We're coming out with a managed firewall product at work that is basically an
OpenBSD machine running pf that supports VPNs and all the usual malarkey.
An issue we run into a lot with our
hosted PBX
service is that some customers have networks with firewalls that cause problems
with TFTP, SIP, latency, etc.
It makes diagnosing problems harder and often the customers think the problems
are with our phone system when they're really with their firewall.
So if they get our firewall, we know everything will work and we'll have the
ability to change things if something doesn't work.
Continue reading 594 words...
My new 12" PowerBook arrived yesterday.
I've been wanting to switch (back) to a PowerBook for a while to have working
niceities such as Bluetooth, Firewire, iMovie, Automator, etc.
The 15" PowerBook i had before was too big for me to carry around everywhere, so
I figured a 12" would be somewhat comparable to my X40.
The first thing I did when it arrived was re-partition it to make a 6GB
partition for OpenBSD and reinstall Mac OS on the large partition.
I played around in Mac OS and got everything setup, but when I tried to install
OpenBSD in its partition, the disklabel was occupying the entire drive space
(even though the OpenBSD partition was only 6GB in fdisk) and it decided to
format the entire drive.
By the time I realized what it was doing it had already screwed everything up.
Continue reading 1,011 words...
While poking around in /tmp on one of our shared-customer web servers the
other day, I noticed a /tmp/... directory owned by www.
Seemed a bit odd, so I looked inside and found such gems as hide.c,
psybnc, and bleh2.pid.
As I was busy at the time, I killed the IRC bot that was being run and cleaned
up the directory and moved on.
Today, however, I noticed the same set of files had been put back, with
timestamps of yesterday.
I looked into it some more and it appears to be a root-kit-of-sorts (that
doesn't actually get root, and its only purpose is to run an IRC bot/bouncer).
Continue reading 612 words...
Finally
committed
my nvram driver.
I have my
tpb
port ready but since i made the /dev/nvram device owned by group kmem and
mode 440, tpb has to run setgid kmem which might not fly so well.
I looked at the code and I don't see any easy way to drop privileges since it
has to open /dev/nvram, read it, and close it every time it polls.
I'll post it to ports@ and see what people have to say.
tpb makes no mention of how the permissions should be handled and Linux's NVRAM
driver is 640, owned by root.root.
Maybe tpb needs privsep.
Ugh.
Since I've gotten my X40, I've been conversing with
markus@
about OpenBSD support since he also owns one.
I've since
ported
a driver for the TCPA/TPM security chip and one thing I always wanted to do was
hook into the blue "Access IBM" button to run
xautolock -locknow for one-touch locking.
The
tpb
program can hook into this button on Linux, but all of the work is handled by an
NVRAM driver in the Linux kernel.
Apparently the X40's BIOS toggles various bits in the CMOS RAM (NVRAM)
when certain buttons are pushed, like the volume buttons, ThinkLight, and of
course, the blue "Access IBM" button.
Last night I started looking into making an NVRAM driver for OpenBSD, which
turned out to be relatively easy, since the i386's clock code already has
functions for reading and writing to the NVRAM.
I put together a simple driver to provide user-land read-only access to the
NVRAM through a /dev/nvram device:
Continue reading 322 words...
I got a new Cisco T1 router with enough flash memory to run an IOS version that
supports IPv6.
I reconfigured my network a tad and now the Cisco does the
freenet
tunnel and passes traffic for the rest of the machines.
Apparently the neteng group at DLS is supposed to start working on IPv6 soon.
Hopefully I can get native IPv6 routed here and rt.fm can support it as well.
This morning, I woke up early and stumbled over to the computer.
My VT510 was blank, which is never good.
It either means I lost power or rt.fm is down.
I hit a key and see this scrolled over and over:
Which all stop at around 5:30.
sd1 is the new /mirror drive which I just upgraded to a month or so ago.
After a shower I went to DLS with the old /mirror drive to bring the server
back up, but my keycard wouldn't open any of the doors at the NOC.
Maybe i'm being fired…
Continue reading 342 words...
I gave up on making the kernel emulate right-clicking from the keyboard since
X11 already has all of this built in.
Someone on the ppc@ list hinted at binding PointerButton2 and
Pointer_Button3 with xmodmap.
This is basically what I'm using now, to have middle and right mouse buttons
through the Apple/flower key and the square 'Enter' key, respectively:
Continue reading 89 words...
Someone on the ppc@ list posted about a
CVS tree
containing drivers for a lot of macppc hardware that hasn't been committed to
NetBSD yet.
I took his snapper and i2s drivers and whacked them into shape to link into
OpenBSD.
The snapper0 and audio0 drivers attach, but the kernel panics in the DMA
code when trying to play audio.
My
iMic
finally arrived, so I kind of stopped working on making the internal snapper
work.
With functioning sound, I've been able to boot into OpenBSD at work.
konq-e sucks, though, but Mozilla doesn't work so I'm stuck with it for now.
So now that X works on my PowerBook, I've been running OpenBSD when I get home
from work to continue making other things work so I can eventually run OpenBSD
all the time.
The awacs audio driver seems to be for older chipsets and doesn't support the
new "snapper" chip on my machine, so I'll need to port something from Linux or
use an external USB audio system.
Neither sound appealing.
While playing around in OpenBSD, I've found the keyboard to be very annoying.
At random times a key will appear to be stuck and continue repeating until some
other keys are mashed to get it to stop.
I was rdesktop'd into a Windows machine when this happened with the Enter key,
so after clicking on the Start Menu, it immediately selected "Shut down" and
then hit Enter on the confirmation screen.
Luckily the drop down was on "Reboot" and not "Shut down"
Continue reading 438 words...
I finally got X working on my PowerBook!
After reviewing
Linux kernel
and
XFree86
code for weeks, hacking the hell out of radeon_base.c adding random debugging
everywhere, searching mailing lists for clues, and lots of guessing, I finally
did the make && startx that resulted in a clean display coming up.
Continue reading 164 words...
Someone e-mailed me asking for a review of my 15" PowerBook, so here she be.
I tried to write it like a magazine columnist, using many "colorful words" and
over-analyzing everything.
Continue reading 1,234 words...