Tuesday, January 30, 2007

Yaifo Update 2

OpenBSDFollowing up on a previous post about YAIFO (Yet Another Installer For OpenBSD), the Yaifo site seems to still be down.

I had previously patched the Yaifo distribution to update it for OpenBSD 4.0. But, I only patched the i386 part of the tree (and its RAMDISK_YAIFO file). Since I needed Yaifo today to upgrade a Sparc64 box, I took the time to bring the RAMDISK_YAIFO kernel files for sparc, sparc64 and alpha up to 4.0 too.

You can download my new OpenBSD 4.0 Yaifo 0.2 patch file or the patched tarball. You can still download my copy of the original Yaifo 0.2 distribution.

Let me know if you have any problems (or successes).

Tuesday, January 16, 2007

Wildcard SSL Certs

GoDaddy.comI needed to renew a couple SSL certs at my office today. My brother had good things to say about Go Daddy's SSL certificates. He told me they're cheap and they are supported by all browsers he tested. They support OpenBSD. Plus, I've been happy with them as a registrar. So, I gave them a shot.

I manage a lot of servers at work and several of my certificates were to expire soon. Plus I was using some self-signed certificates on some servers. Given that I could use certificates on more than 10 servers, I decided to go with a wildcard certificate. That means that I can use this certificate for any host with a "*.mydomain.com" address.

The process couldn't have been easier. After creating a key and a certificate signing request (csr) for "*.mydomain.com", I was able to go through their web interface and was finally emailed a link to download both the certificate and an intermediate CA chain file.

Thanks, Go Daddy.

Thursday, January 11, 2007


CapBUGNote: MDBUG was renamed CapBUG by group consensus.

Given interest from others in the Maryland area, I've started the Maryland BSD Users Group website. The goal is to hopefully find other interested Maryland (DC and Virginia) BSD users and developers to get together and discuss different topics related to managing and developing BSD.

There aren't enough members yet to have regularly scheduled meetings. But, I guess we had an impromptu meeting tonight at the Olney Grille. :)

If you're interested in joining, please email me.

Tuesday, January 9, 2007

the show with zefrank

zefrankI happened upon a new video podcast the other day that is just great. It's funny and smart and very entertaining. the show with zefrank features Ze Frank as a talking head presenting mostly current events in a humorous way. The writing (is it writing?) is clever, funny and thoughtful. The show is very well done and it is currently my favorite podcast.

Ze's thinking, so you don't have to.

Be sure to check him out. And if you enjoy it, be sure to digg his podcast after digging Will's. Digg is dead.

Saturday, January 6, 2007

New MacBook Pro

Mac Book ProI just bought a Mac Book Pro! Straight from China.

I've been using a Mac as my main computer for about 3 1/2 years and I've been very happy with it. I started out with a very slow PowerBook 15 666 MHz. I then moved up to a 1.5 GHz after about a year. For years I had been looking for "Linux" with a nice desktop. By "Linux", I mean *nix (preferably OpenBSD). But hardware support (NICs) or software support (WPA) prevented me from using OpenBSD on my laptop. OS X fit my needs pretty well. The GUI is very nice and easy to work with. Most things just work. But the PowerBook was slow and there were some things I couldn't do...

Thursday, January 4, 2007

4.0 Errata 007_apg

OpenBSDThe OpenBSD team released a new Errata update for 4.0 (and 3.9): 007_apg: Insufficient validation in vga(4) may allow an attacker to gain root privileges if the kernel is compiled with option PCIAGP and the actual device is not an AGP device. The PCIAGP option is present by default on i386 kernels only.

This is a rare combination (VGA device in AGP mode, if I read it right).

As always, I have a binpatch available which includes bsd and bsd.mp kernels.

Wednesday, January 3, 2007

BSDTalk Interview

BSDTalkWill Backman, who produces and hosts the great BSD-related podcast "bsdtalk", interviewed me last week. He had interviewed a lot of developers and wanted to get input from a BSD user/admin, like me.

You can download the mp3 or ogg files of the interview. Or, better yet, subscribe to the podcast at iTunes. And, make sure you digg his podcast.

Leading up to the interview, I was fine, but as soon as the phone rang, I was nervous. My throat went dry. Instead of thinking of the conversation I was having, I was thinking of the people who would be listening to it.

We talked about how I use OpenBSD at work, how open to free/open source software we are at work, the difficulty in finding people with BSD skills and how I use OpenBSD at home. And I did mis-speak when I said "mimeassassin" instead of MIMEDefang.