Superpower is an exploration of the emergence and consequences of the United States as the sole world superpower and major imperialist force.

Something about this new "apps" paradigm ClearOS has entered has been gnawing away at my subconcience ever since I wrote my little critique on 6.3. In a post on the ClearOS forum regarding missing IPsec support I think I was able to finally articulate the off-ish smell that has been driving me mental.

kfox:

I can't seem to find the IPsec app for ClearOS 6.3

I see the paid "dynamic vpn" app in the market place and it appears to reference an independent IPsec app.

The Dynamic VPN app is an extension to ClearOS's IPSec VPN app. The service allows IPSec to be used in situations where either one or both of the gateways are on a dynamic IP address issued by the ISP or in cases where instability using unmanaged IPSec tunnels exists.

Herballizard:

http://www.clearfoundation.com/docs/release_info/clearos_community_6.2.0/final_release_information

PITA

kfox:

The unmanaged IPsec tool has been unmaintained for a few years and was dropped in version 6. It's open source, so if someone wants to revive unmanaged IPsec, go right ahead.

Yeah I love the whole "It's OSS, you do it if you like it so much!" attitude at the same time architectural decisions seem to have become increasingly marketing-driven. If it was too much trouble to update the old IPsec module why not cut out all the paid bits of the for-profit Dynamic VPN app? Smells a little fishy.

Maybe I will make it. If you hire me. Unfortunately, I have to put food on the table and the people who pay for my time have very little use for a webconfig interface once I have it rolling. Being someone who has contributed little more than some help on the forums and a couple VM images I wouldn't be so whiny if this wasn't a functionality ClearOS didn't already have at one point.

I'm beginning to question the logic of continuing to use ClearOS when I have to do so many things myself; I'm a Gentoo admin so it goes without saying that I love to do everything myself - but I use this crazy, neat little redhat system because it used to save me countless hours and let me respond to network crises quickly.

It feels like the foundation has cut off its nose to sell its face. A lot of stuff seems to be missing or half baked just so they could roll out this new "Marketplace" paradigm in time for RHEL 6. A paradigm which itself rubs me all sorts of wrong ways.

It's a shame they gambled on buzzword dollars rather than building on an already great platform. I hope I'm dead wrong; that the gamble pays off and we end up seeing a whole bunch of quality third party "apps" from the community but the sad truth is that functionality was always there and we didn't see a whole lot of participation back in the day (and I'm not pretending to have been any help!).

On the surface, it looks like this new app framework was designed mostly with the intent to make it easier for paid services to be integrated. I wonder which kind of apps the Foundation staff members will be focusing most of their attention on now. They certainly don't seem worried about the lack of a free IPsec app despite every crappy embedded router's support for it and highly critical Advanced Bandwidth rules have been bumped two versions (so far!).

Oh well, I know only too well that we all gotta make that dolla. Maybe the corporate makeover (and hopefully increased revenue that follows) is what Clear needs to propel itself to new heights of greatness. I sincerely hope so.

UPDATE You should really read the thread; Dave Loper did a great job of explaining why things have gone this way and what the path forward looks like. I'm a lot more optimistic now.

Despite the crappy things I've had to say about 6.3 I've decided to tough it out on my new home router. Normally, where the modem and router-ap are separate pieces of equipment you can simply turn off DHCP on the old router and keep using it as an access point by plugging the switch side of it into the local network and moving its LAN IP somewhere it won't conflict with the new router. Unfortunately, my ISP has made the "step up" to all-in-one modem-router-APs and the only way to bypass the limitations of the built-in router is to put the device in "bridged mode;" effectively turning it into a modem and sacrificing all of its other functionality. This would require either purchasing a separate, stand-alone access point or adding AP functionality to the ClearOS router to keep wifi going.

I settled on the Ralink 3090 because at about $10 it's the cheapest 802.11n card offered on eBay at present. Unfortunately, the kernel module for this card seems to be the only Ralink module missing from those distributed with ClearOS by default - necessitating building and swapping in a new kernel.

First, it's necessary to install the build environment:

yum --enablerepo=clearos-developer,clearos-epel install clearos-devel

Now we'll grab and install the kernel sources:

# wget http://mirror2-houston.clearsdn.com/clearos/community/6.3.0/dev/SRPMS/kernel-2.6.32-279.2.1.v6.src.rpm
# rpm -iv kernel-2.6.32-279.2.1.v6.src.rpm
# cd ~/rpmbuild

Now we need to install a few dependencies and patch the kernel according to the rpm spec:

# yum install xmlto asciidoc elfutils-libelf-devel binutils-devel newt-devel python-devel "perl(ExtUtils::Embed)" hmaccalc
# rpmbuild -bp --target=x86_64 SPECS/kernel.spec
# cp -a BUILD/kernel-2.6.32-279.2.1.el6/ /usr/src
# ln -s kernel-2.6.32-279.2.1.el6/linux-2.6.32-279.2.1.v6.x86_64/ linux

We need to install ncurses-devel to run make menuconfig.

# yum install ncurses-devel

Since we're rolling our own kernel we can't rely on the stock initrd to get us booting. Once you're in menuconfig be sure to compile these modules into the kernel statically:

• Your disk controller module(s)
• Ext4
• Multiple devices driver support (RAID and LVM)
• Device mapper support
• Wired network devices (optional but I'm fond of guarantees)

Once you've configured your kernel and module selection compile and install them:

# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-new

Now modify /boot/grub/grub.conf and copy-paste the existing entry so you have two identical entries. Modify the first one to reference the new kernel's file name and leave the second intact so if we can't boot the new kernel we can still get back in to do more tweaking without having to break out a livecd.

Your wireless card will probably require external firmware to be loaded with its module. Be sure to install the firmware image to /lib/firmware so it can be found easily on bootup. For the RT3090 a .bin image is available in the linux source code zip at http://www.ralinktech.com/en/04_support/support.php?sn=501.

You may at this point reboot, and if successful should be looking at a new interface (i.e. wlan0):

# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

eth1      no wireless extensions.

wlan0     IEEE 802.11bgn  Mode:Master  Frequency:2.462 GHz  Tx-Power=27 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

imq0      no wireless extensions.

imq1      no wireless extensions.

Now we need to install hostapd, which will take care of WPA authentication and putting your card into Master mode:

# yum install hostapd

Edit /etc/hostapd/hostapd.conf to reflect your environment:

ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel

# Some usable default settings...
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0

# Uncomment these for base WPA & WPA2 support with a pre-shared key
wpa=3
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

# DO NOT FORGET TO SET A WPA PASSPHRASE!!
wpa_passphrase=mypassword

# Most modern wireless drivers in the kernel need driver=nl80211
driver=nl80211

# Customize these for your local configuration...
interface=wlan0
hw_mode=g
channel=11
ssid=mynetwork

# Wireless N
wme_enabled=1
ieee80211n=1
ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40]

Now start hostapd and add it to the appropriate runlevels:

# /etc/init.d/hostapd start
# chkconfig --level 2345 hostapd on

If you want the wireless to be on the same subnet as your wired LAN you must bridge the wireless and wired interfaces using standard ifcfg config files and restart networking; webconfig will not allow you to edit a bridge interface's IP settings so these must be included in the ifcfg file. Otherwise, assign a different subnet to the wireless device and choose the LAN role to allow routing between the two subnets. Alternatively, choose the Hot LAN role if you want to keep wireless clients from poking around on your wired network (probably a good idea!).

Be sure to enable DHCP for your bridged or wireless interface and congratulations on your new ClearOS access point.

The Corporation is a landmark documentary, possibly the first to bring the notion of corporations as pathological psychopaths to the common discourse. The film begins with the corporation's roots and traces them through its evolution into personhood under the 14th amendment - intended to protect the rights of former slaves - then into the modern era of globalization, examining the consequences this has had for workers abroad and democracy at home.

Pax Americana and the Weaponization of Space looks at the possible consequences of the American strategy of total military domination in space.

I have to take issue with how much emphasis is put on satellites in this documentary (and many others). Aside from weather observation, GPS and television broadcasting - all of which have feasible terrestrial alternatives - they are not particularly essential. Most global communications are carried by sub-marine fibre-optic loops. An illustrated "worst case" scenario seems to imply that GPS satellites are the only carriers of atomic clocks in the world and their failure would eventually mean the de-synchronization of the entire Internet and financial networks (including their carriers, like Datapac). This betrays a fundamental lack of understanding of Internet architecture, global timekeeping projects and the Network Time Protocol in particular. The thought that the "end of satellites" would render your mobile phone useless, a device that relies mostly on terrestrial microwave transmission and fibre optics is laughable when only a trans-continental call stands a very remote chance of being routed through space.