The Border Worlds Blog

The Border Worlds Blog http://borderworlds.dk/blog/ Like everyone else these days I need to have a blog where I can write about boring and generally uninteresting stuff. en Fri, 02 May 2014 20:41:21 CEST Fri, 02 May 2014 20:41:21 CEST xi@borderworlds.dk xi@borderworlds.dk Configuring IPv6 on FreeBSD 9.0 As long as I have been using IPv6 on FreeBSD (Since FreeBSD 4.x i think) IPv6 has basically been configured the same way in rc.conf. I usually either configure my systems with a static address or use stateless autoconfiguration. From FreeBSD 9.0 and forward the syntax in rc.conf has changed a bit - mostly for the autoconfiguration case. I have made up examples of both cases with "before" and "after" configuration. By looking at these examples it should be easy enough to convert your own configuration to the new form. <h2>Static address</h2> FreeBSD ≤ 8: <pre><code>ipv6_enable="YES" ipv6_network_interfaces="em0" ifconfig_em0_ipv6="2001:470:dd78::21 prefixlen 64" ipv6_defaultrouter="2001:470:dd78::1" </code></pre> FreeBSD ≥ 9: <pre><code>ipv6_network_interfaces="em0" ifconfig_em0_ipv6="inet6 2001:470:dd78::21 prefixlen 64" ipv6_defaultrouter="2001:470:dd78::1" ip6addrctl_policy="ipv6_prefer" </code></pre> <h2>Autoconfiguration</h2> FreeBSD ≤ 8: <pre><code>ipv6_enable="YES" </code></pre> FreeBSD ≥ 9: <pre><code>ipv6_network_interfaces="em0" ifconfig_em0_ipv6="inet6 accept_rtadv" ip6addrctl_policy="ipv6_prefer" </code></pre> http://borderworlds.dk/blog/20120122-00.html Sun, 22 Jan 2012 17:35:00 CET Taking a look at Convergence <a href="http://convergence.io/">Convergence</a> is a secure replacement for the Certificate Authority System. It verifies certificates on web sites based on what notaries located around the Internet observe without any need for centralized validation. The motivation for building a replacement for the existing CA trust model is quite simply that the old model is utterly broken. The web browsers on almost all computers in the world trust a scary amount of certificate authorities. In the recent past several of these have had security breaches and I'm quite sure that we will see more of this in the coming years. Furthermore, the business models used by the existing CAs give them no incentive to take security too seriously but drive the price up instead and makes it prohibitively expensive or even impossible to use virtual hosting for SSL sites with SAN certificates. At the moment the only client implementation for Convergence exists as a Firefox add-on. The whole thing is still very much a work in progress, however the basic functionality seems to work well enough at this time. Just install the add-on and certificates for the SSL sites that you visit will be verified by Convergence rather than the built-in list of trusted CAs. When convergence is active you'll notice the difference when clicking on the left part of the address bar: <img src="20111113-normal.png" />  <img src="20111113-convergence.png" /> <a href="https://www.quickdns.dk/">www.quickdns.dk</a> uses a domain validated certificate from Equifax and the screenshot on the left shows how it is normally presented to the user. The one on the right shows how it looks when convergence is doing the verification. I don't know if Convergence will take off and actually replace what is in use now. Among others the people at Google have <a href="http://www.imperialviolet.org/2011/09/07/convergence.html">valid concerns</a> regarding implementing it. However, if it paves the way for something better than the current trust model then that is certainly great. <h2>The current state of the implementation</h2> Having used Convergence on two of my computers for a week or so now, I have noticed a few things that are still not quite right. I'm confident that these issues will be worked out eventually. <h3>No SNI support</h3> Web sites can generally not rely on SNI yet so this is not fatal. Hopefully that will change in the not too distant future though. If you are reading this using Internet Explorer on Windows XP or Android 2.x, stop doing that and get yourself a non-ancient web browser! github issue: <a href="https://github.com/moxie0/Convergence/issues/28">Notary fails for sites relying on SNI</a> <h3>No IPv6 support</h3> When browsing a dual stack site (like <a href="https://www.quickdns.dk/">www.quickdns.dk</a>) having Convergence enabled forces IPv4 as far as I can tell. github issue: <a href="https://github.com/moxie0/Convergence/issues/53">IPv6-enabled HTTPS sites don't load when convergence is enabled</a> <h3>Security exceptions not working</h3> In my development setup I have a number of sites that are not reachable by the Convergence notaries and have the wrong name in their certificates as well. At the moment I have to disable Convergence completely to access them as i am unable to add a security exception. github issue: <a href="https://github.com/moxie0/Convergence/issues/79">Cert exceptions for local internal sites don't work</a> http://borderworlds.dk/blog/20111113-00.html Sun, 13 Nov 2011 17:07:00 CET IPv6 enabled web crawlers For a while now I have been wondering if <a href="http://google.com/">Google</a>, <a href="http://bing.com/">Bing</a>, e.t.c. have crawlers that are IPv6 enabled. I'm fairly certain that they won't try to access dual stacked sites using IPv6 but that doesn't neccesarily mean that they are incapable of indexing IPv6 only sites. As a small experiment I have created <a href="http://v6.borderworlds.dk/">v6.borderworlds.dk</a> to find out. I'll observe the access log and see if anything finds its way there. If it doesn't work for you, you're probably just still stuck on <a href="http://en.wikipedia.org/wiki/IPv4">legacy IP</a>. http://borderworlds.dk/blog/20110206-00.html Sun, 06 Feb 2011 19:26:00 CET New job As of today, I will be working at <a href="http://www.safeticket.dk/">Safeticket ApS</a>. I will be writing code as usual for the most part. http://borderworlds.dk/blog/20100701-00.html Thu, 01 Jul 2010 09:39:00 CEST IPv6 related Firefox add-ons Having IPv6 connectivity I found that I would like to both use it more and also know if the websites I visit are IPv6 enabled. I found two add-ons that helps me do both. Use IPv6 when doing google searches: <a href="https://addons.mozilla.org/en-US/firefox/addon/11730">IPv6 Google Search</a> Show the IP of the website you are visiting - with custom colors indicating IPv4 or IPv6: <a href="https://addons.mozilla.org/en-US/firefox/addon/590">ShowIP</a> http://borderworlds.dk/blog/20100405-00.html Mon, 05 Apr 2010 18:57:00 CEST Enabling softupdates on the root filesystem without console access I found myself needing to enable softupdates on the root filesystem of a FreeBSD machine where I didn't have console access. As this is a little tricky I wrote a small RC script that I am now sharing here. The script is located <a href="softdep">here</a>. To install it run this sequence of commands as root: <pre><code> cd /etc/rc.d fetch http://borderworlds.dk/blog/softdep chmod +x softdep shutdown -r now </code></pre> Your system will then reboot. When it runs the script it will enable softupdates and reboot once more. After that it should come up normally. Afterwards you can remove the script (Although it doesn't hurt to leave it there) I take no responsibility if it eats your cat or sets your machine on fire. It worked for me on the two machines I tried it on. http://borderworlds.dk/blog/20090429-00.html Wed, 29 Apr 2009 19:09:00 CEST A simple stream proxy Occasionally I have the chance to use the nice big loudspeakers at the office without anyone being bothered. I have a premium account for my favourite net radio station but have no desire to expose my credentials by placing my playlist on the Windows XP machine to which the loudspeakers are connected. So I wrote a small stream proxy to work around that small problem. It is quite simple to use: <pre><code>$ pls-proxy.pl yournetradio.pls pls-proxy.pl 0.1 Copyright (c) 2008 Christian Laursen <xi@borderworlds.dk> Playlist contains 3 entries, picking number 2 URL: http://xxxx:yyyyy@iii.iii.iii.iii:80 Waiting for client to connect on port 8020... Client connected Connected to iii.iii.iii.iii:80 Headers: GET / HTTP/1.0 Host: iii.iii.iii.iii:80 User-Agent: MPlayer/1.0rc2-4.2.1 Icy-MetaData: 1 Connection: close Authorization: Basic xxxxxxxxxxxxxxxxxx Fri Nov 28 18:43:07 2008 Bytes received: 434176 Fri Nov 28 18:44:07 2008 Bytes received: 1900544 </code></pre> The proxy accepts exactly one connection, so even if you run it on a public machine without firewalling it, as long as you connect first no one else will be able to use your stream. Get it <a href="/utils/pls-proxy.pl">here</a> and use it if you like. http://borderworlds.dk/blog/20081128-00.html Fri, 28 Nov 2008 18:52:00 CET Getting true fullscreen in Firefox 3 Firefox 3 has improved fullscreen mode to the point where it is almost fullscreen. All that remains is the toolbar and tabbar at the top being hidden away and ready to appear when you move your mouse to the top of the screen. Unfortunately this takes up 5 pixels of the screen height and I was looking for a way to get rid of that too to really use the entire screen. It took a while to guess the right search term to find what I needed but I finally did. The <a href="https://addons.mozilla.org/en-US/firefox/addon/1568">Full Fullscreen</a> add-on enables the desired behaviour. All you have to do is enable the "Prevent navbar auto-popup" option in its preferences dialog. http://borderworlds.dk/blog/20081004-00.html Sat, 04 Oct 2008 23:42:30 CEST Restoring the display on Dell Latitude D610 I have a Dell Latitude D610 at work. I don't use its own display very often but when I happen to do it is a bit annoying that the display does not turn on after the lid has been closed. When I tried to search for a solution I found a number of fixes for Linux but none for FreeBSD. The fix on FreeBSD isn't that complicated. The display can be turned on again using DPMS. This requires a running X session to work. Insert the following lines into <code>/etc/devd.conf</code>: <code> notify 0 {         match "system"                  "ACPI";         match "subsystem"               "Lid";         match "notify"                  "0x01";         action "/root/bin/restore_display"; }; </code> Then create a file called <code>/root/bin/restore_display</code> containing the following: <code> #!/bin/sh /usr/bin/logger Lid opened, restoring display export HOME=/home/cfl export DISPLAY=:0 /usr/local/bin/xset dpms force on </code> Of course you need to change the home directory to that of the user logged into X. http://borderworlds.dk/blog/20071027-00.html Sat, 27 Oct 2007 16:23:00 CEST Xinerama on Dell Latitude D610 I have a Dell Latitude D610 to do my work related stuff on. At work I have two 20" LCD monitors, both with a resolution of 1600x1200 pixels. It took quite a bit of experimenting to get Xinerama running, so I decided to share my X.org configuration. <a href="20070328-00_xorg.conf">Here it is</a>. The laptop has a VGA connector and a DVI connector. The "NoDDC" option is neccesary to get the monitor on VGA to accept 1600x1200. Without it only 1280x1024 is possible and that looks quite ugly. http://borderworlds.dk/blog/20070328-00.html Wed, 28 Mar 2007 17:40:00 CEST QEMU Clipboard synchronization A week ago I wrote that I hadn't been able to find any network clipboard applications that worked well in order to allow me to share the clipboard between the host and the QEMU guest OS. Yesterday I got a bright idea about how this can be done in a simple way with widely used and maintained tools. <a href="http://x2x.dottedmag.net/">x2x</a> allows the keyboard, mouse on one X display to be used to control another X display. It also shares X clipboards between the displays. A similar program called <a href="http://fredrik.hubbe.net/x2vnc.html">x2vnc</a> allows a host running X to control a host running a VNC server. The primary function of these two programs (controlling the other display) is not interesting in this context. However, the clipboard sharing of both of them works very well. <h2>Guests running X</h2> Before it is possible to let x2x connect to the X server on the guest, you need to forward a port with the <code>-redir</code> option to QEMU. Personally I use "<code>-redir tcp:6042::6000</code>" which will make QEMU listen on port 6042 and forward it to port 6000 in the guest. X on the guest needs to be started with the <code>-listen_tcp</code> option in order to allow connections from the network. Furthermore you need to run "<code>xhost +10.0.2.2</code>" to allow the host to connect to it. When all this is taken care of it is just a question of running "<code>x2x -to :42</code>" on the host. <h2>Guests running something else</h2> When running a guest OS using something else than X (e.g. Windows), install a VNC server inside the guest OS and run QEMU with "<code>-redir tcp:5900::5900</code>". You can then run "<code>x2vnc 127.0.0.1:0</code>" on the host. http://borderworlds.dk/blog/20070224-00.html Sat, 24 Feb 2007 21:00:00 CET Getting the QEMU USB tablet working with Linux as guest OS I found out that it wasn't actually that hard to get the emulated USB tablet working inside my SuSE Linux guest. I googled a bit and found what I needed to build this InputDevice section for my xorg.conf: <code> Section "InputDevice"   Driver "evtouch"   Identifier "Tablet"   Option "Device" "/dev/input/event3"   Option "MinX" "0"   Option "MinY" "0"   Option "MaxX" "32767"   Option "MaxY" "32767" EndSection </code> I haven't been able to get it going for my FreeBSD guest yet. It looks like it wants xorg-server.h which will not be present before X.Org is updated in ports to version 7.x. http://borderworlds.dk/blog/20070218-00.html Sun, 18 Feb 2007 16:35:00 CET Integrating QEMU a bit with your desktop Presently you have to run QEMU with a slightly lower resolution than your real desktop or run it in full-screen mode to get a decent experience out of it. With a patch I have written and a few tricks it can work a bit better. <h2>Getting QEMU to occupy the entire screen</h2> This is a bit tricky. I have made a patch (<a href="/patches/qemu-noframe.patch">qemu-noframe.patch</a>) that adds a <code>-no-frame</code> option to QEMU. Apply this patch, rebuild QEMU and add <code>-no-frame</code> to your command line. (This patch has now been committed to QEMU CVS) When you start QEMU with the <code>-no-frame</code> option, it will open in a window without borders and window decorations. Your window manager might have a way to let you position such a window (alt + left mouse button often does this). Then you just have to place the window in the top left corner of the screen and configure the guest OS to the resolution of your screen. If you don't want to move the window manually every time you start QEMU, you can set the <code>SDL_VIDEO_WINDOW_POS</code> environment variable before starting QEMU. In a bourne shell it would look like this: <code>export SDL_VIDEO_WINDOW_POS=0,0</code> <h2>Eliminating the need for mouse grabbing</h2> When running Windows as the guest OS you can instruct QEMU to emulate a USB tablet instead of the normal PS/2 mouse. This way QEMU can use absolute coordinates to tell Windows where the pointer currently is, eliminating the need for QEMU to grab the mouse. I haven't had success with the tablet when using Linux or FreeBSD as guest OS but Google indicates that the <code>evtouch</code> driver might work for this purpose. The USB tablet is enabled by adding "<code>-usb -usbdevice tablet</code>" to the QEMU command line. <h2>Guest OS tweaking</h2> This part depends on your actual desktop configuration. Personally I have a single Xfce panel at the bottom of the screen, so I have moved the windows taskbar to the top. If anyone can tell me how I can make an invisible bar or something like it at the bottom of the windows desktop that will prevent windows from being maximized under my Xfce panel, it would be very nice as I haven't found a way to do that yet. A screenshot showing this problem is <a href="20070217-00_qemu.png">here</a>. <h2>Clipboard synchronization</h2> To conveniently allow copy and paste between the host and the guest, the easiest way is to just use one of the network based clipboard sharing programs. I haven't found one that works well for me. The closest thing is <a href="http://wolfpackally.wo.funpic.de/qemu/qgt/">QEMU Guest Tools</a>. It looks unmaintained but I managed to build it on my FreeBSD host and use the prebuilt windows binary on my Windows guest. When connecting from inside the guest you can use the IP address 10.0.2.2 to connect to the host. http://borderworlds.dk/blog/20070217-00.html Sat, 17 Feb 2007 16:20:00 CET New job In the middle of November 2006 I contacted a recruitment agency about a job that looked interesting. Last week, 7 weeks later I got the job. Compared to my experience with <a href="20061005-00.html">the Google hiring process</a> this was much more pleasant. The process was delayed a few times, partly due to my new boss being extremely busy and partly due to the christmas holidays. From the 1st of March I will be working as a developer for <a href="http://www.stofa.dk/">Telia Stofa</a> located in Horsens, Denmark. They are doing a lot of interesting stuff and I look forward to working there a great deal. I have been very happy working for <a href="http://www.pil.dk/">pil.dk</a> for the past 6 years and 9 months and I'm sure that I'll miss it. http://borderworlds.dk/blog/20070111-00.html Thu, 11 Jan 2007 08:30:00 CET Trimming the FreeBSD base system The FreeBSD base system contains everything neccesary for a minimal functional operating system. However it contains a little more than that and since some of the developers started talking about importing OpenLDAP into base I have been thinking about a way to avoid installing that on my machines. I update my machines using the traditional method of <code>make buildworld</code> and <code>make installworld</code>. The build system lets me specify NO_* variables in <code>/etc/make.conf</code> to exclude certain parts of the system from being built and installed. But if I add those variables after having done a standard install of the system those parts will not be removed from my system, just not updated. So I end up with a number of stale files that can possibly cause unpredictable behaviour. To solve this problem I have written a script that builds a standard full world as well as a world using the variables from <code>/etc/make.conf</code>. It then compares the list of files installed from both of them and presents a list of files not present in the custom world. The file list is opened in the <code>vi</code> editor and can be changed if desired. After closing the editor you need to confirm the deletion of the files before they are deleted. The script takes one argument which is a path to a working directory. The directory needs to be on a filesystem with 1 to 1.5GB of free space. The script can be downloaded from <a href="/utils/freebsd-cleanup.pl">here</a>. Enjoy. http://borderworlds.dk/blog/20061021-00.html Sat, 21 Oct 2006 18:50:00 CEST The Google Hiring Process Three months ago I received an email from a Google recruiter containing two job descriptions. She asked me whether they looked interesting to me. I answered that they did and entered the Google hiring process. The first part of it went well but the last month or so has been an experience I wouldn't recommend to anyone. <h2>Timeline</h2> <table border="1"> <tr> <td> 2006-07-05 </td> <td> I received the email mentioned above from the recruiter. We exchanged a few mails in one of which I sent a link to my online CV and a phone interview was set up. </td> </tr> <tr> <td> 2006-07-07 </td> <td> The recruiter called me for the phone interview. We talked mostly about my background and she asked me a few technical questions. I was also asked to rate my skills on a number of technologies. </td> </tr> <tr> <td> 2006-07-18 </td> <td> My first technical interview. Various questions and a troubleshooting scenario. </td> </tr> <tr> <td> 2006-07-25 </td> <td> My second technical interview. </td> </tr> <tr> <td> 2006-08-02 </td> <td> Every time I was called for an interview I was told that I would get some feedback within a week. I hadn't received feedback from the second technical interview so I sent an email asking for it. </td> </tr> <tr> <td> 2006-08-03 </td> <td> I received an email with an invitation to the European headquarters of Google in Dublin. </td> </tr> <tr> <td> 2006-08-18 </td> <td> I visited Google in Dublin and went through four interviews there. They were much like the phone interviews except that I got to write some code on the white board. </td> </tr> <tr> <td> 2006-08-23 </td> <td> I received an email telling me that all my feedback so far had been positive and they would like one final phone interview with a technical manager. </td> </tr> <tr> <td> 2006-08-30 </td> <td> The final interview. The technical manager didn't call me. I sent a mail requesting a new time for the interview. </td> </tr> <tr> <td> 2006-09-06 </td> <td> The final interview, take two. Once again the technical manager didn't call me. I sent a mail expressing frustration and unhappiness about the situation. </td> </tr> <tr> <td> 2006-09-13 </td> <td> I was called by the recruiter in Dublin who apologized and promised that she would make sure that the technical manager called me the next time. </td> </tr> <tr> <td> 2006-09-14 </td> <td> The final interview, take three. This time the technical manager called me. </td> </tr> <tr> <td> 2006-09-19 </td> <td> I received an email with one last request for a phone interview with a senior technical manager based in California. </td> </tr> <tr> <td> 2006-09-21 </td> <td> The second final interview with the senior technical manager. </td> </tr> <tr> <td> 2006-09-26 </td> <td> I received an email from a recruiter based in California. I was apparently scheduled for a final interview without being asked about possible dates first. I replied that this was the third time I had been scheduled for a "final" interview and requested an explanation before proceeding further. </td> </tr> <tr> <td> 2006-09-29 </td> <td> The lead recruiter called me and apologized about the situation and promised me that he would make sure that I got a quick answer after the third final interview. He didn't offer me an explanation of the situation. </td> </tr> <tr> <td> 2006-10-02 </td> <td> The third final interview with the same senior technical manager as the second final interview. </td> </tr> <tr> <td> 2006-10-05 </td> <td> I received an email telling me that I was not a strong match for the position. </td> </tr> </table> <h2>Conclusion</h2> I obviously didn't get the job. Otherwise I would probably not be writing this. From what I have heard my experience is not typical. However from my perspective it doesn't make Google look like a professional organization. My two main complaints are: <ul> <li>Promising an interview to be the final one when it isn't. Twice.</li> <li>Not calling at the scheduled time. Twice.</li> </ul> I would expect a company like Google to have this sort of stuff worked out a long time ago. I realize that mistakes happen and human beings make mistakes. Did they all happen to me and not to others? http://borderworlds.dk/blog/20061005-00.html Thu, 05 Oct 2006 20:00:00 CEST Migration from ipfw to pf For too long I have had plans to take a look af <code>pf(4)</code> to figure out whether I liked it or not. Today I managed to build a working <code>pf</code> ruleset that was not only better than the old <code>ipfw</code> ruleset but much shorter as well. <h2>Kernel support</h2> Since I have always been building <code>ipfw</code> into my kernels I decided to remove that and add <code>pf</code> instead. That way the motivation for getting pf to work well would be greater too. Adding <code>pf</code> to the kernel is simple enough: <code>device pf</code> <h2>The ruleset</h2> Since the ruleset is for my laptop I need all ports to be closed and just allow connections initiated on the host itself. I didn't find an example that did this but it proved easy enough to build it myself. Here it is: set block-policy return set skip on lo0 block in all pass out proto { tcp, udp } all keep state pass in proto {icmp,icmp6} all pass out proto {icmp,icmp6} all <h2>Traffic shaping and NAT</h2> The next machine to be migrated away from <code>ipfw</code> will probably be my workstation. To do that I need to figure out how to make <code>ALTQ</code> do the same as <code>ipfw</code> pipes. The last machine will probably be my gateway which does NAT. There are lots of examples on that so I expect it to be easy enough. http://borderworlds.dk/blog/20060713-00.html Thu, 13 Jul 2006 19:10:00 CEST dominion.borderworlds.dk - My second soekris After several months I finally got around to the <a href="http://www.soekris.com/">soekris</a> I bought back in February. It is now taking care of all my mail reading needs and seems to run stable and reliable. The operating system is of course <a href="http://www.FreeBSD.org/">FreeBSD</a> like most of my other machines. However this one is different. All the software that runs on it is built on my workstation by a script that generates two images. The first image contains the root filesystem and the second one contains <code>/usr/local</code> and <code>/usr/X11R6</code>. The reason for this split is that the soekris only has 64MB of onboard flash. When the system is up and running the <code>df -h</code> output looks like this: <code> Filesystem       Size    Used   Avail Capacity  Mounted on /dev/ad0s1a       59M     48M    6.6M    88%    / devfs            1.0K    1.0K      0B   100%    /dev /dev/ggate0      1.9G    826M    994M    45%    /home /dev/ggate1p1    185M    158M     12M    93%    /usr/local /dev/ggate1p2     63M     59M   -1.7M   103%    /usr/X11R6 /dev/md0          31M    660K     28M     2%    /var /dev/md1          19M     12K     18M     0%    /tmp </code> As you can see I use ggate for accessing the image that contains <code>/usr/local</code> and <code>/usr/X11R6</code> as well as the file that contains <code>/home</code>. Both are stored on my other soekris that has a harddisk. The image building is done by a 400 line perl script that uses a configuration file to determine how the images should be built. The <a href="20060604-00_build.cfg"><code>build.cfg</code> for <code>dominion.borderworlds.dk</code> is here</a>. Most of it doesn't need much explaining. If you know a little about the FreeBSD build process you will recognize the buildflags as options you normally set in <code>/etc/make.conf</code>. Portsflags does the same thing - just for the ports instead of the base system. The imageloader flag indicates whether the special component called imageloader should be included in the image. The imageloader is a small <code>mfsroot</code> image that can be booted as the root file system and then be used to load a new image onto the flash. If enabled the forth code in <code>/boot</code> is modified to include a custom command "update" that loads this <code>mfsroot</code> image and boots with it as the root filesystem. I might release the build script at some point but right now some parts of it are just too ugly and too many things are har coded. It will probably become better when I build a few more systems with it and force myself to make things more generic. Finally a picture of my infrastructure closet: <img src="20060604-00_soekris.jpg" alt="The infrastructure closet" /> http://borderworlds.dk/blog/20060604-00.html Sun, 04 Jun 2006 16:15:00 CEST The blog is online Who would have believed it? I now have a blog. My plans for it is somewhat vague at the moment, but I'm pretty sure that I will find something to write about shortly. The soekris I bought three months ago is almost ready to take its place in my small "server farm" and the build system I created to build the images powering it deserves a short story. I have plans to extend and use the same build system for making my HTPC diskless. The blog itself is powered by the superior 238 line perl script that takes care of generating the rest of <a href="http://borderworlds.dk/">borderworlds.dk</a>. Using one of the existing blog packages out there would increase the attack surface and probably be slower too than having it statically generated. Furthermore it allows me to write my stuff in emacs as usual which is nice. http://borderworlds.dk/blog/20060527-00.html Sun, 28 May 2006 00:04:00 CEST