Sat 22 Jan 2005
Mac minis are out and people have them .. so what do you do with a Mac mini once you get it? For most, they would turn it on . . but for atleast one guy, what better than to tear the entire thing apart.
The photo album shows from the shipping box to the entire Mac mini in pieces.. enjoy.
Wed 19 Jan 2005
There are two relatively new system utilities available for FreeBSD that I believe are “must haves” for any FreeBSD system: portaudit and portdowngrade.
To provide some background information for those who do not know, FreeBSD has a system called “ports” that includes scripts that describe how to download, patch and install software on FreeBSD to conform to the FreeBSD system standards (rc scripts, file system layout, use of /usr/local/etc/, etc..). In all there are currently over 12,000 programs located in the ports system. This includes everything from web/mail/files servers to web browsers/email clients/games to security tools and a whole lot more.
What makes ports particularly powerful is, in its raw form, virtually all ports require a simple “make install” command to install. Given the centralized nature of the system, it is possible to have “package management” that allows for ease of upgrade to all software located on the system (assuming the software was installed from ports, which atelast for my systems is generally the case)
On my production systems, I tend not to update software unless absolutely necessary. My thought process is simple — if it works, don’t break it. So what do I consider “absolutely necessary”, two things:
This is where portaudit and portdowngrade come in.
The portaudit port, located at security/portaudit integrates seamlessly into the standard daily security report. The port downloads an up-to-date database containing information on security vulnerabilities. This data is compared against the installed ports and if there are any matches, it is included in the security report. Here is an example:
Checking for a current audit database:
Database created: Tue Jan 18 16:40:27 MST 2005
Checking for packages with security vulnerabilities:
Affected package: cups-base-1.1.22.0
Type of problem: cups-base -- CUPS server remote DoS vulnerability.
Reference:
Affected package: cups-base-1.1.22.0
Type of problem: cups-base — HPGL buffer overflow vulnerability.
Reference:
Affected package: tiff-3.7.0_2
Type of problem: tiff — tiffdump integer overflow vulnerability.
Reference:
Affected package: tiff-3.7.0_2
Type of problem: tiff — directory entry count integer overflow vulnerability.
Reference:
Affected package: cups-base-1.1.22.0
Type of problem: xpdf — buffer overflow vulnerability.
Reference:
As you can see, it provides the date the database was created, the packages that have issues, a brief overview of the problem and a link for further information regarding the issue.
Knowing that a port is vulnerable, it is possible to update the port to the latest version (cvsup) and update the specific port without updating the other software on the system.
While portaudit might be good enough for most ports, I’d recommend subscribing to security mailing lists for remotely accessible services (web browser, ssh, etc..) as these should provide more timely notices regarding security issues.
Here is an example output of portdowngrade being run against archivers/zip:
# portdowngrade -s anoncvs@anoncvs1.FreeBSD.org:/home/ncvs zip-2.3_2
portdowngrade 0.6 by Heiner Eichmann
Please note, that nothing is changed in the ports tree
unless it is explicitly permitted in step 6!
Seeking port zip-2.3_2 ... found: archivers/zip
Step 1: Checking out port from CVS repository
CVS root directory: anoncvs@anoncvs1.FreeBSD.org:/home/ncvs
Step 2: Reading the port history from the CVS repository
Step 3: Analyzing the port history from the CVS repository
Step 4: Load port version numbers and present results
Keys:
p : previous page
=========================================================================================================
number date portversion comment
1 2004/12/06 11:48:21 2.3_2 Portlint(1)
2 2004/12/01 20:14:18 2.3_2 Close overflow
3 2004/12/01 17:59:08 2.3_1 Point to the official website
4 2004/03/20 21:03:28 2.3_1 Add size data, approved by maintainers.
5 2003/10/26 22:51:50 2.3_1 portlint (variable ordering)
6 2003/10/26 22:51:11 2.3_1 portlint (remove trailing blank lines)
7 2003/10/26 21:58:50 2.3_1 portlint (fix whitespace)
8 2003/06/25 01:23:22 2.3_1 Fix for ia64’s cpp
9 2003/03/08 22:55:34 2.3_1 unzip is an EXTRACT_DEPENDS, not a BUILD_DEPENDS. This fixes so
10 2003/03/07 05:55:13 2.3_1 Clear moonlight beckons.
11 2002/05/31 10:12:15 2.3_1 Prevent negative fseek for old FreeBSD versions
12 2001/08/10 13:47:19 2.3 Add master site
13 2001/08/10 13:44:45 2.3 Replace dead WWW
14 2001/08/06 01:11:41 2.3 Remove the non-living freesoftware.com from MASTER_SITES
15 2001/05/23 20:24:42 2.3 Add MASTER_SITES from the archivers/unzip port.
16 2001/01/31 23:43:53 2.3 Fix typo in pkg-comment: compatabile -> compatible.
17 2001/01/16 17:30:03 2.3 Massive style enforcement - use ^I instead of spaces for variabl
18 2001/01/01 10:14:57 2.3 Goodbye, YEAR2000. Hello, 2001.
19 2000/04/25 22:47:08 2.3 checksum update - minor crypt code style change
20 2000/04/21 14:59:04 2.3 Use exportable from USA encryption
21 2000/04/08 23:17:57 2.3 update with the new PORTNAME/PORTVERSION variables
22 2000/02/19 03:27:44 zip23 upgrade to 2.3
23 2000/02/19 03:27:31 zip23 upgrade to 2.3
24 2000/01/23 01:06:35 zip22 Respect CC
25 1999/08/31 06:40:23 zip22 FreeBSD.ORG -> FreeBSD.org
26 1999/08/25 04:25:21 zip22 Change Id->FreeBSD.
27 1999/06/26 16:55:34 zip22 As threatened, enforce the “Capital, no period” rule. Ellipses
28 1999/04/14 00:19:31 zip22 Moving WWW_SITE to DESCR file …
29 1999/03/12 15:28:44 zip22 More Y2K/WWW_SITE links added…
30 1998/09/23 06:45:28 zip22 Remove previous elf patch.
31 1998/09/22 16:11:07 zip22 Support ELF.
32 1998/08/17 00:19:02 zip22 Don’t try to package manpages twice.
33 1998/07/24 19:45:41 zip22 Add homepage to pkg/DESCR
34 1997/11/25 20:46:12 zip22 Upgrade to 2.2
35 1997/11/25 20:45:45 zip22 Upgrade to 2.2
36 1997/04/27 16:06:15 zip21 Remove zipgrep, misc. cleanup
37 1997/01/06 21:36:16 zip21 mastersite changed
38 1996/11/18 13:56:21 zip21 Compress a bunch of manpages. Remove unnecessary @ directives f
39 1996/11/12 02:17:55 zip21 CATAGORIES+= -> CATAGORIES=
40 1996/10/10 04:54:32 zip21 Oh my goodness! Satoshi is finally fed up and decided to “clean
41 1996/05/04 11:34:31 zip21 Upgrade to 2.1 (official release)
42 1996/05/04 11:34:16 zip21 Upgrade to 2.1 (official release)
43 1995/04/24 10:58:57 zip201 Updated archivers Makefiles….
44 1995/04/16 00:25:14 zip201 install should depend on zip (sorry, I’m sounding like a broken
45 1995/04/12 04:54:11 zip201 Add MAINTAINER= ache@FreeBSD.ORG to Andrey’s ports. Clean up
46 1995/04/01 12:43:39 zip201 Add CATEGORIES lines to a whole bunch of port Makefiles. Some p
47 1995/02/05 15:18:50 zip201 Yet more package files
48 1995/01/31 06:06:30 zip201 Initial revision
49 1994/12/22 12:33:40 zip201 Reduced zip, but legal
50 1994/12/22 12:33:39 zip201 branches: 1.1.1;
As you can see, it is possible to downgrade to a version that existed over 10+ years ago! By simply telling it what version you want (by line number), the portdowngrade system will download the old version into the ports tree and a “make install” will set you on your way.
Granted, there are some issues. As ports only contain information on how to build a program (and not the program source code itself), the source code may no longer be available (or may require some digging to find the source). In addition, older ports were written for older versions of FreeBSD (obviously). The earliest version of this port was written for FreeBSD 1.x! Of course, lots has changed since that time and as a result, the port may not compile correctly anymore.
However, for going back a few versions when the latest and greatest does not work quite right, portdowngrade is a great, easy to use tool. 
Thu 13 Jan 2005
Asterisk is “The Open Source Linux PBX”. To put it simply, it is a full, free open source software (FOSS) replacement for your pre-existing business phone system.
Asterisk is developed on Linux but has ports for Mac OS X, FreeBSD and other *nix platforms.
So why Asterisk? To start off, it it full featured, it does provide voicemail, conference bridging, call queuing, call detail records, automated attendant, blacklists, ADSI On-Screen menu system, call waiting/parking/monitoring/recording/retrieval/routing/snooping, database storage and retrieval, dial-by-name, DND, fax, music on hold/transfer, predictive dialer, interactive voice response (IVR) .. and the list goes on…
While I haven’t spent a lot of time with Asterisk (I have installed it and toyed with some routing, checked out the auto attendant, etc..) I found some rather notable features:
The ability for me to install the Asterisk server and setup several soft-phones, assign extensions and start doing “inter-office” communication relatively quickly (about two hours after I started looking into it) not to mention connecting to remote Asterisk systems via VoIP was cool. Granted, I haven’t yet dived deep into Asterisk, but perhaps before too long, I’ll have Asterisk answering my phone for me.
Tue 11 Jan 2005
Its now official, the Mac mini is out and for under $500, you can be the proud owner of a genuine Apple Macintosh.
The unit measures 6.5″ x 6.5″ x 2″ which ends up being significantly smaller than even the mini-PCs such as the Shuttle SN41G2 — infact, you could easily have *5* Mac Minis in the space required for one Shuttle, and the Shuttle compared to most computers is pretty darn small.
So what do you get for your money?
Mac Mini $499
My thoughts…
This system definitely has a high cool factor given its size. The Mac mini is based around the G4 processor that were introduced 2 years ago, in 2003, at the same event, but at the high-end with the PowerMac G4 (FW800) line. At the time, the processor was considered perhaps the weakest part of the entire Macintosh line-up — it was being out paced by similarly priced ia32 (Intel/AMD) machines. As a result, Apple touted dual processor configuration and touted that the G4 was twice as fast (equation: same speed as the current processors of the time). Whats interesting is the system configurations at that time (low end G4 1.0Ghz, 256MB RAM, CD-RW/DVD-ROM and 60GB hard drive) is strangely not too much different from the specs in the Mac mini (fyi, the low-end PowerMac when introduced was $1499.. but included keyboard and mouse. 
I guess the biggest question is will this expand Apple’s marketshare? It would seem that the iPod has been insanely successful and perhaps with a low cost Mac, those same individuals will be willing to give it a try (you know, when their PC is at the shop getting the viruses and spyware removed for the third time this year..). The difference between the iPod and a Mac mini is the pre-existing knowledge base. With the iPod (or any music player for that matter) there is not a lot of build-up knowledge on using the device. With a PC to Mac transition, there is years of pre-existing knowledge, knowledge of applications, OS navigation and so forth. In addition to this, support networks are built around Windows and people tend not to want to change things too drasticly.
As a result, I am going to predict that while there might be a small percentage of Windows users that switch to the Mac via the Mac mini, the majority of Mac mini purchases will be from pre-existing Mac owners — primarily as secondary systems. One thing that is interesting about the Mac mini is the number of professional technology individuals that will buy it as their first Macintosh. I’m mostly thinking of system administrators, technology consultants and others who have primarily focused on Windows and perhaps Linux/Unix systems. The Mac mini provides them a low-cost opportunity to learn about Mac OS X and have a system that provides them the ability to test crossplatform apps/web pages and other content that could be utilized by a Macintosh user.
This may lead to these tech saavy individuals to start recommending the Mac mini for less technical saavy individuals who just want something that works, gets them on the Internet, allows them to write a letter/email, play some music, etc.. Perhaps the ideal “grandparent” or student computer?
Guestimate — top selling Mac of all time, slight increase in marketshare, increased mind-share among consumers … Smaller form-factor PCs to follow.
Thu 6 Jan 2005
Hahahhah….
Not one, but TWO major crashes occured during Bill Gates’ CES Keynote on Wednesday… The first happened to Gates when he was doing some digtial photography work with his Windows Media Center PC … the system locked and wouldn’t respond to the remote control. Later during a demo of a video game to hit retail stores in April, Forza Motor Sport, the computer displayed a blue screen of death and warned “out of system memory” .. hah.. Honestly, we are not talking about any insanely new high-tech product .. we are talking about Media Center PC (now been around a few years) and a freakin’ video game.
What I find more interesting than the crashes and blue screens (which lets face it, Microsoft has done on much larger scales, such as the Win98 rollout..) is the interview Bill Gates did with c|net news from CES …
Some noteable qoutes…
.. on Internet Explorer and Firefox …
Other browsers are making market share gains. When does this become a problem or an issue for you guys?
..Firefox is being downloaded onto people’s systems, that’s true, but IE is also on those systems.. — uhh.. yah, they can’t uninstall IE…We need to keep IE the best. We need to innovate in IE, do more add-ons, do improvements. We have some very exciting plans there. — thats true.. .they NEED to do that, but yet they HAVEN’T done it for YEARS since they killed Netscape… Great.
Some percentage of users are going to try Firefox and IE side by side, and use the one that’s best. — its true .. everyone I show Firefox to is still using umm.. Firefox.
So no big problem; it’s not that people have stopped using IE, it’s just we’ve got lots of good ideas that can match and move ahead. - -its true. If they want to keep up-to-date with security patches from Microsoft, they are FORCED to use IE. Nice going Microsoft.
.. regarding security…
Well, no one invests more in security of their browser than what we do on IE. The key message we have for people is they should turn on auto update because if you turn on auto update, without you having to think about it and go through a bunch of user interface or know about this or that or the other thing, you can know that there are hundreds of very smart people who are constantly improving your browser and making sure that you’re safe. And so with auto update and IE, you’re getting the top security team and the quickest response team that there is anywhere. — HAHAHAHAHA — That is spoken just like a manager out of the know.. We invest lots of $$$ to fix the symptoms, but don’t fix the underlying issues. Heck, we even invested in super-dooper updater 4.0 that cost us millions to fix the symptoms. Yippie! Oh BTW Bill.. OSS has *thousands* of very smart people constantly improving their software.
Anyways .. he then nose dives and equates people against software patents with communist and other such non-sense. You can read it all for yourself.. fantastic stuff.. great way to start out 2005 Gates.. hope this is a glimpse of things to come for MS!