Jim Moy

I’ve downloaded Bering, which is an updated version of Dachstein that I’ve been using to run my firewall.

It should be interesting to see how long it takes to get an equivalent Bering configuration, with all the accumulated little changes that I’ve made over the past months.

Jimmoy.com runs on a PII/266 now, an upgrade in speed from the old machine. Got it on eBay for $28, which is an amusing story in itself. Everything’s a little faster, MovableType rebuilds pages quicker, the photo album makes thumbnails a bit snappier, so that’s nice.

Bill tells me our main wireless link to the co-op point of presence is getting some interference, possibly from a neighboring office where the antenna is located. I’ve noticed a bit of downtime but it hasn’t interfered with work.

For a couple of weeks I had a PocketPC unit until it went flaky and had to be returned for a replacement. The built-in Wi-fi was fun for its gee-whiz effect, but was only good for an hour or so at which point the battery was drained. Also the “browsing” experience with Pocket Internet Explorer leaves quite a bit to be desired. Or at least, I won’t be surfing from PocketPC while sitting on the couch when there’s a full system in the next rootm.

Very busy at work. About to release something pretty nice. Maybe some more updates once that happens.

One of the problems with being in an unregulated band is that there are rules to the game, but they’re just not published. So you have to keep your ears a little closer to the ground. Forced upgrade because of streetlights?

Back to wireless. Here is an excellent article on the situation wireless Internet access is in, with respect to the FCC and existing carriers.

Sometimes it’s amusing to see the effect of my gateway going down for a period of time (but not too long). Here’s an image that MRTG continuously generates for me, measuring my 802.11b signal strength. Yup, I took it down when I went to bed and back up when I staggered into the basement in the morning to turn it back on and see if the upstream network outage was over…

I just noticed that my neighbor has put up the step-by-step instructions he created for assembling a wireless gateway, without having to compile kernels or otherwise learn too much Linux to get it working. His research was a large part of making our neighborhood WLAN work. Thanks, Pete.

I’ve been playing with an iMac that’s on loan to me for some volunteer web work. It has OS-X on it. A number of years ago, I was a pretty good Mac hacker. And in a lifetime even before that, I cut my teeth in the profession on Unix machines. Because those periods were so independent, and focused on such different products, code, and development strategies, it’s strange now, to see them together, and in a fashion that blends them so nicely. For the first time in a long time, I wouldn’t mind being a Mac programmer again.

The default installation of OS-X comes with Apache and Perl, already installed and running. Instead of turning on the internal toy web server like it used to, clicking the Start button for Web Sharing now fires up Apache. “Look, httpd.conf, wonderful!” The collective wisdom of Unix, and the happy Mac face up front, very nice.

I’ve been receiving some email about my Linksys articles. Some are general BEFVP41 questions, but more than I would’ve guessed are about my network configuration. The price is low enough, and the setup effort is low compared to the equivalent Linux system, so I guess it’s not surprising.

The setup described in that article has remained the same since I wrote about it, while other tweaks I’ve made have been on the firewall and other systems on the network. The VPN has been working flawlessly for two months. Even with temporary network outages, the tunnel has re-connected automatically, and for the most part I don’t even pay attention to it any more. Network configuration changes on the office end have forced a manual trip to the Linksys box’s admin page to disconnect and re-connect, which wasn’t surprising. And I’m still on the 1.39.64 firmware.

The only thing I need to tweak during my day-to-day activities is when I unplug from the wired net, and plug in an 802.11b card so I can roam around the house, my connection going through an access point. The static route on my Win2k laptop for VPN traffic gets dropped because my interface changes. I have a little script I wrote that checks what my new IP address is, and if I’m at home on either interface, it sets up the custom route. Otherwise, I’m somewhere “else” and the home Linksys box isn’t available. It’s still very convenient.

I’ve got MovableType 2.0 running under mod_perl, with good performance enhancements. But I needed to make a couple of changes to my server that apparently aren’t needed in a more vanilla setup.

The machine running MT is on Mandrake 8.1 which installs an Advanced Extranet configuration of Apache that I’ve updated with the latest security fixes, of course. It splits the server into two logically separate servers, one that handles normal requests for performance, and another that handles the mod_perl requests. The expected configuration setup as documented by MT is fine, but I also had to tweak the portion of the httpd.conf file dealing with the URL rewrite of the requests that are redirected to the httpd-perl instance:

RewriteRule ^(.*/mt/.*.cgi)$ http://localhost:8200$1 [P]

I also needed to add a statement to get the MT libraries located by the Perl @INC list, though I haven’t heard back on whether this is specific to my configuration, or required for any MT/mod_perl setup. The documentation says that @INC is frozen when the server starts up, so it would see like this affects everyone because mt.cgi tries to modify that list. This goes in httpd-perl.conf:

PerlSetEnv PERL5LIB /var/mt/lib

Just a bit of housekeeping: I had a configuration problem that prevented the comment feature on the web log from functioning properly. It wasn’t MovableType’s fault, I just tried to have it talk to a server it couldn’t contact. The symptom was that a person making a comment on an entry would successfully post the article, but their browser hung as if the operation failed. Then they’d try again and I’d end up with multiple, duplicate comments.

MT tries to send me email every time someone makes a comment to a weblog entry. In my case, I had the SMTP server address configured with a name that resolved to a public address. However, my server is on a DMZ and the firewall was preventing connections from the internal network. So although outgoing packets were being passed just fine (the email server works fine, relaying outgoing mail), the dropped incoming packets made it appear as if the mail operation was hung, and prevented the MT process from completing the mail delivery.

Simple fix: change the configuration to point to the internal network name of the server instead of the publicly resolved address.

Updated to MovableType 2.0. Painless upgrade, went just like the instructions said. Time to make the donation.

This stuff is great. I tell my wife how cool I think it is, and she says “What’s the big deal? It’s just tape…” Not just electrical tape. It’s self-amalgamating tape! Just the thing for us folks with antennas subject to wind, rain, and snow. Wrap it around those N connectors between my antenna and the LMR400 to my wireless network card, and feel safe that it’s a weather-tight seal.

I guess it’s also called Tommy Tape, or self-fusing tape. My neighbor turned me onto this stuff as he was investigating our 802.11b neighborhood WLAN. I haven’t found any really good pictures on the web of its use yet, but here’s one. And the first link has some instructions on how it’s used. Better yet, just Google it. Looks pretty ordinary, so I guess I see what she means. I just got my connectors wrapped up again after moving my antenna. All ready for the Spring rains.

Now that Yahoo has decided to charge for POP3 access to email, I’m becoming more serious about using my public server as an email server. Up until now I’ve only beeen using it as a forwarder for my domain, to get mail to my “real” address, which has typically been a Yahoo address or some other place easily abandoned for spam control. I could just switch to another free service, but that’s not the point. Having my own domain should really mean that I have more control over my email. So now I’m using Postfix as my SMTP server. Not that it’s particularly better than Sendmail or Qmail, but it’s what came with my Mandrake distribution! Not that I’ll push the envelope on any of these programs with my email needs. It sure is nice to have unlimited aliases though.

Here are a couple of FCC links regarding RF safety, and the Federal rule that preempts local restriction on access to wireless signals, including Internet access. Basically, if your antenna is less than a meter in diameter and on a mast less than 12 feet above your roofline, the preemption applies. But there are plenty of exceptions (ham radio, common areas, etc.) answered by the Q/A in the article.

Of course, our 802.11b connections are too much of a good thing, you knew someone had to start. (From one of my favorite 802.11b resources.)

The new antenna location is working great. It appears to solve the weird behavior I was seeing before, and even stand up to some accumulation of snow and ice with headroom to spare. Over the past few days we’ve had a snowstorm that caused a half-inch of snow and ice to accumulate on the antenna overnight. You can see the signal strength effect on the MRTG graph shown here.

The accumulation begins a little before midnight, and by the time I got started at work the next morning the signal strength had dropped a good ten points. The new location has greater fade margin, so I never noticed the difference. I would typically see the full “11Mbps” 802.11b speed if my signal strength was greater than 30. These are Linux Aironet driver numbers, which have been discussed, but I’m still not exactly sure what relation, if any, these are to dBm, although the 2nd technique described here gives numbers that are consistent with my experiences with an OmniSky CDPD modem, to compare apples and oranges.

I’ve moved my antenna. The new location has clearer line of sight to the access point on the barn, my first wireless hop to the Internet, and is farther away from the picture window and my house. The downside is that it’s closer to the ground and more likely to be blocked occasionally. But, it’s a good tradeoff visually so I’ll have to see how it fares this Spring and Summer when everyone’s out in the yard.

It took a longer length of LMR400 than I had before, 80 feet, very promptly delivered by the Davis RF folks. But I’m showing better signal strength compared to the old location, and it was behaving well even when we still had snow on the ground.

The default shell in Dachstein is ash, a lightweight shell that handles most of the system scripting chores. I prefer bash as my login shell to get features like command line history, and whatever other behaviors I’ve become used to over the years.

A bash LRP package is available for Dachstein, and what this does via a link from /bin/sh is make bash the default shell for the entire system. There is an incompatibility between bash and some LRP packages in Dachstein, dnscache and tinydns are a couple of examples. One way to work around this problem is to install bash and fix up the incompatible scripts to use ash instead.

However, replacing a shell wholesale like that doesn’t make me feel confident that I’m getting the tested behavior, so I’ve created a modified version of the bash LRP package that can be downloaded here which simply omits the link from /bin/sh. Then I edit /etc/password for those users I want bash to be their login shells, and ash continues to be the shell for the rest of the system scripts.

My domain is hosted on a machine that is twice removed from a wired connection to the Internet. That is, traffic to my site goes through two 802.11b connections, one provided by the local neighborhood WLAN, and another provided by the local co-op, largely because I live in a somewhat rural area not serviced by DSL or Cable Internet. The first hop from my site is a half-mile, and the second hop is four miles.

Over the past few months, I’ve noticed some odd behavior. My signal appears to drop off dramatically for periods of time, most pronounced when there is snow on the ground, which I haven’t figured out. Most of the time the connection is perfect, but the occasional behavior is to lose signal strength during the day, and it comes back up at night. I have clear line of sight over that first hop, so it’s not something simple like snowplows parking in the way. I watch signal strength on the /proc entry for the driver that I use for my Aironet 340.

Today when I noticed the signal strength was down pretty low, I tore down my firewall with my wireless NIC and took it out on my deck. I didn’t use my fixed antenna, I used the little rubber-ducky that came with the NIC, and got better signal strength than the fixed antenna was providing. The fixed antenna has a little bit of obscuring by my neighbors trees, but the main difference may be that the fixed location is under the eaves of my house, and only a few inches from a picture window. But it doesn’t explain that it works fine most of the time, and I’ve only been able to correlate it with the snowfall. I’m going to move the antenna.

One of the warm-fuzzies you get from running a LEAF based firewall like Dachstein is that it’s not a full-blown Linux distribution. You start with just the stuff you need for a firewall, and add other things you want.

But… there can be gotchas. I bumped into the /proc/cmdline limit on kernel params recently, while adding some more LRP packages to my 1.0.2 Dachstein system. You can tell if you’ve got the problem by comparing the LRP= list in your syslinux.cfg file, and what you see when you type

cat /proc/cmdline

If it’s getting truncated, then you’ve got a problem. I fixed the problem by moving the LRP package list out of syslinux.cfg, and into a separate file. Look for the line in /linuxrc that says
ROOTMAP="`sed 's/.*LRP=/1/; s/ .*//1' /proc/cmdline`"
and change it to two lines like this:
pkglist=`cat /boot/etc/lrppkgs.cfg`
ROOTMAP=`echo $pkglist | sed ’s/ /,/g’`
then put your list of LRP packages in /boot/etc/lrppkgs.cfg in a simple list, one per line, no punctuation. Backup root.lrp and boot, and you should see all your packages loading.

I have an inexpensive home network setup that allows me to use a Linksys BEFVP41 to access my office network, without having to ditch my Linux firewall that I’ve become fond of, and without giving up fast access to my internal network.

(more…)

I just learned about 95th percentile bandwidth measurement. Since I’m not hidden behind your typical ISP or telco service any more, I’m going to start seeing some of the real effects of providing bandwidth, and what it takes to make it economically feasible. Old hat for ISPs, I know, but I’ve paid flat rate ISP fees for so long, I’ve never seen anything else. MRTG is making this very nice to keep an eye on.

I’m a software engineer and piano technician in Fort Collins, Colorado. I’ve had a nomadic existence in the software industry which you might be able to tell from my resume.

My old home page at http://www.verinet.com/~jbm and http://www.frii.com/~jbm (after Front Range Internet bought Verinet) had some stuff that stayed relatively static, mostly related to some old BeOS development I did. I’m pulling that stuff into an entry linked from the main page to let Movable Type archive it.

My brother Tom has a web page.

My Dad likes to keep a running journal of the books he’s read. Not as literary commentary, but as reminders to himself! Which may sound funny, but you know, I couldn’t tell you the plot of half the books sitting on my bookshelf…

I paddle a kayak around for exercise, originally because my knees are shot, but it’s actually much more pleasant than the jogging/biking I was doing before.

I play mostly classical music on my restored Chickering & Sons grand piano. Most recently I’m working on the first movement of the Scriabin 2nd Piano Sonata. I also poke about on my Chapman Stick. Learning has gone slowly. It’s a cool instrument though, mine’s a 10-String XG, tuned Deep Baritone Melody because I love the low range overlapped with the left hand, and the ACTV-2 goes down real smooth.

Dan Yee “doing the bowl” at one of his birthday parties.

Chris Brooks wearing a tie. Honest.

My Father in law is a retired Professor of Geology at the University of Florida.

Send me email at web@jimmoy.com

My BeOS web site that used to live at http://www.frii.com/~jbm are archived for posterity, and can be reached under the Links section of the home page. I see now Be is an empty, litigating body now, not much left. Guess we wait and see what Palm does with the technology now.

I’ve spent a fair number of hours getting Win2k working with the Linksys BEFVP41, but after all that I’ve found it isn’t a workable solution.

There’s a good Microsoft page on setting up IPSec on Win2k, but the problem comes about a third of the way down in the page where you have to ping the destination LAN, wait to see it fail with Negotiating IP Security messages, and then keep trying until the negotiation completes. This just doesn’t work, and I didn’t realize it until I had this whole thing working and saw how disruptive it was to my work flow and train of thought. If, for whatever reason, my connection goes away and comes back, the two ends don’t automatically come back up and establish the VPN tunnel, so I have to go ping it to bring it back up.

There has also been some flakiness that hasn’t been reported by my co-worker who has been using a second BEFVP41 unit at home to talk to the one at the office, so I’ve moved to that kind of setup (possible, because the Linksys boxes are so cheap) and that configuration will be the subject of another entry.

Jimmoy.com switches to Movable Type. Should make it easier to update things. This is also now hosted internally!