Uncategorized

Well I’ve finally gotton ntpd working the way I want it, I think. My laptop is showing Vectra as a peer in ntpq. As to SAL1600, windows can’t nativly talk to ntpd on unix without a kick in the registry AFAIK. So instead of hacking apart my registry I’ve installed nettime after reading an article. It’s an abandonded project but I’m lazy.

I installed nettime and set it up to start the service at boot and use my time serving machine Vectra. Since I run a firewall on Windows that is set to block any thing not matching a rule, I made one.

WARNING: low qaulity 1600×1200 Jpeg

I need to setup ntpd on Ubuntu and run a tcpdump in less I can find an equivulent for Windows XP. This fire wall rule will do for right now and I can edit it later if I find I need to.

Waiting on a full scale distclean of my ports collection on Vectra and a du after that. On the 15th Vectra dropped off the lan , was totally dead to the world in regards to the network. After work when I got back to the computer I unplugged the router for a short count of twenty sec then replugged it in. Five minutes later when I got back to my desk I powered Vectra up and she recived her DCHPOFFER from the router. Interestingly, a post I made about it on a forum I vist ocasionally the first reccomendation was what I was affriad it would be the ol’yank, wait, plug the router bit. Awhile after posting that it solved the issue the forum owner posted this:

“I should’ve elaborated my first answer when I said “reboot the router” unplugging it is the best way because it clears the excess voltage in its capacitors which causes invalid data in its memory therefore the router will not function properly! Good on you TerryP!”

I find this an interesting idea, I can see how excess voltage in the capacitors could be aproblem for it’s memory (all 8MB of RAM and 2MB of flash memory of it). What I don’t get is why it should be neccesary to flip a device on/off, why not design it to deal with it or some thing? Eh maybe I just don’t know crap or it was made by a Windows fan.

Well, today I noticed my windows machine was running 39 minutes past the hour, my freebsd machine 37 minutes past the hour (SAL and Vectra respectivly). I sync’d SALs clock with the defualt server and found my bsd box behind. Origenally I set the CMOS clock on Vectra to GMT time using my wristwatch, so a few min off after a month isn’t bad.

I’ve desided to run ntpd (network time protocal daemon) on Vectra and use her to sync my other machines with. After a little researching I found out my ISP has a ntp server so I’m using that. The NTP daemon should come preinstalled on a FreeBSD box, it’s also in ports if you need to update it without the whole computer. Since my ports tree is up to date and I need to update the system and ntpd takes less time to compile then FreeBSD this was my method of making sure it was up to date.

#cd /usr/ports/net/ntp && make install clean

That netted me ntp-4.2.2p3 which should be fairly current. Running portaudit tonite has showed me that python, ruby, and pgp have issues. Checking for outdated ports:

Vectra# portversion -v | grep "<"
fastest_cvsup-0.2.9_3       <  needs updating (port has 0.2.9_4)
portaudit-0.5.10            <  needs updating (port has 0.5.11)
portupgrade-2.0.1_1,1       <  needs updating (port has 2.1.3.3_1,2)
ruby-1.8.4_4,1              <  needs updating (port has 1.8.5,1)

Gotta love portupgrade giving some nice tools, gotta do some updates over the weekend of course. The NTP daemon is pretty simple, all the compucated stuff is basically done for you by the program and Network Time Protocol. We need to create a configuration file, being part of the system it’s in the et cetera directory of the root file system (/etc). The only editors installed on FreeBSD I know of are ed, ee, and vi. Ed was the first unix editor I think and probably would be a good choice if your using some type of telitype terminal, for the sake of ease of use I suggest you use ee or vi. PC-BSD and DesktopBSD should include kwrite, kedit, and kate, xedit as well. I personally prefer vi as it’s vim like (funny as vim is supposed to be vi like 😛 ).

Vectra#vi /etc/ntp.conf
#Simple ntpd configuration for Vectra

driftfile /var/db/ntpd.drift

server ntp.bellsouth.net version 2

#Broadcast NTP signals over the LAN
restrict 192.168.1.255 mask 255.255.255.0 notrust nomodify

logfile /var/log/ntp.log

Like many config files and a fair number of scripting languages any use of “#” is a comment. To explain NTP quickly. You have a clock, like all clocks your lose accuracy as time goes on. Infact my wristwatches manual stats that it’ll gain like 0.001 seconds a year. I’m not the most tech-headed person but I’d reckon a machine that’s not up 24/7/365 a year is going to be less accurate them my watch. So we need to “syncronize” our watches to do that we need some thing to sync to, thats where time servers come in. A primary time server should be hooked up to a decent time source, like an atomic clock or GPS gizmo e.t.c. and filter down through things, need less to say primary/secondary time servers should be fairly accurate and NTP takes into account trying to keep it that way between systems. The configuration file specifies my ISP’s time server using the syntax “server Server_To_Sync_With”, you need to query at least one server, two is more reliable but you should be considerate of the server maintainers. The driftfile is used to help store information to keep accuracy of the time. The server is limited to broadcasting on the given LAN with several options (taken from the man page). notrust Treat these hosts normally in other respects, but never use them as synchronization sources nomodify Ignore all NTP mode 6 and 7 packets which attempt to modify the state of the server (i.e., run time reconfiguration). Queries which return information are permitted. We can start the daemon now using the command:

Vectra#ntpd -c /etc/ntp.conf -f /var/db/ntpd.drift

To get this setup at boot time we enable ntpd in /etc/rc.conf, edit it as root in your editor of choice. Add ntpd_enable=”YES” and ntpd_falgs=”-c /etc/ntp.conf -f /var/db/ntpd.drift”, below is a copy of my rc.conf file including the ntpd lines.

# -- sysinstall generated deltas -- # Sat Sep  2 19:29:45 2006
# Created: Sat Sep  2 19:29:45 2006
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
hostname="Vectra"
ifconfig_xl0="DHCP"
saver="daemon"
sshd_enable="YES"
usbd_enable="YES"
update_motd="NO"

#Services

#enable CUPS
#cupsd_enable="YES"
#background_cupsd="YES"
#boot samba
#samba_enable="YES"
#enable ntpd
ntpd_program="/usr/local/bin/ntpd"
ntpd_enable="YES"
ntpd_falgs="-c /etc/ntp.conf -f /var/db/ntpd.drift"

#Security

#clear temp files
clear_tmp_enable="YES"
#Make sendmail  listin only on the local host
sendmail_enable="NO"
#Ignore ICMP redirect packets
icmp_drop_redirect="YES"

I’ve organized it in the form of things that came standard, services, and security for now. To sync my computers with Vectra I’ve to set them up to use ntpd with the FreeBSD box as the time server. If you’ve got to sync multiple machines you should use one as a local time server and sync the others on it rather then say ask your internet time server for the time 10 times ! Also you can use ntpdate timeserver for a one time update instead of running ntpd on the clients.

Ok, I think I’ve accidently not done my history test enough, time for bed I’ll worry about getting windows clients syncing off it and the box updated tomorrow !!!

Well after installing samba3 from packages I was never quite able to get samba working, before when I had tried on an older *BSD install I was able to get it working up to the point of asking for a longin.

Ripped out all the pkg’s and sterilized the system, only cvsup-without-gui and fastest_cvsup installed via pkg_add -r. Installed the full ports collection (I had only install a few parts of it before) and built samba.

cd /usr/ports/net/samba3/
make install clean
It asks what options you want to build support for, defualt I saw no need to change but added support for syslog.

OPTIONS=   LDAP            "With LDAP support" on 
           ADS             "With Active Directory support" off 
           CUPS            "With CUPS printing support" on 
           WINBIND         "With WinBIND support" on 
           ACL_SUPPORT     "With ACL support" off 
           AIO_SUPPORT     "With experimental AIO support" off 
           FAM_SUPPORT     "With File Alteration Monitor" off 
           SYSLOG          "With Syslog support" off 
           QUOTAS          "With Disk quota support" off 
           UTMP            "With UTMP accounting support" on 
           MSDFS           "With MSDFS support" off 
           SMBSH           "With SMBSH wrapper for UNIX commands" off 
           PAM_SMBPASS     "With PAM authentication against passdb backend(s)" off 
           EXP_MODULES     "With experimental module(s)" off 
           POPT            "With system-wide POPT library" on

Defualt was ldap, cups, winbind, utmp, and popt.

She took about a hour to an hour and a half to compile on Vectra, which is a 500Mhz P3 and 384MB Ram (-8mb for video card). I don’t really mind using ports, actually I love ports it’s just a bit slow on older hardware. Still even with my desktops Pentium D 930/2GB fast ram I’d not want to compile OpenOffice, Xorg or KDE/GNOME. Since it’s late and I’ve got to be at work tomorrow (today) I did a quick google and found this link and followed it as a base of what options I’d need in my smb.conf.

Note that when building samba at the end it gave me

NOTICE: This version of port has changed location of Samba password
===> NOTICE: (smbpasswd) directory. Files in ‘/usr/local/private’
===> NOTICE: have moved to ‘/usr/local/etc/samba’.
===> Found saved configuration for samba-3.0.23c,1

Since this is BSD and not a GNU/Linux disto samba is third party software installed via ports, which basically means look under /usr/local/ for things not the root directory (/) with FreeBSD. So it’d never be in /etc/ like on some GNU/Linux systems. I created a basic smb.conf in vi, I’ll use cat to show it.

rstf@Vectra-%cat /usr/local/etc/smb.conf
#Samba config file for Vectra II

[global]
#workgroup, server name, and encrpy the passwords
#================================================#
workgroup = BSDNet
netbios name = Vectra
#encrpyt passwords = yes

#===================Shares=======================#

[files]
path = /usr/home/samba/files
read only = no
browseable = yes
public = yes

After running testparm on the configuration file I found out that the encrpyted passwords thing was trainsient so I commented it out. Don’t ask me why I chose BSDNet, it’s my SSID for my Wireless network and, well most of my stuff is running BSD 🙂
Vectra is so I know it’s on my HP Vli8 500 (Vectra II). The share is named files since thats what I plan to put there, I thought /samba/files would be good but it didn’t feel right with the directory structure, /usr/local/samba/files maybe but /usr/home/samba/ seemed a good enough place to put LAN wide shares. Made the directory like so

mkdir -pm 777 /usr/home/samba/files

To setup my *BSD user I ran adduser and gave myself a personal user on the box -> No need to put your self in a special group although I did consider using nobody as an option. I also always use a User ID (UID) of 1988 when possible so I know it’s my account. Added the right data for samba

smdpasswd -n Terry

Note that the username and password should be the same as the box you will be accessing the shares from ! I’ll worry about tighting security when I have more time to work on the box. Supprisingly a portaudit gave warnings for the samba package but none for the port.

Check if smbd is running, I used the sockstat command to check, it was running so:
/usr/local/etc/rc.d/samba
restart or stop then start isntead of restart.

On my laptop I tried to join using smbclient and was amazed, go ports !!

Terry@Dixie-%smbclient //Vectra/files
Password:
Domain=[VECTRA] OS=[Unix] Server=[Samba 3.0.23c]
smb: >

Very much to my joy it was a home directory I could not cd out of, I’ll need to toy with this later and probably I’ll chgrp the files share and my user to some proper group that I can use for this.

RELATED TODOS:
Test Samba from Windows (Which is why I need samba)
Secure samba as much as possible while keeping with what I need open
Move some files over
Get ready to cups and print or kill at some point & share it.
Recompile kernel and setup pf e.t.c.
Continue with implementing what ever security proceedures I can think of
Try to gather as much information about the system from another machine and try to gain shell access to my Vectra simula-illictly, then seal any holes I might’ve found or can think of as part of operations “Break in” and “Onion”. It’s my computer so it’s my right to be able to test my own security measures rather then wait, watch, and wonder for it to be compromised. Although I doubt any one would bother even if they could easily, it’s good expirence to gain & fun when it works or has a logical reason for not working.

Time to sleep

I’m beginning to see how PHP and Javascript can have their uses…

I’m considering putting composer to work, I like vim for it’s speed and power, Kate for it’s omni-tasknisque nature (not so much for html in less you always use text browsers =P ). Composer and Nvu I like because I can quickly see things without having to alt-tab to my browser and refresh it. Yeah I can get lazy at times.

Been breaking in Seamonkey good and trying to get work done. I had very much fun joining my teammate Rasa in training with a few recruits. One or two people would hide in a room and play the part of X-Rays while the rest setup for entry. At first we used light clicks to simulate shooting but it was to hard to keep track of who shot at who and was to dark to see if any one surrendered. So I suggested we switch to gas masks and SA-200’s loaded up with Pavaballs. We really had allot of fun and I got to help Rasa. The two things the recruits seemed to have the most problem with was trying to get the flashbang in a sweet spot to cover their entry good and checking behind the door.

You see, #1 has to check behind the door if there is no imediate threat to the team because if theres a threat not clearly visable it might very well be behind the door waiting to kill your mates. Lazko was especially peppered for not checking behind doors. I hid near by the door in a crook between a freazer and a counter. They opened the door, chucked in a bang. Now of course being a simulation (SWAT 4) I wasn’t stunned with the door and a set of ear plugs between me and the NFD . I closed the door before they could get in, they popped it back open and rushed in not checking my hidy hole. I peppered the day lights out of them xD

Ahh, tomorrow I’m off well…. I’ve got training with Wiz, En4cer, and Blade but that should rock as long as my mom doesn’t crash it. So, theres no reason to get out of bed early other then to walk the dogs. I think I’ll hit the servers and start working on my room clearing (Swat4) or on toes tactical thinking (RvS).

I don’t know whats worse, having to go to work in 7 hours or not having enough time to finish my own work.

I’ve installed Samba on Vectra, but I expect she will still give me problems with the printer. I can deal with that later. I thought, for my needs I could setup anonmous ftp on the box and skip samba [and the printer :P]. But then, what fun would that be ? Hehe tooo easy. The last time I got to toy /w setting up Samba to share files to a Windows box I got as far as being able to find the server, but I never had the time to setup the authentication hahaha.

Working hard may be work but working out of love can be fun as all getout.

My work can be very stressful, some times even leg [or back] breaking but it’s only 4-5 days a week School, well I’m home schooled and have loads of it so theres no such thing as time off without a price [Weekends included]. Yet, I enjoy computers so much, sure it can be a pain in the royal hind quarters. Non-sensical problems especially – I still have no idea what happened with my router, but s’ok if it works, we figure out the mystery in time. At least, here I’m free to be me, a console doesn’t try to control you Unix lets you define yourself.

Windows, I leave behind tried of being confined. PC-BSD and FreeBSD I take up in joy, a new toy to tinker with maybe but it’s passionate. The more I learn and the more time I spend working with computers [and wishing some one would pay me to have such great fun:D]. I find my self enjoying it too much. If I have nothing to do, nothing to learn, and nothing to eat to boot I’m deffo in trouble. What point is their to life if you don’t get to enjoy the simple things in life?

Now if only that dream vacation was possible…..

Well I think I’m doing it. I’m switching to Seamonkey. To me it’s no point to use a diffrent program(s) for the same thing(s) just because it’s a diffrent operating system. Good programs are portable programs in my book and play nicly.

For Windows I’ve been using Firefox, nice browser and much more fun the Internet Explorer 5~6 was, althouhg I’m interested in seeing the changes in IE7. The only catch is I prefer Opera. While Opera is very nice and has awesome tabbed browsing support, good enough that I don’t mind a few quirks in it. The windows version of Opera is not so hot, on my system it also chews CPU time but rocks for BSD. Soo, I’ve returned to my old consideration.

I’m very adapt to Firefox and I use Thunderbird. Mutt I was hoping to learn but I don’t think it’s worth the trouble for the win32 port of Mutt. Konqueror is very Firefox like, lacks some of the extensions e.t.c. but is a great browser but doesn’t runon Windows. Since it’s a KDE app, it’s also a bloody nice file manager compared to explorer on Windows XP.

Seamonkey is the successor to the Mozilla application suite, which was kinda like Netscape Communicator on steriods you could say. (Netscape was before my time, we only got inet access around 2000). When the kitchen sink got EoL’d [End of Life] so they could work more on Firefox and Thunderbird the community picked up the app and she was reborn as the SeaMonkey [which Mozilla suite was code named Seamonkey]. It provides a browser (navigator in a very netscape like feeling) which is basically firefox, Mail/newsgroups (thunderbird for all intents and purposes), Composer a WYSIWYG html editor which I like for testing pages quickly [Nvu is basically an extended version of this], Adressbook, Chatzilla IRC client (Mmm maybe I’ll lay off X-Chat), plus a DOM inspector and some JavaScript stuff.

The mbox is the same as thunderbird so I can just point mail & newsgroups at my thunderbird local folders on my Lexar, no need to import. Plus SeaMonkey has Roaming support that lets me keep bookmarks/addresses/cookies e.t.c. sync’d the support is expiremental so it’s not very good but it seems a good start. Load times not much a bother on my desktop thanks to fast CPU and 2GB of reasonably fast DDR2 memory but on my laptop it’s a little slow. My latops got 512mb DDR and I run so much crap along with KDE 3.5.x that I use most of it but the system is still more responsive then windows under lighter loads for me, on the same machines. The program works great on my laptop, it’s just a little slow to start up. I suspect it’s because it takes awhile to load all the dep’s.

Pros:

Very good intregation
Open source
“Modren” theme is nicer compared to “Classic” theme or the generic Firefox/Thunderbird ones (same thing).
Most Mozilla Suite addons should be compatible
No E-Mail import needed for thunderbird users
A nice editor for web design [at least for when I’m lazy]
If it had an AIM/MSN/Yahoo/X-Fire client and a sweet PIM in it it’d be a very full web application suite imho.
More standards complient then Microsofts I.E. but not as complient as Konqueror or Safari.
Roaming support

Cons:

Takes a while to start on older machines
Uses a fair amount of memory when using allot of tabs/componants e.t.c. [just like Firefox]
Not every one may need all the features
Roaming support is not finished
Can’t right click on bookmarks in menu [have to open manage bookmarks]
Support is in the hands of the community, updates may take longer then Firefox/Thunderbird/Misc

All in all a very nice system, I figure I use Thunderbird and fire fox works ok for me (I prefer Opera but not Win32 ver) so the thing fits me well. I commend Mozilla for having created a kitchen sink and then deploying parts of it independantly so people could just use the parts they like if they don’t want every thing. [Mixing Firefox and outlook express comes to mind].

Well I tried every thing I could with cups-1.2.2 on the box with no luck. Hooked it up to my laptop running PC-BSD and cups 1.1.x and got a nice test page.

I tried to install cups 1.1.x with little luck, so I ripped every thing off the box (packages) and reinstalled cvsup-without-gui and fastest_cvsup (which added perl5) to sort later. I’m telling you I’d rather toy with arcahic UNIX printing, at least for that I’ve got enough books all ready about. Although most people dealing with lp/lpr tend to cringe I think hehe.

Comptemplating switching from firefox/opera + thunderbird to Seamonkey. I really like the F.F. UI, but Opera (not win32 version) has awesome tabbed browsing. My favorite browser is generally links for text but lynx dispite oh most no page layout is still the best in my book. Konqeror is by far a supurb program. I wish Internet/Windows Explorer was that good. Konqueror is also allot like fire fox in the UI so it’s easy to use, but why bother using Konqi on *nix and F.F on Windows? Any more then Opera/F.F.

Oh well, off to tinker for the night with browers. A good toy indeed, after all I sorta collect them.

I was thinking today at work, besides a jab about bill gates, a zealot in a penguin suit, and a Gnuodle trying to mish mash a MS marketed distro of Linux kernel and Gnos [GNU-DOS], Gnos is Not an Operating System. While a pufferfish works on improving the worlds most secure OS [OpenBSD] and then they disiding to sell OpenMSD instead hahaha. Ok back to my point.

I figure, if we should break up a problem into smaller pieces when working on a program, why not read it the same way? Last night I started reading some of the source for the “cat” command used by *BSD. The main function basicly sets up the data and desides on how to cook it.

To night I work on breaking apart the next function and some homework for SAS.

Well about 0320 UTC and whats possibly the 9th issue to warrient being dub’d a “WW” here seems to have gone to cold war status.

I’m alive, and I’m not worried about any one going silcian on me (tonight). Things seems to have calmed down, time to release some stress in the virtual shoot house.

Off to training.

Life sucks when you expect a loved one to stick a knife in yoru ribs at any sec, got trop’d lightly, not what I expected but expected some thing to hit.

Dunno whats more fsck’d up, to think that she’d kill me, or worry she’ll get a stroke screaming.

To night I think I sleep armed, my prefered self defense weapon near by. (Light sabre for sword practice.) It’s got allot more punch and range then bare hands if I need to disarm some one in the dark, without getting injured.

I know I’m far from the perfect son, surly I’m rotton enough at times but I’m not a target to for some one to vent rage on for lack of a more appealing outlet to a problem (even if I’m related to the issue). Life is just, fsck, crap. I wish my family didn’t have such a knack for anger… sheesh I can’t hate some one for more then 10 seconds and if I want to hate longer then that I feel like a disgrace to GOD. These people, can thrive on it.

Anger, fear, hatred, a dark road. I reject it and all it stands for. Only one person has a right to take my life, and that is Jesus Christ and no one is beeting him to the punch imho. This war, is not one I asked for but it’s one I must stand warry to parry.

Note to self, prep a emg escape and evasion route, back woods might be good. I’d be blind as a bat but it’s thick enough to stop pursoot. Don’t think I’ll ever need it but it’s always good to plan for worst.

TMPS01, 2006-09-12 @ 2434 UTC.