Rantings by Nick Buraglio

I got interviewed for the WCIA channel 3 news for a cell phone tracking/hacking follow up story. They cut out a lot of the interview for other content, but I still had a few comments.

Finally, finally, finally. The iPhone 3.0 OS that was announced this week is finally adding features that the original iPhone should have had. Features that some of which, other than a software addition, were always possible, not new, but nonetheless unavailable.
The features include:
Exchange 2007 remote search support
MMS
Copy/Paste
Read and compose email and text messages in landscape
…among many others.

Some screenshots, linked via BGR:

We’ve finally stepped out to 2004 with the addition of MMS. MMS is a luxury, I agree, but i used to use the heck out of it and the fact that it wasn’t available on such an elegant device such as the iPhone was, frankly, stupid. The argument that we should “email photos” holds no water since (being very generous) only 20% of people have smartphones that can get email.
Copy/Paste is also not new, but was something that I could understand not being in the first rev of the iPhone. The touchscreen implementation was completely new and I’m sure it was hard to get that aspect just right. A little late, but Kudos, apple.
Exchange 2007 remote search support….ehh, I don’t really care that much but I may care more if I have to switch to exchange for work email. Lets just hope we can have more than one ActiveSync account since now google offers a push calendar solution that I’m pretty much fully invested in.

Official apple page on the subject.

This looks pretty slick. I can’t wait.

Once again the pfSense team has given the open source and commercial community another great release of their marvelous firewall software. CHECK IT OUT, DONATE, or HELP OUT!

I have a few cron jobs that run on my home mac machines and I like to get the notifications generated from the MAILTO parameter. Well, a while ago (I believe after the comcast acquisition of insightbb), this stopped working. I did a little debugging and it is my belief that port 25 is being blocked outbound from the comcast network. Many people speculatethis, and as a network engineer I think it is actually a good idea. First, port 25 isn’t *really* the port that you should be using for host to mail relay. I was always taught that the submission port was best practice per RFC 2476 . In practice, many folks don’t use this port simply because since as far back as I can remember documentation has always pointed end users at port 25.
So, long story short, something I wanted to do for a long time was to set up a special account under my google apps that can be used to relay and record this data, as well as be used for things like an email wild card for my domain.
I was about to embark on hacking up the postfix installs then I came across this macosxhints article.
It’s a very handy walk through of doing exactly what I wanted to do, relay mail on port 587, over ssl through my ISP to an externally hosted email account.
Very handy.

These guys are rocking right along with the Layer 7 QoS stuff for pfSense.

I can’t wait to get some time to test it.

I’ve been revisiting IPv6 a lot again lately, and one thing I wanted to do was to get my home network back running IPv6 again after having it off for a while. IPv6 isn’t that hard to understand, configure, route or use, it’s just different and I need to know it well for my job so this is a good excuse to play around and re-read some of the books I bought years ago on the subject.
Since my lovely provider, Comcast, has no plan to deploy v6 yet I turned to one of the several IPv6 Tunnel Brokers. I had used the Hurricane Electric Tunnel Broker service a lot when first pawing at v6 years ago, and my tunnel info was still there.
OK, Tunnel up. Reverse DNS delegated and working. Router Advertisements flying all over the network and modified EUI-64 addresses all looking good.

# ifconfig
lo0: flags=8049 mtu 33208
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0×5
vic0: flags=8843 mtu 1500
lladdr 00:0c:29:38:49:eb
groups: egress
media: Ethernet autoselect
status: active
inet6 fe80::20c:29ff:fe38:49eb%vic0 prefixlen 64 scopeid 0×1
inet6 2001:470:1f07:447:20c:29ff:fe38:49eb prefixlen 64 pltime 604786 vltime 2591986
inet 192.168.209.11 netmask 0xffffffc0 broadcast 192.168.209.63


inet6 2001:470:1f07:447:20c:29ff:fe38:49eb prefixlen 64 pltime 604786 vltime 2591986 being the important string in there.

…..Flash back like 12 months. In an effort to be a little more conscious of money as well as environment, and out of good old fashioned cheapness, I took down my nice rack of servers, powered them all off, saved up my pennies and got a really nice 24″ iMac, packed to the hilt with RAM and disk with the idea of using one of my copies of vmware fusion to run my FreeBSD, OpenBSD and pfSense stuff on.

OK, time for the fun…..geting some v6 stuff to work through my network, over wireless, using vmware fusion with the gust OS in bridge mode….uuuumm, nope.
Hmmmm, why could this be? It’s just a network interface, right? Wrong. After troubleshooting this for a while and seeing nothing in packet dumps from anything outside of the box I decided to hit up my the smartest place I know to look, Google (yes, I used http://ipv6.google.com).
Low and behold, I found this post.

Apparently wireless interfaces are a problem, and as so tersely stated more than once in that thread “VMware policy is to not comment on unannounced products, features, or timelines”.
Crud. Well, I’m running vmware fusion 1.1.4 still….maybe I’ll see if it’s supported in 2.0, but not tonight. That would make life too easy so I’m not counting on it.

A lot of folks have asked me about the Blackberry Storm. Well, it looks like an impressive device, and if I still had Verizon Wireless and didn’t already have an iphone 3g, I’d very likely have one of these.
Rumors were flying about initial firmware issues, sluggish behavior and general buggyness, but it appears that they’ve been working on the problems and have fixes either on the way or already here. Howard over at Howard Forums did a decent review, check it out here:

The only caveat I can think of is that there has always been poor mac support for Blackberries, so if you’re a Mac user like me, you may want to check the options.

I’m not really sure how I missed this, probably because it’s some students doing the work, but nevertheless, it’s very exciting.
This is something that has been unavailable for the most part under *BSD, but available for quite some time under Linux. I personally don’t like iptables and find it much less elegant than pf, both in implementation and practice so seeing this work is very encouraging and I can’t wait to test it out.
Adding this into pfSense is a very exciting thing!

Add this blog to your RSS reader to keep track!

BGP, QoS, L7, pf, CARP (and OSPF if I can get off my butt and finish the GUI), pfSense is going to take over the world!

That iPhone Dev team has decided to port the linux kernel and BusyBoxto the iPhone and write a completely new boot loader to support dual booting.

iPhone Linux Demonstration Video from planetbeing on Vimeo.

I’m not sure that it really means anything for everyday users of the iPhone at this point, but it’s certainly interesting for geeks, hobbyists, code hackers and possibly developers.
If I had a spare iPhone I might give it a whirl just to see it work, but since I don’t I’ll just be satisfied with the announcement.
Any way you look at it’s pretty nifty.

Always being on the lookout for good, well put together information, I came across this network oriented technical blog, and it was a pretty helpful find, containing many of the ACLs and details for HSRP, BGP, OSPF, VRRP, GLBP. I posted a comment containing VRRP-E information.
Anyone that has to deal with these protocols will likely find this a decent reference, and since they’re all things that network engineers use all the time, it’s nice to have them all in one place.
I would suggest adding his RSS Feed to whatever your favorite RSS reader is. There is a lot of good information there and (unlike myself) the author seems pretty diligent about keeping it updated with useful information.