5G – The SIM Card and the SUCI

One of the nice things of the 5G Core Network architecture is that it allows the concealment, i.e .the encryption of the user’s identifier. While in previous network generations, this ID is referred to as the IMSI (International Mobile Subscriber Identity), it has been renamed to SUPI (Subscription Permanent Identity) in 5G. Under normal circumstances, even 2G, 3G and 4G conceal the user’s identity with a temporary ID that changes frequently. Under some circumstances, however, e.g. when connecting to a roaming network for the first time, or when the home network has forgotten the temporary identifier, which can happen for a number of reasons, the network has to ask for the IMSI. Unfortunately, this loophole can be used by malicious base stations and other equipment to get to the real identities of devices and their users. The good news: The 5G core has a fix for this!

Continue reading 5G – The SIM Card and the SUCI

Proxy Jump(ing) Around Congestion

Every now and then I meet congestion out there in the cloud. And sometimes, particularly in the evening, a transit or peering link between networks is so congested, that packets are frequently dropping, and data transfer speeds are down to a few megabits per second. Not a very ‘sparkling’ experience one would probably say in the backbone community in Italy.

Anyway, if you are in the ‘engine room’ of a network operator, you could of course do something about this and find another peering or transit partner for a particular destination network. But I’m unfortunately not in such a position, so I needed a way to ‘route around the problem’ on a higher layer of the protocol stack. The solution: Multiple proxy jumps with ssh.

Continue reading Proxy Jump(ing) Around Congestion

EarlyOOM: How to Stop Linux From Halting

In case you use Linux on the desktop, you might have been here before: When running out of memory, the system suddenly crawls to a halt and becomes totally unusable. In such cases it is often not even possible anymore to ssh into the system to reboot it. Sometimes, the system recovers after a very long time once the kernel finally gives up and invokes its out of memory procedures to terminate a process to free up memory. But that requires a lot of patience and the typical ‘quick’ solution is a power cycle. But recently I found a better way to deal with this: EarlyOOM.

Continue reading EarlyOOM: How to Stop Linux From Halting

TinyPilot – Part 2

Remote-KVM hardware is a great way to control servers and PCs remotely when device control is required while the operating system is not yet loaded, or installing remote control software is not possible. In a previous post, I’ve had a look at TinyPilot, a remote-KVM solution based on a Raspberry Pi. I’m using it on a daily basis now and in this part I’ll have a look at some more technical details such as power consumption, the USB power splitter and VGA connectivity.

Continue reading TinyPilot – Part 2

TinyPilot For Advanced Remote Server and Notebook Control

When it comes to controlling or using remote PCs or servers, I use SSH connections and VNC or RDP for interaction with the graphical user interface. But there are cases when installing remote access software is not an option, or one needs to control the remote notebook / PC / server before the operating system is up and running. For such cases, remote-KVM (Keyboard, Video, Mouse) devices are the solution. There’s one brand that is quite famous for such solutions but their devices are expensive and they use a Java (!) based web browser interface. While a web browser interface is great, Java is definitely a no-go in this day and age and shows that product development must have ceased many eons ago. So I was looking for an alternative and found a cool open-source Raspberry Pi based solution: TinyPilot.

Continue reading TinyPilot For Advanced Remote Server and Notebook Control

Taming Windows in a Virtual Machine

When most people talk about virtual machines, they mean Linux based VMs in the cloud. But there’s much more that can be done with the technology. Before turning to the cloud, I’ve actually started using virtual machines many years ago on my Linux desktop to have access to a Windows environment to run a number of programs I need for work. It’s nice to have Windows in a VM rather than running it on bare metal, because it’s limited to the files in a configured directory tree and hence, things can be contained very nicely. Recently, I’ve also experimented with using Windows running in remote virtual machines and access them via RDP or VNC. This works great in general but there are a number of things that can be tweaked to improve the behavior when using the system over the Internet. And here are my top 3:

Continue reading Taming Windows in a Virtual Machine

Several Desktops On A Single VM In The Cloud

Earlier this year, I discovered how to run a graphical desktop in a virtual machine in the cloud. I promptly put this to good use and ran a couple of online hands-on workshops on various topics in recent months. In combination with Guacamole, participants don’t even need to install a remote desktop viewer, but can use the remote desktop right in the web browser. My latest improvement: Run several desktops on a single Virtual Machine.

Continue reading Several Desktops On A Single VM In The Cloud

A Dummy Display Dongle for My Headless Workstation

Since back in December, I have a ‘Headless’ HP Z440 workstation under my desk with lots of RAM, storage and an Nvidia graphics card to run virtual machines and compute intensive stuff there instead of on my notebook. This works very well in practice and I use X over SSH a lot with virtual machines on the Workstation. There is one application, however, that doesn’t work very well this way: The Virtualbox management GUI. For some reason, the window doesn’t render correctly, and while it is usable, it’s a pain. One way to fix the problem would be to run the Virtualbox GUI on the display of the Z440 and then use VNC to access the screen. However, since I use the Z440 without a screen attached, this does not work, as no real display buffer is created during startup if no screen is attached. A few days ago I came across a “Display Port Dummy” adapter, and I immediately knew that this would fix my problem.

Continue reading A Dummy Display Dongle for My Headless Workstation

Andy Weir’s New Book: ‘Project Hail Mary’

If a book is good and the story is engaging, I tend to read it over the course of a week or two. But every now and then there is a superb book that I just can’t put down, which then has a serious impact on my work/live balance and my day/night rhythm. Andy Weir’s latest book ‘Project Hail Mary’ definitely falls into the second category, and I was glad I stumbled over it while I was on vacation.

Continue reading Andy Weir’s New Book: ‘Project Hail Mary’