darkness

euphorik and I were talking about how we needed a website to keep our gift selections for Christmas on. Today I went out searching on Google. Google has a whole “Gift Registry” category in their directory. I’m going to go through and review some of the top sites listed there.

• Organized Registry: This site is OK. No clear way to make a direct link to your registry, but if you go into (for example) your account information page look for unipad.php in the source. Near that you should find a hidden field called acctid. Take that number and use http://www.organizedregistry.com/unipad.php?acctid=12345 as the direct link to your registry, where 12345 is whatever number you found for acctid. No login required for gift buyers, though you can apparently password protect the registry. The site has a very simple, if a bit unpolished at times, design. There’s big happy “+1″ buttons when you want to buy something for someone. Please don’t use the option to play a MIDI song when someone comes to your registry. All options — including real name, user name, and password — from registration time can apparently be changed after logging in. When I was building my registry I didn’t see the “shopping frame” that I think was promised. Could be Mozilla, could be Privoxy, could be they’re just broken. In short: nothing astounding, but it seems to work well enough.

• What To Get.Net: This site is also kind of ugly, but it works. This site has all the features of Organized Registry and more, it seems. They both have this bookmarklet you can add in that’ll pop up a window from which it’s easy to add an item (that you’re currently browsing) to your wish list. WTG.NET allows multiple registries. Also, the URL to get to your wish list is nicer: http://www.whattoget.net/view/username. (You can find this URL when you go to the “e-mail people” link on the menu at the left after logging in. Or something like that.) It also lets you enter in some important personal information, like shoe size, etc. The registry page has pictures of items, and frankly I suspect it might be a bit more annoying than, for example, Organized Registry’s listing; the listings are now huge, so I question if it separates them into pages for your or what. New windows pop up when someone clicks the link to an item. The registry also has a “printable version” button at top. It has a “visitors” counter at the bottom of the registry listing too. In summary: probably the nicest one yet. Which means the nicest of two.

• FindGift.com: OK, we’re getting better and better. This site has a much simpler and shorter registration process for you. Again, you can apparently change all information you enter when you register later, including user name. The registry list is easy on the eyes and concise. You can click the box next to an item to buy it, which may not be the most intuitive thing in the world; there are instructions there to help the less adventurous gift buyers. Neat feature: you can assign a code word to your purchase, then go back and “undo” the purchase using your code word if you make a mistake, couldn’t find the item, etc. Gifts can also have categories. I don’t know how much the registry listing lets you sort/filter by these categories; it doesn’t appear to have any interaction WRT to categories so I suspect the answer is “not at all.” The URL to get to your registry is a bit longer, but does contain your username at least. They’re a bit more strict on searching for registries, too: the require you enter a bit of the first name, last name, and the state where the person is located (or at least registered at). Summary: probably the best yet.

• Postwish.com: Lots of questions in registration. (I don’t have a fucking “Barangay”.) You can change everything except user name after registration, it seems. “Events” like “Christmas Day” are handled a bit differently from other sites. Lots of categories, but I don’t see a way to add/remove categories. The e-mail it sends people is kind of ugly. Then again, so is the URL it gives you to go to. It’s not even easily dingus-clickable. No quick way to click from the registry to see a gift, no visible way to get more than all of the requested quantity of an item, and the form you have to fill out when you buy something has way too many fields (too intimidating). Verdict: stick with FindGift.com so far.

• Swagbag.com: Decent interface, however it doesn’t seem to work quite right through Privoxy: I suspect it’s using more than just session cookies, because when I added an item I got kicked to some weird screen afterward. (Follow up: I just tried it with Privoxy off and it worked fine.) It doesn’t ask too many questions, and the interface isn’t too bad; that is, it’s pleasing on the eye if not too clear at times. The registry listing is OK, if a bit bulky. One positive is that it lets people easily leave “notes” on items, which appear to show to everyone. No easy bookmark for adding items in Mozilla/Linux, or so they say. (Maybe Mozilla everywhere.) Has a nice feature of adding multiple wish lists, unsurprisingly called “swagbags”. Can’t change user name, but all other registration information looks easily modifiable. The URL to get there isn’t too bad, but is a GET query to a CGI an ID for your wish list. Verdict: OK, but I’m still thinking FindGift.com is better.

• Stepcast: Easy to sign up. User interface to registered users looks like a power-user kind of interface, with few frills and a useful-looking toolbar down the left side. You can have multiple lists it seems. (After changing the name of one, it won’t show up immediately on the left; go click on something else and it’ll update.) Nice privacy settings on registries. Adding URLs for items is kind of weird: you have to add the item, then point a merchant to it. I suspect it isn’t meant to link directly to items, though you could make it do it. Going to view a registry, the listing is concise. The links may be a bit small. When you click “buy online” it makes a new browser window with their interface at the top to mark the item bought and the merchant’s URL in the bottom (main) frame. When I went and marked an item as bought, it listed my only item as “item with no description.” This site is no longer pretty to me, and is in fact becoming sort of intolerably bare to look at. Verdict: looks promising, but needs some sprucing up so it doesn’t remind me of a Sears outlet mall, and needs some bug fixes.

• TheThingsIWant.com: I looked at some people’s registry listings first on this site. The links on the list I was looking at brought me right to Amazon’s page, which is good. Site is a bit ugly, but usable so far. They give you a bookmark when you sign up, and the registration process doesn’t ask too many questions. When you click a link to buy an item you’re in a frame like at Stepcast. When you click “I bought it” you’re taken to a form where you can say how many you bought and who you are. It’s easy enough to create lists. You can change all registration information except for your user name. The e-mail it will send out to people for you got marked by my Spamassassin as spam (5.2/5.0). Nasty long link in that e-mail that doesn’t dingus click well. Eek, their mail host is listed in Osirusoft; don’t have them send mail for you, I guess. Verdict: functional site, especially if you like people to use those framed pages when they buy stuff for you. Worried about the spam thing; don’t really want to support someone that may be spamming. Probably the best since FindGift.com.

• Wishbox.com: Here’s a short one for you. I couldn’t click the “Update your Wishbox” link on the menu on the right because it uses Javascript, and Privoxy has rendered it non-functional (or it was non-functional to begin with). I’m just not going to bother. No way I’m going to be running around every dirty shopping site on the Internet with my pants down (a.k.a. Privoxy off and my cookies being unfiltered *gasp*). Verdict: HTML. Ever heard of it? (For the record, I went back to this site with Privoxy off, and it still didn’t work in Mozilla/Linux. Too IE-centric perhaps?)

• wishrepublic.com: Nice clean site. Fast, simple, acceptable to the eyes. Fatal flaw: apparently no links from the registry listing. It’s kind of an ugly registry listing at that. You can make an item available once you’ve bought it. No visible easy link directly to your registry; search for it and copy the link. Also, no multiple quantities on items. Items have categories, and they’re editable. Verdict: clean site, add a few more features and clean up the registry listing and it’d be great. For now, I rate it unusable.

• MyGiftList: UGH. Doesn’t work in Privoxy after you try to add an item. Also, lists aren’t easily public: you have to enter the e-mail address of everyone you want to see your list, then they can go to it from a URL in the e-mail. Each user you add has a set of categories like “boss” or “significant other” and gifts can be shown/hidden based on a person’s “role.” Verdict: Unusable! Bad site, no cookie.

So that’s my review. For now, I’m recommending FindGift.com or TheThingsIWant.com. I’ll probably try using FindGift.com first for my actual list. I’ll post here with any further findings. If anyone has any better suggestions for sites to use (quickly, now; I’m going to be making a potentially large list here for Christmas) please e-mail it to me.

Uneventful day for the most part yesterday. Went to darkho’s house to have dinner with her family. It was a good dinner, and darkho made good Chantilly Potatoes. I’ll also take this time to be random and mention that it’s currently about 59degF at the pad. This could explain the incessant running of my nose.

Got a call about 0130 last night from Time Warner Telecom (TWTC). They told me that one of the T1’s at one of our new sites was pegged for several hours. Upon checking it out I saw a nice flood of UDP packets. The contents appeared to include something like “+++ATH0″. They appeared to be attacking an IP belonging to an ISP in Israel. I think they’re a DSL provider, but I’m not sure; my Hebrew is, uh, a bit rusty. That is Hebrew, right? I recognized the selection for the Russian language on the first page, though.

I was immediately concerned that our new firewalls had been hacked and were now being used in a DOS. After checking things out though, I noticed the attack coming from the LAN side. Then I remembered that, while installing our last site on Wednesday (we have one left that didn’t get finished on Wednesday), I saw outbound IRC connections and alerted the technician that it might be a control channel for a back door/Trojan/whatever. There were two PCs causing the flood from the LAN, and I also saw outbound IRC connection attempts from those two PCs. I firewalled the target address (the flood is still going on AFAIK, probably will be until the PCs are rebooted, and possibly won’t stop even then) and any packets coming from a range of usual IRC ports. Alerted the administrator, told them to get the technicians down there working on AV software, which is probably out of date or missing.

Also reorganized my iptables rules so I could have the Corporate site route between two branch sites (packet in tunnel, then back out another tunnel). The src parameter when adding a route with iproute2 is mad useful.

I’m going to need to set up a WINS server on their network pretty soon so cross-domain browsing works. I’m not really looking forward to this, though. I was going to use Samba to do it, but last I heard Samba doesn’t do WINS replication. This means I’ll have to use their NT4 server at the Corporate site down south to synchronize with our Corporate server up here. It’s either that or make the whole enterprise rely on a single WINS server, which doesn’t seem like a particularly good idea to me. Also, I can’t help but suspect that Samba doesn’t checkpoint its WINS database to disk like (AFAIK) NT and friends do. If the server gets restarted, doesn’t this mean you’ll be having some WINS resolution issues for at least a while, until every host re-registers with the server manually? I guess some of this can perhaps be navigated by using dns proxy = yes and putting important entries in DNS? I’m really not sure how the DNS proxy works though.

No more sites turning up today, most customers probably still on vacation, and darkho is working until 1900 or 2000. This means work on DarkWiki today, likely.

Oh, BTW, semi-interesting (long) article on the development of TSO. Non-technical, unfortunately, but note the book titled something like Tru64 and Oracle 9i on the desk in one of the pictures.

I’m more than a bit punchy right now from my nearly three whole hours of sleep last “night.” Please excuse me.

For something like the past 24 hours or so I’ve been working to get our customers’ new VPN up. They’ve got a bunch of sites with T1’s to the Internet. Hanging off each T1 is a Linux box with a Sangoma card and a few network cards. The Linux box acts as the router, firewall, proxy, secure gateway, and coffee maker.

I don’t really like using FreeS/WAN tunnels because for a normal setup you have to (A) define a whole bunch of them, and (B) define every IP (or IP block) that’s going to be passing through a given connection. I seem to have found a better way to do it, though, largely with the help of LW.

The way I’ve currently got it set up, two secure gateways make a host ESP tunnel with FreeS/WAN. Over that IPSec tunnel we lay another GRE tunnel. GRE tunnels are far less picky about what travels over them. Here’s a typical connection for one of the secure gateways:

conn corporate
        auto=start
        rightupdown=/usr/local/lib/ipsec/_updown-tunnel
        left=1.2.3.4
        leftnexthop=%defaultroute
        right=5.6.7.8
        rightnexthop=%defaultroute
        leftrsasigkey=corporate key...
        rightrsasigkey=branch key...

This is a simple-enough connection between the corporate (main) office and a branch office. _updown-tunnel is a little script I wrote that handles bringing up/down the GRE tunnels when the IPSec tunnels come up/down. It uses a configuration file, /etc/ipsec-tunnels.conf which has contents like this:

corporate tunnel corporate mode gre remote 1.2.3.4
corporate addr 5.6.7.8/32
corporate route 10/8
corporate route 1.2.3.4/32 table 16
corporate rule from 10.1.2.0/24 to 1.2.3.4 lookup 16

This is the equivalent of the following iproute2 commands:

ip tunnel add corporate mode gre remote 1.2.3.4 dev ipsec0
ip link set corporate up
ip addr add 5.6.7.8/32 dev corporate
ip route add 10/8 dev corporate
ip route add 1.2.3.4/32 table 16 dev corporate
ip rule add from 10.1.2.0/24 to 1.2.3.4 lookup 16

Keep in mind that 1.2.3.4 is corporate’s routeable (external) IP address and 5.6.7.8 is the branch’s routeable address. All private IPs on the VPN are in the 10/8 reserved address space. This particular branch uses 10.1.2.0/24 for its LAN side.

The first rule creates the tunnel with the endpoint being the corporate external IP. The tunnel is “bound” (that’s how I think of it) to ipsec0: when ipsec0 goes down, I suspect the corporate tunnel does as well. Of course, with FreeS/WAN I don’t really think ipsec0 “goes down” unless FreeS/WAN is stopped and the ipsec module is removed. Here’s the output of ip addr ls dev corporate from the branch in case you’re interested:

173: corporate@ipsec0:  mtu 16236 qdisc noqueue 
    link/gre 0.0.0.0 peer 1.2.3.4
    inet 5.6.7.8/32 scope global corporate

You’ll notice the @ipsec0 portion of the name. If ipsec0 disappears (service stop ipsec for example) that @ipsec0 turns into @nnn where nnn is the number that was listed in front of ipsec0 in the ip addr ls dev ipsec0 output. (corporate’s “ID number” as I’ve come to call it is 173 in the above example.) It seems, though, that the tunnel still hangs around, but with the M-DOWN flag. I suspect M-DOWN is “media down.” Even if a new ipsec0 comes back, the old tunnel will hang around and remain M-DOWN. I suspect this is because the reference to its interface is kept as this ID number and not the interface name.

Note that the tunnel device has the same address as our external interface, as does ipsec0. FreeS/WAN bitches about this, but I’ve seen no adverse impact for all its whining.

The first route in the above ipsec-tunnels.conf example says to route anything for the 10/8 network through the corporate tunnel. If the branch wants to hop to another office it can do so through corporate. Indeed, there are actually two hub offices like corporate that have a link between them, and then each hub office has the branches hanging off of it. In this manner, traffic could conceivably go from branch to hub to hub to branch. (OK, if that confused you, just move on.)

The last two are a trickier part I needed to allow me to do ping 10.1.2.254 (branch’s internal IP address) from, for example, the corporate firewall. When sending packets from the Linux boxes, they will choose the source address for the packet as the outbound interface address. In our case, this would be our external (routeable) address. This is bad, however; for example, pinging from corporate to the branch’s internal address would send a packet from 1.2.3.4 to 10.1.2.254. When the branch tries to return the packet, it will send from 10.1.2.254 to 1.2.3.4. This reply is the problem: the routing table chooses ipsec0 for the packet to be output, but FreeS/WAN drops the packet because of the seemingly bogus source address. To get around this, we set up a new routing table which has just the routes to our IPSec endpoints, and then a rule which shunts traffic from a private IP to a routeable address through this new routing table.

So far (the past 12 hours or so) this has been working just fine. The tunnels even come up/down correctly. I’ll leave the iptables rules as an exercise to the reader. Don’t forget about not filtering loopback, allowing traffic to be input on ipsec0 for IP protocol GRE, and washing behind your ears.

I set up a quick zone I called “internal” in corporate’s named and put a forwarders { 1.2.3.4; }; statement in each branch’s /etc/named.conf. This appears to work. However, I’m not sure dig and host are looking at the search internal statement in /etc/resolv.conf; or, at least, looking at them correctly:

[root@branch root]# host corporate.sc
Host corporate.sc not found: 3(NXDOMAIN)
[root@branch root]# dig corporate.sc

; <<>> DiG 9.2.1 <<>> corporate.sc
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4237
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;corporate.sc.			IN	A

;; AUTHORITY SECTION:
sc.			596	IN	SOA	NS1.SEYCHELLES.NET. dnsadmin.registryadvantage.com. 4927 21600 3600 2592000 600

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Nov 28 01:33:03 2002
;; MSG SIZE  rcvd: 114

[root@branch root]# ping corporate.sc
PING corporate.sc.internal (10.1.0.254) from 5.6.7.8 : 56(84) bytes of data.
64 bytes from 10.1.0.254: icmp_seq=1 ttl=64 time=8.50 ms

--- corporate.sc.internal ping statistics ---
1 packets transmitted, 1 received, 0% loss, time 0ms
rtt min/avg/max/mdev = 8.508/8.508/8.508/0.000 ms

Suggestions?

In other news, I spent some quality time with pmud yesterday adding ways to bring my wireless card back up, as well as to restore fnset which somehow seems to get hosed during suspend/resume. Here’s my pmud-0.10-1b.2.src.rpm. Feel free to check out /etc/power/pwrctl.d/wireless and /etc/power/pwrctl.d/fnset.

My Powerbook locked up again yesterday. I’m not fond of that. I think I’ll be saving my work a lot more often. I suspect that it’s Linux not hardware, without any good reason. Yesterday it was an oops in the swapper task, I think. This may rule out that my USB serial port was causing problems. OTOH, it doesn’t bode well for me using Linux on this laptop in the future. Apparently it is possible to run OS X on this beast. Maybe I’ll try that some day.

Off to continue working on the remote site cut-overs. There’s two guys down there basically switching everyone to DHCP. Everything is going fine thus far, but then we’re not really doing anything over the VPN yet (corporate hasn’t been switched over). Wish me luck.

Quick entry since I wrote so much today.

Went to dinner with parents at the Melting Pot. Good dinner. Couldn’t taste the difference between the Caribbean and the Coq au Vin (sp?) cooking styles. Played shortbus25a and cornrows (I think) in TFC tonight; I was late for practice, bad darky! shortbus25a is fun because there’s an actual bus I get to ride. I’m a sucker for gimmicks.

Attempted to work on DarkWiki some. Re-did the way user interfaces are going to work. Not totally sure I like it, or that it offers enough, but it kind of seems to work. One thing I’m not sure about is whether session selecting for the operating context should be done in the view or the application. It would be nice in the interface (view), at least for HTTP/HTML, but I think it belongs in the controller. That’s probably where it’ll sit. The controller already needs to know a bit about what kind of interface it’s using, I think. Of course, I could probably get around that to an extent too.

Tested sound on darkbook (the Powerbook). Gnome wasn’t set to start esd automatically, so I set that then logged out and back in. xmms wasn’t playing files, but it wasn’t because of the sound card, it was because it couldn’t read the MP3s from the SMB share I had mounted:

smb_open: Genesis/02. Everybody Rise Again.mp3 open failed, result=-13
smb_readpage_sync: Genesis/02. Everybody Rise Again.mp3 open failed, error=-13

Lots of errors like that. cp said “Permission denied” when I tried to access the file — though I believe it started to make the destination file, which I don’t think it would usually. Maybe it makes a call to access(2) before opening the destination. So if access(2) falsely returns OK, it might open the destination then get the permission denied when it actually goes to open it. xmms doesn’t give me any errors at all, though, which is probably bad. (Even mpg123 gave me a “Bus error”. Of course, that’s potentially worse than no error. With no error you know you have to look elsewhere to see what’s going on. With an incorrect error message you might go barking up the wrong tree for hours.) At any rate, I just used SecureFX to SFTP the file from my windows machine to darkbook: I’ll figure out SMB problems some other day. (Note that smbclient didn’t work either, so either my Win2k box is at fault or my samba package is.) After copying the file to the local drive, xmms played it just fine. Well done. My only minor complaint is that the range for the volume setting might not be great enough; i.e., I can’t get it quiet enough, at least on the speakers. Perhaps I shall try some headphones some day.

Off to bed now hopefully. Need to get up around 1000 tomorrow.

[You would be wise to read the previous entry to figure out what’s going on here.]

This past weekend (I think) my laptop started locking up. I can’t tell if the entire laptop is locking up, or just the screen is freezing. I think the whole thing is locking up, though. It hasn’t happened in a while, but when it was happening it happened two or three times in a row, usually after five or so minutes of being booted. It was reminiscent of my last laptop on which the backlight would go out randomly after a few minutes of being booted. I didn’t really care to troubleshoot the laptop much; it was falling apart already, with the screen splitting apart, along with numerous other things going wrong with it.

So I finally get a hold of my boss on Wednesday and tell him about my predicament. He instructs me, as I hoped he would, to just get a new laptop and put it on the corporate AmEx. When I threw the range of “$2000-$2500″ at him, though, he said something like “no, they’re not that much, Best Buy has some for like $1400 I think.” He obviously didn’t realize that those are probably shit laptops. I was looking for either a Dell, ThinkPad, or Powerbook. So I say whatever, and go searching. I really only looked at the ThinkPad T30 and the bottom of the line Powerbook 500MHz. BTW, I don’t find the Apple store intuitive to navigate, really. It doesn’t help that what people always refer to as a “tibook” is actually a titanium Powerbook. Bastards.

So I find that the Powerbook and the T30 are right in the same price range. I eventually settle on probably getting the T30. As much as I have longed for some non-x86 gear, the facts are that I know it well, I’m not sure I’ll like OS X, running Linux on one might be a huge pain, and I thought I would just generally be able to do more things that I’m used to doing on x86. I phone boss back incessantly starting at like 1655 until 1930 or something. When I toss $2300 at him, he then says “uh, let me call [my partner] and I’ll call you right back.” (I was putting such a rush on this because I was just going to overnight the thing.) He calls back a few minutes later and says something like, “There’s a Powerbook on my floor, can you just put Linux on that and use it? If not, that’s cool, we’ll just have to buy you a laptop. If so, though, we’re trying to save money to give you a big bonus at the end of the year.” “Fine,” I said to him. I went to work and picked up the Powerbook. If I don’t see a big bonus, I’m going to be potentially livid.

The Powerbook is a Powerbook G3 (I think). It’s called “Powerbook Firewire” on Apple’s site but “Powerbook Pismo” elsewhere. Apparently released in 2000, has a 500MHz processor and 128MB RAM on board (as near as I can tell), 12GB hard disk (around there; maybe 11GB or 10GB). I’ll discuss what I’ve done to this poor thing kind of out of order now.

I managed to dig up a PC100 128MB SO-DIMM at work. To put it in I first undid all the Torx (I think) screws on the bottom (I think I used a “T8″ bit? I hope that’s right) and tried to lift the bottom off. The Powerbook wasn’t having this. I took the battery and CD-ROM out too (the bay the CD-ROM goes in to is cool; I bet I can stick another battery in there too) but still no luck. Then I fished around on the web and found out that it was under the keyboard I needed to go. Indeed, instead of removing five screws or something like that, all I had to do was use my hands and push down (towards the trackpad) on two tabs between F4-F5 and F8-F9, then lift up. The ribbon cable that connects to the keyboard is pulled out from the motherboard, just tug on it, it’s apparently OK… at least, mine still works. Then you need to unscrew the two screws that are holding on the “radiation shield” which is about horizontally center and vertically (bad terms, I know) towards the top of the keyboard. Under this there is on SO-DIMM slot. When I saw the slot through the heat shield, and other pictures on the Internet, I panicked because I was sure I only had one slot, and thus needed a 256MB DIMM to increase my memory. When I took off the shield, though, I saw the empty slot and cheered. Put in the memory as usual, closed it up, turned it on, and all was well. And here I was afraid this thing would be loaded with proprietary Mac hardware of some sort.

The Powerbook originally had OS9 on it, and boy did that seem slow. I booted it up once, played around with it. Saw a program called “Airport” and ran it hoping it would tell me I had an Airport card already in here. Alas, my system is apparently only “Airport ready.” euphorik said he thinks it means the laptop has an antenna in it; I say I think it’s a marketing term which means “we have a PCMCIA slot.” (Only one BTW. Yick!)

Now I’m out on the Internet looking for Linux distributions for PPC. There’s the well-known Yellow Dog Linux, but I didn’t really want that. I was trying to grow fond of Debian, and it seemed they had a well-maintained PPC port. Plus I could do a net install, which I normally don’t like but in this case was great for instant gratification (no 650MB ISO to download). I later found that SuSE and Mandrake both have PPC distributions, but they seem like they’re not real up-to-date. Pity, that. Had Red Hat still had a PPC distribution, I probably would have used that from the start.

I used these Debian boot images for PPC. I had a bit of trouble getting the Powerbook to boot from CD-ROM at first. Holding down C at boot didn’t help, nor did some other weird combination someone told me about. I ended up getting into Open Firmware with Option+Command+O+F held down while booting, then issued boot cd:,install\powermac\yaboot as per the Debian installation manual for PPC. Yaboot, BTW, is apparently like LILO for PPC. The instructions were pretty easy and the installation pretty quick. About the only thing I can remember getting caught up on was the fact that in mac-fdisk, swap partitions have the same type as your root partition. No worries; it was eventually found in the manual.

Got it up and running, and everything seemed well. Good ole’ pretty familiar Debian. I’ll go ahead and take this time to talk about the Powerbook keyboard compared to the PC-104 keyboard you’ll find on PC laptops. The Powerbook is flat out missing some keys that I’m used to, such as insert and delete. Additionally — and I really love this one — you have to hold down the Fn key by default to get to the function keys! That’s right, hit the key marked F4, for example, and if you didn’t press Fn first, you just turn up your sound card volume. To add to this mess (for PC users) pressing something like Fn+Alt (Option)+F2 to go to VC 2 (tty2) didn’t work! I had to press the Fn immediately before the F2 key; with the Alt in the middle it didn’t work. It took me a long time to figure this out. Oh, and while I’m talking about missing things, the trackpad only has one button. Surprising? No. Irritating? Yes.

So now I apt-get install x-window-system. Everything goes reasonably well. X would like r128.o (apparently DRI kernel module for the ATI video card in here) but is happy to go on without it. I ran the server in 1024×768, though Apple’s site seems to indicate it can go higher. However, I get twm instead of Gnome or KDE right off the bat. I eventually track this down to the need to do update-alternatives --config x-session-manager and update-alternatives --config x-window-manager. (Also, check out /etc/alternatives/, though you’re not supposed to tinker with that directly AFAIK.) I have to use tasksel to get Gnome, too, which also gives me KDE. apt-get install gnome didn’t work, at least not from stable. I think.

I’ve got X running now and Gnome starts up. What? This looks quite old. No gnome-terminal? I don’t know why I want it over xterm, but… damnit. I guess I need to go to testing. I find these directions for going stable to testing, and though they talk about going from Potato to Woody (go-woody doesn’t seem to exist in Woody, unsurprisingly, but there doesn’t seem to be a go-sarge either) it still seems to work. I still can’t apt-get install gnome though. It seems I have to go to unstable for that. Fine, apt-get -t unstable install gnome spits out something, at least, indicating I have unmet dependencies. Namely, gnome-applets requires ACPI, but I don’t have that. Silly dependency. So I give it a bit of dpkg -i --force-depends and it’s installed. Note that, at the time, this somehow worked without apt-get telling me to run apt-get -f install; I couldn’t duplicate this workingness later. Now I re-run apt-get -t unstable install gnome and I’ve got Gnome! Yay!

Wait. Gnome won’t start. Oh, look: Gnome 2 is broken in Debian as of just a few days ago. Fuckers. Argh! Try KDE; find out it’s 2.2.2, which is old, and on top of that I don’t want KDE, I want Gnome. It’s not that I don’t like KDE, but that I don’t care to learn it. I want Gnome, damnit.

Combine this with some other things about Debian I wasn’t happy with, and this leaves darky out looking at other distributions. I end up downloading YDL (Yellow Dog Linux) 2.3 ISO and starting it up. Wait, what’s this? YDL 2.3 is based on Red Hat 7.2? Oh happy days!

The installer is much different, and a bit watered down I’d say. Indeed it reminds me more of the Debian installed, but graphical. Still, though it seemed to hang at times, it finishes without incident. Upon boot *gasp* it looks like Red Hat! Oh joy! (BTW, before I forget again: to boot off the YDL 2.3 CD, boot cd:,install\yaboot from Open Firmware prompt IIRC.) It’s installed all my development packages and such (which Debian did at request, too) and I’ve got X and pmud — which, BTW, is what you use on PPC instead of apmd it seems. Without pmud you’re missing stuff like trackpad and the ability to snooze by closing the cover (or at all, actually).

Rather than discuss all the trials and tribulations I’ve had getting this thing set up right, let me discuss the configuration changes I made in no particular order. PCMCIA wasn’t working right; I would get lovely messages like:

Nov 23 14:00:32 localhost kernel: cs: unable to map card memory!

As it turns out, this is because the pcmcia service wasn’t even starting. For whatever reason, /etc/sysconfig/pcmcia had PCMCIA=no in it. Now this is what my /etc/sysconfig/pcmcia looks like:

PCMCIA=yes
PCIC=i82365
PCIC_OPTS=do_scan=0
CORE_OPTS=
CARDMGR_OPTS=-f

After this I think everything started to work. BTW, RH 7.2 (or at least YDL 2.3) will let you configure wireless cards from you usual ifcfg-* scripts in /etc/sysconfig/network-scripts/. Here’s an example from my /etc/sysconfig/network-scripts/ifcfg-eth1:

NAME=darkbook
DEVICE=eth1
BOOTPROTO=dhcp
ONBOOT=no
ESSID=myessid
KEY=s:mykey

That’s like doing iwconfig eth1 essid myessid key s:mykey AFAIK. Now my card comes up at boot. I suppose you could still use the other way with pcmcia-cs schemes; I think that’s in /etc/pcmcia somewhere. Kind of requires modifying files that might be replaced in an upgrade, though, so perhaps not a good idea. On a side note, the built-in Ethernet card works out of the box on YDL 2.3. Here’s how it’s identified:

eth0: Sun GEM (PCI) 10/100/1000BaseT Ethernet 00:30:65:ab:cd:ef 

Wow, gigabit? That’s news to me. I’ve never actually checked for this before. (Note: MAC address changed to protect the guilty.)

X worked fine. Here’s my Powerbook’s /etc/X11/XF86Config-4. One of the chief problems I had through all this messing around with the Powerbook was the lack of insert and delete keys. I don’t use delete much, but I use shift-insert to paste into xterm’s (gnome-terminals — ha!) frequently. First, check out my /etc/sysconfig/mouse:

# Mouse Setup
# Run yimouse to re-configure this file
TYPE=adb
DESC="Apple Desktop Bus (ADB)"
GPM=imps2
X11=IMPS/2
DEV=/dev/input/mice
EMULATION=no
EMU_BUT2=87
EMU_BUT3=88
TRACKPAD_OPT=drag

TRACKPAD_OPT=drag allows you to tap and track with the trackpad. Apparently Mac users don’t use this, at least not by default perhaps? Weird. Further, I went out and bought a Microsoft Trackball Optical 1.0 USB which is not so bad to use (if a bit bulky, and the ball comes out real easily) so I didn’t need EMULATION=yes which was the default. By default, this makes F11 button 2 and F12 button 3 on your mouse. BTW, check out files in /proc/sys/dev/mac_hid too, but modify them permanently with the settings in /etc/sysconfig/mouse. It also seems that, as long things look at /dev/input/mice for their input, you can plug or unplug the USB trackball as much as you want and everything keeps working. I can use the trackpad and the trackball at the same time.

Now I’m on to the keyboard. showkey shows me that the console is getting distinct scan codes for just about every key on the keyboard – and the power button! However, in X, using xev shows me less distinct scan codes. I pulled apart the X server sources some (check out programs/Xserver/hw/xfree86/common/xf86KbdLnx.c) and found that the mapping of scan codes to X key codes is seemingly hard-coded. For whatever reason, though, I put Option "CustomKeycodes" in /etc/X11/XF86Config-4 and lo, I was getting more key codes, at least. I also had to comment out the Option "XkbLayout" and put in Option "XkbModel" "powerpcps2". Now I switched the Command and Option keys around, since I’m more used to hitting the key right next to the space bar for Alt. I use the enter key right near the space bar for insert, and Fn plus that enter key for delete. Note that I think the delete binding blows away keypad enter, which I never use. Here’s my ~/.Xmodmap which is loaded with xmodmap when your X session starts:

keycode 104 = Insert
keycode 109 = Delete
keycode 124 = Super_R

remove Mod1 = Alt_L Alt_R
remove Mod4 = Super_L Super_R
keysym Alt_L = Super_L
keysym Alt_R = Super_R
keysym Super_L = Alt_L
keysym Super_R = Alt_R
add Mod1 = Alt_L Alt_R
add Mod4 = Super_L Super_R

Now everything works pretty acceptably with my keyboard. Fn+6 appears to be num lock, despite the key marked Num Lock (F5) on the keyboard. That num lock key seems to actually make it so you can use the numeric keypad overlayed with the regular keyboard without hitting Fn before each keypad key. Perhaps useful, though I would never really use it unless I had an application which specifically wanted me to hit that key.

One last note about the keyboard: there is a program distributed with pmud in the contrib directory called fnset. This useful program lets you make it so you don’t have to hit Fn to use your function keys. Very, very useful, and I can’t figure out why YDL didn’t package it to begin with. Anyway, here’s my pmud SRPM with fnset. For those of you new to RPM, you can just do rpm --rebuild pmud-0.10-1b.1.src.rpm and then rpm -Uvh /usr/src/redhat/RPMS/ppc/pmud*rpm, or something to that effect. (I bet I just got someone into trouble with that.) It also appears that fnset’s changes are automatically persistent; I suspect they’re written into NVRAM or something similar. fnset -h is your friend for usage instructions.

The default desktop is KDE. I wanted Gnome, as I already said, and I kind of wanted it to be the default. Lo, /etc/sysconfig/desktop has the answers: set DESKTOP=GNOME and you’re set. I’m now running with “graphical login” which I call “runlevel 5″.

I still have some issues with sound. For starters, I want to get rid of the “startup bong” (props to Ellen) but I suspect there isn’t a way to do that in Linux. So much for quiet startups, unless I jam something in the headphone port first. My sound volume settings aren’t being persisted, either; I should probably attack them with aumix. I also haven’t tried playing, say, an MP3 on this thing; I’m just hoping it works and sounds decent. I think the port on the back marked “S Out” is actually an S-Video output. This laptop is much cooler than my Intel P3 500MHz and doesn’t seem any slower (though I was thinking it would be faster, actually; I worry the IDE hard drive/IDE controller isn’t up-to-snuff compared to my PC laptop). Plus it has a working battery. My old laptop ate batteries: supposedly if I were to put a brand new battery in it, it would destroy the battery within an hour or two. I’m not sure if, when the laptop is suspended (snoozing?) it’s still running or not. I should close the cover and try to ping or ssh in to it.

So that’s the big laptop story. Using the Powerbook is fun, but I think I’m still leaning towards an x86 for my next machine. Who knows, maybe darky will switch?

In other news, I did the install of six firewalls for our client in Columbia, SC this past Friday. I actually only got four installed; two more go in Monday. One is a DSL, so that might not be much fun. I stayed up late on Wednesday and Thursday getting the T1 firewalls ready, though, and they were absolutely beautiful: plug them in, plug in serial console, watch ‘em boot, and the line just came up. First time, no futzing with the telco or anything. Glorious. Hopefully Monday will be the same. After that I get to string ‘em together with FreeS/WAN. Then next Friday I install the other six or so in Charlotte. That’ll be easier perhaps, since at least I won’t be 1.5h from home (and civilization; not to say anything about Columbia, but more the space in between Charlotte and Columbia). Then at some point it’s back to working on my Wiki.

Oh! I got a a new bed from ardent. That is, it’s new to me. I spent $750 on bed sheets and a comforter and a duvet from Bed, Bath & Beyond. (No serial comma there, but it doesn’t look right in front of an ampersand. Plus, I think that’s how they write it, and it’s a proper noun. So nyah.) It’s a queen sized bed. We got some “100% Pima Cotton” sheets (two full sets), a synthetic down comforter, and a heavy-ass duvet to go on it. I would have liked a lighter duvet, but I wanted black and they didn’t have much besides this. They had velvet, which I figured would be an even bigger pain to take care of, so I just stuck with the heavy-ass black duvet… which still isn’t machine washable. People have speculated I overpaid, and they’re quite possibly right. I’m not terribly concerned, though; I just pushed off vacationing a bit further, which is fine with me.

I loaded five new maps onto the TFC server yesterday. I haven’t seen them yet. I’m worried non-standard maps is going to drive the average server population further down than it already has been lately.