Cowell Computer Consulting

How many of you have a sticky note or a text file on your computer with sensitive information in it ? We sometimes forget that it would be possible to have our computers stolen. Often times the information on our computers is of more value that the computer itself.

Keep your information safe using keychain access (located under /Applications/Utilities).

Keychain will unlock the login keychain on your computer using your account password. If your passwords match then you want have to enter your keychain password on login. This is important to note because it means that anything that resides in the login keychain is not really protected if someone can gain access to your account.

1. Open Keychain Access.
2. Create a new keychain if you don't already have one. (File->New Keychain).
3. Create a new secure note in that keychain (File->New Secure Note Item).
4. Give your note a name and enter your secure information.

Don't forget to lock your keychain (Apple-L) before closing the app.

Posted by Luke Cowell on April 30, 2007 at 06:51 PM

Most devices that can talk TCP/IP have screens attached to them. I was setting up a IP->Serial device by quatech and it conveniently uses DHCP. It turned on and got link, but what's its IP ?

Most devices with an Ethernet interface will have the MAC address written somewhere on the outside of the device. Find the mac address and you're half way there.

MAC addresses are 6 sets of numbers. The first 3 sets are assigned uniquely to a manufacturer and the last 3 are for that manufacturer to distribute.

• A MAC address is always unique, an IP is not.
• A MAC address does not change for an interface, an IP can.

I found the MAC address of my device on the case: 00:0b:28:00:1d:8d

Now I ping the broadcast of my subnet:

eg. ping -c 1 192.168.2.255

And finally I check my now populated ARP cache:

eg. arp -an | grep -i 00:0b:28:00:1d:8d

Yielding:

? (192.168.2.224) at 00:0b:28:00:1d:8d on fxp0 [ethernet]

You can always look up MAC addresses and vendors here:

http://coffer.com/mac_find/

Posted by Luke Cowell on April 23, 2007 at 06:05 PM

Previously, I had written about what you can do with a soekris. I did get everything working as it should and it was pretty interesting. I'd unplug the unit and watch that it would flawlessly start up again. This is important because there's no screen hooked up to these and if the filesystem were to become dirty, login requires a null modem cable, which not everyone keeps handy.

Goals:

• can be safely unplugged at any time
• can receive commands from web or sshd

I thought that I had achieved my goals and all I had to do was put a web server on there. Lighttp seemed like the best bet, being pretty compact, but I was quickly realizing that 64MB wasn't going to be enough space to fit everything into.

What I've opted to do is have the / filesystem still load up with the kernel into memory in rw mode and have /usr mount off the card in ro mode. Lock and temp files are written to /tmp + /var under /.

The only pain in the butt about this is that if you want to make a change to the system you must connect a null modem cable and do the following.

shutdown -t now
umount /dev/wd0a
mount -rw /dev/wd0a

This isn't a major problem as there are rarely going to be changes that need to be made. I the next iteration of this project I am going to divide the card up into several partitions.

wd0a rw   /         25MB    kernel is read of this partition. Completely volatile.
wd0e ro   /usr     200MB    all our userland stuff
wd0f rw   /data     10MB    special

/data would be mounted after startup by an rc script. This is important because /data could be dirty and could impede startup of basic services. /data would also have a rc.local script on it that would be called on startup that would copy files or config, restart services etc.

I've also been working a little with Axis cameras and have noticed that they use an embedded Linux system. I think they use uClinux.

Posted by Luke Cowell on April 22, 2007 at 02:05 PM

What do you call a 486 with 64MB of RAM that’s roughly the size of a small book ? A Soekris 4501. These units are equipped with 3 ethernet ports, a mini PCI slot, a full size PCI slot, a Compact Flash slot and 2 serial ports. The second serial port would need to be wired up manually.

It’s been interesting figuring out the best way to configure this. The simplest route is to just treat the CF card as a HDD. This works well with a couple of exceptions:

1. Powering the machine off without properly shutting it down can lead to a dirty disk, which could mean that you’d need to intervene with a console the next time it starts up.
2. I haven’t read anything conclusive, but it’s been said that continuous use of a CF card will drastically shorten its life.
3. Not fast.

The other method is to have the system boot into a ram disk. There are actually 2 ram disks that are created. One is part of the kernel and we would equip it to have a basic set of tools to prepare the second ram disk. The second ram disk is mounted at /usr – nothing too interesting there.

I’ve used FreeBSD for years, but this is the first time I’ve spend any serious amount of time using OpenBSD. I’m really impressed with OpenBSD. It’s so minimalistic, which makes it a perfect candidate for an embedded system, such as this.

The documentation here was very helpful and I’ll let it cover most of the details:
http://256.com/gray/docs/soekris_openbsd_diskless/

The boot process is this:

1. Kernel is read in off the CF card and basic ram disk is created. At this point we are still independent of the CF card, but we can’t really do anything yet.
2. The rc.diskless script creates the second ram disk (/usr), mounts the CF card and copies /mnt/usr off the CF into /usr (on the ram disk).
3. Unmounts the CF card.

This means that if I were to unplug the soekris, unless it’s booting up, it will never be a dirty disk.

I used OpenBSD 4 (vs 3.x), so I had to do some minor adaptations. I also really sped up the development process by using a couple of VMs to be the host/build OpenBSD system and one to be the ‘soekris’.

Posted by Luke Cowell on April 10, 2007 at 10:24 PM

I'm using a little something called simplelog for my site. I decided to use it based on the following criteria:

• Built on Ruby on Rails

  A Web development platform I'm very interested in.

• Simple to use

• Good built in theme

  I have no design ability.

• Can link directly to posts

  Many of my posts will be for the benefit of my clients and peers and I need to be able to link directly

• Tags

  I will be posting on a wide variety of subject, that in combination with my bad memory means that I might be making the same posts twice. The same posts twice.

I'm sure that there's other great blog tools out there. What are you using ? What are you staying away from ?

Posted by Luke Cowell on April 10, 2007 at 08:00 AM

I too can now join the masses - I have a blog. It's yet to be seen whether this is something that is regularly updated.

The reason that I'm doing this is that I'm finding that there is more and more need to:

• Document - even if only for my own benefit, how I accomplished something.
• Give back to the community by doing so.

And so to my audience of one, I would like to say "Keep checking back for exciting updates and 'how-tos'".

Luke

Posted by Luke Cowell on April 09, 2007 at 09:29 AM