Brian's Blog

While listening to the Techshow this evening someone pointed out a system that comes with Linux for $150. Now that's an affordable PC and the system specs aren't all that low, except for the memory, but that's the only thing I'd want to upgrade hardware wise. I don't like Linspire so I'd put something else on it. Still though it's a sweat deal if you need a spare system and are on a tight budget. To bad I didn't know about this when I was upgrading my fathers PC.

I haven't had good luck with things staying up here as of late. Not long after my 11 hours without electricity my cable connection up and died with no warning. The modem just sat there blinking its lights for hours trying to get a connection. Obviously I called my ISPs tech support which said it was something wrong with the line itself as far as they could tell and a tech would have to come out. The soonest they said they could get here was in 6 days. What!? 6 days!? That's crazy.

After a little bit of prying I found the only reason they wanted to take that long was because they wanted access into my home. I had already checked my lines as best as I could internal to my home so they could be out tomorrow. I call them them this afternoon and much to my surprise it's already working!

I'm a happy camper now. A geek going cold turkey off of the Net is not a pretty sight.

Well, the conscience got the best of me and I E-mailed gpl-vilations.org. I was thinking about things a bit and a comment or two made on these posts and decided it was the best thing to do. The way I see it is even if they wrote everything else from scratch that it's still a Linux based device, meaning that they have to have some mention of how to get the source of the kernel. I find it unrealistic that they would write replacements for the Linux kernel, Spamassassin, and netfilter. All of which seem to be used based on it's behavior. It's hard to tell exactly what software is in use when they won't let you do anything to it other than use the web interface. If you open it it voids the warranty and that's a chance I won't take with a clients equipment. Also, the fact that it costs about $2000 to buy one rules out me getting one to play with. Actually, I was told specifically that they used Linux and Spamassassin so those two shouldn't be speculation.

Anyway, I hope they don't get sued or anything, that isn't the intent. Hopefully they are just ignorant of the licenses and will do what it takes to comply once they are informed.

Well, it's been since Friday that I requested the software license that Barracuda Networks has regarding their Spam Firewall and I still haven't heard anything. So I called up the sales department there and just asked if I could see it. I figure at the very least they have something to protect their work. However I got only generic links to "documentation" one of which didn't work sent to me and the feeling from the sales rep that he really wanted me to go away. Basically all he said was that it was a GNU/Linux based device, and that they use Spamassassin as one of their detection methods in addition to several "custom" modifications to enhance detection. I tried to ask a couple more questions playing dumb but got more generic answers with that "please stop talking to me" sound in his voice.

I don't know if they are trying to hide something and they know they are in violation of some Open Source license? Or, perhaps they are just all ignorant of the subject and the sales guy just wanted to get to someone he could make a sale with? Still, I don't feel comfortable, and knowing that I'll probably have to install more of these units with doubt lingering in my mind is not an easy thing. It's difficult to recommend and support a device that you have doubts about.

So. Now I find my self wondering, should I just leave it go? Should I call back and explain my concern? Should I inform someone or some entity about my suspicion and let them deal with it? And if so, who other than the GPL Violations web site? Do I really want to get involved in this?

I mean, the "do the right thing" side of my says to just let someone know so that if they are misbehaving that it comes to light and gets fixed. However, I don't want to get sucked into any kind of legal battle. That would just suck and take up time I don't really have. Who knows, they may be 100% legal and just not coming across right, or they may not know they are in violation and just need to be informed.

What do you think should be done?

I had an odd experience while troubleshooting a Barracuda Spam Firewall 300 today. I don't need to get into the technical specifics on what I was working on because it doesn't really matter. What does matter is the conversation I had with the tech during this call. But first, let me explain how tech support works at Barracuda Networks along with what a Barracuda is.

Essentially, a Barracuda box sits between your E-mail server and the rest of the world. Inbound E-mail comes in to the Barracuda, which examines it for viruses and spam, then deals with it according to your wishes and forwards it off to your E-mail server for final delivery. This, in and of itself is a very good thing, but what bothers me is this. When you call tech support they won't walk you though anything. They make you go into the troubleshooting section of the web interface and click a button that opens a reverse ssh tunnel to their network. Essentially bypassing your firewall. And even this wouldn't be bad really except that they don't give you a choice. They won't do anything unless they do it through the tunnel. I asked for the root password and they refused to give it. Who's box is this anyway?

Oh, I should mention that the Barracuda runs Linux. And appears to have several modified applications from Open Source projects. I've read that the flavor of Linux they use is a modified Mandrake. And from looking at the way they deal with spam it looks incredibly similar to Spamassassin. I'm not sure what they use to scan for viruses. They might have rolled their own scanner as far as I know. I really didn't go ripping into the Barracuda since it's a clients machine and is in active service so I can only speculate. I'd love to yank the hard drive out of one and stick it in a normal PC and see what's on it. After all, it's just a PC. If you look at the back you can see the normal layout of ports on the back and can see the edge of the motherboard along with normal memory slots. It's just a standard PC packed into a small mountable case.

So, anyway, during my support call I was thinking of how nice it was to see a corporate level device running Linux when I realized there was no license agreement at all that came with it. I mean, nothing. No EULA of any sort. I figure since much of it appears to be based on Open Source stuff that there should be a copy of maybe the GPL or the Apache License, and a notice on where to get the source code. So, while talking to the Barracuda engineer I asked him where I could get the source. And here is where I got the funny feeling that something wasn't right. His answer was, "What I'm supposed to tell anyone who asks this question is to Google on 'Barracuda Spam' and you should find all the information you need." So while I was on the phone with him I Googled as he suggested which only produced pro Barracuda stuff and places to buy them. I mentioned Apache, Spamassasin, and Linux and said that at least some of the stuff in their product probably had origins in a GPLed project somewhere. And if so then why didn't they have any source available? The answer was, "Well, we've modified it so much that it's not really original anymore." I asked why he couldn't talk about it much and his final answer before I dropped it was, "We are allowed to say only certain things to prevent us from saying something stupid." He was a nice guy and doing his best to help me out with my problem so I didn't push the issue. He seemed sort of uncomfortable with the subject matter anyway.

So, to satisfy my curiosity I got in contact with one of their Sales reps. I figured if anyone should know the ins and outs of the legal behind their products it should be the sales guys who have to deal with people like me asking all kind of questions. When I asked about getting a copy of the license he said, "Uhm, I'll have to look into that. Can you send your request in an E-mail and I'll forward it off to our VP?" I sent the license request Friday afternoon, so I'm curious to see what I get if anything come Monday.

After all this I did a Google for "Barracuda GPL violation" and other similar phrases and came up with this white paper at packetstorm which brings up things I was thinking about and a heck of a lot more food for thought. I also found a couple of links pointing to forums where someone was talking about this exact subject but didn't take the time to read the entire thread, it was rather long.

This is one of those times when I wish I knew a lawyer who was versed in such things just so I could get a professional opinion. I'm no lawyer and I can't pretend to totally understand the GPL yet alone the other licenses that OSS can come under. However, their inability to produce a license, the sales reps confusion when asked for a license, and the "I can't talk about it." restrictions on the engineer all seem fishy. I'm not sure what to think, or even how I could go about finding out if they are in violation of any license. It wouldn't surprise me if they were though and they wouldn't be the first ones who tried to benefit from OSS without fulfilling the obligations in the applicable licenses. Remember Linksys did the same thing and got caught.

Who knows? I may just be over reacting and blowing smoke out my of ass on this. Like I said, I'm no lawyer. Maybe someone else who actually has an informed clue on this could enlighten me?

I've had an old P200 system just laying around collecting dust. This is a crappy system, I mean really crappy. It's so bad that the maximum memory it can hold is 64MB. So, what the heck can I do with this thing? I know, make it my router! This is something I've meant to do for some time. Until recently I've been using a Linksys BEFSX41 which hasn't had a firmware update in over a year and is showing it. Also, I've noticed that if I stress the router with many connections it has a tendency to lock. This is a problem that Linksys has had with multiple models. There used to even be an entire thread dedicated to it at Dslreports. Search for lockup, maybe the thread is still there. Plus I had to contact their tech support once and it was the worst support experience I've ever had. So, out with the Linksys and in with IPCop.

IPCop is a super slim Linux distribution that is dedicated to securing your network from the big bad Internet. There isn't much here, it's a 40MB download for the ISO and it basically squid(proxy)+snort(IDS)+iptables(firewall) with a nice web interface. It's got a mess of other goodies too. A few are traffic shaping (QOS), DDNS support for multiple services, and an NTP server. Additionally there are addons you can install for new functionality, such as Cop+ which adds Dansguardian support for content filtering. And Copfilter which adds spam filtering, virus scanning, and ad/popup blocking among a few other things.

IPCop can have up to 4 different zones. These are Red, Green, Blue and Orange zones. Red is for the Internet, Green is the internal trusted LAN, Orange is the DMZ for things like web servers, and Blue is for an isolated Wireless subnet.

Setting IPCop up wasn't to bad. The documentation is very well done and easy to follow. The only quirky thing was getting the NIC I wanted on the Green zone. At first I stuck all 3 NICs into the system and ran the install. During install it scans for a NIC to use for green and always chooses the first one it finds instead of detecting them all and letting you choose. I wanted to use the old 10Base-T card for the Red zone, but unfortunately it was the first one always detected making it want to be on the Green. I tried moving the cards around on the PCI bus and it still detected the slow card first. Ultimately, I removed all the other cards and left just the 10/100Base-T card I wanted for the Green in and added the rest after the install.

Getting the Red and Green zones working was a piece of cake, and setting port forwarding was just as easy. The next minor hurtle for me was getting my web server in the Orange (DMZ). I connected it via a crossover to the Orange NIC and promptly could not see anything. I was only able to ping the Orange NIC and that was it. After much hair pulling I found a nice support site called IPCops.com which had the fix. The question related to getting things working in Orange was asked so much that they call it "The Orange Mantra". Here it is, both for my notes and your reading pleasure:

• Orange must be on a separate physical wire from Green (not on same hub/switch)
• Orange must be on a separate logical subnet.
• Orange cannot send nor respond to ICMP. (ie., PING).
• Orange must always use ISP DNS for name resolution.
• Orange must always point to the IPCop Orange interface as its gateway.
• Orange can be accessed from Green ONLY by it's internal IP address unless /etc/hosts on IPCop is editted.
• Orange cannot access Green unless pinholes are opened.
• Orange can be port-forwarded to in exactly the same manner as Green.

Once I got this straight things worked great. Now I'm just working on procuring a old ISA NIC so I can make a Blue zone. Like I said, it's a crappy system but I'm impressed with the performance. It's more than enough for my purposes, and it could probably support a small to medium office with out to much stress. Of course, adding the content filtering, virus scanning, or spam filtering adds onto the burden of the system requiring more power, but even that isn't to much. Copfilter recommends a minimum 350MHz system with 256MB RAM. Imagine what this could do on a bigger system?

I've just spent the last hour or so fighting with Knoppix 3.9 trying to get it to boot on an old Dell Pentium 200MHz system. I want to image what's on it with Partimage before I wipe it out and give ipcop a whirl.

After much frustration and googling to find out how to make a Knoppix boot disk I discovered that I can't because the Knoppix kernel is to large to fit on a floppy. So someone suggested Smart Boot Manager. Talk about a slick little utility to stick in the toolbox. It just displays a nice list of what devices you have and lets you choose in a menu what one you want to boot. Essentially bypassing the problem BIOS.

My little logdiff script just informed me that Slackware 10.2 should be with us soon!

From today's Changelog:

OK folks, this is just about ready to go. Consider nearly everything to be set in stone at this point, especially the kernels. Zipslack has yet to be built, and some of the documentation needs minor updating, but for the most part this is how Slackware 10.2 is going to look. Expect a release to happen sometime within the next week or so.

This makes me just one more swaret run away from the latest in Slackware goodness.

Speaking of swaret, there's a new version of that too. I have to check out what the new version offers.

Just when I thought obnoxious phone use couldn't get any worse I read on USA Today that cell phone makers are beginning to target preteens. Yippy, just what I need is a bunch of 6 to 12 year olds running around getting cell calls with their Britney Spears ring tones set to "shatter glass" volume. How the hell can we expect children to be able to know the appropriate time and place for cell phone use when most of the adults, i.e. their parents, can't seem to grasp the concept of manners? It's nearly impossible to go anywhere for any form of entertainment and not have to contend with at least one moron with a bad case of Cell Yell.

My thoughts on a couple of things stated in the article:

"It's open season on kids," says Gary Ruskin, executive director of advocacy group Commercial Alert. Ruskin rattles off a range of concerns, from children being exposed to marketing messages on the phone itself (such as Mattel's "My Scene" design) to the potential for kids to be pressured to buy ring tones and accessories.

This has been happening a long time, kids are easy to manipulate because their minds have not fully developed. They can be easily manipulated into thinking a want is a need. Then they are encouraged to nag their parents into buying them things. In fact, a marketing expert interviewed in The Corporation said they target kids precisely because they are easy to manipulate and also stated that they have found that a parent is 40% more likely to make a purchase when nagged by a child then when not nagged. This is clearly a moral issue. I for one don't want my kids judgments manipulated by an entity who does not have my children's best interests in mind.

Marketers defend their phone products. Mattel says: "We believe it is ultimately the choice of the parent to decide when his or her child is ready for a cell phone. Research shows that kids are going wireless, and we wanted to provide girls with a communication device that is not only functional and fashionable but that also encourages responsible cell phone use."

Yes, indeed it is up to the parents to make the choice. However, keep in mind that mobile phone companies have already manipulated the adults into thinking a want is a need. Of course they are going to say yes when little Johny says he wants a cell phone. After all, doesn't everyone have one? And how can you possibly live without it? You have to keep up with the Joneses you know and it wouldn't be acceptable to put a damper on your child's social standing now would it? Not to mention the endless nagging that they want one.

Come on parents, get a back bone! Who's in charge here? You, your kids, or the marketing department? Say no, mean it, and don't back down. Kids are smart, if they figure they can work you over to get what they went then they will. I'm not saying to be draconian or anything, just start being a parent and realize that it's you who's the final word until they have grown.

At this point, Webber is just about sold. Both he and Corrao agree that cell phones can teach their kids about responsibility. Corrao's son, Daniel, does chores to earn the talk time, and Webber says he'll do the same with Jake.

Now, this probably isn't so bad of a thing. If you feel a 6 year old absolutely must have a cell phone then at least use it as a tool to teach responsibility. But responsibility can easily be taught with other things. For us an allowance (how old fashioned!) for chores completed works well. Then my daughter can save up for something she wants and we can treat her to a shopping outing. An allowance is much more versatile than talk time. You can't buy a new book or treat yourself to ice cream with cell minutes.

I can see no real reason for anyone so young to have a cell phone. Have all pay phones gone up in smoke? Can't kids call home from the class room at school to get picked up? Or even better, my parents picked me up at the end of my extracurricular activities because they knew the time it was supposed to end. Besides, if all your friends have cell phones, then they can let you borrow it if their is an emergency. You aren't going about alone now are you?

Am I totally off base here? Am I missing some key factor in this? I don't know, but either way, my kids aren't getting a cell phone until they can afford to buy their own. If we keep going at this rate there will be cell phones in prenatal care packs before long.

Once again, in a feeble attempt to be sort of useful with a script, I decided to have the Slackware changelog automatically sent to me via E-mail. Not the entire change log, just the parts that changed from the previous. This is probably a kludge as there have to be a bunch of ways to make it better. As usual, it's simply an exercise to reinforce what I've learned about bash scripting with a side bonus of being sort of useful. Well, useful to me at least.

Here's what I have at the moment. I just stuck this in my crontab to run at a reasonable interval.

#!/bin/bash
logurl=ftp://ftp.slackware.com/pub/slackware/slackware-current/ChangeLog.txt 

if [ ! -d $HOME/.logdiff ]; then
        mkdir $HOME/.logdiff
fi 

# Get the log
if [ -e $HOME/.logdiff/ChangeLog.txt ]; then
        mv $HOME/.logdiff/ChangeLog.txt $HOME/.logdiff/ChangeLog.txt.old
        wget -O - $logurl > $HOME/.logdiff/ChangeLog.txt

	if [ $? = "0" ]; then
        	diff $HOME/.logdiff/ChangeLog.txt $HOME/.logdiff/ChangeLog.txt.old > \
		$HOME/.logdiff/difference
	else
		exit
	fi 

# Exit if nothing has changed
        if [ $? = "0" ]; then
                exit 
        fi
else
        wget -O - $logurl > $HOME/.logdiff/ChangeLog.txt
        exit
fi 

# Email the differences 

cat << EOF > $HOME/.logdiff/message
From: rignes@ptd.net
To: rignes@ptd.net
Cc: 
Bcc: 
Subject: [logdiff] Slackware Changelog
Reply-To: 

EOF 

cat $HOME/.logdiff/difference >> $HOME/.logdiff/message 

cat $HOME/.logdiff/message | /usr/sbin/sendmail -t

This is sort of significant in a way for me as this is the first thing I've written that actually uses flow control. BTW, constructive educational criticism is welcome.

This looks like a fun hack! To bad its illegal. Even so, from what I've read there are companies that charge $500+ for a single unit and here we are with a home grown version for about $20. What I'm talking about is a device that will turn red lights green ahead of you as you drive. Supposedly law enforcement use these to get where they need to in a hurry. You know, important places like the donut shop...

Well, when time permits I've decided to nuke the increasingly annoying Windows P install on my work laptop and put some sort of Linux on it. Probably Slackware. There are a couple of goals I want to meet other than the typical stuff. One of them is being able to quickly and easily change wireless networks. I roam about from place to place all day and it's often nice to just hop onto a customers wireless network than to try and find an open port. I'm thinking of just making a script that will do it but perhaps there is a nice utility to assist in the job? (Hint: Comments welcome) It'll probably be a couple of weeks at least until I have the time though.

Work also gave me an iPAQ h1940 to play with so that adds another goal, which I think I have worked out. To sync a PocketPC with Linux you need a couple of things. The first being Multisync which does the actual synchronization, and the other being Synce which is a plug-in for Multisync. The only catch in the entire thing is that it only syncs with Evolution, why can't it sync with Sunbird? Maybe it can and I just haven't found it yet.

Reviews of the greatest Linux distro (in my humble opinion anyway) seem to be terribly rare. I just found a nice one on Madpenguin that sums up things I've though on my own. Come to think of it, I can't say I've ever found a Slackware review that was bad that wasn't total BS. But then again, I am a little biased.

Well, I just had a rude discovery. I've been screwed, again, my Microsoft and their licensing methods. But first, some background. At work we have a couple of clients that use Terminal Services in Windows 2000 server. The way it works in 2000 is that every Windows OS you connect do that is Windows 2000 or newer gets a free license. So, the only thing you need to buy a license for is the odd ball Windows 98 system, and better OS's like MAC and Linux.

Well, Microsoft in their infinite wisdom, decided they weren't making enough money and took that away. The problem now is that you technically have to buy a TS CAL (Terminal Services Client Access License) for each device or user you have connecting to the Terminal Server, depending on what licensing mode you run in. Actually, that isn't 100% true. To add some unneeded complexity to keeping track of licenses, all copies of XP purchased after April 23, 2003 are grandfathered and get a license the way it used to work in the 2000 server. I find myself wondering, how the heck do they know when a particular copy of XP was purchased?

The reason I feel screwed is that there is a project planned for next week where we are planning on upgrading a Windows 2000 Server to Windows Server 2003. They have a publicly accessible database that clients access from their Window 2000/XP computers. Now, they will have to buy licenses, not for themselves, but for the number of people they think they will have connecting at any one time. And all this changed sometime without much fanfare to be discovered by me less then a week from the scheduled upgrade!

There is a minor up side though. In the new licensing model you can license per user instead of per device which should cut down significantly on the number of licenses they'd need to buy. But still, why does Microsoft have to make this stuff so complex? You almost need a specially trained expert to advice you on these sort of things.

I'm currently printing the 20+ page white paper so I can get a grip on this crap. I can think of a million things I'd rather be doing than trying to decipher Microsoft licensing. So much time and effort gets wasted doing work to help make Billy boy richer.

I've always wanted to figure out how to stream my music collection to wherever I happen to be but never really took time to research what I'd need. Then I came across an Newsforge article about Slimserver. In a nutshell Slimserver is a streaming server designed for the hardware players they have at Slimdevices but it happens to work with pretty much any other player able to handle streams. I've used it with xmms and winamp so far and it works nice.

I downloaded the .tar.gz for Linux but it's available in rpm and even has a Windows version. It was pretty easy to install on Slackware too. It wasn't as easy as running the exe on Windows but still pretty darn painless if you read the docs. Basically I just uncompressed it, stuck the resulting directory in my home directory, and ran build-perl-modules.pl to build some perl modules then ran slimserver.pl to start up the server. From that point it was a simple matter of accessing the web interface and configure it.

The only odd thing is that each player that you connect with has a separate playlist unless you use Softsqueeze with which it lets you synchronize the playlists between different Softsqueeze instances. Otherwise, if you use anything other than Softsqueeze you have to load the playlist for each one. Not a huge pain, especially since I imagine Slimserver isn't designed to be a multicast server.

The web interface is pretty slick too. You can browse your collection by Artist, Album, Artwork, Genre, Year, and folder. You can also save different playlists and browse by those. The playlists you create can be loaded by any player that is connected. The search function is powerfull too. In the advances search you can search on attributes like bitrate, file format, file length, in addition to the normal searches like Track, Artist, Album, etc. Or there is just the simple search that searches titles.

Of additional coolness is the Softsqueeze player is already integrated into the Slimserver and it written in Java. You can follow a link that will install it on your system or run it as a Java applet. Supposedly Softsqueeze is able to connect to your stream via an ssh tunnel without having to run putty or ssh on the command line to setup a tunnel. I haven't tried that part yet though.

Right now I have my collection streaming to me at work through an ssh tunnel established with Putty. It sounds darn good too. At least on my crappy laptop speakers. Speaking of quality there is a setting to limit the bitrate of the stream. So, if you limit your bitrate to 128k and the song itself is encoded at 320k it will convert it on the fly for you. Which is nice if you are on a slower connection.