DEBRIS.COMgood for a laugh, or possibly an aneurysm

Over two years ago I started building a new firewall. I foreshadowed the agony to come, in my first report: “The software is taking longer to configure… more on that later.”

It’s finally “later.”

I’d started, I think, with RedHat 8. I got sidetracked trying to make the machine work as a print server. I dislike futzing with hardware so much that I can only stand it in small doses, so I took a couple months off, by which time RedHat 9 came out. I kissed off the print-server failure and did a fresh install.

By focusing on setting the machine up as a gateway and firewall, I was able to quickly finish the configuration. But: within five minutes of booting up, the machine lost the network. A long download would pause and never restart. Outbound pings and traceroutes all failed (although inbound traffic seemed to work fine).

Other Mini-ITX owners had reported similar problems, but their solutions didn’t work for me: no amount of kernel switches or BIOS settings would enable the box to stay online for more than 5 minutes. I spent hours on APIC, ACPI, network driver debugging, network interface duplex negotiation, etc. I did dozens, literally dozens of kernel compiles. It sucked unholy penguin butt.

I asked my systems admin to take a look at the box. For him, on his home network, the machine worked fine. Argh.

I replaced network cables. I tried different ports on the switch. I even replaced the switch. No dice.

I upgraded to Fedora Core 1. Still no dice. Fedora Core 2? Ditto. Meanwhile, I’d put another two years of service on the old freight train of a 486 that I’d been using as a firewall since approximately 1975. All the time, I was thinking “what will I do if it dies?”

Finally I gave up on Linux. I’d wanted, in a (very) small way, to learn more about FreeBSD, so I tried that.

Eureka! Networking didn’t die. It was gratifying to have fixed the problem, but perhaps even more gratifying to prove that the machine didn’t have a hardware failure after all.

The next step was to learn ipfilter. Ugh, yet another obscure syntax for encoding access rules. ipchains was pretty bad, but at least it was familiar. Was I up for another round? Not really. So the fresh FreeBSD install got dusty for a few months, because except for the fact that it sounded like the test grounds at the Boeing factory, my old 486 firewall was working just fine.

Until it died, it worked just fine. On July 4, the NIC seized up. I could just make out the death rattle over the fan noise.

Configuring the ITX machine for NAT and firewalling was surprisingly easy, given this step-by-step recipe: How to Build a FreeBSD-STABLE Firewall with IPFILTER.

I needed to add a second NIC, because unlike Linux, FreeBSD isn’t able to alias a private IP (e.g. 192.168.1.1) to the same NIC used for the public IP and keep them both logically separate. The 2-NIC design is more secure anyway, and although it seemed possible that the additional hardware would max out the small power supply that came with my mini-itx case (this is one of the possible explanations for networking malfunctions), it hasn’t yet been a problem, but check back tomorrow.

In answer to the question, “why not just buy a $60 hardware firewall from CompUSA,” I’d say, first, that I’d rather eat a can of corn smut then give Comp USA another nickel, and second, that I run a DNS server and mail services on this machine. And maybe a print server too, given a couple more years to configure it.

This is the funniest thing I’ve seen in a long time:
Steve, Don’t Eat It!

Another green life hack: repurposing tech-conference geek purses as earth-friendly shopping bags.

(The irony is that it’s not entirely inconceivable that I might run into Tim O’Reilly at the local grocery.)

Machine translation, AI’s “next big thing” since about 1954, is always good for a laugh. Today’s piece in Der Spiegel about hygiene during vacations, when processed by babelfish, contains some insightful turns of phrase:

• The introduction describes Howard Hughes as a man who “suffered from wash obligation.” I can’t help but wonder if the article’s author, “Evelyn Striking Stone” according to the fish, was sitting near me on my recent trip to the land of asparagus and pop music. I mean, that’s me all over.
• With childlike honesty and a simplicity that is rarely found in print journalism, the translated article pinpoints the core of the human condition, and especially the core condition of humans who travel: “you are rather an aesthetic problem.”

Bravo, M.T.!

The 2005 North American Solar Challenge, a 2500-mile road race for solar vehicles, begins today. It will end on July 27 (presumably depending on the weather?).

The Chronicle article contains some background info and explores the local angle: Race car drivers who love the sun.

The NASC website shows near-realtime maps indicating the position of the various participants (look for the blue stars).

See the Reports from the Road section for the latest news.