|
|
HomeGraffitiAboutSitemapVisualDevWork
Email BrianGPG Key |
GRAFFITI -- December 13, 2004 thru December 19, 2004>> Link to the Current Week <<Last Week << Mon Tues Wed Thu Fri Sat Sun >> Next Week Welcome to Orb Graffiti, a place for me to write daily about life and computers. Contrary to popular belief, the two are not interchangeable. About eMail - I publish email sometimes. If you send me an email and you want privacy or anonymity, please say so clearly at the beginning of your message. |
 
|
MONDAY
Tues
Wed
Thu
Fri
Sat
Sun
December 13, 2004
0709 - Good morning. As I promised myself, I finally spent some quality time with the OpenBSD Packet Filter tools. There's ever so much more to learn, but I made a good start. I setup a mini-VMware network on Dangua, the Sony laptop. In one machine I was running OpenBSD with two interfaces enabled. One was pointed outwards, getting a dynamic IP address from my home DHCP server. The "internal" interface was "touching" a virtual VMware network (in this case vmnet3) which exists only inside the machine. That's the machine I configured as a NAT firewall, for my first experiments in PF.
The firewall side of things, with rules being matched (and the intrusion of
SSH connection syslog entries) echoing on the screen.
The second OpenBSD inside a VMware machine was running as a NAT client of the first, with just one interface, also touching vmnet3. I read the man pages and found resources online and read those and started building a stock firewall. Well, I did quite well. For a while there, nothing was moving inside or out. It turns out that one adopted sub-set of rules that makes a lot of sense, blocking "private" ip ranges (as defined by RFC1918: 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16) from traversing the external interface was causing me trouble. I put them into my ruleset because of course I'll want them in whatever final "product" I develop, where the external interface is touching the outside world. Um, but they're a bit of a problem for a test network build inside one of those private networks. I flailed about for a little while, and figured out how to view PF in action before I finally awakened to the truth and commented those particular rules out for the time being. Then I was able to use the inside machine to touch the outside world, and nothing of the outside world could get in, except for SSH to the firewall itself.
The "client" side of things, with Google accessed via NAT connection through the firewall(s).
Of course, this setup heavily protects the innermost box, with two layers of NAT, through two vastly different implementations. This is what I refer to as double-condom computing. It's a meme that's never caught on, but the image works for me...
Tonight we bowl. Well, we at NFR do. Marcia wouldn't even if it wasn't an employee's only event. That's because this is at the specific bowling alley where Marcia blew out her first knee, several years ago. She was here for a sales team meeting, and they went bowling. There Marcia's knee uttered it's very first big crunch. So she'll be trying to not even think about it. Since fun is nominally to be had later, there's plenty of work to occupy me between now and then. So I'll be on my way. Ciao!
Mon
TUESDAY
Wed
Thu
Fri
Sat
Sun
December 14, 2004
Current Listening: from a recent KFOG Live from the Archives, Lyle Lovett: Church.
0644 - Good morning. Yeah, I actually took the time to push the play button on XMMS this morning. I mean, it's not like I'm moving very quickly or anything. It's bloody amazing that I stir at all, really. Our company party last night was at Strike Bethesda, a bowling alley in ... Bethesda! Food and fun, yeah, baby. I bowled perhaps the equivalent of over 4 games, between practice before the tournament started, and then 2.5 games in the tourney. We won! That is, four of us, teamed randomly, won the tourney. That included perhaps the best bowling I've ever done, and the first time back bowling in well over 15 years. In the first game, I picked up the first four spares, and through the whole thing, perhaps 6 per game, and three strikes. A gift certificate to Best Buy for each of us on the winning team. That's small consolation now, given the pathetic state of my legs. I can walk again, though, and it's much better than last night when I was having serious trouble with the stairs after I got home.
I did an XP SP2 upgrade yesterday, and that went pretty well. So I'm batting .666 on the SP2 upgrade stats column. Today I've got a security class of one to teach, and a variety of other tasks, including an scp-only account setup. Hmmmm, I think I used to know how to do that. I'd best start hobbling my way towards work, if I'm lucky it'll be before noon by the time I get to the car. I'll be taking it really slow, because it may take geological time to get my foot from accelerator to brake pedal. Wish me luck!
Mon
Tues
WEDNESDAY
Thu
Fri
Sat
Sun
December 15, 2004
0641 - Good morning. In the run-up to year's end, the pace seems to be picking up. Look, it's Wednesday already, and yesterday was Windows patch day. Here's a quotable I found on the ISC Handler's Diary at SANS yesterday:
|
Please don't let my observations imply any sort of disdain for conscientious Tuesday patchers or those forced to admin Windows boxes. I greatly admire the sacrifices you make in order to keep the Great Old Ones from devouring the net. |
Indeed! But today was devoured by other issues. I'm getting the winboxen up to snuff, but that's in addition to the assorted infrastructural and other institutional items on my task list.
<quote>
....because it may take geological time to get my foot from accelerator to brake pedal. Wish me luck!
</quote>Shouldn't we rather be wishing luck to all the other drivers out there ... <G>
--
Kind regards,
Sjon Svenson
Um... shut up. Heh. Yes, I'm still walking funny, and that's no joke. The good news is that I'm not suffering from SDS (Sedentary Death Syndrome, the affliction of the amazing phototropic man and his kin). I said that I'm moving better than George Burns, but that's only because he's dead, now. Speaking of dead (or rather, not dead yet), I hear that Dick Clark is finally not going to be hosting one of the New Year's Eve celebrations this year. I understand that that Ancient One had a stroke about a week ago. The downside is that some shouting young punk named Regis Philbin is filling in for him on very short notice. I guess Regis didn't have a date for the evening, and so was free... Blessings upon the hearth of The Bandstand Man, that he may recover and celebrate another 400 years of Music With Rocks In.
Current listening, from another KFOG Archives, Ms. Patty Larkin: Johnny was a Pyro ... Quotable: "Yeah-yea ... yeah! But it just goes to show, it's not a good idea to get married on a dare. No, it's really not. It's also not a good idea to piss off a song writer."
And on that note (rimshot), I'll call this a post and bid you good morning once again. Adieu!
Mon
Tues
Wed
THURSDAY
Fri
Sat
Sun
December 16, 2004
0650 - Good morning. No time to dally, I've an ancient Red Hat 7 box running Bugzilla that I need to update to something in this century, and I need to get going, after sleeping in a little later than I expected. Outside it's a balmy 17° F and likely to rise only to the mid-thirties during the day. The weather liars think it's possible we'll have our first snow by late Sunday into Monday morning, but they won't commit. Now I must fly, have a great day!
Mon
Tues
Wed
Thu
FRIDAY
Sat
Sun
December 17, 2004
0658 - Good morning. I've got an appointment to get to first thing this morning, I've got to get out of here in a minute or two. Once that's done, at work I've got to deal with a troublesome Audix box that is still pitching fits. Yesterday it died twice. The first time we just restarted, the second time, just before 5 PM, we did surgery ... oh, no CPU fan. That'll have a bad effect. So I replaced the CPU fan and it came right up and seemed happy. But two hours later it died again. I know because the box we set to monitoring it said so. Today, maybe a whole brain transplant. But there are three ISA cards in this system. Well, gotta go. Have a great day...
Mon
Tues
Wed
Thu
Fri
SATURDAY
Sun
December 18, 2004
1112 - Good morning. The Holiday spirit continues to flow around here, although it may just be laquer thinner. At left, another snap of the Tree, since last week's shot was so dark. At right, we've a Santa standing duty in the foyer. Due to an unfortunate accident with a chipper/shredder, this particular Santa was shy one right arm. The Elves in the workshop carved out a little time from their busy toy-making schedule to craft a sort of replacement for our little buddy. But it was early morning, after staying up late watching Terminator 2 three times in a row. So our guard Santa found himself later that day with a SkyNet robot inspired Arm Nouveau. Marcia seems virtually repelled by the replacement, saying she'd rather just drape his right side, romanesque. She says no one notices that way. By way of demonstration, I pulled my arm inside my shirt and tucked it behind my back. Turning side to side as the sleeve swung back and forth, I noted that the missing arm was hardly even missed ... and fell over laughing. Not to mention that I've never, ever seen a Santa in a toga. However, using Google to confirm that last statement lead to a bunch of work-unsafe holiday-themed lingerie links.
On the technophile front, I installed PHP 5.0.3 last night here. That's the latest release of the 5.x series, fixing a small boatload of bugs and security vulnerabilities. The 4.X series, commonly run on many public webservers, also has a security update release. Read the details here. We're updated here on Zidane, and you ought to take care of your servers, too. As I write this, I'm working up an "rpmbuild" scheme to get updated RPMs on other servers I watch over, faster than the distro can.
But back on the original tack. I've installed PHP5 here on Vimes in order to start working on my PHP5 and MySQL Bible book that I picked up the other day at the discount book place. I've hardly cracked it, but I want to spend time working on the version that's going to be viable for the next three years of so -- that's different in many small details from the PHP4 recommended coding practices and features.
We've also got cleaning to do today, and other chores. Meanwhile Lucy is frantically and most annoyingly, loudly, protecting us from the cat strolling back and forth along lawns across the street. The cat must know the effect it's having, aside from causing deafness in us, Lucy is clearly loud enough to be heard by animal ears two or three blocks away. Okay, I'll be off now, have a great day!
Mon
Tues
Wed
Thu
Fri
Sat
SUNDAY
December 19, 2004
1804 - Good evening. Yeah, first snow of the season, as predicted by the usually unreliable ones. We've had a busy day here that started slow. After dragging out of bed at the ungodly hour of 0923, and praising the dogs for letting us sleep so late, we did pretty much nothing until nearly noon. Between us, Marcia and I got most of the house sparkely clean yesterday, and today we are paying the price for the activity. By noonish we were ready and headed out to do the weekly shopping. Then I spent the balance of the afternoon working through the rest of the QC1 draft of Bob and Barbara's latest book. Now I'm done, the comments are emailed, and the snow has started. It's time to feed the dogs supper, then my turn, I think. So have a good evening, see you next week.
Last Week << Mon Tues Wed Thu Fri Sat Sun >> Next Week
Visit the rest of the DAYNOTES GANG, a collection of bright minds and sharp wits. Really, I don't know why they tolerate me <grin>. My personal inspiration for these pages is Dr. Jerry Pournelle. I am also indebted to Bob Thompson and Tom Syroid for their patience, guidance and feedback. Of course, I am sustained by and beholden to my lovely wife, Marcia. You can find her online too, at http://www.dutchgirl.net/. Thanks for dropping by.
All Content Copyright © 1999-2011 Brian P. Bilbrey.
Except where otherwise noted, this site is licensed under the
Creative
Commons Attribution-Noncommercial-Share Alike 3.0 United States
License.