Ethernet bridging in BSD kernels (by alaric)

Oooh, while researching Proxy ARP for a transparent firewalls, I found out that the BSDs these days can do Ethernet bridging in-kernel. man brconfig, if you want more details.

Here's a handy writeup on using it to configure OpenBSD as a filtering bridge:

http://www.openlysecure.org/openbsd/how-to/invisible_firewall.html

You can use it to bridge across any number of interfaces, in effect creating an Ethernet switch. But don't try to do this with too many ports - x86 architectures don't tend to have the IO backplane bandwidth of dedicated switch hardware!

According to the man pages, NetBSD 1.6.1 doesn't actually let you use packet filtering, but OpenBSD does. OpenBSD is a good choice for a firewall anyway, since security folks like it and have tended to pump it full of useful packet filtering options.

So does anyone know a nice supplier of small computers that can run OpenBSD and have two or more Ethernet interfaces, a cool enough CPU to not need a fan, and a flash disk that can be made readonly in hardware? A packet filter is, by definition, a single point of failure in a system, so I'd like it to be a maintenance-free device. Particularly since, lacking an actual IP address, it can't easily be contacted to check its status all that often...

Salad Fingers 5 is out! (by alaric)

Salad Fingers is a very disturbing and strange Flash cartoon.

If you've already seen episodes 1-4 then you can watch episode 5 - otherwise, view them all!

Nice hardware supplier (by alaric)

Everyone has their own favourite supplier of rack mount kit, but these folks have stood me well over the past few years, so I thought I'd reward them with a plug:

Fairchild Industrial Computers and Internet Servers

You see, as both a computer nerd and a machinery nerd, one place that sells ruggedised industrial PCs (both embedded and touch-panel) as well as rack mounting machines is a bit of a boon.

And it so happens that, coming from an industrial computing background, their rack mount kit is rather solidly built. The cases have enough fans in that they make a noise not unlike a jet fighter taking off, but in a data centre, having a louder rack than everyone else is a positive status symbol. And it means they keep those CPUs and HDDs cool, with cooling capacity to spare if a fan or two fail, which is quite important when you're putting 1U machines in on top of each other - there's a lot of heat generation per unit volume.

Read more »

Collecting postnominals (by alaric)

I've been collecting letters after my name. I reckon this is a noble goal; I hope that one day software development will be regulated by strict codes of conduct, like other skilled professions upon which lives and careers rest. Also, I think it's important that the IT profession have a voice of its own in politics, as opposed to the sometimes all too loud voice of IT companies.

Anyway. It all began when my degree earned me associateship of the City and Guilds of London institute.

However, all this seems to entitle me to is the postnominals "ACGI" - unlike the professional bodies I joined later, it doesn't seem to have any other benefits. Then again, they're not asking for an annual membership fee, and compared to the others it's a truly ancient institution, being based around engineering in general rather than software or electrical engineering.

Noticing that having "ACGI" after my name clearly made me highly attractive to the opposite sex, I decided I'd see if I could join any others.

After a few year's of work experience, in which I tackled some pretty interesting projects, I became a full member of the Institution of Analysists and Programmers, thus adding "MIAP" to the mix. I like the IAP; they're very helpful and friendly. They encourate networking, putting members in touch with each other, publishing a directory of members who are available to do freelance work, that sort of thing.

The next step has been joining the British Computer Society, thus adding "MBCS", too. These folks seem a lot more widely recognised than the IAP, and are involved in things like helping the ISO set IT standards. I'm hoping to get involved on their forums; I think the world will be a better place with more teamwork in the computer industry. However, they're a bit less personal than the IAP, and they cover a broader field, so I'm glad to have both.

The next step with the BCS will be to apply for Chartered IT Professional status - the IT world's equivelant of being a chartered engineer. This will involve some probing interviews and background checks, so I will leave it until I'm a little less stressed.

I wonder what to join next after sorting that out... IEE, IEEE (famed for their standardisation work), or ACM (famed for their meetings and SIGs)?

Pod Belt (by alaric)

Well, I've had a busy month, with nothing interesting enough to blog about for a while...

However, today a nice parcel arrived: my Pod Belt.

Read more »