I started working on an ACPI driver this evening to make my ThinkPad X61 work better under OpenBSD. I just finished it and so far it matches on the IBM0068 ACPI HID device, checks it for the appropriate version, enables the Bluetooth device (which is required before the hardware toggle switch can power it on and let the ubt0 device show up), and sets up a callback to run whenever a special button (e.g., Fn+F[1-9], brightness, ThinkLight, etc.) is pressed. I'm pretty sure it will work on most other ThinkPads but I haven't tried it on my X40 yet.

I mapped out all of the events that get generated, which on my X61 Tablet include the screen rotating around, the lid opening and closing, and even the pen being ejected from its little slot. When the brightness buttons (Fn+Home and Fn+End) are pressed, it sends a CMOS command through ACPI to actually adjust the screen brightness accordingly, so now it's working just like my X40 did on its own. Being able to turn the brightness down when on battery is the main reason I wrote this.

Continue reading 401 words...

Friday afternoon I decided to install a package on one of my OpenBSD servers, but it was from a recent snapshot and the snapshot I was running on the server was too old to run it. No problem, I'll just upgrade the server. a usually quick task; just drop a new kernel into /, reboot, untar the new disk sets over /, run mergemaster and reboot again.

Remotely rebooting servers that are 350 miles away is always a nerve racking experience. You reboot it, your SSH connection drops, you start a ping waiting for it to reply as you visualize it booting up and thinking about how long each piece usually takes. Occasionally something takes longer than normal and you start to panic, but before you reach whoever you need to reach, it starts responding and suddenly a wave of relief comes over you and you resume your work.

Continue reading 1,638 words...

I had to install an OpenBSD firewall at a customer's office yesterday and wanted to check that all of their VoIP phones still worked afterwards. Since everyone had left the office by the time I got there, it was a bit tricky testing all of the phones at the same time by myself.

I thought about writing a little routing snippet on the Asterisk server so I could dial a number at each phone and it would just play music until I hung up, but I wanted to make calls out to a PSTN number to double the bandwidth going out of the PBX server and make sure the voice quality was ok.

Continue reading 329 words...

I bought a Sharp Zaurus and put OpenBSD on it with the intention of making a lap timer for my car. I tried to use this timer on my Treo in my R32, but it's so buggy and would crash the phone all the time, and trying to reboot a phone while racing around a track is not something I'd recommend.

There are of course some commercial timers but they are expensive and usually require a laptop running windows to be able to see the gps-acquired data. What's the fun in that?

Continue reading 885 words...

The other day I thought about whether it would be possible to legally change my name to all lowercase letters. I did some research and found out a few things.

In the United States, changing one's name can be as easy as simply using the new name consistently in practice. It doesn't necessarily need to be done in court, and using a different name is not illegal as long as it's not being used for fraudulent purposes, or inconsistently (which would then be considered an "alias"). The most common reason to have it done in court is to have a formal record of the name change showing the new name for proof to other government agencies, companies, and universities that may require proof of that new name.

Continue reading 530 words...

While doing some research for something, I came across a website still hosting a shareware windows application that I wrote a long time ago in Visual Basic. It was a stupid little utility that sat in the system tray by the clock and sent out data to a specified TCP/IP host at a specified interval to keep a dialup connection alive (I think I wrote it for someone to keep their ISDN line up).

Continue reading 236 words...

Carl woke me up early this morning by jumping around on my chest. I got ready and drove back down to Chicago for day two of RailsConf.

The first session of the day for me was Obie Fernandez's Thoughtworks on Rails which was a broad overview of the Rails projects that Thoughtworks has done for its customers after introducing it into their development environment. Nothing too technical, but useful to see the lifecycle for a Rails app from the point of meeting with the customer to creating "stories" as they put it, to coding individual pieces, to quality assurance testing, to final deployment. I couldn't help but think about how many people are involved in these "normal" development processes versus things at DLS where one developer has to take a request from another staff member and develop, code, test, and deploy an entire app himself.

Continue reading 562 words...

I woke up at the crack of dawn and drove to the Wyndham in Rosemont for RailsConf 2006. I registered and got some free crap, grabbed some food and found a seat in the ballroom. Dave Thomas gave a keynote presentation about the big three things that he thinks Rails needs to become better.

For my first session I opted for Introduction to Capistrano by Mike Clark, just because the other two didn't really look very interesting. Mike's presentation was pretty good and I picked up a few ideas for using cap that I hadn't thought of before (namely for basic system administration tasks not related to Rails).

Continue reading 612 words...

Some time in March, DLS was served with a subpoena for information about one of the IP addresses assigned to my co-located server, namely the one I have specifically setup for a Tor exit node. They of course complied, and I didn't think much of it. I've personally processed quite a few subpoenas in my time while in charge of the abuse department at DLS.

In early April, I was contacted by one of the lawyers for the case asking me about the subpoena. I told him I hadn't personally received one yet, but I explained what Tor was, how it worked, and that I didn't have any logs to give them for whatever they were asking for.

Continue reading 998 words...

We're coming out with a managed firewall product at work that is basically an OpenBSD machine running pf that supports VPNs and all the usual malarkey.

An issue we run into a lot with our hosted PBX service is that some customers have networks with firewalls that cause problems with TFTP, SIP, latency, etc. It makes diagnosing problems harder and often the customers think the problems are with our phone system when they're really with their firewall. So if they get our firewall, we know everything will work and we'll have the ability to change things if something doesn't work.

Continue reading 594 words...

My new 12" PowerBook arrived yesterday. I've been wanting to switch (back) to a PowerBook for a while to have working niceities such as Bluetooth, Firewire, iMovie, Automator, etc. The 15" PowerBook i had before was too big for me to carry around everywhere, so I figured a 12" would be somewhat comparable to my X40.

The first thing I did when it arrived was re-partition it to make a 6GB partition for OpenBSD and reinstall Mac OS on the large partition. I played around in Mac OS and got everything setup, but when I tried to install OpenBSD in its partition, the disklabel was occupying the entire drive space (even though the OpenBSD partition was only 6GB in fdisk) and it decided to format the entire drive. By the time I realized what it was doing it had already screwed everything up.

Continue reading 1,011 words...

While poking around in /tmp on one of our shared-customer web servers the other day, I noticed a /tmp/... directory owned by www. Seemed a bit odd, so I looked inside and found such gems as hide.c, psybnc, and bleh2.pid. As I was busy at the time, I killed the IRC bot that was being run and cleaned up the directory and moved on.

Today, however, I noticed the same set of files had been put back, with timestamps of yesterday. I looked into it some more and it appears to be a root-kit-of-sorts (that doesn't actually get root, and its only purpose is to run an IRC bot/bouncer).

Continue reading 612 words...

Finally committed my nvram driver. I have my tpb port ready but since i made the /dev/nvram device owned by group kmem and mode 440, tpb has to run setgid kmem which might not fly so well. I looked at the code and I don't see any easy way to drop privileges since it has to open /dev/nvram, read it, and close it every time it polls. I'll post it to ports@ and see what people have to say.

tpb makes no mention of how the permissions should be handled and Linux's NVRAM driver is 640, owned by root.root. Maybe tpb needs privsep. Ugh.

Since I've gotten my X40, I've been conversing with markus@ about OpenBSD support since he also owns one. I've since ported a driver for the TCPA/TPM security chip and one thing I always wanted to do was hook into the blue "Access IBM" button to run xautolock -locknow for one-touch locking. The tpb program can hook into this button on Linux, but all of the work is handled by an NVRAM driver in the Linux kernel. Apparently the X40's BIOS toggles various bits in the CMOS RAM (NVRAM) when certain buttons are pushed, like the volume buttons, ThinkLight, and of course, the blue "Access IBM" button.

Last night I started looking into making an NVRAM driver for OpenBSD, which turned out to be relatively easy, since the i386's clock code already has functions for reading and writing to the NVRAM. I put together a simple driver to provide user-land read-only access to the NVRAM through a /dev/nvram device:

Continue reading 322 words...

I got a new Cisco T1 router with enough flash memory to run an IOS version that supports IPv6. I reconfigured my network a tad and now the Cisco does the freenet tunnel and passes traffic for the rest of the machines.

Apparently the neteng group at DLS is supposed to start working on IPv6 soon. Hopefully I can get native IPv6 routed here and rt.fm can support it as well.