I upgraded to AT&T's U-verse Gigabit internet service in 2017 and it came with an Arris BGW-210 as the WiFi AP and router. The BGW-210 is not a terrible device, but I already had my own Airport Extreme APs wired throughout my house and an OpenBSD router configured with various things, so I had no use for this device. It's also a potentially-insecure device that I can't upgrade or fully disable remote control over.
Fully removing the BGW-210 is not possible as we'll see later, but it is possible to remove it from the routing path. This is how I did it with OpenBSD.
I use a Huawei Matebook X as my primary OpenBSD laptop and one aspect of its hardware support has always been lacking: audio never played out of the right-side speaker. The speaker did actually work, but only in Windows and only after the Realtek Dolby Atmos audio driver from Huawei was installed. Under OpenBSD and Linux, and even Windows with the default Intel sound driver, audio only ever played out of the left speaker.
Now, after some extensive reverse engineering and debugging with the help of VFIO on Linux, I finally have audio playing out of both speakers on OpenBSD.
For some reason I like small laptops and the constraints they place on me (as long as they're still usable). I used a Dell Mini 9 for a long time back in the netbook days and was recently using an 11" MacBook Air as my primary development machine for many years. Recently Microsoft announced a smaller, cheaper version of its Surface tablets called Surface Go which piqued my interest.
In the past couple weeks I contributed to a bunch of different open source projects in different ways and I thought I'd write about some of them.
I switched from Dropbox to Syncthing a while ago and so far it's been pretty great. I run it on my macOS server in the basement which mirrors everything on its large disks, and also on my various laptops where I selectively sync certain directories that I need.
I've been using an OpenBSD laptop as my workstation a lot more lately, probably because most of my hardware just works now and I don't have to think too much about it. The touchpad works when I touch it, I can be confident that when I close the lid, the laptop will fully suspend and then fully resume again when I open it, WiFi works all throughout my house (although it's not terribly fast), and my web browser is fast and stable. What amazing times we live in.
In the past, one thing that frequently kept me going back to my Mac, aside from iOS and Android development, was 1Password. I have a ton of logins for websites and servers, and because my browsers are all configured to clear cookies for most websites after I close their tabs, I need frequent access to passwords synced across my laptops and phones, and 1Password has great apps for all of those except OpenBSD.
ThinkPads have sort of a cult following among OpenBSD developers and users because the hardware is basic and well supported, and the keyboards are great to type on. While no stranger to ThinkPads myself, most of my OpenBSD laptops in recent years have been from various vendors with brand new hardware components that OpenBSD does not yet support. As satisfying as it is to write new kernel drivers or extend existing ones to make that hardware work, it usually leaves me with a laptop that doesn't work very well for a period of months.
After exhausting efforts trying to debug the I2C touchpad interrupts on the Huawei MateBook X (and other 100-Series Intel chipset laptops), I decided to take a break and use something with better OpenBSD support out of the box: the fifth generation Lenovo ThinkPad X1 Carbon.
The Huawei MateBook X is a high-quality 13" ultra-thin laptop with a fanless Core i5 processor. It is obviously biting the design of the Apple 12" MacBook, but it does have some notable improvements such as a slightly larger screen, a more usable keyboard with adequate key travel, and 2 USB-C ports.
It also uses more standard PC components than the MacBook, such as a PS/2-connected keyboard, Intel WiFi card, etc., so its OpenBSD compatibility is quite good.
The Xiaomi Mi Air 12.5" is a basic fanless 12.5" Ultrabook with good build quality and decent hardware specs, especially for the money; while it can usually be had for about $600, I purchased mine for $489 shipped to the US during a sale.
Note that the current models being sold have a 7th generation (Kaby Lake) processor, so OpenBSD compatibility will be different.
I recently had access to a Surface Pro 4 and tried to boot OpenBSD on it. It did not go well, so I am just putting this here for posterity.
The 2016 Surface Pro 4 is basically just a keyboard-less x86 (Core i5 on the model I had) tablet with some tightly integrated (read: not upgradeable) components. Its optional Surface Type Cover is just a USB-attached keyboard and trackpad, which magnetically secure to the bottom of the device.
The Chromebook Pixel LS (2015) has an Intel Core i7 processor (Broadwell) at 2.4Ghz, 16Gb of RAM, a 2560x1700 400-nit IPS screen (239ppi), and Intel 802.11ac wireless. It has a Kingston 64Gib flash chip, of which about 54Gib can be used by OpenBSD when dual-booting with a 1Gb Chrome OS partition.
I recently activated a new dedicated server that came preinstalled with Linux, as the hosting provider didn't support OpenBSD. Since they also didn't provide an IP-based KVM without purchasing a dedicated hardware module (though most of the IP-KVMs I've used recently require interfacing with some terrible Java-based monstrosity anyway), I needed a way to remotely install OpenBSD over the running Linux server.
I've previously used YAIFO to do remote OpenBSD installations, which basically adds an SSH daemon to the OpenBSD installer image and brings up a network interface that is manually configured before compiling the image. The image is then
dd'd directly to the hard drive while running whatever OS is on the system, the system is rebooted, and if all went according to plan, the machine will boot into OpenBSD and present you with SSH access so you can run the installer.
I spent a week in Toronto, Canada attending the OpenBSD t2k13 hackathon hosted at the University of Toronto. While these events are put on every year in random places, I have not attended one since c2k7 in Calgary back in 2007. I tried to go to the Portugal hackathon last year but my travel plans got all screwed up.
I wrote about the technical details of what I accomplished at this event at the OpenBSD Journal so I won't duplicate it here, but it was a fairly productive week for me. I remember at c2k7 I didn't really have much to work on and felt out of place but this time I had more things to do than I had time.
I'm a big fan of my Fitbit pedometer because it does most of its work without any interaction. I clip it onto my pocket and it counts my steps and flights of stairs as I walk throughout the day, then automatically, wirelessly uploads the data to Fitbit's website whenever I'm within range of its USB dongle plugged into one of my computers. The whole thing works without having to think about it or plug anything in. The battery lasts for about a week, and when it finally runs low, my low battery notifier sends a message to my phone through Pushover telling me to put it on its charger for a few hours.
To add to my step data, I got a Withings scale last year which logs my weight and BMI on Withings' website automatically every time I step on the scale. Fitbit's website syncs this data from Withings, so now I'm able to track my steps, flights of stairs, weight, and BMI, all automatically, all on Fitbit's website. I use this data mainly as a motivation to walk more and not get fat, just as my Wii Fit motivated me to exercise every day by tracking all of the data. When I know my Fitbit is counting my steps, I'll avoid hopping on the bus or train to get home and just walk. A few times I've left the house and upon noticing my Fitbit wasn't there, walked all the way back and got it just so the steps I was going to take that day would "count".
Last night I tried to visit one of the websites that I host on one of my dedicated servers, and to my surprise, I saw this instead of the usual content:
At about 9am yesterday morning, I noticed on the monitor that the CPU utilization of one of my servers was abnormally high, in addition to a sustained 1mbit/sec of inbound traffic and 2mbits/sec of outbound traffic. syslog messages from Asterisk showed it to be a SIP brute force attack, so I dropped the offending IP (an Amazon EC2 instance IP) into
/etc/idiots to block it and went back to my work.
A while later, I noticed the traffic still hadn't died down, so I reported the incident to Amazon and my server's network provider. No luck on either front; Amazon just sent back a form reply stating the incident was forwarded to the EC2 instance's owner (yeah, seriously) and the network provider said they wouldn't bother adding an ACL to their border equipment unless it was needed to protect their entire network. With the IP blocked on my server, the CPU utilization had died down and it was no longer sending out reply traffic, but I was worried about the inbound garbage traffic counting towards the server's monthly bandwidth cap.