OWN the card.

Huawei E600:

Merlin U530:

Maxis 3G connect:

Everybody wants to add their logo to the card, and lock them up. The one with me have the Three logo on it to indicate that this is provided by Three:

I’ll get my own 3G data card when providers decide not to lock them. When, you ask. I don’t know. 😉

Cooler Disk

My journey to Low Yat plaza last weekend (or was it the weekend before that?) was worth it. I installed new disk brackets and fans to cool off my system and the temp actually dropped quite significantly:

Disk 1
Disk 2

Cooler disks! 🙂

*The fluctuation you see is because I can’t keep my air conditioner turned on 24 hours a day 🙁