Free Daemon Consulting Newsletter Page
11/01/2005 - October Newsletter
In this edition...
From the Editor..
It seems there are many people who enjoyed reading this newsletter, thank
you for your support. It also seems a few individuals did not wish to
receive notification of new installments of this newsletter. To them,
I sincerely apologize. To anyone else who does wish to receive notification
of future editions of this newsletter, drop me an
email and you'll be sure to receive
notification in future months.
I discussed RAID in the
previous newsletter. After a few comments, I feel I need
to clarify slightly the situation with
and various RAID implementations. There is only one RAID hardware controller,
has the glue code for bioctl(8). No other RAID hardware uses bioctl(8) for now. Partly,
this was due to lack of documentation. Specifically, Adaptec documentation is desired,
but none has been provided.
The "Hackers of the Lost RAID"
song, released with OpenBSD 3.8, has wording and commentary that spell out the full
details. Of course, if you can convince vendors to provide documentation that would
be welcomed! Stay tuned to future "Changes in `-current'" sections, in which I will
mention if OpenBSD does manage to implement any bioctl(8) support in other hardware
Even though today is November 1st, this is still the October newsletter.
One way to think about this discrepancy is to think that real newsletters,
even if sent in October, may not arrive until November. In reality, I try
to work on these newsletters after I've worked on requests from clients,
and have been slightly busy in October, hence this months delay.
My goal, however, is to get each monthly newsletter done prior to
the end of each month *knocks on wood*.
Now that the first edition is out, the old adage 'hind sight is 20-20' has
reared its head. In covering a wide range of topics from the last
newsletter, it seems appropriate to create a topic
for each section and focus on one or two things per topic. To that end,
you will note each article has a two part title, its topic, and the specific
item it covers. Hopefully this will create some organization and permit
this newsletter to branch out in uniquely different directions each month.
Thanks for stopping by, I do hope you find this information timely and useful!
Back to the top.
Latest Stable: 3.8 Released November 1, 2005
The current `latest stable release' has been released as OpenBSD 3.8 today,
November 1, 2005.
Look for more in-depth coverage of the latest stable release of OpenBSD in this section
in future months.
Be sure to read Theo's
for the details; OpenBSD 3.8 is released today! Those of you who pre-ordered should have
your CD's by now.
Updating to this latest release is simple due to the install script's update
Lots of new goodies to talk about in upcoming editions of this newsletter. For now,
I leave you with the overview of the
Back to the top.
Changes in `-current': failover trunk(4)
First released in OpenBSD 3.8,
is used to aggregate multiple network interfaces as one virtual trunk interface. In
English, this means you take two network cards, plug them both into the same (or a different
switch) and you continue functioning even if you unplug one. As released in 3.8, the
trunk(4) interface implemented a simple roundrobin protocol.
New in -current, there is a failover protocol. This permits specifying one of the network
cards as the master, and a secondary one to be used if the primary one is observed to
be unplugged. One ingenious use of this new feature is for users who bridge their
wireless network and wired networks. One may use a trunk interface to assign the IP
address of a laptop. The trunk interface then in turn uses the ethernet interface of
the laptop as master, and the wireless interface as the failover port. Unplugging the
laptop to go sit in the breeze on the porch permits no connections to be reset, while
returning to plugin the wired network permits a download from a local server to greatly
increase in speed.
Servers will likely want round-robin which also permits to aggregate bandwidth. This
means faster than 100mbit speeds with multiple 100mbit ethernet cards, for example.
Back to the top.
Security: Scams Going Phishing
Have you seen the term 'phishing' ? You may have heard it, but not spelled this way.
The official first use of this term was, according to
1996, meaning to 'fish' for users. Today, it is a menacing plot by many wrongdoers
who wish to steal, anonymously, your
and bank accounts.
As listed on the Fraud Watch International website, there are some
you can take
to avoid falling into phishing scams. There is, unfortunately, no guarantee, just good
habits to avoid most common traps. For some, some of the steps will be irrelevant. Only
Microsoft users need to load anti-virus or anti-spyware (steps 3 and 7), because the rest
of us who do not use Microsoft do not have to worry about such. See
the Desktop Software? article in this newsletter for details.
It seems they are everywhere. Scams are not new with the Internet.
However, the ability of scam artists to get them into your mailbox truly does
I'd like to talk a little about how email works, since a lot
of people I talk to ask questions that make me realize this is not widely
You see, every time an email gets delivered, it has gone through some form of
mail server, and likely several, before it gets delivered to your inbox.
You may not even realize it, but there are a number of parallels between the real
postal (some call it the `snail mail system') mail system and its electronic
In the `hardcopy' postal system, the envelope typically has two addresses.
One is who the envelope is from, and one is who the envelope is to. Anyone can
realize that they could fill out an envelope that looks like this:
1 Ducky Lane
Hollywood, CA 12345
1010 10th Street
Somewhere, OK 73129
... and so long as the destination address is fine, the sender address can be
as bogus as you want it to be. Also, the inside of the envelope, the letter itself,
need not match what the outside of the envelope says. Yes, it is normal to do so,
but not a requirement.
The same things I mentioned above with the postal system is true for the electronic
email system. It is possible to have the envelope saying 'from: firstname.lastname@example.org' and
'to: email@example.com', but the actual letter says 'From: Jane Smith <firstname.lastname@example.org>'
'To: email@example.com'. Most mail systems verify that the domain 'hollywood.ca'
exists, but do little more than this. And they cannot. So long as the envelope 'looks'
ok, the rest is up to the person sending the email.
So, if you ever have received an email, and thought 'oh my, this does not even
contain me in the "To:" or "Cc:" lines, how did this arrive in my inbox?', the
above may help. You can even do something similar to the above by using what
most email programs call the 'Bcc:' line, or 'blind carbon copy'. If you send
email 'To: firstname.lastname@example.org' but you add to the 'Bcc:' line 'email@example.com' then
Jane Smith will receive a copy of the email, but will not see herself in the letter
itself. The mail server removes the envelope and delivers only the letter.
This is how email has worked for years, and trying to make changes is hard. Really really
hard. AOL and others are behind a standard trying to get domain owners to publish lists
of valid servers from which email may originate. This standard is called
'SPF'. Bottom line is, it permits mail servers
who choose to .. to say 'this envelope claims the sender is from aol.com, but the server
sending the message is not listed as a server at aol.com, REJECT!'. For the nitty gritty
details, an example of SPF information can be seen below for aol.com:
$ host -t txt aol.com
aol.com descriptive text "spf2.0/pra ip4:126.96.36.199/24 ip4:188.8.131.52/24 ip4:184.108.40.206/24 ip4:220.127.116.11/23 ip4:18.104.22.168/24 ip4:22.214.171.124/23 ip4:126.96.36.199/24 ptr:mx.aol.com ?all"
aol.com descriptive text "v=spf1 ip4:188.8.131.52/24 ip4:184.108.40.206/24 ip4:220.127.116.11/24 ip4:18.104.22.168/23 ip4:22.214.171.124/24 ip4:126.96.36.199/23 ip4:188.8.131.52/24 ptr:mx.aol.com ?all"
Unfortunately, there is not a consensus amongst the internet architects as to how to proceed.
Of course, Microsoft has to get in on the action too, so they have created a standard called
It seems to be par for the course that there is
in their standard.
Yahoo, also, has come up with a third standard called
DomainKeys, details about
this can be found under the microscope
in this eWeek
It seems that with all three standards competing for popularity, there is one major
hurdle none seem ready to jump. That hurdle is the fact that only those participating
in the new technology benefit. While change can happen quickly on the internet, the
mere thought of upgrading every mail server on the planet to new mail protocols and
technologies and updating all dns records for all domains that send or receive email
seems just a little overwhelming, and not likely to happen any year soon.
So, for now, it seems we are stuck with phishing attacks and spam. Some tools exist
that may make your life easier in that they can learn and automatically filter the
bad email into a junk box. Look for details in a future months' "Software Spotlight".
Back to the top.
Some conversations, you never forget. Such is the case with a friend of mine who said
"Todd, if you could come up with some way to get rid of the viruses and spyware
forever, you would become the richest man on the planet."
I was chuckling inside as I responded:
"Well, I do have a way. It is very easy. I use it myself."
Obviously interested, I got the expected response:
"Really? Why are you not a rich man yet?" came the reply.
"Because people would have to stop using Microsoft. They would have to install
some flavor of UNIX, my favorite is OpenBSD. There is a history of a learning
curve to setup and use UNIX. People would have to choose to learn a little bit
about how UNIX operates, install similar, but different than they are used to,
software. Still others would be upset that software is no longer available,
as there is a lot of niche applications only produced for Microsoft operating
systems. So, while I have the solution, and would be happy to point people in
the right direction, the real problem is that Microsoft has always been full of
holes and insecurity issues, always catering to users demands above security
concerns. UNIX does not do this. So do you want to try UNIX and get rid of
virus and spyware and adware?"
"No, I guess .. nevermind."
So, do YOU want to try UNIX and get rid of virus and spyware and adware forever?
Either way you answer that question, you may wish to glance at a few common tasks that
would need to be accomplished on an average user's desktop, and consider the fact that
for most common tasks, alternate (non Microsoft) software exists. Not only that, but
it comes at the right price: for free!
You may wish to glance at the table below, and click on some of the links to see screenshots
of existing applications that work today to behave similarly to existing Microsoft
counterparts. For the purposes of this discussion, I'm limiting the UNIX examples to
graphical applications. Feel free to ask
about non graphical (faster, but text mode), if curious.
|E-Mail||Outlook, Outlook Express||
KDE's K Mail.
Sun's Open Office,
KDE's KWord from
Sun's Open Office,
KDE's KSpread from
Sun's Open Office,
KDE's Kexi from
|Instant Messaging||MSN Messenger||
|Web Browsing||Internet Explorer||
|Playing Multimedia||Windows Media Player||
and many others.
A few comments about the above. First of all, the list is not exhaustive. I am well
aware of other multimedia and document editing software for Microsoft, but I chose to list
their prominent application. Also, OpenOffice is not available natively for OpenBSD,
but to Linux and FreeBSD. Some applications, such as Thunderbird, Firefox, and OpenOffice
are also available for Windows. And finally, I limited the Database application to only
simple office usages. For anything more complex than something a secretary can
administrate and/or manage, one should consider `real databases' like PostgreSQL and MySQL.
Beyond the spyware, adware, and virus free nature of free software on UNIX, why would
anyone care? Some people, apparently, have concerns about a single vendor locking them
into a proprietary document format. If you have not heard, the state of Massachusetts
has created a
will utilize the OpenDocument standard.
Other people like the price of the software, free.
To address a comment I made in my quote above, some people cannot live without running
some of their existing windows applications. Call them legacy applications, if you will,
but there are reasons why one might wish to migrate to UNIX and occasionally run some
windows based application. Enter software virtualization. One favorite application of
Qemu that does virtualization. Generally, you can run
most pc based operating systems (including OpenBSD) inside the qemu window. Since it
simulates all the hardware, including the processor, it is roughly 1/4 the speed of your
native cpu. This means that for my 2.8Ghz laptop, the cpu inside is roughly 700mhz,
fast enough for occasional use. Another free virtualization software that permits you
to run windows in a window from a UNIX desktop includes
bochs, which is much slower than qemu.
While Wine (Windows Emulator) is
popular with the Linux crowd, a rather dated version is available for OpenBSD at this time.
In the non-free category, there also exists
VMware, a linux binary that must run as root and
insert a kernel module to function. While it is faster than the others, I will submit that
since I found qemu, I have stopped using VMware. Not seeing the code, not trusting binaries
that require root priveledge and kernel modules, and its non-free nature leave me with little
incentive to use it now that I have Qemu.
Finally, people like me like to support free software by utilizing, and when rarely
encountered, reporting bugs and helping fix them if possible. After all, the entire
free software movement exists precisely because many people around the world contribute
just a little bit of time and talent into something that goes back to benefit the world
In any event, it is my hope that this article has at least suggested that there are
free ways to avoid viruses, adware, spyware, and ultimately Microsoft, if one is
first made aware of and then willing to consider alternatives that do exist and
are being used by people all over the globe today!
Internet Tips: RSS, Blogs, and Aggregation
If you have never heard the term 'blog', 'RSS', or 'Aggregation', then article is for you.
Welcome to the 21st Century, or as some are calling it,
the term 'blog' is an abbreviation of 'Web Log' which first appeared back in 1999.
Today, blogs are all over the place. So are RSS icons. As well, there are many
versions of news aggregators. But what does this all mean?
To understand, let us turn back the pages of time to the beginning of what became
the web pages we understand and are familiar with today. Someone at
the University of Illinois at Urbana-Champaign decided that e-mail, file
transfer, and news groups were not the only thing one could use the internet for.
They created a subset of SGML known as HTML that we know today to be the
Hypertext Transport Markup Language. Web pages, simply put, were static
places to provide information that included graphics and formatted text.
Since that time, however, people have been making more and more sophisticated
web pages. Some make billions of dollars (e.g. Google.com), others provide
mapping engines, search engines, and many interactive user friendly venues
to find and search for information. At some point, people decided to start
creating short diaries on their web pages. Updated randomly from weekly to daily to monthly,
and some even hourly, short diaries on web pages were interesting little tidbits of
peoples lives they cared to share with others. As it turns out, they were referred
to as Web Logs, and shortened to the term used today, 'blogs'.
At the same time, news sites were offering news articles on the Internet. It became
cumbersome to visit 15 news sites for the latest articles, headlines, blog entries, etc.
To make things easier, a summary of the article title and first few sentences was
made available at each site. This is referred to as the RDF Site Summary, or 'RSS'.
The RSS feed at each site, however, is not consumed by a human. A program is utilized
to 'aggregate' these feeds into an interface that a human then glances at to find the
headlines from news sites or blog entries of the day, from whatever sites the person
normally visits. So, with one application, one can visit any number of news sites,
but simply do so by glancing at the headlines, all `aggregated' into one interface.
There are a number of applications that attempt to filter this information overload
that you can imagine happens when you find site after site you wish to 'follow' and
add to your 'feed aggregator'. Recently, Google announced its own
Reader, but they are not
alone in providing web pages that aggregate other sites. Before them, there was
C|Net's NewsBurst which suggests that you
'read differently' using their web interface. A program I use daily is a KDE
application called Akregator.
I noticed Mozilla Thunderbird permits 'News & Blogs' as a folder type, and you
can subscribe to RSS feeds and read the articles like a mailbox. It wasn't the interface
I like, but it may be to your liking.
With so much news out there, RSS feed readers will continue to evolve. I myself
an looking forward to the day that I can subscribe to a feed, but enable filters
to filter out specific types of articles.
If you are curious about the concept of creating your own blog, there are several
free sites out there, just
search for them.
Back to the top.
Philosophy: Change Management
Whenever someone says 'That is a really good idea!' it is usually true.
Whenever the above response happens time and time again over the same idea,
it might just be an idea I consider sharing here in the philosophy section of
This months topic is about change management. Change is always a part of our
lives. Everything changes, nothing stays the same. Even the huge pyramids in
Egypt are not in the same shape they were in when they were first built.
Since change is guaranteed, it makes sense to at least try to manage it in
a way that least negatively impacts our lives, whether at work or elsewhere.
Since I am a computer professional, the 'good idea' I would like to relate in this
article is about the timing of change. Change is inevitable, yes, but when possible,
scheduling change intelligently saves a lot of headache later.
Consider the following. You are in charge of a computer system that permits you and
many others to receive and send email. This is known as a mail server. You need to
update the software on it. When is the best time?
The best time may vary from place to place, and from admin to admin. But in general, I
have found that it makes the most sense to avoid doing major changes late in a Thursday
or on a Friday. It makes the most sense to avoid planning on doing major changes on a
Monday. It also makes sense not to make major changes before you, the person responsible
for a system, goes away on vacation. The reasoning for this is that, if you make changes
on Tuesday mornings, you will have the rest of the week to work out any un-intended
glitches that might happen as a result of your change. Trust me, you can plan till you
are blue in the face, and test till you are tired of testing, but the bottom line is,
a production system is a unique environment difficult to duplicate exactly in a test lab,
and there may be ways users use the system you did not even realize. Monday is not a good
time, because typically there is the mad rush of Monday catching up from the weekend. It
has been my experience anything I plan to do on a Monday ends up not getting done, due to
other competing priorities and tasks not done over the weekend. It has also been my personal
experience that the instant you require your home network, update your home server, do some
major changes to anything, and go on vacation, something will happen that makes that computer
system unavailable for the duration of your absence. It could have been a simple thing like
editing a startup script and making a typo to installing a new kernel and not testing it,
but it did get tested when that power outage hit, and oops, it did not work.
So, a word to the wise. Manage as many as your major (and minor) changes as possible on
Tuesday or even Wednesday mornings, not on Thursday, Friday, or Monday .. so you have the
best chance of troubleshooting the change on the clock, rather than being called away from
that dinner date Friday night, or the tantalizing steaming hot wonderful meal prepared by
you or your significant other. Trust me, been there, done that. ;-)
Back to the top.