2014-11-05

Book review - The Book of PF 3rd Edition

PF has always been my "only" choice of firewall when I'm on OpenBSD or FreeBSD. My PF kungfu is just enough to use it as a host firewall though. Recently I needed to level up my PF skill in order to use it on one of my hobby project. This book came in the right time.

Since I'm using OpenBSD, the excellent manual & FAQ at www.openbsd.org would have what I needed. But the commercial offering (of this book) illustrated PF differently and with much more working examples. This means my homework is already done mostly, leaving me to read and "realized" the knowledge. :)

This is a short summary on what I found interesting while reading this book:

2013-09-16

What's worth - week 34, 35, 36 & 37

This post is so disqualify as weekly post. Apparently I'm busy with real world but in fact, I need to build up this habit to sit down and organize what I've read and post it up here.

Anyway, here's the archive of links & reads for what's worth:

2013-08-29

What's worth - week 32 & 33

Last seen on fortnight ago and still lacking reading time. Here's two weeks of what's worth:

2013-08-16

What's worth - week 27, 28, 29, 30 & 31

Finally get the chance to put in these links. "Busy" is the usual excuse, lack of discipline is the real cause :p

So much for nonsense, here's the link accumulated for the passed weeks (if not months):

2013-07-06

What's worth - week 25 & 26

For the past 2 weeks, meat space have been a busy but very interesting one. Much to my realized the world without BSD are wild & unstable, but yet surprisingly interesting. I wouldn't recommend anyone with less sanity to spare but if you must have a dangerous adventure, try linux kvm on a (mere) load average of 38 with dual six core processor. All process curse & swear.

Worse, even after so many iterations of versions, the BSOD stalks me forever. Why must they keep pushing me to BSDs? Daemons, I miss you so much.

Enough bitching, readings for the past 2 weeks have been low and I'm combining week 25 & 26. Nonetheless, my time was well spent on these links. Here's what's worth:

2013-06-18

What's worth - Week 24

This blog hasn't been updated as ofter as it should. That doesn't mean I'm abandoning. I'm still lurking on the internet, poking my nose around here and there.

I routinely read Justin's Dragonfly BSD Digest and particularly fond of "Lazy Reading" weekly post. He'll talk about the list of interesting stuff he finds on the internet and share it with the readers. I'm copying his idea to fuel my updating of this blog.

For what's worth, here it goes:

2013-05-17

Book review - DNSSEC Mastery

For the past few days, I've spent most of my reading time with a new book titled DNSSEC Mastery. The author of the book is Michael W. Lucas, again (from my not too long ago book review blog post, Absolute OpenBSD 2nd Edition). He's now one of my favorite tech book author, upgraded from "favorite blog author". The "upgrade" was done after reading another of his new book published by No Starch Press, Absolute OpenBSD 2nd Edition. This review is the result of my reading of DNSSEC Mastery. It may not be the whole truth, but at least this is what I've understand from it.

Here it goes:

2013-04-26

Book review - Absolute OpenBSD 2nd Edition

If you're following BSD related news, you probably would have know about Absolute OpenBSD, 2nd Edition. The author is Michael W. Lucas, well known for fantastic technical books (Absolute FreeBSD, Network Flow Analysis, SSH Mastery, DNSSEC Mastery & others ). A while ago, I got hold of this book, Absolute OpenBSD 2nd Edition (in short, AO2E), and spent some time on it. These are my findings, it may not be the whole truth but it is definitely how I understand it.

2013-04-14

Absolute OpenBSD, 2nd Edition - Book auctioning

By now, everyone living in the BSD world would have known that Michael W. Lucas new book on OpenBSD is going to be release soon. By soon, I mean there's a couple of weeks more to go. If you have been following Michael's blog or read his technical books, you would probably have a taste of his writing style. Which suits my taste a lot.

Michael is auctioning "a" copy of Absolute OpenBSD, 2nd Edition book, with all proceedings going to OpenBSD Foundation. The OpenBSD Foundation pay bills so that the project continue to shine.

If you have a few spare zeroes in your bank account and really want,

- the very first copy of Michael's book, with all the proofs
- or, to show how much love you have for OpenBSD
- or, to redeem the guilt of ripping off OpenBSD for all these happy years of using it

move your mouse over to "Place bid" and press it at the auctioning page. The money you pay for the "clicks" & the book, will go into funding of making OpenBSD better. Not to forget the bragging rights of owning the very first copy of Absolute OpenBSD (2nd Edition) with "Certificate of Authenticity" that Michael promised to put on it.

Okay, if you don't have that much zeroes in your bank account and would really like to have a copy of the book (not the shiny first copy though), you can still do a bit for the OpenBSD project. Get the book from OpenBSD website and some of the money will go into making OpenBSD better.

Au revoir !!!

2013-03-04

vim - improving vim skill by breaking arrow keys

Improving vim skill have a new way, "breaking" the arrow keys on the keyboard.

No No, not literally! Just disable them by assigning "no operation" to the arrow keys stroke. This will render your arrow keys useless when you're inside vim editor, thus forcing you to stick to h, j, k & l key to move around.



Put these into ~/.vimrc:
noremap <Up> <NOP>
noremap <Down> <NOP>
noremap <Left> <NOP>
noremap <Right> <NOP>

If this is not dramatic enough, I foresee I'll put these in as well:
noremap h <NOP>
noremap j <NOP>
noremap k <NOP>
noremap l <NOP>

further forcing myself to use keys like "w", "b", "e", "ge", "W", "B", "E", "gE", "f", "F", "t", "T", ";" & ",". To decrypt those characters, check out ":help word" in vim editor.

Via here then here.

Adios!

2012-12-28

FreeBSD Foundation - 2012 Year-End Fundraising Campaign

Just did a quick check on the targeted $500k donations and FreeBSD Foundation have made it!
As of this post, FreeBSD Foundation have managed to surpass it's 2012 fund raising goal by $184 905, at the total of $684 905.
This is no doubt a great news to the end 2012 and I look forward to see more of these contribution towards FreeBSD Foundation, funding my favorite operating system FreeBSD.

Merry Christmas & Happy New Year !!!

AboutBSD.net - outage


This is all purely my fault as I was updating mysql-[server|client] then detach tmux, and forgot about it. I definitely need nagios to monitor AboutBSD.net. Sorry for all the inconvenience caused.

2012-07-27

AboutBSD.net - Layout changes



Just did a wordpress theme change for a facelift to http://aboutbsd.net.
Probably there will be a few change on the background & header.
Do let me know if you have any suggestion.

2012-07-20

Scratch of the day - How to disable mouse gesture in Firefox on OS X

Starting from OS X snow leopard (10.6) to Lion (10.7), Firefox have a mouse gesture of swiping 2 fingers left as go back a page in history & swiping to the right as go forward a page in history. Some times it is too sensitive as I scroll up & down in text reading would also trigger this behavior. Then I need reload the page again to get back where am I.

Search in Google & Duckduckgo doesn't yield much useful instructions. But out of a sudden a bulb lights up, this could be due to the mouse gestures that is being mischievous all these times!

It turns out that turning off the "Swipe between pages" in Mouse -> More Gestures does disable this mischievous behavior. :)

Arrivederci !!!

2012-07-13

Scratch of the day - php throwing stricts error on browser

Today, I had to setup a Postgresql database server with phpPgAdmin web interface. While visiting the web interface for the first time, this error message appears on the top :







Strict Standards: Only variables should be assigned by reference in 
/usr/local/www/phpPgAdmin/classes/database/Connection.php on line 23

Warning: Cannot modify header information - headers already sent by 
(output started at /usr/local/www/phpPgAdmin/classes/database/Connection.php:23) 
in /usr/local/www/phpPgAdmin/classes/Misc.php on line 540

Seems like php 5.4.4 imposed some extra measure as best practice.

Although phpPgAdmin works as usual, the error message is annoying. Plus, it is kind of bad to show what potentially can be exploit.

To turn off these error messages, just tweak the below parameter in /usr/local/etc/php.ini :

2012-05-16

Scratch of the day - ssh transfer from server to server

There's 2 servers which configured only my workstation is able to login using ssh keys. But I need to transfer files between these 2 servers. Downloading from server A to my workstation then upload the files to server B seems to be way. It would be good if I can combine the 2 operations into 1 single execution.

With shell's pipe, cat & ssh, this is what I've come up with :
ssh bob@server-A.example.com "cat /source/file-or-directory.txt" | \
ssh bob@server-B.example.com "cat > /destination/file-or-directory.txt"

Shalom !!!

2012-05-11

Scratch of the day - exclude logging to /var/log/messages

After telling dhcpd to log messages to local7 of syslogd, "uid lease" messages are still being log in /var/log/messages. This is because by default, syslogd logs "notice" level and above to /var/log/messages.

If you don't wanna see these messages in /var/log/messages, which it has already log to /var/log/dhcpd.log, include the log level "none" that tells syslogd logs to /var/log/messages. This assumed that dhcpd is configured to use log facility "local7" in it's config file, that output all messages to /var/log/dhcpd.log.


Example :
(in /etc/syslog.conf)
----- snip -----
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err;local7.none   /var/log/messages
----- snip ----

Reload syslogd and monitor /var/log/messages & /var/log/dhcpd.log :

/etc/rc.d/syslogd reload

Namaste !!!

2012-04-13

Scratch of the day - ISC dhcpd is complaining about subnet declaration

Just now, restarting the ISC DHCP server, after adding new subnet, spill out some error messages :
No subnet declaration for gem0 (192.168.168.168).
** Ignoring requests on gem0.  If this is not what
   you want, please write a subnet declaration
   in your dhcpd.conf file for the network segment
   to which interface gem0 is attached. **

Sending on   Socket/fallback/fallback-net

This is because the DHCP server doesn't find any "subnet" declaration on the IP used on interface gem0. Tell DHCP server to listen on the intended interface by putting the below line in /etc/rc.conf :

dhcpd_ifaces="gem1"

This will make DHCP server listen on "gem1" and ignore listening on "gem0".

Adios !!!

2012-04-09

Scratch of the day - arpresolve: can't allocate llinfo

Today, one of the server was uncontactable after a network switch flood incident. All other servers are working fine except this one. Log into this server through the console, reveals :
- ping to gateway is fine
- ping to a host outside this network failed
- ssh connection to same segment is fine but not beyond gateway





/var/log/messages has a dozens of dozens of these :
Apr  9 00:30:01 hostname kernel: arpresolve: can't allocate llinfo for 10.0.0.1
Apr  9 00:31:00 hostname kernel: arpresolve: can't allocate llinfo for 10.0.0.1
Apr  9 00:32:00 hostname last message repeated 15 times 

It looks like connection from this server to machines within it's own segment is fine but other then that, all are unavailable. Another thing, machines connected before initiated from this server to it, is fine. Connections from other server within own segment to this server (if NOT initiated by this server before) still failed.

After some googling, it seems like a patch is needed to fix this error :
http://lists.freebsd.org/pipermail/freebsd-net/2011-August/029687.html

Since the arp cache might be leaking and causes the table to be corrupted, a reboot is needed for the network stack to work. After reboot, the usual patching applies.

The moral of the story, updating FreeBSD is as important upgrading ports. :p

Ciao !!!