Brian's Blog

Well, the conscience got the best of me and I E-mailed gpl-vilations.org. I was thinking about things a bit and a comment or two made on these posts and decided it was the best thing to do. The way I see it is even if they wrote everything else from scratch that it's still a Linux based device, meaning that they have to have some mention of how to get the source of the kernel. I find it unrealistic that they would write replacements for the Linux kernel, Spamassassin, and netfilter. All of which seem to be used based on it's behavior. It's hard to tell exactly what software is in use when they won't let you do anything to it other than use the web interface. If you open it it voids the warranty and that's a chance I won't take with a clients equipment. Also, the fact that it costs about $2000 to buy one rules out me getting one to play with. Actually, I was told specifically that they used Linux and Spamassassin so those two shouldn't be speculation.

Anyway, I hope they don't get sued or anything, that isn't the intent. Hopefully they are just ignorant of the licenses and will do what it takes to comply once they are informed.

Well, it's been since Friday that I requested the software license that Barracuda Networks has regarding their Spam Firewall and I still haven't heard anything. So I called up the sales department there and just asked if I could see it. I figure at the very least they have something to protect their work. However I got only generic links to "documentation" one of which didn't work sent to me and the feeling from the sales rep that he really wanted me to go away. Basically all he said was that it was a GNU/Linux based device, and that they use Spamassassin as one of their detection methods in addition to several "custom" modifications to enhance detection. I tried to ask a couple more questions playing dumb but got more generic answers with that "please stop talking to me" sound in his voice.

I don't know if they are trying to hide something and they know they are in violation of some Open Source license? Or, perhaps they are just all ignorant of the subject and the sales guy just wanted to get to someone he could make a sale with? Still, I don't feel comfortable, and knowing that I'll probably have to install more of these units with doubt lingering in my mind is not an easy thing. It's difficult to recommend and support a device that you have doubts about.

So. Now I find my self wondering, should I just leave it go? Should I call back and explain my concern? Should I inform someone or some entity about my suspicion and let them deal with it? And if so, who other than the GPL Violations web site? Do I really want to get involved in this?

I mean, the "do the right thing" side of my says to just let someone know so that if they are misbehaving that it comes to light and gets fixed. However, I don't want to get sucked into any kind of legal battle. That would just suck and take up time I don't really have. Who knows, they may be 100% legal and just not coming across right, or they may not know they are in violation and just need to be informed.

What do you think should be done?

I had an odd experience while troubleshooting a Barracuda Spam Firewall 300 today. I don't need to get into the technical specifics on what I was working on because it doesn't really matter. What does matter is the conversation I had with the tech during this call. But first, let me explain how tech support works at Barracuda Networks along with what a Barracuda is.

Essentially, a Barracuda box sits between your E-mail server and the rest of the world. Inbound E-mail comes in to the Barracuda, which examines it for viruses and spam, then deals with it according to your wishes and forwards it off to your E-mail server for final delivery. This, in and of itself is a very good thing, but what bothers me is this. When you call tech support they won't walk you though anything. They make you go into the troubleshooting section of the web interface and click a button that opens a reverse ssh tunnel to their network. Essentially bypassing your firewall. And even this wouldn't be bad really except that they don't give you a choice. They won't do anything unless they do it through the tunnel. I asked for the root password and they refused to give it. Who's box is this anyway?

Oh, I should mention that the Barracuda runs Linux. And appears to have several modified applications from Open Source projects. I've read that the flavor of Linux they use is a modified Mandrake. And from looking at the way they deal with spam it looks incredibly similar to Spamassassin. I'm not sure what they use to scan for viruses. They might have rolled their own scanner as far as I know. I really didn't go ripping into the Barracuda since it's a clients machine and is in active service so I can only speculate. I'd love to yank the hard drive out of one and stick it in a normal PC and see what's on it. After all, it's just a PC. If you look at the back you can see the normal layout of ports on the back and can see the edge of the motherboard along with normal memory slots. It's just a standard PC packed into a small mountable case.

So, anyway, during my support call I was thinking of how nice it was to see a corporate level device running Linux when I realized there was no license agreement at all that came with it. I mean, nothing. No EULA of any sort. I figure since much of it appears to be based on Open Source stuff that there should be a copy of maybe the GPL or the Apache License, and a notice on where to get the source code. So, while talking to the Barracuda engineer I asked him where I could get the source. And here is where I got the funny feeling that something wasn't right. His answer was, "What I'm supposed to tell anyone who asks this question is to Google on 'Barracuda Spam' and you should find all the information you need." So while I was on the phone with him I Googled as he suggested which only produced pro Barracuda stuff and places to buy them. I mentioned Apache, Spamassasin, and Linux and said that at least some of the stuff in their product probably had origins in a GPLed project somewhere. And if so then why didn't they have any source available? The answer was, "Well, we've modified it so much that it's not really original anymore." I asked why he couldn't talk about it much and his final answer before I dropped it was, "We are allowed to say only certain things to prevent us from saying something stupid." He was a nice guy and doing his best to help me out with my problem so I didn't push the issue. He seemed sort of uncomfortable with the subject matter anyway.

So, to satisfy my curiosity I got in contact with one of their Sales reps. I figured if anyone should know the ins and outs of the legal behind their products it should be the sales guys who have to deal with people like me asking all kind of questions. When I asked about getting a copy of the license he said, "Uhm, I'll have to look into that. Can you send your request in an E-mail and I'll forward it off to our VP?" I sent the license request Friday afternoon, so I'm curious to see what I get if anything come Monday.

After all this I did a Google for "Barracuda GPL violation" and other similar phrases and came up with this white paper at packetstorm which brings up things I was thinking about and a heck of a lot more food for thought. I also found a couple of links pointing to forums where someone was talking about this exact subject but didn't take the time to read the entire thread, it was rather long.

This is one of those times when I wish I knew a lawyer who was versed in such things just so I could get a professional opinion. I'm no lawyer and I can't pretend to totally understand the GPL yet alone the other licenses that OSS can come under. However, their inability to produce a license, the sales reps confusion when asked for a license, and the "I can't talk about it." restrictions on the engineer all seem fishy. I'm not sure what to think, or even how I could go about finding out if they are in violation of any license. It wouldn't surprise me if they were though and they wouldn't be the first ones who tried to benefit from OSS without fulfilling the obligations in the applicable licenses. Remember Linksys did the same thing and got caught.

Who knows? I may just be over reacting and blowing smoke out my of ass on this. Like I said, I'm no lawyer. Maybe someone else who actually has an informed clue on this could enlighten me?

I've had this picture setting around for ages to show off how well my wife's garden went for her this year. Take a look. The bottom zucchini is from the store with a ruler below it for perspective. The top two are hers.

Let's just say I never knew there were so may different way to make zucchini! We had to get creative since two loaves of zucchini bread used only about one third of the big one. Plus these weren't the only zucchini harvested. Additionally she also has success with tomatoes, cucumber, lettuce, broccoli, cauliflower, and brussel sprouts.

She wants a bigger garden next year too! I think it's time to learn how to can.

I've had an old P200 system just laying around collecting dust. This is a crappy system, I mean really crappy. It's so bad that the maximum memory it can hold is 64MB. So, what the heck can I do with this thing? I know, make it my router! This is something I've meant to do for some time. Until recently I've been using a Linksys BEFSX41 which hasn't had a firmware update in over a year and is showing it. Also, I've noticed that if I stress the router with many connections it has a tendency to lock. This is a problem that Linksys has had with multiple models. There used to even be an entire thread dedicated to it at Dslreports. Search for lockup, maybe the thread is still there. Plus I had to contact their tech support once and it was the worst support experience I've ever had. So, out with the Linksys and in with IPCop.

IPCop is a super slim Linux distribution that is dedicated to securing your network from the big bad Internet. There isn't much here, it's a 40MB download for the ISO and it basically squid(proxy)+snort(IDS)+iptables(firewall) with a nice web interface. It's got a mess of other goodies too. A few are traffic shaping (QOS), DDNS support for multiple services, and an NTP server. Additionally there are addons you can install for new functionality, such as Cop+ which adds Dansguardian support for content filtering. And Copfilter which adds spam filtering, virus scanning, and ad/popup blocking among a few other things.

IPCop can have up to 4 different zones. These are Red, Green, Blue and Orange zones. Red is for the Internet, Green is the internal trusted LAN, Orange is the DMZ for things like web servers, and Blue is for an isolated Wireless subnet.

Setting IPCop up wasn't to bad. The documentation is very well done and easy to follow. The only quirky thing was getting the NIC I wanted on the Green zone. At first I stuck all 3 NICs into the system and ran the install. During install it scans for a NIC to use for green and always chooses the first one it finds instead of detecting them all and letting you choose. I wanted to use the old 10Base-T card for the Red zone, but unfortunately it was the first one always detected making it want to be on the Green. I tried moving the cards around on the PCI bus and it still detected the slow card first. Ultimately, I removed all the other cards and left just the 10/100Base-T card I wanted for the Green in and added the rest after the install.

Getting the Red and Green zones working was a piece of cake, and setting port forwarding was just as easy. The next minor hurtle for me was getting my web server in the Orange (DMZ). I connected it via a crossover to the Orange NIC and promptly could not see anything. I was only able to ping the Orange NIC and that was it. After much hair pulling I found a nice support site called IPCops.com which had the fix. The question related to getting things working in Orange was asked so much that they call it "The Orange Mantra". Here it is, both for my notes and your reading pleasure:

• Orange must be on a separate physical wire from Green (not on same hub/switch)
• Orange must be on a separate logical subnet.
• Orange cannot send nor respond to ICMP. (ie., PING).
• Orange must always use ISP DNS for name resolution.
• Orange must always point to the IPCop Orange interface as its gateway.
• Orange can be accessed from Green ONLY by it's internal IP address unless /etc/hosts on IPCop is editted.
• Orange cannot access Green unless pinholes are opened.
• Orange can be port-forwarded to in exactly the same manner as Green.

Once I got this straight things worked great. Now I'm just working on procuring a old ISA NIC so I can make a Blue zone. Like I said, it's a crappy system but I'm impressed with the performance. It's more than enough for my purposes, and it could probably support a small to medium office with out to much stress. Of course, adding the content filtering, virus scanning, or spam filtering adds onto the burden of the system requiring more power, but even that isn't to much. Copfilter recommends a minimum 350MHz system with 256MB RAM. Imagine what this could do on a bigger system?

I've just spent the last hour or so fighting with Knoppix 3.9 trying to get it to boot on an old Dell Pentium 200MHz system. I want to image what's on it with Partimage before I wipe it out and give ipcop a whirl.

After much frustration and googling to find out how to make a Knoppix boot disk I discovered that I can't because the Knoppix kernel is to large to fit on a floppy. So someone suggested Smart Boot Manager. Talk about a slick little utility to stick in the toolbox. It just displays a nice list of what devices you have and lets you choose in a menu what one you want to boot. Essentially bypassing the problem BIOS.

My little logdiff script just informed me that Slackware 10.2 should be with us soon!

From today's Changelog:

OK folks, this is just about ready to go. Consider nearly everything to be set in stone at this point, especially the kernels. Zipslack has yet to be built, and some of the documentation needs minor updating, but for the most part this is how Slackware 10.2 is going to look. Expect a release to happen sometime within the next week or so.

This makes me just one more swaret run away from the latest in Slackware goodness.

Speaking of swaret, there's a new version of that too. I have to check out what the new version offers.

Just when I thought obnoxious phone use couldn't get any worse I read on USA Today that cell phone makers are beginning to target preteens. Yippy, just what I need is a bunch of 6 to 12 year olds running around getting cell calls with their Britney Spears ring tones set to "shatter glass" volume. How the hell can we expect children to be able to know the appropriate time and place for cell phone use when most of the adults, i.e. their parents, can't seem to grasp the concept of manners? It's nearly impossible to go anywhere for any form of entertainment and not have to contend with at least one moron with a bad case of Cell Yell.

My thoughts on a couple of things stated in the article:

"It's open season on kids," says Gary Ruskin, executive director of advocacy group Commercial Alert. Ruskin rattles off a range of concerns, from children being exposed to marketing messages on the phone itself (such as Mattel's "My Scene" design) to the potential for kids to be pressured to buy ring tones and accessories.

This has been happening a long time, kids are easy to manipulate because their minds have not fully developed. They can be easily manipulated into thinking a want is a need. Then they are encouraged to nag their parents into buying them things. In fact, a marketing expert interviewed in The Corporation said they target kids precisely because they are easy to manipulate and also stated that they have found that a parent is 40% more likely to make a purchase when nagged by a child then when not nagged. This is clearly a moral issue. I for one don't want my kids judgments manipulated by an entity who does not have my children's best interests in mind.

Marketers defend their phone products. Mattel says: "We believe it is ultimately the choice of the parent to decide when his or her child is ready for a cell phone. Research shows that kids are going wireless, and we wanted to provide girls with a communication device that is not only functional and fashionable but that also encourages responsible cell phone use."

Yes, indeed it is up to the parents to make the choice. However, keep in mind that mobile phone companies have already manipulated the adults into thinking a want is a need. Of course they are going to say yes when little Johny says he wants a cell phone. After all, doesn't everyone have one? And how can you possibly live without it? You have to keep up with the Joneses you know and it wouldn't be acceptable to put a damper on your child's social standing now would it? Not to mention the endless nagging that they want one.

Come on parents, get a back bone! Who's in charge here? You, your kids, or the marketing department? Say no, mean it, and don't back down. Kids are smart, if they figure they can work you over to get what they went then they will. I'm not saying to be draconian or anything, just start being a parent and realize that it's you who's the final word until they have grown.

At this point, Webber is just about sold. Both he and Corrao agree that cell phones can teach their kids about responsibility. Corrao's son, Daniel, does chores to earn the talk time, and Webber says he'll do the same with Jake.

Now, this probably isn't so bad of a thing. If you feel a 6 year old absolutely must have a cell phone then at least use it as a tool to teach responsibility. But responsibility can easily be taught with other things. For us an allowance (how old fashioned!) for chores completed works well. Then my daughter can save up for something she wants and we can treat her to a shopping outing. An allowance is much more versatile than talk time. You can't buy a new book or treat yourself to ice cream with cell minutes.

I can see no real reason for anyone so young to have a cell phone. Have all pay phones gone up in smoke? Can't kids call home from the class room at school to get picked up? Or even better, my parents picked me up at the end of my extracurricular activities because they knew the time it was supposed to end. Besides, if all your friends have cell phones, then they can let you borrow it if their is an emergency. You aren't going about alone now are you?

Am I totally off base here? Am I missing some key factor in this? I don't know, but either way, my kids aren't getting a cell phone until they can afford to buy their own. If we keep going at this rate there will be cell phones in prenatal care packs before long.

I just discovered that the 2005 Executive Excess Report is out. Faireconomy.org is on it's 12Th year with these reports, but I only discovered them last year. I read last years report and found it highly disturbing. And it looks like it isn't getting any better this year.

Since I'm so much gloom and doom as of late I thought I'd end with a little related humor about Technical Support from Foamy the Squirrel. Unrelated, but still therapeutically funny are Amplified Bible and Sacred Space.

By the way, Foamy is not safe for work, kids, or the easily offended. You've been warned.

Having been laid off from my previous employer during the massive turn down in tech industry in 2003 I'm still finding myself asking this question. I mean, asking it as far as what is available within a 50 to 75 mile radius of my home (.75 to 1.5 hour drive). I just did a quick search on Monster.com just to see and of the only 33 jobs listed only 1 was in the ABE area. Many of them are of no interest or not related to my skill set. One thing I have noticed is that they seem to have gotten away from wanting to pay one salary to have you be their Network Engineer, Developer in 8 difference languages, manage multiple databases, and maintain a phone system. All while you provide front-line help desk support for users. OK, I'm over exaggerating a little, but not overly. Also, many of the jobs are contractor positions, they want you for 6 to 12 months, then it's over.

Honestly though, the Lehigh Valley is more than a little bit of a challenge to find employment. It took me almost 9 months of vigorous searching near and far to find the one that I do have, and I'm getting paid significantly less then I was. Don't get me wrong, the guys I work with are great, and they are very family needs conscious but when the daycare costs for two children are more than your mortgage on a modest home it only goes so far. That on top of the ever increasing cost of living and it's now to the point where I have to consider doing something about it. I'm getting tired of having to get creative to find the funds to send my daughter to things like swimming lessons.

I know the jobs are here locally. They just aren't publicized. Or, if they are, it's not locally publicized. In a conversation with an employee of the Lehigh Valley Economic Development Corporation (LVEDC) he said that they are trying to get local companies to advertise in the Lehigh Valley area, but many of them are advertising their jobs in Philly. For some reason they don't think they can get skilled labor in the Lehigh Valley area. This doesn't make any sense to me since with all the layoffs of huge companies like Agere one would think there would be a huge amount of skilled people crazy to get work.

I guess it comes down to knowing the right people, as usual. Most jobs are gotten based on who you know. I got my previous job because I knew someone who worked there and I got my current job in the same way. Who knows, maybe things will work out where I am now. In a way I hope they do. But the world we live in is cut throat and blind loyalty had gotten me burned before.