Absolutely nothing to do with ninjas or Atari.

Wed, 24 Feb 2010

Shmoocon 2010: Now With Photos AND VIDEO!

I put up Drew's and Jordan's photos up from Shmoocon 2010. They are up here.

posted at: 13:02 | tags: shmoocon | path: /entries/generic | permanent link to this entry

Tue, 09 Feb 2010

Shmoocon 2010 Aftermath

Shmoocon happened this past weekend. I'd give a full review/write-up of it but I've been insanely pressed for time lately. If you were there and we got a chance to meet for the first time or if you are someone I've known from before and I got to see you again I'd like to say thank you for making it a great conference for me. I'll be posting Jordan's and Drew's pictures to flickr when I have them as I forgot my camera (again). Expect a link to them here when I have them online.

posted at: 09:21 | tags: shmoocon | path: /entries/generic | permanent link to this entry

Wed, 13 Jan 2010

Airport Extreme Shenanigans

I recently got my hands on an Airport Extreme from Apple. It's a nice little device to replace my old linksys. I was using my Soekris board to do that but something which speaks AFP natively is nice to have, especially now that I have 2 Apple machines in the house. Have no fear, my Soekris box will still be my border device, and will run a couple of key services too.

While configuring the Airport to replace my Linksys I was unable to find a way to set the internal IP address of the device. I can tell it to use NAT or just bridge at layer 2. If it is in NAT mode I can't tell it what to use for an internal IP address, at all. It defaults to 10.0.1.1, 192.168.1.1 or 172.something.1.1. This totally screws up my network, and AFAICT there is no way to change it, at least after spending 10 minutes looking through their administration stuff and online.

Back when I learned networking basics your default gateway lived at the top of the network address space, and I've always configured my networks to be like that. I understand that it doesn't have to be that way, but it's just the way I've rolled for as long as I can remember. At some point it apparently became fashionable to put your default route at the bottom. Seems kind of silly to me but whatever, as long as I can change it I don't care what the default is.

I had a machine at 192.168.1.1/24 already, which obviously was conflicting with my Airport Extreme. So now I have to re-configure that machine (I have a handful of static machines because they serve various things out to the public and changing firewall rules to match DHCP changes is annoying). To make matters worse every machine on my network that was static was using 192.168.1.254 as a DNS server, so every time I SSH'ed into a machine to re-configure it I had to wait for reverse DNS to timeout.

If Apple made it so you can not change the IP address of the airport extreme I would not be surprised. Apple products are great if you fit into their very narrow use-case. But the minute you try to do even basic things that are normal EVERYWHERE else in the world you end up fighting with Apple stuff. I can point to multiple instances of where Apple products are total failures. This Airport Extreme business is just one example.

posted at: 21:23 | tags: apple, rant | path: /entries/rant | permanent link to this entry

Thu, 24 Dec 2009

CFT: Sudo Update

If you use Sudo on FreeBSD and want to test out an update for it please apply the patch from here and rebuild/reinstall the port. I'm especially interested in environments using ldap, kerberos and newer releases of FreeBSD (specifically 8.0). I'll take reports of success or failure for anything though. Since this is such a heavily used port I want to make sure I get it correct and cause as little headache for myself and others as possible.

posted at: 14:02 | tags: sudo, freebsd, ports | path: /entries/freebsd | permanent link to this entry

Mon, 16 Nov 2009

This Can't Be Right.

        if (eocd[i  ] == 0x50 && eocd[i+1] == 0x4b &&
            eocd[i+2] == 0x05 && eocd[i+1] == 0x06) {
            // if the sequence $50 $4b $05 $06 appears anywhere after
            // the real one, minzip will find the later (wrong) one,
            // which could be exploitable.  Fail verification if
            // this sequence occurs anywhere after the real one.

A friend who is poking around at Android code came across that and pointed it out to me. I took a look at the git repository and it's still there (git://android.git.kernel.org/platform/bootable/recovery). I don't know any reality where that will ever be true.

posted at: 15:42 | tags: android, typo | path: /entries/geek | permanent link to this entry

Fri, 18 Sep 2009

Adventures in Soekris Land - Part I

As I've mentioned before I was recently given a net4501 by Jordan. Now that I'm moved into my new house I'm in the process of getting FreeBSD up and running on it. Since Jordan said he was seeing performance issues with it I figured it couldn't hurt to update the BIOS on the device first before I boot FreeBSD on it. It's actually a pretty simple process. All you need is lrzsz (ports/comms/lrzsz) and a serial cable.

Connect your serial cable and power on the board. You'll see the inital POST and then you have 5 seconds to hit Ctrl-P to break out of the boot sequence and into the "Monitor" which is basically a firmware prompt. Once you've got there issue the "download" command. Once you do that you have 30 seconds to start a file transfer of the image you want to flash. Using cu(1) to connect to the board you can use the ~C sequence to fork a child process where file descriptor 0 is the remote tty input, file descriptor 1 is the remote tty output and file descriptor 2 is the local tty stderr. The command you want to run is lsz -X <img.bin>. This will send the image over the serial port to the board which is waiting for it (and stores it at a special location in memory). Once the download is finished you can flash the freshly downloaded image onto the board using the "flashupdate" command.

Soekris has a great manual and a wiki which are both great sources of information.

Now that my board has the newest BIOS I'll be working on getting a FreeBSD image running on it. I think I'll start off with a simple PXE booting environment and eventually move to using the compact flash card as a boot environment. You can expect more updates as my Adventures in Soekris Land continues but for now I need to go to bed - my lawn needs to be cut in the morning (oh, the joys of being a home owner =b).

posted at: 22:27 | tags: soekris | path: /entries/geek | permanent link to this entry

Wed, 09 Sep 2009

Way to respect TTL, VMware.

Here's something fun. Here's a DNS query that looks right:

wxs@ack wxs % dig @4.2.2.1 +nocmd +nocomments +noquestion +nostats syn.atarininja.org
syn.atarininja.org.     1771    IN      A       129.21.60.158
wxs@ack wxs % 

Here's the same query but from a NAT'ed VM (VMware Workstation) using the NAT device as a DNS server:

wxs@rst wxs % dig @192.168.2.2 +nocmd +nocomments +noquestion +nostats syn.atarininja.org
syn.atarininja.org. 5       IN      A       129.21.60.158
wxs@rst wxs % 

The TTL is always 5. It's not like it starts at 5 and counts down. It's always 5. The NAT device acts as a DNS proxy, forwarding requests to whatever DNS server the host machine uses. I checked these requests and the response coming back has the real TTL. Why does VMware feel the need to manipulate TTL values on DNS responses?

posted at: 12:33 | tags: DNS | path: /entries/geek | permanent link to this entry

Fri, 14 Aug 2009

Soekris net4501 Acquisition

Thanks Jordan!

I've been quiet because I bought a house. Things have been hectic, to say the least, with that and are only going to get more hectic as we prepare to move in and finally move in. I'm hoping that by the end of September I'll be settled in and can get back to doing more than just updating ports.

The picture above will be one of my first projects. It's a net4501 donated to me by Jordan. He said he was having network performance issues with it and I said I would take it off his hands to replace my dying Linksys. Along with that piece of hardware to work on I've had another donation (which is currently in Northern Virginia pending my arrival to pick it up and bring it home) which will make a fine addition to my house. I'll give details once I have them in picture form. It supposedly doesn't work with -CURRENT so my first task with that will be to figure out why and fix it.

Things will likely continue to be quiet around here until my life settles back to normal.

posted at: 20:35 | tags: FreeBSD | path: /entries/freebsd | permanent link to this entry

Fri, 17 Jul 2009

My, How They Grow...

I just made the commit to note that my mentee, Steven Kreuzer, is flying solo. He's been a pleasure to work with and I know will go forth and do great things. Keep up the good work Steven!

posted at: 09:30 | tags: freebsd | path: /entries/freebsd | permanent link to this entry

Sat, 20 Jun 2009

What is really meant by "STABLE" branches in FreeBSD.

A question I am routinely asked by people is what is the latest stable FreeBSD release. People are often tripped up by the fact that there are usually two releases listed on the front page of FreeBSD.org. The best way to answer that question is to explain how branches are done in FreeBSD. The question almost always comes from people who don't understand the details so I'll do my best to explain them here.

Perhaps it's best explained in picture form (somewhat simplified for explanation purposes):

---V-------------------------------V----------------------> CURRENT
    \-V------V----V-----------------\---> RELENG_6
       \------\----\--> RELENG_6_0   \
               \----\--> RELENG_6_1   \
                     \----> RELENG_6_2 \---V---V-------> RELENG_7
                                            \---\---> RELENG_7_0
                                                 \------> RELENG_7_1

Tag:       | Meaning:
.          | CURRENT
RELENG_6   | 6-STABLE (at the time of fetching)
RELENG_6_0 | 6.0-RELEASE-WITH-PATCHES-FOR-SECURITY-AND-MAJOR-ERRATA
RELENG_6_1 | 6.1-RELEASE-WITH-PATCHES-FOR-SECURITY-AND-MAJOR-ERRATA
RELENG_6_2 | 6.2-RELEASE-WITH-PATCHES-FOR-SECURITY-AND-MAJOR-ERRATA
RELENG_7   | 7-STABLE (at the time of fetching)
RELENG_7_0 | 7.0-RELEASE-WITH-PATCHES-FOR-SECURITY-AND-MAJOR-ERRATA
RELENG_7_1 | 7.1-RELEASE-WITH-PATCHES-FOR-SECURITY-AND-MAJOR-ERRATA

There is a lot going on here so we'll start with the terminology. In FreeBSD, "CURRENT" is the very tip of the tree, "STABLE" is a branch off of that tree, and "RELEASE" are branches off of the STABLE line. In FreeBSD there are multiple STABLE branches and each one has multiple RELEASE branches off of it. With that picture and terminology in mind it's best to next explain what gets committed into each branch.

All new commits go into head (CURRENT) first - there are very few exceptions to this. Simply leaving things in head would make for a pretty hectic process for consumers of the FreeBSD source code as people/companies often use FreeBSD as a base for a product. Only having CURRENT to develop a product with is never a good idea. After some settling time in head a commit can possibly be merged to a STABLE branch.

STABLE branches provide a point in the tree where the team has decided that data structures look good and are not going to change. I'll provide more details on what this means later. The most important factor in determining what can be merged from CURRENT (MFC, sometimes called merge from head (MFH)) to a STABLE branch is something called ABI stability. I'll explain what this means later but for now the commit is generally not allowed if it breaks the ABI. It's important to note that not all commits in head get merged to a STABLE branch. It really depends upon what it is and if it is deemed important enough to make it into the next release off that particular STABLE branch. Something that often trips up users of FreeBSD is that a STABLE branch is still a development branch. Due to the way commits are done in CURRENT first and merged into a STABLE branch later it's usually the case that a STABLE branch is more stable (in the "least likely to crash" sense) but it's important to note that it is still an active development effort.

RELEASE branches are branched off of a STABLE line and are the most tightly controlled of them all. These only get security and major errata updates. In the "least likely to crash" sense, a RELEASE branch is the right choice.

If all that makes sense then it's time to explain what ABI stability is and why it is so important to the FreeBSD development model. Imagine a situation where a company is building a something with FreeBSD. If they were using CURRENT they would be subject to any of the data structure changes going on. If any of these changes were to affect their code they would have to adjust their code. By picking STABLE branch they are not subject to any data structure changes (which is probably the biggest worry as other parts of the ABI are so rarely changed), nor any of the other things which could possibly break ABI. Beyond providing a slightly more tested area for users and consumers a STABLE branch allows for code to be built on FreeBSD that is guaranteed to work across the lifetime of the STABLE branch. This allows for resources to be better utilized. Compare that to other development efforts where not only is the ABI constantly broken but entire subsystems are ripped out and replaced between releases. Imagine having to keep track of what changed and what that means to your product. By picking a STABLE branch that worry is lessened (you should still pay attention to the commits to see if they provide new features or bug fixes that interest you) because you know the underlying binary interface you are using will not change.

So what does this mean to you? If you're an average user who just wants things to work I would recommend a RELEASE branch and upgrading between them when a new one is made. If you're a company building something using FreeBSD I would recommend following a STABLE branch. If you have the resources and are looking to the future I would also recommend that as a new STABLE branch nears you focus on moving your code to CURRENT for testing. This gives you the ability to maintain releases based upon code in a STABLE branch while making sure that you have an upgrade path to the next STABLE branch in the future, because the last thing you want to do is get stuck maintaining a EoL (End of Life) STABLE branch on your own (it's probably a waste of your resources). If you're an enthusiast, developer or just plain looking to get the most cutting edge features you can run CURRENT.

Hopefully this made sense to people not very familiar with how the development in FreeBSD works at a high level. If you're looking for more reading I would recommend at least this page in the handbook.

posted at: 15:18 | tags: freebsd | path: /entries/freebsd | permanent link to this entry

About:

Wesley Shields
. (

Links:

• Personal:
  • ~wxs
  • syn.csh
  • nethack.atarininja
• Friends:
  • Shane
  • Crim
  • TXS
  • Chris
  • t0n
  • Nuzz
  • Brock
  • Resig
  • Ryan
  • ramO
  • Goffin
  • Jordan
  • Jeremy
  • SThomas
• Humor:
  • Exploding Dog
  • XKCD
  • Spamusement
  • Qwantz

Pimping:

Page 1 of 22  [Next]

Contact me | Back to top
© 2008 wxs | (Modified) Design by Andreas Viklund