May 012022
May 012022
Apr 302022
Mar 302022
Just set up a UDM pro to replace a really old Cisco 881W and had some initial thoughts on it :-
- The firewall configuration is more than a little clunky; the version I was using still seems to require the legacy interface to configure IPv6 firewall rules. Plus configuring a set of IPv4 rules and a seperate set of IPv6 rules added to the clunkiness – why not allow tcp any to ${addresses} eq ssh rather than repeat the same rule with different address types? Anything to keep firewall rule sets simple is good (but I deal with another firewall that has over 200 rules).
- Whilst we’re on the subject of the firewall, it would be nice if the firewall supported the “apps” identified in the traffic management; not really an easy thing to do, but a firewall relying on port numbers is a bit 1990s to those of us used to next-generation firewalls.
- Device identification is just a little bit rough; to be fair I’m using a separate DHCP server. But to identify a Linux container as a Windows PC is more than a little off! I had to check that my virtual Windows 10 machine wasn’t actually running when I first saw this.
- The topology diagram is all very well but very boring if you’re not using all Ubiquiti gear. Not everyone is going to replace all their switches just to get this to work straight away – I have three switches not counting the ethernet-over-power devices that also count as switches. It would be handy if the UDM would at least go to some effort to identify third-party network devices.
- Oh, and ssh access to the command-line is … confusing. The gooey implies that you set up a password and a username, but it seems that whatever the username you use it really only works with the user root. And the username you supply isn’t contained within /etc/passwd on the device.
Oh! And requiring access to the cloud to generate the first admin (“owner”) account could well be problematic. Apart from the obvious problem of allowing the Cloud admin-level access to a firewall – something the more paranoid may regard as a killer misfeature, what happens if something goes wrong during the creation of a cloud-based account?
And having SNMP mentioned within the gooey but requiring command-line “bodges” (from here) to actually get it running is not acceptable. Strange that such a feature isn’t supported on a network device!
Feb 232022
The date of 1066 is often presented to us as the end of Anglo-Saxon rule and the start of (Anglo-)Norman rule. Well that’s not wrong as such, but there is another way of looking at it. If you look at the kings both before and after The Conquest, there were more similarities than you would expect.
Harold Godwinson (the last crowned Anglo-Saxon king of England) was the son of Godwin who had been made the Earl of Wessex by Cnut the Great (a Dane) and Gytha Thorkelsdóttir a Danish noblewoman related by marriage to Cnut the Great. So he was more than a little Danish.
And if you look at his predecessor – Edward the Confessor, he himself was the daughter of Emma of Normandy who herself was descended from Danes with a French accent (i.e. the Normans). And Emma was a relative of the conqueror William.
So whilst it is quite right that 1066 was regarded as a significant date for the country with some very significant changes to law and language, in terms of the monarchs it wasn’t much of a change at all – they were pretty much all related to each other.
