The FreeBSD Diary |
(TM) | Providing practical examples since 1998If you buy from Amazon USA, please support us by using this link. |
San Jose bound...
11 June 2001
|
Welcome to the wonderful world of USA air travel. I had been warned. I knew what I was getting into. But I was naive. Or perhaps just stupid. But I'm wiser now. I rarely make the same mistakes twice. Well, there was that little problem back in '95 with US Customs, but that was an honest mistake and I'm sure they've forgotten all about that by now. Besides, they can't prove anything. They might suspect me, but they sure as hell can't prove anything. Note to self: keep in touch with those lawyer friends, just in case you need them. Today's journey may have begun before dawn, but the educational experience started last when when I was booking this morning's trip. Victoria, my travel agent, was very helpful on the phone and gave me many options. Even after my initial plans to fly down on Saturday for a weekend in San Jose with friends fell through, she still had option for me. Before my plans changed, the flying charges were going to be $700 (all monetary values in this article are Canadian unless otherwise specified; your milage may vary; do not try this at home; do no operate heavy equipment). But as I wasn't staying over for a weekend and it was a short notice booking (i.e. < 7 days), things were going to change. One of Victoria's options was flying with Air Canada, but their fare structure dictated a charge of $2700 Or, I could fly with NorthWest and it would be only CAD$700. Sure, it meant a 5:50 AM flight from Ottawa. And a trip to Detroit. On a turbroprop, operated by Mesaba Aviation. As this was my first trip paid for by my new employers, I selected the less expensive option. When I told my boss, Ron, about the booking. He laughed and told me that NorthWest was the airline he'd stopped using because of delays and reroutings. He only used Air Canada now. I listened but took no action. Now I wish I had done something. I awoke at 3:55 AM today. Five minutes before my alarm was to go off. I now regret missing that five minutes of sleep. Sure it was dark. But the birds were busy with their pre-dawn chorus. I struggled out of bed, deactivated the alarm lest it awaken others in the household, had a shower, and ate something to get me going. At 4:30 AM I wandered outside to find my cab waiting. 20 minutes later, after an $18 trip to the airport, through deserted streets that occasionally showed signs of life, I arrived at a bright but very quiet airport. The first hint of trouble arrived when I didn't know where to check in. This was my first international departure from Ottawa. But I was directed to the second floor where I found my airline. As with most incidents in life, I didn't recognize the first signs of trouble. But it was there. If only in hindsight. The next lovely interlude was a pen that didn't work. Mine. So much for filling in the US Customs form whilst waiting in the queue. I borrowed a pen at the desk. The check-in person did manage to find me a window seat. Bravo! The next interesting situation was the differing opening times of the various airports sections. Although we could walk into the airport and check in, we couldn't go through the security section or into Customs until 5 AM. So we stood there waiting. Patiently. I arrived in the departure lounge and started up my laptop so that I could catch up on my USENET reading (specifically, comp.risks). After ten minutes of reading, my laptop started beeping. Rather loudly. The poor thing was screaming out in pain as the battery died. Embarrased and eager to silence this rather loud monster before the other passengers started to throw heavy items in my direction, I hastily typed "shutdown -h now" and waited for another 4 or 5 rather loud beeps before it died. I was most impressed with my hasty yet correct typing and I thanked my high school typing teacher as I fished another battery from my bag and again started reading. Then, at about 5:30 AM, we were told that the pilot had requested that the boarding process be delayed because of a mechanical problem. They were working on it and we would be informed ASAP. By now, alarm bells should have been ringing in my head. During my comp.risks browsing, I came across an interesting article regarding anomolies in the Wyoming license regulations with respect to federal law and Social Security Numbers. It was rather amusing to read about the ways in which Federal and State law sometimes contradict or conflict with each other. It was then with delight that it found it was written by Brett Glass. At 5:55 AM, it was announced that the flight had been cancelled and would everyone please report to the desk to be rebooked. Having seated myself rather close to the desk, I wound up third in line. I'm going to be booked onto a 9 AM flight to Chicago, then to San Jose. I'll arrive at 2 PM instead of my expected 11 AM. I'll miss my lunch with my co-worker Richard and the first hour of the conference. Lovely. |
7:50 AM
|
It's now 7:50 AM and I need to make some phone calls. I have no email access here, so I'll call Eric and ask him to email Richard to let him know I'm going to be late. I would phone Richard, but it's 4:50 AM there, and I'm sure he'd rather not know just now. |
8:30 AM
|
I have been rebooked onto an American Airlines flight to Chicago. I don't even have Patti's email address or phone number. I haven't seen her since July 1995 at the start of my big road trip south to New Orleans and then north to Vancouver. That was a wonderful summer. I'll email her when I return and let her know I was in town.... The good news is that I will get to San Jose. Only at 2:06 PM instead of 11 AM. This is annoying on two counts. First, I'm going to be late to the conference. Second, I'm going to miss out on the lunch with Richard, during which we would have been able to discuss the conference and what approach we could take in order to get the most out of the event. Third, and much more important than the other two items combined, I could have stayed in bed for three hours. |
9:17 AM
|
Actually, my watch says it's 8:37, but I've already changed that to Chicago time. My body says it's very early still. Now that I'm on the plane and somewhere between Chicago and Toronto, I'm beginning to get sleepy. I can sleep on planes, buses, trains, and cars (although not often while driving). My body seems to take the constant noise and sense of motion as a signal that I'm back in the womb and the best thing I can do is sleep. I think I'll do just that. Now. |
11:50 AM Chicago time
|
I'm in the air again. It seems like whenever the airlines find three big guys on the same flight, they seat them all in the same road. Right beside each other. And by big, I don't mean obese. I mean 6ft+, 220lbs big. Here we are, the three of us, stuck in the back row of an American Airlines Boein 737 bound for San Jose. Compare that with the Fokker I fly in from Ottawa to Chicago. I was in seat 12E, but when I got there, I spotted an empty exit row just a few seats back. That's where I sat. And who should be on either sit of my original but now empty seat? Two attractive women. Good planning Dan. Avoid the women, sit by yourself. Then get a seat between two guys. Talk about a fun trip. There could be worse things I suposed. At least the flight isn't rough so far. And I had a killer feed of McD's outside gate L1 at O'Hare. I knew you could upsize your meals, but this place, as do others I'm sure, had two levels of upsizing. You could get Large and EXTRA LARGE. This was the biggst order of fries, I've ever seen. And the Coke must have been 750ml. Umm for those of you not yet metric, which should be only Americans, that's about three quarters of a quart. I shall not be eating the in-flight meal. |
FreshPorts
|
It appear as if the new FreshPorts box is coming along nicely. I left it running some disk benchmarks (see benchmarks/bonnie++). That isn't because I want to know how fast the disk it. It's because I want to exercise the disk. I failed to purchase the recently released disk walking kit, complete with leash, watering bowl, and feed dish. So I figured the next best thing was to provide it with some in-place exercises. Much like those electronic exercise machines which jolt and contract your muscles via an electric pulse. If a disk is going to fail, it will often fail early on. In the first few hours. Otherwise, it will probably live to a ripe old age, then die on you after you've become backup-complacent and when you least expect it. Of course, I'll be checking back in on that box from time to time, just to see how it's doing. The basement has become quite hot lately with the added heat of the NT box, the W2000 box from work, the gateway, the new FreshPorts box, and the laptop. Combined, they are putting out quite a few extra watts. And you can tell that just from walking into the basement. Speaking of watts, I am most impressed with this new power supply I bought. I can't recall the name, but remind me and I'll add it later. This ATX PSU has an extra long power cable leading from the box to the motherboard. It must be at least three feet long. There are also at least four power cables for those disks, fans, and DVDs devices of yours. The PSU itself has two fans. One is the fan which is present in most PSUs. That's the one you cans see when you look at the back of your computer. It pulls air out of the case. The other fan faces downwards into the body of the case. This fan pulls the air out of the case and into the PSU, thereby allowing the first fan to expel it out of the case. These two fans are both ball bearing fans. They should last forever (touch wood). An added bonus is that both fans are quiet. Very quiet. I think they are thermal driven. I think the two CPU fans are louder. I know the box is quieter than any of my other boxes, with, perhaps, the exception of the Toshiba desktop provided by my employer. I like this PSU so much, if I ever build a box from scratch, I'll be sure to use this one! |
Late Arrivals
|
I did manage to speak to Richard while I was in Chicago. Barring any last minute interruptions he will be attending the first couple of hours of the conference. That's good, because I'll be missing them. The next time I attend a conference, I'll do what I've always done in the past: show up the day before. It'll cost an extra night, but it will be worth it not to miss anything. Richard will be wearing his Ponte t-shirt. That's the only way I'll recognize him. I don't think I mentioned that the new FreshPorts box was given to me by Jake Burkholder, one of the FreeBSD committers. He had no further use for it. It had been given to him by David O'Brien, another committer. Remind me to ask David where he got this dual P220. Regardless of the source, I'd like to have the proper attribution on the contributions page. |
Laptop security
|
I am sure that this topic alone is worth a separate article. The security precautions one takes with a laptop is probably not the same that you would take with a desktop box. As Mark Murray put it at FreeBSD Con 1999, security involves a combinatio nof securing both the network and the machines on it. While I was waiting in the Ottawa lounge (for 4 hours), one of the tasks I undertook was to compile a new kernel. I added the following options to my kernel configuration file.: Then, I added the following lines to /etc/rc.conf:options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging options IPFILTER_DEFAULT_BLOCK #block all packets by default And into /etc/ipf.rules, I placed these rules:ipfilter_enable="YES" # Set to YES to enable ipfilter functionality ipmon_enable="YES" # Set to YES for ipmon; needs ipfilter, too! pass in proto tcp/udp from any to any pass out from any to any BUT DON'T DO THAT! Those rules are useless. Ensure you use a proper set of rules. Have a look at the at my ipfilter page for the link to the How-To page. When I get to the convention, one of the first things I'll do after I get logged into one of their access points will be to ssh to home and grab my rules from there. In the meantime, I've gone into /etc/inetd.conf and deactivated everything. And I mean everythihg. I'm sure there's still a few things running which I should be worried about, but I'm willing to take the risk for now. The other main changes I made were to /etc/pccard.conf and /etc/rc.conf files. # Lucent WaveLAN/IEEE The main change is to use the access control point (1=BBS mode) instead of going into peer-to-peer mode (3=ad-hod\c mode). The other change was to use the service set "DMTF". The changes I made to /etc/rc.conf were similar. I specified that wi0 should be configured via DHCP. Now that I think of it, perhaps that step is unnecessary. Remind me to check that. Here are the changed lines: #pccard_ifconfig="inet 10.0.0.10 netmask 255.255.255.0" pccard_ifconfig="DHCP" Of course, none of these changes have been put to the test. Yet. That, according to my last known schedule, which is at the whim of the airlines, is subject to change, but should happen sometime in the next 5 hours. As I've said before, watch this space. |
Power on password
|
With a laptop, I think it might be a good idea to remove the ability to boot into single user mode. If someone can gain physical access to your box they can easily boot the box, drop into single user mode and have complete access to everything on your box. You might also want to consider using this strategy for boxes which are outside your security sphere. For example, boxes housed at your ISP, or anywhere else where you cannot control physical access to the box. I think, and haven't checked, that if you remove the two following options from your kernel configuration, you will also remove the ability to the ability to enter single user mode during the boot phase. options USERCONFIG #boot -c editor options VISUAL_USERCONFIG #visual boot -c editor Don't go overboard. Being paranoid and security conscious is a good idea. But I certinaly I don't think it's appropriate to remove these features from each and every one of your boxes. Remember, these features are only available from the console. And if you can't control console access, you have bigger problems than worrying about booting into single user mode. Of course, not everything shares my viewpoint. I don't care. That's what freedom of choice is all about. If it come right down to it, I think you're better off concentrating on your firewall rules first. Then, perhaps, if you have nothimg else do to, and all your books have been dusted, your bills alphabetised, and your flea collectio arranged, then, and only then, can you be truely ready to worry about such things.
|
Finally
|
I'm here. I made it. The DoubleTree shuttle arrived at the airport shuttle stop just minutes after I walked outside. And it's only a 5-10 minute ride to the hotel. Very convenient. I arrived at about 2:30. I checked in, had a quick shower, and reported to the conference. It was almost break time, so I decided to wait until after the break before seeing a position inside the hall. As luck would have it, I found untaken seats in the front row, on the right. with a power point so I could plug in the laptop. Based on what I saw during the second half of the talk, I'm not sorry I missed the first half. It was faily dry material with some insights, but not enough pratical examples. It's a bit like teaching someone C by describing the syntax but never showing them any code. Sure, you're teaching them something. But they aren't learning much. I learn well by example. I'm sure that the workshops on Tuesday and Wednesday will be more practical. I so much wanted to go for a run tonight and clear my head after today. But by the time I had a beer, I was too beat to bother. OH! The DHCP worked first time. Wooo! |