Thursday, December 28, 2006

Binpatches for 4.0

OpenBSDI've finally gotten around to posting binpatches for OpenBSD 4.0. Since I no longer run anything other than OpenBSD 4.0, those are the only binpatches I maintain.

A few notes:

  • I no longer maintain any patches for RAIDFRAME kernels.

  • I bundle both bsd and together for kernel patches.

  • I included an unpatched sendmail binpatch with SASL support added.

  • I created a binpatch for OpenBSD's spamd(8) with Bob Beck's patch to handle mail from Verizon better.

Saturday, December 9, 2006

New Firewall

OpenBSDI've just installed a new firewall... A Soekris using Chris's Flashdist installation. It's running a very limited version of OpenBSD 4.0 which reduces, drastically, the amount of writes to the CompactFlash card.

If you have any problems sending me mail or (like you'd see this) accessing my website, leave a comment.

Wednesday, November 29, 2006

Binpatch Updates Coming Soon

OpenBSDI know, I know, I know... I've fallen behind with posting binpatch updates.

Previously, I had been maintaining several binpatch build environments to support multiple kernels (GENERIC, GENERIC.MP, GENERIC with RAIDFrame support, GENERIC.MP with RAIDFrame support, GENERIC.MP with pcibios disabled and GENERIC.MP with RAIDFrame support with pcibios disabled) and sendmail with SASL support.

This was becoming too much to handle. Plus, I wanted to add some features. Here's a (probably incomplete) list of enhancements coming soon (some changes were already in my binpatch files):

Yaifo Update

OpenBSDAs I've stated in previous posts, I use YAIFO (Yet Another Installer for OpenBSD) to do remote upgrades of my OpenBSD boxes. By remote, sometimes I mean the server sitting in the other room. :)

It seems that development of YAIFO has stopped (and the site is inaccessible). I had previously made a few patches to improve usability (for me) and to make it work with 3.9 and 4.0. But, it started getting complicated with too many patches. So I combined all of the patches into single OpenBSD-version specific files (meaning one for 3.9 and one for 4.0).

If you've found this page via Google and are just looking for the unmodified YAIFO code, you're welcome to download it from my server.

However, I've made several useful modifications and some necessary fixes to make YAIFO work with versions of OpenBSD after 3.8 (that are available as patch files):

Wednesday, November 22, 2006

Mergemaster Tutorial

OpenBSDWith the recent release of OpenBSD 4.0, it's that time to upgrade your machines again! I used to just do clean installs, re-install all packages and manually upgrade /etc and /var. Since the pkg_* tools have improved so much in recent versions and I learned of mergemaster, I now do upgrades (more often).

I've posted in the past about how I used mergemaster ([1], [2], [3]), but only briefly. I decided it was time for a post specifically about mergemaster and how to use it.

Friday, November 3, 2006

YaifO in 4.0

OpenBSDIt seems that the old YaifO site is down. You can download the latest (as of the last time I checked) from from my site.

Additionally, I've applied some patches to it that fix some of the problems I had with it (including not working under 3.8 and 4.0). Other fixes include the ability to compile the yaifo kernel ramdisk with your ssh_host_keys so you don't have to muck with your ~/.ssh/known_hosts when upgrading. And my favorite patch: use ${SUDO} where ever needed (if defined) so you don't have to run "make" as root.

See my other posts explaining YaifO and how I've used it.

Saturday, September 30, 2006

NYCBSDCon 2006

NYCBSDConThe New York City *BSD User Group is hosting the 2006 NYCBSDCon at Columbia University this year. And I'm going. This'll be my first BSD conference.

I'm looking forward to this year's speakers, many of them I see on the misc@ list:
  • Bob Beck
  • Jason Dixon
  • Todd Miller
  • Marco Peereboom
  • Jason Wright

Hope to see you there.

Sunday, September 10, 2006

The Book of Fate Party

Brad MeltzerOn Thursday, September 7, Warner Books/Hachette Books held a book signing party at the Headquarters of the Scottish Rite of Freemasonry in DC. This was an invitation only party during which Brad announced that if you're not part of his family or the publishing company, you're a friend -- you've been "part of the family" since the first book (Tenth Justice). And Holly and I have been.

I've read every single one of Brad's books and one of his comic books (Identity Crisis). He's an excellent writer and his books are real "page turners". I don't ever remember any slow spots but there are always points in each of his books where it's like that big, final hill on a rollercoaster: from that point, the pace picks up and you can't put it down.

After buying his new book, The Book of Fate (which I haven't started yet), Holly and I got in line to have him sign the book.

OpenBSD 3.9 Errata 011

OpenBSDThe OpenBSD team has released another patch for OpenBSD 3.9:

Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for an attacker to construct an invalid signature which OpenSSL would accept as a valid PKCS#1 v1.5 signature. CVE-2006-4339

As always, I've created a binpatch.

Friday, September 8, 2006

OpenBSD 3.9 Errata 010

OpenBSDThe OpenBSD team has released another patch for OpenBSD 3.9:

Two Denial of Service issues have been found with BIND. An attacker who can perform recursive lookups on a DNS server and is able to send a sufficiently large number of recursive queries, or is able to get the DNS server to return more than one SIG(covered) RRsets can stop the functionality of the DNS service. An attacker querying an authoritative DNS server serving a RFC 2535 DNSSEC zone may be able to crash the DNS server. CVE-2006-4095, CVE-2006-4096

As always, I've created a binpatch.

Sunday, September 3, 2006


I remember watching a special on ESPN several years ago (or so) about Vince Papale - the native Philadelphian bar tender that tried out for the Eagles and made the team. I remember at the time thinking that it was a very inspirational story and pretty amazing that some "Joe" who didn't even play football in college would make an NFL team.

Earlier this year, I was in a movie theater and saw a trailer for Invincible, Disney's portrayal of Vince's story. Mark Wahlberg plays Vince and Greg Kinnear plays coach Dick Vermeil. This movie was fantastic!

OpenBSD Errata 009

OpenBSDThe OpenBSD team has released another kernel update for OpenBSD 3.9:

Due to the failure to correctly validate LCP configuration option lengths, it is possible for an attacker to send LCP packets via an sppp(4) connection causing the kernel to panic. CVE-2006-4304

As always, I've created a binpatch for the GENERIC kernel as well as GENERIC.MP, GENERIC + RAID and GENERIC.MP + RAID.

Thursday, August 31, 2006

OpenBSD Errata 005, 006, 007, 008

OpenBSDThe OpenBSD team has released 4 updates for OpenBSD 3.9:
  • 005: potential denial of service problem has been found in sendmail
  • 006: off-by-one error in dhcpd(8) -- it is possible to cause dhcpd(8) to exit (CVE-2006-3122)
  • 007: possible to cause kernel panic when more than the default number of sempahores have been allocated
  • 008: problem in isakmpd(8) caused IPsec to run partly without replay protection

I've uploaded more binpatches. Additionally, I created an OpenBSD Binpatches page to list all of the binpatches I'm maintaining instead of putting them in individual posts.

Saturday, August 26, 2006

Pirates 2

Pirates of the Carribean: Dead Man's ChestI actually saw this movie a few weeks ago and never posted about it. I did like the first Pirates of the Carribean and was looking forward to Pirates of the Carribean: Dead Man's Chest.

I had heard a lot of hype about the movie and many criticisms about the decision to open Superman Returns the weekend before PotC2. If it was better than Superman, then I had to see it. I saw Superman twice. And loved it both times.

Little Miss Sunshine

Little Miss SunshinePrior to seeing Little Miss Sunshine tonight, I had only spoken to three people who had seen it. All three said it was a "must see" and that it was really good. Normally I take these things with a grain of salt but two of these people are among those whose opinions I think I trust (at least in terms of spending $9 on a movie). The third was our waitress for dinner right before going to the theater.

All I have to say is: they weren't joking.

Friday, August 18, 2006

Ubuntu Revisited

Ubuntu LinuxI was able to get my hands on a currently unused Dell Latitude D505 laptop at work. I installed Ubuntu 6.06 on it. I continue to be impressed.

Most everything just works. You press the power key and you're prompted with a menu with options to Restart, Lock the screen, Switch Users, Logoff, Power Down, Hibernate or Suspend. You close the lid, plugged in, and the screen blanks & locks. You close the lid on battery and it automatically suspends. You want to modify the volume: Fn+PageUp/Down (just like Windows). You go on battery & a new icon appears with the amount of estimated battery time left. You move your finger up and down across the right side of the trackpad and windows scroll. I did have to work hard to make the wireless card work. It also took some effort to watch DVD movies & Youtube videos. Keep reading for more on that.

If I didn't already have a Mac, I'd take back my Inspiron 8600 from my wife and install Ubuntu on it.

Sunday, August 13, 2006

Ubuntu Desktop

Ubuntu LinuxTo try to broaden my Linux horizons, I wanted to try out a different distribution. Most of my Linux experience has been with one Redhat release or another (Redhat <= 9, Fedora Core 1-5, RHEL 3/4) and, to a lesser extent, Mandrake. I have installed Suse only to blow it away (had no use for it). I hadn't looked into Debian, Gentoo or Ubuntu. Until now.

A co-worker told me that he replaced his Fedora install on his laptop with Ubuntu and was really happy with it. So, I fired up a Parallels session on my Mac Mini and decided to install Ubuntu Desktop 6.06 LTS (Dapper Drake).

I must say, it was a very pleasant experience...

Thursday, August 3, 2006

The Dark Knight Strikes Again

The Dark Knight Strikes AgainAfter reading The Dark Knight Returns, I had to get my hands on the sequel: The Dark Knight Strikes Again.

Set three years after The Dark Knight Returns, the government is working to stifle peoples' freedoms. The president is a puppet of Lex Luthor and Brainiac. Superman seems to be a puppet too.

Batman, Catgirl (Carrie Kelly) and their small army of "batmen" and superheroes (Green Arrow, Atom, Flash, Plastic Man, Elongated Man) fight, again, to right the world. In their way is Superman, who is being blackmailed with the miniature city of Kandor.

Sunday, July 30, 2006

004_httpd binpatch 3.9

OpenBSDThe OpenBSD team has released a patch for OpenBSD 3.9 which fixes "a potentially exploitable off-by-one buffer overflow" in httpd's mod_rewrite (CVE-2006-3747).

I've created a binpatch for i386 again using Gerardo SantanaĆ¢€™s Binpatch System.

Sunday, July 23, 2006

The Death and Life of Superman

The Death and Life of SupermanI had read The Death and Life of Superman before. But after seeing the Justice League Unlimited episode "Hereafter" where the world (and the Justice League) has to move on after Superman's funeral, I wanted to read it again.

The novelized version of the comic book has three sections, mirroring the comic books: Doomsday, Funeral For a Friend and Reign of the Supermen.

After a brief telling (mostly through memories) of Superman's history, we learn that Clark has proposed to Lois (she said yes) and he told her his secret. While giving a rare interview, Superman learns that the Justice League is fighting (and losing to) a huge villian: Doomsday. He abruptly leaves the interview to join the battle.

Marvel 1602

Marvel 1602Marvel's 1602 is an 8 issue series that puts Marvel villians and heroes in the year 1602.

I have to admit, I'm not very familiar with Marvel's heroes. I know Spiderman from the movies and the cartoons. I only know X-men from the movies. And I had heard of Nick Fury (and Michael Knight... er... David Hasselhoff's TV movie), but knew nothing about him. When I first started reading, I was bored and couldn't get into the story because I didn't associate with the characters I had seen so far: Fury and Dr. Strange.

Since I had borrowed the books, I didn't want to hold onto them too long and I at least wanted to read through it. So, I gave it a second shot. Almost immediately after getting past my previous attempt, I was hooked (dang, had I read one more page). I was hooked.

Thursday, July 6, 2006

The Second Coming of PJ in Rolling Stone

The Second Coming of Pearl JamIn the new issue of Rolling Stone, Brian Hiatt spends 5 days with Pearl Jam during their US Tour. The interview, mostly with Eddie Vedder, gives a lot of (at least to me) persiously unknown information about my favorite band.

Eddie and the band talk about how they dealt with stardom in the early 90's, deaths of those around them and the origins of the name Pearl Jam...

X-Men 3

X-Men: The Last StandWe went to see X-Men: The Last Stand over the weekend. Neither one of us had heard too many good things about the movie and weren't all that excited about going. Well, we were definitely more excited for Superman Returns. (Image from Wikipedia)

I have to admit, we were both pleasantly surprised. Both of us liked the previous X-Men movies with the second one being the better of the two. Normally we only make it out to the theaters only once or twice in a year. Not twice in seven days. We hadn't even planned on seeing a movie but we were out to dinner near a theater, wanted to see X3 on the big screen if we could and didn't have other plans, so we went to see it.

Some (probably obvious) spoilers below...

Saturday, July 1, 2006

Not Paid Per Post

I just saw a Digg post about a Cnet story which references a TechCrunch article which references a Business Week article about According to the Business Week article,
Advertisers pay to post details about their "opportunity," specifying, among other things, how they want bloggers to write about, say, a new shoe, if they want photos to be included, and whether they'll pay only for positive mentions. Bloggers who abide by the rules get paid; heavily trafficked blogs may command premium rates.

I just want to be clear, I do NOT do anything like this. I post about Pearl Jam, Superman Returns, books I read and OpenBSD because they're things that interest me. I am, in no way, compensated for anything posted here. I do get a very small percentage from the icons at the bottom of my page and the occasional Amazon link, but I imagine that the only payback I get from those are my own click throughs.

Superman Returns was an example given in one of the articles. Since I posted about Superman Returns, I wanted to make it clear I do not participate in such practices. That is all.

Tuesday, June 27, 2006

Superman Returns

Superman ReturnsWell, he's back. After a 19 year hiatus from theaters and a 5 year absense from Metropolis, Superman Returns. This time Brandon Routh (like south) portrays Clark Kent/Superman. And he certainly looks the part. He's got the mannerisms for both roles down pat.

As the movie opens, Superman is returning to Earth after a five year journey searching for remains of Krypton. When he gets here, he finds that the world seems to have moved on. Lois even won the Pulitzer for an article titled "Why the World Doesn't Need Superman".

Sunday, June 25, 2006

The Ambler Warning

The Ambler WarningRobert Ludlum passed away in 2001. He's probably best known for his "Bourne" series that have recently turned into Matt Damon movies. I LOVED the "Bourne" books... tolerated the movies. In 2005, his estate releases a new book: The Ambler Warning. It's unclear to me whether this was a completely ghostwritten book or if it was an unfinished (or unpolished) book that was completed after his death.

The book opens with Hal Ambler in a high security government phsycho ward. He doesn't remember how or why he got there, he just knows he has to get out...

Saturday, June 17, 2006

Fix for RAID_AUTOCONFIG bug in 3.9

OpenBSDI had been using RAIDframe with OpenBSD 3.8 without issue (mostly, see my previous post). I had configured my RAID sets to use auto-configure (raidctl -A yes raid0).

But, when I upgraded to OpenBSD 3.9, my server would hang during the boot process immediately after "Kernelized RAIDframe activated". So, I compiled a kernel with RAIDframe enabled but RAID_AUTOCONFIG not enabled. I still needed my /etc/raid*.conf files, but my server was working perfectly. I searched the misc@ archives and found several threads (including this one) about the RAID + hang problem in OpenBSD 3.9.

But, someone had a solution...

RAIDframe Tricks

OpenBSDLife is funny sometimes. On Wednesday, a friend asked if I had experience with RAIDframe, the software RAID system in OpenBSD. He had a failed disk and wanted to talk about how to get RAIDframe to use the new drive as a main component vs. a spare. Not two days later, I was planning to upgrade my last OpenBSD 3.8 server (at home) and noticed that my raid0 had a failed component.

My RAID sets are each 90 GB mirrors across 3 disks. I know, I know: 3 disks? But one disk is a 250GB drive and the other two are 90 GB drives. Each 90 GB drive is mirrored to a separate 90 GB partition on the 250 GB drive. The data to end up on the mirror sets actually lived on the 90 GB drives. Each 90 GB drive was over half full (so I couldn't copy ALL of the data one drive while setting up the RAID on the other). So, I used a method described in the man page to set up a broken RAID set to get all of my data on my new drives.

The Complete Frank Miller Batman

The Complete Frank Miller BatmanContinuing my recent foray into graphic novels, I picked up The Complete Frank Miller Batman from Amazon Marketplace. If you're unfamiliar with Frank Miller's work, you might have heard his name related to Frank Miller's Sin City: a movie from 2005 with Jessica Alba, Bruce Willis and Mickey Rourke.

This Batman collection contains three stories:

Thursday, June 15, 2006

The Colorado Kid

Colorado KidIt's not a very well hidden fact that I'm a big fan of Stephen King books. On a recent trip business trip, I found myself without something to read. I was also in need of some shaving cream and ended up at a CVS (or something). After finding what I needed, I was browsing the book aisle. In a section that I didn't expect to find an SK book, I found a book that clearly said "Stephen King" on the cover. But it looked like a romance novel cover. Being intrigued, I picked The Colorado Kid up to determine if it was the Stephen King.

Flipping through some of the pages and the reviews section at the beginning, it seemed clear that this book was indeed the Stephen King. It had all the familiar traits I've grown to love: set in New England (Maine, to be specific) and an afterward: signed & dated. Taking it back to my hotel room, I started to read. It, like a lot of King's books, started off slow for me. The book started to get interesting around the time I was heading home. I got distracted from The Colorado Kid in the airport because I found The Cell (a more "classic" Stephen King). But, two days ago I found myself with nothing to read again. I picked up The Colorado Kid and started from the beginning. Almost immediately after I passed where I had stopped before, I was hooked...

Saturday, June 10, 2006

Identity Crisis

Identity CrisisI've always been into comic book superheroes: Superman, Batman and Spiderman (specifically). As a kid, I enjoyed Superman & Superman II, Batman & Batman Returns. As an adult, I loved Batman Begins, the two Spiderman movies and the X-men movies (1 & 2 so far). I can't wait until Superman Returns.

Brad Meltzer is one of my favorite authors. Holly and I have read all of his novels so far starting with The Tenth Justice all the way to The Zero Game. We cannot wait to get our hands on The Book of Fate when it's released on September 5, 2006.

Today I finally read my copy of Identity Crisis, a graphic novel which includes Brad's script and Rags Morales's pictures to tell a great story about a mystery involving The Justice League of America.

The Chronicles of Narnia

The Chronicles of NarniaI've been reading The Chronicles of Narnia since finishing my last book (off and on) and just finished this afternoon. Unless you've been living under a rock for the last year or so, you might have heard of the movie from one of the stories in the book (The Lion, the Witch and the Wardrobe).

The specific edition I read had all of the stories in it: "The Magician's Nephew", "The Lion, the Witch and the Wardrobe", "The Horse and His Boy", "Prince Caspian", "The Voyage of the Dawn Treader", "The Silver Chair" and "The Last Battle".

Wednesday, May 31, 2006

Server Upgraded to OpenBSD 3.9

OpenBSDI just completed the upgrade to OpenBSD 3.9 for my web and mail server. Besides the obvious OpenBSD 3.9 upgrade goodness, many of the applications and servers that I run were upgraded with it.

It's amazing that with each upgrade/re-install I do, how much easier it gets. But, I still run into problems along the way.

Tuesday, May 30, 2006

PJ at Verizon Center in DC

Pearl JamYes, yes, yes. All of my posts so far in the music category have been about Pearl Jam. And I know that most people that know me think that Pearl Jam is the only music I listen to. But that's not true. Just to get it out there, I listen to The White Stripes, Green Day (American Idiot - Best Album Ever?), Dave Matthews Band (heard their "All Along the Watchtower") and yes, I'm slightly embarrassed to say, Kelly Clarkson. You can even add some old school hip-hop (Ice Cube & 2Pac) in there.

But tonight...

Mergemaster + OpenBSD 3.9

OpenBSD 3.9I'm working on upgrading some of my boxes to OpenBSD 3.9. As I've mentioned before, using mergemaster is a great way to upgrade your machines. Especially with the new "pkg_add -u" (you should probably run pkg_add -ui to interactively deal with issues, such as multiple versions to choose from), mergemaster makes it even easier to avoid complete re-installs.

After upgrading to OpenBSD 3.9, run "pkg_add -r mergemaster".

Sunday, May 7, 2006

Pearl Jam: Best Band Ever

Pearl Jam on LettermanAs if you need more proof, but Thursday night (May 4), Pearl Jam showed that they are the best band ever. After their televised performance on "Late Night with David Letterman", Pearl Jam performed an encore concert for the fans at the Ed Sullivan Theater. And CBS is offering it (FOR FREE) on their website.

They perfomed (after "Life Wasted" during the show) "World Wide Suicide", "Comatose", "Severed Hand", "Marker In The Sand", "Gone", "Unemployable", "Present Tense", "Do The Evolution", "Why Go", "Porch" ("I Want to Hold Your Hand").

I think this shows that Pearl Jam continues to do this (create music) for the fans. Members of their fan club are given extras for being fans (and a measily $15/year).

This show is also a reminder that no matter how good their albums are, Pearl Jam's live shows are second to none. Check out the video... enjoy.

Tuesday, May 2, 2006

KernelTrap Interview: Theo de Raadt

KernelTrapKernelTrap has a new interview with OpenBSD creater, Theo de Raadt. This is one of the better interviews I've read with Theo. He discusses changes in OpenBSD over the last 5 years (since 3.0), the current, new release (3.9) and the next release (4.0). Theo talks about blobs (binary drivers) and getting documentation from vendors for hardware. Finally, they cover OpenBSD's funding situtation, their calls for donations and even some previously unknown (at least to me) information about the infamous DARPA funding.

Story on digg

Here are some of my favorite quotes:

Sunday, April 30, 2006

OpenBSD 3.9 Released

OpenBSD 3.9You already ordered your CD, right? And made an even small donation? Be sure to buy a shirt for extra padding for the CD case.

OpenBSD 3.9 has officially been released and is available for download. This is great news for me because not all precompiled packages are on the CDs. Release day means a wget to download the rest of the packages.

Here is Bob Beck's announcement message:

OpenBSD on Intel Mac Mini

Mac MiniToday I started trying to load OpenBSD on my Intel Mac Mini.

A couple weeks ago, I loaded Apple's Boot Camp to dual boot with Windows XP. It was neat. But I don't really care to run Windows on my Mac.

Now that Boot Camp is on my computer, though, I figured I could probably get OpenBSD installed. I tried installing from my OpenBSD 3.9 CD first. But it wouldn't boot past USB device scanning. I downloaded a a 3.9 snapshot from April 29, 2006, and OpenBSD installed. But...

Saturday, April 29, 2006

Introducing OpenBSD 3.9

OpenBSD 3.9With tomorrow's (May 1) release of OpenBSD 3.9, offers an article in which "Open Source expert David Chisnall gives us the ins and outs of where OpenBSD has been, where it is now with the new version 3.9, and what lies ahead in the future." (link to article)

The article also brings a brief history of how OpenBSD came to exist, their fight for openness, their financial struggles and where OpenBSD is going.

Wednesday, April 19, 2006

GoDaddy donates $10k to OpenBSD/SSH

GoDaddy.comGoDaddy announced today that they've donated $10,000 to the OpenBSD and OpenSSH projects.

Here is a PDF of the GoDaddy Press Release.

GoDaddy is a cheap registrar for Internet domain names. I use them at work and am planning to switch from Network Solutions for at the end of the year. It's fantastic to see another company donate to the OpenBSD project (see my post about the Mozilla foundation).

The text of the PDF follows...

Sunday, April 16, 2006

Riviera Cancun

Riviera CancunA couple weeks ago, Holly and I took a nice 4 night trip to Riviera Cancun (just South of Cancun "proper"). We stayed at Secrets Capri and we took a few pictures.

The accomodations are really nice and everything's (just about) included. And, there're NO KIDS! :)

Pearl Jam on SNL

Pearl Jam on SNLLast night on Saturday Night Live Pearl Jam performed two new songs: World Wide Suicide and Severed Hand.

I thought just about the only redeemable quality from Lindsey Lohan was her enthusiasm when introducing Pearl Jam.

World Wide Suicide was great. Holly and I immediately loved that song when we heard it. They're performance was great!

Severed Hand was pretty good. The music was awesome, but the vocals and lyrics left some to be desired. That's OK, though... a lot of times there are some new PJ songs that take time to grow on me.

I'm more excited than ever, now, to see them next month!

ftp-proxy in 3.9

OpenBSD 3.9One of the new features in OpenBSD 3.9 is a different ftp-proxy.

The old (pre-3.9) ftp-proxy wasn't too bad. I had a couple of issues with it, but this new ftp-proxy is incredibly easy to set up and worked in all of my test cases...

Saturday, April 15, 2006

OpenVPN + DNS + OS X

OpenVPNOS X has a very cool feature built into to its resolver: /etc/resolver. It allows you to specify different DNS servers for different domains. After creating the /etc/resolver directory, I can create a /etc/resolver/ file with "nameserver" in it. Now, my Mac will use for resolving and whatever my ISP assigned me for everythying else.

When is this useful? runs a MySQL server. My firewall blocks attempts from the Internet to port 3306. But suppose I want to just run a MySQL admin tool from my PowerBook and don't want to mess around with SSH tunnels.

With OpenVPN & /etc/resolver/, I can seemless move from external user to internal user with two clicks.


TunnelblickTunnelblick is a very nice GUI for OpenVPN. A tunnel icon is added to the menu bar. You can click on the icon to connect/disconnect to your VPN.

The "stable" version (2.0.1) allows for connnecting to a single VPN. You create a ~/Library/openvpn directory and save your configuration file as openvpn.conf.

The 3.0 Release Candidate (I just now noticed that RC2 is out) allows for the ability to connect to multiple VPNs depending on the name of your configuration file. Save your configuration file as Server1.conf, Server2.conf (where "Server1" is an arbitrary string).

I can't see using OpenVPN on a Mac without it.

Thursday, April 13, 2006

001_sendmail binpatch 3.9

OpenBSDI've just installed my first OpenBSD 3.9 box and the first thing I did was set up my binpatch environment. As I explained before, OpenBSD has released a patch for the sendmail vulnerability released March 25, 2006.

So, I've created a binpatch for 3.9.

Firefox Released

Get Firefox!Firefox was just released! This is especially great news for Intel Mac users. This is the first official release that's a Universal Binary (meaning that it will run on Intel and PowerMac machines natively).

Besides some bugfixes, there doesn't seem to be much else new besides being a universal binary.


I got my OpenBSD 3.9

OpenBSD 3.9As I pull up to my mailbox today, I wondered, "Is today the day?" Guess what... It IS! My brand new OpenBSD 3.9 CD and t-shirt were waiting for me in my mailbox.

I rushed inside and ripped open the package. Again, the t-shirt provided good protection for the CD during shipment because the CDs and case are in perfect condition.

Thank you, OpenBSD!

More to come...

Saturday, April 8, 2006

Mozilla Foundation Donates to OpenBSD/SSH

Mozilla FoundationThis week the Mozilla Foundation announced that they donated $10,000 to the OpenBSD project for the development of OpenBSD and OpenSSH. I recently posted that you should support the OpenBSD project and there have been several articles (undeadly) written about OpenBSD's financial situation.

This, I believe, is a great move for the Mozilla Foundation. The OpenBSD project releases some pretty fantastic code that the Mozilla Foundation admittedly uses. I personally use Firefox and Thunderbird on OpenBSD and on my two Macs. My wife uses Firefox on her Windows PCs at home and at work. I, as the "IT guy" for everyone I know, recommend Firefox to my friends, family and have made it the corporate standard at work.

This is, indeed, fantastic news! Hopefully other companies will follow suit.

Women's National Champs '06

2006 NCAA National Champs
We did it!. The University of Maryland Women's Basketball team defeated Duke in the 2006 Women's National Championship in one of the most exciting (men's, women's, pro) basketball games I've ever seen.

While in Mexico, Holly and I were able to convince the "Sports Bar" to show the game. We were the only ones in the room form all but the last minute of regulation and overtime. There were even people complaining that their Latin Dance class was starting late because we were watching the game. But, we were able to see the whole, exciting game!

Holly and I were VERY proud of the Maryland fans for supporting the Lady Terps in their amazing season and championship.

Go Terps!