lectroid.net

So a friend gave me a Soekris 4801 (in exchange for an Alpha DS10l) and I decided to use it as a PF based firewall. The very first hurdle, obviously, was installing and running OpenBSD off the CF card.

Now this isn’t a new idea by any means but it turns out that pretty much all the web info on doing something like this is old, and assumes tiny CF sizes (32 - 128 megs). Since this is 2007 and 512 meg CF cards are butt-cheap, there is no need to strip an OpenBSD install to fit. A simple baseXX.tgz and a kernel fit well within 512 megs and that’s for the most part all that’s needed for a full system (c’mon, you don’t need man pages, do you?).

Now the thing about CF cards and flash memory in general is that they support only a limited number of erase/write cycles, which means that eventually you’re gonna write and/or erase your CF card out of existence. Also, the Soekris box doesn’t have a “power off” mode or switch. Its for these reason I wanted to run this whole operation read-only so I don’t have to worry about killing the CF early or a hard power-cycle of the box.

Continue reading ‘Yet Another OpenBSD on a Soekris post’ »

So in my family when you start methodically cleaning and/or organizing, something is wrong somewhere. It’s called, “controlling your environment.” A snapshot of what I have going on:

• Redoing the home network. I’m pulling a lot of my unused development machines and generally simplifying (relatively speaking).
• Gonna redo the garage. I made some mistakes in the way I set up shelving and my workbench in the garage, getting time to fix those.
• Wanna upgrade my Mac Mini G4 to better handle photo work. Kinda pointless (like squeezing water from a rock) but it would help some. Real upgrade sometime next year.
• Looking to ebay a lot of my old Nikon gear to get new Nikon gear.
• Oh and probably something else I may have missed…

And this is all secondary to Family and and Work of course.

So my first foray into the hunt for a good webhost ended poorly. I checked out someone I’ll call ChortallingCephalopod. The exchange went something like this:

Me: …do you offer support for Jabber servers?
Them: We do not allow third party software to be installed on our servers. Here is our FAQ entry on this: [link]
Me: Yeah, I got that. I was wondering if you hosted a Jabber server of your own that I could migrate my users to.
Them: All of the servers that we host domains on run on Linux. Here’s our server information: [link]

This was a web helpdesk exchange, but you can just imagine the *click* and the dialtone noise at this point.

So for a long time now (over 5 years at least), I’ve been running a home server for both internal “geekwerks” (netbooting a Vax anyone?) and the external presence (web, email etc.) of lectroid.net. I’m proud to say that in that time I’ve never had an unscheduled outage of any kind.

While running your own server can be a lot of fun, it can also be a pain in the ass. It’s fun to get a wild hair and setup ALTQ queues when the mood strikes, but it’s less fun to update the os when a new release renders your current version unsupported or you login to your blog software to find you’re a week past a security update (what?!? me?!?).

Plus, I’m walking a tightrope. My “server” hardware, Via C3 based with a Fic FR33E mainboard, while more than adequate for my needs is damn old and I run the same backup strategy as everyone else, that is: I don’t have any. I know that one screwup on my part kills my website, my internet connectivity, my email (more importantly my wife’s email) and kills my internal network as well.

So I’m looking at doing two things: 1) outsourcing my internet stuff to a hosting outfit and 2) simplifying my internal network structure. I have an Apple Airport Extreme that can do the main part of the internal network management that my home server now does (i.e.: NAT and DHCP) and as a bonus, with the internet stuff gone I can reconfigure my current server to provide 90% of what’s left (”geekwerks”) but without being potentially destructive to my network in the event I hose it.

The first step, which is already proving a challenge, is to find a decent hosting service that can handle web hosting (with at least support for WordPress), email (with IMAP support) and ideally Jabber hosting as well.

Stay tuned.

While Familiar Linux on an iPAQ is still damn cool. There’re some issues with my iPAQ:

• Sound doesn’t work. Yeah I read the release notes, yeah all the right modules are loaded, just no sound.
• None of the USB stuff works. Selecting the “Storage” or “Serial Port” options nets you first missing kernel modules and then when you’ve fixed those, you get unresolved symbol usb_gadget_unregister_driver errors. I assume there’s yet another missing kernel module that wasn’t in modules.conf.
• Bluetooth management is, um… lacking. Configuring a GPRS modem was a two day hunt through Google and it felt like Linux circa 1999. pppd is an abomination and while the rfcomm bluetooth stuff wasn’t so bad, there doesn’t seem to be any “right” way to save pins, so you have to rebind after reboots. There needs to be some real work in this area.
• Syncing to non-Linux systems is pretty much pointless.

Yes, I’ll be “escalating” these to the mailing lists after Turkey-day.

Ok, so I’ve collected a few tweaks I made to my iPAQ:

• Make the SD card mount at boot. For unknown reason, the SD card support is funky on the H39xx machines. The Familiar Release Notes covers how to do this (way down in the 0.8.0 section).
• Take advantage of the extra Flash ROM in the H39xx machines. There’s an extra 16 megs of space in these (48 megs total) that isn’t used by default. Check out this howto. I mounted it under /usr/local.
• It looks like they trimmed down the packages on 0.8.4, but in doing so a lot of stuff is missing… like nmap, gpsd and what looks to be a gaggle of others. I added the 0.8.2 base feed to my feed list and this seems to work well.

More to come, I’m sure.

Last week my boss at work finally handed down his beloved Compaq iPAQ H3975 to me. It took me all of about 3 days to realize that “Windows CE for the Pocket PC 2002″ is the Windows 95 of the Windows Mobile family and that anything worth running wasn’t supported under it.

So, I did what any self respecting geek would do, I installed Familiar Linux 0.8.4.

My initial reactions were unabridged giddiness. Familiar Linux (along with GPE) is pretty much a full-on Gnome-based Linux workstation… only really small. I was in heaven, I had better hardware support (try finding decent Prism2 drives for WinCE PPC 2k2) and more “normal” applications like ssh and a web browser that doesn’t suck.

Slowly the cracks are beginning to appear. The H39xx series isn’t supported very well by the 2.6 kernel so the 2.4 kernel is retained for these. There are occasions where a reset is needed w/o warning and other such bumps.

Still, to be able to run Kismet from the palm of my hand, now that’s something!

So after much trial and error I finally have queueing set up on my home network!

Most people on asynchronous DSL connections like mine use queues to prioritize TCP ACK packets. As I’d said before my DSL seems unaffected by that particular issue which is interesting in and of itself because it seems to indicate that 1) my DSL is a fatter pipe than they advertise and 2) the bandwidth limiting is happening farther upstream and TCP ACK packets are being prioritized there.

Well that’s all well and good, but I recently discovered that during a large upload (*cough*bittorrent*cough*) my SSH sessions became laggy and generally a pain to use… and we can’t have any of that.

Continue reading ‘Priority queues’ »

So I’ve been reading up on Tor, software that allows for anonymous communication over the all-too-public Internet.

Simply put, Tor works by first encrypting your traffic and then routing it thru various and random Tor servers to mask the source… and even the destination if desired.

Why? Well, in a word: freedom. Freedom to speak out against oppression without fear of reprisal as it masks a user’s true source, freedom to read what governments or organizations don’t want you to read as it can circumvent many proxies….

Of course it also means freedom to transfer kiddie porn and communicate with terrorists….

Freedom, is seems, isn’t free.

I would like to run a Tor server, to contribute a little bit to the overall concept of Freedom, which you may recall was once a hallmark of this country. Before I do, I know I’ll need to reconcile the idea that the freedom I help to provide can also be used by folks that I don’t particularly agree with, freedom is funny that way.

As I sat Friday completely useless while our MS Exchange based email system went through its fifth day of fits and starts, a thought occurred to me….

Once upon a time when there was a system outage I could usually found in the mix, trying to make things right. Called in desperation, I — normally “just a programmer” — could lend my Open Source experience to address obscure issues that our sysadmin staff, for whatever reason, was unable to overcome.

Invariably, these rescues initiated some comment like, “we need to get rid of ’system X’ because we can’t support it,” from someone. Invariably ’system X’ was a Unix thing or Open Source thing left over from a former employee’s tenure.

So, here we are.