Sunday, December 16, 2007

Binpatches for amd64 and sparc64

PuffyI've added binpatches for amd64 and sparc64. I've also stopped update 4.0 and 4.1 since I'm not using either of those old version of OpenBSD.

For all three architectures, I've got binpatches for 001_dhcp, 002_openssl and 004_pf.

I've made binpatches for i386, amd64 and sparc64.

Tuesday, November 6, 2007

Yaifo 0.5

OpenBSDAnnouncing YAIFO 0.5!

The OpenBSD installer with a terrible name has a new update to coincide with the release of OpenBSD 4.2. New in Yaifo 0.5:

  • amd64 has been tested and is working (it worked with version 0.4, but I didn't have a way to test).

  • macppc added.

  • cleanall make target actually does clean all now.

  • I started to take more ownership of the project (not just functionality) including updating the readme, copyrights and cvs $Id$ tags.

  • Added boot.conf to build a kernel with console redirection (to make yaifo + soekris work properly).

  • Changed the message at the end of an upgrade/install to recommend reboot over halt (because halting a server 1000 miles away would be just plain stupid).

  • Update to OpenBSD 4.2.

  • Use a standard sshd_config and customize sshd through command line options in

Download yaifo-0.5 for OpenBSD 4.2.

Wednesday, October 31, 2007

OpenBSD 4.2 Released

PuffyTheo de Raadt announced the release of OpenBSD 4.2 today (November 1) on misc@. See my article on Undeadly for more details.

This release offers many new features including an install42.iso that includes all installation sets. This is a great convenience that people have been clamoring for, but I'm concerned it will affect CD sales (which drive the project). Please, please be sure to donate (pick the "SECURE Web Ordering Form") if you ftp installation sets or the install42.iso file.

This release also marks the first release in which I'm a developer (merdely@)! Honest. My name is at the bottom of the announcement in the list of developers.

Tuesday, October 16, 2007

4.2 Binpatches Added

PuffyI've added binpatches for OpenBSD 4.2 errata entries:

Like with 4.1 & 4.0, I've created a cumulative binpatch.

Thursday, October 11, 2007

Errata 011

PuffyThe OpenBSD team has released a patch 011 for OpenBSD 4.1 (patch 002 for OpenBSD 4.2 and patch 017 for OpenBSD 4.0).

This is a security fix and applies to all architectures.

Quote from the commit messages (1.16 & 1.17):
Replace use of strcpy(3) and other pointer goo in
SSL_get_shared_ciphers() with strlcat(3).

Fix off-by-one buffer overflow in SSL_get_shared_ciphers().
From OpenSSL_0_9_8-stable branch.

Binpatches exist for OpenBSD 4.1 and OpenBSD 4.0. Note, I do not have a 4.2 box set up, so no binpatches for 4.2 yet.

Tuesday, October 9, 2007

Errata 010

PuffyThe OpenBSD team has released a patch 010 for OpenBSD 4.1 (patch 016 for OpenBSD 4.0).

This is a security fix and applies to all architectures.

Quote from the commit message:

"Minimum IP MTU" means what it says. Ensure that packets returned by dhcpd are the minimum size or larger no matter what the client thinks the minimum allowable size is. Found by Nahuel Riva and Gera Richarte. 
Fix by millert@.

Binpatches exist for OpenBSD 4.1 and OpenBSD 4.0.

Tuesday, September 25, 2007

Quick SSH Tip: ProxyCommand

Here's a quick tip for OpenSSH:

Suppose there is an SSH server inside a remote network that does not have its SSH port exposed to the Internet (named "internal.hostname.tld"). If there is an SSH gateway host that you can SSH to (that has the ability to reach "internal"'s SSH port), you can use the netcat (nc(1)) command to Proxy your SSH session to "internal" through "gateway".

Put something like the following in your ~/.ssh/config (or /etc/ssh/ssh_config):

Host internal.hostname.tld internal
  User          merdely
  HostName      internal.hostname.tld
  ProxyCommand  ssh merdely@gateway.hostname.tld nc %h %p 2> /dev/null

Then, make connect to "internal" as if you could directly: ssh internal.hostname.tld

Sunday, September 23, 2007

Setting up a Soekris 5501 with OpenBSD 4.2

undeadlyNew story of mine on The OpenBSD Journal:

I wrote about how I went about setting up my new Soekris net5501:

I recently purchased a new Soekris net5501 to replace my beige box firewall. I had previously set up a net4501 but I wasn't happy with it and sold it to a friend. Large file transfers would grind it to a halt and the performance wasn't as good as my beige box. The net5501 has increased horsepower (faster processor, more memory) and a better network chipset (vr(4)). And, most of all, because there are 4 network ports! At my house I have 3 network + my FiOS connection. I have my internal LAN (wired with full access to everything), my wireless network (requires authentication and has limited access to the LAN) and my DMZ (for my web server; no access to the LAN or wireless networks).

For my installation, I use Yaifo so I don't have to deal with a serial console or setting up pxeboot. (I actually did hook up a serial console to update the bios, which I'll discuss later). Also, I use a custom rc and a flashdist-like system so I can mount my CF read-only. My "fdlite" script doesn't rely on a customized install like flashdist. It does use some of the device modifications Chris uses to make the read-only / work properly, though.

Read more at The OpenBSD Journal.

Tuesday, August 28, 2007

Linux Driver Copyright Violation

digg_url = "";

Originally posted by me to

As reported on The OpenBSD Journal, a Linux kernel developer removed the BSD License text from Reyk Floeter's Atheros wireless driver.

As Theo de Raadt wrote in a comment to The OpenBSD Journal article:

The other files in the driver, written by Reyk, are the replacement for the HAL. This basically is the hidden register access code which Sam (basically employeed by Atheros) refused to release. This code was placed by Reyk under an ISC license, something our project prefers to use since it is so simple that even a grade 5 student cannot misunderstand what it says. It translates to "You can do anything, but not delete the text".
Only Reyk could change that copyright notice, since he is the author.

At this time, Slashdot does not consider this news (even though a story has been submitted). This must be a too negative reflection of their beloved Linux.

Saturday, August 25, 2007

Yaifo Updates for CF (and SSH fix)

OpenBSDAs seen in the comments from a previous post, recent ssh changes caused Yaifo's sshd server to stop working. The fix was very simple: include an /etc/login.conf in the Yaifo image file.

I just bought a Soekris Net5501. I was hoping that Yaifo would provide a convenient method for installing OpenBSD on the CompactFlash card I'll be using in my new Soekris firewall. After a few tweaks, it does!

Thursday, August 16, 2007

Screen for Serial Access

GNU ScreenA friend (hi, dwc) mentioned to me a few weeks (months?) ago that screen can be used as a serial terminal (like minicom or cu(1) or tip(1)). Up until today, I hadn't had a chance to try it -- I'd been using minicom from MacPorts.

Today, using my nifty osx-pl2303 driver for my Tripp-Lite U209-000-R USB-to-serial adapter and screen, I was able to get a serial console to a server in my office. Specifically, I typed:
screen /dev/cu.PL2303-0000101D 38400
When I was done, I typed: ^a^k to kill the terminal session. Since screen(1) is part of the base OS X install.

Sunday, August 12, 2007

Yaifo updated for 4.2 in CVS

OpenBSDFirst things first: Yaifo is now available via CVS. And (obviously) I set up a SourceForge Project, but I haven't done much with it yet.

I also set up a new category on my website for Yaifo so that it has its own page. I haven't decided yet, but I think I'll just have the SourceForge Project Homepage redirect to the page here.

I will still generate tarballs for downloads, but you can get the latest and greatest from CVS:
cvs login
cvs -z3 co -P yaifo

Wednesday, August 8, 2007

Quick Upgrade Process

LaptopsYou may not have noticed it yet here, but I love OpenBSD. I keep that pretty close to the vest, I know.

I just finished upgrading my Thinkpad T42 to the latest OpenBSD 4.2-current snapshot and thought I should share my upgrade process. Over the past few releases of OpenBSD, the process has gotten steadily easier. Marc Espie has almost single handedly overhauled the ports system (here, here and here to cite a few examples) into a robust, easy to upgrade system. And I especially like the clear distinction between the system base and add-on packages.

And, at this point, it's only slightly more work to create a port for new software instead of running make install to just install something into /usr/local/foo. The whole system has seen improvements, but I only pick on ports and packages because they'd been traditionally been more difficult to upgrade (you used to have to remove all packages and install the new ones). Even with the new packaging enhancements, though, on a production server it's a good idea to spend time comparing old configuration options to new configuration options to make sure the new versions of your applications do what you expect.

Monday, August 6, 2007

My GNU Screen Config

GNU ScreenGNU Screen is one of the most useful utilities on a *nix system. On OpenBSD, it's an installable package ("sudo pkg_add -i screen") and it's almost always the first package I install.

Scott (whose blog is not as fast as mine) and I played around with our ${HOME}/.screenrc and Scott helped me come up with this:
shell -$SHELL
startup_message off
defscrollback 1000
hardstatus alwayslastline '%{= wk}%?%-Lw%?%{r}(%{k}%n*%f%t%?(%u)%?%{r})%{k}%?%+Lw%?%?%= %m/%d %C%A'
activity ''
termcapinfo xterm* 'hs:ts=\\E]2;:fs=\07:ds=\\E]2;screen\07'

Sunday, August 5, 2007

My X Desktop

OpenBSDI've been using my IBM Thinkpad T42p as a desktop at home a lot more lately (almost exclusively) and it works great! Just about all of the hardware works (dmesg) -- I can't think of any that doesn't. It's a reasonably fast machine, suspend works, audio works, wifi works...

As for my desktop environment, I've started using dwm because it's extremely small, fast and easy to use with just keystrokes. Windows can be assigned tags which are like workspaces in other managers. There are 9 available tags. I usually have a full-screen xterm running screen on my local machine in tag 1, a full screen xterm running ssh to another box running screen in tag 2 (this screen session has mutt and irssi running in it along with other sessions I like to keep active all the time) and a full screen Firefox in tag 3.

MBP Status

Mac Book ProI've been playing with OpenBSD -current on my MacBook Pro.

Not all of the hardware works. Most notably: the ATI Radeon Mobility X1600, wireless, Fn key and acpi/apm.

I can get X working with the VESA driver at 1024x768.

So, I cannot right-click, recording through the azalia sound driver is not working (though deanna@ is making great strides with the Mac audio capabilities), none of the Fn-Fx keys (sound, brightness, ...) are working, I cannot suspend or get any power status. But, it's a fast, fast, fast build machine. :)

Monday, July 9, 2007

Yaifo Maintainer

OpenBSDSince Yaifo hadn't been updated since version 0.2 for OpenBSD 3.8, I emailed Waldemar (the original author) and asked if I could take over the project. He said yes, so I am now the official Yaifo maintainer.

I would like to come up with a different name that more expresses that Yaifo is not a different installer, but an enhanced version of bsd.rd (with sshd). I'd also like to come up with a logo. After I get a new name and logo, I'm going to set up a SourceForge project.

If you have name and logo suggestions, leave a comment (or send me an email).

Errata 009

PuffyThe OpenBSD team has released a patch 009 for OpenBSD 4.1 (patch 015 for OpenBSD 4.0).

This is a security fix and applies to all architectures.

Quote from the commit message:
When writing data into a buffer in the file_printf() function, the
length of the unused portion of the buffer is not correctly tracked,
resulting in a buffer overflow when processing certain files.

Binpatches exist for OpenBSD 4.1 and OpenBSD 4.0.

Wednesday, July 4, 2007

Yaifo 0.4

OpenBSDAnnouncing YAIFO 0.4!

So you don't think I've created/modified/blasphemed the OpenBSD installer, this is basically bsd.rd with sshd+raidframe sprinkled in. Say you're 500 miles from your colo'd server and need to upgrade it. Build your yaifo.rd kernel. Scp it to colodserver:/bsd. Reboot colo'd server. Ssh to colo'd server and you're prompted with "(I)nstall, (U)pgrade or (S)hell".

I've emailed the original author asking permission to take over the project and I haven't received a response. In the mean time, I've updated YAIFO (Yet Another Installer For OpenBSD to my version 0.4. I called my previous set of patches "0.3" though only called it that internally.

Sunday, June 24, 2007

Vayniac Wristband

Vayniac DoggiesGary Vaynerchuk (Vay-ner-chuk) and the great people at Wine Library put on a nice podcast called Wine Library TV where Gary tastes several wines for us, describes the nose & the taste and gives us his opinion of the wines in question.

As a benefit to his fans (above and behind the show itself), Gary and his staff would send out, for free, a Wine Library TV wristband. The only price is to take and send in a picture. I cheated and sent a picture of my dogs instead. But it was cute. I hope he likes it.

If you like wine or want to learn more about wine, check out the podcast.

Saturday, June 16, 2007

Day 11+1 (Sat, Jun 16) II

Welcome to MarylandHome Sweet Home!

Holly's dad just dropped us off at home. Thanks, again, Glenn.

So, our flight from Dallas/Fort Worth sucked. It was just a crappy way to end a crappy travel day (well, 22 hours). We left our hotel yesterday at 4:30 PM (10:30 PM ET). We just got home at 8:30 PM ET. After the events of Part I of our trip home, we were hoping for a nice, quiet flight. WRONG!!

Day 11+1 (Sat, Jun 16)

Airplane!We sat on our plane at the gate at the Honolulu airport for 3 hours with infrequent updates like, "We're on the phone with maintenance here and in Tulsa working out the problem with the fuel pump. We've tried several things and have several more things to try. Sorry for the slow updates, it takes a while." Wonderful. At the 3 hour mark, we were told it was going to be at least another hour and we could deboard the plane. I took that opportunity to relax with a Long Island Iced Tea (or two). Holly just paced.

Friday, June 15, 2007

Day 11 (Fri, Jun 15)

last day in paradiseToday is our last day in paradise. The Halekulani was very gracious and gave us a 3 PM check out time! We were able to go see Pearl Harbor and the USS Arizona Memorial and sit by the pool for a couple hours without having to worry about our luggage.

We woke up early this morning (not knowing that we would be able to check out late) and packed. Then, we waited for the V.I.P. shuttle to Pearl Harbor. After dropping some people off at the airport (that was a surprise), we made it to Pearl Harbor. The line for tickets to the Memorial wrapped around a courtyard and was very, very long. But it moved pretty fast.

Day 10 (Thu, Jun 14)

dinnerToday started with a drive to the airport. We were sad to leave the Waikoloa Marriott, but we have a date with Pearl Harbor. We got through security and had a quick breakfast before flying to Oahu (Waikiki).

While booking, we were given two choices on hotel. I said, "Hey! It's our last night... let's splurge" so we chose the Halekulani. What a good choice. This is an amazing hotel and the people are just fantastic.

Thursday, June 14, 2007

Day 9 (Wed, Jun 13)

sunsetThis morning started early with a phone call from a doctor's office 6 time zones away. And, it was a wrong number. And she gave me attitude (her: "it's the number down on the sheet" me: "I don't care... it's wrong"). Life in paradise is rough! I went back to sleep until 9:30.

After another buffet breakfast (first mimosa that showed up before I was finished with breakfast), we went down to the pool for a couple hours. Then, given that it's our last night on the big island, we thought it was a good idea to try out the beach and get in the ocean (having spent most of our lazy time by the pool so far).

Wednesday, June 13, 2007

Day 8 (Tue, Jun 12)

Dinner at Donatoni'sThe day started like yesterday did: breakfast buffet, tardy mimosa, lazy morning by the pool...

For the afternoon, we went to the Kekaha Kai State Park. The road was less than paved and our poor little rental car cried most of the 1/2 mile driveway to the beach. The beach itself was not much to speak of. It reminded me of a rocky, choppy version of Sandy Point (under the Chesapeake Bay Bridge) except that it was surrounded by lava.

Tuesday, June 12, 2007

Day 7 (Mon, Jun 11)

hotelIs it Monday? It doesn't feel like Monday. Are all you suckers working?

We started our lazy pool day at 8:30 (well, Holly woke up at 7:30) with another buffet breakfast. There was some foul-up with my mimosa (didn't get it until I was done with breakfast), but the food was good.

We spent most of the day by the pools. The "Infinity Pool" was neat; one side of it was shorter than the others and continually overflowed onto some rocks. While Holly and I were hanging out in the Infinity Pool, we remembered how nice Cancun was (no kids).

After I took a nap in the room and Holly took a walk and some pictures, we had dinner at Merriman's Market Cafe (we didn't see any of Shawne's "Lite's Out" memorabilia). Holly had Ahi wrapped in Proccuitto and I had mozzarella/tomato salad (which was awesome) and a nice fish (I think it was kamachi).

Now we're sitting on our lanai (balcony for you Hawaiian neophytes) sipping drinks. Aloha.

Sunday, June 10, 2007

Day 6 (Sun, Jun 10)

helicopterSunday morning started with very sore backs. The bed at our hotel was SO stiff and uncomfortable. After stretching out for a bit, Holly and I hit Ken's House of Pancakes in Hilo. Even though I felt fine, I ordered the ROUGH NIGHT omlette which was an omlette topped with chili and cheese.

After making sure everything was packed, we asked for a late checkout so we could leave our luggage at the hotel instead of the trunk while we went on our Blue Hawaiian Helicopter Circle of Fire and Waterfalls tour.

Saturday, June 9, 2007

Day 5 (Sat, Jun 9)

volcanoWe ended last night packing for today and then crashed.

This morning, we woke up early (5:45), got our stuff together and were on our way to the Maui airport by 6:30. We ate a quick breakfast in the airport and had a pretty painless flight to Hilo on the big island. The scenery from the flight was breathtaking. We were able to check into our hotel early and were even upgraded to a suite for our one night. It's not the most modern hotel, but it's pretty nice.

Day 4 (Fri, Jun 8)

Us on our anniversaryToday we woke up a little later than other days (still before 8) and went down for another nice breakfast (with mimosas) at the Swan Court.

We spent another awesome morning/early-afternoon by the pool. The scenery was very nice and the sun beat down hard. After a quick dip in the pool, we went for a walk down to Whaler's Village where we had lunch and picked up a new pair of sunglasses for me and a polarizing filter for Holly (happy anniversary to us).

Friday, June 8, 2007

Day 3 (Wed, Jun 7)

We woke up this morning at 6 AM (Noon back home). I feel MUCH better today.

After slowly getting ready (and posting 3 blog entries), we headed downstairs to have breakfast at Swan Court. It's a grouping of tables and chairs that opens up to a waterfall and a manmade pool. There are birds flying everywhere, so you have to watch your food. It was beautiful, but we only had my camera phone and its pictures weren't the best. The buffet is excellent and we top it off with a couple mimosas.

Thursday, June 7, 2007

Day 2 (Wed, Jun 6)

poolHolly and I got up at a little before 8 to get some final things ready. Holly's dad was coming at 9 to take us to Dulles. I drank some more Pedialite (awful stuff, really) and then some Gatorade and we were off. (Thanks for the ride, Glenn)

With everything that had happened previously with the flights, I was uneasy about everything until we were actually on the plane. The flight was uneventful. We had minor annoyances that seem to happen on every flight. After a brief layover in L.A., we had another mostly uneventful flight. My stomach was still VERY, VERY active for most of both flights, but I felt so-so (not good, not bad). The half chicken sandwich and fries I had in L.A. didn't make things worse. I stuck to water and ginger-ale.

It took forever to get our rental car in Maui and at what felt like 3 AM to us, the drive was pretty rough. We finally checked in at 10 PM (4 AM EDT) and crashed. The cherry on top of the trip to this point was that the room with the king sized bed we reserved was not available and we have a room with a queen and a double. Our consolation prize was that they upgraded us to an oceanfront room. Oh well... we're here. We both just crashed without dinner (I still wasn't hungry).

[small edits by Holly]

Day 1 (Tue, Jun 5)

4:30 AM: I think I can make it. I'm lying in bed and feel terrible, but think I _may_ be able to handle the flight. I get up and... no way. I wasn't much better (if any) than I was the night before. Fever was ~100F. We thought we'd need to leave the house by 6:15 if we were going to make our flight. During the next 90 minutes, Holly tried to call our travel agent, scoured the web and called American Airlines (twice). No one seemed to have any suggestions on how to best handle this situation. We weren't warned, "if you don't do _this_, you're screwed" or anything.

6:30 AM: We missed our chance to go to the airport and I wasn't feeling better. :(

Day -1 (Mon, Jun 4)

medsAfter a long weekend of house cleaning and getting ready for a house guest (we're having a house-sitter take care of the dogs so they can at least stay at home), I worked from home on Monday to finish up a few loose ends. At lunch time I met some friends in Bethesda at the Austin Grill (Hi, Bonita and the Captain). Then I visited my old company, Epok. Shortly after returning home, I came down with a stomach flu (or food poisoning). But, following Occam's Razor, it was a flu. Family had it and after seeing them (thinking everyone had been better for more than a week), I got it.

So, for the rest of Monday, I... uhhh... stayed close to the bathroom. Very close. My fever rocketed to 101.3F, every single joint and muscle hurt, my stomach was doing somersaults and I was wiped out. Holly did her best to get everything ready while taking care of me, but was worried about overdoing it and possibly catching what I had. We finally crashed at around 1 AM and were going to just see how things were in the morning...

Saturday, June 2, 2007

V for Vendetta

V for VendettaI'm a little late to the game. I didn't know anything about V for Vendetta (the movie or the graphic novel). I don't think WB did a good job marketing this movie when it was out in the theaters. It just didn't seem interesting to me.

Then, someone, I forget who (sorry!) suggested I check the movie out. So we added it to our NetFlix queue and checked it out.


Spoilers below, so either see the movie or send complaints to /dev/null.

Where have I been?

Dogs in Snow!So where have I been?

Two months ago, I made the very difficult decision to leave my previous job and start working with a new company. I loved my old job and especially loved the people I worked with. But, I was working all the time. They were not in a position to hire help and I really couldn't do it anymore.

And, I started writing for Undeadly: The OpenBSD Journal. As an editor for the site, I am more inclined to post my OpenBSD-related content on Undeadly instead of here. So check me out there.

Also, Holly and I are preparing to celebrate our tenth (YES, 10TH!) anniversary in a few days and are doing something special. I'll post a recap or several posts recapping our celebration (with pictures!).

Thursday, May 17, 2007

4.1 Binpatches

PuffyI've updated my binpatch page to include OpenBSD 4.1 patches.

Update your boxes.

Saturday, March 17, 2007

Errata 010 r2

PuffyThe OpenBSD team has just released a second revision to patch 010 for OpenBSD 4.0.

This is a security fix and applies to all architectures. It is serious and should be applied immediately.

Quote from the Errata page:
Incorrect mbuf handling for ICMP6 packets.
Using pf(4) to avoid the problem packets is an effective workaround until the patch can be installed.
Use "block in inet6" in /etc/pf.conf.

If you previously installed rev1 of my binpatch (motd banner looks like "OpenBSD 4.0 (GENERIC) #4: Thu Mar 8 17:30:41 EST 2007"), you should upgrade to my rev2 binpatch (motd banner looks like "OpenBSD 4.0 (GENERIC) #5: Sun Mar 18 01:05:50 EDT 2007").

Friday, March 16, 2007

So long and...

Ze Frank... Thanks for All the Fish.

The Show with Ze Frank has come to an end. Ze Frank set out to produce a daily (weekdays) Internet show (The Show) for one year. He started on March 17, 2006.

The Show was sometimes political, sometimes nonsense, mostly funny and always entertaining. The personality Ze shows in his podcasts is likable and engaging. If you're just learning about Ze's show now, you won't get to feel what it's like to stare at your RSS feed reader towards the end of the day waiting for Ze's latest show to be available. At the very least, check out some of his popular shows.

I'm looking forward to what Ze does next. Good luck, Ze, and thanks for The Show.

(Picture "borrowed" from Ze's flickr page)

Thursday, March 15, 2007

Announcing MetaBUG

digg_url = "";
After starting the Capital Area BSD Users Group, founders Jason Dixon and I realized that other BUGs could benefit from the pooled resource and information sharing of user groups world-wide. They discussed their ideas with Darren Spruell and Darrin Chandler of the Phoenix BUG, and the MetaBUG began to take shape.

Tuesday, March 13, 2007

OpenBSD 4.1 Pre-Orders

OpenBSDOpenBSD 4.1 Pre-Orders have been activated on the OpenBSD Orders page.

Darrin Chandler announced that people can pre-order the upcoming OpenBSD 4.1 release which will be released May 1, 2007.

I ordered a CD set, a new polo, Jacek's "Command Line" book and dropped a bit of cash in too. Go forth and support OpenBSD and/or OpenSSH!

Monday, March 12, 2007

Errata 010

PuffyThe OpenBSD has just released patch 010 for OpenBSD 4.0.

This is a security fix and applies to all architectures.

Quote from the Errata page:
Incorrect mbuf handling for ICMP6 packets.
Using pf(4) to avoid the problem packets is an effective workaround until the patch can be installed.
Use "block in inet6" in /etc/pf.conf.

As always, I've created a binpatch for OpenBSD 4.0.

Sunday, February 25, 2007

Children of Men

Children of MenThis weekend, Holly and I saw Children of Men. Great movie. I know I'm writing this the night of the Oscar's, but I loved this movie. I still think Little Miss Sunshine should win (at this time at 10:51 PM ET, it hasn't).

But, Children of Men is a great movie. My only complaint is that there were some slow spots and the movie felt long. But, even after investing a (seemingly) long time with this picture, it was worth it.

Holly and I both said: "I keep forgetting his name or what he's done, but it seems like everytime I see a movie with Clive Owen, I like him."

This movie was great. Everything from the writing, the action, the scenery and, especially, the acting were great. Michael Caine's part was (somewhat) small, but, as usual, he was... oh, I don't know, knight-like.

What if every women in the world couldn't have children? What if the last birth was 18+ years ago and the end world was seemingly "our lifetime" away. What if after 18 years, one women was pregnant?

Not the "Best Picture", but a great movie. I like these "armageddon" movies like "28 Days Later."


Capital BSD Users GroupThe Capital Area BSD Users Group has been formed from the old "MD BUG". We thought it best to think bigger. If our local BSD Users Group gets big enough where we have a conference or something similar, we don't want to hear, "Where the heck is Maryland?" I hope everyone knows where the Capital is.

We, Jason and I, have worked hard to come up with a nice website for the group. If you're in the DC area and are interested in BSD, Unix or Open Source, please check us out and join our Group.

The purpose of our group is to promote BSD, Unix and Open Source -- in that order. Thanks for your support. Chances are, you didn't find my site without using something belonging to one of those three concepts.

Tuesday, February 6, 2007

4.0 Errata 008 and 009

PuffyThe OpenBSD team released two new Errata updates for 4.0 (and 3.9):

  • 008_icmp6: Under some circumstances, processing an ICMP6 echo request would cause the kernel to enter an infinite loop.

  • 009_timezone: A US daylight saving time rules change takes effect in 2007.

As always, I have binpatches available. 008_icmp6 includes bsd and kernels.

Binpatch Talk

PuffyOn January 31, 2007, I gave a talk to the Maryland BSD Users Group about Binpatch.

You can read a break down of the meeting and see my slides.

For our first meeting, it went pretty well. We had a decent turn out: 11 people (including me). Stay tuned to for upcoming meeting info.

Tuesday, January 30, 2007

Yaifo Update 2

OpenBSDFollowing up on a previous post about YAIFO (Yet Another Installer For OpenBSD), the Yaifo site seems to still be down.

I had previously patched the Yaifo distribution to update it for OpenBSD 4.0. But, I only patched the i386 part of the tree (and its RAMDISK_YAIFO file). Since I needed Yaifo today to upgrade a Sparc64 box, I took the time to bring the RAMDISK_YAIFO kernel files for sparc, sparc64 and alpha up to 4.0 too.

You can download my new OpenBSD 4.0 Yaifo 0.2 patch file or the patched tarball. You can still download my copy of the original Yaifo 0.2 distribution.

Let me know if you have any problems (or successes).

Tuesday, January 16, 2007

Wildcard SSL Certs

GoDaddy.comI needed to renew a couple SSL certs at my office today. My brother had good things to say about Go Daddy's SSL certificates. He told me they're cheap and they are supported by all browsers he tested. They support OpenBSD. Plus, I've been happy with them as a registrar. So, I gave them a shot.

I manage a lot of servers at work and several of my certificates were to expire soon. Plus I was using some self-signed certificates on some servers. Given that I could use certificates on more than 10 servers, I decided to go with a wildcard certificate. That means that I can use this certificate for any host with a "*" address.

The process couldn't have been easier. After creating a key and a certificate signing request (csr) for "*", I was able to go through their web interface and was finally emailed a link to download both the certificate and an intermediate CA chain file.

Thanks, Go Daddy.

Thursday, January 11, 2007


CapBUGNote: MDBUG was renamed CapBUG by group consensus.

Given interest from others in the Maryland area, I've started the Maryland BSD Users Group website. The goal is to hopefully find other interested Maryland (DC and Virginia) BSD users and developers to get together and discuss different topics related to managing and developing BSD.

There aren't enough members yet to have regularly scheduled meetings. But, I guess we had an impromptu meeting tonight at the Olney Grille. :)

If you're interested in joining, please email me.

Tuesday, January 9, 2007

the show with zefrank

zefrankI happened upon a new video podcast the other day that is just great. It's funny and smart and very entertaining. the show with zefrank features Ze Frank as a talking head presenting mostly current events in a humorous way. The writing (is it writing?) is clever, funny and thoughtful. The show is very well done and it is currently my favorite podcast.

Ze's thinking, so you don't have to.

Be sure to check him out. And if you enjoy it, be sure to digg his podcast after digging Will's. Digg is dead.

Saturday, January 6, 2007

New MacBook Pro

Mac Book ProI just bought a Mac Book Pro! Straight from China.

I've been using a Mac as my main computer for about 3 1/2 years and I've been very happy with it. I started out with a very slow PowerBook 15 666 MHz. I then moved up to a 1.5 GHz after about a year. For years I had been looking for "Linux" with a nice desktop. By "Linux", I mean *nix (preferably OpenBSD). But hardware support (NICs) or software support (WPA) prevented me from using OpenBSD on my laptop. OS X fit my needs pretty well. The GUI is very nice and easy to work with. Most things just work. But the PowerBook was slow and there were some things I couldn't do...

Thursday, January 4, 2007

4.0 Errata 007_apg

OpenBSDThe OpenBSD team released a new Errata update for 4.0 (and 3.9): 007_apg: Insufficient validation in vga(4) may allow an attacker to gain root privileges if the kernel is compiled with option PCIAGP and the actual device is not an AGP device. The PCIAGP option is present by default on i386 kernels only.

This is a rare combination (VGA device in AGP mode, if I read it right).

As always, I have a binpatch available which includes bsd and kernels.

Wednesday, January 3, 2007

BSDTalk Interview

BSDTalkWill Backman, who produces and hosts the great BSD-related podcast "bsdtalk", interviewed me last week. He had interviewed a lot of developers and wanted to get input from a BSD user/admin, like me.

You can download the mp3 or ogg files of the interview. Or, better yet, subscribe to the podcast at iTunes. And, make sure you digg his podcast.

Leading up to the interview, I was fine, but as soon as the phone rang, I was nervous. My throat went dry. Instead of thinking of the conversation I was having, I was thinking of the people who would be listening to it.

We talked about how I use OpenBSD at work, how open to free/open source software we are at work, the difficulty in finding people with BSD skills and how I use OpenBSD at home. And I did mis-speak when I said "mimeassassin" instead of MIMEDefang.