Subscribe: Depth of Knowledge
Added By: Feedage Forager Feedage Grade B rated
freeswitch  list  notice switch  notice  openbsd  running  software  switch core  switch utils  switch  time  utils adding  windows 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Depth of Knowledge

Depth of Knowledge

Thoughts from a tech consultant

Updated: 2018-01-22T05:38:09.716-07:00


Telephone Call


I called my mom today.

Exciting news?  Well what's most interesting is that I did it via freeswitch running on openbsd-current (2014-11-26).

Lots of things to do still, like tidying up the make files, writing init scripts, writing the port make files and other techy things (hash tables).

Testing testing testing as well.

FreeSWITCH on OpenBSD - Project Status 2014-11-25


There is this thing called the y2038 issue. It's similar to the y2k bug, but in my opinion, much more likely to cause issues. If you have a moment read this 2013 paper on moving to 64bit time_t. So moral of the story is that openbsd has migrated to 64bit time_t and this is of course impacting software which casually depends on 32bit time_t.

The first time_t bug I squashed in freeswitch (at least on my openbsd shallow fork project thing) is in the extension registration code where it tries to update the registration expiration time in the registration db. The fs 1.2 code presumes that time_t is 32 bits by using printf %lu to build its sqlite query; at the same time as patching the code I improved its readability (in my opinion) and corrected a memory leak. This particular bug was easy to find since it was causing a segmentation fault, other similar problems may(will) be more subtle.

Anyway here's the patch. I've seen a number of other similar calls, which I will be auditing carefully.

FreeSWITCH on OpenBSD - Project Status 2014-11-20


Freeswitch is building and running! Not in a very stable fashion mind you!

I'm pleased that a lot of the setup work to build the software is functional now to the point that I can actually start stabilizing the program. Notably, most of the modules that I care about for my use case are now compiled and loading succesfully.

Still do do... well there is lots to do, mostly revolving around stabilizing for the time being.

First bug I've hit is when I try and register a extension, the daemon is segfaulting shortly thereafter.

Time for more fun :)

FreeSWITCH on OpenBSD - Project Status 2014-11-16


Thought I should mention that my Freeswitch shallow fork turns on and officially does things on OpenBSD now.Lots of fiddling to do:init scriptTighten up configurationCall and Load TestingPort a few more modules (some codecs mostly)Here is the output from running the vanilla upstream config, and shutting down after it starts.# fsd -nonat2014-11-13 11:52:07.599773 [INFO] switch_event.c:594 Activate Eventing Engine.2014-11-13 11:52:07.623802 [WARNING] switch_event.c:568 Create additional event dispatch thread 02014-11-13 11:52:07.812884 [INFO] switch_core_sqldb.c:3098 Opening DB2014-11-13 11:52:08.079475 [INFO] switch_core_sqldb.c:1449 CORE Starting SQL thread.2014-11-13 11:52:08.094839 [NOTICE] switch_scheduler.c:171 Starting task thread2014-11-13 11:52:08.103777 [DEBUG] switch_scheduler.c:219 Added task 1 heartbeat (core) to run at 14159047282014-11-13 11:52:08.105694 [DEBUG] switch_scheduler.c:219 Added task 2 check_ip (core) to run at 14159047282014-11-13 11:52:08.108272 [NOTICE] switch_core.c:1225 Created ip list default (deny)2014-11-13 11:52:08.108988 [NOTICE] switch_utils.c:313 Adding (allow) [] to list rfc1918.auto2014-11-13 11:52:08.109837 [NOTICE] switch_utils.c:313 Adding (allow) [] to list rfc1918.auto2014-11-13 11:52:08.110485 [NOTICE] switch_utils.c:313 Adding (allow) [] to list rfc1918.auto2014-11-13 11:52:08.111373 [NOTICE] switch_core.c:1233 Created ip list default (allow)2014-11-13 11:52:08.112252 [NOTICE] switch_utils.c:313 Adding (deny) [] to list wan.auto2014-11-13 11:52:08.112997 [NOTICE] switch_utils.c:313 Adding (deny) [] to list wan.auto2014-11-13 11:52:08.114487 [NOTICE] switch_utils.c:313 Adding (deny) [] to list wan.auto2014-11-13 11:52:08.115433 [NOTICE] switch_utils.c:313 Adding (deny) [] to list wan.auto2014-11-13 11:52:08.116184 [NOTICE] switch_core.c:1242 Created ip list default (deny)2014-11-13 11:52:08.117000 [NOTICE] switch_core.c:1244 Adding (deny) to list nat.auto2014-11-13 11:52:08.117825 [NOTICE] switch_utils.c:313 Adding (allow) [] to list nat.auto2014-11-13 11:52:08.118473 [NOTICE] switch_utils.c:313 Adding (allow) [] to list nat.auto2014-11-13 11:52:08.119118 [NOTICE] switch_utils.c:313 Adding (allow) [] to list nat.auto2014-11-13 11:52:08.119592 [NOTICE] switch_core.c:1253 Created ip list default (deny)2014-11-13 11:52:08.120040 [NOTICE] switch_utils.c:313 Adding (allow) [] to list loopback.auto2014-11-13 11:52:08.120514 [NOTICE] switch_core.c:1259 Created ip list default (deny)2014-11-13 11:52:08.120959 [NOTICE] switch_core.c:1262 Adding (allow) to list localnet.auto2014-11-13 11:52:08.121830 [CONSOLE] switch_core.c:1289 Created ip list lan default (allow)2014-11-13 11:52:08.122403 [NOTICE] switch_utils.c:313 Adding (deny) [] to list lan2014-11-13 11:52:08.122826 [NOTICE] switch_core.c:1358 Adding (deny) to list lan2014-11-13 11:52:08.123298 [NOTICE] switch_utils.c:313 Adding (allow) [] to list lan2014-11-13 11:52:08.123773 [NOTICE] switch_core.c:1358 Adding (allow) to list lan2014-11-13 11:52:08.124264 [CONSOLE] switch_core.c:1289 Created ip list domains default (deny)2014-11-13 11:52:08.125212 [NOTICE] switch_utils.c:313 Adding (allow) [brian@] to list domains2014-11-13 11:52:08.125706 [CONSOLE] switch_core.c:2059 Bringing up environment.2014-11-13 11:52:08.126611 [CONSOLE] switch_core.c:2060 Loading Modules.2014-11-13 11:52:08.128417 [INFO] switch_time.c:1173 Timezone loaded 530 definitions2014-11-13 11:52:08.128969 [CONSOLE] switch_time.c:1315 Calibrating timer, please wait...2014-11-13 11:52:08.129582 [WARNING] switch_time.c:232 Timer resolution of 10000 microseconds detected!Do you have your kernel timer frequency set to lower than 1,000Hz? You ma[...]

FreeSWITCH on OpenBSD - Project Status 2014-11-02


After a long hiatus (since I have been known to get distracted from time to time) I have continued working on Freeswitch with regards to OpenBSD. Before I get into the current state of affairs, I should mention that I do have I have a semi functional Freeswitch installation (from before FS started the -stable branch) running on a pair of OpenBSD 5.1-current ultrasparc VMs but the tears and pain of trying to keep that running and up to date was way too much for a mere mortal like myself to entertain. Moreover, the fact that my (unpublished) patches refused to work on a comparable 5.2 and subsequent 5.3 install told me that way lay dragons. The SSL fiasco and the new ressl work finally made me turn the systems off and resign them to the closet of dusty bits and reinstall on some linux boxes so at least I could have access to vendor patches.Le Sigh.Even to this day, the out of the box upstream install scripts don't actually work on OpenBSD, and the software is absent from official OS repositories. Though I will nod to the fact that the upstream developers have made an attempt to get things working, they are doing stupid things in the process, like manually installing a magical 'Freeswitch' versions of openssl (stupid stupid stupid), curl and libedit. Honestly its like, once they cut their finger accidentally in the kitchen, and instead of cleaning and bandaging the injury, they went ahead and put their whole hand in a Garburator.Anyway, I'll try and not be too cynical here since nestled inside the monstrosity(oops sorry, still being cynical) that is Freeswitch are the necessary bytes to have a working SIP telecom platform. I've made some decent progress in getting the software to compile and not explode in my face, and even took the time to give the @ports mailing list some updates about project status.2014-10-232014-10-31Stuff that works (or at least says that it works)mod_callcentermod_commandsmod_conferencemod_dbmod_directorymod_dptoolsmod_esfmod_esl/mod_hash/fs_climod_fifo Lots of manual twiddling was required here, and I still haven't turned on the c++ esl API  that lets swig bindings start working (Specifically the ESL bindings to stuff like lua, perl, Java, and C#).Moral of the story is that fs_cli works, I'm possibly going to re-write it or write my own from-scratch version at some point to be less terrible, though at least it uses getopt (but not the operating system provided version of getopt).By the way, fs_cli has no license?mod_loopbackmod_sofiaI hope this is the most challenging module to enable and have working correctly. In total I spent several days and many dozen cups of coffee at the local Greasy Spoon, banging my head against this module trying to get it to work. The module depends (obviously?) on the sofia sip library from Nokia and has been dramatically patched since the last official release. Considering the transfer of so much Nokia IP to Microsoft I would be willing to bet that many of these changes will never be pushed to the official Nokia upstream library (not that the FS devs pushed many changes even before the Nokia/MS thing happened). Also, I flirted a bit with the changes that have arrived in the 1.4 tree of Freeswitch, and don't think much of them, (network layer violation badness).mod_others_ive_forgottenI've been hand picking the modules that I want to turn on, and aggressively deleting anything that seems stupid to me. Anyone who eventually uses this port may find that their favourite module is not included with the port. Of course this is because my goals are different than upstream Freeswitch developers, this is will sometimes result in missing features and since their design, implementation or purpose are undesirable from my point of view.Still to doModules... many mods still need to be reviewed and enabled or deleted.Devise an appropriate default minimal configuration Fix hashing bugs (see my @ports mail)Launcher re-write (switch.c is full of badness... damn, cynical agai[...]

Recovering a Windows Server 2011 Essentials image from a USB backup drive


I have a customer which uses Windows SBS 2011 Essentials as a basic file and backup server. It runs on one of those little supermicro servers with an integrated atom chip and 4GB of RAM. Hardly a workhorse, but it is perfectly adequate for running his three person office.

Anyway, this morning I got a call saying that the server was down, and couldn't seem to be restarted.

When this kind of thing happens, I usually presume that its some kind of minor user error (like its not plugged in, or the tooth fairies pulled out the network cable overnight) and almost always, I can get in and out within a few minutes and couple magical key strokes.

Well... Today was a genuine problem requiring some actual work.

Turns out the the hard drive (yes there is just one drive in the unit) suffered some sort of mechanical fault and started clicking rather badly.

Well, a quick run to the local computer shop and a few minutes of minor surgery yielded a perfectly functional, yet completely blank file server (being blank is very bad for a server). The value the server had nothing to do with the actual cost of the equipment, but its value rests entirely on its function as a repository of all the companies data and that data is on the dead drive.

Fortunately, I had seen this coming a long time ago and the machine has been dumping daily images to an old drobo sitting on the shelf for something on the order of 3 years. Btw, those old drobo's aren't good for much, but this is one job that they do pretty well.

Anyway, recovering the image was fairly straight forward (this server doesn't have a DVD drive) so I needed to image a USB stick with the SBS 2011 Essentials installation disk, which works fine except for the fact that the Windows recovery software doesn't like magical new drives showing up when its about to recover an image, so annoyingly I needed to disconnect the USB stick just after the software had identified the recovery image and before starting the recovery process otherwise I would be whacked with error 0x80070057 which basically says that the recovery system is shaped differently than it should be.


All in all the recovery process is fairly straight forward, and the only thing I'd like to see added is a way to clone the recovery images to an offsite storage thingy.

Sun Blade 100 and OpenBSD


I find that I get distracted from the task at hand very easily.

My latest distraction from the FreeSWITCH on OpenBSD project has been a renewed interest in UltraSPARC hardware. I recently purchased a pair of Sun Fire V215 servers to act as routers, and on the way I got interested in the newer generations of UltraSPARC processors, which I think are very interesting for a variety of workloads that I have to deal with.

Anyway, this evening while out at my parents place I rummaged in the basement for a few minutes trying to find an old system I had left out here a few years ago.

Sure enough, sitting under a small pile of dust, I discovered my old Sun Blade 100 workstation. I had purchased the machine some years ago when I was working on a project which I wanted to ensure ran on big-endian architectures.

Plugging in the system, I was pleased to discover everything was exactly as I had left it (apparently in 2007 since it still had a OpenBSD 4.1 install disk inside it).

Quickly burning a copy of OpenBSD 5.3 for UltraSPARC, and running the install took about 10 minutes and I was pleased to discover a fully operational desktop.

OpenBSD 5.3 running out of the box on a Sun Blade 100 UltraSPARC workstation
These workstations were very useful in their day, and I am pleased to see that mine is still running.  Performance is a little lower than I would like for some activities like browsing the web, but its actually perfectly acceptable as a development environment (and nicely free of distractions too).

FreeSWITCH on OpenBSD - Project Status 2013-06-02


I've finally gotten around to making new headway with the FreeSWITCH on OpenBSD project. Although I can honestly see at least year (or more, really) of labour in front of me to produce a high quality port which I would be content to run my voice services on.

At the moment, I have a semi functional build which compiles a binary capable of executing just past the banner. I haven't checked the last call trace yet, however it looks like we are breaking just after the process forks and spins up a bunch of threads.

Recent Work

I merged a commit today that replaces the hash table wrapper that used to point at internal sqlite APIs to a the public hash table implemented by APR.  This is in reaction to an instant crash bug that I was encountering when the old system tried to access the internal sqlite malloc code.

I'll note that the original implementation of the hash table stuff used APR in the good old days (2008) and was replaced by Anthony for reasons that I am currently unclear about.

The results tested well in an impromptu set of test cases I whipped up to see if things should work, and the configurations loaded successfully, however the test of the new implementation really will only happen down the road when we start flinging calls around. 


I find the code style of the FreeSWITCH developers difficult to read for a couple reasons:

  • Long symbol that_describe_what_should_be_happening_like_this
  • Long prototypes that disappear off the edge of my monitor, I've seen lines with more than 180 characters which is a bit much.
I'm not going to whinge about the code style too much since it is what it is, however I've voiced my official note saying I don't like it.

Another issue I have is with the munging of dependencies. What I mean here is that the developers have taken a number of liberties in changing the internals of some dependencies. I suppose that they had their reasons, however it does make me twitch.

The more I fiddle with the internals of FreeSWITCH, the more I approve of the projects that have come from the OpenBSD guys. Especially when it comes from the perspective of portability, where the dependency trees are vanishingly small.  The FreeSWITCH perspective is somewhat along the lines of "ok, this pile of kitchen sinks seems balanced, don't fuck with it".

Current tasks

There are couple items to do right away. The first is spin up the module loading code, port some modules, and verify that the core modules are loading in what appears to be a correct manner.

Also I noticed that I am statically linking my internal libfreeswitch library and that needs to stop.

Down the road

I really dislike the manner in which freeswitch loads its configuration. On the horizon is a new launching and configuration loading change that makes me less twitchy. I'll make sure that everything I do here could be conceivably imported upstream.

Also, there are couple areas that I think may need special attention, memory handling and threading


There is lots left to do!

Running an OpenBSD Laptop


I've been a long time user of OpenBSD for various projects since I worked for Nortel back in the good old days (2004? Wow, that's nine years and counting). My experience with the operating system is mostly on howling servers that you would never run on your desk.Anyway, I've been working on porting some software to OpenBSD for a couple months and kept thinking to myself"Boy I should get a proper workstation setup"At first I was just using an ssh shell to one of my servers and working off that, which was a pain in the ass when the network was slow or out, or otherwise unavailable.Second thought was,"Maybe a VM on my main laptop will do?"Uh, no. I don't like VMs, and to be honest I need a bit more performance than typing into a VM console. I have friend that is a VM hipster who thinks they are the best thing since butter, but I'm just not that kind of guy.Anyway, after setting up a workstation on a spare P4 that has been sitting on the shelf behind me for a couple years and enjoying the experience, I grabbed a Dell D620 from a local company which sold all its old gear to me for a tuppence.Power ManagementLast year I sat through a talk by Theo de Raadt where he claimed that OpenBSD has the best ACPI implementation of any of the free operating systems. After noticing that the stock installation of OpenBSD ran a little hot on the D620, I opened the acpi(4) man page which said:"Userland may access acpi by using the apm(4) device."After a little bit of reading, I concluded that editing rc.conf.local to start the apmd daemon (responsible for handling the power management stuff) in "keep my computer cool mode" should do the trick.apmd_flags="-C"On the advice of a random webpage I un-commented the line in /etc/sysctl.conf which tells the system to suspend whenever the laptop lid is closed.machdep.lidsuspend=1 After a nice demo by Henning Braur after his talk at BSDCan this year I am pleased to confirm a nice suspend and resume experience. Not only does the laptop take a nice nap when the lid is closed, it actually gets out of bed and back to work when its open.DockingAlong with the laptop came a dock, which I specifically wanted to enable a modest transition from mobile to fixed workstation. And after a solid 7 minutes of rummaging through man pages I couldn't find any hooks to detecting when the machine has been docked.Basically I wanted the following to automatically happen when the laptop is dockedTurn off wifiDisable suspend on closed lidTurn on my desktop monitorTurn off the LVDS laptop panel1 and 2 require some root permissions which means configuring sudo, 3 and 4 are easy with xrandr (thanks keith packard).Upon undocking, I want to reverse this behaviour.So far I have two scripts sitting on my desktop called docked and undocked which I can run to manually cut things over to the preferred state. I suppose this will do for now, since I have other things that need my attention.Does anyone know of a more elegant way to do this? Or would someone like to write up a small daemon to handle this in the background? Maybe it could be called dockd?SummaryIn anycase, getting the system up and running has not been terribly difficult, and I should have no more excuses when it comes to getting to work on the OpenBSD port of FreeSWITCH I was going on about recently.[...]

Aastra MBU 400 and FreeSWITCH


Today I'm hanging out at my parents gas station/gallery/cafe/grocery store/internet publishing company. I took some time today to configure an Aastra MBU 400 for use with FreeSWITCH. The MBU 400 is a discontinued Aastra product apparently targeted towards residential or small office deployments where users would want portable handsets, akin to standard wireless portables that people already have in their homes.Aastra 420d Portable handset which connects to MBU 400 base station, supports multiple handsetsThe MBU 400 base station in my possession has a traditional POTS RJ11 port on the back for connecting to standard phone systems as well as a 10/100 network port to get the device onto the network and communicate with a SIP server.It is possible to provision the network configuration for the base station through one of the handsets, selecting between static IP or DHCP. Also it seems possible to provision some aspects of the SIP configuration though the handset as well, although the experience would probably be tedious and is likely missing many fine grained settings. Like most SIP phones, the configuration can be pushed out with some proprietary gear from Aastra, which I don't own, and wouldn't buy anyway.The MBU 400 has a web interface, for which the default credentials are:Username: adminPassword: 22222The SIP account configuration seems to require both the Registrar and Outbound Proxy fields to be filled (even if they have the same information). I pointed these towards my FreeSWITCH instance, to which I had already setup a new user extension.Seeing as how my FreeSWITCH server is remote (I don't leave it sitting around my parents place), it needs to communicate over an IPv4 NAT.  The out of the box configuration didn't seem to work, but with a lot of diddling around with settings I managed to get it to connect.To get inbound and outbound calling working, I needed to turn on stun, rport and turn the keepalive time down.The MBU 400 is definitely an aged device which doesn't support a lot SIP features, notably there is no support for any type of encryption at any point in the communication process. Nor does the device support TCP SIP connections, which I prefer over UDP for a variety of reasons (which I might get into some other time). Codec support is pretty sparse and I ended up with vanilla PCMU audio.Some conclusions:The device is out of production. Don't buy a new one. Support has expired from Aastra too.Nice for setups like my parents, it answers legacy POTS calls by default, but automatically dials out on my SIP circuit.Works with FreeSWITCH for inbound and outbound dialing, but I haven't tested other features like message waiting or holding calls.Buttons are a little small, and the ergonomics kind of suck.Modern implementations like the Cisco SPA232D and correlated SPA302 portable handset does everything the MBU 400 does and much better.[...]



Been a while since I posted. If you're reading this post you, you probably came in from your favourite search engine while searching for OpenBSD and FreeSWITCH.FreeSWITCH is a software voice switch which handles any manner of voice related activities.These days voice is pretty important, and the backend infrastructure which implements it is in a decades long process of migrating from the traditional  POTS (Plain Old Telephone System) to an all IP phone system. FreeSWITCH is definitely going to be on the platforms that ushers in the next generation of telecom. While I have some reservations about how the project is developed and maintained, it has a lot of things going for it like stability and a remarkable feature set.Using FreesSWITCH on OpenBSD might seem like a good idea seeing as how OpenBSD has the spectacular pf firewall, excellent security history and doesn't move very far in weird and zany directions.FreeSWITCH on the other hand can't seem to stop moving in weird and zany directions. They (even after moving to stable release tarballs) suggest that checking the source out from git is the best way to the most current and stable versions and don't blink twice at dragging the entire source tree of their dependencies into their git repository. The FreeSWITCH developers attitude towards using system versions of their dependencies ranges from aggressive no's to rampant apathy. I understand their reasoning (which is not exactly wrong), though for me this is pretty odd considering that pretty much every other major project doesn't have this problem.So OpenBSD and FreeSWITCH... Where to start.At the time of writing there is no port of FreeSWITCH for OpenBSD, or any substantial package built for any major open source operating system.  Nor is there likely to be without some serious effort. The only way to use the software is to jump though the git checkout hoops and run their gigantic build process through from start to finish (yawn). Debugging their build process on other operating systems than linux is a pain as well, given the dependency on stuff like gnu make, the position of the planets in the night sky and the inclusion of dependencies in their source tree.There have been thousands of hours of effort put into making those dependencies 'work' properly on OpenBSD (nevermind all the other platforms out there). And replicating all that work into FreeSWITCH source tree just seems dumb and a waste of time (which it is).My proposed solution (and admittedly a work in progress without a finish line in sight) is the creation something along the lines of a shallow fork of upstream FreeSWITCH that could actually be used as an OpenBSD port.First order of business is the build system, and again since we're talking about OpenBSD, I am not talking about using autoconf, gnu make, cmake, imake, scons, or any number of build suites. Really, I'm just talking about vanilla OpenBSD make (here is an interesting thread on BSD Make). Of course, use system libraries or existing tested ports wherever possible.  The source tree should contain just those files actually needed for creating a bare installationThere are a long list of modules that also need porting, including some core requirements like mod_sofia.After that there needs to be some work done on things like moving configuration to /etc, logs to /var/log and various other activities consistent with making FreeSWITCH a valid citizen on OpenBSD. As I said, this is a work in progress, you can see the progress here on github.[...]

Copyright Modernization Act - My View


For some pre-reading for this article:

I am not satisfied by what I read about the upcoming Copyright Modernization Act. As a technology industry expert I am quite familiar with the methodologies and rationale involved with the implementation of Digital Rights Management

Most importantly is the implications around digital content locks and their viability.

Foremost in my concern is that otherwise legitimate usage of digital content is permanently restricted simply by the presence of a digital lock of any kind. The implications of this is that legally purchased content can only be accessed through pre-approved processes and devices. Otherwise fair access to the locked content becomes illegal under the provisions of the new bill.

For instance, my mother has been a subscriber to where she purchases recorded audio books which are stored in the DRM encumbered audible format. However, one of her intentions for purchasing the content is to be able to consume it while in her vehicle.  Unfortunately her vehicle does not include authorized audible decryption software, so it becomes necessary to convert the encrypted files to a format which the vehicle does comprehend (in this case MP3). In no way is this an illegal activity, nor should it be under any appropriate copyright law, however with the new digital lock provisions, doing this becomes illegal.

There are a number of other consequences to the act that I am uncertain are covered by exemptions such as recovering installation keys to installed software products on Microsoft Windows and viewing encrypted content over an unsecured monitor.

Effectively the law has the digital locking aspects backwards, where fair dealing with content should trump any locking provisions, not the other way around.

SMART Payout Software Demonstration in .net WPF


I wrote a WPF demonstration software for use with the Innovative Technology SMART Payout recently. I am available to provide software consulting services around this device and its cousin the SMART Hopper.


My software is a good demonstration of how to interact with the device. Naturally it needs to not look crummy :)  Was written in C# .NET 4 WPF inside of Expression Blend 4.

How to secure a computer in an hour


I'm not a security expert.

Well, let me say that I am the most technically skilled security expert that I know, however, I do not consider myself to be a security expert. My general approach to security is, turn off as much as possible, block everything except those few things I need and while I am at it, update everything to fix as many vulnerabilities as possible.

So I am now administrating a server rack full of equipment running a slew of operating systems from linux to OpenBSD, to Windows Server 2003, 2008 and 2008 R2.  Now there is nowhere nearly enough time in my day to audit these systems for vulnerabilities, and beyond running windows update, patching the linux/bsd machines, turning features off and putting a pf firewall in front of the entire rack, I am not certain what else I should be doing?

I'd love some input here? If I were to spend a single hour tomorrow above and beyond my regular work securing the services, where would the best place to start be?

QNX Blackberry Devices and the Future of RIM


I've been reading a lot of negative reviews and opinions about the Blackberry PlayBook and the future of RIM and I want to put my input in before things get out of hand. I own a PlayBook (really I do), and I read the reviews and general disrepute which people are holding RIM, and I don't really get it. Many of the complaints about RIM are that they are behind the times with the deployment of messaging and contact software on the PlayBook.  Obviously, this isn't the case with their current mobile phones, where they dominate the mobile messaging market with their email and bbm.So, then what's up with the PlayBook; how come to so many people they appear to be struggling (as reflected by their stock price, and the plethora of nasty comments by people on the Ars forums)?In the world right now we have a handful of mobile platforms to work with; Apple, Google, Microsoft, Nokia, Palm (HP) and RIM share almost the entirety of the mobile smart device market and with HP out and Nokia walking away from the software game with the recent deal with Microsoft, that leaves us with a grand total of four vendors supplying most of the worlds software platforms.When Apple released their tablet platform in 2010, it looked cool which had many people buy it, however, for many others, their was a major level of uncertainty as to how useful it would be to, you know, get something done. And of course, it's not a good device to get something done on; the form factor is simply not conducive to actual real world work unless someone goes out of their way to write custom software which addresses the relevant silo (hence the app store). The iPad got relegated to the world of entertainment, which it appears to do well since people seem to enjoy movies and browsing the web and playing target games.Now, the real problem is that all that fun stuff goes only so far, and when it comes down to it, a $400 laptop is a heck of a lot more useful than a $600 tablet.And into this market comes the rest of the industry, which is super keen on exploiting and investigating this new form factor to see if any fortunes can be made; and of course they are running into the issues of usability, time to market and competition. The real fortunes in tablets might already have been made by Apple, and from now on the prices don't have a heck of a lot to go except down.Now the rest of the industry has a couple options:Develop a new tablet platform from scratch (With plenty of time to do it right)Develop a tablet platform from existing non-tablet technology (and hopefully do it right)Adapt an existing handset platform for use on tablets (and maybe do it right, but end up with effectively the same product as any competitor which follows suit)Don't enter the tablet marketWhen the iPad was originally released it was very clear that Apple had simply shoehorned the iPhone operating system onto a bigger device and called it the iPad, and the vast majority of the competitors looking in on that thought that would be a good idea to follow with the Android platform. So in short order the world was engulfed in tablet computers running handset operating systems.Undoubtedly RIM was looking at this situation, and it's decision makers weighed the value of shoehorning their Blackberry OS onto a tablet like Apple and Google's vendors have or jumping on the Google bandwagon and making yet another Android device. However RIM is different from every other current vendor in that they have an enormous investment and market share in their current technology platform (including BES, BBM and BIS email) and are obligated to support their existing customer base. In one weird sense, RIM is held back from just whipp[...]

Google Apps Migration Finally Complete



So this evening I finally to the time to complete the migration of my google apps account and the google account for my address (by far the most challenging migration in my entire company.... Sheesh)

Anyway, this means that I can once again post to my blog!

I've been pleasantly surprised by the new blogger interface which seems fun and cozy in tune with the facelift work that Google has been performing across all its services.

Intellectual Property


I read an interesting article in Ars Technica today regarding intellectual property. Fascinating debate.

For a worthwhile hour of time, I suggest watching the following video.

width="560" height="349" src="" frameborder="0" allowfullscreen>

Lotus Symphony 3.0 Fixpack 2


The second service release to the Lotus Symphony 3.0 Office Suite was released pretty quietly last month. FP2 contains a small collection of security patches for the underlying code as well as some compatibility fixes when interacting with other office suites.Download Lotus Symphony 3.0 Fixpack 2 here (For Windows) (or here for Official download source)This release is Officially compatible with:Windows XP SP3, Windows Vista SP2, Windows 7SuSE Linux Enterprise Desktop 11, RedHat Enterprise Linux 5 Update 4, Ubuntu 8.04Macintosh OS X 10.5, Macintosh OS X 10.6.2, Intel onlyFixes from the FP2 Release Notes:CVE-2010-4643: A security vulnerability in which is related to TGA file processing might lead to arbitrary code execution.CVE-2010-3689: The start script and other shell scripts expand the LD_LIBRARY_PATH in an insecure way.CVE-2010-2935 / CVE-2010-2936: A security vulnerability in which is related to PowerPoint document processing might lead to arbitrary code execution.CVE-2010-4253: A security vulnerability in which is related to PNG file processing might lead to arbitrary code execution.CVE-2010-3453 / CVE-2010-3454: A security vulnerability in which is related to Word document processing might lead to arbitrary code execution.CVE-2010-3451 / CVE-2010-3452: A security vulnerability in which is related to RTF document processing might lead to arbitrary code execution.CVE-2010-4008 / CVE-2010-4494: Possible Security Vulnerability in resulting from 3rd party library LIBXML2.CVE-2010-3450: A directory traversal vulnerability in which is related to zip/jar package extraction might lead to overwriting files and even to arbitrary code execution.SPR #JCHC89R945: Include mandatory Eclipse help patches, SPR #MSTO89WRX8: Enhanced selective access control support.PPT files with grouped objects will be corrupted if save them in Symphony and open them again in MS Office which contains a security patch claimed in Microsoft Security Bulletin MS10-087. For detailed patch information, please refer to preload notification behavior by removing the notification bubble.Password protected MS Excel with edit password cannot be edited.The cell border orientation will be lost when opening a MS Excel file in Lotus Symphony.The result is wrong when copying a table which contains hidden columns from Lotus Symphony spreadsheet to Lotus Notes.The behavior of Subtotal in DataPilot is wrong when there are more than one items in Data area.'divide by 1000' format is not supported in Lotus Symphony 3 Spreadsheet.[...]

ODF 1.2 Support in Microsoft Office


Anyone who has tried to move Open Document Format (ODF) documents to Microsoft Office, has probably encountered fidelity problems. This is especially apparent when loading a *.ods spreadsheet in either MS Office 2007 SP2 or MS Office 2010.

Formulas simply don't get migrated over, and spreadsheets effectively turn into flat files when used in Excel.

The fix for this will come with the arrival of functional ODF 1.2 import and export support.

Microsoft has obviously been aware of the problem for quite a while, and while they are sympathetic, they haven't yet released a fix to this problem and won't until ODF 1.2 is finalized. This of course raises some interesting questions; like what degree of "finished" will be required before an implementation will be made available, and what software packages will receive support when it finally does become available.

My hope is that Microsoft Office 2007 SP3 (if this is scheduled, 30 seconds on Google gave no hits yet) and Microsoft Office 2010 SP1 take serious stabs at implementing this, but for that to have any hope of happening the ODF 1.2 standard will need to be finalized "enough" for Microsoft to be willing to set it in stone (or easily malleable software, as the case may be).

Recently (just last month), the ODF TC approved ODF 1.2 as something known as a committee specification, which as I understand that OASIS rules means we're nearing official OASIS blessing.

So, will Microsoft consider this finalized "enough" to get their office suite ready to support it? We'll see. I certainly can see their business case for holding off for something even "more" finalized like an ISO specification.

A completed ODF implementation in MS Office is not exactly conducive to the long term market dominance of their office suite, and I would be willing to bet the longer they can hold off releasing an ODF 1.2 compatible implementation, the longer they will feel at ease with the proliferation of ODF centric office suites such as Lotus Symphony and the poorly named LibreOffice. Competition will only really have a possibility of becoming fierce when documents can be tossed between office suites with little to no loss in fidelity.

Anyway, the usability experience gap between Microsoft Office and it's competitors is still so incredibly substantial (Although Lotus Symphony is very good), that I doubt the company needs to worry any time this decade. LibreOffice is no Firefox in my opinion.

If I had to hazard a guess, I would bet that Microsoft Office 2007 will never get ODF 1.2 support, and that Microsoft Office 2010 will get it by Service Pack 2 in 2012 (or whenever it is released). Then again, maybe they'll surprise me; maybe behind closed doors Microsoft has been readying ODF 1.2 support and is just awaiting OASIS certification.

LibreOffice is a dumb name. Someone rename it.


I have been complaining that open source software suffers from dumb names for a while. In fact, when I presented the httperf talk at WWW2007, the track officiator specifically mentioned that very blog post when he introduced me.

So I can't help but feel squirmy whenever I hear or read the name LibreOffice.

I think this is a dumb name; like really ( is really dumb too)
That said, there is evidence that some people like the name, so either they are crazy and should be first up against the wall when the revolution comes or genuinely don't mind it.

Anyway, I'm hung up on this. Seriously, I really am. I don't like it, and I want someone to make the effort to change it.

How to Diagnose and Tune Up a Windows Computer


In my downtime, I have been spending a lot of time at the Rocky Mountain Computer Repair Shop here in Calgary, Alberta helping out with system tune-ups and general computer maintenance.I've encountered a huge variety of issues while working with the machines that come in, including virus removal, slow computers, broken installations of Norton, AVG, Internet Explorer, etc. Many of the problems are major nuisances to the owners and are caused by malfunctioning software or some sort of malware running on the system, other times the problems are caused by run of the mill user ineptitude.I am really good at getting systems working once they have been wacked by problems and can almost always actually fix the problem at hand rather than opt for the traditional orbital nuke of format/re-installation.That said there are some scenarios in which I recommend reinstalling Windows:Want to migrate from 32-bit to a 64-bit installation (note that you would need a 64-bit installation media for this, the default recover partition/disks included on many OEM machines is not sufficient for this)Want to start fresh with no OEM software installedHave encountered a fundamental problem with your installation of Windows (rarer than many people actually think, but it can happen).No service packs have been installed on Windows Vista.Many manufacturers introduce an artificial upgrade ceiling on their customers by deploying 32-bit installations of Windows on 64-bit capable machines. By doing this, it prevents customers from ever expanding the amount of installed, usable memory beyond the 4 GB (actually 3, or 3.5 GB) threshold. This is why many machines come from the factory with only 3 GB installed.Anyways, this article is not really about formatting and re-installing Windows which is a tiresome task without much challenge these days (except for tracking down drivers which can be very challenging sometimes).Rather this article is about how to actually go about tuning up a sick or slow computer.The very first thing to do before beginning a tune up is to ensure that the system is actually working properly. It is very annoying to put hours of work into a computer and then discover that the problem was simply a dying hard drive.There are some things that die relatively regularly on a typical computer.Power Supply (Incredibly Common)Hard Drive (Incredibly Common)Fans (Incredibly Common)Memory (Occasional, but at least it's easy to address)Motherboard (Usually a surface mounted chip, rather than the board itself)So if a computer is turning itself is turning off all on it's own the first places to check those noted above. Assuming that the computer turns on, it probably isn't the Power Supply, so the next thing to do is run a hard drive diagnostic.Seatools is a perfectly good Windows Application for diagnosing hard drive failures. Generally if the Short Self Test returns no problems then the drive is usually good to go. There may be filesystem issues though which may need to be examined. Filesystem issues can be worked at by loaded a Windows Recovery Console and running the chkdsk utility.If a computer is failing to boot or having trouble reading data from the drive, even though the drive reports all is well in SeaTools, then consider running chksk /B {driveletter}: against the offending drive (if on Windows Vista or later) in the recovery console. Or chkdsk /F if running on windows XP or earlier.Typically for filesystem issues, I will boot from a Windows 7 install/recovery disk and run the chkdsk utility from there s[...]

uriparser on openbsd


Can someone port uriparser to Openbsd?

Reflow Dead Laptop Motherboard with a toaster oven


I was over at Rocky Mountain Computer Repair last night looking over some of the dead machines that had been abandoned by their customers. Most machines were old and rather junky looking, but a few are in decent condition, except for the fact that they simply do not turn on at all.

One laptop in particular wouldn't post, and I figured it was either due for a motherboard replacement, or just maybe I would see something visibly wrong that I could repair. So an hour of disassembly, some fairly rigorous testing of potential faults, and I concluded that the motherboard was dead.

This would usually be the moment to either abandon the machine or buy a replacement motherboard. However, I have an engineering degree that has put me in a lot of deep contact with computers and I have learned some extra tricks as to what it takes to fix them that aren't exactly in the manual.

So here is the situation:
  • An apparently completely intact laptop computer will not post
  • No visible impact damage
  • No visible fire or heat damage
  • Functional and tested power supply
  • System starts to initialize but shuts down after 1 or 2 seconds, and before post
  • No audible alarms
The laptop motherboard clearly had some function components, as it would attempt to start, however some pretty critical component needed early in the initialization process was not functioning, thus causing the machine to shut down.

Given the symptoms, the most likely culprit was the nvidia northbridge or maybe the CPU. However since there were no alarms indicating a cpu or memory failure, the issue likely lay with the northbridge which is intricately involved with initializing both those systems.

And how do you repair a northbridge?

Well, you don't. If the chip is genuinely dead then there is nothing to be done and it is officially time for a new motherboard. However, if the chip is still good (and there isn't a really good way to diagnose this short of desoldering and testing in a laboratory setting), then the problem likely lies with the connections between the chip and the board. And perhaps those connections can be re-established by heating the board to a point near to the melting point of solder.

So here is what we did:
  • Removed all plastic and tape from the board
  • Wrapped board in tin-foil and placed foil padding against steel grate
  • Pre-Heated toaster oven to 385F
  • Placed board in oven
  • Chilled out for 6 minutes
  • Removed board from oven
  • Let it cool for 10 minutes
  • Installed CPU and Memory
  • Reconnected board to laptop power supply, power button and screen
  • Pushed the power button
The board posted, and a moment later was complaining that it was missing an operating system and would we please give it back its hard drive. This process is known as reflowing, and although it won't fix all similar issues it may just provide a solution to those in need.

Minecraft at Lanified!


A friend and associate, Tristan Marler runs Lanified LAN Parties here in Calgary, Alberta and during the last event we got into the deliciously fun game of Minecraft.

These days, Lanified is running a Minecraft server at and people are welcome to drop in and play with us.

Here is the mountain I am currently working on:

Dell 700m on Windows 7


I own and regularly use a Dell 700m laptop which I purchased in the first quarter of 2005. From the factory the machine came with:
  • 512MB of PC2100
  • 1.6 GHz Pentium M
  • 5400 RPM 80GB hard disk
  • DVD-ROM/CDRW drive
My then girlfriend borrowed the machine for a year and installed 2GB of RAM to assist with performance of a variety of applications. This more than anything else has contributed to the machines longevity, and in fact I have now had the laptop for longer than that particular relationship lasted.

In anycase, earlier this year I came into a license for Windows Vista and figured that perhaps I would see how it faired on the laptop. And, for the most part it worked pretty well. There are some graphical performance problems given that the 855GM driver does not support much beyond mode setting, and as a result the graphical capabilities are less than what is available on Windows XP or pretty much any other operating system. However the machine has worked well for me all this time, although booting the machine took a fair amount of time

Earlier this month I experienced a hard disk malfunction and was in the position of replacing the drive, replacing the laptop or going without. After a goodly amount of humming and hawing over what to do, I decided that I would replace the hard disk. However, I got carried away and bought myself a 64GB IDE SSD from Transcend.

Yes, I am completely aware that investing the $200 that I paid for the drive into a new laptop would have been a vastly more economical use of my money, however, I am sentimental and a tinkerer at heart and I want to be able to show off my old machine booting faster than many peoples brand new computers.

So I purchased the SSD and installed it a couple days ago, and while I was at it I installed a copy of Windows 7 Ultimate that I got stuck with after one of my customers waffled on me.

Low and behold, the OS installed just fine and recognized the Broadcom network adapter out of the box, from which I was able to run Windows Update and install the wireless network driver for the allegedly unsupported Intel 2915 802.11g wireless card.

Then this morning I wrestled the video driver into place and achieved proper mode-setting.

So what does this all mean?

Well I can testify that I am running Windows 7 Ultimate on a Dell 700m with only one outstanding driver problem which applies to my never used SD card reader.