Saturday, November 22, 2008

Cell Phone Etiquette Gone Wrong

No Cell PhoneWe've all seen them: people who don't pay attention or care about the people around them. I see people driving erratically because they're on the phone, having obnoxious ring tones loudly blasting at movies or at dinner, and people talking loudly at restaurants and, in this case, a doctor's office.

When I go to get my allergy shot, I have to then stay in the waiting room for 30 minutes to be sure that I don't have a negative reaction (Anaphylactic shock). At times there are loud kids or people having conversations, but today...

There is a sign at the front desk asking you not bother other patients by using your cell phone. As I'm waiting (only one or two minutes into my required 30), a father and his two young (8 and 10?) sons, who were there to get shots, come in and sit down. Almost immediately, the father takes out his cell phone and makes a call. People do it (no, I haven't) but they are usually courteous enough to keep their calls short and quiet. This guy was not quiet. And I could tell based on the conversation that it would be a long one. It sounded like an uncle catching up with a nephew about the nephew's family.

Friday, November 21, 2008

Redhat + Winbind = Yay

Red HatI've always known that Red Hat can use Active Directory for authentication and allow Windows users to log into Linux without having a local account, but I had never actually set it up.

Based on a large amount of research and trial and error, I found from different sites the bits and pieces I needed to make it work properly. Unfortunately, I don't remember which sites I used to gather my information, so I can't credit anyone.

Monday, November 10, 2008

Yaifo 4.4

OpenBSDAnnouncing YAIFO 4.4!

There are no new features in Yaifo 4.4 besides bringing Yaifo in sync with OpenBSD 4.4. Thanks to Seth for helping me test and finding some problems.

You can download Yaifo 4.4 from SourceForge.

Tuesday, October 14, 2008

Building Ports on a "Production" System

PuffyI am limited to one OpenBSD/amd64 box in my environment. And, unfortunately, it is my "production" server (at home).

So that I could build and test ports on my "production" server without installing millions of dependencies and polluting my environment, I set up a SSH-based chroot environment to build the ports.

Wednesday, October 8, 2008

2nd Install, 1 Disk

Here is the problem I'm trying to solve: I have an Intel Mac Mini that I'd like to dual boot multiple versions of OpenBSD. I need to be able to boot into another instance of OpenBSD remotely and without a serial port, I had to come up with a way to choose which OS I want to boot to.

I installed OpenBSD 4.4-current normally on wd0a (wd0b = swap, wd0d = /tmp, wd0e = /var, wd0f = /usr and wd0g = /home).

Here is how I set the machine up with OpenBSD 4.3 installed on wd0h.

Friday, September 5, 2008

Using VNC+SSH to help remote users

Recently, a BUG member asked about using SSH and VNC to remotely control a user's computer to help them with a computer problem. I wrote a quick explanation of how to do it. Since I took the time, I thought I'd share here too.

Saturday, August 30, 2008

Use a USB Flash drive to Install OpenBSD

PuffyMark Peoples has a very nice write-up for using a USB Flash drive to Install OpenBSD. It uses the first 8 MB of the flash drive for an OpenBSD partition and then the rest to use for storing files (Fat32) that can be accessed by many operating systems. I highly recommend reading it.

After following Mark's directions, stick the flash drive on a machine you'd like to install/upgrade OpenBSD on and boot to a USB drive. It should feel just like the process of using a CD or bsd.rd directly.

Updating the flash drive is easy as well: mount sd0a and download a new bsd.rd (as "bsd") to it.

Thursday, August 7, 2008

Print in Firefox 3

firefoxAfter upgrading to Firefox 3 on my OpenBSD 4.4-beta box, I noticed that I could not print anymore. I'm using the stock lpd(8) to print. When I brought up the print dialog box, it only showed "Print to File" option.

After quite a bit of googling, I found my solution.

Wednesday, July 30, 2008

Errata: 005_pcb for 4.3

PuffyThe OpenBSD team has released a new errata for 4.2 (014_pcb) and 4.3 (005_pcb) to fix a reliability issue with ipv6.

From the 4.3 errata page:
Some kinds of IPv6 usage would leak kernel memory (in particular, this path was exercised by the named(8) patch for port randomization). Since INET6 is enabled by default, this condition affects all systems.

I have made binpatches for 4.2 and 4.3 for i386, amd64 and sparc64.

Friday, July 25, 2008

The Dark Knight

The Dark KnightLast night, we went to see a fantastic movie. The latest in Chris Nolan's take on Batman, The Dark Knight. First... WOW! It was an all around good movie.

Christian Bale returns as Batman, Michael Caine is back as Alfred and Gary Oldman reprises his role as Jim Gordon. New to the cast are Maggie Gyllenhaal replaces Katie Holmes as Rachel Dawes, Aaron Eckhart joins as Harvey Dent and Heath Ledger is The Joker.

Thursday, July 24, 2008

Errata: 004_bind for 4.3

PuffyThe OpenBSD team has released a new errata for 4.2 (013_bind) and 4.3 (004_bind) to fix a security issue with bind (the name server in OpenBSD).

From the 4.3 errata page:
A vulnerability has been found with BIND. An attacker could use this vulnerability to poison the cache of a recursive resolving name server. (CVE-2008-1447)

I have made binpatches for 4.2 and 4.3 for i386, amd64 and sparc64.

Wednesday, July 16, 2008

xdm Trick

PuffyHere's another quick tip I've started using. Actually, I don't normally run X with xdm and right now I can't remember why I am on one of my boxes. But I am.

If you put xdm_flags="" in your /etc/rc.conf.local, xdm will start automatically during the boot process. This is probably what you want nine times out of ten. But, that tenth time, it's annoying when X starts and you didn't want it to.

Friday, July 11, 2008

rc.local trick

PuffyThis is really just a quick tip for (re-)starting daemons. Many converts from other operating systems complain about OpenBSD's lack of an rc.d or init.d structure to quickly re-start/stop daemons. Admittedly, it was a slight annoyance when I switched years ago. But, I've gotten used to either looking up a daemon's PID and killing it or using pkill(1). Then looking at /etc/rc.local to find the commands (and possibly /etc/rc.conf* for variables) to re-start the daemon.

Tuesday, June 3, 2008

4.3 binpatches for sparc64

PuffyI've finally put up binpatches for sparc64 (to accompany i386 and amd64).

The cumulative sparc64 binpatch for Errata up to and including 002_openssh2 for OpenBSD 4.3 is also available.

Undeadly - n2k8 Articles

n2k8Recently I had the privilege of publishing an eight part series of articles summarizing the recent Network Hackathon in Ito, Japan (n2k8) written by Mark Uemura (mtu@) with pictures from Tomoyuki Sakurai (sakurai@):

Sunday, May 18, 2008

Yaifo 4.3

OpenBSDAnnouncing YAIFO 4.3!

For the yaifo release accompanying OpenBSD 4.3, I decided to match OpenBSD's version number. From this point forward, only one version of yaifo will be active. I will not backport updates for older versions of OpenBSD... who is "upgrading" to older versions anyway? So the current OpenBSD release and some recent version of -current will be supported.

You can download Yaifo 4.3 from SourceForge.

Wednesday, May 7, 2008

Errata 4.3: 001_openssh, 002_openssh2

PuffyI've updated my binpatch page to include binpatches for OpenBSD 4.3 (i386 and amd64 only, right now).

I will continue for a while to create binpatches for both 4.2 and 4.3 until it becomes too much work.
At some point soon, I'll start supporting sparc64 4.3 binpatches.

Wednesday, April 23, 2008

Errata 011_openssh2

PuffyThe OpenBSD team released an OpenBSD 4.2 Errata entry for OpenSSH: 011_openssh2.

It is a SECURITY fix. The description is:

Avoid possible hijacking of X11-forwarded connections with sshd(8) by refusing to listen on a port unless all address families bind successfully.

I've made binpatches for i386, amd64 and sparc64.

Sunday, March 30, 2008

Errata 009_ppp & 010_openssh

PuffyThe OpenBSD team released Errata entries 009_ppp and 010_openssh for OpenBSD 4.2.

Both are SECURITY fixes.

For 009_ppp, the description is:

Buffer overflow in ppp command prompt parsing.

For 010_openssh, the description is:

sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) ForceCommand directive was in effect, allowing users with write access to this file to execute arbitrary commands. This behaviour was documented, but was an unsafe default and an extra hassle for administrators.

I've made binpatches for i386, amd64 and sparc64.

Sunday, February 24, 2008

Errata 008_ip6rthdr

PuffyThe OpenBSD team released an Errata entry 008_ip6rthdr for OpenBSD 4.2.

Quote from the henning@'s commit message:

MFC (mcbride)
Correctly check that we have a complete rthdr before trying to do m_copydata() on it.

I've made binpatches for i386, amd64 and sparc64.

Friday, February 22, 2008

Errata 007_tcprespond

PuffyThe OpenBSD team released an Errata entry 007_tcprespond for OpenBSD 4.2.

Quote from the henning@'s commit message:

MFC (markus)
when creating a response, use the correct TCP header instead of relying on the mbuf chain layout; with claudio@ and krw@; ok henning@

I've made binpatches for i386, amd64 and sparc64.

Wednesday, February 6, 2008

Errata 005_ifrtlabel

PuffyThe OpenBSD team released an Errata entry 005_ifrtlabel for OpenBSD 4.2 in January.

I guess a binpatch is better late than never.

Quote from the henning@'s commit message:

MFC, initial fix by Chris Cappucino, more complete fix by me:
make sure users of rtlabel_id2name() can deal with no label present, by not calling it when the label id is 0 (initial fix) and also checking for rtlabel_id2name() returning NULL (complete fix). original rtlabel code had that all right, the newer rtlabel bound to an interface code not.
impact: local users can cause a kernel panic by using the SIOCGIFRTLABEL ioctl on interfaces with no route label assigned.

I've made binpatches for i386, amd64 and sparc64.