Midnight's Journal

http://scoreboard.keynote.com/scoreboard/Main.aspx?Destination=NTT

The current latency for tier 1 providers on the Internet.

Over the weekend, I connected mDNSResponder in src to the build.  mDNSResponder is apple's implementation of multicast DNS. 

Currently, the mdnsd and dnsextd daemons as well as the command line tool dns-sd are available.  I've also included the libdns_sd library.

FIles are located in src/contrib/mDNSResponder and src/apache/

MidnightBSD 0.3-CURRENT now includes Apple's libdispatch.  With libdispatch, you can create  multithreaded applications with ease.  

The current port does not include blocks support.  We plan to add llvm to the base system in the future.  At that time, we'll setup libdispatch to work with blocks.

We have a new mirror for midnightbsd.  The download page has been updated to reflect the removal of the EMU CS department mirror and the addition of the new mirror.  I also updated most of the metalink files for releases as well.  

Another place to get MidnightBSD :) 

Well i decided today was make-up day for losing a good part of my sunday to work.  I just bought the QuakeCon2010 pack on steam.  It includes fallout 3, quake *, Doom *, Hexen *,  RTCW, Spear of destiny, elder scrolls 3 & 4, heretic, commander keen and call of cthulhu: dark corners of the earth.  I figured that fallout 3 is close to the same price, and i got a lot of old games.  

I got a magus run started on ds9 and i'm answering questions via jabber, otherwise i'm just relaxing today. 

I haven't written about LDAP for a few years.  I've been asked to do a samba setup at work with LDAP.  I decided to document some of the steps required on FreeBSD.

Install samba port (i used 3.4.x)

install smbldap-tools (command line tools to help with user management)

install nss_ldap and pam_ldap ports.  Make sure you can resolve accounts from ldap using id and getent group or else samba will not authenticate.

Configure /usr/local/etc/ldap.conf (and make sure it's linked to nss_ldap.conf)

Modify /etc/nsswtich.conf ; on freebsd 8 remove the compat entries and switch it to files ldap for passwd, group and shadow.  When the compat keyword is used, nothing else works according to nsswitch.conf(5). 

Setup your LDAP directory.  If you configure the smbldap-tools properly, you can use the smbldap-populate command to create all the required parts of the ldap database.

Configure your shares and other settings in smb.conf (although part of this must be done before smbldap-tools works right)

optionally setup swat out of inetd via /etc/inetd.conf

This is by far not complete and should not be considered a "secure" setup but it does seem to work so far. 

In smb.conf you would have something like:

passdb backend = ldapsam:"ldap://ipaddresshere ldap://secondipaddress"
 

ldap user suffix = ou=people
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
 

I just posted the first AMD64 snapshot to the FTP server for CURRENT since 0.2.  It does not include mports or packages, but will allow you to install MidnightBSD 0.3 to get up to date hardware support and try out features such as mport tools / libmport, and ZFS.  

This month's BSD Magazine features an article by Lucas and Caryn Holt about MidnightBSD installation.

http://download.bsdmag.org/en/BSD_as_operating_system_BSD_08_2010.pdf 

Yuck.. linux server ran out of disk space. installing new raid volumes now

status of raid 1:

mdadm --misc -D /dev/md3

installation howto from ubuntu:

https://help.ubuntu.com/community/Installation/RAID1%2BLVM

useful site on lvm:

http://www.linuxconfig.org/Linux_lvm_-_Logical_Volume_Manager

http://jonripley.com/brainfuck/  and  http://en.wikipedia.org/wiki/Brainfuck

brainfuck(1) has been added to MidnightBSD.  Check it out.  

yum install cyrus-sasl-plain  is your friend.  THis fixes the mail vrfy blah blah error in the logs when you setup sendmail + saslauthd and you try to get thunderbird to auth properly. 

This bugged me for two days and there are hundreds of incorrect posts about using RELAY rules.  It's insane.

 did not issue MAIL/EXPN/VRFY/ETRN during connection to TLSMTA  fix is again to install the right cyrus sasl auth plugin from yum. 
 

I finally got a chance to beat Half Life 2 Episode 2.  I've been half way through it since last year.  

The devel/llvm and devel/llvm-devel mports have been updated to 2.7 and 2.8.  lang/llvm-gcc4 is now at 2.7 as well.  We've also got a binutils 2.20.1 port now in devel/binutils.   

One of my coworkers pointed out the inherit insecurity of WPA on Wifi devices the other day.  I knew that WEP was insecure, and I figured there were problems with WPA, but I didn't realize how easy it is to break it. 

WPA (and WPA2 -PSK / personal in apple lingo) use a secret key that can be up to 63 characters.  Many people don't use a full length key.  Others use a dictionary word or some other easy to deduce key.  

Apparently, in the protocol for WPA, the initial handshake (communication between your pc/mac and the wifi router) transmits something (well the hash of the key effectively) that can be grabbed in the air.  An attacker can grab this and then run a program offline to determine your WPA key.  He can later join your network.  

At this point, assume all wireless networking is insecure if you weren't already.  

Tips to make it harder to crack:

1. Use the maximum length or as close as you can for the private key

2. Use random characters, a generated key from one of the many online sites is better.  Don't use something obvious like "luke & caryn's wireless".   No, i've never used that.

3. Enable MAC address filtering (not to be confused with Mac computers)

4. Change your key periodically.  You never know who's on your Internet connection.

5. Use AES with WPA if it's available on your router. It's a little harder to crack.

Reasons you should care:

1. Someone can download illegal or offensive content and it came from your ip address.  You could go to jail or have an unpleasant search situation.  

2. You're paying good money for your internet connection, why should your neighbors freeload? Do you let your neighbor steal your cable too?

3. War driving.  Just google it.