Friday, April 29, 2005

Ditch Task Manager - Process Explorer to the rescue

Sysinternals has been a great resource for Windows tools and utilities that I've been using for a number of years.

Lately Mark Russinovich has been blogging about the many cool and useful things you can do with Process Explorer.

I've been using Process Explorer in lieu of Task Manager for a while now, and there's really no comparison. Give it a shot, and like me, you probably won't turn back to Task Manager.

The feature I use the most is searching handles. My most common use of this has been to resolve the dreaded "this file is in use" message when a process holds a file or directory open and it's not clear which process it is. Mark has described this process and several others on his blog, so I won't attempt to explain anything since he does a far better job than I could.

Sunday, April 24, 2005

Maintaining Exchange SMTP Addresses with Recipient Policies

Most of the time when I'm setting up a network, or upgrading a server, the Exchange email addresses differ from the Windows user name. Like the usernames might be FirstnameLastinitial, while the email addresses are You can use recipient policies in Exchange to automatically maintain the correct email addresses for all your users.

You can add a new recipient policy, or edit the default. For example, to use, you can edit your default recipient policy to change the default "" to "" (the first letter of the given name, and the entire surname).

How to Modify an SMTP E-Mail Address by Using Recipient Policies - Microsoft KB article

Sunday, April 17, 2005

FreeBSD NDISulator

FreeBSD 5 has introduced a NDIS emulator that allows you to use Windows binary drivers on FreeBSD, the so-called NDISulator, or "Project Evil". The main use for this is for wireless network cards because many vendors do not release source code or schematics for their drivers to the open source community. See section on this page of the FreeBSD Handbook for documentation on using the NDISulator.

I have a Linksys WPC11 v4 PCMCIA wireless card. Versions 1-3 were supported by the wi driver in FreeBSD, but v4 is a Realtek 8180 chipset that isn't yet supported. (I won't get started on my soap box about how vendors should never change chipsets without changing model numbers) I do have a few supported wireless cards, but figured I'd give the NDISulator a shot with it. This is actually the card I regularly use in my FreeBSD laptop now.

  1. Download the Windows XP 8180 drivers from Realtek here.
  2. Unzip the downloaded file to:
  3. Run the following commands:
    # cd /usr/src/sys/modules/if_ndis

    # ndiscvt -i NET8180.INF -s rtl8180.sys -o ndis_driver_data.h

    # make && make install
  4. The driver is now ready. To load it, run the following commands:
    # kldload ndis
    # kldload if_ndis
  5. Now check your dmesg output.  If all went well, you'll see something like the following: 
    ndis0: port 0x1000-0x10ff mem 0x88000000-0x880001ff irq 11 at device 0.0 on cardbus1

    ndis0: NDIS API version: 5.1

    ndis0: Ethernet address: 00:0c:41:a7:98:45

    ndis0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
If all went well, you can now ifconfig the interface as desired (see the Handbook) and you're ready to go.

I initially had some serious performance issues. Throughput was inconsistent, and didn't exceed 200-300 Kbps. This was with a driver I found recommended on a FreeBSD list post or website I found on Google (don't recall where). After downloading the latest driver from Realtek, I'm getting good throughput. iperf consistently gets around 5 Mbps across the wireless connection, about as good as you're going to get on a 802.11b card.

Overall I am very impressed with the FreeBSD NDISulator. I wasn't expecting it to be as seamless, easy to get working, and well-performing as it is. Great work to Bill Paul and the FreeBSD team.

Sunday, April 10, 2005

Setting up a DocBook build environment on FreeBSD

Along the same lines as my previous post on setting up OS X to build DocBook sources, here is how to set up FreeBSD to do the same.

Just need two ports, textproc/libxslt and textproc/docbook-xsl.
cd /usr/ports/textproc/libxslt/ && make install clean
cd /usr/ports/textproc/docbook-xsl/ && make install \ clean
Then you can use a script similar to mine to do the build.

Setting up a DocBook build environment on OS X

In my work with m0n0wall and pfSense, I work with DocBook XML sources frequently. I currently run my builds on a Pentium 4 1.6 GHz FreeBSD 5.3 box, but figured it would be easy to set up on OS X and should run quite a bit faster on my Mac. I was correct on one of those two.

Prerequisite Components
You need to install three things from Darwin ports before doing a build.
port install docbook-xml
port install docbook-xsl
port install libxslt
Then you just need a script to build the sources. The script I use is available here.

Speed Comparison
I posted earlier that StatCVS is dramatically faster on my 1.42 GHz G4 as compared to a FreeBSD 5.3 Pentium 4 1.6 GHz system. I was shocked to see that xsltproc is actually a decent amount slower on my Mac than it is on my P4 1.6 when building the m0n0wall Users Guide. FreeBSD takes 39 seconds, the Mac takes 58 seconds. These results are repeatable, +/- 3 seconds on each. It's CPU-bound, with xsltproc taking up 100% CPU while running on both.

If anyone knows why this is the case, or how to improve the performance on the Mac, please email me.

Saturday, April 09, 2005

ext CVS on OS X through SSH

By default, OS X tries to use RSH for ext CVS access, unlike other *nix-based systems I've used. If you're seeing "Connection refused" when trying to use ext CVS, this is probably why. tcpdump showed it was trying to connect to TCP 514 on the CVS server, which wasn't listening since it's running through SSH.

To fix this, edit .profile in your home directory (create it if it doesn't exist) and put in the following:
export CVS_RSH="ssh"

Save and exit, then log off and back on (or close your terminal window and open a new one) and things will work as you expect them to.

Thanks to Scott Ullrich for a clue to figure this one out.

Friday, April 08, 2005

StatCVS on Mac OS X

StatCVS is a slick CVS statistics generation utility. Previously I ran this from cron on a FreeBSD system on my LAN that then uploaded the results to my web site. I figured I would give it a shot on my Mac since it should run nicely on it.

StatCVS output on my web site

Setup was truly painless. Java was already installed, so I just had to download the single jar file from the StatCVS site and unzip it into the directory I created for this purpose. I changed the paths in the shell scripts I used on FreeBSD to match the paths on OS X, added them to my crontab (same process as in FreeBSD), and it's running great.

Blows away my Pentium 4 1.6 GHz FreeBSD box that was running it. It took from 45 seconds to upwards of a minute depending on the size of the repository. My 1.42 GHz G4 takes 10-15 seconds tops. Of course you can't compare clock speed between the two, and a P4 1.6 is a *much* cheaper system than the Mac mini, but I was impressed regardless because I wasn't expecting that much of a performance increase.

Example of the scripts I use to generate StatCVS:
# update from CVS
cd /Users/cmb/statcvs/cvsroot/m0n0wall && /usr/bin/cvs -d \ co doc
# generate CVS logs
cd /Users/cmb/statcvs/cvsroot/m0n0wall/doc && /usr/bin/cvs log > cvs-log
# generate StatCVS output
cd /Users/cmb/statcvs/output/m0n0wall && java -jar \ /Users/cmb/statcvs/statcvs.jar \ /Users/cmb/statcvs/cvsroot/m0n0wall/doc/cvs-log \ /Users/cmb/statcvs/cvsroot/m0n0wall/doc/
# upload to web site
scp -r /Users/cmb/statcvs/output/m0n0wall/ \ user@server:/usr/local/www/statcvs/m0n0wall/
I use SSH DSA keys so passwords don't need to be entered (otherwise it wouldn't run from cron).

Thursday, April 07, 2005

Mac mini

I got the 1.42 GHz model with a 80 GB hard drive, and 512 MB RAM. Also added the AirPort wireless card. Got the Apple keyboard and mouse as well. Everything else is stock. Total cost before tax and shipping, $810 USD.

To address the multiple "so *you're* the idiot that buys Apple's overpriced upgrades!" comments I've already gotten to date, I compared RAM prices for the upgrade from Apple and buying the RAM elsewhere. The upgrade was $70 something. The best I could find elsewhere at the time was no more than $10 USD less including shipping. For $10, I'll get my computer ready to go out of the box, thank you very much. :)

512 MB is definitely a requirement if you want to do much with the machine without slowing it to a crawl with paging to disk. (which I assumed from what I've read, and found it to be true) I've typically been running at about 300 MB RAM in use, with 5-7 applications open on average.

I ordered it on February 26, and received it on March 19. That was three days before the original estimated ship date, but three weeks is still quite a while for a system. It shipped from China, but still got here in two business days.

It's a very slick little system. I'm very pleased with it thus far.

Monday, April 04, 2005

Desktop choices/OS X

One of the main things that helped finally convinced me to put up a blog is my new Mac mini. I've toyed with OS X in the past and was impressed with the GUI at least, and the BSD underneath piqued my interests further. Seemed like a good choice for a BSD admin for a desktop platform.

My main desktop and laptop are Windows XP Pro. I admin Windows networks and a couple dozen FreeBSD systems. I've tried FreeBSD and Linux as desktops. I even had my wife on Xandros for several months (amongst some other distros I tried). Xandros came closest to being a feasible platform, but still didn't stack up for neither my wife nor myself. Too many things it couldn't do, or were much less efficient.

For Windows administration, the Windows tools are the only reasonable way to go. Yeah I could remote desktop or use Citrix from BSD or Linux, but that's not a practical solution for me. I've tried it, and it makes me less produtive. Even the tools I use to admin and work with my FreeBSD servers are much better on Windows than they are on BSD/Linux! WinSCP, WinCVS, PuTTY and related keying tools (yes there's PuTTY on BSD/Linux, but it doesn't even come close), etc. All are much easier to deal with on Windows, IMO.

I have no plans of switching to OS X as my primary desktop for the same reasons. The lack of VMware on Mac is a huge detriment to it, and Virtual PC doesn't compare. I also couldn't afford the type of box I'd need as a primary desktop. My XP desktop is a dual Xeon 2.66 GHz with 2 GB RAM because I use the hell out of VMware. It's not uncommon for me to be running 8-10 simultaneous virtual machines and using 1.6-1.8 GB RAM. With the new teams feature in VMware 5, that's become even more common. I'd end up dropping over $3K USD to get a similar spec'ed Mac.

But with all that said, I am going to post some things on my use of OS X, from the perspective of a BSD user just starting on the Mac. I'm writing this now on my Mac mini. I'm using it as a desktop at my second work station at home, on the desk with the KVM for my wire rack of machines. I typically don't work at the console of these machines, but when I do, it's nice to have a desktop close at hand.

Sunday, April 03, 2005

Getting started

Welcome to my blog! I've thought about starting my own blog for quite a while now, and finally decided to go for it.

Why? That's what I kept asking myself, since there are a million blogs out there and several with similar content as what I'll post. I frequently find myself doing neat things with FreeBSD or other open source tools and would like to document these things. A blog is probably the easiest way to do this. Typically I'm not going to rehash things you'll see in many other places.

What type content will you see here? Well, things that interest me. I'm a Windows and FreeBSD sysadmin, network admin (mostly Cisco), and security admin and auditor. The content here will revolve around those topics for the most part.

Welcome, and look for more content to come.


Chris Buechler